NULL pointer dereference in case no vnc server is configured.
Catch this and return -EINVAL like vnc_display_password() does.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add a new argument in inet_listen()/inet_listen_opts()
to pass back listen error.
Change nbd, qemu-char, vnc to use new interface.
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add a bool argument to inet_connect() to assign if set socket
to block/nonblock, and delete original argument 'socktype'
that is unused.
Add a new argument to inet_connect()/inet_connect_opts(),
to pass back connect error by error class.
Retry to connect when -EINTR is got. Connect's successful
for nonblock socket when following errors are got, user
should wait for connecting by select():
-EINPROGRESS
-EWOULDBLOCK (win32)
-WSAEALREADY (win32)
Change nbd, vnc to use new interface.
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Orit Wasserman <owasserm@redhat.com>
Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add mouse_mode, either server or mouse, to qmp and hmp commands, based
on spice_server_is_server_mouse added in spice-server 0.10.3.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The official spelling is QEMU.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
[blauwirbel@gmail.com: fixed comment style in hw/sun4m.c]
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The current intptr_t casts are a problem when the address's highest
bit is 1, and it is cast to a intptr_t and then to uint64_t, such
as at:
surface.mem = (intptr_t)ssd->buf;
This causes the sign bit to be extended which causes a wrong address to
be passed on to spice, which then complains when it gets the wrong
slot_id number, since the slot_id is taken from the higher bits.
The assertion happens early - during the first primary surface creation.
This fixes running "-vga qxl -spice" with 32 bit compiled
qemu-system-i386.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Fix compilation failures ("cast from pointer to integer of
different size [-Werror=pointer-to-int-cast]") by using
uintptr_t instead.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* stefanha/trivial-patches:
qemu-ga: for w32, fix leaked handle ov.hEvent in ga_channel_write()
ioapic: fix build with DEBUG_IOAPIC
.gitignore: add qemu-bridge-helper and option rom build products
cleanup obsolete typedef
monitor: Remove unused bool field 'qapi' in mon_cmd_t struct
ds1338: Add missing break statement
vnc: Fix packed boolean struct members
Remove type field in ModuleEntry as it's not used
Commit 1b71f7c14f moved MODULE_INIT_QOM to
way before MODULE_INIT_MACHINE, thereby breaking assumptions made in
spice-core.c which registered both a type initializer and a machine
intializer.
This fix removes the type registration, and replaces it with calling
qemu_spice_init in vl.c after command line parsing (second pass) is
done, and after timers are armed, required by spice server.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
dprint is still used for qxl_init_common one time prints.
also switched parts of spice-display.c over, mainly all the callbacks to
spice server.
All qxl device trace events start with the qxl device id.
Signed-off-by: Alon Levy <alevy@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch fixes warnings reported by splint:
For variables which are packed in a single bit, a signed data type
like 'int' does not make much sense.
There is no obvious reason why the two values should be packed,
so I removed the packing and changed the data type to bool
because both are used as boolean values.
v2:
Some versions of gcc complain after this modification,
for example gcc (Debian 4.4.5-8) 4.4.5):
ui/vnc-auth-sasl.c: In function ‘vnc_sasl_client_cleanup’:
ui/vnc-auth-sasl.c:34: error: suggest parentheses around assignment used as truth value
Obviously, the compiler does not like code which does
bool = unsigned = bool = 0
Splitting that code in three statements works.
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
This fixes memory reads and writes which exceeded the upper limit
of allocated memory vd->guest.ds->data and vd->server->data.
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The threaded VNC servers messed up with QEMU fd handlers without
any kind of locking, and that can cause some nasty race conditions.
Using qemu_mutex_lock_iothread() won't work because vnc_dpy_cpy(),
which will wait for the current job queue to finish, can be called with
the iothread lock held.
Instead, we now store the data in a temporary buffer, and use a bottom
half to notify the main thread that new data is available.
vnc_[un]lock_ouput() is still needed to access VncState members like
abort, csock or jobs_buffer.
Signed-off-by: Corentin Chary <corentin.chary@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The comment is wrong, we have to do something in the setdata callback.
Changing the framebuffer backing storage (happens when the guest pans
the display) renders the whole screen content invalid.
Trigger #1: cirrus vga + 32bit linux guest + vesafb with ypan enabled.
Trigger #2: std vga + http://patchwork.ozlabs.org/patch/145479/
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This was not a bug, but it is not common practice to omit the break statement
from the last case statement before an empty default case.
Any change of the default case would introduce a bug.
This was reported as a warning by splint.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
It's currently possible to setup spice channels using TLS when
no TLS port has been specified (ie TLS is disabled). This cannot
work, so better to error out in such a situation.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Error message reporting during spice startup wasn't consistent, it was done
with fprintf(stderr, "") but sometimes the message didn't have a trailing
\n. Using error_report make the intent of the message clearer and deal
with the final \n for us.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
RHBZ# 747011
Removes the last user of QXL_SYNC when using update drivers that use the
_ASYNC io ports.
The last user is qxl_render_update, it is called both by qxl_hw_update
which is the vga_hw_update_ptr passed to graphic_console_init, and by
qxl_hw_screen_dump.
At the same time the QXLRect area being passed to the red_worker thread
is passed as a copy, as part of the QXLCookie.
The implementation uses interface_update_area_complete with a bh to make
sure dpy_update and qxl_flip are called from the io thread, otherwise
the vga->ds->surface.data can change under our feet.
With this patch sdl+spice works fine. But spice by itself doesn't
produce the expected screendumps unless repeated a few times, due to
ppm_save being called before update_area (rendering done in spice server
thread) having a chance to complete. Fixed by next patch, but see commit
message for problem introduced by it.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
drop all ifdefs on SPICE_INTERFACE_QXL_MINOR >= 1 as a result,
any check for SPICE_SERVER_VERSION that is now always satisfied,
and SPICE_INTERFACE_CORE_MINOR >= 3 tests, because
0.8.2 has SPICE_INTERFACE_QXL_MINOR == 1 and
SPICE_INTERFACE_CORE_MINOR == 3.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The commit's purpose is laudable:
The only way for chardev drivers to communicate an error was to
return a NULL pointer, which resulted in an error message that
said _that_ something went wrong, but not _why_.
It attempts to achieve it by changing the interface to return 0/-errno
and update qemu_chr_open_opts() to use strerror() to display a more
helpful error message. Unfortunately, it has serious flaws:
1. Backends "socket" and "udp" return bogus error codes, because
qemu_chr_open_socket() and qemu_chr_open_udp() assume that
unix_listen_opts(), unix_connect_opts(), inet_listen_opts(),
inet_connect_opts() and inet_dgram_opts() fail with errno set
appropriately. That assumption is wrong, and the commit turns
unspecific error messages into misleading error messages. For
instance:
$ qemu-system-x86_64 -nodefaults -vnc :0 -chardev socket,id=bar,host=xxx
inet_connect: host and/or port not specified
chardev: opening backend "socket" failed: No such file or directory
ENOENT is what happens to be in my errno when the backend returns
-errno. Let's put ERANGE there just for giggles:
$ qemu-system-x86_64 -nodefaults -vnc :0 -chardev socket,id=bar,host=xxx -drive if=none,iops=99999999999999999999
inet_connect: host and/or port not specified
chardev: opening backend "socket" failed: Numerical result out of range
Worse: when errno happens to be zero, return -errno erroneously
signals success, and qemu_chr_new_from_opts() dies dereferencing
uninitialized chr. I observe this with "-serial unix:".
2. All qemu_chr_open_opts() knows about the error is an errno error
code. That's simply not enough for a decent message. For instance,
when inet_dgram() can't resolve the parameter host, which errno code
should it use? What if it can't resolve parameter localaddr?
Clue: many backends already report errors in their open methods.
Let's revert the flawed commit along with its dependencies, and fix up
the silent error paths instead.
This reverts commit 6e1db57b2a.
Conflicts:
console.c
hw/baum.c
qemu-char.c
This reverts commit aad04cd024.
The parts of commit db418a0a "Add stdio char device on windows" that
depend on the reverted change fixed up.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
With the acceptance of some new APIs to libspice-server.so it
is possible to add support for SPICE to the 'add_client'
monitor command, bringing parity with VNC. Since SPICE can
use TLS or plain connections, the command also gains a new
'tls' parameter to specify whether TLS should be attempted
on the injected client sockets.
This new feature is only enabled if building against a
libspice-server >= 0.10.1
* qmp-commands.hx: Add 'tls' parameter & missing doc for
'skipauth' parameter
* monitor.c: Wire up SPICE for 'add_client' command
* ui/qemu-spice.h, ui/spice-core.c: Add qemu_spice_display_add_client
API to wire up from monitor
[1] http://cgit.freedesktop.org/spice/spice/commit/server/spice.h?id=d55b68b6b44f2499278fa860fb47ff22f5011faahttp://cgit.freedesktop.org/spice/spice/commit/server/spice.h?id=bd07dde530d9504e1cfe7ed5837fc00c26f36716
Changes in v3:
- Added 'optional' flag to new parameters documented
- Added no-op impl of qemu_spice_display_add_client when
SPICE is disabled during build
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Currently when disabling login in VNC, the password is cleared out and the
authentication protocol is forced to AUTH_VNC. If you're using a stronger
authentication protocol, this has the effect of downgrading your security
protocol.
Fix this by only changing the authentication protocol if the current
authentication protocol is AUTH_NONE. That ensures we're never downgrading.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
--
NB. This patch is derived from one posted by Anthony last year, which got
accidentally lost after Luiz took over the QMP series work
https://lists.gnu.org/archive/html/qemu-devel/2011-09/msg00392.html
v1 -> v2
- Make sure to not demote when changing password (Daniel)
v2 -> v3
- Rebase to latest GIT master wrt QMP changes
Replace device_init() with generalized type_init().
While at it, unify naming convention: type_init([$prefix_]register_types)
Also, type_init() is a function, so add preceding blank line where
necessary and don't put a semicolon after the closing brace.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Anthony Liguori <anthony@codemonkey.ws>
Cc: malc <av1474@comtv.ru>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
For any modifier key (shift, ctrl, alt) still pressed on disconnect
inject a key-up event into the guest. The vnc client is gone, it will
not do that, so qemu has to do it instead.
Without this keys will get stuck, making the guest act in weird ways
after reconnecting. Reproducer: exit vnc client via Alt-F4, guest
continues to see the pressed alt key and will not react to key events
in any useful way until you tap the alt key once to unstuck it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
VNC clients send a shared flag in the client init message. Up to now
qemu completely ignores this. This patch implements shared flag
handling. It comes with three policies: By default qemu behaves as one
would expect: Asking for a exclusive access grants exclusive access to
the client connecting. There is also a desktop sharing mode which
disallows exclusive connects (so one forgetting -shared wouldn't drop
everybody else) and a compatibility mode which mimics the traditional
(but non-conforming) qemu behavior.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Make the control keys for terminals on the vnc display
(i.e. qemu -vnc :0 -serial vc) work. Makes the terminals
alot more usable as typing Ctrl-C in your serial console
actually has the desired effect ;)
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
vnc assumes that the screen width is a multiple of 16 in several places.
If this is not the case vnc will overrun buffers, corrupt memory, make
qemu crash.
This is the minimum fix for this bug. It makes sure we don't overrun the
scanline, thereby fixing the segfault. The rendering is *not* correct
though, there is a black border at the right side of the screen, 8
pixels wide because 1400 % 16 == 8.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
There are scenarios on Linux with some SDL versions where
handle_activation is continuous invoked with state = SDL_APPINPUTFOCUS
and gain = 0 while we grabbed the input. This causes a ping-pong when we
grab the input after an absolute mouse entered the window.
As this sdl_grab_end was once introduced to work around a Windows-only
issue (0294ffb9c8), limit it to that platform.
CC: Erik Rull <erik.rull@rdsoftware.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
By grabbing the input already on button down, we leave the button in
that state for the host GUI. Thus it takes another click after releasing
the input again to synchronize the mouse button state.
Avoid this by grabbing on button up.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This reverts commit 6bb816031f.
SDL_WM_GrabInput does not reliably bail out if grabbing is impossible.
So if we get here, we already lost and will block. But this can no
longer happen due to the check in sdl_grab_start. So this patch became
obsolete.
Conflicts:
sdl.c
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Consistently check for SDL_APPINPUTFOCUS before trying to grab the input
focus. Just checking for SDL_APPACTIVE doesn't work. Moving the check to
sdl_grab_start allows for some consolidation.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
When the mouse mode changes to absolute while the SDL windows is not in
focus, refrain from grabbing the input. It would steal from some other
window.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Drop the qerror_report() call from it and let its callers set the error
themselves. This also allows for dropping the 'ret' variable.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
The no-lock-key-sync option is being parsed incorrectly because of an
outdated strcmp() length value. Use the correct length so that invalid
option names do not match.
Reported-by: Dr David Alan Gilbert <davidagilbert@uk.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
accidently->accidentally
annother->another
choosen->chosen
consideres->considers
decriptor->descriptor
developement->development
paramter->parameter
preceed->precede
preceeding->preceding
priviledge->privilege
propogation->propagation
substraction->subtraction
throught->through
upto->up to
usefull->useful
Fix also grammar in posix-aio-compat.c
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Split from Jan's original qemu-thread-posix.c patch. No semantic change,
just introduce the new API that POSIX and Win32 implementations will
conform to.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Double semicolons should be single.
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Dong Xu Wang <wdongxu@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Fixes protocol_client_auth_sasl_mechname() not to crash when malloc()
fails. Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>