| Message ID | 20211211191135.1764649-20-peter.maydell@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | arm gicv3 ITS: Various bug fixes and refactorings | expand |
On 12/11/21 11:11 AM, Peter Maydell wrote: > In process_cmdq(), we read 64 bits of the command packet, which > contain the command identifier, which we then switch() on to dispatch > to an appropriate sub-function. However, if address_space_ldq_le() > reports a memory transaction failure, we still read the command > identifier out of the data and switch() on it. Restructure the code > so that we stop immediately (stalling the command queue) in this > case. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > hw/intc/arm_gicv3_its.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r~
Peter Maydell <peter.maydell@linaro.org> writes: > In process_cmdq(), we read 64 bits of the command packet, which > contain the command identifier, which we then switch() on to dispatch > to an appropriate sub-function. However, if address_space_ldq_le() > reports a memory transaction failure, we still read the command > identifier out of the data and switch() on it. Restructure the code > so that we stop immediately (stalling the command queue) in this > case. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
diff --git a/hw/intc/arm_gicv3_its.c b/hw/intc/arm_gicv3_its.c index 32cf18c10af..f3eba92946d 100644 --- a/hw/intc/arm_gicv3_its.c +++ b/hw/intc/arm_gicv3_its.c @@ -670,8 +670,13 @@ static void process_cmdq(GICv3ITSState *s) data = address_space_ldq_le(as, s->cq.base_addr + cq_offset, MEMTXATTRS_UNSPECIFIED, &res); if (res != MEMTX_OK) { - result = false; + s->creadr = FIELD_DP64(s->creadr, GITS_CREADR, STALLED, 1); + qemu_log_mask(LOG_GUEST_ERROR, + "%s: could not read command at 0x%" PRIx64 "\n", + __func__, s->cq.base_addr + cq_offset); + break; } + cmd = (data & CMD_MASK); switch (cmd) {
In process_cmdq(), we read 64 bits of the command packet, which contain the command identifier, which we then switch() on to dispatch to an appropriate sub-function. However, if address_space_ldq_le() reports a memory transaction failure, we still read the command identifier out of the data and switch() on it. Restructure the code so that we stop immediately (stalling the command queue) in this case. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- hw/intc/arm_gicv3_its.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)