* [Qemu-devel] [PULL 0/3] virtio-gpu and vmsvga fixes.
@ 2016-09-13 8:16 Gerd Hoffmann
2016-09-13 8:16 ` [Qemu-devel] [PULL 1/3] vmsvga: correct bitmap and pixmap size checks Gerd Hoffmann
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Gerd Hoffmann @ 2016-09-13 8:16 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
Hi,
vga patch queue with a few fixes.
please pull,
Gerd
The following changes since commit 7263da78045dc91cc207f350911efe4259e99b3c:
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' into staging (2016-09-12 15:09:47 +0100)
are available in the git repository at:
git://git.kraxel.org/qemu tags/pull-vga-20160913-1
for you to fetch changes up to c2843e93907a4084e91573994486e810cec248a0:
virtio-vga: adapt to page-per-vq=off (2016-09-13 09:28:10 +0200)
----------------------------------------------------------------
virtio-gpu and vmsvga fixes.
----------------------------------------------------------------
Gerd Hoffmann (2):
virtio-gpu-pci: tag as not hotpluggable
virtio-vga: adapt to page-per-vq=off
Prasad J Pandit (1):
vmsvga: correct bitmap and pixmap size checks
hw/display/virtio-gpu-pci.c | 1 +
hw/display/virtio-vga.c | 11 +++++++++++
hw/display/vmware_vga.c | 12 +++++++-----
3 files changed, 19 insertions(+), 5 deletions(-)
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Qemu-devel] [PULL 1/3] vmsvga: correct bitmap and pixmap size checks
2016-09-13 8:16 [Qemu-devel] [PULL 0/3] virtio-gpu and vmsvga fixes Gerd Hoffmann
@ 2016-09-13 8:16 ` Gerd Hoffmann
2016-09-13 8:16 ` [Qemu-devel] [PULL 2/3] virtio-gpu-pci: tag as not hotpluggable Gerd Hoffmann
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Gerd Hoffmann @ 2016-09-13 8:16 UTC (permalink / raw)
To: qemu-devel; +Cc: Prasad J Pandit, Gerd Hoffmann
From: Prasad J Pandit <pjp@fedoraproject.org>
When processing svga command DEFINE_CURSOR in vmsvga_fifo_run,
the computed BITMAP and PIXMAP size are checked against the
'cursor.mask[]' and 'cursor.image[]' array sizes in bytes.
Correct these checks to avoid OOB memory access.
Reported-by: Qinghao Tang <luodalongde@gmail.com>
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 1473338754-15430-1-git-send-email-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/vmware_vga.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
index e51a05e..6599cf0 100644
--- a/hw/display/vmware_vga.c
+++ b/hw/display/vmware_vga.c
@@ -676,11 +676,13 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s)
cursor.bpp = vmsvga_fifo_read(s);
args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp);
- if (cursor.width > 256 ||
- cursor.height > 256 ||
- cursor.bpp > 32 ||
- SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask ||
- SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) {
+ if (cursor.width > 256
+ || cursor.height > 256
+ || cursor.bpp > 32
+ || SVGA_BITMAP_SIZE(x, y)
+ > sizeof(cursor.mask) / sizeof(cursor.mask[0])
+ || SVGA_PIXMAP_SIZE(x, y, cursor.bpp)
+ > sizeof(cursor.image) / sizeof(cursor.image[0])) {
goto badcmd;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Qemu-devel] [PULL 2/3] virtio-gpu-pci: tag as not hotpluggable
2016-09-13 8:16 [Qemu-devel] [PULL 0/3] virtio-gpu and vmsvga fixes Gerd Hoffmann
2016-09-13 8:16 ` [Qemu-devel] [PULL 1/3] vmsvga: correct bitmap and pixmap size checks Gerd Hoffmann
@ 2016-09-13 8:16 ` Gerd Hoffmann
2016-09-13 8:16 ` [Qemu-devel] [PULL 3/3] virtio-vga: adapt to page-per-vq=off Gerd Hoffmann
2016-09-13 13:30 ` [Qemu-devel] [PULL 0/3] virtio-gpu and vmsvga fixes Peter Maydell
3 siblings, 0 replies; 5+ messages in thread
From: Gerd Hoffmann @ 2016-09-13 8:16 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann, Michael S. Tsirkin
We can't hotplug display adapters in qemu, tag virtio-gpu-pci
accordingly (virtio-vga already has this).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 1473319037-27645-1-git-send-email-kraxel@redhat.com
---
hw/display/virtio-gpu-pci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/display/virtio-gpu-pci.c b/hw/display/virtio-gpu-pci.c
index 34a724c..ef92c4a 100644
--- a/hw/display/virtio-gpu-pci.c
+++ b/hw/display/virtio-gpu-pci.c
@@ -48,6 +48,7 @@ static void virtio_gpu_pci_class_init(ObjectClass *klass, void *data)
set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
dc->props = virtio_gpu_pci_properties;
+ dc->hotpluggable = false;
k->realize = virtio_gpu_pci_realize;
pcidev_k->class_id = PCI_CLASS_DISPLAY_OTHER;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Qemu-devel] [PULL 3/3] virtio-vga: adapt to page-per-vq=off
2016-09-13 8:16 [Qemu-devel] [PULL 0/3] virtio-gpu and vmsvga fixes Gerd Hoffmann
2016-09-13 8:16 ` [Qemu-devel] [PULL 1/3] vmsvga: correct bitmap and pixmap size checks Gerd Hoffmann
2016-09-13 8:16 ` [Qemu-devel] [PULL 2/3] virtio-gpu-pci: tag as not hotpluggable Gerd Hoffmann
@ 2016-09-13 8:16 ` Gerd Hoffmann
2016-09-13 13:30 ` [Qemu-devel] [PULL 0/3] virtio-gpu and vmsvga fixes Peter Maydell
3 siblings, 0 replies; 5+ messages in thread
From: Gerd Hoffmann @ 2016-09-13 8:16 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann, Michael S. Tsirkin
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1473319012-27560-1-git-send-email-kraxel@redhat.com
---
hw/display/virtio-vga.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/hw/display/virtio-vga.c b/hw/display/virtio-vga.c
index 5b510a1..f77b401 100644
--- a/hw/display/virtio-vga.c
+++ b/hw/display/virtio-vga.c
@@ -122,6 +122,17 @@ static void virtio_vga_realize(VirtIOPCIProxy *vpci_dev, Error **errp)
*/
vpci_dev->modern_mem_bar = 2;
vpci_dev->msix_bar = 4;
+
+ if (!(vpci_dev->flags & VIRTIO_PCI_FLAG_PAGE_PER_VQ)) {
+ /*
+ * with page-per-vq=off there is no padding space we can use
+ * for the stdvga registers. Make the common and isr regions
+ * smaller then.
+ */
+ vpci_dev->common.size /= 2;
+ vpci_dev->isr.size /= 2;
+ }
+
offset = memory_region_size(&vpci_dev->modern_bar);
offset -= vpci_dev->notify.size;
vpci_dev->notify.offset = offset;
--
1.8.3.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PULL 0/3] virtio-gpu and vmsvga fixes.
2016-09-13 8:16 [Qemu-devel] [PULL 0/3] virtio-gpu and vmsvga fixes Gerd Hoffmann
` (2 preceding siblings ...)
2016-09-13 8:16 ` [Qemu-devel] [PULL 3/3] virtio-vga: adapt to page-per-vq=off Gerd Hoffmann
@ 2016-09-13 13:30 ` Peter Maydell
3 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2016-09-13 13:30 UTC (permalink / raw)
To: Gerd Hoffmann; +Cc: QEMU Developers
On 13 September 2016 at 09:16, Gerd Hoffmann <kraxel@redhat.com> wrote:
> Hi,
>
> vga patch queue with a few fixes.
>
> please pull,
> Gerd
>
> The following changes since commit 7263da78045dc91cc207f350911efe4259e99b3c:
>
> Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-signed' into staging (2016-09-12 15:09:47 +0100)
>
> are available in the git repository at:
>
>
> git://git.kraxel.org/qemu tags/pull-vga-20160913-1
>
> for you to fetch changes up to c2843e93907a4084e91573994486e810cec248a0:
>
> virtio-vga: adapt to page-per-vq=off (2016-09-13 09:28:10 +0200)
>
> ----------------------------------------------------------------
> virtio-gpu and vmsvga fixes.
>
Applied, thanks.
-- PMM
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-09-13 13:32 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-09-13 8:16 [Qemu-devel] [PULL 0/3] virtio-gpu and vmsvga fixes Gerd Hoffmann
2016-09-13 8:16 ` [Qemu-devel] [PULL 1/3] vmsvga: correct bitmap and pixmap size checks Gerd Hoffmann
2016-09-13 8:16 ` [Qemu-devel] [PULL 2/3] virtio-gpu-pci: tag as not hotpluggable Gerd Hoffmann
2016-09-13 8:16 ` [Qemu-devel] [PULL 3/3] virtio-vga: adapt to page-per-vq=off Gerd Hoffmann
2016-09-13 13:30 ` [Qemu-devel] [PULL 0/3] virtio-gpu and vmsvga fixes Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.