From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:44574)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1QTZ6C-0008C7-Fk
	for qemu-devel@nongnu.org; Mon, 06 Jun 2011 08:40:05 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1QTZ6A-0005Pi-3E
	for qemu-devel@nongnu.org; Mon, 06 Jun 2011 08:40:03 -0400
Received: from mx1.redhat.com ([209.132.183.28]:17105)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1QTZ68-0005Oo-OS
	for qemu-devel@nongnu.org; Mon, 06 Jun 2011 08:40:00 -0400
Received: from int-mx01.intmail.prod.int.phx2.redhat.com
	(int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p56Cdxgt020711
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <qemu-devel@nongnu.org>; Mon, 6 Jun 2011 08:39:59 -0400
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon,  6 Jun 2011 14:39:00 +0200
Message-Id: <1307363962-27223-10-git-send-email-kraxel@redhat.com>
In-Reply-To: <1307363962-27223-1-git-send-email-kraxel@redhat.com>
References: <1307363962-27223-1-git-send-email-kraxel@redhat.com>
Subject: [Qemu-devel] [PATCH 09/31] usb-ehci: fix offset writeback in
	ehci_buffer_rw
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Gerd Hoffmann <kraxel@redhat.com>

Two bugs at once:

First the mask is backwards, so the it used to keeps the offset and
clears the page address, which is not what we need when we update the
offset.

Second the offset calculation is wrong in case head isn't page aligned.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb-ehci.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c
index 5cbb675..cf10dfc 100644
--- a/hw/usb-ehci.c
+++ b/hw/usb-ehci.c
@@ -1066,6 +1066,7 @@ static int ehci_buffer_rw(EHCIQueue *q, int bytes, int rw)
         cpu_physical_memory_rw(head, q->buffer + bufpos, tail - head, rw);
 
         bufpos += (tail - head);
+        offset += (tail - head);
         bytes -= (tail - head);
 
         if (bytes > 0) {
@@ -1078,8 +1079,7 @@ static int ehci_buffer_rw(EHCIQueue *q, int bytes, int rw)
     set_field(&q->qh.token, cpage, QTD_TOKEN_CPAGE);
 
     /* save offset into cpage */
-    offset = tail - head;
-    q->qh.bufptr[0] &= ~QTD_BUFPTR_MASK;
+    q->qh.bufptr[0] &= QTD_BUFPTR_MASK;
     q->qh.bufptr[0] |= offset;
 
     return 0;
-- 
1.7.1