From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.6 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A457BC433DB for ; Mon, 1 Feb 2021 17:03:22 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E88EC64E2A for ; Mon, 1 Feb 2021 17:03:21 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E88EC64E2A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:33522 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l6cbg-0003Gv-Oy for qemu-devel@archiver.kernel.org; Mon, 01 Feb 2021 12:03:20 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:57344) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l6cVQ-00044k-0y for qemu-devel@nongnu.org; Mon, 01 Feb 2021 11:56:52 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:31906) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1l6cVN-0005pf-Ew for qemu-devel@nongnu.org; Mon, 01 Feb 2021 11:56:51 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1612198608; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i+wnG/4c9C/XQhMYB0CORplp9wEGQdYb45kRoPRwTnc=; b=GxO+iNm5Xe55QO33xEzHShZnbrb8ARAbi7vcNPRqVeCPaEN3ZRvHN349Z2CzrMKno9tULA 7O9RUCZ2OcZ3heB7L0BK34Tr8QQ0IhWjmmHr/DeTkNz6ANgNyY+i6EUk/Ajw0vfT/bWN5e 9uUyGuhQQ/AahdGK1tEFmjnhzhzyTYk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-63-I8h69xJuN9OgABLUeqm6xQ-1; Mon, 01 Feb 2021 11:56:44 -0500 X-MC-Unique: I8h69xJuN9OgABLUeqm6xQ-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5CA5C104ECEC for ; Mon, 1 Feb 2021 16:56:43 +0000 (UTC) Received: from redhat.com (ovpn-114-195.ams2.redhat.com [10.36.114.195]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E081C60C6B; Mon, 1 Feb 2021 16:56:37 +0000 (UTC) Date: Mon, 1 Feb 2021 16:56:34 +0000 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= To: Christophe de Dinechin Subject: Re: vnc clipboard support Message-ID: <20210201165634.GM4131462@redhat.com> References: <20210128171224.exbklnwtyb232oe2@sirius.home.kraxel.org> <20210129080323.xuvokq5kytoomx6j@sirius.home.kraxel.org> <8E05F8C9-A60D-45A9-AFCB-79D866F57660@redhat.com> <20210129110814.GF4001740@redhat.com> <0F802343-19F8-487C-8BBE-5BBE2014BA1C@redhat.com> <20210129143252.GE4008275@redhat.com> <05C58667-D9BA-49E2-897D-2286B243E802@redhat.com> <20210201155116.GL4131462@redhat.com> <0C14700F-CF47-4CD1-AB41-AA69BC0DA469@redhat.com> MIME-Version: 1.0 In-Reply-To: <0C14700F-CF47-4CD1-AB41-AA69BC0DA469@redhat.com> User-Agent: Mutt/1.14.6 (2020-07-11) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=216.205.24.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -30 X-Spam_score: -3.1 X-Spam_bar: --- X-Spam_report: (-3.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.351, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= Cc: Gerd Hoffmann , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" On Mon, Feb 01, 2021 at 05:31:52PM +0100, Christophe de Dinechin wrote: > > > > On 1 Feb 2021, at 16:51, Daniel P. Berrangé wrote: > > > > On Mon, Feb 01, 2021 at 04:27:43PM +0100, Christophe de Dinechin wrote: > >> > >> > >>> On 29 Jan 2021, at 15:32, Daniel P. Berrangé wrote: > >>> > >>> On Fri, Jan 29, 2021 at 03:19:45PM +0100, Christophe de Dinechin wrote: > >>>> > >>>> > >>>>> On 29 Jan 2021, at 12:08, Daniel P. Berrangé wrote: > >>>>> > >>>>> On Fri, Jan 29, 2021 at 11:50:10AM +0100, Christophe de Dinechin wrote: > >>>>>> > >>>>>> > >>>>>>> On 29 Jan 2021, at 09:03, Gerd Hoffmann wrote: > >>>>>>> > >>>>>>> Hi, > >>>>>>> > >>>>>>>>> (1) Have some guest agent (spice does it that way). > >>>>>>>>> Advantage: more flexible, allows more features. > >>>>>>>>> Disadvantage: requires agent in the guest. > >>>>>>>> > >>>>>>>> What about running the option to relay data to a VNC server in the > >>>>>>>> guest if there is one running? In other words, using an existing > >>>>>>>> VNC server as an agent, with the option of having a stripped-down, > >>>>>>>> clipboard only VNC server as a later optimization. > >>>>>>> > >>>>>>> Well, if you run Xvnc in the guest anyway why use the qemu vnc server > >>>>>>> in the first place? > >>>>>> > >>>>>> I assume that if you use the qemu VNC, it's because you you don't want to > >>>>>> run Xvnc on some external network, or care about accessing the guest > >>>>>> before Xvnc can be launched. There can be many reasons. > >>>>>> > >>>>>> Again, I want to make it clear that my suggestion is _not_ simply to access > >>>>>> the existing Xvnc as is, but rather to stick with some VNC server code to handle > >>>>>> the clipboard if / when possible. > >>>>>> > >>>>>> Let me try to imagine a scenario, where I'll use a macOS guest intentionally > >>>>>> to clarify what I was thinking about. > >>>>>> > >>>>>> - During early boot, there is no in-guest VNC server, so to address that, > >>>>>> you connect to the qemu VNC. At this stage, all screen refresh is handled > >>>>>> by the qemu VNC, and the best you can do if you want to support any > >>>>>> kind of copy-paste is to convert it to virtual keystrokes. The same would > >>>>>> be true for Linux on a text console. > >>>>>> > >>>>>> - Then comes up you macOS guest, and it still has no VNC port open, > >>>>>> so you are stuck with qemu-vnc doing all the work. But now you can > >>>>>> enable screen sharing, and that launches the Apple-maintained macOS > >>>>>> VNC server. > >>>>>> > >>>>>> - Let's assume for illustration that this listens on some private network > >>>>>> that qemu can access, but that is not visible externally. In this case, > >>>>>> you could not VNC to the guest, but you can still VNC to qemu. > >>>>>> > >>>>>> - What I'm suggesting is that qemu-vnc could then switch to simply > >>>>>> relaying VNC traffic to that in-guest server. You'd get the smart update > >>>>>> algorithm that Apple has put in place to deal with transparency and the > >>>>>> like, as well as a level of guest OS integration that would otherwise be > >>>>>> much harder to replicate. > >>>>> > >>>>> IMHO that's an awful lot of complexity to add to the system > >>>>> that isn't especially useful and this opens up new attack > >>>>> vectors for the guest to exploit the host. > >>>>> > >>>>> If people have VNC/RDP/whatever configured inside their guest > >>>>> OS, then there's really little to no reason for them to want > >>>>> to connect to the QEMU VNC server, as viewing initial bootup > >>>>> phase is not required in normal case. The only time such > >>>>> people will need to use the QEMU VNC server is if the guest > >>>>> OS has broken in some way before it fully booted and thus failed > >>>>> to start the guest VNC server. There is no guest VNC server > >>>>> to hand off to in this scenario. > >>>> > >>>> It's a matter of what you want to do with that qemu vnc. > >>>> > >>>> If it's only a backup when there's nothing in the guest to help, > >>>> then maybe trying to support copy-paste is not a good idea. > >>>> > >>>> If it's a standard go-to access point for connecting to your > >>>> guest, then making it smart is hard, but useful. > >>>> > >>>>> > >>>>> The value of the QEMU host side VNC server is that it works > >>>>> for all possible guest OS, no matter whether they are running > >>>>> normally or broken, regardless of what the guest admin has > >>>>> configured in terms of guest level remote desktop. > >>>> > >>>> Understood. > >>>> > >>>> The downside is that there are things it can't do. It cannot correctly > >>>> determine the keyboard map, because that's controlled in software > >>>> in the guest. > >>> > >>> There is no need for the remote desktop server to care about the > >>> keymap. The remote client takes scancodes and passes them to the > >>> server, which then passes them to the guest. > >> > >> Aren't we talking about pasting clipboard data here? > >> I assume that clipboard data is not encoded as scancodes. > > > > The suggestion was that clipboard be sent by injecting key presses > > to the guest, so that is scancode based. > > But the VNC clipboard protocol is not scancode based. So where > would the clipboard->scancode conversion happen? If using keyboard injection there's not really much point in using the VNC clipboard protocol at all. It just complicates life since now we have to configure QEMU with a keymap so that it can turn text back into scancodes. We went through alot of effort precisely to *stop* telling QEMU about keymaps, so that is not an viable option. IOW, if we want to use keyboard injection to fake the clipboard then the VNC Clients should just implemnet this natively and use the VNC keyboard protocol messages instead, so scancode conversion is client side. It is still painful, because text to scancode is inherantly a lossy conversion, but it is better than doing it on the QEMU code. > Also, any idea how to copy from the guest in that case? If using keyboard injection the clipboard will be unidirectional only. Bi-directional clipboard needs a guest agent. > > > > > If you're not doing it using key press injection, then keymapping > > and scancodes are irrelevant. > > Indeed, but that requires some guest agent, and Gerd seems to > not like that idea. > > BTW, isolating the clipboard sharing protocol from VNC is an > old idea, see https://wiki.xenproject.org/wiki/Clipboard_sharing_protocol . That's not really isolating it from VNC - that's describing a guest agent the host QEMU can use to support its built-in VNC server. Confusingly this suggested guest agent happens to use a subset of the VNC protocol for transferring clipboard data between QEMU and the guest OS. This part is rather crazy since the VNC clipboard protocol is incredibly simplistic. Any new guest agent should learn from the mistakes of VNC and SPICE wrt clipboard. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|