Commit "555e72f spice: rework mirror allocation, add no-resize fast path"
adds a fast path for surface switches which does't go through the full
primary surface destroy and re-recreation in case the new surface is
identical to the old one (page-flip). It checks the size only though,
but the format must be identical too. This patch adds the format check.
Commit "0002a51 ui/spice: Support shared surface for most pixman
formats" increases the chance to actually trigger this.
https://bugzilla.redhat.com/show_bug.cgi?id=1247479
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The free() and g_free() functions both happily accept
NULL on any platform QEMU builds on. As such putting a
conditional 'if (foo)' check before calls to 'free(foo)'
merely serves to bloat the lines of code.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
In particular, don't include it into headers.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
Although it is pretty unusual the stride for the guest image and the
mirror image maintained by spice-display can be different. So use
separate variables for them.
https://bugzilla.redhat.com/show_bug.cgi?id=1163047
Cc: qemu-stable@nongnu.org
Reported-by: perrier vincent <clownix@clownix.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The Spice protocol uses cursor position on hotspot: the client is
applying hotspot offset when drawing the cursor.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Denis Kirjanov is busy getting spice run on ppc64 and trapped into this
one. Spice wire format is little endian, so we have to explicitly say
we want little endian when letting pixman convert the data for us.
Reported-by: Denis Kirjanov <kirjanov@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add fast path to qemu_spice_display_switch in case old and new
displaysurface have identical size (happens with display panning
and page flipping). We just swap the backing store then and don't
go through the whole process of deleting and creating the primary
surface.
To simplify the code a bit move mirror surface allocation to
qemu_spice_display_switch().
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Calling directly doesn't work due to the qxl-render code running in
spice server thread context. Meanwhile bottom half scheduling is
thread-safe though, so we can use that to kick a cursor update in
main i/o thread context.
Cc: Marc-André Lureau <marcandre.lureau@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Related spice-only bug. We have a fixed 16 MB buffer here, being
presented to the spice-server as qxl video memory in case spice is
used with a non-qxl card. It's also used with qxl in vga mode.
When using display resolutions requiring more than 16 MB of memory we
are going to overflow that buffer. In theory the guest can write,
indirectly via spice-server. The spice-server clears the memory after
setting a new video mode though, triggering a segfault in the overflow
case, so qemu crashes before the guest has a chance to do something
evil.
Fix that by switching to dynamic allocation for the buffer.
CVE-2014-3615
Cc: qemu-stable@nongnu.org
Cc: secalert@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
So you'll have a mouse pointer when running non-qxl gfx cards with
mouse pointer support (virtio-gpu, IIRC vmware too).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This patch fixes spice display initialization to handle
multihead properly.
spice-core now keeps track of which QemuConsole has a spice
display channel attached to it and which has not. It also
manages display channel ids.
spice-display looks at all QemuConsoles and will pick up any
graphic console not yet bound to a spice channel (which in practice
are all non-qxl graphic devices).
Result is that
(a) you'll get a spice client window for each graphical device
now (first only without this patch), and
(b) mixing qxl and non-qxl vga cards works properly.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
DisplayChangeListener gets a new QemuConsole field, which can be set to
non-NULL before registering. This will pin the QemuConsole, so that
particular DisplayChangeListener will not follow console switches.
spice+gtk (which don't support text console input anyway) are switched
over to be pinned to console 0, which usually is the graphical display.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add QemuConsole parameter to vga_hw_*, so the interface allows to update
non-active consoles (the actual code can't handle this yet, see next
patch). Passing NULL is allowed and updates the active console, like
the functions do today.
While touching all vga_hw_* calls anyway rename that to the functions to
hardware-neutral graphics_hw_*
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Now that nobody depends on DisplayState in DisplayChangeListener
callbacks any more we can remove the parameter from all callbacks.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Replace the dpy_gfx_resize and dpy_gfx_setdata DisplayChangeListener
callbacks with a dpy_gfx_switch callback which notifies the ui code
when the framebuffer backing storage changes.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
DisplayChangeListener is passed now to all DisplayChangeListenerOps
callbacks, so we can use that to access the spice display state and
kill the sdpy global variable.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Split callbacks into separate Ops struct. Pass DisplayChangeListener
pointer as first argument to all callbacks. Uninline a bunch of
display functions and move them from console.h to console.c
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Register displaychangelistener last, after spice is fully initialized,
otherwise we may hit NULL pointer dereferences when qemu starts calling
our callbacks.
Commit e250d949fe triggers this bug.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Stop abusing displaysurface fields for text mode displays.
(bpp = 0, width = cols, height = lines).
Add flags to displaystate indicating whenever text mode display
(curses) or gfx mode displays (sdl, vnc, ...) are present.
Add separate displaychangelistener callbacks for text / gfx mode
resize & updates.
This allows to enable gfx and txt diplays at the same time and also
paves the way for more cleanups in the future.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When adding DisplayChangeListeners the set_mouse and cursor_define
callbacks have been left in DisplayState for some reason. Fix it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
With the next qemu version (1.3) we are going to bump the qxl device
revision to 4. The new features available require a recent spice-server
version, so raise up the bar. Otherwise we would end up with different
qxl revisions depending on the spice-server version installed, which
would be a major PITA when it comes to compat properties.
Clear out a big bunch of #ifdefs which are not needed any more.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* stefanha/trivial-patches:
configure: fix seccomp check
arch_init.c: add missing '%' symbols before PRIu64 in debug printfs
kvm: Fix warning from static code analysis
qapi: Fix enumeration typo error
console: Clean up bytes per pixel calculation
Fix copy&paste typos in documentation comments
linux-user: Remove #if 0'd cpu_get_real_ticks() definition
ui: Fix spelling in comment (ressource -> resource)
Spelling fixes in comments and macro names (ressource -> resource)
Fix spelling (licenced -> licensed) in GPL
Spelling fixes in comments and documentation
srp: Don't use QEMU_PACKED for single elements of a structured type
The function is called interface_release_resource.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
when creating screen updates go compare the current guest screen
against the mirror (which holds the most recent update sent), then
only create updates for the screen areas which did actually change.
[ v2: drop redundant qemu_spice_create_one_update call ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Creating one function which creates a single update for a given
rectangle. And one (for now) pretty simple wrapper around it to
queue up screen updates for the dirty region.
[ v2: also update bounding box ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>