aboutsummaryrefslogtreecommitdiff
path: root/ui/vnc.c
AgeCommit message (Collapse)AuthorFilesLines
2021-07-14crypto: replace 'des-rfb' cipher with 'des'Daniel P. Berrangé1-3/+17
Currently the crypto layer exposes support for a 'des-rfb' algorithm which is just normal single-DES, with the bits in each key byte reversed. This special key munging is required by the RFB protocol password authentication mechanism. Since the crypto layer is generic shared code, it makes more sense to do the key byte munging in the VNC server code, and expose normal single-DES support. Replacing cipher 'des-rfb' by 'des' looks like an incompatible interface change, but it doesn't matter. While the QMP schema allows any QCryptoCipherAlgorithm for the 'cipher-alg' field in QCryptoBlockCreateOptionsLUKS, the code restricts what can be used at runtime. Thus the only effect is a change in error message. Original behaviour: $ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-rfb qemu-img: demo.luks: Algorithm 'des-rfb' not supported New behaviour: $ qemu-img create -f luks --object secret,id=sec0,data=123 -o cipher-alg=des-rfb,key-secret=sec0 demo.luks 1G Formatting 'demo.luks', fmt=luks size=1073741824 key-secret=sec0 cipher-alg=des-fish qemu-img: demo.luks: Invalid parameter 'des-rfb' Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-06-29ui/vnc: Use qcrypto_tls_creds_check_endpoint()Philippe Mathieu-Daudé1-3/+4
Avoid accessing QCryptoTLSCreds internals by using the qcrypto_tls_creds_check_endpoint() helper. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-06-15vnc: avoid deprecation warnings for SASL on OS XPaolo Bonzini1-8/+2
Apple has deprecated sasl.h functions in OS X 10.11. Therefore, all files that use SASL API need to disable -Wdeprecated-declarations. Remove the only use that is outside vnc-auth-sasl.c and add the relevant #pragma GCC diagnostic there. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20210604120915.286195-1-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-05-21ui/vnc: clipboard supportGerd Hoffmann1-6/+15
This patch adds support for cut+paste to the qemu vnc server, which allows the vnc client exchange clipbaord data with qemu and other peers like the qemu vdagent implementation. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20210519053940.1888907-1-kraxel@redhat.com Message-Id: <20210519053940.1888907-8-kraxel@redhat.com>
2021-05-21vnc: spelling fix (enable->enabled)Michael Tokarev1-1/+1
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210508092558.351102-1-mjt@msgid.tls.msk.ru> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-23vnc: support reload x509 certificates for vncZihao Chang1-0/+28
This patch add vnc_display_reload_certs() to support update x509 certificates. Signed-off-by: Zihao Chang <changzihao1@huawei.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210316075845.1476-3-changzihao1@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-18ui, monitor: remove deprecated VNC ACL option and HMP commandsDaniel P. Berrangé1-38/+0
The VNC ACL concept has been replaced by the pluggable "authz" framework which does not use monitor commands. Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-03-15ui: honour the actual guest display dimensions without roundingDaniel P. Berrangé1-4/+19
A long time ago the VNC server code had some memory corruption fixes done in: commit bea60dd7679364493a0d7f5b54316c767cf894ef Author: Peter Lieven <pl@kamp.de> Date: Mon Jun 30 10:57:51 2014 +0200 ui/vnc: fix potential memory corruption issues One of the implications of the fix was that the VNC server would have a thin black bad down the right hand side if the guest desktop width was not a multiple of 16. In practice this was a non-issue since the VNC server was always honouring a guest specified resolution and guests essentially always pick from a small set of sane resolutions likely in real world hardware. We recently introduced support for the extended desktop resize extension and as a result the VNC client has ability to specify an arbitrary desktop size and the guest OS may well honour it exactly. As a result we no longer have any guarantee that the width will be a multiple of 16, and so when resizing the desktop we have a 93% chance of getting the black bar on the right hand size. The VNC server maintains three different desktop dimensions 1. The guest surface 2. The server surface 3. The client desktop The requirement for the width to be a multiple of 16 only applies to item 2, the server surface, for the purpose of doing dirty bitmap tracking. Normally we will set the client desktop size to always match the server surface size, but that's not a strict requirement. In order to cope with clients that don't support the desktop size encoding, we already allow for the client desktop to be a different size that the server surface. Thus we can trivially eliminate the black bar, but setting the client desktop size to be the un-rounded server surface size - the so called "true width". Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210311182957.486939-5-berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-15ui: use client width/height in WMVi messageDaniel P. Berrangé1-2/+2
The WMVi message is supposed to provide the same width/height information as the regular desktop resize and extended desktop resize messages. There can be times where the client width and height are different from the pixman surface dimensions. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210311182957.486939-4-berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-15ui: add more trace points for VNC client/server messagesDaniel P. Berrangé1-2/+19
This adds trace points for desktop size and audio related messages. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20210311182957.486939-2-berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-15ui: introduce "password-secret" option for VNC serversDaniel P. Berrangé1-1/+22
Currently when using VNC the "password" flag turns on password based authentication. The actual password has to be provided separately via the monitor. This introduces a "password-secret" option which lets the password be provided up front. $QEMU --object secret,id=vncsec0,file=passwd.txt \ --vnc localhost:0,password-secret=vncsec0 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210311114343.439820-2-berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-04ui/console: Pass placeholder surface to displaysAkihiko Odaki1-10/+0
ui/console used to accept NULL as graphic console surface, but its semantics was inconsistent among displays: - cocoa and gtk-egl perform NULL dereference. - egl-headless, spice and spice-egl do nothing. - gtk releases underlying resources. - sdl2-2d and sdl2-gl destroys the window. - vnc shows a message, "Display output is not active." Fortunately, only virtio-gpu and virtio-gpu-3d assign NULL so we can study them to figure out the desired behavior. They assign NULL *except* for the primary display when the device is realized, reset, or its scanout is disabled. This effectively destroys windows for the (uninitialized) secondary displays. To implement the consistent behavior of display device realization/reset, this change embeds it to the operation switching the surface. When NULL was given as a new surface when switching, ui/console will instead passes a placeholder down to each display listeners. sdl destroys the window for a secondary console if its surface is a placeholder. The other displays simply shows the placeholder. Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Message-Id: <20210225101316.83940-2-akihiko.odaki@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-04ui/console: Add placeholder flag to message surfaceAkihiko Odaki1-1/+1
The surfaces created with former qemu_create_message_surface did not display the content from the guest and always contained simple messages describing the reason. A display backend may want to hide the window showing such a surface. This change renames the function to qemu_create_placeholder_surface, and adds "placeholder" flag; the display can check the flag to decide to do anything special like hiding the window. Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Message-Id: <20210225101316.83940-1-akihiko.odaki@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-01-27vnc: send extended desktop resize on update requestsGerd Hoffmann1-0/+3
Unlike other pseudo-encodings these don't break gtk-vnc because older versions don't suport the extended desktop resize extension in the first place. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20210125104041.495274-3-kraxel@redhat.com>
2021-01-27Revert "vnc: move initialization to framebuffer_update_request"Gerd Hoffmann1-4/+7
This reverts commit 9e1632ad07ca49de99da4bb231e9e2f22f2d8df5. Older gtk-vnc versions can't deal with non-incremental update requests sending pseudo-encodings, so trying to send full server state (including desktop size, cursor etc. which is done using pseudo-encodings) doesn't fly. Return to old behavior to send those only for new connects and when changes happen. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20210125104041.495274-2-kraxel@redhat.com>
2021-01-23vnc: support "-vnc help"Paolo Bonzini1-4/+4
Use qemu_opts_parse_noisily now that HMP does not call vnc_parse anymore. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Message-Id: <20210120144235.345983-4-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-01-15vnc: add support for extended desktop resizeGerd Hoffmann1-1/+63
The extended desktop resize encoding adds support for (a) clients sending resize requests to the server, and (b) multihead support. This patch implements (a). All resize requests are rejected by qemu. Qemu can't resize the framebuffer on its own, this is in the hands of the guest, so all qemu can do is forward the request to the guest. Should the guest actually resize the framebuffer we can notify the vnc client later with a separate message. This requires support in the display device. Works with virtio-gpu. https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#extendeddesktopsize-pseudo-encoding Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 20210112134120.2031837-4-kraxel@redhat.com
2021-01-15vnc: move initialization to framebuffer_update_requestGerd Hoffmann1-7/+4
qemu sends various state info like current cursor shape to newly connected clients in response to a set_encoding message. This is not correct according to the rfb spec. Send that information in response to a full (incremental=0) framebuffer update request instead. Also send the resize information unconditionally, not only in case of an actual server-side change. This makes the qemu vnc server conform to the spec and allows clients to request the complete vnc server state without reconnect. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 20210112134120.2031837-3-kraxel@redhat.com
2021-01-15vnc: move check into vnc_cursor_defineGerd Hoffmann1-6/+6
Move the check whenever a cursor exists into the vnc_cursor_define() function so callers don't have to do it. Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 20210112134120.2031837-2-kraxel@redhat.com
2021-01-15vnc: Fix a memleak in vnc_display_connect()Alex Chen1-0/+1
Free the 'sioc' when the qio_channel_socket_connect_sync() fails. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Alex Chen <alex.chen@huawei.com> Reviewed-by: Li Qiang <liq3ea@gmail.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20201126065702.35095-1-alex.chen@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-01-15ui: add support for remote power control to VNC serverDaniel P. Berrangé1-0/+59
The "XVP" (Xen VNC Proxy) extension defines a mechanism for a VNC client to issue power control requests to trigger graceful shutdown, reboot, or hard reset. This option is not enabled by default, since we cannot assume that users with VNC access implicitly have administrator access to the guest OS. Thus is it enabled with a boolean "power-control" option e.g. -vnc :1,power-control=on While, QEMU can easily support shutdown and reset, there's no easy way to wire up reboot support at this time. In theory it could be done by issuing a shutdown, followed by a reset, but there's no convenient wiring for such a pairing in QEMU. It also isn't possible to have the VNC server directly talk to QEMU guest agent, since the agent chardev is typically owned by an external mgmt app. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> [ kraxel: rebase to master ] [ kraxel: add missing break ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-01-15vnc: fix unfinalized tlscreds for VncDisplayZihao Chang1-1/+1
In vnc_display_open(), if tls-creds is enabled, do object_ref(object ref 1->2) for tls-creds. While in vnc_display_close(), object_unparent sets object ref to 1(2->1) and unparent the object for root. Problem: 1. the object can not be found from the objects_root, while the object is not finalized. 2. the qemu_opts of tls-creds(id: creds0) is not deleted, so new tls object with the same id(creds0) can not be delete & add. Signed-off-by: Zihao Chang <changzihao1@huawei.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20210111131911.805-1-changzihao1@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-12-19qapi: Use QAPI_LIST_PREPEND() where possibleEric Blake1-15/+6
Anywhere we create a list of just one item or by prepending items (typically because order doesn't matter), we can use QAPI_LIST_PREPEND(). But places where we must keep the list in order by appending remain open-coded until later patches. Note that as a side effect, this also performs a cleanup of two minor issues in qga/commands-posix.c: the old code was performing new = g_malloc0(sizeof(*ret)); which 1) is confusing because you have to verify whether 'new' and 'ret' are variables with the same type, and 2) would conflict with C++ compilation (not an actual problem for this file, but makes copy-and-paste harder). Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20201113011340.463563-5-eblake@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Acked-by: Stefan Hajnoczi <stefanha@redhat.com> [Straightforward conflicts due to commit a8aa94b5f8 "qga: update schema for guest-get-disks 'dependents' field" and commit a10b453a52 "target/mips: Move mips_cpu_add_definition() from helper.c to cpu.c" resolved. Commit message tweaked.] Signed-off-by: Markus Armbruster <armbru@redhat.com>
2020-12-11ui/vnc: Add missing lock for send_color_mapPeng Liang1-0/+2
vnc_write() should be locked after the RFB protocol is initialized. Fixes: 0c426e4534b4 ("vnc: Add support for color map") Cc: qemu-stable@nongnu.org Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Peng Liang <liangpeng10@huawei.com> Message-id: 20201116141338.148911-1-liangpeng10@huawei.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-12-11vnc: add alpha cursor supportGerd Hoffmann1-3/+18
There is a new vnc extension for cursors with an alpha channel. Use it if supported by the vnc client, prefer it over the "rich cursor" extension which supports only a bitmask for transparency. This is a visible improvement especially on modern desktops which actually use the alpha channel when defining cursors. https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#cursor-with-alpha-pseudo-encoding Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Tested-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 20201208115737.18581-7-kraxel@redhat.com
2020-12-11vnc: drop unused copyrect featureGerd Hoffmann1-3/+0
vnc stopped using the copyrect pseudo encoding in 2017, in commit 50628d3479e4 ("cirrus/vnc: zap bitblit support from console code.") So we can drop the now unused copyrect feature bit. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 20201208115737.18581-5-kraxel@redhat.com
2020-11-04vnc: fix resource leak when websocket channel errorDing Hui1-6/+18
When we connect to vnc by websocket channel, and disconnect (maybe by some network exception) before handshake, qemu will left CLOSE_WAIT socket and never close it After 04d2529da2 ("ui: convert VNC server to use QIOChannelSocket") and dd154c4d9f ("io: fix handling of EOF / error conditions in websock GSource"), the vnc call qio_channel_add_watch only care about G_IO_IN, but mising G_IO_HUP and G_IO_ERR. When the websocket channel get EOF or error, it cannot callback, because the caller ignore the event, that leads to resource leak We need handle G_IO_HUP and G_IO_ERR event, then cleanup the channel Fixes: 04d2529da2 ("ui: convert VNC server to use QIOChannelSocket") Fixes: dd154c4d9f ("io: fix handling of EOF / error conditions in websock GSource") Cc: qemu-stable@nongnu.org Signed-off-by: Ding Hui <dinghui@sangfor.com.cn> Message-id: 20201029032241.11040-1-dinghui@sangfor.com.cn Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-07-10qom: Crash more nicely on object_property_get_link() failureMarkus Armbruster1-1/+1
Pass &error_abort instead of NULL where the returned value is dereferenced or asserted to be non-null. Drop a now redundant assertion. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20200707160613.848843-24-armbru@redhat.com>
2020-07-02vnc: Plug minor memory leak in vnc_display_open()Markus Armbruster1-2/+1
vnc_display_print_local_addr() leaks the Error object when qio_channel_socket_get_local_address() fails. Seems unlikely. Called when we create a VNC display with vnc_display_open(). Plug the leak by passing NULL to ignore the error. Cc: Daniel P. Berrange <berrange@redhat.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20200630090351.1247703-12-armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-07-02Clean up some calls to ignore Error objects the right wayMarkus Armbruster1-2/+1
Receiving the error in a local variable only to free it is less clear (and also less efficient) than passing NULL. Clean up. Cc: Daniel P. Berrange <berrange@redhat.com> Cc: Jerome Forissier <jerome@forissier.org> CC: Greg Kurz <groug@kaod.org> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <20200630090351.1247703-4-armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-05-26audio: Let capture_callback handler use const buffer argumentPhilippe Mathieu-Daudé1-1/+1
The buffer is the captured input to pass to backends. As we should not modify it, mark the argument const. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20200505132603.8575-3-f4bug@amsat.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-21vnc: prioritize ZRLE compression over ZLIBCameron Esfahani1-2/+9
In my investigation, ZRLE always compresses better than ZLIB so prioritize ZRLE over ZLIB, even if the client hints that ZLIB is preferred. zlib buffer is always reset in zrle_compress_data(), so using offset to calculate next_out and avail_out is useless. Signed-off-by: Cameron Esfahani <dirty@apple.com> Message-Id: <b5d129895d08a90d0a2a6183b95875bacfa998b8.1579582674.git.dirty@apple.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-01-21Revert "vnc: allow fall back to RAW encoding"Gerd Hoffmann1-18/+2
This reverts commit de3f7de7f4e257ce44cdabb90f5f17ee99624557. Remove VNC optimization to reencode framebuffer update as raw if it's smaller than the default encoding. QEMU's implementation was naive and didn't account for the ZLIB z_stream mutating with each compression. Because of the mutation, simply resetting the output buffer's offset wasn't sufficient to "rewind" the operation. The mutated z_stream would generate future zlib blocks which referred to symbols in past blocks which weren't sent. This would lead to artifacting. Considering that ZRLE is never larger than raw and even though ZLIB can occasionally be fractionally larger than raw, the overhead of implementing this optimization correctly isn't worth it. Signed-off-by: Cameron Esfahani <dirty@apple.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-12-18vnc: drop Error pointer indirection in vnc_client_io_errorVladimir Sementsov-Ogievskiy1-13/+7
We don't need Error **, as all callers pass local Error object, which isn't used after the call, or NULL. Use Error * instead. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20191205174635.18758-6-vsementsov@virtuozzo.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
2019-09-17vnc: fix memory leak when vnc disconnectLi Qiang1-12/+16
Currently when qemu receives a vnc connect, it creates a 'VncState' to represent this connection. In 'vnc_worker_thread_loop' it creates a local 'VncState'. The connection 'VcnState' and local 'VncState' exchange data in 'vnc_async_encoding_start' and 'vnc_async_encoding_end'. In 'zrle_compress_data' it calls 'deflateInit2' to allocate the libz library opaque data. The 'VncState' used in 'zrle_compress_data' is the local 'VncState'. In 'vnc_zrle_clear' it calls 'deflateEnd' to free the libz library opaque data. The 'VncState' used in 'vnc_zrle_clear' is the connection 'VncState'. In currently implementation there will be a memory leak when the vnc disconnect. Following is the asan output backtrack: Direct leak of 29760 byte(s) in 5 object(s) allocated from: 0 0xffffa67ef3c3 in __interceptor_calloc (/lib64/libasan.so.4+0xd33c3) 1 0xffffa65071cb in g_malloc0 (/lib64/libglib-2.0.so.0+0x571cb) 2 0xffffa5e968f7 in deflateInit2_ (/lib64/libz.so.1+0x78f7) 3 0xaaaacec58613 in zrle_compress_data ui/vnc-enc-zrle.c:87 4 0xaaaacec58613 in zrle_send_framebuffer_update ui/vnc-enc-zrle.c:344 5 0xaaaacec34e77 in vnc_send_framebuffer_update ui/vnc.c:919 6 0xaaaacec5e023 in vnc_worker_thread_loop ui/vnc-jobs.c:271 7 0xaaaacec5e5e7 in vnc_worker_thread ui/vnc-jobs.c:340 8 0xaaaacee4d3c3 in qemu_thread_start util/qemu-thread-posix.c:502 9 0xffffa544e8bb in start_thread (/lib64/libpthread.so.0+0x78bb) 10 0xffffa53965cb in thread_start (/lib64/libc.so.6+0xd55cb) This is because the opaque allocated in 'deflateInit2' is not freed in 'deflateEnd'. The reason is that the 'deflateEnd' calls 'deflateStateCheck' and in the latter will check whether 's->strm != strm'(libz's data structure). This check will be true so in 'deflateEnd' it just return 'Z_STREAM_ERROR' and not free the data allocated in 'deflateInit2'. The reason this happens is that the 'VncState' contains the whole 'VncZrle', so when calling 'deflateInit2', the 's->strm' will be the local address. So 's->strm != strm' will be true. To fix this issue, we need to make 'zrle' of 'VncState' to be a pointer. Then the connection 'VncState' and local 'VncState' exchange mechanism will work as expection. The 'tight' of 'VncState' has the same issue, let's also turn it to a pointer. Reported-by: Ying Fang <fangying1@huawei.com> Signed-off-by: Li Qiang <liq3ea@163.com> Message-id: 20190831153922.121308-1-liq3ea@163.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-09-17vnc: fix websocket field in eventsGerd Hoffmann1-0/+1
Just need to fill VncClientInfo.websocket in vnc_client_cache_addr(). Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1748175 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20190904055250.22421-1-kraxel@redhat.com
2019-09-03socket: Add num connections to qio_net_listener_open_sync()Juan Quintela1-2/+2
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
2019-08-21audio: add audiodev property to vnc and wav_captureKővágó, Zoltán1-1/+14
Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: 8cbc9e865bbf40850c14340fc0549e6ac2d5fe9c.1566168923.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-08-21audio: basic support for multi backend audioKővágó, Zoltán1-1/+1
Audio functions no longer access glob_audio_state, instead they get an AudioState as a parameter. This is required in order to support multiple backends. glob_audio_state is also gone, and replaced with a tailq so we can store more than one states. Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Message-id: 67aef54f9e729a7160fe95c465351115e392164b.1566168923.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-08-16Include qemu/main-loop.h lessMarkus Armbruster1-0/+1
In my "build everything" tree, changing qemu/main-loop.h triggers a recompile of some 5600 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h). It includes block/aio.h, which in turn includes qemu/event_notifier.h, qemu/notify.h, qemu/processor.h, qemu/qsp.h, qemu/queue.h, qemu/thread-posix.h, qemu/thread.h, qemu/timer.h, and a few more. Include qemu/main-loop.h only where it's needed. Touching it now recompiles only some 1700 objects. For block/aio.h and qemu/event_notifier.h, these numbers drop from 5600 to 2800. For the others, they shrink only slightly. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190812052359.30071-21-armbru@redhat.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-08-16trace: Do not include qom/cpu.h into generated trace.hMarkus Armbruster1-0/+1
docs/devel/tracing.txt explains "since many source files include trace.h, [the generated trace.h use] a minimum of types and other header files included to keep the namespace clean and compile times and dependencies down." Commit 4815185902 "trace: Add per-vCPU tracing states for events with the 'vcpu' property" made them all include qom/cpu.h via control-internal.h. qom/cpu.h in turn includes about thirty headers. Ouch. Per-vCPU tracing is currently not supported in sub-directories' trace-events. In other words, qom/cpu.h can only be used in trace-root.h, not in any trace.h. Split trace/control-vcpu.h off trace/control.h and trace/control-internal.h. Have the generated trace.h include trace/control.h (which no longer includes qom/cpu.h), and trace-root.h include trace/control-vcpu.h (which includes it). The resulting improvement is a bit disappointing: in my "build everything" tree, some 1100 out of 6600 objects (not counting tests and objects that don't depend on qemu/osdep.h) depend on a trace.h, and about 600 of them no longer depend on qom/cpu.h. But more than 1300 others depend on trace-root.h. More work is clearly needed. Left for another day. Cc: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20190812052359.30071-8-armbru@redhat.com>
2019-06-12Include qemu/module.h where needed, drop it from qemu-common.hMarkus Armbruster1-0/+1
Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20190523143508.25387-4-armbru@redhat.com> [Rebased with conflicts resolved automatically, except for hw/usb/dev-hub.c hw/misc/exynos4210_rng.c hw/misc/bcm2835_rng.c hw/misc/aspeed_scu.c hw/display/virtio-vga.c hw/arm/stm32f205_soc.c; ui/cocoa.m fixed up]
2019-05-22ui/vnc: Use gcrypto_random_bytes for start_auth_vncRichard Henderson1-11/+11
Use a better interface for random numbers than rand(). Fail gracefully if for some reason we cannot use the crypto system. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-05-22ui/vnc: Split out authentication_failedRichard Henderson1-22/+15
There were 3 copies of this code, one of which used the wrong data size for the failure indicator. Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2019-03-12Merge remote-tracking branch ↵Peter Maydell1-13/+13
'remotes/kraxel/tags/audio-20190312-pull-request' into staging audio: introduce -audiodev # gpg: Signature made Tue 12 Mar 2019 07:12:19 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/audio-20190312-pull-request: audio: -audiodev command line option: cleanup wavaudio: port to -audiodev config spiceaudio: port to -audiodev config sdlaudio: port to -audiodev config paaudio: port to -audiodev config ossaudio: port to -audiodev config noaudio: port to -audiodev config dsoundaudio: port to -audiodev config coreaudio: port to -audiodev config alsaaudio: port to -audiodev config audio: -audiodev command line option basic implementation audio: -audiodev command line option: documentation audio: use qapi AudioFormat instead of audfmt_e qapi: qapi for audio backends Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # qemu-deprecated.texi
2019-03-11audio: use qapi AudioFormat instead of audfmt_eKővágó, Zoltán1-13/+13
I had to include an enum for audio sampling formats into qapi, but that meant duplicating the audfmt_e enum. This patch replaces audfmt_e and associated values with the qapi generated AudioFormat enum. This patch is mostly a search-and-replace, except for switches where the qapi generated AUDIO_FORMAT_MAX caused problems. Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-id: 01251b2758a1679c66842120b77c0fb46d7d0eaf.1552083282.git.DirtY.iCE.hu@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11vnc: allow specifying a custom authorization object nameDaniel P. Berrange1-9/+49
The VNC server has historically had support for ACLs to check both the SASL username and the TLS x509 distinguished name. The VNC server was responsible for creating the initial ACL, and the client app was then responsible for populating it with rules using the HMP 'acl_add' command. This is not satisfactory for a variety of reasons. There is no way to populate the ACLs from the command line, users are forced to use the HMP. With multiple network services all supporting TLS and ACLs now, it is desirable to be able to define a single ACL that is referenced by all services. To address these limitations, two new options are added to the VNC server CLI. The 'tls-authz' option takes the ID of a QAuthZ object to use for checking TLS x509 distinguished names, and the 'sasl-authz' option takes the ID of another object to use for checking SASL usernames. In this example, we setup two authorization rules. The first allows any client with a certificate issued by the 'RedHat' organization in the 'London' locality. The second ACL allows clients with either the 'joe@REDHAT.COM' or 'fred@REDHAT.COM' kerberos usernames. Both checks must pass for the user to be allowed. $QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\ endpoint=server,verify-peer=yes \ -object authz-simple,id=authz0,policy=deny,\ rules.0.match=O=RedHat,,L=London,rules.0.policy=allow \ -object authz-simple,id=authz1,policy=deny,\ rules.0.match=fred@REDHAT.COM,rules.0.policy=allow \ rules.0.match=joe@REDHAT.COM,rules.0.policy=allow \ -vnc 0.0.0.0:1,tls-creds=tls0,tls-authz=authz0, sasl,sasl-authz=authz1 \ ...other QEMU args... Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-id: 20190227145755.26556-2-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-03-11vnc: fix update stallsGerd Hoffmann1-0/+6
vnc aborts display update jobs on video mode switches and page flips. That can cause vnc update stalls in case an unfinished vnc job gets aborted. The vnc client will never receive the requested update then. Fix that by copying the state from job_update back to update in that case. Reports complain about stalls with two or more clients being connected at the same time, on some but not all connections. I suspect it can also happen with a single connection, multiple connections only make this more much likely to happen. Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1662260 Reported-by: Ying Fang <fangying1@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Ying Fang <fangying1@huawei.com> Message-id: 20190305130930.24516-1-kraxel@redhat.com
2019-02-26authz: delete existing ACL implementationDaniel P. Berrange1-12/+25
The 'qemu_acl' type was a previous non-QOM based attempt to provide an authorization facility in QEMU. Because it is non-QOM based it cannot be created via the command line and requires special monitor commands to manipulate it. The new QAuthZ subclasses provide a superset of the functionality in qemu_acl, so the latter can now be deleted. The HMP 'acl_*' monitor commands are converted to use the new QAuthZSimple data type instead in order to provide temporary backwards compatibility. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2019-02-18qapi: Generate QAPIEvent stuff into separate filesMarkus Armbruster1-1/+2
Having to include qapi-events.h just for QAPIEvent is suboptimal, but quite tolerable now. It'll become problematic when we have events conditional on the target, because then qapi-events.h won't be usable from target-independent code anymore. Avoid that by generating it into separate files. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20190214152251.2073-6-armbru@redhat.com>