[gentoo-commits] proj/qemu-kvm:qemu-kvm-1.2.0-gentoo commit in: hw/

[gentoo-commits] proj/qemu-kvm:qemu-kvm-1.2.0-gentoo commit in: hw/

[Doug Goldstein]

commit:     a85acf50f2a5a325fcb3bd54f86cfdb16504153b
Author:     Paolo Bonzini <pbonzini <AT> redhat <DOT> com>
AuthorDate: Fri Nov 23 15:56:18 2012 +0000
Commit:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
CommitDate: Thu Dec 13 21:31:59 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/qemu-kvm.git;a=commit;h=a85acf50

hmp: do not crash on invalid SCSI hotplug

Commit 0d93692 (qdev: Convert busses to QEMU Object Model, 2012-05-02)
removed a check on the type of the bus where a SCSI disk is hotplugged.
However, hot-plugging to the wrong kind of device now causes a crash
due to either a NULL pointer dereference (avoided by the previous patch)
or a failed QOM cast.

Instead, in this case we need to use object_dynamic_cast and check for
the result, similar to what was done before that commit.

Reported-by: Markus Armbruster <armbru <AT> redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini <AT> redhat.com>
Signed-off-by: Anthony Liguori <aliguori <AT> us.ibm.com>
(cherry picked from commit b5007bcc9729acd995518c52eb1038c4d8416b5d)

Signed-off-by: Michael Roth <mdroth <AT> linux.vnet.ibm.com>
(cherry picked from commit a99cb0d20a4868a31f294f5d1fd4fa3225ea70ab)

---
 hw/pci-hotplug.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/hw/pci-hotplug.c b/hw/pci-hotplug.c
index e7fb780..0ca5546 100644
--- a/hw/pci-hotplug.c
+++ b/hw/pci-hotplug.c
@@ -80,7 +80,13 @@ static int scsi_hot_add(Monitor *mon, DeviceState *adapter,
     SCSIBus *scsibus;
     SCSIDevice *scsidev;
 
-    scsibus = SCSI_BUS(QLIST_FIRST(&adapter->child_bus));
+    scsibus = (SCSIBus *)
+        object_dynamic_cast(OBJECT(QLIST_FIRST(&adapter->child_bus)),
+                            TYPE_SCSI_BUS);
+    if (!scsibus) {
+	error_report("Device is not a SCSI adapter");
+	return -1;
+    }
 
     /*
      * drive_init() tries to find a default for dinfo->unit.  Doesn't

[gentoo-commits] proj/qemu-kvm:qemu-kvm-1.2.0-gentoo commit in: hw/

[Doug Goldstein]

commit:     5e5cbe13a73bb99bc69de3e0925bd4964e56a2bb
Author:     David Gibson <david <AT> gibson <DOT> dropbear <DOT> id <DOT> au>
AuthorDate: Fri Nov 23 05:08:44 2012 +0000
Commit:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
CommitDate: Thu Dec 13 21:31:59 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/qemu-kvm.git;a=commit;h=5e5cbe13

virtio-scsi: Fix some endian bugs with virtio-scsi

The virtio-scsi specification does not specify the correct endianness for
fields in the request structure.  It's therefore best to assume that it is
"guest native" endian since that's the (stupid and poorly defined) norm in
virtio.

However, the qemu device for virtio-scsi has no byteswaps at all, and so
will break if the guest has different endianness from the host.  This patch
fixes it by adding tswap() calls for the sense_len and resid fields in
the request structure.  In theory status_qualifier needs swaps as well,
but that field is never actually touched.  The tag field is a uint64_t, but
since its value is completely arbitrary, it might as well be uint8_t[8]
and so it does not need swapping.

Cc: Paolo Bonzini <pbonzini <AT> redhat.com>
Cc: Paul 'Rusty' Russell <rusty <AT> rustcorp.com.au>
Signed-off-by: David Gibson <david <AT> gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini <AT> redhat.com>
(cherry picked from commit 474ee55a18765e7de8f0b2cc00db5d26286bb24d)

Signed-off-by: Michael Roth <mdroth <AT> linux.vnet.ibm.com>
(cherry picked from commit ea08f3a4e25fe76d42a186152949516c2a63a46b)

---
 hw/virtio-scsi.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/hw/virtio-scsi.c b/hw/virtio-scsi.c
index c1b47a8..c6d5290 100644
--- a/hw/virtio-scsi.c
+++ b/hw/virtio-scsi.c
@@ -424,15 +424,17 @@ static void virtio_scsi_command_complete(SCSIRequest *r, uint32_t status,
                                          size_t resid)
 {
     VirtIOSCSIReq *req = r->hba_private;
+    uint32_t sense_len;
 
     req->resp.cmd->response = VIRTIO_SCSI_S_OK;
     req->resp.cmd->status = status;
     if (req->resp.cmd->status == GOOD) {
-        req->resp.cmd->resid = resid;
+        req->resp.cmd->resid = tswap32(resid);
     } else {
         req->resp.cmd->resid = 0;
-        req->resp.cmd->sense_len =
-            scsi_req_get_sense(r, req->resp.cmd->sense, VIRTIO_SCSI_SENSE_SIZE);
+        sense_len = scsi_req_get_sense(r, req->resp.cmd->sense,
+                                       VIRTIO_SCSI_SENSE_SIZE);
+        req->resp.cmd->sense_len = tswap32(sense_len);
     }
     virtio_scsi_complete_req(req);
 }

[gentoo-commits] proj/qemu-kvm:qemu-kvm-1.2.0-gentoo commit in: hw/

[Doug Goldstein]

commit:     6b4950c36dea3fafefac88883fc0421913e22b75
Author:     David Gibson <david <AT> gibson <DOT> dropbear <DOT> id <DOT> au>
AuthorDate: Mon Nov 26 01:33:52 2012 +0000
Commit:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
CommitDate: Thu Dec 13 21:31:59 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/qemu-kvm.git;a=commit;h=6b4950c3

virtio-scsi: Fix subtle (guest) endian bug

The virtio-scsi config space is, by specification, in guest endian (which
is ill-defined, but there you go).  In virtio_scsi_get_config() we set up
all the fields in there, using stl_raw().  Which is a problem for the
max_channel and max_target fields, which are 16-bit, not 32-bit.  For
little-endian targets we get away with it by accident, since the first
two bytes will still be correct, and the extra two bytes written (with
zeroes) will be overwritten correctly by the next store.

But for big-endian guests, this means the max_target field ends up as zero,
which means the guest will only recognize a single disk on the virtio-scsi
bus.  This patch fixes the problem.

Cc: Paolo Bonzini <pbonzini <AT> redhat.com>
Cc: Paul 'Rusty' Russell <rusty <AT> rustcorp.com.au>
Signed-off-by: David Gibson <david <AT> gibson.dropbear.id.au>
Signed-off-by: Paolo Bonzini <pbonzini <AT> redhat.com>
(cherry picked from commit 863d1050c96cff91dd478767c0da9cc288575919)

Signed-off-by: Michael Roth <mdroth <AT> linux.vnet.ibm.com>
(cherry picked from commit bf47da47dbcbf2c90119ba0bd45560d5b2f1dd13)

---
 hw/virtio-scsi.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/virtio-scsi.c b/hw/virtio-scsi.c
index c6d5290..5fcbdd8 100644
--- a/hw/virtio-scsi.c
+++ b/hw/virtio-scsi.c
@@ -534,8 +534,8 @@ static void virtio_scsi_get_config(VirtIODevice *vdev,
     stl_raw(&scsiconf->event_info_size, sizeof(VirtIOSCSIEvent));
     stl_raw(&scsiconf->sense_size, s->sense_size);
     stl_raw(&scsiconf->cdb_size, s->cdb_size);
-    stl_raw(&scsiconf->max_channel, VIRTIO_SCSI_MAX_CHANNEL);
-    stl_raw(&scsiconf->max_target, VIRTIO_SCSI_MAX_TARGET);
+    stw_raw(&scsiconf->max_channel, VIRTIO_SCSI_MAX_CHANNEL);
+    stw_raw(&scsiconf->max_target, VIRTIO_SCSI_MAX_TARGET);
     stl_raw(&scsiconf->max_lun, VIRTIO_SCSI_MAX_LUN);
 }
 

[gentoo-commits] proj/qemu-kvm:qemu-kvm-1.2.0-gentoo commit in: hw/

[Doug Goldstein]

commit:     a55d4de13a62fcbd8cbd5ccb5b8ae6d8a1de6150
Author:     Yonit Halperin <yhalperi <AT> redhat <DOT> com>
AuthorDate: Wed Nov 28 15:08:22 2012 +0000
Commit:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
CommitDate: Thu Dec 13 21:32:00 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/qemu-kvm.git;a=commit;h=a55d4de1

qxl: reload memslots after migration, when qxl is in UNDEFINED mode

The devram memslot stays active when qxl enters UNDEFINED mode (i.e, no
primary surface). If migration has occurred while the device is in
UNDEFINED stae, the memslots have to be reloaded at the destination.

Fixes rhbz#874574

Signed-off-by: Yonit Halperin <yhalperi <AT> redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel <AT> redhat.com>
(cherry picked from commit fa98efe932d93a15ffa867f3b05149c8d1fc7c28)

Signed-off-by: Michael Roth <mdroth <AT> linux.vnet.ibm.com>
(cherry picked from commit 8c9283c82a8428018b2e43c5f5381a99d1648d4b)

---
 hw/qxl.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/hw/qxl.c b/hw/qxl.c
index 89e9ad9..e7e9dd9 100644
--- a/hw/qxl.c
+++ b/hw/qxl.c
@@ -2042,6 +2042,7 @@ static int qxl_post_load(void *opaque, int version)
 
     switch (newmode) {
     case QXL_MODE_UNDEFINED:
+        qxl_create_memslots(d);
         break;
     case QXL_MODE_VGA:
         qxl_create_memslots(d);

[gentoo-commits] proj/qemu-kvm:qemu-kvm-1.2.0-gentoo commit in: hw/

[Doug Goldstein]

commit:     cc74c2ab80bbe6d84e3ab89463f8c644079259c9
Author:     Peter Maydell <peter.maydell <AT> linaro <DOT> org>
AuthorDate: Fri Oct 26 15:29:38 2012 +0000
Commit:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
CommitDate: Sun Jan 13 02:39:15 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/qemu-kvm.git;a=commit;h=cc74c2ab

arm_boot: Change initrd load address to "halfway through RAM"

To avoid continually having to bump the initrd load address
to account for larger kernel images, put the initrd halfway
through RAM. This allows large kernels on new boards with lots
of RAM to work OK, without breaking existing usecases for
boards with only 32MB of RAM.

Note that this change fixes in passing a bug where we were
passing an overly large max_size to load_image_targphys()
for the initrd, which meant that we wouldn't correctly refuse
to load an enormous initrd that didn't actually fit into RAM.

Signed-off-by: Peter Maydell <peter.maydell <AT> linaro.org>
Reviewed-by: Aurelien Jarno <aurelien <AT> aurel32.net>
Reviewed-by: Igor Mitsyanko <i.mitsyanko <AT> samsung.com>
Tested-by: Cole Robinson <crobinso <AT> redhat.com>
Signed-off-by: Aurelien Jarno <aurelien <AT> aurel32.net>
(cherry picked from commit fc53b7d4b7fe409acae7d8d55a868eb5c696d71c)

Conflicts:
	hw/arm-misc.h
	hw/arm_boot.c

---
 hw/arm-misc.h |    1 +
 hw/arm_boot.c |   38 ++++++++++++++++++++++++--------------
 2 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/hw/arm-misc.h b/hw/arm-misc.h
index bdd8fec..0f7deb5 100644
--- a/hw/arm-misc.h
+++ b/hw/arm-misc.h
@@ -56,6 +56,7 @@ struct arm_boot_info {
                                      const struct arm_boot_info *info);
     /* Used internally by arm_boot.c */
     int is_linux;
+    target_phys_addr_t initrd_start;
     target_phys_addr_t initrd_size;
     target_phys_addr_t entry;
 };

diff --git a/hw/arm_boot.c b/hw/arm_boot.c
index a6e9143..4adb908 100644
--- a/hw/arm_boot.c
+++ b/hw/arm_boot.c
@@ -18,7 +18,6 @@
 
 #define KERNEL_ARGS_ADDR 0x100
 #define KERNEL_LOAD_ADDR 0x00010000
-#define INITRD_LOAD_ADDR 0x00d00000
 
 /* The worlds second smallest bootloader.  Set r0-r2, then jump to kernel.  */
 static uint32_t bootloader[] = {
@@ -109,7 +108,7 @@ static void set_kernel_args(const struct arm_boot_info *info)
         /* ATAG_INITRD2 */
         WRITE_WORD(p, 4);
         WRITE_WORD(p, 0x54420005);
-        WRITE_WORD(p, info->loader_start + INITRD_LOAD_ADDR);
+        WRITE_WORD(p, info->initrd_start);
         WRITE_WORD(p, initrd_size);
     }
     if (info->kernel_cmdline && *info->kernel_cmdline) {
@@ -185,10 +184,11 @@ static void set_kernel_args_old(const struct arm_boot_info *info)
     /* pages_in_vram */
     WRITE_WORD(p, 0);
     /* initrd_start */
-    if (initrd_size)
-        WRITE_WORD(p, info->loader_start + INITRD_LOAD_ADDR);
-    else
+    if (initrd_size) {
+        WRITE_WORD(p, info->initrd_start);
+    } else {
         WRITE_WORD(p, 0);
+    }
     /* initrd_size */
     WRITE_WORD(p, initrd_size);
     /* rd_start */
@@ -281,14 +281,13 @@ static int load_dtb(target_phys_addr_t addr, const struct arm_boot_info *binfo)
 
     if (binfo->initrd_size) {
         rc = qemu_devtree_setprop_cell(fdt, "/chosen", "linux,initrd-start",
-                binfo->loader_start + INITRD_LOAD_ADDR);
+                binfo->initrd_start);
         if (rc < 0) {
             fprintf(stderr, "couldn't set /chosen/linux,initrd-start\n");
         }
 
         rc = qemu_devtree_setprop_cell(fdt, "/chosen", "linux,initrd-end",
-                    binfo->loader_start + INITRD_LOAD_ADDR +
-                    binfo->initrd_size);
+                    binfo->initrd_start + binfo->initrd_size);
         if (rc < 0) {
             fprintf(stderr, "couldn't set /chosen/linux,initrd-end\n");
         }
@@ -375,6 +374,19 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
     big_endian = 0;
 #endif
 
+    /* We want to put the initrd far enough into RAM that when the
+     * kernel is uncompressed it will not clobber the initrd. However
+     * on boards without much RAM we must ensure that we still leave
+     * enough room for a decent sized initrd, and on boards with large
+     * amounts of RAM we must avoid the initrd being so far up in RAM
+     * that it is outside lowmem and inaccessible to the kernel.
+     * So for boards with less  than 256MB of RAM we put the initrd
+     * halfway into RAM, and for boards with 256MB of RAM or more we put
+     * the initrd at 128MB.
+     */
+    info->initrd_start = info->loader_start +
+        MIN(info->ram_size / 2, 128 * 1024 * 1024);
+
     /* Assume that raw images are linux kernels, and ELF images are not.  */
     kernel_size = load_elf(info->kernel_filename, NULL, NULL, &elf_entry,
                            NULL, NULL, big_endian, ELF_MACHINE, 1);
@@ -398,10 +410,9 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
     if (is_linux) {
         if (info->initrd_filename) {
             initrd_size = load_image_targphys(info->initrd_filename,
-                                              info->loader_start
-                                              + INITRD_LOAD_ADDR,
-                                              info->ram_size
-                                              - INITRD_LOAD_ADDR);
+                                              info->initrd_start,
+                                              info->ram_size -
+                                              info->initrd_start);
             if (initrd_size < 0) {
                 fprintf(stderr, "qemu: could not load initrd '%s'\n",
                         info->initrd_filename);
@@ -419,8 +430,7 @@ void arm_load_kernel(ARMCPU *cpu, struct arm_boot_info *info)
          */
         if (info->dtb_filename) {
             /* Place the DTB after the initrd in memory */
-            target_phys_addr_t dtb_start = TARGET_PAGE_ALIGN(info->loader_start
-                                                             + INITRD_LOAD_ADDR
+            target_phys_addr_t dtb_start = TARGET_PAGE_ALIGN(info->initrd_start
                                                              + initrd_size);
             if (load_dtb(dtb_start, info)) {
                 exit(1);

[gentoo-commits] proj/qemu-kvm:qemu-kvm-1.2.0-gentoo commit in: hw/

[Doug Goldstein]

commit:     5853b4ffd6ae6057bd103174663e80c3fc96b440
Author:     Michael Contreras <michael <AT> inetric <DOT> com>
AuthorDate: Mon Dec  3 04:11:22 2012 +0000
Commit:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
CommitDate: Thu Dec 13 21:32:00 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/qemu-kvm.git;a=commit;h=5853b4ff

e1000: Discard packets that are too long if !SBP and !LPE

The e1000_receive function for the e1000 needs to discard packets longer than
1522 bytes if the SBP and LPE flags are disabled. The linux driver assumes
this behavior and allocates memory based on this assumption.

Signed-off-by: Michael Contreras <michael <AT> inetric.com>
Signed-off-by: Anthony Liguori <aliguori <AT> us.ibm.com>
(cherry picked from commit b0d9ffcd0251161c7c92f94804dcf599dfa3edeb)

Signed-off-by: Michael Roth <mdroth <AT> linux.vnet.ibm.com>
(cherry picked from commit e1a0ffb95728304f962ce36b27dcd3a16f04a05d)

---
 hw/e1000.c |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/hw/e1000.c b/hw/e1000.c
index 4d4ac32..b1d8508 100644
--- a/hw/e1000.c
+++ b/hw/e1000.c
@@ -59,6 +59,9 @@ static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
 #define PNPMMIO_SIZE      0x20000
 #define MIN_BUF_SIZE      60 /* Min. octets in an ethernet frame sans FCS */
 
+/* this is the size past which hardware will drop packets when setting LPE=0 */
+#define MAXIMUM_ETHERNET_VLAN_SIZE 1522
+
 /*
  * HW models:
  *  E1000_DEV_ID_82540EM works with Windows and Linux
@@ -795,6 +798,13 @@ e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size)
         size = sizeof(min_buf);
     }
 
+    /* Discard oversized packets if !LPE and !SBP. */
+    if (size > MAXIMUM_ETHERNET_VLAN_SIZE
+        && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)
+        && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) {
+        return size;
+    }
+
     if (!receive_filter(s, buf, size))
         return size;
 

[gentoo-commits] proj/qemu-kvm:qemu-kvm-1.2.0-gentoo commit in: hw/

[Doug Goldstein]

commit:     b939b4497b3be038374cbae0bb0f3114de2bb771
Author:     Michael Contreras <michael <AT> inetric <DOT> com>
AuthorDate: Wed Dec  5 18:31:30 2012 +0000
Commit:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
CommitDate: Sat Jan 19 03:02:08 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/qemu-kvm.git;a=commit;h=b939b449

e1000: Discard oversized packets based on SBP|LPE

Discard packets longer than 16384 when !SBP to match the hardware behavior.

Signed-off-by: Michael Contreras <michael <AT> inetric.com>
Signed-off-by: Stefan Hajnoczi <stefanha <AT> redhat.com>
(cherry picked from commit 2c0331f4f7d241995452b99afaf0aab00493334a)

---
 hw/e1000.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/e1000.c b/hw/e1000.c
index b1d8508..fa3d4dc 100644
--- a/hw/e1000.c
+++ b/hw/e1000.c
@@ -61,6 +61,8 @@ static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
 
 /* this is the size past which hardware will drop packets when setting LPE=0 */
 #define MAXIMUM_ETHERNET_VLAN_SIZE 1522
+/* this is the size past which hardware will drop packets when setting LPE=1 */
+#define MAXIMUM_ETHERNET_LPE_SIZE 16384
 
 /*
  * HW models:
@@ -799,8 +801,9 @@ e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size)
     }
 
     /* Discard oversized packets if !LPE and !SBP. */
-    if (size > MAXIMUM_ETHERNET_VLAN_SIZE
-        && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)
+    if ((size > MAXIMUM_ETHERNET_LPE_SIZE ||
+        (size > MAXIMUM_ETHERNET_VLAN_SIZE
+        && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)))
         && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) {
         return size;
     }

[gentoo-commits] proj/qemu-kvm:qemu-kvm-1.2.0-gentoo commit in: hw/

[Doug Goldstein]

commit:     17183af284cabf30646f4f15abe9c24256a25604
Author:     Gerd Hoffmann <kraxel <AT> redhat <DOT> com>
AuthorDate: Mon Dec 10 06:41:07 2012 +0000
Commit:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
CommitDate: Sat Jan 19 03:02:08 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/qemu-kvm.git;a=commit;h=17183af2

qxl: save qemu_create_displaysurface_from result

Spotted by Coverity.

https://bugzilla.redhat.com/show_bug.cgi?id=885644

Cc: qemu-stable <AT> nongnu.org
Reported-by: Markus Armbruster <armbru <AT> redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel <AT> redhat.com>
(cherry picked from commit 2f464b5a32b414adb545acc6d94b5c35c7d258ba)

---
 hw/qxl-render.c |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/hw/qxl-render.c b/hw/qxl-render.c
index b66c168..e7d41ec 100644
--- a/hw/qxl-render.c
+++ b/hw/qxl-render.c
@@ -113,11 +113,12 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl)
                qxl->guest_primary.bits_pp);
         if (qxl->guest_primary.qxl_stride > 0) {
             qemu_free_displaysurface(vga->ds);
-            qemu_create_displaysurface_from(qxl->guest_primary.surface.width,
-                                            qxl->guest_primary.surface.height,
-                                            qxl->guest_primary.bits_pp,
-                                            qxl->guest_primary.abs_stride,
-                                            qxl->guest_primary.data);
+            vga->ds->surface = qemu_create_displaysurface_from
+                (qxl->guest_primary.surface.width,
+                 qxl->guest_primary.surface.height,
+                 qxl->guest_primary.bits_pp,
+                 qxl->guest_primary.abs_stride,
+                 qxl->guest_primary.data);
         } else {
             qemu_resize_displaysurface(vga->ds,
                     qxl->guest_primary.surface.width,