xref: /openbmc/qemu/hw/usb/hcd-ohci.c (revision 0b29090a)
1 /*
2  * QEMU USB OHCI Emulation
3  * Copyright (c) 2004 Gianni Tedesco
4  * Copyright (c) 2006 CodeSourcery
5  * Copyright (c) 2006 Openedhand Ltd.
6  *
7  * This library is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * This library is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19  *
20  * TODO:
21  *  o Isochronous transfers
22  *  o Allocate bandwidth in frames properly
23  *  o Disable timers when nothing needs to be done, or remove timer usage
24  *    all together.
25  *  o BIOS work to boot from USB storage
26  */
27 
28 #include "qemu/osdep.h"
29 #include "hw/irq.h"
30 #include "qapi/error.h"
31 #include "qemu/module.h"
32 #include "qemu/timer.h"
33 #include "hw/usb.h"
34 #include "migration/vmstate.h"
35 #include "hw/sysbus.h"
36 #include "hw/qdev-dma.h"
37 #include "hw/qdev-properties.h"
38 #include "trace.h"
39 #include "hcd-ohci.h"
40 
41 /* This causes frames to occur 1000x slower */
42 /*#define OHCI_TIME_WARP 1*/
43 
44 #define ED_LINK_LIMIT 32
45 
46 static int64_t usb_frame_time;
47 static int64_t usb_bit_time;
48 
49 /* Host Controller Communications Area */
50 struct ohci_hcca {
51     uint32_t intr[32];
52     uint16_t frame, pad;
53     uint32_t done;
54 };
55 #define HCCA_WRITEBACK_OFFSET   offsetof(struct ohci_hcca, frame)
56 #define HCCA_WRITEBACK_SIZE     8 /* frame, pad, done */
57 
58 #define ED_WBACK_OFFSET offsetof(struct ohci_ed, head)
59 #define ED_WBACK_SIZE   4
60 
61 /* Bitfields for the first word of an Endpoint Descriptor. */
62 #define OHCI_ED_FA_SHIFT  0
63 #define OHCI_ED_FA_MASK   (0x7f << OHCI_ED_FA_SHIFT)
64 #define OHCI_ED_EN_SHIFT  7
65 #define OHCI_ED_EN_MASK   (0xf << OHCI_ED_EN_SHIFT)
66 #define OHCI_ED_D_SHIFT   11
67 #define OHCI_ED_D_MASK    (3 << OHCI_ED_D_SHIFT)
68 #define OHCI_ED_S         (1 << 13)
69 #define OHCI_ED_K         (1 << 14)
70 #define OHCI_ED_F         (1 << 15)
71 #define OHCI_ED_MPS_SHIFT 16
72 #define OHCI_ED_MPS_MASK  (0x7ff << OHCI_ED_MPS_SHIFT)
73 
74 /* Flags in the head field of an Endpoint Descriptor. */
75 #define OHCI_ED_H         1
76 #define OHCI_ED_C         2
77 
78 /* Bitfields for the first word of a Transfer Descriptor. */
79 #define OHCI_TD_R         (1 << 18)
80 #define OHCI_TD_DP_SHIFT  19
81 #define OHCI_TD_DP_MASK   (3 << OHCI_TD_DP_SHIFT)
82 #define OHCI_TD_DI_SHIFT  21
83 #define OHCI_TD_DI_MASK   (7 << OHCI_TD_DI_SHIFT)
84 #define OHCI_TD_T0        (1 << 24)
85 #define OHCI_TD_T1        (1 << 25)
86 #define OHCI_TD_EC_SHIFT  26
87 #define OHCI_TD_EC_MASK   (3 << OHCI_TD_EC_SHIFT)
88 #define OHCI_TD_CC_SHIFT  28
89 #define OHCI_TD_CC_MASK   (0xf << OHCI_TD_CC_SHIFT)
90 
91 /* Bitfields for the first word of an Isochronous Transfer Descriptor. */
92 /* CC & DI - same as in the General Transfer Descriptor */
93 #define OHCI_TD_SF_SHIFT  0
94 #define OHCI_TD_SF_MASK   (0xffff << OHCI_TD_SF_SHIFT)
95 #define OHCI_TD_FC_SHIFT  24
96 #define OHCI_TD_FC_MASK   (7 << OHCI_TD_FC_SHIFT)
97 
98 /* Isochronous Transfer Descriptor - Offset / PacketStatusWord */
99 #define OHCI_TD_PSW_CC_SHIFT 12
100 #define OHCI_TD_PSW_CC_MASK  (0xf << OHCI_TD_PSW_CC_SHIFT)
101 #define OHCI_TD_PSW_SIZE_SHIFT 0
102 #define OHCI_TD_PSW_SIZE_MASK  (0xfff << OHCI_TD_PSW_SIZE_SHIFT)
103 
104 #define OHCI_PAGE_MASK    0xfffff000
105 #define OHCI_OFFSET_MASK  0xfff
106 
107 #define OHCI_DPTR_MASK    0xfffffff0
108 
109 #define OHCI_BM(val, field) \
110   (((val) & OHCI_##field##_MASK) >> OHCI_##field##_SHIFT)
111 
112 #define OHCI_SET_BM(val, field, newval) do { \
113     val &= ~OHCI_##field##_MASK; \
114     val |= ((newval) << OHCI_##field##_SHIFT) & OHCI_##field##_MASK; \
115     } while (0)
116 
117 /* endpoint descriptor */
118 struct ohci_ed {
119     uint32_t flags;
120     uint32_t tail;
121     uint32_t head;
122     uint32_t next;
123 };
124 
125 /* General transfer descriptor */
126 struct ohci_td {
127     uint32_t flags;
128     uint32_t cbp;
129     uint32_t next;
130     uint32_t be;
131 };
132 
133 /* Isochronous transfer descriptor */
134 struct ohci_iso_td {
135     uint32_t flags;
136     uint32_t bp;
137     uint32_t next;
138     uint32_t be;
139     uint16_t offset[8];
140 };
141 
142 #define USB_HZ                      12000000
143 
144 /* OHCI Local stuff */
145 #define OHCI_CTL_CBSR         ((1 << 0) | (1 << 1))
146 #define OHCI_CTL_PLE          (1 << 2)
147 #define OHCI_CTL_IE           (1 << 3)
148 #define OHCI_CTL_CLE          (1 << 4)
149 #define OHCI_CTL_BLE          (1 << 5)
150 #define OHCI_CTL_HCFS         ((1 << 6) | (1 << 7))
151 #define  OHCI_USB_RESET       0x00
152 #define  OHCI_USB_RESUME      0x40
153 #define  OHCI_USB_OPERATIONAL 0x80
154 #define  OHCI_USB_SUSPEND     0xc0
155 #define OHCI_CTL_IR           (1 << 8)
156 #define OHCI_CTL_RWC          (1 << 9)
157 #define OHCI_CTL_RWE          (1 << 10)
158 
159 #define OHCI_STATUS_HCR       (1 << 0)
160 #define OHCI_STATUS_CLF       (1 << 1)
161 #define OHCI_STATUS_BLF       (1 << 2)
162 #define OHCI_STATUS_OCR       (1 << 3)
163 #define OHCI_STATUS_SOC       ((1 << 6) | (1 << 7))
164 
165 #define OHCI_INTR_SO          (1U << 0) /* Scheduling overrun */
166 #define OHCI_INTR_WD          (1U << 1) /* HcDoneHead writeback */
167 #define OHCI_INTR_SF          (1U << 2) /* Start of frame */
168 #define OHCI_INTR_RD          (1U << 3) /* Resume detect */
169 #define OHCI_INTR_UE          (1U << 4) /* Unrecoverable error */
170 #define OHCI_INTR_FNO         (1U << 5) /* Frame number overflow */
171 #define OHCI_INTR_RHSC        (1U << 6) /* Root hub status change */
172 #define OHCI_INTR_OC          (1U << 30) /* Ownership change */
173 #define OHCI_INTR_MIE         (1U << 31) /* Master Interrupt Enable */
174 
175 #define OHCI_HCCA_SIZE        0x100
176 #define OHCI_HCCA_MASK        0xffffff00
177 
178 #define OHCI_EDPTR_MASK       0xfffffff0
179 
180 #define OHCI_FMI_FI           0x00003fff
181 #define OHCI_FMI_FSMPS        0xffff0000
182 #define OHCI_FMI_FIT          0x80000000
183 
184 #define OHCI_FR_RT            (1U << 31)
185 
186 #define OHCI_LS_THRESH        0x628
187 
188 #define OHCI_RHA_RW_MASK      0x00000000 /* Mask of supported features.  */
189 #define OHCI_RHA_PSM          (1 << 8)
190 #define OHCI_RHA_NPS          (1 << 9)
191 #define OHCI_RHA_DT           (1 << 10)
192 #define OHCI_RHA_OCPM         (1 << 11)
193 #define OHCI_RHA_NOCP         (1 << 12)
194 #define OHCI_RHA_POTPGT_MASK  0xff000000
195 
196 #define OHCI_RHS_LPS          (1U << 0)
197 #define OHCI_RHS_OCI          (1U << 1)
198 #define OHCI_RHS_DRWE         (1U << 15)
199 #define OHCI_RHS_LPSC         (1U << 16)
200 #define OHCI_RHS_OCIC         (1U << 17)
201 #define OHCI_RHS_CRWE         (1U << 31)
202 
203 #define OHCI_PORT_CCS         (1 << 0)
204 #define OHCI_PORT_PES         (1 << 1)
205 #define OHCI_PORT_PSS         (1 << 2)
206 #define OHCI_PORT_POCI        (1 << 3)
207 #define OHCI_PORT_PRS         (1 << 4)
208 #define OHCI_PORT_PPS         (1 << 8)
209 #define OHCI_PORT_LSDA        (1 << 9)
210 #define OHCI_PORT_CSC         (1 << 16)
211 #define OHCI_PORT_PESC        (1 << 17)
212 #define OHCI_PORT_PSSC        (1 << 18)
213 #define OHCI_PORT_OCIC        (1 << 19)
214 #define OHCI_PORT_PRSC        (1 << 20)
215 #define OHCI_PORT_WTC         (OHCI_PORT_CSC | OHCI_PORT_PESC | \
216                                OHCI_PORT_PSSC | OHCI_PORT_OCIC | \
217                                OHCI_PORT_PRSC)
218 #define OHCI_TD_DIR_SETUP     0x0
219 #define OHCI_TD_DIR_OUT       0x1
220 #define OHCI_TD_DIR_IN        0x2
221 #define OHCI_TD_DIR_RESERVED  0x3
222 
223 #define OHCI_CC_NOERROR             0x0
224 #define OHCI_CC_CRC                 0x1
225 #define OHCI_CC_BITSTUFFING         0x2
226 #define OHCI_CC_DATATOGGLEMISMATCH  0x3
227 #define OHCI_CC_STALL               0x4
228 #define OHCI_CC_DEVICENOTRESPONDING 0x5
229 #define OHCI_CC_PIDCHECKFAILURE     0x6
230 #define OHCI_CC_UNDEXPETEDPID       0x7
231 #define OHCI_CC_DATAOVERRUN         0x8
232 #define OHCI_CC_DATAUNDERRUN        0x9
233 #define OHCI_CC_BUFFEROVERRUN       0xc
234 #define OHCI_CC_BUFFERUNDERRUN      0xd
235 
236 #define OHCI_HRESET_FSBIR       (1 << 0)
237 
238 static const char *ohci_reg_names[] = {
239     "HcRevision", "HcControl", "HcCommandStatus", "HcInterruptStatus",
240     "HcInterruptEnable", "HcInterruptDisable", "HcHCCA", "HcPeriodCurrentED",
241     "HcControlHeadED", "HcControlCurrentED", "HcBulkHeadED", "HcBulkCurrentED",
242     "HcDoneHead", "HcFmInterval", "HcFmRemaining", "HcFmNumber",
243     "HcPeriodicStart", "HcLSThreshold", "HcRhDescriptorA", "HcRhDescriptorB",
244     "HcRhStatus"
245 };
246 
247 static const char *ohci_reg_name(hwaddr addr)
248 {
249     if (addr >> 2 < ARRAY_SIZE(ohci_reg_names)) {
250         return ohci_reg_names[addr >> 2];
251     } else {
252         return "<unknown>";
253     }
254 }
255 
256 static void ohci_die(OHCIState *ohci)
257 {
258     ohci->ohci_die(ohci);
259 }
260 
261 /* Update IRQ levels */
262 static inline void ohci_intr_update(OHCIState *ohci)
263 {
264     int level = 0;
265 
266     if ((ohci->intr & OHCI_INTR_MIE) &&
267         (ohci->intr_status & ohci->intr))
268         level = 1;
269 
270     qemu_set_irq(ohci->irq, level);
271 }
272 
273 /* Set an interrupt */
274 static inline void ohci_set_interrupt(OHCIState *ohci, uint32_t intr)
275 {
276     ohci->intr_status |= intr;
277     ohci_intr_update(ohci);
278 }
279 
280 static USBDevice *ohci_find_device(OHCIState *ohci, uint8_t addr)
281 {
282     USBDevice *dev;
283     int i;
284 
285     for (i = 0; i < ohci->num_ports; i++) {
286         if ((ohci->rhport[i].ctrl & OHCI_PORT_PES) == 0) {
287             continue;
288         }
289         dev = usb_find_device(&ohci->rhport[i].port, addr);
290         if (dev != NULL) {
291             return dev;
292         }
293     }
294     return NULL;
295 }
296 
297 void ohci_stop_endpoints(OHCIState *ohci)
298 {
299     USBDevice *dev;
300     int i, j;
301 
302     if (ohci->async_td) {
303         usb_cancel_packet(&ohci->usb_packet);
304         ohci->async_td = 0;
305     }
306     for (i = 0; i < ohci->num_ports; i++) {
307         dev = ohci->rhport[i].port.dev;
308         if (dev && dev->attached) {
309             usb_device_ep_stopped(dev, &dev->ep_ctl);
310             for (j = 0; j < USB_MAX_ENDPOINTS; j++) {
311                 usb_device_ep_stopped(dev, &dev->ep_in[j]);
312                 usb_device_ep_stopped(dev, &dev->ep_out[j]);
313             }
314         }
315     }
316 }
317 
318 static void ohci_roothub_reset(OHCIState *ohci)
319 {
320     OHCIPort *port;
321     int i;
322 
323     ohci_bus_stop(ohci);
324     ohci->rhdesc_a = OHCI_RHA_NPS | ohci->num_ports;
325     ohci->rhdesc_b = 0x0; /* Impl. specific */
326     ohci->rhstatus = 0;
327 
328     for (i = 0; i < ohci->num_ports; i++) {
329         port = &ohci->rhport[i];
330         port->ctrl = 0;
331         if (port->port.dev && port->port.dev->attached) {
332             usb_port_reset(&port->port);
333         }
334     }
335     ohci_stop_endpoints(ohci);
336 }
337 
338 /* Reset the controller */
339 static void ohci_soft_reset(OHCIState *ohci)
340 {
341     trace_usb_ohci_reset(ohci->name);
342 
343     ohci_bus_stop(ohci);
344     ohci->ctl = (ohci->ctl & OHCI_CTL_IR) | OHCI_USB_SUSPEND;
345     ohci->old_ctl = 0;
346     ohci->status = 0;
347     ohci->intr_status = 0;
348     ohci->intr = OHCI_INTR_MIE;
349 
350     ohci->hcca = 0;
351     ohci->ctrl_head = ohci->ctrl_cur = 0;
352     ohci->bulk_head = ohci->bulk_cur = 0;
353     ohci->per_cur = 0;
354     ohci->done = 0;
355     ohci->done_count = 7;
356     /*
357      * FSMPS is marked TBD in OCHI 1.0, what gives ffs?
358      * I took the value linux sets ...
359      */
360     ohci->fsmps = 0x2778;
361     ohci->fi = 0x2edf;
362     ohci->fit = 0;
363     ohci->frt = 0;
364     ohci->frame_number = 0;
365     ohci->pstart = 0;
366     ohci->lst = OHCI_LS_THRESH;
367 }
368 
369 void ohci_hard_reset(OHCIState *ohci)
370 {
371     ohci_soft_reset(ohci);
372     ohci->ctl = 0;
373     ohci_roothub_reset(ohci);
374 }
375 
376 /* Get an array of dwords from main memory */
377 static inline int get_dwords(OHCIState *ohci,
378                              dma_addr_t addr, uint32_t *buf, int num)
379 {
380     int i;
381 
382     addr += ohci->localmem_base;
383 
384     for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
385         if (dma_memory_read(ohci->as, addr,
386                             buf, sizeof(*buf), MEMTXATTRS_UNSPECIFIED)) {
387             return -1;
388         }
389         *buf = le32_to_cpu(*buf);
390     }
391 
392     return 0;
393 }
394 
395 /* Put an array of dwords in to main memory */
396 static inline int put_dwords(OHCIState *ohci,
397                              dma_addr_t addr, uint32_t *buf, int num)
398 {
399     int i;
400 
401     addr += ohci->localmem_base;
402 
403     for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
404         uint32_t tmp = cpu_to_le32(*buf);
405         if (dma_memory_write(ohci->as, addr,
406                              &tmp, sizeof(tmp), MEMTXATTRS_UNSPECIFIED)) {
407             return -1;
408         }
409     }
410 
411     return 0;
412 }
413 
414 /* Get an array of words from main memory */
415 static inline int get_words(OHCIState *ohci,
416                             dma_addr_t addr, uint16_t *buf, int num)
417 {
418     int i;
419 
420     addr += ohci->localmem_base;
421 
422     for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
423         if (dma_memory_read(ohci->as, addr,
424                             buf, sizeof(*buf), MEMTXATTRS_UNSPECIFIED)) {
425             return -1;
426         }
427         *buf = le16_to_cpu(*buf);
428     }
429 
430     return 0;
431 }
432 
433 /* Put an array of words in to main memory */
434 static inline int put_words(OHCIState *ohci,
435                             dma_addr_t addr, uint16_t *buf, int num)
436 {
437     int i;
438 
439     addr += ohci->localmem_base;
440 
441     for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
442         uint16_t tmp = cpu_to_le16(*buf);
443         if (dma_memory_write(ohci->as, addr,
444                              &tmp, sizeof(tmp), MEMTXATTRS_UNSPECIFIED)) {
445             return -1;
446         }
447     }
448 
449     return 0;
450 }
451 
452 static inline int ohci_read_ed(OHCIState *ohci,
453                                dma_addr_t addr, struct ohci_ed *ed)
454 {
455     return get_dwords(ohci, addr, (uint32_t *)ed, sizeof(*ed) >> 2);
456 }
457 
458 static inline int ohci_read_td(OHCIState *ohci,
459                                dma_addr_t addr, struct ohci_td *td)
460 {
461     return get_dwords(ohci, addr, (uint32_t *)td, sizeof(*td) >> 2);
462 }
463 
464 static inline int ohci_read_iso_td(OHCIState *ohci,
465                                    dma_addr_t addr, struct ohci_iso_td *td)
466 {
467     return get_dwords(ohci, addr, (uint32_t *)td, 4) ||
468            get_words(ohci, addr + 16, td->offset, 8);
469 }
470 
471 static inline int ohci_read_hcca(OHCIState *ohci,
472                                  dma_addr_t addr, struct ohci_hcca *hcca)
473 {
474     return dma_memory_read(ohci->as, addr + ohci->localmem_base, hcca,
475                            sizeof(*hcca), MEMTXATTRS_UNSPECIFIED);
476 }
477 
478 static inline int ohci_put_ed(OHCIState *ohci,
479                               dma_addr_t addr, struct ohci_ed *ed)
480 {
481     /*
482      * ed->tail is under control of the HCD.
483      * Since just ed->head is changed by HC, just write back this
484      */
485     return put_dwords(ohci, addr + ED_WBACK_OFFSET,
486                       (uint32_t *)((char *)ed + ED_WBACK_OFFSET),
487                       ED_WBACK_SIZE >> 2);
488 }
489 
490 static inline int ohci_put_td(OHCIState *ohci,
491                               dma_addr_t addr, struct ohci_td *td)
492 {
493     return put_dwords(ohci, addr, (uint32_t *)td, sizeof(*td) >> 2);
494 }
495 
496 static inline int ohci_put_iso_td(OHCIState *ohci,
497                                   dma_addr_t addr, struct ohci_iso_td *td)
498 {
499     return put_dwords(ohci, addr, (uint32_t *)td, 4) ||
500            put_words(ohci, addr + 16, td->offset, 8);
501 }
502 
503 static inline int ohci_put_hcca(OHCIState *ohci,
504                                 dma_addr_t addr, struct ohci_hcca *hcca)
505 {
506     return dma_memory_write(ohci->as,
507                             addr + ohci->localmem_base + HCCA_WRITEBACK_OFFSET,
508                             (char *)hcca + HCCA_WRITEBACK_OFFSET,
509                             HCCA_WRITEBACK_SIZE, MEMTXATTRS_UNSPECIFIED);
510 }
511 
512 /* Read/Write the contents of a TD from/to main memory.  */
513 static int ohci_copy_td(OHCIState *ohci, struct ohci_td *td,
514                         uint8_t *buf, int len, DMADirection dir)
515 {
516     dma_addr_t ptr, n;
517 
518     ptr = td->cbp;
519     n = 0x1000 - (ptr & 0xfff);
520     if (n > len) {
521         n = len;
522     }
523     if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf,
524                       n, dir, MEMTXATTRS_UNSPECIFIED)) {
525         return -1;
526     }
527     if (n == len) {
528         return 0;
529     }
530     ptr = td->be & ~0xfffu;
531     buf += n;
532     if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf,
533                       len - n, dir, MEMTXATTRS_UNSPECIFIED)) {
534         return -1;
535     }
536     return 0;
537 }
538 
539 /* Read/Write the contents of an ISO TD from/to main memory.  */
540 static int ohci_copy_iso_td(OHCIState *ohci,
541                             uint32_t start_addr, uint32_t end_addr,
542                             uint8_t *buf, int len, DMADirection dir)
543 {
544     dma_addr_t ptr, n;
545 
546     ptr = start_addr;
547     n = 0x1000 - (ptr & 0xfff);
548     if (n > len) {
549         n = len;
550     }
551     if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf,
552                       n, dir, MEMTXATTRS_UNSPECIFIED)) {
553         return -1;
554     }
555     if (n == len) {
556         return 0;
557     }
558     ptr = end_addr & ~0xfffu;
559     buf += n;
560     if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf,
561                       len - n, dir, MEMTXATTRS_UNSPECIFIED)) {
562         return -1;
563     }
564     return 0;
565 }
566 
567 #define USUB(a, b) ((int16_t)((uint16_t)(a) - (uint16_t)(b)))
568 
569 static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed)
570 {
571     int dir;
572     size_t len = 0;
573     const char *str = NULL;
574     int pid;
575     int ret;
576     int i;
577     USBDevice *dev;
578     USBEndpoint *ep;
579     USBPacket *pkt;
580     uint8_t buf[8192];
581     bool int_req;
582     struct ohci_iso_td iso_td;
583     uint32_t addr;
584     uint16_t starting_frame;
585     int16_t relative_frame_number;
586     int frame_count;
587     uint32_t start_offset, next_offset, end_offset = 0;
588     uint32_t start_addr, end_addr;
589 
590     addr = ed->head & OHCI_DPTR_MASK;
591 
592     if (addr == 0) {
593         ohci_die(ohci);
594         return 1;
595     }
596 
597     if (ohci_read_iso_td(ohci, addr, &iso_td)) {
598         trace_usb_ohci_iso_td_read_failed(addr);
599         ohci_die(ohci);
600         return 1;
601     }
602 
603     starting_frame = OHCI_BM(iso_td.flags, TD_SF);
604     frame_count = OHCI_BM(iso_td.flags, TD_FC);
605     relative_frame_number = USUB(ohci->frame_number, starting_frame);
606 
607     trace_usb_ohci_iso_td_head(
608            ed->head & OHCI_DPTR_MASK, ed->tail & OHCI_DPTR_MASK,
609            iso_td.flags, iso_td.bp, iso_td.next, iso_td.be,
610            ohci->frame_number, starting_frame,
611            frame_count, relative_frame_number);
612     trace_usb_ohci_iso_td_head_offset(
613            iso_td.offset[0], iso_td.offset[1],
614            iso_td.offset[2], iso_td.offset[3],
615            iso_td.offset[4], iso_td.offset[5],
616            iso_td.offset[6], iso_td.offset[7]);
617 
618     if (relative_frame_number < 0) {
619         trace_usb_ohci_iso_td_relative_frame_number_neg(relative_frame_number);
620         return 1;
621     } else if (relative_frame_number > frame_count) {
622         /*
623          * ISO TD expired - retire the TD to the Done Queue and continue with
624          * the next ISO TD of the same ED
625          */
626         trace_usb_ohci_iso_td_relative_frame_number_big(relative_frame_number,
627                                                         frame_count);
628         if (OHCI_CC_DATAOVERRUN == OHCI_BM(iso_td.flags, TD_CC)) {
629             /* avoid infinite loop */
630             return 1;
631         }
632         OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_DATAOVERRUN);
633         ed->head &= ~OHCI_DPTR_MASK;
634         ed->head |= (iso_td.next & OHCI_DPTR_MASK);
635         iso_td.next = ohci->done;
636         ohci->done = addr;
637         i = OHCI_BM(iso_td.flags, TD_DI);
638         if (i < ohci->done_count) {
639             ohci->done_count = i;
640         }
641         if (ohci_put_iso_td(ohci, addr, &iso_td)) {
642             ohci_die(ohci);
643             return 1;
644         }
645         return 0;
646     }
647 
648     dir = OHCI_BM(ed->flags, ED_D);
649     switch (dir) {
650     case OHCI_TD_DIR_IN:
651         str = "in";
652         pid = USB_TOKEN_IN;
653         break;
654     case OHCI_TD_DIR_OUT:
655         str = "out";
656         pid = USB_TOKEN_OUT;
657         break;
658     case OHCI_TD_DIR_SETUP:
659         str = "setup";
660         pid = USB_TOKEN_SETUP;
661         break;
662     default:
663         trace_usb_ohci_iso_td_bad_direction(dir);
664         return 1;
665     }
666 
667     if (!iso_td.bp || !iso_td.be) {
668         trace_usb_ohci_iso_td_bad_bp_be(iso_td.bp, iso_td.be);
669         return 1;
670     }
671 
672     start_offset = iso_td.offset[relative_frame_number];
673     if (relative_frame_number < frame_count) {
674         next_offset = iso_td.offset[relative_frame_number + 1];
675     } else {
676         next_offset = iso_td.be;
677     }
678 
679     if (!(OHCI_BM(start_offset, TD_PSW_CC) & 0xe) ||
680         ((relative_frame_number < frame_count) &&
681          !(OHCI_BM(next_offset, TD_PSW_CC) & 0xe))) {
682         trace_usb_ohci_iso_td_bad_cc_not_accessed(start_offset, next_offset);
683         return 1;
684     }
685 
686     if ((relative_frame_number < frame_count) && (start_offset > next_offset)) {
687         trace_usb_ohci_iso_td_bad_cc_overrun(start_offset, next_offset);
688         return 1;
689     }
690 
691     if ((start_offset & 0x1000) == 0) {
692         start_addr = (iso_td.bp & OHCI_PAGE_MASK) |
693             (start_offset & OHCI_OFFSET_MASK);
694     } else {
695         start_addr = (iso_td.be & OHCI_PAGE_MASK) |
696             (start_offset & OHCI_OFFSET_MASK);
697     }
698 
699     if (relative_frame_number < frame_count) {
700         end_offset = next_offset - 1;
701         if ((end_offset & 0x1000) == 0) {
702             end_addr = (iso_td.bp & OHCI_PAGE_MASK) |
703                 (end_offset & OHCI_OFFSET_MASK);
704         } else {
705             end_addr = (iso_td.be & OHCI_PAGE_MASK) |
706                 (end_offset & OHCI_OFFSET_MASK);
707         }
708     } else {
709         /* Last packet in the ISO TD */
710         end_addr = next_offset;
711     }
712 
713     if (start_addr > end_addr) {
714         trace_usb_ohci_iso_td_bad_cc_overrun(start_addr, end_addr);
715         return 1;
716     }
717 
718     if ((start_addr & OHCI_PAGE_MASK) != (end_addr & OHCI_PAGE_MASK)) {
719         len = (end_addr & OHCI_OFFSET_MASK) + 0x1001
720             - (start_addr & OHCI_OFFSET_MASK);
721     } else {
722         len = end_addr - start_addr + 1;
723     }
724     if (len > sizeof(buf)) {
725         len = sizeof(buf);
726     }
727 
728     if (len && dir != OHCI_TD_DIR_IN) {
729         if (ohci_copy_iso_td(ohci, start_addr, end_addr, buf, len,
730                              DMA_DIRECTION_TO_DEVICE)) {
731             ohci_die(ohci);
732             return 1;
733         }
734     }
735 
736     dev = ohci_find_device(ohci, OHCI_BM(ed->flags, ED_FA));
737     if (dev == NULL) {
738         trace_usb_ohci_td_dev_error();
739         return 1;
740     }
741     ep = usb_ep_get(dev, pid, OHCI_BM(ed->flags, ED_EN));
742     pkt = g_new0(USBPacket, 1);
743     usb_packet_init(pkt);
744     int_req = relative_frame_number == frame_count &&
745               OHCI_BM(iso_td.flags, TD_DI) == 0;
746     usb_packet_setup(pkt, pid, ep, 0, addr, false, int_req);
747     usb_packet_addbuf(pkt, buf, len);
748     usb_handle_packet(dev, pkt);
749     if (pkt->status == USB_RET_ASYNC) {
750         usb_device_flush_ep_queue(dev, ep);
751         g_free(pkt);
752         return 1;
753     }
754     if (pkt->status == USB_RET_SUCCESS) {
755         ret = pkt->actual_length;
756     } else {
757         ret = pkt->status;
758     }
759     g_free(pkt);
760 
761     trace_usb_ohci_iso_td_so(start_offset, end_offset, start_addr, end_addr,
762                              str, len, ret);
763 
764     /* Writeback */
765     if (dir == OHCI_TD_DIR_IN && ret >= 0 && ret <= len) {
766         /* IN transfer succeeded */
767         if (ohci_copy_iso_td(ohci, start_addr, end_addr, buf, ret,
768                              DMA_DIRECTION_FROM_DEVICE)) {
769             ohci_die(ohci);
770             return 1;
771         }
772         OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
773                     OHCI_CC_NOERROR);
774         OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE, ret);
775     } else if (dir == OHCI_TD_DIR_OUT && ret == len) {
776         /* OUT transfer succeeded */
777         OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
778                     OHCI_CC_NOERROR);
779         OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE, 0);
780     } else {
781         if (ret > (ssize_t) len) {
782             trace_usb_ohci_iso_td_data_overrun(ret, len);
783             OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
784                         OHCI_CC_DATAOVERRUN);
785             OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
786                         len);
787         } else if (ret >= 0) {
788             trace_usb_ohci_iso_td_data_underrun(ret);
789             OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
790                         OHCI_CC_DATAUNDERRUN);
791         } else {
792             switch (ret) {
793             case USB_RET_IOERROR:
794             case USB_RET_NODEV:
795                 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
796                             OHCI_CC_DEVICENOTRESPONDING);
797                 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
798                             0);
799                 break;
800             case USB_RET_NAK:
801             case USB_RET_STALL:
802                 trace_usb_ohci_iso_td_nak(ret);
803                 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
804                             OHCI_CC_STALL);
805                 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
806                             0);
807                 break;
808             default:
809                 trace_usb_ohci_iso_td_bad_response(ret);
810                 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
811                             OHCI_CC_UNDEXPETEDPID);
812                 break;
813             }
814         }
815     }
816 
817     if (relative_frame_number == frame_count) {
818         /* Last data packet of ISO TD - retire the TD to the Done Queue */
819         OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_NOERROR);
820         ed->head &= ~OHCI_DPTR_MASK;
821         ed->head |= (iso_td.next & OHCI_DPTR_MASK);
822         iso_td.next = ohci->done;
823         ohci->done = addr;
824         i = OHCI_BM(iso_td.flags, TD_DI);
825         if (i < ohci->done_count) {
826             ohci->done_count = i;
827         }
828     }
829     if (ohci_put_iso_td(ohci, addr, &iso_td)) {
830         ohci_die(ohci);
831     }
832     return 1;
833 }
834 
835 #define HEX_CHAR_PER_LINE 16
836 
837 static void ohci_td_pkt(const char *msg, const uint8_t *buf, size_t len)
838 {
839     bool print16;
840     bool printall;
841     int i;
842     char tmp[3 * HEX_CHAR_PER_LINE + 1];
843     char *p = tmp;
844 
845     print16 = !!trace_event_get_state_backends(TRACE_USB_OHCI_TD_PKT_SHORT);
846     printall = !!trace_event_get_state_backends(TRACE_USB_OHCI_TD_PKT_FULL);
847 
848     if (!printall && !print16) {
849         return;
850     }
851 
852     for (i = 0; ; i++) {
853         if (i && (!(i % HEX_CHAR_PER_LINE) || (i == len))) {
854             if (!printall) {
855                 trace_usb_ohci_td_pkt_short(msg, tmp);
856                 break;
857             }
858             trace_usb_ohci_td_pkt_full(msg, tmp);
859             p = tmp;
860             *p = 0;
861         }
862         if (i == len) {
863             break;
864         }
865 
866         p += sprintf(p, " %.2x", buf[i]);
867     }
868 }
869 
870 /*
871  * Service a transport descriptor.
872  * Returns nonzero to terminate processing of this endpoint.
873  */
874 static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed)
875 {
876     int dir;
877     size_t len = 0, pktlen = 0;
878     const char *str = NULL;
879     int pid;
880     int ret;
881     int i;
882     USBDevice *dev;
883     USBEndpoint *ep;
884     struct ohci_td td;
885     uint32_t addr;
886     int flag_r;
887     int completion;
888 
889     addr = ed->head & OHCI_DPTR_MASK;
890     if (addr == 0) {
891         ohci_die(ohci);
892         return 1;
893     }
894 
895     /* See if this TD has already been submitted to the device. */
896     completion = (addr == ohci->async_td);
897     if (completion && !ohci->async_complete) {
898         trace_usb_ohci_td_skip_async();
899         return 1;
900     }
901     if (ohci_read_td(ohci, addr, &td)) {
902         trace_usb_ohci_td_read_error(addr);
903         ohci_die(ohci);
904         return 1;
905     }
906 
907     dir = OHCI_BM(ed->flags, ED_D);
908     switch (dir) {
909     case OHCI_TD_DIR_OUT:
910     case OHCI_TD_DIR_IN:
911         /* Same value. */
912         break;
913     default:
914         dir = OHCI_BM(td.flags, TD_DP);
915         break;
916     }
917 
918     switch (dir) {
919     case OHCI_TD_DIR_IN:
920         str = "in";
921         pid = USB_TOKEN_IN;
922         break;
923     case OHCI_TD_DIR_OUT:
924         str = "out";
925         pid = USB_TOKEN_OUT;
926         break;
927     case OHCI_TD_DIR_SETUP:
928         str = "setup";
929         pid = USB_TOKEN_SETUP;
930         break;
931     default:
932         trace_usb_ohci_td_bad_direction(dir);
933         return 1;
934     }
935     if (td.cbp && td.be) {
936         if ((td.cbp & 0xfffff000) != (td.be & 0xfffff000)) {
937             len = (td.be & 0xfff) + 0x1001 - (td.cbp & 0xfff);
938         } else {
939             if (td.cbp > td.be) {
940                 trace_usb_ohci_iso_td_bad_cc_overrun(td.cbp, td.be);
941                 ohci_die(ohci);
942                 return 1;
943             }
944             len = (td.be - td.cbp) + 1;
945         }
946         if (len > sizeof(ohci->usb_buf)) {
947             len = sizeof(ohci->usb_buf);
948         }
949 
950         pktlen = len;
951         if (len && dir != OHCI_TD_DIR_IN) {
952             /* The endpoint may not allow us to transfer it all now */
953             pktlen = (ed->flags & OHCI_ED_MPS_MASK) >> OHCI_ED_MPS_SHIFT;
954             if (pktlen > len) {
955                 pktlen = len;
956             }
957             if (!completion) {
958                 if (ohci_copy_td(ohci, &td, ohci->usb_buf, pktlen,
959                                  DMA_DIRECTION_TO_DEVICE)) {
960                     ohci_die(ohci);
961                 }
962             }
963         }
964     }
965 
966     flag_r = (td.flags & OHCI_TD_R) != 0;
967     trace_usb_ohci_td_pkt_hdr(addr, (int64_t)pktlen, (int64_t)len, str,
968                               flag_r, td.cbp, td.be);
969     ohci_td_pkt("OUT", ohci->usb_buf, pktlen);
970 
971     if (completion) {
972         ohci->async_td = 0;
973         ohci->async_complete = false;
974     } else {
975         dev = ohci_find_device(ohci, OHCI_BM(ed->flags, ED_FA));
976         if (dev == NULL) {
977             trace_usb_ohci_td_dev_error();
978             return 1;
979         }
980         ep = usb_ep_get(dev, pid, OHCI_BM(ed->flags, ED_EN));
981         if (ohci->async_td) {
982             /*
983              * ??? The hardware should allow one active packet per
984              * endpoint.  We only allow one active packet per controller.
985              * This should be sufficient as long as devices respond in a
986              * timely manner.
987              */
988             trace_usb_ohci_td_too_many_pending(ep->nr);
989             return 1;
990         }
991         usb_packet_setup(&ohci->usb_packet, pid, ep, 0, addr, !flag_r,
992                          OHCI_BM(td.flags, TD_DI) == 0);
993         usb_packet_addbuf(&ohci->usb_packet, ohci->usb_buf, pktlen);
994         usb_handle_packet(dev, &ohci->usb_packet);
995         trace_usb_ohci_td_packet_status(ohci->usb_packet.status);
996 
997         if (ohci->usb_packet.status == USB_RET_ASYNC) {
998             usb_device_flush_ep_queue(dev, ep);
999             ohci->async_td = addr;
1000             return 1;
1001         }
1002     }
1003     if (ohci->usb_packet.status == USB_RET_SUCCESS) {
1004         ret = ohci->usb_packet.actual_length;
1005     } else {
1006         ret = ohci->usb_packet.status;
1007     }
1008 
1009     if (ret >= 0) {
1010         if (dir == OHCI_TD_DIR_IN) {
1011             if (ohci_copy_td(ohci, &td, ohci->usb_buf, ret,
1012                              DMA_DIRECTION_FROM_DEVICE)) {
1013                 ohci_die(ohci);
1014             }
1015             ohci_td_pkt("IN", ohci->usb_buf, pktlen);
1016         } else {
1017             ret = pktlen;
1018         }
1019     }
1020 
1021     /* Writeback */
1022     if (ret == pktlen || (dir == OHCI_TD_DIR_IN && ret >= 0 && flag_r)) {
1023         /* Transmission succeeded. */
1024         if (ret == len) {
1025             td.cbp = 0;
1026         } else {
1027             if ((td.cbp & 0xfff) + ret > 0xfff) {
1028                 td.cbp = (td.be & ~0xfff) + ((td.cbp + ret) & 0xfff);
1029             } else {
1030                 td.cbp += ret;
1031             }
1032         }
1033         td.flags |= OHCI_TD_T1;
1034         td.flags ^= OHCI_TD_T0;
1035         OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_NOERROR);
1036         OHCI_SET_BM(td.flags, TD_EC, 0);
1037 
1038         if ((dir != OHCI_TD_DIR_IN) && (ret != len)) {
1039             /* Partial packet transfer: TD not ready to retire yet */
1040             goto exit_no_retire;
1041         }
1042 
1043         /* Setting ED_C is part of the TD retirement process */
1044         ed->head &= ~OHCI_ED_C;
1045         if (td.flags & OHCI_TD_T0) {
1046             ed->head |= OHCI_ED_C;
1047         }
1048     } else {
1049         if (ret >= 0) {
1050             trace_usb_ohci_td_underrun();
1051             OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DATAUNDERRUN);
1052         } else {
1053             switch (ret) {
1054             case USB_RET_IOERROR:
1055             case USB_RET_NODEV:
1056                 trace_usb_ohci_td_dev_error();
1057                 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DEVICENOTRESPONDING);
1058                 break;
1059             case USB_RET_NAK:
1060                 trace_usb_ohci_td_nak();
1061                 return 1;
1062             case USB_RET_STALL:
1063                 trace_usb_ohci_td_stall();
1064                 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_STALL);
1065                 break;
1066             case USB_RET_BABBLE:
1067                 trace_usb_ohci_td_babble();
1068                 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DATAOVERRUN);
1069                 break;
1070             default:
1071                 trace_usb_ohci_td_bad_device_response(ret);
1072                 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_UNDEXPETEDPID);
1073                 OHCI_SET_BM(td.flags, TD_EC, 3);
1074                 break;
1075             }
1076             /*
1077              * An error occurred so we have to clear the interrupt counter.
1078              * See spec at 6.4.4 on page 104
1079              */
1080             ohci->done_count = 0;
1081         }
1082         ed->head |= OHCI_ED_H;
1083     }
1084 
1085     /* Retire this TD */
1086     ed->head &= ~OHCI_DPTR_MASK;
1087     ed->head |= td.next & OHCI_DPTR_MASK;
1088     td.next = ohci->done;
1089     ohci->done = addr;
1090     i = OHCI_BM(td.flags, TD_DI);
1091     if (i < ohci->done_count) {
1092         ohci->done_count = i;
1093     }
1094 exit_no_retire:
1095     if (ohci_put_td(ohci, addr, &td)) {
1096         ohci_die(ohci);
1097         return 1;
1098     }
1099     return OHCI_BM(td.flags, TD_CC) != OHCI_CC_NOERROR;
1100 }
1101 
1102 /* Service an endpoint list.  Returns nonzero if active TD were found. */
1103 static int ohci_service_ed_list(OHCIState *ohci, uint32_t head)
1104 {
1105     struct ohci_ed ed;
1106     uint32_t next_ed;
1107     uint32_t cur;
1108     int active;
1109     uint32_t link_cnt = 0;
1110     active = 0;
1111 
1112     if (head == 0) {
1113         return 0;
1114     }
1115     for (cur = head; cur && link_cnt++ < ED_LINK_LIMIT; cur = next_ed) {
1116         if (ohci_read_ed(ohci, cur, &ed)) {
1117             trace_usb_ohci_ed_read_error(cur);
1118             ohci_die(ohci);
1119             return 0;
1120         }
1121 
1122         next_ed = ed.next & OHCI_DPTR_MASK;
1123 
1124         if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) {
1125             uint32_t addr;
1126             /* Cancel pending packets for ED that have been paused. */
1127             addr = ed.head & OHCI_DPTR_MASK;
1128             if (ohci->async_td && addr == ohci->async_td) {
1129                 usb_cancel_packet(&ohci->usb_packet);
1130                 ohci->async_td = 0;
1131                 usb_device_ep_stopped(ohci->usb_packet.ep->dev,
1132                                       ohci->usb_packet.ep);
1133             }
1134             continue;
1135         }
1136 
1137         while ((ed.head & OHCI_DPTR_MASK) != ed.tail) {
1138             trace_usb_ohci_ed_pkt(cur, (ed.head & OHCI_ED_H) != 0,
1139                     (ed.head & OHCI_ED_C) != 0, ed.head & OHCI_DPTR_MASK,
1140                     ed.tail & OHCI_DPTR_MASK, ed.next & OHCI_DPTR_MASK);
1141             trace_usb_ohci_ed_pkt_flags(
1142                     OHCI_BM(ed.flags, ED_FA), OHCI_BM(ed.flags, ED_EN),
1143                     OHCI_BM(ed.flags, ED_D), (ed.flags & OHCI_ED_S) != 0,
1144                     (ed.flags & OHCI_ED_K) != 0, (ed.flags & OHCI_ED_F) != 0,
1145                     OHCI_BM(ed.flags, ED_MPS));
1146 
1147             active = 1;
1148 
1149             if ((ed.flags & OHCI_ED_F) == 0) {
1150                 if (ohci_service_td(ohci, &ed)) {
1151                     break;
1152                 }
1153             } else {
1154                 /* Handle isochronous endpoints */
1155                 if (ohci_service_iso_td(ohci, &ed)) {
1156                     break;
1157                 }
1158             }
1159         }
1160 
1161         if (ohci_put_ed(ohci, cur, &ed)) {
1162             ohci_die(ohci);
1163             return 0;
1164         }
1165     }
1166 
1167     return active;
1168 }
1169 
1170 /* set a timer for EOF */
1171 static void ohci_eof_timer(OHCIState *ohci)
1172 {
1173     timer_mod(ohci->eof_timer, ohci->sof_time + usb_frame_time);
1174 }
1175 /* Set a timer for EOF and generate a SOF event */
1176 static void ohci_sof(OHCIState *ohci)
1177 {
1178     ohci->sof_time += usb_frame_time;
1179     ohci_eof_timer(ohci);
1180     ohci_set_interrupt(ohci, OHCI_INTR_SF);
1181 }
1182 
1183 /* Process Control and Bulk lists. */
1184 static void ohci_process_lists(OHCIState *ohci)
1185 {
1186     if ((ohci->ctl & OHCI_CTL_CLE) && (ohci->status & OHCI_STATUS_CLF)) {
1187         if (ohci->ctrl_cur && ohci->ctrl_cur != ohci->ctrl_head) {
1188             trace_usb_ohci_process_lists(ohci->ctrl_head, ohci->ctrl_cur);
1189         }
1190         if (!ohci_service_ed_list(ohci, ohci->ctrl_head)) {
1191             ohci->ctrl_cur = 0;
1192             ohci->status &= ~OHCI_STATUS_CLF;
1193         }
1194     }
1195 
1196     if ((ohci->ctl & OHCI_CTL_BLE) && (ohci->status & OHCI_STATUS_BLF)) {
1197         if (!ohci_service_ed_list(ohci, ohci->bulk_head)) {
1198             ohci->bulk_cur = 0;
1199             ohci->status &= ~OHCI_STATUS_BLF;
1200         }
1201     }
1202 }
1203 
1204 /* Do frame processing on frame boundary */
1205 static void ohci_frame_boundary(void *opaque)
1206 {
1207     OHCIState *ohci = opaque;
1208     struct ohci_hcca hcca;
1209 
1210     if (ohci_read_hcca(ohci, ohci->hcca, &hcca)) {
1211         trace_usb_ohci_hcca_read_error(ohci->hcca);
1212         ohci_die(ohci);
1213         return;
1214     }
1215 
1216     /* Process all the lists at the end of the frame */
1217     if (ohci->ctl & OHCI_CTL_PLE) {
1218         int n;
1219 
1220         n = ohci->frame_number & 0x1f;
1221         ohci_service_ed_list(ohci, le32_to_cpu(hcca.intr[n]));
1222     }
1223 
1224     /* Cancel all pending packets if either of the lists has been disabled. */
1225     if (ohci->old_ctl & (~ohci->ctl) & (OHCI_CTL_BLE | OHCI_CTL_CLE)) {
1226         ohci_stop_endpoints(ohci);
1227     }
1228     ohci->old_ctl = ohci->ctl;
1229     ohci_process_lists(ohci);
1230 
1231     /* Stop if UnrecoverableError happened or ohci_sof will crash */
1232     if (ohci->intr_status & OHCI_INTR_UE) {
1233         return;
1234     }
1235 
1236     /* Frame boundary, so do EOF stuf here */
1237     ohci->frt = ohci->fit;
1238 
1239     /* Increment frame number and take care of endianness. */
1240     ohci->frame_number = (ohci->frame_number + 1) & 0xffff;
1241     hcca.frame = cpu_to_le16(ohci->frame_number);
1242 
1243     if (ohci->done_count == 0 && !(ohci->intr_status & OHCI_INTR_WD)) {
1244         if (!ohci->done) {
1245             abort();
1246         }
1247         if (ohci->intr & ohci->intr_status) {
1248             ohci->done |= 1;
1249         }
1250         hcca.done = cpu_to_le32(ohci->done);
1251         ohci->done = 0;
1252         ohci->done_count = 7;
1253         ohci_set_interrupt(ohci, OHCI_INTR_WD);
1254     }
1255 
1256     if (ohci->done_count != 7 && ohci->done_count != 0) {
1257         ohci->done_count--;
1258     }
1259     /* Do SOF stuff here */
1260     ohci_sof(ohci);
1261 
1262     /* Writeback HCCA */
1263     if (ohci_put_hcca(ohci, ohci->hcca, &hcca)) {
1264         ohci_die(ohci);
1265     }
1266 }
1267 
1268 /*
1269  * Start sending SOF tokens across the USB bus, lists are processed in
1270  * next frame
1271  */
1272 static int ohci_bus_start(OHCIState *ohci)
1273 {
1274     trace_usb_ohci_start(ohci->name);
1275     /*
1276      * Delay the first SOF event by one frame time as linux driver is
1277      * not ready to receive it and can meet some race conditions
1278      */
1279     ohci->sof_time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
1280     ohci_eof_timer(ohci);
1281 
1282     return 1;
1283 }
1284 
1285 /* Stop sending SOF tokens on the bus */
1286 void ohci_bus_stop(OHCIState *ohci)
1287 {
1288     trace_usb_ohci_stop(ohci->name);
1289     timer_del(ohci->eof_timer);
1290 }
1291 
1292 /* Frame interval toggle is manipulated by the hcd only */
1293 static void ohci_set_frame_interval(OHCIState *ohci, uint16_t val)
1294 {
1295     val &= OHCI_FMI_FI;
1296 
1297     if (val != ohci->fi) {
1298         trace_usb_ohci_set_frame_interval(ohci->name, ohci->fi, ohci->fi);
1299     }
1300 
1301     ohci->fi = val;
1302 }
1303 
1304 static void ohci_port_power(OHCIState *ohci, int i, int p)
1305 {
1306     if (p) {
1307         ohci->rhport[i].ctrl |= OHCI_PORT_PPS;
1308     } else {
1309         ohci->rhport[i].ctrl &= ~(OHCI_PORT_PPS | OHCI_PORT_CCS |
1310                                   OHCI_PORT_PSS | OHCI_PORT_PRS);
1311     }
1312 }
1313 
1314 /* Set HcControlRegister */
1315 static void ohci_set_ctl(OHCIState *ohci, uint32_t val)
1316 {
1317     uint32_t old_state;
1318     uint32_t new_state;
1319 
1320     old_state = ohci->ctl & OHCI_CTL_HCFS;
1321     ohci->ctl = val;
1322     new_state = ohci->ctl & OHCI_CTL_HCFS;
1323 
1324     /* no state change */
1325     if (old_state == new_state) {
1326         return;
1327     }
1328     trace_usb_ohci_set_ctl(ohci->name, new_state);
1329     switch (new_state) {
1330     case OHCI_USB_OPERATIONAL:
1331         ohci_bus_start(ohci);
1332         break;
1333     case OHCI_USB_SUSPEND:
1334         ohci_bus_stop(ohci);
1335         /* clear pending SF otherwise linux driver loops in ohci_irq() */
1336         ohci->intr_status &= ~OHCI_INTR_SF;
1337         ohci_intr_update(ohci);
1338         break;
1339     case OHCI_USB_RESUME:
1340         trace_usb_ohci_resume(ohci->name);
1341         break;
1342     case OHCI_USB_RESET:
1343         ohci_roothub_reset(ohci);
1344         break;
1345     }
1346 }
1347 
1348 static uint32_t ohci_get_frame_remaining(OHCIState *ohci)
1349 {
1350     uint16_t fr;
1351     int64_t tks;
1352 
1353     if ((ohci->ctl & OHCI_CTL_HCFS) != OHCI_USB_OPERATIONAL) {
1354         return ohci->frt << 31;
1355     }
1356     /* Being in USB operational state guarnatees sof_time was set already. */
1357     tks = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) - ohci->sof_time;
1358     if (tks < 0) {
1359         tks = 0;
1360     }
1361 
1362     /* avoid muldiv if possible */
1363     if (tks >= usb_frame_time) {
1364         return ohci->frt << 31;
1365     }
1366     tks = tks / usb_bit_time;
1367     fr = (uint16_t)(ohci->fi - tks);
1368 
1369     return (ohci->frt << 31) | fr;
1370 }
1371 
1372 
1373 /* Set root hub status */
1374 static void ohci_set_hub_status(OHCIState *ohci, uint32_t val)
1375 {
1376     uint32_t old_state;
1377 
1378     old_state = ohci->rhstatus;
1379 
1380     /* write 1 to clear OCIC */
1381     if (val & OHCI_RHS_OCIC) {
1382         ohci->rhstatus &= ~OHCI_RHS_OCIC;
1383     }
1384     if (val & OHCI_RHS_LPS) {
1385         int i;
1386 
1387         for (i = 0; i < ohci->num_ports; i++) {
1388             ohci_port_power(ohci, i, 0);
1389         }
1390         trace_usb_ohci_hub_power_down();
1391     }
1392 
1393     if (val & OHCI_RHS_LPSC) {
1394         int i;
1395 
1396         for (i = 0; i < ohci->num_ports; i++) {
1397             ohci_port_power(ohci, i, 1);
1398         }
1399         trace_usb_ohci_hub_power_up();
1400     }
1401 
1402     if (val & OHCI_RHS_DRWE) {
1403         ohci->rhstatus |= OHCI_RHS_DRWE;
1404     }
1405     if (val & OHCI_RHS_CRWE) {
1406         ohci->rhstatus &= ~OHCI_RHS_DRWE;
1407     }
1408     if (old_state != ohci->rhstatus) {
1409         ohci_set_interrupt(ohci, OHCI_INTR_RHSC);
1410     }
1411 }
1412 
1413 /* This is the one state transition the controller can do by itself */
1414 static bool ohci_resume(OHCIState *s)
1415 {
1416     if ((s->ctl & OHCI_CTL_HCFS) == OHCI_USB_SUSPEND) {
1417         trace_usb_ohci_remote_wakeup(s->name);
1418         s->ctl &= ~OHCI_CTL_HCFS;
1419         s->ctl |= OHCI_USB_RESUME;
1420         return true;
1421     }
1422     return false;
1423 }
1424 
1425 /*
1426  * Sets a flag in a port status reg but only set it if the port is connected.
1427  * If not set ConnectStatusChange flag. If flag is enabled return 1.
1428  */
1429 static int ohci_port_set_if_connected(OHCIState *ohci, int i, uint32_t val)
1430 {
1431     int ret = 1;
1432 
1433     /* writing a 0 has no effect */
1434     if (val == 0) {
1435         return 0;
1436     }
1437     /* If CurrentConnectStatus is cleared we set ConnectStatusChange */
1438     if (!(ohci->rhport[i].ctrl & OHCI_PORT_CCS)) {
1439         ohci->rhport[i].ctrl |= OHCI_PORT_CSC;
1440         if (ohci->rhstatus & OHCI_RHS_DRWE) {
1441             /* CSC is a wakeup event */
1442             if (ohci_resume(ohci)) {
1443                 ohci_set_interrupt(ohci, OHCI_INTR_RD);
1444             }
1445         }
1446         return 0;
1447     }
1448 
1449     if (ohci->rhport[i].ctrl & val) {
1450         ret = 0;
1451     }
1452     /* set the bit */
1453     ohci->rhport[i].ctrl |= val;
1454 
1455     return ret;
1456 }
1457 
1458 /* Set root hub port status */
1459 static void ohci_port_set_status(OHCIState *ohci, int portnum, uint32_t val)
1460 {
1461     uint32_t old_state;
1462     OHCIPort *port;
1463 
1464     port = &ohci->rhport[portnum];
1465     old_state = port->ctrl;
1466 
1467     /* Write to clear CSC, PESC, PSSC, OCIC, PRSC */
1468     if (val & OHCI_PORT_WTC) {
1469         port->ctrl &= ~(val & OHCI_PORT_WTC);
1470     }
1471     if (val & OHCI_PORT_CCS) {
1472         port->ctrl &= ~OHCI_PORT_PES;
1473     }
1474     ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PES);
1475 
1476     if (ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PSS)) {
1477         trace_usb_ohci_port_suspend(portnum);
1478     }
1479 
1480     if (ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PRS)) {
1481         trace_usb_ohci_port_reset(portnum);
1482         usb_device_reset(port->port.dev);
1483         port->ctrl &= ~OHCI_PORT_PRS;
1484         /* ??? Should this also set OHCI_PORT_PESC. */
1485         port->ctrl |= OHCI_PORT_PES | OHCI_PORT_PRSC;
1486     }
1487 
1488     /* Invert order here to ensure in ambiguous case, device is powered up. */
1489     if (val & OHCI_PORT_LSDA) {
1490         ohci_port_power(ohci, portnum, 0);
1491     }
1492     if (val & OHCI_PORT_PPS) {
1493         ohci_port_power(ohci, portnum, 1);
1494     }
1495     if (old_state != port->ctrl) {
1496         ohci_set_interrupt(ohci, OHCI_INTR_RHSC);
1497     }
1498 }
1499 
1500 static uint64_t ohci_mem_read(void *opaque,
1501                               hwaddr addr,
1502                               unsigned size)
1503 {
1504     OHCIState *ohci = opaque;
1505     uint32_t retval;
1506 
1507     /* Only aligned reads are allowed on OHCI */
1508     if (addr & 3) {
1509         trace_usb_ohci_mem_read_unaligned(addr);
1510         return 0xffffffff;
1511     } else if (addr >= 0x54 && addr < 0x54 + ohci->num_ports * 4) {
1512         /* HcRhPortStatus */
1513         retval = ohci->rhport[(addr - 0x54) >> 2].ctrl | OHCI_PORT_PPS;
1514         trace_usb_ohci_mem_port_read(size, "HcRhPortStatus", (addr - 0x50) >> 2,
1515                                      addr, addr >> 2, retval);
1516     } else {
1517         switch (addr >> 2) {
1518         case 0: /* HcRevision */
1519             retval = 0x10;
1520             break;
1521 
1522         case 1: /* HcControl */
1523             retval = ohci->ctl;
1524             break;
1525 
1526         case 2: /* HcCommandStatus */
1527             retval = ohci->status;
1528             break;
1529 
1530         case 3: /* HcInterruptStatus */
1531             retval = ohci->intr_status;
1532             break;
1533 
1534         case 4: /* HcInterruptEnable */
1535         case 5: /* HcInterruptDisable */
1536             retval = ohci->intr;
1537             break;
1538 
1539         case 6: /* HcHCCA */
1540             retval = ohci->hcca;
1541             break;
1542 
1543         case 7: /* HcPeriodCurrentED */
1544             retval = ohci->per_cur;
1545             break;
1546 
1547         case 8: /* HcControlHeadED */
1548             retval = ohci->ctrl_head;
1549             break;
1550 
1551         case 9: /* HcControlCurrentED */
1552             retval = ohci->ctrl_cur;
1553             break;
1554 
1555         case 10: /* HcBulkHeadED */
1556             retval = ohci->bulk_head;
1557             break;
1558 
1559         case 11: /* HcBulkCurrentED */
1560             retval = ohci->bulk_cur;
1561             break;
1562 
1563         case 12: /* HcDoneHead */
1564             retval = ohci->done;
1565             break;
1566 
1567         case 13: /* HcFmInterretval */
1568             retval = (ohci->fit << 31) | (ohci->fsmps << 16) | (ohci->fi);
1569             break;
1570 
1571         case 14: /* HcFmRemaining */
1572             retval = ohci_get_frame_remaining(ohci);
1573             break;
1574 
1575         case 15: /* HcFmNumber */
1576             retval = ohci->frame_number;
1577             break;
1578 
1579         case 16: /* HcPeriodicStart */
1580             retval = ohci->pstart;
1581             break;
1582 
1583         case 17: /* HcLSThreshold */
1584             retval = ohci->lst;
1585             break;
1586 
1587         case 18: /* HcRhDescriptorA */
1588             retval = ohci->rhdesc_a;
1589             break;
1590 
1591         case 19: /* HcRhDescriptorB */
1592             retval = ohci->rhdesc_b;
1593             break;
1594 
1595         case 20: /* HcRhStatus */
1596             retval = ohci->rhstatus;
1597             break;
1598 
1599         /* PXA27x specific registers */
1600         case 24: /* HcStatus */
1601             retval = ohci->hstatus & ohci->hmask;
1602             break;
1603 
1604         case 25: /* HcHReset */
1605             retval = ohci->hreset;
1606             break;
1607 
1608         case 26: /* HcHInterruptEnable */
1609             retval = ohci->hmask;
1610             break;
1611 
1612         case 27: /* HcHInterruptTest */
1613             retval = ohci->htest;
1614             break;
1615 
1616         default:
1617             trace_usb_ohci_mem_read_bad_offset(addr);
1618             retval = 0xffffffff;
1619         }
1620         if (addr != 0xc || retval) {
1621             trace_usb_ohci_mem_read(size, ohci_reg_name(addr), addr, addr >> 2,
1622                                     retval);
1623         }
1624     }
1625 
1626     return retval;
1627 }
1628 
1629 static void ohci_mem_write(void *opaque,
1630                            hwaddr addr,
1631                            uint64_t val,
1632                            unsigned size)
1633 {
1634     OHCIState *ohci = opaque;
1635 
1636     /* Only aligned reads are allowed on OHCI */
1637     if (addr & 3) {
1638         trace_usb_ohci_mem_write_unaligned(addr);
1639         return;
1640     }
1641 
1642     if (addr >= 0x54 && addr < 0x54 + ohci->num_ports * 4) {
1643         /* HcRhPortStatus */
1644         trace_usb_ohci_mem_port_write(size, "HcRhPortStatus",
1645                                       (addr - 0x50) >> 2, addr, addr >> 2, val);
1646         ohci_port_set_status(ohci, (addr - 0x54) >> 2, val);
1647         return;
1648     }
1649 
1650     trace_usb_ohci_mem_write(size, ohci_reg_name(addr), addr, addr >> 2, val);
1651     switch (addr >> 2) {
1652     case 1: /* HcControl */
1653         ohci_set_ctl(ohci, val);
1654         break;
1655 
1656     case 2: /* HcCommandStatus */
1657         /* SOC is read-only */
1658         val = (val & ~OHCI_STATUS_SOC);
1659 
1660         /* Bits written as '0' remain unchanged in the register */
1661         ohci->status |= val;
1662 
1663         if (ohci->status & OHCI_STATUS_HCR) {
1664             ohci_soft_reset(ohci);
1665         }
1666         break;
1667 
1668     case 3: /* HcInterruptStatus */
1669         ohci->intr_status &= ~val;
1670         ohci_intr_update(ohci);
1671         break;
1672 
1673     case 4: /* HcInterruptEnable */
1674         ohci->intr |= val;
1675         ohci_intr_update(ohci);
1676         break;
1677 
1678     case 5: /* HcInterruptDisable */
1679         ohci->intr &= ~val;
1680         ohci_intr_update(ohci);
1681         break;
1682 
1683     case 6: /* HcHCCA */
1684         ohci->hcca = val & OHCI_HCCA_MASK;
1685         break;
1686 
1687     case 7: /* HcPeriodCurrentED */
1688         /* Ignore writes to this read-only register, Linux does them */
1689         break;
1690 
1691     case 8: /* HcControlHeadED */
1692         ohci->ctrl_head = val & OHCI_EDPTR_MASK;
1693         break;
1694 
1695     case 9: /* HcControlCurrentED */
1696         ohci->ctrl_cur = val & OHCI_EDPTR_MASK;
1697         break;
1698 
1699     case 10: /* HcBulkHeadED */
1700         ohci->bulk_head = val & OHCI_EDPTR_MASK;
1701         break;
1702 
1703     case 11: /* HcBulkCurrentED */
1704         ohci->bulk_cur = val & OHCI_EDPTR_MASK;
1705         break;
1706 
1707     case 13: /* HcFmInterval */
1708         ohci->fsmps = (val & OHCI_FMI_FSMPS) >> 16;
1709         ohci->fit = (val & OHCI_FMI_FIT) >> 31;
1710         ohci_set_frame_interval(ohci, val);
1711         break;
1712 
1713     case 15: /* HcFmNumber */
1714         break;
1715 
1716     case 16: /* HcPeriodicStart */
1717         ohci->pstart = val & 0xffff;
1718         break;
1719 
1720     case 17: /* HcLSThreshold */
1721         ohci->lst = val & 0xffff;
1722         break;
1723 
1724     case 18: /* HcRhDescriptorA */
1725         ohci->rhdesc_a &= ~OHCI_RHA_RW_MASK;
1726         ohci->rhdesc_a |= val & OHCI_RHA_RW_MASK;
1727         break;
1728 
1729     case 19: /* HcRhDescriptorB */
1730         break;
1731 
1732     case 20: /* HcRhStatus */
1733         ohci_set_hub_status(ohci, val);
1734         break;
1735 
1736     /* PXA27x specific registers */
1737     case 24: /* HcStatus */
1738         ohci->hstatus &= ~(val & ohci->hmask);
1739         break;
1740 
1741     case 25: /* HcHReset */
1742         ohci->hreset = val & ~OHCI_HRESET_FSBIR;
1743         if (val & OHCI_HRESET_FSBIR) {
1744             ohci_hard_reset(ohci);
1745         }
1746         break;
1747 
1748     case 26: /* HcHInterruptEnable */
1749         ohci->hmask = val;
1750         break;
1751 
1752     case 27: /* HcHInterruptTest */
1753         ohci->htest = val;
1754         break;
1755 
1756     default:
1757         trace_usb_ohci_mem_write_bad_offset(addr);
1758         break;
1759     }
1760 }
1761 
1762 static const MemoryRegionOps ohci_mem_ops = {
1763     .read = ohci_mem_read,
1764     .write = ohci_mem_write,
1765     .endianness = DEVICE_LITTLE_ENDIAN,
1766 };
1767 
1768 /* USBPortOps */
1769 static void ohci_attach(USBPort *port1)
1770 {
1771     OHCIState *s = port1->opaque;
1772     OHCIPort *port = &s->rhport[port1->index];
1773     uint32_t old_state = port->ctrl;
1774 
1775     /* set connect status */
1776     port->ctrl |= OHCI_PORT_CCS | OHCI_PORT_CSC;
1777 
1778     /* update speed */
1779     if (port->port.dev->speed == USB_SPEED_LOW) {
1780         port->ctrl |= OHCI_PORT_LSDA;
1781     } else {
1782         port->ctrl &= ~OHCI_PORT_LSDA;
1783     }
1784 
1785     /* notify of remote-wakeup */
1786     if ((s->ctl & OHCI_CTL_HCFS) == OHCI_USB_SUSPEND) {
1787         ohci_set_interrupt(s, OHCI_INTR_RD);
1788     }
1789 
1790     trace_usb_ohci_port_attach(port1->index);
1791 
1792     if (old_state != port->ctrl) {
1793         ohci_set_interrupt(s, OHCI_INTR_RHSC);
1794     }
1795 }
1796 
1797 static void ohci_child_detach(USBPort *port1, USBDevice *dev)
1798 {
1799     OHCIState *ohci = port1->opaque;
1800 
1801     if (ohci->async_td &&
1802         usb_packet_is_inflight(&ohci->usb_packet) &&
1803         ohci->usb_packet.ep->dev == dev) {
1804         usb_cancel_packet(&ohci->usb_packet);
1805         ohci->async_td = 0;
1806     }
1807 }
1808 
1809 static void ohci_detach(USBPort *port1)
1810 {
1811     OHCIState *s = port1->opaque;
1812     OHCIPort *port = &s->rhport[port1->index];
1813     uint32_t old_state = port->ctrl;
1814 
1815     ohci_child_detach(port1, port1->dev);
1816 
1817     /* set connect status */
1818     if (port->ctrl & OHCI_PORT_CCS) {
1819         port->ctrl &= ~OHCI_PORT_CCS;
1820         port->ctrl |= OHCI_PORT_CSC;
1821     }
1822     /* disable port */
1823     if (port->ctrl & OHCI_PORT_PES) {
1824         port->ctrl &= ~OHCI_PORT_PES;
1825         port->ctrl |= OHCI_PORT_PESC;
1826     }
1827     trace_usb_ohci_port_detach(port1->index);
1828 
1829     if (old_state != port->ctrl) {
1830         ohci_set_interrupt(s, OHCI_INTR_RHSC);
1831     }
1832 }
1833 
1834 static void ohci_wakeup(USBPort *port1)
1835 {
1836     OHCIState *s = port1->opaque;
1837     OHCIPort *port = &s->rhport[port1->index];
1838     uint32_t intr = 0;
1839     if (port->ctrl & OHCI_PORT_PSS) {
1840         trace_usb_ohci_port_wakeup(port1->index);
1841         port->ctrl |= OHCI_PORT_PSSC;
1842         port->ctrl &= ~OHCI_PORT_PSS;
1843         intr = OHCI_INTR_RHSC;
1844     }
1845     /* Note that the controller can be suspended even if this port is not */
1846     if (ohci_resume(s)) {
1847         /*
1848          * In suspend mode only ResumeDetected is possible, not RHSC:
1849          * see the OHCI spec 5.1.2.3.
1850          */
1851         intr = OHCI_INTR_RD;
1852     }
1853     ohci_set_interrupt(s, intr);
1854 }
1855 
1856 static void ohci_async_complete_packet(USBPort *port, USBPacket *packet)
1857 {
1858     OHCIState *ohci = container_of(packet, OHCIState, usb_packet);
1859 
1860     trace_usb_ohci_async_complete();
1861     ohci->async_complete = true;
1862     ohci_process_lists(ohci);
1863 }
1864 
1865 static USBPortOps ohci_port_ops = {
1866     .attach = ohci_attach,
1867     .detach = ohci_detach,
1868     .child_detach = ohci_child_detach,
1869     .wakeup = ohci_wakeup,
1870     .complete = ohci_async_complete_packet,
1871 };
1872 
1873 static USBBusOps ohci_bus_ops = {
1874 };
1875 
1876 void usb_ohci_init(OHCIState *ohci, DeviceState *dev, uint32_t num_ports,
1877                    dma_addr_t localmem_base, char *masterbus,
1878                    uint32_t firstport, AddressSpace *as,
1879                    void (*ohci_die_fn)(OHCIState *), Error **errp)
1880 {
1881     Error *err = NULL;
1882     int i;
1883 
1884     ohci->as = as;
1885     ohci->ohci_die = ohci_die_fn;
1886 
1887     if (num_ports > OHCI_MAX_PORTS) {
1888         error_setg(errp, "OHCI num-ports=%u is too big (limit is %u ports)",
1889                    num_ports, OHCI_MAX_PORTS);
1890         return;
1891     }
1892 
1893     if (usb_frame_time == 0) {
1894 #ifdef OHCI_TIME_WARP
1895         usb_frame_time = NANOSECONDS_PER_SECOND;
1896         usb_bit_time = NANOSECONDS_PER_SECOND / (USB_HZ / 1000);
1897 #else
1898         usb_frame_time = NANOSECONDS_PER_SECOND / 1000;
1899         if (NANOSECONDS_PER_SECOND >= USB_HZ) {
1900             usb_bit_time = NANOSECONDS_PER_SECOND / USB_HZ;
1901         } else {
1902             usb_bit_time = 1;
1903         }
1904 #endif
1905         trace_usb_ohci_init_time(usb_frame_time, usb_bit_time);
1906     }
1907 
1908     ohci->num_ports = num_ports;
1909     if (masterbus) {
1910         USBPort *ports[OHCI_MAX_PORTS];
1911         for (i = 0; i < num_ports; i++) {
1912             ports[i] = &ohci->rhport[i].port;
1913         }
1914         usb_register_companion(masterbus, ports, num_ports,
1915                                firstport, ohci, &ohci_port_ops,
1916                                USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL,
1917                                &err);
1918         if (err) {
1919             error_propagate(errp, err);
1920             return;
1921         }
1922     } else {
1923         usb_bus_new(&ohci->bus, sizeof(ohci->bus), &ohci_bus_ops, dev);
1924         for (i = 0; i < num_ports; i++) {
1925             usb_register_port(&ohci->bus, &ohci->rhport[i].port,
1926                               ohci, i, &ohci_port_ops,
1927                               USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL);
1928         }
1929     }
1930 
1931     memory_region_init_io(&ohci->mem, OBJECT(dev), &ohci_mem_ops,
1932                           ohci, "ohci", 256);
1933     ohci->localmem_base = localmem_base;
1934 
1935     ohci->name = object_get_typename(OBJECT(dev));
1936     usb_packet_init(&ohci->usb_packet);
1937 
1938     ohci->async_td = 0;
1939 
1940     ohci->eof_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
1941                                    ohci_frame_boundary, ohci);
1942 }
1943 
1944 /*
1945  * A typical OHCI will stop operating and set itself into error state
1946  * (which can be queried by MMIO) to signal that it got an error.
1947  */
1948 void ohci_sysbus_die(struct OHCIState *ohci)
1949 {
1950     trace_usb_ohci_die();
1951 
1952     ohci_set_interrupt(ohci, OHCI_INTR_UE);
1953     ohci_bus_stop(ohci);
1954 }
1955 
1956 static void ohci_realize_pxa(DeviceState *dev, Error **errp)
1957 {
1958     OHCISysBusState *s = SYSBUS_OHCI(dev);
1959     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1960     Error *err = NULL;
1961 
1962     usb_ohci_init(&s->ohci, dev, s->num_ports, s->dma_offset,
1963                   s->masterbus, s->firstport,
1964                   &address_space_memory, ohci_sysbus_die, &err);
1965     if (err) {
1966         error_propagate(errp, err);
1967         return;
1968     }
1969     sysbus_init_irq(sbd, &s->ohci.irq);
1970     sysbus_init_mmio(sbd, &s->ohci.mem);
1971 }
1972 
1973 static void usb_ohci_reset_sysbus(DeviceState *dev)
1974 {
1975     OHCISysBusState *s = SYSBUS_OHCI(dev);
1976     OHCIState *ohci = &s->ohci;
1977 
1978     ohci_hard_reset(ohci);
1979 }
1980 
1981 static const VMStateDescription vmstate_ohci_state_port = {
1982     .name = "ohci-core/port",
1983     .version_id = 1,
1984     .minimum_version_id = 1,
1985     .fields = (VMStateField[]) {
1986         VMSTATE_UINT32(ctrl, OHCIPort),
1987         VMSTATE_END_OF_LIST()
1988     },
1989 };
1990 
1991 static bool ohci_eof_timer_needed(void *opaque)
1992 {
1993     OHCIState *ohci = opaque;
1994 
1995     return timer_pending(ohci->eof_timer);
1996 }
1997 
1998 static const VMStateDescription vmstate_ohci_eof_timer = {
1999     .name = "ohci-core/eof-timer",
2000     .version_id = 1,
2001     .minimum_version_id = 1,
2002     .needed = ohci_eof_timer_needed,
2003     .fields = (VMStateField[]) {
2004         VMSTATE_TIMER_PTR(eof_timer, OHCIState),
2005         VMSTATE_END_OF_LIST()
2006     },
2007 };
2008 
2009 const VMStateDescription vmstate_ohci_state = {
2010     .name = "ohci-core",
2011     .version_id = 1,
2012     .minimum_version_id = 1,
2013     .fields = (VMStateField[]) {
2014         VMSTATE_INT64(sof_time, OHCIState),
2015         VMSTATE_UINT32(ctl, OHCIState),
2016         VMSTATE_UINT32(status, OHCIState),
2017         VMSTATE_UINT32(intr_status, OHCIState),
2018         VMSTATE_UINT32(intr, OHCIState),
2019         VMSTATE_UINT32(hcca, OHCIState),
2020         VMSTATE_UINT32(ctrl_head, OHCIState),
2021         VMSTATE_UINT32(ctrl_cur, OHCIState),
2022         VMSTATE_UINT32(bulk_head, OHCIState),
2023         VMSTATE_UINT32(bulk_cur, OHCIState),
2024         VMSTATE_UINT32(per_cur, OHCIState),
2025         VMSTATE_UINT32(done, OHCIState),
2026         VMSTATE_INT32(done_count, OHCIState),
2027         VMSTATE_UINT16(fsmps, OHCIState),
2028         VMSTATE_UINT8(fit, OHCIState),
2029         VMSTATE_UINT16(fi, OHCIState),
2030         VMSTATE_UINT8(frt, OHCIState),
2031         VMSTATE_UINT16(frame_number, OHCIState),
2032         VMSTATE_UINT16(padding, OHCIState),
2033         VMSTATE_UINT32(pstart, OHCIState),
2034         VMSTATE_UINT32(lst, OHCIState),
2035         VMSTATE_UINT32(rhdesc_a, OHCIState),
2036         VMSTATE_UINT32(rhdesc_b, OHCIState),
2037         VMSTATE_UINT32(rhstatus, OHCIState),
2038         VMSTATE_STRUCT_ARRAY(rhport, OHCIState, OHCI_MAX_PORTS, 0,
2039                              vmstate_ohci_state_port, OHCIPort),
2040         VMSTATE_UINT32(hstatus, OHCIState),
2041         VMSTATE_UINT32(hmask, OHCIState),
2042         VMSTATE_UINT32(hreset, OHCIState),
2043         VMSTATE_UINT32(htest, OHCIState),
2044         VMSTATE_UINT32(old_ctl, OHCIState),
2045         VMSTATE_UINT8_ARRAY(usb_buf, OHCIState, 8192),
2046         VMSTATE_UINT32(async_td, OHCIState),
2047         VMSTATE_BOOL(async_complete, OHCIState),
2048         VMSTATE_END_OF_LIST()
2049     },
2050     .subsections = (const VMStateDescription*[]) {
2051         &vmstate_ohci_eof_timer,
2052         NULL
2053     }
2054 };
2055 
2056 static Property ohci_sysbus_properties[] = {
2057     DEFINE_PROP_STRING("masterbus", OHCISysBusState, masterbus),
2058     DEFINE_PROP_UINT32("num-ports", OHCISysBusState, num_ports, 3),
2059     DEFINE_PROP_UINT32("firstport", OHCISysBusState, firstport, 0),
2060     DEFINE_PROP_DMAADDR("dma-offset", OHCISysBusState, dma_offset, 0),
2061     DEFINE_PROP_END_OF_LIST(),
2062 };
2063 
2064 static void ohci_sysbus_class_init(ObjectClass *klass, void *data)
2065 {
2066     DeviceClass *dc = DEVICE_CLASS(klass);
2067 
2068     dc->realize = ohci_realize_pxa;
2069     set_bit(DEVICE_CATEGORY_USB, dc->categories);
2070     dc->desc = "OHCI USB Controller";
2071     device_class_set_props(dc, ohci_sysbus_properties);
2072     dc->reset = usb_ohci_reset_sysbus;
2073 }
2074 
2075 static const TypeInfo ohci_sysbus_info = {
2076     .name          = TYPE_SYSBUS_OHCI,
2077     .parent        = TYPE_SYS_BUS_DEVICE,
2078     .instance_size = sizeof(OHCISysBusState),
2079     .class_init    = ohci_sysbus_class_init,
2080 };
2081 
2082 static void ohci_register_types(void)
2083 {
2084     type_register_static(&ohci_sysbus_info);
2085 }
2086 
2087 type_init(ohci_register_types)
2088