commit 156448ab640baaeca185787eb303fe4d63edca26
author Peter Maydell <peter.maydell@linaro.org> Mon Aug 20 11:24:33 2018 +0100
committer Peter Maydell <peter.maydell@linaro.org> Mon Aug 20 11:24:33 2018 +0100
tree ffcfdd37ce22d96062f5e83c7f449d2cec6af97c
parent c193304d4f9ef21c51ff412f6279ad459eedd438

hw/dma/pl080: Correct bug in register address decode logic

A bug in the handling of the register address decode logic
for the PL08x meant that we were incorrectly treating
accesses to the DMA channel registers (DMACCxSrcAddr,
DMACCxDestaddr, DMACCxLLI, DMACCxControl, DMACCxConfiguration)
as bad offsets. Fix this long-standing bug.

Fixes: https://bugs.launchpad.net/qemu/+bug/1637974
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

hw/dma/pl080.c

diff --git a/hw/dma/pl080.c b/hw/dma/pl080.c
index a7aacad..8f92550 100644
--- a/hw/dma/pl080.c
+++ b/hw/dma/pl080.c
@@ -229,7 +229,7 @@
         i = (offset & 0xe0) >> 5;
         if (i >= s->nchannels)
             goto bad_offset;
-        switch (offset >> 2) {
+        switch ((offset >> 2) & 7) {
         case 0: /* SrcAddr */
             return s->chan[i].src;
         case 1: /* DestAddr */
@@ -290,7 +290,7 @@
         i = (offset & 0xe0) >> 5;
         if (i >= s->nchannels)
             goto bad_offset;
-        switch (offset >> 2) {
+        switch ((offset >> 2) & 7) {
         case 0: /* SrcAddr */
             s->chan[i].src = value;
             break;
@@ -308,6 +308,7 @@
             pl080_run(s);
             break;
         }
+        return;
     }
     switch (offset >> 2) {
     case 2: /* IntTCClear */