Reading twice the same field could give the guest an attack of
opportunity. In the case of event->type, gcc could compile the switch
statement into a jump table, effectively ending up reading the type
field multiple times.
This is part of XSA-155.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
With this patch the qemu console core stops using PixelFormat and pixman
format codes side-by-side, pixman format code is the primary way to
specify the DisplaySurface format:
* DisplaySurface stops carrying a PixelFormat field.
* qemu_create_displaysurface_from() expects a pixman format now.
Functions to convert PixelFormat to pixman_format_code_t (and back)
exist for those who still use PixelFormat. As PixelFormat allows
easy access to masks and shifts it will probably continue to exist.
[ xenfb added by Benjamin Herrenschmidt ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Collection of fixes to build QEMU with Xen support on ARM:
- use xenstore_read_fe_uint64 to retrieve the page-ref (xenfb);
- use xen_pfn_t instead of unsigned long in xenfb;
- unsigned long/xenpfn_t in xen_remove_from_physmap;
- in xen-mapcache.c use HOST_LONG_BITS to check for QEMU's address space
size.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
In commit 5643706a09 (console: add head
to index to qemu consoles.) graphic_console_init() was extended to take
an additional argument, but xenfb was not updated accordingly. Fix it.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Don Slutz <dslutz@verizon.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1394228528-31625-1-git-send-email-afaerber@suse.de
The framebuffer is needlessly mapped (PROT_READ | PROT_WRITE), map it
PROT_READ instead.
The framebuffer is unmapped by replacing the framebuffer pages with
anonymous shared memory, calling mmap. Check for return errors and print
a warning.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
xenfb informs the guest about the gui refresh interval so it can avoid
pointless work. That logic was temporarely disabled for the
DisplayState reorganization. Restore it now, with a proper interface
for it.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Pass a single GraphicHwOps struct pointer to graphic_console_init,
instead of a bunch of function pointers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Screendumps are alot simpler as we can update non-active
QemuConsoles now. So we only need to update the QemuConsole
we want write out, then dump the DisplaySurface content into
a ppm file. Done.
No console switching needed. No special support code in the
gfx card emulation needed. Zap it all. Also move ppm_save
out of the vga code and next to the qmp_screendump function.
For now screen dumping is limited to console #0 (like it used
to be), even though it is dead simple to extend it to other
consoles. I wanna finish the console cleanup before setting
new qapi interfaces into stone.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Stefano Stabellini
Don Koch
Gerd Hoffmann
Andreas Färber
Paolo Bonzini