aboutsummaryrefslogtreecommitdiff
path: root/qemu-options.hx
AgeCommit message (Collapse)Author
2016-01-26char: introduce support for TLS encrypted TCP chardev backendDaniel P. Berrange
This integrates support for QIOChannelTLS object in the TCP chardev backend. If the 'tls-creds=NAME' option is passed with the '-chardev tcp' argument, then it will setup the chardev such that the client is required to establish a TLS handshake when connecting. There is no support for checking the client certificate against ACLs in this initial patch. This is pending work to QOM-ify the ACL object code. A complete invocation to run QEMU as the server for a TLS encrypted serial dev might be $ qemu-system-x86_64 \ -nodefconfig -nodefaults -device sga -display none \ -chardev socket,id=s0,host=127.0.0.1,port=9000,tls-creds=tls0,server \ -device isa-serial,chardev=s0 \ -object tls-creds-x509,id=tls0,endpoint=server,verify-peer=off,\ dir=/home/berrange/security/qemutls To test with the gnutls-cli tool as the client: $ gnutls-cli --priority=NORMAL -p 9000 \ --x509cafile=/home/berrange/security/qemutls/ca-cert.pem \ 127.0.0.1 If QEMU was told to use 'anon' credential type, then use the priority string 'NORMAL:+ANON-DH' with gnutls-cli Alternatively, if setting up a chardev to operate as a client, then the TLS credentials registered must be for the client endpoint. First a TLS server must be setup, which can be done with the gnutls-serv tool $ gnutls-serv --priority=NORMAL -p 9000 --echo \ --x509cafile=/home/berrange/security/qemutls/ca-cert.pem \ --x509certfile=/home/berrange/security/qemutls/server-cert.pem \ --x509keyfile=/home/berrange/security/qemutls/server-key.pem Then QEMU can connect with $ qemu-system-x86_64 \ -nodefconfig -nodefaults -device sga -display none \ -chardev socket,id=s0,host=127.0.0.1,port=9000,tls-creds=tls0 \ -device isa-serial,chardev=s0 \ -object tls-creds-x509,id=tls0,endpoint=client,\ dir=/home/berrange/security/qemutls Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1453202071-10289-5-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-01-15qemu-char: add logfile facility to all chardev backendsDaniel P. Berrange
Typically a UNIX guest OS will log boot messages to a serial port in addition to any graphical console. An admin user may also wish to use the serial port for an interactive console. A virtualization management system may wish to collect system boot messages by logging the serial port, but also wish to allow admins interactive access. Currently providing such a feature forces the mgmt app to either provide 2 separate serial ports, one for logging boot messages and one for interactive console login, or to proxy all output via a separate service that can multiplex the two needs onto one serial port. While both are valid approaches, they each have their own downsides. The former causes confusion and extra setup work for VM admins creating disk images. The latter places an extra burden to re-implement much of the QEMU chardev backends logic in libvirt or even higher level mgmt apps and adds extra hops in the data transfer path. A simpler approach that is satisfactory for many use cases is to allow the QEMU chardev backends to have a "logfile" property associated with them. $QEMU -chardev socket,host=localhost,port=9000,\ server=on,nowait,id-charserial0,\ logfile=/var/log/libvirt/qemu/test-serial0.log -device isa-serial,chardev=charserial0,id=serial0 This patch introduces a 'ChardevCommon' struct which is setup as a base for all the ChardevBackend types. Ideally this would be registered directly as a base against ChardevBackend, rather than each type, but the QAPI generator doesn't allow that since the ChardevBackend is a non-discriminated union. The ChardevCommon struct provides the optional 'logfile' parameter, as well as 'logappend' which controls whether QEMU truncates or appends (default truncate). Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1452516281-27519-1-git-send-email-berrange@redhat.com> [Call qemu_chr_parse_common if cd->parse is NULL. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-12-22nvdimm acpi: build ACPI NFIT tableXiao Guangrong
NFIT is defined in ACPI 6.0: 5.2.25 NVDIMM Firmware Interface Table (NFIT) Currently, we only support PMEM mode. Each device has 3 structures: - SPA structure, defines the PMEM region info - MEM DEV structure, it has the @handle which is used to associate specified ACPI NVDIMM device we will introduce in later patch. Also we can happily ignored the memory device's interleave, the real nvdimm hardware access is hidden behind host - DCR structure, it defines vendor ID used to associate specified vendor nvdimm driver. Since we only implement PMEM mode this time, Command window and Data window are not needed The NVDIMM functionality is controlled by the parameter, 'nvdimm', which is introduced for the machine, there is a example to enable it: -machine pc,nvdimm -m 8G,maxmem=100G,slots=100 -object \ memory-backend-file,id=mem1,share,mem-path=/tmp/nvdimm1,size=10G -device \ nvdimm,memdev=mem1,id=nv1 It is disabled on default Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-22ipmi: Add documentationCorey Minyard
Add some basic documentation for the IPMI device. Signed-off-by: Corey Minyard <cminyard@mvista.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-12-18crypto: add support for loading encrypted x509 keysDaniel P. Berrange
Make use of the QCryptoSecret object to support loading of encrypted x509 keys. The optional 'passwordid' parameter to the tls-creds-x509 object type, provides the ID of a secret object instance that holds the decryption password for the PEM file. # printf "123456" > mypasswd.txt # $QEMU \ -object secret,id=sec0,filename=mypasswd.txt \ -object tls-creds-x509,passwordid=sec0,id=creds0,\ dir=/home/berrange/.pki/qemu,endpoint=server \ -vnc :1,tls-creds=creds0 This requires QEMU to be linked to GNUTLS >= 3.1.11. If GNUTLS is too old an error will be reported if an attempt is made to pass a decryption password. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-18crypto: add QCryptoSecret object class for password/key handlingDaniel P. Berrange
Introduce a new QCryptoSecret object class which will be used for providing passwords and keys to other objects which need sensitive credentials. The new object can provide secret values directly as properties, or indirectly via a file. The latter includes support for file descriptor passing syntax on UNIX platforms. Ordinarily passing secret values directly as properties is insecure, since they are visible in process listings, or in log files showing the CLI args / QMP commands. It is possible to use AES-256-CBC to encrypt the secret values though, in which case all that is visible is the ciphertext. For ad hoc developer testing though, it is fine to provide the secrets directly without encryption so this is not explicitly forbidden. The anticipated scenario is that libvirtd will create a random master key per QEMU instance (eg /var/run/libvirt/qemu/$VMNAME.key) and will use that key to encrypt all passwords it provides to QEMU via '-object secret,....'. This avoids the need for libvirt (or other mgmt apps) to worry about file descriptor passing. It also makes life easier for people who are scripting the management of QEMU, for whom FD passing is significantly more complex. Providing data inline (insecure, only for ad hoc dev testing) $QEMU -object secret,id=sec0,data=letmein Providing data indirectly in raw format printf "letmein" > mypasswd.txt $QEMU -object secret,id=sec0,file=mypasswd.txt Providing data indirectly in base64 format $QEMU -object secret,id=sec0,file=mykey.b64,format=base64 Providing data with encryption $QEMU -object secret,id=master0,file=mykey.b64,format=base64 \ -object secret,id=sec0,data=[base64 ciphertext],\ keyid=master0,iv=[base64 IV],format=base64 Note that 'format' here refers to the format of the ciphertext data. The decrypted data must always be in raw byte format. More examples are shown in the updated docs. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-12-17kvm: add support for -machine kernel_irqchip=splitMatt Gingell
This patch adds the initial plumbing for split IRQ chip mode via KVM_CAP_SPLIT_IRQCHIP. In addition to option processing, a number of kvm_*_in_kernel macros are defined to help clarify which component is where. Signed-off-by: Matt Gingell <gingell@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-11-06replay: command line optionsPavel Dovgalyuk
This patch introduces command line options for enabling recording or replaying virtual machine behavior. These options are added to icount command line parameter. They include 'rr' which switches between record and replay and 'rrfile' for specifying the filename for replay log. Signed-off-by: Pavel Dovgalyuk <pavel.dovgaluk@ispras.ru> Message-Id: <20150917162518.8676.70792.stgit@PASHA-ISP.def.inno> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru>
2015-10-27options: Add documentation for filter-dumpThomas Huth
Add a short description for the filter-dump command line options. Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-10-19fw_cfg: insert string blobs via qemu cmdlineGabriel L. Somlo
Allow users to provide custom fw_cfg blobs with ascii string payloads specified directly on the qemu command line. Suggested-by: Jordan Justen <jordan.l.justen@intel.com> Suggested-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Message-id: 1443544141-26568-1-git-send-email-somlo@cmu.edu Reviewd-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-10-12netfilter: add a netbuffer filterYang Hongyang
This filter is to buffer/release packets. Can be used when using MicroCheckpointing or other Remus like VM FT solutions. You can also use it to crudely simulate network delay. Doesn't actually delay individual packets, but batches them together, which is a delay of sorts. Usage: -netdev tap,id=bn0 -object filter-buffer,id=f0,netdev=bn0,queue=rx,interval=1000 NOTE: Interval is in microseconds, it can't be omitted currently, and can't be 0. Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2015-09-24vhost-user: add multiple queue supportChangchun Ouyang
This patch is initially based a patch from Nikolay Nikolaev. This patch adds vhost-user multiple queue support, by creating a nc and vhost_net pair for each queue. Qemu exits if find that the backend can't support the number of requested queues (by providing queues=# option). The max number is queried by a new message, VHOST_USER_GET_QUEUE_NUM, and is sent only when protocol feature VHOST_USER_PROTOCOL_F_MQ is present first. The max queue check is done at vhost-user initiation stage. We initiate one queue first, which, in the meantime, also gets the max_queues the backend supports. In older version, it was reported that some messages are sent more times than necessary. Here we came an agreement with Michael that we could categorize vhost user messages to 2 types: non-vring specific messages, which should be sent only once, and vring specific messages, which should be sent per queue. Here I introduced a helper function vhost_user_one_time_request(), which lists following messages as non-vring specific messages: VHOST_USER_SET_OWNER VHOST_USER_RESET_DEVICE VHOST_USER_SET_MEM_TABLE VHOST_USER_GET_QUEUE_NUM For above messages, we simply ignore them when they are not sent the first time. Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com> Signed-off-by: Changchun Ouyang <changchun.ouyang@intel.com> Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Yuanhan Liu <yuanhan.liu@linux.intel.com> Reviewed-by: Jason Wang <jasowang@redhat.com> Tested-by: Marcel Apfelbaum <marcel@redhat.com>
2015-09-15ui: convert VNC server to use QCryptoTLSSessionDaniel P. Berrange
Switch VNC server over to using the QCryptoTLSSession object for the TLS session. This removes the direct use of gnutls from the VNC server code. It also removes most knowledge about TLS certificate handling from the VNC server code. This has the nice effect that all the CONFIG_VNC_TLS conditionals go away and the user gets an actual error message when requesting TLS instead of it being silently ignored. With this change, the existing configuration options for enabling TLS with -vnc are deprecated. Old syntax for anon-DH credentials: -vnc hostname:0,tls New syntax: -object tls-creds-anon,id=tls0,endpoint=server \ -vnc hostname:0,tls-creds=tls0 Old syntax for x509 credentials, no client certs: -vnc hostname:0,tls,x509=/path/to/certs New syntax: -object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \ -vnc hostname:0,tls-creds=tls0 Old syntax for x509 credentials, requiring client certs: -vnc hostname:0,tls,x509verify=/path/to/certs New syntax: -object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \ -vnc hostname:0,tls-creds=tls0 This aligns VNC with the way TLS credentials are to be configured in the future for chardev, nbd and migration backends. It also has the benefit that the same TLS credentials can be shared across multiple VNC server instances, if desired. If someone uses the deprecated syntax, it will internally result in the creation of a 'tls-creds' object with an ID based on the VNC server ID. This allows backwards compat with the CLI syntax, while still deleting all the original TLS code from the VNC server. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-09-15crypto: introduce new module for TLS x509 credentialsDaniel P. Berrange
Introduce a QCryptoTLSCredsX509 class which is used to manage x509 certificate TLS credentials. This will be the preferred credential type offering strong security characteristics Example CLI configuration: $QEMU -object tls-creds-x509,id=tls0,endpoint=server,\ dir=/path/to/creds/dir,verify-peer=yes The 'id' value in the -object args will be used to associate the credentials with the network services. For example, when the VNC server is later converted it would use $QEMU -object tls-creds-x509,id=tls0,.... \ -vnc 127.0.0.1:1,tls-creds=tls0 Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-09-15crypto: introduce new module for TLS anonymous credentialsDaniel P. Berrange
Introduce a QCryptoTLSCredsAnon class which is used to manage anonymous TLS credentials. Use of this class is generally discouraged since it does not offer strong security, but it is required for backwards compatibility with the current VNC server implementation. Simple example CLI configuration: $QEMU -object tls-creds-anon,id=tls0,endpoint=server Example using pre-created diffie-hellman parameters $QEMU -object tls-creds-anon,id=tls0,endpoint=server,\ dir=/path/to/creds/dir The 'id' value in the -object args will be used to associate the credentials with the network services. For example, when the VNC server is later converted it would use $QEMU -object tls-creds-anon,id=tls0,.... \ -vnc 127.0.0.1:1,tls-creds=tls0 Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-09-11help: dd missing newlineLaurent Vivier
Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11maint: remove / fix many doubled wordsDaniel P. Berrange
Many source files have doubled words (eg "the the", "to to", and so on). Most of these can simply be removed, but a couple were actual mis-spellings (eg "to to" instead of "to do"). There was even one triple word score "to to to" :-) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-10xen, gfx passthrough: basic graphics passthrough supportTiejun Chen
basic gfx passthrough support: - add a vga type for gfx passthrough - register/unregister legacy VGA I/O ports and MMIOs for passthrough GFX Signed-off-by: Tiejun Chen <tiejun.chen@intel.com> Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-07smbios: implement smbios support for mach-virtWei Huang
This patch generates smbios tables for ARM mach-virt. Also add CONFIG_SMBIOS=y for ARM default config. Acked-by: Gabriel Somlo <somlo@cmu.edu> Tested-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Shannon Zhao <shannon.zhao@linaro.org> Tested-by: Leif Lindholm <leif.lindholm@linaro.org> Signed-off-by: Wei Huang <wei@redhat.com> Message-id: 1440615870-9518-3-git-send-email-wei@redhat.com [PMM: Added missing braces around an if().] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-07-24qemu-doc: fix typosGonglei
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Message-Id: <1435917057-9396-1-git-send-email-arei.gonglei@huawei.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-20Revert "vhost-user: add multi queue support"Michael S. Tsirkin
This reverts commit 830d70db692e374b55555f4407f96a1ceefdcc97. The interface isn't fully backwards-compatible, which is bad. Let's redo this properly after 2.4. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-07-02block/iscsi: restore compatiblity with libiscsi 1.9.0Peter Lieven
RHEL7 and others are stuck with libiscsi 1.9.0 since there unfortunately was an ABI breakage after that release. Signed-off-by: Peter Lieven <pl@kamp.de> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 1435313881-19366-1-git-send-email-pl@kamp.de Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-07-02block/iscsi: add support for request timeoutsPeter Lieven
libiscsi starting with 1.15 will properly support timeout of iscsi commands. The default will remain no timeout, but this can be changed via cmdline parameters, e.g.: qemu -iscsi timeout=30 -drive file=iscsi://... If a timeout occurs a reconnect is scheduled and the timed out command will be requeued for processing after a successful reconnect. The required API call iscsi_set_timeout is present since libiscsi 1.10 which was released in October 2013. However, due to some bugs in the libiscsi code the use is not recommended before version 1.15. Please note that this patch bumps the libiscsi requirement to 1.10 to have all function and macros defined. The patch fixes also a off-by-one error in the NOP timeout calculation which was fixed while touching these code parts. Signed-off-by: Peter Lieven <pl@kamp.de> Message-id: 1434455107-19328-1-git-send-email-pl@kamp.de Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-06-26target-mips: add Unified Hosting Interface (UHI) supportLeon Alrae
Add UHI semihosting support for MIPS. QEMU run with "-semihosting" option will alter the behaviour of SDBBP 1 instruction -- UHI operation will be called instead of generating a debug exception. Also tweak Malta's pseudo-bootloader. On CPU reset the $4 register is set to -1 if semihosting arguments are passed to indicate that the UHI operations should be used to obtain input arguments. Signed-off-by: Leon Alrae <leon.alrae@imgtec.com> Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
2015-06-23qemu-options: Use @itemx where appropriateMarkus Armbruster
Doesn't appear to make a difference, but let's use it consistently. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-23qemu-options: Improve -global documentationMarkus Armbruster
Recent commit 3751d7c "vl: allow full-blown QemuOpts syntax for -global" overloaded its existing argument syntax DRIVER.PROP=VALUE with QemuOpts syntax. Unambigious as long as no DRIVER contains '='. Its documentation claims that "the two syntaxes are equivalent." Improve it to spell out how exactly the old syntax gets desugared into the new one. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-22Merge remote-tracking branch 'remotes/afaerber/tags/qom-devices-for-peter' ↵Peter Maydell
into staging QOM infrastructure fixes and device conversions * Changes to name string ownership for alias properties * Improvements around enum properties * Cleanups around -object handling * New helper functions * Cleanups of qdev init helper functions * Add path argument to qom-tree script * QTest cleanup to use new qtest_add_data_func() consistently # gpg: Signature made Fri Jun 19 18:14:38 2015 BST using RSA key ID 3E7E013F # gpg: Good signature from "Andreas Färber <afaerber@suse.de>" # gpg: aka "Andreas Färber <afaerber@suse.com>" * remotes/afaerber/tags/qom-devices-for-peter: qdev: Un-deprecate qdev_init_nofail() qdev: Deprecated qdev_init() is finally unused, drop qom: Don't pass string table to object_get_enum() function qom: Add an object_property_add_enum() helper function qom: Make enum string tables const-correct qom: Add object_new_with_props() / object_new_withpropv() helpers qom: Add helper function for getting user objects root vl: Create (most) objects before creating chardev backends doc: Document user creatable object types in help text backends: Fix typename of 'policy' enum property in hostmem obj scripts: Add support for path as argument of qom-tree tests: Use qtest_add_data_func() consistently qdev: Free property names after registering gpio aliases qom: strdup() target property name on object_property_add_alias() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-19doc: Document user creatable object types in help textDaniel P. Berrange
The QEMU help for -object is essentially useless, just giving users the generic syntax. Move it down into its own section and introduce a nested table where each user creatable object can be documented. The existing memory-backend-file, rng-random and rng-egd object types are documented. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Andreas Färber <afaerber@suse.de>
2015-06-19semihosting: add --semihosting-config arg sub-argumentLeon Alrae
Add new "arg" sub-argument to the --semihosting-config allowing the user to pass multiple input arguments separately. It is required for example by UHI semihosting to construct argc and argv. Also, update ARM semihosting to support new option (at the moment it is the only target which cares about arguments). If the semihosting is enabled and no semihosting args have been specified, then fall back to -kernel/-append. The -append string is split on whitespace before initializing semihosting.argv[1..n]; this is different from what QEMU MIPS machines' pseudo-bootloaders do (i.e. argv[1] contains the whole -append), but is more intuitive from UHI user's point of view and Linux kernel just does not care as it concatenates argv[1..n] into single cmdline string anyway. Signed-off-by: Leon Alrae <leon.alrae@imgtec.com> Message-id: 1434643256-16858-3-git-send-email-leon.alrae@imgtec.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-16Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20150615-1' into ↵Peter Maydell
staging virtio-gpu: pci support bits and virtio-vga. # gpg: Signature made Mon Jun 15 13:55:19 2015 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-vga-20150615-1: virtio-vga: add vgabios configuration virtio-vga: add '-vga virtio' support virtio-vga: add virtio gpu device with vga compatibility virtio-gpu-pci: add virtio pci support virtio-gpu: fix error message Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-15Merge remote-tracking branch 'remotes/borntraeger/tags/s390x-20150615' into ↵Peter Maydell
staging s390x/kvm/watchdog 1. Implement a diag288 based watchdog 2. Fix virtio-ccw BIOS for gcc >= 4.9 # gpg: Signature made Mon Jun 15 12:36:25 2015 BST using RSA key ID B5A61C7C # gpg: Good signature from "Christian Borntraeger (IBM) <borntraeger@de.ibm.com>" * remotes/borntraeger/tags/s390x-20150615: s390/bios: build with -fdelete-null-pointer-checks watchdog: Add new Virtual Watchdog action INJECT-NMI nmi: Implement inject_nmi() for non-monitor context use s390x/watchdog: diag288 migration support s390x/kvm: diag288 instruction interception and handling s390x/watchdog: introduce diag288 watchdog device watchdog: change option wording to allow for more watchdogs Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-12throttle: Add throttle group supportAlberto Garcia
The throttle group support use a cooperative round robin scheduling algorithm. The principles of the algorithm are simple: - Each BDS of the group is used as a token in a circular way. - The active BDS computes if a wait must be done and arms the right timer. - If a wait must be done the token timer will be armed so the token will become the next active BDS. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: f0082a86f3ac01c46170f7eafe2101a92e8fde39.1433779731.git.berto@igalia.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-06-12virtio-vga: add '-vga virtio' supportGerd Hoffmann
Some convinience fluff: Add support for '-vga virtio', also add virtio-vga to the list of vga cards so '-device virtio-vga' will turn off the default vga. Written by Dave Airlie and Gerd Hoffmann. Signed-off-by: Dave Airlie <airlied@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-11s390x/watchdog: introduce diag288 watchdog deviceXu Wang
This patch introduces a new diag288 watchdog device that will, just like other watchdogs, monitor a guest and take corresponding actions when it detects that the guest is not responding. diag288 is s390x specific. The wiring to s390x KVM will be done in separate patches. Signed-off-by: Xu Wang <gesaint@linux.vnet.ibm.com> Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> [split out qemu-option.hx base changes]
2015-06-11watchdog: change option wording to allow for more watchdogsXu Wang
We will introduce a new watchdog for s390x. Lets adopt qemu-options.hx to allow more watchdog devices. Signed-off-by: Xu Wang <gesaint@linux.vnet.ibm.com> Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> [split out qemu-option.hx base changes]
2015-06-10fw_cfg: insert fw_cfg file blobs via qemu cmdlineGabriel L. Somlo
Allow user supplied files to be inserted into the fw_cfg device before starting the guest. Since fw_cfg_add_file() already disallows duplicate fw_cfg file names, qemu will exit with an error message if the user supplies multiple blobs with the same fw_cfg file name, or if a blob name collides with a fw_cfg name programmatically added from within the QEMU source code. A warning message will be printed if the fw_cfg item name does not begin with the prefix "opt/", which is recommended for external, user provided blobs. Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-08Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* KVM error improvement from Laurent * CONFIG_PARALLEL fix from Mirek * Atomic/optimized dirty bitmap access from myself and Stefan * BUILD_DIR convenience/bugfix from Peter C * Memory leak fix from Shannon * SMM improvements (though still TCG only) from myself and Gerd, acked by mst # gpg: Signature made Fri Jun 5 18:45:20 2015 BST using RSA key ID 78C7AE83 # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (62 commits) update Linux headers from kvm/next atomics: add explicit compiler fence in __atomic memory barriers ich9: implement SMI_LOCK q35: implement TSEG q35: add test for SMRAM.D_LCK q35: implement SMRAM.D_LCK q35: add config space wmask for SMRAM and ESMRAMC q35: fix ESMRAMC default q35: implement high SMRAM hw/i386: remove smram_update target-i386: use memory API to implement SMRAM hw/i386: add a separate region that tracks the SMRAME bit target-i386: create a separate AddressSpace for each CPU vl: run "late" notifiers immediately qom: add object_property_add_const_link vl: allow full-blown QemuOpts syntax for -global pflash_cfi01: add secure property pflash_cfi01: change to new-style MMIO accessors pflash_cfi01: change big-endian property to BIT type target-i386: wake up processors that receive an SMI ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-08machine: Drop use of DEFAULT_RAM_SIZE in help textAlexander Graf
As of commit 076b35b5a (machine: add default_ram_size to machine class) we no longer have a global default ram size, but instead machine specific defaults. When invoking qemu --help we don't know which machine you selected, so we can't tell the user the default RAM size in the help text anymore now. Thus I don't see an easy way to expose the default ram size to the user in the help text. The easiest option IMHO is to just drop this piece of information. Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com> Signed-off-by: Alexander Graf <agraf@suse.de> Acked-by: Laurent Desnogues <laurent.desnogues@gmail.com> Acked-by: Nikunj A Dadhania <nikunj@linux.vnet.ibm.com> Message-id: 1433495103-62084-1-git-send-email-agraf@suse.de [PMM: rewrapped long commit message lines] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-05vl: allow full-blown QemuOpts syntax for -globalPaolo Bonzini
-global does not work for drivers that have a dot in their name, such as cfi.pflash01. This is just a parsing limitation, because such globals can be declared easily inside a -readconfig file. To allow this usage, support the full QemuOpts key/value syntax for -global too, for example "-global driver=cfi.pflash01,property=secure,value=on". The two formats do not conflict, because the key/value syntax does not have a period before the first equal sign. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-05icount: add sleep parameter to the icount option to set icount_sleep modeVictor CLEMENT
The 'sleep' parameter sets the icount_sleep mode, which is enabled by default. To disable it, add the 'sleep=no' parameter (or 'nosleep') to the qemu -icount option. Signed-off-by: Victor CLEMENT <victor.clement@openwide.fr> Message-Id: <1432912446-9811-3-git-send-email-victor.clement@openwide.fr> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-03Add -incoming help textDr. David Alan Gilbert
The help/man text for -incoming defer didn't make it through the merge of the code that implemented it. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-01vhost-user: add multi queue supportOuyang Changchun
Based on patch by Nikolay Nikolaev: Vhost-user will implement the multi queue support in a similar way to what vhost already has - a separate thread for each queue. To enable the multi queue functionality - a new command line parameter "queues" is introduced for the vhost-user netdev. Signed-off-by: Nikolay Nikolaev <n.nikolaev@virtualopensystems.com> Signed-off-by: Changchun Ouyang <changchun.ouyang@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-05-29hw/arm/virt-acpi-build: Basic framework for building ACPI tables on ARMShannon Zhao
Introduce a preliminary framework in virt-acpi-build.c with the main ACPI build functions. It exposes the generated ACPI contents to guest over fw_cfg. The required ACPI v5.1 tables for ARM are: - RSDP: Initial table that points to XSDT - RSDT: Points to FADT GTDT MADT tables - FADT: Generic information about the machine - GTDT: Generic timer description table - MADT: Multiple APIC description table - DSDT: Holds all information about system devices/peripherals, pointed by FADT Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com> Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-id: 1432522520-8068-5-git-send-email-zhaoshenglong@huawei.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-27net: Change help text to list -netdev instead of -net by defaultThomas Huth
Looking at the output of "qemu-system-xxx -help", you easily get the impression that "-net" is the preferred way instead of "-netdev" to specify host network interface, since the "-net" option is omnipresent but the "-netdev" option is only listed as a one-liner at the end. This is ugly since "-net" is considered as legacy and even might be removed one day. Thus, this patch switches the output to explain the host network interfaces with the "-netdev" option instead, moving the old "-net" option into some few lines at the end. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-id: 1431701904-12230-1-git-send-email-thuth@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-04-30qemu-options: trivial spelling fix (messsage)Michael Tokarev
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Eric Blake <eblake@redhat.com>
2015-03-19Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell
Block patches for 2.3.0-rc1 # gpg: Signature made Thu Mar 19 15:03:26 2015 GMT using RSA key ID C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" * remotes/kevin/tags/for-upstream: block: Fix blockdev-backup not to use funky error class raw-posix: Deprecate aio=threads fallback without O_DIRECT raw-posix: Deprecate host floppy passthrough Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-03-19raw-posix: Deprecate host floppy passthroughMarkus Armbruster
Raise your hand if you have a physical floppy drive in a computer you've powered on in 2015. Okay, I see we got a few weirdos in the audience. That's okay, weirdos are welcome here. Kidding aside, media change detection doesn't fully work, isn't going to be fixed, and floppy passthrough just isn't earning its keep anymore. Deprecate block driver host_floppy now, so we can drop it after a grace period. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-19smbios: add max speed comdline option for type-17 (meory device) structureGabriel L. Somlo
Signed-off-by: Gabriel Somlo <somlo@cmu.edu> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-03-16migration: Allow to suppress vmdesc submissionAlexander Graf
We now always send a JSON blob describing the migration file format as part of the migration stream. However, some tools built around QEMU have proven to stumble over this. This patch gives the user the chance to disable said self-describing part of the migration stream. To disable vmdesc submission, just add -machine suppress-vmdesc=on to your QEMU command line. Signed-off-by: Alexander Graf <agraf@suse.de> Signed-off-by: Juan Quintela <quintela@redhat.com>
2015-03-16s390x: CPACF: Handle key wrap machine optionsTony Krowiak
Check for the aes_key_wrap and dea_key_wrap machine options and set the appropriate KVM device attribute(s) to tell the kernel to enable or disable the AES/DEA protected key functions for the guest domain. This patch introduces two new machine options for indicating the state of AES/DEA key wrapping functions. This controls whether the guest will have access to the AES/DEA crypto functions. aes_key_wrap="on | off" is changed to aes-key-wrap="on | off" dea_key_wrap="on | off" is changed to dea-key-wrap="on | off" Check for the aes-key-wrap and dea-key-wrap machine options and set the appropriate KVM device attribute(s) to tell the kernel to enable or disable the AES/DEA protected key functions for the guest domain. Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com> Signed-off-by: Jens Freimann <jfrei@linux.vnet.ibm.com> Message-Id: <1426164834-38648-4-git-send-email-jfrei@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>