|
 |
4f5da8 |
From 9fd5f5b599e19c4485c3c7e6689081965e833df6 Mon Sep 17 00:00:00 2001
|
|
|
4f5da8 |
From: Gerd Hoffmann <kraxel@redhat.com>
|
|
|
4f5da8 |
Date: Tue, 7 Feb 2017 10:07:50 +0100
|
|
|
4f5da8 |
Subject: [PATCH 6/8] cirrus: allow zero source pitch in pattern fill rops
|
|
|
4f5da8 |
|
|
|
4f5da8 |
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
|
|
|
4f5da8 |
Message-id: <1486462072-32174-6-git-send-email-kraxel@redhat.com>
|
|
|
4f5da8 |
Patchwork-id: 73569
|
|
|
4f5da8 |
O-Subject: [RHEL-7.4 qemu-kvm PATCH 5/7] cirrus: allow zero source pitch in pattern fill rops
|
|
|
4f5da8 |
Bugzilla: 1418232
|
|
|
4f5da8 |
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
|
4f5da8 |
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
4f5da8 |
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
4f5da8 |
|
|
|
4f5da8 |
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
|
|
4f5da8 |
|
|
|
4f5da8 |
The rops used by cirrus_bitblt_common_patterncopy only use
|
|
|
4f5da8 |
the destination pitch, so the source pitch shoul allowed to
|
|
|
4f5da8 |
be zero and the blit with used for the range check around the
|
|
|
4f5da8 |
source address.
|
|
|
4f5da8 |
|
|
|
4f5da8 |
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
|
|
4f5da8 |
Message-id: 1485272138-23249-1-git-send-email-w.bumiller@proxmox.com
|
|
|
4f5da8 |
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
|
4f5da8 |
(cherry picked from commit 5858dd1801883309bdd208d72ddb81c4e9fee30c)
|
|
|
4f5da8 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
4f5da8 |
---
|
|
|
4f5da8 |
hw/display/cirrus_vga.c | 27 +++++++++++++++++++--------
|
|
|
4f5da8 |
1 file changed, 19 insertions(+), 8 deletions(-)
|
|
|
4f5da8 |
|
|
|
4f5da8 |
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
|
|
|
4f5da8 |
index e09076a..b040ab1 100644
|
|
|
4f5da8 |
--- a/hw/display/cirrus_vga.c
|
|
|
4f5da8 |
+++ b/hw/display/cirrus_vga.c
|
|
|
4f5da8 |
@@ -267,9 +267,6 @@ static void cirrus_update_memory_access(CirrusVGAState *s);
|
|
|
4f5da8 |
static bool blit_region_is_unsafe(struct CirrusVGAState *s,
|
|
|
4f5da8 |
int32_t pitch, int32_t addr)
|
|
|
4f5da8 |
{
|
|
|
4f5da8 |
- if (!pitch) {
|
|
|
4f5da8 |
- return true;
|
|
|
4f5da8 |
- }
|
|
|
4f5da8 |
if (pitch < 0) {
|
|
|
4f5da8 |
int64_t min = addr
|
|
|
4f5da8 |
+ ((int64_t)s->cirrus_blt_height-1) * pitch;
|
|
|
4f5da8 |
@@ -289,8 +286,11 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,
|
|
|
4f5da8 |
return false;
|
|
|
4f5da8 |
}
|
|
|
4f5da8 |
|
|
|
4f5da8 |
-static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
|
|
|
4f5da8 |
+static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only,
|
|
|
4f5da8 |
+ bool zero_src_pitch_ok)
|
|
|
4f5da8 |
{
|
|
|
4f5da8 |
+ int32_t check_pitch;
|
|
|
4f5da8 |
+
|
|
|
4f5da8 |
/* should be the case, see cirrus_bitblt_start */
|
|
|
4f5da8 |
assert(s->cirrus_blt_width > 0);
|
|
|
4f5da8 |
assert(s->cirrus_blt_height > 0);
|
|
|
4f5da8 |
@@ -299,6 +299,10 @@ static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
|
|
|
4f5da8 |
return true;
|
|
|
4f5da8 |
}
|
|
|
4f5da8 |
|
|
|
4f5da8 |
+ if (!s->cirrus_blt_dstpitch) {
|
|
|
4f5da8 |
+ return true;
|
|
|
4f5da8 |
+ }
|
|
|
4f5da8 |
+
|
|
|
4f5da8 |
if (blit_region_is_unsafe(s, s->cirrus_blt_dstpitch,
|
|
|
4f5da8 |
s->cirrus_blt_dstaddr & s->cirrus_addr_mask)) {
|
|
|
4f5da8 |
return true;
|
|
|
4f5da8 |
@@ -306,7 +310,13 @@ static bool blit_is_unsafe(struct CirrusVGAState *s, bool dst_only)
|
|
|
4f5da8 |
if (dst_only) {
|
|
|
4f5da8 |
return false;
|
|
|
4f5da8 |
}
|
|
|
4f5da8 |
- if (blit_region_is_unsafe(s, s->cirrus_blt_srcpitch,
|
|
|
4f5da8 |
+
|
|
|
4f5da8 |
+ check_pitch = s->cirrus_blt_srcpitch;
|
|
|
4f5da8 |
+ if (!zero_src_pitch_ok && !check_pitch) {
|
|
|
4f5da8 |
+ check_pitch = s->cirrus_blt_width;
|
|
|
4f5da8 |
+ }
|
|
|
4f5da8 |
+
|
|
|
4f5da8 |
+ if (blit_region_is_unsafe(s, check_pitch,
|
|
|
4f5da8 |
s->cirrus_blt_srcaddr & s->cirrus_addr_mask)) {
|
|
|
4f5da8 |
return true;
|
|
|
4f5da8 |
}
|
|
|
4f5da8 |
@@ -676,8 +686,9 @@ static int cirrus_bitblt_common_patterncopy(CirrusVGAState * s,
|
|
|
4f5da8 |
|
|
|
4f5da8 |
dst = s->vga.vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
|
|
|
4f5da8 |
|
|
|
4f5da8 |
- if (blit_is_unsafe(s, false))
|
|
|
4f5da8 |
+ if (blit_is_unsafe(s, false, true)) {
|
|
|
4f5da8 |
return 0;
|
|
|
4f5da8 |
+ }
|
|
|
4f5da8 |
|
|
|
4f5da8 |
(*s->cirrus_rop) (s, dst, src,
|
|
|
4f5da8 |
s->cirrus_blt_dstpitch, 0,
|
|
|
4f5da8 |
@@ -694,7 +705,7 @@ static int cirrus_bitblt_solidfill(CirrusVGAState *s, int blt_rop)
|
|
|
4f5da8 |
{
|
|
|
4f5da8 |
cirrus_fill_t rop_func;
|
|
|
4f5da8 |
|
|
|
4f5da8 |
- if (blit_is_unsafe(s, true)) {
|
|
|
4f5da8 |
+ if (blit_is_unsafe(s, true, true)) {
|
|
|
4f5da8 |
return 0;
|
|
|
4f5da8 |
}
|
|
|
4f5da8 |
rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
|
|
|
4f5da8 |
@@ -798,7 +809,7 @@ static int cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
|
|
|
4f5da8 |
|
|
|
4f5da8 |
static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s)
|
|
|
4f5da8 |
{
|
|
|
4f5da8 |
- if (blit_is_unsafe(s, false))
|
|
|
4f5da8 |
+ if (blit_is_unsafe(s, false, false))
|
|
|
4f5da8 |
return 0;
|
|
|
4f5da8 |
|
|
|
4f5da8 |
return cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->vga.start_addr,
|
|
|
4f5da8 |
--
|
|
|
4f5da8 |
1.8.3.1
|
|
|
4f5da8 |
|