[Spice-commits] 2 commits - exec.c hw/pc_piix.c
Gerd Hoffmann
kraxel at kemper.freedesktop.org
Tue Aug 31 07:19:26 PDT 2010
exec.c | 2 ++
hw/pc_piix.c | 1 +
2 files changed, 3 insertions(+)
New commits:
commit 02a89b219039621c940863aa5a9da4fec81a1546
Author: Isaku Yamahata <yamahata at valinux.co.jp>
Date: Wed Aug 4 17:43:20 2010 +0900
isapc: fix segfault.
https://bugs.launchpad.net/bugs/611646
reports that ./i386-softmmu/qemu -M isapc segfaults.
This patch fixes the segfault introduced by
f885f1eaa8711c06033ceb1599e3750fb37c306f
It's because i440fx_state in pc_init1() isn't initialized.
> Core was generated by `./i386-softmmu/qemu -M isapc'.
> Program terminated with signal 11, Segmentation fault.
> [New process 19686]
> at qemu/hw/piix_pci.c:136
> (gdb) where
> at qemu/hw/piix_pci.c:136
> boot_device=0x7fffe1f5b040 "cad", kernel_filename=0x0,
> kernel_cmdline=0x6469bf "", initrd_filename=0x0,
> cpu_model=0x654d10 "486", pci_enabled=0)
> at qemu/hw/pc_piix.c:178
> boot_device=0x7fffe1f5b040 "cad", kernel_filename=0x0,
> kernel_cmdline=0x6469bf "", initrd_filename=0x0, cpu_model=0x654d10 "486")
> at qemu/hw/pc_piix.c:207
> envp=0x7fffe1f5b188)
> at qemu/vl.c:2871
Signed-off-by: Markus Armbruster <armbru at redhat.com>
Signed-off-by: Isaku Yamahata <yamahata at valinux.co.jp>
Signed-off-by: Blue Swirl <blauwirbel at gmail.com>
diff --git a/hw/pc_piix.c b/hw/pc_piix.c
index 32a1057..12359a7 100644
--- a/hw/pc_piix.c
+++ b/hw/pc_piix.c
@@ -104,6 +104,7 @@ static void pc_init1(ram_addr_t ram_size,
pci_bus = i440fx_init(&i440fx_state, &piix3_devfn, isa_irq, ram_size);
} else {
pci_bus = NULL;
+ i440fx_state = NULL;
isa_bus_new(NULL);
}
isa_bus_irqs(isa_irq);
commit 95c318f5e1f88d7e5bcc6deac17330fd4806a2d3
Author: Gleb Natapov <gleb at redhat.com>
Date: Thu Jul 29 10:41:45 2010 +0300
Fix segfault in mmio subpage handling code.
It is possible that subpage mmio is registered over existing memory
page. When this happens "memory" will have real memory address and not
index into io_mem array so next access to the page will generate
segfault. It is uncommon to have some part of a page to be accessed as
memory and some as mmio, but qemu shouldn't crash even when guest does
stupid things. So lets just pretend that the rest of the page is
unassigned if guest configure part of the memory page as mmio.
Signed-off-by: Gleb Natapov <gleb at redhat.com>
Signed-off-by: Blue Swirl <blauwirbel at gmail.com>
diff --git a/exec.c b/exec.c
index 82bfffc..380dab5 100644
--- a/exec.c
+++ b/exec.c
@@ -3293,6 +3293,8 @@ static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
mmio, start, end, idx, eidx, memory);
#endif
+ if ((memory & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
+ memory = IO_MEM_UNASSIGNED;
memory = (memory >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
for (; idx <= eidx; idx++) {
mmio->sub_io_index[idx] = memory;
More information about the Spice-commits
mailing list