[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [Qemu-arm] [PATCH 14/16] hw/dma/pl080: Correct bug in r
|
From: |
Philippe Mathieu-Daudé |
|
Subject: |
Re: [Qemu-devel] [Qemu-arm] [PATCH 14/16] hw/dma/pl080: Correct bug in register address decode logic |
|
Date: |
Wed, 15 Aug 2018 11:39:34 -0300 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
On 08/09/2018 10:01 AM, Peter Maydell wrote:
> A bug in the handling of the register address decode logic
> for the PL08x meant that we were incorrectly treating
> accesses to the DMA channel registers (DMACCxSrcAddr,
> DMACCxDestaddr, DMACCxLLI, DMACCxControl, DMACCxConfiguration)
> as bad offsets. Fix this long-standing bug.
Since this file's origin (cdbdb648b7c).
>
> Fixes: https://bugs.launchpad.net/qemu/+bug/1637974
> Signed-off-by: Peter Maydell <address@hidden>
> ---
> This has been around for a long time, identified by code
> inspection several years ago in the LP bug. Now I have
> some guest code that actually tries to use the PL08x I
> can test the fix...
> ---
> hw/dma/pl080.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
> index a7aacad74f0..8f92550392b 100644
> --- a/hw/dma/pl080.c
> +++ b/hw/dma/pl080.c
> @@ -229,7 +229,7 @@ static uint64_t pl080_read(void *opaque, hwaddr offset,
> i = (offset & 0xe0) >> 5;
> if (i >= s->nchannels)
> goto bad_offset;
> - switch (offset >> 2) {
> + switch ((offset >> 2) & 7) {
So only the first channel ever worked...
> case 0: /* SrcAddr */
> return s->chan[i].src;
> case 1: /* DestAddr */
> @@ -290,7 +290,7 @@ static void pl080_write(void *opaque, hwaddr offset,
> i = (offset & 0xe0) >> 5;
> if (i >= s->nchannels)
> goto bad_offset;
> - switch (offset >> 2) {
> + switch ((offset >> 2) & 7) {
> case 0: /* SrcAddr */
> s->chan[i].src = value;
> break;
> @@ -308,6 +308,7 @@ static void pl080_write(void *opaque, hwaddr offset,
> pl080_run(s);
> break;
> }
> + return;
> }
> switch (offset >> 2) {
Eventually copy/pasted from here.
> case 2: /* IntTCClear */
>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
- [Qemu-devel] [PATCH 11/16] hw/dma/pl080: Support all three interrupt lines, (continued)
- [Qemu-devel] [PATCH 11/16] hw/dma/pl080: Support all three interrupt lines, Peter Maydell, 2018/08/09
- [Qemu-devel] [PATCH 01/16] hw/watchdog/cmsdk_apb_watchdog: Implement CMSDK APB watchdog module, Peter Maydell, 2018/08/09
- [Qemu-devel] [PATCH 12/16] hw/dma/pl080: Don't use CPU address space for DMA accesses, Peter Maydell, 2018/08/09
- [Qemu-devel] [PATCH 08/16] hw/misc/iotkit-secctl: Wire up registers for controlling MSCs, Peter Maydell, 2018/08/09
- [Qemu-devel] [PATCH 14/16] hw/dma/pl080: Correct bug in register address decode logic, Peter Maydell, 2018/08/09
- Re: [Qemu-devel] [Qemu-arm] [PATCH 14/16] hw/dma/pl080: Correct bug in register address decode logic,
Philippe Mathieu-Daudé <=
- [Qemu-devel] [PATCH 16/16] hw/arm/mps2-tz: Create PL081s and MSCs, Peter Maydell, 2018/08/09
- Re: [Qemu-devel] [Qemu-arm] [PATCH 00/16] arm: Implement MPS2 watchdogs and DMA, Peter Maydell, 2018/08/16