aboutsummaryrefslogtreecommitdiff
path: root/ui
AgeCommit message (Collapse)Author
2014-09-10spice: make sure we don't overflow ssd->bufGerd Hoffmann
Related spice-only bug. We have a fixed 16 MB buffer here, being presented to the spice-server as qxl video memory in case spice is used with a non-qxl card. It's also used with qxl in vga mode. When using display resolutions requiring more than 16 MB of memory we are going to overflow that buffer. In theory the guest can write, indirectly via spice-server. The spice-server clears the memory after setting a new video mode though, triggering a segfault in the overflow case, so qemu crashes before the guest has a chance to do something evil. Fix that by switching to dynamic allocation for the buffer. CVE-2014-3615 Cc: qemu-stable@nongnu.org Cc: secalert@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> (cherry picked from commit ab9509cceabef28071e41bdfa073083859c949a7) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2014-07-25vnc update fixGerd Hoffmann
We need to remember has_updates for each vnc client. Otherwise it might happen that vnc_update_client(has_dirty=1) takes the first exit due to output buffers not being flushed yet and subsequent calls with has_dirty=0 take the second exit, wrongly assuming there is nothing to do because the work defered in the first call is ignored. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Lieven <pl@kamp.de>
2014-07-25fix full frame updates for VNC clientsStephan Kulow
If the client asks for !incremental frame updates, it has lost its content so dirty doesn't matter - it has to see the full frame, so setting force_update Signed-off-by: Stephan Kulow <coolo@suse.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Lieven <pl@kamp.de>
2014-07-11Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20140711-1' into ↵Peter Maydell
staging spice: auth fixes # gpg: Signature made Fri 11 Jul 2014 10:17:15 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/spice/tags/pull-spice-20140711-1: spice: auth fixes Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-11ui/gtk: Restore keyboard focus after Page changeJohn Snow
(Resending for correct email addresses via MAINTAINERS ...) In the GTK UI, after changing focus to the qemu monitor Notebook Page, when restoring focus to the virtual machine page, the keyboard focus is lost to a hidden GTK widget. Focus can only be restored to the virtual machine by pressing "tab" or any of the four directional arrow keys. Clicking in the window or grabbing/ungrabbing input does not restore keyboard focus to the child widget. This patch adjusts the Notebook page switching callback to automatically steal keyboard focus on the Page switch event, so that keyboard input does not appear to break or disappear after tabbing to the QEMU monitor. Signed-off-by: John Snow <jsnow@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-11spice: auth fixesGerd Hoffmann
Set auth to sasl when sasl is enabled, this makes "info spice" correctly display sasl auth. Also throw an error in case someone tries to set a spice password via monitor without auth mode being "spice". Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-01ui/vnc: fix potential memory corruption issuesPeter Lieven
this patch makes the VNC server work correctly if the server surface and the guest surface have different sizes. Basically the server surface is adjusted to not exceed VNC_MAX_WIDTH x VNC_MAX_HEIGHT and additionally the width is rounded up to multiple of VNC_DIRTY_PIXELS_PER_BIT. If we have a resolution whose width is not dividable by VNC_DIRTY_PIXELS_PER_BIT we now get a small black bar on the right of the screen. If the surface is too big to fit the limits only the upper left area is shown. On top of that this fixes 2 memory corruption issues: The first was actually discovered during playing around with a Windows 7 vServer. During resolution change in Windows 7 it happens sometimes that Windows changes to an intermediate resolution where server_stride % cmp_bytes != 0 (in vnc_refresh_server_surface). This happens only if width % VNC_DIRTY_PIXELS_PER_BIT != 0. The second is a theoretical issue, but is maybe exploitable by the guest. If for some reason the guest surface size is bigger than VNC_MAX_WIDTH x VNC_MAX_HEIGHT we end up in severe corruption since this limit is nowhere enforced. Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-01ui/vnc: limit client_cut_text msg payload sizePeter Lieven
currently a malicious client could define a payload size of 2^32 - 1 bytes and send up to that size of data to the vnc server. The server would allocated that amount of memory which could easily create an out of memory condition. This patch limits the payload size to 1MB max. Please note that client_cut_text messages are currently silently ignored. Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-29ui/cocoa: Honour -show-cursor command line optionPeter Maydell
Honour the -show-cursor command line option (which forces the mouse pointer to always be displayed even when input is grabbed) in the Cocoa UI backend. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1403516125-14568-5-git-send-email-peter.maydell@linaro.org
2014-06-29ui/cocoa: Fix handling of absolute positioning devicesPeter Maydell
Fix handling of absolute positioning devices, which were basically unusable for two separate reasons: (1) as soon as you pressed the left mouse button we would call CGAssociateMouseAndMouseCursorPosition(FALSE), which means that the absolute coordinates of the mouse events are never updated (2) we didn't account for MacOSX coordinate origin being bottom left rather than top right, and so all the Y values sent to the guest were inverted We fix (1) by aligning our behaviour with the SDL UI backend for absolute devices: * when the mouse moves into the window we do a grab (which means hiding the host cursor and sending special keys to the guest) * when the mouse moves out of the window we un-grab and fix (2) by doing the correct transformation in the call to qemu_input_queue_abs(). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1403516125-14568-4-git-send-email-peter.maydell@linaro.org
2014-06-29ui/cocoa: Add utility method to check if point is within windowPeter Maydell
Add a utility method to check whether a point is within the current window bounds, and use it in the various places in the mouse handling code that were opencoding the check. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1403516125-14568-3-git-send-email-peter.maydell@linaro.org
2014-06-29ui/cocoa: Cope with first surface being same as initial window sizePeter Maydell
Do the recalculation of the content dimensions in switchSurface if the current cdx is zero as well as if the new surface is a different size to the current window. This catches the case where the first surface registered happens to be 640x480 (our current window size), and fixes a bug where we would always display a black screen until the first surface of a different size was registered. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1403516125-14568-2-git-send-email-peter.maydell@linaro.org
2014-06-23qemu-char: introduce qemu_chr_allocPaolo Bonzini
The next patch will modify this function to initialize state that is common to all backends. Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23qapi event: convert SPICE eventsWenchao Xia
SPICE_INITIALIZED, SPICE_CONNECTED, SPICE_DISCONNECTED and SPICE_MIGRATE_COMPLETED are converted in one patch, since they use some common functions. inet_strfamily() is removed since no callers exist anymore. Note that there is no existing doc for SPICE_MIGRATE_COMPLETED in docs/qmp/qmp-events.txt before this patch. Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23qapi event: convert VNC eventsWenchao Xia
Since VNC_CONNECTED, VNC_DISCONNECTED, VNC_INITIALIZED share some common functions, convert them in one patch. Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23qapi: adjust existing definesWenchao Xia
In order to let event defines use existing types later, instead of redefine new ones, some old type defines for spice and vnc are changed, and BlockErrorAction is moved from block.h to qapi schema. Note that BlockErrorAction is not merged with BlockdevOnError. At this point, VncInfo is not made a child of VncBasicInfo, because VncBasicInfo has mandatory fields where VncInfo makes them optional. Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-20Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20140619-1' into ↵Peter Maydell
staging vnc: cleanups and fixes # gpg: Signature made Thu 19 Jun 2014 12:02:09 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-vnc-20140619-1: vnc: fix screen updates vnc: Drop superfluous conditionals around g_strdup() vnc: Drop superfluous conditionals around g_free() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-20spice: fix 32bit buildGerd Hoffmann
Tested-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1403244764-8622-1-git-send-email-kraxel@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-19vnc: fix screen updatesGerd Hoffmann
Bug was added by 38ee14f4f33f8836fc0e209ca59c6ae8c6edf380. vnc_jobs_join call is missing in one code path. Reported-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-19vnc: Drop superfluous conditionals around g_strdup()Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-19vnc: Drop superfluous conditionals around g_free()Markus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-13spice: add mouse cursor supportGerd Hoffmann
So you'll have a mouse pointer when running non-qxl gfx cards with mouse pointer support (virtio-gpu, IIRC vmware too). Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-11gtk: update window size after showing/hiding tabsGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-11gtk: factor out gtk3 grab into the new gd_grab_devices functionGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-11gtk: cleanup backend dependenciesGerd Hoffmann
Make configure detect gtk x11 backend and link libX11 then. Make gtk backend specific code properly #ifdef'ed on the GTK_WINDOWING_* backends at runtime). Our gtk ui code should build and run fine on any platform now. This also fixes the linker failute due to the new XkbGetKeyboard call added by commit 3158a3482b0093e41f2b2596fba50774ea31ae08. Cc: Richard Henderson <rth@twiddle.net> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
2014-06-11gtk: factor out keycode mappingGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-10console: fix -vga none -sdl crashGerd Hoffmann
Call get_alloc_displaystate() for proper initialization instead of allocating with g_new(). Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-10console: kill MAX_CONSOLES, alloc consoles dynamicallyGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-04input/vnc: use kbd delays in press_keyGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-04input/curses: add kbd delay between keydown and keyup eventsGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-04input: use kbd delays for send_key monitor commandGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-04input: add support for kbd delaysGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-02Merge remote-tracking branch 'remotes/kraxel/tags/pull-sdl-3' into stagingPeter Maydell
sdl2: add support for text consoles # gpg: Signature made Mon 02 Jun 2014 15:35:20 BST using RSA key ID D3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" * remotes/kraxel/tags/pull-sdl-3: sdl2: textinput + terminal sdl2: make Ctrl-Alt-<nr> hotkeys show and hide windows console: add kbd_put_string_console console: add kbd_put_qcode_console Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-02vnc-enc-tight: Fix divide-by-zero in tight_detect_smooth_image{16,24,32}Gonglei
Spotted by Coverity: (1) Event assignment: Assigning: "pixels" = "0". (2) Event cond_true: Condition "y < h", taking true branch (3) Event cond_false: Condition "x < w", taking false branch (4) Event loop_end: Reached end of loop (5) Event divide_by_zero: In expression "(stats[0] + stats[1]) * 100U / pixels", division by expression "pixels" which may be zero has undefined behavior. 290 DEFINE_DETECT_FUNCTION(16) 291 DEFINE_DETECT_FUNCTION(32) Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-02vnc: add trace events for key eventsGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-02vnc: refuse to set a password with VNC_AUTH_NONEGerd Hoffmann
Current code silently changes the authentication settings in case you try to set a password without password authentication turned on. This is bad. Return an error instead. If we want allow changing auth settings at runtime this should be done explicitly using a separate monitor command, not as side effect of set_passwd. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-02sdl2: textinput + terminalGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-02sdl2: make Ctrl-Alt-<nr> hotkeys show and hide windowsGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-02console: add kbd_put_string_consoleGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-02console: add kbd_put_qcode_consoleGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-05-28Merge remote-tracking branch 'remotes/kraxel/tags/pull-console-1' into stagingPeter Maydell
console: multiwindow support for text terminal QemuConsoles console: small fixes # gpg: Signature made Mon 26 May 2014 09:17:27 BST using RSA key ID D3E87138 # gpg: Can't check signature: public key not found * remotes/kraxel/tags/pull-console-1: console: add kbd_put_keysym_console console: rework text terminal cursor logic console: update text terminal surface unconditionally console: nicer initial screen console: Abort on property access errors Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-28Merge remote-tracking branch 'remotes/kraxel/tags/pull-gtk-7' into stagingPeter Maydell
gtk: ui overhaul, multiwindow support. # gpg: Signature made Mon 26 May 2014 08:54:55 BST using RSA key ID D3E87138 # gpg: Can't check signature: public key not found * remotes/kraxel/tags/pull-gtk-7: (24 commits) gtk: workaround gtk2 vte resize issue gtk: window sizing overhaul gtk: zap unused global_state gtk: Add handling for the xfree86 keycodes gtk: enable untabify for gfx gtk: detached window pointer grabs gtk: update all windows on mouse mode changes gtk: fix grab checks gtk: update gd_update_caption gtk: skip keyboard grab when hover autograb is active gtk: keep track of grab owner gtk: add gd_grab trace event gtk: add tab to trace events gtk: allow moving tabs to windows and back. gtk: simplify resize gtk: use device type as label gtk: support multiple gfx displays gtk: move vga state into VirtualGfxConsole gtk: VirtualConsole restruction gtk: remove page numbering assumtions from the code ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-05-26sdl: pass key event source to input layerGerd Hoffmann
So the input layer knows where the input is coming from and input routing works correctly. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-05-26input: bind devices and input routingGerd Hoffmann
Add function to bind input devices to display devices. Implementing input routing on top of this: Events coming from the display device in question are routed to the input device bound to it (if there is one). Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-05-26input: keymap: add meta keysGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-05-26input: add name to input_event_key_numberGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-05-26input: add qemu_input_key_number_to_qcodeGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-05-26input (curses): mask keycodes to remove modifier bitsAndrew Oates
Without the mask, control bits are passed on in the keycode, generating incorrect PS/2 sequences when SHIFT, ALT, etc are held down. Cc: qemu-stable@nongnu.org Signed-off-by: Andrew Oates <andrew@aoates.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-05-26gtk: workaround gtk2 vte resize issueGerd Hoffmann
Hack isn't pretty, but gets the job done. See source code comment for details. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-05-26gtk: window sizing overhaulGerd Hoffmann
Major overhaul for window size handling. This basically switches qemu over to use geometry hints for the window manager instead of trying to get the job done with widget resize requests. This allows to specify better what we need and also avoids window resizes. FIXME: on gtk2 someone overwrites the geometry hints :( Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>