From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45020) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bFgwa-0004pc-Vp for qemu-devel@nongnu.org; Wed, 22 Jun 2016 08:07:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bFgwT-0006MB-Qr for qemu-devel@nongnu.org; Wed, 22 Jun 2016 08:07:43 -0400 Received: from mx1.redhat.com ([209.132.183.28]:52616) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bFgwT-0006Lk-IW for qemu-devel@nongnu.org; Wed, 22 Jun 2016 08:07:37 -0400 From: Gerd Hoffmann Date: Wed, 22 Jun 2016 14:07:22 +0200 Message-Id: <1466597244-5938-1-git-send-email-kraxel@redhat.com> Subject: [Qemu-devel] [PATCH 1/3] qxl: factor out qxl_get_check_slot_offset List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: spice-devel@lists.freedesktop.org, Gerd Hoffmann New helper function which translates a qxl physical address into memory slot and offset. Also applies sanity checks. Factored out from qxl_phys2virt. No functional change. Signed-off-by: Gerd Hoffmann --- hw/display/qxl.c | 59 ++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 38 insertions(+), 21 deletions(-) diff --git a/hw/display/qxl.c b/hw/display/qxl.c index 919dc5c..409c236 100644 --- a/hw/display/qxl.c +++ b/hw/display/qxl.c @@ -1337,36 +1337,53 @@ static void qxl_reset_surfaces(PCIQXLDevice *d) } /* can be also called from spice server thread context */ -void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id) +static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, + uint32_t *s, uint64_t *o) { uint64_t phys = le64_to_cpu(pqxl); uint32_t slot = (phys >> (64 - 8)) & 0xff; uint64_t offset = phys & 0xffffffffffff; - switch (group_id) { - case MEMSLOT_GROUP_HOST: - return (void *)(intptr_t)offset; - case MEMSLOT_GROUP_GUEST: - if (slot >= NUM_MEMSLOTS) { - qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot, - NUM_MEMSLOTS); - return NULL; - } - if (!qxl->guest_slots[slot].active) { - qxl_set_guest_bug(qxl, "inactive slot %d\n", slot); - return NULL; - } - if (offset < qxl->guest_slots[slot].delta) { - qxl_set_guest_bug(qxl, + if (slot >= NUM_MEMSLOTS) { + qxl_set_guest_bug(qxl, "slot too large %d >= %d", slot, + NUM_MEMSLOTS); + return false; + } + if (!qxl->guest_slots[slot].active) { + qxl_set_guest_bug(qxl, "inactive slot %d\n", slot); + return false; + } + if (offset < qxl->guest_slots[slot].delta) { + qxl_set_guest_bug(qxl, "slot %d offset %"PRIu64" < delta %"PRIu64"\n", slot, offset, qxl->guest_slots[slot].delta); - return NULL; - } - offset -= qxl->guest_slots[slot].delta; - if (offset > qxl->guest_slots[slot].size) { - qxl_set_guest_bug(qxl, + return false; + } + offset -= qxl->guest_slots[slot].delta; + if (offset > qxl->guest_slots[slot].size) { + qxl_set_guest_bug(qxl, "slot %d offset %"PRIu64" > size %"PRIu64"\n", slot, offset, qxl->guest_slots[slot].size); + return false; + } + + *s = slot; + *o = offset; + return true; +} + +/* can be also called from spice server thread context */ +void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id) +{ + uint64_t offset; + uint32_t slot; + + switch (group_id) { + case MEMSLOT_GROUP_HOST: + offset = le64_to_cpu(pqxl) & 0xffffffffffff; + return (void *)(intptr_t)offset; + case MEMSLOT_GROUP_GUEST: + if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset)) { return NULL; } return qxl->guest_slots[slot].ptr + offset; -- 1.8.3.1