aboutsummaryrefslogtreecommitdiff
path: root/ui/vnc.c
AgeCommit message (Collapse)Author
2014-10-28vnc: return directly if no vnc client connectedChenLiang
graphic_hw_update and vnc_refresh_server_surface aren't need to do when no vnc client connected. It can reduce lock contention, because vnc_refresh will hold global big lock two millisecond every three seconds. Signed-off-by: ChenLiang <chenliang88@huawei.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-10-28vnc: sanitize bits_per_pixel from the clientPetr Matousek
bits_per_pixel that are less than 8 could result in accessing non-initialized buffers later in the code due to the expectation that bytes_per_pixel value that is used to initialize these buffers is never zero. To fix this check that bits_per_pixel from the client is one of the values that the rfb protocol specification allows. This is CVE-2014-7815. Signed-off-by: Petr Matousek <pmatouse@redhat.com> [ kraxel: apply codestyle fix ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-17ui/vnc: set TCP_NODELAYPeter Lieven
we currently have the Nagle algorithm enabled for all outgoing VNC updates. This may delay sensitive updates as mouse movements or typing in the console. As we currently prepare all data in a buffer and then send as much as we can disabling the Nagle algorithm should not cause big trouble. Well established VNC servers like TightVNC set TCP_NODELAY as well. A regular framebuffer update request generates exactly one framebuffer update which should be pushed out as fast as possible. Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-25vnc update fixGerd Hoffmann
We need to remember has_updates for each vnc client. Otherwise it might happen that vnc_update_client(has_dirty=1) takes the first exit due to output buffers not being flushed yet and subsequent calls with has_dirty=0 take the second exit, wrongly assuming there is nothing to do because the work defered in the first call is ignored. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Lieven <pl@kamp.de>
2014-07-25fix full frame updates for VNC clientsStephan Kulow
If the client asks for !incremental frame updates, it has lost its content so dirty doesn't matter - it has to see the full frame, so setting force_update Signed-off-by: Stephan Kulow <coolo@suse.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Lieven <pl@kamp.de>
2014-07-01ui/vnc: fix potential memory corruption issuesPeter Lieven
this patch makes the VNC server work correctly if the server surface and the guest surface have different sizes. Basically the server surface is adjusted to not exceed VNC_MAX_WIDTH x VNC_MAX_HEIGHT and additionally the width is rounded up to multiple of VNC_DIRTY_PIXELS_PER_BIT. If we have a resolution whose width is not dividable by VNC_DIRTY_PIXELS_PER_BIT we now get a small black bar on the right of the screen. If the surface is too big to fit the limits only the upper left area is shown. On top of that this fixes 2 memory corruption issues: The first was actually discovered during playing around with a Windows 7 vServer. During resolution change in Windows 7 it happens sometimes that Windows changes to an intermediate resolution where server_stride % cmp_bytes != 0 (in vnc_refresh_server_surface). This happens only if width % VNC_DIRTY_PIXELS_PER_BIT != 0. The second is a theoretical issue, but is maybe exploitable by the guest. If for some reason the guest surface size is bigger than VNC_MAX_WIDTH x VNC_MAX_HEIGHT we end up in severe corruption since this limit is nowhere enforced. Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-01ui/vnc: limit client_cut_text msg payload sizePeter Lieven
currently a malicious client could define a payload size of 2^32 - 1 bytes and send up to that size of data to the vnc server. The server would allocated that amount of memory which could easily create an out of memory condition. This patch limits the payload size to 1MB max. Please note that client_cut_text messages are currently silently ignored. Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-23qapi event: convert VNC eventsWenchao Xia
Since VNC_CONNECTED, VNC_DISCONNECTED, VNC_INITIALIZED share some common functions, convert them in one patch. Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23qapi: adjust existing definesWenchao Xia
In order to let event defines use existing types later, instead of redefine new ones, some old type defines for spice and vnc are changed, and BlockErrorAction is moved from block.h to qapi schema. Note that BlockErrorAction is not merged with BlockdevOnError. At this point, VncInfo is not made a child of VncBasicInfo, because VncBasicInfo has mandatory fields where VncInfo makes them optional. Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-19vnc: fix screen updatesGerd Hoffmann
Bug was added by 38ee14f4f33f8836fc0e209ca59c6ae8c6edf380. vnc_jobs_join call is missing in one code path. Reported-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-19vnc: Drop superfluous conditionals around g_strdup()Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-19vnc: Drop superfluous conditionals around g_free()Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-04input/vnc: use kbd delays in press_keyGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-02vnc: add trace events for key eventsGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-02vnc: refuse to set a password with VNC_AUTH_NONEGerd Hoffmann
Current code silently changes the authentication settings in case you try to set a password without password authentication turned on. This is bad. Return an error instead. If we want allow changing auth settings at runtime this should be done explicitly using a separate monitor command, not as side effect of set_passwd. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-25vnc: Remove default_mon usageCole Robinson
These errors don't seem user initiated, so forcibly printing to the monitor doesn't seem right. Just use error_report. Cc: Anthony Liguori <aliguori@amazon.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-03-18ui/vnc: fix vmware VGA incompatiblitiesPeter Lieven
this fixes invalid rectangle updates observed after commit 12b316d with the vmware VGA driver. The issues occured because the server and client surface update seems to be out of sync at some points and the max width of the surface is not dividable by VNC_DIRTY_BITS_PER_PIXEL (16). Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-10ui/vnc: disable adaptive update calculations if not neededPeter Lieven
Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-10ui/vnc: optimize setting in vnc_dpy_update()Peter Lieven
Signed-off-by: Peter Lieven <pl@kamp.de> Reviewed-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-10ui/vnc: optimize clearing in find_and_clear_dirty_height()Peter Lieven
The following artifical test (just the bitmap operation part) running vnc_update_client 65536 times on a 2560x2048 surface illustrates the performance difference: All bits clean - vnc_update_client_new: 0.07 secs vnc_update_client_new2: 0.07 secs vnc_update_client_old: 10.98 secs All bits dirty - vnc_update_client_new: 11.26 secs - vnc_update_client_new2: 0.29 secs vnc_update_client_old: 20.19 secs Few bits dirty - vnc_update_client_new: 0.07 secs - vnc_update_client_new2: 0.07 secs vnc_update_client_old: 10.98 secs vnc_update_client_new2 shows the performance of vnc_update_client with this patch added. Comparing with the test run of the last patch the performance is at least unchanged while it is significantly improved for the all bits dirty case. Signed-off-by: Peter Lieven <pl@kamp.de> Reviewed-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-10ui/vnc: optimize dirty bitmap trackingPeter Lieven
vnc_update_client currently scans the dirty bitmap of each client bitwise which is a very costly operation if only few bits are dirty. vnc_refresh_server_surface does almost the same. this patch optimizes both by utilizing the heavily optimized function find_next_bit to find the offset of the next dirty bit in the dirty bitmaps. The following artifical test (just the bitmap operation part) running vnc_update_client 65536 times on a 2560x2048 surface illustrates the performance difference: All bits clean - vnc_update_client_new: 0.07 secs vnc_update_client_old: 10.98 secs All bits dirty - vnc_update_client_new: 11.26 secs vnc_update_client_old: 20.19 secs Few bits dirty - vnc_update_client_new: 0.08 secs vnc_update_client_old: 10.98 secs The case for all bits dirty is still rather slow, this is due to the implementation of find_and_clear_dirty_height. This will be addresses in a separate patch. Signed-off-by: Peter Lieven <pl@kamp.de> Reviewed-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-10ui/vnc: derive cmp_bytes from VNC_DIRTY_PIXELS_PER_BITPeter Lieven
this allows for setting VNC_DIRTY_PIXELS_PER_BIT to different values than 16 if desired. Reviewed-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com> Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-10ui/vnc: introduce VNC_DIRTY_PIXELS_PER_BIT macroPeter Lieven
Signed-off-by: Peter Lieven <pl@kamp.de> Reviewed-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-10vnc: fix use-after-free in vnc_update_client_syncGerd Hoffmann
Spotted by Coverity: 876 static int vnc_update_client_sync(VncState *vs, int has_dirty) 877 { (1) Event freed_arg: "vnc_update_client(VncState *, int)" frees "vs". [details] Also see events: [deref_arg] 878 int ret = vnc_update_client(vs, has_dirty); (2) Event deref_arg: Calling "vnc_jobs_join(VncState *)" dereferences freed pointer "vs". [details] Also see events: [freed_arg] 879 vnc_jobs_join(vs); 880 return ret; 881 } Remove vnc_update_client_sync wrapper, replace it with an additional argument to vnc_update_client, so we can so the sync properly in vnc_update_client (i.e. skip it in case of a client disconnect). Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
2014-03-05input: mouse: switch vnc ui to new coreGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-05input: keyboard: switch vnc ui to new coreGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-06-21vnc: use booleans for vnc_connect, vnc_listen_read and vnc_display_add_clientMichael Tokarev
Some arguments to these functions are booleans - either by declaration, or by actual usage, but sometimes value of 0 or 1 is passed for a bool, and sometimes it is declared as int but a bool value, or true/false, is passed to it instead. Clean it up a bit. Cc: liguang <lig.fnst@cn.fujitsu.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2013-05-15vnc: Make ledstate comparison before modifiers updatedLei Li
The ledstate should be compared before modifiers updated, otherwise the ledstate would be the same as current_led_state. Reported-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Message-id: 1368606040-11950-1-git-send-email-lilei@linux.vnet.ibm.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-05-03TLS support for VNC WebsocketsTim Hardeck
Added TLS support to the VNC QEMU Websockets implementation. VNC-TLS needs to be enabled for this feature to be used. The required certificates are specified as in case of VNC-TLS with the VNC parameter "x509=<path>". If the server certificate isn't signed by a rooth authority it needs to be manually imported in the browser because at least in case of Firefox and Chrome there is no user dialog, the connection just gets canceled. As a side note VEncrypt over Websocket doesn't work atm because TLS can't be stacked in the current implementation. (It also didn't work before) Nevertheless to my knowledge there is no HTML 5 VNC client which supports it and the Websocket connection can be encrypted with regular TLS now so it should be fine for most use cases. Signed-off-by: Tim Hardeck <thardeck@suse.de> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Message-id: 1366727581-5772-1-git-send-email-thardeck@suse.de Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-29vnc: Adjust lock state sync logic with VNC_FEATURE_LED_STATELei Li
Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Message-id: 1366867752-11578-4-git-send-email-lilei@linux.vnet.ibm.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-29vnc: Support for LED state extensionLei Li
Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Message-id: 1366867752-11578-3-git-send-email-lilei@linux.vnet.ibm.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-29vnc: Add SCROLL lock key to kbd_ledsLei Li
Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Message-id: 1366867752-11578-2-git-send-email-lilei@linux.vnet.ibm.com Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-25console: zap ds arg from register_displaychangelistenerGerd Hoffmann
We don't have multiple DisplayStates any more, so passing it in as argument is not needed. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-16console: add qemu_console_is_*Gerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-16console: gui timer fixesGerd Hoffmann
Make gui update rate adaption code in gui_update() actually work. Sprinkle in a tracepoint so you can see the code at work. Remove the update rate adaption code in vnc and make vnc simply use the generic bits instead. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-16console: rename vga_hw_*, add QemuConsole paramGerd Hoffmann
Add QemuConsole parameter to vga_hw_*, so the interface allows to update non-active consoles (the actual code can't handle this yet, see next patch). Passing NULL is allowed and updates the active console, like the functions do today. While touching all vga_hw_* calls anyway rename that to the functions to hardware-neutral graphics_hw_* Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-02oslib-posix: rename socket_set_nonblock() to qemu_set_nonblock()Stefan Hajnoczi
The fcntl(fd, F_SETFL, O_NONBLOCK) flag is not specific to sockets. Rename to qemu_set_nonblock() just like qemu_set_cloexec(). Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2013-03-18console: zap displaystate from dcl callbacksGerd Hoffmann
Now that nobody depends on DisplayState in DisplayChangeListener callbacks any more we can remove the parameter from all callbacks. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18vnc: stop using DisplayStateGerd Hoffmann
Rework DisplayStateListener callbacks to not use the DisplayState any more. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18console: rework DisplaySurface handling [dcl/ui side]Gerd Hoffmann
Replace the dpy_gfx_resize and dpy_gfx_setdata DisplayChangeListener callbacks with a dpy_gfx_switch callback which notifies the ui code when the framebuffer backing storage changes. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18console: kill DisplayState->opaqueGerd Hoffmann
It's broken by design. There can be multiple DisplayChangeListener instances, so they simply can't store state in the (single) DisplayState struct. Try 'qemu -display gtk -vnc :0', watch it crash & burn. With DisplayChangeListenerOps having a more sane interface now we can simply use the DisplayChangeListener pointer to get access to our private data instead. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18console: fix displaychangelisteners interfaceGerd Hoffmann
Split callbacks into separate Ops struct. Pass DisplayChangeListener pointer as first argument to all callbacks. Uninline a bunch of display functions and move them from console.h to console.c Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-01-21vnc: fix possible uninitialized removalsTim Hardeck
Some VncState values are not initialized before the Websocket handshake. If it fails QEMU segfaults during the cleanup. To prevent this behavior intialization checks are added. Signed-off-by: Tim Hardeck <thardeck@suse.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-01-21vnc: added initial websocket protocol supportTim Hardeck
This patch adds basic Websocket Protocol version 13 - RFC 6455 - support to QEMU VNC. Binary encoding support on the client side is mandatory. Because of the GnuTLS requirement the Websockets implementation is optional (--enable-vnc-ws). To activate Websocket support the VNC option "websocket"is used, for example "-vnc :0,websocket". The listen port for Websocket connections is (5700 + display) so if QEMU VNC is started with :0 the Websocket port would be 5700. As an alternative the Websocket port could be manually specified by using ",websocket=<port>" instead. Parts of the implementation base on Anthony Liguori's QEMU Websocket patch from 2010 and on Joel Martin's LibVNC Websocket implementation. Signed-off-by: Tim Hardeck <thardeck@suse.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-01-21vnc: added buffer_advance functionTim Hardeck
Following Anthony Liguori's Websocket implementation I have added the buffer_advance function to VNC and replaced all related buffer memmove operations with it. Signed-off-by: Tim Hardeck <thardeck@suse.de> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-12-19softmmu: move include files to include/sysemu/Paolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19misc: move include files to include/qemu/Paolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19qapi: move include files to include/qobject/Paolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-14pixman: fix vnc tight png/jpeg supportGerd Hoffmann
This patch adds an x argument to qemu_pixman_linebuf_fill so it can also be used to convert a partial scanline. Then fix tight + png/jpeg encoding by passing in the x+y offset, so the data is read from the correct screen location instead of the upper left corner. Cc: 1087974@bugs.launchpad.net Cc: qemu-stable@nongnu.org Reported-by: Tim Hardeneck <thardeck@suse.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-11-26vnc: fix option misspelling ("non-adapative" -> "non-adaptive")Catalin Patulea
Signed-off-by: Catalin Patulea <catalinp@google.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>