Commit Graph

637 Commits

Author SHA1 Message Date
Cole Robinson
9541491461 gtk: Install fullscreen accelerator on toplevel window
Instead of installing it on the menu. This will be needed to keep the
fullscreen keyboard shortcut working when we hide the menu (in future
patches).

On gtk < 3.8, this has the unfortunate side effect of no longer listing
the key combo in the UI. We could manually change the label in that case,
but it will look visually out of place, and I'm not sure if anyone really
cares.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-11-04 08:15:21 +01:00
Cole Robinson
400519d24a gtk: Grab accel_group from GtkDisplayState
Rather than needlessly pass it around

Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-11-04 08:15:21 +01:00
Fam Zheng
98001e7b08 ui: Use the new ".mo-cflags" rule syntax for SDL_CFLAGS
Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-31 11:26:25 +01:00
Peter Maydell
fecd54ccd7 vnc: return directly if no vnc client connected
vnc: sanitize bits_per_pixel from the client (CVE-2014-7815)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJUT3VvAAoJEEy22O7T6HE4P8YP/ietMLSUkbt0UYOaFs4cyb4P
 Eb/omvVgA2nxgpJErovNq3nNHeRsHzo479Vm04CaNBavVZgT+4YiYhcMN2SsepqT
 SnzZ4YiuQ9VMIma4CeAvizjXCutQ9BDQAu6RkVv50TqqMgfzaxE7tcxKQgocYxDd
 CJdBB81/9g2IybHYhwyQUeh6Lra2Wh7N1JfKUt9bfRnGqVTgKeshrdZkwArsjUEa
 MwvVt7u6beGGOCAdVJRJMUzi8WzX0bQRpS9SoFYoLvRwsf+HIJQh16aJ9tDnqJpu
 Vv7xTnkmIFi13NhbPReVhS7f4qgAcDO718/A2KbHcml7EF3E78/zwVFQfAd4yqXc
 YyySdh8k2zsQ+F0YfX2N7soDM9eRtFdWj/Df6z+VqPDn/X0t8HmVZk7GAxHVg7cG
 4UT44v1g0RBIN381PnckPhQCX/1s0U8wRQTstuKJO9x7WpI5rKIAS/WDdFJkwm9V
 LDqBYlk44VAwSgAt5gas5b7efrhUPAECAA8HaX1Xjs0WIb5vzB3le/WEjbWc7XFn
 sORIJCE5+jBi0G0NQ21KaO7RocE21cFOGCgwJuAGcgboSzXAJc1z5+4RozerUaMK
 jjkIEk826AcFR1kL3xjPAeJ4qo4pJO3OhcWqQrRGpCL88s9eFe3pp+2FlZDNj01R
 SjQN3h4g9js4nYFF2o7v
 =Y163
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20141028-1' into staging

vnc: return directly if no vnc client connected
vnc: sanitize bits_per_pixel from the client (CVE-2014-7815)

# gpg: Signature made Tue 28 Oct 2014 10:52:31 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-vnc-20141028-1:
  vnc: return directly if no vnc client connected
  vnc: sanitize bits_per_pixel from the client

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-10-30 18:21:25 +00:00
ChenLiang
9d6b207047 vnc: return directly if no vnc client connected
graphic_hw_update and vnc_refresh_server_surface aren't
need to do when no vnc client connected. It can reduce
lock contention, because vnc_refresh will hold global big
lock two millisecond every three seconds.

Signed-off-by: ChenLiang <chenliang88@huawei.com>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-10-28 11:51:04 +01:00
Petr Matousek
e6908bfe8e vnc: sanitize bits_per_pixel from the client
bits_per_pixel that are less than 8 could result in accessing
non-initialized buffers later in the code due to the expectation
that bytes_per_pixel value that is used to initialize these buffers is
never zero.

To fix this check that bits_per_pixel from the client is one of the
values that the rfb protocol specification allows.

This is CVE-2014-7815.

Signed-off-by: Petr Matousek <pmatouse@redhat.com>

[ kraxel: apply codestyle fix ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-10-28 11:51:04 +01:00
Gerd Hoffmann
316cb068bd gtk: avoid gd_widget_reparent with gtk 3.14+
gtk_widget_reparent is depricated in gtk 3.14, stop using it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-10-28 11:25:14 +01:00
Gerd Hoffmann
987fec54e1 gtk: drop gtk_widget_set_double_buffered call
Dunno why it is here.  Removing it seems to have no ill side effects.
It is depricated in 3.14+.  In some cases it has no effect since 3.10
according to the docs:

https://developer.gnome.org/gtk3/stable/GtkWidget.html#gtk-widget-set-double-buffered

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-10-28 11:25:14 +01:00
Martin Decky
5c960521b8 gtk: add support for the Pause key
Special handing of the Pause key. Implemented in a similar way as in
ui/sdl.c.

Signed-off-by: Martin Decky <martin@decky.cz>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-10-15 11:08:32 +02:00
Chen Fan
84961407a5 gtk.c: Fix memory leak in gd_set_keycode_type()
this memory leak is introduced by the original
 commit 3158a3482b

 valgrind out showing:
 ==14553== 21,459 (72 direct, 21,387 indirect) bytes in 1 blocks are definitely
 lost in loss record 8,055 of 8,082
 ==14553==    at 0x4A06BC3: calloc (vg_replace_malloc.c:618)
 ==14553==    by 0x80DBFBC: XkbGetKeyboardByName (in /usr/lib64/libX11.so.6.3.0)
 ==14553==    by 0x40C704: gtk_display_init (gtk.c:1798)
 ==14553==    by 0x1AEDC1: main (vl.c:4480)

Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-10-15 11:08:32 +02:00
Peter Maydell
b00a0ddb31 input monitor patches: fix send-key release ordering
and new input-send-event command
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJULQiEAAoJEEy22O7T6HE4WLQQAKCdMIwxO07onZhv/6UkOJpM
 Hr04tmMpurGdZfi6nzKzwqKBmvnYV5CN9WmebVkox200o38vbG+QQ0utd/ezdTxS
 BcbiOnZReEBKHHQCdKsOiYX42F0oVoVMYEdFGzf2oNXf7Jf0n4xFBtjb2umCP0Qy
 qXNMQtFg+LIgHUO4o/WZvidHdRSobOfuFANGbwNGGx/CXtFWX0GJV+4EM4tzq/qw
 tAvk3vGIDhP26/BxWnjWqe5B3OZKdO4El4UM+dXUR+o8tEvSzMcL+6LSqP/ZB2Ku
 xMoKaIpd0wklXjZEJ/DIuaQ42iScwqU6KUaIDIDKKdpJWlDoC16LgpdrhVlH0ATP
 /NmFsgG1K8iRbHSu2yol4qx7MO0LW2sMSdk2sDMdH0aR5y2ZXMQnJd5D2CIV/Dws
 nGLNrG/O3OMptmbaceuRpgC+syYU3oEDy5TsGHmDwSE0mQXqH5CKbRgFaMUU1RmN
 b0MN5t49TS2KRPDkc/OEqUzKQvk+aUo48Bq+Nkwq1YMlXtakfqHM57B9HDmozg+L
 1KGnGcSBrpDolRUKe1uYhwRI0asd6kBgGm6C/0WZM64bUvW42VYejPdXpwkB1tri
 PWcSpVKA49GPdpWuysrvCZMrIYst2+Mx0SK/MLc0MZsUPb1gBk8j0xELxbxe+Bqf
 KOuTbcFxAOizSAJGI4J8
 =KkIF
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-input-20141002-1' into staging

input monitor patches: fix send-key release ordering
and new input-send-event command

# gpg: Signature made Thu 02 Oct 2014 09:10:44 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-input-20141002-1:
  add input-send-event command
  input: fix send-key monitor command release event ordering

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-10-02 15:01:48 +01:00
Marcelo Tosatti
50c6617fcb add input-send-event command
Which allows specification of absolute/relative,
up/down and console parameters.

Suggested by Gerd Hoffman.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-10-02 09:58:14 +02:00
Gerd Hoffmann
e37f202450 input: fix send-key monitor command release event ordering
commit 2e377f1730 changed the ordering
of the release events as side effect.  Some guests are not happy with
that and don't recognise ctrl-alt-del any more.  This patch restores
the old last-pressed first-released behavior.

Cc: Amos Kong <akong@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-10-02 09:58:14 +02:00
Gerd Hoffmann
89ec031b09 pixman: fix qemu_default_pixman_format (32bpp non-native endian)
Bug breaks SDL display of bigendian guests on little endian hosts.

Reported-by: BALATON Zoltan <balaton@eik.bme.hu>
Reported-by: Valentin Manea <valentin.manea@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-30 13:34:04 +02:00
Gerd Hoffmann
1c1f949844 console: add graphic_console_set_hwops
Add a function to allow display emulations to switch the hwops
function pointers.  This is useful for devices which have two
completely different operation modes.  Typical case is the vga
compatibility mode vs. native mode in qxl and the upcoming
virtio-vga device.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-29 10:20:09 +02:00
Stefan Hajnoczi
550830f935 block: delete cow block driver
This patch removes support for the cow file format.

Normally we do not break backwards compatibility but in this case there
is no impact and it is the most logical option.  Extraordinary claims
require extraordinary evidence so I will show why removing the cow block
driver is the right thing to do.

The cow file format is the disk image format for Usermode Linux, a way
of running a Linux system in userspace.  The performance of UML was
never great and it was hacky, but it enjoyed some popularity before
hardware virtualization support became mainstream.

QEMU's block/cow.c is supposed to read this image file format.
Unfortunately the file format was underspecified:

1. Earlier Linux versions used the MAXPATHLEN constant for the backing
   filename field.  The value of MAXPATHLEN can change, so Linux
   switched to a 4096 literal but QEMU has a 1024 literal.

2. Padding was not used on the header struct (both in the Linux kernel
   and in QEMU) so the struct layout varied across architectures.  In
   particular, i386 and x86_64 were different due to int64_t alignment
   differences.  Linux now uses __attribute__((packed)), QEMU does not.

Therefore:

1. QEMU cow images do not conform to the Linux cow image file format.

2. cow images cannot be shared between different host architectures.

This means QEMU cow images are useless and QEMU has not had bug reports
from users actually hitting these issues.

Let's get rid of this thing, it serves no purpose and no one will be
affected.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 1410877464-20481-1-git-send-email-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-09-22 11:39:45 +01:00
Markus Armbruster
9d64fab422 vnc-tls: Clean up dead store in vnc_set_x509_credential()
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-18 08:01:53 +02:00
Peter Lieven
86152436eb ui/vnc: set TCP_NODELAY
we currently have the Nagle algorithm enabled for all outgoing VNC updates.
This may delay sensitive updates as mouse movements or typing in the console.
As we currently prepare all data in a buffer and then send as much as we can
disabling the Nagle algorithm should not cause big trouble. Well established
VNC servers like TightVNC set TCP_NODELAY as well.
A regular framebuffer update request generates exactly one framebuffer update
which should be pushed out as fast as possible.

Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-17 15:14:41 +02:00
Peter Maydell
e4d50d47a9 qemu-char: Rename register_char_driver_qapi() to register_char_driver()
Now we have removed the legacy register_char_driver() we can
rename register_char_driver_qapi() to the more obvious and
shorter name.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1409653457-27863-6-git-send-email-peter.maydell@linaro.org
2014-09-16 23:36:32 +01:00
Peter Maydell
8af47027eb Two minor sdl2 fixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJUF9a1AAoJEEy22O7T6HE4ym4QANpfpvCt09K76x0rFqlzYN6j
 /6dBiIs3oCXKlOdJgMnm6/NlVlS9dXH7nc33h/wQl8HMC4yEvx/K7r2W9TtFM9Jy
 5BUswx0rySfdgD0zF2pMatnGI/4jFXixyP4Jkrjd4L0kUjD94f5Io9hjfF8+XxLQ
 2WJr9Yt6c2S9RDb3ry5WRhLIghG2xw7/JYGbRy1gOe1Yg/OriLFrtuC5pukB8qyU
 TkC825JdSwgn/eUf5788aIWGIBWYuuvDTYKV355q5ih7uhqjESFgXUOgQCvFjoda
 EjEDVFk6SSv9ODA7D2Z9cDf7V3k5jlg8Ga2k/JBAHp6LcAS6tG7XT/yR5K/PZLqg
 KJ0HbpsqzUwvQ/SFxo91oMhGpb6LFDBjwp6NE884Rj9TZTq6QR7J3HaGgM/Fy9RP
 GDXXVUVWKtqh0UdReIsTElJoVGoDUu61Z4DBKvnXkoMoPmIYuxR8JUOS5QcoxF6T
 bKaglAz8xFGN3+4Hj9VnHKzDlJ4NaKnJ9kDVIR9Auo0YzKILZ1sRO9VvUBeKaXQX
 NJ7pj37Li3lh8ArTqpuqO93s+dglbNMwhqkWOOYkCJlCMJtZhVyIF1ok8mtwooxH
 4VBQlev+r2jVkj4Aj5gk0PtF3+/qLuG1iUAxoD66k7W8Kja68i5U/HwZQq7b6KsB
 TtBafd+ArR/aIT6LXs9+
 =ZTrX
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-sdl-20140916-1' into staging

Two minor sdl2 fixes.

# gpg: Signature made Tue 16 Sep 2014 07:20:37 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-sdl-20140916-1:
  sdl2: keymap fixups
  sdl2: drop sdl_zoom.h

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-09-16 18:29:40 +01:00
Marc-André Lureau
07d49a53b6 spice: call qemu_spice_set_passwd() during init
Don't call SPICE API directly to set password given in command line, but
use the internal API, saving password for later calls.

This solves losing password when changing expiration in qemu monitor.

https://bugzilla.redhat.com/show_bug.cgi?id=1138639

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-16 08:09:03 +02:00
Gerd Hoffmann
0d61f7dcc6 sdl2: keymap fixups
Make a few keys works correctly in SDL2.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-16 08:07:05 +02:00
Gerd Hoffmann
4f36e42ee9 sdl2: drop sdl_zoom.h
It isn't used.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-16 08:07:05 +02:00
Peter Maydell
0dfa7e3012 console: pixman switchover continued, add some infrastructure to make it
easier using pixman in display device emulation.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJUCbzxAAoJEEy22O7T6HE4NVIP/1Yw+ieyOxFmWZXFM0JA1EFq
 GP3CUWiu9RTVQXwDeOGwavRlC+feX4iNuyQVmhrLbKkrraWTxaz4qE/wdLzSTptR
 JngyGa6lC2rwFYIenEvRRHu//uemow3sGWLCvaADZeeJfm10BKA6qDu7KaaoAxUH
 DcfycPZH8lbJc8TFUhGQs98VWYG1jFLnmprgeSwrC5YuqjhXDFAMZ+coV7WbZQ8X
 x7HOHe7gPLDUscezhsEuhZM670ZBtuaRGHUQO88ugXUp2+W37aJym4g9ZURw8Q7E
 At9mzF051M09WLgRLNf96RjFdCoMwfXkUqhqi4pOsRGkJ3vMdcBQAB6CEtIkeLfH
 iiO4jf4oNclhYxZcPRnfSW0LkSpk65LPTUCsVyi2V49S2QGosll8WtvZ8s2EQ0PU
 dnnBxvphy9m/HSkUwWwuoDnIYoivaWqU4O0w9qX+F9N9Ndy62Ay8FP46rir/XpnK
 ZmHWOl/jYJ2SkyjugoPlLnTUySPxcQ7PA/rKIqCQi6v2Swpf12JKqNMywt5mEata
 fV4eDZrvmQY63j/zuZE0bUZL2IYqlgLEWvkqy9qhSMySDs9X4qaE+hOyGTipM7EI
 oeYdZsBCPZP8SpVsC9SaHX8a+ONr2Ajb3Wa5uwyQjcHmMpq7DzmjDKdageTodYQz
 p8b42rujs1wCqk47/8Ka
 =TZHU
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/pull-console-20140905-2' into staging

console: pixman switchover continued, add some infrastructure to make it
         easier using pixman in display device emulation.

# gpg: Signature made Fri 05 Sep 2014 14:38:57 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/kraxel/tags/pull-console-20140905-2:
  console: Remove unused QEMU_BIG_ENDIAN_FLAG
  console: add qemu_pixman_linebuf_copy
  console: add dpy_gfx_update_dirty
  console: add qemu_create_displaysurface_guestmem
  console: stop using PixelFormat
  console: reimplement qemu_default_pixelformat
  console: add qemu_default_pixman_format
  console: add qemu_pixelformat_from_pixman

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-09-11 11:44:17 +01:00
Benjamin Herrenschmidt
77bfcf28f1 console: Remove unused QEMU_BIG_ENDIAN_FLAG
If we need to, we should use the pixman formats instead but for
now this is unused except in commented out code so take it out
to avoid further confusion about surface endianness.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-05 15:38:04 +02:00
Gerd Hoffmann
43c7d8bd44 console: add qemu_pixman_linebuf_copy
Helper function for copying data from linebuf to framebuffer using
pixman, possibly converting in case src and dst formats differ.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-05 13:27:11 +02:00
Gerd Hoffmann
4c38762fb5 console: add dpy_gfx_update_dirty
Calls dpy_gfx_update for all dirty scanlines. Works for
DisplaySurfaces backed by guest memory (i.e. the ones created
using qemu_create_displaysurface_guestmem).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-05 13:27:11 +02:00
Gerd Hoffmann
a77549b3ff console: add qemu_create_displaysurface_guestmem
This patch adds a qemu_create_displaysurface_guestmem helper function.
Works simliar to qemu_create_displaysurface_from, but accepts a
guest address instead of a host pointer and it handles
cpu_physical_memory_{map,unmap} for you.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-05 13:27:11 +02:00
Gerd Hoffmann
30f1e661b6 console: stop using PixelFormat
With this patch the qemu console core stops using PixelFormat and pixman
format codes side-by-side, pixman format code is the primary way to
specify the DisplaySurface format:

 * DisplaySurface stops carrying a PixelFormat field.
 * qemu_create_displaysurface_from() expects a pixman format now.

Functions to convert PixelFormat to pixman_format_code_t (and back)
exist for those who still use PixelFormat.   As PixelFormat allows
easy access to masks and shifts it will probably continue to exist.

[ xenfb added by Benjamin Herrenschmidt ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-05 13:27:11 +02:00
Gerd Hoffmann
56bd9ea1a3 console: reimplement qemu_default_pixelformat
Use the new qemu_pixelformat_from_pixman and qemu_default_pixman_format
functions to reimplement qemu_default_pixelformat
(qemu_different_endianness_pixelformat too).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-05 13:27:11 +02:00
Gerd Hoffmann
1527a25ec9 console: add qemu_default_pixman_format
Function returning the default pixman format for a given depth.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-05 13:27:11 +02:00
Gerd Hoffmann
a93a3af9ec console: add qemu_pixelformat_from_pixman
Function to convert pixman format codes to qemu PixelFormat.

[ Benjamin Herrenschmidt: fix BGRA+RGBA shifts ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-05 13:27:11 +02:00
Gerd Hoffmann
ab9509ccea spice: make sure we don't overflow ssd->buf
Related spice-only bug.  We have a fixed 16 MB buffer here, being
presented to the spice-server as qxl video memory in case spice is
used with a non-qxl card.  It's also used with qxl in vga mode.

When using display resolutions requiring more than 16 MB of memory we
are going to overflow that buffer.  In theory the guest can write,
indirectly via spice-server.  The spice-server clears the memory after
setting a new video mode though, triggering a segfault in the overflow
case, so qemu crashes before the guest has a chance to do something
evil.

Fix that by switching to dynamic allocation for the buffer.

CVE-2014-3615

Cc: qemu-stable@nongnu.org
Cc: secalert@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2014-09-05 12:19:50 +02:00
Gerd Hoffmann
cd56cc6b07 spice: use console index as display id
... instead of maintaining our own numbering.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-01 10:19:03 +02:00
Gonglei
fe8e8327f1 spice: don't use 'Yoda conditions'
imitate nearby code about using '!value' or 'value == NULL'

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-08-15 18:54:07 +04:00
Gerd Hoffmann
6365828003 vnc update fix
We need to remember has_updates for each vnc client.  Otherwise it might
happen that vnc_update_client(has_dirty=1) takes the first exit due to
output buffers not being flushed yet and subsequent calls with
has_dirty=0 take the second exit, wrongly assuming there is nothing to
do because the work defered in the first call is ignored.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Peter Lieven <pl@kamp.de>
2014-07-25 09:43:31 +02:00
Stephan Kulow
07535a8902 fix full frame updates for VNC clients
If the client asks for !incremental frame updates, it has lost its content
so dirty doesn't matter - it has to see the full frame, so setting force_update

Signed-off-by: Stephan Kulow <coolo@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Peter Lieven <pl@kamp.de>
2014-07-25 09:42:56 +02:00
Peter Maydell
42ca32f776 spice: auth fixes
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJTv6ubAAoJEEy22O7T6HE4dV8QANelATxQDNDkRAhBsDG8j7A9
 AgZoU4AhVve/xAJMDeHVTaqt2b5Kf3M2Jg4cDZxAXp0gABbFbNLzL4Xtw7mEBgpv
 gOdjWa/tXT/ugvZzCwZL82Ofk0bIpvjVwtfyMk+4i+x4XfpYrdYV60KH9Cw/MSF1
 GTLtrItlbUNxvwuiE/ErzVyCZ6huGah+vcskWuiKx0BOUE+IytE2ofv8BLwNWU5D
 sznOxZESQR+n5mhJLfD867L4r3jRzqiXNGO1MeKHPOBEGgL23eOwGuFsjtFZFJq5
 pcaYadSMCDlVTELs3eWKOcslEQMS9EbumH57lE+D5EKG7cynw8QpEmiAlb00g94O
 QMAplV73B7p9mfJGcx3u6Sj4PNXS+VjK2J6N0OVPHgWohpaGkH3bxjJUgKH/PikN
 cHIIciT0Y0fWLuvpPh5Iza4zkRhux8rjT46YoIyQw6H2AIyOVO1GOsQ285TtcJfh
 FuEBJ/47YyL+ZX0Qj6ZrlBQqTnAAXbULR8gTFqrg3xYNOP5popDEb+tdUFbvsrVd
 N3kzFR5DEDsABlfTH7FeA3KC2KsaaDBlgFT7uIyHY7wTs2HQuJPi45fOtv80IOn0
 NQPelGNOMir34VCpw/60PLXfrtO7TCK2OWun1YTbVsuK2TXMtB3wKzjKlajGeiqZ
 CAnd5AyHav5G2PCRiU+6
 =m1sh
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20140711-1' into staging

spice: auth fixes

# gpg: Signature made Fri 11 Jul 2014 10:17:15 BST using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"

* remotes/spice/tags/pull-spice-20140711-1:
  spice: auth fixes

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-07-11 14:50:18 +01:00
John Snow
e72b59fa93 ui/gtk: Restore keyboard focus after Page change
(Resending for correct email addresses via MAINTAINERS ...)

In the GTK UI, after changing focus to the qemu monitor Notebook Page,
when restoring focus to the virtual machine page, the keyboard focus is lost
to a hidden GTK widget. Focus can only be restored to the virtual machine by
pressing "tab" or any of the four directional arrow keys.

Clicking in the window or grabbing/ungrabbing input does not restore keyboard
focus to the child widget.

This patch adjusts the Notebook page switching callback to automatically
steal keyboard focus on the Page switch event, so that keyboard input
does not appear to break or disappear after tabbing to the QEMU monitor.

Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-11 10:44:00 +02:00
Gerd Hoffmann
b1ea7b79e1 spice: auth fixes
Set auth to sasl when sasl is enabled, this makes "info spice" correctly
display sasl auth.  Also throw an error in case someone tries to set
a spice password via monitor without auth mode being "spice".

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-11 10:12:47 +02:00
Peter Lieven
bea60dd767 ui/vnc: fix potential memory corruption issues
this patch makes the VNC server work correctly if the
server surface and the guest surface have different sizes.

Basically the server surface is adjusted to not exceed VNC_MAX_WIDTH
x VNC_MAX_HEIGHT and additionally the width is rounded up to multiple of
VNC_DIRTY_PIXELS_PER_BIT.

If we have a resolution whose width is not dividable by VNC_DIRTY_PIXELS_PER_BIT
we now get a small black bar on the right of the screen.

If the surface is too big to fit the limits only the upper left area is shown.

On top of that this fixes 2 memory corruption issues:

The first was actually discovered during playing
around with a Windows 7 vServer. During resolution
change in Windows 7 it happens sometimes that Windows
changes to an intermediate resolution where
server_stride % cmp_bytes != 0 (in vnc_refresh_server_surface).
This happens only if width % VNC_DIRTY_PIXELS_PER_BIT != 0.

The second is a theoretical issue, but is maybe exploitable
by the guest. If for some reason the guest surface size is bigger
than VNC_MAX_WIDTH x VNC_MAX_HEIGHT we end up in severe corruption since
this limit is nowhere enforced.

Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-01 13:26:40 +02:00
Peter Lieven
f9a70e7939 ui/vnc: limit client_cut_text msg payload size
currently a malicious client could define a payload
size of 2^32 - 1 bytes and send up to that size of
data to the vnc server. The server would allocated
that amount of memory which could easily create an
out of memory condition.

This patch limits the payload size to 1MB max.

Please note that client_cut_text messages are currently
silently ignored.

Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-01 13:26:40 +02:00
Peter Maydell
13aefd303c ui/cocoa: Honour -show-cursor command line option
Honour the -show-cursor command line option (which forces the mouse pointer
to always be displayed even when input is grabbed) in the Cocoa UI backend.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1403516125-14568-5-git-send-email-peter.maydell@linaro.org
2014-06-29 22:00:33 +01:00
Peter Maydell
f61c387ea6 ui/cocoa: Fix handling of absolute positioning devices
Fix handling of absolute positioning devices, which were basically
unusable for two separate reasons:
 (1) as soon as you pressed the left mouse button we would call
     CGAssociateMouseAndMouseCursorPosition(FALSE), which means that
     the absolute coordinates of the mouse events are never updated
 (2) we didn't account for MacOSX coordinate origin being bottom left
     rather than top right, and so all the Y values sent to the guest
     were inverted

We fix (1) by aligning our behaviour with the SDL UI backend for
absolute devices:
 * when the mouse moves into the window we do a grab (which means
   hiding the host cursor and sending special keys to the guest)
 * when the mouse moves out of the window we un-grab
and fix (2) by doing the correct transformation in the call to
qemu_input_queue_abs().

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1403516125-14568-4-git-send-email-peter.maydell@linaro.org
2014-06-29 22:00:33 +01:00
Peter Maydell
5dd45bee58 ui/cocoa: Add utility method to check if point is within window
Add a utility method to check whether a point is within the current window
bounds, and use it in the various places in the mouse handling code that
were opencoding the check.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1403516125-14568-3-git-send-email-peter.maydell@linaro.org
2014-06-29 22:00:33 +01:00
Peter Maydell
381600dad9 ui/cocoa: Cope with first surface being same as initial window size
Do the recalculation of the content dimensions in switchSurface if the
current cdx is zero as well as if the new surface is a different size to
the current window. This catches the case where the first surface registered
happens to be 640x480 (our current window size), and fixes a bug where we
would always display a black screen until the first surface of a different
size was registered.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1403516125-14568-2-git-send-email-peter.maydell@linaro.org
2014-06-29 22:00:33 +01:00
Paolo Bonzini
db39fcf1f6 qemu-char: introduce qemu_chr_alloc
The next patch will modify this function to initialize state that is
common to all backends.

Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23 11:12:28 -04:00
Wenchao Xia
7cfadb6b52 qapi event: convert SPICE events
SPICE_INITIALIZED, SPICE_CONNECTED, SPICE_DISCONNECTED and
SPICE_MIGRATE_COMPLETED are converted in one patch, since they
use some common functions. inet_strfamily() is removed since no
callers exist anymore.

Note that there is no existing doc for SPICE_MIGRATE_COMPLETED
in docs/qmp/qmp-events.txt before this patch.

Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23 11:12:28 -04:00
Wenchao Xia
fb6ba0d525 qapi event: convert VNC events
Since VNC_CONNECTED, VNC_DISCONNECTED, VNC_INITIALIZED share some
common functions, convert them in one patch.

Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23 11:12:28 -04:00
Wenchao Xia
a589569f2f qapi: adjust existing defines
In order to let event defines use existing types later, instead of
redefine new ones, some old type defines for spice and vnc are changed,
and BlockErrorAction is moved from block.h to qapi schema. Note that
BlockErrorAction is not merged with BlockdevOnError.

At this point, VncInfo is not made a child of VncBasicInfo, because
VncBasicInfo has mandatory fields where VncInfo makes them optional.

Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2014-06-23 11:01:25 -04:00