Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 340e01248478ba8b78a6d4d1809b1eff > files > 153

kvm-83-270.el5_11.src.rpm

From 305375ec2b44a0e73aa8c28a73bc143f4751014e Mon Sep 17 00:00:00 2001
From: Marcelo Tosatti <mtosatti@redhat.com>
Date: Fri, 29 Jul 2011 16:37:58 +0200
Subject: [PATCH] Fix vga segfaults or screen corruption with large memory
 guests (v2)

RH-Author: Marcelo Tosatti <mtosatti@redhat.com>
Message-id: <20110729163758.GA7686@amt.cnet>
Patchwork-id: 30610
O-Subject: [RHEL5.8 qemu-kvm PATCH] Fix vga segfaults or screen corruption with large memory guests (v2)
Bugzilla: 704081
RH-Acked-by: Avi Kivity <avi@redhat.com>
RH-Acked-by: Gleb Natapov <gleb@redhat.com>
RH-Acked-by: Markus Armbruster <armbru@redhat.com>

(v2: add From field)

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=704081
upstream commit 12c7e75a7c7048c0beb9196bbbedf0070ab29f53

From: Avi Kivity <avi@redhat.com>

[RESEND] Fix vga segfaults or screen corruption with large memory guests

page0 and friends are ram addresses; a smaller size will overflow and
cause a segfault or random corruption.

Change them to ram_addr_t.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Michal Novotny <mignov@gmail.com>
---
 qemu/hw/vga.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/qemu/hw/vga.c b/qemu/hw/vga.c
index ae9977d..da3034f 100644
--- a/qemu/hw/vga.c
+++ b/qemu/hw/vga.c
@@ -1608,7 +1608,7 @@ static void vga_draw_graphic(VGAState *s, int full_update)
     int disp_width, multi_scan, multi_run;
     uint8_t *d;
     uint32_t v, addr1, addr;
-    long page0, page1, page_min, page_max;
+    ram_addr_t page0, page1, page_min, page_max;
     vga_draw_line_func *vga_draw_line;
 
     full_update |= update_basic_params(s);
@@ -1707,8 +1707,8 @@ static void vga_draw_graphic(VGAState *s, int full_update)
     addr1 = (s->start_addr * 4);
     bwidth = (width * bits + 7) / 8;
     y_start = -1;
-    page_min = 0x7fffffff;
-    page_max = -1;
+    page_min = -1;
+    page_max = 0;
     d = ds_get_data(s->ds);
     linesize = ds_get_linesize(s->ds);
     y1 = 0;
@@ -1773,7 +1773,7 @@ static void vga_draw_graphic(VGAState *s, int full_update)
                    disp_width, y - y_start);
     }
     /* reset modified pages */
-    if (page_max != -1) {
+    if (page_max >= page_min) {
         cpu_physical_memory_reset_dirty(page_min, page_max + TARGET_PAGE_SIZE,
                                         VGA_DIRTY_FLAG);
     }
-- 
1.7.4.4

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional