1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#include "qemu/osdep.h"
31#include "qapi/error.h"
32#include "hw/usb/ehci-regs.h"
33#include "hw/usb/hcd-ehci.h"
34#include "trace.h"
35#include "qemu/error-report.h"
36
37#define FRAME_TIMER_FREQ 1000
38#define FRAME_TIMER_NS (NANOSECONDS_PER_SECOND / FRAME_TIMER_FREQ)
39#define UFRAME_TIMER_NS (FRAME_TIMER_NS / 8)
40
41#define NB_MAXINTRATE 8
42#define BUFF_SIZE 5*4096
43#define MAX_QH 100
44#define MIN_UFR_PER_TICK 24
45#define PERIODIC_ACTIVE 512
46
47
48
49typedef enum {
50 EST_INACTIVE = 1000,
51 EST_ACTIVE,
52 EST_EXECUTING,
53 EST_SLEEPING,
54
55
56 EST_WAITLISTHEAD,
57 EST_FETCHENTRY,
58 EST_FETCHQH,
59 EST_FETCHITD,
60 EST_FETCHSITD,
61 EST_ADVANCEQUEUE,
62 EST_FETCHQTD,
63 EST_EXECUTE,
64 EST_WRITEBACK,
65 EST_HORIZONTALQH
66} EHCI_STATES;
67
68
69#define NLPTR_GET(x) ((x) & 0xffffffe0)
70#define NLPTR_TYPE_GET(x) (((x) >> 1) & 3)
71#define NLPTR_TBIT(x) ((x) & 1)
72
73
74#define NLPTR_TYPE_ITD 0
75#define NLPTR_TYPE_QH 1
76#define NLPTR_TYPE_STITD 2
77#define NLPTR_TYPE_FSTN 3
78
79#define SET_LAST_RUN_CLOCK(s) \
80 (s)->last_run_ns = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
81
82
83#define get_field(data, field) \
84 (((data) & field##_MASK) >> field##_SH)
85
86#define set_field(data, newval, field) do { \
87 uint32_t val = *data; \
88 val &= ~ field##_MASK; \
89 val |= ((newval) << field##_SH) & field##_MASK; \
90 *data = val; \
91 } while(0)
92
93static const char *ehci_state_names[] = {
94 [EST_INACTIVE] = "INACTIVE",
95 [EST_ACTIVE] = "ACTIVE",
96 [EST_EXECUTING] = "EXECUTING",
97 [EST_SLEEPING] = "SLEEPING",
98 [EST_WAITLISTHEAD] = "WAITLISTHEAD",
99 [EST_FETCHENTRY] = "FETCH ENTRY",
100 [EST_FETCHQH] = "FETCH QH",
101 [EST_FETCHITD] = "FETCH ITD",
102 [EST_ADVANCEQUEUE] = "ADVANCEQUEUE",
103 [EST_FETCHQTD] = "FETCH QTD",
104 [EST_EXECUTE] = "EXECUTE",
105 [EST_WRITEBACK] = "WRITEBACK",
106 [EST_HORIZONTALQH] = "HORIZONTALQH",
107};
108
109static const char *ehci_mmio_names[] = {
110 [USBCMD] = "USBCMD",
111 [USBSTS] = "USBSTS",
112 [USBINTR] = "USBINTR",
113 [FRINDEX] = "FRINDEX",
114 [PERIODICLISTBASE] = "P-LIST BASE",
115 [ASYNCLISTADDR] = "A-LIST ADDR",
116 [CONFIGFLAG] = "CONFIGFLAG",
117};
118
119static int ehci_state_executing(EHCIQueue *q);
120static int ehci_state_writeback(EHCIQueue *q);
121static int ehci_state_advqueue(EHCIQueue *q);
122static int ehci_fill_queue(EHCIPacket *p);
123static void ehci_free_packet(EHCIPacket *p);
124
125static const char *nr2str(const char **n, size_t len, uint32_t nr)
126{
127 if (nr < len && n[nr] != NULL) {
128 return n[nr];
129 } else {
130 return "unknown";
131 }
132}
133
134static const char *state2str(uint32_t state)
135{
136 return nr2str(ehci_state_names, ARRAY_SIZE(ehci_state_names), state);
137}
138
139static const char *addr2str(hwaddr addr)
140{
141 return nr2str(ehci_mmio_names, ARRAY_SIZE(ehci_mmio_names), addr);
142}
143
144static void ehci_trace_usbsts(uint32_t mask, int state)
145{
146
147 if (mask & USBSTS_INT) {
148 trace_usb_ehci_usbsts("INT", state);
149 }
150 if (mask & USBSTS_ERRINT) {
151 trace_usb_ehci_usbsts("ERRINT", state);
152 }
153 if (mask & USBSTS_PCD) {
154 trace_usb_ehci_usbsts("PCD", state);
155 }
156 if (mask & USBSTS_FLR) {
157 trace_usb_ehci_usbsts("FLR", state);
158 }
159 if (mask & USBSTS_HSE) {
160 trace_usb_ehci_usbsts("HSE", state);
161 }
162 if (mask & USBSTS_IAA) {
163 trace_usb_ehci_usbsts("IAA", state);
164 }
165
166
167 if (mask & USBSTS_HALT) {
168 trace_usb_ehci_usbsts("HALT", state);
169 }
170 if (mask & USBSTS_REC) {
171 trace_usb_ehci_usbsts("REC", state);
172 }
173 if (mask & USBSTS_PSS) {
174 trace_usb_ehci_usbsts("PSS", state);
175 }
176 if (mask & USBSTS_ASS) {
177 trace_usb_ehci_usbsts("ASS", state);
178 }
179}
180
181static inline void ehci_set_usbsts(EHCIState *s, int mask)
182{
183 if ((s->usbsts & mask) == mask) {
184 return;
185 }
186 ehci_trace_usbsts(mask, 1);
187 s->usbsts |= mask;
188}
189
190static inline void ehci_clear_usbsts(EHCIState *s, int mask)
191{
192 if ((s->usbsts & mask) == 0) {
193 return;
194 }
195 ehci_trace_usbsts(mask, 0);
196 s->usbsts &= ~mask;
197}
198
199
200static inline void ehci_update_irq(EHCIState *s)
201{
202 int level = 0;
203
204 if ((s->usbsts & USBINTR_MASK) & s->usbintr) {
205 level = 1;
206 }
207
208 trace_usb_ehci_irq(level, s->frindex, s->usbsts, s->usbintr);
209 qemu_set_irq(s->irq, level);
210}
211
212
213static inline void ehci_raise_irq(EHCIState *s, int intr)
214{
215 if (intr & (USBSTS_PCD | USBSTS_FLR | USBSTS_HSE)) {
216 s->usbsts |= intr;
217 ehci_update_irq(s);
218 } else {
219 s->usbsts_pending |= intr;
220 }
221}
222
223
224
225
226
227static inline void ehci_commit_irq(EHCIState *s)
228{
229 uint32_t itc;
230
231 if (!s->usbsts_pending) {
232 return;
233 }
234 if (s->usbsts_frindex > s->frindex) {
235 return;
236 }
237
238 itc = (s->usbcmd >> 16) & 0xff;
239 s->usbsts |= s->usbsts_pending;
240 s->usbsts_pending = 0;
241 s->usbsts_frindex = s->frindex + itc;
242 ehci_update_irq(s);
243}
244
245static void ehci_update_halt(EHCIState *s)
246{
247 if (s->usbcmd & USBCMD_RUNSTOP) {
248 ehci_clear_usbsts(s, USBSTS_HALT);
249 } else {
250 if (s->astate == EST_INACTIVE && s->pstate == EST_INACTIVE) {
251 ehci_set_usbsts(s, USBSTS_HALT);
252 }
253 }
254}
255
256static void ehci_set_state(EHCIState *s, int async, int state)
257{
258 if (async) {
259 trace_usb_ehci_state("async", state2str(state));
260 s->astate = state;
261 if (s->astate == EST_INACTIVE) {
262 ehci_clear_usbsts(s, USBSTS_ASS);
263 ehci_update_halt(s);
264 } else {
265 ehci_set_usbsts(s, USBSTS_ASS);
266 }
267 } else {
268 trace_usb_ehci_state("periodic", state2str(state));
269 s->pstate = state;
270 if (s->pstate == EST_INACTIVE) {
271 ehci_clear_usbsts(s, USBSTS_PSS);
272 ehci_update_halt(s);
273 } else {
274 ehci_set_usbsts(s, USBSTS_PSS);
275 }
276 }
277}
278
279static int ehci_get_state(EHCIState *s, int async)
280{
281 return async ? s->astate : s->pstate;
282}
283
284static void ehci_set_fetch_addr(EHCIState *s, int async, uint32_t addr)
285{
286 if (async) {
287 s->a_fetch_addr = addr;
288 } else {
289 s->p_fetch_addr = addr;
290 }
291}
292
293static int ehci_get_fetch_addr(EHCIState *s, int async)
294{
295 return async ? s->a_fetch_addr : s->p_fetch_addr;
296}
297
298static void ehci_trace_qh(EHCIQueue *q, hwaddr addr, EHCIqh *qh)
299{
300
301 trace_usb_ehci_qh_ptrs(q, addr, qh->next,
302 qh->current_qtd, qh->next_qtd, qh->altnext_qtd);
303 trace_usb_ehci_qh_fields(addr,
304 get_field(qh->epchar, QH_EPCHAR_RL),
305 get_field(qh->epchar, QH_EPCHAR_MPLEN),
306 get_field(qh->epchar, QH_EPCHAR_EPS),
307 get_field(qh->epchar, QH_EPCHAR_EP),
308 get_field(qh->epchar, QH_EPCHAR_DEVADDR));
309 trace_usb_ehci_qh_bits(addr,
310 (bool)(qh->epchar & QH_EPCHAR_C),
311 (bool)(qh->epchar & QH_EPCHAR_H),
312 (bool)(qh->epchar & QH_EPCHAR_DTC),
313 (bool)(qh->epchar & QH_EPCHAR_I));
314}
315
316static void ehci_trace_qtd(EHCIQueue *q, hwaddr addr, EHCIqtd *qtd)
317{
318
319 trace_usb_ehci_qtd_ptrs(q, addr, qtd->next, qtd->altnext);
320 trace_usb_ehci_qtd_fields(addr,
321 get_field(qtd->token, QTD_TOKEN_TBYTES),
322 get_field(qtd->token, QTD_TOKEN_CPAGE),
323 get_field(qtd->token, QTD_TOKEN_CERR),
324 get_field(qtd->token, QTD_TOKEN_PID));
325 trace_usb_ehci_qtd_bits(addr,
326 (bool)(qtd->token & QTD_TOKEN_IOC),
327 (bool)(qtd->token & QTD_TOKEN_ACTIVE),
328 (bool)(qtd->token & QTD_TOKEN_HALT),
329 (bool)(qtd->token & QTD_TOKEN_BABBLE),
330 (bool)(qtd->token & QTD_TOKEN_XACTERR));
331}
332
333static void ehci_trace_itd(EHCIState *s, hwaddr addr, EHCIitd *itd)
334{
335 trace_usb_ehci_itd(addr, itd->next,
336 get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT),
337 get_field(itd->bufptr[2], ITD_BUFPTR_MULT),
338 get_field(itd->bufptr[0], ITD_BUFPTR_EP),
339 get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR));
340}
341
342static void ehci_trace_sitd(EHCIState *s, hwaddr addr,
343 EHCIsitd *sitd)
344{
345 trace_usb_ehci_sitd(addr, sitd->next,
346 (bool)(sitd->results & SITD_RESULTS_ACTIVE));
347}
348
349static void ehci_trace_guest_bug(EHCIState *s, const char *message)
350{
351 trace_usb_ehci_guest_bug(message);
352 warn_report("%s", message);
353}
354
355static inline bool ehci_enabled(EHCIState *s)
356{
357 return s->usbcmd & USBCMD_RUNSTOP;
358}
359
360static inline bool ehci_async_enabled(EHCIState *s)
361{
362 return ehci_enabled(s) && (s->usbcmd & USBCMD_ASE);
363}
364
365static inline bool ehci_periodic_enabled(EHCIState *s)
366{
367 return ehci_enabled(s) && (s->usbcmd & USBCMD_PSE);
368}
369
370
371static inline int get_dwords(EHCIState *ehci, uint32_t addr,
372 uint32_t *buf, int num)
373{
374 int i;
375
376 if (!ehci->as) {
377 ehci_raise_irq(ehci, USBSTS_HSE);
378 ehci->usbcmd &= ~USBCMD_RUNSTOP;
379 trace_usb_ehci_dma_error();
380 return -1;
381 }
382
383 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
384 dma_memory_read(ehci->as, addr, buf, sizeof(*buf));
385 *buf = le32_to_cpu(*buf);
386 }
387
388 return num;
389}
390
391
392static inline int put_dwords(EHCIState *ehci, uint32_t addr,
393 uint32_t *buf, int num)
394{
395 int i;
396
397 if (!ehci->as) {
398 ehci_raise_irq(ehci, USBSTS_HSE);
399 ehci->usbcmd &= ~USBCMD_RUNSTOP;
400 trace_usb_ehci_dma_error();
401 return -1;
402 }
403
404 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
405 uint32_t tmp = cpu_to_le32(*buf);
406 dma_memory_write(ehci->as, addr, &tmp, sizeof(tmp));
407 }
408
409 return num;
410}
411
412static int ehci_get_pid(EHCIqtd *qtd)
413{
414 switch (get_field(qtd->token, QTD_TOKEN_PID)) {
415 case 0:
416 return USB_TOKEN_OUT;
417 case 1:
418 return USB_TOKEN_IN;
419 case 2:
420 return USB_TOKEN_SETUP;
421 default:
422 fprintf(stderr, "bad token\n");
423 return 0;
424 }
425}
426
427static bool ehci_verify_qh(EHCIQueue *q, EHCIqh *qh)
428{
429 uint32_t devaddr = get_field(qh->epchar, QH_EPCHAR_DEVADDR);
430 uint32_t endp = get_field(qh->epchar, QH_EPCHAR_EP);
431 if ((devaddr != get_field(q->qh.epchar, QH_EPCHAR_DEVADDR)) ||
432 (endp != get_field(q->qh.epchar, QH_EPCHAR_EP)) ||
433 (qh->current_qtd != q->qh.current_qtd) ||
434 (q->async && qh->next_qtd != q->qh.next_qtd) ||
435 (memcmp(&qh->altnext_qtd, &q->qh.altnext_qtd,
436 7 * sizeof(uint32_t)) != 0) ||
437 (q->dev != NULL && q->dev->addr != devaddr)) {
438 return false;
439 } else {
440 return true;
441 }
442}
443
444static bool ehci_verify_qtd(EHCIPacket *p, EHCIqtd *qtd)
445{
446 if (p->qtdaddr != p->queue->qtdaddr ||
447 (p->queue->async && !NLPTR_TBIT(p->qtd.next) &&
448 (p->qtd.next != qtd->next)) ||
449 (!NLPTR_TBIT(p->qtd.altnext) && (p->qtd.altnext != qtd->altnext)) ||
450 p->qtd.token != qtd->token ||
451 p->qtd.bufptr[0] != qtd->bufptr[0]) {
452 return false;
453 } else {
454 return true;
455 }
456}
457
458static bool ehci_verify_pid(EHCIQueue *q, EHCIqtd *qtd)
459{
460 int ep = get_field(q->qh.epchar, QH_EPCHAR_EP);
461 int pid = ehci_get_pid(qtd);
462
463
464 if (q->last_pid && ep != 0 && pid != q->last_pid) {
465 return false;
466 } else {
467 return true;
468 }
469}
470
471
472
473static void ehci_writeback_async_complete_packet(EHCIPacket *p)
474{
475 EHCIQueue *q = p->queue;
476 EHCIqtd qtd;
477 EHCIqh qh;
478 int state;
479
480
481 get_dwords(q->ehci, NLPTR_GET(q->qhaddr),
482 (uint32_t *) &qh, sizeof(EHCIqh) >> 2);
483 get_dwords(q->ehci, NLPTR_GET(q->qtdaddr),
484 (uint32_t *) &qtd, sizeof(EHCIqtd) >> 2);
485 if (!ehci_verify_qh(q, &qh) || !ehci_verify_qtd(p, &qtd)) {
486 p->async = EHCI_ASYNC_INITIALIZED;
487 ehci_free_packet(p);
488 return;
489 }
490
491 state = ehci_get_state(q->ehci, q->async);
492 ehci_state_executing(q);
493 ehci_state_writeback(q);
494 if (!(q->qh.token & QTD_TOKEN_HALT)) {
495 ehci_state_advqueue(q);
496 }
497 ehci_set_state(q->ehci, q->async, state);
498}
499
500
501
502static EHCIPacket *ehci_alloc_packet(EHCIQueue *q)
503{
504 EHCIPacket *p;
505
506 p = g_new0(EHCIPacket, 1);
507 p->queue = q;
508 usb_packet_init(&p->packet);
509 QTAILQ_INSERT_TAIL(&q->packets, p, next);
510 trace_usb_ehci_packet_action(p->queue, p, "alloc");
511 return p;
512}
513
514static void ehci_free_packet(EHCIPacket *p)
515{
516 if (p->async == EHCI_ASYNC_FINISHED &&
517 !(p->queue->qh.token & QTD_TOKEN_HALT)) {
518 ehci_writeback_async_complete_packet(p);
519 return;
520 }
521 trace_usb_ehci_packet_action(p->queue, p, "free");
522 if (p->async == EHCI_ASYNC_INFLIGHT) {
523 usb_cancel_packet(&p->packet);
524 }
525 if (p->async == EHCI_ASYNC_FINISHED &&
526 p->packet.status == USB_RET_SUCCESS) {
527 fprintf(stderr,
528 "EHCI: Dropping completed packet from halted %s ep %02X\n",
529 (p->pid == USB_TOKEN_IN) ? "in" : "out",
530 get_field(p->queue->qh.epchar, QH_EPCHAR_EP));
531 }
532 if (p->async != EHCI_ASYNC_NONE) {
533 usb_packet_unmap(&p->packet, &p->sgl);
534 qemu_sglist_destroy(&p->sgl);
535 }
536 QTAILQ_REMOVE(&p->queue->packets, p, next);
537 usb_packet_cleanup(&p->packet);
538 g_free(p);
539}
540
541
542
543static EHCIQueue *ehci_alloc_queue(EHCIState *ehci, uint32_t addr, int async)
544{
545 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
546 EHCIQueue *q;
547
548 q = g_malloc0(sizeof(*q));
549 q->ehci = ehci;
550 q->qhaddr = addr;
551 q->async = async;
552 QTAILQ_INIT(&q->packets);
553 QTAILQ_INSERT_HEAD(head, q, next);
554 trace_usb_ehci_queue_action(q, "alloc");
555 return q;
556}
557
558static void ehci_queue_stopped(EHCIQueue *q)
559{
560 int endp = get_field(q->qh.epchar, QH_EPCHAR_EP);
561
562 if (!q->last_pid || !q->dev) {
563 return;
564 }
565
566 usb_device_ep_stopped(q->dev, usb_ep_get(q->dev, q->last_pid, endp));
567}
568
569static int ehci_cancel_queue(EHCIQueue *q)
570{
571 EHCIPacket *p;
572 int packets = 0;
573
574 p = QTAILQ_FIRST(&q->packets);
575 if (p == NULL) {
576 goto leave;
577 }
578
579 trace_usb_ehci_queue_action(q, "cancel");
580 do {
581 ehci_free_packet(p);
582 packets++;
583 } while ((p = QTAILQ_FIRST(&q->packets)) != NULL);
584
585leave:
586 ehci_queue_stopped(q);
587 return packets;
588}
589
590static int ehci_reset_queue(EHCIQueue *q)
591{
592 int packets;
593
594 trace_usb_ehci_queue_action(q, "reset");
595 packets = ehci_cancel_queue(q);
596 q->dev = NULL;
597 q->qtdaddr = 0;
598 q->last_pid = 0;
599 return packets;
600}
601
602static void ehci_free_queue(EHCIQueue *q, const char *warn)
603{
604 EHCIQueueHead *head = q->async ? &q->ehci->aqueues : &q->ehci->pqueues;
605 int cancelled;
606
607 trace_usb_ehci_queue_action(q, "free");
608 cancelled = ehci_cancel_queue(q);
609 if (warn && cancelled > 0) {
610 ehci_trace_guest_bug(q->ehci, warn);
611 }
612 QTAILQ_REMOVE(head, q, next);
613 g_free(q);
614}
615
616static EHCIQueue *ehci_find_queue_by_qh(EHCIState *ehci, uint32_t addr,
617 int async)
618{
619 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
620 EHCIQueue *q;
621
622 QTAILQ_FOREACH(q, head, next) {
623 if (addr == q->qhaddr) {
624 return q;
625 }
626 }
627 return NULL;
628}
629
630static void ehci_queues_rip_unused(EHCIState *ehci, int async)
631{
632 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
633 const char *warn = async ? "guest unlinked busy QH" : NULL;
634 uint64_t maxage = FRAME_TIMER_NS * ehci->maxframes * 4;
635 EHCIQueue *q, *tmp;
636
637 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
638 if (q->seen) {
639 q->seen = 0;
640 q->ts = ehci->last_run_ns;
641 continue;
642 }
643 if (ehci->last_run_ns < q->ts + maxage) {
644 continue;
645 }
646 ehci_free_queue(q, warn);
647 }
648}
649
650static void ehci_queues_rip_unseen(EHCIState *ehci, int async)
651{
652 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
653 EHCIQueue *q, *tmp;
654
655 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
656 if (!q->seen) {
657 ehci_free_queue(q, NULL);
658 }
659 }
660}
661
662static void ehci_queues_rip_device(EHCIState *ehci, USBDevice *dev, int async)
663{
664 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
665 EHCIQueue *q, *tmp;
666
667 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
668 if (q->dev != dev) {
669 continue;
670 }
671 ehci_free_queue(q, NULL);
672 }
673}
674
675static void ehci_queues_rip_all(EHCIState *ehci, int async)
676{
677 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
678 const char *warn = async ? "guest stopped busy async schedule" : NULL;
679 EHCIQueue *q, *tmp;
680
681 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
682 ehci_free_queue(q, warn);
683 }
684}
685
686
687
688static void ehci_attach(USBPort *port)
689{
690 EHCIState *s = port->opaque;
691 uint32_t *portsc = &s->portsc[port->index];
692 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci";
693
694 trace_usb_ehci_port_attach(port->index, owner, port->dev->product_desc);
695
696 if (*portsc & PORTSC_POWNER) {
697 USBPort *companion = s->companion_ports[port->index];
698 companion->dev = port->dev;
699 companion->ops->attach(companion);
700 return;
701 }
702
703 *portsc |= PORTSC_CONNECT;
704 *portsc |= PORTSC_CSC;
705
706 ehci_raise_irq(s, USBSTS_PCD);
707}
708
709static void ehci_detach(USBPort *port)
710{
711 EHCIState *s = port->opaque;
712 uint32_t *portsc = &s->portsc[port->index];
713 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci";
714
715 trace_usb_ehci_port_detach(port->index, owner);
716
717 if (*portsc & PORTSC_POWNER) {
718 USBPort *companion = s->companion_ports[port->index];
719 companion->ops->detach(companion);
720 companion->dev = NULL;
721
722
723
724
725 *portsc &= ~PORTSC_POWNER;
726 return;
727 }
728
729 ehci_queues_rip_device(s, port->dev, 0);
730 ehci_queues_rip_device(s, port->dev, 1);
731
732 *portsc &= ~(PORTSC_CONNECT|PORTSC_PED|PORTSC_SUSPEND);
733 *portsc |= PORTSC_CSC;
734
735 ehci_raise_irq(s, USBSTS_PCD);
736}
737
738static void ehci_child_detach(USBPort *port, USBDevice *child)
739{
740 EHCIState *s = port->opaque;
741 uint32_t portsc = s->portsc[port->index];
742
743 if (portsc & PORTSC_POWNER) {
744 USBPort *companion = s->companion_ports[port->index];
745 companion->ops->child_detach(companion, child);
746 return;
747 }
748
749 ehci_queues_rip_device(s, child, 0);
750 ehci_queues_rip_device(s, child, 1);
751}
752
753static void ehci_wakeup(USBPort *port)
754{
755 EHCIState *s = port->opaque;
756 uint32_t *portsc = &s->portsc[port->index];
757
758 if (*portsc & PORTSC_POWNER) {
759 USBPort *companion = s->companion_ports[port->index];
760 if (companion->ops->wakeup) {
761 companion->ops->wakeup(companion);
762 }
763 return;
764 }
765
766 if (*portsc & PORTSC_SUSPEND) {
767 trace_usb_ehci_port_wakeup(port->index);
768 *portsc |= PORTSC_FPRES;
769 ehci_raise_irq(s, USBSTS_PCD);
770 }
771
772 qemu_bh_schedule(s->async_bh);
773}
774
775static void ehci_register_companion(USBBus *bus, USBPort *ports[],
776 uint32_t portcount, uint32_t firstport,
777 Error **errp)
778{
779 EHCIState *s = container_of(bus, EHCIState, bus);
780 uint32_t i;
781
782 if (firstport + portcount > NB_PORTS) {
783 error_setg(errp, "firstport must be between 0 and %u",
784 NB_PORTS - portcount);
785 return;
786 }
787
788 for (i = 0; i < portcount; i++) {
789 if (s->companion_ports[firstport + i]) {
790 error_setg(errp, "firstport %u asks for ports %u-%u,"
791 " but port %u has a companion assigned already",
792 firstport, firstport, firstport + portcount - 1,
793 firstport + i);
794 return;
795 }
796 }
797
798 for (i = 0; i < portcount; i++) {
799 s->companion_ports[firstport + i] = ports[i];
800 s->ports[firstport + i].speedmask |=
801 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL;
802
803 s->portsc[firstport + i] = PORTSC_POWNER;
804 }
805
806 s->companion_count++;
807 s->caps[0x05] = (s->companion_count << 4) | portcount;
808}
809
810static void ehci_wakeup_endpoint(USBBus *bus, USBEndpoint *ep,
811 unsigned int stream)
812{
813 EHCIState *s = container_of(bus, EHCIState, bus);
814 uint32_t portsc = s->portsc[ep->dev->port->index];
815
816 if (portsc & PORTSC_POWNER) {
817 return;
818 }
819
820 s->periodic_sched_active = PERIODIC_ACTIVE;
821 qemu_bh_schedule(s->async_bh);
822}
823
824static USBDevice *ehci_find_device(EHCIState *ehci, uint8_t addr)
825{
826 USBDevice *dev;
827 USBPort *port;
828 int i;
829
830 for (i = 0; i < NB_PORTS; i++) {
831 port = &ehci->ports[i];
832 if (!(ehci->portsc[i] & PORTSC_PED)) {
833 DPRINTF("Port %d not enabled\n", i);
834 continue;
835 }
836 dev = usb_find_device(port, addr);
837 if (dev != NULL) {
838 return dev;
839 }
840 }
841 return NULL;
842}
843
844
845void ehci_reset(void *opaque)
846{
847 EHCIState *s = opaque;
848 int i;
849 USBDevice *devs[NB_PORTS];
850
851 trace_usb_ehci_reset();
852
853
854
855
856
857 for(i = 0; i < NB_PORTS; i++) {
858 devs[i] = s->ports[i].dev;
859 if (devs[i] && devs[i]->attached) {
860 usb_detach(&s->ports[i]);
861 }
862 }
863
864 memset(&s->opreg, 0x00, sizeof(s->opreg));
865 memset(&s->portsc, 0x00, sizeof(s->portsc));
866
867 s->usbcmd = NB_MAXINTRATE << USBCMD_ITC_SH;
868 s->usbsts = USBSTS_HALT;
869 s->usbsts_pending = 0;
870 s->usbsts_frindex = 0;
871 ehci_update_irq(s);
872
873 s->astate = EST_INACTIVE;
874 s->pstate = EST_INACTIVE;
875
876 for(i = 0; i < NB_PORTS; i++) {
877 if (s->companion_ports[i]) {
878 s->portsc[i] = PORTSC_POWNER | PORTSC_PPOWER;
879 } else {
880 s->portsc[i] = PORTSC_PPOWER;
881 }
882 if (devs[i] && devs[i]->attached) {
883 usb_attach(&s->ports[i]);
884 usb_device_reset(devs[i]);
885 }
886 }
887 ehci_queues_rip_all(s, 0);
888 ehci_queues_rip_all(s, 1);
889 timer_del(s->frame_timer);
890 qemu_bh_cancel(s->async_bh);
891}
892
893static uint64_t ehci_caps_read(void *ptr, hwaddr addr,
894 unsigned size)
895{
896 EHCIState *s = ptr;
897 return s->caps[addr];
898}
899
900static void ehci_caps_write(void *ptr, hwaddr addr,
901 uint64_t val, unsigned size)
902{
903}
904
905static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
906 unsigned size)
907{
908 EHCIState *s = ptr;
909 uint32_t val;
910
911 switch (addr) {
912 case FRINDEX:
913
914 val = s->frindex & ~7;
915 break;
916 default:
917 val = s->opreg[addr >> 2];
918 }
919
920 trace_usb_ehci_opreg_read(addr + s->opregbase, addr2str(addr), val);
921 return val;
922}
923
924static uint64_t ehci_port_read(void *ptr, hwaddr addr,
925 unsigned size)
926{
927 EHCIState *s = ptr;
928 uint32_t val;
929
930 val = s->portsc[addr >> 2];
931 trace_usb_ehci_portsc_read(addr + s->portscbase, addr >> 2, val);
932 return val;
933}
934
935static void handle_port_owner_write(EHCIState *s, int port, uint32_t owner)
936{
937 USBDevice *dev = s->ports[port].dev;
938 uint32_t *portsc = &s->portsc[port];
939 uint32_t orig;
940
941 if (s->companion_ports[port] == NULL)
942 return;
943
944 owner = owner & PORTSC_POWNER;
945 orig = *portsc & PORTSC_POWNER;
946
947 if (!(owner ^ orig)) {
948 return;
949 }
950
951 if (dev && dev->attached) {
952 usb_detach(&s->ports[port]);
953 }
954
955 *portsc &= ~PORTSC_POWNER;
956 *portsc |= owner;
957
958 if (dev && dev->attached) {
959 usb_attach(&s->ports[port]);
960 }
961}
962
963static void ehci_port_write(void *ptr, hwaddr addr,
964 uint64_t val, unsigned size)
965{
966 EHCIState *s = ptr;
967 int port = addr >> 2;
968 uint32_t *portsc = &s->portsc[port];
969 uint32_t old = *portsc;
970 USBDevice *dev = s->ports[port].dev;
971
972 trace_usb_ehci_portsc_write(addr + s->portscbase, addr >> 2, val);
973
974
975 *portsc &= ~(val & PORTSC_RWC_MASK);
976
977 *portsc &= val | ~PORTSC_PED;
978
979 handle_port_owner_write(s, port, val);
980
981 val &= PORTSC_RO_MASK;
982
983 if ((val & PORTSC_PRESET) && !(*portsc & PORTSC_PRESET)) {
984 trace_usb_ehci_port_reset(port, 1);
985 }
986
987 if (!(val & PORTSC_PRESET) &&(*portsc & PORTSC_PRESET)) {
988 trace_usb_ehci_port_reset(port, 0);
989 if (dev && dev->attached) {
990 usb_port_reset(&s->ports[port]);
991 *portsc &= ~PORTSC_CSC;
992 }
993
994
995
996
997
998 if (dev && dev->attached && (dev->speedmask & USB_SPEED_MASK_HIGH)) {
999 val |= PORTSC_PED;
1000 }
1001 }
1002
1003 if ((val & PORTSC_SUSPEND) && !(*portsc & PORTSC_SUSPEND)) {
1004 trace_usb_ehci_port_suspend(port);
1005 }
1006 if (!(val & PORTSC_FPRES) && (*portsc & PORTSC_FPRES)) {
1007 trace_usb_ehci_port_resume(port);
1008 val &= ~PORTSC_SUSPEND;
1009 }
1010
1011 *portsc &= ~PORTSC_RO_MASK;
1012 *portsc |= val;
1013 trace_usb_ehci_portsc_change(addr + s->portscbase, addr >> 2, *portsc, old);
1014}
1015
1016static void ehci_opreg_write(void *ptr, hwaddr addr,
1017 uint64_t val, unsigned size)
1018{
1019 EHCIState *s = ptr;
1020 uint32_t *mmio = s->opreg + (addr >> 2);
1021 uint32_t old = *mmio;
1022 int i;
1023
1024 trace_usb_ehci_opreg_write(addr + s->opregbase, addr2str(addr), val);
1025
1026 switch (addr) {
1027 case USBCMD:
1028 if (val & USBCMD_HCRESET) {
1029 ehci_reset(s);
1030 val = s->usbcmd;
1031 break;
1032 }
1033
1034
1035 if ((val & USBCMD_FLS) && !(s->usbcmd & USBCMD_FLS)) {
1036 fprintf(stderr, "attempt to set frame list size -- value %d\n",
1037 (int)val & USBCMD_FLS);
1038 val &= ~USBCMD_FLS;
1039 }
1040
1041 if (val & USBCMD_IAAD) {
1042
1043
1044
1045
1046 s->async_stepdown = 0;
1047 qemu_bh_schedule(s->async_bh);
1048 trace_usb_ehci_doorbell_ring();
1049 }
1050
1051 if (((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & val) !=
1052 ((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & s->usbcmd)) {
1053 if (s->pstate == EST_INACTIVE) {
1054 SET_LAST_RUN_CLOCK(s);
1055 }
1056 s->usbcmd = val;
1057 ehci_update_halt(s);
1058 s->async_stepdown = 0;
1059 qemu_bh_schedule(s->async_bh);
1060 }
1061 break;
1062
1063 case USBSTS:
1064 val &= USBSTS_RO_MASK;
1065 ehci_clear_usbsts(s, val);
1066 val = s->usbsts;
1067 ehci_update_irq(s);
1068 break;
1069
1070 case USBINTR:
1071 val &= USBINTR_MASK;
1072 if (ehci_enabled(s) && (USBSTS_FLR & val)) {
1073 qemu_bh_schedule(s->async_bh);
1074 }
1075 break;
1076
1077 case FRINDEX:
1078 val &= 0x00003fff;
1079 s->usbsts_frindex = val;
1080 break;
1081
1082 case CONFIGFLAG:
1083 val &= 0x1;
1084 if (val) {
1085 for(i = 0; i < NB_PORTS; i++)
1086 handle_port_owner_write(s, i, 0);
1087 }
1088 break;
1089
1090 case PERIODICLISTBASE:
1091 if (ehci_periodic_enabled(s)) {
1092 fprintf(stderr,
1093 "ehci: PERIODIC list base register set while periodic schedule\n"
1094 " is enabled and HC is enabled\n");
1095 }
1096 break;
1097
1098 case ASYNCLISTADDR:
1099 if (ehci_async_enabled(s)) {
1100 fprintf(stderr,
1101 "ehci: ASYNC list address register set while async schedule\n"
1102 " is enabled and HC is enabled\n");
1103 }
1104 break;
1105 }
1106
1107 *mmio = val;
1108 trace_usb_ehci_opreg_change(addr + s->opregbase, addr2str(addr),
1109 *mmio, old);
1110}
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120static void ehci_flush_qh(EHCIQueue *q)
1121{
1122 uint32_t *qh = (uint32_t *) &q->qh;
1123 uint32_t dwords = sizeof(EHCIqh) >> 2;
1124 uint32_t addr = NLPTR_GET(q->qhaddr);
1125
1126 put_dwords(q->ehci, addr + 3 * sizeof(uint32_t), qh + 3, dwords - 3);
1127}
1128
1129
1130
1131static int ehci_qh_do_overlay(EHCIQueue *q)
1132{
1133 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1134 int i;
1135 int dtoggle;
1136 int ping;
1137 int eps;
1138 int reload;
1139
1140 assert(p != NULL);
1141 assert(p->qtdaddr == q->qtdaddr);
1142
1143
1144
1145 dtoggle = q->qh.token & QTD_TOKEN_DTOGGLE;
1146 ping = q->qh.token & QTD_TOKEN_PING;
1147
1148 q->qh.current_qtd = p->qtdaddr;
1149 q->qh.next_qtd = p->qtd.next;
1150 q->qh.altnext_qtd = p->qtd.altnext;
1151 q->qh.token = p->qtd.token;
1152
1153
1154 eps = get_field(q->qh.epchar, QH_EPCHAR_EPS);
1155 if (eps == EHCI_QH_EPS_HIGH) {
1156 q->qh.token &= ~QTD_TOKEN_PING;
1157 q->qh.token |= ping;
1158 }
1159
1160 reload = get_field(q->qh.epchar, QH_EPCHAR_RL);
1161 set_field(&q->qh.altnext_qtd, reload, QH_ALTNEXT_NAKCNT);
1162
1163 for (i = 0; i < 5; i++) {
1164 q->qh.bufptr[i] = p->qtd.bufptr[i];
1165 }
1166
1167 if (!(q->qh.epchar & QH_EPCHAR_DTC)) {
1168
1169 q->qh.token &= ~QTD_TOKEN_DTOGGLE;
1170 q->qh.token |= dtoggle;
1171 }
1172
1173 q->qh.bufptr[1] &= ~BUFPTR_CPROGMASK_MASK;
1174 q->qh.bufptr[2] &= ~BUFPTR_FRAMETAG_MASK;
1175
1176 ehci_flush_qh(q);
1177
1178 return 0;
1179}
1180
1181static int ehci_init_transfer(EHCIPacket *p)
1182{
1183 uint32_t cpage, offset, bytes, plen;
1184 dma_addr_t page;
1185
1186 cpage = get_field(p->qtd.token, QTD_TOKEN_CPAGE);
1187 bytes = get_field(p->qtd.token, QTD_TOKEN_TBYTES);
1188 offset = p->qtd.bufptr[0] & ~QTD_BUFPTR_MASK;
1189 qemu_sglist_init(&p->sgl, p->queue->ehci->device, 5, p->queue->ehci->as);
1190
1191 while (bytes > 0) {
1192 if (cpage > 4) {
1193 fprintf(stderr, "cpage out of range (%d)\n", cpage);
1194 qemu_sglist_destroy(&p->sgl);
1195 return -1;
1196 }
1197
1198 page = p->qtd.bufptr[cpage] & QTD_BUFPTR_MASK;
1199 page += offset;
1200 plen = bytes;
1201 if (plen > 4096 - offset) {
1202 plen = 4096 - offset;
1203 offset = 0;
1204 cpage++;
1205 }
1206
1207 qemu_sglist_add(&p->sgl, page, plen);
1208 bytes -= plen;
1209 }
1210 return 0;
1211}
1212
1213static void ehci_finish_transfer(EHCIQueue *q, int len)
1214{
1215 uint32_t cpage, offset;
1216
1217 if (len > 0) {
1218
1219 cpage = get_field(q->qh.token, QTD_TOKEN_CPAGE);
1220 offset = q->qh.bufptr[0] & ~QTD_BUFPTR_MASK;
1221
1222 offset += len;
1223 cpage += offset >> QTD_BUFPTR_SH;
1224 offset &= ~QTD_BUFPTR_MASK;
1225
1226 set_field(&q->qh.token, cpage, QTD_TOKEN_CPAGE);
1227 q->qh.bufptr[0] &= QTD_BUFPTR_MASK;
1228 q->qh.bufptr[0] |= offset;
1229 }
1230}
1231
1232static void ehci_async_complete_packet(USBPort *port, USBPacket *packet)
1233{
1234 EHCIPacket *p;
1235 EHCIState *s = port->opaque;
1236 uint32_t portsc = s->portsc[port->index];
1237
1238 if (portsc & PORTSC_POWNER) {
1239 USBPort *companion = s->companion_ports[port->index];
1240 companion->ops->complete(companion, packet);
1241 return;
1242 }
1243
1244 p = container_of(packet, EHCIPacket, packet);
1245 assert(p->async == EHCI_ASYNC_INFLIGHT);
1246
1247 if (packet->status == USB_RET_REMOVE_FROM_QUEUE) {
1248 trace_usb_ehci_packet_action(p->queue, p, "remove");
1249 ehci_free_packet(p);
1250 return;
1251 }
1252
1253 trace_usb_ehci_packet_action(p->queue, p, "wakeup");
1254 p->async = EHCI_ASYNC_FINISHED;
1255
1256 if (!p->queue->async) {
1257 s->periodic_sched_active = PERIODIC_ACTIVE;
1258 }
1259 qemu_bh_schedule(s->async_bh);
1260}
1261
1262static void ehci_execute_complete(EHCIQueue *q)
1263{
1264 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1265 uint32_t tbytes;
1266
1267 assert(p != NULL);
1268 assert(p->qtdaddr == q->qtdaddr);
1269 assert(p->async == EHCI_ASYNC_INITIALIZED ||
1270 p->async == EHCI_ASYNC_FINISHED);
1271
1272 DPRINTF("execute_complete: qhaddr 0x%x, next 0x%x, qtdaddr 0x%x, "
1273 "status %d, actual_length %d\n",
1274 q->qhaddr, q->qh.next, q->qtdaddr,
1275 p->packet.status, p->packet.actual_length);
1276
1277 switch (p->packet.status) {
1278 case USB_RET_SUCCESS:
1279 break;
1280 case USB_RET_IOERROR:
1281 case USB_RET_NODEV:
1282 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_XACTERR);
1283 set_field(&q->qh.token, 0, QTD_TOKEN_CERR);
1284 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
1285 break;
1286 case USB_RET_STALL:
1287 q->qh.token |= QTD_TOKEN_HALT;
1288 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
1289 break;
1290 case USB_RET_NAK:
1291 set_field(&q->qh.altnext_qtd, 0, QH_ALTNEXT_NAKCNT);
1292 return;
1293 case USB_RET_BABBLE:
1294 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_BABBLE);
1295 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
1296 break;
1297 default:
1298
1299 fprintf(stderr, "USB invalid response %d\n", p->packet.status);
1300 g_assert_not_reached();
1301 break;
1302 }
1303
1304
1305 tbytes = get_field(q->qh.token, QTD_TOKEN_TBYTES);
1306 if (tbytes && p->pid == USB_TOKEN_IN) {
1307 tbytes -= p->packet.actual_length;
1308 if (tbytes) {
1309
1310 ehci_raise_irq(q->ehci, USBSTS_INT);
1311 if (q->async) {
1312 q->ehci->int_req_by_async = true;
1313 }
1314 }
1315 } else {
1316 tbytes = 0;
1317 }
1318 DPRINTF("updating tbytes to %d\n", tbytes);
1319 set_field(&q->qh.token, tbytes, QTD_TOKEN_TBYTES);
1320
1321 ehci_finish_transfer(q, p->packet.actual_length);
1322 usb_packet_unmap(&p->packet, &p->sgl);
1323 qemu_sglist_destroy(&p->sgl);
1324 p->async = EHCI_ASYNC_NONE;
1325
1326 q->qh.token ^= QTD_TOKEN_DTOGGLE;
1327 q->qh.token &= ~QTD_TOKEN_ACTIVE;
1328
1329 if (q->qh.token & QTD_TOKEN_IOC) {
1330 ehci_raise_irq(q->ehci, USBSTS_INT);
1331 if (q->async) {
1332 q->ehci->int_req_by_async = true;
1333 }
1334 }
1335}
1336
1337
1338static int ehci_execute(EHCIPacket *p, const char *action)
1339{
1340 USBEndpoint *ep;
1341 int endp;
1342 bool spd;
1343
1344 assert(p->async == EHCI_ASYNC_NONE ||
1345 p->async == EHCI_ASYNC_INITIALIZED);
1346
1347 if (!(p->qtd.token & QTD_TOKEN_ACTIVE)) {
1348 fprintf(stderr, "Attempting to execute inactive qtd\n");
1349 return -1;
1350 }
1351
1352 if (get_field(p->qtd.token, QTD_TOKEN_TBYTES) > BUFF_SIZE) {
1353 ehci_trace_guest_bug(p->queue->ehci,
1354 "guest requested more bytes than allowed");
1355 return -1;
1356 }
1357
1358 if (!ehci_verify_pid(p->queue, &p->qtd)) {
1359 ehci_queue_stopped(p->queue);
1360 }
1361 p->pid = ehci_get_pid(&p->qtd);
1362 p->queue->last_pid = p->pid;
1363 endp = get_field(p->queue->qh.epchar, QH_EPCHAR_EP);
1364 ep = usb_ep_get(p->queue->dev, p->pid, endp);
1365
1366 if (p->async == EHCI_ASYNC_NONE) {
1367 if (ehci_init_transfer(p) != 0) {
1368 return -1;
1369 }
1370
1371 spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0);
1372 usb_packet_setup(&p->packet, p->pid, ep, 0, p->qtdaddr, spd,
1373 (p->qtd.token & QTD_TOKEN_IOC) != 0);
1374 usb_packet_map(&p->packet, &p->sgl);
1375 p->async = EHCI_ASYNC_INITIALIZED;
1376 }
1377
1378 trace_usb_ehci_packet_action(p->queue, p, action);
1379 usb_handle_packet(p->queue->dev, &p->packet);
1380 DPRINTF("submit: qh 0x%x next 0x%x qtd 0x%x pid 0x%x len %zd endp 0x%x "
1381 "status %d actual_length %d\n", p->queue->qhaddr, p->qtd.next,
1382 p->qtdaddr, p->pid, p->packet.iov.size, endp, p->packet.status,
1383 p->packet.actual_length);
1384
1385 if (p->packet.actual_length > BUFF_SIZE) {
1386 fprintf(stderr, "ret from usb_handle_packet > BUFF_SIZE\n");
1387 return -1;
1388 }
1389
1390 return 1;
1391}
1392
1393
1394
1395
1396static int ehci_process_itd(EHCIState *ehci,
1397 EHCIitd *itd,
1398 uint32_t addr)
1399{
1400 USBDevice *dev;
1401 USBEndpoint *ep;
1402 uint32_t i, len, pid, dir, devaddr, endp;
1403 uint32_t pg, off, ptr1, ptr2, max, mult;
1404
1405 ehci->periodic_sched_active = PERIODIC_ACTIVE;
1406
1407 dir =(itd->bufptr[1] & ITD_BUFPTR_DIRECTION);
1408 devaddr = get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR);
1409 endp = get_field(itd->bufptr[0], ITD_BUFPTR_EP);
1410 max = get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT);
1411 mult = get_field(itd->bufptr[2], ITD_BUFPTR_MULT);
1412
1413 for(i = 0; i < 8; i++) {
1414 if (itd->transact[i] & ITD_XACT_ACTIVE) {
1415 pg = get_field(itd->transact[i], ITD_XACT_PGSEL);
1416 off = itd->transact[i] & ITD_XACT_OFFSET_MASK;
1417 len = get_field(itd->transact[i], ITD_XACT_LENGTH);
1418
1419 if (len > max * mult) {
1420 len = max * mult;
1421 }
1422 if (len > BUFF_SIZE || pg > 6) {
1423 return -1;
1424 }
1425
1426 ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
1427 qemu_sglist_init(&ehci->isgl, ehci->device, 2, ehci->as);
1428 if (off + len > 4096) {
1429
1430 if (pg == 6) {
1431 qemu_sglist_destroy(&ehci->isgl);
1432 return -1;
1433 }
1434 ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
1435 uint32_t len2 = off + len - 4096;
1436 uint32_t len1 = len - len2;
1437 qemu_sglist_add(&ehci->isgl, ptr1 + off, len1);
1438 qemu_sglist_add(&ehci->isgl, ptr2, len2);
1439 } else {
1440 qemu_sglist_add(&ehci->isgl, ptr1 + off, len);
1441 }
1442
1443 pid = dir ? USB_TOKEN_IN : USB_TOKEN_OUT;
1444
1445 dev = ehci_find_device(ehci, devaddr);
1446 ep = usb_ep_get(dev, pid, endp);
1447 if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) {
1448 usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false,
1449 (itd->transact[i] & ITD_XACT_IOC) != 0);
1450 usb_packet_map(&ehci->ipacket, &ehci->isgl);
1451 usb_handle_packet(dev, &ehci->ipacket);
1452 usb_packet_unmap(&ehci->ipacket, &ehci->isgl);
1453 } else {
1454 DPRINTF("ISOCH: attempt to addess non-iso endpoint\n");
1455 ehci->ipacket.status = USB_RET_NAK;
1456 ehci->ipacket.actual_length = 0;
1457 }
1458 qemu_sglist_destroy(&ehci->isgl);
1459
1460 switch (ehci->ipacket.status) {
1461 case USB_RET_SUCCESS:
1462 break;
1463 default:
1464 fprintf(stderr, "Unexpected iso usb result: %d\n",
1465 ehci->ipacket.status);
1466
1467 case USB_RET_IOERROR:
1468 case USB_RET_NODEV:
1469
1470 if (dir) {
1471 itd->transact[i] |= ITD_XACT_XACTERR;
1472 ehci_raise_irq(ehci, USBSTS_ERRINT);
1473 }
1474 break;
1475 case USB_RET_BABBLE:
1476 itd->transact[i] |= ITD_XACT_BABBLE;
1477 ehci_raise_irq(ehci, USBSTS_ERRINT);
1478 break;
1479 case USB_RET_NAK:
1480
1481 ehci->ipacket.actual_length = 0;
1482 break;
1483 }
1484 if (!dir) {
1485 set_field(&itd->transact[i], len - ehci->ipacket.actual_length,
1486 ITD_XACT_LENGTH);
1487 } else {
1488 set_field(&itd->transact[i], ehci->ipacket.actual_length,
1489 ITD_XACT_LENGTH);
1490 }
1491 if (itd->transact[i] & ITD_XACT_IOC) {
1492 ehci_raise_irq(ehci, USBSTS_INT);
1493 }
1494 itd->transact[i] &= ~ITD_XACT_ACTIVE;
1495 }
1496 }
1497 return 0;
1498}
1499
1500
1501
1502
1503
1504static int ehci_state_waitlisthead(EHCIState *ehci, int async)
1505{
1506 EHCIqh qh;
1507 int i = 0;
1508 int again = 0;
1509 uint32_t entry = ehci->asynclistaddr;
1510
1511
1512 if (async) {
1513 ehci_set_usbsts(ehci, USBSTS_REC);
1514 }
1515
1516 ehci_queues_rip_unused(ehci, async);
1517
1518
1519 for(i = 0; i < MAX_QH; i++) {
1520 if (get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &qh,
1521 sizeof(EHCIqh) >> 2) < 0) {
1522 return 0;
1523 }
1524 ehci_trace_qh(NULL, NLPTR_GET(entry), &qh);
1525
1526 if (qh.epchar & QH_EPCHAR_H) {
1527 if (async) {
1528 entry |= (NLPTR_TYPE_QH << 1);
1529 }
1530
1531 ehci_set_fetch_addr(ehci, async, entry);
1532 ehci_set_state(ehci, async, EST_FETCHENTRY);
1533 again = 1;
1534 goto out;
1535 }
1536
1537 entry = qh.next;
1538 if (entry == ehci->asynclistaddr) {
1539 break;
1540 }
1541 }
1542
1543
1544
1545 ehci_set_state(ehci, async, EST_ACTIVE);
1546
1547out:
1548 return again;
1549}
1550
1551
1552
1553
1554
1555static int ehci_state_fetchentry(EHCIState *ehci, int async)
1556{
1557 int again = 0;
1558 uint32_t entry = ehci_get_fetch_addr(ehci, async);
1559
1560 if (NLPTR_TBIT(entry)) {
1561 ehci_set_state(ehci, async, EST_ACTIVE);
1562 goto out;
1563 }
1564
1565
1566 if (async && (NLPTR_TYPE_GET(entry) != NLPTR_TYPE_QH)) {
1567 fprintf(stderr, "non queue head request in async schedule\n");
1568 return -1;
1569 }
1570
1571 switch (NLPTR_TYPE_GET(entry)) {
1572 case NLPTR_TYPE_QH:
1573 ehci_set_state(ehci, async, EST_FETCHQH);
1574 again = 1;
1575 break;
1576
1577 case NLPTR_TYPE_ITD:
1578 ehci_set_state(ehci, async, EST_FETCHITD);
1579 again = 1;
1580 break;
1581
1582 case NLPTR_TYPE_STITD:
1583 ehci_set_state(ehci, async, EST_FETCHSITD);
1584 again = 1;
1585 break;
1586
1587 default:
1588
1589 fprintf(stderr, "FETCHENTRY: entry at %X is of type %d "
1590 "which is not supported yet\n", entry, NLPTR_TYPE_GET(entry));
1591 return -1;
1592 }
1593
1594out:
1595 return again;
1596}
1597
1598static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async)
1599{
1600 uint32_t entry;
1601 EHCIQueue *q;
1602 EHCIqh qh;
1603
1604 entry = ehci_get_fetch_addr(ehci, async);
1605 q = ehci_find_queue_by_qh(ehci, entry, async);
1606 if (q == NULL) {
1607 q = ehci_alloc_queue(ehci, entry, async);
1608 }
1609
1610 q->seen++;
1611 if (q->seen > 1) {
1612
1613 ehci_set_state(ehci, async, EST_ACTIVE);
1614 q = NULL;
1615 goto out;
1616 }
1617
1618 if (get_dwords(ehci, NLPTR_GET(q->qhaddr),
1619 (uint32_t *) &qh, sizeof(EHCIqh) >> 2) < 0) {
1620 q = NULL;
1621 goto out;
1622 }
1623 ehci_trace_qh(q, NLPTR_GET(q->qhaddr), &qh);
1624
1625
1626
1627
1628
1629 if (!ehci_verify_qh(q, &qh)) {
1630 if (ehci_reset_queue(q) > 0) {
1631 ehci_trace_guest_bug(ehci, "guest updated active QH");
1632 }
1633 }
1634 q->qh = qh;
1635
1636 q->transact_ctr = get_field(q->qh.epcap, QH_EPCAP_MULT);
1637 if (q->transact_ctr == 0) {
1638 q->transact_ctr = 4;
1639 }
1640
1641 if (q->dev == NULL) {
1642 q->dev = ehci_find_device(q->ehci,
1643 get_field(q->qh.epchar, QH_EPCHAR_DEVADDR));
1644 }
1645
1646 if (async && (q->qh.epchar & QH_EPCHAR_H)) {
1647
1648
1649 if (ehci->usbsts & USBSTS_REC) {
1650 ehci_clear_usbsts(ehci, USBSTS_REC);
1651 } else {
1652 DPRINTF("FETCHQH: QH 0x%08x. H-bit set, reclamation status reset"
1653 " - done processing\n", q->qhaddr);
1654 ehci_set_state(ehci, async, EST_ACTIVE);
1655 q = NULL;
1656 goto out;
1657 }
1658 }
1659
1660#if EHCI_DEBUG
1661 if (q->qhaddr != q->qh.next) {
1662 DPRINTF("FETCHQH: QH 0x%08x (h %x halt %x active %x) next 0x%08x\n",
1663 q->qhaddr,
1664 q->qh.epchar & QH_EPCHAR_H,
1665 q->qh.token & QTD_TOKEN_HALT,
1666 q->qh.token & QTD_TOKEN_ACTIVE,
1667 q->qh.next);
1668 }
1669#endif
1670
1671 if (q->qh.token & QTD_TOKEN_HALT) {
1672 ehci_set_state(ehci, async, EST_HORIZONTALQH);
1673
1674 } else if ((q->qh.token & QTD_TOKEN_ACTIVE) &&
1675 (NLPTR_TBIT(q->qh.current_qtd) == 0) &&
1676 (q->qh.current_qtd != 0)) {
1677 q->qtdaddr = q->qh.current_qtd;
1678 ehci_set_state(ehci, async, EST_FETCHQTD);
1679
1680 } else {
1681
1682 ehci_set_state(ehci, async, EST_ADVANCEQUEUE);
1683 }
1684
1685out:
1686 return q;
1687}
1688
1689static int ehci_state_fetchitd(EHCIState *ehci, int async)
1690{
1691 uint32_t entry;
1692 EHCIitd itd;
1693
1694 assert(!async);
1695 entry = ehci_get_fetch_addr(ehci, async);
1696
1697 if (get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd,
1698 sizeof(EHCIitd) >> 2) < 0) {
1699 return -1;
1700 }
1701 ehci_trace_itd(ehci, entry, &itd);
1702
1703 if (ehci_process_itd(ehci, &itd, entry) != 0) {
1704 return -1;
1705 }
1706
1707 put_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd,
1708 sizeof(EHCIitd) >> 2);
1709 ehci_set_fetch_addr(ehci, async, itd.next);
1710 ehci_set_state(ehci, async, EST_FETCHENTRY);
1711
1712 return 1;
1713}
1714
1715static int ehci_state_fetchsitd(EHCIState *ehci, int async)
1716{
1717 uint32_t entry;
1718 EHCIsitd sitd;
1719
1720 assert(!async);
1721 entry = ehci_get_fetch_addr(ehci, async);
1722
1723 if (get_dwords(ehci, NLPTR_GET(entry), (uint32_t *)&sitd,
1724 sizeof(EHCIsitd) >> 2) < 0) {
1725 return 0;
1726 }
1727 ehci_trace_sitd(ehci, entry, &sitd);
1728
1729 if (!(sitd.results & SITD_RESULTS_ACTIVE)) {
1730 ;
1731 } else {
1732
1733 warn_report("Skipping active siTD");
1734 }
1735
1736 ehci_set_fetch_addr(ehci, async, sitd.next);
1737 ehci_set_state(ehci, async, EST_FETCHENTRY);
1738 return 1;
1739}
1740
1741
1742static int ehci_state_advqueue(EHCIQueue *q)
1743{
1744#if 0
1745
1746
1747
1748
1749 if (I-bit set) {
1750 ehci_set_state(ehci, async, EST_HORIZONTALQH);
1751 goto out;
1752 }
1753#endif
1754
1755
1756
1757
1758 if (((q->qh.token & QTD_TOKEN_TBYTES_MASK) != 0) &&
1759 (NLPTR_TBIT(q->qh.altnext_qtd) == 0)) {
1760 q->qtdaddr = q->qh.altnext_qtd;
1761 ehci_set_state(q->ehci, q->async, EST_FETCHQTD);
1762
1763
1764
1765
1766 } else if (NLPTR_TBIT(q->qh.next_qtd) == 0) {
1767 q->qtdaddr = q->qh.next_qtd;
1768 ehci_set_state(q->ehci, q->async, EST_FETCHQTD);
1769
1770
1771
1772
1773 } else {
1774 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1775 }
1776
1777 return 1;
1778}
1779
1780
1781static int ehci_state_fetchqtd(EHCIQueue *q)
1782{
1783 EHCIqtd qtd;
1784 EHCIPacket *p;
1785 int again = 1;
1786
1787 if (get_dwords(q->ehci, NLPTR_GET(q->qtdaddr), (uint32_t *) &qtd,
1788 sizeof(EHCIqtd) >> 2) < 0) {
1789 return 0;
1790 }
1791 ehci_trace_qtd(q, NLPTR_GET(q->qtdaddr), &qtd);
1792
1793 p = QTAILQ_FIRST(&q->packets);
1794 if (p != NULL) {
1795 if (!ehci_verify_qtd(p, &qtd)) {
1796 ehci_cancel_queue(q);
1797 if (qtd.token & QTD_TOKEN_ACTIVE) {
1798 ehci_trace_guest_bug(q->ehci, "guest updated active qTD");
1799 }
1800 p = NULL;
1801 } else {
1802 p->qtd = qtd;
1803 ehci_qh_do_overlay(q);
1804 }
1805 }
1806
1807 if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
1808 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1809 } else if (p != NULL) {
1810 switch (p->async) {
1811 case EHCI_ASYNC_NONE:
1812 case EHCI_ASYNC_INITIALIZED:
1813
1814 ehci_set_state(q->ehci, q->async, EST_EXECUTE);
1815 break;
1816 case EHCI_ASYNC_INFLIGHT:
1817
1818 again = ehci_fill_queue(QTAILQ_LAST(&q->packets, pkts_head));
1819
1820 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1821 break;
1822 case EHCI_ASYNC_FINISHED:
1823
1824 ehci_set_state(q->ehci, q->async, EST_EXECUTING);
1825 break;
1826 }
1827 } else {
1828 p = ehci_alloc_packet(q);
1829 p->qtdaddr = q->qtdaddr;
1830 p->qtd = qtd;
1831 ehci_set_state(q->ehci, q->async, EST_EXECUTE);
1832 }
1833
1834 return again;
1835}
1836
1837static int ehci_state_horizqh(EHCIQueue *q)
1838{
1839 int again = 0;
1840
1841 if (ehci_get_fetch_addr(q->ehci, q->async) != q->qh.next) {
1842 ehci_set_fetch_addr(q->ehci, q->async, q->qh.next);
1843 ehci_set_state(q->ehci, q->async, EST_FETCHENTRY);
1844 again = 1;
1845 } else {
1846 ehci_set_state(q->ehci, q->async, EST_ACTIVE);
1847 }
1848
1849 return again;
1850}
1851
1852
1853static int ehci_fill_queue(EHCIPacket *p)
1854{
1855 USBEndpoint *ep = p->packet.ep;
1856 EHCIQueue *q = p->queue;
1857 EHCIqtd qtd = p->qtd;
1858 uint32_t qtdaddr;
1859
1860 for (;;) {
1861 if (NLPTR_TBIT(qtd.next) != 0) {
1862 break;
1863 }
1864 qtdaddr = qtd.next;
1865
1866
1867
1868
1869 QTAILQ_FOREACH(p, &q->packets, next) {
1870 if (p->qtdaddr == qtdaddr) {
1871 goto leave;
1872 }
1873 }
1874 if (get_dwords(q->ehci, NLPTR_GET(qtdaddr),
1875 (uint32_t *) &qtd, sizeof(EHCIqtd) >> 2) < 0) {
1876 return -1;
1877 }
1878 ehci_trace_qtd(q, NLPTR_GET(qtdaddr), &qtd);
1879 if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
1880 break;
1881 }
1882 if (!ehci_verify_pid(q, &qtd)) {
1883 ehci_trace_guest_bug(q->ehci, "guest queued token with wrong pid");
1884 break;
1885 }
1886 p = ehci_alloc_packet(q);
1887 p->qtdaddr = qtdaddr;
1888 p->qtd = qtd;
1889 if (ehci_execute(p, "queue") == -1) {
1890 return -1;
1891 }
1892 assert(p->packet.status == USB_RET_ASYNC);
1893 p->async = EHCI_ASYNC_INFLIGHT;
1894 }
1895leave:
1896 usb_device_flush_ep_queue(ep->dev, ep);
1897 return 1;
1898}
1899
1900static int ehci_state_execute(EHCIQueue *q)
1901{
1902 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1903 int again = 0;
1904
1905 assert(p != NULL);
1906 assert(p->qtdaddr == q->qtdaddr);
1907
1908 if (ehci_qh_do_overlay(q) != 0) {
1909 return -1;
1910 }
1911
1912
1913
1914
1915
1916 if (!q->async && q->transact_ctr == 0) {
1917 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1918 again = 1;
1919 goto out;
1920 }
1921
1922 if (q->async) {
1923 ehci_set_usbsts(q->ehci, USBSTS_REC);
1924 }
1925
1926 again = ehci_execute(p, "process");
1927 if (again == -1) {
1928 goto out;
1929 }
1930 if (p->packet.status == USB_RET_ASYNC) {
1931 ehci_flush_qh(q);
1932 trace_usb_ehci_packet_action(p->queue, p, "async");
1933 p->async = EHCI_ASYNC_INFLIGHT;
1934 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1935 if (q->async) {
1936 again = ehci_fill_queue(p);
1937 } else {
1938 again = 1;
1939 }
1940 goto out;
1941 }
1942
1943 ehci_set_state(q->ehci, q->async, EST_EXECUTING);
1944 again = 1;
1945
1946out:
1947 return again;
1948}
1949
1950static int ehci_state_executing(EHCIQueue *q)
1951{
1952 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1953
1954 assert(p != NULL);
1955 assert(p->qtdaddr == q->qtdaddr);
1956
1957 ehci_execute_complete(q);
1958
1959
1960 if (!q->async && q->transact_ctr > 0) {
1961 q->transact_ctr--;
1962 }
1963
1964
1965 if (p->packet.status == USB_RET_NAK) {
1966 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1967 } else {
1968 ehci_set_state(q->ehci, q->async, EST_WRITEBACK);
1969 }
1970
1971 ehci_flush_qh(q);
1972 return 1;
1973}
1974
1975
1976static int ehci_state_writeback(EHCIQueue *q)
1977{
1978 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1979 uint32_t *qtd, addr;
1980 int again = 0;
1981
1982
1983 assert(p != NULL);
1984 assert(p->qtdaddr == q->qtdaddr);
1985
1986 ehci_trace_qtd(q, NLPTR_GET(p->qtdaddr), (EHCIqtd *) &q->qh.next_qtd);
1987 qtd = (uint32_t *) &q->qh.next_qtd;
1988 addr = NLPTR_GET(p->qtdaddr);
1989 put_dwords(q->ehci, addr + 2 * sizeof(uint32_t), qtd + 2, 2);
1990 ehci_free_packet(p);
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000 if (q->qh.token & QTD_TOKEN_HALT) {
2001 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
2002 again = 1;
2003 } else {
2004 ehci_set_state(q->ehci, q->async, EST_ADVANCEQUEUE);
2005 again = 1;
2006 }
2007 return again;
2008}
2009
2010
2011
2012
2013
2014static void ehci_advance_state(EHCIState *ehci, int async)
2015{
2016 EHCIQueue *q = NULL;
2017 int itd_count = 0;
2018 int again;
2019
2020 do {
2021 switch(ehci_get_state(ehci, async)) {
2022 case EST_WAITLISTHEAD:
2023 again = ehci_state_waitlisthead(ehci, async);
2024 break;
2025
2026 case EST_FETCHENTRY:
2027 again = ehci_state_fetchentry(ehci, async);
2028 break;
2029
2030 case EST_FETCHQH:
2031 q = ehci_state_fetchqh(ehci, async);
2032 if (q != NULL) {
2033 assert(q->async == async);
2034 again = 1;
2035 } else {
2036 again = 0;
2037 }
2038 break;
2039
2040 case EST_FETCHITD:
2041 again = ehci_state_fetchitd(ehci, async);
2042 itd_count++;
2043 break;
2044
2045 case EST_FETCHSITD:
2046 again = ehci_state_fetchsitd(ehci, async);
2047 itd_count++;
2048 break;
2049
2050 case EST_ADVANCEQUEUE:
2051 assert(q != NULL);
2052 again = ehci_state_advqueue(q);
2053 break;
2054
2055 case EST_FETCHQTD:
2056 assert(q != NULL);
2057 again = ehci_state_fetchqtd(q);
2058 break;
2059
2060 case EST_HORIZONTALQH:
2061 assert(q != NULL);
2062 again = ehci_state_horizqh(q);
2063 break;
2064
2065 case EST_EXECUTE:
2066 assert(q != NULL);
2067 again = ehci_state_execute(q);
2068 if (async) {
2069 ehci->async_stepdown = 0;
2070 }
2071 break;
2072
2073 case EST_EXECUTING:
2074 assert(q != NULL);
2075 if (async) {
2076 ehci->async_stepdown = 0;
2077 }
2078 again = ehci_state_executing(q);
2079 break;
2080
2081 case EST_WRITEBACK:
2082 assert(q != NULL);
2083 again = ehci_state_writeback(q);
2084 if (!async) {
2085 ehci->periodic_sched_active = PERIODIC_ACTIVE;
2086 }
2087 break;
2088
2089 default:
2090 fprintf(stderr, "Bad state!\n");
2091 again = -1;
2092 g_assert_not_reached();
2093 break;
2094 }
2095
2096 if (again < 0 || itd_count > 16) {
2097
2098 fprintf(stderr, "processing error - resetting ehci HC\n");
2099 ehci_reset(ehci);
2100 again = 0;
2101 }
2102 }
2103 while (again);
2104}
2105
2106static void ehci_advance_async_state(EHCIState *ehci)
2107{
2108 const int async = 1;
2109
2110 switch(ehci_get_state(ehci, async)) {
2111 case EST_INACTIVE:
2112 if (!ehci_async_enabled(ehci)) {
2113 break;
2114 }
2115 ehci_set_state(ehci, async, EST_ACTIVE);
2116
2117
2118 case EST_ACTIVE:
2119 if (!ehci_async_enabled(ehci)) {
2120 ehci_queues_rip_all(ehci, async);
2121 ehci_set_state(ehci, async, EST_INACTIVE);
2122 break;
2123 }
2124
2125
2126
2127 if (ehci->usbsts & USBSTS_IAA) {
2128 DPRINTF("IAA status bit still set.\n");
2129 break;
2130 }
2131
2132
2133 if (ehci->asynclistaddr == 0) {
2134 break;
2135 }
2136
2137 ehci_set_state(ehci, async, EST_WAITLISTHEAD);
2138 ehci_advance_state(ehci, async);
2139
2140
2141
2142
2143
2144 if (ehci->usbcmd & USBCMD_IAAD) {
2145
2146 ehci_queues_rip_unseen(ehci, async);
2147 trace_usb_ehci_doorbell_ack();
2148 ehci->usbcmd &= ~USBCMD_IAAD;
2149 ehci_raise_irq(ehci, USBSTS_IAA);
2150 }
2151 break;
2152
2153 default:
2154
2155 fprintf(stderr, "ehci: Bad asynchronous state %d. "
2156 "Resetting to active\n", ehci->astate);
2157 g_assert_not_reached();
2158 }
2159}
2160
2161static void ehci_advance_periodic_state(EHCIState *ehci)
2162{
2163 uint32_t entry;
2164 uint32_t list;
2165 const int async = 0;
2166
2167
2168
2169 switch(ehci_get_state(ehci, async)) {
2170 case EST_INACTIVE:
2171 if (!(ehci->frindex & 7) && ehci_periodic_enabled(ehci)) {
2172 ehci_set_state(ehci, async, EST_ACTIVE);
2173
2174 } else
2175 break;
2176
2177 case EST_ACTIVE:
2178 if (!(ehci->frindex & 7) && !ehci_periodic_enabled(ehci)) {
2179 ehci_queues_rip_all(ehci, async);
2180 ehci_set_state(ehci, async, EST_INACTIVE);
2181 break;
2182 }
2183
2184 list = ehci->periodiclistbase & 0xfffff000;
2185
2186 if (list == 0) {
2187 break;
2188 }
2189 list |= ((ehci->frindex & 0x1ff8) >> 1);
2190
2191 if (get_dwords(ehci, list, &entry, 1) < 0) {
2192 break;
2193 }
2194
2195 DPRINTF("PERIODIC state adv fr=%d. [%08X] -> %08X\n",
2196 ehci->frindex / 8, list, entry);
2197 ehci_set_fetch_addr(ehci, async,entry);
2198 ehci_set_state(ehci, async, EST_FETCHENTRY);
2199 ehci_advance_state(ehci, async);
2200 ehci_queues_rip_unused(ehci, async);
2201 break;
2202
2203 default:
2204
2205 fprintf(stderr, "ehci: Bad periodic state %d. "
2206 "Resetting to active\n", ehci->pstate);
2207 g_assert_not_reached();
2208 }
2209}
2210
2211static void ehci_update_frindex(EHCIState *ehci, int uframes)
2212{
2213 if (!ehci_enabled(ehci) && ehci->pstate == EST_INACTIVE) {
2214 return;
2215 }
2216
2217
2218 if ((ehci->frindex % 0x2000) + uframes >= 0x2000) {
2219 ehci_raise_irq(ehci, USBSTS_FLR);
2220 }
2221
2222
2223
2224
2225 int rollovers = (ehci->frindex + uframes) / 0x4000;
2226 if (rollovers > 0) {
2227 if (ehci->usbsts_frindex >= (rollovers * 0x4000)) {
2228 ehci->usbsts_frindex -= 0x4000 * rollovers;
2229 } else {
2230 ehci->usbsts_frindex = 0;
2231 }
2232 }
2233
2234 ehci->frindex = (ehci->frindex + uframes) % 0x4000;
2235}
2236
2237static void ehci_work_bh(void *opaque)
2238{
2239 EHCIState *ehci = opaque;
2240 int need_timer = 0;
2241 int64_t expire_time, t_now;
2242 uint64_t ns_elapsed;
2243 uint64_t uframes, skipped_uframes;
2244 int i;
2245
2246 if (ehci->working) {
2247 return;
2248 }
2249 ehci->working = true;
2250
2251 t_now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
2252 ns_elapsed = t_now - ehci->last_run_ns;
2253 uframes = ns_elapsed / UFRAME_TIMER_NS;
2254
2255 if (ehci_periodic_enabled(ehci) || ehci->pstate != EST_INACTIVE) {
2256 need_timer++;
2257
2258 if (uframes > (ehci->maxframes * 8)) {
2259 skipped_uframes = uframes - (ehci->maxframes * 8);
2260 ehci_update_frindex(ehci, skipped_uframes);
2261 ehci->last_run_ns += UFRAME_TIMER_NS * skipped_uframes;
2262 uframes -= skipped_uframes;
2263 DPRINTF("WARNING - EHCI skipped %d uframes\n", skipped_uframes);
2264 }
2265
2266 for (i = 0; i < uframes; i++) {
2267
2268
2269
2270
2271
2272
2273
2274 if (i >= MIN_UFR_PER_TICK) {
2275 ehci_commit_irq(ehci);
2276 if ((ehci->usbsts & USBINTR_MASK) & ehci->usbintr) {
2277 break;
2278 }
2279 }
2280 if (ehci->periodic_sched_active) {
2281 ehci->periodic_sched_active--;
2282 }
2283 ehci_update_frindex(ehci, 1);
2284 if ((ehci->frindex & 7) == 0) {
2285 ehci_advance_periodic_state(ehci);
2286 }
2287 ehci->last_run_ns += UFRAME_TIMER_NS;
2288 }
2289 } else {
2290 ehci->periodic_sched_active = 0;
2291 ehci_update_frindex(ehci, uframes);
2292 ehci->last_run_ns += UFRAME_TIMER_NS * uframes;
2293 }
2294
2295 if (ehci->periodic_sched_active) {
2296 ehci->async_stepdown = 0;
2297 } else if (ehci->async_stepdown < ehci->maxframes / 2) {
2298 ehci->async_stepdown++;
2299 }
2300
2301
2302
2303
2304 if (ehci_async_enabled(ehci) || ehci->astate != EST_INACTIVE) {
2305 need_timer++;
2306 ehci_advance_async_state(ehci);
2307 }
2308
2309 ehci_commit_irq(ehci);
2310 if (ehci->usbsts_pending) {
2311 need_timer++;
2312 ehci->async_stepdown = 0;
2313 }
2314
2315 if (ehci_enabled(ehci) && (ehci->usbintr & USBSTS_FLR)) {
2316 need_timer++;
2317 }
2318
2319 if (need_timer) {
2320
2321
2322 if (ehci->int_req_by_async && (ehci->usbsts & USBSTS_INT)) {
2323 expire_time = t_now +
2324 NANOSECONDS_PER_SECOND / (FRAME_TIMER_FREQ * 4);
2325 ehci->int_req_by_async = false;
2326 } else {
2327 expire_time = t_now + (NANOSECONDS_PER_SECOND
2328 * (ehci->async_stepdown+1) / FRAME_TIMER_FREQ);
2329 }
2330 timer_mod(ehci->frame_timer, expire_time);
2331 }
2332
2333 ehci->working = false;
2334}
2335
2336static void ehci_work_timer(void *opaque)
2337{
2338 EHCIState *ehci = opaque;
2339
2340 qemu_bh_schedule(ehci->async_bh);
2341}
2342
2343static const MemoryRegionOps ehci_mmio_caps_ops = {
2344 .read = ehci_caps_read,
2345 .write = ehci_caps_write,
2346 .valid.min_access_size = 1,
2347 .valid.max_access_size = 4,
2348 .impl.min_access_size = 1,
2349 .impl.max_access_size = 1,
2350 .endianness = DEVICE_LITTLE_ENDIAN,
2351};
2352
2353static const MemoryRegionOps ehci_mmio_opreg_ops = {
2354 .read = ehci_opreg_read,
2355 .write = ehci_opreg_write,
2356 .valid.min_access_size = 4,
2357 .valid.max_access_size = 4,
2358 .endianness = DEVICE_LITTLE_ENDIAN,
2359};
2360
2361static const MemoryRegionOps ehci_mmio_port_ops = {
2362 .read = ehci_port_read,
2363 .write = ehci_port_write,
2364 .valid.min_access_size = 4,
2365 .valid.max_access_size = 4,
2366 .endianness = DEVICE_LITTLE_ENDIAN,
2367};
2368
2369static USBPortOps ehci_port_ops = {
2370 .attach = ehci_attach,
2371 .detach = ehci_detach,
2372 .child_detach = ehci_child_detach,
2373 .wakeup = ehci_wakeup,
2374 .complete = ehci_async_complete_packet,
2375};
2376
2377static USBBusOps ehci_bus_ops_companion = {
2378 .register_companion = ehci_register_companion,
2379 .wakeup_endpoint = ehci_wakeup_endpoint,
2380};
2381static USBBusOps ehci_bus_ops_standalone = {
2382 .wakeup_endpoint = ehci_wakeup_endpoint,
2383};
2384
2385static int usb_ehci_pre_save(void *opaque)
2386{
2387 EHCIState *ehci = opaque;
2388 uint32_t new_frindex;
2389
2390
2391 new_frindex = ehci->frindex & ~7;
2392 ehci->last_run_ns -= (ehci->frindex - new_frindex) * UFRAME_TIMER_NS;
2393 ehci->frindex = new_frindex;
2394
2395 return 0;
2396}
2397
2398static int usb_ehci_post_load(void *opaque, int version_id)
2399{
2400 EHCIState *s = opaque;
2401 int i;
2402
2403 for (i = 0; i < NB_PORTS; i++) {
2404 USBPort *companion = s->companion_ports[i];
2405 if (companion == NULL) {
2406 continue;
2407 }
2408 if (s->portsc[i] & PORTSC_POWNER) {
2409 companion->dev = s->ports[i].dev;
2410 } else {
2411 companion->dev = NULL;
2412 }
2413 }
2414
2415 return 0;
2416}
2417
2418static void usb_ehci_vm_state_change(void *opaque, int running, RunState state)
2419{
2420 EHCIState *ehci = opaque;
2421
2422
2423
2424
2425
2426
2427
2428 if (state == RUN_STATE_RUNNING) {
2429 ehci_advance_async_state(ehci);
2430 }
2431
2432
2433
2434
2435
2436
2437
2438 if (state == RUN_STATE_SAVE_VM) {
2439 ehci_advance_async_state(ehci);
2440 ehci_queues_rip_unseen(ehci, 1);
2441 }
2442}
2443
2444const VMStateDescription vmstate_ehci = {
2445 .name = "ehci-core",
2446 .version_id = 2,
2447 .minimum_version_id = 1,
2448 .pre_save = usb_ehci_pre_save,
2449 .post_load = usb_ehci_post_load,
2450 .fields = (VMStateField[]) {
2451
2452 VMSTATE_UINT32(usbcmd, EHCIState),
2453 VMSTATE_UINT32(usbsts, EHCIState),
2454 VMSTATE_UINT32_V(usbsts_pending, EHCIState, 2),
2455 VMSTATE_UINT32_V(usbsts_frindex, EHCIState, 2),
2456 VMSTATE_UINT32(usbintr, EHCIState),
2457 VMSTATE_UINT32(frindex, EHCIState),
2458 VMSTATE_UINT32(ctrldssegment, EHCIState),
2459 VMSTATE_UINT32(periodiclistbase, EHCIState),
2460 VMSTATE_UINT32(asynclistaddr, EHCIState),
2461 VMSTATE_UINT32(configflag, EHCIState),
2462 VMSTATE_UINT32(portsc[0], EHCIState),
2463 VMSTATE_UINT32(portsc[1], EHCIState),
2464 VMSTATE_UINT32(portsc[2], EHCIState),
2465 VMSTATE_UINT32(portsc[3], EHCIState),
2466 VMSTATE_UINT32(portsc[4], EHCIState),
2467 VMSTATE_UINT32(portsc[5], EHCIState),
2468
2469 VMSTATE_TIMER_PTR(frame_timer, EHCIState),
2470 VMSTATE_UINT64(last_run_ns, EHCIState),
2471 VMSTATE_UINT32(async_stepdown, EHCIState),
2472
2473 VMSTATE_UINT32(astate, EHCIState),
2474 VMSTATE_UINT32(pstate, EHCIState),
2475 VMSTATE_UINT32(a_fetch_addr, EHCIState),
2476 VMSTATE_UINT32(p_fetch_addr, EHCIState),
2477 VMSTATE_END_OF_LIST()
2478 }
2479};
2480
2481void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp)
2482{
2483 int i;
2484
2485 if (s->portnr > NB_PORTS) {
2486 error_setg(errp, "Too many ports! Max. port number is %d.",
2487 NB_PORTS);
2488 return;
2489 }
2490 if (s->maxframes < 8 || s->maxframes > 512) {
2491 error_setg(errp, "maxframes %d out if range (8 .. 512)",
2492 s->maxframes);
2493 return;
2494 }
2495
2496 usb_bus_new(&s->bus, sizeof(s->bus), s->companion_enable ?
2497 &ehci_bus_ops_companion : &ehci_bus_ops_standalone, dev);
2498 for (i = 0; i < s->portnr; i++) {
2499 usb_register_port(&s->bus, &s->ports[i], s, i, &ehci_port_ops,
2500 USB_SPEED_MASK_HIGH);
2501 s->ports[i].dev = 0;
2502 }
2503
2504 s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ehci_work_timer, s);
2505 s->async_bh = qemu_bh_new(ehci_work_bh, s);
2506 s->device = dev;
2507
2508 s->vmstate = qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s);
2509}
2510
2511void usb_ehci_unrealize(EHCIState *s, DeviceState *dev, Error **errp)
2512{
2513 trace_usb_ehci_unrealize();
2514
2515 if (s->frame_timer) {
2516 timer_del(s->frame_timer);
2517 timer_free(s->frame_timer);
2518 s->frame_timer = NULL;
2519 }
2520 if (s->async_bh) {
2521 qemu_bh_delete(s->async_bh);
2522 }
2523
2524 ehci_queues_rip_all(s, 0);
2525 ehci_queues_rip_all(s, 1);
2526
2527 memory_region_del_subregion(&s->mem, &s->mem_caps);
2528 memory_region_del_subregion(&s->mem, &s->mem_opreg);
2529 memory_region_del_subregion(&s->mem, &s->mem_ports);
2530
2531 usb_bus_release(&s->bus);
2532
2533 if (s->vmstate) {
2534 qemu_del_vm_change_state_handler(s->vmstate);
2535 }
2536}
2537
2538void usb_ehci_init(EHCIState *s, DeviceState *dev)
2539{
2540
2541 s->caps[0x00] = (uint8_t)(s->opregbase - s->capsbase);
2542 s->caps[0x01] = 0x00;
2543 s->caps[0x02] = 0x00;
2544 s->caps[0x03] = 0x01;
2545 s->caps[0x04] = s->portnr;
2546 s->caps[0x05] = 0x00;
2547 s->caps[0x06] = 0x00;
2548 s->caps[0x07] = 0x00;
2549 s->caps[0x08] = 0x80;
2550 s->caps[0x0a] = 0x00;
2551 s->caps[0x0b] = 0x00;
2552
2553 QTAILQ_INIT(&s->aqueues);
2554 QTAILQ_INIT(&s->pqueues);
2555 usb_packet_init(&s->ipacket);
2556
2557 memory_region_init(&s->mem, OBJECT(dev), "ehci", MMIO_SIZE);
2558 memory_region_init_io(&s->mem_caps, OBJECT(dev), &ehci_mmio_caps_ops, s,
2559 "capabilities", CAPA_SIZE);
2560 memory_region_init_io(&s->mem_opreg, OBJECT(dev), &ehci_mmio_opreg_ops, s,
2561 "operational", s->portscbase);
2562 memory_region_init_io(&s->mem_ports, OBJECT(dev), &ehci_mmio_port_ops, s,
2563 "ports", 4 * s->portnr);
2564
2565 memory_region_add_subregion(&s->mem, s->capsbase, &s->mem_caps);
2566 memory_region_add_subregion(&s->mem, s->opregbase, &s->mem_opreg);
2567 memory_region_add_subregion(&s->mem, s->opregbase + s->portscbase,
2568 &s->mem_ports);
2569}
2570
2571void usb_ehci_finalize(EHCIState *s)
2572{
2573 usb_packet_cleanup(&s->ipacket);
2574}
2575
2576
2577
2578
2579
