From patchwork Mon May 18 15:12:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gerd Hoffmann X-Patchwork-Id: 282470 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57CDAC433DF for ; Mon, 18 May 2020 15:16:47 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 27C9B20756 for ; Mon, 18 May 2020 15:16:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="b8Qmr2U7" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 27C9B20756 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:45256 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jahVW-0004h4-A1 for qemu-devel@archiver.kernel.org; Mon, 18 May 2020 11:16:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47646) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jahS6-0008D0-Vx for qemu-devel@nongnu.org; Mon, 18 May 2020 11:13:15 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:36145 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jahS1-0005xH-Vu for qemu-devel@nongnu.org; Mon, 18 May 2020 11:13:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589814789; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:content-type:content-type:in-reply-to:in-reply-to: references:references; bh=ldHYNRCCIyCjzZACk5BSdTldkMiO0XhPJ88/SX/DWp8=; b=b8Qmr2U7jeKwE3tDdD6JE875ypGSKjbvYny5VP62Wta5qoi6svp2646Rzi5+m/r+Gf8GJY w+qPmkNQYC34Q3c7ReDuraZOEu4tVBIPJbjQn3dZaGSVtMq7338tulJgqMIcCyMFi7erbL Xdt5X/atSrkQaqFOD3m5lUqHQ2SEp/M= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-378-pLmnozaoP9ueV0CW8_RSEQ-1; Mon, 18 May 2020 11:13:05 -0400 X-MC-Unique: pLmnozaoP9ueV0CW8_RSEQ-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D707B107ACCD; Mon, 18 May 2020 15:13:03 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-113-50.ams2.redhat.com [10.36.113.50]) by smtp.corp.redhat.com (Postfix) with ESMTP id 37C335C1B2; Mon, 18 May 2020 15:12:56 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 8319817477; Mon, 18 May 2020 17:12:55 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Subject: [PULL 1/8] ati-vga: Do not allow unaligned access via index register Date: Mon, 18 May 2020 17:12:48 +0200 Message-Id: <20200518151255.10785-2-kraxel@redhat.com> In-Reply-To: <20200518151255.10785-1-kraxel@redhat.com> References: <20200518151255.10785-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=205.139.110.61; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/17 23:32:08 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas Huth , Paolo Bonzini , Alex Williamson , Gerd Hoffmann Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" From: BALATON Zoltan According to docs bits 1 and 0 of MM_INDEX are hard coded to 0 so unaligned access via this register should not be possible. This also fixes problems reported in bug #1878134. Buglink: https://bugs.launchpad.net/qemu/+bug/1878134 Signed-off-by: BALATON Zoltan Tested-by: Alexander Bulekov Acked-by: Alexander Bulekov Message-id: 20200516132352.39E9374594E@zero.eik.bme.hu Signed-off-by: Gerd Hoffmann --- hw/display/ati.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/display/ati.c b/hw/display/ati.c index 58ec8291d460..065f197678e4 100644 --- a/hw/display/ati.c +++ b/hw/display/ati.c @@ -511,7 +511,7 @@ static void ati_mm_write(void *opaque, hwaddr addr, } switch (addr) { case MM_INDEX: - s->regs.mm_index = data; + s->regs.mm_index = data & ~3; break; case MM_DATA ... MM_DATA + 3: /* indexed access to regs or memory */ From patchwork Mon May 18 15:12:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gerd Hoffmann X-Patchwork-Id: 282471 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7D690C433E1 for ; Mon, 18 May 2020 15:14:24 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4D79020671 for ; Mon, 18 May 2020 15:14:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="VDa9udDD" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4D79020671 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:37722 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jahTD-0001Q8-FR for qemu-devel@archiver.kernel.org; Mon, 18 May 2020 11:14:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47620) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jahS2-0008CT-MB for qemu-devel@nongnu.org; Mon, 18 May 2020 11:13:10 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:26982 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jahS0-0005x7-VM for qemu-devel@nongnu.org; Mon, 18 May 2020 11:13:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589814788; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:content-type:content-type:in-reply-to:in-reply-to: references:references; bh=ddE1J3IeNEdn4AeoJi2TcC6T3/GhYGv2cotZGl9fFUk=; b=VDa9udDDJ//8FdQkHJzoISMhGsDN5VIVEkZhl4jo4XxpTQ5pRQnsnSt0U86QFD1kUiISkM u6iPM3oA1y7Klw+QT65Hr7mHNIhg96yVD71ZG0EgDtyiowtzCw1hbjlr8UvfURj2jMhIUE Yr2q5SP2G3v0eLtLFAvFnGJXj8/by/M= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-110-PSAQBG95MZmhcie1xhnpzQ-1; Mon, 18 May 2020 11:13:06 -0400 X-MC-Unique: PSAQBG95MZmhcie1xhnpzQ-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 662EB107ACF4; Mon, 18 May 2020 15:13:05 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-113-50.ams2.redhat.com [10.36.113.50]) by smtp.corp.redhat.com (Postfix) with ESMTP id A59375D9DC; Mon, 18 May 2020 15:12:56 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 9C38117538; Mon, 18 May 2020 17:12:55 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Subject: [PULL 3/8] Revert "hw/display/ramfb: initialize fw-config space with xres/ yres" Date: Mon, 18 May 2020 17:12:50 +0200 Message-Id: <20200518151255.10785-4-kraxel@redhat.com> In-Reply-To: <20200518151255.10785-1-kraxel@redhat.com> References: <20200518151255.10785-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=205.139.110.120; envelope-from=kraxel@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/17 22:51:00 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas Huth , Paolo Bonzini , Alex Williamson , Gerd Hoffmann , Hou Qiming Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" This reverts commit f79081b4b71b72640bedd40a7cd76f864c8287f1. Patch has broken byteorder handling: RAMFBCfg fields are in bigendian byteorder, the reset function doesn't care so native byteorder is used instead. Given this went unnoticed so far the feature is obviously unused, so just revert the patch. Cc: Hou Qiming Signed-off-by: Gerd Hoffmann Acked-by: Laszlo Ersek Message-id: 20200429115236.28709-2-kraxel@redhat.com --- include/hw/display/ramfb.h | 2 +- hw/display/ramfb-standalone.c | 12 +----------- hw/display/ramfb.c | 16 +--------------- hw/vfio/display.c | 4 ++-- stubs/ramfb.c | 2 +- 5 files changed, 6 insertions(+), 30 deletions(-) diff --git a/include/hw/display/ramfb.h b/include/hw/display/ramfb.h index f6c2de93b222..b33a2c467b28 100644 --- a/include/hw/display/ramfb.h +++ b/include/hw/display/ramfb.h @@ -4,7 +4,7 @@ /* ramfb.c */ typedef struct RAMFBState RAMFBState; void ramfb_display_update(QemuConsole *con, RAMFBState *s); -RAMFBState *ramfb_setup(DeviceState *dev, Error **errp); +RAMFBState *ramfb_setup(Error **errp); /* ramfb-standalone.c */ #define TYPE_RAMFB_DEVICE "ramfb" diff --git a/hw/display/ramfb-standalone.c b/hw/display/ramfb-standalone.c index d76a9d0fe2c9..b18db97eeb1b 100644 --- a/hw/display/ramfb-standalone.c +++ b/hw/display/ramfb-standalone.c @@ -3,7 +3,6 @@ #include "qemu/module.h" #include "hw/loader.h" #include "hw/qdev-properties.h" -#include "hw/isa/isa.h" #include "hw/display/ramfb.h" #include "ui/console.h" @@ -13,8 +12,6 @@ typedef struct RAMFBStandaloneState { SysBusDevice parent_obj; QemuConsole *con; RAMFBState *state; - uint32_t xres; - uint32_t yres; } RAMFBStandaloneState; static void display_update_wrapper(void *dev) @@ -37,22 +34,15 @@ static void ramfb_realizefn(DeviceState *dev, Error **errp) RAMFBStandaloneState *ramfb = RAMFB(dev); ramfb->con = graphic_console_init(dev, 0, &wrapper_ops, dev); - ramfb->state = ramfb_setup(dev, errp); + ramfb->state = ramfb_setup(errp); } -static Property ramfb_properties[] = { - DEFINE_PROP_UINT32("xres", RAMFBStandaloneState, xres, 0), - DEFINE_PROP_UINT32("yres", RAMFBStandaloneState, yres, 0), - DEFINE_PROP_END_OF_LIST(), -}; - static void ramfb_class_initfn(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories); dc->realize = ramfb_realizefn; - device_class_set_props(dc, ramfb_properties); dc->desc = "ram framebuffer standalone device"; dc->user_creatable = true; } diff --git a/hw/display/ramfb.c b/hw/display/ramfb.c index 7ba07c80f6e1..bd4746dc1768 100644 --- a/hw/display/ramfb.c +++ b/hw/display/ramfb.c @@ -13,7 +13,6 @@ #include "qemu/osdep.h" #include "qapi/error.h" -#include "qemu/option.h" #include "hw/loader.h" #include "hw/display/ramfb.h" #include "ui/console.h" @@ -31,7 +30,6 @@ struct QEMU_PACKED RAMFBCfg { struct RAMFBState { DisplaySurface *ds; uint32_t width, height; - uint32_t starting_width, starting_height; struct RAMFBCfg cfg; bool locked; }; @@ -117,11 +115,9 @@ static void ramfb_reset(void *opaque) RAMFBState *s = (RAMFBState *)opaque; s->locked = false; memset(&s->cfg, 0, sizeof(s->cfg)); - s->cfg.width = s->starting_width; - s->cfg.height = s->starting_height; } -RAMFBState *ramfb_setup(DeviceState* dev, Error **errp) +RAMFBState *ramfb_setup(Error **errp) { FWCfgState *fw_cfg = fw_cfg_find(); RAMFBState *s; @@ -133,16 +129,6 @@ RAMFBState *ramfb_setup(DeviceState* dev, Error **errp) s = g_new0(RAMFBState, 1); - const char *s_fb_width = qemu_opt_get(dev->opts, "xres"); - const char *s_fb_height = qemu_opt_get(dev->opts, "yres"); - if (s_fb_width) { - s->cfg.width = atoi(s_fb_width); - s->starting_width = s->cfg.width; - } - if (s_fb_height) { - s->cfg.height = atoi(s_fb_height); - s->starting_height = s->cfg.height; - } s->locked = false; rom_add_vga("vgabios-ramfb.bin"); diff --git a/hw/vfio/display.c b/hw/vfio/display.c index f4977c66e1b5..a57a22674d62 100644 --- a/hw/vfio/display.c +++ b/hw/vfio/display.c @@ -353,7 +353,7 @@ static int vfio_display_dmabuf_init(VFIOPCIDevice *vdev, Error **errp) &vfio_display_dmabuf_ops, vdev); if (vdev->enable_ramfb) { - vdev->dpy->ramfb = ramfb_setup(DEVICE(vdev), errp); + vdev->dpy->ramfb = ramfb_setup(errp); } vfio_display_edid_init(vdev); return 0; @@ -479,7 +479,7 @@ static int vfio_display_region_init(VFIOPCIDevice *vdev, Error **errp) &vfio_display_region_ops, vdev); if (vdev->enable_ramfb) { - vdev->dpy->ramfb = ramfb_setup(DEVICE(vdev), errp); + vdev->dpy->ramfb = ramfb_setup(errp); } return 0; } diff --git a/stubs/ramfb.c b/stubs/ramfb.c index 0799093a5d6e..48143f33542f 100644 --- a/stubs/ramfb.c +++ b/stubs/ramfb.c @@ -6,7 +6,7 @@ void ramfb_display_update(QemuConsole *con, RAMFBState *s) { } -RAMFBState *ramfb_setup(DeviceState* dev, Error **errp) +RAMFBState *ramfb_setup(Error **errp) { error_setg(errp, "ramfb support not available"); return NULL; From patchwork Mon May 18 15:12:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gerd Hoffmann X-Patchwork-Id: 282472 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB77BC433DF for ; Mon, 18 May 2020 15:14:23 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 738C620671 for ; Mon, 18 May 2020 15:14:23 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Voql2cjR" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 738C620671 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:37660 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jahTC-0001Oe-K6 for qemu-devel@archiver.kernel.org; Mon, 18 May 2020 11:14:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47632) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jahS2-0008CW-Rx for qemu-devel@nongnu.org; Mon, 18 May 2020 11:13:10 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:41654 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jahS1-0005xG-T8 for qemu-devel@nongnu.org; Mon, 18 May 2020 11:13:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589814788; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:content-type:content-type:in-reply-to:in-reply-to: references:references; bh=m+oXLR/s2hsUzUabYgFwDLrpvj1T3gZYj4iuWFEwGKY=; b=Voql2cjRyEIkW3v4w7VQzED3Dz7ZQDHytrvUbuuNoqrCPssRegON+L7Bo3Mgxb63CdUKzG Nr2erfd4etPdBYErRzuL5K/fnKAw9ctm1/U5pQ9SU7bhslHPcaN7el/pe++lsqczif25ns PKnPhk30lNLlTHx4F4cuBvY45GekXCY= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-462-1Q3EqMwkP5yxQ8k2pWoYLg-1; Mon, 18 May 2020 11:13:06 -0400 X-MC-Unique: 1Q3EqMwkP5yxQ8k2pWoYLg-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3EA49EC1A2; Mon, 18 May 2020 15:13:05 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-113-50.ams2.redhat.com [10.36.113.50]) by smtp.corp.redhat.com (Postfix) with ESMTP id C45515D9DD; Mon, 18 May 2020 15:13:04 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id C82BE9D54; Mon, 18 May 2020 17:12:55 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Subject: [PULL 8/8] ramfb: fix size calculation Date: Mon, 18 May 2020 17:12:55 +0200 Message-Id: <20200518151255.10785-9-kraxel@redhat.com> In-Reply-To: <20200518151255.10785-1-kraxel@redhat.com> References: <20200518151255.10785-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=205.139.110.120; envelope-from=kraxel@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/17 22:51:00 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas Huth , Paolo Bonzini , Alex Williamson , Gerd Hoffmann Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" size calculation isn't correct with guest-supplied stride, the last display line isn't accounted for correctly. For the typical case of stride > linesize (add padding) we error on the safe side (calculated size is larger than actual size). With stride < linesize (scanlines overlap) the calculated size is smaller than the actual size though so our guest memory mapping might end up being too small. While being at it also fix ramfb_create_display_surface to use hwaddr for the parameters. That way all calculation are done with hwaddr type and we can't get funny effects from type castings. Signed-off-by: Gerd Hoffmann Acked-by: Laszlo Ersek Message-id: 20200429115236.28709-7-kraxel@redhat.com --- hw/display/ramfb.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/hw/display/ramfb.c b/hw/display/ramfb.c index 52dae78db48f..79b9754a5820 100644 --- a/hw/display/ramfb.c +++ b/hw/display/ramfb.c @@ -44,10 +44,10 @@ static void ramfb_unmap_display_surface(pixman_image_t *image, void *unused) static DisplaySurface *ramfb_create_display_surface(int width, int height, pixman_format_code_t format, - int linesize, uint64_t addr) + hwaddr stride, hwaddr addr) { DisplaySurface *surface; - hwaddr size; + hwaddr size, mapsize, linesize; void *data; if (width < 16 || width > VBE_DISPI_MAX_XRES || @@ -55,19 +55,20 @@ static DisplaySurface *ramfb_create_display_surface(int width, int height, format == 0 /* unknown format */) return NULL; - if (linesize == 0) { - linesize = width * PIXMAN_FORMAT_BPP(format) / 8; + linesize = width * PIXMAN_FORMAT_BPP(format) / 8; + if (stride == 0) { + stride = linesize; } - size = (hwaddr)linesize * height; - data = cpu_physical_memory_map(addr, &size, false); - if (size != (hwaddr)linesize * height) { - cpu_physical_memory_unmap(data, size, 0, 0); + mapsize = size = stride * (height - 1) + linesize; + data = cpu_physical_memory_map(addr, &mapsize, false); + if (size != mapsize) { + cpu_physical_memory_unmap(data, mapsize, 0, 0); return NULL; } surface = qemu_create_displaysurface_from(width, height, - format, linesize, data); + format, stride, data); pixman_image_set_destroy_function(surface->image, ramfb_unmap_display_surface, NULL);