From patchwork Fri Mar  4 00:40:59 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dmitry Baryshkov <dbaryshkov@gmail.com>
X-Patchwork-Id: 85353
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [199.232.76.165])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 3DB9CB70AF
	for <incoming@patchwork.ozlabs.org>;
	Fri,  4 Mar 2011 11:43:10 +1100 (EST)
Received: from localhost ([127.0.0.1]:57816 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PvJ6p-0005VR-87
	for incoming@patchwork.ozlabs.org; Thu, 03 Mar 2011 19:43:07 -0500
Received: from [140.186.70.92] (port=39960 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1PvJ4w-0004mj-63
	for qemu-devel@nongnu.org; Thu, 03 Mar 2011 19:41:11 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dbaryshkov@gmail.com>) id 1PvJ4u-0000qi-QO
	for qemu-devel@nongnu.org; Thu, 03 Mar 2011 19:41:09 -0500
Received: from mail-fx0-f45.google.com ([209.85.161.45]:60662)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dbaryshkov@gmail.com>) id 1PvJ4u-0000qU-Gd
	for qemu-devel@nongnu.org; Thu, 03 Mar 2011 19:41:08 -0500
Received: by fxm11 with SMTP id 11so1829251fxm.4
	for <qemu-devel@nongnu.org>; Thu, 03 Mar 2011 16:41:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:from:to:subject:date:message-id:x-mailer;
	bh=klkPnzog8DjcMzZFufsPwiyah88opzQLUtMEgQUl4Dc=;
	b=uLQWovU67+jkYAyDRF7zP6247uZtk2RmsqClWGi48sPg6SNRreJEUvAKyLXENc19Ct
	QbQqlN1skJTZTBFaCu+GMpLIIHbzagukk0Trtfi7UcJDGkiJ15QaqN7sWIdmX9kTtryk
	ghStn97kN4jy20VQKnR9SO2OyYptGF/cB1K1A=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=from:to:subject:date:message-id:x-mailer;
	b=q5lbP3pvuVNoAFEcI3hwh7bVhW1LeELaXUnpuaGcbqRdjMzAiPXuErV/W/PL1eAyHn
	4KXxuQxyU01N14z79cvYbygzKV1RRx0+3d/Tnkr0u+l22QOzVkmnxgIGYHScjjOtl1K+
	90lXA0baMRqyQyxIE6QOQY1737hPK8phjyK/s=
Received: by 10.223.74.1 with SMTP id s1mr2274621faj.138.1299199266868;
	Thu, 03 Mar 2011 16:41:06 -0800 (PST)
Received: from doriath.ww600.siemens.net ([91.213.169.4])
	by mx.google.com with ESMTPS id b7sm910190faa.18.2011.03.03.16.41.05
	(version=SSLv3 cipher=OTHER); Thu, 03 Mar 2011 16:41:05 -0800 (PST)
From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
To: qemu-devel@nongnu.org
Date: Fri,  4 Mar 2011 03:40:59 +0300
Message-Id: <1299199260-20840-1-git-send-email-dbaryshkov@gmail.com>
X-Mailer: git-send-email 1.7.2.3
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
X-Received-From: 209.85.161.45
Subject: [Qemu-devel] [PATCH 1/2] pxa2xx_timer: separate irq for pxa27x
	handling
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

First, sysbus_init_irq shan't be called on on-stack variables. Indeed,
it only stores a passed pointer in qdev and the stored irq is later
populated, so we get a nice write-to-stack bug.
Second, irq for pxa27x should probably be handled in a more gentler way,
as we should check if we have events to raise this irq.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
---
 hw/pxa2xx_timer.c |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/hw/pxa2xx_timer.c b/hw/pxa2xx_timer.c
index 0fbd4a8..effe653 100644
--- a/hw/pxa2xx_timer.c
+++ b/hw/pxa2xx_timer.c
@@ -94,6 +94,7 @@ struct PXA2xxTimerInfo {
     uint32_t reset3;
     uint32_t snapshot;
 
+    qemu_irq irq4;
     PXA2xxTimer4 tm4[8];
 };
 
@@ -289,7 +290,7 @@ static void pxa2xx_timer_write(void *opaque, target_phys_addr_t offset,
                 if (s->tm4[i].tm.level && (value & 1))
                     s->tm4[i].tm.level = 0;
             if (!(s->events & 0xff0))
-                qemu_irq_lower(s->tm4->tm.irq);
+                qemu_irq_lower(s->irq4);
         }
         break;
     case OWER:	/* XXX: Reset on OSMR3 match? */
@@ -372,6 +373,8 @@ static void pxa2xx_timer_tick4(void *opaque)
         t->clock = 0;
     if (t->control & (1 << 6))
         pxa2xx_timer_update4(i, qemu_get_clock(vm_clock), t->tm.num - 4);
+    if (i->events & 0xff0)
+        qemu_irq_raise(i->irq4);
 }
 
 static int pxa25x_timer_post_load(void *opaque, int version_id)
@@ -395,7 +398,6 @@ static int pxa2xx_timer_init(SysBusDevice *dev)
     int i;
     int iomemtype;
     PXA2xxTimerInfo *s;
-    qemu_irq irq4;
 
     s = FROM_SYSBUS(PXA2xxTimerInfo, dev);
     s->irq_enabled = 0;
@@ -414,7 +416,7 @@ static int pxa2xx_timer_init(SysBusDevice *dev)
                         pxa2xx_timer_tick, &s->timer[i]);
     }
     if (s->flags & (1 << PXA2XX_TIMER_HAVE_TM4)) {
-        sysbus_init_irq(dev, &irq4);
+        sysbus_init_irq(dev, &s->irq4);
 
         for (i = 0; i < 8; i ++) {
             s->tm4[i].tm.value = 0;
@@ -425,7 +427,6 @@ static int pxa2xx_timer_init(SysBusDevice *dev)
             s->tm4[i].control = 0x0;
             s->tm4[i].tm.qtimer = qemu_new_timer(vm_clock,
                         pxa2xx_timer_tick4, &s->tm4[i]);
-            s->tm4[i].tm.irq = irq4;
         }
     }