+-- On Wed, 3 Jun 2020, BALATON Zoltan wrote --+
| or even > MM_DATA + 3 may be best as that only refers to defines used in
| that case. So maybe
|
| + } else if (s->regs.mm_index > MM_DATA + 3) {
| > ati_mm_write(s, s->regs.mm_index + addr - MM_DATA, data, size);
| > }
| >
| > and do the
On Wed, 3 Jun 2020, BALATON Zoltan wrote:
On Wed, 3 Jun 2020, P J P wrote:
+-- On Wed, 3 Jun 2020, Gerd Hoffmann wrote --+
| Hmm, why modify mm_index? Shouldn't we just check it is non-zero
| before calling ati_mm_read/ati_mm_write?
if (s->regs.mm_index & BIT(31)) {
...
} else {
On Wed, 3 Jun 2020, P J P wrote:
+-- On Wed, 3 Jun 2020, Gerd Hoffmann wrote --+
| Hmm, why modify mm_index? Shouldn't we just check it is non-zero
| before calling ati_mm_read/ati_mm_write?
if (s->regs.mm_index & BIT(31)) {
...
} else {
ati_mm_write(s, s->regs.mm_index + addr -
On Wed, Jun 03, 2020 at 08:05:50PM +0530, P J P wrote:
> +-- On Wed, 3 Jun 2020, Gerd Hoffmann wrote --+
> | Hmm, why modify mm_index? Shouldn't we just check it is non-zero
> | before calling ati_mm_read/ati_mm_write?
>
> if (s->regs.mm_index & BIT(31)) {
> ...
> } else {
} else if
+-- On Wed, 3 Jun 2020, Gerd Hoffmann wrote --+
| Hmm, why modify mm_index? Shouldn't we just check it is non-zero
| before calling ati_mm_read/ati_mm_write?
if (s->regs.mm_index & BIT(31)) {
...
} else {
ati_mm_write(s, s->regs.mm_index + addr - MM_DATA, data, size);
}
Exit
On Wed, 3 Jun 2020, Gerd Hoffmann wrote:
On Wed, Jun 03, 2020 at 06:17:32PM +0530, P J P wrote:
From: Prasad J Pandit
While accessing VGA registers via ati_mm_read/write routines,
a guest may set 's->regs.mm_index' such that it leads to infinite
recursion.
Lovely.
Increment the mm_index
On Wed, Jun 03, 2020 at 06:17:32PM +0530, P J P wrote:
> From: Prasad J Pandit
>
> While accessing VGA registers via ati_mm_read/write routines,
> a guest may set 's->regs.mm_index' such that it leads to infinite
> recursion.
Lovely.
> Increment the mm_index value to avoid it.
Hmm, why modify
From: Prasad J Pandit
While accessing VGA registers via ati_mm_read/write routines,
a guest may set 's->regs.mm_index' such that it leads to infinite
recursion. Increment the mm_index value to avoid it.
Reported-by: Ren Ding
Reported-by: Hanqing Zhao
Reported-by: Yi Ren
Signed-off-by: Prasad