xref: /openbmc/qemu/hw/usb/hcd-ohci.c (revision ecd6f6a8820c8fa91e4d96c1bb640913bd856343)
1 /*
2  * QEMU USB OHCI Emulation
3  * Copyright (c) 2004 Gianni Tedesco
4  * Copyright (c) 2006 CodeSourcery
5  * Copyright (c) 2006 Openedhand Ltd.
6  *
7  * This library is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * This library is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19  *
20  * TODO:
21  *  o Isochronous transfers
22  *  o Allocate bandwidth in frames properly
23  *  o Disable timers when nothing needs to be done, or remove timer usage
24  *    all together.
25  *  o BIOS work to boot from USB storage
26  */
27 
28 #include "qemu/osdep.h"
29 #include "hw/irq.h"
30 #include "qapi/error.h"
31 #include "qemu/module.h"
32 #include "qemu/timer.h"
33 #include "hw/usb.h"
34 #include "migration/vmstate.h"
35 #include "hw/sysbus.h"
36 #include "hw/qdev-dma.h"
37 #include "hw/qdev-properties.h"
38 #include "trace.h"
39 #include "hcd-ohci.h"
40 
41 /* This causes frames to occur 1000x slower */
42 /*#define OHCI_TIME_WARP 1*/
43 
44 #define ED_LINK_LIMIT 32
45 
46 static int64_t usb_frame_time;
47 static int64_t usb_bit_time;
48 
49 /* Host Controller Communications Area */
50 struct ohci_hcca {
51     uint32_t intr[32];
52     uint16_t frame, pad;
53     uint32_t done;
54 };
55 #define HCCA_WRITEBACK_OFFSET   offsetof(struct ohci_hcca, frame)
56 #define HCCA_WRITEBACK_SIZE     8 /* frame, pad, done */
57 
58 #define ED_WBACK_OFFSET offsetof(struct ohci_ed, head)
59 #define ED_WBACK_SIZE   4
60 
61 /* Bitfields for the first word of an Endpoint Descriptor. */
62 #define OHCI_ED_FA_SHIFT  0
63 #define OHCI_ED_FA_MASK   (0x7f << OHCI_ED_FA_SHIFT)
64 #define OHCI_ED_EN_SHIFT  7
65 #define OHCI_ED_EN_MASK   (0xf << OHCI_ED_EN_SHIFT)
66 #define OHCI_ED_D_SHIFT   11
67 #define OHCI_ED_D_MASK    (3 << OHCI_ED_D_SHIFT)
68 #define OHCI_ED_S         (1 << 13)
69 #define OHCI_ED_K         (1 << 14)
70 #define OHCI_ED_F         (1 << 15)
71 #define OHCI_ED_MPS_SHIFT 16
72 #define OHCI_ED_MPS_MASK  (0x7ff << OHCI_ED_MPS_SHIFT)
73 
74 /* Flags in the head field of an Endpoint Descriptor. */
75 #define OHCI_ED_H         1
76 #define OHCI_ED_C         2
77 
78 /* Bitfields for the first word of a Transfer Descriptor. */
79 #define OHCI_TD_R         (1 << 18)
80 #define OHCI_TD_DP_SHIFT  19
81 #define OHCI_TD_DP_MASK   (3 << OHCI_TD_DP_SHIFT)
82 #define OHCI_TD_DI_SHIFT  21
83 #define OHCI_TD_DI_MASK   (7 << OHCI_TD_DI_SHIFT)
84 #define OHCI_TD_T0        (1 << 24)
85 #define OHCI_TD_T1        (1 << 25)
86 #define OHCI_TD_EC_SHIFT  26
87 #define OHCI_TD_EC_MASK   (3 << OHCI_TD_EC_SHIFT)
88 #define OHCI_TD_CC_SHIFT  28
89 #define OHCI_TD_CC_MASK   (0xf << OHCI_TD_CC_SHIFT)
90 
91 /* Bitfields for the first word of an Isochronous Transfer Descriptor. */
92 /* CC & DI - same as in the General Transfer Descriptor */
93 #define OHCI_TD_SF_SHIFT  0
94 #define OHCI_TD_SF_MASK   (0xffff << OHCI_TD_SF_SHIFT)
95 #define OHCI_TD_FC_SHIFT  24
96 #define OHCI_TD_FC_MASK   (7 << OHCI_TD_FC_SHIFT)
97 
98 /* Isochronous Transfer Descriptor - Offset / PacketStatusWord */
99 #define OHCI_TD_PSW_CC_SHIFT 12
100 #define OHCI_TD_PSW_CC_MASK  (0xf << OHCI_TD_PSW_CC_SHIFT)
101 #define OHCI_TD_PSW_SIZE_SHIFT 0
102 #define OHCI_TD_PSW_SIZE_MASK  (0xfff << OHCI_TD_PSW_SIZE_SHIFT)
103 
104 #define OHCI_PAGE_MASK    0xfffff000
105 #define OHCI_OFFSET_MASK  0xfff
106 
107 #define OHCI_DPTR_MASK    0xfffffff0
108 
109 #define OHCI_BM(val, field) \
110   (((val) & OHCI_##field##_MASK) >> OHCI_##field##_SHIFT)
111 
112 #define OHCI_SET_BM(val, field, newval) do { \
113     val &= ~OHCI_##field##_MASK; \
114     val |= ((newval) << OHCI_##field##_SHIFT) & OHCI_##field##_MASK; \
115     } while (0)
116 
117 /* endpoint descriptor */
118 struct ohci_ed {
119     uint32_t flags;
120     uint32_t tail;
121     uint32_t head;
122     uint32_t next;
123 };
124 
125 /* General transfer descriptor */
126 struct ohci_td {
127     uint32_t flags;
128     uint32_t cbp;
129     uint32_t next;
130     uint32_t be;
131 };
132 
133 /* Isochronous transfer descriptor */
134 struct ohci_iso_td {
135     uint32_t flags;
136     uint32_t bp;
137     uint32_t next;
138     uint32_t be;
139     uint16_t offset[8];
140 };
141 
142 #define USB_HZ                      12000000
143 
144 /* OHCI Local stuff */
145 #define OHCI_CTL_CBSR         ((1 << 0) | (1 << 1))
146 #define OHCI_CTL_PLE          (1 << 2)
147 #define OHCI_CTL_IE           (1 << 3)
148 #define OHCI_CTL_CLE          (1 << 4)
149 #define OHCI_CTL_BLE          (1 << 5)
150 #define OHCI_CTL_HCFS         ((1 << 6) | (1 << 7))
151 #define  OHCI_USB_RESET       0x00
152 #define  OHCI_USB_RESUME      0x40
153 #define  OHCI_USB_OPERATIONAL 0x80
154 #define  OHCI_USB_SUSPEND     0xc0
155 #define OHCI_CTL_IR           (1 << 8)
156 #define OHCI_CTL_RWC          (1 << 9)
157 #define OHCI_CTL_RWE          (1 << 10)
158 
159 #define OHCI_STATUS_HCR       (1 << 0)
160 #define OHCI_STATUS_CLF       (1 << 1)
161 #define OHCI_STATUS_BLF       (1 << 2)
162 #define OHCI_STATUS_OCR       (1 << 3)
163 #define OHCI_STATUS_SOC       ((1 << 6) | (1 << 7))
164 
165 #define OHCI_INTR_SO          (1U << 0) /* Scheduling overrun */
166 #define OHCI_INTR_WD          (1U << 1) /* HcDoneHead writeback */
167 #define OHCI_INTR_SF          (1U << 2) /* Start of frame */
168 #define OHCI_INTR_RD          (1U << 3) /* Resume detect */
169 #define OHCI_INTR_UE          (1U << 4) /* Unrecoverable error */
170 #define OHCI_INTR_FNO         (1U << 5) /* Frame number overflow */
171 #define OHCI_INTR_RHSC        (1U << 6) /* Root hub status change */
172 #define OHCI_INTR_OC          (1U << 30) /* Ownership change */
173 #define OHCI_INTR_MIE         (1U << 31) /* Master Interrupt Enable */
174 
175 #define OHCI_HCCA_SIZE        0x100
176 #define OHCI_HCCA_MASK        0xffffff00
177 
178 #define OHCI_EDPTR_MASK       0xfffffff0
179 
180 #define OHCI_FMI_FI           0x00003fff
181 #define OHCI_FMI_FSMPS        0xffff0000
182 #define OHCI_FMI_FIT          0x80000000
183 
184 #define OHCI_FR_RT            (1U << 31)
185 
186 #define OHCI_LS_THRESH        0x628
187 
188 #define OHCI_RHA_RW_MASK      0x00000000 /* Mask of supported features.  */
189 #define OHCI_RHA_PSM          (1 << 8)
190 #define OHCI_RHA_NPS          (1 << 9)
191 #define OHCI_RHA_DT           (1 << 10)
192 #define OHCI_RHA_OCPM         (1 << 11)
193 #define OHCI_RHA_NOCP         (1 << 12)
194 #define OHCI_RHA_POTPGT_MASK  0xff000000
195 
196 #define OHCI_RHS_LPS          (1U << 0)
197 #define OHCI_RHS_OCI          (1U << 1)
198 #define OHCI_RHS_DRWE         (1U << 15)
199 #define OHCI_RHS_LPSC         (1U << 16)
200 #define OHCI_RHS_OCIC         (1U << 17)
201 #define OHCI_RHS_CRWE         (1U << 31)
202 
203 #define OHCI_PORT_CCS         (1 << 0)
204 #define OHCI_PORT_PES         (1 << 1)
205 #define OHCI_PORT_PSS         (1 << 2)
206 #define OHCI_PORT_POCI        (1 << 3)
207 #define OHCI_PORT_PRS         (1 << 4)
208 #define OHCI_PORT_PPS         (1 << 8)
209 #define OHCI_PORT_LSDA        (1 << 9)
210 #define OHCI_PORT_CSC         (1 << 16)
211 #define OHCI_PORT_PESC        (1 << 17)
212 #define OHCI_PORT_PSSC        (1 << 18)
213 #define OHCI_PORT_OCIC        (1 << 19)
214 #define OHCI_PORT_PRSC        (1 << 20)
215 #define OHCI_PORT_WTC         (OHCI_PORT_CSC | OHCI_PORT_PESC | \
216                                OHCI_PORT_PSSC | OHCI_PORT_OCIC | \
217                                OHCI_PORT_PRSC)
218 #define OHCI_TD_DIR_SETUP     0x0
219 #define OHCI_TD_DIR_OUT       0x1
220 #define OHCI_TD_DIR_IN        0x2
221 #define OHCI_TD_DIR_RESERVED  0x3
222 
223 #define OHCI_CC_NOERROR             0x0
224 #define OHCI_CC_CRC                 0x1
225 #define OHCI_CC_BITSTUFFING         0x2
226 #define OHCI_CC_DATATOGGLEMISMATCH  0x3
227 #define OHCI_CC_STALL               0x4
228 #define OHCI_CC_DEVICENOTRESPONDING 0x5
229 #define OHCI_CC_PIDCHECKFAILURE     0x6
230 #define OHCI_CC_UNDEXPETEDPID       0x7
231 #define OHCI_CC_DATAOVERRUN         0x8
232 #define OHCI_CC_DATAUNDERRUN        0x9
233 #define OHCI_CC_BUFFEROVERRUN       0xc
234 #define OHCI_CC_BUFFERUNDERRUN      0xd
235 
236 #define OHCI_HRESET_FSBIR       (1 << 0)
237 
238 static const char *ohci_reg_names[] = {
239     "HcRevision", "HcControl", "HcCommandStatus", "HcInterruptStatus",
240     "HcInterruptEnable", "HcInterruptDisable", "HcHCCA", "HcPeriodCurrentED",
241     "HcControlHeadED", "HcControlCurrentED", "HcBulkHeadED", "HcBulkCurrentED",
242     "HcDoneHead", "HcFmInterval", "HcFmRemaining", "HcFmNumber",
243     "HcPeriodicStart", "HcLSThreshold", "HcRhDescriptorA", "HcRhDescriptorB",
244     "HcRhStatus"
245 };
246 
247 static const char *ohci_reg_name(hwaddr addr)
248 {
249     if (addr >> 2 < ARRAY_SIZE(ohci_reg_names)) {
250         return ohci_reg_names[addr >> 2];
251     } else {
252         return "<unknown>";
253     }
254 }
255 
256 static void ohci_die(OHCIState *ohci)
257 {
258     ohci->ohci_die(ohci);
259 }
260 
261 /* Update IRQ levels */
262 static inline void ohci_intr_update(OHCIState *ohci)
263 {
264     int level = 0;
265 
266     if ((ohci->intr & OHCI_INTR_MIE) &&
267         (ohci->intr_status & ohci->intr))
268         level = 1;
269 
270     qemu_set_irq(ohci->irq, level);
271 }
272 
273 /* Set an interrupt */
274 static inline void ohci_set_interrupt(OHCIState *ohci, uint32_t intr)
275 {
276     ohci->intr_status |= intr;
277     ohci_intr_update(ohci);
278 }
279 
280 static USBDevice *ohci_find_device(OHCIState *ohci, uint8_t addr)
281 {
282     USBDevice *dev;
283     int i;
284 
285     for (i = 0; i < ohci->num_ports; i++) {
286         if ((ohci->rhport[i].ctrl & OHCI_PORT_PES) == 0) {
287             continue;
288         }
289         dev = usb_find_device(&ohci->rhport[i].port, addr);
290         if (dev != NULL) {
291             return dev;
292         }
293     }
294     return NULL;
295 }
296 
297 void ohci_stop_endpoints(OHCIState *ohci)
298 {
299     USBDevice *dev;
300     int i, j;
301 
302     if (ohci->async_td) {
303         usb_cancel_packet(&ohci->usb_packet);
304         ohci->async_td = 0;
305     }
306     for (i = 0; i < ohci->num_ports; i++) {
307         dev = ohci->rhport[i].port.dev;
308         if (dev && dev->attached) {
309             usb_device_ep_stopped(dev, &dev->ep_ctl);
310             for (j = 0; j < USB_MAX_ENDPOINTS; j++) {
311                 usb_device_ep_stopped(dev, &dev->ep_in[j]);
312                 usb_device_ep_stopped(dev, &dev->ep_out[j]);
313             }
314         }
315     }
316 }
317 
318 static void ohci_roothub_reset(OHCIState *ohci)
319 {
320     OHCIPort *port;
321     int i;
322 
323     ohci_bus_stop(ohci);
324     ohci->rhdesc_a = OHCI_RHA_NPS | ohci->num_ports;
325     ohci->rhdesc_b = 0x0; /* Impl. specific */
326     ohci->rhstatus = 0;
327 
328     for (i = 0; i < ohci->num_ports; i++) {
329         port = &ohci->rhport[i];
330         port->ctrl = 0;
331         if (port->port.dev && port->port.dev->attached) {
332             usb_port_reset(&port->port);
333         }
334     }
335     ohci_stop_endpoints(ohci);
336 }
337 
338 /* Reset the controller */
339 static void ohci_soft_reset(OHCIState *ohci)
340 {
341     trace_usb_ohci_reset(ohci->name);
342 
343     ohci_bus_stop(ohci);
344     ohci->ctl = (ohci->ctl & OHCI_CTL_IR) | OHCI_USB_SUSPEND;
345     ohci->old_ctl = 0;
346     ohci->status = 0;
347     ohci->intr_status = 0;
348     ohci->intr = OHCI_INTR_MIE;
349 
350     ohci->hcca = 0;
351     ohci->ctrl_head = ohci->ctrl_cur = 0;
352     ohci->bulk_head = ohci->bulk_cur = 0;
353     ohci->per_cur = 0;
354     ohci->done = 0;
355     ohci->done_count = 7;
356     /*
357      * FSMPS is marked TBD in OCHI 1.0, what gives ffs?
358      * I took the value linux sets ...
359      */
360     ohci->fsmps = 0x2778;
361     ohci->fi = 0x2edf;
362     ohci->fit = 0;
363     ohci->frt = 0;
364     ohci->frame_number = 0;
365     ohci->pstart = 0;
366     ohci->lst = OHCI_LS_THRESH;
367 }
368 
369 void ohci_hard_reset(OHCIState *ohci)
370 {
371     ohci_soft_reset(ohci);
372     ohci->ctl = 0;
373     ohci_roothub_reset(ohci);
374 }
375 
376 /* Get an array of dwords from main memory */
377 static inline int get_dwords(OHCIState *ohci,
378                              dma_addr_t addr, uint32_t *buf, int num)
379 {
380     int i;
381 
382     addr += ohci->localmem_base;
383 
384     for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
385         if (dma_memory_read(ohci->as, addr,
386                             buf, sizeof(*buf), MEMTXATTRS_UNSPECIFIED)) {
387             return -1;
388         }
389         *buf = le32_to_cpu(*buf);
390     }
391 
392     return 0;
393 }
394 
395 /* Put an array of dwords in to main memory */
396 static inline int put_dwords(OHCIState *ohci,
397                              dma_addr_t addr, uint32_t *buf, int num)
398 {
399     int i;
400 
401     addr += ohci->localmem_base;
402 
403     for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
404         uint32_t tmp = cpu_to_le32(*buf);
405         if (dma_memory_write(ohci->as, addr,
406                              &tmp, sizeof(tmp), MEMTXATTRS_UNSPECIFIED)) {
407             return -1;
408         }
409     }
410 
411     return 0;
412 }
413 
414 /* Get an array of words from main memory */
415 static inline int get_words(OHCIState *ohci,
416                             dma_addr_t addr, uint16_t *buf, int num)
417 {
418     int i;
419 
420     addr += ohci->localmem_base;
421 
422     for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
423         if (dma_memory_read(ohci->as, addr,
424                             buf, sizeof(*buf), MEMTXATTRS_UNSPECIFIED)) {
425             return -1;
426         }
427         *buf = le16_to_cpu(*buf);
428     }
429 
430     return 0;
431 }
432 
433 /* Put an array of words in to main memory */
434 static inline int put_words(OHCIState *ohci,
435                             dma_addr_t addr, uint16_t *buf, int num)
436 {
437     int i;
438 
439     addr += ohci->localmem_base;
440 
441     for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
442         uint16_t tmp = cpu_to_le16(*buf);
443         if (dma_memory_write(ohci->as, addr,
444                              &tmp, sizeof(tmp), MEMTXATTRS_UNSPECIFIED)) {
445             return -1;
446         }
447     }
448 
449     return 0;
450 }
451 
452 static inline int ohci_read_ed(OHCIState *ohci,
453                                dma_addr_t addr, struct ohci_ed *ed)
454 {
455     return get_dwords(ohci, addr, (uint32_t *)ed, sizeof(*ed) >> 2);
456 }
457 
458 static inline int ohci_read_td(OHCIState *ohci,
459                                dma_addr_t addr, struct ohci_td *td)
460 {
461     return get_dwords(ohci, addr, (uint32_t *)td, sizeof(*td) >> 2);
462 }
463 
464 static inline int ohci_read_iso_td(OHCIState *ohci,
465                                    dma_addr_t addr, struct ohci_iso_td *td)
466 {
467     return get_dwords(ohci, addr, (uint32_t *)td, 4) ||
468            get_words(ohci, addr + 16, td->offset, 8);
469 }
470 
471 static inline int ohci_read_hcca(OHCIState *ohci,
472                                  dma_addr_t addr, struct ohci_hcca *hcca)
473 {
474     return dma_memory_read(ohci->as, addr + ohci->localmem_base, hcca,
475                            sizeof(*hcca), MEMTXATTRS_UNSPECIFIED);
476 }
477 
478 static inline int ohci_put_ed(OHCIState *ohci,
479                               dma_addr_t addr, struct ohci_ed *ed)
480 {
481     /*
482      * ed->tail is under control of the HCD.
483      * Since just ed->head is changed by HC, just write back this
484      */
485     return put_dwords(ohci, addr + ED_WBACK_OFFSET,
486                       (uint32_t *)((char *)ed + ED_WBACK_OFFSET),
487                       ED_WBACK_SIZE >> 2);
488 }
489 
490 static inline int ohci_put_td(OHCIState *ohci,
491                               dma_addr_t addr, struct ohci_td *td)
492 {
493     return put_dwords(ohci, addr, (uint32_t *)td, sizeof(*td) >> 2);
494 }
495 
496 static inline int ohci_put_iso_td(OHCIState *ohci,
497                                   dma_addr_t addr, struct ohci_iso_td *td)
498 {
499     return put_dwords(ohci, addr, (uint32_t *)td, 4) ||
500            put_words(ohci, addr + 16, td->offset, 8);
501 }
502 
503 static inline int ohci_put_hcca(OHCIState *ohci,
504                                 dma_addr_t addr, struct ohci_hcca *hcca)
505 {
506     return dma_memory_write(ohci->as,
507                             addr + ohci->localmem_base + HCCA_WRITEBACK_OFFSET,
508                             (char *)hcca + HCCA_WRITEBACK_OFFSET,
509                             HCCA_WRITEBACK_SIZE, MEMTXATTRS_UNSPECIFIED);
510 }
511 
512 /* Read/Write the contents of a TD from/to main memory.  */
513 static int ohci_copy_td(OHCIState *ohci, struct ohci_td *td,
514                         uint8_t *buf, int len, DMADirection dir)
515 {
516     dma_addr_t ptr, n;
517 
518     ptr = td->cbp;
519     n = 0x1000 - (ptr & 0xfff);
520     if (n > len) {
521         n = len;
522     }
523     if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf,
524                       n, dir, MEMTXATTRS_UNSPECIFIED)) {
525         return -1;
526     }
527     if (n == len) {
528         return 0;
529     }
530     ptr = td->be & ~0xfffu;
531     buf += n;
532     if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf,
533                       len - n, dir, MEMTXATTRS_UNSPECIFIED)) {
534         return -1;
535     }
536     return 0;
537 }
538 
539 /* Read/Write the contents of an ISO TD from/to main memory.  */
540 static int ohci_copy_iso_td(OHCIState *ohci,
541                             uint32_t start_addr, uint32_t end_addr,
542                             uint8_t *buf, int len, DMADirection dir)
543 {
544     dma_addr_t ptr, n;
545 
546     ptr = start_addr;
547     n = 0x1000 - (ptr & 0xfff);
548     if (n > len) {
549         n = len;
550     }
551     if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf,
552                       n, dir, MEMTXATTRS_UNSPECIFIED)) {
553         return -1;
554     }
555     if (n == len) {
556         return 0;
557     }
558     ptr = end_addr & ~0xfffu;
559     buf += n;
560     if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf,
561                       len - n, dir, MEMTXATTRS_UNSPECIFIED)) {
562         return -1;
563     }
564     return 0;
565 }
566 
567 #define USUB(a, b) ((int16_t)((uint16_t)(a) - (uint16_t)(b)))
568 
569 static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed)
570 {
571     int dir;
572     size_t len = 0;
573     const char *str = NULL;
574     int pid;
575     int ret;
576     int i;
577     USBDevice *dev;
578     USBEndpoint *ep;
579     USBPacket *pkt;
580     uint8_t buf[8192];
581     bool int_req;
582     struct ohci_iso_td iso_td;
583     uint32_t addr;
584     uint16_t starting_frame;
585     int16_t relative_frame_number;
586     int frame_count;
587     uint32_t start_offset, next_offset, end_offset = 0;
588     uint32_t start_addr, end_addr;
589 
590     addr = ed->head & OHCI_DPTR_MASK;
591 
592     if (addr == 0) {
593         ohci_die(ohci);
594         return 1;
595     }
596 
597     if (ohci_read_iso_td(ohci, addr, &iso_td)) {
598         trace_usb_ohci_iso_td_read_failed(addr);
599         ohci_die(ohci);
600         return 1;
601     }
602 
603     starting_frame = OHCI_BM(iso_td.flags, TD_SF);
604     frame_count = OHCI_BM(iso_td.flags, TD_FC);
605     relative_frame_number = USUB(ohci->frame_number, starting_frame);
606 
607     trace_usb_ohci_iso_td_head(
608            ed->head & OHCI_DPTR_MASK, ed->tail & OHCI_DPTR_MASK,
609            iso_td.flags, iso_td.bp, iso_td.next, iso_td.be,
610            ohci->frame_number, starting_frame,
611            frame_count, relative_frame_number);
612     trace_usb_ohci_iso_td_head_offset(
613            iso_td.offset[0], iso_td.offset[1],
614            iso_td.offset[2], iso_td.offset[3],
615            iso_td.offset[4], iso_td.offset[5],
616            iso_td.offset[6], iso_td.offset[7]);
617 
618     if (relative_frame_number < 0) {
619         trace_usb_ohci_iso_td_relative_frame_number_neg(relative_frame_number);
620         return 1;
621     } else if (relative_frame_number > frame_count) {
622         /*
623          * ISO TD expired - retire the TD to the Done Queue and continue with
624          * the next ISO TD of the same ED
625          */
626         trace_usb_ohci_iso_td_relative_frame_number_big(relative_frame_number,
627                                                         frame_count);
628         if (OHCI_CC_DATAOVERRUN == OHCI_BM(iso_td.flags, TD_CC)) {
629             /* avoid infinite loop */
630             return 1;
631         }
632         OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_DATAOVERRUN);
633         ed->head &= ~OHCI_DPTR_MASK;
634         ed->head |= (iso_td.next & OHCI_DPTR_MASK);
635         iso_td.next = ohci->done;
636         ohci->done = addr;
637         i = OHCI_BM(iso_td.flags, TD_DI);
638         if (i < ohci->done_count) {
639             ohci->done_count = i;
640         }
641         if (ohci_put_iso_td(ohci, addr, &iso_td)) {
642             ohci_die(ohci);
643             return 1;
644         }
645         return 0;
646     }
647 
648     dir = OHCI_BM(ed->flags, ED_D);
649     switch (dir) {
650     case OHCI_TD_DIR_IN:
651         str = "in";
652         pid = USB_TOKEN_IN;
653         break;
654     case OHCI_TD_DIR_OUT:
655         str = "out";
656         pid = USB_TOKEN_OUT;
657         break;
658     case OHCI_TD_DIR_SETUP:
659         str = "setup";
660         pid = USB_TOKEN_SETUP;
661         break;
662     default:
663         trace_usb_ohci_iso_td_bad_direction(dir);
664         return 1;
665     }
666 
667     if (!iso_td.bp || !iso_td.be) {
668         trace_usb_ohci_iso_td_bad_bp_be(iso_td.bp, iso_td.be);
669         return 1;
670     }
671 
672     start_offset = iso_td.offset[relative_frame_number];
673     if (relative_frame_number < frame_count) {
674         next_offset = iso_td.offset[relative_frame_number + 1];
675     } else {
676         next_offset = iso_td.be;
677     }
678 
679     if (!(OHCI_BM(start_offset, TD_PSW_CC) & 0xe) ||
680         ((relative_frame_number < frame_count) &&
681          !(OHCI_BM(next_offset, TD_PSW_CC) & 0xe))) {
682         trace_usb_ohci_iso_td_bad_cc_not_accessed(start_offset, next_offset);
683         return 1;
684     }
685 
686     if ((relative_frame_number < frame_count) && (start_offset > next_offset)) {
687         trace_usb_ohci_iso_td_bad_cc_overrun(start_offset, next_offset);
688         return 1;
689     }
690 
691     if ((start_offset & 0x1000) == 0) {
692         start_addr = (iso_td.bp & OHCI_PAGE_MASK) |
693             (start_offset & OHCI_OFFSET_MASK);
694     } else {
695         start_addr = (iso_td.be & OHCI_PAGE_MASK) |
696             (start_offset & OHCI_OFFSET_MASK);
697     }
698 
699     if (relative_frame_number < frame_count) {
700         end_offset = next_offset - 1;
701         if ((end_offset & 0x1000) == 0) {
702             end_addr = (iso_td.bp & OHCI_PAGE_MASK) |
703                 (end_offset & OHCI_OFFSET_MASK);
704         } else {
705             end_addr = (iso_td.be & OHCI_PAGE_MASK) |
706                 (end_offset & OHCI_OFFSET_MASK);
707         }
708     } else {
709         /* Last packet in the ISO TD */
710         end_addr = next_offset;
711     }
712 
713     if (start_addr > end_addr) {
714         trace_usb_ohci_iso_td_bad_cc_overrun(start_addr, end_addr);
715         return 1;
716     }
717 
718     if ((start_addr & OHCI_PAGE_MASK) != (end_addr & OHCI_PAGE_MASK)) {
719         len = (end_addr & OHCI_OFFSET_MASK) + 0x1001
720             - (start_addr & OHCI_OFFSET_MASK);
721     } else {
722         len = end_addr - start_addr + 1;
723     }
724     if (len > sizeof(buf)) {
725         len = sizeof(buf);
726     }
727 
728     if (len && dir != OHCI_TD_DIR_IN) {
729         if (ohci_copy_iso_td(ohci, start_addr, end_addr, buf, len,
730                              DMA_DIRECTION_TO_DEVICE)) {
731             ohci_die(ohci);
732             return 1;
733         }
734     }
735 
736     dev = ohci_find_device(ohci, OHCI_BM(ed->flags, ED_FA));
737     if (dev == NULL) {
738         trace_usb_ohci_td_dev_error();
739         return 1;
740     }
741     ep = usb_ep_get(dev, pid, OHCI_BM(ed->flags, ED_EN));
742     pkt = g_new0(USBPacket, 1);
743     usb_packet_init(pkt);
744     int_req = relative_frame_number == frame_count &&
745               OHCI_BM(iso_td.flags, TD_DI) == 0;
746     usb_packet_setup(pkt, pid, ep, 0, addr, false, int_req);
747     usb_packet_addbuf(pkt, buf, len);
748     usb_handle_packet(dev, pkt);
749     if (pkt->status == USB_RET_ASYNC) {
750         usb_device_flush_ep_queue(dev, ep);
751         g_free(pkt);
752         return 1;
753     }
754     if (pkt->status == USB_RET_SUCCESS) {
755         ret = pkt->actual_length;
756     } else {
757         ret = pkt->status;
758     }
759     g_free(pkt);
760 
761     trace_usb_ohci_iso_td_so(start_offset, end_offset, start_addr, end_addr,
762                              str, len, ret);
763 
764     /* Writeback */
765     if (dir == OHCI_TD_DIR_IN && ret >= 0 && ret <= len) {
766         /* IN transfer succeeded */
767         if (ohci_copy_iso_td(ohci, start_addr, end_addr, buf, ret,
768                              DMA_DIRECTION_FROM_DEVICE)) {
769             ohci_die(ohci);
770             return 1;
771         }
772         OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
773                     OHCI_CC_NOERROR);
774         OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE, ret);
775     } else if (dir == OHCI_TD_DIR_OUT && ret == len) {
776         /* OUT transfer succeeded */
777         OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
778                     OHCI_CC_NOERROR);
779         OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE, 0);
780     } else {
781         if (ret > (ssize_t) len) {
782             trace_usb_ohci_iso_td_data_overrun(ret, len);
783             OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
784                         OHCI_CC_DATAOVERRUN);
785             OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
786                         len);
787         } else if (ret >= 0) {
788             trace_usb_ohci_iso_td_data_underrun(ret);
789             OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
790                         OHCI_CC_DATAUNDERRUN);
791         } else {
792             switch (ret) {
793             case USB_RET_IOERROR:
794             case USB_RET_NODEV:
795                 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
796                             OHCI_CC_DEVICENOTRESPONDING);
797                 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
798                             0);
799                 break;
800             case USB_RET_NAK:
801             case USB_RET_STALL:
802                 trace_usb_ohci_iso_td_nak(ret);
803                 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
804                             OHCI_CC_STALL);
805                 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
806                             0);
807                 break;
808             default:
809                 trace_usb_ohci_iso_td_bad_response(ret);
810                 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
811                             OHCI_CC_UNDEXPETEDPID);
812                 break;
813             }
814         }
815     }
816 
817     if (relative_frame_number == frame_count) {
818         /* Last data packet of ISO TD - retire the TD to the Done Queue */
819         OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_NOERROR);
820         ed->head &= ~OHCI_DPTR_MASK;
821         ed->head |= (iso_td.next & OHCI_DPTR_MASK);
822         iso_td.next = ohci->done;
823         ohci->done = addr;
824         i = OHCI_BM(iso_td.flags, TD_DI);
825         if (i < ohci->done_count) {
826             ohci->done_count = i;
827         }
828     }
829     if (ohci_put_iso_td(ohci, addr, &iso_td)) {
830         ohci_die(ohci);
831     }
832     return 1;
833 }
834 
835 #define HEX_CHAR_PER_LINE 16
836 
837 static void ohci_td_pkt(const char *msg, const uint8_t *buf, size_t len)
838 {
839     bool print16;
840     bool printall;
841     int i;
842     char tmp[3 * HEX_CHAR_PER_LINE + 1];
843     char *p = tmp;
844 
845     print16 = !!trace_event_get_state_backends(TRACE_USB_OHCI_TD_PKT_SHORT);
846     printall = !!trace_event_get_state_backends(TRACE_USB_OHCI_TD_PKT_FULL);
847 
848     if (!printall && !print16) {
849         return;
850     }
851 
852     for (i = 0; ; i++) {
853         if (i && (!(i % HEX_CHAR_PER_LINE) || (i == len))) {
854             if (!printall) {
855                 trace_usb_ohci_td_pkt_short(msg, tmp);
856                 break;
857             }
858             trace_usb_ohci_td_pkt_full(msg, tmp);
859             p = tmp;
860             *p = 0;
861         }
862         if (i == len) {
863             break;
864         }
865 
866         p += sprintf(p, " %.2x", buf[i]);
867     }
868 }
869 
870 /*
871  * Service a transport descriptor.
872  * Returns nonzero to terminate processing of this endpoint.
873  */
874 static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed)
875 {
876     int dir;
877     size_t len = 0, pktlen = 0;
878     const char *str = NULL;
879     int pid;
880     int ret;
881     int i;
882     USBDevice *dev;
883     USBEndpoint *ep;
884     struct ohci_td td;
885     uint32_t addr;
886     int flag_r;
887     int completion;
888 
889     addr = ed->head & OHCI_DPTR_MASK;
890     if (addr == 0) {
891         ohci_die(ohci);
892         return 1;
893     }
894 
895     /* See if this TD has already been submitted to the device. */
896     completion = (addr == ohci->async_td);
897     if (completion && !ohci->async_complete) {
898         trace_usb_ohci_td_skip_async();
899         return 1;
900     }
901     if (ohci_read_td(ohci, addr, &td)) {
902         trace_usb_ohci_td_read_error(addr);
903         ohci_die(ohci);
904         return 1;
905     }
906 
907     dir = OHCI_BM(ed->flags, ED_D);
908     switch (dir) {
909     case OHCI_TD_DIR_OUT:
910     case OHCI_TD_DIR_IN:
911         /* Same value. */
912         break;
913     default:
914         dir = OHCI_BM(td.flags, TD_DP);
915         break;
916     }
917 
918     switch (dir) {
919     case OHCI_TD_DIR_IN:
920         str = "in";
921         pid = USB_TOKEN_IN;
922         break;
923     case OHCI_TD_DIR_OUT:
924         str = "out";
925         pid = USB_TOKEN_OUT;
926         break;
927     case OHCI_TD_DIR_SETUP:
928         str = "setup";
929         pid = USB_TOKEN_SETUP;
930         break;
931     default:
932         trace_usb_ohci_td_bad_direction(dir);
933         return 1;
934     }
935     if (td.cbp && td.be) {
936         if ((td.cbp & 0xfffff000) != (td.be & 0xfffff000)) {
937             len = (td.be & 0xfff) + 0x1001 - (td.cbp & 0xfff);
938         } else {
939             if (td.cbp > td.be) {
940                 trace_usb_ohci_iso_td_bad_cc_overrun(td.cbp, td.be);
941                 ohci_die(ohci);
942                 return 1;
943             }
944             len = (td.be - td.cbp) + 1;
945         }
946         if (len > sizeof(ohci->usb_buf)) {
947             len = sizeof(ohci->usb_buf);
948         }
949 
950         pktlen = len;
951         if (len && dir != OHCI_TD_DIR_IN) {
952             /* The endpoint may not allow us to transfer it all now */
953             pktlen = (ed->flags & OHCI_ED_MPS_MASK) >> OHCI_ED_MPS_SHIFT;
954             if (pktlen > len) {
955                 pktlen = len;
956             }
957             if (!completion) {
958                 if (ohci_copy_td(ohci, &td, ohci->usb_buf, pktlen,
959                                  DMA_DIRECTION_TO_DEVICE)) {
960                     ohci_die(ohci);
961                 }
962             }
963         }
964     }
965 
966     flag_r = (td.flags & OHCI_TD_R) != 0;
967     trace_usb_ohci_td_pkt_hdr(addr, (int64_t)pktlen, (int64_t)len, str,
968                               flag_r, td.cbp, td.be);
969     ohci_td_pkt("OUT", ohci->usb_buf, pktlen);
970 
971     if (completion) {
972         ohci->async_td = 0;
973         ohci->async_complete = false;
974     } else {
975         dev = ohci_find_device(ohci, OHCI_BM(ed->flags, ED_FA));
976         if (dev == NULL) {
977             trace_usb_ohci_td_dev_error();
978             return 1;
979         }
980         ep = usb_ep_get(dev, pid, OHCI_BM(ed->flags, ED_EN));
981         if (ohci->async_td) {
982             /*
983              * ??? The hardware should allow one active packet per
984              * endpoint.  We only allow one active packet per controller.
985              * This should be sufficient as long as devices respond in a
986              * timely manner.
987              */
988             trace_usb_ohci_td_too_many_pending(ep->nr);
989             return 1;
990         }
991         usb_packet_setup(&ohci->usb_packet, pid, ep, 0, addr, !flag_r,
992                          OHCI_BM(td.flags, TD_DI) == 0);
993         usb_packet_addbuf(&ohci->usb_packet, ohci->usb_buf, pktlen);
994         usb_handle_packet(dev, &ohci->usb_packet);
995         trace_usb_ohci_td_packet_status(ohci->usb_packet.status);
996 
997         if (ohci->usb_packet.status == USB_RET_ASYNC) {
998             usb_device_flush_ep_queue(dev, ep);
999             ohci->async_td = addr;
1000             return 1;
1001         }
1002     }
1003     if (ohci->usb_packet.status == USB_RET_SUCCESS) {
1004         ret = ohci->usb_packet.actual_length;
1005     } else {
1006         ret = ohci->usb_packet.status;
1007     }
1008 
1009     if (ret >= 0) {
1010         if (dir == OHCI_TD_DIR_IN) {
1011             if (ohci_copy_td(ohci, &td, ohci->usb_buf, ret,
1012                              DMA_DIRECTION_FROM_DEVICE)) {
1013                 ohci_die(ohci);
1014             }
1015             ohci_td_pkt("IN", ohci->usb_buf, pktlen);
1016         } else {
1017             ret = pktlen;
1018         }
1019     }
1020 
1021     /* Writeback */
1022     if (ret == pktlen || (dir == OHCI_TD_DIR_IN && ret >= 0 && flag_r)) {
1023         /* Transmission succeeded. */
1024         if (ret == len) {
1025             td.cbp = 0;
1026         } else {
1027             if ((td.cbp & 0xfff) + ret > 0xfff) {
1028                 td.cbp = (td.be & ~0xfff) + ((td.cbp + ret) & 0xfff);
1029             } else {
1030                 td.cbp += ret;
1031             }
1032         }
1033         td.flags |= OHCI_TD_T1;
1034         td.flags ^= OHCI_TD_T0;
1035         OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_NOERROR);
1036         OHCI_SET_BM(td.flags, TD_EC, 0);
1037 
1038         if ((dir != OHCI_TD_DIR_IN) && (ret != len)) {
1039             /* Partial packet transfer: TD not ready to retire yet */
1040             goto exit_no_retire;
1041         }
1042 
1043         /* Setting ED_C is part of the TD retirement process */
1044         ed->head &= ~OHCI_ED_C;
1045         if (td.flags & OHCI_TD_T0) {
1046             ed->head |= OHCI_ED_C;
1047         }
1048     } else {
1049         if (ret >= 0) {
1050             trace_usb_ohci_td_underrun();
1051             OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DATAUNDERRUN);
1052         } else {
1053             switch (ret) {
1054             case USB_RET_IOERROR:
1055             case USB_RET_NODEV:
1056                 trace_usb_ohci_td_dev_error();
1057                 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DEVICENOTRESPONDING);
1058                 break;
1059             case USB_RET_NAK:
1060                 trace_usb_ohci_td_nak();
1061                 return 1;
1062             case USB_RET_STALL:
1063                 trace_usb_ohci_td_stall();
1064                 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_STALL);
1065                 break;
1066             case USB_RET_BABBLE:
1067                 trace_usb_ohci_td_babble();
1068                 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DATAOVERRUN);
1069                 break;
1070             default:
1071                 trace_usb_ohci_td_bad_device_response(ret);
1072                 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_UNDEXPETEDPID);
1073                 OHCI_SET_BM(td.flags, TD_EC, 3);
1074                 break;
1075             }
1076             /*
1077              * An error occurred so we have to clear the interrupt counter.
1078              * See spec at 6.4.4 on page 104
1079              */
1080             ohci->done_count = 0;
1081         }
1082         ed->head |= OHCI_ED_H;
1083     }
1084 
1085     /* Retire this TD */
1086     ed->head &= ~OHCI_DPTR_MASK;
1087     ed->head |= td.next & OHCI_DPTR_MASK;
1088     td.next = ohci->done;
1089     ohci->done = addr;
1090     i = OHCI_BM(td.flags, TD_DI);
1091     if (i < ohci->done_count) {
1092         ohci->done_count = i;
1093     }
1094 exit_no_retire:
1095     if (ohci_put_td(ohci, addr, &td)) {
1096         ohci_die(ohci);
1097         return 1;
1098     }
1099     return OHCI_BM(td.flags, TD_CC) != OHCI_CC_NOERROR;
1100 }
1101 
1102 /* Service an endpoint list.  Returns nonzero if active TD were found. */
1103 static int ohci_service_ed_list(OHCIState *ohci, uint32_t head)
1104 {
1105     struct ohci_ed ed;
1106     uint32_t next_ed;
1107     uint32_t cur;
1108     int active;
1109     uint32_t link_cnt = 0;
1110     active = 0;
1111 
1112     if (head == 0) {
1113         return 0;
1114     }
1115     for (cur = head; cur && link_cnt++ < ED_LINK_LIMIT; cur = next_ed) {
1116         if (ohci_read_ed(ohci, cur, &ed)) {
1117             trace_usb_ohci_ed_read_error(cur);
1118             ohci_die(ohci);
1119             return 0;
1120         }
1121 
1122         next_ed = ed.next & OHCI_DPTR_MASK;
1123 
1124         if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) {
1125             uint32_t addr;
1126             /* Cancel pending packets for ED that have been paused. */
1127             addr = ed.head & OHCI_DPTR_MASK;
1128             if (ohci->async_td && addr == ohci->async_td) {
1129                 usb_cancel_packet(&ohci->usb_packet);
1130                 ohci->async_td = 0;
1131                 usb_device_ep_stopped(ohci->usb_packet.ep->dev,
1132                                       ohci->usb_packet.ep);
1133             }
1134             continue;
1135         }
1136 
1137         while ((ed.head & OHCI_DPTR_MASK) != ed.tail) {
1138             trace_usb_ohci_ed_pkt(cur, (ed.head & OHCI_ED_H) != 0,
1139                     (ed.head & OHCI_ED_C) != 0, ed.head & OHCI_DPTR_MASK,
1140                     ed.tail & OHCI_DPTR_MASK, ed.next & OHCI_DPTR_MASK);
1141             trace_usb_ohci_ed_pkt_flags(
1142                     OHCI_BM(ed.flags, ED_FA), OHCI_BM(ed.flags, ED_EN),
1143                     OHCI_BM(ed.flags, ED_D), (ed.flags & OHCI_ED_S) != 0,
1144                     (ed.flags & OHCI_ED_K) != 0, (ed.flags & OHCI_ED_F) != 0,
1145                     OHCI_BM(ed.flags, ED_MPS));
1146 
1147             active = 1;
1148 
1149             if ((ed.flags & OHCI_ED_F) == 0) {
1150                 if (ohci_service_td(ohci, &ed)) {
1151                     break;
1152                 }
1153             } else {
1154                 /* Handle isochronous endpoints */
1155                 if (ohci_service_iso_td(ohci, &ed)) {
1156                     break;
1157                 }
1158             }
1159         }
1160 
1161         if (ohci_put_ed(ohci, cur, &ed)) {
1162             ohci_die(ohci);
1163             return 0;
1164         }
1165     }
1166 
1167     return active;
1168 }
1169 
1170 /* set a timer for EOF */
1171 static void ohci_eof_timer(OHCIState *ohci)
1172 {
1173     timer_mod(ohci->eof_timer, ohci->sof_time + usb_frame_time);
1174 }
1175 /* Set a timer for EOF and generate a SOF event */
1176 static void ohci_sof(OHCIState *ohci)
1177 {
1178     ohci->sof_time += usb_frame_time;
1179     ohci_eof_timer(ohci);
1180     ohci_set_interrupt(ohci, OHCI_INTR_SF);
1181 }
1182 
1183 /* Process Control and Bulk lists. */
1184 static void ohci_process_lists(OHCIState *ohci)
1185 {
1186     if ((ohci->ctl & OHCI_CTL_CLE) && (ohci->status & OHCI_STATUS_CLF)) {
1187         if (ohci->ctrl_cur && ohci->ctrl_cur != ohci->ctrl_head) {
1188             trace_usb_ohci_process_lists(ohci->ctrl_head, ohci->ctrl_cur);
1189         }
1190         if (!ohci_service_ed_list(ohci, ohci->ctrl_head)) {
1191             ohci->ctrl_cur = 0;
1192             ohci->status &= ~OHCI_STATUS_CLF;
1193         }
1194     }
1195 
1196     if ((ohci->ctl & OHCI_CTL_BLE) && (ohci->status & OHCI_STATUS_BLF)) {
1197         if (!ohci_service_ed_list(ohci, ohci->bulk_head)) {
1198             ohci->bulk_cur = 0;
1199             ohci->status &= ~OHCI_STATUS_BLF;
1200         }
1201     }
1202 }
1203 
1204 /* Do frame processing on frame boundary */
1205 static void ohci_frame_boundary(void *opaque)
1206 {
1207     OHCIState *ohci = opaque;
1208     struct ohci_hcca hcca;
1209 
1210     if (ohci_read_hcca(ohci, ohci->hcca, &hcca)) {
1211         trace_usb_ohci_hcca_read_error(ohci->hcca);
1212         ohci_die(ohci);
1213         return;
1214     }
1215 
1216     /* Process all the lists at the end of the frame */
1217     if (ohci->ctl & OHCI_CTL_PLE) {
1218         int n;
1219 
1220         n = ohci->frame_number & 0x1f;
1221         ohci_service_ed_list(ohci, le32_to_cpu(hcca.intr[n]));
1222     }
1223 
1224     /* Cancel all pending packets if either of the lists has been disabled. */
1225     if (ohci->old_ctl & (~ohci->ctl) & (OHCI_CTL_BLE | OHCI_CTL_CLE)) {
1226         ohci_stop_endpoints(ohci);
1227     }
1228     ohci->old_ctl = ohci->ctl;
1229     ohci_process_lists(ohci);
1230 
1231     /* Stop if UnrecoverableError happened or ohci_sof will crash */
1232     if (ohci->intr_status & OHCI_INTR_UE) {
1233         return;
1234     }
1235 
1236     /* Frame boundary, so do EOF stuf here */
1237     ohci->frt = ohci->fit;
1238 
1239     /* Increment frame number and take care of endianness. */
1240     ohci->frame_number = (ohci->frame_number + 1) & 0xffff;
1241     hcca.frame = cpu_to_le16(ohci->frame_number);
1242     /* When the HC updates frame number, set pad to 0. Ref OHCI Spec 4.4.1*/
1243     hcca.pad = 0;
1244 
1245     if (ohci->done_count == 0 && !(ohci->intr_status & OHCI_INTR_WD)) {
1246         if (!ohci->done) {
1247             abort();
1248         }
1249         if (ohci->intr & ohci->intr_status) {
1250             ohci->done |= 1;
1251         }
1252         hcca.done = cpu_to_le32(ohci->done);
1253         ohci->done = 0;
1254         ohci->done_count = 7;
1255         ohci_set_interrupt(ohci, OHCI_INTR_WD);
1256     }
1257 
1258     if (ohci->done_count != 7 && ohci->done_count != 0) {
1259         ohci->done_count--;
1260     }
1261     /* Do SOF stuff here */
1262     ohci_sof(ohci);
1263 
1264     /* Writeback HCCA */
1265     if (ohci_put_hcca(ohci, ohci->hcca, &hcca)) {
1266         ohci_die(ohci);
1267     }
1268 }
1269 
1270 /*
1271  * Start sending SOF tokens across the USB bus, lists are processed in
1272  * next frame
1273  */
1274 static int ohci_bus_start(OHCIState *ohci)
1275 {
1276     trace_usb_ohci_start(ohci->name);
1277     /*
1278      * Delay the first SOF event by one frame time as linux driver is
1279      * not ready to receive it and can meet some race conditions
1280      */
1281     ohci->sof_time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
1282     ohci_eof_timer(ohci);
1283 
1284     return 1;
1285 }
1286 
1287 /* Stop sending SOF tokens on the bus */
1288 void ohci_bus_stop(OHCIState *ohci)
1289 {
1290     trace_usb_ohci_stop(ohci->name);
1291     timer_del(ohci->eof_timer);
1292 }
1293 
1294 /* Frame interval toggle is manipulated by the hcd only */
1295 static void ohci_set_frame_interval(OHCIState *ohci, uint16_t val)
1296 {
1297     val &= OHCI_FMI_FI;
1298 
1299     if (val != ohci->fi) {
1300         trace_usb_ohci_set_frame_interval(ohci->name, ohci->fi, ohci->fi);
1301     }
1302 
1303     ohci->fi = val;
1304 }
1305 
1306 static void ohci_port_power(OHCIState *ohci, int i, int p)
1307 {
1308     if (p) {
1309         ohci->rhport[i].ctrl |= OHCI_PORT_PPS;
1310     } else {
1311         ohci->rhport[i].ctrl &= ~(OHCI_PORT_PPS | OHCI_PORT_CCS |
1312                                   OHCI_PORT_PSS | OHCI_PORT_PRS);
1313     }
1314 }
1315 
1316 /* Set HcControlRegister */
1317 static void ohci_set_ctl(OHCIState *ohci, uint32_t val)
1318 {
1319     uint32_t old_state;
1320     uint32_t new_state;
1321 
1322     old_state = ohci->ctl & OHCI_CTL_HCFS;
1323     ohci->ctl = val;
1324     new_state = ohci->ctl & OHCI_CTL_HCFS;
1325 
1326     /* no state change */
1327     if (old_state == new_state) {
1328         return;
1329     }
1330     trace_usb_ohci_set_ctl(ohci->name, new_state);
1331     switch (new_state) {
1332     case OHCI_USB_OPERATIONAL:
1333         ohci_bus_start(ohci);
1334         break;
1335     case OHCI_USB_SUSPEND:
1336         ohci_bus_stop(ohci);
1337         /* clear pending SF otherwise linux driver loops in ohci_irq() */
1338         ohci->intr_status &= ~OHCI_INTR_SF;
1339         ohci_intr_update(ohci);
1340         break;
1341     case OHCI_USB_RESUME:
1342         trace_usb_ohci_resume(ohci->name);
1343         break;
1344     case OHCI_USB_RESET:
1345         ohci_roothub_reset(ohci);
1346         break;
1347     }
1348 }
1349 
1350 static uint32_t ohci_get_frame_remaining(OHCIState *ohci)
1351 {
1352     uint16_t fr;
1353     int64_t tks;
1354 
1355     if ((ohci->ctl & OHCI_CTL_HCFS) != OHCI_USB_OPERATIONAL) {
1356         return ohci->frt << 31;
1357     }
1358     /* Being in USB operational state guarantees sof_time was set already. */
1359     tks = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) - ohci->sof_time;
1360     if (tks < 0) {
1361         tks = 0;
1362     }
1363 
1364     /* avoid muldiv if possible */
1365     if (tks >= usb_frame_time) {
1366         return ohci->frt << 31;
1367     }
1368     tks = tks / usb_bit_time;
1369     fr = (uint16_t)(ohci->fi - tks);
1370 
1371     return (ohci->frt << 31) | fr;
1372 }
1373 
1374 
1375 /* Set root hub status */
1376 static void ohci_set_hub_status(OHCIState *ohci, uint32_t val)
1377 {
1378     uint32_t old_state;
1379 
1380     old_state = ohci->rhstatus;
1381 
1382     /* write 1 to clear OCIC */
1383     if (val & OHCI_RHS_OCIC) {
1384         ohci->rhstatus &= ~OHCI_RHS_OCIC;
1385     }
1386     if (val & OHCI_RHS_LPS) {
1387         int i;
1388 
1389         for (i = 0; i < ohci->num_ports; i++) {
1390             ohci_port_power(ohci, i, 0);
1391         }
1392         trace_usb_ohci_hub_power_down();
1393     }
1394 
1395     if (val & OHCI_RHS_LPSC) {
1396         int i;
1397 
1398         for (i = 0; i < ohci->num_ports; i++) {
1399             ohci_port_power(ohci, i, 1);
1400         }
1401         trace_usb_ohci_hub_power_up();
1402     }
1403 
1404     if (val & OHCI_RHS_DRWE) {
1405         ohci->rhstatus |= OHCI_RHS_DRWE;
1406     }
1407     if (val & OHCI_RHS_CRWE) {
1408         ohci->rhstatus &= ~OHCI_RHS_DRWE;
1409     }
1410     if (old_state != ohci->rhstatus) {
1411         ohci_set_interrupt(ohci, OHCI_INTR_RHSC);
1412     }
1413 }
1414 
1415 /* This is the one state transition the controller can do by itself */
1416 static bool ohci_resume(OHCIState *s)
1417 {
1418     if ((s->ctl & OHCI_CTL_HCFS) == OHCI_USB_SUSPEND) {
1419         trace_usb_ohci_remote_wakeup(s->name);
1420         s->ctl &= ~OHCI_CTL_HCFS;
1421         s->ctl |= OHCI_USB_RESUME;
1422         return true;
1423     }
1424     return false;
1425 }
1426 
1427 /*
1428  * Sets a flag in a port status reg but only set it if the port is connected.
1429  * If not set ConnectStatusChange flag. If flag is enabled return 1.
1430  */
1431 static int ohci_port_set_if_connected(OHCIState *ohci, int i, uint32_t val)
1432 {
1433     int ret = 1;
1434 
1435     /* writing a 0 has no effect */
1436     if (val == 0) {
1437         return 0;
1438     }
1439     /* If CurrentConnectStatus is cleared we set ConnectStatusChange */
1440     if (!(ohci->rhport[i].ctrl & OHCI_PORT_CCS)) {
1441         ohci->rhport[i].ctrl |= OHCI_PORT_CSC;
1442         if (ohci->rhstatus & OHCI_RHS_DRWE) {
1443             /* CSC is a wakeup event */
1444             if (ohci_resume(ohci)) {
1445                 ohci_set_interrupt(ohci, OHCI_INTR_RD);
1446             }
1447         }
1448         return 0;
1449     }
1450 
1451     if (ohci->rhport[i].ctrl & val) {
1452         ret = 0;
1453     }
1454     /* set the bit */
1455     ohci->rhport[i].ctrl |= val;
1456 
1457     return ret;
1458 }
1459 
1460 /* Set root hub port status */
1461 static void ohci_port_set_status(OHCIState *ohci, int portnum, uint32_t val)
1462 {
1463     uint32_t old_state;
1464     OHCIPort *port;
1465 
1466     port = &ohci->rhport[portnum];
1467     old_state = port->ctrl;
1468 
1469     /* Write to clear CSC, PESC, PSSC, OCIC, PRSC */
1470     if (val & OHCI_PORT_WTC) {
1471         port->ctrl &= ~(val & OHCI_PORT_WTC);
1472     }
1473     if (val & OHCI_PORT_CCS) {
1474         port->ctrl &= ~OHCI_PORT_PES;
1475     }
1476     ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PES);
1477 
1478     if (ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PSS)) {
1479         trace_usb_ohci_port_suspend(portnum);
1480     }
1481 
1482     if (ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PRS)) {
1483         trace_usb_ohci_port_reset(portnum);
1484         usb_device_reset(port->port.dev);
1485         port->ctrl &= ~OHCI_PORT_PRS;
1486         /* ??? Should this also set OHCI_PORT_PESC. */
1487         port->ctrl |= OHCI_PORT_PES | OHCI_PORT_PRSC;
1488     }
1489 
1490     /* Invert order here to ensure in ambiguous case, device is powered up. */
1491     if (val & OHCI_PORT_LSDA) {
1492         ohci_port_power(ohci, portnum, 0);
1493     }
1494     if (val & OHCI_PORT_PPS) {
1495         ohci_port_power(ohci, portnum, 1);
1496     }
1497     if (old_state != port->ctrl) {
1498         ohci_set_interrupt(ohci, OHCI_INTR_RHSC);
1499     }
1500 }
1501 
1502 static uint64_t ohci_mem_read(void *opaque,
1503                               hwaddr addr,
1504                               unsigned size)
1505 {
1506     OHCIState *ohci = opaque;
1507     uint32_t retval;
1508 
1509     /* Only aligned reads are allowed on OHCI */
1510     if (addr & 3) {
1511         trace_usb_ohci_mem_read_unaligned(addr);
1512         return 0xffffffff;
1513     } else if (addr >= 0x54 && addr < 0x54 + ohci->num_ports * 4) {
1514         /* HcRhPortStatus */
1515         retval = ohci->rhport[(addr - 0x54) >> 2].ctrl | OHCI_PORT_PPS;
1516         trace_usb_ohci_mem_port_read(size, "HcRhPortStatus", (addr - 0x50) >> 2,
1517                                      addr, addr >> 2, retval);
1518     } else {
1519         switch (addr >> 2) {
1520         case 0: /* HcRevision */
1521             retval = 0x10;
1522             break;
1523 
1524         case 1: /* HcControl */
1525             retval = ohci->ctl;
1526             break;
1527 
1528         case 2: /* HcCommandStatus */
1529             retval = ohci->status;
1530             break;
1531 
1532         case 3: /* HcInterruptStatus */
1533             retval = ohci->intr_status;
1534             break;
1535 
1536         case 4: /* HcInterruptEnable */
1537         case 5: /* HcInterruptDisable */
1538             retval = ohci->intr;
1539             break;
1540 
1541         case 6: /* HcHCCA */
1542             retval = ohci->hcca;
1543             break;
1544 
1545         case 7: /* HcPeriodCurrentED */
1546             retval = ohci->per_cur;
1547             break;
1548 
1549         case 8: /* HcControlHeadED */
1550             retval = ohci->ctrl_head;
1551             break;
1552 
1553         case 9: /* HcControlCurrentED */
1554             retval = ohci->ctrl_cur;
1555             break;
1556 
1557         case 10: /* HcBulkHeadED */
1558             retval = ohci->bulk_head;
1559             break;
1560 
1561         case 11: /* HcBulkCurrentED */
1562             retval = ohci->bulk_cur;
1563             break;
1564 
1565         case 12: /* HcDoneHead */
1566             retval = ohci->done;
1567             break;
1568 
1569         case 13: /* HcFmInterretval */
1570             retval = (ohci->fit << 31) | (ohci->fsmps << 16) | (ohci->fi);
1571             break;
1572 
1573         case 14: /* HcFmRemaining */
1574             retval = ohci_get_frame_remaining(ohci);
1575             break;
1576 
1577         case 15: /* HcFmNumber */
1578             retval = ohci->frame_number;
1579             break;
1580 
1581         case 16: /* HcPeriodicStart */
1582             retval = ohci->pstart;
1583             break;
1584 
1585         case 17: /* HcLSThreshold */
1586             retval = ohci->lst;
1587             break;
1588 
1589         case 18: /* HcRhDescriptorA */
1590             retval = ohci->rhdesc_a;
1591             break;
1592 
1593         case 19: /* HcRhDescriptorB */
1594             retval = ohci->rhdesc_b;
1595             break;
1596 
1597         case 20: /* HcRhStatus */
1598             retval = ohci->rhstatus;
1599             break;
1600 
1601         /* PXA27x specific registers */
1602         case 24: /* HcStatus */
1603             retval = ohci->hstatus & ohci->hmask;
1604             break;
1605 
1606         case 25: /* HcHReset */
1607             retval = ohci->hreset;
1608             break;
1609 
1610         case 26: /* HcHInterruptEnable */
1611             retval = ohci->hmask;
1612             break;
1613 
1614         case 27: /* HcHInterruptTest */
1615             retval = ohci->htest;
1616             break;
1617 
1618         default:
1619             trace_usb_ohci_mem_read_bad_offset(addr);
1620             retval = 0xffffffff;
1621         }
1622         if (addr != 0xc || retval) {
1623             trace_usb_ohci_mem_read(size, ohci_reg_name(addr), addr, addr >> 2,
1624                                     retval);
1625         }
1626     }
1627 
1628     return retval;
1629 }
1630 
1631 static void ohci_mem_write(void *opaque,
1632                            hwaddr addr,
1633                            uint64_t val,
1634                            unsigned size)
1635 {
1636     OHCIState *ohci = opaque;
1637 
1638     /* Only aligned reads are allowed on OHCI */
1639     if (addr & 3) {
1640         trace_usb_ohci_mem_write_unaligned(addr);
1641         return;
1642     }
1643 
1644     if (addr >= 0x54 && addr < 0x54 + ohci->num_ports * 4) {
1645         /* HcRhPortStatus */
1646         trace_usb_ohci_mem_port_write(size, "HcRhPortStatus",
1647                                       (addr - 0x50) >> 2, addr, addr >> 2, val);
1648         ohci_port_set_status(ohci, (addr - 0x54) >> 2, val);
1649         return;
1650     }
1651 
1652     trace_usb_ohci_mem_write(size, ohci_reg_name(addr), addr, addr >> 2, val);
1653     switch (addr >> 2) {
1654     case 1: /* HcControl */
1655         ohci_set_ctl(ohci, val);
1656         break;
1657 
1658     case 2: /* HcCommandStatus */
1659         /* SOC is read-only */
1660         val = (val & ~OHCI_STATUS_SOC);
1661 
1662         /* Bits written as '0' remain unchanged in the register */
1663         ohci->status |= val;
1664 
1665         if (ohci->status & OHCI_STATUS_HCR) {
1666             ohci_soft_reset(ohci);
1667         }
1668         break;
1669 
1670     case 3: /* HcInterruptStatus */
1671         ohci->intr_status &= ~val;
1672         ohci_intr_update(ohci);
1673         break;
1674 
1675     case 4: /* HcInterruptEnable */
1676         ohci->intr |= val;
1677         ohci_intr_update(ohci);
1678         break;
1679 
1680     case 5: /* HcInterruptDisable */
1681         ohci->intr &= ~val;
1682         ohci_intr_update(ohci);
1683         break;
1684 
1685     case 6: /* HcHCCA */
1686         ohci->hcca = val & OHCI_HCCA_MASK;
1687         break;
1688 
1689     case 7: /* HcPeriodCurrentED */
1690         /* Ignore writes to this read-only register, Linux does them */
1691         break;
1692 
1693     case 8: /* HcControlHeadED */
1694         ohci->ctrl_head = val & OHCI_EDPTR_MASK;
1695         break;
1696 
1697     case 9: /* HcControlCurrentED */
1698         ohci->ctrl_cur = val & OHCI_EDPTR_MASK;
1699         break;
1700 
1701     case 10: /* HcBulkHeadED */
1702         ohci->bulk_head = val & OHCI_EDPTR_MASK;
1703         break;
1704 
1705     case 11: /* HcBulkCurrentED */
1706         ohci->bulk_cur = val & OHCI_EDPTR_MASK;
1707         break;
1708 
1709     case 13: /* HcFmInterval */
1710         ohci->fsmps = (val & OHCI_FMI_FSMPS) >> 16;
1711         ohci->fit = (val & OHCI_FMI_FIT) >> 31;
1712         ohci_set_frame_interval(ohci, val);
1713         break;
1714 
1715     case 15: /* HcFmNumber */
1716         break;
1717 
1718     case 16: /* HcPeriodicStart */
1719         ohci->pstart = val & 0xffff;
1720         break;
1721 
1722     case 17: /* HcLSThreshold */
1723         ohci->lst = val & 0xffff;
1724         break;
1725 
1726     case 18: /* HcRhDescriptorA */
1727         ohci->rhdesc_a &= ~OHCI_RHA_RW_MASK;
1728         ohci->rhdesc_a |= val & OHCI_RHA_RW_MASK;
1729         break;
1730 
1731     case 19: /* HcRhDescriptorB */
1732         break;
1733 
1734     case 20: /* HcRhStatus */
1735         ohci_set_hub_status(ohci, val);
1736         break;
1737 
1738     /* PXA27x specific registers */
1739     case 24: /* HcStatus */
1740         ohci->hstatus &= ~(val & ohci->hmask);
1741         break;
1742 
1743     case 25: /* HcHReset */
1744         ohci->hreset = val & ~OHCI_HRESET_FSBIR;
1745         if (val & OHCI_HRESET_FSBIR) {
1746             ohci_hard_reset(ohci);
1747         }
1748         break;
1749 
1750     case 26: /* HcHInterruptEnable */
1751         ohci->hmask = val;
1752         break;
1753 
1754     case 27: /* HcHInterruptTest */
1755         ohci->htest = val;
1756         break;
1757 
1758     default:
1759         trace_usb_ohci_mem_write_bad_offset(addr);
1760         break;
1761     }
1762 }
1763 
1764 static const MemoryRegionOps ohci_mem_ops = {
1765     .read = ohci_mem_read,
1766     .write = ohci_mem_write,
1767     .endianness = DEVICE_LITTLE_ENDIAN,
1768 };
1769 
1770 /* USBPortOps */
1771 static void ohci_attach(USBPort *port1)
1772 {
1773     OHCIState *s = port1->opaque;
1774     OHCIPort *port = &s->rhport[port1->index];
1775     uint32_t old_state = port->ctrl;
1776 
1777     /* set connect status */
1778     port->ctrl |= OHCI_PORT_CCS | OHCI_PORT_CSC;
1779 
1780     /* update speed */
1781     if (port->port.dev->speed == USB_SPEED_LOW) {
1782         port->ctrl |= OHCI_PORT_LSDA;
1783     } else {
1784         port->ctrl &= ~OHCI_PORT_LSDA;
1785     }
1786 
1787     /* notify of remote-wakeup */
1788     if ((s->ctl & OHCI_CTL_HCFS) == OHCI_USB_SUSPEND) {
1789         ohci_set_interrupt(s, OHCI_INTR_RD);
1790     }
1791 
1792     trace_usb_ohci_port_attach(port1->index);
1793 
1794     if (old_state != port->ctrl) {
1795         ohci_set_interrupt(s, OHCI_INTR_RHSC);
1796     }
1797 }
1798 
1799 static void ohci_child_detach(USBPort *port1, USBDevice *dev)
1800 {
1801     OHCIState *ohci = port1->opaque;
1802 
1803     if (ohci->async_td &&
1804         usb_packet_is_inflight(&ohci->usb_packet) &&
1805         ohci->usb_packet.ep->dev == dev) {
1806         usb_cancel_packet(&ohci->usb_packet);
1807         ohci->async_td = 0;
1808     }
1809 }
1810 
1811 static void ohci_detach(USBPort *port1)
1812 {
1813     OHCIState *s = port1->opaque;
1814     OHCIPort *port = &s->rhport[port1->index];
1815     uint32_t old_state = port->ctrl;
1816 
1817     ohci_child_detach(port1, port1->dev);
1818 
1819     /* set connect status */
1820     if (port->ctrl & OHCI_PORT_CCS) {
1821         port->ctrl &= ~OHCI_PORT_CCS;
1822         port->ctrl |= OHCI_PORT_CSC;
1823     }
1824     /* disable port */
1825     if (port->ctrl & OHCI_PORT_PES) {
1826         port->ctrl &= ~OHCI_PORT_PES;
1827         port->ctrl |= OHCI_PORT_PESC;
1828     }
1829     trace_usb_ohci_port_detach(port1->index);
1830 
1831     if (old_state != port->ctrl) {
1832         ohci_set_interrupt(s, OHCI_INTR_RHSC);
1833     }
1834 }
1835 
1836 static void ohci_wakeup(USBPort *port1)
1837 {
1838     OHCIState *s = port1->opaque;
1839     OHCIPort *port = &s->rhport[port1->index];
1840     uint32_t intr = 0;
1841     if (port->ctrl & OHCI_PORT_PSS) {
1842         trace_usb_ohci_port_wakeup(port1->index);
1843         port->ctrl |= OHCI_PORT_PSSC;
1844         port->ctrl &= ~OHCI_PORT_PSS;
1845         intr = OHCI_INTR_RHSC;
1846     }
1847     /* Note that the controller can be suspended even if this port is not */
1848     if (ohci_resume(s)) {
1849         /*
1850          * In suspend mode only ResumeDetected is possible, not RHSC:
1851          * see the OHCI spec 5.1.2.3.
1852          */
1853         intr = OHCI_INTR_RD;
1854     }
1855     ohci_set_interrupt(s, intr);
1856 }
1857 
1858 static void ohci_async_complete_packet(USBPort *port, USBPacket *packet)
1859 {
1860     OHCIState *ohci = container_of(packet, OHCIState, usb_packet);
1861 
1862     trace_usb_ohci_async_complete();
1863     ohci->async_complete = true;
1864     ohci_process_lists(ohci);
1865 }
1866 
1867 static USBPortOps ohci_port_ops = {
1868     .attach = ohci_attach,
1869     .detach = ohci_detach,
1870     .child_detach = ohci_child_detach,
1871     .wakeup = ohci_wakeup,
1872     .complete = ohci_async_complete_packet,
1873 };
1874 
1875 static USBBusOps ohci_bus_ops = {
1876 };
1877 
1878 void usb_ohci_init(OHCIState *ohci, DeviceState *dev, uint32_t num_ports,
1879                    dma_addr_t localmem_base, char *masterbus,
1880                    uint32_t firstport, AddressSpace *as,
1881                    void (*ohci_die_fn)(OHCIState *), Error **errp)
1882 {
1883     Error *err = NULL;
1884     int i;
1885 
1886     ohci->as = as;
1887     ohci->ohci_die = ohci_die_fn;
1888 
1889     if (num_ports > OHCI_MAX_PORTS) {
1890         error_setg(errp, "OHCI num-ports=%u is too big (limit is %u ports)",
1891                    num_ports, OHCI_MAX_PORTS);
1892         return;
1893     }
1894 
1895     if (usb_frame_time == 0) {
1896 #ifdef OHCI_TIME_WARP
1897         usb_frame_time = NANOSECONDS_PER_SECOND;
1898         usb_bit_time = NANOSECONDS_PER_SECOND / (USB_HZ / 1000);
1899 #else
1900         usb_frame_time = NANOSECONDS_PER_SECOND / 1000;
1901         if (NANOSECONDS_PER_SECOND >= USB_HZ) {
1902             usb_bit_time = NANOSECONDS_PER_SECOND / USB_HZ;
1903         } else {
1904             usb_bit_time = 1;
1905         }
1906 #endif
1907         trace_usb_ohci_init_time(usb_frame_time, usb_bit_time);
1908     }
1909 
1910     ohci->num_ports = num_ports;
1911     if (masterbus) {
1912         USBPort *ports[OHCI_MAX_PORTS];
1913         for (i = 0; i < num_ports; i++) {
1914             ports[i] = &ohci->rhport[i].port;
1915         }
1916         usb_register_companion(masterbus, ports, num_ports,
1917                                firstport, ohci, &ohci_port_ops,
1918                                USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL,
1919                                &err);
1920         if (err) {
1921             error_propagate(errp, err);
1922             return;
1923         }
1924     } else {
1925         usb_bus_new(&ohci->bus, sizeof(ohci->bus), &ohci_bus_ops, dev);
1926         for (i = 0; i < num_ports; i++) {
1927             usb_register_port(&ohci->bus, &ohci->rhport[i].port,
1928                               ohci, i, &ohci_port_ops,
1929                               USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL);
1930         }
1931     }
1932 
1933     memory_region_init_io(&ohci->mem, OBJECT(dev), &ohci_mem_ops,
1934                           ohci, "ohci", 256);
1935     ohci->localmem_base = localmem_base;
1936 
1937     ohci->name = object_get_typename(OBJECT(dev));
1938     usb_packet_init(&ohci->usb_packet);
1939 
1940     ohci->async_td = 0;
1941 
1942     ohci->eof_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
1943                                    ohci_frame_boundary, ohci);
1944 }
1945 
1946 /*
1947  * A typical OHCI will stop operating and set itself into error state
1948  * (which can be queried by MMIO) to signal that it got an error.
1949  */
1950 void ohci_sysbus_die(struct OHCIState *ohci)
1951 {
1952     trace_usb_ohci_die();
1953 
1954     ohci_set_interrupt(ohci, OHCI_INTR_UE);
1955     ohci_bus_stop(ohci);
1956 }
1957 
1958 static const VMStateDescription vmstate_ohci_state_port = {
1959     .name = "ohci-core/port",
1960     .version_id = 1,
1961     .minimum_version_id = 1,
1962     .fields = (const VMStateField[]) {
1963         VMSTATE_UINT32(ctrl, OHCIPort),
1964         VMSTATE_END_OF_LIST()
1965     },
1966 };
1967 
1968 static bool ohci_eof_timer_needed(void *opaque)
1969 {
1970     OHCIState *ohci = opaque;
1971 
1972     return timer_pending(ohci->eof_timer);
1973 }
1974 
1975 static const VMStateDescription vmstate_ohci_eof_timer = {
1976     .name = "ohci-core/eof-timer",
1977     .version_id = 1,
1978     .minimum_version_id = 1,
1979     .needed = ohci_eof_timer_needed,
1980     .fields = (const VMStateField[]) {
1981         VMSTATE_TIMER_PTR(eof_timer, OHCIState),
1982         VMSTATE_END_OF_LIST()
1983     },
1984 };
1985 
1986 const VMStateDescription vmstate_ohci_state = {
1987     .name = "ohci-core",
1988     .version_id = 1,
1989     .minimum_version_id = 1,
1990     .fields = (const VMStateField[]) {
1991         VMSTATE_INT64(sof_time, OHCIState),
1992         VMSTATE_UINT32(ctl, OHCIState),
1993         VMSTATE_UINT32(status, OHCIState),
1994         VMSTATE_UINT32(intr_status, OHCIState),
1995         VMSTATE_UINT32(intr, OHCIState),
1996         VMSTATE_UINT32(hcca, OHCIState),
1997         VMSTATE_UINT32(ctrl_head, OHCIState),
1998         VMSTATE_UINT32(ctrl_cur, OHCIState),
1999         VMSTATE_UINT32(bulk_head, OHCIState),
2000         VMSTATE_UINT32(bulk_cur, OHCIState),
2001         VMSTATE_UINT32(per_cur, OHCIState),
2002         VMSTATE_UINT32(done, OHCIState),
2003         VMSTATE_INT32(done_count, OHCIState),
2004         VMSTATE_UINT16(fsmps, OHCIState),
2005         VMSTATE_UINT8(fit, OHCIState),
2006         VMSTATE_UINT16(fi, OHCIState),
2007         VMSTATE_UINT8(frt, OHCIState),
2008         VMSTATE_UINT16(frame_number, OHCIState),
2009         VMSTATE_UINT16(padding, OHCIState),
2010         VMSTATE_UINT32(pstart, OHCIState),
2011         VMSTATE_UINT32(lst, OHCIState),
2012         VMSTATE_UINT32(rhdesc_a, OHCIState),
2013         VMSTATE_UINT32(rhdesc_b, OHCIState),
2014         VMSTATE_UINT32(rhstatus, OHCIState),
2015         VMSTATE_STRUCT_ARRAY(rhport, OHCIState, OHCI_MAX_PORTS, 0,
2016                              vmstate_ohci_state_port, OHCIPort),
2017         VMSTATE_UINT32(hstatus, OHCIState),
2018         VMSTATE_UINT32(hmask, OHCIState),
2019         VMSTATE_UINT32(hreset, OHCIState),
2020         VMSTATE_UINT32(htest, OHCIState),
2021         VMSTATE_UINT32(old_ctl, OHCIState),
2022         VMSTATE_UINT8_ARRAY(usb_buf, OHCIState, 8192),
2023         VMSTATE_UINT32(async_td, OHCIState),
2024         VMSTATE_BOOL(async_complete, OHCIState),
2025         VMSTATE_END_OF_LIST()
2026     },
2027     .subsections = (const VMStateDescription * const []) {
2028         &vmstate_ohci_eof_timer,
2029         NULL
2030     }
2031 };
2032