1 /*
2  * USB UHCI controller emulation
3  *
4  * Copyright (c) 2005 Fabrice Bellard
5  *
6  * Copyright (c) 2008 Max Krasnyansky
7  *     Magor rewrite of the UHCI data structures parser and frame processor
8  *     Support for fully async operation and multiple outstanding transactions
9  *
10  * Permission is hereby granted, free of charge, to any person obtaining a copy
11  * of this software and associated documentation files (the "Software"), to deal
12  * in the Software without restriction, including without limitation the rights
13  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
14  * copies of the Software, and to permit persons to whom the Software is
15  * furnished to do so, subject to the following conditions:
16  *
17  * The above copyright notice and this permission notice shall be included in
18  * all copies or substantial portions of the Software.
19  *
20  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
23  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
25  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26  * THE SOFTWARE.
27  */
28 
29 #include "qemu/osdep.h"
30 #include "hw/usb.h"
31 #include "hw/usb/uhci-regs.h"
32 #include "migration/vmstate.h"
33 #include "hw/pci/pci.h"
34 #include "hw/irq.h"
35 #include "hw/qdev-properties.h"
36 #include "qapi/error.h"
37 #include "qemu/timer.h"
38 #include "qemu/iov.h"
39 #include "system/dma.h"
40 #include "trace.h"
41 #include "qemu/main-loop.h"
42 #include "qemu/module.h"
43 #include "qom/object.h"
44 #include "hcd-uhci.h"
45 
46 #define FRAME_TIMER_FREQ 1000
47 
48 #define FRAME_MAX_LOOPS  256
49 
50 /* Must be large enough to handle 10 frame delay for initial isoc requests */
51 #define QH_VALID         32
52 
53 #define MAX_FRAMES_PER_TICK    (QH_VALID / 2)
54 
55 enum {
56     TD_RESULT_STOP_FRAME = 10,
57     TD_RESULT_COMPLETE,
58     TD_RESULT_NEXT_QH,
59     TD_RESULT_ASYNC_START,
60     TD_RESULT_ASYNC_CONT,
61 };
62 
63 typedef struct UHCIAsync UHCIAsync;
64 
65 struct UHCIPCIDeviceClass {
66     PCIDeviceClass parent_class;
67     UHCIInfo       info;
68 };
69 
70 /*
71  * Pending async transaction.
72  * 'packet' must be the first field because completion
73  * handler does "(UHCIAsync *) pkt" cast.
74  */
75 
76 struct UHCIAsync {
77     USBPacket packet;
78     uint8_t   static_buf[64]; /* 64 bytes is enough, except for isoc packets */
79     uint8_t   *buf;
80     UHCIQueue *queue;
81     QTAILQ_ENTRY(UHCIAsync) next;
82     uint32_t  td_addr;
83     uint8_t   done;
84 };
85 
86 struct UHCIQueue {
87     uint32_t  qh_addr;
88     uint32_t  token;
89     UHCIState *uhci;
90     USBEndpoint *ep;
91     QTAILQ_ENTRY(UHCIQueue) next;
92     QTAILQ_HEAD(, UHCIAsync) asyncs;
93     int8_t    valid;
94 };
95 
96 typedef struct UHCI_TD {
97     uint32_t link;
98     uint32_t ctrl; /* see TD_CTRL_xxx */
99     uint32_t token;
100     uint32_t buffer;
101 } UHCI_TD;
102 
103 typedef struct UHCI_QH {
104     uint32_t link;
105     uint32_t el_link;
106 } UHCI_QH;
107 
108 static void uhci_async_cancel(UHCIAsync *async);
109 static void uhci_queue_fill(UHCIQueue *q, UHCI_TD *td);
110 static void uhci_resume(void *opaque);
111 
uhci_queue_token(UHCI_TD * td)112 static inline int32_t uhci_queue_token(UHCI_TD *td)
113 {
114     if ((td->token & (0xf << 15)) == 0) {
115         /* ctrl ep, cover ep and dev, not pid! */
116         return td->token & 0x7ff00;
117     } else {
118         /* covers ep, dev, pid -> identifies the endpoint */
119         return td->token & 0x7ffff;
120     }
121 }
122 
uhci_queue_new(UHCIState * s,uint32_t qh_addr,UHCI_TD * td,USBEndpoint * ep)123 static UHCIQueue *uhci_queue_new(UHCIState *s, uint32_t qh_addr, UHCI_TD *td,
124                                  USBEndpoint *ep)
125 {
126     UHCIQueue *queue;
127 
128     queue = g_new0(UHCIQueue, 1);
129     queue->uhci = s;
130     queue->qh_addr = qh_addr;
131     queue->token = uhci_queue_token(td);
132     queue->ep = ep;
133     QTAILQ_INIT(&queue->asyncs);
134     QTAILQ_INSERT_HEAD(&s->queues, queue, next);
135     queue->valid = QH_VALID;
136     trace_usb_uhci_queue_add(queue->token);
137     return queue;
138 }
139 
uhci_queue_free(UHCIQueue * queue,const char * reason)140 static void uhci_queue_free(UHCIQueue *queue, const char *reason)
141 {
142     UHCIState *s = queue->uhci;
143     UHCIAsync *async;
144 
145     while (!QTAILQ_EMPTY(&queue->asyncs)) {
146         async = QTAILQ_FIRST(&queue->asyncs);
147         uhci_async_cancel(async);
148     }
149     usb_device_ep_stopped(queue->ep->dev, queue->ep);
150 
151     trace_usb_uhci_queue_del(queue->token, reason);
152     QTAILQ_REMOVE(&s->queues, queue, next);
153     g_free(queue);
154 }
155 
uhci_queue_find(UHCIState * s,UHCI_TD * td)156 static UHCIQueue *uhci_queue_find(UHCIState *s, UHCI_TD *td)
157 {
158     uint32_t token = uhci_queue_token(td);
159     UHCIQueue *queue;
160 
161     QTAILQ_FOREACH(queue, &s->queues, next) {
162         if (queue->token == token) {
163             return queue;
164         }
165     }
166     return NULL;
167 }
168 
uhci_queue_verify(UHCIQueue * queue,uint32_t qh_addr,UHCI_TD * td,uint32_t td_addr,bool queuing)169 static bool uhci_queue_verify(UHCIQueue *queue, uint32_t qh_addr, UHCI_TD *td,
170                               uint32_t td_addr, bool queuing)
171 {
172     UHCIAsync *first = QTAILQ_FIRST(&queue->asyncs);
173     uint32_t queue_token_addr = (queue->token >> 8) & 0x7f;
174 
175     return queue->qh_addr == qh_addr &&
176            queue->token == uhci_queue_token(td) &&
177            queue_token_addr == queue->ep->dev->addr &&
178            (queuing || !(td->ctrl & TD_CTRL_ACTIVE) || first == NULL ||
179             first->td_addr == td_addr);
180 }
181 
uhci_async_alloc(UHCIQueue * queue,uint32_t td_addr)182 static UHCIAsync *uhci_async_alloc(UHCIQueue *queue, uint32_t td_addr)
183 {
184     UHCIAsync *async = g_new0(UHCIAsync, 1);
185 
186     async->queue = queue;
187     async->td_addr = td_addr;
188     usb_packet_init(&async->packet);
189     trace_usb_uhci_packet_add(async->queue->token, async->td_addr);
190 
191     return async;
192 }
193 
uhci_async_free(UHCIAsync * async)194 static void uhci_async_free(UHCIAsync *async)
195 {
196     trace_usb_uhci_packet_del(async->queue->token, async->td_addr);
197     usb_packet_cleanup(&async->packet);
198     if (async->buf != async->static_buf) {
199         g_free(async->buf);
200     }
201     g_free(async);
202 }
203 
uhci_async_link(UHCIAsync * async)204 static void uhci_async_link(UHCIAsync *async)
205 {
206     UHCIQueue *queue = async->queue;
207     QTAILQ_INSERT_TAIL(&queue->asyncs, async, next);
208     trace_usb_uhci_packet_link_async(async->queue->token, async->td_addr);
209 }
210 
uhci_async_unlink(UHCIAsync * async)211 static void uhci_async_unlink(UHCIAsync *async)
212 {
213     UHCIQueue *queue = async->queue;
214     QTAILQ_REMOVE(&queue->asyncs, async, next);
215     trace_usb_uhci_packet_unlink_async(async->queue->token, async->td_addr);
216 }
217 
uhci_async_cancel(UHCIAsync * async)218 static void uhci_async_cancel(UHCIAsync *async)
219 {
220     uhci_async_unlink(async);
221     trace_usb_uhci_packet_cancel(async->queue->token, async->td_addr,
222                                  async->done);
223     if (!async->done) {
224         usb_cancel_packet(&async->packet);
225     }
226     uhci_async_free(async);
227 }
228 
229 /*
230  * Mark all outstanding async packets as invalid.
231  * This is used for canceling them when TDs are removed by the HCD.
232  */
uhci_async_validate_begin(UHCIState * s)233 static void uhci_async_validate_begin(UHCIState *s)
234 {
235     UHCIQueue *queue;
236 
237     QTAILQ_FOREACH(queue, &s->queues, next) {
238         queue->valid--;
239     }
240 }
241 
242 /*
243  * Cancel async packets that are no longer valid
244  */
uhci_async_validate_end(UHCIState * s)245 static void uhci_async_validate_end(UHCIState *s)
246 {
247     UHCIQueue *queue, *n;
248 
249     QTAILQ_FOREACH_SAFE(queue, &s->queues, next, n) {
250         if (!queue->valid) {
251             uhci_queue_free(queue, "validate-end");
252         }
253     }
254 }
255 
uhci_async_cancel_device(UHCIState * s,USBDevice * dev)256 static void uhci_async_cancel_device(UHCIState *s, USBDevice *dev)
257 {
258     UHCIQueue *queue, *n;
259 
260     QTAILQ_FOREACH_SAFE(queue, &s->queues, next, n) {
261         if (queue->ep->dev == dev) {
262             uhci_queue_free(queue, "cancel-device");
263         }
264     }
265 }
266 
uhci_async_cancel_all(UHCIState * s)267 static void uhci_async_cancel_all(UHCIState *s)
268 {
269     UHCIQueue *queue, *nq;
270 
271     QTAILQ_FOREACH_SAFE(queue, &s->queues, next, nq) {
272         uhci_queue_free(queue, "cancel-all");
273     }
274 }
275 
uhci_async_find_td(UHCIState * s,uint32_t td_addr)276 static UHCIAsync *uhci_async_find_td(UHCIState *s, uint32_t td_addr)
277 {
278     UHCIQueue *queue;
279     UHCIAsync *async;
280 
281     QTAILQ_FOREACH(queue, &s->queues, next) {
282         QTAILQ_FOREACH(async, &queue->asyncs, next) {
283             if (async->td_addr == td_addr) {
284                 return async;
285             }
286         }
287     }
288     return NULL;
289 }
290 
uhci_update_irq(UHCIState * s)291 static void uhci_update_irq(UHCIState *s)
292 {
293     int level = 0;
294     if (((s->status2 & 1) && (s->intr & (1 << 2))) ||
295         ((s->status2 & 2) && (s->intr & (1 << 3))) ||
296         ((s->status & UHCI_STS_USBERR) && (s->intr & (1 << 0))) ||
297         ((s->status & UHCI_STS_RD) && (s->intr & (1 << 1))) ||
298         (s->status & UHCI_STS_HSERR) ||
299         (s->status & UHCI_STS_HCPERR)) {
300         level = 1;
301     }
302     qemu_set_irq(s->irq, level);
303 }
304 
uhci_reset(DeviceState * dev)305 static void uhci_reset(DeviceState *dev)
306 {
307     PCIDevice *d = PCI_DEVICE(dev);
308     UHCIState *s = UHCI(d);
309     uint8_t *pci_conf;
310     int i;
311     UHCIPort *port;
312 
313     trace_usb_uhci_reset();
314 
315     pci_conf = s->dev.config;
316 
317     pci_conf[0x6a] = 0x01; /* usb clock */
318     pci_conf[0x6b] = 0x00;
319     s->cmd = 0;
320     s->status = UHCI_STS_HCHALTED;
321     s->status2 = 0;
322     s->intr = 0;
323     s->fl_base_addr = 0;
324     s->sof_timing = 64;
325 
326     for (i = 0; i < UHCI_PORTS; i++) {
327         port = &s->ports[i];
328         port->ctrl = 0x0080;
329         if (port->port.dev && port->port.dev->attached) {
330             usb_port_reset(&port->port);
331         }
332     }
333 
334     uhci_async_cancel_all(s);
335     qemu_bh_cancel(s->bh);
336     uhci_update_irq(s);
337 }
338 
339 static const VMStateDescription vmstate_uhci_port = {
340     .name = "uhci port",
341     .version_id = 1,
342     .minimum_version_id = 1,
343     .fields = (const VMStateField[]) {
344         VMSTATE_UINT16(ctrl, UHCIPort),
345         VMSTATE_END_OF_LIST()
346     }
347 };
348 
uhci_post_load(void * opaque,int version_id)349 static int uhci_post_load(void *opaque, int version_id)
350 {
351     UHCIState *s = opaque;
352 
353     if (version_id < 2) {
354         s->expire_time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
355             (NANOSECONDS_PER_SECOND / FRAME_TIMER_FREQ);
356     }
357     return 0;
358 }
359 
360 static const VMStateDescription vmstate_uhci = {
361     .name = "uhci",
362     .version_id = 3,
363     .minimum_version_id = 1,
364     .post_load = uhci_post_load,
365     .fields = (const VMStateField[]) {
366         VMSTATE_PCI_DEVICE(dev, UHCIState),
367         VMSTATE_UINT8_EQUAL(num_ports_vmstate, UHCIState, NULL),
368         VMSTATE_STRUCT_ARRAY(ports, UHCIState, UHCI_PORTS, 1,
369                              vmstate_uhci_port, UHCIPort),
370         VMSTATE_UINT16(cmd, UHCIState),
371         VMSTATE_UINT16(status, UHCIState),
372         VMSTATE_UINT16(intr, UHCIState),
373         VMSTATE_UINT16(frnum, UHCIState),
374         VMSTATE_UINT32(fl_base_addr, UHCIState),
375         VMSTATE_UINT8(sof_timing, UHCIState),
376         VMSTATE_UINT8(status2, UHCIState),
377         VMSTATE_TIMER_PTR(frame_timer, UHCIState),
378         VMSTATE_INT64_V(expire_time, UHCIState, 2),
379         VMSTATE_UINT32_V(pending_int_mask, UHCIState, 3),
380         VMSTATE_END_OF_LIST()
381     }
382 };
383 
uhci_port_write(void * opaque,hwaddr addr,uint64_t val,unsigned size)384 static void uhci_port_write(void *opaque, hwaddr addr,
385                             uint64_t val, unsigned size)
386 {
387     UHCIState *s = opaque;
388 
389     trace_usb_uhci_mmio_writew(addr, val);
390 
391     switch (addr) {
392     case UHCI_USBCMD:
393         if ((val & UHCI_CMD_RS) && !(s->cmd & UHCI_CMD_RS)) {
394             /* start frame processing */
395             trace_usb_uhci_schedule_start();
396             s->expire_time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
397                 (NANOSECONDS_PER_SECOND / FRAME_TIMER_FREQ);
398             timer_mod(s->frame_timer, s->expire_time);
399             s->status &= ~UHCI_STS_HCHALTED;
400         } else if (!(val & UHCI_CMD_RS)) {
401             s->status |= UHCI_STS_HCHALTED;
402         }
403         if (val & UHCI_CMD_GRESET) {
404             UHCIPort *port;
405             int i;
406 
407             /* send reset on the USB bus */
408             for (i = 0; i < UHCI_PORTS; i++) {
409                 port = &s->ports[i];
410                 usb_device_reset(port->port.dev);
411             }
412             uhci_reset(DEVICE(s));
413             return;
414         }
415         if (val & UHCI_CMD_HCRESET) {
416             uhci_reset(DEVICE(s));
417             return;
418         }
419         s->cmd = val;
420         if (val & UHCI_CMD_EGSM) {
421             if ((s->ports[0].ctrl & UHCI_PORT_RD) ||
422                 (s->ports[1].ctrl & UHCI_PORT_RD)) {
423                 uhci_resume(s);
424             }
425         }
426         break;
427     case UHCI_USBSTS:
428         s->status &= ~val;
429         /*
430          * XXX: the chip spec is not coherent, so we add a hidden
431          * register to distinguish between IOC and SPD
432          */
433         if (val & UHCI_STS_USBINT) {
434             s->status2 = 0;
435         }
436         uhci_update_irq(s);
437         break;
438     case UHCI_USBINTR:
439         s->intr = val;
440         uhci_update_irq(s);
441         break;
442     case UHCI_USBFRNUM:
443         if (s->status & UHCI_STS_HCHALTED) {
444             s->frnum = val & 0x7ff;
445         }
446         break;
447     case UHCI_USBFLBASEADD:
448         s->fl_base_addr &= 0xffff0000;
449         s->fl_base_addr |= val & ~0xfff;
450         break;
451     case UHCI_USBFLBASEADD + 2:
452         s->fl_base_addr &= 0x0000ffff;
453         s->fl_base_addr |= (val << 16);
454         break;
455     case UHCI_USBSOF:
456         s->sof_timing = val & 0xff;
457         break;
458     case UHCI_USBPORTSC1 ... UHCI_USBPORTSC4:
459         {
460             UHCIPort *port;
461             USBDevice *dev;
462             int n;
463 
464             n = (addr >> 1) & 7;
465             if (n >= UHCI_PORTS) {
466                 return;
467             }
468             port = &s->ports[n];
469             dev = port->port.dev;
470             if (dev && dev->attached) {
471                 /* port reset */
472                 if ((val & UHCI_PORT_RESET) &&
473                      !(port->ctrl & UHCI_PORT_RESET)) {
474                     usb_device_reset(dev);
475                 }
476             }
477             port->ctrl &= UHCI_PORT_READ_ONLY;
478             /* enabled may only be set if a device is connected */
479             if (!(port->ctrl & UHCI_PORT_CCS)) {
480                 val &= ~UHCI_PORT_EN;
481             }
482             port->ctrl |= (val & ~UHCI_PORT_READ_ONLY);
483             /* some bits are reset when a '1' is written to them */
484             port->ctrl &= ~(val & UHCI_PORT_WRITE_CLEAR);
485         }
486         break;
487     }
488 }
489 
uhci_port_read(void * opaque,hwaddr addr,unsigned size)490 static uint64_t uhci_port_read(void *opaque, hwaddr addr, unsigned size)
491 {
492     UHCIState *s = opaque;
493     uint32_t val;
494 
495     switch (addr) {
496     case UHCI_USBCMD:
497         val = s->cmd;
498         break;
499     case UHCI_USBSTS:
500         val = s->status;
501         break;
502     case UHCI_USBINTR:
503         val = s->intr;
504         break;
505     case UHCI_USBFRNUM:
506         val = s->frnum;
507         break;
508     case UHCI_USBFLBASEADD:
509         val = s->fl_base_addr & 0xffff;
510         break;
511     case UHCI_USBFLBASEADD + 2:
512         val = (s->fl_base_addr >> 16) & 0xffff;
513         break;
514     case UHCI_USBSOF:
515         val = s->sof_timing;
516         break;
517     case UHCI_USBPORTSC1 ... UHCI_USBPORTSC4:
518         {
519             UHCIPort *port;
520             int n;
521             n = (addr >> 1) & 7;
522             if (n >= UHCI_PORTS) {
523                 goto read_default;
524             }
525             port = &s->ports[n];
526             val = port->ctrl;
527         }
528         break;
529     default:
530     read_default:
531         val = 0xff7f; /* disabled port */
532         break;
533     }
534 
535     trace_usb_uhci_mmio_readw(addr, val);
536 
537     return val;
538 }
539 
540 /* signal resume if controller suspended */
uhci_resume(void * opaque)541 static void uhci_resume(void *opaque)
542 {
543     UHCIState *s = (UHCIState *)opaque;
544 
545     if (!s) {
546         return;
547     }
548 
549     if (s->cmd & UHCI_CMD_EGSM) {
550         s->cmd |= UHCI_CMD_FGR;
551         s->status |= UHCI_STS_RD;
552         uhci_update_irq(s);
553     }
554 }
555 
uhci_attach(USBPort * port1)556 static void uhci_attach(USBPort *port1)
557 {
558     UHCIState *s = port1->opaque;
559     UHCIPort *port = &s->ports[port1->index];
560 
561     /* set connect status */
562     port->ctrl |= UHCI_PORT_CCS | UHCI_PORT_CSC;
563 
564     /* update speed */
565     if (port->port.dev->speed == USB_SPEED_LOW) {
566         port->ctrl |= UHCI_PORT_LSDA;
567     } else {
568         port->ctrl &= ~UHCI_PORT_LSDA;
569     }
570 
571     uhci_resume(s);
572 }
573 
uhci_detach(USBPort * port1)574 static void uhci_detach(USBPort *port1)
575 {
576     UHCIState *s = port1->opaque;
577     UHCIPort *port = &s->ports[port1->index];
578 
579     uhci_async_cancel_device(s, port1->dev);
580 
581     /* set connect status */
582     if (port->ctrl & UHCI_PORT_CCS) {
583         port->ctrl &= ~UHCI_PORT_CCS;
584         port->ctrl |= UHCI_PORT_CSC;
585     }
586     /* disable port */
587     if (port->ctrl & UHCI_PORT_EN) {
588         port->ctrl &= ~UHCI_PORT_EN;
589         port->ctrl |= UHCI_PORT_ENC;
590     }
591 
592     uhci_resume(s);
593 }
594 
uhci_child_detach(USBPort * port1,USBDevice * child)595 static void uhci_child_detach(USBPort *port1, USBDevice *child)
596 {
597     UHCIState *s = port1->opaque;
598 
599     uhci_async_cancel_device(s, child);
600 }
601 
uhci_wakeup(USBPort * port1)602 static void uhci_wakeup(USBPort *port1)
603 {
604     UHCIState *s = port1->opaque;
605     UHCIPort *port = &s->ports[port1->index];
606 
607     if (port->ctrl & UHCI_PORT_SUSPEND && !(port->ctrl & UHCI_PORT_RD)) {
608         port->ctrl |= UHCI_PORT_RD;
609         uhci_resume(s);
610     }
611 }
612 
uhci_find_device(UHCIState * s,uint8_t addr)613 static USBDevice *uhci_find_device(UHCIState *s, uint8_t addr)
614 {
615     USBDevice *dev;
616     int i;
617 
618     for (i = 0; i < UHCI_PORTS; i++) {
619         UHCIPort *port = &s->ports[i];
620         if (!(port->ctrl & UHCI_PORT_EN)) {
621             continue;
622         }
623         dev = usb_find_device(&port->port, addr);
624         if (dev != NULL) {
625             return dev;
626         }
627     }
628     return NULL;
629 }
630 
uhci_read_td(UHCIState * s,UHCI_TD * td,uint32_t link)631 static void uhci_read_td(UHCIState *s, UHCI_TD *td, uint32_t link)
632 {
633     pci_dma_read(&s->dev, link & ~0xf, td, sizeof(*td));
634     le32_to_cpus(&td->link);
635     le32_to_cpus(&td->ctrl);
636     le32_to_cpus(&td->token);
637     le32_to_cpus(&td->buffer);
638 }
639 
uhci_handle_td_error(UHCIState * s,UHCI_TD * td,uint32_t td_addr,int status,uint32_t * int_mask)640 static int uhci_handle_td_error(UHCIState *s, UHCI_TD *td, uint32_t td_addr,
641                                 int status, uint32_t *int_mask)
642 {
643     uint32_t queue_token = uhci_queue_token(td);
644     int ret;
645 
646     switch (status) {
647     case USB_RET_NAK:
648         td->ctrl |= TD_CTRL_NAK;
649         return TD_RESULT_NEXT_QH;
650 
651     case USB_RET_STALL:
652         td->ctrl |= TD_CTRL_STALL;
653         trace_usb_uhci_packet_complete_stall(queue_token, td_addr);
654         ret = TD_RESULT_NEXT_QH;
655         break;
656 
657     case USB_RET_BABBLE:
658         td->ctrl |= TD_CTRL_BABBLE | TD_CTRL_STALL;
659         /* frame interrupted */
660         trace_usb_uhci_packet_complete_babble(queue_token, td_addr);
661         ret = TD_RESULT_STOP_FRAME;
662         break;
663 
664     case USB_RET_IOERROR:
665     case USB_RET_NODEV:
666     default:
667         td->ctrl |= TD_CTRL_TIMEOUT;
668         td->ctrl &= ~(3 << TD_CTRL_ERROR_SHIFT);
669         trace_usb_uhci_packet_complete_error(queue_token, td_addr);
670         ret = TD_RESULT_NEXT_QH;
671         break;
672     }
673 
674     td->ctrl &= ~TD_CTRL_ACTIVE;
675     s->status |= UHCI_STS_USBERR;
676     if (td->ctrl & TD_CTRL_IOC) {
677         *int_mask |= 0x01;
678     }
679     uhci_update_irq(s);
680     return ret;
681 }
682 
uhci_complete_td(UHCIState * s,UHCI_TD * td,UHCIAsync * async,uint32_t * int_mask)683 static int uhci_complete_td(UHCIState *s, UHCI_TD *td, UHCIAsync *async,
684                             uint32_t *int_mask)
685 {
686     int len = 0, max_len;
687     uint8_t pid;
688 
689     max_len = ((td->token >> 21) + 1) & 0x7ff;
690     pid = td->token & 0xff;
691 
692     if (td->ctrl & TD_CTRL_IOS) {
693         td->ctrl &= ~TD_CTRL_ACTIVE;
694     }
695 
696     if (async->packet.status != USB_RET_SUCCESS) {
697         return uhci_handle_td_error(s, td, async->td_addr,
698                                     async->packet.status, int_mask);
699     }
700 
701     len = async->packet.actual_length;
702     td->ctrl = (td->ctrl & ~0x7ff) | ((len - 1) & 0x7ff);
703 
704     /*
705      * The NAK bit may have been set by a previous frame, so clear it
706      * here.  The docs are somewhat unclear, but win2k relies on this
707      * behavior.
708      */
709     td->ctrl &= ~(TD_CTRL_ACTIVE | TD_CTRL_NAK);
710     if (td->ctrl & TD_CTRL_IOC) {
711         *int_mask |= 0x01;
712     }
713 
714     if (pid == USB_TOKEN_IN) {
715         pci_dma_write(&s->dev, td->buffer, async->buf, len);
716         if ((td->ctrl & TD_CTRL_SPD) && len < max_len) {
717             *int_mask |= 0x02;
718             /* short packet: do not update QH */
719             trace_usb_uhci_packet_complete_shortxfer(async->queue->token,
720                                                      async->td_addr);
721             return TD_RESULT_NEXT_QH;
722         }
723     }
724 
725     /* success */
726     trace_usb_uhci_packet_complete_success(async->queue->token,
727                                            async->td_addr);
728     return TD_RESULT_COMPLETE;
729 }
730 
uhci_handle_td(UHCIState * s,UHCIQueue * q,uint32_t qh_addr,UHCI_TD * td,uint32_t td_addr,uint32_t * int_mask)731 static int uhci_handle_td(UHCIState *s, UHCIQueue *q, uint32_t qh_addr,
732                           UHCI_TD *td, uint32_t td_addr, uint32_t *int_mask)
733 {
734     int ret, max_len;
735     bool spd;
736     bool queuing = (q != NULL);
737     uint8_t pid = td->token & 0xff;
738     uint8_t ep_id = (td->token >> 15) & 0xf;
739     UHCIAsync *async;
740 
741     async = uhci_async_find_td(s, td_addr);
742     if (async) {
743         if (uhci_queue_verify(async->queue, qh_addr, td, td_addr, queuing)) {
744             assert(q == NULL || q == async->queue);
745             q = async->queue;
746         } else {
747             uhci_queue_free(async->queue, "guest re-used pending td");
748             async = NULL;
749         }
750     }
751 
752     if (q == NULL) {
753         q = uhci_queue_find(s, td);
754         if (q && !uhci_queue_verify(q, qh_addr, td, td_addr, queuing)) {
755             uhci_queue_free(q, "guest re-used qh");
756             q = NULL;
757         }
758     }
759 
760     if (q) {
761         q->valid = QH_VALID;
762     }
763 
764     /* Is active ? */
765     if (!(td->ctrl & TD_CTRL_ACTIVE)) {
766         if (async) {
767             /* Guest marked a pending td non-active, cancel the queue */
768             uhci_queue_free(async->queue, "pending td non-active");
769         }
770         /*
771          * ehci11d spec page 22: "Even if the Active bit in the TD is already
772          * cleared when the TD is fetched ... an IOC interrupt is generated"
773          */
774         if (td->ctrl & TD_CTRL_IOC) {
775                 *int_mask |= 0x01;
776         }
777         return TD_RESULT_NEXT_QH;
778     }
779 
780     switch (pid) {
781     case USB_TOKEN_OUT:
782     case USB_TOKEN_IN:
783         break;
784     case USB_TOKEN_SETUP:
785         /* SETUP is only valid to endpoint 0 */
786         if (ep_id == 0) {
787             break;
788         }
789         /* fallthrough */
790     default:
791         /* invalid pid : frame interrupted */
792         s->status |= UHCI_STS_HCPERR;
793         s->cmd &= ~UHCI_CMD_RS;
794         uhci_update_irq(s);
795         return TD_RESULT_STOP_FRAME;
796     }
797 
798     if (async) {
799         if (queuing) {
800             /*
801              * we are busy filling the queue, we are not prepared
802              * to consume completed packages then, just leave them
803              * in async state
804              */
805             return TD_RESULT_ASYNC_CONT;
806         }
807         if (!async->done) {
808             UHCI_TD last_td;
809             UHCIAsync *last = QTAILQ_LAST(&async->queue->asyncs);
810             /*
811              * While we are waiting for the current td to complete, the guest
812              * may have added more tds to the queue. Note we re-read the td
813              * rather then caching it, as we want to see guest made changes!
814              */
815             uhci_read_td(s, &last_td, last->td_addr);
816             uhci_queue_fill(async->queue, &last_td);
817 
818             return TD_RESULT_ASYNC_CONT;
819         }
820         uhci_async_unlink(async);
821         goto done;
822     }
823 
824     if (s->completions_only) {
825         return TD_RESULT_ASYNC_CONT;
826     }
827 
828     /* Allocate new packet */
829     if (q == NULL) {
830         USBDevice *dev;
831         USBEndpoint *ep;
832 
833         dev = uhci_find_device(s, (td->token >> 8) & 0x7f);
834         if (dev == NULL) {
835             return uhci_handle_td_error(s, td, td_addr, USB_RET_NODEV,
836                                         int_mask);
837         }
838         ep = usb_ep_get(dev, pid, ep_id);
839         q = uhci_queue_new(s, qh_addr, td, ep);
840     }
841     async = uhci_async_alloc(q, td_addr);
842 
843     max_len = ((td->token >> 21) + 1) & 0x7ff;
844     spd = (pid == USB_TOKEN_IN && (td->ctrl & TD_CTRL_SPD) != 0);
845     usb_packet_setup(&async->packet, pid, q->ep, 0, td_addr, spd,
846                      (td->ctrl & TD_CTRL_IOC) != 0);
847     if (max_len <= sizeof(async->static_buf)) {
848         async->buf = async->static_buf;
849     } else {
850         async->buf = g_malloc(max_len);
851     }
852     usb_packet_addbuf(&async->packet, async->buf, max_len);
853 
854     switch (pid) {
855     case USB_TOKEN_OUT:
856     case USB_TOKEN_SETUP:
857         pci_dma_read(&s->dev, td->buffer, async->buf, max_len);
858         usb_handle_packet(q->ep->dev, &async->packet);
859         if (async->packet.status == USB_RET_SUCCESS) {
860             async->packet.actual_length = max_len;
861         }
862         break;
863 
864     case USB_TOKEN_IN:
865         usb_handle_packet(q->ep->dev, &async->packet);
866         break;
867 
868     default:
869         abort(); /* Never to execute */
870     }
871 
872     if (async->packet.status == USB_RET_ASYNC) {
873         uhci_async_link(async);
874         if (!queuing) {
875             uhci_queue_fill(q, td);
876         }
877         return TD_RESULT_ASYNC_START;
878     }
879 
880 done:
881     ret = uhci_complete_td(s, td, async, int_mask);
882     uhci_async_free(async);
883     return ret;
884 }
885 
uhci_async_complete(USBPort * port,USBPacket * packet)886 static void uhci_async_complete(USBPort *port, USBPacket *packet)
887 {
888     UHCIAsync *async = container_of(packet, UHCIAsync, packet);
889     UHCIState *s = async->queue->uhci;
890 
891     if (packet->status == USB_RET_REMOVE_FROM_QUEUE) {
892         uhci_async_cancel(async);
893         return;
894     }
895 
896     async->done = 1;
897     /* Force processing of this packet *now*, needed for migration */
898     s->completions_only = true;
899     qemu_bh_schedule(s->bh);
900 }
901 
is_valid(uint32_t link)902 static int is_valid(uint32_t link)
903 {
904     return (link & 1) == 0;
905 }
906 
is_qh(uint32_t link)907 static int is_qh(uint32_t link)
908 {
909     return (link & 2) != 0;
910 }
911 
depth_first(uint32_t link)912 static int depth_first(uint32_t link)
913 {
914     return (link & 4) != 0;
915 }
916 
917 /* QH DB used for detecting QH loops */
918 #define UHCI_MAX_QUEUES 128
919 typedef struct {
920     uint32_t addr[UHCI_MAX_QUEUES];
921     int      count;
922 } QhDb;
923 
qhdb_reset(QhDb * db)924 static void qhdb_reset(QhDb *db)
925 {
926     db->count = 0;
927 }
928 
929 /* Add QH to DB. Returns 1 if already present or DB is full. */
qhdb_insert(QhDb * db,uint32_t addr)930 static int qhdb_insert(QhDb *db, uint32_t addr)
931 {
932     int i;
933     for (i = 0; i < db->count; i++) {
934         if (db->addr[i] == addr) {
935             return 1;
936         }
937     }
938 
939     if (db->count >= UHCI_MAX_QUEUES) {
940         return 1;
941     }
942 
943     db->addr[db->count++] = addr;
944     return 0;
945 }
946 
uhci_queue_fill(UHCIQueue * q,UHCI_TD * td)947 static void uhci_queue_fill(UHCIQueue *q, UHCI_TD *td)
948 {
949     uint32_t int_mask = 0;
950     uint32_t plink = td->link;
951     UHCI_TD ptd;
952     int ret;
953 
954     while (is_valid(plink)) {
955         uhci_read_td(q->uhci, &ptd, plink);
956         if (!(ptd.ctrl & TD_CTRL_ACTIVE)) {
957             break;
958         }
959         if (uhci_queue_token(&ptd) != q->token) {
960             break;
961         }
962         trace_usb_uhci_td_queue(plink & ~0xf, ptd.ctrl, ptd.token);
963         ret = uhci_handle_td(q->uhci, q, q->qh_addr, &ptd, plink, &int_mask);
964         if (ret == TD_RESULT_ASYNC_CONT) {
965             break;
966         }
967         assert(ret == TD_RESULT_ASYNC_START);
968         assert(int_mask == 0);
969         plink = ptd.link;
970     }
971     usb_device_flush_ep_queue(q->ep->dev, q->ep);
972 }
973 
uhci_process_frame(UHCIState * s)974 static void uhci_process_frame(UHCIState *s)
975 {
976     uint32_t frame_addr, link, old_td_ctrl, val, int_mask;
977     uint32_t curr_qh, td_count = 0;
978     int cnt, ret;
979     UHCI_TD td;
980     UHCI_QH qh;
981     QhDb qhdb;
982 
983     frame_addr = s->fl_base_addr + ((s->frnum & 0x3ff) << 2);
984 
985     pci_dma_read(&s->dev, frame_addr, &link, 4);
986     le32_to_cpus(&link);
987 
988     int_mask = 0;
989     curr_qh  = 0;
990 
991     qhdb_reset(&qhdb);
992 
993     for (cnt = FRAME_MAX_LOOPS; is_valid(link) && cnt; cnt--) {
994         if (!s->completions_only && s->frame_bytes >= s->frame_bandwidth) {
995             /*
996              * We've reached the usb 1.1 bandwidth, which is
997              * 1280 bytes/frame, stop processing
998              */
999             trace_usb_uhci_frame_stop_bandwidth();
1000             break;
1001         }
1002         if (is_qh(link)) {
1003             /* QH */
1004             trace_usb_uhci_qh_load(link & ~0xf);
1005 
1006             if (qhdb_insert(&qhdb, link)) {
1007                 /*
1008                  * We're going in circles. Which is not a bug because
1009                  * HCD is allowed to do that as part of the BW management.
1010                  *
1011                  * Stop processing here if no transaction has been done
1012                  * since we've been here last time.
1013                  */
1014                 if (td_count == 0) {
1015                     trace_usb_uhci_frame_loop_stop_idle();
1016                     break;
1017                 } else {
1018                     trace_usb_uhci_frame_loop_continue();
1019                     td_count = 0;
1020                     qhdb_reset(&qhdb);
1021                     qhdb_insert(&qhdb, link);
1022                 }
1023             }
1024 
1025             pci_dma_read(&s->dev, link & ~0xf, &qh, sizeof(qh));
1026             le32_to_cpus(&qh.link);
1027             le32_to_cpus(&qh.el_link);
1028 
1029             if (!is_valid(qh.el_link)) {
1030                 /* QH w/o elements */
1031                 curr_qh = 0;
1032                 link = qh.link;
1033             } else {
1034                 /* QH with elements */
1035                 curr_qh = link;
1036                 link = qh.el_link;
1037             }
1038             continue;
1039         }
1040 
1041         /* TD */
1042         uhci_read_td(s, &td, link);
1043         trace_usb_uhci_td_load(curr_qh & ~0xf, link & ~0xf, td.ctrl, td.token);
1044 
1045         old_td_ctrl = td.ctrl;
1046         ret = uhci_handle_td(s, NULL, curr_qh, &td, link, &int_mask);
1047         if (old_td_ctrl != td.ctrl) {
1048             /* update the status bits of the TD */
1049             val = cpu_to_le32(td.ctrl);
1050             pci_dma_write(&s->dev, (link & ~0xf) + 4, &val, sizeof(val));
1051         }
1052 
1053         switch (ret) {
1054         case TD_RESULT_STOP_FRAME: /* interrupted frame */
1055             goto out;
1056 
1057         case TD_RESULT_NEXT_QH:
1058         case TD_RESULT_ASYNC_CONT:
1059             trace_usb_uhci_td_nextqh(curr_qh & ~0xf, link & ~0xf);
1060             link = curr_qh ? qh.link : td.link;
1061             continue;
1062 
1063         case TD_RESULT_ASYNC_START:
1064             trace_usb_uhci_td_async(curr_qh & ~0xf, link & ~0xf);
1065             link = curr_qh ? qh.link : td.link;
1066             continue;
1067 
1068         case TD_RESULT_COMPLETE:
1069             trace_usb_uhci_td_complete(curr_qh & ~0xf, link & ~0xf);
1070             link = td.link;
1071             td_count++;
1072             s->frame_bytes += (td.ctrl & 0x7ff) + 1;
1073 
1074             if (curr_qh) {
1075                 /* update QH element link */
1076                 qh.el_link = link;
1077                 val = cpu_to_le32(qh.el_link);
1078                 pci_dma_write(&s->dev, (curr_qh & ~0xf) + 4, &val, sizeof(val));
1079 
1080                 if (!depth_first(link)) {
1081                     /* done with this QH */
1082                     curr_qh = 0;
1083                     link    = qh.link;
1084                 }
1085             }
1086             break;
1087 
1088         default:
1089             assert(!"unknown return code");
1090         }
1091 
1092         /* go to the next entry */
1093     }
1094 
1095 out:
1096     s->pending_int_mask |= int_mask;
1097 }
1098 
uhci_bh(void * opaque)1099 static void uhci_bh(void *opaque)
1100 {
1101     UHCIState *s = opaque;
1102     uhci_process_frame(s);
1103 }
1104 
uhci_frame_timer(void * opaque)1105 static void uhci_frame_timer(void *opaque)
1106 {
1107     UHCIState *s = opaque;
1108     uint64_t t_now, t_last_run;
1109     int i, frames;
1110     const uint64_t frame_t = NANOSECONDS_PER_SECOND / FRAME_TIMER_FREQ;
1111 
1112     s->completions_only = false;
1113     qemu_bh_cancel(s->bh);
1114 
1115     if (!(s->cmd & UHCI_CMD_RS)) {
1116         /* Full stop */
1117         trace_usb_uhci_schedule_stop();
1118         timer_del(s->frame_timer);
1119         uhci_async_cancel_all(s);
1120         /* set hchalted bit in status - UHCI11D 2.1.2 */
1121         s->status |= UHCI_STS_HCHALTED;
1122         return;
1123     }
1124 
1125     /* We still store expire_time in our state, for migration */
1126     t_last_run = s->expire_time - frame_t;
1127     t_now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
1128 
1129     /* Process up to MAX_FRAMES_PER_TICK frames */
1130     frames = (t_now - t_last_run) / frame_t;
1131     if (frames > s->maxframes) {
1132         int skipped = frames - s->maxframes;
1133         s->expire_time += skipped * frame_t;
1134         s->frnum = (s->frnum + skipped) & 0x7ff;
1135         frames -= skipped;
1136     }
1137     if (frames > MAX_FRAMES_PER_TICK) {
1138         frames = MAX_FRAMES_PER_TICK;
1139     }
1140 
1141     for (i = 0; i < frames; i++) {
1142         s->frame_bytes = 0;
1143         trace_usb_uhci_frame_start(s->frnum);
1144         uhci_async_validate_begin(s);
1145         uhci_process_frame(s);
1146         uhci_async_validate_end(s);
1147         /*
1148          * The spec says frnum is the frame currently being processed, and
1149          * the guest must look at frnum - 1 on interrupt, so inc frnum now
1150          */
1151         s->frnum = (s->frnum + 1) & 0x7ff;
1152         s->expire_time += frame_t;
1153     }
1154 
1155     /* Complete the previous frame(s) */
1156     if (s->pending_int_mask) {
1157         s->status2 |= s->pending_int_mask;
1158         s->status  |= UHCI_STS_USBINT;
1159         uhci_update_irq(s);
1160     }
1161     s->pending_int_mask = 0;
1162 
1163     timer_mod(s->frame_timer, t_now + frame_t);
1164 }
1165 
1166 static const MemoryRegionOps uhci_ioport_ops = {
1167     .read  = uhci_port_read,
1168     .write = uhci_port_write,
1169     .valid.min_access_size = 1,
1170     .valid.max_access_size = 4,
1171     .impl.min_access_size = 2,
1172     .impl.max_access_size = 2,
1173     .endianness = DEVICE_LITTLE_ENDIAN,
1174 };
1175 
1176 static USBPortOps uhci_port_ops = {
1177     .attach = uhci_attach,
1178     .detach = uhci_detach,
1179     .child_detach = uhci_child_detach,
1180     .wakeup = uhci_wakeup,
1181     .complete = uhci_async_complete,
1182 };
1183 
1184 static USBBusOps uhci_bus_ops = {
1185 };
1186 
usb_uhci_common_realize(PCIDevice * dev,Error ** errp)1187 void usb_uhci_common_realize(PCIDevice *dev, Error **errp)
1188 {
1189     Error *err = NULL;
1190     UHCIPCIDeviceClass *u = UHCI_GET_CLASS(dev);
1191     UHCIState *s = UHCI(dev);
1192     uint8_t *pci_conf = s->dev.config;
1193     int i;
1194 
1195     pci_conf[PCI_CLASS_PROG] = 0x00;
1196     /* TODO: reset value should be 0. */
1197     pci_conf[USB_SBRN] = USB_RELEASE_1; /* release number */
1198     pci_config_set_interrupt_pin(pci_conf, u->info.irq_pin + 1);
1199     s->irq = pci_allocate_irq(dev);
1200 
1201     if (s->masterbus) {
1202         USBPort *ports[UHCI_PORTS];
1203         for (i = 0; i < UHCI_PORTS; i++) {
1204             ports[i] = &s->ports[i].port;
1205         }
1206         usb_register_companion(s->masterbus, ports, UHCI_PORTS,
1207                                s->firstport, s, &uhci_port_ops,
1208                                USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL,
1209                                &err);
1210         if (err) {
1211             error_propagate(errp, err);
1212             return;
1213         }
1214     } else {
1215         usb_bus_new(&s->bus, sizeof(s->bus), &uhci_bus_ops, DEVICE(dev));
1216         for (i = 0; i < UHCI_PORTS; i++) {
1217             usb_register_port(&s->bus, &s->ports[i].port, s, i, &uhci_port_ops,
1218                               USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL);
1219         }
1220     }
1221     s->bh = qemu_bh_new_guarded(uhci_bh, s, &DEVICE(dev)->mem_reentrancy_guard);
1222     s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, uhci_frame_timer, s);
1223     s->num_ports_vmstate = UHCI_PORTS;
1224     QTAILQ_INIT(&s->queues);
1225 
1226     memory_region_init_io(&s->io_bar, OBJECT(s), &uhci_ioport_ops, s,
1227                           "uhci", 0x20);
1228 
1229     /*
1230      * Use region 4 for consistency with real hardware.  BSD guests seem
1231      * to rely on this.
1232      */
1233     pci_register_bar(&s->dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
1234 }
1235 
usb_uhci_exit(PCIDevice * dev)1236 static void usb_uhci_exit(PCIDevice *dev)
1237 {
1238     UHCIState *s = UHCI(dev);
1239 
1240     trace_usb_uhci_exit();
1241 
1242     if (s->frame_timer) {
1243         timer_free(s->frame_timer);
1244         s->frame_timer = NULL;
1245     }
1246 
1247     if (s->bh) {
1248         qemu_bh_delete(s->bh);
1249     }
1250 
1251     uhci_async_cancel_all(s);
1252 
1253     if (!s->masterbus) {
1254         usb_bus_release(&s->bus);
1255     }
1256 }
1257 
1258 static const Property uhci_properties_companion[] = {
1259     DEFINE_PROP_STRING("masterbus", UHCIState, masterbus),
1260     DEFINE_PROP_UINT32("firstport", UHCIState, firstport, 0),
1261     DEFINE_PROP_UINT32("bandwidth", UHCIState, frame_bandwidth, 1280),
1262     DEFINE_PROP_UINT32("maxframes", UHCIState, maxframes, 128),
1263 };
1264 static const Property uhci_properties_standalone[] = {
1265     DEFINE_PROP_UINT32("bandwidth", UHCIState, frame_bandwidth, 1280),
1266     DEFINE_PROP_UINT32("maxframes", UHCIState, maxframes, 128),
1267 };
1268 
uhci_class_init(ObjectClass * klass,const void * data)1269 static void uhci_class_init(ObjectClass *klass, const void *data)
1270 {
1271     DeviceClass *dc = DEVICE_CLASS(klass);
1272     PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1273 
1274     k->class_id  = PCI_CLASS_SERIAL_USB;
1275     dc->vmsd = &vmstate_uhci;
1276     device_class_set_legacy_reset(dc, uhci_reset);
1277     set_bit(DEVICE_CATEGORY_USB, dc->categories);
1278 }
1279 
1280 static const TypeInfo uhci_pci_type_info = {
1281     .name = TYPE_UHCI,
1282     .parent = TYPE_PCI_DEVICE,
1283     .instance_size = sizeof(UHCIState),
1284     .class_size    = sizeof(UHCIPCIDeviceClass),
1285     .abstract = true,
1286     .class_init = uhci_class_init,
1287     .interfaces = (const InterfaceInfo[]) {
1288         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
1289         { },
1290     },
1291 };
1292 
uhci_data_class_init(ObjectClass * klass,const void * data)1293 void uhci_data_class_init(ObjectClass *klass, const void *data)
1294 {
1295     PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1296     DeviceClass *dc = DEVICE_CLASS(klass);
1297     UHCIPCIDeviceClass *u = UHCI_CLASS(klass);
1298     const UHCIInfo *info = data;
1299 
1300     k->realize = info->realize ? info->realize : usb_uhci_common_realize;
1301     k->exit = info->unplug ? usb_uhci_exit : NULL;
1302     k->vendor_id = info->vendor_id;
1303     k->device_id = info->device_id;
1304     k->revision  = info->revision;
1305     if (!info->unplug) {
1306         /* uhci controllers in companion setups can't be hotplugged */
1307         dc->hotpluggable = false;
1308         device_class_set_props(dc, uhci_properties_companion);
1309     } else {
1310         device_class_set_props(dc, uhci_properties_standalone);
1311     }
1312     if (info->notuser) {
1313         dc->user_creatable = false;
1314     }
1315     u->info = *info;
1316 }
1317 
1318 static UHCIInfo uhci_info[] = {
1319     {
1320         .name      = TYPE_PIIX3_USB_UHCI,
1321         .vendor_id = PCI_VENDOR_ID_INTEL,
1322         .device_id = PCI_DEVICE_ID_INTEL_82371SB_2,
1323         .revision  = 0x01,
1324         .irq_pin   = 3,
1325         .unplug    = true,
1326     },{
1327         .name      = TYPE_PIIX4_USB_UHCI,
1328         .vendor_id = PCI_VENDOR_ID_INTEL,
1329         .device_id = PCI_DEVICE_ID_INTEL_82371AB_2,
1330         .revision  = 0x01,
1331         .irq_pin   = 3,
1332         .unplug    = true,
1333     },{
1334         .name      = TYPE_ICH9_USB_UHCI(1), /* 00:1d.0 */
1335         .vendor_id = PCI_VENDOR_ID_INTEL,
1336         .device_id = PCI_DEVICE_ID_INTEL_82801I_UHCI1,
1337         .revision  = 0x03,
1338         .irq_pin   = 0,
1339         .unplug    = false,
1340     },{
1341         .name      = TYPE_ICH9_USB_UHCI(2), /* 00:1d.1 */
1342         .vendor_id = PCI_VENDOR_ID_INTEL,
1343         .device_id = PCI_DEVICE_ID_INTEL_82801I_UHCI2,
1344         .revision  = 0x03,
1345         .irq_pin   = 1,
1346         .unplug    = false,
1347     },{
1348         .name      = TYPE_ICH9_USB_UHCI(3), /* 00:1d.2 */
1349         .vendor_id = PCI_VENDOR_ID_INTEL,
1350         .device_id = PCI_DEVICE_ID_INTEL_82801I_UHCI3,
1351         .revision  = 0x03,
1352         .irq_pin   = 2,
1353         .unplug    = false,
1354     },{
1355         .name      = TYPE_ICH9_USB_UHCI(4), /* 00:1a.0 */
1356         .vendor_id = PCI_VENDOR_ID_INTEL,
1357         .device_id = PCI_DEVICE_ID_INTEL_82801I_UHCI4,
1358         .revision  = 0x03,
1359         .irq_pin   = 0,
1360         .unplug    = false,
1361     },{
1362         .name      = TYPE_ICH9_USB_UHCI(5), /* 00:1a.1 */
1363         .vendor_id = PCI_VENDOR_ID_INTEL,
1364         .device_id = PCI_DEVICE_ID_INTEL_82801I_UHCI5,
1365         .revision  = 0x03,
1366         .irq_pin   = 1,
1367         .unplug    = false,
1368     },{
1369         .name      = TYPE_ICH9_USB_UHCI(6), /* 00:1a.2 */
1370         .vendor_id = PCI_VENDOR_ID_INTEL,
1371         .device_id = PCI_DEVICE_ID_INTEL_82801I_UHCI6,
1372         .revision  = 0x03,
1373         .irq_pin   = 2,
1374         .unplug    = false,
1375     }
1376 };
1377 
uhci_register_types(void)1378 static void uhci_register_types(void)
1379 {
1380     TypeInfo uhci_type_info = {
1381         .parent        = TYPE_UHCI,
1382         .class_init    = uhci_data_class_init,
1383     };
1384     int i;
1385 
1386     type_register_static(&uhci_pci_type_info);
1387 
1388     for (i = 0; i < ARRAY_SIZE(uhci_info); i++) {
1389         uhci_type_info.name = uhci_info[i].name;
1390         uhci_type_info.class_data = uhci_info + i;
1391         type_register_static(&uhci_type_info);
1392     }
1393 }
1394 
1395 type_init(uhci_register_types)
1396