search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix 32-bit overflow in parallels image support
[qemu-kvm/fedora.git] / hw / piix_pci.c
blob2a5fb01e809cd02f74145197723c8e74df1457eb
1 /*
2 * QEMU i440FX/PIIX3 PCI Bridge Emulation
3 *
4 * Copyright (c) 2006 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 #include "hw.h"
26 #include "pc.h"
27 #include "pci.h"
28
29 #include "qemu-kvm.h"
30
31 typedef uint32_t pci_addr_t;
32 #include "pci_host.h"
33
34 typedef PCIHostState I440FXState;
35
36 static void i440fx_addr_writel(void* opaque, uint32_t addr, uint32_t val)
37 {
38 I440FXState *s = opaque;
39 s->config_reg = val;
40 }
41
42 static uint32_t i440fx_addr_readl(void* opaque, uint32_t addr)
43 {
44 I440FXState *s = opaque;
45 return s->config_reg;
46 }
47
48 static void piix3_set_irq(qemu_irq *pic, int irq_num, int level);
49
50 /* return the global irq number corresponding to a given device irq
51 pin. We could also use the bus number to have a more precise
52 mapping. */
53 static int pci_slot_get_pirq(PCIDevice *pci_dev, int irq_num)
54 {
55 int slot_addend;
56 slot_addend = (pci_dev->devfn >> 3) - 1;
57 return (irq_num + slot_addend) & 3;
58 }
59
60 static target_phys_addr_t isa_page_descs[384 / 4];
61 static uint8_t smm_enabled;
62 static int pci_irq_levels[4];
63
64 static void update_pam(PCIDevice *d, uint32_t start, uint32_t end, int r)
65 {
66 uint32_t addr;
67
68 // printf("ISA mapping %08x-0x%08x: %d\n", start, end, r);
69 switch(r) {
70 case 3:
71 /* RAM */
72 cpu_register_physical_memory(start, end - start,
73 start);
74 break;
75 case 1:
76 /* ROM (XXX: not quite correct) */
77 cpu_register_physical_memory(start, end - start,
78 start | IO_MEM_ROM);
79 break;
80 case 2:
81 case 0:
82 /* XXX: should distinguish read/write cases */
83 for(addr = start; addr < end; addr += 4096) {
84 cpu_register_physical_memory(addr, 4096,
85 isa_page_descs[(addr - 0xa0000) >> 12]);
86 }
87 break;
88 }
89 }
90
91 static void i440fx_update_memory_mappings(PCIDevice *d)
92 {
93 int i, r;
94 uint32_t smram, addr;
95
96 if (kvm_enabled()) {
97 /* FIXME: Support remappings and protection changes. */
98 return;
99 }
100 update_pam(d, 0xf0000, 0x100000, (d->config[0x59] >> 4) & 3);
101 for(i = 0; i < 12; i++) {
102 r = (d->config[(i >> 1) + 0x5a] >> ((i & 1) * 4)) & 3;
103 update_pam(d, 0xc0000 + 0x4000 * i, 0xc0000 + 0x4000 * (i + 1), r);
104 }
105 smram = d->config[0x72];
106 if ((smm_enabled && (smram & 0x08)) || (smram & 0x40)) {
107 cpu_register_physical_memory(0xa0000, 0x20000, 0xa0000);
108 } else {
109 for(addr = 0xa0000; addr < 0xc0000; addr += 4096) {
110 cpu_register_physical_memory(addr, 4096,
111 isa_page_descs[(addr - 0xa0000) >> 12]);
112 }
113 }
114 }
115
116 void i440fx_set_smm(PCIDevice *d, int val)
117 {
118 val = (val != 0);
119 if (smm_enabled != val) {
120 smm_enabled = val;
121 i440fx_update_memory_mappings(d);
122 }
123 }
124
125
126 /* XXX: suppress when better memory API. We make the assumption that
127 no device (in particular the VGA) changes the memory mappings in
128 the 0xa0000-0x100000 range */
129 void i440fx_init_memory_mappings(PCIDevice *d)
130 {
131 int i;
132 for(i = 0; i < 96; i++) {
133 isa_page_descs[i] = cpu_get_physical_page_desc(0xa0000 + i * 0x1000);
134 }
135 }
136
137 static void i440fx_write_config(PCIDevice *d,
138 uint32_t address, uint32_t val, int len)
139 {
140 /* XXX: implement SMRAM.D_LOCK */
141 pci_default_write_config(d, address, val, len);
142 if ((address >= 0x59 && address <= 0x5f) || address == 0x72)
143 i440fx_update_memory_mappings(d);
144 }
145
146 static void i440fx_save(QEMUFile* f, void *opaque)
147 {
148 PCIDevice *d = opaque;
149 int i;
150
151 pci_device_save(d, f);
152 qemu_put_8s(f, &smm_enabled);
153
154 for (i = 0; i < 4; i++)
155 qemu_put_be32(f, pci_irq_levels[i]);
156 }
157
158 static int i440fx_load(QEMUFile* f, void *opaque, int version_id)
159 {
160 PCIDevice *d = opaque;
161 int ret, i;
162
163 if (version_id > 2)
164 return -EINVAL;
165 ret = pci_device_load(d, f);
166 if (ret < 0)
167 return ret;
168 i440fx_update_memory_mappings(d);
169 qemu_get_8s(f, &smm_enabled);
170
171 if (version_id >= 2)
172 for (i = 0; i < 4; i++)
173 pci_irq_levels[i] = qemu_get_be32(f);
174
175 return 0;
176 }
177
178 PCIBus *i440fx_init(PCIDevice **pi440fx_state, qemu_irq *pic)
179 {
180 PCIBus *b;
181 PCIDevice *d;
182 I440FXState *s;
183
184 s = qemu_mallocz(sizeof(I440FXState));
185 b = pci_register_bus(NULL, "pci",
186 piix3_set_irq, pci_slot_get_pirq, pic, 0, 4);
187 s->bus = b;
188
189 register_ioport_write(0xcf8, 4, 4, i440fx_addr_writel, s);
190 register_ioport_read(0xcf8, 4, 4, i440fx_addr_readl, s);
191
192 register_ioport_write(0xcfc, 4, 1, pci_host_data_writeb, s);
193 register_ioport_write(0xcfc, 4, 2, pci_host_data_writew, s);
194 register_ioport_write(0xcfc, 4, 4, pci_host_data_writel, s);
195 register_ioport_read(0xcfc, 4, 1, pci_host_data_readb, s);
196 register_ioport_read(0xcfc, 4, 2, pci_host_data_readw, s);
197 register_ioport_read(0xcfc, 4, 4, pci_host_data_readl, s);
198
199 d = pci_register_device(b, "i440FX", sizeof(PCIDevice), 0,
200 NULL, i440fx_write_config);
201
202 pci_config_set_vendor_id(d->config, PCI_VENDOR_ID_INTEL);
203 pci_config_set_device_id(d->config, PCI_DEVICE_ID_INTEL_82441);
204 d->config[0x08] = 0x02; // revision
205 pci_config_set_class(d->config, PCI_CLASS_BRIDGE_HOST);
206 d->config[PCI_HEADER_TYPE] = PCI_HEADER_TYPE_NORMAL; // header_type
207
208 d->config[0x72] = 0x02; /* SMRAM */
209
210 register_savevm("I440FX", 0, 2, i440fx_save, i440fx_load, d);
211 *pi440fx_state = d;
212 return b;
213 }
214
215 /* PIIX3 PCI to ISA bridge */
216
217 static PCIDevice *piix3_dev;
218 PCIDevice *piix4_dev;
219
220 static void piix3_set_irq(qemu_irq *pic, int irq_num, int level)
221 {
222 int i, pic_irq, pic_level;
223
224 pci_irq_levels[irq_num] = level;
225
226 /* now we change the pic irq level according to the piix irq mappings */
227 /* XXX: optimize */
228 pic_irq = piix3_dev->config[0x60 + irq_num];
229 if (pic_irq < 16) {
230 /* The pic level is the logical OR of all the PCI irqs mapped
231 to it */
232 pic_level = 0;
233 for (i = 0; i < 4; i++) {
234 if (pic_irq == piix3_dev->config[0x60 + i])
235 pic_level |= pci_irq_levels[i];
236 }
237 qemu_set_irq(pic[pic_irq], pic_level);
238 }
239 }
240
241 int piix_get_irq(int pin)
242 {
243 if (piix3_dev)
244 return piix3_dev->config[0x60+pin];
245 if (piix4_dev)
246 return piix4_dev->config[0x60+pin];
247
248 return 0;
249 }
250
251 static void piix3_reset(void *opaque)
252 {
253 PCIDevice *d = opaque;
254 uint8_t *pci_conf = d->config;
255
256 pci_conf[0x04] = 0x07; // master, memory and I/O
257 pci_conf[0x05] = 0x00;
258 pci_conf[0x06] = 0x00;
259 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
260 pci_conf[0x4c] = 0x4d;
261 pci_conf[0x4e] = 0x03;
262 pci_conf[0x4f] = 0x00;
263 pci_conf[0x60] = 0x80;
264 pci_conf[0x61] = 0x80;
265 pci_conf[0x62] = 0x80;
266 pci_conf[0x63] = 0x80;
267 pci_conf[0x69] = 0x02;
268 pci_conf[0x70] = 0x80;
269 pci_conf[0x76] = 0x0c;
270 pci_conf[0x77] = 0x0c;
271 pci_conf[0x78] = 0x02;
272 pci_conf[0x79] = 0x00;
273 pci_conf[0x80] = 0x00;
274 pci_conf[0x82] = 0x00;
275 pci_conf[0xa0] = 0x08;
276 pci_conf[0xa2] = 0x00;
277 pci_conf[0xa3] = 0x00;
278 pci_conf[0xa4] = 0x00;
279 pci_conf[0xa5] = 0x00;
280 pci_conf[0xa6] = 0x00;
281 pci_conf[0xa7] = 0x00;
282 pci_conf[0xa8] = 0x0f;
283 pci_conf[0xaa] = 0x00;
284 pci_conf[0xab] = 0x00;
285 pci_conf[0xac] = 0x00;
286 pci_conf[0xae] = 0x00;
287
288 memset(pci_irq_levels, 0, sizeof(pci_irq_levels));
289 }
290
291 static void piix4_reset(void *opaque)
292 {
293 PCIDevice *d = opaque;
294 uint8_t *pci_conf = d->config;
295
296 pci_conf[0x04] = 0x07; // master, memory and I/O
297 pci_conf[0x05] = 0x00;
298 pci_conf[0x06] = 0x00;
299 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
300 pci_conf[0x4c] = 0x4d;
301 pci_conf[0x4e] = 0x03;
302 pci_conf[0x4f] = 0x00;
303 pci_conf[0x60] = 0x0a; // PCI A -> IRQ 10
304 pci_conf[0x61] = 0x0a; // PCI B -> IRQ 10
305 pci_conf[0x62] = 0x0b; // PCI C -> IRQ 11
306 pci_conf[0x63] = 0x0b; // PCI D -> IRQ 11
307 pci_conf[0x69] = 0x02;
308 pci_conf[0x70] = 0x80;
309 pci_conf[0x76] = 0x0c;
310 pci_conf[0x77] = 0x0c;
311 pci_conf[0x78] = 0x02;
312 pci_conf[0x79] = 0x00;
313 pci_conf[0x80] = 0x00;
314 pci_conf[0x82] = 0x00;
315 pci_conf[0xa0] = 0x08;
316 pci_conf[0xa2] = 0x00;
317 pci_conf[0xa3] = 0x00;
318 pci_conf[0xa4] = 0x00;
319 pci_conf[0xa5] = 0x00;
320 pci_conf[0xa6] = 0x00;
321 pci_conf[0xa7] = 0x00;
322 pci_conf[0xa8] = 0x0f;
323 pci_conf[0xaa] = 0x00;
324 pci_conf[0xab] = 0x00;
325 pci_conf[0xac] = 0x00;
326 pci_conf[0xae] = 0x00;
327
328 memset(pci_irq_levels, 0, sizeof(pci_irq_levels));
329 }
330
331 static void piix_save(QEMUFile* f, void *opaque)
332 {
333 PCIDevice *d = opaque;
334 pci_device_save(d, f);
335 }
336
337 static int piix_load(QEMUFile* f, void *opaque, int version_id)
338 {
339 PCIDevice *d = opaque;
340 if (version_id != 2)
341 return -EINVAL;
342 return pci_device_load(d, f);
343 }
344
345 int piix3_init(PCIBus *bus, int devfn)
346 {
347 PCIDevice *d;
348 uint8_t *pci_conf;
349
350 d = pci_register_device(bus, "PIIX3", sizeof(PCIDevice),
351 devfn, NULL, NULL);
352 register_savevm("PIIX3", 0, 2, piix_save, piix_load, d);
353
354 piix3_dev = d;
355 pci_conf = d->config;
356
357 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
358 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_0); // 82371SB PIIX3 PCI-to-ISA bridge (Step A1)
359 pci_config_set_class(pci_conf, PCI_CLASS_BRIDGE_ISA);
360 pci_conf[PCI_HEADER_TYPE] =
361 PCI_HEADER_TYPE_NORMAL | PCI_HEADER_TYPE_MULTI_FUNCTION; // header_type = PCI_multifunction, generic
362
363 piix3_reset(d);
364 qemu_register_reset(piix3_reset, d);
365 return d->devfn;
366 }
367
368 int piix4_init(PCIBus *bus, int devfn)
369 {
370 PCIDevice *d;
371 uint8_t *pci_conf;
372
373 d = pci_register_device(bus, "PIIX4", sizeof(PCIDevice),
374 devfn, NULL, NULL);
375 register_savevm("PIIX4", 0, 2, piix_save, piix_load, d);
376
377 piix4_dev = d;
378 pci_conf = d->config;
379
380 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
381 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB_0); // 82371AB/EB/MB PIIX4 PCI-to-ISA bridge
382 pci_config_set_class(pci_conf, PCI_CLASS_BRIDGE_ISA);
383 pci_conf[PCI_HEADER_TYPE] =
384 PCI_HEADER_TYPE_NORMAL | PCI_HEADER_TYPE_MULTI_FUNCTION; // header_type = PCI_multifunction, generic
385
386
387 piix4_reset(d);
388 qemu_register_reset(piix4_reset, d);
389 return d->devfn;
390 }
Patches shipped by Fedora