aboutsummaryrefslogtreecommitdiff
path: root/hw
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2017-01-12 17:51:41 +0000
committerPeter Maydell <peter.maydell@linaro.org>2017-01-12 17:51:41 +0000
commit80fbc689e0503f8dd7b1eaf1b608cd6b8e76ca09 (patch)
tree23c4d62d378a5299a5898e840c4b76cbaf000f32 /hw
parent4201e616c0fa48de99a505a6ade979f0c2c65e28 (diff)
parenta2056e09b02745e5d000351a8a7938fa8a292ba7 (diff)
Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20170111-1' into staging
vga: fixes for virtio-gpu and cirrus. # gpg: Signature made Wed 11 Jan 2017 10:24:24 GMT # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/pull-vga-20170111-1: virtio-gpu: tag as not hotpluggable virtio-gpu: Fix memory leak in virtio_gpu_load() virtio-gpu: Recalculate VirtIOGPU::hostmem on VM load display: cirrus: ignore source pitch value as needed in blit_is_unsafe virtio-gpu: fix information leak in capset get dispatch Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw')
-rw-r--r--hw/display/cirrus_vga.c11
-rw-r--r--hw/display/virtio-gpu-3d.c2
-rw-r--r--hw/display/virtio-gpu.c18
3 files changed, 26 insertions, 5 deletions
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index bdb092ee9d..379910db2d 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -294,7 +294,7 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
return false;
}
-static bool blit_is_unsafe(struct CirrusVGAState *s)
+static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
{
/* should be the case, see cirrus_bitblt_start */
assert(s->cirrus_blt_width > 0);
@@ -308,6 +308,9 @@ static bool blit_is_unsafe(struct CirrusVGAState *s)
s->cirrus_blt_dstaddr & s->cirrus_addr_mask)) {
return true;
}
+ if (dst_only) {
+ return false;
+ }
if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch,
s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) {
return true;
@@ -673,7 +676,7 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
- if (blit_is_unsafe(s))
+ if (blit_is_unsafe(s, false))
return 0;
(*s->cirrus_rop) (s, dst, src,
@@ -691,7 +694,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
{
cirrus_fill_t rop_func;
- if (blit_is_unsafe(s)) {
+ if (blit_is_unsafe(s, true)) {
return 0;
}
rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
@@ -795,7 +798,7 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
{
- if (blit_is_unsafe(s))
+ if (blit_is_unsafe(s, false))
return 0;
return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
index b13ced38fa..f96a0c2e59 100644
--- a/hw/display/virtio-gpu-3d.c
+++ b/hw/display/virtio-gpu-3d.c
@@ -379,7 +379,7 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
return;
}
- resp = g_malloc(sizeof(*resp) + max_size);
+ resp = g_malloc0(sizeof(*resp) + max_size);
resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
virgl_renderer_fill_caps(gc.capset_id,
gc.capset_version,
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index ca88cf478d..7a15c61c76 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -1038,6 +1038,8 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size)
uint32_t resource_id, pformat;
int i;
+ g->hostmem = 0;
+
resource_id = qemu_get_be32(f);
while (resource_id != 0) {
res = g_new0(struct virtio_gpu_simple_resource, 1);
@@ -1050,15 +1052,19 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size)
/* allocate */
pformat = get_pixman_format(res->format);
if (!pformat) {
+ g_free(res);
return -EINVAL;
}
res->image = pixman_image_create_bits(pformat,
res->width, res->height,
NULL, 0);
if (!res->image) {
+ g_free(res);
return -EINVAL;
}
+ res->hostmem = PIXMAN_FORMAT_BPP(pformat) * res->width * res->height;
+
res->addrs = g_new(uint64_t, res->iov_cnt);
res->iov = g_new(struct iovec, res->iov_cnt);
@@ -1076,11 +1082,22 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size)
res->iov[i].iov_base =
cpu_physical_memory_map(res->addrs[i], &len, 1);
if (!res->iov[i].iov_base || len != res->iov[i].iov_len) {
+ /* Clean up the half-a-mapping we just created... */
+ if (res->iov[i].iov_base) {
+ cpu_physical_memory_unmap(res->iov[i].iov_base,
+ len, 0, 0);
+ }
+ /* ...and the mappings for previous loop iterations */
+ res->iov_cnt = i;
+ virtio_gpu_cleanup_mapping(res);
+ pixman_image_unref(res->image);
+ g_free(res);
return -EINVAL;
}
}
QTAILQ_INSERT_HEAD(&g->reslist, res, next);
+ g->hostmem += res->hostmem;
resource_id = qemu_get_be32(f);
}
@@ -1282,6 +1299,7 @@ static void virtio_gpu_class_init(ObjectClass *klass, void *data)
dc->props = virtio_gpu_properties;
dc->vmsd = &vmstate_virtio_gpu;
+ dc->hotpluggable = false;
}
static const TypeInfo virtio_gpu_info = {