Another thing I don't understand is the code from this function https://github.com/qemu/QEMU/blob/master/hw/pl080.c#L289
If I look here http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0218e/ch03s04s15.html it seems to suggest that the src register is located at: 0x100 offset from the base of the device but the function does this this: switch(offset >> 2) case 0: // src address register but 0x100 >> 2 does not equal 0. Not even close. Maybe it should be (offset - 0x100) >> 2? But that would only work for channel 0. I guess one would then need to mod by the size of the channel struct. Am I completely off base or has this code never been run? regards, Richard. On Mon, Dec 26, 2011 at 6:26 PM, Richard Cole <richard.j.c...@gmail.com> wrote: > I'm new to QEMU so this might be a rather naive question but why is > there a hw_error here: > > https://github.com/qemu/QEMU/blob/2ac711791b2e4aabc5e4046b7428727828c705eb/hw/pl080.c#L96 > > It causes QEMU at least on my machine to abort. It would seem to make > it so the rest of the function will never be executed? That hw_error > (or a cpu_error) line seems have have been there since the file was > imported. > > Here's the code fragment in case that link doesn't work. > > static void pl080_run(pl080_state *s) > { > int c; > int flow; > pl080_channel *ch; > int swidth; > int dwidth; > int xsize; > int n; > int src_id; > int dest_id; > int size; > uint8_t buff[4]; > uint32_t req; > > s->tc_mask = 0; > for (c = 0; c < s->nchannels; c++) { > if (s->chan[c].conf & PL080_CCONF_ITC) > s->tc_mask |= 1 << c; > if (s->chan[c].conf & PL080_CCONF_IE) > s->err_mask |= 1 << c; > } > > if ((s->conf & PL080_CONF_E) == 0) > return; > > hw_error("DMA active\n"); > /* If we are already in the middle of a DMA operation then indicate that > there may be new DMA requests and return immediately. */ > if (s->running) { > s->running++; > return; > } > > regards, > > Richard.