These patches (the first three especially) fix an assertion failure
introduced by horizontal pel panning support in VGA.  The assertion
triggers with legacy 4- and 16-color modes, due to a mismatch between
the addresses visited by vga_draw_graphic() and the region that is
passed to memory_region_snapshot_and_clear_dirty().

Patches 1 and 2 reorganize the code so that the "bits" value
(used in turn to check if horizontal pel panning is taken into
account) is available where the dirty memory region is computed.

Patch 3 is the actual bug fix.

Patch 4 is a small optimization that would also hide the bug, by
treating pel panning as disabled in the common case where the
register is set to 8 (bit 3 is ignored in graphics mode).
This one could be suitable for QEMU 9.0 but is not necessary.

Patches 5 and 6 are larger cleanups and optimizations in how the dirty
memory region is computed.  This is enabled by the availability of "bits"
where the dirty memory region is computed; it is now possible for 8-
and 15-bit modes to skip the slow path and only read dirty bits for a
small part of VRAM.

Paolo Bonzini (6):
  vga: merge conditionals on shift control register
  vga: move computation of dirty memory region later
  vga: adjust dirty memory region if pel panning is active
  vga: do not treat horiz pel panning value of 8 as "enabled"
  vga: optimize computation of dirty memory region
  vga: move dirty memory region code together

 hw/display/vga.c     | 152 ++++++++++++++++++++-----------------------
 1 file changed, 71 insertions(+), 81 deletions(-)

-- 
2.44.0