search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix 32-bit overflow in parallels image support
[qemu-kvm/fedora.git] / hw / pl061.c
bloba003b97abbd75a4e6f5074c516281ca7e32a1510
1 /*
2 * Arm PrimeCell PL061 General Purpose IO with additional
3 * Luminary Micro Stellaris bits.
4 *
5 * Copyright (c) 2007 CodeSourcery.
6 * Written by Paul Brook
7 *
8 * This code is licenced under the GPL.
9 */
10
11 #include "sysbus.h"
12
13 //#define DEBUG_PL061 1
14
15 #ifdef DEBUG_PL061
16 #define DPRINTF(fmt, ...) \
17 do { printf("pl061: " fmt , ## __VA_ARGS__); } while (0)
18 #define BADF(fmt, ...) \
19 do { fprintf(stderr, "pl061: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
20 #else
21 #define DPRINTF(fmt, ...) do {} while(0)
22 #define BADF(fmt, ...) \
23 do { fprintf(stderr, "pl061: error: " fmt , ## __VA_ARGS__);} while (0)
24 #endif
25
26 static const uint8_t pl061_id[12] =
27 { 0x00, 0x00, 0x00, 0x00, 0x61, 0x00, 0x18, 0x01, 0x0d, 0xf0, 0x05, 0xb1 };
28
29 typedef struct {
30 SysBusDevice busdev;
31 int locked;
32 uint8_t data;
33 uint8_t old_data;
34 uint8_t dir;
35 uint8_t isense;
36 uint8_t ibe;
37 uint8_t iev;
38 uint8_t im;
39 uint8_t istate;
40 uint8_t afsel;
41 uint8_t dr2r;
42 uint8_t dr4r;
43 uint8_t dr8r;
44 uint8_t odr;
45 uint8_t pur;
46 uint8_t pdr;
47 uint8_t slr;
48 uint8_t den;
49 uint8_t cr;
50 uint8_t float_high;
51 qemu_irq irq;
52 qemu_irq out[8];
53 } pl061_state;
54
55 static void pl061_update(pl061_state *s)
56 {
57 uint8_t changed;
58 uint8_t mask;
59 uint8_t out;
60 int i;
61
62 /* Outputs float high. */
63 /* FIXME: This is board dependent. */
64 out = (s->data & s->dir) | ~s->dir;
65 changed = s->old_data ^ out;
66 if (!changed)
67 return;
68
69 s->old_data = out;
70 for (i = 0; i < 8; i++) {
71 mask = 1 << i;
72 if ((changed & mask) && s->out) {
73 DPRINTF("Set output %d = %d\n", i, (out & mask) != 0);
74 qemu_set_irq(s->out[i], (out & mask) != 0);
75 }
76 }
77
78 /* FIXME: Implement input interrupts. */
79 }
80
81 static uint32_t pl061_read(void *opaque, target_phys_addr_t offset)
82 {
83 pl061_state *s = (pl061_state *)opaque;
84
85 if (offset >= 0xfd0 && offset < 0x1000) {
86 return pl061_id[(offset - 0xfd0) >> 2];
87 }
88 if (offset < 0x400) {
89 return s->data & (offset >> 2);
90 }
91 switch (offset) {
92 case 0x400: /* Direction */
93 return s->dir;
94 case 0x404: /* Interrupt sense */
95 return s->isense;
96 case 0x408: /* Interrupt both edges */
97 return s->ibe;
98 case 0x40c: /* Interupt event */
99 return s->iev;
100 case 0x410: /* Interrupt mask */
101 return s->im;
102 case 0x414: /* Raw interrupt status */
103 return s->istate;
104 case 0x418: /* Masked interrupt status */
105 return s->istate | s->im;
106 case 0x420: /* Alternate function select */
107 return s->afsel;
108 case 0x500: /* 2mA drive */
109 return s->dr2r;
110 case 0x504: /* 4mA drive */
111 return s->dr4r;
112 case 0x508: /* 8mA drive */
113 return s->dr8r;
114 case 0x50c: /* Open drain */
115 return s->odr;
116 case 0x510: /* Pull-up */
117 return s->pur;
118 case 0x514: /* Pull-down */
119 return s->pdr;
120 case 0x518: /* Slew rate control */
121 return s->slr;
122 case 0x51c: /* Digital enable */
123 return s->den;
124 case 0x520: /* Lock */
125 return s->locked;
126 case 0x524: /* Commit */
127 return s->cr;
128 default:
129 hw_error("pl061_read: Bad offset %x\n", (int)offset);
130 return 0;
131 }
132 }
133
134 static void pl061_write(void *opaque, target_phys_addr_t offset,
135 uint32_t value)
136 {
137 pl061_state *s = (pl061_state *)opaque;
138 uint8_t mask;
139
140 if (offset < 0x400) {
141 mask = (offset >> 2) & s->dir;
142 s->data = (s->data & ~mask) | (value & mask);
143 pl061_update(s);
144 return;
145 }
146 switch (offset) {
147 case 0x400: /* Direction */
148 s->dir = value;
149 break;
150 case 0x404: /* Interrupt sense */
151 s->isense = value;
152 break;
153 case 0x408: /* Interrupt both edges */
154 s->ibe = value;
155 break;
156 case 0x40c: /* Interupt event */
157 s->iev = value;
158 break;
159 case 0x410: /* Interrupt mask */
160 s->im = value;
161 break;
162 case 0x41c: /* Interrupt clear */
163 s->istate &= ~value;
164 break;
165 case 0x420: /* Alternate function select */
166 mask = s->cr;
167 s->afsel = (s->afsel & ~mask) | (value & mask);
168 break;
169 case 0x500: /* 2mA drive */
170 s->dr2r = value;
171 break;
172 case 0x504: /* 4mA drive */
173 s->dr4r = value;
174 break;
175 case 0x508: /* 8mA drive */
176 s->dr8r = value;
177 break;
178 case 0x50c: /* Open drain */
179 s->odr = value;
180 break;
181 case 0x510: /* Pull-up */
182 s->pur = value;
183 break;
184 case 0x514: /* Pull-down */
185 s->pdr = value;
186 break;
187 case 0x518: /* Slew rate control */
188 s->slr = value;
189 break;
190 case 0x51c: /* Digital enable */
191 s->den = value;
192 break;
193 case 0x520: /* Lock */
194 s->locked = (value != 0xacce551);
195 break;
196 case 0x524: /* Commit */
197 if (!s->locked)
198 s->cr = value;
199 break;
200 default:
201 hw_error("pl061_write: Bad offset %x\n", (int)offset);
202 }
203 pl061_update(s);
204 }
205
206 static void pl061_reset(pl061_state *s)
207 {
208 s->locked = 1;
209 s->cr = 0xff;
210 }
211
212 static void pl061_set_irq(void * opaque, int irq, int level)
213 {
214 pl061_state *s = (pl061_state *)opaque;
215 uint8_t mask;
216
217 mask = 1 << irq;
218 if ((s->dir & mask) == 0) {
219 s->data &= ~mask;
220 if (level)
221 s->data |= mask;
222 pl061_update(s);
223 }
224 }
225
226 static CPUReadMemoryFunc *pl061_readfn[] = {
227 pl061_read,
228 pl061_read,
229 pl061_read
230 };
231
232 static CPUWriteMemoryFunc *pl061_writefn[] = {
233 pl061_write,
234 pl061_write,
235 pl061_write
236 };
237
238 static void pl061_save(QEMUFile *f, void *opaque)
239 {
240 pl061_state *s = (pl061_state *)opaque;
241
242 qemu_put_be32(f, s->locked);
243 qemu_put_be32(f, s->data);
244 qemu_put_be32(f, s->old_data);
245 qemu_put_be32(f, s->dir);
246 qemu_put_be32(f, s->isense);
247 qemu_put_be32(f, s->ibe);
248 qemu_put_be32(f, s->iev);
249 qemu_put_be32(f, s->im);
250 qemu_put_be32(f, s->istate);
251 qemu_put_be32(f, s->afsel);
252 qemu_put_be32(f, s->dr2r);
253 qemu_put_be32(f, s->dr4r);
254 qemu_put_be32(f, s->dr8r);
255 qemu_put_be32(f, s->odr);
256 qemu_put_be32(f, s->pur);
257 qemu_put_be32(f, s->pdr);
258 qemu_put_be32(f, s->slr);
259 qemu_put_be32(f, s->den);
260 qemu_put_be32(f, s->cr);
261 qemu_put_be32(f, s->float_high);
262 }
263
264 static int pl061_load(QEMUFile *f, void *opaque, int version_id)
265 {
266 pl061_state *s = (pl061_state *)opaque;
267 if (version_id != 1)
268 return -EINVAL;
269
270 s->locked = qemu_get_be32(f);
271 s->data = qemu_get_be32(f);
272 s->old_data = qemu_get_be32(f);
273 s->dir = qemu_get_be32(f);
274 s->isense = qemu_get_be32(f);
275 s->ibe = qemu_get_be32(f);
276 s->iev = qemu_get_be32(f);
277 s->im = qemu_get_be32(f);
278 s->istate = qemu_get_be32(f);
279 s->afsel = qemu_get_be32(f);
280 s->dr2r = qemu_get_be32(f);
281 s->dr4r = qemu_get_be32(f);
282 s->dr8r = qemu_get_be32(f);
283 s->odr = qemu_get_be32(f);
284 s->pur = qemu_get_be32(f);
285 s->pdr = qemu_get_be32(f);
286 s->slr = qemu_get_be32(f);
287 s->den = qemu_get_be32(f);
288 s->cr = qemu_get_be32(f);
289 s->float_high = qemu_get_be32(f);
290
291 return 0;
292 }
293
294 static void pl061_init(SysBusDevice *dev)
295 {
296 int iomemtype;
297 pl061_state *s = FROM_SYSBUS(pl061_state, dev);
298
299 iomemtype = cpu_register_io_memory(pl061_readfn,
300 pl061_writefn, s);
301 sysbus_init_mmio(dev, 0x1000, iomemtype);
302 sysbus_init_irq(dev, &s->irq);
303 qdev_init_gpio_in(&dev->qdev, pl061_set_irq, 8);
304 qdev_init_gpio_out(&dev->qdev, s->out, 8);
305 pl061_reset(s);
306 register_savevm("pl061_gpio", -1, 1, pl061_save, pl061_load, s);
307 }
308
309 static void pl061_register_devices(void)
310 {
311 sysbus_register_dev("pl061", sizeof(pl061_state),
312 pl061_init);
313 }
314
315 device_init(pl061_register_devices)
Patches shipped by Fedora