From patchwork Wed Apr 25 09:13:18 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alon Levy X-Patchwork-Id: 154839 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 92E68B6FAA for ; Wed, 25 Apr 2012 19:14:24 +1000 (EST) Received: from localhost ([::1]:56197 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SMyIo-0000M9-Bg for incoming@patchwork.ozlabs.org; Wed, 25 Apr 2012 05:14:22 -0400 Received: from eggs.gnu.org ([208.118.235.92]:44132) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SMyIQ-00082N-SE for qemu-devel@nongnu.org; Wed, 25 Apr 2012 05:14:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SMyII-0001dn-Kz for qemu-devel@nongnu.org; Wed, 25 Apr 2012 05:13:58 -0400 Received: from mx1.redhat.com ([209.132.183.28]:23934) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SMyII-0001dX-Ao for qemu-devel@nongnu.org; Wed, 25 Apr 2012 05:13:50 -0400 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q3P9DmPs027414 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 25 Apr 2012 05:13:48 -0400 Received: from garlic.redhat.com (vpn-202-70.tlv.redhat.com [10.35.202.70]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id q3P9DVQt024620; Wed, 25 Apr 2012 05:13:42 -0400 From: Alon Levy To: qemu-devel@nongnu.org, kraxel@redhat.com Date: Wed, 25 Apr 2012 12:13:18 +0300 Message-Id: <1335345205-8908-2-git-send-email-alevy@redhat.com> In-Reply-To: <1335345205-8908-1-git-send-email-alevy@redhat.com> References: <4F967EEA.6000302@redhat.com> <1335345205-8908-1-git-send-email-alevy@redhat.com> X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 2/9] qxl: check for NULL return from qxl_phys2virt X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Signed-off-by: Alon Levy --- hw/qxl-logger.c | 51 ++++++++++++++++++++++++++++++++++++++------------- hw/qxl-render.c | 14 +++++++++++--- hw/qxl.c | 13 ++++++++++++- hw/qxl.h | 6 +++--- 4 files changed, 64 insertions(+), 20 deletions(-) diff --git a/hw/qxl-logger.c b/hw/qxl-logger.c index 367aad1..fe2878c 100644 --- a/hw/qxl-logger.c +++ b/hw/qxl-logger.c @@ -100,12 +100,15 @@ static const char *qxl_v2n(const char *n[], size_t l, int v) } #define qxl_name(_list, _value) qxl_v2n(_list, ARRAY_SIZE(_list), _value) -static void qxl_log_image(PCIQXLDevice *qxl, QXLPHYSICAL addr, int group_id) +static int qxl_log_image(PCIQXLDevice *qxl, QXLPHYSICAL addr, int group_id) { QXLImage *image; QXLImageDescriptor *desc; image = qxl_phys2virt(qxl, addr, group_id); + if (!image) { + return 1; + } desc = &image->descriptor; fprintf(stderr, " (id %" PRIx64 " type %d flags %d width %d height %d", desc->id, desc->type, desc->flags, desc->width, desc->height); @@ -120,6 +123,7 @@ static void qxl_log_image(PCIQXLDevice *qxl, QXLPHYSICAL addr, int group_id) break; } fprintf(stderr, ")"); + return 0; } static void qxl_log_rect(QXLRect *rect) @@ -130,17 +134,24 @@ static void qxl_log_rect(QXLRect *rect) rect->left, rect->top); } -static void qxl_log_cmd_draw_copy(PCIQXLDevice *qxl, QXLCopy *copy, int group_id) +static int qxl_log_cmd_draw_copy(PCIQXLDevice *qxl, QXLCopy *copy, + int group_id) { + int ret; + fprintf(stderr, " src %" PRIx64, copy->src_bitmap); - qxl_log_image(qxl, copy->src_bitmap, group_id); + ret = qxl_log_image(qxl, copy->src_bitmap, group_id); + if (ret != 0) { + return ret; + } fprintf(stderr, " area"); qxl_log_rect(©->src_area); fprintf(stderr, " rop %d", copy->rop_descriptor); + return 0; } -static void qxl_log_cmd_draw(PCIQXLDevice *qxl, QXLDrawable *draw, int group_id) +static int qxl_log_cmd_draw(PCIQXLDevice *qxl, QXLDrawable *draw, int group_id) { fprintf(stderr, ": surface_id %d type %s effect %s", draw->surface_id, @@ -148,13 +159,14 @@ static void qxl_log_cmd_draw(PCIQXLDevice *qxl, QXLDrawable *draw, int group_id) qxl_name(qxl_draw_effect, draw->effect)); switch (draw->type) { case QXL_DRAW_COPY: - qxl_log_cmd_draw_copy(qxl, &draw->u.copy, group_id); + return qxl_log_cmd_draw_copy(qxl, &draw->u.copy, group_id); break; } + return 0; } -static void qxl_log_cmd_draw_compat(PCIQXLDevice *qxl, QXLCompatDrawable *draw, - int group_id) +static int qxl_log_cmd_draw_compat(PCIQXLDevice *qxl, QXLCompatDrawable *draw, + int group_id) { fprintf(stderr, ": type %s effect %s", qxl_name(qxl_draw_type, draw->type), @@ -166,9 +178,10 @@ static void qxl_log_cmd_draw_compat(PCIQXLDevice *qxl, QXLCompatDrawable *draw, } switch (draw->type) { case QXL_DRAW_COPY: - qxl_log_cmd_draw_copy(qxl, &draw->u.copy, group_id); + return qxl_log_cmd_draw_copy(qxl, &draw->u.copy, group_id); break; } + return 0; } static void qxl_log_cmd_surface(PCIQXLDevice *qxl, QXLSurfaceCmd *cmd) @@ -189,7 +202,7 @@ static void qxl_log_cmd_surface(PCIQXLDevice *qxl, QXLSurfaceCmd *cmd) } } -void qxl_log_cmd_cursor(PCIQXLDevice *qxl, QXLCursorCmd *cmd, int group_id) +int qxl_log_cmd_cursor(PCIQXLDevice *qxl, QXLCursorCmd *cmd, int group_id) { QXLCursor *cursor; @@ -203,6 +216,9 @@ void qxl_log_cmd_cursor(PCIQXLDevice *qxl, QXLCursorCmd *cmd, int group_id) cmd->u.set.visible ? "yes" : "no", cmd->u.set.shape); cursor = qxl_phys2virt(qxl, cmd->u.set.shape, group_id); + if (!cursor) { + return 1; + } fprintf(stderr, " type %s size %dx%d hot-spot +%d+%d" " unique 0x%" PRIx64 " data-size %d", qxl_name(spice_cursor_type, cursor->header.type), @@ -214,15 +230,17 @@ void qxl_log_cmd_cursor(PCIQXLDevice *qxl, QXLCursorCmd *cmd, int group_id) fprintf(stderr, " +%d+%d", cmd->u.position.x, cmd->u.position.y); break; } + return 0; } -void qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext) +int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext) { bool compat = ext->flags & QXL_COMMAND_FLAG_COMPAT; void *data; + int ret; if (!qxl->cmdlog) { - return; + return 0; } fprintf(stderr, "%" PRId64 " qxl-%d/%s:", qemu_get_clock_ns(vm_clock), qxl->id, ring); @@ -231,12 +249,18 @@ void qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext) compat ? "(compat)" : ""); data = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id); + if (!data) { + return 1; + } switch (ext->cmd.type) { case QXL_CMD_DRAW: if (!compat) { - qxl_log_cmd_draw(qxl, data, ext->group_id); + ret = qxl_log_cmd_draw(qxl, data, ext->group_id); } else { - qxl_log_cmd_draw_compat(qxl, data, ext->group_id); + ret = qxl_log_cmd_draw_compat(qxl, data, ext->group_id); + } + if (ret) { + return ret; } break; case QXL_CMD_SURFACE: @@ -247,4 +271,5 @@ void qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext) break; } fprintf(stderr, "\n"); + return 0; } diff --git a/hw/qxl-render.c b/hw/qxl-render.c index f7f1bfd..e2e3fe2 100644 --- a/hw/qxl-render.c +++ b/hw/qxl-render.c @@ -228,14 +228,18 @@ fail: /* called from spice server thread context only */ -void qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext) +int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext) { QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id); QXLCursor *cursor; QEMUCursor *c; + if (!cmd) { + return 1; + } + if (!qxl->ssd.ds->mouse_set || !qxl->ssd.ds->cursor_define) { - return; + return 0; } if (qxl->debug > 1 && cmd->type != QXL_CURSOR_MOVE) { @@ -246,9 +250,12 @@ void qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext) switch (cmd->type) { case QXL_CURSOR_SET: cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id); + if (!cursor) { + return 1; + } if (cursor->chunk.data_size != cursor->data_size) { fprintf(stderr, "%s: multiple chunks\n", __FUNCTION__); - return; + return 1; } c = qxl_cursor(qxl, cursor); if (c == NULL) { @@ -270,4 +277,5 @@ void qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext) qemu_mutex_unlock(&qxl->ssd.lock); break; } + return 0; } diff --git a/hw/qxl.c b/hw/qxl.c index 9e8cdf3..b6a738e 100644 --- a/hw/qxl.c +++ b/hw/qxl.c @@ -383,12 +383,16 @@ static void qxl_ring_set_dirty(PCIQXLDevice *qxl) * keep track of some command state, for savevm/loadvm. * called from spice server thread context only */ -static void qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext) +static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext) { switch (le32_to_cpu(ext->cmd.type)) { case QXL_CMD_SURFACE: { QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id); + + if (!cmd) { + return 1; + } uint32_t id = le32_to_cpu(cmd->surface_id); PANIC_ON(id >= NUM_SURFACES); qemu_mutex_lock(&qxl->track_lock); @@ -408,6 +412,10 @@ static void qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext) case QXL_CMD_CURSOR: { QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id); + + if (!cmd) { + return 1; + } if (cmd->type == QXL_CURSOR_SET) { qemu_mutex_lock(&qxl->track_lock); qxl->guest_cursor = ext->cmd.data; @@ -416,6 +424,7 @@ static void qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext) break; } } + return 0; } /* spice display interface callbacks */ @@ -1568,10 +1577,12 @@ static void qxl_dirty_surfaces(PCIQXLDevice *qxl) cmd = qxl_phys2virt(qxl, qxl->guest_surfaces.cmds[i], MEMSLOT_GROUP_GUEST); + assert(cmd); assert(cmd->type == QXL_SURFACE_CMD_CREATE); surface_offset = (intptr_t)qxl_phys2virt(qxl, cmd->u.surface_create.data, MEMSLOT_GROUP_GUEST); + assert(surface_offset); surface_offset -= vram_start; surface_size = cmd->u.surface_create.height * abs(cmd->u.surface_create.stride); diff --git a/hw/qxl.h b/hw/qxl.h index cbb1e2d..3102950 100644 --- a/hw/qxl.h +++ b/hw/qxl.h @@ -142,12 +142,12 @@ void qxl_spice_reset_image_cache(PCIQXLDevice *qxl); void qxl_spice_reset_cursor(PCIQXLDevice *qxl); /* qxl-logger.c */ -void qxl_log_cmd_cursor(PCIQXLDevice *qxl, QXLCursorCmd *cmd, int group_id); -void qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext); +int qxl_log_cmd_cursor(PCIQXLDevice *qxl, QXLCursorCmd *cmd, int group_id); +int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext); /* qxl-render.c */ void qxl_render_resize(PCIQXLDevice *qxl); void qxl_render_update(PCIQXLDevice *qxl); -void qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext); +int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext); void qxl_render_update_area_done(PCIQXLDevice *qxl, QXLCookie *cookie); void qxl_render_update_area_bh(void *opaque);