* [Qemu-devel] [[Bug 108996]] hw/dma.c: Fix conversion ioport_register* to MemoryRegion @ 2012-12-14 9:52 Julien Grall 2012-12-14 17:30 ` Andreas Färber 0 siblings, 1 reply; 3+ messages in thread From: Julien Grall @ 2012-12-14 9:52 UTC (permalink / raw) To: qemu-devel; +Cc: Julien Grall, 1089996, avi, afaerber, gson The commit 582299336879504353e60c7937fbc70fea93f3da introduced a bug in dma emulation due to a bad conversion between ioport_register* and MemoryRegion. Cc: 1089996@bugs.launchpad.net Reported-by: Andreas Gustafsson <gson@gson.org> Signed-off-by: Julien Grall <julien.grall@citrix.com> --- hw/dma.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/hw/dma.c b/hw/dma.c index c2d7b21..1b1d406 100644 --- a/hw/dma.c +++ b/hw/dma.c @@ -200,7 +200,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data, iport = (nport >> d->dshift) & 0x0f; switch (iport) { - case 0x01: /* command */ + case 0x00: /* command */ if ((data != 0) && (data & CMD_NOT_SUPPORTED)) { dolog("command %"PRIx64" not supported\n", data); return; @@ -208,7 +208,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data, d->command = data; break; - case 0x02: + case 0x01: ichan = data & 3; if (data & 4) { d->status |= 1 << (ichan + 4); @@ -220,7 +220,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data, DMA_run(); break; - case 0x03: /* single mask */ + case 0x02: /* single mask */ if (data & 4) d->mask |= 1 << (data & 3); else @@ -228,7 +228,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data, DMA_run(); break; - case 0x04: /* mode */ + case 0x03: /* mode */ { ichan = data & 3; #ifdef DEBUG_DMA @@ -247,23 +247,23 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data, break; } - case 0x05: /* clear flip flop */ + case 0x04: /* clear flip flop */ d->flip_flop = 0; break; - case 0x06: /* reset */ + case 0x05: /* reset */ d->flip_flop = 0; d->mask = ~0; d->status = 0; d->command = 0; break; - case 0x07: /* clear mask for all channels */ + case 0x06: /* clear mask for all channels */ d->mask = 0; DMA_run(); break; - case 0x08: /* write mask for all channels */ + case 0x07: /* write mask for all channels */ d->mask = data; DMA_run(); break; @@ -288,11 +288,11 @@ static uint64_t read_cont(void *opaque, hwaddr nport, unsigned size) iport = (nport >> d->dshift) & 0x0f; switch (iport) { - case 0x08: /* status */ + case 0x00: /* status */ val = d->status; d->status &= 0xf0; break; - case 0x0f: /* mask */ + case 0x01: /* mask */ val = d->mask; break; default: @@ -467,7 +467,7 @@ void DMA_schedule(int nchan) static void dma_reset(void *opaque) { struct dma_cont *d = opaque; - write_cont(d, (0x06 << d->dshift), 0, 1); + write_cont(d, (0x05 << d->dshift), 0, 1); } static int dma_phony_handler (void *opaque, int nchan, int dma_pos, int dma_len) -- Julien Grall ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [[Bug 108996]] hw/dma.c: Fix conversion ioport_register* to MemoryRegion 2012-12-14 9:52 [Qemu-devel] [[Bug 108996]] hw/dma.c: Fix conversion ioport_register* to MemoryRegion Julien Grall @ 2012-12-14 17:30 ` Andreas Färber 2012-12-15 21:31 ` Julien Grall 0 siblings, 1 reply; 3+ messages in thread From: Andreas Färber @ 2012-12-14 17:30 UTC (permalink / raw) To: Julien Grall Cc: Kevin Wolf, gson, 1089996, Markus Armbruster, qemu-devel, Hervé Poussineau, avi, Stefan Hajnoczi Am 14.12.2012 10:52, schrieb Julien Grall: > The commit 582299336879504353e60c7937fbc70fea93f3da introduced a bug in > dma emulation due to a bad conversion between ioport_register* and MemoryRegion. > > Cc: 1089996@bugs.launchpad.net > Reported-by: Andreas Gustafsson <gson@gson.org> > Signed-off-by: Julien Grall <julien.grall@citrix.com> I had trouble following here, having handled the offending patch myself: "Fix", "a bug" and "a bad conversion" is not really telling me what went wrong and how the numbers are calculated correctly. Please suggest an additional explanatory paragraph for the commit message (as a reply). Formally the patch looks fine (modulo missing "of" or s/conversion/converting/g in $subject). >From what I gather, the cont region starts at base + 8 << dshift. Why is the size in memory_region_init_io() 8 << d->dshift and not just 8 when it previously looped over 0..7? Same question for the channel region. Could be fixed as follow-up. More comments inline: > --- > hw/dma.c | 22 +++++++++++----------- > 1 file changed, 11 insertions(+), 11 deletions(-) > > diff --git a/hw/dma.c b/hw/dma.c > index c2d7b21..1b1d406 100644 > --- a/hw/dma.c > +++ b/hw/dma.c > @@ -200,7 +200,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data, > > iport = (nport >> d->dshift) & 0x0f; > switch (iport) { > - case 0x01: /* command */ > + case 0x00: /* command */ Since the shift is "reverted" above, we effectively have an 0x8 -> 0x8+0x1 -> 0x8+0x0 change, which looks correct. This delta seems consistent for the other case changes ... > if ((data != 0) && (data & CMD_NOT_SUPPORTED)) { > dolog("command %"PRIx64" not supported\n", data); > return; > @@ -208,7 +208,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data, > d->command = data; > break; > > - case 0x02: > + case 0x01: > ichan = data & 3; > if (data & 4) { > d->status |= 1 << (ichan + 4); > @@ -220,7 +220,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data, > DMA_run(); > break; > > - case 0x03: /* single mask */ > + case 0x02: /* single mask */ > if (data & 4) > d->mask |= 1 << (data & 3); > else > @@ -228,7 +228,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data, > DMA_run(); > break; > > - case 0x04: /* mode */ > + case 0x03: /* mode */ > { > ichan = data & 3; > #ifdef DEBUG_DMA > @@ -247,23 +247,23 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data, > break; > } > > - case 0x05: /* clear flip flop */ > + case 0x04: /* clear flip flop */ > d->flip_flop = 0; > break; > > - case 0x06: /* reset */ > + case 0x05: /* reset */ > d->flip_flop = 0; > d->mask = ~0; > d->status = 0; > d->command = 0; > break; > > - case 0x07: /* clear mask for all channels */ > + case 0x06: /* clear mask for all channels */ > d->mask = 0; > DMA_run(); > break; > > - case 0x08: /* write mask for all channels */ > + case 0x07: /* write mask for all channels */ > d->mask = data; > DMA_run(); > break; > @@ -288,11 +288,11 @@ static uint64_t read_cont(void *opaque, hwaddr nport, unsigned size) > > iport = (nport >> d->dshift) & 0x0f; > switch (iport) { > - case 0x08: /* status */ > + case 0x00: /* status */ > val = d->status; > d->status &= 0xf0; > break; > - case 0x0f: /* mask */ > + case 0x01: /* mask */ > val = d->mask; > break; > default: > @@ -467,7 +467,7 @@ void DMA_schedule(int nchan) > static void dma_reset(void *opaque) > { > struct dma_cont *d = opaque; > - write_cont(d, (0x06 << d->dshift), 0, 1); > + write_cont(d, (0x05 << d->dshift), 0, 1); ... and for the (weird :)) reuse of the write_cont() callback function from within the reset function. > } > > static int dma_phony_handler (void *opaque, int nchan, int dma_pos, int dma_len) Reviewed-by: Andreas Färber <afaerber@suse.de> make check runs an fdc-test that passed okay. Can one of you add a test case to avoid another regression here? Regards, Andreas -- SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] [[Bug 108996]] hw/dma.c: Fix conversion ioport_register* to MemoryRegion 2012-12-14 17:30 ` Andreas Färber @ 2012-12-15 21:31 ` Julien Grall 0 siblings, 0 replies; 3+ messages in thread From: Julien Grall @ 2012-12-15 21:31 UTC (permalink / raw) To: Andreas Färber Cc: Kevin Wolf, gson, 1089996, Marcelo Tosatti, qemu-devel@nongnu.org, Markus Armbruster, Julien Grall, Hervé Poussineau, Stefan Hajnoczi On Fri, Dec 14, 2012 at 5:30 PM, Andreas Färber <afaerber@suse.de> wrote: > Am 14.12.2012 10:52, schrieb Julien Grall: >> The commit 582299336879504353e60c7937fbc70fea93f3da introduced a bug in >> dma emulation due to a bad conversion between ioport_register* and MemoryRegion. >> >> Cc: 1089996@bugs.launchpad.net >> Reported-by: Andreas Gustafsson <gson@gson.org> >> Signed-off-by: Julien Grall <julien.grall@citrix.com> > > I had trouble following here, having handled the offending patch myself: > "Fix", "a bug" and "a bad conversion" is not really telling me what went > wrong and how the numbers are calculated correctly. Please suggest an > additional explanatory paragraph for the commit message (as a reply). > Formally the patch looks fine (modulo missing "of" or > s/conversion/converting/g in $subject). > > From what I gather, the cont region starts at base + 8 << dshift. Why is > the size in memory_region_init_io() 8 << d->dshift and not just 8 when > it previously looped over 0..7? Same question for the channel region. > Could be fixed as follow-up. More comments inline: I'm not very familiar with ISA DMA stuff. I only discussed with Avi on the previous version and read some documentation. Before my previous patch, which converted ioport_register_* to MemoryRegion, we registered 8 ioports with the following formula: base + ((8 + i) << d->shift). If dshift = 1 (for instance the secondary dma controller) the ioports are: base + 16, base + 18, ... For the secondary dma controller we need to register a 16 ioports region. This why dma_init2 will register a region of (8 << d->shift) ioports. It's the same for the channel region. >> --- >> hw/dma.c | 22 +++++++++++----------- >> 1 file changed, 11 insertions(+), 11 deletions(-) >> >> diff --git a/hw/dma.c b/hw/dma.c >> index c2d7b21..1b1d406 100644 >> --- a/hw/dma.c >> +++ b/hw/dma.c >> @@ -200,7 +200,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data, >> >> iport = (nport >> d->dshift) & 0x0f; >> switch (iport) { >> - case 0x01: /* command */ >> + case 0x00: /* command */ > > Since the shift is "reverted" above, we effectively have an 0x8 -> > 0x8+0x1 -> 0x8+0x0 change, which looks correct. > > This delta seems consistent for the other case changes ... > >> if ((data != 0) && (data & CMD_NOT_SUPPORTED)) { >> dolog("command %"PRIx64" not supported\n", data); >> return; >> @@ -208,7 +208,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data, >> d->command = data; >> break; >> >> - case 0x02: >> + case 0x01: >> ichan = data & 3; >> if (data & 4) { >> d->status |= 1 << (ichan + 4); >> @@ -220,7 +220,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data, >> DMA_run(); >> break; >> >> - case 0x03: /* single mask */ >> + case 0x02: /* single mask */ >> if (data & 4) >> d->mask |= 1 << (data & 3); >> else >> @@ -228,7 +228,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data, >> DMA_run(); >> break; >> >> - case 0x04: /* mode */ >> + case 0x03: /* mode */ >> { >> ichan = data & 3; >> #ifdef DEBUG_DMA >> @@ -247,23 +247,23 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data, >> break; >> } >> >> - case 0x05: /* clear flip flop */ >> + case 0x04: /* clear flip flop */ >> d->flip_flop = 0; >> break; >> >> - case 0x06: /* reset */ >> + case 0x05: /* reset */ >> d->flip_flop = 0; >> d->mask = ~0; >> d->status = 0; >> d->command = 0; >> break; >> >> - case 0x07: /* clear mask for all channels */ >> + case 0x06: /* clear mask for all channels */ >> d->mask = 0; >> DMA_run(); >> break; >> >> - case 0x08: /* write mask for all channels */ >> + case 0x07: /* write mask for all channels */ >> d->mask = data; >> DMA_run(); >> break; >> @@ -288,11 +288,11 @@ static uint64_t read_cont(void *opaque, hwaddr nport, unsigned size) >> >> iport = (nport >> d->dshift) & 0x0f; >> switch (iport) { >> - case 0x08: /* status */ >> + case 0x00: /* status */ >> val = d->status; >> d->status &= 0xf0; >> break; >> - case 0x0f: /* mask */ >> + case 0x01: /* mask */ >> val = d->mask; >> break; >> default: >> @@ -467,7 +467,7 @@ void DMA_schedule(int nchan) >> static void dma_reset(void *opaque) >> { >> struct dma_cont *d = opaque; >> - write_cont(d, (0x06 << d->dshift), 0, 1); >> + write_cont(d, (0x05 << d->dshift), 0, 1); > > ... and for the (weird :)) reuse of the write_cont() callback function > from within the reset function. It was already used on old dma source code. I think it's to only reset the dma controller. I can send a patch to inline the reset. >> } >> >> static int dma_phony_handler (void *opaque, int nchan, int dma_pos, int dma_len) > > Reviewed-by: Andreas Färber <afaerber@suse.de> Thanks, -- Grall Julien ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-12-15 21:32 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2012-12-14 9:52 [Qemu-devel] [[Bug 108996]] hw/dma.c: Fix conversion ioport_register* to MemoryRegion Julien Grall 2012-12-14 17:30 ` Andreas Färber 2012-12-15 21:31 ` Julien Grall
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).