1. 04 Nov, 2014 1 commit
  2. 22 Sep, 2014 1 commit
    • Stefan Hajnoczi's avatar
      block: delete cow block driver · 550830f9
      Stefan Hajnoczi authored
      This patch removes support for the cow file format.
      
      Normally we do not break backwards compatibility but in this case there
      is no impact and it is the most logical option.  Extraordinary claims
      require extraordinary evidence so I will show why removing the cow block
      driver is the right thing to do.
      
      The cow file format is the disk image format for Usermode Linux, a way
      of running a Linux system in userspace.  The performance of UML was
      never great and it was hacky, but it enjoyed some popularity before
      hardware virtualization support became mainstream.
      
      QEMU's block/cow.c is supposed to read this image file format.
      Unfortunately the file format was underspecified:
      
      1. Earlier Linux versions used the MAXPATHLEN constant for the backing
         filename field.  The value of MAXPATHLEN can change, so Linux
         switched to a 4096 literal but QEMU has a 1024 literal.
      
      2. Padding was not used on the header struct (both in the Linux kernel
         and in QEMU) so the struct layout varied across architectures.  In
         particular, i386 and x86_64 were different due to int64_t alignment
         differences.  Linux now uses __attribute__((packed)), QEMU does not.
      
      Therefore:
      
      1. QEMU cow images do not conform to the Linux cow image file format.
      
      2. cow images cannot be shared between different host architectures.
      
      This means QEMU cow images are useless and QEMU has not had bug reports
      from users actually hitting these issues.
      
      Let's get rid of this thing, it serves no purpose and no one will be
      affected.
      Signed-off-by: default avatarStefan Hajnoczi <stefanha@redhat.com>
      Reviewed-by: default avatarMarkus Armbruster <armbru@redhat.com>
      Message-id: 1410877464-20481-1-git-send-email-stefanha@redhat.com
      Signed-off-by: default avatarStefan Hajnoczi <stefanha@redhat.com>
      550830f9
  3. 12 Sep, 2014 2 commits
  4. 18 Jul, 2014 1 commit
  5. 07 Jul, 2014 1 commit
  6. 01 Jul, 2014 1 commit
    • Chunyan Liu's avatar
      qemu-img create: add 'nocow' option · 4ab15590
      Chunyan Liu authored
      Add 'nocow' option so that users could have a chance to set NOCOW flag to
      newly created files. It's useful on btrfs file system to enhance performance.
      
      Btrfs has low performance when hosting VM images, even more when the guest
      in those VM are also using btrfs as file system. One way to mitigate this bad
      performance is to turn off COW attributes on VM files. Generally, there are
      two ways to turn off NOCOW on btrfs: a) by mounting fs with nodatacow, then
      all newly created files will be NOCOW. b) per file. Add the NOCOW file
      attribute. It could only be done to empty or new files.
      
      This patch tries the second way, according to the option, it could add NOCOW
      per file.
      
      For most block drivers, since the create file step is in raw-posix.c, so we
      can do setting NOCOW flag ioctl in raw-posix.c only.
      
      But there are some exceptions, like block/vpc.c and block/vdi.c, they are
      creating file by calling qemu_open directly. For them, do the same setting
      NOCOW flag ioctl work in them separately.
      
      [Fixed up 082.out due to the new 'nocow' creation option
      --Stefan]
      Signed-off-by: default avatarChunyan Liu <cyliu@suse.com>
      Signed-off-by: default avatarStefan Hajnoczi <stefanha@redhat.com>
      4ab15590
  7. 18 Apr, 2014 1 commit
    • Michael Tokarev's avatar
      doc: grammify "allows to" · 9d85d557
      Michael Tokarev authored
      English language grammar does not allow usage
      of the word "allows" directly followed by an
      infinitive, declaring constructs like "something
      allows to do somestuff" un-grammatical.  Often
      it is possible to just insert "one" between "allows"
      and "to" to make the construct grammatical, but
      usually it is better to re-phrase the statement.
      
      This patch tries to fix 4 examples of "allows to"
      usage in qemu doc, but does not address comments
      in the code with similar constructs.  It also adds
      missing "the" in the same line.
      Signed-off-by: default avatarMichael Tokarev <mjt@tls.msk.ru>
      9d85d557
  8. 27 Mar, 2014 2 commits
  9. 31 Jan, 2014 1 commit
    • Daniel P. Berrange's avatar
      Describe flaws in qcow/qcow2 encryption in the docs · 136cd19d
      Daniel P. Berrange authored
      The qemu-img.texi / qemu-doc.texi files currently describe the
      qcow2/qcow2 encryption thus
      
        "Encryption uses the AES format which is very secure (128 bit
         keys). Use a long password (16 characters) to get maximum
         protection."
      
      While AES is indeed a strong encryption system, the way that
      QCow/QCow2 use it results in a poor/weak encryption system.
      Due to the use of predictable IVs, based on the sector number
      extended to 128 bits, it is vulnerable to chosen plaintext
      attacks which can reveal the existence of encrypted data.
      
      The direct use of the user passphrase as the encryption key
      also leads to an inability to change the passphrase of an
      image. If passphrase is ever compromised the image data will
      all be vulnerable, since it cannot be re-encrypted. The admin
      has to clone the image files with a new passphrase and then
      use a program like shred to secure erase all the old files.
      
      Recommend against any use of QCow/QCow2 encryption, directing
      users to dm-crypt / LUKS which can meet modern cryptography
      best practices.
      
      [Changed "Qcow" to "qcow" for consistency.
      --Stefan]
      Signed-off-by: default avatarDaniel P. Berrange <berrange@redhat.com>
      Reviewed-by: default avatarMarkus Armbruster <armbru@redhat.com>
      Reviewed-by: default avatarEric Blake <eblake@redhat.com>
      Signed-off-by: default avatarStefan Hajnoczi <stefanha@redhat.com>
      136cd19d
  10. 22 Jan, 2014 1 commit
  11. 20 Dec, 2013 1 commit
  12. 28 Jun, 2013 1 commit
  13. 26 May, 2013 1 commit
    • Blue Swirl's avatar
      Remove Sun4c, Sun4d and a few CPUs · 6a4e1771
      Blue Swirl authored
      Sun4c and Sun4d architectures and related CPUs are not fully implemented
      (especially Sun4c MMU) and there has been no interest for them.
      
      Likewise, a few CPUs (Cypress, Ross etc) are only half implemented.
      
      Remove the machines and CPUs, they can be re-added if needed later.
      Signed-off-by: default avatarBlue Swirl <blauwirbel@gmail.com>
      6a4e1771
  14. 12 May, 2013 1 commit
  15. 26 Apr, 2013 1 commit
  16. 15 Apr, 2013 2 commits
  17. 04 Mar, 2013 2 commits
  18. 26 Feb, 2013 1 commit
    • Peter Maydell's avatar
      qemu-log: default to stderr for logging output · 989b697d
      Peter Maydell authored
      Switch the default for qemu_log logging output from "/tmp/qemu.log"
      to stderr. This is an incompatible change in some sense, but logging
      is mostly used for debugging purposes so it shouldn't affect production
      use. The previous behaviour can be obtained by adding "-D /tmp/qemu.log"
      to the command line.
      
      This change requires us to:
       * update all the documentation/help text (we take the opportunity
         to smooth out minor inconsistencies between the phrasing in
         linux-user/bsd-user/system help messages)
       * make linux-user and bsd-user defer to qemu-log for the default
         logging destination rather than overriding it themselves
       * ensure that all logfile closing is done via qemu_log_close()
         and that that function doesn't close stderr
      as well as the obvious change to the behaviour of do_qemu_set_log()
      when no logfile name has been specified.
      Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      Reviewed-by: default avatarStefan Hajnoczi <stefanha@redhat.com>
      Reviewed-by: default avatarMarkus Armbruster <armbru@redhat.com>
      Message-id: 1361901160-28729-1-git-send-email-peter.maydell@linaro.org
      Signed-off-by: default avatarAnthony Liguori <aliguori@us.ibm.com>
      989b697d
  19. 30 Nov, 2012 1 commit
  20. 14 Nov, 2012 1 commit
  21. 12 Nov, 2012 1 commit
  22. 09 Aug, 2012 1 commit
    • Ronnie Sahlberg's avatar
      iscsi: Pick default initiator-name based on the name of the VM · 31459f46
      Ronnie Sahlberg authored
      This patch updates the iscsi layer to automatically pick a 'unique'
      initiator-name based on the name of the vm in case the user has not set
      an explicit iqn-name to use.
      
      Create a new function qemu_get_vm_name() that returns the name of the VM,
      if specified.
      
      This way we can thus create default names to use as the initiator name
      based on the guest session.
      
      If the VM is not named via the '-name' command line argument, the iscsi
      initiator-name used wiull simply be
      
          iqn.2008-11.org.linux-kvm
      
      If a name for the VM was specified with the '-name' option, iscsi will
      use a default initiatorname of
      
          iqn.2008-11.org.linux-kvm:<name>
      
      These names are just the default iscsi initiator name that qemu will
      generate/use only when the user has not set an explicit initiator name
      via the commandlines or config files.
      Signed-off-by: default avatarRonnie Sahlberg <ronniesahlberg@gmail.com>
      31459f46
  23. 03 Aug, 2012 1 commit
    • Paul Moore's avatar
      vnc: disable VNC password authentication (security type 2) when in FIPS mode · 0f66998f
      Paul Moore authored
      FIPS 140-2 requires disabling certain ciphers, including DES, which is used
      by VNC to obscure passwords when they are sent over the network.  The
      solution for FIPS users is to disable the use of VNC password auth when the
      host system is operating in FIPS compliance mode and the user has specified
      '-enable-fips' on the QEMU command line.
      
      This patch causes QEMU to emit a message to stderr when the host system is
      running in FIPS mode and a VNC password was specified on the commend line.
      If the system is not running in FIPS mode, or is running in FIPS mode but
      VNC password authentication was not requested, QEMU operates normally.
      Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
      Signed-off-by: default avatarAnthony Liguori <aliguori@us.ibm.com>
      0f66998f
  24. 02 Aug, 2012 1 commit
    • Peter Maydell's avatar
      Support 'help' as a synonym for '?' in command line options · c8057f95
      Peter Maydell authored
      For command line options which permit '?' meaning 'please list the
      permitted values', add support for 'help' as a synonym, by abstracting
      the check out into a helper function.
      
      This change means that in some cases where we were being lazy in
      our string parsing, "?junk" will now be rejected as an invalid option
      rather than being (undocumentedly) treated the same way as "?".
      
      Update the documentation to use 'help' rather than '?', since '?'
      is a shell metacharacter and thus prone to fail confusingly if there
      is a single character filename in the current working directory and
      the '?' has not been escaped. It's therefore better to steer users
      towards 'help', though '?' is retained for backwards compatibility.
      
      We do not, however, update the output of the system emulator's -help
      (or any documentation autogenerated from the qemu-options.hx which
      is the source of the -help text) because libvirt parses our -help
      output and will break. At a later date when QEMU provides a better
      interface so libvirt can avoid having to do this, we can update the
      -help text too.
      Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      Signed-off-by: default avatarAnthony Liguori <aliguori@us.ibm.com>
      c8057f95
  25. 17 Jul, 2012 1 commit
  26. 13 May, 2012 2 commits
  27. 30 Apr, 2012 1 commit
  28. 07 Apr, 2012 2 commits
  29. 09 Feb, 2012 1 commit
    • Ronnie Sahlberg's avatar
      iSCSI: add configuration variables for iSCSI · f9dadc98
      Ronnie Sahlberg authored
      This patch adds configuration variables for iSCSI to set
      initiator-name to use when logging in to the target,
      which type of header-digest to negotiate with the target
      and username and password for CHAP authentication.
      
      This allows specifying a initiator-name either from the command line
      -iscsi initiator-name=iqn.2004-01.com.example:test
      or from a configuration file included with -readconfig
          [iscsi]
            initiator-name = iqn.2004-01.com.example:test
            header-digest = CRC32C|CRC32C-NONE|NONE-CRC32C|NONE
            user = CHAP username
            password = CHAP password
      
      If you use several different targets, you can also configure this on a per
      target basis by using a group name:
          [iscsi "iqn.target.name"]
          ...
      
      The configuration file can be read using -readconfig.
      Example :
      qemu-system-i386 -drive file=iscsi://127.0.0.1/iqn.ronnie.test/1
       -readconfig iscsi.conf
      Signed-off-by: default avatarRonnie Sahlberg <ronniesahlberg@gmail.com>
      Signed-off-by: default avatarKevin Wolf <kwolf@redhat.com>
      f9dadc98
  30. 14 Dec, 2011 1 commit
  31. 18 Nov, 2011 1 commit
  32. 17 Nov, 2011 1 commit
  33. 26 Oct, 2011 1 commit
  34. 15 Oct, 2011 1 commit