QEMU With E2K User Support
Go to file
Michael Tokarev 8cb6bfb54e vmware_vga: fix out of bounds and invalid rects updating
This is a follow up for several attempts to fix this issue.

Previous incarnations:

1. http://thread.gmane.org/gmane.linux.ubuntu.bugs.general/3156089
https://bugs.launchpad.net/bugs/918791
"qemu-kvm dies when using vmvga driver and unity in the guest" bug.
Fix by Serge Hallyn:
 https://launchpadlibrarian.net/94916786/qemu-vmware.debdiff
This fix is incomplete, since it does not check width and height
for being negative.  Serge weren't sure if that's the right place
to fix it, maybe the fix should be up the stack somewhere.

2. http://thread.gmane.org/gmane.comp.emulators.qemu/166064
by Marek Vasut: "vmware_vga: Redraw only visible area"

This one adds the (incomplete) check to vmsvga_update_rect_delayed(),
the routine just queues the rect updating but does no interesting
stuff.  It is also incomplete in the same way as patch by Serge,
but also does not touch width&height at all after adjusting x&y,
which is wrong.

As far as I can see, when processing guest requests, the device
places them into a queue (vmsvga_update_rect_delayed()) and
processes this queue in different place/time, namely, in
vmsvga_update_rect().  Sometimes, vmsvga_update_rect() is
called directly, without placing the request to the gueue.
This is the place this patch changes, which is the last
(deepest) in the stack.  I'm not sure if this is the right
place still, since it is possible we have some queue optimization
(or may have in the future) which will be upset by negative/wrong
values here, so maybe we should check for validity of input
right when receiving request from the guest (and maybe even
use unsigned types there).  But I don't know the protocol
and implementation enough to have a definitive answer.

But since vmsvga_update_rect() has other sanity checks already,
I'm adding the missing ones there as well.

Cc'ing BALATON Zoltan and Andrzej Zaborowski who shows in `git blame'
output and may know something in this area.

If this patch is accepted, it should be applied to all active
stable branches (at least since 1.1, maybe even before), with
minor context change (ds_get_*(s->vga.ds) => s->*).  I'm not
Cc'ing -stable yet, will do it explicitly once the patch is
accepted.

BTW, these checks use fprintf(stderr) -- it should be converted
to something more appropriate, since stderr will most likely
disappear somewhere.

Cc: Marek Vasut <marex@denx.de>
CC: Serge Hallyn <serge.hallyn@ubuntu.com>
Cc: BALATON Zoltan <balaton@eik.bme.hu>
Cc: Andrzej Zaborowski <balrogg@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Marek Vasut <marex@denx.de>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2013-01-26 13:33:02 +00:00
audio audio: Replace non-portable asprintf in debug code by g_strdup_printf 2013-01-16 12:03:26 -06:00
backends Make all static TypeInfos const 2013-01-10 15:11:53 -06:00
block iscsi: add support for iovectors 2013-01-24 15:37:55 +01:00
bsd-user bsd-user: avoid conflict with qemu_vmalloc 2013-01-26 13:18:27 +00:00
default-configs Add TEWS TPCI200 IndustryPack emulation 2013-01-14 13:26:12 -06:00
disas build: remove universal-obj-y 2013-01-26 13:15:35 +00:00
docs usb: add usb-bot device (scsi bulk-only transport). 2013-01-22 11:09:54 +01:00
fpu softfloat: Handle float_muladd_negate_c when product is zero 2013-01-26 13:22:09 +00:00
fsdev build: remove extra-obj-y 2013-01-26 13:15:37 +00:00
gdb-xml
hw vmware_vga: fix out of bounds and invalid rects updating 2013-01-26 13:33:02 +00:00
include fw_cfg: Splash image loader can overrun a stack variable, fix 2013-01-26 13:23:33 +00:00
ldscripts build: create ldscripts/ 2012-12-19 08:29:06 +01:00
libcacard build: fold trace-obj-y into libqemuutil.a 2013-01-12 18:42:51 +01:00
linux-headers Update Linux kernel headers 2013-01-18 19:06:57 +01:00
linux-user alpha-linux-user: Correct select 2013-01-16 08:15:16 -08:00
net HMP: add QDict to info callback handler 2013-01-17 10:24:52 -02:00
pc-bios seabios: update to 1.7.2 release 2013-01-21 09:17:16 +01:00
pixman@97336fad32 qapi: move include files to include/qobject/ 2012-12-19 08:31:31 +01:00
qapi build: move base QAPI files to libqemuutil.a 2013-01-12 18:42:51 +01:00
qga Replace non-portable asprintf by g_strdup_printf 2013-01-19 10:24:43 +00:00
QMP
qobject build: move qobject files to qobject/ and libqemuutil.a 2013-01-12 18:42:50 +01:00
qom build: remove universal-obj-y 2013-01-26 13:15:35 +00:00
roms seabios: update to 1.7.2 release 2013-01-21 09:17:16 +01:00
scripts make_device_config.sh: Fix target path in generated dependency file 2013-01-26 13:26:29 +00:00
slirp slirp: remove unused field tt 2013-01-12 12:26:16 +00:00
stubs stubs: fully replace qemu-tool.c and qemu-user.c 2013-01-12 17:19:08 +01:00
sysconfigs/target
target-alpha cpu: Move cpu_index field to CPUState 2013-01-15 04:09:13 +01:00
target-arm cpu: Move cpu_index field to CPUState 2013-01-15 04:09:13 +01:00
target-cris target-cris: Fix typo in D_LOG() macro 2013-01-24 11:28:15 +01:00
target-i386 sysbus: Drop sysbus_from_qdev() cast macro 2013-01-21 13:52:24 -06:00
target-lm32 cpu: Move cpu_index field to CPUState 2013-01-15 04:09:13 +01:00
target-m68k cpu: Move cpu_index field to CPUState 2013-01-15 04:09:13 +01:00
target-microblaze target-microblaze: Drop unused cpu_mb_close() prototype 2013-01-21 13:36:55 +01:00
target-mips exec: Return CPUState from qemu_get_cpu() 2013-01-15 04:09:14 +01:00
target-openrisc cpu: Move cpu_index field to CPUState 2013-01-15 04:09:13 +01:00
target-ppc PPC: KVM: Add support for EPR with KVM 2013-01-18 19:06:57 +01:00
target-s390x s390: Add a hypercall registration interface. 2013-01-18 19:07:47 +01:00
target-sh4 cpu: Move cpu_index field to CPUState 2013-01-15 04:09:13 +01:00
target-sparc cpu: Move cpu_index field to CPUState 2013-01-15 04:09:13 +01:00
target-unicore32 configure: allow disabling pixman if not needed 2012-12-23 14:38:52 -06:00
target-xtensa target-xtensa: fix search_pc for the last TB opcode 2012-12-22 12:09:24 +00:00
tcg tcg/target-arm: Add missing parens to assertions 2013-01-19 10:27:45 +00:00
tests tests: add fuzzing to visitor tests 2013-01-26 13:32:29 +00:00
trace build: fold trace-obj-y into libqemuutil.a 2013-01-12 18:42:51 +01:00
ui vnc: fix possible uninitialized removals 2013-01-21 13:33:12 -06:00
util bsd-user: avoid conflict with qemu_vmalloc 2013-01-26 13:18:27 +00:00
.exrc
.gitignore Add libcacard/trace/generated-tracers.c to .gitignore 2013-01-15 10:34:54 +01:00
.gitmodules pixman: add submodule 2012-11-01 13:10:06 +01:00
.mailmap
aio-posix.c aio: Fix return value of aio_poll() 2013-01-17 10:51:42 +01:00
aio-win32.c aio: Fix return value of aio_poll() 2013-01-17 10:51:42 +01:00
arch_init.c Protect migration_bitmap_sync() with the ramlist lock 2013-01-17 13:27:07 +01:00
async.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
balloon.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
block-migration.c savevm: New save live migration method: pending 2012-12-20 23:09:25 +01:00
block.c block: clear dirty bitmap when discarding 2013-01-15 10:03:48 +01:00
blockdev-nbd.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
blockdev.c qemu-option: move standard option definitions out of qemu-config.c 2013-01-12 17:17:53 +01:00
blockjob.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
bt-host.c softmmu: move remaining include files to include/ subdirectories 2012-12-19 08:32:46 +01:00
bt-vhci.c softmmu: move remaining include files to include/ subdirectories 2012-12-19 08:32:46 +01:00
Changelog
cmd.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
cmd.h
CODING_STYLE
configure link seccomp only with softmmu targets 2013-01-26 13:19:57 +00:00
COPYING
COPYING.LIB
coroutine-gthread.c block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
coroutine-sigaltstack.c block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
coroutine-ucontext.c gcc: rename CONFIG_PRAGMA_DISABLE_UNUSED_BUT_SET to CONFIG_PRAGMA_DIAGNOSTIC_AVAILABLE 2013-01-12 12:42:53 +00:00
coroutine-win32.c block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
cpu-exec.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
cpus.c kvm: Pass CPUState to kvm_init_vcpu() 2013-01-15 04:09:13 +01:00
cputlb.c exec: move include files to include/exec/ 2012-12-19 08:31:31 +01:00
device_tree.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
disas.c monitor: move include files to include/monitor/ 2012-12-19 08:31:32 +01:00
dma-helpers.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
dump-stub.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
dump.c exec: change RAM list to a TAILQ 2012-12-20 23:08:47 +01:00
exec.c Replace non-portable asprintf by g_strdup_printf 2013-01-19 10:24:43 +00:00
gdbstub.c cpu: Move cpu_index field to CPUState 2013-01-15 04:09:13 +01:00
HACKING HACKING: List areas where we may rely on impdef C behaviour 2012-12-08 14:27:40 +00:00
hmp-commands.hx HMP: add sub command table to info 2013-01-17 10:24:52 -02:00
hmp.c HMP: add QDict to info callback handler 2013-01-17 10:24:52 -02:00
hmp.h HMP: add QDict to info callback handler 2013-01-17 10:24:52 -02:00
iohandler.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
ioport.c exec: move include files to include/exec/ 2012-12-19 08:31:31 +01:00
kvm-all.c kvm: add stub for kvm_irqchip_update_msi_route 2013-01-15 18:25:05 -06:00
kvm-stub.c kvm: Pass CPUState to kvm_init_vcpu() 2013-01-15 04:09:13 +01:00
LICENSE
main-loop.c Check return values from g_poll and select 2013-01-09 11:03:05 -06:00
MAINTAINERS Merge branch 's390-reorg' of git://repo.or.cz/qemu/rth 2013-01-12 12:46:57 +00:00
Makefile build: remove *.lo, *.a, *.la files from all subdirectories on make clean 2013-01-26 13:30:00 +00:00
Makefile.objs build: remove extra-obj-y 2013-01-26 13:15:37 +00:00
Makefile.target build: remove universal-obj-y 2013-01-26 13:15:35 +00:00
memory_mapping-stub.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
memory_mapping.c exec: change RAM list to a TAILQ 2012-12-20 23:08:47 +01:00
memory.c memory: introduce memory_region_test_and_clear_dirty 2012-12-20 23:09:39 +01:00
migration-exec.c migration: make writes blocking 2012-12-20 23:09:25 +01:00
migration-fd.c migration: make writes blocking 2012-12-20 23:09:25 +01:00
migration-tcp.c migration: make writes blocking 2012-12-20 23:09:25 +01:00
migration-unix.c migration: make writes blocking 2012-12-20 23:09:25 +01:00
migration.c migration: remove argument to qemu_savevm_state_cancel 2013-01-17 13:54:52 +01:00
monitor.c HMP: add sub command table to info 2013-01-17 10:24:52 -02:00
nbd.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
os-posix.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
os-win32.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
page_cache.c migration: move include files to include/migration/ 2012-12-19 08:31:32 +01:00
qapi-schema-test.json
qapi-schema.json chardev: add pty chardev support to chardev-add (qmp) 2013-01-16 06:58:54 +01:00
qdict-test-data.txt
qemu-bridge-helper.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qemu-char.c qemu-char: Avoid unused variable warning in some configs 2013-01-26 13:27:16 +00:00
qemu-coroutine-io.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qemu-coroutine-lock.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qemu-coroutine-sleep.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qemu-coroutine.c block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
qemu-doc.texi Documentation: Update image format information 2012-11-30 11:33:24 +01:00
qemu-img-cmds.hx
qemu-img.c qemu-img: report size overflow error message 2013-01-02 16:08:56 +01:00
qemu-img.texi Documentation: Update image format information 2012-11-30 11:33:24 +01:00
qemu-io.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qemu-log.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
qemu-nbd.c block: move include files to include/block/ 2012-12-19 08:31:31 +01:00
qemu-nbd.texi
qemu-options-wrapper.h
qemu-options.h
qemu-options.hx vnc: added initial websocket protocol support 2013-01-21 13:33:12 -06:00
qemu-seccomp.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
qemu-tech.texi qemu-tech.texi: update implemented xtensa features list 2012-11-29 13:00:52 -06:00
qemu-timer.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
qemu.sasl
qmp-commands.hx chardev: add pty chardev support to chardev-add (qmp) 2013-01-16 06:58:54 +01:00
qmp.c softmmu: move remaining include files to include/ subdirectories 2012-12-19 08:32:46 +01:00
qtest.c softmmu: move remaining include files to include/ subdirectories 2012-12-19 08:32:46 +01:00
readline.c readline: avoid memcpy() of overlapping regions 2013-01-08 10:00:26 +01:00
README
rules.mak build: move version-obj-y to the generic LINK rule 2013-01-12 18:42:51 +01:00
savevm.c Merge remote-tracking branch 'quintela/thread.next' into staging 2013-01-21 13:22:43 -06:00
spice-qemu-char.c Merge remote-tracking branch 'bonzini/header-dirs' into staging 2012-12-19 17:15:39 -06:00
tcg-runtime.c
tci.c exec: move include files to include/exec/ 2012-12-19 08:31:31 +01:00
thread-pool.c misc: move include files to include/qemu/ 2012-12-19 08:32:39 +01:00
thunk.c exec: move include files to include/exec/ 2012-12-19 08:31:31 +01:00
TODO
trace-events qxl: stop using non revision 4 rom fields for revision < 4 2013-01-22 11:01:06 +01:00
translate-all.c translate-all.c: Use tb1->phys_hash_next directly in tb_remove 2012-12-22 12:06:24 +00:00
translate-all.h exec: move TB handling to translate-all.c 2012-12-16 08:28:41 +00:00
user-exec.c Merge remote-tracking branch 'bonzini/header-dirs' into staging 2012-12-19 17:15:39 -06:00
VERSION Open up 1.4 development branch 2012-12-03 14:08:40 -06:00
version.rc
vl.c fw_cfg: Splash image loader can overrun a stack variable, fix 2013-01-26 13:23:33 +00:00
xen-all.c xen: Simplify halting of first CPU 2013-01-15 04:09:14 +01:00
xen-mapcache.c softmmu: move include files to include/sysemu/ 2012-12-19 08:32:45 +01:00
xen-stub.c exec: move include files to include/exec/ 2012-12-19 08:31:31 +01:00

Read the documentation in qemu-doc.html or on http://wiki.qemu.org

- QEMU team