aboutsummaryrefslogtreecommitdiff
path: root/hw/display
AgeCommit message (Collapse)AuthorFilesLines
2020-11-13hw/display/cirrus_vga: Fix hexadecimal format string specifierPhilippe Mathieu-Daudé1-1/+1
The '%u' conversion specifier is for decimal notation. When prefixing a format with '0x', we want the hexadecimal specifier ('%x'). Inspired-by: Dov Murik <dovmurik@linux.vnet.ibm.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 20201103112558.2554390-3-philmd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-11-13hw/display/cirrus_vga: Remove debugging code commented outPhilippe Mathieu-Daudé1-18/+0
Commit ec87f206d70 ("cirrus: replace debug printf with trace points") forgot to remove this code once replaced. Do it now. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 20201103112558.2554390-2-philmd@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-11-04ati: check x y display parameter valuesPrasad J Pandit1-4/+6
The source and destination x,y display parameters in ati_2d_blt() may run off the vga limits if either of s->regs.[src|dst]_[xy] is zero. Check the parameter values to avoid potential crash. Reported-by: Gaoning Pan <pgn@zju.edu.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-id: 20201021103818.1704030-1-ppandit@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-11-02hw/display/exynos4210_fimd: Fix potential NULL pointer dereferenceAlexChen1-1/+3
In exynos4210_fimd_update(), the pointer s is dereferinced before being check if it is valid, which may lead to NULL pointer dereference. So move the assignment to global_width after checking that the s is valid. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Alex Chen <alex.chen@huawei.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 5F9F8D88.9030102@huawei.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-02hw/display/omap_lcdc: Fix potential NULL pointer dereferenceAlexChen1-3/+7
In omap_lcd_interrupts(), the pointer omap_lcd is dereferinced before being check if it is valid, which may lead to NULL pointer dereference. So move the assignment to surface after checking that the omap_lcd is valid and move surface_bits_per_pixel(surface) to after the surface assignment. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: AlexChen <alex.chen@huawei.com> Message-id: 5F9CDB8A.9000001@huawei.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-31Merge remote-tracking branch ↵Peter Maydell2-9/+20
'remotes/kraxel/tags/modules-20201029-pull-request' into staging modules: build virtio-gpu-pci & virtio-vga modular. modules: various bugfixes, mostly for macos. # gpg: Signature made Thu 29 Oct 2020 11:09:41 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/modules-20201029-pull-request: modules: turn off lazy binding modules: unbreak them on macos virtio-gpu: only compile virtio-gpu-3d.c for CONFIG_VIRGL=y virtio-gpu: add virtio-vga module virtio-gpu: add virtio-gpu-pci module Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-10-29virtio-gpu: only compile virtio-gpu-3d.c for CONFIG_VIRGL=yGerd Hoffmann2-5/+3
There is no actual code in the CONFIG_VIRGL=n case. So building is (a) pointless and (b) makes macos ranlib complain. Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20201026142851.28735-1-kraxel@redhat.com
2020-10-29virtio-gpu: add virtio-vga moduleGerd Hoffmann1-2/+8
Build virtio-gpu vga devices modular. Must be a separate module because not all qemu softmmu variants come with VGA support. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20201023064618.21409-3-kraxel@redhat.com
2020-10-29virtio-gpu: add virtio-gpu-pci moduleGerd Hoffmann1-2/+9
Build virtio-gpu pci devices modular. Must be a separate module because not all qemu softmmu variants come with PCI support. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20201023064618.21409-2-kraxel@redhat.com
2020-10-28hw/display/tcx: Allow 64-bit accesses to framebuffer stippler and blitterPhilippe Mathieu-Daudé1-3/+15
The S24/TCX datasheet is listed as "Unable to locate" on [1]. However the NetBSD revision 1.32 of the driver introduced 64-bit accesses to the stippler and blitter [2]. It is safe to assume these memory regions are 64-bit accessible. QEMU implementation is 32-bit, so fill the 'impl' fields. Michael Lorenz (author of the NetBSD code [2]) provided us with more information in [3]: > IIRC the real hardware *requires* 64bit accesses for stipple and > blitter operations to work. For stipples you write a 64bit word into > STIP space, the address defines where in the framebuffer you want to > draw, the data contain a 32bit bitmask, foreground colour and a ROP. > BLIT space works similarly, the 64bit word contains an offset were to > read pixels from, and how many you want to copy. > > One more thing since there seems to be some confusion - 64bit accesses > on the framebuffer are fine as well. TCX/S24 is *not* an SBus device, > even though its node says it is. > S24 is a card that plugs into a special slot on the SS5 mainboard, > which is shared with an SBus slot and looks a lot like a horizontal > UPA slot. Both S24 and TCX are accessed through the Micro/TurboSPARC's > AFX bus which is 64bit wide and intended for graphics. > Early FFB docs even mentioned connecting to both AFX and UPA, > no idea if that was ever realized in hardware though. [1] http://web.archive.org/web/20111209011516/http://wikis.sun.com/display/FOSSdocs/Home [2] http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/sbus/tcx.c.diff?r1=1.31&r2=1.32 [3] https://www.mail-archive.com/qemu-devel@nongnu.org/msg734928.html Cc: qemu-stable@nongnu.org Reported-by: Andreas Gustafsson <gson@gson.org> Buglink: https://bugs.launchpad.net/bugs/1892540 Fixes: 55d7bfe2293 ("tcx: Implement hardware acceleration") Tested-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Tested-by: Andreas Gustafsson <gson@gson.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20201024205100.3623006-1-f4bug@amsat.org> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2020-10-13vga-pci: Register "big-endian-framebuffer" as class propertyEduardo Habkost1-8/+4
Class properties make QOM introspection simpler and easier, as they don't require an object to be instantiated. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20200921221045.699690-22-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-09-29virtio-vga: implement big-endian-framebuffer propertyGerd Hoffmann1-0/+19
Allows to switch the (vga mode) framebuffer into bigendian mode by setting the property, simliar to stdvga. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20200928085335.21961-2-kraxel@redhat.com
2020-09-29virtio-gpu: set physical dimensions for EDIDMarc-André Lureau2-0/+4
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20200927145751.365446-7-marcandre.lureau@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-09-29edid: use physical dimensions if availableMarc-André Lureau1-11/+25
Replace dpi with width_mm/height_mm in qemu_edid_info. Use it when set (non-zero) to compute the DPI and generate the EDID. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20200927145751.365446-3-marcandre.lureau@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-09-29edid: fix physical display size computationMarc-André Lureau1-2/+2
Divide the resolution by the DPI, and multiply to mm. Note the computation done for edid[21/22] is correct (in cm). Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20200927145751.365446-2-marcandre.lureau@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-09-29virtio-gpu-3d: fix abnormal display after a warm rebootGuoqing Zhang1-1/+1
When resetting virtio-gpu, virgl_renderer_reset() should be called to ensure that the virglrenderer status is correct. Signed-off-by: Guoqing Zhang <zhangguoqing.kernel@bytedance.com> Reviewed-by: Qi Liu<liuqi.16@bytedance.com> Message-id: 20200918111632.37354-1-zhangguoqing.kernel@bytedance.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-09-23qemu/atomic.h: rename atomic_ to qatomic_Stefan Hajnoczi1-2/+2
clang's C11 atomic_fetch_*() functions only take a C11 atomic type pointer argument. QEMU uses direct types (int, etc) and this causes a compiler error when a QEMU code calls these functions in a source file that also included <stdatomic.h> via a system header file: $ CC=clang CXX=clang++ ./configure ... && make ../util/async.c:79:17: error: address argument to atomic operation must be a pointer to _Atomic type ('unsigned int *' invalid) Avoid using atomic_*() names in QEMU's atomic.h since that namespace is used by <stdatomic.h>. Prefix QEMU's APIs with 'q' so that atomic.h and <stdatomic.h> can co-exist. I checked /usr/include on my machine and searched GitHub for existing "qatomic_" users but there seem to be none. This patch was generated using: $ git grep -h -o '\<atomic\(64\)\?_[a-z0-9_]\+' include/qemu/atomic.h | \ sort -u >/tmp/changed_identifiers $ for identifier in $(</tmp/changed_identifiers); do sed -i "s%\<$identifier\>%q$identifier%g" \ $(git grep -I -l "\<$identifier\>") done I manually fixed line-wrap issues and misaligned rST tables. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200923105646.47864-1-stefanha@redhat.com>
2020-09-18Use OBJECT_DECLARE_SIMPLE_TYPE when possibleEduardo Habkost22-69/+23
This converts existing DECLARE_INSTANCE_CHECKER usage to OBJECT_DECLARE_SIMPLE_TYPE when possible. $ ./scripts/codeconverter/converter.py -i \ --pattern=AddObjectDeclareSimpleType $(git grep -l '' -- '*.[ch]') Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Acked-by: Paul Durrant <paul@xen.org> Message-Id: <20200916182519.415636-6-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-09-18qom: Remove module_obj_name parameter from OBJECT_DECLARE* macrosEduardo Habkost1-1/+1
One of the goals of having less boilerplate on QOM declarations is to avoid human error. Requiring an extra argument that is never used is an opportunity for mistakes. Remove the unused argument from OBJECT_DECLARE_TYPE and OBJECT_DECLARE_SIMPLE_TYPE. Coccinelle patch used to convert all users of the macros: @@ declarer name OBJECT_DECLARE_TYPE; identifier InstanceType, ClassType, lowercase, UPPERCASE; @@ OBJECT_DECLARE_TYPE(InstanceType, ClassType, - lowercase, UPPERCASE); @@ declarer name OBJECT_DECLARE_SIMPLE_TYPE; identifier InstanceType, lowercase, UPPERCASE; @@ OBJECT_DECLARE_SIMPLE_TYPE(InstanceType, - lowercase, UPPERCASE); Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Acked-by: Cornelia Huck <cohuck@redhat.com> Acked-by: Igor Mammedov <imammedo@redhat.com> Acked-by: Paul Durrant <paul@xen.org> Acked-by: Thomas Huth <thuth@redhat.com> Message-Id: <20200916182519.415636-4-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-09-15virtio-gpu: build modularGerd Hoffmann1-16/+6
Only build virtio-gpu-device modular (the code which actually depends on the external virglrenderer library). virtio-gpu-pci and virtio-vga are compiled into core qemu still. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20200914134224.29769-7-kraxel@redhat.com
2020-09-15virtio-gpu: make virtio_gpu_ops staticGerd Hoffmann2-9/+10
Reference it via ops pointer instead, simliar to the vga one. Removes hard symbol reference, needed to build virtio-gpu modular. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20200914134224.29769-6-kraxel@redhat.com
2020-09-15meson: remove duplicate qxl sourcesGerd Hoffmann1-2/+0
We should add sources to the softmmu_ss or module_ss but not both. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20200914134224.29769-4-kraxel@redhat.com
2020-09-15meson: fix qxl dependenciesGerd Hoffmann1-1/+2
Add pixman and spice deps to qxl module. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20200914134224.29769-2-kraxel@redhat.com
2020-09-11Merge remote-tracking branch ↵Peter Maydell29-108/+175
'remotes/ehabkost/tags/machine-next-pull-request' into staging QOM boilerplate cleanup Documentation build fix: * memory: Remove kernel-doc comment marker (Eduardo Habkost) QOM cleanups: * Rename QOM macros for consistency between TYPE_* and type checking constants (Eduardo Habkost) QOM new macros: * OBJECT_DECLARE_* and OBJECT_DEFINE_* macros (Daniel P. Berrangé) * DECLARE_*_CHECKER macros (Eduardo Habkost) Automated QOM boilerplate changes: * Automated changes to use DECLARE_*_CHECKER (Eduardo Habkost * Automated changes to use OBJECT_DECLARE* (Eduardo Habkost) # gpg: Signature made Thu 10 Sep 2020 19:17:49 BST # gpg: using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6 # gpg: issuer "ehabkost@redhat.com" # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full] # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6 * remotes/ehabkost/tags/machine-next-pull-request: (33 commits) virtio-vga: Use typedef name for instance_size vhost-user-vga: Use typedef name for instance_size xilinx_axienet: Use typedef name for instance_size lpc_ich9: Use typedef name for instance_size omap_intc: Use typedef name for instance_size xilinx_axidma: Use typedef name for instance_size tusb6010: Rename TUSB to TUSB6010 pc87312: Rename TYPE_PC87312_SUPERIO to TYPE_PC87312 vfio: Rename PCI_VFIO to VFIO_PCI usb: Rename USB_SERIAL_DEV to USB_SERIAL sabre: Rename SABRE_DEVICE to SABRE rs6000_mc: Rename RS6000MC_DEVICE to RS6000MC filter-rewriter: Rename FILTER_COLO_REWRITER to FILTER_REWRITER esp: Rename ESP_STATE to ESP ahci: Rename ICH_AHCI to ICH9_AHCI vmgenid: Rename VMGENID_DEVICE to TYPE_VMGENID vfio: Rename VFIO_AP_DEVICE_TYPE to TYPE_VFIO_AP_DEVICE dev-smartcard-reader: Rename CCID_DEV_NAME to TYPE_USB_CCID_DEV ap-device: Rename AP_DEVICE_TYPE to TYPE_AP_DEVICE gpex: Fix type checking function name ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-09-09virtio-vga: Use typedef name for instance_sizeEduardo Habkost1-3/+3
This makes the code consistent with the rest of QOM code in QEMU, and will make automated conversion to type declaration macros simpler. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Message-Id: <20200824215936.2961951-7-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-09-09vhost-user-vga: Use typedef name for instance_sizeEduardo Habkost1-1/+1
This makes the code consistent with the rest of QOM code in QEMU, and will make automated conversion to type declaration macros simpler. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20200824215936.2961951-6-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-09-09trace-events: Fix attribution of trace points to sourceMarkus Armbruster1-1/+3
Some trace points are attributed to the wrong source file. Happens when we neglect to update trace-events for code motion, or add events in the wrong place, or misspell the file name. Clean up with help of scripts/cleanup-trace-events.pl. Funnies requiring manual post-processing: * accel/tcg/cputlb.c trace points are in trace-events. * block.c and blockdev.c trace points are in block/trace-events. * hw/block/nvme.c uses the preprocessor to hide its trace point use from cleanup-trace-events.pl. * hw/tpm/tpm_spapr.c uses pseudo trace point tpm_spapr_show_buffer to guard debug code. * include/hw/xen/xen_common.h trace points are in hw/xen/trace-events. * linux-user/trace-events abbreviates a tedious list of filenames to */signal.c. * net/colo-compare and net/filter-rewriter.c use pseudo trace points colo_compare_miscompare and colo_filter_rewriter_debug to guard debug code. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200806141334.3646302-5-armbru@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-09-09Use OBJECT_DECLARE_TYPE where possibleEduardo Habkost1-4/+2
Replace DECLARE_OBJ_CHECKERS with OBJECT_DECLARE_TYPE where the typedefs can be safely removed. Generated running: $ ./scripts/codeconverter/converter.py -i \ --pattern=DeclareObjCheckers $(git grep -l '' -- '*.[ch]') Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20200831210740.126168-16-ehabkost@redhat.com> Message-Id: <20200831210740.126168-17-ehabkost@redhat.com> Message-Id: <20200831210740.126168-18-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-09-09Use DECLARE_*CHECKER* macrosEduardo Habkost29-47/+60
Generated using: $ ./scripts/codeconverter/converter.py -i \ --pattern=TypeCheckMacro $(git grep -l '' -- '*.[ch]') Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-Id: <20200831210740.126168-12-ehabkost@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-Id: <20200831210740.126168-13-ehabkost@redhat.com> Message-Id: <20200831210740.126168-14-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-09-09Move QOM typedefs and add missing includesEduardo Habkost29-57/+113
Some typedefs and macros are defined after the type check macros. This makes it difficult to automatically replace their definitions with OBJECT_DECLARE_TYPE. Patch generated using: $ ./scripts/codeconverter/converter.py -i \ --pattern=QOMStructTypedefSplit $(git grep -l '' -- '*.[ch]') which will split "typdef struct { ... } TypedefName" declarations. Followed by: $ ./scripts/codeconverter/converter.py -i --pattern=MoveSymbols \ $(git grep -l '' -- '*.[ch]') which will: - move the typedefs and #defines above the type check macros - add missing #include "qom/object.h" lines if necessary Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-Id: <20200831210740.126168-9-ehabkost@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Message-Id: <20200831210740.126168-10-ehabkost@redhat.com> Message-Id: <20200831210740.126168-11-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-09-07Merge remote-tracking branch 'remotes/hdeller/tags/target-hppa-pull-request' ↵Peter Maydell1-14/+29
into staging hppa power button support, graphics updates and firmware fixes # gpg: Signature made Mon 07 Sep 2020 20:09:49 BST # gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F # gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown] # gpg: aka "Helge Deller <deller@kernel.org>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603 # Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F * remotes/hdeller/tags/target-hppa-pull-request: hw/display/artist: Allow screen size up to 2048 lines hw/display/artist: Refactor x/y coordination extraction hw/display/artist: Verify artist screen resolution target/hppa: Fix boot with old Linux installation CDs hw/hppa: Add power button emulation hw/hppa: Tell SeaBIOS port address of fw_cfg hw/hppa: Change fw_cfg port address hw/hppa: Store boot device in fw_cfg section hw/hppa: Make number of TLB and BTLB entries configurable seabios-hppa: Update SeaBIOS to hppa-qemu-5.2-2 tag Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-09-04cirrus: handle wraparound in cirrus_invalidate_regionGerd Hoffmann1-3/+9
Code simply asserts that there is no wraparound instead of handling it properly. The assert() can be triggered by the guest (must be privilidged inside the guest though). Fix it. Buglink: https://bugs.launchpad.net/qemu/+bug/1880189 Cc: Li Qiang <liq3ea@163.com> Reported-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Li Qiang <liq3ea@163.com> Message-id: 20200901140944.24101-1-kraxel@redhat.com
2020-09-04virtio-gpu: fix unmap the already mapped itemsLi Zhijian1-1/+4
we go here either (!(*iov)[i].iov_base) or (len != l), so we need to consider to unmap the 'i'th item as well when the 'i'th item is not nil CC: Li Qiang <liq3ea@gmail.com> Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com> Message-id: 20200827035855.24354-1-lizhijian@cn.fujitsu.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-09-03hw/display/artist: Allow screen size up to 2048 linesHelge Deller1-1/+1
Adjust the ADDR_TO_Y() macro to extract 11 bits, which allows userspace to address screen sizes up to 2048 lines (instead of 1024 before). Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-03hw/display/artist: Refactor x/y coordination extractionHelge Deller1-14/+17
Simplify the code by using new introduced ADDR_TO_Y() and ADDR_TO_X() macros. Those macros extract the x/y-coordinate from the given uint32. As further simplification the extraction of the x/y coordinates for VRAM_WRITE_INCR_Y and VRAM_WRITE_INCR_X can be done centrally in vram_bit_write(), so move this code up into the function. ADDR_TO_Y() is still limited to 10 bits which allow to address up to of 1024 lines - this will be increased in a follow-up patch. Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-03hw/display/artist: Verify artist screen resolutionHelge Deller1-0/+12
Artist hardware is limited to 2048 x 2048 pixels. STI ROMs allow at minimum 640 x 480 pixels. Qemu users can adjust the screen size on the command line with: -global artist.width=800 -global artist.height=600 but we need to ensure that the screen size stays inside the given boundaries, otherwise print an error message and adjust. Signed-off-by: Helge Deller <deller@gmx.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2020-09-01hw/display/vga:Remove redundant statement in vga_draw_graphic()Chen Qun1-1/+0
Clang static code analyzer show warning: hw/display/vga.c:1677:9: warning: Value stored to 'update' is never read update = full_update; ^ ~~~~~~~~~~~ Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Li Qiang <liq3ea@gmail.com> Message-Id: <20200827110311.164316-11-kuhn.chenqun@huawei.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-09-01hw: Remove superfluous breaksLiao Pingfang2-3/+0
Remove superfluous breaks, as there is a "return" before them. Signed-off-by: Liao Pingfang <liao.pingfang@zte.com.cn> Signed-off-by: Yi Wang <wang.yi59@zte.com.cn> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <1594631126-36631-1-git-send-email-wang.yi59@zte.com.cn> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2020-08-27nubus: Rename class type checking macrosEduardo Habkost1-2/+2
Rename the existing class type checking macros to be consistent with the type name and instance type checking macro. Use a NUBUS_MACFB prefix instead of MACFB_NUBUS. This will make future conversion to OBJECT_DECLARE* easier. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Acked-by: Laurent Vivier <laurent@vivier.eu> Tested-By: Roman Bolshakov <r.bolshakov@yadro.com> Message-Id: <20200825192110.3528606-44-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-08-27vhost-user-gpu: Move QOM macro to headerEduardo Habkost1-3/+0
Move the VHOST_USER_GPU type checking macro to virtio-gpu.h, close to the TYPE_VHOST_USER_GPU #define. This will make future conversion to OBJECT_DECLARE* easier. Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Tested-By: Roman Bolshakov <r.bolshakov@yadro.com> Message-Id: <20200825192110.3528606-30-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-08-27pl110: Rename pl110_version enum valuesEduardo Habkost1-11/+11
The PL110 enum value name will conflict with the PL110 type cast checker, when we replace the existing macro with an inline function. Add a VERSION_ prefix to all pl110_version enum values, to avoid conflicts. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Tested-By: Roman Bolshakov <r.bolshakov@yadro.com> Message-Id: <20200825192110.3528606-5-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-08-26Merge remote-tracking branch ↵Peter Maydell1-72/+114
'remotes/hdeller/tags/target-hppa-v3-pull-request' into staging artist out of bounds fixes # gpg: Signature made Wed 26 Aug 2020 22:09:55 BST # gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F # gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown] # gpg: aka "Helge Deller <deller@kernel.org>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603 # Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F * remotes/hdeller/tags/target-hppa-v3-pull-request: hw/display/artist: Fix invalidation of lines near screen border hw/display/artist: Fix invalidation of lines in artist_draw_line() hw/display/artist: Unbreak size mismatch memory accesses hw/display/artist: Prevent out of VRAM buffer accesses Revert "hw/display/artist: Avoid drawing line when nothing to display" hw/display/artist: Refactor artist_rop8() to avoid buffer over-run hw/display/artist: Check offset in draw_line to avoid buffer over-run hw/hppa/lasi: Don't abort on invalid IMR value hw/display/artist.c: fix out of bounds check hw/hppa: Implement proper SeaBIOS version check seabios-hppa: Update to SeaBIOS hppa version 1 hw/hppa: Sync hppa_hardware.h file with SeaBIOS sources Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-08-26hw/display/artist: Fix invalidation of lines near screen borderSven Schnelle1-1/+6
If parts of the invalidated screen lines are outside of the VRAM buffer, the code skips the whole invalidate. This is incorrect when only parts of the buffer are invisble - which is the case when the mouse cursor is located near the screen border. Signed-off-by: Sven Schnelle <svens@stackframe.org> Signed-off-by: Helge Deller <deller@gmx.de>
2020-08-26hw/display/artist: Fix invalidation of lines in artist_draw_line()Sven Schnelle1-1/+4
The old code didn't invalidate correctly when vertical lines were drawn. Fix this and move the invalidation out of the loop. Signed-off-by: Sven Schnelle <svens@stackframe.org> Signed-off-by: Helge Deller <deller@gmx.de>
2020-08-26hw/display/artist: Unbreak size mismatch memory accessesHelge Deller1-8/+4
Commit 5d971f9e6725 ("memory: Revert "memory: accept mismatching sizes in memory_region_access_valid") broke the artist driver in a way that the dtwm window manager on HP-UX rendered wrong. Fixes: 5d971f9e6725 ("memory: Revert "memory: accept mismatching sizes in memory_region_access_valid") Signed-off-by: Sven Schnelle <svens@stackframe.org> Signed-off-by: Helge Deller <deller@gmx.de>
2020-08-26hw/display/artist: Prevent out of VRAM buffer accessesHelge Deller1-41/+69
Simplify various bounds checks by changing parameters like row and column numbers to become unsigned instead of signed. With that we can check if the calculated offset is bigger than the size of the VRAM region and bail out if not. Reported-by: LLVM libFuzzer Reported-by: Alexander Bulekov <alxndr@bu.edu> Buglink: https://bugs.launchpad.net/qemu/+bug/1880326 Buglink: https://bugs.launchpad.net/qemu/+bug/1890310 Buglink: https://bugs.launchpad.net/qemu/+bug/1890311 Buglink: https://bugs.launchpad.net/qemu/+bug/1890312 Buglink: https://bugs.launchpad.net/qemu/+bug/1890370 Acked-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Helge Deller <deller@gmx.de>
2020-08-26Revert "hw/display/artist: Avoid drawing line when nothing to display"Helge Deller1-3/+0
This reverts commit b0f6455feac97e41045ee394e11c24d92c370f6e. It's wrong. A line could even be a dot. Signed-off-by: Helge Deller <deller@gmx.de>
2020-08-26hw/display/artist: Refactor artist_rop8() to avoid buffer over-runPhilippe Mathieu-Daudé1-15/+25
Invalid I/O writes can craft an offset out of the vram_buffer range. Instead of passing an unsafe pointer to artist_rop8(), pass the vram_buffer and the offset. We can now check if the offset is in range before accessing it. We avoid: Program terminated with signal SIGSEGV, Segmentation fault. 284 *dst &= ~plane_mask; (gdb) bt #0 0x000056367b2085c0 in artist_rop8 (s=0x56367d38b510, dst=0x7f9f972fffff <error: Cannot access memory at address 0x7f9f972fffff>, val=0 '\000') at hw/display/artist.c:284 #1 0x000056367b209325 in draw_line (s=0x56367d38b510, x1=-20480, y1=-1, x2=0, y2=17920, update_start=true, skip_pix=-1, max_pix=-1) at hw/display/artist.c:646 Reported-by: LLVM libFuzzer Buglink: https://bugs.launchpad.net/qemu/+bug/1880326 Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Helge Deller <deller@gmx.de>
2020-08-26hw/display/artist: Check offset in draw_line to avoid buffer over-runPhilippe Mathieu-Daudé1-2/+7
Invalid I/O writes can craft an offset out of the vram_buffer range. We avoid: Program terminated with signal SIGSEGV, Segmentation fault. 284 *dst &= ~plane_mask; (gdb) bt #0 0x000055d5dccdc5c0 in artist_rop8 (s=0x55d5defee510, dst=0x7f8e84ed8216 <error: Cannot access memory at address 0x7f8e84ed8216>, val=0 '\000') at hw/display/artist.c:284 #1 0x000055d5dccdcf83 in fill_window (s=0x55d5defee510, startx=22, starty=5674, width=65, height=5697) at hw/display/artist.c:551 #2 0x000055d5dccddfb9 in artist_reg_write (opaque=0x55d5defee510, addr=1051140, val=4265537, size=4) at hw/display/artist.c:902 #3 0x000055d5dcb42a7c in memory_region_write_accessor (mr=0x55d5defeea10, addr=1051140, value=0x7ffe57db08c8, size=4, shift=0, mask=4294967295, attrs=...) at memory.c:483 Reported-by: LLVM libFuzzer Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Helge Deller <deller@gmx.de>
2020-08-21meson: convert hw/displayMarc-André Lureau2-65/+84
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>