- 06 4月, 2009 4 次提交
-
-
由 aliguori 提交于
This patch adds a new qemu-io tool that links against the block layer and image formats and allow to exercise them without needing a guest image. It is inspired by the xfs_io tool which does the same for plain file I/O. In fact the libxcmd library which is the backend of xfs_io is reused by this tool in a limited fashing (cmd.[ch] files). This version tests out most of the plain block I/O commands with the most notable absent commands beeing snapshot handling and real aio. This tool is the basis of the I/O path test suite I'm working on right now. Signed-off-by: NChristoph Hellwig <hch@lst.de> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6990 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 aliguori 提交于
Currently qemu unconditionally strips binaries on install. This is a problem for packagers who may want to store/ship debug symbols of compiled packages for debugging purposes. Keep stripping as default for the oldtimers and add a --disable-strip flag to override. Signed-off-by: NRiku Voipio <riku.voipio@iki.fi> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6983 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 aliguori 提交于
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6980 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 aliguori 提交于
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6979 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 28 3月, 2009 2 次提交
-
-
由 blueswir1 提交于
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6886 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 blueswir1 提交于
Try to keep documentation about command line switches, -help text and qemu_options table synchronized. In true Qemu tradition, an include file is generated from single .hx file containing all relevant information in one place. The include file is parsed once for getting the enums, another time for getopt tables and hird time for help messages. Texi documentation for the options is generated from the same .hx file. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6884 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 09 3月, 2009 1 次提交
-
-
由 blueswir1 提交于
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6785 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 07 3月, 2009 4 次提交
-
-
由 aliguori 提交于
This patch introduces a generic internal API for access control lists to be used by network servers in QEMU. It adds support for checking these ACL in the VNC server, in two places. The first ACL is for the SASL authentication mechanism, checking the SASL username. This ACL is called 'vnc.username'. The second is for the TLS authentication mechanism, when x509 client certificates are turned on, checking against the Distinguished Name of the client. This ACL is called 'vnc.x509dname' The internal API provides for an ACL with the following characteristics - A unique name, eg vnc.username, and vnc.x509dname. - A default policy, allow or deny - An ordered series of match rules, with allow or deny policy If none of the match rules apply, then the default policy is used. There is a monitor API to manipulate the ACLs, which I'll describe via examples (qemu) acl show vnc.username policy: allow (qemu) acl policy vnc.username denya acl: policy set to 'deny' (qemu) acl allow vnc.username fred acl: added rule at position 1 (qemu) acl allow vnc.username bob acl: added rule at position 2 (qemu) acl allow vnc.username joe 1 acl: added rule at position 1 (qemu) acl show vnc.username policy: deny 0: allow fred 1: allow joe 2: allow bob (qemu) acl show vnc.x509dname policy: allow (qemu) acl policy vnc.x509dname deny acl: policy set to 'deny' (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=* acl: added rule at position 1 (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob acl: added rule at position 2 (qemu) acl show vnc.x509dname policy: deny 0: allow C=GB,O=ACME,L=London,CN=* 1: allow C=GB,O=ACME,L=Boston,CN=bob By default the VNC server will not use any ACLs, allowing access to the server if the user successfully authenticates. To enable use of ACLs to restrict user access, the ',acl' flag should be given when starting QEMU. The initial ACL activated will be a 'deny all' policy and should be customized using monitor commands. eg enable SASL auth and ACLs qemu .... -vnc localhost:1,sasl,acl The next patch will provide a way to load a pre-defined ACL when starting up Makefile | 6 + b/acl.c | 185 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ b/acl.h | 74 ++++++++++++++++++++++ configure | 18 +++++ monitor.c | 95 ++++++++++++++++++++++++++++ qemu-doc.texi | 49 ++++++++++++++ vnc-auth-sasl.c | 16 +++- vnc-auth-sasl.h | 7 ++ vnc-tls.c | 19 +++++ vnc-tls.h | 3 vnc.c | 21 ++++++ vnc.h | 3 12 files changed, 491 insertions(+), 5 deletions(-) Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6726 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 aliguori 提交于
This patch adds the new SASL authentication protocol to the VNC server. It is enabled by setting the 'sasl' flag when launching VNC. SASL can optionally provide encryption via its SSF layer, if a suitable mechanism is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is not available, then it should be combined with the x509 VNC authentication protocol which provides encryption. eg, if using GSSAPI qemu -vnc localhost:1,sasl eg if using TLS/x509 for encryption qemu -vnc localhost:1,sasl,tls,x509 By default the Cyrus SASL library will look for its configuration in the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden by setting the SASL_CONF_PATH environment variable, eg to make it look in $HOME/.sasl2. NB unprivileged users may not have access to the full range of SASL mechanisms, since some of them require some administrative privileges to configure. The patch includes an example SASL configuration file which illustrates config for GSSAPI and Digest-MD5, though it should be noted that the latter is not really considered secure any more. Most of the SASL authentication code is located in a separate source file, vnc-auth-sasl.c. The main vnc.c file only contains minimal integration glue, specifically parsing of command line flags / setup, and calls to start the SASL auth process, to do encoding/decoding for data. There are several possible stacks for reading & writing of data, depending on the combo of VNC authentication methods in use - Clear. read/write straight to socket - TLS. read/write via GNUTLS helpers - SASL. encode/decode via SASL SSF layer, then read/write to socket - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS Hence, the vnc_client_read & vnc_client_write methods have been refactored a little. vnc_client_read: main entry point for reading, calls either - vnc_client_read_plain reading, with no intermediate decoding - vnc_client_read_sasl reading, with SASL SSF decoding These two methods, then call vnc_client_read_buf(). This decides whether to write to the socket directly or write via GNUTLS. The situation is the same for writing data. More extensive comments have been added in the code / patch. The vnc_client_read_sasl and vnc_client_write_sasl method implementations live in the separate vnc-auth-sasl.c file. The state required for the SASL auth mechanism is kept in a separate VncStateSASL struct, defined in vnc-auth-sasl.h and included in the main VncState. The configure script probes for SASL and automatically enables it if found, unless --disable-vnc-sasl was given to override it. Makefile | 7 Makefile.target | 5 b/qemu.sasl | 34 ++ b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++ b/vnc-auth-sasl.h | 67 +++++ configure | 34 ++ qemu-doc.texi | 97 ++++++++ vnc-auth-vencrypt.c | 12 vnc.c | 249 ++++++++++++++++++-- vnc.h | 31 ++ 10 files changed, 1129 insertions(+), 33 deletions(-) Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 aliguori 提交于
This patch refactors the existing TLS code to make the main VNC code more managable. The code moves to two new files - vnc-tls.c: generic helpers for TLS handshake & credential setup - vnc-auth-vencrypt.c: the actual VNC TLS authentication mechanism. The reason for this split is that there are other TLS based auth mechanisms which we may like to use in the future. These can all share the same vnc-tls.c routines. In addition this will facilitate anyone who may want to port the vnc-tls.c file to allow for choice of GNUTLS & NSS for impl. The TLS state is moved out of the VncState struct, and into a separate VncStateTLS struct, defined in vnc-tls.h. This is then referenced from the main VncState. End size of the struct is the same, but it keeps things a little more managable. The vnc.h file gains a bunch more function prototypes, for functions in vnc.c that were previously static, but now need to be accessed from the separate auth code files. The only TLS related code still in the main vl.c is the command line argument handling / setup, and the low level I/O routines calling gnutls_send/recv. Makefile | 11 b/vnc-auth-vencrypt.c | 167 ++++++++++++++ b/vnc-auth-vencrypt.h | 33 ++ b/vnc-tls.c | 414 +++++++++++++++++++++++++++++++++++ b/vnc-tls.h | 70 ++++++ vnc.c | 581 +++----------------------------------------------- vnc.h | 76 ++++-- 7 files changed, 780 insertions(+), 572 deletions(-) Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6723 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 aliguori 提交于
Each of the graphical frontends #include a .c file, for keymap code resulting in duplicated definitions & duplicated compiled code. A couple of small changes allowed this to be sanitized, so instead of doing a #include "keymaps.c", duplicating all code, we can have a shared keymaps.h file, and only compile code once. This allows the next patch to move the VncState struct out into a header file without causing clashing definitions. Makefile | 9 +++++--- b/keymaps.h | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ curses.c | 3 -- curses_keys.h | 9 +++----- keymaps.c | 45 ++++++++++++++++--------------------------- sdl.c | 3 -- sdl_keysym.h | 7 ++---- vnc.c | 5 +--- vnc_keysym.h | 7 ++---- 9 files changed, 97 insertions(+), 51 deletions(-) Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6721 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 27 1月, 2009 1 次提交
-
-
由 aliguori 提交于
Derived from Stuart Brady's patch: Show the target directory as prefix to the current module when building in quiet mode. This helps to gain overview of the current build progress, specifically when running parallelized builds. Furthermore, suppress make command echoing when entering subdirs and replace $(subst subdir-,,$@) with $* in the related rule. Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6447 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 23 1月, 2009 1 次提交
-
-
由 aliguori 提交于
make install-doc omits an explicit permission mask for the man-pages. This defaults to have the executable bits set. Adding "-m 644" (for rw-r--r--) fixes that. Signed-off-by: NAndre Przywara <andre.przywara@amd.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6400 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 22 1月, 2009 5 次提交
-
-
由 aliguori 提交于
Put archive utility (ar) invocations into a rule, and have it generate quiet output by default. Signed-off-by: NAvi Kivity <avi@redhat.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6381 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 aliguori 提交于
Spew out less noise when compiling. This helps review make output for information such as compilation warnings, rather than extra long compiler invocations. The full output can be generated by supplying a 'V=1' parameter to make. Signed-off-by: NAvi Kivity <avi@redhat.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6380 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 aliguori 提交于
Use generic rules where posssible, and a LINK macro where not. Signed-off-by: NAvi Kivity <avi@redhat.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6379 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 aliguori 提交于
Add a file for common makefile rules. Signed-off-by: NAvi Kivity <avi@redhat.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6378 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 aliguori 提交于
Instead of specifying the compilation command over and over, use a single rule and adjust it as necessary using target specific target overrides. Signed-off-by: NAvi Kivity <avi@redhat.com> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6377 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 09 1月, 2009 1 次提交
-
-
由 aurel32 提交于
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6260 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 03 1月, 2009 1 次提交
-
-
由 aurel32 提交于
This patch fixes the 'tarbin' Makefile rule (which was broken due to a missing '\' for line-continuation), and also rearranges that rule to match the ordering that is used in the configure script, so that the list can be checked more easily, to avoid conflicts, etc. Signed-off-by: NStuart Brady <stuart.brady@gmail.com> Signed-off-by: NAurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6149 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 16 12月, 2008 1 次提交
-
-
由 aurel32 提交于
Since most IO devices are integrated into the 440EP chip, "Bamboo support" mostly entails implementing the -kernel, -initrd, and -append options. These options are implemented by loading the guest as if u-boot had done it, i.e. loading a flat device tree, updating it to hold initrd addresses, ram size, and command line, and passing the FDT address in r3. Since we use it with KVM, we enable the virtio block driver and include hooks necessary for KVM support. Signed-off-by: NHollis Blanchard <hollisb@us.ibm.com> Signed-off-by: NAurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6067 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 13 12月, 2008 1 次提交
-
-
由 aliguori 提交于
glibc implements posix-aio as a thread pool and imposes a number of limitations. 1) it limits one request per-file descriptor. we hack around this by dup()'ing file descriptors which is hideously ugly 2) it's impossible to add new interfaces and we need a vectored read/write operation to properly support a zero-copy API. What has been suggested to me by glibc folks, is to implement whatever new interfaces we want and then it can eventually be proposed for standardization. This requires that we implement our own posix-aio implementation though. This patch implements posix-aio using pthreads. It immediately eliminates the need for fd pooling. It performs at least as well as the current posix-aio code (in some circumstances, even better). Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5996 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 11 12月, 2008 1 次提交
-
-
由 malc 提交于
Thanks to Segher Boessenkool and Holis Blanchard. AIX and Darwin cache inquiry: http://gcc.gnu.org/ml/gcc-patches/2007-08/msg00388.html Auxiliary vectors: http://manugarg.googlepages.com/aboutelfauxiliaryvectors git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5973 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 07 12月, 2008 1 次提交
-
-
由 aurel32 提交于
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5914 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 27 11月, 2008 1 次提交
-
-
由 ths 提交于
Signed-off-by: NRiku Voipio <riku.voipio@iki.fi> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5800 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 23 11月, 2008 1 次提交
-
-
由 blueswir1 提交于
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5780 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 12 11月, 2008 2 次提交
-
-
由 aliguori 提交于
This is pure code motion. The savevm code is all common code so we can build it once and share the object with all executables. Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5700 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 aliguori 提交于
This will improve the build time. Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5699 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 09 10月, 2008 1 次提交
-
-
由 aliguori 提交于
Replace signalfd with signal handler/pipe. There is no way to interrupt the CPU execution loop when a file descriptor becomes readable. This results in a large performance regression in sparc emulation during bootup. This patch switches us to signal handler/pipe which was originally suggested by Ian Jackson. The signal handler lets us interrupt the CPU emulation loop while the write to a pipe lets us avoid the select/signal race condition. Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5451 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 02 10月, 2008 1 次提交
-
-
由 aurel32 提交于
(Ryan Harper, Laurent Desnogues) git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5389 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 29 9月, 2008 7 次提交
-
-
由 balrog 提交于
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5349 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 balrog 提交于
This does the reverse of bt-host.c, proxying from guest to host. Appears to be more reliable. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5348 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 balrog 提交于
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5347 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 balrog 提交于
Note that the L2CAP flow-controlled mode is not fully supported. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5346 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 balrog 提交于
This implements most of the logic of a real HCI (at least the pieces marked as mandatory). It doesn't support keys, authentication etc. It works on top of the LMP layer, which is not fully emulated because software never has direct access to it. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5345 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 balrog 提交于
This allows using a host's physical HCI as one of the HCIs attached to the virtual machine. This brings various limitations because not all commands/events are passed through by Linux kernel, some are interpreted by the host's kernel for a speed gain. git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5344 c046a42c-6fe2-441c-8c8c-71466251a162
-
由 balrog 提交于
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5342 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 24 9月, 2008 1 次提交
-
-
由 aliguori 提交于
This patch fixes some items in Makefile: * remove duplicate entries from .PHONY * add missing entries to .PHONY * sort entries in .PHONY alphabetically * add missing dependencies for qemu-doc.* targets Signed-off-by: NStefan Weil <weil@mail.berlios.de> Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5307 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 23 9月, 2008 1 次提交
-
-
由 aliguori 提交于
This patch refactors the AIO layer to allow multiple AIO implementations. It's only possible because of the recent signalfd() patch. Right now, the AIO infrastructure is pretty specific to the block raw backend. For other block devices to implement AIO, the qemu_aio_wait function must support registration. This patch introduces a new function, qemu_aio_set_fd_handler, which can be used to register a file descriptor to be called back. qemu_aio_wait() now polls a set of file descriptors registered with this function until one becomes readable or writable. This patch should allow the implementation of alternative AIO backends (via a thread pool or linux-aio) and AIO backends in non-traditional block devices (like NBD). Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5297 c046a42c-6fe2-441c-8c8c-71466251a162
-
- 15 9月, 2008 1 次提交
-
-
由 aliguori 提交于
Right now, we sprinkle #if defined(QEMU_IMG) && defined(QEMU_NBD) all over the code. It's ugly and causes us to have to build multiple object files for linking against qemu and the tools. This patch introduces a new file, qemu-tool.c which contains enough for qemu-img, qemu-nbd, and QEMU to all share the same objects. This also required getting qemu-nbd to be a bit more Windows friendly. I also changed the Windows block-raw to use normal IO instead of overlapping IO since we don't actually do AIO yet on Windows. I changed the various #if 0's to #if WIN32_AIO to make it easier for someone to eventually fix AIO on Windows. After this patch, there are no longer any #ifdef's related to qemu-img and qemu-nbd. Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com> git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5226 c046a42c-6fe2-441c-8c8c-71466251a162
-