aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-12-22nvdimm acpi: build ACPI NFIT tableXiao Guangrong
NFIT is defined in ACPI 6.0: 5.2.25 NVDIMM Firmware Interface Table (NFIT) Currently, we only support PMEM mode. Each device has 3 structures: - SPA structure, defines the PMEM region info - MEM DEV structure, it has the @handle which is used to associate specified ACPI NVDIMM device we will introduce in later patch. Also we can happily ignored the memory device's interleave, the real nvdimm hardware access is hidden behind host - DCR structure, it defines vendor ID used to associate specified vendor nvdimm driver. Since we only implement PMEM mode this time, Command window and Data window are not needed The NVDIMM functionality is controlled by the parameter, 'nvdimm', which is introduced for the machine, there is a example to enable it: -machine pc,nvdimm -m 8G,maxmem=100G,slots=100 -object \ memory-backend-file,id=mem1,share,mem-path=/tmp/nvdimm1,size=10G -device \ nvdimm,memdev=mem1,id=nv1 It is disabled on default Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22acpi: support specified oem table id for build_headerXiao Guangrong
Let build_header() support specified OEM table id so that we can build multiple SSDT later If the oem table id is not specified (aka, NULL), we use the default id instead as the previous behavior Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22nvdimm: implement NVDIMM device abstractXiao Guangrong
Introduce "nvdimm" device which is based on pc-dimm device type Currently, nothing is specific for nvdimm but hotplug is disabled Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22docs/pci_expander_bridge: fix typoCao jin
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2015-12-22hw/compat.h: Change indentation of HW_COMPAT_* to 4 spacesEduardo Habkost
Cosmetic change only. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
2015-12-22pc: Change indentation of PC_COMPAT_* to 4 spacesEduardo Habkost
Cosmetic change only. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
2015-12-22pc: Add pc-*-2.6 machine classesEduardo Habkost
Add pc-i440fx-2.6 and pc-q35-2.6 machine classes. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
2015-12-22pc: Remove redundant code from pc-*-2.3 machine classesEduardo Habkost
Remove the redundant 'alias = NULL' and 'is_default = 0' lines from older machine-types. pc_*_2_4_machine_options() already clear those fields, so they don't need to be cleared by pc_*_2_3_machine_options(). Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
2015-12-22q35: skip q35-acpi-dsdt.aml load if not neededGerd Hoffmann
Only old machine types which don't use the acpi builder (qemu 1.7 + older) have to load that file for proper acpi support. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22ipmi: Add a force off functionCorey Minyard
Allow the IPMI interface to request a forced power off. Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22ipmi: Add firmware registration to the ISA interfaceCorey Minyard
Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22ipmi: Add a firmware configuration repositoryCorey Minyard
Add a way for IPMI devices to register their firmware information with the IPMI subsystem so that various firmware entities can pull that information later for adding to firmware tables. Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22ipmi: Add migration capability to the IPMI devices.Corey Minyard
Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22ipmi: Add documentationCorey Minyard
Add some basic documentation for the IPMI device. Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22ipmi: Add testsCorey Minyard
Test the KCS interface with a local BMC and a BT interface with an external BMC. Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22ipmi: Add a BT low-level interfaceCorey Minyard
This provides the simulation of the BT hardware interface for IPMI. Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22ipmi: Add an ISA KCS low-level interfaceCorey Minyard
This provides the simulation of the KCS hardware interface. Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22ipmi: Add an external connection simulation interfaceCorey Minyard
This adds an interface for IPMI that connects to a remote BMC over a chardev (generally a TCP socket). The OpenIPMI lanserv simulator describes this interface, see that for interface details. Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22ipmi: Add a local BMC simulationCorey Minyard
This provides a minimal local BMC, basically enough to comply with the spec and provide a complete watchdog timer (including a sensor, SDR, and event). Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22Add a base IPMI interfaceCorey Minyard
Add the basic IPMI types and infrastructure to QEMU. Low-level interfaces and simulation interfaces will register with this; it's kind of the go-between to tie them together. Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22pc: Group and document related PCMachineState/PCMachineclass fieldsEduardo Habkost
Group related PCMachineState and PCMachineClass fields into sections, and move existing field descriptions to doc comments. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2015-12-22q35: Remove MCHPCIState.guest_info fieldEduardo Habkost
The field is not used for anything. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2015-12-22hw/i386: extend pxb query for all PC machinesMarcel Apfelbaum
Add bus property to PC machines and use it when looking for primary PCI root bus (bus 0). Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Eduardo Habkost <ehabkost@redhat.com>
2015-12-22hw/pxb: introduce pxb-pcie expander for PCIe machinesMarcel Apfelbaum
The pxb-pcie is the counterpart of pxb for PCI express machines. The new device re-uses the pxb code, but appears to the guests as a different device. The pxb-pcie device does not have an internal pci-pci bridge and exposes a PCIe root bus instead of a PCI one. Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22hw/acpi: merge pxb adjacent memory/IO rangesMarcel Apfelbaum
A generic PCI Bus Expander doesn't necessary have a built-in PCI bridge. Int this case the ACPI will include IO/MEM ranges per device. Try to merge adjacent resources to reduce the ACPI tables length. Signed-off-by: Marcel Apfelbaum <marcel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22pc: Move option_rom_has_mr/rom_file_has_mr globals to MachineClassEduardo Habkost
This way, these settings can be simply set on the corresponding machine_options() function, instead of requiring code in pc_compat_*() functions. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2015-12-22pc: Remove enforce-aligned-dimm QOM propertyEduardo Habkost
The property is read-only and not used for anything. Cc: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22pc: Move enforce_aligned_dimm to PCMachineClassEduardo Habkost
enforce_aligned_dimm never changes after the machine is initialized, so it can be simply set in PCMachineClass like all the other compat fields. Cc: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22pc: Move acpi_data_size global to PCMachineClassEduardo Habkost
This way we don't need code in pc_compat_*() functions to set the legacy acpi_data_size value. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2015-12-22pc: Move legacy_acpi_table_size global to PCMachineClassEduardo Habkost
This way we can set legacy_acpi_table_size on the machine_options() functions, instead of requirng code in pc_compat_*() functions. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2015-12-22pc: Move compat boolean globals to PCMachineClassEduardo Habkost
This way the compat flags can be initialized in the machine_options() function. This will help us to eventually eliminate the pc_compat_*() functions. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
2015-12-22mmap-alloc: tweak a comment on ppc64Michael S. Tsirkin
The comment I put in mmap-alloc to document the ppc64 rules refers to the previous revision of the patch: we don't look at memory alignment anymore, we check the fs from which the fd is mapped, instead. It's also not clear what does "in this case" refer to, rearrange text to make it clearer. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Tue 22 Dec 2015 08:52:55 GMT using RSA key ID 81AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" * remotes/stefanha/tags/block-pull-request: sdhci: add optional quirk property to disable card insertion/removal interrupts sdhci: don't raise a command index error for an unexpected response sd: sdhci: Delete over-zealous power check scripts/gdb: Fix a python exception in mtree.py parallels: add format spec block/mirror: replace IOV_MAX with blk_get_max_iov() block: replace IOV_MAX with BlockLimits.max_iov block-backend: add blk_get_max_iov() block: add BlockLimits.max_iov field virtio-blk: trivial code optimization Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-22sdhci: add optional quirk property to disable card insertion/removal interruptsAndrew Baumann
This is needed for a quirk of the Raspberry Pi (bcm2835/6) MMC controller, where the card insert bit is documented as unimplemented (always reads zero, doesn't generate interrupts) but is in fact observed on hardware as set at power on, but is cleared (and remains clear) on subsequent controller resets. Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: 1450738069-18664-4-git-send-email-Andrew.Baumann@microsoft.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22sdhci: don't raise a command index error for an unexpected responseAndrew Baumann
This deletes a block of code that raised a command index error if a command returned response data, but the guest did not set the appropriate bits in the response register to handle such a response. I cannot find any documentation that suggests the controller should behave in this way, the error code doesn't make sense (command index error is defined for the case where the index in a response does not match that of the issued command), and in at least one case (CMD23 issued by UEFI on Raspberry Pi 2), actual hardware does not do this. Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com> Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Message-id: 1450738069-18664-3-git-send-email-Andrew.Baumann@microsoft.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22sd: sdhci: Delete over-zealous power checkPeter Crosthwaite
This check was conditionalising SD card operation on the card being powered by the SDHCI host controller. It is however possible (particularly in embedded systems) for the power control of the SD card to be managed outside of SDHCI. This can be as trivial as hard-wiring the SD slot VCC to a constant power-rail. This means the guest SDHCI can validly opt-out of the SDHCI power control feature while still using the card. So delete this check to allow operation of the card with SDHCI power control. This is needed for at least Xilinx Zynq and Raspberry Pi, and also makes Freescale i.MX25 work for me. The digilent Zybo board has a public schematic which shows SD VCC hardwiring: http://digilentinc.com/Data/Products/ZYBO/ZYBO_sch_VB.3.pdf bottom of page 3. Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com> Reviewed-by: Sai Pavan Boddu <saipava@xilinx.com> Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com> Message-id: 1450738069-18664-2-git-send-email-Andrew.Baumann@microsoft.com [AB: Add Pi to list of devices fixed in commit message] Signed-off-by: Andrew Baumann <Andrew.Baumann@microsoft.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22scripts/gdb: Fix a python exception in mtree.pyYang Wei
The following exception is threw: Python Exception <class 'NameError'> name 'long' is not defined: Error occurred in Python command: name 'long' is not defined Python 2.4+, int()/long() have been unified, so replace long with int. Signed-off-by: Yang Wei <w90p710@gmail.com> Message-id: 1449316340-4030-1-git-send-email-w90p710@gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22parallels: add format specVladimir Sementsov-Ogievskiy
This specifies Parallels image format as implemented in Parallels Cloud Server 6.10 Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Denis V. Lunev <den@openvz.org> Message-id: 1448626806-17591-1-git-send-email-den@openvz.org CC: Eric Blake <eblake@redhat.com> CC: John Snow <jsnow@redhat.com> CC: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22block/mirror: replace IOV_MAX with blk_get_max_iov()Stefan Hajnoczi
Use blk_get_max_iov() instead of hardcoding IOV_MAX, which may not apply to all BlockDrivers. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22block: replace IOV_MAX with BlockLimits.max_iovStefan Hajnoczi
Request merging must not result in a huge request that exceeds the maximum number of iovec elements. Use BlockLimits.max_iov instead of hardcoding IOV_MAX. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22block-backend: add blk_get_max_iov()Stefan Hajnoczi
Add a function to query BlockLimits.max_iov. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22block: add BlockLimits.max_iov fieldStefan Hajnoczi
The maximum number of struct iovec elements depends on the BlockDriverState. The raw-posix and iSCSI protocols have a maximum of IOV_MAX but others could have different values. Cc: Peter Lieven <pl@kamp.de> Suggested-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-22virtio-blk: trivial code optimizationGonglei
1. avoid possible superflous checking 2. make code more robustness ["make code more robustness" refers to avoiding integer underflows/overflows. --Stefan] Signed-off-by: Gonglei <arei.gonglei@huawei.com> Message-id: 1447207166-12612-1-git-send-email-arei.gonglei@huawei.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-12-18Merge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' into ↵Peter Maydell
staging NUMA queue, 2015-12-18 # gpg: Signature made Fri 18 Dec 2015 17:53:48 GMT using RSA key ID 984DC5A6 # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" * remotes/ehabkost/tags/numa-pull-request: numa: Clean up query-memdev error handling Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-18numa: Clean up query-memdev error handlingMarkus Armbruster
qmp_query_memdev() has two error paths: * When object_get_objects_root() returns null. It never does, so simply drop the useless error handling. * When query_memdev() fails. It leaks err then. But any failure there is actually a programming error. Switch it to &error_abort, and drop the useless error handling. Messed up in commit 76b5d85 "qmp: add query-memdev". Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2015-12-18Merge remote-tracking branch ↵Peter Maydell
'remotes/berrange/tags/pull-qcrypto-secrets-base-2015-12-18-1' into staging Merge QCryptoSecret object support # gpg: Signature made Fri 18 Dec 2015 16:51:21 GMT using RSA key ID 15104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" * remotes/berrange/tags/pull-qcrypto-secrets-base-2015-12-18-1: crypto: add support for loading encrypted x509 keys crypto: add QCryptoSecret object class for password/key handling qga: convert to use error checked base64 decode qemu-char: convert to use error checked base64 decode util: add base64 decoding function Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-18Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block layer patches # gpg: Signature made Fri 18 Dec 2015 13:41:03 GMT using RSA key ID C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" * remotes/kevin/tags/for-upstream: (48 commits) block/qapi: allow best-effort query qemu-img: abort when full_backing_filename not present block/qapi: explicitly warn if !has_full_backing_filename block/qapi: always report full_backing_filename block/qapi: do not redundantly print "actual path" qemu-iotests: s390x: fix test 068 qemu-iotests: s390x: fix test 051 qemu-iotests: refine common.config block: fix bdrv_ioctl called from coroutine block: use drained section around bdrv_snapshot_delete iotests: Update comments for bdrv_swap() in 094 block: Remove prototype of bdrv_swap from header raw-posix: Make aio=native option binding qcow2: insert assert into qcow2_get_specific_info() iotests: Extend test 112 for qemu-img amend qcow2: Point to amend function in check qcow2: Invoke refcount order amendment function qcow2: Add function for refcount order amendment qcow2: Use intermediate helper CB for amend qcow2: Split upgrade/downgrade paths for amend ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-12-18crypto: add support for loading encrypted x509 keysDaniel P. Berrange
Make use of the QCryptoSecret object to support loading of encrypted x509 keys. The optional 'passwordid' parameter to the tls-creds-x509 object type, provides the ID of a secret object instance that holds the decryption password for the PEM file. # printf "123456" > mypasswd.txt # $QEMU \ -object secret,id=sec0,filename=mypasswd.txt \ -object tls-creds-x509,passwordid=sec0,id=creds0,\ dir=/home/berrange/.pki/qemu,endpoint=server \ -vnc :1,tls-creds=creds0 This requires QEMU to be linked to GNUTLS >= 3.1.11. If GNUTLS is too old an error will be reported if an attempt is made to pass a decryption password. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-18crypto: add QCryptoSecret object class for password/key handlingDaniel P. Berrange
Introduce a new QCryptoSecret object class which will be used for providing passwords and keys to other objects which need sensitive credentials. The new object can provide secret values directly as properties, or indirectly via a file. The latter includes support for file descriptor passing syntax on UNIX platforms. Ordinarily passing secret values directly as properties is insecure, since they are visible in process listings, or in log files showing the CLI args / QMP commands. It is possible to use AES-256-CBC to encrypt the secret values though, in which case all that is visible is the ciphertext. For ad hoc developer testing though, it is fine to provide the secrets directly without encryption so this is not explicitly forbidden. The anticipated scenario is that libvirtd will create a random master key per QEMU instance (eg /var/run/libvirt/qemu/$VMNAME.key) and will use that key to encrypt all passwords it provides to QEMU via '-object secret,....'. This avoids the need for libvirt (or other mgmt apps) to worry about file descriptor passing. It also makes life easier for people who are scripting the management of QEMU, for whom FD passing is significantly more complex. Providing data inline (insecure, only for ad hoc dev testing) $QEMU -object secret,id=sec0,data=letmein Providing data indirectly in raw format printf "letmein" > mypasswd.txt $QEMU -object secret,id=sec0,file=mypasswd.txt Providing data indirectly in base64 format $QEMU -object secret,id=sec0,file=mykey.b64,format=base64 Providing data with encryption $QEMU -object secret,id=master0,file=mykey.b64,format=base64 \ -object secret,id=sec0,data=[base64 ciphertext],\ keyid=master0,iv=[base64 IV],format=base64 Note that 'format' here refers to the format of the ciphertext data. The decrypted data must always be in raw byte format. More examples are shown in the updated docs. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-18qga: convert to use error checked base64 decodeDaniel P. Berrange
Switch from using g_base64_decode over to qbase64_decode in order to get error checking of the base64 input data. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>