On Tue, Jul 21, 2015 at 5:03 PM, Marc Marí <mar...@redhat.com> wrote:
> @@ -338,6 +340,10 @@ static void fw_cfg_dma_transfer(FWCfgState *s)
> return;
> }
>
> + for (i = 0; i < s->dma_off; ++i) {
> + fw_cfg_read(s);
> + }
> +
> for (i = 0; i < len; i++) {
> ptr[i] = fw_cfg_read(s);
> }
Please consume s->dma_off bytes outside the while loop so we don't
repeat this multiple times if the memory map is smaller than expected.
It would also be useful to set s->dma_off to 0 after consuming the
bytes. That way the next request doesn't need to write to the
register (unless it wants to use an offset). This should be
documented in docs/specs/fw_cfg.txt.
Please limit dma_off to a maximum of e->len so that an out-of-bounds
value doesn't burn CPU needlessly.
