mirror of
https://github.com/qemu/qemu.git
synced 2024-12-14 23:13:29 +08:00
f867cebaed
Add ppc-parity mmio write method to avoid NULL pointer dereference issue. Reported-by: Lei Sun <slei.casper@gmail.com> Acked-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Reviewed-by: Li Qiang <liq3ea@gmail.com> Message-Id: <20200811114133.672647-5-ppandit@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
316 lines
9.5 KiB
C
316 lines
9.5 KiB
C
/*
|
|
* QEMU PReP System I/O emulation
|
|
*
|
|
* Copyright (c) 2017 Hervé Poussineau
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
* THE SOFTWARE.
|
|
*/
|
|
|
|
#include "qemu/osdep.h"
|
|
#include "qemu/log.h"
|
|
#include "hw/irq.h"
|
|
#include "hw/isa/isa.h"
|
|
#include "hw/qdev-properties.h"
|
|
#include "migration/vmstate.h"
|
|
#include "exec/address-spaces.h"
|
|
#include "qom/object.h"
|
|
#include "qemu/error-report.h" /* for error_report() */
|
|
#include "qemu/module.h"
|
|
#include "sysemu/runstate.h"
|
|
#include "cpu.h"
|
|
#include "trace.h"
|
|
|
|
#define TYPE_PREP_SYSTEMIO "prep-systemio"
|
|
OBJECT_DECLARE_SIMPLE_TYPE(PrepSystemIoState, PREP_SYSTEMIO)
|
|
|
|
/* Bit as defined in PowerPC Reference Plaform v1.1, sect. 6.1.5, p. 132 */
|
|
#define PREP_BIT(n) (1 << (7 - (n)))
|
|
|
|
struct PrepSystemIoState {
|
|
ISADevice parent_obj;
|
|
MemoryRegion ppc_parity_mem;
|
|
|
|
qemu_irq non_contiguous_io_map_irq;
|
|
uint8_t sreset; /* 0x0092 */
|
|
uint8_t equipment; /* 0x080c */
|
|
uint8_t system_control; /* 0x081c */
|
|
uint8_t iomap_type; /* 0x0850 */
|
|
uint8_t ibm_planar_id; /* 0x0852 */
|
|
qemu_irq softreset_irq;
|
|
PortioList portio;
|
|
};
|
|
|
|
/* PORT 0092 -- Special Port 92 (Read/Write) */
|
|
|
|
enum {
|
|
PORT0092_SOFTRESET = PREP_BIT(7),
|
|
PORT0092_LE_MODE = PREP_BIT(6),
|
|
};
|
|
|
|
static void prep_port0092_write(void *opaque, uint32_t addr, uint32_t val)
|
|
{
|
|
PrepSystemIoState *s = opaque;
|
|
|
|
trace_prep_systemio_write(addr, val);
|
|
|
|
s->sreset = val & PORT0092_SOFTRESET;
|
|
qemu_set_irq(s->softreset_irq, s->sreset);
|
|
|
|
if ((val & PORT0092_LE_MODE) != 0) {
|
|
/* XXX Not supported yet */
|
|
error_report("little-endian mode not supported");
|
|
vm_stop(RUN_STATE_PAUSED);
|
|
} else {
|
|
/* Nothing to do */
|
|
}
|
|
}
|
|
|
|
static uint32_t prep_port0092_read(void *opaque, uint32_t addr)
|
|
{
|
|
PrepSystemIoState *s = opaque;
|
|
trace_prep_systemio_read(addr, s->sreset);
|
|
return s->sreset;
|
|
}
|
|
|
|
/* PORT 0808 -- Hardfile Light Register (Write Only) */
|
|
|
|
enum {
|
|
PORT0808_HARDFILE_LIGHT_ON = PREP_BIT(7),
|
|
};
|
|
|
|
static void prep_port0808_write(void *opaque, uint32_t addr, uint32_t val)
|
|
{
|
|
trace_prep_systemio_write(addr, val);
|
|
}
|
|
|
|
/* PORT 0810 -- Password Protect 1 Register (Write Only) */
|
|
|
|
/* reset by port 0x4D in the SIO */
|
|
static void prep_port0810_write(void *opaque, uint32_t addr, uint32_t val)
|
|
{
|
|
trace_prep_systemio_write(addr, val);
|
|
}
|
|
|
|
/* PORT 0812 -- Password Protect 2 Register (Write Only) */
|
|
|
|
/* reset by port 0x4D in the SIO */
|
|
static void prep_port0812_write(void *opaque, uint32_t addr, uint32_t val)
|
|
{
|
|
trace_prep_systemio_write(addr, val);
|
|
}
|
|
|
|
/* PORT 0814 -- L2 Invalidate Register (Write Only) */
|
|
|
|
static void prep_port0814_write(void *opaque, uint32_t addr, uint32_t val)
|
|
{
|
|
trace_prep_systemio_write(addr, val);
|
|
}
|
|
|
|
/* PORT 0818 -- Reserved for Keylock (Read Only) */
|
|
|
|
enum {
|
|
PORT0818_KEYLOCK_SIGNAL_HIGH = PREP_BIT(7),
|
|
};
|
|
|
|
static uint32_t prep_port0818_read(void *opaque, uint32_t addr)
|
|
{
|
|
uint32_t val = 0;
|
|
trace_prep_systemio_read(addr, val);
|
|
return val;
|
|
}
|
|
|
|
/* PORT 080C -- Equipment */
|
|
|
|
enum {
|
|
PORT080C_SCSIFUSE = PREP_BIT(1),
|
|
PORT080C_L2_COPYBACK = PREP_BIT(4),
|
|
PORT080C_L2_256 = PREP_BIT(5),
|
|
PORT080C_UPGRADE_CPU = PREP_BIT(6),
|
|
PORT080C_L2 = PREP_BIT(7),
|
|
};
|
|
|
|
static uint32_t prep_port080c_read(void *opaque, uint32_t addr)
|
|
{
|
|
PrepSystemIoState *s = opaque;
|
|
trace_prep_systemio_read(addr, s->equipment);
|
|
return s->equipment;
|
|
}
|
|
|
|
/* PORT 081C -- System Control Register (Read/Write) */
|
|
|
|
enum {
|
|
PORT081C_FLOPPY_MOTOR_INHIBIT = PREP_BIT(3),
|
|
PORT081C_MASK_TEA = PREP_BIT(2),
|
|
PORT081C_L2_UPDATE_INHIBIT = PREP_BIT(1),
|
|
PORT081C_L2_CACHEMISS_INHIBIT = PREP_BIT(0),
|
|
};
|
|
|
|
static void prep_port081c_write(void *opaque, uint32_t addr, uint32_t val)
|
|
{
|
|
static const uint8_t mask = PORT081C_FLOPPY_MOTOR_INHIBIT |
|
|
PORT081C_MASK_TEA |
|
|
PORT081C_L2_UPDATE_INHIBIT |
|
|
PORT081C_L2_CACHEMISS_INHIBIT;
|
|
PrepSystemIoState *s = opaque;
|
|
trace_prep_systemio_write(addr, val);
|
|
s->system_control = val & mask;
|
|
}
|
|
|
|
static uint32_t prep_port081c_read(void *opaque, uint32_t addr)
|
|
{
|
|
PrepSystemIoState *s = opaque;
|
|
trace_prep_systemio_read(addr, s->system_control);
|
|
return s->system_control;
|
|
}
|
|
|
|
/* System Board Identification */
|
|
|
|
static uint32_t prep_port0852_read(void *opaque, uint32_t addr)
|
|
{
|
|
PrepSystemIoState *s = opaque;
|
|
trace_prep_systemio_read(addr, s->ibm_planar_id);
|
|
return s->ibm_planar_id;
|
|
}
|
|
|
|
/* PORT 0850 -- I/O Map Type Register (Read/Write) */
|
|
|
|
enum {
|
|
PORT0850_IOMAP_NONCONTIGUOUS = PREP_BIT(7),
|
|
};
|
|
|
|
static uint32_t prep_port0850_read(void *opaque, uint32_t addr)
|
|
{
|
|
PrepSystemIoState *s = opaque;
|
|
trace_prep_systemio_read(addr, s->iomap_type);
|
|
return s->iomap_type;
|
|
}
|
|
|
|
static void prep_port0850_write(void *opaque, uint32_t addr, uint32_t val)
|
|
{
|
|
PrepSystemIoState *s = opaque;
|
|
|
|
trace_prep_systemio_write(addr, val);
|
|
qemu_set_irq(s->non_contiguous_io_map_irq,
|
|
val & PORT0850_IOMAP_NONCONTIGUOUS);
|
|
s->iomap_type = val & PORT0850_IOMAP_NONCONTIGUOUS;
|
|
}
|
|
|
|
static const MemoryRegionPortio ppc_io800_port_list[] = {
|
|
{ 0x092, 1, 1, .read = prep_port0092_read,
|
|
.write = prep_port0092_write, },
|
|
{ 0x808, 1, 1, .write = prep_port0808_write, },
|
|
{ 0x80c, 1, 1, .read = prep_port080c_read, },
|
|
{ 0x810, 1, 1, .write = prep_port0810_write, },
|
|
{ 0x812, 1, 1, .write = prep_port0812_write, },
|
|
{ 0x814, 1, 1, .write = prep_port0814_write, },
|
|
{ 0x818, 1, 1, .read = prep_port0818_read },
|
|
{ 0x81c, 1, 1, .read = prep_port081c_read,
|
|
.write = prep_port081c_write, },
|
|
{ 0x850, 1, 1, .read = prep_port0850_read,
|
|
.write = prep_port0850_write, },
|
|
{ 0x852, 1, 1, .read = prep_port0852_read, },
|
|
PORTIO_END_OF_LIST()
|
|
};
|
|
|
|
static uint64_t ppc_parity_error_readl(void *opaque, hwaddr addr,
|
|
unsigned int size)
|
|
{
|
|
uint32_t val = 0;
|
|
trace_prep_systemio_read((unsigned int)addr, val);
|
|
return val;
|
|
}
|
|
|
|
static void ppc_parity_error_writel(void *opaque, hwaddr addr,
|
|
uint64_t data, unsigned size)
|
|
{
|
|
qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid access\n", __func__);
|
|
}
|
|
|
|
static const MemoryRegionOps ppc_parity_error_ops = {
|
|
.read = ppc_parity_error_readl,
|
|
.write = ppc_parity_error_writel,
|
|
.valid = {
|
|
.min_access_size = 4,
|
|
.max_access_size = 4,
|
|
},
|
|
};
|
|
|
|
static void prep_systemio_realize(DeviceState *dev, Error **errp)
|
|
{
|
|
ISADevice *isa = ISA_DEVICE(dev);
|
|
PrepSystemIoState *s = PREP_SYSTEMIO(dev);
|
|
PowerPCCPU *cpu;
|
|
|
|
qdev_init_gpio_out(dev, &s->non_contiguous_io_map_irq, 1);
|
|
s->iomap_type = PORT0850_IOMAP_NONCONTIGUOUS;
|
|
qemu_set_irq(s->non_contiguous_io_map_irq,
|
|
s->iomap_type & PORT0850_IOMAP_NONCONTIGUOUS);
|
|
cpu = POWERPC_CPU(first_cpu);
|
|
s->softreset_irq = cpu->env.irq_inputs[PPC6xx_INPUT_HRESET];
|
|
|
|
isa_register_portio_list(isa, &s->portio, 0x0, ppc_io800_port_list, s,
|
|
"systemio800");
|
|
|
|
memory_region_init_io(&s->ppc_parity_mem, OBJECT(dev),
|
|
&ppc_parity_error_ops, s, "ppc-parity", 0x4);
|
|
memory_region_add_subregion(get_system_memory(), 0xbfffeff0,
|
|
&s->ppc_parity_mem);
|
|
}
|
|
|
|
static const VMStateDescription vmstate_prep_systemio = {
|
|
.name = "prep_systemio",
|
|
.version_id = 1,
|
|
.minimum_version_id = 1,
|
|
.fields = (VMStateField[]) {
|
|
VMSTATE_UINT8(sreset, PrepSystemIoState),
|
|
VMSTATE_UINT8(system_control, PrepSystemIoState),
|
|
VMSTATE_UINT8(iomap_type, PrepSystemIoState),
|
|
VMSTATE_END_OF_LIST()
|
|
},
|
|
};
|
|
|
|
static Property prep_systemio_properties[] = {
|
|
DEFINE_PROP_UINT8("ibm-planar-id", PrepSystemIoState, ibm_planar_id, 0),
|
|
DEFINE_PROP_UINT8("equipment", PrepSystemIoState, equipment, 0),
|
|
DEFINE_PROP_END_OF_LIST()
|
|
};
|
|
|
|
static void prep_systemio_class_initfn(ObjectClass *klass, void *data)
|
|
{
|
|
DeviceClass *dc = DEVICE_CLASS(klass);
|
|
|
|
dc->realize = prep_systemio_realize;
|
|
dc->vmsd = &vmstate_prep_systemio;
|
|
device_class_set_props(dc, prep_systemio_properties);
|
|
}
|
|
|
|
static TypeInfo prep_systemio800_info = {
|
|
.name = TYPE_PREP_SYSTEMIO,
|
|
.parent = TYPE_ISA_DEVICE,
|
|
.instance_size = sizeof(PrepSystemIoState),
|
|
.class_init = prep_systemio_class_initfn,
|
|
};
|
|
|
|
static void prep_systemio_register_types(void)
|
|
{
|
|
type_register_static(&prep_systemio800_info);
|
|
}
|
|
|
|
type_init(prep_systemio_register_types)
|