scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952)
[qemu.git] / target-tricore / cpu.c
1 /*
2 * TriCore emulation for qemu: main translation routines.
3 *
4 * Copyright (c) 2012-2014 Bastian Koppelmann C-Lab/University Paderborn
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "qemu/osdep.h"
21 #include "qapi/error.h"
22 #include "cpu.h"
23 #include "qemu-common.h"
24 #include "exec/exec-all.h"
25
26 static inline void set_feature(CPUTriCoreState *env, int feature)
27 {
28 env->features |= 1ULL << feature;
29 }
30
31 static void tricore_cpu_set_pc(CPUState *cs, vaddr value)
32 {
33 TriCoreCPU *cpu = TRICORE_CPU(cs);
34 CPUTriCoreState *env = &cpu->env;
35
36 env->PC = value & ~(target_ulong)1;
37 }
38
39 static void tricore_cpu_synchronize_from_tb(CPUState *cs,
40 TranslationBlock *tb)
41 {
42 TriCoreCPU *cpu = TRICORE_CPU(cs);
43 CPUTriCoreState *env = &cpu->env;
44
45 env->PC = tb->pc;
46 }
47
48 static void tricore_cpu_reset(CPUState *s)
49 {
50 TriCoreCPU *cpu = TRICORE_CPU(s);
51 TriCoreCPUClass *tcc = TRICORE_CPU_GET_CLASS(cpu);
52 CPUTriCoreState *env = &cpu->env;
53
54 tcc->parent_reset(s);
55
56 tlb_flush(s, 1);
57
58 cpu_state_reset(env);
59 }
60
61 static bool tricore_cpu_has_work(CPUState *cs)
62 {
63 return true;
64 }
65
66 static void tricore_cpu_realizefn(DeviceState *dev, Error **errp)
67 {
68 CPUState *cs = CPU(dev);
69 TriCoreCPU *cpu = TRICORE_CPU(dev);
70 TriCoreCPUClass *tcc = TRICORE_CPU_GET_CLASS(dev);
71 CPUTriCoreState *env = &cpu->env;
72
73 /* Some features automatically imply others */
74 if (tricore_feature(env, TRICORE_FEATURE_161)) {
75 set_feature(env, TRICORE_FEATURE_16);
76 }
77
78 if (tricore_feature(env, TRICORE_FEATURE_16)) {
79 set_feature(env, TRICORE_FEATURE_131);
80 }
81 if (tricore_feature(env, TRICORE_FEATURE_131)) {
82 set_feature(env, TRICORE_FEATURE_13);
83 }
84 cpu_reset(cs);
85 qemu_init_vcpu(cs);
86
87 tcc->parent_realize(dev, errp);
88 }
89
90
91 static void tricore_cpu_initfn(Object *obj)
92 {
93 CPUState *cs = CPU(obj);
94 TriCoreCPU *cpu = TRICORE_CPU(obj);
95 CPUTriCoreState *env = &cpu->env;
96
97 cs->env_ptr = env;
98 cpu_exec_init(cs, &error_abort);
99
100 if (tcg_enabled()) {
101 tricore_tcg_init();
102 }
103 }
104
105 static ObjectClass *tricore_cpu_class_by_name(const char *cpu_model)
106 {
107 ObjectClass *oc;
108 char *typename;
109
110 if (!cpu_model) {
111 return NULL;
112 }
113
114 typename = g_strdup_printf("%s-" TYPE_TRICORE_CPU, cpu_model);
115 oc = object_class_by_name(typename);
116 g_free(typename);
117 if (!oc || !object_class_dynamic_cast(oc, TYPE_TRICORE_CPU) ||
118 object_class_is_abstract(oc)) {
119 return NULL;
120 }
121 return oc;
122 }
123
124 static void tc1796_initfn(Object *obj)
125 {
126 TriCoreCPU *cpu = TRICORE_CPU(obj);
127
128 set_feature(&cpu->env, TRICORE_FEATURE_13);
129 }
130
131 static void tc1797_initfn(Object *obj)
132 {
133 TriCoreCPU *cpu = TRICORE_CPU(obj);
134
135 set_feature(&cpu->env, TRICORE_FEATURE_131);
136 }
137
138 static void tc27x_initfn(Object *obj)
139 {
140 TriCoreCPU *cpu = TRICORE_CPU(obj);
141
142 set_feature(&cpu->env, TRICORE_FEATURE_161);
143 }
144
145 typedef struct TriCoreCPUInfo {
146 const char *name;
147 void (*initfn)(Object *obj);
148 void (*class_init)(ObjectClass *oc, void *data);
149 } TriCoreCPUInfo;
150
151 static const TriCoreCPUInfo tricore_cpus[] = {
152 { .name = "tc1796", .initfn = tc1796_initfn },
153 { .name = "tc1797", .initfn = tc1797_initfn },
154 { .name = "tc27x", .initfn = tc27x_initfn },
155 { .name = NULL }
156 };
157
158 static void tricore_cpu_class_init(ObjectClass *c, void *data)
159 {
160 TriCoreCPUClass *mcc = TRICORE_CPU_CLASS(c);
161 CPUClass *cc = CPU_CLASS(c);
162 DeviceClass *dc = DEVICE_CLASS(c);
163
164 mcc->parent_realize = dc->realize;
165 dc->realize = tricore_cpu_realizefn;
166
167 mcc->parent_reset = cc->reset;
168 cc->reset = tricore_cpu_reset;
169 cc->class_by_name = tricore_cpu_class_by_name;
170 cc->has_work = tricore_cpu_has_work;
171
172 cc->dump_state = tricore_cpu_dump_state;
173 cc->set_pc = tricore_cpu_set_pc;
174 cc->synchronize_from_tb = tricore_cpu_synchronize_from_tb;
175
176 /*
177 * Reason: tricore_cpu_initfn() calls cpu_exec_init(), which saves
178 * the object in cpus -> dangling pointer after final
179 * object_unref().
180 */
181 dc->cannot_destroy_with_object_finalize_yet = true;
182 }
183
184 static void cpu_register(const TriCoreCPUInfo *info)
185 {
186 TypeInfo type_info = {
187 .parent = TYPE_TRICORE_CPU,
188 .instance_size = sizeof(TriCoreCPU),
189 .instance_init = info->initfn,
190 .class_size = sizeof(TriCoreCPUClass),
191 .class_init = info->class_init,
192 };
193
194 type_info.name = g_strdup_printf("%s-" TYPE_TRICORE_CPU, info->name);
195 type_register(&type_info);
196 g_free((void *)type_info.name);
197 }
198
199 static const TypeInfo tricore_cpu_type_info = {
200 .name = TYPE_TRICORE_CPU,
201 .parent = TYPE_CPU,
202 .instance_size = sizeof(TriCoreCPU),
203 .instance_init = tricore_cpu_initfn,
204 .abstract = true,
205 .class_size = sizeof(TriCoreCPUClass),
206 .class_init = tricore_cpu_class_init,
207 };
208
209 static void tricore_cpu_register_types(void)
210 {
211 const TriCoreCPUInfo *info = tricore_cpus;
212
213 type_register_static(&tricore_cpu_type_info);
214
215 while (info->name) {
216 cpu_register(info);
217 info++;
218 }
219 }
220
221 type_init(tricore_cpu_register_types)