* [Qemu-devel] [PATCH 0/2] ati: fix ati_cursor_define bug.
@ 2019-09-12 12:18 Gerd Hoffmann
2019-09-12 12:18 ` [Qemu-devel] [PATCH 1/2] vga: move access helpers to separate include file Gerd Hoffmann
2019-09-12 12:18 ` [Qemu-devel] [PATCH 2/2] ati: use vga_read_byte in ati_cursor_define Gerd Hoffmann
0 siblings, 2 replies; 4+ messages in thread
From: Gerd Hoffmann @ 2019-09-12 12:18 UTC (permalink / raw)
To: qemu-devel; +Cc: Michael S. Tsirkin, Gerd Hoffmann, flier_m
Gerd Hoffmann (2):
vga: move access helpers to separate include file
ati: use vga_read_byte in ati_cursor_define
hw/display/vga-access.h | 49 ++++++++++++++++++++++++++++++++++++++++
hw/display/vga-helpers.h | 26 ---------------------
hw/display/ati.c | 11 +++++----
hw/display/vga.c | 1 +
4 files changed, 56 insertions(+), 31 deletions(-)
create mode 100644 hw/display/vga-access.h
--
2.18.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Qemu-devel] [PATCH 1/2] vga: move access helpers to separate include file
2019-09-12 12:18 [Qemu-devel] [PATCH 0/2] ati: fix ati_cursor_define bug Gerd Hoffmann
@ 2019-09-12 12:18 ` Gerd Hoffmann
2019-09-12 12:18 ` [Qemu-devel] [PATCH 2/2] ati: use vga_read_byte in ati_cursor_define Gerd Hoffmann
1 sibling, 0 replies; 4+ messages in thread
From: Gerd Hoffmann @ 2019-09-12 12:18 UTC (permalink / raw)
To: qemu-devel; +Cc: Michael S. Tsirkin, Gerd Hoffmann, flier_m
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/vga-access.h | 49 ++++++++++++++++++++++++++++++++++++++++
hw/display/vga-helpers.h | 26 ---------------------
hw/display/vga.c | 1 +
3 files changed, 50 insertions(+), 26 deletions(-)
create mode 100644 hw/display/vga-access.h
diff --git a/hw/display/vga-access.h b/hw/display/vga-access.h
new file mode 100644
index 000000000000..c0fbd9958b2e
--- /dev/null
+++ b/hw/display/vga-access.h
@@ -0,0 +1,49 @@
+/*
+ * QEMU VGA Emulator templates
+ *
+ * Copyright (c) 2003 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+static inline uint8_t vga_read_byte(VGACommonState *vga, uint32_t addr)
+{
+ return vga->vram_ptr[addr & vga->vbe_size_mask];
+}
+
+static inline uint16_t vga_read_word_le(VGACommonState *vga, uint32_t addr)
+{
+ uint32_t offset = addr & vga->vbe_size_mask & ~1;
+ uint16_t *ptr = (uint16_t *)(vga->vram_ptr + offset);
+ return lduw_le_p(ptr);
+}
+
+static inline uint16_t vga_read_word_be(VGACommonState *vga, uint32_t addr)
+{
+ uint32_t offset = addr & vga->vbe_size_mask & ~1;
+ uint16_t *ptr = (uint16_t *)(vga->vram_ptr + offset);
+ return lduw_be_p(ptr);
+}
+
+static inline uint32_t vga_read_dword_le(VGACommonState *vga, uint32_t addr)
+{
+ uint32_t offset = addr & vga->vbe_size_mask & ~3;
+ uint32_t *ptr = (uint32_t *)(vga->vram_ptr + offset);
+ return ldl_le_p(ptr);
+}
diff --git a/hw/display/vga-helpers.h b/hw/display/vga-helpers.h
index 5a752b3f9efd..10e9cfd40a04 100644
--- a/hw/display/vga-helpers.h
+++ b/hw/display/vga-helpers.h
@@ -95,32 +95,6 @@ static void vga_draw_glyph9(uint8_t *d, int linesize,
} while (--h);
}
-static inline uint8_t vga_read_byte(VGACommonState *vga, uint32_t addr)
-{
- return vga->vram_ptr[addr & vga->vbe_size_mask];
-}
-
-static inline uint16_t vga_read_word_le(VGACommonState *vga, uint32_t addr)
-{
- uint32_t offset = addr & vga->vbe_size_mask & ~1;
- uint16_t *ptr = (uint16_t *)(vga->vram_ptr + offset);
- return lduw_le_p(ptr);
-}
-
-static inline uint16_t vga_read_word_be(VGACommonState *vga, uint32_t addr)
-{
- uint32_t offset = addr & vga->vbe_size_mask & ~1;
- uint16_t *ptr = (uint16_t *)(vga->vram_ptr + offset);
- return lduw_be_p(ptr);
-}
-
-static inline uint32_t vga_read_dword_le(VGACommonState *vga, uint32_t addr)
-{
- uint32_t offset = addr & vga->vbe_size_mask & ~3;
- uint32_t *ptr = (uint32_t *)(vga->vram_ptr + offset);
- return ldl_le_p(ptr);
-}
-
/*
* 4 color mode
*/
diff --git a/hw/display/vga.c b/hw/display/vga.c
index 573d223d46f0..82ebe5361096 100644
--- a/hw/display/vga.c
+++ b/hw/display/vga.c
@@ -1009,6 +1009,7 @@ void vga_mem_writeb(VGACommonState *s, hwaddr addr, uint32_t val)
typedef void vga_draw_line_func(VGACommonState *s1, uint8_t *d,
uint32_t srcaddr, int width);
+#include "vga-access.h"
#include "vga-helpers.h"
/* return true if the palette was modified */
--
2.18.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Qemu-devel] [PATCH 2/2] ati: use vga_read_byte in ati_cursor_define
2019-09-12 12:18 [Qemu-devel] [PATCH 0/2] ati: fix ati_cursor_define bug Gerd Hoffmann
2019-09-12 12:18 ` [Qemu-devel] [PATCH 1/2] vga: move access helpers to separate include file Gerd Hoffmann
@ 2019-09-12 12:18 ` Gerd Hoffmann
2019-09-12 21:09 ` BALATON Zoltan
1 sibling, 1 reply; 4+ messages in thread
From: Gerd Hoffmann @ 2019-09-12 12:18 UTC (permalink / raw)
To: qemu-devel; +Cc: Michael S. Tsirkin, Gerd Hoffmann, flier_m
This makes sure reads are confined to vga video memory.
Reported-by: xu hang <flier_m@outlook.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/ati.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/hw/display/ati.c b/hw/display/ati.c
index 8f940eee221a..6d77c40b8287 100644
--- a/hw/display/ati.c
+++ b/hw/display/ati.c
@@ -19,6 +19,7 @@
#include "qemu/osdep.h"
#include "ati_int.h"
#include "ati_regs.h"
+#include "vga-access.h"
#include "hw/qdev-properties.h"
#include "vga_regs.h"
#include "qemu/log.h"
@@ -135,19 +136,19 @@ static void ati_vga_switch_mode(ATIVGAState *s)
static void ati_cursor_define(ATIVGAState *s)
{
uint8_t data[1024];
- uint8_t *src;
+ unsigned srcoff;
int i, j, idx = 0;
if ((s->regs.cur_offset & BIT(31)) || s->cursor_guest_mode) {
return; /* Do not update cursor if locked or rendered by guest */
}
/* FIXME handle cur_hv_offs correctly */
- src = s->vga.vram_ptr + s->regs.cur_offset -
- (s->regs.cur_hv_offs >> 16) - (s->regs.cur_hv_offs & 0xffff) * 16;
+ srcoff = s->regs.cur_offset -
+ (s->regs.cur_hv_offs >> 16) - (s->regs.cur_hv_offs & 0xffff) * 16;
for (i = 0; i < 64; i++) {
for (j = 0; j < 8; j++, idx++) {
- data[idx] = src[i * 16 + j];
- data[512 + idx] = src[i * 16 + j + 8];
+ data[idx] = vga_read_byte(&s->vga, srcoff + i * 16 + j);
+ data[512 + idx] = vga_read_byte(&s->vga, srcoff + i * 16 + j + 8);
}
}
if (!s->cursor) {
--
2.18.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH 2/2] ati: use vga_read_byte in ati_cursor_define
2019-09-12 12:18 ` [Qemu-devel] [PATCH 2/2] ati: use vga_read_byte in ati_cursor_define Gerd Hoffmann
@ 2019-09-12 21:09 ` BALATON Zoltan
0 siblings, 0 replies; 4+ messages in thread
From: BALATON Zoltan @ 2019-09-12 21:09 UTC (permalink / raw)
To: Gerd Hoffmann; +Cc: qemu-devel, flier_m, Michael S. Tsirkin
On Thu, 12 Sep 2019, Gerd Hoffmann wrote:
> This makes sure reads are confined to vga video memory.
>
> Reported-by: xu hang <flier_m@outlook.com>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
> hw/display/ati.c | 11 ++++++-----
> 1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/hw/display/ati.c b/hw/display/ati.c
> index 8f940eee221a..6d77c40b8287 100644
> --- a/hw/display/ati.c
> +++ b/hw/display/ati.c
> @@ -19,6 +19,7 @@
> #include "qemu/osdep.h"
> #include "ati_int.h"
> #include "ati_regs.h"
> +#include "vga-access.h"
> #include "hw/qdev-properties.h"
> #include "vga_regs.h"
> #include "qemu/log.h"
> @@ -135,19 +136,19 @@ static void ati_vga_switch_mode(ATIVGAState *s)
> static void ati_cursor_define(ATIVGAState *s)
> {
> uint8_t data[1024];
> - uint8_t *src;
> + unsigned srcoff;
> int i, j, idx = 0;
>
> if ((s->regs.cur_offset & BIT(31)) || s->cursor_guest_mode) {
> return; /* Do not update cursor if locked or rendered by guest */
> }
> /* FIXME handle cur_hv_offs correctly */
> - src = s->vga.vram_ptr + s->regs.cur_offset -
> - (s->regs.cur_hv_offs >> 16) - (s->regs.cur_hv_offs & 0xffff) * 16;
> + srcoff = s->regs.cur_offset -
> + (s->regs.cur_hv_offs >> 16) - (s->regs.cur_hv_offs & 0xffff) * 16;
Do we need similar fix in ati_cursor_draw_line() as well which also
accesses cursor data when guest_hwcursor property is true?
Regards,
BALATON Zoltan
> for (i = 0; i < 64; i++) {
> for (j = 0; j < 8; j++, idx++) {
> - data[idx] = src[i * 16 + j];
> - data[512 + idx] = src[i * 16 + j + 8];
> + data[idx] = vga_read_byte(&s->vga, srcoff + i * 16 + j);
> + data[512 + idx] = vga_read_byte(&s->vga, srcoff + i * 16 + j + 8);
> }
> }
> if (!s->cursor) {
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-09-12 21:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-12 12:18 [Qemu-devel] [PATCH 0/2] ati: fix ati_cursor_define bug Gerd Hoffmann
2019-09-12 12:18 ` [Qemu-devel] [PATCH 1/2] vga: move access helpers to separate include file Gerd Hoffmann
2019-09-12 12:18 ` [Qemu-devel] [PATCH 2/2] ati: use vga_read_byte in ati_cursor_define Gerd Hoffmann
2019-09-12 21:09 ` BALATON Zoltan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).