From 0337e4123e62721bd0bcb4d5645fee2a31e8906d Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Thu, 21 Sep 2023 17:29:34 +0900 Subject: input: Allow to choose console with qemu_input_is_absolute MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Although an input is routed depending on the console, qemu_input_is_absolute() had no mechanism to specify the console. Accept QemuConsole as an argument for qemu_input_is_absolute, and let the display know the absolute/relative state for a particular console. Signed-off-by: Akihiko Odaki Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Marc-André Lureau Message-Id: <20230921082936.28100-1-akihiko.odaki@daynix.com> --- include/ui/input.h | 2 +- ui/cocoa.m | 2 +- ui/dbus-console.c | 6 +++--- ui/gtk.c | 12 ++++++------ ui/input.c | 29 +++++++---------------------- ui/sdl2.c | 26 +++++++++++++------------- ui/spice-input.c | 2 +- ui/trace-events | 1 - ui/vnc.c | 2 +- 9 files changed, 33 insertions(+), 49 deletions(-) diff --git a/include/ui/input.h b/include/ui/input.h index c29a730..24d8e45 100644 --- a/include/ui/input.h +++ b/include/ui/input.h @@ -57,7 +57,7 @@ void qemu_input_queue_btn(QemuConsole *src, InputButton btn, bool down); void qemu_input_update_buttons(QemuConsole *src, uint32_t *button_map, uint32_t button_old, uint32_t button_new); -bool qemu_input_is_absolute(void); +bool qemu_input_is_absolute(QemuConsole *con); int qemu_input_scale_axis(int value, int min_in, int max_in, int min_out, int max_out); diff --git a/ui/cocoa.m b/ui/cocoa.m index df6d13b..145f42d 100644 --- a/ui/cocoa.m +++ b/ui/cocoa.m @@ -2001,7 +2001,7 @@ static void cocoa_refresh(DisplayChangeListener *dcl) COCOA_DEBUG("qemu_cocoa: cocoa_refresh\n"); graphic_hw_update(NULL); - if (qemu_input_is_absolute()) { + if (qemu_input_is_absolute(dcl->con)) { dispatch_async(dispatch_get_main_queue(), ^{ if (![cocoaView isAbsoluteEnabled]) { if ([cocoaView isMouseGrabbed]) { diff --git a/ui/dbus-console.c b/ui/dbus-console.c index 36f7349..49da9cc 100644 --- a/ui/dbus-console.c +++ b/ui/dbus-console.c @@ -386,7 +386,7 @@ dbus_mouse_rel_motion(DBusDisplayConsole *ddc, { trace_dbus_mouse_rel_motion(dx, dy); - if (qemu_input_is_absolute()) { + if (qemu_input_is_absolute(ddc->dcl.con)) { g_dbus_method_invocation_return_error( invocation, DBUS_DISPLAY_ERROR, DBUS_DISPLAY_ERROR_INVALID, @@ -453,7 +453,7 @@ dbus_mouse_set_pos(DBusDisplayConsole *ddc, trace_dbus_mouse_set_pos(x, y); - if (!qemu_input_is_absolute()) { + if (!qemu_input_is_absolute(ddc->dcl.con)) { g_dbus_method_invocation_return_error( invocation, DBUS_DISPLAY_ERROR, DBUS_DISPLAY_ERROR_INVALID, @@ -514,7 +514,7 @@ static void dbus_mouse_update_is_absolute(DBusDisplayConsole *ddc) { g_object_set(ddc->iface_mouse, - "is-absolute", qemu_input_is_absolute(), + "is-absolute", qemu_input_is_absolute(ddc->dcl.con), NULL); } diff --git a/ui/gtk.c b/ui/gtk.c index 3373427..cd3b895 100644 --- a/ui/gtk.c +++ b/ui/gtk.c @@ -204,7 +204,7 @@ static void gd_update_cursor(VirtualConsole *vc) } window = gtk_widget_get_window(GTK_WIDGET(vc->gfx.drawing_area)); - if (s->full_screen || qemu_input_is_absolute() || s->ptr_owner == vc) { + if (s->full_screen || qemu_input_is_absolute(vc->gfx.dcl.con) || s->ptr_owner == vc) { gdk_window_set_cursor(window, s->null_cursor); } else { gdk_window_set_cursor(window, NULL); @@ -453,7 +453,7 @@ static void gd_mouse_set(DisplayChangeListener *dcl, gint x_root, y_root; if (!gtk_widget_get_realized(vc->gfx.drawing_area) || - qemu_input_is_absolute()) { + qemu_input_is_absolute(dcl->con)) { return; } @@ -689,7 +689,7 @@ static void gd_mouse_mode_change(Notifier *notify, void *data) s = container_of(notify, GtkDisplayState, mouse_mode_notifier); /* release the grab at switching to absolute mode */ - if (qemu_input_is_absolute() && s->ptr_owner) { + if (s->ptr_owner && qemu_input_is_absolute(s->ptr_owner->gfx.dcl.con)) { if (!s->ptr_owner->window) { gtk_check_menu_item_set_active(GTK_CHECK_MENU_ITEM(s->grab_item), FALSE); @@ -903,7 +903,7 @@ static gboolean gd_motion_event(GtkWidget *widget, GdkEventMotion *motion, x = (motion->x - mx) / vc->gfx.scale_x * ws; y = (motion->y - my) / vc->gfx.scale_y * ws; - if (qemu_input_is_absolute()) { + if (qemu_input_is_absolute(vc->gfx.dcl.con)) { if (x < 0 || y < 0 || x >= surface_width(vc->gfx.ds) || y >= surface_height(vc->gfx.ds)) { @@ -923,7 +923,7 @@ static gboolean gd_motion_event(GtkWidget *widget, GdkEventMotion *motion, s->last_y = y; s->last_set = TRUE; - if (!qemu_input_is_absolute() && s->ptr_owner == vc) { + if (!qemu_input_is_absolute(vc->gfx.dcl.con) && s->ptr_owner == vc) { GdkScreen *screen = gtk_widget_get_screen(vc->gfx.drawing_area); GdkDisplay *dpy = gtk_widget_get_display(widget); GdkWindow *win = gtk_widget_get_window(widget); @@ -965,7 +965,7 @@ static gboolean gd_button_event(GtkWidget *widget, GdkEventButton *button, /* implicitly grab the input at the first click in the relative mode */ if (button->button == 1 && button->type == GDK_BUTTON_PRESS && - !qemu_input_is_absolute() && s->ptr_owner != vc) { + !qemu_input_is_absolute(vc->gfx.dcl.con) && s->ptr_owner != vc) { if (!vc->window) { gtk_check_menu_item_set_active(GTK_CHECK_MENU_ITEM(s->grab_item), TRUE); diff --git a/ui/input.c b/ui/input.c index 1aad64b..cbe8573 100644 --- a/ui/input.c +++ b/ui/input.c @@ -56,7 +56,7 @@ QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev, s->id = id++; QTAILQ_INSERT_TAIL(&handlers, s, node); - qemu_input_check_mode_change(); + notifier_list_notify(&mouse_mode_notifiers, NULL); return s; } @@ -64,21 +64,21 @@ void qemu_input_handler_activate(QemuInputHandlerState *s) { QTAILQ_REMOVE(&handlers, s, node); QTAILQ_INSERT_HEAD(&handlers, s, node); - qemu_input_check_mode_change(); + notifier_list_notify(&mouse_mode_notifiers, NULL); } void qemu_input_handler_deactivate(QemuInputHandlerState *s) { QTAILQ_REMOVE(&handlers, s, node); QTAILQ_INSERT_TAIL(&handlers, s, node); - qemu_input_check_mode_change(); + notifier_list_notify(&mouse_mode_notifiers, NULL); } void qemu_input_handler_unregister(QemuInputHandlerState *s) { QTAILQ_REMOVE(&handlers, s, node); g_free(s); - qemu_input_check_mode_change(); + notifier_list_notify(&mouse_mode_notifiers, NULL); } void qemu_input_handler_bind(QemuInputHandlerState *s, @@ -494,12 +494,12 @@ void qemu_input_update_buttons(QemuConsole *src, uint32_t *button_map, } } -bool qemu_input_is_absolute(void) +bool qemu_input_is_absolute(QemuConsole *con) { QemuInputHandlerState *s; s = qemu_input_find_handler(INPUT_EVENT_MASK_REL | INPUT_EVENT_MASK_ABS, - NULL); + con); return (s != NULL) && (s->handler->mask & INPUT_EVENT_MASK_ABS); } @@ -583,21 +583,6 @@ void qemu_input_queue_mtt_abs(QemuConsole *src, InputAxis axis, int value, qemu_input_event_send(src, &evt); } -void qemu_input_check_mode_change(void) -{ - static int current_is_absolute; - int is_absolute; - - is_absolute = qemu_input_is_absolute(); - - if (is_absolute != current_is_absolute) { - trace_input_mouse_mode(is_absolute); - notifier_list_notify(&mouse_mode_notifiers, NULL); - } - - current_is_absolute = is_absolute; -} - void qemu_add_mouse_mode_change_notifier(Notifier *notify) { notifier_list_add(&mouse_mode_notifiers, notify); @@ -657,6 +642,6 @@ bool qemu_mouse_set(int index, Error **errp) } qemu_input_handler_activate(s); - qemu_input_check_mode_change(); + notifier_list_notify(&mouse_mode_notifiers, NULL); return true; } diff --git a/ui/sdl2.c b/ui/sdl2.c index 178cc05..fbfdb64 100644 --- a/ui/sdl2.c +++ b/ui/sdl2.c @@ -203,7 +203,7 @@ static void sdl_hide_cursor(struct sdl2_console *scon) SDL_ShowCursor(SDL_DISABLE); SDL_SetCursor(sdl_cursor_hidden); - if (!qemu_input_is_absolute()) { + if (!qemu_input_is_absolute(scon->dcl.con)) { SDL_SetRelativeMouseMode(SDL_TRUE); } } @@ -214,12 +214,12 @@ static void sdl_show_cursor(struct sdl2_console *scon) return; } - if (!qemu_input_is_absolute()) { + if (!qemu_input_is_absolute(scon->dcl.con)) { SDL_SetRelativeMouseMode(SDL_FALSE); } if (guest_cursor && - (gui_grab || qemu_input_is_absolute() || absolute_enabled)) { + (gui_grab || qemu_input_is_absolute(scon->dcl.con) || absolute_enabled)) { SDL_SetCursor(guest_sprite); } else { SDL_SetCursor(sdl_cursor_normal); @@ -245,7 +245,7 @@ static void sdl_grab_start(struct sdl2_console *scon) } if (guest_cursor) { SDL_SetCursor(guest_sprite); - if (!qemu_input_is_absolute() && !absolute_enabled) { + if (!qemu_input_is_absolute(scon->dcl.con) && !absolute_enabled) { SDL_WarpMouseInWindow(scon->real_window, guest_x, guest_y); } } else { @@ -280,7 +280,7 @@ static void absolute_mouse_grab(struct sdl2_console *scon) static void sdl_mouse_mode_change(Notifier *notify, void *data) { - if (qemu_input_is_absolute()) { + if (qemu_input_is_absolute(sdl2_console[0].dcl.con)) { if (!absolute_enabled) { absolute_enabled = 1; SDL_SetRelativeMouseMode(SDL_FALSE); @@ -311,7 +311,7 @@ static void sdl_send_mouse_event(struct sdl2_console *scon, int dx, int dy, prev_state = state; } - if (qemu_input_is_absolute()) { + if (qemu_input_is_absolute(scon->dcl.con)) { qemu_input_queue_abs(scon->dcl.con, INPUT_AXIS_X, x, 0, surface_width(scon->surface)); qemu_input_queue_abs(scon->dcl.con, INPUT_AXIS_Y, @@ -497,7 +497,7 @@ static void handle_mousemotion(SDL_Event *ev) return; } - if (qemu_input_is_absolute() || absolute_enabled) { + if (qemu_input_is_absolute(scon->dcl.con) || absolute_enabled) { int scr_w, scr_h; SDL_GetWindowSize(scon->real_window, &scr_w, &scr_h); max_x = scr_w - 1; @@ -513,7 +513,7 @@ static void handle_mousemotion(SDL_Event *ev) sdl_grab_start(scon); } } - if (gui_grab || qemu_input_is_absolute() || absolute_enabled) { + if (gui_grab || qemu_input_is_absolute(scon->dcl.con) || absolute_enabled) { sdl_send_mouse_event(scon, ev->motion.xrel, ev->motion.yrel, ev->motion.x, ev->motion.y, ev->motion.state); } @@ -530,7 +530,7 @@ static void handle_mousebutton(SDL_Event *ev) } bev = &ev->button; - if (!gui_grab && !qemu_input_is_absolute()) { + if (!gui_grab && !qemu_input_is_absolute(scon->dcl.con)) { if (ev->type == SDL_MOUSEBUTTONUP && bev->button == SDL_BUTTON_LEFT) { /* start grabbing all events */ sdl_grab_start(scon); @@ -603,7 +603,7 @@ static void handle_windowevent(SDL_Event *ev) } /* fall through */ case SDL_WINDOWEVENT_ENTER: - if (!gui_grab && (qemu_input_is_absolute() || absolute_enabled)) { + if (!gui_grab && (qemu_input_is_absolute(scon->dcl.con) || absolute_enabled)) { absolute_mouse_grab(scon); } /* If a new console window opened using a hotkey receives the @@ -733,9 +733,9 @@ static void sdl_mouse_warp(DisplayChangeListener *dcl, if (!guest_cursor) { sdl_show_cursor(scon); } - if (gui_grab || qemu_input_is_absolute() || absolute_enabled) { + if (gui_grab || qemu_input_is_absolute(scon->dcl.con) || absolute_enabled) { SDL_SetCursor(guest_sprite); - if (!qemu_input_is_absolute() && !absolute_enabled) { + if (!qemu_input_is_absolute(scon->dcl.con) && !absolute_enabled) { SDL_WarpMouseInWindow(scon->real_window, x, y); } } @@ -773,7 +773,7 @@ static void sdl_mouse_define(DisplayChangeListener *dcl, return; } if (guest_cursor && - (gui_grab || qemu_input_is_absolute() || absolute_enabled)) { + (gui_grab || qemu_input_is_absolute(dcl->con) || absolute_enabled)) { SDL_SetCursor(guest_sprite); } } diff --git a/ui/spice-input.c b/ui/spice-input.c index bbd5025..a5c5d78 100644 --- a/ui/spice-input.c +++ b/ui/spice-input.c @@ -224,7 +224,7 @@ static const SpiceTabletInterface tablet_interface = { static void mouse_mode_notifier(Notifier *notifier, void *data) { QemuSpicePointer *pointer = container_of(notifier, QemuSpicePointer, mouse_mode); - bool is_absolute = qemu_input_is_absolute(); + bool is_absolute = qemu_input_is_absolute(NULL); if (pointer->absolute == is_absolute) { return; diff --git a/ui/trace-events b/ui/trace-events index 76b19a2..16c35c9 100644 --- a/ui/trace-events +++ b/ui/trace-events @@ -92,7 +92,6 @@ input_event_rel(int conidx, const char *axis, int value) "con %d, axis %s, value input_event_abs(int conidx, const char *axis, int value) "con %d, axis %s, value 0x%x" input_event_mtt(int conidx, const char *axis, int value) "con %d, axis %s, value 0x%x" input_event_sync(void) "" -input_mouse_mode(int absolute) "absolute %d" # sdl2-input.c sdl2_process_key(int sdl_scancode, int qcode, const char *action) "translated SDL scancode %d to QKeyCode %d (%s)" diff --git a/ui/vnc.c b/ui/vnc.c index 523eb1f..c66477a 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -1771,7 +1771,7 @@ uint32_t read_u32(uint8_t *data, size_t offset) static void check_pointer_type_change(Notifier *notifier, void *data) { VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); - int absolute = qemu_input_is_absolute(); + int absolute = qemu_input_is_absolute(vs->vd->dcl.con); if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { vnc_lock_output(vs); -- cgit v1.1 From 845fff1f83ac87f592b5b0fa01c37844ea8cc9f9 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 13 Sep 2023 16:49:56 +0200 Subject: ui/console: make qemu_console_is_multihead() static MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit qemu_console_is_multihead() is only called from within "ui/console.c"; make it static. Cc: "Marc-André Lureau" (odd fixer:Graphics) Cc: Gerd Hoffmann (odd fixer:Graphics) Signed-off-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Marc-André Lureau Message-ID: <20230913144959.41891-2-lersek@redhat.com> --- include/ui/console.h | 1 - ui/console.c | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/include/ui/console.h b/include/ui/console.h index 28882f1..acb61a7 100644 --- a/include/ui/console.h +++ b/include/ui/console.h @@ -422,7 +422,6 @@ bool qemu_console_is_visible(QemuConsole *con); bool qemu_console_is_graphic(QemuConsole *con); bool qemu_console_is_fixedsize(QemuConsole *con); bool qemu_console_is_gl_blocked(QemuConsole *con); -bool qemu_console_is_multihead(DeviceState *dev); char *qemu_console_get_label(QemuConsole *con); int qemu_console_get_index(QemuConsole *con); uint32_t qemu_console_get_head(QemuConsole *con); diff --git a/ui/console.c b/ui/console.c index 4a4f19e..d17b4ee 100644 --- a/ui/console.c +++ b/ui/console.c @@ -1434,7 +1434,7 @@ bool qemu_console_is_gl_blocked(QemuConsole *con) return con->gl_block; } -bool qemu_console_is_multihead(DeviceState *dev) +static bool qemu_console_is_multihead(DeviceState *dev) { QemuConsole *con; Object *obj; -- cgit v1.1 From 4ce2f97c000629531553328e1871b56312a210cf Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 13 Sep 2023 16:49:57 +0200 Subject: ui/console: only walk QemuGraphicConsoles in qemu_console_is_multihead() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit qemu_console_is_multihead() declares the console "c" a "multihead" console if there are two different consoles in the system that (a) both reference "c->device", and (b) have different "c->head" numbers. In effect, if at least two consoles exist that are different heads of the same device that underlies "c". Commit 58d5870845c6 ("ui/console: move graphic fields to QemuGraphicConsole", 2023-09-04) pushed the "device" and "head" members from the QemuConsole base class down to the QemuGraphicConsole subclass, adjusting the referring QOM properties accordingly as well. As a result, the "device" property lookup in qemu_console_is_multihead() now crashes, in case the candidate console being investigated for criterion (a) is not a QemuGraphicConsole instance: > Unexpected error in object_property_find_err() at qom/object.c:1314: > qemu: Property 'qemu-fixed-text-console.device' not found > Aborted (core dumped) This is effectively an unchecked downcast. Make it checked: only consider such console candidates that are themselves QemuGraphicConsole instances. Cc: "Marc-André Lureau" (odd fixer:Graphics) Cc: Gerd Hoffmann (odd fixer:Graphics) Fixes: 58d5870845c6 Signed-off-by: Laszlo Ersek Reviewed-by: Marc-André Lureau Message-ID: <20230913144959.41891-3-lersek@redhat.com> --- ui/console.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ui/console.c b/ui/console.c index d17b4ee..4fe26c0 100644 --- a/ui/console.c +++ b/ui/console.c @@ -1442,6 +1442,9 @@ static bool qemu_console_is_multihead(DeviceState *dev) uint32_t h; QTAILQ_FOREACH(con, &consoles, next) { + if (!QEMU_IS_GRAPHIC_CONSOLE(con)) { + continue; + } obj = object_property_get_link(OBJECT(con), "device", &error_abort); if (DEVICE(obj) != dev) { -- cgit v1.1 From 2c0c4c1f650d48c814df5a8b48544ea44918bd8f Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 13 Sep 2023 16:49:58 +0200 Subject: ui/console: eliminate QOM properties from qemu_console_is_multihead() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit According to Marc-André's and Gerd's descriptions, the "device" and "head" members of QemuGraphicConsole are exposed as QOM properties for two purposes: (1) Introspection (e.g., "qom-get" monitor command). (2) A VNC server can display a specific device + head. This lets us run a multihead configuration by using multiple VNC servers (one for each head). Further, we can link input devices to device + head, so input events are routed to different devices dependent on where they are coming from. Which is most useful for tablet devices in a VNC multihead setup, each head has its own tablet device then. This does requires manual guest-side configuration, for establishing the same tablet <-> head relationship. However, neither goal seems to justify the complicated QOM property lookup that's internal to qemu_console_is_multihead(). Rework qemu_console_is_multihead() with plain old C language field accesses. Cc: "Marc-André Lureau" (odd fixer:Graphics) Cc: Gerd Hoffmann (odd fixer:Graphics) Signed-off-by: Laszlo Ersek Reviewed-by: Marc-André Lureau Message-ID: <20230913144959.41891-4-lersek@redhat.com> --- ui/console.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ui/console.c b/ui/console.c index 4fe26c0..65463d8 100644 --- a/ui/console.c +++ b/ui/console.c @@ -1434,25 +1434,25 @@ bool qemu_console_is_gl_blocked(QemuConsole *con) return con->gl_block; } -static bool qemu_console_is_multihead(DeviceState *dev) +static bool qemu_graphic_console_is_multihead(QemuGraphicConsole *c) { QemuConsole *con; - Object *obj; uint32_t f = 0xffffffff; uint32_t h; QTAILQ_FOREACH(con, &consoles, next) { + QemuGraphicConsole *candidate; + if (!QEMU_IS_GRAPHIC_CONSOLE(con)) { continue; } - obj = object_property_get_link(OBJECT(con), - "device", &error_abort); - if (DEVICE(obj) != dev) { + + candidate = QEMU_GRAPHIC_CONSOLE(con); + if (candidate->device != c->device) { continue; } - h = object_property_get_uint(OBJECT(con), - "head", &error_abort); + h = candidate->head; if (f == 0xffffffff) { f = h; } else if (h != f) { @@ -1471,7 +1471,7 @@ char *qemu_console_get_label(QemuConsole *con) bool multihead; dev = DEVICE(c->device); - multihead = qemu_console_is_multihead(dev); + multihead = qemu_graphic_console_is_multihead(c); if (multihead) { return g_strdup_printf("%s.%d", dev->id ? dev->id : -- cgit v1.1 From 65d7ceb49b434d578cee61467c009cb16a794b16 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 13 Sep 2023 16:49:59 +0200 Subject: ui/console: sanitize search in qemu_graphic_console_is_multihead() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit qemu_graphic_console_is_multihead() declares the graphical console "c" a "multihead" console if there are two different graphical consoles in the system that (a) both reference "c->device", and (b) have different "c->head" numbers. In effect, if at least two graphical consoles exist that are different heads of the same device that underlies "c". In fact, "c" may be one of these two graphical consoles, or "c" may differ from both of those consoles (in case "c->device" has at least three heads). The loop currently uses this awkward "two different consoles" approach because the function used not to have access to "c", only to "c->device", which didn't allow for fetching (and comparing) "c->head". But, we've changed that in the last patch; we now pass all of "c" to qemu_graphic_console_is_multihead(). Thus, look for the *first* (and possibly *only*) graphical console, if any, that refers to the same "device" as "c", but by a different "head" number. Cc: "Marc-André Lureau" (odd fixer:Graphics) Cc: Gerd Hoffmann (odd fixer:Graphics) Signed-off-by: Laszlo Ersek Reviewed-by: Marc-André Lureau Message-ID: <20230913144959.41891-5-lersek@redhat.com> --- ui/console.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/ui/console.c b/ui/console.c index 65463d8..8ee66d1 100644 --- a/ui/console.c +++ b/ui/console.c @@ -1437,8 +1437,6 @@ bool qemu_console_is_gl_blocked(QemuConsole *con) static bool qemu_graphic_console_is_multihead(QemuGraphicConsole *c) { QemuConsole *con; - uint32_t f = 0xffffffff; - uint32_t h; QTAILQ_FOREACH(con, &consoles, next) { QemuGraphicConsole *candidate; @@ -1452,10 +1450,7 @@ static bool qemu_graphic_console_is_multihead(QemuGraphicConsole *c) continue; } - h = candidate->head; - if (f == 0xffffffff) { - f = h; - } else if (h != f) { + if (candidate->head != c->head) { return true; } } -- cgit v1.1 From 7db57a73f66463488fbd53fe5f9589de49534fe8 Mon Sep 17 00:00:00 2001 From: Ken Xue Date: Thu, 14 Sep 2023 09:31:51 +0800 Subject: ui: add XBGR8888 and ABGR8888 in drm_format_pixman_map MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Android uses XBGR8888 and ABGR8888 as default scanout buffer, But qemu does not support them for qemu_pixman_to_drm_format conversion within virtio_gpu_create_dmabuf for virtio gpu. so, add those 2 formats into drm_format_pixman_map. Signed-off-by: Ken Xue Reviewed-by: Marc-André Lureau Message-ID: <20230914013151.805363-1-Ken.Xue@amd.com> --- include/ui/qemu-pixman.h | 4 ++++ ui/qemu-pixman.c | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/include/ui/qemu-pixman.h b/include/ui/qemu-pixman.h index 51f8709..e587c48 100644 --- a/include/ui/qemu-pixman.h +++ b/include/ui/qemu-pixman.h @@ -32,6 +32,8 @@ # define PIXMAN_LE_r8g8b8 PIXMAN_b8g8r8 # define PIXMAN_LE_a8r8g8b8 PIXMAN_b8g8r8a8 # define PIXMAN_LE_x8r8g8b8 PIXMAN_b8g8r8x8 +# define PIXMAN_LE_a8b8g8r8 PIXMAN_r8g8b8a8 +# define PIXMAN_LE_x8b8g8r8 PIXMAN_r8g8b8x8 #else # define PIXMAN_BE_r8g8b8 PIXMAN_b8g8r8 # define PIXMAN_BE_x8r8g8b8 PIXMAN_b8g8r8x8 @@ -45,6 +47,8 @@ # define PIXMAN_LE_r8g8b8 PIXMAN_r8g8b8 # define PIXMAN_LE_a8r8g8b8 PIXMAN_a8r8g8b8 # define PIXMAN_LE_x8r8g8b8 PIXMAN_x8r8g8b8 +# define PIXMAN_LE_a8b8g8r8 PIXMAN_a8b8g8r8 +# define PIXMAN_LE_x8b8g8r8 PIXMAN_x8b8g8r8 #endif #define QEMU_PIXMAN_COLOR(r, g, b) \ diff --git a/ui/qemu-pixman.c b/ui/qemu-pixman.c index be00a96..b43ec38 100644 --- a/ui/qemu-pixman.c +++ b/ui/qemu-pixman.c @@ -96,7 +96,9 @@ static const struct { } drm_format_pixman_map[] = { { DRM_FORMAT_RGB888, PIXMAN_LE_r8g8b8 }, { DRM_FORMAT_ARGB8888, PIXMAN_LE_a8r8g8b8 }, - { DRM_FORMAT_XRGB8888, PIXMAN_LE_x8r8g8b8 } + { DRM_FORMAT_XRGB8888, PIXMAN_LE_x8r8g8b8 }, + { DRM_FORMAT_XBGR8888, PIXMAN_LE_x8b8g8r8 }, + { DRM_FORMAT_ABGR8888, PIXMAN_LE_a8b8g8r8 }, }; pixman_format_code_t qemu_drm_format_to_pixman(uint32_t drm_format) -- cgit v1.1 From 75b773d84c89220463a14a6883d2b2a8e49e5b68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 25 Sep 2023 15:36:04 +0400 Subject: win32: avoid discarding the exception handler MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In all likelihood, the compiler with lto doesn't see the function being used, from assembly macro __try1. Help it by marking the function has being used. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1904 Fixes: commit d89f30b4df ("win32: wrap socket close() with an exception handler") Signed-off-by: Marc-André Lureau Reviewed-by: Thomas Huth --- include/qemu/compiler.h | 6 ++++++ util/oslib-win32.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h index 7f1bbbf..1109482 100644 --- a/include/qemu/compiler.h +++ b/include/qemu/compiler.h @@ -206,4 +206,10 @@ #define QEMU_ANNOTATE(x) #endif +#if __has_attribute(used) +# define QEMU_USED __attribute__((used)) +#else +# define QEMU_USED +#endif + #endif /* COMPILER_H */ diff --git a/util/oslib-win32.c b/util/oslib-win32.c index 19a0ea7..55b0189 100644 --- a/util/oslib-win32.c +++ b/util/oslib-win32.c @@ -479,7 +479,7 @@ int qemu_bind_wrap(int sockfd, const struct sockaddr *addr, return ret; } -EXCEPTION_DISPOSITION +QEMU_USED EXCEPTION_DISPOSITION win32_close_exception_handler(struct _EXCEPTION_RECORD *exception_record, void *registration, struct _CONTEXT *context, void *dispatcher) -- cgit v1.1 From 9bd4d3df633593878ada3dffcfe05318754b4596 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Fri, 15 Sep 2023 15:28:31 +0400 Subject: ui/gtk: fix UI info precondition MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit dpy_get_ui_info() shouldn't be called if the underlying GPU doesn't support it. Before the assert() was added and the regression introduced, GTK code used to get "zero" UI info, for ex with a simple VGA device. The assert was added to prevent from calling when there are no console too. The other display backend that calls dpy_get_ui_info() correctly checks that pre-condition. Calling dpy_set_ui_info() is "safe" in this case, it will simply return an error that can be generally ignored. Fixes: commit a92e7bb4c ("ui: add precondition for dpy_get_ui_info()") Signed-off-by: Marc-André Lureau --- ui/gtk.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ui/gtk.c b/ui/gtk.c index cd3b895..935de12 100644 --- a/ui/gtk.c +++ b/ui/gtk.c @@ -726,6 +726,10 @@ static void gd_set_ui_refresh_rate(VirtualConsole *vc, int refresh_rate) { QemuUIInfo info; + if (!dpy_ui_info_supported(vc->gfx.dcl.con)) { + return; + } + info = *dpy_get_ui_info(vc->gfx.dcl.con); info.refresh_rate = refresh_rate; dpy_set_ui_info(vc->gfx.dcl.con, &info, true); @@ -735,6 +739,10 @@ static void gd_set_ui_size(VirtualConsole *vc, gint width, gint height) { QemuUIInfo info; + if (!dpy_ui_info_supported(vc->gfx.dcl.con)) { + return; + } + info = *dpy_get_ui_info(vc->gfx.dcl.con); info.width = width; info.height = height; -- cgit v1.1 From f1de309792d6656ef3443ba65272c4a868a43914 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Wed, 20 Sep 2023 11:54:54 +0400 Subject: analyze-migration: ignore RAM_SAVE_FLAG_MULTIFD_FLUSH MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Traceback (most recent call last): File "scripts/analyze-migration.py", line 605, in dump.read(dump_memory = args.memory) File "scripts/analyze-migration.py", line 542, in read section.read() File "scripts/analyze-migration.py", line 214, in read raise Exception("Unknown RAM flags: %x" % flags) Exception: Unknown RAM flags: 200 See commit 77c259a4cb ("multifd: Create property multifd-flush-after-each-section") Signed-off-by: Marc-André Lureau Reviewed-by: Fabiano Rosas --- scripts/analyze-migration.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/analyze-migration.py b/scripts/analyze-migration.py index b82a1b0..0824245 100755 --- a/scripts/analyze-migration.py +++ b/scripts/analyze-migration.py @@ -111,6 +111,8 @@ class RamSection(object): RAM_SAVE_FLAG_CONTINUE = 0x20 RAM_SAVE_FLAG_XBZRLE = 0x40 RAM_SAVE_FLAG_HOOK = 0x80 + RAM_SAVE_FLAG_COMPRESS_PAGE = 0x100 + RAM_SAVE_FLAG_MULTIFD_FLUSH = 0x200 def __init__(self, file, version_id, ramargs, section_key): if version_id != 4: @@ -205,6 +207,8 @@ class RamSection(object): raise Exception("XBZRLE RAM compression is not supported yet") elif flags & self.RAM_SAVE_FLAG_HOOK: raise Exception("RAM hooks don't make sense with files") + if flags & self.RAM_SAVE_FLAG_MULTIFD_FLUSH: + continue # End of RAM section if flags & self.RAM_SAVE_FLAG_EOS: -- cgit v1.1 From 314e0a84cd5d3a8d04c9778eecb5618dee3574cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 2 Oct 2023 14:27:36 +0400 Subject: hw/core: remove needless includes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The include list is large, make it smaller. Signed-off-by: Marc-André Lureau Acked-by: Laszlo Ersek --- hw/core/machine.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/hw/core/machine.c b/hw/core/machine.c index a232ae0..df40f10 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -11,32 +11,22 @@ */ #include "qemu/osdep.h" -#include "qemu/option.h" #include "qemu/accel.h" #include "sysemu/replay.h" -#include "qemu/units.h" #include "hw/boards.h" #include "hw/loader.h" #include "qapi/error.h" -#include "qapi/qapi-visit-common.h" #include "qapi/qapi-visit-machine.h" -#include "qapi/visitor.h" #include "qom/object_interfaces.h" -#include "hw/sysbus.h" #include "sysemu/cpus.h" #include "sysemu/sysemu.h" #include "sysemu/reset.h" #include "sysemu/runstate.h" -#include "sysemu/numa.h" #include "sysemu/xen.h" -#include "qemu/error-report.h" #include "sysemu/qtest.h" -#include "hw/pci/pci.h" #include "hw/mem/nvdimm.h" #include "migration/global_state.h" -#include "migration/vmstate.h" #include "exec/confidential-guest-support.h" -#include "hw/virtio/virtio.h" #include "hw/virtio/virtio-pci.h" #include "hw/virtio/virtio-net.h" -- cgit v1.1 From bf7e5215c40c9c38067798fdced94623f2ee0201 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 2 Oct 2023 14:27:36 +0400 Subject: hw/pc: remove needless includes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The include list is gigantic, make it smaller. Signed-off-by: Marc-André Lureau Acked-by: Laszlo Ersek --- hw/i386/pc.c | 39 --------------------------------------- 1 file changed, 39 deletions(-) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 5d399b6..ec01d74 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -24,79 +24,40 @@ #include "qemu/osdep.h" #include "qemu/units.h" -#include "hw/i386/x86.h" #include "hw/i386/pc.h" #include "hw/char/serial.h" #include "hw/char/parallel.h" -#include "hw/i386/topology.h" #include "hw/i386/fw_cfg.h" #include "hw/i386/vmport.h" #include "sysemu/cpus.h" -#include "hw/block/fdc.h" #include "hw/ide/internal.h" -#include "hw/ide/isa.h" -#include "hw/pci/pci.h" -#include "hw/pci/pci_bus.h" -#include "hw/pci-bridge/pci_expander_bridge.h" -#include "hw/nvram/fw_cfg.h" #include "hw/timer/hpet.h" -#include "hw/firmware/smbios.h" #include "hw/loader.h" -#include "elf.h" -#include "migration/vmstate.h" -#include "multiboot.h" #include "hw/rtc/mc146818rtc.h" #include "hw/intc/i8259.h" -#include "hw/intc/ioapic.h" #include "hw/timer/i8254.h" #include "hw/input/i8042.h" -#include "hw/irq.h" #include "hw/audio/pcspk.h" -#include "hw/pci/msi.h" -#include "hw/sysbus.h" #include "sysemu/sysemu.h" -#include "sysemu/tcg.h" -#include "sysemu/numa.h" -#include "sysemu/kvm.h" #include "sysemu/xen.h" #include "sysemu/reset.h" -#include "sysemu/runstate.h" #include "kvm/kvm_i386.h" #include "hw/xen/xen.h" -#include "hw/xen/start_info.h" -#include "ui/qemu-spice.h" -#include "exec/memory.h" -#include "qemu/bitmap.h" -#include "qemu/config-file.h" #include "qemu/error-report.h" -#include "qemu/option.h" -#include "qemu/cutils.h" -#include "hw/acpi/acpi.h" #include "hw/acpi/cpu_hotplug.h" #include "acpi-build.h" -#include "hw/mem/pc-dimm.h" #include "hw/mem/nvdimm.h" -#include "hw/cxl/cxl.h" #include "hw/cxl/cxl_host.h" -#include "qapi/error.h" -#include "qapi/qapi-visit-common.h" -#include "qapi/qapi-visit-machine.h" -#include "qapi/visitor.h" -#include "hw/core/cpu.h" #include "hw/usb.h" #include "hw/i386/intel_iommu.h" #include "hw/net/ne2000-isa.h" -#include "standard-headers/asm-x86/bootparam.h" #include "hw/virtio/virtio-iommu.h" #include "hw/virtio/virtio-md-pci.h" #include "hw/i386/kvm/xen_overlay.h" #include "hw/i386/kvm/xen_evtchn.h" #include "hw/i386/kvm/xen_gnttab.h" #include "hw/i386/kvm/xen_xenstore.h" -#include "sysemu/replay.h" -#include "target/i386/cpu.h" #include "e820_memory_layout.h" -#include "fw_cfg.h" #include "trace.h" #include CONFIG_DEVICES -- cgit v1.1 From e0288a778473ebd35eac6cc1924faca7d477d241 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 19 Sep 2023 15:19:55 +0200 Subject: hw/display/ramfb: plug slight guest-triggerable leak on mode setting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The fw_cfg DMA write callback in ramfb prepares a new display surface in QEMU; this new surface is put to use ("swapped in") upon the next display update. At that time, the old surface (if any) is released. If the guest triggers the fw_cfg DMA write callback at least twice between two adjacent display updates, then the second callback (and further such callbacks) will leak the previously prepared (but not yet swapped in) display surface. The issue can be shown by: (1) starting QEMU with "-trace displaysurface_free", and (2) running the following program in the guest UEFI shell: > #include // ShellAppMain() > #include // gBS > #include // EFI_GRAPHICS_OUTPUT_PROTOCOL > > INTN > EFIAPI > ShellAppMain ( > IN UINTN Argc, > IN CHAR16 **Argv > ) > { > EFI_STATUS Status; > VOID *Interface; > EFI_GRAPHICS_OUTPUT_PROTOCOL *Gop; > UINT32 Mode; > > Status = gBS->LocateProtocol ( > &gEfiGraphicsOutputProtocolGuid, > NULL, > &Interface > ); > if (EFI_ERROR (Status)) { > return 1; > } > > Gop = Interface; > > Mode = 1; > for ( ; ;) { > Status = Gop->SetMode (Gop, Mode); > if (EFI_ERROR (Status)) { > break; > } > > Mode = 1 - Mode; > } > > return 1; > } The symptom is then that: - only one trace message appears periodically, - the time between adjacent messages keeps increasing -- implying that some list structure (containing the leaked resources) keeps growing, - the "surface" pointer is ever different. > 18566@1695127471.449586:displaysurface_free surface=0x7f2fcc09a7c0 > 18566@1695127471.529559:displaysurface_free surface=0x7f2fcc9dac10 > 18566@1695127471.659812:displaysurface_free surface=0x7f2fcc441dd0 > 18566@1695127471.839669:displaysurface_free surface=0x7f2fcc0363d0 > 18566@1695127472.069674:displaysurface_free surface=0x7f2fcc413a80 > 18566@1695127472.349580:displaysurface_free surface=0x7f2fcc09cd00 > 18566@1695127472.679783:displaysurface_free surface=0x7f2fcc1395f0 > 18566@1695127473.059848:displaysurface_free surface=0x7f2fcc1cae50 > 18566@1695127473.489724:displaysurface_free surface=0x7f2fcc42fc50 > 18566@1695127473.969791:displaysurface_free surface=0x7f2fcc45dcc0 > 18566@1695127474.499708:displaysurface_free surface=0x7f2fcc70b9d0 > 18566@1695127475.079769:displaysurface_free surface=0x7f2fcc82acc0 > 18566@1695127475.709941:displaysurface_free surface=0x7f2fcc369c00 > 18566@1695127476.389619:displaysurface_free surface=0x7f2fcc32b910 > 18566@1695127477.119772:displaysurface_free surface=0x7f2fcc0d5a20 > 18566@1695127477.899517:displaysurface_free surface=0x7f2fcc086c40 > 18566@1695127478.729962:displaysurface_free surface=0x7f2fccc72020 > 18566@1695127479.609839:displaysurface_free surface=0x7f2fcc185160 > 18566@1695127480.539688:displaysurface_free surface=0x7f2fcc23a7e0 > 18566@1695127481.519759:displaysurface_free surface=0x7f2fcc3ec870 > 18566@1695127482.549930:displaysurface_free surface=0x7f2fcc634960 > 18566@1695127483.629661:displaysurface_free surface=0x7f2fcc26b140 > 18566@1695127484.759987:displaysurface_free surface=0x7f2fcc321700 > 18566@1695127485.940289:displaysurface_free surface=0x7f2fccaad100 We figured this wasn't a CVE-worthy problem, as only small amounts of memory were leaked (the framebuffer itself is mapped from guest RAM, QEMU only allocates administrative structures), plus libvirt restricts QEMU memory footprint anyway, thus the guest can only DoS itself. Plug the leak, by releasing the last prepared (not yet swapped in) display surface, if any, in the fw_cfg DMA write callback. Regarding the "reproducer", with the fix in place, the log is flooded with trace messages (one per fw_cfg write), *and* the trace message alternates between just two "surface" pointer values (i.e., nothing is leaked, the allocator flip-flops between two objects in effect). This issue appears to date back to the introducion of ramfb (995b30179bdc, "hw/display: add ramfb, a simple boot framebuffer living in guest ram", 2018-06-18). Cc: Gerd Hoffmann (maintainer:ramfb) Cc: qemu-stable@nongnu.org Fixes: 995b30179bdc Signed-off-by: Laszlo Ersek Acked-by: Laszlo Ersek Reviewed-by: Gerd Hoffmann Reviewed-by: Marc-André Lureau Message-ID: <20230919131955.27223-1-lersek@redhat.com> --- hw/display/ramfb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/display/ramfb.c b/hw/display/ramfb.c index 79b9754..c2b002d 100644 --- a/hw/display/ramfb.c +++ b/hw/display/ramfb.c @@ -97,6 +97,7 @@ static void ramfb_fw_cfg_write(void *dev, off_t offset, size_t len) s->width = width; s->height = height; + qemu_free_displaysurface(s->ds); s->ds = surface; } -- cgit v1.1 From 4f7689f0817a717d18cc8aca298990760f27a89b Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Wed, 16 Aug 2023 23:07:43 +0200 Subject: chardev/char-pty: Avoid losing bytes when the other side just (re-)connected MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When starting a guest via libvirt with "virsh start --console ...", the first second of the console output is missing. This is especially annoying on s390x that only has a text console by default and no graphical output - if the bios fails to boot here, the information about what went wrong is completely lost. One part of the problem (there is also some things to be done on the libvirt side) is that QEMU only checks with a 1 second timer whether the other side of the pty is already connected, so the first second of the console output is always lost. This likely used to work better in the past, since the code once checked for a re-connection during write, but this has been removed in commit f8278c7d74 ("char-pty: remove the check for connection on write") to avoid some locking. To ease the situation here at least a little bit, let's check with g_poll() whether we could send out the data anyway, even if the connection has not been marked as "connected" yet. The file descriptor is marked as non-blocking anyway since commit fac6688a18 ("Do not hang on full PTY"), so this should not cause any trouble if the other side is not ready for receiving yet. With this patch applied, I can now successfully see the bios output of a s390x guest when running it with "virsh start --console" (with a patched version of virsh that fixes the remaining issues there, too). Reported-by: Marc Hartmayer Signed-off-by: Thomas Huth Reviewed-by: Daniel P. Berrangé Message-Id: <20230816210743.1319018-1-thuth@redhat.com> --- chardev/char-pty.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/chardev/char-pty.c b/chardev/char-pty.c index 4e5deac..cc2f761 100644 --- a/chardev/char-pty.c +++ b/chardev/char-pty.c @@ -106,11 +106,27 @@ static void pty_chr_update_read_handler(Chardev *chr) static int char_pty_chr_write(Chardev *chr, const uint8_t *buf, int len) { PtyChardev *s = PTY_CHARDEV(chr); + GPollFD pfd; + int rc; - if (!s->connected) { - return len; + if (s->connected) { + return io_channel_send(s->ioc, buf, len); } - return io_channel_send(s->ioc, buf, len); + + /* + * The other side might already be re-connected, but the timer might + * not have fired yet. So let's check here whether we can write again: + */ + pfd.fd = QIO_CHANNEL_FILE(s->ioc)->fd; + pfd.events = G_IO_OUT; + pfd.revents = 0; + rc = RETRY_ON_EINTR(g_poll(&pfd, 1, 0)); + g_assert(rc >= 0); + if (!(pfd.revents & G_IO_HUP) && (pfd.revents & G_IO_OUT)) { + io_channel_send(s->ioc, buf, len); + } + + return len; } static GSource *pty_chr_add_watch(Chardev *chr, GIOCondition cond) -- cgit v1.1