david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hw/ds1338: Fix mishandling of register pointer

Browse Source 
Correct several deficiencies in the handling of the register pointer:
 * it should wrap around after 0x3f, not 0xff
 * guard against the caller handing us an out of range pointer
   (on h/w this can never happen, because only a 7 bit value is
   transferred over the I2C bus)
 * there was confusion over whether nvram[] holds only the 56 bytes
   of guest-accessible NVRAM, or also the secondary registers
   which hold the value of the clock captured at the start of a
   multibyte read. Correct to consistently be the latter, by fixing
   the array size and the offset used for NVRAM writes.
 * ds1338_send was attempting to use 'data' as both the data and
   the register offset simultaneously, which meant that writes to
   any register were broken; fix to use the register pointer.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2012-10-12 11:54:38 +01:00
parent 9ab1b6053f
commit ba4906a9b6
1 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
hw/ds1338.c
View File

@ -12,11 +12,16 @@
#include "i2c.h" #include "i2c.h"
/* Size of NVRAM including both the user-accessible area and the
* secondary register area.
*/
#define NVRAM_SIZE 64
typedef struct { typedef struct {
I2CSlave i2c; I2CSlave i2c;
time_t offset; time_t offset;
struct tm now; struct tm now;
uint8_t nvram[56]; uint8_t nvram[NVRAM_SIZE];
int ptr; int ptr;
int addr_byte; int addr_byte;
} DS1338State; } DS1338State;
@ -57,7 +62,7 @@ static int ds1338_recv(I2CSlave *i2c)
uint8_t res; uint8_t res;
res = s->nvram[s->ptr]; res = s->nvram[s->ptr];
s->ptr = (s->ptr + 1) & 0xff; s->ptr = (s->ptr + 1) & (NVRAM_SIZE - 1);
return res; return res;
} }
@ -65,14 +70,13 @@ static int ds1338_send(I2CSlave *i2c, uint8_t data)
{ {
DS1338State *s = FROM_I2C_SLAVE(DS1338State, i2c); DS1338State *s = FROM_I2C_SLAVE(DS1338State, i2c);
if (s->addr_byte) { if (s->addr_byte) {
s->ptr = data; s->ptr = data & (NVRAM_SIZE - 1);
s->addr_byte = 0; s->addr_byte = 0;
return 0; return 0;
} }
s->nvram[s->ptr - 8] = data; if (s->ptr < 8) {
if (data < 8) {
qemu_get_timedate(&s->now, s->offset); qemu_get_timedate(&s->now, s->offset);
switch(data) { switch(s->ptr) {
case 0: case 0:
/* TODO: Implement CH (stop) bit. */ /* TODO: Implement CH (stop) bit. */
s->now.tm_sec = from_bcd(data & 0x7f); s->now.tm_sec = from_bcd(data & 0x7f);
@ -109,8 +113,10 @@ static int ds1338_send(I2CSlave *i2c, uint8_t data)
break; break;
} }
s->offset = qemu_timedate_diff(&s->now); s->offset = qemu_timedate_diff(&s->now);
} else {
s->nvram[s->ptr] = data;
} }
s->ptr = (s->ptr + 1) & 0xff; s->ptr = (s->ptr + 1) & (NVRAM_SIZE - 1);
return 0; return 0;
} }