summaryrefslogtreecommitdiffstats
path: root/qemu-options.hx
Commit message (Collapse)AuthorAgeFilesLines
* Merge remote-tracking branch 'remotes/kraxel/tags/usb-20190822-pull-request' ↵Peter Maydell2019-08-221-2/+5
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging usb: bugfixes and minor improvements. # gpg: Signature made Thu 22 Aug 2019 07:52:32 BST # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/usb-20190822-pull-request: ehci: fix queue->dev null ptr dereference usb: reword -usb command-line option and mention xHCI xhci: Add No Op Command usb-redir: merge interrupt packets usbredir: fix buffer-overflow on vmload Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * usb: reword -usb command-line option and mention xHCIStefan Hajnoczi2019-08-211-2/+5
| | | | | | | | | | | | | | | | | | | | | | The -usb section of the man page is not very clear on what exactly -usb does and fails to mention xHCI as a modern alternative (-device nec-usb-xhci). Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-id: 20190815141428.29080-1-stefanha@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* | audio: add audiodev property to vnc and wav_captureKővágó, Zoltán2019-08-211-0/+6
|/ | | | | | Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: 8cbc9e865bbf40850c14340fc0549e6ac2d5fe9c.1566168923.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* vl.c: Add -smp, dies=* command line support and update docLike Xu2019-07-051-8/+9
| | | | | | | | | | | | For PC target, users could configure the number of dies per one package via command line with this patch, such as "-smp dies=2,cores=4". The parsing rules of new cpu-topology model obey the same restrictions/logic as the legacy socket/core/thread model especially on missing values computing. Signed-off-by: Like Xu <like.xu@linux.intel.com> Message-Id: <20190620054525.37188-4-like.xu@linux.intel.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
* Merge remote-tracking branch ↵Peter Maydell2019-07-051-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'remotes/vivier2/tags/trivial-branch-pull-request' into staging Fix typo, change virtio-rng default to urandom # gpg: Signature made Wed 03 Jul 2019 16:24:53 BST # gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C # gpg: issuer "laurent@vivier.eu" # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full] # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * remotes/vivier2/tags/trivial-branch-pull-request: docs/devel/testing: Fix typo in dockerfile path VirtIO-RNG: Update default entropy source to `/dev/urandom` Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * VirtIO-RNG: Update default entropy source to `/dev/urandom`Kashyap Chamarthy2019-07-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When QEMU exposes a VirtIO-RNG device to the guest, that device needs a source of entropy, and that source needs to be "non-blocking", like `/dev/urandom`. However, currently QEMU defaults to the problematic `/dev/random`, which on Linux is "blocking" (as in, it waits until sufficient entropy is available). Why prefer `/dev/urandom` over `/dev/random`? --------------------------------------------- The man pages of urandom(4) and random(4) state: "The /dev/random device is a legacy interface which dates back to a time where the cryptographic primitives used in the implementation of /dev/urandom were not widely trusted. It will return random bytes only within the estimated number of bits of fresh noise in the entropy pool, blocking if necessary. /dev/random is suitable for applications that need high quality randomness, and can afford indeterminate delays." Further, the "Usage" section of the said man pages state: "The /dev/random interface is considered a legacy interface, and /dev/urandom is preferred and sufficient in all use cases, with the exception of applications which require randomness during early boot time; for these applications, getrandom(2) must be used instead, because it will block until the entropy pool is initialized. "If a seed file is saved across reboots as recommended below (all major Linux distributions have done this since 2000 at least), the output is cryptographically secure against attackers without local root access as soon as it is reloaded in the boot sequence, and perfectly adequate for network encryption session keys. Since reads from /dev/random may block, users will usually want to open it in nonblocking mode (or perform a read with timeout), and provide some sort of user notification if the desired entropy is not immediately available." And refer to random(7) for a comparison of `/dev/random` and `/dev/urandom`. What about other OSes? ---------------------- `/dev/urandom` exists and works on OS-X, FreeBSD, DragonFlyBSD, NetBSD and OpenBSD, which cover all the non-Linux platforms we explicitly support, aside from Windows. On Windows `/dev/random` doesn't work either so we don't regress. This is actually another argument in favour of using the newly proposed 'rng-builtin' backend by default, as that will work on Windows. - - - Given the above, change the entropy source for VirtIO-RNG device to `/dev/urandom`. Related discussion in these[1][2] past threads. [1] https://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg08335.html -- "RNG: Any reason QEMU doesn't default to `/dev/urandom`?" [2] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html -- "[RFC] Virtio RNG: Consider changing the default entropy source to /dev/urandom" Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Laurent Vivier <lvivier@redhat.com> Message-Id: <20190529143106.11789-2-lvivier@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
* | COLO-compare: Add new parameter to communicate with remote colo-frameZhang Chen2019-07-021-1/+32
|/ | | | | | | | | We add the "notify_dev=chardevID" parameter. After that colo-compare can connect with remote(currently just for Xen, KVM-COLO didn't need it.) colo-frame through chardev socket, it can notify remote(Xen) colo-frame to handle checkpoint event. Signed-off-by: Zhang Chen <chen.zhang@intel.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
* docs: smbios: remove family=x from type2 entry descriptionIgor Mammedov2019-05-301-1/+1
| | | | | | | | | | | | 'family' option is not part of type 2 table and if user tries to use it as such QEMU will error out with an unknow option error. Drop it from docs lest it confuse users. Fixes: b155eb1d04 ("smbios: document cmdline options for smbios type 2-4, 17 structures") Signed-off-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <1558448611-315074-1-git-send-email-imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* semihosting: enable chardev backed output for consoleAlex Bennée2019-05-281-2/+4
| | | | | | | | | It will be useful for a number of use-cases to be able to re-direct output to a file like we do with serial output. This does the wiring to allow us to treat then semihosting console like just another character output device. Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
* cpus: Initialize pseudo-random seeds for all guest cpusRichard Henderson2019-05-221-0/+10
| | | | | | | | | | | | When the -seed option is given, call qemu_guest_random_seed_main, putting the subsystem into deterministic mode. Pass derived seeds to each cpu created; which is a no-op unless the subsystem is in deterministic mode. Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* virtfs: Fix documentation of -fsdev and -virtfsGreg Kurz2019-05-171-27/+66
| | | | | | | | | | | | | | | | | This fixes several things: - add "id" description to -virtfs documentation - split the description into several lines in both usage and documentation for accurateness and clarity - add documentation and usage of the synth fsdriver - add "throttling.*" description to -fsdev local - add some missing periods - add proper reference to the virtfs-proxy-helper(1) manual page - document that the virtio device may be either virtio-9p-pci, virtio-9p-ccw or virtio-9p-device, depending on the machine type Buglink: https://bugs.launchpad.net/qemu/+bug/1581976 Signed-off-by: Greg Kurz <groug@kaod.org> Acked-by: Thomas Huth <thuth@redhat.com>
* vl: Deprecate -virtfs_synthGreg Kurz2019-05-171-1/+2
| | | | | | | | | The synth fsdriver never got used for anything else but the QTest testcase for VirtIO 9P. And even there, QTest uses -fsdev synth and -device virtio-9p-... directly. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
* qemu-option.hx: Update missed parameter for colo-compareZhang Chen2019-05-141-3/+6
| | | | | | | | | | We missed the iothread related args in this file. This patch is used to fix this issue. Signed-off-by: Zhang Chen <chen.zhang@intel.com> Message-Id: <20190426090730.2691-4-chen.zhang@intel.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
* Add Nios II semihosting support.Sandra Loosemore2019-04-291-4/+4
| | | | | | | | | | | | This patch adds support for libgloss semihosting to Nios II bare-metal emulation. The specification for the protocol can be found in the libgloss sources. Signed-off-by: Sandra Loosemore <sandra@codesourcery.com> Signed-off-by: Julian Brown <julian@codesourcery.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1554321185-2825-3-git-send-email-sandra@codesourcery.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* util/mmap-alloc: support MAP_SYNC in qemu_ram_mmap()Zhang Yi2019-04-251-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a file supporting DAX is used as vNVDIMM backend, mmap it with MAP_SYNC flag in addition which can ensure file system metadata synced in each guest writes to the backend file, without other QEMU actions (e.g., periodic fsync() by QEMU). Current, We have below different possible use cases: 1. pmem=on is set, shared=on is set, MAP_SYNC supported: a: backend is a dax supporting file. - MAP_SYNC will active. b: backend is not a dax supporting file. - mmap will trigger a warning. then MAP_SYNC flag will be ignored 2. The rest of cases: - we will never pass the MAP_SYNC to mmap2 Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com> Signed-off-by: Zhang Yi <yi.z.zhang@linux.intel.com> [ehabkost: Rebased patch to latest code on master] Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Wei Yang <richardw.yang@linux.intel.com> Tested-by: Wei Yang <richardw.yang@linux.intel.com> Message-Id: <20190422004849.26463-2-richardw.yang@linux.intel.com> [ehabkost: squashed documentation patch] Message-Id: <20190422004849.26463-3-richardw.yang@linux.intel.com> [ehabkost: documentation fixup] Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Pankaj Gupta <pagupta@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
* Merge remote-tracking branch 'remotes/kraxel/tags/ui-20190313-pull-request' ↵Peter Maydell2019-03-131-1/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging ui: better unicode support for curses, v2. # gpg: Signature made Wed 13 Mar 2019 07:29:44 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/ui-20190313-pull-request: curses: add option to specify VGA font encoding iconv: detect and make curses depend on it Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * curses: add option to specify VGA font encodingSamuel Thibault2019-03-131-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This uses iconv to convert glyphs from the specified VGA font encoding to unicode, and makes use of cchar_t instead of chtype when using ncursesw, which allows to store all wide char as well as the WACS values. The default charset is made CP437 since that is the charset of the hardware default VGA font. This also makes the curses backend set the LC_CTYPE locale to "" to allow curses to emit wide characters. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Cc: Eddie Kohler <ekohler@gmail.com> Acked-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190311135127.2229-3-samuel.thibault@ens-lyon.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* | Merge remote-tracking branch ↵Peter Maydell2019-03-121-3/+233
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'remotes/kraxel/tags/audio-20190312-pull-request' into staging audio: introduce -audiodev # gpg: Signature made Tue 12 Mar 2019 07:12:19 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/audio-20190312-pull-request: audio: -audiodev command line option: cleanup wavaudio: port to -audiodev config spiceaudio: port to -audiodev config sdlaudio: port to -audiodev config paaudio: port to -audiodev config ossaudio: port to -audiodev config noaudio: port to -audiodev config dsoundaudio: port to -audiodev config coreaudio: port to -audiodev config alsaaudio: port to -audiodev config audio: -audiodev command line option basic implementation audio: -audiodev command line option: documentation audio: use qapi AudioFormat instead of audfmt_e qapi: qapi for audio backends Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # qemu-deprecated.texi
| * audio: -audiodev command line option: documentationKővágó, Zoltán2019-03-111-3/+233
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds documentation of an -audiodev command line option, that deprecates the old QEMU_* environment variables for audio backend configuration. It's syntax is similar to existing options (-netdev, -device, etc): -audiodev driver_name,property=value,... Although now it's possible to specify multiple -audiodev options on command line, multiple audio backends are not supported yet. Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: ca5e761e58dcfaf591cf46080af3548551b42bb2.1552083282.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* | chardev: add support for authorization for TLS clientsDaniel P. Berrange2019-03-111-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently any client which can complete the TLS handshake is able to use a chardev server. The server admin can turn on the 'verify-peer' option for the x509 creds to require the client to provide a x509 certificate. This means the client will have to acquire a certificate from the CA before they are permitted to use the chardev server. This is still a fairly low bar. This adds a 'tls-authz=OBJECT-ID' option to the socket chardev backend which takes the ID of a previously added 'QAuthZ' object instance. This will be used to validate the client's x509 distinguished name. Clients failing the check will not be permitted to use the chardev server. For example to setup authorization that only allows connection from a client whose x509 certificate distinguished name contains 'CN=fred', you would use: $QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\ endpoint=server,verify-peer=yes \ -object authz-simple,id=authz0,identity=CN=laptop.example.com,,\ O=Example Org,,L=London,,ST=London,,C=GB \ -chardev socket,host=127.0.0.1,port=9000,server,\ tls-creds=tls0,tls-authz=authz0 \ ...other qemu args... Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* | vnc: allow specifying a custom authorization object nameDaniel P. Berrange2019-03-111-10/+25
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The VNC server has historically had support for ACLs to check both the SASL username and the TLS x509 distinguished name. The VNC server was responsible for creating the initial ACL, and the client app was then responsible for populating it with rules using the HMP 'acl_add' command. This is not satisfactory for a variety of reasons. There is no way to populate the ACLs from the command line, users are forced to use the HMP. With multiple network services all supporting TLS and ACLs now, it is desirable to be able to define a single ACL that is referenced by all services. To address these limitations, two new options are added to the VNC server CLI. The 'tls-authz' option takes the ID of a QAuthZ object to use for checking TLS x509 distinguished names, and the 'sasl-authz' option takes the ID of another object to use for checking SASL usernames. In this example, we setup two authorization rules. The first allows any client with a certificate issued by the 'RedHat' organization in the 'London' locality. The second ACL allows clients with either the 'joe@REDHAT.COM' or 'fred@REDHAT.COM' kerberos usernames. Both checks must pass for the user to be allowed. $QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\ endpoint=server,verify-peer=yes \ -object authz-simple,id=authz0,policy=deny,\ rules.0.match=O=RedHat,,L=London,rules.0.policy=allow \ -object authz-simple,id=authz1,policy=deny,\ rules.0.match=fred@REDHAT.COM,rules.0.policy=allow \ rules.0.match=joe@REDHAT.COM,rules.0.policy=allow \ -vnc 0.0.0.0:1,tls-creds=tls0,tls-authz=authz0, sasl,sasl-authz=authz1 \ ...other QEMU args... Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20190227145755.26556-2-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* authz: add QAuthZPAM object type for authorizing using PAMDaniel P. Berrange2019-02-261-0/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add an authorization backend that talks to PAM to check whether the user identity is allowed. This only uses the PAM account validation facility, which is essentially just a check to see if the provided username is permitted access. It doesn't use the authentication or session parts of PAM, since that's dealt with by the relevant part of QEMU (eg VNC server). Consider starting QEMU with a VNC server and telling it to use TLS with x509 client certificates and configuring it to use an PAM to validate the x509 distinguished name. In this example we're telling it to use PAM for the QAuthZ impl with a service name of "qemu-vnc" $ qemu-system-x86_64 \ -object tls-creds-x509,id=tls0,dir=/home/berrange/security/qemutls,\ endpoint=server,verify-peer=yes \ -object authz-pam,id=authz0,service=qemu-vnc \ -vnc :1,tls-creds=tls0,tls-authz=authz0 This requires an /etc/pam/qemu-vnc file to be created with the auth rules. A very simple file based whitelist can be setup using $ cat > /etc/pam/qemu-vnc <<EOF account requisite pam_listfile.so item=user sense=allow file=/etc/qemu/vnc.allow EOF The /etc/qemu/vnc.allow file simply contains one username per line. Any username not in the file is denied. The usernames in this example are the x509 distinguished name from the client's x509 cert. $ cat > /etc/qemu/vnc.allow <<EOF CN=laptop.berrange.com,O=Berrange Home,L=London,ST=London,C=GB EOF More interesting would be to configure PAM to use an LDAP backend, so that the QEMU authorization check data can be centralized instead of requiring each compute host to have file maintained. The main limitation with this PAM module is that the rules apply to all QEMU instances on the host. Setting up different rules per VM, would require creating a separate PAM service name & config file for every guest. An alternative approach for the future might be to not pass in the plain username to PAM, but instead combine the VM name or UUID with the username. This requires further consideration though. Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* authz: add QAuthZListFile object type for a file access control listDaniel P. Berrangé2019-02-261-0/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a QAuthZListFile object type that implements the QAuthZ interface. This built-in implementation is a proxy around the QAuthZList object type, initializing it from an external file, and optionally, automatically reloading it whenever it changes. To create an instance of this object via the QMP monitor, the syntax used would be: { "execute": "object-add", "arguments": { "qom-type": "authz-list-file", "id": "authz0", "props": { "filename": "/etc/qemu/vnc.acl", "refresh": true } } } If "refresh" is "yes", inotify is used to monitor the file, automatically reloading changes. If an error occurs during reloading, all authorizations will fail until the file is next successfully loaded. The /etc/qemu/vnc.acl file would contain a JSON representation of a QAuthZList object { "rules": [ { "match": "fred", "policy": "allow", "format": "exact" }, { "match": "bob", "policy": "allow", "format": "exact" }, { "match": "danb", "policy": "deny", "format": "glob" }, { "match": "dan*", "policy": "allow", "format": "exact" }, ], "policy": "deny" } This sets up an authorization rule that allows 'fred', 'bob' and anyone whose name starts with 'dan', except for 'danb'. Everyone unmatched is denied. The object can be loaded on the comand line using -object authz-list-file,id=authz0,filename=/etc/qemu/vnc.acl,refresh=yes Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* authz: add QAuthZSimple object type for easy whitelist auth checksDaniel P. Berrangé2019-02-261-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In many cases a single VM will just need to whitelist a single identity as the allowed user of network services. This is especially the case for TLS live migration (optionally with NBD storage) where we just need to whitelist the x509 certificate distinguished name of the source QEMU host. Via QMP this can be configured with: { "execute": "object-add", "arguments": { "qom-type": "authz-simple", "id": "authz0", "props": { "identity": "fred" } } } Or via the command line -object authz-simple,id=authz0,identity=fred Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* display: add -display spice-app launching a Spice clientMarc-André Lureau2019-02-221-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new display backend that will configure Spice to allow a remote client to control QEMU in a similar fashion as other QEMU display backend/UI like GTK. For this to work, it will set up Spice server with a unix socket, and register a VC chardev that will be exposed as Spice ports. A QMP monitor is also exposed as a Spice port, this allows the remote client fuller qemu control and state handling. - doesn't handle VC set_echo() - this doesn't seem a strong requirement, very few front-end use it - spice options can be tweaked with other -spice arguments - Windows support shouldn't be hard to do, but will probably use a TCP port instead - we may want to watch the child process to quit automatically if it crashed Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Tested-by: Victor Toso <victortoso@redhat.com> Message-id: 20190221110703.5775-12-marcandre.lureau@redhat.com [ kraxel: squash incremental fix ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* qemu-options: Remove deprecated option -clockThomas Huth2019-02-141-3/+0Star
| | | | | | | | | | The option is only a dummy since a long time. We've finally deprecated it in QEMU v3.0, so it's time to remove it now. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <1549545296-18903-3-git-send-email-thuth@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
* Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell2019-02-051-21/+0Star
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * cpu-exec fixes (Emilio, Laurent) * TCG bugfix in queue.h (Paolo) * high address load for linuxboot (Zhijian) * PVH support (Liam, Stefano) * misc i386 changes (Paolo, Robert, Doug) * configure tweak for openpty (Thomas) * elf2dmp port to Windows (Viktor) * initial improvements to Makefile infrastructure (Yang + GSoC 2013) # gpg: Signature made Tue 05 Feb 2019 17:34:42 GMT # gpg: using RSA key BFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (76 commits) queue: fix QTAILQ_FOREACH_REVERSE_SAFE scsi-generic: Convert from DPRINTF() macro to trace events scsi-disk: Convert from DPRINTF() macro to trace events pc: Use hotplug_handler_(plug|unplug|unplug_request) i386: hvf: Fix smp boot hangs hw/vfio/Makefile.objs: Create new CONFIG_* variables for VFIO core and PCI hw/i2c/Makefile.objs: Create new CONFIG_* variables for EEPROM and ACPI controller hw/tricore/Makefile.objs: Create CONFIG_* for tricore hw/openrisc/Makefile.objs: Create CONFIG_* for openrisc hw/moxie/Makefile.objs: Conditionally build moxie hw/hppa/Makefile.objs: Create CONFIG_* for hppa hw/cris/Makefile.objs: Create CONFIG_* for cris hw/alpha/Makefile.objs: Create CONFIG_* for alpha hw/sparc64/Makefile.objs: Create CONFIG_* for sparc64 hw/riscv/Makefile.objs: Create CONFIG_* for riscv boards hw/nios2/Makefile.objs: Conditionally build nios2 hw/xtensa/Makefile.objs: Build xtensa_sim and xtensa_fpga conditionally hw/lm32/Makefile.objs: Conditionally build lm32 and milkmyst hw/sparc/Makefile.objs: CONFIG_* for sun4m and leon3 created hw/s390/Makefile.objs: Create new CONFIG_* variables for s390x boards and devices ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # qemu-deprecated.texi
| * qemu-options: Remove deprecated "-virtioconsole" optionPaolo Bonzini2019-02-051-10/+0Star
| | | | | | | | | | | | | | | | | | It's been deprecated since QEMU 3.0, and nobody complained so far, so it is time to remove this option now. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1544684731-18828-1-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * Remove deprecated -enable-hax optionThomas Huth2019-02-051-11/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | Our command line interface is really quite overcrowded, we should avoid duplicated options that do the same thing in just a slightly different way. "-accel hax" is shorter and more generic that "-enable-hax", so there is really no real usage for the latter option. "-enable-hax" has been deprecated since two releases, and nobody complained so far, so it's time to remove this now. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1544790073-23049-1-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* | Remove deprecated -no-frame optionThomas Huth2019-02-051-11/+0Star
|/ | | | | | | | | | The -no-frame option has been deprecated with QEMU v2.12. It was only useful with SDL1.2 - now that we've removed support for SDL1.2, we can certainly remove the -no-frame option, too. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 1549351769-19620-1-git-send-email-thuth@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* xen: Replace few mentions of xend by libxlAnthony PERARD2019-01-141-2/+2
| | | | | | | | xend have been replaced by libxenlight (libxl) for many Xen releases now. Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Acked-by: Stefano Stabellini <sstabellini@kernel.org>
* Remove broken Xen PV domain builderAnthony PERARD2019-01-141-8/+0Star
| | | | | | | | | | It is broken since Xen 4.9 [1] and it will not build in Xen 4.12. Also, it is not built by default since QEMU 2.6. [1] https://lists.xenproject.org/archives/html/xen-devel/2018-09/msg00313.html Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Acked-by: Stefano Stabellini <sstabellini@kernel.org>
* util: Implement debug-threads for macOSRoman Bolshakov2019-01-081-2/+2
| | | | | | | | macOS provides pthread_setname_np that doesn't have thread id argument. Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* 9p: remove support for the "handle" backendGreg Kurz2018-12-121-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The "handle" fsdev backend was deprecated in QEMU 2.12.0 with: commit db3b3c7281ca82e2647e072a1f97db111313dd73 Author: Greg Kurz <groug@kaod.org> Date: Mon Jan 8 11:18:23 2018 +0100 9pfs: deprecate handle backend This backend raise some concerns: - doesn't support symlinks - fails +100 tests in the PJD POSIX file system test suite [1] - requires the QEMU process to run with the CAP_DAC_READ_SEARCH capability, which isn't recommended for security reasons This backend should not be used and wil be removed. The 'local' backend is the recommended alternative. [1] https://www.tuxera.com/community/posix-test-suite/ Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> It has passed the two release cooling period without any complaint. Remove it now. Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
* hostmem-memfd: honour share=on/off propertyMarc-André Lureau2018-11-271-1/+3
| | | | | | | | | The share=on/off property is used to modified mmap() MAP_SHARED setting. Make it on by default for convenience and compatibility reasons. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* help: Provide help for egl-headlessErik Skultety2018-11-161-1/+5
| | | | | | | | | | | EGL headless has been missing from QEMU's help or man page, we should mention that such a thing exists, especially since projects like libvirt might rely on that. This patch also adds the newly introduced option for egl-headless 'rendernode'. Signed-off-by: Erik Skultety <eskultet@redhat.com> Message-id: 87ef678b0934d3abba66c46c9e65b57119d29295.1542362949.git.eskultet@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* bt: Mark the bluetooth subsystem as deprecatedThomas Huth2018-11-121-0/+4
| | | | | | | | | | | | | | | | | | | It has been unmaintained since years, and there were only trivial or tree-wide changes to the related files since many years, so the code is likely very bitrotten and broken. For example the following segfaults as soon as as you press a key: qemu-system-x86_64 -usb -device usb-bt-dongle -bt hci -bt device:keyboard Since we are not aware of anybody using bluetooth with the current version of QEMU, let's mark the subsystem as deprecated, with a special request for the users to write to the qemu-devel mailing list in case they still use it (so we could revert the deprecation status in that case). Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 1542016830-19189-1-git-send-email-thuth@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* chardev: Add websocket supportJulia Suvorova2018-11-011-3/+10
| | | | | | | | | | | | | New option "websocket" added to allow using WebSocket protocol for chardev socket backend. Example: -chardev socket,websocket,server,id=... Signed-off-by: Julia Suvorova <jusual@mail.ru> Message-Id: <20181018223501.21683-3-jusual@mail.ru> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* slirp: Implement RFC2132 TFTP server nameFam Zheng2018-10-211-1/+6
| | | | | | | | | | | This new usernet option can be used to add data for option 66 (tftp server name) in the BOOTP reply, which is useful in PXE based automatic OS install such as OpenBSD. Signed-off-by: Fam Zheng <famz@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Tested-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
* Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell2018-10-191-5/+9
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * RTC fixes (Artem) * icount fixes (Artem) * rr fixes (Pavel, myself) * hotplug cleanup (Igor) * SCSI fixes (myself) * 4.20-rc1 KVM header update (myself) * coalesced PIO support (Peng Hao) * HVF fixes (Roman B.) * Hyper-V refactoring (Roman K.) * Support for Hyper-V IPI (Vitaly) # gpg: Signature made Fri 19 Oct 2018 12:47:58 BST # gpg: using RSA key BFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (47 commits) replay: pass raw icount value to replay_save_clock target/i386: kvm: just return after migrate_add_blocker failed hyperv_testdev: add SynIC message and event testmodes hyperv: process POST_MESSAGE hypercall hyperv: add support for KVM_HYPERV_EVENTFD hyperv: process SIGNAL_EVENT hypercall hyperv: add synic event flag signaling hyperv: add synic message delivery hyperv: make overlay pages for SynIC hyperv: only add SynIC in compatible configurations hyperv: qom-ify SynIC hyperv:synic: split capability testing and setting i386: add hyperv-stub for CONFIG_HYPERV=n default-configs: collect CONFIG_HYPERV* in hyperv.mak hyperv: factor out arch-independent API into hw/hyperv hyperv: make hyperv_vp_index inline hyperv: split hyperv-proto.h into x86 and arch-independent parts hyperv: rename kvm_hv_sint_route_set_sint hyperv: make HvSintRoute reference-counted hyperv: address HvSintRoute by X86CPU pointer ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * vl: improve/fix documentation related to RTC functionArtem Pisarenko2018-10-191-5/+9
| | | | | | | | | | | | | | | | | | Documentation describing -rtc option updated to better match current implementation and highlight some important specifics. Signed-off-by: Artem Pisarenko <artem.k.pisarenko@gmail.com> Message-Id: <1b245c6c0803d4bf11dcbf9eb32f34af8c2bd0b4.1539846575.git.artem.k.pisarenko@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* | qemu-options: Fix bad "macaddr" property in the documentationThomas Huth2018-10-191-1/+1
|/ | | | | | | | | | When using the "-device" option, the property is called "mac". "macaddr" is only used for the legacy "-net nic" option. Reported-by: Harald Hoyer <harald@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
* qcow2: Fix cache-clean-interval documentationLeonid Bloch2018-10-011-1/+2
| | | | | | | | | Fixing cache-clean-interval documentation following the recent change to a default of 600 seconds on supported plarforms (only Linux currently). Signed-off-by: Leonid Bloch <lbloch@janustech.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* qcow2: Set the default cache-clean-interval to 10 minutesLeonid Bloch2018-10-011-1/+1
| | | | | | | | | | | | | | The default cache-clean-interval is set to 10 minutes, in order to lower the overhead of the qcow2 caches (before the default was 0, i.e. disabled). * For non-Linux platforms the default is kept at 0, because cache-clean-interval is not supported there yet. Signed-off-by: Leonid Bloch <lbloch@janustech.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* qcow2: Increase the default upper limit on the L2 cache sizeLeonid Bloch2018-10-011-3/+3
| | | | | | | | | | | | | | | | | | The upper limit on the L2 cache size is increased from 1 MB to 32 MB on Linux platforms, and to 8 MB on other platforms (this difference is caused by the ability to set intervals for cache cleaning on Linux platforms only). This is done in order to allow default full coverage with the L2 cache for images of up to 256 GB in size (was 8 GB). Note, that only the needed amount to cover the full image is allocated. The value which is changed here is just the upper limit on the L2 cache size, beyond which it will not grow, even if the size of the image will require it to. Signed-off-by: Leonid Bloch <lbloch@janustech.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* qcow2: Assign the L2 cache relatively to the image sizeLeonid Bloch2018-10-011-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Sufficient L2 cache can noticeably improve the performance when using large images with frequent I/O. Previously, unless 'cache-size' was specified and was large enough, the L2 cache was set to a certain size without taking the virtual image size into account. Now, the L2 cache assignment is aware of the virtual size of the image, and will cover the entire image, unless the cache size needed for that is larger than a certain maximum. This maximum is set to 1 MB by default (enough to cover an 8 GB image with the default cluster size) but can be increased or decreased using the 'l2-cache-size' option. This option was previously documented as the *maximum* L2 cache size, and this patch makes it behave as such, instead of as a constant size. Also, the existing option 'cache-size' can limit the sum of both L2 and refcount caches, as previously. Signed-off-by: Leonid Bloch <lbloch@janustech.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* qcow2: Options' documentation fixesLeonid Bloch2018-10-011-3/+6
| | | | | | | Signed-off-by: Leonid Bloch <lbloch@janustech.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* net: Remove the deprecated -tftp, -bootp, -redir and -smb optionsThomas Huth2018-08-311-15/+0Star
| | | | | | | | | | | | | These options likely do not work as expected as soon as the user tries to use more than one network interface at once. The parameters have been marked as deprecated since QEMU v2.6, so users had plenty of time to move their scripts to the new syntax. Time to remove the old parameters now. Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Peter Krempa <pkrempa@redhat.com> Acked-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
* Remove the deprecated options -startdate, -localtime and -rtc-td-hackThomas Huth2018-08-311-7/+0Star
| | | | | | | | | Deprecated since two releases, nobody complained, thus it's time to remove them now. Acked-by: Peter Krempa <pkrempa@redhat.com> Acked-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
* Remove the deprecated -nodefconfig optionThomas Huth2018-08-311-2/+2
| | | | | | | | | It's the same as -no-user-config and marked as deprecated since three releases already. Time to remove it now. Acked-by: Peter Krempa <pkrempa@redhat.com> Acked-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>