lsi: Fix value overflow in request tag processing
[qemu/mdroth.git] / hw / pl050.c
bloba47786cb0a8affd61f41a35b0b72267f61cc1bac
1 /*
2 * Arm PrimeCell PL050 Keyboard / Mouse Interface
4 * Copyright (c) 2006-2007 CodeSourcery.
5 * Written by Paul Brook
7 * This code is licenced under the GPL.
8 */
10 #include "sysbus.h"
11 #include "ps2.h"
13 typedef struct {
14 SysBusDevice busdev;
15 void *dev;
16 uint32_t cr;
17 uint32_t clk;
18 uint32_t last;
19 int pending;
20 qemu_irq irq;
21 int is_mouse;
22 } pl050_state;
24 #define PL050_TXEMPTY (1 << 6)
25 #define PL050_TXBUSY (1 << 5)
26 #define PL050_RXFULL (1 << 4)
27 #define PL050_RXBUSY (1 << 3)
28 #define PL050_RXPARITY (1 << 2)
29 #define PL050_KMIC (1 << 1)
30 #define PL050_KMID (1 << 0)
32 static const unsigned char pl050_id[] =
33 { 0x50, 0x10, 0x04, 0x00, 0x0d, 0xf0, 0x05, 0xb1 };
35 static void pl050_update(void *opaque, int level)
37 pl050_state *s = (pl050_state *)opaque;
38 int raise;
40 s->pending = level;
41 raise = (s->pending && (s->cr & 0x10) != 0)
42 || (s->cr & 0x08) != 0;
43 qemu_set_irq(s->irq, raise);
46 static uint32_t pl050_read(void *opaque, target_phys_addr_t offset)
48 pl050_state *s = (pl050_state *)opaque;
49 if (offset >= 0xfe0 && offset < 0x1000)
50 return pl050_id[(offset - 0xfe0) >> 2];
52 switch (offset >> 2) {
53 case 0: /* KMICR */
54 return s->cr;
55 case 1: /* KMISTAT */
57 uint8_t val;
58 uint32_t stat;
60 val = s->last;
61 val = val ^ (val >> 4);
62 val = val ^ (val >> 2);
63 val = (val ^ (val >> 1)) & 1;
65 stat = PL050_TXEMPTY;
66 if (val)
67 stat |= PL050_RXPARITY;
68 if (s->pending)
69 stat |= PL050_RXFULL;
71 return stat;
73 case 2: /* KMIDATA */
74 if (s->pending)
75 s->last = ps2_read_data(s->dev);
76 return s->last;
77 case 3: /* KMICLKDIV */
78 return s->clk;
79 case 4: /* KMIIR */
80 return s->pending | 2;
81 default:
82 hw_error("pl050_read: Bad offset %x\n", (int)offset);
83 return 0;
87 static void pl050_write(void *opaque, target_phys_addr_t offset,
88 uint32_t value)
90 pl050_state *s = (pl050_state *)opaque;
91 switch (offset >> 2) {
92 case 0: /* KMICR */
93 s->cr = value;
94 pl050_update(s, s->pending);
95 /* ??? Need to implement the enable/disable bit. */
96 break;
97 case 2: /* KMIDATA */
98 /* ??? This should toggle the TX interrupt line. */
99 /* ??? This means kbd/mouse can block each other. */
100 if (s->is_mouse) {
101 ps2_write_mouse(s->dev, value);
102 } else {
103 ps2_write_keyboard(s->dev, value);
105 break;
106 case 3: /* KMICLKDIV */
107 s->clk = value;
108 return;
109 default:
110 hw_error("pl050_write: Bad offset %x\n", (int)offset);
113 static CPUReadMemoryFunc * const pl050_readfn[] = {
114 pl050_read,
115 pl050_read,
116 pl050_read
119 static CPUWriteMemoryFunc * const pl050_writefn[] = {
120 pl050_write,
121 pl050_write,
122 pl050_write
125 static int pl050_init(SysBusDevice *dev, int is_mouse)
127 pl050_state *s = FROM_SYSBUS(pl050_state, dev);
128 int iomemtype;
130 iomemtype = cpu_register_io_memory(pl050_readfn,
131 pl050_writefn, s);
132 sysbus_init_mmio(dev, 0x1000, iomemtype);
133 sysbus_init_irq(dev, &s->irq);
134 s->is_mouse = is_mouse;
135 if (s->is_mouse)
136 s->dev = ps2_mouse_init(pl050_update, s);
137 else
138 s->dev = ps2_kbd_init(pl050_update, s);
139 /* ??? Save/restore. */
140 return 0;
143 static int pl050_init_keyboard(SysBusDevice *dev)
145 return pl050_init(dev, 0);
148 static int pl050_init_mouse(SysBusDevice *dev)
150 return pl050_init(dev, 1);
153 static void pl050_register_devices(void)
155 sysbus_register_dev("pl050_keyboard", sizeof(pl050_state),
156 pl050_init_keyboard);
157 sysbus_register_dev("pl050_mouse", sizeof(pl050_state),
158 pl050_init_mouse);
161 device_init(pl050_register_devices)