From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1OBOIF-00018v-KH
	for qemu-devel@nongnu.org; Mon, 10 May 2010 04:24:51 -0400
Received: from [140.186.70.92] (port=55027 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1OBODp-0007mv-K3
	for qemu-devel@nongnu.org; Mon, 10 May 2010 04:24:51 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <avi@redhat.com>) id 1OBO9N-0003Nl-Ow
	for qemu-devel@nongnu.org; Mon, 10 May 2010 04:19:14 -0400
Received: from mx1.redhat.com ([209.132.183.28]:36424)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <avi@redhat.com>) id 1OBO9N-0003NS-48
	for qemu-devel@nongnu.org; Mon, 10 May 2010 04:15:41 -0400
Message-ID: <4BE7C0A5.3090909@redhat.com>
Date: Mon, 10 May 2010 11:15:33 +0300
From: Avi Kivity <avi@redhat.com>
MIME-Version: 1.0
References: <4BE32178.2090103@msgid.tls.msk.ru> <4BE7B8C1.9060807@redhat.com>
In-Reply-To: <4BE7B8C1.9060807@redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] Re: Another SIGFPE in display code, now in cirrus
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Michael Tokarev <mjt@tls.msk.ru>
Cc: Brian Kress <kressb@moose.net>, qemu-devel <qemu-devel@nongnu.org>, KVM list <kvm@vger.kernel.org>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>

On 05/10/2010 10:41 AM, Avi Kivity wrote:
> On 05/06/2010 11:07 PM, Michael Tokarev wrote:
>> There was a bug recently fixed in vnc code.  Apparently
>> there's something similar in the cirrus emulation as well.
>> Here it triggers _always_ (including old versions of kvm)
>> when running windows NT and hitting "test" button in its
>> display resolution dialog.  Here's what gdb is to say:
>>
>> Program received signal SIGFPE, Arithmetic exception.
>> [Switching to Thread 0xf76cab70 (LWP 580)]
>> 0x080c5e45 in cirrus_do_copy (s=0x86134dc, dst=960000, src=0, w=2, h=9)
>>     at hw/cirrus_vga.c:687
>> 687        sx = (src % ABS(s->cirrus_blt_srcpitch)) / depth;
>> (gdb) p depth
>> $1 = 2
>> (gdb) p s->cirrus_blt_srcpitch
>> $2 = 0
>>
>>
>> This qemu-kvm-0.12.3 - actually a debian package of it,
>> but there's no patches relevant to video applied.
>>
>> Anything can be done with it?
>
> Well, it's trivial to check for the condition, but how to handle it?
>

That code is wrong.  It shouldn't be using the bitblt source pitch, but 
the actual display pitch.  If the two are different, then the blt 
doesn't actually affect a rectangular region, but instead a parallelogram.

Further:

>
>     if (notify)
>         qemu_console_copy(s->vga.ds,
>               sx, sy, dx, dy,
>               s->cirrus_blt_width / depth,
>               s->cirrus_blt_height);
>
>     /* we don't have to notify the display that this portion has
>        changed since qemu_console_copy implies this */
>
>     cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
>                 s->cirrus_blt_dstpitch, s->cirrus_blt_width,
>                 s->cirrus_blt_height);


Shouldn't we avoid the invalidate if notify != 0, as the comment says?

31c05501c says this breaks bitblt, but I can't see why this is true.  
The copy should update the display.  This is probably due to a 
miscalculation of the affected region, and now we have two invalidates 
instead of one, reducing performance.

-- 
error compiling committee.c: too many arguments to function