aboutsummaryrefslogtreecommitdiff
path: root/qemu-options.hx
AgeCommit message (Collapse)Author
2018-02-07Add the Windows Hypervisor Platform accelerator.Justin Terry (VM)
Introduces the configure support for the new Windows Hypervisor Platform that allows for hypervisor acceleration from usermode components on the Windows platform. Signed-off-by: Justin Terry (VM) <juterry@microsoft.com> Message-Id: <1516655269-1785-2-git-send-email-juterry@microsoft.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-02-07Add memfd based hostmemMarc-André Lureau
Add a new memory backend, similar to hostmem-file, except that it doesn't need to create files. It also enforces memory sealing. This backend is mainly useful for sharing the memory with other processes. Note that Linux supports transparent huge-pages of shmem/memfd memory since 4.8. It is relatively easier to set up THP than a dedicate hugepage mount point by using "madvise" in /sys/kernel/mm/transparent_hugepage/shmem_enabled. Since 4.14, memfd allows to set hugetlb requirement explicitly. Pending for merge in 4.16 is memfd sealing support for hugetlb backed memory. Usage: -object memory-backend-memfd,id=mem1,size=1G Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20180201132757.23063-5-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-01-29qemu-doc: Get rid of "vlan=X" example in the documentationThomas Huth
The vlan concept is marked as deprecated, so we should not use this for examples in the documentation anymore. Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2018-01-29net: Allow hubports to connect to other netdevsThomas Huth
QEMU can emulate hubs to connect NICs and netdevs. This is currently primarily used for the mis-named 'vlan' feature of the networking subsystem. Now the 'vlan' feature has been marked as deprecated, since its name is rather confusing and the users often rather mis-configure their network when trying to use it. But while the 'vlan' parameter should be removed at one point in time, the basic idea of emulating a hub in QEMU is still good: It's useful for bundling up the output of multiple NICs into one single l2tp netdev for example. Now to be able to use the hubport feature without 'vlan's, there is one missing piece: The possibility to connect a hubport to a netdev, too. This patch adds this possibility by introducing a new "netdev=..." parameter to the hubports. To bundle up the output of multiple NICs into one socket netdev, you can now run QEMU with these parameters for example: qemu-system-ppc64 ... -netdev socket,id=s1,connect=:11122 \ -netdev hubport,hubid=1,id=h1,netdev=s1 \ -netdev hubport,hubid=1,id=h2 -device e1000,netdev=h2 \ -netdev hubport,hubid=1,id=h3 -device virtio-net-pci,netdev=h3 For using the socket netdev, you have got to start another QEMU as the receiving side first, for example with network dumping enabled: qemu-system-x86_64 -M isapc -netdev socket,id=s0,listen=:11122 \ -device ne2k_isa,netdev=s0 \ -object filter-dump,id=f1,netdev=s0,file=/tmp/dump.dat After the ppc64 guest tried to boot from both NICs, you can see in the dump file (using Wireshark, for example), that the output of both NICs (the e1000 and the virtio-net-pci) has been successfully transfered via the socket netdev in this case. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2018-01-26usb: Remove legacy -usbdevice options (host, serial, disk and net)Thomas Huth
The option have been marked as deprecated since QEMU 2.10, and so far nobody complained that the host, serial, disk and net options are urgently required anymore. So let's now get rid at least of this legacy pile, to simplify the usb code quite a bit. This patch removes the usbdevices host, serial, disk and net. These devices use their own complicated parameter parsing mechanisms, so they are just ugly to maintain, without real benefit for the users (the users can use the corresponding "-device" parameters instead which have the same complexity as the "-usbdevice" devices here). Note that the other rather simple -usbdevice options (mouse, tablet, etc.) are not removed yet (the code is really simple here, so it does not hurt much to keep it), as well as the two devices "braille" and "bt" which are easier to use with -usbdevice than with -device. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 1515519171-20315-1-git-send-email-thuth@redhat.com [kraxel] delete some usb_host_device_open() leftovers. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2018-01-19hostmem-file: add "align" optionHaozhong Zhang
When mmap(2) the backend files, QEMU uses the host page size (getpagesize(2)) by default as the alignment of mapping address. However, some backends may require alignments different than the page size. For example, mmap a device DAX (e.g., /dev/dax0.0) on Linux kernel 4.13 to an address, which is 4K-aligned but not 2M-aligned, fails with a kernel message like [617494.969768] dax dax0.0: qemu-system-x86: dax_mmap: fail, unaligned vma (0x7fa37c579000 - 0x7fa43c579000, 0x1fffff) Because there is no common approach to get such alignment requirement, we add the 'align' option to 'memory-backend-file', so that users or management utils, which have enough knowledge about the backend, can specify a proper alignment via this option. Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com> Message-Id: <20171211072806.2812-2-haozhong.zhang@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> [ehabkost: fixed typo, fixed error_setg() format string] Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-01-19numa: fix missing '-numa cpu' in '-help' outputIgor Mammedov
commit 419fcdec3c (numa: add '-numa cpu,...' option for property based node mapping) added '-numa cpu' option but forgot to update appropriate section for '--help'. Add '-numa cpu' description to '-help' output Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <1511880838-56509-1-git-send-email-imammedo@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-01-19qemu-options: document memory-backend-ramStefan Hajnoczi
The documentation should mention -object memory-backend-ram. Suggested-by: Yumei Huang <yuhuang@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20171128161529.3025-3-stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-01-19qemu-options: document missing memory-backend-file optionsStefan Hajnoczi
This patch adds undocumented memory-backend-file options to the documentation. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20171128161529.3025-2-stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2018-01-08Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block layer patches # gpg: Signature made Fri 22 Dec 2017 14:09:01 GMT # gpg: using RSA key 0x7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: (35 commits) block: Keep nodes drained between reopen_queue/multiple commit: Simplify reopen of base test-bdrv-drain: Test graph changes in drained section block: Allow graph changes in subtree drained section test-bdrv-drain: Recursive draining with multiple parents test-bdrv-drain: Test behaviour in coroutine context test-bdrv-drain: Tests for bdrv_subtree_drain block: Add bdrv_subtree_drained_begin/end() block: Don't notify parents in drain call chain test-bdrv-drain: Test nested drain sections block: Nested drain_end must still call callbacks block: Don't block_job_pause_all() in bdrv_drain_all() test-bdrv-drain: Test drain vs. block jobs blockjob: Pause job on draining any job BDS test-bdrv-drain: Test bs->quiesce_counter test-bdrv-drain: Test callback for bdrv_drain block: Make bdrv_drain() driver callbacks non-recursive block: Assert drain_all is only called from main AioContext block: Remove unused bdrv_requests_pending block: Mention -drive cyls/heads/secs/trans/serial/addr in deprecation chapter ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-01-08Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream-hvf' into ↵Peter Maydell
staging Initial support for the HVF accelerator # gpg: Signature made Sat 23 Dec 2017 07:51:18 GMT # gpg: using RSA key 0xBFFBD25F78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream-hvf: i386: hvf: cleanup x86_gen.h i386: hvf: remove VM_PANIC from "in" i386: hvf: remove addr_t i386: hvf: simplify flag handling i386: hvf: abort on decoding error i386: hvf: remove ZERO_INIT macro i386: hvf: remove more dead emulator code i386: hvf: unify register enums between HVF and the rest i386: hvf: header cleanup i386: hvf: move all hvf files in the same directory i386: hvf: inject General Protection Fault when vmexit through vmcall i386: hvf: refactor event injection code for hvf i386: hvf: implement vga dirty page tracking i386: refactor KVM cpuid code so that it applies to hvf as well i386: hvf: implement hvf_get_supported_cpuid i386: hvf: use new helper functions for put/get xsave i386: hvf: fix licensing issues; isolate task handling code (GPL v2-only) i386: hvf: add code base from Google's QEMU repository apic: add function to apic that will be used by hvf Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-22block: Remove the deprecated -hdachs optionThomas Huth
It's been marked as deprecated since QEMU v2.10.0, and so far nobody complained that we should keep it, so let's remove this legacy option now to simplify the code quite a bit. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-12-22i386: hvf: add code base from Google's QEMU repositorySergio Andres Gomez Del Real
This file begins tracking the files that will be the code base for HVF support in QEMU. This code base is part of Google's QEMU version of their Android emulator, and can be found at https://android.googlesource.com/platform/external/qemu/+/emu-master-dev This code is based on Veertu Inc's vdhh (Veertu Desktop Hosted Hypervisor), found at https://github.com/veertuinc/vdhh. Everything is appropriately licensed under GPL v2-or-later, except for the code inside x86_task.c and x86_task.h, which, deriving from KVM (the Linux kernel), is licensed GPL v2-only. This code base already implements a very great deal of functionality, although Google's version removed from Vertuu's the support for APIC page and hyperv-related stuff. According to the Android Emulator Release Notes, Revision 26.1.3 (August 2017), "Hypervisor.framework is now enabled by default on macOS for 32-bit x86 images to improve performance and macOS compatibility", although we better use with caution for, as the same Revision warns us, "If you experience issues with it specifically, please file a bug report...". The code hasn't seen much update in the last 5 months, so I think that we can further develop the code with occasional visiting Google's repository to see if there has been any update. On top of Google's code, the following changes were made: - add code to the configure script to support the --enable-hvf argument. If the OS is Darwin, it checks for presence of HVF in the system. The patch also adds strings related to HVF in the file qemu-options.hx. QEMU will only support the modern syntax style '-M accel=hvf' no enable hvf; the legacy '-enable-hvf' will not be supported. - fix styling issues - add glue code to cpus.c - move HVFX86EmulatorState field to CPUX86State, changing the the emulation functions to have a parameter with signature 'CPUX86State *' instead of 'CPUState *' so we don't have to get the 'env'. Signed-off-by: Sergio Andres Gomez Del Real <Sergio.G.DelReal@gmail.com> Message-Id: <20170913090522.4022-2-Sergio.G.DelReal@gmail.com> Message-Id: <20170913090522.4022-3-Sergio.G.DelReal@gmail.com> Message-Id: <20170913090522.4022-5-Sergio.G.DelReal@gmail.com> Message-Id: <20170913090522.4022-6-Sergio.G.DelReal@gmail.com> Message-Id: <20170905035457.3753-7-Sergio.G.DelReal@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-22qemu-doc: The "-net nic" option can be used with "netdev=...", tooThomas Huth
Looks like we missed to document that it is also possible to specify a netdev with "-net nic" - which is very useful if you want to configure your on-board NIC to use a backend that has been specified with "-netdev". Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-12-21Remove legacy -no-kvm-pit optionThomas Huth
It's only printing a warning since QEMU v1.3.0, so nobody should use this anymore today. Let's get rid of this now. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1513619065-31722-1-git-send-email-thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-12-20qemu-options: Belatedly document --watchdog-action inject-nmiMarkus Armbruster
Missed in commit 795dc6e46d, v2.4.0. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20171002140307.5292-9-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-12-20qemu-options: Polish section "Character device options"Markus Armbruster
Cc: Paolo Bonzini <pbonzini@redhat.com> CC: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20171002140307.5292-8-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-12-20qemu-options: Polish section "TPM device options"Markus Armbruster
Cc: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20171002140307.5292-7-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-12-20qemu-options: Add missing -iscsi Texinfo documentationMarkus Armbruster
Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com> Cc: Kevin Wolf <kwolf@redhat.com> Cc: Max Reitz <mreitz@redhat.com> Cc: qemu-block@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20171002140307.5292-6-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
2017-12-20qemu-options: Move -iscsi under "Block device options"Markus Armbruster
-iscsi ended up under the "Device URL Syntax" heading by a sequence of errors, as explained in the previous commit. Move it under the "Block device options" heading. Nothing left under "Device URL Syntax"; drop the heading. Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com> Cc: Kevin Wolf <kwolf@redhat.com> Cc: Max Reitz <mreitz@redhat.com> Cc: qemu-block@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20171002140307.5292-5-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
2017-12-20qemu-options qemu-doc: Move "Device URL Syntax" to qemu-docMarkus Armbruster
Commit 0f5314a (v1.0) added section "Device URL Syntax" to qemu-options.hx. It's enclosed in STEXI..ETEXI, thus affects only qemu-options.texi, not --help. It appears as a subsection under section "Invocation". Similarly, qemu.1 has it as a subsection under "OPTIONS". Commit f9dadc9 (v1.1.0) dropped new option -iscsi into the middle of this section. No effect on qemu-options.texi. It appears in --help run together with the "Bluetooth(R) options:" header. Commit c70a01e (v1.5.0) gives it is own heading in --help by moving commit 0f5314a's DEFHEADING(Device URL Syntax:) outside STEXI..ETEXI. Trouble is the heading makes no sense for -iscsi. Move all of the "Device URL Syntax" Texinfo to qemu-doc.texi. Mark it for inclusion in qemu.1 with '@c man begin NOTES'. This turns it into a separate section outside the list of options both in qemu-doc and in qemu.1. There's substantial overlap with the existing qemu-doc section "Disk Images". Mark with a TODO comment. Output of --help will be fixed next. Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com> Cc: Kevin Wolf <kwolf@redhat.com> Cc: Max Reitz <mreitz@redhat.com> Cc: qemu-block@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20171002140307.5292-4-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> [Unwanted @node dropped]
2017-12-20qemu-options: Fix markup of -netdev l2tpv3Markus Armbruster
The table of option parameters lacks @table and @end table. The parameters become items in the enclosing table of options. Screwed up when l2tpv3 was added in commit 3fb69aa. Fix the obvious way. Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20171002140307.5292-3-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-12-20qemu-options: Remove stray colons from output of --helpMarkus Armbruster
Commit 43f187a broke --help: it put colons into blank lines. It removed the colon from DEFHEADING(TITLE:) and added it back in the macro expansion of DEFHEADING(TITLE), so hxtool can emit "@subsection TITLE" more easily. Trouble is it's added back even for the blank lines made with DEFHEADING(). Put the colons back where they were before commit 43f187a, and strip them in hxtool instead. Cc: Paolo Bonzini <pbonzini@redhat.com> CC: qemu-stable@nongnu.org Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20171002140307.5292-2-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2017-12-18Document pretty parameter for mon optionVicente Jimenez Aguilar
Documentation: document pretty parameter for mon option that turns on JSON pretty printing Signed-off-by: Vicente Jimenez Aguilar <googuy@gmail.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2017-12-14s390x: deprecate s390-squash-mcss machine propHalil Pasic
With the cssids unrestricted (commit "s390x/css: unrestrict cssids") the s390-squash-mcss machine property should not be used. Actually Libvirt never supported this, so the expectation is that removing it should be pretty painless. But let's play nice and deprecate it first. Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com> Message-Id: <20171206144438.28908-3-pasic@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2017-11-27qemu-options: Mention locking option of file driverFam Zheng
Signed-off-by: Fam Zheng <famz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-11-20Revert "Add new PCI ID for i82559a"Jason Wang
This reverts commit 5e89dc01133f8f5e621f6b66b356c6f37d31dafb since: - we should use ID in the spec instead the one used by OEM - in the future, we should allow changing id through either property or EEPROM file. Cc: Stefan Weil <sw@weilnetz.de> Cc: Michael Nawrocki <michael.nawrocki@gtri.gatech.edu> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-11-13Add new PCI ID for i82559aMike Nawrocki
Adds a new PCI ID for the i82559a (0x8086 0x1030) interface. The "x-use-alt-device-id" property controls whether this new ID is to be used, and is true by default, and set to false in a compat entry. Signed-off-by: Mike Nawrocki <michael.nawrocki@gtri.gatech.edu> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-10-13tpm: Added support for TPM emulatorAmarnath Valluri
This change introduces a new TPM backend driver that can communicate with swtpm(software TPM emulator) using unix domain socket interface. QEMU talks to the TPM emulator using QEMU's socket-based chardev backend device. Swtpm uses two Unix sockets for communications, one for plain TPM commands and responses, and one for out-of-band control messages. QEMU passes the data socket to be used over the control channel. The swtpm and associated tools can be found here: https://github.com/stefanberger/swtpm The swtpm's control channel protocol specification can be found here: https://github.com/stefanberger/swtpm/wiki/Control-Channel-Specification Usage: # setup TPM state directory mkdir /tmp/mytpm chown -R tss:root /tmp/mytpm /usr/bin/swtpm_setup --tpm-state /tmp/mytpm --createek # Ask qemu to use TPM emulator with given tpm state directory qemu-system-x86_64 \ [...] \ -chardev socket,id=chrtpm,path=/tmp/swtpm-sock \ -tpmdev emulator,id=tpm0,chardev=chrtpm \ -device tpm-tis,tpmdev=tpm0 \ [...] Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2017-10-09qemu-options: Deprecate -nodefconfigEduardo Habkost
Since 2012 (commit ba6212d8 "Eliminate cpus-x86_64.conf file") we have no default config files that would be disabled using -nodefconfig. Update documentation and document -nodefconfig as deprecated. Cc: Markus Armbruster <armbru@redhat.com> Acked-by: Alistair Francis <alistair.francis@xilinx.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20171004030025.7866-3-ehabkost@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-09-26remove trailing whitespace from qemu-options.hxMichael Tokarev
Remove trailing whitespace in qemu-options documentation, as it causes reproducibility issues depending on the echo implementation used by the Makefile. Reported-By: Vagrant Cascadian <vagrant@debian.org> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2017-09-19hostmem-file: Add "discard-data" optionEduardo Habkost
The new option can be used to indicate that the file contents can be destroyed and don't need to be flushed to disk when QEMU exits or when the memory backend object is removed. Internally, it will trigger a madvise(MADV_REMOVE) call when the memory backend is removed. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20170824192315.5897-4-ehabkost@redhat.com> [ehabkost: fixup: improved documentation] Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Tested-by: Zack Cornelius <zack.cornelius@kove.net> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2017-09-15seccomp: add resourcecontrol argument to command lineEduardo Otubo
This patch adds [,resourcecontrol=deny] to `-sandbox on' option. It blacklists all process affinity and scheduler priority system calls to avoid any bigger of the process. Signed-off-by: Eduardo Otubo <otubo@redhat.com>
2017-09-15seccomp: add spawn argument to command lineEduardo Otubo
This patch adds [,spawn=deny] argument to `-sandbox on' option. It blacklists fork and execve system calls, avoiding Qemu to spawn new threads or processes. Signed-off-by: Eduardo Otubo <otubo@redhat.com>
2017-09-15seccomp: add elevateprivileges argument to command lineEduardo Otubo
This patch introduces the new argument [,elevateprivileges=allow|deny|children] to the `-sandbox on'. It allows or denies Qemu process to elevate its privileges by blacklisting all set*uid|gid system calls. The 'children' option will let forks and execves run unprivileged. Signed-off-by: Eduardo Otubo <otubo@redhat.com>
2017-09-15seccomp: add obsolete argument to command lineEduardo Otubo
This patch introduces the argument [,obsolete=allow] to the `-sandbox on' option. It allows Qemu to run safely on old system that still relies on old system calls. Signed-off-by: Eduardo Otubo <otubo@redhat.com>
2017-08-01qemu-options: document existance of versioned machine typesDaniel P. Berrange
The -machine docs did not explain what the versioned machine types are for, nor that they'll be maintained across releases. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <20170725141041.1195-1-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-07-18Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Mon 17 Jul 2017 13:17:17 BST # gpg: using RSA key 0xEF04965B398D6211 # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211 * remotes/jasowang/tags/net-pull-request: virtio-net: fix offload ctrl endian virtion-net: Prefer is_power_of_2() docs/colo-proxy.txt: Update colo-proxy usage of net driver with vnet_header net/filter-rewriter.c: Make filter-rewriter support vnet_hdr_len net/colo-compare.c: Add vnet packet's tcp/udp/icmp compare net/colo.c: Add vnet packet parse feature in colo-proxy net/colo-compare.c: Make colo-compare support vnet_hdr_len net/colo-compare.c: Introduce parameter for compare_chr_send() net/colo.c: Make vnet_hdr_len as packet property net/filter-mirror.c: Add new option to enable vnet support for filter-redirector net/filter-mirror.c: Make filter mirror support vnet support. net/filter-mirror.c: Introduce parameter for filter_send() net/net.c: Add vnet_hdr support in SocketReadState net: Add vnet_hdr_len arguments in NetClientState Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-17Merge remote-tracking branch 'remotes/kraxel/tags/ui-20170717-pull-request' ↵Peter Maydell
into staging ui: vnc and keymap updates for 2.10 # gpg: Signature made Mon 17 Jul 2017 10:38:11 BST # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/ui-20170717-pull-request: keymaps: fr-ca: add missing keys hmp: Update info vnc vnc: Set default kbd delay to 10ms Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-07-17net/filter-rewriter.c: Make filter-rewriter support vnet_hdr_lenZhang Chen
We add the vnet_hdr_support option for filter-rewriter, default is disabled. If you use virtio-net-pci or other driver needs vnet_hdr, please enable it. You can use it for example: -object filter-rewriter,id=rew0,netdev=hn0,queue=all,vnet_hdr_support We get the vnet_hdr_len from NetClientState that make us parse net packet correctly. Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-07-17net/colo-compare.c: Make colo-compare support vnet_hdr_lenZhang Chen
We add the vnet_hdr_support option for colo-compare, default is disabled. If you use virtio-net-pci or other driver needs vnet_hdr, please enable it. You can use it for example: -object colo-compare,id=comp0,primary_in=compare0-0,secondary_in=compare1,outdev=compare_out0,vnet_hdr_support COLO-compare can get vnet header length from filter, Add vnet_hdr_len to struct packet and output packet with the vnet_hdr_len. Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-07-17net/filter-mirror.c: Add new option to enable vnet support for filter-redirectorZhang Chen
We add the vnet_hdr_support option for filter-redirector, default is disabled. If you use virtio-net-pci net driver or other driver needs vnet_hdr, please enable it. Because colo-compare or other modules needs the vnet_hdr_len to parse packet, we add this new option send the len to others. You can use it for example: -object filter-redirector,id=r0,netdev=hn0,queue=tx,outdev=red0,vnet_hdr_support Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-07-17net/filter-mirror.c: Make filter mirror support vnet support.Zhang Chen
We add the vnet_hdr_support option for filter-mirror, default is disabled. If you use virtio-net-pci or other driver needs vnet_hdr, please enable it. You can use it for example: -object filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0,vnet_hdr_support If it has vnet_hdr_support flag, we will change the sending packet format from struct {int size; const uint8_t buf[];} to {int size; int vnet_hdr_len; const uint8_t buf[];}. make other module(like colo-compare) know how to parse net packet correctly. Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2017-07-17vnc: Set default kbd delay to 10msAlexander Graf
The current VNC default keyboard delay is 1ms. With that we're constantly typing faster than the guest receives keyboard events from an XHCI attached USB HID device. The default keyboard delay time in the input layer however is 10ms. I don't know how that number came to be, but empirical tests on some OpenQA driven ARM systems show that 10ms really is a reasonable default number for the delay. This patch moves the VNC delay also to 10ms. That way our default is much safer (good!) and also consistent with the input layer default (also good!). Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 1499863425-103133-1-git-send-email-agraf@suse.de Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-07-11tests: Avoid non-portable 'echo -ARG'Eric Blake
POSIX says that backslashes in the arguments to 'echo', as well as any use of 'echo -n' and 'echo -e', are non-portable; it recommends people should favor 'printf' instead. This is definitely true where we do not control which shell is running (such as in makefile snippets or in documentation examples). But even for scripts where we require bash (and therefore, where echo does what we want by default), it is still possible to use 'shopt -s xpg_echo' to change bash's behavior of echo. And setting a good example never hurts when we are not sure if a snippet will be copied from a bash-only script to a general shell script (although I don't change the use of non-portable \e for ESC when we know the running shell is bash). Replace 'echo -n "..."' with 'printf %s "..."', and 'echo -e "..."' with 'printf %b "...\n"', with the optimization that the %s/%b argument can be omitted if the string being printed is a strict literal with no '%', '$', or '`' (we could technically also make this optimization when there are $ or `` substitutions but where we can prove their results will not be problematic, but proving that such substitutions are safe makes the patch less trivial compared to just being consistent). In the qemu-iotests check script, fix unusual shell quoting that would result in word-splitting if 'date' outputs a space. In test 051, take an opportunity to shorten the line. In test 068, get rid of a pointless second invocation of bash. CC: qemu-trivial@nongnu.org Signed-off-by: Eric Blake <eblake@redhat.com> Message-id: 20170703180950.9895-1-eblake@redhat.com Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-07-10doc: add item for "-M enforce-config-section"Peter Xu
It's never documented, and now we have one more parameter for it (which obsoletes this one). Document it properly. Suggested-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <1499396048-21657-1-git-send-email-peterx@redhat.com> Reviewed-by: Greg Kurz <groug@kaod.org> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Removed 'Although now' commit message as per Eduardo's review
2017-07-10blockdev: Print a warning for legacy drive options that belong to -deviceThomas Huth
We likely do not want to carry these legacy -drive options along forever. Let's emit a deprecation warning for the -drive options that have a replacement with the -device option, so that the (hopefully few) remaining users are aware of this and can adapt their scripts / behaviour accordingly. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2017-06-299pfs: local: Add support for custom fmode/dmode in 9ps mapped security modesTobias Schramm
In mapped security modes, files are created with very restrictive permissions (600 for files and 700 for directories). This makes file sharing between virtual machines and users on the host rather complicated. Imagine eg. a group of users that need to access data produced by processes on a virtual machine. Giving those users access to the data will be difficult since the group access mode is always 0. This patch makes the default mode for both files and directories configurable. Existing setups that don't know about the new parameters keep using the current secure behavior. Signed-off-by: Tobias Schramm <tobleminer@gmail.com> Signed-off-by: Greg Kurz <groug@kaod.org>
2017-06-26doc: Document driver-specific -blockdev optionsKevin Wolf
This documents the driver-specific options for the raw, qcow2 and file block drivers for the man page. For everything else, we refer to the QAPI documentation. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>
2017-06-26doc: Document generic -blockdev optionsKevin Wolf
This adds documentation for the -blockdev options that apply to all nodes independent of the block driver used. All options that are shared by -blockdev and -drive are now explained in the section for -blockdev. The documentation of -drive mentions that all -blockdev options are accepted as well. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com>