1. 14 9月, 2016 31 次提交
  2. 13 9月, 2016 9 次提交
    • P
      Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20160913-1' into staging · fa970124
      Peter Maydell 提交于
      virtio-gpu and vmsvga fixes.
      
      # gpg: Signature made Tue 13 Sep 2016 09:14:44 BST
      # gpg:                using RSA key 0x4CB6D8EED3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
      # gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
      # Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138
      
      * remotes/kraxel/tags/pull-vga-20160913-1:
        virtio-vga: adapt to page-per-vq=off
        virtio-gpu-pci: tag as not hotpluggable
        vmsvga: correct bitmap and pixmap size checks
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      fa970124
    • P
      Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20160913-1' into staging · e1c270c9
      Peter Maydell 提交于
      ui: misc small fixes for vnc, spice and curses.
      
      # gpg: Signature made Tue 13 Sep 2016 08:04:46 BST
      # gpg:                using RSA key 0x4CB6D8EED3E87138
      # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
      # gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
      # gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
      # Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138
      
      * remotes/kraxel/tags/pull-ui-20160913-1:
        vnc: fix qemu crash because of SIGSEGV
        qemu-options.hx: correct spice options streaming-video default document value to 'off'
        ui/curses.c: Clean up nextchr logic
        ui/curses.c: Ensure we don't read off the end of curses2qemu array
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      e1c270c9
    • P
      Merge remote-tracking branch 'remotes/cody/tags/block-pull-request' into staging · 8ede883c
      Peter Maydell 提交于
      # gpg: Signature made Tue 13 Sep 2016 06:41:42 BST
      # gpg:                using RSA key 0xBDBE7B27C0DE3057
      # gpg: Good signature from "Jeffrey Cody <jcody@redhat.com>"
      # gpg:                 aka "Jeffrey Cody <jeff@codyprime.org>"
      # gpg:                 aka "Jeffrey Cody <codyprime@gmail.com>"
      # Primary key fingerprint: 9957 4B4D 3474 90E7 9D98  D624 BDBE 7B27 C0DE 3057
      
      * remotes/cody/tags/block-pull-request:
        qapi/block-core: add doc describing GlusterServer vs. SocketAddress
        block/gluster: add support to choose libgfapi logfile
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      8ede883c
    • G
      virtio-vga: adapt to page-per-vq=off · c2843e93
      Gerd Hoffmann 提交于
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      Message-id: 1473319012-27560-1-git-send-email-kraxel@redhat.com
      c2843e93
    • G
      virtio-gpu-pci: tag as not hotpluggable · 597966d1
      Gerd Hoffmann 提交于
      We can't hotplug display adapters in qemu, tag virtio-gpu-pci
      accordingly (virtio-vga already has this).
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      Acked-by: NMichael S. Tsirkin <mst@redhat.com>
      Message-id: 1473319037-27645-1-git-send-email-kraxel@redhat.com
      597966d1
    • P
      vmsvga: correct bitmap and pixmap size checks · 167d97a3
      Prasad J Pandit 提交于
      When processing svga command DEFINE_CURSOR in vmsvga_fifo_run,
      the computed BITMAP and PIXMAP size are checked against the
      'cursor.mask[]' and 'cursor.image[]' array sizes in bytes.
      Correct these checks to avoid OOB memory access.
      Reported-by: NQinghao Tang <luodalongde@gmail.com>
      Reported-by: NLi Qiang <liqiang6-s@360.cn>
      Signed-off-by: NPrasad J Pandit <pjp@fedoraproject.org>
      Message-id: 1473338754-15430-1-git-send-email-ppandit@redhat.com
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      167d97a3
    • G
      vnc: fix qemu crash because of SIGSEGV · 3e10c3ec
      Gonglei 提交于
      The backtrace is:
      
      0x00007f0b75cdf880 in pixman_image_get_stride () from /lib64/libpixman-1.so.0
      0x00007f0b77bcb3cf in vnc_server_fb_stride (vd=0x7f0b7a1a2bb0) at ui/vnc.c:680
      vnc_dpy_copy (dcl=0x7f0b7a1a2c00, src_x=224, src_y=263, dst_x=319, dst_y=363, w=1, h=1) at ui/vnc.c:915
      0x00007f0b77bbcc35 in dpy_gfx_copy (con=0x7f0b7a146210, src_x=src_x@entry=224, src_y=src_y@entry=263, dst_x=dst_x@entry=319,
      dst_y=dst_y@entry=363, w=1, h=1) at ui/console.c:1575
      0x00007f0b77bbda4e in qemu_console_copy (con=<optimized out>, src_x=src_x@entry=224, src_y=src_y@entry=263, dst_x=dst_x@entry=319,
      dst_y=dst_y@entry=363, w=<optimized out>, h=<optimized out>) at ui/console.c:2111
      0x00007f0b77ac0980 in cirrus_do_copy (h=<optimized out>, w=<optimized out>, src=<optimized out>, dst=<optimized out>, s=0x7f0b7b086090) at hw/display/cirrus_vga.c:774
      cirrus_bitblt_videotovideo_copy (s=0x7f0b7b086090) at hw/display/cirrus_vga.c:793
      cirrus_bitblt_videotovideo (s=0x7f0b7b086090) at hw/display/cirrus_vga.c:915
      cirrus_bitblt_start (s=0x7f0b7b086090) at hw/display/cirrus_vga.c:1056
      0x00007f0b77965cfb in memory_region_write_accessor (mr=0x7f0b7b096e40, addr=320, value=<optimized out>, size=1, shift=<optimized out>,mask=<optimized out>, attrs=...) at /root/rpmbuild/BUILD/master/qemu/memory.c:525
      0x00007f0b77963f59 in access_with_adjusted_size (addr=addr@entry=320, value=value@entry=0x7f0b69a268d8, size=size@entry=4,
      access_size_min=<optimized out>, access_size_max=<optimized out>, access=access@entry=0x7f0b77965c80 <memory_region_write_accessor>,
      mr=mr@entry=0x7f0b7b096e40, attrs=attrs@entry=...) at /root/rpmbuild/BUILD/master/qemu/memory.c:591
      0x00007f0b77968315 in memory_region_dispatch_write (mr=mr@entry=0x7f0b7b096e40, addr=addr@entry=320, data=18446744073709551362,
      size=size@entry=4, attrs=attrs@entry=...) at /root/rpmbuild/BUILD/master/qemu/memory.c:1262
      0x00007f0b779256a9 in address_space_write_continue (mr=0x7f0b7b096e40, l=4, addr1=320, len=4, buf=0x7f0b77713028 "\002\377\377\377",
      attrs=..., addr=4273930560, as=0x7f0b7827d280 <address_space_memory>) at /root/rpmbuild/BUILD/master/qemu/exec.c:2544
      address_space_write (as=<optimized out>, addr=<optimized out>, attrs=..., buf=<optimized out>, len=<optimized out>) at /root/rpmbuild/BUILD/master/qemu/exec.c:2601
      0x00007f0b77925c1d in address_space_rw (as=<optimized out>, addr=<optimized out>, attrs=..., attrs@entry=...,
      buf=buf@entry=0x7f0b77713028 "\002\377\377\377", len=<optimized out>, is_write=<optimized out>) at /root/rpmbuild/BUILD/master/qemu/exec.c:2703
      0x00007f0b77962f53 in kvm_cpu_exec (cpu=cpu@entry=0x7f0b79fcc2d0) at /root/rpmbuild/BUILD/master/qemu/kvm-all.c:1965
      0x00007f0b77950cc6 in qemu_kvm_cpu_thread_fn (arg=0x7f0b79fcc2d0) at /root/rpmbuild/BUILD/master/qemu/cpus.c:1078
      0x00007f0b744b3dc5 in start_thread (arg=0x7f0b69a27700) at pthread_create.c:308
      0x00007f0b70d3d66d in clone () from /lib64/libc.so.6
      
      The code path while meeting segfault:
       vnc_dpy_copy
         vnc_update_client
           vnc_disconnect_finish [while vnc_disconnect_start() is invoked because somethins wrong]
             vnc_update_server_surface
               vd->server = NULL;
         vnc_server_fb_stride
           pixman_image_get_stride(vd->server)
      
      Let's add a non-NULL check before calling vnc_server_fb_stride() to avoid segmentation fault.
      
      Cc: Gerd Hoffmann <kraxel@redhat.com>
      Cc: Daniel P. Berrange <berrange@redhat.com>
      Reported-by: NYanying Zhuang <ann.zhuangyanying@huawei.com>
      Signed-off-by: NGonglei <arei.gonglei@huawei.com>
      Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com>
      Message-id: 1472788698-120964-1-git-send-email-arei.gonglei@huawei.com
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      3e10c3ec
    • L
      qemu-options.hx: correct spice options streaming-video default document value to 'off' · 93ca519e
      Li Zhijian 提交于
      since f1d3e586, the code had changed the default value to 'off', so this patch
      make document and code are consistent.
      Signed-off-by: NLi Zhijian <lizhijian@cn.fujitsu.com>
      Message-id: 1470024419-10886-1-git-send-email-lizhijian@cn.fujitsu.com
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      93ca519e
    • P
      ui/curses.c: Clean up nextchr logic · 99a9ef44
      Peter Maydell 提交于
      Coverity identifies that at the top of the while(1) loop
      in curses_refresh() the variable nextchr is always ERR,
      and so the else case of the first if() is dead code.
      Remove this dead code, and narrow the scope of the
      nextchr variable to the place where it's used.
      
      (This confused logic has been present since the curses
      code was added to QEMU in 2008.)
      Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
      Message-id: 1470925407-23850-3-git-send-email-peter.maydell@linaro.org
      Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
      99a9ef44