Merge tag 'crypto-fixes-pull-request' of https://gitlab.com/berrange/qemu into staging

* Remove deprecated 'loaded' property from crypto objects
* Fix error checking of hash function in gcrypt
* Per

Merge tag 'crypto-fixes-pull-request' of https://gitlab.com/berrange/qemu into staging

* Remove deprecated 'loaded' property from crypto objects
* Fix error checking of hash function in gcrypt
* Perform runtime check for hash functions in gcrypt
* Add SM3 hash function to pbkdf

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmcqZpkACgkQvobrtBUQ
# T992Gg//TMfrdS8CtjzCMSDbPuGu4NSkNa0nm3vnz6KOyOoZ7MYDjhWFXux0xckG
# cetuWBPQR/prQorzVje2ojEa3aUWQ4AxOn6xbHg1bXl+nCLB2iu9RcKy0vc/pZ2i
# mFI3HIFyZjETJ/9NXgy7fZFTNmiMAucYwtxfHXwcvRXHH8cBGIwiXpAWpAOo2pXd
# iS90PDxxd20anykuHBmN9RSXcLTaEqT5pIMCowqPVh0vwdnLVi+5UpYrwR6JYIG7
# GxsnoXXl5aB786gEL0M2p4XTfJs0zESVMAt2sjxD8gtVDERd87x1cCHLkuVnb3GS
# HtHdxRT4TeUjwvYStU9lNpHT3wC1vGaU8x7SBKZ9VensbR+OERWlkdJGRixXc9FT
# 1RyRfJzUbCk7wjJFfNmhMvEaE8sSvhxIc1JVQVCDBxqpMYTFOmLZqhD0vpcxkyot
# go1+y0+6wlxjw2/JlOG0CDDDnYwOpRCETYTHm0G0/Gm4izu/YQOGqCC/0YA+mOhX
# Gkg230gj2BzWYFvU7iGotEY3yWN6qRN06+GRlImDSNmFr6FdEzc8u5ZvDtVuq3++
# SwvbKQ7N0sJbzmWCyB9/rNiJMu5723VW9phCmRwcUBp79fVYJpH+QOHmZixoqBf7
# oKUYxhRhzCiQQaxWG7E8Um7sDjk0LTYf29W0tebCSZuRqSnVHGM=
# =tzW1
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 05 Nov 2024 18:40:25 GMT
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* tag 'crypto-fixes-pull-request' of https://gitlab.com/berrange/qemu:
crypto: perform runtime check for hash/hmac support in gcrypt
crypto: fix error check on gcry_md_open
crypto: Introduce SM3 hash hmac pbkdf algorithm
crypto: purge 'loaded' property that was not fully removed

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

crypto: purge 'loaded' property that was not fully removed

The 'loaded' property on TLS creds and secret objects was marked as
deprecated in 6.0.0. In 7.1.0 the deprecation info was moved into
the '

crypto: purge 'loaded' property that was not fully removed

The 'loaded' property on TLS creds and secret objects was marked as
deprecated in 6.0.0. In 7.1.0 the deprecation info was moved into
the 'removed-features.rst' file, but the property was not actually
removed, just made read-only. This was a highly unusual practice,
so finish the long overdue removal job.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

Merge tag 'hw-misc-20240820' of https://github.com/philmd/qemu into staging

Various fixes

- Null pointer dereference in IPI IOCSR (Jiaxun)
- Correct '-smbios type=4' in man page (Heinrich)
- Use co

Merge tag 'hw-misc-20240820' of https://github.com/philmd/qemu into staging

Various fixes

- Null pointer dereference in IPI IOCSR (Jiaxun)
- Correct '-smbios type=4' in man page (Heinrich)
- Use correct MMU index in MIPS get_pte (Phil)
- Reset MPQEMU remote message using device_cold_reset (Peter)
- Update linux-user MIPS CPU list (Phil)
- Do not let exec_command read console if no pattern to wait for (Nick)
- Remove shadowed declaration warning (Pierrick)
- Restrict STQF opcode to SPARC V9 (Richard)
- Add missing Kconfig dependency for POWERNV ISA serial port (Bernhard)
- Do not allow vmport device without i8042 PS/2 controller (Kamil)
- Fix QCryptoTLSCredsPSK leak (Peter)

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmbDzAsACgkQ4+MsLN6t
# wN7SvBAAwM0Frtg4ZKDZQu8XgMjLq1xVoSWjC3YJZKTpyGap5gO+7StvHg0sf9iB
# YyGqocCO+qdj9a7pTSasfGDyufpwoIZkOqkwGUWKBos76cOcHWt4e/gkl9O65Lf1
# VVKX4/xdY+a5w2eVAAdWWrYdaPWkKLm0ZZXKoeSIvN4R9A41j7J4kANhE2SweczF
# NnTt2gBnSlpRzghlVWPJKhnq+aYbvLeR7ApdNGUJDpSI1ZTh9gH1GtZFwBN7aeDo
# PvDucoui0EmuyHTVdOYOH3zihTfzKlNZECcT3Y6/6i8y5p7jLHyINHHexsKw6T56
# i5RidJMPTfM0EO6LU1GvUN5FzZy24zXOf298Fe/GMYczQsOznQd4+aFHYPb3d4hZ
# 8Vc1wB1s8XF5WGj+7bchBAUdynUnbwUqfMOb2pMXLIm21pSDnOTVgmYMnp1Kt4AA
# 9WbHiS6tUJf/HjQsep8BBNGUiVSsUPDNNhL8QN43u2C0NgNRPgtRuIV+ytgVXS1G
# 2t1QiRX0lX4ACHmw88agUCU3OhorumuDOpoitQK5jn2VutT7TqbGgibkQMFSgn9E
# Xwrmtlf7nYU9MVgXYJjH2bBh7wbOmQCqbHniEj0targkxccAMJoswG4vtKsP9zkd
# tBs6qMiZ8qSj5eoq8JBRF8bF4tONmboPZjRlboACJ0kTD5wCElA=
# =lPMG
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Aug 2024 08:49:47 AM AEST
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]

* tag 'hw-misc-20240820' of https://github.com/philmd/qemu:
crypto/tlscredspsk: Free username on finalize
hw/i386/pc: Ensure vmport prerequisites are fulfilled
hw/i386/pc: Unify vmport=auto handling
hw/ppc/Kconfig: Add missing SERIAL_ISA dependency to POWERNV machine
target/sparc: Restrict STQF to sparcv9
contrib/plugins/execlog: Fix shadowed declaration warning
tests/avocado: Mark ppc_hv_tests.py as non-flaky after fixed console interaction
tests/avocado: exec_command should not consume console output
linux-user/mips: Select Loongson CPU for Loongson binaries
linux-user/mips: Select MIPS64R2-generic for Rel2 binaries
linux-user/mips: Select Octeon68XX CPU for Octeon binaries
linux-user/mips: Do not try to use removed R5900 CPU
hw/remote/message.c: Don't directly invoke DeviceClass:reset
hw/dma/xilinx_axidma: Use semicolon at end of statement, not comma
target/mips: Load PTE as DATA
target/mips: Use correct MMU index in get_pte()
target/mips: Pass page table entry size as MemOp to get_pte()
qemu-options.hx: correct formatting -smbios type=4
hw/mips/loongson3_virt: Fix condition of IPI IOCSR connection
hw/mips/loongson3_virt: Store core_iocsr into LoongsonMachineState

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

crypto/tlscredspsk: Free username on finalize

When the creds->username property is set we allocate memory
for it in qcrypto_tls_creds_psk_prop_set_username(), but
we never free this when the QCrypto

crypto/tlscredspsk: Free username on finalize

When the creds->username property is set we allocate memory
for it in qcrypto_tls_creds_psk_prop_set_username(), but
we never free this when the QCryptoTLSCredsPSK is destroyed.
Free the memory in finalize.

This fixes a LeakSanitizer complaint in migration-test:

$ (cd build/asan; ASAN_OPTIONS="fast_unwind_on_malloc=0" QTEST_QEMU_BINARY=./qemu-system-x86_64 ./tests/qtest/migration-test --tap -k -p /x86_64/migration/precopy/unix/tls/psk)

=================================================================
==3867512==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 5 byte(s) in 1 object(s) allocated from:
#0 0x5624e5c99dee in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qemu-system-x86_64+0x218edee) (BuildId: a9e623fa1009a9435c0142c037cd7b8c1ad04ce3)
#1 0x7fb199ae9738 in g_malloc debian/build/deb/../../../glib/gmem.c:128:13
#2 0x7fb199afe583 in g_strdup debian/build/deb/../../../glib/gstrfuncs.c:361:17
#3 0x5624e82ea919 in qcrypto_tls_creds_psk_prop_set_username /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../crypto/tlscredspsk.c:255:23
#4 0x5624e812c6b5 in property_set_str /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object.c:2277:5
#5 0x5624e8125ce5 in object_property_set /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object.c:1463:5
#6 0x5624e8136e7c in object_set_properties_from_qdict /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object_interfaces.c:55:14
#7 0x5624e81372d2 in user_creatable_add_type /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object_interfaces.c:112:5
#8 0x5624e8137964 in user_creatable_add_qapi /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object_interfaces.c:157:11
#9 0x5624e891ba3c in qmp_object_add /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/qom-qmp-cmds.c:227:5
#10 0x5624e8af9118 in qmp_marshal_object_add /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qapi/qapi-commands-qom.c:337:5
#11 0x5624e8bd1d49 in do_qmp_dispatch_bh /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qapi/qmp-dispatch.c:128:5
#12 0x5624e8cb2531 in aio_bh_call /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/async.c:171:5
#13 0x5624e8cb340c in aio_bh_poll /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/async.c:218:13
#14 0x5624e8c0be98 in aio_dispatch /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/aio-posix.c:423:5
#15 0x5624e8cba3ce in aio_ctx_dispatch /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/async.c:360:5
#16 0x7fb199ae0d3a in g_main_dispatch debian/build/deb/../../../glib/gmain.c:3419:28
#17 0x7fb199ae0d3a in g_main_context_dispatch debian/build/deb/../../../glib/gmain.c:4137:7
#18 0x5624e8cbe1d9 in glib_pollfds_poll /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/main-loop.c:287:9
#19 0x5624e8cbcb13 in os_host_main_loop_wait /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/main-loop.c:310:5
#20 0x5624e8cbc6dc in main_loop_wait /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/main-loop.c:589:11
#21 0x5624e6f3f917 in qemu_main_loop /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../system/runstate.c:801:9
#22 0x5624e893379c in qemu_default_main /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../system/main.c:37:14
#23 0x5624e89337e7 in main /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../system/main.c:48:12
#24 0x7fb197972d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#25 0x7fb197972e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#26 0x5624e5c16fa4 in _start (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qemu-system-x86_64+0x210bfa4) (BuildId: a9e623fa1009a9435c0142c037cd7b8c1ad04ce3)

SUMMARY: AddressSanitizer: 5 byte(s) leaked in 1 allocation(s).

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20240819145021.38524-1-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>

show more ...

Merge tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu into staging

pull: crypto and io queue

* Many LUKS header robustness checks
* Fix TLS PSK error reporting
* Enable LUKS cre

Merge tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu into staging

pull: crypto and io queue

* Many LUKS header robustness checks
* Fix TLS PSK error reporting
* Enable LUKS creation on macOS
* Report useful errnos from seccomp
* I/O chanel Windows portability fix

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmNawAcACgkQvobrtBUQ
# T9/pWA/9FXE6kvkv9YQhb/h1rMALO1aLKqUG/jWKP/mzqqLpDKHxxPin/nw8RYff
# xyHt5mC7t1g7a8FFMlXxFHw1WE9o46j3tQg2IokWlX2ossYaZQx+BVv4s1zjTxcK
# KPVKWoEqN5sfa2T7gUGbfZ+dH9LSZ29DRT+GrO9YEvjdSg0yUKHXPetjw6iw5OVT
# GuI22xOVKbuCBf7PW/nvUe/6prxAfc7IavvAusrdkMFXymcys87q7ZCxGYEsDxyC
# vUkLdAoB9kcjwvmU+sZl9WhjasRQkUxW8zCToKea4TSS1fp5pgVL0TT4x7yq7ts4
# nqnaqiSTBfRda62lF64A9lM91K7hbDqPC33FkCNKWJGsQAYIFvdVJdqJsvZHUr1/
# 3KyHkXMsyzRfGnT7MHK+GpwcgvTupBP8ceiyYq28CLNAKXpXb6vmJIsIAdF3UaYi
# N320ogiU3iRmkqdbbbGTpBB40UQvQvdbmqKTTDmigLdpDL2TLzAqfpu1zepg+7xE
# wcXoPM9ZcRSwM7i9QyPMtjharCTeVR/QPlUN9agDGOlzNpUahIC5YrmCVKXNunnE
# M259Ytyb6ymaMrsHgshW1gJP3327N/lIOp5yLLHEzgLM1xAGOaDP83FsF8JA/Zsd
# f1he75N3KbDPYhgrdfFfitcO8F8zvhK3AqyqNDPCpJKVSeKKqFE=
# =qrzm
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 27 Oct 2022 13:29:43 EDT
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu:
crypto: add test cases for many malformed LUKS header scenarios
crypto: ensure LUKS tests run with GNUTLS crypto provider
crypto: quote algorithm names in error messages
crypto: split off helpers for converting LUKS header endianess
crypto: split LUKS header definitions off into file
crypto: check that LUKS PBKDF2 iterations count is non-zero
crypto: strengthen the check for key slots overlapping with LUKS header
crypto: validate that LUKS payload doesn't overlap with header
crypto: enforce that key material doesn't overlap with LUKS header
crypto: enforce that LUKS stripes is always a fixed value
crypto: sanity check that LUKS header strings are NUL-terminated
tests: avoid DOS line endings in PSK file
crypto: check for and report errors setting PSK credentials
scripts: check if .git exists before checking submodule status
seccomp: Get actual errno value from failed seccomp functions
io/channel-watch: Fix socket watch on Windows
io/channel-watch: Drop the unnecessary cast
io/channel-watch: Drop a superfluous '#ifdef WIN32'
util/qemu-sockets: Use g_get_tmp_dir() to get the directory for temporary files
crypto/luks: Support creating LUKS image on Darwin

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...

crypto: check for and report errors setting PSK credentials

If setting credentials fails, the handshake will later fail to complete
with an obscure error message which is hard to diagnose.

Reviewed

crypto: check for and report errors setting PSK credentials

If setting credentials fails, the handshake will later fail to complete
with an obscure error message which is hard to diagnose.

Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* fix WHPX debugging
* misc qga-vss fixes
* remove the deprecated CPU model 'Icelake-Client'
* support for x86 architectural

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* fix WHPX debugging
* misc qga-vss fixes
* remove the deprecated CPU model 'Icelake-Client'
* support for x86 architectural LBR
* remove deprecated properties
* replace deprecated -soundhw with -audio

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmJ/hZ4UHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroN2Igf/bFs+yluOikt0eFNmXYnshrGBWPXr
# oam0iumPox34vTzZnjpSjF6tJGxHWOgi+wbgIvbwOYHA/ONxx8akW580j+1VhEWa
# X29VyUzjZBffgFtmlF4fM74/ELYm7s4c1a1/D9TpVP6Dr0fSWbMujbx4dfeVstvf
# sONN+A8sVxaNdV9QKPE6BvqfMlPLoCiigrOetf6iY1KuUtkQDF8xDB0MdzdutqAQ
# szAtQ0rrzjxDx9EuGN1SECFM1/riDUbtOOoA9g2C7gGKrx3/iUc6pzrkIcAfWLFK
# xXbH7+6Wynia0cbUxnrvRdY4daMIxm4N3wUvN7szXgF9kxYxeQcsdgGsNA==
# =n4lu
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 14 May 2022 03:34:06 AM PDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [undefined]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (23 commits)
configure: remove duplicate help messages
configure: remove another dead variable
build: remove useless dependency
introduce -audio as a replacement for -soundhw
soundhw: move help handling to vl.c
soundhw: unify initialization for ISA and PCI soundhw
soundhw: extract soundhw help to a separate function
soundhw: remove ability to create multiple soundcards
rng: make opened property read-only
crypto: make loaded property read-only
target/i386: Support Arch LBR in CPUID enumeration
target/i386: introduce helper to access supported CPUID
target/i386: Enable Arch LBR migration states in vmstate
target/i386: Add MSR access interface for Arch LBR
target/i386: Add XSAVES support for Arch LBR
target/i386: Enable support for XSAVES based features
target/i386: Add kvm_get_one_msr helper
target/i386: Add lbr-fmt vPMU option to support guest LBR
qdev-properties: Add a new macro with bitmask check for uint64_t property
i386/cpu: Remove the deprecated cpu model 'Icelake-Client'
...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

crypto: make loaded property read-only

The ``loaded=on`` option in the command line or QMP ``object-add`` either had
no effect (if ``loaded`` was the last option) or caused options to be
effectively

crypto: make loaded property read-only

The ``loaded=on`` option in the command line or QMP ``object-add`` either had
no effect (if ``loaded`` was the last option) or caused options to be
effectively ignored as if they were not given. The property is therefore
useless and was deprecated in 6.0; make it read-only now.

The patch is best reviewed with "-b".

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/berrange-gitlab/tags/tls-deps-pull-request' into staging

Hide build time dependancy on gnutls fom non-crypto code

# gpg: Signature made Wed 30 Jun 2021 12:18:4

Merge remote-tracking branch 'remotes/berrange-gitlab/tags/tls-deps-pull-request' into staging

Hide build time dependancy on gnutls fom non-crypto code

# gpg: Signature made Wed 30 Jun 2021 12:18:47 BST
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* remotes/berrange-gitlab/tags/tls-deps-pull-request:
crypto: Make QCryptoTLSCreds* structures private
ui/vnc: Use qcrypto_tls_creds_check_endpoint()
migration/tls: Use qcrypto_tls_creds_check_endpoint()
chardev/socket: Use qcrypto_tls_creds_check_endpoint()
qemu-nbd: Use qcrypto_tls_creds_check_endpoint()
block/nbd: Use qcrypto_tls_creds_check_endpoint()
crypto/tlscreds: Introduce qcrypto_tls_creds_check_endpoint() helper

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

crypto: Make QCryptoTLSCreds* structures private

Code consuming the "crypto/tlscreds*.h" APIs doesn't need
to access its internals. Move the structure definitions to
the "tlscredspriv.h" private hea

crypto: Make QCryptoTLSCreds* structures private

Code consuming the "crypto/tlscreds*.h" APIs doesn't need
to access its internals. Move the structure definitions to
the "tlscredspriv.h" private header (only accessible by
implementations). The public headers (in include/) still
forward-declare the structures typedef.

Note, tlscreds.c and 3 of the 5 modified source files already
include "tlscredspriv.h", so only add it to tls-cipher-suites.c
and tlssession.c.

Removing the internals from the public header solves a bug
introduced by commit 7de2e856533 ("yank: Unregister function
when using TLS migration") which made migration/qemu-file-channel.c
include "io/channel-tls.h", itself sometime depends on GNUTLS,
leading to a build failure on OSX:

[2/35] Compiling C object libmigration.fa.p/migration_qemu-file-channel.c.o
FAILED: libmigration.fa.p/migration_qemu-file-channel.c.o
cc -Ilibmigration.fa.p -I. -I.. -Iqapi [ ... ] -o libmigration.fa.p/migration_qemu-file-channel.c.o -c ../migration/qemu-file-channel.c
In file included from ../migration/qemu-file-channel.c:29:
In file included from include/io/channel-tls.h:26:
In file included from include/crypto/tlssession.h:24:
include/crypto/tlscreds.h:28:10: fatal error: 'gnutls/gnutls.h' file not found
#include <gnutls/gnutls.h>
^~~~~~~~~~~~~~~~~
1 error generated.

Reported-by: Stefan Weil <sw@weilnetz.de>
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/407
Fixes: 7de2e856533 ("yank: Unregister function when using TLS migration")
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/berrange-gitlab/tags/misc-fixes-pull-request' into staging

* Replace --enable/disable-git-update with --with-git-submodules
to allow improved control over use

Merge remote-tracking branch 'remotes/berrange-gitlab/tags/misc-fixes-pull-request' into staging

* Replace --enable/disable-git-update with --with-git-submodules
to allow improved control over use of git submodules
* Deprecate the -enable-fips option
* Ensure docs use prefer format for bool options
* Clarify platform support rules
* Misc fixes to keymap conversions
* Fix misc problems on macOS

# gpg: Signature made Fri 29 Jan 2021 17:10:13 GMT
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* remotes/berrange-gitlab/tags/misc-fixes-pull-request:
tests: Replace deprecated ASN1 code
tests: Fix runtime error in test-authz-pam
ui: update keycodemapdb submodule commit
crypto: Add spaces around operator
configure: replace --enable/disable-git-update with --with-git-submodules
docs: fix missing backslash in certtool shell example
docs: simplify and clarify the platform support rules
Prefer 'on' | 'off' over 'yes' | 'no' for bool options
os: deprecate the -enable-fips option and QEMU's FIPS enforcement
crypto: Fix memory leaks in set_loaded for tls-*
crypto: Forbid broken unloading of secrets
crypto: Move USER_CREATABLE to secret_common base class
crypto: Fix some code style problems, add spaces around operator

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

crypto: Fix memory leaks in set_loaded for tls-*

If you set the loaded property to true when it was already true, the
state is overwritten without freeing the old state first. Change the
set_loaded

crypto: Fix memory leaks in set_loaded for tls-*

If you set the loaded property to true when it was already true, the
state is overwritten without freeing the old state first. Change the
set_loaded callback so that it always frees the old state (which is a
no-op if nothing was loaded) and only then load if requestsd.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2020-07-07-v2' into staging

Error reporting patches patches for 2020-07-07

# gpg: Signature made Fri 10 Jul 2020 14:24:42 BST
# gpg:

Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2020-07-07-v2' into staging

Error reporting patches patches for 2020-07-07

# gpg: Signature made Fri 10 Jul 2020 14:24:42 BST
# gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-error-2020-07-07-v2: (53 commits)
xen: Use ERRP_GUARD()
nbd: Use ERRP_GUARD()
virtio-9p: Use ERRP_GUARD()
fw_cfg: Use ERRP_GUARD()
pflash: Use ERRP_GUARD()
sd: Use ERRP_GUARD()
scripts: Coccinelle script to use ERRP_GUARD()
error: New macro ERRP_GUARD()
hmp: Ignore Error objects where the return value suffices
qdev: Ignore Error objects where the return value suffices
qemu-img: Ignore Error objects where the return value suffices
error: Avoid error_propagate() after migrate_add_blocker()
qapi: Purge error_propagate() from QAPI core
qapi: Smooth visitor error checking in generated code
qapi: Smooth another visitor error checking pattern
block/parallels: Simplify parallels_open() after previous commit
error: Reduce unnecessary error propagation
error: Eliminate error_propagate() manually
error: Eliminate error_propagate() with Coccinelle, part 2
error: Eliminate error_propagate() with Coccinelle, part 1
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

qom: Put name parameter before value / visitor parameter

The object_property_set_FOO() setters take property name and value in
an unusual order:

void object_property_set_FOO(Object *obj, FOO_TY

qom: Put name parameter before value / visitor parameter

The object_property_set_FOO() setters take property name and value in
an unusual order:

void object_property_set_FOO(Object *obj, FOO_TYPE value,
const char *name, Error **errp)

Having to pass value before name feels grating. Swap them.

Same for object_property_set(), object_property_get(), and
object_property_parse().

Convert callers with this Coccinelle script:

@@
identifier fun = {
object_property_get, object_property_parse, object_property_set_str,
object_property_set_link, object_property_set_bool,
object_property_set_int, object_property_set_uint, object_property_set,
object_property_set_qobject
};
expression obj, v, name, errp;
@@
- fun(obj, v, name, errp)
+ fun(obj, name, v, errp)

Chokes on hw/arm/musicpal.c's lcd_refresh() with the unhelpful error
message "no position information". Convert that one manually.

Fails to convert hw/arm/armsse.c, because Coccinelle gets confused by
ARMSSE being used both as typedef and function-like macro there.
Convert manually.

Fails to convert hw/rx/rx-gdbsim.c, because Coccinelle gets confused
by RXCPU being used both as typedef and function-like macro there.
Convert manually. The other files using RXCPU that way don't need
conversion.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200707160613.848843-27-armbru@redhat.com>
[Straightforwad conflict with commit 2336172d9b "audio: set default
value for pcspk.iobase property" resolved]

show more ...

Merge remote-tracking branch 'remotes/armbru/tags/pull-qom-2020-05-15' into staging

QOM patches for 2020-05-15

# gpg: Signature made Fri 15 May 2020 06:58:29 BST
# gpg: using RSA key

Merge remote-tracking branch 'remotes/armbru/tags/pull-qom-2020-05-15' into staging

QOM patches for 2020-05-15

# gpg: Signature made Fri 15 May 2020 06:58:29 BST
# gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qom-2020-05-15: (21 commits)
hw: Remove unnecessary DEVICE() cast
various: Remove unnecessary OBJECT() cast
target: Remove unnecessary CPU() cast
qom: Drop @errp parameter of object_property_del()
spapr_pci: Drop some dead error handling
qdev: Unrealize must not fail
Drop more @errp parameters after previous commit
qom: Drop parameter @errp of object_property_add() & friends
qdev: Clean up qdev_connect_gpio_out_named()
hw/arm/bcm2835: Drop futile attempts at QOM-adopting memory
e1000: Don't run e1000_instance_init() twice
hw/isa/superio: Make the components QOM children
s390x/cpumodel: Fix UI to CPU features pcc-cmac-{aes,eaes}-256
tests/check-qom-proplist: Improve iterator coverage
qom: Drop object_property_set_description() parameter @errp
qom: Make all the object_property_add_FOO() return the property
qom: Drop convenience method object_property_get_uint16List()
qom: Simplify object_property_get_enum()
qom: Drop object_property_del_child()'s unused parameter @errp
qom: Clean up inconsistent use of gchar * vs. char *
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

qom: Drop parameter @errp of object_property_add() & friends

The only way object_property_add() can fail is when a property with
the same name already exists. Since our property names are all
hardc

qom: Drop parameter @errp of object_property_add() & friends

The only way object_property_add() can fail is when a property with
the same name already exists. Since our property names are all
hardcoded, failure is a programming error, and the appropriate way to
handle it is passing &error_abort.

Same for its variants, except for object_property_add_child(), which
additionally fails when the child already has a parent. Parentage is
also under program control, so this is a programming error, too.

We have a bit over 500 callers. Almost half of them pass
&error_abort, slightly fewer ignore errors, one test case handles
errors, and the remaining few callers pass them to their own callers.

The previous few commits demonstrated once again that ignoring
programming errors is a bad idea.

Of the few ones that pass on errors, several violate the Error API.
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call. ich9_pm_add_properties(), sparc32_ledma_realize(),
sparc32_dma_realize(), xilinx_axidma_realize(), xilinx_enet_realize()
are wrong that way.

When the one appropriate choice of argument is &error_abort, letting
users pick the argument is a bad idea.

Drop parameter @errp and assert the preconditions instead.

There's one exception to "duplicate property name is a programming
error": the way object_property_add() implements the magic (and
undocumented) "automatic arrayification". Don't drop @errp there.
Instead, rename object_property_add() to object_property_try_add(),
and add the obvious wrapper object_property_add().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-15-armbru@redhat.com>
[Two semantic rebase conflicts resolved]

show more ...

Merge remote-tracking branch 'remotes/berrange/tags/autofree-pull-request' into staging

require newer glib2 to enable autofree'ing of stack variables exiting scope

* Bump minium glib2 version to 2.

Merge remote-tracking branch 'remotes/berrange/tags/autofree-pull-request' into staging

require newer glib2 to enable autofree'ing of stack variables exiting scope

* Bump minium glib2 version to 2.48
* Convert much of the crypto code to use automatic memory free functions

# gpg: Signature made Thu 22 Aug 2019 11:51:59 BST
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/autofree-pull-request:
crypto: use auto cleanup for many stack variables
crypto: define cleanup functions for use with g_autoptr
glib: bump min required glib library version to 2.48

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

crypto: use auto cleanup for many stack variables

Simplify cleanup paths by using glib's auto cleanup macros for stack
variables, allowing several goto jumps / labels to be eliminated.

Reviewed-by:

crypto: use auto cleanup for many stack variables

Simplify cleanup paths by using glib's auto cleanup macros for stack
variables, allowing several goto jumps / labels to be eliminated.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/berrange/tags/misc-next-pull-request' into staging

Merge misc fixes

A collection of patches I have fixing crypto code and other pieces
without an assigned main

Merge remote-tracking branch 'remotes/berrange/tags/misc-next-pull-request' into staging

Merge misc fixes

A collection of patches I have fixing crypto code and other pieces
without an assigned maintainer

* Fixes crypto function signatures to be compatible with
both old and new versions of nettle
* Fixes deprecation warnings on new nettle
* Fixes GPL license header typos
* Documents security implications of monitor usage
* Optimize linking of capstone to avoid it in tools

# gpg: Signature made Fri 19 Jul 2019 14:24:37 BST
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/misc-next-pull-request:
crypto: Fix LGPL information in the file headers
doc: document that the monitor console is a privileged control interface
configure: only link capstone to emulation targets
crypto: fix function signatures for nettle 2.7 vs 3
crypto: switch to modern nettle AES APIs

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

crypto: Fix LGPL information in the file headers

It's either "GNU *Library* General Public License version 2" or "GNU
Lesser General Public License version *2.1*", but there was no "version
2.0" of

crypto: Fix LGPL information in the file headers

It's either "GNU *Library* General Public License version 2" or "GNU
Lesser General Public License version *2.1*", but there was no "version
2.0" of the "Lesser" license. So assume that version 2.1 is meant here.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/armbru/tags/pull-misc-2019-06-11-v3' into staging

Miscellaneous patches for 2019-06-11

# gpg: Signature made Wed 12 Jun 2019 12:20:41 BST
# gpg:

Merge remote-tracking branch 'remotes/armbru/tags/pull-misc-2019-06-11-v3' into staging

Miscellaneous patches for 2019-06-11

# gpg: Signature made Wed 12 Jun 2019 12:20:41 BST
# gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-misc-2019-06-11-v3:
MAINTAINERS: Polish headline decorations
MAINTAINERS: Improve section headlines
MAINTAINERS: Remove duplicate entries of qemu-devel@nongnu.org
Clean up a header guard symbols (again)
Supply missing header guards
Clean up a few header guard symbols
scripts/clean-header-guards: Fix handling of trailing comments
Normalize position of header guard
Include qemu-common.h exactly where needed
Include qemu/module.h where needed, drop it from qemu-common.h
qemu-common: Move qemu_isalnum() etc. to qemu/ctype.h
qemu-common: Move tcg_enabled() etc. to sysemu/tcg.h

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

Include qemu/module.h where needed, drop it from qemu-common.h

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190523143508.25387-4-armbru@redhat.com>
[Rebased with conflicts res

Include qemu/module.h where needed, drop it from qemu-common.h

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190523143508.25387-4-armbru@redhat.com>
[Rebased with conflicts resolved automatically, except for
hw/usb/dev-hub.c hw/misc/exynos4210_rng.c hw/misc/bcm2835_rng.c
hw/misc/aspeed_scu.c hw/display/virtio-vga.c hw/arm/stm32f205_soc.c;
ui/cocoa.m fixed up]

show more ...

Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-next-pull-request' into staging

Add support for PSK credentials with TLS

# gpg: Signature made Tue 03 Jul 2018 13:04:51 BST
# gpg:

Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-next-pull-request' into staging

Add support for PSK credentials with TLS

# gpg: Signature made Tue 03 Jul 2018 13:04:51 BST
# gpg: using RSA key BE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/qcrypto-next-pull-request:
crypto: Implement TLS Pre-Shared Keys (PSK).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

crypto: Implement TLS Pre-Shared Keys (PSK).

Pre-Shared Keys (PSK) is a simpler mechanism for enabling TLS
connections than using certificates. It requires only a simple secret
key:

$ mkdir -m 0

crypto: Implement TLS Pre-Shared Keys (PSK).

Pre-Shared Keys (PSK) is a simpler mechanism for enabling TLS
connections than using certificates. It requires only a simple secret
key:

$ mkdir -m 0700 /tmp/keys
$ psktool -u rjones -p /tmp/keys/keys.psk
$ cat /tmp/keys/keys.psk
rjones:d543770c15ad93d76443fb56f501a31969235f47e999720ae8d2336f6a13fcbc

The key can be secretly shared between clients and servers. Clients
must specify the directory containing the "keys.psk" file and a
username (defaults to "qemu"). Servers must specify only the
directory.

Example NBD client:

$ qemu-img info \
--object tls-creds-psk,id=tls0,dir=/tmp/keys,username=rjones,endpoint=client \
--image-opts \
file.driver=nbd,file.host=localhost,file.port=10809,file.tls-creds=tls0,file.export=/

Example NBD server using qemu-nbd:

$ qemu-nbd -t -x / \
--object tls-creds-psk,id=tls0,endpoint=server,dir=/tmp/keys \
--tls-creds tls0 \
image.qcow2

Example NBD server using nbdkit:

$ nbdkit -n -e / -fv \
--tls=on --tls-psk=/tmp/keys/keys.psk \
file file=disk.img

Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

show more ...