Opening an encrypted image takes an additional step: setting the key.
Between open and the key set, the image must not be used.
We have some protection against accidental use in place: you can't
unpause a guest while we're missing keys. You can, however, hot-plug
block devices lacking keys into a running guest just fine, or insert
media lacking keys. In the latter case, notifying the guest of the
insert is delayed until the key is set, which may suffice to protect
at least some guests in common usage.
This patch makes the protection apply in more cases, in a rather
heavy-handed way: it doesn't let you open encrypted images unless
we're in a paused state.
It doesn't extend the protection to users other than the guest (block
jobs?). Use of runstate_check() from block.c is disgusting. Best I
can do right now.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When running under qtest we don't actually have any vcpu threads
to be starved, so the warning about the I/O thread spinning isn't
relevant, and the way qtest manipulates the simulated clock means
the warning is produced a lot as a false positive. Suppress it if
qtest_enabled(), so 'make check' output is less noisy.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
It does not need qemu-common.h. Including exec/gdbstub.h fixes a warning
from static code analyzers and avoids mismatching declarations for
xml_builtin.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Introduce kvm_arch_irqchip_create an arch-specific hook in preparation
for architecture-specific use of the device control API to create IRQ
chips.
Following patches will implement the ARM irqchip create method to prefer
the device control API over the older KVM_CREATE_IRQCHIP API.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Message-id: 1392687720-26806-3-git-send-email-christoffer.dall@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
# By Liu Ping Fan (3) and Jan Kiszka (1)
# Via Jan Kiszka
* kiszka/queues/slirp:
slirp: clean up slirp_update_timeout
slirp: set mainloop timeout with more precise value
slirp: define timeout as macro
slirp: make timeout local
Message-id: cover.1379415024.git.jan.kiszka@siemens.com
If slirp needs to emulate tcp timeout, then the timeout value
for mainloop should be more precise, which is determined by
slirp's fasttimo or slowtimo. Achieve this by swap the logic
sequence of slirp_pollfds_fill and slirp_update_timeout.
Signed-off-by: Liu Ping Fan <pingfank@linux.vnet.ibm.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
The UUID is unique even across multiple hosts, thus it is
better than a VM name even if it is less user-friendly.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Rearrange timer.h so it is in order by function type.
Make legacy functions call non-legacy functions rather than vice-versa.
Convert cpus.c to use new API.
Signed-off-by: Alex Bligh <alex@alex.org.uk>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Replace the GDB_CORE_XML define in gdbstub.c with a CPUClass field.
Use first_cpu for qSupported and qXfer:features:read: for now.
Add a stub for xml_builtin.
Signed-off-by: Andreas Färber <afaerber@suse.de>
If flushing the block devices fails, return an error. The VM is stopped
anyway.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
This allows to move the call into CPUState's realizefn.
Therefore move the stub into libqemustub.a.
Reviewed-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Make cpustats monitor command available unconditionally.
Prepares for changing kvm_handle_internal_error() and kvm_cpu_exec()
arguments to CPUState.
Signed-off-by: Andreas Färber <afaerber@suse.de>
qmp_dump_guest_memory() calls dump_init() and returns an Error when
cpu_get_dump_info() returns an error, as done by the stub.
So there is no need to have a stub for qmp_dump_guest_memory().
Enable the documentation of the always-present dump-guest-memory command.
That way we can drop CONFIG_HAVE_CORE_DUMP and leave configure
completely out of the picture for target CPU features.
Signed-off-by: Andreas Färber <afaerber@suse.de>
This allows us to drop CONFIG_NO_CORE_DUMP with its indirect dependency
on CONFIG_HAVE_CORE_DUMP.
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Also add a stub for it, to make possible to use it in qom/cpu.c,
which is shared with user emulators.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
The situation with device-hotplug.c is similar to qdev-monitor.c.
Add a stub for pci_drive_hot_add, so that it can be compiled once,
and move it out of hw/.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Slirp uses rfds/wfds/xfds more extensively than other QEMU components.
The rarely-used out-of-band TCP data feature is used. That means we
need the full table of select(2) to g_poll(3) events:
rfds -> G_IO_IN | G_IO_HUP | G_IO_ERR
wfds -> G_IO_OUT | G_IO_ERR
xfds -> G_IO_PRI
I came up with this table by looking at Linux fs/select.c which maps
select(2) to poll(2) internally.
Another detail to watch out for are the global variables that reference
rfds/wfds/xfds during slirp_select_poll(). sofcantrcvmore() and
sofcantsendmore() use these globals to clear fd_set bits. When
sofcantrcvmore() is called, the wfds bit is cleared so that the write
handler will no longer be run for this iteration of the event loop.
This actually seems buggy to me since TCP connections can be half-closed
and we'd still want to handle data in half-duplex fashion. I think the
real intention is to avoid running the read/write handler when the
socket has been fully closed. This is indicated with the SS_NOFDREF
state bit so we now check for it before invoking the TCP write handler.
Note that UDP/ICMP code paths don't care because they are
connectionless.
Note that slirp/ has a lot of tabs and sometimes mixed tabs with spaces.
I followed the style of the surrounding code.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1361356113-11049-6-git-send-email-stefanha@redhat.com
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The stub will be used on cases where sysbus.c is not compiled in (e.g.
*-user).
Note that code that uses NULL as the bus with qdev{_try,}_create()
implicitly uses sysbus_get_default() as the bus, and will still require
sysbus.c to be compiled in.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Add vmstate stub functions, so that qdev.o can be used without savevm.o
when vmstate support is not necessary (i.e. by *-user).
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
This will be useful for code that don't call qemu_devices_reset() (e.g.
*-user). If qemu_devices_reset() is never called, it means we don't need
to keep track of the reset handler list.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Weak symbols were a nice idea, but they turned out not to be a good one.
Toolchain support is just too sparse, in particular llvm-gcc is totally
broken.
This patch uses a surprisingly low-tech approach: a static library.
Symbols in a static library are always overridden by symbols in an
object file. Furthermore, if you place each function in a separate
source file, object files for unused functions will not be taken in.
This means that each function can use all the dependencies that it needs
(especially QAPI stuff such as error_setg).
Thus, all stubs are placed in separate object files and put together in
a static library. The library then is linked to all programs.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>