From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=59340 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OPCjo-00034L-Q4 for qemu-devel@nongnu.org; Thu, 17 Jun 2010 06:54:26 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OPCZa-0005HV-PV for qemu-devel@nongnu.org; Thu, 17 Jun 2010 06:43:51 -0400 Received: from mx1.redhat.com ([209.132.183.28]:22620) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OPCZa-0005Gx-Iy for qemu-devel@nongnu.org; Thu, 17 Jun 2010 06:43:50 -0400 Message-ID: <4C19FC5D.9070003@redhat.com> Date: Thu, 17 Jun 2010 12:43:41 +0200 From: Gerd Hoffmann MIME-Version: 1.0 References: <1276596347-9410-1-git-send-email-kraxel@redhat.com> <1276596347-9410-6-git-send-email-kraxel@redhat.com> <4C18FA58.5080808@citrix.com> In-Reply-To: <4C18FA58.5080808@citrix.com> Content-Type: multipart/mixed; boundary="------------080807040801080406050201" Subject: [Qemu-devel] Re: [PATCH 5/5] linux fbdev display driver. List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Julian Pidancet Cc: "qemu-devel@nongnu.org" , Stefano Stabellini This is a multi-part message in MIME format. --------------080807040801080406050201 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi, > +static void fbdev_free_displaysurface(DisplaySurface *surface) > +{ > + if (surface == NULL) > + return; > + > + if (surface->flags& QEMU_ALLOCATED_FLAG) { > + qemu_free(surface->data); > + } > + > + surface->data = NULL; This is pretty pointless ... > + qemu_free(surface); ... as you free surface anyway ;) > @@ -910,7 +959,17 @@ void fbdev_display_init(DisplayState *ds, const char *device) > dcl->dpy_update = fbdev_update; > dcl->dpy_resize = fbdev_resize; > dcl->dpy_refresh = fbdev_refresh; > + dcl->dpy_setdata = fbdev_setdata; > register_displaychangelistener(ds, dcl); > + > + da = qemu_mallocz(sizeof (DisplayAllocator)); > + da->create_displaysurface = fbdev_create_displaysurface; > + da->resize_displaysurface = fbdev_resize_displaysurface; > + da->free_displaysurface = fbdev_free_displaysurface; > + > + if (register_displayallocator(ds, da) == da) { > + dpy_resize(ds); > + } You register the display allocator, but don't unregister in fbdev_display_uninit(). You are just lucky that fbdev_cleanup() forgets to unmap the framebuffer. Apply the attached fix, start qemu with vnc, then do "change fbdev on" and "change fbdev off" in the monitor and watch qemu segfault. Also after "change fbdev on" the guest screen isn't rendered correctly. cheers, Gerd --------------080807040801080406050201 Content-Type: text/plain; name="0001-fbdev-unmap-framebuffer-on-cleanup.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0001-fbdev-unmap-framebuffer-on-cleanup.patch" >>From 685849ae48eaef7927b90e012fb6afb4494052d0 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Thu, 17 Jun 2010 12:32:53 +0200 Subject: [PATCH] fbdev: unmap framebuffer on cleanup --- fbdev.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/fbdev.c b/fbdev.c index 6623a4f..1a95ede 100644 --- a/fbdev.c +++ b/fbdev.c @@ -518,6 +518,10 @@ static void fbdev_cleanup(void) fprintf(stderr, "%s\n", __FUNCTION__); /* restore console */ + if (fb_mem != NULL) { + munmap(fb_mem, fb_fix.smem_len+fb_mem_offset); + fb_mem = NULL; + } if (fb != -1) { if (ioctl(fb,FBIOPUT_VSCREENINFO, &fb_ovar) < 0) perror("ioctl FBIOPUT_VSCREENINFO"); -- 1.6.5.2 --------------080807040801080406050201--