aboutsummaryrefslogtreecommitdiff
path: root/hw/usb
diff options
context:
space:
mode:
authorHans de Goede <hdegoede@redhat.com>2012-04-03 14:21:47 +0200
committerGerd Hoffmann <kraxel@redhat.com>2012-04-26 12:21:15 +0200
commit8a771f77e2abfb81f1f33a986810c16ecae54ca7 (patch)
treebb6499c89aea22cfed0809add4b6b43e34d9ed7a /hw/usb
parent0cc6a0f19e3de830eaa898ad31c0bc607470b8cb (diff)
downloadqemu-8a771f77e2abfb81f1f33a986810c16ecae54ca7.zip
qemu-8a771f77e2abfb81f1f33a986810c16ecae54ca7.tar.gz
qemu-8a771f77e2abfb81f1f33a986810c16ecae54ca7.tar.bz2
usb-ehci: Ensure frindex writes leave a valid frindex value
frindex is a 14 bits counter, so bits 31-14 should always be 0, and after the commit titled "usb-ehci: frindex always is a 14 bits counter" we rely on frindex always being a multiple of 8. I've not seen this in practice, but theoretically a guest can write a value >= 0x4000 or a value which is not a multiple of 8 value to frindex, this patch ensures that things will still work when that happens. Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'hw/usb')
-rw-r--r--hw/usb/hcd-ehci.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index c6f21ac..4ff4d40 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1101,6 +1101,10 @@ static void ehci_mem_writel(void *ptr, target_phys_addr_t addr, uint32_t val)
val &= USBINTR_MASK;
break;
+ case FRINDEX:
+ val &= 0x00003ff8; /* frindex is 14bits and always a multiple of 8 */
+ break;
+
case CONFIGFLAG:
val &= 0x1;
if (val) {