Commit Graph

76 Commits

Author SHA1 Message Date
Gerd Hoffmann
b2af43cc37 spice: surface switch fast path requires same format too.
Commit "555e72f spice: rework mirror allocation, add no-resize fast path"
adds a fast path for surface switches which does't go through the full
primary surface destroy and re-recreation in case the new surface is
identical to the old one (page-flip).  It checks the size only though,
but the format must be identical too.  This patch adds the format check.

Commit "0002a51 ui/spice: Support shared surface for most pixman
formats" increases the chance to actually trigger this.

https://bugzilla.redhat.com/show_bug.cgi?id=1247479

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-09-21 09:52:07 +02:00
Daniel P. Berrange
ef1e1e0782 maint: avoid useless "if (foo) free(foo)" pattern
The free() and g_free() functions both happily accept
NULL on any platform QEMU builds on. As such putting a
conditional 'if (foo)' check before calls to 'free(foo)'
merely serves to bloat the lines of code.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-09-11 10:21:38 +03:00
Markus Armbruster
a0b1a66ea3 Include monitor/monitor.h exactly where needed
In particular, don't include it into headers.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Luiz Capitulino <lcapitulino@redhat.com>
2015-06-22 18:20:41 +02:00
Gerd Hoffmann
5a9259a0b5 spice: ui_info tweaks
Use the new dpy_ui_info_supported function.
Clarifies the control flow.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-11 09:06:14 +02:00
Gerd Hoffmann
c6e484707f spice-display: fix segfault in qemu_spice_create_update
Although it is pretty unusual the stride for the guest image and the
mirror image maintained by spice-display can be different.  So use
separate variables for them.

https://bugzilla.redhat.com/show_bug.cgi?id=1163047

Cc: qemu-stable@nongnu.org
Reported-by: perrier vincent <clownix@clownix.net>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-06-11 09:06:14 +02:00
Chih-Min Chao
c9f88ce330 hw/display : remove 'struct' from 'typedef QXL struct'
Signed-off-by: Chih-Min Chao <cmchao@gmail.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-04-30 16:05:48 +03:00
Chih-Min Chao
9425c004fe ui/console : remove 'struct' from 'typedef struct' type
Signed-off-by: Chih-Min Chao <cmchao@gmail.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-04-30 16:05:48 +03:00
Marc-André Lureau
700cd855de spice: learn to hide cursor
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 12:47:04 +02:00
Marc-André Lureau
dc8dceee64 spice: set pointer position on hotspot
The Spice protocol uses cursor position on hotspot: the client is
applying hotspot offset when drawing the cursor.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 12:47:04 +02:00
Marc-André Lureau
d0df04a156 spice: fix mouse cursor position
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 12:47:04 +02:00
Gerd Hoffmann
c1d37cd353 spice: fix simple display on bigendian hosts
Denis Kirjanov is busy getting spice run on ppc64 and trapped into this
one.  Spice wire format is little endian, so we have to explicitly say
we want little endian when letting pixman convert the data for us.

Reported-by: Denis Kirjanov <kirjanov@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-27 12:47:03 +02:00
Gerd Hoffmann
51a0909914 spice: fix coverity reported defect in display code
Report:

1. Condition surface, taking false branch
406    if (surface && ssd->surface &&
407        surface_width(surface) == pixman_image_get_width(ssd->surface) &&
408        surface_height(surface) == pixman_image_get_height(ssd->surface)) {
409        /* no-resize fast path: just swap backing store */
...

10. alias_transfer: Assigning: ssd->ds = surface.
440    ssd->ds = surface;

11. var_deref_op: Dereferencing null pointer ssd->ds.
CID 1264334 (#1 of 1): Dereference after null check (FORWARD_NULL)
441    ssd->surface = pixman_image_ref(ssd->ds->image);

Fix:

Move code block dereferencing ssd->ds into the already existing
if (ssd->ds) { ... } block.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-22 11:18:41 +01:00
Gerd Hoffmann
0002a51889 ui/spice: Support shared surface for most pixman formats
Just hook up qemu_pixman_check_format.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-01-19 13:33:26 +01:00
Gerd Hoffmann
555e72f2d0 spice: rework mirror allocation, add no-resize fast path
Add fast path to qemu_spice_display_switch in case old and new
displaysurface have identical size (happens with display panning
and page flipping).  We just swap the backing store then and don't
go through the whole process of deleting and creating the primary
surface.

To simplify the code a bit move mirror surface allocation to
qemu_spice_display_switch().

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-16 14:15:29 +01:00
Gerd Hoffmann
0b2824e5e4 spice: use bottom half instead of refresh timer for cursor updates
Calling directly doesn't work due to the qxl-render code running in
spice server thread context.  Meanwhile bottom half scheduling is
thread-safe though, so we can use that to kick a cursor update in
main i/o thread context.

Cc: Marc-André Lureau <marcandre.lureau@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-12-16 14:15:29 +01:00
Gerd Hoffmann
ab9509ccea spice: make sure we don't overflow ssd->buf
Related spice-only bug.  We have a fixed 16 MB buffer here, being
presented to the spice-server as qxl video memory in case spice is
used with a non-qxl card.  It's also used with qxl in vga mode.

When using display resolutions requiring more than 16 MB of memory we
are going to overflow that buffer.  In theory the guest can write,
indirectly via spice-server.  The spice-server clears the memory after
setting a new video mode though, triggering a segfault in the overflow
case, so qemu crashes before the guest has a chance to do something
evil.

Fix that by switching to dynamic allocation for the buffer.

CVE-2014-3615

Cc: qemu-stable@nongnu.org
Cc: secalert@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2014-09-05 12:19:50 +02:00
Gerd Hoffmann
e8e23b7dcf spice: fix 32bit build
Tested-by: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1403244764-8622-1-git-send-email-kraxel@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-20 16:22:07 +01:00
Gerd Hoffmann
5643fc012c spice: add mouse cursor support
So you'll have a mouse pointer when running non-qxl gfx cards with
mouse pointer support (virtio-gpu, IIRC vmware too).

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-06-13 12:34:57 +02:00
Gerd Hoffmann
dc491cfc14 spice: monitors_config: check pointer before dereferencing
Reported-by: Fabio Fantoni <fabio.fantoni@m2r.biz>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-07 12:18:43 +02:00
Gerd Hoffmann
9b74d0d598 spice: QemuUIInfo windup
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-10 13:55:25 +01:00
Gerd Hoffmann
4b87dc4c97 spice: fix simple display surface handling
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-10 13:55:20 +01:00
Gerd Hoffmann
7cc6a25fe9 spice: move qemu_spice_display_*() from spice-graphics to spice-core
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-12-16 10:12:20 +01:00
Gerd Hoffmann
9fa032866d spice: fix multihead support
This patch fixes spice display initialization to handle
multihead properly.

spice-core now keeps track of which QemuConsole has a spice
display channel attached to it and which has not.  It also
manages display channel ids.

spice-display looks at all QemuConsoles and will pick up any
graphic console not yet bound to a spice channel (which in practice
are all non-qxl graphic devices).

Result is that
 (a) you'll get a spice client window for each graphical device
     now (first only without this patch), and
 (b) mixing qxl and non-qxl vga cards works properly.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-10-17 12:42:54 +02:00
Gerd Hoffmann
35b2122db4 spice-display: add display channel id to the debug messages.
And s/__FUNCTION__/__func__/ while being at it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-10-17 12:41:03 +02:00
Marc-André Lureau
26defe81f6 spice: replace use of deprecated API
hose API are deprecated since 0.11, and qemu depends on 0.12 already.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-10-17 12:25:25 +02:00
Gerd Hoffmann
5209089fcd console: zap ds arg from register_displaychangelistener
We don't have multiple DisplayStates any more,
so passing it in as argument is not needed.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-25 14:45:46 -05:00
Gerd Hoffmann
284d1c6b3b console: allow pinning displaychangelisteners to consoles
DisplayChangeListener gets a new QemuConsole field, which can be set to
non-NULL before registering.  This will pin the QemuConsole, so that
particular DisplayChangeListener will not follow console switches.

spice+gtk (which don't support text console input anyway) are switched
over to be pinned to console 0, which usually is the graphical display.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-16 09:26:20 +02:00
Gerd Hoffmann
1dbfa00503 console: rename vga_hw_*, add QemuConsole param
Add QemuConsole parameter to vga_hw_*, so the interface allows to update
non-active consoles (the actual code can't handle this yet, see next
patch).  Passing NULL is allowed and updates the active console, like
the functions do today.

While touching all vga_hw_* calls anyway rename that to the functions to
hardware-neutral graphics_hw_*

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-16 09:03:48 +02:00
Gerd Hoffmann
c78f71378a console: stop using DisplayState in gfx hardware emulation
Use QemuConsole instead.  Updates interfaces in console.[ch] and adapts
gfx hardware emulation code.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18 10:21:59 +01:00
Gerd Hoffmann
bc2ed9704f console: zap displaystate from dcl callbacks
Now that nobody depends on DisplayState in DisplayChangeListener
callbacks any more we can remove the parameter from all callbacks.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18 10:21:59 +01:00
Gerd Hoffmann
71874c1751 spice: stop using DisplayState
Rework DisplayStateListener callbacks to not use the DisplayState
any more.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18 10:21:59 +01:00
Gerd Hoffmann
c12aeb860c console: rework DisplaySurface handling [dcl/ui side]
Replace the dpy_gfx_resize and dpy_gfx_setdata DisplayChangeListener
callbacks with a dpy_gfx_switch callback which notifies the ui code
when the framebuffer backing storage changes.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18 10:21:58 +01:00
Gerd Hoffmann
9c80a315b4 spice: zap sdpy global
DisplayChangeListener is passed now to all DisplayChangeListenerOps
callbacks, so we can use that to access the spice display state and
kill the sdpy global variable.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18 10:21:58 +01:00
Gerd Hoffmann
7c20b4a374 console: fix displaychangelisteners interface
Split callbacks into separate Ops struct.  Pass DisplayChangeListener
pointer as first argument to all callbacks.  Uninline a bunch of
display functions and move them from console.h to console.c

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18 10:21:58 +01:00
Paolo Bonzini
9c17d615a6 softmmu: move include files to include/sysemu/
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19 08:32:45 +01:00
Paolo Bonzini
1de7afc984 misc: move include files to include/qemu/
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19 08:32:39 +01:00
Paolo Bonzini
83c9089e73 monitor: move include files to include/monitor/
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19 08:31:32 +01:00
Paolo Bonzini
28ecbaeecb ui: move files to ui/ and include/ui/
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19 08:31:30 +01:00
Gerd Hoffmann
21a50d0b1a spice: add new spice-server callbacks to ui/spice-display.c
Otherwise qemu crashes with non-qxl graphics cards.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-21 14:46:11 +01:00
Gerd Hoffmann
bdd4df332a spice: fix initialization order
Register displaychangelistener last, after spice is fully initialized,
otherwise we may hit NULL pointer dereferences when qemu starts calling
our callbacks.

Commit e250d949fe triggers this bug.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05 11:54:49 +01:00
Gerd Hoffmann
d9a86569ca spice: switch to pixman
Switch over spice-display.c to use the pixman library
instead of the home-grown pflib bits.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05 11:54:49 +01:00
Gerd Hoffmann
a93a4a226a console: untangle gfx & txt updates
Stop abusing displaysurface fields for text mode displays.
(bpp = 0, width = cols, height = lines).

Add flags to displaystate indicating whenever text mode display
(curses) or gfx mode displays (sdl, vnc, ...) are present.

Add separate displaychangelistener callbacks for text / gfx mode
resize & updates.

This allows to enable gfx and txt diplays at the same time and also
paves the way for more cleanups in the future.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:06 +01:00
Gerd Hoffmann
bf2fde70fe console: move set_mouse + cursor_define callbacks
When adding DisplayChangeListeners the set_mouse and cursor_define
callbacks have been left in DisplayState for some reason.  Fix it.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01 13:10:05 +01:00
Gerd Hoffmann
67be6726b6 spice: raise requirement to 0.12
With the next qemu version (1.3) we are going to bump the qxl device
revision to 4.  The new features available require a recent spice-server
version, so raise up the bar.  Otherwise we would end up with different
qxl revisions depending on the spice-server version installed, which
would be a major PITA when it comes to compat properties.

Clear out a big bunch of #ifdefs which are not needed any more.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-08 12:15:17 +02:00
Anthony Liguori
509e9c462d Merge remote-tracking branch 'stefanha/trivial-patches' into staging
* stefanha/trivial-patches:
  configure: fix seccomp check
  arch_init.c: add missing '%' symbols before PRIu64 in debug printfs
  kvm: Fix warning from static code analysis
  qapi: Fix enumeration typo error
  console: Clean up bytes per pixel calculation
  Fix copy&paste typos in documentation comments
  linux-user: Remove #if 0'd cpu_get_real_ticks() definition
  ui: Fix spelling in comment (ressource -> resource)
  Spelling fixes in comments and macro names (ressource -> resource)
  Fix spelling (licenced -> licensed) in GPL
  Spelling fixes in comments and documentation
  srp: Don't use QEMU_PACKED for single elements of a structured type
2012-09-17 10:21:42 -05:00
Stefan Weil
4580c49010 ui: Fix spelling in comment (ressource -> resource)
The function is called interface_release_resource.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-09-14 08:21:28 +01:00
Gerd Hoffmann
b021bd2983 spice: send updates only for changed screen content
when creating screen updates go compare the current guest screen
against the mirror (which holds the most recent update sent), then
only create updates for the screen areas which did actually change.

[ v2: drop redundant qemu_spice_create_one_update call ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-12 08:09:47 +02:00
Gerd Hoffmann
a7310dd34d spice: add screen mirror
Create a screen mirror, keep there a copy of the most recent update
passed on to spice-server.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-12 08:09:47 +02:00
Gerd Hoffmann
c60319a3aa spice: split qemu_spice_create_update
Creating one function which creates a single update for a given
rectangle.  And one (for now) pretty simple wrapper around it to
queue up screen updates for the dirty region.

[ v2: also update bounding box ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-12 08:09:47 +02:00
Gerd Hoffmann
b1af98ba3e spice: switch to queue for vga mode updates
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-12 08:09:47 +02:00