1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#include "qemu/osdep.h"
31#include "qapi/error.h"
32#include "hw/usb/ehci-regs.h"
33#include "hw/usb/hcd-ehci.h"
34#include "trace.h"
35#include "qemu/error-report.h"
36
37#define FRAME_TIMER_FREQ 1000
38#define FRAME_TIMER_NS (NANOSECONDS_PER_SECOND / FRAME_TIMER_FREQ)
39#define UFRAME_TIMER_NS (FRAME_TIMER_NS / 8)
40
41#define NB_MAXINTRATE 8
42#define BUFF_SIZE 5*4096
43#define MAX_QH 100
44#define MIN_UFR_PER_TICK 24
45#define PERIODIC_ACTIVE 512
46
47
48
49typedef enum {
50 EST_INACTIVE = 1000,
51 EST_ACTIVE,
52 EST_EXECUTING,
53 EST_SLEEPING,
54
55
56 EST_WAITLISTHEAD,
57 EST_FETCHENTRY,
58 EST_FETCHQH,
59 EST_FETCHITD,
60 EST_FETCHSITD,
61 EST_ADVANCEQUEUE,
62 EST_FETCHQTD,
63 EST_EXECUTE,
64 EST_WRITEBACK,
65 EST_HORIZONTALQH
66} EHCI_STATES;
67
68
69#define NLPTR_GET(x) ((x) & 0xffffffe0)
70#define NLPTR_TYPE_GET(x) (((x) >> 1) & 3)
71#define NLPTR_TBIT(x) ((x) & 1)
72
73
74#define NLPTR_TYPE_ITD 0
75#define NLPTR_TYPE_QH 1
76#define NLPTR_TYPE_STITD 2
77#define NLPTR_TYPE_FSTN 3
78
79#define SET_LAST_RUN_CLOCK(s) \
80 (s)->last_run_ns = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
81
82
83#define get_field(data, field) \
84 (((data) & field##_MASK) >> field##_SH)
85
86#define set_field(data, newval, field) do { \
87 uint32_t val = *data; \
88 val &= ~ field##_MASK; \
89 val |= ((newval) << field##_SH) & field##_MASK; \
90 *data = val; \
91 } while(0)
92
93static const char *ehci_state_names[] = {
94 [EST_INACTIVE] = "INACTIVE",
95 [EST_ACTIVE] = "ACTIVE",
96 [EST_EXECUTING] = "EXECUTING",
97 [EST_SLEEPING] = "SLEEPING",
98 [EST_WAITLISTHEAD] = "WAITLISTHEAD",
99 [EST_FETCHENTRY] = "FETCH ENTRY",
100 [EST_FETCHQH] = "FETCH QH",
101 [EST_FETCHITD] = "FETCH ITD",
102 [EST_ADVANCEQUEUE] = "ADVANCEQUEUE",
103 [EST_FETCHQTD] = "FETCH QTD",
104 [EST_EXECUTE] = "EXECUTE",
105 [EST_WRITEBACK] = "WRITEBACK",
106 [EST_HORIZONTALQH] = "HORIZONTALQH",
107};
108
109static const char *ehci_mmio_names[] = {
110 [USBCMD] = "USBCMD",
111 [USBSTS] = "USBSTS",
112 [USBINTR] = "USBINTR",
113 [FRINDEX] = "FRINDEX",
114 [PERIODICLISTBASE] = "P-LIST BASE",
115 [ASYNCLISTADDR] = "A-LIST ADDR",
116 [CONFIGFLAG] = "CONFIGFLAG",
117};
118
119static int ehci_state_executing(EHCIQueue *q);
120static int ehci_state_writeback(EHCIQueue *q);
121static int ehci_state_advqueue(EHCIQueue *q);
122static int ehci_fill_queue(EHCIPacket *p);
123static void ehci_free_packet(EHCIPacket *p);
124
125static const char *nr2str(const char **n, size_t len, uint32_t nr)
126{
127 if (nr < len && n[nr] != NULL) {
128 return n[nr];
129 } else {
130 return "unknown";
131 }
132}
133
134static const char *state2str(uint32_t state)
135{
136 return nr2str(ehci_state_names, ARRAY_SIZE(ehci_state_names), state);
137}
138
139static const char *addr2str(hwaddr addr)
140{
141 return nr2str(ehci_mmio_names, ARRAY_SIZE(ehci_mmio_names), addr);
142}
143
144static void ehci_trace_usbsts(uint32_t mask, int state)
145{
146
147 if (mask & USBSTS_INT) {
148 trace_usb_ehci_usbsts("INT", state);
149 }
150 if (mask & USBSTS_ERRINT) {
151 trace_usb_ehci_usbsts("ERRINT", state);
152 }
153 if (mask & USBSTS_PCD) {
154 trace_usb_ehci_usbsts("PCD", state);
155 }
156 if (mask & USBSTS_FLR) {
157 trace_usb_ehci_usbsts("FLR", state);
158 }
159 if (mask & USBSTS_HSE) {
160 trace_usb_ehci_usbsts("HSE", state);
161 }
162 if (mask & USBSTS_IAA) {
163 trace_usb_ehci_usbsts("IAA", state);
164 }
165
166
167 if (mask & USBSTS_HALT) {
168 trace_usb_ehci_usbsts("HALT", state);
169 }
170 if (mask & USBSTS_REC) {
171 trace_usb_ehci_usbsts("REC", state);
172 }
173 if (mask & USBSTS_PSS) {
174 trace_usb_ehci_usbsts("PSS", state);
175 }
176 if (mask & USBSTS_ASS) {
177 trace_usb_ehci_usbsts("ASS", state);
178 }
179}
180
181static inline void ehci_set_usbsts(EHCIState *s, int mask)
182{
183 if ((s->usbsts & mask) == mask) {
184 return;
185 }
186 ehci_trace_usbsts(mask, 1);
187 s->usbsts |= mask;
188}
189
190static inline void ehci_clear_usbsts(EHCIState *s, int mask)
191{
192 if ((s->usbsts & mask) == 0) {
193 return;
194 }
195 ehci_trace_usbsts(mask, 0);
196 s->usbsts &= ~mask;
197}
198
199
200static inline void ehci_update_irq(EHCIState *s)
201{
202 int level = 0;
203
204 if ((s->usbsts & USBINTR_MASK) & s->usbintr) {
205 level = 1;
206 }
207
208 trace_usb_ehci_irq(level, s->frindex, s->usbsts, s->usbintr);
209 qemu_set_irq(s->irq, level);
210}
211
212
213static inline void ehci_raise_irq(EHCIState *s, int intr)
214{
215 if (intr & (USBSTS_PCD | USBSTS_FLR | USBSTS_HSE)) {
216 s->usbsts |= intr;
217 ehci_update_irq(s);
218 } else {
219 s->usbsts_pending |= intr;
220 }
221}
222
223
224
225
226
227static inline void ehci_commit_irq(EHCIState *s)
228{
229 uint32_t itc;
230
231 if (!s->usbsts_pending) {
232 return;
233 }
234 if (s->usbsts_frindex > s->frindex) {
235 return;
236 }
237
238 itc = (s->usbcmd >> 16) & 0xff;
239 s->usbsts |= s->usbsts_pending;
240 s->usbsts_pending = 0;
241 s->usbsts_frindex = s->frindex + itc;
242 ehci_update_irq(s);
243}
244
245static void ehci_update_halt(EHCIState *s)
246{
247 if (s->usbcmd & USBCMD_RUNSTOP) {
248 ehci_clear_usbsts(s, USBSTS_HALT);
249 } else {
250 if (s->astate == EST_INACTIVE && s->pstate == EST_INACTIVE) {
251 ehci_set_usbsts(s, USBSTS_HALT);
252 }
253 }
254}
255
256static void ehci_set_state(EHCIState *s, int async, int state)
257{
258 if (async) {
259 trace_usb_ehci_state("async", state2str(state));
260 s->astate = state;
261 if (s->astate == EST_INACTIVE) {
262 ehci_clear_usbsts(s, USBSTS_ASS);
263 ehci_update_halt(s);
264 } else {
265 ehci_set_usbsts(s, USBSTS_ASS);
266 }
267 } else {
268 trace_usb_ehci_state("periodic", state2str(state));
269 s->pstate = state;
270 if (s->pstate == EST_INACTIVE) {
271 ehci_clear_usbsts(s, USBSTS_PSS);
272 ehci_update_halt(s);
273 } else {
274 ehci_set_usbsts(s, USBSTS_PSS);
275 }
276 }
277}
278
279static int ehci_get_state(EHCIState *s, int async)
280{
281 return async ? s->astate : s->pstate;
282}
283
284static void ehci_set_fetch_addr(EHCIState *s, int async, uint32_t addr)
285{
286 if (async) {
287 s->a_fetch_addr = addr;
288 } else {
289 s->p_fetch_addr = addr;
290 }
291}
292
293static int ehci_get_fetch_addr(EHCIState *s, int async)
294{
295 return async ? s->a_fetch_addr : s->p_fetch_addr;
296}
297
298static void ehci_trace_qh(EHCIQueue *q, hwaddr addr, EHCIqh *qh)
299{
300
301 trace_usb_ehci_qh_ptrs(q, addr, qh->next,
302 qh->current_qtd, qh->next_qtd, qh->altnext_qtd);
303 trace_usb_ehci_qh_fields(addr,
304 get_field(qh->epchar, QH_EPCHAR_RL),
305 get_field(qh->epchar, QH_EPCHAR_MPLEN),
306 get_field(qh->epchar, QH_EPCHAR_EPS),
307 get_field(qh->epchar, QH_EPCHAR_EP),
308 get_field(qh->epchar, QH_EPCHAR_DEVADDR));
309 trace_usb_ehci_qh_bits(addr,
310 (bool)(qh->epchar & QH_EPCHAR_C),
311 (bool)(qh->epchar & QH_EPCHAR_H),
312 (bool)(qh->epchar & QH_EPCHAR_DTC),
313 (bool)(qh->epchar & QH_EPCHAR_I));
314}
315
316static void ehci_trace_qtd(EHCIQueue *q, hwaddr addr, EHCIqtd *qtd)
317{
318
319 trace_usb_ehci_qtd_ptrs(q, addr, qtd->next, qtd->altnext);
320 trace_usb_ehci_qtd_fields(addr,
321 get_field(qtd->token, QTD_TOKEN_TBYTES),
322 get_field(qtd->token, QTD_TOKEN_CPAGE),
323 get_field(qtd->token, QTD_TOKEN_CERR),
324 get_field(qtd->token, QTD_TOKEN_PID));
325 trace_usb_ehci_qtd_bits(addr,
326 (bool)(qtd->token & QTD_TOKEN_IOC),
327 (bool)(qtd->token & QTD_TOKEN_ACTIVE),
328 (bool)(qtd->token & QTD_TOKEN_HALT),
329 (bool)(qtd->token & QTD_TOKEN_BABBLE),
330 (bool)(qtd->token & QTD_TOKEN_XACTERR));
331}
332
333static void ehci_trace_itd(EHCIState *s, hwaddr addr, EHCIitd *itd)
334{
335 trace_usb_ehci_itd(addr, itd->next,
336 get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT),
337 get_field(itd->bufptr[2], ITD_BUFPTR_MULT),
338 get_field(itd->bufptr[0], ITD_BUFPTR_EP),
339 get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR));
340}
341
342static void ehci_trace_sitd(EHCIState *s, hwaddr addr,
343 EHCIsitd *sitd)
344{
345 trace_usb_ehci_sitd(addr, sitd->next,
346 (bool)(sitd->results & SITD_RESULTS_ACTIVE));
347}
348
349static void ehci_trace_guest_bug(EHCIState *s, const char *message)
350{
351 trace_usb_ehci_guest_bug(message);
352 warn_report("%s", message);
353}
354
355static inline bool ehci_enabled(EHCIState *s)
356{
357 return s->usbcmd & USBCMD_RUNSTOP;
358}
359
360static inline bool ehci_async_enabled(EHCIState *s)
361{
362 return ehci_enabled(s) && (s->usbcmd & USBCMD_ASE);
363}
364
365static inline bool ehci_periodic_enabled(EHCIState *s)
366{
367 return ehci_enabled(s) && (s->usbcmd & USBCMD_PSE);
368}
369
370
371static inline int get_dwords(EHCIState *ehci, uint32_t addr,
372 uint32_t *buf, int num)
373{
374 int i;
375
376 if (!ehci->as) {
377 ehci_raise_irq(ehci, USBSTS_HSE);
378 ehci->usbcmd &= ~USBCMD_RUNSTOP;
379 trace_usb_ehci_dma_error();
380 return -1;
381 }
382
383 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
384 dma_memory_read(ehci->as, addr, buf, sizeof(*buf));
385 *buf = le32_to_cpu(*buf);
386 }
387
388 return num;
389}
390
391
392static inline int put_dwords(EHCIState *ehci, uint32_t addr,
393 uint32_t *buf, int num)
394{
395 int i;
396
397 if (!ehci->as) {
398 ehci_raise_irq(ehci, USBSTS_HSE);
399 ehci->usbcmd &= ~USBCMD_RUNSTOP;
400 trace_usb_ehci_dma_error();
401 return -1;
402 }
403
404 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
405 uint32_t tmp = cpu_to_le32(*buf);
406 dma_memory_write(ehci->as, addr, &tmp, sizeof(tmp));
407 }
408
409 return num;
410}
411
412static int ehci_get_pid(EHCIqtd *qtd)
413{
414 switch (get_field(qtd->token, QTD_TOKEN_PID)) {
415 case 0:
416 return USB_TOKEN_OUT;
417 case 1:
418 return USB_TOKEN_IN;
419 case 2:
420 return USB_TOKEN_SETUP;
421 default:
422 fprintf(stderr, "bad token\n");
423 return 0;
424 }
425}
426
427static bool ehci_verify_qh(EHCIQueue *q, EHCIqh *qh)
428{
429 uint32_t devaddr = get_field(qh->epchar, QH_EPCHAR_DEVADDR);
430 uint32_t endp = get_field(qh->epchar, QH_EPCHAR_EP);
431 if ((devaddr != get_field(q->qh.epchar, QH_EPCHAR_DEVADDR)) ||
432 (endp != get_field(q->qh.epchar, QH_EPCHAR_EP)) ||
433 (qh->current_qtd != q->qh.current_qtd) ||
434 (q->async && qh->next_qtd != q->qh.next_qtd) ||
435 (memcmp(&qh->altnext_qtd, &q->qh.altnext_qtd,
436 7 * sizeof(uint32_t)) != 0) ||
437 (q->dev != NULL && q->dev->addr != devaddr)) {
438 return false;
439 } else {
440 return true;
441 }
442}
443
444static bool ehci_verify_qtd(EHCIPacket *p, EHCIqtd *qtd)
445{
446 if (p->qtdaddr != p->queue->qtdaddr ||
447 (p->queue->async && !NLPTR_TBIT(p->qtd.next) &&
448 (p->qtd.next != qtd->next)) ||
449 (!NLPTR_TBIT(p->qtd.altnext) && (p->qtd.altnext != qtd->altnext)) ||
450 p->qtd.token != qtd->token ||
451 p->qtd.bufptr[0] != qtd->bufptr[0]) {
452 return false;
453 } else {
454 return true;
455 }
456}
457
458static bool ehci_verify_pid(EHCIQueue *q, EHCIqtd *qtd)
459{
460 int ep = get_field(q->qh.epchar, QH_EPCHAR_EP);
461 int pid = ehci_get_pid(qtd);
462
463
464 if (q->last_pid && ep != 0 && pid != q->last_pid) {
465 return false;
466 } else {
467 return true;
468 }
469}
470
471
472
473static void ehci_writeback_async_complete_packet(EHCIPacket *p)
474{
475 EHCIQueue *q = p->queue;
476 EHCIqtd qtd;
477 EHCIqh qh;
478 int state;
479
480
481 get_dwords(q->ehci, NLPTR_GET(q->qhaddr),
482 (uint32_t *) &qh, sizeof(EHCIqh) >> 2);
483 get_dwords(q->ehci, NLPTR_GET(q->qtdaddr),
484 (uint32_t *) &qtd, sizeof(EHCIqtd) >> 2);
485 if (!ehci_verify_qh(q, &qh) || !ehci_verify_qtd(p, &qtd)) {
486 p->async = EHCI_ASYNC_INITIALIZED;
487 ehci_free_packet(p);
488 return;
489 }
490
491 state = ehci_get_state(q->ehci, q->async);
492 ehci_state_executing(q);
493 ehci_state_writeback(q);
494 if (!(q->qh.token & QTD_TOKEN_HALT)) {
495 ehci_state_advqueue(q);
496 }
497 ehci_set_state(q->ehci, q->async, state);
498}
499
500
501
502static EHCIPacket *ehci_alloc_packet(EHCIQueue *q)
503{
504 EHCIPacket *p;
505
506 p = g_new0(EHCIPacket, 1);
507 p->queue = q;
508 usb_packet_init(&p->packet);
509 QTAILQ_INSERT_TAIL(&q->packets, p, next);
510 trace_usb_ehci_packet_action(p->queue, p, "alloc");
511 return p;
512}
513
514static void ehci_free_packet(EHCIPacket *p)
515{
516 if (p->async == EHCI_ASYNC_FINISHED &&
517 !(p->queue->qh.token & QTD_TOKEN_HALT)) {
518 ehci_writeback_async_complete_packet(p);
519 return;
520 }
521 trace_usb_ehci_packet_action(p->queue, p, "free");
522 if (p->async == EHCI_ASYNC_INFLIGHT) {
523 usb_cancel_packet(&p->packet);
524 }
525 if (p->async == EHCI_ASYNC_FINISHED &&
526 p->packet.status == USB_RET_SUCCESS) {
527 fprintf(stderr,
528 "EHCI: Dropping completed packet from halted %s ep %02X\n",
529 (p->pid == USB_TOKEN_IN) ? "in" : "out",
530 get_field(p->queue->qh.epchar, QH_EPCHAR_EP));
531 }
532 if (p->async != EHCI_ASYNC_NONE) {
533 usb_packet_unmap(&p->packet, &p->sgl);
534 qemu_sglist_destroy(&p->sgl);
535 }
536 QTAILQ_REMOVE(&p->queue->packets, p, next);
537 usb_packet_cleanup(&p->packet);
538 g_free(p);
539}
540
541
542
543static EHCIQueue *ehci_alloc_queue(EHCIState *ehci, uint32_t addr, int async)
544{
545 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
546 EHCIQueue *q;
547
548 q = g_malloc0(sizeof(*q));
549 q->ehci = ehci;
550 q->qhaddr = addr;
551 q->async = async;
552 QTAILQ_INIT(&q->packets);
553 QTAILQ_INSERT_HEAD(head, q, next);
554 trace_usb_ehci_queue_action(q, "alloc");
555 return q;
556}
557
558static void ehci_queue_stopped(EHCIQueue *q)
559{
560 int endp = get_field(q->qh.epchar, QH_EPCHAR_EP);
561
562 if (!q->last_pid || !q->dev) {
563 return;
564 }
565
566 usb_device_ep_stopped(q->dev, usb_ep_get(q->dev, q->last_pid, endp));
567}
568
569static int ehci_cancel_queue(EHCIQueue *q)
570{
571 EHCIPacket *p;
572 int packets = 0;
573
574 p = QTAILQ_FIRST(&q->packets);
575 if (p == NULL) {
576 goto leave;
577 }
578
579 trace_usb_ehci_queue_action(q, "cancel");
580 do {
581 ehci_free_packet(p);
582 packets++;
583 } while ((p = QTAILQ_FIRST(&q->packets)) != NULL);
584
585leave:
586 ehci_queue_stopped(q);
587 return packets;
588}
589
590static int ehci_reset_queue(EHCIQueue *q)
591{
592 int packets;
593
594 trace_usb_ehci_queue_action(q, "reset");
595 packets = ehci_cancel_queue(q);
596 q->dev = NULL;
597 q->qtdaddr = 0;
598 q->last_pid = 0;
599 return packets;
600}
601
602static void ehci_free_queue(EHCIQueue *q, const char *warn)
603{
604 EHCIQueueHead *head = q->async ? &q->ehci->aqueues : &q->ehci->pqueues;
605 int cancelled;
606
607 trace_usb_ehci_queue_action(q, "free");
608 cancelled = ehci_cancel_queue(q);
609 if (warn && cancelled > 0) {
610 ehci_trace_guest_bug(q->ehci, warn);
611 }
612 QTAILQ_REMOVE(head, q, next);
613 g_free(q);
614}
615
616static EHCIQueue *ehci_find_queue_by_qh(EHCIState *ehci, uint32_t addr,
617 int async)
618{
619 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
620 EHCIQueue *q;
621
622 QTAILQ_FOREACH(q, head, next) {
623 if (addr == q->qhaddr) {
624 return q;
625 }
626 }
627 return NULL;
628}
629
630static void ehci_queues_rip_unused(EHCIState *ehci, int async)
631{
632 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
633 const char *warn = async ? "guest unlinked busy QH" : NULL;
634 uint64_t maxage = FRAME_TIMER_NS * ehci->maxframes * 4;
635 EHCIQueue *q, *tmp;
636
637 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
638 if (q->seen) {
639 q->seen = 0;
640 q->ts = ehci->last_run_ns;
641 continue;
642 }
643 if (ehci->last_run_ns < q->ts + maxage) {
644 continue;
645 }
646 ehci_free_queue(q, warn);
647 }
648}
649
650static void ehci_queues_rip_unseen(EHCIState *ehci, int async)
651{
652 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
653 EHCIQueue *q, *tmp;
654
655 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
656 if (!q->seen) {
657 ehci_free_queue(q, NULL);
658 }
659 }
660}
661
662static void ehci_queues_rip_device(EHCIState *ehci, USBDevice *dev, int async)
663{
664 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
665 EHCIQueue *q, *tmp;
666
667 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
668 if (q->dev != dev) {
669 continue;
670 }
671 ehci_free_queue(q, NULL);
672 }
673}
674
675static void ehci_queues_rip_all(EHCIState *ehci, int async)
676{
677 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
678 const char *warn = async ? "guest stopped busy async schedule" : NULL;
679 EHCIQueue *q, *tmp;
680
681 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
682 ehci_free_queue(q, warn);
683 }
684}
685
686
687
688static void ehci_attach(USBPort *port)
689{
690 EHCIState *s = port->opaque;
691 uint32_t *portsc = &s->portsc[port->index];
692 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci";
693
694 trace_usb_ehci_port_attach(port->index, owner, port->dev->product_desc);
695
696 if (*portsc & PORTSC_POWNER) {
697 USBPort *companion = s->companion_ports[port->index];
698 companion->dev = port->dev;
699 companion->ops->attach(companion);
700 return;
701 }
702
703 *portsc |= PORTSC_CONNECT;
704 *portsc |= PORTSC_CSC;
705
706 ehci_raise_irq(s, USBSTS_PCD);
707}
708
709static void ehci_detach(USBPort *port)
710{
711 EHCIState *s = port->opaque;
712 uint32_t *portsc = &s->portsc[port->index];
713 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci";
714
715 trace_usb_ehci_port_detach(port->index, owner);
716
717 if (*portsc & PORTSC_POWNER) {
718 USBPort *companion = s->companion_ports[port->index];
719 companion->ops->detach(companion);
720 companion->dev = NULL;
721
722
723
724
725 *portsc &= ~PORTSC_POWNER;
726 return;
727 }
728
729 ehci_queues_rip_device(s, port->dev, 0);
730 ehci_queues_rip_device(s, port->dev, 1);
731
732 *portsc &= ~(PORTSC_CONNECT|PORTSC_PED|PORTSC_SUSPEND);
733 *portsc |= PORTSC_CSC;
734
735 ehci_raise_irq(s, USBSTS_PCD);
736}
737
738static void ehci_child_detach(USBPort *port, USBDevice *child)
739{
740 EHCIState *s = port->opaque;
741 uint32_t portsc = s->portsc[port->index];
742
743 if (portsc & PORTSC_POWNER) {
744 USBPort *companion = s->companion_ports[port->index];
745 companion->ops->child_detach(companion, child);
746 return;
747 }
748
749 ehci_queues_rip_device(s, child, 0);
750 ehci_queues_rip_device(s, child, 1);
751}
752
753static void ehci_wakeup(USBPort *port)
754{
755 EHCIState *s = port->opaque;
756 uint32_t *portsc = &s->portsc[port->index];
757
758 if (*portsc & PORTSC_POWNER) {
759 USBPort *companion = s->companion_ports[port->index];
760 if (companion->ops->wakeup) {
761 companion->ops->wakeup(companion);
762 }
763 return;
764 }
765
766 if (*portsc & PORTSC_SUSPEND) {
767 trace_usb_ehci_port_wakeup(port->index);
768 *portsc |= PORTSC_FPRES;
769 ehci_raise_irq(s, USBSTS_PCD);
770 }
771
772 qemu_bh_schedule(s->async_bh);
773}
774
775static void ehci_register_companion(USBBus *bus, USBPort *ports[],
776 uint32_t portcount, uint32_t firstport,
777 Error **errp)
778{
779 EHCIState *s = container_of(bus, EHCIState, bus);
780 uint32_t i;
781
782 if (firstport + portcount > NB_PORTS) {
783 error_setg(errp, "firstport must be between 0 and %u",
784 NB_PORTS - portcount);
785 return;
786 }
787
788 for (i = 0; i < portcount; i++) {
789 if (s->companion_ports[firstport + i]) {
790 error_setg(errp, "firstport %u asks for ports %u-%u,"
791 " but port %u has a companion assigned already",
792 firstport, firstport, firstport + portcount - 1,
793 firstport + i);
794 return;
795 }
796 }
797
798 for (i = 0; i < portcount; i++) {
799 s->companion_ports[firstport + i] = ports[i];
800 s->ports[firstport + i].speedmask |=
801 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL;
802
803 s->portsc[firstport + i] = PORTSC_POWNER;
804 }
805
806 s->companion_count++;
807 s->caps[0x05] = (s->companion_count << 4) | portcount;
808}
809
810static void ehci_wakeup_endpoint(USBBus *bus, USBEndpoint *ep,
811 unsigned int stream)
812{
813 EHCIState *s = container_of(bus, EHCIState, bus);
814 uint32_t portsc = s->portsc[ep->dev->port->index];
815
816 if (portsc & PORTSC_POWNER) {
817 return;
818 }
819
820 s->periodic_sched_active = PERIODIC_ACTIVE;
821 qemu_bh_schedule(s->async_bh);
822}
823
824static USBDevice *ehci_find_device(EHCIState *ehci, uint8_t addr)
825{
826 USBDevice *dev;
827 USBPort *port;
828 int i;
829
830 for (i = 0; i < NB_PORTS; i++) {
831 port = &ehci->ports[i];
832 if (!(ehci->portsc[i] & PORTSC_PED)) {
833 DPRINTF("Port %d not enabled\n", i);
834 continue;
835 }
836 dev = usb_find_device(port, addr);
837 if (dev != NULL) {
838 return dev;
839 }
840 }
841 return NULL;
842}
843
844
845void ehci_reset(void *opaque)
846{
847 EHCIState *s = opaque;
848 int i;
849 USBDevice *devs[NB_PORTS];
850
851 trace_usb_ehci_reset();
852
853
854
855
856
857 for(i = 0; i < NB_PORTS; i++) {
858 devs[i] = s->ports[i].dev;
859 if (devs[i] && devs[i]->attached) {
860 usb_detach(&s->ports[i]);
861 }
862 }
863
864 memset(&s->opreg, 0x00, sizeof(s->opreg));
865 memset(&s->portsc, 0x00, sizeof(s->portsc));
866
867 s->usbcmd = NB_MAXINTRATE << USBCMD_ITC_SH;
868 s->usbsts = USBSTS_HALT;
869 s->usbsts_pending = 0;
870 s->usbsts_frindex = 0;
871 ehci_update_irq(s);
872
873 s->astate = EST_INACTIVE;
874 s->pstate = EST_INACTIVE;
875
876 for(i = 0; i < NB_PORTS; i++) {
877 if (s->companion_ports[i]) {
878 s->portsc[i] = PORTSC_POWNER | PORTSC_PPOWER;
879 } else {
880 s->portsc[i] = PORTSC_PPOWER;
881 }
882 if (devs[i] && devs[i]->attached) {
883 usb_attach(&s->ports[i]);
884 usb_device_reset(devs[i]);
885 }
886 }
887 ehci_queues_rip_all(s, 0);
888 ehci_queues_rip_all(s, 1);
889 timer_del(s->frame_timer);
890 qemu_bh_cancel(s->async_bh);
891}
892
893static uint64_t ehci_caps_read(void *ptr, hwaddr addr,
894 unsigned size)
895{
896 EHCIState *s = ptr;
897 return s->caps[addr];
898}
899
900static void ehci_caps_write(void *ptr, hwaddr addr,
901 uint64_t val, unsigned size)
902{
903}
904
905static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
906 unsigned size)
907{
908 EHCIState *s = ptr;
909 uint32_t val;
910
911 switch (addr) {
912 case FRINDEX:
913
914 val = s->frindex & ~7;
915 break;
916 default:
917 val = s->opreg[addr >> 2];
918 }
919
920 trace_usb_ehci_opreg_read(addr + s->opregbase, addr2str(addr), val);
921 return val;
922}
923
924static uint64_t ehci_port_read(void *ptr, hwaddr addr,
925 unsigned size)
926{
927 EHCIState *s = ptr;
928 uint32_t val;
929
930 val = s->portsc[addr >> 2];
931 trace_usb_ehci_portsc_read(addr + s->portscbase, addr >> 2, val);
932 return val;
933}
934
935static void handle_port_owner_write(EHCIState *s, int port, uint32_t owner)
936{
937 USBDevice *dev = s->ports[port].dev;
938 uint32_t *portsc = &s->portsc[port];
939 uint32_t orig;
940
941 if (s->companion_ports[port] == NULL)
942 return;
943
944 owner = owner & PORTSC_POWNER;
945 orig = *portsc & PORTSC_POWNER;
946
947 if (!(owner ^ orig)) {
948 return;
949 }
950
951 if (dev && dev->attached) {
952 usb_detach(&s->ports[port]);
953 }
954
955 *portsc &= ~PORTSC_POWNER;
956 *portsc |= owner;
957
958 if (dev && dev->attached) {
959 usb_attach(&s->ports[port]);
960 }
961}
962
963static void ehci_port_write(void *ptr, hwaddr addr,
964 uint64_t val, unsigned size)
965{
966 EHCIState *s = ptr;
967 int port = addr >> 2;
968 uint32_t *portsc = &s->portsc[port];
969 uint32_t old = *portsc;
970 USBDevice *dev = s->ports[port].dev;
971
972 trace_usb_ehci_portsc_write(addr + s->portscbase, addr >> 2, val);
973
974
975 *portsc &= ~(val & PORTSC_RWC_MASK);
976
977 *portsc &= val | ~PORTSC_PED;
978
979 handle_port_owner_write(s, port, val);
980
981 val &= PORTSC_RO_MASK;
982
983 if ((val & PORTSC_PRESET) && !(*portsc & PORTSC_PRESET)) {
984 trace_usb_ehci_port_reset(port, 1);
985 }
986
987 if (!(val & PORTSC_PRESET) &&(*portsc & PORTSC_PRESET)) {
988 trace_usb_ehci_port_reset(port, 0);
989 if (dev && dev->attached) {
990 usb_port_reset(&s->ports[port]);
991 *portsc &= ~PORTSC_CSC;
992 }
993
994
995
996
997
998 if (dev && dev->attached && (dev->speedmask & USB_SPEED_MASK_HIGH)) {
999 val |= PORTSC_PED;
1000 }
1001 }
1002
1003 if ((val & PORTSC_SUSPEND) && !(*portsc & PORTSC_SUSPEND)) {
1004 trace_usb_ehci_port_suspend(port);
1005 }
1006 if (!(val & PORTSC_FPRES) && (*portsc & PORTSC_FPRES)) {
1007 trace_usb_ehci_port_resume(port);
1008 val &= ~PORTSC_SUSPEND;
1009 }
1010
1011 *portsc &= ~PORTSC_RO_MASK;
1012 *portsc |= val;
1013 trace_usb_ehci_portsc_change(addr + s->portscbase, addr >> 2, *portsc, old);
1014}
1015
1016static void ehci_opreg_write(void *ptr, hwaddr addr,
1017 uint64_t val, unsigned size)
1018{
1019 EHCIState *s = ptr;
1020 uint32_t *mmio = s->opreg + (addr >> 2);
1021 uint32_t old = *mmio;
1022 int i;
1023
1024 trace_usb_ehci_opreg_write(addr + s->opregbase, addr2str(addr), val);
1025
1026 switch (addr) {
1027 case USBCMD:
1028 if (val & USBCMD_HCRESET) {
1029 ehci_reset(s);
1030 val = s->usbcmd;
1031 break;
1032 }
1033
1034
1035 if ((val & USBCMD_FLS) && !(s->usbcmd & USBCMD_FLS)) {
1036 fprintf(stderr, "attempt to set frame list size -- value %d\n",
1037 (int)val & USBCMD_FLS);
1038 val &= ~USBCMD_FLS;
1039 }
1040
1041 if (val & USBCMD_IAAD) {
1042
1043
1044
1045
1046 s->async_stepdown = 0;
1047 qemu_bh_schedule(s->async_bh);
1048 trace_usb_ehci_doorbell_ring();
1049 }
1050
1051 if (((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & val) !=
1052 ((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & s->usbcmd)) {
1053 if (s->pstate == EST_INACTIVE) {
1054 SET_LAST_RUN_CLOCK(s);
1055 }
1056 s->usbcmd = val;
1057 ehci_update_halt(s);
1058 s->async_stepdown = 0;
1059 qemu_bh_schedule(s->async_bh);
1060 }
1061 break;
1062
1063 case USBSTS:
1064 val &= USBSTS_RO_MASK;
1065 ehci_clear_usbsts(s, val);
1066 val = s->usbsts;
1067 ehci_update_irq(s);
1068 break;
1069
1070 case USBINTR:
1071 val &= USBINTR_MASK;
1072 if (ehci_enabled(s) && (USBSTS_FLR & val)) {
1073 qemu_bh_schedule(s->async_bh);
1074 }
1075 break;
1076
1077 case FRINDEX:
1078 val &= 0x00003fff;
1079 s->usbsts_frindex = val;
1080 break;
1081
1082 case CONFIGFLAG:
1083 val &= 0x1;
1084 if (val) {
1085 for(i = 0; i < NB_PORTS; i++)
1086 handle_port_owner_write(s, i, 0);
1087 }
1088 break;
1089
1090 case PERIODICLISTBASE:
1091 if (ehci_periodic_enabled(s)) {
1092 fprintf(stderr,
1093 "ehci: PERIODIC list base register set while periodic schedule\n"
1094 " is enabled and HC is enabled\n");
1095 }
1096 break;
1097
1098 case ASYNCLISTADDR:
1099 if (ehci_async_enabled(s)) {
1100 fprintf(stderr,
1101 "ehci: ASYNC list address register set while async schedule\n"
1102 " is enabled and HC is enabled\n");
1103 }
1104 break;
1105 }
1106
1107 *mmio = val;
1108 trace_usb_ehci_opreg_change(addr + s->opregbase, addr2str(addr),
1109 *mmio, old);
1110}
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120static void ehci_flush_qh(EHCIQueue *q)
1121{
1122 uint32_t *qh = (uint32_t *) &q->qh;
1123 uint32_t dwords = sizeof(EHCIqh) >> 2;
1124 uint32_t addr = NLPTR_GET(q->qhaddr);
1125
1126 put_dwords(q->ehci, addr + 3 * sizeof(uint32_t), qh + 3, dwords - 3);
1127}
1128
1129
1130
1131static int ehci_qh_do_overlay(EHCIQueue *q)
1132{
1133 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1134 int i;
1135 int dtoggle;
1136 int ping;
1137 int eps;
1138 int reload;
1139
1140 assert(p != NULL);
1141 assert(p->qtdaddr == q->qtdaddr);
1142
1143
1144
1145 dtoggle = q->qh.token & QTD_TOKEN_DTOGGLE;
1146 ping = q->qh.token & QTD_TOKEN_PING;
1147
1148 q->qh.current_qtd = p->qtdaddr;
1149 q->qh.next_qtd = p->qtd.next;
1150 q->qh.altnext_qtd = p->qtd.altnext;
1151 q->qh.token = p->qtd.token;
1152
1153
1154 eps = get_field(q->qh.epchar, QH_EPCHAR_EPS);
1155 if (eps == EHCI_QH_EPS_HIGH) {
1156 q->qh.token &= ~QTD_TOKEN_PING;
1157 q->qh.token |= ping;
1158 }
1159
1160 reload = get_field(q->qh.epchar, QH_EPCHAR_RL);
1161 set_field(&q->qh.altnext_qtd, reload, QH_ALTNEXT_NAKCNT);
1162
1163 for (i = 0; i < 5; i++) {
1164 q->qh.bufptr[i] = p->qtd.bufptr[i];
1165 }
1166
1167 if (!(q->qh.epchar & QH_EPCHAR_DTC)) {
1168
1169 q->qh.token &= ~QTD_TOKEN_DTOGGLE;
1170 q->qh.token |= dtoggle;
1171 }
1172
1173 q->qh.bufptr[1] &= ~BUFPTR_CPROGMASK_MASK;
1174 q->qh.bufptr[2] &= ~BUFPTR_FRAMETAG_MASK;
1175
1176 ehci_flush_qh(q);
1177
1178 return 0;
1179}
1180
1181static int ehci_init_transfer(EHCIPacket *p)
1182{
1183 uint32_t cpage, offset, bytes, plen;
1184 dma_addr_t page;
1185
1186 cpage = get_field(p->qtd.token, QTD_TOKEN_CPAGE);
1187 bytes = get_field(p->qtd.token, QTD_TOKEN_TBYTES);
1188 offset = p->qtd.bufptr[0] & ~QTD_BUFPTR_MASK;
1189 qemu_sglist_init(&p->sgl, p->queue->ehci->device, 5, p->queue->ehci->as);
1190
1191 while (bytes > 0) {
1192 if (cpage > 4) {
1193 fprintf(stderr, "cpage out of range (%d)\n", cpage);
1194 qemu_sglist_destroy(&p->sgl);
1195 return -1;
1196 }
1197
1198 page = p->qtd.bufptr[cpage] & QTD_BUFPTR_MASK;
1199 page += offset;
1200 plen = bytes;
1201 if (plen > 4096 - offset) {
1202 plen = 4096 - offset;
1203 offset = 0;
1204 cpage++;
1205 }
1206
1207 qemu_sglist_add(&p->sgl, page, plen);
1208 bytes -= plen;
1209 }
1210 return 0;
1211}
1212
1213static void ehci_finish_transfer(EHCIQueue *q, int len)
1214{
1215 uint32_t cpage, offset;
1216
1217 if (len > 0) {
1218
1219 cpage = get_field(q->qh.token, QTD_TOKEN_CPAGE);
1220 offset = q->qh.bufptr[0] & ~QTD_BUFPTR_MASK;
1221
1222 offset += len;
1223 cpage += offset >> QTD_BUFPTR_SH;
1224 offset &= ~QTD_BUFPTR_MASK;
1225
1226 set_field(&q->qh.token, cpage, QTD_TOKEN_CPAGE);
1227 q->qh.bufptr[0] &= QTD_BUFPTR_MASK;
1228 q->qh.bufptr[0] |= offset;
1229 }
1230}
1231
1232static void ehci_async_complete_packet(USBPort *port, USBPacket *packet)
1233{
1234 EHCIPacket *p;
1235 EHCIState *s = port->opaque;
1236 uint32_t portsc = s->portsc[port->index];
1237
1238 if (portsc & PORTSC_POWNER) {
1239 USBPort *companion = s->companion_ports[port->index];
1240 companion->ops->complete(companion, packet);
1241 return;
1242 }
1243
1244 p = container_of(packet, EHCIPacket, packet);
1245 assert(p->async == EHCI_ASYNC_INFLIGHT);
1246
1247 if (packet->status == USB_RET_REMOVE_FROM_QUEUE) {
1248 trace_usb_ehci_packet_action(p->queue, p, "remove");
1249 ehci_free_packet(p);
1250 return;
1251 }
1252
1253 trace_usb_ehci_packet_action(p->queue, p, "wakeup");
1254 p->async = EHCI_ASYNC_FINISHED;
1255
1256 if (!p->queue->async) {
1257 s->periodic_sched_active = PERIODIC_ACTIVE;
1258 }
1259 qemu_bh_schedule(s->async_bh);
1260}
1261
1262static void ehci_execute_complete(EHCIQueue *q)
1263{
1264 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1265 uint32_t tbytes;
1266
1267 assert(p != NULL);
1268 assert(p->qtdaddr == q->qtdaddr);
1269 assert(p->async == EHCI_ASYNC_INITIALIZED ||
1270 p->async == EHCI_ASYNC_FINISHED);
1271
1272 DPRINTF("execute_complete: qhaddr 0x%x, next 0x%x, qtdaddr 0x%x, "
1273 "status %d, actual_length %d\n",
1274 q->qhaddr, q->qh.next, q->qtdaddr,
1275 p->packet.status, p->packet.actual_length);
1276
1277 switch (p->packet.status) {
1278 case USB_RET_SUCCESS:
1279 break;
1280 case USB_RET_IOERROR:
1281 case USB_RET_NODEV:
1282 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_XACTERR);
1283 set_field(&q->qh.token, 0, QTD_TOKEN_CERR);
1284 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
1285 break;
1286 case USB_RET_STALL:
1287 q->qh.token |= QTD_TOKEN_HALT;
1288 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
1289 break;
1290 case USB_RET_NAK:
1291 set_field(&q->qh.altnext_qtd, 0, QH_ALTNEXT_NAKCNT);
1292 return;
1293 case USB_RET_BABBLE:
1294 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_BABBLE);
1295 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
1296 break;
1297 default:
1298
1299 fprintf(stderr, "USB invalid response %d\n", p->packet.status);
1300 g_assert_not_reached();
1301 break;
1302 }
1303
1304
1305 tbytes = get_field(q->qh.token, QTD_TOKEN_TBYTES);
1306 if (tbytes && p->pid == USB_TOKEN_IN) {
1307 tbytes -= p->packet.actual_length;
1308 if (tbytes) {
1309
1310 ehci_raise_irq(q->ehci, USBSTS_INT);
1311 if (q->async) {
1312 q->ehci->int_req_by_async = true;
1313 }
1314 }
1315 } else {
1316 tbytes = 0;
1317 }
1318 DPRINTF("updating tbytes to %d\n", tbytes);
1319 set_field(&q->qh.token, tbytes, QTD_TOKEN_TBYTES);
1320
1321 ehci_finish_transfer(q, p->packet.actual_length);
1322 usb_packet_unmap(&p->packet, &p->sgl);
1323 qemu_sglist_destroy(&p->sgl);
1324 p->async = EHCI_ASYNC_NONE;
1325
1326 q->qh.token ^= QTD_TOKEN_DTOGGLE;
1327 q->qh.token &= ~QTD_TOKEN_ACTIVE;
1328
1329 if (q->qh.token & QTD_TOKEN_IOC) {
1330 ehci_raise_irq(q->ehci, USBSTS_INT);
1331 if (q->async) {
1332 q->ehci->int_req_by_async = true;
1333 }
1334 }
1335}
1336
1337
1338static int ehci_execute(EHCIPacket *p, const char *action)
1339{
1340 USBEndpoint *ep;
1341 int endp;
1342 bool spd;
1343
1344 assert(p->async == EHCI_ASYNC_NONE ||
1345 p->async == EHCI_ASYNC_INITIALIZED);
1346
1347 if (!(p->qtd.token & QTD_TOKEN_ACTIVE)) {
1348 fprintf(stderr, "Attempting to execute inactive qtd\n");
1349 return -1;
1350 }
1351
1352 if (get_field(p->qtd.token, QTD_TOKEN_TBYTES) > BUFF_SIZE) {
1353 ehci_trace_guest_bug(p->queue->ehci,
1354 "guest requested more bytes than allowed");
1355 return -1;
1356 }
1357
1358 if (!ehci_verify_pid(p->queue, &p->qtd)) {
1359 ehci_queue_stopped(p->queue);
1360 }
1361 p->pid = ehci_get_pid(&p->qtd);
1362 p->queue->last_pid = p->pid;
1363 endp = get_field(p->queue->qh.epchar, QH_EPCHAR_EP);
1364 ep = usb_ep_get(p->queue->dev, p->pid, endp);
1365
1366 if (p->async == EHCI_ASYNC_NONE) {
1367 if (ehci_init_transfer(p) != 0) {
1368 return -1;
1369 }
1370
1371 spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0);
1372 usb_packet_setup(&p->packet, p->pid, ep, 0, p->qtdaddr, spd,
1373 (p->qtd.token & QTD_TOKEN_IOC) != 0);
1374 usb_packet_map(&p->packet, &p->sgl);
1375 p->async = EHCI_ASYNC_INITIALIZED;
1376 }
1377
1378 trace_usb_ehci_packet_action(p->queue, p, action);
1379 usb_handle_packet(p->queue->dev, &p->packet);
1380 DPRINTF("submit: qh 0x%x next 0x%x qtd 0x%x pid 0x%x len %zd endp 0x%x "
1381 "status %d actual_length %d\n", p->queue->qhaddr, p->qtd.next,
1382 p->qtdaddr, p->pid, p->packet.iov.size, endp, p->packet.status,
1383 p->packet.actual_length);
1384
1385 if (p->packet.actual_length > BUFF_SIZE) {
1386 fprintf(stderr, "ret from usb_handle_packet > BUFF_SIZE\n");
1387 return -1;
1388 }
1389
1390 return 1;
1391}
1392
1393
1394
1395
1396static int ehci_process_itd(EHCIState *ehci,
1397 EHCIitd *itd,
1398 uint32_t addr)
1399{
1400 USBDevice *dev;
1401 USBEndpoint *ep;
1402 uint32_t i, len, pid, dir, devaddr, endp;
1403 uint32_t pg, off, ptr1, ptr2, max, mult;
1404
1405 ehci->periodic_sched_active = PERIODIC_ACTIVE;
1406
1407 dir =(itd->bufptr[1] & ITD_BUFPTR_DIRECTION);
1408 devaddr = get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR);
1409 endp = get_field(itd->bufptr[0], ITD_BUFPTR_EP);
1410 max = get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT);
1411 mult = get_field(itd->bufptr[2], ITD_BUFPTR_MULT);
1412
1413 for(i = 0; i < 8; i++) {
1414 if (itd->transact[i] & ITD_XACT_ACTIVE) {
1415 pg = get_field(itd->transact[i], ITD_XACT_PGSEL);
1416 off = itd->transact[i] & ITD_XACT_OFFSET_MASK;
1417 len = get_field(itd->transact[i], ITD_XACT_LENGTH);
1418
1419 if (len > max * mult) {
1420 len = max * mult;
1421 }
1422 if (len > BUFF_SIZE || pg > 6) {
1423 return -1;
1424 }
1425
1426 ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
1427 qemu_sglist_init(&ehci->isgl, ehci->device, 2, ehci->as);
1428 if (off + len > 4096) {
1429
1430 if (pg == 6) {
1431 qemu_sglist_destroy(&ehci->isgl);
1432 return -1;
1433 }
1434 ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
1435 uint32_t len2 = off + len - 4096;
1436 uint32_t len1 = len - len2;
1437 qemu_sglist_add(&ehci->isgl, ptr1 + off, len1);
1438 qemu_sglist_add(&ehci->isgl, ptr2, len2);
1439 } else {
1440 qemu_sglist_add(&ehci->isgl, ptr1 + off, len);
1441 }
1442
1443 pid = dir ? USB_TOKEN_IN : USB_TOKEN_OUT;
1444
1445 dev = ehci_find_device(ehci, devaddr);
1446 ep = usb_ep_get(dev, pid, endp);
1447 if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) {
1448 usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false,
1449 (itd->transact[i] & ITD_XACT_IOC) != 0);
1450 usb_packet_map(&ehci->ipacket, &ehci->isgl);
1451 usb_handle_packet(dev, &ehci->ipacket);
1452 usb_packet_unmap(&ehci->ipacket, &ehci->isgl);
1453 } else {
1454 DPRINTF("ISOCH: attempt to addess non-iso endpoint\n");
1455 ehci->ipacket.status = USB_RET_NAK;
1456 ehci->ipacket.actual_length = 0;
1457 }
1458 qemu_sglist_destroy(&ehci->isgl);
1459
1460 switch (ehci->ipacket.status) {
1461 case USB_RET_SUCCESS:
1462 break;
1463 default:
1464 fprintf(stderr, "Unexpected iso usb result: %d\n",
1465 ehci->ipacket.status);
1466
1467 case USB_RET_IOERROR:
1468 case USB_RET_NODEV:
1469
1470 if (dir) {
1471 itd->transact[i] |= ITD_XACT_XACTERR;
1472 ehci_raise_irq(ehci, USBSTS_ERRINT);
1473 }
1474 break;
1475 case USB_RET_BABBLE:
1476 itd->transact[i] |= ITD_XACT_BABBLE;
1477 ehci_raise_irq(ehci, USBSTS_ERRINT);
1478 break;
1479 case USB_RET_NAK:
1480
1481 ehci->ipacket.actual_length = 0;
1482 break;
1483 }
1484 if (!dir) {
1485 set_field(&itd->transact[i], len - ehci->ipacket.actual_length,
1486 ITD_XACT_LENGTH);
1487 } else {
1488 set_field(&itd->transact[i], ehci->ipacket.actual_length,
1489 ITD_XACT_LENGTH);
1490 }
1491 if (itd->transact[i] & ITD_XACT_IOC) {
1492 ehci_raise_irq(ehci, USBSTS_INT);
1493 }
1494 itd->transact[i] &= ~ITD_XACT_ACTIVE;
1495 }
1496 }
1497 return 0;
1498}
1499
1500
1501
1502
1503
1504static int ehci_state_waitlisthead(EHCIState *ehci, int async)
1505{
1506 EHCIqh qh;
1507 int i = 0;
1508 int again = 0;
1509 uint32_t entry = ehci->asynclistaddr;
1510
1511
1512 if (async) {
1513 ehci_set_usbsts(ehci, USBSTS_REC);
1514 }
1515
1516 ehci_queues_rip_unused(ehci, async);
1517
1518
1519 for(i = 0; i < MAX_QH; i++) {
1520 if (get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &qh,
1521 sizeof(EHCIqh) >> 2) < 0) {
1522 return 0;
1523 }
1524 ehci_trace_qh(NULL, NLPTR_GET(entry), &qh);
1525
1526 if (qh.epchar & QH_EPCHAR_H) {
1527 if (async) {
1528 entry |= (NLPTR_TYPE_QH << 1);
1529 }
1530
1531 ehci_set_fetch_addr(ehci, async, entry);
1532 ehci_set_state(ehci, async, EST_FETCHENTRY);
1533 again = 1;
1534 goto out;
1535 }
1536
1537 entry = qh.next;
1538 if (entry == ehci->asynclistaddr) {
1539 break;
1540 }
1541 }
1542
1543
1544
1545 ehci_set_state(ehci, async, EST_ACTIVE);
1546
1547out:
1548 return again;
1549}
1550
1551
1552
1553
1554
1555static int ehci_state_fetchentry(EHCIState *ehci, int async)
1556{
1557 int again = 0;
1558 uint32_t entry = ehci_get_fetch_addr(ehci, async);
1559
1560 if (NLPTR_TBIT(entry)) {
1561 ehci_set_state(ehci, async, EST_ACTIVE);
1562 goto out;
1563 }
1564
1565
1566 if (async && (NLPTR_TYPE_GET(entry) != NLPTR_TYPE_QH)) {
1567 fprintf(stderr, "non queue head request in async schedule\n");
1568 return -1;
1569 }
1570
1571 switch (NLPTR_TYPE_GET(entry)) {
1572 case NLPTR_TYPE_QH:
1573 ehci_set_state(ehci, async, EST_FETCHQH);
1574 again = 1;
1575 break;
1576
1577 case NLPTR_TYPE_ITD:
1578 ehci_set_state(ehci, async, EST_FETCHITD);
1579 again = 1;
1580 break;
1581
1582 case NLPTR_TYPE_STITD:
1583 ehci_set_state(ehci, async, EST_FETCHSITD);
1584 again = 1;
1585 break;
1586
1587 default:
1588
1589 fprintf(stderr, "FETCHENTRY: entry at %X is of type %d "
1590 "which is not supported yet\n", entry, NLPTR_TYPE_GET(entry));
1591 return -1;
1592 }
1593
1594out:
1595 return again;
1596}
1597
1598static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async)
1599{
1600 uint32_t entry;
1601 EHCIQueue *q;
1602 EHCIqh qh;
1603
1604 entry = ehci_get_fetch_addr(ehci, async);
1605 q = ehci_find_queue_by_qh(ehci, entry, async);
1606 if (q == NULL) {
1607 q = ehci_alloc_queue(ehci, entry, async);
1608 }
1609
1610 q->seen++;
1611 if (q->seen > 1) {
1612
1613 ehci_set_state(ehci, async, EST_ACTIVE);
1614 q = NULL;
1615 goto out;
1616 }
1617
1618 if (get_dwords(ehci, NLPTR_GET(q->qhaddr),
1619 (uint32_t *) &qh, sizeof(EHCIqh) >> 2) < 0) {
1620 q = NULL;
1621 goto out;
1622 }
1623 ehci_trace_qh(q, NLPTR_GET(q->qhaddr), &qh);
1624
1625
1626
1627
1628
1629 if (!ehci_verify_qh(q, &qh)) {
1630 if (ehci_reset_queue(q) > 0) {
1631 ehci_trace_guest_bug(ehci, "guest updated active QH");
1632 }
1633 }
1634 q->qh = qh;
1635
1636 q->transact_ctr = get_field(q->qh.epcap, QH_EPCAP_MULT);
1637 if (q->transact_ctr == 0) {
1638 q->transact_ctr = 4;
1639 }
1640
1641 if (q->dev == NULL) {
1642 q->dev = ehci_find_device(q->ehci,
1643 get_field(q->qh.epchar, QH_EPCHAR_DEVADDR));
1644 }
1645
1646 if (async && (q->qh.epchar & QH_EPCHAR_H)) {
1647
1648
1649 if (ehci->usbsts & USBSTS_REC) {
1650 ehci_clear_usbsts(ehci, USBSTS_REC);
1651 } else {
1652 DPRINTF("FETCHQH: QH 0x%08x. H-bit set, reclamation status reset"
1653 " - done processing\n", q->qhaddr);
1654 ehci_set_state(ehci, async, EST_ACTIVE);
1655 q = NULL;
1656 goto out;
1657 }
1658 }
1659
1660#if EHCI_DEBUG
1661 if (q->qhaddr != q->qh.next) {
1662 DPRINTF("FETCHQH: QH 0x%08x (h %x halt %x active %x) next 0x%08x\n",
1663 q->qhaddr,
1664 q->qh.epchar & QH_EPCHAR_H,
1665 q->qh.token & QTD_TOKEN_HALT,
1666 q->qh.token & QTD_TOKEN_ACTIVE,
1667 q->qh.next);
1668 }
1669#endif
1670
1671 if (q->qh.token & QTD_TOKEN_HALT) {
1672 ehci_set_state(ehci, async, EST_HORIZONTALQH);
1673
1674 } else if ((q->qh.token & QTD_TOKEN_ACTIVE) &&
1675 (NLPTR_TBIT(q->qh.current_qtd) == 0)) {
1676 q->qtdaddr = q->qh.current_qtd;
1677 ehci_set_state(ehci, async, EST_FETCHQTD);
1678
1679 } else {
1680
1681 ehci_set_state(ehci, async, EST_ADVANCEQUEUE);
1682 }
1683
1684out:
1685 return q;
1686}
1687
1688static int ehci_state_fetchitd(EHCIState *ehci, int async)
1689{
1690 uint32_t entry;
1691 EHCIitd itd;
1692
1693 assert(!async);
1694 entry = ehci_get_fetch_addr(ehci, async);
1695
1696 if (get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd,
1697 sizeof(EHCIitd) >> 2) < 0) {
1698 return -1;
1699 }
1700 ehci_trace_itd(ehci, entry, &itd);
1701
1702 if (ehci_process_itd(ehci, &itd, entry) != 0) {
1703 return -1;
1704 }
1705
1706 put_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd,
1707 sizeof(EHCIitd) >> 2);
1708 ehci_set_fetch_addr(ehci, async, itd.next);
1709 ehci_set_state(ehci, async, EST_FETCHENTRY);
1710
1711 return 1;
1712}
1713
1714static int ehci_state_fetchsitd(EHCIState *ehci, int async)
1715{
1716 uint32_t entry;
1717 EHCIsitd sitd;
1718
1719 assert(!async);
1720 entry = ehci_get_fetch_addr(ehci, async);
1721
1722 if (get_dwords(ehci, NLPTR_GET(entry), (uint32_t *)&sitd,
1723 sizeof(EHCIsitd) >> 2) < 0) {
1724 return 0;
1725 }
1726 ehci_trace_sitd(ehci, entry, &sitd);
1727
1728 if (!(sitd.results & SITD_RESULTS_ACTIVE)) {
1729 ;
1730 } else {
1731
1732 warn_report("Skipping active siTD");
1733 }
1734
1735 ehci_set_fetch_addr(ehci, async, sitd.next);
1736 ehci_set_state(ehci, async, EST_FETCHENTRY);
1737 return 1;
1738}
1739
1740
1741static int ehci_state_advqueue(EHCIQueue *q)
1742{
1743#if 0
1744
1745
1746
1747
1748 if (I-bit set) {
1749 ehci_set_state(ehci, async, EST_HORIZONTALQH);
1750 goto out;
1751 }
1752#endif
1753
1754
1755
1756
1757 if (((q->qh.token & QTD_TOKEN_TBYTES_MASK) != 0) &&
1758 (NLPTR_TBIT(q->qh.altnext_qtd) == 0)) {
1759 q->qtdaddr = q->qh.altnext_qtd;
1760 ehci_set_state(q->ehci, q->async, EST_FETCHQTD);
1761
1762
1763
1764
1765 } else if (NLPTR_TBIT(q->qh.next_qtd) == 0) {
1766 q->qtdaddr = q->qh.next_qtd;
1767 ehci_set_state(q->ehci, q->async, EST_FETCHQTD);
1768
1769
1770
1771
1772 } else {
1773 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1774 }
1775
1776 return 1;
1777}
1778
1779
1780static int ehci_state_fetchqtd(EHCIQueue *q)
1781{
1782 EHCIqtd qtd;
1783 EHCIPacket *p;
1784 int again = 1;
1785
1786 if (get_dwords(q->ehci, NLPTR_GET(q->qtdaddr), (uint32_t *) &qtd,
1787 sizeof(EHCIqtd) >> 2) < 0) {
1788 return 0;
1789 }
1790 ehci_trace_qtd(q, NLPTR_GET(q->qtdaddr), &qtd);
1791
1792 p = QTAILQ_FIRST(&q->packets);
1793 if (p != NULL) {
1794 if (!ehci_verify_qtd(p, &qtd)) {
1795 ehci_cancel_queue(q);
1796 if (qtd.token & QTD_TOKEN_ACTIVE) {
1797 ehci_trace_guest_bug(q->ehci, "guest updated active qTD");
1798 }
1799 p = NULL;
1800 } else {
1801 p->qtd = qtd;
1802 ehci_qh_do_overlay(q);
1803 }
1804 }
1805
1806 if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
1807 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1808 } else if (p != NULL) {
1809 switch (p->async) {
1810 case EHCI_ASYNC_NONE:
1811 case EHCI_ASYNC_INITIALIZED:
1812
1813 ehci_set_state(q->ehci, q->async, EST_EXECUTE);
1814 break;
1815 case EHCI_ASYNC_INFLIGHT:
1816
1817 again = ehci_fill_queue(QTAILQ_LAST(&q->packets, pkts_head));
1818
1819 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1820 break;
1821 case EHCI_ASYNC_FINISHED:
1822
1823 ehci_set_state(q->ehci, q->async, EST_EXECUTING);
1824 break;
1825 }
1826 } else {
1827 p = ehci_alloc_packet(q);
1828 p->qtdaddr = q->qtdaddr;
1829 p->qtd = qtd;
1830 ehci_set_state(q->ehci, q->async, EST_EXECUTE);
1831 }
1832
1833 return again;
1834}
1835
1836static int ehci_state_horizqh(EHCIQueue *q)
1837{
1838 int again = 0;
1839
1840 if (ehci_get_fetch_addr(q->ehci, q->async) != q->qh.next) {
1841 ehci_set_fetch_addr(q->ehci, q->async, q->qh.next);
1842 ehci_set_state(q->ehci, q->async, EST_FETCHENTRY);
1843 again = 1;
1844 } else {
1845 ehci_set_state(q->ehci, q->async, EST_ACTIVE);
1846 }
1847
1848 return again;
1849}
1850
1851
1852static int ehci_fill_queue(EHCIPacket *p)
1853{
1854 USBEndpoint *ep = p->packet.ep;
1855 EHCIQueue *q = p->queue;
1856 EHCIqtd qtd = p->qtd;
1857 uint32_t qtdaddr;
1858
1859 for (;;) {
1860 if (NLPTR_TBIT(qtd.next) != 0) {
1861 break;
1862 }
1863 qtdaddr = qtd.next;
1864
1865
1866
1867
1868 QTAILQ_FOREACH(p, &q->packets, next) {
1869 if (p->qtdaddr == qtdaddr) {
1870 goto leave;
1871 }
1872 }
1873 if (get_dwords(q->ehci, NLPTR_GET(qtdaddr),
1874 (uint32_t *) &qtd, sizeof(EHCIqtd) >> 2) < 0) {
1875 return -1;
1876 }
1877 ehci_trace_qtd(q, NLPTR_GET(qtdaddr), &qtd);
1878 if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
1879 break;
1880 }
1881 if (!ehci_verify_pid(q, &qtd)) {
1882 ehci_trace_guest_bug(q->ehci, "guest queued token with wrong pid");
1883 break;
1884 }
1885 p = ehci_alloc_packet(q);
1886 p->qtdaddr = qtdaddr;
1887 p->qtd = qtd;
1888 if (ehci_execute(p, "queue") == -1) {
1889 return -1;
1890 }
1891 assert(p->packet.status == USB_RET_ASYNC);
1892 p->async = EHCI_ASYNC_INFLIGHT;
1893 }
1894leave:
1895 usb_device_flush_ep_queue(ep->dev, ep);
1896 return 1;
1897}
1898
1899static int ehci_state_execute(EHCIQueue *q)
1900{
1901 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1902 int again = 0;
1903
1904 assert(p != NULL);
1905 assert(p->qtdaddr == q->qtdaddr);
1906
1907 if (ehci_qh_do_overlay(q) != 0) {
1908 return -1;
1909 }
1910
1911
1912
1913
1914
1915 if (!q->async && q->transact_ctr == 0) {
1916 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1917 again = 1;
1918 goto out;
1919 }
1920
1921 if (q->async) {
1922 ehci_set_usbsts(q->ehci, USBSTS_REC);
1923 }
1924
1925 again = ehci_execute(p, "process");
1926 if (again == -1) {
1927 goto out;
1928 }
1929 if (p->packet.status == USB_RET_ASYNC) {
1930 ehci_flush_qh(q);
1931 trace_usb_ehci_packet_action(p->queue, p, "async");
1932 p->async = EHCI_ASYNC_INFLIGHT;
1933 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1934 if (q->async) {
1935 again = ehci_fill_queue(p);
1936 } else {
1937 again = 1;
1938 }
1939 goto out;
1940 }
1941
1942 ehci_set_state(q->ehci, q->async, EST_EXECUTING);
1943 again = 1;
1944
1945out:
1946 return again;
1947}
1948
1949static int ehci_state_executing(EHCIQueue *q)
1950{
1951 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1952
1953 assert(p != NULL);
1954 assert(p->qtdaddr == q->qtdaddr);
1955
1956 ehci_execute_complete(q);
1957
1958
1959 if (!q->async && q->transact_ctr > 0) {
1960 q->transact_ctr--;
1961 }
1962
1963
1964 if (p->packet.status == USB_RET_NAK) {
1965 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1966 } else {
1967 ehci_set_state(q->ehci, q->async, EST_WRITEBACK);
1968 }
1969
1970 ehci_flush_qh(q);
1971 return 1;
1972}
1973
1974
1975static int ehci_state_writeback(EHCIQueue *q)
1976{
1977 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1978 uint32_t *qtd, addr;
1979 int again = 0;
1980
1981
1982 assert(p != NULL);
1983 assert(p->qtdaddr == q->qtdaddr);
1984
1985 ehci_trace_qtd(q, NLPTR_GET(p->qtdaddr), (EHCIqtd *) &q->qh.next_qtd);
1986 qtd = (uint32_t *) &q->qh.next_qtd;
1987 addr = NLPTR_GET(p->qtdaddr);
1988 put_dwords(q->ehci, addr + 2 * sizeof(uint32_t), qtd + 2, 2);
1989 ehci_free_packet(p);
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999 if (q->qh.token & QTD_TOKEN_HALT) {
2000 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
2001 again = 1;
2002 } else {
2003 ehci_set_state(q->ehci, q->async, EST_ADVANCEQUEUE);
2004 again = 1;
2005 }
2006 return again;
2007}
2008
2009
2010
2011
2012
2013static void ehci_advance_state(EHCIState *ehci, int async)
2014{
2015 EHCIQueue *q = NULL;
2016 int itd_count = 0;
2017 int again;
2018
2019 do {
2020 switch(ehci_get_state(ehci, async)) {
2021 case EST_WAITLISTHEAD:
2022 again = ehci_state_waitlisthead(ehci, async);
2023 break;
2024
2025 case EST_FETCHENTRY:
2026 again = ehci_state_fetchentry(ehci, async);
2027 break;
2028
2029 case EST_FETCHQH:
2030 q = ehci_state_fetchqh(ehci, async);
2031 if (q != NULL) {
2032 assert(q->async == async);
2033 again = 1;
2034 } else {
2035 again = 0;
2036 }
2037 break;
2038
2039 case EST_FETCHITD:
2040 again = ehci_state_fetchitd(ehci, async);
2041 itd_count++;
2042 break;
2043
2044 case EST_FETCHSITD:
2045 again = ehci_state_fetchsitd(ehci, async);
2046 itd_count++;
2047 break;
2048
2049 case EST_ADVANCEQUEUE:
2050 assert(q != NULL);
2051 again = ehci_state_advqueue(q);
2052 break;
2053
2054 case EST_FETCHQTD:
2055 assert(q != NULL);
2056 again = ehci_state_fetchqtd(q);
2057 break;
2058
2059 case EST_HORIZONTALQH:
2060 assert(q != NULL);
2061 again = ehci_state_horizqh(q);
2062 break;
2063
2064 case EST_EXECUTE:
2065 assert(q != NULL);
2066 again = ehci_state_execute(q);
2067 if (async) {
2068 ehci->async_stepdown = 0;
2069 }
2070 break;
2071
2072 case EST_EXECUTING:
2073 assert(q != NULL);
2074 if (async) {
2075 ehci->async_stepdown = 0;
2076 }
2077 again = ehci_state_executing(q);
2078 break;
2079
2080 case EST_WRITEBACK:
2081 assert(q != NULL);
2082 again = ehci_state_writeback(q);
2083 if (!async) {
2084 ehci->periodic_sched_active = PERIODIC_ACTIVE;
2085 }
2086 break;
2087
2088 default:
2089 fprintf(stderr, "Bad state!\n");
2090 again = -1;
2091 g_assert_not_reached();
2092 break;
2093 }
2094
2095 if (again < 0 || itd_count > 16) {
2096
2097 fprintf(stderr, "processing error - resetting ehci HC\n");
2098 ehci_reset(ehci);
2099 again = 0;
2100 }
2101 }
2102 while (again);
2103}
2104
2105static void ehci_advance_async_state(EHCIState *ehci)
2106{
2107 const int async = 1;
2108
2109 switch(ehci_get_state(ehci, async)) {
2110 case EST_INACTIVE:
2111 if (!ehci_async_enabled(ehci)) {
2112 break;
2113 }
2114 ehci_set_state(ehci, async, EST_ACTIVE);
2115
2116
2117 case EST_ACTIVE:
2118 if (!ehci_async_enabled(ehci)) {
2119 ehci_queues_rip_all(ehci, async);
2120 ehci_set_state(ehci, async, EST_INACTIVE);
2121 break;
2122 }
2123
2124
2125
2126 if (ehci->usbsts & USBSTS_IAA) {
2127 DPRINTF("IAA status bit still set.\n");
2128 break;
2129 }
2130
2131
2132 if (ehci->asynclistaddr == 0) {
2133 break;
2134 }
2135
2136 ehci_set_state(ehci, async, EST_WAITLISTHEAD);
2137 ehci_advance_state(ehci, async);
2138
2139
2140
2141
2142
2143 if (ehci->usbcmd & USBCMD_IAAD) {
2144
2145 ehci_queues_rip_unseen(ehci, async);
2146 trace_usb_ehci_doorbell_ack();
2147 ehci->usbcmd &= ~USBCMD_IAAD;
2148 ehci_raise_irq(ehci, USBSTS_IAA);
2149 }
2150 break;
2151
2152 default:
2153
2154 fprintf(stderr, "ehci: Bad asynchronous state %d. "
2155 "Resetting to active\n", ehci->astate);
2156 g_assert_not_reached();
2157 }
2158}
2159
2160static void ehci_advance_periodic_state(EHCIState *ehci)
2161{
2162 uint32_t entry;
2163 uint32_t list;
2164 const int async = 0;
2165
2166
2167
2168 switch(ehci_get_state(ehci, async)) {
2169 case EST_INACTIVE:
2170 if (!(ehci->frindex & 7) && ehci_periodic_enabled(ehci)) {
2171 ehci_set_state(ehci, async, EST_ACTIVE);
2172
2173 } else
2174 break;
2175
2176 case EST_ACTIVE:
2177 if (!(ehci->frindex & 7) && !ehci_periodic_enabled(ehci)) {
2178 ehci_queues_rip_all(ehci, async);
2179 ehci_set_state(ehci, async, EST_INACTIVE);
2180 break;
2181 }
2182
2183 list = ehci->periodiclistbase & 0xfffff000;
2184
2185 if (list == 0) {
2186 break;
2187 }
2188 list |= ((ehci->frindex & 0x1ff8) >> 1);
2189
2190 if (get_dwords(ehci, list, &entry, 1) < 0) {
2191 break;
2192 }
2193
2194 DPRINTF("PERIODIC state adv fr=%d. [%08X] -> %08X\n",
2195 ehci->frindex / 8, list, entry);
2196 ehci_set_fetch_addr(ehci, async,entry);
2197 ehci_set_state(ehci, async, EST_FETCHENTRY);
2198 ehci_advance_state(ehci, async);
2199 ehci_queues_rip_unused(ehci, async);
2200 break;
2201
2202 default:
2203
2204 fprintf(stderr, "ehci: Bad periodic state %d. "
2205 "Resetting to active\n", ehci->pstate);
2206 g_assert_not_reached();
2207 }
2208}
2209
2210static void ehci_update_frindex(EHCIState *ehci, int uframes)
2211{
2212 if (!ehci_enabled(ehci) && ehci->pstate == EST_INACTIVE) {
2213 return;
2214 }
2215
2216
2217 if ((ehci->frindex % 0x2000) + uframes >= 0x2000) {
2218 ehci_raise_irq(ehci, USBSTS_FLR);
2219 }
2220
2221
2222
2223
2224 int rollovers = (ehci->frindex + uframes) / 0x4000;
2225 if (rollovers > 0) {
2226 if (ehci->usbsts_frindex >= (rollovers * 0x4000)) {
2227 ehci->usbsts_frindex -= 0x4000 * rollovers;
2228 } else {
2229 ehci->usbsts_frindex = 0;
2230 }
2231 }
2232
2233 ehci->frindex = (ehci->frindex + uframes) % 0x4000;
2234}
2235
2236static void ehci_work_bh(void *opaque)
2237{
2238 EHCIState *ehci = opaque;
2239 int need_timer = 0;
2240 int64_t expire_time, t_now;
2241 uint64_t ns_elapsed;
2242 uint64_t uframes, skipped_uframes;
2243 int i;
2244
2245 if (ehci->working) {
2246 return;
2247 }
2248 ehci->working = true;
2249
2250 t_now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
2251 ns_elapsed = t_now - ehci->last_run_ns;
2252 uframes = ns_elapsed / UFRAME_TIMER_NS;
2253
2254 if (ehci_periodic_enabled(ehci) || ehci->pstate != EST_INACTIVE) {
2255 need_timer++;
2256
2257 if (uframes > (ehci->maxframes * 8)) {
2258 skipped_uframes = uframes - (ehci->maxframes * 8);
2259 ehci_update_frindex(ehci, skipped_uframes);
2260 ehci->last_run_ns += UFRAME_TIMER_NS * skipped_uframes;
2261 uframes -= skipped_uframes;
2262 DPRINTF("WARNING - EHCI skipped %d uframes\n", skipped_uframes);
2263 }
2264
2265 for (i = 0; i < uframes; i++) {
2266
2267
2268
2269
2270
2271
2272
2273 if (i >= MIN_UFR_PER_TICK) {
2274 ehci_commit_irq(ehci);
2275 if ((ehci->usbsts & USBINTR_MASK) & ehci->usbintr) {
2276 break;
2277 }
2278 }
2279 if (ehci->periodic_sched_active) {
2280 ehci->periodic_sched_active--;
2281 }
2282 ehci_update_frindex(ehci, 1);
2283 if ((ehci->frindex & 7) == 0) {
2284 ehci_advance_periodic_state(ehci);
2285 }
2286 ehci->last_run_ns += UFRAME_TIMER_NS;
2287 }
2288 } else {
2289 ehci->periodic_sched_active = 0;
2290 ehci_update_frindex(ehci, uframes);
2291 ehci->last_run_ns += UFRAME_TIMER_NS * uframes;
2292 }
2293
2294 if (ehci->periodic_sched_active) {
2295 ehci->async_stepdown = 0;
2296 } else if (ehci->async_stepdown < ehci->maxframes / 2) {
2297 ehci->async_stepdown++;
2298 }
2299
2300
2301
2302
2303 if (ehci_async_enabled(ehci) || ehci->astate != EST_INACTIVE) {
2304 need_timer++;
2305 ehci_advance_async_state(ehci);
2306 }
2307
2308 ehci_commit_irq(ehci);
2309 if (ehci->usbsts_pending) {
2310 need_timer++;
2311 ehci->async_stepdown = 0;
2312 }
2313
2314 if (ehci_enabled(ehci) && (ehci->usbintr & USBSTS_FLR)) {
2315 need_timer++;
2316 }
2317
2318 if (need_timer) {
2319
2320
2321 if (ehci->int_req_by_async && (ehci->usbsts & USBSTS_INT)) {
2322 expire_time = t_now +
2323 NANOSECONDS_PER_SECOND / (FRAME_TIMER_FREQ * 4);
2324 ehci->int_req_by_async = false;
2325 } else {
2326 expire_time = t_now + (NANOSECONDS_PER_SECOND
2327 * (ehci->async_stepdown+1) / FRAME_TIMER_FREQ);
2328 }
2329 timer_mod(ehci->frame_timer, expire_time);
2330 }
2331
2332 ehci->working = false;
2333}
2334
2335static void ehci_work_timer(void *opaque)
2336{
2337 EHCIState *ehci = opaque;
2338
2339 qemu_bh_schedule(ehci->async_bh);
2340}
2341
2342static const MemoryRegionOps ehci_mmio_caps_ops = {
2343 .read = ehci_caps_read,
2344 .write = ehci_caps_write,
2345 .valid.min_access_size = 1,
2346 .valid.max_access_size = 4,
2347 .impl.min_access_size = 1,
2348 .impl.max_access_size = 1,
2349 .endianness = DEVICE_LITTLE_ENDIAN,
2350};
2351
2352static const MemoryRegionOps ehci_mmio_opreg_ops = {
2353 .read = ehci_opreg_read,
2354 .write = ehci_opreg_write,
2355 .valid.min_access_size = 4,
2356 .valid.max_access_size = 4,
2357 .endianness = DEVICE_LITTLE_ENDIAN,
2358};
2359
2360static const MemoryRegionOps ehci_mmio_port_ops = {
2361 .read = ehci_port_read,
2362 .write = ehci_port_write,
2363 .valid.min_access_size = 4,
2364 .valid.max_access_size = 4,
2365 .endianness = DEVICE_LITTLE_ENDIAN,
2366};
2367
2368static USBPortOps ehci_port_ops = {
2369 .attach = ehci_attach,
2370 .detach = ehci_detach,
2371 .child_detach = ehci_child_detach,
2372 .wakeup = ehci_wakeup,
2373 .complete = ehci_async_complete_packet,
2374};
2375
2376static USBBusOps ehci_bus_ops_companion = {
2377 .register_companion = ehci_register_companion,
2378 .wakeup_endpoint = ehci_wakeup_endpoint,
2379};
2380static USBBusOps ehci_bus_ops_standalone = {
2381 .wakeup_endpoint = ehci_wakeup_endpoint,
2382};
2383
2384static int usb_ehci_pre_save(void *opaque)
2385{
2386 EHCIState *ehci = opaque;
2387 uint32_t new_frindex;
2388
2389
2390 new_frindex = ehci->frindex & ~7;
2391 ehci->last_run_ns -= (ehci->frindex - new_frindex) * UFRAME_TIMER_NS;
2392 ehci->frindex = new_frindex;
2393
2394 return 0;
2395}
2396
2397static int usb_ehci_post_load(void *opaque, int version_id)
2398{
2399 EHCIState *s = opaque;
2400 int i;
2401
2402 for (i = 0; i < NB_PORTS; i++) {
2403 USBPort *companion = s->companion_ports[i];
2404 if (companion == NULL) {
2405 continue;
2406 }
2407 if (s->portsc[i] & PORTSC_POWNER) {
2408 companion->dev = s->ports[i].dev;
2409 } else {
2410 companion->dev = NULL;
2411 }
2412 }
2413
2414 return 0;
2415}
2416
2417static void usb_ehci_vm_state_change(void *opaque, int running, RunState state)
2418{
2419 EHCIState *ehci = opaque;
2420
2421
2422
2423
2424
2425
2426
2427 if (state == RUN_STATE_RUNNING) {
2428 ehci_advance_async_state(ehci);
2429 }
2430
2431
2432
2433
2434
2435
2436
2437 if (state == RUN_STATE_SAVE_VM) {
2438 ehci_advance_async_state(ehci);
2439 ehci_queues_rip_unseen(ehci, 1);
2440 }
2441}
2442
2443const VMStateDescription vmstate_ehci = {
2444 .name = "ehci-core",
2445 .version_id = 2,
2446 .minimum_version_id = 1,
2447 .pre_save = usb_ehci_pre_save,
2448 .post_load = usb_ehci_post_load,
2449 .fields = (VMStateField[]) {
2450
2451 VMSTATE_UINT32(usbcmd, EHCIState),
2452 VMSTATE_UINT32(usbsts, EHCIState),
2453 VMSTATE_UINT32_V(usbsts_pending, EHCIState, 2),
2454 VMSTATE_UINT32_V(usbsts_frindex, EHCIState, 2),
2455 VMSTATE_UINT32(usbintr, EHCIState),
2456 VMSTATE_UINT32(frindex, EHCIState),
2457 VMSTATE_UINT32(ctrldssegment, EHCIState),
2458 VMSTATE_UINT32(periodiclistbase, EHCIState),
2459 VMSTATE_UINT32(asynclistaddr, EHCIState),
2460 VMSTATE_UINT32(configflag, EHCIState),
2461 VMSTATE_UINT32(portsc[0], EHCIState),
2462 VMSTATE_UINT32(portsc[1], EHCIState),
2463 VMSTATE_UINT32(portsc[2], EHCIState),
2464 VMSTATE_UINT32(portsc[3], EHCIState),
2465 VMSTATE_UINT32(portsc[4], EHCIState),
2466 VMSTATE_UINT32(portsc[5], EHCIState),
2467
2468 VMSTATE_TIMER_PTR(frame_timer, EHCIState),
2469 VMSTATE_UINT64(last_run_ns, EHCIState),
2470 VMSTATE_UINT32(async_stepdown, EHCIState),
2471
2472 VMSTATE_UINT32(astate, EHCIState),
2473 VMSTATE_UINT32(pstate, EHCIState),
2474 VMSTATE_UINT32(a_fetch_addr, EHCIState),
2475 VMSTATE_UINT32(p_fetch_addr, EHCIState),
2476 VMSTATE_END_OF_LIST()
2477 }
2478};
2479
2480void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp)
2481{
2482 int i;
2483
2484 if (s->portnr > NB_PORTS) {
2485 error_setg(errp, "Too many ports! Max. port number is %d.",
2486 NB_PORTS);
2487 return;
2488 }
2489 if (s->maxframes < 8 || s->maxframes > 512) {
2490 error_setg(errp, "maxframes %d out if range (8 .. 512)",
2491 s->maxframes);
2492 return;
2493 }
2494
2495 usb_bus_new(&s->bus, sizeof(s->bus), s->companion_enable ?
2496 &ehci_bus_ops_companion : &ehci_bus_ops_standalone, dev);
2497 for (i = 0; i < s->portnr; i++) {
2498 usb_register_port(&s->bus, &s->ports[i], s, i, &ehci_port_ops,
2499 USB_SPEED_MASK_HIGH);
2500 s->ports[i].dev = 0;
2501 }
2502
2503 s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ehci_work_timer, s);
2504 s->async_bh = qemu_bh_new(ehci_work_bh, s);
2505 s->device = dev;
2506
2507 s->vmstate = qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s);
2508}
2509
2510void usb_ehci_unrealize(EHCIState *s, DeviceState *dev, Error **errp)
2511{
2512 trace_usb_ehci_unrealize();
2513
2514 if (s->frame_timer) {
2515 timer_del(s->frame_timer);
2516 timer_free(s->frame_timer);
2517 s->frame_timer = NULL;
2518 }
2519 if (s->async_bh) {
2520 qemu_bh_delete(s->async_bh);
2521 }
2522
2523 ehci_queues_rip_all(s, 0);
2524 ehci_queues_rip_all(s, 1);
2525
2526 memory_region_del_subregion(&s->mem, &s->mem_caps);
2527 memory_region_del_subregion(&s->mem, &s->mem_opreg);
2528 memory_region_del_subregion(&s->mem, &s->mem_ports);
2529
2530 usb_bus_release(&s->bus);
2531
2532 if (s->vmstate) {
2533 qemu_del_vm_change_state_handler(s->vmstate);
2534 }
2535}
2536
2537void usb_ehci_init(EHCIState *s, DeviceState *dev)
2538{
2539
2540 s->caps[0x00] = (uint8_t)(s->opregbase - s->capsbase);
2541 s->caps[0x01] = 0x00;
2542 s->caps[0x02] = 0x00;
2543 s->caps[0x03] = 0x01;
2544 s->caps[0x04] = s->portnr;
2545 s->caps[0x05] = 0x00;
2546 s->caps[0x06] = 0x00;
2547 s->caps[0x07] = 0x00;
2548 s->caps[0x08] = 0x80;
2549 s->caps[0x0a] = 0x00;
2550 s->caps[0x0b] = 0x00;
2551
2552 QTAILQ_INIT(&s->aqueues);
2553 QTAILQ_INIT(&s->pqueues);
2554 usb_packet_init(&s->ipacket);
2555
2556 memory_region_init(&s->mem, OBJECT(dev), "ehci", MMIO_SIZE);
2557 memory_region_init_io(&s->mem_caps, OBJECT(dev), &ehci_mmio_caps_ops, s,
2558 "capabilities", CAPA_SIZE);
2559 memory_region_init_io(&s->mem_opreg, OBJECT(dev), &ehci_mmio_opreg_ops, s,
2560 "operational", s->portscbase);
2561 memory_region_init_io(&s->mem_ports, OBJECT(dev), &ehci_mmio_port_ops, s,
2562 "ports", 4 * s->portnr);
2563
2564 memory_region_add_subregion(&s->mem, s->capsbase, &s->mem_caps);
2565 memory_region_add_subregion(&s->mem, s->opregbase, &s->mem_opreg);
2566 memory_region_add_subregion(&s->mem, s->opregbase + s->portscbase,
2567 &s->mem_ports);
2568}
2569
2570void usb_ehci_finalize(EHCIState *s)
2571{
2572 usb_packet_cleanup(&s->ipacket);
2573}
2574
2575
2576
2577
2578
