Select Git revision
Search by author
- Any Author
- authors
-
Adrien Ricciardi
RICCIARDI-Adrien-BayLibre
-
Alexandre Bailon abailon
-
Andrew Stubbs
ams
-
Anne Françoise Gros afgros
-
BayLibreCI baylibreCI
-
Bernhard Rosenkränzer
bero
-
Carlo Caione carlo.caione
-
Christophe Baylibre
BLChristopheCBO
-
Drew Fustini dfustini
-
Guillaume LA ROQUE glaroque
-
Guillaume Pain gpain
-
Guillaume Ranquet granquet
-
Jeremy Robinson jrobinson
-
Jerome Brunet
jbrunet
-
Julien Masson
JulienMasson
-
Julien Morin
jmorin2
-
Julien Stephan jstephan
-
Jérémie Garcia jgarcia
-
Kevin Hilman khilman
-
Markus Schneider-Pargmann msp8
- Mar 13, 2023
-
-
Marc-André Lureau authored
Use a close() wrapper instead, so that we don't need to worry about closesocket() vs close() anymore, let's hope. Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by:
Stefan Berger <stefanb@linux.ibm.com> Message-Id: <20230221124802.4103554-17-marcandre.lureau@redhat.com>
-
- Mar 07, 2023
-
-
Zhenwei Pi authored
Now we can use "query-stats" QMP command to query statistics of crypto devices. (Originally this was designed to show statistics by '{"execute": "query-cryptodev"}'. Daniel Berrangé suggested that querying configuration info by "query-cryptodev", and querying runtime performance info by "query-stats". This makes sense!) Example: ~# virsh qemu-monitor-command vm '{"execute": "query-stats", \ "arguments": {"target": "cryptodev"} }' | jq { "return": [ { "provider": "cryptodev", "stats": [ { "name": "asym-verify-bytes", "value": 7680 }, ... { "name": "asym-decrypt-ops", "value": 32 }, { "name": "asym-encrypt-ops", "value": 48 } ], "qom-path": "/objects/cryptodev0" # support asym only }, { "provider": "cryptodev", "stats": [ { "name": "asym-verify-bytes", "value": 0 }, ... { "name": "sym-decrypt-bytes", "value": 5376 }, ... ], "qom-path": "/objects/cryptodev1" # support asym/sym } ], "id": "libvirt-422" } Suggested-by:Daniel P. Berrangé <berrange@redhat.com> Reviewed-by:
zhenwei pi <pizhenwei@bytedance.com> Message-Id: <20230301105847.253084-12-pizhenwei@bytedance.com> Reviewed-by:
Michael S. Tsirkin <mst@redhat.com> Signed-off-by:
-
Zhenwei Pi authored
Add 'throttle-bps' and 'throttle-ops' limitation to set QoS. The two arguments work with both QEMU command line and QMP command. Example of QEMU command line: -object cryptodev-backend-builtin,id=cryptodev1,throttle-bps=1600,\ throttle-ops=100 Example of QMP command: virsh qemu-monitor-command buster --hmp qom-set /objects/cryptodev1 \ throttle-ops 100 or cancel limitation: virsh qemu-monitor-command buster --hmp qom-set /objects/cryptodev1 \ throttle-ops 0 Reviewed-by:
-
Zhenwei Pi authored
Account OPS/BPS for crypto device, this will be used for 'query-stats' QEMU monitor command and QoS in the next step. Note that a crypto device may support symmetric mode, asymmetric mode, both symmetric and asymmetric mode. So we use two structure to describe the statistics of a crypto device. Signed-off-by:
-
Zhenwei Pi authored
Move queue_index, CryptoDevCompletionFunc and opaque into struct CryptoDevBackendOpInfo, then cryptodev_backend_crypto_operation() needs an argument CryptoDevBackendOpInfo *op_info only. And remove VirtIOCryptoReq from cryptodev. It's also possible to hide VirtIOCryptoReq into virtio-crypto.c in the next step. (In theory, VirtIOCryptoReq is a private structure used by virtio-crypto only) Reviewed-by:
-
Zhenwei Pi authored
Example of this command: # virsh qemu-monitor-command vm --hmp info cryptodev cryptodev1: service=[akcipher|mac|hash|cipher] queue 0: type=builtin cryptodev0: service=[akcipher] queue 0: type=lkcf Acked-by:Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by:
-
Zhenwei Pi authored
Rather than exposing akcipher service/RSA algorithm to virtio crypto device unconditionally, detect akcipher capability from akcipher crypto framework. This avoids unsuccessful requests. Reviewed-by:
-
Zhenwei Pi authored
Now we have a QMP command to query crypto devices: virsh qemu-monitor-command vm '{"execute": "query-cryptodev"}' | jq { "return": [ { "service": [ "akcipher", "mac", "hash", "cipher" ], "id": "cryptodev1", "client": [ { "queue": 0, "type": "builtin" } ] }, { "service": [ "akcipher" ], "id": "cryptodev0", "client": [ { "queue": 0, "type": "lkcf" } ] } ], "id": "libvirt-417" } Reviewed-by: -
Zhenwei Pi authored
Introduce cryptodev service type in cryptodev.json, then apply this to related codes. Now we can remove VIRTIO_CRYPTO_SERVICE_xxx dependence from QEMU cryptodev. Reviewed-by:
-
Zhenwei Pi authored
Introduce cryptodev alg type in cryptodev.json, then apply this to related codes, and drop 'enum CryptoDevBackendAlgType'. There are two options: 1, { 'enum': 'QCryptodevBackendAlgType', 'prefix': 'CRYPTODEV_BACKEND_ALG', 'data': ['sym', 'asym']} Then we can keep 'CRYPTODEV_BACKEND_ALG_SYM' and avoid lots of changes. 2, changes in this patch(with prefix 'QCRYPTODEV_BACKEND_ALG'). To avoid breaking the rule of QAPI, use 2 here. Reviewed-by: -
Zhenwei Pi authored
We have already used qapi to generate crypto device types, this allows to convert type to a string 'model', so the 'model' field is not needed. And the 'name' field is not used by any backend driver, drop it. Reviewed-by:
-
Zhenwei Pi authored
Introduce QCryptodevBackendType in cryptodev.json, also apply this to related codes. Then we can drop 'enum CryptoDevBackendOptionsType'. Note that `CRYPTODEV_BACKEND_TYPE_NONE` is *NOT* used by anywhere, so drop it(no 'none' enum in QCryptodevBackendType). Reviewed-by:
-
- Mar 02, 2023
-
-
Alex Bennée authored
While ioeventfds are needed for good performance with KVM guests it should not be a gating requirement. We can run vhost-user backends using simulated ioeventfds or inband signalling. With this change I can run: $QEMU $OPTS \ -display gtk,gl=on \ -device vhost-user-gpu-pci,chardev=vhgpu \ -chardev socket,id=vhgpu,path=vhgpu.sock with: ./contrib/vhost-user-gpu/vhost-user-gpu \ -s vhgpu.sock \ -v and at least see things start-up - although the display gets rotated by 180 degrees. Once lightdm takes over we never make it to the login prompt and just get a blank screen. Signed-off-by:Alex Bennée <alex.bennee@linaro.org> Cc: Gerd Hoffmann <kraxel@redhat.com> Message-Id: <20221202132231.1048669-1-alex.bennee@linaro.org> Message-Id: <20230130124728.175610-1-alex.bennee@linaro.org> Reviewed-by:
Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by:
-
- Feb 23, 2023
-
-
Markus Armbruster authored
Signed-off-by:
Markus Armbruster <armbru@redhat.com> Message-Id: <20230207075115.1525-2-armbru@redhat.com> Reviewed-by:
Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by:
Juan Quintela <quintela@redhat.com> Reviewed-by:
Konstantin Kostiuk <kkostiuk@redhat.com>
-
- Feb 08, 2023
-
-
Markus Armbruster authored
Tracked down with the help of scripts/clean-includes. Signed-off-by:
Greg Kurz <groug@kaod.org> Reviewed-by:
-
Markus Armbruster authored
This commit was created with scripts/clean-includes. Signed-off-by:
Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by:
-
Markus Armbruster authored
This commit was created with scripts/clean-includes. Signed-off-by:
-
- Jan 16, 2023
-
-
Guoyi Tu authored
As qemu_socketpair() was introduced in commit 3c63b4e9 ("oslib-posix: Introduce qemu_socketpair()"), it's time to replace the other existing socketpair() calls with qemu_socketpair() if possible Signed-off-by:
Guoyi Tu <tugy@chinatelecom.cn> Acked-by:
Thomas Huth <thuth@redhat.com> Reviewed-by:
Laurent Vivier <laurent@vivier.eu>
-
- Dec 28, 2022
-
-
Michal Privoznik authored
If a memory-backend is configured with mode HOST_MEM_POLICY_PREFERRED then host_memory_backend_memory_complete() calls mbind() as: mbind(..., MPOL_PREFERRED, nodemask, ...); Here, 'nodemask' is a bitmap of host NUMA nodes and corresponds to the .host-nodes attribute. Therefore, there can be multiple nodes specified. However, the documentation to MPOL_PREFERRED says: MPOL_PREFERRED This mode sets the preferred node for allocation. ... If nodemask specifies more than one node ID, the first node in the mask will be selected as the preferred node. Therefore, only the first node is honored and the rest is silently ignored. Well, with recent changes to the kernel and numactl we can do better. The Linux kernel added in v5.15 via commit cfcaa66f8032 ("mm/hugetlb: add support for mempolicy MPOL_PREFERRED_MANY") support for MPOL_PREFERRED_MANY, which accepts multiple preferred NUMA nodes instead. Then, numa_has_preferred_many() API was introduced to numactl (v2.0.15~26) allowing applications to query kernel support. Wiring this all together, we can pass MPOL_PREFERRED_MANY to the mbind() call instead and stop ignoring multiple nodes, silently. Signed-off-by:Michal Privoznik <mprivozn@redhat.com> Message-Id: <a0b4adce1af5bd2344c2218eb4a04b3ff7bcfdb4.1671097918.git.mprivozn@redhat.com> Reviewed-by:
David Hildenbrand <david@redhat.com> Signed-off-by:
-
- Dec 14, 2022
-
-
Markus Armbruster authored
The has_FOO for pointer-valued FOO are redundant, except for arrays. They are also a nuisance to work with. Recent commit "qapi: Start to elide redundant has_FOO in generated C" provided the means to elide them step by step. This is the step for qapi/tpm.json. Said commit explains the transformation in more detail. The invariant violations mentioned there do not occur here. Cc: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by:
-
- Dec 01, 2022
-
-
Stefano Garzarella authored
Commit 02b61f38 ("hw/virtio: incorporate backend features in features") properly negotiates VHOST_USER_F_PROTOCOL_FEATURES with the vhost-user backend, but we forgot to enable vrings as specified in docs/interop/vhost-user.rst: If ``VHOST_USER_F_PROTOCOL_FEATURES`` has not been negotiated, the ring starts directly in the enabled state. If ``VHOST_USER_F_PROTOCOL_FEATURES`` has been negotiated, the ring is initialized in a disabled state and is enabled by ``VHOST_USER_SET_VRING_ENABLE`` with parameter 1. Some vhost-user front-ends already did this by calling vhost_ops.vhost_set_vring_enable() directly: - backends/cryptodev-vhost.c - hw/net/virtio-net.c - hw/virtio/vhost-user-gpio.c But most didn't do that, so we would leave the vrings disabled and some backends would not work. We observed this issue with the rust version of virtiofsd [1], which uses the event loop [2] provided by the vhost-user-backend crate where requests are not processed if vring is not enabled. Let's fix this issue by enabling the vrings in vhost_dev_start() for vhost-user front-ends that don't already do this directly. Same thing also in vhost_dev_stop() where we disable vrings. [1] https://gitlab.com/virtio-fs/virtiofsd [2] https://github.com/rust-vmm/vhost/blob/240fc2966/crates/vhost-user-backend/src/event_loop.rs#L217 Fixes: 02b61f38 ("hw/virtio: incorporate backend features in features") Reported-by:
German Maglione <gmaglione@redhat.com> Tested-by:
Stefano Garzarella <sgarzare@redhat.com> Acked-by:
Raphael Norwitz <raphael.norwitz@nutanix.com> Message-Id: <20221123131630.52020-1-sgarzare@redhat.com> Signed-off-by:
-
- Nov 02, 2022
-
-
Lei He authored
cryptodev: Added a new type of backend named lkcf-backend for cryptodev. This backend upload asymmetric keys to linux kernel, and let kernel do the accelerations if possible. The lkcf stands for Linux Kernel Cryptography Framework. Signed-off-by:
lei he <helei.sig11@bytedance.com> Message-Id: <20221008085030.70212-5-helei.sig11@bytedance.com> Reviewed-by:
-
Lei He authored
virtio-crypto: Modify the current interface of virtio-crypto device to support asynchronous mode. Signed-off-by:
-
- Oct 27, 2022
-
-
David Hildenbrand authored
Let's allow for specifying a thread context via the "prealloc-context" property. When set, preallcoation threads will be crated via the thread context -- inheriting the same CPU affinity as the thread context. Pinning preallcoation threads to CPUs can heavily increase performance in NUMA setups, because, preallocation from a CPU close to the target NUMA node(s) is faster then preallocation from a CPU further remote, simply because of memory bandwidth for initializing memory with zeroes. This is especially relevant for very large VMs backed by huge/gigantic pages, whereby preallocation is mandatory. Reviewed-by:
-
David Hildenbrand authored
... and implement it under POSIX. When a ThreadContext is provided, create new threads via the context such that these new threads obtain a properly configured CPU affinity. Reviewed-by:
-
David Hildenbrand authored
Let's * give the function a "qemu_*" style name * make sure the parameters in the implementation match the prototype * rename smp_cpus to max_threads, which makes the semantics of that parameter clearer ... and add a function documentation. Reviewed-by:
-
Markus Armbruster authored
When you try to set virtio-rng property "filename" after the backend has been completed with user_creatable_complete(), the error message blames "insufficient permission": $ qemu-system-x86_64 -S -display none -nodefaults -monitor stdio -object rng-random,id=rng0 -device virtio-rng,id=vrng0,rng=rng0 QEMU 7.1.50 monitor - type 'help' for more information (qemu) qom-set /objects/rng0 filename /dev/random Error: Insufficient permission to perform this operation This implies it could work with "sufficient permission". It can't. Change the error message to: Error: Property 'filename' can no longer be set Same for cryptodev-vhost-user property "chardev", rng-egd property "chardev", and vhost-user-backend property "chardev". Signed-off-by:
-
- Sep 13, 2022
-
-
Stefan Berger authored
Swtpm may release the lock once the last one of its state blobs has been migrated out. In case of VM migration failure QEMU now needs to notify swtpm that it should again take the lock, which it can otherwise only do once it has received the first TPM command from the VM. Only try to send the lock command if swtpm supports it. It will not have released the lock (and support shared storage setups) if it doesn't support the locking command since the functionality of releasing the lock upon state blob reception and the lock command were added to swtpm 'together'. If QEMU sends the lock command and the storage has already been locked no error is reported. If swtpm does not receive the lock command (from older version of QEMU), it will lock the storage once the first TPM command has been received. So sending the lock command is an optimization. Signed-off-by:
-
Stefan Berger authored
Use the latest tpm_ioctl.h from upstream swtpm project. Signed-off-by:
-
- Sep 09, 2022
-
-
Ross Lagerwall authored
When resuming after a migration, the backend sends CMD_INIT to the emulator from the startup callback, then it sends the migration state from the vmstate to the emulator, then it sends CMD_INIT again. Skip the first CMD_INIT during a migration to avoid initializing the TPM twice. Signed-off-by:
Ross Lagerwall <ross.lagerwall@citrix.com> Reviewed-by:
-
- Aug 26, 2022
-
-
Thomas Huth authored
It is currently not possible yet to use "memory-backend-memfd" on s390x with hugepages enabled. This problem is caused by qemu_maxrampagesize() not taking memory-backend-memfd objects into account yet, so the code in s390_memory_init() fails to enable the huge page support there via s390_set_max_pagesize(). Fix it by generalizing the code, so that it looks at qemu_ram_pagesize(memdev->mr.ram_block) instead of re-trying to get the information from the filesystem. Suggested-by:
Claudio Imbrenda <imbrenda@linux.ibm.com> Signed-off-by:
-
- Aug 25, 2022
-
-
Bin Meng authored
These headers and macros do not exist on Windows. Exclude them. Signed-off-by:
Bin Meng <bin.meng@windriver.com> Reviewed-by:
-
- Aug 18, 2022
-
-
Priyankar Jain authored
The purpose of dbus_get_proxies to construct the proxies corresponding to the IDs registered to dbus-vmstate. Currenty, this function returns an error in case there is any failure while instantiating proxy for "all" the names on dbus. Ideally this function should error out only if it is not able to find and validate the proxies registered to the backend otherwise any offending process(for eg: the process purposefully may not export its Id property on the dbus) may connect to the dbus and can lead to migration failures. This commit ensures that dbus_get_proxies returns an error if it is not able to find and validate the proxies of interest(the IDs registered during the dbus-vmstate instantiation). Signed-off-by:
Priyankar Jain <priyankar.jain@nutanix.com> Reviewed-by:
-
- Jun 16, 2022
-
-
Zhenwei Pi authored
There are two parts in this patch: 1, support akcipher service by cryptodev-builtin driver 2, virtio-crypto driver supports akcipher service In principle, we should separate this into two patches, to avoid compiling error, merge them into one. Then virtio-crypto gets request from guest side, and forwards the request to builtin driver to handle it. Test with a guest linux: 1, The self-test framework of crypto layer works fine in guest kernel 2, Test with Linux guest(with asym support), the following script test(note that pkey_XXX is supported only in a newer version of keyutils): - both public key & private key - create/close session - encrypt/decrypt/sign/verify basic driver operation - also test with kernel crypto layer(pkey add/query) All the cases work fine. Run script in guest: rm -rf *.der *.pem *.pfx modprobe pkcs8_key_parser # if CONFIG_PKCS8_PRIVATE_KEY_PARSER=m rm -rf /tmp/data dd if=/dev/random of=/tmp/data count=1 bs=20 openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -subj "/C=CN/ST=BJ/L=HD/O=qemu/OU=dev/CN=qemu/emailAddress=qemu@qemu.org" openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER -out key.der openssl x509 -in cert.pem -inform PEM -outform DER -out cert.der PRIV_KEY_ID=`cat key.der | keyctl padd asymmetric test_priv_key @s` echo "priv key id = "$PRIV_KEY_ID PUB_KEY_ID=`cat cert.der | keyctl padd asymmetric test_pub_key @s` echo "pub key id = "$PUB_KEY_ID keyctl pkey_query $PRIV_KEY_ID 0 keyctl pkey_query $PUB_KEY_ID 0 echo "Enc with priv key..." keyctl pkey_encrypt $PRIV_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.priv echo "Dec with pub key..." keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.priv enc=pkcs1 >/tmp/dec cmp /tmp/data /tmp/dec echo "Sign with priv key..." keyctl pkey_sign $PRIV_KEY_ID 0 /tmp/data enc=pkcs1 hash=sha1 > /tmp/sig echo "Verify with pub key..." keyctl pkey_verify $PRIV_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1 echo "Enc with pub key..." keyctl pkey_encrypt $PUB_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.pub echo "Dec with priv key..." keyctl pkey_decrypt $PRIV_KEY_ID 0 /tmp/enc.pub enc=pkcs1 >/tmp/dec cmp /tmp/data /tmp/dec echo "Verify with pub key..." keyctl pkey_verify $PUB_KEY_ID 0 /tmp/data /tmp/sig enc=pkcs1 hash=sha1 Reviewed-by:
Gonglei <arei.gonglei@huawei.com> Signed-off-by:
-
- May 23, 2022
-
-
Jaroslav Jindrak authored
Prior to the introduction of the prealloc-threads property, the amount of threads used to preallocate memory was derived from the value of smp-cpus passed to qemu, the amount of physical cpus of the host and a hardcoded maximum value. When the prealloc-threads property was introduced, it included a default of 1 in backends/hostmem.c and a default of smp-cpus using the sugar API for the property itself. The latter default is not used when the property is not specified on qemu's command line, so guests that were not adjusted for this change suddenly started to use the default of 1 thread to preallocate memory, which resulted in observable slowdowns in guest boots for guests with large memory (e.g. when using libvirt <8.2.0 or managing guests manually). This commit restores the original behavior for these cases while not impacting guests started with the prealloc-threads property in any way. Fixes: 220c1fd864e9d ("hostmem: introduce "prealloc-threads" property") Signed-off-by:Jaroslav Jindrak <dzejrou@gmail.com> Message-Id: <20220517123858.7933-1-dzejrou@gmail.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
- May 14, 2022
-
-
Paolo Bonzini authored
The ``opened=on`` option in the command line or QMP ``object-add`` either had no effect (if ``opened`` was the last option) or caused errors. The property is therefore useless and was deprecated in 6.0; make it read-only now. Signed-off-by:
-
- May 07, 2022
-
-
Paolo Bonzini authored
Reviewed-by:
-
- Apr 28, 2022
-
-
Paolo Bonzini authored
Reviewed-by:
-
- Apr 06, 2022
-
-
Marc-André Lureau authored
Signed-off-by:
-
Marc-André Lureau authored
Replace the global variables with inlined helper functions. getpagesize() is very likely annotated with a "const" function attribute (at least with glibc), and thus optimization should apply even better. This avoids the need for a constructor initialization too. Signed-off-by:
-
