Hi Qiming,
On 5/9/19 10:57 AM, Hou Qiming wrote:
Please format the commit subject with a prefix and do not use the same
subject for all the pacthes
in the series, for this patch it can be something like:
Next version should also have a V2 in the prefix, for this patch it can
look something like:
[PATCH v2 1/3] hw/display/ramfb: fix guest memory un-mapping
Pulled back the `qemu_create_displaysurface_guestmem` function to create
the display surface so that the guest memory gets properly unmaped.
Signed-off-by: HOU Qiming <hqm03s...@gmail.com
<mailto:hqm03s...@gmail.com>>
---
hw/display/ramfb.c | 53 ++++++++++++++++++++++++++++++++++++----------
1 file changed, 42 insertions(+), 11 deletions(-)
diff --git a/hw/display/ramfb.c b/hw/display/ramfb.c
index 25c8ad7..c27fcc7 100644
--- a/hw/display/ramfb.c
+++ b/hw/display/ramfb.c
@@ -29,13 +29,50 @@ struct QEMU_PACKED RAMFBCfg {
struct RAMFBState {
DisplaySurface *ds;
uint32_t width, height;
+ hwaddr addr, length;
struct RAMFBCfg cfg;
};
+static void qemu_unmap_displaysurface_guestmem(pixman_image_t *image,
+ void *unused)
+{
+ void *data = pixman_image_get_data(image);
+ uint32_t size = pixman_image_get_stride(image) *
+ pixman_image_get_height(image);
+ cpu_physical_memory_unmap(data, size, 0, 0);
+}
+
+static DisplaySurface *qemu_create_displaysurface_guestmem(
+ int width, int height,
+ pixman_format_code_t format,
+ int linesize, uint64_t addr)
+{
+ DisplaySurface *surface;
+ hwaddr size;
+ void *data;
+
+ if (linesize == 0) {
+ linesize = width * PIXMAN_FORMAT_BPP(format) / 8;
+ }
+
+ size = (hwaddr)linesize * height;
+ data = cpu_physical_memory_map(addr, &size, 0);
+ if (size != (hwaddr)linesize * height) {
+ cpu_physical_memory_unmap(data, size, 0, 0);
+ return NULL;
Will this result in a silent failure? So we need to add something to the
log?
Thanks,
Marcel
+ }
+
+ surface = qemu_create_displaysurface_from
+ (width, height, format, linesize, data);
+ pixman_image_set_destroy_function
+ (surface->image, qemu_unmap_displaysurface_guestmem, NULL);
+
+ return surface;
+}
+
static void ramfb_fw_cfg_write(void *dev, off_t offset, size_t len)
{
RAMFBState *s = dev;
- void *framebuffer;
uint32_t fourcc, format;
hwaddr stride, addr, length;
@@ -49,16 +86,10 @@ static void ramfb_fw_cfg_write(void *dev, off_t
offset, size_t len)
fprintf(stderr, "%s: %dx%d @ 0x%" PRIx64 "\n", __func__,
s->width, s->height, addr);
- framebuffer = address_space_map(&address_space_memory,
- addr, &length, false,
- MEMTXATTRS_UNSPECIFIED);
- if (!framebuffer || length < stride * s->height) {
- s->width = 0;
- s->height = 0;
- return;
- }
- s->ds = qemu_create_displaysurface_from(s->width, s->height,
- format, stride, framebuffer);
+ s->addr = addr;
+ s->length = length;
+ s->ds = qemu_create_displaysurface_guestmem(s->width, s->height,
+ format, stride, s->addr);
}
void ramfb_display_update(QemuConsole *con, RAMFBState *s)
--
2.17.1
