vvfat: fat_chksum(): fix access above array bounds
[qemu.git] / hw / arm_timer.c
blobf009e9e51d624db6e56a43c37d5658f5559f5f4f
1 /*
2 * ARM PrimeCell Timer modules.
4 * Copyright (c) 2005-2006 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licenced under the GPL.
8 */
10 #include "sysbus.h"
11 #include "qemu-timer.h"
13 /* Common timer implementation. */
15 #define TIMER_CTRL_ONESHOT (1 << 0)
16 #define TIMER_CTRL_32BIT (1 << 1)
17 #define TIMER_CTRL_DIV1 (0 << 2)
18 #define TIMER_CTRL_DIV16 (1 << 2)
19 #define TIMER_CTRL_DIV256 (2 << 2)
20 #define TIMER_CTRL_IE (1 << 5)
21 #define TIMER_CTRL_PERIODIC (1 << 6)
22 #define TIMER_CTRL_ENABLE (1 << 7)
24 typedef struct {
25 ptimer_state *timer;
26 uint32_t control;
27 uint32_t limit;
28 int freq;
29 int int_level;
30 qemu_irq irq;
31 } arm_timer_state;
33 /* Check all active timers, and schedule the next timer interrupt. */
35 static void arm_timer_update(arm_timer_state *s)
37 /* Update interrupts. */
38 if (s->int_level && (s->control & TIMER_CTRL_IE)) {
39 qemu_irq_raise(s->irq);
40 } else {
41 qemu_irq_lower(s->irq);
45 static uint32_t arm_timer_read(void *opaque, target_phys_addr_t offset)
47 arm_timer_state *s = (arm_timer_state *)opaque;
49 switch (offset >> 2) {
50 case 0: /* TimerLoad */
51 case 6: /* TimerBGLoad */
52 return s->limit;
53 case 1: /* TimerValue */
54 return ptimer_get_count(s->timer);
55 case 2: /* TimerControl */
56 return s->control;
57 case 4: /* TimerRIS */
58 return s->int_level;
59 case 5: /* TimerMIS */
60 if ((s->control & TIMER_CTRL_IE) == 0)
61 return 0;
62 return s->int_level;
63 default:
64 hw_error("arm_timer_read: Bad offset %x\n", (int)offset);
65 return 0;
69 /* Reset the timer limit after settings have changed. */
70 static void arm_timer_recalibrate(arm_timer_state *s, int reload)
72 uint32_t limit;
74 if ((s->control & (TIMER_CTRL_PERIODIC | TIMER_CTRL_ONESHOT)) == 0) {
75 /* Free running. */
76 if (s->control & TIMER_CTRL_32BIT)
77 limit = 0xffffffff;
78 else
79 limit = 0xffff;
80 } else {
81 /* Periodic. */
82 limit = s->limit;
84 ptimer_set_limit(s->timer, limit, reload);
87 static void arm_timer_write(void *opaque, target_phys_addr_t offset,
88 uint32_t value)
90 arm_timer_state *s = (arm_timer_state *)opaque;
91 int freq;
93 switch (offset >> 2) {
94 case 0: /* TimerLoad */
95 s->limit = value;
96 arm_timer_recalibrate(s, 1);
97 break;
98 case 1: /* TimerValue */
99 /* ??? Linux seems to want to write to this readonly register.
100 Ignore it. */
101 break;
102 case 2: /* TimerControl */
103 if (s->control & TIMER_CTRL_ENABLE) {
104 /* Pause the timer if it is running. This may cause some
105 inaccuracy dure to rounding, but avoids a whole lot of other
106 messyness. */
107 ptimer_stop(s->timer);
109 s->control = value;
110 freq = s->freq;
111 /* ??? Need to recalculate expiry time after changing divisor. */
112 switch ((value >> 2) & 3) {
113 case 1: freq >>= 4; break;
114 case 2: freq >>= 8; break;
116 arm_timer_recalibrate(s, s->control & TIMER_CTRL_ENABLE);
117 ptimer_set_freq(s->timer, freq);
118 if (s->control & TIMER_CTRL_ENABLE) {
119 /* Restart the timer if still enabled. */
120 ptimer_run(s->timer, (s->control & TIMER_CTRL_ONESHOT) != 0);
122 break;
123 case 3: /* TimerIntClr */
124 s->int_level = 0;
125 break;
126 case 6: /* TimerBGLoad */
127 s->limit = value;
128 arm_timer_recalibrate(s, 0);
129 break;
130 default:
131 hw_error("arm_timer_write: Bad offset %x\n", (int)offset);
133 arm_timer_update(s);
136 static void arm_timer_tick(void *opaque)
138 arm_timer_state *s = (arm_timer_state *)opaque;
139 s->int_level = 1;
140 arm_timer_update(s);
143 static void arm_timer_save(QEMUFile *f, void *opaque)
145 arm_timer_state *s = (arm_timer_state *)opaque;
146 qemu_put_be32(f, s->control);
147 qemu_put_be32(f, s->limit);
148 qemu_put_be32(f, s->int_level);
149 qemu_put_ptimer(f, s->timer);
152 static int arm_timer_load(QEMUFile *f, void *opaque, int version_id)
154 arm_timer_state *s = (arm_timer_state *)opaque;
156 if (version_id != 1)
157 return -EINVAL;
159 s->control = qemu_get_be32(f);
160 s->limit = qemu_get_be32(f);
161 s->int_level = qemu_get_be32(f);
162 qemu_get_ptimer(f, s->timer);
163 return 0;
166 static arm_timer_state *arm_timer_init(uint32_t freq)
168 arm_timer_state *s;
169 QEMUBH *bh;
171 s = (arm_timer_state *)qemu_mallocz(sizeof(arm_timer_state));
172 s->freq = freq;
173 s->control = TIMER_CTRL_IE;
175 bh = qemu_bh_new(arm_timer_tick, s);
176 s->timer = ptimer_init(bh);
177 register_savevm(NULL, "arm_timer", -1, 1, arm_timer_save, arm_timer_load, s);
178 return s;
181 /* ARM PrimeCell SP804 dual timer module.
182 Docs for this device don't seem to be publicly available. This
183 implementation is based on guesswork, the linux kernel sources and the
184 Integrator/CP timer modules. */
186 typedef struct {
187 SysBusDevice busdev;
188 arm_timer_state *timer[2];
189 int level[2];
190 qemu_irq irq;
191 } sp804_state;
193 /* Merge the IRQs from the two component devices. */
194 static void sp804_set_irq(void *opaque, int irq, int level)
196 sp804_state *s = (sp804_state *)opaque;
198 s->level[irq] = level;
199 qemu_set_irq(s->irq, s->level[0] || s->level[1]);
202 static uint32_t sp804_read(void *opaque, target_phys_addr_t offset)
204 sp804_state *s = (sp804_state *)opaque;
206 /* ??? Don't know the PrimeCell ID for this device. */
207 if (offset < 0x20) {
208 return arm_timer_read(s->timer[0], offset);
209 } else {
210 return arm_timer_read(s->timer[1], offset - 0x20);
214 static void sp804_write(void *opaque, target_phys_addr_t offset,
215 uint32_t value)
217 sp804_state *s = (sp804_state *)opaque;
219 if (offset < 0x20) {
220 arm_timer_write(s->timer[0], offset, value);
221 } else {
222 arm_timer_write(s->timer[1], offset - 0x20, value);
226 static CPUReadMemoryFunc * const sp804_readfn[] = {
227 sp804_read,
228 sp804_read,
229 sp804_read
232 static CPUWriteMemoryFunc * const sp804_writefn[] = {
233 sp804_write,
234 sp804_write,
235 sp804_write
238 static void sp804_save(QEMUFile *f, void *opaque)
240 sp804_state *s = (sp804_state *)opaque;
241 qemu_put_be32(f, s->level[0]);
242 qemu_put_be32(f, s->level[1]);
245 static int sp804_load(QEMUFile *f, void *opaque, int version_id)
247 sp804_state *s = (sp804_state *)opaque;
249 if (version_id != 1)
250 return -EINVAL;
252 s->level[0] = qemu_get_be32(f);
253 s->level[1] = qemu_get_be32(f);
254 return 0;
257 static int sp804_init(SysBusDevice *dev)
259 int iomemtype;
260 sp804_state *s = FROM_SYSBUS(sp804_state, dev);
261 qemu_irq *qi;
263 qi = qemu_allocate_irqs(sp804_set_irq, s, 2);
264 sysbus_init_irq(dev, &s->irq);
265 /* ??? The timers are actually configurable between 32kHz and 1MHz, but
266 we don't implement that. */
267 s->timer[0] = arm_timer_init(1000000);
268 s->timer[1] = arm_timer_init(1000000);
269 s->timer[0]->irq = qi[0];
270 s->timer[1]->irq = qi[1];
271 iomemtype = cpu_register_io_memory(sp804_readfn,
272 sp804_writefn, s);
273 sysbus_init_mmio(dev, 0x1000, iomemtype);
274 register_savevm(&dev->qdev, "sp804", -1, 1, sp804_save, sp804_load, s);
275 return 0;
279 /* Integrator/CP timer module. */
281 typedef struct {
282 SysBusDevice busdev;
283 arm_timer_state *timer[3];
284 } icp_pit_state;
286 static uint32_t icp_pit_read(void *opaque, target_phys_addr_t offset)
288 icp_pit_state *s = (icp_pit_state *)opaque;
289 int n;
291 /* ??? Don't know the PrimeCell ID for this device. */
292 n = offset >> 8;
293 if (n > 3) {
294 hw_error("sp804_read: Bad timer %d\n", n);
297 return arm_timer_read(s->timer[n], offset & 0xff);
300 static void icp_pit_write(void *opaque, target_phys_addr_t offset,
301 uint32_t value)
303 icp_pit_state *s = (icp_pit_state *)opaque;
304 int n;
306 n = offset >> 8;
307 if (n > 3) {
308 hw_error("sp804_write: Bad timer %d\n", n);
311 arm_timer_write(s->timer[n], offset & 0xff, value);
315 static CPUReadMemoryFunc * const icp_pit_readfn[] = {
316 icp_pit_read,
317 icp_pit_read,
318 icp_pit_read
321 static CPUWriteMemoryFunc * const icp_pit_writefn[] = {
322 icp_pit_write,
323 icp_pit_write,
324 icp_pit_write
327 static int icp_pit_init(SysBusDevice *dev)
329 int iomemtype;
330 icp_pit_state *s = FROM_SYSBUS(icp_pit_state, dev);
332 /* Timer 0 runs at the system clock speed (40MHz). */
333 s->timer[0] = arm_timer_init(40000000);
334 /* The other two timers run at 1MHz. */
335 s->timer[1] = arm_timer_init(1000000);
336 s->timer[2] = arm_timer_init(1000000);
338 sysbus_init_irq(dev, &s->timer[0]->irq);
339 sysbus_init_irq(dev, &s->timer[1]->irq);
340 sysbus_init_irq(dev, &s->timer[2]->irq);
342 iomemtype = cpu_register_io_memory(icp_pit_readfn,
343 icp_pit_writefn, s);
344 sysbus_init_mmio(dev, 0x1000, iomemtype);
345 /* This device has no state to save/restore. The component timers will
346 save themselves. */
347 return 0;
350 static void arm_timer_register_devices(void)
352 sysbus_register_dev("integrator_pit", sizeof(icp_pit_state), icp_pit_init);
353 sysbus_register_dev("sp804", sizeof(sp804_state), sp804_init);
356 device_init(arm_timer_register_devices)