Commit Graph

1509 Commits

Author SHA1 Message Date
Daniel P. Berrange
3e305e4a47 ui: convert VNC server to use QCryptoTLSSession
Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

  -vnc hostname:0,tls

New syntax:

  -object tls-creds-anon,id=tls0,endpoint=server \
  -vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

  -vnc hostname:0,tls,x509=/path/to/certs

New syntax:

  -object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
  -vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

  -vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

  -object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
  -vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-09-15 15:20:55 +01:00
Daniel P. Berrange
9a2fd4347c crypto: add sanity checking of TLS x509 credentials
If the administrator incorrectly sets up their x509 certificates,
the errors seen at runtime during connection attempts are very
obscure and difficult to diagnose. This has been a particular
problem for people using openssl to generate their certificates
instead of the gnutls certtool, because the openssl tools don't
turn on the various x509 extensions that gnutls expects to be
present by default.

This change thus adds support in the TLS credentials object to
sanity check the certificates when QEMU first loads them. This
gives the administrator immediate feedback for the majority of
common configuration mistakes, reducing the pain involved in
setting up TLS. The code is derived from equivalent code that
has been part of libvirt's TLS support and has been seen to be
valuable in assisting admins.

It is possible to disable the sanity checking, however, via
the new 'sanity-check' property on the tls-creds object type,
with a value of 'no'.

Unit tests are included in this change to verify the correctness
of the sanity checking code in all the key scenarios it is
intended to cope with. As part of the test suite, the pkix_asn1_tab.c
from gnutls is imported. This file is intentionally copied from the
(long since obsolete) gnutls 1.6.3 source tree, since that version
was still under GPLv2+, rather than the GPLv3+ of gnutls >= 2.0.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-09-15 15:05:09 +01:00
Peter Maydell
a2aa09e181 * Support for jemalloc
* qemu_mutex_lock_iothread "No such process" fix
 * cutils: qemu_strto* wrappers
 * iohandler.c simplification
 * Many other fixes and misc patches.
 
 And some MTTCG work (with Emilio's fixes squashed):
 * Signal-free TCG kick
 * Removing spinlock in favor of QemuMutex
 * User-mode emulation multi-threading fixes/docs
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJV8Tk7AAoJEL/70l94x66Ds3QH/3bi0RRR2NtKIXAQrGo5tfuD
 NPMu1K5Hy+/26AC6mEVNRh4kh7dPH5E4NnDGbxet1+osvmpjxAjc2JrxEybhHD0j
 fkpzqynuBN6cA2Gu5GUNoKzxxTmi2RrEYigWDZqCftRXBeO2Hsr1etxJh9UoZw5H
 dgpU3j/n0Q8s08jUJ1o789knZI/ckwL4oXK4u2KhSC7ZTCWhJT7Qr7c0JmiKReaF
 JEYAsKkQhICVKRVmC8NxML8U58O8maBjQ62UN6nQpVaQd0Yo/6cstFTZsRrHMHL3
 7A2Tyg862cMvp+1DOX3Bk02yXA+nxnzLF8kUe0rYo6llqDBDStzqyn1j9R0qeqA=
 =nB06
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* Support for jemalloc
* qemu_mutex_lock_iothread "No such process" fix
* cutils: qemu_strto* wrappers
* iohandler.c simplification
* Many other fixes and misc patches.

And some MTTCG work (with Emilio's fixes squashed):
* Signal-free TCG kick
* Removing spinlock in favor of QemuMutex
* User-mode emulation multi-threading fixes/docs

# gpg: Signature made Thu 10 Sep 2015 09:03:07 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"

* remotes/bonzini/tags/for-upstream: (44 commits)
  cutils: work around platform differences in strto{l,ul,ll,ull}
  cpu-exec: fix lock hierarchy for user-mode emulation
  exec: make mmap_lock/mmap_unlock globally available
  tcg: comment on which functions have to be called with mmap_lock held
  tcg: add memory barriers in page_find_alloc accesses
  remove unused spinlock.
  replace spinlock by QemuMutex.
  cpus: remove tcg_halt_cond and tcg_cpu_thread globals
  cpus: protect work list with work_mutex
  scripts/dump-guest-memory.py: fix after RAMBlock change
  configure: Add support for jemalloc
  add macro file for coccinelle
  configure: factor out adding disas configure
  vhost-scsi: fix wrong vhost-scsi firmware path
  checkpatch: remove tests that are not relevant outside the kernel
  checkpatch: adapt some tests to QEMU
  CODING_STYLE: update mixed declaration rules
  qmp: Add example usage of strto*l() qemu wrapper
  cutils: Add qemu_strtoull() wrapper
  cutils: Add qemu_strtoll() wrapper
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-09-14 16:13:16 +01:00
Konrad Rzeszutek Wilk
20a544c7dc xen: use errno instead of rc for xc_domain_add_to_physmap
In Xen 4.6 commit cd2f100f0f61b3f333d52d1737dd73f02daee592
"libxc: Fix do_memory_op to return negative value on errors"
made the libxc API less odd-ball: On errors, return value is
-1 and error code is in errno. On success the return value
is either 0 or an positive value.

Since we could be running with an old toolstack in which the
Exx value is in rc or the newer, we add an wrapper around
the xc_domain_add_to_physmap (called xen_xc_domain_add_to_physmap)
which will always return the EXX.

Xen 4.6 did not change the libxc functions mentioned (same parameters)
so we piggyback on the fact that Xen 4.6 has a new function:
commit 504ed2053362381ac01b98db9313454488b7db40 "tools/libxc: Expose
new hypercall xc_reserved_device_memory_map" and check for that.

Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Suggested-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10 12:04:30 +00:00
Jan Beulich
d8b441a3fb xen/HVM: atomically access pointers in bufioreq handling
The number of slots per page being 511 (i.e. not a power of two) means
that the (32-bit) read and write indexes going beyond 2^32 will likely
disturb operation. The hypervisor side gets I/O req server creation
extended so we can indicate that we're using suitable atomic accesses
where needed, allowing it to atomically canonicalize both pointers when
both have gone through at least one cycle.

The Xen side counterpart (which is not a functional prereq to this
change, albeit a build one) went in already (commit b7007bc6f9).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
2015-09-10 12:04:29 +00:00
Alexandre Derumier
7b01cb974f configure: Add support for jemalloc
This adds "--enable-jemalloc" and "--disable-jemalloc" to allow linking
to jemalloc memory allocator.

We have already tcmalloc support,
but it seem to not working well with a lot of iothreads/disks.

The main problem is that tcmalloc use a shared thread cache of 16MB
by default.
With more threads, this cache is shared, and some bad garbage collections
can occur if the cache is too low.

It's possible to tcmalloc cache increase it with a env var:
TCMALLOC_MAX_TOTAL_THREAD_CACHE_BYTES=256MB

With default 16MB, performances are  really bad with more than 2 disks.
Increasing to 256MB, it's helping but still have problem with 16 disks/iothreads.

Jemalloc don't have performance problem with default configuration.

Here the benchmark results in iops of 1 qemu vm randread 4K iodepth=32,
with rbd block backend (librbd is doing a lot of memory allocation),
1 iothread by disk

glibc malloc
------------

1 disk      29052
2 disks     55878
4 disks     127899
8 disks     240566
15 disks    269976

jemalloc
--------

1 disk      41278
2 disks     75781
4 disks     195351
8 disks     294241
15 disks    298199

tcmalloc 2.2.1 default 16M cache
--------------------------------

1 disk   37911
2 disks  67698
4 disks  41076
8 disks  43312
15 disks 37569

tcmalloc : 256M cache
---------------------------

1 disk     33914
2 disks    58839
4 disks    148205
8 disks    213298
15 disks   218383

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
Message-Id: <1434711418-20429-1-git-send-email-aderumier@odiso.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-09-09 15:34:55 +02:00
Peter Crosthwaite
c765fcac96 configure: factor out adding disas configure
Every arch adds its disas configury to both its own config as well
config_disas_all. Make a small function do to both at once.

Signed-off-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-Id: <1440844439-19391-1-git-send-email-crosthwaite.peter@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-09-09 15:34:55 +02:00
David Hildenbrand
5b9f6345a6 s390x/gdb: support reading/writing of control registers
Let's support reading and writing of control registers for kvm and tcg.

We have to take care of flushing the tlb (tcg) and pushing the changed
registers into kvm.

Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-09-07 16:10:43 +02:00
Michael Roth
f33ca81f13 build: qemu-ga: fix VSS dependencies
Currently VSS dll/tlb files for use in w32 builds are only built as a
result of having been added to the general 'tools' target alongside
qemu-ga. This is fine for default make target, but if we build
qemu-ga directly via `make qemu-ga.exe`, the VSS files are not
created.

Fix this by moving the VSS dependencies to qemu-ga.exe directly.
With this move we can move the VSS files back out of 'tools',
and drop the extra handling from MSI target in Makefile.

Now we can build qemu-ga MSI package with:
  ./configure ...
  make qemu-ga.exe
  make msi

or simply:
  ./configure ...
  make msi

and no longer need to do a full build beforehand.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01 13:16:26 -05:00
Michael Roth
1a34904e5b configure: qemu-ga: explicitly enable qemu-ga MSI support when probed
Currently, if we don't explicitly disable support for MSI installer
via --disable-guest-agent-msi, the configure variable that tracks
the flag, 'guest_agent_msi', never gets set unless one of the probes
fails. Subsequent code then treats this unset value the same as if it
were a "yes" value (via != "no" style checks).

Instead, set the default "yes" value explicitly after the probes, then
make subsequent code expect the values to be set.

This makes it easier to report on whether or not MSI support was
enabled via probe by looking at the ./configure summary.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01 13:16:26 -05:00
Michael Roth
9d6bc27b7e configure: qemu-ga: move MSI installer probe after qga probe
MSI probe assumes that qemu-ga support has been probed already, but in
cases where --enable-guest-agent/--disable-guest-agent have not been
passed to configure, qemu-ga support may end up getting enabled later,
as is the case with w32 builds. This leads to MSI probe prematurely
reporting error due to lack of qemu-ga support.

Fix this by moving MSI installer probe after the final qga probes.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01 13:16:26 -05:00
Marc-André Lureau
259434b806 qemu-ga: implement win32 guest-set-user-password
Use NetUserSetInfo() to set the user password.

This function is notoriously known to be problematic for users with EFS
encrypted files. But the alternative, NetUserChangePassword() requires
the old password. Nevertheless, The EFS file should be recovered by
changing back to the old password.

Signed-off-by: Marc-André Lureau <marcandre.lureau@gmail.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01 13:16:26 -05:00
Michael Roth
4c875d89cb configure: qemu-ga: report MSI install support in summary
Currently we need to examine config-host.mak to determine whether
options/probes for MSI package generation had desired result. Report
this more prominently in ./configure summary as we do with other
guest agent configure options.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01 11:07:09 -05:00
Laurent Vivier
4cbea59869 linux-user: remove --enable-guest-base/--disable-guest-base
All tcg host architectures now support the guest base and as
there is no real performance lost, it can be always enabled.

Anyway, guest base use can be disabled lively by setting guest
base to 0.

CONFIG_USE_GUEST_BASE is defined as (USE_GUEST_BASE && USER_ONLY),
it should have to be replaced by CONFIG_USER_ONLY in non CONFIG_USER_ONLY
parts, but as some other parts are using !CONFIG_SOFTMMU I have chosen to
use !CONFIG_SOFTMMU instead.

Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <1440373328-9788-2-git-send-email-laurent@vivier.eu>
Signed-off-by: Richard Henderson <rth@twiddle.net>
2015-08-24 11:14:17 -07:00
Peter Maydell
a30878e708 configure: Don't permit SDL or GTK on OSX
The cocoa GUI frontend assumes it is the only GUI (it redefines
main() so it always gets control before the rest of QEMU), so
it does not play well with other UIs like SDL or GTK. (Mostly
people building QEMU on OSX don't have the necessary dependencies
available for configure to build those other front ends, so
mostly this problem goes unnoticed.)

Make configure automatically disable the SDL and GTK front ends
if the cocoa front end is enabled. (We were sort of attempting
to do this for SDL before, but not in a way that worked very well.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: John Arbuckle <programmingkidx@gmail.com>
Message-id: 1439565052-3457-1-git-send-email-peter.maydell@linaro.org
2015-08-19 20:29:30 +01:00
Peter Maydell
5452b6f61a * SCSI fixes from Stefan and Fam
* vhost-scsi fix from Igor and Lu Lina
 * a build system fix from Daniel
 * two more multi-arch-related patches from Peter C.
 * TCG patches from myself and Sergey Fedorov
 * RCU improvement from Wen Congyang
 * a few more simple cleanups
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJVzmCgAAoJEL/70l94x66DhFgH/1m3iGac2Ks3vAUAdS2HBcxC
 EeziMwWFmkrfbtzUkz/jE0NG5uA2Bs8OFHsC8vmQFwkpDbGUlJ1zd5/N5UOHMG3d
 zF0vd+nKNw9C1Fo0/LPyQSeP64/xXEMTmFLqmYf4ZOowz8lr/m6WYrMIzKUoXSEn
 FeRtq78moDT8qwF372j8aoQUUpsctXDHBQHORZdcERvlc4mxojeJ3+mNViR2bv3r
 92PwGvrJ26mQXEKmGo5O1VM4k7QVg7xJQfgE11x7ShE2E9fJDMgts0Q/xCjWCLwS
 BXtEtbd9QeFEfG/mlRFevGtuvksq98m0hN7lAWb13zWmlJFuLyyMmlGfGAlU55Q=
 =Y2DB
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* SCSI fixes from Stefan and Fam
* vhost-scsi fix from Igor and Lu Lina
* a build system fix from Daniel
* two more multi-arch-related patches from Peter C.
* TCG patches from myself and Sergey Fedorov
* RCU improvement from Wen Congyang
* a few more simple cleanups

# gpg: Signature made Fri 14 Aug 2015 22:41:52 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  disas: Defeature print_target_address
  hw: fix mask for ColdFire UART command register
  scsi-generic: identify AIO callbacks more clearly
  scsi-disk: identify AIO callbacks more clearly
  scsi: create restart bottom half in the right AioContext
  configure: only add CONFIG_RDMA to config-host.h once
  qemu-nbd: remove unnecessary qemu_notify_event()
  vhost-scsi: Clarify vhost_virtqueue_mask argument
  exec: use macro ROUND_UP for alignment
  rcu: Allow calling rcu_(un)register_thread() during synchronize_rcu()
  exec: drop cpu_can_do_io, just read cpu->can_do_io
  cpu_defs: Simplify CPUTLB padding logic
  cpu-exec: Do not invalidate original TB in cpu_exec_nocache()
  vhost/scsi: call vhost_dev_cleanup() at unrealize() time
  virtio-scsi-test: Add test case for tail unaligned WRITE SAME
  scsi-disk: Fix assertion failure on WRITE SAME
  tests: virtio-scsi: clear unit attention after reset
  scsi-disk: fix cmd.mode field typo
  virtio-scsi: use virtqueue_map_sg() when loading requests

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-18 17:06:41 +01:00
Daniel P. Berrange
4164719165 configure: only add CONFIG_RDMA to config-host.h once
For unknown reasons (probably a git rebase merge mistake)

  commit 2da776db48
  Author: Michael R. Hines <mrhines@us.ibm.com>
  Date:   Mon Jul 22 10:01:54 2013 -0400

    rdma: core logic

Adds CONFIG_RDMA to config-host.h twice, as can be seen
in the generated file:

 $ grep CONFIG_RDMA config-host.h
 #define CONFIG_RDMA 1
 #define CONFIG_RDMA 1

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1438345403-32467-1-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-08-14 23:40:32 +02:00
Andreas Färber
f60c87154a configure: Drop vnc-ws feature from help text
Commit 8e9b0d2 (ui: convert VNC websockets to use crypto APIs) dropped
the --enable-vnc-ws option but forgot to update the help text. Fix this.

Cc: Daniel P. Berrange <berrange@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1437749257-3313-1-git-send-email-afaerber@suse.de
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-08-03 15:32:17 +01:00
Peter Maydell
3737129917 configure: Work around broken static pkg-config info for Ubuntu gnutls
Unfortunately Ubuntu's pkg-config information for gnutls is broken
for the static linking case, and outputs --libs options which the
compiler does not recognize. Work around this problem by testing
that the --cflags/--libs output will at least allow compilation
before enabling gnutls support.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1437758888-22486-1-git-send-email-peter.maydell@linaro.org
2015-07-27 16:15:32 +01:00
Radim Krčmář
becaeb726a crypto: fix build with nettle >= 3.0.0
In nettle 3, cbc_encrypt() accepts 'nettle_cipher_func' instead of
'nettle_crypt_func' and these two differ in 'const' qualifier of the
first argument.  The build fails with:

  In file included from crypto/cipher.c:71:0:
  ./crypto/cipher-nettle.c: In function ‘qcrypto_cipher_encrypt’:
  ./crypto/cipher-nettle.c:154:38: error: passing argument 2 of
  ‘nettle_cbc_encrypt’ from incompatible pointer type
           cbc_encrypt(ctx->ctx_encrypt, ctx->alg_encrypt,
                                               ^
  In file included from ./crypto/cipher-nettle.c:24:0,
                   from crypto/cipher.c:71:
  /usr/include/nettle/cbc.h:48:1: note: expected
  ‘void (*)(const void *, size_t, uint8_t *, const uint8_t *)
  but argument is of type
  ‘void (*)(      void *, size_t, uint8_t *, const uint8_t *)

To allow both versions, we switch to the new definition and #if typedef
it for old versions.

Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Message-Id: <1436548682-9315-2-git-send-email-rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-16 20:00:20 +02:00
Peter Maydell
acf7b7fdf3 Bugfixes and Daniel Berrange's crypto library.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJVnQWdAAoJEL/70l94x66D6OgIAKJlzQfmy5w7Q9WD4vCMhD76
 JrpLSsn7Gx/Bws0Nu9nLQlqun5z4hiUxyG2kP/WqD9+tV3cpSMSyrG6ImVdqKnQ5
 +Z8WJZuREkQv0aqDUjQVST+eIDZuh2LWJXAjhgsCXUHY77eWb/7WmKT79xJOa+5C
 5xB1qxudqX5IsTvpiKKPbmUGYkAcvRX1dUSaFwRIMO0UyKn59B9WfM9a5slIbLW7
 XfI8+wEJshTVLuQkkTfdidWQc5M5DwlmO7ESUNR/BRPCPFeyjcDqgQY5pBM5XVo9
 C+S0R3zIt3Ew0fhCtLRyjlIT0bGfwjbU5HRiHcyldBKhNUZZjSUoOWJnYRHXUDY=
 =H8wA
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

Bugfixes and Daniel Berrange's crypto library.

# gpg: Signature made Wed Jul  8 12:12:29 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  ossaudio: fix memory leak
  ui: convert VNC to use generic cipher API
  block: convert qcow/qcow2 to use generic cipher API
  ui: convert VNC websockets to use crypto APIs
  block: convert quorum blockdrv to use crypto APIs
  crypto: add a nettle cipher implementation
  crypto: add a gcrypt cipher implementation
  crypto: introduce generic cipher API & built-in implementation
  crypto: move built-in D3DES implementation into crypto/
  crypto: move built-in AES implementation into crypto/
  crypto: introduce new module for computing hash digests
  vl: move rom_load_all after machine init done

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-07-08 20:46:35 +01:00
Daniel P. Berrange
8e9b0d24fb ui: convert VNC websockets to use crypto APIs
Remove the direct use of gnutls for hash processing in the
websockets code, in favour of using the crypto APIs. This
allows the websockets code to be built unconditionally
removing countless conditional checks from the VNC code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1435770638-25715-9-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-08 13:11:01 +02:00
Daniel P. Berrange
488981a4af block: convert quorum blockdrv to use crypto APIs
Get rid of direct use of gnutls APIs in quorum blockdrv in
favour of using the crypto APIs. This avoids the need to
do conditional compilation of the quorum driver. It can
simply report an error at file open file instead if the
required hash algorithm isn't supported by QEMU.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1435770638-25715-8-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-08 13:11:01 +02:00
Daniel P. Berrange
ed754746fe crypto: add a nettle cipher implementation
If we are linking to gnutls already and gnutls is built against
nettle, then we should use nettle as a cipher backend in
preference to our built-in backend.

This will be used when linking against some GNUTLS 2.x versions
and all GNUTLS 3.x versions.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1435770638-25715-7-git-send-email-berrange@redhat.com>
[Change "#elif" to "#elif defined". - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-08 13:11:01 +02:00
Daniel P. Berrange
62893b67cd crypto: add a gcrypt cipher implementation
If we are linking to gnutls already and gnutls is built against
gcrypt, then we should use gcrypt as a cipher backend in
preference to our built-in backend.

This will be used when linking against GNUTLS 1.x and many
GNUTLS 2.x versions.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1435770638-25715-6-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-08 13:11:01 +02:00
Michael Roth
c54e1eb492 qga: added GuestPCIAddress information
PCIAddress inforfation is obtained via SetupApi, which provides the
information about address, bus, etc. We look throught entire device tree
in the system and try to find device object for given volume. For this PDO
SetupDiGetDeviceRegistryProperty is called, which reads PCI configuration
for a given devicei if it is possible.

This is the most convinient way for a userspace service. The lookup is
performed for every volume available. However, this information is
not mandatory for vss-provider.

In order to use SetupApi we need to notify linker about it. We do not need
to install additional libs, so we do not make separate configuration
option to use libsetupapi.su

SetupApi gives as the same information as kernel driver
with IRP_MN_QUERY_INTERFACE.
https://support.microsoft.com/en-us/kb/253232

Signed-off-by: Olga Krishtal <okrishtal@virtuozzo.com>
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Michael Roth <mdroth@linux.vnet.ibm.com>
* stub out get_pci_info if !CONFIG_QGA_NTDDSCSI
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-07-07 20:59:04 -05:00
Michael Roth
50cbebb9a3 configure: add configure check for ntdddisk.h
This header file provides w32 ioctl definitions for working with disk
devices. Older versions of mingw do not expose this in a useable way,
so add a configure check and report it via CONFIG_QGA_NTDDSCSI.

Subsequent patches will use this macro to stub out functionality that
relies on this in cases where it's not available.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-07-07 20:59:04 -05:00
Kirk Allan
601e5a0618 qga: add win32 library iphlpapi
Add the iphlpapi library to use APIs such as GetAdaptersInfo and
GetAdaptersAddresses.

Signed-off-by: Kirk Allan <kallan@suse.com>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-07-07 20:13:13 -05:00
Daniel P. Berrange
ddbb0d0966 crypto: introduce new module for computing hash digests
Introduce a new crypto/ directory that will (eventually) contain
all the cryptographic related code. This initially defines a
wrapper for initializing gnutls and for computing hashes with
gnutls. The former ensures that gnutls is guaranteed to be
initialized exactly once in QEMU regardless of CLI args. The
block quorum code currently fails to initialize gnutls so it
only works by luck, if VNC server TLS is not requested. The
hash APIs avoids the need to litter the rest of the code with
preprocessor checks and simplifies callers by allocating the
correct amount of memory for the requested hash.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1435770638-25715-2-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-07-07 12:04:07 +02:00
Peter Maydell
dc1e1350f8 virtio, pci fixes, enhancements
Almost exclusively bugfixes, though in this case,
 we are adding functionality to the pxb in order
 to make OVMF work on it.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJVjVb/AAoJECgfDbjSjVRpeaEH/2bwK7BGgczEQ7fhzIEaQSQq
 SV7aychNZvUFASXLV6aVmQCdYixZxlI9KDn0pMRYntUcjxRRB48U3N5Sy4km46Pw
 LLN3vxGzHazlE7AJ5c+WVDf0e2k7v3CpZ/TKXzPHmvZXIuBfjKXtKzBgyQYxGkmL
 JgRrRSHDrsbvfmhI4uHMpCTYs/WeY1cuA1IzvimBjmvVP5kkko4NoX+HEWmGJ6WK
 13fQuV+Cvz7Yk40HRpPAM0QPV2etGCj+dU7xgF9BWnn9mzbGC5iy8EUClyGil/af
 k3i/bCxs6IgpQ76LaezJtGPtn1jbohrO4qRqlatUAJCwgCYMCkxkIk+Pr4A3x4c=
 =6WvB
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

virtio, pci fixes, enhancements

Almost exclusively bugfixes, though in this case,
we are adding functionality to the pxb in order
to make OVMF work on it.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Fri Jun 26 14:43:27 2015 BST using RSA key ID D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>"

* remotes/mst/tags/for_upstream:
  Fix glib_subprocess test
  hw/pci-bridge: format special OFW unit address for PXB host
  hw/core: explicit OFW unit address callback for SysBusDeviceClass
  hw/pci-bridge: disable SHPC in PXB
  hw/pci-bridge: introduce "shpc" property
  hw/pci: introduce shpc_present() helper function
  hw/pci-bridge: add macro for "msi" property
  hw/pci-bridge: add macro for "chassis_nr" property
  hw/pci-bridge: expose _test parameter in SHPC_VMSTATE()
  migration: introduce VMSTATE_BUFFER_UNSAFE_INFO_TEST()
  add pci-bridge-seat
  pc: cleanup and convert TMP ACPI device description to AML API
  MAINTAINERS: add ACPI entry
  vhost: correctly pass error to caller in vhost_dev_enable_notifiers()
  balloon: add a feature bit to let Guest OS deflate balloon on oom
  qdev: fix OVERFLOW_BEFORE_WIDEN
  virito-pci: fix OVERRUN problem

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-26 15:57:43 +01:00
Dr. David Alan Gilbert
d46f7c9e64 Fix glib_subprocess test
A typo means that the tests dependent on glib with subprocess
support are never run.

Fixes: 9d41401b90

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2015-06-24 13:00:43 +02:00
Michael Tokarev
c23f23b970 configure: rearrange --help and consolidate enable/disable together
This is an attempt to rearrange configure --help output a bit
and consolidate pairs of --enable/disable into its own section.

After this, help text is easier to sort, manage and read.
More descriptive text can be added as well, since we now have
more space.

While at it, mention en/dis-able-vte.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-23 20:23:33 +03:00
Alex Bennée
a4969e90b8 configure: append --extra-ldflags to LDFLAGS
The help text says --extra-ldflags is appended to LDFLAGS so make it so.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-23 19:57:27 +03:00
Yossi Hindin
9dacf32d2c qemu-ga: Building Windows MSI installation with configure/Makefile
New options were added to enable Windows MSI installation package
creation:

Option --enable-guest-agent-msi, like the name suggests, enables building
Windows MSI package for QEMU guest agent; option --disable-guest-agent-msi
disables MSI package creation; by default, no MSI package is created

Signed-off-by: Yossi Hindin <yhindin@redhat.com>
Message-Id: <1430913460-13174-5-git-send-email-yhindin@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17 16:03:47 +02:00
Gerd Hoffmann
307119e7d9 only enable dsound in case the header file is present
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-15 12:42:47 +02:00
Kővágó, Zoltán
3cec7cc22f audio: remove winwave audio driver
DirectSound should be a superior choice on Windows.

Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-15 10:50:31 +02:00
Kővágó, Zoltán
14382605da audio: remove fmod backend
Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-15 10:50:31 +02:00
Kővágó, Zoltán
0bac111167 audio: remove esd backend
ESD is no longer developed and replaced by PulseAudio.

Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-15 10:50:31 +02:00
Peter Maydell
3b730f570c Patch queue for ppc - 2015-06-03
Highlights this time around:
 
   - sPAPR: endian fixes, speedups, bug fixes, hotplug basics
   - add default ram size capability for machines (sPAPR defaults to 512MB now)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
 iQIcBAABAgAGBQJVb3itAAoJECszeR4D/txgGncQAIz7tPRvMlCJyaGdYIkySUh4
 vbwAf4Z2Ddjv/gA/3G3oY1lC5RnhOJucxCbobzdayKecrdkdAJa/O/6RbKij4zMD
 svXseSpk8aKr4yrfNItxrjysJsp4cMS7APim7HcF5mOBJJqp0COkr1q97VteTfY1
 AdiSfBU5IEj0RZ+J1pSnMVf837gLiKSv+L2gTyGkb66VBMqZOZzu5UuoUhIOfa+R
 /tlm2VMRKe7vrU7Q4TL8Syn9UZnB03aNrKIXYN0VJy5WTePSMWPSQ6fbImTELEQB
 En87DGYt/QVs0eB7XNwzhF0REFblHECOzFhbOovCrvGZIa4xai8HJaJHMeaxQfkx
 4Aiby7Kv8wJgjn13OuBTvG7YWtw3hJcO1i0ePs2MmGz9sJNzhz0tyRSRglc3xN1Q
 RBrqyl3lOsnvNRzj/py7kYxCKtG8xlkaTSkO6FfXmt9UMW91pqWo4/2LCTON0zkx
 +gd2UW7JPw2u6ttzCu+b8BZv1ATovHoj2wXPP4iEYpe1sGT6qp4moZZ6CtWex/O3
 4Lhd9jJVJurMZl6e1pn/4bkcEhNvT2B484GmmerrZXrtlKm9wcepqMJC2bVCtzjT
 JBLNGTk6z8QKN5WRD+LWD3LgEjAEqV6nvqrmiwovMUtC0lJSHJTTAoeurM3h6jJn
 eaR4tzdEqHgDhzkOCHux
 =zWZp
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/agraf/tags/signed-ppc-for-upstream' into staging

Patch queue for ppc - 2015-06-03

Highlights this time around:

  - sPAPR: endian fixes, speedups, bug fixes, hotplug basics
  - add default ram size capability for machines (sPAPR defaults to 512MB now)

# gpg: Signature made Wed Jun  3 22:59:09 2015 BST using RSA key ID 03FEDC60
# gpg: Good signature from "Alexander Graf <agraf@suse.de>"
# gpg:                 aka "Alexander Graf <alex@csgraf.de>"

* remotes/agraf/tags/signed-ppc-for-upstream: (40 commits)
  softmmu: support up to 12 MMU modes
  tcg: add TCG_TARGET_TLB_DISPLACEMENT_BITS
  tci: do not use CPUArchState in tcg-target.h
  Add David Gibson for sPAPR in MAINTAINERS file
  pseries: Enable in-kernel H_LOGICAL_CI_{LOAD, STORE} implementations
  spapr: override default ram size to 512MB
  machine: add default_ram_size to machine class
  spapr_pci: emit hotplug add/remove events during hotplug
  spapr_pci: enable basic hotplug operations
  pci: make pci_bar useable outside pci.c
  spapr_pci: create DRConnectors for each PCI slot during PHB realize
  spapr_pci: add dynamic-reconfiguration option for spapr-pci-host-bridge
  spapr_drc: add spapr_drc_populate_dt()
  spapr_events: event-scan RTAS interface
  spapr_events: re-use EPOW event infrastructure for hotplug events
  spapr_rtas: add ibm, configure-connector RTAS interface
  spapr: add rtas_st_buffer_direct() helper
  spapr_rtas: add get-sensor-state RTAS interface
  spapr_rtas: add set-indicator RTAS interface
  spapr_rtas: add get/set-power-level RTAS interfaces
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-06-04 14:04:14 +01:00
Thomas Huth
31ce0adb79 configure: Check for libfdt version 1.4.0
Some recent patches require a function from libfdt version 1.4.0,
so we should check for this version during the configure step
already. Unfortunately, there does not seem to be a proper #define
for the version number in the libfdt headers. So alternatively,
we check for the availability of the required function
fdt_get_property_by_offset() instead instead.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
2015-06-03 23:56:49 +02:00
Alex Bennée
de3852877f configure: postfix --extra-cflags to QEMU_CFLAGS
It makes sense that extra-cflags should be appended after the normal
CFLAGS so they don't get overridden by default behaviour. This way if
you specify something like:

  ./configure --extra-cflags="-O0"

You will see the requested behaviour.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-06-03 16:04:39 +03:00
Gerd Hoffmann
7ced9e9f6d ui: add egl-helpers
Add helper functions to initialize OpenGL using egl.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2015-05-29 11:11:38 +02:00
Gerd Hoffmann
dcf30025c3 ui: use libexpoxy
libepoxy does the opengl extension handling for us.

It also is helpful for trouble-shooting as it prints nice error messages
instead of silently failing or segfaulting in case we do something
wrong, like using gl commands not supported by the current context.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
2015-05-29 11:11:38 +02:00
Eric Farman
ca343c7a84 s390x: gdb updates for vector registers
gdb allows registers to be displayed/modified, and is being updated
to account for the new vector registers.  Mirror these changes in
the gdb stub in qemu so that this can be performed when gdb is
attached to the qemu gdbserver.

Signed-off-by: Eric Farman <farman@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2015-05-27 17:52:03 +02:00
John Snow
f40685c62b configure: require glib 2.22
This provides g_ptr_array_new_with_free_func, as well as a few
other functions that we've been hacking around in glib-compat.h.
Cleaning up the compatibility headers will come later.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 1431469140-22208-2-git-send-email-jsnow@redhat.com
2015-05-22 14:13:58 -04:00
John Snow
fd0e60530f configure: Add workaround for ccache and clang
Test if ccache is interfering with semantic analysis of macros,
disable its habit of trying to compile already pre-processed
versions of code if so. ccache attempts to save time by compiling
pre-processed versions of code, but this disturbs clang's static
analysis enough to produce false positives.

ccache allows us to disable this feature, opting instead to
compile the original version instead of its preprocessed version.
This makes ccache much slower for cache misses, but at least it
becomes usable with QEMU/clang.

This workaround only activates for users using ccache AND clang,
and only if their configuration is observed to be producing warnings.
You may need to clear your ccache for builds started without -Werror,
as those may continue to produce warnings from the cache.

Thanks to Peter Eisentraut for his writeup on the issue:
http://peter.eisentraut.org/blog/2014/12/01/ccache-and-clang-part-3/

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427324259-1481-5-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-22 09:37:33 +01:00
John Snow
bbbf2e04e5 configure: silence glib unknown attribute __alloc_size__
The glib headers use GCC attributes.  Unfortunately the __GNUC__ and
__GNUC_MINOR__ version macros are also defined by clang, but clang
doesn't support the same attributes as GCC.

clang 3.5.0 does not support the __alloc_size__ attribute:

  c047507a9a

The following warning is produced:

  gstrfuncs.h:257:44: warning: unknown attribute '__alloc_size__' ignored [-Wunknown-attributes]
        G_GNUC_MALLOC G_GNUC_ALLOC_SIZE(2);
          gmacros.h:67:45: note: expanded from macro 'G_GNUC_ALLOC_SIZE'
                #define G_GNUC_ALLOC_SIZE(x) __attribute__((__alloc_size__(x)))

This patch checks whether glib headers cause warnings and disables
-Wunknown-attributes if it is able to.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427324259-1481-4-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-22 09:37:33 +01:00
John Snow
93b2586922 configure: factor out supported flag check
Factor out the function that checks if a compiler
flag is supported or not.

Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427324259-1481-3-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-22 09:37:32 +01:00
Stefan Hajnoczi
e4a7b344df configure: handle clang -nopie argument warning
gcc 4.9.2 treats -nopie as an error:

  cc: error: unrecognized command line option ‘-nopie’

clang 3.5.0 treats -nopie as a warning:

  clang: warning: argument unused during compilation: '-nopie'

The causes ./configure to fail with clang:

  ERROR: configure test passed without -Werror but failed with -Werror.

Make the -nopie test use -Werror so that compile_prog works for both gcc
and clang.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 1427324259-1481-2-git-send-email-jsnow@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-22 09:37:32 +01:00
Peter Maydell
b951cda21d - build bugfix from Fam and new configure check from Emilio
- two improvements to "info mtere" from Gerd
 - KVM support for memory transaction attributes
 - one more small step towards unlocked MMIO dispatch
 - one piece of the qemu-nbd errno fixes
 - trivial-ish patches from Denis and Thomas
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJVTLBhAAoJEL/70l94x66DkGIH/jlNJBMBGhlH/lwb1LzxtAMX
 OxyDxsiwJpSxsOiZiY3oRz7d6VV6TCrmx5L+1HgG5IzU3WC61Tq6/FK4EXLepZIH
 GSYlLtAALWny+2Uwsyh1Z7MMr5yxyhgeORk/l7O8pncmMeysludbEaJqQg8Aa9A2
 j0B2pv4tvcl/qhuIFXL1YlbYMVXMsZy5W65D8jq+B6qf3q8kUcdKvgvbUMrxAiSH
 JMISo4Z32t9w8SGnhlBa9s4HfN2yOvULRAozzkDBAu4c41cZrw16lvTV8XotamnU
 LrG6eQ+2PFeIrcGhuIu7z5Bi4yiRRiThfRLCAvVApVTQYUf7IwvPNa5K1FrP9YU=
 =Z/UD
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

- build bugfix from Fam and new configure check from Emilio
- two improvements to "info mtere" from Gerd
- KVM support for memory transaction attributes
- one more small step towards unlocked MMIO dispatch
- one piece of the qemu-nbd errno fixes
- trivial-ish patches from Denis and Thomas

# gpg: Signature made Fri May  8 13:47:29 2015 BST using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  qemu-nbd: only send a limited number of errno codes on the wire
  rules.mak: Force CFLAGS for all objects in DSO
  configure: require __thread support
  exec: move rcu_read_lock/unlock to address_space_translate callers
  kvm: add support for memory transaction attributes
  mtree: also print disabled regions
  mtree: tag & indent a bit better
  apic_common: improve readability of apic_reset_common
  kvm: Silence warning from valgrind

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-05-11 12:01:09 +01:00