[OpenBIOS] [PATCH] ppc: fix CUDA autopoll packet handling
Cormac O'Brien
cormac at c-obrien.org
Sun Jul 19 23:09:11 CEST 2015
On 2015-07-19 15:44, Cormac O'Brien wrote:
> QEMU's CUDA packet handling model has been updated to provide a correct
> 3-byte
> header. This patch allows OpenBIOS to handle this special case
> correctly.
>
> Signed-off-by: Cormac O'Brien <cormac at c-obrien.org>
> ---
> drivers/cuda.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/cuda.c b/drivers/cuda.c
> index 9555dea..5fe75a4 100644
> --- a/drivers/cuda.c
> +++ b/drivers/cuda.c
> @@ -58,6 +58,7 @@
> #define CUDA_PACKET 1
>
> /* CUDA commands (2nd byte) */
> +#define CUDA_AUTOPOLL 0x01
> #define CUDA_GET_TIME 0x03
> #define CUDA_SET_TIME 0x09
> #define CUDA_POWERDOWN 0x0a
> @@ -147,8 +148,14 @@ static int cuda_adb_req (void *host, const
> uint8_t *snd_buf, int len,
> pos = buffer + 2;
> len -= 2;
> } else {
> - pos = buffer + 1;
> - len = -1;
> + /* Autopoll packet headers are 3 bytes */
> + if (len > 2 && buffer[1] == CUDA_AUTOPOLL) {
> + pos = buffer + 3;
> + len -= 3;
> + } else {
> + pos = buffer + 1;
> + len = -1;
> + }
> }
> memcpy(rcv_buf, pos, len);
>
> --
> 2.4.6
Segher has pointed out an additional existing bug in this function:
'len = -1' is probably intended to be 'len -= 1' and will cause a
memcpy() of SIZE_MAX, which is probably not too kind to the
emulator unless it never gets called, which seems more likely.
~Cormac
More information about the OpenBIOS
mailing list