From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=49605 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Q3YOF-00047t-P5
	for qemu-devel@nongnu.org; Sat, 26 Mar 2011 14:39:12 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mail@kevin-wolf.de>) id 1Q3YN9-0007AG-LR
	for qemu-devel@nongnu.org; Sat, 26 Mar 2011 14:38:04 -0400
Received: from mo-p00-ob.rzone.de ([81.169.146.161]:32691)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mail@kevin-wolf.de>) id 1Q3YN9-0007A8-6z
	for qemu-devel@nongnu.org; Sat, 26 Mar 2011 14:38:03 -0400
From: Kevin Wolf <mail@kevin-wolf.de>
Date: Sat, 26 Mar 2011 19:37:56 +0100
Message-Id: <1301164676-27078-1-git-send-email-mail@kevin-wolf.de>
Subject: [Qemu-devel] [PATCH] e1000: Mask out lower bits of RDBAL/TDBAL
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Kevin Wolf <mail@kevin-wolf.de>

Rx and Tx descriptors are 16 byte aligned, so the lower bits are
ignored by real hardware. In fact, they always read back as zero on real
hardware, but probably nobody relies on that.

Signed-off-by: Kevin Wolf <mail@kevin-wolf.de>
---
 hw/e1000.c |   21 ++++++++++++++++++---
 1 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/hw/e1000.c b/hw/e1000.c
index 2a4d5c7..a65fc7a 100644
--- a/hw/e1000.c
+++ b/hw/e1000.c
@@ -517,6 +517,14 @@ txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
     return E1000_ICR_TXDW;
 }
 
+static uint64_t tx_desc_base(E1000State *s)
+{
+    uint64_t bah = s->mac_reg[TDBAH];
+    uint64_t bal = s->mac_reg[TDBAL] & ~0xf;
+
+    return (bah << 32) + bal;
+}
+
 static void
 start_xmit(E1000State *s)
 {
@@ -530,7 +538,7 @@ start_xmit(E1000State *s)
     }
 
     while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
-        base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
+        base = tx_desc_base(s) +
                sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
         cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
 
@@ -651,6 +659,14 @@ static bool e1000_has_rxbufs(E1000State *s, size_t total_size)
     return total_size <= bufs * s->rxbuf_size;
 }
 
+static uint64_t rx_desc_base(E1000State *s)
+{
+    uint64_t bah = s->mac_reg[RDBAH];
+    uint64_t bal = s->mac_reg[RDBAL] & ~0xf;
+
+    return (bah << 32) + bal;
+}
+
 static ssize_t
 e1000_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
 {
@@ -700,8 +716,7 @@ e1000_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
         if (desc_size > s->rxbuf_size) {
             desc_size = s->rxbuf_size;
         }
-        base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
-               sizeof(desc) * s->mac_reg[RDH];
+        base = rx_desc_base(s) + sizeof(desc) * s->mac_reg[RDH];
         cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
         desc.special = vlan_special;
         desc.status |= (vlan_status | E1000_RXD_STAT_DD);
-- 
1.6.0.2