xref: /openbmc/qemu/hw/usb/hcd-dwc2.c (revision ddd17313)
1 /*
2  * dwc-hsotg (dwc2) USB host controller emulation
3  *
4  * Based on hw/usb/hcd-ehci.c and hw/usb/hcd-ohci.c
5  *
6  * Note that to use this emulation with the dwc-otg driver in the
7  * Raspbian kernel, you must pass the option "dwc_otg.fiq_fsm_enable=0"
8  * on the kernel command line.
9  *
10  * Some useful documentation used to develop this emulation can be
11  * found online (as of April 2020) at:
12  *
13  * http://www.capital-micro.com/PDF/CME-M7_Family_User_Guide_EN.pdf
14  * which has a pretty complete description of the controller starting
15  * on page 370.
16  *
17  * https://sourceforge.net/p/wive-ng/wive-ng-mt/ci/master/tree/docs/DataSheets/RT3050_5x_V2.0_081408_0902.pdf
18  * which has a description of the controller registers starting on
19  * page 130.
20  *
21  * Copyright (c) 2020 Paul Zimmerman <pauldzim@gmail.com>
22  *
23  * This program is free software; you can redistribute it and/or modify
24  * it under the terms of the GNU General Public License as published by
25  * the Free Software Foundation; either version 2 of the License, or
26  * (at your option) any later version.
27  *
28  * This program is distributed in the hope that it will be useful,
29  * but WITHOUT ANY WARRANTY; without even the implied warranty of
30  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
31  * GNU General Public License for more details.
32  */
33 
34 #include "qemu/osdep.h"
35 #include "qemu/units.h"
36 #include "qapi/error.h"
37 #include "hw/usb/dwc2-regs.h"
38 #include "hw/usb/hcd-dwc2.h"
39 #include "migration/vmstate.h"
40 #include "trace.h"
41 #include "qemu/log.h"
42 #include "qemu/error-report.h"
43 #include "qemu/main-loop.h"
44 #include "hw/qdev-properties.h"
45 
46 #define USB_HZ_FS       12000000
47 #define USB_HZ_HS       96000000
48 #define USB_FRMINTVL    12000
49 
50 /* nifty macros from Arnon's EHCI version  */
51 #define get_field(data, field) \
52     (((data) & field##_MASK) >> field##_SHIFT)
53 
54 #define set_field(data, newval, field) do { \
55     uint32_t val = *(data); \
56     val &= ~field##_MASK; \
57     val |= ((newval) << field##_SHIFT) & field##_MASK; \
58     *(data) = val; \
59 } while (0)
60 
61 #define get_bit(data, bitmask) \
62     (!!((data) & (bitmask)))
63 
64 /* update irq line */
65 static inline void dwc2_update_irq(DWC2State *s)
66 {
67     static int oldlevel;
68     int level = 0;
69 
70     if ((s->gintsts & s->gintmsk) && (s->gahbcfg & GAHBCFG_GLBL_INTR_EN)) {
71         level = 1;
72     }
73     if (level != oldlevel) {
74         oldlevel = level;
75         trace_usb_dwc2_update_irq(level);
76         qemu_set_irq(s->irq, level);
77     }
78 }
79 
80 /* flag interrupt condition */
81 static inline void dwc2_raise_global_irq(DWC2State *s, uint32_t intr)
82 {
83     if (!(s->gintsts & intr)) {
84         s->gintsts |= intr;
85         trace_usb_dwc2_raise_global_irq(intr);
86         dwc2_update_irq(s);
87     }
88 }
89 
90 static inline void dwc2_lower_global_irq(DWC2State *s, uint32_t intr)
91 {
92     if (s->gintsts & intr) {
93         s->gintsts &= ~intr;
94         trace_usb_dwc2_lower_global_irq(intr);
95         dwc2_update_irq(s);
96     }
97 }
98 
99 static inline void dwc2_raise_host_irq(DWC2State *s, uint32_t host_intr)
100 {
101     if (!(s->haint & host_intr)) {
102         s->haint |= host_intr;
103         s->haint &= 0xffff;
104         trace_usb_dwc2_raise_host_irq(host_intr);
105         if (s->haint & s->haintmsk) {
106             dwc2_raise_global_irq(s, GINTSTS_HCHINT);
107         }
108     }
109 }
110 
111 static inline void dwc2_lower_host_irq(DWC2State *s, uint32_t host_intr)
112 {
113     if (s->haint & host_intr) {
114         s->haint &= ~host_intr;
115         trace_usb_dwc2_lower_host_irq(host_intr);
116         if (!(s->haint & s->haintmsk)) {
117             dwc2_lower_global_irq(s, GINTSTS_HCHINT);
118         }
119     }
120 }
121 
122 static inline void dwc2_update_hc_irq(DWC2State *s, int index)
123 {
124     uint32_t host_intr = 1 << (index >> 3);
125 
126     if (s->hreg1[index + 2] & s->hreg1[index + 3]) {
127         dwc2_raise_host_irq(s, host_intr);
128     } else {
129         dwc2_lower_host_irq(s, host_intr);
130     }
131 }
132 
133 /* set a timer for EOF */
134 static void dwc2_eof_timer(DWC2State *s)
135 {
136     timer_mod(s->eof_timer, s->sof_time + s->usb_frame_time);
137 }
138 
139 /* Set a timer for EOF and generate SOF event */
140 static void dwc2_sof(DWC2State *s)
141 {
142     s->sof_time += s->usb_frame_time;
143     trace_usb_dwc2_sof(s->sof_time);
144     dwc2_eof_timer(s);
145     dwc2_raise_global_irq(s, GINTSTS_SOF);
146 }
147 
148 /* Do frame processing on frame boundary */
149 static void dwc2_frame_boundary(void *opaque)
150 {
151     DWC2State *s = opaque;
152     int64_t now;
153     uint16_t frcnt;
154 
155     now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
156 
157     /* Frame boundary, so do EOF stuff here */
158 
159     /* Increment frame number */
160     frcnt = (uint16_t)((now - s->sof_time) / s->fi);
161     s->frame_number = (s->frame_number + frcnt) & 0xffff;
162     s->hfnum = s->frame_number & HFNUM_MAX_FRNUM;
163 
164     /* Do SOF stuff here */
165     dwc2_sof(s);
166 }
167 
168 /* Start sending SOF tokens on the USB bus */
169 static void dwc2_bus_start(DWC2State *s)
170 {
171     trace_usb_dwc2_bus_start();
172     s->sof_time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
173     dwc2_eof_timer(s);
174 }
175 
176 /* Stop sending SOF tokens on the USB bus */
177 static void dwc2_bus_stop(DWC2State *s)
178 {
179     trace_usb_dwc2_bus_stop();
180     timer_del(s->eof_timer);
181 }
182 
183 static USBDevice *dwc2_find_device(DWC2State *s, uint8_t addr)
184 {
185     USBDevice *dev;
186 
187     trace_usb_dwc2_find_device(addr);
188 
189     if (!(s->hprt0 & HPRT0_ENA)) {
190         trace_usb_dwc2_port_disabled(0);
191     } else {
192         dev = usb_find_device(&s->uport, addr);
193         if (dev != NULL) {
194             trace_usb_dwc2_device_found(0);
195             return dev;
196         }
197     }
198 
199     trace_usb_dwc2_device_not_found();
200     return NULL;
201 }
202 
203 static const char *pstatus[] = {
204     "USB_RET_SUCCESS", "USB_RET_NODEV", "USB_RET_NAK", "USB_RET_STALL",
205     "USB_RET_BABBLE", "USB_RET_IOERROR", "USB_RET_ASYNC",
206     "USB_RET_ADD_TO_QUEUE", "USB_RET_REMOVE_FROM_QUEUE"
207 };
208 
209 static uint32_t pintr[] = {
210     HCINTMSK_XFERCOMPL, HCINTMSK_XACTERR, HCINTMSK_NAK, HCINTMSK_STALL,
211     HCINTMSK_BBLERR, HCINTMSK_XACTERR, HCINTMSK_XACTERR, HCINTMSK_XACTERR,
212     HCINTMSK_XACTERR
213 };
214 
215 static const char *types[] = {
216     "Ctrl", "Isoc", "Bulk", "Intr"
217 };
218 
219 static const char *dirs[] = {
220     "Out", "In"
221 };
222 
223 static void dwc2_handle_packet(DWC2State *s, uint32_t devadr, USBDevice *dev,
224                                USBEndpoint *ep, uint32_t index, bool send)
225 {
226     DWC2Packet *p;
227     uint32_t hcchar = s->hreg1[index];
228     uint32_t hctsiz = s->hreg1[index + 4];
229     uint32_t hcdma = s->hreg1[index + 5];
230     uint32_t chan, epnum, epdir, eptype, mps, pid, pcnt, len, tlen, intr = 0;
231     uint32_t tpcnt, stsidx, actual = 0;
232     bool do_intr = false, done = false;
233 
234     epnum = get_field(hcchar, HCCHAR_EPNUM);
235     epdir = get_bit(hcchar, HCCHAR_EPDIR);
236     eptype = get_field(hcchar, HCCHAR_EPTYPE);
237     mps = get_field(hcchar, HCCHAR_MPS);
238     pid = get_field(hctsiz, TSIZ_SC_MC_PID);
239     pcnt = get_field(hctsiz, TSIZ_PKTCNT);
240     len = get_field(hctsiz, TSIZ_XFERSIZE);
241     if (len > DWC2_MAX_XFER_SIZE) {
242         qemu_log_mask(LOG_GUEST_ERROR,
243                       "%s: HCTSIZ transfer size too large\n", __func__);
244         return;
245     }
246 
247     chan = index >> 3;
248     p = &s->packet[chan];
249 
250     trace_usb_dwc2_handle_packet(chan, dev, &p->packet, epnum, types[eptype],
251                                  dirs[epdir], mps, len, pcnt);
252 
253     if (mps == 0) {
254         qemu_log_mask(LOG_GUEST_ERROR,
255                 "%s: Bad HCCHAR_MPS set to zero\n", __func__);
256         return;
257     }
258 
259     if (eptype == USB_ENDPOINT_XFER_CONTROL && pid == TSIZ_SC_MC_PID_SETUP) {
260         pid = USB_TOKEN_SETUP;
261     } else {
262         pid = epdir ? USB_TOKEN_IN : USB_TOKEN_OUT;
263     }
264 
265     if (send) {
266         tlen = len;
267         if (p->small) {
268             if (tlen > mps) {
269                 tlen = mps;
270             }
271         }
272 
273         if (pid != USB_TOKEN_IN) {
274             trace_usb_dwc2_memory_read(hcdma, tlen);
275             if (dma_memory_read(&s->dma_as, hcdma, s->usb_buf[chan], tlen,
276                                 MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) {
277                 qemu_log_mask(LOG_GUEST_ERROR, "%s: dma_memory_read failed\n",
278                               __func__);
279             }
280         }
281 
282         usb_packet_init(&p->packet);
283         usb_packet_setup(&p->packet, pid, ep, 0, hcdma,
284                          pid != USB_TOKEN_IN, true);
285         usb_packet_addbuf(&p->packet, s->usb_buf[chan], tlen);
286         p->async = DWC2_ASYNC_NONE;
287         usb_handle_packet(dev, &p->packet);
288     } else {
289         tlen = p->len;
290     }
291 
292     stsidx = -p->packet.status;
293     assert(stsidx < sizeof(pstatus) / sizeof(*pstatus));
294     actual = p->packet.actual_length;
295     trace_usb_dwc2_packet_status(pstatus[stsidx], actual);
296 
297 babble:
298     if (p->packet.status != USB_RET_SUCCESS &&
299             p->packet.status != USB_RET_NAK &&
300             p->packet.status != USB_RET_STALL &&
301             p->packet.status != USB_RET_ASYNC) {
302         trace_usb_dwc2_packet_error(pstatus[stsidx]);
303     }
304 
305     if (p->packet.status == USB_RET_ASYNC) {
306         trace_usb_dwc2_async_packet(&p->packet, chan, dev, epnum,
307                                     dirs[epdir], tlen);
308         usb_device_flush_ep_queue(dev, ep);
309         assert(p->async != DWC2_ASYNC_INFLIGHT);
310         p->devadr = devadr;
311         p->epnum = epnum;
312         p->epdir = epdir;
313         p->mps = mps;
314         p->pid = pid;
315         p->index = index;
316         p->pcnt = pcnt;
317         p->len = tlen;
318         p->async = DWC2_ASYNC_INFLIGHT;
319         p->needs_service = false;
320         return;
321     }
322 
323     if (p->packet.status == USB_RET_SUCCESS) {
324         if (actual > tlen) {
325             p->packet.status = USB_RET_BABBLE;
326             goto babble;
327         }
328 
329         if (pid == USB_TOKEN_IN) {
330             trace_usb_dwc2_memory_write(hcdma, actual);
331             if (dma_memory_write(&s->dma_as, hcdma, s->usb_buf[chan], actual,
332                                  MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) {
333                 qemu_log_mask(LOG_GUEST_ERROR, "%s: dma_memory_write failed\n",
334                               __func__);
335             }
336         }
337 
338         tpcnt = actual / mps;
339         if (actual % mps) {
340             tpcnt++;
341             if (pid == USB_TOKEN_IN) {
342                 done = true;
343             }
344         }
345 
346         pcnt -= tpcnt < pcnt ? tpcnt : pcnt;
347         set_field(&hctsiz, pcnt, TSIZ_PKTCNT);
348         len -= actual < len ? actual : len;
349         set_field(&hctsiz, len, TSIZ_XFERSIZE);
350         s->hreg1[index + 4] = hctsiz;
351         hcdma += actual;
352         s->hreg1[index + 5] = hcdma;
353 
354         if (!pcnt || len == 0 || actual == 0) {
355             done = true;
356         }
357     } else {
358         intr |= pintr[stsidx];
359         if (p->packet.status == USB_RET_NAK &&
360             (eptype == USB_ENDPOINT_XFER_CONTROL ||
361              eptype == USB_ENDPOINT_XFER_BULK)) {
362             /*
363              * for ctrl/bulk, automatically retry on NAK,
364              * but send the interrupt anyway
365              */
366             intr &= ~HCINTMSK_RESERVED14_31;
367             s->hreg1[index + 2] |= intr;
368             do_intr = true;
369         } else {
370             intr |= HCINTMSK_CHHLTD;
371             done = true;
372         }
373     }
374 
375     usb_packet_cleanup(&p->packet);
376 
377     if (done) {
378         hcchar &= ~HCCHAR_CHENA;
379         s->hreg1[index] = hcchar;
380         if (!(intr & HCINTMSK_CHHLTD)) {
381             intr |= HCINTMSK_CHHLTD | HCINTMSK_XFERCOMPL;
382         }
383         intr &= ~HCINTMSK_RESERVED14_31;
384         s->hreg1[index + 2] |= intr;
385         p->needs_service = false;
386         trace_usb_dwc2_packet_done(pstatus[stsidx], actual, len, pcnt);
387         dwc2_update_hc_irq(s, index);
388         return;
389     }
390 
391     p->devadr = devadr;
392     p->epnum = epnum;
393     p->epdir = epdir;
394     p->mps = mps;
395     p->pid = pid;
396     p->index = index;
397     p->pcnt = pcnt;
398     p->len = len;
399     p->needs_service = true;
400     trace_usb_dwc2_packet_next(pstatus[stsidx], len, pcnt);
401     if (do_intr) {
402         dwc2_update_hc_irq(s, index);
403     }
404 }
405 
406 /* Attach or detach a device on root hub */
407 
408 static const char *speeds[] = {
409     "low", "full", "high"
410 };
411 
412 static void dwc2_attach(USBPort *port)
413 {
414     DWC2State *s = port->opaque;
415     int hispd = 0;
416 
417     trace_usb_dwc2_attach(port);
418     assert(port->index == 0);
419 
420     if (!port->dev || !port->dev->attached) {
421         return;
422     }
423 
424     assert(port->dev->speed <= USB_SPEED_HIGH);
425     trace_usb_dwc2_attach_speed(speeds[port->dev->speed]);
426     s->hprt0 &= ~HPRT0_SPD_MASK;
427 
428     switch (port->dev->speed) {
429     case USB_SPEED_LOW:
430         s->hprt0 |= HPRT0_SPD_LOW_SPEED << HPRT0_SPD_SHIFT;
431         break;
432     case USB_SPEED_FULL:
433         s->hprt0 |= HPRT0_SPD_FULL_SPEED << HPRT0_SPD_SHIFT;
434         break;
435     case USB_SPEED_HIGH:
436         s->hprt0 |= HPRT0_SPD_HIGH_SPEED << HPRT0_SPD_SHIFT;
437         hispd = 1;
438         break;
439     }
440 
441     if (hispd) {
442         s->usb_frame_time = NANOSECONDS_PER_SECOND / 8000;        /* 125000 */
443         if (NANOSECONDS_PER_SECOND >= USB_HZ_HS) {
444             s->usb_bit_time = NANOSECONDS_PER_SECOND / USB_HZ_HS; /* 10.4 */
445         } else {
446             s->usb_bit_time = 1;
447         }
448     } else {
449         s->usb_frame_time = NANOSECONDS_PER_SECOND / 1000;        /* 1000000 */
450         if (NANOSECONDS_PER_SECOND >= USB_HZ_FS) {
451             s->usb_bit_time = NANOSECONDS_PER_SECOND / USB_HZ_FS; /* 83.3 */
452         } else {
453             s->usb_bit_time = 1;
454         }
455     }
456 
457     s->fi = USB_FRMINTVL - 1;
458     s->hprt0 |= HPRT0_CONNDET | HPRT0_CONNSTS;
459 
460     dwc2_bus_start(s);
461     dwc2_raise_global_irq(s, GINTSTS_PRTINT);
462 }
463 
464 static void dwc2_detach(USBPort *port)
465 {
466     DWC2State *s = port->opaque;
467 
468     trace_usb_dwc2_detach(port);
469     assert(port->index == 0);
470 
471     dwc2_bus_stop(s);
472 
473     s->hprt0 &= ~(HPRT0_SPD_MASK | HPRT0_SUSP | HPRT0_ENA | HPRT0_CONNSTS);
474     s->hprt0 |= HPRT0_CONNDET | HPRT0_ENACHG;
475 
476     dwc2_raise_global_irq(s, GINTSTS_PRTINT);
477 }
478 
479 static void dwc2_child_detach(USBPort *port, USBDevice *child)
480 {
481     trace_usb_dwc2_child_detach(port, child);
482     assert(port->index == 0);
483 }
484 
485 static void dwc2_wakeup(USBPort *port)
486 {
487     DWC2State *s = port->opaque;
488 
489     trace_usb_dwc2_wakeup(port);
490     assert(port->index == 0);
491 
492     if (s->hprt0 & HPRT0_SUSP) {
493         s->hprt0 |= HPRT0_RES;
494         dwc2_raise_global_irq(s, GINTSTS_PRTINT);
495     }
496 
497     qemu_bh_schedule(s->async_bh);
498 }
499 
500 static void dwc2_async_packet_complete(USBPort *port, USBPacket *packet)
501 {
502     DWC2State *s = port->opaque;
503     DWC2Packet *p;
504     USBDevice *dev;
505     USBEndpoint *ep;
506 
507     assert(port->index == 0);
508     p = container_of(packet, DWC2Packet, packet);
509     dev = dwc2_find_device(s, p->devadr);
510     ep = usb_ep_get(dev, p->pid, p->epnum);
511     trace_usb_dwc2_async_packet_complete(port, packet, p->index >> 3, dev,
512                                          p->epnum, dirs[p->epdir], p->len);
513     assert(p->async == DWC2_ASYNC_INFLIGHT);
514 
515     if (packet->status == USB_RET_REMOVE_FROM_QUEUE) {
516         usb_cancel_packet(packet);
517         usb_packet_cleanup(packet);
518         return;
519     }
520 
521     dwc2_handle_packet(s, p->devadr, dev, ep, p->index, false);
522 
523     p->async = DWC2_ASYNC_FINISHED;
524     qemu_bh_schedule(s->async_bh);
525 }
526 
527 static USBPortOps dwc2_port_ops = {
528     .attach = dwc2_attach,
529     .detach = dwc2_detach,
530     .child_detach = dwc2_child_detach,
531     .wakeup = dwc2_wakeup,
532     .complete = dwc2_async_packet_complete,
533 };
534 
535 static uint32_t dwc2_get_frame_remaining(DWC2State *s)
536 {
537     uint32_t fr = 0;
538     int64_t tks;
539 
540     tks = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) - s->sof_time;
541     if (tks < 0) {
542         tks = 0;
543     }
544 
545     /* avoid muldiv if possible */
546     if (tks >= s->usb_frame_time) {
547         goto out;
548     }
549     if (tks < s->usb_bit_time) {
550         fr = s->fi;
551         goto out;
552     }
553 
554     /* tks = number of ns since SOF, divided by 83 (fs) or 10 (hs) */
555     tks = tks / s->usb_bit_time;
556     if (tks >= (int64_t)s->fi) {
557         goto out;
558     }
559 
560     /* remaining = frame interval minus tks */
561     fr = (uint32_t)((int64_t)s->fi - tks);
562 
563 out:
564     return fr;
565 }
566 
567 static void dwc2_work_bh(void *opaque)
568 {
569     DWC2State *s = opaque;
570     DWC2Packet *p;
571     USBDevice *dev;
572     USBEndpoint *ep;
573     int64_t t_now, expire_time;
574     int chan;
575     bool found = false;
576 
577     trace_usb_dwc2_work_bh();
578     if (s->working) {
579         return;
580     }
581     s->working = true;
582 
583     t_now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
584     chan = s->next_chan;
585 
586     do {
587         p = &s->packet[chan];
588         if (p->needs_service) {
589             dev = dwc2_find_device(s, p->devadr);
590             ep = usb_ep_get(dev, p->pid, p->epnum);
591             trace_usb_dwc2_work_bh_service(s->next_chan, chan, dev, p->epnum);
592             dwc2_handle_packet(s, p->devadr, dev, ep, p->index, true);
593             found = true;
594         }
595         if (++chan == DWC2_NB_CHAN) {
596             chan = 0;
597         }
598         if (found) {
599             s->next_chan = chan;
600             trace_usb_dwc2_work_bh_next(chan);
601         }
602     } while (chan != s->next_chan);
603 
604     if (found) {
605         expire_time = t_now + NANOSECONDS_PER_SECOND / 4000;
606         timer_mod(s->frame_timer, expire_time);
607     }
608     s->working = false;
609 }
610 
611 static void dwc2_enable_chan(DWC2State *s,  uint32_t index)
612 {
613     USBDevice *dev;
614     USBEndpoint *ep;
615     uint32_t hcchar;
616     uint32_t hctsiz;
617     uint32_t devadr, epnum, epdir, eptype, pid, len;
618     DWC2Packet *p;
619 
620     assert((index >> 3) < DWC2_NB_CHAN);
621     p = &s->packet[index >> 3];
622     hcchar = s->hreg1[index];
623     hctsiz = s->hreg1[index + 4];
624     devadr = get_field(hcchar, HCCHAR_DEVADDR);
625     epnum = get_field(hcchar, HCCHAR_EPNUM);
626     epdir = get_bit(hcchar, HCCHAR_EPDIR);
627     eptype = get_field(hcchar, HCCHAR_EPTYPE);
628     pid = get_field(hctsiz, TSIZ_SC_MC_PID);
629     len = get_field(hctsiz, TSIZ_XFERSIZE);
630 
631     dev = dwc2_find_device(s, devadr);
632 
633     trace_usb_dwc2_enable_chan(index >> 3, dev, &p->packet, epnum);
634     if (dev == NULL) {
635         return;
636     }
637 
638     if (eptype == USB_ENDPOINT_XFER_CONTROL && pid == TSIZ_SC_MC_PID_SETUP) {
639         pid = USB_TOKEN_SETUP;
640     } else {
641         pid = epdir ? USB_TOKEN_IN : USB_TOKEN_OUT;
642     }
643 
644     ep = usb_ep_get(dev, pid, epnum);
645 
646     /*
647      * Hack: Networking doesn't like us delivering large transfers, it kind
648      * of works but the latency is horrible. So if the transfer is <= the mtu
649      * size, we take that as a hint that this might be a network transfer,
650      * and do the transfer packet-by-packet.
651      */
652     if (len > 1536) {
653         p->small = false;
654     } else {
655         p->small = true;
656     }
657 
658     dwc2_handle_packet(s, devadr, dev, ep, index, true);
659     qemu_bh_schedule(s->async_bh);
660 }
661 
662 static const char *glbregnm[] = {
663     "GOTGCTL  ", "GOTGINT  ", "GAHBCFG  ", "GUSBCFG  ", "GRSTCTL  ",
664     "GINTSTS  ", "GINTMSK  ", "GRXSTSR  ", "GRXSTSP  ", "GRXFSIZ  ",
665     "GNPTXFSIZ", "GNPTXSTS ", "GI2CCTL  ", "GPVNDCTL ", "GGPIO    ",
666     "GUID     ", "GSNPSID  ", "GHWCFG1  ", "GHWCFG2  ", "GHWCFG3  ",
667     "GHWCFG4  ", "GLPMCFG  ", "GPWRDN   ", "GDFIFOCFG", "GADPCTL  ",
668     "GREFCLK  ", "GINTMSK2 ", "GINTSTS2 "
669 };
670 
671 static uint64_t dwc2_glbreg_read(void *ptr, hwaddr addr, int index,
672                                  unsigned size)
673 {
674     DWC2State *s = ptr;
675     uint32_t val;
676 
677     if (addr > GINTSTS2) {
678         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
679                       __func__, addr);
680         return 0;
681     }
682 
683     val = s->glbreg[index];
684 
685     switch (addr) {
686     case GRSTCTL:
687         /* clear any self-clearing bits that were set */
688         val &= ~(GRSTCTL_TXFFLSH | GRSTCTL_RXFFLSH | GRSTCTL_IN_TKNQ_FLSH |
689                  GRSTCTL_FRMCNTRRST | GRSTCTL_HSFTRST | GRSTCTL_CSFTRST);
690         s->glbreg[index] = val;
691         break;
692     default:
693         break;
694     }
695 
696     trace_usb_dwc2_glbreg_read(addr, glbregnm[index], val);
697     return val;
698 }
699 
700 static void dwc2_glbreg_write(void *ptr, hwaddr addr, int index, uint64_t val,
701                               unsigned size)
702 {
703     DWC2State *s = ptr;
704     uint64_t orig = val;
705     uint32_t *mmio;
706     uint32_t old;
707     int iflg = 0;
708 
709     if (addr > GINTSTS2) {
710         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
711                       __func__, addr);
712         return;
713     }
714 
715     mmio = &s->glbreg[index];
716     old = *mmio;
717 
718     switch (addr) {
719     case GOTGCTL:
720         /* don't allow setting of read-only bits */
721         val &= ~(GOTGCTL_MULT_VALID_BC_MASK | GOTGCTL_BSESVLD |
722                  GOTGCTL_ASESVLD | GOTGCTL_DBNC_SHORT | GOTGCTL_CONID_B |
723                  GOTGCTL_HSTNEGSCS | GOTGCTL_SESREQSCS);
724         /* don't allow clearing of read-only bits */
725         val |= old & (GOTGCTL_MULT_VALID_BC_MASK | GOTGCTL_BSESVLD |
726                       GOTGCTL_ASESVLD | GOTGCTL_DBNC_SHORT | GOTGCTL_CONID_B |
727                       GOTGCTL_HSTNEGSCS | GOTGCTL_SESREQSCS);
728         break;
729     case GAHBCFG:
730         if ((val & GAHBCFG_GLBL_INTR_EN) && !(old & GAHBCFG_GLBL_INTR_EN)) {
731             iflg = 1;
732         }
733         break;
734     case GRSTCTL:
735         val |= GRSTCTL_AHBIDLE;
736         val &= ~GRSTCTL_DMAREQ;
737         if (!(old & GRSTCTL_TXFFLSH) && (val & GRSTCTL_TXFFLSH)) {
738                 /* TODO - TX fifo flush */
739             qemu_log_mask(LOG_UNIMP, "%s: Tx FIFO flush not implemented\n",
740                           __func__);
741         }
742         if (!(old & GRSTCTL_RXFFLSH) && (val & GRSTCTL_RXFFLSH)) {
743                 /* TODO - RX fifo flush */
744             qemu_log_mask(LOG_UNIMP, "%s: Rx FIFO flush not implemented\n",
745                           __func__);
746         }
747         if (!(old & GRSTCTL_IN_TKNQ_FLSH) && (val & GRSTCTL_IN_TKNQ_FLSH)) {
748                 /* TODO - device IN token queue flush */
749             qemu_log_mask(LOG_UNIMP, "%s: Token queue flush not implemented\n",
750                           __func__);
751         }
752         if (!(old & GRSTCTL_FRMCNTRRST) && (val & GRSTCTL_FRMCNTRRST)) {
753                 /* TODO - host frame counter reset */
754             qemu_log_mask(LOG_UNIMP,
755                           "%s: Frame counter reset not implemented\n",
756                           __func__);
757         }
758         if (!(old & GRSTCTL_HSFTRST) && (val & GRSTCTL_HSFTRST)) {
759                 /* TODO - host soft reset */
760             qemu_log_mask(LOG_UNIMP, "%s: Host soft reset not implemented\n",
761                           __func__);
762         }
763         if (!(old & GRSTCTL_CSFTRST) && (val & GRSTCTL_CSFTRST)) {
764                 /* TODO - core soft reset */
765             qemu_log_mask(LOG_UNIMP, "%s: Core soft reset not implemented\n",
766                           __func__);
767         }
768         /* don't allow clearing of self-clearing bits */
769         val |= old & (GRSTCTL_TXFFLSH | GRSTCTL_RXFFLSH |
770                       GRSTCTL_IN_TKNQ_FLSH | GRSTCTL_FRMCNTRRST |
771                       GRSTCTL_HSFTRST | GRSTCTL_CSFTRST);
772         break;
773     case GINTSTS:
774         /* clear the write-1-to-clear bits */
775         val |= ~old;
776         val = ~val;
777         /* don't allow clearing of read-only bits */
778         val |= old & (GINTSTS_PTXFEMP | GINTSTS_HCHINT | GINTSTS_PRTINT |
779                       GINTSTS_OEPINT | GINTSTS_IEPINT | GINTSTS_GOUTNAKEFF |
780                       GINTSTS_GINNAKEFF | GINTSTS_NPTXFEMP | GINTSTS_RXFLVL |
781                       GINTSTS_OTGINT | GINTSTS_CURMODE_HOST);
782         iflg = 1;
783         break;
784     case GINTMSK:
785         iflg = 1;
786         break;
787     default:
788         break;
789     }
790 
791     trace_usb_dwc2_glbreg_write(addr, glbregnm[index], orig, old, val);
792     *mmio = val;
793 
794     if (iflg) {
795         dwc2_update_irq(s);
796     }
797 }
798 
799 static uint64_t dwc2_fszreg_read(void *ptr, hwaddr addr, int index,
800                                  unsigned size)
801 {
802     DWC2State *s = ptr;
803     uint32_t val;
804 
805     if (addr != HPTXFSIZ) {
806         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
807                       __func__, addr);
808         return 0;
809     }
810 
811     val = s->fszreg[index];
812 
813     trace_usb_dwc2_fszreg_read(addr, val);
814     return val;
815 }
816 
817 static void dwc2_fszreg_write(void *ptr, hwaddr addr, int index, uint64_t val,
818                               unsigned size)
819 {
820     DWC2State *s = ptr;
821     uint64_t orig = val;
822     uint32_t *mmio;
823     uint32_t old;
824 
825     if (addr != HPTXFSIZ) {
826         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
827                       __func__, addr);
828         return;
829     }
830 
831     mmio = &s->fszreg[index];
832     old = *mmio;
833 
834     trace_usb_dwc2_fszreg_write(addr, orig, old, val);
835     *mmio = val;
836 }
837 
838 static const char *hreg0nm[] = {
839     "HCFG     ", "HFIR     ", "HFNUM    ", "<rsvd>   ", "HPTXSTS  ",
840     "HAINT    ", "HAINTMSK ", "HFLBADDR ", "<rsvd>   ", "<rsvd>   ",
841     "<rsvd>   ", "<rsvd>   ", "<rsvd>   ", "<rsvd>   ", "<rsvd>   ",
842     "<rsvd>   ", "HPRT0    "
843 };
844 
845 static uint64_t dwc2_hreg0_read(void *ptr, hwaddr addr, int index,
846                                 unsigned size)
847 {
848     DWC2State *s = ptr;
849     uint32_t val;
850 
851     if (addr < HCFG || addr > HPRT0) {
852         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
853                       __func__, addr);
854         return 0;
855     }
856 
857     val = s->hreg0[index];
858 
859     switch (addr) {
860     case HFNUM:
861         val = (dwc2_get_frame_remaining(s) << HFNUM_FRREM_SHIFT) |
862               (s->hfnum << HFNUM_FRNUM_SHIFT);
863         break;
864     default:
865         break;
866     }
867 
868     trace_usb_dwc2_hreg0_read(addr, hreg0nm[index], val);
869     return val;
870 }
871 
872 static void dwc2_hreg0_write(void *ptr, hwaddr addr, int index, uint64_t val,
873                              unsigned size)
874 {
875     DWC2State *s = ptr;
876     USBDevice *dev = s->uport.dev;
877     uint64_t orig = val;
878     uint32_t *mmio;
879     uint32_t tval, told, old;
880     int prst = 0;
881     int iflg = 0;
882 
883     if (addr < HCFG || addr > HPRT0) {
884         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
885                       __func__, addr);
886         return;
887     }
888 
889     mmio = &s->hreg0[index];
890     old = *mmio;
891 
892     switch (addr) {
893     case HFIR:
894         break;
895     case HFNUM:
896     case HPTXSTS:
897     case HAINT:
898         qemu_log_mask(LOG_GUEST_ERROR, "%s: write to read-only register\n",
899                       __func__);
900         return;
901     case HAINTMSK:
902         val &= 0xffff;
903         break;
904     case HPRT0:
905         /* don't allow clearing of read-only bits */
906         val |= old & (HPRT0_SPD_MASK | HPRT0_LNSTS_MASK | HPRT0_OVRCURRACT |
907                       HPRT0_CONNSTS);
908         /* don't allow clearing of self-clearing bits */
909         val |= old & (HPRT0_SUSP | HPRT0_RES);
910         /* don't allow setting of self-setting bits */
911         if (!(old & HPRT0_ENA) && (val & HPRT0_ENA)) {
912             val &= ~HPRT0_ENA;
913         }
914         /* clear the write-1-to-clear bits */
915         tval = val & (HPRT0_OVRCURRCHG | HPRT0_ENACHG | HPRT0_ENA |
916                       HPRT0_CONNDET);
917         told = old & (HPRT0_OVRCURRCHG | HPRT0_ENACHG | HPRT0_ENA |
918                       HPRT0_CONNDET);
919         tval |= ~told;
920         tval = ~tval;
921         tval &= (HPRT0_OVRCURRCHG | HPRT0_ENACHG | HPRT0_ENA |
922                  HPRT0_CONNDET);
923         val &= ~(HPRT0_OVRCURRCHG | HPRT0_ENACHG | HPRT0_ENA |
924                  HPRT0_CONNDET);
925         val |= tval;
926         if (!(val & HPRT0_RST) && (old & HPRT0_RST)) {
927             if (dev && dev->attached) {
928                 val |= HPRT0_ENA | HPRT0_ENACHG;
929                 prst = 1;
930             }
931         }
932         if (val & (HPRT0_OVRCURRCHG | HPRT0_ENACHG | HPRT0_CONNDET)) {
933             iflg = 1;
934         } else {
935             iflg = -1;
936         }
937         break;
938     default:
939         break;
940     }
941 
942     if (prst) {
943         trace_usb_dwc2_hreg0_write(addr, hreg0nm[index], orig, old,
944                                    val & ~HPRT0_CONNDET);
945         trace_usb_dwc2_hreg0_action("call usb_port_reset");
946         usb_port_reset(&s->uport);
947         val &= ~HPRT0_CONNDET;
948     } else {
949         trace_usb_dwc2_hreg0_write(addr, hreg0nm[index], orig, old, val);
950     }
951 
952     *mmio = val;
953 
954     if (iflg > 0) {
955         trace_usb_dwc2_hreg0_action("enable PRTINT");
956         dwc2_raise_global_irq(s, GINTSTS_PRTINT);
957     } else if (iflg < 0) {
958         trace_usb_dwc2_hreg0_action("disable PRTINT");
959         dwc2_lower_global_irq(s, GINTSTS_PRTINT);
960     }
961 }
962 
963 static const char *hreg1nm[] = {
964     "HCCHAR  ", "HCSPLT  ", "HCINT   ", "HCINTMSK", "HCTSIZ  ", "HCDMA   ",
965     "<rsvd>  ", "HCDMAB  "
966 };
967 
968 static uint64_t dwc2_hreg1_read(void *ptr, hwaddr addr, int index,
969                                 unsigned size)
970 {
971     DWC2State *s = ptr;
972     uint32_t val;
973 
974     if (addr < HCCHAR(0) || addr > HCDMAB(DWC2_NB_CHAN - 1)) {
975         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
976                       __func__, addr);
977         return 0;
978     }
979 
980     val = s->hreg1[index];
981 
982     trace_usb_dwc2_hreg1_read(addr, hreg1nm[index & 7], addr >> 5, val);
983     return val;
984 }
985 
986 static void dwc2_hreg1_write(void *ptr, hwaddr addr, int index, uint64_t val,
987                              unsigned size)
988 {
989     DWC2State *s = ptr;
990     uint64_t orig = val;
991     uint32_t *mmio;
992     uint32_t old;
993     int iflg = 0;
994     int enflg = 0;
995     int disflg = 0;
996 
997     if (addr < HCCHAR(0) || addr > HCDMAB(DWC2_NB_CHAN - 1)) {
998         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
999                       __func__, addr);
1000         return;
1001     }
1002 
1003     mmio = &s->hreg1[index];
1004     old = *mmio;
1005 
1006     switch (HSOTG_REG(0x500) + (addr & 0x1c)) {
1007     case HCCHAR(0):
1008         if ((val & HCCHAR_CHDIS) && !(old & HCCHAR_CHDIS)) {
1009             val &= ~(HCCHAR_CHENA | HCCHAR_CHDIS);
1010             disflg = 1;
1011         } else {
1012             val |= old & HCCHAR_CHDIS;
1013             if ((val & HCCHAR_CHENA) && !(old & HCCHAR_CHENA)) {
1014                 val &= ~HCCHAR_CHDIS;
1015                 enflg = 1;
1016             } else {
1017                 val |= old & HCCHAR_CHENA;
1018             }
1019         }
1020         break;
1021     case HCINT(0):
1022         /* clear the write-1-to-clear bits */
1023         val |= ~old;
1024         val = ~val;
1025         val &= ~HCINTMSK_RESERVED14_31;
1026         iflg = 1;
1027         break;
1028     case HCINTMSK(0):
1029         val &= ~HCINTMSK_RESERVED14_31;
1030         iflg = 1;
1031         break;
1032     case HCDMAB(0):
1033         qemu_log_mask(LOG_GUEST_ERROR, "%s: write to read-only register\n",
1034                       __func__);
1035         return;
1036     default:
1037         break;
1038     }
1039 
1040     trace_usb_dwc2_hreg1_write(addr, hreg1nm[index & 7], index >> 3, orig,
1041                                old, val);
1042     *mmio = val;
1043 
1044     if (disflg) {
1045         /* set ChHltd in HCINT */
1046         s->hreg1[(index & ~7) + 2] |= HCINTMSK_CHHLTD;
1047         iflg = 1;
1048     }
1049 
1050     if (enflg) {
1051         dwc2_enable_chan(s, index & ~7);
1052     }
1053 
1054     if (iflg) {
1055         dwc2_update_hc_irq(s, index & ~7);
1056     }
1057 }
1058 
1059 static const char *pcgregnm[] = {
1060         "PCGCTL   ", "PCGCCTL1 "
1061 };
1062 
1063 static uint64_t dwc2_pcgreg_read(void *ptr, hwaddr addr, int index,
1064                                  unsigned size)
1065 {
1066     DWC2State *s = ptr;
1067     uint32_t val;
1068 
1069     if (addr < PCGCTL || addr > PCGCCTL1) {
1070         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
1071                       __func__, addr);
1072         return 0;
1073     }
1074 
1075     val = s->pcgreg[index];
1076 
1077     trace_usb_dwc2_pcgreg_read(addr, pcgregnm[index], val);
1078     return val;
1079 }
1080 
1081 static void dwc2_pcgreg_write(void *ptr, hwaddr addr, int index,
1082                               uint64_t val, unsigned size)
1083 {
1084     DWC2State *s = ptr;
1085     uint64_t orig = val;
1086     uint32_t *mmio;
1087     uint32_t old;
1088 
1089     if (addr < PCGCTL || addr > PCGCCTL1) {
1090         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
1091                       __func__, addr);
1092         return;
1093     }
1094 
1095     mmio = &s->pcgreg[index];
1096     old = *mmio;
1097 
1098     trace_usb_dwc2_pcgreg_write(addr, pcgregnm[index], orig, old, val);
1099     *mmio = val;
1100 }
1101 
1102 static uint64_t dwc2_hsotg_read(void *ptr, hwaddr addr, unsigned size)
1103 {
1104     uint64_t val;
1105 
1106     switch (addr) {
1107     case HSOTG_REG(0x000) ... HSOTG_REG(0x0fc):
1108         val = dwc2_glbreg_read(ptr, addr, (addr - HSOTG_REG(0x000)) >> 2, size);
1109         break;
1110     case HSOTG_REG(0x100):
1111         val = dwc2_fszreg_read(ptr, addr, (addr - HSOTG_REG(0x100)) >> 2, size);
1112         break;
1113     case HSOTG_REG(0x104) ... HSOTG_REG(0x3fc):
1114         /* Gadget-mode registers, just return 0 for now */
1115         val = 0;
1116         break;
1117     case HSOTG_REG(0x400) ... HSOTG_REG(0x4fc):
1118         val = dwc2_hreg0_read(ptr, addr, (addr - HSOTG_REG(0x400)) >> 2, size);
1119         break;
1120     case HSOTG_REG(0x500) ... HSOTG_REG(0x7fc):
1121         val = dwc2_hreg1_read(ptr, addr, (addr - HSOTG_REG(0x500)) >> 2, size);
1122         break;
1123     case HSOTG_REG(0x800) ... HSOTG_REG(0xdfc):
1124         /* Gadget-mode registers, just return 0 for now */
1125         val = 0;
1126         break;
1127     case HSOTG_REG(0xe00) ... HSOTG_REG(0xffc):
1128         val = dwc2_pcgreg_read(ptr, addr, (addr - HSOTG_REG(0xe00)) >> 2, size);
1129         break;
1130     default:
1131         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
1132                       __func__, addr);
1133         val = 0;
1134         break;
1135     }
1136 
1137     return val;
1138 }
1139 
1140 static void dwc2_hsotg_write(void *ptr, hwaddr addr, uint64_t val,
1141                              unsigned size)
1142 {
1143     switch (addr) {
1144     case HSOTG_REG(0x000) ... HSOTG_REG(0x0fc):
1145         dwc2_glbreg_write(ptr, addr, (addr - HSOTG_REG(0x000)) >> 2, val, size);
1146         break;
1147     case HSOTG_REG(0x100):
1148         dwc2_fszreg_write(ptr, addr, (addr - HSOTG_REG(0x100)) >> 2, val, size);
1149         break;
1150     case HSOTG_REG(0x104) ... HSOTG_REG(0x3fc):
1151         /* Gadget-mode registers, do nothing for now */
1152         break;
1153     case HSOTG_REG(0x400) ... HSOTG_REG(0x4fc):
1154         dwc2_hreg0_write(ptr, addr, (addr - HSOTG_REG(0x400)) >> 2, val, size);
1155         break;
1156     case HSOTG_REG(0x500) ... HSOTG_REG(0x7fc):
1157         dwc2_hreg1_write(ptr, addr, (addr - HSOTG_REG(0x500)) >> 2, val, size);
1158         break;
1159     case HSOTG_REG(0x800) ... HSOTG_REG(0xdfc):
1160         /* Gadget-mode registers, do nothing for now */
1161         break;
1162     case HSOTG_REG(0xe00) ... HSOTG_REG(0xffc):
1163         dwc2_pcgreg_write(ptr, addr, (addr - HSOTG_REG(0xe00)) >> 2, val, size);
1164         break;
1165     default:
1166         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad offset 0x%"HWADDR_PRIx"\n",
1167                       __func__, addr);
1168         break;
1169     }
1170 }
1171 
1172 static const MemoryRegionOps dwc2_mmio_hsotg_ops = {
1173     .read = dwc2_hsotg_read,
1174     .write = dwc2_hsotg_write,
1175     .impl.min_access_size = 4,
1176     .impl.max_access_size = 4,
1177     .endianness = DEVICE_LITTLE_ENDIAN,
1178 };
1179 
1180 static uint64_t dwc2_hreg2_read(void *ptr, hwaddr addr, unsigned size)
1181 {
1182     /* TODO - implement FIFOs to support slave mode */
1183     trace_usb_dwc2_hreg2_read(addr, addr >> 12, 0);
1184     qemu_log_mask(LOG_UNIMP, "%s: FIFO read not implemented\n", __func__);
1185     return 0;
1186 }
1187 
1188 static void dwc2_hreg2_write(void *ptr, hwaddr addr, uint64_t val,
1189                              unsigned size)
1190 {
1191     uint64_t orig = val;
1192 
1193     /* TODO - implement FIFOs to support slave mode */
1194     trace_usb_dwc2_hreg2_write(addr, addr >> 12, orig, 0, val);
1195     qemu_log_mask(LOG_UNIMP, "%s: FIFO write not implemented\n", __func__);
1196 }
1197 
1198 static const MemoryRegionOps dwc2_mmio_hreg2_ops = {
1199     .read = dwc2_hreg2_read,
1200     .write = dwc2_hreg2_write,
1201     .impl.min_access_size = 4,
1202     .impl.max_access_size = 4,
1203     .endianness = DEVICE_LITTLE_ENDIAN,
1204 };
1205 
1206 static void dwc2_wakeup_endpoint(USBBus *bus, USBEndpoint *ep,
1207                                  unsigned int stream)
1208 {
1209     DWC2State *s = container_of(bus, DWC2State, bus);
1210 
1211     trace_usb_dwc2_wakeup_endpoint(ep, stream);
1212 
1213     /* TODO - do something here? */
1214     qemu_bh_schedule(s->async_bh);
1215 }
1216 
1217 static USBBusOps dwc2_bus_ops = {
1218     .wakeup_endpoint = dwc2_wakeup_endpoint,
1219 };
1220 
1221 static void dwc2_work_timer(void *opaque)
1222 {
1223     DWC2State *s = opaque;
1224 
1225     trace_usb_dwc2_work_timer();
1226     qemu_bh_schedule(s->async_bh);
1227 }
1228 
1229 static void dwc2_reset_enter(Object *obj, ResetType type)
1230 {
1231     DWC2Class *c = DWC2_USB_GET_CLASS(obj);
1232     DWC2State *s = DWC2_USB(obj);
1233     int i;
1234 
1235     trace_usb_dwc2_reset_enter();
1236 
1237     if (c->parent_phases.enter) {
1238         c->parent_phases.enter(obj, type);
1239     }
1240 
1241     timer_del(s->frame_timer);
1242     qemu_bh_cancel(s->async_bh);
1243 
1244     if (s->uport.dev && s->uport.dev->attached) {
1245         usb_detach(&s->uport);
1246     }
1247 
1248     dwc2_bus_stop(s);
1249 
1250     s->gotgctl = GOTGCTL_BSESVLD | GOTGCTL_ASESVLD | GOTGCTL_CONID_B;
1251     s->gotgint = 0;
1252     s->gahbcfg = 0;
1253     s->gusbcfg = 5 << GUSBCFG_USBTRDTIM_SHIFT;
1254     s->grstctl = GRSTCTL_AHBIDLE;
1255     s->gintsts = GINTSTS_CONIDSTSCHNG | GINTSTS_PTXFEMP | GINTSTS_NPTXFEMP |
1256                  GINTSTS_CURMODE_HOST;
1257     s->gintmsk = 0;
1258     s->grxstsr = 0;
1259     s->grxstsp = 0;
1260     s->grxfsiz = 1024;
1261     s->gnptxfsiz = 1024 << FIFOSIZE_DEPTH_SHIFT;
1262     s->gnptxsts = (4 << FIFOSIZE_DEPTH_SHIFT) | 1024;
1263     s->gi2cctl = GI2CCTL_I2CDATSE0 | GI2CCTL_ACK;
1264     s->gpvndctl = 0;
1265     s->ggpio = 0;
1266     s->guid = 0;
1267     s->gsnpsid = 0x4f54294a;
1268     s->ghwcfg1 = 0;
1269     s->ghwcfg2 = (8 << GHWCFG2_DEV_TOKEN_Q_DEPTH_SHIFT) |
1270                  (4 << GHWCFG2_HOST_PERIO_TX_Q_DEPTH_SHIFT) |
1271                  (4 << GHWCFG2_NONPERIO_TX_Q_DEPTH_SHIFT) |
1272                  GHWCFG2_DYNAMIC_FIFO |
1273                  GHWCFG2_PERIO_EP_SUPPORTED |
1274                  ((DWC2_NB_CHAN - 1) << GHWCFG2_NUM_HOST_CHAN_SHIFT) |
1275                  (GHWCFG2_INT_DMA_ARCH << GHWCFG2_ARCHITECTURE_SHIFT) |
1276                  (GHWCFG2_OP_MODE_NO_SRP_CAPABLE_HOST << GHWCFG2_OP_MODE_SHIFT);
1277     s->ghwcfg3 = (4096 << GHWCFG3_DFIFO_DEPTH_SHIFT) |
1278                  (4 << GHWCFG3_PACKET_SIZE_CNTR_WIDTH_SHIFT) |
1279                  (4 << GHWCFG3_XFER_SIZE_CNTR_WIDTH_SHIFT);
1280     s->ghwcfg4 = 0;
1281     s->glpmcfg = 0;
1282     s->gpwrdn = GPWRDN_PWRDNRSTN;
1283     s->gdfifocfg = 0;
1284     s->gadpctl = 0;
1285     s->grefclk = 0;
1286     s->gintmsk2 = 0;
1287     s->gintsts2 = 0;
1288 
1289     s->hptxfsiz = 500 << FIFOSIZE_DEPTH_SHIFT;
1290 
1291     s->hcfg = 2 << HCFG_RESVALID_SHIFT;
1292     s->hfir = 60000;
1293     s->hfnum = 0x3fff;
1294     s->hptxsts = (16 << TXSTS_QSPCAVAIL_SHIFT) | 32768;
1295     s->haint = 0;
1296     s->haintmsk = 0;
1297     s->hprt0 = 0;
1298 
1299     memset(s->hreg1, 0, sizeof(s->hreg1));
1300     memset(s->pcgreg, 0, sizeof(s->pcgreg));
1301 
1302     s->sof_time = 0;
1303     s->frame_number = 0;
1304     s->fi = USB_FRMINTVL - 1;
1305     s->next_chan = 0;
1306     s->working = false;
1307 
1308     for (i = 0; i < DWC2_NB_CHAN; i++) {
1309         s->packet[i].needs_service = false;
1310     }
1311 }
1312 
1313 static void dwc2_reset_hold(Object *obj, ResetType type)
1314 {
1315     DWC2Class *c = DWC2_USB_GET_CLASS(obj);
1316     DWC2State *s = DWC2_USB(obj);
1317 
1318     trace_usb_dwc2_reset_hold();
1319 
1320     if (c->parent_phases.hold) {
1321         c->parent_phases.hold(obj, type);
1322     }
1323 
1324     dwc2_update_irq(s);
1325 }
1326 
1327 static void dwc2_reset_exit(Object *obj, ResetType type)
1328 {
1329     DWC2Class *c = DWC2_USB_GET_CLASS(obj);
1330     DWC2State *s = DWC2_USB(obj);
1331 
1332     trace_usb_dwc2_reset_exit();
1333 
1334     if (c->parent_phases.exit) {
1335         c->parent_phases.exit(obj, type);
1336     }
1337 
1338     s->hprt0 = HPRT0_PWR;
1339     if (s->uport.dev && s->uport.dev->attached) {
1340         usb_attach(&s->uport);
1341         usb_device_reset(s->uport.dev);
1342     }
1343 }
1344 
1345 static void dwc2_realize(DeviceState *dev, Error **errp)
1346 {
1347     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1348     DWC2State *s = DWC2_USB(dev);
1349     Object *obj;
1350 
1351     obj = object_property_get_link(OBJECT(dev), "dma-mr", &error_abort);
1352 
1353     s->dma_mr = MEMORY_REGION(obj);
1354     address_space_init(&s->dma_as, s->dma_mr, "dwc2");
1355 
1356     usb_bus_new(&s->bus, sizeof(s->bus), &dwc2_bus_ops, dev);
1357     usb_register_port(&s->bus, &s->uport, s, 0, &dwc2_port_ops,
1358                       USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL |
1359                       (s->usb_version == 2 ? USB_SPEED_MASK_HIGH : 0));
1360     s->uport.dev = 0;
1361 
1362     s->usb_frame_time = NANOSECONDS_PER_SECOND / 1000;          /* 1000000 */
1363     if (NANOSECONDS_PER_SECOND >= USB_HZ_FS) {
1364         s->usb_bit_time = NANOSECONDS_PER_SECOND / USB_HZ_FS;   /* 83.3 */
1365     } else {
1366         s->usb_bit_time = 1;
1367     }
1368 
1369     s->fi = USB_FRMINTVL - 1;
1370     s->eof_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, dwc2_frame_boundary, s);
1371     s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, dwc2_work_timer, s);
1372     s->async_bh = qemu_bh_new_guarded(dwc2_work_bh, s,
1373                                       &dev->mem_reentrancy_guard);
1374 
1375     sysbus_init_irq(sbd, &s->irq);
1376 }
1377 
1378 static void dwc2_init(Object *obj)
1379 {
1380     SysBusDevice *sbd = SYS_BUS_DEVICE(obj);
1381     DWC2State *s = DWC2_USB(obj);
1382 
1383     memory_region_init(&s->container, obj, "dwc2", DWC2_MMIO_SIZE);
1384     sysbus_init_mmio(sbd, &s->container);
1385 
1386     memory_region_init_io(&s->hsotg, obj, &dwc2_mmio_hsotg_ops, s,
1387                           "dwc2-io", 4 * KiB);
1388     memory_region_add_subregion(&s->container, 0x0000, &s->hsotg);
1389 
1390     memory_region_init_io(&s->fifos, obj, &dwc2_mmio_hreg2_ops, s,
1391                           "dwc2-fifo", 64 * KiB);
1392     memory_region_add_subregion(&s->container, 0x1000, &s->fifos);
1393 }
1394 
1395 static const VMStateDescription vmstate_dwc2_state_packet = {
1396     .name = "dwc2/packet",
1397     .version_id = 1,
1398     .minimum_version_id = 1,
1399     .fields = (const VMStateField[]) {
1400         VMSTATE_UINT32(devadr, DWC2Packet),
1401         VMSTATE_UINT32(epnum, DWC2Packet),
1402         VMSTATE_UINT32(epdir, DWC2Packet),
1403         VMSTATE_UINT32(mps, DWC2Packet),
1404         VMSTATE_UINT32(pid, DWC2Packet),
1405         VMSTATE_UINT32(index, DWC2Packet),
1406         VMSTATE_UINT32(pcnt, DWC2Packet),
1407         VMSTATE_UINT32(len, DWC2Packet),
1408         VMSTATE_INT32(async, DWC2Packet),
1409         VMSTATE_BOOL(small, DWC2Packet),
1410         VMSTATE_BOOL(needs_service, DWC2Packet),
1411         VMSTATE_END_OF_LIST()
1412     },
1413 };
1414 
1415 const VMStateDescription vmstate_dwc2_state = {
1416     .name = "dwc2",
1417     .version_id = 1,
1418     .minimum_version_id = 1,
1419     .fields = (const VMStateField[]) {
1420         VMSTATE_UINT32_ARRAY(glbreg, DWC2State,
1421                              DWC2_GLBREG_SIZE / sizeof(uint32_t)),
1422         VMSTATE_UINT32_ARRAY(fszreg, DWC2State,
1423                              DWC2_FSZREG_SIZE / sizeof(uint32_t)),
1424         VMSTATE_UINT32_ARRAY(hreg0, DWC2State,
1425                              DWC2_HREG0_SIZE / sizeof(uint32_t)),
1426         VMSTATE_UINT32_ARRAY(hreg1, DWC2State,
1427                              DWC2_HREG1_SIZE / sizeof(uint32_t)),
1428         VMSTATE_UINT32_ARRAY(pcgreg, DWC2State,
1429                              DWC2_PCGREG_SIZE / sizeof(uint32_t)),
1430 
1431         VMSTATE_TIMER_PTR(eof_timer, DWC2State),
1432         VMSTATE_TIMER_PTR(frame_timer, DWC2State),
1433         VMSTATE_INT64(sof_time, DWC2State),
1434         VMSTATE_INT64(usb_frame_time, DWC2State),
1435         VMSTATE_INT64(usb_bit_time, DWC2State),
1436         VMSTATE_UINT32(usb_version, DWC2State),
1437         VMSTATE_UINT16(frame_number, DWC2State),
1438         VMSTATE_UINT16(fi, DWC2State),
1439         VMSTATE_UINT16(next_chan, DWC2State),
1440         VMSTATE_BOOL(working, DWC2State),
1441 
1442         VMSTATE_STRUCT_ARRAY(packet, DWC2State, DWC2_NB_CHAN, 1,
1443                              vmstate_dwc2_state_packet, DWC2Packet),
1444         VMSTATE_UINT8_2DARRAY(usb_buf, DWC2State, DWC2_NB_CHAN,
1445                               DWC2_MAX_XFER_SIZE),
1446 
1447         VMSTATE_END_OF_LIST()
1448     }
1449 };
1450 
1451 static Property dwc2_usb_properties[] = {
1452     DEFINE_PROP_UINT32("usb_version", DWC2State, usb_version, 2),
1453     DEFINE_PROP_END_OF_LIST(),
1454 };
1455 
1456 static void dwc2_class_init(ObjectClass *klass, void *data)
1457 {
1458     DeviceClass *dc = DEVICE_CLASS(klass);
1459     DWC2Class *c = DWC2_USB_CLASS(klass);
1460     ResettableClass *rc = RESETTABLE_CLASS(klass);
1461 
1462     dc->realize = dwc2_realize;
1463     dc->vmsd = &vmstate_dwc2_state;
1464     set_bit(DEVICE_CATEGORY_USB, dc->categories);
1465     device_class_set_props(dc, dwc2_usb_properties);
1466     resettable_class_set_parent_phases(rc, dwc2_reset_enter, dwc2_reset_hold,
1467                                        dwc2_reset_exit, &c->parent_phases);
1468 }
1469 
1470 static const TypeInfo dwc2_usb_type_info = {
1471     .name          = TYPE_DWC2_USB,
1472     .parent        = TYPE_SYS_BUS_DEVICE,
1473     .instance_size = sizeof(DWC2State),
1474     .instance_init = dwc2_init,
1475     .class_size    = sizeof(DWC2Class),
1476     .class_init    = dwc2_class_init,
1477 };
1478 
1479 static void dwc2_usb_register_types(void)
1480 {
1481     type_register_static(&dwc2_usb_type_info);
1482 }
1483 
1484 type_init(dwc2_usb_register_types)
1485