From ba7cb5a86ae2ad8b2b78b9367493f9a0d990bac8 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Fri, 20 May 2011 17:25:07 +0200 Subject: [PATCH] usb-ehci: fix offset writeback in ehci_buffer_rw Two bugs at once: First the mask is backwards, so the it used to keeps the offset and clears the page address, which is not what we need when we update the offset. Second the offset calculation is wrong in case head isn't page aligned. Signed-off-by: Gerd Hoffmann --- hw/usb-ehci.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/usb-ehci.c b/hw/usb-ehci.c index da22d10..5de0cda 100644 --- a/hw/usb-ehci.c +++ b/hw/usb-ehci.c @@ -1066,6 +1066,7 @@ static int ehci_buffer_rw(EHCIQueue *q, int bytes, int rw) cpu_physical_memory_rw(head, q->buffer + bufpos, tail - head, rw); bufpos += (tail - head); + offset += (tail - head); bytes -= (tail - head); if (bytes > 0) { @@ -1078,8 +1079,7 @@ static int ehci_buffer_rw(EHCIQueue *q, int bytes, int rw) set_field(&q->qh.token, cpage, QTD_TOKEN_CPAGE); /* save offset into cpage */ - offset = tail - head; - q->qh.bufptr[0] &= ~QTD_BUFPTR_MASK; + q->qh.bufptr[0] &= QTD_BUFPTR_MASK; q->qh.bufptr[0] |= offset; return 0; -- 2.7.4