* [Qemu-devel] [[Bug 108996]] hw/dma.c: Fix conversion ioport_register* to MemoryRegion
@ 2012-12-14 9:52 Julien Grall
2012-12-14 17:30 ` Andreas Färber
0 siblings, 1 reply; 3+ messages in thread
From: Julien Grall @ 2012-12-14 9:52 UTC (permalink / raw)
To: qemu-devel; +Cc: Julien Grall, 1089996, avi, afaerber, gson
The commit 582299336879504353e60c7937fbc70fea93f3da introduced a bug in
dma emulation due to a bad conversion between ioport_register* and MemoryRegion.
Cc: 1089996@bugs.launchpad.net
Reported-by: Andreas Gustafsson <gson@gson.org>
Signed-off-by: Julien Grall <julien.grall@citrix.com>
---
hw/dma.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/hw/dma.c b/hw/dma.c
index c2d7b21..1b1d406 100644
--- a/hw/dma.c
+++ b/hw/dma.c
@@ -200,7 +200,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
iport = (nport >> d->dshift) & 0x0f;
switch (iport) {
- case 0x01: /* command */
+ case 0x00: /* command */
if ((data != 0) && (data & CMD_NOT_SUPPORTED)) {
dolog("command %"PRIx64" not supported\n", data);
return;
@@ -208,7 +208,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
d->command = data;
break;
- case 0x02:
+ case 0x01:
ichan = data & 3;
if (data & 4) {
d->status |= 1 << (ichan + 4);
@@ -220,7 +220,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
DMA_run();
break;
- case 0x03: /* single mask */
+ case 0x02: /* single mask */
if (data & 4)
d->mask |= 1 << (data & 3);
else
@@ -228,7 +228,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
DMA_run();
break;
- case 0x04: /* mode */
+ case 0x03: /* mode */
{
ichan = data & 3;
#ifdef DEBUG_DMA
@@ -247,23 +247,23 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
break;
}
- case 0x05: /* clear flip flop */
+ case 0x04: /* clear flip flop */
d->flip_flop = 0;
break;
- case 0x06: /* reset */
+ case 0x05: /* reset */
d->flip_flop = 0;
d->mask = ~0;
d->status = 0;
d->command = 0;
break;
- case 0x07: /* clear mask for all channels */
+ case 0x06: /* clear mask for all channels */
d->mask = 0;
DMA_run();
break;
- case 0x08: /* write mask for all channels */
+ case 0x07: /* write mask for all channels */
d->mask = data;
DMA_run();
break;
@@ -288,11 +288,11 @@ static uint64_t read_cont(void *opaque, hwaddr nport, unsigned size)
iport = (nport >> d->dshift) & 0x0f;
switch (iport) {
- case 0x08: /* status */
+ case 0x00: /* status */
val = d->status;
d->status &= 0xf0;
break;
- case 0x0f: /* mask */
+ case 0x01: /* mask */
val = d->mask;
break;
default:
@@ -467,7 +467,7 @@ void DMA_schedule(int nchan)
static void dma_reset(void *opaque)
{
struct dma_cont *d = opaque;
- write_cont(d, (0x06 << d->dshift), 0, 1);
+ write_cont(d, (0x05 << d->dshift), 0, 1);
}
static int dma_phony_handler (void *opaque, int nchan, int dma_pos, int dma_len)
--
Julien Grall
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [[Bug 108996]] hw/dma.c: Fix conversion ioport_register* to MemoryRegion
2012-12-14 9:52 [Qemu-devel] [[Bug 108996]] hw/dma.c: Fix conversion ioport_register* to MemoryRegion Julien Grall
@ 2012-12-14 17:30 ` Andreas Färber
2012-12-15 21:31 ` Julien Grall
0 siblings, 1 reply; 3+ messages in thread
From: Andreas Färber @ 2012-12-14 17:30 UTC (permalink / raw)
To: Julien Grall
Cc: Kevin Wolf, gson, 1089996, Markus Armbruster, qemu-devel,
Hervé Poussineau, avi, Stefan Hajnoczi
Am 14.12.2012 10:52, schrieb Julien Grall:
> The commit 582299336879504353e60c7937fbc70fea93f3da introduced a bug in
> dma emulation due to a bad conversion between ioport_register* and MemoryRegion.
>
> Cc: 1089996@bugs.launchpad.net
> Reported-by: Andreas Gustafsson <gson@gson.org>
> Signed-off-by: Julien Grall <julien.grall@citrix.com>
I had trouble following here, having handled the offending patch myself:
"Fix", "a bug" and "a bad conversion" is not really telling me what went
wrong and how the numbers are calculated correctly. Please suggest an
additional explanatory paragraph for the commit message (as a reply).
Formally the patch looks fine (modulo missing "of" or
s/conversion/converting/g in $subject).
>From what I gather, the cont region starts at base + 8 << dshift. Why is
the size in memory_region_init_io() 8 << d->dshift and not just 8 when
it previously looped over 0..7? Same question for the channel region.
Could be fixed as follow-up. More comments inline:
> ---
> hw/dma.c | 22 +++++++++++-----------
> 1 file changed, 11 insertions(+), 11 deletions(-)
>
> diff --git a/hw/dma.c b/hw/dma.c
> index c2d7b21..1b1d406 100644
> --- a/hw/dma.c
> +++ b/hw/dma.c
> @@ -200,7 +200,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>
> iport = (nport >> d->dshift) & 0x0f;
> switch (iport) {
> - case 0x01: /* command */
> + case 0x00: /* command */
Since the shift is "reverted" above, we effectively have an 0x8 ->
0x8+0x1 -> 0x8+0x0 change, which looks correct.
This delta seems consistent for the other case changes ...
> if ((data != 0) && (data & CMD_NOT_SUPPORTED)) {
> dolog("command %"PRIx64" not supported\n", data);
> return;
> @@ -208,7 +208,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
> d->command = data;
> break;
>
> - case 0x02:
> + case 0x01:
> ichan = data & 3;
> if (data & 4) {
> d->status |= 1 << (ichan + 4);
> @@ -220,7 +220,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
> DMA_run();
> break;
>
> - case 0x03: /* single mask */
> + case 0x02: /* single mask */
> if (data & 4)
> d->mask |= 1 << (data & 3);
> else
> @@ -228,7 +228,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
> DMA_run();
> break;
>
> - case 0x04: /* mode */
> + case 0x03: /* mode */
> {
> ichan = data & 3;
> #ifdef DEBUG_DMA
> @@ -247,23 +247,23 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
> break;
> }
>
> - case 0x05: /* clear flip flop */
> + case 0x04: /* clear flip flop */
> d->flip_flop = 0;
> break;
>
> - case 0x06: /* reset */
> + case 0x05: /* reset */
> d->flip_flop = 0;
> d->mask = ~0;
> d->status = 0;
> d->command = 0;
> break;
>
> - case 0x07: /* clear mask for all channels */
> + case 0x06: /* clear mask for all channels */
> d->mask = 0;
> DMA_run();
> break;
>
> - case 0x08: /* write mask for all channels */
> + case 0x07: /* write mask for all channels */
> d->mask = data;
> DMA_run();
> break;
> @@ -288,11 +288,11 @@ static uint64_t read_cont(void *opaque, hwaddr nport, unsigned size)
>
> iport = (nport >> d->dshift) & 0x0f;
> switch (iport) {
> - case 0x08: /* status */
> + case 0x00: /* status */
> val = d->status;
> d->status &= 0xf0;
> break;
> - case 0x0f: /* mask */
> + case 0x01: /* mask */
> val = d->mask;
> break;
> default:
> @@ -467,7 +467,7 @@ void DMA_schedule(int nchan)
> static void dma_reset(void *opaque)
> {
> struct dma_cont *d = opaque;
> - write_cont(d, (0x06 << d->dshift), 0, 1);
> + write_cont(d, (0x05 << d->dshift), 0, 1);
... and for the (weird :)) reuse of the write_cont() callback function
from within the reset function.
> }
>
> static int dma_phony_handler (void *opaque, int nchan, int dma_pos, int dma_len)
Reviewed-by: Andreas Färber <afaerber@suse.de>
make check runs an fdc-test that passed okay. Can one of you add a test
case to avoid another regression here?
Regards,
Andreas
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [[Bug 108996]] hw/dma.c: Fix conversion ioport_register* to MemoryRegion
2012-12-14 17:30 ` Andreas Färber
@ 2012-12-15 21:31 ` Julien Grall
0 siblings, 0 replies; 3+ messages in thread
From: Julien Grall @ 2012-12-15 21:31 UTC (permalink / raw)
To: Andreas Färber
Cc: Kevin Wolf, gson, 1089996, Marcelo Tosatti, qemu-devel@nongnu.org,
Markus Armbruster, Julien Grall, Hervé Poussineau,
Stefan Hajnoczi
On Fri, Dec 14, 2012 at 5:30 PM, Andreas Färber <afaerber@suse.de> wrote:
> Am 14.12.2012 10:52, schrieb Julien Grall:
>> The commit 582299336879504353e60c7937fbc70fea93f3da introduced a bug in
>> dma emulation due to a bad conversion between ioport_register* and MemoryRegion.
>>
>> Cc: 1089996@bugs.launchpad.net
>> Reported-by: Andreas Gustafsson <gson@gson.org>
>> Signed-off-by: Julien Grall <julien.grall@citrix.com>
>
> I had trouble following here, having handled the offending patch myself:
> "Fix", "a bug" and "a bad conversion" is not really telling me what went
> wrong and how the numbers are calculated correctly. Please suggest an
> additional explanatory paragraph for the commit message (as a reply).
> Formally the patch looks fine (modulo missing "of" or
> s/conversion/converting/g in $subject).
>
> From what I gather, the cont region starts at base + 8 << dshift. Why is
> the size in memory_region_init_io() 8 << d->dshift and not just 8 when
> it previously looped over 0..7? Same question for the channel region.
> Could be fixed as follow-up. More comments inline:
I'm not very familiar with ISA DMA stuff. I only discussed with Avi on
the previous
version and read some documentation.
Before my previous patch, which converted ioport_register_* to MemoryRegion,
we registered 8 ioports with the following formula: base + ((8 + i) <<
d->shift).
If dshift = 1 (for instance the secondary dma controller) the ioports are:
base + 16, base + 18, ...
For the secondary dma controller we need to register a 16 ioports region. This
why dma_init2 will register a region of (8 << d->shift) ioports.
It's the same for the channel region.
>> ---
>> hw/dma.c | 22 +++++++++++-----------
>> 1 file changed, 11 insertions(+), 11 deletions(-)
>>
>> diff --git a/hw/dma.c b/hw/dma.c
>> index c2d7b21..1b1d406 100644
>> --- a/hw/dma.c
>> +++ b/hw/dma.c
>> @@ -200,7 +200,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>>
>> iport = (nport >> d->dshift) & 0x0f;
>> switch (iport) {
>> - case 0x01: /* command */
>> + case 0x00: /* command */
>
> Since the shift is "reverted" above, we effectively have an 0x8 ->
> 0x8+0x1 -> 0x8+0x0 change, which looks correct.
>
> This delta seems consistent for the other case changes ...
>
>> if ((data != 0) && (data & CMD_NOT_SUPPORTED)) {
>> dolog("command %"PRIx64" not supported\n", data);
>> return;
>> @@ -208,7 +208,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>> d->command = data;
>> break;
>>
>> - case 0x02:
>> + case 0x01:
>> ichan = data & 3;
>> if (data & 4) {
>> d->status |= 1 << (ichan + 4);
>> @@ -220,7 +220,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>> DMA_run();
>> break;
>>
>> - case 0x03: /* single mask */
>> + case 0x02: /* single mask */
>> if (data & 4)
>> d->mask |= 1 << (data & 3);
>> else
>> @@ -228,7 +228,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>> DMA_run();
>> break;
>>
>> - case 0x04: /* mode */
>> + case 0x03: /* mode */
>> {
>> ichan = data & 3;
>> #ifdef DEBUG_DMA
>> @@ -247,23 +247,23 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>> break;
>> }
>>
>> - case 0x05: /* clear flip flop */
>> + case 0x04: /* clear flip flop */
>> d->flip_flop = 0;
>> break;
>>
>> - case 0x06: /* reset */
>> + case 0x05: /* reset */
>> d->flip_flop = 0;
>> d->mask = ~0;
>> d->status = 0;
>> d->command = 0;
>> break;
>>
>> - case 0x07: /* clear mask for all channels */
>> + case 0x06: /* clear mask for all channels */
>> d->mask = 0;
>> DMA_run();
>> break;
>>
>> - case 0x08: /* write mask for all channels */
>> + case 0x07: /* write mask for all channels */
>> d->mask = data;
>> DMA_run();
>> break;
>> @@ -288,11 +288,11 @@ static uint64_t read_cont(void *opaque, hwaddr nport, unsigned size)
>>
>> iport = (nport >> d->dshift) & 0x0f;
>> switch (iport) {
>> - case 0x08: /* status */
>> + case 0x00: /* status */
>> val = d->status;
>> d->status &= 0xf0;
>> break;
>> - case 0x0f: /* mask */
>> + case 0x01: /* mask */
>> val = d->mask;
>> break;
>> default:
>> @@ -467,7 +467,7 @@ void DMA_schedule(int nchan)
>> static void dma_reset(void *opaque)
>> {
>> struct dma_cont *d = opaque;
>> - write_cont(d, (0x06 << d->dshift), 0, 1);
>> + write_cont(d, (0x05 << d->dshift), 0, 1);
>
> ... and for the (weird :)) reuse of the write_cont() callback function
> from within the reset function.
It was already used on old dma source code. I think it's to only reset
the dma controller. I can send a patch to inline the reset.
>> }
>>
>> static int dma_phony_handler (void *opaque, int nchan, int dma_pos, int dma_len)
>
> Reviewed-by: Andreas Färber <afaerber@suse.de>
Thanks,
--
Grall Julien
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-12-15 21:32 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-12-14 9:52 [Qemu-devel] [[Bug 108996]] hw/dma.c: Fix conversion ioport_register* to MemoryRegion Julien Grall
2012-12-14 17:30 ` Andreas Färber
2012-12-15 21:31 ` Julien Grall
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).