* [PATCH 0/3] Misc ati-vga fixes
@ 2020-06-21 11:12 BALATON Zoltan
2020-06-21 11:12 ` [PATCH 1/3] ati-vga: Support unaligned access to hardware cursor registers BALATON Zoltan
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: BALATON Zoltan @ 2020-06-21 11:12 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
These are some patches I had lying around in my tree, maybe it's time
to merge them.
BALATON Zoltan (3):
ati-vga: Support unaligned access to hardware cursor registers
ati-vga: Do not assert on error
ati-vga: Add dummy MEM_SDRAM_MODE_REG
hw/display/ati.c | 92 +++++++++++++++++++++++++++++--------------
hw/display/ati_dbg.c | 1 +
hw/display/ati_regs.h | 1 +
3 files changed, 65 insertions(+), 29 deletions(-)
--
2.21.3
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 3/3] ati-vga: Add dummy MEM_SDRAM_MODE_REG
2020-06-21 11:12 [PATCH 0/3] Misc ati-vga fixes BALATON Zoltan
2020-06-21 11:12 ` [PATCH 1/3] ati-vga: Support unaligned access to hardware cursor registers BALATON Zoltan
2020-06-21 11:12 ` [PATCH 2/3] ati-vga: Do not assert on error BALATON Zoltan
@ 2020-06-21 11:12 ` BALATON Zoltan
2 siblings, 0 replies; 4+ messages in thread
From: BALATON Zoltan @ 2020-06-21 11:12 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
Radeon chips have an SDRAM mode reg that is accessed by some drivers.
We don't emulate the memory controller but provide some default value
to prevent drivers getting unexpected 0.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
hw/display/ati.c | 5 +++++
hw/display/ati_dbg.c | 1 +
hw/display/ati_regs.h | 1 +
3 files changed, 7 insertions(+)
diff --git a/hw/display/ati.c b/hw/display/ati.c
index 42755cffbb..944f9f420f 100644
--- a/hw/display/ati.c
+++ b/hw/display/ati.c
@@ -361,6 +361,11 @@ static uint64_t ati_mm_read(void *opaque, hwaddr addr, unsigned int size)
case MC_STATUS:
val = 5;
break;
+ case MEM_SDRAM_MODE_REG:
+ if (s->dev_id != PCI_DEVICE_ID_ATI_RAGE128_PF) {
+ val = BIT(28) | BIT(20);
+ }
+ break;
case RBBM_STATUS:
case GUI_STAT:
val = 64; /* free CMDFIFO entries */
diff --git a/hw/display/ati_dbg.c b/hw/display/ati_dbg.c
index 0ebbd36f14..bd0ecd48c7 100644
--- a/hw/display/ati_dbg.c
+++ b/hw/display/ati_dbg.c
@@ -42,6 +42,7 @@ static struct ati_regdesc ati_reg_names[] = {
{"MC_FB_LOCATION", 0x0148},
{"MC_AGP_LOCATION", 0x014C},
{"MC_STATUS", 0x0150},
+ {"MEM_SDRAM_MODE_REG", 0x0158},
{"MEM_POWER_MISC", 0x015c},
{"AGP_BASE", 0x0170},
{"AGP_CNTL", 0x0174},
diff --git a/hw/display/ati_regs.h b/hw/display/ati_regs.h
index ebd37ee30d..d6282b2ef2 100644
--- a/hw/display/ati_regs.h
+++ b/hw/display/ati_regs.h
@@ -60,6 +60,7 @@
#define MC_FB_LOCATION 0x0148
#define MC_AGP_LOCATION 0x014C
#define MC_STATUS 0x0150
+#define MEM_SDRAM_MODE_REG 0x0158
#define MEM_POWER_MISC 0x015c
#define AGP_BASE 0x0170
#define AGP_CNTL 0x0174
--
2.21.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 1/3] ati-vga: Support unaligned access to hardware cursor registers
2020-06-21 11:12 [PATCH 0/3] Misc ati-vga fixes BALATON Zoltan
@ 2020-06-21 11:12 ` BALATON Zoltan
2020-06-21 11:12 ` [PATCH 2/3] ati-vga: Do not assert on error BALATON Zoltan
2020-06-21 11:12 ` [PATCH 3/3] ati-vga: Add dummy MEM_SDRAM_MODE_REG BALATON Zoltan
2 siblings, 0 replies; 4+ messages in thread
From: BALATON Zoltan @ 2020-06-21 11:12 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
This fixes horizontal mouse movement and pointer color with MacOS that
writes these registers with access size less than 4 so previously only
the last portion of access was effective overwriting previous partial
writes.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
hw/display/ati.c | 87 ++++++++++++++++++++++++++++++++----------------
1 file changed, 58 insertions(+), 29 deletions(-)
diff --git a/hw/display/ati.c b/hw/display/ati.c
index d45127a976..21ae36c535 100644
--- a/hw/display/ati.c
+++ b/hw/display/ati.c
@@ -389,22 +389,28 @@ static uint64_t ati_mm_read(void *opaque, hwaddr addr, unsigned int size)
case 0xf00 ... 0xfff:
val = pci_default_read_config(&s->dev, addr - 0xf00, size);
break;
- case CUR_OFFSET:
- val = s->regs.cur_offset;
- break;
- case CUR_HORZ_VERT_POSN:
- val = s->regs.cur_hv_pos;
- val |= s->regs.cur_offset & BIT(31);
+ case CUR_OFFSET ... CUR_OFFSET + 3:
+ val = ati_reg_read_offs(s->regs.cur_offset, addr - CUR_OFFSET, size);
+ break;
+ case CUR_HORZ_VERT_POSN ... CUR_HORZ_VERT_POSN + 3:
+ val = ati_reg_read_offs(s->regs.cur_hv_pos,
+ addr - CUR_HORZ_VERT_POSN, size);
+ if (addr + size > CUR_HORZ_VERT_POSN + 3) {
+ val |= (s->regs.cur_offset & BIT(31)) >> (4 - size);
+ }
break;
- case CUR_HORZ_VERT_OFF:
- val = s->regs.cur_hv_offs;
- val |= s->regs.cur_offset & BIT(31);
+ case CUR_HORZ_VERT_OFF ... CUR_HORZ_VERT_OFF + 3:
+ val = ati_reg_read_offs(s->regs.cur_hv_offs,
+ addr - CUR_HORZ_VERT_OFF, size);
+ if (addr + size > CUR_HORZ_VERT_OFF + 3) {
+ val |= (s->regs.cur_offset & BIT(31)) >> (4 - size);
+ }
break;
- case CUR_CLR0:
- val = s->regs.cur_color0;
+ case CUR_CLR0 ... CUR_CLR0 + 3:
+ val = ati_reg_read_offs(s->regs.cur_color0, addr - CUR_CLR0, size);
break;
- case CUR_CLR1:
- val = s->regs.cur_color1;
+ case CUR_CLR1 ... CUR_CLR1 + 3:
+ val = ati_reg_read_offs(s->regs.cur_color1, addr - CUR_CLR1, size);
break;
case DST_OFFSET:
val = s->regs.dst_offset;
@@ -693,48 +699,71 @@ static void ati_mm_write(void *opaque, hwaddr addr,
case 0xf00 ... 0xfff:
/* read-only copy of PCI config space so ignore writes */
break;
- case CUR_OFFSET:
- if (s->regs.cur_offset != (data & 0x87fffff0)) {
- s->regs.cur_offset = data & 0x87fffff0;
+ case CUR_OFFSET ... CUR_OFFSET + 3:
+ {
+ uint32_t t = s->regs.cur_offset;
+
+ ati_reg_write_offs(&t, addr - CUR_OFFSET, data, size);
+ t &= 0x87fffff0;
+ if (s->regs.cur_offset != t) {
+ s->regs.cur_offset = t;
ati_cursor_define(s);
}
break;
- case CUR_HORZ_VERT_POSN:
- s->regs.cur_hv_pos = data & 0x3fff0fff;
- if (data & BIT(31)) {
- s->regs.cur_offset |= data & BIT(31);
+ }
+ case CUR_HORZ_VERT_POSN ... CUR_HORZ_VERT_POSN + 3:
+ {
+ uint32_t t = s->regs.cur_hv_pos | (s->regs.cur_offset & BIT(31));
+
+ ati_reg_write_offs(&t, addr - CUR_HORZ_VERT_POSN, data, size);
+ s->regs.cur_hv_pos = t & 0x3fff0fff;
+ if (t & BIT(31)) {
+ s->regs.cur_offset |= t & BIT(31);
} else if (s->regs.cur_offset & BIT(31)) {
s->regs.cur_offset &= ~BIT(31);
ati_cursor_define(s);
}
if (!s->cursor_guest_mode &&
- (s->regs.crtc_gen_cntl & CRTC2_CUR_EN) && !(data & BIT(31))) {
+ (s->regs.crtc_gen_cntl & CRTC2_CUR_EN) && !(t & BIT(31))) {
dpy_mouse_set(s->vga.con, s->regs.cur_hv_pos >> 16,
s->regs.cur_hv_pos & 0xffff, 1);
}
break;
+ }
case CUR_HORZ_VERT_OFF:
- s->regs.cur_hv_offs = data & 0x3f003f;
- if (data & BIT(31)) {
- s->regs.cur_offset |= data & BIT(31);
+ {
+ uint32_t t = s->regs.cur_hv_offs | (s->regs.cur_offset & BIT(31));
+
+ ati_reg_write_offs(&t, addr - CUR_HORZ_VERT_OFF, data, size);
+ s->regs.cur_hv_offs = t & 0x3f003f;
+ if (t & BIT(31)) {
+ s->regs.cur_offset |= t & BIT(31);
} else if (s->regs.cur_offset & BIT(31)) {
s->regs.cur_offset &= ~BIT(31);
ati_cursor_define(s);
}
break;
- case CUR_CLR0:
- if (s->regs.cur_color0 != (data & 0xffffff)) {
- s->regs.cur_color0 = data & 0xffffff;
+ }
+ case CUR_CLR0 ... CUR_CLR0 + 3:
+ {
+ uint32_t t = s->regs.cur_color0;
+
+ ati_reg_write_offs(&t, addr - CUR_CLR0, data, size);
+ t &= 0xffffff;
+ if (s->regs.cur_color0 != t) {
+ s->regs.cur_color0 = t;
ati_cursor_define(s);
}
break;
- case CUR_CLR1:
+ }
+ case CUR_CLR1 ... CUR_CLR1 + 3:
/*
* Update cursor unconditionally here because some clients set up
* other registers before actually writing cursor data to memory at
* offset so we would miss cursor change unless always updating here
*/
- s->regs.cur_color1 = data & 0xffffff;
+ ati_reg_write_offs(&s->regs.cur_color1, addr - CUR_CLR1, data, size);
+ s->regs.cur_color1 &= 0xffffff;
ati_cursor_define(s);
break;
case DST_OFFSET:
--
2.21.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/3] ati-vga: Do not assert on error
2020-06-21 11:12 [PATCH 0/3] Misc ati-vga fixes BALATON Zoltan
2020-06-21 11:12 ` [PATCH 1/3] ati-vga: Support unaligned access to hardware cursor registers BALATON Zoltan
@ 2020-06-21 11:12 ` BALATON Zoltan
2020-06-21 11:12 ` [PATCH 3/3] ati-vga: Add dummy MEM_SDRAM_MODE_REG BALATON Zoltan
2 siblings, 0 replies; 4+ messages in thread
From: BALATON Zoltan @ 2020-06-21 11:12 UTC (permalink / raw)
To: qemu-devel; +Cc: Gerd Hoffmann
Do not abort on unsupported value just print log and continue. While
display will likely be broken this prevents malicious guest to crash
QEMU causing denial of service.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
hw/display/ati.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/display/ati.c b/hw/display/ati.c
index 21ae36c535..42755cffbb 100644
--- a/hw/display/ati.c
+++ b/hw/display/ati.c
@@ -86,8 +86,8 @@ static void ati_vga_switch_mode(ATIVGAState *s)
break;
default:
qemu_log_mask(LOG_UNIMP, "Unsupported bpp value\n");
+ return;
}
- assert(bpp != 0);
DPRINTF("Switching to %dx%d %d %d @ %x\n", h, v, stride, bpp, offs);
vbe_ioport_write_index(&s->vga, 0, VBE_DISPI_INDEX_ENABLE);
vbe_ioport_write_data(&s->vga, 0, VBE_DISPI_DISABLED);
--
2.21.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-06-21 11:20 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-06-21 11:12 [PATCH 0/3] Misc ati-vga fixes BALATON Zoltan
2020-06-21 11:12 ` [PATCH 1/3] ati-vga: Support unaligned access to hardware cursor registers BALATON Zoltan
2020-06-21 11:12 ` [PATCH 2/3] ati-vga: Do not assert on error BALATON Zoltan
2020-06-21 11:12 ` [PATCH 3/3] ati-vga: Add dummy MEM_SDRAM_MODE_REG BALATON Zoltan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).