If we need to, we should use the pixman formats instead but for
now this is unused except in commented out code so take it out
to avoid further confusion about surface endianness.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Helper function for copying data from linebuf to framebuffer using
pixman, possibly converting in case src and dst formats differ.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Calls dpy_gfx_update for all dirty scanlines. Works for
DisplaySurfaces backed by guest memory (i.e. the ones created
using qemu_create_displaysurface_guestmem).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch adds a qemu_create_displaysurface_guestmem helper function.
Works simliar to qemu_create_displaysurface_from, but accepts a
guest address instead of a host pointer and it handles
cpu_physical_memory_{map,unmap} for you.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
With this patch the qemu console core stops using PixelFormat and pixman
format codes side-by-side, pixman format code is the primary way to
specify the DisplaySurface format:
* DisplaySurface stops carrying a PixelFormat field.
* qemu_create_displaysurface_from() expects a pixman format now.
Functions to convert PixelFormat to pixman_format_code_t (and back)
exist for those who still use PixelFormat. As PixelFormat allows
easy access to masks and shifts it will probably continue to exist.
[ xenfb added by Benjamin Herrenschmidt ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use the new qemu_pixelformat_from_pixman and qemu_default_pixman_format
functions to reimplement qemu_default_pixelformat
(qemu_different_endianness_pixelformat too).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Function to convert pixman format codes to qemu PixelFormat.
[ Benjamin Herrenschmidt: fix BGRA+RGBA shifts ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Related spice-only bug. We have a fixed 16 MB buffer here, being
presented to the spice-server as qxl video memory in case spice is
used with a non-qxl card. It's also used with qxl in vga mode.
When using display resolutions requiring more than 16 MB of memory we
are going to overflow that buffer. In theory the guest can write,
indirectly via spice-server. The spice-server clears the memory after
setting a new video mode though, triggering a segfault in the overflow
case, so qemu crashes before the guest has a chance to do something
evil.
Fix that by switching to dynamic allocation for the buffer.
CVE-2014-3615
Cc: qemu-stable@nongnu.org
Cc: secalert@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
imitate nearby code about using '!value' or 'value == NULL'
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
We need to remember has_updates for each vnc client. Otherwise it might
happen that vnc_update_client(has_dirty=1) takes the first exit due to
output buffers not being flushed yet and subsequent calls with
has_dirty=0 take the second exit, wrongly assuming there is nothing to
do because the work defered in the first call is ignored.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Peter Lieven <pl@kamp.de>
If the client asks for !incremental frame updates, it has lost its content
so dirty doesn't matter - it has to see the full frame, so setting force_update
Signed-off-by: Stephan Kulow <coolo@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Peter Lieven <pl@kamp.de>
(Resending for correct email addresses via MAINTAINERS ...)
In the GTK UI, after changing focus to the qemu monitor Notebook Page,
when restoring focus to the virtual machine page, the keyboard focus is lost
to a hidden GTK widget. Focus can only be restored to the virtual machine by
pressing "tab" or any of the four directional arrow keys.
Clicking in the window or grabbing/ungrabbing input does not restore keyboard
focus to the child widget.
This patch adjusts the Notebook page switching callback to automatically
steal keyboard focus on the Page switch event, so that keyboard input
does not appear to break or disappear after tabbing to the QEMU monitor.
Signed-off-by: John Snow <jsnow@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Set auth to sasl when sasl is enabled, this makes "info spice" correctly
display sasl auth. Also throw an error in case someone tries to set
a spice password via monitor without auth mode being "spice".
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
this patch makes the VNC server work correctly if the
server surface and the guest surface have different sizes.
Basically the server surface is adjusted to not exceed VNC_MAX_WIDTH
x VNC_MAX_HEIGHT and additionally the width is rounded up to multiple of
VNC_DIRTY_PIXELS_PER_BIT.
If we have a resolution whose width is not dividable by VNC_DIRTY_PIXELS_PER_BIT
we now get a small black bar on the right of the screen.
If the surface is too big to fit the limits only the upper left area is shown.
On top of that this fixes 2 memory corruption issues:
The first was actually discovered during playing
around with a Windows 7 vServer. During resolution
change in Windows 7 it happens sometimes that Windows
changes to an intermediate resolution where
server_stride % cmp_bytes != 0 (in vnc_refresh_server_surface).
This happens only if width % VNC_DIRTY_PIXELS_PER_BIT != 0.
The second is a theoretical issue, but is maybe exploitable
by the guest. If for some reason the guest surface size is bigger
than VNC_MAX_WIDTH x VNC_MAX_HEIGHT we end up in severe corruption since
this limit is nowhere enforced.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
currently a malicious client could define a payload
size of 2^32 - 1 bytes and send up to that size of
data to the vnc server. The server would allocated
that amount of memory which could easily create an
out of memory condition.
This patch limits the payload size to 1MB max.
Please note that client_cut_text messages are currently
silently ignored.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Honour the -show-cursor command line option (which forces the mouse pointer
to always be displayed even when input is grabbed) in the Cocoa UI backend.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1403516125-14568-5-git-send-email-peter.maydell@linaro.org
Fix handling of absolute positioning devices, which were basically
unusable for two separate reasons:
(1) as soon as you pressed the left mouse button we would call
CGAssociateMouseAndMouseCursorPosition(FALSE), which means that
the absolute coordinates of the mouse events are never updated
(2) we didn't account for MacOSX coordinate origin being bottom left
rather than top right, and so all the Y values sent to the guest
were inverted
We fix (1) by aligning our behaviour with the SDL UI backend for
absolute devices:
* when the mouse moves into the window we do a grab (which means
hiding the host cursor and sending special keys to the guest)
* when the mouse moves out of the window we un-grab
and fix (2) by doing the correct transformation in the call to
qemu_input_queue_abs().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1403516125-14568-4-git-send-email-peter.maydell@linaro.org
Add a utility method to check whether a point is within the current window
bounds, and use it in the various places in the mouse handling code that
were opencoding the check.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1403516125-14568-3-git-send-email-peter.maydell@linaro.org
Do the recalculation of the content dimensions in switchSurface if the
current cdx is zero as well as if the new surface is a different size to
the current window. This catches the case where the first surface registered
happens to be 640x480 (our current window size), and fixes a bug where we
would always display a black screen until the first surface of a different
size was registered.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1403516125-14568-2-git-send-email-peter.maydell@linaro.org
The next patch will modify this function to initialize state that is
common to all backends.
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
SPICE_INITIALIZED, SPICE_CONNECTED, SPICE_DISCONNECTED and
SPICE_MIGRATE_COMPLETED are converted in one patch, since they
use some common functions. inet_strfamily() is removed since no
callers exist anymore.
Note that there is no existing doc for SPICE_MIGRATE_COMPLETED
in docs/qmp/qmp-events.txt before this patch.
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Since VNC_CONNECTED, VNC_DISCONNECTED, VNC_INITIALIZED share some
common functions, convert them in one patch.
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
In order to let event defines use existing types later, instead of
redefine new ones, some old type defines for spice and vnc are changed,
and BlockErrorAction is moved from block.h to qapi schema. Note that
BlockErrorAction is not merged with BlockdevOnError.
At this point, VncInfo is not made a child of VncBasicInfo, because
VncBasicInfo has mandatory fields where VncInfo makes them optional.
Signed-off-by: Wenchao Xia <wenchaoqemu@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
Bug was added by 38ee14f4f3.
vnc_jobs_join call is missing in one code path.
Reported-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
So you'll have a mouse pointer when running non-qxl gfx cards with
mouse pointer support (virtio-gpu, IIRC vmware too).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Make configure detect gtk x11 backend and link libX11 then. Make
gtk backend specific code properly #ifdef'ed on the GTK_WINDOWING_*
backends at runtime). Our gtk ui code should build and run fine on
any platform now.
This also fixes the linker failute due to the new XkbGetKeyboard call
added by commit 3158a3482b.
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrange <berrange@redhat.com>
Current code silently changes the authentication settings
in case you try to set a password without password authentication
turned on. This is bad. Return an error instead.
If we want allow changing auth settings at runtime this should
be done explicitly using a separate monitor command, not as
side effect of set_passwd.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add function to bind input devices to display devices. Implementing
input routing on top of this: Events coming from the display device in
question are routed to the input device bound to it (if there is one).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Without the mask, control bits are passed on in the keycode, generating
incorrect PS/2 sequences when SHIFT, ALT, etc are held down.
Cc: qemu-stable@nongnu.org
Signed-off-by: Andrew Oates <andrew@aoates.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Major overhaul for window size handling. This basically switches qemu
over to use geometry hints for the window manager instead of trying to
get the job done with widget resize requests. This allows to specify
better what we need and also avoids window resizes.
FIXME: on gtk2 someone overwrites the geometry hints :(
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Currently only evdev keycodes are handled by the gtk-ui. SDL has
code to handle both. This patch adds similar processing so that
both keycode types will be handled via the gtk-ui.
Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
It's pointless. With grab on hover enabled the keyboard grab
is already active when you press Ctrl-Alt-G ;)
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
"View->Detach tab" will move to tab to a new window.
Simply closing the window will move it back into a notebook tab.
The label will be permamently stored in VirtualConsole->label,
so it can easily be reused to (re-)label tabs and windows.
Works for vte tabs only for now. pointer/kbd grab code needs
adaptions before we can enable it for gfx tabs too.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Simply ask for a small window size. When the widgets don't fit in gtk
will automatically make the window large enougth to make things fit, no
need to try (and fail) duplicate that logic in qemu.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Each display gets its own tab. Tab switching continues to work like it
did, just the hotkeys of the vte consoles changes in case a secondary
display is present as it will get ctrl-alt-2 assigned and the vtes are
shifted by one.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Only show the scrollbar if the content doesn't fit on the visible space.
[ kraxel: fix box packing ]
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The vte tabs simply get the size of the vga tab then, with whatever
cols and lines are fitting in. I find this bahavior more useful than
resizing the qemu window all day long.
YMMV. Comments are welcome.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The vte widget implements the scrollable interface, placing it into
a scrolled window is pointless and creates a bunch of strange effects.
Zap it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Have a global timer. Update all visible terminal windows syncronously.
Right now this can be the active_console only, but that will change
soon. The global timer will disable itself if not needed, so we only
have to care start it if needed. Which might be at console switch time
or when a new displaychangelistener is registered.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
These days each QemuConsole has its own private DisplaySurface,
so we can simply render updates all the time.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Now that we have a function to create a fancy DisplaySurface with a
message for the user, to handle non-existing graphics hardware, we
can make it more generic and use it for other things too.
This patch adds a text line to the in initial DisplaySurface, notifying
the user that the display isn't initialized yet by the guest.
You can see this in action when starting qemu with '-S'. Also when
booting ovmf in qemu (which needs a few moments to initialize itself
before it initializes the vga).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
All defined properties of QemuConsole are mandatory and no access to them
should fail. Nevertheless not checking returned errors is bad because in case
of unexpected failure it will hide the bug and cause a memory leak.
Abort in case of unexpected property access errors. This change exposed a bug
where an attempt was made to write to a read-only property "head".
Set "head" property's value at creation time and do not attempt to change it
later. This fixes the bug mentioned above.
Signed-off-by: Kirill Batuzov <batuzovk@ispras.ru>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
With sparc keyboard going directly from QKeyValue to sparc keycodes
this should not be needed any more.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Current Makefile system allows using foo.o-cflags variables to store
object-specific CFLAGS. Convert some usages of old syntax
(using QEMU_CFLAGS += construct) to the new syntax.
Do not touch multifile modules for now, as build system isn't ready for this.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Only notify spice-server about migration events in case we got
target host information beforehand. So we kick the seamless spice
client migration only in case a actual live migration happens, not
when libvirt uses live-migration-to-file for snapshotting.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
In case no listening address was specified, "info spice" reports
"0.0.0.0" as address. Which is incorrect in case spice is listening
on ipv6. Replace it by a wildcard "*" to indicate it is not limited
to a specific address.
Note: Being more specific is not possible without extending the
spice-server api. The socket is handled by spice-server not
qemu, so qemu can't easily figure the actual socket address.
Reported-by: David Jaša <djasa@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
There was already a forward declaration using 'static',
but the attribute was missing in the implementation.
This fixes a warning from the static code analysis (smatch).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
In SDL2, wheel movement is its own event, not a button event. Wire
it up similar to gtk.c
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Allows you to resize the sdl2 window and have the guest notice.
[ kraxel: zero-initialize QemuUIInfo ]
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When keyboard focus is grabbed, current qemu wants to pass every
keypress to the VM, unless the user is pressing a UI accelerator.
That's exactly how things work without any of the fancy handling. Drop
the special handling, which seems to trigger accelerators twice on gtk3.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Peter Maydell