Hi,
> > + virtio_gpu_cleanup_mapping_iov(res_iovs, num_iovs);
>
> Is res_iovs leaked here?
Oops, yes. Moving the iov release to virtio_gpu_cleanup_mapping_iov (so
things is symmetrical to virtio_gpu_create_mapping_iov which allocates
it), that'll fix it.
> > + pixels = s->current_cursor->width * s->current_cursor->height;
> > + memcpy(s->current_cursor->data, data, pixels * sizeof(uint32_t));
> > + free(data);
>
> width and height are unused; should they be compared against
> s->current_cursor->{width,height} to spot discrepancies?
Added.
> > +static void virtio_gpu_set_features(VirtIODevice *vdev, uint64_t features)
> > +{
> > + static const uint32_t virgl = (1 << VIRTIO_GPU_FEATURE_VIRGL);
> > + VirtIOGPU *g = VIRTIO_GPU(vdev);
> > +
> > + g->use_virgl_renderer = ((features & virgl) == virgl);
>
> Could a non-well-behaving guest just set this feature bit even if it was
> not reported by virtio_gpu_get_features() because it has been disabled?
I'm pretty sure virtio core doesn't allow this.
cheers,
Gerd
