WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] [PATCH] cirrus vga save\restore and lfb_addr\lfb_end

from [Stefano Stabellini] [Permanent Link][Original]
To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH] cirrus vga save\restore and lfb_addr\lfb_end
From: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Date: Thu, 16 Oct 2008 15:30:05 +0100
Delivery-date: Thu, 16 Oct 2008 07:27:44 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.14 (X11/20080505) 
Cirrus VGA save and restore functions cast lfb_addr into an uint64_t
pointer while lfb_addr is only an unsigned long.
Same thing happened to lfb_end, causing pci_dev to be partially
overwritten by mistake.

Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

---

diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
index e1c18e2..37e312d 100644
--- a/hw/cirrus_vga.c
+++ b/hw/cirrus_vga.c
@@ -291,8 +291,8 @@ typedef struct CirrusVGAState {
     int last_hw_cursor_y_end;
     int real_vram_size; /* XXX: suppress that */
     CPUWriteMemoryFunc **cirrus_linear_write;
-    unsigned long map_addr;
-    unsigned long map_end;
+    uint32_t map_addr;
+    uint32_t map_end;
 } CirrusVGAState;
 
 typedef struct PCICirrusVGAState {
@@ -3146,8 +3146,12 @@ static void cirrus_vga_save(QEMUFile *f, void *opaque)
 
     vga_acc = (!!s->map_addr);
     qemu_put_8s(f, &vga_acc);
-    qemu_put_be64s(f, (uint64_t*)&s->lfb_addr);
-    qemu_put_be64s(f, (uint64_t*)&s->lfb_end);
+    qemu_put_be32(f, s->lfb_addr);
+    /* XXX old versions saved rubbish here, keeping for compatibility */
+    qemu_put_be32(f, 0xffffffff);
+    qemu_put_be32(f, s->lfb_end);
+    /* XXX old versions saved rubbish here, keeping for compatibility */
+    qemu_put_be32(f, 0xffffffff);
     qemu_put_be64s(f, &s->stolen_vram_addr);
     if (!s->stolen_vram_addr && !vga_acc)
         /* Old guest: VRAM is not mapped, we have to save it ourselves */
@@ -3204,8 +3208,12 @@ static int cirrus_vga_load(QEMUFile *f, void *opaque, 
int version_id)
     qemu_get_be32s(f, &s->hw_cursor_y);
 
     qemu_get_8s(f, &vga_acc);
-    qemu_get_be64s(f, (uint64_t*)&s->lfb_addr);
-    qemu_get_be64s(f, (uint64_t*)&s->lfb_end);
+    qemu_get_be32s(f, &s->lfb_addr);
+    /* XXX throwing away 32 bits */
+    qemu_get_be32(f);
+    qemu_get_be32s(f, &s->lfb_end);
+    /* XXX throwing away 32 bits */
+    qemu_get_be32(f);
     if (version_id >= 3) {
         qemu_get_be64s(f, &s->stolen_vram_addr);
         if (!s->stolen_vram_addr && !vga_acc) {
diff --git a/hw/vga_int.h b/hw/vga_int.h
index 188a755..8aecbb7 100644
--- a/hw/vga_int.h
+++ b/hw/vga_int.h
@@ -87,8 +87,8 @@
     unsigned int vram_size;                                             \
     unsigned long bios_offset;                                          \
     unsigned int bios_size;                                             \
-    unsigned long lfb_addr;                                             \
-    unsigned long lfb_end;                                              \
+    uint32_t lfb_addr;                                                  \
+    uint32_t lfb_end;                                                   \
     PCIDevice *pci_dev;                                                 \
     uint32_t latch;                                                     \
     uint8_t sr_index;                                                   \

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] cirrus vga save\restore and lfb_addr\lfb_end, Stefano Stabellini <=
Previous by Date:  RE: [Xen-devel] [PATCH] use tlsf for xmalloc engine, Dan Magenheimer
Next by Date:  [Xen-devel] [PATCH][Retry 1] NextRIPS support for forthcoming AMD processors, Mark Langsdorf
Previous by Thread:  [Xen-devel] How to know hypercall entry and exit addresses?, Nbp
Next by Thread:  [Xen-devel] [PATCH][Retry 1] NextRIPS support for forthcoming AMD processors, Mark Langsdorf
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy