From nobody Sun May 5 19:33:38 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1599218871; cv=none; d=zohomail.com; s=zohoarc; b=a8yrZXXRxrobrUBnvG9hfzVunuCSGnxKeThnr0NCZhIGLNiL4aDyLbbV/mUe66oWb8X90kvAsnmkUCwuU1Uwc/7IoL81rXm3kaAuHV2+AFKFZ4MHZBN3me7RsjgCQaY/J1LUM84BviuSJarPstGuOxcpwDJ6Up32mAxj3uJPbvI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1599218871; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=XGUERqBm8YUtxsvtxIntS8/CkKt1g0N5Qr2tY/CtZKI=; b=n+wCmcpDbDTngagQ0dCmFAAhyN4BatboSrXA6O72GRUZBuILgaF7wtAJM3VYStF5PwtzZ211C+qOCM+uTu3SpLJjUTZMxtkwMEnJpcT8adTwNup2i7GbN1v4o29EGtbaeAki9TUR7Ivh2gcQ2YbW+xIjIyFDnERkEsxgYo7dJhI= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1599218871049772.0805725080248; Fri, 4 Sep 2020 04:27:51 -0700 (PDT) Received: from localhost ([::1]:50358 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kE9sk-0003Mw-8p for importer@patchew.org; Fri, 04 Sep 2020 07:27:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39724) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kE9rx-0002BJ-Qe for qemu-devel@nongnu.org; Fri, 04 Sep 2020 07:27:01 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:29160 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kE9rw-0003Lc-9c for qemu-devel@nongnu.org; Fri, 04 Sep 2020 07:27:01 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-564-XebIsszlPRKnl4p5h7ipRQ-1; Fri, 04 Sep 2020 07:26:55 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E05FB85B684; Fri, 4 Sep 2020 11:26:54 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-112-62.ams2.redhat.com [10.36.112.62]) by smtp.corp.redhat.com (Postfix) with ESMTP id 11A9C196FD; Fri, 4 Sep 2020 11:26:49 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 33101364D; Fri, 4 Sep 2020 13:26:48 +0200 (CEST) X-MC-Unique: XebIsszlPRKnl4p5h7ipRQ-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Subject: [PULL 1/2] virtio-gpu: fix unmap the already mapped items Date: Fri, 4 Sep 2020 13:26:47 +0200 Message-Id: <20200904112648.10259-2-kraxel@redhat.com> In-Reply-To: <20200904112648.10259-1-kraxel@redhat.com> References: <20200904112648.10259-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0.001 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.139.110.61; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/04 01:57:11 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Li Qiang , Gerd Hoffmann , Li Zhijian , "Michael S. Tsirkin" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" From: Li Zhijian we go here either (!(*iov)[i].iov_base) or (len !=3D l), so we need to cons= ider to unmap the 'i'th item as well when the 'i'th item is not nil CC: Li Qiang Signed-off-by: Li Zhijian Message-id: 20200827035855.24354-1-lizhijian@cn.fujitsu.com Signed-off-by: Gerd Hoffmann --- hw/display/virtio-gpu.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c index 5f0dd7c15002..90be4e3ed719 100644 --- a/hw/display/virtio-gpu.c +++ b/hw/display/virtio-gpu.c @@ -646,9 +646,9 @@ int virtio_gpu_create_mapping_iov(VirtIOGPU *g, uint64_t a =3D le64_to_cpu(ents[i].addr); uint32_t l =3D le32_to_cpu(ents[i].length); hwaddr len =3D l; - (*iov)[i].iov_len =3D l; (*iov)[i].iov_base =3D dma_memory_map(VIRTIO_DEVICE(g)->dma_as, a, &len, DMA_DIRECTION_TO_DEVI= CE); + (*iov)[i].iov_len =3D len; if (addr) { (*addr)[i] =3D a; } @@ -656,6 +656,9 @@ int virtio_gpu_create_mapping_iov(VirtIOGPU *g, qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to map MMIO memory = for" " resource %d element %d\n", __func__, ab->resource_id, i); + if ((*iov)[i].iov_base) { + i++; /* cleanup the 'i'th map */ + } virtio_gpu_cleanup_mapping_iov(g, *iov, i); g_free(ents); *iov =3D NULL; --=20 2.27.0 From nobody Sun May 5 19:33:38 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1599218876; cv=none; d=zohomail.com; s=zohoarc; b=YycaCJSpVCrmc7GsTy6lJKRhfObVZkOUlU1NMcXOrsxcA08zcNOuN//76I2yqPfkmdnXe5MALgRsPILwPVmLFzj43M7LtiE/iZyfOMlRnCpPBNcXUbcEGvIQoQ5gdU8RzYmAzmN/VtR41NintPweZP2AJlAa9IqwndSuxH6IDGE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1599218876; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=hngWtsFTxn3LMsGtKA6PdjFT1F6IOvfAQrgr0SqAr5A=; b=b+eUagxoisXoO0vTCKI/HhZufz4W/2UxBif46GyyH19Vzo+4mQ+9RIdJzFDP0ta1e0dgI8vhT69Cjyw9VQ6sd2qns2s4XxAth6Wo88qVX1LlA+71GwiXD241trdeR9boSIMl+O28A/PP+56pLHWE9phbwkxiXRo3x7RDml4Mn2I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 159921887658910.132236496874953; Fri, 4 Sep 2020 04:27:56 -0700 (PDT) Received: from localhost ([::1]:50926 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kE9sp-0003ec-Si for importer@patchew.org; Fri, 04 Sep 2020 07:27:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39736) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kE9s2-0002Iy-41 for qemu-devel@nongnu.org; Fri, 04 Sep 2020 07:27:06 -0400 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:49197) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1kE9s0-0003MD-2a for qemu-devel@nongnu.org; Fri, 04 Sep 2020 07:27:05 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-56-rWpNN7NdMb-X3jC4c9JIdw-1; Fri, 04 Sep 2020 07:26:57 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id F1660107465A; Fri, 4 Sep 2020 11:26:55 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-112-62.ams2.redhat.com [10.36.112.62]) by smtp.corp.redhat.com (Postfix) with ESMTP id 13FDD7E41B; Fri, 4 Sep 2020 11:26:49 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 3C1C245AE; Fri, 4 Sep 2020 13:26:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599218822; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hngWtsFTxn3LMsGtKA6PdjFT1F6IOvfAQrgr0SqAr5A=; b=W+0hqFlTmFCDjII0kHe1F3970QCPecOSjYzwD0e0yqK/eog/nCrAgh7sptQ9KHPYT3Jqxp 2wqStcMbK6ebgS5VdjyPQf6QDEtC/6lMAdkEJPSsEKYESBU0YaL5FTWXqieSPJYIz0hnWS f+xk4NdtS2/hxkpcq3agfl+ujdVxU1k= X-MC-Unique: rWpNN7NdMb-X3jC4c9JIdw-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Subject: [PULL 2/2] cirrus: handle wraparound in cirrus_invalidate_region Date: Fri, 4 Sep 2020 13:26:48 +0200 Message-Id: <20200904112648.10259-3-kraxel@redhat.com> In-Reply-To: <20200904112648.10259-1-kraxel@redhat.com> References: <20200904112648.10259-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=63.128.21.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/09/04 06:46:59 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Li Qiang , Gerd Hoffmann , "Michael S. Tsirkin" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Code simply asserts that there is no wraparound instead of handling it properly. The assert() can be triggered by the guest (must be privilidged inside the guest though). Fix it. Buglink: https://bugs.launchpad.net/qemu/+bug/1880189 Cc: Li Qiang Reported-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Gerd Hoffmann Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Li Qiang Message-id: 20200901140944.24101-1-kraxel@redhat.com --- hw/display/cirrus_vga.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c index 02d9ed0bd465..41e71af08a0f 100644 --- a/hw/display/cirrus_vga.c +++ b/hw/display/cirrus_vga.c @@ -640,10 +640,16 @@ static void cirrus_invalidate_region(CirrusVGAState *= s, int off_begin, } =20 for (y =3D 0; y < lines; y++) { - off_cur =3D off_begin; + off_cur =3D off_begin & s->cirrus_addr_mask; off_cur_end =3D ((off_cur + bytesperline - 1) & s->cirrus_addr_mas= k) + 1; - assert(off_cur_end >=3D off_cur); - memory_region_set_dirty(&s->vga.vram, off_cur, off_cur_end - off_c= ur); + if (off_cur_end >=3D off_cur) { + memory_region_set_dirty(&s->vga.vram, off_cur, off_cur_end - o= ff_cur); + } else { + /* wraparound */ + memory_region_set_dirty(&s->vga.vram, off_cur, + s->cirrus_addr_mask + 1 - off_cur); + memory_region_set_dirty(&s->vga.vram, 0, off_cur_end); + } off_begin +=3D off_pitch; } } --=20 2.27.0