From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Helge Konetzka" <hk@zapateado.de>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>
Subject: [PULL 3/7] vga: adjust dirty memory region if pel panning is active
Date: Tue, 2 Apr 2024 15:16:45 +0200 [thread overview]
Message-ID: <20240402131649.23225-4-pbonzini@redhat.com> (raw)
In-Reply-To: <20240402131649.23225-1-pbonzini@redhat.com>
When pel panning is active, one more byte is read from each of the VGA
memory planes. This has to be accounted in the computation of region_end,
otherwise vga_draw_graphic() fails an assertion:
qemu-system-i386: ../system/physmem.c:946: cpu_physical_memory_snapshot_get_dirty: Assertion `start + length <= snap->end' failed.
Reported-by: Helge Konetzka <hk@zapateado.de>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2244
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/display/vga.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/hw/display/vga.c b/hw/display/vga.c
index b4ceff70eb8..40acd19e72a 100644
--- a/hw/display/vga.c
+++ b/hw/display/vga.c
@@ -1571,11 +1571,15 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
break;
}
}
+ hpel = bits <= 8 ? s->params.hpel : 0;
region_start = (s->params.start_addr * 4);
region_end = region_start + (ram_addr_t)s->params.line_offset * height;
region_end += width * depth / 8; /* scanline length */
region_end -= s->params.line_offset;
+ if (hpel) {
+ region_end += 4;
+ }
if (region_end > s->vbe_size || depth == 0 || depth == 15) {
/*
* We land here on:
@@ -1660,7 +1664,6 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
width, height, v, line_offset, s->cr[9], s->cr[VGA_CRTC_MODE],
s->params.line_compare, sr(s, VGA_SEQ_CLOCK_MODE));
#endif
- hpel = bits <= 8 ? s->params.hpel : 0;
addr1 = (s->params.start_addr * 4);
bwidth = DIV_ROUND_UP(width * bits, 8);
if (hpel) {
--
2.44.0
next prev parent reply other threads:[~2024-04-02 13:18 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-02 13:16 [PULL 0/7] lsi, vga fixes for 2024-04-02 Paolo Bonzini
2024-04-02 13:16 ` [PULL 1/7] vga: merge conditionals on shift control register Paolo Bonzini
2024-04-02 13:16 ` [PULL 2/7] vga: move computation of dirty memory region later Paolo Bonzini
2024-04-02 13:16 ` Paolo Bonzini [this message]
2024-04-02 13:16 ` [PULL 4/7] vga: do not treat horiz pel panning value of 8 as "enabled" Paolo Bonzini
2024-04-02 13:16 ` [PULL 5/7] lsi53c895a: avoid out of bounds access to s->msg[] Paolo Bonzini
2024-04-02 13:16 ` [PULL 6/7] lsi53c895a: detect invalid Block Move instruction Paolo Bonzini
2024-04-02 13:16 ` [PULL 7/7] pc_q35: remove unnecessary m->alias assignment Paolo Bonzini
2024-04-02 15:22 ` [PULL 0/7] lsi, vga fixes for 2024-04-02 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240402131649.23225-4-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=hk@zapateado.de \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).