search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix 32-bit overflow in parallels image support
[qemu-kvm/fedora.git] / hw / ppc4xx_pci.c
blob077ae709454ed1dd688343120b3139ae5d9cec9b
1 /*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License, version 2, as
4 * published by the Free Software Foundation.
5 *
6 * This program is distributed in the hope that it will be useful,
7 * but WITHOUT ANY WARRANTY; without even the implied warranty of
8 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9 * GNU General Public License for more details.
10 *
11 * You should have received a copy of the GNU General Public License
12 * along with this program; if not, see <http://www.gnu.org/licenses/>.
13 *
14 * Copyright IBM Corp. 2008
15 *
16 * Authors: Hollis Blanchard <hollisb@us.ibm.com>
17 */
18
19 /* This file implements emulation of the 32-bit PCI controller found in some
20 * 4xx SoCs, such as the 440EP. */
21
22 #include "hw.h"
23 #include "ppc.h"
24 #include "ppc4xx.h"
25
26 typedef target_phys_addr_t pci_addr_t;
27 #include "pci.h"
28 #include "pci_host.h"
29 #include "bswap.h"
30
31 #undef DEBUG
32 #ifdef DEBUG
33 #define DPRINTF(fmt, ...) do { printf(fmt, ## __VA_ARGS__); } while (0)
34 #else
35 #define DPRINTF(fmt, ...)
36 #endif /* DEBUG */
37
38 struct PCIMasterMap {
39 uint32_t la;
40 uint32_t ma;
41 uint32_t pcila;
42 uint32_t pciha;
43 };
44
45 struct PCITargetMap {
46 uint32_t ms;
47 uint32_t la;
48 };
49
50 #define PPC4xx_PCI_NR_PMMS 3
51 #define PPC4xx_PCI_NR_PTMS 2
52
53 struct PPC4xxPCIState {
54 struct PCIMasterMap pmm[PPC4xx_PCI_NR_PMMS];
55 struct PCITargetMap ptm[PPC4xx_PCI_NR_PTMS];
56
57 PCIHostState pci_state;
58 PCIDevice *pci_dev;
59 };
60 typedef struct PPC4xxPCIState PPC4xxPCIState;
61
62 #define PCIC0_CFGADDR 0x0
63 #define PCIC0_CFGDATA 0x4
64
65 /* PLB Memory Map (PMM) registers specify which PLB addresses are translated to
66 * PCI accesses. */
67 #define PCIL0_PMM0LA 0x0
68 #define PCIL0_PMM0MA 0x4
69 #define PCIL0_PMM0PCILA 0x8
70 #define PCIL0_PMM0PCIHA 0xc
71 #define PCIL0_PMM1LA 0x10
72 #define PCIL0_PMM1MA 0x14
73 #define PCIL0_PMM1PCILA 0x18
74 #define PCIL0_PMM1PCIHA 0x1c
75 #define PCIL0_PMM2LA 0x20
76 #define PCIL0_PMM2MA 0x24
77 #define PCIL0_PMM2PCILA 0x28
78 #define PCIL0_PMM2PCIHA 0x2c
79
80 /* PCI Target Map (PTM) registers specify which PCI addresses are translated to
81 * PLB accesses. */
82 #define PCIL0_PTM1MS 0x30
83 #define PCIL0_PTM1LA 0x34
84 #define PCIL0_PTM2MS 0x38
85 #define PCIL0_PTM2LA 0x3c
86 #define PCI_REG_SIZE 0x40
87
88
89 static uint32_t pci4xx_cfgaddr_readl(void *opaque, target_phys_addr_t addr)
90 {
91 PPC4xxPCIState *ppc4xx_pci = opaque;
92
93 return ppc4xx_pci->pci_state.config_reg;
94 }
95
96 static CPUReadMemoryFunc *pci4xx_cfgaddr_read[] = {
97 &pci4xx_cfgaddr_readl,
98 &pci4xx_cfgaddr_readl,
99 &pci4xx_cfgaddr_readl,
100 };
101
102 static void pci4xx_cfgaddr_writel(void *opaque, target_phys_addr_t addr,
103 uint32_t value)
104 {
105 PPC4xxPCIState *ppc4xx_pci = opaque;
106
107 #ifdef TARGET_WORDS_BIGENDIAN
108 value = bswap32(value);
109 #endif
110
111 ppc4xx_pci->pci_state.config_reg = value & ~0x3;
112 }
113
114 static CPUWriteMemoryFunc *pci4xx_cfgaddr_write[] = {
115 &pci4xx_cfgaddr_writel,
116 &pci4xx_cfgaddr_writel,
117 &pci4xx_cfgaddr_writel,
118 };
119
120 static CPUReadMemoryFunc *pci4xx_cfgdata_read[] = {
121 &pci_host_data_readb,
122 &pci_host_data_readw,
123 &pci_host_data_readl,
124 };
125
126 static CPUWriteMemoryFunc *pci4xx_cfgdata_write[] = {
127 &pci_host_data_writeb,
128 &pci_host_data_writew,
129 &pci_host_data_writel,
130 };
131
132 static void ppc4xx_pci_reg_write4(void *opaque, target_phys_addr_t offset,
133 uint32_t value)
134 {
135 struct PPC4xxPCIState *pci = opaque;
136
137 #ifdef TARGET_WORDS_BIGENDIAN
138 value = bswap32(value);
139 #endif
140
141 /* We ignore all target attempts at PCI configuration, effectively
142 * assuming a bidirectional 1:1 mapping of PLB and PCI space. */
143
144 switch (offset) {
145 case PCIL0_PMM0LA:
146 pci->pmm[0].la = value;
147 break;
148 case PCIL0_PMM0MA:
149 pci->pmm[0].ma = value;
150 break;
151 case PCIL0_PMM0PCIHA:
152 pci->pmm[0].pciha = value;
153 break;
154 case PCIL0_PMM0PCILA:
155 pci->pmm[0].pcila = value;
156 break;
157
158 case PCIL0_PMM1LA:
159 pci->pmm[1].la = value;
160 break;
161 case PCIL0_PMM1MA:
162 pci->pmm[1].ma = value;
163 break;
164 case PCIL0_PMM1PCIHA:
165 pci->pmm[1].pciha = value;
166 break;
167 case PCIL0_PMM1PCILA:
168 pci->pmm[1].pcila = value;
169 break;
170
171 case PCIL0_PMM2LA:
172 pci->pmm[2].la = value;
173 break;
174 case PCIL0_PMM2MA:
175 pci->pmm[2].ma = value;
176 break;
177 case PCIL0_PMM2PCIHA:
178 pci->pmm[2].pciha = value;
179 break;
180 case PCIL0_PMM2PCILA:
181 pci->pmm[2].pcila = value;
182 break;
183
184 case PCIL0_PTM1MS:
185 pci->ptm[0].ms = value;
186 break;
187 case PCIL0_PTM1LA:
188 pci->ptm[0].la = value;
189 break;
190 case PCIL0_PTM2MS:
191 pci->ptm[1].ms = value;
192 break;
193 case PCIL0_PTM2LA:
194 pci->ptm[1].la = value;
195 break;
196
197 default:
198 printf("%s: unhandled PCI internal register 0x%lx\n", __func__,
199 (unsigned long)offset);
200 break;
201 }
202 }
203
204 static uint32_t ppc4xx_pci_reg_read4(void *opaque, target_phys_addr_t offset)
205 {
206 struct PPC4xxPCIState *pci = opaque;
207 uint32_t value;
208
209 switch (offset) {
210 case PCIL0_PMM0LA:
211 value = pci->pmm[0].la;
212 break;
213 case PCIL0_PMM0MA:
214 value = pci->pmm[0].ma;
215 break;
216 case PCIL0_PMM0PCIHA:
217 value = pci->pmm[0].pciha;
218 break;
219 case PCIL0_PMM0PCILA:
220 value = pci->pmm[0].pcila;
221 break;
222
223 case PCIL0_PMM1LA:
224 value = pci->pmm[1].la;
225 break;
226 case PCIL0_PMM1MA:
227 value = pci->pmm[1].ma;
228 break;
229 case PCIL0_PMM1PCIHA:
230 value = pci->pmm[1].pciha;
231 break;
232 case PCIL0_PMM1PCILA:
233 value = pci->pmm[1].pcila;
234 break;
235
236 case PCIL0_PMM2LA:
237 value = pci->pmm[2].la;
238 break;
239 case PCIL0_PMM2MA:
240 value = pci->pmm[2].ma;
241 break;
242 case PCIL0_PMM2PCIHA:
243 value = pci->pmm[2].pciha;
244 break;
245 case PCIL0_PMM2PCILA:
246 value = pci->pmm[2].pcila;
247 break;
248
249 case PCIL0_PTM1MS:
250 value = pci->ptm[0].ms;
251 break;
252 case PCIL0_PTM1LA:
253 value = pci->ptm[0].la;
254 break;
255 case PCIL0_PTM2MS:
256 value = pci->ptm[1].ms;
257 break;
258 case PCIL0_PTM2LA:
259 value = pci->ptm[1].la;
260 break;
261
262 default:
263 printf("%s: invalid PCI internal register 0x%lx\n", __func__,
264 (unsigned long)offset);
265 value = 0;
266 }
267
268 #ifdef TARGET_WORDS_BIGENDIAN
269 value = bswap32(value);
270 #endif
271
272 return value;
273 }
274
275 static CPUReadMemoryFunc *pci_reg_read[] = {
276 &ppc4xx_pci_reg_read4,
277 &ppc4xx_pci_reg_read4,
278 &ppc4xx_pci_reg_read4,
279 };
280
281 static CPUWriteMemoryFunc *pci_reg_write[] = {
282 &ppc4xx_pci_reg_write4,
283 &ppc4xx_pci_reg_write4,
284 &ppc4xx_pci_reg_write4,
285 };
286
287 static void ppc4xx_pci_reset(void *opaque)
288 {
289 struct PPC4xxPCIState *pci = opaque;
290
291 memset(pci->pmm, 0, sizeof(pci->pmm));
292 memset(pci->ptm, 0, sizeof(pci->ptm));
293 }
294
295 /* On Bamboo, all pins from each slot are tied to a single board IRQ. This
296 * may need further refactoring for other boards. */
297 static int ppc4xx_pci_map_irq(PCIDevice *pci_dev, int irq_num)
298 {
299 int slot = pci_dev->devfn >> 3;
300
301 DPRINTF("%s: devfn %x irq %d -> %d\n", __func__,
302 pci_dev->devfn, irq_num, slot);
303
304 return slot - 1;
305 }
306
307 static void ppc4xx_pci_set_irq(qemu_irq *pci_irqs, int irq_num, int level)
308 {
309 DPRINTF("%s: PCI irq %d\n", __func__, irq_num);
310 qemu_set_irq(pci_irqs[irq_num], level);
311 }
312
313 static void ppc4xx_pci_save(QEMUFile *f, void *opaque)
314 {
315 PPC4xxPCIState *controller = opaque;
316 int i;
317
318 pci_device_save(controller->pci_dev, f);
319
320 for (i = 0; i < PPC4xx_PCI_NR_PMMS; i++) {
321 qemu_put_be32s(f, &controller->pmm[i].la);
322 qemu_put_be32s(f, &controller->pmm[i].ma);
323 qemu_put_be32s(f, &controller->pmm[i].pcila);
324 qemu_put_be32s(f, &controller->pmm[i].pciha);
325 }
326
327 for (i = 0; i < PPC4xx_PCI_NR_PTMS; i++) {
328 qemu_put_be32s(f, &controller->ptm[i].ms);
329 qemu_put_be32s(f, &controller->ptm[i].la);
330 }
331 }
332
333 static int ppc4xx_pci_load(QEMUFile *f, void *opaque, int version_id)
334 {
335 PPC4xxPCIState *controller = opaque;
336 int i;
337
338 if (version_id != 1)
339 return -EINVAL;
340
341 pci_device_load(controller->pci_dev, f);
342
343 for (i = 0; i < PPC4xx_PCI_NR_PMMS; i++) {
344 qemu_get_be32s(f, &controller->pmm[i].la);
345 qemu_get_be32s(f, &controller->pmm[i].ma);
346 qemu_get_be32s(f, &controller->pmm[i].pcila);
347 qemu_get_be32s(f, &controller->pmm[i].pciha);
348 }
349
350 for (i = 0; i < PPC4xx_PCI_NR_PTMS; i++) {
351 qemu_get_be32s(f, &controller->ptm[i].ms);
352 qemu_get_be32s(f, &controller->ptm[i].la);
353 }
354
355 return 0;
356 }
357
358 /* XXX Interrupt acknowledge cycles not supported. */
359 PCIBus *ppc4xx_pci_init(CPUState *env, qemu_irq pci_irqs[4],
360 target_phys_addr_t config_space,
361 target_phys_addr_t int_ack,
362 target_phys_addr_t special_cycle,
363 target_phys_addr_t registers)
364 {
365 PPC4xxPCIState *controller;
366 int index;
367 static int ppc4xx_pci_id;
368 uint8_t *pci_conf;
369
370 controller = qemu_mallocz(sizeof(PPC4xxPCIState));
371
372 controller->pci_state.bus = pci_register_bus(NULL, "pci",
373 ppc4xx_pci_set_irq,
374 ppc4xx_pci_map_irq,
375 pci_irqs, 0, 4);
376
377 controller->pci_dev = pci_register_device(controller->pci_state.bus,
378 "host bridge", sizeof(PCIDevice),
379 0, NULL, NULL);
380 pci_conf = controller->pci_dev->config;
381 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_IBM);
382 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_IBM_440GX);
383 pci_config_set_class(pci_conf, PCI_CLASS_BRIDGE_OTHER);
384
385 /* CFGADDR */
386 index = cpu_register_io_memory(pci4xx_cfgaddr_read,
387 pci4xx_cfgaddr_write, controller);
388 if (index < 0)
389 goto free;
390 cpu_register_physical_memory(config_space + PCIC0_CFGADDR, 4, index);
391
392 /* CFGDATA */
393 index = cpu_register_io_memory(pci4xx_cfgdata_read,
394 pci4xx_cfgdata_write,
395 &controller->pci_state);
396 if (index < 0)
397 goto free;
398 cpu_register_physical_memory(config_space + PCIC0_CFGDATA, 4, index);
399
400 /* Internal registers */
401 index = cpu_register_io_memory(pci_reg_read, pci_reg_write, controller);
402 if (index < 0)
403 goto free;
404 cpu_register_physical_memory(registers, PCI_REG_SIZE, index);
405
406 qemu_register_reset(ppc4xx_pci_reset, controller);
407
408 /* XXX load/save code not tested. */
409 register_savevm("ppc4xx_pci", ppc4xx_pci_id++, 1,
410 ppc4xx_pci_save, ppc4xx_pci_load, controller);
411
412 return controller->pci_state.bus;
413
414 free:
415 printf("%s error\n", __func__);
416 qemu_free(controller);
417 return NULL;
418 }
Patches shipped by Fedora