When encrypting/decrypting data, the plaintext/ciphertext
buffers are required to be a multiple of the cipher block
size. If this is not done, nettle will abort and gcrypt
will report an error. To get consistent behaviour add
explicit checks upfront for the buffer sizes.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

If no IV is provided, then use a default IV of all-zeros
instead of crashing. This gives parity with gcrypt and
nettle backends.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Currently the choice of whether to use nettle or gcrypt is
made based on what gnutls is linked to. There are times
when it is desirable to be able to force build against a
specific library. For example, if testing changes to QEMU's
crypto code all 3 possible backends need to be checked
regardless of what the local gnutls uses.

It is also desirable to be able to enable nettle/gcrypt
for cipher/hash algorithms, without enabling gnutls
for TLS support.

This gives two new configure flags, which allow the
following possibilities

Automatically determine nettle vs gcrypt from what
gnutls links to (recommended to minimize number of
crypto libraries linked to)

 ./configure

Automatically determine nettle vs gcrypt based on
which is installed

 ./configure --disable-gnutls

Force use of nettle

 ./configure --enable-nettle

Force use of gcrypt

 ./configure --enable-gcrypt

Force use of built-in AES & crippled-DES

 ./configure --disable-nettle --disable-gcrypt
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

vhost, pc, virtio features, fixes, cleanups

New features:
    VT-d support for devices behind a bridge
    vhost-user migration support
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Thu 22 Oct 2015 12:39:19 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream: (37 commits)
  hw/isa/lpc_ich9: inject the SMI on the VCPU that is writing to APM_CNT
  i386: keep cpu_model field in MachineState uptodate
  vhost: set the correct queue index in case of migration with multiqueue
  piix: fix resource leak reported by Coverity
  seccomp: add memfd_create to whitelist
  vhost-user-test: check ownership during migration
  vhost-user-test: add live-migration test
  vhost-user-test: learn to tweak various qemu arguments
  vhost-user-test: wrap server in TestServer struct
  vhost-user-test: remove useless static check
  vhost-user-test: move wait_for_fds() out
  vhost: add migration block if memfd failed
  vhost-user: use an enum helper for features mask
  vhost user: add rarp sending after live migration for legacy guest
  vhost user: add support of live migration
  net: add trace_vhost_user_event
  vhost-user: document migration log
  vhost: use a function for each call
  vhost-user: add a migration blocker
  vhost-user: send log shm fd along with log_base
  ...
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Commit 4d00636e ("ich9: Add the lpc chip", Nov 14 2012) added the
ich9_apm_ctrl_changed() ioport write callback function such that it would
inject the SMI, in response to a write to the APM_CNT register, on the
first CPU, invariably.

Since this register is used by guest code to trigger an SMI synchronously,
the interrupt should be injected on the VCPU that is performing the write.

apm_ioport_writeb() is the .write callback of the "apm_ops"
MemoryRegionOps [hw/isa/apm.c]; it is parametrized to call
ich9_apm_ctrl_changed() by ich9_lpc_init() [hw/isa/lpc_ich9.c], via
apm_init(). Therefore this change affects no other board.

ich9_generate_smi() is an unrelated function that is called by the TCO
watchdog; a watchdog is likely in its right to (asynchronously) inject
interrupts on the first CPU only.

This patch allows the combined edk2/OVMF SMM driver stack to work with
multiple VCPUs on TCG, using both qemu-system-i386 and qemu-system-x86_64.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Signed-off-by: NLaszlo Ersek <lersek@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>

Update cpu_model in MachineState for i386, so that the field can be used
for cpu hotplug, instead of using a static variable.

This patch is rebased on the latest master.
Signed-off-by: NZhu Guihua <zhugh.fnst@cn.fujitsu.com>
Reviewed-by: NEduardo Habkost <ehabkost@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NMarcel Apfelbaum <marcel@redhat.com>
Acked-by: NAndreas Färber <afaerber@suse.de>

When a live migration is started the log address to mark dirty pages is provided
to the vhost backend through the vhost_dev_set_log function.
This function is called for each queue pairs but the queue index is wrongly set:
always set to the first queue pair. Then vhost backend lost descriptor addresses
of the queue pairs greater than 1 and behaviour of the vhost backend is
unpredictable.

The queue index is computed by taking account of the vq_index (to retrieve the
queue pair index) and calling the vhost_get_vq_index method of the backend.
Signed-off-by: NThibaut Collet <thibaut.collet@6wind.com>
Cc: qemu-stable@nongnu.org
Acked-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

config_fd should be closed before return, or there will
be a resource leak error.
Signed-off-by: Nzhanghailiang <zhang.zhanghailiang@huawei.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NStefan Hajnoczi <stefanha@redhat.com>

This is used by memfd code.
Signed-off-by: NEduardo Otubo <eduardo.otubo@profitbricks.com>
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Check that backend source and destination do not have simultaneous
ownership during migration.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

This test checks that the log fd is given to the migration source, and
mark dirty pages during migration.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Add a new macro to make the qemu command line with other
values of memory size, and specific chardev id.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

In the coming patches, a test will use several servers
simultaneously. Wrap the server in a struct, out of the global scope.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

This function is a precondition for most vhost-user tests.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

The VHOST_USER_PROTOCOL_FEATURE_MASK will be automatically updated when
adding new features to the enum.
Signed-off-by: NThibaut Collet <thibaut.collet@6wind.com>
[Adapted from mailing list discussion - Marc-André]
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

A new vhost user message is added to allow QEMU to ask to vhost user backend to
broadcast a fake RARP after live migration for guest without GUEST_ANNOUNCE
capability.

This new message is sent only if the backend supports the new
VHOST_USER_PROTOCOL_F_RARP protocol feature.
The payload of this new message is the MAC address of the guest (not known by
the backend). The MAC address is copied in the first 6 bytes of a u64 to avoid
to create a new payload message type.

This new message has no equivalent ioctl so a new callback is added in the
userOps structure to send the request.

Upon reception of this new message the vhost user backend must generate and
broadcast a fake RARP request to notify the migration is terminated.
Signed-off-by: NThibaut Collet <thibaut.collet@6wind.com>
[Rebased and fixed checkpatch errors - Marc-André]
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Some vhost user backends are able to support live migration.
To provide this service the following features must be added:
1. Add the VIRTIO_NET_F_GUEST_ANNOUNCE capability to vhost-net when netdev
   backend is vhost-user.
2. Provide a nop receive callback to vhost-user.
   This callback is called by:
    *  qemu_announce_self after a migration to send fake RARP to avoid network
       outage for peers talking to the migrated guest.
         - For guest with GUEST_ANNOUNCE capabilities, guest already sends GARP
           when the bit VIRTIO_NET_S_ANNOUNCE is set.
           => These packets must be discarded.
         - For guest without GUEST_ANNOUNCE capabilities, migration termination
           is notified when the guest sends packets.
           => These packets can be discarded.
    * virtio_net_tx_bh with a dummy boot to send fake bootp/dhcp request.
      BIOS guest manages virtio driver to send 4 bootp/dhcp request in case of
      dummy boot.
      => These packets must be discarded.
Signed-off-by: NThibaut Collet <thibaut.collet@6wind.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Replace error_report() and use tracing instead. It's not an error to get
a connection or a disconnection, so silence this and trace it instead.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Replace the generic vhost_call() by specific functions for each
function call to help with type safety and changing arguments.

While doing this, I found that "unsigned long long" and "uint64_t" were
used interchangeably and causing compilation warnings, using uint64_t
instead, as the vhost & protocol specifies.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
[Fix enum usage and MQ - Thibaut Collet]
Signed-off-by: NThibaut Collet <thibaut.collet@6wind.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

If VHOST_USER_PROTOCOL_F_LOG_SHMFD is not announced, block vhost-user
migration. The blocker is removed in vhost_dev_cleanup().
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Send the shm for the dirty pages logging if the backend supports
VHOST_USER_PROTOCOL_F_LOG_SHMFD. Wait for a reply to make sure
the old log is no longer used.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

If the backend is requires it, allocate shareable memory.

vhost_log_get() now uses 2 globals "vhost_log" and "vhost_log_shm", that
way there is a common non-shareable log and a common shareable one.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Check if the backend has VHOST_USER_PROTOCOL_F_LOG_SHMFD feature and
require a shared log.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Split VHOST_SET_LOG_BASE call in a seperate function callback, so that
type safety works and more arguments can be added in the next patches.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Add an open/unlink/mmap fallback for system that do not support
memfd (only available since 3.17, ~1y ago).

This patch may require additional SELinux policies to work for enforced
systems, but should fail gracefully in this case.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Add qemu_memfd_alloc/free() helpers.

The function helps to allocate and seal shared memory.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Implement memfd_create() fallback if not available in system libc.
memfd_create() is still not included in glibc today, atlhough it's been
available since Linux 3.17 in Oct 2014.

memfd has numerous advantages over traditional shm/mmap for ipc memory
sharing with fd handler, which we are going to make use of for
vhost-user logging memory in following patches.

The next patches are going to introduce helpers to use best practices of
memfd usage and provide some compatibility fallback. memfd.c is thus
temporarily useless and eventually empty if memfd_create() is provided
by the system.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Make it easier to add new unrelated units with shorter lines.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

New syscalls are not yet widely distributed. Add them to qemu
linux-headers include directory. Update based on v4.3-rc3 kernel headers.

Exclude mips for now, which is more problematic due to extra header
inclusion and probably unnecessary here.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Check if memfd_create() is part of system libc.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NThibaut Collet <thibaut.collet@6wind.com>

Try to cover the basics of virtio migration.
Signed-off-by: NCornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: NGreg Kurz <gkurz@linux.vnet.ibm.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
Reviewed-by: NJason Wang <jasowang@redhat.com>

Don't initialize vhost backend if memslots number exceeds the supported
limit. This prevents failures down the road when backend
is actually started.

[MST: rewrite commit log]
Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

it allows safely cancel memory hotplug if vhost backend
doesn't support necessary amount of memory slots and prevents
QEMU crashing in vhost due to hitting vhost limit on amount
of supported memory ranges.
Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

it will allow for other parts of QEMU check if it's safe
to map memory region during hotplug/runtime.
That way hotplug path will have a chance to cancel
hotplug operation instead of crashing in vhost_commit().
Signed-off-by: NIgor Mammedov <imammedo@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>

Xtensa updates:

- fix register window overflow with l32e/s32e instructions;
- make MMU events logging dependent on CPU_LOG_MMU;
- attach FLASH to system I/O region on XTFPGA boards;
- implement depbits and l32nb instructions.

# gpg: Signature made Wed 21 Oct 2015 19:34:02 BST using RSA key ID F83FA044
# gpg: Good signature from "Max Filippov <max.filippov@cogentembedded.com>"
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>"

* remotes/xtensa/tags/20151021-xtensa:
  target-xtensa: implement S32NB
  target-xtensa: implement depbits instruction
  target-xtensa: xtfpga: attach FLASH to system IO
  target-xtensa: use CPU_LOG_MMU for MMU event logging
  target-xtensa: add window overflow check to L32E/S32E
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

S32NB provides the same functionality as S32I with two exceptions.
First, when its operation leaves the processor, the external transaction
is marked Non-Bufferable. Second, it may not be used to write to
Instruction RAM.
In QEMU S32NB is equivalent to S32I.
Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>