aboutsummaryrefslogtreecommitdiff
path: root/qemu-doc.texi
AgeCommit message (Collapse)Author
2017-05-15Merge remote-tracking branch 'kraxel/tags/pull-usb-20170512-1' into stagingStefan Hajnoczi
usb: bugfixes, doc update # gpg: Signature made Fri 12 May 2017 01:20:29 PM BST # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * kraxel/tags/pull-usb-20170512-1: hw/usb/dev-serial: Do not try to set vendorid or productid properties xhci: relax link check usb-hub: clear PORT_STAT_SUSPEND on wakeup xhci: fix logging usb-redir: fix stack overflow in usbredir_log_data qemu-doc: Update to use the new way of attaching USB devices Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-12qemu-doc: Update to use the new way of attaching USB devicesThomas Huth
The preferred way of adding USB devices is via "-device" and "device_add" nowadays, so let's start to get rid of "-usbdevice" and "usb_add" in the documentation. While we're at it, also add the new USB devices there which have been added to QEMU during the last years, and get rid of the old "vendorid" and "productid" parameters of "-usbdevice serial" which have been removed in QEMU version 0.14.0 already. Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 1494256429-31720-1-git-send-email-thuth@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-05-10Merge remote-tracking branch 'mjt/tags/trivial-patches-fetch' into stagingStefan Hajnoczi
trivial patches for 2017-05-10 # gpg: Signature made Wed 10 May 2017 03:19:30 AM EDT # gpg: using RSA key 0x701B4F6B1A693E59 # gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" # gpg: aka "Michael Tokarev <mjt@corpit.ru>" # gpg: aka "Michael Tokarev <mjt@debian.org>" # Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 # Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931 4B22 701B 4F6B 1A69 3E59 * mjt/tags/trivial-patches-fetch: (23 commits) tests: Remove redundant assignment MAINTAINERS: Update paths for AioContext implementation MAINTAINERS: Update paths for main loop jazz_led: fix bad snprintf tests: Ignore another built executable (test-hmp) scripts: Switch to more portable Perl shebang scripts/qemu-binfmt-conf.sh: Fix shell portability issue virtfs: allow a device id to be specified in the -virtfs option hw/core/generic-loader: Fix crash when running without CPU virtio-blk: Remove useless condition around g_free() qemu-doc: Fix broken URLs of amnhltm.zip and dosidle210.zip use _Static_assert in QEMU_BUILD_BUG_ON channel-file: fix wrong parameter comments block: Make 'replication_state' an enum util: Use g_malloc/g_free in envlist.c qga: fix compiler warnings (clang 5) device_tree: fix compiler warnings (clang 5) usb-ccid: make ccid_write_data_block() cope with null buffers tests: Ignore more test executables Add 'none' as type for drive's if option ... Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-05-10qemu-doc: Fix broken URLs of amnhltm.zip and dosidle210.zipThomas Huth
There are some broken URLs in the qemu-doc which reference tools that are not available at their original location anymore. Fortunately, they have been mirrored to archive.org, so point to that location instead. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-05-09Default to GSSAPI (Kerberos) instead of DIGEST-MD5 for SASLDaniel P. Berrange
RFC 6331 documents a number of serious security weaknesses in the SASL DIGEST-MD5 mechanism. As such, QEMU should not be using or recommending it as a default mechanism for VNC auth with SASL. GSSAPI (Kerberos) is the only other viable SASL mechanism that can provide secure session encryption so enable that by defalt as the replacement. If users have TLS enabled for VNC, they can optionally decide to use SCRAM-SHA-1 instead of GSSAPI, allowing plain username and password auth. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-01-25Merge remote-tracking branch 'remotes/rth/tags/pull-nios-20170124' into stagingPeter Maydell
nios2 target support # gpg: Signature made Tue 24 Jan 2017 21:11:47 GMT # gpg: using RSA key 0xAD1270CC4DD0279B # gpg: Good signature from "Richard Henderson <rth7680@gmail.com>" # gpg: aka "Richard Henderson <rth@redhat.com>" # gpg: aka "Richard Henderson <rth@twiddle.net>" # Primary key fingerprint: 9CB1 8DDA F8E8 49AD 2AFC 16A4 AD12 70CC 4DD0 279B * remotes/rth/tags/pull-nios-20170124: nios2: Add support for Nios-II R1 nios2: Add Altera 10M50 GHRD emulation nios2: Add periodic timer emulation nios2: Add IIC interrupt controller emulation nios2: Add usermode binaries emulation nios2: Add disas entries nios2: Add architecture emulation support Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-01-24nios2: Add support for Nios-II R1Marek Vasut
Add remaining bits of the Altera NiosII R1 support into qemu, which is documentation, MAINTAINERS file entry, configure bits, arch_init and configuration files for both linux-user (userland binaries) and softmmu (hardware emulation). Signed-off-by: Marek Vasut <marex@denx.de> Cc: Chris Wulff <crwulff@gmail.com> Cc: Jeff Da Silva <jdasilva@altera.com> Cc: Ley Foon Tan <lftan@altera.com> Cc: Sandra Loosemore <sandra@codesourcery.com> Cc: Yves Vandervennet <yvanderv@altera.com> Reviewed-by: Alexander Graf <agraf@suse.de> Message-Id: <20170118220146.489-8-marex@denx.de> Signed-off-by: Richard Henderson <rth@twiddle.net>
2017-01-24Fix documentation and some comments (article, grammar)Stefan Weil
Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-01-18target-sparc: fix up niagara machineArtyom Tarasenko
Remove the Niagara stub implementation from sun4u.c and add a machine, compatible with Legion simulator from the OpenSPARC T1 project. The machine uses the firmware supplied with the OpenSPARC T1 project, http://download.oracle.com/technetwork/systems/opensparc/OpenSPARCT1_Arch.1.5.tar.bz2 in the directory S10image/, and is able to boot the supplied Solaris 10 image. Note that for compatibility with the naming conventions for SPARC machines the new machine name is lowercase niagara. Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com> Reviewed-by: Richard Henderson <rth@twiddle.net>
2016-12-05qemu-doc: update gluster protocol usage guidePrasanna Kumar Kalever
Document: 1. The new debug and logfile options with their usages 2. New json format and its usage and 3. update "GlusterFS, Device URL Syntax" section in "Invocation" Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-10-07qemu-doc: merge qemu-tech and qemu-docPaolo Bonzini
Merge what is left of qemu-tech into the main manual as an appendix. Ultimately we should have a new internals manual built from docs/, and then the "Translator Internals" parts of qemu-tech could move to docs/ as well. The bits on limitation and features of CPU emulation should remain in qemu-doc. Reviewed-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-07qemu-tech: move user mode emulation features from qemu-techPaolo Bonzini
These are interesting for users too, since nowadays most qemu-user users are going to be somewhat technical rather than just people that want to run Wine. Some detail is lost, on the other hand some of the information I removed (e.g. basic block unchaining) was obsolete. Reviewed-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-07qemu-doc: drop installation and compilation notesPaolo Bonzini
These are in README or obsolete, and the detailed version can be on a website instead. Reviewed-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-10-07qemu-doc: replace introduction with the one from the internals manualPaolo Bonzini
The user manual has an obsolete introduction, and the one in the internals manual lists QEMU's features quite nicely. Drop the obsolete content and remove generic user-level documentation from qemu-tech. Reviewed-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-12Allow users to specify the vmdk virtual hardware version.Janne Karhunen
Vmdk images have metadata to indicate the vmware virtual hardware version image was created/tested to run with. Allow users to specify that version via new 'hwversion' option. [ kwolf: Adjust qemu-iotests common.filter ] Signed-off-by: Janne Karhunen <Janne.Karhunen@gmail.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-03-21ivshmem: Require master to have ID zeroMarkus Armbruster
Migration with ivshmem needs to be carefully orchestrated to work. Exactly one peer (the "master") migrates to the destination, all other peers need to unplug (and disconnect), migrate, plug back (and reconnect). This is sort of documented in qemu-doc. If peers connect on the destination before migration completes, the shared memory can get messed up. This isn't documented anywhere. Fix that in qemu-doc. To avoid messing up register IVPosition on migration, the server must assign the same ID on source and destination. ivshmem-spec.txt leaves ID assignment unspecified, however. Amend ivshmem-spec.txt to require the first client to receive ID zero. The example ivshmem-server complies: it always assigns the first unused ID. For a bit of additional safety, enforce ID zero for the master. This does nothing when we're not using a server, because the ID is zero for all peers then. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1458066895-20632-40-git-send-email-armbru@redhat.com>
2016-03-21ivshmem: Split ivshmem-plain, ivshmem-doorbell off ivshmemMarkus Armbruster
ivshmem can be configured with and without interrupt capability (a.k.a. "doorbell"). The two configurations have largely disjoint options, which makes for a confusing (and badly checked) user interface. Moreover, the device can't tell the guest whether its doorbell is enabled. Create two new device models ivshmem-plain and ivshmem-doorbell, and deprecate the old one. Changes from ivshmem: * PCI revision is 1 instead of 0. The new revision is fully backwards compatible for guests. Guests may elect to require at least revision 1 to make sure they're not exposed to the funny "no shared memory, yet" state. * Property "role" replaced by "master". role=master becomes master=on, role=peer becomes master=off. Default is off instead of auto. * Property "use64" is gone. The new devices always have 64 bit BARs. Changes from ivshmem to ivshmem-plain: * The Interrupt Pin register in PCI config space is zero (does not use an interrupt pin) instead of one (uses INTA). * Property "x-memdev" is renamed to "memdev". * Properties "shm" and "size" are gone. Use property "memdev" instead. * Property "msi" is gone. The new device can't have MSI-X capability. It can't interrupt anyway. * Properties "ioeventfd" and "vectors" are gone. They're meaningless without interrupts anyway. Changes from ivshmem to ivshmem-doorbell: * Property "msi" is gone. The new device always has MSI-X capability. * Property "ioeventfd" defaults to on instead of off. * Property "size" is gone. The new device can only map all the shared memory received from the server. Guests can easily find out whether the device is configured for interrupts by checking for MSI-X capability. Note: some code added in sub-optimal places to make the diff easier to review. The next commit will move it to more sensible places. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1458066895-20632-37-git-send-email-armbru@redhat.com>
2016-03-21ivshmem: Propagate errors through ivshmem_recv_setup()Markus Armbruster
This kills off the funny state described in the previous commit. Simplify ivshmem_io_read() accordingly, and update documentation. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1458066895-20632-27-git-send-email-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2016-03-18qemu-doc: Fix ivshmem huge page exampleMarkus Armbruster
Option parameter "share" is missing. Without it, you get a *private* mmap(), which defeats ivshmem's purpose pretty thoroughly ;) While there, switch to the conventional mountpoint of hugetlbfs /dev/hugepages. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1458066895-20632-5-git-send-email-armbru@redhat.com>
2016-02-19qemu-options.hx: Improve documentation of chardev multiplexing modePeter Maydell
The current documentation of chardev mux=on is rather brief and opaque; expand it to hopefully be a bit more helpful. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <1455643738-6068-1-git-send-email-peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-02-11remove libtool supportMichael Tokarev
Libtool support was needed to build shared library for libcacard. Now there's no need to use libtool, and since the build system is already complicated enough, we have a way to slightly de-complicate it. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
2016-02-04qemu-doc: Do not promote deprecated -smb and -redir optionsThomas Huth
Since -smb and -redir are deprecated options, we should not use them as examples in the documentation anymore. Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-01-26docs: Style the command and its options in the synopsisSitsofe Wheeler
Signed-off-by: Sitsofe Wheeler <sitsofe@yahoo.com> Message-Id: <1452718226-25001-1-git-send-email-sitsofe@yahoo.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-12-22Add a base IPMI interfaceCorey Minyard
Add the basic IPMI types and infrastructure to QEMU. Low-level interfaces and simulation interfaces will register with this; it's kind of the go-between to tie them together. Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-11-25ivshmem: Rename property memdev to x-memdev for 2.5Markus Armbruster
The device's guest interface and its QEMU user interface are flawed^Whotly debated. We'll resolve that in the next development cycle, probably by deprecating the device in favour of a cleaned up, but not quite compatible revision. To avoid adding more baggage to the soon-to-be-deprecated interface, mark property "memdev" as experimental, by renaming it to "x-memdev". It's the only recent user interface change. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1448384789-14830-6-git-send-email-armbru@redhat.com> [Update of qemu-doc.texi squashed in] Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2015-11-25qemu-doc: Fix ivshmem usage example with shm=...Markus Armbruster
The example suggests you can omit "shm". This isn't true; you must specify exactly one of "shm", "chardev", "memdev". Fix it. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1448384789-14830-3-git-send-email-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2015-11-25qemu-doc: Fix ivshmem example markupMarkus Armbruster
Use @var{foo} like we do everywhere else, not <foo>. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1448384789-14830-2-git-send-email-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2015-11-04backends/hostmem-file: Allow to specify full pathname for backing filePavel Fedin
This allows to explicitly specify file name to use with the backend. This is important when using it together with ivshmem in order to make it backed by hugetlbfs. By default filename is autogenerated using mkstemp(), and the file is unlink()ed after creation, effectively making it anonymous. This is not very useful with ivshmem because it ends up in a memory which cannot be accessed by something else. Distinction between directory and file name is done by stat() check. If an existing directory is given, the code keeps old behavior. Otherwise it creates or opens a file with the given pathname. Signed-off-by: Pavel Fedin <p.fedin@samsung.com> Tested-by: Igor Skalkin <i.skalkin@samsung.com> Message-Id: <004301d11166$9672fe30$c358fa90$@samsung.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-10-26doc: document ivshmem & hugepagesMarc-André Lureau
Document and give some examples of hugepages support with ivshmem device and server. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-10-24contrib: add ivshmem client and serverDavid Marchand
When using ivshmem devices, notifications between guests can be sent as interrupts using a ivshmem-server (typical use described in documentation). The client is provided as a debug tool. Signed-off-by: Olivier Matz <olivier.matz@6wind.com> Signed-off-by: David Marchand <david.marchand@6wind.com> [fix a valgrind warning, option and server_close() segvs, extra server headers includes, getopt() return type, out-of-tree build, use qemu event_notifier instead of eventfd, fix x86/osx warnings - Marc-André] Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2015-09-16monitor: added generation of documentation for hmp-commands-info.hxPavel Butsykin
It will be easier if you need to add info-commands to edit only hmp-commands-info.hx, before this had to edit monitor.c and hmp-commands.hx. From the build point of view all documentation is saved into qemu-monitor-info.texi which from now on is used for all user documentation building. Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com> Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Paolo Bonzini <pbonzini@redhat.com> CC: Peter Maydell <peter.maydell@linaro.org> Message-Id: <1441899541-1856-5-git-send-email-den@openvz.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-09-11maint: remove / fix many doubled wordsDaniel P. Berrange
Many source files have doubled words (eg "the the", "to to", and so on). Most of these can simply be removed, but a couple were actual mis-spellings (eg "to to" instead of "to do"). There was even one triple word score "to to to" :-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-01qga: start a man pageMarc-André Lureau
Add a simple man page for the qemu agent. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> *squashed in review comments from Eric Blake <eblake@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-08-28qemu-doc.texi: Fix capitalization error in OS X build instructionsPeter Maydell
Fix a capitalization error in the OS X build instructions; this was picked up in review of commit b352153f5f and intended to be corrected before I applied it, but I accidentally didn't include it. Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-27From: John Arbuckle <programmingkidx@gmail.com>G 3
qemu-doc.texi: Add information on compiling source code on Mac OS X Add information to the documentation on how to build QEMU on Mac OS X. Signed-off-by: John Arbuckle <programmingkidx@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [PMM: fixed a minor capitalization error] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-07-24qemu-doc: fix typosGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Message-Id: <1435917057-9396-1-git-send-email-arei.gonglei@huawei.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-03-19raw-posix: Deprecate host floppy passthroughMarkus Armbruster
Raise your hand if you have a physical floppy drive in a computer you've powered on in 2015. Okay, I see we got a few weirdos in the audience. That's okay, weirdos are welcome here. Kidding aside, media change detection doesn't fully work, isn't going to be fixed, and floppy passthrough just isn't earning its keep anymore. Deprecate block driver host_floppy now, so we can drop it after a grace period. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-16block: Deprecate QCOW/QCOW2 encryptionMarkus Armbruster
We've steered users away from QCOW/QCOW2 encryption for a while, because it's a flawed design (commit 136cd19 Describe flaws in qcow/qcow2 encryption in the docs). In addition to flawed crypto, we have comically bad usability, and plain old bugs. Let me show you. = Example images = I'm going to use a raw image as backing file, and two QCOW2 images, one encrypted, and one not: $ qemu-img create -f raw backing.img 4m Formatting 'backing.img', fmt=raw size=4194304 $ qemu-img create -f qcow2 -o encryption,backing_file=backing.img,backing_fmt=raw geheim.qcow2 4m Formatting 'geheim.qcow2', fmt=qcow2 size=4194304 backing_file='backing.img' backing_fmt='raw' encryption=on cluster_size=65536 lazy_refcounts=off $ qemu-img create -f qcow2 -o backing_file=backing.img,backing_fmt=raw normal.qcow2 4m Formatting 'normal.qcow2', fmt=qcow2 size=4194304 backing_file='backing.img' backing_fmt='raw' encryption=off cluster_size=65536 lazy_refcounts=off = Usability issues = == Confusing startup == When no image is encrypted, and you don't give -S, QEMU starts the guest immediately: $ qemu-system-x86_64 -nodefaults -display none -monitor stdio normal.qcow2 QEMU 2.2.50 monitor - type 'help' for more information (qemu) info status VM status: running But as soon as there's an encrypted image in play, the guest is *not* started, with no notification whatsoever: $ qemu-system-x86_64 -nodefaults -display none -monitor stdio geheim.qcow2 QEMU 2.2.50 monitor - type 'help' for more information (qemu) info status VM status: paused (prelaunch) If the user figured out that he needs to type "cont" to enter his keys, the confusion enters the next level: "cont" asks for at most *one* key. If more are needed, it then silently does nothing. The user has to type "cont" once per encrypted image: $ qemu-system-x86_64 -nodefaults -display none -monitor stdio -drive if=none,file=geheim.qcow2 -drive if=none,file=geheim.qcow2 QEMU 2.2.50 monitor - type 'help' for more information (qemu) info status VM status: paused (prelaunch) (qemu) c none0 (geheim.qcow2) is encrypted. Password: ****** (qemu) info status VM status: paused (prelaunch) (qemu) c none1 (geheim.qcow2) is encrypted. Password: ****** (qemu) info status VM status: running == Incorrect passwords not caught == All existing encryption schemes give you the GIGO treatment: garbage password in, garbage data out. Guests usually refuse to mount garbage, but other usage is prone to data loss. == Need to stop the guest to add an encrypted image == $ qemu-system-x86_64 -nodefaults -display none -monitor stdio QEMU 2.2.50 monitor - type 'help' for more information (qemu) info status VM status: running (qemu) drive_add "" if=none,file=geheim.qcow2 Guest must be stopped for opening of encrypted image (qemu) stop (qemu) drive_add "" if=none,file=geheim.qcow2 OK Commit c3adb58 added this restriction. Before, we could expose images lacking an encryption key to guests, with potentially catastrophic results. See also "Use without key is not always caught". = Bugs = == Use without key is not always caught == Encrypted images can be in an intermediate state "opened, but no key". The weird startup behavior and the need to stop the guest are there to ensure the guest isn't exposed to that state. But other things still are! * drive_backup $ qemu-system-x86_64 -nodefaults -display none -monitor stdio geheim.qcow2 QEMU 2.2.50 monitor - type 'help' for more information (qemu) drive_backup -f ide0-hd0 out.img raw Formatting 'out.img', fmt=raw size=4194304 I guess this writes encrypted data to raw image out.img. Good luck with figuring out how to decrypt that again. * commit $ qemu-system-x86_64 -nodefaults -display none -monitor stdio geheim.qcow2 QEMU 2.2.50 monitor - type 'help' for more information (qemu) commit ide0-hd0 I guess this writes encrypted data into the unencrypted raw backing image, effectively destroying it. == QMP device_add of usb-storage fails when it shouldn't == When the image is encrypted, device_add creates the device, defers actually attaching it to when the key becomes available, then fails. This is wrong. device_add must either create the device and succeed, or do nothing and fail. $ qemu-system-x86_64 -nodefaults -display none -usb -qmp stdio -drive if=none,id=foo,file=geheim.qcow2 {"QMP": {"version": {"qemu": {"micro": 50, "minor": 2, "major": 2}, "package": ""}, "capabilities": []}} { "execute": "qmp_capabilities" } {"return": {}} { "execute": "device_add", "arguments": { "driver": "usb-storage", "id": "bar", "drive": "foo" } } {"error": {"class": "DeviceEncrypted", "desc": "'foo' (geheim.qcow2) is encrypted"}} {"execute":"device_del","arguments": { "id": "bar" } } {"timestamp": {"seconds": 1426003440, "microseconds": 237181}, "event": "DEVICE_DELETED", "data": {"path": "/machine/peripheral/bar/bar.0/legacy[0]"}} {"timestamp": {"seconds": 1426003440, "microseconds": 238231}, "event": "DEVICE_DELETED", "data": {"device": "bar", "path": "/machine/peripheral/bar"}} {"return": {}} This stuff is worse than useless, it's a trap for users. If people become sufficiently interested in encrypted images to contribute a cryptographically sane implementation for QCOW2 (or whatever other format), then rewriting the necessary support around it from scratch will likely be easier and yield better results than fixing up the existing mess. Let's deprecate the mess now, drop it after a grace period, and move on. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-10doc: minor updates to SPARC32 and SPARC64 documentationMark Cave-Ayland
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2014-12-12block: vhdx - change .vhdx_create default block state to ZEROJeff Cody
The VHDX spec specifies that the default new block state is PAYLOAD_BLOCK_NOT_PRESENT for a dynamic VHDX image, and PAYLOAD_BLOCK_FULLY_PRESENT for a fixed VHDX image. However, in order to create space-efficient VHDX images with qemu-img convert, it is desirable to be able to set has_zero_init to true for VHDX. There is currently an option when creating VHDX images, to use block state ZERO for new blocks. However, this currently defaults to 'off'. In order to be able to eventually set has_zero_init to true for VHDX, this needs to default to 'on'. This patch changes the default to 'on', and provides some help information to warn against setting it to 'off' when using qemu-img convert. [Max Reitz pointed out that a full stop was missing at the end of the VHDX_BLOCK_OPT_ZERO option help text. I have added it. --Stefan] Signed-off-by: Jeff Cody <jcody@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Message-id: 85164899eacc86e150c3ceba793cf93b398dedd7.1418018421.git.jcody@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-11-05qemu-doc.texi: fix typos in x509 examplesGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-09-22block: delete cow block driverStefan Hajnoczi
This patch removes support for the cow file format. Normally we do not break backwards compatibility but in this case there is no impact and it is the most logical option. Extraordinary claims require extraordinary evidence so I will show why removing the cow block driver is the right thing to do. The cow file format is the disk image format for Usermode Linux, a way of running a Linux system in userspace. The performance of UML was never great and it was hacky, but it enjoyed some popularity before hardware virtualization support became mainstream. QEMU's block/cow.c is supposed to read this image file format. Unfortunately the file format was underspecified: 1. Earlier Linux versions used the MAXPATHLEN constant for the backing filename field. The value of MAXPATHLEN can change, so Linux switched to a 4096 literal but QEMU has a 1024 literal. 2. Padding was not used on the header struct (both in the Linux kernel and in QEMU) so the struct layout varied across architectures. In particular, i386 and x86_64 were different due to int64_t alignment differences. Linux now uses __attribute__((packed)), QEMU does not. Therefore: 1. QEMU cow images do not conform to the Linux cow image file format. 2. cow images cannot be shared between different host architectures. This means QEMU cow images are useless and QEMU has not had bug reports from users actually hitting these issues. Let's get rid of this thing, it serves no purpose and no one will be affected. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-id: 1410877464-20481-1-git-send-email-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-09-12qcow2: Add falloc and full preallocation optionHu Tao
preallocation=falloc allocates disk space by posix_fallocate(), preallocation=full allocates disk space by writing zeros to disk. Both modes imply preallocation=metadata. Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-09-12raw-posix: Add falloc and full preallocation optionHu Tao
This patch adds a new option preallocation for raw format, and implements falloc and full preallocation. Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2014-07-18doc: slirp supports ICMP echo if enabled in LinuxGernot Hillier
Since QEMU 0.15, slirp (user mode networking) supports ping to the Internet, see e6d43cfb1f9 Signed-off-by: Gernot Hillier <gernot.hillier@siemens.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-07-07Fix nocow typos in manpageChunyan Liu
Signed-off-by: Chunyan Liu <cyliu@suse.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-07-01qemu-img create: add 'nocow' optionChunyan Liu
Add 'nocow' option so that users could have a chance to set NOCOW flag to newly created files. It's useful on btrfs file system to enhance performance. Btrfs has low performance when hosting VM images, even more when the guest in those VM are also using btrfs as file system. One way to mitigate this bad performance is to turn off COW attributes on VM files. Generally, there are two ways to turn off NOCOW on btrfs: a) by mounting fs with nodatacow, then all newly created files will be NOCOW. b) per file. Add the NOCOW file attribute. It could only be done to empty or new files. This patch tries the second way, according to the option, it could add NOCOW per file. For most block drivers, since the create file step is in raw-posix.c, so we can do setting NOCOW flag ioctl in raw-posix.c only. But there are some exceptions, like block/vpc.c and block/vdi.c, they are creating file by calling qemu_open directly. For them, do the same setting NOCOW flag ioctl work in them separately. [Fixed up 082.out due to the new 'nocow' creation option --Stefan] Signed-off-by: Chunyan Liu <cyliu@suse.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-04-18doc: grammify "allows to"Michael Tokarev
English language grammar does not allow usage of the word "allows" directly followed by an infinitive, declaring constructs like "something allows to do somestuff" un-grammatical. Often it is possible to just insert "one" between "allows" and "to" to make the construct grammatical, but usually it is better to re-phrase the statement. This patch tries to fix 4 examples of "allows to" usage in qemu doc, but does not address comments in the code with similar constructs. It also adds missing "the" in the same line. Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-03-27doc: update default PowerPC framebuffer settingsMark Cave-Ayland
Since 1.7, the default framebuffer settings for PowerPC are 800x600x32. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> CC: qemu-ppc@nongnu.org Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-03-27doc: update sun4m documentationMark Cave-Ayland
A few minor tidy-ups, plus add reference to the new -vga tcx and cg3 options. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>