Skip to content
Snippets Groups Projects
Select Git revision
  • feature/libtcg-rebase default protected
1 result
Search by author
  • Any Author
  • Anton Anton anjo
1 author
  1. Jan 15, 2021
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/kraxel/tags/ui-20210115-pull-request' into staging · 7cb6b973
      Peter Maydell authored 
      
ui/gtk: refresh rate fixes.
ui/vnc: add support for desktop resize and power contol.
ui/vnc: misc bugfixes.

# gpg: Signature made Fri 15 Jan 2021 10:24:10 GMT
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20210115-pull-request:
  vnc: add support for extended desktop resize
  vnc: move initialization to framebuffer_update_request
  vnc: move check into vnc_cursor_define
  vnc: Fix a memleak in vnc_display_connect()
  ui: add support for remote power control to VNC server
  vnc: fix unfinalized tlscreds for VncDisplay
  ui/gtk: update monitor interval on egl displays
  ui/gtk: expose gd_monitor_update_interval
  ui/gtk: limit virtual console max update interval
  ui/gtk: rename variable window to widget
  ui/gtk: don't try to redefine SI prefixes

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      7cb6b973
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/gkurz-gitlab/tags/9p-next-2021-01-15' into staging · a968a380
      Peter Maydell authored 
      
Fix for CVE-2021-20181

# gpg: Signature made Fri 15 Jan 2021 08:52:19 GMT
# gpg:                using RSA key B4828BAF943140CEF2A3491071D4D5E5822F73D6
# gpg: Good signature from "Greg Kurz <groug@kaod.org>" [full]
# gpg:                 aka "Gregory Kurz <gregory.kurz@free.fr>" [full]
# gpg:                 aka "[jpeg image of size 3330]" [full]
# Primary key fingerprint: B482 8BAF 9431 40CE F2A3  4910 71D4 D5E5 822F 73D6

* remotes/gkurz-gitlab/tags/9p-next-2021-01-15:
  9pfs: Fully restart unreclaim loop (CVE-2021-20181)

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      a968a380
    • Peter Maydell's avatar
      Merge remote-tracking branch 'remotes/philmd-gitlab/tags/mips-20210114' into staging · 256af05f
      Peter Maydell authored 
      
MIPS patches queue

- Simplify CPU/ISA definitions
- Various maintenance code movements in translate.c
- Convert part of the MSA ASE instructions to decodetree
- Convert some instructions removed from Release 6 to decodetree
- Remove deprecated 'fulong2e' machine alias

# gpg: Signature made Thu 14 Jan 2021 16:16:29 GMT
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/mips-20210114: (69 commits)
  docs/system: Remove deprecated 'fulong2e' machine alias
  target/mips: Remove vendor specific CPU definitions
  target/mips: Remove CPU_NANOMIPS32 definition
  target/mips: Remove CPU_R5900 definition
  target/mips: Convert Rel6 LL/SC opcodes to decodetree
  target/mips: Convert Rel6 LLD/SCD opcodes to decodetree
  target/mips: Convert Rel6 LDL/LDR/SDL/SDR opcodes to decodetree
  target/mips: Convert Rel6 LWLE/LWRE/SWLE/SWRE opcodes to decodetree
  target/mips: Convert Rel6 LWL/LWR/SWL/SWR opcodes to decodetree
  target/mips: Convert Rel6 CACHE/PREF opcodes to decodetree
  target/mips: Convert Rel6 COP1X opcode to decodetree
  target/mips: Convert Rel6 Special2 opcode to decodetree
  target/mips: Remove now unreachable LSA/DLSA opcodes code
  target/mips: Introduce decodetree helpers for Release6 LSA/DLSA opcodes
  target/mips: Introduce decodetree helpers for MSA LSA/DLSA opcodes
  target/mips: Extract LSA/DLSA translation generators
  target/mips: Use decode_ase_msa() generated from decodetree
  target/mips: Introduce decode tree bindings for MSA ASE
  target/mips: Pass TCGCond argument to MSA gen_check_zero_element()
  target/mips: Extract MSA translation routines
  ...

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      256af05f
    • Gerd Hoffmann's avatar
      vnc: add support for extended desktop resize · 763deea7
      Gerd Hoffmann authored 
      The extended desktop resize encoding adds support for (a) clients
sending resize requests to the server, and (b) multihead support.

This patch implements (a).  All resize requests are rejected by qemu.
Qemu can't resize the framebuffer on its own, this is in the hands of
the guest, so all qemu can do is forward the request to the guest.
Should the guest actually resize the framebuffer we can notify the vnc
client later with a separate message.

This requires support in the display device.  Works with virtio-gpu.

https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#extendeddesktopsize-pseudo-encoding



Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
Reviewed-by: default avatarDaniel P. Berrangé <berrange@redhat.com>
Message-id: 20210112134120.2031837-4-kraxel@redhat.com
      763deea7
    • Gerd Hoffmann's avatar
      vnc: move initialization to framebuffer_update_request · 9e1632ad
      Gerd Hoffmann authored 
      
qemu sends various state info like current cursor shape to newly connected
clients in response to a set_encoding message.  This is not correct according
to the rfb spec.  Send that information in response to a full (incremental=0)
framebuffer update request instead.  Also send the resize information
unconditionally, not only in case of an actual server-side change.

This makes the qemu vnc server conform to the spec and allows clients to
request the complete vnc server state without reconnect.

Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
Reviewed-by: default avatarDaniel P. Berrangé <berrange@redhat.com>
Message-id: 20210112134120.2031837-3-kraxel@redhat.com
      9e1632ad
    • Gerd Hoffmann's avatar
      vnc: move check into vnc_cursor_define · b3c2de9c
      Gerd Hoffmann authored 
      
Move the check whenever a cursor exists into the vnc_cursor_define()
function so callers don't have to do it.

Suggested-by: default avatarMarc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
Reviewed-by: default avatarMarc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: default avatarDaniel P. Berrangé <berrange@redhat.com>
Message-id: 20210112134120.2031837-2-kraxel@redhat.com
      b3c2de9c
    • Alex Chen's avatar
      vnc: Fix a memleak in vnc_display_connect() · 5f8679fe
      Alex Chen authored 
      
Free the 'sioc' when the qio_channel_socket_connect_sync() fails.

Reported-by: default avatarEuler Robot <euler.robot@huawei.com>
Signed-off-by: default avatarAlex Chen <alex.chen@huawei.com>
Reviewed-by: default avatarLi Qiang <liq3ea@gmail.com>
Reviewed-by: default avatarLaurent Vivier <laurent@vivier.eu>
Message-Id: <20201126065702.35095-1-alex.chen@huawei.com>
Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      5f8679fe
    • Daniel P. Berrangé's avatar
      ui: add support for remote power control to VNC server · 7b5fa0b5
      Daniel P. Berrangé authored 
      
The "XVP" (Xen VNC Proxy) extension defines a mechanism for a VNC client
to issue power control requests to trigger graceful shutdown, reboot, or
hard reset.

This option is not enabled by default, since we cannot assume that users
with VNC access implicitly have administrator access to the guest OS.

Thus is it enabled with a boolean "power-control" option e.g.

   -vnc :1,power-control=on

While, QEMU can easily support shutdown and reset, there's no easy way
to wire up reboot support at this time. In theory it could be done by
issuing a shutdown, followed by a reset, but there's no convenient
wiring for such a pairing in QEMU. It also isn't possible to have the
VNC server directly talk to QEMU guest agent, since the agent chardev is
typically owned by an external mgmt app.

Signed-off-by: default avatarDaniel P. Berrangé <berrange@redhat.com>

[ kraxel: rebase to master  ]
[ kraxel: add missing break ]

Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      7b5fa0b5
    • Zihao Chang's avatar
      vnc: fix unfinalized tlscreds for VncDisplay · 521534df
      Zihao Chang authored 
      
In vnc_display_open(), if tls-creds is enabled, do object_ref(object
ref 1->2) for tls-creds. While in vnc_display_close(), object_unparent
sets object ref to 1(2->1) and  unparent the object for root.
Problem:
1. the object can not be found from the objects_root, while the object
is not finalized.
2. the qemu_opts of tls-creds(id: creds0) is not deleted, so new tls
object with the same id(creds0) can not be delete & add.

Signed-off-by: default avatarZihao Chang <changzihao1@huawei.com>
Reviewed-by: default avatarDaniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210111131911.805-1-changzihao1@huawei.com>
Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      521534df
    • Nikola Pavlica's avatar
      ui/gtk: update monitor interval on egl displays · cab82424
      Nikola Pavlica authored 
      
When running QEMU's GTK UI without EGL or OGL, the
gd_monitor_update_interval function gets executed and the display refresh
rate gets updated accordingly. However, when using EGL or just regular
OGL, the function never gets executed.

Which is why I decided that the function should be in gd_egl_refresh
where the display output gets updated, in the same vain as how it's done
for normal GTK UIs (aka. those without EGL) - in it's display refresh
function.

Since the gd_monitor_update_interval function now is exposed, we are
going to use it to update the refresh rate.

Signed-off-by: default avatarNikola Pavlica <pavlica.nikola@gmail.com>
Message-Id: <20210114140153.301473-3-pavlica.nikola@gmail.com>
Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      cab82424
    • Nikola Pavlica's avatar
      ui/gtk: expose gd_monitor_update_interval · 0fdc9977
      Nikola Pavlica authored 
      
The gd_egl_refresh function, as the name suggests, is responsible for
refreshing displays when using EGL graphics with QEMU's GTK UI. This is
a perfect candidate for a function to update the refresh rate in.

Since gd_monitor_update_interval is inaccessible from the gd_egl_refresh
function, we need to expose/globalize it in the include/ui/gtk.h file.

Signed-off-by: default avatarNikola Pavlica <pavlica.nikola@gmail.com>
Message-Id: <20210114140153.301473-2-pavlica.nikola@gmail.com>
Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      0fdc9977
    • Volker Rümelin's avatar
      ui/gtk: limit virtual console max update interval · 3c4b8f83
      Volker Rümelin authored 
      Limit the virtual console maximum update interval to
GUI_REFRESH_INTERVAL_DEFAULT. This papers over a integer
overflow bug in gtk3 on Windows where the reported monitor
refresh frequency can be much smaller than the real refresh
frequency.

The gtk bug report can be found here:
https://gitlab.gnome.org/GNOME/gtk/-/issues/3394



On my Windows 10 system gtk reports a monitor refresh rate of
1.511Hz instead of 60.031Hz and slows down the screen update
rate in qemu to a crawl. Provided you are affected by the gtk
bug on Windows, these are the steps to reproduce the issue:

Start qemu with -display gtk and activate all qemu virtual
consoles and notice the reduced qemu refresh rate. Activating
all virtual consoles is necessary, because gui_update() in
ui/console.c uses the minimum of all display change listeners
update interval and not yet activated virtual consoles report
the default update interval (30ms).

Signed-off-by: default avatarVolker Rümelin <vr_qemu@t-online.de>
Message-Id: <20201213165724.13418-3-vr_qemu@t-online.de>
Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      3c4b8f83
    • Volker Rümelin's avatar
      ui/gtk: rename variable window to widget · 0431e369
      Volker Rümelin authored 
      
The type of the variable window is GtkWidget. Rename the variable
from window to widget, because windows and widgets are different
things.

Signed-off-by: default avatarVolker Rümelin <vr_qemu@t-online.de>
Message-Id: <20201213165724.13418-2-vr_qemu@t-online.de>
Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      0431e369
    • Volker Rümelin's avatar
      ui/gtk: don't try to redefine SI prefixes · e80be993
      Volker Rümelin authored 
      
Redefining SI prefixes is always wrong. 1s has per definition
1000ms. Remove the misnamed named constant and replace it with
a comment explaining the frequency to period conversion in two
simple steps. Now you can cancel out the unit mHz in the comment
with the implicit unit mHz in refresh_rate_millihz and see why
the implicit unit ms for update_interval remains.

Signed-off-by: default avatarVolker Rümelin <vr_qemu@t-online.de>
Message-Id: <20201213165724.13418-1-vr_qemu@t-online.de>
Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
      e80be993
    • Greg Kurz's avatar
      9pfs: Fully restart unreclaim loop (CVE-2021-20181) · 89fbea87
      Greg Kurz authored 
      Depending on the client activity, the server can be asked to open a huge
number of file descriptors and eventually hit RLIMIT_NOFILE. This is
currently mitigated using a reclaim logic : the server closes the file
descriptors of idle fids, based on the assumption that it will be able
to re-open them later. This assumption doesn't hold of course if the
client requests the file to be unlinked. In this case, we loop on the
entire fid list and mark all related fids as unreclaimable (the reclaim
logic will just ignore them) and, of course, we open or re-open their
file descriptors if needed since we're about to unlink the file.

This is the purpose of v9fs_mark_fids_unreclaim(). Since the actual
opening of a file can cause the coroutine to yield, another client
request could possibly add a new fid that we may want to mark as
non-reclaimable as well. The loop is thus restarted if the re-open
request was actually transmitted to the backend. This is achieved
by keeping a reference on the first fid (head) before traversing
the list.

This is wrong in several ways:
- a potential clunk request from the client could tear the first
  fid down and cause the reference to be stale. This leads to a
  use-after-free error that can be detected with ASAN, using a
  custom 9p client
- fids are added at the head of the list : restarting from the
  previous head will always miss fids added by a some other
  potential request

All these problems could be avoided if fids were being added at the
end of the list. This can be achieved with a QSIMPLEQ, but this is
probably too much change for a bug fix. For now let's keep it
simple and just restart the loop from the current head.

Fixes: CVE-2021-20181
Buglink: https://bugs.launchpad.net/qemu/+bug/1911666


Reported-by: default avatarZero Day Initiative <zdi-disclosures@trendmicro.com>
Reviewed-by: default avatarChristian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: default avatarStefano Stabellini <sstabellini@kernel.org>
Message-Id: <161064025265.1838153.15185571283519390907.stgit@bahia.lan>
Signed-off-by: default avatarGreg Kurz <groug@kaod.org>
      89fbea87
  3. Jan 14, 2021