From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:47699)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <julien.grall@citrix.com>) id 1TlOVA-0003S5-9r
	for qemu-devel@nongnu.org; Wed, 19 Dec 2012 13:36:23 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <julien.grall@citrix.com>) id 1TlOV6-0007GA-Be
	for qemu-devel@nongnu.org; Wed, 19 Dec 2012 13:36:19 -0500
Received: from smtp02.citrix.com ([66.165.176.63]:9806)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <julien.grall@citrix.com>) id 1TlOV6-0007Ee-5b
	for qemu-devel@nongnu.org; Wed, 19 Dec 2012 13:36:16 -0500
From: Julien Grall <julien.grall@citrix.com>
Date: Wed, 19 Dec 2012 12:09:21 +0000
Message-ID: <1355918961-3817-1-git-send-email-julien.grall@citrix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Subject: [Qemu-devel] =?utf-8?q?=5BBug_108996_V2=5D_hw/dma=2Ec=3A_Fix_conv?=
	=?utf-8?q?erting_of_ioport=5Fregister*_to_MemoryRegion?=
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: kwolf@redhat.com, gson@gson.org, 1089996@bugs.launchpad.net, mtosatti@redhat.com, armbru@redhat.com, Julien Grall <julien.grall@citrix.com>, hpoussin@reactos.org, stefanha@redhat.com, afaerber@suse.de

The commit 582299336879504353e60c7937fbc70fea93f3da introduced a 1-shift for
some offset in dma emulation.

Before the previous commit, which converted ioport_register_* to MemoryRegion,
the DMA controller registered 8 ioports with the following formula:
base + ((8 + i) << d->shift) where 0 <= i < 8
When an IO occured within a Memory Region, DMA callback receives an offset
relative to the started address. Here the started address is:
base + (8 << d->shift).
The offset should be: (i << d->shift). After the shift is reverted, the offset
are 0..7 not 1..8.

Cc: 1089996@bugs.launchpad.net
Reviewed-by: Andreas Färber <afaerber@suse.de>
Reported-by: Andreas Gustafsson <gson@gson.org>
Signed-off-by: Julien Grall <julien.grall@citrix.com>
---

 Modification between V1 and V2:
   * Modify the commit message to explain the problem.

 hw/dma.c |   22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/hw/dma.c b/hw/dma.c
index c2d7b21..1b1d406 100644
--- a/hw/dma.c
+++ b/hw/dma.c
@@ -200,7 +200,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
 
     iport = (nport >> d->dshift) & 0x0f;
     switch (iport) {
-    case 0x01:                  /* command */
+    case 0x00:                  /* command */
         if ((data != 0) && (data & CMD_NOT_SUPPORTED)) {
             dolog("command %"PRIx64" not supported\n", data);
             return;
@@ -208,7 +208,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
         d->command = data;
         break;
 
-    case 0x02:
+    case 0x01:
         ichan = data & 3;
         if (data & 4) {
             d->status |= 1 << (ichan + 4);
@@ -220,7 +220,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
         DMA_run();
         break;
 
-    case 0x03:                  /* single mask */
+    case 0x02:                  /* single mask */
         if (data & 4)
             d->mask |= 1 << (data & 3);
         else
@@ -228,7 +228,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
         DMA_run();
         break;
 
-    case 0x04:                  /* mode */
+    case 0x03:                  /* mode */
         {
             ichan = data & 3;
 #ifdef DEBUG_DMA
@@ -247,23 +247,23 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
             break;
         }
 
-    case 0x05:                  /* clear flip flop */
+    case 0x04:                  /* clear flip flop */
         d->flip_flop = 0;
         break;
 
-    case 0x06:                  /* reset */
+    case 0x05:                  /* reset */
         d->flip_flop = 0;
         d->mask = ~0;
         d->status = 0;
         d->command = 0;
         break;
 
-    case 0x07:                  /* clear mask for all channels */
+    case 0x06:                  /* clear mask for all channels */
         d->mask = 0;
         DMA_run();
         break;
 
-    case 0x08:                  /* write mask for all channels */
+    case 0x07:                  /* write mask for all channels */
         d->mask = data;
         DMA_run();
         break;
@@ -288,11 +288,11 @@ static uint64_t read_cont(void *opaque, hwaddr nport, unsigned size)
 
     iport = (nport >> d->dshift) & 0x0f;
     switch (iport) {
-    case 0x08:                  /* status */
+    case 0x00:                  /* status */
         val = d->status;
         d->status &= 0xf0;
         break;
-    case 0x0f:                  /* mask */
+    case 0x01:                  /* mask */
         val = d->mask;
         break;
     default:
@@ -467,7 +467,7 @@ void DMA_schedule(int nchan)
 static void dma_reset(void *opaque)
 {
     struct dma_cont *d = opaque;
-    write_cont(d, (0x06 << d->dshift), 0, 1);
+    write_cont(d, (0x05 << d->dshift), 0, 1);
 }
 
 static int dma_phony_handler (void *opaque, int nchan, int dma_pos, int dma_len)
-- 
Julien Grall