From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
To: xen-devel <xen-devel@lists.xensource.com>
Subject: [PATCH] cirrus vga save\restore and lfb_addr\lfb_end
Date: Thu, 16 Oct 2008 15:30:05 +0100 [thread overview]
Message-ID: <48F74FED.8010404@eu.citrix.com> (raw)
Cirrus VGA save and restore functions cast lfb_addr into an uint64_t
pointer while lfb_addr is only an unsigned long.
Same thing happened to lfb_end, causing pci_dev to be partially
overwritten by mistake.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
---
diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
index e1c18e2..37e312d 100644
--- a/hw/cirrus_vga.c
+++ b/hw/cirrus_vga.c
@@ -291,8 +291,8 @@ typedef struct CirrusVGAState {
int last_hw_cursor_y_end;
int real_vram_size; /* XXX: suppress that */
CPUWriteMemoryFunc **cirrus_linear_write;
- unsigned long map_addr;
- unsigned long map_end;
+ uint32_t map_addr;
+ uint32_t map_end;
} CirrusVGAState;
typedef struct PCICirrusVGAState {
@@ -3146,8 +3146,12 @@ static void cirrus_vga_save(QEMUFile *f, void *opaque)
vga_acc = (!!s->map_addr);
qemu_put_8s(f, &vga_acc);
- qemu_put_be64s(f, (uint64_t*)&s->lfb_addr);
- qemu_put_be64s(f, (uint64_t*)&s->lfb_end);
+ qemu_put_be32(f, s->lfb_addr);
+ /* XXX old versions saved rubbish here, keeping for compatibility */
+ qemu_put_be32(f, 0xffffffff);
+ qemu_put_be32(f, s->lfb_end);
+ /* XXX old versions saved rubbish here, keeping for compatibility */
+ qemu_put_be32(f, 0xffffffff);
qemu_put_be64s(f, &s->stolen_vram_addr);
if (!s->stolen_vram_addr && !vga_acc)
/* Old guest: VRAM is not mapped, we have to save it ourselves */
@@ -3204,8 +3208,12 @@ static int cirrus_vga_load(QEMUFile *f, void *opaque, int version_id)
qemu_get_be32s(f, &s->hw_cursor_y);
qemu_get_8s(f, &vga_acc);
- qemu_get_be64s(f, (uint64_t*)&s->lfb_addr);
- qemu_get_be64s(f, (uint64_t*)&s->lfb_end);
+ qemu_get_be32s(f, &s->lfb_addr);
+ /* XXX throwing away 32 bits */
+ qemu_get_be32(f);
+ qemu_get_be32s(f, &s->lfb_end);
+ /* XXX throwing away 32 bits */
+ qemu_get_be32(f);
if (version_id >= 3) {
qemu_get_be64s(f, &s->stolen_vram_addr);
if (!s->stolen_vram_addr && !vga_acc) {
diff --git a/hw/vga_int.h b/hw/vga_int.h
index 188a755..8aecbb7 100644
--- a/hw/vga_int.h
+++ b/hw/vga_int.h
@@ -87,8 +87,8 @@
unsigned int vram_size; \
unsigned long bios_offset; \
unsigned int bios_size; \
- unsigned long lfb_addr; \
- unsigned long lfb_end; \
+ uint32_t lfb_addr; \
+ uint32_t lfb_end; \
PCIDevice *pci_dev; \
uint32_t latch; \
uint8_t sr_index; \
reply other threads:[~2008-10-16 14:30 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48F74FED.8010404@eu.citrix.com \
--to=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.