1. 14 9月, 2016 33 次提交
  2. 13 9月, 2016 7 次提交
    • P
      Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20160913-1' into staging · fa970124
      Peter Maydell 提交于
      virtio-gpu and vmsvga fixes.
      
      # gpg: Signature made Tue 13 Sep 2016 09:14:44 BST
      # gpg:                using RSA key 0x4CB6D8EED3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
      # gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
      # Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138
      
      * remotes/kraxel/tags/pull-vga-20160913-1:
        virtio-vga: adapt to page-per-vq=off
        virtio-gpu-pci: tag as not hotpluggable
        vmsvga: correct bitmap and pixmap size checks
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      fa970124
    • P
      Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20160913-1' into staging · e1c270c9
      Peter Maydell 提交于
      ui: misc small fixes for vnc, spice and curses.
      
      # gpg: Signature made Tue 13 Sep 2016 08:04:46 BST
      # gpg:                using RSA key 0x4CB6D8EED3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
      # gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
      # Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138
      
      * remotes/kraxel/tags/pull-ui-20160913-1:
        vnc: fix qemu crash because of SIGSEGV
        qemu-options.hx: correct spice options streaming-video default document value to 'off'
        ui/curses.c: Clean up nextchr logic
        ui/curses.c: Ensure we don't read off the end of curses2qemu array
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      e1c270c9
    • P
      Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into staging · 8ede883c
      Peter Maydell 提交于
      # gpg: Signature made Tue 13 Sep 2016 06:41:42 BST
      # gpg:                using RSA key 0xBDBE7B27C0DE3057
      # gpg: Good signature from "Jeffrey Cody <jcody@redhat.com>"
      # gpg:                 aka "Jeffrey Cody <jeff@codyprime.org>"
      # gpg:                 aka "Jeffrey Cody <codyprime@gmail.com>"
      # Primary key fingerprint: 9957 4B4D 3474 90E7 9D98  D624 BDBE 7B27 C0DE 3057
      
      * remotes/cody/tags/block-pull-request:
        qapi/block-core: add doc describing GlusterServer vs. SocketAddress
        block/gluster: add support to choose libgfapi logfile
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      8ede883c
    • G
      virtio-vga: adapt to page-per-vq=off · c2843e93
      Gerd Hoffmann 提交于
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      Message-id: 1473319012-27560-1-git-send-email-kraxel@redhat.com
      c2843e93
    • G
      virtio-gpu-pci: tag as not hotpluggable · 597966d1
      Gerd Hoffmann 提交于
      We can't hotplug display adapters in qemu, tag virtio-gpu-pci
      accordingly (virtio-vga already has this).
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      Acked-by: NMichael S. Tsirkin <mst@redhat.com>
      Message-id: 1473319037-27645-1-git-send-email-kraxel@redhat.com
      597966d1
    • P
      vmsvga: correct bitmap and pixmap size checks · 167d97a3
      Prasad J Pandit 提交于
      When processing svga command DEFINE_CURSOR in vmsvga_fifo_run,
      the computed BITMAP and PIXMAP size are checked against the
      'cursor.mask[]' and 'cursor.image[]' array sizes in bytes.
      Correct these checks to avoid OOB memory access.
      Reported-by: NQinghao Tang <luodalongde@gmail.com>
      Reported-by: NLi Qiang <liqiang6-s@360.cn>
      Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org>
      Message-id: 1473338754-15430-1-git-send-email-ppandit@redhat.com
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      167d97a3
    • G
      vnc: fix qemu crash because of SIGSEGV · 3e10c3ec
      Gonglei 提交于
      The backtrace is:
      
      0x00007f0b75cdf880 in pixman_image_get_stride () from /lib64/libpixman-1.so.0
      0x00007f0b77bcb3cf in vnc_server_fb_stride (vd=0x7f0b7a1a2bb0) at ui/vnc.c:680
      vnc_dpy_copy (dcl=0x7f0b7a1a2c00, src_x=224, src_y=263, dst_x=319, dst_y=363, w=1, h=1) at ui/vnc.c:915
      0x00007f0b77bbcc35 in dpy_gfx_copy (con=0x7f0b7a146210, src_x=src_x@entry=224, src_y=src_y@entry=263, dst_x=dst_x@entry=319,
      dst_y=dst_y@entry=363, w=1, h=1) at ui/console.c:1575
      0x00007f0b77bbda4e in qemu_console_copy (con=<optimized out>, src_x=src_x@entry=224, src_y=src_y@entry=263, dst_x=dst_x@entry=319,
      dst_y=dst_y@entry=363, w=<optimized out>, h=<optimized out>) at ui/console.c:2111
      0x00007f0b77ac0980 in cirrus_do_copy (h=<optimized out>, w=<optimized out>, src=<optimized out>, dst=<optimized out>, s=0x7f0b7b086090) at hw/display/cirrus_vga.c:774
      cirrus_bitblt_videotovideo_copy (s=0x7f0b7b086090) at hw/display/cirrus_vga.c:793
      cirrus_bitblt_videotovideo (s=0x7f0b7b086090) at hw/display/cirrus_vga.c:915
      cirrus_bitblt_start (s=0x7f0b7b086090) at hw/display/cirrus_vga.c:1056
      0x00007f0b77965cfb in memory_region_write_accessor (mr=0x7f0b7b096e40, addr=320, value=<optimized out>, size=1, shift=<optimized out>,mask=<optimized out>, attrs=...) at /root/rpmbuild/BUILD/master/qemu/memory.c:525
      0x00007f0b77963f59 in access_with_adjusted_size (addr=addr@entry=320, value=value@entry=0x7f0b69a268d8, size=size@entry=4,
      access_size_min=<optimized out>, access_size_max=<optimized out>, access=access@entry=0x7f0b77965c80 <memory_region_write_accessor>,
      mr=mr@entry=0x7f0b7b096e40, attrs=attrs@entry=...) at /root/rpmbuild/BUILD/master/qemu/memory.c:591
      0x00007f0b77968315 in memory_region_dispatch_write (mr=mr@entry=0x7f0b7b096e40, addr=addr@entry=320, data=18446744073709551362,
      size=size@entry=4, attrs=attrs@entry=...) at /root/rpmbuild/BUILD/master/qemu/memory.c:1262
      0x00007f0b779256a9 in address_space_write_continue (mr=0x7f0b7b096e40, l=4, addr1=320, len=4, buf=0x7f0b77713028 "\002\377\377\377",
      attrs=..., addr=4273930560, as=0x7f0b7827d280 <address_space_memory>) at /root/rpmbuild/BUILD/master/qemu/exec.c:2544
      address_space_write (as=<optimized out>, addr=<optimized out>, attrs=..., buf=<optimized out>, len=<optimized out>) at /root/rpmbuild/BUILD/master/qemu/exec.c:2601
      0x00007f0b77925c1d in address_space_rw (as=<optimized out>, addr=<optimized out>, attrs=..., attrs@entry=...,
      buf=buf@entry=0x7f0b77713028 "\002\377\377\377", len=<optimized out>, is_write=<optimized out>) at /root/rpmbuild/BUILD/master/qemu/exec.c:2703
      0x00007f0b77962f53 in kvm_cpu_exec (cpu=cpu@entry=0x7f0b79fcc2d0) at /root/rpmbuild/BUILD/master/qemu/kvm-all.c:1965
      0x00007f0b77950cc6 in qemu_kvm_cpu_thread_fn (arg=0x7f0b79fcc2d0) at /root/rpmbuild/BUILD/master/qemu/cpus.c:1078
      0x00007f0b744b3dc5 in start_thread (arg=0x7f0b69a27700) at pthread_create.c:308
      0x00007f0b70d3d66d in clone () from /lib64/libc.so.6
      
      The code path while meeting segfault:
       vnc_dpy_copy
         vnc_update_client
           vnc_disconnect_finish [while vnc_disconnect_start() is invoked because somethins wrong]
             vnc_update_server_surface
               vd->server = NULL;
         vnc_server_fb_stride
           pixman_image_get_stride(vd->server)
      
      Let's add a non-NULL check before calling vnc_server_fb_stride() to avoid segmentation fault.
      
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Cc: Daniel P. Berrange <berrange@redhat.com>
      Reported-by: NYanying Zhuang <ann.zhuangyanying@huawei.com>
      Signed-off-by: NGonglei <arei.gonglei@huawei.com>
      Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
      Message-id: 1472788698-120964-1-git-send-email-arei.gonglei@huawei.com
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      3e10c3ec