Merge tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging

ui/audio fixes for 8.2

# -----BEGIN PGP SIGNATURE-----
#
# iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmVtiO0cH

Merge tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging

ui/audio fixes for 8.2

# -----BEGIN PGP SIGNATURE-----
#
# iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmVtiO0cHG1hcmNhbmRy
# ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5UDeEACvbixo8MuxOpBf9DK2
# JTCQeHYeVW7QtwDh9xUUnbcM77+lWgkr9OeCJ7FKxF1J7UHkQ7jIzISs/P0zuCw0
# JRkoOcfOnxV/Pn8XAq79F6Yq55EUdCdvsj0XgsVx+K096VHvjlK3fzNwNebJrkos
# NpwQnnqI37TYBUFSivjKkEkPf1Kp4R4abeNs3eEzsIMUzEmEZQwwi5zZAMxxZ41o
# fyItvdaEEDJxzupS6e0x4O4B5KkTo9RFwsJgstOAbkCxuJk67grV9dm3S3wFiUR3
# iFR2P/EyzctT9QOkU7oEIi87CiociKaYWgw/tDU4lFjXwbkt0a59b783Rha1RlN8
# ICFQ3B0NX+CNlc5PPsF1yp3+DNJRKz8Rap4PmU5IIVXTlPHm+YrWRw6vklw5kq7y
# nAvdcfIJ+UQGVCgqQiLkuZslz4ATFOypnUvSL+eds1jHMS6UQcGd3zD1QCEPhDSP
# jhFirqDQYWU/18ZU3b6VuDe5Ko3erd4V7hDikeQnjLjYfBFX1/Mts+6GmaGdfbqk
# JLOHYa7CUP7akTB7fQF1/4B6cSf3hOsXYlmDHQPZgi1OYEy/BdPuwM5pN4jAikwO
# b2z6TrXS3hQK61bUtU+XnhOOW98+gfz77UwluXDl22KHGV+c/SadyMFJWm8VYX4k
# DuNTQ78vApqCuAhjFcKSXPSt7A==
# =fpz/
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 04 Dec 2023 03:08:13 EST
# gpg: using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg: issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5

* tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu:
hw/audio/virtio-sound: mark the device as unmigratable
ui/vnc-clipboard: fix inflate_buffer
ui/gtk-egl: move function calls back to regular code path

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

show more ...

ui/vnc-clipboard: fix inflate_buffer

Commit d921fea338 ("ui/vnc-clipboard: fix infinite loop in
inflate_buffer (CVE-2023-3255)") removed this hunk, but it is still
required, because it can happen th

ui/vnc-clipboard: fix inflate_buffer

Commit d921fea338 ("ui/vnc-clipboard: fix infinite loop in
inflate_buffer (CVE-2023-3255)") removed this hunk, but it is still
required, because it can happen that stream.avail_in becomes zero
before coming across a return value of Z_STREAM_END in the loop.

This fixes the host->guest direction of the clipboard with noVNC and
TigerVNC as clients.

Fixes: d921fea338 ("ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)")
Reported-by: Friedrich Weber <f.weber@proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20231122125826.228189-1-f.ebner@proxmox.com>

show more ...

Merge tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging

ui & audio fixes

# -----BEGIN PGP SIGNATURE-----
#
# iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmS1N6IcHG1hcmN

Merge tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging

ui & audio fixes

# -----BEGIN PGP SIGNATURE-----
#
# iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmS1N6IcHG1hcmNhbmRy
# ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5SYsD/44+FIoik9v478pZDTp
# CpaezX+DfsW1zee4Ana5eKJkrVld/xEa6i9/msfUHy12bha+kiJ4a6wLu3H4KRZc
# vX/t6sehG2wNcsV5wLhfcjsKzaNUkYpnxLhIZ0fOYXKA0fSBuM/Bsj6zzGTG6kQA
# nt/cK58r1wy63V7werZbA7BI8PF0opDUw5SrZqN0GeoN5clbdyLdcXvD50ibvkDf
# eOVjNQ3QH8IbihmgBVm1wUV8hTuvYRpBmeLJyk7NeR4bnPl3XGIAgtAY8hJL5LdY
# Bm+I3AuxMSskVcag/22QR8mGR0HhDbf3NZauw4ND3LhSctvNN5syaKHVnY5a9aGe
# QLVEV9pxXGfqzWQcsD2HmbupRoBihmp6+WsIpV8ZtuSfeD6slyObw+lqarSQL9b5
# 2C4UFmGCsCOk8rrczZRDp9IWbm23toc/QcQZtg/LhdlCr8nM+7m0XtyEY5WtT3U1
# 8rJEmjOHHqlD4cVBathc8+ZRjKr8HFRRo1ed6WKMoP6voTsw2fiR7I3Vdc7jO7h9
# A1lMiMoLdAXi0Q2VqbmBdLMgb4fXtLzYl2mcbzW0aEUm8uyUfDy2bkVIIUopu40M
# pROmLjaUzUVE3CruckBUCvoYZtJ5hBtvy3W2k8drBNylnP5B8tEqpxpPb+tSFk82
# xgT6oLp8En8asE293eaACbswuw==
# =W2Xa
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 17 Jul 2023 01:44:18 PM BST
# gpg: using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg: issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]

* tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu:
audio/pw: improve channel position code
audio/pw: remove wrong comment
audio/pw: simplify error reporting in stream creation
audio/pw: add more error reporting
audio/pw: factorize some common code
audio/pw: add more details on error
audio/pw: trace during init before calling pipewire API
audio/pw: needless check for NULL
audio/pw: drop needless case statement
audio/pw: Pipewire->PipeWire case fix for user-visible text
tests/lcitool: add pipewire
libvirt-ci: update submodule to cover pipewire
ui/gtk: skip refresh if new dmabuf has been submitted
ui/gtk: set scanout-mode right before scheduling draw
virtio-gpu-udmabuf: correct naming of QemuDmaBuf size properties
virtio-gpu: replace the surface with null surface when resetting
ui/gtk: Make sure the right EGL context is currently bound
ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)
virtio-gpu: fix potential divide-by-zero regression

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)

A wrong exit condition may lead to an infinite loop when inflating a
valid zlib buffer containing some extra bytes in the `infla

ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)

A wrong exit condition may lead to an infinite loop when inflating a
valid zlib buffer containing some extra bytes in the `inflate_buffer`
function. The bug only occurs post-authentication. Return the buffer
immediately if the end of the compressed data has been reached
(Z_STREAM_END).

Fixes: CVE-2023-3255
Fixes: 0bf41cab ("ui/vnc: clipboard support")
Reported-by: Kevin Denis <kevin.denis@synacktiv.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230704084210.101822-1-mcascell@redhat.com>

show more ...

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* Add cpu0-id to query-sev-capabilities
* whpx support for breakpoints and stepping
* initial support for Hyper-V Synthetic D

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* Add cpu0-id to query-sev-capabilities
* whpx support for breakpoints and stepping
* initial support for Hyper-V Synthetic Debugging
* use monotonic clock for QemuCond and QemuSemaphore
* Remove qemu-common.h include from most units and lots of other clenaups
* do not include headers for all virtio devices in virtio-ccw.h

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmJXCQAUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroNT6wf+NHDJUEdDiwaVGVTGXgHuiaycsymi
# FpNPiw/+XxSGN5xF3fkUGgqaDrcwIYwVfnXlghKSz8kp1cP3cjxa5CzNMLGTp5je
# N6BxFbD7yC6dhagGm3mj32jlsptv3M38OHqKc3t+RaUAotP5RF2VdCyfUBLG6vU0
# aMzvMfMtB5aG0D8Fr5EV63t1JMTceFU0YxsG73UCFs2Yx4Z0cGBbNxMbHweRhd1q
# tPeVDS46MFPM3/2cGGHpeeqxkoCTU7A9j1VuNQI3k+Kg+6W5YVxiK/UP7bw77E/a
# yAHsmIVTNro8ajMBch73weuHtGtdfFLvCKc6QX6aVjzK4dF1voQ01E7gPQ==
# =rMle
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 13 Apr 2022 10:31:44 AM PDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [undefined]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (53 commits)
target/i386: Remove unused XMMReg, YMMReg types and CPUState fields
target/i386: do not access beyond the low 128 bits of SSE registers
virtio-ccw: do not include headers for all virtio devices
virtio-ccw: move device type declarations to .c files
virtio-ccw: move vhost_ccw_scsi to a separate file
s390x: follow qdev tree to detect SCSI device on a CCW bus
hw: hyperv: Initial commit for Synthetic Debugging device
hyperv: Add support to process syndbg commands
hyperv: Add definitions for syndbg
hyperv: SControl is optional to enable SynIc
thread-posix: optimize qemu_sem_timedwait with zero timeout
thread-posix: implement Semaphore with QemuCond and QemuMutex
thread-posix: use monotonic clock for QemuCond and QemuSemaphore
thread-posix: remove the posix semaphore support
whpx: Added support for breakpoints and stepping
build-sys: simplify AF_VSOCK check
build-sys: drop ntddscsi.h check
Remove qemu-common.h include from most units
qga: remove explicit environ argument from exec/spawn
Move fcntl_setfl() to oslib-posix
...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

Remove qemu-common.h include from most units

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220323155743.1585078-33-marcandre.lureau@redhat.com>
Signed-off-by: Paolo B

Remove qemu-common.h include from most units

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220323155743.1585078-33-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Merge tag 'dbus-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging

Add D-Bus display backend

# gpg: Signature made Mon 20 Dec 2021 10:57:18 PM PST
# gpg: using RS

Merge tag 'dbus-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging

Add D-Bus display backend

# gpg: Signature made Mon 20 Dec 2021 10:57:18 PM PST
# gpg: using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg: issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [unknown]
# gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5

* tag 'dbus-pull-request' of https://gitlab.com/marcandre.lureau/qemu: (36 commits)
MAINTAINERS: update D-Bus section
ui/dbus: register D-Bus VC handler
ui/dbus: add chardev backend & interface
option: add g_auto for QemuOpts
chardev: make socket derivable
chardev: teach socket to accept no addresses
ui/dbus: add clipboard interface
audio: add "dbus" audio backend
tests: start dbus-display-test
tests/qtests: add qtest_qmp_add_client()
ui/dbus: add p2p=on/off option
ui: add a D-Bus display backend
build-sys: set glib dependency version
docs: add dbus-display documentation
docs: move D-Bus VMState documentation to source XML
backends: move dbus-vmstate1.xml to backends/
docs/sphinx: add sphinx modules to include D-Bus documentation
scripts: teach modinfo to skip non-C sources
console: save current scanout details
ui: move qemu_spice_fill_device_address to ui/util.c
...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

ui/clipboard: add a clipboard reset serial event

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>

ui: generalize clipboard notifier

Use a QemuClipboardNotify union type for extendable clipboard events.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxe

ui: generalize clipboard notifier

Use a QemuClipboardNotify union type for extendable clipboard events.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>

show more ...

Merge tag 'fixes-20211122-pull-request' of git://git.kraxel.org/qemu into staging

fixes for 6.2: microvm, ui, modules.

# gpg: Signature made Mon 22 Nov 2021 01:39:53 PM CET
# gpg: us

Merge tag 'fixes-20211122-pull-request' of git://git.kraxel.org/qemu into staging

fixes for 6.2: microvm, ui, modules.

# gpg: Signature made Mon 22 Nov 2021 01:39:53 PM CET
# gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]

* tag 'fixes-20211122-pull-request' of git://git.kraxel.org/qemu:
microvm: check g_file_set_contents() return value
microvm: add missing g_free() call
hw/i386/microvm: Reduce annoying debug message in dt_setup_microvm()
migration: fix dump-vmstate with modules
ui/vnc-clipboard: fix adding notifier twice
ui/gtk: graphic_hw_gl_flushed after closing dmabuf->fence_fd
ui: fix incorrect pointer position on highdpi with gtk
ui: fix incorrect scaling on highdpi with gtk/opengl

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

ui/vnc-clipboard: fix adding notifier twice

vnc_server_cut_text_caps() is not guaranteed to be called only once.

If it called twice, we finally call notifier_list_add() twice with same
element. Whi

ui/vnc-clipboard: fix adding notifier twice

vnc_server_cut_text_caps() is not guaranteed to be called only once.

If it called twice, we finally call notifier_list_add() twice with same
element. Which leads to loopback QLIST. So, on next
notifier_list_notify() we'll loop forever and QEMU stuck.

So, let's only register new notifier if it's not yet registered.

Note, that similar check is used in vdagent_chr_recv_caps() (before
call qemu_clipboard_peer_register()), and also before
qemu_clipboard_peer_unregister() call in vdagent_disconnect() and in
vnc_disconnect_finish().

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20211110103800.2266729-1-vsementsov@virtuozzo.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20210521-pull-request' into staging

ui: add cut+paste support.
ui: bugfixes for spice and vnc.

# gpg: Signature made Fri 21 May 2021 13:50:46 BS

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20210521-pull-request' into staging

ui: add cut+paste support.
ui: bugfixes for spice and vnc.

# gpg: Signature made Fri 21 May 2021 13:50:46 BST
# gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20210521-pull-request:
ui/gtk: add clipboard support
ui/gtk: move struct GtkDisplayState to ui/gtk.h
ui/vnc: clipboard support
ui/vdagent: add clipboard support
ui/vdagent: add mouse support
ui/vdagent: core infrastructure
ui: add clipboard documentation
ui: add clipboard infrastructure
build: add separate spice-protocol config option
ui/spice-display: check NULL pointer in interface_release_resource()
vnc: spelling fix (enable->enabled)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

ui/vnc: clipboard support

This patch adds support for cut+paste to the qemu vnc server, which
allows the vnc client exchange clipbaord data with qemu and other peers
like the qemu vdagent implementa

ui/vnc: clipboard support

This patch adds support for cut+paste to the qemu vnc server, which
allows the vnc client exchange clipbaord data with qemu and other peers
like the qemu vdagent implementation.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20210519053940.1888907-1-kraxel@redhat.com
Message-Id: <20210519053940.1888907-8-kraxel@redhat.com>

show more ...