- 12 6月, 2018 19 次提交
-
-
由 Brijesh Singh 提交于
The API can be used outside the libvirt to get the launch security information. When SEV is enabled, the API can be used to get the measurement of the launch process. Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Brijesh Singh 提交于
QEMU >= 2.12 provides 'sev-guest' object which is used to launch encrypted VMs on AMD platform using SEV feature. The various inputs required to launch SEV guest is provided through the <launch-security> tag. A typical SEV guest launch command line looks like this: -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 ...\ -machine memory-encryption=sev0 \ Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Brijesh Singh 提交于
QEMU uses /dev/sev device while creating the SEV guest, lets add /dev/sev in the list of devices allowed to be accessed by the QEMU. Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Brijesh Singh 提交于
The launch-security element can be used to define the security model to use when launching a domain. Currently we support 'sev'. When 'sev' is used, the VM will be launched with AMD SEV feature enabled. SEV feature supports running encrypted VM under the control of KVM. Encrypted VMs have their pages (code and data) secured such that only the guest itself has access to the unencrypted version. Each encrypted VM is associated with a unique encryption key; if its data is accessed to a different entity using a different key the encrypted guests data will be incorrectly decrypted, leading to unintelligible data. Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Brijesh Singh 提交于
Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Brijesh Singh 提交于
Add remote support for virNodeGetSEVInfo(). Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Brijesh Singh 提交于
The API can be used by application to retrieve the Platform Diffie-Hellman Key and Platform Certificate chain. Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Brijesh Singh 提交于
Extend hypervisor capabilities to include sev feature. When available, hypervisor supports launching an encrypted VM on AMD platform. The sev feature tag provides additional details like Platform Diffie-Hellman (PDH) key and certificate chain which can be used by the guest owner to establish a cryptographic session with the SEV firmware to negotiate keys used for attestation or to provide secret during launch. Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Brijesh Singh 提交于
QEMU version >= 2.12 provides support for launching an encrypted VMs on AMD x86 platform using Secure Encrypted Virtualization (SEV) feature. This patch adds support to query the SEV capability from the qemu. Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Anya Harter 提交于
And replace all calls with virObjectEventStateQueue such that: remoteEventQueue(priv, event, callbackID); becomes: virObjectEventStateQueue(priv->eventState, event, callbackID); Signed-off-by: NAnya Harter <aharter@redhat.com>
-
由 Anya Harter 提交于
Remove NULL check around call to virObjectEventStateQueueRemote in remote_driver.c. Signed-off-by: NAnya Harter <aharter@redhat.com>
-
由 Anya Harter 提交于
And remove NULL checking from all callers. Signed-off-by: NAnya Harter <aharter@redhat.com>
-
由 John Ferlan 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1583623 When attaching a virtio-scsi with IOThreads for the config of a live domain, allow the <address> to not be defined thus allowing post parse processing to fill in the address. This allows parsing of an individual device to succeed for attach config. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 John Ferlan 提交于
Make the error a bit clearer that virtio-scsi IOThreads require virtio pci or ccw controller address types. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 John Ferlan 提交于
Fix the error message to indicate what exactly is failing - that the controller index provided matches an existing controller. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 John Ferlan 提交于
Commit id 1bd5a08d added a call to virXMLFormatElement without also checking the return status. Found by Coverity. Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NKaterina Koukiou <kkoukiou@redhat.com>
-
由 John Ferlan 提交于
Commit id '7ef0471b' added a new parameter to qemuMonitorOpen, but didn't update the ATTTRIBUTE_NONNULL for the @CB (param 5). Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NKaterina Koukiou <kkoukiou@redhat.com>
-
由 John Ferlan 提交于
The @disk was allocated, filled in, and consumed on the normal path, but for error/cleanup paths it would be leaked. Rename to newHardDisk and manage properly. Found by Coverity Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NKaterina Koukiou <kkoukiou@redhat.com>
-
由 John Ferlan 提交于
Need to free the allocated hardDiskToOpen array. The contents of the array are just pointers returned by virVBoxSnapshotConfHardDiskByLocation and not allocated AFAICT so they don't need to also be freed as well. Found by Coverity Signed-off-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NKaterina Koukiou <kkoukiou@redhat.com>
-
- 11 6月, 2018 5 次提交
-
-
由 Chen Hanxiao 提交于
s/glibc's_asprintf/glibc's asprintf Signed-off-by: NChen Hanxiao <chenhanxiao@gmail.com> Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Fabiano Fidêncio 提交于
xenParsePCI() does a lot of stuff and, in order to make things cleaner, let's split it in two new functions: - xenParsePCI(): it's a new function that keeps the old name. It's responsible for the whole per-PCI logic from the old xenParsePCI(); - xenParsePCIList(): it's basically the old xenParsePCI(), but now it just iterates over the list of PCIs, calling xenParsePCI() per each PCI. This patch is basically preparing the ground for the future when typesafe virConf acessors will be used. Signed-off-by: NFabiano Fidêncio <fabiano@fidencio.org> Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Fabiano Fidêncio 提交于
Signed-off-by: NFabiano Fidêncio <fabiano@fidencio.org> Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Fabiano Fidêncio 提交于
Signed-off-by: NFabiano Fidêncio <fabiano@fidencio.org> Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Fabiano Fidêncio 提交于
xenParseXMDisk() does a lot of stuff and, in order to make things cleaner, let's split it in two new functions: - xenParseXMDisk(): it's a new function that keeps the old name. It's responsible for the whole per-disk logic from the old xenParseXMDisk(); - xenParseXMDiskList(): it's basically the old xenParseXMDisk(), but now it just iterates over the list of disks, calling xenParseXMDisk() per each disk. This patch is basically preparing the ground for the future when typesafe virConf acessors will be used. Signed-off-by: NFabiano Fidêncio <fabiano@fidencio.org> Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 08 6月, 2018 16 次提交
-
-
由 Marc Hartmayer 提交于
On start up of libvirtd the worker pool of the QEMU driver must be initialized before trying to reconnect to all the running QEMU instances. Otherwise segmentation faults can occur if there are QEMU monitor events emitted. #0 __GI___pthread_mutex_lock #1 0x000003fffdba9e62 in virMutexLock #2 0x000003fffdbab2dc in virThreadPoolSendJob #3 0x000003ffd8343b70 in qemuProcessHandleSerialChanged #4 0x000003ffd836a776 in qemuMonitorEmitSerialChange #5 0x000003ffd8378e52 in qemuMonitorJSONHandleSerialChange #6 0x000003ffd8378930 in qemuMonitorJSONIOProcessEvent #7 0x000003ffd837edee in qemuMonitorJSONIOProcessLine #8 0x000003ffd837ef86 in qemuMonitorJSONIOProcess #9 0x000003ffd836757a in qemuMonitorIOProcess #10 0x000003ffd836863e in qemuMonitorIO #11 0x000003fffdb4033a in virEventPollDispatchHandles #12 0x000003fffdb4055e in virEventPollRunOnce #13 0x000003fffdb3e782 in virEventRunDefaultImpl #14 0x000003fffdc89400 in virNetDaemonRun #15 0x000000010002a816 in main Signed-off-by: NMarc Hartmayer <mhartmay@linux.ibm.com> Reviewed-by: NBjoern Walk <bwalk@linux.ibm.com> Reviewed-by: NBoris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Martin Kletzander 提交于
It was used just temporarily to do a calculation, no need to keep that around. Also use virBitmap in the code instead of reimplementing two of its existing functions. And move the counting part next to where the value is read. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Martin Kletzander 提交于
It will be used in that file later on, plus it makes sense for all the implementations to be in same place. Also comment each one of them nicely and add a comment explaining why they all need to end with the same _LAST value. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Martin Kletzander 提交于
There is no need to have virResctrlGetInfo() when it must be called after virResctrlInfoNew() anyway, otherwise it's just an unusable object. When we wrap the logic inside the New() function we'll save some calls later as well. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Martin Kletzander 提交于
Move description of the purpose of the file before any definition. One empty line between related enum definitions. All typedefs before all structs. This is exception from the usual, but not the only one, we already have something similar for some other structs. This way we can move contents between structs and reorder some parts nicely without moving all definitions of one type before another one just so it's defined. Define all classes in one place. Have one initialization function for all classes in the file. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Martin Kletzander 提交于
That way we get rid of the last preprocessor conditional so the code compiles on all platforms. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Martin Kletzander 提交于
We already have virFileLock(), but we are now using flock() in the code as well (due to requirements for mutual exclusion between libvirt and other programs using flock() as well), so let's have a function for that as well so we don't need to have stubs for unsupported platforms in other files. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Martin Kletzander 提交于
Just to stay consistent. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Martin Kletzander 提交于
The default is stable per machine type so there should be no need to keep that. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1469338Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Martin Kletzander 提交于
For getting the reply I queried the newest and oldest QEMU using test/qemucapsprobe. From the differences I only extracted the reply to the new QMP command and discarded the rest. For all the versions below the one which added support for the new option I used the output from the oldest QEMU release and for those that support it I used the output from the newest one. In order to make doubly sure the reply is where it is supposed to be (the replies files are very forgiving) I added the property to all the replies files, reran the tests again and fixed the order in replies files so that all the versions are reporting the new capability. Then removed that one property. After that I used test/qemucapsfixreplies to fix the reply IDs. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Martin Kletzander 提交于
TSEG (Top of Memory Segment) is one of many regions that SMM (System Management Mode) can occupy. This one, however is special, because a) most of the SMM code lives in TSEG nowadays and b) QEMU just (well, some time ago) added support for so called 'extended' TSEG. The difference to the TSEG implemented in real q35's MCH (Memory Controller Hub) is that it can offer one extra size to the guest OS apart from the standard TSEG's 1, 2, and 8 MiB and that size can be selected in 1 MiB increments. Maximum may vary based on QEMU and is way too big, so we don't need to check for the maximum here. Similarly to the memory size we'll leave it to the hypervisor to try satisfying that and giving us an error message in case it is not possible. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Acked-by: NLaszlo Ersek <lersek@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Martin Kletzander 提交于
One of the things that this is improving is the fact that instead of error message (that was wrong) you get when starting a domain with SMM and i440fx we allow the setting to go through. SMM option exists and makes sense on i440fx as well (basically whenever that _SMM_OPT capability is set). Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Martin Kletzander 提交于
We are still hoping all of such checks will be moved there and this is one small step in that direction. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
To avoid problems with test cases specifying an alias machine type which would change once capabilities for a newer version are added strip all alias machine types for the DO_TEST_CAPS_LATEST based tests. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-