diff mbox

[09/12] usb-ehci: fix offset writeback in ehci_buffer_rw

Message ID 1306406654-19351-10-git-send-email-kraxel@redhat.com
State New
Headers show

Commit Message

Gerd Hoffmann May 26, 2011, 10:44 a.m. UTC 
Two bugs at once:

First the mask is backwards, so the it used to keeps the offset and
clears the page address, which is not what we need when we update the
offset.

Second the offset calculation is wrong in case head isn't page aligned.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/usb-ehci.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)
diff mbox

Patch

diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c
index 5cbb675..cf10dfc 100644
--- a/hw/usb-ehci.c
+++ b/hw/usb-ehci.c
@@ -1066,6 +1066,7 @@  static int ehci_buffer_rw(EHCIQueue *q, int bytes, int rw)
         cpu_physical_memory_rw(head, q->buffer + bufpos, tail - head, rw);
 
         bufpos += (tail - head);
+        offset += (tail - head);
         bytes -= (tail - head);
 
         if (bytes > 0) {
@@ -1078,8 +1079,7 @@  static int ehci_buffer_rw(EHCIQueue *q, int bytes, int rw)
     set_field(&q->qh.token, cpage, QTD_TOKEN_CPAGE);
 
     /* save offset into cpage */
-    offset = tail - head;
-    q->qh.bufptr[0] &= ~QTD_BUFPTR_MASK;
+    q->qh.bufptr[0] &= QTD_BUFPTR_MASK;
     q->qh.bufptr[0] |= offset;
 
     return 0;