slirp: update with CVE-2019-14378 fix
[qemu/ar7.git] / hw / gpio / pl061.c
blob02c01fd521e268a86237268dcd00d9a23e64685b
1 /*
2 * Arm PrimeCell PL061 General Purpose IO with additional
3 * Luminary Micro Stellaris bits.
5 * Copyright (c) 2007 CodeSourcery.
6 * Written by Paul Brook
8 * This code is licensed under the GPL.
9 */
11 #include "qemu/osdep.h"
12 #include "hw/sysbus.h"
13 #include "qemu/log.h"
14 #include "qemu/module.h"
16 //#define DEBUG_PL061 1
18 #ifdef DEBUG_PL061
19 #define DPRINTF(fmt, ...) \
20 do { printf("pl061: " fmt , ## __VA_ARGS__); } while (0)
21 #define BADF(fmt, ...) \
22 do { fprintf(stderr, "pl061: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
23 #else
24 #define DPRINTF(fmt, ...) do {} while(0)
25 #define BADF(fmt, ...) \
26 do { fprintf(stderr, "pl061: error: " fmt , ## __VA_ARGS__);} while (0)
27 #endif
29 static const uint8_t pl061_id[12] =
30 { 0x00, 0x00, 0x00, 0x00, 0x61, 0x10, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
31 static const uint8_t pl061_id_luminary[12] =
32 { 0x00, 0x00, 0x00, 0x00, 0x61, 0x00, 0x18, 0x01, 0x0d, 0xf0, 0x05, 0xb1 };
34 #define TYPE_PL061 "pl061"
35 #define PL061(obj) OBJECT_CHECK(PL061State, (obj), TYPE_PL061)
37 typedef struct PL061State {
38 SysBusDevice parent_obj;
40 MemoryRegion iomem;
41 uint32_t locked;
42 uint32_t data;
43 uint32_t old_out_data;
44 uint32_t old_in_data;
45 uint32_t dir;
46 uint32_t isense;
47 uint32_t ibe;
48 uint32_t iev;
49 uint32_t im;
50 uint32_t istate;
51 uint32_t afsel;
52 uint32_t dr2r;
53 uint32_t dr4r;
54 uint32_t dr8r;
55 uint32_t odr;
56 uint32_t pur;
57 uint32_t pdr;
58 uint32_t slr;
59 uint32_t den;
60 uint32_t cr;
61 uint32_t amsel;
62 qemu_irq irq;
63 qemu_irq out[8];
64 const unsigned char *id;
65 uint32_t rsvd_start; /* reserved area: [rsvd_start, 0xfcc] */
66 } PL061State;
68 static const VMStateDescription vmstate_pl061 = {
69 .name = "pl061",
70 .version_id = 4,
71 .minimum_version_id = 4,
72 .fields = (VMStateField[]) {
73 VMSTATE_UINT32(locked, PL061State),
74 VMSTATE_UINT32(data, PL061State),
75 VMSTATE_UINT32(old_out_data, PL061State),
76 VMSTATE_UINT32(old_in_data, PL061State),
77 VMSTATE_UINT32(dir, PL061State),
78 VMSTATE_UINT32(isense, PL061State),
79 VMSTATE_UINT32(ibe, PL061State),
80 VMSTATE_UINT32(iev, PL061State),
81 VMSTATE_UINT32(im, PL061State),
82 VMSTATE_UINT32(istate, PL061State),
83 VMSTATE_UINT32(afsel, PL061State),
84 VMSTATE_UINT32(dr2r, PL061State),
85 VMSTATE_UINT32(dr4r, PL061State),
86 VMSTATE_UINT32(dr8r, PL061State),
87 VMSTATE_UINT32(odr, PL061State),
88 VMSTATE_UINT32(pur, PL061State),
89 VMSTATE_UINT32(pdr, PL061State),
90 VMSTATE_UINT32(slr, PL061State),
91 VMSTATE_UINT32(den, PL061State),
92 VMSTATE_UINT32(cr, PL061State),
93 VMSTATE_UINT32_V(amsel, PL061State, 2),
94 VMSTATE_END_OF_LIST()
98 static void pl061_update(PL061State *s)
100 uint8_t changed;
101 uint8_t mask;
102 uint8_t out;
103 int i;
105 DPRINTF("dir = %d, data = %d\n", s->dir, s->data);
107 /* Outputs float high. */
108 /* FIXME: This is board dependent. */
109 out = (s->data & s->dir) | ~s->dir;
110 changed = s->old_out_data ^ out;
111 if (changed) {
112 s->old_out_data = out;
113 for (i = 0; i < 8; i++) {
114 mask = 1 << i;
115 if (changed & mask) {
116 DPRINTF("Set output %d = %d\n", i, (out & mask) != 0);
117 qemu_set_irq(s->out[i], (out & mask) != 0);
122 /* Inputs */
123 changed = (s->old_in_data ^ s->data) & ~s->dir;
124 if (changed) {
125 s->old_in_data = s->data;
126 for (i = 0; i < 8; i++) {
127 mask = 1 << i;
128 if (changed & mask) {
129 DPRINTF("Changed input %d = %d\n", i, (s->data & mask) != 0);
131 if (!(s->isense & mask)) {
132 /* Edge interrupt */
133 if (s->ibe & mask) {
134 /* Any edge triggers the interrupt */
135 s->istate |= mask;
136 } else {
137 /* Edge is selected by IEV */
138 s->istate |= ~(s->data ^ s->iev) & mask;
145 /* Level interrupt */
146 s->istate |= ~(s->data ^ s->iev) & s->isense;
148 DPRINTF("istate = %02X\n", s->istate);
150 qemu_set_irq(s->irq, (s->istate & s->im) != 0);
153 static uint64_t pl061_read(void *opaque, hwaddr offset,
154 unsigned size)
156 PL061State *s = (PL061State *)opaque;
158 if (offset < 0x400) {
159 return s->data & (offset >> 2);
161 if (offset >= s->rsvd_start && offset <= 0xfcc) {
162 goto err_out;
164 if (offset >= 0xfd0 && offset < 0x1000) {
165 return s->id[(offset - 0xfd0) >> 2];
167 switch (offset) {
168 case 0x400: /* Direction */
169 return s->dir;
170 case 0x404: /* Interrupt sense */
171 return s->isense;
172 case 0x408: /* Interrupt both edges */
173 return s->ibe;
174 case 0x40c: /* Interrupt event */
175 return s->iev;
176 case 0x410: /* Interrupt mask */
177 return s->im;
178 case 0x414: /* Raw interrupt status */
179 return s->istate;
180 case 0x418: /* Masked interrupt status */
181 return s->istate & s->im;
182 case 0x420: /* Alternate function select */
183 return s->afsel;
184 case 0x500: /* 2mA drive */
185 return s->dr2r;
186 case 0x504: /* 4mA drive */
187 return s->dr4r;
188 case 0x508: /* 8mA drive */
189 return s->dr8r;
190 case 0x50c: /* Open drain */
191 return s->odr;
192 case 0x510: /* Pull-up */
193 return s->pur;
194 case 0x514: /* Pull-down */
195 return s->pdr;
196 case 0x518: /* Slew rate control */
197 return s->slr;
198 case 0x51c: /* Digital enable */
199 return s->den;
200 case 0x520: /* Lock */
201 return s->locked;
202 case 0x524: /* Commit */
203 return s->cr;
204 case 0x528: /* Analog mode select */
205 return s->amsel;
206 default:
207 break;
209 err_out:
210 qemu_log_mask(LOG_GUEST_ERROR,
211 "pl061_read: Bad offset %x\n", (int)offset);
212 return 0;
215 static void pl061_write(void *opaque, hwaddr offset,
216 uint64_t value, unsigned size)
218 PL061State *s = (PL061State *)opaque;
219 uint8_t mask;
221 if (offset < 0x400) {
222 mask = (offset >> 2) & s->dir;
223 s->data = (s->data & ~mask) | (value & mask);
224 pl061_update(s);
225 return;
227 if (offset >= s->rsvd_start) {
228 goto err_out;
230 switch (offset) {
231 case 0x400: /* Direction */
232 s->dir = value & 0xff;
233 break;
234 case 0x404: /* Interrupt sense */
235 s->isense = value & 0xff;
236 break;
237 case 0x408: /* Interrupt both edges */
238 s->ibe = value & 0xff;
239 break;
240 case 0x40c: /* Interrupt event */
241 s->iev = value & 0xff;
242 break;
243 case 0x410: /* Interrupt mask */
244 s->im = value & 0xff;
245 break;
246 case 0x41c: /* Interrupt clear */
247 s->istate &= ~value;
248 break;
249 case 0x420: /* Alternate function select */
250 mask = s->cr;
251 s->afsel = (s->afsel & ~mask) | (value & mask);
252 break;
253 case 0x500: /* 2mA drive */
254 s->dr2r = value & 0xff;
255 break;
256 case 0x504: /* 4mA drive */
257 s->dr4r = value & 0xff;
258 break;
259 case 0x508: /* 8mA drive */
260 s->dr8r = value & 0xff;
261 break;
262 case 0x50c: /* Open drain */
263 s->odr = value & 0xff;
264 break;
265 case 0x510: /* Pull-up */
266 s->pur = value & 0xff;
267 break;
268 case 0x514: /* Pull-down */
269 s->pdr = value & 0xff;
270 break;
271 case 0x518: /* Slew rate control */
272 s->slr = value & 0xff;
273 break;
274 case 0x51c: /* Digital enable */
275 s->den = value & 0xff;
276 break;
277 case 0x520: /* Lock */
278 s->locked = (value != 0xacce551);
279 break;
280 case 0x524: /* Commit */
281 if (!s->locked)
282 s->cr = value & 0xff;
283 break;
284 case 0x528:
285 s->amsel = value & 0xff;
286 break;
287 default:
288 goto err_out;
290 pl061_update(s);
291 return;
292 err_out:
293 qemu_log_mask(LOG_GUEST_ERROR,
294 "pl061_write: Bad offset %x\n", (int)offset);
297 static void pl061_reset(DeviceState *dev)
299 PL061State *s = PL061(dev);
301 /* reset values from PL061 TRM, Stellaris LM3S5P31 & LM3S8962 Data Sheet */
302 s->data = 0;
303 s->old_out_data = 0;
304 s->old_in_data = 0;
305 s->dir = 0;
306 s->isense = 0;
307 s->ibe = 0;
308 s->iev = 0;
309 s->im = 0;
310 s->istate = 0;
311 s->afsel = 0;
312 s->dr2r = 0xff;
313 s->dr4r = 0;
314 s->dr8r = 0;
315 s->odr = 0;
316 s->pur = 0;
317 s->pdr = 0;
318 s->slr = 0;
319 s->den = 0;
320 s->locked = 1;
321 s->cr = 0xff;
322 s->amsel = 0;
325 static void pl061_set_irq(void * opaque, int irq, int level)
327 PL061State *s = (PL061State *)opaque;
328 uint8_t mask;
330 mask = 1 << irq;
331 if ((s->dir & mask) == 0) {
332 s->data &= ~mask;
333 if (level)
334 s->data |= mask;
335 pl061_update(s);
339 static const MemoryRegionOps pl061_ops = {
340 .read = pl061_read,
341 .write = pl061_write,
342 .endianness = DEVICE_NATIVE_ENDIAN,
345 static void pl061_luminary_init(Object *obj)
347 PL061State *s = PL061(obj);
349 s->id = pl061_id_luminary;
350 s->rsvd_start = 0x52c;
353 static void pl061_init(Object *obj)
355 PL061State *s = PL061(obj);
356 DeviceState *dev = DEVICE(obj);
357 SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
359 s->id = pl061_id;
360 s->rsvd_start = 0x424;
362 memory_region_init_io(&s->iomem, obj, &pl061_ops, s, "pl061", 0x1000);
363 sysbus_init_mmio(sbd, &s->iomem);
364 sysbus_init_irq(sbd, &s->irq);
365 qdev_init_gpio_in(dev, pl061_set_irq, 8);
366 qdev_init_gpio_out(dev, s->out, 8);
369 static void pl061_class_init(ObjectClass *klass, void *data)
371 DeviceClass *dc = DEVICE_CLASS(klass);
373 dc->vmsd = &vmstate_pl061;
374 dc->reset = &pl061_reset;
377 static const TypeInfo pl061_info = {
378 .name = TYPE_PL061,
379 .parent = TYPE_SYS_BUS_DEVICE,
380 .instance_size = sizeof(PL061State),
381 .instance_init = pl061_init,
382 .class_init = pl061_class_init,
385 static const TypeInfo pl061_luminary_info = {
386 .name = "pl061_luminary",
387 .parent = TYPE_PL061,
388 .instance_init = pl061_luminary_init,
391 static void pl061_register_types(void)
393 type_register_static(&pl061_info);
394 type_register_static(&pl061_luminary_info);
397 type_init(pl061_register_types)