Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2195658/?format=api
{ "id": 2195658, "url": "http://patchwork.ozlabs.org/api/patches/2195658/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260211152508.732487-15-berrange@redhat.com/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260211152508.732487-15-berrange@redhat.com>", "list_archive_url": null, "date": "2026-02-11T15:24:55", "name": "[v6,14/27] ui: add proper error reporting for password changes", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "8a3e04e1e2cb1586f1d04239bef40edda8b015ca", "submitter": { "id": 2694, "url": "http://patchwork.ozlabs.org/api/people/2694/?format=api", "name": "Daniel P. Berrangé", "email": "berrange@redhat.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260211152508.732487-15-berrange@redhat.com/mbox/", "series": [ { "id": 491862, "url": "http://patchwork.ozlabs.org/api/series/491862/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=491862", "date": "2026-02-11T15:24:41", "name": "util: sync error_report & qemu_log output more closely", "version": 6, "mbox": "http://patchwork.ozlabs.org/series/491862/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2195658/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2195658/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=Vb9B0oAw;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fB2Wg65y6z1xpY\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 12 Feb 2026 02:33:19 +1100 (AEDT)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1vqC7m-0007kS-6w; Wed, 11 Feb 2026 10:27:30 -0500", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <berrange@redhat.com>)\n id 1vqC73-0006jq-R3\n for qemu-devel@nongnu.org; Wed, 11 Feb 2026 10:26:48 -0500", "from us-smtp-delivery-124.mimecast.com ([170.10.129.124])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <berrange@redhat.com>)\n id 1vqC71-0005yg-A0\n for qemu-devel@nongnu.org; Wed, 11 Feb 2026 10:26:45 -0500", "from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com\n (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by\n relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,\n cipher=TLS_AES_256_GCM_SHA384) id us-mta-499-z2u0O0uqMTiSltl6P3I0HQ-1; Wed,\n 11 Feb 2026 10:26:39 -0500", "from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com\n (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS\n id 8E4651800370; Wed, 11 Feb 2026 15:26:37 +0000 (UTC)", "from toolbx.redhat.com (unknown [10.45.227.9])\n by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP\n id BF11A30001A8; Wed, 11 Feb 2026 15:26:32 +0000 (UTC)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1770823602;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:cc:mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding:\n in-reply-to:in-reply-to:references:references;\n bh=5X80YirqVbdBeezsX1Xx2uS/KBTswwOh/p3/QZ8PMc8=;\n b=Vb9B0oAw0n/s05AC/33umOdUsof2r2YnVguyw+bhcf058qWu5Y7/xVcLWjeGxrAMWakZoM\n mv4GPWGZQBoT1HkbeKxd4pvPt/u8TufEF4VsKrziRUfbRY+iOjp0pVq2Eii7p12QnCecI4\n ugHPYVKauumsGcJN7Gvigr3+OvVkP20=", "X-MC-Unique": "z2u0O0uqMTiSltl6P3I0HQ-1", "X-Mimecast-MFC-AGG-ID": "z2u0O0uqMTiSltl6P3I0HQ_1770823597", "From": "=?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= <berrange@redhat.com>", "To": "qemu-devel@nongnu.org", "Cc": "Manos Pitsidianakis <manos.pitsidianakis@linaro.org>,\n Stefan Weil <sw@weilnetz.de>, \"Dr. David Alan Gilbert\" <dave@treblig.org>,\n Pierrick Bouvier <pierrick.bouvier@linaro.org>, devel@lists.libvirt.org,\n\t=?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org>, =?utf-8?q?Marc?=\n\t=?utf-8?q?-Andr=C3=A9_Lureau?= <marcandre.lureau@redhat.com>,\n Hanna Reitz <hreitz@redhat.com>, Kevin Wolf <kwolf@redhat.com>,\n qemu-block@nongnu.org, qemu-rust@nongnu.org,\n Paolo Bonzini <pbonzini@redhat.com>, Markus Armbruster <armbru@redhat.com>,\n Gerd Hoffmann <kraxel@redhat.com>,\n =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= <berrange@redhat.com>,\n Christian Schoenebeck <qemu_oss@crudebyte.com>,\n Richard Henderson <richard.henderson@linaro.org>", "Subject": "[PATCH v6 14/27] ui: add proper error reporting for password changes", "Date": "Wed, 11 Feb 2026 15:24:55 +0000", "Message-ID": "<20260211152508.732487-15-berrange@redhat.com>", "In-Reply-To": "<20260211152508.732487-1-berrange@redhat.com>", "References": "<20260211152508.732487-1-berrange@redhat.com>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=UTF-8", "Content-Transfer-Encoding": "8bit", "X-Scanned-By": "MIMEDefang 3.4.1 on 10.30.177.4", "Received-SPF": "pass client-ip=170.10.129.124;\n envelope-from=berrange@redhat.com;\n helo=us-smtp-delivery-124.mimecast.com", "X-Spam_score_int": "-20", "X-Spam_score": "-2.1", "X-Spam_bar": "--", "X-Spam_report": "(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_PASS=-0.001,\n SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no", "X-Spam_action": "no action", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "Neither the VNC or SPICE code for password changes provides error\nreporting at source, leading the callers to report a largely useless\ngeneric error message.\n\nFixing this removes one of the two remaining needs for the undesirable\nerror_printf_unless_qmp() method.\n\nWhile fixing this the error message hint is improved to recommend the\n'password-secret' option which allows securely passing a password at\nstartup.\n\nReported-by: Markus Armbruster <armbru@redhat.com>\nSigned-off-by: Daniel P. Berrangé <berrange@redhat.com>\n---\n include/ui/console.h | 2 +-\n include/ui/qemu-spice-module.h | 3 ++-\n tests/functional/generic/test_vnc.py | 4 ++--\n ui/spice-core.c | 25 ++++++++++++++++++-------\n ui/spice-module.c | 7 ++++---\n ui/ui-qmp-cmds.c | 19 ++++++-------------\n ui/vnc-stubs.c | 6 +++---\n ui/vnc.c | 10 +++++++---\n 8 files changed, 43 insertions(+), 33 deletions(-)", "diff": "diff --git a/include/ui/console.h b/include/ui/console.h\nindex 98feaa58bd..3677a9d334 100644\n--- a/include/ui/console.h\n+++ b/include/ui/console.h\n@@ -457,7 +457,7 @@ void qemu_display_help(void);\n void vnc_display_init(const char *id, Error **errp);\n void vnc_display_open(const char *id, Error **errp);\n void vnc_display_add_client(const char *id, int csock, bool skipauth);\n-int vnc_display_password(const char *id, const char *password);\n+int vnc_display_password(const char *id, const char *password, Error **errp);\n int vnc_display_pw_expire(const char *id, time_t expires);\n void vnc_parse(const char *str);\n int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp);\ndiff --git a/include/ui/qemu-spice-module.h b/include/ui/qemu-spice-module.h\nindex 1f22d557ea..072efa0c83 100644\n--- a/include/ui/qemu-spice-module.h\n+++ b/include/ui/qemu-spice-module.h\n@@ -29,7 +29,8 @@ struct QemuSpiceOps {\n void (*display_init)(void);\n int (*migrate_info)(const char *h, int p, int t, const char *s);\n int (*set_passwd)(const char *passwd,\n- bool fail_if_connected, bool disconnect_if_connected);\n+ bool fail_if_connected, bool disconnect_if_connected,\n+ Error **errp);\n int (*set_pw_expire)(time_t expires);\n int (*display_add_client)(int csock, int skipauth, int tls);\n #ifdef CONFIG_SPICE\ndiff --git a/tests/functional/generic/test_vnc.py b/tests/functional/generic/test_vnc.py\nindex f1dd1597cf..097f858ca1 100755\n--- a/tests/functional/generic/test_vnc.py\n+++ b/tests/functional/generic/test_vnc.py\n@@ -48,7 +48,7 @@ def test_no_vnc_change_password(self):\n self.assertEqual(set_password_response['error']['class'],\n 'GenericError')\n self.assertEqual(set_password_response['error']['desc'],\n- 'Could not set password')\n+ 'No VNC display is present');\n \n def launch_guarded(self):\n try:\n@@ -73,7 +73,7 @@ def test_change_password_requires_a_password(self):\n self.assertEqual(set_password_response['error']['class'],\n 'GenericError')\n self.assertEqual(set_password_response['error']['desc'],\n- 'Could not set password')\n+ 'VNC password authentication is disabled')\n \n def test_change_password(self):\n self.set_machine('none')\ndiff --git a/ui/spice-core.c b/ui/spice-core.c\nindex 8a6050f4ae..cdcec34f67 100644\n--- a/ui/spice-core.c\n+++ b/ui/spice-core.c\n@@ -756,7 +756,7 @@ static void qemu_spice_init(void)\n tls_ciphers);\n }\n if (password) {\n- qemu_spice.set_passwd(password, false, false);\n+ qemu_spice.set_passwd(password, false, false, NULL);\n }\n if (qemu_opt_get_bool(opts, \"sasl\", 0)) {\n if (spice_server_set_sasl(spice_server, 1) == -1) {\n@@ -919,8 +919,10 @@ int qemu_spice_add_display_interface(QXLInstance *qxlin, QemuConsole *con)\n return qemu_spice_add_interface(&qxlin->base);\n }\n \n-static int qemu_spice_set_ticket(bool fail_if_conn, bool disconnect_if_conn)\n+static int qemu_spice_set_ticket(bool fail_if_conn, bool disconnect_if_conn,\n+ Error **errp)\n {\n+ int ret;\n time_t lifetime, now = time(NULL);\n char *passwd;\n \n@@ -934,26 +936,35 @@ static int qemu_spice_set_ticket(bool fail_if_conn, bool disconnect_if_conn)\n passwd = NULL;\n lifetime = 1;\n }\n- return spice_server_set_ticket(spice_server, passwd, lifetime,\n- fail_if_conn, disconnect_if_conn);\n+ ret = spice_server_set_ticket(spice_server, passwd, lifetime,\n+ fail_if_conn, disconnect_if_conn);\n+ if (ret < 0) {\n+ error_setg(errp, \"Unable to set SPICE server ticket\");\n+ return -1;\n+ }\n+ return 0;\n }\n \n static int qemu_spice_set_passwd(const char *passwd,\n- bool fail_if_conn, bool disconnect_if_conn)\n+ bool fail_if_conn, bool disconnect_if_conn,\n+ Error **errp)\n {\n if (strcmp(auth, \"spice\") != 0) {\n+ error_setg(errp, \"SPICE authentication is disabled\");\n+ error_append_hint(errp,\n+ \"To enable it use '-spice ...,password-secret=ID'\");\n return -1;\n }\n \n g_free(auth_passwd);\n auth_passwd = g_strdup(passwd);\n- return qemu_spice_set_ticket(fail_if_conn, disconnect_if_conn);\n+ return qemu_spice_set_ticket(fail_if_conn, disconnect_if_conn, errp);\n }\n \n static int qemu_spice_set_pw_expire(time_t expires)\n {\n auth_expires = expires;\n- return qemu_spice_set_ticket(false, false);\n+ return qemu_spice_set_ticket(false, false, NULL);\n }\n \n static int qemu_spice_display_add_client(int csock, int skipauth, int tls)\ndiff --git a/ui/spice-module.c b/ui/spice-module.c\nindex 3222335872..7651c85885 100644\n--- a/ui/spice-module.c\n+++ b/ui/spice-module.c\n@@ -45,14 +45,15 @@ static int qemu_spice_migrate_info_stub(const char *h, int p, int t,\n \n static int qemu_spice_set_passwd_stub(const char *passwd,\n bool fail_if_connected,\n- bool disconnect_if_connected)\n+ bool disconnect_if_connected,\n+ Error **errp)\n {\n- return -1;\n+ g_assert_not_reached();\n }\n \n static int qemu_spice_set_pw_expire_stub(time_t expires)\n {\n- return -1;\n+ g_assert_not_reached();\n }\n \n static int qemu_spice_display_add_client_stub(int csock, int skipauth,\ndiff --git a/ui/ui-qmp-cmds.c b/ui/ui-qmp-cmds.c\nindex b49b636152..1173c82cf7 100644\n--- a/ui/ui-qmp-cmds.c\n+++ b/ui/ui-qmp-cmds.c\n@@ -31,15 +31,14 @@\n \n void qmp_set_password(SetPasswordOptions *opts, Error **errp)\n {\n- int rc;\n-\n if (opts->protocol == DISPLAY_PROTOCOL_SPICE) {\n if (!qemu_using_spice(errp)) {\n return;\n }\n- rc = qemu_spice.set_passwd(opts->password,\n- opts->connected == SET_PASSWORD_ACTION_FAIL,\n- opts->connected == SET_PASSWORD_ACTION_DISCONNECT);\n+ qemu_spice.set_passwd(opts->password,\n+ opts->connected == SET_PASSWORD_ACTION_FAIL,\n+ opts->connected == SET_PASSWORD_ACTION_DISCONNECT,\n+ errp);\n } else {\n assert(opts->protocol == DISPLAY_PROTOCOL_VNC);\n if (opts->connected != SET_PASSWORD_ACTION_KEEP) {\n@@ -52,11 +51,7 @@ void qmp_set_password(SetPasswordOptions *opts, Error **errp)\n * Note that setting an empty password will not disable login\n * through this interface.\n */\n- rc = vnc_display_password(opts->u.vnc.display, opts->password);\n- }\n-\n- if (rc != 0) {\n- error_setg(errp, \"Could not set password\");\n+ vnc_display_password(opts->u.vnc.display, opts->password, errp);\n }\n }\n \n@@ -107,9 +102,7 @@ void qmp_expire_password(ExpirePasswordOptions *opts, Error **errp)\n #ifdef CONFIG_VNC\n void qmp_change_vnc_password(const char *password, Error **errp)\n {\n- if (vnc_display_password(NULL, password) < 0) {\n- error_setg(errp, \"Could not set password\");\n- }\n+ vnc_display_password(NULL, password, errp);\n }\n #endif\n \ndiff --git a/ui/vnc-stubs.c b/ui/vnc-stubs.c\nindex a96bc86236..5de9bf9d70 100644\n--- a/ui/vnc-stubs.c\n+++ b/ui/vnc-stubs.c\n@@ -2,11 +2,11 @@\n #include \"ui/console.h\"\n #include \"qapi/error.h\"\n \n-int vnc_display_password(const char *id, const char *password)\n+int vnc_display_password(const char *id, const char *password, Error **errp)\n {\n- return -ENODEV;\n+ g_assert_not_reached();\n }\n int vnc_display_pw_expire(const char *id, time_t expires)\n {\n- return -ENODEV;\n+ g_assert_not_reached();\n };\ndiff --git a/ui/vnc.c b/ui/vnc.c\nindex a61a4f937d..833e0e2e68 100644\n--- a/ui/vnc.c\n+++ b/ui/vnc.c\n@@ -3526,16 +3526,20 @@ static void vnc_display_close(VncDisplay *vd)\n #endif\n }\n \n-int vnc_display_password(const char *id, const char *password)\n+int vnc_display_password(const char *id, const char *password, Error **errp)\n {\n VncDisplay *vd = vnc_display_find(id);\n \n if (!vd) {\n+ error_setg(errp, \"No VNC display is present\");\n+ error_append_hint(errp,\n+ \"To enable it, use '-vnc ...'\");\n return -EINVAL;\n }\n if (vd->auth == VNC_AUTH_NONE) {\n- error_printf_unless_qmp(\"If you want use passwords please enable \"\n- \"password auth using '-vnc ${dpy},password'.\\n\");\n+ error_setg(errp, \"VNC password authentication is disabled\");\n+ error_append_hint(errp,\n+ \"To enable it, use '-vnc ...,password-secret=ID'\");\n return -EINVAL;\n }\n \n", "prefixes": [ "v6", "14/27" ] }