Commit Graph

28 Commits

Author SHA1 Message Date
Michael S. Tsirkin
d8d0a0bc7e pl022: fix buffer overun on invalid state load
CVE-2013-4530

pl022.c did not bounds check tx_fifo_head and
rx_fifo_head after loading them from file and
before they are used to dereference array.

Reported-by: Michael S. Tsirkin <mst@redhat.com
Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05 22:15:02 +02:00
Peter Crosthwaite
d43269dddc ssi: Convert legacy SSI_BUS -> BUS casts
Remove two legacy ->qbus style casts from TYPE_SSI_BUS to TYPE_BUS in
ssi.c.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[AF: Convert one missing ->qbus and rename parent field]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-12 20:13:02 +01:00
Peter Crosthwaite
1a7d9ee6dd ssi: Convert legacy SSI_SLAVE -> DEVICE casts
Convert legacy ->qdev style casts from TYPE_SSI_SLAVE to TYPE_DEVICE.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
[AF: Introduce local DeviceState variable for transition to QOM realize]
Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-12 20:13:02 +01:00
Peter Maydell
c8f8f9fb2b hw/ssi/xilinx_spips.c: Avoid shifting left into sign bit
Add missing 'U' suffix to avoid shifting left into sign bit of
a signed integer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1392988008-15938-4-git-send-email-peter.maydell@linaro.org
2014-03-10 14:56:30 +00:00
Andreas Färber
3efc10e17d xilinx_spi: QOM cast cleanup
Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-07-29 21:07:01 +02:00
Andreas Färber
3d29bceec1 pl022: QOM cast cleanup
Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-07-29 21:07:01 +02:00
Andreas Färber
ce556e0baf pl022: Rename pl022_state to PL022State
Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-07-29 21:07:01 +02:00
Paolo Bonzini
2977673992 hw/s*: pass owner to memory_region_init* functions
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-07-04 17:42:48 +02:00
Paolo Bonzini
2c9b15cab1 memory: add owner argument to initialization functions
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-07-04 17:42:44 +02:00
Andreas Färber
fef7fbc924 qdev: Drop FROM_QBUS() macro
Use QOM cast macros I2C_BUS(), SSI_BUS(), PCI_BUS() instead.

Signed-off-by: Andreas Färber <afaerber@suse.de>
2013-06-07 14:55:33 +02:00
Peter Crosthwaite
b0b7ae6259 xilinx_spips: lqspi: Fix byte/misaligned access
The LQSPI bus attachment supports byte/halfword and misaligned
accesses. Fixed. Refactored the LQSPI cache to be byte-wise
instead of word wise accordingly.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: 5ec47b13563ad2d22105a1f26186d7756718394b.1369117359.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-03 17:17:44 +01:00
Peter Crosthwaite
a66418f6f1 xilinx_spips: lqspi: Push more data to tx-fifo
Do 16 words per fifo flush. Increases performance and decreases
debug verbosity. This data depth has no real hardware analogue,
so just go with something that has reasonable performance.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: 5621ee4621941d3639b5cacfdec26bd3148f31d5.1369117359.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-03 17:17:44 +01:00
Peter Crosthwaite
4a5b6fa8d9 xilinx_spips: Multiple debug verbosity levels
The debug printfs on every SPI operation is extremely verbose. Add
a second level of debug for this.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: f63478b8e5b29cc011cdc10e29f8537bb2fc2b5e.1369117359.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-03 17:17:43 +01:00
Peter Crosthwaite
c37fc509d2 xilinx_spips: Debug msgs for Snoop state
This is worth keeping track of when debugging the device model.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: d3b44ecf23d671798b062eee5dc362c716ea54cd.1369117359.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-03 17:17:43 +01:00
Peter Crosthwaite
9151da25a7 xilinx_spips: Fix striping behaviour
The QSPI controller was using byte-wide stripes when striping across
the two flashes in dual parallel mode. The real hardware however uses
individual bit striping. QEMU misbehaves in the (corner) case where
data is written/read in dual-parallel mode and read/written back in
single mode.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: 718a61df1bf746ec06f6da44d12f8317af7b08ce.1369117359.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-03 17:17:43 +01:00
Peter Crosthwaite
2133a5f6b8 xilinx_spips: Fix CTRL register RW bits
The CTRL register was RAZ/WI on some of the RW bits. Even though the
function behind these bits is invalid in QEMU, they should still be
guest accessible. Fix.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: b7aaad93163ce4af0c428635804ac7b77a567b25.1369117359.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-03 17:17:43 +01:00
Peter Crosthwaite
15408b428f xilinx_spips: lqspi: Dont touch config register
The LQSPI mode is supposed to work via the automatic CS mode feature
rather than manipulate CS lines itself. Now that auto CS is implemented
remove LQSPIs CS mode override logic. There is still a need to
manipulate the U_PAGE bit in LQSPI config register to implement
dual-stack mode however.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: 000c8dd54df09523f17052638100722ef0f5a3af.1369117359.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-03 17:17:43 +01:00
Peter Crosthwaite
c4f08ffe13 xilinx_spips: Implement automatic CS
Implement the automatic CS control feature. If the MANUAL_CS bit is
cleared then the chip select stay de-asserted as long as the tx FIFO
is empty.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: 1d67383adc42761af715a93f161344b9284dfc9a.1369117359.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-03 17:17:42 +01:00
Peter Crosthwaite
e100f3be0c xilinx_spips: Add automatic start support
SPI has a mode where it automatically starts based on tx fifo
occupancy. Implemented.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: f4e9accb5de87b526fff6ed937f63278db76533b.1369117359.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-03 17:17:42 +01:00
Peter Crosthwaite
b5cd9143e7 xilinx_spips: Trash LQ page cache on mode change
Invalidate the LQSPI cached page when transitioning into LQSPI mode.
Otherwise there is a possibility that the controller will return stale
data to the guest when transitioning back to LQ_MODE after a page
program.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: 677490a6ee1953fe5d366e599d665de645ac84db.1369117359.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-03 17:17:42 +01:00
Peter Crosthwaite
10e60b35d0 xilinx_spips: Fix QSPI FIFO size
QSPI has a bigger FIFO than the regular SPI controller. Differentiate
between the two with correct FIFO sizes for each.

This is the first piece of class data for SPIPS, so this patch sees
the creation of the XilinxSPIPSClass definition and assoicated QOM
constructs.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: acee25dd5e203215cbc15ca5d3cb5d5b2efebe7b.1369117359.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-03 17:17:42 +01:00
Peter Crosthwaite
abef5fa643 xilinx_spips: Add verbose LQSPI debug output
You really need this is you want to track a guest banging on LQSPI.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: 26e508da4af11058d37daa777064c9e5c2a69abb.1369117359.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-03 17:17:41 +01:00
Peter Crosthwaite
3ea728d0c8 xilinx_spips: Inhibit interrupts in LQSPI mode
The real hardware does not produce interrupts in LQSPI mode. Inhibit
generation of interrupts when the LQ_MODE bit is set.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: dff794a06872009ea7e5733ce6adcff94d18bbd0.1369117359.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-03 17:17:41 +01:00
Peter Crosthwaite
87920b44a1 xilinx_spips: Make interrupts clear on read
By default these interrupts are clear on read.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: 999ff0091ed3cc3969a431bf55c00ef934cecc8e.1369117359.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-03 17:17:41 +01:00
Peter Crosthwaite
6b91f0155b xilinx_spips: seperate SPI and QSPI as two classes
Make SPI and QSPI different classes. QSPIPS is setup as a child of SPIPS.
Only QSPI has the LQSPI functionality, so move all that to the child class.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Message-id: 2cdd0cadb5ba77ca02fde5cae627852dc9a64c71.1369117359.git.peter.crosthwaite@xilinx.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2013-06-03 17:17:41 +01:00
Paolo Bonzini
31e1706082 hw: move SSI controllers to hw/ssi/, configure via default-configs/
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-04-08 18:13:13 +02:00
Paolo Bonzini
49ab747f66 hw: move target-independent files to subdirectories
This patch tackles all files that are compiled once, moving
them to subdirectories of hw/.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-04-08 18:13:12 +02:00
Paolo Bonzini
1fd6bb44ed hw: make subdirectories for devices
Prepare the new directory structure.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2013-04-08 18:13:11 +02:00