From 93abfc88bd649de1933588bfc7175605331b3ea9 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 26 Jun 2018 08:09:41 +0200 Subject: [PATCH 1/3] vga: set owner for mmio regions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This makes sure the regions are properly cleaned when unplugging -device seconday-vga. Reported-by: Thomas Huth Signed-off-by: Gerd Hoffmann Reviewed-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daudé Tested-by: Thomas Huth Message-id: 20180626060941.8326-1-kraxel@redhat.com --- hw/display/vga-pci.c | 11 ++++++----- hw/display/vga_int.h | 1 + hw/display/virtio-vga.c | 2 +- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/hw/display/vga-pci.c b/hw/display/vga-pci.c index 700ac58c69..1ea559762a 100644 --- a/hw/display/vga-pci.c +++ b/hw/display/vga-pci.c @@ -192,22 +192,23 @@ static const MemoryRegionOps pci_vga_qext_ops = { }; void pci_std_vga_mmio_region_init(VGACommonState *s, + Object *owner, MemoryRegion *parent, MemoryRegion *subs, bool qext) { - memory_region_init_io(&subs[0], NULL, &pci_vga_ioport_ops, s, + memory_region_init_io(&subs[0], owner, &pci_vga_ioport_ops, s, "vga ioports remapped", PCI_VGA_IOPORT_SIZE); memory_region_add_subregion(parent, PCI_VGA_IOPORT_OFFSET, &subs[0]); - memory_region_init_io(&subs[1], NULL, &pci_vga_bochs_ops, s, + memory_region_init_io(&subs[1], owner, &pci_vga_bochs_ops, s, "bochs dispi interface", PCI_VGA_BOCHS_SIZE); memory_region_add_subregion(parent, PCI_VGA_BOCHS_OFFSET, &subs[1]); if (qext) { - memory_region_init_io(&subs[2], NULL, &pci_vga_qext_ops, s, + memory_region_init_io(&subs[2], owner, &pci_vga_qext_ops, s, "qemu extended regs", PCI_VGA_QEXT_SIZE); memory_region_add_subregion(parent, PCI_VGA_QEXT_OFFSET, &subs[2]); @@ -239,7 +240,7 @@ static void pci_std_vga_realize(PCIDevice *dev, Error **errp) qext = true; pci_set_byte(&d->dev.config[PCI_REVISION_ID], 2); } - pci_std_vga_mmio_region_init(s, &d->mmio, d->mrs, qext); + pci_std_vga_mmio_region_init(s, OBJECT(dev), &d->mmio, d->mrs, qext); pci_register_bar(&d->dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &d->mmio); } @@ -275,7 +276,7 @@ static void pci_secondary_vga_realize(PCIDevice *dev, Error **errp) qext = true; pci_set_byte(&d->dev.config[PCI_REVISION_ID], 2); } - pci_std_vga_mmio_region_init(s, &d->mmio, d->mrs, qext); + pci_std_vga_mmio_region_init(s, OBJECT(dev), &d->mmio, d->mrs, qext); pci_register_bar(&d->dev, 0, PCI_BASE_ADDRESS_MEM_PREFETCH, &s->vram); pci_register_bar(&d->dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY, &d->mmio); diff --git a/hw/display/vga_int.h b/hw/display/vga_int.h index 313cff84fc..f8fcf62a56 100644 --- a/hw/display/vga_int.h +++ b/hw/display/vga_int.h @@ -193,6 +193,7 @@ extern const MemoryRegionOps vga_mem_ops; /* vga-pci.c */ void pci_std_vga_mmio_region_init(VGACommonState *s, + Object *owner, MemoryRegion *parent, MemoryRegion *subs, bool qext); diff --git a/hw/display/virtio-vga.c b/hw/display/virtio-vga.c index baa74ba82c..97db6c3372 100644 --- a/hw/display/virtio-vga.c +++ b/hw/display/virtio-vga.c @@ -152,7 +152,7 @@ static void virtio_vga_realize(VirtIOPCIProxy *vpci_dev, Error **errp) } /* add stdvga mmio regions */ - pci_std_vga_mmio_region_init(vga, &vpci_dev->modern_bar, + pci_std_vga_mmio_region_init(vga, OBJECT(vvga), &vpci_dev->modern_bar, vvga->vga_mrs, true); vga->con = g->scanout[0].con; From 6b9b3c1e303cc0dda99e326031d2b1b612b80e3b Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Tue, 26 Jun 2018 10:31:19 +0200 Subject: [PATCH 2/3] ramfb: fix overflow > CID 1393621: (OVERFLOW_BEFORE_WIDEN) > Potentially overflowing expression "stride * s->height" with type "unsigned > int" (32 bits, unsigned) is evaluated using +32-bit arithmetic, and then used > in a context that expects an expression of type "hwaddr" (64 bits, unsigned). Fix by changing stride from uint32_t to hwaddr. Signed-off-by: Gerd Hoffmann Message-id: 20180626083120.19515-1-kraxel@redhat.com --- hw/display/ramfb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/display/ramfb.c b/hw/display/ramfb.c index 6867bce8ae..30f5c8da20 100644 --- a/hw/display/ramfb.c +++ b/hw/display/ramfb.c @@ -36,8 +36,8 @@ static void ramfb_fw_cfg_write(void *dev, off_t offset, size_t len) { RAMFBState *s = dev; void *framebuffer; - uint32_t stride, fourcc, format; - hwaddr addr, length; + uint32_t fourcc, format; + hwaddr stride, addr, length; s->width = be32_to_cpu(s->cfg.width); s->height = be32_to_cpu(s->cfg.height); From fd1cfb875be551064a27d909edb406316f011f2c Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 22 Jun 2018 18:32:49 +0100 Subject: [PATCH 3/3] virtio-gpu-3d: Drop workaround for VIRTIO_GPU_CAPSET_VIRGL2 define In commit a8bff79e9f27df we added a definition to hw/virtio/virtio-gpu.h for VIRTIO_GPU_CAPSET_VIRGL2, as a workaround for it not yet being in the Linux kernel headers. In commit 77d361b13c19 we updated our kernel headers to a version which does define the macro, so we can now remove our workaround. Signed-off-by: Peter Maydell Message-id: 20180622173249.29963-1-peter.maydell@linaro.org Signed-off-by: Gerd Hoffmann --- include/hw/virtio/virtio-gpu.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h index d6ba61f2f1..9780f755ef 100644 --- a/include/hw/virtio/virtio-gpu.h +++ b/include/hw/virtio/virtio-gpu.h @@ -22,11 +22,6 @@ #include "standard-headers/linux/virtio_gpu.h" -/* Not yet(?) defined in standard-headers, remove when possible */ -#ifndef VIRTIO_GPU_CAPSET_VIRGL2 -#define VIRTIO_GPU_CAPSET_VIRGL2 2 -#endif - #define TYPE_VIRTIO_GPU "virtio-gpu-device" #define VIRTIO_GPU(obj) \ OBJECT_CHECK(VirtIOGPU, (obj), TYPE_VIRTIO_GPU)