* [PULL 0/2] Vga 20200302 patches
@ 2020-03-02 9:18 Gerd Hoffmann
2020-03-02 9:18 ` [PULL 1/2] Arithmetic error in EDID generation fixed Gerd Hoffmann
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Gerd Hoffmann @ 2020-03-02 9:18 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
The following changes since commit e0175b71638cf4398903c0d25f93fe62e0606389:
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200228' into staging (2020-02-28 16:39:27 +0000)
are available in the Git repository at:
git://git.kraxel.org/qemu tags/vga-20200302-pull-request
for you to fetch changes up to 44b5c1ebfa5db337714180e9d4a8d525da5595d6:
qxl: map rom r/o (2020-03-02 08:24:36 +0100)
----------------------------------------------------------------
vga: bugfixes for qxl and edid generator.
----------------------------------------------------------------
Anton V. Boyarshinov (1):
Arithmetic error in EDID generation fixed
Gerd Hoffmann (1):
qxl: map rom r/o
hw/display/edid-generate.c | 4 ++--
hw/display/qxl.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
--
2.18.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PULL 1/2] Arithmetic error in EDID generation fixed
2020-03-02 9:18 [PULL 0/2] Vga 20200302 patches Gerd Hoffmann
@ 2020-03-02 9:18 ` Gerd Hoffmann
2020-03-05 14:31 ` Stefan Weil
2020-03-02 9:18 ` [PULL 2/2] qxl: map rom r/o Gerd Hoffmann
2020-03-02 14:55 ` [PULL 0/2] Vga 20200302 patches Peter Maydell
2 siblings, 1 reply; 5+ messages in thread
From: Gerd Hoffmann @ 2020-03-02 9:18 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann, Anton V. Boyarshinov
From: "Anton V. Boyarshinov" <boyarsh@altlinux.org>
To calculate screen size in centimeters we should calculate:
pixels/dpi*2.54
but not
pixels*dpi/2540
Using wrong formula we actually get 65 DPI and very small fonts.
Signed-off-by: Anton V. Boyarshinov <boyarsh@altlinux.org>
Message-id: 20200226122054.366b9cda@table.localdomain
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/edid-generate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/display/edid-generate.c b/hw/display/edid-generate.c
index 75c945a94813..e58472fde501 100644
--- a/hw/display/edid-generate.c
+++ b/hw/display/edid-generate.c
@@ -360,8 +360,8 @@ void qemu_edid_generate(uint8_t *edid, size_t size,
edid[20] = 0xa5;
/* screen size: undefined */
- edid[21] = info->prefx * info->dpi / 2540;
- edid[22] = info->prefy * info->dpi / 2540;
+ edid[21] = info->prefx * 254 / 100 / info->dpi;
+ edid[22] = info->prefy * 254 / 100 / info->dpi;
/* display gamma: 2.2 */
edid[23] = 220 - 100;
--
2.18.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PULL 2/2] qxl: map rom r/o
2020-03-02 9:18 [PULL 0/2] Vga 20200302 patches Gerd Hoffmann
2020-03-02 9:18 ` [PULL 1/2] Arithmetic error in EDID generation fixed Gerd Hoffmann
@ 2020-03-02 9:18 ` Gerd Hoffmann
2020-03-02 14:55 ` [PULL 0/2] Vga 20200302 patches Peter Maydell
2 siblings, 0 replies; 5+ messages in thread
From: Gerd Hoffmann @ 2020-03-02 9:18 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
Map qxl rom read-only into the guest, so the guest can't tamper with the
content. qxl has a shadow copy of the rom to deal with that, but the
shadow doesn't cover the mode list. A privilidged user in the guest can
manipulate the mode list and that to trick qemu into oob reads, leading
to a DoS via segfault if that read access happens to hit unmapped memory.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200225055920.17261-2-kraxel@redhat.com
---
hw/display/qxl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/display/qxl.c b/hw/display/qxl.c
index 21a43a1d5ec2..227da69a50d9 100644
--- a/hw/display/qxl.c
+++ b/hw/display/qxl.c
@@ -2136,7 +2136,7 @@ static void qxl_realize_common(PCIQXLDevice *qxl, Error **errp)
pci_set_byte(&config[PCI_INTERRUPT_PIN], 1);
qxl->rom_size = qxl_rom_size();
- memory_region_init_ram(&qxl->rom_bar, OBJECT(qxl), "qxl.vrom",
+ memory_region_init_rom(&qxl->rom_bar, OBJECT(qxl), "qxl.vrom",
qxl->rom_size, &error_fatal);
init_qxl_rom(qxl);
init_qxl_ram(qxl);
--
2.18.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PULL 0/2] Vga 20200302 patches
2020-03-02 9:18 [PULL 0/2] Vga 20200302 patches Gerd Hoffmann
2020-03-02 9:18 ` [PULL 1/2] Arithmetic error in EDID generation fixed Gerd Hoffmann
2020-03-02 9:18 ` [PULL 2/2] qxl: map rom r/o Gerd Hoffmann
@ 2020-03-02 14:55 ` Peter Maydell
2 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2020-03-02 14:55 UTC (permalink / raw)
To: Gerd Hoffmann; +Cc: QEMU Developers
On Mon, 2 Mar 2020 at 09:19, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> The following changes since commit e0175b71638cf4398903c0d25f93fe62e0606389:
>
> Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200228' into staging (2020-02-28 16:39:27 +0000)
>
> are available in the Git repository at:
>
> git://git.kraxel.org/qemu tags/vga-20200302-pull-request
>
> for you to fetch changes up to 44b5c1ebfa5db337714180e9d4a8d525da5595d6:
>
> qxl: map rom r/o (2020-03-02 08:24:36 +0100)
>
> ----------------------------------------------------------------
> vga: bugfixes for qxl and edid generator.
>
> ----------------------------------------------------------------
Applied, thanks.
Please update the changelog at https://wiki.qemu.org/ChangeLog/5.0
for any user-visible changes.
-- PMM
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PULL 1/2] Arithmetic error in EDID generation fixed
2020-03-02 9:18 ` [PULL 1/2] Arithmetic error in EDID generation fixed Gerd Hoffmann
@ 2020-03-05 14:31 ` Stefan Weil
0 siblings, 0 replies; 5+ messages in thread
From: Stefan Weil @ 2020-03-05 14:31 UTC (permalink / raw)
To: Gerd Hoffmann, qemu-devel; +Cc: Anton V. Boyarshinov
Am 02.03.20 um 10:18 schrieb Gerd Hoffmann:
> From: "Anton V. Boyarshinov" <boyarsh@altlinux.org>
>
> To calculate screen size in centimeters we should calculate:
> pixels/dpi*2.54
> but not
> pixels*dpi/2540
>
> Using wrong formula we actually get 65 DPI and very small fonts.
>
> Signed-off-by: Anton V. Boyarshinov <boyarsh@altlinux.org>
> Message-id: 20200226122054.366b9cda@table.localdomain
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
> hw/display/edid-generate.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/hw/display/edid-generate.c b/hw/display/edid-generate.c
> index 75c945a94813..e58472fde501 100644
> --- a/hw/display/edid-generate.c
> +++ b/hw/display/edid-generate.c
> @@ -360,8 +360,8 @@ void qemu_edid_generate(uint8_t *edid, size_t size,
> edid[20] = 0xa5;
>
> /* screen size: undefined */
> - edid[21] = info->prefx * info->dpi / 2540;
> - edid[22] = info->prefy * info->dpi / 2540;
> + edid[21] = info->prefx * 254 / 100 / info->dpi;
> + edid[22] = info->prefy * 254 / 100 / info->dpi;
Gerd, the required rounding (see my previous e-mail) for both values is
still missing.
Cheers,
Stefan
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-03-05 14:36 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-03-02 9:18 [PULL 0/2] Vga 20200302 patches Gerd Hoffmann
2020-03-02 9:18 ` [PULL 1/2] Arithmetic error in EDID generation fixed Gerd Hoffmann
2020-03-05 14:31 ` Stefan Weil
2020-03-02 9:18 ` [PULL 2/2] qxl: map rom r/o Gerd Hoffmann
2020-03-02 14:55 ` [PULL 0/2] Vga 20200302 patches Peter Maydell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).