hpet: Catch out-of-bounds timer access
[qemu/stefanha.git] / hw / pxa2xx_keypad.c
blob060df584455fcb05a8c0f22c7d0eaca434973891
1 /*
2 * Intel PXA27X Keypad Controller emulation.
4 * Copyright (c) 2007 MontaVista Software, Inc
5 * Written by Armin Kuster <akuster@kama-aina.net>
6 * or <Akuster@mvista.com>
8 * This code is licensed under the GPLv2.
9 */
11 #include "hw.h"
12 #include "pxa.h"
13 #include "console.h"
16 * Keypad
18 #define KPC 0x00 /* Keypad Interface Control register */
19 #define KPDK 0x08 /* Keypad Interface Direct Key register */
20 #define KPREC 0x10 /* Keypad Interface Rotary Encoder register */
21 #define KPMK 0x18 /* Keypad Interface Matrix Key register */
22 #define KPAS 0x20 /* Keypad Interface Automatic Scan register */
23 #define KPASMKP0 0x28 /* Keypad Interface Automatic Scan Multiple
24 Key Presser register 0 */
25 #define KPASMKP1 0x30 /* Keypad Interface Automatic Scan Multiple
26 Key Presser register 1 */
27 #define KPASMKP2 0x38 /* Keypad Interface Automatic Scan Multiple
28 Key Presser register 2 */
29 #define KPASMKP3 0x40 /* Keypad Interface Automatic Scan Multiple
30 Key Presser register 3 */
31 #define KPKDI 0x48 /* Keypad Interface Key Debounce Interval
32 register */
34 /* Keypad defines */
35 #define KPC_AS (0x1 << 30) /* Automatic Scan bit */
36 #define KPC_ASACT (0x1 << 29) /* Automatic Scan on Activity */
37 #define KPC_MI (0x1 << 22) /* Matrix interrupt bit */
38 #define KPC_IMKP (0x1 << 21) /* Ignore Multiple Key Press */
39 #define KPC_MS7 (0x1 << 20) /* Matrix scan line 7 */
40 #define KPC_MS6 (0x1 << 19) /* Matrix scan line 6 */
41 #define KPC_MS5 (0x1 << 18) /* Matrix scan line 5 */
42 #define KPC_MS4 (0x1 << 17) /* Matrix scan line 4 */
43 #define KPC_MS3 (0x1 << 16) /* Matrix scan line 3 */
44 #define KPC_MS2 (0x1 << 15) /* Matrix scan line 2 */
45 #define KPC_MS1 (0x1 << 14) /* Matrix scan line 1 */
46 #define KPC_MS0 (0x1 << 13) /* Matrix scan line 0 */
47 #define KPC_ME (0x1 << 12) /* Matrix Keypad Enable */
48 #define KPC_MIE (0x1 << 11) /* Matrix Interrupt Enable */
49 #define KPC_DK_DEB_SEL (0x1 << 9) /* Direct Keypad Debounce Select */
50 #define KPC_DI (0x1 << 5) /* Direct key interrupt bit */
51 #define KPC_RE_ZERO_DEB (0x1 << 4) /* Rotary Encoder Zero Debounce */
52 #define KPC_REE1 (0x1 << 3) /* Rotary Encoder1 Enable */
53 #define KPC_REE0 (0x1 << 2) /* Rotary Encoder0 Enable */
54 #define KPC_DE (0x1 << 1) /* Direct Keypad Enable */
55 #define KPC_DIE (0x1 << 0) /* Direct Keypad interrupt Enable */
57 #define KPDK_DKP (0x1 << 31)
58 #define KPDK_DK7 (0x1 << 7)
59 #define KPDK_DK6 (0x1 << 6)
60 #define KPDK_DK5 (0x1 << 5)
61 #define KPDK_DK4 (0x1 << 4)
62 #define KPDK_DK3 (0x1 << 3)
63 #define KPDK_DK2 (0x1 << 2)
64 #define KPDK_DK1 (0x1 << 1)
65 #define KPDK_DK0 (0x1 << 0)
67 #define KPREC_OF1 (0x1 << 31)
68 #define KPREC_UF1 (0x1 << 30)
69 #define KPREC_OF0 (0x1 << 15)
70 #define KPREC_UF0 (0x1 << 14)
72 #define KPMK_MKP (0x1 << 31)
73 #define KPAS_SO (0x1 << 31)
74 #define KPASMKPx_SO (0x1 << 31)
77 #define KPASMKPx_MKC(row, col) (1 << (row + 16 * (col % 2)))
79 #define PXAKBD_MAXROW 8
80 #define PXAKBD_MAXCOL 8
82 struct PXA2xxKeyPadState {
83 qemu_irq irq;
84 struct keymap *map;
86 uint32_t kpc;
87 uint32_t kpdk;
88 uint32_t kprec;
89 uint32_t kpmk;
90 uint32_t kpas;
91 uint32_t kpasmkp0;
92 uint32_t kpasmkp1;
93 uint32_t kpasmkp2;
94 uint32_t kpasmkp3;
95 uint32_t kpkdi;
98 static void pxa27x_keyboard_event (PXA2xxKeyPadState *kp, int keycode)
100 int row, col,rel;
102 if(!(kp->kpc & KPC_ME)) /* skip if not enabled */
103 return;
105 if(kp->kpc & KPC_AS || kp->kpc & KPC_ASACT) {
106 if(kp->kpc & KPC_AS)
107 kp->kpc &= ~(KPC_AS);
109 rel = (keycode & 0x80) ? 1 : 0; /* key release from qemu */
110 keycode &= ~(0x80); /* strip qemu key release bit */
111 row = kp->map[keycode].row;
112 col = kp->map[keycode].column;
113 if(row == -1 || col == -1)
114 return;
115 switch (col) {
116 case 0:
117 case 1:
118 if(rel)
119 kp->kpasmkp0 = ~(0xffffffff);
120 else
121 kp->kpasmkp0 |= KPASMKPx_MKC(row,col);
122 break;
123 case 2:
124 case 3:
125 if(rel)
126 kp->kpasmkp1 = ~(0xffffffff);
127 else
128 kp->kpasmkp1 |= KPASMKPx_MKC(row,col);
129 break;
130 case 4:
131 case 5:
132 if(rel)
133 kp->kpasmkp2 = ~(0xffffffff);
134 else
135 kp->kpasmkp2 |= KPASMKPx_MKC(row,col);
136 break;
137 case 6:
138 case 7:
139 if(rel)
140 kp->kpasmkp3 = ~(0xffffffff);
141 else
142 kp->kpasmkp3 |= KPASMKPx_MKC(row,col);
143 break;
144 } /* switch */
145 goto out;
147 return;
149 out:
150 if(kp->kpc & KPC_MIE) {
151 kp->kpc |= KPC_MI;
152 qemu_irq_raise(kp->irq);
154 return;
157 static uint32_t pxa2xx_keypad_read(void *opaque, target_phys_addr_t offset)
159 PXA2xxKeyPadState *s = (PXA2xxKeyPadState *) opaque;
160 uint32_t tmp;
162 switch (offset) {
163 case KPC:
164 tmp = s->kpc;
165 if(tmp & KPC_MI)
166 s->kpc &= ~(KPC_MI);
167 if(tmp & KPC_DI)
168 s->kpc &= ~(KPC_DI);
169 qemu_irq_lower(s->irq);
170 return tmp;
171 break;
172 case KPDK:
173 return s->kpdk;
174 break;
175 case KPREC:
176 tmp = s->kprec;
177 if(tmp & KPREC_OF1)
178 s->kprec &= ~(KPREC_OF1);
179 if(tmp & KPREC_UF1)
180 s->kprec &= ~(KPREC_UF1);
181 if(tmp & KPREC_OF0)
182 s->kprec &= ~(KPREC_OF0);
183 if(tmp & KPREC_UF0)
184 s->kprec &= ~(KPREC_UF0);
185 return tmp;
186 break;
187 case KPMK:
188 tmp = s->kpmk;
189 if(tmp & KPMK_MKP)
190 s->kpmk &= ~(KPMK_MKP);
191 return tmp;
192 break;
193 case KPAS:
194 return s->kpas;
195 break;
196 case KPASMKP0:
197 return s->kpasmkp0;
198 break;
199 case KPASMKP1:
200 return s->kpasmkp1;
201 break;
202 case KPASMKP2:
203 return s->kpasmkp2;
204 break;
205 case KPASMKP3:
206 return s->kpasmkp3;
207 break;
208 case KPKDI:
209 return s->kpkdi;
210 break;
211 default:
212 hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
215 return 0;
218 static void pxa2xx_keypad_write(void *opaque,
219 target_phys_addr_t offset, uint32_t value)
221 PXA2xxKeyPadState *s = (PXA2xxKeyPadState *) opaque;
223 switch (offset) {
224 case KPC:
225 s->kpc = value;
226 break;
227 case KPDK:
228 s->kpdk = value;
229 break;
230 case KPREC:
231 s->kprec = value;
232 break;
233 case KPMK:
234 s->kpmk = value;
235 break;
236 case KPAS:
237 s->kpas = value;
238 break;
239 case KPASMKP0:
240 s->kpasmkp0 = value;
241 break;
242 case KPASMKP1:
243 s->kpasmkp1 = value;
244 break;
245 case KPASMKP2:
246 s->kpasmkp2 = value;
247 break;
248 case KPASMKP3:
249 s->kpasmkp3 = value;
250 break;
251 case KPKDI:
252 s->kpkdi = value;
253 break;
255 default:
256 hw_error("%s: Bad offset " REG_FMT "\n", __FUNCTION__, offset);
260 static CPUReadMemoryFunc * const pxa2xx_keypad_readfn[] = {
261 pxa2xx_keypad_read,
262 pxa2xx_keypad_read,
263 pxa2xx_keypad_read
266 static CPUWriteMemoryFunc * const pxa2xx_keypad_writefn[] = {
267 pxa2xx_keypad_write,
268 pxa2xx_keypad_write,
269 pxa2xx_keypad_write
272 static void pxa2xx_keypad_save(QEMUFile *f, void *opaque)
274 PXA2xxKeyPadState *s = (PXA2xxKeyPadState *) opaque;
276 qemu_put_be32s(f, &s->kpc);
277 qemu_put_be32s(f, &s->kpdk);
278 qemu_put_be32s(f, &s->kprec);
279 qemu_put_be32s(f, &s->kpmk);
280 qemu_put_be32s(f, &s->kpas);
281 qemu_put_be32s(f, &s->kpasmkp0);
282 qemu_put_be32s(f, &s->kpasmkp1);
283 qemu_put_be32s(f, &s->kpasmkp2);
284 qemu_put_be32s(f, &s->kpasmkp3);
285 qemu_put_be32s(f, &s->kpkdi);
289 static int pxa2xx_keypad_load(QEMUFile *f, void *opaque, int version_id)
291 PXA2xxKeyPadState *s = (PXA2xxKeyPadState *) opaque;
293 qemu_get_be32s(f, &s->kpc);
294 qemu_get_be32s(f, &s->kpdk);
295 qemu_get_be32s(f, &s->kprec);
296 qemu_get_be32s(f, &s->kpmk);
297 qemu_get_be32s(f, &s->kpas);
298 qemu_get_be32s(f, &s->kpasmkp0);
299 qemu_get_be32s(f, &s->kpasmkp1);
300 qemu_get_be32s(f, &s->kpasmkp2);
301 qemu_get_be32s(f, &s->kpasmkp3);
302 qemu_get_be32s(f, &s->kpkdi);
304 return 0;
307 PXA2xxKeyPadState *pxa27x_keypad_init(target_phys_addr_t base,
308 qemu_irq irq)
310 int iomemtype;
311 PXA2xxKeyPadState *s;
313 s = (PXA2xxKeyPadState *) qemu_mallocz(sizeof(PXA2xxKeyPadState));
314 s->irq = irq;
316 iomemtype = cpu_register_io_memory(pxa2xx_keypad_readfn,
317 pxa2xx_keypad_writefn, s);
318 cpu_register_physical_memory(base, 0x00100000, iomemtype);
320 register_savevm("pxa2xx_keypad", 0, 0,
321 pxa2xx_keypad_save, pxa2xx_keypad_load, s);
323 return s;
326 void pxa27x_register_keypad(PXA2xxKeyPadState *kp, struct keymap *map,
327 int size)
329 if(!map || size < 0x80) {
330 fprintf(stderr, "%s - No PXA keypad map defined\n", __FUNCTION__);
331 exit(-1);
334 kp->map = map;
335 qemu_add_kbd_event_handler((QEMUPutKBDEvent *) pxa27x_keyboard_event, kp);