aboutsummaryrefslogtreecommitdiff
path: root/ui/spice-display.c
AgeCommit message (Collapse)Author
2014-09-05spice: make sure we don't overflow ssd->bufGerd Hoffmann
Related spice-only bug. We have a fixed 16 MB buffer here, being presented to the spice-server as qxl video memory in case spice is used with a non-qxl card. It's also used with qxl in vga mode. When using display resolutions requiring more than 16 MB of memory we are going to overflow that buffer. In theory the guest can write, indirectly via spice-server. The spice-server clears the memory after setting a new video mode though, triggering a segfault in the overflow case, so qemu crashes before the guest has a chance to do something evil. Fix that by switching to dynamic allocation for the buffer. CVE-2014-3615 Cc: qemu-stable@nongnu.org Cc: secalert@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2014-06-20spice: fix 32bit buildGerd Hoffmann
Tested-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1403244764-8622-1-git-send-email-kraxel@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-13spice: add mouse cursor supportGerd Hoffmann
So you'll have a mouse pointer when running non-qxl gfx cards with mouse pointer support (virtio-gpu, IIRC vmware too). Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-07spice: monitors_config: check pointer before dereferencingGerd Hoffmann
Reported-by: Fabio Fantoni <fabio.fantoni@m2r.biz> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-10spice: QemuUIInfo windupGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-10spice: fix simple display surface handlingGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-12-16spice: move qemu_spice_display_*() from spice-graphics to spice-coreGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-10-17spice: fix multihead supportGerd Hoffmann
This patch fixes spice display initialization to handle multihead properly. spice-core now keeps track of which QemuConsole has a spice display channel attached to it and which has not. It also manages display channel ids. spice-display looks at all QemuConsoles and will pick up any graphic console not yet bound to a spice channel (which in practice are all non-qxl graphic devices). Result is that (a) you'll get a spice client window for each graphical device now (first only without this patch), and (b) mixing qxl and non-qxl vga cards works properly. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-10-17spice-display: add display channel id to the debug messages.Gerd Hoffmann
And s/__FUNCTION__/__func__/ while being at it. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-10-17spice: replace use of deprecated APIMarc-André Lureau
hose API are deprecated since 0.11, and qemu depends on 0.12 already. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-25console: zap ds arg from register_displaychangelistenerGerd Hoffmann
We don't have multiple DisplayStates any more, so passing it in as argument is not needed. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-16console: allow pinning displaychangelisteners to consolesGerd Hoffmann
DisplayChangeListener gets a new QemuConsole field, which can be set to non-NULL before registering. This will pin the QemuConsole, so that particular DisplayChangeListener will not follow console switches. spice+gtk (which don't support text console input anyway) are switched over to be pinned to console 0, which usually is the graphical display. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-16console: rename vga_hw_*, add QemuConsole paramGerd Hoffmann
Add QemuConsole parameter to vga_hw_*, so the interface allows to update non-active consoles (the actual code can't handle this yet, see next patch). Passing NULL is allowed and updates the active console, like the functions do today. While touching all vga_hw_* calls anyway rename that to the functions to hardware-neutral graphics_hw_* Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18console: stop using DisplayState in gfx hardware emulationGerd Hoffmann
Use QemuConsole instead. Updates interfaces in console.[ch] and adapts gfx hardware emulation code. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18console: zap displaystate from dcl callbacksGerd Hoffmann
Now that nobody depends on DisplayState in DisplayChangeListener callbacks any more we can remove the parameter from all callbacks. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18spice: stop using DisplayStateGerd Hoffmann
Rework DisplayStateListener callbacks to not use the DisplayState any more. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18console: rework DisplaySurface handling [dcl/ui side]Gerd Hoffmann
Replace the dpy_gfx_resize and dpy_gfx_setdata DisplayChangeListener callbacks with a dpy_gfx_switch callback which notifies the ui code when the framebuffer backing storage changes. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18spice: zap sdpy globalGerd Hoffmann
DisplayChangeListener is passed now to all DisplayChangeListenerOps callbacks, so we can use that to access the spice display state and kill the sdpy global variable. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18console: fix displaychangelisteners interfaceGerd Hoffmann
Split callbacks into separate Ops struct. Pass DisplayChangeListener pointer as first argument to all callbacks. Uninline a bunch of display functions and move them from console.h to console.c Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-12-19softmmu: move include files to include/sysemu/Paolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19misc: move include files to include/qemu/Paolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19monitor: move include files to include/monitor/Paolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19ui: move files to ui/ and include/ui/Paolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-11-21spice: add new spice-server callbacks to ui/spice-display.cGerd Hoffmann
Otherwise qemu crashes with non-qxl graphics cards. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05spice: fix initialization orderGerd Hoffmann
Register displaychangelistener last, after spice is fully initialized, otherwise we may hit NULL pointer dereferences when qemu starts calling our callbacks. Commit e250d949feb1334828f27f0d145c35f29c4b7639 triggers this bug. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05spice: switch to pixmanGerd Hoffmann
Switch over spice-display.c to use the pixman library instead of the home-grown pflib bits. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01console: untangle gfx & txt updatesGerd Hoffmann
Stop abusing displaysurface fields for text mode displays. (bpp = 0, width = cols, height = lines). Add flags to displaystate indicating whenever text mode display (curses) or gfx mode displays (sdl, vnc, ...) are present. Add separate displaychangelistener callbacks for text / gfx mode resize & updates. This allows to enable gfx and txt diplays at the same time and also paves the way for more cleanups in the future. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01console: move set_mouse + cursor_define callbacksGerd Hoffmann
When adding DisplayChangeListeners the set_mouse and cursor_define callbacks have been left in DisplayState for some reason. Fix it. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-08spice: raise requirement to 0.12Gerd Hoffmann
With the next qemu version (1.3) we are going to bump the qxl device revision to 4. The new features available require a recent spice-server version, so raise up the bar. Otherwise we would end up with different qxl revisions depending on the spice-server version installed, which would be a major PITA when it comes to compat properties. Clear out a big bunch of #ifdefs which are not needed any more. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-17Merge remote-tracking branch 'stefanha/trivial-patches' into stagingAnthony Liguori
* stefanha/trivial-patches: configure: fix seccomp check arch_init.c: add missing '%' symbols before PRIu64 in debug printfs kvm: Fix warning from static code analysis qapi: Fix enumeration typo error console: Clean up bytes per pixel calculation Fix copy&paste typos in documentation comments linux-user: Remove #if 0'd cpu_get_real_ticks() definition ui: Fix spelling in comment (ressource -> resource) Spelling fixes in comments and macro names (ressource -> resource) Fix spelling (licenced -> licensed) in GPL Spelling fixes in comments and documentation srp: Don't use QEMU_PACKED for single elements of a structured type
2012-09-14ui: Fix spelling in comment (ressource -> resource)Stefan Weil
The function is called interface_release_resource. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-09-12spice: send updates only for changed screen contentGerd Hoffmann
when creating screen updates go compare the current guest screen against the mirror (which holds the most recent update sent), then only create updates for the screen areas which did actually change. [ v2: drop redundant qemu_spice_create_one_update call ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-12spice: add screen mirrorGerd Hoffmann
Create a screen mirror, keep there a copy of the most recent update passed on to spice-server. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-12spice: split qemu_spice_create_updateGerd Hoffmann
Creating one function which creates a single update for a given rectangle. And one (for now) pretty simple wrapper around it to queue up screen updates for the dirty region. [ v2: also update bounding box ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-12spice: switch to queue for vga mode updatesGerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-05spice: make number of surfaces runtime-configurable.Gerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-05spice: notify on vm state change only via spice_server_vm_start/stopYonit Halperin
QXLWorker->start/stop are deprecated since spice-server 0.11.2 Signed-off-by: Yonit Halperin <yhalperi@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-22ui/spice-display.c: add missing initialization for valgrindAlon Levy
We can't initialize QXLDevSurfaceCreate field by field because it has a pa hole, and so 4 bytes remain uninitialized when building on x86-64, so just memset. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-07Replace Qemu by QEMU in commentsStefan Weil
The official spelling is QEMU. Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Andreas Färber <afaerber@suse.de> [blauwirbel@gmail.com: fixed comment style in hw/sun4m.c] Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-03-22ui/spice-display: use uintptr_t when casting qxl physical addressesAlon Levy
The current intptr_t casts are a problem when the address's highest bit is 1, and it is cast to a intptr_t and then to uint64_t, such as at: surface.mem = (intptr_t)ssd->buf; This causes the sign bit to be extended which causes a wrong address to be passed on to spice, which then complains when it gets the wrong slot_id number, since the slot_id is taken from the higher bits. The assertion happens early - during the first primary surface creation. This fixes running "-vga qxl -spice" with 32 bit compiled qemu-system-i386. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-22ui/spice-display.c: Fix compilation warnings on 32 bit hostsPeter Maydell
Fix compilation failures ("cast from pointer to integer of different size [-Werror=pointer-to-int-cast]") by using uintptr_t instead. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-19qxl: switch qxl.c to trace-eventsAlon Levy
dprint is still used for qxl_init_common one time prints. also switched parts of spice-display.c over, mainly all the callbacks to spice server. All qxl device trace events start with the qxl device id. Signed-off-by: Alon Levy <alevy@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27qxl: introduce QXLCookieAlon Levy
Will be used in the next patch. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27qxl: require spice >= 0.8.2Alon Levy
drop all ifdefs on SPICE_INTERFACE_QXL_MINOR >= 1 as a result, any check for SPICE_SERVER_VERSION that is now always satisfied, and SPICE_INTERFACE_CORE_MINOR >= 3 tests, because 0.8.2 has SPICE_INTERFACE_QXL_MINOR == 1 and SPICE_INTERFACE_CORE_MINOR == 3. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27qxl: fix spice+sdl no cursor regressionAlon Levy
regression introduced by 075360945860ad9bdd491921954b383bf762b0e5, v2: lock around qemu_spice_cursor_refresh_unlocked Reported-by: Fabiano Fidêncio <fabiano@fidencio.org> Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-09-21Drop unneeded pthread.h inclusionsJan Kiszka
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-09-15Replace the VMSTOP macros with a proper state typeLuiz Capitulino
Today, when notifying a VM state change with vm_state_notify(), we pass a VMSTOP macro as the 'reason' argument. This is not ideal because the VMSTOP macros tell why qemu stopped and not exactly what the current VM state is. One example to demonstrate this problem is that vm_start() calls vm_state_notify() with reason=0, which turns out to be VMSTOP_USER. This commit fixes that by replacing the VMSTOP macros with a proper state type called RunState. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2011-09-07spice: set qxl->ssd.running=true before telling spice to start, RHBZ #733993Yonit Halperin
If qxl->ssd.running=true is set after telling spice to start, the spice server thread can call qxl_send_events while qxl->ssd.running is still false. This leads to assert(d->ssd.running). Signed-off-by: Yonit Halperin <yhalperi@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-08-20Use glib memory allocation and free functionsAnthony Liguori
qemu_malloc/qemu_free no longer exist after this commit. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-03qxl: async io support using new spice apiAlon Levy
Some of the QXL port i/o commands are waiting for the spice server to complete certain actions. Add async versions for these commands, so we don't block the vcpu while the spice server processses the command. Instead the qxl device will raise an IRQ when done. The async command processing relies on an added QXLInterface::async_complete and added QXLWorker::*_async additions, in spice server qxl >= 3.1 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Alon Levy <alevy@redhat.com>