aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-03-11spiceaudio: port to -audiodev configKővágó, Zoltán
Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: 040d1241f29104ecfeecb26b0a14f0d042484fc5.1552083282.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11sdlaudio: port to -audiodev configKővágó, Zoltán
Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: 1dc596cba39378df862582a0b952e497a16c6c31.1552083282.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11paaudio: port to -audiodev configKővágó, Zoltán
Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: c74dc9c282075fba6928c40b2deae057fa0d4049.1552083282.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11ossaudio: port to -audiodev configKővágó, Zoltán
Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: 31c899f2f78e40fbc01f563ee4829c98debb68db.1552083282.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11noaudio: port to -audiodev configKővágó, Zoltán
Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: 0c35b1956ed1105244309a774c038816c040108c.1552083282.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11dsoundaudio: port to -audiodev configKővágó, Zoltán
Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: f25562cb88246b41c3e6380685a108fd341d5b50.1552083282.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11coreaudio: port to -audiodev configKővágó, Zoltán
Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: ba58f7e2501b1454b5e0f91c03aad416a404fc6a.1552083282.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11alsaaudio: port to -audiodev configKővágó, Zoltán
Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: 663d2c918a11ef44d4042e56c796d6dbf40be70c.1552083282.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11audio: -audiodev command line option basic implementationKővágó, Zoltán
Audio drivers now get an Audiodev * as config paramters, instead of the global audio_option structs. There is some code in audio/audio_legacy.c that converts the old environment variables to audiodev options (this way backends do not have to worry about legacy options). It also contains a replacement of -audio-help, which prints out the equivalent -audiodev based config of the currently specified environment variables. Note that backends are not updated and still rely on environment variables. Also note that (due to moving try-poll from global to backend specific option) currently ALSA and OSS will always try poll mode, regardless of environment variables or -audiodev options. Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: e99a7cbdac0d13512743880660b2032024703e4c.1552083282.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11audio: -audiodev command line option: documentationKővágó, Zoltán
This patch adds documentation of an -audiodev command line option, that deprecates the old QEMU_* environment variables for audio backend configuration. It's syntax is similar to existing options (-netdev, -device, etc): -audiodev driver_name,property=value,... Although now it's possible to specify multiple -audiodev options on command line, multiple audio backends are not supported yet. Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: ca5e761e58dcfaf591cf46080af3548551b42bb2.1552083282.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11audio: use qapi AudioFormat instead of audfmt_eKővágó, Zoltán
I had to include an enum for audio sampling formats into qapi, but that meant duplicating the audfmt_e enum. This patch replaces audfmt_e and associated values with the qapi generated AudioFormat enum. This patch is mostly a search-and-replace, except for switches where the qapi generated AUDIO_FORMAT_MAX caused problems. Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-id: 01251b2758a1679c66842120b77c0fb46d7d0eaf.1552083282.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11qapi: qapi for audio backendsKővágó, Zoltán
This patch adds structures into qapi to replace the existing configuration structures used by audio backends currently. This qapi will be the base of the -audiodev command line parameter (that replaces the old environment variables based config). This is not a 1:1 translation of the old options, I've tried to make them much more consistent (e.g. almost every backend had an option to specify buffer size, but the name was different for every backend, and some backends required usecs, while some other required frames, samples or bytes). Also tried to reduce the number of abbreviations used by the config keys. Some of the more important changes: * use `in` and `out` instead of `ADC` and `DAC`, as the former is more user friendly imho * moved buffer settings into the global setting area (so it's the same for all backends that support it. Backends that can't change buffer size will simply ignore them). Also using usecs, as it's probably more user friendly than samples or bytes. * try-poll is now an alsa backend specific option (as all other backends currently ignore it) Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-id: 5461b514dbf3e0bc31b0abb6498a9b3a008c271e.1552083282.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR UNPACK *David Hildenbrand
Combine all variant in a single handler. As source and destination have different element sizes, we can't use gvec expansion. Expand manually. Also watch out for overlapping source and destination registers. Use a safe evaluation order depending on the operation. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-33-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR STORE WITH LENGTHDavid Hildenbrand
Very similar to VECTOR LOAD WITH LENGTH, just the opposite direction. Properly probe write access before modifying memory. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-32-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR STORE MULTIPLEDavid Hildenbrand
Similar to VECTOR LOAD MULTIPLE, just the opposite direction. Probe write access first. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-31-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR STORE ELEMENTDavid Hildenbrand
As we only store one element, there is nothing to consider regarding exceptions. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-30-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR STOREDavid Hildenbrand
Properly probe the whole access first. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-29-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Provide probe_write_access helperDavid Hildenbrand
Instead of checking e.g. the first access on every touched page, we should check the actual access, otherwise we might get false positives when Low Address Protection (LAP) is active. As probe_write() can only deal with accesses to one page, we have to loop. Use i64 for the length, although not needed - easier to reuse TCG temps we already have in the translation functions where this will be used. Also allow it to be used from other helpers. Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-28-david@redhat.com> [CH: add missing page_check_range()] Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR SIGN EXTEND TO DOUBLEWORDDavid Hildenbrand
Load both elements signed and store them into the two 64 bit elements. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-27-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR SELECTDavid Hildenbrand
Provide an implementation based on i64 and on real host vectors. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-26-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR SCATTER ELEMENTDavid Hildenbrand
Similar to VECTOR GATHER ELEMENT, but the other direction. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-25-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR REPLICATE IMMEDIATEDavid Hildenbrand
Like VECTOR REPLICATE, but the element to be replicated comes from an immediate. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-24-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR REPLICATEDavid Hildenbrand
Replicate via the special gvec helper. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-23-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR PERMUTE DOUBLEWORD IMMEDIATEDavid Hildenbrand
Read the whole input before modifying the destination vector. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-22-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR PERMUTEDavid Hildenbrand
Take care of overlying inputs and outputs by using a temporary vector. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-21-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR PACK *David Hildenbrand
This is a big one. Luckily we only have a limited set of such nasty instructions. We'll implement all variants with helpers, except when sources and the destination don't overlap for VECTOR PACK. Provide different helpers when the cc is to be modified. We'll return the cc then via env->cc_op. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-20-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR MERGE (HIGH|LOW)David Hildenbrand
We cannot use gvec expansion as source and destination elements are have different element numbers. So we'll expand using a fancy loop. Also, we have to take care of overlapping source and destination registers, therefore use a safe evaluation irder depending on the operation. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-19-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR LOAD WITH LENGTHDavid Hildenbrand
We can reuse the helper introduced along with VECTOR LOAD TO BLOCK BOUNDARY. We just have to take care of converting the highest index into a length. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-18-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR LOAD VR FROM GRS DISJOINTDavid Hildenbrand
Fairly easy, just load from to gprs into a single vector. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-17-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR LOAD VR ELEMENT FROM GRDavid Hildenbrand
Very similar to VECTOR LOAD GR FROM VR ELEMENT, just the opposite direction. Also provide a fast path in case we don't care about the register content. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-16-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR LOAD TO BLOCK BOUNDARYDavid Hildenbrand
Very similar to LOAD COUNT TO BLOCK BOUNDARY, but instead of only calculating, the actual vector is loaded. Use a temporary vector to not modify the real vector on exceptions. Initialize that one to zero, to not leak any data. Provide a fast path if we're loading a full vector. As we don't have gvec ool handlers for single vectors, just calculate the vector address manually. We can reuse the helper later on for VECTOR LOAD WITH LENGTH. In fact, we are going to name it "vll" right from the beginning, because that's a better match. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-15-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR LOAD MULTIPLEDavid Hildenbrand
Try to load the last element first. Access to the first element will be checked afterwards. This way, we can guarantee that the vector is not modified before we checked for all possible exceptions. (16 vectors cannot cross more than two pages) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-14-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR LOAD LOGICAL ELEMENT AND ZERODavid Hildenbrand
Fairly easy, zero out the vector before we load the desired element. Load the element before touching the vector. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-13-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR LOAD GR FROM VR ELEMENTDavid Hildenbrand
To avoid an helper, we have to do the actual calculation of the element address (offset in cpu_env + cpu_env) manually. Factor that out into get_vec_element_ptr_i64(). The same logic will be reused for "VECTOR LOAD VR ELEMENT FROM GR". Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-12-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR LOAD ELEMENT IMMEDIATEDavid Hildenbrand
Take care of properly sign-extending the immediate. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-11-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR LOAD ELEMENTDavid Hildenbrand
Fairly easy, load with desired size and store it into the right element. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-10-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR LOAD AND REPLICATEDavid Hildenbrand
We can use tcg_gen_gvec_dup_i64() to carry out the duplication. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-9-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR LOADDavid Hildenbrand
When loading from memory, load both elements into temps first before modifying the target vector Loading with strange alingment from the end of the address space will not properly wrap, we can ignore that for now. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-8-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR GENERATE MASKDavid Hildenbrand
Add gen_gvec_dupi() for handling duplication of immediates, so it can be reused later. Reviewed-by: Richard Henderson <richard.henderson@linaro.org Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-7-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR GENERATE BYTE MASKDavid Hildenbrand
Let's optimize it for the common cases (setting a vector to zero or all ones) - courtesy of Richard. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-6-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Implement VECTOR GATHER ELEMENTDavid Hildenbrand
Let's start with a more involved one, but it is the first in the list of vector support instructions (introduced with the vector facility). Good thing is, we need a lot of basic infrastructure for this. Reading and writing vector elements as well as checking element validity. All vector instruction related translation functions will reside in translate_vx.inc.c, to be included in translate.c - similar to how other architectures handle it. While at it, directly add some documentation (which contains parts about things added in follow-up patches, but splitting this up does not make too much sense). Also add ES_* defines heavily used later. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-5-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Utilities for vector instruction helpersDavid Hildenbrand
We'll have to read/write vector elements quite frequently from helpers. The tricky bit is properly taking care of endianess. Handle it similar to aarch64. Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-4-david@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Check vector register instructions at central pointDavid Hildenbrand
Check them at a central point. We'll use a new instruction flag to flag all vector instructions (IF_VEC) and handle it very similar to AFP, whereby we use another unused position in the PSW mask to store the state of vector register enablement per translation block. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-3-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11s390x/tcg: Define vector instruction formatsDavid Hildenbrand
These are the new instruction formats related to vector instructions as up to the z14 (a.k.a. latest PoP). As v2 appeares (like x2 in VRX) with d2/b2 in VRV, we have to assign it a higher field number to avoid collisions. Properly take care of the MSB (to be able to address 32 registers) for each vector register field stored in the RXB field (Bit 36 - 30 for all vector instructions). As we have 32 bit vector registers and the "v" fields are only 4 bit in size, the 5th bit is stored in the RXB. We use a new type to indicate that the MSB has to be fetched from the RXB. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: David Hildenbrand <david@redhat.com> Message-Id: <20190307121539.12842-2-david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11target/s390x: Remove non-architected entries from struct LowCoreThomas Huth
There are some fields in our struct LowCore which apparently have been copied from a very old version of the Linux kernel. These fields are not architected in the "Principles of Operation", and only used on these memory locations in Linux kernels older than 2.6.29. Newer Linux kernels moved the entries to different locations or are not using them at all anymore. Thus we should never access these fields from the QEMU side, so they should be removed. While we're at it, also add a QEMU_BUILD_BUG_ON() statement to assert that struct LowCore has the right size. Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <1551775581-27989-1-git-send-email-thuth@redhat.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-03-11monitor: deprecate acl_show, acl_reset, acl_policy, acl_add, acl_removeDaniel P. Berrangé
The various ACL related commands are obsolete now that the QAuthZ framework for authorization is fully integrated throughout QEMU network services. These only ever worked with VNC and were never used by libvirt. Mark it as deprecated with no direct replacement to be provided. Authorization is now provided by using 'object_add' together with the 'tls-authz' or 'sasl-authz' parameters to the VNC server, and equivalent for other network services. Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 20190227145755.26556-3-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11vnc: allow specifying a custom authorization object nameDaniel P. Berrange
The VNC server has historically had support for ACLs to check both the SASL username and the TLS x509 distinguished name. The VNC server was responsible for creating the initial ACL, and the client app was then responsible for populating it with rules using the HMP 'acl_add' command. This is not satisfactory for a variety of reasons. There is no way to populate the ACLs from the command line, users are forced to use the HMP. With multiple network services all supporting TLS and ACLs now, it is desirable to be able to define a single ACL that is referenced by all services. To address these limitations, two new options are added to the VNC server CLI. The 'tls-authz' option takes the ID of a QAuthZ object to use for checking TLS x509 distinguished names, and the 'sasl-authz' option takes the ID of another object to use for checking SASL usernames. In this example, we setup two authorization rules. The first allows any client with a certificate issued by the 'RedHat' organization in the 'London' locality. The second ACL allows clients with either the 'joe@REDHAT.COM' or 'fred@REDHAT.COM' kerberos usernames. Both checks must pass for the user to be allowed. $QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\ endpoint=server,verify-peer=yes \ -object authz-simple,id=authz0,policy=deny,\ rules.0.match=O=RedHat,,L=London,rules.0.policy=allow \ -object authz-simple,id=authz1,policy=deny,\ rules.0.match=fred@REDHAT.COM,rules.0.policy=allow \ rules.0.match=joe@REDHAT.COM,rules.0.policy=allow \ -vnc 0.0.0.0:1,tls-creds=tls0,tls-authz=authz0, sasl,sasl-authz=authz1 \ ...other QEMU args... Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20190227145755.26556-2-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11vnc: fix update stallsGerd Hoffmann
vnc aborts display update jobs on video mode switches and page flips. That can cause vnc update stalls in case an unfinished vnc job gets aborted. The vnc client will never receive the requested update then. Fix that by copying the state from job_update back to update in that case. Reports complain about stalls with two or more clients being connected at the same time, on some but not all connections. I suspect it can also happen with a single connection, multiple connections only make this more much likely to happen. Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1662260 Reported-by: Ying Fang <fangying1@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Ying Fang <fangying1@huawei.com> Message-id: 20190305130930.24516-1-kraxel@redhat.com
2019-03-11curses: support wide inputSamuel Thibault
This makes use of wide curses functions instead of 8bit functions. This allows to type e.g. accented letters. Unfortunately, key codes are then returned with values that could be confused with wide characters by ncurses, so we need to add a maybe_keycode variable to know whether the returned value is a key code or a character (curses with wide support), or possibly both (curses without wide support). The translation tables thus also need to be separated into key code translation and character translation. The curses2foo helper makes it easier to use them. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Message-id: 20190304210532.7840-1-samuel.thibault@ens-lyon.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11Reduce curses escdelay from 1s to 25msSamuel Thibault
By default, curses will only report single ESC key event after 1s delay, since ESC is also used for keypad escape sequences. This however makes users believe that ESC is not working. Reducing to 25ms provides good user experience, while still allowing 25ms for keypad sequences to get in, which should be enough. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Message-Id: <20190303172557.17139-1-samuel.thibault@ens-lyon.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>