Experimental fork of QEMU with video encoding patches https://git.openslx.org/bwlp/qemu.git/atom/hw/display?h=spice_video_codecs 2022-12-03T21:07:07+00:00 2022-12-03T21:07:07+00:00 Evgeny Ermakov 2022-11-25T16:08:49+00:00 urn:sha1:c1966f515d9bb6d8ed7076f4bebdc45407700100 Signed-off-by: Evgeny Ermakov <evgeny.v.ermakov@gmail.com> Message-Id: <20221125160849.23711-1-evgeny.v.ermakov@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com> 2022-11-29T23:15:26+00:00 Philippe Mathieu-Daudé 2022-11-28T20:27:41+00:00 urn:sha1:86fdb0582c653a9824183679403a85f588260d62 Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221128202741.4945-6-philmd@linaro.org> 2022-11-29T23:15:26+00:00 Philippe Mathieu-Daudé 2022-11-28T20:27:40+00:00 urn:sha1:6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622 Have qxl_get_check_slot_offset() return false if the requested buffer size does not fit within the slot memory region. Similarly qxl_phys2virt() now returns NULL in such case, and qxl_dirty_one_surface() aborts. This avoids buffer overrun in the host pointer returned by memory_region_get_ram_ptr(). Fixes: CVE-2022-4144 (out-of-bounds read) Reported-by: Wenxu Yin (@awxylitol) Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1336 Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221128202741.4945-5-philmd@linaro.org> 2022-11-29T23:15:26+00:00 Philippe Mathieu-Daudé 2022-11-28T20:27:39+00:00 urn:sha1:8efec0ef8bbc1e75a7ebf6e325a35806ece9b39f Currently qxl_phys2virt() doesn't check for buffer overrun. In order to do so in the next commit, pass the buffer size as argument. For QXLCursor in qxl_render_cursor() -> qxl_cursor() we verify the size of the chunked data ahead, checking we can access 'sizeof(QXLCursor) + chunk->data_size' bytes. Since in the SPICE_CURSOR_TYPE_MONO case the cursor is assumed to fit in one chunk, no change are required. In SPICE_CURSOR_TYPE_ALPHA the ahead read is handled in qxl_unpack_chunks(). Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221128202741.4945-4-philmd@linaro.org> 2022-11-29T23:15:26+00:00 Philippe Mathieu-Daudé 2022-11-28T20:27:38+00:00 urn:sha1:b1901de83a9456cde26fc755f71ca2b7b3ef50fc Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221128202741.4945-3-philmd@linaro.org> 2022-11-29T23:15:26+00:00 Philippe Mathieu-Daudé 2022-11-28T20:27:37+00:00 urn:sha1:61c34fc194b776ecadc39fb26b061331107e5599 Only 3 command types are logged: no need to call qxl_phys2virt() for the other types. Using different cases will help to pass different structure sizes to qxl_phys2virt() in a pair of commits. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221128202741.4945-2-philmd@linaro.org> 2022-11-10T15:17:18+00:00 Michael S. Tsirkin 2022-11-09T22:21:23+00:00 urn:sha1:28cf39609603e4b5b2de8b74d4caa4d840425eff acpi-vga-stub.c pulls in vga_int.h However that currently pulls in ui/console.h which breaks e.g. on systems without pixman. It's better to remove ui/console.h from vga_int.h and directly include it where it's used. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20221109222112.74519-1-mst@redhat.com> Tested-by: Laurent Vivier <lvivier@redhat.com> Reported-by: Miroslav Rezanina <mrezanin@redhat.com> Reported-by: Frederic Bezies <fredbezies@gmail.com> Reported-by: Laurent Vivier <lvivier@redhat.com> Fixes: cfead31326 ("AcpiDevAmlIf interface to build VGA device descs") Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> 2022-11-08T16:34:06+00:00 Stefan Hajnoczi 2022-11-08T16:34:06+00:00 urn:sha1:ade760a2f63804b7ab1839fbc3e5ddbf30538718 * Last minute s390x fixes before the hard freeze * Whiste space clean-up in ui/, display/ and hw/usb/ # -----BEGIN PGP SIGNATURE----- # # iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmNqPZ0RHHRodXRoQHJl # ZGhhdC5jb20ACgkQLtnXdP5wLbVbwxAArAxJewpow+QBj7dMd6qLrpC7mjxgiiQD # F8XNYh6bPpPo3+4exmMKMS+DGSLC5TJnp61F4IHyH+yOx8DVWmrjo97q+nWYYD4y # jOdC5a2kzkMzVjrxy26uvPhoUGkiM5w8H5bF9hcWukuEwqpoJPU7u5RXd1yn48Ju # O1RrASw+rHZSnCGFFXldG2HoS+bUOaZRHQs5kV9EwpqEn42eQtq38CQ7YEMloOkD # FpPl75KEQ9/doqSbGLdFP1HzaG/emtFnioIXlGM3Y7RzDxCgvKTdAvPCOBO7LxHA # oOY/nFcRYIEUslvyZLUXahKE2qBv2nenmWAQ9lwGd/iU78nWzR19BZdpItSP3Sjj # HFLOKztqI8qLbx966uOU8O5FaYqfGPV6QZVOSzAl7u8GZbqpN5lp+uArEoGtawMo # 9fRDAgSoser9AAIWr1TOoFGRff3VT4hlZeale3VOmfxAOBc2r70pzvk3ou5mo8NU # VXb6Uz5nNIm8RV9fr6/jgllfQDMiCHSwaAnC1hABqAwatcU/SJ4dKfXbdwjsPN8V # jgC5GqAHaC9mwQu0rfZSzuGZkosh0MZVik/xcWO3hspT/CyIafpi42POyQEjOMYf # 5SgJ8ydV32xEGQw66cl9yLAuhN4F8eTavLwQBV7pmCeySm8HCFGuZrmQkeOTBTD2 # HEbJJjz9zgI= # =P8Mt # -----END PGP SIGNATURE----- # gpg: Signature made Tue 08 Nov 2022 06:29:33 EST # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * tag 'pull-request-2022-11-08' of https://gitlab.com/thuth/qemu: hw/usb: fix tab indentation hw/display: fix tab indentation ui: fix tab indentation s390x/s390-virtio-ccw: Switch off zPCI enhancements on older machines Revert "s390x/s390-virtio-ccw: add zpcii-disable machine property" Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> 2022-11-08T09:23:32+00:00 Amarjargal Gundjalam 2022-10-25T14:28:10+00:00 urn:sha1:a076a3dcbf6cd5b038ce5ac8f419bb8d65f6432a The TABs should be replaced with spaces, to make sure that we have a consistent coding style with an indentation of 4 spaces everywhere. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/370 Signed-off-by: Amarjargal Gundjalam <amarjargal16@gmail.com> Message-Id: <5cefd05b4d3721d416e48e6df19df18cb6338933.1666707782.git.amarjargal16@gmail.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com> 2022-11-07T19:00:29+00:00 Igor Mammedov 2022-10-17T10:21:36+00:00 urn:sha1:cfead31326409dad187024de1bf7b40d7a86737e NB: We do not expect any functional change in any ACPI tables with this change. It's only a refactoring. NB2: Some targets (or1k) do not support acpi and CONFIG_ACPI is off for them. However, modules are reused between all architectures so CONFIG_ACPI is on. For those architectures, dummy stub function definitions help to resolve symbols. This change uses more of these and so it adds a couple of dummy stub definitions so that symbols for those can be resolved. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20221017102146.2254096-2-imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Ani Sinha <ani@anisinha.ca> CC: Bernhard Beschow <shentey@gmail.com> Signed-off-by: Ani Sinha <ani@anisinha.ca> Message-Id: <20221107152744.868434-1-ani@anisinha.ca>