This patch uses the possibility to add a vendor-specific register and
adds a debug register useful for dumping the TIS's internal state. This
register is only active in a debug build (#define DEBUG_TIS).

v3:
 - all output goes to stderr

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

---
 hw/tpm_tis.c |   67 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)

Index: qemu-git/hw/tpm_tis.c
===================================================================
--- qemu-git.orig/hw/tpm_tis.c
+++ qemu-git/hw/tpm_tis.c
@@ -42,6 +42,8 @@
 #define TIS_REG_DID_VID               0xf00
 #define TIS_REG_RID                   0xf04
 
+/* vendor-specific registers */
+#define TIS_REG_DEBUG                 0xf90
 
 #define STS_VALID                    (1 << 7)
 #define STS_COMMAND_READY            (1 << 6)
@@ -356,6 +358,66 @@ static uint32_t tis_data_read(TPMState *
 }
 
 
+#ifdef DEBUG_TIS
+static void tis_dump_state(void *opaque, target_phys_addr_t addr)
+{
+    static const unsigned regs[] = {
+        TIS_REG_ACCESS,
+        TIS_REG_INT_ENABLE,
+        TIS_REG_INT_VECTOR,
+        TIS_REG_INT_STATUS,
+        TIS_REG_INTF_CAPABILITY,
+        TIS_REG_STS,
+        TIS_REG_DID_VID,
+        TIS_REG_RID,
+        0xfff};
+    int idx;
+    uint8_t locty = tis_locality_from_addr(addr);
+    target_phys_addr_t base = addr & ~0xfff;
+    TPMState *s = opaque;
+
+    fprintf(stderr,
+            "tpm_tis: active locality      : %d\n"
+            "tpm_tis: state of locality %d : %d\n"
+            "tpm_tis: register dump:\n",
+            s->active_locty,
+            locty, s->loc[locty].state);
+
+    for (idx = 0; regs[idx] != 0xfff; idx++) {
+        fprintf(stderr, "tpm_tis: 0x%04x : 0x%08x\n", regs[idx],
+                        tis_mem_readl(opaque, base + regs[idx]));
+    }
+
+    fprintf(stderr,
+            "tpm_tis: read offset   : %d\n"
+            "tpm_tis: result buffer : ",
+            s->loc[locty].r_offset);
+    for (idx = 0;
+         idx < tis_get_size_from_buffer(&s->loc[locty].r_buffer);
+         idx++) {
+        fprintf(stderr, "%c%02x%s",
+                s->loc[locty].r_offset == idx ? '>' : ' ',
+                s->loc[locty].r_buffer.buffer[idx],
+                ((idx & 0xf) == 0xf) ? "\ntpm_tis:                 " : "");
+    }
+    fprintf(stderr,
+            "\n"
+            "tpm_tis: write offset  : %d\n"
+            "tpm_tis: request buffer: ",
+            s->loc[locty].w_offset);
+    for (idx = 0;
+         idx < tis_get_size_from_buffer(&s->loc[locty].w_buffer);
+         idx++) {
+        fprintf(stderr, "%c%02x%s",
+                s->loc[locty].w_offset == idx ? '>' : ' ',
+                s->loc[locty].w_buffer.buffer[idx],
+                ((idx & 0xf) == 0xf) ? "\ntpm_tis:                 " : "");
+    }
+    fprintf(stderr,"\n");
+}
+#endif
+
+
 /*
  * Read a register of the TIS interface
  * See specs pages 33-63 for description of the registers
@@ -431,6 +493,11 @@ static uint32_t tis_mem_readl(void *opaq
     case TIS_REG_RID:
         val = TPM_RID;
         break;
+#ifdef DEBUG_TIS
+    case TIS_REG_DEBUG:
+        tis_dump_state(opaque, addr);
+        break;
+#endif
     }
 
     qemu_mutex_unlock(&s->state_lock);