Next | Query returned 1 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2016-05-19 14:56:38 by Benny Siegert | Files touched by this commit (10)
Log message:
Pullup ticket #5016 - requested by sevan
emulators/qemu: security fix

Revisions pulled up:
- emulators/qemu/Makefile                                       1.149
- emulators/qemu/PLIST                                          1.46
- emulators/qemu/distinfo                                       1.115
- emulators/qemu/patches/patch-configure                        1.13
- emulators/qemu/patches/patch-default-configs_pci.mak          1.2
- emulators/qemu/patches/patch-hw_misc_ivshmem.c                1.1
- emulators/qemu/patches/patch-hw_ppc_mac__newworld.c           1.3
- emulators/qemu/patches/patch-hw_ppc_mac__oldworld.c           1.3
- emulators/qemu/patches/patch-memory.c                         1.10
- emulators/qemu/patches/patch-slirp_tcp__subr.c                1.7

---
   Module Name:    pkgsrc
   Committed By:   ryoon
   Date:           Sun May 15 01:25:15 UTC 2016

   Modified Files:
           pkgsrc/emulators/qemu: Makefile PLIST distinfo
           pkgsrc/emulators/qemu/patches: patch-configure
               patch-default-configs_pci.mak patch-hw_ppc_mac__newworld.c
               patch-hw_ppc_mac__oldworld.c patch-memory.c patch-slirp_tcp__subr.c
   Added Files:
           pkgsrc/emulators/qemu/patches: patch-hw_misc_ivshmem.c

   Log message:
   Update to 2.6.0

   Changelog:
   System emulation
   Incompatible changes

       The aio=native option to "-drive" now requires the cache=none \ 
option, instead of silently disabling itself for other cache modes. The newly \ 
invalid combination had been warning since QEMU 2.3.
       Specifying block device parameter aio=native is now an error on POSIX \ 
systems if qemu is compiled without libaio support. The newly invalid \ 
combination had been warning since QEMU 2.3.
       The experimental x-drive option for the sdhci-pci device has been \ 
removed. Instead of passing a drive directly to the SD controller device you now \ 
must create an SD card object (which will
   automatically be plugged into the SD controller), so "-device \ 
sdhci-pci,x-drive=mydrive -drive id=mydrive,[...]" becomes "-device \ 
sdhci-pci -device sd-card,drive=mydrive -drive id=mydrive,[...]".
       The s390-virtio machine has been removed.
       Machine types pc-q35-1.4, pc-q35-1.5, pc-q35-1.6, pc-q35-1.7, pc-q35-2.0, \ 
pc-q35-2.1, pc-q35-2.2 and pc-q35-2.3 have been removed.
       The "virt" machine type's flash device has changed when \ 
TrustZone is active ("-machine virt,secure=on"). The first flash \ 
device is only available in secure memory, while the second is available
   in non-secure memory too.

   Future incompatible changes

       Three options are using different names on the command line and in \ 
configuration file. In particular:
           The "acpi" configuration file section matches command-line \ 
option "acpitable";
           The "boot-opts" configuration file section matches \ 
command-line option "boot";
           The "smp-opts" configuration file section matches \ 
command-line option "smp".

       -readconfig will standardize on the name for the command line option.

       Behavior of automatic calculation of SMP topology when some SMP topology \ 
options for -smp are omitted (sockets, cores, threads) will change in the \ 
future. If guest ABI needs to be preserved on
   upgrades while using the SMP topology options, users should either set set \ 
all options explicitly (sockets, cores, threads), or omit all of them.
       The original qcow2 image encryption is fatally flawed, and support for it \ 
will be disabled entirely from the system emulators. It'll remain available only \ 
in command line tools qemu-img, qemu-io,
   qemu-nbd to facilitate data liberation. It is recommended to use 'qemu-img \ 
convert' to convert qcow2 encrypted images to uncrypted ones. The new LUKS \ 
encryption driver can provide a secure
   replacement if raw files are acceptable, while a future release will \ 
integrate luks into qcow2 natively.
       A few devices will be configured with explicit properties instead of \ 
implicitly. Unlikely to affect users; for the full list, see the 2.3 ChangeLog.
       QMP command blockdev-add is still a work in progress. It doesn't support \ 
all block drivers, it lacks a matching blockdev-del, and more. It might change \ 
incompatibly.

   ARM

       Support for a separate EL3 address space
       System mode supports BE8 and BE32. Note that qemu-system-arm can emulate \ 
both big-endian and little-endian guests (unlike user-mode emulation which has \ 
separate qemu-arm and qemu-armeb binaries).
       Support for the SETEND instruction, used most notably on Raspbian through \ 
the arm-mem library (previously known as libcofi).
       Faster boot thanks to DMA support in fw_cfg
       The "virt" machine type supports a virtual power button and the \ 
"system_powerdown" monitor command
       The "virt" machine type supports configuring network cards with \ 
-nic in addition to -netdev
       The RAM limit for the "virt" machine type is now 255GB
       The "xlnz-zynqmp" machine type now includes SPI controllers
       The "xlnx-ep108" machine type now supports SPI flash
       New partial Raspberry Pi 2 emulation with "raspi2" machine \ 
type. For now, it can boot older releases of Windows and Raspbian, but lacks a \ 
number of devices including USB.
       New palmetto-bmc machine type using the new, partial ASPEED AST2400 SoC \ 
implementation

   KVM

       Support for guest debugging (software and hardware breakpoints, single \ 
step) on AArch64

   MIPS

       Support for FPU and MSA in KVM guests
       Support for R6 Virtual Processors
       Initial support for Cluster Power Controller and Global Configuration \ 
Registers allowing the guest to control the start of Virtual Processors
       Support for Inter-Thread Communication Unit
       Support for MAAR registers in P5600 CPU

   PowerPC

       Improved support for migration of g3beige and mac99 machines
       Fix serial ports for g3beige and mac99 machines (OpenBIOS)
       The gdb stub supports the VSX instruction set extensions

   pSeries

       pSeries machine types starting at pseries-2.6 use XHCI as the USB host \ 
controller instead of OHCI
       Support for more hypercalls (H_SET_SPRG0, H_SET_DABR, H_SET_XDABR and \ 
H_PAGE_INIT)
       Support for EEH on assigned PCI devices can use the normal \ 
spapr-pci-host-bridge instead of the special spapr-pci-vfio-host-bridge.

   s390

       Fixes and improvements in s390x PCI support
       Support for hotplug of s390x cpus via cpu-add
       Support for booting from virtio-scsi devices in the s390-ccw bios

   SH
   SPARC

       sun4m: Fix for ldstub instruction resolves several 32-bit Solaris bugs \ 
(MUTEX_HELD hang, libC error, Java WebStart segfault)
       sun4u: FreeBSD 10.3+ can now run under qemu-system-sparc64 in -nographic mode

   TileGX
   Tricore

       Support for context management, illegal opcode and opd traps
       Support for FPU instructions

   x86
   TCG

       Support for the XSAVE/XSAVEOPT, MPX, FSGSBASE and PKE features

   KVM

       Support for "split irqchip". In this mode, QEMU emulates the \ 
IOAPIC, PIC (i8259) and PIT (i8254) devices while leaving the local APIC \ 
emulation to the kernel. This mode reduces the attack surface
   of KVM.
       Support for the new PKU feature found in some Skylake processors
       Support for migrating the TSC rate

   Xen
   Q35

       Support resume (S3)
       Support for legacy Windows guests (XP/2003)

   Device emulation and assignment

       New IPMI emulation subsystem. QEMU can now emulate an internal BMC or \ 
attach to an external BMC simulator such as OpenIPMI's lanserv. IPMI however is \ 
not yet exposed in SMBIOS and ACPI tables (do
   we want to docume?)
       FIXME: what's the state of nvdimm?

   ACPI

       The floppy disk controller's characteristics are now exposed in the ACPI \ 
tables, which makes it possible to use floppies on Windows together with UEFI \ 
firmware.

   Block devices

       The floppy disk consk or an empty disk to a 2.88 MB disk
       Improved compatibility of the SD device model with various operating \ 
systems and firmwares
       The NVMe device supports the "bootindex" property.
       The SDHCI device supports reset.

    ivshmem

       No longer available on hosts lacking eventfd(2), because inter-vm \ 
interrupts don't work there
       New devices ivshmem-plain and ivshmem-doorbell, fully backwards \ 
compatible for guests, notable differences to ivshmem:
           PCI revision is 1 instead of 0
           ivshmem role=master becomes master=on, role=peer becomes master=off
           ivshmem x-memdev=ID becomes ivshmem-plain memdev=ID
           ivshmem shm=NAME,size=SZ becomes ivshmem-plain memdev=ID, with \ 
-object memory-backend-file,id=ID,mem-path=/dev/mem/NAME,size=SZ,share
           ivshmem chardev=ID becomes ivshmem-doorbell,chardev=ID
           Property ioeventfd defaults to on instead of off
           ivshmem-plain never has MSI-X capability, and ivshmem-doorbell always \ 
has MSI-X capability
       Device ivshmem is deprecated, and its experimental property x-memdev is gone
       Interrupting a peer that reuses an unplugged peer's ID works again \ 
(broken in v1.2.0)
       Unplug no longer destroys the character device, for consistency with \ 
other devices
       The funny "no shared memory, yet" state is no longer \ 
guest-visible, and can no longer fail or mess up migration
           Guests may require PCI revision 1 to make sure they're not exposed to \ 
the funny state
       docs/specs/ivshmem-spec.txt rewritten for completeness and accuracy.

   SCSI

       Support for the LSI SAS1068 HBA (also known as "MPT Fusion"). \ 
Note that some operating systems will not recognize disks attached to this \ 
adapter, unless the disks are assigned a world-wide name
   (WWN).

   PCI/PCIe

       PCIe Multi-root support (using the new pxb-pcie root-compex)

   USB

       MTP: initial support for events

   VFIO

       Support for AMD XGBE platform passthrough
       New sysfsdev property provides a more general way to specify the device \ 
to attach to.
       Provided PCI option ROMs are fixed to include the same vendor and device \ 
id as the device exposed to the guest. This facilitates changing the ids of the \ 
devices.

   virtio

       Performance improvements via optimized vring accesses
       The balloon driver statistics now include the amount of available memory \ 
(corresponding to "Available" in /proc/meminfo for Linux guests).

   Character devices

       The socket character device backend can now enable TLS over TCP \ 
connections, acting either as a TLS server:

   $QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
         -chardev socket,id=s0,host=127.0.0.1,port=9000,tls-creds=tls0,server \
         -device isa-serial,chardev=s0 \
         ...other args...

   or a TLS client:

   $QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
         -chardev socket,id=s0,host=127.0.0.1,port=9000,tls-creds=tls0 \
         -device isa-serial,chardev=s0 \
         ...other args...

   If operating in server mode, the same set of TLS credentials can be used for \ 
both character devices and the VNC server

       All character devices can have their output logged to a plain file

   $QEMU -chardev stdio,id=mon0,logfile=monitor.log \
         -mon chardev=mon0 \
         ...other args...

   will result in logging of all output on the HMP monitor. The logappend \ 
parameter controls whether the file is truncated at startup, defaulting to \ 
append.
   GUI

       SDL2 and SPICE now support OpenGL and virgl. For SPICE, Unix sockets are \ 
the only usable transport when OpenGL is enabled.
       The "-vnc" and "-display vnc" options support \ 
ipv4=off and ipv6=off. Previously, only "ipv4" and "ipv6" \ 
were available.
       Support getting input events directly from linux evdev devices, using \ 
"-object input-linux,id=$name,evdev=/dev/input/event$nr"
       Support for ncurses on Windows.

   Monitor

       Support for a new "detach" option to \ 
"dump-guest-memory". The option dumps memory in the background. \ 
Progress can be queried using the new commands "info dump" (human \ 
monitor) and "query-dump"
   (QMP), as well as through the QMP event DUMP_COMPLETED.
       Support for a new command "input-send-event" replacing the \ 
previous experimental command "x-input-send-event".
       The human monitor command "drive_add -n" allows creating block \ 
devices that do not have a BlockBackend (similar to QMP blockdev-add).

   Migration

       Postcopy is not experimental anymore; the x-postcopy-ram capability was \ 
renamed to postcopy-ram.

   Network

       SLIRP now supports IPv6 for ICMP, UDP, TCP and TFTP.
       mirror filter which can mirror traffic from netdev to socket chardev, \ 
vice versa.
       redirector filter which can redirect traffic from netdev to socket \ 
chardev, vice versa.

   Secret passing system

   There is a new standard mechanism for securely passing secret credentials to \ 
QEMU, which will be used in combination with other subsystems. For example, \ 
network block device passwords, block device
   decryption passphrases, or TLS private key passwords can all use the same \ 
mechanism.

       Passing credentials inline (insecure, only for developer testing)

   $QEMU -object secret,id=sec0,data=letmein

       Passing credentials via a plain file

   $QEMU -object secret,id=sec0,file=mypassword.txt

       Passing credentials via a base64 encoded file

   $QEMU -object secret,id=sec0,file=mypassword.txt,format=base64

       Passing credentials inline, encrypted with a master key (recommended for \ 
management apps)

    $QEMU -object secret,id=master0,file=mykey.b64,format=base64 \
          -object secret,id=sec0,data=[base64 ciphertext],\
                  keyid=master0,iv=[base64 IV],format=base64

   TLS credential handling

   It is now possible to use encrypted TLS private keys with credentials for TLS \ 
servers/clients in QEMU. The password for unlocking the private key is provided \ 
by a secret object whose id is specified
   via the passwordid' property

   $QEMU -object secret,id=tlskey0,file=mypassword.txt \
         -object \ 
tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server,passwordid=tlskey0 \ 
\
         ...other args...

   Block devices

       Block device throttling now support specifying a burst length as well. \ 
While previously the burst could only be specified as a total number of IOPS \ 
(e.g. 10000 IOPS), more complex specifications
   such as "10000 IOPS for 10 seconds" are now possible. Note that, \ 
because of the implementation of the algorithm, a guest that is allowed \ 
"10000 IOPS for 10 seconds" will also be allowed to perform
   for example 5000 IOPS for 20 seconds.
       The curl block device driver now supports HTTP authentication and HTTP \ 
proxy authentication via the new properties 'username', 'password-secret', \ 
'proxy-username' and 'proxy-password-secret'.

   $QEMU -object secret,id=sec0,file=password.txt \
         -object secret,id=sec1,file=proxy-password.txt \
         -drive \ 
driver=http,host=localhost,port=443,username=fred,password-secret=sec0,proxy-username=bob,proxy-password-secret=sec1 \ 
\
         ...other args...

       The RBD block device driver can now use the secret object type to \ 
securely receive the authentication password without exposing it in the command \ 
line args

   $QEMU -object secret,id=sec0,file=password.b64,format=base64 \
         -drive \ 
driver=rbd,filename=rbd:pool/image:id=myname:auth_supported=cephx,password-secret=sec0 \ 
\
         ...other args...

       The iSCSI block device driver can now use the secret object type to \ 
securely receive the authentication password without exposing it in the command \ 
line args

   $QEMU -object secret,id=sec0,file=password.txt \
         -iscsi user=fred,password-secret=sec0 \
         -drive \ 
file=iscsi://192.168.122.1:3260/iqn.2013-12.com.example%3Aiscsi-chap-netpool/1

   NB this syntax requires that all iSCSI backed drives use the same password

       The qemu-io tool gained support for new '--object' and '--image-opts' \ 
arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to \ 
be defined for use in association with a
   block device backend. The '--image-opts' argument instructs qemu-io to parse \ 
the image string as a set of image options, instead of a plain filename. For \ 
example, to connect qemu-io to an NBD server
   using TLS

   qemu-io -c "read 0 512" \
           --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
           --image-opts driver=nbd,host=localhost,port=10809,tls-creds=tls0

       The qemu-nbd tool gained support for new '--object' and '--image-opts' \ 
arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to \ 
be defined for use in association with a
   block device backend or the NBD server. The '--image-opts' argument instructs \ 
qemu-io to parse the image string as a set of image options, instead of a plain \ 
filename. For example, to connect
   qemu-nbd to an HTTP server with authentication and export it over NBD using TLS

   qemu-nbd --readonly \
            --object secret,id=sec0,file=passwd.txt \
            --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
            --image-opts \ 
driver=http,url=http://some.random.host/some/image,username=fred,password-secret=sec0

       The qemu-img tool gained support for new '--object' and '--image-opts' \ 
arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to \ 
be defined for use in association with a
   block device backend or the NBD server. The '--image-opts' argument instructs \ 
qemu-io to parse the image string as a set of image options, instead of a plain \ 
filename. For example, to a remote HTTP
   server with authentication

   qemu-img info --object secret,id=sec0,file=passwd.txt \
                 --image-opts \ 
driver=http,url=http://some.random.host/some/image,username=fred,password-secret=sec0

       Support for deleting snapshots on Sheepdog devices.
       The NBD client and server now support use of TLS. When enabled, the \ 
server will mandate that the client also enable TLS and drop any client which \ 
attempts to continue in plain text. To run a
   qemu-nbd server with TLS:

   qemu-nbd --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
            --tls-creds tls0 \
            /path/to/disk/image

   To connect to a server that requires TLS with qemu-img:

   qemu-img info --object \ 
tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
                 --image-opts driver=nbd,host=localhost,port=10809,tls-creds=tls0

   To start a VM pointing to the NBD server

   $QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
         -drive driver=nbd,host=localhost,port=10809,tls-creds=tls0 \
         ...other args...

       The NBD server gained support for specifying an export name. When the \ 
client negotiates use of the new style NBD protocol the default export name is \ 
"". The --exportname argument allows this to
   be customized:

   qemu-nbd --exportname myvol  /path/to/myvol.qcow2

       QEMU gained support for volumes formatted with the LUKSv1 data format. To \ 
format a new LUKS volume

   qemu-img create -f luks \
                   --object secret,id=sec0,file=passphrase.txt \
                   -o key-secret=sec0 \
                   demo.luks 10G

   To boot a guest from a LUKS volume:

   $QEMU -object secret,id=sec0,file=passphrase.txt \
         -drive driver=luks,key-secret=sec0,file=demo.luks \
         ...other args...

   The LUKS implementation is intended to be compatible with that used by \ 
cryptsetup/dm-crypt, so it should be possible to use disk images interchangeably \ 
between them. The only caveat is that some less
   common cipher/hash algorithms are not yet supported by QEMU. It is also not \ 
yet possible to manage key-slots with qemu-img.
   TCG

       Record/replay support extended to cover character devices.

   Tracing

       The "stderr" tracing backend was replaced by the \ 
"log" tracing backend, which is now the default. This backend prints \ 
tracing messages to the destination specified with the "-D" option.
       In addition to the existing "-trace file=...", tracepoints can \ 
be enabled using "-trace [enable=]...". The new option also supports \ 
globbing, as in "-trace bdrv_aio_*".
       In addition to the existing "-trace file=...", tracepoints can \ 
be enabling using "-d trace:...". This option also supports globbing, \ 
as in "-d trace:bdrv_aio_*".
       When using "-daemonize", the "-D" option also \ 
provides the file to which QEMU's stderr output will be redirected.
       TCG supports a new "-dfilter" option to limit exec, out_asm, op \ 
and op_opt logging to a range of guest physical addresses. ARM also applies the \ 
filter to in_asm logging; this will be extended to
   other targets in future releases (FIXME: probably should do it now instead...)
       A "%d" substring in the log file name is replaced with QEMU's pid.

   User-mode emulation

       The default CPU for ppc64 and ppc64le is now POWER8

Next | Query returned 1 messages, browsing 1 to 10 | previous