aboutsummaryrefslogtreecommitdiff
path: root/ui
AgeCommit message (Collapse)Author
2012-03-14vnc: Limit r/w access to size of allocated memoryStefan Weil
This fixes memory reads and writes which exceeded the upper limit of allocated memory vd->guest.ds->data and vd->server->data. Cc: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-03-14vnc: don't mess up with iohandlers in the vnc threadCorentin Chary
The threaded VNC servers messed up with QEMU fd handlers without any kind of locking, and that can cause some nasty race conditions. Using qemu_mutex_lock_iothread() won't work because vnc_dpy_cpy(), which will wait for the current job queue to finish, can be called with the iothread lock held. Instead, we now store the data in a temporary buffer, and use a bottom half to notify the main thread that new data is available. vnc_[un]lock_ouput() is still needed to access VncState members like abort, csock or jobs_buffer. Signed-off-by: Corentin Chary <corentin.chary@gmail.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-03-12implement vnc_dpy_setdataGerd Hoffmann
The comment is wrong, we have to do something in the setdata callback. Changing the framebuffer backing storage (happens when the guest pans the display) renders the whole screen content invalid. Trigger #1: cirrus vga + 32bit linux guest + vesafb with ypan enabled. Trigger #2: std vga + http://patchwork.ozlabs.org/patch/145479/ Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-03-08vnc: Add break statementStefan Weil
This was not a bug, but it is not common practice to omit the break statement from the last case statement before an empty default case. Any change of the default case would introduce a bug. This was reported as a warning by splint. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-02-28Error out when tls-channel option is used without TLSChristophe Fergeau
It's currently possible to setup spice channels using TLS when no TLS port has been specified (ie TLS is disabled). This cannot work, so better to error out in such a situation. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-28spice: use error_report to report errorsChristophe Fergeau
Error message reporting during spice startup wasn't consistent, it was done with fprintf(stderr, "") but sometimes the message didn't have a trailing \n. Using error_report make the intent of the message clearer and deal with the final \n for us. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27qxl: make qxl_render_update asyncAlon Levy
RHBZ# 747011 Removes the last user of QXL_SYNC when using update drivers that use the _ASYNC io ports. The last user is qxl_render_update, it is called both by qxl_hw_update which is the vga_hw_update_ptr passed to graphic_console_init, and by qxl_hw_screen_dump. At the same time the QXLRect area being passed to the red_worker thread is passed as a copy, as part of the QXLCookie. The implementation uses interface_update_area_complete with a bh to make sure dpy_update and qxl_flip are called from the io thread, otherwise the vga->ds->surface.data can change under our feet. With this patch sdl+spice works fine. But spice by itself doesn't produce the expected screendumps unless repeated a few times, due to ppm_save being called before update_area (rendering done in spice server thread) having a chance to complete. Fixed by next patch, but see commit message for problem introduced by it. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27qxl: introduce QXLCookieAlon Levy
Will be used in the next patch. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27qxl: require spice >= 0.8.2Alon Levy
drop all ifdefs on SPICE_INTERFACE_QXL_MINOR >= 1 as a result, any check for SPICE_SERVER_VERSION that is now always satisfied, and SPICE_INTERFACE_CORE_MINOR >= 3 tests, because 0.8.2 has SPICE_INTERFACE_QXL_MINOR == 1 and SPICE_INTERFACE_CORE_MINOR == 3. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27sdl: remove NULL check, g_malloc0 can't failAlon Levy
Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27qxl: fix spice+sdl no cursor regressionAlon Levy
regression introduced by 075360945860ad9bdd491921954b383bf762b0e5, v2: lock around qemu_spice_cursor_refresh_unlocked Reported-by: Fabiano Fidêncio <fabiano@fidencio.org> Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-24Revert "qemu-char: Print strerror message on failure" and depsMarkus Armbruster
The commit's purpose is laudable: The only way for chardev drivers to communicate an error was to return a NULL pointer, which resulted in an error message that said _that_ something went wrong, but not _why_. It attempts to achieve it by changing the interface to return 0/-errno and update qemu_chr_open_opts() to use strerror() to display a more helpful error message. Unfortunately, it has serious flaws: 1. Backends "socket" and "udp" return bogus error codes, because qemu_chr_open_socket() and qemu_chr_open_udp() assume that unix_listen_opts(), unix_connect_opts(), inet_listen_opts(), inet_connect_opts() and inet_dgram_opts() fail with errno set appropriately. That assumption is wrong, and the commit turns unspecific error messages into misleading error messages. For instance: $ qemu-system-x86_64 -nodefaults -vnc :0 -chardev socket,id=bar,host=xxx inet_connect: host and/or port not specified chardev: opening backend "socket" failed: No such file or directory ENOENT is what happens to be in my errno when the backend returns -errno. Let's put ERANGE there just for giggles: $ qemu-system-x86_64 -nodefaults -vnc :0 -chardev socket,id=bar,host=xxx -drive if=none,iops=99999999999999999999 inet_connect: host and/or port not specified chardev: opening backend "socket" failed: Numerical result out of range Worse: when errno happens to be zero, return -errno erroneously signals success, and qemu_chr_new_from_opts() dies dereferencing uninitialized chr. I observe this with "-serial unix:". 2. All qemu_chr_open_opts() knows about the error is an errno error code. That's simply not enough for a decent message. For instance, when inet_dgram() can't resolve the parameter host, which errno code should it use? What if it can't resolve parameter localaddr? Clue: many backends already report errors in their open methods. Let's revert the flawed commit along with its dependencies, and fix up the silent error paths instead. This reverts commit 6e1db57b2ac9025c2443c665a0d9e78748637b26. Conflicts: console.c hw/baum.c qemu-char.c This reverts commit aad04cd024f0c59f0b96f032cde2e24eb3abba6d. The parts of commit db418a0a "Add stdio char device on windows" that depend on the reverted change fixed up. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-21spice: support ipv6 channel address in monitor events and in spice infoYonit Halperin
RHBZ #788444 CC: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Yonit Halperin <yhalperi@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-21Add SPICE support to add_client monitor commandDaniel P. Berrange
With the acceptance of some new APIs to libspice-server.so it is possible to add support for SPICE to the 'add_client' monitor command, bringing parity with VNC. Since SPICE can use TLS or plain connections, the command also gains a new 'tls' parameter to specify whether TLS should be attempted on the injected client sockets. This new feature is only enabled if building against a libspice-server >= 0.10.1 * qmp-commands.hx: Add 'tls' parameter & missing doc for 'skipauth' parameter * monitor.c: Wire up SPICE for 'add_client' command * ui/qemu-spice.h, ui/spice-core.c: Add qemu_spice_display_add_client API to wire up from monitor [1] http://cgit.freedesktop.org/spice/spice/commit/server/spice.h?id=d55b68b6b44f2499278fa860fb47ff22f5011faa http://cgit.freedesktop.org/spice/spice/commit/server/spice.h?id=bd07dde530d9504e1cfe7ed5837fc00c26f36716 Changes in v3: - Added 'optional' flag to new parameters documented - Added no-op impl of qemu_spice_display_add_client when SPICE is disabled during build Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-17vnc: Don't demote authentication scheme when changing password/disabling loginDaniel P. Berrange
Currently when disabling login in VNC, the password is cleared out and the authentication protocol is forced to AUTH_VNC. If you're using a stronger authentication protocol, this has the effect of downgrading your security protocol. Fix this by only changing the authentication protocol if the current authentication protocol is AUTH_NONE. That ensures we're never downgrading. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> -- NB. This patch is derived from one posted by Anthony last year, which got accidentally lost after Luiz took over the QMP series work https://lists.gnu.org/archive/html/qemu-devel/2011-09/msg00392.html v1 -> v2 - Make sure to not demote when changing password (Daniel) v2 -> v3 - Rebase to latest GIT master wrt QMP changes
2012-02-15Merge remote-tracking branch 'kraxel/vnc.2' into stagingAnthony Liguori
* kraxel/vnc.2: vnc: lift modifier keys on client disconnect. vnc: implement shared flag handling. vnc: fix ctrl key in vnc terminal emulation Fix vnc memory corruption with width = 1400
2012-02-15qom: Unify type registrationAndreas Färber
Replace device_init() with generalized type_init(). While at it, unify naming convention: type_init([$prefix_]register_types) Also, type_init() is a function, so add preceding blank line where necessary and don't put a semicolon after the closing brace. Signed-off-by: Andreas Färber <afaerber@suse.de> Cc: Anthony Liguori <anthony@codemonkey.ws> Cc: malc <av1474@comtv.ru> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-10vnc: lift modifier keys on client disconnect.Gerd Hoffmann
For any modifier key (shift, ctrl, alt) still pressed on disconnect inject a key-up event into the guest. The vnc client is gone, it will not do that, so qemu has to do it instead. Without this keys will get stuck, making the guest act in weird ways after reconnecting. Reproducer: exit vnc client via Alt-F4, guest continues to see the pressed alt key and will not react to key events in any useful way until you tap the alt key once to unstuck it. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-10vnc: implement shared flag handling.Gerd Hoffmann
VNC clients send a shared flag in the client init message. Up to now qemu completely ignores this. This patch implements shared flag handling. It comes with three policies: By default qemu behaves as one would expect: Asking for a exclusive access grants exclusive access to the client connecting. There is also a desktop sharing mode which disallows exclusive connects (so one forgetting -shared wouldn't drop everybody else) and a compatibility mode which mimics the traditional (but non-conforming) qemu behavior. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-10vnc: fix ctrl key in vnc terminal emulationGerd Hoffmann
Make the control keys for terminals on the vnc display (i.e. qemu -vnc :0 -serial vc) work. Makes the terminals alot more usable as typing Ctrl-C in your serial console actually has the desired effect ;) Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-10Fix vnc memory corruption with width = 1400Gerd Hoffmann
vnc assumes that the screen width is a multiple of 16 in several places. If this is not the case vnc will overrun buffers, corrupt memory, make qemu crash. This is the minimum fix for this bug. It makes sure we don't overrun the scanline, thereby fixing the segfault. The rendering is *not* correct though, there is a black border at the right side of the screen, 8 pixels wide because 1400 % 16 == 8. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-01sdl: Limit sdl_grab_end in handle_activation to Windows hostsJan Kiszka
There are scenarios on Linux with some SDL versions where handle_activation is continuous invoked with state = SDL_APPINPUTFOCUS and gain = 0 while we grabbed the input. This causes a ping-pong when we grab the input after an absolute mouse entered the window. As this sdl_grab_end was once introduced to work around a Windows-only issue (0294ffb9c8), limit it to that platform. CC: Erik Rull <erik.rull@rdsoftware.de> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-01sdl: Grab input on end of non-absolute mouse clickJan Kiszka
By grabbing the input already on button down, we leave the button in that state for the host GUI. Thus it takes another click after releasing the input again to synchronize the mouse button state. Avoid this by grabbing on button up. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-01Revert "Handle SDL grabs failing (Mark McLoughlin)"Jan Kiszka
This reverts commit 6bb816031f8bc0aafc3476e6dfa4293ee3a5f106. SDL_WM_GrabInput does not reliably bail out if grabbing is impossible. So if we get here, we already lost and will block. But this can no longer happen due to the check in sdl_grab_start. So this patch became obsolete. Conflicts: sdl.c Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-01sdl: Fix block prevention of SDL_WM_GrabInputJan Kiszka
Consistently check for SDL_APPINPUTFOCUS before trying to grab the input focus. Just checking for SDL_APPACTIVE doesn't work. Moving the check to sdl_grab_start allows for some consolidation. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-02-01sdl: Do not grab mouse on mode switch while in backgroundJan Kiszka
When the mouse mode changes to absolute while the SDL windows is not in focus, refrain from grabbing the input. It would steal from some other window. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-18vnc: Simplify vnc_display_password()Luiz Capitulino
Drop the qerror_report() call from it and let its callers set the error themselves. This also allows for dropping the 'ret' variable. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2012-01-13vnc: fix no-lock-key-sync strncmp() lengthStefan Hajnoczi
The no-lock-key-sync option is being parsed incorrectly because of an outdated strcmp() length value. Use the correct length so that invalid option names do not match. Reported-by: Dr David Alan Gilbert <davidagilbert@uk.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-12-14Merge remote-tracking branch 'stefanha/trivial-patches-next' into stagingAnthony Liguori
2011-12-14Fix spelling in comments, documentation and messagesStefan Weil
accidently->accidentally annother->another choosen->chosen consideres->considers decriptor->descriptor developement->development paramter->parameter preceed->precede preceeding->preceding priviledge->privilege propogation->propagation substraction->subtraction throught->through upto->up to usefull->useful Fix also grammar in posix-aio-compat.c Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-12-12qemu-thread: add API for joinable threadsJan Kiszka
Split from Jan's original qemu-thread-posix.c patch. No semantic change, just introduce the new API that POSIX and Win32 implementations will conform to. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-12-06fix typo: delete redundant semicolonDong Xu Wang
Double semicolons should be single. Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-12-02fix spelling in ui sub directoryDong Xu Wang
Cc: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-11-11ui: Plug memory leaks on parse_keyboard_layout() error pathMarkus Armbruster
Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-10ui/vnc: Convert sasl.mechlist to g_malloc() & friendsMarkus Armbruster
Fixes protocol_client_auth_sasl_mechname() not to crash when malloc() fails. Spotted by Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-11-01Merge remote-tracking branch 'afaerber/cocoa-for-upstream' into stagingAnthony Liguori
2011-11-01ui/vnc: Fix use of free() instead of g_free()Stefan Weil
Please note that mechlist still uses malloc / strdup / free. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-11-01cocoa: Close sheet after image file selectionAndreas Färber
If no disk image is specified, the Cocoa frontend displays a modal sheet to let the user select an image file to boot from. This sheet is never closed and it permanently obscures the emulator window. Close it after obtaining the file name in case the user did select a file. Otherwise we exit immediately, so no need to close then. Signed-off-by: Juan Pineda <juan@logician.com> Signed-off-by: Andreas Färber <andreas.faerber@web.de>
2011-10-31Merge remote-tracking branch 'qmp/queue/qmp' into stagingAnthony Liguori
Conflicts: ui/spice-core.c
2011-10-27qapi: Convert query-spiceLuiz Capitulino
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2011-10-27qapi: Convert query-vncLuiz Capitulino
There are three important remarks in relation to the non-qapi command: 1. This commit also fixes the behavior of the 'query-vnc' and 'info vnc' commands to return an error when qemu is built without VNC support (ie. --disable-vnc). The non-qapi command would return the OK response in QMP and no response in HMP 2. The qapi version explicitly marks the fields 'host', 'family', 'service' and 'auth' as optional. Their are not documented as optional in the non-qapi command doc, but they would not be returned if vnc support is disabled. The qapi version maintains the same semantics, but documents those fields correctly 3. The 'clients' field, which is a list, is marked as optional but is always returned. If there are no clients connected an empty list is returned. This is not the Right Way to this in the qapi but it's how the non-qapi command used to work Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2011-10-25spice: fix file handle cleanupGerd Hoffmann
Setting both read and write handlers to NULL in qemu_set_fd_handler is not enougth to make qemu purge the file handle from the list. We must set opaque to NULL too. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-10-25ui/spice-core: fix segfault in monitorAlon Levy
Fix segfault if a qxl device is present but no spice command line argument is given. RHBZ 743251. Signed-off-by: Alon Levy <alevy@redhat.com>
2011-10-25spice: Convert core to QEMU thread APIJan Kiszka
No need to use pthread directly, we have proper abstractions for identity checking. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-10-25spice: support the new migration interface (spice 0.8.3)Yonit Halperin
- call spice_server_migrate_(start|end|connect). - register spice_migrate_connect completion callback Signed-off-by: Yonit Halperin <yhalperi@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-10-25spice: turn client_migrate_info to asyncYonit Halperin
RHBZ 737921 Spice client is required to connect to the migration target before/as migration starts. Since after migration starts, the target qemu is blocked and cannot accept new spice client we trigger the connection to the target upon client_migrate_info command. client_migrate_info completion cb will be called after spice client has been connected to the target (or a timeout). See following patches and spice patches. Signed-off-by: Yonit Halperin <yhalperi@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-10-20migration: Export a function that tells if the migration has finished correctlyJuan Quintela
This will allow us to hide the state values. Signed-off-by: Juan Quintela <quintela@redhat.com>
2011-09-21use qemu_* ctype functionsChristoph Egger
Fix "warning: array subscript has type 'char'" on NetBSD. Signed-off-by: Christoph Egger <Christoph.Egger@amd.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-09-21Drop unneeded pthread.h inclusionsJan Kiszka
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-09-15Drop the vm_running global variableLuiz Capitulino
Use runstate_is_running() instead, which is introduced by this commit. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>