On 2/15/19 5:25 PM, Paul Durrant wrote:
> The if() statement is clearly bogus (dead code which should have been
> cleaned up when grant mapping was removed).
"... was removed in 06454c24ad)."
>
> Spotted by Coverity: CID 1398635
>
> While in the neighbourhood, add a missing 'fall through' annot
On 23.01.19 11:33, Stefan Hajnoczi wrote:
> The previous patch includes the LUKS payload overhead into the qemu-img
> measure calculation for qcow2. Update qemu-iotests 178 to exercise this
> new code path.
>
> Reviewed-by: Max Reitz
> Reviewed-by: Philippe Mathieu-Daudé
> Signed-off-by: Stefan
On 23.01.19 11:33, Stefan Hajnoczi wrote:
> LUKS encryption reserves clusters for its own payload data. The size of
> this area must be included in the qemu-img measure calculation so that
> we arrive at the correct minimum required image size.
>
> (Ab)use the qcrypto_block_create() API to determ
On 14.02.19 00:24, Eric Blake wrote:
> On 2/13/19 4:53 PM, Max Reitz wrote:
>> The commit and mirror block nodes are filters, so they should be marked
>> as such.
>>
>> Signed-off-by: Max Reitz
>> Reviewed-by: Alberto Garcia
>> ---
>> block/commit.c | 2 ++
>> block/mirror.c | 2 ++
>> 2 files c
The various ACL related commands are obsolete now that the QAuthZ
framework for authorization is fully integrated throughout QEMU network
services. Mark it as deprecated with no replacement to be provided.
Authorization is now provided by using 'object_add' together with
the 'tls-authz' or 'sasl-a
From: "Daniel P. Berrange"
Currently any client which can complete the TLS handshake is able to use
a chardev server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509
certificate. This means the client will have to acquire a certific
From: "Daniel P. Berrange"
The QEMU instance that runs as the server for the migration data
transport (ie the target QEMU) needs to be able to configure access
control so it can prevent unauthorized clients initiating an incoming
migration. This adds a new 'tls-authz' migration parameter that is
From: "Daniel P. Berrange"
The VNC server has historically had support for ACLs to check both the
SASL username and the TLS x509 distinguished name. The VNC server was
responsible for creating the initial ACL, and the client app was then
responsible for populating it with rules using the HMP 'acl
v1: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg04482.html
v2: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg05727.html
v3: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg01639.html
This series builds on the core authorization framework:
v8: https://lists
From: "Daniel P. Berrange"
Currently any client which can complete the TLS handshake is able to use
the NBD server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509 certificate.
This means the client will have to acquire a certificat
mis-fire.
Ignore this one, I used the wrong base branch to git-publish and didn't
interrupt it quickly enough
Re-posted v4 with correct base.
On Fri, Feb 15, 2019 at 05:13:28PM +, Daniel P. Berrangé wrote:
> v1: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg04482.html
> v2: ht
From: "Daniel P. Berrange"
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.
First the client must create a QAuthZ object instance using the
'object-add' command:
{
'execute': 'object-add
The inotify userspace API for reading events is quite horrible, so it is
useful to wrap it in a more friendly API to avoid duplicating code
across many users in QEMU. Wrapping it also allows introduction of a
platform portability layer, so that we can add impls for non-Linux based
equivalents in fu
v1: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg04482.html
v2: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg05727.html
v3: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg01639.html
This series builds on the core authorization framework:
v8: https://lists
Am 15.02.2019 um 14:49 hat Alberto Garcia geschrieben:
> If there's an error in commit_start() then the block job must be
> deleted before replacing commit_top_bs, otherwise it will fail because
> of lack of permissions. This happens since the permission system was
> introduced in 8dfba2797761d8a43
On 14.02.19 03:35, Eric Blake wrote:
> On 12/3/18 11:52 AM, Max Reitz wrote:
>> This new error option allows users of blkdebug to inject errors only on
>> certain kinds of I/O operations. Users usually want to make a very
>> specific operation fail, not just any; but right now they simply hope
>>
On 2/15/19 7:12 AM, Eric Blake wrote:
> On 2/15/19 7:03 AM, Denis Plotnikov wrote:
>> Adds a fast path on aio context setting preventing
>> unnecessary context setting routine.
>> Also, it prevents issues with cyclic walk of child
>> bds-es appeared because of registering aio walking
>> notifiers:
Am 15.02.2019 um 14:03 hat Denis Plotnikov geschrieben:
> Adds a fast path on aio context setting preventing
> unnecessary context setting routine.
> Also, it prevents issues with cyclic walk of child
> bds-es appeared because of registering aio walking
> notifiers:
>
> Call stack:
>
> 0 __GI_ra
On 14.02.19 03:25, Eric Blake wrote:
> On 2/13/19 4:53 PM, Max Reitz wrote:
>> What bs->file and bs->backing mean depends on the node. For filter
>> nodes, both signify a node that will eventually receive all R/W
>> accesses. For format nodes, bs->file contains metadata and data, and
>> bs->backi
Paul Durrant (3):
dataplane/xen-block: remove dead code
xen-block: remove redundant assignment
xen-block: report error condition from vbd_name_to_disk()
hw/block/dataplane/xen-block.c | 5 +
hw/block/xen-block.c | 24
2 files changed, 17 insertions(+)
The function needs to make sure it is passed a valid disk name. This is
easily done by making sure that the parsing loop results in a non-zero
value.
Spotted by Coverity: CID 1398640
Reported-by: Peter Maydell
Signed-off-by: Paul Durrant
---
Cc: Stefano Stabellini
Cc: Anthony Perard
Cc: Kevin
The if() statement is clearly bogus (dead code which should have been
cleaned up when grant mapping was removed).
Spotted by Coverity: CID 1398635
While in the neighbourhood, add a missing 'fall through' annotation.
Reported-by: Peter Maydell
Signed-off-by: Paul Durrant
---
Cc: Stefan Hajnoczi
The assignment to 'p' is unnecessary as the code will either goto 'invalid'
or p will get overwritten.
Spotted by Coverity: CID 1398638
Reported-by: Peter Maydell
Signed-off-by: Paul Durrant
---
Cc: Stefano Stabellini
Cc: Anthony Perard
Cc: Kevin Wolf
Cc: Max Reitz
---
hw/block/xen-block.c
If there's an error in commit_start() then the block job must be
deleted before replacing commit_top_bs, otherwise it will fail because
of lack of permissions. This happens since the permission system was
introduced in 8dfba2797761d8a43744e4e6571c8175e448a478.
Fortunately this bug doesn't seem to
On 2/15/19 7:03 AM, Denis Plotnikov wrote:
> Adds a fast path on aio context setting preventing
> unnecessary context setting routine.
> Also, it prevents issues with cyclic walk of child
> bds-es appeared because of registering aio walking
> notifiers:
> Signed-off-by: Denis Plotnikov
> ---
Rig
Adds a fast path on aio context setting preventing
unnecessary context setting routine.
Also, it prevents issues with cyclic walk of child
bds-es appeared because of registering aio walking
notifiers:
Call stack:
0 __GI_raise
1 __GI_abort
2 __assert_fail_base
3 __GI___assert_fail
4 bdrv_deta
On 15.02.2019 15:29, Eric Blake wrote:
> On 2/15/19 3:19 AM, Denis Plotnikov wrote:
>> Adds a fast path on aio context setting preventing
>> unnecessary context setting routine.
>> Also, it prevents issues with cyclic walk of child
>> bds-es appeared because of registring aio walking
>
> registe
On 2/15/19 3:19 AM, Denis Plotnikov wrote:
> Adds a fast path on aio context setting preventing
> unnecessary context setting routine.
> Also, it prevents issues with cyclic walk of child
> bds-es appeared because of registring aio walking
registering
> notifiers:
>
> This can happen because of
Adds a fast path on aio context setting preventing
unnecessary context setting routine.
Also, it prevents issues with cyclic walk of child
bds-es appeared because of registring aio walking
notifiers:
Call stack:
0 __GI_raise
1 __GI_abort
2 __assert_fail_base
3 __GI___assert_fail
4 bdrv_detac
On 08.02.2019 14:03, Kevin Wolf wrote:
> Am 24.01.2019 um 08:48 hat Denis Plotnikov geschrieben:
>> When there is a Backup Block Job running and shutdown command is sent to
>> a guest, the guest crushes due to assert(!bs->walking_aio_notifiers).
>>
>> Call stack:
>>
>> 0 __GI_raise
>> 1 __GI_ab
30 matches
Mail list logo