Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Commit c448e855 (spice: tls
support) added options to the -spice command line. But there
is an inconsistency between the declaration of the option
'x509-dh-key-file' to -spice command line and its parameter
parsing 'x509-dh-file' in function qemu_spice_init.

https://bugs.launchpad.net/qemu/+bug/1035042Reported-by: NAlon Bar-Lev <alon.barlev@gmail.com>
Signed-off-by: NLei Li <lilei@linux.vnet.ibm.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

With the next qemu version (1.3) we are going to bump the qxl device
revision to 4.  The new features available require a recent spice-server
version, so raise up the bar.  Otherwise we would end up with different
qxl revisions depending on the spice-server version installed, which
would be a major PITA when it comes to compat properties.

Clear out a big bunch of #ifdefs which are not needed any more.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

The seamless-migration flag is required in order to identify
whether libvirt supports the new QEVENT_SPICE_MIGRATE_COMPLETED or not
(by default the flag is off).
New libvirt versions that wait for QEVENT_SPICE_MIGRATE_COMPLETED should turn on this flag.
When this flag is off, spice fallbacks to its old migration method, which
can result in data loss.
Signed-off-by: NYonit Halperin <yhalperi@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

The flag is 'true' when spice migration has completed on the src side.
It is needed for a case where libvirt dies before migration completes
and it misses the event QEVENT_SPICE_MIGRATE_COMPLETED.
When libvirt is restored and queries the migration status, it also needs
to query spice and check if its migration has completed.
Signed-off-by: NYonit Halperin <yhalperi@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

When migrating, libvirt queries the migration status, and upon migration
completions, it closes the migration src. On the other hand, when
migration is completed, spice transfers data from the src to destination
via the client. This data is required for keeping the spice session
after migration, without suffering from data loss and inconsistencies.
In order to allow this data transfer, we add QEVENT for signaling
libvirt that spice migration has completed, and libvirt needs to wait
for this event before quitting the src process.
Signed-off-by: NYonit Halperin <yhalperi@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

QXLWorker->start/stop are deprecated since spice-server 0.11.2
Signed-off-by: NYonit Halperin <yhalperi@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Spice server needs to know about the vm state in order to prevent
attempts to write to devices when they are stopped, mainly during
the non-live stage of migration.
Instead, spice will take care of restoring this writes, on the migration
target side, after migration completes.
Signed-off-by: NYonit Halperin <yhalperi@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

When parsing its command line parameters, spice aborts when it
finds unexpected values, except for the 'streaming-video' option.
This happens because the parsing of the parameters for this option
is done using the 'name2enum' helper, which does not error out
on unknown values. Using the 'parse_name' helper makes sure we
error out in this case. Looking at git history, the use of
'name2enum' instead of 'parse_name' seems to have been an oversight,
so let's change to that now.

Fixes rhbz#831708
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Add mouse_mode, either server or mouse, to qmp and hmp commands, based
on spice_server_is_server_mouse added in spice-server 0.10.3.
Signed-off-by: NAlon Levy <alevy@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Commit 1b71f7c1 moved MODULE_INIT_QOM to
way before MODULE_INIT_MACHINE, thereby breaking assumptions made in
spice-core.c which registered both a type initializer and a machine
intializer.

This fix removes the type registration, and replaces it with calling
qemu_spice_init in vl.c after command line parsing (second pass) is
done, and after timers are armed, required by spice server.
Signed-off-by: NAlon Levy <alevy@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

This allows a Spice client to identify a VM
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

It's currently possible to setup spice channels using TLS when
no TLS port has been specified (ie TLS is disabled). This cannot
work, so better to error out in such a situation.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Error message reporting during spice startup wasn't consistent, it was done
with fprintf(stderr, "") but sometimes the message didn't have a trailing
\n. Using error_report make the intent of the message clearer and deal
with the final \n for us.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

drop all ifdefs on SPICE_INTERFACE_QXL_MINOR >= 1 as a result,
any check for SPICE_SERVER_VERSION that is now always satisfied,
and SPICE_INTERFACE_CORE_MINOR >= 3 tests, because
0.8.2 has SPICE_INTERFACE_QXL_MINOR == 1 and
SPICE_INTERFACE_CORE_MINOR == 3.
Signed-off-by: NAlon Levy <alevy@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

RHBZ #788444

CC: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: NYonit Halperin <yhalperi@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

With the acceptance of some new APIs to libspice-server.so it
is possible to add support for SPICE to the 'add_client'
monitor command, bringing parity with VNC. Since SPICE can
use TLS or plain connections, the command also gains a new
'tls' parameter to specify whether TLS should be attempted
on the injected client sockets.

This new feature is only enabled if building against a
libspice-server >= 0.10.1

* qmp-commands.hx: Add 'tls' parameter & missing doc for
  'skipauth' parameter
* monitor.c: Wire up SPICE for 'add_client' command
* ui/qemu-spice.h, ui/spice-core.c: Add qemu_spice_display_add_client
  API to wire up from monitor

[1] http://cgit.freedesktop.org/spice/spice/commit/server/spice.h?id=d55b68b6b44f2499278fa860fb47ff22f5011faa
    http://cgit.freedesktop.org/spice/spice/commit/server/spice.h?id=bd07dde530d9504e1cfe7ed5837fc00c26f36716

Changes in v3:
 - Added 'optional' flag to new parameters documented
 - Added no-op impl of qemu_spice_display_add_client when
   SPICE is disabled during build
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Replace device_init() with generalized type_init().

While at it, unify naming convention: type_init([$prefix_]register_types)
Also, type_init() is a function, so add preceding blank line where
necessary and don't put a semicolon after the closing brace.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Cc: Anthony Liguori <anthony@codemonkey.ws>
Cc: malc <av1474@comtv.ru>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>
Signed-off-by: NLuiz Capitulino <lcapitulino@redhat.com>

Setting both read and write handlers to NULL in qemu_set_fd_handler
is not enougth to make qemu purge the file handle from the list.
We must set opaque to NULL too.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Fix segfault if a qxl device is present but no spice command line
argument is given.

RHBZ 743251.
Signed-off-by: NAlon Levy <alevy@redhat.com>

No need to use pthread directly, we have proper abstractions for
identity checking.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

- call spice_server_migrate_(start|end|connect).
- register spice_migrate_connect completion callback
Signed-off-by: NYonit Halperin <yhalperi@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

RHBZ 737921
Spice client is required to connect to the migration target before/as migration
starts. Since after migration starts, the target qemu is blocked and cannot accept new spice client
we trigger the connection to the target upon client_migrate_info command.
client_migrate_info completion cb will be called after spice client has been
connected to the target (or a timeout). See following patches and spice patches.
Signed-off-by: NYonit Halperin <yhalperi@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

This will allow us to hide the state values.
Signed-off-by: NJuan Quintela <quintela@redhat.com>

spice server might call the channel_event callback from spice server
thread context.  Detect that and aquire iothread lock if needed,

qemu_malloc/qemu_free no longer exist after this commit.
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NAlon Levy <alevy@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

This allows to pass additional information to the notifier callback
which is useful if sender and receiver do not share any other distinct
data structure.

Will be used first for the clock reset notifier.
Signed-off-by: NJan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Make sure at least one port (port=.. or tls-port=...)
is specified.  Also apply range checks to the port numbers.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

When the spice server initialization fails report this and exit instead
of ignoring the error.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

This patch raises the minimum required spice version to 0.6.0 and drops
a few ifdefs.

0.6.0 is the first stable release with the current libspice-server API,
there shouldn't be any 0.5.x development versions deployed any more.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Turn on SASL support by appending "sasl" to the spice arguments, which
requires that the client use SASL to authenticate with the spice.  The
exact choice of authentication method used is controlled from the
system / user's SASL configuration file for the 'qemu' service. This
is typically found in /etc/sasl2/qemu.conf. If running QEMU as an
unprivileged user, an environment variable SASL_CONF_PATH can be used
to make it search alternate locations for the service config.  While
some SASL auth methods can also provide data encryption (eg GSSAPI),
it is recommended that SASL always be combined with the 'tls' and
'x509' settings to enable use of SSL and server certificates. This
ensures a data encryption preventing compromise of authentication
credentials.

It requires support from spice 0.8.1.

[ kraxel: moved spell fix to separate commit ]
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Some people want to be able disable spice's guest <-> client copy paste support
because of security considerations.

[ kraxel: drop old-version error message ]

This was done with:

    sed -i '/get_clock\>.*rt_clock/s/get_clock\>/get_clock_ms/' \
        $(git grep -l 'get_clock\>.*rt_clock' )
    sed -i '/new_timer\>.*rt_clock/s/new_timer\>/new_timer_ms/' \
        $(git grep -l 'new_timer\>.*rt_clock' )

after checking that get_clock and new_timer never occur twice
on the same line.  There were no missed occurrences; however, even
if there had been, they would have been caught by the compiler.
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Handle spice client migration, i.e. inform a spice client connected
about the new host and connection parameters, so it can move over the
connection automatically.

The monitor command has a not-yet used protocol argument simliar to
set_password and expire_password commands.  This allows to add a simliar
feature to vnc in the future.  Daniel Berrange plans to work on this.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

This patch adds new set_password and expire_password monitor commands
which allows to change and expire the password for spice and vnc
connections.  See the doc update patch chunk for details.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>