summaryrefslogtreecommitdiff
path: root/hw/intc
diff options
context:
space:
mode:
authorChristoffer Dall <christoffer.dall@linaro.org>2014-01-31 14:47:38 +0000
committerPeter Maydell <peter.maydell@linaro.org>2014-01-31 14:47:38 +0000
commit5b0adce156216fb24dcc5f1683e8b686f3793fff (patch)
treec00b631a06d4c273a22b53a60a5f60ca59c53eac /hw/intc
parent41ab7b55108e2699e7c2e77788465cb52a0b2c08 (diff)
downloadqemu-5b0adce156216fb24dcc5f1683e8b686f3793fff.tar.gz
qemu-5b0adce156216fb24dcc5f1683e8b686f3793fff.tar.bz2
qemu-5b0adce156216fb24dcc5f1683e8b686f3793fff.zip
arm_gic: Fix GICD_ICPENDR and GICD_ISPENDR writes
Fix two bugs that would allow changing the state of SGIs through the ICPENDR and ISPENDRs. Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/intc')
-rw-r--r--hw/intc/arm_gic.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index 98c6ff5ccb..1c4a1143af 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -428,7 +428,7 @@ static void gic_dist_writeb(void *opaque, hwaddr offset,
if (irq >= s->num_irq)
goto bad_reg;
if (irq < GIC_NR_SGIS) {
- irq = 0;
+ value = 0;
}
for (i = 0; i < 8; i++) {
@@ -441,6 +441,10 @@ static void gic_dist_writeb(void *opaque, hwaddr offset,
irq = (offset - 0x280) * 8 + GIC_BASE_IRQ;
if (irq >= s->num_irq)
goto bad_reg;
+ if (irq < GIC_NR_SGIS) {
+ value = 0;
+ }
+
for (i = 0; i < 8; i++) {
/* ??? This currently clears the pending bit for all CPUs, even
for per-CPU interrupts. It's unclear whether this is the