In fixed-scale mode (zoom-to-fit=false), we expect that scale should not
change, meaning that if window size is larger than guest surface,
padding is supposed to be added to preserve the scale. However, in
OpenGL mode (gl=on), guest surface is always painted to the whole canvas
without any padding. This change tries to fix this bug by adding
appropriate padding when drawing surfaces.
Signed-off-by: Weifeng Liu <weifeng.liu.z@gmail.com>
Message-ID: <20250511073337.876650-9-weifeng.liu.z@gmail.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
The ui width and height sent to guest is supposed to be in buffer
coordinate. Hence conversion is required.
If scaling (global window scale and zooming scale) is not respected in
non-free-scale mode, window size could keep changing because of the
existence of the iteration of the following steps:
1. In resize event or configure event, a size larger (or smaller) than
the currently used one might be calculated due to not considering
scaling.
2. On reception of the display size change event in guest, the guest
might decide to do a mode setting and use the larger (or smaller)
mode.
3. When the new guest scan-out command arrives, QEMU would request the
window size to change to fit the new buffer size. This will trigger a
resize event or a configure event, making us go back to step 1.
Signed-off-by: Weifeng Liu <weifeng.liu.z@gmail.com>
Message-ID: <20250511073337.876650-8-weifeng.liu.z@gmail.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Scale shouldn't be changed until user explicitly requests it in fixed
scale mode (full-screen=false and free-scale=false). Use function
gd_update_scale to complete scale updating instead.
Signed-off-by: Weifeng Liu <weifeng.liu.z@gmail.com>
Message-ID: <20250511073337.876650-7-weifeng.liu.z@gmail.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
When using sdl display backend, if the window is scaled, incorrect mouse
positions will be reported since scaling is not properly handled. Fix it
by transforming the positions from window coordinate to guest buffer
coordinate.
Signed-off-by: Weifeng Liu <weifeng.liu@intel.com>
Message-ID: <20250511073337.876650-6-weifeng.liu.z@gmail.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
When gl=on, scale_x and scale_y were set to 1 on startup that didn't
reflect the real situation of the scan-out in free scale mode, resulting
in incorrect cursor coordinates to be sent when moving the mouse
pointer. Simply updating the scales before rendering the image fixes
this issue.
Signed-off-by: Weifeng Liu <weifeng.liu.z@gmail.com>
Message-ID: <20250511073337.876650-5-weifeng.liu.z@gmail.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
The code snippet updating scale_x/scale_y is general and will be used in
next patch. Make it a function.
Signed-off-by: Weifeng Liu <weifeng.liu.z@gmail.com>
Message-ID: <20250511073337.876650-4-weifeng.liu.z@gmail.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Now that we've documented definitions and presentation of various
coordinates, let's enforce the rules.
Signed-off-by: Weifeng Liu <weifeng.liu.z@gmail.com>
Message-ID: <20250511073337.876650-3-weifeng.liu.z@gmail.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
The existence of multiple scaling factors forces us to deal with various
coordinate systems and this would be confusing. It would be beneficial
to define the concepts clearly and use consistent representation for
variables in different coordinates.
Signed-off-by: Weifeng Liu <weifeng.liu.z@gmail.com>
Message-ID: <20250511073337.876650-2-weifeng.liu.z@gmail.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
This allows common code reuse during migration.
Note that resetting the serial is now done regardless if the clipboard
peer was registered or not. This should still be correct.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
During post-load of migration, virtio will notify of fe_open state.
However vdagent code will handle this as a reconnection. This will
trigger a connection reset/caps with the agent.
Check if the state actually changed before resetting the connection.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Buffer is slightly more advanced than GByteArray, since it has a
cursor/position. But vdagent code doesn't need it. This simplify a bit
the code, and migration state.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
When VM is paused, we shouldn't notify of clipboard changes, similar to
how input are being treated.
On unsuspend, notify of the current state.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Add a VMStateDescriptor for QemuClipboardInfo.
Each clipboard owner will have to save its QemuClipboardInfo and
reregister its owned clipboard after loading. (the global cbinfo has
only pointers to owners, so it can't restore the relation with its owner
if it was to handle migration)
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Allows to use VMSTATE STRUCT in following migration support patch.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This allows to use a VMSTATE_INT32 field for migration purposes.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
* Fix VNC tight encoding with 8/16-bpp formats with
mixed endian server/client
* Fix VNC non-tight encoding with mixed endian server/client
* Drop built-in AES impl from non-TCG usage, requiring
nettle/gcrypt/gnutls
* Fix validation of SPDX-License-Identifier in new files
* Mandate SPDX-License-Identifier in Rust source
* Reject license boilerplate in new files
* Add full control over TCP keep alive setting for sockets
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmgu/EgACgkQvobrtBUQ
T994FA/7BLeIHJqsV3/DtPKVqllzG2PJT/n85Owu/h39gqRsqHDssDQFPmgFsnzk
UcvOSLd7RKQ5/tY5zLPh4JPpnloJ/jpj50hUK42wu8Q4U16PV/yUhQVVjEkVmX+z
XepbEwgrEVuy4F62NnUJmbaT5PcayyS5FPREbrQ8zPzagMWTSqbR7EQ+PCTUkJdo
LR4mvxoqWhGnaQzPAGlRtAfRfT6Jg3NaL4sLqLiexuhdloZLHC85SvE1usBg8x+M
KP2BX1FeIILnN+1CXnZ9/vzUqiFaFLfzGwVMK9QYW0GW2Oo3uCcLloY+llbo6Pq/
tC8Po8AMIOojnrJm+TeS6V18QBNU5qqyHKGamZrSlBobZRgC7tOSljExoT5mnGrS
V1nKNAz5FLz7LQ8jZpziPlPqr3WBqBRtV8SxJD+a0vh0/5YnTCbPC0Q6Q2N8cQDh
Wra9QN10xD60tjsnRT/7Lp7gW/RyjT+uJHQkNxn6PZVbI/6Q1283YpbmVY55vcNe
De47LPsmc6XnpJSmzmjt+VrWLob67IOo4JcttMrv7xWj08jb1TFUf7M0Mvdu2YBR
3C9MAt5sjmL9qHARToXr8RC3SCX9pMTZFYatHGAbRdRDi6ygFW1OQVJvxrOj00kN
bavXjcDlTfRzgTnVRbqUbqSY0D9LZqSUDRxfQdEBGAzWgMksAuM=
=X323
-----END PGP SIGNATURE-----
Merge tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu into staging
Misc VNC, I/O, Crypto & checkpatch changes
* Fix VNC tight encoding with 8/16-bpp formats with
mixed endian server/client
* Fix VNC non-tight encoding with mixed endian server/client
* Drop built-in AES impl from non-TCG usage, requiring
nettle/gcrypt/gnutls
* Fix validation of SPDX-License-Identifier in new files
* Mandate SPDX-License-Identifier in Rust source
* Reject license boilerplate in new files
* Add full control over TCP keep alive setting for sockets
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmgu/EgACgkQvobrtBUQ
# T994FA/7BLeIHJqsV3/DtPKVqllzG2PJT/n85Owu/h39gqRsqHDssDQFPmgFsnzk
# UcvOSLd7RKQ5/tY5zLPh4JPpnloJ/jpj50hUK42wu8Q4U16PV/yUhQVVjEkVmX+z
# XepbEwgrEVuy4F62NnUJmbaT5PcayyS5FPREbrQ8zPzagMWTSqbR7EQ+PCTUkJdo
# LR4mvxoqWhGnaQzPAGlRtAfRfT6Jg3NaL4sLqLiexuhdloZLHC85SvE1usBg8x+M
# KP2BX1FeIILnN+1CXnZ9/vzUqiFaFLfzGwVMK9QYW0GW2Oo3uCcLloY+llbo6Pq/
# tC8Po8AMIOojnrJm+TeS6V18QBNU5qqyHKGamZrSlBobZRgC7tOSljExoT5mnGrS
# V1nKNAz5FLz7LQ8jZpziPlPqr3WBqBRtV8SxJD+a0vh0/5YnTCbPC0Q6Q2N8cQDh
# Wra9QN10xD60tjsnRT/7Lp7gW/RyjT+uJHQkNxn6PZVbI/6Q1283YpbmVY55vcNe
# De47LPsmc6XnpJSmzmjt+VrWLob67IOo4JcttMrv7xWj08jb1TFUf7M0Mvdu2YBR
# 3C9MAt5sjmL9qHARToXr8RC3SCX9pMTZFYatHGAbRdRDi6ygFW1OQVJvxrOj00kN
# bavXjcDlTfRzgTnVRbqUbqSY0D9LZqSUDRxfQdEBGAzWgMksAuM=
# =X323
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 22 May 2025 06:28:24 EDT
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu: (23 commits)
scripts/checkpatch.pl: mandate SPDX tag for Rust src files
util/qemu-sockets: Introduce inet socket options controlling TCP keep-alive
util/qemu-sockets: Refactor inet_parse() to use QemuOpts
util/qemu-sockets: Add support for keep-alive flag to passive sockets
util/qemu-sockets: Refactor success and failure paths in inet_listen_saddr()
util/qemu-sockets: Refactor setting client sockopts into a separate function
io: Fix partial struct copy in qio_dns_resolver_lookup_sync_inet()
scripts/checkpatch: reject license boilerplate on new files
scripts/checkpatch: reimplement mandate for SPDX-License-Identifier
scripts/checkpatch: use new hook for MAINTAINERS update check
scripts/checkpatch: expand pattern for matching makefiles
scripts/checkpatch: use new hook for file permissions check
scripts/checkpatch: use new hook for ACPI test data check
scripts/checkpatch: introduce tracking of file start/end
scripts/checkpatch.pl: fix various indentation mistakes
Revert "scripts: mandate that new files have SPDX-License-Identifier"
crypto: fully drop built-in cipher provider
tests: fix skipping cipher tests when AES is not available
tests: skip legacy qcow2 encryption test if AES is not available
tests: skip encrypted secret tests if AES is not available
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Fixes and improvements in the floating point exception
handling in the hppa system and user emulation.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCaC7b/QAKCRD3ErUQojoP
X8IPAQCZGjG3+iwJJuJkL6dSu7WKWgidX16zIxeRYQl+FXTpkAD9FBQ/nDP+EAFN
5hQTeiixyj3xIsZHPeHwfzhWiBUwQAo=
=Q3zi
-----END PGP SIGNATURE-----
Merge tag 'hppa-fpe-fixup-pull-request' of https://github.com/hdeller/qemu-hppa into staging
HPPA floating point exception handling fixes
Fixes and improvements in the floating point exception
handling in the hppa system and user emulation.
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCaC7b/QAKCRD3ErUQojoP
# X8IPAQCZGjG3+iwJJuJkL6dSu7WKWgidX16zIxeRYQl+FXTpkAD9FBQ/nDP+EAFN
# 5hQTeiixyj3xIsZHPeHwfzhWiBUwQAo=
# =Q3zi
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 22 May 2025 04:10:37 EDT
# gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg: aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* tag 'hppa-fpe-fixup-pull-request' of https://github.com/hdeller/qemu-hppa:
target/hppa: Fix FPE exceptions
linux-user/hppa: Send proper si_code on SIGFPE exception
target/hppa: Copy instruction code into fr1 on FPU assist fault
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
When scsi-block is used on a host multipath device, it runs into the
problem that the kernel dm-mpath doesn't know anything about SCSI or
SG_IO and therefore can't decide if a SG_IO request returned an error
and needs to be retried on a different path. Instead of getting working
failover, an error is returned to scsi-block and handled according to
the configured error policy. Obviously, this is not what users want,
they want working failover.
QEMU can parse the SG_IO result and determine whether this could have
been a path error, but just retrying the same request could just send it
to the same failing path again and result in the same error.
With a kernel that supports the DM_MPATH_PROBE_PATHS ioctl on dm-mpath
block devices (queued in the device mapper tree for Linux 6.16), we can
tell the kernel to probe all paths and tell us if any usable paths
remained. If so, we can now retry the SG_IO ioctl and expect it to be
sent to a working path.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20250522130803.34738-1-kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
The Linux BLKZEROOUT ioctl is only invoked when BDRV_O_NOCACHE is set
because old kernels did not invalidate the page cache. In that case
mixing BLKZEROOUT with buffered I/O could lead to corruption.
However, Linux 4.9 commit 22dd6d356628 ("block: invalidate the page
cache when issuing BLKZEROOUT") made BLKZEROOUT coherent with the page
cache.
I have checked that Linux 4.9+ kernels are shipped at least as far back
as Debian 10 (buster), openSUSE Leap 15.2, and RHEL/CentOS 8.
Use BLKZEROOUT with buffered I/O, mostly so `qemu-img ... -t
writeback` can offload write zeroes.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20250417211053.98700-1-stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This error was discovered by fuzzing qemu-img.
The current offset calculation leads to an EIO error
in block/block-backend.c: blk_check_byte_request():
if (offset > len || len - offset < bytes) {
return -EIO;
}
This triggers the error message:
"qemu-img: Failed request: Input/output error".
Example of the issue:
offset: 260076
len: 260096
bytes: 4096
This fix ensures that offset remains within a valid range.
Signed-off-by: Denis Rastyogin <gerben@altlinux.org>
Message-ID: <20250506141410.100119-1-gerben@altlinux.org>
[kwolf: Fixed up integer overflow]
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
With the default TCP stack configuration, it could be even 2 hours
before the connection times out due to the other side not being
reachable. However, in some cases, the application needs to be aware of
a connection issue much sooner.
This is the case, for example, for postcopy live migration. If there is
no traffic from the migration destination guest (server-side) to the
migration source guest (client-side), the destination keeps waiting for
pages indefinitely and does not switch to the postcopy-paused state.
This can happen, for example, if the destination QEMU instance is
started with the '-S' command line option and the machine is not started
yet, or if the machine is idle and produces no new page faults for
not-yet-migrated pages.
This patch introduces new inet socket parameters that control count,
idle period, and interval of TCP keep-alive packets before the
connection is considered broken. These parameters are available on
systems where the respective TCP socket options are defined, that
includes Linux, Windows, macOS, but not OpenBSD. Additionally, macOS
defines TCP_KEEPIDLE as TCP_KEEPALIVE instead, so the patch supplies its
own definition.
The default value for all is 0, which means the system configuration is
used.
Signed-off-by: Juraj Marcin <jmarcin@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Currently, the inet address parser cannot handle multiple options where
one is prefixed with the name of the other. For example, with the
'keep-alive-idle' option added, the current parser cannot parse
'127.0.0.1:5000,keep-alive-idle=60,keep-alive' correctly. Instead, it
fails with "error parsing 'keep-alive' flag '-idle=60,keep-alive'".
To resolve these issues, this patch rewrites the inet address parsing
using the QemuOpts parser, which the inet_parse_flag() function tries to
mimic. This new parser supports all previously supported options and on
top of that the 'numeric' flag is now also supported. The only
difference is, the new parser produces an error if an unknown option is
passed, instead of silently ignoring it.
Signed-off-by: Juraj Marcin <jmarcin@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit aec21d3175 (qapi: Add InetSocketAddress member keep-alive)
introduces the keep-alive flag, which enables the SO_KEEPALIVE socket
option, but only on client-side sockets. However, this option is also
useful for server-side sockets, so they can check if a client is still
reachable or drop the connection otherwise.
This patch enables the SO_KEEPALIVE socket option on passive server-side
sockets if the keep-alive flag is enabled. This socket option is then
inherited by active server-side sockets communicating with connected
clients.
Signed-off-by: Juraj Marcin <jmarcin@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
To get a listening socket, we need to first create a socket, try binding
it to a certain port, and lastly starting listening to it. Each of these
operations can fail due to various reasons, one of them being that the
requested address/port is already in use. In such case, the function
tries the same process with a new port number.
This patch refactors the port number loop, so the success path is no
longer buried inside the 'if' statements in the middle of the loop. Now,
the success path is not nested and ends at the end of the iteration
after successful socket creation, binding, and listening. In case any of
the operations fails, it either continues to the next iteration (and the
next port) or jumps out of the loop to handle the error and exits the
function.
Signed-off-by: Juraj Marcin <jmarcin@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This is done in preparation for enabling the SO_KEEPALIVE support for
server sockets and adding settings for more TCP keep-alive socket
options.
Signed-off-by: Juraj Marcin <jmarcin@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Commit aec21d3175 (qapi: Add InetSocketAddress member keep-alive)
introduces the keep-alive flag, but this flag is not copied together
with other options in qio_dns_resolver_lookup_sync_inet().
This patch fixes this issue and also prevents future ones by copying the
entire structure first and only then overriding a few attributes that
need to be different.
Fixes: aec21d3175 (qapi: Add InetSocketAddress member keep-alive)
Signed-off-by: Juraj Marcin <jmarcin@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The previous commit mandates use of SPDX-License-Identifier on common
source files, and encourages it on all other files.
Some contributors are none the less still also including the license
boilerplate text. This is redundant and will potentially cause
trouble if inconsistent with the SPDX declaration.
Match common boilerplate text blurbs and report them as invalid,
for newly added files.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Going forward we want all newly created source files to have an
SPDX-License-Identifier tag present.
Initially mandate this for C, Python, Perl, Shell source files,
as well as JSON (QAPI) and Makefiles, while encouraging users
to consider it for other file types.
The new attempt at detecting missing SPDX-License-Identifier relies
on the hooks for relying triggering logic at the end of scanning a
new file in the diff.
Tested-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
When seeing a new/deleted/renamed file we check to see if MAINTAINERS
is updated, but we don't give the user a list of files affected, as
we don't want to repeat the same warning many times over.
Using the new file list hook, we can give a single warning at the
end with a list of filenames included.
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The current regex matches Makefile & Makefile.objs, but the latter is
no longer used, anjd we're missing coverage of Makefile.include and
Makefile.target. Expand the pattern to match any suffix.
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The file permissions check is the kind of check intended to be performed
in the new start of file hook.
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The ACPI test data check needs to analyse a list of all files in a
commit, so can use the new hook for processing the file list.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Some checks want to be performed either at the start of a new file
within a patch, or at the end. This is complicated by the fact that
the information relevant to the check may be spread across multiple
lines. It is further complicated by a need to support both git and
non-git diffs, and special handling for renames where there might
not be any patch hunks.
To handle this more sanely, introduce explicit tracking of file
start/end, taking account of git metadata, and calling a hook
function at each transition.
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Various checks in the code were under-indented relative to other
surrounding code. Some places used 4-space indents instead of
single tab, while other places simply used too few tabs.
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This reverts commit fa4d79c64d.
The logic in this commit was flawed in two critical ways
* It always failed to report SPDX validation on the last newly
added file. IOW, it only worked if at least 2 new files were
added in a commit
* If an existing file change, followed a new file change, in
the commit and the existing file context/changed lines
included SPDX-License-Identifier, it would incorrectly
associate this with the previous newly added file.
Simply reverting this commit will make it significantly easier to
understand the improved logic in the following commit.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
When originally creating the internal crypto cipher APIs, they were
wired up to use the built-in D3DES and AES implementations, as a way
to gracefully transition to the new APIs without introducing an
immediate hard dep on any external crypto libraries for the VNC
password auth (D3DES) or the qcow2 encryption (AES).
In the 6.1.0 release we dropped the built-in D3DES impl, and also
the XTS mode for the AES impl, leaving only AES with ECB/CBC modes.
The rational was that with the system emulators, it is expected that
3rd party crypto libraries will be available.
The qcow2 LUKS impl is preferred to the legacy raw AES impl, and by
default that requires AES in XTS mode, limiting the usefulness of
the built-in cipher provider.
The built-in AES impl has known timing attacks and is only suitable
for use cases where a security boundary is already not expected to
be provided (TCG).
Providing a built-in cipher impl thus potentially misleads users,
should they configure a QEMU without any crypto library, and try
to use it with the LUKS backend, even if that requires a non-default
configuration choice.
Complete what we started in 6.1.0 and purge the remaining AES
support.
Use of either gnutls, nettle, or libcrypt is now mandatory for any
cipher support, except for TCG impls.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This avoid tests breakage when we drop support for using the
built-in AES impl as a fallback for missing crypto libraries.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This avoids test breakage when we drop support for using the
built-in AES impl as a fallback for missing crypto libraries.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This avoids test breakage when we drop support for using the
built-in AES impl as a fallback for missing crypto libraries.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
When sending a tight rectangle with the palette filter, if the client
format was 8/16bpp, the colours on big endian hosts are not set as
we're sending the wrong bytes. We must first cast the 32-bit colour
to a 16/8-bit value, and then send the result.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The set_pixel_conversion() method is responsible for determining whether
the VNC client pixel format matches the server format, and thus whether
we can use the fast path "copy" impl for sending pixels, or must use
the generic impl with bit swizzling.
The VNC server format is set at build time to VNC_SERVER_FB_FORMAT,
which corresponds to PIXMAN_x8r8g8b8.
The qemu_pixman_get_format() method is then responsible for converting
the VNC pixel format into a pixman format.
The VNC client pixel shifts are relative to the associated endianness.
The pixman formats are always relative to the host native endianness.
The qemu_pixman_get_format() method does not take into account the
VNC client endianness, and is thus returning a pixman format that is
only valid with the host endianness matches that of the VNC client.
This has been broken since pixman was introduced to the VNC server:
commit 9f64916da2
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed Oct 10 13:29:43 2012 +0200
pixman/vnc: use pixman images in vnc.
The flaw can be demonstrated using the Tigervnc client by using
vncviewer -AutoSelect=0 -PreferredEncoding=raw server:display
connecting from a LE client to a QEMU on a BE server, or the
reverse.
The bug was masked, however, because almost all VNC clients will
advertize support for the "tight" encoding and the QEMU VNC server
will prefer "tight" if advertized.
The tight_pack24 method is responsible for taking a set of pixels
which have already been converted into client endianness and then
repacking them into the TPIXEL format which the RFB spec defines
as
"TPIXEL is only 3 bytes long, where the first byte is the
red component, the second byte is the green component,
and the third byte is the blue component of the pixel
color value"
IOW, the TPIXEL format is fixed on the wire, regardless of what
the VNC client declare as its endianness.
Since the VNC pixel encoding code was failing to honour the endian
flag of the client, the tight_pack24 method was always operating
on data in native endianness. Its impl cancelled out the VNC pixel
encoding bug.
With the VNC pixel encoding code now fixed, the tight_pack24 method
needs to take into account that it is operating on data in client
endianness, not native endianness. It thus may need to invert the
pixel shifts.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
It will make it easier to do certain comparisons in future if we
store G_BIG_ENDIAN/G_LITTLE_ENDIAN directly, instead of a boolean
flag, as we can then compare directly to the G_BYTE_ORDER constant.
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Allow the guest to submit FUA requests directly, instead of forcing it
to emulate them using a regular flush.
Signed-off-by: Alberto Faria <afaria@redhat.com>
Message-ID: <20250502121115.3613717-3-afaria@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Simply propagate the FUA flag on write requests to the driver. The block
layer will emulate it if necessary.
Signed-off-by: Alberto Faria <afaria@redhat.com>
Message-ID: <20250502121115.3613717-2-afaria@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
- Peter's vmstate static checker entry for recent hpet change
- Zhijian's rdma test patch to properly skip tests when locked_vm too low,
and ipv6 test
- Fabiano's few CI changes
- Prasad's last patches to enable postcopy on precopy-multifd
- Maciej's fix to disable multifd zerocopy for device states
- Peter's HMP change to "info migrate", plus a small fix on cap set
-----BEGIN PGP SIGNATURE-----
iIgEABYKADAWIQS5GE3CDMRX2s990ak7X8zN86vXBgUCaCy2xxIccGV0ZXJ4QHJl
ZGhhdC5jb20ACgkQO1/MzfOr1waNZgD9HRflpY6sqcXt9wPKYgJFAyPN9Jg05kGO
jeRIhD9cvyIBAN5AjbE0gaN8f+BLR5vcNk0Q5uOaHHIFZxL7tJl8ob4L
=WTpL
-----END PGP SIGNATURE-----
Merge tag 'migration-20250520-pull-request' of https://gitlab.com/peterx/qemu into staging
Migration pull
- Peter's vmstate static checker entry for recent hpet change
- Zhijian's rdma test patch to properly skip tests when locked_vm too low,
and ipv6 test
- Fabiano's few CI changes
- Prasad's last patches to enable postcopy on precopy-multifd
- Maciej's fix to disable multifd zerocopy for device states
- Peter's HMP change to "info migrate", plus a small fix on cap set
# -----BEGIN PGP SIGNATURE-----
#
# iIgEABYKADAWIQS5GE3CDMRX2s990ak7X8zN86vXBgUCaCy2xxIccGV0ZXJ4QHJl
# ZGhhdC5jb20ACgkQO1/MzfOr1waNZgD9HRflpY6sqcXt9wPKYgJFAyPN9Jg05kGO
# jeRIhD9cvyIBAN5AjbE0gaN8f+BLR5vcNk0Q5uOaHHIFZxL7tJl8ob4L
# =WTpL
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 May 2025 13:07:19 EDT
# gpg: using EDDSA key B9184DC20CC457DACF7DD1A93B5FCCCDF3ABD706
# gpg: issuer "peterx@redhat.com"
# gpg: Good signature from "Peter Xu <xzpeter@gmail.com>" [full]
# gpg: aka "Peter Xu <peterx@redhat.com>" [full]
# Primary key fingerprint: B918 4DC2 0CC4 57DA CF7D D1A9 3B5F CCCD F3AB D706
* tag 'migration-20250520-pull-request' of https://gitlab.com/peterx/qemu:
migration/hmp: Add "info migrate -a", reorg the dump
migration: Allow caps to be set when preempt or multifd cap enabled
migration/multifd: Don't send device state packets with zerocopy flag
tests/qtest/migration: add postcopy tests with multifd
migration: enable multifd and postcopy together
migration: write zero pages when postcopy enabled
ci: Reduce the size of artifacts for build-previous-qemu
ci: Fix build-previous-qemu when the version tag is absent
ci: Re-enable python subtests in qtest migration suite
qtest/migration/rdma: Add test for rdma migration with ipv6
qtest/migration/rdma: Enforce RLIMIT_MEMLOCK >= 128MB requirement
scripts/vmstate-static-checker.py: Add new hpet entry for num_timers
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
