[Qemu-commits] [qemu/qemu] fc4d3f: virtio-gpu: no point of checking res-

qemu-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] fc4d3f: virtio-gpu: no point of checking res-

From:	Peter Maydell
Subject:	[Qemu-commits] [qemu/qemu] fc4d3f: virtio-gpu: no point of checking res->iov
Date:	Wed, 01 Sep 2021 04:38:07 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: fc4d3f35f81a5d392d979607818cf1cb56bfbaf7
      
https://github.com/qemu/qemu/commit/fc4d3f35f81a5d392d979607818cf1cb56bfbaf7
  Author: Dongwon Kim <dongwon.kim@intel.com>
  Date:   2021-08-31 (Tue, 31 Aug 2021)

  Changed paths:
    M hw/display/virtio-gpu.c

  Log Message:
  -----------
  virtio-gpu: no point of checking res->iov

The code should check the opposite condition of res->iov because it will be null
if virtio_gpu_create_mapping_iov fails and actually this checking is not even
required because checking on ret covers all failing cases.

Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Message-Id: <20210830175033.29233-1-dongwon.kim@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: cdb1fba0844bb1db71f67d35700a80838d185bbd
      
https://github.com/qemu/qemu/commit/cdb1fba0844bb1db71f67d35700a80838d185bbd
  Author: Philippe Mathieu-Daudé <philmd@redhat.com>
  Date:   2021-08-31 (Tue, 31 Aug 2021)

  Changed paths:
    M hw/display/meson.build
    A hw/display/virtio-gpu-udmabuf-stubs.c
    M stubs/meson.build
    R stubs/virtio-gpu-udmabuf.c

  Log Message:
  -----------
  hw/display: Restrict virtio-gpu-udmabuf stubs to !Linux

When using qemu configured with --enabled-modules, the
generic stubs are used instead of the module symbols:

  qemu-system-x86_64: -device virtio-vga,blob=on: cannot enable blob resources 
without udmabuf

Restrict the stubs to Linux and only link them when
CONFIG_VIRTIO_GPU is disabled (only the modularized
version is available when it is enabled).

Reported-by: Maxim R. <mrom06@ya.ru>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/553
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210823100454.615816-2-philmd@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: b956577af1b88e950bf2aa5f77be6c8aee04e879
      
https://github.com/qemu/qemu/commit/b956577af1b88e950bf2aa5f77be6c8aee04e879
  Author: Philippe Mathieu-Daudé <philmd@redhat.com>
  Date:   2021-08-31 (Tue, 31 Aug 2021)

  Changed paths:
    M include/ui/console.h
    M ui/meson.build
    M ui/udmabuf.c

  Log Message:
  -----------
  ui/console: Restrict udmabuf_fd() to Linux

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210823100454.615816-3-philmd@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 7852a77f598635a67a222b6c1463c8b46098aed2
      
https://github.com/qemu/qemu/commit/7852a77f598635a67a222b6c1463c8b46098aed2
  Author: Jose R. Ziviani <jziviani@suse.de>
  Date:   2021-08-31 (Tue, 31 Aug 2021)

  Changed paths:
    M hw/display/vga-isa.c

  Log Message:
  -----------
  vga: don't abort when adding a duplicate isa-vga device

If users try to add an isa-vga device that was already registered,
still in command line, qemu will crash:

$ qemu-system-mips64el -M pica61 -device isa-vga
RAMBlock "vga.vram" already registered, abort!
Aborted (core dumped)

That particular board registers the device automaticaly, so it's
not obvious that a VGA device already exists. This patch changes
this behavior by displaying a message and exiting without crashing.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/44
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210817192629.12755-1-jziviani@suse.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 2b3a98255c90d8d2f9f87a73eb33371961508517
      
https://github.com/qemu/qemu/commit/2b3a98255c90d8d2f9f87a73eb33371961508517
  Author: Qiang Liu <cyruscyliu@gmail.com>
  Date:   2021-08-31 (Tue, 31 Aug 2021)

  Changed paths:
    M hw/display/xlnx_dp.c
    A tests/qtest/fuzz-xlnx-dp-test.c
    M tests/qtest/meson.build

  Log Message:
  -----------
  hw/display/xlnx_dp: fix an out-of-bounds read in xlnx_dp_read

xlnx_dp_read allows an out-of-bounds read at its default branch because
of an improper index.

According to
https://www.xilinx.com/html_docs/registers/ug1087/ug1087-zynq-ultrascale-registers.html
(DP Module), registers 0x3A4/0x3A4/0x3AC are allowed.

DP_INT_MASK     0x000003A4      32      mixed   0xFFFFF03F      Interrupt Mask 
Register for intrN.
DP_INT_EN       0x000003A8      32      mixed   0x00000000      Interrupt 
Enable Register.
DP_INT_DS       0x000003AC      32      mixed   0x00000000      Interrupt 
Disable Register.

In xlnx_dp_write, when the offset is 0x3A8 and 0x3AC, the virtual device
will write s->core_registers[0x3A4
>> 2]. That is to say, the maxize of s->core_registers could be ((0x3A4
>> 2) + 1). However, the current size of s->core_registers is (0x3AF >>
>> 2), that is ((0x3A4 >> 2) + 2), which is out of the range.
In xlxn_dp_read, the access to offset 0x3A8 or 0x3AC will be directed to
the offset 0x3A8 (incorrect functionality) or 0x3AC (out-of-bounds read)
rather than 0x3A4.

This patch enforces the read access to offset 0x3A8 and 0x3AC to 0x3A4,
but does not adjust the size of s->core_registers to avoid breaking
migration.

Fixes: 58ac482a66de ("introduce xlnx-dp")
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <1628059910-12060-1-git-send-email-cyruscyliu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 01f750f5fef1afd8f6abc0548910f87d473e26d5
      
https://github.com/qemu/qemu/commit/01f750f5fef1afd8f6abc0548910f87d473e26d5
  Author: Helge Deller <deller@gmx.de>
  Date:   2021-08-31 (Tue, 31 Aug 2021)

  Changed paths:
    M hw/display/artist.c

  Log Message:
  -----------
  hw/display/artist: Fix bug in coordinate extraction in artist_vram_read() and 
artist_vram_write()

The CDE desktop on HP-UX 10 shows wrongly rendered pixels when the local screen
menu is closed. This bug was introduced by commit c7050f3f167b
("hw/display/artist: Refactor x/y coordination extraction") which converted the
coordinate extraction in artist_vram_read() and artist_vram_write() to use the
ADDR_TO_X and ADDR_TO_Y macros, but forgot to right-shift the address by 2 as
it was done before.

Signed-off-by: Helge Deller <deller@gmx.de>
Fixes: c7050f3f167b ("hw/display/artist: Refactor x/y coordination extraction")
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Sven Schnelle <svens@stackframe.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <YK1aPb8keur9W7h2@ls3530>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>


  Commit: 783aa010ade5e2f8dd33a654882f2a14ab96c0a1
      
https://github.com/qemu/qemu/commit/783aa010ade5e2f8dd33a654882f2a14ab96c0a1
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2021-09-01 (Wed, 01 Sep 2021)

  Changed paths:
    M hw/display/artist.c
    M hw/display/meson.build
    M hw/display/vga-isa.c
    A hw/display/virtio-gpu-udmabuf-stubs.c
    M hw/display/virtio-gpu.c
    M hw/display/xlnx_dp.c
    M include/ui/console.h
    M stubs/meson.build
    R stubs/virtio-gpu-udmabuf.c
    A tests/qtest/fuzz-xlnx-dp-test.c
    M tests/qtest/meson.build
    M ui/meson.build
    M ui/udmabuf.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/kraxel/tags/vga-20210901-pull-request' 
into staging

vga: misc fixes and cleanups.

# gpg: Signature made Wed 01 Sep 2021 05:18:46 BST
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20210901-pull-request:
  hw/display/artist: Fix bug in coordinate extraction in artist_vram_read() and 
artist_vram_write()
  hw/display/xlnx_dp: fix an out-of-bounds read in xlnx_dp_read
  vga: don't abort when adding a duplicate isa-vga device
  ui/console: Restrict udmabuf_fd() to Linux
  hw/display: Restrict virtio-gpu-udmabuf stubs to !Linux
  virtio-gpu: no point of checking res->iov

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/ec397e90d212...783aa010ade5

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-commits] [qemu/qemu] fc4d3f: virtio-gpu: no point of checking res->iov, Peter Maydell, 2021/09/01
- [Qemu-commits] [qemu/qemu] fc4d3f: virtio-gpu: no point of checking res->iov, Peter Maydell <=

Prev by Date: [Qemu-commits] [qemu/qemu] fc4d3f: virtio-gpu: no point of checking res->iov
Next by Date: [Qemu-commits] [qemu/qemu] a8f4ae: MAINTAINERS: Split Audio backends VS frontends
Previous by thread: [Qemu-commits] [qemu/qemu] fc4d3f: virtio-gpu: no point of checking res->iov
Next by thread: [Qemu-commits] [qemu/qemu] a8f4ae: MAINTAINERS: Split Audio backends VS frontends
Index(es):
- Date
- Thread