aboutsummaryrefslogtreecommitdiff
path: root/ui/vnc.c
AgeCommit message (Collapse)AuthorFilesLines
2022-10-11ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_extMauro Matteo Cascella1-3/+8
Extended ClientCutText messages start with a 4-byte header. If len < 4, an integer underflow occurs in vnc_client_cut_text_ext. The result is used to decompress data in a while loop in inflate_buffer, leading to CPU consumption and denial of service. Prevent this by checking dlen in protocol_client_msg. Fixes: CVE-2022-3165 Fixes: 0bf41cab93e5 ("ui/vnc: clipboard support") Reported-by: TangPeng <tangpeng@qianxin.com> Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com> Message-Id: <20220925204511.1103214-1-mcascell@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-04-27Merge tag 'kraxel-20220427-pull-request' of git://git.kraxel.org/qemu into ↵Richard Henderson1-80/+76
staging vnc: add display-update monitor command. screendump: add png support. vmsvga: screen update fix. i386: sev setup for -bios loaded firmware # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmJpfYUACgkQTLbY7tPo # cTg6ChAAn5EWtNwmVbfbVzRTu0kqdx7QXyK6FFgTgXrsrmBCWzJhHDraYa9cMOZU # wBlU/Rutuv9ETvtRTRic3t0qcdRmvZjpHuA/3agBMJY7xpEQbQ8NwVdSRZTOZo0i # hXzWEAnxviEv8F/W1TXwB5d2Q9sWlJ2yO8SvcxTfAEK7hOSFrWypp3XRKr5WBHjO # DFTtwqTk9MRNsgsfnpEHNGDb30JPTqKZKRbDal15NDR9fQz+iCq3FIv/FpBaUfys # v9GA2zNT324MvhR64xNblaujCn2XFOsFvDY4nGDrfbKGJch8ltAg5t4G1CCZqOn7 # NIiwodC0508sAv9xUm+qvh+oHyf11EFdcAMWYimrExY2I51XOEDnJip/SAdogo5u # h7LyLkZTEG5tyc+a4PGIcC216ecDDNytMnJM9nh9YK3p5UiBOgcHV2wWDdzJbsdS # GRoP0fzF/MBQd985HBCF2vtQVk4AbQA7atZ8FKp1ZsHr3sFfs+vd0xyItsDMinBP # k/eKOOKbHRgXcdIocw4PK16yURrMo5IUGCGGiG9waqYz+VDyHhtikBAzQvYYdnqN # NaZttCcEieIk4XNd+wCfI0GQLtOY/AP1k8TV0rCaDTnO6nOxJ/uP64IaCzxzCT10 # b8VRdCfYDGjd2C14XYKmTzBRPM4hVrf9bo7FtXVtmSksTG+eIao= # =yaxh # -----END PGP SIGNATURE----- # gpg: Signature made Wed 27 Apr 2022 10:29:41 AM PDT # gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [undefined] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [undefined] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * tag 'kraxel-20220427-pull-request' of git://git.kraxel.org/qemu: i386: firmware parsing and sev setup for -bios loaded firmware i386: factor out x86_firmware_configure() i386: move bios load error message avocado/vnc: add test_change_listen qapi/ui: add 'display-update' command for changing listen address ui/vnc: refactor arrays of addresses to SocketAddressList Added parameter to take screenshot with screendump as PNG Replacing CONFIG_VNC_PNG with CONFIG_PNG hw/display/vmware_vga: do not discard screen updates Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-04-27qapi/ui: add 'display-update' command for changing listen addressVladimir Sementsov-Ogievskiy1-0/+23
Add possibility to change addresses where VNC server listens for new connections. Prior to 6.0 this functionality was available through 'change' qmp command which was deleted. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@openvz.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220401143936.356460-3-vsementsov@openvz.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-04-27ui/vnc: refactor arrays of addresses to SocketAddressListVladimir Sementsov-Ogievskiy1-78/+51
Let's use SocketAddressList instead of dynamic arrays. Benefits: - Automatic cleanup: don't need specific freeing function and drop some gotos. - Less indirection: no triple asterix anymore! - Prepare for the following commit, which will reuse new interface of vnc_display_listen(). Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@openvz.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220401143936.356460-2-vsementsov@openvz.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-04-27Replacing CONFIG_VNC_PNG with CONFIG_PNGKshitij Suri1-2/+2
Libpng is only detected if VNC is enabled currently. This patch adds a generalised png option in the meson build which is aimed to replace use of CONFIG_VNC_PNG with CONFIG_PNG. Signed-off-by: Kshitij Suri <kshitij.suri@nutanix.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220408071336.99839-2-kshitij.suri@nutanix.com> [ kraxel: add meson-buildoptions.sh updates ] [ kraxel: fix centos8 testcase ] [ kraxel: update --enable-vnc-png too ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --enable-vnc-png fixup Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-04-26softmmu: remove deprecated --enable-fips optionDaniel P. Berrangé1-7/+0
Users requiring FIPS support must build QEMU with either the libgcrypt or gnutls libraries as the crytography backend. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-04-21Move error_printf_unless_qmp() with monitor unitMarc-André Lureau1-0/+1
Since it depends on monitor code, and error_vprintf_unless_qmp() is already there. This will help to move error-report in a common subproject. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220420132624.2439741-31-marcandre.lureau@redhat.com>
2022-04-06Remove qemu-common.h include from most unitsMarc-André Lureau1-1/+0
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20220323155743.1585078-33-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-06Replace config-time define HOST_WORDS_BIGENDIANMarc-André Lureau1-1/+1
Replace a config-time define with a compile time condition define (compatible with clang and gcc) that must be declared prior to its usage. This avoids having a global configure time define, but also prevents from bad usage, if the config header wasn't included before. This can help to make some code independent from qemu too. gcc supports __BYTE_ORDER__ from about 4.6 and clang from 3.2. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> [ For the s390x parts I'm involved in ] Acked-by: Halil Pasic <pasic@linux.ibm.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220323155743.1585078-7-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-03-18ui: avoid unnecessary memory operations in vnc_refresh_server_surface()Wen, Jianxian1-9/+17
Check the dirty bits in advance to avoid unnecessary memory operations. In the case that guest surface has different format than the server, but it does not have dirty bits which means no refresh is actually needed, the memory operations is not necessary. Signed-off-by: Jianxian Wen <jianxian.wen@verisilicon.com> Signed-off-by: Lu Gao <lu.gao@verisilicon.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <4C23C17B8E87E74E906A25A3254A03F4FA22100C@SHASXM06.verisilicon.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-01-13ui/vnc.c: Fixed a deadlock bug.Rao Lei1-2/+2
The GDB statck is as follows: (gdb) bt 0 __lll_lock_wait (futex=futex@entry=0x56211df20360, private=0) at lowlevellock.c:52 1 0x00007f263caf20a3 in __GI___pthread_mutex_lock (mutex=0x56211df20360) at ../nptl/pthread_mutex_lock.c:80 2 0x000056211a757364 in qemu_mutex_lock_impl (mutex=0x56211df20360, file=0x56211a804857 "../ui/vnc-jobs.h", line=60) at ../util/qemu-thread-posix.c:80 3 0x000056211a0ef8c7 in vnc_lock_output (vs=0x56211df14200) at ../ui/vnc-jobs.h:60 4 0x000056211a0efcb7 in vnc_clipboard_send (vs=0x56211df14200, count=1, dwords=0x7ffdf1701338) at ../ui/vnc-clipboard.c:138 5 0x000056211a0f0129 in vnc_clipboard_notify (notifier=0x56211df244c8, data=0x56211dd1bbf0) at ../ui/vnc-clipboard.c:209 6 0x000056211a75dde8 in notifier_list_notify (list=0x56211afa17d0 <clipboard_notifiers>, data=0x56211dd1bbf0) at ../util/notify.c:39 7 0x000056211a0bf0e6 in qemu_clipboard_update (info=0x56211dd1bbf0) at ../ui/clipboard.c:50 8 0x000056211a0bf05d in qemu_clipboard_peer_release (peer=0x56211df244c0, selection=QEMU_CLIPBOARD_SELECTION_CLIPBOARD) at ../ui/clipboard.c:41 9 0x000056211a0bef9b in qemu_clipboard_peer_unregister (peer=0x56211df244c0) at ../ui/clipboard.c:19 10 0x000056211a0d45f3 in vnc_disconnect_finish (vs=0x56211df14200) at ../ui/vnc.c:1358 11 0x000056211a0d4c9d in vnc_client_read (vs=0x56211df14200) at ../ui/vnc.c:1611 12 0x000056211a0d4df8 in vnc_client_io (ioc=0x56211ce70690, condition=G_IO_IN, opaque=0x56211df14200) at ../ui/vnc.c:1649 13 0x000056211a5b976c in qio_channel_fd_source_dispatch (source=0x56211ce50a00, callback=0x56211a0d4d71 <vnc_client_io>, user_data=0x56211df14200) at ../io/channel-watch.c:84 14 0x00007f263ccede8e in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 15 0x000056211a77d4a1 in glib_pollfds_poll () at ../util/main-loop.c:232 16 0x000056211a77d51f in os_host_main_loop_wait (timeout=958545) at ../util/main-loop.c:255 17 0x000056211a77d630 in main_loop_wait (nonblocking=0) at ../util/main-loop.c:531 18 0x000056211a45bc8e in qemu_main_loop () at ../softmmu/runstate.c:726 19 0x000056211a0b45fa in main (argc=69, argv=0x7ffdf1701778, envp=0x7ffdf17019a8) at ../softmmu/main.c:50 From the call trace, we can see it is a deadlock bug. vnc_disconnect_finish will acquire the output_mutex. But, the output_mutex will be acquired again in vnc_clipboard_send. Repeated locking will cause deadlock. So, I move qemu_clipboard_peer_unregister() behind vnc_unlock_output(); Fixes: 0bf41cab93e ("ui/vnc: clipboard support") Signed-off-by: Lei Rao <lei.rao@intel.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20220105020808.597325-1-lei.rao@intel.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-12-21ui: do not delay further remote resizeMarc-André Lureau1-1/+1
A remote client, such as Spice, will already avoid flooding the stream by delaying the resize requests. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-12-21ui: generalize clipboard notifierMarc-André Lureau1-1/+1
Use a QemuClipboardNotify union type for extendable clipboard events. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-07-14crypto: replace 'des-rfb' cipher with 'des'Daniel P. Berrangé1-3/+17
Currently the crypto layer exposes support for a 'des-rfb' algorithm which is just normal single-DES, with the bits in each key byte reversed. This special key munging is required by the RFB protocol password authentication mechanism. Since the crypto layer is generic shared code, it makes more sense to do the key byte munging in the VNC server code, and expose normal single-DES support. Replacing cipher 'des-rfb' by 'des' looks like an incompatible interface change, but it doesn't matter. While the QMP schema allows any QCryptoCipherAlgorithm for the 'cipher-alg' field in QCryptoBlockCreateOptionsLUKS, the code restricts what can be used at runtime. Thus the only effect is a change in error message. Original behaviour: $ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-rfb qemu-img: demo.luks: Algorithm 'des-rfb' not supported New behaviour: $ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-fish qemu-img: demo.luks: Invalid parameter 'des-rfb' Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-06-29ui/vnc: Use qcrypto_tls_creds_check_endpoint()Philippe Mathieu-Daudé1-3/+4
Avoid accessing QCryptoTLSCreds internals by using the qcrypto_tls_creds_check_endpoint() helper. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-06-15vnc: avoid deprecation warnings for SASL on OS XPaolo Bonzini1-8/+2
Apple has deprecated sasl.h functions in OS X 10.11. Therefore, all files that use SASL API need to disable -Wdeprecated-declarations. Remove the only use that is outside vnc-auth-sasl.c and add the relevant #pragma GCC diagnostic there. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20210604120915.286195-1-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-05-21ui/vnc: clipboard supportGerd Hoffmann1-6/+15
This patch adds support for cut+paste to the qemu vnc server, which allows the vnc client exchange clipbaord data with qemu and other peers like the qemu vdagent implementation. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20210519053940.1888907-1-kraxel@redhat.com Message-Id: <20210519053940.1888907-8-kraxel@redhat.com>
2021-05-21vnc: spelling fix (enable->enabled)Michael Tokarev1-1/+1
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210508092558.351102-1-mjt@msgid.tls.msk.ru> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-23vnc: support reload x509 certificates for vncZihao Chang1-0/+28
This patch add vnc_display_reload_certs() to support update x509 certificates. Signed-off-by: Zihao Chang <changzihao1@huawei.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210316075845.1476-3-changzihao1@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-18ui, monitor: remove deprecated VNC ACL option and HMP commandsDaniel P. Berrangé1-38/+0
The VNC ACL concept has been replaced by the pluggable "authz" framework which does not use monitor commands. Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-15ui: honour the actual guest display dimensions without roundingDaniel P. Berrangé1-4/+19
A long time ago the VNC server code had some memory corruption fixes done in: commit bea60dd7679364493a0d7f5b54316c767cf894ef Author: Peter Lieven <pl@kamp.de> Date: Mon Jun 30 10:57:51 2014 +0200 ui/vnc: fix potential memory corruption issues One of the implications of the fix was that the VNC server would have a thin black bad down the right hand side if the guest desktop width was not a multiple of 16. In practice this was a non-issue since the VNC server was always honouring a guest specified resolution and guests essentially always pick from a small set of sane resolutions likely in real world hardware. We recently introduced support for the extended desktop resize extension and as a result the VNC client has ability to specify an arbitrary desktop size and the guest OS may well honour it exactly. As a result we no longer have any guarantee that the width will be a multiple of 16, and so when resizing the desktop we have a 93% chance of getting the black bar on the right hand size. The VNC server maintains three different desktop dimensions 1. The guest surface 2. The server surface 3. The client desktop The requirement for the width to be a multiple of 16 only applies to item 2, the server surface, for the purpose of doing dirty bitmap tracking. Normally we will set the client desktop size to always match the server surface size, but that's not a strict requirement. In order to cope with clients that don't support the desktop size encoding, we already allow for the client desktop to be a different size that the server surface. Thus we can trivially eliminate the black bar, but setting the client desktop size to be the un-rounded server surface size - the so called "true width". Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210311182957.486939-5-berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-15ui: use client width/height in WMVi messageDaniel P. Berrangé1-2/+2
The WMVi message is supposed to provide the same width/height information as the regular desktop resize and extended desktop resize messages. There can be times where the client width and height are different from the pixman surface dimensions. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210311182957.486939-4-berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-15ui: add more trace points for VNC client/server messagesDaniel P. Berrangé1-2/+19
This adds trace points for desktop size and audio related messages. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210311182957.486939-2-berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-15ui: introduce "password-secret" option for VNC serversDaniel P. Berrangé1-1/+22
Currently when using VNC the "password" flag turns on password based authentication. The actual password has to be provided separately via the monitor. This introduces a "password-secret" option which lets the password be provided up front. $QEMU --object secret,id=vncsec0,file=passwd.txt \ --vnc localhost:0,password-secret=vncsec0 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210311114343.439820-2-berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-04ui/console: Pass placeholder surface to displaysAkihiko Odaki1-10/+0
ui/console used to accept NULL as graphic console surface, but its semantics was inconsistent among displays: - cocoa and gtk-egl perform NULL dereference. - egl-headless, spice and spice-egl do nothing. - gtk releases underlying resources. - sdl2-2d and sdl2-gl destroys the window. - vnc shows a message, "Display output is not active." Fortunately, only virtio-gpu and virtio-gpu-3d assign NULL so we can study them to figure out the desired behavior. They assign NULL *except* for the primary display when the device is realized, reset, or its scanout is disabled. This effectively destroys windows for the (uninitialized) secondary displays. To implement the consistent behavior of display device realization/reset, this change embeds it to the operation switching the surface. When NULL was given as a new surface when switching, ui/console will instead passes a placeholder down to each display listeners. sdl destroys the window for a secondary console if its surface is a placeholder. The other displays simply shows the placeholder. Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Message-Id: <20210225101316.83940-2-akihiko.odaki@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-04ui/console: Add placeholder flag to message surfaceAkihiko Odaki1-1/+1
The surfaces created with former qemu_create_message_surface did not display the content from the guest and always contained simple messages describing the reason. A display backend may want to hide the window showing such a surface. This change renames the function to qemu_create_placeholder_surface, and adds "placeholder" flag; the display can check the flag to decide to do anything special like hiding the window. Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Message-Id: <20210225101316.83940-1-akihiko.odaki@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-01-27vnc: send extended desktop resize on update requestsGerd Hoffmann1-0/+3
Unlike other pseudo-encodings these don't break gtk-vnc because older versions don't suport the extended desktop resize extension in the first place. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20210125104041.495274-3-kraxel@redhat.com>
2021-01-27Revert "vnc: move initialization to framebuffer_update_request"Gerd Hoffmann1-4/+7
This reverts commit 9e1632ad07ca49de99da4bb231e9e2f22f2d8df5. Older gtk-vnc versions can't deal with non-incremental update requests sending pseudo-encodings, so trying to send full server state (including desktop size, cursor etc. which is done using pseudo-encodings) doesn't fly. Return to old behavior to send those only for new connects and when changes happen. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20210125104041.495274-2-kraxel@redhat.com>
2021-01-23vnc: support "-vnc help"Paolo Bonzini1-4/+4
Use qemu_opts_parse_noisily now that HMP does not call vnc_parse anymore. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Message-Id: <20210120144235.345983-4-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-01-15vnc: add support for extended desktop resizeGerd Hoffmann1-1/+63
The extended desktop resize encoding adds support for (a) clients sending resize requests to the server, and (b) multihead support. This patch implements (a). All resize requests are rejected by qemu. Qemu can't resize the framebuffer on its own, this is in the hands of the guest, so all qemu can do is forward the request to the guest. Should the guest actually resize the framebuffer we can notify the vnc client later with a separate message. This requires support in the display device. Works with virtio-gpu. https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#extendeddesktopsize-pseudo-encoding Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 20210112134120.2031837-4-kraxel@redhat.com
2021-01-15vnc: move initialization to framebuffer_update_requestGerd Hoffmann1-7/+4
qemu sends various state info like current cursor shape to newly connected clients in response to a set_encoding message. This is not correct according to the rfb spec. Send that information in response to a full (incremental=0) framebuffer update request instead. Also send the resize information unconditionally, not only in case of an actual server-side change. This makes the qemu vnc server conform to the spec and allows clients to request the complete vnc server state without reconnect. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 20210112134120.2031837-3-kraxel@redhat.com
2021-01-15vnc: move check into vnc_cursor_defineGerd Hoffmann1-6/+6
Move the check whenever a cursor exists into the vnc_cursor_define() function so callers don't have to do it. Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 20210112134120.2031837-2-kraxel@redhat.com
2021-01-15vnc: Fix a memleak in vnc_display_connect()Alex Chen1-0/+1
Free the 'sioc' when the qio_channel_socket_connect_sync() fails. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Alex Chen <alex.chen@huawei.com> Reviewed-by: Li Qiang <liq3ea@gmail.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20201126065702.35095-1-alex.chen@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-01-15ui: add support for remote power control to VNC serverDaniel P. Berrangé1-0/+59
The "XVP" (Xen VNC Proxy) extension defines a mechanism for a VNC client to issue power control requests to trigger graceful shutdown, reboot, or hard reset. This option is not enabled by default, since we cannot assume that users with VNC access implicitly have administrator access to the guest OS. Thus is it enabled with a boolean "power-control" option e.g. -vnc :1,power-control=on While, QEMU can easily support shutdown and reset, there's no easy way to wire up reboot support at this time. In theory it could be done by issuing a shutdown, followed by a reset, but there's no convenient wiring for such a pairing in QEMU. It also isn't possible to have the VNC server directly talk to QEMU guest agent, since the agent chardev is typically owned by an external mgmt app. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> [ kraxel: rebase to master ] [ kraxel: add missing break ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-01-15vnc: fix unfinalized tlscreds for VncDisplayZihao Chang1-1/+1
In vnc_display_open(), if tls-creds is enabled, do object_ref(object ref 1->2) for tls-creds. While in vnc_display_close(), object_unparent sets object ref to 1(2->1) and unparent the object for root. Problem: 1. the object can not be found from the objects_root, while the object is not finalized. 2. the qemu_opts of tls-creds(id: creds0) is not deleted, so new tls object with the same id(creds0) can not be delete & add. Signed-off-by: Zihao Chang <changzihao1@huawei.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210111131911.805-1-changzihao1@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-12-19qapi: Use QAPI_LIST_PREPEND() where possibleEric Blake1-15/+6
Anywhere we create a list of just one item or by prepending items (typically because order doesn't matter), we can use QAPI_LIST_PREPEND(). But places where we must keep the list in order by appending remain open-coded until later patches. Note that as a side effect, this also performs a cleanup of two minor issues in qga/commands-posix.c: the old code was performing new = g_malloc0(sizeof(*ret)); which 1) is confusing because you have to verify whether 'new' and 'ret' are variables with the same type, and 2) would conflict with C++ compilation (not an actual problem for this file, but makes copy-and-paste harder). Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20201113011340.463563-5-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Acked-by: Stefan Hajnoczi <stefanha@redhat.com> [Straightforward conflicts due to commit a8aa94b5f8 "qga: update schema for guest-get-disks 'dependents' field" and commit a10b453a52 "target/mips: Move mips_cpu_add_definition() from helper.c to cpu.c" resolved. Commit message tweaked.] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2020-12-11ui/vnc: Add missing lock for send_color_mapPeng Liang1-0/+2
vnc_write() should be locked after the RFB protocol is initialized. Fixes: 0c426e4534b4 ("vnc: Add support for color map") Cc: qemu-stable@nongnu.org Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Peng Liang <liangpeng10@huawei.com> Message-id: 20201116141338.148911-1-liangpeng10@huawei.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-12-11vnc: add alpha cursor supportGerd Hoffmann1-3/+18
There is a new vnc extension for cursors with an alpha channel. Use it if supported by the vnc client, prefer it over the "rich cursor" extension which supports only a bitmask for transparency. This is a visible improvement especially on modern desktops which actually use the alpha channel when defining cursors. https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#cursor-with-alpha-pseudo-encoding Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Tested-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 20201208115737.18581-7-kraxel@redhat.com
2020-12-11vnc: drop unused copyrect featureGerd Hoffmann1-3/+0
vnc stopped using the copyrect pseudo encoding in 2017, in commit 50628d3479e4 ("cirrus/vnc: zap bitblit support from console code.") So we can drop the now unused copyrect feature bit. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 20201208115737.18581-5-kraxel@redhat.com
2020-11-04vnc: fix resource leak when websocket channel errorDing Hui1-6/+18
When we connect to vnc by websocket channel, and disconnect (maybe by some network exception) before handshake, qemu will left CLOSE_WAIT socket and never close it After 04d2529da2 ("ui: convert VNC server to use QIOChannelSocket") and dd154c4d9f ("io: fix handling of EOF / error conditions in websock GSource"), the vnc call qio_channel_add_watch only care about G_IO_IN, but mising G_IO_HUP and G_IO_ERR. When the websocket channel get EOF or error, it cannot callback, because the caller ignore the event, that leads to resource leak We need handle G_IO_HUP and G_IO_ERR event, then cleanup the channel Fixes: 04d2529da2 ("ui: convert VNC server to use QIOChannelSocket") Fixes: dd154c4d9f ("io: fix handling of EOF / error conditions in websock GSource") Cc: qemu-stable@nongnu.org Signed-off-by: Ding Hui <dinghui@sangfor.com.cn> Message-id: 20201029032241.11040-1-dinghui@sangfor.com.cn Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-07-10qom: Crash more nicely on object_property_get_link() failureMarkus Armbruster1-1/+1
Pass &error_abort instead of NULL where the returned value is dereferenced or asserted to be non-null. Drop a now redundant assertion. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20200707160613.848843-24-armbru@redhat.com>
2020-07-02vnc: Plug minor memory leak in vnc_display_open()Markus Armbruster1-2/+1
vnc_display_print_local_addr() leaks the Error object when qio_channel_socket_get_local_address() fails. Seems unlikely. Called when we create a VNC display with vnc_display_open(). Plug the leak by passing NULL to ignore the error. Cc: Daniel P. Berrange <berrange@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20200630090351.1247703-12-armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-07-02Clean up some calls to ignore Error objects the right wayMarkus Armbruster1-2/+1
Receiving the error in a local variable only to free it is less clear (and also less efficient) than passing NULL. Clean up. Cc: Daniel P. Berrange <berrange@redhat.com> Cc: Jerome Forissier <jerome@forissier.org> CC: Greg Kurz <groug@kaod.org> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <20200630090351.1247703-4-armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-05-26audio: Let capture_callback handler use const buffer argumentPhilippe Mathieu-Daudé1-1/+1
The buffer is the captured input to pass to backends. As we should not modify it, mark the argument const. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20200505132603.8575-3-f4bug@amsat.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-21vnc: prioritize ZRLE compression over ZLIBCameron Esfahani1-2/+9
In my investigation, ZRLE always compresses better than ZLIB so prioritize ZRLE over ZLIB, even if the client hints that ZLIB is preferred. zlib buffer is always reset in zrle_compress_data(), so using offset to calculate next_out and avail_out is useless. Signed-off-by: Cameron Esfahani <dirty@apple.com> Message-Id: <b5d129895d08a90d0a2a6183b95875bacfa998b8.1579582674.git.dirty@apple.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-21Revert "vnc: allow fall back to RAW encoding"Gerd Hoffmann1-18/+2
This reverts commit de3f7de7f4e257ce44cdabb90f5f17ee99624557. Remove VNC optimization to reencode framebuffer update as raw if it's smaller than the default encoding. QEMU's implementation was naive and didn't account for the ZLIB z_stream mutating with each compression. Because of the mutation, simply resetting the output buffer's offset wasn't sufficient to "rewind" the operation. The mutated z_stream would generate future zlib blocks which referred to symbols in past blocks which weren't sent. This would lead to artifacting. Considering that ZRLE is never larger than raw and even though ZLIB can occasionally be fractionally larger than raw, the overhead of implementing this optimization correctly isn't worth it. Signed-off-by: Cameron Esfahani <dirty@apple.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-12-18vnc: drop Error pointer indirection in vnc_client_io_errorVladimir Sementsov-Ogievskiy1-13/+7
We don't need Error **, as all callers pass local Error object, which isn't used after the call, or NULL. Use Error * instead. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20191205174635.18758-6-vsementsov@virtuozzo.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2019-09-17vnc: fix memory leak when vnc disconnectLi Qiang1-12/+16
Currently when qemu receives a vnc connect, it creates a 'VncState' to represent this connection. In 'vnc_worker_thread_loop' it creates a local 'VncState'. The connection 'VcnState' and local 'VncState' exchange data in 'vnc_async_encoding_start' and 'vnc_async_encoding_end'. In 'zrle_compress_data' it calls 'deflateInit2' to allocate the libz library opaque data. The 'VncState' used in 'zrle_compress_data' is the local 'VncState'. In 'vnc_zrle_clear' it calls 'deflateEnd' to free the libz library opaque data. The 'VncState' used in 'vnc_zrle_clear' is the connection 'VncState'. In currently implementation there will be a memory leak when the vnc disconnect. Following is the asan output backtrack: Direct leak of 29760 byte(s) in 5 object(s) allocated from: 0 0xffffa67ef3c3 in __interceptor_calloc (/lib64/libasan.so.4+0xd33c3) 1 0xffffa65071cb in g_malloc0 (/lib64/libglib-2.0.so.0+0x571cb) 2 0xffffa5e968f7 in deflateInit2_ (/lib64/libz.so.1+0x78f7) 3 0xaaaacec58613 in zrle_compress_data ui/vnc-enc-zrle.c:87 4 0xaaaacec58613 in zrle_send_framebuffer_update ui/vnc-enc-zrle.c:344 5 0xaaaacec34e77 in vnc_send_framebuffer_update ui/vnc.c:919 6 0xaaaacec5e023 in vnc_worker_thread_loop ui/vnc-jobs.c:271 7 0xaaaacec5e5e7 in vnc_worker_thread ui/vnc-jobs.c:340 8 0xaaaacee4d3c3 in qemu_thread_start util/qemu-thread-posix.c:502 9 0xffffa544e8bb in start_thread (/lib64/libpthread.so.0+0x78bb) 10 0xffffa53965cb in thread_start (/lib64/libc.so.6+0xd55cb) This is because the opaque allocated in 'deflateInit2' is not freed in 'deflateEnd'. The reason is that the 'deflateEnd' calls 'deflateStateCheck' and in the latter will check whether 's->strm != strm'(libz's data structure). This check will be true so in 'deflateEnd' it just return 'Z_STREAM_ERROR' and not free the data allocated in 'deflateInit2'. The reason this happens is that the 'VncState' contains the whole 'VncZrle', so when calling 'deflateInit2', the 's->strm' will be the local address. So 's->strm != strm' will be true. To fix this issue, we need to make 'zrle' of 'VncState' to be a pointer. Then the connection 'VncState' and local 'VncState' exchange mechanism will work as expection. The 'tight' of 'VncState' has the same issue, let's also turn it to a pointer. Reported-by: Ying Fang <fangying1@huawei.com> Signed-off-by: Li Qiang <liq3ea@163.com> Message-id: 20190831153922.121308-1-liq3ea@163.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-09-17vnc: fix websocket field in eventsGerd Hoffmann1-0/+1
Just need to fill VncClientInfo.websocket in vnc_client_cache_addr(). Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1748175 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20190904055250.22421-1-kraxel@redhat.com
2019-09-03socket: Add num connections to qio_net_listener_open_sync()Juan Quintela1-2/+2
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>