From: Brendan Fennell <bfennell@skynet.ie>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] pl190: fix read of VECTADDR
Date: Sat, 18 Aug 2012 21:00:48 +0100 (IST) [thread overview]
Message-ID: <Pine.LNX.4.64.1208182057020.19967@skynet.skynet.ie> (raw)
In-Reply-To: <CAFEAcA_XdD-38+JX7OSyrvPjtQtJ3w1Oy4A1spaWdyCH54OjwQ@mail.gmail.com>
On Sat, 18 Aug 2012, Peter Maydell wrote:
> On 18 August 2012 11:41, Brendan Fennell <bfennell@skynet.ie> wrote:
>>
>>
>> On Sat, 18 Aug 2012, Peter Maydell wrote:
>>
>>> On 18 August 2012 03:55, Brendan Fennell <bfennell@skynet.ie> wrote:
>>>>
>>>> Signed-off-by: Brendan Fennell <bfennell@skynet.ie>
>>>> ---
>>>> hw/pl190.c | 2 +-
>>>> 1 files changed, 1 insertions(+), 1 deletions(-)
>>>>
>>>> diff --git a/hw/pl190.c b/hw/pl190.c
>>>> index cb50afb..d69d5be 100644
>>>> --- a/hw/pl190.c
>>>> +++ b/hw/pl190.c
>>>> @@ -133,7 +133,7 @@ static uint64_t pl190_read(void *opaque,
>>>> target_phys_addr_t offset,
>>>> s->priority = i;
>>>> pl190_update(s);
>>>> }
>>>> - return s->vect_addr[s->priority];
>>>> + return s->vect_addr[s->priority - 1];
>>>> case 13: /* DEFVECTADDR */
>>>> return s->vect_addr[16];
>>>> default:
>>>
>>>
>>> This doesn't look right -- if s->priority is zero then we'll read off
>>> the beginning of the array.
>>> What's the actual bug you're trying to fix here?
>>
>>
>> The bug is that when, for example, interrupt 4 triggers the VECTADDR of
>> interrupt 5 is returned by pl190_read().
>>
>> Each s->prio_mask entry contains the interrupt mask for all *higher*
>> priority interrupts, see pl190_update_vectors(). This means that
>> s->prio_mask[0] is always zero (as zero is the highest priority),
>> s->priority can never be zero as ((s->level | s->soft_level) &
>> s->prio_mask[0]) is always zero.
>>
>> Therefore after the for loop in pl190_read() i is the index of the
>> current highest priority interrupt + 1.
>
> Yes, looking more closely, you're right (though that's not obvious
> at all...)
>
> But we set s->priority to i, which seems wrong -- s->priority should
> be the priority of the current active interrupt, and that's how we
> treat it in pl190_update() [we assert s->irq if there's a pending
> interrupt that's higher priority than the one we're currently servicing.]
>
> So I think the fix ought to be to change the s->prio_mask[i] in the
> loop to be s->prio_mask[i+1] instead. Then we'll exit the loop with
> i as the current highest priority interrupt, which is what the following
> code expects.
>
> Some sort of explanatory comment in the loop might also assist
> future readers :-)
I agree, that's a better solution - I'll follow up with a new patch.
Brendan.
>
> -- PMM
>
>
prev parent reply other threads:[~2012-08-18 20:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-18 2:55 [Qemu-devel] [PATCH] pl190: fix read of VECTADDR Brendan Fennell
2012-08-18 10:00 ` Peter Maydell
2012-08-18 10:41 ` Brendan Fennell
2012-08-18 12:20 ` Peter Maydell
2012-08-18 20:00 ` Brendan Fennell [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.64.1208182057020.19967@skynet.skynet.ie \
--to=bfennell@skynet.ie \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).