qxl: fix local renderer

The local spice renderer assumes the primary surface is located at the
start of the "ram" bar.  This used to be a requirement in qxl hardware
revision 1.  In revision 2+ this is relaxed.  Nevertheless guest drivers
continued to use the traditional location, for historical and backward
compatibility reasons.  The qxl kms driver doesn't though as it depends
on qxl revision 4+ anyway.

Result is that local rendering is hosed for recent linux guests, you'll
get pixel garbage with non-spice ui (gtk, sdl, vnc) and when doing
screendumps.  Fix that by doing a proper mapping of the guest-specified
memory location.

......@@ -31,10 +31,6 @@ static void qxl_blit(PCIQXLDevice *qxl, QXLRect *rect)
if (is_buffer_shared(surface)) {
if (!qxl-> {
qxl-> = memory_region_get_ram_ptr(&qxl->vga.vram);
rect->left, rect->right, rect->top, rect->bottom);
src = qxl->;
......@@ -104,7 +100,12 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl)
if (qxl->guest_primary.resized) {
qxl->guest_primary.resized = 0;
qxl-> = memory_region_get_ram_ptr(&qxl->vga.vram);
qxl-> = qxl_phys2virt(qxl,
if (!qxl-> {
qxl_set_rect_to_surface(qxl, &qxl->dirty[0]);
qxl->num_dirty_rects = 1;
......@@ -128,6 +129,10 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl)
dpy_gfx_replace_surface(vga->con, surface);
if (!qxl-> {
for (i = 0; i < qxl->num_dirty_rects; i++) {
if (qemu_spice_rect_is_empty(qxl->dirty+i)) {
