1 /* 2 * "Inventra" High-speed Dual-Role Controller (MUSB-HDRC), Mentor Graphics, 3 * USB2.0 OTG compliant core used in various chips. 4 * 5 * Copyright (C) 2008 Nokia Corporation 6 * Written by Andrzej Zaborowski <andrew@openedhand.com> 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License as 10 * published by the Free Software Foundation; either version 2 or 11 * (at your option) version 3 of the License. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License along 19 * with this program; if not, see <http://www.gnu.org/licenses/>. 20 * 21 * Only host-mode and non-DMA accesses are currently supported. 22 */ 23 #include "qemu-common.h" 24 #include "qemu/timer.h" 25 #include "hw/usb.h" 26 #include "hw/irq.h" 27 #include "hw/hw.h" 28 29 /* Common USB registers */ 30 #define MUSB_HDRC_FADDR 0x00 /* 8-bit */ 31 #define MUSB_HDRC_POWER 0x01 /* 8-bit */ 32 33 #define MUSB_HDRC_INTRTX 0x02 /* 16-bit */ 34 #define MUSB_HDRC_INTRRX 0x04 35 #define MUSB_HDRC_INTRTXE 0x06 36 #define MUSB_HDRC_INTRRXE 0x08 37 #define MUSB_HDRC_INTRUSB 0x0a /* 8 bit */ 38 #define MUSB_HDRC_INTRUSBE 0x0b /* 8 bit */ 39 #define MUSB_HDRC_FRAME 0x0c /* 16-bit */ 40 #define MUSB_HDRC_INDEX 0x0e /* 8 bit */ 41 #define MUSB_HDRC_TESTMODE 0x0f /* 8 bit */ 42 43 /* Per-EP registers in indexed mode */ 44 #define MUSB_HDRC_EP_IDX 0x10 /* 8-bit */ 45 46 /* EP FIFOs */ 47 #define MUSB_HDRC_FIFO 0x20 48 49 /* Additional Control Registers */ 50 #define MUSB_HDRC_DEVCTL 0x60 /* 8 bit */ 51 52 /* These are indexed */ 53 #define MUSB_HDRC_TXFIFOSZ 0x62 /* 8 bit (see masks) */ 54 #define MUSB_HDRC_RXFIFOSZ 0x63 /* 8 bit (see masks) */ 55 #define MUSB_HDRC_TXFIFOADDR 0x64 /* 16 bit offset shifted right 3 */ 56 #define MUSB_HDRC_RXFIFOADDR 0x66 /* 16 bit offset shifted right 3 */ 57 58 /* Some more registers */ 59 #define MUSB_HDRC_VCTRL 0x68 /* 8 bit */ 60 #define MUSB_HDRC_HWVERS 0x6c /* 8 bit */ 61 62 /* Added in HDRC 1.9(?) & MHDRC 1.4 */ 63 /* ULPI pass-through */ 64 #define MUSB_HDRC_ULPI_VBUSCTL 0x70 65 #define MUSB_HDRC_ULPI_REGDATA 0x74 66 #define MUSB_HDRC_ULPI_REGADDR 0x75 67 #define MUSB_HDRC_ULPI_REGCTL 0x76 68 69 /* Extended config & PHY control */ 70 #define MUSB_HDRC_ENDCOUNT 0x78 /* 8 bit */ 71 #define MUSB_HDRC_DMARAMCFG 0x79 /* 8 bit */ 72 #define MUSB_HDRC_PHYWAIT 0x7a /* 8 bit */ 73 #define MUSB_HDRC_PHYVPLEN 0x7b /* 8 bit */ 74 #define MUSB_HDRC_HS_EOF1 0x7c /* 8 bit, units of 546.1 us */ 75 #define MUSB_HDRC_FS_EOF1 0x7d /* 8 bit, units of 533.3 ns */ 76 #define MUSB_HDRC_LS_EOF1 0x7e /* 8 bit, units of 1.067 us */ 77 78 /* Per-EP BUSCTL registers */ 79 #define MUSB_HDRC_BUSCTL 0x80 80 81 /* Per-EP registers in flat mode */ 82 #define MUSB_HDRC_EP 0x100 83 84 /* offsets to registers in flat model */ 85 #define MUSB_HDRC_TXMAXP 0x00 /* 16 bit apparently */ 86 #define MUSB_HDRC_TXCSR 0x02 /* 16 bit apparently */ 87 #define MUSB_HDRC_CSR0 MUSB_HDRC_TXCSR /* re-used for EP0 */ 88 #define MUSB_HDRC_RXMAXP 0x04 /* 16 bit apparently */ 89 #define MUSB_HDRC_RXCSR 0x06 /* 16 bit apparently */ 90 #define MUSB_HDRC_RXCOUNT 0x08 /* 16 bit apparently */ 91 #define MUSB_HDRC_COUNT0 MUSB_HDRC_RXCOUNT /* re-used for EP0 */ 92 #define MUSB_HDRC_TXTYPE 0x0a /* 8 bit apparently */ 93 #define MUSB_HDRC_TYPE0 MUSB_HDRC_TXTYPE /* re-used for EP0 */ 94 #define MUSB_HDRC_TXINTERVAL 0x0b /* 8 bit apparently */ 95 #define MUSB_HDRC_NAKLIMIT0 MUSB_HDRC_TXINTERVAL /* re-used for EP0 */ 96 #define MUSB_HDRC_RXTYPE 0x0c /* 8 bit apparently */ 97 #define MUSB_HDRC_RXINTERVAL 0x0d /* 8 bit apparently */ 98 #define MUSB_HDRC_FIFOSIZE 0x0f /* 8 bit apparently */ 99 #define MUSB_HDRC_CONFIGDATA MGC_O_HDRC_FIFOSIZE /* re-used for EP0 */ 100 101 /* "Bus control" registers */ 102 #define MUSB_HDRC_TXFUNCADDR 0x00 103 #define MUSB_HDRC_TXHUBADDR 0x02 104 #define MUSB_HDRC_TXHUBPORT 0x03 105 106 #define MUSB_HDRC_RXFUNCADDR 0x04 107 #define MUSB_HDRC_RXHUBADDR 0x06 108 #define MUSB_HDRC_RXHUBPORT 0x07 109 110 /* 111 * MUSBHDRC Register bit masks 112 */ 113 114 /* POWER */ 115 #define MGC_M_POWER_ISOUPDATE 0x80 116 #define MGC_M_POWER_SOFTCONN 0x40 117 #define MGC_M_POWER_HSENAB 0x20 118 #define MGC_M_POWER_HSMODE 0x10 119 #define MGC_M_POWER_RESET 0x08 120 #define MGC_M_POWER_RESUME 0x04 121 #define MGC_M_POWER_SUSPENDM 0x02 122 #define MGC_M_POWER_ENSUSPEND 0x01 123 124 /* INTRUSB */ 125 #define MGC_M_INTR_SUSPEND 0x01 126 #define MGC_M_INTR_RESUME 0x02 127 #define MGC_M_INTR_RESET 0x04 128 #define MGC_M_INTR_BABBLE 0x04 129 #define MGC_M_INTR_SOF 0x08 130 #define MGC_M_INTR_CONNECT 0x10 131 #define MGC_M_INTR_DISCONNECT 0x20 132 #define MGC_M_INTR_SESSREQ 0x40 133 #define MGC_M_INTR_VBUSERROR 0x80 /* FOR SESSION END */ 134 #define MGC_M_INTR_EP0 0x01 /* FOR EP0 INTERRUPT */ 135 136 /* DEVCTL */ 137 #define MGC_M_DEVCTL_BDEVICE 0x80 138 #define MGC_M_DEVCTL_FSDEV 0x40 139 #define MGC_M_DEVCTL_LSDEV 0x20 140 #define MGC_M_DEVCTL_VBUS 0x18 141 #define MGC_S_DEVCTL_VBUS 3 142 #define MGC_M_DEVCTL_HM 0x04 143 #define MGC_M_DEVCTL_HR 0x02 144 #define MGC_M_DEVCTL_SESSION 0x01 145 146 /* TESTMODE */ 147 #define MGC_M_TEST_FORCE_HOST 0x80 148 #define MGC_M_TEST_FIFO_ACCESS 0x40 149 #define MGC_M_TEST_FORCE_FS 0x20 150 #define MGC_M_TEST_FORCE_HS 0x10 151 #define MGC_M_TEST_PACKET 0x08 152 #define MGC_M_TEST_K 0x04 153 #define MGC_M_TEST_J 0x02 154 #define MGC_M_TEST_SE0_NAK 0x01 155 156 /* CSR0 */ 157 #define MGC_M_CSR0_FLUSHFIFO 0x0100 158 #define MGC_M_CSR0_TXPKTRDY 0x0002 159 #define MGC_M_CSR0_RXPKTRDY 0x0001 160 161 /* CSR0 in Peripheral mode */ 162 #define MGC_M_CSR0_P_SVDSETUPEND 0x0080 163 #define MGC_M_CSR0_P_SVDRXPKTRDY 0x0040 164 #define MGC_M_CSR0_P_SENDSTALL 0x0020 165 #define MGC_M_CSR0_P_SETUPEND 0x0010 166 #define MGC_M_CSR0_P_DATAEND 0x0008 167 #define MGC_M_CSR0_P_SENTSTALL 0x0004 168 169 /* CSR0 in Host mode */ 170 #define MGC_M_CSR0_H_NO_PING 0x0800 171 #define MGC_M_CSR0_H_WR_DATATOGGLE 0x0400 /* set to allow setting: */ 172 #define MGC_M_CSR0_H_DATATOGGLE 0x0200 /* data toggle control */ 173 #define MGC_M_CSR0_H_NAKTIMEOUT 0x0080 174 #define MGC_M_CSR0_H_STATUSPKT 0x0040 175 #define MGC_M_CSR0_H_REQPKT 0x0020 176 #define MGC_M_CSR0_H_ERROR 0x0010 177 #define MGC_M_CSR0_H_SETUPPKT 0x0008 178 #define MGC_M_CSR0_H_RXSTALL 0x0004 179 180 /* CONFIGDATA */ 181 #define MGC_M_CONFIGDATA_MPRXE 0x80 /* auto bulk pkt combining */ 182 #define MGC_M_CONFIGDATA_MPTXE 0x40 /* auto bulk pkt splitting */ 183 #define MGC_M_CONFIGDATA_BIGENDIAN 0x20 184 #define MGC_M_CONFIGDATA_HBRXE 0x10 /* HB-ISO for RX */ 185 #define MGC_M_CONFIGDATA_HBTXE 0x08 /* HB-ISO for TX */ 186 #define MGC_M_CONFIGDATA_DYNFIFO 0x04 /* dynamic FIFO sizing */ 187 #define MGC_M_CONFIGDATA_SOFTCONE 0x02 /* SoftConnect */ 188 #define MGC_M_CONFIGDATA_UTMIDW 0x01 /* Width, 0 => 8b, 1 => 16b */ 189 190 /* TXCSR in Peripheral and Host mode */ 191 #define MGC_M_TXCSR_AUTOSET 0x8000 192 #define MGC_M_TXCSR_ISO 0x4000 193 #define MGC_M_TXCSR_MODE 0x2000 194 #define MGC_M_TXCSR_DMAENAB 0x1000 195 #define MGC_M_TXCSR_FRCDATATOG 0x0800 196 #define MGC_M_TXCSR_DMAMODE 0x0400 197 #define MGC_M_TXCSR_CLRDATATOG 0x0040 198 #define MGC_M_TXCSR_FLUSHFIFO 0x0008 199 #define MGC_M_TXCSR_FIFONOTEMPTY 0x0002 200 #define MGC_M_TXCSR_TXPKTRDY 0x0001 201 202 /* TXCSR in Peripheral mode */ 203 #define MGC_M_TXCSR_P_INCOMPTX 0x0080 204 #define MGC_M_TXCSR_P_SENTSTALL 0x0020 205 #define MGC_M_TXCSR_P_SENDSTALL 0x0010 206 #define MGC_M_TXCSR_P_UNDERRUN 0x0004 207 208 /* TXCSR in Host mode */ 209 #define MGC_M_TXCSR_H_WR_DATATOGGLE 0x0200 210 #define MGC_M_TXCSR_H_DATATOGGLE 0x0100 211 #define MGC_M_TXCSR_H_NAKTIMEOUT 0x0080 212 #define MGC_M_TXCSR_H_RXSTALL 0x0020 213 #define MGC_M_TXCSR_H_ERROR 0x0004 214 215 /* RXCSR in Peripheral and Host mode */ 216 #define MGC_M_RXCSR_AUTOCLEAR 0x8000 217 #define MGC_M_RXCSR_DMAENAB 0x2000 218 #define MGC_M_RXCSR_DISNYET 0x1000 219 #define MGC_M_RXCSR_DMAMODE 0x0800 220 #define MGC_M_RXCSR_INCOMPRX 0x0100 221 #define MGC_M_RXCSR_CLRDATATOG 0x0080 222 #define MGC_M_RXCSR_FLUSHFIFO 0x0010 223 #define MGC_M_RXCSR_DATAERROR 0x0008 224 #define MGC_M_RXCSR_FIFOFULL 0x0002 225 #define MGC_M_RXCSR_RXPKTRDY 0x0001 226 227 /* RXCSR in Peripheral mode */ 228 #define MGC_M_RXCSR_P_ISO 0x4000 229 #define MGC_M_RXCSR_P_SENTSTALL 0x0040 230 #define MGC_M_RXCSR_P_SENDSTALL 0x0020 231 #define MGC_M_RXCSR_P_OVERRUN 0x0004 232 233 /* RXCSR in Host mode */ 234 #define MGC_M_RXCSR_H_AUTOREQ 0x4000 235 #define MGC_M_RXCSR_H_WR_DATATOGGLE 0x0400 236 #define MGC_M_RXCSR_H_DATATOGGLE 0x0200 237 #define MGC_M_RXCSR_H_RXSTALL 0x0040 238 #define MGC_M_RXCSR_H_REQPKT 0x0020 239 #define MGC_M_RXCSR_H_ERROR 0x0004 240 241 /* HUBADDR */ 242 #define MGC_M_HUBADDR_MULTI_TT 0x80 243 244 /* ULPI: Added in HDRC 1.9(?) & MHDRC 1.4 */ 245 #define MGC_M_ULPI_VBCTL_USEEXTVBUSIND 0x02 246 #define MGC_M_ULPI_VBCTL_USEEXTVBUS 0x01 247 #define MGC_M_ULPI_REGCTL_INT_ENABLE 0x08 248 #define MGC_M_ULPI_REGCTL_READNOTWRITE 0x04 249 #define MGC_M_ULPI_REGCTL_COMPLETE 0x02 250 #define MGC_M_ULPI_REGCTL_REG 0x01 251 252 /* #define MUSB_DEBUG */ 253 254 #ifdef MUSB_DEBUG 255 #define TRACE(fmt,...) fprintf(stderr, "%s@%d: " fmt "\n", __FUNCTION__, \ 256 __LINE__, ##__VA_ARGS__) 257 #else 258 #define TRACE(...) 259 #endif 260 261 262 static void musb_attach(USBPort *port); 263 static void musb_detach(USBPort *port); 264 static void musb_child_detach(USBPort *port, USBDevice *child); 265 static void musb_schedule_cb(USBPort *port, USBPacket *p); 266 static void musb_async_cancel_device(MUSBState *s, USBDevice *dev); 267 268 static USBPortOps musb_port_ops = { 269 .attach = musb_attach, 270 .detach = musb_detach, 271 .child_detach = musb_child_detach, 272 .complete = musb_schedule_cb, 273 }; 274 275 static USBBusOps musb_bus_ops = { 276 }; 277 278 typedef struct MUSBPacket MUSBPacket; 279 typedef struct MUSBEndPoint MUSBEndPoint; 280 281 struct MUSBPacket { 282 USBPacket p; 283 MUSBEndPoint *ep; 284 int dir; 285 }; 286 287 struct MUSBEndPoint { 288 uint16_t faddr[2]; 289 uint8_t haddr[2]; 290 uint8_t hport[2]; 291 uint16_t csr[2]; 292 uint16_t maxp[2]; 293 uint16_t rxcount; 294 uint8_t type[2]; 295 uint8_t interval[2]; 296 uint8_t config; 297 uint8_t fifosize; 298 int timeout[2]; /* Always in microframes */ 299 300 uint8_t *buf[2]; 301 int fifolen[2]; 302 int fifostart[2]; 303 int fifoaddr[2]; 304 MUSBPacket packey[2]; 305 int status[2]; 306 int ext_size[2]; 307 308 /* For callbacks' use */ 309 int epnum; 310 int interrupt[2]; 311 MUSBState *musb; 312 USBCallback *delayed_cb[2]; 313 QEMUTimer *intv_timer[2]; 314 }; 315 316 struct MUSBState { 317 qemu_irq irqs[musb_irq_max]; 318 USBBus bus; 319 USBPort port; 320 321 int idx; 322 uint8_t devctl; 323 uint8_t power; 324 uint8_t faddr; 325 326 uint8_t intr; 327 uint8_t mask; 328 uint16_t tx_intr; 329 uint16_t tx_mask; 330 uint16_t rx_intr; 331 uint16_t rx_mask; 332 333 int setup_len; 334 int session; 335 336 uint8_t buf[0x8000]; 337 338 /* Duplicating the world since 2008!... probably we should have 32 339 * logical, single endpoints instead. */ 340 MUSBEndPoint ep[16]; 341 }; 342 343 void musb_reset(MUSBState *s) 344 { 345 int i; 346 347 s->faddr = 0x00; 348 s->devctl = 0; 349 s->power = MGC_M_POWER_HSENAB; 350 s->tx_intr = 0x0000; 351 s->rx_intr = 0x0000; 352 s->tx_mask = 0xffff; 353 s->rx_mask = 0xffff; 354 s->intr = 0x00; 355 s->mask = 0x06; 356 s->idx = 0; 357 358 s->setup_len = 0; 359 s->session = 0; 360 memset(s->buf, 0, sizeof(s->buf)); 361 362 /* TODO: _DW */ 363 s->ep[0].config = MGC_M_CONFIGDATA_SOFTCONE | MGC_M_CONFIGDATA_DYNFIFO; 364 for (i = 0; i < 16; i ++) { 365 s->ep[i].fifosize = 64; 366 s->ep[i].maxp[0] = 0x40; 367 s->ep[i].maxp[1] = 0x40; 368 s->ep[i].musb = s; 369 s->ep[i].epnum = i; 370 usb_packet_init(&s->ep[i].packey[0].p); 371 usb_packet_init(&s->ep[i].packey[1].p); 372 } 373 } 374 375 struct MUSBState *musb_init(DeviceState *parent_device, int gpio_base) 376 { 377 MUSBState *s = g_malloc0(sizeof(*s)); 378 int i; 379 380 for (i = 0; i < musb_irq_max; i++) { 381 s->irqs[i] = qdev_get_gpio_in(parent_device, gpio_base + i); 382 } 383 384 musb_reset(s); 385 386 usb_bus_new(&s->bus, sizeof(s->bus), &musb_bus_ops, parent_device); 387 usb_register_port(&s->bus, &s->port, s, 0, &musb_port_ops, 388 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL); 389 390 return s; 391 } 392 393 static void musb_vbus_set(MUSBState *s, int level) 394 { 395 if (level) 396 s->devctl |= 3 << MGC_S_DEVCTL_VBUS; 397 else 398 s->devctl &= ~MGC_M_DEVCTL_VBUS; 399 400 qemu_set_irq(s->irqs[musb_set_vbus], level); 401 } 402 403 static void musb_intr_set(MUSBState *s, int line, int level) 404 { 405 if (!level) { 406 s->intr &= ~(1 << line); 407 qemu_irq_lower(s->irqs[line]); 408 } else if (s->mask & (1 << line)) { 409 s->intr |= 1 << line; 410 qemu_irq_raise(s->irqs[line]); 411 } 412 } 413 414 static void musb_tx_intr_set(MUSBState *s, int line, int level) 415 { 416 if (!level) { 417 s->tx_intr &= ~(1 << line); 418 if (!s->tx_intr) 419 qemu_irq_lower(s->irqs[musb_irq_tx]); 420 } else if (s->tx_mask & (1 << line)) { 421 s->tx_intr |= 1 << line; 422 qemu_irq_raise(s->irqs[musb_irq_tx]); 423 } 424 } 425 426 static void musb_rx_intr_set(MUSBState *s, int line, int level) 427 { 428 if (line) { 429 if (!level) { 430 s->rx_intr &= ~(1 << line); 431 if (!s->rx_intr) 432 qemu_irq_lower(s->irqs[musb_irq_rx]); 433 } else if (s->rx_mask & (1 << line)) { 434 s->rx_intr |= 1 << line; 435 qemu_irq_raise(s->irqs[musb_irq_rx]); 436 } 437 } else 438 musb_tx_intr_set(s, line, level); 439 } 440 441 uint32_t musb_core_intr_get(MUSBState *s) 442 { 443 return (s->rx_intr << 15) | s->tx_intr; 444 } 445 446 void musb_core_intr_clear(MUSBState *s, uint32_t mask) 447 { 448 if (s->rx_intr) { 449 s->rx_intr &= mask >> 15; 450 if (!s->rx_intr) 451 qemu_irq_lower(s->irqs[musb_irq_rx]); 452 } 453 454 if (s->tx_intr) { 455 s->tx_intr &= mask & 0xffff; 456 if (!s->tx_intr) 457 qemu_irq_lower(s->irqs[musb_irq_tx]); 458 } 459 } 460 461 void musb_set_size(MUSBState *s, int epnum, int size, int is_tx) 462 { 463 s->ep[epnum].ext_size[!is_tx] = size; 464 s->ep[epnum].fifostart[0] = 0; 465 s->ep[epnum].fifostart[1] = 0; 466 s->ep[epnum].fifolen[0] = 0; 467 s->ep[epnum].fifolen[1] = 0; 468 } 469 470 static void musb_session_update(MUSBState *s, int prev_dev, int prev_sess) 471 { 472 int detect_prev = prev_dev && prev_sess; 473 int detect = !!s->port.dev && s->session; 474 475 if (detect && !detect_prev) { 476 /* Let's skip the ID pin sense and VBUS sense formalities and 477 * and signal a successful SRP directly. This should work at least 478 * for the Linux driver stack. */ 479 musb_intr_set(s, musb_irq_connect, 1); 480 481 if (s->port.dev->speed == USB_SPEED_LOW) { 482 s->devctl &= ~MGC_M_DEVCTL_FSDEV; 483 s->devctl |= MGC_M_DEVCTL_LSDEV; 484 } else { 485 s->devctl |= MGC_M_DEVCTL_FSDEV; 486 s->devctl &= ~MGC_M_DEVCTL_LSDEV; 487 } 488 489 /* A-mode? */ 490 s->devctl &= ~MGC_M_DEVCTL_BDEVICE; 491 492 /* Host-mode bit? */ 493 s->devctl |= MGC_M_DEVCTL_HM; 494 #if 1 495 musb_vbus_set(s, 1); 496 #endif 497 } else if (!detect && detect_prev) { 498 #if 1 499 musb_vbus_set(s, 0); 500 #endif 501 } 502 } 503 504 /* Attach or detach a device on our only port. */ 505 static void musb_attach(USBPort *port) 506 { 507 MUSBState *s = (MUSBState *) port->opaque; 508 509 musb_intr_set(s, musb_irq_vbus_request, 1); 510 musb_session_update(s, 0, s->session); 511 } 512 513 static void musb_detach(USBPort *port) 514 { 515 MUSBState *s = (MUSBState *) port->opaque; 516 517 musb_async_cancel_device(s, port->dev); 518 519 musb_intr_set(s, musb_irq_disconnect, 1); 520 musb_session_update(s, 1, s->session); 521 } 522 523 static void musb_child_detach(USBPort *port, USBDevice *child) 524 { 525 MUSBState *s = (MUSBState *) port->opaque; 526 527 musb_async_cancel_device(s, child); 528 } 529 530 static void musb_cb_tick0(void *opaque) 531 { 532 MUSBEndPoint *ep = (MUSBEndPoint *) opaque; 533 534 ep->delayed_cb[0](&ep->packey[0].p, opaque); 535 } 536 537 static void musb_cb_tick1(void *opaque) 538 { 539 MUSBEndPoint *ep = (MUSBEndPoint *) opaque; 540 541 ep->delayed_cb[1](&ep->packey[1].p, opaque); 542 } 543 544 #define musb_cb_tick (dir ? musb_cb_tick1 : musb_cb_tick0) 545 546 static void musb_schedule_cb(USBPort *port, USBPacket *packey) 547 { 548 MUSBPacket *p = container_of(packey, MUSBPacket, p); 549 MUSBEndPoint *ep = p->ep; 550 int dir = p->dir; 551 int timeout = 0; 552 553 if (ep->status[dir] == USB_RET_NAK) 554 timeout = ep->timeout[dir]; 555 else if (ep->interrupt[dir]) 556 timeout = 8; 557 else 558 return musb_cb_tick(ep); 559 560 if (!ep->intv_timer[dir]) 561 ep->intv_timer[dir] = timer_new_ns(QEMU_CLOCK_VIRTUAL, musb_cb_tick, ep); 562 563 timer_mod(ep->intv_timer[dir], qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 564 muldiv64(timeout, get_ticks_per_sec(), 8000)); 565 } 566 567 static int musb_timeout(int ttype, int speed, int val) 568 { 569 #if 1 570 return val << 3; 571 #endif 572 573 switch (ttype) { 574 case USB_ENDPOINT_XFER_CONTROL: 575 if (val < 2) 576 return 0; 577 else if (speed == USB_SPEED_HIGH) 578 return 1 << (val - 1); 579 else 580 return 8 << (val - 1); 581 582 case USB_ENDPOINT_XFER_INT: 583 if (speed == USB_SPEED_HIGH) 584 if (val < 2) 585 return 0; 586 else 587 return 1 << (val - 1); 588 else 589 return val << 3; 590 591 case USB_ENDPOINT_XFER_BULK: 592 case USB_ENDPOINT_XFER_ISOC: 593 if (val < 2) 594 return 0; 595 else if (speed == USB_SPEED_HIGH) 596 return 1 << (val - 1); 597 else 598 return 8 << (val - 1); 599 /* TODO: what with low-speed Bulk and Isochronous? */ 600 } 601 602 hw_error("bad interval\n"); 603 } 604 605 static void musb_packet(MUSBState *s, MUSBEndPoint *ep, 606 int epnum, int pid, int len, USBCallback cb, int dir) 607 { 608 USBDevice *dev; 609 USBEndpoint *uep; 610 int idx = epnum && dir; 611 int ttype; 612 613 /* ep->type[0,1] contains: 614 * in bits 7:6 the speed (0 - invalid, 1 - high, 2 - full, 3 - slow) 615 * in bits 5:4 the transfer type (BULK / INT) 616 * in bits 3:0 the EP num 617 */ 618 ttype = epnum ? (ep->type[idx] >> 4) & 3 : 0; 619 620 ep->timeout[dir] = musb_timeout(ttype, 621 ep->type[idx] >> 6, ep->interval[idx]); 622 ep->interrupt[dir] = ttype == USB_ENDPOINT_XFER_INT; 623 ep->delayed_cb[dir] = cb; 624 625 /* A wild guess on the FADDR semantics... */ 626 dev = usb_find_device(&s->port, ep->faddr[idx]); 627 uep = usb_ep_get(dev, pid, ep->type[idx] & 0xf); 628 usb_packet_setup(&ep->packey[dir].p, pid, uep, 0, 629 (dev->addr << 16) | (uep->nr << 8) | pid, false, true); 630 usb_packet_addbuf(&ep->packey[dir].p, ep->buf[idx], len); 631 ep->packey[dir].ep = ep; 632 ep->packey[dir].dir = dir; 633 634 usb_handle_packet(dev, &ep->packey[dir].p); 635 636 if (ep->packey[dir].p.status == USB_RET_ASYNC) { 637 usb_device_flush_ep_queue(dev, uep); 638 ep->status[dir] = len; 639 return; 640 } 641 642 if (ep->packey[dir].p.status == USB_RET_SUCCESS) { 643 ep->status[dir] = ep->packey[dir].p.actual_length; 644 } else { 645 ep->status[dir] = ep->packey[dir].p.status; 646 } 647 musb_schedule_cb(&s->port, &ep->packey[dir].p); 648 } 649 650 static void musb_tx_packet_complete(USBPacket *packey, void *opaque) 651 { 652 /* Unfortunately we can't use packey->devep because that's the remote 653 * endpoint number and may be different than our local. */ 654 MUSBEndPoint *ep = (MUSBEndPoint *) opaque; 655 int epnum = ep->epnum; 656 MUSBState *s = ep->musb; 657 658 ep->fifostart[0] = 0; 659 ep->fifolen[0] = 0; 660 #ifdef CLEAR_NAK 661 if (ep->status[0] != USB_RET_NAK) { 662 #endif 663 if (epnum) 664 ep->csr[0] &= ~(MGC_M_TXCSR_FIFONOTEMPTY | MGC_M_TXCSR_TXPKTRDY); 665 else 666 ep->csr[0] &= ~MGC_M_CSR0_TXPKTRDY; 667 #ifdef CLEAR_NAK 668 } 669 #endif 670 671 /* Clear all of the error bits first */ 672 if (epnum) 673 ep->csr[0] &= ~(MGC_M_TXCSR_H_ERROR | MGC_M_TXCSR_H_RXSTALL | 674 MGC_M_TXCSR_H_NAKTIMEOUT); 675 else 676 ep->csr[0] &= ~(MGC_M_CSR0_H_ERROR | MGC_M_CSR0_H_RXSTALL | 677 MGC_M_CSR0_H_NAKTIMEOUT | MGC_M_CSR0_H_NO_PING); 678 679 if (ep->status[0] == USB_RET_STALL) { 680 /* Command not supported by target! */ 681 ep->status[0] = 0; 682 683 if (epnum) 684 ep->csr[0] |= MGC_M_TXCSR_H_RXSTALL; 685 else 686 ep->csr[0] |= MGC_M_CSR0_H_RXSTALL; 687 } 688 689 if (ep->status[0] == USB_RET_NAK) { 690 ep->status[0] = 0; 691 692 /* NAK timeouts are only generated in Bulk transfers and 693 * Data-errors in Isochronous. */ 694 if (ep->interrupt[0]) { 695 return; 696 } 697 698 if (epnum) 699 ep->csr[0] |= MGC_M_TXCSR_H_NAKTIMEOUT; 700 else 701 ep->csr[0] |= MGC_M_CSR0_H_NAKTIMEOUT; 702 } 703 704 if (ep->status[0] < 0) { 705 if (ep->status[0] == USB_RET_BABBLE) 706 musb_intr_set(s, musb_irq_rst_babble, 1); 707 708 /* Pretend we've tried three times already and failed (in 709 * case of USB_TOKEN_SETUP). */ 710 if (epnum) 711 ep->csr[0] |= MGC_M_TXCSR_H_ERROR; 712 else 713 ep->csr[0] |= MGC_M_CSR0_H_ERROR; 714 715 musb_tx_intr_set(s, epnum, 1); 716 return; 717 } 718 /* TODO: check len for over/underruns of an OUT packet? */ 719 720 #ifdef SETUPLEN_HACK 721 if (!epnum && ep->packey[0].pid == USB_TOKEN_SETUP) 722 s->setup_len = ep->packey[0].data[6]; 723 #endif 724 725 /* In DMA mode: if no error, assert DMA request for this EP, 726 * and skip the interrupt. */ 727 musb_tx_intr_set(s, epnum, 1); 728 } 729 730 static void musb_rx_packet_complete(USBPacket *packey, void *opaque) 731 { 732 /* Unfortunately we can't use packey->devep because that's the remote 733 * endpoint number and may be different than our local. */ 734 MUSBEndPoint *ep = (MUSBEndPoint *) opaque; 735 int epnum = ep->epnum; 736 MUSBState *s = ep->musb; 737 738 ep->fifostart[1] = 0; 739 ep->fifolen[1] = 0; 740 741 #ifdef CLEAR_NAK 742 if (ep->status[1] != USB_RET_NAK) { 743 #endif 744 ep->csr[1] &= ~MGC_M_RXCSR_H_REQPKT; 745 if (!epnum) 746 ep->csr[0] &= ~MGC_M_CSR0_H_REQPKT; 747 #ifdef CLEAR_NAK 748 } 749 #endif 750 751 /* Clear all of the imaginable error bits first */ 752 ep->csr[1] &= ~(MGC_M_RXCSR_H_ERROR | MGC_M_RXCSR_H_RXSTALL | 753 MGC_M_RXCSR_DATAERROR); 754 if (!epnum) 755 ep->csr[0] &= ~(MGC_M_CSR0_H_ERROR | MGC_M_CSR0_H_RXSTALL | 756 MGC_M_CSR0_H_NAKTIMEOUT | MGC_M_CSR0_H_NO_PING); 757 758 if (ep->status[1] == USB_RET_STALL) { 759 ep->status[1] = 0; 760 761 ep->csr[1] |= MGC_M_RXCSR_H_RXSTALL; 762 if (!epnum) 763 ep->csr[0] |= MGC_M_CSR0_H_RXSTALL; 764 } 765 766 if (ep->status[1] == USB_RET_NAK) { 767 ep->status[1] = 0; 768 769 /* NAK timeouts are only generated in Bulk transfers and 770 * Data-errors in Isochronous. */ 771 if (ep->interrupt[1]) 772 return musb_packet(s, ep, epnum, USB_TOKEN_IN, 773 packey->iov.size, musb_rx_packet_complete, 1); 774 775 ep->csr[1] |= MGC_M_RXCSR_DATAERROR; 776 if (!epnum) 777 ep->csr[0] |= MGC_M_CSR0_H_NAKTIMEOUT; 778 } 779 780 if (ep->status[1] < 0) { 781 if (ep->status[1] == USB_RET_BABBLE) { 782 musb_intr_set(s, musb_irq_rst_babble, 1); 783 return; 784 } 785 786 /* Pretend we've tried three times already and failed (in 787 * case of a control transfer). */ 788 ep->csr[1] |= MGC_M_RXCSR_H_ERROR; 789 if (!epnum) 790 ep->csr[0] |= MGC_M_CSR0_H_ERROR; 791 792 musb_rx_intr_set(s, epnum, 1); 793 return; 794 } 795 /* TODO: check len for over/underruns of an OUT packet? */ 796 /* TODO: perhaps make use of e->ext_size[1] here. */ 797 798 if (!(ep->csr[1] & (MGC_M_RXCSR_H_RXSTALL | MGC_M_RXCSR_DATAERROR))) { 799 ep->csr[1] |= MGC_M_RXCSR_FIFOFULL | MGC_M_RXCSR_RXPKTRDY; 800 if (!epnum) 801 ep->csr[0] |= MGC_M_CSR0_RXPKTRDY; 802 803 ep->rxcount = ep->status[1]; /* XXX: MIN(packey->len, ep->maxp[1]); */ 804 /* In DMA mode: assert DMA request for this EP */ 805 } 806 807 /* Only if DMA has not been asserted */ 808 musb_rx_intr_set(s, epnum, 1); 809 } 810 811 static void musb_async_cancel_device(MUSBState *s, USBDevice *dev) 812 { 813 int ep, dir; 814 815 for (ep = 0; ep < 16; ep++) { 816 for (dir = 0; dir < 2; dir++) { 817 if (!usb_packet_is_inflight(&s->ep[ep].packey[dir].p) || 818 s->ep[ep].packey[dir].p.ep->dev != dev) { 819 continue; 820 } 821 usb_cancel_packet(&s->ep[ep].packey[dir].p); 822 /* status updates needed here? */ 823 } 824 } 825 } 826 827 static void musb_tx_rdy(MUSBState *s, int epnum) 828 { 829 MUSBEndPoint *ep = s->ep + epnum; 830 int pid; 831 int total, valid = 0; 832 TRACE("start %d, len %d", ep->fifostart[0], ep->fifolen[0] ); 833 ep->fifostart[0] += ep->fifolen[0]; 834 ep->fifolen[0] = 0; 835 836 /* XXX: how's the total size of the packet retrieved exactly in 837 * the generic case? */ 838 total = ep->maxp[0] & 0x3ff; 839 840 if (ep->ext_size[0]) { 841 total = ep->ext_size[0]; 842 ep->ext_size[0] = 0; 843 valid = 1; 844 } 845 846 /* If the packet is not fully ready yet, wait for a next segment. */ 847 if (epnum && (ep->fifostart[0]) < total) 848 return; 849 850 if (!valid) 851 total = ep->fifostart[0]; 852 853 pid = USB_TOKEN_OUT; 854 if (!epnum && (ep->csr[0] & MGC_M_CSR0_H_SETUPPKT)) { 855 pid = USB_TOKEN_SETUP; 856 if (total != 8) { 857 TRACE("illegal SETUPPKT length of %i bytes", total); 858 } 859 /* Controller should retry SETUP packets three times on errors 860 * but it doesn't make sense for us to do that. */ 861 } 862 863 return musb_packet(s, ep, epnum, pid, 864 total, musb_tx_packet_complete, 0); 865 } 866 867 static void musb_rx_req(MUSBState *s, int epnum) 868 { 869 MUSBEndPoint *ep = s->ep + epnum; 870 int total; 871 872 /* If we already have a packet, which didn't fit into the 873 * 64 bytes of the FIFO, only move the FIFO start and return. (Obsolete) */ 874 if (ep->packey[1].p.pid == USB_TOKEN_IN && ep->status[1] >= 0 && 875 (ep->fifostart[1]) + ep->rxcount < 876 ep->packey[1].p.iov.size) { 877 TRACE("0x%08x, %d", ep->fifostart[1], ep->rxcount ); 878 ep->fifostart[1] += ep->rxcount; 879 ep->fifolen[1] = 0; 880 881 ep->rxcount = MIN(ep->packey[0].p.iov.size - (ep->fifostart[1]), 882 ep->maxp[1]); 883 884 ep->csr[1] &= ~MGC_M_RXCSR_H_REQPKT; 885 if (!epnum) 886 ep->csr[0] &= ~MGC_M_CSR0_H_REQPKT; 887 888 /* Clear all of the error bits first */ 889 ep->csr[1] &= ~(MGC_M_RXCSR_H_ERROR | MGC_M_RXCSR_H_RXSTALL | 890 MGC_M_RXCSR_DATAERROR); 891 if (!epnum) 892 ep->csr[0] &= ~(MGC_M_CSR0_H_ERROR | MGC_M_CSR0_H_RXSTALL | 893 MGC_M_CSR0_H_NAKTIMEOUT | MGC_M_CSR0_H_NO_PING); 894 895 ep->csr[1] |= MGC_M_RXCSR_FIFOFULL | MGC_M_RXCSR_RXPKTRDY; 896 if (!epnum) 897 ep->csr[0] |= MGC_M_CSR0_RXPKTRDY; 898 musb_rx_intr_set(s, epnum, 1); 899 return; 900 } 901 902 /* The driver sets maxp[1] to 64 or less because it knows the hardware 903 * FIFO is this deep. Bigger packets get split in 904 * usb_generic_handle_packet but we can also do the splitting locally 905 * for performance. It turns out we can also have a bigger FIFO and 906 * ignore the limit set in ep->maxp[1]. The Linux MUSB driver deals 907 * OK with single packets of even 32KB and we avoid splitting, however 908 * usb_msd.c sometimes sends a packet bigger than what Linux expects 909 * (e.g. 8192 bytes instead of 4096) and we get an OVERRUN. Splitting 910 * hides this overrun from Linux. Up to 4096 everything is fine 911 * though. Currently this is disabled. 912 * 913 * XXX: mind ep->fifosize. */ 914 total = MIN(ep->maxp[1] & 0x3ff, sizeof(s->buf)); 915 916 #ifdef SETUPLEN_HACK 917 /* Why should *we* do that instead of Linux? */ 918 if (!epnum) { 919 if (ep->packey[0].p.devaddr == 2) { 920 total = MIN(s->setup_len, 8); 921 } else { 922 total = MIN(s->setup_len, 64); 923 } 924 s->setup_len -= total; 925 } 926 #endif 927 928 return musb_packet(s, ep, epnum, USB_TOKEN_IN, 929 total, musb_rx_packet_complete, 1); 930 } 931 932 static uint8_t musb_read_fifo(MUSBEndPoint *ep) 933 { 934 uint8_t value; 935 if (ep->fifolen[1] >= 64) { 936 /* We have a FIFO underrun */ 937 TRACE("EP%d FIFO is now empty, stop reading", ep->epnum); 938 return 0x00000000; 939 } 940 /* In DMA mode clear RXPKTRDY and set REQPKT automatically 941 * (if AUTOREQ is set) */ 942 943 ep->csr[1] &= ~MGC_M_RXCSR_FIFOFULL; 944 value=ep->buf[1][ep->fifostart[1] + ep->fifolen[1] ++]; 945 TRACE("EP%d 0x%02x, %d", ep->epnum, value, ep->fifolen[1] ); 946 return value; 947 } 948 949 static void musb_write_fifo(MUSBEndPoint *ep, uint8_t value) 950 { 951 TRACE("EP%d = %02x", ep->epnum, value); 952 if (ep->fifolen[0] >= 64) { 953 /* We have a FIFO overrun */ 954 TRACE("EP%d FIFO exceeded 64 bytes, stop feeding data", ep->epnum); 955 return; 956 } 957 958 ep->buf[0][ep->fifostart[0] + ep->fifolen[0] ++] = value; 959 ep->csr[0] |= MGC_M_TXCSR_FIFONOTEMPTY; 960 } 961 962 static void musb_ep_frame_cancel(MUSBEndPoint *ep, int dir) 963 { 964 if (ep->intv_timer[dir]) 965 timer_del(ep->intv_timer[dir]); 966 } 967 968 /* Bus control */ 969 static uint8_t musb_busctl_readb(void *opaque, int ep, int addr) 970 { 971 MUSBState *s = (MUSBState *) opaque; 972 973 switch (addr) { 974 /* For USB2.0 HS hubs only */ 975 case MUSB_HDRC_TXHUBADDR: 976 return s->ep[ep].haddr[0]; 977 case MUSB_HDRC_TXHUBPORT: 978 return s->ep[ep].hport[0]; 979 case MUSB_HDRC_RXHUBADDR: 980 return s->ep[ep].haddr[1]; 981 case MUSB_HDRC_RXHUBPORT: 982 return s->ep[ep].hport[1]; 983 984 default: 985 TRACE("unknown register 0x%02x", addr); 986 return 0x00; 987 }; 988 } 989 990 static void musb_busctl_writeb(void *opaque, int ep, int addr, uint8_t value) 991 { 992 MUSBState *s = (MUSBState *) opaque; 993 994 switch (addr) { 995 case MUSB_HDRC_TXFUNCADDR: 996 s->ep[ep].faddr[0] = value; 997 break; 998 case MUSB_HDRC_RXFUNCADDR: 999 s->ep[ep].faddr[1] = value; 1000 break; 1001 case MUSB_HDRC_TXHUBADDR: 1002 s->ep[ep].haddr[0] = value; 1003 break; 1004 case MUSB_HDRC_TXHUBPORT: 1005 s->ep[ep].hport[0] = value; 1006 break; 1007 case MUSB_HDRC_RXHUBADDR: 1008 s->ep[ep].haddr[1] = value; 1009 break; 1010 case MUSB_HDRC_RXHUBPORT: 1011 s->ep[ep].hport[1] = value; 1012 break; 1013 1014 default: 1015 TRACE("unknown register 0x%02x", addr); 1016 break; 1017 }; 1018 } 1019 1020 static uint16_t musb_busctl_readh(void *opaque, int ep, int addr) 1021 { 1022 MUSBState *s = (MUSBState *) opaque; 1023 1024 switch (addr) { 1025 case MUSB_HDRC_TXFUNCADDR: 1026 return s->ep[ep].faddr[0]; 1027 case MUSB_HDRC_RXFUNCADDR: 1028 return s->ep[ep].faddr[1]; 1029 1030 default: 1031 return musb_busctl_readb(s, ep, addr) | 1032 (musb_busctl_readb(s, ep, addr | 1) << 8); 1033 }; 1034 } 1035 1036 static void musb_busctl_writeh(void *opaque, int ep, int addr, uint16_t value) 1037 { 1038 MUSBState *s = (MUSBState *) opaque; 1039 1040 switch (addr) { 1041 case MUSB_HDRC_TXFUNCADDR: 1042 s->ep[ep].faddr[0] = value; 1043 break; 1044 case MUSB_HDRC_RXFUNCADDR: 1045 s->ep[ep].faddr[1] = value; 1046 break; 1047 1048 default: 1049 musb_busctl_writeb(s, ep, addr, value & 0xff); 1050 musb_busctl_writeb(s, ep, addr | 1, value >> 8); 1051 }; 1052 } 1053 1054 /* Endpoint control */ 1055 static uint8_t musb_ep_readb(void *opaque, int ep, int addr) 1056 { 1057 MUSBState *s = (MUSBState *) opaque; 1058 1059 switch (addr) { 1060 case MUSB_HDRC_TXTYPE: 1061 return s->ep[ep].type[0]; 1062 case MUSB_HDRC_TXINTERVAL: 1063 return s->ep[ep].interval[0]; 1064 case MUSB_HDRC_RXTYPE: 1065 return s->ep[ep].type[1]; 1066 case MUSB_HDRC_RXINTERVAL: 1067 return s->ep[ep].interval[1]; 1068 case (MUSB_HDRC_FIFOSIZE & ~1): 1069 return 0x00; 1070 case MUSB_HDRC_FIFOSIZE: 1071 return ep ? s->ep[ep].fifosize : s->ep[ep].config; 1072 case MUSB_HDRC_RXCOUNT: 1073 return s->ep[ep].rxcount; 1074 1075 default: 1076 TRACE("unknown register 0x%02x", addr); 1077 return 0x00; 1078 }; 1079 } 1080 1081 static void musb_ep_writeb(void *opaque, int ep, int addr, uint8_t value) 1082 { 1083 MUSBState *s = (MUSBState *) opaque; 1084 1085 switch (addr) { 1086 case MUSB_HDRC_TXTYPE: 1087 s->ep[ep].type[0] = value; 1088 break; 1089 case MUSB_HDRC_TXINTERVAL: 1090 s->ep[ep].interval[0] = value; 1091 musb_ep_frame_cancel(&s->ep[ep], 0); 1092 break; 1093 case MUSB_HDRC_RXTYPE: 1094 s->ep[ep].type[1] = value; 1095 break; 1096 case MUSB_HDRC_RXINTERVAL: 1097 s->ep[ep].interval[1] = value; 1098 musb_ep_frame_cancel(&s->ep[ep], 1); 1099 break; 1100 case (MUSB_HDRC_FIFOSIZE & ~1): 1101 break; 1102 case MUSB_HDRC_FIFOSIZE: 1103 TRACE("somebody messes with fifosize (now %i bytes)", value); 1104 s->ep[ep].fifosize = value; 1105 break; 1106 default: 1107 TRACE("unknown register 0x%02x", addr); 1108 break; 1109 }; 1110 } 1111 1112 static uint16_t musb_ep_readh(void *opaque, int ep, int addr) 1113 { 1114 MUSBState *s = (MUSBState *) opaque; 1115 uint16_t ret; 1116 1117 switch (addr) { 1118 case MUSB_HDRC_TXMAXP: 1119 return s->ep[ep].maxp[0]; 1120 case MUSB_HDRC_TXCSR: 1121 return s->ep[ep].csr[0]; 1122 case MUSB_HDRC_RXMAXP: 1123 return s->ep[ep].maxp[1]; 1124 case MUSB_HDRC_RXCSR: 1125 ret = s->ep[ep].csr[1]; 1126 1127 /* TODO: This and other bits probably depend on 1128 * ep->csr[1] & MGC_M_RXCSR_AUTOCLEAR. */ 1129 if (s->ep[ep].csr[1] & MGC_M_RXCSR_AUTOCLEAR) 1130 s->ep[ep].csr[1] &= ~MGC_M_RXCSR_RXPKTRDY; 1131 1132 return ret; 1133 case MUSB_HDRC_RXCOUNT: 1134 return s->ep[ep].rxcount; 1135 1136 default: 1137 return musb_ep_readb(s, ep, addr) | 1138 (musb_ep_readb(s, ep, addr | 1) << 8); 1139 }; 1140 } 1141 1142 static void musb_ep_writeh(void *opaque, int ep, int addr, uint16_t value) 1143 { 1144 MUSBState *s = (MUSBState *) opaque; 1145 1146 switch (addr) { 1147 case MUSB_HDRC_TXMAXP: 1148 s->ep[ep].maxp[0] = value; 1149 break; 1150 case MUSB_HDRC_TXCSR: 1151 if (ep) { 1152 s->ep[ep].csr[0] &= value & 0xa6; 1153 s->ep[ep].csr[0] |= value & 0xff59; 1154 } else { 1155 s->ep[ep].csr[0] &= value & 0x85; 1156 s->ep[ep].csr[0] |= value & 0xf7a; 1157 } 1158 1159 musb_ep_frame_cancel(&s->ep[ep], 0); 1160 1161 if ((ep && (value & MGC_M_TXCSR_FLUSHFIFO)) || 1162 (!ep && (value & MGC_M_CSR0_FLUSHFIFO))) { 1163 s->ep[ep].fifolen[0] = 0; 1164 s->ep[ep].fifostart[0] = 0; 1165 if (ep) 1166 s->ep[ep].csr[0] &= 1167 ~(MGC_M_TXCSR_FIFONOTEMPTY | MGC_M_TXCSR_TXPKTRDY); 1168 else 1169 s->ep[ep].csr[0] &= 1170 ~(MGC_M_CSR0_TXPKTRDY | MGC_M_CSR0_RXPKTRDY); 1171 } 1172 if ( 1173 (ep && 1174 #ifdef CLEAR_NAK 1175 (value & MGC_M_TXCSR_TXPKTRDY) && 1176 !(value & MGC_M_TXCSR_H_NAKTIMEOUT)) || 1177 #else 1178 (value & MGC_M_TXCSR_TXPKTRDY)) || 1179 #endif 1180 (!ep && 1181 #ifdef CLEAR_NAK 1182 (value & MGC_M_CSR0_TXPKTRDY) && 1183 !(value & MGC_M_CSR0_H_NAKTIMEOUT))) 1184 #else 1185 (value & MGC_M_CSR0_TXPKTRDY))) 1186 #endif 1187 musb_tx_rdy(s, ep); 1188 if (!ep && 1189 (value & MGC_M_CSR0_H_REQPKT) && 1190 #ifdef CLEAR_NAK 1191 !(value & (MGC_M_CSR0_H_NAKTIMEOUT | 1192 MGC_M_CSR0_RXPKTRDY))) 1193 #else 1194 !(value & MGC_M_CSR0_RXPKTRDY)) 1195 #endif 1196 musb_rx_req(s, ep); 1197 break; 1198 1199 case MUSB_HDRC_RXMAXP: 1200 s->ep[ep].maxp[1] = value; 1201 break; 1202 case MUSB_HDRC_RXCSR: 1203 /* (DMA mode only) */ 1204 if ( 1205 (value & MGC_M_RXCSR_H_AUTOREQ) && 1206 !(value & MGC_M_RXCSR_RXPKTRDY) && 1207 (s->ep[ep].csr[1] & MGC_M_RXCSR_RXPKTRDY)) 1208 value |= MGC_M_RXCSR_H_REQPKT; 1209 1210 s->ep[ep].csr[1] &= 0x102 | (value & 0x4d); 1211 s->ep[ep].csr[1] |= value & 0xfeb0; 1212 1213 musb_ep_frame_cancel(&s->ep[ep], 1); 1214 1215 if (value & MGC_M_RXCSR_FLUSHFIFO) { 1216 s->ep[ep].fifolen[1] = 0; 1217 s->ep[ep].fifostart[1] = 0; 1218 s->ep[ep].csr[1] &= ~(MGC_M_RXCSR_FIFOFULL | MGC_M_RXCSR_RXPKTRDY); 1219 /* If double buffering and we have two packets ready, flush 1220 * only the first one and set up the fifo at the second packet. */ 1221 } 1222 #ifdef CLEAR_NAK 1223 if ((value & MGC_M_RXCSR_H_REQPKT) && !(value & MGC_M_RXCSR_DATAERROR)) 1224 #else 1225 if (value & MGC_M_RXCSR_H_REQPKT) 1226 #endif 1227 musb_rx_req(s, ep); 1228 break; 1229 case MUSB_HDRC_RXCOUNT: 1230 s->ep[ep].rxcount = value; 1231 break; 1232 1233 default: 1234 musb_ep_writeb(s, ep, addr, value & 0xff); 1235 musb_ep_writeb(s, ep, addr | 1, value >> 8); 1236 }; 1237 } 1238 1239 /* Generic control */ 1240 static uint32_t musb_readb(void *opaque, hwaddr addr) 1241 { 1242 MUSBState *s = (MUSBState *) opaque; 1243 int ep, i; 1244 uint8_t ret; 1245 1246 switch (addr) { 1247 case MUSB_HDRC_FADDR: 1248 return s->faddr; 1249 case MUSB_HDRC_POWER: 1250 return s->power; 1251 case MUSB_HDRC_INTRUSB: 1252 ret = s->intr; 1253 for (i = 0; i < sizeof(ret) * 8; i ++) 1254 if (ret & (1 << i)) 1255 musb_intr_set(s, i, 0); 1256 return ret; 1257 case MUSB_HDRC_INTRUSBE: 1258 return s->mask; 1259 case MUSB_HDRC_INDEX: 1260 return s->idx; 1261 case MUSB_HDRC_TESTMODE: 1262 return 0x00; 1263 1264 case MUSB_HDRC_EP_IDX ... (MUSB_HDRC_EP_IDX + 0xf): 1265 return musb_ep_readb(s, s->idx, addr & 0xf); 1266 1267 case MUSB_HDRC_DEVCTL: 1268 return s->devctl; 1269 1270 case MUSB_HDRC_TXFIFOSZ: 1271 case MUSB_HDRC_RXFIFOSZ: 1272 case MUSB_HDRC_VCTRL: 1273 /* TODO */ 1274 return 0x00; 1275 1276 case MUSB_HDRC_HWVERS: 1277 return (1 << 10) | 400; 1278 1279 case (MUSB_HDRC_VCTRL | 1): 1280 case (MUSB_HDRC_HWVERS | 1): 1281 case (MUSB_HDRC_DEVCTL | 1): 1282 return 0x00; 1283 1284 case MUSB_HDRC_BUSCTL ... (MUSB_HDRC_BUSCTL + 0x7f): 1285 ep = (addr >> 3) & 0xf; 1286 return musb_busctl_readb(s, ep, addr & 0x7); 1287 1288 case MUSB_HDRC_EP ... (MUSB_HDRC_EP + 0xff): 1289 ep = (addr >> 4) & 0xf; 1290 return musb_ep_readb(s, ep, addr & 0xf); 1291 1292 case MUSB_HDRC_FIFO ... (MUSB_HDRC_FIFO + 0x3f): 1293 ep = ((addr - MUSB_HDRC_FIFO) >> 2) & 0xf; 1294 return musb_read_fifo(s->ep + ep); 1295 1296 default: 1297 TRACE("unknown register 0x%02x", (int) addr); 1298 return 0x00; 1299 }; 1300 } 1301 1302 static void musb_writeb(void *opaque, hwaddr addr, uint32_t value) 1303 { 1304 MUSBState *s = (MUSBState *) opaque; 1305 int ep; 1306 1307 switch (addr) { 1308 case MUSB_HDRC_FADDR: 1309 s->faddr = value & 0x7f; 1310 break; 1311 case MUSB_HDRC_POWER: 1312 s->power = (value & 0xef) | (s->power & 0x10); 1313 /* MGC_M_POWER_RESET is also read-only in Peripheral Mode */ 1314 if ((value & MGC_M_POWER_RESET) && s->port.dev) { 1315 usb_device_reset(s->port.dev); 1316 /* Negotiate high-speed operation if MGC_M_POWER_HSENAB is set. */ 1317 if ((value & MGC_M_POWER_HSENAB) && 1318 s->port.dev->speed == USB_SPEED_HIGH) 1319 s->power |= MGC_M_POWER_HSMODE; /* Success */ 1320 /* Restart frame counting. */ 1321 } 1322 if (value & MGC_M_POWER_SUSPENDM) { 1323 /* When all transfers finish, suspend and if MGC_M_POWER_ENSUSPEND 1324 * is set, also go into low power mode. Frame counting stops. */ 1325 /* XXX: Cleared when the interrupt register is read */ 1326 } 1327 if (value & MGC_M_POWER_RESUME) { 1328 /* Wait 20ms and signal resuming on the bus. Frame counting 1329 * restarts. */ 1330 } 1331 break; 1332 case MUSB_HDRC_INTRUSB: 1333 break; 1334 case MUSB_HDRC_INTRUSBE: 1335 s->mask = value & 0xff; 1336 break; 1337 case MUSB_HDRC_INDEX: 1338 s->idx = value & 0xf; 1339 break; 1340 case MUSB_HDRC_TESTMODE: 1341 break; 1342 1343 case MUSB_HDRC_EP_IDX ... (MUSB_HDRC_EP_IDX + 0xf): 1344 musb_ep_writeb(s, s->idx, addr & 0xf, value); 1345 break; 1346 1347 case MUSB_HDRC_DEVCTL: 1348 s->session = !!(value & MGC_M_DEVCTL_SESSION); 1349 musb_session_update(s, 1350 !!s->port.dev, 1351 !!(s->devctl & MGC_M_DEVCTL_SESSION)); 1352 1353 /* It seems this is the only R/W bit in this register? */ 1354 s->devctl &= ~MGC_M_DEVCTL_SESSION; 1355 s->devctl |= value & MGC_M_DEVCTL_SESSION; 1356 break; 1357 1358 case MUSB_HDRC_TXFIFOSZ: 1359 case MUSB_HDRC_RXFIFOSZ: 1360 case MUSB_HDRC_VCTRL: 1361 /* TODO */ 1362 break; 1363 1364 case (MUSB_HDRC_VCTRL | 1): 1365 case (MUSB_HDRC_DEVCTL | 1): 1366 break; 1367 1368 case MUSB_HDRC_BUSCTL ... (MUSB_HDRC_BUSCTL + 0x7f): 1369 ep = (addr >> 3) & 0xf; 1370 musb_busctl_writeb(s, ep, addr & 0x7, value); 1371 break; 1372 1373 case MUSB_HDRC_EP ... (MUSB_HDRC_EP + 0xff): 1374 ep = (addr >> 4) & 0xf; 1375 musb_ep_writeb(s, ep, addr & 0xf, value); 1376 break; 1377 1378 case MUSB_HDRC_FIFO ... (MUSB_HDRC_FIFO + 0x3f): 1379 ep = ((addr - MUSB_HDRC_FIFO) >> 2) & 0xf; 1380 musb_write_fifo(s->ep + ep, value & 0xff); 1381 break; 1382 1383 default: 1384 TRACE("unknown register 0x%02x", (int) addr); 1385 break; 1386 }; 1387 } 1388 1389 static uint32_t musb_readh(void *opaque, hwaddr addr) 1390 { 1391 MUSBState *s = (MUSBState *) opaque; 1392 int ep, i; 1393 uint16_t ret; 1394 1395 switch (addr) { 1396 case MUSB_HDRC_INTRTX: 1397 ret = s->tx_intr; 1398 /* Auto clear */ 1399 for (i = 0; i < sizeof(ret) * 8; i ++) 1400 if (ret & (1 << i)) 1401 musb_tx_intr_set(s, i, 0); 1402 return ret; 1403 case MUSB_HDRC_INTRRX: 1404 ret = s->rx_intr; 1405 /* Auto clear */ 1406 for (i = 0; i < sizeof(ret) * 8; i ++) 1407 if (ret & (1 << i)) 1408 musb_rx_intr_set(s, i, 0); 1409 return ret; 1410 case MUSB_HDRC_INTRTXE: 1411 return s->tx_mask; 1412 case MUSB_HDRC_INTRRXE: 1413 return s->rx_mask; 1414 1415 case MUSB_HDRC_FRAME: 1416 /* TODO */ 1417 return 0x0000; 1418 case MUSB_HDRC_TXFIFOADDR: 1419 return s->ep[s->idx].fifoaddr[0]; 1420 case MUSB_HDRC_RXFIFOADDR: 1421 return s->ep[s->idx].fifoaddr[1]; 1422 1423 case MUSB_HDRC_EP_IDX ... (MUSB_HDRC_EP_IDX + 0xf): 1424 return musb_ep_readh(s, s->idx, addr & 0xf); 1425 1426 case MUSB_HDRC_BUSCTL ... (MUSB_HDRC_BUSCTL + 0x7f): 1427 ep = (addr >> 3) & 0xf; 1428 return musb_busctl_readh(s, ep, addr & 0x7); 1429 1430 case MUSB_HDRC_EP ... (MUSB_HDRC_EP + 0xff): 1431 ep = (addr >> 4) & 0xf; 1432 return musb_ep_readh(s, ep, addr & 0xf); 1433 1434 case MUSB_HDRC_FIFO ... (MUSB_HDRC_FIFO + 0x3f): 1435 ep = ((addr - MUSB_HDRC_FIFO) >> 2) & 0xf; 1436 return (musb_read_fifo(s->ep + ep) | musb_read_fifo(s->ep + ep) << 8); 1437 1438 default: 1439 return musb_readb(s, addr) | (musb_readb(s, addr | 1) << 8); 1440 }; 1441 } 1442 1443 static void musb_writeh(void *opaque, hwaddr addr, uint32_t value) 1444 { 1445 MUSBState *s = (MUSBState *) opaque; 1446 int ep; 1447 1448 switch (addr) { 1449 case MUSB_HDRC_INTRTXE: 1450 s->tx_mask = value; 1451 /* XXX: the masks seem to apply on the raising edge like with 1452 * edge-triggered interrupts, thus no need to update. I may be 1453 * wrong though. */ 1454 break; 1455 case MUSB_HDRC_INTRRXE: 1456 s->rx_mask = value; 1457 break; 1458 1459 case MUSB_HDRC_FRAME: 1460 /* TODO */ 1461 break; 1462 case MUSB_HDRC_TXFIFOADDR: 1463 s->ep[s->idx].fifoaddr[0] = value; 1464 s->ep[s->idx].buf[0] = 1465 s->buf + ((value << 3) & 0x7ff ); 1466 break; 1467 case MUSB_HDRC_RXFIFOADDR: 1468 s->ep[s->idx].fifoaddr[1] = value; 1469 s->ep[s->idx].buf[1] = 1470 s->buf + ((value << 3) & 0x7ff); 1471 break; 1472 1473 case MUSB_HDRC_EP_IDX ... (MUSB_HDRC_EP_IDX + 0xf): 1474 musb_ep_writeh(s, s->idx, addr & 0xf, value); 1475 break; 1476 1477 case MUSB_HDRC_BUSCTL ... (MUSB_HDRC_BUSCTL + 0x7f): 1478 ep = (addr >> 3) & 0xf; 1479 musb_busctl_writeh(s, ep, addr & 0x7, value); 1480 break; 1481 1482 case MUSB_HDRC_EP ... (MUSB_HDRC_EP + 0xff): 1483 ep = (addr >> 4) & 0xf; 1484 musb_ep_writeh(s, ep, addr & 0xf, value); 1485 break; 1486 1487 case MUSB_HDRC_FIFO ... (MUSB_HDRC_FIFO + 0x3f): 1488 ep = ((addr - MUSB_HDRC_FIFO) >> 2) & 0xf; 1489 musb_write_fifo(s->ep + ep, value & 0xff); 1490 musb_write_fifo(s->ep + ep, (value >> 8) & 0xff); 1491 break; 1492 1493 default: 1494 musb_writeb(s, addr, value & 0xff); 1495 musb_writeb(s, addr | 1, value >> 8); 1496 }; 1497 } 1498 1499 static uint32_t musb_readw(void *opaque, hwaddr addr) 1500 { 1501 MUSBState *s = (MUSBState *) opaque; 1502 int ep; 1503 1504 switch (addr) { 1505 case MUSB_HDRC_FIFO ... (MUSB_HDRC_FIFO + 0x3f): 1506 ep = ((addr - MUSB_HDRC_FIFO) >> 2) & 0xf; 1507 return ( musb_read_fifo(s->ep + ep) | 1508 musb_read_fifo(s->ep + ep) << 8 | 1509 musb_read_fifo(s->ep + ep) << 16 | 1510 musb_read_fifo(s->ep + ep) << 24 ); 1511 default: 1512 TRACE("unknown register 0x%02x", (int) addr); 1513 return 0x00000000; 1514 }; 1515 } 1516 1517 static void musb_writew(void *opaque, hwaddr addr, uint32_t value) 1518 { 1519 MUSBState *s = (MUSBState *) opaque; 1520 int ep; 1521 1522 switch (addr) { 1523 case MUSB_HDRC_FIFO ... (MUSB_HDRC_FIFO + 0x3f): 1524 ep = ((addr - MUSB_HDRC_FIFO) >> 2) & 0xf; 1525 musb_write_fifo(s->ep + ep, value & 0xff); 1526 musb_write_fifo(s->ep + ep, (value >> 8 ) & 0xff); 1527 musb_write_fifo(s->ep + ep, (value >> 16) & 0xff); 1528 musb_write_fifo(s->ep + ep, (value >> 24) & 0xff); 1529 break; 1530 default: 1531 TRACE("unknown register 0x%02x", (int) addr); 1532 break; 1533 }; 1534 } 1535 1536 CPUReadMemoryFunc * const musb_read[] = { 1537 musb_readb, 1538 musb_readh, 1539 musb_readw, 1540 }; 1541 1542 CPUWriteMemoryFunc * const musb_write[] = { 1543 musb_writeb, 1544 musb_writeh, 1545 musb_writew, 1546 }; 1547