| #
b25b387f |
| 23-Jun-2017 |
Daniel P. Berrange <berrange@redhat.com> |
qcow2: convert QCow2 to use QCryptoBlock for encryption
This converts the qcow2 driver to make use of the QCryptoBlock
APIs for encrypting image content, using the legacy QCow2 AES
s
qcow2: convert QCow2 to use QCryptoBlock for encryption
This converts the qcow2 driver to make use of the QCryptoBlock
APIs for encrypting image content, using the legacy QCow2 AES
scheme.
With this change it is now required to use the QCryptoSecret
object for providing passwords, instead of the current block
password APIs / interactive prompting.
$QEMU \
-object secret,id=sec0,file=/home/berrange/encrypted.pw \
-drive file=/home/berrange/encrypted.qcow2,encrypt.key-secret=sec0
The test 087 could be simplified since there is no longer a
difference in behaviour when using blockdev_add with encrypted
images for the running vs stopped CPU state.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20170623162419.26068-12-berrange@redhat.com
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
show more ...
|
| #
317134bb |
| 05-May-2017 |
Stefan Hajnoczi <stefanha@redhat.com> |
Merge remote-tracking branch 'shorne/tags/pull-or-20170504' into staging
Openrisc Features and Fixes for qemu 2.10
# gpg: Signature made Thu 04 May 2017 01:41:45 AM BST
# gpg:
Merge remote-tracking branch 'shorne/tags/pull-or-20170504' into staging
Openrisc Features and Fixes for qemu 2.10
# gpg: Signature made Thu 04 May 2017 01:41:45 AM BST
# gpg: using RSA key 0xC3B31C2D5E6627E4
# gpg: Good signature from "Stafford Horne <shorne@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: D9C4 7354 AEF8 6C10 3A25 EFF1 C3B3 1C2D 5E66 27E4
* shorne/tags/pull-or-20170504:
target/openrisc: Support non-busy idle state using PMR SPR
target/openrisc: Remove duplicate features property
target/openrisc: Implement full vmstate serialization
migration: Add VMSTATE_STRUCT_2DARRAY()
target/openrisc: implement shadow registers
migration: Add VMSTATE_UINTTL_2DARRAY()
target/openrisc: add numcores and coreid support
target/openrisc: Fixes for memory debugging
target/openrisc: Implement EPH bit
target/openrisc: Implement EVBAR register
MAINTAINERS: Add myself as openrisc maintainer
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
show more ...
|
| #
52e94ea5 |
| 26-Apr-2017 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20170421-v2-tag' into staging
Xen 2017/04/21 + fix
# gpg: Signature made Tue 25 Apr 2017 19:10:37 BST
# gpg:
Merge remote-tracking branch 'remotes/sstabellini/tags/xen-20170421-v2-tag' into staging
Xen 2017/04/21 + fix
# gpg: Signature made Tue 25 Apr 2017 19:10:37 BST
# gpg: using RSA key 0x894F8F4870E1AE90
# gpg: Good signature from "Stefano Stabellini <stefano.stabellini@eu.citrix.com>"
# gpg: aka "Stefano Stabellini <sstabellini@kernel.org>"
# Primary key fingerprint: D04E 33AB A51F 67BA 07D3 0AEA 894F 8F48 70E1 AE90
* remotes/sstabellini/tags/xen-20170421-v2-tag: (21 commits)
move xen-mapcache.c to hw/i386/xen/
move xen-hvm.c to hw/i386/xen/
move xen-common.c to hw/xen/
add xen-9p-backend to MAINTAINERS under Xen
xen/9pfs: build and register Xen 9pfs backend
xen/9pfs: send responses back to the frontend
xen/9pfs: implement in/out_iov_from_pdu and vmarshal/vunmarshal
xen/9pfs: receive requests from the frontend
xen/9pfs: connect to the frontend
xen/9pfs: introduce Xen 9pfs backend
9p: introduce a type for the 9p header
xen: import ring.h from xen
configure: use pkg-config for obtaining xen version
xen: additionally restrict xenforeignmemory operations
xen: use libxendevice model to restrict operations
xen: use 5 digit xen versions
xen: use libxendevicemodel when available
configure: detect presence of libxendevicemodel
xen: create wrappers for all other uses of xc_hvm_XXX() functions
xen: rename xen_modified_memory() to xen_hvm_modified_memory()
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
| #
b8c7193f |
| 25-Apr-2017 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Tue 25 Apr 2017 12:22:03 BST
# gpg: using RSA key 0xEF04965B398D62
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Tue 25 Apr 2017 12:22:03 BST
# gpg: using RSA key 0xEF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
COLO-compare: Optimize tcp compare trace event
COLO-compare: Optimize tcp compare for option field
slirp: add a fake NC-SI backend
aspeed: add a FTGMAC100 nic
net/ftgmac100: add a 'aspeed' property
net: add FTGMAC100 support
hw/net: add MII definitions
colo-compare: Fix old packet check bug.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
| #
f4b5b021 |
| 25-Apr-2017 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into staging
# gpg: Signature made Mon 24 Apr 2017 20:18:05 BST
# gpg: using RSA key 0xBDBE7B27C0DE3057
Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into staging
# gpg: Signature made Mon 24 Apr 2017 20:18:05 BST
# gpg: using RSA key 0xBDBE7B27C0DE3057
# gpg: Good signature from "Jeffrey Cody <jcody@redhat.com>"
# gpg: aka "Jeffrey Cody <jeff@codyprime.org>"
# gpg: aka "Jeffrey Cody <codyprime@gmail.com>"
# Primary key fingerprint: 9957 4B4D 3474 90E7 9D98 D624 BDBE 7B27 C0DE 3057
* remotes/cody/tags/block-pull-request:
qemu-iotests: _cleanup_qemu must be called on exit
block/rbd: Add support for reopen()
block/rbd - update variable names to more apt names
block: use bdrv_can_set_read_only() during reopen
block: introduce bdrv_can_set_read_only()
block: code movement
block: honor BDRV_O_ALLOW_RDWR when clearing bs->read_only
block: do not set BDS read_only if copy_on_read enabled
block: add bdrv_set_read_only() helper function
qemu-iotests: exclude vxhs from image creation via protocol
block/vxhs.c: Add qemu-iotests for new block device type "vxhs"
block/vxhs.c: Add support for a new block device type called "vxhs"
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
| #
a98f49f4 |
| 14-Feb-2017 |
Jeff Cody <jcody@redhat.com> |
qemu-iotests: exclude vxhs from image creation via protocol
The protocol VXHS does not support image creation. Some tests expect
to be able to create images through the protocol. Exclu
qemu-iotests: exclude vxhs from image creation via protocol
The protocol VXHS does not support image creation. Some tests expect
to be able to create images through the protocol. Exclude VXHS from
these tests.
Signed-off-by: Jeff Cody <jcody@redhat.com>
show more ...
|
| #
7cfdc02d |
| 26-Sep-2016 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio, pc: fixes and features
beginning of guest error handling for virtio devices
amd iommu
pc co
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
virtio, pc: fixes and features
beginning of guest error handling for virtio devices
amd iommu
pc compat fixes
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Fri 23 Sep 2016 23:02:09 BST
# gpg: using RSA key 0x281F0DB8D28D5469
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>"
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>"
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
hw/i386: AMD IOMMU IVRS table
hw/i386: Introduce AMD IOMMU
hw/i386/trace-events: Add AMD IOMMU trace events
hw/pci: Prepare for AMD IOMMU
virtio: handle virtqueue_get_head() errors
virtio: handle virtqueue_num_heads() errors
virtio: handle virtqueue_read_next_desc() errors
virtio: use unsigned int for virtqueue_get_avail_bytes() index
virtio: handle virtqueue_get_avail_bytes() errors
virtio: handle virtqueue_map_desc() errors
virtio: migrate vdev->broken flag
virtio: stop virtqueue processing if device is broken
virtio: fix stray tab character
target-i386: turn off CPU.l3-cache only for 2.7 and older machine types
pc: clean up COMPAT macro chaining
virtio: add check for descriptor's mapped address
tests: add /vhost-user/flags-mismatch test
tests: add a simple /vhost-user/multiqueue test
tests: add /vhost-user/connect-fail test
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
| #
3b71ec85 |
| 23-Sep-2016 |
Peter Maydell <peter.maydell@linaro.org> |
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches
# gpg: Signature made Fri 23 Sep 2016 12:59:46 BST
# gpg: using RS
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
Block layer patches
# gpg: Signature made Fri 23 Sep 2016 12:59:46 BST
# gpg: using RSA key 0x7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>"
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* remotes/kevin/tags/for-upstream: (33 commits)
block: Remove BB interface from blockdev-add/del
qemu-iotests/141: Avoid blockdev-add with id
block: Avoid printing NULL string in error messages
qemu-iotests/139: Avoid blockdev-add with id
qemu-iotests/124: Avoid blockdev-add with id
qemu-iotests/118: Avoid blockdev-add with id
qemu-iotests/117: Avoid blockdev-add with id
qemu-iotests/087: Avoid blockdev-add with id
qemu-iotests/081: Avoid blockdev-add with id
qemu-iotests/071: Avoid blockdev-add with id
qemu-iotests/067: Avoid blockdev-add with id
qemu-iotests/041: Avoid blockdev-add with id
qemu-iotests/118: Test media change with qdev name
block: Accept device model name for block_set_io_throttle
block: Accept device model name for blockdev-change-medium
block: Accept device model name for eject
block: Accept device model name for x-blockdev-remove-medium
block: Accept device model name for x-blockdev-insert-medium
block: Accept device model name for blockdev-open/close-tray
qdev-monitor: Add blk_by_qdev_id()
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
show more ...
|
| #
bb9f8dd0 |
| 06-Sep-2016 |
Daniel P. Berrange <berrange@redhat.com> |
qcow2: fix encryption during cow of sectors
Broken in previous commit:
commit aaa4d20b4972bb1a811ce929502e6741835d584e
Author: Kevin Wolf <kwolf@redhat.com>
Date: We
qcow2: fix encryption during cow of sectors
Broken in previous commit:
commit aaa4d20b4972bb1a811ce929502e6741835d584e
Author: Kevin Wolf <kwolf@redhat.com>
Date: Wed Jun 1 15:21:05 2016 +0200
qcow2: Make copy_sectors() byte based
The copy_sectors() code was originally using the 'sector'
parameter for encryption, which was passed in by the caller
from the QCowL2Meta.offset field (aka the guest logical
offset).
After the change, the code is using 'cluster_offset' which
was passed in from QCow2L2Meta.alloc_offset field (aka the
host physical offset).
This would cause the data to be encrypted using an incorrect
initialization vector which will in turn cause later reads
to return garbage.
Although current qcow2 built-in encryption is blocked from
usage in the emulator, one could still hit this if writing
to the file via qemu-{img,io,nbd} commands.
Cc: qemu-stable@nongnu.org
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
show more ...
|