vga: adjust dirty memory region if pel panning is active

When pel panning is active, one more byte is read from each of the VGA memory planes. This has to be accounted in the computation of region_end, otherwise vga_draw_graphic() fails an assertion: qemu-system-i386: ../system/physmem.c:946: cpu_physical_memory_snapshot_get_dirty: Assertion `start + length <= snap->end' failed. Reported-by: Helge Konetzka <hk@zapateado.de> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2244 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-04-02 12:25:57 +02:00 · 2024-04-02 12:25:57 +02:00 · 3b6d2b1962
commit 3b6d2b1962
parent 3826a372e4
1 changed files with 4 additions and 1 deletions
--- a/hw/display/vga.c
+++ b/hw/display/vga.c
@ -1571,11 +1571,15 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
            break;
        }
    }
+    hpel = bits <= 8 ? s->params.hpel : 0;

    region_start = (s->params.start_addr * 4);
    region_end = region_start + (ram_addr_t)s->params.line_offset * height;
    region_end += width * depth / 8; /* scanline length */
    region_end -= s->params.line_offset;
+    if (hpel) {
+        region_end += 4;
+    }
    if (region_end > s->vbe_size || depth == 0 || depth == 15) {
        /*
         * We land here on:
@ -1660,7 +1664,6 @@ static void vga_draw_graphic(VGACommonState *s, int full_update)
           width, height, v, line_offset, s->cr[9], s->cr[VGA_CRTC_MODE],
           s->params.line_compare, sr(s, VGA_SEQ_CLOCK_MODE));
 #endif
-    hpel = bits <= 8 ? s->params.hpel : 0;
    addr1 = (s->params.start_addr * 4);
    bwidth = DIV_ROUND_UP(width * bits, 8);
    if (hpel) {