slirp: check len against dhcp options array end
[qemu/ar7.git] / hw / ppc / pnv_lpc.c
blobf03a80a29bf638df3b3132a1aee19d644a0916ba
1 /*
2 * QEMU PowerPC PowerNV LPC controller
4 * Copyright (c) 2016, IBM Corporation.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 #include "qemu/osdep.h"
21 #include "sysemu/sysemu.h"
22 #include "target/ppc/cpu.h"
23 #include "qapi/error.h"
24 #include "qemu/log.h"
26 #include "hw/ppc/pnv.h"
27 #include "hw/ppc/pnv_lpc.h"
28 #include "hw/ppc/pnv_xscom.h"
29 #include "hw/ppc/fdt.h"
31 #include <libfdt.h>
33 enum {
34 ECCB_CTL = 0,
35 ECCB_RESET = 1,
36 ECCB_STAT = 2,
37 ECCB_DATA = 3,
40 /* OPB Master LS registers */
41 #define OPB_MASTER_LS_IRQ_STAT 0x50
42 #define OPB_MASTER_IRQ_LPC 0x00000800
43 #define OPB_MASTER_LS_IRQ_MASK 0x54
44 #define OPB_MASTER_LS_IRQ_POL 0x58
45 #define OPB_MASTER_LS_IRQ_INPUT 0x5c
47 /* LPC HC registers */
48 #define LPC_HC_FW_SEG_IDSEL 0x24
49 #define LPC_HC_FW_RD_ACC_SIZE 0x28
50 #define LPC_HC_FW_RD_1B 0x00000000
51 #define LPC_HC_FW_RD_2B 0x01000000
52 #define LPC_HC_FW_RD_4B 0x02000000
53 #define LPC_HC_FW_RD_16B 0x04000000
54 #define LPC_HC_FW_RD_128B 0x07000000
55 #define LPC_HC_IRQSER_CTRL 0x30
56 #define LPC_HC_IRQSER_EN 0x80000000
57 #define LPC_HC_IRQSER_QMODE 0x40000000
58 #define LPC_HC_IRQSER_START_MASK 0x03000000
59 #define LPC_HC_IRQSER_START_4CLK 0x00000000
60 #define LPC_HC_IRQSER_START_6CLK 0x01000000
61 #define LPC_HC_IRQSER_START_8CLK 0x02000000
62 #define LPC_HC_IRQMASK 0x34 /* same bit defs as LPC_HC_IRQSTAT */
63 #define LPC_HC_IRQSTAT 0x38
64 #define LPC_HC_IRQ_SERIRQ0 0x80000000 /* all bits down to ... */
65 #define LPC_HC_IRQ_SERIRQ16 0x00008000 /* IRQ16=IOCHK#, IRQ2=SMI# */
66 #define LPC_HC_IRQ_SERIRQ_ALL 0xffff8000
67 #define LPC_HC_IRQ_LRESET 0x00000400
68 #define LPC_HC_IRQ_SYNC_ABNORM_ERR 0x00000080
69 #define LPC_HC_IRQ_SYNC_NORESP_ERR 0x00000040
70 #define LPC_HC_IRQ_SYNC_NORM_ERR 0x00000020
71 #define LPC_HC_IRQ_SYNC_TIMEOUT_ERR 0x00000010
72 #define LPC_HC_IRQ_SYNC_TARG_TAR_ERR 0x00000008
73 #define LPC_HC_IRQ_SYNC_BM_TAR_ERR 0x00000004
74 #define LPC_HC_IRQ_SYNC_BM0_REQ 0x00000002
75 #define LPC_HC_IRQ_SYNC_BM1_REQ 0x00000001
76 #define LPC_HC_ERROR_ADDRESS 0x40
78 #define LPC_OPB_SIZE 0x100000000ull
80 #define ISA_IO_SIZE 0x00010000
81 #define ISA_MEM_SIZE 0x10000000
82 #define LPC_IO_OPB_ADDR 0xd0010000
83 #define LPC_IO_OPB_SIZE 0x00010000
84 #define LPC_MEM_OPB_ADDR 0xe0010000
85 #define LPC_MEM_OPB_SIZE 0x10000000
86 #define LPC_FW_OPB_ADDR 0xf0000000
87 #define LPC_FW_OPB_SIZE 0x10000000
89 #define LPC_OPB_REGS_OPB_ADDR 0xc0010000
90 #define LPC_OPB_REGS_OPB_SIZE 0x00002000
91 #define LPC_HC_REGS_OPB_ADDR 0xc0012000
92 #define LPC_HC_REGS_OPB_SIZE 0x00001000
95 static int pnv_lpc_populate(PnvXScomInterface *dev, void *fdt, int xscom_offset)
97 const char compat[] = "ibm,power8-lpc\0ibm,lpc";
98 char *name;
99 int offset;
100 uint32_t lpc_pcba = PNV_XSCOM_LPC_BASE;
101 uint32_t reg[] = {
102 cpu_to_be32(lpc_pcba),
103 cpu_to_be32(PNV_XSCOM_LPC_SIZE)
106 name = g_strdup_printf("isa@%x", lpc_pcba);
107 offset = fdt_add_subnode(fdt, xscom_offset, name);
108 _FDT(offset);
109 g_free(name);
111 _FDT((fdt_setprop(fdt, offset, "reg", reg, sizeof(reg))));
112 _FDT((fdt_setprop_cell(fdt, offset, "#address-cells", 2)));
113 _FDT((fdt_setprop_cell(fdt, offset, "#size-cells", 1)));
114 _FDT((fdt_setprop(fdt, offset, "compatible", compat, sizeof(compat))));
115 return 0;
119 * These read/write handlers of the OPB address space should be common
120 * with the P9 LPC Controller which uses direct MMIOs.
122 * TODO: rework to use address_space_stq() and address_space_ldq()
123 * instead.
125 static bool opb_read(PnvLpcController *lpc, uint32_t addr, uint8_t *data,
126 int sz)
128 bool success;
130 /* XXX Handle access size limits and FW read caching here */
131 success = !address_space_rw(&lpc->opb_as, addr, MEMTXATTRS_UNSPECIFIED,
132 data, sz, false);
134 return success;
137 static bool opb_write(PnvLpcController *lpc, uint32_t addr, uint8_t *data,
138 int sz)
140 bool success;
142 /* XXX Handle access size limits here */
143 success = !address_space_rw(&lpc->opb_as, addr, MEMTXATTRS_UNSPECIFIED,
144 data, sz, true);
146 return success;
149 #define ECCB_CTL_READ (1ull << (63 - 15))
150 #define ECCB_CTL_SZ_LSH (63 - 7)
151 #define ECCB_CTL_SZ_MASK (0xfull << ECCB_CTL_SZ_LSH)
152 #define ECCB_CTL_ADDR_MASK 0xffffffffu;
154 #define ECCB_STAT_OP_DONE (1ull << (63 - 52))
155 #define ECCB_STAT_OP_ERR (1ull << (63 - 52))
156 #define ECCB_STAT_RD_DATA_LSH (63 - 37)
157 #define ECCB_STAT_RD_DATA_MASK (0xffffffff << ECCB_STAT_RD_DATA_LSH)
159 static void pnv_lpc_do_eccb(PnvLpcController *lpc, uint64_t cmd)
161 /* XXX Check for magic bits at the top, addr size etc... */
162 unsigned int sz = (cmd & ECCB_CTL_SZ_MASK) >> ECCB_CTL_SZ_LSH;
163 uint32_t opb_addr = cmd & ECCB_CTL_ADDR_MASK;
164 uint8_t data[4];
165 bool success;
167 if (cmd & ECCB_CTL_READ) {
168 success = opb_read(lpc, opb_addr, data, sz);
169 if (success) {
170 lpc->eccb_stat_reg = ECCB_STAT_OP_DONE |
171 (((uint64_t)data[0]) << 24 |
172 ((uint64_t)data[1]) << 16 |
173 ((uint64_t)data[2]) << 8 |
174 ((uint64_t)data[3])) << ECCB_STAT_RD_DATA_LSH;
175 } else {
176 lpc->eccb_stat_reg = ECCB_STAT_OP_DONE |
177 (0xffffffffull << ECCB_STAT_RD_DATA_LSH);
179 } else {
180 data[0] = lpc->eccb_data_reg >> 24;
181 data[1] = lpc->eccb_data_reg >> 16;
182 data[2] = lpc->eccb_data_reg >> 8;
183 data[3] = lpc->eccb_data_reg;
185 success = opb_write(lpc, opb_addr, data, sz);
186 lpc->eccb_stat_reg = ECCB_STAT_OP_DONE;
188 /* XXX Which error bit (if any) to signal OPB error ? */
191 static uint64_t pnv_lpc_xscom_read(void *opaque, hwaddr addr, unsigned size)
193 PnvLpcController *lpc = PNV_LPC(opaque);
194 uint32_t offset = addr >> 3;
195 uint64_t val = 0;
197 switch (offset & 3) {
198 case ECCB_CTL:
199 case ECCB_RESET:
200 val = 0;
201 break;
202 case ECCB_STAT:
203 val = lpc->eccb_stat_reg;
204 lpc->eccb_stat_reg = 0;
205 break;
206 case ECCB_DATA:
207 val = ((uint64_t)lpc->eccb_data_reg) << 32;
208 break;
210 return val;
213 static void pnv_lpc_xscom_write(void *opaque, hwaddr addr,
214 uint64_t val, unsigned size)
216 PnvLpcController *lpc = PNV_LPC(opaque);
217 uint32_t offset = addr >> 3;
219 switch (offset & 3) {
220 case ECCB_CTL:
221 pnv_lpc_do_eccb(lpc, val);
222 break;
223 case ECCB_RESET:
224 /* XXXX */
225 break;
226 case ECCB_STAT:
227 break;
228 case ECCB_DATA:
229 lpc->eccb_data_reg = val >> 32;
230 break;
234 static const MemoryRegionOps pnv_lpc_xscom_ops = {
235 .read = pnv_lpc_xscom_read,
236 .write = pnv_lpc_xscom_write,
237 .valid.min_access_size = 8,
238 .valid.max_access_size = 8,
239 .impl.min_access_size = 8,
240 .impl.max_access_size = 8,
241 .endianness = DEVICE_BIG_ENDIAN,
244 static void pnv_lpc_eval_irqs(PnvLpcController *lpc)
246 bool lpc_to_opb_irq = false;
248 /* Update LPC controller to OPB line */
249 if (lpc->lpc_hc_irqser_ctrl & LPC_HC_IRQSER_EN) {
250 uint32_t irqs;
252 irqs = lpc->lpc_hc_irqstat & lpc->lpc_hc_irqmask;
253 lpc_to_opb_irq = (irqs != 0);
256 /* We don't honor the polarity register, it's pointless and unused
257 * anyway
259 if (lpc_to_opb_irq) {
260 lpc->opb_irq_input |= OPB_MASTER_IRQ_LPC;
261 } else {
262 lpc->opb_irq_input &= ~OPB_MASTER_IRQ_LPC;
265 /* Update OPB internal latch */
266 lpc->opb_irq_stat |= lpc->opb_irq_input & lpc->opb_irq_mask;
268 /* Reflect the interrupt */
269 pnv_psi_irq_set(lpc->psi, PSIHB_IRQ_LPC_I2C, lpc->opb_irq_stat != 0);
272 static uint64_t lpc_hc_read(void *opaque, hwaddr addr, unsigned size)
274 PnvLpcController *lpc = opaque;
275 uint64_t val = 0xfffffffffffffffful;
277 switch (addr) {
278 case LPC_HC_FW_SEG_IDSEL:
279 val = lpc->lpc_hc_fw_seg_idsel;
280 break;
281 case LPC_HC_FW_RD_ACC_SIZE:
282 val = lpc->lpc_hc_fw_rd_acc_size;
283 break;
284 case LPC_HC_IRQSER_CTRL:
285 val = lpc->lpc_hc_irqser_ctrl;
286 break;
287 case LPC_HC_IRQMASK:
288 val = lpc->lpc_hc_irqmask;
289 break;
290 case LPC_HC_IRQSTAT:
291 val = lpc->lpc_hc_irqstat;
292 break;
293 case LPC_HC_ERROR_ADDRESS:
294 val = lpc->lpc_hc_error_addr;
295 break;
296 default:
297 qemu_log_mask(LOG_UNIMP, "LPC HC Unimplemented register: Ox%"
298 HWADDR_PRIx "\n", addr);
300 return val;
303 static void lpc_hc_write(void *opaque, hwaddr addr, uint64_t val,
304 unsigned size)
306 PnvLpcController *lpc = opaque;
308 /* XXX Filter out reserved bits */
310 switch (addr) {
311 case LPC_HC_FW_SEG_IDSEL:
312 /* XXX Actually figure out how that works as this impact
313 * memory regions/aliases
315 lpc->lpc_hc_fw_seg_idsel = val;
316 break;
317 case LPC_HC_FW_RD_ACC_SIZE:
318 lpc->lpc_hc_fw_rd_acc_size = val;
319 break;
320 case LPC_HC_IRQSER_CTRL:
321 lpc->lpc_hc_irqser_ctrl = val;
322 pnv_lpc_eval_irqs(lpc);
323 break;
324 case LPC_HC_IRQMASK:
325 lpc->lpc_hc_irqmask = val;
326 pnv_lpc_eval_irqs(lpc);
327 break;
328 case LPC_HC_IRQSTAT:
329 lpc->lpc_hc_irqstat &= ~val;
330 pnv_lpc_eval_irqs(lpc);
331 break;
332 case LPC_HC_ERROR_ADDRESS:
333 break;
334 default:
335 qemu_log_mask(LOG_UNIMP, "LPC HC Unimplemented register: Ox%"
336 HWADDR_PRIx "\n", addr);
340 static const MemoryRegionOps lpc_hc_ops = {
341 .read = lpc_hc_read,
342 .write = lpc_hc_write,
343 .endianness = DEVICE_BIG_ENDIAN,
344 .valid = {
345 .min_access_size = 4,
346 .max_access_size = 4,
348 .impl = {
349 .min_access_size = 4,
350 .max_access_size = 4,
354 static uint64_t opb_master_read(void *opaque, hwaddr addr, unsigned size)
356 PnvLpcController *lpc = opaque;
357 uint64_t val = 0xfffffffffffffffful;
359 switch (addr) {
360 case OPB_MASTER_LS_IRQ_STAT:
361 val = lpc->opb_irq_stat;
362 break;
363 case OPB_MASTER_LS_IRQ_MASK:
364 val = lpc->opb_irq_mask;
365 break;
366 case OPB_MASTER_LS_IRQ_POL:
367 val = lpc->opb_irq_pol;
368 break;
369 case OPB_MASTER_LS_IRQ_INPUT:
370 val = lpc->opb_irq_input;
371 break;
372 default:
373 qemu_log_mask(LOG_UNIMP, "OPB MASTER Unimplemented register: Ox%"
374 HWADDR_PRIx "\n", addr);
377 return val;
380 static void opb_master_write(void *opaque, hwaddr addr,
381 uint64_t val, unsigned size)
383 PnvLpcController *lpc = opaque;
385 switch (addr) {
386 case OPB_MASTER_LS_IRQ_STAT:
387 lpc->opb_irq_stat &= ~val;
388 pnv_lpc_eval_irqs(lpc);
389 break;
390 case OPB_MASTER_LS_IRQ_MASK:
391 lpc->opb_irq_mask = val;
392 pnv_lpc_eval_irqs(lpc);
393 break;
394 case OPB_MASTER_LS_IRQ_POL:
395 lpc->opb_irq_pol = val;
396 pnv_lpc_eval_irqs(lpc);
397 break;
398 case OPB_MASTER_LS_IRQ_INPUT:
399 /* Read only */
400 break;
401 default:
402 qemu_log_mask(LOG_UNIMP, "OPB MASTER Unimplemented register: Ox%"
403 HWADDR_PRIx "\n", addr);
407 static const MemoryRegionOps opb_master_ops = {
408 .read = opb_master_read,
409 .write = opb_master_write,
410 .endianness = DEVICE_BIG_ENDIAN,
411 .valid = {
412 .min_access_size = 4,
413 .max_access_size = 4,
415 .impl = {
416 .min_access_size = 4,
417 .max_access_size = 4,
421 static void pnv_lpc_realize(DeviceState *dev, Error **errp)
423 PnvLpcController *lpc = PNV_LPC(dev);
424 Object *obj;
425 Error *error = NULL;
427 /* Reg inits */
428 lpc->lpc_hc_fw_rd_acc_size = LPC_HC_FW_RD_4B;
430 /* Create address space and backing MR for the OPB bus */
431 memory_region_init(&lpc->opb_mr, OBJECT(dev), "lpc-opb", 0x100000000ull);
432 address_space_init(&lpc->opb_as, &lpc->opb_mr, "lpc-opb");
434 /* Create ISA IO and Mem space regions which are the root of
435 * the ISA bus (ie, ISA address spaces). We don't create a
436 * separate one for FW which we alias to memory.
438 memory_region_init(&lpc->isa_io, OBJECT(dev), "isa-io", ISA_IO_SIZE);
439 memory_region_init(&lpc->isa_mem, OBJECT(dev), "isa-mem", ISA_MEM_SIZE);
441 /* Create windows from the OPB space to the ISA space */
442 memory_region_init_alias(&lpc->opb_isa_io, OBJECT(dev), "lpc-isa-io",
443 &lpc->isa_io, 0, LPC_IO_OPB_SIZE);
444 memory_region_add_subregion(&lpc->opb_mr, LPC_IO_OPB_ADDR,
445 &lpc->opb_isa_io);
446 memory_region_init_alias(&lpc->opb_isa_mem, OBJECT(dev), "lpc-isa-mem",
447 &lpc->isa_mem, 0, LPC_MEM_OPB_SIZE);
448 memory_region_add_subregion(&lpc->opb_mr, LPC_MEM_OPB_ADDR,
449 &lpc->opb_isa_mem);
450 memory_region_init_alias(&lpc->opb_isa_fw, OBJECT(dev), "lpc-isa-fw",
451 &lpc->isa_mem, 0, LPC_FW_OPB_SIZE);
452 memory_region_add_subregion(&lpc->opb_mr, LPC_FW_OPB_ADDR,
453 &lpc->opb_isa_fw);
455 /* Create MMIO regions for LPC HC and OPB registers */
456 memory_region_init_io(&lpc->opb_master_regs, OBJECT(dev), &opb_master_ops,
457 lpc, "lpc-opb-master", LPC_OPB_REGS_OPB_SIZE);
458 memory_region_add_subregion(&lpc->opb_mr, LPC_OPB_REGS_OPB_ADDR,
459 &lpc->opb_master_regs);
460 memory_region_init_io(&lpc->lpc_hc_regs, OBJECT(dev), &lpc_hc_ops, lpc,
461 "lpc-hc", LPC_HC_REGS_OPB_SIZE);
462 memory_region_add_subregion(&lpc->opb_mr, LPC_HC_REGS_OPB_ADDR,
463 &lpc->lpc_hc_regs);
465 /* XScom region for LPC registers */
466 pnv_xscom_region_init(&lpc->xscom_regs, OBJECT(dev),
467 &pnv_lpc_xscom_ops, lpc, "xscom-lpc",
468 PNV_XSCOM_LPC_SIZE);
470 /* get PSI object from chip */
471 obj = object_property_get_link(OBJECT(dev), "psi", &error);
472 if (!obj) {
473 error_setg(errp, "%s: required link 'psi' not found: %s",
474 __func__, error_get_pretty(error));
475 return;
477 lpc->psi = PNV_PSI(obj);
480 static void pnv_lpc_class_init(ObjectClass *klass, void *data)
482 DeviceClass *dc = DEVICE_CLASS(klass);
483 PnvXScomInterfaceClass *xdc = PNV_XSCOM_INTERFACE_CLASS(klass);
485 xdc->populate = pnv_lpc_populate;
487 dc->realize = pnv_lpc_realize;
490 static const TypeInfo pnv_lpc_info = {
491 .name = TYPE_PNV_LPC,
492 .parent = TYPE_DEVICE,
493 .instance_size = sizeof(PnvLpcController),
494 .class_init = pnv_lpc_class_init,
495 .interfaces = (InterfaceInfo[]) {
496 { TYPE_PNV_XSCOM_INTERFACE },
501 static void pnv_lpc_register_types(void)
503 type_register_static(&pnv_lpc_info);
506 type_init(pnv_lpc_register_types)
508 /* If we don't use the built-in LPC interrupt deserializer, we need
509 * to provide a set of qirqs for the ISA bus or things will go bad.
511 * Most machines using pre-Naples chips (without said deserializer)
512 * have a CPLD that will collect the SerIRQ and shoot them as a
513 * single level interrupt to the P8 chip. So let's setup a hook
514 * for doing just that.
516 static void pnv_lpc_isa_irq_handler_cpld(void *opaque, int n, int level)
518 PnvMachineState *pnv = POWERNV_MACHINE(qdev_get_machine());
519 uint32_t old_state = pnv->cpld_irqstate;
520 PnvLpcController *lpc = PNV_LPC(opaque);
522 if (level) {
523 pnv->cpld_irqstate |= 1u << n;
524 } else {
525 pnv->cpld_irqstate &= ~(1u << n);
528 if (pnv->cpld_irqstate != old_state) {
529 pnv_psi_irq_set(lpc->psi, PSIHB_IRQ_EXTERNAL, pnv->cpld_irqstate != 0);
533 static void pnv_lpc_isa_irq_handler(void *opaque, int n, int level)
535 PnvLpcController *lpc = PNV_LPC(opaque);
537 /* The Naples HW latches the 1 levels, clearing is done by SW */
538 if (level) {
539 lpc->lpc_hc_irqstat |= LPC_HC_IRQ_SERIRQ0 >> n;
540 pnv_lpc_eval_irqs(lpc);
544 qemu_irq *pnv_lpc_isa_irq_create(PnvLpcController *lpc, int chip_type,
545 int nirqs)
547 /* Not all variants have a working serial irq decoder. If not,
548 * handling of LPC interrupts becomes a platform issue (some
549 * platforms have a CPLD to do it).
551 if (chip_type == PNV_CHIP_POWER8NVL) {
552 return qemu_allocate_irqs(pnv_lpc_isa_irq_handler, lpc, nirqs);
553 } else {
554 return qemu_allocate_irqs(pnv_lpc_isa_irq_handler_cpld, lpc, nirqs);