search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix 32-bit overflow in parallels image support
[qemu-kvm/fedora.git] / hw / g364fb.c
blob6aaca7a323dbfcb2ab7aa5a7904fbdb73dc35273
1 /*
2 * QEMU G364 framebuffer Emulator.
3 *
4 * Copyright (c) 2007-2009 Herve Poussineau
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License as
8 * published by the Free Software Foundation; either version 2 of
9 * the License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "hw.h"
21 #include "mips.h"
22 #include "console.h"
23 #include "pixel_ops.h"
24
25 //#define DEBUG_G364
26
27 #ifdef DEBUG_G364
28 #define DPRINTF(fmt, ...) \
29 do { printf("g364: " fmt , ## __VA_ARGS__); } while (0)
30 #else
31 #define DPRINTF(fmt, ...) do {} while (0)
32 #endif
33 #define BADF(fmt, ...) \
34 do { fprintf(stderr, "g364 ERROR: " fmt , ## __VA_ARGS__);} while (0)
35
36 typedef struct G364State {
37 /* hardware */
38 uint8_t *vram;
39 ram_addr_t vram_offset;
40 int vram_size;
41 qemu_irq irq;
42 /* registers */
43 uint8_t color_palette[256][3];
44 uint8_t cursor_palette[3][3];
45 uint16_t cursor[512];
46 uint32_t cursor_position;
47 uint32_t ctla;
48 uint32_t top_of_screen;
49 uint32_t width, height; /* in pixels */
50 /* display refresh support */
51 DisplayState *ds;
52 int depth;
53 int blanked;
54 } G364State;
55
56 #define REG_ID 0x000000
57 #define REG_BOOT 0x080000
58 #define REG_DISPLAY 0x080118
59 #define REG_VDISPLAY 0x080150
60 #define REG_CTLA 0x080300
61 #define REG_TOP 0x080400
62 #define REG_CURS_PAL 0x080508
63 #define REG_CURS_POS 0x080638
64 #define REG_CLR_PAL 0x080800
65 #define REG_CURS_PAT 0x081000
66 #define REG_RESET 0x180000
67
68 #define CTLA_FORCE_BLANK 0x00000400
69 #define CTLA_NO_CURSOR 0x00800000
70
71 static inline int check_dirty(ram_addr_t page)
72 {
73 return cpu_physical_memory_get_dirty(page, VGA_DIRTY_FLAG);
74 }
75
76 static inline void reset_dirty(G364State *s,
77 ram_addr_t page_min, ram_addr_t page_max)
78 {
79 cpu_physical_memory_reset_dirty(page_min, page_max + TARGET_PAGE_SIZE - 1,
80 VGA_DIRTY_FLAG);
81 }
82
83 static void g364fb_draw_graphic8(G364State *s)
84 {
85 int i, w;
86 uint8_t *vram;
87 uint8_t *data_display, *dd;
88 ram_addr_t page, page_min, page_max;
89 int x, y;
90 int xmin, xmax;
91 int ymin, ymax;
92 int xcursor, ycursor;
93 unsigned int (*rgb_to_pixel)(unsigned int r, unsigned int g, unsigned int b);
94
95 switch (ds_get_bits_per_pixel(s->ds)) {
96 case 8:
97 rgb_to_pixel = rgb_to_pixel8;
98 w = 1;
99 break;
100 case 15:
101 rgb_to_pixel = rgb_to_pixel15;
102 w = 2;
103 break;
104 case 16:
105 rgb_to_pixel = rgb_to_pixel16;
106 w = 2;
107 break;
108 case 32:
109 rgb_to_pixel = rgb_to_pixel32;
110 w = 4;
111 break;
112 default:
113 BADF("unknown host depth %d\n", ds_get_bits_per_pixel(s->ds));
114 return;
115 }
116
117 page = s->vram_offset;
118 page_min = (ram_addr_t)-1;
119 page_max = 0;
120
121 x = y = 0;
122 xmin = s->width;
123 xmax = 0;
124 ymin = s->height;
125 ymax = 0;
126
127 if (!(s->ctla & CTLA_NO_CURSOR)) {
128 xcursor = s->cursor_position >> 12;
129 ycursor = s->cursor_position & 0xfff;
130 } else {
131 xcursor = ycursor = -65;
132 }
133
134 vram = s->vram + s->top_of_screen;
135 /* XXX: out of range in vram? */
136 data_display = dd = ds_get_data(s->ds);
137 while (y < s->height) {
138 if (check_dirty(page)) {
139 if (y < ymin)
140 ymin = ymax = y;
141 if (page_min == (ram_addr_t)-1)
142 page_min = page;
143 page_max = page;
144 if (x < xmin)
145 xmin = x;
146 for (i = 0; i < TARGET_PAGE_SIZE; i++) {
147 uint8_t index;
148 unsigned int color;
149 if (unlikely((y >= ycursor && y < ycursor + 64) &&
150 (x >= xcursor && x < xcursor + 64))) {
151 /* pointer area */
152 int xdiff = x - xcursor;
153 uint16_t curs = s->cursor[(y - ycursor) * 8 + xdiff / 8];
154 int op = (curs >> ((xdiff & 7) * 2)) & 3;
155 if (likely(op == 0)) {
156 /* transparent */
157 index = *vram;
158 color = (*rgb_to_pixel)(
159 s->color_palette[index][0],
160 s->color_palette[index][1],
161 s->color_palette[index][2]);
162 } else {
163 /* get cursor color */
164 index = op - 1;
165 color = (*rgb_to_pixel)(
166 s->cursor_palette[index][0],
167 s->cursor_palette[index][1],
168 s->cursor_palette[index][2]);
169 }
170 } else {
171 /* normal area */
172 index = *vram;
173 color = (*rgb_to_pixel)(
174 s->color_palette[index][0],
175 s->color_palette[index][1],
176 s->color_palette[index][2]);
177 }
178 memcpy(dd, &color, w);
179 dd += w;
180 x++;
181 vram++;
182 if (x == s->width) {
183 xmax = s->width - 1;
184 y++;
185 if (y == s->height) {
186 ymax = s->height - 1;
187 goto done;
188 }
189 data_display = dd = data_display + ds_get_linesize(s->ds);
190 xmin = 0;
191 x = 0;
192 }
193 }
194 if (x > xmax)
195 xmax = x;
196 if (y > ymax)
197 ymax = y;
198 } else {
199 int dy;
200 if (page_min != (ram_addr_t)-1) {
201 reset_dirty(s, page_min, page_max);
202 page_min = (ram_addr_t)-1;
203 page_max = 0;
204 dpy_update(s->ds, xmin, ymin, xmax - xmin + 1, ymax - ymin + 1);
205 xmin = s->width;
206 xmax = 0;
207 ymin = s->height;
208 ymax = 0;
209 }
210 x += TARGET_PAGE_SIZE;
211 dy = x / s->width;
212 x = x % s->width;
213 y += dy;
214 vram += TARGET_PAGE_SIZE;
215 data_display += dy * ds_get_linesize(s->ds);
216 dd = data_display + x * w;
217 }
218 page += TARGET_PAGE_SIZE;
219 }
220
221 done:
222 if (page_min != (ram_addr_t)-1) {
223 dpy_update(s->ds, xmin, ymin, xmax - xmin + 1, ymax - ymin + 1);
224 reset_dirty(s, page_min, page_max);
225 }
226 }
227
228 static void g364fb_draw_blank(G364State *s)
229 {
230 int i, w;
231 uint8_t *d;
232
233 if (s->blanked) {
234 /* Screen is already blank. No need to redraw it */
235 return;
236 }
237
238 w = s->width * ((ds_get_bits_per_pixel(s->ds) + 7) >> 3);
239 d = ds_get_data(s->ds);
240 for (i = 0; i < s->height; i++) {
241 memset(d, 0, w);
242 d += ds_get_linesize(s->ds);
243 }
244
245 dpy_update(s->ds, 0, 0, s->width, s->height);
246 s->blanked = 1;
247 }
248
249 static void g364fb_update_display(void *opaque)
250 {
251 G364State *s = opaque;
252
253 if (s->width == 0 || s->height == 0)
254 return;
255
256 if (s->width != ds_get_width(s->ds) || s->height != ds_get_height(s->ds)) {
257 qemu_console_resize(s->ds, s->width, s->height);
258 }
259
260 if (s->ctla & CTLA_FORCE_BLANK) {
261 g364fb_draw_blank(s);
262 } else if (s->depth == 8) {
263 g364fb_draw_graphic8(s);
264 } else {
265 BADF("unknown guest depth %d\n", s->depth);
266 }
267
268 qemu_irq_raise(s->irq);
269 }
270
271 static void inline g364fb_invalidate_display(void *opaque)
272 {
273 G364State *s = opaque;
274 int i;
275
276 s->blanked = 0;
277 for (i = 0; i < s->vram_size; i += TARGET_PAGE_SIZE) {
278 cpu_physical_memory_set_dirty(s->vram_offset + i);
279 }
280 }
281
282 static void g364fb_reset(void *opaque)
283 {
284 G364State *s = opaque;
285 qemu_irq_lower(s->irq);
286
287 memset(s->color_palette, 0, sizeof(s->color_palette));
288 memset(s->cursor_palette, 0, sizeof(s->cursor_palette));
289 memset(s->cursor, 0, sizeof(s->cursor));
290 s->cursor_position = 0;
291 s->ctla = 0;
292 s->top_of_screen = 0;
293 s->width = s->height = 0;
294 memset(s->vram, 0, s->vram_size);
295 g364fb_invalidate_display(opaque);
296 }
297
298 static void g364fb_screen_dump(void *opaque, const char *filename)
299 {
300 G364State *s = opaque;
301 int y, x;
302 uint8_t index;
303 uint8_t *data_buffer;
304 FILE *f;
305
306 if (s->depth != 8) {
307 BADF("unknown guest depth %d\n", s->depth);
308 return;
309 }
310
311 f = fopen(filename, "wb");
312 if (!f)
313 return;
314
315 if (s->ctla & CTLA_FORCE_BLANK) {
316 /* blank screen */
317 fprintf(f, "P4\n%d %d\n",
318 s->width, s->height);
319 for (y = 0; y < s->height; y++)
320 for (x = 0; x < s->width; x++)
321 fputc(0, f);
322 } else {
323 data_buffer = s->vram + s->top_of_screen;
324 fprintf(f, "P6\n%d %d\n%d\n",
325 s->width, s->height, 255);
326 for (y = 0; y < s->height; y++)
327 for (x = 0; x < s->width; x++, data_buffer++) {
328 index = *data_buffer;
329 fputc(s->color_palette[index][0], f);
330 fputc(s->color_palette[index][1], f);
331 fputc(s->color_palette[index][2], f);
332 }
333 }
334
335 fclose(f);
336 }
337
338 /* called for accesses to io ports */
339 static uint32_t g364fb_ctrl_readl(void *opaque, target_phys_addr_t addr)
340 {
341 G364State *s = opaque;
342 uint32_t val;
343
344 if (addr >= REG_CURS_PAT && addr < REG_CURS_PAT + 0x1000) {
345 /* cursor pattern */
346 int idx = (addr - REG_CURS_PAT) >> 3;
347 val = s->cursor[idx];
348 } else if (addr >= REG_CURS_PAL && addr < REG_CURS_PAL + 0x18) {
349 /* cursor palette */
350 int idx = (addr - REG_CURS_PAL) >> 3;
351 val = ((uint32_t)s->cursor_palette[idx][0] << 16);
352 val |= ((uint32_t)s->cursor_palette[idx][1] << 8);
353 val |= ((uint32_t)s->cursor_palette[idx][2] << 0);
354 } else {
355 switch (addr) {
356 case REG_ID:
357 val = 0x10; /* Mips G364 */
358 break;
359 case REG_DISPLAY:
360 val = s->width / 4;
361 break;
362 case REG_VDISPLAY:
363 val = s->height * 2;
364 break;
365 case REG_CTLA:
366 val = s->ctla;
367 break;
368 default:
369 {
370 BADF("invalid read at [" TARGET_FMT_plx "]\n", addr);
371 val = 0;
372 break;
373 }
374 }
375 }
376
377 DPRINTF("read 0x%08x at [" TARGET_FMT_plx "]\n", val, addr);
378
379 return val;
380 }
381
382 static uint32_t g364fb_ctrl_readw(void *opaque, target_phys_addr_t addr)
383 {
384 uint32_t v = g364fb_ctrl_readl(opaque, addr & ~0x3);
385 if (addr & 0x2)
386 return v >> 16;
387 else
388 return v & 0xffff;
389 }
390
391 static uint32_t g364fb_ctrl_readb(void *opaque, target_phys_addr_t addr)
392 {
393 uint32_t v = g364fb_ctrl_readl(opaque, addr & ~0x3);
394 return (v >> (8 * (addr & 0x3))) & 0xff;
395 }
396
397 static void g364fb_update_depth(G364State *s)
398 {
399 const static int depths[8] = { 1, 2, 4, 8, 15, 16, 0 };
400 s->depth = depths[(s->ctla & 0x00700000) >> 20];
401 }
402
403 static void g364_invalidate_cursor_position(G364State *s)
404 {
405 int ymin, ymax, start, end, i;
406
407 /* invalidate only near the cursor */
408 ymin = s->cursor_position & 0xfff;
409 ymax = MIN(s->height, ymin + 64);
410 start = ymin * ds_get_linesize(s->ds);
411 end = (ymax + 1) * ds_get_linesize(s->ds);
412
413 for (i = start; i < end; i += TARGET_PAGE_SIZE) {
414 cpu_physical_memory_set_dirty(s->vram_offset + i);
415 }
416 }
417
418 static void g364fb_ctrl_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
419 {
420 G364State *s = opaque;
421
422 DPRINTF("write 0x%08x at [" TARGET_FMT_plx "]\n", val, addr);
423
424 if (addr >= REG_CLR_PAL && addr < REG_CLR_PAL + 0x800) {
425 /* color palette */
426 int idx = (addr - REG_CLR_PAL) >> 3;
427 s->color_palette[idx][0] = (val >> 16) & 0xff;
428 s->color_palette[idx][1] = (val >> 8) & 0xff;
429 s->color_palette[idx][2] = val & 0xff;
430 g364fb_invalidate_display(s);
431 } else if (addr >= REG_CURS_PAT && addr < REG_CURS_PAT + 0x1000) {
432 /* cursor pattern */
433 int idx = (addr - REG_CURS_PAT) >> 3;
434 s->cursor[idx] = val;
435 g364fb_invalidate_display(s);
436 } else if (addr >= REG_CURS_PAL && addr < REG_CURS_PAL + 0x18) {
437 /* cursor palette */
438 int idx = (addr - REG_CURS_PAL) >> 3;
439 s->cursor_palette[idx][0] = (val >> 16) & 0xff;
440 s->cursor_palette[idx][1] = (val >> 8) & 0xff;
441 s->cursor_palette[idx][2] = val & 0xff;
442 g364fb_invalidate_display(s);
443 } else {
444 switch (addr) {
445 case REG_ID: /* Card identifier; read-only */
446 case REG_BOOT: /* Boot timing */
447 case 0x80108: /* Line timing: half sync */
448 case 0x80110: /* Line timing: back porch */
449 case 0x80120: /* Line timing: short display */
450 case 0x80128: /* Frame timing: broad pulse */
451 case 0x80130: /* Frame timing: v sync */
452 case 0x80138: /* Frame timing: v preequalise */
453 case 0x80140: /* Frame timing: v postequalise */
454 case 0x80148: /* Frame timing: v blank */
455 case 0x80158: /* Line timing: line time */
456 case 0x80160: /* Frame store: line start */
457 case 0x80168: /* vram cycle: mem init */
458 case 0x80170: /* vram cycle: transfer delay */
459 case 0x80200: /* vram cycle: mask register */
460 /* ignore */
461 break;
462 case REG_TOP:
463 s->top_of_screen = val;
464 g364fb_invalidate_display(s);
465 break;
466 case REG_DISPLAY:
467 s->width = val * 4;
468 break;
469 case REG_VDISPLAY:
470 s->height = val / 2;
471 break;
472 case REG_CTLA:
473 s->ctla = val;
474 g364fb_update_depth(s);
475 g364fb_invalidate_display(s);
476 break;
477 case REG_CURS_POS:
478 g364_invalidate_cursor_position(s);
479 s->cursor_position = val;
480 g364_invalidate_cursor_position(s);
481 break;
482 case REG_RESET:
483 g364fb_reset(s);
484 break;
485 default:
486 BADF("invalid write of 0x%08x at [" TARGET_FMT_plx "]\n", val, addr);
487 break;
488 }
489 }
490 qemu_irq_lower(s->irq);
491 }
492
493 static void g364fb_ctrl_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
494 {
495 uint32_t old_val = g364fb_ctrl_readl(opaque, addr & ~0x3);
496
497 if (addr & 0x2)
498 val = (val << 16) | (old_val & 0x0000ffff);
499 else
500 val = val | (old_val & 0xffff0000);
501 g364fb_ctrl_writel(opaque, addr & ~0x3, val);
502 }
503
504 static void g364fb_ctrl_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
505 {
506 uint32_t old_val = g364fb_ctrl_readl(opaque, addr & ~0x3);
507
508 switch (addr & 3) {
509 case 0:
510 val = val | (old_val & 0xffffff00);
511 break;
512 case 1:
513 val = (val << 8) | (old_val & 0xffff00ff);
514 break;
515 case 2:
516 val = (val << 16) | (old_val & 0xff00ffff);
517 break;
518 case 3:
519 val = (val << 24) | (old_val & 0x00ffffff);
520 break;
521 }
522 g364fb_ctrl_writel(opaque, addr & ~0x3, val);
523 }
524
525 static CPUReadMemoryFunc *g364fb_ctrl_read[3] = {
526 g364fb_ctrl_readb,
527 g364fb_ctrl_readw,
528 g364fb_ctrl_readl,
529 };
530
531 static CPUWriteMemoryFunc *g364fb_ctrl_write[3] = {
532 g364fb_ctrl_writeb,
533 g364fb_ctrl_writew,
534 g364fb_ctrl_writel,
535 };
536
537 static int g364fb_load(QEMUFile *f, void *opaque, int version_id)
538 {
539 G364State *s = opaque;
540 unsigned int i, vram_size;
541
542 if (version_id != 1)
543 return -EINVAL;
544
545 vram_size = qemu_get_be32(f);
546 if (vram_size < s->vram_size)
547 return -EINVAL;
548 qemu_get_buffer(f, s->vram, s->vram_size);
549 for (i = 0; i < 256; i++)
550 qemu_get_buffer(f, s->color_palette[i], 3);
551 for (i = 0; i < 3; i++)
552 qemu_get_buffer(f, s->cursor_palette[i], 3);
553 qemu_get_buffer(f, (uint8_t *)s->cursor, sizeof(s->cursor));
554 s->cursor_position = qemu_get_be32(f);
555 s->ctla = qemu_get_be32(f);
556 s->top_of_screen = qemu_get_be32(f);
557 s->width = qemu_get_be32(f);
558 s->height = qemu_get_be32(f);
559
560 /* force refresh */
561 g364fb_update_depth(s);
562 g364fb_invalidate_display(s);
563
564 return 0;
565 }
566
567 static void g364fb_save(QEMUFile *f, void *opaque)
568 {
569 G364State *s = opaque;
570 int i;
571
572 qemu_put_be32(f, s->vram_size);
573 qemu_put_buffer(f, s->vram, s->vram_size);
574 for (i = 0; i < 256; i++)
575 qemu_put_buffer(f, s->color_palette[i], 3);
576 for (i = 0; i < 3; i++)
577 qemu_put_buffer(f, s->cursor_palette[i], 3);
578 qemu_put_buffer(f, (uint8_t *)s->cursor, sizeof(s->cursor));
579 qemu_put_be32(f, s->cursor_position);
580 qemu_put_be32(f, s->ctla);
581 qemu_put_be32(f, s->top_of_screen);
582 qemu_put_be32(f, s->width);
583 qemu_put_be32(f, s->height);
584 }
585
586 int g364fb_mm_init(target_phys_addr_t vram_base,
587 target_phys_addr_t ctrl_base, int it_shift,
588 qemu_irq irq)
589 {
590 G364State *s;
591 int io_ctrl;
592
593 s = qemu_mallocz(sizeof(G364State));
594
595 s->vram_size = 8 * 1024 * 1024;
596 s->vram_offset = qemu_ram_alloc(s->vram_size);
597 s->vram = qemu_get_ram_ptr(s->vram_offset);
598 s->irq = irq;
599
600 qemu_register_reset(g364fb_reset, s);
601 register_savevm("g364fb", 0, 1, g364fb_save, g364fb_load, s);
602 g364fb_reset(s);
603
604 s->ds = graphic_console_init(g364fb_update_display,
605 g364fb_invalidate_display,
606 g364fb_screen_dump, NULL, s);
607
608 cpu_register_physical_memory(vram_base, s->vram_size, s->vram_offset);
609
610 io_ctrl = cpu_register_io_memory(g364fb_ctrl_read, g364fb_ctrl_write, s);
611 cpu_register_physical_memory(ctrl_base, 0x200000, io_ctrl);
612
613 return 0;
614 }
Patches shipped by Fedora