aboutsummaryrefslogtreecommitdiff
path: root/ui/vnc.c
AgeCommit message (Collapse)AuthorFilesLines
2015-06-22Include qapi/qmp/qerror.h exactly where neededMarkus Armbruster1-0/+1
In particular, don't include it into headers. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
2015-06-22qerror: Move #include out of qerror.hMarkus Armbruster1-0/+1
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
2015-06-22qerror: Clean up QERR_ macros to expand into a single stringMarkus Armbruster1-2/+2
These macros expand into error class enumeration constant, comma, string. Unclean. Has been that way since commit 13f59ae. The error class is always ERROR_CLASS_GENERIC_ERROR since the previous commit. Clean up as follows: * Prepend every use of a QERR_ macro by ERROR_CLASS_GENERIC_ERROR, and delete it from the QERR_ macro. No change after preprocessing. * Rewrite error_set(ERROR_CLASS_GENERIC_ERROR, ...) into error_setg(...). Again, no change after preprocessing. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
2015-06-22QemuOpts: Wean off qerror_report_err()Markus Armbruster1-2/+2
qerror_report_err() is a transitional interface to help with converting existing monitor commands to QMP. It should not be used elsewhere. The only remaining user in qemu-option.c is qemu_opts_parse(). Is it used in QMP context? If not, we can simply replace qerror_report_err() by error_report_err(). The uses in qemu-img.c, qemu-io.c, qemu-nbd.c and under tests/ are clearly not in QMP context. The uses in vl.c aren't either, because the only QMP command handlers there are qmp_query_status() and qmp_query_machines(), and they don't call it. Remaining uses: * drive_def(): Command line -drive and such, HMP drive_add and pci_add * hmp_chardev_add(): HMP chardev-add * monitor_parse_command(): HMP core * tmp_config_parse(): Command line -tpmdev * net_host_device_add(): HMP host_net_add * net_client_parse(): Command line -net and -netdev * qemu_global_option(): Command line -global * vnc_parse_func(): Command line -display, -vnc, default display, HMP change, QMP change. Bummer. * qemu_pci_hot_add_nic(): HMP pci_add * usb_net_init(): Command line -usbdevice, HMP usb_add Propagate errors through qemu_opts_parse(). Create a convenience function qemu_opts_parse_noisily() that passes errors to error_report_err(). Switch all non-QMP users outside tests to it. That leaves vnc_parse_func(). Propagate errors through it. Since I'm touching it anyway, rename it to vnc_parse(). Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
2015-06-12Change qemu_set_fd_handler2(..., NULL, ...) to qemu_set_fd_handlerFam Zheng1-15/+12
Done with following Coccinelle semantic patch, plus manual cosmetic changes in net/*.c. @@ expression E1, E2, E3, E4; @@ - qemu_set_fd_handler2(E1, NULL, E2, E3, E4); + qemu_set_fd_handler(E1, E2, E3, E4); Signed-off-by: Fam Zheng <famz@redhat.com> Message-id: 1433400324-7358-8-git-send-email-famz@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-06-09QemuOpts: Convert qemu_opts_foreach() to ErrorMarkus Armbruster1-1/+1
Retain the function value for now, to permit selective conversion of its callers. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Acked-by: Kevin Wolf <kwolf@redhat.com>
2015-05-20vnc: Tweak error when init failsCole Robinson1-2/+1
Before: qemu-system-x86_64: -display vnc=unix:/root/foo.sock: Failed to start VNC server on `(null)': Failed to bind socket to /root/foo.sock: Permission denied After: qemu-system-x86_64: -display vnc=unix:/root/foo.sock: Failed to start VNC server: Failed to bind socket to /root/foo.sock: Permission denied Rather than tweak the string possibly show unix: value as well, just drop the explicit display reporting. We already get the cli string in the error message, that should be sufficient. Signed-off-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-20vnc: Don't assert if opening unix socket failsCole Robinson1-0/+3
Reproducer: $ qemu-system-x86_64 -display vnc=unix:/root/i-cant-access-you.sock qemu-system-x86_64: iohandler.c:60: qemu_set_fd_handler2: Assertion `fd >= 0' failed. Aborted (core dumped) Signed-off-by: Cole Robinson <crobinso@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-20ui: remove check for failure of qemu_acl_init()Daniel P. Berrange1-8/+0
The qemu_acl_init() function has long since stopped being able to return NULL, since g_malloc will abort on OOM. As such the checks for NULL were unreachable code. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-05-20Strip brackets from vnc hostJán Tomko1-1/+8
Commit v2.2.0-1530-ge556032 vnc: switch to inet_listen_opts bypassed the use of inet_parse in inet_listen, making literal IPv6 addresses enclosed in brackets fail: qemu-kvm: -vnc [::1]:0: Failed to start VNC server on `(null)': address resolution failed for [::1]:5900: Name or service not known Strip the brackets to make it work again. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-30ui/vnc : remove 'struct' of 'typedef struct'Chih-Min Chao1-1/+1
Signed-off-by: Chih-Min Chao <cmchao@gmail.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-03-18ui: remove separate gnutls_session for websockets serverDaniel P. Berrange1-16/+2
The previous change to the auth scheme handling guarantees we can never have nested TLS sessions in the VNC websockets server. Thus we can remove the separate gnutls_session instance. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-18ui: enforce TLS when using websockets serverDaniel P. Berrange1-1/+1
When TLS is required, the primary VNC server considers it to be mandatory. ie the server admin decides whether or not TLS is used, and the client has to comply with this decision. The websockets server, however, treated it as optional, allowing non-TLS clients to connect to a server which had setup TLS. Thus enabling websockets lowers the security of the VNC server leaving the admin no way to enforce use of TLS. This removes the code that allows non-TLS fallback in the websockets server, so that if TLS is requested for VNC it is now mandatory for both the primary VNC server and the websockets VNC server. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-18ui: fix setup of VNC websockets auth scheme with TLSDaniel P. Berrange1-5/+50
The way the websockets TLS code was integrated into the VNC server made it essentially useless. The only time that the websockets TLS support could be used is if the primary VNC server had its existing TLS support disabled. ie QEMU had to be launched with: # qemu -vnc localhost:1,websockets=5902,x509=/path/to/certs Note the absence of the 'tls' flag. This is already a bug, because the docs indicate that 'x509' is ignored unless 'tls' is given. If the primary VNC server had TLS turned on via the 'tls' flag, then this prevented the websockets TLS support from being used, because it activates the VeNCrypt auth which would have resulted in TLS being run over a TLS session. Of course no websockets VNC client supported VeNCrypt so in practice, since the browser clients cannot setup a nested TLS session over the main HTTPS connection, so it would not even get past auth. This patch causes us to decide our auth scheme separately for the main VNC server vs the websockets VNC server. We take account of the fact that if TLS is enabled, then the websockets client will use https, so setting up VeNCrypt is thus redundant as it would lead to nested TLS sessions. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-18ui: split setup of VNC auth scheme into separate methodDaniel P. Berrange1-62/+91
The vnc_display_open method is quite long and complex, so move the VNC auth scheme decision logic into a separate method for clarity. Also update the comment to better describe what we are trying to achieve. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-18ui: report error if user requests VNC option that is unsupportedDaniel P. Berrange1-30/+21
If the VNC server is built without tls, sasl or websocket support and the user requests one of these features, they are just silently ignored. This is bad because it means the VNC server ends up running in a configuration that is less secure than the user asked for. It also leads to an tangled mass of preprocessor conditionals when configuring the VNC server. This ensures that the tls, sasl & websocket options are always processed and an error is reported back to the user if any of them were disabled at build time. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-18ui: replace printf() calls with VNC_DEBUGDaniel P. Berrange1-6/+6
Handling of VNC audio messages results in printfs to the console. This is of no use to anyone in production, so should be using the normal VNC_DEBUG macro instead. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-17vnc: Fix QMP change not to use funky error classMarkus Armbruster1-1/+1
Error classes are a leftover from the days of "rich" error objects. New code should always use ERROR_CLASS_GENERIC_ERROR. Commit 1d0d59f added a use of ERROR_CLASS_DEVICE_NOT_FOUND. Replace it. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-12vnc: fix segmentation fault when invalid vnc parameters are specifiedGonglei1-1/+6
Reproducer: #./qemu-system-x86_64 -vnc :0,ip qemu-system-x86_64: -vnc :1,ip: Invalid parameter 'ip' Segmentation fault (core dumped) Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-12vnc: avoid possible file handler leakGonglei1-1/+1
vs->lsock may equal to 0, modify the check condition, avoid possible vs->lsock leak. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-12ui: fix regression in x509verify parameter for VNC serverDaniel P. Berrange1-2/+7
The 'x509verify' parameter is documented as taking a path to the x509 certificates, ie the same syntax as the 'x509' parameter. commit 4db14629c38611061fc19ec6927405923de84f08 Author: Gerd Hoffmann <kraxel@redhat.com> Date: Tue Sep 16 12:33:03 2014 +0200 vnc: switch to QemuOpts, allow multiple servers caused a regression by turning 'x509verify' into a boolean parameter instead. This breaks setup from libvirt and is not consistent with the docs. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-03-12vnc: switch to inet_listen_optsGerd Hoffmann1-34/+41
Use inet_listen_opts instead of inet_listen. Allows us to drop some pointless indirection: Format strings just to parse them again later on. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com>
2015-03-12vnc: remove dead codeGerd Hoffmann1-7/+2
If vs->ws_enabled is set ws_display is non-NULL. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com>
2015-03-12vnc: drop display+ws_display from VncDisplayGerd Hoffmann1-31/+23
Nobody cares about those strings, they are only used to check whenever the vnc server / websocket support is enabled or not. Add bools for this and drop the strings. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com>
2015-03-10vnc: set id at parse time not init timeGerd Hoffmann1-10/+12
This way the generated id will be stored in -writeconfig cfg files. Also we can make vnc_auto_assign_id() local to vnc.c. Tested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-02-16vnc: fix coverity warningGerd Hoffmann1-0/+1
vnc_display_local_addr will not be called with an invalid display id. Add assert() to silence coverity warning about a null pointer dereference. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-02-16ui/vnc: optimize full scanline updatesPeter Lieven1-0/+6
in case we send and update for a complete scanline increment the y offset to avoid running to find_next_bit for that lines twice. Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-02-16vnc: introduce an wrapper for auto assign vnc idGonglei1-7/+15
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-02-16vnc: using bool type instead of int for QEMU_OPT_BOOLGonglei1-5/+5
Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-02-16vnc: correct missing property about vnc_displayGonglei1-3/+23
Missing three property for vnc socket connection, revalue display variable with correct way. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-02-16vnc: fix qemu crash when not configure vnc optionGonglei1-0/+9
Add missing vnc options: to, ipv4, ipv6 and fix qemu crash. Reproducer: $ x86_64-softmmu/qemu-system-x86_64 qemu-system-x86_64: Invalid parameter 'to' Segmentation fault (core dumped) BTW the patch fix the below bug: https://bugs.launchpad.net/qemu/+bug/1414222 Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Don Slutz <dslutz@verizon.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-02-10vnc: g_realloc() can't fail, bury dead error handlingMarkus Armbruster1-4/+0
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Thomas Huth <thuth@linux.vnet.ibm.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-01-22monitor: add vnc websocketsGerd Hoffmann1-3/+12
Add websockets bool to VncBasicInfo, report websocket server sockets, flag websocket client connections. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-22monitor: add query-vnc-servers commandGerd Hoffmann1-0/+133
Add new query vnc qmp command, for the lack of better ideas just name it "query-vnc-servers". Changes over query-vnc: * It returns a list of vnc servers, so multiple vnc server instances are covered. * Each vnc server returns a list of server sockets. Followup patch will use that to also report websockets. In case we add support for multiple server sockets server sockets (to better support ipv4+ipv6 dualstack) we can add them to the list too. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-22vnc: factor out qmp_query_client_listGerd Hoffmann1-15/+15
so we can reuse it for the new vnc query command. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-22vnc: track & limit connectionsGerd Hoffmann1-3/+43
Also track the number of connections in "connecting" and "shared" state (in addition to the "exclusive" state). Apply a configurable limit to these connections. The logic to apply the limit to connections in "shared" state is pretty simple: When the limit is reached no new connections are allowed. The logic to apply the limit to connections in "connecting" state (this is the state you are in *before* successful authentication) is slightly different: A new connect kicks out the oldest client which is still in "connecting" state. This avoids a easy DoS by unauthenticated users by simply opening connections until the limit is reached. Cc: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-22vnc: allow binding servers to qemu consolesGerd Hoffmann1-7/+43
This patch adds a display= parameter to the vnc options. This allows to bind a vnc server instance to a specific display, allowing to create a multiseat setup with a vnc server for each seat. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-22vnc: switch to QemuOpts, allow multiple serversGerd Hoffmann1-101/+169
This patch switches vnc over to QemuOpts, and it (more or less as side effect) allows multiple vnc server instances. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-22vnc: add display id to acl namesGerd Hoffmann1-2/+20
In case the display id is "default" (which is the one you get if you don't explicitly assign one) we keep the old name scheme, without display, for backward compatibility reasons. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com>
2015-01-22vnc: remove unused DisplayState parameter, add id instead.Gerd Hoffmann1-15/+14
DisplayState isn't used anywhere, drop it. Add the vnc server ID as parameter instead, so it is possible to specify the server instance. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com>
2015-01-22vnc: remove vnc_display globalGerd Hoffmann1-22/+41
Replace with a vnc_displays list, so we can have multiple vnc server instances. Add vnc_server_find function to lookup a display by id. With no id supplied return the first vnc server, for backward compatibility reasons. It is not possible (yet) to actually create multiple vnc server instances. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Gonglei <arei.gonglei@huawei.com>
2015-01-19ui/vnc: Support shared surface for most pixman formatsBenjamin Herrenschmidt1-7/+8
At least all the ones I've tested. We make the assumption that pixman is going to be better at conversion than we are. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> [ kraxel: just hook up qemu_pixman_check_format ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-10-28vnc: return directly if no vnc client connectedChenLiang1-5/+5
graphic_hw_update and vnc_refresh_server_surface aren't need to do when no vnc client connected. It can reduce lock contention, because vnc_refresh will hold global big lock two millisecond every three seconds. Signed-off-by: ChenLiang <chenliang88@huawei.com> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-10-28vnc: sanitize bits_per_pixel from the clientPetr Matousek1-0/+10
bits_per_pixel that are less than 8 could result in accessing non-initialized buffers later in the code due to the expectation that bytes_per_pixel value that is used to initialize these buffers is never zero. To fix this check that bits_per_pixel from the client is one of the values that the rfb protocol specification allows. This is CVE-2014-7815. Signed-off-by: Petr Matousek <pmatouse@redhat.com> [ kraxel: apply codestyle fix ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-09-17ui/vnc: set TCP_NODELAYPeter Lieven1-0/+1
we currently have the Nagle algorithm enabled for all outgoing VNC updates. This may delay sensitive updates as mouse movements or typing in the console. As we currently prepare all data in a buffer and then send as much as we can disabling the Nagle algorithm should not cause big trouble. Well established VNC servers like TightVNC set TCP_NODELAY as well. A regular framebuffer update request generates exactly one framebuffer update which should be pushed out as fast as possible. Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-25vnc update fixGerd Hoffmann1-1/+3
We need to remember has_updates for each vnc client. Otherwise it might happen that vnc_update_client(has_dirty=1) takes the first exit due to output buffers not being flushed yet and subsequent calls with has_dirty=0 take the second exit, wrongly assuming there is nothing to do because the work defered in the first call is ignored. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Lieven <pl@kamp.de>
2014-07-25fix full frame updates for VNC clientsStephan Kulow1-0/+1
If the client asks for !incremental frame updates, it has lost its content so dirty doesn't matter - it has to see the full frame, so setting force_update Signed-off-by: Stephan Kulow <coolo@suse.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Peter Lieven <pl@kamp.de>
2014-07-01ui/vnc: fix potential memory corruption issuesPeter Lieven1-80/+69
this patch makes the VNC server work correctly if the server surface and the guest surface have different sizes. Basically the server surface is adjusted to not exceed VNC_MAX_WIDTH x VNC_MAX_HEIGHT and additionally the width is rounded up to multiple of VNC_DIRTY_PIXELS_PER_BIT. If we have a resolution whose width is not dividable by VNC_DIRTY_PIXELS_PER_BIT we now get a small black bar on the right of the screen. If the surface is too big to fit the limits only the upper left area is shown. On top of that this fixes 2 memory corruption issues: The first was actually discovered during playing around with a Windows 7 vServer. During resolution change in Windows 7 it happens sometimes that Windows changes to an intermediate resolution where server_stride % cmp_bytes != 0 (in vnc_refresh_server_surface). This happens only if width % VNC_DIRTY_PIXELS_PER_BIT != 0. The second is a theoretical issue, but is maybe exploitable by the guest. If for some reason the guest surface size is bigger than VNC_MAX_WIDTH x VNC_MAX_HEIGHT we end up in severe corruption since this limit is nowhere enforced. Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-01ui/vnc: limit client_cut_text msg payload sizePeter Lieven1-3/+10
currently a malicious client could define a payload size of 2^32 - 1 bytes and send up to that size of data to the vnc server. The server would allocated that amount of memory which could easily create an out of memory condition. This patch limits the payload size to 1MB max. Please note that client_cut_text messages are currently silently ignored. Signed-off-by: Peter Lieven <pl@kamp.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-23qapi event: convert VNC eventsWenchao Xia1-54/+57
Since VNC_CONNECTED, VNC_DISCONNECTED, VNC_INITIALIZED share some common functions, convert them in one patch. Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>