From nobody Sun Feb 8 18:44:41 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1588161476; cv=none; d=zohomail.com; s=zohoarc; b=j2nRGKy2tznMcEC1PWrcBXhMPcDBxd3Ex8bIa9r9wKYucD4W76ETyjrdQ3gtqkt2e+yHg0jVRyeTh8VScqrHim6znZrIB3GioRrrN37kBcuJSe+WCPDK8J5SGDoWe0mG+ZLJDyBSg1e3VSNoWDV/aNitnr5F89Pac20ryrGIPRE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1588161476; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=d4q+KifWSZPbMSYrgLgimhuL+cOeqDgd6Vd41sgzUZY=; b=h7ILSDfRgIKrGiO0CfoKDF9Klv6TKA66kjITVaXPDglkwbqCQKdVFlQwLyLTtMVrx+YGi8IER8k3P9l5C4jFzXaTbyZ/+NIBF3wGVRRbVytMK9K4HTUKRG77lBKxVphpTmgZwcES9hpvBBQ/0zS1rzJ6JfWP4la0n5yb1gv+NdE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1588161476306889.7857671581733; Wed, 29 Apr 2020 04:57:56 -0700 (PDT) Received: from localhost ([::1]:35040 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jTlLe-0006TS-Tg for importer@patchew.org; Wed, 29 Apr 2020 07:57:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50910) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jTlGq-000679-5C for qemu-devel@nongnu.org; Wed, 29 Apr 2020 07:52:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.90_1) (envelope-from ) id 1jTlGp-00020q-JG for qemu-devel@nongnu.org; Wed, 29 Apr 2020 07:52:55 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:46817 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jTlGp-00020j-6G for qemu-devel@nongnu.org; Wed, 29 Apr 2020 07:52:55 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-40-BXJ98XCWODeT-r7X1NVrTQ-1; Wed, 29 Apr 2020 07:52:53 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1C71E1005510; Wed, 29 Apr 2020 11:52:52 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-113-193.ams2.redhat.com [10.36.113.193]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4AB725C1BE; Wed, 29 Apr 2020 11:52:44 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 2A9989D9F; Wed, 29 Apr 2020 13:52:37 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1588161174; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=d4q+KifWSZPbMSYrgLgimhuL+cOeqDgd6Vd41sgzUZY=; b=NPXMb3drjEkHlk+kBA1phkp7iRbWR72UigrMN3S8Oo5x6V73XieyvXEyBrGHcbKdpnviQo 79b9WcPzzwKUbbHVxNlFQnTZFIguHGUGVeTM9Q2qJ8VXNbF/Aw7VC9XGykHOl7P7FisQrV yKMkKm32o7b1x1lm3G8dG4W7lZFeyVA= X-MC-Unique: BXJ98XCWODeT-r7X1NVrTQ-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Subject: [PATCH v2 6/6] ramfb: fix size calculation Date: Wed, 29 Apr 2020 13:52:36 +0200 Message-Id: <20200429115236.28709-7-kraxel@redhat.com> In-Reply-To: <20200429115236.28709-1-kraxel@redhat.com> References: <20200429115236.28709-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.139.110.120; envelope-from=kraxel@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/04/29 01:42:37 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Received-From: 205.139.110.120 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Alex Williamson , lersek@redhat.com, Gerd Hoffmann , hqm03ster@gmail.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" size calculation isn't correct with guest-supplied stride, the last display line isn't accounted for correctly. For the typical case of stride > linesize (add padding) we error on the safe side (calculated size is larger than actual size). With stride < linesize (scanlines overlap) the calculated size is smaller than the actual size though so our guest memory mapping might end up being too small. While being at it also fix ramfb_create_display_surface to use hwaddr for the parameters. That way all calculation are done with hwaddr type and we can't get funny effects from type castings. Signed-off-by: Gerd Hoffmann Acked-by: Laszlo Ersek --- hw/display/ramfb.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/hw/display/ramfb.c b/hw/display/ramfb.c index be884c9ea837..928d74d10bc7 100644 --- a/hw/display/ramfb.c +++ b/hw/display/ramfb.c @@ -44,10 +44,10 @@ static void ramfb_unmap_display_surface(pixman_image_t = *image, void *unused) =20 static DisplaySurface *ramfb_create_display_surface(int width, int height, pixman_format_code_t f= ormat, - int linesize, uint64_t= addr) + hwaddr stride, hwaddr = addr) { DisplaySurface *surface; - hwaddr size; + hwaddr size, mapsize, linesize; void *data; =20 if (width < 16 || width > VBE_DISPI_MAX_XRES || @@ -55,19 +55,20 @@ static DisplaySurface *ramfb_create_display_surface(int= width, int height, format =3D=3D 0 /* unknown format */) return NULL; =20 - if (linesize =3D=3D 0) { - linesize =3D width * PIXMAN_FORMAT_BPP(format) / 8; + linesize =3D width * PIXMAN_FORMAT_BPP(format) / 8; + if (stride =3D=3D 0) { + stride =3D linesize; } =20 - size =3D (hwaddr)linesize * height; - data =3D cpu_physical_memory_map(addr, &size, false); - if (size !=3D (hwaddr)linesize * height) { - cpu_physical_memory_unmap(data, size, 0, 0); + mapsize =3D size =3D stride * (height - 1) + linesize; + data =3D cpu_physical_memory_map(addr, &mapsize, false); + if (size !=3D mapsize) { + cpu_physical_memory_unmap(data, mapsize, 0, 0); return NULL; } =20 surface =3D qemu_create_displaysurface_from(width, height, - format, linesize, data); + format, stride, data); pixman_image_set_destroy_function(surface->image, ramfb_unmap_display_surface, NULL); =20 --=20 2.18.2