summaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)AuthorFilesLines
2016-03-23Merge remote-tracking branch 'remotes/armbru/tags/pull-ivshmem-2016-03-18' ↵Peter Maydell3-50/+55
into staging ivshmem: Fixes, cleanups, device model split # gpg: Signature made Mon 21 Mar 2016 20:33:54 GMT using RSA key ID EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" * remotes/armbru/tags/pull-ivshmem-2016-03-18: (40 commits) contrib/ivshmem-server: Print "not for production" warning ivshmem: Require master to have ID zero ivshmem: Drop ivshmem property x-memdev ivshmem: Clean up after the previous commit ivshmem: Split ivshmem-plain, ivshmem-doorbell off ivshmem ivshmem: Replace int role_val by OnOffAuto master qdev: New DEFINE_PROP_ON_OFF_AUTO ivshmem: Inline check_shm_size() into its only caller ivshmem: Simplify memory regions for BAR 2 (shared memory) ivshmem: Implement shm=... with a memory backend ivshmem: Tighten check of property "size" ivshmem: Simplify how we cope with short reads from server ivshmem: Drop the hackish test for UNIX domain chardev ivshmem: Rely on server sending the ID right after the version ivshmem: Propagate errors through ivshmem_recv_setup() ivshmem: Receive shared memory synchronously in realize() ivshmem: Plug leaks on unplug, fix peer disconnect ivshmem: Disentangle ivshmem_read() ivshmem: Simplify rejection of invalid peer ID from server ivshmem: Assert interrupts are set up once ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-03-21ivshmem: Split ivshmem-plain, ivshmem-doorbell off ivshmemMarkus Armbruster1-4/+8
ivshmem can be configured with and without interrupt capability (a.k.a. "doorbell"). The two configurations have largely disjoint options, which makes for a confusing (and badly checked) user interface. Moreover, the device can't tell the guest whether its doorbell is enabled. Create two new device models ivshmem-plain and ivshmem-doorbell, and deprecate the old one. Changes from ivshmem: * PCI revision is 1 instead of 0. The new revision is fully backwards compatible for guests. Guests may elect to require at least revision 1 to make sure they're not exposed to the funny "no shared memory, yet" state. * Property "role" replaced by "master". role=master becomes master=on, role=peer becomes master=off. Default is off instead of auto. * Property "use64" is gone. The new devices always have 64 bit BARs. Changes from ivshmem to ivshmem-plain: * The Interrupt Pin register in PCI config space is zero (does not use an interrupt pin) instead of one (uses INTA). * Property "x-memdev" is renamed to "memdev". * Properties "shm" and "size" are gone. Use property "memdev" instead. * Property "msi" is gone. The new device can't have MSI-X capability. It can't interrupt anyway. * Properties "ioeventfd" and "vectors" are gone. They're meaningless without interrupts anyway. Changes from ivshmem to ivshmem-doorbell: * Property "msi" is gone. The new device always has MSI-X capability. * Property "ioeventfd" defaults to on instead of off. * Property "size" is gone. The new device can only map all the shared memory received from the server. Guests can easily find out whether the device is configured for interrupts by checking for MSI-X capability. Note: some code added in sub-optimal places to make the diff easier to review. The next commit will move it to more sensible places. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1458066895-20632-37-git-send-email-armbru@redhat.com>
2016-03-21ivshmem: Receive shared memory synchronously in realize()Markus Armbruster1-19/+7
When configured for interrupts (property "chardev" given), we receive the shared memory from an ivshmem server. We do so asynchronously after realize() completes, by setting up callbacks with qemu_chr_add_handlers(). Keeping server I/O out of realize() that way avoids delays due to a slow server. This is probably relevant only for hot plug. However, this funny "no shared memory, yet" state of the device also causes a raft of issues that are hard or impossible to work around: * The guest is exposed to this state: when we enter and leave it its shared memory contents is apruptly replaced, and device register IVPosition changes. This is a known issue. We document that guests should not access the shared memory after device initialization until the IVPosition register becomes non-negative. For cold plug, the funny state is unlikely to be visible in practice, because we normally receive the shared memory long before the guest gets around to mess with the device. For hot plug, the timing is tighter, but the relative slowness of PCI device configuration has a good chance to hide the funny state. In either case, guests complying with the documented procedure are safe. * Migration becomes racy. If migration completes before the shared memory setup completes on the source, shared memory contents is silently lost. Fortunately, migration is rather unlikely to win this race. If the shared memory's ramblock arrives at the destination before shared memory setup completes, migration fails. There is no known way for a management application to wait for shared memory setup to complete. All you can do is retry failed migration. You can improve your chances by leaving more time between running the destination QEMU and the migrate command. To mitigate silent memory loss, you need to ensure the server initializes shared memory exactly the same on source and destination. These issues are entirely undocumented so far. I'd expect the server to be almost always fast enough to hide these issues. But then rare catastrophic races are in a way the worst kind. This is way more trouble than I'm willing to take from any device. Kill the funny state by receiving shared memory synchronously in realize(). If your hot plug hangs, go kill your ivshmem server. For easier review, this commit only makes the receive synchronous, it doesn't add the necessary error propagation. Without that, the funny state persists. The next commit will do that, and kill it off for real. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1458066895-20632-26-git-send-email-armbru@redhat.com>
2016-03-21ivshmem-test: Improve test cases /ivshmem/server-*Markus Armbruster1-7/+10
Document missing test: behavior with MSI-X present but not enabled. For MSI-X, we test and clear the interrupt pending bit before testing the interrupt. For INTx, we only clear. Change to test and clear for consistency. Test MSI-X vector 1 in addition to vector 0. Improve comments. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1458066895-20632-10-git-send-email-armbru@redhat.com>
2016-03-21ivshmem-test: Clean up wait for devices to become operationalMarkus Armbruster1-6/+4
test_ivshmem_server() waits until the first byte in BAR 2 contains the 0x42 we put into shared memory. Works because the byte reads zero until the device maps the shared memory gotten from the server. Check the IVPosition register instead: it's initially -1, and becomes non-negative right when the device maps the share memory, so no change, just cleaner, because it's what guest software is supposed to do. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1458066895-20632-9-git-send-email-armbru@redhat.com>
2016-03-21ivshmem-test: Improve test case /ivshmem/singleMarkus Armbruster1-7/+16
Test state of registers after reset. Test reading Interrupt Status clears it. Test (invalid) read of Doorbell. Add more comments. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1458066895-20632-8-git-send-email-armbru@redhat.com>
2016-03-21tests/libqos/pci-pc: Fix qpci_pc_iomap() to map BARs alignedMarkus Armbruster2-9/+12
qpci_pc_iomap() maps BARs one after the other, without padding. This is wrong. PCI Local Bus Specification Revision 3.0, 6.2.5.1. Address Maps: "all address spaces used are a power of two in size and are naturally aligned". That's because the size of a BAR is given by the number of address bits the device decodes, and the BAR needs to be mapped at a multiple of that size to ensure the address decoding works. Fix qpci_pc_iomap() accordingly. This takes care of a FIXME in ivshmem-test. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <1458066895-20632-7-git-send-email-armbru@redhat.com>
2016-03-21event_notifier: Make event_notifier_init_fd() #ifdef CONFIG_EVENTFDMarkus Armbruster1-1/+1
Event notifiers are designed for eventfd(2). They can fall back to pipes, but according to Paolo, event_notifier_init_fd() really requires the real thing, and should therefore be under #ifdef CONFIG_EVENTFD. Do that. Its only user is ivshmem, which is currently CONFIG_POSIX. Narrow it to CONFIG_EVENTFD. Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <1458066895-20632-6-git-send-email-armbru@redhat.com>
2016-03-18Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2016-03-18' into ↵Peter Maydell16-147/+152
staging QAPI patches for 2016-03-18 # gpg: Signature made Fri 18 Mar 2016 09:54:57 GMT using RSA key ID EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" * remotes/armbru/tags/pull-qapi-2016-03-18: qapi: Use anonymous bases in QMP flat unions qapi: Allow anonymous base for flat union qapi: Make BlockdevOptions doc example closer to reality qapi: Don't special-case simple union wrappers qapi: Drop unused c_null() qapi: Inline gen_visit_members() into lone caller qapi-commands: Inline single-use helpers of gen_marshal() qapi-commands: Utilize implicit struct visits qapi-event: Utilize implicit struct visits qapi-event: Drop qmp_output_get_qobject() null check qapi: Emit implicit structs in generated C qapi: Adjust names of implicit types qapi: Make c_type() more OO-like qapi: Fix command with named empty argument type qapi: Assert in places where variants are not handled Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-03-18ivshmem-server: Don't overload POSIX shmem and file nameMarkus Armbruster1-1/+1
Option -m NAME is interpreted as directory name if we can statfs() it and its on hugetlbfs. Else it's interpreted as POSIX shared memory object name. This is nuts. Always interpret -m as directory. Create new -M for POSIX shared memory. Last of -m or -M wins. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <1458066895-20632-4-git-send-email-armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2016-03-18qapi: Allow anonymous base for flat unionEric Blake4-14/+9
Rather than requiring all flat unions to explicitly create a separate base struct, we can allow the qapi schema to specify the common members via an inline dictionary. This is similar to how commands can specify an inline anonymous type for its 'data'. We already have several struct types that only exist to serve as a single flat union's base; the next commit will clean them up. In particular, this patch's change to the BlockdevOptions example in qapi-code-gen.txt will actually be done in the real QAPI schema. Now that anonymous bases are legal, we need to rework the flat-union-bad-base negative test (as previously written, it forms what is now valid QAPI; tweak it to now provide coverage of a new error message path), and add a positive test in qapi-schema-test to use an anonymous base (making the integer argument optional, for even more coverage). Note that this patch only allows anonymous bases for flat unions; simple unions are already enough syntactic sugar that we do not want to burden them further. Meanwhile, while it would be easy to also allow an anonymous base for structs, that would be quite redundant, as the members can be put right into the struct instead. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1458254921-17042-15-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-03-18qapi: Don't special-case simple union wrappersEric Blake4-45/+46
Simple unions were carrying a special case that hid their 'data' QMP member from the resulting C struct, via the hack method QAPISchemaObjectTypeVariant.simple_union_type(). But by using the work we started by unboxing flat union and alternate branches, coupled with the ability to visit the members of an implicit type, we can now expose the simple union's implicit type in qapi-types.h: | struct q_obj_ImageInfoSpecificQCow2_wrapper { | ImageInfoSpecificQCow2 *data; | }; | | struct q_obj_ImageInfoSpecificVmdk_wrapper { | ImageInfoSpecificVmdk *data; | }; ... | struct ImageInfoSpecific { | ImageInfoSpecificKind type; | union { /* union tag is @type */ | void *data; |- ImageInfoSpecificQCow2 *qcow2; |- ImageInfoSpecificVmdk *vmdk; |+ q_obj_ImageInfoSpecificQCow2_wrapper qcow2; |+ q_obj_ImageInfoSpecificVmdk_wrapper vmdk; | } u; | }; Doing this removes asymmetry between QAPI's QMP side and its C side (both sides now expose 'data'), and means that the treatment of a simple union as sugar for a flat union is now equivalent in both languages (previously the two approaches used a different layer of dereferencing, where the simple union could be converted to a flat union with equivalent C layout but different {} on the wire, or to an equivalent QMP wire form but with different C representation). Using the implicit type also lets us get rid of the simple_union_type() hack. Of course, now all clients of simple unions have to adjust from using su->u.member to using su->u.member.data; while this touches a number of files in the tree, some earlier cleanup patches helped minimize the change to the initialization of a temporary variable rather than every single member access. The generated qapi-visit.c code is also affected by the layout change: |@@ -7393,10 +7393,10 @@ void visit_type_ImageInfoSpecific_member | } | switch (obj->type) { | case IMAGE_INFO_SPECIFIC_KIND_QCOW2: |- visit_type_ImageInfoSpecificQCow2(v, "data", &obj->u.qcow2, &err); |+ visit_type_q_obj_ImageInfoSpecificQCow2_wrapper_members(v, &obj->u.qcow2, &err); | break; | case IMAGE_INFO_SPECIFIC_KIND_VMDK: |- visit_type_ImageInfoSpecificVmdk(v, "data", &obj->u.vmdk, &err); |+ visit_type_q_obj_ImageInfoSpecificVmdk_wrapper_members(v, &obj->u.vmdk, &err); | break; | default: | abort(); Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1458254921-17042-13-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-03-18qapi: Adjust names of implicit typesEric Blake9-88/+88
The original choice of ':obj-' as the prefix for implicit types made it obvious that we weren't going to clash with any user-defined names, which cannot contain ':'. But now we want to create structs for implicit types, to get rid of special cases in the generators, and our use of ':' in implicit names needs a tweak to produce valid C code. We could transliterate ':' to '_', except that C99 mandates that "identifiers that begin with an underscore are always reserved for use as identifiers with file scope in both the ordinary and tag name spaces". So it's time to change our naming convention: we can instead use the 'q_' prefix that we reserved for ourselves back in commit 9fb081e0. Technically, since we aren't planning on exposing the empty type in generated code, we could keep the name ':empty', but renaming it to 'q_empty' makes the check for startswith('q_') cover all implicit types, whether or not code is generated for them. As long as we don't declare 'empty' or 'obj' ticklish, it shouldn't clash with c_name() prepending 'q_' to the user's ticklish names. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1458254921-17042-5-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-03-18qapi: Fix command with named empty argument typeEric Blake3-0/+9
The generator special-cased { 'command':'foo', 'data': {} } to avoid emitting a visitor variable, but failed to see that { 'struct':'NamedEmptyType, 'data': {} } { 'command':'foo', 'data':'NamedEmptyType' } needs the same treatment. There, the generator happily generates a visitor to get no arguments, and a visitor to destroy no arguments; and the compiler isn't happy with that, as demonstrated by the updated qapi-schema-test.json: tests/test-qmp-marshal.c: In function ‘qmp_marshal_user_def_cmd0’: tests/test-qmp-marshal.c:264:14: error: variable ‘v’ set but not used [-Werror=unused-but-set-variable] Visitor *v; ^ No change to generated code except for the testsuite addition. Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1458254921-17042-3-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-03-17Merge remote-tracking branch ↵Peter Maydell8-2/+1771
'remotes/berrange/tags/pull-qcrypto-2016-03-17-3' into staging Merge QCrypto 2016/03/17 v3 # gpg: Signature made Thu 17 Mar 2016 16:51:32 GMT using RSA key ID 15104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" * remotes/berrange/tags/pull-qcrypto-2016-03-17-3: crypto: implement the LUKS block encryption format crypto: add block encryption framework crypto: wire up XTS mode for cipher APIs crypto: refactor code for dealing with AES cipher crypto: import an implementation of the XTS cipher mode crypto: add support for the twofish cipher algorithm crypto: add support for the serpent cipher algorithm crypto: add support for the cast5-128 cipher algorithm crypto: skip testing of unsupported cipher algorithms crypto: add support for anti-forensic split algorithm crypto: add support for generating initialization vectors crypto: add support for PBKDF2 algorithm crypto: add cryptographic random byte source Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-03-17crypto: implement the LUKS block encryption formatDaniel P. Berrange1-2/+125
Provide a block encryption implementation that follows the LUKS/dm-crypt specification. This supports all combinations of hash, cipher algorithm, cipher mode and iv generator that are implemented by the current crypto layer. There is support for opening existing volumes formatted by dm-crypt, and for formatting new volumes. In the latter case it will only use key slot 0. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17iotests: Test QUORUM_REPORT_BAD in fifo modeAlberto Garcia2-4/+17
Signed-off-by: Alberto Garcia <berto@igalia.com> Message-id: c0a8dbfdbe939520cda5f661af6f1cd7b6b4df9d.1458034554.git.berto@igalia.com Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-03-17blockdev: Split monitor reference from BB creationMax Reitz1-1/+1
Before this patch, blk_new() automatically assigned a name to the new BlockBackend and considered it referenced by the monitor. This patch removes the implicit monitor_add_blk() call from blk_new() (and consequently the monitor_remove_blk() call from blk_delete(), too) and thus blk_new() (and related functions) no longer take a BB name argument. In fact, there is only a single point where blk_new()/blk_new_open() is called and the new BB is monitor-owned, and that is in blockdev_init(). Besides thus relieving us from having to invent names for all of the BBs we use in qemu-img, this fixes a bug where qemu cannot create a new image if there already is a monitor-owned BB named "image". If a BB and its BDS tree are created in a single operation, as of this patch the BDS tree will be created before the BB is given a name (whereas it was the other way around before). This results in minor change to the output of iotest 087, whose reference output is amended accordingly. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-03-17block: Drop BB name from bad option errorMax Reitz2-8/+8
The information which BB is concerned does not seem useful enough to justify its existence in most other place (which may be related to qemu printing the -drive parameter in question anyway, and for blockdev-add the attribution is naturally unambiguous). Furthermore, as of a future patch, bdrv_get_device_name(bs) will always return the empty string before bdrv_open_inherit() returns. Therefore, just dropping that information seems to be the best course of action. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-03-17qapi: Drop QERR_UNKNOWN_BLOCK_FORMAT_FEATUREMax Reitz1-8/+8
Just specifying a custom string is simpler in basically all places that used it, and in addition, specifying the BB or node name is something we generally do not do in other error messages when opening a BDS, so we should not do it here. This changes the output for iotest 036 (to the better, in my opinion), so the reference output needs to be changed accordingly. Signed-off-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-03-17crypto: add block encryption frameworkDaniel P. Berrange3-0/+242
Add a generic framework for supporting different block encryption formats. Upon instantiating a QCryptoBlock object, it will read the encryption header and extract the encryption keys. It is then possible to call methods to encrypt/decrypt data buffers. There is also a mode whereby it will create/initialize a new encryption header on a previously unformatted volume. The initial framework comes with support for the legacy QCow AES based encryption. This enables code in the QCow driver to be consolidated later. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: wire up XTS mode for cipher APIsDaniel P. Berrange1-1/+133
Introduce 'XTS' as a permitted mode for the cipher APIs. With XTS the key provided must be twice the size of the key normally required for any given algorithm. This is because the key will be split into two pieces for use in XTS mode. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: import an implementation of the XTS cipher modeDaniel P. Berrange3-0/+426
The XTS (XEX with tweaked-codebook and ciphertext stealing) cipher mode is commonly used in full disk encryption. There is unfortunately no implementation of it in either libgcrypt or nettle, so we need to provide our own. The libtomcrypt project provides a repository of crypto algorithms under a choice of either "public domain" or the "what the fuck public license". So this impl is taken from the libtomcrypt GIT repo and adapted to be compatible with the way we need to call ciphers provided by nettle/gcrypt. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: add support for the twofish cipher algorithmDaniel P. Berrange1-0/+29
New cipher algorithms 'twofish-128', 'twofish-192' and 'twofish-256' are defined for the Twofish algorithm. The gcrypt backend does not support 'twofish-192'. The nettle and gcrypt cipher backends are updated to support the new cipher and a test vector added to the cipher test suite. The new algorithm is enabled in the LUKS block encryption driver. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: add support for the serpent cipher algorithmDaniel P. Berrange1-0/+39
New cipher algorithms 'serpent-128', 'serpent-192' and 'serpent-256' are defined for the Serpent algorithm. The nettle and gcrypt cipher backends are updated to support the new cipher and a test vector added to the cipher test suite. The new algorithm is enabled in the LUKS block encryption driver. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: add support for the cast5-128 cipher algorithmDaniel P. Berrange1-0/+9
A new cipher algorithm 'cast-5-128' is defined for the Cast-5 algorithm with 128 bit key size. Smaller key sizes are supported by Cast-5, but nothing in QEMU should use them, so only 128 bit keys are permitted. The nettle and gcrypt cipher backends are updated to support the new cipher and a test vector added to the cipher test suite. The new algorithm is enabled in the LUKS block encryption driver. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: skip testing of unsupported cipher algorithmsDaniel P. Berrange1-1/+3
We don't guarantee that all crypto backends will support all cipher algorithms, so we should skip tests unless the crypto backend indicates support. Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: add support for anti-forensic split algorithmDaniel P. Berrange3-0/+196
The LUKS format specifies an anti-forensic split algorithm which is used to artificially expand the size of the key material on disk. This is an implementation of that algorithm. Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: add support for generating initialization vectorsDaniel P. Berrange3-0/+176
There are a number of different algorithms that can be used to generate initialization vectors for disk encryption. This introduces a simple internal QCryptoBlockIV object to provide a consistent internal API to the different algorithms. The initially implemented algorithms are 'plain', 'plain64' and 'essiv', each matching the same named algorithm provided by the Linux kernel dm-crypt driver. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-17crypto: add support for PBKDF2 algorithmDaniel P. Berrange3-0/+395
The LUKS data format includes use of PBKDF2 (Password-Based Key Derivation Function). The Nettle library can provide an implementation of this, but we don't want code directly depending on a specific crypto library backend. Introduce a new include/crypto/pbkdf.h header which defines a QEMU API for invoking PBKDK2. The initial implementations are backed by nettle & gcrypt, which are commonly available with distros shipping GNUTLS. The test suite data is taken from the cryptsetup codebase under the LGPLv2.1+ license. This merely aims to verify that whatever backend we provide for this function in QEMU will comply with the spec. Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-16Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell2-0/+0
acpi: minor fix Since previous pull acpi test triggers warnings, fix it up. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Tue 15 Mar 2016 21:26:38 GMT using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: acpi-test: update UID for GSI links Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-03-15acpi-test: update UID for GSI linksMichael S. Tsirkin2-0/+0
Update acpi test data to match commit 6a991e07bb8eeb7d7799a949c0528dffb84b2a98 ("hw/acpi: fix GSI links UID"). Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-03-15Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell4-0/+0
vhost, virtio, pci, pc, acpi nvdimm work sparse cpu id rework ipmi enhancements fixes all over the place pxb option to tweak chassis number Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Tue 15 Mar 2016 14:33:10 GMT using RSA key ID D28D5469 # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" * remotes/mst/tags/for_upstream: (51 commits) hw/acpi: fix GSI links UID ipmi: add some local variables in ipmi_sdr_init ipmi: remove the need of an ending record in the SDR table ipmi: use a function to initialize the SDR table ipmi: add a realize function to the device class ipmi: add rsp_buffer_set_error() helper ipmi: remove IPMI_CHECK_RESERVATION() macro ipmi: replace IPMI_ADD_RSP_DATA() macro with inline helpers ipmi: remove IPMI_CHECK_CMD_LEN() macro MAINTAINERS: machine core MAINTAINERS: Add an entry for virtio header files pc: acpi: clarify why possible LAPIC entries must be present in MADT pc: acpi: drop cpu->found_cpus bitmap pc: acpi: create Processor and Notify objects only for valid lapics pc: acpi: create MADT.lapic entries only for valid lapics pc: acpi: SRAT: create only valid processor lapic entries pc: acpi: cleanup qdev_get_machine() calls machine: introduce MachineClass.possible_cpu_arch_ids() hook pc: init pcms->apic_id_limit once and use it throughout pc.c pc: acpi: remove NOP assignment ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-03-15Merge remote-tracking branch ↵Peter Maydell1-21/+49
'remotes/berrange/tags/pull-io-next-2016-03-15-1' into staging Merge I/O fixes # gpg: Signature made Tue 15 Mar 2016 14:42:43 GMT using RSA key ID 15104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" * remotes/berrange/tags/pull-io-next-2016-03-15-1: io: stronger check for support for IPv4/6 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-03-15io: stronger check for support for IPv4/6Daniel P. Berrange1-21/+49
Instead of just checking for bind(), also check whether getaddrinfo can resolve IPv6 addresses. This catches failure when travis runs QEMU builds inside minimal docker containers Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-14iotests: Add test for QMP event ratesAlberto Garcia3-0/+135
This test verifies that the rate-limited QMP events are emitted at a maximum rate of 1 per second as defined in monitor_qapi_event_conf in monitor.c It also checks that QUORUM_REPORT_BAD events generated from different nodes are kept in separate queues so they don't mask each other. Signed-off-by: Alberto Garcia <berto@igalia.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Message-id: 0dbd3ee88a59a6363042ad81cfb345037bfbf612.1457610443.git.berto@igalia.com [mreitz@redhat.com: Renamed test from 146 to 148] Signed-off-by: Max Reitz <mreitz@redhat.com>
2016-03-14iotests: Correct 081's reference outputMax Reitz1-1/+1
The newly added type parameter for the QUORUM_REPORT_BAD event changed the output of iotest 081, so the reference should be amended accordingly. Signed-off-by: Max Reitz <mreitz@redhat.com> Message-id: 1457705687-27122-1-git-send-email-mreitz@redhat.com Reviewed-by: Alberto Garcia <berto@igalia.com>
2016-03-14block/vpc: add tests for image creation force_size parameterJeff Cody2-0/+83
Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-03-14block/vpc: tests for auto-detecting VPC and Hyper-V VHD imagesJeff Cody6-0/+153
This tests auto-detection, and overrides, of VHD image sizes created by Virtual PC, Hyper-V, and Disk2vhd. This adds three sample images: hyperv2012r2-dynamic.vhd.bz2 - dynamic VHD image created with Hyper-V virtualpc-dynamic.vhd.bz2 - dynamic VHD image created with Virtual PC d2v-zerofilled.vhd.bz2 - dynamic VHD image created with Disk2vhd Signed-off-by: Jeff Cody <jcody@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-03-11acpi-test-data: add _DIS methodsMichael S. Tsirkin2-0/+0
commit c82f503dd5c3f0a01a9e63741f1f875652669867 ("hw/acpi: fix Q35 support for legacy Windows OS") added _DIS for all link devices. Update expected test files accordingly. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-03-11i386: update expected DSDTMichael S. Tsirkin4-0/+0
DSDT was changed by: commit 27b9fc54d23acd8f6829e850a027b3b3878cba37 ("i386: populate floppy drive information in DSDT"). Update expected files accordingly. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2016-03-10io: assert errors before asserting content in I/O testDaniel P. Berrange1-2/+2
When checking the results of an I/O operation test, assert that the error objects are NULL before asserting on the content. This is found to give more useful indication of the problem when diagnosing test failures. Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-10io: set correct error object in background reader test threadDaniel P. Berrange1-1/+1
The reader thread was accidentally setting the error pointer intended for the writer thread. If both threads set errors this would result in QEMU abort'ing due to the error already being set. Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-10io: wait for incoming client in socket testDaniel P. Berrange1-0/+2
Exercise the GSource code for server sockets by calling qio_channel_wait() prior to accepting the incoming client. Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-10io: bind to socket before creating QIOChannelSocketDaniel P. Berrange1-0/+10
In the QIOChannelSocket test we create a socket file descriptor and then try to create a QIOChannelSocket. This works on Linux, but fails on Win32 because it is not valid to call getsockname() on an unbound socket. Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-10io: initialize sockets in test programDaniel P. Berrange1-0/+1
The win32 sockets layer requires that socket_init() is called otherwise nothing will work. Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-10io: use bind() to check for IPv4/6 availabilityDaniel P. Berrange1-48/+31
Currently the test-io-channel-socket.c test uses getifaddrs to see if an IPv4/6 address is present on any host NIC, as a way to determine if IPv4/6 sockets can be used. This is problematic because getifaddrs is not available on Win32. Rather than testing indirectly via getifaddrs, just create a socket and try to bind() to the loopback address instead. Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-03-08tests: update acpi test dataGerd Hoffmann4-0/+0
using tests/acpi-test-data/rebuild-expected-aml.sh Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-03-05qapi: Drop useless 'data' member of unionsEric Blake5-18/+0
We started moving away from the use of the 'void *data' member in the C union corresponding to a QAPI union back in commit 544a373; recent commits have gotten rid of other uses. Now that it is completely unused, we can remove the member itself as well as the FIXME comment. Update the testsuite to drop the negative test union-clash-data. Signed-off-by: Eric Blake <eblake@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1457021813-10704-11-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2016-03-05util: Shorten references into SocketAddressEric Blake1-13/+21
An upcoming patch will alter how simple unions, like SocketAddress, are laid out, which will impact all lines of the form 'addr->u.XXX' (expanding it to the longer 'addr->u.XXX.data'). For better legibility in that patch, and less need for line wrapping, it's better to use a temporary variable to reduce the effect of a layout change to just the variable initializations, rather than every reference within a SocketAddress. Also, take advantage of some C99 initialization where it makes sense (simplifying g_new0() to g_new()). Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <1457021813-10704-7-git-send-email-eblake@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>