Just hook up qemu_pixman_check_format.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Add fast path to qemu_spice_display_switch in case old and new
displaysurface have identical size (happens with display panning
and page flipping).  We just swap the backing store then and don't
go through the whole process of deleting and creating the primary
surface.

To simplify the code a bit move mirror surface allocation to
qemu_spice_display_switch().
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Calling directly doesn't work due to the qxl-render code running in
spice server thread context.  Meanwhile bottom half scheduling is
thread-safe though, so we can use that to kick a cursor update in
main i/o thread context.

Cc: Marc-André Lureau <marcandre.lureau@gmail.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Related spice-only bug.  We have a fixed 16 MB buffer here, being
presented to the spice-server as qxl video memory in case spice is
used with a non-qxl card.  It's also used with qxl in vga mode.

When using display resolutions requiring more than 16 MB of memory we
are going to overflow that buffer.  In theory the guest can write,
indirectly via spice-server.  The spice-server clears the memory after
setting a new video mode though, triggering a segfault in the overflow
case, so qemu crashes before the guest has a chance to do something
evil.

Fix that by switching to dynamic allocation for the buffer.

CVE-2014-3615

Cc: qemu-stable@nongnu.org
Cc: secalert@redhat.com
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
Reviewed-by: NLaszlo Ersek <lersek@redhat.com>

Tested-by: NLuiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
Message-id: 1403244764-8622-1-git-send-email-kraxel@redhat.com
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

So you'll have a mouse pointer when running non-qxl gfx cards with
mouse pointer support (virtio-gpu, IIRC vmware too).
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Reported-by: NFabio Fantoni <fabio.fantoni@m2r.biz>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

This patch fixes spice display initialization to handle
multihead properly.

spice-core now keeps track of which QemuConsole has a spice
display channel attached to it and which has not.  It also
manages display channel ids.

spice-display looks at all QemuConsoles and will pick up any
graphic console not yet bound to a spice channel (which in practice
are all non-qxl graphic devices).

Result is that
 (a) you'll get a spice client window for each graphical device
     now (first only without this patch), and
 (b) mixing qxl and non-qxl vga cards works properly.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

And s/__FUNCTION__/__func__/ while being at it.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

hose API are deprecated since 0.11, and qemu depends on 0.12 already.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

We don't have multiple DisplayStates any more,
so passing it in as argument is not needed.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

DisplayChangeListener gets a new QemuConsole field, which can be set to
non-NULL before registering.  This will pin the QemuConsole, so that
particular DisplayChangeListener will not follow console switches.

spice+gtk (which don't support text console input anyway) are switched
over to be pinned to console 0, which usually is the graphical display.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Add QemuConsole parameter to vga_hw_*, so the interface allows to update
non-active consoles (the actual code can't handle this yet, see next
patch).  Passing NULL is allowed and updates the active console, like
the functions do today.

While touching all vga_hw_* calls anyway rename that to the functions to
hardware-neutral graphics_hw_*
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Use QemuConsole instead.  Updates interfaces in console.[ch] and adapts
gfx hardware emulation code.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Now that nobody depends on DisplayState in DisplayChangeListener
callbacks any more we can remove the parameter from all callbacks.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Rework DisplayStateListener callbacks to not use the DisplayState
any more.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Replace the dpy_gfx_resize and dpy_gfx_setdata DisplayChangeListener
callbacks with a dpy_gfx_switch callback which notifies the ui code
when the framebuffer backing storage changes.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

DisplayChangeListener is passed now to all DisplayChangeListenerOps
callbacks, so we can use that to access the spice display state and
kill the sdpy global variable.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Split callbacks into separate Ops struct.  Pass DisplayChangeListener
pointer as first argument to all callbacks.  Uninline a bunch of
display functions and move them from console.h to console.c
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Otherwise qemu crashes with non-qxl graphics cards.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Register displaychangelistener last, after spice is fully initialized,
otherwise we may hit NULL pointer dereferences when qemu starts calling
our callbacks.

Commit e250d949 triggers this bug.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Switch over spice-display.c to use the pixman library
instead of the home-grown pflib bits.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Stop abusing displaysurface fields for text mode displays.
(bpp = 0, width = cols, height = lines).

Add flags to displaystate indicating whenever text mode display
(curses) or gfx mode displays (sdl, vnc, ...) are present.

Add separate displaychangelistener callbacks for text / gfx mode
resize & updates.

This allows to enable gfx and txt diplays at the same time and also
paves the way for more cleanups in the future.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

When adding DisplayChangeListeners the set_mouse and cursor_define
callbacks have been left in DisplayState for some reason.  Fix it.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

With the next qemu version (1.3) we are going to bump the qxl device
revision to 4.  The new features available require a recent spice-server
version, so raise up the bar.  Otherwise we would end up with different
qxl revisions depending on the spice-server version installed, which
would be a major PITA when it comes to compat properties.

Clear out a big bunch of #ifdefs which are not needed any more.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

The function is called interface_release_resource.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Signed-off-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com>

when creating screen updates go compare the current guest screen
against the mirror (which holds the most recent update sent), then
only create updates for the screen areas which did actually change.

[ v2: drop redundant qemu_spice_create_one_update call ]
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Create a screen mirror, keep there a copy of the most recent update
passed on to spice-server.
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Creating one function which creates a single update for a given
rectangle.  And one (for now) pretty simple wrapper around it to
queue up screen updates for the dirty region.

[ v2: also update bounding box ]
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

QXLWorker->start/stop are deprecated since spice-server 0.11.2
Signed-off-by: NYonit Halperin <yhalperi@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>

We can't initialize QXLDevSurfaceCreate field by field because it has a
pa hole, and so 4 bytes remain uninitialized when building on x86-64, so
just memset.
Signed-off-by: NAlon Levy <alevy@redhat.com>
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>