From a29acc9c318781b59063091b895773fc6cbe96e7 Mon Sep 17 00:00:00 2001 From: Zihao Chang Date: Tue, 16 Mar 2021 15:58:43 +0800 Subject: [PATCH 1/5] crypto: add reload for QCryptoTLSCredsClass MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch adds reload interface for QCryptoTLSCredsClass and implements the interface for QCryptoTLSCredsX509. Signed-off-by: Zihao Chang Acked-by: Daniel P. Berrangé Message-Id: <20210316075845.1476-2-changzihao1@huawei.com> Signed-off-by: Gerd Hoffmann --- crypto/tlscredsx509.c | 48 +++++++++++++++++++++++++++++++++++++++ include/crypto/tlscreds.h | 8 ++++--- 2 files changed, 53 insertions(+), 3 deletions(-) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index dbadad4df2..bc503bab55 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -770,6 +770,51 @@ qcrypto_tls_creds_x509_prop_get_sanity(Object *obj, } +#ifdef CONFIG_GNUTLS + + +static bool +qcrypto_tls_creds_x509_reload(QCryptoTLSCreds *creds, Error **errp) +{ + QCryptoTLSCredsX509 *x509_creds = QCRYPTO_TLS_CREDS_X509(creds); + Error *local_err = NULL; + gnutls_certificate_credentials_t creds_data = x509_creds->data; + gnutls_dh_params_t creds_dh_params = x509_creds->parent_obj.dh_params; + + x509_creds->data = NULL; + x509_creds->parent_obj.dh_params = NULL; + qcrypto_tls_creds_x509_load(x509_creds, &local_err); + if (local_err) { + qcrypto_tls_creds_x509_unload(x509_creds); + x509_creds->data = creds_data; + x509_creds->parent_obj.dh_params = creds_dh_params; + error_propagate(errp, local_err); + return false; + } + + if (creds_data) { + gnutls_certificate_free_credentials(creds_data); + } + if (creds_dh_params) { + gnutls_dh_params_deinit(creds_dh_params); + } + return true; +} + + +#else /* ! CONFIG_GNUTLS */ + + +static bool +qcrypto_tls_creds_x509_reload(QCryptoTLSCreds *creds, Error **errp) +{ + return false; +} + + +#endif /* ! CONFIG_GNUTLS */ + + static void qcrypto_tls_creds_x509_complete(UserCreatable *uc, Error **errp) { @@ -800,6 +845,9 @@ static void qcrypto_tls_creds_x509_class_init(ObjectClass *oc, void *data) { UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc); + QCryptoTLSCredsClass *ctcc = QCRYPTO_TLS_CREDS_CLASS(oc); + + ctcc->reload = qcrypto_tls_creds_x509_reload; ucc->complete = qcrypto_tls_creds_x509_complete; diff --git a/include/crypto/tlscreds.h b/include/crypto/tlscreds.h index 079e376047..d0808e391e 100644 --- a/include/crypto/tlscreds.h +++ b/include/crypto/tlscreds.h @@ -30,14 +30,15 @@ #define TYPE_QCRYPTO_TLS_CREDS "tls-creds" typedef struct QCryptoTLSCreds QCryptoTLSCreds; -DECLARE_INSTANCE_CHECKER(QCryptoTLSCreds, QCRYPTO_TLS_CREDS, - TYPE_QCRYPTO_TLS_CREDS) - typedef struct QCryptoTLSCredsClass QCryptoTLSCredsClass; +DECLARE_OBJ_CHECKERS(QCryptoTLSCreds, QCryptoTLSCredsClass, QCRYPTO_TLS_CREDS, + TYPE_QCRYPTO_TLS_CREDS) + #define QCRYPTO_TLS_CREDS_DH_PARAMS "dh-params.pem" +typedef bool (*CryptoTLSCredsReload)(QCryptoTLSCreds *, Error **); /** * QCryptoTLSCreds: * @@ -61,6 +62,7 @@ struct QCryptoTLSCreds { struct QCryptoTLSCredsClass { ObjectClass parent_class; + CryptoTLSCredsReload reload; }; From 1f08e3415120637cad7f540d9ceb4dba3136dbdd Mon Sep 17 00:00:00 2001 From: Zihao Chang Date: Tue, 16 Mar 2021 15:58:44 +0800 Subject: [PATCH 2/5] vnc: support reload x509 certificates for vnc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch add vnc_display_reload_certs() to support update x509 certificates. Signed-off-by: Zihao Chang Reviewed-by: Daniel P. Berrangé Message-Id: <20210316075845.1476-3-changzihao1@huawei.com> Signed-off-by: Gerd Hoffmann --- include/ui/console.h | 1 + ui/vnc.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/include/ui/console.h b/include/ui/console.h index c960b7066c..2714038a0f 100644 --- a/include/ui/console.h +++ b/include/ui/console.h @@ -476,6 +476,7 @@ int vnc_display_password(const char *id, const char *password); int vnc_display_pw_expire(const char *id, time_t expires); void vnc_parse(const char *str); int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp); +bool vnc_display_reload_certs(const char *id, Error **errp); /* input.c */ int index_from_key(const char *key, size_t key_length); diff --git a/ui/vnc.c b/ui/vnc.c index e0fac2136e..456db47d71 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -585,6 +585,34 @@ VncInfo2List *qmp_query_vnc_servers(Error **errp) return prev; } +bool vnc_display_reload_certs(const char *id, Error **errp) +{ + VncDisplay *vd = vnc_display_find(id); + QCryptoTLSCredsClass *creds = NULL; + + if (!vd) { + error_setg(errp, "Can not find vnc display"); + return false; + } + + if (!vd->tlscreds) { + error_setg(errp, "vnc tls is not enable"); + return false; + } + + creds = QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(vd->tlscreds)); + if (creds->reload == NULL) { + error_setg(errp, "%s doesn't support to reload TLS credential", + object_get_typename(OBJECT(vd->tlscreds))); + return false; + } + if (!creds->reload(vd->tlscreds, errp)) { + return false; + } + + return true; +} + /* TODO 1) Get the queue working for IO. 2) there is some weirdness when using the -S option (the screen is grey From 9cc07651655ee86eca41059f5ead8c4e5607c734 Mon Sep 17 00:00:00 2001 From: Zihao Chang Date: Tue, 16 Mar 2021 15:58:45 +0800 Subject: [PATCH 3/5] qmp: add new qmp display-reload This patch provides a new qmp to reload display configuration without restart VM, but only reloading the vnc tls certificates is implemented. Example: {"execute": "display-reload", "arguments":{"type": "vnc", "tls-certs": true}} Signed-off-by: Zihao Chang Message-Id: <20210316075845.1476-4-changzihao1@huawei.com> Signed-off-by: Gerd Hoffmann --- monitor/qmp-cmds.c | 17 +++++++++++++ qapi/ui.json | 61 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) diff --git a/monitor/qmp-cmds.c b/monitor/qmp-cmds.c index c7df8c0ee2..f7d64a6457 100644 --- a/monitor/qmp-cmds.c +++ b/monitor/qmp-cmds.c @@ -334,3 +334,20 @@ MemoryInfo *qmp_query_memory_size_summary(Error **errp) return mem_info; } + +void qmp_display_reload(DisplayReloadOptions *arg, Error **errp) +{ + switch (arg->type) { + case DISPLAY_RELOAD_TYPE_VNC: +#ifdef CONFIG_VNC + if (arg->u.vnc.has_tls_certs && arg->u.vnc.tls_certs) { + vnc_display_reload_certs(NULL, errp); + } +#else + error_setg(errp, "vnc is invalid, missing 'CONFIG_VNC'"); +#endif + break; + default: + abort(); + } +} diff --git a/qapi/ui.json b/qapi/ui.json index cc1882108b..1052ca9c38 100644 --- a/qapi/ui.json +++ b/qapi/ui.json @@ -1168,3 +1168,64 @@ ## { 'command': 'query-display-options', 'returns': 'DisplayOptions' } + +## +# @DisplayReloadType: +# +# Available DisplayReload types. +# +# @vnc: VNC display +# +# Since: 6.0 +# +## +{ 'enum': 'DisplayReloadType', + 'data': ['vnc'] } + +## +# @DisplayReloadOptionsVNC: +# +# Specify the VNC reload options. +# +# @tls-certs: reload tls certs or not. +# +# Since: 6.0 +# +## +{ 'struct': 'DisplayReloadOptionsVNC', + 'data': { '*tls-certs': 'bool' } } + +## +# @DisplayReloadOptions: +# +# Options of the display configuration reload. +# +# @type: Specify the display type. +# +# Since: 6.0 +# +## +{ 'union': 'DisplayReloadOptions', + 'base': {'type': 'DisplayReloadType'}, + 'discriminator': 'type', + 'data': { 'vnc': 'DisplayReloadOptionsVNC' } } + +## +# @display-reload: +# +# Reload display configuration. +# +# Returns: Nothing on success. +# +# Since: 6.0 +# +# Example: +# +# -> { "execute": "display-reload", +# "arguments": { "type": "vnc", "tls-certs": true } } +# <- { "return": {} } +# +## +{ 'command': 'display-reload', + 'data': 'DisplayReloadOptions', + 'boxed' : true } From 181b4bbf610c9126f499e2c516fb9b2a880468b8 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Sun, 14 Mar 2021 16:39:27 +0000 Subject: [PATCH 4/5] include/ui/console.h: Delete is_surface_bgr() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The function is_surface_bgr() is no longer used anywhere, so we can delete it. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20210314163927.1184-1-peter.maydell@linaro.org> Signed-off-by: Gerd Hoffmann --- include/ui/console.h | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/include/ui/console.h b/include/ui/console.h index 2714038a0f..ca3c7af6a6 100644 --- a/include/ui/console.h +++ b/include/ui/console.h @@ -267,16 +267,6 @@ PixelFormat qemu_default_pixelformat(int bpp); DisplaySurface *qemu_create_displaysurface(int width, int height); void qemu_free_displaysurface(DisplaySurface *surface); -static inline int is_surface_bgr(DisplaySurface *surface) -{ - if (PIXMAN_FORMAT_BPP(surface->format) == 32 && - PIXMAN_FORMAT_TYPE(surface->format) == PIXMAN_TYPE_ABGR) { - return 1; - } else { - return 0; - } -} - static inline int is_buffer_shared(DisplaySurface *surface) { return !(surface->flags & QEMU_ALLOCATED_FLAG); From 40c503079ffcb5394be2b407e817de6104db9cfc Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 16 Mar 2021 15:38:08 +0100 Subject: [PATCH 5/5] edid: prefer standard timings Windows guests using the "Basic Display Adapter" don't parse the "Established timings III" block. They also don't parse any edid extension. So prefer the "Standard Timings" block to store the display resolutions in edid_fill_modes(). Also reorder the mode list, so more exotic resolutions (specifically the ones which are not supported by vgabios) are moved down and the remaining ones have a better chance to get one of the eight slots in the "Standard Timings" block. Signed-off-by: Gerd Hoffmann Message-Id: <20210316143812.2363588-6-kraxel@redhat.com> --- hw/display/edid-generate.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/hw/display/edid-generate.c b/hw/display/edid-generate.c index 1665b7cbb2..a1bea9a3aa 100644 --- a/hw/display/edid-generate.c +++ b/hw/display/edid-generate.c @@ -25,19 +25,20 @@ static const struct edid_mode { { .xres = 1920, .yres = 1080, .dta = 31 }, /* additional standard timings 3 (all @ 60Hz) */ - { .xres = 1920, .yres = 1440, .xtra3 = 11, .bit = 5 }, { .xres = 1920, .yres = 1200, .xtra3 = 10, .bit = 0 }, - { .xres = 1856, .yres = 1392, .xtra3 = 10, .bit = 3 }, - { .xres = 1792, .yres = 1344, .xtra3 = 10, .bit = 5 }, { .xres = 1600, .yres = 1200, .xtra3 = 9, .bit = 2 }, { .xres = 1680, .yres = 1050, .xtra3 = 9, .bit = 5 }, - { .xres = 1440, .yres = 1050, .xtra3 = 8, .bit = 1 }, { .xres = 1440, .yres = 900, .xtra3 = 8, .bit = 5 }, - { .xres = 1360, .yres = 768, .xtra3 = 8, .bit = 7 }, { .xres = 1280, .yres = 1024, .xtra3 = 7, .bit = 1 }, { .xres = 1280, .yres = 960, .xtra3 = 7, .bit = 3 }, { .xres = 1280, .yres = 768, .xtra3 = 7, .bit = 6 }, + { .xres = 1920, .yres = 1440, .xtra3 = 11, .bit = 5 }, + { .xres = 1856, .yres = 1392, .xtra3 = 10, .bit = 3 }, + { .xres = 1792, .yres = 1344, .xtra3 = 10, .bit = 5 }, + { .xres = 1440, .yres = 1050, .xtra3 = 8, .bit = 1 }, + { .xres = 1360, .yres = 768, .xtra3 = 8, .bit = 7 }, + /* established timings (all @ 60Hz) */ { .xres = 1024, .yres = 768, .byte = 36, .bit = 3 }, { .xres = 800, .yres = 600, .byte = 35, .bit = 0 }, @@ -109,13 +110,13 @@ static void edid_fill_modes(uint8_t *edid, uint8_t *xtra3, uint8_t *dta, if (mode->byte) { edid[mode->byte] |= (1 << mode->bit); - } else if (mode->xtra3 && xtra3) { - xtra3[mode->xtra3] |= (1 << mode->bit); } else if (std < 54) { rc = edid_std_mode(edid + std, mode->xres, mode->yres); if (rc == 0) { std += 2; } + } else if (mode->xtra3 && xtra3) { + xtra3[mode->xtra3] |= (1 << mode->bit); } if (dta && mode->dta) {