From patchwork Thu Aug 9 13:01:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 143855 Delivered-To: patches@linaro.org Received: by 2002:a2e:9754:0:0:0:0:0 with SMTP id f20-v6csp2066029ljj; Thu, 9 Aug 2018 06:01:33 -0700 (PDT) X-Google-Smtp-Source: AA+uWPyOnFL4kq3VL4xFpUP5HHHL3sE2m20YZihCGQ/SppCKNmZ7TiG6CMzp/3y8fnVdkaVz9ir5 X-Received: by 2002:a1c:be13:: with SMTP id o19-v6mr1480624wmf.1.1533819693435; Thu, 09 Aug 2018 06:01:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533819693; cv=none; d=google.com; s=arc-20160816; b=luyqd9C6zB/q0XJPlZ0Fpc4RGlghRrwqx5QWmhiHB5+Z42Ls7PxMk+AgDbLaUv55Ts eBNwta5RPtrb2kEecZI0N2X9QEsbO3kV8JuQVj4G2kR+CneUxoCevCQnVevjabH0VQJM HHLH5dYtXELcGh8Cu1zzGRcDJ5c367FlBJ9esUAWVrjz/QFodl5oHW+KArC+snAQoFB/ hJIaOHd8haFRgM9bjcQzEMPVfzZTNSs3cd4dFNAKJf7QzNMlIHNz7lnbnqLk1v3JrwFA xMRQoWEcl6cXM7WWr1cjKQgp0wokkWWKuQJlO9cXAWpaok2hsBYL6UDu6Q4jXkDLG0qA PlxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=o2lsAfQxR1xak9QI3ZMA5/nQDsh+ke/ih0MwMFezpFA=; b=Ai8Rxo3C+lDI2B768vNi/34IBu23EZmqPZraAIVcjcahhsc/RozgBjrJRzwDwoMhmE VhN8qtxslBA2/bwKRhwU5BqBrocxg8qB8EPNy1MIpgjwXCGAGn+piJz0YyxOW2aeftpq JWJrtLMlWszwSMI7YqQQ5RU0FL7irexf4C6sJ3M++8ToJwOC/eDkX+yMegJ/zpVQNvtG 6KPEo877u2MIcWDKpeGlaq5loz3buw1V3lifM00Q8WbQdYFBukGSdZlcZ3vD6CiA1HAp ZWrx+AkwC+gNEv3VANyC1PgCjz4eOBvjRlxcyxOqs7FASQg3UAFSSiL7J+49GbgXVzUl u7uw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id q21-v6si5829638wra.110.2018.08.09.06.01.33 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 09 Aug 2018 06:01:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.89) (envelope-from ) id 1fnkZI-0003Le-W1; Thu, 09 Aug 2018 14:01:32 +0100 From: Peter Maydell To: qemu-arm@nongnu.org, qemu-devel@nongnu.org Cc: patches@linaro.org Subject: [PATCH 14/16] hw/dma/pl080: Correct bug in register address decode logic Date: Thu, 9 Aug 2018 14:01:13 +0100 Message-Id: <20180809130115.28951-15-peter.maydell@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180809130115.28951-1-peter.maydell@linaro.org> References: <20180809130115.28951-1-peter.maydell@linaro.org> A bug in the handling of the register address decode logic for the PL08x meant that we were incorrectly treating accesses to the DMA channel registers (DMACCxSrcAddr, DMACCxDestaddr, DMACCxLLI, DMACCxControl, DMACCxConfiguration) as bad offsets. Fix this long-standing bug. Fixes: https://bugs.launchpad.net/qemu/+bug/1637974 Signed-off-by: Peter Maydell --- This has been around for a long time, identified by code inspection several years ago in the LP bug. Now I have some guest code that actually tries to use the PL08x I can test the fix... --- hw/dma/pl080.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -- 2.17.1 Reviewed-by: Philippe Mathieu-Daudé diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c index a7aacad74f0..8f92550392b 100644 --- a/hw/dma/pl080.c +++ b/hw/dma/pl080.c @@ -229,7 +229,7 @@ static uint64_t pl080_read(void *opaque, hwaddr offset, i = (offset & 0xe0) >> 5; if (i >= s->nchannels) goto bad_offset; - switch (offset >> 2) { + switch ((offset >> 2) & 7) { case 0: /* SrcAddr */ return s->chan[i].src; case 1: /* DestAddr */ @@ -290,7 +290,7 @@ static void pl080_write(void *opaque, hwaddr offset, i = (offset & 0xe0) >> 5; if (i >= s->nchannels) goto bad_offset; - switch (offset >> 2) { + switch ((offset >> 2) & 7) { case 0: /* SrcAddr */ s->chan[i].src = value; break; @@ -308,6 +308,7 @@ static void pl080_write(void *opaque, hwaddr offset, pl080_run(s); break; } + return; } switch (offset >> 2) { case 2: /* IntTCClear */