diff options
| author | Gerd Hoffmann <kraxel@redhat.com> | 2016-05-17 10:54:54 +0200 |
|---|---|---|
| committer | Gerd Hoffmann <kraxel@redhat.com> | 2016-05-23 14:28:25 +0200 |
| commit | 94ef4f337fb614f18b765a8e0e878a4c23cdedcd (patch) | |
| tree | f75323eba0e7a410a171fae77cca57b9a5f1a54b /hw/display/vga_int.h | |
| parent | 6b860806c0dd881373ead661c0f3499eca2c3995 (diff) | |
| download | focaccia-qemu-94ef4f337fb614f18b765a8e0e878a4c23cdedcd.tar.gz focaccia-qemu-94ef4f337fb614f18b765a8e0e878a4c23cdedcd.zip | |
vga: add sr_vbe register set
Commit "fd3c136 vga: make sure vga register setup for vbe stays intact (CVE-2016-3712)." causes a regression. The win7 installer is unhappy because it can't freely modify vga registers any more while in vbe mode. This patch introduces a new sr_vbe register set. The vbe_update_vgaregs will fill sr_vbe[] instead of sr[]. Normal vga register reads and writes go to sr[]. Any sr register read access happens through a new sr() helper function which will read from sr_vbe[] with vbe active and from sr[] otherwise. This way we can allow guests update sr[] registers as they want, without allowing them disrupt vbe video modes that way. Cc: qemu-stable@nongnu.org Reported-by: Thomas Lamprecht <thomas@lamprecht.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1463475294-14119-1-git-send-email-kraxel@redhat.com
Diffstat (limited to 'hw/display/vga_int.h')
| -rw-r--r-- | hw/display/vga_int.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/display/vga_int.h b/hw/display/vga_int.h index bdb43a5a34..3ce5544efd 100644 --- a/hw/display/vga_int.h +++ b/hw/display/vga_int.h @@ -98,6 +98,7 @@ typedef struct VGACommonState { MemoryRegion chain4_alias; uint8_t sr_index; uint8_t sr[256]; + uint8_t sr_vbe[256]; uint8_t gr_index; uint8_t gr[256]; uint8_t ar_index; |