vvfat: fat_chksum(): fix access above array bounds
[qemu.git] / hw / piix_pci.c
blobf152a0ff0627d7884471757f269e02ba5fc78c20
1 /*
2 * QEMU i440FX/PIIX3 PCI Bridge Emulation
4 * Copyright (c) 2006 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
25 #include "hw.h"
26 #include "pc.h"
27 #include "pci.h"
28 #include "pci_host.h"
29 #include "isa.h"
30 #include "sysbus.h"
33 * I440FX chipset data sheet.
34 * http://download.intel.com/design/chipsets/datashts/29054901.pdf
37 typedef PCIHostState I440FXState;
39 typedef struct PIIX3State {
40 PCIDevice dev;
41 int pci_irq_levels[4];
42 qemu_irq *pic;
43 } PIIX3State;
45 struct PCII440FXState {
46 PCIDevice dev;
47 target_phys_addr_t isa_page_descs[384 / 4];
48 uint8_t smm_enabled;
49 PIIX3State *piix3;
53 #define I440FX_PAM 0x59
54 #define I440FX_PAM_SIZE 7
55 #define I440FX_SMRAM 0x72
57 static void piix3_set_irq(void *opaque, int irq_num, int level);
59 /* return the global irq number corresponding to a given device irq
60 pin. We could also use the bus number to have a more precise
61 mapping. */
62 static int pci_slot_get_pirq(PCIDevice *pci_dev, int irq_num)
64 int slot_addend;
65 slot_addend = (pci_dev->devfn >> 3) - 1;
66 return (irq_num + slot_addend) & 3;
69 static void update_pam(PCII440FXState *d, uint32_t start, uint32_t end, int r)
71 uint32_t addr;
73 // printf("ISA mapping %08x-0x%08x: %d\n", start, end, r);
74 switch(r) {
75 case 3:
76 /* RAM */
77 cpu_register_physical_memory(start, end - start,
78 start);
79 break;
80 case 1:
81 /* ROM (XXX: not quite correct) */
82 cpu_register_physical_memory(start, end - start,
83 start | IO_MEM_ROM);
84 break;
85 case 2:
86 case 0:
87 /* XXX: should distinguish read/write cases */
88 for(addr = start; addr < end; addr += 4096) {
89 cpu_register_physical_memory(addr, 4096,
90 d->isa_page_descs[(addr - 0xa0000) >> 12]);
92 break;
96 static void i440fx_update_memory_mappings(PCII440FXState *d)
98 int i, r;
99 uint32_t smram, addr;
101 update_pam(d, 0xf0000, 0x100000, (d->dev.config[I440FX_PAM] >> 4) & 3);
102 for(i = 0; i < 12; i++) {
103 r = (d->dev.config[(i >> 1) + (I440FX_PAM + 1)] >> ((i & 1) * 4)) & 3;
104 update_pam(d, 0xc0000 + 0x4000 * i, 0xc0000 + 0x4000 * (i + 1), r);
106 smram = d->dev.config[I440FX_SMRAM];
107 if ((d->smm_enabled && (smram & 0x08)) || (smram & 0x40)) {
108 cpu_register_physical_memory(0xa0000, 0x20000, 0xa0000);
109 } else {
110 for(addr = 0xa0000; addr < 0xc0000; addr += 4096) {
111 cpu_register_physical_memory(addr, 4096,
112 d->isa_page_descs[(addr - 0xa0000) >> 12]);
117 static void i440fx_set_smm(int val, void *arg)
119 PCII440FXState *d = arg;
121 val = (val != 0);
122 if (d->smm_enabled != val) {
123 d->smm_enabled = val;
124 i440fx_update_memory_mappings(d);
129 /* XXX: suppress when better memory API. We make the assumption that
130 no device (in particular the VGA) changes the memory mappings in
131 the 0xa0000-0x100000 range */
132 void i440fx_init_memory_mappings(PCII440FXState *d)
134 int i;
135 for(i = 0; i < 96; i++) {
136 d->isa_page_descs[i] = cpu_get_physical_page_desc(0xa0000 + i * 0x1000);
140 static void i440fx_write_config(PCIDevice *dev,
141 uint32_t address, uint32_t val, int len)
143 PCII440FXState *d = DO_UPCAST(PCII440FXState, dev, dev);
145 /* XXX: implement SMRAM.D_LOCK */
146 pci_default_write_config(dev, address, val, len);
147 if (ranges_overlap(address, len, I440FX_PAM, I440FX_PAM_SIZE) ||
148 range_covers_byte(address, len, I440FX_SMRAM)) {
149 i440fx_update_memory_mappings(d);
153 static int i440fx_load_old(QEMUFile* f, void *opaque, int version_id)
155 PCII440FXState *d = opaque;
156 int ret, i;
158 ret = pci_device_load(&d->dev, f);
159 if (ret < 0)
160 return ret;
161 i440fx_update_memory_mappings(d);
162 qemu_get_8s(f, &d->smm_enabled);
164 if (version_id == 2)
165 for (i = 0; i < 4; i++)
166 d->piix3->pci_irq_levels[i] = qemu_get_be32(f);
168 return 0;
171 static int i440fx_post_load(void *opaque, int version_id)
173 PCII440FXState *d = opaque;
175 i440fx_update_memory_mappings(d);
176 return 0;
179 static const VMStateDescription vmstate_i440fx = {
180 .name = "I440FX",
181 .version_id = 3,
182 .minimum_version_id = 3,
183 .minimum_version_id_old = 1,
184 .load_state_old = i440fx_load_old,
185 .post_load = i440fx_post_load,
186 .fields = (VMStateField []) {
187 VMSTATE_PCI_DEVICE(dev, PCII440FXState),
188 VMSTATE_UINT8(smm_enabled, PCII440FXState),
189 VMSTATE_END_OF_LIST()
193 static int i440fx_pcihost_initfn(SysBusDevice *dev)
195 I440FXState *s = FROM_SYSBUS(I440FXState, dev);
197 pci_host_conf_register_ioport(0xcf8, s);
199 pci_host_data_register_ioport(0xcfc, s);
200 return 0;
203 static int i440fx_initfn(PCIDevice *dev)
205 PCII440FXState *d = DO_UPCAST(PCII440FXState, dev, dev);
207 pci_config_set_vendor_id(d->dev.config, PCI_VENDOR_ID_INTEL);
208 pci_config_set_device_id(d->dev.config, PCI_DEVICE_ID_INTEL_82441);
209 d->dev.config[0x08] = 0x02; // revision
210 pci_config_set_class(d->dev.config, PCI_CLASS_BRIDGE_HOST);
212 d->dev.config[I440FX_SMRAM] = 0x02;
214 cpu_smm_register(&i440fx_set_smm, d);
215 return 0;
218 PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix3_devfn, qemu_irq *pic, ram_addr_t ram_size)
220 DeviceState *dev;
221 PCIBus *b;
222 PCIDevice *d;
223 I440FXState *s;
224 PIIX3State *piix3;
226 dev = qdev_create(NULL, "i440FX-pcihost");
227 s = FROM_SYSBUS(I440FXState, sysbus_from_qdev(dev));
228 b = pci_bus_new(&s->busdev.qdev, NULL, 0);
229 s->bus = b;
230 qdev_init_nofail(dev);
232 d = pci_create_simple(b, 0, "i440FX");
233 *pi440fx_state = DO_UPCAST(PCII440FXState, dev, d);
235 piix3 = DO_UPCAST(PIIX3State, dev,
236 pci_create_simple_multifunction(b, -1, true, "PIIX3"));
237 piix3->pic = pic;
238 pci_bus_irqs(b, piix3_set_irq, pci_slot_get_pirq, piix3, 4);
239 (*pi440fx_state)->piix3 = piix3;
241 *piix3_devfn = piix3->dev.devfn;
243 ram_size = ram_size / 8 / 1024 / 1024;
244 if (ram_size > 255)
245 ram_size = 255;
246 (*pi440fx_state)->dev.config[0x57]=ram_size;
248 return b;
251 /* PIIX3 PCI to ISA bridge */
253 static void piix3_set_irq(void *opaque, int irq_num, int level)
255 int i, pic_irq, pic_level;
256 PIIX3State *piix3 = opaque;
258 piix3->pci_irq_levels[irq_num] = level;
260 /* now we change the pic irq level according to the piix irq mappings */
261 /* XXX: optimize */
262 pic_irq = piix3->dev.config[0x60 + irq_num];
263 if (pic_irq < 16) {
264 /* The pic level is the logical OR of all the PCI irqs mapped
265 to it */
266 pic_level = 0;
267 for (i = 0; i < 4; i++) {
268 if (pic_irq == piix3->dev.config[0x60 + i])
269 pic_level |= piix3->pci_irq_levels[i];
271 qemu_set_irq(piix3->pic[pic_irq], pic_level);
275 static void piix3_reset(void *opaque)
277 PIIX3State *d = opaque;
278 uint8_t *pci_conf = d->dev.config;
280 pci_conf[0x04] = 0x07; // master, memory and I/O
281 pci_conf[0x05] = 0x00;
282 pci_conf[0x06] = 0x00;
283 pci_conf[0x07] = 0x02; // PCI_status_devsel_medium
284 pci_conf[0x4c] = 0x4d;
285 pci_conf[0x4e] = 0x03;
286 pci_conf[0x4f] = 0x00;
287 pci_conf[0x60] = 0x80;
288 pci_conf[0x61] = 0x80;
289 pci_conf[0x62] = 0x80;
290 pci_conf[0x63] = 0x80;
291 pci_conf[0x69] = 0x02;
292 pci_conf[0x70] = 0x80;
293 pci_conf[0x76] = 0x0c;
294 pci_conf[0x77] = 0x0c;
295 pci_conf[0x78] = 0x02;
296 pci_conf[0x79] = 0x00;
297 pci_conf[0x80] = 0x00;
298 pci_conf[0x82] = 0x00;
299 pci_conf[0xa0] = 0x08;
300 pci_conf[0xa2] = 0x00;
301 pci_conf[0xa3] = 0x00;
302 pci_conf[0xa4] = 0x00;
303 pci_conf[0xa5] = 0x00;
304 pci_conf[0xa6] = 0x00;
305 pci_conf[0xa7] = 0x00;
306 pci_conf[0xa8] = 0x0f;
307 pci_conf[0xaa] = 0x00;
308 pci_conf[0xab] = 0x00;
309 pci_conf[0xac] = 0x00;
310 pci_conf[0xae] = 0x00;
312 memset(d->pci_irq_levels, 0, sizeof(d->pci_irq_levels));
315 static const VMStateDescription vmstate_piix3 = {
316 .name = "PIIX3",
317 .version_id = 3,
318 .minimum_version_id = 2,
319 .minimum_version_id_old = 2,
320 .fields = (VMStateField []) {
321 VMSTATE_PCI_DEVICE(dev, PIIX3State),
322 VMSTATE_INT32_ARRAY_V(pci_irq_levels, PIIX3State, 4, 3),
323 VMSTATE_END_OF_LIST()
327 static int piix3_initfn(PCIDevice *dev)
329 PIIX3State *d = DO_UPCAST(PIIX3State, dev, dev);
330 uint8_t *pci_conf;
332 isa_bus_new(&d->dev.qdev);
334 pci_conf = d->dev.config;
335 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
336 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_0); // 82371SB PIIX3 PCI-to-ISA bridge (Step A1)
337 pci_config_set_class(pci_conf, PCI_CLASS_BRIDGE_ISA);
339 qemu_register_reset(piix3_reset, d);
340 return 0;
343 static PCIDeviceInfo i440fx_info[] = {
345 .qdev.name = "i440FX",
346 .qdev.desc = "Host bridge",
347 .qdev.size = sizeof(PCII440FXState),
348 .qdev.vmsd = &vmstate_i440fx,
349 .qdev.no_user = 1,
350 .init = i440fx_initfn,
351 .config_write = i440fx_write_config,
353 .qdev.name = "PIIX3",
354 .qdev.desc = "ISA bridge",
355 .qdev.size = sizeof(PIIX3State),
356 .qdev.vmsd = &vmstate_piix3,
357 .qdev.no_user = 1,
358 .init = piix3_initfn,
360 /* end of list */
364 static SysBusDeviceInfo i440fx_pcihost_info = {
365 .init = i440fx_pcihost_initfn,
366 .qdev.name = "i440FX-pcihost",
367 .qdev.size = sizeof(I440FXState),
368 .qdev.no_user = 1,
371 static void i440fx_register(void)
373 sysbus_register_withprop(&i440fx_pcihost_info);
374 pci_qdev_register_many(i440fx_info);
376 device_init(i440fx_register);