Revision tags: v8.2.2, v7.2.10, v8.2.1, v8.1.5, v7.2.9, v8.1.4, v7.2.8, v8.2.0 |
|
#
03e471c4 |
| 18-Dec-2023 |
Fiona Ebner <f.ebner@proxmox.com> |
qemu_init: increase NOFILE soft limit on POSIX
In many configurations, e.g. multiple vNICs with multiple queues or with many Ceph OSDs, the default soft limit of 1024 is not enough. QEMU is supposed
qemu_init: increase NOFILE soft limit on POSIX
In many configurations, e.g. multiple vNICs with multiple queues or with many Ceph OSDs, the default soft limit of 1024 is not enough. QEMU is supposed to work fine with file descriptors >= 1024 and does not use select() on POSIX. Bump the soft limit to the allowed hard limit to avoid issues with the aforementioned configurations.
Of course the limit could be raised from the outside, but the man page of systemd.exec states about 'LimitNOFILE=':
> Don't use. > [...] > Typically applications should increase their soft limit to the hard > limit on their own, if they are OK with working with file > descriptors above 1023,
If the soft limit is already the same as the hard limit, avoid the superfluous setrlimit call. This can avoid a warning with a strict seccomp filter blocking setrlimit if NOFILE was already raised before executing QEMU.
Buglink: https://bugzilla.proxmox.com/show_bug.cgi?id=4507 Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
Revision tags: v8.2.0-rc4, v8.2.0-rc3, v8.2.0-rc2, v8.2.0-rc1, v7.2.7, v8.1.3, v8.2.0-rc0, v8.1.2 |
|
#
d2803376 |
| 04-Oct-2023 |
Philippe Mathieu-Daudé <philmd@linaro.org> |
os-posix: Clean up global variable shadowing
Fix:
os-posix.c:103:31: error: declaration shadows a variable in the global scope [-Werror,-Wshadow] bool os_set_runas(const char *optarg)
os-posix: Clean up global variable shadowing
Fix:
os-posix.c:103:31: error: declaration shadows a variable in the global scope [-Werror,-Wshadow] bool os_set_runas(const char *optarg) ^ os-posix.c:176:32: error: declaration shadows a variable in the global scope [-Werror,-Wshadow] void os_set_chroot(const char *optarg) ^ /Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/getopt.h:77:14: note: previous declaration is here extern char *optarg; /* getopt(3) external variables */ ^
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20231004120019.93101-5-philmd@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Markus Armbruster <armbru@redhat.com>
show more ...
|
Revision tags: v8.2.0-rc4, v8.2.0-rc3, v8.2.0-rc2, v8.2.0-rc1, v7.2.7, v8.1.3, v8.2.0-rc0, v8.1.2 |
|
#
d2803376 |
| 04-Oct-2023 |
Philippe Mathieu-Daudé <philmd@linaro.org> |
os-posix: Clean up global variable shadowing
Fix:
os-posix.c:103:31: error: declaration shadows a variable in the global scope [-Werror,-Wshadow] bool os_set_runas(const char *optarg)
os-posix: Clean up global variable shadowing
Fix:
os-posix.c:103:31: error: declaration shadows a variable in the global scope [-Werror,-Wshadow] bool os_set_runas(const char *optarg) ^ os-posix.c:176:32: error: declaration shadows a variable in the global scope [-Werror,-Wshadow] void os_set_chroot(const char *optarg) ^ /Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/getopt.h:77:14: note: previous declaration is here extern char *optarg; /* getopt(3) external variables */ ^
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20231004120019.93101-5-philmd@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Markus Armbruster <armbru@redhat.com>
show more ...
|
Revision tags: v8.2.0-rc4, v8.2.0-rc3, v8.2.0-rc2, v8.2.0-rc1, v7.2.7, v8.1.3, v8.2.0-rc0, v8.1.2 |
|
#
d2803376 |
| 04-Oct-2023 |
Philippe Mathieu-Daudé <philmd@linaro.org> |
os-posix: Clean up global variable shadowing
Fix:
os-posix.c:103:31: error: declaration shadows a variable in the global scope [-Werror,-Wshadow] bool os_set_runas(const char *optarg)
os-posix: Clean up global variable shadowing
Fix:
os-posix.c:103:31: error: declaration shadows a variable in the global scope [-Werror,-Wshadow] bool os_set_runas(const char *optarg) ^ os-posix.c:176:32: error: declaration shadows a variable in the global scope [-Werror,-Wshadow] void os_set_chroot(const char *optarg) ^ /Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/getopt.h:77:14: note: previous declaration is here extern char *optarg; /* getopt(3) external variables */ ^
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20231004120019.93101-5-philmd@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Markus Armbruster <armbru@redhat.com>
show more ...
|
Revision tags: v8.1.1, v7.2.6, v8.0.5 |
|
#
36d61c9e |
| 01-Sep-2023 |
Michael Tokarev <mjt@tls.msk.ru> |
os-posix.c: remove unneeded #includes
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Eric Blake <eblake@redhat.com> Message-ID: <20230901101302.3618955-7-mjt@tls.msk.ru> Signed-off-by:
os-posix.c: remove unneeded #includes
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Eric Blake <eblake@redhat.com> Message-ID: <20230901101302.3618955-7-mjt@tls.msk.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
#
433aed5f |
| 01-Sep-2023 |
Michael Tokarev <mjt@tls.msk.ru> |
os-posix.c: move code around
this moves code blocks so that functions and variables which belongs to the same concept are now close to each other. There's no actual code changes in there.
Signed-of
os-posix.c: move code around
this moves code blocks so that functions and variables which belongs to the same concept are now close to each other. There's no actual code changes in there.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Eric Blake <eblake@redhat.com> Message-ID: <20230901101302.3618955-6-mjt@tls.msk.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
#
8a768db1 |
| 01-Sep-2023 |
Michael Tokarev <mjt@tls.msk.ru> |
os-posix.c, softmmu/vl.c: move os_parse_cmd_args() into qemu_init()
This will stop linking softmmu-specific os_parse_cmd_args() into every qemu executable which happens to use other functions from o
os-posix.c, softmmu/vl.c: move os_parse_cmd_args() into qemu_init()
This will stop linking softmmu-specific os_parse_cmd_args() into every qemu executable which happens to use other functions from os-posix.c, such as os_set_line_buffering() or os_setup_signal_handling().
Also, since there's no win32-specific options, *all* option parsing is now done in softmmu/vl.c:qemu_init(), which is easier to read without extra indirection, - all options are in the single function now.
This effectively reverts commit 59a5264b99434.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Eric Blake <eblake@redhat.com> Message-ID: <20230901101302.3618955-5-mjt@tls.msk.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
#
5b156390 |
| 01-Sep-2023 |
Michael Tokarev <mjt@tls.msk.ru> |
os-posix.c: create and export os_set_chroot()
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Eric Blake <eblake@redhat.com> Message-ID: <20230901101302.3618955-4-mjt@tls.msk.ru> Signed
os-posix.c: create and export os_set_chroot()
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Eric Blake <eblake@redhat.com> Message-ID: <20230901101302.3618955-4-mjt@tls.msk.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
#
22d02515 |
| 01-Sep-2023 |
Michael Tokarev <mjt@tls.msk.ru> |
os-posix.c: create and export os_set_runas()
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
os-posix.c: create and export os_set_runas()
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-ID: <20230901101302.3618955-3-mjt@tls.msk.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
Revision tags: v8.1.0, v8.1.0-rc4, v8.1.0-rc3, v7.2.5, v8.0.4, v8.1.0-rc2, v8.1.0-rc1, v8.1.0-rc0, v8.0.3, v7.2.4 |
|
#
9ffcbe2a |
| 03-Jul-2023 |
Thomas Huth <thuth@redhat.com> |
os-posix: Allow 'chroot' via '-run-with' and deprecate the old '-chroot' option
We recently introduced "-run-with" for options that influence the runtime behavior of QEMU. This option has the big ad
os-posix: Allow 'chroot' via '-run-with' and deprecate the old '-chroot' option
We recently introduced "-run-with" for options that influence the runtime behavior of QEMU. This option has the big advantage that it can group related options (so that it is easier for the users to spot them) and that the options become introspectable via QMP this way. So let's start moving more switches into this option group, starting with "-chroot" now.
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Ján Tomko <jtomko@redhat.com> Message-Id: <20230703074447.17044-1-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
Revision tags: v8.1.0, v8.1.0-rc4, v8.1.0-rc3, v7.2.5, v8.0.4, v8.1.0-rc2, v8.1.0-rc1, v8.1.0-rc0, v8.0.3, v7.2.4 |
|
#
9ffcbe2a |
| 03-Jul-2023 |
Thomas Huth <thuth@redhat.com> |
os-posix: Allow 'chroot' via '-run-with' and deprecate the old '-chroot' option
We recently introduced "-run-with" for options that influence the runtime behavior of QEMU. This option has the big ad
os-posix: Allow 'chroot' via '-run-with' and deprecate the old '-chroot' option
We recently introduced "-run-with" for options that influence the runtime behavior of QEMU. This option has the big advantage that it can group related options (so that it is easier for the users to spot them) and that the options become introspectable via QMP this way. So let's start moving more switches into this option group, starting with "-chroot" now.
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Ján Tomko <jtomko@redhat.com> Message-Id: <20230703074447.17044-1-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
Revision tags: v8.0.2, v8.0.1, v7.2.3 |
|
#
80bd81ca |
| 05-May-2023 |
Claudio Imbrenda <imbrenda@linux.ibm.com> |
util/async-teardown: wire up query-command-line-options
Add new -run-with option with an async-teardown=on|off parameter. It is visible in the output of query-command-line-options QMP command, so it
util/async-teardown: wire up query-command-line-options
Add new -run-with option with an async-teardown=on|off parameter. It is visible in the output of query-command-line-options QMP command, so it can be discovered and used by libvirt.
The option -async-teardown is now redundant, deprecate it.
Reported-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Fixes: c891c24b1a ("os-posix: asynchronous teardown for shutdown on Linux") Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Message-Id: <20230505120051.36605-2-imbrenda@linux.ibm.com> [thuth: Add curly braces to fix error with GCC 8.5, fix bug in deprecated.rst] Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
Revision tags: v7.2.2, v8.0.0, v8.0.0-rc4, v8.0.0-rc3, v7.2.1, v8.0.0-rc2, v8.0.0-rc1, v8.0.0-rc0, v7.2.0, v7.2.0-rc4, v7.2.0-rc3, v7.2.0-rc2, v7.2.0-rc1, v7.2.0-rc0 |
|
#
8b6aa693 |
| 23-Oct-2022 |
Nikita Ivanov <nivanov@cloudlinux.com> |
Refactoring: refactor TFR() macro to RETRY_ON_EINTR()
Rename macro name to more transparent one and refactor it to expression.
Signed-off-by: Nikita Ivanov <nivanov@cloudlinux.com> Message-Id: <202
Refactoring: refactor TFR() macro to RETRY_ON_EINTR()
Rename macro name to more transparent one and refactor it to expression.
Signed-off-by: Nikita Ivanov <nivanov@cloudlinux.com> Message-Id: <20221023090422.242617-2-nivanov@cloudlinux.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
Revision tags: v7.2.2, v8.0.0, v8.0.0-rc4, v8.0.0-rc3, v7.2.1, v8.0.0-rc2, v8.0.0-rc1, v8.0.0-rc0, v7.2.0, v7.2.0-rc4, v7.2.0-rc3, v7.2.0-rc2, v7.2.0-rc1, v7.2.0-rc0 |
|
#
8b6aa693 |
| 23-Oct-2022 |
Nikita Ivanov <nivanov@cloudlinux.com> |
Refactoring: refactor TFR() macro to RETRY_ON_EINTR()
Rename macro name to more transparent one and refactor it to expression.
Signed-off-by: Nikita Ivanov <nivanov@cloudlinux.com> Message-Id: <202
Refactoring: refactor TFR() macro to RETRY_ON_EINTR()
Rename macro name to more transparent one and refactor it to expression.
Signed-off-by: Nikita Ivanov <nivanov@cloudlinux.com> Message-Id: <20221023090422.242617-2-nivanov@cloudlinux.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
Revision tags: v7.1.0, v7.1.0-rc4, v7.1.0-rc3 |
|
#
c891c24b |
| 12-Aug-2022 |
Claudio Imbrenda <imbrenda@linux.ibm.com> |
os-posix: asynchronous teardown for shutdown on Linux
This patch adds support for asynchronously tearing down a VM on Linux.
When qemu terminates, either naturally or because of a fatal signal, the
os-posix: asynchronous teardown for shutdown on Linux
This patch adds support for asynchronously tearing down a VM on Linux.
When qemu terminates, either naturally or because of a fatal signal, the VM is torn down. If the VM is huge, it can take a considerable amount of time for it to be cleaned up. In case of a protected VM, it might take even longer than a non-protected VM (this is the case on s390x, for example).
Some users might want to shut down a VM and restart it immediately, without having to wait. This is especially true if management infrastructure like libvirt is used.
This patch implements a simple trick on Linux to allow qemu to return immediately, with the teardown of the VM being performed asynchronously.
If the new commandline option -async-teardown is used, a new process is spawned from qemu at startup, using the clone syscall, in such way that it will share its address space with qemu.The new process will have the name "cleanup/<QEMU_PID>". It will wait until qemu terminates completely, and then it will exit itself.
This allows qemu to terminate quickly, without having to wait for the whole address space to be torn down. The cleanup process will exit after qemu, so it will be the last user of the address space, and therefore it will take care of the actual teardown. The cleanup process will share the same cgroups as qemu, so both memory usage and cpu time will be accounted properly.
If possible, close_range will be used in the cleanup process to close all open file descriptors. If it is not available or if it fails, /proc will be used to determine which file descriptors to close.
If the cleanup process is forcefully killed with SIGKILL before the main qemu process has terminated completely, the mechanism is defeated and the teardown will not be asynchronous.
This feature can already be used with libvirt by adding the following to the XML domain definition to pass the parameter to qemu directly:
<commandline xmlns="http://libvirt.org/schemas/domain/qemu/1.0"> <arg value='-async-teardown'/> </commandline>
Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com> Tested-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com> Message-Id: <20220812133453.82671-1-imbrenda@linux.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
Revision tags: v7.1.0, v7.1.0-rc4, v7.1.0-rc3 |
|
#
c891c24b |
| 12-Aug-2022 |
Claudio Imbrenda <imbrenda@linux.ibm.com> |
os-posix: asynchronous teardown for shutdown on Linux
This patch adds support for asynchronously tearing down a VM on Linux.
When qemu terminates, either naturally or because of a fatal signal, the
os-posix: asynchronous teardown for shutdown on Linux
This patch adds support for asynchronously tearing down a VM on Linux.
When qemu terminates, either naturally or because of a fatal signal, the VM is torn down. If the VM is huge, it can take a considerable amount of time for it to be cleaned up. In case of a protected VM, it might take even longer than a non-protected VM (this is the case on s390x, for example).
Some users might want to shut down a VM and restart it immediately, without having to wait. This is especially true if management infrastructure like libvirt is used.
This patch implements a simple trick on Linux to allow qemu to return immediately, with the teardown of the VM being performed asynchronously.
If the new commandline option -async-teardown is used, a new process is spawned from qemu at startup, using the clone syscall, in such way that it will share its address space with qemu.The new process will have the name "cleanup/<QEMU_PID>". It will wait until qemu terminates completely, and then it will exit itself.
This allows qemu to terminate quickly, without having to wait for the whole address space to be torn down. The cleanup process will exit after qemu, so it will be the last user of the address space, and therefore it will take care of the actual teardown. The cleanup process will share the same cgroups as qemu, so both memory usage and cpu time will be accounted properly.
If possible, close_range will be used in the cleanup process to close all open file descriptors. If it is not available or if it fails, /proc will be used to determine which file descriptors to close.
If the cleanup process is forcefully killed with SIGKILL before the main qemu process has terminated completely, the mechanism is defeated and the teardown will not be asynchronous.
This feature can already be used with libvirt by adding the following to the XML domain definition to pass the parameter to qemu directly:
<commandline xmlns="http://libvirt.org/schemas/domain/qemu/1.0"> <arg value='-async-teardown'/> </commandline>
Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com> Tested-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com> Message-Id: <20220812133453.82671-1-imbrenda@linux.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
Revision tags: v7.1.0-rc2, v7.1.0-rc1, v7.1.0-rc0 |
|
#
3338a41f |
| 22-Apr-2022 |
Marc-André Lureau <marcandre.lureau@redhat.com> |
os-posix: replace pipe()+cloexec with g_unix_open_pipe(CLOEXEC)
Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Ric
os-posix: replace pipe()+cloexec with g_unix_open_pipe(CLOEXEC)
Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
show more ...
|
Revision tags: v7.0.0, v7.0.0-rc4, v7.0.0-rc3, v7.0.0-rc2, v7.0.0-rc1, v7.0.0-rc0 |
|
#
c6b310b3 |
| 04-Mar-2022 |
Daniel P. Berrangé <berrange@redhat.com> |
softmmu: remove deprecated --enable-fips option
Users requiring FIPS support must build QEMU with either the libgcrypt or gnutls libraries as the crytography backend.
Reviewed-by: Philippe Mathieu-
softmmu: remove deprecated --enable-fips option
Users requiring FIPS support must build QEMU with either the libgcrypt or gnutls libraries as the crytography backend.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
#
229ef2eb |
| 17-Apr-2022 |
Richard Henderson <richard.henderson@linaro.org> |
os-posix: Use qemu_log_enabled
Do not reference qemu_logfile directly; use the predicate provided by qemu/log.h.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daud
os-posix: Use qemu_log_enabled
Do not reference qemu_logfile directly; use the predicate provided by qemu/log.h.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220417183019.755276-6-richard.henderson@linaro.org>
show more ...
|
#
0f9668e0 |
| 23-Mar-2022 |
Marc-André Lureau <marcandre.lureau@redhat.com> |
Remove qemu-common.h include from most units
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20220323155743.1585078-33-marcandre.lureau@redhat.com> Signed-off-by: Paolo B
Remove qemu-common.h include from most units
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20220323155743.1585078-33-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
#
f22ac472 |
| 03-Mar-2022 |
Hanna Reitz <hreitz@redhat.com> |
os-posix: Add os_set_daemonize()
The daemonizing functions in os-posix (os_daemonize() and os_setup_post()) only daemonize the process if the static `daemonize` variable is set. Right now, it can o
os-posix: Add os_set_daemonize()
The daemonizing functions in os-posix (os_daemonize() and os_setup_post()) only daemonize the process if the static `daemonize` variable is set. Right now, it can only be set by os_parse_cmd_args().
In order to use os_daemonize() and os_setup_post() from the storage daemon to have it be daemonized, we need some other way to set this `daemonize` variable, because I would rather not tap into the system emulator's arg-parsing code. Therefore, this patch adds an os_set_daemonize() function, which will return an error on os-win32 (because daemonizing is not supported there).
Signed-off-by: Hanna Reitz <hreitz@redhat.com> Message-Id: <20220303164814.284974-2-hreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
show more ...
|
Revision tags: v6.1.1, v6.2.0, v6.2.0-rc4, v6.2.0-rc3, v6.2.0-rc2, v6.2.0-rc1, v6.2.0-rc0, v6.0.1, v6.1.0, v6.1.0-rc4, v6.1.0-rc3, v6.1.0-rc2, v6.1.0-rc1, v6.1.0-rc0 |
|
#
fd5fc4b1 |
| 17-May-2021 |
Paolo Bonzini <pbonzini@redhat.com> |
remove qemu-options* from root directory
These headers are also included from softmmu/vl.c, so they should be in include/. Remove qemu-options-wrapper.h, since elsewhere we include "template" heade
remove qemu-options* from root directory
These headers are also included from softmmu/vl.c, so they should be in include/. Remove qemu-options-wrapper.h, since elsewhere we include "template" headers directly and #define the parameters in the including file; move qemu-options.h to include/.
Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|
Revision tags: v6.0.0, v6.0.0-rc5, v6.0.0-rc4, v6.0.0-rc3, v6.0.0-rc2, v6.0.0-rc1, v6.0.0-rc0, v5.2.0, v5.2.0-rc4, v5.2.0-rc3, v5.2.0-rc2, v5.2.0-rc1, v5.2.0-rc0 |
|
#
16631029 |
| 20-Oct-2020 |
Daniel P. Berrangé <berrange@redhat.com> |
os: deprecate the -enable-fips option and QEMU's FIPS enforcement
The -enable-fips option was added a long time ago to prevent the use of single DES when VNC when FIPS mode is enabled. It should nev
os: deprecate the -enable-fips option and QEMU's FIPS enforcement
The -enable-fips option was added a long time ago to prevent the use of single DES when VNC when FIPS mode is enabled. It should never have been added, because apps are supposed to unconditionally honour FIPS mode based on the '/proc/sys/crypto/fips_enabled' file contents.
In addition there is more to achieving FIPS compliance than merely blocking use of certain algorithms. Those algorithms which are used need to perform self-tests at runtime.
QEMU's built-in cryptography provider has no support for self-tests, and neither does the nettle library.
If QEMU is required to be used in a FIPS enabled host, then it must be built with the libgcrypt library enabled, which will unconditionally enforce FIPS compliance in any algorithm usage.
Thus there is no need to keep either the -enable-fips option in QEMU, or QEMU's internal FIPS checking methods.
Reviewed-by: John Snow <jsnow@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
Revision tags: v5.0.1 |
|
#
ea1edcd7 |
| 18-Aug-2020 |
Paolo Bonzini <pbonzini@redhat.com> |
vl: relocate paths to data directories
As an additional advantage, the logic is now unified between POSIX and Win32 systems.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
#
a4c13869 |
| 18-Aug-2020 |
Paolo Bonzini <pbonzini@redhat.com> |
oslib: do not call g_strdup from qemu_get_exec_dir
Just return the directory without requiring the caller to free it. This also removes a bogus check for NULL in os_find_datadir and module_load_one;
oslib: do not call g_strdup from qemu_get_exec_dir
Just return the directory without requiring the caller to free it. This also removes a bogus check for NULL in os_find_datadir and module_load_one; g_strdup of a static variable cannot return NULL.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
show more ...
|