[Qemu-devel] [PATCH 14/16] hw/dma/pl080: Correct bug in register address decode logic

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-arm@nongnu.org, qemu-devel@nongnu.org
Cc: patches@linaro.org
Subject: [Qemu-devel] [PATCH 14/16] hw/dma/pl080: Correct bug in register address decode logic
Date: Thu,  9 Aug 2018 14:01:13 +0100	[thread overview]
Message-ID: <20180809130115.28951-15-peter.maydell@linaro.org> (raw)
In-Reply-To: <20180809130115.28951-1-peter.maydell@linaro.org>

A bug in the handling of the register address decode logic
for the PL08x meant that we were incorrectly treating
accesses to the DMA channel registers (DMACCxSrcAddr,
DMACCxDestaddr, DMACCxLLI, DMACCxControl, DMACCxConfiguration)
as bad offsets. Fix this long-standing bug.

Fixes: https://bugs.launchpad.net/qemu/+bug/1637974
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
This has been around for a long time, identified by code
inspection several years ago in the LP bug. Now I have
some guest code that actually tries to use the PL08x I
can test the fix...
---
 hw/dma/pl080.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
index a7aacad74f0..8f92550392b 100644
--- a/hw/dma/pl080.c
+++ b/hw/dma/pl080.c
@@ -229,7 +229,7 @@ static uint64_t pl080_read(void *opaque, hwaddr offset,
         i = (offset & 0xe0) >> 5;
         if (i >= s->nchannels)
             goto bad_offset;
-        switch (offset >> 2) {
+        switch ((offset >> 2) & 7) {
         case 0: /* SrcAddr */
             return s->chan[i].src;
         case 1: /* DestAddr */
@@ -290,7 +290,7 @@ static void pl080_write(void *opaque, hwaddr offset,
         i = (offset & 0xe0) >> 5;
         if (i >= s->nchannels)
             goto bad_offset;
-        switch (offset >> 2) {
+        switch ((offset >> 2) & 7) {
         case 0: /* SrcAddr */
             s->chan[i].src = value;
             break;
@@ -308,6 +308,7 @@ static void pl080_write(void *opaque, hwaddr offset,
             pl080_run(s);
             break;
         }
+        return;
     }
     switch (offset >> 2) {
     case 2: /* IntTCClear */
-- 
2.17.1

next prev parent reply	other threads:[~2018-08-09 13:01 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-09 13:00 [Qemu-devel] [PATCH 00/16] arm: Implement MPS2 watchdogs and DMA Peter Maydell
2018-08-09 13:01 ` [Qemu-devel] [PATCH 01/16] hw/watchdog/cmsdk_apb_watchdog: Implement CMSDK APB watchdog module Peter Maydell
2018-08-18  1:27   ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-08-09 13:01 ` [Qemu-devel] [PATCH 02/16] nvic: Expose NMI line Peter Maydell
2018-08-10  5:05   ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-08-09 13:01 ` [Qemu-devel] [PATCH 03/16] hw/arm/iotkit: Wire up the watchdogs Peter Maydell
2018-08-17 23:47   ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-08-09 13:01 ` [Qemu-devel] [PATCH 04/16] hw/arm/iotkit: Wire up the S32KTIMER Peter Maydell
2018-08-17 23:49   ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-08-09 13:01 ` [Qemu-devel] [PATCH 05/16] hw/misc/iotkit-sysctl: Implement IoTKit system control element Peter Maydell
2018-08-18  0:23   ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-08-18 10:04     ` Peter Maydell
2018-08-18 19:54       ` Philippe Mathieu-Daudé
2018-08-09 13:01 ` [Qemu-devel] [PATCH 06/16] hw/misc/iotkit: Wire up the " Peter Maydell
2018-08-18  0:00   ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-08-18  9:55     ` Peter Maydell
2018-08-18 15:06       ` Philippe Mathieu-Daudé
2018-08-09 13:01 ` [Qemu-devel] [PATCH 07/16] hw/misc/tz-msc: Model TrustZone Master Security Controller Peter Maydell
2018-08-18  1:15   ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-08-09 13:01 ` [Qemu-devel] [PATCH 08/16] hw/misc/iotkit-secctl: Wire up registers for controlling MSCs Peter Maydell
2018-08-18  0:37   ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-08-18 10:05     ` Peter Maydell
2018-08-18 15:42       ` Philippe Mathieu-Daudé
2018-08-09 13:01 ` [Qemu-devel] [PATCH 09/16] hw/arm/iotkit: Wire up the lines for MSCs Peter Maydell
2018-08-18  0:39   ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-08-09 13:01 ` [Qemu-devel] [PATCH 10/16] hw/dma/pl080: Allow use as embedded-struct device Peter Maydell
2018-08-10  5:18   ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-08-10  5:27     ` Philippe Mathieu-Daudé
2018-08-10  9:03       ` Peter Maydell
2018-08-09 13:01 ` [Qemu-devel] [PATCH 11/16] hw/dma/pl080: Support all three interrupt lines Peter Maydell
2018-08-18  0:43   ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-08-09 13:01 ` [Qemu-devel] [PATCH 12/16] hw/dma/pl080: Don't use CPU address space for DMA accesses Peter Maydell
2018-08-10  5:10   ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-08-09 13:01 ` [Qemu-devel] [PATCH 13/16] hw/dma/pl080: Provide device reset function Peter Maydell
2018-08-10  5:11   ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-08-09 13:01 ` Peter Maydell [this message]
2018-08-15 14:39   ` [Qemu-devel] [Qemu-arm] [PATCH 14/16] hw/dma/pl080: Correct bug in register address decode logic Philippe Mathieu-Daudé
2018-08-15 15:31     ` Peter Maydell
2018-08-09 13:01 ` [Qemu-devel] [PATCH 15/16] hw/dma/pl080: Remove hw_error() if DMA is enabled Peter Maydell
2018-08-10  5:12   ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-08-09 13:01 ` [Qemu-devel] [PATCH 16/16] hw/arm/mps2-tz: Create PL081s and MSCs Peter Maydell
2018-08-18  1:09   ` [Qemu-devel] [Qemu-arm] " Philippe Mathieu-Daudé
2018-08-18 10:07     ` Peter Maydell
2018-08-16 18:02 ` [Qemu-devel] [Qemu-arm] [PATCH 00/16] arm: Implement MPS2 watchdogs and DMA Peter Maydell
2018-08-18  1:29   ` Philippe Mathieu-Daudé

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a7aacad74f dfblob:8f92550392 )
 OR (
bs:"[Qemu-devel] [PATCH 14/16] hw/dma/pl080: Correct bug in register address decode logic" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180809130115.28951-15-peter.maydell@linaro.org \
    --to=peter.maydell@linaro.org \
    --cc=patches@linaro.org \
    --cc=qemu-arm@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).