This is a left-over from commit 7aaa6a16 "tpm: express dependencies
with Kconfig".
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20190524181411.8599-1-marcandre.lureau@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Add a vhost-user gpu backend, based on virtio-gpu/3d device. It is
associated with a vhost-user-gpu device.

Various TODO and nice to have items:
- multi-head support
- crash & resume handling
- accelerated rendering/display that avoids the waiting round trips
- edid support
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20190524130946.31736-6-marcandre.lureau@redhat.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

About half of the values to which CPU_CFLAGS is set
have multiple space separated arguments.
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>
Message-Id: <20190501223819.8584-3-richard.henderson@linaro.org>
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>

We cannot use the ppc64le host compiler to build ppc64(be) guest code.
Clean up confusion between cross_cc_powerpc and cross_cc_ppc; make use
of the cflags variable as well.
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>
Message-Id: <20190501223819.8584-2-richard.henderson@linaro.org>
[dwg: Dropped hunk relating to ppc64abi32, it doesn't test properly]
Signed-off-by: NDavid Gibson <david@gibson.dropbear.id.au>

Prefer it to direct use of /dev/urandom.
Reviewed-by: NLaurent Vivier <lvivier@redhat.com>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

For user-only, we require only the random number bits of the
crypto subsystem.  Rename crypto-aes-obj-y to crypto-user-obj-y,
and add the random number objects, plus init.o to handle any
extra stuff the crypto library requires.

Move the crypto libraries from libs_softmmu and libs_tools to
LIBS, so that they are universally used.
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

At least ubuntu 18.04 does not package static gnutls libraries.
At least Fedora 30 does not ship static nettle and gcrypt libraries.
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
Reviewed-by: NLaurent Vivier <lvivier@redhat.com>
Tested-by: NLaurent Vivier <lvivier@redhat.com>
Message-Id: <20190510012458.22706-2-richard.henderson@linaro.org>
Signed-off-by: NRichard Henderson <richard.henderson@linaro.org>

Fixes: a442fe2f
Cc: qemu-trivial@nongnu.org
Signed-off-by: NMarkus Armbruster <armbru@redhat.com>
Reviewed-by: NThomas Huth <thuth@redhat.com>
Message-Id: <20190517183246.11933-1-armbru@redhat.com>
Signed-off-by: NLaurent Vivier <laurent@vivier.eu>

Remove it from the list of tools if --disable-system
and --disable-tools are used as we don't need it for
linux-user targets.
Suggested-by: NPaolo Bonzini <pbonzini@redhat.com>
[lv: I also disable it with disable-tools, not only with disable-system]
Signed-off-by: NLaurent Vivier <lvivier@redhat.com>
Message-Id: <20190401141222.30034-4-lvivier@redhat.com>

The Makefile tries to include device Kconfig dependencies via

 -include $(SUBDIR_DEVICES_MAK_DEP)

and thus expects files that match *-softmmu/config-devices.mak.d ...
however, the minikconf script currently generates files a la
"*-softmmu-config.devices.mak.d" instead, so the dependency files
simply got ignored so far. For example, after a "touch hw/arm/Kconfig",
the arm-softmmu/config-devices.mak file is currently not re-generated.
Fix it by putting the dependency files in the *-softmmu folders now.
Reported-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NThomas Huth <thuth@redhat.com>

The last *.aml file was removed in commit 13b1881a.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190409053320.14612-1-sw@weilnetz.de>
Signed-off-by: NLaurent Vivier <laurent@vivier.eu>

The pam test generates a warning on Fedora 29 with -O3 compilation
because the headers declare that the pam_conversation pointer to
pam_start must be non-NULL.  Change it to use the same 0 initialised
structure as we actually use in qauthz.
Signed-off-by: NDr. David Alan Gilbert <dgilbert@redhat.com>
Acked-by: NDaniel P. Berrangé <berrange@redhat.com>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190404091725.20595-1-dgilbert@redhat.com>
Signed-off-by: NLaurent Vivier <laurent@vivier.eu>

Unless overridden via an env var or configure arg, QEMU will only look
for the 'python' binary in $PATH. This is unhelpful on distros which
are only shipping Python 3.x (eg Fedora) in their default install as,
if they comply with PEP 394, the bare 'python' binary won't exist.

This changes configure so that by default it will search for all three
common python binaries, preferring to find Python 3.x versions.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
Message-Id: <20190327170701.23798-1-berrange@redhat.com>
Signed-off-by: NEduardo Habkost <ehabkost@redhat.com>

The slirp project is now hosted on freedesktop at:
https://gitlab.freedesktop.org/slirp.

The libslirp source was extracted from qemu/slirp filtered through
clang-format (available in project tree). The qemu slirp directory can
be swapped by a git submodule.
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20190424110041.8175-3-marcandre.lureau@redhat.com>
Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org>

All major distributions do support libseccomp version >= 2.3.0, so there
is no need to special-case on various architectures any longer.
Signed-off-by: NHelge Deller <deller@gmx.de>
Message-Id: <20190404183923.GA22347@ls3530.dellerweb.de>
Reviewed-by: NThomas Huth <thuth@redhat.com>
Acked-by: NEduardo Otubo <otubo@redhat.com>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: NThomas Huth <thuth@redhat.com>

When running "make" in a build directory from the pre-Kconfig merge time,
the build process currently fails with:

 make: *** No rule to make target `.../default-configs/pci.mak',
  needed by `aarch64-softmmu/config-devices.mak'.  Stop.

To make sure that this problem at least goes away when the user runs
"configure" (or "sh config.status") again, we have to make sure that
we re-generate the .mak.d files. Thus remove the old stale files
while running the configure script.

Message-Id: <1552300145-12526-1-git-send-email-thuth@redhat.com>
Signed-off-by: NThomas Huth <thuth@redhat.com>

Without the -Wno-typedef-redefinition option, clang complains if a typedef
gets redefined in gnu99 mode (since this is officially a C11 feature). This
used to also happen with older versions of GCC, but since we've bumped our
minimum GCC version to 4.8, all versions of GCC that we support do not seem
to issue this warning in gnu99 mode anymore. So this has become a common
problem for people who only test their code with GCC - they do not notice
the issue until they submit their patches and suddenly patchew or a
maintainer complains.

Now that we do not urgently need to keep the code clean from typedef
redefintions anymore with recent versions of GCC, we can ease the
situation with clang, too, and simply shut these warnings off for good.
Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
Message-Id: <20190427154539.11336-1-thuth@redhat.com>
Signed-off-by: NThomas Huth <thuth@redhat.com>

Normally configure identifies the source path by looking
at the location where the configure script itself exists.
We also provide a --source-path option which lets the user
manually override this.

There isn't really an obvious use case for the --source-path
option, and in commit 92712822 in 2017 we
accidentally added some logic that looks at $source_path
before the command line option that overrides it has been
processed.

The fact that nobody complained suggests that there isn't
any use of this option and we aren't testing it either;
remove it. This allows us to move the "make $source_path
absolute" logic up so that there is no window in the script
where $source_path is set but not yet absolute.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
Message-id: 20190318134019.23729-1-peter.maydell@linaro.org

Decompress and install the edk2 firmware blobs as part of "make install",
unless blob installation was disabled with configure's "--disable-blobs"
option.

Additionally, decompress the blobs as a pre-requisite for building softmmu
binaries -- this is helpful for both "make check" and other ad-hoc tests
one might want to run in the build directory.
Signed-off-by: NLaszlo Ersek <lersek@redhat.com>
Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: NMichael S. Tsirkin <mst@redhat.com>
Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: NIgor Mammedov <imammedo@redhat.com>

This is an inverse selection which excludes a selected set of targets
from the default target list. It will mostly be useful for CI
configurations but it might be useful for some users as well.

You cannot specify --target-list and --target-list-exclude at the same
time.
Signed-off-by: NAlex Bennée <alex.bennee@linaro.org>
Reviewed-by: NThomas Huth <thuth@redhat.com>
Tested-by: NWainer dos Santos Moschetta <wainersm@redhat.com>

Signed-off-by: NJim Wilson <jimw@sifive.com>
Signed-off-by: NChih-Min Chao <chihmin.chao@sifive.com>
Reviewed-by: NAlistair Francis <alistair.francis@wdc.com>
Signed-off-by: NPalmer Dabbelt <palmer@sifive.com>

Signed-off-by: NJim Wilson <jimw@sifive.com>
Signed-off-by: NChih-Min Chao <chihmin.chao@sifive.com>
Reviewed-by: NAlistair Francis <alistair.francis@wdc.com>
Signed-off-by: NPalmer Dabbelt <palmer@sifive.com>

The Windows QEMU guest agent erroneously tries to collect PCI information
directly from the physical drive. However, windows stores SCSI/IDE information
with the drive and PCI information with the underlying storage controller
This changes get_pci_info to use the physical drive's underlying storage
controller to get PCI information.

* Additionally Fixes incorrect size being passed to DeviceIoControl
  when getting volume extents. Can occasionally crash the guest agent
Signed-off-by: NMatt Hines <mhines@scalecomputing.com>
*fix up some checkpatch warnings
*fix domain reporting and add some sanity checks for debug
Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>

The slirp code is not yet split off into a separate repository, so
configuring QEMU to use slirp as a submodule is premature. This
causes the non-existant "slirp" to be requested from git when syncing
submodules. This in turn appears to be cause of non-deterministic
failures some developers are seeing with QEMU's submodule sync process.
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
Message-Id: <20190313173157.30504-1-berrange@redhat.com>
Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org>

This uses iconv to convert glyphs from the specified VGA font encoding to
unicode, and makes use of cchar_t instead of chtype when using ncursesw,
which allows to store all wide char as well as the WACS values. The default
charset is made CP437 since that is the charset of the hardware default VGA
font. This also makes the curses backend set the LC_CTYPE locale to "" to
allow curses to emit wide characters.
Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org>
Cc: Eddie Kohler <ekohler@gmail.com>
Acked-by: NMarkus Armbruster <armbru@redhat.com>
Message-Id: <20190311135127.2229-3-samuel.thibault@ens-lyon.org>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

curses will use it for proper wide output support.
Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org>
Message-Id: <20190311135127.2229-2-samuel.thibault@ens-lyon.org>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

The glfs_*_async() functions do a callback once finished. This callback
has changed its arguments, pre- and post-stat structures have been
added. This makes it possible to improve caching, which is useful for
Samba and NFS-Ganesha, but not so much for QEMU. Gluster 6 is the first
release that includes these new arguments.

With an additional detection in ./configure, the new arguments can
conditionally get included in the glfs_io_cbk handler.
Signed-off-by: NNiels de Vos <ndevos@redhat.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

New versions of Glusters libgfapi.so have an updated glfs_ftruncate()
function that returns additional 'struct stat' structures to enable
advanced caching of attributes. This is useful for file servers, not so
much for QEMU. Nevertheless, the API has changed and needs to be
adopted.
Signed-off-by: NPrasanna Kumar Kalever <prasanna.kalever@redhat.com>
Signed-off-by: NNiels de Vos <ndevos@redhat.com>
Signed-off-by: NKevin Wolf <kwolf@redhat.com>

Since OpenBSD 6.0 [1], W^X is enforced by default [2].
TCG requires WX access. Disable W^X if it is available.
This fixes:

  # lm32-softmmu/qemu-system-lm32
  Could not allocate dynamic translator buffer

  # sysctl kern.wxabort=1
  kern.wxabort: 0 -> 1
  # lm32-softmmu/qemu-system-lm32
  mmap: Not supported
  Abort trap (core dumped)
  # gdb -q lm32-softmmu/qemu-system-lm32 qemu-system-lm32.core
  (gdb) bt
  #0  0x000017e3c156c50a in _thread_sys___syscall () at {standard input}:5
  #1  0x000017e3c15e5d7a in *_libc_mmap (addr=Variable "addr" is not available.) at /usr/src/lib/libc/sys/mmap.c:47
  #2  0x000017e17d9abc8b in alloc_code_gen_buffer () at /usr/src/qemu/accel/tcg/translate-all.c:1064
  #3  0x000017e17d9abd04 in code_gen_alloc (tb_size=0) at /usr/src/qemu/accel/tcg/translate-all.c:1112
  #4  0x000017e17d9abe81 in tcg_exec_init (tb_size=0) at /usr/src/qemu/accel/tcg/translate-all.c:1149
  #5  0x000017e17d9897e9 in tcg_init (ms=0x17e45e456800) at /usr/src/qemu/accel/tcg/tcg-all.c:66
  #6  0x000017e17d9891b8 in accel_init_machine (acc=0x17e3c3f50800, ms=0x17e45e456800) at /usr/src/qemu/accel/accel.c:63
  #7  0x000017e17d989312 in configure_accelerator (ms=0x17e45e456800, progname=0x7f7fffff07b0 "lm32-softmmu/qemu-system-lm32") at /usr/src/qemu/accel/accel.c:111
  #8  0x000017e17d9d8616 in main (argc=1, argv=0x7f7fffff06b8, envp=0x7f7fffff06c8) at vl.c:4325

[1] https://www.openbsd.org/faq/upgrade60.html
[2] https://undeadly.org/cgi?action=article&sid=20160527203200Signed-off-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20190307142822.8531-3-philmd@redhat.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

The configure script checks multiple times whether it works in a git
repository and it does this by "test -e "${source_path}/.git" in 4 cases
but in one case where it tries to enable werror "-d" is used there which
fails on git worktrees as .git is a file then and not a directory.

This changes the test to "-e" as other occurrences.
Signed-off-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
Message-Id: <20190228043503.68494-1-aik@ozlabs.ru>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Move qdict-test-data.txt to the tests/data/qobject/ subdirectory,
and remove the unnecessary symlinking.
(See 4b2ff65a for similar test-data cleanup).
Suggested-by: NMarkus Armbruster <armbru@redhat.com>
Signed-off-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
[thuth: Fix conflict in MAINTAINERS]
Signed-off-by: NThomas Huth <thuth@redhat.com>

This automatically removes the TPM backends from the
binary altogether if no front-ends are selected.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Apart from defconfig (which is a no-op),
allyesconfig/allnoconfig/randcondfig can be implemented simply by ignoring
the RHS of assignments and "default" statements.  The RHS is replaced
respectively by "true", "false" or a random value.

However, allyesconfig and randconfig do not quite work, because all the
files for hw/ARCH/Kconfig are sourced and therefore you could end up
enabling some ARM boards in x86 or things like that.  This is left for
future work, but I am leaving it in to help debugging minikconf itself.

allnoconfig mode is tied to a new configure option, --without-default-devices.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

The make_device_config.sh script is replaced by minikconf, which
is modified to support the same command line as its predecessor.

The roots of the parsing are default-configs/*.mak, Kconfig.host and
hw/Kconfig.  One difference with make_device_config.sh is that all symbols
have to be defined in a Kconfig file, including those coming from the
configure script.  This is the reason for the Kconfig.host file introduced
in the previous patch. Whenever a file in default-configs/*.mak used
$(...) to refer to a config-host.mak symbol, this is replaced by a
Kconfig dependency; this part must be done already in this patch
for bisectability.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: NYang Zhong <yang.zhong@intel.com>
Acked-by: NThomas Huth <thuth@redhat.com>
Message-Id: <20190123065618.3520-28-yang.zhong@intel.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Add qgraph API that allows to add/remove nodes and edges from the graph,
implementation of Depth First Search to discover the paths and basic unit
test to check correctness of the API.
Included also a main executable that takes care of starting the framework,
create the nodes, set the available drivers/machines, discover the path and
run tests.

graph.h provides the public API to manage the graph nodes/edges
graph_extra.h provides a more private API used successively by the gtest integration part
qos-test.c provides the main executable
Signed-off-by: NEmanuele Giuseppe Esposito <e.emanuelegiuseppe@gmail.com>
[Paolo's changes compared to the Google Summer of Code submission:
 * added subprocess to test options
 * refactored object creation to support live migration tests
 * removed driver .before callback (unused)
 * removed test .after callbacks (replaced by GTest destruction queue)]
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Add support to our configure and makefile machinery for building
our rST docs into HTML files.

Building the documentation now requires that sphinx-build is
available; this seems better than allowing half the docs to
be built if it is not present but having half of them missing.
(In particular it means that assuming that distros configured with
--enable-docs they'll get a helpful error from configure telling
them the new build dependency.)
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: NAleksandar Markovic <amarkovic@wavecomp.com>
Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
Message-id: 20190305172139.32662-10-peter.maydell@linaro.org
Message-id: 20190228145624.24885-10-peter.maydell@linaro.org

Use the "system" libslirp if its present or requested.

Else build with a static libslirp.a if slirp/ is checked
out ("internal") or a submodule ("git").
Signed-off-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20190212162524.31504-7-marcandre.lureau@redhat.com>
Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org>

In case no sound hardware is present both alsa and sdl drivers
initialize successfully and throw errors later on, i.e. effectively
the automatic probing doesn't work.  Drop them from the list of
default audio drivers for linux because of that.

Fixes: 6a485418 audio: probe audio drivers by default
Buglink: https://bugs.launchpad.net/qemu/+bug/1816052Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
Tested-by: NDavid Hildenbrand <david@redhat.com>
Message-id: 20190219124257.3001-1-kraxel@redhat.com

The 'qemu_acl' type was a previous non-QOM based attempt to provide an
authorization facility in QEMU. Because it is non-QOM based it cannot be
created via the command line and requires special monitor commands to
manipulate it.

The new QAuthZ subclasses provide a superset of the functionality in
qemu_acl, so the latter can now be deleted. The HMP 'acl_*' monitor
commands are converted to use the new QAuthZSimple data type instead
in order to provide temporary backwards compatibility.
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Add an authorization backend that talks to PAM to check whether the user
identity is allowed. This only uses the PAM account validation facility,
which is essentially just a check to see if the provided username is permitted
access. It doesn't use the authentication or session parts of PAM, since
that's dealt with by the relevant part of QEMU (eg VNC server).

Consider starting QEMU with a VNC server and telling it to use TLS with
x509 client certificates and configuring it to use an PAM to validate
the x509 distinguished name. In this example we're telling it to use PAM
for the QAuthZ impl with a service name of "qemu-vnc"

 $ qemu-system-x86_64 \
     -object tls-creds-x509,id=tls0,dir=/home/berrange/security/qemutls,\
             endpoint=server,verify-peer=yes \
     -object authz-pam,id=authz0,service=qemu-vnc \
     -vnc :1,tls-creds=tls0,tls-authz=authz0

This requires an /etc/pam/qemu-vnc file to be created with the auth
rules. A very simple file based whitelist can be setup using

  $ cat > /etc/pam/qemu-vnc <<EOF
  account         requisite       pam_listfile.so item=user sense=allow file=/etc/qemu/vnc.allow
  EOF

The /etc/qemu/vnc.allow file simply contains one username per line. Any
username not in the file is denied. The usernames in this example are
the x509 distinguished name from the client's x509 cert.

  $ cat > /etc/qemu/vnc.allow <<EOF
  CN=laptop.berrange.com,O=Berrange Home,L=London,ST=London,C=GB
  EOF

More interesting would be to configure PAM to use an LDAP backend, so
that the QEMU authorization check data can be centralized instead of
requiring each compute host to have file maintained.

The main limitation with this PAM module is that the rules apply to all
QEMU instances on the host. Setting up different rules per VM, would
require creating a separate PAM service name & config file for every
guest. An alternative approach for the future might be to not pass in
the plain username to PAM, but instead combine the VM name or UUID with
the username. This requires further consideration though.
Tested-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: NPhilippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>