1. 16 10月, 2017 1 次提交
    • D
      qemu: ensure TLS clients always verify the server certificate · 9e6bc47b
      Daniel P. Berrange 提交于
      The default_tls_x509_verify (and related) parameters in qemu.conf
      control whether the QEMU TLS servers request & verify certificates
      from clients. This works as a simple access control system for
      servers by requiring the CA to issue certs to permitted clients.
      This use of client certificates is disabled by default, since it
      requires extra work to issue client certificates.
      
      Unfortunately the code was using this configuration parameter when
      setting up both TLS clients and servers in QEMU. The result was that
      TLS clients for character devices and disk devices had verification
      turned off, meaning they would ignore errors while validating the
      server certificate.
      
      This allows for trivial MITM attacks between client and server,
      as any certificate returned by the attacker will be accepted by
      the client.
      
      This is assigned CVE-2017-1000256  / LSN-2017-0002
      Reviewed-by: NEric Blake <eblake@redhat.com>
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 441d3eb6)
      9e6bc47b
  2. 11 5月, 2017 2 次提交
  3. 28 3月, 2017 2 次提交
  4. 27 3月, 2017 1 次提交
  5. 17 3月, 2017 2 次提交
  6. 15 3月, 2017 5 次提交
    • M
      qemu: Introduce label-size for NVDIMMs · e433546b
      Michal Privoznik 提交于
      For NVDIMM devices it is optionally possible to specify the size
      of internal storage for namespaces. Namespaces are a feature that
      allows users to partition the NVDIMM for different uses.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      e433546b
    • M
      04dc668a
    • M
      conf: Introduce @access to <memory/> · 80af11d3
      Michal Privoznik 提交于
      Now that NVDIMM has found its way into libvirt, users might want
      to fine tune some settings for each module separately. One such
      setting is 'share=on|off' for the memory-backend-file object.
      This setting - just like its name suggest already - enables
      sharing the nvdimm module with other applications. Under the hood
      it controls whether qemu mmaps() the file as MAP_PRIVATE or
      MAP_SHARED.
      
      Yet again, we have such config knob in domain XML, but it's just
      an attribute to numa <cell/>. This does not give fine enough
      tuning on per-memdevice basis so we need to have the attribute
      for each device too.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      80af11d3
    • M
      qemu: Implement NVDIMM · 1bc17319
      Michal Privoznik 提交于
      So, majority of the code is just ready as-is. Well, with one
      slight change: differentiate between dimm and nvdimm in places
      like device alias generation, generating the command line and so
      on.
      
      Speaking of the command line, we also need to append 'nvdimm=on'
      to the '-machine' argument so that the nvdimm feature is
      advertised in the ACPI tables properly.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      1bc17319
    • M
      Introduce NVDIMM memory model · b4e8a49f
      Michal Privoznik 提交于
      NVDIMM is new type of memory introduced into QEMU 2.6. The idea
      is that we have a Non-Volatile memory module that keeps the data
      persistent across domain reboots.
      
      At the domain XML level, we already have some representation of
      'dimm' modules. Long story short, NVDIMM will utilize the
      existing <memory/> element that lives under <devices/> by adding
      a new attribute 'nvdimm' to the existing @model and introduce a
      new <path/> element for <source/> while reusing other fields. The
      resulting XML would appear as:
      
          <memory model='nvdimm'>
            <source>
              <path>/tmp/nvdimm</path>
            </source>
            <target>
              <size unit='KiB'>523264</size>
              <node>0</node>
            </target>
            <address type='dimm' slot='0'/>
          </memory>
      
      So far, this is just a XML parser/formatter extension. QEMU
      driver implementation is in the next commit.
      
      For more info on NVDIMM visit the following web page:
      
          http://pmem.io/Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      b4e8a49f
  7. 04 3月, 2017 1 次提交
    • L
      test: fix pcie-root-port-too-many test · 66c80600
      Laine Stump 提交于
      While reviewing a patch from Andrea that modified this test case, I
      realized that although it was "properly failing" (it's a negative
      test), that it was failing for the wrong reason (the MULTIFUNCTION cap
      wasn't set in the test case, so it was saying that multifunction=on
      wasn't supported by the QEMU binary; instead it should have been
      complaining that it had run out of PCI slots of the appropriate type
      and couldn't automatically add any more).
      
      This improper failure had started when I added the patch to
      automatically aggregate pcie-root-ports onto multiple functions of
      each pcie-root slot, but I hadn't noticed it because the test still
      failed.
      
      This patch corrects the test case to 1) set the MULTIFUNCTION flag in
      the caps, and 2) attempt to add 241 pcie-root-ports to a domain. Since
      there are 30 slots available on a pcie-root (slot 0 is reserved, and
      slot 31 is used by the integrated SATA controller), and a
      pcie-root-port can only be placed on a function of a slot on
      pcie-root, the maximum number of pcie-root-ports in any domain is 240.
      66c80600
  8. 03 3月, 2017 1 次提交
    • A
      tests: Fix aliases for pSeries buses · 3a37af1e
      Andrea Bolognani 提交于
      virQEMUCapsHasPCIMultiBus() performs a version check on
      the QEMU binary to figure out whether multiple buses are
      supported, so to get the correct aliases assigned when
      dealing with pSeries guests we need to spoof the version
      accordingly in the test suite.
      3a37af1e
  9. 24 2月, 2017 2 次提交
  10. 23 2月, 2017 1 次提交
    • A
      tests: Reduce usage of legacy PCI controllers on PCIe machines · d4393c42
      Andrea Bolognani 提交于
      Up until a while ago, libvirt would automatically add a legacy
      PCI controllers combo (dmi-to-pci-bridge + pci-bridge) to any
      PCIe machine type (x86_64/q35 and aarch64/virt).
      
      As a result, a number of input and output files in the test
      suite ended up containing the legacy PCI controllers, even
      though they are not needed or in any way relevant to the
      feature being tested.
      
      Get rid of most of the occurrences. Most of the time, this
      just means removing the controllers from the input file and
      regenerating the output files; in a few instances, some
      minor tweaking is performed on the input file, most notably
      removing the memory balloon: as memory balloon support was
      not the scope of the test being changed, there is no loss
      of test coverage from doing so.
      
      Several occurrences of the legacy PCI controllers remain in
      the test suite, both because removing their usage would have
      required even more tweaking, and because we still want to
      have coverage of this perfectly valid combination.
      d4393c42
  11. 17 2月, 2017 1 次提交
  12. 13 2月, 2017 2 次提交
  13. 09 2月, 2017 2 次提交
    • J
      qemu: Add args generation for file memory backing · 1c4f3b56
      Jaroslav Safka 提交于
      This patch add support for file memory backing on numa topology.
      
      The specified access mode in memoryBacking can be overriden
      by specifying token memAccess in numa cell.
      1c4f3b56
    • J
      conf: Add new xml elements for file memorybacking support · bc6d3121
      Jaroslav Safka 提交于
      This part introduces new xml elements for file based
      memorybacking support and their parsing.
      (It allows vhost-user to be used without hugepages.)
      
      New xml elements:
      <memoryBacking>
        <source type="file|anonymous"/>
        <access mode="shared|private"/>
        <allocation mode="immediate|ondemand"/>
      </memoryBacking>
      bc6d3121
  14. 08 2月, 2017 1 次提交
  15. 31 1月, 2017 1 次提交
  16. 26 1月, 2017 1 次提交
  17. 11 1月, 2017 2 次提交
    • L
      conf: aggregate multiple pcie-root-ports onto a single slot · 147ebe6d
      Laine Stump 提交于
      Set the VIR_PCI_CONNECT_AGGREGATE_SLOT flag for pcie-root-ports so
      that they will be assigned to all the functions on a slot.
      
      Some qemu test case outputs had to be adjusted due to the
      pcie-root-ports now being put on multiple functions.
      147ebe6d
    • L
      qemu: use virDomainPCIAddressSetAllMulti() to set multi when needed · 8f400871
      Laine Stump 提交于
      If there are multiple devices assigned to the different functions of a
      single PCI slot, they will not work properly if the device at function
      0 doesn't have its "multi" attribute turned on, so it makes sense for
      libvirt to turn it on during PCI address assignment. Setting multi
      then assures that the new setting is stored in the config (so it will
      be used next time the domain is started), preventing any potential
      problems in the case that a future change in the configuration
      eliminates the devices on all non-0 functions (multi will still be set
      for function 0 even though it is the only function in use on the slot,
      which has no useful purpose, but also doesn't cause any problems).
      
      (NB: If we were to instead just decide on the setting for
      multifunction at runtime, a later removal of the non-0 functions of a
      slot would result in a silent change in the guest ABI for the
      remaining device on function 0 (although it may seem like an
      inconsequential guest ABI change, it *is* a guest ABI change to turn
      off the multi bit).)
      8f400871
  18. 10 1月, 2017 1 次提交
    • A
      qemu: Use virtio-pci by default for mach-virt guests · 1d845463
      Andrea Bolognani 提交于
      virtio-pci is the way forward for aarch64 guests: it's faster
      and less alien to people coming from other architectures.
      Now that guest support is finally getting there (Fedora 24,
      CentOS 7.3, Ubuntu 16.04 and Debian testing all support
      virtio-pci out of the box), we'd like to start using it by
      default instead of virtio-mmio.
      
      Users and applications can already opt-in by explicitly using
      
        <address type='pci'/>
      
      inside the relevant elements, but that's kind of cumbersome and
      requires all users and management applications to adapt, which
      we'd really like to avoid.
      
      What we can do instead is use virtio-mmio only if the guest
      already has at least one virtio-mmio device, and use virtio-pci
      in all other situations.
      
      That means existing virtio-mmio guests will keep using the old
      addressing scheme, and new guests will automatically be created
      using virtio-pci instead. Users can still override the default
      in either direction.
      
      Existing tests such as aarch64-aavmf-virtio-mmio and
      aarch64-virtio-pci-default already cover all possible
      scenarios, so no additions to the test suites are necessary.
      1d845463
  19. 07 1月, 2017 3 次提交
  20. 06 1月, 2017 2 次提交
  21. 20 12月, 2016 1 次提交
  22. 08 12月, 2016 1 次提交
    • M
      qemu: Create hugepage path on per domain basis · f55afd83
      Michal Privoznik 提交于
      If you've ever tried running a huge page backed guest under
      different user than in qemu.conf, you probably failed. Problem is
      even though we have corresponding APIs in the security drivers,
      there's no implementation and thus we don't relabel the huge page
      path. But even if we did, so far all of the domains share the
      same path:
      
         /hugepageMount/libvirt/qemu
      
      Our only option there would be to set 0777 mode on the qemu dir
      which is totally unsafe. Therefore, we can create dir on
      per-domain basis, i.e.:
      
         /hugepageMount/libvirt/qemu/domainName
      
      and chown domainName dir to the user that domain is configured to
      run under.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      f55afd83
  23. 06 12月, 2016 2 次提交
  24. 05 12月, 2016 2 次提交