diff --git a/0201-input-Decrement-queue-count-on-kbd-delay.patch b/0201-input-Decrement-queue-count-on-kbd-delay.patch new file mode 100644 index 0000000..3874be3 --- /dev/null +++ b/0201-input-Decrement-queue-count-on-kbd-delay.patch @@ -0,0 +1,34 @@ +From 77b0359bf414ad666d1714dc9888f1017c08e283 Mon Sep 17 00:00:00 2001 +From: Alexander Graf +Date: Thu, 22 Jun 2017 09:41:58 +0200 +Subject: [PATCH] input: Decrement queue count on kbd delay + +Delays in the input layer are special cased input events. Every input +event is accounted for in a global intput queue count. The special cased +delays however did not get removed from the queue, leading to queue overruns +and thus silent key drops after typing quite a few characters. + +Signed-off-by: Alexander Graf +Message-id: 1498117318-162102-1-git-send-email-agraf@suse.de +Fixes: be1a7176 ("input: add support for kbd delays") +Cc: qemu-stable@nongnu.org +Signed-off-by: Gerd Hoffmann +--- + ui/input.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/ui/input.c b/ui/input.c +index 2abd46de93..af05f06368 100644 +--- a/ui/input.c ++++ b/ui/input.c +@@ -256,6 +256,7 @@ static void qemu_input_queue_process(void *opaque) + item = QTAILQ_FIRST(queue); + g_assert(item->type == QEMU_INPUT_QUEUE_DELAY); + QTAILQ_REMOVE(queue, item, node); ++ queue_count--; + g_free(item); + + while (!QTAILQ_EMPTY(queue)) { +-- +2.14.1 + diff --git a/0202-hid-Reset-kbd-modifiers-on-reset.patch b/0202-hid-Reset-kbd-modifiers-on-reset.patch new file mode 100644 index 0000000..54fb277 --- /dev/null +++ b/0202-hid-Reset-kbd-modifiers-on-reset.patch @@ -0,0 +1,32 @@ +From 51dbea77a29ea46173373a6dad4ebd95d4661f42 Mon Sep 17 00:00:00 2001 +From: Alexander Graf +Date: Thu, 22 Jun 2017 09:41:35 +0200 +Subject: [PATCH] hid: Reset kbd modifiers on reset + +When resetting the keyboard, we need to reset not just the pending keystrokes, +but also any pending modifiers. Otherwise there's a race when we're getting +reset while running an escape sequence (modifier 0x100). + +Cc: qemu-stable@nongnu.org +Signed-off-by: Alexander Graf +Message-id: 1498117295-162030-1-git-send-email-agraf@suse.de +Signed-off-by: Gerd Hoffmann +--- + hw/input/hid.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/input/hid.c b/hw/input/hid.c +index 93887ecc43..0d049ff61c 100644 +--- a/hw/input/hid.c ++++ b/hw/input/hid.c +@@ -487,6 +487,7 @@ void hid_reset(HIDState *hs) + memset(hs->kbd.keycodes, 0, sizeof(hs->kbd.keycodes)); + memset(hs->kbd.key, 0, sizeof(hs->kbd.key)); + hs->kbd.keys = 0; ++ hs->kbd.modifiers = 0; + break; + case HID_MOUSE: + case HID_TABLET: +-- +2.14.1 + diff --git a/0203-vnc-Set-default-kbd-delay-to-10ms.patch b/0203-vnc-Set-default-kbd-delay-to-10ms.patch new file mode 100644 index 0000000..6856053 --- /dev/null +++ b/0203-vnc-Set-default-kbd-delay-to-10ms.patch @@ -0,0 +1,54 @@ +From d3b0db6dfea6b3a9ee0d96aceb796bdcafa84314 Mon Sep 17 00:00:00 2001 +From: Alexander Graf +Date: Wed, 12 Jul 2017 14:43:45 +0200 +Subject: [PATCH] vnc: Set default kbd delay to 10ms + +The current VNC default keyboard delay is 1ms. With that we're constantly +typing faster than the guest receives keyboard events from an XHCI attached +USB HID device. + +The default keyboard delay time in the input layer however is 10ms. I don't know +how that number came to be, but empirical tests on some OpenQA driven ARM +systems show that 10ms really is a reasonable default number for the delay. + +This patch moves the VNC delay also to 10ms. That way our default is much +safer (good!) and also consistent with the input layer default (also good!). + +Signed-off-by: Alexander Graf +Reviewed-by: Daniel P. Berrange +Message-id: 1499863425-103133-1-git-send-email-agraf@suse.de +Signed-off-by: Gerd Hoffmann +--- + qemu-options.hx | 2 +- + ui/vnc.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/qemu-options.hx b/qemu-options.hx +index 76b1c67737..6909285e85 100644 +--- a/qemu-options.hx ++++ b/qemu-options.hx +@@ -1753,7 +1753,7 @@ spec but is traditional QEMU behavior. + @item key-delay-ms + + Set keyboard delay, for key down and key up events, in milliseconds. +-Default is 1. Keyboards are low-bandwidth devices, so this slowdown ++Default is 10. Keyboards are low-bandwidth devices, so this slowdown + can help the device and guest to keep up and not lose events in case + events are arriving in bulk. Possible causes for the latter are flaky + network connections, or scripts for automated testing. +diff --git a/ui/vnc.c b/ui/vnc.c +index 26136f5d29..eb91559b6b 100644 +--- a/ui/vnc.c ++++ b/ui/vnc.c +@@ -3808,7 +3808,7 @@ void vnc_display_open(const char *id, Error **errp) + } + + lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true); +- key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 1); ++ key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10); + sasl = qemu_opt_get_bool(opts, "sasl", false); + #ifndef CONFIG_VNC_SASL + if (sasl) { +-- +2.14.1 + diff --git a/qemu.spec b/qemu.spec index b3525d8..534a1d2 100644 --- a/qemu.spec +++ b/qemu.spec @@ -92,7 +92,7 @@ Requires: %{name}-block-ssh = %{epoch}:%{version}-%{release} Summary: QEMU is a FAST! processor emulator Name: qemu Version: 2.9.0 -Release: 4%{?rcrel}%{?dist} +Release: 5%{?rcrel}%{?dist} Epoch: 2 License: GPLv2+ and LGPLv2+ and BSD Group: Development/Tools @@ -157,6 +157,12 @@ Patch0103: 0103-nbd-Fix-regression-on-resiliency-to-port-scan.patch # #1466192) Patch0104: 0104-qemu-nbd-Ignore-SIGPIPE.patch +# Backported fixes for VNC input issues after the implementation of queue +# depth limit in input-limit-kbd-queue-depth.patch (bz #1481858) +Patch0201: 0201-input-Decrement-queue-count-on-kbd-delay.patch +Patch0202: 0202-hid-Reset-kbd-modifiers-on-reset.patch +Patch0203: 0203-vnc-Set-default-kbd-delay-to-10ms.patch + # documentation deps BuildRequires: texinfo # For /usr/bin/pod2man @@ -2034,6 +2040,9 @@ getent passwd qemu >/dev/null || \ %changelog +* Tue Aug 15 2017 Adam Williamson - 2:2.9.0-5 +- Backport fixes for input issues (esp. openQA) after CVE-2017-8379 fix + * Fri Aug 04 2017 Cole Robinson - 2:2.9.0-4 - Drop qemu workaround for AMD CPU issues (bz #1467599) - Backport binfmt/static improvements from rawhide