1 /* 2 * USB xHCI controller emulation 3 * 4 * Copyright (c) 2011 Securiforest 5 * Date: 2011-05-11 ; Author: Hector Martin <hector@marcansoft.com> 6 * Based on usb-ohci.c, emulates Renesas NEC USB 3.0 7 * 8 * This library is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU Lesser General Public 10 * License as published by the Free Software Foundation; either 11 * version 2 of the License, or (at your option) any later version. 12 * 13 * This library is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * Lesser General Public License for more details. 17 * 18 * You should have received a copy of the GNU Lesser General Public 19 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 20 */ 21 #include "qemu/osdep.h" 22 #include "hw/hw.h" 23 #include "qemu/timer.h" 24 #include "qemu/queue.h" 25 #include "hw/usb.h" 26 #include "hw/pci/pci.h" 27 #include "hw/pci/msi.h" 28 #include "hw/pci/msix.h" 29 #include "trace.h" 30 #include "qapi/error.h" 31 32 //#define DEBUG_XHCI 33 //#define DEBUG_DATA 34 35 #ifdef DEBUG_XHCI 36 #define DPRINTF(...) fprintf(stderr, __VA_ARGS__) 37 #else 38 #define DPRINTF(...) do {} while (0) 39 #endif 40 #define FIXME(_msg) do { fprintf(stderr, "FIXME %s:%d %s\n", \ 41 __func__, __LINE__, _msg); abort(); } while (0) 42 43 #define MAXPORTS_2 15 44 #define MAXPORTS_3 15 45 46 #define MAXPORTS (MAXPORTS_2+MAXPORTS_3) 47 #define MAXSLOTS 64 48 #define MAXINTRS 16 49 50 /* Very pessimistic, let's hope it's enough for all cases */ 51 #define EV_QUEUE (((3 * 24) + 16) * MAXSLOTS) 52 /* Do not deliver ER Full events. NEC's driver does some things not bound 53 * to the specs when it gets them */ 54 #define ER_FULL_HACK 55 56 #define TRB_LINK_LIMIT 4 57 58 #define LEN_CAP 0x40 59 #define LEN_OPER (0x400 + 0x10 * MAXPORTS) 60 #define LEN_RUNTIME ((MAXINTRS + 1) * 0x20) 61 #define LEN_DOORBELL ((MAXSLOTS + 1) * 0x20) 62 63 #define OFF_OPER LEN_CAP 64 #define OFF_RUNTIME 0x1000 65 #define OFF_DOORBELL 0x2000 66 #define OFF_MSIX_TABLE 0x3000 67 #define OFF_MSIX_PBA 0x3800 68 /* must be power of 2 */ 69 #define LEN_REGS 0x4000 70 71 #if (OFF_OPER + LEN_OPER) > OFF_RUNTIME 72 #error Increase OFF_RUNTIME 73 #endif 74 #if (OFF_RUNTIME + LEN_RUNTIME) > OFF_DOORBELL 75 #error Increase OFF_DOORBELL 76 #endif 77 #if (OFF_DOORBELL + LEN_DOORBELL) > LEN_REGS 78 # error Increase LEN_REGS 79 #endif 80 81 /* bit definitions */ 82 #define USBCMD_RS (1<<0) 83 #define USBCMD_HCRST (1<<1) 84 #define USBCMD_INTE (1<<2) 85 #define USBCMD_HSEE (1<<3) 86 #define USBCMD_LHCRST (1<<7) 87 #define USBCMD_CSS (1<<8) 88 #define USBCMD_CRS (1<<9) 89 #define USBCMD_EWE (1<<10) 90 #define USBCMD_EU3S (1<<11) 91 92 #define USBSTS_HCH (1<<0) 93 #define USBSTS_HSE (1<<2) 94 #define USBSTS_EINT (1<<3) 95 #define USBSTS_PCD (1<<4) 96 #define USBSTS_SSS (1<<8) 97 #define USBSTS_RSS (1<<9) 98 #define USBSTS_SRE (1<<10) 99 #define USBSTS_CNR (1<<11) 100 #define USBSTS_HCE (1<<12) 101 102 103 #define PORTSC_CCS (1<<0) 104 #define PORTSC_PED (1<<1) 105 #define PORTSC_OCA (1<<3) 106 #define PORTSC_PR (1<<4) 107 #define PORTSC_PLS_SHIFT 5 108 #define PORTSC_PLS_MASK 0xf 109 #define PORTSC_PP (1<<9) 110 #define PORTSC_SPEED_SHIFT 10 111 #define PORTSC_SPEED_MASK 0xf 112 #define PORTSC_SPEED_FULL (1<<10) 113 #define PORTSC_SPEED_LOW (2<<10) 114 #define PORTSC_SPEED_HIGH (3<<10) 115 #define PORTSC_SPEED_SUPER (4<<10) 116 #define PORTSC_PIC_SHIFT 14 117 #define PORTSC_PIC_MASK 0x3 118 #define PORTSC_LWS (1<<16) 119 #define PORTSC_CSC (1<<17) 120 #define PORTSC_PEC (1<<18) 121 #define PORTSC_WRC (1<<19) 122 #define PORTSC_OCC (1<<20) 123 #define PORTSC_PRC (1<<21) 124 #define PORTSC_PLC (1<<22) 125 #define PORTSC_CEC (1<<23) 126 #define PORTSC_CAS (1<<24) 127 #define PORTSC_WCE (1<<25) 128 #define PORTSC_WDE (1<<26) 129 #define PORTSC_WOE (1<<27) 130 #define PORTSC_DR (1<<30) 131 #define PORTSC_WPR (1<<31) 132 133 #define CRCR_RCS (1<<0) 134 #define CRCR_CS (1<<1) 135 #define CRCR_CA (1<<2) 136 #define CRCR_CRR (1<<3) 137 138 #define IMAN_IP (1<<0) 139 #define IMAN_IE (1<<1) 140 141 #define ERDP_EHB (1<<3) 142 143 #define TRB_SIZE 16 144 typedef struct XHCITRB { 145 uint64_t parameter; 146 uint32_t status; 147 uint32_t control; 148 dma_addr_t addr; 149 bool ccs; 150 } XHCITRB; 151 152 enum { 153 PLS_U0 = 0, 154 PLS_U1 = 1, 155 PLS_U2 = 2, 156 PLS_U3 = 3, 157 PLS_DISABLED = 4, 158 PLS_RX_DETECT = 5, 159 PLS_INACTIVE = 6, 160 PLS_POLLING = 7, 161 PLS_RECOVERY = 8, 162 PLS_HOT_RESET = 9, 163 PLS_COMPILANCE_MODE = 10, 164 PLS_TEST_MODE = 11, 165 PLS_RESUME = 15, 166 }; 167 168 typedef enum TRBType { 169 TRB_RESERVED = 0, 170 TR_NORMAL, 171 TR_SETUP, 172 TR_DATA, 173 TR_STATUS, 174 TR_ISOCH, 175 TR_LINK, 176 TR_EVDATA, 177 TR_NOOP, 178 CR_ENABLE_SLOT, 179 CR_DISABLE_SLOT, 180 CR_ADDRESS_DEVICE, 181 CR_CONFIGURE_ENDPOINT, 182 CR_EVALUATE_CONTEXT, 183 CR_RESET_ENDPOINT, 184 CR_STOP_ENDPOINT, 185 CR_SET_TR_DEQUEUE, 186 CR_RESET_DEVICE, 187 CR_FORCE_EVENT, 188 CR_NEGOTIATE_BW, 189 CR_SET_LATENCY_TOLERANCE, 190 CR_GET_PORT_BANDWIDTH, 191 CR_FORCE_HEADER, 192 CR_NOOP, 193 ER_TRANSFER = 32, 194 ER_COMMAND_COMPLETE, 195 ER_PORT_STATUS_CHANGE, 196 ER_BANDWIDTH_REQUEST, 197 ER_DOORBELL, 198 ER_HOST_CONTROLLER, 199 ER_DEVICE_NOTIFICATION, 200 ER_MFINDEX_WRAP, 201 /* vendor specific bits */ 202 CR_VENDOR_VIA_CHALLENGE_RESPONSE = 48, 203 CR_VENDOR_NEC_FIRMWARE_REVISION = 49, 204 CR_VENDOR_NEC_CHALLENGE_RESPONSE = 50, 205 } TRBType; 206 207 #define CR_LINK TR_LINK 208 209 typedef enum TRBCCode { 210 CC_INVALID = 0, 211 CC_SUCCESS, 212 CC_DATA_BUFFER_ERROR, 213 CC_BABBLE_DETECTED, 214 CC_USB_TRANSACTION_ERROR, 215 CC_TRB_ERROR, 216 CC_STALL_ERROR, 217 CC_RESOURCE_ERROR, 218 CC_BANDWIDTH_ERROR, 219 CC_NO_SLOTS_ERROR, 220 CC_INVALID_STREAM_TYPE_ERROR, 221 CC_SLOT_NOT_ENABLED_ERROR, 222 CC_EP_NOT_ENABLED_ERROR, 223 CC_SHORT_PACKET, 224 CC_RING_UNDERRUN, 225 CC_RING_OVERRUN, 226 CC_VF_ER_FULL, 227 CC_PARAMETER_ERROR, 228 CC_BANDWIDTH_OVERRUN, 229 CC_CONTEXT_STATE_ERROR, 230 CC_NO_PING_RESPONSE_ERROR, 231 CC_EVENT_RING_FULL_ERROR, 232 CC_INCOMPATIBLE_DEVICE_ERROR, 233 CC_MISSED_SERVICE_ERROR, 234 CC_COMMAND_RING_STOPPED, 235 CC_COMMAND_ABORTED, 236 CC_STOPPED, 237 CC_STOPPED_LENGTH_INVALID, 238 CC_MAX_EXIT_LATENCY_TOO_LARGE_ERROR = 29, 239 CC_ISOCH_BUFFER_OVERRUN = 31, 240 CC_EVENT_LOST_ERROR, 241 CC_UNDEFINED_ERROR, 242 CC_INVALID_STREAM_ID_ERROR, 243 CC_SECONDARY_BANDWIDTH_ERROR, 244 CC_SPLIT_TRANSACTION_ERROR 245 } TRBCCode; 246 247 #define TRB_C (1<<0) 248 #define TRB_TYPE_SHIFT 10 249 #define TRB_TYPE_MASK 0x3f 250 #define TRB_TYPE(t) (((t).control >> TRB_TYPE_SHIFT) & TRB_TYPE_MASK) 251 252 #define TRB_EV_ED (1<<2) 253 254 #define TRB_TR_ENT (1<<1) 255 #define TRB_TR_ISP (1<<2) 256 #define TRB_TR_NS (1<<3) 257 #define TRB_TR_CH (1<<4) 258 #define TRB_TR_IOC (1<<5) 259 #define TRB_TR_IDT (1<<6) 260 #define TRB_TR_TBC_SHIFT 7 261 #define TRB_TR_TBC_MASK 0x3 262 #define TRB_TR_BEI (1<<9) 263 #define TRB_TR_TLBPC_SHIFT 16 264 #define TRB_TR_TLBPC_MASK 0xf 265 #define TRB_TR_FRAMEID_SHIFT 20 266 #define TRB_TR_FRAMEID_MASK 0x7ff 267 #define TRB_TR_SIA (1<<31) 268 269 #define TRB_TR_DIR (1<<16) 270 271 #define TRB_CR_SLOTID_SHIFT 24 272 #define TRB_CR_SLOTID_MASK 0xff 273 #define TRB_CR_EPID_SHIFT 16 274 #define TRB_CR_EPID_MASK 0x1f 275 276 #define TRB_CR_BSR (1<<9) 277 #define TRB_CR_DC (1<<9) 278 279 #define TRB_LK_TC (1<<1) 280 281 #define TRB_INTR_SHIFT 22 282 #define TRB_INTR_MASK 0x3ff 283 #define TRB_INTR(t) (((t).status >> TRB_INTR_SHIFT) & TRB_INTR_MASK) 284 285 #define EP_TYPE_MASK 0x7 286 #define EP_TYPE_SHIFT 3 287 288 #define EP_STATE_MASK 0x7 289 #define EP_DISABLED (0<<0) 290 #define EP_RUNNING (1<<0) 291 #define EP_HALTED (2<<0) 292 #define EP_STOPPED (3<<0) 293 #define EP_ERROR (4<<0) 294 295 #define SLOT_STATE_MASK 0x1f 296 #define SLOT_STATE_SHIFT 27 297 #define SLOT_STATE(s) (((s)>>SLOT_STATE_SHIFT)&SLOT_STATE_MASK) 298 #define SLOT_ENABLED 0 299 #define SLOT_DEFAULT 1 300 #define SLOT_ADDRESSED 2 301 #define SLOT_CONFIGURED 3 302 303 #define SLOT_CONTEXT_ENTRIES_MASK 0x1f 304 #define SLOT_CONTEXT_ENTRIES_SHIFT 27 305 306 typedef struct XHCIState XHCIState; 307 typedef struct XHCIStreamContext XHCIStreamContext; 308 typedef struct XHCIEPContext XHCIEPContext; 309 310 #define get_field(data, field) \ 311 (((data) >> field##_SHIFT) & field##_MASK) 312 313 #define set_field(data, newval, field) do { \ 314 uint32_t val = *data; \ 315 val &= ~(field##_MASK << field##_SHIFT); \ 316 val |= ((newval) & field##_MASK) << field##_SHIFT; \ 317 *data = val; \ 318 } while (0) 319 320 typedef enum EPType { 321 ET_INVALID = 0, 322 ET_ISO_OUT, 323 ET_BULK_OUT, 324 ET_INTR_OUT, 325 ET_CONTROL, 326 ET_ISO_IN, 327 ET_BULK_IN, 328 ET_INTR_IN, 329 } EPType; 330 331 typedef struct XHCIRing { 332 dma_addr_t dequeue; 333 bool ccs; 334 } XHCIRing; 335 336 typedef struct XHCIPort { 337 XHCIState *xhci; 338 uint32_t portsc; 339 uint32_t portnr; 340 USBPort *uport; 341 uint32_t speedmask; 342 char name[16]; 343 MemoryRegion mem; 344 } XHCIPort; 345 346 typedef struct XHCITransfer { 347 XHCIEPContext *epctx; 348 USBPacket packet; 349 QEMUSGList sgl; 350 bool running_async; 351 bool running_retry; 352 bool complete; 353 bool int_req; 354 unsigned int iso_pkts; 355 unsigned int slotid; 356 unsigned int epid; 357 unsigned int streamid; 358 bool in_xfer; 359 bool iso_xfer; 360 bool timed_xfer; 361 362 unsigned int trb_count; 363 XHCITRB *trbs; 364 365 TRBCCode status; 366 367 unsigned int pkts; 368 unsigned int pktsize; 369 unsigned int cur_pkt; 370 371 uint64_t mfindex_kick; 372 373 QTAILQ_ENTRY(XHCITransfer) next; 374 } XHCITransfer; 375 376 struct XHCIStreamContext { 377 dma_addr_t pctx; 378 unsigned int sct; 379 XHCIRing ring; 380 }; 381 382 struct XHCIEPContext { 383 XHCIState *xhci; 384 unsigned int slotid; 385 unsigned int epid; 386 387 XHCIRing ring; 388 uint32_t xfer_count; 389 QTAILQ_HEAD(, XHCITransfer) transfers; 390 XHCITransfer *retry; 391 EPType type; 392 dma_addr_t pctx; 393 unsigned int max_psize; 394 uint32_t state; 395 396 /* streams */ 397 unsigned int max_pstreams; 398 bool lsa; 399 unsigned int nr_pstreams; 400 XHCIStreamContext *pstreams; 401 402 /* iso xfer scheduling */ 403 unsigned int interval; 404 int64_t mfindex_last; 405 QEMUTimer *kick_timer; 406 }; 407 408 typedef struct XHCISlot { 409 bool enabled; 410 bool addressed; 411 dma_addr_t ctx; 412 USBPort *uport; 413 XHCIEPContext * eps[31]; 414 } XHCISlot; 415 416 typedef struct XHCIEvent { 417 TRBType type; 418 TRBCCode ccode; 419 uint64_t ptr; 420 uint32_t length; 421 uint32_t flags; 422 uint8_t slotid; 423 uint8_t epid; 424 } XHCIEvent; 425 426 typedef struct XHCIInterrupter { 427 uint32_t iman; 428 uint32_t imod; 429 uint32_t erstsz; 430 uint32_t erstba_low; 431 uint32_t erstba_high; 432 uint32_t erdp_low; 433 uint32_t erdp_high; 434 435 bool msix_used, er_pcs, er_full; 436 437 dma_addr_t er_start; 438 uint32_t er_size; 439 unsigned int er_ep_idx; 440 441 XHCIEvent ev_buffer[EV_QUEUE]; 442 unsigned int ev_buffer_put; 443 unsigned int ev_buffer_get; 444 445 } XHCIInterrupter; 446 447 struct XHCIState { 448 /*< private >*/ 449 PCIDevice parent_obj; 450 /*< public >*/ 451 452 USBBus bus; 453 MemoryRegion mem; 454 MemoryRegion mem_cap; 455 MemoryRegion mem_oper; 456 MemoryRegion mem_runtime; 457 MemoryRegion mem_doorbell; 458 459 /* properties */ 460 uint32_t numports_2; 461 uint32_t numports_3; 462 uint32_t numintrs; 463 uint32_t numslots; 464 uint32_t flags; 465 uint32_t max_pstreams_mask; 466 OnOffAuto msi; 467 OnOffAuto msix; 468 469 /* Operational Registers */ 470 uint32_t usbcmd; 471 uint32_t usbsts; 472 uint32_t dnctrl; 473 uint32_t crcr_low; 474 uint32_t crcr_high; 475 uint32_t dcbaap_low; 476 uint32_t dcbaap_high; 477 uint32_t config; 478 479 USBPort uports[MAX(MAXPORTS_2, MAXPORTS_3)]; 480 XHCIPort ports[MAXPORTS]; 481 XHCISlot slots[MAXSLOTS]; 482 uint32_t numports; 483 484 /* Runtime Registers */ 485 int64_t mfindex_start; 486 QEMUTimer *mfwrap_timer; 487 XHCIInterrupter intr[MAXINTRS]; 488 489 XHCIRing cmd_ring; 490 }; 491 492 #define TYPE_XHCI "nec-usb-xhci" 493 494 #define XHCI(obj) \ 495 OBJECT_CHECK(XHCIState, (obj), TYPE_XHCI) 496 497 typedef struct XHCIEvRingSeg { 498 uint32_t addr_low; 499 uint32_t addr_high; 500 uint32_t size; 501 uint32_t rsvd; 502 } XHCIEvRingSeg; 503 504 enum xhci_flags { 505 XHCI_FLAG_SS_FIRST = 1, 506 XHCI_FLAG_FORCE_PCIE_ENDCAP, 507 XHCI_FLAG_ENABLE_STREAMS, 508 }; 509 510 static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid, 511 unsigned int epid, unsigned int streamid); 512 static TRBCCode xhci_disable_ep(XHCIState *xhci, unsigned int slotid, 513 unsigned int epid); 514 static void xhci_xfer_report(XHCITransfer *xfer); 515 static void xhci_event(XHCIState *xhci, XHCIEvent *event, int v); 516 static void xhci_write_event(XHCIState *xhci, XHCIEvent *event, int v); 517 static USBEndpoint *xhci_epid_to_usbep(XHCIState *xhci, 518 unsigned int slotid, unsigned int epid); 519 520 static const char *TRBType_names[] = { 521 [TRB_RESERVED] = "TRB_RESERVED", 522 [TR_NORMAL] = "TR_NORMAL", 523 [TR_SETUP] = "TR_SETUP", 524 [TR_DATA] = "TR_DATA", 525 [TR_STATUS] = "TR_STATUS", 526 [TR_ISOCH] = "TR_ISOCH", 527 [TR_LINK] = "TR_LINK", 528 [TR_EVDATA] = "TR_EVDATA", 529 [TR_NOOP] = "TR_NOOP", 530 [CR_ENABLE_SLOT] = "CR_ENABLE_SLOT", 531 [CR_DISABLE_SLOT] = "CR_DISABLE_SLOT", 532 [CR_ADDRESS_DEVICE] = "CR_ADDRESS_DEVICE", 533 [CR_CONFIGURE_ENDPOINT] = "CR_CONFIGURE_ENDPOINT", 534 [CR_EVALUATE_CONTEXT] = "CR_EVALUATE_CONTEXT", 535 [CR_RESET_ENDPOINT] = "CR_RESET_ENDPOINT", 536 [CR_STOP_ENDPOINT] = "CR_STOP_ENDPOINT", 537 [CR_SET_TR_DEQUEUE] = "CR_SET_TR_DEQUEUE", 538 [CR_RESET_DEVICE] = "CR_RESET_DEVICE", 539 [CR_FORCE_EVENT] = "CR_FORCE_EVENT", 540 [CR_NEGOTIATE_BW] = "CR_NEGOTIATE_BW", 541 [CR_SET_LATENCY_TOLERANCE] = "CR_SET_LATENCY_TOLERANCE", 542 [CR_GET_PORT_BANDWIDTH] = "CR_GET_PORT_BANDWIDTH", 543 [CR_FORCE_HEADER] = "CR_FORCE_HEADER", 544 [CR_NOOP] = "CR_NOOP", 545 [ER_TRANSFER] = "ER_TRANSFER", 546 [ER_COMMAND_COMPLETE] = "ER_COMMAND_COMPLETE", 547 [ER_PORT_STATUS_CHANGE] = "ER_PORT_STATUS_CHANGE", 548 [ER_BANDWIDTH_REQUEST] = "ER_BANDWIDTH_REQUEST", 549 [ER_DOORBELL] = "ER_DOORBELL", 550 [ER_HOST_CONTROLLER] = "ER_HOST_CONTROLLER", 551 [ER_DEVICE_NOTIFICATION] = "ER_DEVICE_NOTIFICATION", 552 [ER_MFINDEX_WRAP] = "ER_MFINDEX_WRAP", 553 [CR_VENDOR_VIA_CHALLENGE_RESPONSE] = "CR_VENDOR_VIA_CHALLENGE_RESPONSE", 554 [CR_VENDOR_NEC_FIRMWARE_REVISION] = "CR_VENDOR_NEC_FIRMWARE_REVISION", 555 [CR_VENDOR_NEC_CHALLENGE_RESPONSE] = "CR_VENDOR_NEC_CHALLENGE_RESPONSE", 556 }; 557 558 static const char *TRBCCode_names[] = { 559 [CC_INVALID] = "CC_INVALID", 560 [CC_SUCCESS] = "CC_SUCCESS", 561 [CC_DATA_BUFFER_ERROR] = "CC_DATA_BUFFER_ERROR", 562 [CC_BABBLE_DETECTED] = "CC_BABBLE_DETECTED", 563 [CC_USB_TRANSACTION_ERROR] = "CC_USB_TRANSACTION_ERROR", 564 [CC_TRB_ERROR] = "CC_TRB_ERROR", 565 [CC_STALL_ERROR] = "CC_STALL_ERROR", 566 [CC_RESOURCE_ERROR] = "CC_RESOURCE_ERROR", 567 [CC_BANDWIDTH_ERROR] = "CC_BANDWIDTH_ERROR", 568 [CC_NO_SLOTS_ERROR] = "CC_NO_SLOTS_ERROR", 569 [CC_INVALID_STREAM_TYPE_ERROR] = "CC_INVALID_STREAM_TYPE_ERROR", 570 [CC_SLOT_NOT_ENABLED_ERROR] = "CC_SLOT_NOT_ENABLED_ERROR", 571 [CC_EP_NOT_ENABLED_ERROR] = "CC_EP_NOT_ENABLED_ERROR", 572 [CC_SHORT_PACKET] = "CC_SHORT_PACKET", 573 [CC_RING_UNDERRUN] = "CC_RING_UNDERRUN", 574 [CC_RING_OVERRUN] = "CC_RING_OVERRUN", 575 [CC_VF_ER_FULL] = "CC_VF_ER_FULL", 576 [CC_PARAMETER_ERROR] = "CC_PARAMETER_ERROR", 577 [CC_BANDWIDTH_OVERRUN] = "CC_BANDWIDTH_OVERRUN", 578 [CC_CONTEXT_STATE_ERROR] = "CC_CONTEXT_STATE_ERROR", 579 [CC_NO_PING_RESPONSE_ERROR] = "CC_NO_PING_RESPONSE_ERROR", 580 [CC_EVENT_RING_FULL_ERROR] = "CC_EVENT_RING_FULL_ERROR", 581 [CC_INCOMPATIBLE_DEVICE_ERROR] = "CC_INCOMPATIBLE_DEVICE_ERROR", 582 [CC_MISSED_SERVICE_ERROR] = "CC_MISSED_SERVICE_ERROR", 583 [CC_COMMAND_RING_STOPPED] = "CC_COMMAND_RING_STOPPED", 584 [CC_COMMAND_ABORTED] = "CC_COMMAND_ABORTED", 585 [CC_STOPPED] = "CC_STOPPED", 586 [CC_STOPPED_LENGTH_INVALID] = "CC_STOPPED_LENGTH_INVALID", 587 [CC_MAX_EXIT_LATENCY_TOO_LARGE_ERROR] 588 = "CC_MAX_EXIT_LATENCY_TOO_LARGE_ERROR", 589 [CC_ISOCH_BUFFER_OVERRUN] = "CC_ISOCH_BUFFER_OVERRUN", 590 [CC_EVENT_LOST_ERROR] = "CC_EVENT_LOST_ERROR", 591 [CC_UNDEFINED_ERROR] = "CC_UNDEFINED_ERROR", 592 [CC_INVALID_STREAM_ID_ERROR] = "CC_INVALID_STREAM_ID_ERROR", 593 [CC_SECONDARY_BANDWIDTH_ERROR] = "CC_SECONDARY_BANDWIDTH_ERROR", 594 [CC_SPLIT_TRANSACTION_ERROR] = "CC_SPLIT_TRANSACTION_ERROR", 595 }; 596 597 static const char *ep_state_names[] = { 598 [EP_DISABLED] = "disabled", 599 [EP_RUNNING] = "running", 600 [EP_HALTED] = "halted", 601 [EP_STOPPED] = "stopped", 602 [EP_ERROR] = "error", 603 }; 604 605 static const char *lookup_name(uint32_t index, const char **list, uint32_t llen) 606 { 607 if (index >= llen || list[index] == NULL) { 608 return "???"; 609 } 610 return list[index]; 611 } 612 613 static const char *trb_name(XHCITRB *trb) 614 { 615 return lookup_name(TRB_TYPE(*trb), TRBType_names, 616 ARRAY_SIZE(TRBType_names)); 617 } 618 619 static const char *event_name(XHCIEvent *event) 620 { 621 return lookup_name(event->ccode, TRBCCode_names, 622 ARRAY_SIZE(TRBCCode_names)); 623 } 624 625 static const char *ep_state_name(uint32_t state) 626 { 627 return lookup_name(state, ep_state_names, 628 ARRAY_SIZE(ep_state_names)); 629 } 630 631 static bool xhci_get_flag(XHCIState *xhci, enum xhci_flags bit) 632 { 633 return xhci->flags & (1 << bit); 634 } 635 636 static uint64_t xhci_mfindex_get(XHCIState *xhci) 637 { 638 int64_t now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 639 return (now - xhci->mfindex_start) / 125000; 640 } 641 642 static void xhci_mfwrap_update(XHCIState *xhci) 643 { 644 const uint32_t bits = USBCMD_RS | USBCMD_EWE; 645 uint32_t mfindex, left; 646 int64_t now; 647 648 if ((xhci->usbcmd & bits) == bits) { 649 now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 650 mfindex = ((now - xhci->mfindex_start) / 125000) & 0x3fff; 651 left = 0x4000 - mfindex; 652 timer_mod(xhci->mfwrap_timer, now + left * 125000); 653 } else { 654 timer_del(xhci->mfwrap_timer); 655 } 656 } 657 658 static void xhci_mfwrap_timer(void *opaque) 659 { 660 XHCIState *xhci = opaque; 661 XHCIEvent wrap = { ER_MFINDEX_WRAP, CC_SUCCESS }; 662 663 xhci_event(xhci, &wrap, 0); 664 xhci_mfwrap_update(xhci); 665 } 666 667 static inline dma_addr_t xhci_addr64(uint32_t low, uint32_t high) 668 { 669 if (sizeof(dma_addr_t) == 4) { 670 return low; 671 } else { 672 return low | (((dma_addr_t)high << 16) << 16); 673 } 674 } 675 676 static inline dma_addr_t xhci_mask64(uint64_t addr) 677 { 678 if (sizeof(dma_addr_t) == 4) { 679 return addr & 0xffffffff; 680 } else { 681 return addr; 682 } 683 } 684 685 static inline void xhci_dma_read_u32s(XHCIState *xhci, dma_addr_t addr, 686 uint32_t *buf, size_t len) 687 { 688 int i; 689 690 assert((len % sizeof(uint32_t)) == 0); 691 692 pci_dma_read(PCI_DEVICE(xhci), addr, buf, len); 693 694 for (i = 0; i < (len / sizeof(uint32_t)); i++) { 695 buf[i] = le32_to_cpu(buf[i]); 696 } 697 } 698 699 static inline void xhci_dma_write_u32s(XHCIState *xhci, dma_addr_t addr, 700 uint32_t *buf, size_t len) 701 { 702 int i; 703 uint32_t tmp[5]; 704 uint32_t n = len / sizeof(uint32_t); 705 706 assert((len % sizeof(uint32_t)) == 0); 707 assert(n <= ARRAY_SIZE(tmp)); 708 709 for (i = 0; i < n; i++) { 710 tmp[i] = cpu_to_le32(buf[i]); 711 } 712 pci_dma_write(PCI_DEVICE(xhci), addr, tmp, len); 713 } 714 715 static XHCIPort *xhci_lookup_port(XHCIState *xhci, struct USBPort *uport) 716 { 717 int index; 718 719 if (!uport->dev) { 720 return NULL; 721 } 722 switch (uport->dev->speed) { 723 case USB_SPEED_LOW: 724 case USB_SPEED_FULL: 725 case USB_SPEED_HIGH: 726 if (xhci_get_flag(xhci, XHCI_FLAG_SS_FIRST)) { 727 index = uport->index + xhci->numports_3; 728 } else { 729 index = uport->index; 730 } 731 break; 732 case USB_SPEED_SUPER: 733 if (xhci_get_flag(xhci, XHCI_FLAG_SS_FIRST)) { 734 index = uport->index; 735 } else { 736 index = uport->index + xhci->numports_2; 737 } 738 break; 739 default: 740 return NULL; 741 } 742 return &xhci->ports[index]; 743 } 744 745 static void xhci_intx_update(XHCIState *xhci) 746 { 747 PCIDevice *pci_dev = PCI_DEVICE(xhci); 748 int level = 0; 749 750 if (msix_enabled(pci_dev) || 751 msi_enabled(pci_dev)) { 752 return; 753 } 754 755 if (xhci->intr[0].iman & IMAN_IP && 756 xhci->intr[0].iman & IMAN_IE && 757 xhci->usbcmd & USBCMD_INTE) { 758 level = 1; 759 } 760 761 trace_usb_xhci_irq_intx(level); 762 pci_set_irq(pci_dev, level); 763 } 764 765 static void xhci_msix_update(XHCIState *xhci, int v) 766 { 767 PCIDevice *pci_dev = PCI_DEVICE(xhci); 768 bool enabled; 769 770 if (!msix_enabled(pci_dev)) { 771 return; 772 } 773 774 enabled = xhci->intr[v].iman & IMAN_IE; 775 if (enabled == xhci->intr[v].msix_used) { 776 return; 777 } 778 779 if (enabled) { 780 trace_usb_xhci_irq_msix_use(v); 781 msix_vector_use(pci_dev, v); 782 xhci->intr[v].msix_used = true; 783 } else { 784 trace_usb_xhci_irq_msix_unuse(v); 785 msix_vector_unuse(pci_dev, v); 786 xhci->intr[v].msix_used = false; 787 } 788 } 789 790 static void xhci_intr_raise(XHCIState *xhci, int v) 791 { 792 PCIDevice *pci_dev = PCI_DEVICE(xhci); 793 794 xhci->intr[v].erdp_low |= ERDP_EHB; 795 xhci->intr[v].iman |= IMAN_IP; 796 xhci->usbsts |= USBSTS_EINT; 797 798 if (!(xhci->intr[v].iman & IMAN_IE)) { 799 return; 800 } 801 802 if (!(xhci->usbcmd & USBCMD_INTE)) { 803 return; 804 } 805 806 if (msix_enabled(pci_dev)) { 807 trace_usb_xhci_irq_msix(v); 808 msix_notify(pci_dev, v); 809 return; 810 } 811 812 if (msi_enabled(pci_dev)) { 813 trace_usb_xhci_irq_msi(v); 814 msi_notify(pci_dev, v); 815 return; 816 } 817 818 if (v == 0) { 819 trace_usb_xhci_irq_intx(1); 820 pci_irq_assert(pci_dev); 821 } 822 } 823 824 static inline int xhci_running(XHCIState *xhci) 825 { 826 return !(xhci->usbsts & USBSTS_HCH) && !xhci->intr[0].er_full; 827 } 828 829 static void xhci_die(XHCIState *xhci) 830 { 831 xhci->usbsts |= USBSTS_HCE; 832 DPRINTF("xhci: asserted controller error\n"); 833 } 834 835 static void xhci_write_event(XHCIState *xhci, XHCIEvent *event, int v) 836 { 837 PCIDevice *pci_dev = PCI_DEVICE(xhci); 838 XHCIInterrupter *intr = &xhci->intr[v]; 839 XHCITRB ev_trb; 840 dma_addr_t addr; 841 842 ev_trb.parameter = cpu_to_le64(event->ptr); 843 ev_trb.status = cpu_to_le32(event->length | (event->ccode << 24)); 844 ev_trb.control = (event->slotid << 24) | (event->epid << 16) | 845 event->flags | (event->type << TRB_TYPE_SHIFT); 846 if (intr->er_pcs) { 847 ev_trb.control |= TRB_C; 848 } 849 ev_trb.control = cpu_to_le32(ev_trb.control); 850 851 trace_usb_xhci_queue_event(v, intr->er_ep_idx, trb_name(&ev_trb), 852 event_name(event), ev_trb.parameter, 853 ev_trb.status, ev_trb.control); 854 855 addr = intr->er_start + TRB_SIZE*intr->er_ep_idx; 856 pci_dma_write(pci_dev, addr, &ev_trb, TRB_SIZE); 857 858 intr->er_ep_idx++; 859 if (intr->er_ep_idx >= intr->er_size) { 860 intr->er_ep_idx = 0; 861 intr->er_pcs = !intr->er_pcs; 862 } 863 } 864 865 static void xhci_events_update(XHCIState *xhci, int v) 866 { 867 XHCIInterrupter *intr = &xhci->intr[v]; 868 dma_addr_t erdp; 869 unsigned int dp_idx; 870 bool do_irq = 0; 871 872 if (xhci->usbsts & USBSTS_HCH) { 873 return; 874 } 875 876 erdp = xhci_addr64(intr->erdp_low, intr->erdp_high); 877 if (erdp < intr->er_start || 878 erdp >= (intr->er_start + TRB_SIZE*intr->er_size)) { 879 DPRINTF("xhci: ERDP out of bounds: "DMA_ADDR_FMT"\n", erdp); 880 DPRINTF("xhci: ER[%d] at "DMA_ADDR_FMT" len %d\n", 881 v, intr->er_start, intr->er_size); 882 xhci_die(xhci); 883 return; 884 } 885 dp_idx = (erdp - intr->er_start) / TRB_SIZE; 886 assert(dp_idx < intr->er_size); 887 888 /* NEC didn't read section 4.9.4 of the spec (v1.0 p139 top Note) and thus 889 * deadlocks when the ER is full. Hack it by holding off events until 890 * the driver decides to free at least half of the ring */ 891 if (intr->er_full) { 892 int er_free = dp_idx - intr->er_ep_idx; 893 if (er_free <= 0) { 894 er_free += intr->er_size; 895 } 896 if (er_free < (intr->er_size/2)) { 897 DPRINTF("xhci_events_update(): event ring still " 898 "more than half full (hack)\n"); 899 return; 900 } 901 } 902 903 while (intr->ev_buffer_put != intr->ev_buffer_get) { 904 assert(intr->er_full); 905 if (((intr->er_ep_idx+1) % intr->er_size) == dp_idx) { 906 DPRINTF("xhci_events_update(): event ring full again\n"); 907 #ifndef ER_FULL_HACK 908 XHCIEvent full = {ER_HOST_CONTROLLER, CC_EVENT_RING_FULL_ERROR}; 909 xhci_write_event(xhci, &full, v); 910 #endif 911 do_irq = 1; 912 break; 913 } 914 XHCIEvent *event = &intr->ev_buffer[intr->ev_buffer_get]; 915 xhci_write_event(xhci, event, v); 916 intr->ev_buffer_get++; 917 do_irq = 1; 918 if (intr->ev_buffer_get == EV_QUEUE) { 919 intr->ev_buffer_get = 0; 920 } 921 } 922 923 if (do_irq) { 924 xhci_intr_raise(xhci, v); 925 } 926 927 if (intr->er_full && intr->ev_buffer_put == intr->ev_buffer_get) { 928 DPRINTF("xhci_events_update(): event ring no longer full\n"); 929 intr->er_full = 0; 930 } 931 } 932 933 static void xhci_event(XHCIState *xhci, XHCIEvent *event, int v) 934 { 935 XHCIInterrupter *intr; 936 dma_addr_t erdp; 937 unsigned int dp_idx; 938 939 if (v >= xhci->numintrs) { 940 DPRINTF("intr nr out of range (%d >= %d)\n", v, xhci->numintrs); 941 return; 942 } 943 intr = &xhci->intr[v]; 944 945 if (intr->er_full) { 946 DPRINTF("xhci_event(): ER full, queueing\n"); 947 if (((intr->ev_buffer_put+1) % EV_QUEUE) == intr->ev_buffer_get) { 948 DPRINTF("xhci: event queue full, dropping event!\n"); 949 return; 950 } 951 intr->ev_buffer[intr->ev_buffer_put++] = *event; 952 if (intr->ev_buffer_put == EV_QUEUE) { 953 intr->ev_buffer_put = 0; 954 } 955 return; 956 } 957 958 erdp = xhci_addr64(intr->erdp_low, intr->erdp_high); 959 if (erdp < intr->er_start || 960 erdp >= (intr->er_start + TRB_SIZE*intr->er_size)) { 961 DPRINTF("xhci: ERDP out of bounds: "DMA_ADDR_FMT"\n", erdp); 962 DPRINTF("xhci: ER[%d] at "DMA_ADDR_FMT" len %d\n", 963 v, intr->er_start, intr->er_size); 964 xhci_die(xhci); 965 return; 966 } 967 968 dp_idx = (erdp - intr->er_start) / TRB_SIZE; 969 assert(dp_idx < intr->er_size); 970 971 if ((intr->er_ep_idx+1) % intr->er_size == dp_idx) { 972 DPRINTF("xhci_event(): ER full, queueing\n"); 973 #ifndef ER_FULL_HACK 974 XHCIEvent full = {ER_HOST_CONTROLLER, CC_EVENT_RING_FULL_ERROR}; 975 xhci_write_event(xhci, &full); 976 #endif 977 intr->er_full = 1; 978 if (((intr->ev_buffer_put+1) % EV_QUEUE) == intr->ev_buffer_get) { 979 DPRINTF("xhci: event queue full, dropping event!\n"); 980 return; 981 } 982 intr->ev_buffer[intr->ev_buffer_put++] = *event; 983 if (intr->ev_buffer_put == EV_QUEUE) { 984 intr->ev_buffer_put = 0; 985 } 986 } else { 987 xhci_write_event(xhci, event, v); 988 } 989 990 xhci_intr_raise(xhci, v); 991 } 992 993 static void xhci_ring_init(XHCIState *xhci, XHCIRing *ring, 994 dma_addr_t base) 995 { 996 ring->dequeue = base; 997 ring->ccs = 1; 998 } 999 1000 static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, 1001 dma_addr_t *addr) 1002 { 1003 PCIDevice *pci_dev = PCI_DEVICE(xhci); 1004 uint32_t link_cnt = 0; 1005 1006 while (1) { 1007 TRBType type; 1008 pci_dma_read(pci_dev, ring->dequeue, trb, TRB_SIZE); 1009 trb->addr = ring->dequeue; 1010 trb->ccs = ring->ccs; 1011 le64_to_cpus(&trb->parameter); 1012 le32_to_cpus(&trb->status); 1013 le32_to_cpus(&trb->control); 1014 1015 trace_usb_xhci_fetch_trb(ring->dequeue, trb_name(trb), 1016 trb->parameter, trb->status, trb->control); 1017 1018 if ((trb->control & TRB_C) != ring->ccs) { 1019 return 0; 1020 } 1021 1022 type = TRB_TYPE(*trb); 1023 1024 if (type != TR_LINK) { 1025 if (addr) { 1026 *addr = ring->dequeue; 1027 } 1028 ring->dequeue += TRB_SIZE; 1029 return type; 1030 } else { 1031 if (++link_cnt > TRB_LINK_LIMIT) { 1032 return 0; 1033 } 1034 ring->dequeue = xhci_mask64(trb->parameter); 1035 if (trb->control & TRB_LK_TC) { 1036 ring->ccs = !ring->ccs; 1037 } 1038 } 1039 } 1040 } 1041 1042 static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) 1043 { 1044 PCIDevice *pci_dev = PCI_DEVICE(xhci); 1045 XHCITRB trb; 1046 int length = 0; 1047 dma_addr_t dequeue = ring->dequeue; 1048 bool ccs = ring->ccs; 1049 /* hack to bundle together the two/three TDs that make a setup transfer */ 1050 bool control_td_set = 0; 1051 uint32_t link_cnt = 0; 1052 1053 while (1) { 1054 TRBType type; 1055 pci_dma_read(pci_dev, dequeue, &trb, TRB_SIZE); 1056 le64_to_cpus(&trb.parameter); 1057 le32_to_cpus(&trb.status); 1058 le32_to_cpus(&trb.control); 1059 1060 if ((trb.control & TRB_C) != ccs) { 1061 return -length; 1062 } 1063 1064 type = TRB_TYPE(trb); 1065 1066 if (type == TR_LINK) { 1067 if (++link_cnt > TRB_LINK_LIMIT) { 1068 return -length; 1069 } 1070 dequeue = xhci_mask64(trb.parameter); 1071 if (trb.control & TRB_LK_TC) { 1072 ccs = !ccs; 1073 } 1074 continue; 1075 } 1076 1077 length += 1; 1078 dequeue += TRB_SIZE; 1079 1080 if (type == TR_SETUP) { 1081 control_td_set = 1; 1082 } else if (type == TR_STATUS) { 1083 control_td_set = 0; 1084 } 1085 1086 if (!control_td_set && !(trb.control & TRB_TR_CH)) { 1087 return length; 1088 } 1089 } 1090 } 1091 1092 static void xhci_er_reset(XHCIState *xhci, int v) 1093 { 1094 XHCIInterrupter *intr = &xhci->intr[v]; 1095 XHCIEvRingSeg seg; 1096 1097 if (intr->erstsz == 0) { 1098 /* disabled */ 1099 intr->er_start = 0; 1100 intr->er_size = 0; 1101 return; 1102 } 1103 /* cache the (sole) event ring segment location */ 1104 if (intr->erstsz != 1) { 1105 DPRINTF("xhci: invalid value for ERSTSZ: %d\n", intr->erstsz); 1106 xhci_die(xhci); 1107 return; 1108 } 1109 dma_addr_t erstba = xhci_addr64(intr->erstba_low, intr->erstba_high); 1110 pci_dma_read(PCI_DEVICE(xhci), erstba, &seg, sizeof(seg)); 1111 le32_to_cpus(&seg.addr_low); 1112 le32_to_cpus(&seg.addr_high); 1113 le32_to_cpus(&seg.size); 1114 if (seg.size < 16 || seg.size > 4096) { 1115 DPRINTF("xhci: invalid value for segment size: %d\n", seg.size); 1116 xhci_die(xhci); 1117 return; 1118 } 1119 intr->er_start = xhci_addr64(seg.addr_low, seg.addr_high); 1120 intr->er_size = seg.size; 1121 1122 intr->er_ep_idx = 0; 1123 intr->er_pcs = 1; 1124 intr->er_full = 0; 1125 1126 DPRINTF("xhci: event ring[%d]:" DMA_ADDR_FMT " [%d]\n", 1127 v, intr->er_start, intr->er_size); 1128 } 1129 1130 static void xhci_run(XHCIState *xhci) 1131 { 1132 trace_usb_xhci_run(); 1133 xhci->usbsts &= ~USBSTS_HCH; 1134 xhci->mfindex_start = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 1135 } 1136 1137 static void xhci_stop(XHCIState *xhci) 1138 { 1139 trace_usb_xhci_stop(); 1140 xhci->usbsts |= USBSTS_HCH; 1141 xhci->crcr_low &= ~CRCR_CRR; 1142 } 1143 1144 static XHCIStreamContext *xhci_alloc_stream_contexts(unsigned count, 1145 dma_addr_t base) 1146 { 1147 XHCIStreamContext *stctx; 1148 unsigned int i; 1149 1150 stctx = g_new0(XHCIStreamContext, count); 1151 for (i = 0; i < count; i++) { 1152 stctx[i].pctx = base + i * 16; 1153 stctx[i].sct = -1; 1154 } 1155 return stctx; 1156 } 1157 1158 static void xhci_reset_streams(XHCIEPContext *epctx) 1159 { 1160 unsigned int i; 1161 1162 for (i = 0; i < epctx->nr_pstreams; i++) { 1163 epctx->pstreams[i].sct = -1; 1164 } 1165 } 1166 1167 static void xhci_alloc_streams(XHCIEPContext *epctx, dma_addr_t base) 1168 { 1169 assert(epctx->pstreams == NULL); 1170 epctx->nr_pstreams = 2 << epctx->max_pstreams; 1171 epctx->pstreams = xhci_alloc_stream_contexts(epctx->nr_pstreams, base); 1172 } 1173 1174 static void xhci_free_streams(XHCIEPContext *epctx) 1175 { 1176 assert(epctx->pstreams != NULL); 1177 1178 g_free(epctx->pstreams); 1179 epctx->pstreams = NULL; 1180 epctx->nr_pstreams = 0; 1181 } 1182 1183 static int xhci_epmask_to_eps_with_streams(XHCIState *xhci, 1184 unsigned int slotid, 1185 uint32_t epmask, 1186 XHCIEPContext **epctxs, 1187 USBEndpoint **eps) 1188 { 1189 XHCISlot *slot; 1190 XHCIEPContext *epctx; 1191 USBEndpoint *ep; 1192 int i, j; 1193 1194 assert(slotid >= 1 && slotid <= xhci->numslots); 1195 1196 slot = &xhci->slots[slotid - 1]; 1197 1198 for (i = 2, j = 0; i <= 31; i++) { 1199 if (!(epmask & (1u << i))) { 1200 continue; 1201 } 1202 1203 epctx = slot->eps[i - 1]; 1204 ep = xhci_epid_to_usbep(xhci, slotid, i); 1205 if (!epctx || !epctx->nr_pstreams || !ep) { 1206 continue; 1207 } 1208 1209 if (epctxs) { 1210 epctxs[j] = epctx; 1211 } 1212 eps[j++] = ep; 1213 } 1214 return j; 1215 } 1216 1217 static void xhci_free_device_streams(XHCIState *xhci, unsigned int slotid, 1218 uint32_t epmask) 1219 { 1220 USBEndpoint *eps[30]; 1221 int nr_eps; 1222 1223 nr_eps = xhci_epmask_to_eps_with_streams(xhci, slotid, epmask, NULL, eps); 1224 if (nr_eps) { 1225 usb_device_free_streams(eps[0]->dev, eps, nr_eps); 1226 } 1227 } 1228 1229 static TRBCCode xhci_alloc_device_streams(XHCIState *xhci, unsigned int slotid, 1230 uint32_t epmask) 1231 { 1232 XHCIEPContext *epctxs[30]; 1233 USBEndpoint *eps[30]; 1234 int i, r, nr_eps, req_nr_streams, dev_max_streams; 1235 1236 nr_eps = xhci_epmask_to_eps_with_streams(xhci, slotid, epmask, epctxs, 1237 eps); 1238 if (nr_eps == 0) { 1239 return CC_SUCCESS; 1240 } 1241 1242 req_nr_streams = epctxs[0]->nr_pstreams; 1243 dev_max_streams = eps[0]->max_streams; 1244 1245 for (i = 1; i < nr_eps; i++) { 1246 /* 1247 * HdG: I don't expect these to ever trigger, but if they do we need 1248 * to come up with another solution, ie group identical endpoints 1249 * together and make an usb_device_alloc_streams call per group. 1250 */ 1251 if (epctxs[i]->nr_pstreams != req_nr_streams) { 1252 FIXME("guest streams config not identical for all eps"); 1253 return CC_RESOURCE_ERROR; 1254 } 1255 if (eps[i]->max_streams != dev_max_streams) { 1256 FIXME("device streams config not identical for all eps"); 1257 return CC_RESOURCE_ERROR; 1258 } 1259 } 1260 1261 /* 1262 * max-streams in both the device descriptor and in the controller is a 1263 * power of 2. But stream id 0 is reserved, so if a device can do up to 4 1264 * streams the guest will ask for 5 rounded up to the next power of 2 which 1265 * becomes 8. For emulated devices usb_device_alloc_streams is a nop. 1266 * 1267 * For redirected devices however this is an issue, as there we must ask 1268 * the real xhci controller to alloc streams, and the host driver for the 1269 * real xhci controller will likely disallow allocating more streams then 1270 * the device can handle. 1271 * 1272 * So we limit the requested nr_streams to the maximum number the device 1273 * can handle. 1274 */ 1275 if (req_nr_streams > dev_max_streams) { 1276 req_nr_streams = dev_max_streams; 1277 } 1278 1279 r = usb_device_alloc_streams(eps[0]->dev, eps, nr_eps, req_nr_streams); 1280 if (r != 0) { 1281 DPRINTF("xhci: alloc streams failed\n"); 1282 return CC_RESOURCE_ERROR; 1283 } 1284 1285 return CC_SUCCESS; 1286 } 1287 1288 static XHCIStreamContext *xhci_find_stream(XHCIEPContext *epctx, 1289 unsigned int streamid, 1290 uint32_t *cc_error) 1291 { 1292 XHCIStreamContext *sctx; 1293 dma_addr_t base; 1294 uint32_t ctx[2], sct; 1295 1296 assert(streamid != 0); 1297 if (epctx->lsa) { 1298 if (streamid >= epctx->nr_pstreams) { 1299 *cc_error = CC_INVALID_STREAM_ID_ERROR; 1300 return NULL; 1301 } 1302 sctx = epctx->pstreams + streamid; 1303 } else { 1304 FIXME("secondary streams not implemented yet"); 1305 } 1306 1307 if (sctx->sct == -1) { 1308 xhci_dma_read_u32s(epctx->xhci, sctx->pctx, ctx, sizeof(ctx)); 1309 sct = (ctx[0] >> 1) & 0x07; 1310 if (epctx->lsa && sct != 1) { 1311 *cc_error = CC_INVALID_STREAM_TYPE_ERROR; 1312 return NULL; 1313 } 1314 sctx->sct = sct; 1315 base = xhci_addr64(ctx[0] & ~0xf, ctx[1]); 1316 xhci_ring_init(epctx->xhci, &sctx->ring, base); 1317 } 1318 return sctx; 1319 } 1320 1321 static void xhci_set_ep_state(XHCIState *xhci, XHCIEPContext *epctx, 1322 XHCIStreamContext *sctx, uint32_t state) 1323 { 1324 XHCIRing *ring = NULL; 1325 uint32_t ctx[5]; 1326 uint32_t ctx2[2]; 1327 1328 xhci_dma_read_u32s(xhci, epctx->pctx, ctx, sizeof(ctx)); 1329 ctx[0] &= ~EP_STATE_MASK; 1330 ctx[0] |= state; 1331 1332 /* update ring dequeue ptr */ 1333 if (epctx->nr_pstreams) { 1334 if (sctx != NULL) { 1335 ring = &sctx->ring; 1336 xhci_dma_read_u32s(xhci, sctx->pctx, ctx2, sizeof(ctx2)); 1337 ctx2[0] &= 0xe; 1338 ctx2[0] |= sctx->ring.dequeue | sctx->ring.ccs; 1339 ctx2[1] = (sctx->ring.dequeue >> 16) >> 16; 1340 xhci_dma_write_u32s(xhci, sctx->pctx, ctx2, sizeof(ctx2)); 1341 } 1342 } else { 1343 ring = &epctx->ring; 1344 } 1345 if (ring) { 1346 ctx[2] = ring->dequeue | ring->ccs; 1347 ctx[3] = (ring->dequeue >> 16) >> 16; 1348 1349 DPRINTF("xhci: set epctx: " DMA_ADDR_FMT " state=%d dequeue=%08x%08x\n", 1350 epctx->pctx, state, ctx[3], ctx[2]); 1351 } 1352 1353 xhci_dma_write_u32s(xhci, epctx->pctx, ctx, sizeof(ctx)); 1354 if (epctx->state != state) { 1355 trace_usb_xhci_ep_state(epctx->slotid, epctx->epid, 1356 ep_state_name(epctx->state), 1357 ep_state_name(state)); 1358 } 1359 epctx->state = state; 1360 } 1361 1362 static void xhci_ep_kick_timer(void *opaque) 1363 { 1364 XHCIEPContext *epctx = opaque; 1365 xhci_kick_ep(epctx->xhci, epctx->slotid, epctx->epid, 0); 1366 } 1367 1368 static XHCIEPContext *xhci_alloc_epctx(XHCIState *xhci, 1369 unsigned int slotid, 1370 unsigned int epid) 1371 { 1372 XHCIEPContext *epctx; 1373 1374 epctx = g_new0(XHCIEPContext, 1); 1375 epctx->xhci = xhci; 1376 epctx->slotid = slotid; 1377 epctx->epid = epid; 1378 1379 QTAILQ_INIT(&epctx->transfers); 1380 epctx->kick_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, xhci_ep_kick_timer, epctx); 1381 1382 return epctx; 1383 } 1384 1385 static void xhci_init_epctx(XHCIEPContext *epctx, 1386 dma_addr_t pctx, uint32_t *ctx) 1387 { 1388 dma_addr_t dequeue; 1389 1390 dequeue = xhci_addr64(ctx[2] & ~0xf, ctx[3]); 1391 1392 epctx->type = (ctx[1] >> EP_TYPE_SHIFT) & EP_TYPE_MASK; 1393 epctx->pctx = pctx; 1394 epctx->max_psize = ctx[1]>>16; 1395 epctx->max_psize *= 1+((ctx[1]>>8)&0xff); 1396 epctx->max_pstreams = (ctx[0] >> 10) & epctx->xhci->max_pstreams_mask; 1397 epctx->lsa = (ctx[0] >> 15) & 1; 1398 if (epctx->max_pstreams) { 1399 xhci_alloc_streams(epctx, dequeue); 1400 } else { 1401 xhci_ring_init(epctx->xhci, &epctx->ring, dequeue); 1402 epctx->ring.ccs = ctx[2] & 1; 1403 } 1404 1405 epctx->interval = 1 << ((ctx[0] >> 16) & 0xff); 1406 } 1407 1408 static TRBCCode xhci_enable_ep(XHCIState *xhci, unsigned int slotid, 1409 unsigned int epid, dma_addr_t pctx, 1410 uint32_t *ctx) 1411 { 1412 XHCISlot *slot; 1413 XHCIEPContext *epctx; 1414 1415 trace_usb_xhci_ep_enable(slotid, epid); 1416 assert(slotid >= 1 && slotid <= xhci->numslots); 1417 assert(epid >= 1 && epid <= 31); 1418 1419 slot = &xhci->slots[slotid-1]; 1420 if (slot->eps[epid-1]) { 1421 xhci_disable_ep(xhci, slotid, epid); 1422 } 1423 1424 epctx = xhci_alloc_epctx(xhci, slotid, epid); 1425 slot->eps[epid-1] = epctx; 1426 xhci_init_epctx(epctx, pctx, ctx); 1427 1428 DPRINTF("xhci: endpoint %d.%d type is %d, max transaction (burst) " 1429 "size is %d\n", epid/2, epid%2, epctx->type, epctx->max_psize); 1430 1431 epctx->mfindex_last = 0; 1432 1433 epctx->state = EP_RUNNING; 1434 ctx[0] &= ~EP_STATE_MASK; 1435 ctx[0] |= EP_RUNNING; 1436 1437 return CC_SUCCESS; 1438 } 1439 1440 static XHCITransfer *xhci_ep_alloc_xfer(XHCIEPContext *epctx, 1441 uint32_t length) 1442 { 1443 uint32_t limit = epctx->nr_pstreams + 16; 1444 XHCITransfer *xfer; 1445 1446 if (epctx->xfer_count >= limit) { 1447 return NULL; 1448 } 1449 1450 xfer = g_new0(XHCITransfer, 1); 1451 xfer->epctx = epctx; 1452 xfer->slotid = epctx->slotid; 1453 xfer->epid = epctx->epid; 1454 xfer->trbs = g_new(XHCITRB, length); 1455 xfer->trb_count = length; 1456 usb_packet_init(&xfer->packet); 1457 1458 QTAILQ_INSERT_TAIL(&epctx->transfers, xfer, next); 1459 epctx->xfer_count++; 1460 1461 return xfer; 1462 } 1463 1464 static void xhci_ep_free_xfer(XHCITransfer *xfer) 1465 { 1466 QTAILQ_REMOVE(&xfer->epctx->transfers, xfer, next); 1467 xfer->epctx->xfer_count--; 1468 1469 usb_packet_cleanup(&xfer->packet); 1470 g_free(xfer->trbs); 1471 g_free(xfer); 1472 } 1473 1474 static int xhci_ep_nuke_one_xfer(XHCITransfer *t, TRBCCode report) 1475 { 1476 int killed = 0; 1477 1478 if (report && (t->running_async || t->running_retry)) { 1479 t->status = report; 1480 xhci_xfer_report(t); 1481 } 1482 1483 if (t->running_async) { 1484 usb_cancel_packet(&t->packet); 1485 t->running_async = 0; 1486 killed = 1; 1487 } 1488 if (t->running_retry) { 1489 if (t->epctx) { 1490 t->epctx->retry = NULL; 1491 timer_del(t->epctx->kick_timer); 1492 } 1493 t->running_retry = 0; 1494 killed = 1; 1495 } 1496 g_free(t->trbs); 1497 1498 t->trbs = NULL; 1499 t->trb_count = 0; 1500 1501 return killed; 1502 } 1503 1504 static int xhci_ep_nuke_xfers(XHCIState *xhci, unsigned int slotid, 1505 unsigned int epid, TRBCCode report) 1506 { 1507 XHCISlot *slot; 1508 XHCIEPContext *epctx; 1509 XHCITransfer *xfer; 1510 int killed = 0; 1511 USBEndpoint *ep = NULL; 1512 assert(slotid >= 1 && slotid <= xhci->numslots); 1513 assert(epid >= 1 && epid <= 31); 1514 1515 DPRINTF("xhci_ep_nuke_xfers(%d, %d)\n", slotid, epid); 1516 1517 slot = &xhci->slots[slotid-1]; 1518 1519 if (!slot->eps[epid-1]) { 1520 return 0; 1521 } 1522 1523 epctx = slot->eps[epid-1]; 1524 1525 for (;;) { 1526 xfer = QTAILQ_FIRST(&epctx->transfers); 1527 if (xfer == NULL) { 1528 break; 1529 } 1530 killed += xhci_ep_nuke_one_xfer(xfer, report); 1531 if (killed) { 1532 report = 0; /* Only report once */ 1533 } 1534 xhci_ep_free_xfer(xfer); 1535 } 1536 1537 ep = xhci_epid_to_usbep(xhci, slotid, epid); 1538 if (ep) { 1539 usb_device_ep_stopped(ep->dev, ep); 1540 } 1541 return killed; 1542 } 1543 1544 static TRBCCode xhci_disable_ep(XHCIState *xhci, unsigned int slotid, 1545 unsigned int epid) 1546 { 1547 XHCISlot *slot; 1548 XHCIEPContext *epctx; 1549 1550 trace_usb_xhci_ep_disable(slotid, epid); 1551 assert(slotid >= 1 && slotid <= xhci->numslots); 1552 assert(epid >= 1 && epid <= 31); 1553 1554 slot = &xhci->slots[slotid-1]; 1555 1556 if (!slot->eps[epid-1]) { 1557 DPRINTF("xhci: slot %d ep %d already disabled\n", slotid, epid); 1558 return CC_SUCCESS; 1559 } 1560 1561 xhci_ep_nuke_xfers(xhci, slotid, epid, 0); 1562 1563 epctx = slot->eps[epid-1]; 1564 1565 if (epctx->nr_pstreams) { 1566 xhci_free_streams(epctx); 1567 } 1568 1569 /* only touch guest RAM if we're not resetting the HC */ 1570 if (xhci->dcbaap_low || xhci->dcbaap_high) { 1571 xhci_set_ep_state(xhci, epctx, NULL, EP_DISABLED); 1572 } 1573 1574 timer_free(epctx->kick_timer); 1575 g_free(epctx); 1576 slot->eps[epid-1] = NULL; 1577 1578 return CC_SUCCESS; 1579 } 1580 1581 static TRBCCode xhci_stop_ep(XHCIState *xhci, unsigned int slotid, 1582 unsigned int epid) 1583 { 1584 XHCISlot *slot; 1585 XHCIEPContext *epctx; 1586 1587 trace_usb_xhci_ep_stop(slotid, epid); 1588 assert(slotid >= 1 && slotid <= xhci->numslots); 1589 1590 if (epid < 1 || epid > 31) { 1591 DPRINTF("xhci: bad ep %d\n", epid); 1592 return CC_TRB_ERROR; 1593 } 1594 1595 slot = &xhci->slots[slotid-1]; 1596 1597 if (!slot->eps[epid-1]) { 1598 DPRINTF("xhci: slot %d ep %d not enabled\n", slotid, epid); 1599 return CC_EP_NOT_ENABLED_ERROR; 1600 } 1601 1602 if (xhci_ep_nuke_xfers(xhci, slotid, epid, CC_STOPPED) > 0) { 1603 DPRINTF("xhci: FIXME: endpoint stopped w/ xfers running, " 1604 "data might be lost\n"); 1605 } 1606 1607 epctx = slot->eps[epid-1]; 1608 1609 xhci_set_ep_state(xhci, epctx, NULL, EP_STOPPED); 1610 1611 if (epctx->nr_pstreams) { 1612 xhci_reset_streams(epctx); 1613 } 1614 1615 return CC_SUCCESS; 1616 } 1617 1618 static TRBCCode xhci_reset_ep(XHCIState *xhci, unsigned int slotid, 1619 unsigned int epid) 1620 { 1621 XHCISlot *slot; 1622 XHCIEPContext *epctx; 1623 1624 trace_usb_xhci_ep_reset(slotid, epid); 1625 assert(slotid >= 1 && slotid <= xhci->numslots); 1626 1627 if (epid < 1 || epid > 31) { 1628 DPRINTF("xhci: bad ep %d\n", epid); 1629 return CC_TRB_ERROR; 1630 } 1631 1632 slot = &xhci->slots[slotid-1]; 1633 1634 if (!slot->eps[epid-1]) { 1635 DPRINTF("xhci: slot %d ep %d not enabled\n", slotid, epid); 1636 return CC_EP_NOT_ENABLED_ERROR; 1637 } 1638 1639 epctx = slot->eps[epid-1]; 1640 1641 if (epctx->state != EP_HALTED) { 1642 DPRINTF("xhci: reset EP while EP %d not halted (%d)\n", 1643 epid, epctx->state); 1644 return CC_CONTEXT_STATE_ERROR; 1645 } 1646 1647 if (xhci_ep_nuke_xfers(xhci, slotid, epid, 0) > 0) { 1648 DPRINTF("xhci: FIXME: endpoint reset w/ xfers running, " 1649 "data might be lost\n"); 1650 } 1651 1652 if (!xhci->slots[slotid-1].uport || 1653 !xhci->slots[slotid-1].uport->dev || 1654 !xhci->slots[slotid-1].uport->dev->attached) { 1655 return CC_USB_TRANSACTION_ERROR; 1656 } 1657 1658 xhci_set_ep_state(xhci, epctx, NULL, EP_STOPPED); 1659 1660 if (epctx->nr_pstreams) { 1661 xhci_reset_streams(epctx); 1662 } 1663 1664 return CC_SUCCESS; 1665 } 1666 1667 static TRBCCode xhci_set_ep_dequeue(XHCIState *xhci, unsigned int slotid, 1668 unsigned int epid, unsigned int streamid, 1669 uint64_t pdequeue) 1670 { 1671 XHCISlot *slot; 1672 XHCIEPContext *epctx; 1673 XHCIStreamContext *sctx; 1674 dma_addr_t dequeue; 1675 1676 assert(slotid >= 1 && slotid <= xhci->numslots); 1677 1678 if (epid < 1 || epid > 31) { 1679 DPRINTF("xhci: bad ep %d\n", epid); 1680 return CC_TRB_ERROR; 1681 } 1682 1683 trace_usb_xhci_ep_set_dequeue(slotid, epid, streamid, pdequeue); 1684 dequeue = xhci_mask64(pdequeue); 1685 1686 slot = &xhci->slots[slotid-1]; 1687 1688 if (!slot->eps[epid-1]) { 1689 DPRINTF("xhci: slot %d ep %d not enabled\n", slotid, epid); 1690 return CC_EP_NOT_ENABLED_ERROR; 1691 } 1692 1693 epctx = slot->eps[epid-1]; 1694 1695 if (epctx->state != EP_STOPPED) { 1696 DPRINTF("xhci: set EP dequeue pointer while EP %d not stopped\n", epid); 1697 return CC_CONTEXT_STATE_ERROR; 1698 } 1699 1700 if (epctx->nr_pstreams) { 1701 uint32_t err; 1702 sctx = xhci_find_stream(epctx, streamid, &err); 1703 if (sctx == NULL) { 1704 return err; 1705 } 1706 xhci_ring_init(xhci, &sctx->ring, dequeue & ~0xf); 1707 sctx->ring.ccs = dequeue & 1; 1708 } else { 1709 sctx = NULL; 1710 xhci_ring_init(xhci, &epctx->ring, dequeue & ~0xF); 1711 epctx->ring.ccs = dequeue & 1; 1712 } 1713 1714 xhci_set_ep_state(xhci, epctx, sctx, EP_STOPPED); 1715 1716 return CC_SUCCESS; 1717 } 1718 1719 static int xhci_xfer_create_sgl(XHCITransfer *xfer, int in_xfer) 1720 { 1721 XHCIState *xhci = xfer->epctx->xhci; 1722 int i; 1723 1724 xfer->int_req = false; 1725 pci_dma_sglist_init(&xfer->sgl, PCI_DEVICE(xhci), xfer->trb_count); 1726 for (i = 0; i < xfer->trb_count; i++) { 1727 XHCITRB *trb = &xfer->trbs[i]; 1728 dma_addr_t addr; 1729 unsigned int chunk = 0; 1730 1731 if (trb->control & TRB_TR_IOC) { 1732 xfer->int_req = true; 1733 } 1734 1735 switch (TRB_TYPE(*trb)) { 1736 case TR_DATA: 1737 if ((!(trb->control & TRB_TR_DIR)) != (!in_xfer)) { 1738 DPRINTF("xhci: data direction mismatch for TR_DATA\n"); 1739 goto err; 1740 } 1741 /* fallthrough */ 1742 case TR_NORMAL: 1743 case TR_ISOCH: 1744 addr = xhci_mask64(trb->parameter); 1745 chunk = trb->status & 0x1ffff; 1746 if (trb->control & TRB_TR_IDT) { 1747 if (chunk > 8 || in_xfer) { 1748 DPRINTF("xhci: invalid immediate data TRB\n"); 1749 goto err; 1750 } 1751 qemu_sglist_add(&xfer->sgl, trb->addr, chunk); 1752 } else { 1753 qemu_sglist_add(&xfer->sgl, addr, chunk); 1754 } 1755 break; 1756 } 1757 } 1758 1759 return 0; 1760 1761 err: 1762 qemu_sglist_destroy(&xfer->sgl); 1763 xhci_die(xhci); 1764 return -1; 1765 } 1766 1767 static void xhci_xfer_unmap(XHCITransfer *xfer) 1768 { 1769 usb_packet_unmap(&xfer->packet, &xfer->sgl); 1770 qemu_sglist_destroy(&xfer->sgl); 1771 } 1772 1773 static void xhci_xfer_report(XHCITransfer *xfer) 1774 { 1775 uint32_t edtla = 0; 1776 unsigned int left; 1777 bool reported = 0; 1778 bool shortpkt = 0; 1779 XHCIEvent event = {ER_TRANSFER, CC_SUCCESS}; 1780 XHCIState *xhci = xfer->epctx->xhci; 1781 int i; 1782 1783 left = xfer->packet.actual_length; 1784 1785 for (i = 0; i < xfer->trb_count; i++) { 1786 XHCITRB *trb = &xfer->trbs[i]; 1787 unsigned int chunk = 0; 1788 1789 switch (TRB_TYPE(*trb)) { 1790 case TR_SETUP: 1791 chunk = trb->status & 0x1ffff; 1792 if (chunk > 8) { 1793 chunk = 8; 1794 } 1795 break; 1796 case TR_DATA: 1797 case TR_NORMAL: 1798 case TR_ISOCH: 1799 chunk = trb->status & 0x1ffff; 1800 if (chunk > left) { 1801 chunk = left; 1802 if (xfer->status == CC_SUCCESS) { 1803 shortpkt = 1; 1804 } 1805 } 1806 left -= chunk; 1807 edtla += chunk; 1808 break; 1809 case TR_STATUS: 1810 reported = 0; 1811 shortpkt = 0; 1812 break; 1813 } 1814 1815 if (!reported && ((trb->control & TRB_TR_IOC) || 1816 (shortpkt && (trb->control & TRB_TR_ISP)) || 1817 (xfer->status != CC_SUCCESS && left == 0))) { 1818 event.slotid = xfer->slotid; 1819 event.epid = xfer->epid; 1820 event.length = (trb->status & 0x1ffff) - chunk; 1821 event.flags = 0; 1822 event.ptr = trb->addr; 1823 if (xfer->status == CC_SUCCESS) { 1824 event.ccode = shortpkt ? CC_SHORT_PACKET : CC_SUCCESS; 1825 } else { 1826 event.ccode = xfer->status; 1827 } 1828 if (TRB_TYPE(*trb) == TR_EVDATA) { 1829 event.ptr = trb->parameter; 1830 event.flags |= TRB_EV_ED; 1831 event.length = edtla & 0xffffff; 1832 DPRINTF("xhci_xfer_data: EDTLA=%d\n", event.length); 1833 edtla = 0; 1834 } 1835 xhci_event(xhci, &event, TRB_INTR(*trb)); 1836 reported = 1; 1837 if (xfer->status != CC_SUCCESS) { 1838 return; 1839 } 1840 } 1841 1842 switch (TRB_TYPE(*trb)) { 1843 case TR_SETUP: 1844 reported = 0; 1845 shortpkt = 0; 1846 break; 1847 } 1848 1849 } 1850 } 1851 1852 static void xhci_stall_ep(XHCITransfer *xfer) 1853 { 1854 XHCIEPContext *epctx = xfer->epctx; 1855 XHCIState *xhci = epctx->xhci; 1856 uint32_t err; 1857 XHCIStreamContext *sctx; 1858 1859 if (epctx->nr_pstreams) { 1860 sctx = xhci_find_stream(epctx, xfer->streamid, &err); 1861 if (sctx == NULL) { 1862 return; 1863 } 1864 sctx->ring.dequeue = xfer->trbs[0].addr; 1865 sctx->ring.ccs = xfer->trbs[0].ccs; 1866 xhci_set_ep_state(xhci, epctx, sctx, EP_HALTED); 1867 } else { 1868 epctx->ring.dequeue = xfer->trbs[0].addr; 1869 epctx->ring.ccs = xfer->trbs[0].ccs; 1870 xhci_set_ep_state(xhci, epctx, NULL, EP_HALTED); 1871 } 1872 } 1873 1874 static int xhci_submit(XHCIState *xhci, XHCITransfer *xfer, 1875 XHCIEPContext *epctx); 1876 1877 static int xhci_setup_packet(XHCITransfer *xfer) 1878 { 1879 XHCIState *xhci = xfer->epctx->xhci; 1880 USBEndpoint *ep; 1881 int dir; 1882 1883 dir = xfer->in_xfer ? USB_TOKEN_IN : USB_TOKEN_OUT; 1884 1885 if (xfer->packet.ep) { 1886 ep = xfer->packet.ep; 1887 } else { 1888 ep = xhci_epid_to_usbep(xhci, xfer->slotid, xfer->epid); 1889 if (!ep) { 1890 DPRINTF("xhci: slot %d has no device\n", 1891 xfer->slotid); 1892 return -1; 1893 } 1894 } 1895 1896 xhci_xfer_create_sgl(xfer, dir == USB_TOKEN_IN); /* Also sets int_req */ 1897 usb_packet_setup(&xfer->packet, dir, ep, xfer->streamid, 1898 xfer->trbs[0].addr, false, xfer->int_req); 1899 usb_packet_map(&xfer->packet, &xfer->sgl); 1900 DPRINTF("xhci: setup packet pid 0x%x addr %d ep %d\n", 1901 xfer->packet.pid, ep->dev->addr, ep->nr); 1902 return 0; 1903 } 1904 1905 static int xhci_complete_packet(XHCITransfer *xfer) 1906 { 1907 if (xfer->packet.status == USB_RET_ASYNC) { 1908 trace_usb_xhci_xfer_async(xfer); 1909 xfer->running_async = 1; 1910 xfer->running_retry = 0; 1911 xfer->complete = 0; 1912 return 0; 1913 } else if (xfer->packet.status == USB_RET_NAK) { 1914 trace_usb_xhci_xfer_nak(xfer); 1915 xfer->running_async = 0; 1916 xfer->running_retry = 1; 1917 xfer->complete = 0; 1918 return 0; 1919 } else { 1920 xfer->running_async = 0; 1921 xfer->running_retry = 0; 1922 xfer->complete = 1; 1923 xhci_xfer_unmap(xfer); 1924 } 1925 1926 if (xfer->packet.status == USB_RET_SUCCESS) { 1927 trace_usb_xhci_xfer_success(xfer, xfer->packet.actual_length); 1928 xfer->status = CC_SUCCESS; 1929 xhci_xfer_report(xfer); 1930 return 0; 1931 } 1932 1933 /* error */ 1934 trace_usb_xhci_xfer_error(xfer, xfer->packet.status); 1935 switch (xfer->packet.status) { 1936 case USB_RET_NODEV: 1937 case USB_RET_IOERROR: 1938 xfer->status = CC_USB_TRANSACTION_ERROR; 1939 xhci_xfer_report(xfer); 1940 xhci_stall_ep(xfer); 1941 break; 1942 case USB_RET_STALL: 1943 xfer->status = CC_STALL_ERROR; 1944 xhci_xfer_report(xfer); 1945 xhci_stall_ep(xfer); 1946 break; 1947 case USB_RET_BABBLE: 1948 xfer->status = CC_BABBLE_DETECTED; 1949 xhci_xfer_report(xfer); 1950 xhci_stall_ep(xfer); 1951 break; 1952 default: 1953 DPRINTF("%s: FIXME: status = %d\n", __func__, 1954 xfer->packet.status); 1955 FIXME("unhandled USB_RET_*"); 1956 } 1957 return 0; 1958 } 1959 1960 static int xhci_fire_ctl_transfer(XHCIState *xhci, XHCITransfer *xfer) 1961 { 1962 XHCITRB *trb_setup, *trb_status; 1963 uint8_t bmRequestType; 1964 1965 trb_setup = &xfer->trbs[0]; 1966 trb_status = &xfer->trbs[xfer->trb_count-1]; 1967 1968 trace_usb_xhci_xfer_start(xfer, xfer->slotid, xfer->epid, xfer->streamid); 1969 1970 /* at most one Event Data TRB allowed after STATUS */ 1971 if (TRB_TYPE(*trb_status) == TR_EVDATA && xfer->trb_count > 2) { 1972 trb_status--; 1973 } 1974 1975 /* do some sanity checks */ 1976 if (TRB_TYPE(*trb_setup) != TR_SETUP) { 1977 DPRINTF("xhci: ep0 first TD not SETUP: %d\n", 1978 TRB_TYPE(*trb_setup)); 1979 return -1; 1980 } 1981 if (TRB_TYPE(*trb_status) != TR_STATUS) { 1982 DPRINTF("xhci: ep0 last TD not STATUS: %d\n", 1983 TRB_TYPE(*trb_status)); 1984 return -1; 1985 } 1986 if (!(trb_setup->control & TRB_TR_IDT)) { 1987 DPRINTF("xhci: Setup TRB doesn't have IDT set\n"); 1988 return -1; 1989 } 1990 if ((trb_setup->status & 0x1ffff) != 8) { 1991 DPRINTF("xhci: Setup TRB has bad length (%d)\n", 1992 (trb_setup->status & 0x1ffff)); 1993 return -1; 1994 } 1995 1996 bmRequestType = trb_setup->parameter; 1997 1998 xfer->in_xfer = bmRequestType & USB_DIR_IN; 1999 xfer->iso_xfer = false; 2000 xfer->timed_xfer = false; 2001 2002 if (xhci_setup_packet(xfer) < 0) { 2003 return -1; 2004 } 2005 xfer->packet.parameter = trb_setup->parameter; 2006 2007 usb_handle_packet(xfer->packet.ep->dev, &xfer->packet); 2008 2009 xhci_complete_packet(xfer); 2010 if (!xfer->running_async && !xfer->running_retry) { 2011 xhci_kick_ep(xhci, xfer->slotid, xfer->epid, 0); 2012 } 2013 return 0; 2014 } 2015 2016 static void xhci_calc_intr_kick(XHCIState *xhci, XHCITransfer *xfer, 2017 XHCIEPContext *epctx, uint64_t mfindex) 2018 { 2019 uint64_t asap = ((mfindex + epctx->interval - 1) & 2020 ~(epctx->interval-1)); 2021 uint64_t kick = epctx->mfindex_last + epctx->interval; 2022 2023 assert(epctx->interval != 0); 2024 xfer->mfindex_kick = MAX(asap, kick); 2025 } 2026 2027 static void xhci_calc_iso_kick(XHCIState *xhci, XHCITransfer *xfer, 2028 XHCIEPContext *epctx, uint64_t mfindex) 2029 { 2030 if (xfer->trbs[0].control & TRB_TR_SIA) { 2031 uint64_t asap = ((mfindex + epctx->interval - 1) & 2032 ~(epctx->interval-1)); 2033 if (asap >= epctx->mfindex_last && 2034 asap <= epctx->mfindex_last + epctx->interval * 4) { 2035 xfer->mfindex_kick = epctx->mfindex_last + epctx->interval; 2036 } else { 2037 xfer->mfindex_kick = asap; 2038 } 2039 } else { 2040 xfer->mfindex_kick = ((xfer->trbs[0].control >> TRB_TR_FRAMEID_SHIFT) 2041 & TRB_TR_FRAMEID_MASK) << 3; 2042 xfer->mfindex_kick |= mfindex & ~0x3fff; 2043 if (xfer->mfindex_kick + 0x100 < mfindex) { 2044 xfer->mfindex_kick += 0x4000; 2045 } 2046 } 2047 } 2048 2049 static void xhci_check_intr_iso_kick(XHCIState *xhci, XHCITransfer *xfer, 2050 XHCIEPContext *epctx, uint64_t mfindex) 2051 { 2052 if (xfer->mfindex_kick > mfindex) { 2053 timer_mod(epctx->kick_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 2054 (xfer->mfindex_kick - mfindex) * 125000); 2055 xfer->running_retry = 1; 2056 } else { 2057 epctx->mfindex_last = xfer->mfindex_kick; 2058 timer_del(epctx->kick_timer); 2059 xfer->running_retry = 0; 2060 } 2061 } 2062 2063 2064 static int xhci_submit(XHCIState *xhci, XHCITransfer *xfer, XHCIEPContext *epctx) 2065 { 2066 uint64_t mfindex; 2067 2068 DPRINTF("xhci_submit(slotid=%d,epid=%d)\n", xfer->slotid, xfer->epid); 2069 2070 xfer->in_xfer = epctx->type>>2; 2071 2072 switch(epctx->type) { 2073 case ET_INTR_OUT: 2074 case ET_INTR_IN: 2075 xfer->pkts = 0; 2076 xfer->iso_xfer = false; 2077 xfer->timed_xfer = true; 2078 mfindex = xhci_mfindex_get(xhci); 2079 xhci_calc_intr_kick(xhci, xfer, epctx, mfindex); 2080 xhci_check_intr_iso_kick(xhci, xfer, epctx, mfindex); 2081 if (xfer->running_retry) { 2082 return -1; 2083 } 2084 break; 2085 case ET_BULK_OUT: 2086 case ET_BULK_IN: 2087 xfer->pkts = 0; 2088 xfer->iso_xfer = false; 2089 xfer->timed_xfer = false; 2090 break; 2091 case ET_ISO_OUT: 2092 case ET_ISO_IN: 2093 xfer->pkts = 1; 2094 xfer->iso_xfer = true; 2095 xfer->timed_xfer = true; 2096 mfindex = xhci_mfindex_get(xhci); 2097 xhci_calc_iso_kick(xhci, xfer, epctx, mfindex); 2098 xhci_check_intr_iso_kick(xhci, xfer, epctx, mfindex); 2099 if (xfer->running_retry) { 2100 return -1; 2101 } 2102 break; 2103 default: 2104 trace_usb_xhci_unimplemented("endpoint type", epctx->type); 2105 return -1; 2106 } 2107 2108 if (xhci_setup_packet(xfer) < 0) { 2109 return -1; 2110 } 2111 usb_handle_packet(xfer->packet.ep->dev, &xfer->packet); 2112 2113 xhci_complete_packet(xfer); 2114 if (!xfer->running_async && !xfer->running_retry) { 2115 xhci_kick_ep(xhci, xfer->slotid, xfer->epid, xfer->streamid); 2116 } 2117 return 0; 2118 } 2119 2120 static int xhci_fire_transfer(XHCIState *xhci, XHCITransfer *xfer, XHCIEPContext *epctx) 2121 { 2122 trace_usb_xhci_xfer_start(xfer, xfer->slotid, xfer->epid, xfer->streamid); 2123 return xhci_submit(xhci, xfer, epctx); 2124 } 2125 2126 static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid, 2127 unsigned int epid, unsigned int streamid) 2128 { 2129 XHCIStreamContext *stctx; 2130 XHCIEPContext *epctx; 2131 XHCITransfer *xfer; 2132 XHCIRing *ring; 2133 USBEndpoint *ep = NULL; 2134 uint64_t mfindex; 2135 int length; 2136 int i; 2137 2138 trace_usb_xhci_ep_kick(slotid, epid, streamid); 2139 assert(slotid >= 1 && slotid <= xhci->numslots); 2140 assert(epid >= 1 && epid <= 31); 2141 2142 if (!xhci->slots[slotid-1].enabled) { 2143 DPRINTF("xhci: xhci_kick_ep for disabled slot %d\n", slotid); 2144 return; 2145 } 2146 epctx = xhci->slots[slotid-1].eps[epid-1]; 2147 if (!epctx) { 2148 DPRINTF("xhci: xhci_kick_ep for disabled endpoint %d,%d\n", 2149 epid, slotid); 2150 return; 2151 } 2152 2153 /* If the device has been detached, but the guest has not noticed this 2154 yet the 2 above checks will succeed, but we must NOT continue */ 2155 if (!xhci->slots[slotid - 1].uport || 2156 !xhci->slots[slotid - 1].uport->dev || 2157 !xhci->slots[slotid - 1].uport->dev->attached) { 2158 return; 2159 } 2160 2161 if (epctx->retry) { 2162 XHCITransfer *xfer = epctx->retry; 2163 2164 trace_usb_xhci_xfer_retry(xfer); 2165 assert(xfer->running_retry); 2166 if (xfer->timed_xfer) { 2167 /* time to kick the transfer? */ 2168 mfindex = xhci_mfindex_get(xhci); 2169 xhci_check_intr_iso_kick(xhci, xfer, epctx, mfindex); 2170 if (xfer->running_retry) { 2171 return; 2172 } 2173 xfer->timed_xfer = 0; 2174 xfer->running_retry = 1; 2175 } 2176 if (xfer->iso_xfer) { 2177 /* retry iso transfer */ 2178 if (xhci_setup_packet(xfer) < 0) { 2179 return; 2180 } 2181 usb_handle_packet(xfer->packet.ep->dev, &xfer->packet); 2182 assert(xfer->packet.status != USB_RET_NAK); 2183 xhci_complete_packet(xfer); 2184 } else { 2185 /* retry nak'ed transfer */ 2186 if (xhci_setup_packet(xfer) < 0) { 2187 return; 2188 } 2189 usb_handle_packet(xfer->packet.ep->dev, &xfer->packet); 2190 if (xfer->packet.status == USB_RET_NAK) { 2191 return; 2192 } 2193 xhci_complete_packet(xfer); 2194 } 2195 assert(!xfer->running_retry); 2196 xhci_ep_free_xfer(epctx->retry); 2197 epctx->retry = NULL; 2198 } 2199 2200 if (epctx->state == EP_HALTED) { 2201 DPRINTF("xhci: ep halted, not running schedule\n"); 2202 return; 2203 } 2204 2205 2206 if (epctx->nr_pstreams) { 2207 uint32_t err; 2208 stctx = xhci_find_stream(epctx, streamid, &err); 2209 if (stctx == NULL) { 2210 return; 2211 } 2212 ring = &stctx->ring; 2213 xhci_set_ep_state(xhci, epctx, stctx, EP_RUNNING); 2214 } else { 2215 ring = &epctx->ring; 2216 streamid = 0; 2217 xhci_set_ep_state(xhci, epctx, NULL, EP_RUNNING); 2218 } 2219 assert(ring->dequeue != 0); 2220 2221 while (1) { 2222 length = xhci_ring_chain_length(xhci, ring); 2223 if (length <= 0) { 2224 break; 2225 } 2226 xfer = xhci_ep_alloc_xfer(epctx, length); 2227 if (xfer == NULL) { 2228 break; 2229 } 2230 2231 for (i = 0; i < length; i++) { 2232 TRBType type; 2233 type = xhci_ring_fetch(xhci, ring, &xfer->trbs[i], NULL); 2234 assert(type); 2235 } 2236 xfer->streamid = streamid; 2237 2238 if (epid == 1) { 2239 xhci_fire_ctl_transfer(xhci, xfer); 2240 } else { 2241 xhci_fire_transfer(xhci, xfer, epctx); 2242 } 2243 if (xfer->complete) { 2244 xhci_ep_free_xfer(xfer); 2245 xfer = NULL; 2246 } 2247 2248 if (epctx->state == EP_HALTED) { 2249 break; 2250 } 2251 if (xfer != NULL && xfer->running_retry) { 2252 DPRINTF("xhci: xfer nacked, stopping schedule\n"); 2253 epctx->retry = xfer; 2254 break; 2255 } 2256 } 2257 2258 ep = xhci_epid_to_usbep(xhci, slotid, epid); 2259 if (ep) { 2260 usb_device_flush_ep_queue(ep->dev, ep); 2261 } 2262 } 2263 2264 static TRBCCode xhci_enable_slot(XHCIState *xhci, unsigned int slotid) 2265 { 2266 trace_usb_xhci_slot_enable(slotid); 2267 assert(slotid >= 1 && slotid <= xhci->numslots); 2268 xhci->slots[slotid-1].enabled = 1; 2269 xhci->slots[slotid-1].uport = NULL; 2270 memset(xhci->slots[slotid-1].eps, 0, sizeof(XHCIEPContext*)*31); 2271 2272 return CC_SUCCESS; 2273 } 2274 2275 static TRBCCode xhci_disable_slot(XHCIState *xhci, unsigned int slotid) 2276 { 2277 int i; 2278 2279 trace_usb_xhci_slot_disable(slotid); 2280 assert(slotid >= 1 && slotid <= xhci->numslots); 2281 2282 for (i = 1; i <= 31; i++) { 2283 if (xhci->slots[slotid-1].eps[i-1]) { 2284 xhci_disable_ep(xhci, slotid, i); 2285 } 2286 } 2287 2288 xhci->slots[slotid-1].enabled = 0; 2289 xhci->slots[slotid-1].addressed = 0; 2290 xhci->slots[slotid-1].uport = NULL; 2291 return CC_SUCCESS; 2292 } 2293 2294 static USBPort *xhci_lookup_uport(XHCIState *xhci, uint32_t *slot_ctx) 2295 { 2296 USBPort *uport; 2297 char path[32]; 2298 int i, pos, port; 2299 2300 port = (slot_ctx[1]>>16) & 0xFF; 2301 if (port < 1 || port > xhci->numports) { 2302 return NULL; 2303 } 2304 port = xhci->ports[port-1].uport->index+1; 2305 pos = snprintf(path, sizeof(path), "%d", port); 2306 for (i = 0; i < 5; i++) { 2307 port = (slot_ctx[0] >> 4*i) & 0x0f; 2308 if (!port) { 2309 break; 2310 } 2311 pos += snprintf(path + pos, sizeof(path) - pos, ".%d", port); 2312 } 2313 2314 QTAILQ_FOREACH(uport, &xhci->bus.used, next) { 2315 if (strcmp(uport->path, path) == 0) { 2316 return uport; 2317 } 2318 } 2319 return NULL; 2320 } 2321 2322 static TRBCCode xhci_address_slot(XHCIState *xhci, unsigned int slotid, 2323 uint64_t pictx, bool bsr) 2324 { 2325 XHCISlot *slot; 2326 USBPort *uport; 2327 USBDevice *dev; 2328 dma_addr_t ictx, octx, dcbaap; 2329 uint64_t poctx; 2330 uint32_t ictl_ctx[2]; 2331 uint32_t slot_ctx[4]; 2332 uint32_t ep0_ctx[5]; 2333 int i; 2334 TRBCCode res; 2335 2336 assert(slotid >= 1 && slotid <= xhci->numslots); 2337 2338 dcbaap = xhci_addr64(xhci->dcbaap_low, xhci->dcbaap_high); 2339 poctx = ldq_le_pci_dma(PCI_DEVICE(xhci), dcbaap + 8 * slotid); 2340 ictx = xhci_mask64(pictx); 2341 octx = xhci_mask64(poctx); 2342 2343 DPRINTF("xhci: input context at "DMA_ADDR_FMT"\n", ictx); 2344 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx); 2345 2346 xhci_dma_read_u32s(xhci, ictx, ictl_ctx, sizeof(ictl_ctx)); 2347 2348 if (ictl_ctx[0] != 0x0 || ictl_ctx[1] != 0x3) { 2349 DPRINTF("xhci: invalid input context control %08x %08x\n", 2350 ictl_ctx[0], ictl_ctx[1]); 2351 return CC_TRB_ERROR; 2352 } 2353 2354 xhci_dma_read_u32s(xhci, ictx+32, slot_ctx, sizeof(slot_ctx)); 2355 xhci_dma_read_u32s(xhci, ictx+64, ep0_ctx, sizeof(ep0_ctx)); 2356 2357 DPRINTF("xhci: input slot context: %08x %08x %08x %08x\n", 2358 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]); 2359 2360 DPRINTF("xhci: input ep0 context: %08x %08x %08x %08x %08x\n", 2361 ep0_ctx[0], ep0_ctx[1], ep0_ctx[2], ep0_ctx[3], ep0_ctx[4]); 2362 2363 uport = xhci_lookup_uport(xhci, slot_ctx); 2364 if (uport == NULL) { 2365 DPRINTF("xhci: port not found\n"); 2366 return CC_TRB_ERROR; 2367 } 2368 trace_usb_xhci_slot_address(slotid, uport->path); 2369 2370 dev = uport->dev; 2371 if (!dev || !dev->attached) { 2372 DPRINTF("xhci: port %s not connected\n", uport->path); 2373 return CC_USB_TRANSACTION_ERROR; 2374 } 2375 2376 for (i = 0; i < xhci->numslots; i++) { 2377 if (i == slotid-1) { 2378 continue; 2379 } 2380 if (xhci->slots[i].uport == uport) { 2381 DPRINTF("xhci: port %s already assigned to slot %d\n", 2382 uport->path, i+1); 2383 return CC_TRB_ERROR; 2384 } 2385 } 2386 2387 slot = &xhci->slots[slotid-1]; 2388 slot->uport = uport; 2389 slot->ctx = octx; 2390 2391 /* Make sure device is in USB_STATE_DEFAULT state */ 2392 usb_device_reset(dev); 2393 if (bsr) { 2394 slot_ctx[3] = SLOT_DEFAULT << SLOT_STATE_SHIFT; 2395 } else { 2396 USBPacket p; 2397 uint8_t buf[1]; 2398 2399 slot_ctx[3] = (SLOT_ADDRESSED << SLOT_STATE_SHIFT) | slotid; 2400 memset(&p, 0, sizeof(p)); 2401 usb_packet_addbuf(&p, buf, sizeof(buf)); 2402 usb_packet_setup(&p, USB_TOKEN_OUT, 2403 usb_ep_get(dev, USB_TOKEN_OUT, 0), 0, 2404 0, false, false); 2405 usb_device_handle_control(dev, &p, 2406 DeviceOutRequest | USB_REQ_SET_ADDRESS, 2407 slotid, 0, 0, NULL); 2408 assert(p.status != USB_RET_ASYNC); 2409 } 2410 2411 res = xhci_enable_ep(xhci, slotid, 1, octx+32, ep0_ctx); 2412 2413 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n", 2414 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]); 2415 DPRINTF("xhci: output ep0 context: %08x %08x %08x %08x %08x\n", 2416 ep0_ctx[0], ep0_ctx[1], ep0_ctx[2], ep0_ctx[3], ep0_ctx[4]); 2417 2418 xhci_dma_write_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2419 xhci_dma_write_u32s(xhci, octx+32, ep0_ctx, sizeof(ep0_ctx)); 2420 2421 xhci->slots[slotid-1].addressed = 1; 2422 return res; 2423 } 2424 2425 2426 static TRBCCode xhci_configure_slot(XHCIState *xhci, unsigned int slotid, 2427 uint64_t pictx, bool dc) 2428 { 2429 dma_addr_t ictx, octx; 2430 uint32_t ictl_ctx[2]; 2431 uint32_t slot_ctx[4]; 2432 uint32_t islot_ctx[4]; 2433 uint32_t ep_ctx[5]; 2434 int i; 2435 TRBCCode res; 2436 2437 trace_usb_xhci_slot_configure(slotid); 2438 assert(slotid >= 1 && slotid <= xhci->numslots); 2439 2440 ictx = xhci_mask64(pictx); 2441 octx = xhci->slots[slotid-1].ctx; 2442 2443 DPRINTF("xhci: input context at "DMA_ADDR_FMT"\n", ictx); 2444 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx); 2445 2446 if (dc) { 2447 for (i = 2; i <= 31; i++) { 2448 if (xhci->slots[slotid-1].eps[i-1]) { 2449 xhci_disable_ep(xhci, slotid, i); 2450 } 2451 } 2452 2453 xhci_dma_read_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2454 slot_ctx[3] &= ~(SLOT_STATE_MASK << SLOT_STATE_SHIFT); 2455 slot_ctx[3] |= SLOT_ADDRESSED << SLOT_STATE_SHIFT; 2456 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n", 2457 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]); 2458 xhci_dma_write_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2459 2460 return CC_SUCCESS; 2461 } 2462 2463 xhci_dma_read_u32s(xhci, ictx, ictl_ctx, sizeof(ictl_ctx)); 2464 2465 if ((ictl_ctx[0] & 0x3) != 0x0 || (ictl_ctx[1] & 0x3) != 0x1) { 2466 DPRINTF("xhci: invalid input context control %08x %08x\n", 2467 ictl_ctx[0], ictl_ctx[1]); 2468 return CC_TRB_ERROR; 2469 } 2470 2471 xhci_dma_read_u32s(xhci, ictx+32, islot_ctx, sizeof(islot_ctx)); 2472 xhci_dma_read_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2473 2474 if (SLOT_STATE(slot_ctx[3]) < SLOT_ADDRESSED) { 2475 DPRINTF("xhci: invalid slot state %08x\n", slot_ctx[3]); 2476 return CC_CONTEXT_STATE_ERROR; 2477 } 2478 2479 xhci_free_device_streams(xhci, slotid, ictl_ctx[0] | ictl_ctx[1]); 2480 2481 for (i = 2; i <= 31; i++) { 2482 if (ictl_ctx[0] & (1<<i)) { 2483 xhci_disable_ep(xhci, slotid, i); 2484 } 2485 if (ictl_ctx[1] & (1<<i)) { 2486 xhci_dma_read_u32s(xhci, ictx+32+(32*i), ep_ctx, sizeof(ep_ctx)); 2487 DPRINTF("xhci: input ep%d.%d context: %08x %08x %08x %08x %08x\n", 2488 i/2, i%2, ep_ctx[0], ep_ctx[1], ep_ctx[2], 2489 ep_ctx[3], ep_ctx[4]); 2490 xhci_disable_ep(xhci, slotid, i); 2491 res = xhci_enable_ep(xhci, slotid, i, octx+(32*i), ep_ctx); 2492 if (res != CC_SUCCESS) { 2493 return res; 2494 } 2495 DPRINTF("xhci: output ep%d.%d context: %08x %08x %08x %08x %08x\n", 2496 i/2, i%2, ep_ctx[0], ep_ctx[1], ep_ctx[2], 2497 ep_ctx[3], ep_ctx[4]); 2498 xhci_dma_write_u32s(xhci, octx+(32*i), ep_ctx, sizeof(ep_ctx)); 2499 } 2500 } 2501 2502 res = xhci_alloc_device_streams(xhci, slotid, ictl_ctx[1]); 2503 if (res != CC_SUCCESS) { 2504 for (i = 2; i <= 31; i++) { 2505 if (ictl_ctx[1] & (1u << i)) { 2506 xhci_disable_ep(xhci, slotid, i); 2507 } 2508 } 2509 return res; 2510 } 2511 2512 slot_ctx[3] &= ~(SLOT_STATE_MASK << SLOT_STATE_SHIFT); 2513 slot_ctx[3] |= SLOT_CONFIGURED << SLOT_STATE_SHIFT; 2514 slot_ctx[0] &= ~(SLOT_CONTEXT_ENTRIES_MASK << SLOT_CONTEXT_ENTRIES_SHIFT); 2515 slot_ctx[0] |= islot_ctx[0] & (SLOT_CONTEXT_ENTRIES_MASK << 2516 SLOT_CONTEXT_ENTRIES_SHIFT); 2517 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n", 2518 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]); 2519 2520 xhci_dma_write_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2521 2522 return CC_SUCCESS; 2523 } 2524 2525 2526 static TRBCCode xhci_evaluate_slot(XHCIState *xhci, unsigned int slotid, 2527 uint64_t pictx) 2528 { 2529 dma_addr_t ictx, octx; 2530 uint32_t ictl_ctx[2]; 2531 uint32_t iep0_ctx[5]; 2532 uint32_t ep0_ctx[5]; 2533 uint32_t islot_ctx[4]; 2534 uint32_t slot_ctx[4]; 2535 2536 trace_usb_xhci_slot_evaluate(slotid); 2537 assert(slotid >= 1 && slotid <= xhci->numslots); 2538 2539 ictx = xhci_mask64(pictx); 2540 octx = xhci->slots[slotid-1].ctx; 2541 2542 DPRINTF("xhci: input context at "DMA_ADDR_FMT"\n", ictx); 2543 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx); 2544 2545 xhci_dma_read_u32s(xhci, ictx, ictl_ctx, sizeof(ictl_ctx)); 2546 2547 if (ictl_ctx[0] != 0x0 || ictl_ctx[1] & ~0x3) { 2548 DPRINTF("xhci: invalid input context control %08x %08x\n", 2549 ictl_ctx[0], ictl_ctx[1]); 2550 return CC_TRB_ERROR; 2551 } 2552 2553 if (ictl_ctx[1] & 0x1) { 2554 xhci_dma_read_u32s(xhci, ictx+32, islot_ctx, sizeof(islot_ctx)); 2555 2556 DPRINTF("xhci: input slot context: %08x %08x %08x %08x\n", 2557 islot_ctx[0], islot_ctx[1], islot_ctx[2], islot_ctx[3]); 2558 2559 xhci_dma_read_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2560 2561 slot_ctx[1] &= ~0xFFFF; /* max exit latency */ 2562 slot_ctx[1] |= islot_ctx[1] & 0xFFFF; 2563 slot_ctx[2] &= ~0xFF00000; /* interrupter target */ 2564 slot_ctx[2] |= islot_ctx[2] & 0xFF000000; 2565 2566 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n", 2567 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]); 2568 2569 xhci_dma_write_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2570 } 2571 2572 if (ictl_ctx[1] & 0x2) { 2573 xhci_dma_read_u32s(xhci, ictx+64, iep0_ctx, sizeof(iep0_ctx)); 2574 2575 DPRINTF("xhci: input ep0 context: %08x %08x %08x %08x %08x\n", 2576 iep0_ctx[0], iep0_ctx[1], iep0_ctx[2], 2577 iep0_ctx[3], iep0_ctx[4]); 2578 2579 xhci_dma_read_u32s(xhci, octx+32, ep0_ctx, sizeof(ep0_ctx)); 2580 2581 ep0_ctx[1] &= ~0xFFFF0000; /* max packet size*/ 2582 ep0_ctx[1] |= iep0_ctx[1] & 0xFFFF0000; 2583 2584 DPRINTF("xhci: output ep0 context: %08x %08x %08x %08x %08x\n", 2585 ep0_ctx[0], ep0_ctx[1], ep0_ctx[2], ep0_ctx[3], ep0_ctx[4]); 2586 2587 xhci_dma_write_u32s(xhci, octx+32, ep0_ctx, sizeof(ep0_ctx)); 2588 } 2589 2590 return CC_SUCCESS; 2591 } 2592 2593 static TRBCCode xhci_reset_slot(XHCIState *xhci, unsigned int slotid) 2594 { 2595 uint32_t slot_ctx[4]; 2596 dma_addr_t octx; 2597 int i; 2598 2599 trace_usb_xhci_slot_reset(slotid); 2600 assert(slotid >= 1 && slotid <= xhci->numslots); 2601 2602 octx = xhci->slots[slotid-1].ctx; 2603 2604 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx); 2605 2606 for (i = 2; i <= 31; i++) { 2607 if (xhci->slots[slotid-1].eps[i-1]) { 2608 xhci_disable_ep(xhci, slotid, i); 2609 } 2610 } 2611 2612 xhci_dma_read_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2613 slot_ctx[3] &= ~(SLOT_STATE_MASK << SLOT_STATE_SHIFT); 2614 slot_ctx[3] |= SLOT_DEFAULT << SLOT_STATE_SHIFT; 2615 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n", 2616 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]); 2617 xhci_dma_write_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2618 2619 return CC_SUCCESS; 2620 } 2621 2622 static unsigned int xhci_get_slot(XHCIState *xhci, XHCIEvent *event, XHCITRB *trb) 2623 { 2624 unsigned int slotid; 2625 slotid = (trb->control >> TRB_CR_SLOTID_SHIFT) & TRB_CR_SLOTID_MASK; 2626 if (slotid < 1 || slotid > xhci->numslots) { 2627 DPRINTF("xhci: bad slot id %d\n", slotid); 2628 event->ccode = CC_TRB_ERROR; 2629 return 0; 2630 } else if (!xhci->slots[slotid-1].enabled) { 2631 DPRINTF("xhci: slot id %d not enabled\n", slotid); 2632 event->ccode = CC_SLOT_NOT_ENABLED_ERROR; 2633 return 0; 2634 } 2635 return slotid; 2636 } 2637 2638 /* cleanup slot state on usb device detach */ 2639 static void xhci_detach_slot(XHCIState *xhci, USBPort *uport) 2640 { 2641 int slot, ep; 2642 2643 for (slot = 0; slot < xhci->numslots; slot++) { 2644 if (xhci->slots[slot].uport == uport) { 2645 break; 2646 } 2647 } 2648 if (slot == xhci->numslots) { 2649 return; 2650 } 2651 2652 for (ep = 0; ep < 31; ep++) { 2653 if (xhci->slots[slot].eps[ep]) { 2654 xhci_ep_nuke_xfers(xhci, slot + 1, ep + 1, 0); 2655 } 2656 } 2657 xhci->slots[slot].uport = NULL; 2658 } 2659 2660 static TRBCCode xhci_get_port_bandwidth(XHCIState *xhci, uint64_t pctx) 2661 { 2662 dma_addr_t ctx; 2663 uint8_t bw_ctx[xhci->numports+1]; 2664 2665 DPRINTF("xhci_get_port_bandwidth()\n"); 2666 2667 ctx = xhci_mask64(pctx); 2668 2669 DPRINTF("xhci: bandwidth context at "DMA_ADDR_FMT"\n", ctx); 2670 2671 /* TODO: actually implement real values here */ 2672 bw_ctx[0] = 0; 2673 memset(&bw_ctx[1], 80, xhci->numports); /* 80% */ 2674 pci_dma_write(PCI_DEVICE(xhci), ctx, bw_ctx, sizeof(bw_ctx)); 2675 2676 return CC_SUCCESS; 2677 } 2678 2679 static uint32_t rotl(uint32_t v, unsigned count) 2680 { 2681 count &= 31; 2682 return (v << count) | (v >> (32 - count)); 2683 } 2684 2685 2686 static uint32_t xhci_nec_challenge(uint32_t hi, uint32_t lo) 2687 { 2688 uint32_t val; 2689 val = rotl(lo - 0x49434878, 32 - ((hi>>8) & 0x1F)); 2690 val += rotl(lo + 0x49434878, hi & 0x1F); 2691 val -= rotl(hi ^ 0x49434878, (lo >> 16) & 0x1F); 2692 return ~val; 2693 } 2694 2695 static void xhci_via_challenge(XHCIState *xhci, uint64_t addr) 2696 { 2697 PCIDevice *pci_dev = PCI_DEVICE(xhci); 2698 uint32_t buf[8]; 2699 uint32_t obuf[8]; 2700 dma_addr_t paddr = xhci_mask64(addr); 2701 2702 pci_dma_read(pci_dev, paddr, &buf, 32); 2703 2704 memcpy(obuf, buf, sizeof(obuf)); 2705 2706 if ((buf[0] & 0xff) == 2) { 2707 obuf[0] = 0x49932000 + 0x54dc200 * buf[2] + 0x7429b578 * buf[3]; 2708 obuf[0] |= (buf[2] * buf[3]) & 0xff; 2709 obuf[1] = 0x0132bb37 + 0xe89 * buf[2] + 0xf09 * buf[3]; 2710 obuf[2] = 0x0066c2e9 + 0x2091 * buf[2] + 0x19bd * buf[3]; 2711 obuf[3] = 0xd5281342 + 0x2cc9691 * buf[2] + 0x2367662 * buf[3]; 2712 obuf[4] = 0x0123c75c + 0x1595 * buf[2] + 0x19ec * buf[3]; 2713 obuf[5] = 0x00f695de + 0x26fd * buf[2] + 0x3e9 * buf[3]; 2714 obuf[6] = obuf[2] ^ obuf[3] ^ 0x29472956; 2715 obuf[7] = obuf[2] ^ obuf[3] ^ 0x65866593; 2716 } 2717 2718 pci_dma_write(pci_dev, paddr, &obuf, 32); 2719 } 2720 2721 static void xhci_process_commands(XHCIState *xhci) 2722 { 2723 XHCITRB trb; 2724 TRBType type; 2725 XHCIEvent event = {ER_COMMAND_COMPLETE, CC_SUCCESS}; 2726 dma_addr_t addr; 2727 unsigned int i, slotid = 0; 2728 2729 DPRINTF("xhci_process_commands()\n"); 2730 if (!xhci_running(xhci)) { 2731 DPRINTF("xhci_process_commands() called while xHC stopped or paused\n"); 2732 return; 2733 } 2734 2735 xhci->crcr_low |= CRCR_CRR; 2736 2737 while ((type = xhci_ring_fetch(xhci, &xhci->cmd_ring, &trb, &addr))) { 2738 event.ptr = addr; 2739 switch (type) { 2740 case CR_ENABLE_SLOT: 2741 for (i = 0; i < xhci->numslots; i++) { 2742 if (!xhci->slots[i].enabled) { 2743 break; 2744 } 2745 } 2746 if (i >= xhci->numslots) { 2747 DPRINTF("xhci: no device slots available\n"); 2748 event.ccode = CC_NO_SLOTS_ERROR; 2749 } else { 2750 slotid = i+1; 2751 event.ccode = xhci_enable_slot(xhci, slotid); 2752 } 2753 break; 2754 case CR_DISABLE_SLOT: 2755 slotid = xhci_get_slot(xhci, &event, &trb); 2756 if (slotid) { 2757 event.ccode = xhci_disable_slot(xhci, slotid); 2758 } 2759 break; 2760 case CR_ADDRESS_DEVICE: 2761 slotid = xhci_get_slot(xhci, &event, &trb); 2762 if (slotid) { 2763 event.ccode = xhci_address_slot(xhci, slotid, trb.parameter, 2764 trb.control & TRB_CR_BSR); 2765 } 2766 break; 2767 case CR_CONFIGURE_ENDPOINT: 2768 slotid = xhci_get_slot(xhci, &event, &trb); 2769 if (slotid) { 2770 event.ccode = xhci_configure_slot(xhci, slotid, trb.parameter, 2771 trb.control & TRB_CR_DC); 2772 } 2773 break; 2774 case CR_EVALUATE_CONTEXT: 2775 slotid = xhci_get_slot(xhci, &event, &trb); 2776 if (slotid) { 2777 event.ccode = xhci_evaluate_slot(xhci, slotid, trb.parameter); 2778 } 2779 break; 2780 case CR_STOP_ENDPOINT: 2781 slotid = xhci_get_slot(xhci, &event, &trb); 2782 if (slotid) { 2783 unsigned int epid = (trb.control >> TRB_CR_EPID_SHIFT) 2784 & TRB_CR_EPID_MASK; 2785 event.ccode = xhci_stop_ep(xhci, slotid, epid); 2786 } 2787 break; 2788 case CR_RESET_ENDPOINT: 2789 slotid = xhci_get_slot(xhci, &event, &trb); 2790 if (slotid) { 2791 unsigned int epid = (trb.control >> TRB_CR_EPID_SHIFT) 2792 & TRB_CR_EPID_MASK; 2793 event.ccode = xhci_reset_ep(xhci, slotid, epid); 2794 } 2795 break; 2796 case CR_SET_TR_DEQUEUE: 2797 slotid = xhci_get_slot(xhci, &event, &trb); 2798 if (slotid) { 2799 unsigned int epid = (trb.control >> TRB_CR_EPID_SHIFT) 2800 & TRB_CR_EPID_MASK; 2801 unsigned int streamid = (trb.status >> 16) & 0xffff; 2802 event.ccode = xhci_set_ep_dequeue(xhci, slotid, 2803 epid, streamid, 2804 trb.parameter); 2805 } 2806 break; 2807 case CR_RESET_DEVICE: 2808 slotid = xhci_get_slot(xhci, &event, &trb); 2809 if (slotid) { 2810 event.ccode = xhci_reset_slot(xhci, slotid); 2811 } 2812 break; 2813 case CR_GET_PORT_BANDWIDTH: 2814 event.ccode = xhci_get_port_bandwidth(xhci, trb.parameter); 2815 break; 2816 case CR_VENDOR_VIA_CHALLENGE_RESPONSE: 2817 xhci_via_challenge(xhci, trb.parameter); 2818 break; 2819 case CR_VENDOR_NEC_FIRMWARE_REVISION: 2820 event.type = 48; /* NEC reply */ 2821 event.length = 0x3025; 2822 break; 2823 case CR_VENDOR_NEC_CHALLENGE_RESPONSE: 2824 { 2825 uint32_t chi = trb.parameter >> 32; 2826 uint32_t clo = trb.parameter; 2827 uint32_t val = xhci_nec_challenge(chi, clo); 2828 event.length = val & 0xFFFF; 2829 event.epid = val >> 16; 2830 slotid = val >> 24; 2831 event.type = 48; /* NEC reply */ 2832 } 2833 break; 2834 default: 2835 trace_usb_xhci_unimplemented("command", type); 2836 event.ccode = CC_TRB_ERROR; 2837 break; 2838 } 2839 event.slotid = slotid; 2840 xhci_event(xhci, &event, 0); 2841 } 2842 } 2843 2844 static bool xhci_port_have_device(XHCIPort *port) 2845 { 2846 if (!port->uport->dev || !port->uport->dev->attached) { 2847 return false; /* no device present */ 2848 } 2849 if (!((1 << port->uport->dev->speed) & port->speedmask)) { 2850 return false; /* speed mismatch */ 2851 } 2852 return true; 2853 } 2854 2855 static void xhci_port_notify(XHCIPort *port, uint32_t bits) 2856 { 2857 XHCIEvent ev = { ER_PORT_STATUS_CHANGE, CC_SUCCESS, 2858 port->portnr << 24 }; 2859 2860 if ((port->portsc & bits) == bits) { 2861 return; 2862 } 2863 trace_usb_xhci_port_notify(port->portnr, bits); 2864 port->portsc |= bits; 2865 if (!xhci_running(port->xhci)) { 2866 return; 2867 } 2868 xhci_event(port->xhci, &ev, 0); 2869 } 2870 2871 static void xhci_port_update(XHCIPort *port, int is_detach) 2872 { 2873 uint32_t pls = PLS_RX_DETECT; 2874 2875 port->portsc = PORTSC_PP; 2876 if (!is_detach && xhci_port_have_device(port)) { 2877 port->portsc |= PORTSC_CCS; 2878 switch (port->uport->dev->speed) { 2879 case USB_SPEED_LOW: 2880 port->portsc |= PORTSC_SPEED_LOW; 2881 pls = PLS_POLLING; 2882 break; 2883 case USB_SPEED_FULL: 2884 port->portsc |= PORTSC_SPEED_FULL; 2885 pls = PLS_POLLING; 2886 break; 2887 case USB_SPEED_HIGH: 2888 port->portsc |= PORTSC_SPEED_HIGH; 2889 pls = PLS_POLLING; 2890 break; 2891 case USB_SPEED_SUPER: 2892 port->portsc |= PORTSC_SPEED_SUPER; 2893 port->portsc |= PORTSC_PED; 2894 pls = PLS_U0; 2895 break; 2896 } 2897 } 2898 set_field(&port->portsc, pls, PORTSC_PLS); 2899 trace_usb_xhci_port_link(port->portnr, pls); 2900 xhci_port_notify(port, PORTSC_CSC); 2901 } 2902 2903 static void xhci_port_reset(XHCIPort *port, bool warm_reset) 2904 { 2905 trace_usb_xhci_port_reset(port->portnr, warm_reset); 2906 2907 if (!xhci_port_have_device(port)) { 2908 return; 2909 } 2910 2911 usb_device_reset(port->uport->dev); 2912 2913 switch (port->uport->dev->speed) { 2914 case USB_SPEED_SUPER: 2915 if (warm_reset) { 2916 port->portsc |= PORTSC_WRC; 2917 } 2918 /* fall through */ 2919 case USB_SPEED_LOW: 2920 case USB_SPEED_FULL: 2921 case USB_SPEED_HIGH: 2922 set_field(&port->portsc, PLS_U0, PORTSC_PLS); 2923 trace_usb_xhci_port_link(port->portnr, PLS_U0); 2924 port->portsc |= PORTSC_PED; 2925 break; 2926 } 2927 2928 port->portsc &= ~PORTSC_PR; 2929 xhci_port_notify(port, PORTSC_PRC); 2930 } 2931 2932 static void xhci_reset(DeviceState *dev) 2933 { 2934 XHCIState *xhci = XHCI(dev); 2935 int i; 2936 2937 trace_usb_xhci_reset(); 2938 if (!(xhci->usbsts & USBSTS_HCH)) { 2939 DPRINTF("xhci: reset while running!\n"); 2940 } 2941 2942 xhci->usbcmd = 0; 2943 xhci->usbsts = USBSTS_HCH; 2944 xhci->dnctrl = 0; 2945 xhci->crcr_low = 0; 2946 xhci->crcr_high = 0; 2947 xhci->dcbaap_low = 0; 2948 xhci->dcbaap_high = 0; 2949 xhci->config = 0; 2950 2951 for (i = 0; i < xhci->numslots; i++) { 2952 xhci_disable_slot(xhci, i+1); 2953 } 2954 2955 for (i = 0; i < xhci->numports; i++) { 2956 xhci_port_update(xhci->ports + i, 0); 2957 } 2958 2959 for (i = 0; i < xhci->numintrs; i++) { 2960 xhci->intr[i].iman = 0; 2961 xhci->intr[i].imod = 0; 2962 xhci->intr[i].erstsz = 0; 2963 xhci->intr[i].erstba_low = 0; 2964 xhci->intr[i].erstba_high = 0; 2965 xhci->intr[i].erdp_low = 0; 2966 xhci->intr[i].erdp_high = 0; 2967 xhci->intr[i].msix_used = 0; 2968 2969 xhci->intr[i].er_ep_idx = 0; 2970 xhci->intr[i].er_pcs = 1; 2971 xhci->intr[i].er_full = 0; 2972 xhci->intr[i].ev_buffer_put = 0; 2973 xhci->intr[i].ev_buffer_get = 0; 2974 } 2975 2976 xhci->mfindex_start = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 2977 xhci_mfwrap_update(xhci); 2978 } 2979 2980 static uint64_t xhci_cap_read(void *ptr, hwaddr reg, unsigned size) 2981 { 2982 XHCIState *xhci = ptr; 2983 uint32_t ret; 2984 2985 switch (reg) { 2986 case 0x00: /* HCIVERSION, CAPLENGTH */ 2987 ret = 0x01000000 | LEN_CAP; 2988 break; 2989 case 0x04: /* HCSPARAMS 1 */ 2990 ret = ((xhci->numports_2+xhci->numports_3)<<24) 2991 | (xhci->numintrs<<8) | xhci->numslots; 2992 break; 2993 case 0x08: /* HCSPARAMS 2 */ 2994 ret = 0x0000000f; 2995 break; 2996 case 0x0c: /* HCSPARAMS 3 */ 2997 ret = 0x00000000; 2998 break; 2999 case 0x10: /* HCCPARAMS */ 3000 if (sizeof(dma_addr_t) == 4) { 3001 ret = 0x00080000 | (xhci->max_pstreams_mask << 12); 3002 } else { 3003 ret = 0x00080001 | (xhci->max_pstreams_mask << 12); 3004 } 3005 break; 3006 case 0x14: /* DBOFF */ 3007 ret = OFF_DOORBELL; 3008 break; 3009 case 0x18: /* RTSOFF */ 3010 ret = OFF_RUNTIME; 3011 break; 3012 3013 /* extended capabilities */ 3014 case 0x20: /* Supported Protocol:00 */ 3015 ret = 0x02000402; /* USB 2.0 */ 3016 break; 3017 case 0x24: /* Supported Protocol:04 */ 3018 ret = 0x20425355; /* "USB " */ 3019 break; 3020 case 0x28: /* Supported Protocol:08 */ 3021 if (xhci_get_flag(xhci, XHCI_FLAG_SS_FIRST)) { 3022 ret = (xhci->numports_2<<8) | (xhci->numports_3+1); 3023 } else { 3024 ret = (xhci->numports_2<<8) | 1; 3025 } 3026 break; 3027 case 0x2c: /* Supported Protocol:0c */ 3028 ret = 0x00000000; /* reserved */ 3029 break; 3030 case 0x30: /* Supported Protocol:00 */ 3031 ret = 0x03000002; /* USB 3.0 */ 3032 break; 3033 case 0x34: /* Supported Protocol:04 */ 3034 ret = 0x20425355; /* "USB " */ 3035 break; 3036 case 0x38: /* Supported Protocol:08 */ 3037 if (xhci_get_flag(xhci, XHCI_FLAG_SS_FIRST)) { 3038 ret = (xhci->numports_3<<8) | 1; 3039 } else { 3040 ret = (xhci->numports_3<<8) | (xhci->numports_2+1); 3041 } 3042 break; 3043 case 0x3c: /* Supported Protocol:0c */ 3044 ret = 0x00000000; /* reserved */ 3045 break; 3046 default: 3047 trace_usb_xhci_unimplemented("cap read", reg); 3048 ret = 0; 3049 } 3050 3051 trace_usb_xhci_cap_read(reg, ret); 3052 return ret; 3053 } 3054 3055 static uint64_t xhci_port_read(void *ptr, hwaddr reg, unsigned size) 3056 { 3057 XHCIPort *port = ptr; 3058 uint32_t ret; 3059 3060 switch (reg) { 3061 case 0x00: /* PORTSC */ 3062 ret = port->portsc; 3063 break; 3064 case 0x04: /* PORTPMSC */ 3065 case 0x08: /* PORTLI */ 3066 ret = 0; 3067 break; 3068 case 0x0c: /* reserved */ 3069 default: 3070 trace_usb_xhci_unimplemented("port read", reg); 3071 ret = 0; 3072 } 3073 3074 trace_usb_xhci_port_read(port->portnr, reg, ret); 3075 return ret; 3076 } 3077 3078 static void xhci_port_write(void *ptr, hwaddr reg, 3079 uint64_t val, unsigned size) 3080 { 3081 XHCIPort *port = ptr; 3082 uint32_t portsc, notify; 3083 3084 trace_usb_xhci_port_write(port->portnr, reg, val); 3085 3086 switch (reg) { 3087 case 0x00: /* PORTSC */ 3088 /* write-1-to-start bits */ 3089 if (val & PORTSC_WPR) { 3090 xhci_port_reset(port, true); 3091 break; 3092 } 3093 if (val & PORTSC_PR) { 3094 xhci_port_reset(port, false); 3095 break; 3096 } 3097 3098 portsc = port->portsc; 3099 notify = 0; 3100 /* write-1-to-clear bits*/ 3101 portsc &= ~(val & (PORTSC_CSC|PORTSC_PEC|PORTSC_WRC|PORTSC_OCC| 3102 PORTSC_PRC|PORTSC_PLC|PORTSC_CEC)); 3103 if (val & PORTSC_LWS) { 3104 /* overwrite PLS only when LWS=1 */ 3105 uint32_t old_pls = get_field(port->portsc, PORTSC_PLS); 3106 uint32_t new_pls = get_field(val, PORTSC_PLS); 3107 switch (new_pls) { 3108 case PLS_U0: 3109 if (old_pls != PLS_U0) { 3110 set_field(&portsc, new_pls, PORTSC_PLS); 3111 trace_usb_xhci_port_link(port->portnr, new_pls); 3112 notify = PORTSC_PLC; 3113 } 3114 break; 3115 case PLS_U3: 3116 if (old_pls < PLS_U3) { 3117 set_field(&portsc, new_pls, PORTSC_PLS); 3118 trace_usb_xhci_port_link(port->portnr, new_pls); 3119 } 3120 break; 3121 case PLS_RESUME: 3122 /* windows does this for some reason, don't spam stderr */ 3123 break; 3124 default: 3125 DPRINTF("%s: ignore pls write (old %d, new %d)\n", 3126 __func__, old_pls, new_pls); 3127 break; 3128 } 3129 } 3130 /* read/write bits */ 3131 portsc &= ~(PORTSC_PP|PORTSC_WCE|PORTSC_WDE|PORTSC_WOE); 3132 portsc |= (val & (PORTSC_PP|PORTSC_WCE|PORTSC_WDE|PORTSC_WOE)); 3133 port->portsc = portsc; 3134 if (notify) { 3135 xhci_port_notify(port, notify); 3136 } 3137 break; 3138 case 0x04: /* PORTPMSC */ 3139 case 0x08: /* PORTLI */ 3140 default: 3141 trace_usb_xhci_unimplemented("port write", reg); 3142 } 3143 } 3144 3145 static uint64_t xhci_oper_read(void *ptr, hwaddr reg, unsigned size) 3146 { 3147 XHCIState *xhci = ptr; 3148 uint32_t ret; 3149 3150 switch (reg) { 3151 case 0x00: /* USBCMD */ 3152 ret = xhci->usbcmd; 3153 break; 3154 case 0x04: /* USBSTS */ 3155 ret = xhci->usbsts; 3156 break; 3157 case 0x08: /* PAGESIZE */ 3158 ret = 1; /* 4KiB */ 3159 break; 3160 case 0x14: /* DNCTRL */ 3161 ret = xhci->dnctrl; 3162 break; 3163 case 0x18: /* CRCR low */ 3164 ret = xhci->crcr_low & ~0xe; 3165 break; 3166 case 0x1c: /* CRCR high */ 3167 ret = xhci->crcr_high; 3168 break; 3169 case 0x30: /* DCBAAP low */ 3170 ret = xhci->dcbaap_low; 3171 break; 3172 case 0x34: /* DCBAAP high */ 3173 ret = xhci->dcbaap_high; 3174 break; 3175 case 0x38: /* CONFIG */ 3176 ret = xhci->config; 3177 break; 3178 default: 3179 trace_usb_xhci_unimplemented("oper read", reg); 3180 ret = 0; 3181 } 3182 3183 trace_usb_xhci_oper_read(reg, ret); 3184 return ret; 3185 } 3186 3187 static void xhci_oper_write(void *ptr, hwaddr reg, 3188 uint64_t val, unsigned size) 3189 { 3190 XHCIState *xhci = ptr; 3191 DeviceState *d = DEVICE(ptr); 3192 3193 trace_usb_xhci_oper_write(reg, val); 3194 3195 switch (reg) { 3196 case 0x00: /* USBCMD */ 3197 if ((val & USBCMD_RS) && !(xhci->usbcmd & USBCMD_RS)) { 3198 xhci_run(xhci); 3199 } else if (!(val & USBCMD_RS) && (xhci->usbcmd & USBCMD_RS)) { 3200 xhci_stop(xhci); 3201 } 3202 if (val & USBCMD_CSS) { 3203 /* save state */ 3204 xhci->usbsts &= ~USBSTS_SRE; 3205 } 3206 if (val & USBCMD_CRS) { 3207 /* restore state */ 3208 xhci->usbsts |= USBSTS_SRE; 3209 } 3210 xhci->usbcmd = val & 0xc0f; 3211 xhci_mfwrap_update(xhci); 3212 if (val & USBCMD_HCRST) { 3213 xhci_reset(d); 3214 } 3215 xhci_intx_update(xhci); 3216 break; 3217 3218 case 0x04: /* USBSTS */ 3219 /* these bits are write-1-to-clear */ 3220 xhci->usbsts &= ~(val & (USBSTS_HSE|USBSTS_EINT|USBSTS_PCD|USBSTS_SRE)); 3221 xhci_intx_update(xhci); 3222 break; 3223 3224 case 0x14: /* DNCTRL */ 3225 xhci->dnctrl = val & 0xffff; 3226 break; 3227 case 0x18: /* CRCR low */ 3228 xhci->crcr_low = (val & 0xffffffcf) | (xhci->crcr_low & CRCR_CRR); 3229 break; 3230 case 0x1c: /* CRCR high */ 3231 xhci->crcr_high = val; 3232 if (xhci->crcr_low & (CRCR_CA|CRCR_CS) && (xhci->crcr_low & CRCR_CRR)) { 3233 XHCIEvent event = {ER_COMMAND_COMPLETE, CC_COMMAND_RING_STOPPED}; 3234 xhci->crcr_low &= ~CRCR_CRR; 3235 xhci_event(xhci, &event, 0); 3236 DPRINTF("xhci: command ring stopped (CRCR=%08x)\n", xhci->crcr_low); 3237 } else { 3238 dma_addr_t base = xhci_addr64(xhci->crcr_low & ~0x3f, val); 3239 xhci_ring_init(xhci, &xhci->cmd_ring, base); 3240 } 3241 xhci->crcr_low &= ~(CRCR_CA | CRCR_CS); 3242 break; 3243 case 0x30: /* DCBAAP low */ 3244 xhci->dcbaap_low = val & 0xffffffc0; 3245 break; 3246 case 0x34: /* DCBAAP high */ 3247 xhci->dcbaap_high = val; 3248 break; 3249 case 0x38: /* CONFIG */ 3250 xhci->config = val & 0xff; 3251 break; 3252 default: 3253 trace_usb_xhci_unimplemented("oper write", reg); 3254 } 3255 } 3256 3257 static uint64_t xhci_runtime_read(void *ptr, hwaddr reg, 3258 unsigned size) 3259 { 3260 XHCIState *xhci = ptr; 3261 uint32_t ret = 0; 3262 3263 if (reg < 0x20) { 3264 switch (reg) { 3265 case 0x00: /* MFINDEX */ 3266 ret = xhci_mfindex_get(xhci) & 0x3fff; 3267 break; 3268 default: 3269 trace_usb_xhci_unimplemented("runtime read", reg); 3270 break; 3271 } 3272 } else { 3273 int v = (reg - 0x20) / 0x20; 3274 XHCIInterrupter *intr = &xhci->intr[v]; 3275 switch (reg & 0x1f) { 3276 case 0x00: /* IMAN */ 3277 ret = intr->iman; 3278 break; 3279 case 0x04: /* IMOD */ 3280 ret = intr->imod; 3281 break; 3282 case 0x08: /* ERSTSZ */ 3283 ret = intr->erstsz; 3284 break; 3285 case 0x10: /* ERSTBA low */ 3286 ret = intr->erstba_low; 3287 break; 3288 case 0x14: /* ERSTBA high */ 3289 ret = intr->erstba_high; 3290 break; 3291 case 0x18: /* ERDP low */ 3292 ret = intr->erdp_low; 3293 break; 3294 case 0x1c: /* ERDP high */ 3295 ret = intr->erdp_high; 3296 break; 3297 } 3298 } 3299 3300 trace_usb_xhci_runtime_read(reg, ret); 3301 return ret; 3302 } 3303 3304 static void xhci_runtime_write(void *ptr, hwaddr reg, 3305 uint64_t val, unsigned size) 3306 { 3307 XHCIState *xhci = ptr; 3308 int v = (reg - 0x20) / 0x20; 3309 XHCIInterrupter *intr = &xhci->intr[v]; 3310 trace_usb_xhci_runtime_write(reg, val); 3311 3312 if (reg < 0x20) { 3313 trace_usb_xhci_unimplemented("runtime write", reg); 3314 return; 3315 } 3316 3317 switch (reg & 0x1f) { 3318 case 0x00: /* IMAN */ 3319 if (val & IMAN_IP) { 3320 intr->iman &= ~IMAN_IP; 3321 } 3322 intr->iman &= ~IMAN_IE; 3323 intr->iman |= val & IMAN_IE; 3324 if (v == 0) { 3325 xhci_intx_update(xhci); 3326 } 3327 xhci_msix_update(xhci, v); 3328 break; 3329 case 0x04: /* IMOD */ 3330 intr->imod = val; 3331 break; 3332 case 0x08: /* ERSTSZ */ 3333 intr->erstsz = val & 0xffff; 3334 break; 3335 case 0x10: /* ERSTBA low */ 3336 /* XXX NEC driver bug: it doesn't align this to 64 bytes 3337 intr->erstba_low = val & 0xffffffc0; */ 3338 intr->erstba_low = val & 0xfffffff0; 3339 break; 3340 case 0x14: /* ERSTBA high */ 3341 intr->erstba_high = val; 3342 xhci_er_reset(xhci, v); 3343 break; 3344 case 0x18: /* ERDP low */ 3345 if (val & ERDP_EHB) { 3346 intr->erdp_low &= ~ERDP_EHB; 3347 } 3348 intr->erdp_low = (val & ~ERDP_EHB) | (intr->erdp_low & ERDP_EHB); 3349 break; 3350 case 0x1c: /* ERDP high */ 3351 intr->erdp_high = val; 3352 xhci_events_update(xhci, v); 3353 break; 3354 default: 3355 trace_usb_xhci_unimplemented("oper write", reg); 3356 } 3357 } 3358 3359 static uint64_t xhci_doorbell_read(void *ptr, hwaddr reg, 3360 unsigned size) 3361 { 3362 /* doorbells always read as 0 */ 3363 trace_usb_xhci_doorbell_read(reg, 0); 3364 return 0; 3365 } 3366 3367 static void xhci_doorbell_write(void *ptr, hwaddr reg, 3368 uint64_t val, unsigned size) 3369 { 3370 XHCIState *xhci = ptr; 3371 unsigned int epid, streamid; 3372 3373 trace_usb_xhci_doorbell_write(reg, val); 3374 3375 if (!xhci_running(xhci)) { 3376 DPRINTF("xhci: wrote doorbell while xHC stopped or paused\n"); 3377 return; 3378 } 3379 3380 reg >>= 2; 3381 3382 if (reg == 0) { 3383 if (val == 0) { 3384 xhci_process_commands(xhci); 3385 } else { 3386 DPRINTF("xhci: bad doorbell 0 write: 0x%x\n", 3387 (uint32_t)val); 3388 } 3389 } else { 3390 epid = val & 0xff; 3391 streamid = (val >> 16) & 0xffff; 3392 if (reg > xhci->numslots) { 3393 DPRINTF("xhci: bad doorbell %d\n", (int)reg); 3394 } else if (epid > 31) { 3395 DPRINTF("xhci: bad doorbell %d write: 0x%x\n", 3396 (int)reg, (uint32_t)val); 3397 } else { 3398 xhci_kick_ep(xhci, reg, epid, streamid); 3399 } 3400 } 3401 } 3402 3403 static void xhci_cap_write(void *opaque, hwaddr addr, uint64_t val, 3404 unsigned width) 3405 { 3406 /* nothing */ 3407 } 3408 3409 static const MemoryRegionOps xhci_cap_ops = { 3410 .read = xhci_cap_read, 3411 .write = xhci_cap_write, 3412 .valid.min_access_size = 1, 3413 .valid.max_access_size = 4, 3414 .impl.min_access_size = 4, 3415 .impl.max_access_size = 4, 3416 .endianness = DEVICE_LITTLE_ENDIAN, 3417 }; 3418 3419 static const MemoryRegionOps xhci_oper_ops = { 3420 .read = xhci_oper_read, 3421 .write = xhci_oper_write, 3422 .valid.min_access_size = 4, 3423 .valid.max_access_size = 4, 3424 .endianness = DEVICE_LITTLE_ENDIAN, 3425 }; 3426 3427 static const MemoryRegionOps xhci_port_ops = { 3428 .read = xhci_port_read, 3429 .write = xhci_port_write, 3430 .valid.min_access_size = 4, 3431 .valid.max_access_size = 4, 3432 .endianness = DEVICE_LITTLE_ENDIAN, 3433 }; 3434 3435 static const MemoryRegionOps xhci_runtime_ops = { 3436 .read = xhci_runtime_read, 3437 .write = xhci_runtime_write, 3438 .valid.min_access_size = 4, 3439 .valid.max_access_size = 4, 3440 .endianness = DEVICE_LITTLE_ENDIAN, 3441 }; 3442 3443 static const MemoryRegionOps xhci_doorbell_ops = { 3444 .read = xhci_doorbell_read, 3445 .write = xhci_doorbell_write, 3446 .valid.min_access_size = 4, 3447 .valid.max_access_size = 4, 3448 .endianness = DEVICE_LITTLE_ENDIAN, 3449 }; 3450 3451 static void xhci_attach(USBPort *usbport) 3452 { 3453 XHCIState *xhci = usbport->opaque; 3454 XHCIPort *port = xhci_lookup_port(xhci, usbport); 3455 3456 xhci_port_update(port, 0); 3457 } 3458 3459 static void xhci_detach(USBPort *usbport) 3460 { 3461 XHCIState *xhci = usbport->opaque; 3462 XHCIPort *port = xhci_lookup_port(xhci, usbport); 3463 3464 xhci_detach_slot(xhci, usbport); 3465 xhci_port_update(port, 1); 3466 } 3467 3468 static void xhci_wakeup(USBPort *usbport) 3469 { 3470 XHCIState *xhci = usbport->opaque; 3471 XHCIPort *port = xhci_lookup_port(xhci, usbport); 3472 3473 if (get_field(port->portsc, PORTSC_PLS) != PLS_U3) { 3474 return; 3475 } 3476 set_field(&port->portsc, PLS_RESUME, PORTSC_PLS); 3477 xhci_port_notify(port, PORTSC_PLC); 3478 } 3479 3480 static void xhci_complete(USBPort *port, USBPacket *packet) 3481 { 3482 XHCITransfer *xfer = container_of(packet, XHCITransfer, packet); 3483 3484 if (packet->status == USB_RET_REMOVE_FROM_QUEUE) { 3485 xhci_ep_nuke_one_xfer(xfer, 0); 3486 return; 3487 } 3488 xhci_complete_packet(xfer); 3489 xhci_kick_ep(xfer->epctx->xhci, xfer->slotid, xfer->epid, xfer->streamid); 3490 if (xfer->complete) { 3491 xhci_ep_free_xfer(xfer); 3492 } 3493 } 3494 3495 static void xhci_child_detach(USBPort *uport, USBDevice *child) 3496 { 3497 USBBus *bus = usb_bus_from_device(child); 3498 XHCIState *xhci = container_of(bus, XHCIState, bus); 3499 3500 xhci_detach_slot(xhci, child->port); 3501 } 3502 3503 static USBPortOps xhci_uport_ops = { 3504 .attach = xhci_attach, 3505 .detach = xhci_detach, 3506 .wakeup = xhci_wakeup, 3507 .complete = xhci_complete, 3508 .child_detach = xhci_child_detach, 3509 }; 3510 3511 static int xhci_find_epid(USBEndpoint *ep) 3512 { 3513 if (ep->nr == 0) { 3514 return 1; 3515 } 3516 if (ep->pid == USB_TOKEN_IN) { 3517 return ep->nr * 2 + 1; 3518 } else { 3519 return ep->nr * 2; 3520 } 3521 } 3522 3523 static USBEndpoint *xhci_epid_to_usbep(XHCIState *xhci, 3524 unsigned int slotid, unsigned int epid) 3525 { 3526 assert(slotid >= 1 && slotid <= xhci->numslots); 3527 3528 if (!xhci->slots[slotid - 1].uport) { 3529 return NULL; 3530 } 3531 3532 return usb_ep_get(xhci->slots[slotid - 1].uport->dev, 3533 (epid & 1) ? USB_TOKEN_IN : USB_TOKEN_OUT, epid >> 1); 3534 } 3535 3536 static void xhci_wakeup_endpoint(USBBus *bus, USBEndpoint *ep, 3537 unsigned int stream) 3538 { 3539 XHCIState *xhci = container_of(bus, XHCIState, bus); 3540 int slotid; 3541 3542 DPRINTF("%s\n", __func__); 3543 slotid = ep->dev->addr; 3544 if (slotid == 0 || !xhci->slots[slotid-1].enabled) { 3545 DPRINTF("%s: oops, no slot for dev %d\n", __func__, ep->dev->addr); 3546 return; 3547 } 3548 xhci_kick_ep(xhci, slotid, xhci_find_epid(ep), stream); 3549 } 3550 3551 static USBBusOps xhci_bus_ops = { 3552 .wakeup_endpoint = xhci_wakeup_endpoint, 3553 }; 3554 3555 static void usb_xhci_init(XHCIState *xhci) 3556 { 3557 DeviceState *dev = DEVICE(xhci); 3558 XHCIPort *port; 3559 int i, usbports, speedmask; 3560 3561 xhci->usbsts = USBSTS_HCH; 3562 3563 if (xhci->numports_2 > MAXPORTS_2) { 3564 xhci->numports_2 = MAXPORTS_2; 3565 } 3566 if (xhci->numports_3 > MAXPORTS_3) { 3567 xhci->numports_3 = MAXPORTS_3; 3568 } 3569 usbports = MAX(xhci->numports_2, xhci->numports_3); 3570 xhci->numports = xhci->numports_2 + xhci->numports_3; 3571 3572 usb_bus_new(&xhci->bus, sizeof(xhci->bus), &xhci_bus_ops, dev); 3573 3574 for (i = 0; i < usbports; i++) { 3575 speedmask = 0; 3576 if (i < xhci->numports_2) { 3577 if (xhci_get_flag(xhci, XHCI_FLAG_SS_FIRST)) { 3578 port = &xhci->ports[i + xhci->numports_3]; 3579 port->portnr = i + 1 + xhci->numports_3; 3580 } else { 3581 port = &xhci->ports[i]; 3582 port->portnr = i + 1; 3583 } 3584 port->uport = &xhci->uports[i]; 3585 port->speedmask = 3586 USB_SPEED_MASK_LOW | 3587 USB_SPEED_MASK_FULL | 3588 USB_SPEED_MASK_HIGH; 3589 snprintf(port->name, sizeof(port->name), "usb2 port #%d", i+1); 3590 speedmask |= port->speedmask; 3591 } 3592 if (i < xhci->numports_3) { 3593 if (xhci_get_flag(xhci, XHCI_FLAG_SS_FIRST)) { 3594 port = &xhci->ports[i]; 3595 port->portnr = i + 1; 3596 } else { 3597 port = &xhci->ports[i + xhci->numports_2]; 3598 port->portnr = i + 1 + xhci->numports_2; 3599 } 3600 port->uport = &xhci->uports[i]; 3601 port->speedmask = USB_SPEED_MASK_SUPER; 3602 snprintf(port->name, sizeof(port->name), "usb3 port #%d", i+1); 3603 speedmask |= port->speedmask; 3604 } 3605 usb_register_port(&xhci->bus, &xhci->uports[i], xhci, i, 3606 &xhci_uport_ops, speedmask); 3607 } 3608 } 3609 3610 static void usb_xhci_realize(struct PCIDevice *dev, Error **errp) 3611 { 3612 int i, ret; 3613 Error *err = NULL; 3614 3615 XHCIState *xhci = XHCI(dev); 3616 3617 dev->config[PCI_CLASS_PROG] = 0x30; /* xHCI */ 3618 dev->config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin 1 */ 3619 dev->config[PCI_CACHE_LINE_SIZE] = 0x10; 3620 dev->config[0x60] = 0x30; /* release number */ 3621 3622 usb_xhci_init(xhci); 3623 3624 if (xhci->msi != ON_OFF_AUTO_OFF) { 3625 ret = msi_init(dev, 0x70, xhci->numintrs, true, false, &err); 3626 /* Any error other than -ENOTSUP(board's MSI support is broken) 3627 * is a programming error */ 3628 assert(!ret || ret == -ENOTSUP); 3629 if (ret && xhci->msi == ON_OFF_AUTO_ON) { 3630 /* Can't satisfy user's explicit msi=on request, fail */ 3631 error_append_hint(&err, "You have to use msi=auto (default) or " 3632 "msi=off with this machine type.\n"); 3633 error_propagate(errp, err); 3634 return; 3635 } 3636 assert(!err || xhci->msi == ON_OFF_AUTO_AUTO); 3637 /* With msi=auto, we fall back to MSI off silently */ 3638 error_free(err); 3639 } 3640 3641 if (xhci->numintrs > MAXINTRS) { 3642 xhci->numintrs = MAXINTRS; 3643 } 3644 while (xhci->numintrs & (xhci->numintrs - 1)) { /* ! power of 2 */ 3645 xhci->numintrs++; 3646 } 3647 if (xhci->numintrs < 1) { 3648 xhci->numintrs = 1; 3649 } 3650 if (xhci->numslots > MAXSLOTS) { 3651 xhci->numslots = MAXSLOTS; 3652 } 3653 if (xhci->numslots < 1) { 3654 xhci->numslots = 1; 3655 } 3656 if (xhci_get_flag(xhci, XHCI_FLAG_ENABLE_STREAMS)) { 3657 xhci->max_pstreams_mask = 7; /* == 256 primary streams */ 3658 } else { 3659 xhci->max_pstreams_mask = 0; 3660 } 3661 3662 xhci->mfwrap_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, xhci_mfwrap_timer, xhci); 3663 3664 memory_region_init(&xhci->mem, OBJECT(xhci), "xhci", LEN_REGS); 3665 memory_region_init_io(&xhci->mem_cap, OBJECT(xhci), &xhci_cap_ops, xhci, 3666 "capabilities", LEN_CAP); 3667 memory_region_init_io(&xhci->mem_oper, OBJECT(xhci), &xhci_oper_ops, xhci, 3668 "operational", 0x400); 3669 memory_region_init_io(&xhci->mem_runtime, OBJECT(xhci), &xhci_runtime_ops, xhci, 3670 "runtime", LEN_RUNTIME); 3671 memory_region_init_io(&xhci->mem_doorbell, OBJECT(xhci), &xhci_doorbell_ops, xhci, 3672 "doorbell", LEN_DOORBELL); 3673 3674 memory_region_add_subregion(&xhci->mem, 0, &xhci->mem_cap); 3675 memory_region_add_subregion(&xhci->mem, OFF_OPER, &xhci->mem_oper); 3676 memory_region_add_subregion(&xhci->mem, OFF_RUNTIME, &xhci->mem_runtime); 3677 memory_region_add_subregion(&xhci->mem, OFF_DOORBELL, &xhci->mem_doorbell); 3678 3679 for (i = 0; i < xhci->numports; i++) { 3680 XHCIPort *port = &xhci->ports[i]; 3681 uint32_t offset = OFF_OPER + 0x400 + 0x10 * i; 3682 port->xhci = xhci; 3683 memory_region_init_io(&port->mem, OBJECT(xhci), &xhci_port_ops, port, 3684 port->name, 0x10); 3685 memory_region_add_subregion(&xhci->mem, offset, &port->mem); 3686 } 3687 3688 pci_register_bar(dev, 0, 3689 PCI_BASE_ADDRESS_SPACE_MEMORY|PCI_BASE_ADDRESS_MEM_TYPE_64, 3690 &xhci->mem); 3691 3692 if (pci_bus_is_express(dev->bus) || 3693 xhci_get_flag(xhci, XHCI_FLAG_FORCE_PCIE_ENDCAP)) { 3694 ret = pcie_endpoint_cap_init(dev, 0xa0); 3695 assert(ret >= 0); 3696 } 3697 3698 if (xhci->msix != ON_OFF_AUTO_OFF) { 3699 /* TODO check for errors */ 3700 msix_init(dev, xhci->numintrs, 3701 &xhci->mem, 0, OFF_MSIX_TABLE, 3702 &xhci->mem, 0, OFF_MSIX_PBA, 3703 0x90); 3704 } 3705 } 3706 3707 static void usb_xhci_exit(PCIDevice *dev) 3708 { 3709 int i; 3710 XHCIState *xhci = XHCI(dev); 3711 3712 trace_usb_xhci_exit(); 3713 3714 for (i = 0; i < xhci->numslots; i++) { 3715 xhci_disable_slot(xhci, i + 1); 3716 } 3717 3718 if (xhci->mfwrap_timer) { 3719 timer_del(xhci->mfwrap_timer); 3720 timer_free(xhci->mfwrap_timer); 3721 xhci->mfwrap_timer = NULL; 3722 } 3723 3724 memory_region_del_subregion(&xhci->mem, &xhci->mem_cap); 3725 memory_region_del_subregion(&xhci->mem, &xhci->mem_oper); 3726 memory_region_del_subregion(&xhci->mem, &xhci->mem_runtime); 3727 memory_region_del_subregion(&xhci->mem, &xhci->mem_doorbell); 3728 3729 for (i = 0; i < xhci->numports; i++) { 3730 XHCIPort *port = &xhci->ports[i]; 3731 memory_region_del_subregion(&xhci->mem, &port->mem); 3732 } 3733 3734 /* destroy msix memory region */ 3735 if (dev->msix_table && dev->msix_pba 3736 && dev->msix_entry_used) { 3737 msix_uninit(dev, &xhci->mem, &xhci->mem); 3738 } 3739 3740 usb_bus_release(&xhci->bus); 3741 } 3742 3743 static int usb_xhci_post_load(void *opaque, int version_id) 3744 { 3745 XHCIState *xhci = opaque; 3746 PCIDevice *pci_dev = PCI_DEVICE(xhci); 3747 XHCISlot *slot; 3748 XHCIEPContext *epctx; 3749 dma_addr_t dcbaap, pctx; 3750 uint32_t slot_ctx[4]; 3751 uint32_t ep_ctx[5]; 3752 int slotid, epid, state, intr; 3753 3754 dcbaap = xhci_addr64(xhci->dcbaap_low, xhci->dcbaap_high); 3755 3756 for (slotid = 1; slotid <= xhci->numslots; slotid++) { 3757 slot = &xhci->slots[slotid-1]; 3758 if (!slot->addressed) { 3759 continue; 3760 } 3761 slot->ctx = 3762 xhci_mask64(ldq_le_pci_dma(pci_dev, dcbaap + 8 * slotid)); 3763 xhci_dma_read_u32s(xhci, slot->ctx, slot_ctx, sizeof(slot_ctx)); 3764 slot->uport = xhci_lookup_uport(xhci, slot_ctx); 3765 if (!slot->uport) { 3766 /* should not happen, but may trigger on guest bugs */ 3767 slot->enabled = 0; 3768 slot->addressed = 0; 3769 continue; 3770 } 3771 assert(slot->uport && slot->uport->dev); 3772 3773 for (epid = 1; epid <= 31; epid++) { 3774 pctx = slot->ctx + 32 * epid; 3775 xhci_dma_read_u32s(xhci, pctx, ep_ctx, sizeof(ep_ctx)); 3776 state = ep_ctx[0] & EP_STATE_MASK; 3777 if (state == EP_DISABLED) { 3778 continue; 3779 } 3780 epctx = xhci_alloc_epctx(xhci, slotid, epid); 3781 slot->eps[epid-1] = epctx; 3782 xhci_init_epctx(epctx, pctx, ep_ctx); 3783 epctx->state = state; 3784 if (state == EP_RUNNING) { 3785 /* kick endpoint after vmload is finished */ 3786 timer_mod(epctx->kick_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)); 3787 } 3788 } 3789 } 3790 3791 for (intr = 0; intr < xhci->numintrs; intr++) { 3792 if (xhci->intr[intr].msix_used) { 3793 msix_vector_use(pci_dev, intr); 3794 } else { 3795 msix_vector_unuse(pci_dev, intr); 3796 } 3797 } 3798 3799 return 0; 3800 } 3801 3802 static const VMStateDescription vmstate_xhci_ring = { 3803 .name = "xhci-ring", 3804 .version_id = 1, 3805 .fields = (VMStateField[]) { 3806 VMSTATE_UINT64(dequeue, XHCIRing), 3807 VMSTATE_BOOL(ccs, XHCIRing), 3808 VMSTATE_END_OF_LIST() 3809 } 3810 }; 3811 3812 static const VMStateDescription vmstate_xhci_port = { 3813 .name = "xhci-port", 3814 .version_id = 1, 3815 .fields = (VMStateField[]) { 3816 VMSTATE_UINT32(portsc, XHCIPort), 3817 VMSTATE_END_OF_LIST() 3818 } 3819 }; 3820 3821 static const VMStateDescription vmstate_xhci_slot = { 3822 .name = "xhci-slot", 3823 .version_id = 1, 3824 .fields = (VMStateField[]) { 3825 VMSTATE_BOOL(enabled, XHCISlot), 3826 VMSTATE_BOOL(addressed, XHCISlot), 3827 VMSTATE_END_OF_LIST() 3828 } 3829 }; 3830 3831 static const VMStateDescription vmstate_xhci_event = { 3832 .name = "xhci-event", 3833 .version_id = 1, 3834 .fields = (VMStateField[]) { 3835 VMSTATE_UINT32(type, XHCIEvent), 3836 VMSTATE_UINT32(ccode, XHCIEvent), 3837 VMSTATE_UINT64(ptr, XHCIEvent), 3838 VMSTATE_UINT32(length, XHCIEvent), 3839 VMSTATE_UINT32(flags, XHCIEvent), 3840 VMSTATE_UINT8(slotid, XHCIEvent), 3841 VMSTATE_UINT8(epid, XHCIEvent), 3842 VMSTATE_END_OF_LIST() 3843 } 3844 }; 3845 3846 static bool xhci_er_full(void *opaque, int version_id) 3847 { 3848 struct XHCIInterrupter *intr = opaque; 3849 return intr->er_full; 3850 } 3851 3852 static const VMStateDescription vmstate_xhci_intr = { 3853 .name = "xhci-intr", 3854 .version_id = 1, 3855 .fields = (VMStateField[]) { 3856 /* registers */ 3857 VMSTATE_UINT32(iman, XHCIInterrupter), 3858 VMSTATE_UINT32(imod, XHCIInterrupter), 3859 VMSTATE_UINT32(erstsz, XHCIInterrupter), 3860 VMSTATE_UINT32(erstba_low, XHCIInterrupter), 3861 VMSTATE_UINT32(erstba_high, XHCIInterrupter), 3862 VMSTATE_UINT32(erdp_low, XHCIInterrupter), 3863 VMSTATE_UINT32(erdp_high, XHCIInterrupter), 3864 3865 /* state */ 3866 VMSTATE_BOOL(msix_used, XHCIInterrupter), 3867 VMSTATE_BOOL(er_pcs, XHCIInterrupter), 3868 VMSTATE_UINT64(er_start, XHCIInterrupter), 3869 VMSTATE_UINT32(er_size, XHCIInterrupter), 3870 VMSTATE_UINT32(er_ep_idx, XHCIInterrupter), 3871 3872 /* event queue (used if ring is full) */ 3873 VMSTATE_BOOL(er_full, XHCIInterrupter), 3874 VMSTATE_UINT32_TEST(ev_buffer_put, XHCIInterrupter, xhci_er_full), 3875 VMSTATE_UINT32_TEST(ev_buffer_get, XHCIInterrupter, xhci_er_full), 3876 VMSTATE_STRUCT_ARRAY_TEST(ev_buffer, XHCIInterrupter, EV_QUEUE, 3877 xhci_er_full, 1, 3878 vmstate_xhci_event, XHCIEvent), 3879 3880 VMSTATE_END_OF_LIST() 3881 } 3882 }; 3883 3884 static const VMStateDescription vmstate_xhci = { 3885 .name = "xhci", 3886 .version_id = 1, 3887 .post_load = usb_xhci_post_load, 3888 .fields = (VMStateField[]) { 3889 VMSTATE_PCIE_DEVICE(parent_obj, XHCIState), 3890 VMSTATE_MSIX(parent_obj, XHCIState), 3891 3892 VMSTATE_STRUCT_VARRAY_UINT32(ports, XHCIState, numports, 1, 3893 vmstate_xhci_port, XHCIPort), 3894 VMSTATE_STRUCT_VARRAY_UINT32(slots, XHCIState, numslots, 1, 3895 vmstate_xhci_slot, XHCISlot), 3896 VMSTATE_STRUCT_VARRAY_UINT32(intr, XHCIState, numintrs, 1, 3897 vmstate_xhci_intr, XHCIInterrupter), 3898 3899 /* Operational Registers */ 3900 VMSTATE_UINT32(usbcmd, XHCIState), 3901 VMSTATE_UINT32(usbsts, XHCIState), 3902 VMSTATE_UINT32(dnctrl, XHCIState), 3903 VMSTATE_UINT32(crcr_low, XHCIState), 3904 VMSTATE_UINT32(crcr_high, XHCIState), 3905 VMSTATE_UINT32(dcbaap_low, XHCIState), 3906 VMSTATE_UINT32(dcbaap_high, XHCIState), 3907 VMSTATE_UINT32(config, XHCIState), 3908 3909 /* Runtime Registers & state */ 3910 VMSTATE_INT64(mfindex_start, XHCIState), 3911 VMSTATE_TIMER_PTR(mfwrap_timer, XHCIState), 3912 VMSTATE_STRUCT(cmd_ring, XHCIState, 1, vmstate_xhci_ring, XHCIRing), 3913 3914 VMSTATE_END_OF_LIST() 3915 } 3916 }; 3917 3918 static Property xhci_properties[] = { 3919 DEFINE_PROP_ON_OFF_AUTO("msi", XHCIState, msi, ON_OFF_AUTO_AUTO), 3920 DEFINE_PROP_ON_OFF_AUTO("msix", XHCIState, msix, ON_OFF_AUTO_AUTO), 3921 DEFINE_PROP_BIT("superspeed-ports-first", 3922 XHCIState, flags, XHCI_FLAG_SS_FIRST, true), 3923 DEFINE_PROP_BIT("force-pcie-endcap", XHCIState, flags, 3924 XHCI_FLAG_FORCE_PCIE_ENDCAP, false), 3925 DEFINE_PROP_BIT("streams", XHCIState, flags, 3926 XHCI_FLAG_ENABLE_STREAMS, true), 3927 DEFINE_PROP_UINT32("intrs", XHCIState, numintrs, MAXINTRS), 3928 DEFINE_PROP_UINT32("slots", XHCIState, numslots, MAXSLOTS), 3929 DEFINE_PROP_UINT32("p2", XHCIState, numports_2, 4), 3930 DEFINE_PROP_UINT32("p3", XHCIState, numports_3, 4), 3931 DEFINE_PROP_END_OF_LIST(), 3932 }; 3933 3934 static void xhci_class_init(ObjectClass *klass, void *data) 3935 { 3936 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 3937 DeviceClass *dc = DEVICE_CLASS(klass); 3938 3939 dc->vmsd = &vmstate_xhci; 3940 dc->props = xhci_properties; 3941 dc->reset = xhci_reset; 3942 set_bit(DEVICE_CATEGORY_USB, dc->categories); 3943 k->realize = usb_xhci_realize; 3944 k->exit = usb_xhci_exit; 3945 k->vendor_id = PCI_VENDOR_ID_NEC; 3946 k->device_id = PCI_DEVICE_ID_NEC_UPD720200; 3947 k->class_id = PCI_CLASS_SERIAL_USB; 3948 k->revision = 0x03; 3949 k->is_express = 1; 3950 } 3951 3952 static const TypeInfo xhci_info = { 3953 .name = TYPE_XHCI, 3954 .parent = TYPE_PCI_DEVICE, 3955 .instance_size = sizeof(XHCIState), 3956 .class_init = xhci_class_init, 3957 }; 3958 3959 static void xhci_register_types(void) 3960 { 3961 type_register_static(&xhci_info); 3962 } 3963 3964 type_init(xhci_register_types) 3965