597198 – qxl: 16bpp vga mode is broken.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 597198 - qxl: 16bpp vga mode is broken.

Summary: qxl: 16bpp vga mode is broken.

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Gerd Hoffmann
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	599016
TreeView+	depends on / blocked

Reported:	2010-05-28 10:55 UTC by Qunfang Zhang
Modified:	2013-01-09 22:38 UTC (History)
CC List:	7 users (show)
Fixed In Version:	qemu-kvm-0.12.1.2-2.87.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-07-02 07:04:34 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Qunfang Zhang 2010-05-28 10:55:40 UTC

Description of problem:
Win2k8-32 guest aborted when boot with physical NIC card assigned and with -spice.
Using vnc to view the guest, have no problem.
Also tried win7-64/32, win2k8-r2-64,winXP-32, also have no problem.

Command line:
#/usr/libexec/qemu-kvm -no-hpet -usbdevice tablet -rtc-td-hack -no-kvm-pit-reinjection -startdate now -drive file=win2008-32.qcow2,media=disk,if=ide,cache=off,index=0 -net nic,vlan=0,macaddr=10:1a:4a:10:90:8f,model=e1000 -net tap,vlan=0,script=/etc/qemu-ifup -cpu qemu64,+sse2 -balloon none -uuid `uuidgen` -monitor stdio -m 2G -smp 2 -boot c -spice port=5930,disable-ticketing -vga qxl -pcidevice host=02:00.0

Version-Release number of selected component (if applicable):
qemu-kvm-0.12.1.2-2.51.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Boot win2k8-32 guest with above command line using "-spice port=5930,disable-ticketing -vga qxl -pcidevice host=02:00.0"
2.
3.
  
Actual results:
Guest aborted.

Expected results:


Additional info:
(gdb) bt
#0  0x0000003482e329c5 in raise () from /lib64/libc.so.6
#1  0x0000003482e341a5 in abort () from /lib64/libc.so.6
#2  0x0000000000471dde in _qxl_get_info (d=0x187a, info=0x187a)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:255
#3  0x000000348b613053 in qxl_worker_attach (qxl_worker=0x20e82f0)
    at red_dispatcher.c:208
#4  0x00000000004720c5 in qxl_reset (d=0x20d77c0)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:552
#5  0x00000000004738f7 in qxl_display_resize (ds=0x16d9f40)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:825
#6  0x0000000000444057 in dpy_resize (opaque=0x20d7a58)
    at /usr/src/debug/qemu-kvm-0.12.1.2/console.h:216
#7  vga_draw_graphic (opaque=0x20d7a58)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/vga.c:1726
#8  vga_update_display (opaque=0x20d7a58)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/vga.c:1938
#9  0x00000000004737e5 in qxl_display_refresh (ds=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:835
#10 0x000000000040b7fe in dpy_refresh (opaque=0x16d9f40)
    at /usr/src/debug/qemu-kvm-0.12.1.2/console.h:234
#11 gui_update (opaque=0x16d9f40) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:3282
#12 0x000000000040b288 in qemu_run_timers (timeout=1000)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:1170
---Type <return> to continue, or q <return> to quit---
#13 main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4096
#14 0x000000000042864a in kvm_main_loop ()
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2127
#15 0x000000000040e17b in main_loop (argc=<value optimized out>, 
    argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4269
#16 main (argc=<value optimized out>, argv=<value optimized out>, 
    envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6411

Comment 2 RHEL Program Management 2010-05-28 11:35:39 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.

Comment 3 Qunfang Zhang 2010-05-31 05:16:33 UTC

Also exist on qemu-kvm-0.12.1.2-2.68.el6.x86_64.

Comment 4 Dor Laor 2010-05-31 14:02:52 UTC

Does it work w/o spice (although it looks it is a qxl issue)

Comment 5 Qunfang Zhang 2010-06-01 01:43:19 UTC

(In reply to comment #4)
> Does it work w/o spice (although it looks it is a qxl issue)    

Yes, it works well without spice, as described in Comment 0.

Comment 6 Gerd Hoffmann 2010-06-01 06:37:28 UTC

Does it also happen without '-pcidevice host=02:00.0'?

Comment 7 Qunfang Zhang 2010-06-01 07:02:42 UTC

(In reply to comment #6)
> Does it also happen without '-pcidevice host=02:00.0'?    

It also happnens without "-pcidevice host=02:00.0", maybe the bug summary need to be modified. :-)

Command line:
/usr/libexec/qemu-kvm -no-hpet -usbdevice tablet -rtc-td-hack -no-kvm-pit-reinjection -startdate now -drive file=win2008-32.qcow2,media=disk,if=ide,cache=off,index=0 -net nic,vlan=0,macaddr=10:1a:4a:10:90:8f,model=e1000 -net tap,vlan=0,script=/etc/qemu-ifup -cpu qemu64,+sse2 -balloon none -uuid `uuidgen` -monitor stdio -m 2G -smp 2 -boot c -spice port=5930,disable-ticketing -vga qxl

Comment 8 Gerd Hoffmann 2010-06-01 09:28:41 UTC

16bpp vga mode (i.e. without guest drivers) is broken.  Can probably be triggered with any windows version by switching to 16 bit color depth.

Comment 9 Gerd Hoffmann 2010-06-01 10:15:30 UTC

Patches posted for review.

Comment 14 Qunfang Zhang 2010-06-30 09:13:04 UTC

Reproduced on qemu-kvm-0.12.1.2-2.82.el6, verified pass on qemu-kvm-0.12.1.2-2.90.el6  

Steps:
1. boot a windows guest.(I tried win2k8-32 and win2k8-64)
2. change the display setting to 16 bit color depth by:
 Right-click mouse on guest's desktop -> Personalize -> Display Settings -> Then change the colour to 16bit -> Click OK.

On qemu-kvm-0.12.1.2-2.82.el6, guest aborted.

On qemu-kvm-0.12.1.2-2.90.el6, guest works well.

Command line:
/usr/libexec/qemu-kvm -usbdevice tablet -rtc-td-hack -no-kvm-pit-reinjection -startdate now -drive file=win2008-64.qcow2,if=none,id=drive-ide0-0-0,werror=stop,rerror=stop,cache=none -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -netdev tap,id=hostnet0,script=/etc/qemu-ifup -device rtl8139,netdev=hostnet0,mac=76:00:40:3F:2F:3E,bus=pci.0,addr=0x3 -boot c -uuid f1b7c27c-e6e3-4e67-95da-8dd0a8891cc4 -smp 2 -m 2G -spice port=5930,disable-ticketing -vga qxl -monitor stdio -qmp tcp:0:4444,server

Note You need to log in before you can comment on or make changes to this bug.