From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48857)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1W8VNZ-0001DQ-Os
	for qemu-devel@nongnu.org; Wed, 29 Jan 2014 08:40:35 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1W8VNT-00011f-Bs
	for qemu-devel@nongnu.org; Wed, 29 Jan 2014 08:40:33 -0500
Received: from mnementh.archaic.org.uk ([2001:8b0:1d0::1]:45244)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1W8VNS-0000zC-TE
	for qemu-devel@nongnu.org; Wed, 29 Jan 2014 08:40:27 -0500
From: Peter Maydell <peter.maydell@linaro.org>
Date: Wed, 29 Jan 2014 13:40:05 +0000
Message-Id: <1391002805-26596-39-git-send-email-peter.maydell@linaro.org>
In-Reply-To: <1391002805-26596-1-git-send-email-peter.maydell@linaro.org>
References: <1391002805-26596-1-git-send-email-peter.maydell@linaro.org>
Subject: [Qemu-devel] [PULL 38/38] arm_gic: Fix GICD_ICPENDR and
	GICD_ISPENDR writes
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <aliguori@amazon.com>
Cc: Blue Swirl <blauwirbel@gmail.com>, qemu-devel@nongnu.org, Aurelien Jarno <aurelien@aurel32.net>

From: Christoffer Dall <christoffer.dall@linaro.org>

Fix two bugs that would allow changing the state of SGIs through the
ICPENDR and ISPENDRs.

Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/intc/arm_gic.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index 98c6ff5..1c4a114 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -428,7 +428,7 @@ static void gic_dist_writeb(void *opaque, hwaddr offset,
         if (irq >= s->num_irq)
             goto bad_reg;
         if (irq < GIC_NR_SGIS) {
-            irq = 0;
+            value = 0;
         }
 
         for (i = 0; i < 8; i++) {
@@ -441,6 +441,10 @@ static void gic_dist_writeb(void *opaque, hwaddr offset,
         irq = (offset - 0x280) * 8 + GIC_BASE_IRQ;
         if (irq >= s->num_irq)
             goto bad_reg;
+        if (irq < GIC_NR_SGIS) {
+            value = 0;
+        }
+
         for (i = 0; i < 8; i++) {
             /* ??? This currently clears the pending bit for all CPUs, even
                for per-CPU interrupts.  It's unclear whether this is the
-- 
1.8.5