[xorg-x11-drv-qxl] - Fix a pointer casting bug which causes the qxl driver to trigger an assertion in the qxl device

Hans de Goede jwrdegoede at fedoraproject.org
Sun Oct 17 14:05:22 UTC 2010 

commit 33d9a27cae0c0485dac8481eccb03a0be450d742
Author: Hans de Goede <hdegoede at redhat.com>
Date:   Sun Oct 17 16:08:25 2010 +0200

    - Fix a pointer casting bug which causes the qxl driver to trigger an
      assertion in the qxl device terminating the entire virtual machine

 0008-Fix-the-driver-crashing-qemu-on-32-bits.patch |   62 ++++++++++++++++++++
 xorg-x11-drv-qxl.spec                              |    8 ++-
 2 files changed, 69 insertions(+), 1 deletions(-)
---
diff --git a/0008-Fix-the-driver-crashing-qemu-on-32-bits.patch b/0008-Fix-the-driver-crashing-qemu-on-32-bits.patch
new file mode 100644
index 0000000..b5f7b02
--- /dev/null
+++ b/0008-Fix-the-driver-crashing-qemu-on-32-bits.patch
@@ -0,0 +1,62 @@
+From bd4f242b3198b130038699edc807a7846eeb92ba Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede at redhat.com>
+Date: Fri, 15 Oct 2010 16:30:58 +0200
+Subject: [PATCH xf86-drv-qxl F14-branch 8/9] Fix the driver crashing qemu on 32 bits
+
+When casting a 32bit pointer to a uint64 the following happens:
+ptr -> int32 -> int64 -> uint64, so if the address is above
+0x80000000 which is quite normal for mapped io, the int32 -> int64
+cast causes sign extension, not good!
+
+Also fix the printing of the memslots the memslot phys addresses
+are always 64 bit, so tell printf to always read 64 bits, otherwise
+we end up printing the higher 32 bits of the address as size on 32
+bits.
+---
+ src/qxl_driver.c |   10 +++++-----
+ 1 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/qxl_driver.c b/src/qxl_driver.c
+index bd237dc..8d4a85b 100644
+--- a/src/qxl_driver.c
++++ b/src/qxl_driver.c
+@@ -342,7 +342,7 @@ qxl_reset (qxl_screen_t *qxl)
+     slot = &qxl->mem_slots[qxl->main_mem_slot];
+     slot->start_phys_addr = (unsigned long)qxl->ram_physical;
+     slot->end_phys_addr = (unsigned long)slot->start_phys_addr + (unsigned long)qxl->rom->num_pages * getpagesize();
+-    slot->start_virt_addr = (uint64_t)qxl->ram;
++    slot->start_virt_addr = (uint64_t)(uintptr_t)qxl->ram;
+     slot->end_virt_addr = slot->start_virt_addr + (unsigned long)qxl->rom->num_pages * getpagesize();
+     
+     ram_header->mem_slot_start = slot->start_phys_addr;
+@@ -350,7 +350,7 @@ qxl_reset (qxl_screen_t *qxl)
+     
+     outb (qxl->io_base + QXL_IO_MEMSLOT_ADD, qxl->main_mem_slot);
+ 
+-    ErrorF ("Created main memslot from %lx to %lx\n", slot->start_phys_addr, slot->end_phys_addr);
++    ErrorF ("Created main memslot from %llx to %llx\n", slot->start_phys_addr, slot->end_phys_addr);
+ 
+     slot->generation = qxl->rom->slot_generation;
+     
+@@ -364,15 +364,15 @@ qxl_reset (qxl_screen_t *qxl)
+     slot = &qxl->mem_slots[qxl->vram_mem_slot];
+     slot->start_phys_addr = (unsigned long)qxl->vram_physical;
+     slot->end_phys_addr = (unsigned long)qxl->vram_physical + (unsigned long)qxl->vram_size;
+-    slot->start_virt_addr = (uint64_t)qxl->vram;
+-    slot->end_virt_addr = (uint64_t)qxl->vram + (uint64_t)qxl->vram_size;
++    slot->start_virt_addr = (uint64_t)(uintptr_t)qxl->vram;
++    slot->end_virt_addr = (uint64_t)(uintptr_t)qxl->vram + (uint64_t)qxl->vram_size;
+ 
+     ram_header->mem_slot_start = slot->start_phys_addr;
+     ram_header->mem_slot_end = slot->end_phys_addr;
+ 
+     outb (qxl->io_base + QXL_IO_MEMSLOT_ADD, qxl->vram_mem_slot);
+ 
+-    ErrorF ("Created vram memslot from %lx to %lx\n", slot->start_phys_addr, slot->end_phys_addr);
++    ErrorF ("Created vram memslot from %llx to %llx\n", slot->start_phys_addr, slot->end_phys_addr);
+ 
+     slot->generation = qxl->rom->slot_generation;
+     
+-- 
+1.7.3.1
+
diff --git a/xorg-x11-drv-qxl.spec b/xorg-x11-drv-qxl.spec
index 034de49..3791b48 100644
--- a/xorg-x11-drv-qxl.spec
+++ b/xorg-x11-drv-qxl.spec
@@ -5,7 +5,7 @@
 Summary:   Xorg X11 qxl video driver
 Name:      xorg-x11-drv-qxl
 Version:   0.0.20.f14b
-Release:   5%{?dist}
+Release:   6%{?dist}
 URL:       http://www.x.org
 Source0:   http://xorg.freedesktop.org/releases/individual/driver/%{tarball}-%{version}.tar.bz2
 License: MIT
@@ -27,6 +27,7 @@ Patch4:  0004-Fix-restoration-of-text-mode-font-when-leaving-the-v.patch
 Patch5:  0005-Slightly-tweak-the-vfresh-range-of-the-default-monit.patch
 Patch6:  0006-limit-calculated-virtual-size-to-fit-within-the-fram.patch
 Patch7:  0007-Don-t-access-the-qxl-device-when-our-vt-is-not-focus.patch
+Patch8:  0008-Fix-the-driver-crashing-qemu-on-32-bits.patch
 
 
 %description 
@@ -42,6 +43,7 @@ X.Org X11 qxl video driver.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
 
 %build
 %configure --disable-static
@@ -65,6 +67,10 @@ rm -rf $RPM_BUILD_ROOT
 %{driverdir}/qxl_drv.so
 
 %changelog
+* Sun Oct 17 2010 Hans de Goede <hdegoede at redhat.com> 0.0.20.f14b-6
+- Fix a pointer casting bug which causes the qxl driver to trigger an
+  assertion in the qxl device terminating the entire virtual machine
+
 * Mon Oct 11 2010 Hans de Goede <hdegoede at redhat.com> 0.0.20.f14b-5
 - Don't access the qxl device when our vt is not focussed, this fixes
   Xorg crashing when switching to a text vc

More information about the scm-commits mailing list