Commit c448e8552b (spice: tls
support) added options to the -spice command line. But there
is an inconsistency between the declaration of the option
'x509-dh-key-file' to -spice command line and its parameter
parsing 'x509-dh-file' in function qemu_spice_init.
https://bugs.launchpad.net/qemu/+bug/1035042
Reported-by: Alon Bar-Lev <alon.barlev@gmail.com>
Signed-off-by: Lei Li <lilei@linux.vnet.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
With the next qemu version (1.3) we are going to bump the qxl device
revision to 4. The new features available require a recent spice-server
version, so raise up the bar. Otherwise we would end up with different
qxl revisions depending on the spice-server version installed, which
would be a major PITA when it comes to compat properties.
Clear out a big bunch of #ifdefs which are not needed any more.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The seamless-migration flag is required in order to identify
whether libvirt supports the new QEVENT_SPICE_MIGRATE_COMPLETED or not
(by default the flag is off).
New libvirt versions that wait for QEVENT_SPICE_MIGRATE_COMPLETED should turn on this flag.
When this flag is off, spice fallbacks to its old migration method, which
can result in data loss.
Signed-off-by: Yonit Halperin <yhalperi@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The flag is 'true' when spice migration has completed on the src side.
It is needed for a case where libvirt dies before migration completes
and it misses the event QEVENT_SPICE_MIGRATE_COMPLETED.
When libvirt is restored and queries the migration status, it also needs
to query spice and check if its migration has completed.
Signed-off-by: Yonit Halperin <yhalperi@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When migrating, libvirt queries the migration status, and upon migration
completions, it closes the migration src. On the other hand, when
migration is completed, spice transfers data from the src to destination
via the client. This data is required for keeping the spice session
after migration, without suffering from data loss and inconsistencies.
In order to allow this data transfer, we add QEVENT for signaling
libvirt that spice migration has completed, and libvirt needs to wait
for this event before quitting the src process.
Signed-off-by: Yonit Halperin <yhalperi@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Spice server needs to know about the vm state in order to prevent
attempts to write to devices when they are stopped, mainly during
the non-live stage of migration.
Instead, spice will take care of restoring this writes, on the migration
target side, after migration completes.
Signed-off-by: Yonit Halperin <yhalperi@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When parsing its command line parameters, spice aborts when it
finds unexpected values, except for the 'streaming-video' option.
This happens because the parsing of the parameters for this option
is done using the 'name2enum' helper, which does not error out
on unknown values. Using the 'parse_name' helper makes sure we
error out in this case. Looking at git history, the use of
'name2enum' instead of 'parse_name' seems to have been an oversight,
so let's change to that now.
Fixes rhbz#831708
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add mouse_mode, either server or mouse, to qmp and hmp commands, based
on spice_server_is_server_mouse added in spice-server 0.10.3.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit 1b71f7c14f moved MODULE_INIT_QOM to
way before MODULE_INIT_MACHINE, thereby breaking assumptions made in
spice-core.c which registered both a type initializer and a machine
intializer.
This fix removes the type registration, and replaces it with calling
qemu_spice_init in vl.c after command line parsing (second pass) is
done, and after timers are armed, required by spice server.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
It's currently possible to setup spice channels using TLS when
no TLS port has been specified (ie TLS is disabled). This cannot
work, so better to error out in such a situation.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Error message reporting during spice startup wasn't consistent, it was done
with fprintf(stderr, "") but sometimes the message didn't have a trailing
\n. Using error_report make the intent of the message clearer and deal
with the final \n for us.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
drop all ifdefs on SPICE_INTERFACE_QXL_MINOR >= 1 as a result,
any check for SPICE_SERVER_VERSION that is now always satisfied,
and SPICE_INTERFACE_CORE_MINOR >= 3 tests, because
0.8.2 has SPICE_INTERFACE_QXL_MINOR == 1 and
SPICE_INTERFACE_CORE_MINOR == 3.
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
With the acceptance of some new APIs to libspice-server.so it
is possible to add support for SPICE to the 'add_client'
monitor command, bringing parity with VNC. Since SPICE can
use TLS or plain connections, the command also gains a new
'tls' parameter to specify whether TLS should be attempted
on the injected client sockets.
This new feature is only enabled if building against a
libspice-server >= 0.10.1
* qmp-commands.hx: Add 'tls' parameter & missing doc for
'skipauth' parameter
* monitor.c: Wire up SPICE for 'add_client' command
* ui/qemu-spice.h, ui/spice-core.c: Add qemu_spice_display_add_client
API to wire up from monitor
[1] http://cgit.freedesktop.org/spice/spice/commit/server/spice.h?id=d55b68b6b44f2499278fa860fb47ff22f5011faahttp://cgit.freedesktop.org/spice/spice/commit/server/spice.h?id=bd07dde530d9504e1cfe7ed5837fc00c26f36716
Changes in v3:
- Added 'optional' flag to new parameters documented
- Added no-op impl of qemu_spice_display_add_client when
SPICE is disabled during build
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Replace device_init() with generalized type_init().
While at it, unify naming convention: type_init([$prefix_]register_types)
Also, type_init() is a function, so add preceding blank line where
necessary and don't put a semicolon after the closing brace.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Cc: Anthony Liguori <anthony@codemonkey.ws>
Cc: malc <av1474@comtv.ru>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Setting both read and write handlers to NULL in qemu_set_fd_handler
is not enougth to make qemu purge the file handle from the list.
We must set opaque to NULL too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
No need to use pthread directly, we have proper abstractions for
identity checking.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
RHBZ 737921
Spice client is required to connect to the migration target before/as migration
starts. Since after migration starts, the target qemu is blocked and cannot accept new spice client
we trigger the connection to the target upon client_migrate_info command.
client_migrate_info completion cb will be called after spice client has been
connected to the target (or a timeout). See following patches and spice patches.
Signed-off-by: Yonit Halperin <yhalperi@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This allows to pass additional information to the notifier callback
which is useful if sender and receiver do not share any other distinct
data structure.
Will be used first for the clock reset notifier.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Make sure at least one port (port=.. or tls-port=...)
is specified. Also apply range checks to the port numbers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch raises the minimum required spice version to 0.6.0 and drops
a few ifdefs.
0.6.0 is the first stable release with the current libspice-server API,
there shouldn't be any 0.5.x development versions deployed any more.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Turn on SASL support by appending "sasl" to the spice arguments, which
requires that the client use SASL to authenticate with the spice. The
exact choice of authentication method used is controlled from the
system / user's SASL configuration file for the 'qemu' service. This
is typically found in /etc/sasl2/qemu.conf. If running QEMU as an
unprivileged user, an environment variable SASL_CONF_PATH can be used
to make it search alternate locations for the service config. While
some SASL auth methods can also provide data encryption (eg GSSAPI),
it is recommended that SASL always be combined with the 'tls' and
'x509' settings to enable use of SSL and server certificates. This
ensures a data encryption preventing compromise of authentication
credentials.
It requires support from spice 0.8.1.
[ kraxel: moved spell fix to separate commit ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Some people want to be able disable spice's guest <-> client copy paste support
because of security considerations.
[ kraxel: drop old-version error message ]
This was done with:
sed -i '/get_clock\>.*rt_clock/s/get_clock\>/get_clock_ms/' \
$(git grep -l 'get_clock\>.*rt_clock' )
sed -i '/new_timer\>.*rt_clock/s/new_timer\>/new_timer_ms/' \
$(git grep -l 'new_timer\>.*rt_clock' )
after checking that get_clock and new_timer never occur twice
on the same line. There were no missed occurrences; however, even
if there had been, they would have been caught by the compiler.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Handle spice client migration, i.e. inform a spice client connected
about the new host and connection parameters, so it can move over the
connection automatically.
The monitor command has a not-yet used protocol argument simliar to
set_password and expire_password commands. This allows to add a simliar
feature to vnc in the future. Daniel Berrange plans to work on this.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds new set_password and expire_password monitor commands
which allows to change and expire the password for spice and vnc
connections. See the doc update patch chunk for details.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The patch adds a 'query-spice' monitor command which returns
informations about the spice server configuration and also a list of
channel connections.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds support for connection events to spice. The events are
quite simliar to the vnc events. Unlike vnc spice uses multiple tcp
channels though. qemu will report every single tcp connection (aka
spice channel). If you want track spice sessions only you can filter
for the main channel (channel-type == 1).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
qxl is a paravirtual graphics card. The qxl device is the bridge
between the guest and the spice server (aka libspice-server). The
spice server will send the rendering commands to the spice client, which
will actually render them.
The spice server is also able to render locally, which is done in case
the guest wants read something from video memory. Local rendering is
also used to support display over vnc and sdl.
qxl is activated using "-vga qxl". qxl supports multihead, additional
cards can be added via '-device qxl".
[ v2: add copyright to files ]
[ v2: use qemu-common.h for standard includes ]
[ v2: create separate qxl-vga device for primary ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add support for the spice audio interface. With this patch applied
audio can be forwarded over the network from/to the spice client. Both
recording and playback is supported.
The driver is first in the driver list, but the can_be_default flag is
set only in case spice is active. So if you have the spice protocol
enabled the spice audio driver is the default one, otherwise whatever
comes first after spice in the list. Overriding the default using
QEMU_AUDIO_DRV works in any case.
[ v2: audio codestyle: add spaces before open parenthesis ]
[ v2: add const to silence array ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Cc: malc <av1474@comtv.ru>
Signed-off-by: malc <av1474@comtv.ru>
Open keyboard channel. Now you can type into the spice client and the
keyboard events are sent to your guest. You'll need some other display
like vnc to actually see the guest responding to them though.
Add -spice command line switch. Has support setting passwd and port for
now. With this patch applied the spice client can successfully connect
to qemu. You can't do anything useful yet though.