* [Qemu-devel] [PULL 0/5] Vga 20170901 patches
@ 2017-09-01 12:57 Gerd Hoffmann
2017-09-01 12:57 ` [Qemu-devel] [PULL 1/5] vga: fix display update region calculation (split screen) Gerd Hoffmann
` (5 more replies)
0 siblings, 6 replies; 10+ messages in thread
From: Gerd Hoffmann @ 2017-09-01 12:57 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
The following changes since commit 223cd0e13f2e46078d7b573f0b8402bfbee339be:
Merge remote-tracking branch 'remotes/elmarco/tags/tidy-pull-request' into staging (2017-08-31 15:52:43 +0100)
are available in the git repository at:
git://git.kraxel.org/qemu tags/vga-20170901-pull-request
for you to fetch changes up to 138bc2df843105edb22978284fc2e16307f16211:
vga/migration: Update memory map in post_load (2017-09-01 13:52:43 +0200)
----------------------------------------------------------------
qxl: chunked cursor support.
stdvga: bugfixes.
----------------------------------------------------------------
Dr. David Alan Gilbert (1):
vga/migration: Update memory map in post_load
Gerd Hoffmann (4):
vga: fix display update region calculation (split screen)
vga: stop passing pointers to vga_draw_line* functions
qxl: drop mono cursor support
qxl: add support for chunked cursors.
hw/display/vga-helpers.h | 202 ++++++++++++++++++++++++++---------------------
hw/display/vga_int.h | 1 +
hw/display/qxl-render.c | 45 +++++++----
hw/display/vga.c | 16 +++-
4 files changed, 152 insertions(+), 112 deletions(-)
--
2.9.3
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Qemu-devel] [PULL 1/5] vga: fix display update region calculation (split screen)
2017-09-01 12:57 [Qemu-devel] [PULL 0/5] Vga 20170901 patches Gerd Hoffmann
@ 2017-09-01 12:57 ` Gerd Hoffmann
2017-09-01 12:57 ` [Qemu-devel] [PULL 2/5] vga: stop passing pointers to vga_draw_line* functions Gerd Hoffmann
` (4 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Gerd Hoffmann @ 2017-09-01 12:57 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann, P J P
vga display update mis-calculated the region for the dirty bitmap
snapshot in case split screen mode is used. This can trigger an
assert in cpu_physical_memory_snapshot_get_dirty().
Impact: DoS for privileged guest users.
Fixes: CVE-2017-13673
Fixes: fec5e8c92becad223df9d972770522f64aafdb72
Cc: P J P <ppandit@redhat.com>
Reported-by: David Buchanan <d@vidbuchanan.co.uk>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20170828123307.15392-1-kraxel@redhat.com
---
hw/display/vga.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/hw/display/vga.c b/hw/display/vga.c
index 3433102ef3..ad7a46563c 100644
--- a/hw/display/vga.c
+++ b/hw/display/vga.c
@@ -1628,9 +1628,15 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
y1 = 0;
if (!full_update) {
+ ram_addr_t region_start = addr1;
+ ram_addr_t region_end = addr1 + line_offset * height;
vga_sync_dirty_bitmap(s);
- snap = memory_region_snapshot_and_clear_dirty(&s->vram, addr1,
- line_offset * height,
+ if (s->line_compare < height) {
+ /* split screen mode */
+ region_start = 0;
+ }
+ snap = memory_region_snapshot_and_clear_dirty(&s->vram, region_start,
+ region_end - region_start,
DIRTY_MEMORY_VGA);
}
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [Qemu-devel] [PULL 2/5] vga: stop passing pointers to vga_draw_line* functions
2017-09-01 12:57 [Qemu-devel] [PULL 0/5] Vga 20170901 patches Gerd Hoffmann
2017-09-01 12:57 ` [Qemu-devel] [PULL 1/5] vga: fix display update region calculation (split screen) Gerd Hoffmann
@ 2017-09-01 12:57 ` Gerd Hoffmann
2017-09-01 12:57 ` [Qemu-devel] [PULL 3/5] qxl: drop mono cursor support Gerd Hoffmann
` (3 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Gerd Hoffmann @ 2017-09-01 12:57 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann, P J P
Instead pass around the address (aka offset into vga memory).
Add vga_read_* helper functions which apply vbe_size_mask to
the address, to make sure the address stays within the valid
range, similar to the cirrus blitter fixes (commits ffaf857778
and 026aeffcb4).
Impact: DoS for privileged guest users. qemu crashes with
a segfault, when hitting the guard page after vga memory
allocation, while reading vga memory for display updates.
Fixes: CVE-2017-13672
Cc: P J P <ppandit@redhat.com>
Reported-by: David Buchanan <d@vidbuchanan.co.uk>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20170828122906.18993-1-kraxel@redhat.com
---
hw/display/vga-helpers.h | 202 ++++++++++++++++++++++++++---------------------
hw/display/vga_int.h | 1 +
hw/display/vga.c | 5 +-
3 files changed, 114 insertions(+), 94 deletions(-)
diff --git a/hw/display/vga-helpers.h b/hw/display/vga-helpers.h
index 94f6de2046..5a752b3f9e 100644
--- a/hw/display/vga-helpers.h
+++ b/hw/display/vga-helpers.h
@@ -95,20 +95,46 @@ static void vga_draw_glyph9(uint8_t *d, int linesize,
} while (--h);
}
+static inline uint8_t vga_read_byte(VGACommonState *vga, uint32_t addr)
+{
+ return vga->vram_ptr[addr & vga->vbe_size_mask];
+}
+
+static inline uint16_t vga_read_word_le(VGACommonState *vga, uint32_t addr)
+{
+ uint32_t offset = addr & vga->vbe_size_mask & ~1;
+ uint16_t *ptr = (uint16_t *)(vga->vram_ptr + offset);
+ return lduw_le_p(ptr);
+}
+
+static inline uint16_t vga_read_word_be(VGACommonState *vga, uint32_t addr)
+{
+ uint32_t offset = addr & vga->vbe_size_mask & ~1;
+ uint16_t *ptr = (uint16_t *)(vga->vram_ptr + offset);
+ return lduw_be_p(ptr);
+}
+
+static inline uint32_t vga_read_dword_le(VGACommonState *vga, uint32_t addr)
+{
+ uint32_t offset = addr & vga->vbe_size_mask & ~3;
+ uint32_t *ptr = (uint32_t *)(vga->vram_ptr + offset);
+ return ldl_le_p(ptr);
+}
+
/*
* 4 color mode
*/
-static void vga_draw_line2(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width)
+static void vga_draw_line2(VGACommonState *vga, uint8_t *d,
+ uint32_t addr, int width)
{
uint32_t plane_mask, *palette, data, v;
int x;
- palette = s1->last_palette;
- plane_mask = mask16[s1->ar[VGA_ATC_PLANE_ENABLE] & 0xf];
+ palette = vga->last_palette;
+ plane_mask = mask16[vga->ar[VGA_ATC_PLANE_ENABLE] & 0xf];
width >>= 3;
for(x = 0; x < width; x++) {
- data = ((uint32_t *)s)[0];
+ data = vga_read_dword_le(vga, addr);
data &= plane_mask;
v = expand2[GET_PLANE(data, 0)];
v |= expand2[GET_PLANE(data, 2)] << 2;
@@ -124,7 +150,7 @@ static void vga_draw_line2(VGACommonState *s1, uint8_t *d,
((uint32_t *)d)[6] = palette[(v >> 4) & 0xf];
((uint32_t *)d)[7] = palette[(v >> 0) & 0xf];
d += 32;
- s += 4;
+ addr += 4;
}
}
@@ -134,17 +160,17 @@ static void vga_draw_line2(VGACommonState *s1, uint8_t *d,
/*
* 4 color mode, dup2 horizontal
*/
-static void vga_draw_line2d2(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width)
+static void vga_draw_line2d2(VGACommonState *vga, uint8_t *d,
+ uint32_t addr, int width)
{
uint32_t plane_mask, *palette, data, v;
int x;
- palette = s1->last_palette;
- plane_mask = mask16[s1->ar[VGA_ATC_PLANE_ENABLE] & 0xf];
+ palette = vga->last_palette;
+ plane_mask = mask16[vga->ar[VGA_ATC_PLANE_ENABLE] & 0xf];
width >>= 3;
for(x = 0; x < width; x++) {
- data = ((uint32_t *)s)[0];
+ data = vga_read_dword_le(vga, addr);
data &= plane_mask;
v = expand2[GET_PLANE(data, 0)];
v |= expand2[GET_PLANE(data, 2)] << 2;
@@ -160,24 +186,24 @@ static void vga_draw_line2d2(VGACommonState *s1, uint8_t *d,
PUT_PIXEL2(d, 6, palette[(v >> 4) & 0xf]);
PUT_PIXEL2(d, 7, palette[(v >> 0) & 0xf]);
d += 64;
- s += 4;
+ addr += 4;
}
}
/*
* 16 color mode
*/
-static void vga_draw_line4(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width)
+static void vga_draw_line4(VGACommonState *vga, uint8_t *d,
+ uint32_t addr, int width)
{
uint32_t plane_mask, data, v, *palette;
int x;
- palette = s1->last_palette;
- plane_mask = mask16[s1->ar[VGA_ATC_PLANE_ENABLE] & 0xf];
+ palette = vga->last_palette;
+ plane_mask = mask16[vga->ar[VGA_ATC_PLANE_ENABLE] & 0xf];
width >>= 3;
for(x = 0; x < width; x++) {
- data = ((uint32_t *)s)[0];
+ data = vga_read_dword_le(vga, addr);
data &= plane_mask;
v = expand4[GET_PLANE(data, 0)];
v |= expand4[GET_PLANE(data, 1)] << 1;
@@ -192,24 +218,24 @@ static void vga_draw_line4(VGACommonState *s1, uint8_t *d,
((uint32_t *)d)[6] = palette[(v >> 4) & 0xf];
((uint32_t *)d)[7] = palette[(v >> 0) & 0xf];
d += 32;
- s += 4;
+ addr += 4;
}
}
/*
* 16 color mode, dup2 horizontal
*/
-static void vga_draw_line4d2(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width)
+static void vga_draw_line4d2(VGACommonState *vga, uint8_t *d,
+ uint32_t addr, int width)
{
uint32_t plane_mask, data, v, *palette;
int x;
- palette = s1->last_palette;
- plane_mask = mask16[s1->ar[VGA_ATC_PLANE_ENABLE] & 0xf];
+ palette = vga->last_palette;
+ plane_mask = mask16[vga->ar[VGA_ATC_PLANE_ENABLE] & 0xf];
width >>= 3;
for(x = 0; x < width; x++) {
- data = ((uint32_t *)s)[0];
+ data = vga_read_dword_le(vga, addr);
data &= plane_mask;
v = expand4[GET_PLANE(data, 0)];
v |= expand4[GET_PLANE(data, 1)] << 1;
@@ -224,7 +250,7 @@ static void vga_draw_line4d2(VGACommonState *s1, uint8_t *d,
PUT_PIXEL2(d, 6, palette[(v >> 4) & 0xf]);
PUT_PIXEL2(d, 7, palette[(v >> 0) & 0xf]);
d += 64;
- s += 4;
+ addr += 4;
}
}
@@ -233,21 +259,21 @@ static void vga_draw_line4d2(VGACommonState *s1, uint8_t *d,
*
* XXX: add plane_mask support (never used in standard VGA modes)
*/
-static void vga_draw_line8d2(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width)
+static void vga_draw_line8d2(VGACommonState *vga, uint8_t *d,
+ uint32_t addr, int width)
{
uint32_t *palette;
int x;
- palette = s1->last_palette;
+ palette = vga->last_palette;
width >>= 3;
for(x = 0; x < width; x++) {
- PUT_PIXEL2(d, 0, palette[s[0]]);
- PUT_PIXEL2(d, 1, palette[s[1]]);
- PUT_PIXEL2(d, 2, palette[s[2]]);
- PUT_PIXEL2(d, 3, palette[s[3]]);
+ PUT_PIXEL2(d, 0, palette[vga_read_byte(vga, addr + 0)]);
+ PUT_PIXEL2(d, 1, palette[vga_read_byte(vga, addr + 1)]);
+ PUT_PIXEL2(d, 2, palette[vga_read_byte(vga, addr + 2)]);
+ PUT_PIXEL2(d, 3, palette[vga_read_byte(vga, addr + 3)]);
d += 32;
- s += 4;
+ addr += 4;
}
}
@@ -256,63 +282,63 @@ static void vga_draw_line8d2(VGACommonState *s1, uint8_t *d,
*
* XXX: add plane_mask support (never used in standard VGA modes)
*/
-static void vga_draw_line8(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width)
+static void vga_draw_line8(VGACommonState *vga, uint8_t *d,
+ uint32_t addr, int width)
{
uint32_t *palette;
int x;
- palette = s1->last_palette;
+ palette = vga->last_palette;
width >>= 3;
for(x = 0; x < width; x++) {
- ((uint32_t *)d)[0] = palette[s[0]];
- ((uint32_t *)d)[1] = palette[s[1]];
- ((uint32_t *)d)[2] = palette[s[2]];
- ((uint32_t *)d)[3] = palette[s[3]];
- ((uint32_t *)d)[4] = palette[s[4]];
- ((uint32_t *)d)[5] = palette[s[5]];
- ((uint32_t *)d)[6] = palette[s[6]];
- ((uint32_t *)d)[7] = palette[s[7]];
+ ((uint32_t *)d)[0] = palette[vga_read_byte(vga, addr + 0)];
+ ((uint32_t *)d)[1] = palette[vga_read_byte(vga, addr + 1)];
+ ((uint32_t *)d)[2] = palette[vga_read_byte(vga, addr + 2)];
+ ((uint32_t *)d)[3] = palette[vga_read_byte(vga, addr + 3)];
+ ((uint32_t *)d)[4] = palette[vga_read_byte(vga, addr + 4)];
+ ((uint32_t *)d)[5] = palette[vga_read_byte(vga, addr + 5)];
+ ((uint32_t *)d)[6] = palette[vga_read_byte(vga, addr + 6)];
+ ((uint32_t *)d)[7] = palette[vga_read_byte(vga, addr + 7)];
d += 32;
- s += 8;
+ addr += 8;
}
}
/*
* 15 bit color
*/
-static void vga_draw_line15_le(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width)
+static void vga_draw_line15_le(VGACommonState *vga, uint8_t *d,
+ uint32_t addr, int width)
{
int w;
uint32_t v, r, g, b;
w = width;
do {
- v = lduw_le_p((void *)s);
+ v = vga_read_word_le(vga, addr);
r = (v >> 7) & 0xf8;
g = (v >> 2) & 0xf8;
b = (v << 3) & 0xf8;
((uint32_t *)d)[0] = rgb_to_pixel32(r, g, b);
- s += 2;
+ addr += 2;
d += 4;
} while (--w != 0);
}
-static void vga_draw_line15_be(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width)
+static void vga_draw_line15_be(VGACommonState *vga, uint8_t *d,
+ uint32_t addr, int width)
{
int w;
uint32_t v, r, g, b;
w = width;
do {
- v = lduw_be_p((void *)s);
+ v = vga_read_word_be(vga, addr);
r = (v >> 7) & 0xf8;
g = (v >> 2) & 0xf8;
b = (v << 3) & 0xf8;
((uint32_t *)d)[0] = rgb_to_pixel32(r, g, b);
- s += 2;
+ addr += 2;
d += 4;
} while (--w != 0);
}
@@ -320,38 +346,38 @@ static void vga_draw_line15_be(VGACommonState *s1, uint8_t *d,
/*
* 16 bit color
*/
-static void vga_draw_line16_le(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width)
+static void vga_draw_line16_le(VGACommonState *vga, uint8_t *d,
+ uint32_t addr, int width)
{
int w;
uint32_t v, r, g, b;
w = width;
do {
- v = lduw_le_p((void *)s);
+ v = vga_read_word_le(vga, addr);
r = (v >> 8) & 0xf8;
g = (v >> 3) & 0xfc;
b = (v << 3) & 0xf8;
((uint32_t *)d)[0] = rgb_to_pixel32(r, g, b);
- s += 2;
+ addr += 2;
d += 4;
} while (--w != 0);
}
-static void vga_draw_line16_be(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width)
+static void vga_draw_line16_be(VGACommonState *vga, uint8_t *d,
+ uint32_t addr, int width)
{
int w;
uint32_t v, r, g, b;
w = width;
do {
- v = lduw_be_p((void *)s);
+ v = vga_read_word_be(vga, addr);
r = (v >> 8) & 0xf8;
g = (v >> 3) & 0xfc;
b = (v << 3) & 0xf8;
((uint32_t *)d)[0] = rgb_to_pixel32(r, g, b);
- s += 2;
+ addr += 2;
d += 4;
} while (--w != 0);
}
@@ -359,36 +385,36 @@ static void vga_draw_line16_be(VGACommonState *s1, uint8_t *d,
/*
* 24 bit color
*/
-static void vga_draw_line24_le(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width)
+static void vga_draw_line24_le(VGACommonState *vga, uint8_t *d,
+ uint32_t addr, int width)
{
int w;
uint32_t r, g, b;
w = width;
do {
- b = s[0];
- g = s[1];
- r = s[2];
+ b = vga_read_byte(vga, addr + 0);
+ g = vga_read_byte(vga, addr + 1);
+ r = vga_read_byte(vga, addr + 2);
((uint32_t *)d)[0] = rgb_to_pixel32(r, g, b);
- s += 3;
+ addr += 3;
d += 4;
} while (--w != 0);
}
-static void vga_draw_line24_be(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width)
+static void vga_draw_line24_be(VGACommonState *vga, uint8_t *d,
+ uint32_t addr, int width)
{
int w;
uint32_t r, g, b;
w = width;
do {
- r = s[0];
- g = s[1];
- b = s[2];
+ r = vga_read_byte(vga, addr + 0);
+ g = vga_read_byte(vga, addr + 1);
+ b = vga_read_byte(vga, addr + 2);
((uint32_t *)d)[0] = rgb_to_pixel32(r, g, b);
- s += 3;
+ addr += 3;
d += 4;
} while (--w != 0);
}
@@ -396,44 +422,36 @@ static void vga_draw_line24_be(VGACommonState *s1, uint8_t *d,
/*
* 32 bit color
*/
-static void vga_draw_line32_le(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width)
+static void vga_draw_line32_le(VGACommonState *vga, uint8_t *d,
+ uint32_t addr, int width)
{
-#ifndef HOST_WORDS_BIGENDIAN
- memcpy(d, s, width * 4);
-#else
int w;
uint32_t r, g, b;
w = width;
do {
- b = s[0];
- g = s[1];
- r = s[2];
+ b = vga_read_byte(vga, addr + 0);
+ g = vga_read_byte(vga, addr + 1);
+ r = vga_read_byte(vga, addr + 2);
((uint32_t *)d)[0] = rgb_to_pixel32(r, g, b);
- s += 4;
+ addr += 4;
d += 4;
} while (--w != 0);
-#endif
}
-static void vga_draw_line32_be(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width)
+static void vga_draw_line32_be(VGACommonState *vga, uint8_t *d,
+ uint32_t addr, int width)
{
-#ifdef HOST_WORDS_BIGENDIAN
- memcpy(d, s, width * 4);
-#else
int w;
uint32_t r, g, b;
w = width;
do {
- r = s[1];
- g = s[2];
- b = s[3];
+ r = vga_read_byte(vga, addr + 1);
+ g = vga_read_byte(vga, addr + 2);
+ b = vga_read_byte(vga, addr + 3);
((uint32_t *)d)[0] = rgb_to_pixel32(r, g, b);
- s += 4;
+ addr += 4;
d += 4;
} while (--w != 0);
-#endif
}
diff --git a/hw/display/vga_int.h b/hw/display/vga_int.h
index dd6c958da3..ad34a1f048 100644
--- a/hw/display/vga_int.h
+++ b/hw/display/vga_int.h
@@ -94,6 +94,7 @@ typedef struct VGACommonState {
uint32_t vram_size;
uint32_t vram_size_mb; /* property */
uint32_t vbe_size;
+ uint32_t vbe_size_mask;
uint32_t latch;
bool has_chain4_alias;
MemoryRegion chain4_alias;
diff --git a/hw/display/vga.c b/hw/display/vga.c
index ad7a46563c..6fc8c8708a 100644
--- a/hw/display/vga.c
+++ b/hw/display/vga.c
@@ -1005,7 +1005,7 @@ void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val)
}
typedef void vga_draw_line_func(VGACommonState *s1, uint8_t *d,
- const uint8_t *s, int width);
+ uint32_t srcaddr, int width);
#include "vga-helpers.h"
@@ -1666,7 +1666,7 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
if (y_start < 0)
y_start = y;
if (!(is_buffer_shared(surface))) {
- vga_draw_line(s, d, s->vram_ptr + addr, width);
+ vga_draw_line(s, d, addr, width);
if (s->cursor_draw_line)
s->cursor_draw_line(s, d, y);
}
@@ -2170,6 +2170,7 @@ void vga_common_init(VGACommonState *s, Object *obj, bool global_vmstate)
if (!s->vbe_size) {
s->vbe_size = s->vram_size;
}
+ s->vbe_size_mask = s->vbe_size - 1;
s->is_vbe_vmstate = 1;
memory_region_init_ram_nomigrate(&s->vram, obj, "vga.vram", s->vram_size,
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [Qemu-devel] [PULL 3/5] qxl: drop mono cursor support
2017-09-01 12:57 [Qemu-devel] [PULL 0/5] Vga 20170901 patches Gerd Hoffmann
2017-09-01 12:57 ` [Qemu-devel] [PULL 1/5] vga: fix display update region calculation (split screen) Gerd Hoffmann
2017-09-01 12:57 ` [Qemu-devel] [PULL 2/5] vga: stop passing pointers to vga_draw_line* functions Gerd Hoffmann
@ 2017-09-01 12:57 ` Gerd Hoffmann
2017-09-01 12:57 ` [Qemu-devel] [PULL 4/5] qxl: add support for chunked cursors Gerd Hoffmann
` (2 subsequent siblings)
5 siblings, 0 replies; 10+ messages in thread
From: Gerd Hoffmann @ 2017-09-01 12:57 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
The chunk size sanity check in qxl_render_cursor works for
SPICE_CURSOR_TYPE_ALPHA cursors only. So support for
SPICE_CURSOR_TYPE_MONO cursors must be broken for ages without anyone
noticing. Most likely it simply isn't used any more by guest drivers.
Drop the dead code.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20170828123933.30323-2-kraxel@redhat.com
---
hw/display/qxl-render.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
index 9ad9d9e0f5..e1b3f05ecb 100644
--- a/hw/display/qxl-render.c
+++ b/hw/display/qxl-render.c
@@ -207,7 +207,6 @@ void qxl_render_update_area_done(PCIQXLDevice *qxl, QXLCookie *cookie)
static QEMUCursor *qxl_cursor(PCIQXLDevice *qxl, QXLCursor *cursor)
{
QEMUCursor *c;
- uint8_t *image, *mask;
size_t size;
c = cursor_alloc(cursor->header.width, cursor->header.height);
@@ -221,14 +220,6 @@ static QEMUCursor *qxl_cursor(PCIQXLDevice *qxl, QXLCursor *cursor)
cursor_print_ascii_art(c, "qxl/alpha");
}
break;
- case SPICE_CURSOR_TYPE_MONO:
- mask = cursor->chunk.data;
- image = mask + cursor_get_mono_bpl(c) * c->width;
- cursor_set_mono(c, 0xffffff, 0x000000, image, 1, mask);
- if (qxl->debug > 2) {
- cursor_print_ascii_art(c, "qxl/mono");
- }
- break;
default:
fprintf(stderr, "%s: not implemented: type %d\n",
__FUNCTION__, cursor->header.type);
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [Qemu-devel] [PULL 4/5] qxl: add support for chunked cursors.
2017-09-01 12:57 [Qemu-devel] [PULL 0/5] Vga 20170901 patches Gerd Hoffmann
` (2 preceding siblings ...)
2017-09-01 12:57 ` [Qemu-devel] [PULL 3/5] qxl: drop mono cursor support Gerd Hoffmann
@ 2017-09-01 12:57 ` Gerd Hoffmann
2017-09-01 12:57 ` [Qemu-devel] [PULL 5/5] vga/migration: Update memory map in post_load Gerd Hoffmann
2017-09-01 16:08 ` [Qemu-devel] [PULL 0/5] Vga 20170901 patches Philippe Mathieu-Daudé
5 siblings, 0 replies; 10+ messages in thread
From: Gerd Hoffmann @ 2017-09-01 12:57 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20170828123933.30323-3-kraxel@redhat.com
---
hw/display/qxl-render.c | 36 +++++++++++++++++++++++++++++-------
1 file changed, 29 insertions(+), 7 deletions(-)
diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
index e1b3f05ecb..90e0865618 100644
--- a/hw/display/qxl-render.c
+++ b/hw/display/qxl-render.c
@@ -204,7 +204,33 @@ void qxl_render_update_area_done(PCIQXLDevice *qxl, QXLCookie *cookie)
g_free(cookie);
}
-static QEMUCursor *qxl_cursor(PCIQXLDevice *qxl, QXLCursor *cursor)
+static void qxl_unpack_chunks(void *dest, size_t size, PCIQXLDevice *qxl,
+ QXLDataChunk *chunk, uint32_t group_id)
+{
+ uint32_t max_chunks = 32;
+ size_t offset = 0;
+ size_t bytes;
+
+ for (;;) {
+ bytes = MIN(size - offset, chunk->data_size);
+ memcpy(dest + offset, chunk->data, bytes);
+ offset += bytes;
+ if (offset == size) {
+ return;
+ }
+ chunk = qxl_phys2virt(qxl, chunk->next_chunk, group_id);
+ if (!chunk) {
+ return;
+ }
+ max_chunks--;
+ if (max_chunks == 0) {
+ return;
+ }
+ }
+}
+
+static QEMUCursor *qxl_cursor(PCIQXLDevice *qxl, QXLCursor *cursor,
+ uint32_t group_id)
{
QEMUCursor *c;
size_t size;
@@ -215,7 +241,7 @@ static QEMUCursor *qxl_cursor(PCIQXLDevice *qxl, QXLCursor *cursor)
switch (cursor->header.type) {
case SPICE_CURSOR_TYPE_ALPHA:
size = sizeof(uint32_t) * cursor->header.width * cursor->header.height;
- memcpy(c->data, cursor->chunk.data, size);
+ qxl_unpack_chunks(c->data, size, qxl, &cursor->chunk, group_id);
if (qxl->debug > 2) {
cursor_print_ascii_art(c, "qxl/alpha");
}
@@ -259,11 +285,7 @@ int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
if (!cursor) {
return 1;
}
- if (cursor->chunk.data_size != cursor->data_size) {
- fprintf(stderr, "%s: multiple chunks\n", __FUNCTION__);
- return 1;
- }
- c = qxl_cursor(qxl, cursor);
+ c = qxl_cursor(qxl, cursor, ext->group_id);
if (c == NULL) {
c = cursor_builtin_left_ptr();
}
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [Qemu-devel] [PULL 5/5] vga/migration: Update memory map in post_load
2017-09-01 12:57 [Qemu-devel] [PULL 0/5] Vga 20170901 patches Gerd Hoffmann
` (3 preceding siblings ...)
2017-09-01 12:57 ` [Qemu-devel] [PULL 4/5] qxl: add support for chunked cursors Gerd Hoffmann
@ 2017-09-01 12:57 ` Gerd Hoffmann
2017-09-01 16:08 ` [Qemu-devel] [PULL 0/5] Vga 20170901 patches Philippe Mathieu-Daudé
5 siblings, 0 replies; 10+ messages in thread
From: Gerd Hoffmann @ 2017-09-01 12:57 UTC (permalink / raw)
To: qemu-devel; +Cc: Dr. David Alan Gilbert, Gerd Hoffmann
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
After migration the chain4 alias mapping added by 80763888 (in 2011)
might be missing, since there's no call to vga_update_memory_access
in the post_load after the registers are updated. Add it back.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-id: 20170804113329.13609-1-dgilbert@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/vga.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/display/vga.c b/hw/display/vga.c
index 6fc8c8708a..ed24ef7076 100644
--- a/hw/display/vga.c
+++ b/hw/display/vga.c
@@ -2050,6 +2050,7 @@ static int vga_common_post_load(void *opaque, int version_id)
/* force refresh */
s->graphic_mode = -1;
vbe_update_vgaregs(s);
+ vga_update_memory_access(s);
return 0;
}
--
2.9.3
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [PULL 0/5] Vga 20170901 patches
2017-09-01 12:57 [Qemu-devel] [PULL 0/5] Vga 20170901 patches Gerd Hoffmann
` (4 preceding siblings ...)
2017-09-01 12:57 ` [Qemu-devel] [PULL 5/5] vga/migration: Update memory map in post_load Gerd Hoffmann
@ 2017-09-01 16:08 ` Philippe Mathieu-Daudé
2017-09-07 8:24 ` Gerd Hoffmann
5 siblings, 1 reply; 10+ messages in thread
From: Philippe Mathieu-Daudé @ 2017-09-01 16:08 UTC (permalink / raw)
To: Gerd Hoffmann, Peter Maydell; +Cc: qemu-devel
Hi Gerd,
On 09/01/2017 09:57 AM, Gerd Hoffmann wrote:
> The following changes since commit 223cd0e13f2e46078d7b573f0b8402bfbee339be:
>
> Merge remote-tracking branch 'remotes/elmarco/tags/tidy-pull-request' into staging (2017-08-31 15:52:43 +0100)
>
> are available in the git repository at:
>
> git://git.kraxel.org/qemu tags/vga-20170901-pull-request
>
> for you to fetch changes up to 138bc2df843105edb22978284fc2e16307f16211:
>
> vga/migration: Update memory map in post_load (2017-09-01 13:52:43 +0200)
>
> ----------------------------------------------------------------
> qxl: chunked cursor support.
> stdvga: bugfixes.
>
> ----------------------------------------------------------------
>
> Dr. David Alan Gilbert (1):
> vga/migration: Update memory map in post_load
>
> Gerd Hoffmann (4):
> vga: fix display update region calculation (split screen)
> vga: stop passing pointers to vga_draw_line* functions
> qxl: drop mono cursor support
> qxl: add support for chunked cursors.
I'v been reviewing your patches and took some notes but didn't finished,
since there is something bothering me.
I see they haven't been reviewed yet, can you hold this PR and wait the
weekend?
Thanks,
Phil.
>
> hw/display/vga-helpers.h | 202 ++++++++++++++++++++++++++---------------------
> hw/display/vga_int.h | 1 +
> hw/display/qxl-render.c | 45 +++++++----
> hw/display/vga.c | 16 +++-
> 4 files changed, 152 insertions(+), 112 deletions(-)
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [PULL 0/5] Vga 20170901 patches
2017-09-01 16:08 ` [Qemu-devel] [PULL 0/5] Vga 20170901 patches Philippe Mathieu-Daudé
@ 2017-09-07 8:24 ` Gerd Hoffmann
2017-09-07 17:07 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 10+ messages in thread
From: Gerd Hoffmann @ 2017-09-07 8:24 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, Peter Maydell; +Cc: qemu-devel
Hi,
I'v been reviewing your patches and took some notes but didn't
finished,
> since there is something bothering me.
> I see they haven't been reviewed yet, can you hold this PR and wait
> the
> weekend?
Ping. Care to share your concerns? Weekend is long over ...
cheers,
Gerd
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [PULL 0/5] Vga 20170901 patches
2017-09-07 8:24 ` Gerd Hoffmann
@ 2017-09-07 17:07 ` Philippe Mathieu-Daudé
2017-09-08 6:27 ` Gerd Hoffmann
0 siblings, 1 reply; 10+ messages in thread
From: Philippe Mathieu-Daudé @ 2017-09-07 17:07 UTC (permalink / raw)
To: Gerd Hoffmann, Peter Maydell; +Cc: qemu-devel
Hi Gerd,
On 09/07/2017 05:24 AM, Gerd Hoffmann wrote:
> Hi,
>
> I'v been reviewing your patches and took some notes but didn't
> finished,
>> since there is something bothering me.
>> I see they haven't been reviewed yet, can you hold this PR and wait
>> the
>> weekend?
>
> Ping. Care to share your concerns? Weekend is long over ...
I apologize it took me so long :/ I had doubts about patches 1 & 2 but
it could clarify them.
Do you notice performance degradations since patch 2?
Your series is OK, if you ever resend rebased you can add:
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Regards,
Phil.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Qemu-devel] [PULL 0/5] Vga 20170901 patches
2017-09-07 17:07 ` Philippe Mathieu-Daudé
@ 2017-09-08 6:27 ` Gerd Hoffmann
0 siblings, 0 replies; 10+ messages in thread
From: Gerd Hoffmann @ 2017-09-08 6:27 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, Peter Maydell; +Cc: qemu-devel
Hi,
> Do you notice performance degradations since patch 2?
Didn't benchmark it but it has no effect on the vast majority of video
modes in use today. Basically only the classic vga video modes with
256 colors (or less) will go through the vga render code.
> Your series is OK,
Good. Peter, can you pull?
cheers,
Gerd
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2017-09-08 6:27 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-01 12:57 [Qemu-devel] [PULL 0/5] Vga 20170901 patches Gerd Hoffmann
2017-09-01 12:57 ` [Qemu-devel] [PULL 1/5] vga: fix display update region calculation (split screen) Gerd Hoffmann
2017-09-01 12:57 ` [Qemu-devel] [PULL 2/5] vga: stop passing pointers to vga_draw_line* functions Gerd Hoffmann
2017-09-01 12:57 ` [Qemu-devel] [PULL 3/5] qxl: drop mono cursor support Gerd Hoffmann
2017-09-01 12:57 ` [Qemu-devel] [PULL 4/5] qxl: add support for chunked cursors Gerd Hoffmann
2017-09-01 12:57 ` [Qemu-devel] [PULL 5/5] vga/migration: Update memory map in post_load Gerd Hoffmann
2017-09-01 16:08 ` [Qemu-devel] [PULL 0/5] Vga 20170901 patches Philippe Mathieu-Daudé
2017-09-07 8:24 ` Gerd Hoffmann
2017-09-07 17:07 ` Philippe Mathieu-Daudé
2017-09-08 6:27 ` Gerd Hoffmann
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.