From 840b28a1f8805fe2f53d9c78a0bd61dbc5eac302 Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Tue, 24 Sep 2013 10:17:48 -0400 Subject: [PATCH] Fix -vga qxl with -display vnc (bz #948717) Fix USB crash when installing reactos (bz #1005495) Don't ship x86 kvm wrapper on arm (bz #1005581) --- 0007-qxl-fix-local-renderer.patch | 65 +++++++++++++++++++ ...hci-save-device-pointer-in-EHCIState.patch | 65 +++++++++++++++++++ qemu.spec | 20 +++++- 3 files changed, 148 insertions(+), 2 deletions(-) create mode 100644 0007-qxl-fix-local-renderer.patch create mode 100644 0008-ehci-save-device-pointer-in-EHCIState.patch diff --git a/0007-qxl-fix-local-renderer.patch b/0007-qxl-fix-local-renderer.patch new file mode 100644 index 0000000..fa226de --- /dev/null +++ b/0007-qxl-fix-local-renderer.patch @@ -0,0 +1,65 @@ +From 909d4a71878f3568b6c636a07d9f4f2c97a5de12 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Thu, 5 Sep 2013 21:57:19 +0200 +Subject: [PATCH] qxl: fix local renderer + +The local spice renderer assumes the primary surface is located at the +start of the "ram" bar. This used to be a requirement in qxl hardware +revision 1. In revision 2+ this is relaxed. Nevertheless guest drivers +continued to use the traditional location, for historical and backward +compatibility reasons. The qxl kms driver doesn't though as it depends +on qxl revision 4+ anyway. + +Result is that local rendering is hosed for recent linux guests, you'll +get pixel garbage with non-spice ui (gtk, sdl, vnc) and when doing +screendumps. Fix that by doing a proper mapping of the guest-specified +memory location. + +https://bugzilla.redhat.com/show_bug.cgi?id=948717 + +Signed-off-by: Gerd Hoffmann +(cherry picked from commit c58c7b959b93b864a27fd6b3646ee1465ab8832b) +--- + hw/display/qxl-render.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c +index 269b1a7..d34b0c4 100644 +--- a/hw/display/qxl-render.c ++++ b/hw/display/qxl-render.c +@@ -31,10 +31,6 @@ static void qxl_blit(PCIQXLDevice *qxl, QXLRect *rect) + if (is_buffer_shared(surface)) { + return; + } +- if (!qxl->guest_primary.data) { +- trace_qxl_render_blit_guest_primary_initialized(); +- qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram); +- } + trace_qxl_render_blit(qxl->guest_primary.qxl_stride, + rect->left, rect->right, rect->top, rect->bottom); + src = qxl->guest_primary.data; +@@ -104,7 +100,12 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl) + + if (qxl->guest_primary.resized) { + qxl->guest_primary.resized = 0; +- qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram); ++ qxl->guest_primary.data = qxl_phys2virt(qxl, ++ qxl->guest_primary.surface.mem, ++ MEMSLOT_GROUP_GUEST); ++ if (!qxl->guest_primary.data) { ++ return; ++ } + qxl_set_rect_to_surface(qxl, &qxl->dirty[0]); + qxl->num_dirty_rects = 1; + trace_qxl_render_guest_primary_resized( +@@ -128,6 +129,10 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl) + } + dpy_gfx_replace_surface(vga->con, surface); + } ++ ++ if (!qxl->guest_primary.data) { ++ return; ++ } + for (i = 0; i < qxl->num_dirty_rects; i++) { + if (qemu_spice_rect_is_empty(qxl->dirty+i)) { + break; diff --git a/0008-ehci-save-device-pointer-in-EHCIState.patch b/0008-ehci-save-device-pointer-in-EHCIState.patch new file mode 100644 index 0000000..0168d9c --- /dev/null +++ b/0008-ehci-save-device-pointer-in-EHCIState.patch @@ -0,0 +1,65 @@ +From f0679fb95d2c1b9597b83184309e70cc3c3e3b1d Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Mon, 9 Sep 2013 10:18:17 +0200 +Subject: [PATCH] ehci: save device pointer in EHCIState + +We'll need a pointer to the actual pci/sysbus device, +stick a pointer to it into the EHCIState struct. + +https://bugzilla.redhat.com/show_bug.cgi?id=1005495 + +Signed-off-by: Gerd Hoffmann +(cherry picked from commit adbecc89731cf3e0ae656d50ea9fa58c589c4bdc) +--- + hw/usb/hcd-ehci.c | 7 +++---- + hw/usb/hcd-ehci.h | 1 + + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c +index 010a0d0..e9fb20c 100644 +--- a/hw/usb/hcd-ehci.c ++++ b/hw/usb/hcd-ehci.c +@@ -1241,13 +1241,11 @@ static int ehci_init_transfer(EHCIPacket *p) + { + uint32_t cpage, offset, bytes, plen; + dma_addr_t page; +- USBBus *bus = &p->queue->ehci->bus; +- BusState *qbus = BUS(bus); + + cpage = get_field(p->qtd.token, QTD_TOKEN_CPAGE); + bytes = get_field(p->qtd.token, QTD_TOKEN_TBYTES); + offset = p->qtd.bufptr[0] & ~QTD_BUFPTR_MASK; +- qemu_sglist_init(&p->sgl, qbus->parent, 5, p->queue->ehci->as); ++ qemu_sglist_init(&p->sgl, p->queue->ehci->device, 5, p->queue->ehci->as); + + while (bytes > 0) { + if (cpage > 4) { +@@ -1486,7 +1484,7 @@ static int ehci_process_itd(EHCIState *ehci, + return -1; + } + +- qemu_sglist_init(&ehci->isgl, DEVICE(ehci), 2, ehci->as); ++ qemu_sglist_init(&ehci->isgl, ehci->device, 2, ehci->as); + if (off + len > 4096) { + /* transfer crosses page border */ + uint32_t len2 = off + len - 4096; +@@ -2529,6 +2527,7 @@ void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp) + + s->frame_timer = qemu_new_timer_ns(vm_clock, ehci_frame_timer, s); + s->async_bh = qemu_bh_new(ehci_frame_timer, s); ++ s->device = dev; + + qemu_register_reset(ehci_reset, s); + qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s); +diff --git a/hw/usb/hcd-ehci.h b/hw/usb/hcd-ehci.h +index 15a28e8..065c9fa 100644 +--- a/hw/usb/hcd-ehci.h ++++ b/hw/usb/hcd-ehci.h +@@ -255,6 +255,7 @@ typedef QTAILQ_HEAD(EHCIQueueHead, EHCIQueue) EHCIQueueHead; + + struct EHCIState { + USBBus bus; ++ DeviceState *device; + qemu_irq irq; + MemoryRegion mem; + AddressSpace *as; diff --git a/qemu.spec b/qemu.spec index 6a644df..11201f2 100644 --- a/qemu.spec +++ b/qemu.spec @@ -104,7 +104,6 @@ %global system_arm kvm %global kvm_package system-arm %global kvm_target arm -%global need_qemu_kvm 1 %endif %if %{with kvmonly} @@ -140,7 +139,7 @@ Summary: QEMU is a FAST! processor emulator Name: qemu Version: 1.6.0 -Release: 7%{?dist} +Release: 8%{?dist} Epoch: 2 License: GPLv2+ and LGPLv2+ and BSD Group: Development/Tools @@ -193,6 +192,12 @@ Patch0003: 0003-isapc-disable-kvmvapic.patch Patch0004: 0004-pci-do-not-export-pci_bus_reset.patch Patch0005: 0005-qdev-allow-both-pre-and-post-order-vists-in-qdev-wal.patch Patch0006: 0006-qdev-switch-reset-to-post-order.patch +# Fix -vga qxl with -display vnc (bz #948717) +# Patch posted upstream +Patch0007: 0007-qxl-fix-local-renderer.patch +# Fix USB crash when installing reactos (bz #1005495) +# Patch posted upstream +Patch0008: 0008-ehci-save-device-pointer-in-EHCIState.patch BuildRequires: SDL-devel BuildRequires: zlib-devel @@ -717,6 +722,12 @@ CAC emulation development files. %patch0004 -p1 %patch0005 -p1 %patch0006 -p1 +# Fix -vga qxl with -display vnc (bz #948717) +# Patch posted upstream +%patch0007 -p1 +# Fix USB crash when installing reactos (bz #1005495) +# Patch posted upstream +%patch0008 -p1 %build @@ -1425,6 +1436,11 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Tue Sep 24 2013 Cole Robinson - 2:1.6.0-8 +- Fix -vga qxl with -display vnc (bz #948717) +- Fix USB crash when installing reactos (bz #1005495) +- Don't ship x86 kvm wrapper on arm (bz #1005581) + * Thu Sep 12 2013 Dan HorĂ¡k - 2:1.6.0-7 - Enable TCG interpreter for s390 as the native backend supports 64-bit only - Don't require RDMA on s390(x)