diff options
| author | Gerd Hoffmann | 2012-06-19 13:53:28 +0200 |
|---|---|---|
| committer | Gerd Hoffmann | 2012-07-09 09:57:46 +0200 |
| commit | 4ed1c57a64992d84376b446b0c60edff2486681b (patch) | |
| tree | e6bfd74e458367b063b563b7723b0f3d50f55daf /hw/usb | |
| parent | ehci: fix ehci_qh_do_overlay (diff) | |
| download | qemu-4ed1c57a64992d84376b446b0c60edff2486681b.tar.gz qemu-4ed1c57a64992d84376b446b0c60edff2486681b.tar.xz qemu-4ed1c57a64992d84376b446b0c60edff2486681b.zip | |
ehci: fix td writeback
Only write back the dwords the hc is supposed to update. Should not
make a difference in theory as the guest must not touch the td while
it is active to avoid races. But it is still more correct.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'hw/usb')
| -rw-r--r-- | hw/usb/hcd-ehci.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index 7de47e5cf7..1406b84d5e 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -2070,6 +2070,7 @@ out: static int ehci_state_writeback(EHCIQueue *q) { EHCIPacket *p = QTAILQ_FIRST(&q->packets); + uint32_t *qtd, addr; int again = 0; /* Write back the QTD from the QH area */ @@ -2077,8 +2078,9 @@ static int ehci_state_writeback(EHCIQueue *q) assert(p->qtdaddr == q->qtdaddr); ehci_trace_qtd(q, NLPTR_GET(p->qtdaddr), (EHCIqtd *) &q->qh.next_qtd); - put_dwords(q->ehci, NLPTR_GET(p->qtdaddr), (uint32_t *) &q->qh.next_qtd, - sizeof(EHCIqtd) >> 2); + qtd = (uint32_t *) &q->qh.next_qtd; + addr = NLPTR_GET(p->qtdaddr); + put_dwords(q->ehci, addr + 2 * sizeof(uint32_t), qtd + 2, 2); ehci_free_packet(p); /* |