All of lore.kernel.org
 help / color / mirror / Atom feed
* [PULL 0/2] Vga 20200302 patches
@ 2020-03-02  9:18 Gerd Hoffmann
  2020-03-02  9:18 ` [PULL 1/2] Arithmetic error in EDID generation fixed Gerd Hoffmann
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Gerd Hoffmann @ 2020-03-02  9:18 UTC (permalink / raw)
  To: qemu-devel; +Cc: Gerd Hoffmann

The following changes since commit e0175b71638cf4398903c0d25f93fe62e0606389:

  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200228' into staging (2020-02-28 16:39:27 +0000)

are available in the Git repository at:

  git://git.kraxel.org/qemu tags/vga-20200302-pull-request

for you to fetch changes up to 44b5c1ebfa5db337714180e9d4a8d525da5595d6:

  qxl: map rom r/o (2020-03-02 08:24:36 +0100)

----------------------------------------------------------------
vga: bugfixes for qxl and edid generator.

----------------------------------------------------------------

Anton V. Boyarshinov (1):
  Arithmetic error in EDID generation fixed

Gerd Hoffmann (1):
  qxl: map rom r/o

 hw/display/edid-generate.c | 4 ++--
 hw/display/qxl.c           | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

-- 
2.18.2



^ permalink raw reply	[flat|nested] 5+ messages in thread
* [PULL 1/2] Arithmetic error in EDID generation fixed
  2020-03-02  9:18 [PULL 0/2] Vga 20200302 patches Gerd Hoffmann
@ 2020-03-02  9:18 ` Gerd Hoffmann
  2020-03-05 14:31   ` Stefan Weil
  2020-03-02  9:18 ` [PULL 2/2] qxl: map rom r/o Gerd Hoffmann
  2020-03-02 14:55 ` [PULL 0/2] Vga 20200302 patches Peter Maydell
  2 siblings, 1 reply; 5+ messages in thread
From: Gerd Hoffmann @ 2020-03-02  9:18 UTC (permalink / raw)
  To: qemu-devel; +Cc: Gerd Hoffmann, Anton V. Boyarshinov

From: "Anton V. Boyarshinov" <boyarsh@altlinux.org>

To calculate screen size in centimeters we should calculate:
pixels/dpi*2.54
but not
pixels*dpi/2540

Using wrong formula we actually get 65 DPI and very small fonts.

Signed-off-by: Anton V. Boyarshinov <boyarsh@altlinux.org>
Message-id: 20200226122054.366b9cda@table.localdomain
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/display/edid-generate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/display/edid-generate.c b/hw/display/edid-generate.c
index 75c945a94813..e58472fde501 100644
--- a/hw/display/edid-generate.c
+++ b/hw/display/edid-generate.c
@@ -360,8 +360,8 @@ void qemu_edid_generate(uint8_t *edid, size_t size,
     edid[20] = 0xa5;
 
     /* screen size: undefined */
-    edid[21] = info->prefx * info->dpi / 2540;
-    edid[22] = info->prefy * info->dpi / 2540;
+    edid[21] = info->prefx * 254 / 100 / info->dpi;
+    edid[22] = info->prefy * 254 / 100 / info->dpi;
 
     /* display gamma: 2.2 */
     edid[23] = 220 - 100;
-- 
2.18.2



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PULL 2/2] qxl: map rom r/o
  2020-03-02  9:18 [PULL 0/2] Vga 20200302 patches Gerd Hoffmann
  2020-03-02  9:18 ` [PULL 1/2] Arithmetic error in EDID generation fixed Gerd Hoffmann
@ 2020-03-02  9:18 ` Gerd Hoffmann
  2020-03-02 14:55 ` [PULL 0/2] Vga 20200302 patches Peter Maydell
  2 siblings, 0 replies; 5+ messages in thread
From: Gerd Hoffmann @ 2020-03-02  9:18 UTC (permalink / raw)
  To: qemu-devel; +Cc: Gerd Hoffmann

Map qxl rom read-only into the guest, so the guest can't tamper with the
content.  qxl has a shadow copy of the rom to deal with that, but the
shadow doesn't cover the mode list.  A privilidged user in the guest can
manipulate the mode list and that to trick qemu into oob reads, leading
to a DoS via segfault if that read access happens to hit unmapped memory.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200225055920.17261-2-kraxel@redhat.com
---
 hw/display/qxl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/display/qxl.c b/hw/display/qxl.c
index 21a43a1d5ec2..227da69a50d9 100644
--- a/hw/display/qxl.c
+++ b/hw/display/qxl.c
@@ -2136,7 +2136,7 @@ static void qxl_realize_common(PCIQXLDevice *qxl, Error **errp)
     pci_set_byte(&config[PCI_INTERRUPT_PIN], 1);
 
     qxl->rom_size = qxl_rom_size();
-    memory_region_init_ram(&qxl->rom_bar, OBJECT(qxl), "qxl.vrom",
+    memory_region_init_rom(&qxl->rom_bar, OBJECT(qxl), "qxl.vrom",
                            qxl->rom_size, &error_fatal);
     init_qxl_rom(qxl);
     init_qxl_ram(qxl);
-- 
2.18.2



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PULL 0/2] Vga 20200302 patches
  2020-03-02  9:18 [PULL 0/2] Vga 20200302 patches Gerd Hoffmann
  2020-03-02  9:18 ` [PULL 1/2] Arithmetic error in EDID generation fixed Gerd Hoffmann
  2020-03-02  9:18 ` [PULL 2/2] qxl: map rom r/o Gerd Hoffmann
@ 2020-03-02 14:55 ` Peter Maydell
  2 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2020-03-02 14:55 UTC (permalink / raw)
  To: Gerd Hoffmann; +Cc: QEMU Developers

On Mon, 2 Mar 2020 at 09:19, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> The following changes since commit e0175b71638cf4398903c0d25f93fe62e0606389:
>
>   Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200228' into staging (2020-02-28 16:39:27 +0000)
>
> are available in the Git repository at:
>
>   git://git.kraxel.org/qemu tags/vga-20200302-pull-request
>
> for you to fetch changes up to 44b5c1ebfa5db337714180e9d4a8d525da5595d6:
>
>   qxl: map rom r/o (2020-03-02 08:24:36 +0100)
>
> ----------------------------------------------------------------
> vga: bugfixes for qxl and edid generator.
>
> ----------------------------------------------------------------


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.0
for any user-visible changes.

-- PMM


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PULL 1/2] Arithmetic error in EDID generation fixed
  2020-03-02  9:18 ` [PULL 1/2] Arithmetic error in EDID generation fixed Gerd Hoffmann
@ 2020-03-05 14:31   ` Stefan Weil
  0 siblings, 0 replies; 5+ messages in thread
From: Stefan Weil @ 2020-03-05 14:31 UTC (permalink / raw)
  To: Gerd Hoffmann, qemu-devel; +Cc: Anton V. Boyarshinov

Am 02.03.20 um 10:18 schrieb Gerd Hoffmann:

> From: "Anton V. Boyarshinov" <boyarsh@altlinux.org>
>
> To calculate screen size in centimeters we should calculate:
> pixels/dpi*2.54
> but not
> pixels*dpi/2540
>
> Using wrong formula we actually get 65 DPI and very small fonts.
>
> Signed-off-by: Anton V. Boyarshinov <boyarsh@altlinux.org>
> Message-id: 20200226122054.366b9cda@table.localdomain
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  hw/display/edid-generate.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/display/edid-generate.c b/hw/display/edid-generate.c
> index 75c945a94813..e58472fde501 100644
> --- a/hw/display/edid-generate.c
> +++ b/hw/display/edid-generate.c
> @@ -360,8 +360,8 @@ void qemu_edid_generate(uint8_t *edid, size_t size,
>      edid[20] = 0xa5;
>  
>      /* screen size: undefined */
> -    edid[21] = info->prefx * info->dpi / 2540;
> -    edid[22] = info->prefy * info->dpi / 2540;
> +    edid[21] = info->prefx * 254 / 100 / info->dpi;
> +    edid[22] = info->prefy * 254 / 100 / info->dpi;


Gerd, the required rounding (see my previous e-mail) for both values is
still missing.

Cheers,

Stefan




^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-03-05 14:36 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-02  9:18 [PULL 0/2] Vga 20200302 patches Gerd Hoffmann
2020-03-02  9:18 ` [PULL 1/2] Arithmetic error in EDID generation fixed Gerd Hoffmann
2020-03-05 14:31   ` Stefan Weil
2020-03-02  9:18 ` [PULL 2/2] qxl: map rom r/o Gerd Hoffmann
2020-03-02 14:55 ` [PULL 0/2] Vga 20200302 patches Peter Maydell

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.