RE: [Qemu-devel] [PATCH v2 1/8] monitor: Document argument type 'M'
-Original Message- From: qemu-devel-bounces+chris.krumme=windriver@nongnu.org [mailto:qemu-devel-bounces+chris.krumme=windriver@nongnu.o rg] On Behalf Of Markus Armbruster Sent: Wednesday, January 20, 2010 10:08 AM To: qemu-devel@nongnu.org Subject: [Qemu-devel] [PATCH v2 1/8] monitor: Document argument type 'M' Was forgotten in commit b6e098d7. Signed-off-by: Markus Armbruster arm...@redhat.com --- monitor.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/monitor.c b/monitor.c index b9166c3..775fe3f 100644 --- a/monitor.c +++ b/monitor.c @@ -68,6 +68,8 @@ * 's' string (accept optional quote) * 'i' 32 bit integer * 'l' target long (32 or 64 bit) + * 'M' just like 'l', except in user mode the value is + * multiplied by 2^20 (think Mebibyte) Hello Markus, Not sure of the best answer, but thought there should be some discussion. You mention Mebibyte, which according to the all knowing Wikipedia, is abbreviated Mi. I understand that if you will only support one, then maybe you don't need to differentiate from Megabyte, but then in a later patch you use m, u, and n for powers of 10. This causes your new double format to use powers of 2 above one and powers of 10 below. Maybe this is just one of those geek things, powers of 2 for integers, and powers of 10 for fractions. Good luck. Chris * '/' optional gdb-like print format (like /10x) * * '?' optional type (for all types, except '/') -- 1.6.6
RE: [Qemu-devel] Stop using which in ./configure
Hello Laurent, Good or bad type -P skips the aliases. Thanks Chris -Original Message- From: qemu-devel-bounces+chris.krumme=windriver@nongnu.org [mailto:qemu-devel-bounces+chris.krumme=windriver@nongnu.o rg] On Behalf Of Laurent Vivier Sent: Tuesday, January 19, 2010 4:36 AM To: l...@dooz.org Cc: qemu-devel@nongnu.org Subject: RE: [Qemu-devel] Stop using which in ./configure Hi Following the thread on the sdl-config patch, please find attached a patch to add a couple of portable shell functions which allow testing whehter a command/builtin is available and to find the full pathname of an executable in the PATH. This also replaces all uses of which in ./configure. (This should be applied on top of the sdl-config patch.) Thanks, Why don't you use type -P for path_of ? Regards, Laurent -- - laur...@vivier.eu - Tout ce qui est impossible reste à accomplirJules Verne Things are only impossible until they're not Jean-Luc Picard
RE: [Qemu-devel] Socket reconnection.
Hello Ian, Pasting chunks, then commenting: +static int qemu_chr_sched_reconnect(TCPCharDriver *s) +{ +struct reconnect_list *new = qemu_malloc(sizeof(*new)); +struct timeval tv; + +if(!new) +return 1; Qemu_malloc will never return 0, so sched function can return void. +while (this) { +if (this-when = now) { +if(qemu_chr_connect_socket(this-s)) { +if(prev) +prev-next = this-next; +else +rc_list = NULL; +qemu_chr_event(this-s-chr, CHR_EVENT_RECONNECTED); +free(this); + if(prev) + this = prev; + else + this = NULL; +} +else { +this-when += this-s-reconnect * 100; +} +} +prev = this; + if(this) +this = this-next; This is a mixture of tabs and spaces, for new code pick one. The if(prev) can just be this = prev; if prev is NULL you want NULL anyway. Thanks Chris -Original Message- From: Ian Molton [mailto:ian.mol...@collabora.co.uk] Sent: Wednesday, December 02, 2009 4:41 AM To: Anthony Liguori Cc: Krumme, Chris; qemu-devel@nongnu.org Subject: Re: [Qemu-devel] Socket reconnection. Anthony Liguori wrote: sleep() in qemu is very, very wrong. It will pause the guest's execution and all sorts of badness can ensue. Quite... The right thing to do is set a timer and not generate data while disconnected. New patch attached, now with less crack... I still am not confident this is really a great thing to do. What other option is there than to drop the ability to feed entropy to the guest when the hosts egd link drops? btw. Does anyone know how to get t-bird to inline patches? -Ian
RE: [Qemu-devel] Socket reconnection.
Hello Ian, Since you did not inline your source I will paste in a chunk: @@ -2030,10 +2036,18 @@ static void tcp_chr_read(void *opaque) if (s-listen_fd = 0) { qemu_set_fd_handler(s-listen_fd, tcp_chr_accept, NULL, chr); } -qemu_set_fd_handler(s-fd, NULL, NULL, NULL); +if (!s-reconnect) +qemu_set_fd_handler(s-fd, NULL, NULL, NULL); closesocket(s-fd); s-fd = -1; -qemu_chr_event(chr, CHR_EVENT_CLOSED); +if (!s-reconnect) { +qemu_chr_event(chr, CHR_EVENT_CLOSED); +} else { +do { +sleep(s-reconnect); +} while(!qemu_chr_connect_socket(s)); +qemu_chr_event(chr, CHR_EVENT_RECONNECTED); +} } else if (size 0) { if (s-do_telnetopt) tcp_chr_process_IAC_bytes(chr, s, buf, size); Should you be introducing a while sleep loop into Qemu here? I would think you should be returning 'no data', maybe after trying once. Hope this helps. Chris -Original Message- From: qemu-devel-bounces+chris.krumme=windriver@nongnu.org [mailto:qemu-devel-bounces+chris.krumme=windriver@nongnu.o rg] On Behalf Of Ian Molton Sent: Tuesday, December 01, 2009 5:54 AM To: Anthony Liguori Cc: qemu-devel@nongnu.org Subject: Re: [Qemu-devel] Socket reconnection. Anthony Liguori wrote: Ian Molton wrote: Hi folks, I need my source of data for virtio-rng to be reliable - IOW. if the server dies and comes back up, I want qemu to reconnect and suck down fresh entropy, rather than hand the rngd process on the guest. I'm using the chardev 'socket' type to make the connection to the host. Would a patch adding (optional) auto-reconnect (with a back-off delay) to the socket chardev be acceptable ? If not, I'll have to cook up a thread to handle EGD requests, but that seems perverse... Hrm, I'm not sure. What are the circumstances that this connection would die? What happens while the connection is dead? The most common would be the entropy gathering daemon being restarted, perhaps due to an upgrade. Its hardly a good idea to require all the guest VMs to reboot on this occuring. Next most common I guess would be the daemon crashing, but again, not something you'd want taking out your guest VMs... Whilst the connection is down, the guests will potentially starve of entropy - but that only means they'll block processes that try to use /dev/random if they run out altogether. Here are two patches that implement socket reconnection. This first cleans up the APIs needed a little and the second implements the guts. If these patches are acceptable, I will repost my 4-patch series which also includes the SIZE parameter patch and an updated virtio-rng patch that uses the reconnection infrastructure to enhance its reliability. -Ian
RE: [Qemu-devel] TBL register permissions for PPC
From: qemu-devel-bounces+chris.krumme=windriver@nongnu.org [mailto:qemu-devel-bounces+chris.krumme=windriver@nongnu.org] On Behalf Of Dima Ilyevsky Sent: Tuesday, December 01, 2009 12:33 PM To: qemu-devel@nongnu.org Subject: [Qemu-devel] TBL register permissions for PPC Hello All, I have a question about read permissions of TBL SPR for all ppc processors: I have discovered that my application, compiled by WindRiver diab compiler and running in vxworks OS on ppc405 architecture bumps into exception generated when trying to read TBL or TBU registers: Hello Dmitry, The code in question comes from hand coded area's so this is probably not a compiler issue, now maybe there is an issue with the BSP, but that is a different question. Does the 405 manual indicate readability of that register? Thanks Chris program Exception current instruction address: 0x0003eb28 Machine Status Register: 0x00088200 Condition Register: 0x4440 Registers . Disassembly 0x3eb08 4e800020blr 0x3eb0c 3860li r3,0x # -1 0x3eb10 4e800020blr 0x3eb14 38a0li r5,0x0 # 0 0x3eb18 7cbc43a6mtspr TBL,r5 0x3eb1c 7c7d43a6mtspr TBU,r3 0x3eb20 7c9c43a6mtspr TBL,r4 0x3eb24 4e800020blr *0x3eb28 7cbd42a6mfspr r5,TBU 0x3eb2c 7cdc42a6mfspr r6,TBL 0x3eb30 7cfd42a6 mfspr r7,TBU 0x3eb34 7c053800cmp crf0,0,r5,r7 0x3eb38 4082fff0 bc 0x4,2, 0x3eb28 # vxTimeBaseGet 0x3eb3c 90a3stw r5,0(r3) 0x3eb40 90c4stw r6,0(r4) 0x3eb44 4e800020blr Traceback .. I looked into qemu mfspr instruction implementation and discovered that for some reason qemu had set NOACCESS permissions for reading this register upon CPU initialization: /* Generic PowerPC time base */ static void gen_tbl (CPUPPCState *env) { spr_register(env, SPR_VTBL, TBL, spr_read_tbl, SPR_NOACCESS, spr_read_tbl, SPR_NOACCESS, 0x); spr_register(env, SPR_TBL, TBL, SPR_NOACCESS, SPR_NOACCESS, SPR_NOACCESS, spr_write_tbl, 0x); spr_register(env, SPR_VTBU, TBU, spr_read_tbu, SPR_NOACCESS, spr_read_tbu, SPR_NOACCESS, 0x); spr_register(env, SPR_TBU, TBU, SPR_NOACCESS, SPR_NOACCESS, SPR_NOACCESS, spr_write_tbu, 0x); } Is this a right thing to do? it's certainly either qemu bug or diab bug (which i don't think is likely, cause this code has been running on the real hw without any issues) BR, Dmitry I. -- Jonathan Swift http://www.brainyquote.com/quotes/authors/j/jonathan_swift.html - May you live every day of your life.
RE: [Qemu-devel] [PATCH 2/4] Add access control support toqemu-bridge-helper
Hello Anthony, Cool patch series. -Original Message- From: qemu-devel-bounces+chris.krumme=windriver@nongnu.org [mailto:qemu-devel-bounces+chris.krumme=windriver@nongnu.o rg] On Behalf Of Anthony Liguori Sent: Tuesday, November 03, 2009 6:28 PM To: qemu-devel@nongnu.org Cc: Mark McLoughlin; Anthony Liguori; Arnd Bergmann; Dustin Kirkland; Michael Tsirkin; Juan Quintela Subject: [Qemu-devel] [PATCH 2/4] Add access control support toqemu-bridge-helper We go to great lengths to restrict ourselves to just cap_net_admin as an OS enforced security mechanism. However, we further restrict what we allow users to do to simply adding a tap device to a bridge interface by virtue of the fact that this is the only functionality we expose. This is not good enough though. An administrator is likely to want to restrict the bridges that an unprivileged user can access, in particular, to restrict an unprivileged user from putting a guest on what should be isolated networks. This patch implements a ACL mechanism that is enforced by qemu-bridge-helper. The ACLs are fairly simple whitelist/blacklist mechanisms with a wildcard of 'all'. An interesting feature of this ACL mechanism is that you can include external ACL files. The main reason to support this is so that you can set different file system permissions on those external ACL files. This allows an administrator to implement rather sophisicated ACL policies based on user/group policies via the file system. If we fail to include an acl file, we are silent about it making this mechanism work pretty seamlessly. As an example: /etc/qemu/bridge.conf root:qemu 0640 deny all allow br0 include /etc/qemu/alice.conf include /etc/qemu/bob.conf /etc/qemu/alice.conf root:alice 0640 allow br1 /etc/qemu/bob.conf root:bob 0640 allow br2 This ACL pattern allows any user in the qemu group to get a tap device connected to br0 (which is bridged to the physical network). Users in the alice group can additionally get a tap device connected to br1. This allows br1 to act as a private bridge for the alice group. Users in the bob group can additionally get a tap device connected to br2. This allows br2 to act as a private bridge for the bob group. Under no circumstance can the bob group get access to br1 or can the alice group get access to br2. Signed-off-by: Anthony Liguori aligu...@us.ibm.com --- configure|1 + qemu-bridge-helper.c | 138 ++ 2 files changed, 139 insertions(+), 0 deletions(-) diff --git a/configure b/configure index a341e77..7c98257 100755 --- a/configure +++ b/configure @@ -1864,6 +1864,7 @@ printf '%s' $0 $@ $config_host_mak echo $config_host_mak echo CONFIG_QEMU_SHAREDIR=\$prefix$datasuffix\ $config_host_mak +echo CONFIG_QEMU_CONFDIR=\/etc/qemu\ $config_host_mak case $cpu in i386|x86_64|alpha|cris|hppa|ia64|m68k|microblaze|mips|mips64|p pc|ppc64|s390|sparc|sparc64) diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c index f10d37c..0d059ed 100644 --- a/qemu-bridge-helper.c +++ b/qemu-bridge-helper.c @@ -33,6 +33,106 @@ #include net/tap-linux.h +#define MAX_ACLS (128) +#define DEFAULT_ACL_FILE CONFIG_QEMU_CONFDIR /bridge.conf + +enum { +ACL_ALLOW = 0, +ACL_ALLOW_ALL, +ACL_DENY, +ACL_DENY_ALL, +}; + +typedef struct ACLRule +{ +int type; +char iface[IFNAMSIZ]; +} ACLRule; + +static int parse_acl_file(const char *filename, ACLRule *acls, int *pacl_count) +{ +int acl_count = *pacl_count; +FILE *f; +char line[4096]; + +f = fopen(filename, r); +if (f == NULL) { +return -1; +} + +while (acl_count != MAX_ACLS + fgets(line, sizeof(line), f) != NULL) { +char *ptr = line; +char *cmd, *arg, *argend; + +while (isspace(*ptr)) { +ptr++; +} + +/* skip comments and empty lines */ +if (*ptr == '#' || *ptr == 0) { +continue; +} + +cmd = ptr; +arg = strchr(cmd, ' '); +if (arg == NULL) { +arg = strchr(cmd, '\t'); +} + +if (arg == NULL) { +fprintf(stderr, Invalid config line:\n %s\n, line); +fclose(f); +errno = EINVAL; +return -1; +} + +*arg = 0; No check is made for arg being in bounds. Thanks Chris +arg++; +while (isspace(*arg)) { +arg++; +} + +argend = arg + strlen(arg); +while (arg != argend isspace(*(argend - 1))) { +argend--; +} +*argend = 0; + +if (strcmp(cmd, deny) == 0) { +if (strcmp(arg, all) == 0) { +acls[acl_count].type = ACL_DENY_ALL; +} else { +
RE: [Qemu-devel] [PATCH 4/4] Add support for -net bridge
Hello Anthony, Now that I have read the whole series I say again great patch. -Original Message- From: qemu-devel-bounces+chris.krumme=windriver@nongnu.org [mailto:qemu-devel-bounces+chris.krumme=windriver@nongnu.o rg] On Behalf Of Anthony Liguori Sent: Tuesday, November 03, 2009 6:28 PM To: qemu-devel@nongnu.org Cc: Mark McLoughlin; Anthony Liguori; Arnd Bergmann; Dustin Kirkland; Michael Tsirkin; Juan Quintela Subject: [Qemu-devel] [PATCH 4/4] Add support for -net bridge The most common use of -net tap is to connect a tap device to a bridge. This requires the use of a script and running qemu as root in order to allocate a tap device to pass to the script. This model is great for portability and flexibility but it's incredibly difficult to eliminate the need to run qemu as root. The only really viable mechanism is to use tunctl to create a tap device, attach it to a bridge as root, and then hand that tap device to qemu. The problem with this mechanism is that it requires administrator intervention whenever a user wants to create a guest. By essentially writing a helper that implements the most common qemu-ifup script that can be safely given cap_net_admin, we can dramatically simplify things for non-privileged users. We still support -net tap as a mechanism for advanced users and backwards compatibility. Currently, this is very Linux centric but there's really no reason why it couldn't be extended for other Unixes. A typical invocation of -net bridge would be: qemu -net bridge -net nic,model=virtio The default bridge that we attach to is qemubr0. The thinking is that a distro could preconfigure such an interface to allow out-of-the-box bridged networking. Alternatively, if a user wants to use a different bridge, they can say: qemu -net bridge,br=br0 -net nic,model=virtio Signed-off-by: Anthony Liguori aligu...@us.ibm.com --- configure |1 + net.c | 20 +++- net/tap.c | 142 +++ net/tap.h |2 + qemu-options.hx |3 + 5 files changed, 167 insertions(+), 1 deletions(-) diff --git a/configure b/configure index 7c9d3a2..55a1a4f 100755 --- a/configure +++ b/configure @@ -1896,6 +1896,7 @@ echo $config_host_mak echo CONFIG_QEMU_SHAREDIR=\$prefix$datasuffix\ $config_host_mak echo CONFIG_QEMU_CONFDIR=\/etc/qemu\ $config_host_mak +echo CONFIG_QEMU_HELPERDIR=\$prefix/libexec\ $config_host_mak case $cpu in i386|x86_64|alpha|cris|hppa|ia64|m68k|microblaze|mips|mips64|p pc|ppc64|s390|sparc|sparc64) diff --git a/net.c b/net.c index 37662c6..54a7a5b 100644 --- a/net.c +++ b/net.c @@ -2541,6 +2541,22 @@ static struct { }, { /* end of list */ } }, +}, { +.type = bridge, +.init = net_init_bridge, +.desc = { +NET_COMMON_PARAMS_DESC, +{ +.name = br, +.type = QEMU_OPT_STRING, +.help = bridge name, +}, { +.name = helper, +.type = QEMU_OPT_STRING, +.help = command to execute to configure bridge, +}, +{ /* end of list */ } +}, }, { /* end of list */ } }; @@ -2565,7 +2581,8 @@ int net_client_init(Monitor *mon, QemuOpts *opts, int is_netdev) #ifdef CONFIG_VDE strcmp(type, vde) != 0 #endif -strcmp(type, socket) != 0) { +strcmp(type, socket) != 0 +strcmp(type, bridge) != 0) { qemu_error(The '%s' network backend type is not valid with -netdev\n, type); return -1; @@ -2641,6 +2658,7 @@ static int net_host_check_device(const char *device) #ifdef CONFIG_VDE ,vde #endif + , bridge }; for (i = 0; i sizeof(valid_param_list) / sizeof(char *); i++) { if (!strncmp(valid_param_list[i], device, diff --git a/net/tap.c b/net/tap.c index bdb4a15..f5abed6 100644 --- a/net/tap.c +++ b/net/tap.c @@ -436,3 +436,145 @@ int net_init_tap(QemuOpts *opts, Monitor *mon, const char *name, VLANState *vlan return 0; } + +#define DEFAULT_BRIDGE_INTERFACE qemubr0 +#define DEFAULT_BRIDGE_HELPER CONFIG_QEMU_HELPERDIR /qemu-bridge-helper + +static int recv_fd(int c) +{ +int fd; +uint8_t msgbuf[CMSG_SPACE(sizeof(fd))]; +struct msghdr msg = { +.msg_control = msgbuf, +.msg_controllen = sizeof(msgbuf), +}; +struct cmsghdr *cmsg; +struct iovec iov; +uint8_t req[1]; +ssize_t len; + +cmsg = CMSG_FIRSTHDR(msg); +cmsg-cmsg_level = SOL_SOCKET; +cmsg-cmsg_type = SCM_RIGHTS; +cmsg-cmsg_len = CMSG_LEN(sizeof(fd)); +msg.msg_controllen =
RE: [Qemu-devel] [PATCH 2/4] Add access control support toqemu-bridge-helper
Hello Anthony, -Original Message- From: Anthony Liguori [mailto:anth...@codemonkey.ws] Sent: Wednesday, November 04, 2009 8:23 AM To: Krumme, Chris Cc: qemu-devel@nongnu.org; Mark McLoughlin; Arnd Bergmann; Michael Tsirkin; Juan Quintela; Dustin Kirkland Subject: Re: [Qemu-devel] [PATCH 2/4] Add access control support toqemu-bridge-helper Krumme, Chris wrote: Hello Anthony, Cool patch series. Thanks. +cmd = ptr; +arg = strchr(cmd, ' '); +if (arg == NULL) { +arg = strchr(cmd, '\t'); +} + +if (arg == NULL) { +fprintf(stderr, Invalid config line:\n %s\n, line); +fclose(f); +errno = EINVAL; +return -1; +} + +*arg = 0; No check is made for arg being in bounds. I don't get it. arg is either going to be NULL (no ' ' or '\t' found in the string) or it will point to the first ' ' or '\t' in the string. It My concern is that the first space or tab may not be in the first sizeof(line) characters. Thanks Chris will always be in bound in this second case and the first case is handled by the if(). Regards, Anthony Liguori
RE: [Qemu-devel] net packet storms with multiple NICs
-Original Message- From: qemu-devel-bounces+chris.krumme=windriver@nongnu.org [mailto:qemu-devel-bounces+chris.krumme=windriver@nongnu.o rg] On Behalf Of Avi Kivity Sent: Sunday, October 25, 2009 9:23 AM To: Mark McLoughlin Cc: Michael Tokarev; qemu-devel@nongnu.org; KVM list Subject: Re: [Qemu-devel] net packet storms with multiple NICs On 10/23/2009 06:43 PM, Mark McLoughlin wrote: On Fri, 2009-10-23 at 20:25 +0400, Michael Tokarev wrote: I've two questions: o what's the intended usage of all-vlan-equal case, when kvm (or qemu) reflects packets from one interface to another? It's what bridge in linux is for, I think. I don't think it's necessarily an intended use-case for the vlan feature Well, it is. vlan=x really means the ethernet segment named x. If you connect all your guest nics to one vlan, you are connecting them all to one ethernet segment, so any packet transmitted on one will be reflected on others. Whether this is a useful feature is another matter, but the code is functioning as expected. Hello, We had one environment where the NIC understood by u-boot and the NIC understood by the kernel where different. We just attached both to the same VLAN. During u-boot one was used for downloading the kernel, then once the kernel booted the other was used. Not ideal, and maybe not important enough to keep the feature around, but it does get used now and again. Thanks Chris -- error compiling committee.c: too many arguments to function