1 /* 2 * QEMU USB EHCI Emulation 3 * 4 * Copyright(c) 2008 Emutex Ltd. (address@hidden) 5 * 6 * EHCI project was started by Mark Burkley, with contributions by 7 * Niels de Vos. David S. Ahern continued working on it. Kevin Wolf, 8 * Jan Kiszka and Vincent Palatin contributed bugfixes. 9 * 10 * 11 * This library is free software; you can redistribute it and/or 12 * modify it under the terms of the GNU Lesser General Public 13 * License as published by the Free Software Foundation; either 14 * version 2 of the License, or(at your option) any later version. 15 * 16 * This library is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 * Lesser General Public License for more details. 20 * 21 * You should have received a copy of the GNU General Public License 22 * along with this program; if not, see <http://www.gnu.org/licenses/>. 23 */ 24 25 #include "hw/hw.h" 26 #include "qemu-timer.h" 27 #include "hw/usb.h" 28 #include "hw/pci.h" 29 #include "monitor.h" 30 #include "trace.h" 31 #include "dma.h" 32 33 #define EHCI_DEBUG 0 34 35 #if EHCI_DEBUG 36 #define DPRINTF printf 37 #else 38 #define DPRINTF(...) 39 #endif 40 41 /* internal processing - reset HC to try and recover */ 42 #define USB_RET_PROCERR (-99) 43 44 #define MMIO_SIZE 0x1000 45 46 /* Capability Registers Base Address - section 2.2 */ 47 #define CAPREGBASE 0x0000 48 #define CAPLENGTH CAPREGBASE + 0x0000 // 1-byte, 0x0001 reserved 49 #define HCIVERSION CAPREGBASE + 0x0002 // 2-bytes, i/f version # 50 #define HCSPARAMS CAPREGBASE + 0x0004 // 4-bytes, structural params 51 #define HCCPARAMS CAPREGBASE + 0x0008 // 4-bytes, capability params 52 #define EECP HCCPARAMS + 1 53 #define HCSPPORTROUTE1 CAPREGBASE + 0x000c 54 #define HCSPPORTROUTE2 CAPREGBASE + 0x0010 55 56 #define OPREGBASE 0x0020 // Operational Registers Base Address 57 58 #define USBCMD OPREGBASE + 0x0000 59 #define USBCMD_RUNSTOP (1 << 0) // run / Stop 60 #define USBCMD_HCRESET (1 << 1) // HC Reset 61 #define USBCMD_FLS (3 << 2) // Frame List Size 62 #define USBCMD_FLS_SH 2 // Frame List Size Shift 63 #define USBCMD_PSE (1 << 4) // Periodic Schedule Enable 64 #define USBCMD_ASE (1 << 5) // Asynch Schedule Enable 65 #define USBCMD_IAAD (1 << 6) // Int Asynch Advance Doorbell 66 #define USBCMD_LHCR (1 << 7) // Light Host Controller Reset 67 #define USBCMD_ASPMC (3 << 8) // Async Sched Park Mode Count 68 #define USBCMD_ASPME (1 << 11) // Async Sched Park Mode Enable 69 #define USBCMD_ITC (0x7f << 16) // Int Threshold Control 70 #define USBCMD_ITC_SH 16 // Int Threshold Control Shift 71 72 #define USBSTS OPREGBASE + 0x0004 73 #define USBSTS_RO_MASK 0x0000003f 74 #define USBSTS_INT (1 << 0) // USB Interrupt 75 #define USBSTS_ERRINT (1 << 1) // Error Interrupt 76 #define USBSTS_PCD (1 << 2) // Port Change Detect 77 #define USBSTS_FLR (1 << 3) // Frame List Rollover 78 #define USBSTS_HSE (1 << 4) // Host System Error 79 #define USBSTS_IAA (1 << 5) // Interrupt on Async Advance 80 #define USBSTS_HALT (1 << 12) // HC Halted 81 #define USBSTS_REC (1 << 13) // Reclamation 82 #define USBSTS_PSS (1 << 14) // Periodic Schedule Status 83 #define USBSTS_ASS (1 << 15) // Asynchronous Schedule Status 84 85 /* 86 * Interrupt enable bits correspond to the interrupt active bits in USBSTS 87 * so no need to redefine here. 88 */ 89 #define USBINTR OPREGBASE + 0x0008 90 #define USBINTR_MASK 0x0000003f 91 92 #define FRINDEX OPREGBASE + 0x000c 93 #define CTRLDSSEGMENT OPREGBASE + 0x0010 94 #define PERIODICLISTBASE OPREGBASE + 0x0014 95 #define ASYNCLISTADDR OPREGBASE + 0x0018 96 #define ASYNCLISTADDR_MASK 0xffffffe0 97 98 #define CONFIGFLAG OPREGBASE + 0x0040 99 100 #define PORTSC (OPREGBASE + 0x0044) 101 #define PORTSC_BEGIN PORTSC 102 #define PORTSC_END (PORTSC + 4 * NB_PORTS) 103 /* 104 * Bits that are reserved or are read-only are masked out of values 105 * written to us by software 106 */ 107 #define PORTSC_RO_MASK 0x007001c0 108 #define PORTSC_RWC_MASK 0x0000002a 109 #define PORTSC_WKOC_E (1 << 22) // Wake on Over Current Enable 110 #define PORTSC_WKDS_E (1 << 21) // Wake on Disconnect Enable 111 #define PORTSC_WKCN_E (1 << 20) // Wake on Connect Enable 112 #define PORTSC_PTC (15 << 16) // Port Test Control 113 #define PORTSC_PTC_SH 16 // Port Test Control shift 114 #define PORTSC_PIC (3 << 14) // Port Indicator Control 115 #define PORTSC_PIC_SH 14 // Port Indicator Control Shift 116 #define PORTSC_POWNER (1 << 13) // Port Owner 117 #define PORTSC_PPOWER (1 << 12) // Port Power 118 #define PORTSC_LINESTAT (3 << 10) // Port Line Status 119 #define PORTSC_LINESTAT_SH 10 // Port Line Status Shift 120 #define PORTSC_PRESET (1 << 8) // Port Reset 121 #define PORTSC_SUSPEND (1 << 7) // Port Suspend 122 #define PORTSC_FPRES (1 << 6) // Force Port Resume 123 #define PORTSC_OCC (1 << 5) // Over Current Change 124 #define PORTSC_OCA (1 << 4) // Over Current Active 125 #define PORTSC_PEDC (1 << 3) // Port Enable/Disable Change 126 #define PORTSC_PED (1 << 2) // Port Enable/Disable 127 #define PORTSC_CSC (1 << 1) // Connect Status Change 128 #define PORTSC_CONNECT (1 << 0) // Current Connect Status 129 130 #define FRAME_TIMER_FREQ 1000 131 #define FRAME_TIMER_NS (1000000000 / FRAME_TIMER_FREQ) 132 133 #define NB_MAXINTRATE 8 // Max rate at which controller issues ints 134 #define NB_PORTS 6 // Number of downstream ports 135 #define BUFF_SIZE 5*4096 // Max bytes to transfer per transaction 136 #define MAX_ITERATIONS 20 // Max number of QH before we break the loop 137 #define MAX_QH 100 // Max allowable queue heads in a chain 138 139 /* Internal periodic / asynchronous schedule state machine states 140 */ 141 typedef enum { 142 EST_INACTIVE = 1000, 143 EST_ACTIVE, 144 EST_EXECUTING, 145 EST_SLEEPING, 146 /* The following states are internal to the state machine function 147 */ 148 EST_WAITLISTHEAD, 149 EST_FETCHENTRY, 150 EST_FETCHQH, 151 EST_FETCHITD, 152 EST_FETCHSITD, 153 EST_ADVANCEQUEUE, 154 EST_FETCHQTD, 155 EST_EXECUTE, 156 EST_WRITEBACK, 157 EST_HORIZONTALQH 158 } EHCI_STATES; 159 160 /* macros for accessing fields within next link pointer entry */ 161 #define NLPTR_GET(x) ((x) & 0xffffffe0) 162 #define NLPTR_TYPE_GET(x) (((x) >> 1) & 3) 163 #define NLPTR_TBIT(x) ((x) & 1) // 1=invalid, 0=valid 164 165 /* link pointer types */ 166 #define NLPTR_TYPE_ITD 0 // isoc xfer descriptor 167 #define NLPTR_TYPE_QH 1 // queue head 168 #define NLPTR_TYPE_STITD 2 // split xaction, isoc xfer descriptor 169 #define NLPTR_TYPE_FSTN 3 // frame span traversal node 170 171 172 /* EHCI spec version 1.0 Section 3.3 173 */ 174 typedef struct EHCIitd { 175 uint32_t next; 176 177 uint32_t transact[8]; 178 #define ITD_XACT_ACTIVE (1 << 31) 179 #define ITD_XACT_DBERROR (1 << 30) 180 #define ITD_XACT_BABBLE (1 << 29) 181 #define ITD_XACT_XACTERR (1 << 28) 182 #define ITD_XACT_LENGTH_MASK 0x0fff0000 183 #define ITD_XACT_LENGTH_SH 16 184 #define ITD_XACT_IOC (1 << 15) 185 #define ITD_XACT_PGSEL_MASK 0x00007000 186 #define ITD_XACT_PGSEL_SH 12 187 #define ITD_XACT_OFFSET_MASK 0x00000fff 188 189 uint32_t bufptr[7]; 190 #define ITD_BUFPTR_MASK 0xfffff000 191 #define ITD_BUFPTR_SH 12 192 #define ITD_BUFPTR_EP_MASK 0x00000f00 193 #define ITD_BUFPTR_EP_SH 8 194 #define ITD_BUFPTR_DEVADDR_MASK 0x0000007f 195 #define ITD_BUFPTR_DEVADDR_SH 0 196 #define ITD_BUFPTR_DIRECTION (1 << 11) 197 #define ITD_BUFPTR_MAXPKT_MASK 0x000007ff 198 #define ITD_BUFPTR_MAXPKT_SH 0 199 #define ITD_BUFPTR_MULT_MASK 0x00000003 200 #define ITD_BUFPTR_MULT_SH 0 201 } EHCIitd; 202 203 /* EHCI spec version 1.0 Section 3.4 204 */ 205 typedef struct EHCIsitd { 206 uint32_t next; // Standard next link pointer 207 uint32_t epchar; 208 #define SITD_EPCHAR_IO (1 << 31) 209 #define SITD_EPCHAR_PORTNUM_MASK 0x7f000000 210 #define SITD_EPCHAR_PORTNUM_SH 24 211 #define SITD_EPCHAR_HUBADD_MASK 0x007f0000 212 #define SITD_EPCHAR_HUBADDR_SH 16 213 #define SITD_EPCHAR_EPNUM_MASK 0x00000f00 214 #define SITD_EPCHAR_EPNUM_SH 8 215 #define SITD_EPCHAR_DEVADDR_MASK 0x0000007f 216 217 uint32_t uframe; 218 #define SITD_UFRAME_CMASK_MASK 0x0000ff00 219 #define SITD_UFRAME_CMASK_SH 8 220 #define SITD_UFRAME_SMASK_MASK 0x000000ff 221 222 uint32_t results; 223 #define SITD_RESULTS_IOC (1 << 31) 224 #define SITD_RESULTS_PGSEL (1 << 30) 225 #define SITD_RESULTS_TBYTES_MASK 0x03ff0000 226 #define SITD_RESULTS_TYBYTES_SH 16 227 #define SITD_RESULTS_CPROGMASK_MASK 0x0000ff00 228 #define SITD_RESULTS_CPROGMASK_SH 8 229 #define SITD_RESULTS_ACTIVE (1 << 7) 230 #define SITD_RESULTS_ERR (1 << 6) 231 #define SITD_RESULTS_DBERR (1 << 5) 232 #define SITD_RESULTS_BABBLE (1 << 4) 233 #define SITD_RESULTS_XACTERR (1 << 3) 234 #define SITD_RESULTS_MISSEDUF (1 << 2) 235 #define SITD_RESULTS_SPLITXSTATE (1 << 1) 236 237 uint32_t bufptr[2]; 238 #define SITD_BUFPTR_MASK 0xfffff000 239 #define SITD_BUFPTR_CURROFF_MASK 0x00000fff 240 #define SITD_BUFPTR_TPOS_MASK 0x00000018 241 #define SITD_BUFPTR_TPOS_SH 3 242 #define SITD_BUFPTR_TCNT_MASK 0x00000007 243 244 uint32_t backptr; // Standard next link pointer 245 } EHCIsitd; 246 247 /* EHCI spec version 1.0 Section 3.5 248 */ 249 typedef struct EHCIqtd { 250 uint32_t next; // Standard next link pointer 251 uint32_t altnext; // Standard next link pointer 252 uint32_t token; 253 #define QTD_TOKEN_DTOGGLE (1 << 31) 254 #define QTD_TOKEN_TBYTES_MASK 0x7fff0000 255 #define QTD_TOKEN_TBYTES_SH 16 256 #define QTD_TOKEN_IOC (1 << 15) 257 #define QTD_TOKEN_CPAGE_MASK 0x00007000 258 #define QTD_TOKEN_CPAGE_SH 12 259 #define QTD_TOKEN_CERR_MASK 0x00000c00 260 #define QTD_TOKEN_CERR_SH 10 261 #define QTD_TOKEN_PID_MASK 0x00000300 262 #define QTD_TOKEN_PID_SH 8 263 #define QTD_TOKEN_ACTIVE (1 << 7) 264 #define QTD_TOKEN_HALT (1 << 6) 265 #define QTD_TOKEN_DBERR (1 << 5) 266 #define QTD_TOKEN_BABBLE (1 << 4) 267 #define QTD_TOKEN_XACTERR (1 << 3) 268 #define QTD_TOKEN_MISSEDUF (1 << 2) 269 #define QTD_TOKEN_SPLITXSTATE (1 << 1) 270 #define QTD_TOKEN_PING (1 << 0) 271 272 uint32_t bufptr[5]; // Standard buffer pointer 273 #define QTD_BUFPTR_MASK 0xfffff000 274 #define QTD_BUFPTR_SH 12 275 } EHCIqtd; 276 277 /* EHCI spec version 1.0 Section 3.6 278 */ 279 typedef struct EHCIqh { 280 uint32_t next; // Standard next link pointer 281 282 /* endpoint characteristics */ 283 uint32_t epchar; 284 #define QH_EPCHAR_RL_MASK 0xf0000000 285 #define QH_EPCHAR_RL_SH 28 286 #define QH_EPCHAR_C (1 << 27) 287 #define QH_EPCHAR_MPLEN_MASK 0x07FF0000 288 #define QH_EPCHAR_MPLEN_SH 16 289 #define QH_EPCHAR_H (1 << 15) 290 #define QH_EPCHAR_DTC (1 << 14) 291 #define QH_EPCHAR_EPS_MASK 0x00003000 292 #define QH_EPCHAR_EPS_SH 12 293 #define EHCI_QH_EPS_FULL 0 294 #define EHCI_QH_EPS_LOW 1 295 #define EHCI_QH_EPS_HIGH 2 296 #define EHCI_QH_EPS_RESERVED 3 297 298 #define QH_EPCHAR_EP_MASK 0x00000f00 299 #define QH_EPCHAR_EP_SH 8 300 #define QH_EPCHAR_I (1 << 7) 301 #define QH_EPCHAR_DEVADDR_MASK 0x0000007f 302 #define QH_EPCHAR_DEVADDR_SH 0 303 304 /* endpoint capabilities */ 305 uint32_t epcap; 306 #define QH_EPCAP_MULT_MASK 0xc0000000 307 #define QH_EPCAP_MULT_SH 30 308 #define QH_EPCAP_PORTNUM_MASK 0x3f800000 309 #define QH_EPCAP_PORTNUM_SH 23 310 #define QH_EPCAP_HUBADDR_MASK 0x007f0000 311 #define QH_EPCAP_HUBADDR_SH 16 312 #define QH_EPCAP_CMASK_MASK 0x0000ff00 313 #define QH_EPCAP_CMASK_SH 8 314 #define QH_EPCAP_SMASK_MASK 0x000000ff 315 #define QH_EPCAP_SMASK_SH 0 316 317 uint32_t current_qtd; // Standard next link pointer 318 uint32_t next_qtd; // Standard next link pointer 319 uint32_t altnext_qtd; 320 #define QH_ALTNEXT_NAKCNT_MASK 0x0000001e 321 #define QH_ALTNEXT_NAKCNT_SH 1 322 323 uint32_t token; // Same as QTD token 324 uint32_t bufptr[5]; // Standard buffer pointer 325 #define BUFPTR_CPROGMASK_MASK 0x000000ff 326 #define BUFPTR_FRAMETAG_MASK 0x0000001f 327 #define BUFPTR_SBYTES_MASK 0x00000fe0 328 #define BUFPTR_SBYTES_SH 5 329 } EHCIqh; 330 331 /* EHCI spec version 1.0 Section 3.7 332 */ 333 typedef struct EHCIfstn { 334 uint32_t next; // Standard next link pointer 335 uint32_t backptr; // Standard next link pointer 336 } EHCIfstn; 337 338 typedef struct EHCIQueue EHCIQueue; 339 typedef struct EHCIState EHCIState; 340 341 enum async_state { 342 EHCI_ASYNC_NONE = 0, 343 EHCI_ASYNC_INFLIGHT, 344 EHCI_ASYNC_FINISHED, 345 }; 346 347 struct EHCIQueue { 348 EHCIState *ehci; 349 QTAILQ_ENTRY(EHCIQueue) next; 350 uint32_t seen; 351 uint64_t ts; 352 353 /* cached data from guest - needs to be flushed 354 * when guest removes an entry (doorbell, handshake sequence) 355 */ 356 EHCIqh qh; // copy of current QH (being worked on) 357 uint32_t qhaddr; // address QH read from 358 EHCIqtd qtd; // copy of current QTD (being worked on) 359 uint32_t qtdaddr; // address QTD read from 360 361 USBPacket packet; 362 QEMUSGList sgl; 363 int pid; 364 uint32_t tbytes; 365 enum async_state async; 366 int usb_status; 367 }; 368 369 typedef QTAILQ_HEAD(EHCIQueueHead, EHCIQueue) EHCIQueueHead; 370 371 struct EHCIState { 372 PCIDevice dev; 373 USBBus bus; 374 qemu_irq irq; 375 MemoryRegion mem; 376 int companion_count; 377 378 /* properties */ 379 uint32_t freq; 380 uint32_t maxframes; 381 382 /* 383 * EHCI spec version 1.0 Section 2.3 384 * Host Controller Operational Registers 385 */ 386 union { 387 uint8_t mmio[MMIO_SIZE]; 388 struct { 389 uint8_t cap[OPREGBASE]; 390 uint32_t usbcmd; 391 uint32_t usbsts; 392 uint32_t usbintr; 393 uint32_t frindex; 394 uint32_t ctrldssegment; 395 uint32_t periodiclistbase; 396 uint32_t asynclistaddr; 397 uint32_t notused[9]; 398 uint32_t configflag; 399 uint32_t portsc[NB_PORTS]; 400 }; 401 }; 402 403 /* 404 * Internal states, shadow registers, etc 405 */ 406 QEMUTimer *frame_timer; 407 int attach_poll_counter; 408 int astate; // Current state in asynchronous schedule 409 int pstate; // Current state in periodic schedule 410 USBPort ports[NB_PORTS]; 411 USBPort *companion_ports[NB_PORTS]; 412 uint32_t usbsts_pending; 413 EHCIQueueHead aqueues; 414 EHCIQueueHead pqueues; 415 416 uint32_t a_fetch_addr; // which address to look at next 417 uint32_t p_fetch_addr; // which address to look at next 418 419 USBPacket ipacket; 420 QEMUSGList isgl; 421 422 uint64_t last_run_ns; 423 }; 424 425 #define SET_LAST_RUN_CLOCK(s) \ 426 (s)->last_run_ns = qemu_get_clock_ns(vm_clock); 427 428 /* nifty macros from Arnon's EHCI version */ 429 #define get_field(data, field) \ 430 (((data) & field##_MASK) >> field##_SH) 431 432 #define set_field(data, newval, field) do { \ 433 uint32_t val = *data; \ 434 val &= ~ field##_MASK; \ 435 val |= ((newval) << field##_SH) & field##_MASK; \ 436 *data = val; \ 437 } while(0) 438 439 static const char *ehci_state_names[] = { 440 [EST_INACTIVE] = "INACTIVE", 441 [EST_ACTIVE] = "ACTIVE", 442 [EST_EXECUTING] = "EXECUTING", 443 [EST_SLEEPING] = "SLEEPING", 444 [EST_WAITLISTHEAD] = "WAITLISTHEAD", 445 [EST_FETCHENTRY] = "FETCH ENTRY", 446 [EST_FETCHQH] = "FETCH QH", 447 [EST_FETCHITD] = "FETCH ITD", 448 [EST_ADVANCEQUEUE] = "ADVANCEQUEUE", 449 [EST_FETCHQTD] = "FETCH QTD", 450 [EST_EXECUTE] = "EXECUTE", 451 [EST_WRITEBACK] = "WRITEBACK", 452 [EST_HORIZONTALQH] = "HORIZONTALQH", 453 }; 454 455 static const char *ehci_mmio_names[] = { 456 [CAPLENGTH] = "CAPLENGTH", 457 [HCIVERSION] = "HCIVERSION", 458 [HCSPARAMS] = "HCSPARAMS", 459 [HCCPARAMS] = "HCCPARAMS", 460 [USBCMD] = "USBCMD", 461 [USBSTS] = "USBSTS", 462 [USBINTR] = "USBINTR", 463 [FRINDEX] = "FRINDEX", 464 [PERIODICLISTBASE] = "P-LIST BASE", 465 [ASYNCLISTADDR] = "A-LIST ADDR", 466 [PORTSC_BEGIN] = "PORTSC #0", 467 [PORTSC_BEGIN + 4] = "PORTSC #1", 468 [PORTSC_BEGIN + 8] = "PORTSC #2", 469 [PORTSC_BEGIN + 12] = "PORTSC #3", 470 [PORTSC_BEGIN + 16] = "PORTSC #4", 471 [PORTSC_BEGIN + 20] = "PORTSC #5", 472 [CONFIGFLAG] = "CONFIGFLAG", 473 }; 474 475 static const char *nr2str(const char **n, size_t len, uint32_t nr) 476 { 477 if (nr < len && n[nr] != NULL) { 478 return n[nr]; 479 } else { 480 return "unknown"; 481 } 482 } 483 484 static const char *state2str(uint32_t state) 485 { 486 return nr2str(ehci_state_names, ARRAY_SIZE(ehci_state_names), state); 487 } 488 489 static const char *addr2str(target_phys_addr_t addr) 490 { 491 return nr2str(ehci_mmio_names, ARRAY_SIZE(ehci_mmio_names), addr); 492 } 493 494 static void ehci_trace_usbsts(uint32_t mask, int state) 495 { 496 /* interrupts */ 497 if (mask & USBSTS_INT) { 498 trace_usb_ehci_usbsts("INT", state); 499 } 500 if (mask & USBSTS_ERRINT) { 501 trace_usb_ehci_usbsts("ERRINT", state); 502 } 503 if (mask & USBSTS_PCD) { 504 trace_usb_ehci_usbsts("PCD", state); 505 } 506 if (mask & USBSTS_FLR) { 507 trace_usb_ehci_usbsts("FLR", state); 508 } 509 if (mask & USBSTS_HSE) { 510 trace_usb_ehci_usbsts("HSE", state); 511 } 512 if (mask & USBSTS_IAA) { 513 trace_usb_ehci_usbsts("IAA", state); 514 } 515 516 /* status */ 517 if (mask & USBSTS_HALT) { 518 trace_usb_ehci_usbsts("HALT", state); 519 } 520 if (mask & USBSTS_REC) { 521 trace_usb_ehci_usbsts("REC", state); 522 } 523 if (mask & USBSTS_PSS) { 524 trace_usb_ehci_usbsts("PSS", state); 525 } 526 if (mask & USBSTS_ASS) { 527 trace_usb_ehci_usbsts("ASS", state); 528 } 529 } 530 531 static inline void ehci_set_usbsts(EHCIState *s, int mask) 532 { 533 if ((s->usbsts & mask) == mask) { 534 return; 535 } 536 ehci_trace_usbsts(mask, 1); 537 s->usbsts |= mask; 538 } 539 540 static inline void ehci_clear_usbsts(EHCIState *s, int mask) 541 { 542 if ((s->usbsts & mask) == 0) { 543 return; 544 } 545 ehci_trace_usbsts(mask, 0); 546 s->usbsts &= ~mask; 547 } 548 549 static inline void ehci_set_interrupt(EHCIState *s, int intr) 550 { 551 int level = 0; 552 553 // TODO honour interrupt threshold requests 554 555 ehci_set_usbsts(s, intr); 556 557 if ((s->usbsts & USBINTR_MASK) & s->usbintr) { 558 level = 1; 559 } 560 561 qemu_set_irq(s->irq, level); 562 } 563 564 static inline void ehci_record_interrupt(EHCIState *s, int intr) 565 { 566 s->usbsts_pending |= intr; 567 } 568 569 static inline void ehci_commit_interrupt(EHCIState *s) 570 { 571 if (!s->usbsts_pending) { 572 return; 573 } 574 ehci_set_interrupt(s, s->usbsts_pending); 575 s->usbsts_pending = 0; 576 } 577 578 static void ehci_set_state(EHCIState *s, int async, int state) 579 { 580 if (async) { 581 trace_usb_ehci_state("async", state2str(state)); 582 s->astate = state; 583 } else { 584 trace_usb_ehci_state("periodic", state2str(state)); 585 s->pstate = state; 586 } 587 } 588 589 static int ehci_get_state(EHCIState *s, int async) 590 { 591 return async ? s->astate : s->pstate; 592 } 593 594 static void ehci_set_fetch_addr(EHCIState *s, int async, uint32_t addr) 595 { 596 if (async) { 597 s->a_fetch_addr = addr; 598 } else { 599 s->p_fetch_addr = addr; 600 } 601 } 602 603 static int ehci_get_fetch_addr(EHCIState *s, int async) 604 { 605 return async ? s->a_fetch_addr : s->p_fetch_addr; 606 } 607 608 static void ehci_trace_qh(EHCIQueue *q, target_phys_addr_t addr, EHCIqh *qh) 609 { 610 /* need three here due to argument count limits */ 611 trace_usb_ehci_qh_ptrs(q, addr, qh->next, 612 qh->current_qtd, qh->next_qtd, qh->altnext_qtd); 613 trace_usb_ehci_qh_fields(addr, 614 get_field(qh->epchar, QH_EPCHAR_RL), 615 get_field(qh->epchar, QH_EPCHAR_MPLEN), 616 get_field(qh->epchar, QH_EPCHAR_EPS), 617 get_field(qh->epchar, QH_EPCHAR_EP), 618 get_field(qh->epchar, QH_EPCHAR_DEVADDR)); 619 trace_usb_ehci_qh_bits(addr, 620 (bool)(qh->epchar & QH_EPCHAR_C), 621 (bool)(qh->epchar & QH_EPCHAR_H), 622 (bool)(qh->epchar & QH_EPCHAR_DTC), 623 (bool)(qh->epchar & QH_EPCHAR_I)); 624 } 625 626 static void ehci_trace_qtd(EHCIQueue *q, target_phys_addr_t addr, EHCIqtd *qtd) 627 { 628 /* need three here due to argument count limits */ 629 trace_usb_ehci_qtd_ptrs(q, addr, qtd->next, qtd->altnext); 630 trace_usb_ehci_qtd_fields(addr, 631 get_field(qtd->token, QTD_TOKEN_TBYTES), 632 get_field(qtd->token, QTD_TOKEN_CPAGE), 633 get_field(qtd->token, QTD_TOKEN_CERR), 634 get_field(qtd->token, QTD_TOKEN_PID)); 635 trace_usb_ehci_qtd_bits(addr, 636 (bool)(qtd->token & QTD_TOKEN_IOC), 637 (bool)(qtd->token & QTD_TOKEN_ACTIVE), 638 (bool)(qtd->token & QTD_TOKEN_HALT), 639 (bool)(qtd->token & QTD_TOKEN_BABBLE), 640 (bool)(qtd->token & QTD_TOKEN_XACTERR)); 641 } 642 643 static void ehci_trace_itd(EHCIState *s, target_phys_addr_t addr, EHCIitd *itd) 644 { 645 trace_usb_ehci_itd(addr, itd->next, 646 get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT), 647 get_field(itd->bufptr[2], ITD_BUFPTR_MULT), 648 get_field(itd->bufptr[0], ITD_BUFPTR_EP), 649 get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR)); 650 } 651 652 static void ehci_trace_sitd(EHCIState *s, target_phys_addr_t addr, 653 EHCIsitd *sitd) 654 { 655 trace_usb_ehci_sitd(addr, sitd->next, 656 (bool)(sitd->results & SITD_RESULTS_ACTIVE)); 657 } 658 659 /* queue management */ 660 661 static EHCIQueue *ehci_alloc_queue(EHCIState *ehci, int async) 662 { 663 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 664 EHCIQueue *q; 665 666 q = g_malloc0(sizeof(*q)); 667 q->ehci = ehci; 668 QTAILQ_INSERT_HEAD(head, q, next); 669 trace_usb_ehci_queue_action(q, "alloc"); 670 return q; 671 } 672 673 static void ehci_free_queue(EHCIQueue *q, int async) 674 { 675 EHCIQueueHead *head = async ? &q->ehci->aqueues : &q->ehci->pqueues; 676 trace_usb_ehci_queue_action(q, "free"); 677 if (q->async == EHCI_ASYNC_INFLIGHT) { 678 usb_cancel_packet(&q->packet); 679 } 680 QTAILQ_REMOVE(head, q, next); 681 g_free(q); 682 } 683 684 static EHCIQueue *ehci_find_queue_by_qh(EHCIState *ehci, uint32_t addr, 685 int async) 686 { 687 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 688 EHCIQueue *q; 689 690 QTAILQ_FOREACH(q, head, next) { 691 if (addr == q->qhaddr) { 692 return q; 693 } 694 } 695 return NULL; 696 } 697 698 static void ehci_queues_rip_unused(EHCIState *ehci, int async, int flush) 699 { 700 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 701 EHCIQueue *q, *tmp; 702 703 QTAILQ_FOREACH_SAFE(q, head, next, tmp) { 704 if (q->seen) { 705 q->seen = 0; 706 q->ts = ehci->last_run_ns; 707 continue; 708 } 709 if (!flush && ehci->last_run_ns < q->ts + 250000000) { 710 /* allow 0.25 sec idle */ 711 continue; 712 } 713 ehci_free_queue(q, async); 714 } 715 } 716 717 static void ehci_queues_rip_device(EHCIState *ehci, USBDevice *dev, int async) 718 { 719 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 720 EHCIQueue *q, *tmp; 721 722 QTAILQ_FOREACH_SAFE(q, head, next, tmp) { 723 if (!usb_packet_is_inflight(&q->packet) || 724 q->packet.ep->dev != dev) { 725 continue; 726 } 727 ehci_free_queue(q, async); 728 } 729 } 730 731 static void ehci_queues_rip_all(EHCIState *ehci, int async) 732 { 733 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 734 EHCIQueue *q, *tmp; 735 736 QTAILQ_FOREACH_SAFE(q, head, next, tmp) { 737 ehci_free_queue(q, async); 738 } 739 } 740 741 /* Attach or detach a device on root hub */ 742 743 static void ehci_attach(USBPort *port) 744 { 745 EHCIState *s = port->opaque; 746 uint32_t *portsc = &s->portsc[port->index]; 747 748 trace_usb_ehci_port_attach(port->index, port->dev->product_desc); 749 750 if (*portsc & PORTSC_POWNER) { 751 USBPort *companion = s->companion_ports[port->index]; 752 companion->dev = port->dev; 753 companion->ops->attach(companion); 754 return; 755 } 756 757 *portsc |= PORTSC_CONNECT; 758 *portsc |= PORTSC_CSC; 759 760 ehci_set_interrupt(s, USBSTS_PCD); 761 } 762 763 static void ehci_detach(USBPort *port) 764 { 765 EHCIState *s = port->opaque; 766 uint32_t *portsc = &s->portsc[port->index]; 767 768 trace_usb_ehci_port_detach(port->index); 769 770 if (*portsc & PORTSC_POWNER) { 771 USBPort *companion = s->companion_ports[port->index]; 772 companion->ops->detach(companion); 773 companion->dev = NULL; 774 /* 775 * EHCI spec 4.2.2: "When a disconnect occurs... On the event, 776 * the port ownership is returned immediately to the EHCI controller." 777 */ 778 *portsc &= ~PORTSC_POWNER; 779 return; 780 } 781 782 ehci_queues_rip_device(s, port->dev, 0); 783 ehci_queues_rip_device(s, port->dev, 1); 784 785 *portsc &= ~(PORTSC_CONNECT|PORTSC_PED); 786 *portsc |= PORTSC_CSC; 787 788 ehci_set_interrupt(s, USBSTS_PCD); 789 } 790 791 static void ehci_child_detach(USBPort *port, USBDevice *child) 792 { 793 EHCIState *s = port->opaque; 794 uint32_t portsc = s->portsc[port->index]; 795 796 if (portsc & PORTSC_POWNER) { 797 USBPort *companion = s->companion_ports[port->index]; 798 companion->ops->child_detach(companion, child); 799 return; 800 } 801 802 ehci_queues_rip_device(s, child, 0); 803 ehci_queues_rip_device(s, child, 1); 804 } 805 806 static void ehci_wakeup(USBPort *port) 807 { 808 EHCIState *s = port->opaque; 809 uint32_t portsc = s->portsc[port->index]; 810 811 if (portsc & PORTSC_POWNER) { 812 USBPort *companion = s->companion_ports[port->index]; 813 if (companion->ops->wakeup) { 814 companion->ops->wakeup(companion); 815 } 816 } 817 } 818 819 static int ehci_register_companion(USBBus *bus, USBPort *ports[], 820 uint32_t portcount, uint32_t firstport) 821 { 822 EHCIState *s = container_of(bus, EHCIState, bus); 823 uint32_t i; 824 825 if (firstport + portcount > NB_PORTS) { 826 qerror_report(QERR_INVALID_PARAMETER_VALUE, "firstport", 827 "firstport on masterbus"); 828 error_printf_unless_qmp( 829 "firstport value of %u makes companion take ports %u - %u, which " 830 "is outside of the valid range of 0 - %u\n", firstport, firstport, 831 firstport + portcount - 1, NB_PORTS - 1); 832 return -1; 833 } 834 835 for (i = 0; i < portcount; i++) { 836 if (s->companion_ports[firstport + i]) { 837 qerror_report(QERR_INVALID_PARAMETER_VALUE, "masterbus", 838 "an USB masterbus"); 839 error_printf_unless_qmp( 840 "port %u on masterbus %s already has a companion assigned\n", 841 firstport + i, bus->qbus.name); 842 return -1; 843 } 844 } 845 846 for (i = 0; i < portcount; i++) { 847 s->companion_ports[firstport + i] = ports[i]; 848 s->ports[firstport + i].speedmask |= 849 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL; 850 /* Ensure devs attached before the initial reset go to the companion */ 851 s->portsc[firstport + i] = PORTSC_POWNER; 852 } 853 854 s->companion_count++; 855 s->mmio[0x05] = (s->companion_count << 4) | portcount; 856 857 return 0; 858 } 859 860 static USBDevice *ehci_find_device(EHCIState *ehci, uint8_t addr) 861 { 862 USBDevice *dev; 863 USBPort *port; 864 int i; 865 866 for (i = 0; i < NB_PORTS; i++) { 867 port = &ehci->ports[i]; 868 if (!(ehci->portsc[i] & PORTSC_PED)) { 869 DPRINTF("Port %d not enabled\n", i); 870 continue; 871 } 872 dev = usb_find_device(port, addr); 873 if (dev != NULL) { 874 return dev; 875 } 876 } 877 return NULL; 878 } 879 880 /* 4.1 host controller initialization */ 881 static void ehci_reset(void *opaque) 882 { 883 EHCIState *s = opaque; 884 int i; 885 USBDevice *devs[NB_PORTS]; 886 887 trace_usb_ehci_reset(); 888 889 /* 890 * Do the detach before touching portsc, so that it correctly gets send to 891 * us or to our companion based on PORTSC_POWNER before the reset. 892 */ 893 for(i = 0; i < NB_PORTS; i++) { 894 devs[i] = s->ports[i].dev; 895 if (devs[i] && devs[i]->attached) { 896 usb_detach(&s->ports[i]); 897 } 898 } 899 900 memset(&s->mmio[OPREGBASE], 0x00, MMIO_SIZE - OPREGBASE); 901 902 s->usbcmd = NB_MAXINTRATE << USBCMD_ITC_SH; 903 s->usbsts = USBSTS_HALT; 904 905 s->astate = EST_INACTIVE; 906 s->pstate = EST_INACTIVE; 907 s->attach_poll_counter = 0; 908 909 for(i = 0; i < NB_PORTS; i++) { 910 if (s->companion_ports[i]) { 911 s->portsc[i] = PORTSC_POWNER | PORTSC_PPOWER; 912 } else { 913 s->portsc[i] = PORTSC_PPOWER; 914 } 915 if (devs[i] && devs[i]->attached) { 916 usb_attach(&s->ports[i]); 917 usb_device_reset(devs[i]); 918 } 919 } 920 ehci_queues_rip_all(s, 0); 921 ehci_queues_rip_all(s, 1); 922 qemu_del_timer(s->frame_timer); 923 } 924 925 static uint32_t ehci_mem_readb(void *ptr, target_phys_addr_t addr) 926 { 927 EHCIState *s = ptr; 928 uint32_t val; 929 930 val = s->mmio[addr]; 931 932 return val; 933 } 934 935 static uint32_t ehci_mem_readw(void *ptr, target_phys_addr_t addr) 936 { 937 EHCIState *s = ptr; 938 uint32_t val; 939 940 val = s->mmio[addr] | (s->mmio[addr+1] << 8); 941 942 return val; 943 } 944 945 static uint32_t ehci_mem_readl(void *ptr, target_phys_addr_t addr) 946 { 947 EHCIState *s = ptr; 948 uint32_t val; 949 950 val = s->mmio[addr] | (s->mmio[addr+1] << 8) | 951 (s->mmio[addr+2] << 16) | (s->mmio[addr+3] << 24); 952 953 trace_usb_ehci_mmio_readl(addr, addr2str(addr), val); 954 return val; 955 } 956 957 static void ehci_mem_writeb(void *ptr, target_phys_addr_t addr, uint32_t val) 958 { 959 fprintf(stderr, "EHCI doesn't handle byte writes to MMIO\n"); 960 exit(1); 961 } 962 963 static void ehci_mem_writew(void *ptr, target_phys_addr_t addr, uint32_t val) 964 { 965 fprintf(stderr, "EHCI doesn't handle 16-bit writes to MMIO\n"); 966 exit(1); 967 } 968 969 static void handle_port_owner_write(EHCIState *s, int port, uint32_t owner) 970 { 971 USBDevice *dev = s->ports[port].dev; 972 uint32_t *portsc = &s->portsc[port]; 973 uint32_t orig; 974 975 if (s->companion_ports[port] == NULL) 976 return; 977 978 owner = owner & PORTSC_POWNER; 979 orig = *portsc & PORTSC_POWNER; 980 981 if (!(owner ^ orig)) { 982 return; 983 } 984 985 if (dev && dev->attached) { 986 usb_detach(&s->ports[port]); 987 } 988 989 *portsc &= ~PORTSC_POWNER; 990 *portsc |= owner; 991 992 if (dev && dev->attached) { 993 usb_attach(&s->ports[port]); 994 } 995 } 996 997 static void handle_port_status_write(EHCIState *s, int port, uint32_t val) 998 { 999 uint32_t *portsc = &s->portsc[port]; 1000 USBDevice *dev = s->ports[port].dev; 1001 1002 /* Clear rwc bits */ 1003 *portsc &= ~(val & PORTSC_RWC_MASK); 1004 /* The guest may clear, but not set the PED bit */ 1005 *portsc &= val | ~PORTSC_PED; 1006 /* POWNER is masked out by RO_MASK as it is RO when we've no companion */ 1007 handle_port_owner_write(s, port, val); 1008 /* And finally apply RO_MASK */ 1009 val &= PORTSC_RO_MASK; 1010 1011 if ((val & PORTSC_PRESET) && !(*portsc & PORTSC_PRESET)) { 1012 trace_usb_ehci_port_reset(port, 1); 1013 } 1014 1015 if (!(val & PORTSC_PRESET) &&(*portsc & PORTSC_PRESET)) { 1016 trace_usb_ehci_port_reset(port, 0); 1017 if (dev && dev->attached) { 1018 usb_port_reset(&s->ports[port]); 1019 *portsc &= ~PORTSC_CSC; 1020 } 1021 1022 /* 1023 * Table 2.16 Set the enable bit(and enable bit change) to indicate 1024 * to SW that this port has a high speed device attached 1025 */ 1026 if (dev && dev->attached && (dev->speedmask & USB_SPEED_MASK_HIGH)) { 1027 val |= PORTSC_PED; 1028 } 1029 } 1030 1031 *portsc &= ~PORTSC_RO_MASK; 1032 *portsc |= val; 1033 } 1034 1035 static void ehci_mem_writel(void *ptr, target_phys_addr_t addr, uint32_t val) 1036 { 1037 EHCIState *s = ptr; 1038 uint32_t *mmio = (uint32_t *)(&s->mmio[addr]); 1039 uint32_t old = *mmio; 1040 int i; 1041 1042 trace_usb_ehci_mmio_writel(addr, addr2str(addr), val); 1043 1044 /* Only aligned reads are allowed on OHCI */ 1045 if (addr & 3) { 1046 fprintf(stderr, "usb-ehci: Mis-aligned write to addr 0x" 1047 TARGET_FMT_plx "\n", addr); 1048 return; 1049 } 1050 1051 if (addr >= PORTSC && addr < PORTSC + 4 * NB_PORTS) { 1052 handle_port_status_write(s, (addr-PORTSC)/4, val); 1053 trace_usb_ehci_mmio_change(addr, addr2str(addr), *mmio, old); 1054 return; 1055 } 1056 1057 if (addr < OPREGBASE) { 1058 fprintf(stderr, "usb-ehci: write attempt to read-only register" 1059 TARGET_FMT_plx "\n", addr); 1060 return; 1061 } 1062 1063 1064 /* Do any register specific pre-write processing here. */ 1065 switch(addr) { 1066 case USBCMD: 1067 if ((val & USBCMD_RUNSTOP) && !(s->usbcmd & USBCMD_RUNSTOP)) { 1068 qemu_mod_timer(s->frame_timer, qemu_get_clock_ns(vm_clock)); 1069 SET_LAST_RUN_CLOCK(s); 1070 ehci_clear_usbsts(s, USBSTS_HALT); 1071 } 1072 1073 if (!(val & USBCMD_RUNSTOP) && (s->usbcmd & USBCMD_RUNSTOP)) { 1074 qemu_del_timer(s->frame_timer); 1075 ehci_queues_rip_all(s, 0); 1076 ehci_queues_rip_all(s, 1); 1077 ehci_set_usbsts(s, USBSTS_HALT); 1078 } 1079 1080 if (val & USBCMD_HCRESET) { 1081 ehci_reset(s); 1082 val = s->usbcmd; 1083 } 1084 1085 /* not supporting dynamic frame list size at the moment */ 1086 if ((val & USBCMD_FLS) && !(s->usbcmd & USBCMD_FLS)) { 1087 fprintf(stderr, "attempt to set frame list size -- value %d\n", 1088 val & USBCMD_FLS); 1089 val &= ~USBCMD_FLS; 1090 } 1091 break; 1092 1093 case USBSTS: 1094 val &= USBSTS_RO_MASK; // bits 6 thru 31 are RO 1095 ehci_clear_usbsts(s, val); // bits 0 thru 5 are R/WC 1096 val = s->usbsts; 1097 ehci_set_interrupt(s, 0); 1098 break; 1099 1100 case USBINTR: 1101 val &= USBINTR_MASK; 1102 break; 1103 1104 case CONFIGFLAG: 1105 val &= 0x1; 1106 if (val) { 1107 for(i = 0; i < NB_PORTS; i++) 1108 handle_port_owner_write(s, i, 0); 1109 } 1110 break; 1111 1112 case PERIODICLISTBASE: 1113 if ((s->usbcmd & USBCMD_PSE) && (s->usbcmd & USBCMD_RUNSTOP)) { 1114 fprintf(stderr, 1115 "ehci: PERIODIC list base register set while periodic schedule\n" 1116 " is enabled and HC is enabled\n"); 1117 } 1118 break; 1119 1120 case ASYNCLISTADDR: 1121 if ((s->usbcmd & USBCMD_ASE) && (s->usbcmd & USBCMD_RUNSTOP)) { 1122 fprintf(stderr, 1123 "ehci: ASYNC list address register set while async schedule\n" 1124 " is enabled and HC is enabled\n"); 1125 } 1126 break; 1127 } 1128 1129 *mmio = val; 1130 trace_usb_ehci_mmio_change(addr, addr2str(addr), *mmio, old); 1131 } 1132 1133 1134 // TODO : Put in common header file, duplication from usb-ohci.c 1135 1136 /* Get an array of dwords from main memory */ 1137 static inline int get_dwords(EHCIState *ehci, uint32_t addr, 1138 uint32_t *buf, int num) 1139 { 1140 int i; 1141 1142 for(i = 0; i < num; i++, buf++, addr += sizeof(*buf)) { 1143 pci_dma_read(&ehci->dev, addr, buf, sizeof(*buf)); 1144 *buf = le32_to_cpu(*buf); 1145 } 1146 1147 return 1; 1148 } 1149 1150 /* Put an array of dwords in to main memory */ 1151 static inline int put_dwords(EHCIState *ehci, uint32_t addr, 1152 uint32_t *buf, int num) 1153 { 1154 int i; 1155 1156 for(i = 0; i < num; i++, buf++, addr += sizeof(*buf)) { 1157 uint32_t tmp = cpu_to_le32(*buf); 1158 pci_dma_write(&ehci->dev, addr, &tmp, sizeof(tmp)); 1159 } 1160 1161 return 1; 1162 } 1163 1164 // 4.10.2 1165 1166 static int ehci_qh_do_overlay(EHCIQueue *q) 1167 { 1168 int i; 1169 int dtoggle; 1170 int ping; 1171 int eps; 1172 int reload; 1173 1174 // remember values in fields to preserve in qh after overlay 1175 1176 dtoggle = q->qh.token & QTD_TOKEN_DTOGGLE; 1177 ping = q->qh.token & QTD_TOKEN_PING; 1178 1179 q->qh.current_qtd = q->qtdaddr; 1180 q->qh.next_qtd = q->qtd.next; 1181 q->qh.altnext_qtd = q->qtd.altnext; 1182 q->qh.token = q->qtd.token; 1183 1184 1185 eps = get_field(q->qh.epchar, QH_EPCHAR_EPS); 1186 if (eps == EHCI_QH_EPS_HIGH) { 1187 q->qh.token &= ~QTD_TOKEN_PING; 1188 q->qh.token |= ping; 1189 } 1190 1191 reload = get_field(q->qh.epchar, QH_EPCHAR_RL); 1192 set_field(&q->qh.altnext_qtd, reload, QH_ALTNEXT_NAKCNT); 1193 1194 for (i = 0; i < 5; i++) { 1195 q->qh.bufptr[i] = q->qtd.bufptr[i]; 1196 } 1197 1198 if (!(q->qh.epchar & QH_EPCHAR_DTC)) { 1199 // preserve QH DT bit 1200 q->qh.token &= ~QTD_TOKEN_DTOGGLE; 1201 q->qh.token |= dtoggle; 1202 } 1203 1204 q->qh.bufptr[1] &= ~BUFPTR_CPROGMASK_MASK; 1205 q->qh.bufptr[2] &= ~BUFPTR_FRAMETAG_MASK; 1206 1207 put_dwords(q->ehci, NLPTR_GET(q->qhaddr), (uint32_t *) &q->qh, 1208 sizeof(EHCIqh) >> 2); 1209 1210 return 0; 1211 } 1212 1213 static int ehci_init_transfer(EHCIQueue *q) 1214 { 1215 uint32_t cpage, offset, bytes, plen; 1216 dma_addr_t page; 1217 1218 cpage = get_field(q->qh.token, QTD_TOKEN_CPAGE); 1219 bytes = get_field(q->qh.token, QTD_TOKEN_TBYTES); 1220 offset = q->qh.bufptr[0] & ~QTD_BUFPTR_MASK; 1221 pci_dma_sglist_init(&q->sgl, &q->ehci->dev, 5); 1222 1223 while (bytes > 0) { 1224 if (cpage > 4) { 1225 fprintf(stderr, "cpage out of range (%d)\n", cpage); 1226 return USB_RET_PROCERR; 1227 } 1228 1229 page = q->qh.bufptr[cpage] & QTD_BUFPTR_MASK; 1230 page += offset; 1231 plen = bytes; 1232 if (plen > 4096 - offset) { 1233 plen = 4096 - offset; 1234 offset = 0; 1235 cpage++; 1236 } 1237 1238 qemu_sglist_add(&q->sgl, page, plen); 1239 bytes -= plen; 1240 } 1241 return 0; 1242 } 1243 1244 static void ehci_finish_transfer(EHCIQueue *q, int status) 1245 { 1246 uint32_t cpage, offset; 1247 1248 qemu_sglist_destroy(&q->sgl); 1249 1250 if (status > 0) { 1251 /* update cpage & offset */ 1252 cpage = get_field(q->qh.token, QTD_TOKEN_CPAGE); 1253 offset = q->qh.bufptr[0] & ~QTD_BUFPTR_MASK; 1254 1255 offset += status; 1256 cpage += offset >> QTD_BUFPTR_SH; 1257 offset &= ~QTD_BUFPTR_MASK; 1258 1259 set_field(&q->qh.token, cpage, QTD_TOKEN_CPAGE); 1260 q->qh.bufptr[0] &= QTD_BUFPTR_MASK; 1261 q->qh.bufptr[0] |= offset; 1262 } 1263 } 1264 1265 static void ehci_async_complete_packet(USBPort *port, USBPacket *packet) 1266 { 1267 EHCIQueue *q; 1268 EHCIState *s = port->opaque; 1269 uint32_t portsc = s->portsc[port->index]; 1270 1271 if (portsc & PORTSC_POWNER) { 1272 USBPort *companion = s->companion_ports[port->index]; 1273 companion->ops->complete(companion, packet); 1274 return; 1275 } 1276 1277 q = container_of(packet, EHCIQueue, packet); 1278 trace_usb_ehci_queue_action(q, "wakeup"); 1279 assert(q->async == EHCI_ASYNC_INFLIGHT); 1280 q->async = EHCI_ASYNC_FINISHED; 1281 q->usb_status = packet->result; 1282 } 1283 1284 static void ehci_execute_complete(EHCIQueue *q) 1285 { 1286 assert(q->async != EHCI_ASYNC_INFLIGHT); 1287 q->async = EHCI_ASYNC_NONE; 1288 1289 DPRINTF("execute_complete: qhaddr 0x%x, next %x, qtdaddr 0x%x, status %d\n", 1290 q->qhaddr, q->qh.next, q->qtdaddr, q->usb_status); 1291 1292 if (q->usb_status < 0) { 1293 switch(q->usb_status) { 1294 case USB_RET_IOERROR: 1295 case USB_RET_NODEV: 1296 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_XACTERR); 1297 set_field(&q->qh.token, 0, QTD_TOKEN_CERR); 1298 ehci_record_interrupt(q->ehci, USBSTS_ERRINT); 1299 break; 1300 case USB_RET_STALL: 1301 q->qh.token |= QTD_TOKEN_HALT; 1302 ehci_record_interrupt(q->ehci, USBSTS_ERRINT); 1303 break; 1304 case USB_RET_NAK: 1305 set_field(&q->qh.altnext_qtd, 0, QH_ALTNEXT_NAKCNT); 1306 return; /* We're not done yet with this transaction */ 1307 case USB_RET_BABBLE: 1308 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_BABBLE); 1309 ehci_record_interrupt(q->ehci, USBSTS_ERRINT); 1310 break; 1311 default: 1312 /* should not be triggerable */ 1313 fprintf(stderr, "USB invalid response %d to handle\n", q->usb_status); 1314 assert(0); 1315 break; 1316 } 1317 } else if ((q->usb_status > q->tbytes) && (q->pid == USB_TOKEN_IN)) { 1318 q->usb_status = USB_RET_BABBLE; 1319 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_BABBLE); 1320 ehci_record_interrupt(q->ehci, USBSTS_ERRINT); 1321 } else { 1322 // TODO check 4.12 for splits 1323 1324 if (q->tbytes && q->pid == USB_TOKEN_IN) { 1325 q->tbytes -= q->usb_status; 1326 } else { 1327 q->tbytes = 0; 1328 } 1329 1330 DPRINTF("updating tbytes to %d\n", q->tbytes); 1331 set_field(&q->qh.token, q->tbytes, QTD_TOKEN_TBYTES); 1332 } 1333 ehci_finish_transfer(q, q->usb_status); 1334 usb_packet_unmap(&q->packet); 1335 1336 q->qh.token ^= QTD_TOKEN_DTOGGLE; 1337 q->qh.token &= ~QTD_TOKEN_ACTIVE; 1338 1339 if (q->qh.token & QTD_TOKEN_IOC) { 1340 ehci_record_interrupt(q->ehci, USBSTS_INT); 1341 } 1342 } 1343 1344 // 4.10.3 1345 1346 static int ehci_execute(EHCIQueue *q) 1347 { 1348 USBDevice *dev; 1349 USBEndpoint *ep; 1350 int ret; 1351 int endp; 1352 int devadr; 1353 1354 if ( !(q->qh.token & QTD_TOKEN_ACTIVE)) { 1355 fprintf(stderr, "Attempting to execute inactive QH\n"); 1356 return USB_RET_PROCERR; 1357 } 1358 1359 q->tbytes = (q->qh.token & QTD_TOKEN_TBYTES_MASK) >> QTD_TOKEN_TBYTES_SH; 1360 if (q->tbytes > BUFF_SIZE) { 1361 fprintf(stderr, "Request for more bytes than allowed\n"); 1362 return USB_RET_PROCERR; 1363 } 1364 1365 q->pid = (q->qh.token & QTD_TOKEN_PID_MASK) >> QTD_TOKEN_PID_SH; 1366 switch(q->pid) { 1367 case 0: q->pid = USB_TOKEN_OUT; break; 1368 case 1: q->pid = USB_TOKEN_IN; break; 1369 case 2: q->pid = USB_TOKEN_SETUP; break; 1370 default: fprintf(stderr, "bad token\n"); break; 1371 } 1372 1373 if (ehci_init_transfer(q) != 0) { 1374 return USB_RET_PROCERR; 1375 } 1376 1377 endp = get_field(q->qh.epchar, QH_EPCHAR_EP); 1378 devadr = get_field(q->qh.epchar, QH_EPCHAR_DEVADDR); 1379 1380 /* TODO: associating device with ehci port */ 1381 dev = ehci_find_device(q->ehci, devadr); 1382 ep = usb_ep_get(dev, q->pid, endp); 1383 1384 usb_packet_setup(&q->packet, q->pid, ep); 1385 usb_packet_map(&q->packet, &q->sgl); 1386 1387 ret = usb_handle_packet(dev, &q->packet); 1388 DPRINTF("submit: qh %x next %x qtd %x pid %x len %zd " 1389 "(total %d) endp %x ret %d\n", 1390 q->qhaddr, q->qh.next, q->qtdaddr, q->pid, 1391 q->packet.iov.size, q->tbytes, endp, ret); 1392 1393 if (ret > BUFF_SIZE) { 1394 fprintf(stderr, "ret from usb_handle_packet > BUFF_SIZE\n"); 1395 return USB_RET_PROCERR; 1396 } 1397 1398 return ret; 1399 } 1400 1401 /* 4.7.2 1402 */ 1403 1404 static int ehci_process_itd(EHCIState *ehci, 1405 EHCIitd *itd) 1406 { 1407 USBDevice *dev; 1408 USBEndpoint *ep; 1409 int ret; 1410 uint32_t i, len, pid, dir, devaddr, endp; 1411 uint32_t pg, off, ptr1, ptr2, max, mult; 1412 1413 dir =(itd->bufptr[1] & ITD_BUFPTR_DIRECTION); 1414 devaddr = get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR); 1415 endp = get_field(itd->bufptr[0], ITD_BUFPTR_EP); 1416 max = get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT); 1417 mult = get_field(itd->bufptr[2], ITD_BUFPTR_MULT); 1418 1419 for(i = 0; i < 8; i++) { 1420 if (itd->transact[i] & ITD_XACT_ACTIVE) { 1421 pg = get_field(itd->transact[i], ITD_XACT_PGSEL); 1422 off = itd->transact[i] & ITD_XACT_OFFSET_MASK; 1423 ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK); 1424 ptr2 = (itd->bufptr[pg+1] & ITD_BUFPTR_MASK); 1425 len = get_field(itd->transact[i], ITD_XACT_LENGTH); 1426 1427 if (len > max * mult) { 1428 len = max * mult; 1429 } 1430 1431 if (len > BUFF_SIZE) { 1432 return USB_RET_PROCERR; 1433 } 1434 1435 pci_dma_sglist_init(&ehci->isgl, &ehci->dev, 2); 1436 if (off + len > 4096) { 1437 /* transfer crosses page border */ 1438 uint32_t len2 = off + len - 4096; 1439 uint32_t len1 = len - len2; 1440 qemu_sglist_add(&ehci->isgl, ptr1 + off, len1); 1441 qemu_sglist_add(&ehci->isgl, ptr2, len2); 1442 } else { 1443 qemu_sglist_add(&ehci->isgl, ptr1 + off, len); 1444 } 1445 1446 pid = dir ? USB_TOKEN_IN : USB_TOKEN_OUT; 1447 1448 dev = ehci_find_device(ehci, devaddr); 1449 ep = usb_ep_get(dev, pid, endp); 1450 if (ep->type == USB_ENDPOINT_XFER_ISOC) { 1451 usb_packet_setup(&ehci->ipacket, pid, ep); 1452 usb_packet_map(&ehci->ipacket, &ehci->isgl); 1453 ret = usb_handle_packet(dev, &ehci->ipacket); 1454 assert(ret != USB_RET_ASYNC); 1455 usb_packet_unmap(&ehci->ipacket); 1456 } else { 1457 DPRINTF("ISOCH: attempt to addess non-iso endpoint\n"); 1458 ret = USB_RET_NAK; 1459 } 1460 qemu_sglist_destroy(&ehci->isgl); 1461 1462 if (ret < 0) { 1463 switch (ret) { 1464 default: 1465 fprintf(stderr, "Unexpected iso usb result: %d\n", ret); 1466 /* Fall through */ 1467 case USB_RET_IOERROR: 1468 case USB_RET_NODEV: 1469 /* 3.3.2: XACTERR is only allowed on IN transactions */ 1470 if (dir) { 1471 itd->transact[i] |= ITD_XACT_XACTERR; 1472 ehci_record_interrupt(ehci, USBSTS_ERRINT); 1473 } 1474 break; 1475 case USB_RET_BABBLE: 1476 itd->transact[i] |= ITD_XACT_BABBLE; 1477 ehci_record_interrupt(ehci, USBSTS_ERRINT); 1478 break; 1479 case USB_RET_NAK: 1480 /* no data for us, so do a zero-length transfer */ 1481 ret = 0; 1482 break; 1483 } 1484 } 1485 if (ret >= 0) { 1486 if (!dir) { 1487 /* OUT */ 1488 set_field(&itd->transact[i], len - ret, ITD_XACT_LENGTH); 1489 } else { 1490 /* IN */ 1491 set_field(&itd->transact[i], ret, ITD_XACT_LENGTH); 1492 } 1493 } 1494 if (itd->transact[i] & ITD_XACT_IOC) { 1495 ehci_record_interrupt(ehci, USBSTS_INT); 1496 } 1497 itd->transact[i] &= ~ITD_XACT_ACTIVE; 1498 } 1499 } 1500 return 0; 1501 } 1502 1503 /* This state is the entry point for asynchronous schedule 1504 * processing. Entry here consitutes a EHCI start event state (4.8.5) 1505 */ 1506 static int ehci_state_waitlisthead(EHCIState *ehci, int async) 1507 { 1508 EHCIqh qh; 1509 int i = 0; 1510 int again = 0; 1511 uint32_t entry = ehci->asynclistaddr; 1512 1513 /* set reclamation flag at start event (4.8.6) */ 1514 if (async) { 1515 ehci_set_usbsts(ehci, USBSTS_REC); 1516 } 1517 1518 ehci_queues_rip_unused(ehci, async, 0); 1519 1520 /* Find the head of the list (4.9.1.1) */ 1521 for(i = 0; i < MAX_QH; i++) { 1522 get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &qh, 1523 sizeof(EHCIqh) >> 2); 1524 ehci_trace_qh(NULL, NLPTR_GET(entry), &qh); 1525 1526 if (qh.epchar & QH_EPCHAR_H) { 1527 if (async) { 1528 entry |= (NLPTR_TYPE_QH << 1); 1529 } 1530 1531 ehci_set_fetch_addr(ehci, async, entry); 1532 ehci_set_state(ehci, async, EST_FETCHENTRY); 1533 again = 1; 1534 goto out; 1535 } 1536 1537 entry = qh.next; 1538 if (entry == ehci->asynclistaddr) { 1539 break; 1540 } 1541 } 1542 1543 /* no head found for list. */ 1544 1545 ehci_set_state(ehci, async, EST_ACTIVE); 1546 1547 out: 1548 return again; 1549 } 1550 1551 1552 /* This state is the entry point for periodic schedule processing as 1553 * well as being a continuation state for async processing. 1554 */ 1555 static int ehci_state_fetchentry(EHCIState *ehci, int async) 1556 { 1557 int again = 0; 1558 uint32_t entry = ehci_get_fetch_addr(ehci, async); 1559 1560 if (NLPTR_TBIT(entry)) { 1561 ehci_set_state(ehci, async, EST_ACTIVE); 1562 goto out; 1563 } 1564 1565 /* section 4.8, only QH in async schedule */ 1566 if (async && (NLPTR_TYPE_GET(entry) != NLPTR_TYPE_QH)) { 1567 fprintf(stderr, "non queue head request in async schedule\n"); 1568 return -1; 1569 } 1570 1571 switch (NLPTR_TYPE_GET(entry)) { 1572 case NLPTR_TYPE_QH: 1573 ehci_set_state(ehci, async, EST_FETCHQH); 1574 again = 1; 1575 break; 1576 1577 case NLPTR_TYPE_ITD: 1578 ehci_set_state(ehci, async, EST_FETCHITD); 1579 again = 1; 1580 break; 1581 1582 case NLPTR_TYPE_STITD: 1583 ehci_set_state(ehci, async, EST_FETCHSITD); 1584 again = 1; 1585 break; 1586 1587 default: 1588 /* TODO: handle FSTN type */ 1589 fprintf(stderr, "FETCHENTRY: entry at %X is of type %d " 1590 "which is not supported yet\n", entry, NLPTR_TYPE_GET(entry)); 1591 return -1; 1592 } 1593 1594 out: 1595 return again; 1596 } 1597 1598 static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async) 1599 { 1600 uint32_t entry; 1601 EHCIQueue *q; 1602 1603 entry = ehci_get_fetch_addr(ehci, async); 1604 q = ehci_find_queue_by_qh(ehci, entry, async); 1605 if (NULL == q) { 1606 q = ehci_alloc_queue(ehci, async); 1607 } 1608 q->qhaddr = entry; 1609 q->seen++; 1610 1611 if (q->seen > 1) { 1612 /* we are going in circles -- stop processing */ 1613 ehci_set_state(ehci, async, EST_ACTIVE); 1614 q = NULL; 1615 goto out; 1616 } 1617 1618 get_dwords(ehci, NLPTR_GET(q->qhaddr), 1619 (uint32_t *) &q->qh, sizeof(EHCIqh) >> 2); 1620 ehci_trace_qh(q, NLPTR_GET(q->qhaddr), &q->qh); 1621 1622 if (q->async == EHCI_ASYNC_INFLIGHT) { 1623 /* I/O still in progress -- skip queue */ 1624 ehci_set_state(ehci, async, EST_HORIZONTALQH); 1625 goto out; 1626 } 1627 if (q->async == EHCI_ASYNC_FINISHED) { 1628 /* I/O finished -- continue processing queue */ 1629 trace_usb_ehci_queue_action(q, "resume"); 1630 ehci_set_state(ehci, async, EST_EXECUTING); 1631 goto out; 1632 } 1633 1634 if (async && (q->qh.epchar & QH_EPCHAR_H)) { 1635 1636 /* EHCI spec version 1.0 Section 4.8.3 & 4.10.1 */ 1637 if (ehci->usbsts & USBSTS_REC) { 1638 ehci_clear_usbsts(ehci, USBSTS_REC); 1639 } else { 1640 DPRINTF("FETCHQH: QH 0x%08x. H-bit set, reclamation status reset" 1641 " - done processing\n", q->qhaddr); 1642 ehci_set_state(ehci, async, EST_ACTIVE); 1643 q = NULL; 1644 goto out; 1645 } 1646 } 1647 1648 #if EHCI_DEBUG 1649 if (q->qhaddr != q->qh.next) { 1650 DPRINTF("FETCHQH: QH 0x%08x (h %x halt %x active %x) next 0x%08x\n", 1651 q->qhaddr, 1652 q->qh.epchar & QH_EPCHAR_H, 1653 q->qh.token & QTD_TOKEN_HALT, 1654 q->qh.token & QTD_TOKEN_ACTIVE, 1655 q->qh.next); 1656 } 1657 #endif 1658 1659 if (q->qh.token & QTD_TOKEN_HALT) { 1660 ehci_set_state(ehci, async, EST_HORIZONTALQH); 1661 1662 } else if ((q->qh.token & QTD_TOKEN_ACTIVE) && 1663 (NLPTR_TBIT(q->qh.current_qtd) == 0)) { 1664 q->qtdaddr = q->qh.current_qtd; 1665 ehci_set_state(ehci, async, EST_FETCHQTD); 1666 1667 } else { 1668 /* EHCI spec version 1.0 Section 4.10.2 */ 1669 ehci_set_state(ehci, async, EST_ADVANCEQUEUE); 1670 } 1671 1672 out: 1673 return q; 1674 } 1675 1676 static int ehci_state_fetchitd(EHCIState *ehci, int async) 1677 { 1678 uint32_t entry; 1679 EHCIitd itd; 1680 1681 assert(!async); 1682 entry = ehci_get_fetch_addr(ehci, async); 1683 1684 get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd, 1685 sizeof(EHCIitd) >> 2); 1686 ehci_trace_itd(ehci, entry, &itd); 1687 1688 if (ehci_process_itd(ehci, &itd) != 0) { 1689 return -1; 1690 } 1691 1692 put_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd, 1693 sizeof(EHCIitd) >> 2); 1694 ehci_set_fetch_addr(ehci, async, itd.next); 1695 ehci_set_state(ehci, async, EST_FETCHENTRY); 1696 1697 return 1; 1698 } 1699 1700 static int ehci_state_fetchsitd(EHCIState *ehci, int async) 1701 { 1702 uint32_t entry; 1703 EHCIsitd sitd; 1704 1705 assert(!async); 1706 entry = ehci_get_fetch_addr(ehci, async); 1707 1708 get_dwords(ehci, NLPTR_GET(entry), (uint32_t *)&sitd, 1709 sizeof(EHCIsitd) >> 2); 1710 ehci_trace_sitd(ehci, entry, &sitd); 1711 1712 if (!(sitd.results & SITD_RESULTS_ACTIVE)) { 1713 /* siTD is not active, nothing to do */; 1714 } else { 1715 /* TODO: split transfers are not implemented */ 1716 fprintf(stderr, "WARNING: Skipping active siTD\n"); 1717 } 1718 1719 ehci_set_fetch_addr(ehci, async, sitd.next); 1720 ehci_set_state(ehci, async, EST_FETCHENTRY); 1721 return 1; 1722 } 1723 1724 /* Section 4.10.2 - paragraph 3 */ 1725 static int ehci_state_advqueue(EHCIQueue *q, int async) 1726 { 1727 #if 0 1728 /* TO-DO: 4.10.2 - paragraph 2 1729 * if I-bit is set to 1 and QH is not active 1730 * go to horizontal QH 1731 */ 1732 if (I-bit set) { 1733 ehci_set_state(ehci, async, EST_HORIZONTALQH); 1734 goto out; 1735 } 1736 #endif 1737 1738 /* 1739 * want data and alt-next qTD is valid 1740 */ 1741 if (((q->qh.token & QTD_TOKEN_TBYTES_MASK) != 0) && 1742 (NLPTR_TBIT(q->qh.altnext_qtd) == 0)) { 1743 q->qtdaddr = q->qh.altnext_qtd; 1744 ehci_set_state(q->ehci, async, EST_FETCHQTD); 1745 1746 /* 1747 * next qTD is valid 1748 */ 1749 } else if (NLPTR_TBIT(q->qh.next_qtd) == 0) { 1750 q->qtdaddr = q->qh.next_qtd; 1751 ehci_set_state(q->ehci, async, EST_FETCHQTD); 1752 1753 /* 1754 * no valid qTD, try next QH 1755 */ 1756 } else { 1757 ehci_set_state(q->ehci, async, EST_HORIZONTALQH); 1758 } 1759 1760 return 1; 1761 } 1762 1763 /* Section 4.10.2 - paragraph 4 */ 1764 static int ehci_state_fetchqtd(EHCIQueue *q, int async) 1765 { 1766 int again = 0; 1767 1768 get_dwords(q->ehci, NLPTR_GET(q->qtdaddr), (uint32_t *) &q->qtd, 1769 sizeof(EHCIqtd) >> 2); 1770 ehci_trace_qtd(q, NLPTR_GET(q->qtdaddr), &q->qtd); 1771 1772 if (q->qtd.token & QTD_TOKEN_ACTIVE) { 1773 ehci_set_state(q->ehci, async, EST_EXECUTE); 1774 again = 1; 1775 } else { 1776 ehci_set_state(q->ehci, async, EST_HORIZONTALQH); 1777 again = 1; 1778 } 1779 1780 return again; 1781 } 1782 1783 static int ehci_state_horizqh(EHCIQueue *q, int async) 1784 { 1785 int again = 0; 1786 1787 if (ehci_get_fetch_addr(q->ehci, async) != q->qh.next) { 1788 ehci_set_fetch_addr(q->ehci, async, q->qh.next); 1789 ehci_set_state(q->ehci, async, EST_FETCHENTRY); 1790 again = 1; 1791 } else { 1792 ehci_set_state(q->ehci, async, EST_ACTIVE); 1793 } 1794 1795 return again; 1796 } 1797 1798 /* 1799 * Write the qh back to guest physical memory. This step isn't 1800 * in the EHCI spec but we need to do it since we don't share 1801 * physical memory with our guest VM. 1802 * 1803 * The first three dwords are read-only for the EHCI, so skip them 1804 * when writing back the qh. 1805 */ 1806 static void ehci_flush_qh(EHCIQueue *q) 1807 { 1808 uint32_t *qh = (uint32_t *) &q->qh; 1809 uint32_t dwords = sizeof(EHCIqh) >> 2; 1810 uint32_t addr = NLPTR_GET(q->qhaddr); 1811 1812 put_dwords(q->ehci, addr + 3 * sizeof(uint32_t), qh + 3, dwords - 3); 1813 } 1814 1815 static int ehci_state_execute(EHCIQueue *q, int async) 1816 { 1817 int again = 0; 1818 1819 if (ehci_qh_do_overlay(q) != 0) { 1820 return -1; 1821 } 1822 1823 // TODO verify enough time remains in the uframe as in 4.4.1.1 1824 // TODO write back ptr to async list when done or out of time 1825 // TODO Windows does not seem to ever set the MULT field 1826 1827 if (!async) { 1828 int transactCtr = get_field(q->qh.epcap, QH_EPCAP_MULT); 1829 if (!transactCtr) { 1830 ehci_set_state(q->ehci, async, EST_HORIZONTALQH); 1831 again = 1; 1832 goto out; 1833 } 1834 } 1835 1836 if (async) { 1837 ehci_set_usbsts(q->ehci, USBSTS_REC); 1838 } 1839 1840 q->usb_status = ehci_execute(q); 1841 if (q->usb_status == USB_RET_PROCERR) { 1842 again = -1; 1843 goto out; 1844 } 1845 if (q->usb_status == USB_RET_ASYNC) { 1846 ehci_flush_qh(q); 1847 trace_usb_ehci_queue_action(q, "suspend"); 1848 q->async = EHCI_ASYNC_INFLIGHT; 1849 ehci_set_state(q->ehci, async, EST_HORIZONTALQH); 1850 again = 1; 1851 goto out; 1852 } 1853 1854 ehci_set_state(q->ehci, async, EST_EXECUTING); 1855 again = 1; 1856 1857 out: 1858 return again; 1859 } 1860 1861 static int ehci_state_executing(EHCIQueue *q, int async) 1862 { 1863 int again = 0; 1864 1865 ehci_execute_complete(q); 1866 if (q->usb_status == USB_RET_ASYNC) { 1867 goto out; 1868 } 1869 if (q->usb_status == USB_RET_PROCERR) { 1870 again = -1; 1871 goto out; 1872 } 1873 1874 // 4.10.3 1875 if (!async) { 1876 int transactCtr = get_field(q->qh.epcap, QH_EPCAP_MULT); 1877 transactCtr--; 1878 set_field(&q->qh.epcap, transactCtr, QH_EPCAP_MULT); 1879 // 4.10.3, bottom of page 82, should exit this state when transaction 1880 // counter decrements to 0 1881 } 1882 1883 /* 4.10.5 */ 1884 if (q->usb_status == USB_RET_NAK) { 1885 ehci_set_state(q->ehci, async, EST_HORIZONTALQH); 1886 } else { 1887 ehci_set_state(q->ehci, async, EST_WRITEBACK); 1888 } 1889 1890 again = 1; 1891 1892 out: 1893 ehci_flush_qh(q); 1894 return again; 1895 } 1896 1897 1898 static int ehci_state_writeback(EHCIQueue *q, int async) 1899 { 1900 int again = 0; 1901 1902 /* Write back the QTD from the QH area */ 1903 ehci_trace_qtd(q, NLPTR_GET(q->qtdaddr), (EHCIqtd*) &q->qh.next_qtd); 1904 put_dwords(q->ehci, NLPTR_GET(q->qtdaddr), (uint32_t *) &q->qh.next_qtd, 1905 sizeof(EHCIqtd) >> 2); 1906 1907 /* 1908 * EHCI specs say go horizontal here. 1909 * 1910 * We can also advance the queue here for performance reasons. We 1911 * need to take care to only take that shortcut in case we've 1912 * processed the qtd just written back without errors, i.e. halt 1913 * bit is clear. 1914 */ 1915 if (q->qh.token & QTD_TOKEN_HALT) { 1916 ehci_set_state(q->ehci, async, EST_HORIZONTALQH); 1917 again = 1; 1918 } else { 1919 ehci_set_state(q->ehci, async, EST_ADVANCEQUEUE); 1920 again = 1; 1921 } 1922 return again; 1923 } 1924 1925 /* 1926 * This is the state machine that is common to both async and periodic 1927 */ 1928 1929 static void ehci_advance_state(EHCIState *ehci, 1930 int async) 1931 { 1932 EHCIQueue *q = NULL; 1933 int again; 1934 int iter = 0; 1935 1936 do { 1937 if (ehci_get_state(ehci, async) == EST_FETCHQH) { 1938 iter++; 1939 /* if we are roaming a lot of QH without executing a qTD 1940 * something is wrong with the linked list. TO-DO: why is 1941 * this hack needed? 1942 */ 1943 assert(iter < MAX_ITERATIONS); 1944 #if 0 1945 if (iter > MAX_ITERATIONS) { 1946 DPRINTF("\n*** advance_state: bailing on MAX ITERATIONS***\n"); 1947 ehci_set_state(ehci, async, EST_ACTIVE); 1948 break; 1949 } 1950 #endif 1951 } 1952 switch(ehci_get_state(ehci, async)) { 1953 case EST_WAITLISTHEAD: 1954 again = ehci_state_waitlisthead(ehci, async); 1955 break; 1956 1957 case EST_FETCHENTRY: 1958 again = ehci_state_fetchentry(ehci, async); 1959 break; 1960 1961 case EST_FETCHQH: 1962 q = ehci_state_fetchqh(ehci, async); 1963 again = q ? 1 : 0; 1964 break; 1965 1966 case EST_FETCHITD: 1967 again = ehci_state_fetchitd(ehci, async); 1968 break; 1969 1970 case EST_FETCHSITD: 1971 again = ehci_state_fetchsitd(ehci, async); 1972 break; 1973 1974 case EST_ADVANCEQUEUE: 1975 again = ehci_state_advqueue(q, async); 1976 break; 1977 1978 case EST_FETCHQTD: 1979 again = ehci_state_fetchqtd(q, async); 1980 break; 1981 1982 case EST_HORIZONTALQH: 1983 again = ehci_state_horizqh(q, async); 1984 break; 1985 1986 case EST_EXECUTE: 1987 iter = 0; 1988 again = ehci_state_execute(q, async); 1989 break; 1990 1991 case EST_EXECUTING: 1992 assert(q != NULL); 1993 again = ehci_state_executing(q, async); 1994 break; 1995 1996 case EST_WRITEBACK: 1997 assert(q != NULL); 1998 again = ehci_state_writeback(q, async); 1999 break; 2000 2001 default: 2002 fprintf(stderr, "Bad state!\n"); 2003 again = -1; 2004 assert(0); 2005 break; 2006 } 2007 2008 if (again < 0) { 2009 fprintf(stderr, "processing error - resetting ehci HC\n"); 2010 ehci_reset(ehci); 2011 again = 0; 2012 } 2013 } 2014 while (again); 2015 2016 ehci_commit_interrupt(ehci); 2017 } 2018 2019 static void ehci_advance_async_state(EHCIState *ehci) 2020 { 2021 const int async = 1; 2022 2023 switch(ehci_get_state(ehci, async)) { 2024 case EST_INACTIVE: 2025 if (!(ehci->usbcmd & USBCMD_ASE)) { 2026 break; 2027 } 2028 ehci_set_usbsts(ehci, USBSTS_ASS); 2029 ehci_set_state(ehci, async, EST_ACTIVE); 2030 // No break, fall through to ACTIVE 2031 2032 case EST_ACTIVE: 2033 if ( !(ehci->usbcmd & USBCMD_ASE)) { 2034 ehci_queues_rip_all(ehci, async); 2035 ehci_clear_usbsts(ehci, USBSTS_ASS); 2036 ehci_set_state(ehci, async, EST_INACTIVE); 2037 break; 2038 } 2039 2040 /* make sure guest has acknowledged the doorbell interrupt */ 2041 /* TO-DO: is this really needed? */ 2042 if (ehci->usbsts & USBSTS_IAA) { 2043 DPRINTF("IAA status bit still set.\n"); 2044 break; 2045 } 2046 2047 /* check that address register has been set */ 2048 if (ehci->asynclistaddr == 0) { 2049 break; 2050 } 2051 2052 ehci_set_state(ehci, async, EST_WAITLISTHEAD); 2053 ehci_advance_state(ehci, async); 2054 2055 /* If the doorbell is set, the guest wants to make a change to the 2056 * schedule. The host controller needs to release cached data. 2057 * (section 4.8.2) 2058 */ 2059 if (ehci->usbcmd & USBCMD_IAAD) { 2060 /* Remove all unseen qhs from the async qhs queue */ 2061 ehci_queues_rip_unused(ehci, async, 1); 2062 DPRINTF("ASYNC: doorbell request acknowledged\n"); 2063 ehci->usbcmd &= ~USBCMD_IAAD; 2064 ehci_set_interrupt(ehci, USBSTS_IAA); 2065 } 2066 break; 2067 2068 default: 2069 /* this should only be due to a developer mistake */ 2070 fprintf(stderr, "ehci: Bad asynchronous state %d. " 2071 "Resetting to active\n", ehci->astate); 2072 assert(0); 2073 } 2074 } 2075 2076 static void ehci_advance_periodic_state(EHCIState *ehci) 2077 { 2078 uint32_t entry; 2079 uint32_t list; 2080 const int async = 0; 2081 2082 // 4.6 2083 2084 switch(ehci_get_state(ehci, async)) { 2085 case EST_INACTIVE: 2086 if ( !(ehci->frindex & 7) && (ehci->usbcmd & USBCMD_PSE)) { 2087 ehci_set_usbsts(ehci, USBSTS_PSS); 2088 ehci_set_state(ehci, async, EST_ACTIVE); 2089 // No break, fall through to ACTIVE 2090 } else 2091 break; 2092 2093 case EST_ACTIVE: 2094 if ( !(ehci->frindex & 7) && !(ehci->usbcmd & USBCMD_PSE)) { 2095 ehci_queues_rip_all(ehci, async); 2096 ehci_clear_usbsts(ehci, USBSTS_PSS); 2097 ehci_set_state(ehci, async, EST_INACTIVE); 2098 break; 2099 } 2100 2101 list = ehci->periodiclistbase & 0xfffff000; 2102 /* check that register has been set */ 2103 if (list == 0) { 2104 break; 2105 } 2106 list |= ((ehci->frindex & 0x1ff8) >> 1); 2107 2108 pci_dma_read(&ehci->dev, list, &entry, sizeof entry); 2109 entry = le32_to_cpu(entry); 2110 2111 DPRINTF("PERIODIC state adv fr=%d. [%08X] -> %08X\n", 2112 ehci->frindex / 8, list, entry); 2113 ehci_set_fetch_addr(ehci, async,entry); 2114 ehci_set_state(ehci, async, EST_FETCHENTRY); 2115 ehci_advance_state(ehci, async); 2116 ehci_queues_rip_unused(ehci, async, 0); 2117 break; 2118 2119 default: 2120 /* this should only be due to a developer mistake */ 2121 fprintf(stderr, "ehci: Bad periodic state %d. " 2122 "Resetting to active\n", ehci->pstate); 2123 assert(0); 2124 } 2125 } 2126 2127 static void ehci_frame_timer(void *opaque) 2128 { 2129 EHCIState *ehci = opaque; 2130 int64_t expire_time, t_now; 2131 uint64_t ns_elapsed; 2132 int frames; 2133 int i; 2134 int skipped_frames = 0; 2135 2136 t_now = qemu_get_clock_ns(vm_clock); 2137 expire_time = t_now + (get_ticks_per_sec() / ehci->freq); 2138 2139 ns_elapsed = t_now - ehci->last_run_ns; 2140 frames = ns_elapsed / FRAME_TIMER_NS; 2141 2142 for (i = 0; i < frames; i++) { 2143 if ( !(ehci->usbsts & USBSTS_HALT)) { 2144 ehci->frindex += 8; 2145 2146 if (ehci->frindex == 0x00002000) { 2147 ehci_set_interrupt(ehci, USBSTS_FLR); 2148 } 2149 2150 if (ehci->frindex == 0x00004000) { 2151 ehci_set_interrupt(ehci, USBSTS_FLR); 2152 ehci->frindex = 0; 2153 } 2154 } 2155 2156 if (frames - i > ehci->maxframes) { 2157 skipped_frames++; 2158 } else { 2159 ehci_advance_periodic_state(ehci); 2160 } 2161 2162 ehci->last_run_ns += FRAME_TIMER_NS; 2163 } 2164 2165 #if 0 2166 if (skipped_frames) { 2167 DPRINTF("WARNING - EHCI skipped %d frames\n", skipped_frames); 2168 } 2169 #endif 2170 2171 /* Async is not inside loop since it executes everything it can once 2172 * called 2173 */ 2174 ehci_advance_async_state(ehci); 2175 2176 qemu_mod_timer(ehci->frame_timer, expire_time); 2177 } 2178 2179 2180 static const MemoryRegionOps ehci_mem_ops = { 2181 .old_mmio = { 2182 .read = { ehci_mem_readb, ehci_mem_readw, ehci_mem_readl }, 2183 .write = { ehci_mem_writeb, ehci_mem_writew, ehci_mem_writel }, 2184 }, 2185 .endianness = DEVICE_LITTLE_ENDIAN, 2186 }; 2187 2188 static int usb_ehci_initfn(PCIDevice *dev); 2189 2190 static USBPortOps ehci_port_ops = { 2191 .attach = ehci_attach, 2192 .detach = ehci_detach, 2193 .child_detach = ehci_child_detach, 2194 .wakeup = ehci_wakeup, 2195 .complete = ehci_async_complete_packet, 2196 }; 2197 2198 static USBBusOps ehci_bus_ops = { 2199 .register_companion = ehci_register_companion, 2200 }; 2201 2202 static const VMStateDescription vmstate_ehci = { 2203 .name = "ehci", 2204 .unmigratable = 1, 2205 }; 2206 2207 static Property ehci_properties[] = { 2208 DEFINE_PROP_UINT32("freq", EHCIState, freq, FRAME_TIMER_FREQ), 2209 DEFINE_PROP_UINT32("maxframes", EHCIState, maxframes, 128), 2210 DEFINE_PROP_END_OF_LIST(), 2211 }; 2212 2213 static void ehci_class_init(ObjectClass *klass, void *data) 2214 { 2215 DeviceClass *dc = DEVICE_CLASS(klass); 2216 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2217 2218 k->init = usb_ehci_initfn; 2219 k->vendor_id = PCI_VENDOR_ID_INTEL; 2220 k->device_id = PCI_DEVICE_ID_INTEL_82801D; /* ich4 */ 2221 k->revision = 0x10; 2222 k->class_id = PCI_CLASS_SERIAL_USB; 2223 dc->vmsd = &vmstate_ehci; 2224 dc->props = ehci_properties; 2225 } 2226 2227 static TypeInfo ehci_info = { 2228 .name = "usb-ehci", 2229 .parent = TYPE_PCI_DEVICE, 2230 .instance_size = sizeof(EHCIState), 2231 .class_init = ehci_class_init, 2232 }; 2233 2234 static void ich9_ehci_class_init(ObjectClass *klass, void *data) 2235 { 2236 DeviceClass *dc = DEVICE_CLASS(klass); 2237 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2238 2239 k->init = usb_ehci_initfn; 2240 k->vendor_id = PCI_VENDOR_ID_INTEL; 2241 k->device_id = PCI_DEVICE_ID_INTEL_82801I_EHCI1; 2242 k->revision = 0x03; 2243 k->class_id = PCI_CLASS_SERIAL_USB; 2244 dc->vmsd = &vmstate_ehci; 2245 dc->props = ehci_properties; 2246 } 2247 2248 static TypeInfo ich9_ehci_info = { 2249 .name = "ich9-usb-ehci1", 2250 .parent = TYPE_PCI_DEVICE, 2251 .instance_size = sizeof(EHCIState), 2252 .class_init = ich9_ehci_class_init, 2253 }; 2254 2255 static int usb_ehci_initfn(PCIDevice *dev) 2256 { 2257 EHCIState *s = DO_UPCAST(EHCIState, dev, dev); 2258 uint8_t *pci_conf = s->dev.config; 2259 int i; 2260 2261 pci_set_byte(&pci_conf[PCI_CLASS_PROG], 0x20); 2262 2263 /* capabilities pointer */ 2264 pci_set_byte(&pci_conf[PCI_CAPABILITY_LIST], 0x00); 2265 //pci_set_byte(&pci_conf[PCI_CAPABILITY_LIST], 0x50); 2266 2267 pci_set_byte(&pci_conf[PCI_INTERRUPT_PIN], 4); /* interrupt pin D */ 2268 pci_set_byte(&pci_conf[PCI_MIN_GNT], 0); 2269 pci_set_byte(&pci_conf[PCI_MAX_LAT], 0); 2270 2271 // pci_conf[0x50] = 0x01; // power management caps 2272 2273 pci_set_byte(&pci_conf[USB_SBRN], USB_RELEASE_2); // release number (2.1.4) 2274 pci_set_byte(&pci_conf[0x61], 0x20); // frame length adjustment (2.1.5) 2275 pci_set_word(&pci_conf[0x62], 0x00); // port wake up capability (2.1.6) 2276 2277 pci_conf[0x64] = 0x00; 2278 pci_conf[0x65] = 0x00; 2279 pci_conf[0x66] = 0x00; 2280 pci_conf[0x67] = 0x00; 2281 pci_conf[0x68] = 0x01; 2282 pci_conf[0x69] = 0x00; 2283 pci_conf[0x6a] = 0x00; 2284 pci_conf[0x6b] = 0x00; // USBLEGSUP 2285 pci_conf[0x6c] = 0x00; 2286 pci_conf[0x6d] = 0x00; 2287 pci_conf[0x6e] = 0x00; 2288 pci_conf[0x6f] = 0xc0; // USBLEFCTLSTS 2289 2290 // 2.2 host controller interface version 2291 s->mmio[0x00] = (uint8_t) OPREGBASE; 2292 s->mmio[0x01] = 0x00; 2293 s->mmio[0x02] = 0x00; 2294 s->mmio[0x03] = 0x01; // HC version 2295 s->mmio[0x04] = NB_PORTS; // Number of downstream ports 2296 s->mmio[0x05] = 0x00; // No companion ports at present 2297 s->mmio[0x06] = 0x00; 2298 s->mmio[0x07] = 0x00; 2299 s->mmio[0x08] = 0x80; // We can cache whole frame, not 64-bit capable 2300 s->mmio[0x09] = 0x68; // EECP 2301 s->mmio[0x0a] = 0x00; 2302 s->mmio[0x0b] = 0x00; 2303 2304 s->irq = s->dev.irq[3]; 2305 2306 usb_bus_new(&s->bus, &ehci_bus_ops, &s->dev.qdev); 2307 for(i = 0; i < NB_PORTS; i++) { 2308 usb_register_port(&s->bus, &s->ports[i], s, i, &ehci_port_ops, 2309 USB_SPEED_MASK_HIGH); 2310 s->ports[i].dev = 0; 2311 } 2312 2313 s->frame_timer = qemu_new_timer_ns(vm_clock, ehci_frame_timer, s); 2314 QTAILQ_INIT(&s->aqueues); 2315 QTAILQ_INIT(&s->pqueues); 2316 2317 qemu_register_reset(ehci_reset, s); 2318 2319 memory_region_init_io(&s->mem, &ehci_mem_ops, s, "ehci", MMIO_SIZE); 2320 pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mem); 2321 2322 return 0; 2323 } 2324 2325 static void ehci_register_types(void) 2326 { 2327 type_register_static(&ehci_info); 2328 type_register_static(&ich9_ehci_info); 2329 } 2330 2331 type_init(ehci_register_types) 2332 2333 /* 2334 * vim: expandtab ts=4 2335 */ 2336