aboutsummaryrefslogtreecommitdiff
path: root/ui/spice-display.c
AgeCommit message (Collapse)AuthorFilesLines
2014-09-05spice: make sure we don't overflow ssd->bufGerd Hoffmann1-5/+15
Related spice-only bug. We have a fixed 16 MB buffer here, being presented to the spice-server as qxl video memory in case spice is used with a non-qxl card. It's also used with qxl in vga mode. When using display resolutions requiring more than 16 MB of memory we are going to overflow that buffer. In theory the guest can write, indirectly via spice-server. The spice-server clears the memory after setting a new video mode though, triggering a segfault in the overflow case, so qemu crashes before the guest has a chance to do something evil. Fix that by switching to dynamic allocation for the buffer. CVE-2014-3615 Cc: qemu-stable@nongnu.org Cc: secalert@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2014-06-20spice: fix 32bit buildGerd Hoffmann1-1/+1
Tested-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1403244764-8622-1-git-send-email-kraxel@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2014-06-13spice: add mouse cursor supportGerd Hoffmann1-11/+118
So you'll have a mouse pointer when running non-qxl gfx cards with mouse pointer support (virtio-gpu, IIRC vmware too). Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-04-07spice: monitors_config: check pointer before dereferencingGerd Hoffmann1-0/+4
Reported-by: Fabio Fantoni <fabio.fantoni@m2r.biz> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-10spice: QemuUIInfo windupGerd Hoffmann1-3/+22
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-03-10spice: fix simple display surface handlingGerd Hoffmann1-4/+8
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-12-16spice: move qemu_spice_display_*() from spice-graphics to spice-coreGerd Hoffmann1-17/+0
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-10-17spice: fix multihead supportGerd Hoffmann1-3/+20
This patch fixes spice display initialization to handle multihead properly. spice-core now keeps track of which QemuConsole has a spice display channel attached to it and which has not. It also manages display channel ids. spice-display looks at all QemuConsoles and will pick up any graphic console not yet bound to a spice channel (which in practice are all non-qxl graphic devices). Result is that (a) you'll get a spice client window for each graphical device now (first only without this patch), and (b) mixing qxl and non-qxl vga cards works properly. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-10-17spice-display: add display channel id to the debug messages.Gerd Hoffmann1-13/+14
And s/__FUNCTION__/__func__/ while being at it. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-10-17spice: replace use of deprecated APIMarc-André Lureau1-5/+5
hose API are deprecated since 0.11, and qemu depends on 0.12 already. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-25console: zap ds arg from register_displaychangelistenerGerd Hoffmann1-1/+1
We don't have multiple DisplayStates any more, so passing it in as argument is not needed. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-16console: allow pinning displaychangelisteners to consolesGerd Hoffmann1-5/+6
DisplayChangeListener gets a new QemuConsole field, which can be set to non-NULL before registering. This will pin the QemuConsole, so that particular DisplayChangeListener will not follow console switches. spice+gtk (which don't support text console input anyway) are switched over to be pinned to console 0, which usually is the graphical display. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-16console: rename vga_hw_*, add QemuConsole paramGerd Hoffmann1-1/+1
Add QemuConsole parameter to vga_hw_*, so the interface allows to update non-active consoles (the actual code can't handle this yet, see next patch). Passing NULL is allowed and updates the active console, like the functions do today. While touching all vga_hw_* calls anyway rename that to the functions to hardware-neutral graphics_hw_* Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18console: stop using DisplayState in gfx hardware emulationGerd Hoffmann1-4/+6
Use QemuConsole instead. Updates interfaces in console.[ch] and adapts gfx hardware emulation code. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18console: zap displaystate from dcl callbacksGerd Hoffmann1-4/+1
Now that nobody depends on DisplayState in DisplayChangeListener callbacks any more we can remove the parameter from all callbacks. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18spice: stop using DisplayStateGerd Hoffmann1-15/+16
Rework DisplayStateListener callbacks to not use the DisplayState any more. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18console: rework DisplaySurface handling [dcl/ui side]Gerd Hoffmann1-5/+7
Replace the dpy_gfx_resize and dpy_gfx_setdata DisplayChangeListener callbacks with a dpy_gfx_switch callback which notifies the ui code when the framebuffer backing storage changes. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18spice: zap sdpy globalGerd Hoffmann1-14/+16
DisplayChangeListener is passed now to all DisplayChangeListenerOps callbacks, so we can use that to access the spice display state and kill the sdpy global variable. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-03-18console: fix displaychangelisteners interfaceGerd Hoffmann1-6/+13
Split callbacks into separate Ops struct. Pass DisplayChangeListener pointer as first argument to all callbacks. Uninline a bunch of display functions and move them from console.h to console.c Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-12-19softmmu: move include files to include/sysemu/Paolo Bonzini1-1/+1
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19misc: move include files to include/qemu/Paolo Bonzini1-2/+2
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19monitor: move include files to include/monitor/Paolo Bonzini1-1/+1
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-12-19ui: move files to ui/ and include/ui/Paolo Bonzini1-3/+3
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2012-11-21spice: add new spice-server callbacks to ui/spice-display.cGerd Hoffmann1-0/+35
Otherwise qemu crashes with non-qxl graphics cards. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05spice: fix initialization orderGerd Hoffmann1-1/+1
Register displaychangelistener last, after spice is fully initialized, otherwise we may hit NULL pointer dereferences when qemu starts calling our callbacks. Commit e250d949feb1334828f27f0d145c35f29c4b7639 triggers this bug. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-05spice: switch to pixmanGerd Hoffmann1-29/+22
Switch over spice-display.c to use the pixman library instead of the home-grown pflib bits. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01console: untangle gfx & txt updatesGerd Hoffmann1-2/+2
Stop abusing displaysurface fields for text mode displays. (bpp = 0, width = cols, height = lines). Add flags to displaystate indicating whenever text mode display (curses) or gfx mode displays (sdl, vnc, ...) are present. Add separate displaychangelistener callbacks for text / gfx mode resize & updates. This allows to enable gfx and txt diplays at the same time and also paves the way for more cleanups in the future. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-11-01console: move set_mouse + cursor_define callbacksGerd Hoffmann1-2/+2
When adding DisplayChangeListeners the set_mouse and cursor_define callbacks have been left in DisplayState for some reason. Fix it. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-10-08spice: raise requirement to 0.12Gerd Hoffmann1-38/+0
With the next qemu version (1.3) we are going to bump the qxl device revision to 4. The new features available require a recent spice-server version, so raise up the bar. Otherwise we would end up with different qxl revisions depending on the spice-server version installed, which would be a major PITA when it comes to compat properties. Clear out a big bunch of #ifdefs which are not needed any more. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-17Merge remote-tracking branch 'stefanha/trivial-patches' into stagingAnthony Liguori1-1/+1
* stefanha/trivial-patches: configure: fix seccomp check arch_init.c: add missing '%' symbols before PRIu64 in debug printfs kvm: Fix warning from static code analysis qapi: Fix enumeration typo error console: Clean up bytes per pixel calculation Fix copy&paste typos in documentation comments linux-user: Remove #if 0'd cpu_get_real_ticks() definition ui: Fix spelling in comment (ressource -> resource) Spelling fixes in comments and macro names (ressource -> resource) Fix spelling (licenced -> licensed) in GPL Spelling fixes in comments and documentation srp: Don't use QEMU_PACKED for single elements of a structured type
2012-09-14ui: Fix spelling in comment (ressource -> resource)Stefan Weil1-1/+1
The function is called interface_release_resource. Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2012-09-12spice: send updates only for changed screen contentGerd Hoffmann1-1/+55
when creating screen updates go compare the current guest screen against the mirror (which holds the most recent update sent), then only create updates for the screen areas which did actually change. [ v2: drop redundant qemu_spice_create_one_update call ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-12spice: add screen mirrorGerd Hoffmann1-10/+22
Create a screen mirror, keep there a copy of the most recent update passed on to spice-server. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-12spice: split qemu_spice_create_updateGerd Hoffmann1-13/+18
Creating one function which creates a single update for a given rectangle. And one (for now) pretty simple wrapper around it to queue up screen updates for the dirty region. [ v2: also update bounding box ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-12spice: switch to queue for vga mode updatesGerd Hoffmann1-11/+14
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-05spice: make number of surfaces runtime-configurable.Gerd Hoffmann1-1/+4
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-09-05spice: notify on vm state change only via spice_server_vm_start/stopYonit Halperin1-2/+30
QXLWorker->start/stop are deprecated since spice-server 0.11.2 Signed-off-by: Yonit Halperin <yhalperi@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-06-22ui/spice-display.c: add missing initialization for valgrindAlon Levy1-0/+2
We can't initialize QXLDevSurfaceCreate field by field because it has a pa hole, and so 4 bytes remain uninitialized when building on x86-64, so just memset. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-04-07Replace Qemu by QEMU in commentsStefan Weil1-1/+1
The official spelling is QEMU. Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Andreas Färber <afaerber@suse.de> [blauwirbel@gmail.com: fixed comment style in hw/sun4m.c] Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-03-22ui/spice-display: use uintptr_t when casting qxl physical addressesAlon Levy1-5/+5
The current intptr_t casts are a problem when the address's highest bit is 1, and it is cast to a intptr_t and then to uint64_t, such as at: surface.mem = (intptr_t)ssd->buf; This causes the sign bit to be extended which causes a wrong address to be passed on to spice, which then complains when it gets the wrong slot_id number, since the slot_id is taken from the higher bits. The assertion happens early - during the first primary surface creation. This fixes running "-vga qxl -spice" with 32 bit compiled qemu-system-i386. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-22ui/spice-display.c: Fix compilation warnings on 32 bit hostsPeter Maydell1-6/+6
Fix compilation failures ("cast from pointer to integer of different size [-Werror=pointer-to-int-cast]") by using uintptr_t instead. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-03-19qxl: switch qxl.c to trace-eventsAlon Levy1-2/+12
dprint is still used for qxl_init_common one time prints. also switched parts of spice-display.c over, mainly all the callbacks to spice server. All qxl device trace events start with the qxl device id. Signed-off-by: Alon Levy <alevy@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27qxl: introduce QXLCookieAlon Levy1-3/+19
Will be used in the next patch. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27qxl: require spice >= 0.8.2Alon Levy1-12/+0
drop all ifdefs on SPICE_INTERFACE_QXL_MINOR >= 1 as a result, any check for SPICE_SERVER_VERSION that is now always satisfied, and SPICE_INTERFACE_CORE_MINOR >= 3 tests, because 0.8.2 has SPICE_INTERFACE_QXL_MINOR == 1 and SPICE_INTERFACE_CORE_MINOR == 3. Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2012-02-27qxl: fix spice+sdl no cursor regressionAlon Levy1-9/+14
regression introduced by 075360945860ad9bdd491921954b383bf762b0e5, v2: lock around qemu_spice_cursor_refresh_unlocked Reported-by: Fabiano Fidêncio <fabiano@fidencio.org> Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-09-21Drop unneeded pthread.h inclusionsJan Kiszka1-2/+0
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
2011-09-15Replace the VMSTOP macros with a proper state typeLuiz Capitulino1-1/+2
Today, when notifying a VM state change with vm_state_notify(), we pass a VMSTOP macro as the 'reason' argument. This is not ideal because the VMSTOP macros tell why qemu stopped and not exactly what the current VM state is. One example to demonstrate this problem is that vm_start() calls vm_state_notify() with reason=0, which turns out to be VMSTOP_USER. This commit fixes that by replacing the VMSTOP macros with a proper state type called RunState. Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
2011-09-07spice: set qxl->ssd.running=true before telling spice to start, RHBZ #733993Yonit Halperin1-1/+2
If qxl->ssd.running=true is set after telling spice to start, the spice server thread can call qxl_send_events while qxl->ssd.running is still false. This leads to assert(d->ssd.running). Signed-off-by: Yonit Halperin <yhalperi@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2011-08-20Use glib memory allocation and free functionsAnthony Liguori1-6/+6
qemu_malloc/qemu_free no longer exist after this commit. Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-08-03qxl: async io support using new spice apiAlon Levy1-12/+39
Some of the QXL port i/o commands are waiting for the spice server to complete certain actions. Add async versions for these commands, so we don't block the vcpu while the spice server processses the command. Instead the qxl device will raise an IRQ when done. The async command processing relies on an added QXLInterface::async_complete and added QXLWorker::*_async additions, in spice server qxl >= 3.1 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Alon Levy <alevy@redhat.com>