| Message ID | 20200420083236.19309-8-armbru@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | Miscellaneous error handling fixes | expand |
On 4/20/20 10:32 AM, Markus Armbruster wrote: > bochs_display_realize() rejects out-of-range vgamem. The error > handling is broken: > > $ qemu-system-x86_64 -S -display none -monitor stdio > QEMU 4.2.93 monitor - type 'help' for more information > (qemu) device_add bochs-display,vgamem=1 > Error: bochs-display: video memory too small > (qemu) device_add bochs-display,vgamem=1 > RAMBlock "0000:00:04.0/bochs-display-vram" already registered, abort! > Aborted (core dumped) > > Cause: bochs_display_realize() neglects to bail out after setting the > error. Fix that. > > Fixes: 765c94290863eef1fc4a67819d452cc13b7854a1 > Cc: Gerd Hoffmann <kraxel@redhat.com> > Signed-off-by: Markus Armbruster <armbru@redhat.com> > --- > hw/display/bochs-display.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/hw/display/bochs-display.c b/hw/display/bochs-display.c > index 70eb619ef4..e763a0a72d 100644 > --- a/hw/display/bochs-display.c > +++ b/hw/display/bochs-display.c > @@ -267,16 +267,18 @@ static void bochs_display_realize(PCIDevice *dev, Error **errp) > Object *obj = OBJECT(dev); > int ret; > > - s->con = graphic_console_init(DEVICE(dev), 0, &bochs_display_gfx_ops, s); > - > if (s->vgamem < 4 * MiB) { > error_setg(errp, "bochs-display: video memory too small"); > + return; > } > if (s->vgamem > 256 * MiB) { > error_setg(errp, "bochs-display: video memory too big"); > + return; > } > s->vgamem = pow2ceil(s->vgamem); > > + s->con = graphic_console_init(DEVICE(dev), 0, &bochs_display_gfx_ops, s); > + > memory_region_init_ram(&s->vram, obj, "bochs-display-vram", s->vgamem, > &error_fatal); > memory_region_init_io(&s->vbe, obj, &bochs_display_vbe_ops, s, > Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
diff --git a/hw/display/bochs-display.c b/hw/display/bochs-display.c index 70eb619ef4..e763a0a72d 100644 --- a/hw/display/bochs-display.c +++ b/hw/display/bochs-display.c @@ -267,16 +267,18 @@ static void bochs_display_realize(PCIDevice *dev, Error **errp) Object *obj = OBJECT(dev); int ret; - s->con = graphic_console_init(DEVICE(dev), 0, &bochs_display_gfx_ops, s); - if (s->vgamem < 4 * MiB) { error_setg(errp, "bochs-display: video memory too small"); + return; } if (s->vgamem > 256 * MiB) { error_setg(errp, "bochs-display: video memory too big"); + return; } s->vgamem = pow2ceil(s->vgamem); + s->con = graphic_console_init(DEVICE(dev), 0, &bochs_display_gfx_ops, s); + memory_region_init_ram(&s->vram, obj, "bochs-display-vram", s->vgamem, &error_fatal); memory_region_init_io(&s->vbe, obj, &bochs_display_vbe_ops, s,
bochs_display_realize() rejects out-of-range vgamem. The error handling is broken: $ qemu-system-x86_64 -S -display none -monitor stdio QEMU 4.2.93 monitor - type 'help' for more information (qemu) device_add bochs-display,vgamem=1 Error: bochs-display: video memory too small (qemu) device_add bochs-display,vgamem=1 RAMBlock "0000:00:04.0/bochs-display-vram" already registered, abort! Aborted (core dumped) Cause: bochs_display_realize() neglects to bail out after setting the error. Fix that. Fixes: 765c94290863eef1fc4a67819d452cc13b7854a1 Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> --- hw/display/bochs-display.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)