Vga 20200518 patches

[PULL 1/8] ati-vga: Do not allow unaligned access via index register

Posted by Gerd Hoffmann 5 years, 8 months ago

From: BALATON Zoltan <balaton@eik.bme.hu>

According to docs bits 1 and 0 of MM_INDEX are hard coded to 0 so
unaligned access via this register should not be possible.
This also fixes problems reported in bug #1878134.

Buglink: https://bugs.launchpad.net/qemu/+bug/1878134
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Message-id: 20200516132352.39E9374594E@zero.eik.bme.hu
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/display/ati.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/display/ati.c b/hw/display/ati.c
index 58ec8291d460..065f197678e4 100644
--- a/hw/display/ati.c
+++ b/hw/display/ati.c
@@ -511,7 +511,7 @@ static void ati_mm_write(void *opaque, hwaddr addr,
     }
     switch (addr) {
     case MM_INDEX:
-        s->regs.mm_index = data;
+        s->regs.mm_index = data & ~3;
         break;
     case MM_DATA ... MM_DATA + 3:
         /* indexed access to regs or memory */
-- 
2.18.4

[PULL 1/8] ati-vga: Do not allow unaligned access via index register
[PULL 2/8] hw/display: Include local 'framebuffer.h'
[PULL 3/8] Revert "hw/display/ramfb: initialize fw-config space with xres/ yres"
[PULL 4/8] Revert "hw/display/ramfb: lock guest resolution after it's set"
[PULL 5/8] ramfb: drop leftover debug message
[PULL 6/8] ramfb: don't update RAMFBState on errors
[PULL 7/8] ramfb: add sanity checks to ramfb_create_display_surface
[PULL 8/8] ramfb: fix size calculation