- Dec 10, 2014
-
-
Stefan Hajnoczi authored
Originally the transaction QMP command was just for taking snapshots. The command became more general when drive-backup and abort were added. It is more accurate to say the command is about performing operations on an atomic group than to say it is about snapshots. Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Message-id: 1416566940-4430-2-git-send-email-stefanha@redhat.com Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Kevin Wolf authored
This is forbidden if the raw driver was probed. Signed-off-by:
Kevin Wolf <kwolf@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Message-id: 1416497234-29880-10-git-send-email-kwolf@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Kevin Wolf authored
The original intention was to pipe stderr of qemu into $fifo_out. However, the redirections were specified in the wrong order for this. This patch fixes it. Now qemu's output on stderr can be retrieved with _send_qemu_cmd, which applies several useful filters on the output that were missing before. Signed-off-by:
Kevin Wolf <kwolf@redhat.com> Reviewed-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Message-id: 1416497234-29880-9-git-send-email-kwolf@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Kevin Wolf authored
If the user neglects to specify the image format, QEMU probes the image to guess it automatically, for convenience. Relying on format probing is insecure for raw images (CVE-2008-2004). If the guest writes a suitable header to the device, the next probe will recognize a format chosen by the guest. A malicious guest can abuse this to gain access to host files, e.g. by crafting a QCOW2 header with backing file /etc/shadow. Commit 1e72d3b7 (April 2008) provided -drive parameter format to let users disable probing. Commit f965509c (March 2009) extended QCOW2 to optionally store the backing file format, to let users disable backing file probing. QED has had a flag to suppress probing since the beginning (2010), set whenever a raw backing file is assigned. All of these additions that allow to avoid format probing have to be specified explicitly. The default still allows the attack. In order to fix this, commit 79368c81 (July 2010) put probed raw images in a restricted mode, in which they wouldn't be able to overwrite the first few bytes of the image so that they would identify as a different image. If a write to the first sector would write one of the signatures of another driver, qemu would instead zero out the first four bytes. This patch was later reverted in commit 8b33d9ee (September 2010) because it didn't get the handling of unaligned qiov members right. Today's block layer that is based on coroutines and has qiov utility functions makes it much easier to get this functionality right, so this patch implements it. The other differences of this patch to the old one are that it doesn't silently write something different than the guest requested by zeroing out some bytes (it fails the request instead) and that it doesn't maintain a list of signatures in the raw driver (it calls the usual probe function instead). Note that this change doesn't introduce new breakage for false positive cases where the guest legitimately writes data into the first sector that matches the signatures of an image format (e.g. for nested virt): These cases were broken before, only the failure mode changes from corruption after the next restart (when the wrong format is probed) to failing the problematic write request. Also note that like in the original patch, the restrictions only apply if the image format has been guessed by probing. Explicitly specifying a format allows guests to write anything they like. Signed-off-by:
Kevin Wolf <kwolf@redhat.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Stefan Hajnoczi <stefanha@redhat.com> Message-id: 1416497234-29880-8-git-send-email-kwolf@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Kevin Wolf authored
The only image format driver that even potentially accesses anything after 512 bytes in its bdrv_probe() implementation is VMDK, which reads a plain-text descriptor file. In practice, the field it's looking for seems to come first and will be well within the first 512 bytes, too. Signed-off-by:
Kevin Wolf <kwolf@redhat.com> Reviewed-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Message-id: 1416497234-29880-7-git-send-email-kwolf@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Markus Armbruster authored
Signed-off-by:
Markus Armbruster <armbru@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com> Reviewed-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Message-id: 1416497234-29880-6-git-send-email-kwolf@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Kevin Wolf authored
Signed-off-by:
Kevin Wolf <kwolf@redhat.com> Reviewed-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Message-id: 1416497234-29880-5-git-send-email-kwolf@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Kevin Wolf authored
Signed-off-by:
Kevin Wolf <kwolf@redhat.com> Reviewed-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Message-id: 1416497234-29880-4-git-send-email-kwolf@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Kevin Wolf authored
This patch changes $QEMU_IO so that all tests by default pass a format argument to qemu-io. There are a few cases where -f $IMGFMT is not wanted because it selects the wrong driver or json: filenames including a driver are used. They are changed to use $QEMU_IO_PROG, which doesn't include any options. Tests 071 and 081 have output changes because now the actual request fails instead of reading the 2k probing buffer. Signed-off-by:
Kevin Wolf <kwolf@redhat.com> Reviewed-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Message-id: 1416497234-29880-3-git-send-email-kwolf@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Kevin Wolf authored
This adds a -f option to qemu-io which allows to explicitly specify the block driver to use for the given image. Signed-off-by:
Kevin Wolf <kwolf@redhat.com> Reviewed-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Message-id: 1416497234-29880-2-git-send-email-kwolf@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Fam Zheng authored
When which(1) is not installed, we would complain "perl not found" because it's the first set_prog_path check. The error message is wrong. Fix it by using "command -v", a native way to query the existence of a command. Suggested-by:
Eric Blake <eblake@redhat.com> Signed-off-by:
Fam Zheng <famz@redhat.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Message-id: 1416380832-9697-1-git-send-email-famz@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Hanna Reitz authored
Because qemu-nbd creates the BlockBackend by itself, it should create the according BlockDriverState tree by itself as well; that means, it has call bdrv_open() on its own. This is one of the places where qemu-nbd still needs to use a BlockDriverState directly (the root BDS below the BB); other places are the configuration of zero detection (which may be lifted into the BB eventually, but is not yet) and temporarily loading a snapshot. Everywhere else, though, qemu-nbd can and thus should use BlockBackend. Suggested-by:
Paolo Bonzini <pbonzini@redhat.com> Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Paolo Bonzini <pbonzini@redhat.com> Message-id: 1416309679-333-7-git-send-email-mreitz@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Hanna Reitz authored
With all externally visible functions changed to use BlockBackend, this patch makes nbd use BlockBackend for everything internally as well. While touching them, substitute 512 by BDRV_SECTOR_SIZE in the calls to blk_read(), blk_write() and blk_co_discard(). Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Paolo Bonzini <pbonzini@redhat.com> Message-id: 1416309679-333-6-git-send-email-mreitz@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Hanna Reitz authored
Substitute BlockDriverState by BlockBackend in every globally visible function provided by nbd. Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Paolo Bonzini <pbonzini@redhat.com> Message-id: 1416309679-333-5-git-send-email-mreitz@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Hanna Reitz authored
Adding something like a "delete notifier" to a BlockBackend would not make much sense, because whoever is interested in registering there will probably hold a reference to that BlockBackend; therefore, the notifier will never be called (or only when the notifiee already relinquished its reference and thus most probably is no longer interested in that notification). Therefore, this patch just passes through the close notifier interface of the root BDS. This will be called when the device is ejected, for instance, and therefore does make sense. Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Paolo Bonzini <pbonzini@redhat.com> Message-id: 1416309679-333-4-git-send-email-mreitz@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Hanna Reitz authored
Because all BlockDriverStates behind a single BlockBackend reside in a single AioContext, it is fine to just pass these functions (blk_add_aio_context_notifier() and blk_remove_aio_context_notifier()) through to the root BlockDriverState. Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Paolo Bonzini <pbonzini@redhat.com> Message-id: 1416309679-333-3-git-send-email-mreitz@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Hanna Reitz authored
There are already some blk_aio_* functions, so we might as well have blk_co_* functions (as far as we need them). This patch adds blk_co_flush(), blk_co_discard(), and also blk_invalidate_cache() (which is not a blk_co_* function but is needed nonetheless). Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Paolo Bonzini <pbonzini@redhat.com> Message-id: 1416309679-333-2-git-send-email-mreitz@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Stefan Hajnoczi authored
SATA 3.0 "10.3.1 FIS Type values" defines the constants used to differentiate between FIS types. Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
John Snow <jsnow@redhat.com> Message-id: 1415874281-7371-3-git-send-email-stefanha@redhat.com Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Stefan Hajnoczi authored
Debug code using #ifdef is susceptible to bitrot because the compiler never checks the debug code. This is easy to avoid, change the DPRINTF() macro to use if (DEBUG_AHCI) and always give it a 0 or 1 value. This also allows us to drop an #ifdef DEBUG_AHCI in ahci_start_dma() since the compiler can now see the local variable is used. The motivation for this change is a recent DEBUG_AHCI build failure due to an outdated DPRINTF() format string. From now on the compiler will catch these errors. Cc: John Snow <jsnow@redhat.com> Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
John Snow <jsnow@redhat.com> Message-id: 1415874281-7371-2-git-send-email-stefanha@redhat.com Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Hanna Reitz authored
Add one test whether blkdebug is able to generate a plain filename if given a configuration file and a file to be tested only; and add another test whether blkdebug is able to do the same without being given a configuration file. Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Message-id: 1415697825-26678-3-git-send-email-mreitz@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Hanna Reitz authored
Instead of actually recreating the options from scratch, just reuse the options given for creating the BDS, which are the configuration file name and additional options. In case there are no additional options we can thus create a plain filename. This obviously results in a different output for qemu-iotest 099 which exactly tests this filename generation. Fix it up as well. Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Message-id: 1415697825-26678-2-git-send-email-mreitz@redhat.com Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Kevin Wolf authored
Commands with multiple boolean flag options (like 'info block') didn't provide correct completion because only the first one was skipped. Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Kevin Wolf authored
The optional parameter specifying a block device allows now to use a node-name instead of a drive name (and therefore to inspect any node in the graph). The new -n options allows listing all named nodes instead of BlockBackends. Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Kevin Wolf authored
This allows printing infos of BlockDriverStates that aren't at the root of the graph (and logically implementing a BlockBackend). Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Kevin Wolf authored
The new function prints the info for a single BlockDriverState. Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Kevin Wolf authored
Signed-off-by:
Kevin Wolf <kwolf@redhat.com> Reviewed-by:
Eric Blake <eblake@redhat.com>
-
Stefan Hajnoczi authored
Add dataplane support to the change-backing-file QMP commands. By acquiring the AioContext we avoid race conditions with the dataplane thread which may also be accessing the BlockDriverState. Note that this command operates on both bs and a node in its chain (image_bs). The bdrv_chain_contains(bs, image_bs) check guarantees that bs and image_bs are in the same AioContext. Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Stefan Hajnoczi authored
By acquiring the AioContext we avoid race conditions with the dataplane thread which may also be accessing the BlockDriverState. Fix up eject, change, and block_passwd in a single patch because qmp_eject() and qmp_change_blockdev() both call eject_device(). Also fix block_passwd while we're tackling a command that takes a block encryption password. Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Stefan Hajnoczi authored
The BLOCK_OP_TYPE_INTERNAL_SNAPSHOT_DELETE op blocker exists but was never used! Let's fix that so snapshot delete can be blocked. Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Stefan Hajnoczi authored
Add dataplane support to the blockdev-snapshot-delete-internal-sync QMP command. By acquiring the AioContext we avoid race conditions with the dataplane thread which may also be accessing the BlockDriverState. Signed-off-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Hanna Reitz authored
067 invokes query-block, resulting in a reference output with really long lines (which may pose a problem in email patches and always poses a problem when the output changes, because it is hard to see what has actually changed). Use -qmp-pretty to mitigate this issue. Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Hanna Reitz authored
_filter_qmp should be able to correctly filter out the QMP version object for pretty JSON output. Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Hanna Reitz authored
Add a command line option for adding a QMP monitor using pretty JSON formatting. Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Hanna Reitz authored
For the pretty formatting, the functions converting QDicts and QLists to JSON should not print a space after the comma separating objects, because a newline will emitted immediately afterwards, making the whitespace superfluous. Signed-off-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Fam Zheng authored
This bool option will allow query all the node names. It iterates all the BDSes that are assigned a name, also in this case don't query up the backing chain. Signed-off-by:
Fam Zheng <famz@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Fam Zheng authored
Node name is a better identifier of BDS. We will want to query statistics of a BDS node buried in the BDS graph, so reporting the node's name if there is one will do the trick. Signed-off-by:
Fam Zheng <famz@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Signed-off-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Fam Zheng authored
This returns the node name of a BDS. Remove the TODO comment and expect the callers to be explicit. Signed-off-by:
Fam Zheng <famz@redhat.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
Fam Zheng authored
Similar to bdrv_next, this traverses through graph_bdrv_states. Will be useful to enumerate all the named nodes. Signed-off-by:
Fam Zheng <famz@redhat.com> Reviewed-by:
Max Reitz <mreitz@redhat.com> Reviewed-by:
Eric Blake <eblake@redhat.com> Signed-off-by:
Max Reitz <mreitz@redhat.com> Signed-off-by:
Kevin Wolf <kwolf@redhat.com>
-
- Dec 09, 2014
-
-
Peter Maydell authored
Signed-off-by:
Peter Maydell <peter.maydell@linaro.org>
-
Peter Maydell authored
Signed-off-by:
Peter Maydell <peter.maydell@linaro.org>
-