summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/qemu/qemu/CVE-2016-3712_p2.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2016-3712_p2.patch')
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2016-3712_p2.patch132
1 files changed, 0 insertions, 132 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2016-3712_p2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2016-3712_p2.patch
deleted file mode 100644
index 11330d766d..0000000000
--- a/meta/recipes-devtools/qemu/qemu/CVE-2016-3712_p2.patch
+++ /dev/null
@@ -1,132 +0,0 @@
1From 2f2f74e87c15e830f5a4dda7a166effcab5047ec Mon Sep 17 00:00:00 2001
2From: Gerd Hoffmann <kraxel@redhat.com>
3Date: Tue, 26 Apr 2016 15:24:18 +0200
4Subject: [PATCH 2/4] vga: factor out vga register setup
5
6When enabling vbe mode qemu will setup a bunch of vga registers to make
7sure the vga emulation operates in correct mode for a linear
8framebuffer. Move that code to a separate function so we can call it
9from other places too.
10
11Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
12Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
13
14Upstream-Status: Backport
15CVE: CVE-2016-3712 patch2
16Signed-off-by: Armin Kuster <akuster@mvista.com>
17
18---
19 hw/display/vga.c | 78 ++++++++++++++++++++++++++++++++------------------------
20 1 file changed, 44 insertions(+), 34 deletions(-)
21
22diff --git a/hw/display/vga.c b/hw/display/vga.c
23index cc1a682..f1987e3 100644
24--- a/hw/display/vga.c
25+++ b/hw/display/vga.c
26@@ -642,6 +642,49 @@ static void vbe_fixup_regs(VGACommonState *s)
27 s->vbe_start_addr = offset / 4;
28 }
29
30+/* we initialize the VGA graphic mode */
31+static void vbe_update_vgaregs(VGACommonState *s)
32+{
33+ int h, shift_control;
34+
35+ if (!vbe_enabled(s)) {
36+ /* vbe is turned off -- nothing to do */
37+ return;
38+ }
39+
40+ /* graphic mode + memory map 1 */
41+ s->gr[VGA_GFX_MISC] = (s->gr[VGA_GFX_MISC] & ~0x0c) | 0x04 |
42+ VGA_GR06_GRAPHICS_MODE;
43+ s->cr[VGA_CRTC_MODE] |= 3; /* no CGA modes */
44+ s->cr[VGA_CRTC_OFFSET] = s->vbe_line_offset >> 3;
45+ /* width */
46+ s->cr[VGA_CRTC_H_DISP] =
47+ (s->vbe_regs[VBE_DISPI_INDEX_XRES] >> 3) - 1;
48+ /* height (only meaningful if < 1024) */
49+ h = s->vbe_regs[VBE_DISPI_INDEX_YRES] - 1;
50+ s->cr[VGA_CRTC_V_DISP_END] = h;
51+ s->cr[VGA_CRTC_OVERFLOW] = (s->cr[VGA_CRTC_OVERFLOW] & ~0x42) |
52+ ((h >> 7) & 0x02) | ((h >> 3) & 0x40);
53+ /* line compare to 1023 */
54+ s->cr[VGA_CRTC_LINE_COMPARE] = 0xff;
55+ s->cr[VGA_CRTC_OVERFLOW] |= 0x10;
56+ s->cr[VGA_CRTC_MAX_SCAN] |= 0x40;
57+
58+ if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4) {
59+ shift_control = 0;
60+ s->sr[VGA_SEQ_CLOCK_MODE] &= ~8; /* no double line */
61+ } else {
62+ shift_control = 2;
63+ /* set chain 4 mode */
64+ s->sr[VGA_SEQ_MEMORY_MODE] |= VGA_SR04_CHN_4M;
65+ /* activate all planes */
66+ s->sr[VGA_SEQ_PLANE_WRITE] |= VGA_SR02_ALL_PLANES;
67+ }
68+ s->gr[VGA_GFX_MODE] = (s->gr[VGA_GFX_MODE] & ~0x60) |
69+ (shift_control << 5);
70+ s->cr[VGA_CRTC_MAX_SCAN] &= ~0x9f; /* no double scan */
71+}
72+
73 static uint32_t vbe_ioport_read_index(void *opaque, uint32_t addr)
74 {
75 VGACommonState *s = opaque;
76@@ -728,52 +771,19 @@ void vbe_ioport_write_data(void *opaque, uint32_t addr, uint32_t val)
77 case VBE_DISPI_INDEX_ENABLE:
78 if ((val & VBE_DISPI_ENABLED) &&
79 !(s->vbe_regs[VBE_DISPI_INDEX_ENABLE] & VBE_DISPI_ENABLED)) {
80- int h, shift_control;
81
82 s->vbe_regs[VBE_DISPI_INDEX_VIRT_WIDTH] = 0;
83 s->vbe_regs[VBE_DISPI_INDEX_X_OFFSET] = 0;
84 s->vbe_regs[VBE_DISPI_INDEX_Y_OFFSET] = 0;
85 s->vbe_regs[VBE_DISPI_INDEX_ENABLE] |= VBE_DISPI_ENABLED;
86 vbe_fixup_regs(s);
87+ vbe_update_vgaregs(s);
88
89 /* clear the screen */
90 if (!(val & VBE_DISPI_NOCLEARMEM)) {
91 memset(s->vram_ptr, 0,
92 s->vbe_regs[VBE_DISPI_INDEX_YRES] * s->vbe_line_offset);
93 }
94-
95- /* we initialize the VGA graphic mode */
96- /* graphic mode + memory map 1 */
97- s->gr[VGA_GFX_MISC] = (s->gr[VGA_GFX_MISC] & ~0x0c) | 0x04 |
98- VGA_GR06_GRAPHICS_MODE;
99- s->cr[VGA_CRTC_MODE] |= 3; /* no CGA modes */
100- s->cr[VGA_CRTC_OFFSET] = s->vbe_line_offset >> 3;
101- /* width */
102- s->cr[VGA_CRTC_H_DISP] =
103- (s->vbe_regs[VBE_DISPI_INDEX_XRES] >> 3) - 1;
104- /* height (only meaningful if < 1024) */
105- h = s->vbe_regs[VBE_DISPI_INDEX_YRES] - 1;
106- s->cr[VGA_CRTC_V_DISP_END] = h;
107- s->cr[VGA_CRTC_OVERFLOW] = (s->cr[VGA_CRTC_OVERFLOW] & ~0x42) |
108- ((h >> 7) & 0x02) | ((h >> 3) & 0x40);
109- /* line compare to 1023 */
110- s->cr[VGA_CRTC_LINE_COMPARE] = 0xff;
111- s->cr[VGA_CRTC_OVERFLOW] |= 0x10;
112- s->cr[VGA_CRTC_MAX_SCAN] |= 0x40;
113-
114- if (s->vbe_regs[VBE_DISPI_INDEX_BPP] == 4) {
115- shift_control = 0;
116- s->sr[VGA_SEQ_CLOCK_MODE] &= ~8; /* no double line */
117- } else {
118- shift_control = 2;
119- /* set chain 4 mode */
120- s->sr[VGA_SEQ_MEMORY_MODE] |= VGA_SR04_CHN_4M;
121- /* activate all planes */
122- s->sr[VGA_SEQ_PLANE_WRITE] |= VGA_SR02_ALL_PLANES;
123- }
124- s->gr[VGA_GFX_MODE] = (s->gr[VGA_GFX_MODE] & ~0x60) |
125- (shift_control << 5);
126- s->cr[VGA_CRTC_MAX_SCAN] &= ~0x9f; /* no double scan */
127 } else {
128 s->bank_offset = 0;
129 }
130--
1312.7.4
132