search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
e1000: bounds packet size against buffer size
[qemu.git] / hw / g364fb.c
blobf00ee27b1752d2b39ccde18acb194a1a6c1db275
1 /*
2 * QEMU G364 framebuffer Emulator.
3 *
4 * Copyright (c) 2007-2011 Herve Poussineau
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License as
8 * published by the Free Software Foundation; either version 2 of
9 * the License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "hw.h"
21 #include "console.h"
22 #include "pixel_ops.h"
23 #include "trace.h"
24 #include "sysbus.h"
25
26 typedef struct G364State {
27 /* hardware */
28 uint8_t *vram;
29 uint32_t vram_size;
30 qemu_irq irq;
31 MemoryRegion mem_vram;
32 MemoryRegion mem_ctrl;
33 /* registers */
34 uint8_t color_palette[256][3];
35 uint8_t cursor_palette[3][3];
36 uint16_t cursor[512];
37 uint32_t cursor_position;
38 uint32_t ctla;
39 uint32_t top_of_screen;
40 uint32_t width, height; /* in pixels */
41 /* display refresh support */
42 DisplayState *ds;
43 int depth;
44 int blanked;
45 } G364State;
46
47 #define REG_BOOT 0x000000
48 #define REG_DISPLAY 0x000118
49 #define REG_VDISPLAY 0x000150
50 #define REG_CTLA 0x000300
51 #define REG_TOP 0x000400
52 #define REG_CURS_PAL 0x000508
53 #define REG_CURS_POS 0x000638
54 #define REG_CLR_PAL 0x000800
55 #define REG_CURS_PAT 0x001000
56 #define REG_RESET 0x100000
57
58 #define CTLA_FORCE_BLANK 0x00000400
59 #define CTLA_NO_CURSOR 0x00800000
60
61 #define G364_PAGE_SIZE 4096
62
63 static inline int check_dirty(G364State *s, ram_addr_t page)
64 {
65 return memory_region_get_dirty(&s->mem_vram, page, DIRTY_MEMORY_VGA);
66 }
67
68 static inline void reset_dirty(G364State *s,
69 ram_addr_t page_min, ram_addr_t page_max)
70 {
71 memory_region_reset_dirty(&s->mem_vram,
72 page_min,
73 page_max + G364_PAGE_SIZE - page_min - 1,
74 DIRTY_MEMORY_VGA);
75 }
76
77 static void g364fb_draw_graphic8(G364State *s)
78 {
79 int i, w;
80 uint8_t *vram;
81 uint8_t *data_display, *dd;
82 ram_addr_t page, page_min, page_max;
83 int x, y;
84 int xmin, xmax;
85 int ymin, ymax;
86 int xcursor, ycursor;
87 unsigned int (*rgb_to_pixel)(unsigned int r, unsigned int g, unsigned int b);
88
89 switch (ds_get_bits_per_pixel(s->ds)) {
90 case 8:
91 rgb_to_pixel = rgb_to_pixel8;
92 w = 1;
93 break;
94 case 15:
95 rgb_to_pixel = rgb_to_pixel15;
96 w = 2;
97 break;
98 case 16:
99 rgb_to_pixel = rgb_to_pixel16;
100 w = 2;
101 break;
102 case 32:
103 rgb_to_pixel = rgb_to_pixel32;
104 w = 4;
105 break;
106 default:
107 hw_error("g364: unknown host depth %d",
108 ds_get_bits_per_pixel(s->ds));
109 return;
110 }
111
112 page = 0;
113 page_min = (ram_addr_t)-1;
114 page_max = 0;
115
116 x = y = 0;
117 xmin = s->width;
118 xmax = 0;
119 ymin = s->height;
120 ymax = 0;
121
122 if (!(s->ctla & CTLA_NO_CURSOR)) {
123 xcursor = s->cursor_position >> 12;
124 ycursor = s->cursor_position & 0xfff;
125 } else {
126 xcursor = ycursor = -65;
127 }
128
129 vram = s->vram + s->top_of_screen;
130 /* XXX: out of range in vram? */
131 data_display = dd = ds_get_data(s->ds);
132 while (y < s->height) {
133 if (check_dirty(s, page)) {
134 if (y < ymin)
135 ymin = ymax = y;
136 if (page_min == (ram_addr_t)-1)
137 page_min = page;
138 page_max = page;
139 if (x < xmin)
140 xmin = x;
141 for (i = 0; i < G364_PAGE_SIZE; i++) {
142 uint8_t index;
143 unsigned int color;
144 if (unlikely((y >= ycursor && y < ycursor + 64) &&
145 (x >= xcursor && x < xcursor + 64))) {
146 /* pointer area */
147 int xdiff = x - xcursor;
148 uint16_t curs = s->cursor[(y - ycursor) * 8 + xdiff / 8];
149 int op = (curs >> ((xdiff & 7) * 2)) & 3;
150 if (likely(op == 0)) {
151 /* transparent */
152 index = *vram;
153 color = (*rgb_to_pixel)(
154 s->color_palette[index][0],
155 s->color_palette[index][1],
156 s->color_palette[index][2]);
157 } else {
158 /* get cursor color */
159 index = op - 1;
160 color = (*rgb_to_pixel)(
161 s->cursor_palette[index][0],
162 s->cursor_palette[index][1],
163 s->cursor_palette[index][2]);
164 }
165 } else {
166 /* normal area */
167 index = *vram;
168 color = (*rgb_to_pixel)(
169 s->color_palette[index][0],
170 s->color_palette[index][1],
171 s->color_palette[index][2]);
172 }
173 memcpy(dd, &color, w);
174 dd += w;
175 x++;
176 vram++;
177 if (x == s->width) {
178 xmax = s->width - 1;
179 y++;
180 if (y == s->height) {
181 ymax = s->height - 1;
182 goto done;
183 }
184 data_display = dd = data_display + ds_get_linesize(s->ds);
185 xmin = 0;
186 x = 0;
187 }
188 }
189 if (x > xmax)
190 xmax = x;
191 if (y > ymax)
192 ymax = y;
193 } else {
194 int dy;
195 if (page_min != (ram_addr_t)-1) {
196 reset_dirty(s, page_min, page_max);
197 page_min = (ram_addr_t)-1;
198 page_max = 0;
199 dpy_update(s->ds, xmin, ymin, xmax - xmin + 1, ymax - ymin + 1);
200 xmin = s->width;
201 xmax = 0;
202 ymin = s->height;
203 ymax = 0;
204 }
205 x += G364_PAGE_SIZE;
206 dy = x / s->width;
207 x = x % s->width;
208 y += dy;
209 vram += G364_PAGE_SIZE;
210 data_display += dy * ds_get_linesize(s->ds);
211 dd = data_display + x * w;
212 }
213 page += G364_PAGE_SIZE;
214 }
215
216 done:
217 if (page_min != (ram_addr_t)-1) {
218 dpy_update(s->ds, xmin, ymin, xmax - xmin + 1, ymax - ymin + 1);
219 reset_dirty(s, page_min, page_max);
220 }
221 }
222
223 static void g364fb_draw_blank(G364State *s)
224 {
225 int i, w;
226 uint8_t *d;
227
228 if (s->blanked) {
229 /* Screen is already blank. No need to redraw it */
230 return;
231 }
232
233 w = s->width * ((ds_get_bits_per_pixel(s->ds) + 7) >> 3);
234 d = ds_get_data(s->ds);
235 for (i = 0; i < s->height; i++) {
236 memset(d, 0, w);
237 d += ds_get_linesize(s->ds);
238 }
239
240 dpy_update(s->ds, 0, 0, s->width, s->height);
241 s->blanked = 1;
242 }
243
244 static void g364fb_update_display(void *opaque)
245 {
246 G364State *s = opaque;
247
248 qemu_flush_coalesced_mmio_buffer();
249
250 if (s->width == 0 || s->height == 0)
251 return;
252
253 if (s->width != ds_get_width(s->ds) || s->height != ds_get_height(s->ds)) {
254 qemu_console_resize(s->ds, s->width, s->height);
255 }
256
257 if (s->ctla & CTLA_FORCE_BLANK) {
258 g364fb_draw_blank(s);
259 } else if (s->depth == 8) {
260 g364fb_draw_graphic8(s);
261 } else {
262 error_report("g364: unknown guest depth %d", s->depth);
263 }
264
265 qemu_irq_raise(s->irq);
266 }
267
268 static inline void g364fb_invalidate_display(void *opaque)
269 {
270 G364State *s = opaque;
271 int i;
272
273 s->blanked = 0;
274 for (i = 0; i < s->vram_size; i += G364_PAGE_SIZE) {
275 memory_region_set_dirty(&s->mem_vram, i);
276 }
277 }
278
279 static void g364fb_reset(G364State *s)
280 {
281 qemu_irq_lower(s->irq);
282
283 memset(s->color_palette, 0, sizeof(s->color_palette));
284 memset(s->cursor_palette, 0, sizeof(s->cursor_palette));
285 memset(s->cursor, 0, sizeof(s->cursor));
286 s->cursor_position = 0;
287 s->ctla = 0;
288 s->top_of_screen = 0;
289 s->width = s->height = 0;
290 memset(s->vram, 0, s->vram_size);
291 g364fb_invalidate_display(s);
292 }
293
294 static void g364fb_screen_dump(void *opaque, const char *filename)
295 {
296 G364State *s = opaque;
297 int y, x;
298 uint8_t index;
299 uint8_t *data_buffer;
300 FILE *f;
301
302 qemu_flush_coalesced_mmio_buffer();
303
304 if (s->depth != 8) {
305 error_report("g364: unknown guest depth %d", s->depth);
306 return;
307 }
308
309 f = fopen(filename, "wb");
310 if (!f)
311 return;
312
313 if (s->ctla & CTLA_FORCE_BLANK) {
314 /* blank screen */
315 fprintf(f, "P4\n%d %d\n",
316 s->width, s->height);
317 for (y = 0; y < s->height; y++)
318 for (x = 0; x < s->width; x++)
319 fputc(0, f);
320 } else {
321 data_buffer = s->vram + s->top_of_screen;
322 fprintf(f, "P6\n%d %d\n%d\n",
323 s->width, s->height, 255);
324 for (y = 0; y < s->height; y++)
325 for (x = 0; x < s->width; x++, data_buffer++) {
326 index = *data_buffer;
327 fputc(s->color_palette[index][0], f);
328 fputc(s->color_palette[index][1], f);
329 fputc(s->color_palette[index][2], f);
330 }
331 }
332
333 fclose(f);
334 }
335
336 /* called for accesses to io ports */
337 static uint64_t g364fb_ctrl_read(void *opaque,
338 target_phys_addr_t addr,
339 unsigned int size)
340 {
341 G364State *s = opaque;
342 uint32_t val;
343
344 if (addr >= REG_CURS_PAT && addr < REG_CURS_PAT + 0x1000) {
345 /* cursor pattern */
346 int idx = (addr - REG_CURS_PAT) >> 3;
347 val = s->cursor[idx];
348 } else if (addr >= REG_CURS_PAL && addr < REG_CURS_PAL + 0x18) {
349 /* cursor palette */
350 int idx = (addr - REG_CURS_PAL) >> 3;
351 val = ((uint32_t)s->cursor_palette[idx][0] << 16);
352 val |= ((uint32_t)s->cursor_palette[idx][1] << 8);
353 val |= ((uint32_t)s->cursor_palette[idx][2] << 0);
354 } else {
355 switch (addr) {
356 case REG_DISPLAY:
357 val = s->width / 4;
358 break;
359 case REG_VDISPLAY:
360 val = s->height * 2;
361 break;
362 case REG_CTLA:
363 val = s->ctla;
364 break;
365 default:
366 {
367 error_report("g364: invalid read at [" TARGET_FMT_plx "]",
368 addr);
369 val = 0;
370 break;
371 }
372 }
373 }
374
375 trace_g364fb_read(addr, val);
376
377 return val;
378 }
379
380 static void g364fb_update_depth(G364State *s)
381 {
382 static const int depths[8] = { 1, 2, 4, 8, 15, 16, 0 };
383 s->depth = depths[(s->ctla & 0x00700000) >> 20];
384 }
385
386 static void g364_invalidate_cursor_position(G364State *s)
387 {
388 int ymin, ymax, start, end, i;
389
390 /* invalidate only near the cursor */
391 ymin = s->cursor_position & 0xfff;
392 ymax = MIN(s->height, ymin + 64);
393 start = ymin * ds_get_linesize(s->ds);
394 end = (ymax + 1) * ds_get_linesize(s->ds);
395
396 for (i = start; i < end; i += G364_PAGE_SIZE) {
397 memory_region_set_dirty(&s->mem_vram, i);
398 }
399 }
400
401 static void g364fb_ctrl_write(void *opaque,
402 target_phys_addr_t addr,
403 uint64_t val,
404 unsigned int size)
405 {
406 G364State *s = opaque;
407
408 trace_g364fb_write(addr, val);
409
410 if (addr >= REG_CLR_PAL && addr < REG_CLR_PAL + 0x800) {
411 /* color palette */
412 int idx = (addr - REG_CLR_PAL) >> 3;
413 s->color_palette[idx][0] = (val >> 16) & 0xff;
414 s->color_palette[idx][1] = (val >> 8) & 0xff;
415 s->color_palette[idx][2] = val & 0xff;
416 g364fb_invalidate_display(s);
417 } else if (addr >= REG_CURS_PAT && addr < REG_CURS_PAT + 0x1000) {
418 /* cursor pattern */
419 int idx = (addr - REG_CURS_PAT) >> 3;
420 s->cursor[idx] = val;
421 g364fb_invalidate_display(s);
422 } else if (addr >= REG_CURS_PAL && addr < REG_CURS_PAL + 0x18) {
423 /* cursor palette */
424 int idx = (addr - REG_CURS_PAL) >> 3;
425 s->cursor_palette[idx][0] = (val >> 16) & 0xff;
426 s->cursor_palette[idx][1] = (val >> 8) & 0xff;
427 s->cursor_palette[idx][2] = val & 0xff;
428 g364fb_invalidate_display(s);
429 } else {
430 switch (addr) {
431 case REG_BOOT: /* Boot timing */
432 case 0x00108: /* Line timing: half sync */
433 case 0x00110: /* Line timing: back porch */
434 case 0x00120: /* Line timing: short display */
435 case 0x00128: /* Frame timing: broad pulse */
436 case 0x00130: /* Frame timing: v sync */
437 case 0x00138: /* Frame timing: v preequalise */
438 case 0x00140: /* Frame timing: v postequalise */
439 case 0x00148: /* Frame timing: v blank */
440 case 0x00158: /* Line timing: line time */
441 case 0x00160: /* Frame store: line start */
442 case 0x00168: /* vram cycle: mem init */
443 case 0x00170: /* vram cycle: transfer delay */
444 case 0x00200: /* vram cycle: mask register */
445 /* ignore */
446 break;
447 case REG_TOP:
448 s->top_of_screen = val;
449 g364fb_invalidate_display(s);
450 break;
451 case REG_DISPLAY:
452 s->width = val * 4;
453 break;
454 case REG_VDISPLAY:
455 s->height = val / 2;
456 break;
457 case REG_CTLA:
458 s->ctla = val;
459 g364fb_update_depth(s);
460 g364fb_invalidate_display(s);
461 break;
462 case REG_CURS_POS:
463 g364_invalidate_cursor_position(s);
464 s->cursor_position = val;
465 g364_invalidate_cursor_position(s);
466 break;
467 case REG_RESET:
468 g364fb_reset(s);
469 break;
470 default:
471 error_report("g364: invalid write of 0x%" PRIx64
472 " at [" TARGET_FMT_plx "]", val, addr);
473 break;
474 }
475 }
476 qemu_irq_lower(s->irq);
477 }
478
479 static const MemoryRegionOps g364fb_ctrl_ops = {
480 .read = g364fb_ctrl_read,
481 .write = g364fb_ctrl_write,
482 .endianness = DEVICE_LITTLE_ENDIAN,
483 .impl.min_access_size = 4,
484 .impl.max_access_size = 4,
485 };
486
487 static int g364fb_post_load(void *opaque, int version_id)
488 {
489 G364State *s = opaque;
490
491 /* force refresh */
492 g364fb_update_depth(s);
493 g364fb_invalidate_display(s);
494
495 return 0;
496 }
497
498 static const VMStateDescription vmstate_g364fb = {
499 .name = "g364fb",
500 .version_id = 1,
501 .minimum_version_id = 1,
502 .minimum_version_id_old = 1,
503 .post_load = g364fb_post_load,
504 .fields = (VMStateField[]) {
505 VMSTATE_VBUFFER_UINT32(vram, G364State, 1, NULL, 0, vram_size),
506 VMSTATE_BUFFER_UNSAFE(color_palette, G364State, 0, 256 * 3),
507 VMSTATE_BUFFER_UNSAFE(cursor_palette, G364State, 0, 9),
508 VMSTATE_UINT16_ARRAY(cursor, G364State, 512),
509 VMSTATE_UINT32(cursor_position, G364State),
510 VMSTATE_UINT32(ctla, G364State),
511 VMSTATE_UINT32(top_of_screen, G364State),
512 VMSTATE_UINT32(width, G364State),
513 VMSTATE_UINT32(height, G364State),
514 VMSTATE_END_OF_LIST()
515 }
516 };
517
518 static void g364fb_init(DeviceState *dev, G364State *s)
519 {
520 s->vram = g_malloc0(s->vram_size);
521
522 s->ds = graphic_console_init(g364fb_update_display,
523 g364fb_invalidate_display,
524 g364fb_screen_dump, NULL, s);
525
526 memory_region_init_io(&s->mem_ctrl, &g364fb_ctrl_ops, s, "ctrl", 0x180000);
527 memory_region_init_ram_ptr(&s->mem_vram, dev, "vram",
528 s->vram_size, s->vram);
529 memory_region_set_coalescing(&s->mem_vram);
530 }
531
532 typedef struct {
533 SysBusDevice busdev;
534 G364State g364;
535 } G364SysBusState;
536
537 static int g364fb_sysbus_init(SysBusDevice *dev)
538 {
539 G364State *s = &FROM_SYSBUS(G364SysBusState, dev)->g364;
540
541 g364fb_init(&dev->qdev, s);
542 sysbus_init_irq(dev, &s->irq);
543 sysbus_init_mmio_region(dev, &s->mem_ctrl);
544 sysbus_init_mmio_region(dev, &s->mem_vram);
545
546 return 0;
547 }
548
549 static void g364fb_sysbus_reset(DeviceState *d)
550 {
551 G364SysBusState *s = DO_UPCAST(G364SysBusState, busdev.qdev, d);
552 g364fb_reset(&s->g364);
553 }
554
555 static SysBusDeviceInfo g364fb_sysbus_info = {
556 .init = g364fb_sysbus_init,
557 .qdev.name = "sysbus-g364",
558 .qdev.desc = "G364 framebuffer",
559 .qdev.size = sizeof(G364SysBusState),
560 .qdev.vmsd = &vmstate_g364fb,
561 .qdev.reset = g364fb_sysbus_reset,
562 .qdev.props = (Property[]) {
563 DEFINE_PROP_HEX32("vram_size", G364SysBusState, g364.vram_size,
564 8 * 1024 * 1024),
565 DEFINE_PROP_END_OF_LIST(),
566 }
567 };
568
569 static void g364fb_register(void)
570 {
571 sysbus_register_withprop(&g364fb_sysbus_info);
572 }
573
574 device_init(g364fb_register);
QEmu