From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41377) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YNfkj-0003wc-UO for qemu-devel@nongnu.org; Tue, 17 Feb 2015 05:51:46 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YNfkg-0006QX-Kh for qemu-devel@nongnu.org; Tue, 17 Feb 2015 05:51:41 -0500 Received: from mx1.redhat.com ([209.132.183.28]:53614) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YNfkg-0006Pd-BR for qemu-devel@nongnu.org; Tue, 17 Feb 2015 05:51:38 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t1HApbC3019643 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 17 Feb 2015 05:51:37 -0500 Message-ID: <1424170295.6014.37.camel@nilsson.home.kraxel.org> From: Gerd Hoffmann Date: Tue, 17 Feb 2015 11:51:35 +0100 In-Reply-To: <20150217104802.GC4562@potion.brq.redhat.com> References: <1424121788-24560-1-git-send-email-rkrcmar@redhat.com> <1424121788-24560-2-git-send-email-rkrcmar@redhat.com> <1424160049.6014.4.camel@nilsson.home.kraxel.org> <20150217102928.GB4562@potion.brq.redhat.com> <1424169456.6014.34.camel@nilsson.home.kraxel.org> <20150217104802.GC4562@potion.brq.redhat.com> Content-Type: multipart/mixed; boundary="=-yxHWIGl+t7vzwwiRn9h/" Mime-Version: 1.0 Subject: Re: [Qemu-devel] [PATCH 1/2] vga: abort instead of shrinking memory List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Radim =?UTF-8?Q?Kr=C4=8Dm=C3=A1=C5=99?= Cc: qemu-devel@nongnu.org --=-yxHWIGl+t7vzwwiRn9h/ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Hi, > > Which command line triggers it? > > The important subset is: > -vga qxl -global qxl-vga.vgamem_mb=512 Ah, so the problem is only one place enforces a upper limit, so we can get an invalid configuration with large values. Can you try the attached patch? cheers, Gerd --=-yxHWIGl+t7vzwwiRn9h/ Content-Disposition: attachment; filename="0001-spice-fix-qxl-mem-size-checking.patch" Content-Type: text/x-patch; name="0001-spice-fix-qxl-mem-size-checking.patch"; charset="UTF-8" Content-Transfer-Encoding: 7bit >>From 7e5e3f9aa6ccd74ebbf454a0e5e4bddf87978f25 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 17 Feb 2015 11:50:49 +0100 Subject: [PATCH] spice: fix qxl mem size checking Signed-off-by: Gerd Hoffmann --- hw/display/qxl.c | 4 ++++ hw/display/vga.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/hw/display/qxl.c b/hw/display/qxl.c index 61df477..c8ca645 100644 --- a/hw/display/qxl.c +++ b/hw/display/qxl.c @@ -1880,6 +1880,9 @@ static void qxl_init_ramsize(PCIQXLDevice *qxl) if (qxl->vgamem_size_mb < 8) { qxl->vgamem_size_mb = 8; } + if (qxl->vgamem_size_mb > 512) { + qxl->vgamem_size_mb = 512; + } qxl->vgamem_size = qxl->vgamem_size_mb * 1024 * 1024; /* vga ram (bar 0, total) */ @@ -2040,6 +2043,7 @@ static int qxl_init_primary(PCIDevice *dev) vga->vbe_size = qxl->vgamem_size; vga->vram_size_mb = qxl->vga.vram_size >> 20; vga_common_init(vga, OBJECT(dev), true); + assert(qxl->vgamem_size < qxl->vga.vram_size); vga_init(vga, OBJECT(dev), pci_address_space(dev), pci_address_space_io(dev), false); portio_list_init(&qxl->vga_port_list, OBJECT(dev), qxl_vga_portio_list, diff --git a/hw/display/vga.c b/hw/display/vga.c index ffcfce3..52e86ce 100644 --- a/hw/display/vga.c +++ b/hw/display/vga.c @@ -2122,10 +2122,10 @@ void vga_common_init(VGACommonState *s, Object *obj, bool global_vmstate) expand4to8[i] = v; } - /* valid range: 1 MB -> 256 MB */ + /* valid range: 1 MB -> 1024 MB */ s->vram_size = 1024 * 1024; while (s->vram_size < (s->vram_size_mb << 20) && - s->vram_size < (256 << 20)) { + s->vram_size < (1024 << 20)) { s->vram_size <<= 1; } s->vram_size_mb = s->vram_size >> 20; -- 1.8.3.1 --=-yxHWIGl+t7vzwwiRn9h/--