- 15 Jun, 2017 40 commits
-
-
Felipe Franciosi authored
This commit introduces a vhost-user-scsi backend sample application. It must be linked with libiscsi and libvhost-user. To use it, compile with: $ make vhost-user-scsi And run as follows: $ ./vhost-user-scsi -u vus.sock -i iscsi://uri_to_target/ $ qemu-system-x86_64 --enable-kvm -m 512 \ -object memory-backend-file,id=mem,size=512m,share=on,mem-path=guestmem \ -numa node,memdev=mem \ -chardev socket,id=vhost-user-scsi,path=vus.sock \ -device vhost-user-scsi-pci,chardev=vhost-user-scsi \ The application is currently limited at one LUN only and it processes requests synchronously (therefore only achieving QD1). The purpose of the code is to show how a backend can be implemented and to test the vhost-user-scsi Qemu implementation. If a different instance of this vhost-user-scsi application is executed at a remote host, a VM can be live migrated to such a host. Signed-off-by:
Felipe Franciosi <felipe@nutanix.com> Message-Id: <1488479153-21203-5-git-send-email-felipe@nutanix.com>
-
Felipe Franciosi authored
This commit introduces a vhost-user device for SCSI. This is based on the existing vhost-scsi implementation, but done over vhost-user instead. It also uses a chardev to connect to the backend. Unlike vhost-scsi (today), VMs using vhost-user-scsi can be live migrated. To use it, start Qemu with a command line equivalent to: qemu-system-x86_64 \ -chardev socket,id=vus0,path=/tmp/vus.sock \ -device vhost-user-scsi-pci,chardev=vus0,bus=pci.0,addr=... A separate commit presents a sample application linked with libiscsi to provide a backend for vhost-user-scsi. Signed-off-by:
Felipe Franciosi <felipe@nutanix.com> Message-Id: <1488479153-21203-4-git-send-email-felipe@nutanix.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Paolo Bonzini authored
Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Paolo Bonzini authored
This is for the future interoperability & management guide. It includes the QAPI docs, including the automatically generated ones, other socket protocols (vhost-user, VNC), and the qcow2 file format. Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Thomas Huth authored
These are defined in config-target.h and thus should never be used in common code. Signed-off-by:
Thomas Huth <thuth@redhat.com> Message-Id: <1497468113-2874-3-git-send-email-thuth@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Thomas Huth authored
Since we've got some new CPU targets in QEMU during the last months and years, we've got some new TARGET_xxx defines now which should be marked as poisoned for common code. Signed-off-by:
Thomas Huth <thuth@redhat.com> Message-Id: <1497468113-2874-2-git-send-email-thuth@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Vladimir Sementsov-Ogievskiy authored
- do not use 'goto error_reply' outside a switch to jump into the middle of the switch's default case label - reduce code duplication Signed-off-by:
Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Message-Id: <20170602150150.258222-13-vsementsov@virtuozzo.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Vladimir Sementsov-Ogievskiy authored
For consistency use 'ret' name for saving return code everywhere in the file. Signed-off-by:
Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Message-Id: <20170602150150.258222-12-vsementsov@virtuozzo.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Vladimir Sementsov-Ogievskiy authored
"goto fail" error handling scheme is not needed for just returning error code. Better is return it immediately. Signed-off-by:
Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Message-Id: <20170602150150.258222-11-vsementsov@virtuozzo.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Vladimir Sementsov-Ogievskiy authored
Current code will return 0 on this nbd_write fail, as rc is 0 after successful nbd_negotiate_options. Fix this. Signed-off-by:
Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Message-Id: <20170602150150.258222-10-vsementsov@virtuozzo.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Vladimir Sementsov-Ogievskiy authored
"co" field of NBDClientNewData has never been used, all the way back to its declaration in commit 1a6245a5. So let's just use client pointer instead of extra structure. Signed-off-by:
Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Message-Id: <20170602150150.258222-9-vsementsov@virtuozzo.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Vladimir Sementsov-Ogievskiy authored
Move function tail, about receiving next request out of the function. Error path is simplified and nbd_co_receive_request becomes more corresponding to its name. Signed-off-by:
Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Message-Id: <20170602150150.258222-8-vsementsov@virtuozzo.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Vladimir Sementsov-Ogievskiy authored
For now nbd_read never returns EAGAIN. So, don't handle it. Signed-off-by:
Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Message-Id: <20170602150150.258222-7-vsementsov@virtuozzo.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Vladimir Sementsov-Ogievskiy authored
As nbd_write never returns value > 0, we can get rid of extra ret. Signed-off-by:
Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Message-Id: <20170602150150.258222-6-vsementsov@virtuozzo.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Vladimir Sementsov-Ogievskiy authored
Now nbd_read and friends return int, so get rid of ssize_t. Signed-off-by:
Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Message-Id: <20170602150150.258222-5-vsementsov@virtuozzo.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Vladimir Sementsov-Ogievskiy authored
Functions nbd_negotiate_{read,write,drop_sync} were introduced in 1a6245a5, when nbd_rwv (was nbd_wr_sync) was working through qemu_co_sendv_recvv (the path is nbd_wr_sync -> qemu_co_{recv/send} -> qemu_co_send_recv -> qemu_co_sendv_recvv), which just yields, without setting any handlers. But starting from ff82911c nbd_rwv (was nbd_wr_syncv) works through qio_channel_yield() which sets handlers, so watchers are redundant in nbd_negotiate_{read,write,drop_sync}, then, let's just use nbd_{read,write,drop} functions. Functions nbd_{read,write,drop} has errp parameter, which is unused in this patch. This will be fixed later. Signed-off-by:
Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Message-Id: <20170602150150.258222-4-vsementsov@virtuozzo.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Vladimir Sementsov-Ogievskiy authored
Following commit will reuse it for nbd server too. Reviewed-by:
Eric Blake <eblake@redhat.com> Signed-off-by:
Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20170602150150.258222-3-vsementsov@virtuozzo.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Vladimir Sementsov-Ogievskiy authored
Rename nbd_wr_syncv -> nbd_rwv read_sync -> nbd_read read_sync_eof -> nbd_read_eof write_sync -> nbd_write drop_sync -> nbd_drop 1. nbd_ prefix read_sync and write_sync are already shared, so it is good to have a namespace prefix. drop_sync will be shared, and read_sync_eof is related to read_sync, so let's rename them all. 2. _sync suffix _sync is related to the fact that nbd_wr_syncv doesn't return if a write to socket returns EAGAIN. The first implementation of nbd_wr_syncv (was wr_sync in 7a5ca864) just loops while getting EAGAIN, the current implementation yields in this case. Why we want to get rid of it: - it is normal for r/w functions to be synchronous, so having an additional suffix for it looks redundant (contrariwise, we have _aio suffix for async functions) - _sync suffix in block layer is used when function does flush (so using it for other thing is confusing a bit) - keep function names short after adding nbd_ prefix 3. for nbd_wr_syncv let's use more common notation 'rw' Reviewed-by:
Eric Blake <eblake@redhat.com> Signed-off-by:
Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20170602150150.258222-2-vsementsov@virtuozzo.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Yang Zhong authored
move kvm related accelerator files into accel/ subdirectory, also create one stub subdirectory, which will include accelerator's stub files. Signed-off-by:
Yang Zhong <yang.zhong@intel.com> Message-Id: <1496383606-18060-5-git-send-email-yang.zhong@intel.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Yang Zhong authored
move tcg-runtime.c, translate-all.(ch) and translate-common.c into accel/tcg/ subdirectory and updated related trace-events file. Signed-off-by:
Yang Zhong <yang.zhong@intel.com> Message-Id: <1496383606-18060-4-git-send-email-yang.zhong@intel.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Yang Zhong authored
move cputlb.c, cpu-exec-common.c and cpu-exec.c related tcg exec file into accel/tcg/ subdirectory. Signed-off-by:
Yang Zhong <yang.zhong@intel.com> Message-Id: <1496383606-18060-3-git-send-email-yang.zhong@intel.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Yang Zhong authored
there are some types of accelerators in qemu, and all accelerators have their own file except tcg. tcg accelerator is also defined in accel.c file. tcg accelerator file will be splited from accel.c and re-name to tcg-all.c. accel/ directory will be created to include kvm and tcg related files. Signed-off-by:
Yang Zhong <yang.zhong@intel.com> Message-Id: <1496383606-18060-2-git-send-email-yang.zhong@intel.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Max Reitz authored
qemu proper has done so for 13 years (8a7ddc38), qemu-img and qemu-io have done so for four years (526eda14). Ignoring this signal is especially important in qemu-nbd because otherwise a client can easily take down the qemu-nbd server by dropping the connection when the server wants to send something, for example: $ qemu-nbd -x foo -f raw -t null-co:// & [1] 12726 $ qemu-io -c quit nbd://localhost/bar can't open device nbd://localhost/bar: No export with name 'bar' available [1] + 12726 broken pipe qemu-nbd -x foo -f raw -t null-co:// In this case, the client sends an NBD_OPT_ABORT and closes the connection (because it is not required to wait for a reply), but the server replies with an NBD_REP_ACK (because it is required to reply). Signed-off-by:
Max Reitz <mreitz@redhat.com> Message-Id: <20170611123714.31292-1-mreitz@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Eric Blake authored
Back in qemu 2.5, qemu-nbd was immune to port probes (a transient server would not quit, regardless of how many probe connections came and went, until a connection actually negotiated). But we broke that in commit ee7d7aab when removing the return value to nbd_client_new(), although that patch also introduced a bug causing an assertion failure on a client that fails negotiation. We then made it worse during refactoring in commit 1a6245a5 (a segfault before we could even assert); the (masked) assertion was cleaned up in d3780c2d (still in 2.6), and just recently we finally fixed the segfault ("nbd: Fully intialize client in case of failed negotiation"). But that still means that ever since we added TLS support to qemu-nbd, we have been vulnerable to an ill-timed port-scan being able to cause a denial of service by taking down qemu-nbd before a real client has a chance to connect. Since negotiation is now handled asynchronously via coroutines, we no longer have a synchronous point of return by re-adding a return value to nbd_client_new(). So this patch instead wires things up to pass the negotiation status through the close_fn callback function. Simple test across two terminals: $ qemu-nbd -f raw -p 30001 file $ nmap 127.0.0.1 -p 30001 && \ qemu-io -c 'r 0 512' -f raw nbd://localhost:30001 Note that this patch does not change what constitutes successful negotiation (thus, a client must enter transmission phase before that client can be considered as a reason to terminate the server when the connection ends). Perhaps we may want to tweak things in a later patch to also treat a client that uses NBD_OPT_ABORT as being a 'successful' negotiation (the client correctly talked the NBD protocol, and informed us it was not going to use our export after all), but that's a discussion for another day. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614Signed-off-by:
Eric Blake <eblake@redhat.com> Message-Id: <20170608222617.20376-1-eblake@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Paolo Bonzini authored
While at it, drop the current_cpu assignment since this is a per-thread variable on modern QEMU. Cc: Vincent Palatin <vpalatin@chromium.org> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Roman Kagan authored
Wrap the bulk of kvm_cpu_exec with cpu_exec_start/end, so that kvm version can also enjoy performing certain operations while all vCPUs are quiescent. Signed-off-by:
Roman Kagan <rkagan@virtuozzo.com> Message-Id: <20170606181948.16238-15-rkagan@virtuozzo.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Thomas Huth authored
Commit bde4d920 ("Fix the -accel parameter and the documentation for 'hax'") introduced a regression by adding a new local accel_opts variable which shadows the variable with the same name that is declared at the beginning of the main() scope. This causes the qemu_tcg_configure() call later to be always called with NULL, so that the thread=xxx option gets ignored. Fix it by removing the local accel_opts variable and use "opts" instead, which is meant for storing temporary QemuOpts values. And while we're at it, also change the exit(1) here to exit(0) since asking for help is not an error. Fixes: bde4d920Reported-by:
Markus Armbruster <armbru@redhat.com> Reported-by:
Emilio G. Cota <cota@braap.org> Signed-off-by:
Thomas Huth <thuth@redhat.com> Message-Id: <1496899257-25800-1-git-send-email-thuth@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Thomas Huth authored
When doing a "make -j10" in the vanilla QEMU source tree (without running "configure" first), the Makefile currently generates two files already, qemu-version.h and qemu-options.def. This should not happen, so let's only build the generated files if config-host.mak is available (i.e. "configure" has been run already). Signed-off-by:
Thomas Huth <thuth@redhat.com> Message-Id: <1496926799-13040-1-git-send-email-thuth@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Paolo Bonzini authored
This ensures that the request is unref'ed properly, and avoids a segmentation fault in the new qtest testcase that is added. This is CVE-2017-9503. Reported-by:
Zhangyanyu <zyy4013@stu.ouc.edu.cn> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Paolo Bonzini authored
Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Paolo Bonzini authored
Avoid TOC-TOU bugs by passing the frame_cmd down, and checking cmd->dcmd_opcode instead of cmd->frame->header.frame_cmd. Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Paolo Bonzini authored
Avoid TOC-TOU bugs by storing the DCMD opcode in the MegasasCmd Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Paolo Bonzini authored
Avoid TOC-TOU bugs depending on how the compiler behaves. Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Paolo Bonzini authored
Avoid TOC-TOU bugs depending on how the compiler behaves. Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Paolo Bonzini authored
Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Marc-André Lureau authored
Now unnecessary since ivshmem uses memory_region_init_ram_from_fd. Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20170602141229.15326-7-marcandre.lureau@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Marc-André Lureau authored
Instead of having its own mmap handling code, reuse the code from exec.c. Note: memory_region_init_ram_from_fd() adds some restrictions (check for xen, kvm sync-mmu, etc) and changes (such as size alignment). This may actually be more correct. Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20170602141229.15326-6-marcandre.lureau@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Marc-André Lureau authored
Add a new function to initialize a RAM memory region with a file descriptor to be mmap-ed. Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20170602141229.15326-5-marcandre.lureau@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Marc-André Lureau authored
Add qemu_ram_alloc_from_fd(), which can be use to allocate ramblock from fd only. Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20170602141229.15326-4-marcandre.lureau@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Marc-André Lureau authored
Move file opening part in a seperate function, file_ram_open(). This allows for reuse of file_ram_alloc() with a given fd. Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20170602141229.15326-3-marcandre.lureau@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-