search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix 32-bit overflow in parallels image support
[qemu-kvm/fedora.git] / hw / stellaris_enet.c
blob43fa30543a10c115c72e8be3b4434331a5384f14
1 /*
2 * Luminary Micro Stellaris Ethernet Controller
3 *
4 * Copyright (c) 2007 CodeSourcery.
5 * Written by Paul Brook
6 *
7 * This code is licenced under the GPL.
8 */
9 #include "sysbus.h"
10 #include "net.h"
11 #include <zlib.h>
12
13 //#define DEBUG_STELLARIS_ENET 1
14
15 #ifdef DEBUG_STELLARIS_ENET
16 #define DPRINTF(fmt, ...) \
17 do { printf("stellaris_enet: " fmt , ## __VA_ARGS__); } while (0)
18 #define BADF(fmt, ...) \
19 do { fprintf(stderr, "stellaris_enet: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
20 #else
21 #define DPRINTF(fmt, ...) do {} while(0)
22 #define BADF(fmt, ...) \
23 do { fprintf(stderr, "stellaris_enet: error: " fmt , ## __VA_ARGS__);} while (0)
24 #endif
25
26 #define SE_INT_RX 0x01
27 #define SE_INT_TXER 0x02
28 #define SE_INT_TXEMP 0x04
29 #define SE_INT_FOV 0x08
30 #define SE_INT_RXER 0x10
31 #define SE_INT_MD 0x20
32 #define SE_INT_PHY 0x40
33
34 #define SE_RCTL_RXEN 0x01
35 #define SE_RCTL_AMUL 0x02
36 #define SE_RCTL_PRMS 0x04
37 #define SE_RCTL_BADCRC 0x08
38 #define SE_RCTL_RSTFIFO 0x10
39
40 #define SE_TCTL_TXEN 0x01
41 #define SE_TCTL_PADEN 0x02
42 #define SE_TCTL_CRC 0x04
43 #define SE_TCTL_DUPLEX 0x08
44
45 typedef struct {
46 SysBusDevice busdev;
47 uint32_t ris;
48 uint32_t im;
49 uint32_t rctl;
50 uint32_t tctl;
51 uint32_t thr;
52 uint32_t mctl;
53 uint32_t mdv;
54 uint32_t mtxd;
55 uint32_t mrxd;
56 uint32_t np;
57 int tx_frame_len;
58 int tx_fifo_len;
59 uint8_t tx_fifo[2048];
60 /* Real hardware has a 2k fifo, which works out to be at most 31 packets.
61 We implement a full 31 packet fifo. */
62 struct {
63 uint8_t data[2048];
64 int len;
65 } rx[31];
66 uint8_t *rx_fifo;
67 int rx_fifo_len;
68 int next_packet;
69 VLANClientState *vc;
70 qemu_irq irq;
71 uint8_t macaddr[6];
72 int mmio_index;
73 } stellaris_enet_state;
74
75 static void stellaris_enet_update(stellaris_enet_state *s)
76 {
77 qemu_set_irq(s->irq, (s->ris & s->im) != 0);
78 }
79
80 /* TODO: Implement MAC address filtering. */
81 static ssize_t stellaris_enet_receive(VLANClientState *vc, const uint8_t *buf, size_t size)
82 {
83 stellaris_enet_state *s = vc->opaque;
84 int n;
85 uint8_t *p;
86 uint32_t crc;
87
88 if ((s->rctl & SE_RCTL_RXEN) == 0)
89 return -1;
90 if (s->np >= 31) {
91 DPRINTF("Packet dropped\n");
92 return -1;
93 }
94
95 DPRINTF("Received packet len=%d\n", size);
96 n = s->next_packet + s->np;
97 if (n >= 31)
98 n -= 31;
99 s->np++;
100
101 s->rx[n].len = size + 6;
102 p = s->rx[n].data;
103 *(p++) = (size + 6);
104 *(p++) = (size + 6) >> 8;
105 memcpy (p, buf, size);
106 p += size;
107 crc = crc32(~0, buf, size);
108 *(p++) = crc;
109 *(p++) = crc >> 8;
110 *(p++) = crc >> 16;
111 *(p++) = crc >> 24;
112 /* Clear the remaining bytes in the last word. */
113 if ((size & 3) != 2) {
114 memset(p, 0, (6 - size) & 3);
115 }
116
117 s->ris |= SE_INT_RX;
118 stellaris_enet_update(s);
119
120 return size;
121 }
122
123 static int stellaris_enet_can_receive(VLANClientState *vc)
124 {
125 stellaris_enet_state *s = vc->opaque;
126
127 if ((s->rctl & SE_RCTL_RXEN) == 0)
128 return 1;
129
130 return (s->np < 31);
131 }
132
133 static uint32_t stellaris_enet_read(void *opaque, target_phys_addr_t offset)
134 {
135 stellaris_enet_state *s = (stellaris_enet_state *)opaque;
136 uint32_t val;
137
138 switch (offset) {
139 case 0x00: /* RIS */
140 DPRINTF("IRQ status %02x\n", s->ris);
141 return s->ris;
142 case 0x04: /* IM */
143 return s->im;
144 case 0x08: /* RCTL */
145 return s->rctl;
146 case 0x0c: /* TCTL */
147 return s->tctl;
148 case 0x10: /* DATA */
149 if (s->rx_fifo_len == 0) {
150 if (s->np == 0) {
151 BADF("RX underflow\n");
152 return 0;
153 }
154 s->rx_fifo_len = s->rx[s->next_packet].len;
155 s->rx_fifo = s->rx[s->next_packet].data;
156 DPRINTF("RX FIFO start packet len=%d\n", s->rx_fifo_len);
157 }
158 val = s->rx_fifo[0] | (s->rx_fifo[1] << 8) | (s->rx_fifo[2] << 16)
159 | (s->rx_fifo[3] << 24);
160 s->rx_fifo += 4;
161 s->rx_fifo_len -= 4;
162 if (s->rx_fifo_len <= 0) {
163 s->rx_fifo_len = 0;
164 s->next_packet++;
165 if (s->next_packet >= 31)
166 s->next_packet = 0;
167 s->np--;
168 DPRINTF("RX done np=%d\n", s->np);
169 }
170 return val;
171 case 0x14: /* IA0 */
172 return s->macaddr[0] | (s->macaddr[1] << 8)
173 | (s->macaddr[2] << 16) | (s->macaddr[3] << 24);
174 case 0x18: /* IA1 */
175 return s->macaddr[4] | (s->macaddr[5] << 8);
176 case 0x1c: /* THR */
177 return s->thr;
178 case 0x20: /* MCTL */
179 return s->mctl;
180 case 0x24: /* MDV */
181 return s->mdv;
182 case 0x28: /* MADD */
183 return 0;
184 case 0x2c: /* MTXD */
185 return s->mtxd;
186 case 0x30: /* MRXD */
187 return s->mrxd;
188 case 0x34: /* NP */
189 return s->np;
190 case 0x38: /* TR */
191 return 0;
192 case 0x3c: /* Undocuented: Timestamp? */
193 return 0;
194 default:
195 hw_error("stellaris_enet_read: Bad offset %x\n", (int)offset);
196 return 0;
197 }
198 }
199
200 static void stellaris_enet_write(void *opaque, target_phys_addr_t offset,
201 uint32_t value)
202 {
203 stellaris_enet_state *s = (stellaris_enet_state *)opaque;
204
205 switch (offset) {
206 case 0x00: /* IACK */
207 s->ris &= ~value;
208 DPRINTF("IRQ ack %02x/%02x\n", value, s->ris);
209 stellaris_enet_update(s);
210 /* Clearing TXER also resets the TX fifo. */
211 if (value & SE_INT_TXER)
212 s->tx_frame_len = -1;
213 break;
214 case 0x04: /* IM */
215 DPRINTF("IRQ mask %02x/%02x\n", value, s->ris);
216 s->im = value;
217 stellaris_enet_update(s);
218 break;
219 case 0x08: /* RCTL */
220 s->rctl = value;
221 if (value & SE_RCTL_RSTFIFO) {
222 s->rx_fifo_len = 0;
223 s->np = 0;
224 stellaris_enet_update(s);
225 }
226 break;
227 case 0x0c: /* TCTL */
228 s->tctl = value;
229 break;
230 case 0x10: /* DATA */
231 if (s->tx_frame_len == -1) {
232 s->tx_frame_len = value & 0xffff;
233 if (s->tx_frame_len > 2032) {
234 DPRINTF("TX frame too long (%d)\n", s->tx_frame_len);
235 s->tx_frame_len = 0;
236 s->ris |= SE_INT_TXER;
237 stellaris_enet_update(s);
238 } else {
239 DPRINTF("Start TX frame len=%d\n", s->tx_frame_len);
240 /* The value written does not include the ethernet header. */
241 s->tx_frame_len += 14;
242 if ((s->tctl & SE_TCTL_CRC) == 0)
243 s->tx_frame_len += 4;
244 s->tx_fifo_len = 0;
245 s->tx_fifo[s->tx_fifo_len++] = value >> 16;
246 s->tx_fifo[s->tx_fifo_len++] = value >> 24;
247 }
248 } else {
249 s->tx_fifo[s->tx_fifo_len++] = value;
250 s->tx_fifo[s->tx_fifo_len++] = value >> 8;
251 s->tx_fifo[s->tx_fifo_len++] = value >> 16;
252 s->tx_fifo[s->tx_fifo_len++] = value >> 24;
253 if (s->tx_fifo_len >= s->tx_frame_len) {
254 /* We don't implement explicit CRC, so just chop it off. */
255 if ((s->tctl & SE_TCTL_CRC) == 0)
256 s->tx_frame_len -= 4;
257 if ((s->tctl & SE_TCTL_PADEN) && s->tx_frame_len < 60) {
258 memset(&s->tx_fifo[s->tx_frame_len], 0, 60 - s->tx_frame_len);
259 s->tx_fifo_len = 60;
260 }
261 qemu_send_packet(s->vc, s->tx_fifo, s->tx_frame_len);
262 s->tx_frame_len = -1;
263 s->ris |= SE_INT_TXEMP;
264 stellaris_enet_update(s);
265 DPRINTF("Done TX\n");
266 }
267 }
268 break;
269 case 0x14: /* IA0 */
270 s->macaddr[0] = value;
271 s->macaddr[1] = value >> 8;
272 s->macaddr[2] = value >> 16;
273 s->macaddr[3] = value >> 24;
274 break;
275 case 0x18: /* IA1 */
276 s->macaddr[4] = value;
277 s->macaddr[5] = value >> 8;
278 break;
279 case 0x1c: /* THR */
280 s->thr = value;
281 break;
282 case 0x20: /* MCTL */
283 s->mctl = value;
284 break;
285 case 0x24: /* MDV */
286 s->mdv = value;
287 break;
288 case 0x28: /* MADD */
289 /* ignored. */
290 break;
291 case 0x2c: /* MTXD */
292 s->mtxd = value & 0xff;
293 break;
294 case 0x30: /* MRXD */
295 case 0x34: /* NP */
296 case 0x38: /* TR */
297 /* Ignored. */
298 case 0x3c: /* Undocuented: Timestamp? */
299 /* Ignored. */
300 break;
301 default:
302 hw_error("stellaris_enet_write: Bad offset %x\n", (int)offset);
303 }
304 }
305
306 static CPUReadMemoryFunc *stellaris_enet_readfn[] = {
307 stellaris_enet_read,
308 stellaris_enet_read,
309 stellaris_enet_read
310 };
311
312 static CPUWriteMemoryFunc *stellaris_enet_writefn[] = {
313 stellaris_enet_write,
314 stellaris_enet_write,
315 stellaris_enet_write
316 };
317 static void stellaris_enet_reset(stellaris_enet_state *s)
318 {
319 s->mdv = 0x80;
320 s->rctl = SE_RCTL_BADCRC;
321 s->im = SE_INT_PHY | SE_INT_MD | SE_INT_RXER | SE_INT_FOV | SE_INT_TXEMP
322 | SE_INT_TXER | SE_INT_RX;
323 s->thr = 0x3f;
324 s->tx_frame_len = -1;
325 }
326
327 static void stellaris_enet_save(QEMUFile *f, void *opaque)
328 {
329 stellaris_enet_state *s = (stellaris_enet_state *)opaque;
330 int i;
331
332 qemu_put_be32(f, s->ris);
333 qemu_put_be32(f, s->im);
334 qemu_put_be32(f, s->rctl);
335 qemu_put_be32(f, s->tctl);
336 qemu_put_be32(f, s->thr);
337 qemu_put_be32(f, s->mctl);
338 qemu_put_be32(f, s->mdv);
339 qemu_put_be32(f, s->mtxd);
340 qemu_put_be32(f, s->mrxd);
341 qemu_put_be32(f, s->np);
342 qemu_put_be32(f, s->tx_frame_len);
343 qemu_put_be32(f, s->tx_fifo_len);
344 qemu_put_buffer(f, s->tx_fifo, sizeof(s->tx_fifo));
345 for (i = 0; i < 31; i++) {
346 qemu_put_be32(f, s->rx[i].len);
347 qemu_put_buffer(f, s->rx[i].data, sizeof(s->rx[i].data));
348
349 }
350 qemu_put_be32(f, s->next_packet);
351 qemu_put_be32(f, s->rx_fifo - s->rx[s->next_packet].data);
352 qemu_put_be32(f, s->rx_fifo_len);
353 }
354
355 static int stellaris_enet_load(QEMUFile *f, void *opaque, int version_id)
356 {
357 stellaris_enet_state *s = (stellaris_enet_state *)opaque;
358 int i;
359
360 if (version_id != 1)
361 return -EINVAL;
362
363 s->ris = qemu_get_be32(f);
364 s->im = qemu_get_be32(f);
365 s->rctl = qemu_get_be32(f);
366 s->tctl = qemu_get_be32(f);
367 s->thr = qemu_get_be32(f);
368 s->mctl = qemu_get_be32(f);
369 s->mdv = qemu_get_be32(f);
370 s->mtxd = qemu_get_be32(f);
371 s->mrxd = qemu_get_be32(f);
372 s->np = qemu_get_be32(f);
373 s->tx_frame_len = qemu_get_be32(f);
374 s->tx_fifo_len = qemu_get_be32(f);
375 qemu_get_buffer(f, s->tx_fifo, sizeof(s->tx_fifo));
376 for (i = 0; i < 31; i++) {
377 s->rx[i].len = qemu_get_be32(f);
378 qemu_get_buffer(f, s->rx[i].data, sizeof(s->rx[i].data));
379
380 }
381 s->next_packet = qemu_get_be32(f);
382 s->rx_fifo = s->rx[s->next_packet].data + qemu_get_be32(f);
383 s->rx_fifo_len = qemu_get_be32(f);
384
385 return 0;
386 }
387
388 static void stellaris_enet_cleanup(VLANClientState *vc)
389 {
390 stellaris_enet_state *s = vc->opaque;
391
392 unregister_savevm("stellaris_enet", s);
393
394 cpu_unregister_io_memory(s->mmio_index);
395
396 qemu_free(s);
397 }
398
399 static void stellaris_enet_init(SysBusDevice *dev)
400 {
401 stellaris_enet_state *s = FROM_SYSBUS(stellaris_enet_state, dev);
402
403 s->mmio_index = cpu_register_io_memory(stellaris_enet_readfn,
404 stellaris_enet_writefn, s);
405 sysbus_init_mmio(dev, 0x1000, s->mmio_index);
406 sysbus_init_irq(dev, &s->irq);
407 qdev_get_macaddr(&dev->qdev, s->macaddr);
408
409 s->vc = qdev_get_vlan_client(&dev->qdev,
410 stellaris_enet_can_receive,
411 stellaris_enet_receive, NULL,
412 stellaris_enet_cleanup, s);
413 qemu_format_nic_info_str(s->vc, s->macaddr);
414
415 stellaris_enet_reset(s);
416 register_savevm("stellaris_enet", -1, 1,
417 stellaris_enet_save, stellaris_enet_load, s);
418 }
419
420 static void stellaris_enet_register_devices(void)
421 {
422 sysbus_register_dev("stellaris_enet", sizeof(stellaris_enet_state),
423 stellaris_enet_init);
424 }
425
426 device_init(stellaris_enet_register_devices)
Patches shipped by Fedora