search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Out off array access in usb-net
[qemu.git] / hw / pci_bridge.c
blob58cc2e4cee20ac4b99f286a26ab29bb1b442c3a0
1 /*
2 * QEMU PCI bus manager
3 *
4 * Copyright (c) 2004 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to dea
8
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
22
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26 /*
27 * split out from pci.c
28 * Copyright (c) 2010 Isaku Yamahata <yamahata at valinux co jp>
29 * VA Linux Systems Japan K.K.
30 */
31
32 #include "pci_bridge.h"
33 #include "pci_internals.h"
34 #include "range.h"
35
36 /* PCI bridge subsystem vendor ID helper functions */
37 #define PCI_SSVID_SIZEOF 8
38 #define PCI_SSVID_SVID 4
39 #define PCI_SSVID_SSID 6
40
41 int pci_bridge_ssvid_init(PCIDevice *dev, uint8_t offset,
42 uint16_t svid, uint16_t ssid)
43 {
44 int pos;
45 pos = pci_add_capability(dev, PCI_CAP_ID_SSVID, offset, PCI_SSVID_SIZEOF);
46 if (pos < 0) {
47 return pos;
48 }
49
50 pci_set_word(dev->config + pos + PCI_SSVID_SVID, svid);
51 pci_set_word(dev->config + pos + PCI_SSVID_SSID, ssid);
52 return pos;
53 }
54
55 /* Accessor function to get parent bridge device from pci bus. */
56 PCIDevice *pci_bridge_get_device(PCIBus *bus)
57 {
58 return bus->parent_dev;
59 }
60
61 /* Accessor function to get secondary bus from pci-to-pci bridge device */
62 PCIBus *pci_bridge_get_sec_bus(PCIBridge *br)
63 {
64 return &br->sec_bus;
65 }
66
67 static uint32_t pci_config_get_io_base(const PCIDevice *d,
68 uint32_t base, uint32_t base_upper16)
69 {
70 uint32_t val;
71
72 val = ((uint32_t)d->config[base] & PCI_IO_RANGE_MASK) << 8;
73 if (d->config[base] & PCI_IO_RANGE_TYPE_32) {
74 val |= (uint32_t)pci_get_word(d->config + base_upper16) << 16;
75 }
76 return val;
77 }
78
79 static pcibus_t pci_config_get_memory_base(const PCIDevice *d, uint32_t base)
80 {
81 return ((pcibus_t)pci_get_word(d->config + base) & PCI_MEMORY_RANGE_MASK)
82 << 16;
83 }
84
85 static pcibus_t pci_config_get_pref_base(const PCIDevice *d,
86 uint32_t base, uint32_t upper)
87 {
88 pcibus_t tmp;
89 pcibus_t val;
90
91 tmp = (pcibus_t)pci_get_word(d->config + base);
92 val = (tmp & PCI_PREF_RANGE_MASK) << 16;
93 if (tmp & PCI_PREF_RANGE_TYPE_64) {
94 val |= (pcibus_t)pci_get_long(d->config + upper) << 32;
95 }
96 return val;
97 }
98
99 /* accessor function to get bridge filtering base address */
100 pcibus_t pci_bridge_get_base(const PCIDevice *bridge, uint8_t type)
101 {
102 pcibus_t base;
103 if (type & PCI_BASE_ADDRESS_SPACE_IO) {
104 base = pci_config_get_io_base(bridge,
105 PCI_IO_BASE, PCI_IO_BASE_UPPER16);
106 } else {
107 if (type & PCI_BASE_ADDRESS_MEM_PREFETCH) {
108 base = pci_config_get_pref_base(
109 bridge, PCI_PREF_MEMORY_BASE, PCI_PREF_BASE_UPPER32);
110 } else {
111 base = pci_config_get_memory_base(bridge, PCI_MEMORY_BASE);
112 }
113 }
114
115 return base;
116 }
117
118 /* accessor funciton to get bridge filtering limit */
119 pcibus_t pci_bridge_get_limit(const PCIDevice *bridge, uint8_t type)
120 {
121 pcibus_t limit;
122 if (type & PCI_BASE_ADDRESS_SPACE_IO) {
123 limit = pci_config_get_io_base(bridge,
124 PCI_IO_LIMIT, PCI_IO_LIMIT_UPPER16);
125 limit |= 0xfff; /* PCI bridge spec 3.2.5.6. */
126 } else {
127 if (type & PCI_BASE_ADDRESS_MEM_PREFETCH) {
128 limit = pci_config_get_pref_base(
129 bridge, PCI_PREF_MEMORY_LIMIT, PCI_PREF_LIMIT_UPPER32);
130 } else {
131 limit = pci_config_get_memory_base(bridge, PCI_MEMORY_LIMIT);
132 }
133 limit |= 0xfffff; /* PCI bridge spec 3.2.5.{1, 8}. */
134 }
135 return limit;
136 }
137
138 /* default write_config function for PCI-to-PCI bridge */
139 void pci_bridge_write_config(PCIDevice *d,
140 uint32_t address, uint32_t val, int len)
141 {
142 pci_default_write_config(d, address, val, len);
143
144 if (/* io base/limit */
145 ranges_overlap(address, len, PCI_IO_BASE, 2) ||
146
147 /* memory base/limit, prefetchable base/limit and
148 io base/limit upper 16 */
149 ranges_overlap(address, len, PCI_MEMORY_BASE, 20)) {
150 PCIBridge *s = container_of(d, PCIBridge, dev);
151 pci_bridge_update_mappings(&s->sec_bus);
152 }
153 }
154
155 void pci_bridge_disable_base_limit(PCIDevice *dev)
156 {
157 uint8_t *conf = dev->config;
158
159 pci_byte_test_and_set_mask(conf + PCI_IO_BASE,
160 PCI_IO_RANGE_MASK & 0xff);
161 pci_byte_test_and_clear_mask(conf + PCI_IO_LIMIT,
162 PCI_IO_RANGE_MASK & 0xff);
163 pci_word_test_and_set_mask(conf + PCI_MEMORY_BASE,
164 PCI_MEMORY_RANGE_MASK & 0xffff);
165 pci_word_test_and_clear_mask(conf + PCI_MEMORY_LIMIT,
166 PCI_MEMORY_RANGE_MASK & 0xffff);
167 pci_word_test_and_set_mask(conf + PCI_PREF_MEMORY_BASE,
168 PCI_PREF_RANGE_MASK & 0xffff);
169 pci_word_test_and_clear_mask(conf + PCI_PREF_MEMORY_LIMIT,
170 PCI_PREF_RANGE_MASK & 0xffff);
171 pci_set_word(conf + PCI_PREF_BASE_UPPER32, 0);
172 pci_set_word(conf + PCI_PREF_LIMIT_UPPER32, 0);
173 }
174
175 /* reset bridge specific configuration registers */
176 void pci_bridge_reset_reg(PCIDevice *dev)
177 {
178 uint8_t *conf = dev->config;
179
180 conf[PCI_PRIMARY_BUS] = 0;
181 conf[PCI_SECONDARY_BUS] = 0;
182 conf[PCI_SUBORDINATE_BUS] = 0;
183 conf[PCI_SEC_LATENCY_TIMER] = 0;
184
185 /*
186 * the default values for base/limit registers aren't specified
187 * in the PCI-to-PCI-bridge spec. So we don't thouch them here.
188 * Each implementation can override it.
189 * typical implementation does
190 * zero base/limit registers or
191 * disable forwarding: pci_bridge_disable_base_limit()
192 * If disable forwarding is wanted, call pci_bridge_disable_base_limit()
193 * after this function.
194 */
195 pci_byte_test_and_clear_mask(conf + PCI_IO_BASE,
196 PCI_IO_RANGE_MASK & 0xff);
197 pci_byte_test_and_clear_mask(conf + PCI_IO_LIMIT,
198 PCI_IO_RANGE_MASK & 0xff);
199 pci_word_test_and_clear_mask(conf + PCI_MEMORY_BASE,
200 PCI_MEMORY_RANGE_MASK & 0xffff);
201 pci_word_test_and_clear_mask(conf + PCI_MEMORY_LIMIT,
202 PCI_MEMORY_RANGE_MASK & 0xffff);
203 pci_word_test_and_clear_mask(conf + PCI_PREF_MEMORY_BASE,
204 PCI_PREF_RANGE_MASK & 0xffff);
205 pci_word_test_and_clear_mask(conf + PCI_PREF_MEMORY_LIMIT,
206 PCI_PREF_RANGE_MASK & 0xffff);
207 pci_set_word(conf + PCI_PREF_BASE_UPPER32, 0);
208 pci_set_word(conf + PCI_PREF_LIMIT_UPPER32, 0);
209
210 pci_set_word(conf + PCI_BRIDGE_CONTROL, 0);
211 }
212
213 /* default reset function for PCI-to-PCI bridge */
214 void pci_bridge_reset(DeviceState *qdev)
215 {
216 PCIDevice *dev = DO_UPCAST(PCIDevice, qdev, qdev);
217 pci_bridge_reset_reg(dev);
218 }
219
220 /* default qdev initialization function for PCI-to-PCI bridge */
221 int pci_bridge_initfn(PCIDevice *dev)
222 {
223 PCIBus *parent = dev->bus;
224 PCIBridge *br = DO_UPCAST(PCIBridge, dev, dev);
225 PCIBus *sec_bus = &br->sec_bus;
226
227 pci_set_word(dev->config + PCI_STATUS,
228 PCI_STATUS_66MHZ | PCI_STATUS_FAST_BACK);
229 pci_config_set_class(dev->config, PCI_CLASS_BRIDGE_PCI);
230 dev->config[PCI_HEADER_TYPE] =
231 (dev->config[PCI_HEADER_TYPE] & PCI_HEADER_TYPE_MULTI_FUNCTION) |
232 PCI_HEADER_TYPE_BRIDGE;
233 pci_set_word(dev->config + PCI_SEC_STATUS,
234 PCI_STATUS_66MHZ | PCI_STATUS_FAST_BACK);
235
236 qbus_create_inplace(&sec_bus->qbus, &pci_bus_info, &dev->qdev,
237 br->bus_name);
238 sec_bus->parent_dev = dev;
239 sec_bus->map_irq = br->map_irq;
240
241 QLIST_INIT(&sec_bus->child);
242 QLIST_INSERT_HEAD(&parent->child, sec_bus, sibling);
243 return 0;
244 }
245
246 /* default qdev clean up function for PCI-to-PCI bridge */
247 int pci_bridge_exitfn(PCIDevice *pci_dev)
248 {
249 PCIBridge *s = DO_UPCAST(PCIBridge, dev, pci_dev);
250 assert(QLIST_EMPTY(&s->sec_bus.child));
251 QLIST_REMOVE(&s->sec_bus, sibling);
252 /* qbus_free() is called automatically by qdev_free() */
253 return 0;
254 }
255
256 /*
257 * before qdev initialization(qdev_init()), this function sets bus_name and
258 * map_irq callback which are necessry for pci_bridge_initfn() to
259 * initialize bus.
260 */
261 void pci_bridge_map_irq(PCIBridge *br, const char* bus_name,
262 pci_map_irq_fn map_irq)
263 {
264 br->map_irq = map_irq;
265 br->bus_name = bus_name;
266 }
QEmu