- 16 10月, 2017 1 次提交
-
-
由 Daniel P. Berrange 提交于
The default_tls_x509_verify (and related) parameters in qemu.conf control whether the QEMU TLS servers request & verify certificates from clients. This works as a simple access control system for servers by requiring the CA to issue certs to permitted clients. This use of client certificates is disabled by default, since it requires extra work to issue client certificates. Unfortunately the code was using this configuration parameter when setting up both TLS clients and servers in QEMU. The result was that TLS clients for character devices and disk devices had verification turned off, meaning they would ignore errors while validating the server certificate. This allows for trivial MITM attacks between client and server, as any certificate returned by the attacker will be accepted by the client. This is assigned CVE-2017-1000256 / LSN-2017-0002 Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 441d3eb6)
-
- 11 5月, 2017 2 次提交
-
-
由 Ján Tomko 提交于
Properly error out when the user requests a port from a bus that does not have a controller present in the domain XML. https://bugzilla.redhat.com/show_bug.cgi?id=1441589 (cherry picked from commit b003b978)
-
由 Erik Skultety 提交于
Like all devices, add the 'id' option for mdevs as well. Patch also adjusts the test accordingly. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1438431Signed-off-by: NErik Skultety <eskultet@redhat.com> (cherry picked from commit c3272e5e)
-
- 28 3月, 2017 2 次提交
-
-
由 Andrea Bolognani 提交于
This reverts commit c2e60ad0. Turns out this check is excessively strict: there are ways other than <memtune><hard_limit> to raise the memory locking limit for QEMU processes, one prominent example being tweaking /etc/security/limits.conf. Partially-resolves: https://bugzilla.redhat.com/1431793
-
由 Jiri Denemark 提交于
QEMU allows for TSC frequency to be explicitly set to enable migration with invtsc (migration fails if the destination QEMU cannot set the exact same frequency used when starting the domain on the source host). Libvirt already supports setting the TSC frequency in the XML using <clock> <timer name='tsc' frequency='1234567890'/> </clock> which will be transformed into -cpu Model,tsc-frequency=1234567890 QEMU command line. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
- 27 3月, 2017 1 次提交
-
-
由 Erik Skultety 提交于
For now, these only cover the unmanaged, i.e. user pre-created devices. Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
- 17 3月, 2017 2 次提交
-
-
由 Jiri Denemark 提交于
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Andrea Bolognani 提交于
We want pcie-root-ports to be used when available in QEMU, but at the same time we need to ensure that hosts running older QEMU releases keep working and that the user can override the default at any time. Add a comment for the original pcie-root-port test cases to make it clear how these new test cases are different.
-
- 15 3月, 2017 5 次提交
-
-
由 Michal Privoznik 提交于
For NVDIMM devices it is optionally possible to specify the size of internal storage for namespaces. Namespaces are a feature that allows users to partition the NVDIMM for different uses. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
Now that NVDIMM has found its way into libvirt, users might want to fine tune some settings for each module separately. One such setting is 'share=on|off' for the memory-backend-file object. This setting - just like its name suggest already - enables sharing the nvdimm module with other applications. Under the hood it controls whether qemu mmaps() the file as MAP_PRIVATE or MAP_SHARED. Yet again, we have such config knob in domain XML, but it's just an attribute to numa <cell/>. This does not give fine enough tuning on per-memdevice basis so we need to have the attribute for each device too. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
So, majority of the code is just ready as-is. Well, with one slight change: differentiate between dimm and nvdimm in places like device alias generation, generating the command line and so on. Speaking of the command line, we also need to append 'nvdimm=on' to the '-machine' argument so that the nvdimm feature is advertised in the ACPI tables properly. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
NVDIMM is new type of memory introduced into QEMU 2.6. The idea is that we have a Non-Volatile memory module that keeps the data persistent across domain reboots. At the domain XML level, we already have some representation of 'dimm' modules. Long story short, NVDIMM will utilize the existing <memory/> element that lives under <devices/> by adding a new attribute 'nvdimm' to the existing @model and introduce a new <path/> element for <source/> while reusing other fields. The resulting XML would appear as: <memory model='nvdimm'> <source> <path>/tmp/nvdimm</path> </source> <target> <size unit='KiB'>523264</size> <node>0</node> </target> <address type='dimm' slot='0'/> </memory> So far, this is just a XML parser/formatter extension. QEMU driver implementation is in the next commit. For more info on NVDIMM visit the following web page: http://pmem.io/Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 04 3月, 2017 1 次提交
-
-
由 Laine Stump 提交于
While reviewing a patch from Andrea that modified this test case, I realized that although it was "properly failing" (it's a negative test), that it was failing for the wrong reason (the MULTIFUNCTION cap wasn't set in the test case, so it was saying that multifunction=on wasn't supported by the QEMU binary; instead it should have been complaining that it had run out of PCI slots of the appropriate type and couldn't automatically add any more). This improper failure had started when I added the patch to automatically aggregate pcie-root-ports onto multiple functions of each pcie-root slot, but I hadn't noticed it because the test still failed. This patch corrects the test case to 1) set the MULTIFUNCTION flag in the caps, and 2) attempt to add 241 pcie-root-ports to a domain. Since there are 30 slots available on a pcie-root (slot 0 is reserved, and slot 31 is used by the integrated SATA controller), and a pcie-root-port can only be placed on a function of a slot on pcie-root, the maximum number of pcie-root-ports in any domain is 240.
-
- 03 3月, 2017 1 次提交
-
-
由 Andrea Bolognani 提交于
virQEMUCapsHasPCIMultiBus() performs a version check on the QEMU binary to figure out whether multiple buses are supported, so to get the correct aliases assigned when dealing with pSeries guests we need to spoof the version accordingly in the test suite.
-
- 24 2月, 2017 2 次提交
-
-
由 Pavel Hrdina 提交于
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1352529Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Andrea Bolognani 提交于
In some cases, only one of the two transformations was checked; in other cases, the capabilities set differed.
-
- 23 2月, 2017 1 次提交
-
-
由 Andrea Bolognani 提交于
Up until a while ago, libvirt would automatically add a legacy PCI controllers combo (dmi-to-pci-bridge + pci-bridge) to any PCIe machine type (x86_64/q35 and aarch64/virt). As a result, a number of input and output files in the test suite ended up containing the legacy PCI controllers, even though they are not needed or in any way relevant to the feature being tested. Get rid of most of the occurrences. Most of the time, this just means removing the controllers from the input file and regenerating the output files; in a few instances, some minor tweaking is performed on the input file, most notably removing the memory balloon: as memory balloon support was not the scope of the test being changed, there is no loss of test coverage from doing so. Several occurrences of the legacy PCI controllers remain in the test suite, both because removing their usage would have required even more tweaking, and because we still want to have coverage of this perfectly valid combination.
-
- 17 2月, 2017 1 次提交
-
-
由 Marc-André Lureau 提交于
Add a new attribute 'rendernode' to <gl> spice element. Give it to QEMU if qemu supports it (queued for 2.9). Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 13 2月, 2017 2 次提交
-
-
由 Ján Tomko 提交于
This controller only allows up to 15 ports. https://bugzilla.redhat.com/show_bug.cgi?id=1375417
-
由 Ján Tomko 提交于
Due to a logic error, the autofilling of USB port when a bus is specified: <address type='usb' bus='0'/> does not work for non-hub devices on domain startup. Fix the logic in qemuDomainAssignUSBPortsIterator to also assign ports for USB addresses that do not yet have one. https://bugzilla.redhat.com/show_bug.cgi?id=1374128
-
- 09 2月, 2017 2 次提交
-
-
由 Jaroslav Safka 提交于
This patch add support for file memory backing on numa topology. The specified access mode in memoryBacking can be overriden by specifying token memAccess in numa cell.
-
由 Jaroslav Safka 提交于
This part introduces new xml elements for file based memorybacking support and their parsing. (It allows vhost-user to be used without hugepages.) New xml elements: <memoryBacking> <source type="file|anonymous"/> <access mode="shared|private"/> <allocation mode="immediate|ondemand"/> </memoryBacking>
-
- 08 2月, 2017 1 次提交
-
-
由 Andrea Bolognani 提交于
In order for memory locking to work, the hard limit on memory locking (and usage) has to be set appropriately by the user. The documentation mentions the requirement already: with this patch, it's going to be enforced by runtime checks as well, by forbidding a non-compliant guest from being defined as well as edited and started. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1316774
-
- 31 1月, 2017 1 次提交
-
-
由 Ján Tomko 提交于
Commit 815d98ac started auto-adding one hub if there are more USB devices than available USB ports. This was a strange choice, since there might be even more devices. Before USB address allocation was implemented in libvirt, QEMU automatically added a new USB hub if the old one was full. Adjust the logic to try adding as many hubs as will be needed to plug in all the specified devices. https://bugzilla.redhat.com/show_bug.cgi?id=1410188
-
- 26 1月, 2017 1 次提交
-
-
由 Michal Privoznik 提交于
So far we allow to set MTU for libvirt networks. However, not all domain interfaces have to be plugged into a libvirt network and even if they are, they might want to have a different MTU (e.g. for testing purposes). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 11 1月, 2017 2 次提交
-
-
由 Laine Stump 提交于
Set the VIR_PCI_CONNECT_AGGREGATE_SLOT flag for pcie-root-ports so that they will be assigned to all the functions on a slot. Some qemu test case outputs had to be adjusted due to the pcie-root-ports now being put on multiple functions.
-
由 Laine Stump 提交于
If there are multiple devices assigned to the different functions of a single PCI slot, they will not work properly if the device at function 0 doesn't have its "multi" attribute turned on, so it makes sense for libvirt to turn it on during PCI address assignment. Setting multi then assures that the new setting is stored in the config (so it will be used next time the domain is started), preventing any potential problems in the case that a future change in the configuration eliminates the devices on all non-0 functions (multi will still be set for function 0 even though it is the only function in use on the slot, which has no useful purpose, but also doesn't cause any problems). (NB: If we were to instead just decide on the setting for multifunction at runtime, a later removal of the non-0 functions of a slot would result in a silent change in the guest ABI for the remaining device on function 0 (although it may seem like an inconsequential guest ABI change, it *is* a guest ABI change to turn off the multi bit).)
-
- 10 1月, 2017 1 次提交
-
-
由 Andrea Bolognani 提交于
virtio-pci is the way forward for aarch64 guests: it's faster and less alien to people coming from other architectures. Now that guest support is finally getting there (Fedora 24, CentOS 7.3, Ubuntu 16.04 and Debian testing all support virtio-pci out of the box), we'd like to start using it by default instead of virtio-mmio. Users and applications can already opt-in by explicitly using <address type='pci'/> inside the relevant elements, but that's kind of cumbersome and requires all users and management applications to adapt, which we'd really like to avoid. What we can do instead is use virtio-mmio only if the guest already has at least one virtio-mmio device, and use virtio-pci in all other situations. That means existing virtio-mmio guests will keep using the old addressing scheme, and new guests will automatically be created using virtio-pci instead. Users can still override the default in either direction. Existing tests such as aarch64-aavmf-virtio-mmio and aarch64-virtio-pci-default already cover all possible scenarios, so no additions to the test suites are necessary.
-
- 07 1月, 2017 3 次提交
-
-
由 Maxim Nestratov 提交于
Add a test case for when the QEMU_CAPS_NO_KVM_PIT capability is set. This capability is mutually exclusive to QEMU_CAPS_KVM_PIT_TICK_POLICY and results in the same output regardless of whether "discard" or "delay" was specified in the guest XML for 'tickpolicy'. Signed-off-by: NMaxim Nestratov <mnestratov@virtuozzo.com>
-
由 Maxim Nestratov 提交于
Separate out the "policy=discard" into it's own specific qemu command line. We'll rename "kvm-pit-device" test case to be "kvm-pit-discard" since it has the syntax we'd be using. Signed-off-by: NMaxim Nestratov <mnestratov@virtuozzo.com>
-
由 Maxim Nestratov 提交于
By a mistake, for the VIR_DOMAIN_TIMER_TICKPOLICY_DELAY qemu command line creation, 'discard' was used instead of 'delay' in commit id '1569fa14'. Test "kvm-pit-delay" is fixed accordingly to show the correct option being generated. Remove the (now) redundant kvm-pit-device tests. As it turns out there is no need to specify both QEMU_CAPS_NO_KVM_PIT and QEMU_CAPS_KVM_PIT_TICK_POLICY since they are mutually exclusive and "kvm-pit-device" becomes just the same as "kvm-pit-delay". Signed-off-by: NMaxim Nestratov <mnestratov@virtuozzo.com>
-
- 06 1月, 2017 2 次提交
-
-
由 Collin L. Walling 提交于
Qemu has abandoned the +/-feature syntax in favor of key=value. Some architectures (s390) do not support +/-feature. So we update libvirt to handle both formats. If we detect a sufficiently new Qemu (indicated by support for qmp query-cpu-model-expansion) we use key=value else we fall back to +/-feature. Signed-off-by: NCollin L. Walling <walling@linux.vnet.ibm.com> Signed-off-by: NJason J. Herne <jjherne@linux.vnet.ibm.com>
-
由 Jason J. Herne 提交于
Test cases for qemu s390x cpu model argument generation. Signed-off-by: NJason J. Herne <jjherne@linux.vnet.ibm.com>
-
- 20 12月, 2016 1 次提交
-
-
由 Marc Hartmayer 提交于
Add tests for controller based disks to check disk address compatibility with disk bus types. Signed-off-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: NBjoern Walk <bwalk@linux.vnet.ibm.com>
-
- 08 12月, 2016 1 次提交
-
-
由 Michal Privoznik 提交于
If you've ever tried running a huge page backed guest under different user than in qemu.conf, you probably failed. Problem is even though we have corresponding APIs in the security drivers, there's no implementation and thus we don't relabel the huge page path. But even if we did, so far all of the domains share the same path: /hugepageMount/libvirt/qemu Our only option there would be to set 0777 mode on the qemu dir which is totally unsafe. Therefore, we can create dir on per-domain basis, i.e.: /hugepageMount/libvirt/qemu/domainName and chown domainName dir to the user that domain is configured to run under. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 06 12月, 2016 2 次提交
-
-
由 John Ferlan 提交于
Add in the block I/O throttling group parameter to the command line if supported. If not supported, fail command creation. Add the xml2argvtest for testing. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Modify _virDomainBlockIoTuneInfo and rng schema to support the group_name option for iotune throttling. Document the new value. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 05 12月, 2016 2 次提交
-
-
由 Marc Hartmayer 提交于
Add test cases for address conflicts between disks and hostdevs that are using drive addresses. Signed-off-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com> Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com>
-
由 Marc Hartmayer 提交于
Don't use duplicate disk addresses in test cases unless it's useful. At least the test case will break once we have a check for uniqueness of addresses at time of domain definition. Signed-off-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com>
-