Commit Graph

1430 Commits

Author SHA1 Message Date
Gerd Hoffmann
5b8541c6c7 console: fix cell overflow
Linux terminal behavior (coming from vt100 I think) is somewhat strange
when it comes to line wraps:  When a character is printed to the last
char cell of a line the cursor does NOT jump to the next line but stays
where it is.  The line feed happens when the next character is printed.

So the valid range for the cursor position is not 0 .. width-1 but
0 .. width, where x == width represents the state where the line is
full but the cursor didn't jump to the next line yet.

The code for the 'clear from start of line' control sequence (ESC[1K)
fails to handle this corner case correctly and may call
console_clear_xy() with x == width.  That will incorrectly clear the
first char cell of the next line, or in case the cursor happens to be on
the last line overflow the cell buffer by one character (three bytes).

Add a check to the loop to fix that.

Didn't spot any other places with the same problem.  But it's easy to
miss that corner case, so also allocate one extra cell as precaution, so
in case we have simliar issues lurking elsewhere it at least wouldn't be
a buffer overflow.

v2: squashed in additional checks suggested by Christophe de Dinechin.

Reported-by: Alexander Oleinik <alxndr@bu.edu>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com>
Message-id: 20190701075301.14165-1-kraxel@redhat.com
2019-07-03 10:57:12 +02:00
Chen Zhang
8e23e34d98 ui/cocoa: Fix mouse grabbing in fullscreen mode for relative input device
In fullscreen mode, the window property of cocoaView may not be the key
window, and the current implementation would not re-grab cursor by left click
in fullscreen mode after ungrabbed in fullscreen mode with hot-key ctrl-opt-g.

This patch used value of isFullscreen as a short-cirtuit condition for
relative input device grabbing.

Signed-off-by: Chen Zhang <tgfbeta@me.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 2D2F1191-E82F-4B54-A6E7-73FFB953DE93@me.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-06-13 11:23:22 +01:00
Chen Zhang
2044dff870 ui/cocoa: Fix absolute input device grabbing issue on Mojave
On Mojave, absolute input device, i.e. tablet, had trouble re-grabbing
the cursor in re-entry into the virtual screen area. In some cases,
the `window` property of NSEvent object was nil after cursor exiting from
window, hinting that the `-locationInWindow` method would return value in
screen coordinates. The current implementation used raw locations from
NSEvent without considering whether the value was for the window coordinates
or the macOS screen coordinates, nor the zooming factor for Zoom-to-Fit in
fullscreen mode.

In fullscreen mode, the fullscreen cocoa window might not be the key
window, therefore the location of event in virtual coordinates should
suffice.

This patches fixed boundary check methods for cursor in normal
and fullscreen with/without Zoom-to-Fit in Mojave.

Note: CGRect, -convertRectToScreen: and -convertRectFromScreen: were
used in coordinates conversion for compatibility reason.

Signed-off-by: Chen Zhang <tgfbeta@me.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: FA3FBC4F-5379-4118-B997-58FE05CC58F9@me.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-06-13 11:23:22 +01:00
Markus Armbruster
a8d2532645 Include qemu-common.h exactly where needed
No header includes qemu-common.h after this commit, as prescribed by
qemu-common.h's file comment.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190523143508.25387-5-armbru@redhat.com>
[Rebased with conflicts resolved automatically, except for
include/hw/arm/xlnx-zynqmp.h hw/arm/nrf51_soc.c hw/arm/msf2-soc.c
block/qcow2-refcount.c block/qcow2-cluster.c block/qcow2-cache.c
target/arm/cpu.h target/lm32/cpu.h target/m68k/cpu.h target/mips/cpu.h
target/moxie/cpu.h target/nios2/cpu.h target/openrisc/cpu.h
target/riscv/cpu.h target/tilegx/cpu.h target/tricore/cpu.h
target/unicore32/cpu.h target/xtensa/cpu.h; bsd-user/main.c and
net/tap-bsd.c fixed up]
2019-06-12 13:20:20 +02:00
Markus Armbruster
0b8fa32f55 Include qemu/module.h where needed, drop it from qemu-common.h
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190523143508.25387-4-armbru@redhat.com>
[Rebased with conflicts resolved automatically, except for
hw/usb/dev-hub.c hw/misc/exynos4210_rng.c hw/misc/bcm2835_rng.c
hw/misc/aspeed_scu.c hw/display/virtio-vga.c hw/arm/stm32f205_soc.c;
ui/cocoa.m fixed up]
2019-06-12 13:18:33 +02:00
Markus Armbruster
856dfd8a03 qemu-common: Move qemu_isalnum() etc. to qemu/ctype.h
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190523143508.25387-3-armbru@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2019-06-11 20:22:09 +02:00
Gerd Hoffmann
15ee0d9bc1 egl-helpers: add modifier support to egl_dmabuf_import_texture()
Check and use QemuDmaBuf->modifier in egl_dmabuf_import_texture()
for dmabuf imports.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20190529072144.26737-5-kraxel@redhat.com
2019-06-07 11:52:35 +02:00
Gerd Hoffmann
5fc1fb62af egl-helpers: add modifier support to egl_get_fd_for_texture().
Add modifier parameter to egl_get_fd_for_texture(), to return the used
modifier on dmabuf exports.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20190529072144.26737-4-kraxel@redhat.com
2019-06-07 11:52:35 +02:00
Max Reitz
dc3c871ae0 ui/curses: Fix build with -m32
wchar_t may resolve to be an unsigned long on 32-bit architectures.
Using the %x conversion specifier will then give a compiler warning:

ui/curses.c: In function ‘get_ucs’:
ui/curses.c:492:49: error: format ‘%x’ expects argument of type ‘unsigned int’, but argument 3 has type ‘wchar_t’ {aka ‘long int’} [-Werror=format=]
  492 |         fprintf(stderr, "Could not convert 0x%04x "
      |                                              ~~~^
      |                                                 |
      |                                                 unsigned int
      |                                              %04lx
  493 |                         "from wchar_t to a multibyte character: %s\n",
  494 |                         wch, strerror(errno));
      |                         ~~~
      |                         |
      |                         wchar_t {aka long int}
ui/curses.c:504:49: error: format ‘%x’ expects argument of type ‘unsigned int’, but argument 3 has type ‘wchar_t’ {aka ‘long int’} [-Werror=format=]
  504 |         fprintf(stderr, "Could not convert 0x%04x "
      |                                              ~~~^
      |                                                 |
      |                                                 unsigned int
      |                                              %04lx
  505 |                         "from a multibyte character to UCS-2 : %s\n",
  506 |                         wch, strerror(errno));
      |                         ~~~
      |                         |
      |                         wchar_t {aka long int}

Fix this by casting the wchar_t value to an unsigned long and using %lx
as the conversion specifier.

Fixes: b7b664a4fe
Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-id: 20190527142540.23255-1-mreitz@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-06-07 11:29:40 +02:00
Marc-André Lureau
cb0efb7125 spice-app: fix running when !CONFIG_OPENGL
Do not set 'gl' parameter, fixes:
qemu-system-x86_64: Invalid parameter 'gl'

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20190524130946.31736-7-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-05-29 06:30:45 +02:00
Richard Henderson
f7b2502cdc ui/vnc: Use gcrypto_random_bytes for start_auth_vnc
Use a better interface for random numbers than rand().
Fail gracefully if for some reason we cannot use the crypto system.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-05-22 12:38:54 -04:00
Richard Henderson
4347e6383f ui/vnc: Split out authentication_failed
There were 3 copies of this code, one of which used the wrong
data size for the failure indicator.

Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-05-22 12:38:54 -04:00
Gerd Hoffmann
5fff13f245 kbd-state: fix autorepeat handling
When allowing multiple down-events in a row (key autorepeat) we can't
use change_bit() any more to update the state, because autorepeat events
don't change the key state.  We have to explicitly use set_bit() and
clear_bit() instead.

Cc: qemu-stable@nongnu.org
Fixes: 3592186015 kbd-state: don't block auto-repeat events
Buglink: https://bugs.launchpad.net/qemu/+bug/1828272
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20190514042443.10735-1-kraxel@redhat.com
2019-05-17 13:21:40 +02:00
HOU Qiming
bfafa473ed ui/console: Precautionary glBindTexture and surface->texture validation in surface_gl_update_texture
In a GVT-g setup with dmabuf and GTK GUI, the current 2D texture at
surface_gl_update_texture is not necessarily
surface->texture. Adding a glBindTexture fixes related crashes and
artifacts, and is generally more secure.

Signed-off-by: HOU Qiming <hqm03ster@gmail.com>
Tested-by: Marcel Apfelbaum<marcel.apfelbaum@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Message-id: 20190507080501.26712-1-marcel.apfelbaum@gmail.com
[fixed malformed patch, rebase to master]
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-05-17 13:21:40 +02:00
Samuel Thibault
962cf8fd4f ui/curses: manipulate cchar_t with standard curses functions
The chars/attr fields are curses internals, setcchar and getcchar have
to be used instead.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Tested-by: Kamil Rytarowski <n54@gmx.com>
Message-Id: <20190427183307.12796-3-samuel.thibault@ens-lyon.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-05-17 13:21:40 +02:00
Samuel Thibault
b7b664a4fe ui/curses: do not assume wchar_t contains unicode
E.g. BSD and Solaris even use locale-specific encoding there.

We thus have to go through the native multibyte representation and use
mbrtowc/wcrtomb to make a proper conversion.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Tested-by: Kamil Rytarowski <n54@gmx.com>
Message-Id: <20190427183307.12796-2-samuel.thibault@ens-lyon.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-05-17 13:21:40 +02:00
Gerd Hoffmann
e1be98540e curses: fix wchar_t printf warning
On some systems wchar_t is "long int", on others just "int".
So go cast to "long int" and adjust the printf format accordingly.

Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190402073018.17747-1-kraxel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-04-12 12:58:00 +01:00
Markus Armbruster
dec9776049 trace-events: Fix attribution of trace points to source
Some trace points are attributed to the wrong source file.  Happens
when we neglect to update trace-events for code motion, or add events
in the wrong place, or misspell the file name.

Clean up with help of cleanup-trace-events.pl.  Same funnies as in the
previous commit, of course.  Manually shorten its change to
linux-user/trace-events to */signal.c.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20190314180929.27722-6-armbru@redhat.com
Message-Id: <20190314180929.27722-6-armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-03-22 16:18:07 +00:00
Markus Armbruster
500016e5db trace-events: Shorten file names in comments
We spell out sub/dir/ in sub/dir/trace-events' comments pointing to
source files.  That's because when trace-events got split up, the
comments were moved verbatim.

Delete the sub/dir/ part from these comments.  Gets rid of several
misspellings.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190314180929.27722-3-armbru@redhat.com
Message-Id: <20190314180929.27722-3-armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-03-22 16:18:07 +00:00
Samuel Thibault
a9fda24747 curses ui: add missing iconv_close calls
The iconv_t are opened but never closed.

Spotted by Coverity: CID 1399708
Spotted by Coverity: CID 1399709
Spotted by Coverity: CID 1399713

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-Id: <20190314172524.9290-1-samuel.thibault@ens-lyon.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-18 12:06:04 +01:00
Samuel Thibault
a5489ae5bb curses ui: always initialize all curses_line fields
cchar_t can contain not only attr and chars fields, but also ext_color.
Initialize the whole structure to zero instead of enumerating fields.

Spotted by Coverity: CID 1399711

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-Id: <20190315130932.26094-1-samuel.thibault@ens-lyon.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-18 10:54:05 +01:00
Li Qiang
18e845f7df vnc: fix unalignment access in tight_pack24
When adding '-fsanitize=undefined' in compiling configuration
and connect VM with vnc, it reports following error:

ui/vnc-enc-tight.c:910:13: runtime error: load of
misaligned address 0x621000466513 for type 'uint32_t',
which requires 4 byte alignment

This patch fix this issue.

Signed-off-by: Li Qiang <liq3ea@163.com>
Message-id: 20190318010442.14897-1-liq3ea@163.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-18 10:49:18 +01:00
Peter Maydell
85ce84489a ui: better unicode support for curses, v2.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJciLFoAAoJEEy22O7T6HE4mI8P/AknxbxN0IROgo/GX9aZMnIQ
 JiqbYxj4SSXL8P+0IqgsdGXwggGlcnpM8XQa/I1e6yEl7jHQv7sccMb4EZotRJOR
 k1zeXv4ie8SY7vMOW4MfdbjZ22FKwQ4kTAlRGUAmk1NcuqpmWTH9qwBWgegfiHYP
 DVqroDf34U32kuDmo4T+m4I5Sgn0uugrD525Z9M6yN3V0dCuPbncb297X9aPd+Ou
 xrZ50iAT3sfMNIBJU4JjEBQm+jxt2JOupWhsqLwiT7jwzo65vooLgYm4MdF3iGFv
 hvFEUkE5XdauC7eRuEsmLAtWQ7BzzEFPBZKgexDDRMDQ4ROWxbnUDNqfRmIzxHfG
 AeCuHn2/iuE4IycoDqE919LOBm/TnPb08Xe9ly7tMXS7NQGsctgruI3DOA7CCjLo
 ZoTNSHElVmmjDTS5yMWyrYMEkO+W4pjC2+7vAKfj3KvW0RYG+kG1tkWIIsZogZ7C
 XmcLAKLH9RQVH0UBC0wgHHs36fGnr3DP4WsLKdSrh3OhYXSPClNM+RD7YwTu5c3j
 +vnCgpqU3yW6Bk9oBP+tiG+KgltaS+tieoGNsvvE41pqV152WuUx9sqiK4ItA9i3
 /aEN+YE2bbWnqPAKGpzC8JiNyD75VopkxkuvKkq7TERvC+2ew0USeqfmS1GSedyg
 pYnwJoJGQa1bCBUmf/S/
 =gcY1
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20190313-pull-request' into staging

ui: better unicode support for curses, v2.

# gpg: Signature made Wed 13 Mar 2019 07:29:44 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20190313-pull-request:
  curses: add option to specify VGA font encoding
  iconv: detect and make curses depend on it

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-03-13 20:11:06 +00:00
Samuel Thibault
2f8b7cd587 curses: add option to specify VGA font encoding
This uses iconv to convert glyphs from the specified VGA font encoding to
unicode, and makes use of cchar_t instead of chtype when using ncursesw,
which allows to store all wide char as well as the WACS values. The default
charset is made CP437 since that is the charset of the hardware default VGA
font. This also makes the curses backend set the LC_CTYPE locale to "" to
allow curses to emit wide characters.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Cc: Eddie Kohler <ekohler@gmail.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190311135127.2229-3-samuel.thibault@ens-lyon.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-13 08:29:06 +01:00
Samuel Thibault
e08bb3010c iconv: detect and make curses depend on it
curses will use it for proper wide output support.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-Id: <20190311135127.2229-2-samuel.thibault@ens-lyon.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-13 08:29:01 +01:00
Peter Maydell
cfc3fef6b4 audio: introduce -audiodev
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJch1vTAAoJEEy22O7T6HE4KL8QAI7VfMK8ZKTx/9Su46RL1A0G
 xNYhapdkhK2DEMd7JDY+eg8I8VQEwWroEjphCxLdx3p84Gr44gwgj3T24iRlXugq
 hJEgtBR548bBBdGd6KRihS8ZOro1T2gXol/TRq9z/TEF2LU6AVy52riZ/iydEd2U
 /ibkISR/vLdOnQ1Mj4YpchCZHx1yvMjSOhF/Cw2kXUm8C0jEuj3ws/BfdZQ8DxDG
 ayzS7JwSGOedsoFj+yfWX/YjCiocaXSLux9kyACzhHSJcA/5hw5srbXyhe4JrgdY
 BEqaUa23KiulgFt5fXnprktq+BQba/a4Tbx+YZFaNvX4HXqVccnCNN+VMkV4CvBN
 Y6UwijfaePVaQFP4kP+vpvqdPoJHNGikPlX8j3Q7ofL5+/c7Qk9yChNyB8lpfOIe
 KBNNsIIJO2GVU0IVNuqIGldWZYQw2y8ojpNSntg5lyFIrwZ+ipDFuxD9weZibVgc
 pa4VfPNKW4lOWrDX0PLv5eTNWOLamY3T1wY6pQCOtHgzlChRa28pMWkB7VkzTTQW
 gzipigqpVzmd3l1m2uI7LOovZa326IrGRC1/Yb4a41Gz58p9a1U2sYTijhPlAaeq
 VDMafPTAIJYpg0MW5Uxh1eB05WzNafPfEznjMJ/Z84J4P/oGFxlOGcL99sAbrxpl
 cQWWZlBGINQhxZ1PtvJc
 =7YpW
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/audio-20190312-pull-request' into staging

audio: introduce -audiodev

# gpg: Signature made Tue 12 Mar 2019 07:12:19 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/audio-20190312-pull-request:
  audio: -audiodev command line option: cleanup
  wavaudio: port to -audiodev config
  spiceaudio: port to -audiodev config
  sdlaudio: port to -audiodev config
  paaudio: port to -audiodev config
  ossaudio: port to -audiodev config
  noaudio: port to -audiodev config
  dsoundaudio: port to -audiodev config
  coreaudio: port to -audiodev config
  alsaaudio: port to -audiodev config
  audio: -audiodev command line option basic implementation
  audio: -audiodev command line option: documentation
  audio: use qapi AudioFormat instead of audfmt_e
  qapi: qapi for audio backends

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

# Conflicts:
#	qemu-deprecated.texi
2019-03-12 16:45:13 +00:00
Kővágó, Zoltán
85bc58520c audio: use qapi AudioFormat instead of audfmt_e
I had to include an enum for audio sampling formats into qapi, but that
meant duplicating the audfmt_e enum.  This patch replaces audfmt_e and
associated values with the qapi generated AudioFormat enum.

This patch is mostly a search-and-replace, except for switches where the
qapi generated AUDIO_FORMAT_MAX caused problems.

Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 01251b2758a1679c66842120b77c0fb46d7d0eaf.1552083282.git.DirtY.iCE.hu@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11 10:29:26 +01:00
Daniel P. Berrange
55cf09a02b vnc: allow specifying a custom authorization object name
The VNC server has historically had support for ACLs to check both the
SASL username and the TLS x509 distinguished name. The VNC server was
responsible for creating the initial ACL, and the client app was then
responsible for populating it with rules using the HMP 'acl_add' command.

This is not satisfactory for a variety of reasons. There is no way to
populate the ACLs from the command line, users are forced to use the
HMP. With multiple network services all supporting TLS and ACLs now, it
is desirable to be able to define a single ACL that is referenced by all
services.

To address these limitations, two new options are added to the VNC
server CLI. The 'tls-authz' option takes the ID of a QAuthZ object to
use for checking TLS x509 distinguished names, and the 'sasl-authz'
option takes the ID of another object to use for checking SASL usernames.

In this example, we setup two authorization rules. The first allows any
client with a certificate issued by the 'RedHat' organization in the
'London' locality. The second ACL allows clients with either the
'joe@REDHAT.COM' or  'fred@REDHAT.COM' kerberos usernames. Both checks
must pass for the user to be allowed.

    $QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\
                  endpoint=server,verify-peer=yes \
          -object authz-simple,id=authz0,policy=deny,\
                  rules.0.match=O=RedHat,,L=London,rules.0.policy=allow \
          -object authz-simple,id=authz1,policy=deny,\
                  rules.0.match=fred@REDHAT.COM,rules.0.policy=allow \
                  rules.0.match=joe@REDHAT.COM,rules.0.policy=allow \
          -vnc 0.0.0.0:1,tls-creds=tls0,tls-authz=authz0,
	       sasl,sasl-authz=authz1 \
          ...other QEMU args...

Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 20190227145755.26556-2-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11 08:39:02 +01:00
Gerd Hoffmann
bbcdeb623d vnc: fix update stalls
vnc aborts display update jobs on video mode switches and page flips.
That can cause vnc update stalls in case an unfinished vnc job gets
aborted.  The vnc client will never receive the requested update then.
Fix that by copying the state from job_update back to update in that
case.

Reports complain about stalls with two or more clients being connected
at the same time, on some but not all connections.  I suspect it can
also happen with a single connection, multiple connections only make
this more much likely to happen.

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1662260
Reported-by: Ying Fang <fangying1@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Ying Fang <fangying1@huawei.com>
Message-id: 20190305130930.24516-1-kraxel@redhat.com
2019-03-11 08:39:02 +01:00
Samuel Thibault
459a707ecc curses: support wide input
This makes use of wide curses functions instead of 8bit functions. This
allows to type e.g. accented letters.

Unfortunately, key codes are then returned with values that could be
confused with wide characters by ncurses, so we need to add a maybe_keycode
variable to know whether the returned value is a key code or a character
(curses with wide support), or possibly both (curses without wide support).

The translation tables thus also need to be separated into key code
translation and character translation.  The curses2foo helper makes it easier
to use them.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-id: 20190304210532.7840-1-samuel.thibault@ens-lyon.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11 08:39:02 +01:00
Samuel Thibault
633786fea7 Reduce curses escdelay from 1s to 25ms
By default, curses will only report single ESC key event after 1s delay,
since ESC is also used for keypad escape sequences. This however makes
users believe that ESC is not working. Reducing to 25ms provides good user
experience, while still allowing 25ms for keypad sequences to get in, which
should be enough.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-Id: <20190303172557.17139-1-samuel.thibault@ens-lyon.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11 08:39:01 +01:00
Peter Maydell
5588840ff7 ui/cocoa: Perform UI operations only on the main thread
The OSX Mojave release is more picky about enforcing the Cocoa API
restriction that only the main thread may perform UI calls. To
accommodate this we need to restructure the Cocoa code:
 * the special OSX main() creates a second thread and uses
   that to call the vl.c qemu_main(); the original main
   thread goes into the OSX event loop
 * the refresh, switch and update callbacks asynchronously
   tell the main thread to do the necessary work
 * the refresh callback no longer does the "get events from the
   UI event queue and handle them" loop, since we now use
   the stock OSX event loop. Instead our NSApplication sendEvent
   method will either deal with them or pass them on to OSX

All these things have to be changed in one commit, to avoid
breaking bisection.

Note that since we use dispatch_get_main_queue(), this bumps
our minimum version requirement to OSX 10.10 Yosemite (released
in 2014, unsupported by Apple since 2017).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Tested-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-id: 20190225102433.22401-8-peter.maydell@linaro.org
Message-id: 20190214102816.3393-8-peter.maydell@linaro.org
2019-03-04 16:47:31 +00:00
Peter Maydell
61a2ed447e ui/cocoa: Subclass NSApplication so we can implement sendEvent
When we switch away from our custom event handling, we still want to
be able to have first go at any events our application receives,
because in full-screen mode we want to send key events to the guest,
even if they would be menu item activation events. There are several
ways we could do that, but one simple approach is to subclass
NSApplication so we can implement a custom sendEvent method.
Do that, but for the moment have our sendEvent just invoke the
superclass method.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Tested-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-id: 20190225102433.22401-7-peter.maydell@linaro.org
Message-id: 20190214102816.3393-7-peter.maydell@linaro.org
2019-03-04 16:47:31 +00:00
Peter Maydell
60105d7a1c ui/cocoa: Don't call NSApp sendEvent directly from handleEvent
Currently the handleEvent method will directly call the NSApp
sendEvent method for any events that we want to let OSX deal
with. When we rearrange the event handling code, the way that
we say "let OSX have this event" is going to change. Prepare
for that by refactoring so that handleEvent returns a flag
indicating whether it consumed the event.

Suggested-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Tested-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-id: 20190225102433.22401-6-peter.maydell@linaro.org
Message-id: 20190214102816.3393-6-peter.maydell@linaro.org
2019-03-04 16:47:31 +00:00
Peter Maydell
8b00e4e730 ui/cocoa: Move console/device menu creation code up in file
Move the console/device menu creation code functions
further up in the source file, next to the code which
creates the initial menus. We're going to want to
change the location we call these functions from in
the next patch.

This commit is a pure code move with no other changes.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Tested-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-id: 20190225102433.22401-5-peter.maydell@linaro.org
Message-id: 20190214102816.3393-5-peter.maydell@linaro.org
2019-03-04 16:47:31 +00:00
Peter Maydell
c6fd6c705d ui/cocoa: Factor out initial menu creation
Factor out the long code sequence in main() which creates
the initial set of menus. This will make later patches
which move initialization code around a bit clearer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Tested-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-id: 20190225102433.22401-4-peter.maydell@linaro.org
Message-id: 20190214102816.3393-4-peter.maydell@linaro.org
2019-03-04 16:47:31 +00:00
Peter Maydell
72a3e316da ui/cocoa: Use the pixman image directly in switchSurface
Currently the switchSurface method takes a DisplaySurface. We want
to change our DisplayChangeListener's dpy_gfx_switch callback
to do this work asynchronously on a different thread. The caller
of the switch callback will free the old DisplaySurface
immediately the callback returns, so to ensure that the
other thread doesn't access freed data we need to switch
to using the underlying pixman image instead. The pixman
image is reference counted, so we will be able to take
a reference to it to avoid it vanishing too early.

In this commit we only change the switchSurface method
to take a pixman image, and keep the flow of control
synchronous for now.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Tested-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-id: 20190225102433.22401-3-peter.maydell@linaro.org
Message-id: 20190214102816.3393-3-peter.maydell@linaro.org
2019-03-04 16:47:31 +00:00
Peter Maydell
31819e9509 ui/cocoa: Ensure we have the iothread lock when calling into QEMU
The Cocoa UI should run on the main thread; this is enforced
in OSX Mojave. In order to be able to run on the main thread,
we need to make sure we hold the iothread lock whenever we
call into various QEMU UI midlayer functions.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Tested-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-id: 20190225102433.22401-2-peter.maydell@linaro.org
Message-id: 20190214102816.3393-2-peter.maydell@linaro.org
2019-03-04 16:47:21 +00:00
Daniel P. Berrange
b76806d4ec authz: delete existing ACL implementation
The 'qemu_acl' type was a previous non-QOM based attempt to provide an
authorization facility in QEMU. Because it is non-QOM based it cannot be
created via the command line and requires special monitor commands to
manipulate it.

The new QAuthZ subclasses provide a superset of the functionality in
qemu_acl, so the latter can now be deleted. The HMP 'acl_*' monitor
commands are converted to use the new QAuthZSimple data type instead
in order to provide temporary backwards compatibility.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2019-02-26 15:32:19 +00:00
Marc-André Lureau
d8aec9d9f1 display: add -display spice-app launching a Spice client
Add a new display backend that will configure Spice to allow a remote
client to control QEMU in a similar fashion as other QEMU display
backend/UI like GTK.

For this to work, it will set up Spice server with a unix socket, and
register a VC chardev that will be exposed as Spice ports. A QMP
monitor is also exposed as a Spice port, this allows the remote client
fuller qemu control and state handling.

- doesn't handle VC set_echo() - this doesn't seem a strong
  requirement, very few front-end use it
- spice options can be tweaked with other -spice arguments
- Windows support shouldn't be hard to do, but will probably use a TCP
  port instead
- we may want to watch the child process to quit automatically if it
  crashed

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-12-marcandre.lureau@redhat.com

[ kraxel: squash incremental fix ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-02-22 07:42:59 +01:00
Marc-André Lureau
4c77ee12da spice: use a default name for the server
If no -name is given, let's use a friendly "QEMU version" server
name. This is sometime exposed on spice client side, for example on
remote-viewer title.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-11-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-02-21 14:09:17 +01:00
Marc-André Lureau
5b1638bc49 spice: do not stop spice if VM is paused
spice_server_vm_start/stop() was added to help migration state (commit
f5bb039c6d).

However, a paused VM could keep running the spice server. This will
allow a Spice client to keep sending commands to a spice chardev. This
allows to stop/cont a VM from a Spice monitor port. Character
devices (vdagent/usb/smartcard/..) should not read from Spice when the
VM is paused.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-6-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-02-21 14:09:17 +01:00
Marc-André Lureau
79216718f9 spice: merge options lists
Passing several -spice options to qemu command line, or calling
several time qemu_opts_set() will ignore all but the first option
list. Since the spice server is a singleton, it makes sense to merge
all the options, the last value being the one taken into account.

This changes the behaviour from, for ex:
$ qemu... -spice port=5900 -spice port=5901 -> port: 5900
to:
$ qemu... -spice port=5900 -spice port=5901 -> port: 5901

(if necessary we could instead produce an error when an option is
given twice, although this makes handling default values and such more
complicated)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-5-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-02-21 14:09:17 +01:00
Marc-André Lureau
83f7180227 spice: avoid spice runtime assert
The Spice server doesn't like to be started or stopped twice . It
aborts with:

(process:6191): Spice-ERROR **: 19:29:35.912: red-worker.c:623:handle_dev_start: assertion `!worker->running' failed

It's easy to avoid that situation since qemu spice_display_is_running
tracks the server state.

After the commit "spice: do not stop spice if VM is paused", it will
be possible to pause and resume the VM, and this will call
qemu_spice_display_start() twice. The easiest is to add a check for
spice_display_is_running with this patch to avoid the assert.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Victor Toso <victortoso@redhat.com>
Message-id: 20190221110703.5775-4-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-02-21 14:09:17 +01:00
Thomas Huth
ac38378950 ui/gtk: Fix the license information
The license information in this file is very messy. A short note at
the beginning says GPL first, but the long boilerplate code then
talks about "GNU Lesser General Public License version 2.0". First,
there is no such version of the "GNU Lesser GPL", it only started with
version 2.1. In version 2.0, it was still called "GNU Library GPL"
instead. Second, you can easily get the license of this file wrong
if you only quickly glance at the long boilerplate code.

Anyway, looking at the text of the LGPL (see COPYING.LIB in the top
directory), the license clearly states in section "3." that one should
rather replace the license information with the GPL information in
such a case of a mixture instead. Thus let's clean up the confusing
statements and use the proper GPL text only.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 1550731902-28842-1-git-send-email-thuth@redhat.com

[ kraxel: s/v2/v2+/ as requested by Daniel ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-02-21 11:45:19 +01:00
Gerd Hoffmann
d51b8cb947 sdl2: drop qemu_input_event_send_key_qcode call
qkbd_state_key_event() does that for us.

Fixes: 07333e1ca3 kbd-state: use state tracker for sdl2
Reported-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: 20190208072744.10687-1-kraxel@redhat.com
2019-02-21 10:43:10 +01:00
Lukáš Hrázký
be812c0ab7 spice: set device address and device display ID in QXL interface
Calls the new SPICE QXL interface function spice_qxl_set_device_info to
set the hardware address of the graphics device represented by the QXL
interface (e.g. a PCI path) and the device display IDs (the IDs of the
device's monitors that belong to this QXL interface).

Also stops using the deprecated spice_qxl_set_max_monitors, the new
interface function replaces it.

Signed-off-by: Lukáš Hrázký <lhrazky@redhat.com>
Message-Id: <20190215150919.8263-1-lhrazky@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-02-21 10:15:26 +01:00
Gerd Hoffmann
3592186015 kbd-state: don't block auto-repeat events
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20190220100235.20914-1-kraxel@redhat.com
2019-02-21 10:13:19 +01:00
Markus Armbruster
5d75648b56 qapi: Generate QAPIEvent stuff into separate files
Having to include qapi-events.h just for QAPIEvent is suboptimal, but
quite tolerable now.  It'll become problematic when we have events
conditional on the target, because then qapi-events.h won't be usable
from target-independent code anymore.  Avoid that by generating it
into separate files.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20190214152251.2073-6-armbru@redhat.com>
2019-02-18 14:44:04 +01:00
Peter Maydell
3e29da9fd8 * cpu-exec fixes (Emilio, Laurent)
* TCG bugfix in queue.h (Paolo)
 * high address load for linuxboot (Zhijian)
 * PVH support (Liam, Stefano)
 * misc i386 changes (Paolo, Robert, Doug)
 * configure tweak for openpty (Thomas)
 * elf2dmp port to Windows (Viktor)
 * initial improvements to Makefile infrastructure (Yang + GSoC 2013)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJcWckyAAoJEL/70l94x66DCU0H/03tjXBR5iVGjBIroSCq7tti
 6+BWvVbDEHQMS9i3BQc6rNgc4ZAyfJ4iO9wQkpx43PltPIG9e6ZiJaCB4F3jmN5f
 3i2LKBXJGFmGNwz8cAq2qpSIBrx7iPeCzbO/BylpwsILfNycb5K35oS7Qr7ezUcj
 xLM5VfW+3TF0SqI0utNHNAlO/xeBOKh+N1Iettqn+L5MAgI9rmnfDkaD3Pmkbw1H
 Iw8yzEypU4Qsqy4zUyb+dppkwSLELOZ24uJVtYnV+HeTwejXD66FMhvFssw0P7kF
 VBK8L6SttYfe9ltUAsXmlLSsnYThCiV0AMclHy8U3mvA47KbBPxTR7u47UDAZSE=
 =2trt
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* cpu-exec fixes (Emilio, Laurent)
* TCG bugfix in queue.h (Paolo)
* high address load for linuxboot (Zhijian)
* PVH support (Liam, Stefano)
* misc i386 changes (Paolo, Robert, Doug)
* configure tweak for openpty (Thomas)
* elf2dmp port to Windows (Viktor)
* initial improvements to Makefile infrastructure (Yang + GSoC 2013)

# gpg: Signature made Tue 05 Feb 2019 17:34:42 GMT
# gpg:                using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream: (76 commits)
  queue: fix QTAILQ_FOREACH_REVERSE_SAFE
  scsi-generic: Convert from DPRINTF() macro to trace events
  scsi-disk: Convert from DPRINTF() macro to trace events
  pc: Use hotplug_handler_(plug|unplug|unplug_request)
  i386: hvf: Fix smp boot hangs
  hw/vfio/Makefile.objs: Create new CONFIG_* variables for VFIO core and PCI
  hw/i2c/Makefile.objs: Create new CONFIG_* variables for EEPROM and ACPI controller
  hw/tricore/Makefile.objs: Create CONFIG_* for tricore
  hw/openrisc/Makefile.objs: Create CONFIG_* for openrisc
  hw/moxie/Makefile.objs: Conditionally build moxie
  hw/hppa/Makefile.objs: Create CONFIG_* for hppa
  hw/cris/Makefile.objs: Create CONFIG_* for cris
  hw/alpha/Makefile.objs: Create CONFIG_* for alpha
  hw/sparc64/Makefile.objs: Create CONFIG_* for sparc64
  hw/riscv/Makefile.objs: Create CONFIG_* for riscv boards
  hw/nios2/Makefile.objs: Conditionally build nios2
  hw/xtensa/Makefile.objs: Build xtensa_sim and xtensa_fpga conditionally
  hw/lm32/Makefile.objs: Conditionally build lm32 and milkmyst
  hw/sparc/Makefile.objs: CONFIG_* for sun4m and leon3 created
  hw/s390/Makefile.objs: Create new CONFIG_* variables for s390x boards and devices
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

# Conflicts:
#	qemu-deprecated.texi
2019-02-05 19:39:22 +00:00