[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] fa06e5: virtio-gpu: fix scanout rectangles
From: |
GitHub |
Subject: |
[Qemu-commits] [qemu/qemu] fa06e5: virtio-gpu: fix scanout rectangles |
Date: |
Mon, 06 Jun 2016 06:30:05 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: fa06e5cb7b10230e241477b13cb0beefa0d0c91e
https://github.com/qemu/qemu/commit/fa06e5cb7b10230e241477b13cb0beefa0d0c91e
Author: Gerd Hoffmann <address@hidden>
Date: 2016-06-03 (Fri, 03 Jun 2016)
Changed paths:
M hw/display/virtio-gpu.c
Log Message:
-----------
virtio-gpu: fix scanout rectangles
Commit "ca58b45 ui/virtio-gpu: add and use qemu_create_displaysurface_pixman"
breaks scanouts which use a region of the underlying resource only.
So, we need another way to handle the underlying issue. Lets create a
new pixman image, grab a reference on the pixman providing the
underlying storage, hook up a destroy callback which releases the
reference. That way regions work again and releasing the backing
storage should still be impossible thanks to the extra reference we are
holding.
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Message-id: address@hidden
Commit: 521360267876d3b6518b328051a2e56bca55bef8
https://github.com/qemu/qemu/commit/521360267876d3b6518b328051a2e56bca55bef8
Author: Gerd Hoffmann <address@hidden>
Date: 2016-06-06 (Mon, 06 Jun 2016)
Changed paths:
M hw/display/vmware_vga.c
Log Message:
-----------
vmsvga: move fifo sanity checks to vmsvga_fifo_length
Sanity checks are applied when the fifo is enabled by the guest
(SVGA_REG_CONFIG_DONE write). Which doesn't help much if the guest
changes the fifo registers afterwards. Move the checks to
vmsvga_fifo_length so they are done each time qemu is about to read
from the fifo.
Fixes: CVE-2016-4454
Cc: address@hidden
Cc: P J P <address@hidden>
Reported-by: 李强 <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Commit: c2e3c54d3960bc53bfa3a5ce7ea7a050b9be267e
https://github.com/qemu/qemu/commit/c2e3c54d3960bc53bfa3a5ce7ea7a050b9be267e
Author: Gerd Hoffmann <address@hidden>
Date: 2016-06-06 (Mon, 06 Jun 2016)
Changed paths:
M hw/display/vmware_vga.c
Log Message:
-----------
vmsvga: add more fifo checks
Make sure all fifo ptrs are within range.
Fixes: CVE-2016-4454
Cc: address@hidden
Cc: P J P <address@hidden>
Reported-by: 李强 <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Commit: 7e486f7577764a07aa35588e119903c80a5c30a2
https://github.com/qemu/qemu/commit/7e486f7577764a07aa35588e119903c80a5c30a2
Author: Gerd Hoffmann <address@hidden>
Date: 2016-06-06 (Mon, 06 Jun 2016)
Changed paths:
M hw/display/vmware_vga.c
Log Message:
-----------
vmsvga: shadow fifo registers
The fifo is normal ram. So kvm vcpu threads and qemu iothread can
access the fifo in parallel without syncronization. Which in turn
implies we can't use the fifo pointers in-place because the guest
can try changing them underneath us. So add shadows for them, to
make sure the guest can't modify them after we've applied sanity
checks.
Fixes: CVE-2016-4454
Cc: address@hidden
Cc: P J P <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Commit: 4e68a0ee17dad7b8d870df0081d4ab2e079016c2
https://github.com/qemu/qemu/commit/4e68a0ee17dad7b8d870df0081d4ab2e079016c2
Author: Gerd Hoffmann <address@hidden>
Date: 2016-06-06 (Mon, 06 Jun 2016)
Changed paths:
M hw/display/vmware_vga.c
Log Message:
-----------
vmsvga: don't process more than 1024 fifo commands at once
vmsvga_fifo_run is called in regular intervals (on each display update)
and will resume where it left off. So we can simply exit the loop,
without having to worry about how processing will continue.
Fixes: CVE-2016-4453
Cc: address@hidden
Cc: P J P <address@hidden>
Reported-by: 李强 <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Commit: 0c244e50ee12311037efd507ee37df0e846e4a18
https://github.com/qemu/qemu/commit/0c244e50ee12311037efd507ee37df0e846e4a18
Author: Gerd Hoffmann <address@hidden>
Date: 2016-06-06 (Mon, 06 Jun 2016)
Changed paths:
M hw/display/virtio-gpu-3d.c
M hw/display/virtio-gpu.c
M hw/display/virtio-vga.c
M include/hw/virtio/virtio-gpu.h
Log Message:
-----------
virtio-gpu: add live migration support
Store some additional state for cursor and resource backing storage,
so we can write out and reload things. Implement vmsave+vmload for
2d mode. Continue blocking live migration in 3d/virgl mode.
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Commit: e854d0cf7847e70f5ed5dad5820fc1bbeda6f29e
https://github.com/qemu/qemu/commit/e854d0cf7847e70f5ed5dad5820fc1bbeda6f29e
Author: Peter Maydell <address@hidden>
Date: 2016-06-06 (Mon, 06 Jun 2016)
Changed paths:
M hw/display/virtio-gpu-3d.c
M hw/display/virtio-gpu.c
M hw/display/virtio-vga.c
M hw/display/vmware_vga.c
M include/hw/virtio/virtio-gpu.h
Log Message:
-----------
Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20160606-1' into
staging
virtio-gpu: scanout fix, live migration support
vmsvga: security fixes
# gpg: Signature made Mon 06 Jun 2016 08:05:00 BST
# gpg: using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg: aka "Gerd Hoffmann <address@hidden>"
# gpg: aka "Gerd Hoffmann (private) <address@hidden>"
* remotes/kraxel/tags/pull-vga-20160606-1:
virtio-gpu: add live migration support
vmsvga: don't process more than 1024 fifo commands at once
vmsvga: shadow fifo registers
vmsvga: add more fifo checks
vmsvga: move fifo sanity checks to vmsvga_fifo_length
virtio-gpu: fix scanout rectangles
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/890e48d7fc7d...e854d0cf7847
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] fa06e5: virtio-gpu: fix scanout rectangles,
GitHub <=