Commit Graph

94561 Commits

Author SHA1 Message Date
Peter Maydell
33d102e92e update seabios to 1.16.0
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmIl5lAACgkQTLbY7tPo
 cTj1bA/+O0qJpcpCZ2eKuj+IWsfWodovHAWFVVH7tCCmtekO40xetYaKV7oFhw5x
 7CfAtViNqCG1GrgMDMACP932V11FrPFVNQWPbYyIi+zvH7n1Veqe0OzNiGbqW37/
 pAjL3y3d43ydRBa2MZNHv6Jk3VTbdlO3wHElva62zbOmNKa2OfYzQavJgKjP2I6N
 66NmdATpy9XQrMh+vXPi6s5fzlsb239Kzd3MJYIkXKORqg5JuC9pwfMp9mNDwSq7
 PMoDw5G+VLe2jbFIamEa6kkvCbq2v1fwj4DkXAur8OyKDyY0hwef8TVlEhepl4TP
 WOfqP0aRuWBoq+CqrMcg5fgofM2vr5Oo0L6bclxBE8BZd19DvRuWz9qfCXIfpMkF
 LajSGJkLq/nbXv/nAmcWa5rndwaJZt9lwdh3U/aG+1sQYaqv8lRVVALSP7OQJlSo
 exfob4/3NiP8LAlBpIqwDFwheFZEe1wXrqVy0hriD0jSvNJdVkhXFAavX2PEIjxz
 soYDgiHcKGqfiGugVQbxjiNWtUA3LqxASNYGLIiqNCyn7gz1GxcckShO1LK/HAb/
 7eW54U3GCuugTmGo8t2cfO3zg7WXaKIfT1gE5Kwz6TjJFfbJ3XLufo8oWVZRsVnL
 IxlGXyUO8YMyA91QX7YUhiqNIqBzTpQ0Z6q2lK8xKPaqPC/x7Uk=
 =DqL5
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/seabios-20220307-pull-request' into staging

update seabios to 1.16.0

# gpg: Signature made Mon 07 Mar 2022 11:02:40 GMT
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/seabios-20220307-pull-request:
  update seabios binaries to 1.16.0
  update seabios submodule to 1.16.0

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-08 12:40:58 +00:00
Peter Maydell
f45cc81911 9pfs: introduce macOS host support and cleanup
* Add support for Darwin (a.k.a. macOS) hosts.
 
 * Code cleanup (move qemu_dirent_dup() from osdep -> 9p-util).
 
 * API doc cleanup (convert Doxygen -> kerneldoc format).
 -----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCgA1FiEEltjREM96+AhPiFkBNMK1h2Wkc5UFAmIl6SUXHHFlbXVfb3Nz
 QGNydWRlYnl0ZS5jb20ACgkQNMK1h2Wkc5WIAg//fAigCqLTYGL1MzOILppRXfJa
 3XBdCogLT8m0y+DFoCXgwQx4VU05xPj69633e6nmm4tuyhqMqiIjVQl8EZfH89wD
 vK3NlMJxevkK8soiOB91iyUD0LifrsdS7RwLF4XQmQ+tQbu6p+zLBjDBHYQScyUh
 Tms0YD5A+ubWb5s8fZ0NS+zi3GXUAKhnxtypHQjelsL492uXBOdVs+F3a/gCHzhq
 SyRJn0rdJ+MWZP4QYTpAeOC1YkYd4D52nuuLE4SY/lf3XdHIcUSVAKdWkEuJUAQC
 u7miCqmkXAjfiiu4/vIGeL2nSwApF6hNAckIoaH6jt3xZEeINmw612oO6uG5Ra3R
 AqAT1wNASf4e36Ee26pIwcbHVk0fTBjpmaTmlwb9ts1kSaCW5clopvQSkQuER9cz
 zqGZqD6uWSkfOFaGuLc6ai4/jkxeaM+7liALcXsm68/AnF/5zWPLsF73OrZDjA1H
 VXVg43+686HRBaHez1eLGmM4dJxlglgVEO35+rPeuztRtwL81v+RhBDcQWsjsxY1
 FO5V9LddpfvXgPNlcFNd3+PQnNzy7t4Oz1GKbRZ/bM9hv5+XiObUq+GuO4FvvrLj
 tmICJ7RYmV91H7MK5bFG1HA1qkdJkXu1GvW6x/knjnSKo6RhEAudDQZhrdjVGjVD
 vfDxPB4jHm0tKbIbtuU=
 =Fikk
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cschoenebeck/tags/pull-9p-20220307' into staging

9pfs: introduce macOS host support and cleanup

* Add support for Darwin (a.k.a. macOS) hosts.

* Code cleanup (move qemu_dirent_dup() from osdep -> 9p-util).

* API doc cleanup (convert Doxygen -> kerneldoc format).

# gpg: Signature made Mon 07 Mar 2022 11:14:45 GMT
# gpg:                using RSA key 96D8D110CF7AF8084F88590134C2B58765A47395
# gpg:                issuer "qemu_oss@crudebyte.com"
# gpg: Good signature from "Christian Schoenebeck <qemu_oss@crudebyte.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: ECAB 1A45 4014 1413 BA38  4926 30DB 47C3 A012 D5F4
#      Subkey fingerprint: 96D8 D110 CF7A F808 4F88  5901 34C2 B587 65A4 7395

* remotes/cschoenebeck/tags/pull-9p-20220307:
  fsdev/p9array.h: convert Doxygen -> kerneldoc format
  9pfs/coth.h: drop Doxygen format on v9fs_co_run_in_worker()
  9pfs/9p-util.h: convert Doxygen -> kerneldoc format
  9pfs/9p.c: convert Doxygen -> kerneldoc format
  9pfs/codir.c: convert Doxygen -> kerneldoc format
  9pfs/9p.h: convert Doxygen -> kerneldoc format
  9pfs: drop Doxygen format from qemu_dirent_dup() API comment
  9pfs: move qemu_dirent_dup() from osdep -> 9p-util
  9p: darwin: meson: Allow VirtFS on Darwin
  9p: darwin: Adjust assumption on virtio-9p-test
  9p: darwin: Implement compatibility for mknodat
  9p: darwin: Compatibility for f/l*xattr
  9p: darwin: *xattr_nofollow implementations
  9p: darwin: Move XATTR_SIZE_MAX->P9_XATTR_SIZE_MAX
  9p: darwin: Ignore O_{NOATIME, DIRECT}
  9p: darwin: Handle struct dirent differences
  9p: darwin: Handle struct stat(fs) differences
  9p: Rename 9p-util -> 9p-util-linux
  9p: linux: Fix a couple Linux assumptions

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-08 09:06:57 +00:00
Andrew Jeffery
46179776c2 hw: aspeed_gpio: Cleanup stray semicolon after switch
Not sure how that got there.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Message-Id: <20220207150409.358888-2-andrew@aj.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-03-08 09:18:11 +01:00
Patrick Williams
a20c54b123 hw/arm/aspeed: add Bletchley machine type
Add the 'bletchley-bmc' machine type based on the kernel DTS[1] and
hardware schematics available to me.  The i2c model is as complete as
the current QEMU models support, but in some cases I substituted devices
that are close enough for present functionality.  Strap registers are
kept the same as the AST2600-EVB until I'm able to confirm correct
values with physical hardware.

This has been tested with an openbmc image built from [2] plus a kernel
patch[3] for the SPI flash module.

1. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/arm/boot/dts/aspeed-bmc-facebook-bletchley.dts?id=a8c729e966c4e9d033242d948b0e53c2a62d32e2
2. b9432b980d
3. 25b566b9a9

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
[ clg : increased number of FMC devices to 2 to match Linux dts ]
Message-Id: <20220305000656.1944589-2-patrick@stwcx.xyz>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-03-08 09:18:11 +01:00
Patrick Williams
179b205882 hw/arm/aspeed: allow missing spi_model
Generally all BMCs will use the fmc_model to hold their own flash
and most will have a spi_model to hold the managed system's flash,
but not all systems do.  Add a simple NULL check to allow a system
to set the spi_model as NULL to indicate it should not be instantiated.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Message-Id: <20220305000656.1944589-1-patrick@stwcx.xyz>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-03-08 09:18:11 +01:00
Patrick Williams
8fd49126dc hw/block: m25p80: Add support for w25q01jvq
The w25q01jvq is a 128MB part.  Support is being added to the kernel[1]
and the two have been tested together.

1. https://lore.kernel.org/lkml/20220222092222.23108-1-potin.lai@quantatw.com/

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Cc: Potin Lai <potin.lai@quantatw.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-Id: <20220304180920.1780992-1-patrick@stwcx.xyz>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-03-08 09:18:11 +01:00
Cédric Le Goater
c1402ea122 aspeed/smc: Fix error log
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220307071856.1410731-7-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-03-08 09:18:11 +01:00
Cédric Le Goater
9bbdfe0569 aspeed/smc: Let the SSI core layer define the bus name
If no id is provided, qdev automatically assigns an unique name with
the following pattern "<type>.<index>" which avoids bus name collision
when using multiple buses.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220307071856.1410731-6-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-03-08 09:18:11 +01:00
Cédric Le Goater
ae945a00ff aspeed/smc: Rename 'max_peripherals' to 'cs_num_max'
The naming makes more sense in a SPI controller model.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220307071856.1410731-5-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-03-08 09:18:11 +01:00
Cédric Le Goater
8d99713bba aspeed/smc: Remove 'num_cs' field
It is not used anymore.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220307071856.1410731-4-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-03-08 09:18:11 +01:00
Cédric Le Goater
9bd4ac61c7 aspeed: Rework aspeed_board_init_flashes() interface
Currently, the allocation of the flash devices uses the number of
slave selects configured in the SoC realize routine. It is simpler to
use directly the number of FMC devices defined in the machine class
and 1 for spi devices (which is what the SoC does in the back of the
machine).

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220307071856.1410731-3-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-03-08 09:18:11 +01:00
Cédric Le Goater
dcacfa9451 aspeed/smc: Use max number of CE instead of 'num_cs'
The Aspeed SMC model uses the 'num_cs' field to allocate resources
fitting the number of devices of the machine. This is a small
optimization without real need in the controller. Simplify modelling
and use the max_peripherals field instead.

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220307071856.1410731-2-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-03-08 09:18:11 +01:00
Wentao_Liang
05e6e40a86 aspeed: Fix a potential memory leak bug in write_boot_rom()
A memory chunk is allocated with g_new0() and assigned to the variable
'storage'. However, if the branch takes true, there will be only an
error report but not a free operation for 'storage' before function
returns. As a result, a memory leak bug is triggered.

Use g_autofree to fix the issue.

Suggested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Wentao_Liang <Wentao_Liang_g@163.com>
[ clg: reworked the commit log ]
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2022-03-08 09:18:11 +01:00
Eric Blake
395aecd037 qemu-io: Allow larger write zeroes under no fallback
When writing zeroes can fall back to a slow write, permitting an
overly large request can become an amplification denial of service
attack in triggering a large amount of work from a small request.  But
the whole point of the no fallback flag is to quickly determine if
writing an entire device to zero can be done quickly (such as when it
is already known that the device started with zero contents); in those
cases, artificially capping things at 2G in qemu-io itself doesn't
help us.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20211203231539.3900865-4-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2022-03-07 19:28:00 -06:00
Eric Blake
087f2fb376 qemu-io: Utilize 64-bit status during map
The block layer has supported 64-bit block status from drivers since
commit 86a3d5c688 ("block: Add .bdrv_co_block_status() callback",
v2.12) and friends, with individual driver callbacks responsible for
capping things where necessary.  Artificially capping things below 2G
in the qemu-io 'map' command, added in commit d6a644bbfe ("block: Make
bdrv_is_allocated() byte-based", v2.10) is thus no longer necessary.

One way to test this is with qemu-nbd as server on a raw file larger
than 4G (the entire file should show as allocated), plus 'qemu-io -f
raw -c map nbd://localhost --trace=nbd_\*' as client.  Prior to this
patch, the NBD_CMD_BLOCK_STATUS requests are fragmented at 0x7ffffe00
distances; with this patch, the fragmenting changes to 0x7fffffff
(since the NBD protocol is currently still limited to 32-bit
transactions - see block/nbd.c:nbd_client_co_block_status).  Then in
later patches, once I add an NBD extension for a 64-bit block status,
the same map command completes with just one NBD_CMD_BLOCK_STATUS.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20211203231539.3900865-3-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2022-03-07 19:23:36 -06:00
Eric Blake
314b902621 nbd/server: Minor cleanups
Spelling fixes, grammar improvements and consistent spacing, noticed
while preparing other patches in this file.

Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20211203231539.3900865-2-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2022-03-07 19:23:25 -06:00
Daniel P. Berrangé
10cc95c38f tests/qemu-iotests: validate NBD TLS with UNIX sockets and PSK
This validates that connections to an NBD server running on a UNIX
socket can use TLS with pre-shared keys (PSK).

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-13-berrange@redhat.com>
[eblake: squash in rebase fix]
Tested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2022-03-07 17:13:31 -06:00
Daniel P. Berrangé
f0620835c5 tests/qemu-iotests: validate NBD TLS with UNIX sockets
This validates that connections to an NBD server running on a UNIX
socket can use TLS, and require a TLS hostname override to pass
certificate validation.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-12-berrange@redhat.com>
[eblake: squash in rebase fix]
Tested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2022-03-07 17:13:15 -06:00
Daniel P. Berrangé
3da93d4bc6 tests/qemu-iotests: validate NBD TLS with hostname mismatch
This validates that connections to an NBD server where the certificate
hostname does not match will fail. It further validates that using the
new 'tls-hostname' override option can solve the failure.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-11-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2022-03-07 17:12:55 -06:00
Daniel P. Berrangé
ebc0141ba7 tests/qemu-iotests: convert NBD TLS test to use standard filters
Using standard filters is more future proof than rolling our own.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-10-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2022-03-07 17:12:55 -06:00
Daniel P. Berrangé
9960fda9fa tests/qemu-iotests: introduce filter for qemu-nbd export list
Introduce a filter for the output of qemu-nbd export list so it can be
reused in multiple tests.

The filter is a bit more permissive that what test 241 currently uses,
as its allows printing of the export count, along with any possible
error messages that might be emitted.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-9-berrange@redhat.com>
Tested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2022-03-07 17:12:45 -06:00
Mark Cave-Ayland
ab71472dfb roms/openbios: update OpenBIOS images to 0e0afae6 built from submodule
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2022-03-07 23:12:01 +00:00
Ani Sinha
128e050d41 hw/acpi/microvm: turn on 8042 bit in FADT boot architecture flags if present
The second bit of IAPC_BOOT_ARCH in FADT table indicates the presence of
keyboard controller implemented as 8042 or equivalent micro controller. This
change enables this flag for microvms if such a device exists (for example,
when added explicitly from the QEMU commandline). Change
654701e292d98b308b0 ("hw/acpi: add indication for i8042 in IA-PC boot flags of the FADT table")
enabled this flag for i386 q35 based machines. The reason for doing the same
for micro-vms is to make sure we provide the correct tables to the guest OS
uniformly in all cases when an i8042 device is present. When this bit is not
enabled, guest OSes has to find other indirect methods to detect the device
which we would like to avoid.

Signed-off-by: Ani Sinha <ani@anisinha.ca>
Message-Id: <20220304154032.2071585-5-ani@anisinha.ca>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-03-07 17:43:14 -05:00
Daniel P. Berrangé
7470bf87d3 tests/qemu-iotests: expand _filter_nbd rules
Some tests will want to use 'localhost' instead of '127.0.0.1', and
some will use the image options syntax rather than the classic URI
syntax.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-8-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2022-03-07 15:58:42 -06:00
Daniel P. Berrangé
cf168e398b tests/qemu-iotests: add QEMU_IOTESTS_REGEN=1 to update reference file
When developing an I/O test it is typical to add some logic to the
test script, run it to view the output diff, and then apply the
output diff to the reference file. This can be drastically simplified
by letting the test runner update the reference file in place.

By setting 'QEMU_IOTESTS_REGEN=1', the test runner will report the
failure and show the diff, but at the same time update the reference
file. So next time the I/O test is run it will succeed.

Continuing to display the diff when updating the reference gives the
developer a chance to review what was changed.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-7-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2022-03-07 15:58:42 -06:00
Daniel P. Berrangé
e8ae8b1a75 block/nbd: don't restrict TLS usage to IP sockets
The TLS usage for NBD was restricted to IP sockets because validating
x509 certificates requires knowledge of the hostname that the client
is connecting to.

TLS does not have to use x509 certificates though, as PSK (pre-shared
keys) provide an alternative credential option. These have no
requirement for a hostname and can thus be trivially used for UNIX
sockets.

Furthermore, with the ability to overide the default hostname for
TLS validation in the previous patch, it is now also valid to want
to use x509 certificates with FD passing and UNIX sockets.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-6-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2022-03-07 15:58:42 -06:00
Daniel P. Berrangé
003b2b2521 qemu-nbd: add --tls-hostname option for TLS certificate validation
When using the --list option, qemu-nbd acts as an NBD client rather
than a server. As such when using TLS, it has a need to validate
the server certificate. This adds a --tls-hostname option which can
be used to override the default hostname used for certificate
validation.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-5-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2022-03-07 15:58:42 -06:00
Daniel P. Berrangé
a0cd6d2972 block/nbd: support override of hostname for TLS certificate validation
When connecting to an NBD server with TLS and x509 credentials,
the client must validate the hostname it uses for the connection,
against that published in the server's certificate. If the client
is tunnelling its connection over some other channel, however, the
hostname it uses may not match the info reported in the server's
certificate. In such a case, the user needs to explicitly set an
override for the hostname to use for certificate validation.

This is achieved by adding a 'tls-hostname' property to the NBD
block driver.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-4-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2022-03-07 15:58:42 -06:00
Daniel P. Berrangé
046f98d075 block: pass desired TLS hostname through from block driver client
In

  commit a71d597b98
  Author: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
  Date:   Thu Jun 10 13:08:00 2021 +0300

    block/nbd: reuse nbd_co_do_establish_connection() in nbd_open()

the use of the 'hostname' field from the BDRVNBDState struct was
lost, and 'nbd_connect' just hardcoded it to match the IP socket
address. This was a harmless bug at the time since we block use
with anything other than IP sockets.

Shortly though, we want to allow the caller to override the hostname
used in the TLS certificate checks. This is to allow for TLS
when doing port forwarding or tunneling. Thus we need to reinstate
the passing along of the 'hostname'.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-3-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2022-03-07 15:58:42 -06:00
Daniel P. Berrangé
d41997e465 crypto: mandate a hostname when checking x509 creds on a client
Currently the TLS session object assumes that the caller will always
provide a hostname when using x509 creds on a client endpoint. This
relies on the caller to detect and report an error if the user has
configured QEMU with x509 credentials on a UNIX socket. The migration
code has such a check, but it is too broad, reporting an error when
the user has configured QEMU with PSK credentials on a UNIX socket,
where hostnames are irrelevant.

Putting the check into the TLS session object credentials validation
code ensures we report errors in only the scenario that matters.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-2-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2022-03-07 15:58:42 -06:00
John Snow
7cba010e82 scripts/qmp-shell-wrap: Fix import path
Mea culpa. Dan's patch wound up with the wrong import path because I
re-ordered my most recent pull request and missed that this needed a fix
on rebase.

Fixes: 43912529
Reported-by: Kashyap Chamarthy <kchamart@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Tested-by: Kashyap Chamarthy <kchamart@redhat.com>
Message-id: 20220225170828.3418305-1-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2022-03-07 14:36:47 -05:00
John Snow
4c1fe7003c python/aqmp: drop _bind_hack()
_bind_hack() was a quick fix to allow async QMP to call bind(2) prior to
calling listen(2) and accept(2). This wasn't sufficient to fully address
the race condition present in synchronous clients.

With the race condition in legacy.py fixed (see the previous commit),
there are no longer any users of _bind_hack(). Drop it.

Fixes: b0b662bb2b
Signed-off-by: John Snow <jsnow@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20220225205948.3693480-11-jsnow@redhat.com
[Expanded commit message. --js]
Signed-off-by: John Snow <jsnow@redhat.com>
2022-03-07 14:36:41 -05:00
John Snow
673856f9d8 python/aqmp: fix race condition in legacy.py
legacy.py provides a synchronous model. iotests frequently uses this
paradigm:

 - create QMP client object
 - start QEMU process
 - await connection from QEMU process

In the switch from sync to async QMP, the QMP client object stopped
calling bind() and listen() during the QMP object creation step, which
creates a race condition if the QEMU process dials in too quickly.

With refactoring out of the way, restore the former behavior of calling
bind() and listen() during __init__() to fix this race condition.

Signed-off-by: John Snow <jsnow@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20220225205948.3693480-10-jsnow@redhat.com
[Expanded commit message. --js]
Signed-off-by: John Snow <jsnow@redhat.com>
2022-03-07 14:36:41 -05:00
John Snow
481607c7d3 python/aqmp: add start_server() and accept() methods
Add start_server() and accept() methods that can be used instead of
start_server_and_accept() to allow more fine-grained control over the
incoming connection process.

(Eagle-eyed reviewers will surely notice that it's a bit weird that
"CONNECTING" is a state that's shared between both the start_server()
and connect() states. That's absolutely true, and it's very true that
checking on the presence of _accepted as an indicator of state is a
hack. That's also very certainly true. But ... this keeps client code an
awful lot simpler, as it doesn't have to care exactly *how* the
connection is being made, just that it *is*. Is it worth disrupting that
simplicity in order to provide a better state guard on `accept()`? Hm.)

Signed-off-by: John Snow <jsnow@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20220225205948.3693480-9-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2022-03-07 14:36:41 -05:00
John Snow
32c5abf051 python/aqmp: stop the server during disconnect()
Before we allow the full separation of starting the server and accepting
new connections, make sure that the disconnect cleans up the server and
its new state, too.

Signed-off-by: John Snow <jsnow@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20220225205948.3693480-8-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2022-03-07 14:36:41 -05:00
John Snow
5e9902a030 python/aqmp: refactor _do_accept() into two distinct steps
Refactor _do_accept() into _do_start_server() and _do_accept(). As of
this commit, the former calls the latter, but in subsequent commits
they'll be split apart.

(So please forgive the misnomer for _do_start_server(); it will live up
to its name shortly, and the docstring will be updated then too. I'm
just cutting down on some churn.)

Signed-off-by: John Snow <jsnow@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20220225205948.3693480-7-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2022-03-07 14:36:41 -05:00
John Snow
1b9c8cb6ce python/aqmp: squelch pylint warning for too many lines
I would really like to keep this under 1000 lines, I promise. Doesn't
look like it's gonna happen.

Signed-off-by: John Snow <jsnow@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20220225205948.3693480-6-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2022-03-07 14:36:41 -05:00
John Snow
830e6fd36e python/aqmp: split _client_connected_cb() out as _incoming()
As part of disentangling the monolithic nature of _do_accept(), split
out the incoming callback to prepare for factoring out the "wait for a
peer" step. Namely, this means using an event signal we can wait on from
outside of this method.

Signed-off-by: John Snow <jsnow@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20220225205948.3693480-5-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2022-03-07 14:36:41 -05:00
John Snow
68a6cf3ffe python/aqmp: remove _new_session and _establish_connection
These two methods attempted to entirely envelop the logic of
establishing a connection to a peer start to finish. However, we need to
break apart the incoming connection step into more granular steps. We
will no longer be able to reasonably constrain the logic inside of these
helper functions.

So, remove them - with _session_guard(), they no longer serve a real
purpose.

Although the public API doesn't change, the internal API does. Now that
there are no intermediary methods between e.g. connect() and
_do_connect(), there's no hook where the runstate is set. As a result,
the test suite changes a little to cope with the new semantics of
_do_accept() and _do_connect().

Lastly, take some pieces of the now-deleted docstrings and move
them up to the public interface level. They were a little more detailed,
and it won't hurt to keep them.

Signed-off-by: John Snow <jsnow@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20220225205948.3693480-4-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2022-03-07 14:36:41 -05:00
John Snow
0ba4e76b23 python/aqmp: rename 'accept()' to 'start_server_and_accept()'
Previously, I had a method named "accept()" that under-the-hood calls
bind(2), listen(2) *and* accept(2). I meant this as a simplification and
counterpart to the one-shot "connect()" method.

This is confusing to readers who expect accept() to mean *just*
accept(2). Since I need to split apart the "accept()" method into
multiple methods anyway (one of which strongly resembling accept(2)), it
feels pertinent to rename this method *now*.

Rename this all-in-one method "start_server_and_accept()" instead.

Signed-off-by: John Snow <jsnow@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20220225205948.3693480-3-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2022-03-07 14:36:41 -05:00
John Snow
40196c2393 python/aqmp: add _session_guard()
In _new_session, there's a fairly complex except clause that's used to
give semantic errors to callers of accept() and connect(). We need to
create a new two-step replacement for accept(), so factoring out this
piece of logic will be useful.

Bolster the comments and docstring here to try and demystify what's
going on in this fairly delicate piece of Python magic.

(If we were using Python 3.7+, this would be an @asynccontextmanager. We
don't have that very nice piece of magic, however, so this must take an
Awaitable to manage the Exception contexts properly. We pay the price
for platform compatibility.)

Signed-off-by: John Snow <jsnow@redhat.com>
Acked-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20220225205948.3693480-2-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2022-03-07 14:36:41 -05:00
Philippe Mathieu-Daudé
5e0c126aad target/mips: Remove duplicated MIPSCPU::cp0_count_rate
Since the previous commit 9ea89876f9d ("target/mips: Fix cycle
counter timing calculations"), MIPSCPU::cp0_count_rate is not
used anymore. We don't need it since it is already expressed
as mips_def_t::CCRes. Remove the duplicate and clean.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <>20211213102340.1847248-1-f4bug@amsat.org>
2022-03-07 20:34:17 +01:00
Simon Burge
c8aeab3a09 target/mips: Fix cycle counter timing calculations
The cp0_count_ns value is calculated from the CP0_COUNT_RATE_DEFAULT
constant in target/mips/cpu.c.  The cycle counter resolution is defined
per-CPU in target/mips/cpu-defs.c.inc; use this value for calculating
cp0_count_ns.  Fixings timing problems on guest OSs for the 20Kc CPU
which has a CCRes of 1.

Signed-off-by: Simon Burge <simonb@NetBSD.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211213135125.18378-1-simonb@NetBSD.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2022-03-07 20:34:17 +01:00
Peter Maydell
99c4a9e68e - Re-org accel/ and softmmu/ to have more target-agnostic objects.
- Use CPUArchState as an abstract type, defined by each target
   (CPUState is our interface with generic code, CPUArchState is
    our interface with target-specific code).
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmIlQmcACgkQ4+MsLN6t
 wN59LRAAv69CO8UQj3FJs3igxVFrygcoYb9ywHd69tShLPrBo3204dHph67xzYDw
 yZwTAftpVvoLsveQGivrMIl76f0Sg2RmxNgcIWQsPwYC9PI4BPbnZpRA7s4o5eZA
 kLsSMEdhQoEAwysunu6uQMpbz7ZB5w2opb+hB++63khgsz+tyoCnsbxn7DVIgmX8
 qg3N/SqFxsptf7NVNIAR7S6LmuW2ii7FnkvG4pO4fqW22omgXsw2Cj/KL+j2vaPX
 GSMEX2ugEh77AKROr9OiXkLmiLaaF2BWQOlgOEKLfUE3nGaTtqGl3Wd8fv3FYVgH
 a4g9+ceEDnTzW+hLQoWn8XKAKuC00pXZNTh/4iqR7gkah+rIdxtVLSN6YEHu5dr+
 EQRdNJdJqHUTjtuuq9UF7U9NZuDgESmOqloIpBMkgDfgd+PoWvjnc+kjy4x3Wfog
 3+cV62Cb91oHVMzSVskeeO/TEDxUFI4Zl18SR3M6MLUBANFW1YPNDUqSqN8zLdmd
 w0ehd6+PBplH7JlWcdd2cam+4chO9tv0MrBD7Ty1UitDiFEP1oSkEyRzoHa8cUcb
 Rz7Aa9noQJ6jSjrYaVoYcENnQxtdJd9utcQFY28M8PtOJrw7HRMtS8WQi0nsRcWq
 o6NJ/58EJ/SAGH1+qX+LTr/IUmnFiW1XhEWpJoUjb+lmmCfdtOM=
 =bOxK
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd/tags/abstract-arch-cpu-20220307' into staging

- Re-org accel/ and softmmu/ to have more target-agnostic objects.

- Use CPUArchState as an abstract type, defined by each target
  (CPUState is our interface with generic code, CPUArchState is
   our interface with target-specific code).

# gpg: Signature made Sun 06 Mar 2022 23:23:19 GMT
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd/tags/abstract-arch-cpu-20220307: (33 commits)
  accel/tcg: Remove pointless CPUArchState casts
  target/i386: Remove pointless CPUArchState casts
  target: Use ArchCPU as interface to target CPU
  target: Introduce and use OBJECT_DECLARE_CPU_TYPE() macro
  target: Use CPUArchState as interface to target-specific CPU state
  target: Use forward declared type instead of structure type
  target/hexagon: Add missing 'hw/core/cpu.h' include
  target: Include missing 'cpu.h'
  Hexagon (target/hexagon) convert to OBJECT_DECLARE_TYPE
  target/i386/tcg/sysemu: Include missing 'exec/exec-all.h' header
  cpu: Add missing 'exec/exec-all.h' and 'qemu/accel.h' headers
  exec/cpu_ldst: Include 'cpu.h' to get target_ulong definition
  meson: Display libfdt as disabled when system emulation is disabled
  softmmu: Build target-agnostic objects once
  softmmu: Add qemu_init_arch_modules()
  exec/cpu: Make address_space_init/reloading_memory_map target agnostic
  exec/gdbstub: Make gdb_exit() / gdb_set_stop_cpu() target agnostic
  misc: Add missing "sysemu/cpu-timers.h" include
  misc: Remove unnecessary "sysemu/cpu-timers.h" include
  softmmu/cpu-timers: Remove unused 'exec/exec-all.h' header
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-07 19:07:44 +00:00
Rohit Kumar
818e163608 Check and report for incomplete 'global' option format
Qemu might crash when provided incomplete '-global' option.
For example:
     qemu-system-x86_64 -global driver=isa-fdc
     qemu-system-x86_64: ../../devel/qemu/qapi/string-input-visitor.c:394:
     string_input_visitor_new: Assertion `str' failed.
     Aborted (core dumped)

Fixes: 3751d7c43f ("vl: allow full-blown QemuOpts syntax for -global")
Signed-off-by: Rohit Kumar <rohit.kumar3@nutanix.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/604
Message-Id: <20220216071508.412974-1-rohit.kumar3@nutanix.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-03-07 19:00:05 +01:00
Thomas Huth
63021223ff tests/vm: Update haiku test vm to R1/Beta3
The old image did not have python3 yet, and thus was not usable
for compiling QEMU anymore.

Suggested-by: Alexander von Gluck IV <kallisti5@unixzen.com>
Message-Id: <20220216154208.2985103-1-kallisti5@unixzen.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-03-07 19:00:05 +01:00
Thomas Huth
8c88e1782f tests/avocado: Cancel BootLinux tests in case there is no free port
The BootLinux tests are currently failing with an ugly python
stack trace on my RHEL8 system since they cannot get a free port
(likely due to the firewall settings on my system). Let's properly
check the return value of find_free_port() instead and cancel the
test gracefully if it cannot get a free port.

Message-Id: <20220228114325.818294-1-thuth@redhat.com>
Reviewed-by: Beraldo Leal <bleal@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-03-07 18:59:44 +01:00
Peter Maydell
b49872aa8f Block patches for 7.0-rc0:
- New fleecing backup scheme
 - iotest fixes
 - Fixes for the curl block driver
 - Fix for the preallocate block driver
 - IDE fix for zero-length TRIM requests
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEy2LXoO44KeRfAE00ofpA0JgBnN8FAmIl33sSHGhyZWl0ekBy
 ZWRoYXQuY29tAAoJEKH6QNCYAZzfD60P/0xXwKmXiyq7GkoVdkZaI4ErMn29rnzl
 APoM6Q3GbMII6ipkqVIFM2BIhGDCl8X+KbzvDTm23jvXR7SAnjel+GBcFYTZ4/3r
 LbS/mW3SGPjEG6CldXjHDxD/k+3sw1wXOGW30+PhEkpokNSJKh3evsNxUA+liPQT
 MqrNWilh28S4CMM2YnHEJNX/e0WujYagE0PN4UKrr/+bw8mN+UrirCC/BwH0RsAz
 H+OVek/SaGUer4MAXNH+LVWwm3/F+sZQBqyLZc0ORavKnXEPlf/fKbGx5+IkV2ty
 h/GX+oxLSsfnXDVhqvP71RbSkLIOCsrSPzTqz3vicBmwtqaIzjor7wVS/vJlK1i5
 cVEYa2te3Ccbpijb9VOBwTu+t8YB8x/Ot8S22p++uC0CY/Gf1paCe8uNqXHQYhfD
 Sv2Xw9vQsCIvB+7vmJ+iMSf5LFPO0I4Hh7zil6ecKgtxtkVLtqYa7t1UE/5cOUtO
 mF3mzS7bQhcU569z3+hZEBiCrH+rSNvHvnnAV/IFN4Y1PqSBk6uwoqHzUFZQq6Dr
 6IdduqUmGs9ooDZuxKgShr81Sn18T6BkawcsQMMHOI4gKRik3l7kxUnPeTIYWi2T
 j0ihaZyH5rRfa80CBnN18Q+90buYb0OafKZ9y4/RDOScoHeR8Yx/RjUwKpn+6yGI
 TOUr+3PvGOPl
 =OH/S
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/hreitz-gitlab/tags/pull-block-2022-03-07' into staging

Block patches for 7.0-rc0:
- New fleecing backup scheme
- iotest fixes
- Fixes for the curl block driver
- Fix for the preallocate block driver
- IDE fix for zero-length TRIM requests

# gpg: Signature made Mon 07 Mar 2022 10:33:31 GMT
# gpg:                using RSA key CB62D7A0EE3829E45F004D34A1FA40D098019CDF
# gpg:                issuer "hreitz@redhat.com"
# gpg: Good signature from "Hanna Reitz <hreitz@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: CB62 D7A0 EE38 29E4 5F00  4D34 A1FA 40D0 9801 9CDF

* remotes/hreitz-gitlab/tags/pull-block-2022-03-07: (23 commits)
  iotests/image-fleecing: test push backup with fleecing
  iotests/image-fleecing: add test case with bitmap
  iotests.py: add qemu_io_pipe_and_status()
  iotests/image-fleecing: add test-case for fleecing format node
  block: copy-before-write: realize snapshot-access API
  block: introduce snapshot-access block driver
  block/io: introduce block driver snapshot-access API
  block/reqlist: add reqlist_wait_all()
  block/dirty-bitmap: introduce bdrv_dirty_bitmap_status()
  block/reqlist: reqlist_find_conflict(): use ranges_overlap()
  block: intoduce reqlist
  block/block-copy: add block_copy_reset()
  block/copy-before-write: add bitmap open parameter
  block/block-copy: block_copy_state_new(): add bitmap parameter
  block/dirty-bitmap: bdrv_merge_dirty_bitmap(): add return value
  block/block-copy: move copy_bitmap initialization to block_copy_state_new()
  iotests: Write test output to TEST_DIR
  tests/qemu-iotests/testrunner: Quote "case not run" lines in TAP mode
  tests/qemu-iotests/040: Skip TestCommitWithFilters without 'throttle'
  block: fix preallocate filter: don't do unaligned preallocate requests
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-07 17:14:09 +00:00
Richard Henderson
0942820408 hw/arm/virt: Disable LPA2 for -machine virt-6.2
There is a Linux kernel bug present until v5.12 that prevents
booting with FEAT_LPA2 enabled.  As a workaround for TCG,
disable this feature for machine versions prior to 7.0.

Cc: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-07 14:32:21 +00:00
Richard Henderson
69b2265d5f target/arm: Provide cpu property for controling FEAT_LPA2
There is a Linux kernel bug present until v5.12 that prevents
booting with FEAT_LPA2 enabled.  As a workaround for TCG, allow
the feature to be disabled from -cpu max.

Since this kernel bug is present in the Fedora 31 image that
we test in avocado, disable lpa2 on the command-line.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-03-07 14:32:21 +00:00