summaryrefslogtreecommitdiffstats
path: root/tests/Makefile
Commit message (Collapse)AuthorAgeFilesLines
* migration: Move qjson.[ch] to migration/Markus Armbruster2016-05-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Type QJSON lets you build JSON text. Its interface mirrors (a subset of) abstract JSON syntax. QAPI output visitors also produce JSON text. They assert their preconditions and invariants, and therefore abort on incorrect use. Contrastingly, QJSON does *not* detect incorrect use. It happily produces invalid JSON then. This is what migration wants. QJSON was designed for migration, and migration is its only user. Move it to migration/ for proper coverage by MAINTAINERS, and to deter accidental use outside migration. [Pointed out by Eric: QJSON was added in commits 0457d07..b174257 -- Amit] Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <1462380558-2030-2-git-send-email-armbru@redhat.com> Signed-off-by: Amit Shah <amit.shah@redhat.com>
* tests: Add check-qnullEric Blake2016-05-121-1/+5
| | | | | | | | | | | | | | | | | | | | Add a new test, for checking reference counting of qnull(). As part of the new file, move a previous reference counting change added in commit a861564 to a more logical place. Note that while most of the check-q*.c leave visitor stuff to the test-qmp-*-visitor.c, in this case we actually want the visitor tests in our new file because we are validating the reference count of qnull_, which is an internal detail that test-qmp-*-visitor should not be peeking into (or put another way, qnull() is the only special case where we don't have independent allocation of a QObject, so none of the other visitor tests require the layering violation present in this test). Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1461879932-9020-14-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
* qemu-ga: do not run qga test when guest agent disabledYang Hongyang2016-04-191-1/+3
| | | | | | | | | | | | | | | | | | | | When configure with --disable-guest-agent, make check will fail with: ERROR:tests/test-qga.c:74:fixture_setup: assertion failed (error == NULL): Failed to execute child process "/home/xx/qemu/qemu-ga" (No such file or directory) (g-exec-error-quark, 8) make: *** [check-tests/test-qga] Error 1 This check was commented out by bab47d9a75a. I think that was by mistake, because the commit message of that commit didn't mention this change. Signed-off-by: Yang Hongyang <hongyang.yang@easystack.cn> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Michael Roth <mdroth@linux.vnet.ibm.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com> Cc: qemu-stable@nongnu.org
* Sort the fw_cfg file listGerd Hoffmann2016-04-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Entries are inserted in filename order instead of being appended to the end in case sorting is enabled. This will avoid any future issues of moving the file creation around, it doesn't matter what order they are created now, the will always be in filename order. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Added machine type handling for compatibility. This was a fairly complex change, this will preserve the order of fw_cfg for older versions no matter what order the firmware files actually come in. A list is kept of the correct legacy order and the entries will be inserted based upon their order in the list. Except that some entries are ordered (in a specific area of the list) based upon what order they appear on the command line. Special handling is added for those entries. Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* crypto: fix nettle config check for running pbkdf testDaniel P. Berrange2016-04-051-1/+1
| | | | | | | | | | | The pbkdf test is being built based on a check for CONFIG_NETTLE. As of fff2f982ab6ac0dd2b641d30303f72270a019f28, it should be instead checking CONFIG_NETTLE_KDF Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Tested-by: Bruce Rogers <brogers@suse.com> Tested-by: Ed Maste <emaste@freebsd.org> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* tests/test-filter-redirector: Add unit test for filter-redirectorZhang Chen2016-03-301-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In this unit test,we will test the filter redirector function. Case 1, tx traffic flow: qemu side | test side | +---------+ | +-------+ | backend <---------------+ sock0 | +----+----+ | +-------+ | | +----v----+ +-------+ | | rd0 +->+chardev| | +---------+ +---+---+ | | | +---------+ | | | rd1 <------+ | +----+----+ | | | +----v----+ | +-------+ | rd2 +--------------->sock1 | +---------+ | +-------+ + a. we(sock0) inject packet to qemu socket backend b. backend pass packet to filter redirector0(rd0) c. rd0 redirect packet to out_dev(chardev) which is connected with filter redirector1's(rd1) in_dev d. rd1 read this packet from in_dev, and pass to next filter redirector2(rd2) e. rd2 redirect packet to rd2's out_dev which is connected with an opened socketed(sock1) f. we read packet from sock1 and compare to what we inject Start qemu with: "-netdev socket,id=qtest-bn0,fd=%d " "-device rtl8139,netdev=qtest-bn0,id=qtest-e0 " "-chardev socket,id=redirector0,path=%s,server,nowait " "-chardev socket,id=redirector1,path=%s,server,nowait " "-chardev socket,id=redirector2,path=%s,nowait " "-object filter-redirector,id=qtest-f0,netdev=qtest-bn0," "queue=tx,outdev=redirector0 " "-object filter-redirector,id=qtest-f1,netdev=qtest-bn0," "queue=tx,indev=redirector2 " "-object filter-redirector,id=qtest-f2,netdev=qtest-bn0," "queue=tx,outdev=redirector1 " -------------------------------------- Case 2, rx traffic flow qemu side | test side | +---------+ | +-------+ | backend +---------------> sock1 | +----^----+ | +-------+ | | +----+----+ +-------+ | | rd0 +<-+chardev| | +---------+ +---+---+ | ^ | +---------+ | | | rd1 +------+ | +----^----+ | | | +----+----+ | +-------+ | rd2 <---------------+sock0 | +---------+ | +-------+ a. we(sock0) insert packet to filter redirector2(rd2) b. rd2 pass packet to filter redirector1(rd1) c. rd1 redirect packet to out_dev(chardev) which is connected with filter redirector0's(rd0) in_dev d. rd0 read this packet from in_dev, and pass ti to qemu backend which is connected with an opened socketed(sock1) e. we read packet from sock1 and compare to what we inject Start qemu with: "-netdev socket,id=qtest-bn0,fd=%d " "-device rtl8139,netdev=qtest-bn0,id=qtest-e0 " "-chardev socket,id=redirector0,path=%s,server,nowait " "-chardev socket,id=redirector1,path=%s,server,nowait " "-chardev socket,id=redirector2,path=%s,nowait " "-object filter-redirector,id=qtest-f0,netdev=qtest-bn0," "queue=rx,outdev=redirector0 " "-object filter-redirector,id=qtest-f1,netdev=qtest-bn0," "queue=rx,indev=redirector2 " "-object filter-redirector,id=qtest-f2,netdev=qtest-bn0," "queue=rx,outdev=redirector1 " Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com> Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
* tests/test-filter-mirror:add filter-mirror unit testZhang Chen2016-03-301-0/+2
| | | | | | | | | | | | | | | | | | In this unit test we will test the mirror function. start qemu with: -netdev socket,id=qtest-bn0,fd=sockfd -device e1000,netdev=qtest-bn0,id=qtest-e0 -chardev socket,id=mirror0,path=/tmp/filter-mirror-test.sock,server,nowait -object filter-mirror,id=qtest-f0,netdev=qtest-bn0,queue=tx,outdev=mirror0 We inject packet to netdev socket id = qtest-bn0, filter-mirror will copy and mirror the packet to mirror0. we read packet from mirror0 and then compare to what we injected. Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> Signed-off-by: Wen Congyang <wency@cn.fujitsu.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
* Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell2016-03-241-0/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Log filtering from Alex and Peter * Chardev fix from Marc-André * config.status tweak from David * Header file tweaks from Markus, myself and Veronia (Outreachy candidate) * get_ticks_per_sec() removal from Rutuja (Outreachy candidate) * Coverity fix from myself * PKE implementation from myself, based on rth's XSAVE support # gpg: Signature made Thu 24 Mar 2016 20:15:11 GMT using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" * remotes/bonzini/tags/for-upstream: (28 commits) target-i386: implement PKE for TCG config.status: Pass extra parameters char: translate from QIOChannel error to errno exec: fix error handling in file_ram_alloc cputlb: modernise the debug support qemu-log: support simple pid substitution for logs target-arm: dfilter support for in_asm qemu-log: dfilter-ise exec, out_asm, op and opt_op qemu-log: new option -dfilter to limit output qemu-log: Improve the "exec" TB execution logging qemu-log: Avoid function call for disabled qemu_log_mask logging qemu-log: correct help text for -d cpu tcg: pass down TranslationBlock to tcg_code_gen util: move declarations out of qemu-common.h Replaced get_tick_per_sec() by NANOSECONDS_PER_SECOND hw: explicitly include qemu-common.h and cpu.h include/crypto: Include qapi-types.h or qemu/bswap.h instead of qemu-common.h isa: Move DMA_transfer_handler from qemu-common.h to hw/isa/isa.h Move ParallelIOArg from qemu-common.h to sysemu/char.h Move QEMU_ALIGN_*() from qemu-common.h to qemu/osdep.h ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Conflicts: scripts/clean-includes
| * qemu-log: new option -dfilter to limit outputAlex Bennée2016-03-221-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When debugging big programs or system emulation sometimes you want both the verbosity of cpu,exec et all but don't want to generate lots of logs for unneeded stuff. This patch adds a new option -dfilter which allows you to specify interesting address ranges in the form: -dfilter 0x8000..0x8fff,0xffffffc000080000+0x200,... Then logging code can use the new qemu_log_in_addr_range() function to decide if it will output logging information for the given range. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <1458052224-9316-7-git-send-email-alex.bennee@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* | Merge remote-tracking branch 'remotes/armbru/tags/pull-ivshmem-2016-03-18' ↵Peter Maydell2016-03-231-1/+1
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging ivshmem: Fixes, cleanups, device model split # gpg: Signature made Mon 21 Mar 2016 20:33:54 GMT using RSA key ID EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" * remotes/armbru/tags/pull-ivshmem-2016-03-18: (40 commits) contrib/ivshmem-server: Print "not for production" warning ivshmem: Require master to have ID zero ivshmem: Drop ivshmem property x-memdev ivshmem: Clean up after the previous commit ivshmem: Split ivshmem-plain, ivshmem-doorbell off ivshmem ivshmem: Replace int role_val by OnOffAuto master qdev: New DEFINE_PROP_ON_OFF_AUTO ivshmem: Inline check_shm_size() into its only caller ivshmem: Simplify memory regions for BAR 2 (shared memory) ivshmem: Implement shm=... with a memory backend ivshmem: Tighten check of property "size" ivshmem: Simplify how we cope with short reads from server ivshmem: Drop the hackish test for UNIX domain chardev ivshmem: Rely on server sending the ID right after the version ivshmem: Propagate errors through ivshmem_recv_setup() ivshmem: Receive shared memory synchronously in realize() ivshmem: Plug leaks on unplug, fix peer disconnect ivshmem: Disentangle ivshmem_read() ivshmem: Simplify rejection of invalid peer ID from server ivshmem: Assert interrupts are set up once ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * event_notifier: Make event_notifier_init_fd() #ifdef CONFIG_EVENTFDMarkus Armbruster2016-03-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Event notifiers are designed for eventfd(2). They can fall back to pipes, but according to Paolo, event_notifier_init_fd() really requires the real thing, and should therefore be under #ifdef CONFIG_EVENTFD. Do that. Its only user is ivshmem, which is currently CONFIG_POSIX. Narrow it to CONFIG_EVENTFD. Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1458066895-20632-6-git-send-email-armbru@redhat.com>
* | crypto: add block encryption frameworkDaniel P. Berrange2016-03-171-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a generic framework for supporting different block encryption formats. Upon instantiating a QCryptoBlock object, it will read the encryption header and extract the encryption keys. It is then possible to call methods to encrypt/decrypt data buffers. There is also a mode whereby it will create/initialize a new encryption header on a previously unformatted volume. The initial framework comes with support for the legacy QCow AES based encryption. This enables code in the QCow driver to be consolidated later. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* | crypto: import an implementation of the XTS cipher modeDaniel P. Berrange2016-03-171-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The XTS (XEX with tweaked-codebook and ciphertext stealing) cipher mode is commonly used in full disk encryption. There is unfortunately no implementation of it in either libgcrypt or nettle, so we need to provide our own. The libtomcrypt project provides a repository of crypto algorithms under a choice of either "public domain" or the "what the fuck public license". So this impl is taken from the libtomcrypt GIT repo and adapted to be compatible with the way we need to call ciphers provided by nettle/gcrypt. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* | crypto: add support for anti-forensic split algorithmDaniel P. Berrange2016-03-171-0/+2
| | | | | | | | | | | | | | | | | | | | The LUKS format specifies an anti-forensic split algorithm which is used to artificially expand the size of the key material on disk. This is an implementation of that algorithm. Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* | crypto: add support for generating initialization vectorsDaniel P. Berrange2016-03-171-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | There are a number of different algorithms that can be used to generate initialization vectors for disk encryption. This introduces a simple internal QCryptoBlockIV object to provide a consistent internal API to the different algorithms. The initially implemented algorithms are 'plain', 'plain64' and 'essiv', each matching the same named algorithm provided by the Linux kernel dm-crypt driver. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* | crypto: add support for PBKDF2 algorithmDaniel P. Berrange2016-03-171-0/+2
|/ | | | | | | | | | | | | | | | | | | | The LUKS data format includes use of PBKDF2 (Password-Based Key Derivation Function). The Nettle library can provide an implementation of this, but we don't want code directly depending on a specific crypto library backend. Introduce a new include/crypto/pbkdf.h header which defines a QEMU API for invoking PBKDK2. The initial implementations are backed by nettle & gcrypt, which are commonly available with distros shipping GNUTLS. The test suite data is taken from the cryptsetup codebase under the LGPLv2.1+ license. This merely aims to verify that whatever backend we provide for this function in QEMU will comply with the spec. Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* qapi: Drop useless 'data' member of unionsEric Blake2016-03-051-1/+0Star
| | | | | | | | | | | | | | We started moving away from the use of the 'void *data' member in the C union corresponding to a QAPI union back in commit 544a373; recent commits have gotten rid of other uses. Now that it is completely unused, we can remove the member itself as well as the FIXME comment. Update the testsuite to drop the negative test union-clash-data. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1457021813-10704-11-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
* Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2016-02-19' into ↵Peter Maydell2016-02-191-0/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging QAPI patches for 2016-02-19 # gpg: Signature made Fri 19 Feb 2016 10:10:18 GMT using RSA key ID EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" * remotes/armbru/tags/pull-qapi-2016-02-19: qapi: Change visit_start_implicit_struct to visit_start_alternate qapi: Don't box branches of flat unions qapi: Don't box struct branch of alternate qapi-visit: Use common idiom in gen_visit_fields_decl() qapi: Emit structs used as variants in topological order qapi: Adjust layout of FooList types qapi-visit: Less indirection in visit_type_Foo_fields() qapi-visit: Unify struct and union visit qapi: Visit variants in visit_type_FOO_fields() qapi-visit: Simplify how we visit common union members qapi: Add tests of complex objects within alternate qapi: Forbid 'any' inside an alternate qapi: Forbid empty unions and useless alternates qapi: Simplify excess input reporting in input visitors qapi-visit: Honor prefix of discriminator enum Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * qapi: Forbid 'any' inside an alternateEric Blake2016-02-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The whole point of an alternate is to allow some type-safety while still accepting more than one JSON type. Meanwhile, the 'any' type exists to bypass type-safety altogether. The two are incompatible: you can't accept every type, and still tell which branch of the alternate to use for the parse; fix this to give a sane error instead of a Python stack trace. Note that other types that can't be alternate members are caught earlier, by check_type(). Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1455778109-6278-4-git-send-email-eblake@redhat.com> [Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
* | Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell2016-02-191-1/+4
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | vhost, virtio, pci, pxe Fixes all over the place. New tests for pxe. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Thu 18 Feb 2016 15:46:39 GMT using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: tests/vhost-user-bridge: add scattering of incoming packets vhost-user interrupt management fixes rules: filter out irrelevant files change type of pci_bridge_initfn() to void dec: convert to realize() tests: add pxe e1000 and virtio-pci tests msix: fix msix_vector_masked virtio: optimize virtio_access_is_big_endian() for little-endian targets vhost: simplify vhost_needs_vring_endian() vhost: move virtio 1.0 check to cross-endian helper virtio: move cross-endian helper to vhost vhost-net: revert support of cross-endian vnet headers virtio-net: use the backend cross-endian capabilities Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * tests: add pxe e1000 and virtio-pci testsVictor Kaplansky2016-02-161-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | The test is based on bios-tables-test.c. It creates a file with the boot sector image and loads it into a guest using PXE and TFTP functionality. Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Victor Kaplansky <victork@redhat.com> Suggested-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* | nbd: convert block client to use I/O channels for connection setupDaniel P. Berrange2016-02-161-1/+1
|/ | | | | | | | | | | | | | | | | | | | This converts the NBD block driver client to use the QIOChannelSocket class for initial connection setup. The NbdClientSession struct has two pointers, one to the master QIOChannelSocket providing the raw data channel, and one to a QIOChannel which is the current channel used for I/O. Initially the two point to the same object, but when TLS support is added, they will point to different objects. The qemu-img & qemu-io tools now need to use MODULE_INIT_QOM to ensure the QIOChannel object classes are registered. The qemu-nbd tool already did this. In this initial conversion though, all I/O is still actually done using the raw POSIX sockets APIs. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1455129674-17255-4-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* char: convert from GIOChannel to QIOChannelDaniel P. Berrange2016-01-261-1/+1
| | | | | | | | | | | | In preparation for introducing TLS support to the TCP chardev backend, convert existing chardev code from using GIOChannel to QIOChannel. This simplifies the chardev code by removing most of the OS platform conditional code for dealing with file descriptor passing. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1453202071-10289-3-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* ipmi: Add testsCorey Minyard2015-12-221-0/+4
| | | | | | | | | Test the KCS interface with a local BMC and a BT interface with an external BMC. Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* crypto: add QCryptoSecret object class for password/key handlingDaniel P. Berrange2015-12-181-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce a new QCryptoSecret object class which will be used for providing passwords and keys to other objects which need sensitive credentials. The new object can provide secret values directly as properties, or indirectly via a file. The latter includes support for file descriptor passing syntax on UNIX platforms. Ordinarily passing secret values directly as properties is insecure, since they are visible in process listings, or in log files showing the CLI args / QMP commands. It is possible to use AES-256-CBC to encrypt the secret values though, in which case all that is visible is the ciphertext. For ad hoc developer testing though, it is fine to provide the secrets directly without encryption so this is not explicitly forbidden. The anticipated scenario is that libvirtd will create a random master key per QEMU instance (eg /var/run/libvirt/qemu/$VMNAME.key) and will use that key to encrypt all passwords it provides to QEMU via '-object secret,....'. This avoids the need for libvirt (or other mgmt apps) to worry about file descriptor passing. It also makes life easier for people who are scripting the management of QEMU, for whom FD passing is significantly more complex. Providing data inline (insecure, only for ad hoc dev testing) $QEMU -object secret,id=sec0,data=letmein Providing data indirectly in raw format printf "letmein" > mypasswd.txt $QEMU -object secret,id=sec0,file=mypasswd.txt Providing data indirectly in base64 format $QEMU -object secret,id=sec0,file=mykey.b64,format=base64 Providing data with encryption $QEMU -object secret,id=master0,file=mykey.b64,format=base64 \ -object secret,id=sec0,data=[base64 ciphertext],\ keyid=master0,iv=[base64 IV],format=base64 Note that 'format' here refers to the format of the ciphertext data. The decrypted data must always be in raw byte format. More examples are shown in the updated docs. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* util: add base64 decoding functionDaniel P. Berrange2015-12-181-0/+3
| | | | | | | | | | | The standard glib provided g_base64_decode doesn't provide any kind of sensible error checking on its input. Add a QEMU custom wrapper qbase64_decode which can be used with untrustworthy input that can contain invalid base64 characters, embedded NUL characters, or not be NUL terminated at all. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* io: add QIOChannelBuffer classDaniel P. Berrange2015-12-181-0/+3
| | | | | | | | | | Add a QIOChannel subclass that is capable of performing I/O to/from a memory buffer. This implementation does not attempt to support concurrent readers & writers. It is designed for serialized access where by a single thread at a time may write data, seek and then read data back out. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* io: add QIOChannelCommand classDaniel P. Berrange2015-12-181-0/+3
| | | | | | | | Add a QIOChannel subclass that is capable of performing I/O to/from a separate process, via a pair of pipes. The command can be used for unidirectional or bi-directional I/O. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* io: add QIOChannelTLS classDaniel P. Berrange2015-12-181-0/+4
| | | | | | | | | | | | | | Add a QIOChannel subclass that can run the TLS protocol over the top of another QIOChannel instance. The object provides a simplified API to perform the handshake when starting the TLS session. The layering of TLS over the underlying channel does not have to be setup immediately. It is possible to take an existing QIOChannel that has done some handshake and then swap in the QIOChannelTLS layer. This allows for use with protocols which start TLS right away, and those which start plain text and then negotiate TLS. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* io: add QIOChannelFile classDaniel P. Berrange2015-12-181-0/+3
| | | | | | | | Add a QIOChannel subclass that is capable of operating on things that are files, such as plain files, pipes, character/block devices, but notably not sockets. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* io: add QIOChannelSocket classDaniel P. Berrange2015-12-181-0/+3
| | | | | | | | | | | | | Implement a QIOChannel subclass that supports sockets I/O. The implementation is able to manage a single socket file descriptor, whether a TCP/UNIX listener, TCP/UNIX connection, or a UDP datagram. It provides APIs which can listen and connect either asynchronously or synchronously. Since there is no asynchronous DNS lookup API available, it uses the QIOTask helper for spawning a background thread to ensure non-blocking operation. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* io: add QIOTask class for async operationsDaniel P. Berrange2015-12-181-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A number of I/O operations need to be performed asynchronously to avoid blocking the main loop. The caller of such APIs need to provide a callback to be invoked on completion/error and need access to the error, if any. The small QIOTask provides a simple framework for dealing with such probes. The API docs inline provide an outline of how this is to be used. Some functions don't have the ability to run asynchronously (eg getaddrinfo always blocks), so to facilitate their use, the task class provides a mechanism to run a blocking function in a thread, while triggering the completion callback in the main event loop thread. This easily allows any synchronous function to be made asynchronous, albeit at the cost of spawning a thread. In this series, the QIOTask class will be used for things like the TLS handshake, the websockets handshake and TCP connect() progress. The concept of QIOTask is inspired by the GAsyncResult interface / GTask class in the GIO libraries. The min version requirements on glib don't allow those to be used from QEMU, so QIOTask provides a facsimilie which can be easily switched to GTask in the future if the min version is increased. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* qapi: Detect base class loopsEric Blake2015-12-171-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It should be fairly obvious that qapi base classes need to form an acyclic graph, since QMP cannot specify the same key more than once, while base classes are included as flat members alongside other members added by the child. But the old check_member_clash() parser function was not prepared to check for this, and entered an infinite recursion (at least until Python gives up, complaining about nesting too deep). Now that check_member_clash() has been recently removed, attempts at self-inheritance trigger an assertion failure introduced by commit ac88219a. The obvious fix is to turn the assertion into a conditional. This patch includes both the tests (base-cycle-direct and base-cycle-indirect) and the fix, since the .err file output for the unfixed case is not useful (particularly when it was warning about unbounded recursion, as that limit may be platform-specific). We don't need to worry about cycles in flat unions (neither the base type nor the type of a variant can be a union) nor in alternates (alternate branches cannot themselves be an alternate). But if we later allow a union type as a variant, we will still be okay, as QAPISchemaObjectTypeVariants.check() triggers the same QAPISchemaObjectType.check() that will detect any loops. Likewise, we need not worry about the case of diamond inheritance where the same class is used for a flat union base class and one of its variants; either both uses will introduce a collision in trying to insert the same member name twice, or the shared type is empty and changes nothing. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1449033659-25497-16-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
* qapi: Move duplicate collision checks to schema check()Eric Blake2015-12-171-1/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | With the recent commit 'qapi: Detect collisions in C member names', we have two different locations for detecting clashes - one at parse time, and another at QAPISchema*.check() time. Remove all of the ad hoc parser checks, and delete associated code (for example, the global check_member_clash() method is no longer needed). Testing this showed that the test union-bad-branch wasn't adding much: union-clash-branches also exposes the error message when branches collide, and we've recently fixed things to avoid an implicit collision with max. Likewise, the error for enum-clash-member changes to report our new detection of upper case in a value name, unless we modify the test to use all lower case. The wording of several error messages has changed, but the change is generally an improvement rather than a regression. No change to generated code. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1449033659-25497-15-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
* qapi: Enforce (or whitelist) case conventions on qapi membersEric Blake2015-12-171-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We document that members of enums and objects should be 'lower-case', although we were not enforcing it. We have to whitelist a few pre-existing entities that violate the norms. Add three new tests to expose the new error message, each of which first uses the whitelisted name 'UuidInfo' to prove the whitelist works, then triggers the failure (this is the same pattern used in the existing returns-whitelist.json test). Note that by adding this check, we have effectively forbidden an entity with a case-insensitive clash of member names, for any entity that is not on the whitelist (although there is still the possibility to clash via '-' vs. '_'). Not done here: a future patch should also add naming convention support and whitelist exceptions for command, event, and type names. The additions to QAPISchemaMember.check_clash() check whether info['name'] is in the whitelist (the top-most entity name at the point 'info' tracks), rather than self.owner (the type, possibly implicit, that directly owns the member), because it is easier to maintain the whitelist by the names actually in the user's .json file, rather than worrying about the names of implicit types. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1449033659-25497-14-git-send-email-eblake@redhat.com> [Simplified a bit as per discussion with Eric] Signed-off-by: Markus Armbruster <armbru@redhat.com>
* qapi: Remove obsolete tests for MAX collisionEric Blake2015-12-171-3/+0Star
| | | | | | | | | | | Now that we no longer collide with an implicit _MAX enum member, we no longer need to reject it in the ad hoc parser, and can remove several tests that are no longer needed. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-24-git-send-email-eblake@redhat.com> [Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com>
* qapi: Tighten the regex on valid namesEric Blake2015-12-171-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We already documented that qapi names should match specific patterns (such as starting with a letter unless it was an enum value or a downstream extension). Tighten that from a suggestion into a hard requirement, which frees up names beginning with a single underscore for qapi internal usage. The tighter regex doesn't forbid everything insane that a user could provide (for example, a user could name a type 'Foo-lookup' to collide with the generated 'Foo_lookup[]' for an enum 'Foo'), but does a good job at protecting the most obvious uses, and also happens to reserve single leading underscore for later use. The handling of enum values starting with a digit is tricky: commit 9fb081e introduced a subtle bug by using c_name() on a munged value, which would allow an enum to include the member 'q-int' in spite of our reservation. Furthermore, munging with a leading '_' would fail our tighter regex. So fix it by only munging for leading digits (which are never ticklish in c_name()) and by using a different prefix (I picked 'D', although any letter should do). Add new tests, reserved-member-underscore and reserved-enum-q, to demonstrate the tighter checking. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-22-git-send-email-eblake@redhat.com> Message-Id: <1447883135-18020-1-git-send-email-eblake@redhat.com> [Eric's fixup squashed in] Signed-off-by: Markus Armbruster <armbru@redhat.com>
* qapi: Remove outdated tests related to QMP/branch collisionsEric Blake2015-12-171-3/+0Star
| | | | | | | | | | | | | | | | Now that branches are in a separate C namespace, we can remove the restrictions in the parser that claim a branch name would collide with QMP, and delete the negative tests that are no longer problematic. A separate patch can then add positive tests to qapi-schema-test to test that any corner cases will compile correctly. This reverts the scripts/qapi.py portion of commit 7b2a5c2, now that the assertions that it plugged are no longer possible. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1447836791-369-15-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
* tests: Fix check-report-qtest-% targetAndreas Färber2015-12-031-2/+2
| | | | | | | | | | | | | Commit e253c28 ("tests: Fix how qom-test is run") introduced $(qtest-generic-y) and used it for check-qtest-% target, but did not update check-report-qtest-%. This causes check-report-qtest-aarch64.xml target to fail with a gtester usage error for lack of test arguments. Fix this by adding $(qtest-generic-y) in check-report-qtest-%. Also add it in check-clean target, spotted by Markus. Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
* tests/Makefile: Add more dependencies for test-timed-averageKevin Wolf2015-11-251-2/+1Star
| | | | | | | | | 'make check' failed to compile the test case for mingw because of undefined references. Pull in a few more dependencies so that it builds. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
* tests: re-enable vhost-user-testMarc-André Lureau2015-11-191-2/+3
| | | | | | | | | | | | | | | | | | | Commit 7fe34ca9c2e actually disabled vhost-user-test altogether, since CONFIG_VHOST_NET is a per-target config variable. tests/vhost-user-test is already x86/x64 softmmu specific test, in order to enable it correctly, kvm & vhost-net are also conditions. To check that, set CONFIG_VHOST_NET_TEST_$target when kvm is also enabled. Since "check-qtest-x86_64-y = $(check-qtest-i386-y)", avoid duplication when both x86 & x64 are enabled. Other targets than x86 aren't enabled yet, and is intentionally left as a future improvement, since I can't easily test those. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* util: Infrastructure for computing recent averagesAlberto Garcia2015-11-121-0/+4
| | | | | | | | | | | | | | | | | | | This module computes the average of a set of values within a time window, keeping also track of the minimum and maximum values. In order to produce more accurate results it works internally by creating two time windows of the same period, offsetted by half of that period. Values are accounted on both windows and the data is always returned from the oldest one. [Add missing util/replay.o to test-timed-average dependencies to fix the build. --Stefan] Signed-off-by: Alberto Garcia <berto@igalia.com> Message-id: 201b09c21bbc9c329779d2b2365ee2b9c80dceeb.1446044837.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* tests: add BlockJobTxn unit testStefan Hajnoczi2015-11-121-0/+3
| | | | | | | | | | | | | | | The BlockJobTxn unit test verifies that both single jobs and pairs of jobs behave as a transaction group. Either all jobs complete successfully or the group is cancelled. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com> Message-id: 1446765200-3054-15-git-send-email-jsnow@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
* qapi: Reserve 'u' member nameEric Blake2015-11-021-0/+1
| | | | | | | | | | | | | | | | | | | | | | Now that we have separated union tag values from colliding with non-variant C names, by naming the union 'u', we should reserve this name for our use. Note that we want to forbid 'u' even in a struct with no variants, because it is possible for a future qemu release to extend QMP in a backwards-compatible manner while converting from a struct to a flat union. Fortunately, no existing clients were using this member name. If we ever find the need for QMP to have a member 'u', we could at that time relax things, perhaps by having c_name() munge the QMP member to 'q_u'. Note that we cannot forbid 'u' everywhere (by adding the rejection code to check_name()), because the existing QKeyCode enum already uses it; therefore we only reserve it as a struct type member name. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1445898903-12082-24-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
* qapi: Unbox base membersEric Blake2015-11-021-1/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rather than storing a base class as a pointer to a box, just store the fields of that base class in the same order, so that a child struct can be directly cast to its parent. This gives less malloc overhead, less pointer dereferencing, and even less generated code. Compare to the earlier commit 1e6c1616a "qapi: Generate a nicer struct for flat unions" (although that patch had fewer places to change, as less of qemu was directly using qapi structs for flat unions). It also allows us to turn on automatic type-safe wrappers for upcasting to the base class of a struct. Changes to the generated code look like this in qapi-types.h: | struct SpiceChannel { |- SpiceBasicInfo *base; |+ /* Members inherited from SpiceBasicInfo: */ |+ char *host; |+ char *port; |+ NetworkAddressFamily family; |+ /* Own members: */ | int64_t connection_id; as well as additional upcast functions like qapi_SpiceChannel_base(). Meanwhile, changes to qapi-visit.c look like: | static void visit_type_SpiceChannel_fields(Visitor *v, SpiceChannel **obj, Error **errp) | { | Error *err = NULL; | |- visit_type_implicit_SpiceBasicInfo(v, &(*obj)->base, &err); |+ visit_type_SpiceBasicInfo_fields(v, (SpiceBasicInfo **)obj, &err); | if (err) { (the cast is necessary, since our upcast wrappers only deal with a single pointer, not pointer-to-pointer); plus the wholesale elimination of some now-unused visit_type_implicit_FOO() functions. Without boxing, the corner case of one empty struct having another empty struct as its base type now requires inserting a dummy member (previously, the 'Base *base' member sufficed). And now that we no longer consume a 'base' member in the generated C struct, we can delete the former negative struct-base-clash-base test. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1445898903-12082-11-git-send-email-eblake@redhat.com> [Commit message tweaked slightly] Signed-off-by: Markus Armbruster <armbru@redhat.com>
* tests/qapi-schema: Test for reserved names, empty structEric Blake2015-11-021-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add some testsuite coverage to ensure future patches are on the right track: Our current C representation of qapi arrays is done by appending 'List' to the element name; but we are not preventing the creation of an object type with the same name. Add reserved-type-list.json to test this. Then rename enum-union-clash.json to reserved-type-kind.json to cover the reservation that we DO detect, and shorten it to match the fact that the name is reserved even if there is no clash. We are failing to detect a collision between a dictionary member and the implicit 'has_*' flag for another optional member. The easiest fix would be for a future patch to reserve the entire "has[-_]" namespace for member names (the collision is also possible for branch names within flat unions, but only as long as branch names can collide with (non-variant) members; however, since future patches are about to remove that, it is not worth testing here). Add reserved-member-has.json to test this. A similar collision exists between a dictionary member where c_name() munges what might otherwise be a reserved name to start with 'q_', and another member explicitly starts with "q[-_]". Again, the easiest solution for a future patch will be reserving the entire namespace, but here for commands as well as members. Add reserved-member-q.json and reserved-command-q.json to test this; separate tests since arguably our munging of command 'unix' to 'qmp_q_unix()' could be done without a q_, which is different than the munging of a member 'unix' to 'foo.q_unix'. Finally, our testsuite does not have any compilation coverage of struct inheritance with empty qapi structs. Update qapi-schema-test.json to test this. Note that there is currently no technical reason to forbid type name patterns from member names, or member name patterns from types, since the two are not in the same namespace in C and won't collide; but it's not worth adding positive tests of these corner cases at this time, especially while there is other churn pending in patches that rearrange which collisions actually happen. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1445898903-12082-2-git-send-email-eblake@redhat.com> [Commit message tweaked slightly] Signed-off-by: Markus Armbruster <armbru@redhat.com>
* tests/vhost-user-bridge: add vhost-user bridge applicationVictor Kaplansky2015-10-291-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The test existing in QEMU for vhost-user feature is good for testing the management protocol, but does not allow actual traffic. This patch proposes Vhost-User Bridge application, which can serve the QEMU community as a comprehensive test by running real internet traffic by means of vhost-user interface. Essentially the Vhost-User Bridge is a very basic vhost-user backend for QEMU. It runs as a standalone user-level process. For packet processing Vhost-User Bridge uses an additional QEMU instance with a backend configured by "-net socket" as a shared VLAN. This way another QEMU virtual machine can effectively serve as a shared bus by means of UDP communication. For a more simple setup, the another QEMU instance running the SLiRP backend can be the same QEMU instance running vhost-user client. This Vhost-User Bridge implementation is very preliminary. It is missing many features. I has been studying vhost-user protocol internals, so I've written vhost-user-bridge bit by bit as I progressed through the protocol. Most probably its internal architecture will change significantly. To run Vhost-User Bridge application: 1. Build vhost-user-bridge with a regular procedure. This will create a vhost-user-bridge executable under tests directory: $ configure; make tests/vhost-user-bridge 2. Ensure the machine has hugepages enabled in kernel with command line like: default_hugepagesz=2M hugepagesz=2M hugepages=2048 3. Run Vhost-User Bridge with: $ tests/vhost-user-bridge The above will run vhost-user server listening for connections on UNIX domain socket /tmp/vubr.sock, and will try to connect by UDP to VLAN bridge to localhost:5555, while listening on localhost:4444 Run qemu with a virtio-net backed by vhost-user: $ qemu \ -enable-kvm -m 512 -smp 2 \ -object memory-backend-file,id=mem,size=512M,mem-path=/dev/hugepages,share=on \ -numa node,memdev=mem -mem-prealloc \ -chardev socket,id=char0,path=/tmp/vubr.sock \ -netdev type=vhost-user,id=mynet1,chardev=char0,vhostforce \ -device virtio-net-pci,netdev=mynet1 \ -net none \ -net socket,vlan=0,udp=localhost:4444,localaddr=localhost:5555 \ -net user,vlan=0 \ disk.img vhost-user-bridge was tested very lightly: it's able to bringup a linux on client VM with the virtio-net driver, and execute transmits and receives to the internet. I tested with "wget redhat.com", "dig redhat.com". PS. I've consulted DPDK's code for vhost-user during Vhost-User Bridge implementation. Signed-off-by: Victor Kaplansky <victork@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* tests: add ivshmem qtestMarc-André Lureau2015-10-261-1/+1
| | | | | | | | | | | | | | | | Adds 4 ivshmemtests: - single qemu instance and basic IO - pair of instances, check memory sharing - pair of instances with server, and MSIX - hot plug/unplug A temporary shm is created as well as a directory to place server socket, both should be clear on exit and abort. Cc: Cam Macdonell <cam@cs.ualberta.ca> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
* tests: Add ivshmem qtestAndreas Färber2015-10-241-0/+3
| | | | | | | | | | | Note that it launches two instances, as sharing memory is the purpose of ivshmem. Cc: Cam Macdonell <cam@cs.ualberta.ca> Cc: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de> [ Remove Nahanni codename, add test to pci set - Marc-André ] Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* configure: avoid polluting global CFLAGS with tasn1 flagsDaniel P. Berrange2015-10-221-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous commit commit 9a2fd4347c40321f5cbb4ab4220e759fcbf87d03 Author: Daniel P. Berrange <berrange@redhat.com> Date: Mon Apr 13 14:01:39 2015 +0100 crypto: add sanity checking of TLS x509 credentials defined new variables $TEST_LIBS and $TEST_CFLAGS and used them in tests/Makefile to augment $LIBS and $CFLAGS. Unfortunately this overlooks the fact that tests/Makefile is not executed via recursive-make, it is just pulled into the top level Makefile via an include statement. So rather than just augmenting the compiler/linker flags for tests it polluted the global flags. This is thought to be behind a reported failure when building the pixman module as a sub-module, since global $CFLAGS are passed down to configure in pixman. This change removes the $TEST_LIBS and $TEST_CFLAGS replacing them with $TASN1_LIBS and $TASN1_CFLAGS, setting only against specific objects/executables that need them. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>