| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
This patch uses mknod to create socket.
On Host/Fileserver:
-rw-------. 1 virfsuid virtfsgid 0 2010-05-11 09:57 asocket1
On Guest/Client:
srwxr-xr-x 1 guestuser guestuser 0 2010-05-11 12:57 asocket1
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Mapped mode stores extended attributes in the user space of the extended
attributes. Given that the user space extended attributes are available
to regular files only, special files are created as regular files on the
fileserver and appropriate mode bits are added to the extended attributes.
This method presents all special files and symlinks as regular files on the
fileserver while they are represented as special files on the guest mount.
On Host/Fileserver:
-rw-------. 1 virfsuid virtfsgid 0 2010-05-11 09:36 afifo
-rw-------. 1 virfsuid virtfsgid 0 2010-05-11 09:32 blkdev
-rw-------. 1 virfsuid virtfsgid 0 2010-05-11 09:33 chardev
On Guest/Client:
prw-r--r-- 1 guestuser guestuser 0 2010-05-11 12:36 afifo
brw-r--r-- 1 guestuser guestuser 0, 0 2010-05-11 12:32 blkdev
crw-r--r-- 1 guestuser guestuser 4, 5 2010-05-11 12:33 chardev
In the passthrough securit model, specifal files are directly created
on the fileserver. But the user credential
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Mapped mode stores extended attributes in the user space of the extended
attributes. Given that the user space extended attributes are available
to regular files only, special files are created as regular files on the
fileserver and appropriate mode bits are added to the extended attributes.
This method presents all special files and symlinks as regular files on the
fileserver while they are represented as special files on the guest mount.
Implemntation of symlink in mapped security model:
A regular file is created and the link target is written to it.
readlink() reads it back from the file.
On Guest/Client:
lrwxrwxrwx 1 root root 6 2010-05-11 12:20 asymlink -> afile
On Host/Fileserver:
-rw-------. 1 root root 6 2010-05-11 09:20 asymlink
afile
Under passthrough model, it just calls underlying symlink() readlink()
system calls are used.
Under both security models, client user credentials are changed
after the filesystem objec creation.
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
In the mapped security model, VirtFS server intercepts and maps
the file object create and get/set attribute requests. Files on the fileserver
will be created with VirtFS servers (QEMU) user credentials and the
client-users credentials are stored in extended attributes. On the request
to get attributes, server extracts the client-users credentials
from extended attributes and sends them to the client.
On Host/Fileserver:
-rw-------. 2 virfsuid virtfsgid 0 2010-05-11 09:19 afile
On Guest/Client:
-rw-r--r-- 2 guestuser guestuser 0 2010-05-11 12:19 afile
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
mapped model changes the owner in the extended attributes.
passthrough model does the change through lchown() as the
server don't need to follow the link and client will send the
actual filesystem object.
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
This patch adds required infrastructure for the new security model.
- A new configure option for attr/xattr.
- if CONFIG_VIRTFS will be defined if both CONFIG_LINUX and CONFIG_ATTR defined.
- Defines routines related to both security models.
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
The new option is:
-fsdev fstype,id=myid,path=/share_path/,security_model=[mapped|passthrough]
-virtfs fstype,path=/share_path/,security_model=[mapped|passthrough],mnt_tag=tag
In the case of mapped security model, files are created with QEMU user
credentials and the client-user's credentials are saved in extended attributes.
Whereas in the case of passthrough security model, files on the
filesystem are directly created with client-user's credentials.
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
This patch rearranges the fileop structures by moving the structure definitions
from virtio-9p.c to virtio-9p.h file. No functional changes.
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
This patch fluesh the debug messages to the log file at the end of each
debug message.
Changes from V1:
Used fflush instead fseek for the flush.
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
In net/tap-linux.c, when manipulation of /dev/net/tun fails, it prints
(with fprintf) something like this:
warning: could not open /dev/net/tun: no virtual network emulation
this has 2 issues:
1) it is not a warning really, it's a fatal error (kvm exits after
that),
2) there's no indication as of what's actually wrong: printing errno there
is helpful.
The patch below removes the "warning" prefix, uses %m (since it's linux,
%m is available as format modifier), and changes fprintf() to %qemu_error().
Now it prints something like this instead:
could not configure /dev/net/tun: Device or resource busy
(there are 2 messages like that in the same function)
This fixes Debian bug #578154, see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578154
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
The code comes from
http://lists.gnu.org/archive/html/qemu-devel/2010-05/msg02788.html
Without this patch it is not possible to send at least 10 special
characters (\|'"`~:;[]{}) via the monitor sendkey command.
Signed-off-by: Bernhard M. Wiedemann <qemudevbmw@lsmod.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
|
Trying to check them leads to a second error message which is more confusing
than helpful:
Can't get refcount for cluster 0: Invalid argument
ERROR cluster 0 refcount=-22 reference=1
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
With corrupted images, we can easily get an cluster index that exceeds the
array size of the temporary refcount table.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Although it is really rare to get in to the while loop, the list
operation in the loop is obviously wrong.
Signed-off-by: Yoshiaki Tamura <tamura.yoshiaki@lab.ntt.co.jp>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Some block drivers use an aio handler and do I/O completion routines
in it. However, the handler is not invoked if we only do
aio_read/write, because registered fds are not checked at all.
This patch registers an aio handler of STDIO to checks whether we can
read a command without blocking, and calls qemu_aio_wait() in
command_loop(). Any other handlers can be invoked when user input is
idle.
Signed-off-by: MORITA Kazutaka <morita.kazutaka@lab.ntt.co.jp>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Use bdrv_(p)write_sync to ensure metadata integrity in case of a crash.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Use bdrv_(p)write_sync to ensure metadata integrity in case of a crash.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Use bdrv_(p)write_sync to ensure metadata integrity in case of a crash.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Use bdrv_(p)write_sync to ensure metadata integrity in case of a crash.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Use bdrv_(p)write_sync to ensure metadata integrity in case of a crash.
While at it, correct the wrong usage of errno.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Add new functions that write and flush the written data to disk immediately.
This is what needs to be used for image format metadata to maintain integrity
for cache=... modes that don't use O_DSYNC. (Actually, we only need barriers,
and therefore the functions are defined as such, but flushes is what is
implemented in this patch - we can try to change that later)
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
This changes the monitor eject_device() function to not check for
bdrv_is_inserted().
Example run where the bug manifests itself:
(output of 'info block' is stripped to include only the CD-ROM device)
(qemu) info block
ide1-cd0: type=cdrom removable=1 locked=0 [not inserted]
(qemu) change ide1-cd0 /dev/cdrom host_cdrom
(qemu) info block
ide1-cd0: type=cdrom removable=1 locked=0 file=/dev/cdrom ro=1 drv=host_cdrom encrypted=0
(qemu) eject ide1-cd0
(qemu) info block
ide1-cd0: type=cdrom removable=1 locked=0 file=/dev/cdrom ro=1 drv=host_cdrom encrypted=0
# at this point, a disk was inserted on the host CD-ROM drive
(qemu) info block
ide1-cd0: type=cdrom removable=1 locked=0 file=/dev/cdrom ro=1 drv=host_cdrom encrypted=0
(qemu) eject ide1-cd0
(qemu) info block
ide1-cd0: type=cdrom removable=1 locked=0 [not inserted]
(qemu)
The first eject command didn't work because the is_inserted() check
failed.
I have no clue why the code had the is_inserted() check, as it doesn't matter
if there is a disk present at the host drive, when the user wants the virtual
device to be disconnected from the host device.
The is_inserted() check has another side effect: a memory leak if the "change"
command is used multiple times, as do_change() calls eject_device() before
re-opening the block device, but bdrv_close() is never called.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Both SCSI and virtio expect the physical block size relative to the
logical block size. So get the factor first before calculating the
log2.
Reported-by: Mike Cao <bcao@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
assignments
This patch updates hw/scsi-bus.c to add MAINTENANCE_IN and MAINTENANCE_OUT case in
scsi_req_length() for TYPE_ROM with MMC commands. It also adds the MAINTENANCE_OUT
case in scsi_req_xfer_mode() to set SCSI_XFER_TO_DEV for outgoing write data.
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
This patch updates hw/scsi-bus.c to add the PERSISTENT_RESERVE_OUT cdb
case in scsi_req_xfer_mode() to set SCSI_XFER_TO_DEV for outgoing WRITE data.
Signed-off-by: Nicholas A. Bellinger <nab@linux-iscsi.org>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Update PPC, Sparc32 and Sparc64 OpenBIOS images to R795.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Make APICState completely private to apic.c by using DeviceState
in external APIs.
Move apic_init() to pc.c.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Convert to qdev.
Use an opaque CPUState pointer because of missing VMState
implementation for CPUState.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Move the actual CPUState contents handling to cpu.h and cpuid.c.
Handle CPU reset and set env->halted in pc.c.
Add a function to get the local APIC state of the current
CPU for the MMIO.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Pass only APICState when accessing APIC from CPU code.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Pass only APICState from pc.c.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
Convert to qdev.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
There's no need to use ioapic_set_irq() outside of ioapic.c, so
make it static.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
|
|
When loading a shared library that requires an executable stack,
glibc uses the mprotext PROT_GROWSDOWN flag to achieve this.
We don't support PROT_GROWSDOWN.
Add a special case to handle changing the stack permissions in this way.
Signed-off-by: Paul Brook <paul@codesourcery.com>
|
|
Teach strace code about linux specific mprotect flags.
Signed-off-by: Paul Brook <paul@codesourcery.com>
|
|
Report exit status to GDB when a semihosted application exits.
Signed-off-by: Paul Brook <paul@codesourcery.com>
|
|
Move it in preparation for further changes.
No functional change.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@axis.com>
|
|
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
|
|
Prepare to return error from the individual decoders.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@axis.com>
|
|
Some hosts (amd64, ia64) have an ABI that ignores the high bits
of the 64-bit register when passing 32-bit arguments. Others
require the value to be properly sign-extended for the type.
I.e. "int32_t" must be sign-extended and "uint32_t" must be
zero-extended to 64-bits.
To effect this, extend the "sizemask" parameter to tcg_gen_callN
to include the signedness of the type of each parameter. If the
tcg target requires it, extend each 32-bit argument into a 64-bit
temp and pass that to the function call.
This ABI feature is required by sparc64, ppc64 and s390x.
Signed-off-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
|
|
Comparing an 8 bit value with ~0 does not work as expected.
Replace ~0 by UINT8_MAX in comparison and also in assignment
(and fix coding style, too).
Cc: Gleb Natapov <gleb@redhat.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: malc <av1474@comtv.ru>
|
|
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Fix a warning from OpenBSD gcc (3.3.5 (propolice)):
/src/qemu/block.c: In function `bdrv_info_stats_bs':
/src/qemu/block.c:1548: warning: long long int format, long unsigned
int arg (arg 6)
There may be also truncation effects.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Correct definitions for FD_CMD_SAVE and FD_CMD_RESTORE in hw/fdc.c
Per https://bugs.launchpad.net/qemu/+bug/424453 the correct values
for FD_CMD_SAVE is 0x2e and FD_CMD_RESTORE is 0x4e. Verified against
the Intel 82078 manual which can be found at:
http://wiki.qemu.org/Documentation/HardwareManuals page 22.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
This is the list of drives defined with drive_init(). Hide it, so it
doesn't get abused.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
We find snapshots by iterating over the list of drives defined with
drive_init(). This misses host block devices defined by other means.
Such means don't exist now, but will be introduced later in this
series.
Iterate over all host block devices instead, with bdrv_next().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
