vga: fixes for virtio-gpu and cirrus.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAABAgAGBQJYdgfYAAoJEEy22O7T6HE4tDYQAM4Pte9qCTi8yf1f9oOPnM5L 9R86SPNwV42b162s+v1l3bZ1mebReJHcRmYWN53Mbv/M4jhuuGN678gGa0ok3cN/ Jo0J8DdpycjbqM07bF/YOa001mjxX9eRw2hJhIkxAG1Dd64DSRslqPz5PDUz9/1z dvxHovDC/jL3YfNKXqihLogWzIAlw458Z5f7EHIlKURjaNQ+fi5ZKyzNl4PTzkAm DkN3CSiXg0DR6++50ds9HrTeXyhCkByU6dEqffmN2VofPnhSnNmem3p1SQum88XY 7WYi2WHUWuncFw+4zzOvMU+8WD52Y6xe2Y5a/VBmK/hUqrHb+1V7Q3Ck+6PTIBlx pY/KZUrKr3M4rY1Ik0SiJSRx8Ub50oMJdQ2pCsWhHjNJXECCGgUWt/d1oWMyug1y 3sONKCq9BggSISvX1QN48lXKSdObd5B8aWmSxxsaR42eUok2Bv2OV4LQIUQ4vtFx mxe31H6YNt4/zgX/BOhs85+VLFLXvjrc9u1fS5PFIS+CyToepn/4G9T85AsQ3RsB 9HE0Mue00x8EhcrBh7YVjq98LGnkvPpabHV02DaJTG47koWli7ApxHz1PNCym2hM vaowH2pltoR4bb/2tEcokF6P/kV/DlxgjRAFrxDHjKKJX24vTPDNDxMhWXgC4wE1 3OdKARbysrrXqVtWW8eq =W7M/ -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20170111-1' into staging vga: fixes for virtio-gpu and cirrus. # gpg: Signature made Wed 11 Jan 2017 10:24:24 GMT # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/pull-vga-20170111-1: virtio-gpu: tag as not hotpluggable virtio-gpu: Fix memory leak in virtio_gpu_load() virtio-gpu: Recalculate VirtIOGPU::hostmem on VM load display: cirrus: ignore source pitch value as needed in blit_is_unsafe virtio-gpu: fix information leak in capset get dispatch Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell
commit
80fbc689e0
|
|
@ -294,7 +294,7 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
|
|||
return false;
|
||||
}
|
||||
|
||||
static bool blit_is_unsafe(struct CirrusVGAState *s)
|
||||
static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
|
||||
{
|
||||
/* should be the case, see cirrus_bitblt_start */
|
||||
assert(s->cirrus_blt_width > 0);
|
||||
|
|
@ -308,6 +308,9 @@ static bool blit_is_unsafe(struct CirrusVGAState *s)
|
|||
s->cirrus_blt_dstaddr & s->cirrus_addr_mask)) {
|
||||
return true;
|
||||
}
|
||||
if (dst_only) {
|
||||
return false;
|
||||
}
|
||||
if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch,
|
||||
s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) {
|
||||
return true;
|
||||
|
|
@ -673,7 +676,7 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
|
|||
|
||||
dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
|
||||
|
||||
if (blit_is_unsafe(s))
|
||||
if (blit_is_unsafe(s, false))
|
||||
return 0;
|
||||
|
||||
(*s->cirrus_rop) (s, dst, src,
|
||||
|
|
@ -691,7 +694,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
|
|||
{
|
||||
cirrus_fill_t rop_func;
|
||||
|
||||
if (blit_is_unsafe(s)) {
|
||||
if (blit_is_unsafe(s, true)) {
|
||||
return 0;
|
||||
}
|
||||
rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
|
||||
|
|
@ -795,7 +798,7 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
|
|||
|
||||
static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
|
||||
{
|
||||
if (blit_is_unsafe(s))
|
||||
if (blit_is_unsafe(s, false))
|
||||
return 0;
|
||||
|
||||
return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
|
||||
|
|
|
|||
|
|
@ -379,7 +379,7 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
|
|||
return;
|
||||
}
|
||||
|
||||
resp = g_malloc(sizeof(*resp) + max_size);
|
||||
resp = g_malloc0(sizeof(*resp) + max_size);
|
||||
resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
|
||||
virgl_renderer_fill_caps(gc.capset_id,
|
||||
gc.capset_version,
|
||||
|
|
|
|||
|
|
@ -1038,6 +1038,8 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size)
|
|||
uint32_t resource_id, pformat;
|
||||
int i;
|
||||
|
||||
g->hostmem = 0;
|
||||
|
||||
resource_id = qemu_get_be32(f);
|
||||
while (resource_id != 0) {
|
||||
res = g_new0(struct virtio_gpu_simple_resource, 1);
|
||||
|
|
@ -1050,15 +1052,19 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size)
|
|||
/* allocate */
|
||||
pformat = get_pixman_format(res->format);
|
||||
if (!pformat) {
|
||||
g_free(res);
|
||||
return -EINVAL;
|
||||
}
|
||||
res->image = pixman_image_create_bits(pformat,
|
||||
res->width, res->height,
|
||||
NULL, 0);
|
||||
if (!res->image) {
|
||||
g_free(res);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
res->hostmem = PIXMAN_FORMAT_BPP(pformat) * res->width * res->height;
|
||||
|
||||
res->addrs = g_new(uint64_t, res->iov_cnt);
|
||||
res->iov = g_new(struct iovec, res->iov_cnt);
|
||||
|
||||
|
|
@ -1076,11 +1082,22 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size)
|
|||
res->iov[i].iov_base =
|
||||
cpu_physical_memory_map(res->addrs[i], &len, 1);
|
||||
if (!res->iov[i].iov_base || len != res->iov[i].iov_len) {
|
||||
/* Clean up the half-a-mapping we just created... */
|
||||
if (res->iov[i].iov_base) {
|
||||
cpu_physical_memory_unmap(res->iov[i].iov_base,
|
||||
len, 0, 0);
|
||||
}
|
||||
/* ...and the mappings for previous loop iterations */
|
||||
res->iov_cnt = i;
|
||||
virtio_gpu_cleanup_mapping(res);
|
||||
pixman_image_unref(res->image);
|
||||
g_free(res);
|
||||
return -EINVAL;
|
||||
}
|
||||
}
|
||||
|
||||
QTAILQ_INSERT_HEAD(&g->reslist, res, next);
|
||||
g->hostmem += res->hostmem;
|
||||
|
||||
resource_id = qemu_get_be32(f);
|
||||
}
|
||||
|
|
@ -1282,6 +1299,7 @@ static void virtio_gpu_class_init(ObjectClass *klass, void *data)
|
|||
|
||||
dc->props = virtio_gpu_properties;
|
||||
dc->vmsd = &vmstate_virtio_gpu;
|
||||
dc->hotpluggable = false;
|
||||
}
|
||||
|
||||
static const TypeInfo virtio_gpu_info = {
|
||||
|
|
|
|||
Loading…
Reference in New Issue