cirrus vga save/restore and lfb_addr/lfb_end

Cirrus VGA save and restore functions cast lfb_addr into an uint64_t
pointer while lfb_addr is only an unsigned long.
Same thing happened to lfb_end, causing pci_dev to be partially
overwritten by mistake.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

diff --git a/hw/cirrus_vga.c b/hw/cirrus_vga.c
index e1c18e2af36ccf3761f8b7332b32df75e3fbc239..37e312d744a2fb74621e25674a168a3d16510006 100644 (file)
--- a/hw/cirrus_vga.c
+++ b/hw/cirrus_vga.c
@@ -291,8 +291,8 @@ typedef struct CirrusVGAState {
     int last_hw_cursor_y_end;
     int real_vram_size; /* XXX: suppress that */
     CPUWriteMemoryFunc **cirrus_linear_write;
-    unsigned long map_addr;
-    unsigned long map_end;
+    uint32_t map_addr;
+    uint32_t map_end;
 } CirrusVGAState;
 
 typedef struct PCICirrusVGAState {
@@ -3146,8 +3146,12 @@ static void cirrus_vga_save(QEMUFile *f, void *opaque)
 
     vga_acc = (!!s->map_addr);
     qemu_put_8s(f, &vga_acc);
-    qemu_put_be64s(f, (uint64_t*)&s->lfb_addr);
-    qemu_put_be64s(f, (uint64_t*)&s->lfb_end);
+    qemu_put_be32(f, s->lfb_addr);
+    /* XXX old versions saved rubbish here, keeping for compatibility */
+    qemu_put_be32(f, 0xffffffff);
+    qemu_put_be32(f, s->lfb_end);
+    /* XXX old versions saved rubbish here, keeping for compatibility */
+    qemu_put_be32(f, 0xffffffff);
     qemu_put_be64s(f, &s->stolen_vram_addr);
     if (!s->stolen_vram_addr && !vga_acc)
         /* Old guest: VRAM is not mapped, we have to save it ourselves */
@@ -3204,8 +3208,12 @@ static int cirrus_vga_load(QEMUFile *f, void *opaque, int version_id)
     qemu_get_be32s(f, &s->hw_cursor_y);
 
     qemu_get_8s(f, &vga_acc);
-    qemu_get_be64s(f, (uint64_t*)&s->lfb_addr);
-    qemu_get_be64s(f, (uint64_t*)&s->lfb_end);
+    qemu_get_be32s(f, &s->lfb_addr);
+    /* XXX throwing away 32 bits */
+    qemu_get_be32(f);
+    qemu_get_be32s(f, &s->lfb_end);
+    /* XXX throwing away 32 bits */
+    qemu_get_be32(f);
     if (version_id >= 3) {
         qemu_get_be64s(f, &s->stolen_vram_addr);
         if (!s->stolen_vram_addr && !vga_acc) {

diff --git a/hw/vga_int.h b/hw/vga_int.h
index 188a7553c70f5fc0e3c7d84675c799e3d5cc555a..8aecbb7653995db28574e8394dc372a6ac98980e 100644 (file)
--- a/hw/vga_int.h
+++ b/hw/vga_int.h
@@ -87,8 +87,8 @@
     unsigned int vram_size;                                             \
     unsigned long bios_offset;                                          \
     unsigned int bios_size;                                             \
-    unsigned long lfb_addr;                                             \
-    unsigned long lfb_end;                                              \
+    uint32_t lfb_addr;                                                  \
+    uint32_t lfb_end;                                                   \
     PCIDevice *pci_dev;                                                 \
     uint32_t latch;                                                     \
     uint8_t sr_index;                                                   \