search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix 32-bit overflow in parallels image support
[qemu-kvm/fedora.git] / hw / lm832x.c
blob197fe7db968f666d94c8885dac2f730b3741b237
1 /*
2 * National Semiconductor LM8322/8323 GPIO keyboard & PWM chips.
3 *
4 * Copyright (C) 2008 Nokia Corporation
5 * Written by Andrzej Zaborowski <andrew@openedhand.com>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License as
9 * published by the Free Software Foundation; either version 2 or
10 * (at your option) version 3 of the License.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "hw.h"
22 #include "i2c.h"
23 #include "qemu-timer.h"
24 #include "console.h"
25
26 typedef struct {
27 i2c_slave i2c;
28 int i2c_dir;
29 int i2c_cycle;
30 int reg;
31
32 qemu_irq nirq;
33 uint16_t model;
34
35 struct {
36 qemu_irq out[2];
37 int in[2][2];
38 } mux;
39
40 uint8_t config;
41 uint8_t status;
42 uint8_t acttime;
43 uint8_t error;
44 uint8_t clock;
45
46 struct {
47 uint16_t pull;
48 uint16_t mask;
49 uint16_t dir;
50 uint16_t level;
51 qemu_irq out[16];
52 } gpio;
53
54 struct {
55 uint8_t dbnctime;
56 uint8_t size;
57 int start;
58 int len;
59 uint8_t fifo[16];
60 } kbd;
61
62 struct {
63 uint16_t file[256];
64 uint8_t faddr;
65 uint8_t addr[3];
66 QEMUTimer *tm[3];
67 } pwm;
68 } LM823KbdState;
69
70 #define INT_KEYPAD (1 << 0)
71 #define INT_ERROR (1 << 3)
72 #define INT_NOINIT (1 << 4)
73 #define INT_PWMEND(n) (1 << (5 + n))
74
75 #define ERR_BADPAR (1 << 0)
76 #define ERR_CMDUNK (1 << 1)
77 #define ERR_KEYOVR (1 << 2)
78 #define ERR_FIFOOVR (1 << 6)
79
80 static void lm_kbd_irq_update(LM823KbdState *s)
81 {
82 qemu_set_irq(s->nirq, !s->status);
83 }
84
85 static void lm_kbd_gpio_update(LM823KbdState *s)
86 {
87 }
88
89 static void lm_kbd_reset(LM823KbdState *s)
90 {
91 s->config = 0x80;
92 s->status = INT_NOINIT;
93 s->acttime = 125;
94 s->kbd.dbnctime = 3;
95 s->kbd.size = 0x33;
96 s->clock = 0x08;
97
98 lm_kbd_irq_update(s);
99 lm_kbd_gpio_update(s);
100 }
101
102 static void lm_kbd_error(LM823KbdState *s, int err)
103 {
104 s->error |= err;
105 s->status |= INT_ERROR;
106 lm_kbd_irq_update(s);
107 }
108
109 static void lm_kbd_pwm_tick(LM823KbdState *s, int line)
110 {
111 }
112
113 static void lm_kbd_pwm_start(LM823KbdState *s, int line)
114 {
115 lm_kbd_pwm_tick(s, line);
116 }
117
118 static void lm_kbd_pwm0_tick(void *opaque)
119 {
120 lm_kbd_pwm_tick(opaque, 0);
121 }
122 static void lm_kbd_pwm1_tick(void *opaque)
123 {
124 lm_kbd_pwm_tick(opaque, 1);
125 }
126 static void lm_kbd_pwm2_tick(void *opaque)
127 {
128 lm_kbd_pwm_tick(opaque, 2);
129 }
130
131 enum {
132 LM832x_CMD_READ_ID = 0x80, /* Read chip ID. */
133 LM832x_CMD_WRITE_CFG = 0x81, /* Set configuration item. */
134 LM832x_CMD_READ_INT = 0x82, /* Get interrupt status. */
135 LM832x_CMD_RESET = 0x83, /* Reset, same as external one */
136 LM823x_CMD_WRITE_PULL_DOWN = 0x84, /* Select GPIO pull-up/down. */
137 LM832x_CMD_WRITE_PORT_SEL = 0x85, /* Select GPIO in/out. */
138 LM832x_CMD_WRITE_PORT_STATE = 0x86, /* Set GPIO pull-up/down. */
139 LM832x_CMD_READ_PORT_SEL = 0x87, /* Get GPIO in/out. */
140 LM832x_CMD_READ_PORT_STATE = 0x88, /* Get GPIO pull-up/down. */
141 LM832x_CMD_READ_FIFO = 0x89, /* Read byte from FIFO. */
142 LM832x_CMD_RPT_READ_FIFO = 0x8a, /* Read FIFO (no increment). */
143 LM832x_CMD_SET_ACTIVE = 0x8b, /* Set active time. */
144 LM832x_CMD_READ_ERROR = 0x8c, /* Get error status. */
145 LM832x_CMD_READ_ROTATOR = 0x8e, /* Read rotator status. */
146 LM832x_CMD_SET_DEBOUNCE = 0x8f, /* Set debouncing time. */
147 LM832x_CMD_SET_KEY_SIZE = 0x90, /* Set keypad size. */
148 LM832x_CMD_READ_KEY_SIZE = 0x91, /* Get keypad size. */
149 LM832x_CMD_READ_CFG = 0x92, /* Get configuration item. */
150 LM832x_CMD_WRITE_CLOCK = 0x93, /* Set clock config. */
151 LM832x_CMD_READ_CLOCK = 0x94, /* Get clock config. */
152 LM832x_CMD_PWM_WRITE = 0x95, /* Write PWM script. */
153 LM832x_CMD_PWM_START = 0x96, /* Start PWM engine. */
154 LM832x_CMD_PWM_STOP = 0x97, /* Stop PWM engine. */
155 };
156
157 #define LM832x_MAX_KPX 8
158 #define LM832x_MAX_KPY 12
159
160 static uint8_t lm_kbd_read(LM823KbdState *s, int reg, int byte)
161 {
162 int ret;
163
164 switch (reg) {
165 case LM832x_CMD_READ_ID:
166 ret = 0x0400;
167 break;
168
169 case LM832x_CMD_READ_INT:
170 ret = s->status;
171 if (!(s->status & INT_NOINIT)) {
172 s->status = 0;
173 lm_kbd_irq_update(s);
174 }
175 break;
176
177 case LM832x_CMD_READ_PORT_SEL:
178 ret = s->gpio.dir;
179 break;
180 case LM832x_CMD_READ_PORT_STATE:
181 ret = s->gpio.mask;
182 break;
183
184 case LM832x_CMD_READ_FIFO:
185 if (s->kbd.len <= 1)
186 return 0x00;
187
188 /* Example response from the two commands after a INT_KEYPAD
189 * interrupt caused by the key 0x3c being pressed:
190 * RPT_READ_FIFO: 55 bc 00 4e ff 0a 50 08 00 29 d9 08 01 c9 01
191 * READ_FIFO: bc 00 00 4e ff 0a 50 08 00 29 d9 08 01 c9 01
192 * RPT_READ_FIFO: bc 00 00 4e ff 0a 50 08 00 29 d9 08 01 c9 01
193 *
194 * 55 is the code of the key release event serviced in the previous
195 * interrupt handling.
196 *
197 * TODO: find out whether the FIFO is advanced a single character
198 * before reading every byte or the whole size of the FIFO at the
199 * last LM832x_CMD_READ_FIFO. This affects LM832x_CMD_RPT_READ_FIFO
200 * output in cases where there are more than one event in the FIFO.
201 * Assume 0xbc and 0x3c events are in the FIFO:
202 * RPT_READ_FIFO: 55 bc 3c 00 4e ff 0a 50 08 00 29 d9 08 01 c9
203 * READ_FIFO: bc 3c 00 00 4e ff 0a 50 08 00 29 d9 08 01 c9
204 * Does RPT_READ_FIFO now return 0xbc and 0x3c or only 0x3c?
205 */
206 s->kbd.start ++;
207 s->kbd.start &= sizeof(s->kbd.fifo) - 1;
208 s->kbd.len --;
209
210 return s->kbd.fifo[s->kbd.start];
211 case LM832x_CMD_RPT_READ_FIFO:
212 if (byte >= s->kbd.len)
213 return 0x00;
214
215 return s->kbd.fifo[(s->kbd.start + byte) & (sizeof(s->kbd.fifo) - 1)];
216
217 case LM832x_CMD_READ_ERROR:
218 return s->error;
219
220 case LM832x_CMD_READ_ROTATOR:
221 return 0;
222
223 case LM832x_CMD_READ_KEY_SIZE:
224 return s->kbd.size;
225
226 case LM832x_CMD_READ_CFG:
227 return s->config & 0xf;
228
229 case LM832x_CMD_READ_CLOCK:
230 return (s->clock & 0xfc) | 2;
231
232 default:
233 lm_kbd_error(s, ERR_CMDUNK);
234 fprintf(stderr, "%s: unknown command %02x\n", __FUNCTION__, reg);
235 return 0x00;
236 }
237
238 return ret >> (byte << 3);
239 }
240
241 static void lm_kbd_write(LM823KbdState *s, int reg, int byte, uint8_t value)
242 {
243 switch (reg) {
244 case LM832x_CMD_WRITE_CFG:
245 s->config = value;
246 /* This must be done whenever s->mux.in is updated (never). */
247 if ((s->config >> 1) & 1) /* MUX1EN */
248 qemu_set_irq(s->mux.out[0], s->mux.in[0][(s->config >> 0) & 1]);
249 if ((s->config >> 3) & 1) /* MUX2EN */
250 qemu_set_irq(s->mux.out[0], s->mux.in[0][(s->config >> 2) & 1]);
251 /* TODO: check that this is issued only following the chip reset
252 * and not in the middle of operation and that it is followed by
253 * the GPIO ports re-resablishing through WRITE_PORT_SEL and
254 * WRITE_PORT_STATE (using a timer perhaps) and otherwise output
255 * warnings. */
256 s->status = 0;
257 lm_kbd_irq_update(s);
258 s->kbd.len = 0;
259 s->kbd.start = 0;
260 s->reg = -1;
261 break;
262
263 case LM832x_CMD_RESET:
264 if (value == 0xaa)
265 lm_kbd_reset(s);
266 else
267 lm_kbd_error(s, ERR_BADPAR);
268 s->reg = -1;
269 break;
270
271 case LM823x_CMD_WRITE_PULL_DOWN:
272 if (!byte)
273 s->gpio.pull = value;
274 else {
275 s->gpio.pull |= value << 8;
276 lm_kbd_gpio_update(s);
277 s->reg = -1;
278 }
279 break;
280 case LM832x_CMD_WRITE_PORT_SEL:
281 if (!byte)
282 s->gpio.dir = value;
283 else {
284 s->gpio.dir |= value << 8;
285 lm_kbd_gpio_update(s);
286 s->reg = -1;
287 }
288 break;
289 case LM832x_CMD_WRITE_PORT_STATE:
290 if (!byte)
291 s->gpio.mask = value;
292 else {
293 s->gpio.mask |= value << 8;
294 lm_kbd_gpio_update(s);
295 s->reg = -1;
296 }
297 break;
298
299 case LM832x_CMD_SET_ACTIVE:
300 s->acttime = value;
301 s->reg = -1;
302 break;
303
304 case LM832x_CMD_SET_DEBOUNCE:
305 s->kbd.dbnctime = value;
306 s->reg = -1;
307 if (!value)
308 lm_kbd_error(s, ERR_BADPAR);
309 break;
310
311 case LM832x_CMD_SET_KEY_SIZE:
312 s->kbd.size = value;
313 s->reg = -1;
314 if (
315 (value & 0xf) < 3 || (value & 0xf) > LM832x_MAX_KPY ||
316 (value >> 4) < 3 || (value >> 4) > LM832x_MAX_KPX)
317 lm_kbd_error(s, ERR_BADPAR);
318 break;
319
320 case LM832x_CMD_WRITE_CLOCK:
321 s->clock = value;
322 s->reg = -1;
323 if ((value & 3) && (value & 3) != 3) {
324 lm_kbd_error(s, ERR_BADPAR);
325 fprintf(stderr, "%s: invalid clock setting in RCPWM\n",
326 __FUNCTION__);
327 }
328 /* TODO: Validate that the command is only issued once */
329 break;
330
331 case LM832x_CMD_PWM_WRITE:
332 if (byte == 0) {
333 if (!(value & 3) || (value >> 2) > 59) {
334 lm_kbd_error(s, ERR_BADPAR);
335 s->reg = -1;
336 break;
337 }
338
339 s->pwm.faddr = value;
340 s->pwm.file[s->pwm.faddr] = 0;
341 } else if (byte == 1) {
342 s->pwm.file[s->pwm.faddr] |= value << 8;
343 } else if (byte == 2) {
344 s->pwm.file[s->pwm.faddr] |= value << 0;
345 s->reg = -1;
346 }
347 break;
348 case LM832x_CMD_PWM_START:
349 s->reg = -1;
350 if (!(value & 3) || (value >> 2) > 59) {
351 lm_kbd_error(s, ERR_BADPAR);
352 break;
353 }
354
355 s->pwm.addr[(value & 3) - 1] = value >> 2;
356 lm_kbd_pwm_start(s, (value & 3) - 1);
357 break;
358 case LM832x_CMD_PWM_STOP:
359 s->reg = -1;
360 if (!(value & 3)) {
361 lm_kbd_error(s, ERR_BADPAR);
362 break;
363 }
364
365 qemu_del_timer(s->pwm.tm[(value & 3) - 1]);
366 break;
367
368 case -1:
369 lm_kbd_error(s, ERR_BADPAR);
370 break;
371 default:
372 lm_kbd_error(s, ERR_CMDUNK);
373 fprintf(stderr, "%s: unknown command %02x\n", __FUNCTION__, reg);
374 break;
375 }
376 }
377
378 static void lm_i2c_event(i2c_slave *i2c, enum i2c_event event)
379 {
380 LM823KbdState *s = FROM_I2C_SLAVE(LM823KbdState, i2c);
381
382 switch (event) {
383 case I2C_START_RECV:
384 case I2C_START_SEND:
385 s->i2c_cycle = 0;
386 s->i2c_dir = (event == I2C_START_SEND);
387 break;
388
389 default:
390 break;
391 }
392 }
393
394 static int lm_i2c_rx(i2c_slave *i2c)
395 {
396 LM823KbdState *s = FROM_I2C_SLAVE(LM823KbdState, i2c);
397
398 return lm_kbd_read(s, s->reg, s->i2c_cycle ++);
399 }
400
401 static int lm_i2c_tx(i2c_slave *i2c, uint8_t data)
402 {
403 LM823KbdState *s = (LM823KbdState *) i2c;
404
405 if (!s->i2c_cycle)
406 s->reg = data;
407 else
408 lm_kbd_write(s, s->reg, s->i2c_cycle - 1, data);
409 s->i2c_cycle ++;
410
411 return 0;
412 }
413
414 static void lm_kbd_save(QEMUFile *f, void *opaque)
415 {
416 LM823KbdState *s = (LM823KbdState *) opaque;
417 int i;
418
419 i2c_slave_save(f, &s->i2c);
420 qemu_put_byte(f, s->i2c_dir);
421 qemu_put_byte(f, s->i2c_cycle);
422 qemu_put_byte(f, (uint8_t) s->reg);
423
424 qemu_put_8s(f, &s->config);
425 qemu_put_8s(f, &s->status);
426 qemu_put_8s(f, &s->acttime);
427 qemu_put_8s(f, &s->error);
428 qemu_put_8s(f, &s->clock);
429
430 qemu_put_be16s(f, &s->gpio.pull);
431 qemu_put_be16s(f, &s->gpio.mask);
432 qemu_put_be16s(f, &s->gpio.dir);
433 qemu_put_be16s(f, &s->gpio.level);
434
435 qemu_put_byte(f, s->kbd.dbnctime);
436 qemu_put_byte(f, s->kbd.size);
437 qemu_put_byte(f, s->kbd.start);
438 qemu_put_byte(f, s->kbd.len);
439 qemu_put_buffer(f, s->kbd.fifo, sizeof(s->kbd.fifo));
440
441 for (i = 0; i < sizeof(s->pwm.file); i ++)
442 qemu_put_be16s(f, &s->pwm.file[i]);
443 qemu_put_8s(f, &s->pwm.faddr);
444 qemu_put_buffer(f, s->pwm.addr, sizeof(s->pwm.addr));
445 qemu_put_timer(f, s->pwm.tm[0]);
446 qemu_put_timer(f, s->pwm.tm[1]);
447 qemu_put_timer(f, s->pwm.tm[2]);
448 }
449
450 static int lm_kbd_load(QEMUFile *f, void *opaque, int version_id)
451 {
452 LM823KbdState *s = (LM823KbdState *) opaque;
453 int i;
454
455 i2c_slave_load(f, &s->i2c);
456 s->i2c_dir = qemu_get_byte(f);
457 s->i2c_cycle = qemu_get_byte(f);
458 s->reg = (int8_t) qemu_get_byte(f);
459
460 qemu_get_8s(f, &s->config);
461 qemu_get_8s(f, &s->status);
462 qemu_get_8s(f, &s->acttime);
463 qemu_get_8s(f, &s->error);
464 qemu_get_8s(f, &s->clock);
465
466 qemu_get_be16s(f, &s->gpio.pull);
467 qemu_get_be16s(f, &s->gpio.mask);
468 qemu_get_be16s(f, &s->gpio.dir);
469 qemu_get_be16s(f, &s->gpio.level);
470
471 s->kbd.dbnctime = qemu_get_byte(f);
472 s->kbd.size = qemu_get_byte(f);
473 s->kbd.start = qemu_get_byte(f);
474 s->kbd.len = qemu_get_byte(f);
475 qemu_get_buffer(f, s->kbd.fifo, sizeof(s->kbd.fifo));
476
477 for (i = 0; i < sizeof(s->pwm.file); i ++)
478 qemu_get_be16s(f, &s->pwm.file[i]);
479 qemu_get_8s(f, &s->pwm.faddr);
480 qemu_get_buffer(f, s->pwm.addr, sizeof(s->pwm.addr));
481 qemu_get_timer(f, s->pwm.tm[0]);
482 qemu_get_timer(f, s->pwm.tm[1]);
483 qemu_get_timer(f, s->pwm.tm[2]);
484
485 lm_kbd_irq_update(s);
486 lm_kbd_gpio_update(s);
487
488 return 0;
489 }
490
491 static void lm8323_init(i2c_slave *i2c)
492 {
493 LM823KbdState *s = FROM_I2C_SLAVE(LM823KbdState, i2c);
494
495 s->model = 0x8323;
496 s->pwm.tm[0] = qemu_new_timer(vm_clock, lm_kbd_pwm0_tick, s);
497 s->pwm.tm[1] = qemu_new_timer(vm_clock, lm_kbd_pwm1_tick, s);
498 s->pwm.tm[2] = qemu_new_timer(vm_clock, lm_kbd_pwm2_tick, s);
499 qdev_init_gpio_out(&i2c->qdev, &s->nirq, 1);
500
501 lm_kbd_reset(s);
502
503 qemu_register_reset((void *) lm_kbd_reset, s);
504 register_savevm("LM8323", -1, 0, lm_kbd_save, lm_kbd_load, s);
505 }
506
507 void lm832x_key_event(struct i2c_slave *i2c, int key, int state)
508 {
509 LM823KbdState *s = (LM823KbdState *) i2c;
510
511 if ((s->status & INT_ERROR) && (s->error & ERR_FIFOOVR))
512 return;
513
514 if (s->kbd.len >= sizeof(s->kbd.fifo)) {
515 lm_kbd_error(s, ERR_FIFOOVR);
516 return;
517 }
518
519 s->kbd.fifo[(s->kbd.start + s->kbd.len ++) & (sizeof(s->kbd.fifo) - 1)] =
520 key | (state << 7);
521
522 /* We never set ERR_KEYOVR because we support multiple keys fine. */
523 s->status |= INT_KEYPAD;
524 lm_kbd_irq_update(s);
525 }
526
527 static I2CSlaveInfo lm8323_info = {
528 .qdev.name = "lm8323",
529 .qdev.size = sizeof(LM823KbdState),
530 .init = lm8323_init,
531 .event = lm_i2c_event,
532 .recv = lm_i2c_rx,
533 .send = lm_i2c_tx
534 };
535
536 static void lm832x_register_devices(void)
537 {
538 i2c_register_slave(&lm8323_info);
539 }
540
541 device_init(lm832x_register_devices)
Patches shipped by Fedora