1 /* 2 * QEMU USB EHCI Emulation 3 * 4 * Copyright(c) 2008 Emutex Ltd. (address@hidden) 5 * Copyright(c) 2011-2012 Red Hat, Inc. 6 * 7 * Red Hat Authors: 8 * Gerd Hoffmann <kraxel@redhat.com> 9 * Hans de Goede <hdegoede@redhat.com> 10 * 11 * EHCI project was started by Mark Burkley, with contributions by 12 * Niels de Vos. David S. Ahern continued working on it. Kevin Wolf, 13 * Jan Kiszka and Vincent Palatin contributed bugfixes. 14 * 15 * 16 * This library is free software; you can redistribute it and/or 17 * modify it under the terms of the GNU Lesser General Public 18 * License as published by the Free Software Foundation; either 19 * version 2 of the License, or(at your option) any later version. 20 * 21 * This library is distributed in the hope that it will be useful, 22 * but WITHOUT ANY WARRANTY; without even the implied warranty of 23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 24 * Lesser General Public License for more details. 25 * 26 * You should have received a copy of the GNU General Public License 27 * along with this program; if not, see <http://www.gnu.org/licenses/>. 28 */ 29 30 #include "hw/usb/hcd-ehci.h" 31 32 /* internal processing - reset HC to try and recover */ 33 #define USB_RET_PROCERR (-99) 34 35 /* Capability Registers Base Address - section 2.2 */ 36 #define CAPLENGTH 0x0000 /* 1-byte, 0x0001 reserved */ 37 #define HCIVERSION 0x0002 /* 2-bytes, i/f version # */ 38 #define HCSPARAMS 0x0004 /* 4-bytes, structural params */ 39 #define HCCPARAMS 0x0008 /* 4-bytes, capability params */ 40 #define EECP HCCPARAMS + 1 41 #define HCSPPORTROUTE1 0x000c 42 #define HCSPPORTROUTE2 0x0010 43 44 #define USBCMD 0x0000 45 #define USBCMD_RUNSTOP (1 << 0) // run / Stop 46 #define USBCMD_HCRESET (1 << 1) // HC Reset 47 #define USBCMD_FLS (3 << 2) // Frame List Size 48 #define USBCMD_FLS_SH 2 // Frame List Size Shift 49 #define USBCMD_PSE (1 << 4) // Periodic Schedule Enable 50 #define USBCMD_ASE (1 << 5) // Asynch Schedule Enable 51 #define USBCMD_IAAD (1 << 6) // Int Asynch Advance Doorbell 52 #define USBCMD_LHCR (1 << 7) // Light Host Controller Reset 53 #define USBCMD_ASPMC (3 << 8) // Async Sched Park Mode Count 54 #define USBCMD_ASPME (1 << 11) // Async Sched Park Mode Enable 55 #define USBCMD_ITC (0x7f << 16) // Int Threshold Control 56 #define USBCMD_ITC_SH 16 // Int Threshold Control Shift 57 58 #define USBSTS 0x0004 59 #define USBSTS_RO_MASK 0x0000003f 60 #define USBSTS_INT (1 << 0) // USB Interrupt 61 #define USBSTS_ERRINT (1 << 1) // Error Interrupt 62 #define USBSTS_PCD (1 << 2) // Port Change Detect 63 #define USBSTS_FLR (1 << 3) // Frame List Rollover 64 #define USBSTS_HSE (1 << 4) // Host System Error 65 #define USBSTS_IAA (1 << 5) // Interrupt on Async Advance 66 #define USBSTS_HALT (1 << 12) // HC Halted 67 #define USBSTS_REC (1 << 13) // Reclamation 68 #define USBSTS_PSS (1 << 14) // Periodic Schedule Status 69 #define USBSTS_ASS (1 << 15) // Asynchronous Schedule Status 70 71 /* 72 * Interrupt enable bits correspond to the interrupt active bits in USBSTS 73 * so no need to redefine here. 74 */ 75 #define USBINTR 0x0008 76 #define USBINTR_MASK 0x0000003f 77 78 #define FRINDEX 0x000c 79 #define CTRLDSSEGMENT 0x0010 80 #define PERIODICLISTBASE 0x0014 81 #define ASYNCLISTADDR 0x0018 82 #define ASYNCLISTADDR_MASK 0xffffffe0 83 84 #define CONFIGFLAG 0x0040 85 86 /* 87 * Bits that are reserved or are read-only are masked out of values 88 * written to us by software 89 */ 90 #define PORTSC_RO_MASK 0x007001c0 91 #define PORTSC_RWC_MASK 0x0000002a 92 #define PORTSC_WKOC_E (1 << 22) // Wake on Over Current Enable 93 #define PORTSC_WKDS_E (1 << 21) // Wake on Disconnect Enable 94 #define PORTSC_WKCN_E (1 << 20) // Wake on Connect Enable 95 #define PORTSC_PTC (15 << 16) // Port Test Control 96 #define PORTSC_PTC_SH 16 // Port Test Control shift 97 #define PORTSC_PIC (3 << 14) // Port Indicator Control 98 #define PORTSC_PIC_SH 14 // Port Indicator Control Shift 99 #define PORTSC_POWNER (1 << 13) // Port Owner 100 #define PORTSC_PPOWER (1 << 12) // Port Power 101 #define PORTSC_LINESTAT (3 << 10) // Port Line Status 102 #define PORTSC_LINESTAT_SH 10 // Port Line Status Shift 103 #define PORTSC_PRESET (1 << 8) // Port Reset 104 #define PORTSC_SUSPEND (1 << 7) // Port Suspend 105 #define PORTSC_FPRES (1 << 6) // Force Port Resume 106 #define PORTSC_OCC (1 << 5) // Over Current Change 107 #define PORTSC_OCA (1 << 4) // Over Current Active 108 #define PORTSC_PEDC (1 << 3) // Port Enable/Disable Change 109 #define PORTSC_PED (1 << 2) // Port Enable/Disable 110 #define PORTSC_CSC (1 << 1) // Connect Status Change 111 #define PORTSC_CONNECT (1 << 0) // Current Connect Status 112 113 #define FRAME_TIMER_FREQ 1000 114 #define FRAME_TIMER_NS (1000000000 / FRAME_TIMER_FREQ) 115 116 #define NB_MAXINTRATE 8 // Max rate at which controller issues ints 117 #define BUFF_SIZE 5*4096 // Max bytes to transfer per transaction 118 #define MAX_QH 100 // Max allowable queue heads in a chain 119 #define MIN_FR_PER_TICK 3 // Min frames to process when catching up 120 121 /* Internal periodic / asynchronous schedule state machine states 122 */ 123 typedef enum { 124 EST_INACTIVE = 1000, 125 EST_ACTIVE, 126 EST_EXECUTING, 127 EST_SLEEPING, 128 /* The following states are internal to the state machine function 129 */ 130 EST_WAITLISTHEAD, 131 EST_FETCHENTRY, 132 EST_FETCHQH, 133 EST_FETCHITD, 134 EST_FETCHSITD, 135 EST_ADVANCEQUEUE, 136 EST_FETCHQTD, 137 EST_EXECUTE, 138 EST_WRITEBACK, 139 EST_HORIZONTALQH 140 } EHCI_STATES; 141 142 /* macros for accessing fields within next link pointer entry */ 143 #define NLPTR_GET(x) ((x) & 0xffffffe0) 144 #define NLPTR_TYPE_GET(x) (((x) >> 1) & 3) 145 #define NLPTR_TBIT(x) ((x) & 1) // 1=invalid, 0=valid 146 147 /* link pointer types */ 148 #define NLPTR_TYPE_ITD 0 // isoc xfer descriptor 149 #define NLPTR_TYPE_QH 1 // queue head 150 #define NLPTR_TYPE_STITD 2 // split xaction, isoc xfer descriptor 151 #define NLPTR_TYPE_FSTN 3 // frame span traversal node 152 153 #define SET_LAST_RUN_CLOCK(s) \ 154 (s)->last_run_ns = qemu_get_clock_ns(vm_clock); 155 156 /* nifty macros from Arnon's EHCI version */ 157 #define get_field(data, field) \ 158 (((data) & field##_MASK) >> field##_SH) 159 160 #define set_field(data, newval, field) do { \ 161 uint32_t val = *data; \ 162 val &= ~ field##_MASK; \ 163 val |= ((newval) << field##_SH) & field##_MASK; \ 164 *data = val; \ 165 } while(0) 166 167 static const char *ehci_state_names[] = { 168 [EST_INACTIVE] = "INACTIVE", 169 [EST_ACTIVE] = "ACTIVE", 170 [EST_EXECUTING] = "EXECUTING", 171 [EST_SLEEPING] = "SLEEPING", 172 [EST_WAITLISTHEAD] = "WAITLISTHEAD", 173 [EST_FETCHENTRY] = "FETCH ENTRY", 174 [EST_FETCHQH] = "FETCH QH", 175 [EST_FETCHITD] = "FETCH ITD", 176 [EST_ADVANCEQUEUE] = "ADVANCEQUEUE", 177 [EST_FETCHQTD] = "FETCH QTD", 178 [EST_EXECUTE] = "EXECUTE", 179 [EST_WRITEBACK] = "WRITEBACK", 180 [EST_HORIZONTALQH] = "HORIZONTALQH", 181 }; 182 183 static const char *ehci_mmio_names[] = { 184 [USBCMD] = "USBCMD", 185 [USBSTS] = "USBSTS", 186 [USBINTR] = "USBINTR", 187 [FRINDEX] = "FRINDEX", 188 [PERIODICLISTBASE] = "P-LIST BASE", 189 [ASYNCLISTADDR] = "A-LIST ADDR", 190 [CONFIGFLAG] = "CONFIGFLAG", 191 }; 192 193 static int ehci_state_executing(EHCIQueue *q); 194 static int ehci_state_writeback(EHCIQueue *q); 195 static int ehci_fill_queue(EHCIPacket *p); 196 197 static const char *nr2str(const char **n, size_t len, uint32_t nr) 198 { 199 if (nr < len && n[nr] != NULL) { 200 return n[nr]; 201 } else { 202 return "unknown"; 203 } 204 } 205 206 static const char *state2str(uint32_t state) 207 { 208 return nr2str(ehci_state_names, ARRAY_SIZE(ehci_state_names), state); 209 } 210 211 static const char *addr2str(hwaddr addr) 212 { 213 return nr2str(ehci_mmio_names, ARRAY_SIZE(ehci_mmio_names), addr); 214 } 215 216 static void ehci_trace_usbsts(uint32_t mask, int state) 217 { 218 /* interrupts */ 219 if (mask & USBSTS_INT) { 220 trace_usb_ehci_usbsts("INT", state); 221 } 222 if (mask & USBSTS_ERRINT) { 223 trace_usb_ehci_usbsts("ERRINT", state); 224 } 225 if (mask & USBSTS_PCD) { 226 trace_usb_ehci_usbsts("PCD", state); 227 } 228 if (mask & USBSTS_FLR) { 229 trace_usb_ehci_usbsts("FLR", state); 230 } 231 if (mask & USBSTS_HSE) { 232 trace_usb_ehci_usbsts("HSE", state); 233 } 234 if (mask & USBSTS_IAA) { 235 trace_usb_ehci_usbsts("IAA", state); 236 } 237 238 /* status */ 239 if (mask & USBSTS_HALT) { 240 trace_usb_ehci_usbsts("HALT", state); 241 } 242 if (mask & USBSTS_REC) { 243 trace_usb_ehci_usbsts("REC", state); 244 } 245 if (mask & USBSTS_PSS) { 246 trace_usb_ehci_usbsts("PSS", state); 247 } 248 if (mask & USBSTS_ASS) { 249 trace_usb_ehci_usbsts("ASS", state); 250 } 251 } 252 253 static inline void ehci_set_usbsts(EHCIState *s, int mask) 254 { 255 if ((s->usbsts & mask) == mask) { 256 return; 257 } 258 ehci_trace_usbsts(mask, 1); 259 s->usbsts |= mask; 260 } 261 262 static inline void ehci_clear_usbsts(EHCIState *s, int mask) 263 { 264 if ((s->usbsts & mask) == 0) { 265 return; 266 } 267 ehci_trace_usbsts(mask, 0); 268 s->usbsts &= ~mask; 269 } 270 271 /* update irq line */ 272 static inline void ehci_update_irq(EHCIState *s) 273 { 274 int level = 0; 275 276 if ((s->usbsts & USBINTR_MASK) & s->usbintr) { 277 level = 1; 278 } 279 280 trace_usb_ehci_irq(level, s->frindex, s->usbsts, s->usbintr); 281 qemu_set_irq(s->irq, level); 282 } 283 284 /* flag interrupt condition */ 285 static inline void ehci_raise_irq(EHCIState *s, int intr) 286 { 287 if (intr & (USBSTS_PCD | USBSTS_FLR | USBSTS_HSE)) { 288 s->usbsts |= intr; 289 ehci_update_irq(s); 290 } else { 291 s->usbsts_pending |= intr; 292 } 293 } 294 295 /* 296 * Commit pending interrupts (added via ehci_raise_irq), 297 * at the rate allowed by "Interrupt Threshold Control". 298 */ 299 static inline void ehci_commit_irq(EHCIState *s) 300 { 301 uint32_t itc; 302 303 if (!s->usbsts_pending) { 304 return; 305 } 306 if (s->usbsts_frindex > s->frindex) { 307 return; 308 } 309 310 itc = (s->usbcmd >> 16) & 0xff; 311 s->usbsts |= s->usbsts_pending; 312 s->usbsts_pending = 0; 313 s->usbsts_frindex = s->frindex + itc; 314 ehci_update_irq(s); 315 } 316 317 static void ehci_update_halt(EHCIState *s) 318 { 319 if (s->usbcmd & USBCMD_RUNSTOP) { 320 ehci_clear_usbsts(s, USBSTS_HALT); 321 } else { 322 if (s->astate == EST_INACTIVE && s->pstate == EST_INACTIVE) { 323 ehci_set_usbsts(s, USBSTS_HALT); 324 } 325 } 326 } 327 328 static void ehci_set_state(EHCIState *s, int async, int state) 329 { 330 if (async) { 331 trace_usb_ehci_state("async", state2str(state)); 332 s->astate = state; 333 if (s->astate == EST_INACTIVE) { 334 ehci_clear_usbsts(s, USBSTS_ASS); 335 ehci_update_halt(s); 336 } else { 337 ehci_set_usbsts(s, USBSTS_ASS); 338 } 339 } else { 340 trace_usb_ehci_state("periodic", state2str(state)); 341 s->pstate = state; 342 if (s->pstate == EST_INACTIVE) { 343 ehci_clear_usbsts(s, USBSTS_PSS); 344 ehci_update_halt(s); 345 } else { 346 ehci_set_usbsts(s, USBSTS_PSS); 347 } 348 } 349 } 350 351 static int ehci_get_state(EHCIState *s, int async) 352 { 353 return async ? s->astate : s->pstate; 354 } 355 356 static void ehci_set_fetch_addr(EHCIState *s, int async, uint32_t addr) 357 { 358 if (async) { 359 s->a_fetch_addr = addr; 360 } else { 361 s->p_fetch_addr = addr; 362 } 363 } 364 365 static int ehci_get_fetch_addr(EHCIState *s, int async) 366 { 367 return async ? s->a_fetch_addr : s->p_fetch_addr; 368 } 369 370 static void ehci_trace_qh(EHCIQueue *q, hwaddr addr, EHCIqh *qh) 371 { 372 /* need three here due to argument count limits */ 373 trace_usb_ehci_qh_ptrs(q, addr, qh->next, 374 qh->current_qtd, qh->next_qtd, qh->altnext_qtd); 375 trace_usb_ehci_qh_fields(addr, 376 get_field(qh->epchar, QH_EPCHAR_RL), 377 get_field(qh->epchar, QH_EPCHAR_MPLEN), 378 get_field(qh->epchar, QH_EPCHAR_EPS), 379 get_field(qh->epchar, QH_EPCHAR_EP), 380 get_field(qh->epchar, QH_EPCHAR_DEVADDR)); 381 trace_usb_ehci_qh_bits(addr, 382 (bool)(qh->epchar & QH_EPCHAR_C), 383 (bool)(qh->epchar & QH_EPCHAR_H), 384 (bool)(qh->epchar & QH_EPCHAR_DTC), 385 (bool)(qh->epchar & QH_EPCHAR_I)); 386 } 387 388 static void ehci_trace_qtd(EHCIQueue *q, hwaddr addr, EHCIqtd *qtd) 389 { 390 /* need three here due to argument count limits */ 391 trace_usb_ehci_qtd_ptrs(q, addr, qtd->next, qtd->altnext); 392 trace_usb_ehci_qtd_fields(addr, 393 get_field(qtd->token, QTD_TOKEN_TBYTES), 394 get_field(qtd->token, QTD_TOKEN_CPAGE), 395 get_field(qtd->token, QTD_TOKEN_CERR), 396 get_field(qtd->token, QTD_TOKEN_PID)); 397 trace_usb_ehci_qtd_bits(addr, 398 (bool)(qtd->token & QTD_TOKEN_IOC), 399 (bool)(qtd->token & QTD_TOKEN_ACTIVE), 400 (bool)(qtd->token & QTD_TOKEN_HALT), 401 (bool)(qtd->token & QTD_TOKEN_BABBLE), 402 (bool)(qtd->token & QTD_TOKEN_XACTERR)); 403 } 404 405 static void ehci_trace_itd(EHCIState *s, hwaddr addr, EHCIitd *itd) 406 { 407 trace_usb_ehci_itd(addr, itd->next, 408 get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT), 409 get_field(itd->bufptr[2], ITD_BUFPTR_MULT), 410 get_field(itd->bufptr[0], ITD_BUFPTR_EP), 411 get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR)); 412 } 413 414 static void ehci_trace_sitd(EHCIState *s, hwaddr addr, 415 EHCIsitd *sitd) 416 { 417 trace_usb_ehci_sitd(addr, sitd->next, 418 (bool)(sitd->results & SITD_RESULTS_ACTIVE)); 419 } 420 421 static void ehci_trace_guest_bug(EHCIState *s, const char *message) 422 { 423 trace_usb_ehci_guest_bug(message); 424 fprintf(stderr, "ehci warning: %s\n", message); 425 } 426 427 static inline bool ehci_enabled(EHCIState *s) 428 { 429 return s->usbcmd & USBCMD_RUNSTOP; 430 } 431 432 static inline bool ehci_async_enabled(EHCIState *s) 433 { 434 return ehci_enabled(s) && (s->usbcmd & USBCMD_ASE); 435 } 436 437 static inline bool ehci_periodic_enabled(EHCIState *s) 438 { 439 return ehci_enabled(s) && (s->usbcmd & USBCMD_PSE); 440 } 441 442 /* packet management */ 443 444 static EHCIPacket *ehci_alloc_packet(EHCIQueue *q) 445 { 446 EHCIPacket *p; 447 448 p = g_new0(EHCIPacket, 1); 449 p->queue = q; 450 usb_packet_init(&p->packet); 451 QTAILQ_INSERT_TAIL(&q->packets, p, next); 452 trace_usb_ehci_packet_action(p->queue, p, "alloc"); 453 return p; 454 } 455 456 static void ehci_free_packet(EHCIPacket *p) 457 { 458 if (p->async == EHCI_ASYNC_FINISHED) { 459 int state = ehci_get_state(p->queue->ehci, p->queue->async); 460 /* This is a normal, but rare condition (cancel racing completion) */ 461 fprintf(stderr, "EHCI: Warning packet completed but not processed\n"); 462 ehci_state_executing(p->queue); 463 ehci_state_writeback(p->queue); 464 ehci_set_state(p->queue->ehci, p->queue->async, state); 465 /* state_writeback recurses into us with async == EHCI_ASYNC_NONE!! */ 466 return; 467 } 468 trace_usb_ehci_packet_action(p->queue, p, "free"); 469 if (p->async == EHCI_ASYNC_INITIALIZED) { 470 usb_packet_unmap(&p->packet, &p->sgl); 471 qemu_sglist_destroy(&p->sgl); 472 } 473 if (p->async == EHCI_ASYNC_INFLIGHT) { 474 usb_cancel_packet(&p->packet); 475 usb_packet_unmap(&p->packet, &p->sgl); 476 qemu_sglist_destroy(&p->sgl); 477 } 478 QTAILQ_REMOVE(&p->queue->packets, p, next); 479 usb_packet_cleanup(&p->packet); 480 g_free(p); 481 } 482 483 /* queue management */ 484 485 static EHCIQueue *ehci_alloc_queue(EHCIState *ehci, uint32_t addr, int async) 486 { 487 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 488 EHCIQueue *q; 489 490 q = g_malloc0(sizeof(*q)); 491 q->ehci = ehci; 492 q->qhaddr = addr; 493 q->async = async; 494 QTAILQ_INIT(&q->packets); 495 QTAILQ_INSERT_HEAD(head, q, next); 496 trace_usb_ehci_queue_action(q, "alloc"); 497 return q; 498 } 499 500 static int ehci_cancel_queue(EHCIQueue *q) 501 { 502 EHCIPacket *p; 503 int packets = 0; 504 505 p = QTAILQ_FIRST(&q->packets); 506 if (p == NULL) { 507 return 0; 508 } 509 510 trace_usb_ehci_queue_action(q, "cancel"); 511 do { 512 ehci_free_packet(p); 513 packets++; 514 } while ((p = QTAILQ_FIRST(&q->packets)) != NULL); 515 return packets; 516 } 517 518 static int ehci_reset_queue(EHCIQueue *q) 519 { 520 int packets; 521 522 trace_usb_ehci_queue_action(q, "reset"); 523 packets = ehci_cancel_queue(q); 524 q->dev = NULL; 525 q->qtdaddr = 0; 526 return packets; 527 } 528 529 static void ehci_free_queue(EHCIQueue *q, const char *warn) 530 { 531 EHCIQueueHead *head = q->async ? &q->ehci->aqueues : &q->ehci->pqueues; 532 int cancelled; 533 534 trace_usb_ehci_queue_action(q, "free"); 535 cancelled = ehci_cancel_queue(q); 536 if (warn && cancelled > 0) { 537 ehci_trace_guest_bug(q->ehci, warn); 538 } 539 QTAILQ_REMOVE(head, q, next); 540 g_free(q); 541 } 542 543 static EHCIQueue *ehci_find_queue_by_qh(EHCIState *ehci, uint32_t addr, 544 int async) 545 { 546 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 547 EHCIQueue *q; 548 549 QTAILQ_FOREACH(q, head, next) { 550 if (addr == q->qhaddr) { 551 return q; 552 } 553 } 554 return NULL; 555 } 556 557 static void ehci_queues_rip_unused(EHCIState *ehci, int async) 558 { 559 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 560 const char *warn = async ? "guest unlinked busy QH" : NULL; 561 uint64_t maxage = FRAME_TIMER_NS * ehci->maxframes * 4; 562 EHCIQueue *q, *tmp; 563 564 QTAILQ_FOREACH_SAFE(q, head, next, tmp) { 565 if (q->seen) { 566 q->seen = 0; 567 q->ts = ehci->last_run_ns; 568 continue; 569 } 570 if (ehci->last_run_ns < q->ts + maxage) { 571 continue; 572 } 573 ehci_free_queue(q, warn); 574 } 575 } 576 577 static void ehci_queues_rip_unseen(EHCIState *ehci, int async) 578 { 579 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 580 EHCIQueue *q, *tmp; 581 582 QTAILQ_FOREACH_SAFE(q, head, next, tmp) { 583 if (!q->seen) { 584 ehci_free_queue(q, NULL); 585 } 586 } 587 } 588 589 static void ehci_queues_rip_device(EHCIState *ehci, USBDevice *dev, int async) 590 { 591 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 592 EHCIQueue *q, *tmp; 593 594 QTAILQ_FOREACH_SAFE(q, head, next, tmp) { 595 if (q->dev != dev) { 596 continue; 597 } 598 ehci_free_queue(q, NULL); 599 } 600 } 601 602 static void ehci_queues_rip_all(EHCIState *ehci, int async) 603 { 604 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 605 const char *warn = async ? "guest stopped busy async schedule" : NULL; 606 EHCIQueue *q, *tmp; 607 608 QTAILQ_FOREACH_SAFE(q, head, next, tmp) { 609 ehci_free_queue(q, warn); 610 } 611 } 612 613 /* Attach or detach a device on root hub */ 614 615 static void ehci_attach(USBPort *port) 616 { 617 EHCIState *s = port->opaque; 618 uint32_t *portsc = &s->portsc[port->index]; 619 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci"; 620 621 trace_usb_ehci_port_attach(port->index, owner, port->dev->product_desc); 622 623 if (*portsc & PORTSC_POWNER) { 624 USBPort *companion = s->companion_ports[port->index]; 625 companion->dev = port->dev; 626 companion->ops->attach(companion); 627 return; 628 } 629 630 *portsc |= PORTSC_CONNECT; 631 *portsc |= PORTSC_CSC; 632 633 ehci_raise_irq(s, USBSTS_PCD); 634 ehci_commit_irq(s); 635 } 636 637 static void ehci_detach(USBPort *port) 638 { 639 EHCIState *s = port->opaque; 640 uint32_t *portsc = &s->portsc[port->index]; 641 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci"; 642 643 trace_usb_ehci_port_detach(port->index, owner); 644 645 if (*portsc & PORTSC_POWNER) { 646 USBPort *companion = s->companion_ports[port->index]; 647 companion->ops->detach(companion); 648 companion->dev = NULL; 649 /* 650 * EHCI spec 4.2.2: "When a disconnect occurs... On the event, 651 * the port ownership is returned immediately to the EHCI controller." 652 */ 653 *portsc &= ~PORTSC_POWNER; 654 return; 655 } 656 657 ehci_queues_rip_device(s, port->dev, 0); 658 ehci_queues_rip_device(s, port->dev, 1); 659 660 *portsc &= ~(PORTSC_CONNECT|PORTSC_PED); 661 *portsc |= PORTSC_CSC; 662 663 ehci_raise_irq(s, USBSTS_PCD); 664 ehci_commit_irq(s); 665 } 666 667 static void ehci_child_detach(USBPort *port, USBDevice *child) 668 { 669 EHCIState *s = port->opaque; 670 uint32_t portsc = s->portsc[port->index]; 671 672 if (portsc & PORTSC_POWNER) { 673 USBPort *companion = s->companion_ports[port->index]; 674 companion->ops->child_detach(companion, child); 675 return; 676 } 677 678 ehci_queues_rip_device(s, child, 0); 679 ehci_queues_rip_device(s, child, 1); 680 } 681 682 static void ehci_wakeup(USBPort *port) 683 { 684 EHCIState *s = port->opaque; 685 uint32_t portsc = s->portsc[port->index]; 686 687 if (portsc & PORTSC_POWNER) { 688 USBPort *companion = s->companion_ports[port->index]; 689 if (companion->ops->wakeup) { 690 companion->ops->wakeup(companion); 691 } 692 return; 693 } 694 695 qemu_bh_schedule(s->async_bh); 696 } 697 698 static int ehci_register_companion(USBBus *bus, USBPort *ports[], 699 uint32_t portcount, uint32_t firstport) 700 { 701 EHCIState *s = container_of(bus, EHCIState, bus); 702 uint32_t i; 703 704 if (firstport + portcount > NB_PORTS) { 705 qerror_report(QERR_INVALID_PARAMETER_VALUE, "firstport", 706 "firstport on masterbus"); 707 error_printf_unless_qmp( 708 "firstport value of %u makes companion take ports %u - %u, which " 709 "is outside of the valid range of 0 - %u\n", firstport, firstport, 710 firstport + portcount - 1, NB_PORTS - 1); 711 return -1; 712 } 713 714 for (i = 0; i < portcount; i++) { 715 if (s->companion_ports[firstport + i]) { 716 qerror_report(QERR_INVALID_PARAMETER_VALUE, "masterbus", 717 "an USB masterbus"); 718 error_printf_unless_qmp( 719 "port %u on masterbus %s already has a companion assigned\n", 720 firstport + i, bus->qbus.name); 721 return -1; 722 } 723 } 724 725 for (i = 0; i < portcount; i++) { 726 s->companion_ports[firstport + i] = ports[i]; 727 s->ports[firstport + i].speedmask |= 728 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL; 729 /* Ensure devs attached before the initial reset go to the companion */ 730 s->portsc[firstport + i] = PORTSC_POWNER; 731 } 732 733 s->companion_count++; 734 s->caps[0x05] = (s->companion_count << 4) | portcount; 735 736 return 0; 737 } 738 739 static USBDevice *ehci_find_device(EHCIState *ehci, uint8_t addr) 740 { 741 USBDevice *dev; 742 USBPort *port; 743 int i; 744 745 for (i = 0; i < NB_PORTS; i++) { 746 port = &ehci->ports[i]; 747 if (!(ehci->portsc[i] & PORTSC_PED)) { 748 DPRINTF("Port %d not enabled\n", i); 749 continue; 750 } 751 dev = usb_find_device(port, addr); 752 if (dev != NULL) { 753 return dev; 754 } 755 } 756 return NULL; 757 } 758 759 /* 4.1 host controller initialization */ 760 static void ehci_reset(void *opaque) 761 { 762 EHCIState *s = opaque; 763 int i; 764 USBDevice *devs[NB_PORTS]; 765 766 trace_usb_ehci_reset(); 767 768 /* 769 * Do the detach before touching portsc, so that it correctly gets send to 770 * us or to our companion based on PORTSC_POWNER before the reset. 771 */ 772 for(i = 0; i < NB_PORTS; i++) { 773 devs[i] = s->ports[i].dev; 774 if (devs[i] && devs[i]->attached) { 775 usb_detach(&s->ports[i]); 776 } 777 } 778 779 memset(&s->opreg, 0x00, sizeof(s->opreg)); 780 memset(&s->portsc, 0x00, sizeof(s->portsc)); 781 782 s->usbcmd = NB_MAXINTRATE << USBCMD_ITC_SH; 783 s->usbsts = USBSTS_HALT; 784 s->usbsts_pending = 0; 785 s->usbsts_frindex = 0; 786 787 s->astate = EST_INACTIVE; 788 s->pstate = EST_INACTIVE; 789 790 for(i = 0; i < NB_PORTS; i++) { 791 if (s->companion_ports[i]) { 792 s->portsc[i] = PORTSC_POWNER | PORTSC_PPOWER; 793 } else { 794 s->portsc[i] = PORTSC_PPOWER; 795 } 796 if (devs[i] && devs[i]->attached) { 797 usb_attach(&s->ports[i]); 798 usb_device_reset(devs[i]); 799 } 800 } 801 ehci_queues_rip_all(s, 0); 802 ehci_queues_rip_all(s, 1); 803 qemu_del_timer(s->frame_timer); 804 qemu_bh_cancel(s->async_bh); 805 } 806 807 static uint64_t ehci_caps_read(void *ptr, hwaddr addr, 808 unsigned size) 809 { 810 EHCIState *s = ptr; 811 return s->caps[addr]; 812 } 813 814 static uint64_t ehci_opreg_read(void *ptr, hwaddr addr, 815 unsigned size) 816 { 817 EHCIState *s = ptr; 818 uint32_t val; 819 820 val = s->opreg[addr >> 2]; 821 trace_usb_ehci_opreg_read(addr + s->opregbase, addr2str(addr), val); 822 return val; 823 } 824 825 static uint64_t ehci_port_read(void *ptr, hwaddr addr, 826 unsigned size) 827 { 828 EHCIState *s = ptr; 829 uint32_t val; 830 831 val = s->portsc[addr >> 2]; 832 trace_usb_ehci_portsc_read(addr + PORTSC_BEGIN, addr >> 2, val); 833 return val; 834 } 835 836 static void handle_port_owner_write(EHCIState *s, int port, uint32_t owner) 837 { 838 USBDevice *dev = s->ports[port].dev; 839 uint32_t *portsc = &s->portsc[port]; 840 uint32_t orig; 841 842 if (s->companion_ports[port] == NULL) 843 return; 844 845 owner = owner & PORTSC_POWNER; 846 orig = *portsc & PORTSC_POWNER; 847 848 if (!(owner ^ orig)) { 849 return; 850 } 851 852 if (dev && dev->attached) { 853 usb_detach(&s->ports[port]); 854 } 855 856 *portsc &= ~PORTSC_POWNER; 857 *portsc |= owner; 858 859 if (dev && dev->attached) { 860 usb_attach(&s->ports[port]); 861 } 862 } 863 864 static void ehci_port_write(void *ptr, hwaddr addr, 865 uint64_t val, unsigned size) 866 { 867 EHCIState *s = ptr; 868 int port = addr >> 2; 869 uint32_t *portsc = &s->portsc[port]; 870 uint32_t old = *portsc; 871 USBDevice *dev = s->ports[port].dev; 872 873 trace_usb_ehci_portsc_write(addr + PORTSC_BEGIN, addr >> 2, val); 874 875 /* Clear rwc bits */ 876 *portsc &= ~(val & PORTSC_RWC_MASK); 877 /* The guest may clear, but not set the PED bit */ 878 *portsc &= val | ~PORTSC_PED; 879 /* POWNER is masked out by RO_MASK as it is RO when we've no companion */ 880 handle_port_owner_write(s, port, val); 881 /* And finally apply RO_MASK */ 882 val &= PORTSC_RO_MASK; 883 884 if ((val & PORTSC_PRESET) && !(*portsc & PORTSC_PRESET)) { 885 trace_usb_ehci_port_reset(port, 1); 886 } 887 888 if (!(val & PORTSC_PRESET) &&(*portsc & PORTSC_PRESET)) { 889 trace_usb_ehci_port_reset(port, 0); 890 if (dev && dev->attached) { 891 usb_port_reset(&s->ports[port]); 892 *portsc &= ~PORTSC_CSC; 893 } 894 895 /* 896 * Table 2.16 Set the enable bit(and enable bit change) to indicate 897 * to SW that this port has a high speed device attached 898 */ 899 if (dev && dev->attached && (dev->speedmask & USB_SPEED_MASK_HIGH)) { 900 val |= PORTSC_PED; 901 } 902 } 903 904 *portsc &= ~PORTSC_RO_MASK; 905 *portsc |= val; 906 trace_usb_ehci_portsc_change(addr + PORTSC_BEGIN, addr >> 2, *portsc, old); 907 } 908 909 static void ehci_opreg_write(void *ptr, hwaddr addr, 910 uint64_t val, unsigned size) 911 { 912 EHCIState *s = ptr; 913 uint32_t *mmio = s->opreg + (addr >> 2); 914 uint32_t old = *mmio; 915 int i; 916 917 trace_usb_ehci_opreg_write(addr + s->opregbase, addr2str(addr), val); 918 919 switch (addr) { 920 case USBCMD: 921 if (val & USBCMD_HCRESET) { 922 ehci_reset(s); 923 val = s->usbcmd; 924 break; 925 } 926 927 /* not supporting dynamic frame list size at the moment */ 928 if ((val & USBCMD_FLS) && !(s->usbcmd & USBCMD_FLS)) { 929 fprintf(stderr, "attempt to set frame list size -- value %d\n", 930 (int)val & USBCMD_FLS); 931 val &= ~USBCMD_FLS; 932 } 933 934 if (val & USBCMD_IAAD) { 935 /* 936 * Process IAAD immediately, otherwise the Linux IAAD watchdog may 937 * trigger and re-use a qh without us seeing the unlink. 938 */ 939 s->async_stepdown = 0; 940 qemu_bh_schedule(s->async_bh); 941 trace_usb_ehci_doorbell_ring(); 942 } 943 944 if (((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & val) != 945 ((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & s->usbcmd)) { 946 if (s->pstate == EST_INACTIVE) { 947 SET_LAST_RUN_CLOCK(s); 948 } 949 s->usbcmd = val; /* Set usbcmd for ehci_update_halt() */ 950 ehci_update_halt(s); 951 s->async_stepdown = 0; 952 qemu_bh_schedule(s->async_bh); 953 } 954 break; 955 956 case USBSTS: 957 val &= USBSTS_RO_MASK; // bits 6 through 31 are RO 958 ehci_clear_usbsts(s, val); // bits 0 through 5 are R/WC 959 val = s->usbsts; 960 ehci_update_irq(s); 961 break; 962 963 case USBINTR: 964 val &= USBINTR_MASK; 965 break; 966 967 case FRINDEX: 968 val &= 0x00003ff8; /* frindex is 14bits and always a multiple of 8 */ 969 break; 970 971 case CONFIGFLAG: 972 val &= 0x1; 973 if (val) { 974 for(i = 0; i < NB_PORTS; i++) 975 handle_port_owner_write(s, i, 0); 976 } 977 break; 978 979 case PERIODICLISTBASE: 980 if (ehci_periodic_enabled(s)) { 981 fprintf(stderr, 982 "ehci: PERIODIC list base register set while periodic schedule\n" 983 " is enabled and HC is enabled\n"); 984 } 985 break; 986 987 case ASYNCLISTADDR: 988 if (ehci_async_enabled(s)) { 989 fprintf(stderr, 990 "ehci: ASYNC list address register set while async schedule\n" 991 " is enabled and HC is enabled\n"); 992 } 993 break; 994 } 995 996 *mmio = val; 997 trace_usb_ehci_opreg_change(addr + s->opregbase, addr2str(addr), 998 *mmio, old); 999 } 1000 1001 1002 // TODO : Put in common header file, duplication from usb-ohci.c 1003 1004 /* Get an array of dwords from main memory */ 1005 static inline int get_dwords(EHCIState *ehci, uint32_t addr, 1006 uint32_t *buf, int num) 1007 { 1008 int i; 1009 1010 for(i = 0; i < num; i++, buf++, addr += sizeof(*buf)) { 1011 dma_memory_read(ehci->dma, addr, buf, sizeof(*buf)); 1012 *buf = le32_to_cpu(*buf); 1013 } 1014 1015 return 1; 1016 } 1017 1018 /* Put an array of dwords in to main memory */ 1019 static inline int put_dwords(EHCIState *ehci, uint32_t addr, 1020 uint32_t *buf, int num) 1021 { 1022 int i; 1023 1024 for(i = 0; i < num; i++, buf++, addr += sizeof(*buf)) { 1025 uint32_t tmp = cpu_to_le32(*buf); 1026 dma_memory_write(ehci->dma, addr, &tmp, sizeof(tmp)); 1027 } 1028 1029 return 1; 1030 } 1031 1032 /* 1033 * Write the qh back to guest physical memory. This step isn't 1034 * in the EHCI spec but we need to do it since we don't share 1035 * physical memory with our guest VM. 1036 * 1037 * The first three dwords are read-only for the EHCI, so skip them 1038 * when writing back the qh. 1039 */ 1040 static void ehci_flush_qh(EHCIQueue *q) 1041 { 1042 uint32_t *qh = (uint32_t *) &q->qh; 1043 uint32_t dwords = sizeof(EHCIqh) >> 2; 1044 uint32_t addr = NLPTR_GET(q->qhaddr); 1045 1046 put_dwords(q->ehci, addr + 3 * sizeof(uint32_t), qh + 3, dwords - 3); 1047 } 1048 1049 // 4.10.2 1050 1051 static int ehci_qh_do_overlay(EHCIQueue *q) 1052 { 1053 EHCIPacket *p = QTAILQ_FIRST(&q->packets); 1054 int i; 1055 int dtoggle; 1056 int ping; 1057 int eps; 1058 int reload; 1059 1060 assert(p != NULL); 1061 assert(p->qtdaddr == q->qtdaddr); 1062 1063 // remember values in fields to preserve in qh after overlay 1064 1065 dtoggle = q->qh.token & QTD_TOKEN_DTOGGLE; 1066 ping = q->qh.token & QTD_TOKEN_PING; 1067 1068 q->qh.current_qtd = p->qtdaddr; 1069 q->qh.next_qtd = p->qtd.next; 1070 q->qh.altnext_qtd = p->qtd.altnext; 1071 q->qh.token = p->qtd.token; 1072 1073 1074 eps = get_field(q->qh.epchar, QH_EPCHAR_EPS); 1075 if (eps == EHCI_QH_EPS_HIGH) { 1076 q->qh.token &= ~QTD_TOKEN_PING; 1077 q->qh.token |= ping; 1078 } 1079 1080 reload = get_field(q->qh.epchar, QH_EPCHAR_RL); 1081 set_field(&q->qh.altnext_qtd, reload, QH_ALTNEXT_NAKCNT); 1082 1083 for (i = 0; i < 5; i++) { 1084 q->qh.bufptr[i] = p->qtd.bufptr[i]; 1085 } 1086 1087 if (!(q->qh.epchar & QH_EPCHAR_DTC)) { 1088 // preserve QH DT bit 1089 q->qh.token &= ~QTD_TOKEN_DTOGGLE; 1090 q->qh.token |= dtoggle; 1091 } 1092 1093 q->qh.bufptr[1] &= ~BUFPTR_CPROGMASK_MASK; 1094 q->qh.bufptr[2] &= ~BUFPTR_FRAMETAG_MASK; 1095 1096 ehci_flush_qh(q); 1097 1098 return 0; 1099 } 1100 1101 static int ehci_init_transfer(EHCIPacket *p) 1102 { 1103 uint32_t cpage, offset, bytes, plen; 1104 dma_addr_t page; 1105 1106 cpage = get_field(p->qtd.token, QTD_TOKEN_CPAGE); 1107 bytes = get_field(p->qtd.token, QTD_TOKEN_TBYTES); 1108 offset = p->qtd.bufptr[0] & ~QTD_BUFPTR_MASK; 1109 qemu_sglist_init(&p->sgl, 5, p->queue->ehci->dma); 1110 1111 while (bytes > 0) { 1112 if (cpage > 4) { 1113 fprintf(stderr, "cpage out of range (%d)\n", cpage); 1114 return USB_RET_PROCERR; 1115 } 1116 1117 page = p->qtd.bufptr[cpage] & QTD_BUFPTR_MASK; 1118 page += offset; 1119 plen = bytes; 1120 if (plen > 4096 - offset) { 1121 plen = 4096 - offset; 1122 offset = 0; 1123 cpage++; 1124 } 1125 1126 qemu_sglist_add(&p->sgl, page, plen); 1127 bytes -= plen; 1128 } 1129 return 0; 1130 } 1131 1132 static void ehci_finish_transfer(EHCIQueue *q, int status) 1133 { 1134 uint32_t cpage, offset; 1135 1136 if (status > 0) { 1137 /* update cpage & offset */ 1138 cpage = get_field(q->qh.token, QTD_TOKEN_CPAGE); 1139 offset = q->qh.bufptr[0] & ~QTD_BUFPTR_MASK; 1140 1141 offset += status; 1142 cpage += offset >> QTD_BUFPTR_SH; 1143 offset &= ~QTD_BUFPTR_MASK; 1144 1145 set_field(&q->qh.token, cpage, QTD_TOKEN_CPAGE); 1146 q->qh.bufptr[0] &= QTD_BUFPTR_MASK; 1147 q->qh.bufptr[0] |= offset; 1148 } 1149 } 1150 1151 static void ehci_async_complete_packet(USBPort *port, USBPacket *packet) 1152 { 1153 EHCIPacket *p; 1154 EHCIState *s = port->opaque; 1155 uint32_t portsc = s->portsc[port->index]; 1156 1157 if (portsc & PORTSC_POWNER) { 1158 USBPort *companion = s->companion_ports[port->index]; 1159 companion->ops->complete(companion, packet); 1160 return; 1161 } 1162 1163 p = container_of(packet, EHCIPacket, packet); 1164 assert(p->async == EHCI_ASYNC_INFLIGHT); 1165 1166 if (packet->result == USB_RET_REMOVE_FROM_QUEUE) { 1167 trace_usb_ehci_packet_action(p->queue, p, "remove"); 1168 ehci_free_packet(p); 1169 return; 1170 } 1171 1172 trace_usb_ehci_packet_action(p->queue, p, "wakeup"); 1173 p->async = EHCI_ASYNC_FINISHED; 1174 p->usb_status = packet->result; 1175 1176 if (p->queue->async) { 1177 qemu_bh_schedule(p->queue->ehci->async_bh); 1178 } 1179 } 1180 1181 static void ehci_execute_complete(EHCIQueue *q) 1182 { 1183 EHCIPacket *p = QTAILQ_FIRST(&q->packets); 1184 1185 assert(p != NULL); 1186 assert(p->qtdaddr == q->qtdaddr); 1187 assert(p->async == EHCI_ASYNC_INITIALIZED || 1188 p->async == EHCI_ASYNC_FINISHED); 1189 1190 DPRINTF("execute_complete: qhaddr 0x%x, next %x, qtdaddr 0x%x, status %d\n", 1191 q->qhaddr, q->qh.next, q->qtdaddr, q->usb_status); 1192 1193 if (p->usb_status < 0) { 1194 switch (p->usb_status) { 1195 case USB_RET_IOERROR: 1196 case USB_RET_NODEV: 1197 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_XACTERR); 1198 set_field(&q->qh.token, 0, QTD_TOKEN_CERR); 1199 ehci_raise_irq(q->ehci, USBSTS_ERRINT); 1200 break; 1201 case USB_RET_STALL: 1202 q->qh.token |= QTD_TOKEN_HALT; 1203 ehci_raise_irq(q->ehci, USBSTS_ERRINT); 1204 break; 1205 case USB_RET_NAK: 1206 set_field(&q->qh.altnext_qtd, 0, QH_ALTNEXT_NAKCNT); 1207 return; /* We're not done yet with this transaction */ 1208 case USB_RET_BABBLE: 1209 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_BABBLE); 1210 ehci_raise_irq(q->ehci, USBSTS_ERRINT); 1211 break; 1212 default: 1213 /* should not be triggerable */ 1214 fprintf(stderr, "USB invalid response %d\n", p->usb_status); 1215 assert(0); 1216 break; 1217 } 1218 } else { 1219 // TODO check 4.12 for splits 1220 uint32_t tbytes = get_field(q->qh.token, QTD_TOKEN_TBYTES); 1221 1222 if (tbytes && p->pid == USB_TOKEN_IN) { 1223 tbytes -= p->usb_status; 1224 if (tbytes) { 1225 /* 4.15.1.2 must raise int on a short input packet */ 1226 ehci_raise_irq(q->ehci, USBSTS_INT); 1227 } 1228 } else { 1229 tbytes = 0; 1230 } 1231 1232 DPRINTF("updating tbytes to %d\n", tbytes); 1233 set_field(&q->qh.token, tbytes, QTD_TOKEN_TBYTES); 1234 } 1235 ehci_finish_transfer(q, p->usb_status); 1236 usb_packet_unmap(&p->packet, &p->sgl); 1237 qemu_sglist_destroy(&p->sgl); 1238 p->async = EHCI_ASYNC_NONE; 1239 1240 q->qh.token ^= QTD_TOKEN_DTOGGLE; 1241 q->qh.token &= ~QTD_TOKEN_ACTIVE; 1242 1243 if (q->qh.token & QTD_TOKEN_IOC) { 1244 ehci_raise_irq(q->ehci, USBSTS_INT); 1245 if (q->async) { 1246 q->ehci->int_req_by_async = true; 1247 } 1248 } 1249 } 1250 1251 // 4.10.3 1252 1253 static int ehci_execute(EHCIPacket *p, const char *action) 1254 { 1255 USBEndpoint *ep; 1256 int ret; 1257 int endp; 1258 bool spd; 1259 1260 assert(p->async == EHCI_ASYNC_NONE || 1261 p->async == EHCI_ASYNC_INITIALIZED); 1262 1263 if (!(p->qtd.token & QTD_TOKEN_ACTIVE)) { 1264 fprintf(stderr, "Attempting to execute inactive qtd\n"); 1265 return USB_RET_PROCERR; 1266 } 1267 1268 if (get_field(p->qtd.token, QTD_TOKEN_TBYTES) > BUFF_SIZE) { 1269 ehci_trace_guest_bug(p->queue->ehci, 1270 "guest requested more bytes than allowed"); 1271 return USB_RET_PROCERR; 1272 } 1273 1274 p->pid = (p->qtd.token & QTD_TOKEN_PID_MASK) >> QTD_TOKEN_PID_SH; 1275 switch (p->pid) { 1276 case 0: 1277 p->pid = USB_TOKEN_OUT; 1278 break; 1279 case 1: 1280 p->pid = USB_TOKEN_IN; 1281 break; 1282 case 2: 1283 p->pid = USB_TOKEN_SETUP; 1284 break; 1285 default: 1286 fprintf(stderr, "bad token\n"); 1287 break; 1288 } 1289 1290 endp = get_field(p->queue->qh.epchar, QH_EPCHAR_EP); 1291 ep = usb_ep_get(p->queue->dev, p->pid, endp); 1292 1293 if (p->async == EHCI_ASYNC_NONE) { 1294 if (ehci_init_transfer(p) != 0) { 1295 return USB_RET_PROCERR; 1296 } 1297 1298 spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0); 1299 usb_packet_setup(&p->packet, p->pid, ep, p->qtdaddr, spd, 1300 (p->qtd.token & QTD_TOKEN_IOC) != 0); 1301 usb_packet_map(&p->packet, &p->sgl); 1302 p->async = EHCI_ASYNC_INITIALIZED; 1303 } 1304 1305 trace_usb_ehci_packet_action(p->queue, p, action); 1306 ret = usb_handle_packet(p->queue->dev, &p->packet); 1307 DPRINTF("submit: qh %x next %x qtd %x pid %x len %zd endp %x ret %d\n", 1308 q->qhaddr, q->qh.next, q->qtdaddr, q->pid, 1309 q->packet.iov.size, endp, ret); 1310 1311 if (ret > BUFF_SIZE) { 1312 fprintf(stderr, "ret from usb_handle_packet > BUFF_SIZE\n"); 1313 return USB_RET_PROCERR; 1314 } 1315 1316 return ret; 1317 } 1318 1319 /* 4.7.2 1320 */ 1321 1322 static int ehci_process_itd(EHCIState *ehci, 1323 EHCIitd *itd, 1324 uint32_t addr) 1325 { 1326 USBDevice *dev; 1327 USBEndpoint *ep; 1328 int ret; 1329 uint32_t i, len, pid, dir, devaddr, endp; 1330 uint32_t pg, off, ptr1, ptr2, max, mult; 1331 1332 dir =(itd->bufptr[1] & ITD_BUFPTR_DIRECTION); 1333 devaddr = get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR); 1334 endp = get_field(itd->bufptr[0], ITD_BUFPTR_EP); 1335 max = get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT); 1336 mult = get_field(itd->bufptr[2], ITD_BUFPTR_MULT); 1337 1338 for(i = 0; i < 8; i++) { 1339 if (itd->transact[i] & ITD_XACT_ACTIVE) { 1340 pg = get_field(itd->transact[i], ITD_XACT_PGSEL); 1341 off = itd->transact[i] & ITD_XACT_OFFSET_MASK; 1342 ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK); 1343 ptr2 = (itd->bufptr[pg+1] & ITD_BUFPTR_MASK); 1344 len = get_field(itd->transact[i], ITD_XACT_LENGTH); 1345 1346 if (len > max * mult) { 1347 len = max * mult; 1348 } 1349 1350 if (len > BUFF_SIZE) { 1351 return USB_RET_PROCERR; 1352 } 1353 1354 qemu_sglist_init(&ehci->isgl, 2, ehci->dma); 1355 if (off + len > 4096) { 1356 /* transfer crosses page border */ 1357 uint32_t len2 = off + len - 4096; 1358 uint32_t len1 = len - len2; 1359 qemu_sglist_add(&ehci->isgl, ptr1 + off, len1); 1360 qemu_sglist_add(&ehci->isgl, ptr2, len2); 1361 } else { 1362 qemu_sglist_add(&ehci->isgl, ptr1 + off, len); 1363 } 1364 1365 pid = dir ? USB_TOKEN_IN : USB_TOKEN_OUT; 1366 1367 dev = ehci_find_device(ehci, devaddr); 1368 ep = usb_ep_get(dev, pid, endp); 1369 if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) { 1370 usb_packet_setup(&ehci->ipacket, pid, ep, addr, false, 1371 (itd->transact[i] & ITD_XACT_IOC) != 0); 1372 usb_packet_map(&ehci->ipacket, &ehci->isgl); 1373 ret = usb_handle_packet(dev, &ehci->ipacket); 1374 usb_packet_unmap(&ehci->ipacket, &ehci->isgl); 1375 } else { 1376 DPRINTF("ISOCH: attempt to addess non-iso endpoint\n"); 1377 ret = USB_RET_NAK; 1378 } 1379 qemu_sglist_destroy(&ehci->isgl); 1380 1381 if (ret < 0) { 1382 switch (ret) { 1383 default: 1384 fprintf(stderr, "Unexpected iso usb result: %d\n", ret); 1385 /* Fall through */ 1386 case USB_RET_IOERROR: 1387 case USB_RET_NODEV: 1388 /* 3.3.2: XACTERR is only allowed on IN transactions */ 1389 if (dir) { 1390 itd->transact[i] |= ITD_XACT_XACTERR; 1391 ehci_raise_irq(ehci, USBSTS_ERRINT); 1392 } 1393 break; 1394 case USB_RET_BABBLE: 1395 itd->transact[i] |= ITD_XACT_BABBLE; 1396 ehci_raise_irq(ehci, USBSTS_ERRINT); 1397 break; 1398 case USB_RET_NAK: 1399 /* no data for us, so do a zero-length transfer */ 1400 ret = 0; 1401 break; 1402 } 1403 } 1404 if (ret >= 0) { 1405 if (!dir) { 1406 /* OUT */ 1407 set_field(&itd->transact[i], len - ret, ITD_XACT_LENGTH); 1408 } else { 1409 /* IN */ 1410 set_field(&itd->transact[i], ret, ITD_XACT_LENGTH); 1411 } 1412 } 1413 if (itd->transact[i] & ITD_XACT_IOC) { 1414 ehci_raise_irq(ehci, USBSTS_INT); 1415 } 1416 itd->transact[i] &= ~ITD_XACT_ACTIVE; 1417 } 1418 } 1419 return 0; 1420 } 1421 1422 1423 /* This state is the entry point for asynchronous schedule 1424 * processing. Entry here consitutes a EHCI start event state (4.8.5) 1425 */ 1426 static int ehci_state_waitlisthead(EHCIState *ehci, int async) 1427 { 1428 EHCIqh qh; 1429 int i = 0; 1430 int again = 0; 1431 uint32_t entry = ehci->asynclistaddr; 1432 1433 /* set reclamation flag at start event (4.8.6) */ 1434 if (async) { 1435 ehci_set_usbsts(ehci, USBSTS_REC); 1436 } 1437 1438 ehci_queues_rip_unused(ehci, async); 1439 1440 /* Find the head of the list (4.9.1.1) */ 1441 for(i = 0; i < MAX_QH; i++) { 1442 get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &qh, 1443 sizeof(EHCIqh) >> 2); 1444 ehci_trace_qh(NULL, NLPTR_GET(entry), &qh); 1445 1446 if (qh.epchar & QH_EPCHAR_H) { 1447 if (async) { 1448 entry |= (NLPTR_TYPE_QH << 1); 1449 } 1450 1451 ehci_set_fetch_addr(ehci, async, entry); 1452 ehci_set_state(ehci, async, EST_FETCHENTRY); 1453 again = 1; 1454 goto out; 1455 } 1456 1457 entry = qh.next; 1458 if (entry == ehci->asynclistaddr) { 1459 break; 1460 } 1461 } 1462 1463 /* no head found for list. */ 1464 1465 ehci_set_state(ehci, async, EST_ACTIVE); 1466 1467 out: 1468 return again; 1469 } 1470 1471 1472 /* This state is the entry point for periodic schedule processing as 1473 * well as being a continuation state for async processing. 1474 */ 1475 static int ehci_state_fetchentry(EHCIState *ehci, int async) 1476 { 1477 int again = 0; 1478 uint32_t entry = ehci_get_fetch_addr(ehci, async); 1479 1480 if (NLPTR_TBIT(entry)) { 1481 ehci_set_state(ehci, async, EST_ACTIVE); 1482 goto out; 1483 } 1484 1485 /* section 4.8, only QH in async schedule */ 1486 if (async && (NLPTR_TYPE_GET(entry) != NLPTR_TYPE_QH)) { 1487 fprintf(stderr, "non queue head request in async schedule\n"); 1488 return -1; 1489 } 1490 1491 switch (NLPTR_TYPE_GET(entry)) { 1492 case NLPTR_TYPE_QH: 1493 ehci_set_state(ehci, async, EST_FETCHQH); 1494 again = 1; 1495 break; 1496 1497 case NLPTR_TYPE_ITD: 1498 ehci_set_state(ehci, async, EST_FETCHITD); 1499 again = 1; 1500 break; 1501 1502 case NLPTR_TYPE_STITD: 1503 ehci_set_state(ehci, async, EST_FETCHSITD); 1504 again = 1; 1505 break; 1506 1507 default: 1508 /* TODO: handle FSTN type */ 1509 fprintf(stderr, "FETCHENTRY: entry at %X is of type %d " 1510 "which is not supported yet\n", entry, NLPTR_TYPE_GET(entry)); 1511 return -1; 1512 } 1513 1514 out: 1515 return again; 1516 } 1517 1518 static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async) 1519 { 1520 EHCIPacket *p; 1521 uint32_t entry, devaddr, endp; 1522 EHCIQueue *q; 1523 EHCIqh qh; 1524 1525 entry = ehci_get_fetch_addr(ehci, async); 1526 q = ehci_find_queue_by_qh(ehci, entry, async); 1527 if (NULL == q) { 1528 q = ehci_alloc_queue(ehci, entry, async); 1529 } 1530 p = QTAILQ_FIRST(&q->packets); 1531 1532 q->seen++; 1533 if (q->seen > 1) { 1534 /* we are going in circles -- stop processing */ 1535 ehci_set_state(ehci, async, EST_ACTIVE); 1536 q = NULL; 1537 goto out; 1538 } 1539 1540 get_dwords(ehci, NLPTR_GET(q->qhaddr), 1541 (uint32_t *) &qh, sizeof(EHCIqh) >> 2); 1542 ehci_trace_qh(q, NLPTR_GET(q->qhaddr), &qh); 1543 1544 /* 1545 * The overlay area of the qh should never be changed by the guest, 1546 * except when idle, in which case the reset is a nop. 1547 */ 1548 devaddr = get_field(qh.epchar, QH_EPCHAR_DEVADDR); 1549 endp = get_field(qh.epchar, QH_EPCHAR_EP); 1550 if ((devaddr != get_field(q->qh.epchar, QH_EPCHAR_DEVADDR)) || 1551 (endp != get_field(q->qh.epchar, QH_EPCHAR_EP)) || 1552 (memcmp(&qh.current_qtd, &q->qh.current_qtd, 1553 9 * sizeof(uint32_t)) != 0) || 1554 (q->dev != NULL && q->dev->addr != devaddr)) { 1555 if (ehci_reset_queue(q) > 0) { 1556 ehci_trace_guest_bug(ehci, "guest updated active QH"); 1557 } 1558 p = NULL; 1559 } 1560 q->qh = qh; 1561 1562 q->transact_ctr = get_field(q->qh.epcap, QH_EPCAP_MULT); 1563 if (q->transact_ctr == 0) { /* Guest bug in some versions of windows */ 1564 q->transact_ctr = 4; 1565 } 1566 1567 if (q->dev == NULL) { 1568 q->dev = ehci_find_device(q->ehci, devaddr); 1569 } 1570 1571 if (p && p->async == EHCI_ASYNC_FINISHED) { 1572 /* I/O finished -- continue processing queue */ 1573 trace_usb_ehci_packet_action(p->queue, p, "complete"); 1574 ehci_set_state(ehci, async, EST_EXECUTING); 1575 goto out; 1576 } 1577 1578 if (async && (q->qh.epchar & QH_EPCHAR_H)) { 1579 1580 /* EHCI spec version 1.0 Section 4.8.3 & 4.10.1 */ 1581 if (ehci->usbsts & USBSTS_REC) { 1582 ehci_clear_usbsts(ehci, USBSTS_REC); 1583 } else { 1584 DPRINTF("FETCHQH: QH 0x%08x. H-bit set, reclamation status reset" 1585 " - done processing\n", q->qhaddr); 1586 ehci_set_state(ehci, async, EST_ACTIVE); 1587 q = NULL; 1588 goto out; 1589 } 1590 } 1591 1592 #if EHCI_DEBUG 1593 if (q->qhaddr != q->qh.next) { 1594 DPRINTF("FETCHQH: QH 0x%08x (h %x halt %x active %x) next 0x%08x\n", 1595 q->qhaddr, 1596 q->qh.epchar & QH_EPCHAR_H, 1597 q->qh.token & QTD_TOKEN_HALT, 1598 q->qh.token & QTD_TOKEN_ACTIVE, 1599 q->qh.next); 1600 } 1601 #endif 1602 1603 if (q->qh.token & QTD_TOKEN_HALT) { 1604 ehci_set_state(ehci, async, EST_HORIZONTALQH); 1605 1606 } else if ((q->qh.token & QTD_TOKEN_ACTIVE) && 1607 (NLPTR_TBIT(q->qh.current_qtd) == 0)) { 1608 q->qtdaddr = q->qh.current_qtd; 1609 ehci_set_state(ehci, async, EST_FETCHQTD); 1610 1611 } else { 1612 /* EHCI spec version 1.0 Section 4.10.2 */ 1613 ehci_set_state(ehci, async, EST_ADVANCEQUEUE); 1614 } 1615 1616 out: 1617 return q; 1618 } 1619 1620 static int ehci_state_fetchitd(EHCIState *ehci, int async) 1621 { 1622 uint32_t entry; 1623 EHCIitd itd; 1624 1625 assert(!async); 1626 entry = ehci_get_fetch_addr(ehci, async); 1627 1628 get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd, 1629 sizeof(EHCIitd) >> 2); 1630 ehci_trace_itd(ehci, entry, &itd); 1631 1632 if (ehci_process_itd(ehci, &itd, entry) != 0) { 1633 return -1; 1634 } 1635 1636 put_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd, 1637 sizeof(EHCIitd) >> 2); 1638 ehci_set_fetch_addr(ehci, async, itd.next); 1639 ehci_set_state(ehci, async, EST_FETCHENTRY); 1640 1641 return 1; 1642 } 1643 1644 static int ehci_state_fetchsitd(EHCIState *ehci, int async) 1645 { 1646 uint32_t entry; 1647 EHCIsitd sitd; 1648 1649 assert(!async); 1650 entry = ehci_get_fetch_addr(ehci, async); 1651 1652 get_dwords(ehci, NLPTR_GET(entry), (uint32_t *)&sitd, 1653 sizeof(EHCIsitd) >> 2); 1654 ehci_trace_sitd(ehci, entry, &sitd); 1655 1656 if (!(sitd.results & SITD_RESULTS_ACTIVE)) { 1657 /* siTD is not active, nothing to do */; 1658 } else { 1659 /* TODO: split transfers are not implemented */ 1660 fprintf(stderr, "WARNING: Skipping active siTD\n"); 1661 } 1662 1663 ehci_set_fetch_addr(ehci, async, sitd.next); 1664 ehci_set_state(ehci, async, EST_FETCHENTRY); 1665 return 1; 1666 } 1667 1668 /* Section 4.10.2 - paragraph 3 */ 1669 static int ehci_state_advqueue(EHCIQueue *q) 1670 { 1671 #if 0 1672 /* TO-DO: 4.10.2 - paragraph 2 1673 * if I-bit is set to 1 and QH is not active 1674 * go to horizontal QH 1675 */ 1676 if (I-bit set) { 1677 ehci_set_state(ehci, async, EST_HORIZONTALQH); 1678 goto out; 1679 } 1680 #endif 1681 1682 /* 1683 * want data and alt-next qTD is valid 1684 */ 1685 if (((q->qh.token & QTD_TOKEN_TBYTES_MASK) != 0) && 1686 (NLPTR_TBIT(q->qh.altnext_qtd) == 0)) { 1687 q->qtdaddr = q->qh.altnext_qtd; 1688 ehci_set_state(q->ehci, q->async, EST_FETCHQTD); 1689 1690 /* 1691 * next qTD is valid 1692 */ 1693 } else if (NLPTR_TBIT(q->qh.next_qtd) == 0) { 1694 q->qtdaddr = q->qh.next_qtd; 1695 ehci_set_state(q->ehci, q->async, EST_FETCHQTD); 1696 1697 /* 1698 * no valid qTD, try next QH 1699 */ 1700 } else { 1701 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); 1702 } 1703 1704 return 1; 1705 } 1706 1707 /* Section 4.10.2 - paragraph 4 */ 1708 static int ehci_state_fetchqtd(EHCIQueue *q) 1709 { 1710 EHCIqtd qtd; 1711 EHCIPacket *p; 1712 int again = 1; 1713 1714 get_dwords(q->ehci, NLPTR_GET(q->qtdaddr), (uint32_t *) &qtd, 1715 sizeof(EHCIqtd) >> 2); 1716 ehci_trace_qtd(q, NLPTR_GET(q->qtdaddr), &qtd); 1717 1718 p = QTAILQ_FIRST(&q->packets); 1719 if (p != NULL) { 1720 if (p->qtdaddr != q->qtdaddr || 1721 (!NLPTR_TBIT(p->qtd.next) && (p->qtd.next != qtd.next)) || 1722 (!NLPTR_TBIT(p->qtd.altnext) && (p->qtd.altnext != qtd.altnext)) || 1723 p->qtd.bufptr[0] != qtd.bufptr[0]) { 1724 ehci_cancel_queue(q); 1725 ehci_trace_guest_bug(q->ehci, "guest updated active QH or qTD"); 1726 p = NULL; 1727 } else { 1728 p->qtd = qtd; 1729 ehci_qh_do_overlay(q); 1730 } 1731 } 1732 1733 if (!(qtd.token & QTD_TOKEN_ACTIVE)) { 1734 if (p != NULL) { 1735 /* transfer canceled by guest (clear active) */ 1736 ehci_cancel_queue(q); 1737 p = NULL; 1738 } 1739 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); 1740 } else if (p != NULL) { 1741 switch (p->async) { 1742 case EHCI_ASYNC_NONE: 1743 case EHCI_ASYNC_INITIALIZED: 1744 /* Not yet executed (MULT), or previously nacked (int) packet */ 1745 ehci_set_state(q->ehci, q->async, EST_EXECUTE); 1746 break; 1747 case EHCI_ASYNC_INFLIGHT: 1748 /* Check if the guest has added new tds to the queue */ 1749 again = (ehci_fill_queue(QTAILQ_LAST(&q->packets, pkts_head)) == 1750 USB_RET_PROCERR) ? -1 : 1; 1751 /* Unfinished async handled packet, go horizontal */ 1752 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); 1753 break; 1754 case EHCI_ASYNC_FINISHED: 1755 /* 1756 * We get here when advqueue moves to a packet which is already 1757 * finished, which can happen with packets queued up by fill_queue 1758 */ 1759 ehci_set_state(q->ehci, q->async, EST_EXECUTING); 1760 break; 1761 } 1762 } else { 1763 p = ehci_alloc_packet(q); 1764 p->qtdaddr = q->qtdaddr; 1765 p->qtd = qtd; 1766 ehci_set_state(q->ehci, q->async, EST_EXECUTE); 1767 } 1768 1769 return again; 1770 } 1771 1772 static int ehci_state_horizqh(EHCIQueue *q) 1773 { 1774 int again = 0; 1775 1776 if (ehci_get_fetch_addr(q->ehci, q->async) != q->qh.next) { 1777 ehci_set_fetch_addr(q->ehci, q->async, q->qh.next); 1778 ehci_set_state(q->ehci, q->async, EST_FETCHENTRY); 1779 again = 1; 1780 } else { 1781 ehci_set_state(q->ehci, q->async, EST_ACTIVE); 1782 } 1783 1784 return again; 1785 } 1786 1787 static int ehci_fill_queue(EHCIPacket *p) 1788 { 1789 USBEndpoint *ep = p->packet.ep; 1790 EHCIQueue *q = p->queue; 1791 EHCIqtd qtd = p->qtd; 1792 uint32_t qtdaddr, start_addr = p->qtdaddr; 1793 1794 for (;;) { 1795 if (NLPTR_TBIT(qtd.next) != 0) { 1796 break; 1797 } 1798 qtdaddr = qtd.next; 1799 /* 1800 * Detect circular td lists, Windows creates these, counting on the 1801 * active bit going low after execution to make the queue stop. 1802 */ 1803 if (qtdaddr == start_addr) { 1804 break; 1805 } 1806 get_dwords(q->ehci, NLPTR_GET(qtdaddr), 1807 (uint32_t *) &qtd, sizeof(EHCIqtd) >> 2); 1808 ehci_trace_qtd(q, NLPTR_GET(qtdaddr), &qtd); 1809 if (!(qtd.token & QTD_TOKEN_ACTIVE)) { 1810 break; 1811 } 1812 p = ehci_alloc_packet(q); 1813 p->qtdaddr = qtdaddr; 1814 p->qtd = qtd; 1815 p->usb_status = ehci_execute(p, "queue"); 1816 if (p->usb_status == USB_RET_PROCERR) { 1817 break; 1818 } 1819 assert(p->usb_status == USB_RET_ASYNC); 1820 p->async = EHCI_ASYNC_INFLIGHT; 1821 } 1822 if (p->usb_status != USB_RET_PROCERR) { 1823 usb_device_flush_ep_queue(ep->dev, ep); 1824 } 1825 return p->usb_status; 1826 } 1827 1828 static int ehci_state_execute(EHCIQueue *q) 1829 { 1830 EHCIPacket *p = QTAILQ_FIRST(&q->packets); 1831 int again = 0; 1832 1833 assert(p != NULL); 1834 assert(p->qtdaddr == q->qtdaddr); 1835 1836 if (ehci_qh_do_overlay(q) != 0) { 1837 return -1; 1838 } 1839 1840 // TODO verify enough time remains in the uframe as in 4.4.1.1 1841 // TODO write back ptr to async list when done or out of time 1842 1843 /* 4.10.3, bottom of page 82, go horizontal on transaction counter == 0 */ 1844 if (!q->async && q->transact_ctr == 0) { 1845 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); 1846 again = 1; 1847 goto out; 1848 } 1849 1850 if (q->async) { 1851 ehci_set_usbsts(q->ehci, USBSTS_REC); 1852 } 1853 1854 p->usb_status = ehci_execute(p, "process"); 1855 if (p->usb_status == USB_RET_PROCERR) { 1856 again = -1; 1857 goto out; 1858 } 1859 if (p->usb_status == USB_RET_ASYNC) { 1860 ehci_flush_qh(q); 1861 trace_usb_ehci_packet_action(p->queue, p, "async"); 1862 p->async = EHCI_ASYNC_INFLIGHT; 1863 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); 1864 if (q->async) { 1865 again = (ehci_fill_queue(p) == USB_RET_PROCERR) ? -1 : 1; 1866 } else { 1867 again = 1; 1868 } 1869 goto out; 1870 } 1871 1872 ehci_set_state(q->ehci, q->async, EST_EXECUTING); 1873 again = 1; 1874 1875 out: 1876 return again; 1877 } 1878 1879 static int ehci_state_executing(EHCIQueue *q) 1880 { 1881 EHCIPacket *p = QTAILQ_FIRST(&q->packets); 1882 1883 assert(p != NULL); 1884 assert(p->qtdaddr == q->qtdaddr); 1885 1886 ehci_execute_complete(q); 1887 1888 /* 4.10.3 */ 1889 if (!q->async && q->transact_ctr > 0) { 1890 q->transact_ctr--; 1891 } 1892 1893 /* 4.10.5 */ 1894 if (p->usb_status == USB_RET_NAK) { 1895 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); 1896 } else { 1897 ehci_set_state(q->ehci, q->async, EST_WRITEBACK); 1898 } 1899 1900 ehci_flush_qh(q); 1901 return 1; 1902 } 1903 1904 1905 static int ehci_state_writeback(EHCIQueue *q) 1906 { 1907 EHCIPacket *p = QTAILQ_FIRST(&q->packets); 1908 uint32_t *qtd, addr; 1909 int again = 0; 1910 1911 /* Write back the QTD from the QH area */ 1912 assert(p != NULL); 1913 assert(p->qtdaddr == q->qtdaddr); 1914 1915 ehci_trace_qtd(q, NLPTR_GET(p->qtdaddr), (EHCIqtd *) &q->qh.next_qtd); 1916 qtd = (uint32_t *) &q->qh.next_qtd; 1917 addr = NLPTR_GET(p->qtdaddr); 1918 put_dwords(q->ehci, addr + 2 * sizeof(uint32_t), qtd + 2, 2); 1919 ehci_free_packet(p); 1920 1921 /* 1922 * EHCI specs say go horizontal here. 1923 * 1924 * We can also advance the queue here for performance reasons. We 1925 * need to take care to only take that shortcut in case we've 1926 * processed the qtd just written back without errors, i.e. halt 1927 * bit is clear. 1928 */ 1929 if (q->qh.token & QTD_TOKEN_HALT) { 1930 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); 1931 again = 1; 1932 } else { 1933 ehci_set_state(q->ehci, q->async, EST_ADVANCEQUEUE); 1934 again = 1; 1935 } 1936 return again; 1937 } 1938 1939 /* 1940 * This is the state machine that is common to both async and periodic 1941 */ 1942 1943 static void ehci_advance_state(EHCIState *ehci, int async) 1944 { 1945 EHCIQueue *q = NULL; 1946 int again; 1947 1948 do { 1949 switch(ehci_get_state(ehci, async)) { 1950 case EST_WAITLISTHEAD: 1951 again = ehci_state_waitlisthead(ehci, async); 1952 break; 1953 1954 case EST_FETCHENTRY: 1955 again = ehci_state_fetchentry(ehci, async); 1956 break; 1957 1958 case EST_FETCHQH: 1959 q = ehci_state_fetchqh(ehci, async); 1960 if (q != NULL) { 1961 assert(q->async == async); 1962 again = 1; 1963 } else { 1964 again = 0; 1965 } 1966 break; 1967 1968 case EST_FETCHITD: 1969 again = ehci_state_fetchitd(ehci, async); 1970 break; 1971 1972 case EST_FETCHSITD: 1973 again = ehci_state_fetchsitd(ehci, async); 1974 break; 1975 1976 case EST_ADVANCEQUEUE: 1977 again = ehci_state_advqueue(q); 1978 break; 1979 1980 case EST_FETCHQTD: 1981 again = ehci_state_fetchqtd(q); 1982 break; 1983 1984 case EST_HORIZONTALQH: 1985 again = ehci_state_horizqh(q); 1986 break; 1987 1988 case EST_EXECUTE: 1989 again = ehci_state_execute(q); 1990 if (async) { 1991 ehci->async_stepdown = 0; 1992 } 1993 break; 1994 1995 case EST_EXECUTING: 1996 assert(q != NULL); 1997 if (async) { 1998 ehci->async_stepdown = 0; 1999 } 2000 again = ehci_state_executing(q); 2001 break; 2002 2003 case EST_WRITEBACK: 2004 assert(q != NULL); 2005 again = ehci_state_writeback(q); 2006 break; 2007 2008 default: 2009 fprintf(stderr, "Bad state!\n"); 2010 again = -1; 2011 assert(0); 2012 break; 2013 } 2014 2015 if (again < 0) { 2016 fprintf(stderr, "processing error - resetting ehci HC\n"); 2017 ehci_reset(ehci); 2018 again = 0; 2019 } 2020 } 2021 while (again); 2022 } 2023 2024 static void ehci_advance_async_state(EHCIState *ehci) 2025 { 2026 const int async = 1; 2027 2028 switch(ehci_get_state(ehci, async)) { 2029 case EST_INACTIVE: 2030 if (!ehci_async_enabled(ehci)) { 2031 break; 2032 } 2033 ehci_set_state(ehci, async, EST_ACTIVE); 2034 // No break, fall through to ACTIVE 2035 2036 case EST_ACTIVE: 2037 if (!ehci_async_enabled(ehci)) { 2038 ehci_queues_rip_all(ehci, async); 2039 ehci_set_state(ehci, async, EST_INACTIVE); 2040 break; 2041 } 2042 2043 /* make sure guest has acknowledged the doorbell interrupt */ 2044 /* TO-DO: is this really needed? */ 2045 if (ehci->usbsts & USBSTS_IAA) { 2046 DPRINTF("IAA status bit still set.\n"); 2047 break; 2048 } 2049 2050 /* check that address register has been set */ 2051 if (ehci->asynclistaddr == 0) { 2052 break; 2053 } 2054 2055 ehci_set_state(ehci, async, EST_WAITLISTHEAD); 2056 ehci_advance_state(ehci, async); 2057 2058 /* If the doorbell is set, the guest wants to make a change to the 2059 * schedule. The host controller needs to release cached data. 2060 * (section 4.8.2) 2061 */ 2062 if (ehci->usbcmd & USBCMD_IAAD) { 2063 /* Remove all unseen qhs from the async qhs queue */ 2064 ehci_queues_rip_unseen(ehci, async); 2065 trace_usb_ehci_doorbell_ack(); 2066 ehci->usbcmd &= ~USBCMD_IAAD; 2067 ehci_raise_irq(ehci, USBSTS_IAA); 2068 } 2069 break; 2070 2071 default: 2072 /* this should only be due to a developer mistake */ 2073 fprintf(stderr, "ehci: Bad asynchronous state %d. " 2074 "Resetting to active\n", ehci->astate); 2075 assert(0); 2076 } 2077 } 2078 2079 static void ehci_advance_periodic_state(EHCIState *ehci) 2080 { 2081 uint32_t entry; 2082 uint32_t list; 2083 const int async = 0; 2084 2085 // 4.6 2086 2087 switch(ehci_get_state(ehci, async)) { 2088 case EST_INACTIVE: 2089 if (!(ehci->frindex & 7) && ehci_periodic_enabled(ehci)) { 2090 ehci_set_state(ehci, async, EST_ACTIVE); 2091 // No break, fall through to ACTIVE 2092 } else 2093 break; 2094 2095 case EST_ACTIVE: 2096 if (!(ehci->frindex & 7) && !ehci_periodic_enabled(ehci)) { 2097 ehci_queues_rip_all(ehci, async); 2098 ehci_set_state(ehci, async, EST_INACTIVE); 2099 break; 2100 } 2101 2102 list = ehci->periodiclistbase & 0xfffff000; 2103 /* check that register has been set */ 2104 if (list == 0) { 2105 break; 2106 } 2107 list |= ((ehci->frindex & 0x1ff8) >> 1); 2108 2109 dma_memory_read(ehci->dma, list, &entry, sizeof entry); 2110 entry = le32_to_cpu(entry); 2111 2112 DPRINTF("PERIODIC state adv fr=%d. [%08X] -> %08X\n", 2113 ehci->frindex / 8, list, entry); 2114 ehci_set_fetch_addr(ehci, async,entry); 2115 ehci_set_state(ehci, async, EST_FETCHENTRY); 2116 ehci_advance_state(ehci, async); 2117 ehci_queues_rip_unused(ehci, async); 2118 break; 2119 2120 default: 2121 /* this should only be due to a developer mistake */ 2122 fprintf(stderr, "ehci: Bad periodic state %d. " 2123 "Resetting to active\n", ehci->pstate); 2124 assert(0); 2125 } 2126 } 2127 2128 static void ehci_update_frindex(EHCIState *ehci, int frames) 2129 { 2130 int i; 2131 2132 if (!ehci_enabled(ehci)) { 2133 return; 2134 } 2135 2136 for (i = 0; i < frames; i++) { 2137 ehci->frindex += 8; 2138 2139 if (ehci->frindex == 0x00002000) { 2140 ehci_raise_irq(ehci, USBSTS_FLR); 2141 } 2142 2143 if (ehci->frindex == 0x00004000) { 2144 ehci_raise_irq(ehci, USBSTS_FLR); 2145 ehci->frindex = 0; 2146 if (ehci->usbsts_frindex >= 0x00004000) { 2147 ehci->usbsts_frindex -= 0x00004000; 2148 } else { 2149 ehci->usbsts_frindex = 0; 2150 } 2151 } 2152 } 2153 } 2154 2155 static void ehci_frame_timer(void *opaque) 2156 { 2157 EHCIState *ehci = opaque; 2158 int need_timer = 0; 2159 int64_t expire_time, t_now; 2160 uint64_t ns_elapsed; 2161 int frames, skipped_frames; 2162 int i; 2163 2164 t_now = qemu_get_clock_ns(vm_clock); 2165 ns_elapsed = t_now - ehci->last_run_ns; 2166 frames = ns_elapsed / FRAME_TIMER_NS; 2167 2168 if (ehci_periodic_enabled(ehci) || ehci->pstate != EST_INACTIVE) { 2169 need_timer++; 2170 ehci->async_stepdown = 0; 2171 2172 if (frames > ehci->maxframes) { 2173 skipped_frames = frames - ehci->maxframes; 2174 ehci_update_frindex(ehci, skipped_frames); 2175 ehci->last_run_ns += FRAME_TIMER_NS * skipped_frames; 2176 frames -= skipped_frames; 2177 DPRINTF("WARNING - EHCI skipped %d frames\n", skipped_frames); 2178 } 2179 2180 for (i = 0; i < frames; i++) { 2181 /* 2182 * If we're running behind schedule, we should not catch up 2183 * too fast, as that will make some guests unhappy: 2184 * 1) We must process a minimum of MIN_FR_PER_TICK frames, 2185 * otherwise we will never catch up 2186 * 2) Process frames until the guest has requested an irq (IOC) 2187 */ 2188 if (i >= MIN_FR_PER_TICK) { 2189 ehci_commit_irq(ehci); 2190 if ((ehci->usbsts & USBINTR_MASK) & ehci->usbintr) { 2191 break; 2192 } 2193 } 2194 ehci_update_frindex(ehci, 1); 2195 ehci_advance_periodic_state(ehci); 2196 ehci->last_run_ns += FRAME_TIMER_NS; 2197 } 2198 } else { 2199 if (ehci->async_stepdown < ehci->maxframes / 2) { 2200 ehci->async_stepdown++; 2201 } 2202 ehci_update_frindex(ehci, frames); 2203 ehci->last_run_ns += FRAME_TIMER_NS * frames; 2204 } 2205 2206 /* Async is not inside loop since it executes everything it can once 2207 * called 2208 */ 2209 if (ehci_async_enabled(ehci) || ehci->astate != EST_INACTIVE) { 2210 need_timer++; 2211 ehci_advance_async_state(ehci); 2212 } 2213 2214 ehci_commit_irq(ehci); 2215 if (ehci->usbsts_pending) { 2216 need_timer++; 2217 ehci->async_stepdown = 0; 2218 } 2219 2220 if (need_timer) { 2221 /* If we've raised int, we speed up the timer, so that we quickly 2222 * notice any new packets queued up in response */ 2223 if (ehci->int_req_by_async && (ehci->usbsts & USBSTS_INT)) { 2224 expire_time = t_now + get_ticks_per_sec() / (FRAME_TIMER_FREQ * 2); 2225 ehci->int_req_by_async = false; 2226 } else { 2227 expire_time = t_now + (get_ticks_per_sec() 2228 * (ehci->async_stepdown+1) / FRAME_TIMER_FREQ); 2229 } 2230 qemu_mod_timer(ehci->frame_timer, expire_time); 2231 } 2232 } 2233 2234 static const MemoryRegionOps ehci_mmio_caps_ops = { 2235 .read = ehci_caps_read, 2236 .valid.min_access_size = 1, 2237 .valid.max_access_size = 4, 2238 .impl.min_access_size = 1, 2239 .impl.max_access_size = 1, 2240 .endianness = DEVICE_LITTLE_ENDIAN, 2241 }; 2242 2243 static const MemoryRegionOps ehci_mmio_opreg_ops = { 2244 .read = ehci_opreg_read, 2245 .write = ehci_opreg_write, 2246 .valid.min_access_size = 4, 2247 .valid.max_access_size = 4, 2248 .endianness = DEVICE_LITTLE_ENDIAN, 2249 }; 2250 2251 static const MemoryRegionOps ehci_mmio_port_ops = { 2252 .read = ehci_port_read, 2253 .write = ehci_port_write, 2254 .valid.min_access_size = 4, 2255 .valid.max_access_size = 4, 2256 .endianness = DEVICE_LITTLE_ENDIAN, 2257 }; 2258 2259 static USBPortOps ehci_port_ops = { 2260 .attach = ehci_attach, 2261 .detach = ehci_detach, 2262 .child_detach = ehci_child_detach, 2263 .wakeup = ehci_wakeup, 2264 .complete = ehci_async_complete_packet, 2265 }; 2266 2267 static USBBusOps ehci_bus_ops = { 2268 .register_companion = ehci_register_companion, 2269 }; 2270 2271 static int usb_ehci_post_load(void *opaque, int version_id) 2272 { 2273 EHCIState *s = opaque; 2274 int i; 2275 2276 for (i = 0; i < NB_PORTS; i++) { 2277 USBPort *companion = s->companion_ports[i]; 2278 if (companion == NULL) { 2279 continue; 2280 } 2281 if (s->portsc[i] & PORTSC_POWNER) { 2282 companion->dev = s->ports[i].dev; 2283 } else { 2284 companion->dev = NULL; 2285 } 2286 } 2287 2288 return 0; 2289 } 2290 2291 static void usb_ehci_vm_state_change(void *opaque, int running, RunState state) 2292 { 2293 EHCIState *ehci = opaque; 2294 2295 /* 2296 * We don't migrate the EHCIQueue-s, instead we rebuild them for the 2297 * schedule in guest memory. We must do the rebuilt ASAP, so that 2298 * USB-devices which have async handled packages have a packet in the 2299 * ep queue to match the completion with. 2300 */ 2301 if (state == RUN_STATE_RUNNING) { 2302 ehci_advance_async_state(ehci); 2303 } 2304 2305 /* 2306 * The schedule rebuilt from guest memory could cause the migration dest 2307 * to miss a QH unlink, and fail to cancel packets, since the unlinked QH 2308 * will never have existed on the destination. Therefor we must flush the 2309 * async schedule on savevm to catch any not yet noticed unlinks. 2310 */ 2311 if (state == RUN_STATE_SAVE_VM) { 2312 ehci_advance_async_state(ehci); 2313 ehci_queues_rip_unseen(ehci, 1); 2314 } 2315 } 2316 2317 const VMStateDescription vmstate_ehci = { 2318 .name = "ehci-core", 2319 .version_id = 2, 2320 .minimum_version_id = 1, 2321 .post_load = usb_ehci_post_load, 2322 .fields = (VMStateField[]) { 2323 /* mmio registers */ 2324 VMSTATE_UINT32(usbcmd, EHCIState), 2325 VMSTATE_UINT32(usbsts, EHCIState), 2326 VMSTATE_UINT32_V(usbsts_pending, EHCIState, 2), 2327 VMSTATE_UINT32_V(usbsts_frindex, EHCIState, 2), 2328 VMSTATE_UINT32(usbintr, EHCIState), 2329 VMSTATE_UINT32(frindex, EHCIState), 2330 VMSTATE_UINT32(ctrldssegment, EHCIState), 2331 VMSTATE_UINT32(periodiclistbase, EHCIState), 2332 VMSTATE_UINT32(asynclistaddr, EHCIState), 2333 VMSTATE_UINT32(configflag, EHCIState), 2334 VMSTATE_UINT32(portsc[0], EHCIState), 2335 VMSTATE_UINT32(portsc[1], EHCIState), 2336 VMSTATE_UINT32(portsc[2], EHCIState), 2337 VMSTATE_UINT32(portsc[3], EHCIState), 2338 VMSTATE_UINT32(portsc[4], EHCIState), 2339 VMSTATE_UINT32(portsc[5], EHCIState), 2340 /* frame timer */ 2341 VMSTATE_TIMER(frame_timer, EHCIState), 2342 VMSTATE_UINT64(last_run_ns, EHCIState), 2343 VMSTATE_UINT32(async_stepdown, EHCIState), 2344 /* schedule state */ 2345 VMSTATE_UINT32(astate, EHCIState), 2346 VMSTATE_UINT32(pstate, EHCIState), 2347 VMSTATE_UINT32(a_fetch_addr, EHCIState), 2348 VMSTATE_UINT32(p_fetch_addr, EHCIState), 2349 VMSTATE_END_OF_LIST() 2350 } 2351 }; 2352 2353 void usb_ehci_initfn(EHCIState *s, DeviceState *dev) 2354 { 2355 int i; 2356 2357 /* 2.2 host controller interface version */ 2358 s->caps[0x00] = (uint8_t)(s->opregbase - s->capsbase); 2359 s->caps[0x01] = 0x00; 2360 s->caps[0x02] = 0x00; 2361 s->caps[0x03] = 0x01; /* HC version */ 2362 s->caps[0x04] = NB_PORTS; /* Number of downstream ports */ 2363 s->caps[0x05] = 0x00; /* No companion ports at present */ 2364 s->caps[0x06] = 0x00; 2365 s->caps[0x07] = 0x00; 2366 s->caps[0x08] = 0x80; /* We can cache whole frame, no 64-bit */ 2367 s->caps[0x0a] = 0x00; 2368 s->caps[0x0b] = 0x00; 2369 2370 usb_bus_new(&s->bus, &ehci_bus_ops, dev); 2371 for(i = 0; i < NB_PORTS; i++) { 2372 usb_register_port(&s->bus, &s->ports[i], s, i, &ehci_port_ops, 2373 USB_SPEED_MASK_HIGH); 2374 s->ports[i].dev = 0; 2375 } 2376 2377 s->frame_timer = qemu_new_timer_ns(vm_clock, ehci_frame_timer, s); 2378 s->async_bh = qemu_bh_new(ehci_frame_timer, s); 2379 QTAILQ_INIT(&s->aqueues); 2380 QTAILQ_INIT(&s->pqueues); 2381 usb_packet_init(&s->ipacket); 2382 2383 qemu_register_reset(ehci_reset, s); 2384 qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s); 2385 2386 memory_region_init(&s->mem, "ehci", MMIO_SIZE); 2387 memory_region_init_io(&s->mem_caps, &ehci_mmio_caps_ops, s, 2388 "capabilities", CAPA_SIZE); 2389 memory_region_init_io(&s->mem_opreg, &ehci_mmio_opreg_ops, s, 2390 "operational", PORTSC_BEGIN); 2391 memory_region_init_io(&s->mem_ports, &ehci_mmio_port_ops, s, 2392 "ports", PORTSC_END - PORTSC_BEGIN); 2393 2394 memory_region_add_subregion(&s->mem, s->capsbase, &s->mem_caps); 2395 memory_region_add_subregion(&s->mem, s->opregbase, &s->mem_opreg); 2396 memory_region_add_subregion(&s->mem, s->opregbase + PORTSC_BEGIN, 2397 &s->mem_ports); 2398 } 2399 2400 /* 2401 * vim: expandtab ts=4 2402 */ 2403