RE: [Qemu-devel] [PATCH v2 1/8] monitor: Document argument type 'M'
-Original Message- From: qemu-devel-bounces+chris.krumme=windriver@nongnu.org [mailto:qemu-devel-bounces+chris.krumme=windriver@nongnu.o rg] On Behalf Of Markus Armbruster Sent: Wednesday, January 20, 2010 10:08 AM To: qemu-devel@nongnu.org Subject: [Qemu-devel] [PATCH v2 1/8] monitor: Document argument type 'M' Was forgotten in commit b6e098d7. Signed-off-by: Markus Armbruster arm...@redhat.com --- monitor.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/monitor.c b/monitor.c index b9166c3..775fe3f 100644 --- a/monitor.c +++ b/monitor.c @@ -68,6 +68,8 @@ * 's' string (accept optional quote) * 'i' 32 bit integer * 'l' target long (32 or 64 bit) + * 'M' just like 'l', except in user mode the value is + * multiplied by 2^20 (think Mebibyte) Hello Markus, Not sure of the best answer, but thought there should be some discussion. You mention Mebibyte, which according to the all knowing Wikipedia, is abbreviated Mi. I understand that if you will only support one, then maybe you don't need to differentiate from Megabyte, but then in a later patch you use m, u, and n for powers of 10. This causes your new double format to use powers of 2 above one and powers of 10 below. Maybe this is just one of those geek things, powers of 2 for integers, and powers of 10 for fractions. Good luck. Chris * '/' optional gdb-like print format (like /10x) * * '?' optional type (for all types, except '/') -- 1.6.6
RE: [Qemu-devel] Stop using which in ./configure
Hello Laurent, Good or bad type -P skips the aliases. Thanks Chris -Original Message- From: qemu-devel-bounces+chris.krumme=windriver@nongnu.org [mailto:qemu-devel-bounces+chris.krumme=windriver@nongnu.o rg] On Behalf Of Laurent Vivier Sent: Tuesday, January 19, 2010 4:36 AM To: l...@dooz.org Cc: qemu-devel@nongnu.org Subject: RE: [Qemu-devel] Stop using which in ./configure Hi Following the thread on the sdl-config patch, please find attached a patch to add a couple of portable shell functions which allow testing whehter a command/builtin is available and to find the full pathname of an executable in the PATH. This also replaces all uses of which in ./configure. (This should be applied on top of the sdl-config patch.) Thanks, Why don't you use type -P for path_of ? Regards, Laurent -- - laur...@vivier.eu - Tout ce qui est impossible reste à accomplirJules Verne Things are only impossible until they're not Jean-Luc Picard
RE: [Qemu-devel] Socket reconnection.
Hello Ian,
Pasting chunks, then commenting:
+static int qemu_chr_sched_reconnect(TCPCharDriver *s)
+{
+struct reconnect_list *new = qemu_malloc(sizeof(*new));
+struct timeval tv;
+
+if(!new)
+return 1;
Qemu_malloc will never return 0, so sched function can return void.
+while (this) {
+if (this-when = now) {
+if(qemu_chr_connect_socket(this-s)) {
+if(prev)
+prev-next = this-next;
+else
+rc_list = NULL;
+qemu_chr_event(this-s-chr, CHR_EVENT_RECONNECTED);
+free(this);
+ if(prev)
+ this = prev;
+ else
+ this = NULL;
+}
+else {
+this-when += this-s-reconnect * 100;
+}
+}
+prev = this;
+ if(this)
+this = this-next;
This is a mixture of tabs and spaces, for new code pick one.
The if(prev) can just be this = prev; if prev is NULL you want NULL
anyway.
Thanks
Chris
-Original Message-
From: Ian Molton [mailto:ian.mol...@collabora.co.uk]
Sent: Wednesday, December 02, 2009 4:41 AM
To: Anthony Liguori
Cc: Krumme, Chris; qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Socket reconnection.
Anthony Liguori wrote:
sleep() in qemu is very, very wrong. It will pause the guest's
execution and all sorts of badness can ensue.
Quite...
The right thing to do is set a timer and not generate data while
disconnected.
New patch attached, now with less crack...
I still am not confident this is really a great thing to do.
What other option is there than to drop the ability to feed entropy to
the guest when the hosts egd link drops?
btw. Does anyone know how to get t-bird to inline patches?
-Ian
RE: [Qemu-devel] Socket reconnection.
Hello Ian,
Since you did not inline your source I will paste in a chunk:
@@ -2030,10 +2036,18 @@ static void tcp_chr_read(void *opaque)
if (s-listen_fd = 0) {
qemu_set_fd_handler(s-listen_fd, tcp_chr_accept, NULL,
chr);
}
-qemu_set_fd_handler(s-fd, NULL, NULL, NULL);
+if (!s-reconnect)
+qemu_set_fd_handler(s-fd, NULL, NULL, NULL);
closesocket(s-fd);
s-fd = -1;
-qemu_chr_event(chr, CHR_EVENT_CLOSED);
+if (!s-reconnect) {
+qemu_chr_event(chr, CHR_EVENT_CLOSED);
+} else {
+do {
+sleep(s-reconnect);
+} while(!qemu_chr_connect_socket(s));
+qemu_chr_event(chr, CHR_EVENT_RECONNECTED);
+}
} else if (size 0) {
if (s-do_telnetopt)
tcp_chr_process_IAC_bytes(chr, s, buf, size);
Should you be introducing a while sleep loop into Qemu here?
I would think you should be returning 'no data', maybe after trying
once.
Hope this helps.
Chris
-Original Message-
From:
qemu-devel-bounces+chris.krumme=windriver@nongnu.org
[mailto:qemu-devel-bounces+chris.krumme=windriver@nongnu.o
rg] On Behalf Of Ian Molton
Sent: Tuesday, December 01, 2009 5:54 AM
To: Anthony Liguori
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Socket reconnection.
Anthony Liguori wrote:
Ian Molton wrote:
Hi folks,
I need my source of data for virtio-rng to be reliable -
IOW. if the
server dies and comes back up, I want qemu to reconnect
and suck down
fresh entropy, rather than hand the rngd process on the guest.
I'm using the chardev 'socket' type to make the connection
to the host.
Would a patch adding (optional) auto-reconnect (with a
back-off delay)
to the socket chardev be acceptable ?
If not, I'll have to cook up a thread to handle EGD
requests, but that
seems perverse...
Hrm, I'm not sure. What are the circumstances that this connection
would die? What happens while the connection is dead?
The most common would be the entropy gathering daemon being restarted,
perhaps due to an upgrade. Its hardly a good idea to require all the
guest VMs to reboot on this occuring. Next most common I
guess would be
the daemon crashing, but again, not something you'd want
taking out your
guest VMs...
Whilst the connection is down, the guests will potentially starve of
entropy - but that only means they'll block processes that try to use
/dev/random if they run out altogether.
Here are two patches that implement socket reconnection. This first
cleans up the APIs needed a little and the second implements
the guts.
If these patches are acceptable, I will repost my 4-patch series which
also includes the SIZE parameter patch and an updated virtio-rng patch
that uses the reconnection infrastructure to enhance its reliability.
-Ian
RE: [Qemu-devel] TBL register permissions for PPC
From: qemu-devel-bounces+chris.krumme=windriver@nongnu.org
[mailto:qemu-devel-bounces+chris.krumme=windriver@nongnu.org] On
Behalf Of Dima Ilyevsky
Sent: Tuesday, December 01, 2009 12:33 PM
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] TBL register permissions for PPC
Hello All,
I have a question about read permissions of TBL SPR for all ppc
processors:
I have discovered that my application, compiled by WindRiver
diab compiler and running in vxworks OS on ppc405 architecture bumps
into exception generated when trying to read TBL or TBU registers:
Hello Dmitry,
The code in question comes from hand coded area's so this is probably
not a compiler issue, now maybe there is an issue with the BSP, but that
is a different question.
Does the 405 manual indicate readability of that register?
Thanks
Chris
program
Exception current instruction address: 0x0003eb28
Machine Status Register: 0x00088200
Condition Register: 0x4440
Registers
.
Disassembly
0x3eb08 4e800020blr
0x3eb0c 3860li r3,0x # -1
0x3eb10 4e800020blr
0x3eb14 38a0li r5,0x0 # 0
0x3eb18 7cbc43a6mtspr TBL,r5
0x3eb1c 7c7d43a6mtspr TBU,r3
0x3eb20 7c9c43a6mtspr TBL,r4
0x3eb24 4e800020blr
*0x3eb28 7cbd42a6mfspr r5,TBU
0x3eb2c 7cdc42a6mfspr r6,TBL
0x3eb30 7cfd42a6 mfspr r7,TBU
0x3eb34 7c053800cmp crf0,0,r5,r7
0x3eb38 4082fff0 bc 0x4,2, 0x3eb28 #
vxTimeBaseGet
0x3eb3c 90a3stw r5,0(r3)
0x3eb40 90c4stw r6,0(r4)
0x3eb44 4e800020blr
Traceback
..
I looked into qemu mfspr instruction implementation and
discovered that for some reason qemu had set NOACCESS permissions for
reading this register upon CPU initialization:
/* Generic PowerPC time base */
static void gen_tbl (CPUPPCState *env)
{
spr_register(env, SPR_VTBL, TBL,
spr_read_tbl, SPR_NOACCESS,
spr_read_tbl, SPR_NOACCESS,
0x);
spr_register(env, SPR_TBL, TBL,
SPR_NOACCESS, SPR_NOACCESS,
SPR_NOACCESS, spr_write_tbl,
0x);
spr_register(env, SPR_VTBU, TBU,
spr_read_tbu, SPR_NOACCESS,
spr_read_tbu, SPR_NOACCESS,
0x);
spr_register(env, SPR_TBU, TBU,
SPR_NOACCESS, SPR_NOACCESS,
SPR_NOACCESS, spr_write_tbu,
0x);
}
Is this a right thing to do? it's certainly either qemu bug or
diab bug (which i don't think is likely, cause this code has been
running on the real hw without any issues)
BR,
Dmitry I.
--
Jonathan Swift
http://www.brainyquote.com/quotes/authors/j/jonathan_swift.html -
May you live every day of your life.
RE: [Qemu-devel] [PATCH 2/4] Add access control support toqemu-bridge-helper
Hello Anthony,
Cool patch series.
-Original Message-
From:
qemu-devel-bounces+chris.krumme=windriver@nongnu.org
[mailto:qemu-devel-bounces+chris.krumme=windriver@nongnu.o
rg] On Behalf Of Anthony Liguori
Sent: Tuesday, November 03, 2009 6:28 PM
To: qemu-devel@nongnu.org
Cc: Mark McLoughlin; Anthony Liguori; Arnd Bergmann; Dustin
Kirkland; Michael Tsirkin; Juan Quintela
Subject: [Qemu-devel] [PATCH 2/4] Add access control support
toqemu-bridge-helper
We go to great lengths to restrict ourselves to just
cap_net_admin as an OS
enforced security mechanism. However, we further restrict
what we allow users
to do to simply adding a tap device to a bridge interface by
virtue of the fact
that this is the only functionality we expose.
This is not good enough though. An administrator is likely
to want to restrict
the bridges that an unprivileged user can access, in
particular, to restrict
an unprivileged user from putting a guest on what should be
isolated networks.
This patch implements a ACL mechanism that is enforced by
qemu-bridge-helper.
The ACLs are fairly simple whitelist/blacklist mechanisms
with a wildcard of
'all'.
An interesting feature of this ACL mechanism is that you can
include external
ACL files. The main reason to support this is so that you
can set different
file system permissions on those external ACL files. This allows an
administrator to implement rather sophisicated ACL policies
based on user/group
policies via the file system.
If we fail to include an acl file, we are silent about it
making this mechanism
work pretty seamlessly. As an example:
/etc/qemu/bridge.conf root:qemu 0640
deny all
allow br0
include /etc/qemu/alice.conf
include /etc/qemu/bob.conf
/etc/qemu/alice.conf root:alice 0640
allow br1
/etc/qemu/bob.conf root:bob 0640
allow br2
This ACL pattern allows any user in the qemu group to get a tap device
connected to br0 (which is bridged to the physical network).
Users in the alice group can additionally get a tap device
connected to br1.
This allows br1 to act as a private bridge for the alice group.
Users in the bob group can additionally get a tap device
connected to br2.
This allows br2 to act as a private bridge for the bob group.
Under no circumstance can the bob group get access to br1 or
can the alice
group get access to br2.
Signed-off-by: Anthony Liguori aligu...@us.ibm.com
---
configure|1 +
qemu-bridge-helper.c | 138
++
2 files changed, 139 insertions(+), 0 deletions(-)
diff --git a/configure b/configure
index a341e77..7c98257 100755
--- a/configure
+++ b/configure
@@ -1864,6 +1864,7 @@ printf '%s' $0 $@ $config_host_mak
echo $config_host_mak
echo CONFIG_QEMU_SHAREDIR=\$prefix$datasuffix\
$config_host_mak
+echo CONFIG_QEMU_CONFDIR=\/etc/qemu\ $config_host_mak
case $cpu in
i386|x86_64|alpha|cris|hppa|ia64|m68k|microblaze|mips|mips64|p
pc|ppc64|s390|sparc|sparc64)
diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c
index f10d37c..0d059ed 100644
--- a/qemu-bridge-helper.c
+++ b/qemu-bridge-helper.c
@@ -33,6 +33,106 @@
#include net/tap-linux.h
+#define MAX_ACLS (128)
+#define DEFAULT_ACL_FILE CONFIG_QEMU_CONFDIR /bridge.conf
+
+enum {
+ACL_ALLOW = 0,
+ACL_ALLOW_ALL,
+ACL_DENY,
+ACL_DENY_ALL,
+};
+
+typedef struct ACLRule
+{
+int type;
+char iface[IFNAMSIZ];
+} ACLRule;
+
+static int parse_acl_file(const char *filename, ACLRule
*acls, int *pacl_count)
+{
+int acl_count = *pacl_count;
+FILE *f;
+char line[4096];
+
+f = fopen(filename, r);
+if (f == NULL) {
+return -1;
+}
+
+while (acl_count != MAX_ACLS
+ fgets(line, sizeof(line), f) != NULL) {
+char *ptr = line;
+char *cmd, *arg, *argend;
+
+while (isspace(*ptr)) {
+ptr++;
+}
+
+/* skip comments and empty lines */
+if (*ptr == '#' || *ptr == 0) {
+continue;
+}
+
+cmd = ptr;
+arg = strchr(cmd, ' ');
+if (arg == NULL) {
+arg = strchr(cmd, '\t');
+}
+
+if (arg == NULL) {
+fprintf(stderr, Invalid config line:\n %s\n, line);
+fclose(f);
+errno = EINVAL;
+return -1;
+}
+
+*arg = 0;
No check is made for arg being in bounds.
Thanks
Chris
+arg++;
+while (isspace(*arg)) {
+arg++;
+}
+
+argend = arg + strlen(arg);
+while (arg != argend isspace(*(argend - 1))) {
+argend--;
+}
+*argend = 0;
+
+if (strcmp(cmd, deny) == 0) {
+if (strcmp(arg, all) == 0) {
+acls[acl_count].type = ACL_DENY_ALL;
+} else {
+
RE: [Qemu-devel] [PATCH 4/4] Add support for -net bridge
Hello Anthony,
Now that I have read the whole series I say again great patch.
-Original Message-
From:
qemu-devel-bounces+chris.krumme=windriver@nongnu.org
[mailto:qemu-devel-bounces+chris.krumme=windriver@nongnu.o
rg] On Behalf Of Anthony Liguori
Sent: Tuesday, November 03, 2009 6:28 PM
To: qemu-devel@nongnu.org
Cc: Mark McLoughlin; Anthony Liguori; Arnd Bergmann; Dustin
Kirkland; Michael Tsirkin; Juan Quintela
Subject: [Qemu-devel] [PATCH 4/4] Add support for -net bridge
The most common use of -net tap is to connect a tap device to
a bridge. This
requires the use of a script and running qemu as root in
order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's
incredibly
difficult to eliminate the need to run qemu as root. The
only really viable
mechanism is to use tunctl to create a tap device, attach it
to a bridge as
root, and then hand that tap device to qemu. The problem
with this mechanism
is that it requires administrator intervention whenever a
user wants to create
a guest.
By essentially writing a helper that implements the most
common qemu-ifup
script that can be safely given cap_net_admin, we can
dramatically simplify
things for non-privileged users. We still support -net tap
as a mechanism
for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no
reason why it
couldn't be extended for other Unixes.
A typical invocation of -net bridge would be:
qemu -net bridge -net nic,model=virtio
The default bridge that we attach to is qemubr0. The
thinking is that a distro
could preconfigure such an interface to allow out-of-the-box
bridged networking.
Alternatively, if a user wants to use a different bridge,
they can say:
qemu -net bridge,br=br0 -net nic,model=virtio
Signed-off-by: Anthony Liguori aligu...@us.ibm.com
---
configure |1 +
net.c | 20 +++-
net/tap.c | 142
+++
net/tap.h |2 +
qemu-options.hx |3 +
5 files changed, 167 insertions(+), 1 deletions(-)
diff --git a/configure b/configure
index 7c9d3a2..55a1a4f 100755
--- a/configure
+++ b/configure
@@ -1896,6 +1896,7 @@ echo $config_host_mak
echo CONFIG_QEMU_SHAREDIR=\$prefix$datasuffix\
$config_host_mak
echo CONFIG_QEMU_CONFDIR=\/etc/qemu\ $config_host_mak
+echo CONFIG_QEMU_HELPERDIR=\$prefix/libexec\ $config_host_mak
case $cpu in
i386|x86_64|alpha|cris|hppa|ia64|m68k|microblaze|mips|mips64|p
pc|ppc64|s390|sparc|sparc64)
diff --git a/net.c b/net.c
index 37662c6..54a7a5b 100644
--- a/net.c
+++ b/net.c
@@ -2541,6 +2541,22 @@ static struct {
},
{ /* end of list */ }
},
+}, {
+.type = bridge,
+.init = net_init_bridge,
+.desc = {
+NET_COMMON_PARAMS_DESC,
+{
+.name = br,
+.type = QEMU_OPT_STRING,
+.help = bridge name,
+}, {
+.name = helper,
+.type = QEMU_OPT_STRING,
+.help = command to execute to configure bridge,
+},
+{ /* end of list */ }
+},
},
{ /* end of list */ }
};
@@ -2565,7 +2581,8 @@ int net_client_init(Monitor *mon,
QemuOpts *opts, int is_netdev)
#ifdef CONFIG_VDE
strcmp(type, vde) != 0
#endif
-strcmp(type, socket) != 0) {
+strcmp(type, socket) != 0
+strcmp(type, bridge) != 0) {
qemu_error(The '%s' network backend type is not
valid with -netdev\n,
type);
return -1;
@@ -2641,6 +2658,7 @@ static int net_host_check_device(const
char *device)
#ifdef CONFIG_VDE
,vde
#endif
+ , bridge
};
for (i = 0; i sizeof(valid_param_list) / sizeof(char *); i++) {
if (!strncmp(valid_param_list[i], device,
diff --git a/net/tap.c b/net/tap.c
index bdb4a15..f5abed6 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -436,3 +436,145 @@ int net_init_tap(QemuOpts *opts,
Monitor *mon, const char *name, VLANState *vlan
return 0;
}
+
+#define DEFAULT_BRIDGE_INTERFACE qemubr0
+#define DEFAULT_BRIDGE_HELPER CONFIG_QEMU_HELPERDIR
/qemu-bridge-helper
+
+static int recv_fd(int c)
+{
+int fd;
+uint8_t msgbuf[CMSG_SPACE(sizeof(fd))];
+struct msghdr msg = {
+.msg_control = msgbuf,
+.msg_controllen = sizeof(msgbuf),
+};
+struct cmsghdr *cmsg;
+struct iovec iov;
+uint8_t req[1];
+ssize_t len;
+
+cmsg = CMSG_FIRSTHDR(msg);
+cmsg-cmsg_level = SOL_SOCKET;
+cmsg-cmsg_type = SCM_RIGHTS;
+cmsg-cmsg_len = CMSG_LEN(sizeof(fd));
+msg.msg_controllen =
RE: [Qemu-devel] [PATCH 2/4] Add access control support toqemu-bridge-helper
Hello Anthony,
-Original Message-
From: Anthony Liguori [mailto:anth...@codemonkey.ws]
Sent: Wednesday, November 04, 2009 8:23 AM
To: Krumme, Chris
Cc: qemu-devel@nongnu.org; Mark McLoughlin; Arnd Bergmann;
Michael Tsirkin; Juan Quintela; Dustin Kirkland
Subject: Re: [Qemu-devel] [PATCH 2/4] Add access control
support toqemu-bridge-helper
Krumme, Chris wrote:
Hello Anthony,
Cool patch series.
Thanks.
+cmd = ptr;
+arg = strchr(cmd, ' ');
+if (arg == NULL) {
+arg = strchr(cmd, '\t');
+}
+
+if (arg == NULL) {
+fprintf(stderr, Invalid config line:\n %s\n, line);
+fclose(f);
+errno = EINVAL;
+return -1;
+}
+
+*arg = 0;
No check is made for arg being in bounds.
I don't get it. arg is either going to be NULL (no ' ' or
'\t' found in
the string) or it will point to the first ' ' or '\t' in the
string. It
My concern is that the first space or tab may not be in the first
sizeof(line) characters.
Thanks
Chris
will always be in bound in this second case and the first case is
handled by the if().
Regards,
Anthony Liguori
RE: [Qemu-devel] net packet storms with multiple NICs
-Original Message- From: qemu-devel-bounces+chris.krumme=windriver@nongnu.org [mailto:qemu-devel-bounces+chris.krumme=windriver@nongnu.o rg] On Behalf Of Avi Kivity Sent: Sunday, October 25, 2009 9:23 AM To: Mark McLoughlin Cc: Michael Tokarev; qemu-devel@nongnu.org; KVM list Subject: Re: [Qemu-devel] net packet storms with multiple NICs On 10/23/2009 06:43 PM, Mark McLoughlin wrote: On Fri, 2009-10-23 at 20:25 +0400, Michael Tokarev wrote: I've two questions: o what's the intended usage of all-vlan-equal case, when kvm (or qemu) reflects packets from one interface to another? It's what bridge in linux is for, I think. I don't think it's necessarily an intended use-case for the vlan feature Well, it is. vlan=x really means the ethernet segment named x. If you connect all your guest nics to one vlan, you are connecting them all to one ethernet segment, so any packet transmitted on one will be reflected on others. Whether this is a useful feature is another matter, but the code is functioning as expected. Hello, We had one environment where the NIC understood by u-boot and the NIC understood by the kernel where different. We just attached both to the same VLAN. During u-boot one was used for downloading the kernel, then once the kernel booted the other was used. Not ideal, and maybe not important enough to keep the feature around, but it does get used now and again. Thanks Chris -- error compiling committee.c: too many arguments to function
