Patchwork [[Bug,108996] ] hw/dma.c: Fix conversion ioport_register* to MemoryRegion

login
register
mail settings
Submitter Julien Grall
Date Dec. 14, 2012, 9:52 a.m.
Message ID <8491483f6c0154f26be31bf7fad11566eb4810d3.1355478583.git.julien.grall@citrix.com>
Download mbox | patch
Permalink /patch/206520/
State New
Headers show

Comments

Julien Grall - Dec. 14, 2012, 9:52 a.m.
The commit 582299336879504353e60c7937fbc70fea93f3da introduced a bug in
dma emulation due to a bad conversion between ioport_register* and MemoryRegion.

Cc: 1089996@bugs.launchpad.net
Reported-by: Andreas Gustafsson <gson@gson.org>
Signed-off-by: Julien Grall <julien.grall@citrix.com>
---
 hw/dma.c |   22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)
Andreas Färber - Dec. 14, 2012, 5:30 p.m.
Am 14.12.2012 10:52, schrieb Julien Grall:
> The commit 582299336879504353e60c7937fbc70fea93f3da introduced a bug in
> dma emulation due to a bad conversion between ioport_register* and MemoryRegion.
> 
> Cc: 1089996@bugs.launchpad.net
> Reported-by: Andreas Gustafsson <gson@gson.org>
> Signed-off-by: Julien Grall <julien.grall@citrix.com>

I had trouble following here, having handled the offending patch myself:
"Fix", "a bug" and "a bad conversion" is not really telling me what went
wrong and how the numbers are calculated correctly. Please suggest an
additional explanatory paragraph for the commit message (as a reply).
Formally the patch looks fine (modulo missing "of" or
s/conversion/converting/g in $subject).

From what I gather, the cont region starts at base + 8 << dshift. Why is
the size in memory_region_init_io() 8 << d->dshift and not just 8 when
it previously looped over 0..7? Same question for the channel region.
Could be fixed as follow-up. More comments inline:

> ---
>  hw/dma.c |   22 +++++++++++-----------
>  1 file changed, 11 insertions(+), 11 deletions(-)
> 
> diff --git a/hw/dma.c b/hw/dma.c
> index c2d7b21..1b1d406 100644
> --- a/hw/dma.c
> +++ b/hw/dma.c
> @@ -200,7 +200,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>  
>      iport = (nport >> d->dshift) & 0x0f;
>      switch (iport) {
> -    case 0x01:                  /* command */
> +    case 0x00:                  /* command */

Since the shift is "reverted" above, we effectively have an 0x8 ->
0x8+0x1 -> 0x8+0x0 change, which looks correct.

This delta seems consistent for the other case changes ...

>          if ((data != 0) && (data & CMD_NOT_SUPPORTED)) {
>              dolog("command %"PRIx64" not supported\n", data);
>              return;
> @@ -208,7 +208,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>          d->command = data;
>          break;
>  
> -    case 0x02:
> +    case 0x01:
>          ichan = data & 3;
>          if (data & 4) {
>              d->status |= 1 << (ichan + 4);
> @@ -220,7 +220,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>          DMA_run();
>          break;
>  
> -    case 0x03:                  /* single mask */
> +    case 0x02:                  /* single mask */
>          if (data & 4)
>              d->mask |= 1 << (data & 3);
>          else
> @@ -228,7 +228,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>          DMA_run();
>          break;
>  
> -    case 0x04:                  /* mode */
> +    case 0x03:                  /* mode */
>          {
>              ichan = data & 3;
>  #ifdef DEBUG_DMA
> @@ -247,23 +247,23 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>              break;
>          }
>  
> -    case 0x05:                  /* clear flip flop */
> +    case 0x04:                  /* clear flip flop */
>          d->flip_flop = 0;
>          break;
>  
> -    case 0x06:                  /* reset */
> +    case 0x05:                  /* reset */
>          d->flip_flop = 0;
>          d->mask = ~0;
>          d->status = 0;
>          d->command = 0;
>          break;
>  
> -    case 0x07:                  /* clear mask for all channels */
> +    case 0x06:                  /* clear mask for all channels */
>          d->mask = 0;
>          DMA_run();
>          break;
>  
> -    case 0x08:                  /* write mask for all channels */
> +    case 0x07:                  /* write mask for all channels */
>          d->mask = data;
>          DMA_run();
>          break;
> @@ -288,11 +288,11 @@ static uint64_t read_cont(void *opaque, hwaddr nport, unsigned size)
>  
>      iport = (nport >> d->dshift) & 0x0f;
>      switch (iport) {
> -    case 0x08:                  /* status */
> +    case 0x00:                  /* status */
>          val = d->status;
>          d->status &= 0xf0;
>          break;
> -    case 0x0f:                  /* mask */
> +    case 0x01:                  /* mask */
>          val = d->mask;
>          break;
>      default:
> @@ -467,7 +467,7 @@ void DMA_schedule(int nchan)
>  static void dma_reset(void *opaque)
>  {
>      struct dma_cont *d = opaque;
> -    write_cont(d, (0x06 << d->dshift), 0, 1);
> +    write_cont(d, (0x05 << d->dshift), 0, 1);

... and for the (weird :)) reuse of the write_cont() callback function
from within the reset function.

>  }
>  
>  static int dma_phony_handler (void *opaque, int nchan, int dma_pos, int dma_len)

Reviewed-by: Andreas Färber <afaerber@suse.de>

make check runs an fdc-test that passed okay. Can one of you add a test
case to avoid another regression here?

Regards,
Andreas
Julien Grall - Dec. 15, 2012, 9:31 p.m.
On Fri, Dec 14, 2012 at 5:30 PM, Andreas Färber <afaerber@suse.de> wrote:
> Am 14.12.2012 10:52, schrieb Julien Grall:
>> The commit 582299336879504353e60c7937fbc70fea93f3da introduced a bug in
>> dma emulation due to a bad conversion between ioport_register* and MemoryRegion.
>>
>> Cc: 1089996@bugs.launchpad.net
>> Reported-by: Andreas Gustafsson <gson@gson.org>
>> Signed-off-by: Julien Grall <julien.grall@citrix.com>
>
> I had trouble following here, having handled the offending patch myself:
> "Fix", "a bug" and "a bad conversion" is not really telling me what went
> wrong and how the numbers are calculated correctly. Please suggest an
> additional explanatory paragraph for the commit message (as a reply).
> Formally the patch looks fine (modulo missing "of" or
> s/conversion/converting/g in $subject).
>
> From what I gather, the cont region starts at base + 8 << dshift. Why is
> the size in memory_region_init_io() 8 << d->dshift and not just 8 when
> it previously looped over 0..7? Same question for the channel region.
> Could be fixed as follow-up. More comments inline:

I'm not very familiar with ISA DMA stuff. I only discussed with Avi on
the previous
version and read some documentation.

Before my previous patch, which converted ioport_register_* to MemoryRegion,
we registered 8 ioports with the following formula: base + ((8 + i) <<
d->shift).
If dshift = 1 (for instance the secondary dma controller) the ioports are:
 base + 16, base + 18, ...
For the secondary dma controller we need to register a 16 ioports region. This
why dma_init2 will register a region of (8 << d->shift) ioports.
It's the same for the channel region.

>> ---
>>  hw/dma.c |   22 +++++++++++-----------
>>  1 file changed, 11 insertions(+), 11 deletions(-)
>>
>> diff --git a/hw/dma.c b/hw/dma.c
>> index c2d7b21..1b1d406 100644
>> --- a/hw/dma.c
>> +++ b/hw/dma.c
>> @@ -200,7 +200,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>>
>>      iport = (nport >> d->dshift) & 0x0f;
>>      switch (iport) {
>> -    case 0x01:                  /* command */
>> +    case 0x00:                  /* command */
>
> Since the shift is "reverted" above, we effectively have an 0x8 ->
> 0x8+0x1 -> 0x8+0x0 change, which looks correct.
>
> This delta seems consistent for the other case changes ...
>
>>          if ((data != 0) && (data & CMD_NOT_SUPPORTED)) {
>>              dolog("command %"PRIx64" not supported\n", data);
>>              return;
>> @@ -208,7 +208,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>>          d->command = data;
>>          break;
>>
>> -    case 0x02:
>> +    case 0x01:
>>          ichan = data & 3;
>>          if (data & 4) {
>>              d->status |= 1 << (ichan + 4);
>> @@ -220,7 +220,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>>          DMA_run();
>>          break;
>>
>> -    case 0x03:                  /* single mask */
>> +    case 0x02:                  /* single mask */
>>          if (data & 4)
>>              d->mask |= 1 << (data & 3);
>>          else
>> @@ -228,7 +228,7 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>>          DMA_run();
>>          break;
>>
>> -    case 0x04:                  /* mode */
>> +    case 0x03:                  /* mode */
>>          {
>>              ichan = data & 3;
>>  #ifdef DEBUG_DMA
>> @@ -247,23 +247,23 @@ static void write_cont(void *opaque, hwaddr nport, uint64_t data,
>>              break;
>>          }
>>
>> -    case 0x05:                  /* clear flip flop */
>> +    case 0x04:                  /* clear flip flop */
>>          d->flip_flop = 0;
>>          break;
>>
>> -    case 0x06:                  /* reset */
>> +    case 0x05:                  /* reset */
>>          d->flip_flop = 0;
>>          d->mask = ~0;
>>          d->status = 0;
>>          d->command = 0;
>>          break;
>>
>> -    case 0x07:                  /* clear mask for all channels */
>> +    case 0x06:                  /* clear mask for all channels */
>>          d->mask = 0;
>>          DMA_run();
>>          break;
>>
>> -    case 0x08:                  /* write mask for all channels */
>> +    case 0x07:                  /* write mask for all channels */
>>          d->mask = data;
>>          DMA_run();
>>          break;
>> @@ -288,11 +288,11 @@ static uint64_t read_cont(void *opaque, hwaddr nport, unsigned size)
>>
>>      iport = (nport >> d->dshift) & 0x0f;
>>      switch (iport) {
>> -    case 0x08:                  /* status */
>> +    case 0x00:                  /* status */
>>          val = d->status;
>>          d->status &= 0xf0;
>>          break;
>> -    case 0x0f:                  /* mask */
>> +    case 0x01:                  /* mask */
>>          val = d->mask;
>>          break;
>>      default:
>> @@ -467,7 +467,7 @@ void DMA_schedule(int nchan)
>>  static void dma_reset(void *opaque)
>>  {
>>      struct dma_cont *d = opaque;
>> -    write_cont(d, (0x06 << d->dshift), 0, 1);
>> +    write_cont(d, (0x05 << d->dshift), 0, 1);
>
> ... and for the (weird :)) reuse of the write_cont() callback function
> from within the reset function.

It was already used on old dma source code. I think it's to only reset
the dma controller. I can send a patch to inline the reset.

>>  }
>>
>>  static int dma_phony_handler (void *opaque, int nchan, int dma_pos, int dma_len)
>
> Reviewed-by: Andreas Färber <afaerber@suse.de>

Thanks,

--
Grall Julien

Patch

diff --git a/hw/dma.c b/hw/dma.c
index c2d7b21..1b1d406 100644
--- a/hw/dma.c
+++ b/hw/dma.c
@@ -200,7 +200,7 @@  static void write_cont(void *opaque, hwaddr nport, uint64_t data,
 
     iport = (nport >> d->dshift) & 0x0f;
     switch (iport) {
-    case 0x01:                  /* command */
+    case 0x00:                  /* command */
         if ((data != 0) && (data & CMD_NOT_SUPPORTED)) {
             dolog("command %"PRIx64" not supported\n", data);
             return;
@@ -208,7 +208,7 @@  static void write_cont(void *opaque, hwaddr nport, uint64_t data,
         d->command = data;
         break;
 
-    case 0x02:
+    case 0x01:
         ichan = data & 3;
         if (data & 4) {
             d->status |= 1 << (ichan + 4);
@@ -220,7 +220,7 @@  static void write_cont(void *opaque, hwaddr nport, uint64_t data,
         DMA_run();
         break;
 
-    case 0x03:                  /* single mask */
+    case 0x02:                  /* single mask */
         if (data & 4)
             d->mask |= 1 << (data & 3);
         else
@@ -228,7 +228,7 @@  static void write_cont(void *opaque, hwaddr nport, uint64_t data,
         DMA_run();
         break;
 
-    case 0x04:                  /* mode */
+    case 0x03:                  /* mode */
         {
             ichan = data & 3;
 #ifdef DEBUG_DMA
@@ -247,23 +247,23 @@  static void write_cont(void *opaque, hwaddr nport, uint64_t data,
             break;
         }
 
-    case 0x05:                  /* clear flip flop */
+    case 0x04:                  /* clear flip flop */
         d->flip_flop = 0;
         break;
 
-    case 0x06:                  /* reset */
+    case 0x05:                  /* reset */
         d->flip_flop = 0;
         d->mask = ~0;
         d->status = 0;
         d->command = 0;
         break;
 
-    case 0x07:                  /* clear mask for all channels */
+    case 0x06:                  /* clear mask for all channels */
         d->mask = 0;
         DMA_run();
         break;
 
-    case 0x08:                  /* write mask for all channels */
+    case 0x07:                  /* write mask for all channels */
         d->mask = data;
         DMA_run();
         break;
@@ -288,11 +288,11 @@  static uint64_t read_cont(void *opaque, hwaddr nport, unsigned size)
 
     iport = (nport >> d->dshift) & 0x0f;
     switch (iport) {
-    case 0x08:                  /* status */
+    case 0x00:                  /* status */
         val = d->status;
         d->status &= 0xf0;
         break;
-    case 0x0f:                  /* mask */
+    case 0x01:                  /* mask */
         val = d->mask;
         break;
     default:
@@ -467,7 +467,7 @@  void DMA_schedule(int nchan)
 static void dma_reset(void *opaque)
 {
     struct dma_cont *d = opaque;
-    write_cont(d, (0x06 << d->dshift), 0, 1);
+    write_cont(d, (0x05 << d->dshift), 0, 1);
 }
 
 static int dma_phony_handler (void *opaque, int nchan, int dma_pos, int dma_len)