[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] cirrus vga save\restore and lfb_addr\lfb_end

To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
From: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Date: Thu, 16 Oct 2008 15:30:05 +0100
Delivery-date: Thu, 16 Oct 2008 07:27:44 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Cirrus VGA save and restore functions cast lfb_addr into an uint64_t
pointer while lfb_addr is only an unsigned long.
Same thing happened to lfb_end, causing pci_dev to be partially
overwritten by mistake.

Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

---

diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
index e1c18e2..37e312d 100644
--- a/hw/cirrus_vga.c
+++ b/hw/cirrus_vga.c
@@ -291,8 +291,8 @@ typedef struct CirrusVGAState {
     int last_hw_cursor_y_end;
     int real_vram_size; /* XXX: suppress that */
     CPUWriteMemoryFunc **cirrus_linear_write;
-    unsigned long map_addr;
-    unsigned long map_end;
+    uint32_t map_addr;
+    uint32_t map_end;
 } CirrusVGAState;
 
 typedef struct PCICirrusVGAState {
@@ -3146,8 +3146,12 @@ static void cirrus_vga_save(QEMUFile *f, void *opaque)
 
     vga_acc = (!!s->map_addr);
     qemu_put_8s(f, &vga_acc);
-    qemu_put_be64s(f, (uint64_t*)&s->lfb_addr);
-    qemu_put_be64s(f, (uint64_t*)&s->lfb_end);
+    qemu_put_be32(f, s->lfb_addr);
+    /* XXX old versions saved rubbish here, keeping for compatibility */
+    qemu_put_be32(f, 0xffffffff);
+    qemu_put_be32(f, s->lfb_end);
+    /* XXX old versions saved rubbish here, keeping for compatibility */
+    qemu_put_be32(f, 0xffffffff);
     qemu_put_be64s(f, &s->stolen_vram_addr);
     if (!s->stolen_vram_addr && !vga_acc)
         /* Old guest: VRAM is not mapped, we have to save it ourselves */
@@ -3204,8 +3208,12 @@ static int cirrus_vga_load(QEMUFile *f, void *opaque, 
int version_id)
     qemu_get_be32s(f, &s->hw_cursor_y);
 
     qemu_get_8s(f, &vga_acc);
-    qemu_get_be64s(f, (uint64_t*)&s->lfb_addr);
-    qemu_get_be64s(f, (uint64_t*)&s->lfb_end);
+    qemu_get_be32s(f, &s->lfb_addr);
+    /* XXX throwing away 32 bits */
+    qemu_get_be32(f);
+    qemu_get_be32s(f, &s->lfb_end);
+    /* XXX throwing away 32 bits */
+    qemu_get_be32(f);
     if (version_id >= 3) {
         qemu_get_be64s(f, &s->stolen_vram_addr);
         if (!s->stolen_vram_addr && !vga_acc) {
diff --git a/hw/vga_int.h b/hw/vga_int.h
index 188a755..8aecbb7 100644
--- a/hw/vga_int.h
+++ b/hw/vga_int.h
@@ -87,8 +87,8 @@
     unsigned int vram_size;                                             \
     unsigned long bios_offset;                                          \
     unsigned int bios_size;                                             \
-    unsigned long lfb_addr;                                             \
-    unsigned long lfb_end;                                              \
+    uint32_t lfb_addr;                                                  \
+    uint32_t lfb_end;                                                   \
     PCIDevice *pci_dev;                                                 \
     uint32_t latch;                                                     \
     uint8_t sr_index;                                                   \

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Prev by Date: RE: [Xen-devel] [PATCH] use tlsf for xmalloc engine
Next by Date: [Xen-devel] [PATCH][Retry 1] NextRIPS support for forthcoming AMD processors
Previous by thread: [Xen-devel] How to know hypercall entry and exit addresses?
Next by thread: [Xen-devel] [PATCH][Retry 1] NextRIPS support for forthcoming AMD processors
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.