aboutsummaryrefslogtreecommitdiff
path: root/ui
AgeCommit message (Collapse)Author
2019-08-16Include qemu/main-loop.h lessMarkus Armbruster
In my "build everything" tree, changing qemu/main-loop.h triggers a recompile of some 5600 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). It includes block/aio.h, which in turn includes qemu/event_notifier.h, qemu/notify.h, qemu/processor.h, qemu/qsp.h, qemu/queue.h, qemu/thread-posix.h, qemu/thread.h, qemu/timer.h, and a few more. Include qemu/main-loop.h only where it's needed. Touching it now recompiles only some 1700 objects. For block/aio.h and qemu/event_notifier.h, these numbers drop from 5600 to 2800. For the others, they shrink only slightly. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190812052359.30071-21-armbru@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-08-16Include qemu/queue.h slightly lessMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20190812052359.30071-20-armbru@redhat.com>
2019-08-16Include hw/hw.h exactly where neededMarkus Armbruster
In my "build everything" tree, changing hw/hw.h triggers a recompile of some 2600 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). The previous commits have left only the declaration of hw_error() in hw/hw.h. This permits dropping most of its inclusions. Touching it now recompiles less than 200 objects. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20190812052359.30071-19-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-08-16trace: Do not include qom/cpu.h into generated trace.hMarkus Armbruster
docs/devel/tracing.txt explains "since many source files include trace.h, [the generated trace.h use] a minimum of types and other header files included to keep the namespace clean and compile times and dependencies down." Commit 4815185902 "trace: Add per-vCPU tracing states for events with the 'vcpu' property" made them all include qom/cpu.h via control-internal.h. qom/cpu.h in turn includes about thirty headers. Ouch. Per-vCPU tracing is currently not supported in sub-directories' trace-events. In other words, qom/cpu.h can only be used in trace-root.h, not in any trace.h. Split trace/control-vcpu.h off trace/control.h and trace/control-internal.h. Have the generated trace.h include trace/control.h (which no longer includes qom/cpu.h), and trace-root.h include trace/control-vcpu.h (which includes it). The resulting improvement is a bit disappointing: in my "build everything" tree, some 1100 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h) depend on a trace.h, and about 600 of them no longer depend on qom/cpu.h. But more than 1300 others depend on trace-root.h. More work is clearly needed. Left for another day. Cc: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20190812052359.30071-8-armbru@redhat.com>
2019-08-16Include generated QAPI headers lessMarkus Armbruster
Some of the generated qapi-types-MODULE.h are included all over the place. Changing a QAPI type can trigger massive recompiling. Top scorers recompile more than 1000 out of some 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h): 6300 qapi/qapi-builtin-types.h 5700 qapi/qapi-types-run-state.h 3900 qapi/qapi-types-common.h 3300 qapi/qapi-types-sockets.h 3000 qapi/qapi-types-misc.h 3000 qapi/qapi-types-crypto.h 3000 qapi/qapi-types-job.h 3000 qapi/qapi-types-block-core.h 2800 qapi/qapi-types-block.h 1300 qapi/qapi-types-net.h Clean up headers to include generated QAPI headers only where needed. Impact is negligible except for hw/qdev-properties.h. This header includes qapi/qapi-types-block.h and qapi/qapi-types-misc.h. They are used only in expansions of property definition macros such as DEFINE_PROP_BLOCKDEV_ON_ERROR() and DEFINE_PROP_OFF_AUTO(). Moving their inclusion from hw/qdev-properties.h to the users of these macros avoids pointless recompiles. This is how other property definition macros, such as DEFINE_PROP_NETDEV(), already work. Improves things for some of the top scorers: 3600 qapi/qapi-types-common.h 2800 qapi/qapi-types-sockets.h 900 qapi/qapi-types-misc.h 2200 qapi/qapi-types-crypto.h 2100 qapi/qapi-types-job.h 2100 qapi/qapi-types-block-core.h 270 qapi/qapi-types-block.h Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20190812052359.30071-3-armbru@redhat.com>
2019-07-03console: fix cell overflowGerd Hoffmann
Linux terminal behavior (coming from vt100 I think) is somewhat strange when it comes to line wraps: When a character is printed to the last char cell of a line the cursor does NOT jump to the next line but stays where it is. The line feed happens when the next character is printed. So the valid range for the cursor position is not 0 .. width-1 but 0 .. width, where x == width represents the state where the line is full but the cursor didn't jump to the next line yet. The code for the 'clear from start of line' control sequence (ESC[1K) fails to handle this corner case correctly and may call console_clear_xy() with x == width. That will incorrectly clear the first char cell of the next line, or in case the cursor happens to be on the last line overflow the cell buffer by one character (three bytes). Add a check to the loop to fix that. Didn't spot any other places with the same problem. But it's easy to miss that corner case, so also allocate one extra cell as precaution, so in case we have simliar issues lurking elsewhere it at least wouldn't be a buffer overflow. v2: squashed in additional checks suggested by Christophe de Dinechin. Reported-by: Alexander Oleinik <alxndr@bu.edu> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Christophe de Dinechin <dinechin@redhat.com> Message-id: 20190701075301.14165-1-kraxel@redhat.com
2019-06-13ui/cocoa: Fix mouse grabbing in fullscreen mode for relative input deviceChen Zhang
In fullscreen mode, the window property of cocoaView may not be the key window, and the current implementation would not re-grab cursor by left click in fullscreen mode after ungrabbed in fullscreen mode with hot-key ctrl-opt-g. This patch used value of isFullscreen as a short-cirtuit condition for relative input device grabbing. Signed-off-by: Chen Zhang <tgfbeta@me.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 2D2F1191-E82F-4B54-A6E7-73FFB953DE93@me.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-06-13ui/cocoa: Fix absolute input device grabbing issue on MojaveChen Zhang
On Mojave, absolute input device, i.e. tablet, had trouble re-grabbing the cursor in re-entry into the virtual screen area. In some cases, the `window` property of NSEvent object was nil after cursor exiting from window, hinting that the `-locationInWindow` method would return value in screen coordinates. The current implementation used raw locations from NSEvent without considering whether the value was for the window coordinates or the macOS screen coordinates, nor the zooming factor for Zoom-to-Fit in fullscreen mode. In fullscreen mode, the fullscreen cocoa window might not be the key window, therefore the location of event in virtual coordinates should suffice. This patches fixed boundary check methods for cursor in normal and fullscreen with/without Zoom-to-Fit in Mojave. Note: CGRect, -convertRectToScreen: and -convertRectFromScreen: were used in coordinates conversion for compatibility reason. Signed-off-by: Chen Zhang <tgfbeta@me.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: FA3FBC4F-5379-4118-B997-58FE05CC58F9@me.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-06-12Include qemu-common.h exactly where neededMarkus Armbruster
No header includes qemu-common.h after this commit, as prescribed by qemu-common.h's file comment. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-5-armbru@redhat.com> [Rebased with conflicts resolved automatically, except for include/hw/arm/xlnx-zynqmp.h hw/arm/nrf51_soc.c hw/arm/msf2-soc.c block/qcow2-refcount.c block/qcow2-cluster.c block/qcow2-cache.c target/arm/cpu.h target/lm32/cpu.h target/m68k/cpu.h target/mips/cpu.h target/moxie/cpu.h target/nios2/cpu.h target/openrisc/cpu.h target/riscv/cpu.h target/tilegx/cpu.h target/tricore/cpu.h target/unicore32/cpu.h target/xtensa/cpu.h; bsd-user/main.c and net/tap-bsd.c fixed up]
2019-06-12Include qemu/module.h where needed, drop it from qemu-common.hMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-4-armbru@redhat.com> [Rebased with conflicts resolved automatically, except for hw/usb/dev-hub.c hw/misc/exynos4210_rng.c hw/misc/bcm2835_rng.c hw/misc/aspeed_scu.c hw/display/virtio-vga.c hw/arm/stm32f205_soc.c; ui/cocoa.m fixed up]
2019-06-11qemu-common: Move qemu_isalnum() etc. to qemu/ctype.hMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-3-armbru@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2019-06-07egl-helpers: add modifier support to egl_dmabuf_import_texture()Gerd Hoffmann
Check and use QemuDmaBuf->modifier in egl_dmabuf_import_texture() for dmabuf imports. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20190529072144.26737-5-kraxel@redhat.com
2019-06-07egl-helpers: add modifier support to egl_get_fd_for_texture().Gerd Hoffmann
Add modifier parameter to egl_get_fd_for_texture(), to return the used modifier on dmabuf exports. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20190529072144.26737-4-kraxel@redhat.com
2019-06-07ui/curses: Fix build with -m32Max Reitz
wchar_t may resolve to be an unsigned long on 32-bit architectures. Using the %x conversion specifier will then give a compiler warning: ui/curses.c: In function ‘get_ucs’: ui/curses.c:492:49: error: format ‘%x’ expects argument of type ‘unsigned int’, but argument 3 has type ‘wchar_t’ {aka ‘long int’} [-Werror=format=] 492 | fprintf(stderr, "Could not convert 0x%04x " | ~~~^ | | | unsigned int | %04lx 493 | "from wchar_t to a multibyte character: %s\n", 494 | wch, strerror(errno)); | ~~~ | | | wchar_t {aka long int} ui/curses.c:504:49: error: format ‘%x’ expects argument of type ‘unsigned int’, but argument 3 has type ‘wchar_t’ {aka ‘long int’} [-Werror=format=] 504 | fprintf(stderr, "Could not convert 0x%04x " | ~~~^ | | | unsigned int | %04lx 505 | "from a multibyte character to UCS-2 : %s\n", 506 | wch, strerror(errno)); | ~~~ | | | wchar_t {aka long int} Fix this by casting the wchar_t value to an unsigned long and using %lx as the conversion specifier. Fixes: b7b664a4fe9a955338f2e11a0f7433b29c8cbad0 Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Message-id: 20190527142540.23255-1-mreitz@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-05-29spice-app: fix running when !CONFIG_OPENGLMarc-André Lureau
Do not set 'gl' parameter, fixes: qemu-system-x86_64: Invalid parameter 'gl' Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20190524130946.31736-7-marcandre.lureau@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-05-22ui/vnc: Use gcrypto_random_bytes for start_auth_vncRichard Henderson
Use a better interface for random numbers than rand(). Fail gracefully if for some reason we cannot use the crypto system. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-05-22ui/vnc: Split out authentication_failedRichard Henderson
There were 3 copies of this code, one of which used the wrong data size for the failure indicator. Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-05-17kbd-state: fix autorepeat handlingGerd Hoffmann
When allowing multiple down-events in a row (key autorepeat) we can't use change_bit() any more to update the state, because autorepeat events don't change the key state. We have to explicitly use set_bit() and clear_bit() instead. Cc: qemu-stable@nongnu.org Fixes: 35921860156e kbd-state: don't block auto-repeat events Buglink: https://bugs.launchpad.net/qemu/+bug/1828272 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20190514042443.10735-1-kraxel@redhat.com
2019-05-17ui/console: Precautionary glBindTexture and surface->texture validation in ↵HOU Qiming
surface_gl_update_texture In a GVT-g setup with dmabuf and GTK GUI, the current 2D texture at surface_gl_update_texture is not necessarily surface->texture. Adding a glBindTexture fixes related crashes and artifacts, and is generally more secure. Signed-off-by: HOU Qiming <hqm03ster@gmail.com> Tested-by: Marcel Apfelbaum<marcel.apfelbaum@gmail.com> Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> Message-id: 20190507080501.26712-1-marcel.apfelbaum@gmail.com [fixed malformed patch, rebase to master] Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-05-17ui/curses: manipulate cchar_t with standard curses functionsSamuel Thibault
The chars/attr fields are curses internals, setcchar and getcchar have to be used instead. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Tested-by: Kamil Rytarowski <n54@gmx.com> Message-Id: <20190427183307.12796-3-samuel.thibault@ens-lyon.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-05-17ui/curses: do not assume wchar_t contains unicodeSamuel Thibault
E.g. BSD and Solaris even use locale-specific encoding there. We thus have to go through the native multibyte representation and use mbrtowc/wcrtomb to make a proper conversion. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Tested-by: Kamil Rytarowski <n54@gmx.com> Message-Id: <20190427183307.12796-2-samuel.thibault@ens-lyon.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-04-12curses: fix wchar_t printf warningGerd Hoffmann
On some systems wchar_t is "long int", on others just "int". So go cast to "long int" and adjust the printf format accordingly. Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190402073018.17747-1-kraxel@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-03-22trace-events: Fix attribution of trace points to sourceMarkus Armbruster
Some trace points are attributed to the wrong source file. Happens when we neglect to update trace-events for code motion, or add events in the wrong place, or misspell the file name. Clean up with help of cleanup-trace-events.pl. Same funnies as in the previous commit, of course. Manually shorten its change to linux-user/trace-events to */signal.c. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-id: 20190314180929.27722-6-armbru@redhat.com Message-Id: <20190314180929.27722-6-armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-03-22trace-events: Shorten file names in commentsMarkus Armbruster
We spell out sub/dir/ in sub/dir/trace-events' comments pointing to source files. That's because when trace-events got split up, the comments were moved verbatim. Delete the sub/dir/ part from these comments. Gets rid of several misspellings. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190314180929.27722-3-armbru@redhat.com Message-Id: <20190314180929.27722-3-armbru@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-03-18curses ui: add missing iconv_close callsSamuel Thibault
The iconv_t are opened but never closed. Spotted by Coverity: CID 1399708 Spotted by Coverity: CID 1399709 Spotted by Coverity: CID 1399713 Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Message-Id: <20190314172524.9290-1-samuel.thibault@ens-lyon.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-18curses ui: always initialize all curses_line fieldsSamuel Thibault
cchar_t can contain not only attr and chars fields, but also ext_color. Initialize the whole structure to zero instead of enumerating fields. Spotted by Coverity: CID 1399711 Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Message-Id: <20190315130932.26094-1-samuel.thibault@ens-lyon.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-18vnc: fix unalignment access in tight_pack24Li Qiang
When adding '-fsanitize=undefined' in compiling configuration and connect VM with vnc, it reports following error: ui/vnc-enc-tight.c:910:13: runtime error: load of misaligned address 0x621000466513 for type 'uint32_t', which requires 4 byte alignment This patch fix this issue. Signed-off-by: Li Qiang <liq3ea@163.com> Message-id: 20190318010442.14897-1-liq3ea@163.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-13Merge remote-tracking branch 'remotes/kraxel/tags/ui-20190313-pull-request' ↵Peter Maydell
into staging ui: better unicode support for curses, v2. # gpg: Signature made Wed 13 Mar 2019 07:29:44 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/ui-20190313-pull-request: curses: add option to specify VGA font encoding iconv: detect and make curses depend on it Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-03-13curses: add option to specify VGA font encodingSamuel Thibault
This uses iconv to convert glyphs from the specified VGA font encoding to unicode, and makes use of cchar_t instead of chtype when using ncursesw, which allows to store all wide char as well as the WACS values. The default charset is made CP437 since that is the charset of the hardware default VGA font. This also makes the curses backend set the LC_CTYPE locale to "" to allow curses to emit wide characters. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Cc: Eddie Kohler <ekohler@gmail.com> Acked-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190311135127.2229-3-samuel.thibault@ens-lyon.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-13iconv: detect and make curses depend on itSamuel Thibault
curses will use it for proper wide output support. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Message-Id: <20190311135127.2229-2-samuel.thibault@ens-lyon.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-12Merge remote-tracking branch ↵Peter Maydell
'remotes/kraxel/tags/audio-20190312-pull-request' into staging audio: introduce -audiodev # gpg: Signature made Tue 12 Mar 2019 07:12:19 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/audio-20190312-pull-request: audio: -audiodev command line option: cleanup wavaudio: port to -audiodev config spiceaudio: port to -audiodev config sdlaudio: port to -audiodev config paaudio: port to -audiodev config ossaudio: port to -audiodev config noaudio: port to -audiodev config dsoundaudio: port to -audiodev config coreaudio: port to -audiodev config alsaaudio: port to -audiodev config audio: -audiodev command line option basic implementation audio: -audiodev command line option: documentation audio: use qapi AudioFormat instead of audfmt_e qapi: qapi for audio backends Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # qemu-deprecated.texi
2019-03-11audio: use qapi AudioFormat instead of audfmt_eKővágó, Zoltán
I had to include an enum for audio sampling formats into qapi, but that meant duplicating the audfmt_e enum. This patch replaces audfmt_e and associated values with the qapi generated AudioFormat enum. This patch is mostly a search-and-replace, except for switches where the qapi generated AUDIO_FORMAT_MAX caused problems. Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-id: 01251b2758a1679c66842120b77c0fb46d7d0eaf.1552083282.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11vnc: allow specifying a custom authorization object nameDaniel P. Berrange
The VNC server has historically had support for ACLs to check both the SASL username and the TLS x509 distinguished name. The VNC server was responsible for creating the initial ACL, and the client app was then responsible for populating it with rules using the HMP 'acl_add' command. This is not satisfactory for a variety of reasons. There is no way to populate the ACLs from the command line, users are forced to use the HMP. With multiple network services all supporting TLS and ACLs now, it is desirable to be able to define a single ACL that is referenced by all services. To address these limitations, two new options are added to the VNC server CLI. The 'tls-authz' option takes the ID of a QAuthZ object to use for checking TLS x509 distinguished names, and the 'sasl-authz' option takes the ID of another object to use for checking SASL usernames. In this example, we setup two authorization rules. The first allows any client with a certificate issued by the 'RedHat' organization in the 'London' locality. The second ACL allows clients with either the 'joe@REDHAT.COM' or 'fred@REDHAT.COM' kerberos usernames. Both checks must pass for the user to be allowed. $QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\ endpoint=server,verify-peer=yes \ -object authz-simple,id=authz0,policy=deny,\ rules.0.match=O=RedHat,,L=London,rules.0.policy=allow \ -object authz-simple,id=authz1,policy=deny,\ rules.0.match=fred@REDHAT.COM,rules.0.policy=allow \ rules.0.match=joe@REDHAT.COM,rules.0.policy=allow \ -vnc 0.0.0.0:1,tls-creds=tls0,tls-authz=authz0, sasl,sasl-authz=authz1 \ ...other QEMU args... Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20190227145755.26556-2-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11vnc: fix update stallsGerd Hoffmann
vnc aborts display update jobs on video mode switches and page flips. That can cause vnc update stalls in case an unfinished vnc job gets aborted. The vnc client will never receive the requested update then. Fix that by copying the state from job_update back to update in that case. Reports complain about stalls with two or more clients being connected at the same time, on some but not all connections. I suspect it can also happen with a single connection, multiple connections only make this more much likely to happen. Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1662260 Reported-by: Ying Fang <fangying1@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Ying Fang <fangying1@huawei.com> Message-id: 20190305130930.24516-1-kraxel@redhat.com
2019-03-11curses: support wide inputSamuel Thibault
This makes use of wide curses functions instead of 8bit functions. This allows to type e.g. accented letters. Unfortunately, key codes are then returned with values that could be confused with wide characters by ncurses, so we need to add a maybe_keycode variable to know whether the returned value is a key code or a character (curses with wide support), or possibly both (curses without wide support). The translation tables thus also need to be separated into key code translation and character translation. The curses2foo helper makes it easier to use them. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Message-id: 20190304210532.7840-1-samuel.thibault@ens-lyon.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11Reduce curses escdelay from 1s to 25msSamuel Thibault
By default, curses will only report single ESC key event after 1s delay, since ESC is also used for keypad escape sequences. This however makes users believe that ESC is not working. Reducing to 25ms provides good user experience, while still allowing 25ms for keypad sequences to get in, which should be enough. Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Message-Id: <20190303172557.17139-1-samuel.thibault@ens-lyon.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-04ui/cocoa: Perform UI operations only on the main threadPeter Maydell
The OSX Mojave release is more picky about enforcing the Cocoa API restriction that only the main thread may perform UI calls. To accommodate this we need to restructure the Cocoa code: * the special OSX main() creates a second thread and uses that to call the vl.c qemu_main(); the original main thread goes into the OSX event loop * the refresh, switch and update callbacks asynchronously tell the main thread to do the necessary work * the refresh callback no longer does the "get events from the UI event queue and handle them" loop, since we now use the stock OSX event loop. Instead our NSApplication sendEvent method will either deal with them or pass them on to OSX All these things have to be changed in one commit, to avoid breaking bisection. Note that since we use dispatch_get_main_queue(), this bumps our minimum version requirement to OSX 10.10 Yosemite (released in 2014, unsupported by Apple since 2017). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Tested-by: Roman Bolshakov <r.bolshakov@yadro.com> Message-id: 20190225102433.22401-8-peter.maydell@linaro.org Message-id: 20190214102816.3393-8-peter.maydell@linaro.org
2019-03-04ui/cocoa: Subclass NSApplication so we can implement sendEventPeter Maydell
When we switch away from our custom event handling, we still want to be able to have first go at any events our application receives, because in full-screen mode we want to send key events to the guest, even if they would be menu item activation events. There are several ways we could do that, but one simple approach is to subclass NSApplication so we can implement a custom sendEvent method. Do that, but for the moment have our sendEvent just invoke the superclass method. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Tested-by: Roman Bolshakov <r.bolshakov@yadro.com> Message-id: 20190225102433.22401-7-peter.maydell@linaro.org Message-id: 20190214102816.3393-7-peter.maydell@linaro.org
2019-03-04ui/cocoa: Don't call NSApp sendEvent directly from handleEventPeter Maydell
Currently the handleEvent method will directly call the NSApp sendEvent method for any events that we want to let OSX deal with. When we rearrange the event handling code, the way that we say "let OSX have this event" is going to change. Prepare for that by refactoring so that handleEvent returns a flag indicating whether it consumed the event. Suggested-by: BALATON Zoltan <balaton@eik.bme.hu> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Tested-by: Roman Bolshakov <r.bolshakov@yadro.com> Message-id: 20190225102433.22401-6-peter.maydell@linaro.org Message-id: 20190214102816.3393-6-peter.maydell@linaro.org
2019-03-04ui/cocoa: Move console/device menu creation code up in filePeter Maydell
Move the console/device menu creation code functions further up in the source file, next to the code which creates the initial menus. We're going to want to change the location we call these functions from in the next patch. This commit is a pure code move with no other changes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Tested-by: Roman Bolshakov <r.bolshakov@yadro.com> Message-id: 20190225102433.22401-5-peter.maydell@linaro.org Message-id: 20190214102816.3393-5-peter.maydell@linaro.org
2019-03-04ui/cocoa: Factor out initial menu creationPeter Maydell
Factor out the long code sequence in main() which creates the initial set of menus. This will make later patches which move initialization code around a bit clearer. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Tested-by: Roman Bolshakov <r.bolshakov@yadro.com> Message-id: 20190225102433.22401-4-peter.maydell@linaro.org Message-id: 20190214102816.3393-4-peter.maydell@linaro.org
2019-03-04ui/cocoa: Use the pixman image directly in switchSurfacePeter Maydell
Currently the switchSurface method takes a DisplaySurface. We want to change our DisplayChangeListener's dpy_gfx_switch callback to do this work asynchronously on a different thread. The caller of the switch callback will free the old DisplaySurface immediately the callback returns, so to ensure that the other thread doesn't access freed data we need to switch to using the underlying pixman image instead. The pixman image is reference counted, so we will be able to take a reference to it to avoid it vanishing too early. In this commit we only change the switchSurface method to take a pixman image, and keep the flow of control synchronous for now. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Tested-by: Roman Bolshakov <r.bolshakov@yadro.com> Message-id: 20190225102433.22401-3-peter.maydell@linaro.org Message-id: 20190214102816.3393-3-peter.maydell@linaro.org
2019-03-04ui/cocoa: Ensure we have the iothread lock when calling into QEMUPeter Maydell
The Cocoa UI should run on the main thread; this is enforced in OSX Mojave. In order to be able to run on the main thread, we need to make sure we hold the iothread lock whenever we call into various QEMU UI midlayer functions. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Tested-by: Roman Bolshakov <r.bolshakov@yadro.com> Message-id: 20190225102433.22401-2-peter.maydell@linaro.org Message-id: 20190214102816.3393-2-peter.maydell@linaro.org
2019-02-26authz: delete existing ACL implementationDaniel P. Berrange
The 'qemu_acl' type was a previous non-QOM based attempt to provide an authorization facility in QEMU. Because it is non-QOM based it cannot be created via the command line and requires special monitor commands to manipulate it. The new QAuthZ subclasses provide a superset of the functionality in qemu_acl, so the latter can now be deleted. The HMP 'acl_*' monitor commands are converted to use the new QAuthZSimple data type instead in order to provide temporary backwards compatibility. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2019-02-22display: add -display spice-app launching a Spice clientMarc-André Lureau
Add a new display backend that will configure Spice to allow a remote client to control QEMU in a similar fashion as other QEMU display backend/UI like GTK. For this to work, it will set up Spice server with a unix socket, and register a VC chardev that will be exposed as Spice ports. A QMP monitor is also exposed as a Spice port, this allows the remote client fuller qemu control and state handling. - doesn't handle VC set_echo() - this doesn't seem a strong requirement, very few front-end use it - spice options can be tweaked with other -spice arguments - Windows support shouldn't be hard to do, but will probably use a TCP port instead - we may want to watch the child process to quit automatically if it crashed Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Tested-by: Victor Toso <victortoso@redhat.com> Message-id: 20190221110703.5775-12-marcandre.lureau@redhat.com [ kraxel: squash incremental fix ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-02-21spice: use a default name for the serverMarc-André Lureau
If no -name is given, let's use a friendly "QEMU version" server name. This is sometime exposed on spice client side, for example on remote-viewer title. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Tested-by: Victor Toso <victortoso@redhat.com> Message-id: 20190221110703.5775-11-marcandre.lureau@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-02-21spice: do not stop spice if VM is pausedMarc-André Lureau
spice_server_vm_start/stop() was added to help migration state (commit f5bb039c6d97ef3e664094eab3c9a4dc1824ed73). However, a paused VM could keep running the spice server. This will allow a Spice client to keep sending commands to a spice chardev. This allows to stop/cont a VM from a Spice monitor port. Character devices (vdagent/usb/smartcard/..) should not read from Spice when the VM is paused. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Tested-by: Victor Toso <victortoso@redhat.com> Message-id: 20190221110703.5775-6-marcandre.lureau@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-02-21spice: merge options listsMarc-André Lureau
Passing several -spice options to qemu command line, or calling several time qemu_opts_set() will ignore all but the first option list. Since the spice server is a singleton, it makes sense to merge all the options, the last value being the one taken into account. This changes the behaviour from, for ex: $ qemu... -spice port=5900 -spice port=5901 -> port: 5900 to: $ qemu... -spice port=5900 -spice port=5901 -> port: 5901 (if necessary we could instead produce an error when an option is given twice, although this makes handling default values and such more complicated) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Tested-by: Victor Toso <victortoso@redhat.com> Message-id: 20190221110703.5775-5-marcandre.lureau@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-02-21spice: avoid spice runtime assertMarc-André Lureau
The Spice server doesn't like to be started or stopped twice . It aborts with: (process:6191): Spice-ERROR **: 19:29:35.912: red-worker.c:623:handle_dev_start: assertion `!worker->running' failed It's easy to avoid that situation since qemu spice_display_is_running tracks the server state. After the commit "spice: do not stop spice if VM is paused", it will be possible to pause and resume the VM, and this will call qemu_spice_display_start() twice. The easiest is to add a check for spice_display_is_running with this patch to avoid the assert. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Tested-by: Victor Toso <victortoso@redhat.com> Message-id: 20190221110703.5775-4-marcandre.lureau@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-02-21ui/gtk: Fix the license informationThomas Huth
The license information in this file is very messy. A short note at the beginning says GPL first, but the long boilerplate code then talks about "GNU Lesser General Public License version 2.0". First, there is no such version of the "GNU Lesser GPL", it only started with version 2.1. In version 2.0, it was still called "GNU Library GPL" instead. Second, you can easily get the license of this file wrong if you only quickly glance at the long boilerplate code. Anyway, looking at the text of the LGPL (see COPYING.LIB in the top directory), the license clearly states in section "3." that one should rather replace the license information with the GPL information in such a case of a mixture instead. Thus let's clean up the confusing statements and use the proper GPL text only. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 1550731902-28842-1-git-send-email-thuth@redhat.com [ kraxel: s/v2/v2+/ as requested by Daniel ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>