The vga reset handler overwrites some cirrus registers, causing reboots
to corrupt cirrus state to the point that guests can only bring up 640x480
resolutions.
Fix by adding a dedicated cirrus reset handler (which calls the common vga
handler).
Signed-off-by: Avi Kivity <avi@redhat.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6191 c046a42c-6fe2-441c-8c8c-71466251a162
MMIO exits are more expensive in KVM or Xen than in QEMU because they
involve, at least, privilege transitions. However, MMIO write
operations can be effectively batched if those writes do not have side
effects.
Good examples of this include VGA pixel operations when in a planar
mode. As it turns out, we can get a nice boost in other areas too.
Laurent mentioned a 9.7% performance boost in iperf with the coalesced
MMIO changes for the e1000 when he originally posted this work for KVM.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5961 c046a42c-6fe2-441c-8c8c-71466251a162
For backward operations, dstpitch and srcpitch can
be negative. This leads BLTUNSAFE macro into an
overflow, and as a result, it avoids performing
operations that are perfectly valid.
The visible effect that led to that patch was the gnome-panel
bar in Fedora10. Before this patch, you could see garbage
clobbering a big portion of the bar.
After this patch, this garbage is gone.
Signed-off-by: Glauber Costa <glommer@redhat.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5880 c046a42c-6fe2-441c-8c8c-71466251a162
Hypervisors like KVM perform badly while doing mmio on
a loop, because it'll generate an exit on each access.
This is the case with VGA, which results in very bad
performance.
In this patch, we map the linear frame buffer as RAM,
make sure it has dirty region tracking enabled, and then
just let the region to be written.
Cleanups suggestions by:
Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5793 c046a42c-6fe2-441c-8c8c-71466251a162
It'll be reused later by the vga optimization.
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5791 c046a42c-6fe2-441c-8c8c-71466251a162
unsigned long is too bad of a type. Use ram_addr_t instead.
aligurori: fixed a compile warning in this patch
Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5790 c046a42c-6fe2-441c-8c8c-71466251a162
The code in hw/cirrus_vga.c has changed a lot between CVE-2007-1320 has
been announced and the patch has been applied. As a consequence it has
wrongly applied and QEMU is still vulnerable to this bug if using VNC.
(noticed by Jan Niehusmann)
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5587 c046a42c-6fe2-441c-8c8c-71466251a162
I left a TODO in the code because this still doesn't definitely
fix all issues.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5308 c046a42c-6fe2-441c-8c8c-71466251a162
I have just noticed that patch for CVE-2007-1320 has never been applied
to the QEMU CVS. Please find it below.
| Multiple heap-based buffer overflows in the cirrus_invalidate_region
| function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and
| possibly other products, might allow local users to execute arbitrary
| code via unspecified vectors related to "attempting to mark
| non-existent regions as dirty," aka the "bitblt" heap overflow.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4340 c046a42c-6fe2-441c-8c8c-71466251a162