Some people want to be able disable spice's guest <-> client copy paste support
because of security considerations.
[ kraxel: drop old-version error message ]
We don't use qemu internals from spice server context any more.
Thus we don't also need to grab the iothread mutex from spice
server context. And we don't have to temporarely release the
lock to avoid deadlocks. Drop all the calls.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch moves the displaystate callback calls for setting the cursor
and the mouse pointer from spice server to qemu (iothread) context.
This allows us to simplify locking.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch moves the creation of spice screen updates from the spice
server context to qemu iothread context (display refresh timer to be
exact). This way we avoid accessing qemu internals (display surface)
from spice thread context which in turn allows us to simplify locking.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
qemu_spice_set_passwd() and qemu_spice_set_pw_expire() dummy functions
needs to be inline, in order to handle the case where they are called
without checking the return value.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
fix 2Gb integer overflow in in VNC tight and zlib encodings
As found by Roland Dreier <roland@purestorage.com> (excellent
catch!), when amount of VNC compressed data produced by zlib
and sent to client exceeds 2Gb, integer overflow occurs because
currently, we calculate amount of data produced at each step by
comparing saved total_out with new total_out, and total_out is
something which grows without bounds. Compare it with previous
avail_out instead of total_out, and leave total_out alone.
The same code is used in vnc-enc-tight.c and vnc-enc-zlib.c,
so fix both cases.
There, there's no actual need to save previous_out value, since
capacity-offset (which is how that value is calculated) stays
the same so it can be recalculated again after call to deflate(),
but whole thing becomes less readable this way.
Reported-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Corentin Chary <corentin.chary@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
There are no { name, keysym } values in name2keysym[] array for Polish
national characters so "-k pl" option has no effect.
Signed-off-by: Leszek Grzegorek <leszek.grzegorek@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Load an optional QEMU icon file. If there is no icon file named
qemu.bmp in QEMU's default search path, QEMU will run with
the usual system default icon.
A matching icon file will be loaded and used by X Windows managers
or MS Windows while a QEMU instance is running.
SDL requires icon files in 32x32x4 bmp format.
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The following commit breaks the code of the function palette_destroy().
http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=e31e3694afef58ba191cbcc6875ec243e5971268
The broken code causes a severe memory leak of 'VncPalette' structures
because it never frees anything:
70 void palette_destroy(VncPalette *palette)
71 {
72 if (palette == NULL) {
73 qemu_free(palette);
74 }
75 }
Version 2 of the patch calls qemu_free() unconditionally.
Signed-off-by: Ulrich Obergfell <uobergfe@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch fix the following regression:
1. we should use bitmap_set() and bitmap_clear() to replace vnc_set_bits().
Signed-off-by: Wen Congyang <wency@cn.fujitsu.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This removes various code duplication from console.e and sdl.c
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This was done with:
sed -i '/get_clock\>.*rt_clock/s/get_clock\>/get_clock_ms/' \
$(git grep -l 'get_clock\>.*rt_clock' )
sed -i '/new_timer\>.*rt_clock/s/new_timer\>/new_timer_ms/' \
$(git grep -l 'new_timer\>.*rt_clock' )
after checking that get_clock and new_timer never occur twice
on the same line. There were no missed occurrences; however, even
if there had been, they would have been caught by the compiler.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
We have qemu_cpu_self and qemu_thread_self. The latter is retrieving the
current thread, the former is checking for equality (using CPUState). We
also have qemu_thread_equal which is only used like qemu_cpu_self.
This refactors the interfaces, creating qemu_cpu_is_self and
qemu_thread_is_self as well ass qemu_thread_get_self.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Commit bc2429b917 introduced
a severe bug (stack corruption).
bitmap_clear was called with a wrong argument
which caused out-of-bound writes to the local variable width_mask.
This bug was detected with QEMU running on windows.
It also occurs with wine:
*** stack smashing detected ***: terminated
wine: Unhandled illegal instruction at address 0x6115c7 (thread 0009), starting debugger...
The bug is not windows specific!
Instead of fixing the wrong parameter value, bitmap_clear(), bitmap_set
and width_mask were removed, and bitmap_intersect() was replaced by
!bitmap_empty(). The new operation is much shorter and equivalent to
the old operations.
The declarations of the dirty bitmaps in vnc.h were also wrong for 64 bit
hosts because of a rounding effect: for these hosts, VNC_MAX_WIDTH is no
longer a multiple of (16 * BITS_PER_LONG), so the rounded value of
VNC_DIRTY_WORDS was too small.
Fix both declarations by using the macro which is designed for this
purpose.
Cc: Corentin Chary <corentincj@iksaif.net>
Cc: Wen Congyang <wency@cn.fujitsu.com>
Cc: Gerhard Wiesinger <lists@wiesinger.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
VncJobQueue's buffer is intended to be used for
as the output buffer for all operations in this queue,
but unfortunatly.
vnc_async_encoding_start() is in charge of setting this
buffer as the current output buffer, but
vnc_async_encoding_end() was not writting the changes back
to VncJobQueue, resulting in a big and ugly memleak.
Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add some missing #ifdefs to fix compilation failures in the !CONFIG_VNC_JPEG
case introduced by commit ce702e93.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Reverse mode is unusable:
qemu -vnc localhost:5500,reverse
crashes in vnc_refresh_server_surface because some pointers are NULL.
Fix this by calling vnc_dpy_resize (which initializes these pointers)
before calling vnc_refresh.
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This option allow to disable adaptive behaviors in some encodings.
Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Respect client size if it doesn't not support desktop resizing.
Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Switch to bitmap.h and bitops.h instead of redefining our own bitmap
helpers.
Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
The for loop in send_lossy_rect was totally wrong, and we can't
call vnc_set_bits() because it does not really do what it should.
Use vnc_set_bit() directly instead.
Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
These two helpers are needed for zrle and zywrle.
Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This allow to use palette on the stack instead of always
allocating them.
Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
We now that the palette will never have more than 256
elements. Let's use a pool to reduce malloc calls.
Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Use the new update frequency infrastructure to use jpeg for regions with
high update frequency.
Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
If an adaptive encoding has choosen to send a lossy update
based on the result of vnc_update_freq(), then it should advertise
it with vnc_sent_lossy_rect(). This will allow to automatically refresh
this rect once it's static again.
Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch compute the update frequency (in Hz) for each 64x64 rects.
Any adaptive encoding can get this value using vnc_update_freq(), and
switch to a lossy encoding if the value is too high.
The frequency is pre-calculated every 500ms, based on the last 10
updates per 64x64 rect.
If a 64x64 rect was not updated in the last 2 second, then the frequency
became 0, and all the stored timestamp are reseted.
Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This should not change the current behavior, but if any new
encoding try to use the tight quality, it will always be set
to -1 when lossy encodings are disabled.
Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
agraf reported that qemu_mutex_destroy(vs->output_mutex) while failing
in vnc_disconnect_finish().
It's because vnc_worker_thread_loop() tries to unlock the mutex while
not locked. The unlocking call doesn't fail (pthread bug ?), but
the destroy call does.
Signed-off-by: Corentin Chary <corentincj@iksaif.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Starting with SDL version 1.2.14, caps lock and num lock keys
will send a SDL_KEYUP when SDL_DISABLE_LOCK_KEYS=1 is set in
the environment.
The new code sets the environment unconditionally
(it won't harm old versions which do not know it).
The workaround for SDL_KEYUP is only compiled with old SDL versions.
A similar patch without handling of old SDL versions was already
published by Benjamin Drung for Ubuntu.
Cc: Anthony Liguori <aliguori@us.ibm.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: Benjamin Drung <benjamin.drung@gmail.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
commit 52c18be9e9 introduced a regression in the
change vnc password command that changed the behavior of setting the VNC
password to an empty string from disabling login to disabling authentication.
This commit refactors the code to eliminate this overloaded semantics in
vnc_display_password and instead introduces the vnc_display_disable_login. The
monitor implementation then determines the behavior of an empty or missing
string.
Recently, a set_password command was added that allows both the Spice and VNC
password to be set. This command has not shown up in a release yet so the
behavior is not yet defined.
This patch proposes that an empty password be treated as an empty password with
no special handling. For specifically disabling login, I believe a new command
should be introduced instead of overloading semantics.
I'm not sure how Spice handles this but I would recommend that we have Spice
and VNC have consistent semantics here for the 0.14.0 release.
Reported-by: Neil Wilson <neil@aldur.co.uk>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---
v1 -> v2
- Add a proper return to make sure that login is really disabled instead of
relying on the VNC server to treat empty passwords specially
Variable rec is not used, remove it. Spotted by GCC 4.6.0:
CC ui/sdl.o
/src/qemu/ui/sdl.c: In function 'sdl_setdata':
/src/qemu/ui/sdl.c:90:14: error: variable 'rec' set but not used [-Werror=unused-but-set-variable]
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This patch makes the numlock+capslock tracking logic only look at
keydown events. Without this patch the vnc server will insert
bogous capslock keypress in case it sees the following key sequence:
shift down --- 'A' down --- shift up --- 'A' up
^ here
It doesn't hurt with a PS/2 keyboard, but it disturbs the USB Keyboard.
And with the key event queue just added to the usb keyboard the guest
will actually notice.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Adding a chardev backend for spice, where spice determines what
to do with it based on the name attribute given during chardev creation.
For usage by spice vdagent in conjunction with a properly named
virtio-serial device, and future smartcard channel usage.
Example usage:
qemu -device virtio-serial -chardev spicevmc,name=vdagent,id=vdagent \
-device virtserialport,chardev=vdagent,name=com.redhat.spice.0
v4->v5:
* add tracing events
* fix missing comma
* fix help string to show debug is optional
v3->v4:
* updated commit message
v1->v3 changes: (v2 had a wrong commit message)
* removed spice-qemu-char.h, folded into ui/qemu-spice.h
* removed dead IOCTL code
* removed comment
* removed ifdef CONFIG_SPICE from qemu-config.c and qemu-options.hx help.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Handle spice client migration, i.e. inform a spice client connected
about the new host and connection parameters, so it can move over the
connection automatically.
The monitor command has a not-yet used protocol argument simliar to
set_password and expire_password commands. This allows to add a simliar
feature to vnc in the future. Daniel Berrange plans to work on this.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds new set_password and expire_password monitor commands
which allows to change and expire the password for spice and vnc
connections. See the doc update patch chunk for details.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds support for expiring passwords to vnc. It adds a new
vnc_display_pw_expire() function which specifies the time when the
password will expire.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
protocol_client_auth_vnc() has two places where the auth can fail,
with identical code sending the reject message to the client.
Move the common code to the end of the function and make both
error paths jump there. No functional change.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The patch adds a 'query-spice' monitor command which returns
informations about the spice server configuration and also a list of
channel connections.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>