1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#include "hw/usb/hcd-ehci.h"
31
32
33#define CAPLENGTH 0x0000
34#define HCIVERSION 0x0002
35#define HCSPARAMS 0x0004
36#define HCCPARAMS 0x0008
37#define EECP HCCPARAMS + 1
38#define HCSPPORTROUTE1 0x000c
39#define HCSPPORTROUTE2 0x0010
40
41#define USBCMD 0x0000
42#define USBCMD_RUNSTOP (1 << 0)
43#define USBCMD_HCRESET (1 << 1)
44#define USBCMD_FLS (3 << 2)
45#define USBCMD_FLS_SH 2
46#define USBCMD_PSE (1 << 4)
47#define USBCMD_ASE (1 << 5)
48#define USBCMD_IAAD (1 << 6)
49#define USBCMD_LHCR (1 << 7)
50#define USBCMD_ASPMC (3 << 8)
51#define USBCMD_ASPME (1 << 11)
52#define USBCMD_ITC (0x7f << 16)
53#define USBCMD_ITC_SH 16
54
55#define USBSTS 0x0004
56#define USBSTS_RO_MASK 0x0000003f
57#define USBSTS_INT (1 << 0)
58#define USBSTS_ERRINT (1 << 1)
59#define USBSTS_PCD (1 << 2)
60#define USBSTS_FLR (1 << 3)
61#define USBSTS_HSE (1 << 4)
62#define USBSTS_IAA (1 << 5)
63#define USBSTS_HALT (1 << 12)
64#define USBSTS_REC (1 << 13)
65#define USBSTS_PSS (1 << 14)
66#define USBSTS_ASS (1 << 15)
67
68
69
70
71
72#define USBINTR 0x0008
73#define USBINTR_MASK 0x0000003f
74
75#define FRINDEX 0x000c
76#define CTRLDSSEGMENT 0x0010
77#define PERIODICLISTBASE 0x0014
78#define ASYNCLISTADDR 0x0018
79#define ASYNCLISTADDR_MASK 0xffffffe0
80
81#define CONFIGFLAG 0x0040
82
83
84
85
86
87#define PORTSC_RO_MASK 0x007001c0
88#define PORTSC_RWC_MASK 0x0000002a
89#define PORTSC_WKOC_E (1 << 22)
90#define PORTSC_WKDS_E (1 << 21)
91#define PORTSC_WKCN_E (1 << 20)
92#define PORTSC_PTC (15 << 16)
93#define PORTSC_PTC_SH 16
94#define PORTSC_PIC (3 << 14)
95#define PORTSC_PIC_SH 14
96#define PORTSC_POWNER (1 << 13)
97#define PORTSC_PPOWER (1 << 12)
98#define PORTSC_LINESTAT (3 << 10)
99#define PORTSC_LINESTAT_SH 10
100#define PORTSC_PRESET (1 << 8)
101#define PORTSC_SUSPEND (1 << 7)
102#define PORTSC_FPRES (1 << 6)
103#define PORTSC_OCC (1 << 5)
104#define PORTSC_OCA (1 << 4)
105#define PORTSC_PEDC (1 << 3)
106#define PORTSC_PED (1 << 2)
107#define PORTSC_CSC (1 << 1)
108#define PORTSC_CONNECT (1 << 0)
109
110#define FRAME_TIMER_FREQ 1000
111#define FRAME_TIMER_NS (1000000000 / FRAME_TIMER_FREQ)
112#define UFRAME_TIMER_NS (FRAME_TIMER_NS / 8)
113
114#define NB_MAXINTRATE 8
115#define BUFF_SIZE 5*4096
116#define MAX_QH 100
117#define MIN_UFR_PER_TICK 24
118#define PERIODIC_ACTIVE 512
119
120
121
122typedef enum {
123 EST_INACTIVE = 1000,
124 EST_ACTIVE,
125 EST_EXECUTING,
126 EST_SLEEPING,
127
128
129 EST_WAITLISTHEAD,
130 EST_FETCHENTRY,
131 EST_FETCHQH,
132 EST_FETCHITD,
133 EST_FETCHSITD,
134 EST_ADVANCEQUEUE,
135 EST_FETCHQTD,
136 EST_EXECUTE,
137 EST_WRITEBACK,
138 EST_HORIZONTALQH
139} EHCI_STATES;
140
141
142#define NLPTR_GET(x) ((x) & 0xffffffe0)
143#define NLPTR_TYPE_GET(x) (((x) >> 1) & 3)
144#define NLPTR_TBIT(x) ((x) & 1)
145
146
147#define NLPTR_TYPE_ITD 0
148#define NLPTR_TYPE_QH 1
149#define NLPTR_TYPE_STITD 2
150#define NLPTR_TYPE_FSTN 3
151
152#define SET_LAST_RUN_CLOCK(s) \
153 (s)->last_run_ns = qemu_get_clock_ns(vm_clock);
154
155
156#define get_field(data, field) \
157 (((data) & field##_MASK) >> field##_SH)
158
159#define set_field(data, newval, field) do { \
160 uint32_t val = *data; \
161 val &= ~ field##_MASK; \
162 val |= ((newval) << field##_SH) & field##_MASK; \
163 *data = val; \
164 } while(0)
165
166static const char *ehci_state_names[] = {
167 [EST_INACTIVE] = "INACTIVE",
168 [EST_ACTIVE] = "ACTIVE",
169 [EST_EXECUTING] = "EXECUTING",
170 [EST_SLEEPING] = "SLEEPING",
171 [EST_WAITLISTHEAD] = "WAITLISTHEAD",
172 [EST_FETCHENTRY] = "FETCH ENTRY",
173 [EST_FETCHQH] = "FETCH QH",
174 [EST_FETCHITD] = "FETCH ITD",
175 [EST_ADVANCEQUEUE] = "ADVANCEQUEUE",
176 [EST_FETCHQTD] = "FETCH QTD",
177 [EST_EXECUTE] = "EXECUTE",
178 [EST_WRITEBACK] = "WRITEBACK",
179 [EST_HORIZONTALQH] = "HORIZONTALQH",
180};
181
182static const char *ehci_mmio_names[] = {
183 [USBCMD] = "USBCMD",
184 [USBSTS] = "USBSTS",
185 [USBINTR] = "USBINTR",
186 [FRINDEX] = "FRINDEX",
187 [PERIODICLISTBASE] = "P-LIST BASE",
188 [ASYNCLISTADDR] = "A-LIST ADDR",
189 [CONFIGFLAG] = "CONFIGFLAG",
190};
191
192static int ehci_state_executing(EHCIQueue *q);
193static int ehci_state_writeback(EHCIQueue *q);
194static int ehci_state_advqueue(EHCIQueue *q);
195static int ehci_fill_queue(EHCIPacket *p);
196static void ehci_free_packet(EHCIPacket *p);
197
198static const char *nr2str(const char **n, size_t len, uint32_t nr)
199{
200 if (nr < len && n[nr] != NULL) {
201 return n[nr];
202 } else {
203 return "unknown";
204 }
205}
206
207static const char *state2str(uint32_t state)
208{
209 return nr2str(ehci_state_names, ARRAY_SIZE(ehci_state_names), state);
210}
211
212static const char *addr2str(hwaddr addr)
213{
214 return nr2str(ehci_mmio_names, ARRAY_SIZE(ehci_mmio_names), addr);
215}
216
217static void ehci_trace_usbsts(uint32_t mask, int state)
218{
219
220 if (mask & USBSTS_INT) {
221 trace_usb_ehci_usbsts("INT", state);
222 }
223 if (mask & USBSTS_ERRINT) {
224 trace_usb_ehci_usbsts("ERRINT", state);
225 }
226 if (mask & USBSTS_PCD) {
227 trace_usb_ehci_usbsts("PCD", state);
228 }
229 if (mask & USBSTS_FLR) {
230 trace_usb_ehci_usbsts("FLR", state);
231 }
232 if (mask & USBSTS_HSE) {
233 trace_usb_ehci_usbsts("HSE", state);
234 }
235 if (mask & USBSTS_IAA) {
236 trace_usb_ehci_usbsts("IAA", state);
237 }
238
239
240 if (mask & USBSTS_HALT) {
241 trace_usb_ehci_usbsts("HALT", state);
242 }
243 if (mask & USBSTS_REC) {
244 trace_usb_ehci_usbsts("REC", state);
245 }
246 if (mask & USBSTS_PSS) {
247 trace_usb_ehci_usbsts("PSS", state);
248 }
249 if (mask & USBSTS_ASS) {
250 trace_usb_ehci_usbsts("ASS", state);
251 }
252}
253
254static inline void ehci_set_usbsts(EHCIState *s, int mask)
255{
256 if ((s->usbsts & mask) == mask) {
257 return;
258 }
259 ehci_trace_usbsts(mask, 1);
260 s->usbsts |= mask;
261}
262
263static inline void ehci_clear_usbsts(EHCIState *s, int mask)
264{
265 if ((s->usbsts & mask) == 0) {
266 return;
267 }
268 ehci_trace_usbsts(mask, 0);
269 s->usbsts &= ~mask;
270}
271
272
273static inline void ehci_update_irq(EHCIState *s)
274{
275 int level = 0;
276
277 if ((s->usbsts & USBINTR_MASK) & s->usbintr) {
278 level = 1;
279 }
280
281 trace_usb_ehci_irq(level, s->frindex, s->usbsts, s->usbintr);
282 qemu_set_irq(s->irq, level);
283}
284
285
286static inline void ehci_raise_irq(EHCIState *s, int intr)
287{
288 if (intr & (USBSTS_PCD | USBSTS_FLR | USBSTS_HSE)) {
289 s->usbsts |= intr;
290 ehci_update_irq(s);
291 } else {
292 s->usbsts_pending |= intr;
293 }
294}
295
296
297
298
299
300static inline void ehci_commit_irq(EHCIState *s)
301{
302 uint32_t itc;
303
304 if (!s->usbsts_pending) {
305 return;
306 }
307 if (s->usbsts_frindex > s->frindex) {
308 return;
309 }
310
311 itc = (s->usbcmd >> 16) & 0xff;
312 s->usbsts |= s->usbsts_pending;
313 s->usbsts_pending = 0;
314 s->usbsts_frindex = s->frindex + itc;
315 ehci_update_irq(s);
316}
317
318static void ehci_update_halt(EHCIState *s)
319{
320 if (s->usbcmd & USBCMD_RUNSTOP) {
321 ehci_clear_usbsts(s, USBSTS_HALT);
322 } else {
323 if (s->astate == EST_INACTIVE && s->pstate == EST_INACTIVE) {
324 ehci_set_usbsts(s, USBSTS_HALT);
325 }
326 }
327}
328
329static void ehci_set_state(EHCIState *s, int async, int state)
330{
331 if (async) {
332 trace_usb_ehci_state("async", state2str(state));
333 s->astate = state;
334 if (s->astate == EST_INACTIVE) {
335 ehci_clear_usbsts(s, USBSTS_ASS);
336 ehci_update_halt(s);
337 } else {
338 ehci_set_usbsts(s, USBSTS_ASS);
339 }
340 } else {
341 trace_usb_ehci_state("periodic", state2str(state));
342 s->pstate = state;
343 if (s->pstate == EST_INACTIVE) {
344 ehci_clear_usbsts(s, USBSTS_PSS);
345 ehci_update_halt(s);
346 } else {
347 ehci_set_usbsts(s, USBSTS_PSS);
348 }
349 }
350}
351
352static int ehci_get_state(EHCIState *s, int async)
353{
354 return async ? s->astate : s->pstate;
355}
356
357static void ehci_set_fetch_addr(EHCIState *s, int async, uint32_t addr)
358{
359 if (async) {
360 s->a_fetch_addr = addr;
361 } else {
362 s->p_fetch_addr = addr;
363 }
364}
365
366static int ehci_get_fetch_addr(EHCIState *s, int async)
367{
368 return async ? s->a_fetch_addr : s->p_fetch_addr;
369}
370
371static void ehci_trace_qh(EHCIQueue *q, hwaddr addr, EHCIqh *qh)
372{
373
374 trace_usb_ehci_qh_ptrs(q, addr, qh->next,
375 qh->current_qtd, qh->next_qtd, qh->altnext_qtd);
376 trace_usb_ehci_qh_fields(addr,
377 get_field(qh->epchar, QH_EPCHAR_RL),
378 get_field(qh->epchar, QH_EPCHAR_MPLEN),
379 get_field(qh->epchar, QH_EPCHAR_EPS),
380 get_field(qh->epchar, QH_EPCHAR_EP),
381 get_field(qh->epchar, QH_EPCHAR_DEVADDR));
382 trace_usb_ehci_qh_bits(addr,
383 (bool)(qh->epchar & QH_EPCHAR_C),
384 (bool)(qh->epchar & QH_EPCHAR_H),
385 (bool)(qh->epchar & QH_EPCHAR_DTC),
386 (bool)(qh->epchar & QH_EPCHAR_I));
387}
388
389static void ehci_trace_qtd(EHCIQueue *q, hwaddr addr, EHCIqtd *qtd)
390{
391
392 trace_usb_ehci_qtd_ptrs(q, addr, qtd->next, qtd->altnext);
393 trace_usb_ehci_qtd_fields(addr,
394 get_field(qtd->token, QTD_TOKEN_TBYTES),
395 get_field(qtd->token, QTD_TOKEN_CPAGE),
396 get_field(qtd->token, QTD_TOKEN_CERR),
397 get_field(qtd->token, QTD_TOKEN_PID));
398 trace_usb_ehci_qtd_bits(addr,
399 (bool)(qtd->token & QTD_TOKEN_IOC),
400 (bool)(qtd->token & QTD_TOKEN_ACTIVE),
401 (bool)(qtd->token & QTD_TOKEN_HALT),
402 (bool)(qtd->token & QTD_TOKEN_BABBLE),
403 (bool)(qtd->token & QTD_TOKEN_XACTERR));
404}
405
406static void ehci_trace_itd(EHCIState *s, hwaddr addr, EHCIitd *itd)
407{
408 trace_usb_ehci_itd(addr, itd->next,
409 get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT),
410 get_field(itd->bufptr[2], ITD_BUFPTR_MULT),
411 get_field(itd->bufptr[0], ITD_BUFPTR_EP),
412 get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR));
413}
414
415static void ehci_trace_sitd(EHCIState *s, hwaddr addr,
416 EHCIsitd *sitd)
417{
418 trace_usb_ehci_sitd(addr, sitd->next,
419 (bool)(sitd->results & SITD_RESULTS_ACTIVE));
420}
421
422static void ehci_trace_guest_bug(EHCIState *s, const char *message)
423{
424 trace_usb_ehci_guest_bug(message);
425 fprintf(stderr, "ehci warning: %s\n", message);
426}
427
428static inline bool ehci_enabled(EHCIState *s)
429{
430 return s->usbcmd & USBCMD_RUNSTOP;
431}
432
433static inline bool ehci_async_enabled(EHCIState *s)
434{
435 return ehci_enabled(s) && (s->usbcmd & USBCMD_ASE);
436}
437
438static inline bool ehci_periodic_enabled(EHCIState *s)
439{
440 return ehci_enabled(s) && (s->usbcmd & USBCMD_PSE);
441}
442
443
444static inline int get_dwords(EHCIState *ehci, uint32_t addr,
445 uint32_t *buf, int num)
446{
447 int i;
448
449 if (!ehci->dma) {
450 ehci_raise_irq(ehci, USBSTS_HSE);
451 ehci->usbcmd &= ~USBCMD_RUNSTOP;
452 trace_usb_ehci_dma_error();
453 return -1;
454 }
455
456 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
457 dma_memory_read(ehci->dma, addr, buf, sizeof(*buf));
458 *buf = le32_to_cpu(*buf);
459 }
460
461 return num;
462}
463
464
465static inline int put_dwords(EHCIState *ehci, uint32_t addr,
466 uint32_t *buf, int num)
467{
468 int i;
469
470 if (!ehci->dma) {
471 ehci_raise_irq(ehci, USBSTS_HSE);
472 ehci->usbcmd &= ~USBCMD_RUNSTOP;
473 trace_usb_ehci_dma_error();
474 return -1;
475 }
476
477 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
478 uint32_t tmp = cpu_to_le32(*buf);
479 dma_memory_write(ehci->dma, addr, &tmp, sizeof(tmp));
480 }
481
482 return num;
483}
484
485static int ehci_get_pid(EHCIqtd *qtd)
486{
487 switch (get_field(qtd->token, QTD_TOKEN_PID)) {
488 case 0:
489 return USB_TOKEN_OUT;
490 case 1:
491 return USB_TOKEN_IN;
492 case 2:
493 return USB_TOKEN_SETUP;
494 default:
495 fprintf(stderr, "bad token\n");
496 return 0;
497 }
498}
499
500static bool ehci_verify_qh(EHCIQueue *q, EHCIqh *qh)
501{
502 uint32_t devaddr = get_field(qh->epchar, QH_EPCHAR_DEVADDR);
503 uint32_t endp = get_field(qh->epchar, QH_EPCHAR_EP);
504 if ((devaddr != get_field(q->qh.epchar, QH_EPCHAR_DEVADDR)) ||
505 (endp != get_field(q->qh.epchar, QH_EPCHAR_EP)) ||
506 (qh->current_qtd != q->qh.current_qtd) ||
507 (q->async && qh->next_qtd != q->qh.next_qtd) ||
508 (memcmp(&qh->altnext_qtd, &q->qh.altnext_qtd,
509 7 * sizeof(uint32_t)) != 0) ||
510 (q->dev != NULL && q->dev->addr != devaddr)) {
511 return false;
512 } else {
513 return true;
514 }
515}
516
517static bool ehci_verify_qtd(EHCIPacket *p, EHCIqtd *qtd)
518{
519 if (p->qtdaddr != p->queue->qtdaddr ||
520 (p->queue->async && !NLPTR_TBIT(p->qtd.next) &&
521 (p->qtd.next != qtd->next)) ||
522 (!NLPTR_TBIT(p->qtd.altnext) && (p->qtd.altnext != qtd->altnext)) ||
523 p->qtd.token != qtd->token ||
524 p->qtd.bufptr[0] != qtd->bufptr[0]) {
525 return false;
526 } else {
527 return true;
528 }
529}
530
531static bool ehci_verify_pid(EHCIQueue *q, EHCIqtd *qtd)
532{
533 int ep = get_field(q->qh.epchar, QH_EPCHAR_EP);
534 int pid = ehci_get_pid(qtd);
535
536
537 if (q->last_pid && ep != 0 && pid != q->last_pid) {
538 return false;
539 } else {
540 return true;
541 }
542}
543
544
545
546static void ehci_writeback_async_complete_packet(EHCIPacket *p)
547{
548 EHCIQueue *q = p->queue;
549 EHCIqtd qtd;
550 EHCIqh qh;
551 int state;
552
553
554 get_dwords(q->ehci, NLPTR_GET(q->qhaddr),
555 (uint32_t *) &qh, sizeof(EHCIqh) >> 2);
556 get_dwords(q->ehci, NLPTR_GET(q->qtdaddr),
557 (uint32_t *) &qtd, sizeof(EHCIqtd) >> 2);
558 if (!ehci_verify_qh(q, &qh) || !ehci_verify_qtd(p, &qtd)) {
559 p->async = EHCI_ASYNC_INITIALIZED;
560 ehci_free_packet(p);
561 return;
562 }
563
564 state = ehci_get_state(q->ehci, q->async);
565 ehci_state_executing(q);
566 ehci_state_writeback(q);
567 if (!(q->qh.token & QTD_TOKEN_HALT)) {
568 ehci_state_advqueue(q);
569 }
570 ehci_set_state(q->ehci, q->async, state);
571}
572
573
574
575static EHCIPacket *ehci_alloc_packet(EHCIQueue *q)
576{
577 EHCIPacket *p;
578
579 p = g_new0(EHCIPacket, 1);
580 p->queue = q;
581 usb_packet_init(&p->packet);
582 QTAILQ_INSERT_TAIL(&q->packets, p, next);
583 trace_usb_ehci_packet_action(p->queue, p, "alloc");
584 return p;
585}
586
587static void ehci_free_packet(EHCIPacket *p)
588{
589 if (p->async == EHCI_ASYNC_FINISHED) {
590 ehci_writeback_async_complete_packet(p);
591 return;
592 }
593 trace_usb_ehci_packet_action(p->queue, p, "free");
594 if (p->async == EHCI_ASYNC_INITIALIZED) {
595 usb_packet_unmap(&p->packet, &p->sgl);
596 qemu_sglist_destroy(&p->sgl);
597 }
598 if (p->async == EHCI_ASYNC_INFLIGHT) {
599 usb_cancel_packet(&p->packet);
600 usb_packet_unmap(&p->packet, &p->sgl);
601 qemu_sglist_destroy(&p->sgl);
602 }
603 QTAILQ_REMOVE(&p->queue->packets, p, next);
604 usb_packet_cleanup(&p->packet);
605 g_free(p);
606}
607
608
609
610static EHCIQueue *ehci_alloc_queue(EHCIState *ehci, uint32_t addr, int async)
611{
612 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
613 EHCIQueue *q;
614
615 q = g_malloc0(sizeof(*q));
616 q->ehci = ehci;
617 q->qhaddr = addr;
618 q->async = async;
619 QTAILQ_INIT(&q->packets);
620 QTAILQ_INSERT_HEAD(head, q, next);
621 trace_usb_ehci_queue_action(q, "alloc");
622 return q;
623}
624
625static void ehci_queue_stopped(EHCIQueue *q)
626{
627 int endp = get_field(q->qh.epchar, QH_EPCHAR_EP);
628
629 if (!q->last_pid || !q->dev) {
630 return;
631 }
632
633 usb_device_ep_stopped(q->dev, usb_ep_get(q->dev, q->last_pid, endp));
634}
635
636static int ehci_cancel_queue(EHCIQueue *q)
637{
638 EHCIPacket *p;
639 int packets = 0;
640
641 p = QTAILQ_FIRST(&q->packets);
642 if (p == NULL) {
643 goto leave;
644 }
645
646 trace_usb_ehci_queue_action(q, "cancel");
647 do {
648 ehci_free_packet(p);
649 packets++;
650 } while ((p = QTAILQ_FIRST(&q->packets)) != NULL);
651
652leave:
653 ehci_queue_stopped(q);
654 return packets;
655}
656
657static int ehci_reset_queue(EHCIQueue *q)
658{
659 int packets;
660
661 trace_usb_ehci_queue_action(q, "reset");
662 packets = ehci_cancel_queue(q);
663 q->dev = NULL;
664 q->qtdaddr = 0;
665 q->last_pid = 0;
666 return packets;
667}
668
669static void ehci_free_queue(EHCIQueue *q, const char *warn)
670{
671 EHCIQueueHead *head = q->async ? &q->ehci->aqueues : &q->ehci->pqueues;
672 int cancelled;
673
674 trace_usb_ehci_queue_action(q, "free");
675 cancelled = ehci_cancel_queue(q);
676 if (warn && cancelled > 0) {
677 ehci_trace_guest_bug(q->ehci, warn);
678 }
679 QTAILQ_REMOVE(head, q, next);
680 g_free(q);
681}
682
683static EHCIQueue *ehci_find_queue_by_qh(EHCIState *ehci, uint32_t addr,
684 int async)
685{
686 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
687 EHCIQueue *q;
688
689 QTAILQ_FOREACH(q, head, next) {
690 if (addr == q->qhaddr) {
691 return q;
692 }
693 }
694 return NULL;
695}
696
697static void ehci_queues_rip_unused(EHCIState *ehci, int async)
698{
699 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
700 const char *warn = async ? "guest unlinked busy QH" : NULL;
701 uint64_t maxage = FRAME_TIMER_NS * ehci->maxframes * 4;
702 EHCIQueue *q, *tmp;
703
704 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
705 if (q->seen) {
706 q->seen = 0;
707 q->ts = ehci->last_run_ns;
708 continue;
709 }
710 if (ehci->last_run_ns < q->ts + maxage) {
711 continue;
712 }
713 ehci_free_queue(q, warn);
714 }
715}
716
717static void ehci_queues_rip_unseen(EHCIState *ehci, int async)
718{
719 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
720 EHCIQueue *q, *tmp;
721
722 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
723 if (!q->seen) {
724 ehci_free_queue(q, NULL);
725 }
726 }
727}
728
729static void ehci_queues_rip_device(EHCIState *ehci, USBDevice *dev, int async)
730{
731 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
732 EHCIQueue *q, *tmp;
733
734 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
735 if (q->dev != dev) {
736 continue;
737 }
738 ehci_free_queue(q, NULL);
739 }
740}
741
742static void ehci_queues_rip_all(EHCIState *ehci, int async)
743{
744 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
745 const char *warn = async ? "guest stopped busy async schedule" : NULL;
746 EHCIQueue *q, *tmp;
747
748 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
749 ehci_free_queue(q, warn);
750 }
751}
752
753
754
755static void ehci_attach(USBPort *port)
756{
757 EHCIState *s = port->opaque;
758 uint32_t *portsc = &s->portsc[port->index];
759 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci";
760
761 trace_usb_ehci_port_attach(port->index, owner, port->dev->product_desc);
762
763 if (*portsc & PORTSC_POWNER) {
764 USBPort *companion = s->companion_ports[port->index];
765 companion->dev = port->dev;
766 companion->ops->attach(companion);
767 return;
768 }
769
770 *portsc |= PORTSC_CONNECT;
771 *portsc |= PORTSC_CSC;
772
773 ehci_raise_irq(s, USBSTS_PCD);
774}
775
776static void ehci_detach(USBPort *port)
777{
778 EHCIState *s = port->opaque;
779 uint32_t *portsc = &s->portsc[port->index];
780 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci";
781
782 trace_usb_ehci_port_detach(port->index, owner);
783
784 if (*portsc & PORTSC_POWNER) {
785 USBPort *companion = s->companion_ports[port->index];
786 companion->ops->detach(companion);
787 companion->dev = NULL;
788
789
790
791
792 *portsc &= ~PORTSC_POWNER;
793 return;
794 }
795
796 ehci_queues_rip_device(s, port->dev, 0);
797 ehci_queues_rip_device(s, port->dev, 1);
798
799 *portsc &= ~(PORTSC_CONNECT|PORTSC_PED);
800 *portsc |= PORTSC_CSC;
801
802 ehci_raise_irq(s, USBSTS_PCD);
803}
804
805static void ehci_child_detach(USBPort *port, USBDevice *child)
806{
807 EHCIState *s = port->opaque;
808 uint32_t portsc = s->portsc[port->index];
809
810 if (portsc & PORTSC_POWNER) {
811 USBPort *companion = s->companion_ports[port->index];
812 companion->ops->child_detach(companion, child);
813 return;
814 }
815
816 ehci_queues_rip_device(s, child, 0);
817 ehci_queues_rip_device(s, child, 1);
818}
819
820static void ehci_wakeup(USBPort *port)
821{
822 EHCIState *s = port->opaque;
823 uint32_t portsc = s->portsc[port->index];
824
825 if (portsc & PORTSC_POWNER) {
826 USBPort *companion = s->companion_ports[port->index];
827 if (companion->ops->wakeup) {
828 companion->ops->wakeup(companion);
829 }
830 return;
831 }
832
833 qemu_bh_schedule(s->async_bh);
834}
835
836static int ehci_register_companion(USBBus *bus, USBPort *ports[],
837 uint32_t portcount, uint32_t firstport)
838{
839 EHCIState *s = container_of(bus, EHCIState, bus);
840 uint32_t i;
841
842 if (firstport + portcount > NB_PORTS) {
843 qerror_report(QERR_INVALID_PARAMETER_VALUE, "firstport",
844 "firstport on masterbus");
845 error_printf_unless_qmp(
846 "firstport value of %u makes companion take ports %u - %u, which "
847 "is outside of the valid range of 0 - %u\n", firstport, firstport,
848 firstport + portcount - 1, NB_PORTS - 1);
849 return -1;
850 }
851
852 for (i = 0; i < portcount; i++) {
853 if (s->companion_ports[firstport + i]) {
854 qerror_report(QERR_INVALID_PARAMETER_VALUE, "masterbus",
855 "an USB masterbus");
856 error_printf_unless_qmp(
857 "port %u on masterbus %s already has a companion assigned\n",
858 firstport + i, bus->qbus.name);
859 return -1;
860 }
861 }
862
863 for (i = 0; i < portcount; i++) {
864 s->companion_ports[firstport + i] = ports[i];
865 s->ports[firstport + i].speedmask |=
866 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL;
867
868 s->portsc[firstport + i] = PORTSC_POWNER;
869 }
870
871 s->companion_count++;
872 s->caps[0x05] = (s->companion_count << 4) | portcount;
873
874 return 0;
875}
876
877static void ehci_wakeup_endpoint(USBBus *bus, USBEndpoint *ep)
878{
879 EHCIState *s = container_of(bus, EHCIState, bus);
880 uint32_t portsc = s->portsc[ep->dev->port->index];
881
882 if (portsc & PORTSC_POWNER) {
883 return;
884 }
885
886 s->periodic_sched_active = PERIODIC_ACTIVE;
887 qemu_bh_schedule(s->async_bh);
888}
889
890static USBDevice *ehci_find_device(EHCIState *ehci, uint8_t addr)
891{
892 USBDevice *dev;
893 USBPort *port;
894 int i;
895
896 for (i = 0; i < NB_PORTS; i++) {
897 port = &ehci->ports[i];
898 if (!(ehci->portsc[i] & PORTSC_PED)) {
899 DPRINTF("Port %d not enabled\n", i);
900 continue;
901 }
902 dev = usb_find_device(port, addr);
903 if (dev != NULL) {
904 return dev;
905 }
906 }
907 return NULL;
908}
909
910
911static void ehci_reset(void *opaque)
912{
913 EHCIState *s = opaque;
914 int i;
915 USBDevice *devs[NB_PORTS];
916
917 trace_usb_ehci_reset();
918
919
920
921
922
923 for(i = 0; i < NB_PORTS; i++) {
924 devs[i] = s->ports[i].dev;
925 if (devs[i] && devs[i]->attached) {
926 usb_detach(&s->ports[i]);
927 }
928 }
929
930 memset(&s->opreg, 0x00, sizeof(s->opreg));
931 memset(&s->portsc, 0x00, sizeof(s->portsc));
932
933 s->usbcmd = NB_MAXINTRATE << USBCMD_ITC_SH;
934 s->usbsts = USBSTS_HALT;
935 s->usbsts_pending = 0;
936 s->usbsts_frindex = 0;
937
938 s->astate = EST_INACTIVE;
939 s->pstate = EST_INACTIVE;
940
941 for(i = 0; i < NB_PORTS; i++) {
942 if (s->companion_ports[i]) {
943 s->portsc[i] = PORTSC_POWNER | PORTSC_PPOWER;
944 } else {
945 s->portsc[i] = PORTSC_PPOWER;
946 }
947 if (devs[i] && devs[i]->attached) {
948 usb_attach(&s->ports[i]);
949 usb_device_reset(devs[i]);
950 }
951 }
952 ehci_queues_rip_all(s, 0);
953 ehci_queues_rip_all(s, 1);
954 qemu_del_timer(s->frame_timer);
955 qemu_bh_cancel(s->async_bh);
956}
957
958static uint64_t ehci_caps_read(void *ptr, hwaddr addr,
959 unsigned size)
960{
961 EHCIState *s = ptr;
962 return s->caps[addr];
963}
964
965static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
966 unsigned size)
967{
968 EHCIState *s = ptr;
969 uint32_t val;
970
971 switch (addr) {
972 case FRINDEX:
973
974 val = s->frindex & ~7;
975 break;
976 default:
977 val = s->opreg[addr >> 2];
978 }
979
980 trace_usb_ehci_opreg_read(addr + s->opregbase, addr2str(addr), val);
981 return val;
982}
983
984static uint64_t ehci_port_read(void *ptr, hwaddr addr,
985 unsigned size)
986{
987 EHCIState *s = ptr;
988 uint32_t val;
989
990 val = s->portsc[addr >> 2];
991 trace_usb_ehci_portsc_read(addr + PORTSC_BEGIN, addr >> 2, val);
992 return val;
993}
994
995static void handle_port_owner_write(EHCIState *s, int port, uint32_t owner)
996{
997 USBDevice *dev = s->ports[port].dev;
998 uint32_t *portsc = &s->portsc[port];
999 uint32_t orig;
1000
1001 if (s->companion_ports[port] == NULL)
1002 return;
1003
1004 owner = owner & PORTSC_POWNER;
1005 orig = *portsc & PORTSC_POWNER;
1006
1007 if (!(owner ^ orig)) {
1008 return;
1009 }
1010
1011 if (dev && dev->attached) {
1012 usb_detach(&s->ports[port]);
1013 }
1014
1015 *portsc &= ~PORTSC_POWNER;
1016 *portsc |= owner;
1017
1018 if (dev && dev->attached) {
1019 usb_attach(&s->ports[port]);
1020 }
1021}
1022
1023static void ehci_port_write(void *ptr, hwaddr addr,
1024 uint64_t val, unsigned size)
1025{
1026 EHCIState *s = ptr;
1027 int port = addr >> 2;
1028 uint32_t *portsc = &s->portsc[port];
1029 uint32_t old = *portsc;
1030 USBDevice *dev = s->ports[port].dev;
1031
1032 trace_usb_ehci_portsc_write(addr + PORTSC_BEGIN, addr >> 2, val);
1033
1034
1035 *portsc &= ~(val & PORTSC_RWC_MASK);
1036
1037 *portsc &= val | ~PORTSC_PED;
1038
1039 handle_port_owner_write(s, port, val);
1040
1041 val &= PORTSC_RO_MASK;
1042
1043 if ((val & PORTSC_PRESET) && !(*portsc & PORTSC_PRESET)) {
1044 trace_usb_ehci_port_reset(port, 1);
1045 }
1046
1047 if (!(val & PORTSC_PRESET) &&(*portsc & PORTSC_PRESET)) {
1048 trace_usb_ehci_port_reset(port, 0);
1049 if (dev && dev->attached) {
1050 usb_port_reset(&s->ports[port]);
1051 *portsc &= ~PORTSC_CSC;
1052 }
1053
1054
1055
1056
1057
1058 if (dev && dev->attached && (dev->speedmask & USB_SPEED_MASK_HIGH)) {
1059 val |= PORTSC_PED;
1060 }
1061 }
1062
1063 *portsc &= ~PORTSC_RO_MASK;
1064 *portsc |= val;
1065 trace_usb_ehci_portsc_change(addr + PORTSC_BEGIN, addr >> 2, *portsc, old);
1066}
1067
1068static void ehci_opreg_write(void *ptr, hwaddr addr,
1069 uint64_t val, unsigned size)
1070{
1071 EHCIState *s = ptr;
1072 uint32_t *mmio = s->opreg + (addr >> 2);
1073 uint32_t old = *mmio;
1074 int i;
1075
1076 trace_usb_ehci_opreg_write(addr + s->opregbase, addr2str(addr), val);
1077
1078 switch (addr) {
1079 case USBCMD:
1080 if (val & USBCMD_HCRESET) {
1081 ehci_reset(s);
1082 val = s->usbcmd;
1083 break;
1084 }
1085
1086
1087 if ((val & USBCMD_FLS) && !(s->usbcmd & USBCMD_FLS)) {
1088 fprintf(stderr, "attempt to set frame list size -- value %d\n",
1089 (int)val & USBCMD_FLS);
1090 val &= ~USBCMD_FLS;
1091 }
1092
1093 if (val & USBCMD_IAAD) {
1094
1095
1096
1097
1098 s->async_stepdown = 0;
1099 qemu_bh_schedule(s->async_bh);
1100 trace_usb_ehci_doorbell_ring();
1101 }
1102
1103 if (((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & val) !=
1104 ((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & s->usbcmd)) {
1105 if (s->pstate == EST_INACTIVE) {
1106 SET_LAST_RUN_CLOCK(s);
1107 }
1108 s->usbcmd = val;
1109 ehci_update_halt(s);
1110 s->async_stepdown = 0;
1111 qemu_bh_schedule(s->async_bh);
1112 }
1113 break;
1114
1115 case USBSTS:
1116 val &= USBSTS_RO_MASK;
1117 ehci_clear_usbsts(s, val);
1118 val = s->usbsts;
1119 ehci_update_irq(s);
1120 break;
1121
1122 case USBINTR:
1123 val &= USBINTR_MASK;
1124 if (ehci_enabled(s) && (USBSTS_FLR & val)) {
1125 qemu_bh_schedule(s->async_bh);
1126 }
1127 break;
1128
1129 case FRINDEX:
1130 val &= 0x00003fff;
1131 s->usbsts_frindex = val;
1132 break;
1133
1134 case CONFIGFLAG:
1135 val &= 0x1;
1136 if (val) {
1137 for(i = 0; i < NB_PORTS; i++)
1138 handle_port_owner_write(s, i, 0);
1139 }
1140 break;
1141
1142 case PERIODICLISTBASE:
1143 if (ehci_periodic_enabled(s)) {
1144 fprintf(stderr,
1145 "ehci: PERIODIC list base register set while periodic schedule\n"
1146 " is enabled and HC is enabled\n");
1147 }
1148 break;
1149
1150 case ASYNCLISTADDR:
1151 if (ehci_async_enabled(s)) {
1152 fprintf(stderr,
1153 "ehci: ASYNC list address register set while async schedule\n"
1154 " is enabled and HC is enabled\n");
1155 }
1156 break;
1157 }
1158
1159 *mmio = val;
1160 trace_usb_ehci_opreg_change(addr + s->opregbase, addr2str(addr),
1161 *mmio, old);
1162}
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172static void ehci_flush_qh(EHCIQueue *q)
1173{
1174 uint32_t *qh = (uint32_t *) &q->qh;
1175 uint32_t dwords = sizeof(EHCIqh) >> 2;
1176 uint32_t addr = NLPTR_GET(q->qhaddr);
1177
1178 put_dwords(q->ehci, addr + 3 * sizeof(uint32_t), qh + 3, dwords - 3);
1179}
1180
1181
1182
1183static int ehci_qh_do_overlay(EHCIQueue *q)
1184{
1185 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1186 int i;
1187 int dtoggle;
1188 int ping;
1189 int eps;
1190 int reload;
1191
1192 assert(p != NULL);
1193 assert(p->qtdaddr == q->qtdaddr);
1194
1195
1196
1197 dtoggle = q->qh.token & QTD_TOKEN_DTOGGLE;
1198 ping = q->qh.token & QTD_TOKEN_PING;
1199
1200 q->qh.current_qtd = p->qtdaddr;
1201 q->qh.next_qtd = p->qtd.next;
1202 q->qh.altnext_qtd = p->qtd.altnext;
1203 q->qh.token = p->qtd.token;
1204
1205
1206 eps = get_field(q->qh.epchar, QH_EPCHAR_EPS);
1207 if (eps == EHCI_QH_EPS_HIGH) {
1208 q->qh.token &= ~QTD_TOKEN_PING;
1209 q->qh.token |= ping;
1210 }
1211
1212 reload = get_field(q->qh.epchar, QH_EPCHAR_RL);
1213 set_field(&q->qh.altnext_qtd, reload, QH_ALTNEXT_NAKCNT);
1214
1215 for (i = 0; i < 5; i++) {
1216 q->qh.bufptr[i] = p->qtd.bufptr[i];
1217 }
1218
1219 if (!(q->qh.epchar & QH_EPCHAR_DTC)) {
1220
1221 q->qh.token &= ~QTD_TOKEN_DTOGGLE;
1222 q->qh.token |= dtoggle;
1223 }
1224
1225 q->qh.bufptr[1] &= ~BUFPTR_CPROGMASK_MASK;
1226 q->qh.bufptr[2] &= ~BUFPTR_FRAMETAG_MASK;
1227
1228 ehci_flush_qh(q);
1229
1230 return 0;
1231}
1232
1233static int ehci_init_transfer(EHCIPacket *p)
1234{
1235 uint32_t cpage, offset, bytes, plen;
1236 dma_addr_t page;
1237
1238 cpage = get_field(p->qtd.token, QTD_TOKEN_CPAGE);
1239 bytes = get_field(p->qtd.token, QTD_TOKEN_TBYTES);
1240 offset = p->qtd.bufptr[0] & ~QTD_BUFPTR_MASK;
1241 qemu_sglist_init(&p->sgl, 5, p->queue->ehci->dma);
1242
1243 while (bytes > 0) {
1244 if (cpage > 4) {
1245 fprintf(stderr, "cpage out of range (%d)\n", cpage);
1246 return -1;
1247 }
1248
1249 page = p->qtd.bufptr[cpage] & QTD_BUFPTR_MASK;
1250 page += offset;
1251 plen = bytes;
1252 if (plen > 4096 - offset) {
1253 plen = 4096 - offset;
1254 offset = 0;
1255 cpage++;
1256 }
1257
1258 qemu_sglist_add(&p->sgl, page, plen);
1259 bytes -= plen;
1260 }
1261 return 0;
1262}
1263
1264static void ehci_finish_transfer(EHCIQueue *q, int len)
1265{
1266 uint32_t cpage, offset;
1267
1268 if (len > 0) {
1269
1270 cpage = get_field(q->qh.token, QTD_TOKEN_CPAGE);
1271 offset = q->qh.bufptr[0] & ~QTD_BUFPTR_MASK;
1272
1273 offset += len;
1274 cpage += offset >> QTD_BUFPTR_SH;
1275 offset &= ~QTD_BUFPTR_MASK;
1276
1277 set_field(&q->qh.token, cpage, QTD_TOKEN_CPAGE);
1278 q->qh.bufptr[0] &= QTD_BUFPTR_MASK;
1279 q->qh.bufptr[0] |= offset;
1280 }
1281}
1282
1283static void ehci_async_complete_packet(USBPort *port, USBPacket *packet)
1284{
1285 EHCIPacket *p;
1286 EHCIState *s = port->opaque;
1287 uint32_t portsc = s->portsc[port->index];
1288
1289 if (portsc & PORTSC_POWNER) {
1290 USBPort *companion = s->companion_ports[port->index];
1291 companion->ops->complete(companion, packet);
1292 return;
1293 }
1294
1295 p = container_of(packet, EHCIPacket, packet);
1296 assert(p->async == EHCI_ASYNC_INFLIGHT);
1297
1298 if (packet->status == USB_RET_REMOVE_FROM_QUEUE) {
1299 trace_usb_ehci_packet_action(p->queue, p, "remove");
1300 ehci_free_packet(p);
1301 return;
1302 }
1303
1304 trace_usb_ehci_packet_action(p->queue, p, "wakeup");
1305 p->async = EHCI_ASYNC_FINISHED;
1306
1307 if (!p->queue->async) {
1308 s->periodic_sched_active = PERIODIC_ACTIVE;
1309 }
1310 qemu_bh_schedule(s->async_bh);
1311}
1312
1313static void ehci_execute_complete(EHCIQueue *q)
1314{
1315 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1316 uint32_t tbytes;
1317
1318 assert(p != NULL);
1319 assert(p->qtdaddr == q->qtdaddr);
1320 assert(p->async == EHCI_ASYNC_INITIALIZED ||
1321 p->async == EHCI_ASYNC_FINISHED);
1322
1323 DPRINTF("execute_complete: qhaddr 0x%x, next 0x%x, qtdaddr 0x%x, "
1324 "status %d, actual_length %d\n",
1325 q->qhaddr, q->qh.next, q->qtdaddr,
1326 p->packet.status, p->packet.actual_length);
1327
1328 switch (p->packet.status) {
1329 case USB_RET_SUCCESS:
1330 break;
1331 case USB_RET_IOERROR:
1332 case USB_RET_NODEV:
1333 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_XACTERR);
1334 set_field(&q->qh.token, 0, QTD_TOKEN_CERR);
1335 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
1336 break;
1337 case USB_RET_STALL:
1338 q->qh.token |= QTD_TOKEN_HALT;
1339 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
1340 break;
1341 case USB_RET_NAK:
1342 set_field(&q->qh.altnext_qtd, 0, QH_ALTNEXT_NAKCNT);
1343 return;
1344 case USB_RET_BABBLE:
1345 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_BABBLE);
1346 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
1347 break;
1348 default:
1349
1350 fprintf(stderr, "USB invalid response %d\n", p->packet.status);
1351 assert(0);
1352 break;
1353 }
1354
1355
1356 tbytes = get_field(q->qh.token, QTD_TOKEN_TBYTES);
1357 if (tbytes && p->pid == USB_TOKEN_IN) {
1358 tbytes -= p->packet.actual_length;
1359 if (tbytes) {
1360
1361 ehci_raise_irq(q->ehci, USBSTS_INT);
1362 if (q->async) {
1363 q->ehci->int_req_by_async = true;
1364 }
1365 }
1366 } else {
1367 tbytes = 0;
1368 }
1369 DPRINTF("updating tbytes to %d\n", tbytes);
1370 set_field(&q->qh.token, tbytes, QTD_TOKEN_TBYTES);
1371
1372 ehci_finish_transfer(q, p->packet.actual_length);
1373 usb_packet_unmap(&p->packet, &p->sgl);
1374 qemu_sglist_destroy(&p->sgl);
1375 p->async = EHCI_ASYNC_NONE;
1376
1377 q->qh.token ^= QTD_TOKEN_DTOGGLE;
1378 q->qh.token &= ~QTD_TOKEN_ACTIVE;
1379
1380 if (q->qh.token & QTD_TOKEN_IOC) {
1381 ehci_raise_irq(q->ehci, USBSTS_INT);
1382 if (q->async) {
1383 q->ehci->int_req_by_async = true;
1384 }
1385 }
1386}
1387
1388
1389static int ehci_execute(EHCIPacket *p, const char *action)
1390{
1391 USBEndpoint *ep;
1392 int endp;
1393 bool spd;
1394
1395 assert(p->async == EHCI_ASYNC_NONE ||
1396 p->async == EHCI_ASYNC_INITIALIZED);
1397
1398 if (!(p->qtd.token & QTD_TOKEN_ACTIVE)) {
1399 fprintf(stderr, "Attempting to execute inactive qtd\n");
1400 return -1;
1401 }
1402
1403 if (get_field(p->qtd.token, QTD_TOKEN_TBYTES) > BUFF_SIZE) {
1404 ehci_trace_guest_bug(p->queue->ehci,
1405 "guest requested more bytes than allowed");
1406 return -1;
1407 }
1408
1409 if (!ehci_verify_pid(p->queue, &p->qtd)) {
1410 ehci_queue_stopped(p->queue);
1411 }
1412 p->pid = ehci_get_pid(&p->qtd);
1413 p->queue->last_pid = p->pid;
1414 endp = get_field(p->queue->qh.epchar, QH_EPCHAR_EP);
1415 ep = usb_ep_get(p->queue->dev, p->pid, endp);
1416
1417 if (p->async == EHCI_ASYNC_NONE) {
1418 if (ehci_init_transfer(p) != 0) {
1419 return -1;
1420 }
1421
1422 spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0);
1423 usb_packet_setup(&p->packet, p->pid, ep, p->qtdaddr, spd,
1424 (p->qtd.token & QTD_TOKEN_IOC) != 0);
1425 usb_packet_map(&p->packet, &p->sgl);
1426 p->async = EHCI_ASYNC_INITIALIZED;
1427 }
1428
1429 trace_usb_ehci_packet_action(p->queue, p, action);
1430 usb_handle_packet(p->queue->dev, &p->packet);
1431 DPRINTF("submit: qh 0x%x next 0x%x qtd 0x%x pid 0x%x len %zd endp 0x%x "
1432 "status %d actual_length %d\n", p->queue->qhaddr, p->qtd.next,
1433 p->qtdaddr, p->pid, p->packet.iov.size, endp, p->packet.status,
1434 p->packet.actual_length);
1435
1436 if (p->packet.actual_length > BUFF_SIZE) {
1437 fprintf(stderr, "ret from usb_handle_packet > BUFF_SIZE\n");
1438 return -1;
1439 }
1440
1441 return 1;
1442}
1443
1444
1445
1446
1447static int ehci_process_itd(EHCIState *ehci,
1448 EHCIitd *itd,
1449 uint32_t addr)
1450{
1451 USBDevice *dev;
1452 USBEndpoint *ep;
1453 uint32_t i, len, pid, dir, devaddr, endp;
1454 uint32_t pg, off, ptr1, ptr2, max, mult;
1455
1456 ehci->periodic_sched_active = PERIODIC_ACTIVE;
1457
1458 dir =(itd->bufptr[1] & ITD_BUFPTR_DIRECTION);
1459 devaddr = get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR);
1460 endp = get_field(itd->bufptr[0], ITD_BUFPTR_EP);
1461 max = get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT);
1462 mult = get_field(itd->bufptr[2], ITD_BUFPTR_MULT);
1463
1464 for(i = 0; i < 8; i++) {
1465 if (itd->transact[i] & ITD_XACT_ACTIVE) {
1466 pg = get_field(itd->transact[i], ITD_XACT_PGSEL);
1467 off = itd->transact[i] & ITD_XACT_OFFSET_MASK;
1468 ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
1469 ptr2 = (itd->bufptr[pg+1] & ITD_BUFPTR_MASK);
1470 len = get_field(itd->transact[i], ITD_XACT_LENGTH);
1471
1472 if (len > max * mult) {
1473 len = max * mult;
1474 }
1475
1476 if (len > BUFF_SIZE) {
1477 return -1;
1478 }
1479
1480 qemu_sglist_init(&ehci->isgl, 2, ehci->dma);
1481 if (off + len > 4096) {
1482
1483 uint32_t len2 = off + len - 4096;
1484 uint32_t len1 = len - len2;
1485 qemu_sglist_add(&ehci->isgl, ptr1 + off, len1);
1486 qemu_sglist_add(&ehci->isgl, ptr2, len2);
1487 } else {
1488 qemu_sglist_add(&ehci->isgl, ptr1 + off, len);
1489 }
1490
1491 pid = dir ? USB_TOKEN_IN : USB_TOKEN_OUT;
1492
1493 dev = ehci_find_device(ehci, devaddr);
1494 ep = usb_ep_get(dev, pid, endp);
1495 if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) {
1496 usb_packet_setup(&ehci->ipacket, pid, ep, addr, false,
1497 (itd->transact[i] & ITD_XACT_IOC) != 0);
1498 usb_packet_map(&ehci->ipacket, &ehci->isgl);
1499 usb_handle_packet(dev, &ehci->ipacket);
1500 usb_packet_unmap(&ehci->ipacket, &ehci->isgl);
1501 } else {
1502 DPRINTF("ISOCH: attempt to addess non-iso endpoint\n");
1503 ehci->ipacket.status = USB_RET_NAK;
1504 ehci->ipacket.actual_length = 0;
1505 }
1506 qemu_sglist_destroy(&ehci->isgl);
1507
1508 switch (ehci->ipacket.status) {
1509 case USB_RET_SUCCESS:
1510 break;
1511 default:
1512 fprintf(stderr, "Unexpected iso usb result: %d\n",
1513 ehci->ipacket.status);
1514
1515 case USB_RET_IOERROR:
1516 case USB_RET_NODEV:
1517
1518 if (dir) {
1519 itd->transact[i] |= ITD_XACT_XACTERR;
1520 ehci_raise_irq(ehci, USBSTS_ERRINT);
1521 }
1522 break;
1523 case USB_RET_BABBLE:
1524 itd->transact[i] |= ITD_XACT_BABBLE;
1525 ehci_raise_irq(ehci, USBSTS_ERRINT);
1526 break;
1527 case USB_RET_NAK:
1528
1529 ehci->ipacket.actual_length = 0;
1530 break;
1531 }
1532 if (!dir) {
1533 set_field(&itd->transact[i], len - ehci->ipacket.actual_length,
1534 ITD_XACT_LENGTH);
1535 } else {
1536 set_field(&itd->transact[i], ehci->ipacket.actual_length,
1537 ITD_XACT_LENGTH);
1538 }
1539 if (itd->transact[i] & ITD_XACT_IOC) {
1540 ehci_raise_irq(ehci, USBSTS_INT);
1541 }
1542 itd->transact[i] &= ~ITD_XACT_ACTIVE;
1543 }
1544 }
1545 return 0;
1546}
1547
1548
1549
1550
1551
1552static int ehci_state_waitlisthead(EHCIState *ehci, int async)
1553{
1554 EHCIqh qh;
1555 int i = 0;
1556 int again = 0;
1557 uint32_t entry = ehci->asynclistaddr;
1558
1559
1560 if (async) {
1561 ehci_set_usbsts(ehci, USBSTS_REC);
1562 }
1563
1564 ehci_queues_rip_unused(ehci, async);
1565
1566
1567 for(i = 0; i < MAX_QH; i++) {
1568 if (get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &qh,
1569 sizeof(EHCIqh) >> 2) < 0) {
1570 return 0;
1571 }
1572 ehci_trace_qh(NULL, NLPTR_GET(entry), &qh);
1573
1574 if (qh.epchar & QH_EPCHAR_H) {
1575 if (async) {
1576 entry |= (NLPTR_TYPE_QH << 1);
1577 }
1578
1579 ehci_set_fetch_addr(ehci, async, entry);
1580 ehci_set_state(ehci, async, EST_FETCHENTRY);
1581 again = 1;
1582 goto out;
1583 }
1584
1585 entry = qh.next;
1586 if (entry == ehci->asynclistaddr) {
1587 break;
1588 }
1589 }
1590
1591
1592
1593 ehci_set_state(ehci, async, EST_ACTIVE);
1594
1595out:
1596 return again;
1597}
1598
1599
1600
1601
1602
1603static int ehci_state_fetchentry(EHCIState *ehci, int async)
1604{
1605 int again = 0;
1606 uint32_t entry = ehci_get_fetch_addr(ehci, async);
1607
1608 if (NLPTR_TBIT(entry)) {
1609 ehci_set_state(ehci, async, EST_ACTIVE);
1610 goto out;
1611 }
1612
1613
1614 if (async && (NLPTR_TYPE_GET(entry) != NLPTR_TYPE_QH)) {
1615 fprintf(stderr, "non queue head request in async schedule\n");
1616 return -1;
1617 }
1618
1619 switch (NLPTR_TYPE_GET(entry)) {
1620 case NLPTR_TYPE_QH:
1621 ehci_set_state(ehci, async, EST_FETCHQH);
1622 again = 1;
1623 break;
1624
1625 case NLPTR_TYPE_ITD:
1626 ehci_set_state(ehci, async, EST_FETCHITD);
1627 again = 1;
1628 break;
1629
1630 case NLPTR_TYPE_STITD:
1631 ehci_set_state(ehci, async, EST_FETCHSITD);
1632 again = 1;
1633 break;
1634
1635 default:
1636
1637 fprintf(stderr, "FETCHENTRY: entry at %X is of type %d "
1638 "which is not supported yet\n", entry, NLPTR_TYPE_GET(entry));
1639 return -1;
1640 }
1641
1642out:
1643 return again;
1644}
1645
1646static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async)
1647{
1648 uint32_t entry;
1649 EHCIQueue *q;
1650 EHCIqh qh;
1651
1652 entry = ehci_get_fetch_addr(ehci, async);
1653 q = ehci_find_queue_by_qh(ehci, entry, async);
1654 if (NULL == q) {
1655 q = ehci_alloc_queue(ehci, entry, async);
1656 }
1657
1658 q->seen++;
1659 if (q->seen > 1) {
1660
1661 ehci_set_state(ehci, async, EST_ACTIVE);
1662 q = NULL;
1663 goto out;
1664 }
1665
1666 if (get_dwords(ehci, NLPTR_GET(q->qhaddr),
1667 (uint32_t *) &qh, sizeof(EHCIqh) >> 2) < 0) {
1668 q = NULL;
1669 goto out;
1670 }
1671 ehci_trace_qh(q, NLPTR_GET(q->qhaddr), &qh);
1672
1673
1674
1675
1676
1677 if (!ehci_verify_qh(q, &qh)) {
1678 if (ehci_reset_queue(q) > 0) {
1679 ehci_trace_guest_bug(ehci, "guest updated active QH");
1680 }
1681 }
1682 q->qh = qh;
1683
1684 q->transact_ctr = get_field(q->qh.epcap, QH_EPCAP_MULT);
1685 if (q->transact_ctr == 0) {
1686 q->transact_ctr = 4;
1687 }
1688
1689 if (q->dev == NULL) {
1690 q->dev = ehci_find_device(q->ehci,
1691 get_field(q->qh.epchar, QH_EPCHAR_DEVADDR));
1692 }
1693
1694 if (async && (q->qh.epchar & QH_EPCHAR_H)) {
1695
1696
1697 if (ehci->usbsts & USBSTS_REC) {
1698 ehci_clear_usbsts(ehci, USBSTS_REC);
1699 } else {
1700 DPRINTF("FETCHQH: QH 0x%08x. H-bit set, reclamation status reset"
1701 " - done processing\n", q->qhaddr);
1702 ehci_set_state(ehci, async, EST_ACTIVE);
1703 q = NULL;
1704 goto out;
1705 }
1706 }
1707
1708#if EHCI_DEBUG
1709 if (q->qhaddr != q->qh.next) {
1710 DPRINTF("FETCHQH: QH 0x%08x (h %x halt %x active %x) next 0x%08x\n",
1711 q->qhaddr,
1712 q->qh.epchar & QH_EPCHAR_H,
1713 q->qh.token & QTD_TOKEN_HALT,
1714 q->qh.token & QTD_TOKEN_ACTIVE,
1715 q->qh.next);
1716 }
1717#endif
1718
1719 if (q->qh.token & QTD_TOKEN_HALT) {
1720 ehci_set_state(ehci, async, EST_HORIZONTALQH);
1721
1722 } else if ((q->qh.token & QTD_TOKEN_ACTIVE) &&
1723 (NLPTR_TBIT(q->qh.current_qtd) == 0)) {
1724 q->qtdaddr = q->qh.current_qtd;
1725 ehci_set_state(ehci, async, EST_FETCHQTD);
1726
1727 } else {
1728
1729 ehci_set_state(ehci, async, EST_ADVANCEQUEUE);
1730 }
1731
1732out:
1733 return q;
1734}
1735
1736static int ehci_state_fetchitd(EHCIState *ehci, int async)
1737{
1738 uint32_t entry;
1739 EHCIitd itd;
1740
1741 assert(!async);
1742 entry = ehci_get_fetch_addr(ehci, async);
1743
1744 if (get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd,
1745 sizeof(EHCIitd) >> 2) < 0) {
1746 return -1;
1747 }
1748 ehci_trace_itd(ehci, entry, &itd);
1749
1750 if (ehci_process_itd(ehci, &itd, entry) != 0) {
1751 return -1;
1752 }
1753
1754 put_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd,
1755 sizeof(EHCIitd) >> 2);
1756 ehci_set_fetch_addr(ehci, async, itd.next);
1757 ehci_set_state(ehci, async, EST_FETCHENTRY);
1758
1759 return 1;
1760}
1761
1762static int ehci_state_fetchsitd(EHCIState *ehci, int async)
1763{
1764 uint32_t entry;
1765 EHCIsitd sitd;
1766
1767 assert(!async);
1768 entry = ehci_get_fetch_addr(ehci, async);
1769
1770 if (get_dwords(ehci, NLPTR_GET(entry), (uint32_t *)&sitd,
1771 sizeof(EHCIsitd) >> 2) < 0) {
1772 return 0;
1773 }
1774 ehci_trace_sitd(ehci, entry, &sitd);
1775
1776 if (!(sitd.results & SITD_RESULTS_ACTIVE)) {
1777 ;
1778 } else {
1779
1780 fprintf(stderr, "WARNING: Skipping active siTD\n");
1781 }
1782
1783 ehci_set_fetch_addr(ehci, async, sitd.next);
1784 ehci_set_state(ehci, async, EST_FETCHENTRY);
1785 return 1;
1786}
1787
1788
1789static int ehci_state_advqueue(EHCIQueue *q)
1790{
1791#if 0
1792
1793
1794
1795
1796 if (I-bit set) {
1797 ehci_set_state(ehci, async, EST_HORIZONTALQH);
1798 goto out;
1799 }
1800#endif
1801
1802
1803
1804
1805 if (((q->qh.token & QTD_TOKEN_TBYTES_MASK) != 0) &&
1806 (NLPTR_TBIT(q->qh.altnext_qtd) == 0)) {
1807 q->qtdaddr = q->qh.altnext_qtd;
1808 ehci_set_state(q->ehci, q->async, EST_FETCHQTD);
1809
1810
1811
1812
1813 } else if (NLPTR_TBIT(q->qh.next_qtd) == 0) {
1814 q->qtdaddr = q->qh.next_qtd;
1815 ehci_set_state(q->ehci, q->async, EST_FETCHQTD);
1816
1817
1818
1819
1820 } else {
1821 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1822 }
1823
1824 return 1;
1825}
1826
1827
1828static int ehci_state_fetchqtd(EHCIQueue *q)
1829{
1830 EHCIqtd qtd;
1831 EHCIPacket *p;
1832 int again = 1;
1833
1834 if (get_dwords(q->ehci, NLPTR_GET(q->qtdaddr), (uint32_t *) &qtd,
1835 sizeof(EHCIqtd) >> 2) < 0) {
1836 return 0;
1837 }
1838 ehci_trace_qtd(q, NLPTR_GET(q->qtdaddr), &qtd);
1839
1840 p = QTAILQ_FIRST(&q->packets);
1841 if (p != NULL) {
1842 if (!ehci_verify_qtd(p, &qtd)) {
1843 ehci_cancel_queue(q);
1844 if (qtd.token & QTD_TOKEN_ACTIVE) {
1845 ehci_trace_guest_bug(q->ehci, "guest updated active qTD");
1846 }
1847 p = NULL;
1848 } else {
1849 p->qtd = qtd;
1850 ehci_qh_do_overlay(q);
1851 }
1852 }
1853
1854 if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
1855 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1856 } else if (p != NULL) {
1857 switch (p->async) {
1858 case EHCI_ASYNC_NONE:
1859 case EHCI_ASYNC_INITIALIZED:
1860
1861 ehci_set_state(q->ehci, q->async, EST_EXECUTE);
1862 break;
1863 case EHCI_ASYNC_INFLIGHT:
1864
1865 again = ehci_fill_queue(QTAILQ_LAST(&q->packets, pkts_head));
1866
1867 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1868 break;
1869 case EHCI_ASYNC_FINISHED:
1870
1871 ehci_set_state(q->ehci, q->async, EST_EXECUTING);
1872 break;
1873 }
1874 } else {
1875 p = ehci_alloc_packet(q);
1876 p->qtdaddr = q->qtdaddr;
1877 p->qtd = qtd;
1878 ehci_set_state(q->ehci, q->async, EST_EXECUTE);
1879 }
1880
1881 return again;
1882}
1883
1884static int ehci_state_horizqh(EHCIQueue *q)
1885{
1886 int again = 0;
1887
1888 if (ehci_get_fetch_addr(q->ehci, q->async) != q->qh.next) {
1889 ehci_set_fetch_addr(q->ehci, q->async, q->qh.next);
1890 ehci_set_state(q->ehci, q->async, EST_FETCHENTRY);
1891 again = 1;
1892 } else {
1893 ehci_set_state(q->ehci, q->async, EST_ACTIVE);
1894 }
1895
1896 return again;
1897}
1898
1899
1900static int ehci_fill_queue(EHCIPacket *p)
1901{
1902 USBEndpoint *ep = p->packet.ep;
1903 EHCIQueue *q = p->queue;
1904 EHCIqtd qtd = p->qtd;
1905 uint32_t qtdaddr;
1906
1907 for (;;) {
1908 if (NLPTR_TBIT(qtd.next) != 0) {
1909 break;
1910 }
1911 qtdaddr = qtd.next;
1912
1913
1914
1915
1916 QTAILQ_FOREACH(p, &q->packets, next) {
1917 if (p->qtdaddr == qtdaddr) {
1918 goto leave;
1919 }
1920 }
1921 if (get_dwords(q->ehci, NLPTR_GET(qtdaddr),
1922 (uint32_t *) &qtd, sizeof(EHCIqtd) >> 2) < 0) {
1923 return -1;
1924 }
1925 ehci_trace_qtd(q, NLPTR_GET(qtdaddr), &qtd);
1926 if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
1927 break;
1928 }
1929 if (!ehci_verify_pid(q, &qtd)) {
1930 ehci_trace_guest_bug(q->ehci, "guest queued token with wrong pid");
1931 break;
1932 }
1933 p = ehci_alloc_packet(q);
1934 p->qtdaddr = qtdaddr;
1935 p->qtd = qtd;
1936 if (ehci_execute(p, "queue") == -1) {
1937 return -1;
1938 }
1939 assert(p->packet.status == USB_RET_ASYNC);
1940 p->async = EHCI_ASYNC_INFLIGHT;
1941 }
1942leave:
1943 usb_device_flush_ep_queue(ep->dev, ep);
1944 return 1;
1945}
1946
1947static int ehci_state_execute(EHCIQueue *q)
1948{
1949 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1950 int again = 0;
1951
1952 assert(p != NULL);
1953 assert(p->qtdaddr == q->qtdaddr);
1954
1955 if (ehci_qh_do_overlay(q) != 0) {
1956 return -1;
1957 }
1958
1959
1960
1961
1962
1963 if (!q->async && q->transact_ctr == 0) {
1964 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1965 again = 1;
1966 goto out;
1967 }
1968
1969 if (q->async) {
1970 ehci_set_usbsts(q->ehci, USBSTS_REC);
1971 }
1972
1973 again = ehci_execute(p, "process");
1974 if (again == -1) {
1975 goto out;
1976 }
1977 if (p->packet.status == USB_RET_ASYNC) {
1978 ehci_flush_qh(q);
1979 trace_usb_ehci_packet_action(p->queue, p, "async");
1980 p->async = EHCI_ASYNC_INFLIGHT;
1981 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1982 if (q->async) {
1983 again = ehci_fill_queue(p);
1984 } else {
1985 again = 1;
1986 }
1987 goto out;
1988 }
1989
1990 ehci_set_state(q->ehci, q->async, EST_EXECUTING);
1991 again = 1;
1992
1993out:
1994 return again;
1995}
1996
1997static int ehci_state_executing(EHCIQueue *q)
1998{
1999 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
2000
2001 assert(p != NULL);
2002 assert(p->qtdaddr == q->qtdaddr);
2003
2004 ehci_execute_complete(q);
2005
2006
2007 if (!q->async && q->transact_ctr > 0) {
2008 q->transact_ctr--;
2009 }
2010
2011
2012 if (p->packet.status == USB_RET_NAK) {
2013 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
2014 } else {
2015 ehci_set_state(q->ehci, q->async, EST_WRITEBACK);
2016 }
2017
2018 ehci_flush_qh(q);
2019 return 1;
2020}
2021
2022
2023static int ehci_state_writeback(EHCIQueue *q)
2024{
2025 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
2026 uint32_t *qtd, addr;
2027 int again = 0;
2028
2029
2030 assert(p != NULL);
2031 assert(p->qtdaddr == q->qtdaddr);
2032
2033 ehci_trace_qtd(q, NLPTR_GET(p->qtdaddr), (EHCIqtd *) &q->qh.next_qtd);
2034 qtd = (uint32_t *) &q->qh.next_qtd;
2035 addr = NLPTR_GET(p->qtdaddr);
2036 put_dwords(q->ehci, addr + 2 * sizeof(uint32_t), qtd + 2, 2);
2037 ehci_free_packet(p);
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047 if (q->qh.token & QTD_TOKEN_HALT) {
2048 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
2049 again = 1;
2050 } else {
2051 ehci_set_state(q->ehci, q->async, EST_ADVANCEQUEUE);
2052 again = 1;
2053 }
2054 return again;
2055}
2056
2057
2058
2059
2060
2061static void ehci_advance_state(EHCIState *ehci, int async)
2062{
2063 EHCIQueue *q = NULL;
2064 int again;
2065
2066 do {
2067 switch(ehci_get_state(ehci, async)) {
2068 case EST_WAITLISTHEAD:
2069 again = ehci_state_waitlisthead(ehci, async);
2070 break;
2071
2072 case EST_FETCHENTRY:
2073 again = ehci_state_fetchentry(ehci, async);
2074 break;
2075
2076 case EST_FETCHQH:
2077 q = ehci_state_fetchqh(ehci, async);
2078 if (q != NULL) {
2079 assert(q->async == async);
2080 again = 1;
2081 } else {
2082 again = 0;
2083 }
2084 break;
2085
2086 case EST_FETCHITD:
2087 again = ehci_state_fetchitd(ehci, async);
2088 break;
2089
2090 case EST_FETCHSITD:
2091 again = ehci_state_fetchsitd(ehci, async);
2092 break;
2093
2094 case EST_ADVANCEQUEUE:
2095 assert(q != NULL);
2096 again = ehci_state_advqueue(q);
2097 break;
2098
2099 case EST_FETCHQTD:
2100 assert(q != NULL);
2101 again = ehci_state_fetchqtd(q);
2102 break;
2103
2104 case EST_HORIZONTALQH:
2105 assert(q != NULL);
2106 again = ehci_state_horizqh(q);
2107 break;
2108
2109 case EST_EXECUTE:
2110 assert(q != NULL);
2111 again = ehci_state_execute(q);
2112 if (async) {
2113 ehci->async_stepdown = 0;
2114 }
2115 break;
2116
2117 case EST_EXECUTING:
2118 assert(q != NULL);
2119 if (async) {
2120 ehci->async_stepdown = 0;
2121 }
2122 again = ehci_state_executing(q);
2123 break;
2124
2125 case EST_WRITEBACK:
2126 assert(q != NULL);
2127 again = ehci_state_writeback(q);
2128 if (!async) {
2129 ehci->periodic_sched_active = PERIODIC_ACTIVE;
2130 }
2131 break;
2132
2133 default:
2134 fprintf(stderr, "Bad state!\n");
2135 again = -1;
2136 assert(0);
2137 break;
2138 }
2139
2140 if (again < 0) {
2141 fprintf(stderr, "processing error - resetting ehci HC\n");
2142 ehci_reset(ehci);
2143 again = 0;
2144 }
2145 }
2146 while (again);
2147}
2148
2149static void ehci_advance_async_state(EHCIState *ehci)
2150{
2151 const int async = 1;
2152
2153 switch(ehci_get_state(ehci, async)) {
2154 case EST_INACTIVE:
2155 if (!ehci_async_enabled(ehci)) {
2156 break;
2157 }
2158 ehci_set_state(ehci, async, EST_ACTIVE);
2159
2160
2161 case EST_ACTIVE:
2162 if (!ehci_async_enabled(ehci)) {
2163 ehci_queues_rip_all(ehci, async);
2164 ehci_set_state(ehci, async, EST_INACTIVE);
2165 break;
2166 }
2167
2168
2169
2170 if (ehci->usbsts & USBSTS_IAA) {
2171 DPRINTF("IAA status bit still set.\n");
2172 break;
2173 }
2174
2175
2176 if (ehci->asynclistaddr == 0) {
2177 break;
2178 }
2179
2180 ehci_set_state(ehci, async, EST_WAITLISTHEAD);
2181 ehci_advance_state(ehci, async);
2182
2183
2184
2185
2186
2187 if (ehci->usbcmd & USBCMD_IAAD) {
2188
2189 ehci_queues_rip_unseen(ehci, async);
2190 trace_usb_ehci_doorbell_ack();
2191 ehci->usbcmd &= ~USBCMD_IAAD;
2192 ehci_raise_irq(ehci, USBSTS_IAA);
2193 }
2194 break;
2195
2196 default:
2197
2198 fprintf(stderr, "ehci: Bad asynchronous state %d. "
2199 "Resetting to active\n", ehci->astate);
2200 assert(0);
2201 }
2202}
2203
2204static void ehci_advance_periodic_state(EHCIState *ehci)
2205{
2206 uint32_t entry;
2207 uint32_t list;
2208 const int async = 0;
2209
2210
2211
2212 switch(ehci_get_state(ehci, async)) {
2213 case EST_INACTIVE:
2214 if (!(ehci->frindex & 7) && ehci_periodic_enabled(ehci)) {
2215 ehci_set_state(ehci, async, EST_ACTIVE);
2216
2217 } else
2218 break;
2219
2220 case EST_ACTIVE:
2221 if (!(ehci->frindex & 7) && !ehci_periodic_enabled(ehci)) {
2222 ehci_queues_rip_all(ehci, async);
2223 ehci_set_state(ehci, async, EST_INACTIVE);
2224 break;
2225 }
2226
2227 list = ehci->periodiclistbase & 0xfffff000;
2228
2229 if (list == 0) {
2230 break;
2231 }
2232 list |= ((ehci->frindex & 0x1ff8) >> 1);
2233
2234 if (get_dwords(ehci, list, &entry, 1) < 0) {
2235 break;
2236 }
2237
2238 DPRINTF("PERIODIC state adv fr=%d. [%08X] -> %08X\n",
2239 ehci->frindex / 8, list, entry);
2240 ehci_set_fetch_addr(ehci, async,entry);
2241 ehci_set_state(ehci, async, EST_FETCHENTRY);
2242 ehci_advance_state(ehci, async);
2243 ehci_queues_rip_unused(ehci, async);
2244 break;
2245
2246 default:
2247
2248 fprintf(stderr, "ehci: Bad periodic state %d. "
2249 "Resetting to active\n", ehci->pstate);
2250 assert(0);
2251 }
2252}
2253
2254static void ehci_update_frindex(EHCIState *ehci, int uframes)
2255{
2256 int i;
2257
2258 if (!ehci_enabled(ehci) && ehci->pstate == EST_INACTIVE) {
2259 return;
2260 }
2261
2262 for (i = 0; i < uframes; i++) {
2263 ehci->frindex++;
2264
2265 if (ehci->frindex == 0x00002000) {
2266 ehci_raise_irq(ehci, USBSTS_FLR);
2267 }
2268
2269 if (ehci->frindex == 0x00004000) {
2270 ehci_raise_irq(ehci, USBSTS_FLR);
2271 ehci->frindex = 0;
2272 if (ehci->usbsts_frindex >= 0x00004000) {
2273 ehci->usbsts_frindex -= 0x00004000;
2274 } else {
2275 ehci->usbsts_frindex = 0;
2276 }
2277 }
2278 }
2279}
2280
2281static void ehci_frame_timer(void *opaque)
2282{
2283 EHCIState *ehci = opaque;
2284 int need_timer = 0;
2285 int64_t expire_time, t_now;
2286 uint64_t ns_elapsed;
2287 int uframes, skipped_uframes;
2288 int i;
2289
2290 t_now = qemu_get_clock_ns(vm_clock);
2291 ns_elapsed = t_now - ehci->last_run_ns;
2292 uframes = ns_elapsed / UFRAME_TIMER_NS;
2293
2294 if (ehci_periodic_enabled(ehci) || ehci->pstate != EST_INACTIVE) {
2295 need_timer++;
2296
2297 if (uframes > (ehci->maxframes * 8)) {
2298 skipped_uframes = uframes - (ehci->maxframes * 8);
2299 ehci_update_frindex(ehci, skipped_uframes);
2300 ehci->last_run_ns += UFRAME_TIMER_NS * skipped_uframes;
2301 uframes -= skipped_uframes;
2302 DPRINTF("WARNING - EHCI skipped %d uframes\n", skipped_uframes);
2303 }
2304
2305 for (i = 0; i < uframes; i++) {
2306
2307
2308
2309
2310
2311
2312
2313 if (i >= MIN_UFR_PER_TICK) {
2314 ehci_commit_irq(ehci);
2315 if ((ehci->usbsts & USBINTR_MASK) & ehci->usbintr) {
2316 break;
2317 }
2318 }
2319 if (ehci->periodic_sched_active) {
2320 ehci->periodic_sched_active--;
2321 }
2322 ehci_update_frindex(ehci, 1);
2323 if ((ehci->frindex & 7) == 0) {
2324 ehci_advance_periodic_state(ehci);
2325 }
2326 ehci->last_run_ns += UFRAME_TIMER_NS;
2327 }
2328 } else {
2329 ehci->periodic_sched_active = 0;
2330 ehci_update_frindex(ehci, uframes);
2331 ehci->last_run_ns += UFRAME_TIMER_NS * uframes;
2332 }
2333
2334 if (ehci->periodic_sched_active) {
2335 ehci->async_stepdown = 0;
2336 } else if (ehci->async_stepdown < ehci->maxframes / 2) {
2337 ehci->async_stepdown++;
2338 }
2339
2340
2341
2342
2343 if (ehci_async_enabled(ehci) || ehci->astate != EST_INACTIVE) {
2344 need_timer++;
2345 ehci_advance_async_state(ehci);
2346 }
2347
2348 ehci_commit_irq(ehci);
2349 if (ehci->usbsts_pending) {
2350 need_timer++;
2351 ehci->async_stepdown = 0;
2352 }
2353
2354 if (ehci_enabled(ehci) && (ehci->usbintr & USBSTS_FLR)) {
2355 need_timer++;
2356 }
2357
2358 if (need_timer) {
2359
2360
2361 if (ehci->int_req_by_async && (ehci->usbsts & USBSTS_INT)) {
2362 expire_time = t_now + get_ticks_per_sec() / (FRAME_TIMER_FREQ * 4);
2363 ehci->int_req_by_async = false;
2364 } else {
2365 expire_time = t_now + (get_ticks_per_sec()
2366 * (ehci->async_stepdown+1) / FRAME_TIMER_FREQ);
2367 }
2368 qemu_mod_timer(ehci->frame_timer, expire_time);
2369 }
2370}
2371
2372static const MemoryRegionOps ehci_mmio_caps_ops = {
2373 .read = ehci_caps_read,
2374 .valid.min_access_size = 1,
2375 .valid.max_access_size = 4,
2376 .impl.min_access_size = 1,
2377 .impl.max_access_size = 1,
2378 .endianness = DEVICE_LITTLE_ENDIAN,
2379};
2380
2381static const MemoryRegionOps ehci_mmio_opreg_ops = {
2382 .read = ehci_opreg_read,
2383 .write = ehci_opreg_write,
2384 .valid.min_access_size = 4,
2385 .valid.max_access_size = 4,
2386 .endianness = DEVICE_LITTLE_ENDIAN,
2387};
2388
2389static const MemoryRegionOps ehci_mmio_port_ops = {
2390 .read = ehci_port_read,
2391 .write = ehci_port_write,
2392 .valid.min_access_size = 4,
2393 .valid.max_access_size = 4,
2394 .endianness = DEVICE_LITTLE_ENDIAN,
2395};
2396
2397static USBPortOps ehci_port_ops = {
2398 .attach = ehci_attach,
2399 .detach = ehci_detach,
2400 .child_detach = ehci_child_detach,
2401 .wakeup = ehci_wakeup,
2402 .complete = ehci_async_complete_packet,
2403};
2404
2405static USBBusOps ehci_bus_ops = {
2406 .register_companion = ehci_register_companion,
2407 .wakeup_endpoint = ehci_wakeup_endpoint,
2408};
2409
2410static void usb_ehci_pre_save(void *opaque)
2411{
2412 EHCIState *ehci = opaque;
2413 uint32_t new_frindex;
2414
2415
2416 new_frindex = ehci->frindex & ~7;
2417 ehci->last_run_ns -= (ehci->frindex - new_frindex) * UFRAME_TIMER_NS;
2418 ehci->frindex = new_frindex;
2419}
2420
2421static int usb_ehci_post_load(void *opaque, int version_id)
2422{
2423 EHCIState *s = opaque;
2424 int i;
2425
2426 for (i = 0; i < NB_PORTS; i++) {
2427 USBPort *companion = s->companion_ports[i];
2428 if (companion == NULL) {
2429 continue;
2430 }
2431 if (s->portsc[i] & PORTSC_POWNER) {
2432 companion->dev = s->ports[i].dev;
2433 } else {
2434 companion->dev = NULL;
2435 }
2436 }
2437
2438 return 0;
2439}
2440
2441static void usb_ehci_vm_state_change(void *opaque, int running, RunState state)
2442{
2443 EHCIState *ehci = opaque;
2444
2445
2446
2447
2448
2449
2450
2451 if (state == RUN_STATE_RUNNING) {
2452 ehci_advance_async_state(ehci);
2453 }
2454
2455
2456
2457
2458
2459
2460
2461 if (state == RUN_STATE_SAVE_VM) {
2462 ehci_advance_async_state(ehci);
2463 ehci_queues_rip_unseen(ehci, 1);
2464 }
2465}
2466
2467const VMStateDescription vmstate_ehci = {
2468 .name = "ehci-core",
2469 .version_id = 2,
2470 .minimum_version_id = 1,
2471 .pre_save = usb_ehci_pre_save,
2472 .post_load = usb_ehci_post_load,
2473 .fields = (VMStateField[]) {
2474
2475 VMSTATE_UINT32(usbcmd, EHCIState),
2476 VMSTATE_UINT32(usbsts, EHCIState),
2477 VMSTATE_UINT32_V(usbsts_pending, EHCIState, 2),
2478 VMSTATE_UINT32_V(usbsts_frindex, EHCIState, 2),
2479 VMSTATE_UINT32(usbintr, EHCIState),
2480 VMSTATE_UINT32(frindex, EHCIState),
2481 VMSTATE_UINT32(ctrldssegment, EHCIState),
2482 VMSTATE_UINT32(periodiclistbase, EHCIState),
2483 VMSTATE_UINT32(asynclistaddr, EHCIState),
2484 VMSTATE_UINT32(configflag, EHCIState),
2485 VMSTATE_UINT32(portsc[0], EHCIState),
2486 VMSTATE_UINT32(portsc[1], EHCIState),
2487 VMSTATE_UINT32(portsc[2], EHCIState),
2488 VMSTATE_UINT32(portsc[3], EHCIState),
2489 VMSTATE_UINT32(portsc[4], EHCIState),
2490 VMSTATE_UINT32(portsc[5], EHCIState),
2491
2492 VMSTATE_TIMER(frame_timer, EHCIState),
2493 VMSTATE_UINT64(last_run_ns, EHCIState),
2494 VMSTATE_UINT32(async_stepdown, EHCIState),
2495
2496 VMSTATE_UINT32(astate, EHCIState),
2497 VMSTATE_UINT32(pstate, EHCIState),
2498 VMSTATE_UINT32(a_fetch_addr, EHCIState),
2499 VMSTATE_UINT32(p_fetch_addr, EHCIState),
2500 VMSTATE_END_OF_LIST()
2501 }
2502};
2503
2504void usb_ehci_initfn(EHCIState *s, DeviceState *dev)
2505{
2506 int i;
2507
2508
2509 s->caps[0x00] = (uint8_t)(s->opregbase - s->capsbase);
2510 s->caps[0x01] = 0x00;
2511 s->caps[0x02] = 0x00;
2512 s->caps[0x03] = 0x01;
2513 s->caps[0x04] = NB_PORTS;
2514 s->caps[0x05] = 0x00;
2515 s->caps[0x06] = 0x00;
2516 s->caps[0x07] = 0x00;
2517 s->caps[0x08] = 0x80;
2518 s->caps[0x0a] = 0x00;
2519 s->caps[0x0b] = 0x00;
2520
2521 usb_bus_new(&s->bus, &ehci_bus_ops, dev);
2522 for(i = 0; i < NB_PORTS; i++) {
2523 usb_register_port(&s->bus, &s->ports[i], s, i, &ehci_port_ops,
2524 USB_SPEED_MASK_HIGH);
2525 s->ports[i].dev = 0;
2526 }
2527
2528 s->frame_timer = qemu_new_timer_ns(vm_clock, ehci_frame_timer, s);
2529 s->async_bh = qemu_bh_new(ehci_frame_timer, s);
2530 QTAILQ_INIT(&s->aqueues);
2531 QTAILQ_INIT(&s->pqueues);
2532 usb_packet_init(&s->ipacket);
2533
2534 qemu_register_reset(ehci_reset, s);
2535 qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s);
2536
2537 memory_region_init(&s->mem, "ehci", MMIO_SIZE);
2538 memory_region_init_io(&s->mem_caps, &ehci_mmio_caps_ops, s,
2539 "capabilities", CAPA_SIZE);
2540 memory_region_init_io(&s->mem_opreg, &ehci_mmio_opreg_ops, s,
2541 "operational", PORTSC_BEGIN);
2542 memory_region_init_io(&s->mem_ports, &ehci_mmio_port_ops, s,
2543 "ports", PORTSC_END - PORTSC_BEGIN);
2544
2545 memory_region_add_subregion(&s->mem, s->capsbase, &s->mem_caps);
2546 memory_region_add_subregion(&s->mem, s->opregbase, &s->mem_opreg);
2547 memory_region_add_subregion(&s->mem, s->opregbase + PORTSC_BEGIN,
2548 &s->mem_ports);
2549}
2550
2551
2552
2553
2554
