cirrus_do_copy() in hw/cirrus_vga.c seems to make some incorrect assumptions
about video memory layout. It tries to convert addresses to coordinates
assuming that one row of data is (width * depth) bytes long. The correct way
seems to be to use the pitch fields in the CirrusVGAState structure instead.
Without this patch, I get lots of screen corruption when I try to drag a window
under X as it's passing the wrong coordinates to the display surface for the
copy. With this patch I can drag a window with no screen corruption.
Signed-off-by: Brian Kress <kressb@moose.net>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6622 c046a42c-6fe2-441c-8c8c-71466251a162
This patch adds and uses #defines for PCI device classes and subclases,
using a new pci_config_set_class() function, similar to the recently
added pci_config_set_vendor_id() and pci_config_set_device_id().
Change since v1: fixed compilation of hw/sun4u.c
Signed-off-by: Stuart Brady <stuart.brady@gmail.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6491 c046a42c-6fe2-441c-8c8c-71466251a162
This patch defines PCI vendor and device IDs in pci.h (matching those
from Linux's pci_ids.h), and uses those definitions where appropriate.
Change from v1:
Introduces pci_config_set_vendor_id() / pci_config_set_device_id()
accessors as suggested by Anthony Liguori.
Signed-off-by: Stuart Brady <stuart.brady@gmail.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6442 c046a42c-6fe2-441c-8c8c-71466251a162
Switc vram unmapping in map_linear_vram to the simpler pattern used by
unmap_linear_vram.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6386 c046a42c-6fe2-441c-8c8c-71466251a162
We should not re-register the cirrus io-memory regions on each reset.
Moreover, this patch removes some dead code and pushes other static
field initializations from reset to init_common.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6385 c046a42c-6fe2-441c-8c8c-71466251a162
cirrus bitblt reset will stop and start dirty logging even when there is no
need; this causes full redraws.
avoid by only updating memory access when exiting cpu-to-video update mode.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6384 c046a42c-6fe2-441c-8c8c-71466251a162
Cleaned-up port from kvm-userspace: We have to stop any vram logging
while doing remaps. Otherwise the logger gets confused. This reward is
enormously accelerated cirrus vga in kvm mode.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6383 c046a42c-6fe2-441c-8c8c-71466251a162
Fix the broken text mode after reset by unmapping potentially mapped
vram.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6382 c046a42c-6fe2-441c-8c8c-71466251a162
Patch 5/7
This patch changes the graphical_console_init function to return an
allocated DisplayState instead of a QEMUConsole.
This patch contains just the graphical_console_init change and few other
modifications mainly in console.c and vl.c.
It was necessary to move the display frontends (e.g. sdl and vnc)
initialization after machine->init in vl.c.
This patch does *not* include any required changes to any device, these
changes come with the following patches.
Patch 6/7
This patch changes the QEMUMachine init functions not to take a
DisplayState as an argument because is not needed any more;
In few places the graphic hardware initialization function was called
only if DisplayState was not NULL, now they are always called.
Apart from these cases, the rest are all mechanical substitutions.
Patch 7/7
This patch updates the graphic device code to use the new
graphical_console_init function.
As for the previous patch, in few places graphical_console_init was called
only if DisplayState was not NULL, now it is always called.
Apart from these cases, the rest are all mechanical substitutions.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6344 c046a42c-6fe2-441c-8c8c-71466251a162
This patch changes the DisplayState interface adding support for
multiple frontends at the same time (sdl and vnc) and implements most
of the benefit of the shared_buf patch without the added complexity.
Currently DisplayState is managed by sdl (or vnc) and sdl (or vnc) is
also responsible for allocating the data and setting the depth.
Vga.c (or another backend) will do any necessary conversion.
The idea is to change it so that is vga.c (or another backend) together
with console.c that fully manage the DisplayState interface allocating
data and setting the depth (either 16 or 32 bit, if the guest uses a
different resolution or is in text mode, vga.c (or another backend) is
in charge of doing the conversion seamlessly).
The other idea is that DisplayState supports *multiple* frontends
like sdl and vnc; each of them can register some callbacks to be called
when a display event occurs.
The interesting changes are:
- the new structures and related functions in console.h and console.c
in particular the following functions are very helpful to manage a
DisplaySurface:
qemu_create_displaysurface
qemu_resize_displaysurface
qemu_create_displaysurface_from
qemu_free_displaysurface
- console_select and qemu_console_resize in console.c
this two functions manage multiple consoles on a single host display
- moving code around in hw/vga.c
as for the shared_buf patch this is necessary to be able to handle a dynamic
DisplaySurface bpp
- changes to vga_draw_graphic in hw/vga.c
this is the place where the DisplaySurface buffer is shared with the
videoram, when possible;
Compared to the last version the only changes are:
- do not remove support to dpy_copy in cirrus_vga
- change the name of the displaysurface handling functions
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6336 c046a42c-6fe2-441c-8c8c-71466251a162
The vga reset handler overwrites some cirrus registers, causing reboots
to corrupt cirrus state to the point that guests can only bring up 640x480
resolutions.
Fix by adding a dedicated cirrus reset handler (which calls the common vga
handler).
Signed-off-by: Avi Kivity <avi@redhat.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6191 c046a42c-6fe2-441c-8c8c-71466251a162
MMIO exits are more expensive in KVM or Xen than in QEMU because they
involve, at least, privilege transitions. However, MMIO write
operations can be effectively batched if those writes do not have side
effects.
Good examples of this include VGA pixel operations when in a planar
mode. As it turns out, we can get a nice boost in other areas too.
Laurent mentioned a 9.7% performance boost in iperf with the coalesced
MMIO changes for the e1000 when he originally posted this work for KVM.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5961 c046a42c-6fe2-441c-8c8c-71466251a162
For backward operations, dstpitch and srcpitch can
be negative. This leads BLTUNSAFE macro into an
overflow, and as a result, it avoids performing
operations that are perfectly valid.
The visible effect that led to that patch was the gnome-panel
bar in Fedora10. Before this patch, you could see garbage
clobbering a big portion of the bar.
After this patch, this garbage is gone.
Signed-off-by: Glauber Costa <glommer@redhat.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5880 c046a42c-6fe2-441c-8c8c-71466251a162
Hypervisors like KVM perform badly while doing mmio on
a loop, because it'll generate an exit on each access.
This is the case with VGA, which results in very bad
performance.
In this patch, we map the linear frame buffer as RAM,
make sure it has dirty region tracking enabled, and then
just let the region to be written.
Cleanups suggestions by:
Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5793 c046a42c-6fe2-441c-8c8c-71466251a162
It'll be reused later by the vga optimization.
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5791 c046a42c-6fe2-441c-8c8c-71466251a162
unsigned long is too bad of a type. Use ram_addr_t instead.
aligurori: fixed a compile warning in this patch
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5790 c046a42c-6fe2-441c-8c8c-71466251a162
The code in hw/cirrus_vga.c has changed a lot between CVE-2007-1320 has
been announced and the patch has been applied. As a consequence it has
wrongly applied and QEMU is still vulnerable to this bug if using VNC.
(noticed by Jan Niehusmann)
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5587 c046a42c-6fe2-441c-8c8c-71466251a162
I left a TODO in the code because this still doesn't definitely
fix all issues.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5308 c046a42c-6fe2-441c-8c8c-71466251a162
I have just noticed that patch for CVE-2007-1320 has never been applied
to the QEMU CVS. Please find it below.
| Multiple heap-based buffer overflows in the cirrus_invalidate_region
| function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and
| possibly other products, might allow local users to execute arbitrary
| code via unspecified vectors related to "attempting to mark
| non-existent regions as dirty," aka the "bitblt" heap overflow.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4340 c046a42c-6fe2-441c-8c8c-71466251a162