rtl8139: avoid nested ifs in IP header parsing (CVE-2015-5165)
[qemu/ar7.git] / hw / isa / vt82c686.c
blob252e1d71452a8973b2497bdecb40860b57d0477d
1 /*
2 * VT82C686B south bridge support
4 * Copyright (c) 2008 yajin (yajin@vm-kernel.org)
5 * Copyright (c) 2009 chenming (chenming@rdc.faw.com.cn)
6 * Copyright (c) 2010 Huacai Chen (zltjiangshi@gmail.com)
7 * This code is licensed under the GNU GPL v2.
9 * Contributions after 2012-01-13 are licensed under the terms of the
10 * GNU GPL, version 2 or (at your option) any later version.
13 #include "hw/hw.h"
14 #include "hw/i386/pc.h"
15 #include "hw/isa/vt82c686.h"
16 #include "hw/i2c/i2c.h"
17 #include "hw/i2c/smbus.h"
18 #include "hw/pci/pci.h"
19 #include "hw/isa/isa.h"
20 #include "hw/sysbus.h"
21 #include "hw/mips/mips.h"
22 #include "hw/isa/apm.h"
23 #include "hw/acpi/acpi.h"
24 #include "hw/i2c/pm_smbus.h"
25 #include "sysemu/sysemu.h"
26 #include "qemu/timer.h"
27 #include "exec/address-spaces.h"
29 //#define DEBUG_VT82C686B
31 #ifdef DEBUG_VT82C686B
32 #define DPRINTF(fmt, ...) fprintf(stderr, "%s: " fmt, __FUNCTION__, ##__VA_ARGS__)
33 #else
34 #define DPRINTF(fmt, ...)
35 #endif
37 typedef struct SuperIOConfig
39 uint8_t config[0x100];
40 uint8_t index;
41 uint8_t data;
42 } SuperIOConfig;
44 typedef struct VT82C686BState {
45 PCIDevice dev;
46 MemoryRegion superio;
47 SuperIOConfig superio_conf;
48 } VT82C686BState;
50 #define TYPE_VT82C686B_DEVICE "VT82C686B"
51 #define VT82C686B_DEVICE(obj) \
52 OBJECT_CHECK(VT82C686BState, (obj), TYPE_VT82C686B_DEVICE)
54 static void superio_ioport_writeb(void *opaque, hwaddr addr, uint64_t data,
55 unsigned size)
57 SuperIOConfig *superio_conf = opaque;
59 DPRINTF("superio_ioport_writeb address 0x%x val 0x%x\n", addr, data);
60 if (addr == 0x3f0) {
61 superio_conf->index = data & 0xff;
62 } else {
63 bool can_write = true;
64 /* 0x3f1 */
65 switch (superio_conf->index) {
66 case 0x00 ... 0xdf:
67 case 0xe4:
68 case 0xe5:
69 case 0xe9 ... 0xed:
70 case 0xf3:
71 case 0xf5:
72 case 0xf7:
73 case 0xf9 ... 0xfb:
74 case 0xfd ... 0xff:
75 can_write = false;
76 break;
77 case 0xe7:
78 if ((data & 0xff) != 0xfe) {
79 DPRINTF("change uart 1 base. unsupported yet\n");
80 can_write = false;
82 break;
83 case 0xe8:
84 if ((data & 0xff) != 0xbe) {
85 DPRINTF("change uart 2 base. unsupported yet\n");
86 can_write = false;
88 break;
89 default:
90 break;
93 if (can_write) {
94 superio_conf->config[superio_conf->index] = data & 0xff;
99 static uint64_t superio_ioport_readb(void *opaque, hwaddr addr, unsigned size)
101 SuperIOConfig *superio_conf = opaque;
103 DPRINTF("superio_ioport_readb address 0x%x\n", addr);
104 return (superio_conf->config[superio_conf->index]);
107 static const MemoryRegionOps superio_ops = {
108 .read = superio_ioport_readb,
109 .write = superio_ioport_writeb,
110 .endianness = DEVICE_NATIVE_ENDIAN,
111 .impl = {
112 .min_access_size = 1,
113 .max_access_size = 1,
117 static void vt82c686b_reset(void * opaque)
119 PCIDevice *d = opaque;
120 uint8_t *pci_conf = d->config;
121 VT82C686BState *vt82c = VT82C686B_DEVICE(d);
123 pci_set_long(pci_conf + PCI_CAPABILITY_LIST, 0x000000c0);
124 pci_set_word(pci_conf + PCI_COMMAND, PCI_COMMAND_IO | PCI_COMMAND_MEMORY |
125 PCI_COMMAND_MASTER | PCI_COMMAND_SPECIAL);
126 pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_DEVSEL_MEDIUM);
128 pci_conf[0x48] = 0x01; /* Miscellaneous Control 3 */
129 pci_conf[0x4a] = 0x04; /* IDE interrupt Routing */
130 pci_conf[0x4f] = 0x03; /* DMA/Master Mem Access Control 3 */
131 pci_conf[0x50] = 0x2d; /* PnP DMA Request Control */
132 pci_conf[0x59] = 0x04;
133 pci_conf[0x5a] = 0x04; /* KBC/RTC Control*/
134 pci_conf[0x5f] = 0x04;
135 pci_conf[0x77] = 0x10; /* GPIO Control 1/2/3/4 */
137 vt82c->superio_conf.config[0xe0] = 0x3c;
138 vt82c->superio_conf.config[0xe2] = 0x03;
139 vt82c->superio_conf.config[0xe3] = 0xfc;
140 vt82c->superio_conf.config[0xe6] = 0xde;
141 vt82c->superio_conf.config[0xe7] = 0xfe;
142 vt82c->superio_conf.config[0xe8] = 0xbe;
145 /* write config pci function0 registers. PCI-ISA bridge */
146 static void vt82c686b_write_config(PCIDevice * d, uint32_t address,
147 uint32_t val, int len)
149 VT82C686BState *vt686 = VT82C686B_DEVICE(d);
151 DPRINTF("vt82c686b_write_config address 0x%x val 0x%x len 0x%x\n",
152 address, val, len);
154 pci_default_write_config(d, address, val, len);
155 if (address == 0x85) { /* enable or disable super IO configure */
156 memory_region_set_enabled(&vt686->superio, val & 0x2);
160 #define ACPI_DBG_IO_ADDR 0xb044
162 typedef struct VT686PMState {
163 PCIDevice dev;
164 MemoryRegion io;
165 ACPIREGS ar;
166 APMState apm;
167 PMSMBus smb;
168 uint32_t smb_io_base;
169 } VT686PMState;
171 typedef struct VT686AC97State {
172 PCIDevice dev;
173 } VT686AC97State;
175 typedef struct VT686MC97State {
176 PCIDevice dev;
177 } VT686MC97State;
179 #define TYPE_VT82C686B_PM_DEVICE "VT82C686B_PM"
180 #define VT82C686B_PM_DEVICE(obj) \
181 OBJECT_CHECK(VT686PMState, (obj), TYPE_VT82C686B_PM_DEVICE)
183 #define TYPE_VT82C686B_MC97_DEVICE "VT82C686B_MC97"
184 #define VT82C686B_MC97_DEVICE(obj) \
185 OBJECT_CHECK(VT686MC97State, (obj), TYPE_VT82C686B_MC97_DEVICE)
187 #define TYPE_VT82C686B_AC97_DEVICE "VT82C686B_AC97"
188 #define VT82C686B_AC97_DEVICE(obj) \
189 OBJECT_CHECK(VT686AC97State, (obj), TYPE_VT82C686B_AC97_DEVICE)
191 static void pm_update_sci(VT686PMState *s)
193 int sci_level, pmsts;
195 pmsts = acpi_pm1_evt_get_sts(&s->ar);
196 sci_level = (((pmsts & s->ar.pm1.evt.en) &
197 (ACPI_BITMASK_RT_CLOCK_ENABLE |
198 ACPI_BITMASK_POWER_BUTTON_ENABLE |
199 ACPI_BITMASK_GLOBAL_LOCK_ENABLE |
200 ACPI_BITMASK_TIMER_ENABLE)) != 0);
201 pci_set_irq(&s->dev, sci_level);
202 /* schedule a timer interruption if needed */
203 acpi_pm_tmr_update(&s->ar, (s->ar.pm1.evt.en & ACPI_BITMASK_TIMER_ENABLE) &&
204 !(pmsts & ACPI_BITMASK_TIMER_STATUS));
207 static void pm_tmr_timer(ACPIREGS *ar)
209 VT686PMState *s = container_of(ar, VT686PMState, ar);
210 pm_update_sci(s);
213 static void pm_io_space_update(VT686PMState *s)
215 uint32_t pm_io_base;
217 pm_io_base = pci_get_long(s->dev.config + 0x40);
218 pm_io_base &= 0xffc0;
220 memory_region_transaction_begin();
221 memory_region_set_enabled(&s->io, s->dev.config[0x80] & 1);
222 memory_region_set_address(&s->io, pm_io_base);
223 memory_region_transaction_commit();
226 static void pm_write_config(PCIDevice *d,
227 uint32_t address, uint32_t val, int len)
229 DPRINTF("pm_write_config address 0x%x val 0x%x len 0x%x\n",
230 address, val, len);
231 pci_default_write_config(d, address, val, len);
234 static int vmstate_acpi_post_load(void *opaque, int version_id)
236 VT686PMState *s = opaque;
238 pm_io_space_update(s);
239 return 0;
242 static const VMStateDescription vmstate_acpi = {
243 .name = "vt82c686b_pm",
244 .version_id = 1,
245 .minimum_version_id = 1,
246 .post_load = vmstate_acpi_post_load,
247 .fields = (VMStateField[]) {
248 VMSTATE_PCI_DEVICE(dev, VT686PMState),
249 VMSTATE_UINT16(ar.pm1.evt.sts, VT686PMState),
250 VMSTATE_UINT16(ar.pm1.evt.en, VT686PMState),
251 VMSTATE_UINT16(ar.pm1.cnt.cnt, VT686PMState),
252 VMSTATE_STRUCT(apm, VT686PMState, 0, vmstate_apm, APMState),
253 VMSTATE_TIMER_PTR(ar.tmr.timer, VT686PMState),
254 VMSTATE_INT64(ar.tmr.overflow_time, VT686PMState),
255 VMSTATE_END_OF_LIST()
260 * TODO: vt82c686b_ac97_init() and vt82c686b_mc97_init()
261 * just register a PCI device now, functionalities will be implemented later.
264 static void vt82c686b_ac97_realize(PCIDevice *dev, Error **errp)
266 VT686AC97State *s = VT82C686B_AC97_DEVICE(dev);
267 uint8_t *pci_conf = s->dev.config;
269 pci_set_word(pci_conf + PCI_COMMAND, PCI_COMMAND_INVALIDATE |
270 PCI_COMMAND_PARITY);
271 pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_CAP_LIST |
272 PCI_STATUS_DEVSEL_MEDIUM);
273 pci_set_long(pci_conf + PCI_INTERRUPT_PIN, 0x03);
276 void vt82c686b_ac97_init(PCIBus *bus, int devfn)
278 PCIDevice *dev;
280 dev = pci_create(bus, devfn, TYPE_VT82C686B_AC97_DEVICE);
281 qdev_init_nofail(&dev->qdev);
284 static void via_ac97_class_init(ObjectClass *klass, void *data)
286 DeviceClass *dc = DEVICE_CLASS(klass);
287 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
289 k->realize = vt82c686b_ac97_realize;
290 k->vendor_id = PCI_VENDOR_ID_VIA;
291 k->device_id = PCI_DEVICE_ID_VIA_AC97;
292 k->revision = 0x50;
293 k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
294 set_bit(DEVICE_CATEGORY_SOUND, dc->categories);
295 dc->desc = "AC97";
298 static const TypeInfo via_ac97_info = {
299 .name = TYPE_VT82C686B_AC97_DEVICE,
300 .parent = TYPE_PCI_DEVICE,
301 .instance_size = sizeof(VT686AC97State),
302 .class_init = via_ac97_class_init,
305 static void vt82c686b_mc97_realize(PCIDevice *dev, Error **errp)
307 VT686MC97State *s = VT82C686B_MC97_DEVICE(dev);
308 uint8_t *pci_conf = s->dev.config;
310 pci_set_word(pci_conf + PCI_COMMAND, PCI_COMMAND_INVALIDATE |
311 PCI_COMMAND_VGA_PALETTE);
312 pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_DEVSEL_MEDIUM);
313 pci_set_long(pci_conf + PCI_INTERRUPT_PIN, 0x03);
316 void vt82c686b_mc97_init(PCIBus *bus, int devfn)
318 PCIDevice *dev;
320 dev = pci_create(bus, devfn, TYPE_VT82C686B_MC97_DEVICE);
321 qdev_init_nofail(&dev->qdev);
324 static void via_mc97_class_init(ObjectClass *klass, void *data)
326 DeviceClass *dc = DEVICE_CLASS(klass);
327 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
329 k->realize = vt82c686b_mc97_realize;
330 k->vendor_id = PCI_VENDOR_ID_VIA;
331 k->device_id = PCI_DEVICE_ID_VIA_MC97;
332 k->class_id = PCI_CLASS_COMMUNICATION_OTHER;
333 k->revision = 0x30;
334 set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
335 dc->desc = "MC97";
338 static const TypeInfo via_mc97_info = {
339 .name = TYPE_VT82C686B_MC97_DEVICE,
340 .parent = TYPE_PCI_DEVICE,
341 .instance_size = sizeof(VT686MC97State),
342 .class_init = via_mc97_class_init,
345 /* vt82c686 pm init */
346 static void vt82c686b_pm_realize(PCIDevice *dev, Error **errp)
348 VT686PMState *s = VT82C686B_PM_DEVICE(dev);
349 uint8_t *pci_conf;
351 pci_conf = s->dev.config;
352 pci_set_word(pci_conf + PCI_COMMAND, 0);
353 pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_FAST_BACK |
354 PCI_STATUS_DEVSEL_MEDIUM);
356 /* 0x48-0x4B is Power Management I/O Base */
357 pci_set_long(pci_conf + 0x48, 0x00000001);
359 /* SMB ports:0xeee0~0xeeef */
360 s->smb_io_base =((s->smb_io_base & 0xfff0) + 0x0);
361 pci_conf[0x90] = s->smb_io_base | 1;
362 pci_conf[0x91] = s->smb_io_base >> 8;
363 pci_conf[0xd2] = 0x90;
364 pm_smbus_init(&s->dev.qdev, &s->smb);
365 memory_region_add_subregion(get_system_io(), s->smb_io_base, &s->smb.io);
367 apm_init(dev, &s->apm, NULL, s);
369 memory_region_init(&s->io, OBJECT(dev), "vt82c686-pm", 64);
370 memory_region_set_enabled(&s->io, false);
371 memory_region_add_subregion(get_system_io(), 0, &s->io);
373 acpi_pm_tmr_init(&s->ar, pm_tmr_timer, &s->io);
374 acpi_pm1_evt_init(&s->ar, pm_tmr_timer, &s->io);
375 acpi_pm1_cnt_init(&s->ar, &s->io, false, false, 2);
378 I2CBus *vt82c686b_pm_init(PCIBus *bus, int devfn, uint32_t smb_io_base,
379 qemu_irq sci_irq)
381 PCIDevice *dev;
382 VT686PMState *s;
384 dev = pci_create(bus, devfn, TYPE_VT82C686B_PM_DEVICE);
385 qdev_prop_set_uint32(&dev->qdev, "smb_io_base", smb_io_base);
387 s = VT82C686B_PM_DEVICE(dev);
389 qdev_init_nofail(&dev->qdev);
391 return s->smb.smbus;
394 static Property via_pm_properties[] = {
395 DEFINE_PROP_UINT32("smb_io_base", VT686PMState, smb_io_base, 0),
396 DEFINE_PROP_END_OF_LIST(),
399 static void via_pm_class_init(ObjectClass *klass, void *data)
401 DeviceClass *dc = DEVICE_CLASS(klass);
402 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
404 k->realize = vt82c686b_pm_realize;
405 k->config_write = pm_write_config;
406 k->vendor_id = PCI_VENDOR_ID_VIA;
407 k->device_id = PCI_DEVICE_ID_VIA_ACPI;
408 k->class_id = PCI_CLASS_BRIDGE_OTHER;
409 k->revision = 0x40;
410 dc->desc = "PM";
411 dc->vmsd = &vmstate_acpi;
412 set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
413 dc->props = via_pm_properties;
416 static const TypeInfo via_pm_info = {
417 .name = TYPE_VT82C686B_PM_DEVICE,
418 .parent = TYPE_PCI_DEVICE,
419 .instance_size = sizeof(VT686PMState),
420 .class_init = via_pm_class_init,
423 static const VMStateDescription vmstate_via = {
424 .name = "vt82c686b",
425 .version_id = 1,
426 .minimum_version_id = 1,
427 .fields = (VMStateField[]) {
428 VMSTATE_PCI_DEVICE(dev, VT82C686BState),
429 VMSTATE_END_OF_LIST()
433 /* init the PCI-to-ISA bridge */
434 static void vt82c686b_realize(PCIDevice *d, Error **errp)
436 VT82C686BState *vt82c = VT82C686B_DEVICE(d);
437 uint8_t *pci_conf;
438 ISABus *isa_bus;
439 uint8_t *wmask;
440 int i;
442 isa_bus = isa_bus_new(DEVICE(d), get_system_memory(),
443 pci_address_space_io(d));
445 pci_conf = d->config;
446 pci_config_set_prog_interface(pci_conf, 0x0);
448 wmask = d->wmask;
449 for (i = 0x00; i < 0xff; i++) {
450 if (i<=0x03 || (i>=0x08 && i<=0x3f)) {
451 wmask[i] = 0x00;
455 memory_region_init_io(&vt82c->superio, OBJECT(d), &superio_ops,
456 &vt82c->superio_conf, "superio", 2);
457 memory_region_set_enabled(&vt82c->superio, false);
458 /* The floppy also uses 0x3f0 and 0x3f1.
459 * But we do not emulate a floppy, so just set it here. */
460 memory_region_add_subregion(isa_bus->address_space_io, 0x3f0,
461 &vt82c->superio);
463 qemu_register_reset(vt82c686b_reset, d);
466 ISABus *vt82c686b_init(PCIBus *bus, int devfn)
468 PCIDevice *d;
470 d = pci_create_simple_multifunction(bus, devfn, true,
471 TYPE_VT82C686B_DEVICE);
473 return ISA_BUS(qdev_get_child_bus(DEVICE(d), "isa.0"));
476 static void via_class_init(ObjectClass *klass, void *data)
478 DeviceClass *dc = DEVICE_CLASS(klass);
479 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
481 k->realize = vt82c686b_realize;
482 k->config_write = vt82c686b_write_config;
483 k->vendor_id = PCI_VENDOR_ID_VIA;
484 k->device_id = PCI_DEVICE_ID_VIA_ISA_BRIDGE;
485 k->class_id = PCI_CLASS_BRIDGE_ISA;
486 k->revision = 0x40;
487 dc->desc = "ISA bridge";
488 dc->vmsd = &vmstate_via;
490 * Reason: part of VIA VT82C686 southbridge, needs to be wired up,
491 * e.g. by mips_fulong2e_init()
493 dc->cannot_instantiate_with_device_add_yet = true;
496 static const TypeInfo via_info = {
497 .name = TYPE_VT82C686B_DEVICE,
498 .parent = TYPE_PCI_DEVICE,
499 .instance_size = sizeof(VT82C686BState),
500 .class_init = via_class_init,
503 static void vt82c686b_register_types(void)
505 type_register_static(&via_ac97_info);
506 type_register_static(&via_mc97_info);
507 type_register_static(&via_pm_info);
508 type_register_static(&via_info);
511 type_init(vt82c686b_register_types)