2983660f65
CVE-2013-4377: Fix crash when unplugging virtio devices (bz #1012633, bz #1012641) Fix 'new snapshot' slowness after the first snap (bz #988436) Fix 9pfs xattrs on kernel 3.11 (bz #1013676) CVE-2013-4344: buffer overflow in scsi_target_emulate_report_luns (bz #1015274, bz #1007330)
68 lines
2.7 KiB
Diff
68 lines
2.7 KiB
Diff
From dc0973b5883df7d822b285119691ade8c84dda9c Mon Sep 17 00:00:00 2001
|
|
From: Gerd Hoffmann <kraxel@redhat.com>
|
|
Date: Thu, 5 Sep 2013 21:57:19 +0200
|
|
Subject: [PATCH] qxl: fix local renderer
|
|
|
|
The local spice renderer assumes the primary surface is located at the
|
|
start of the "ram" bar. This used to be a requirement in qxl hardware
|
|
revision 1. In revision 2+ this is relaxed. Nevertheless guest drivers
|
|
continued to use the traditional location, for historical and backward
|
|
compatibility reasons. The qxl kms driver doesn't though as it depends
|
|
on qxl revision 4+ anyway.
|
|
|
|
Result is that local rendering is hosed for recent linux guests, you'll
|
|
get pixel garbage with non-spice ui (gtk, sdl, vnc) and when doing
|
|
screendumps. Fix that by doing a proper mapping of the guest-specified
|
|
memory location.
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=948717
|
|
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
(cherry picked from commit c58c7b959b93b864a27fd6b3646ee1465ab8832b)
|
|
|
|
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
|
|
---
|
|
hw/display/qxl-render.c | 15 ++++++++++-----
|
|
1 file changed, 10 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
|
|
index 269b1a7..d34b0c4 100644
|
|
--- a/hw/display/qxl-render.c
|
|
+++ b/hw/display/qxl-render.c
|
|
@@ -31,10 +31,6 @@ static void qxl_blit(PCIQXLDevice *qxl, QXLRect *rect)
|
|
if (is_buffer_shared(surface)) {
|
|
return;
|
|
}
|
|
- if (!qxl->guest_primary.data) {
|
|
- trace_qxl_render_blit_guest_primary_initialized();
|
|
- qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram);
|
|
- }
|
|
trace_qxl_render_blit(qxl->guest_primary.qxl_stride,
|
|
rect->left, rect->right, rect->top, rect->bottom);
|
|
src = qxl->guest_primary.data;
|
|
@@ -104,7 +100,12 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl)
|
|
|
|
if (qxl->guest_primary.resized) {
|
|
qxl->guest_primary.resized = 0;
|
|
- qxl->guest_primary.data = memory_region_get_ram_ptr(&qxl->vga.vram);
|
|
+ qxl->guest_primary.data = qxl_phys2virt(qxl,
|
|
+ qxl->guest_primary.surface.mem,
|
|
+ MEMSLOT_GROUP_GUEST);
|
|
+ if (!qxl->guest_primary.data) {
|
|
+ return;
|
|
+ }
|
|
qxl_set_rect_to_surface(qxl, &qxl->dirty[0]);
|
|
qxl->num_dirty_rects = 1;
|
|
trace_qxl_render_guest_primary_resized(
|
|
@@ -128,6 +129,10 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl)
|
|
}
|
|
dpy_gfx_replace_surface(vga->con, surface);
|
|
}
|
|
+
|
|
+ if (!qxl->guest_primary.data) {
|
|
+ return;
|
|
+ }
|
|
for (i = 0; i < qxl->num_dirty_rects; i++) {
|
|
if (qemu_spice_rect_is_empty(qxl->dirty+i)) {
|
|
break;
|