[xorg-x11-drv-qxl] - Fix a pointer casting bug which causes the qxl driver to trigger an assertion in the qxl device
Hans de Goede
jwrdegoede at fedoraproject.org
Sun Oct 17 14:05:22 UTC 2010
commit 33d9a27cae0c0485dac8481eccb03a0be450d742
Author: Hans de Goede <hdegoede at redhat.com>
Date: Sun Oct 17 16:08:25 2010 +0200
- Fix a pointer casting bug which causes the qxl driver to trigger an
assertion in the qxl device terminating the entire virtual machine
0008-Fix-the-driver-crashing-qemu-on-32-bits.patch | 62 ++++++++++++++++++++
xorg-x11-drv-qxl.spec | 8 ++-
2 files changed, 69 insertions(+), 1 deletions(-)
---
diff --git a/0008-Fix-the-driver-crashing-qemu-on-32-bits.patch b/0008-Fix-the-driver-crashing-qemu-on-32-bits.patch
new file mode 100644
index 0000000..b5f7b02
--- /dev/null
+++ b/0008-Fix-the-driver-crashing-qemu-on-32-bits.patch
@@ -0,0 +1,62 @@
+From bd4f242b3198b130038699edc807a7846eeb92ba Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede at redhat.com>
+Date: Fri, 15 Oct 2010 16:30:58 +0200
+Subject: [PATCH xf86-drv-qxl F14-branch 8/9] Fix the driver crashing qemu on 32 bits
+
+When casting a 32bit pointer to a uint64 the following happens:
+ptr -> int32 -> int64 -> uint64, so if the address is above
+0x80000000 which is quite normal for mapped io, the int32 -> int64
+cast causes sign extension, not good!
+
+Also fix the printing of the memslots the memslot phys addresses
+are always 64 bit, so tell printf to always read 64 bits, otherwise
+we end up printing the higher 32 bits of the address as size on 32
+bits.
+---
+ src/qxl_driver.c | 10 +++++-----
+ 1 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/qxl_driver.c b/src/qxl_driver.c
+index bd237dc..8d4a85b 100644
+--- a/src/qxl_driver.c
++++ b/src/qxl_driver.c
+@@ -342,7 +342,7 @@ qxl_reset (qxl_screen_t *qxl)
+ slot = &qxl->mem_slots[qxl->main_mem_slot];
+ slot->start_phys_addr = (unsigned long)qxl->ram_physical;
+ slot->end_phys_addr = (unsigned long)slot->start_phys_addr + (unsigned long)qxl->rom->num_pages * getpagesize();
+- slot->start_virt_addr = (uint64_t)qxl->ram;
++ slot->start_virt_addr = (uint64_t)(uintptr_t)qxl->ram;
+ slot->end_virt_addr = slot->start_virt_addr + (unsigned long)qxl->rom->num_pages * getpagesize();
+
+ ram_header->mem_slot_start = slot->start_phys_addr;
+@@ -350,7 +350,7 @@ qxl_reset (qxl_screen_t *qxl)
+
+ outb (qxl->io_base + QXL_IO_MEMSLOT_ADD, qxl->main_mem_slot);
+
+- ErrorF ("Created main memslot from %lx to %lx\n", slot->start_phys_addr, slot->end_phys_addr);
++ ErrorF ("Created main memslot from %llx to %llx\n", slot->start_phys_addr, slot->end_phys_addr);
+
+ slot->generation = qxl->rom->slot_generation;
+
+@@ -364,15 +364,15 @@ qxl_reset (qxl_screen_t *qxl)
+ slot = &qxl->mem_slots[qxl->vram_mem_slot];
+ slot->start_phys_addr = (unsigned long)qxl->vram_physical;
+ slot->end_phys_addr = (unsigned long)qxl->vram_physical + (unsigned long)qxl->vram_size;
+- slot->start_virt_addr = (uint64_t)qxl->vram;
+- slot->end_virt_addr = (uint64_t)qxl->vram + (uint64_t)qxl->vram_size;
++ slot->start_virt_addr = (uint64_t)(uintptr_t)qxl->vram;
++ slot->end_virt_addr = (uint64_t)(uintptr_t)qxl->vram + (uint64_t)qxl->vram_size;
+
+ ram_header->mem_slot_start = slot->start_phys_addr;
+ ram_header->mem_slot_end = slot->end_phys_addr;
+
+ outb (qxl->io_base + QXL_IO_MEMSLOT_ADD, qxl->vram_mem_slot);
+
+- ErrorF ("Created vram memslot from %lx to %lx\n", slot->start_phys_addr, slot->end_phys_addr);
++ ErrorF ("Created vram memslot from %llx to %llx\n", slot->start_phys_addr, slot->end_phys_addr);
+
+ slot->generation = qxl->rom->slot_generation;
+
+--
+1.7.3.1
+
diff --git a/xorg-x11-drv-qxl.spec b/xorg-x11-drv-qxl.spec
index 034de49..3791b48 100644
--- a/xorg-x11-drv-qxl.spec
+++ b/xorg-x11-drv-qxl.spec
@@ -5,7 +5,7 @@
Summary: Xorg X11 qxl video driver
Name: xorg-x11-drv-qxl
Version: 0.0.20.f14b
-Release: 5%{?dist}
+Release: 6%{?dist}
URL: http://www.x.org
Source0: http://xorg.freedesktop.org/releases/individual/driver/%{tarball}-%{version}.tar.bz2
License: MIT
@@ -27,6 +27,7 @@ Patch4: 0004-Fix-restoration-of-text-mode-font-when-leaving-the-v.patch
Patch5: 0005-Slightly-tweak-the-vfresh-range-of-the-default-monit.patch
Patch6: 0006-limit-calculated-virtual-size-to-fit-within-the-fram.patch
Patch7: 0007-Don-t-access-the-qxl-device-when-our-vt-is-not-focus.patch
+Patch8: 0008-Fix-the-driver-crashing-qemu-on-32-bits.patch
%description
@@ -42,6 +43,7 @@ X.Org X11 qxl video driver.
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
%build
%configure --disable-static
@@ -65,6 +67,10 @@ rm -rf $RPM_BUILD_ROOT
%{driverdir}/qxl_drv.so
%changelog
+* Sun Oct 17 2010 Hans de Goede <hdegoede at redhat.com> 0.0.20.f14b-6
+- Fix a pointer casting bug which causes the qxl driver to trigger an
+ assertion in the qxl device terminating the entire virtual machine
+
* Mon Oct 11 2010 Hans de Goede <hdegoede at redhat.com> 0.0.20.f14b-5
- Don't access the qxl device when our vt is not focussed, this fixes
Xorg crashing when switching to a text vc
More information about the scm-commits
mailing list