aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerd Hoffmann <kraxel@redhat.com>2011-05-20 17:25:07 +0200
committerGerd Hoffmann <kraxel@redhat.com>2011-06-14 12:56:48 +0200
commitba7cb5a86ae2ad8b2b78b9367493f9a0d990bac8 (patch)
tree922fcf3e9886a81209afed55a474bec411dee160
parent8ac6d699c453e0f46e601597e371e9ae58c0237e (diff)
downloadqemu-ba7cb5a86ae2ad8b2b78b9367493f9a0d990bac8.zip
qemu-ba7cb5a86ae2ad8b2b78b9367493f9a0d990bac8.tar.gz
qemu-ba7cb5a86ae2ad8b2b78b9367493f9a0d990bac8.tar.bz2
usb-ehci: fix offset writeback in ehci_buffer_rw
Two bugs at once: First the mask is backwards, so the it used to keeps the offset and clears the page address, which is not what we need when we update the offset. Second the offset calculation is wrong in case head isn't page aligned. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-rw-r--r--hw/usb-ehci.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c
index da22d10..5de0cda 100644
--- a/hw/usb-ehci.c
+++ b/hw/usb-ehci.c
@@ -1066,6 +1066,7 @@ static int ehci_buffer_rw(EHCIQueue *q, int bytes, int rw)
cpu_physical_memory_rw(head, q->buffer + bufpos, tail - head, rw);
bufpos += (tail - head);
+ offset += (tail - head);
bytes -= (tail - head);
if (bytes > 0) {
@@ -1078,8 +1079,7 @@ static int ehci_buffer_rw(EHCIQueue *q, int bytes, int rw)
set_field(&q->qh.token, cpage, QTD_TOKEN_CPAGE);
/* save offset into cpage */
- offset = tail - head;
- q->qh.bufptr[0] &= ~QTD_BUFPTR_MASK;
+ q->qh.bufptr[0] &= QTD_BUFPTR_MASK;
q->qh.bufptr[0] |= offset;
return 0;