1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29#include "qemu/osdep.h"
30#include "qapi/error.h"
31#include "hw/irq.h"
32#include "hw/usb/ehci-regs.h"
33#include "hw/usb/hcd-ehci.h"
34#include "migration/vmstate.h"
35#include "trace.h"
36#include "qemu/error-report.h"
37#include "qemu/main-loop.h"
38#include "sysemu/runstate.h"
39
40#define FRAME_TIMER_FREQ 1000
41#define FRAME_TIMER_NS (NANOSECONDS_PER_SECOND / FRAME_TIMER_FREQ)
42#define UFRAME_TIMER_NS (FRAME_TIMER_NS / 8)
43
44#define NB_MAXINTRATE 8
45#define BUFF_SIZE 5*4096
46#define MAX_QH 100
47#define MIN_UFR_PER_TICK 24
48#define PERIODIC_ACTIVE 512
49
50
51
52typedef enum {
53 EST_INACTIVE = 1000,
54 EST_ACTIVE,
55 EST_EXECUTING,
56 EST_SLEEPING,
57
58
59 EST_WAITLISTHEAD,
60 EST_FETCHENTRY,
61 EST_FETCHQH,
62 EST_FETCHITD,
63 EST_FETCHSITD,
64 EST_ADVANCEQUEUE,
65 EST_FETCHQTD,
66 EST_EXECUTE,
67 EST_WRITEBACK,
68 EST_HORIZONTALQH
69} EHCI_STATES;
70
71
72#define NLPTR_GET(x) ((x) & 0xffffffe0)
73#define NLPTR_TYPE_GET(x) (((x) >> 1) & 3)
74#define NLPTR_TBIT(x) ((x) & 1)
75
76
77#define NLPTR_TYPE_ITD 0
78#define NLPTR_TYPE_QH 1
79#define NLPTR_TYPE_STITD 2
80#define NLPTR_TYPE_FSTN 3
81
82#define SET_LAST_RUN_CLOCK(s) \
83 (s)->last_run_ns = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
84
85
86#define get_field(data, field) \
87 (((data) & field##_MASK) >> field##_SH)
88
89#define set_field(data, newval, field) do { \
90 uint32_t val = *data; \
91 val &= ~ field##_MASK; \
92 val |= ((newval) << field##_SH) & field##_MASK; \
93 *data = val; \
94 } while(0)
95
96static const char *ehci_state_names[] = {
97 [EST_INACTIVE] = "INACTIVE",
98 [EST_ACTIVE] = "ACTIVE",
99 [EST_EXECUTING] = "EXECUTING",
100 [EST_SLEEPING] = "SLEEPING",
101 [EST_WAITLISTHEAD] = "WAITLISTHEAD",
102 [EST_FETCHENTRY] = "FETCH ENTRY",
103 [EST_FETCHQH] = "FETCH QH",
104 [EST_FETCHITD] = "FETCH ITD",
105 [EST_ADVANCEQUEUE] = "ADVANCEQUEUE",
106 [EST_FETCHQTD] = "FETCH QTD",
107 [EST_EXECUTE] = "EXECUTE",
108 [EST_WRITEBACK] = "WRITEBACK",
109 [EST_HORIZONTALQH] = "HORIZONTALQH",
110};
111
112static const char *ehci_mmio_names[] = {
113 [USBCMD] = "USBCMD",
114 [USBSTS] = "USBSTS",
115 [USBINTR] = "USBINTR",
116 [FRINDEX] = "FRINDEX",
117 [PERIODICLISTBASE] = "P-LIST BASE",
118 [ASYNCLISTADDR] = "A-LIST ADDR",
119 [CONFIGFLAG] = "CONFIGFLAG",
120};
121
122static int ehci_state_executing(EHCIQueue *q);
123static int ehci_state_writeback(EHCIQueue *q);
124static int ehci_state_advqueue(EHCIQueue *q);
125static int ehci_fill_queue(EHCIPacket *p);
126static void ehci_free_packet(EHCIPacket *p);
127
128static const char *nr2str(const char **n, size_t len, uint32_t nr)
129{
130 if (nr < len && n[nr] != NULL) {
131 return n[nr];
132 } else {
133 return "unknown";
134 }
135}
136
137static const char *state2str(uint32_t state)
138{
139 return nr2str(ehci_state_names, ARRAY_SIZE(ehci_state_names), state);
140}
141
142static const char *addr2str(hwaddr addr)
143{
144 return nr2str(ehci_mmio_names, ARRAY_SIZE(ehci_mmio_names), addr);
145}
146
147static void ehci_trace_usbsts(uint32_t mask, int state)
148{
149
150 if (mask & USBSTS_INT) {
151 trace_usb_ehci_usbsts("INT", state);
152 }
153 if (mask & USBSTS_ERRINT) {
154 trace_usb_ehci_usbsts("ERRINT", state);
155 }
156 if (mask & USBSTS_PCD) {
157 trace_usb_ehci_usbsts("PCD", state);
158 }
159 if (mask & USBSTS_FLR) {
160 trace_usb_ehci_usbsts("FLR", state);
161 }
162 if (mask & USBSTS_HSE) {
163 trace_usb_ehci_usbsts("HSE", state);
164 }
165 if (mask & USBSTS_IAA) {
166 trace_usb_ehci_usbsts("IAA", state);
167 }
168
169
170 if (mask & USBSTS_HALT) {
171 trace_usb_ehci_usbsts("HALT", state);
172 }
173 if (mask & USBSTS_REC) {
174 trace_usb_ehci_usbsts("REC", state);
175 }
176 if (mask & USBSTS_PSS) {
177 trace_usb_ehci_usbsts("PSS", state);
178 }
179 if (mask & USBSTS_ASS) {
180 trace_usb_ehci_usbsts("ASS", state);
181 }
182}
183
184static inline void ehci_set_usbsts(EHCIState *s, int mask)
185{
186 if ((s->usbsts & mask) == mask) {
187 return;
188 }
189 ehci_trace_usbsts(mask, 1);
190 s->usbsts |= mask;
191}
192
193static inline void ehci_clear_usbsts(EHCIState *s, int mask)
194{
195 if ((s->usbsts & mask) == 0) {
196 return;
197 }
198 ehci_trace_usbsts(mask, 0);
199 s->usbsts &= ~mask;
200}
201
202
203static inline void ehci_update_irq(EHCIState *s)
204{
205 int level = 0;
206
207 if ((s->usbsts & USBINTR_MASK) & s->usbintr) {
208 level = 1;
209 }
210
211 trace_usb_ehci_irq(level, s->frindex, s->usbsts, s->usbintr);
212 qemu_set_irq(s->irq, level);
213}
214
215
216static inline void ehci_raise_irq(EHCIState *s, int intr)
217{
218 if (intr & (USBSTS_PCD | USBSTS_FLR | USBSTS_HSE)) {
219 s->usbsts |= intr;
220 ehci_update_irq(s);
221 } else {
222 s->usbsts_pending |= intr;
223 }
224}
225
226
227
228
229
230static inline void ehci_commit_irq(EHCIState *s)
231{
232 uint32_t itc;
233
234 if (!s->usbsts_pending) {
235 return;
236 }
237 if (s->usbsts_frindex > s->frindex) {
238 return;
239 }
240
241 itc = (s->usbcmd >> 16) & 0xff;
242 s->usbsts |= s->usbsts_pending;
243 s->usbsts_pending = 0;
244 s->usbsts_frindex = s->frindex + itc;
245 ehci_update_irq(s);
246}
247
248static void ehci_update_halt(EHCIState *s)
249{
250 if (s->usbcmd & USBCMD_RUNSTOP) {
251 ehci_clear_usbsts(s, USBSTS_HALT);
252 } else {
253 if (s->astate == EST_INACTIVE && s->pstate == EST_INACTIVE) {
254 ehci_set_usbsts(s, USBSTS_HALT);
255 }
256 }
257}
258
259static void ehci_set_state(EHCIState *s, int async, int state)
260{
261 if (async) {
262 trace_usb_ehci_state("async", state2str(state));
263 s->astate = state;
264 if (s->astate == EST_INACTIVE) {
265 ehci_clear_usbsts(s, USBSTS_ASS);
266 ehci_update_halt(s);
267 } else {
268 ehci_set_usbsts(s, USBSTS_ASS);
269 }
270 } else {
271 trace_usb_ehci_state("periodic", state2str(state));
272 s->pstate = state;
273 if (s->pstate == EST_INACTIVE) {
274 ehci_clear_usbsts(s, USBSTS_PSS);
275 ehci_update_halt(s);
276 } else {
277 ehci_set_usbsts(s, USBSTS_PSS);
278 }
279 }
280}
281
282static int ehci_get_state(EHCIState *s, int async)
283{
284 return async ? s->astate : s->pstate;
285}
286
287static void ehci_set_fetch_addr(EHCIState *s, int async, uint32_t addr)
288{
289 if (async) {
290 s->a_fetch_addr = addr;
291 } else {
292 s->p_fetch_addr = addr;
293 }
294}
295
296static int ehci_get_fetch_addr(EHCIState *s, int async)
297{
298 return async ? s->a_fetch_addr : s->p_fetch_addr;
299}
300
301static void ehci_trace_qh(EHCIQueue *q, hwaddr addr, EHCIqh *qh)
302{
303
304 trace_usb_ehci_qh_ptrs(q, addr, qh->next,
305 qh->current_qtd, qh->next_qtd, qh->altnext_qtd);
306 trace_usb_ehci_qh_fields(addr,
307 get_field(qh->epchar, QH_EPCHAR_RL),
308 get_field(qh->epchar, QH_EPCHAR_MPLEN),
309 get_field(qh->epchar, QH_EPCHAR_EPS),
310 get_field(qh->epchar, QH_EPCHAR_EP),
311 get_field(qh->epchar, QH_EPCHAR_DEVADDR));
312 trace_usb_ehci_qh_bits(addr,
313 (bool)(qh->epchar & QH_EPCHAR_C),
314 (bool)(qh->epchar & QH_EPCHAR_H),
315 (bool)(qh->epchar & QH_EPCHAR_DTC),
316 (bool)(qh->epchar & QH_EPCHAR_I));
317}
318
319static void ehci_trace_qtd(EHCIQueue *q, hwaddr addr, EHCIqtd *qtd)
320{
321
322 trace_usb_ehci_qtd_ptrs(q, addr, qtd->next, qtd->altnext);
323 trace_usb_ehci_qtd_fields(addr,
324 get_field(qtd->token, QTD_TOKEN_TBYTES),
325 get_field(qtd->token, QTD_TOKEN_CPAGE),
326 get_field(qtd->token, QTD_TOKEN_CERR),
327 get_field(qtd->token, QTD_TOKEN_PID));
328 trace_usb_ehci_qtd_bits(addr,
329 (bool)(qtd->token & QTD_TOKEN_IOC),
330 (bool)(qtd->token & QTD_TOKEN_ACTIVE),
331 (bool)(qtd->token & QTD_TOKEN_HALT),
332 (bool)(qtd->token & QTD_TOKEN_BABBLE),
333 (bool)(qtd->token & QTD_TOKEN_XACTERR));
334}
335
336static void ehci_trace_itd(EHCIState *s, hwaddr addr, EHCIitd *itd)
337{
338 trace_usb_ehci_itd(addr, itd->next,
339 get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT),
340 get_field(itd->bufptr[2], ITD_BUFPTR_MULT),
341 get_field(itd->bufptr[0], ITD_BUFPTR_EP),
342 get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR));
343}
344
345static void ehci_trace_sitd(EHCIState *s, hwaddr addr,
346 EHCIsitd *sitd)
347{
348 trace_usb_ehci_sitd(addr, sitd->next,
349 (bool)(sitd->results & SITD_RESULTS_ACTIVE));
350}
351
352static void ehci_trace_guest_bug(EHCIState *s, const char *message)
353{
354 trace_usb_ehci_guest_bug(message);
355 warn_report("%s", message);
356}
357
358static inline bool ehci_enabled(EHCIState *s)
359{
360 return s->usbcmd & USBCMD_RUNSTOP;
361}
362
363static inline bool ehci_async_enabled(EHCIState *s)
364{
365 return ehci_enabled(s) && (s->usbcmd & USBCMD_ASE);
366}
367
368static inline bool ehci_periodic_enabled(EHCIState *s)
369{
370 return ehci_enabled(s) && (s->usbcmd & USBCMD_PSE);
371}
372
373
374static inline int get_dwords(EHCIState *ehci, uint32_t addr,
375 uint32_t *buf, int num)
376{
377 int i;
378
379 if (!ehci->as) {
380 ehci_raise_irq(ehci, USBSTS_HSE);
381 ehci->usbcmd &= ~USBCMD_RUNSTOP;
382 trace_usb_ehci_dma_error();
383 return -1;
384 }
385
386 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
387 dma_memory_read(ehci->as, addr, buf, sizeof(*buf));
388 *buf = le32_to_cpu(*buf);
389 }
390
391 return num;
392}
393
394
395static inline int put_dwords(EHCIState *ehci, uint32_t addr,
396 uint32_t *buf, int num)
397{
398 int i;
399
400 if (!ehci->as) {
401 ehci_raise_irq(ehci, USBSTS_HSE);
402 ehci->usbcmd &= ~USBCMD_RUNSTOP;
403 trace_usb_ehci_dma_error();
404 return -1;
405 }
406
407 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
408 uint32_t tmp = cpu_to_le32(*buf);
409 dma_memory_write(ehci->as, addr, &tmp, sizeof(tmp));
410 }
411
412 return num;
413}
414
415static int ehci_get_pid(EHCIqtd *qtd)
416{
417 switch (get_field(qtd->token, QTD_TOKEN_PID)) {
418 case 0:
419 return USB_TOKEN_OUT;
420 case 1:
421 return USB_TOKEN_IN;
422 case 2:
423 return USB_TOKEN_SETUP;
424 default:
425 fprintf(stderr, "bad token\n");
426 return 0;
427 }
428}
429
430static bool ehci_verify_qh(EHCIQueue *q, EHCIqh *qh)
431{
432 uint32_t devaddr = get_field(qh->epchar, QH_EPCHAR_DEVADDR);
433 uint32_t endp = get_field(qh->epchar, QH_EPCHAR_EP);
434 if ((devaddr != get_field(q->qh.epchar, QH_EPCHAR_DEVADDR)) ||
435 (endp != get_field(q->qh.epchar, QH_EPCHAR_EP)) ||
436 (qh->current_qtd != q->qh.current_qtd) ||
437 (q->async && qh->next_qtd != q->qh.next_qtd) ||
438 (memcmp(&qh->altnext_qtd, &q->qh.altnext_qtd,
439 7 * sizeof(uint32_t)) != 0) ||
440 (q->dev != NULL && q->dev->addr != devaddr)) {
441 return false;
442 } else {
443 return true;
444 }
445}
446
447static bool ehci_verify_qtd(EHCIPacket *p, EHCIqtd *qtd)
448{
449 if (p->qtdaddr != p->queue->qtdaddr ||
450 (p->queue->async && !NLPTR_TBIT(p->qtd.next) &&
451 (p->qtd.next != qtd->next)) ||
452 (!NLPTR_TBIT(p->qtd.altnext) && (p->qtd.altnext != qtd->altnext)) ||
453 p->qtd.token != qtd->token ||
454 p->qtd.bufptr[0] != qtd->bufptr[0]) {
455 return false;
456 } else {
457 return true;
458 }
459}
460
461static bool ehci_verify_pid(EHCIQueue *q, EHCIqtd *qtd)
462{
463 int ep = get_field(q->qh.epchar, QH_EPCHAR_EP);
464 int pid = ehci_get_pid(qtd);
465
466
467 if (q->last_pid && ep != 0 && pid != q->last_pid) {
468 return false;
469 } else {
470 return true;
471 }
472}
473
474
475
476static void ehci_writeback_async_complete_packet(EHCIPacket *p)
477{
478 EHCIQueue *q = p->queue;
479 EHCIqtd qtd;
480 EHCIqh qh;
481 int state;
482
483
484 get_dwords(q->ehci, NLPTR_GET(q->qhaddr),
485 (uint32_t *) &qh, sizeof(EHCIqh) >> 2);
486 get_dwords(q->ehci, NLPTR_GET(q->qtdaddr),
487 (uint32_t *) &qtd, sizeof(EHCIqtd) >> 2);
488 if (!ehci_verify_qh(q, &qh) || !ehci_verify_qtd(p, &qtd)) {
489 p->async = EHCI_ASYNC_INITIALIZED;
490 ehci_free_packet(p);
491 return;
492 }
493
494 state = ehci_get_state(q->ehci, q->async);
495 ehci_state_executing(q);
496 ehci_state_writeback(q);
497 if (!(q->qh.token & QTD_TOKEN_HALT)) {
498 ehci_state_advqueue(q);
499 }
500 ehci_set_state(q->ehci, q->async, state);
501}
502
503
504
505static EHCIPacket *ehci_alloc_packet(EHCIQueue *q)
506{
507 EHCIPacket *p;
508
509 p = g_new0(EHCIPacket, 1);
510 p->queue = q;
511 usb_packet_init(&p->packet);
512 QTAILQ_INSERT_TAIL(&q->packets, p, next);
513 trace_usb_ehci_packet_action(p->queue, p, "alloc");
514 return p;
515}
516
517static void ehci_free_packet(EHCIPacket *p)
518{
519 if (p->async == EHCI_ASYNC_FINISHED &&
520 !(p->queue->qh.token & QTD_TOKEN_HALT)) {
521 ehci_writeback_async_complete_packet(p);
522 return;
523 }
524 trace_usb_ehci_packet_action(p->queue, p, "free");
525 if (p->async == EHCI_ASYNC_INFLIGHT) {
526 usb_cancel_packet(&p->packet);
527 }
528 if (p->async == EHCI_ASYNC_FINISHED &&
529 p->packet.status == USB_RET_SUCCESS) {
530 fprintf(stderr,
531 "EHCI: Dropping completed packet from halted %s ep %02X\n",
532 (p->pid == USB_TOKEN_IN) ? "in" : "out",
533 get_field(p->queue->qh.epchar, QH_EPCHAR_EP));
534 }
535 if (p->async != EHCI_ASYNC_NONE) {
536 usb_packet_unmap(&p->packet, &p->sgl);
537 qemu_sglist_destroy(&p->sgl);
538 }
539 QTAILQ_REMOVE(&p->queue->packets, p, next);
540 usb_packet_cleanup(&p->packet);
541 g_free(p);
542}
543
544
545
546static EHCIQueue *ehci_alloc_queue(EHCIState *ehci, uint32_t addr, int async)
547{
548 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
549 EHCIQueue *q;
550
551 q = g_malloc0(sizeof(*q));
552 q->ehci = ehci;
553 q->qhaddr = addr;
554 q->async = async;
555 QTAILQ_INIT(&q->packets);
556 QTAILQ_INSERT_HEAD(head, q, next);
557 trace_usb_ehci_queue_action(q, "alloc");
558 return q;
559}
560
561static void ehci_queue_stopped(EHCIQueue *q)
562{
563 int endp = get_field(q->qh.epchar, QH_EPCHAR_EP);
564
565 if (!q->last_pid || !q->dev) {
566 return;
567 }
568
569 usb_device_ep_stopped(q->dev, usb_ep_get(q->dev, q->last_pid, endp));
570}
571
572static int ehci_cancel_queue(EHCIQueue *q)
573{
574 EHCIPacket *p;
575 int packets = 0;
576
577 p = QTAILQ_FIRST(&q->packets);
578 if (p == NULL) {
579 goto leave;
580 }
581
582 trace_usb_ehci_queue_action(q, "cancel");
583 do {
584 ehci_free_packet(p);
585 packets++;
586 } while ((p = QTAILQ_FIRST(&q->packets)) != NULL);
587
588leave:
589 ehci_queue_stopped(q);
590 return packets;
591}
592
593static int ehci_reset_queue(EHCIQueue *q)
594{
595 int packets;
596
597 trace_usb_ehci_queue_action(q, "reset");
598 packets = ehci_cancel_queue(q);
599 q->dev = NULL;
600 q->qtdaddr = 0;
601 q->last_pid = 0;
602 return packets;
603}
604
605static void ehci_free_queue(EHCIQueue *q, const char *warn)
606{
607 EHCIQueueHead *head = q->async ? &q->ehci->aqueues : &q->ehci->pqueues;
608 int cancelled;
609
610 trace_usb_ehci_queue_action(q, "free");
611 cancelled = ehci_cancel_queue(q);
612 if (warn && cancelled > 0) {
613 ehci_trace_guest_bug(q->ehci, warn);
614 }
615 QTAILQ_REMOVE(head, q, next);
616 g_free(q);
617}
618
619static EHCIQueue *ehci_find_queue_by_qh(EHCIState *ehci, uint32_t addr,
620 int async)
621{
622 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
623 EHCIQueue *q;
624
625 QTAILQ_FOREACH(q, head, next) {
626 if (addr == q->qhaddr) {
627 return q;
628 }
629 }
630 return NULL;
631}
632
633static void ehci_queues_rip_unused(EHCIState *ehci, int async)
634{
635 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
636 const char *warn = async ? "guest unlinked busy QH" : NULL;
637 uint64_t maxage = FRAME_TIMER_NS * ehci->maxframes * 4;
638 EHCIQueue *q, *tmp;
639
640 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
641 if (q->seen) {
642 q->seen = 0;
643 q->ts = ehci->last_run_ns;
644 continue;
645 }
646 if (ehci->last_run_ns < q->ts + maxage) {
647 continue;
648 }
649 ehci_free_queue(q, warn);
650 }
651}
652
653static void ehci_queues_rip_unseen(EHCIState *ehci, int async)
654{
655 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
656 EHCIQueue *q, *tmp;
657
658 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
659 if (!q->seen) {
660 ehci_free_queue(q, NULL);
661 }
662 }
663}
664
665static void ehci_queues_rip_device(EHCIState *ehci, USBDevice *dev, int async)
666{
667 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
668 EHCIQueue *q, *tmp;
669
670 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
671 if (q->dev != dev) {
672 continue;
673 }
674 ehci_free_queue(q, NULL);
675 }
676}
677
678static void ehci_queues_rip_all(EHCIState *ehci, int async)
679{
680 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
681 const char *warn = async ? "guest stopped busy async schedule" : NULL;
682 EHCIQueue *q, *tmp;
683
684 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
685 ehci_free_queue(q, warn);
686 }
687}
688
689
690
691static void ehci_attach(USBPort *port)
692{
693 EHCIState *s = port->opaque;
694 uint32_t *portsc = &s->portsc[port->index];
695 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci";
696
697 trace_usb_ehci_port_attach(port->index, owner, port->dev->product_desc);
698
699 if (*portsc & PORTSC_POWNER) {
700 USBPort *companion = s->companion_ports[port->index];
701 companion->dev = port->dev;
702 companion->ops->attach(companion);
703 return;
704 }
705
706 *portsc |= PORTSC_CONNECT;
707 *portsc |= PORTSC_CSC;
708
709 ehci_raise_irq(s, USBSTS_PCD);
710}
711
712static void ehci_detach(USBPort *port)
713{
714 EHCIState *s = port->opaque;
715 uint32_t *portsc = &s->portsc[port->index];
716 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci";
717
718 trace_usb_ehci_port_detach(port->index, owner);
719
720 if (*portsc & PORTSC_POWNER) {
721 USBPort *companion = s->companion_ports[port->index];
722 companion->ops->detach(companion);
723 companion->dev = NULL;
724
725
726
727
728 *portsc &= ~PORTSC_POWNER;
729 return;
730 }
731
732 ehci_queues_rip_device(s, port->dev, 0);
733 ehci_queues_rip_device(s, port->dev, 1);
734
735 *portsc &= ~(PORTSC_CONNECT|PORTSC_PED|PORTSC_SUSPEND);
736 *portsc |= PORTSC_CSC;
737
738 ehci_raise_irq(s, USBSTS_PCD);
739}
740
741static void ehci_child_detach(USBPort *port, USBDevice *child)
742{
743 EHCIState *s = port->opaque;
744 uint32_t portsc = s->portsc[port->index];
745
746 if (portsc & PORTSC_POWNER) {
747 USBPort *companion = s->companion_ports[port->index];
748 companion->ops->child_detach(companion, child);
749 return;
750 }
751
752 ehci_queues_rip_device(s, child, 0);
753 ehci_queues_rip_device(s, child, 1);
754}
755
756static void ehci_wakeup(USBPort *port)
757{
758 EHCIState *s = port->opaque;
759 uint32_t *portsc = &s->portsc[port->index];
760
761 if (*portsc & PORTSC_POWNER) {
762 USBPort *companion = s->companion_ports[port->index];
763 if (companion->ops->wakeup) {
764 companion->ops->wakeup(companion);
765 }
766 return;
767 }
768
769 if (*portsc & PORTSC_SUSPEND) {
770 trace_usb_ehci_port_wakeup(port->index);
771 *portsc |= PORTSC_FPRES;
772 ehci_raise_irq(s, USBSTS_PCD);
773 }
774
775 qemu_bh_schedule(s->async_bh);
776}
777
778static void ehci_register_companion(USBBus *bus, USBPort *ports[],
779 uint32_t portcount, uint32_t firstport,
780 Error **errp)
781{
782 EHCIState *s = container_of(bus, EHCIState, bus);
783 uint32_t i;
784
785 if (firstport + portcount > NB_PORTS) {
786 error_setg(errp, "firstport must be between 0 and %u",
787 NB_PORTS - portcount);
788 return;
789 }
790
791 for (i = 0; i < portcount; i++) {
792 if (s->companion_ports[firstport + i]) {
793 error_setg(errp, "firstport %u asks for ports %u-%u,"
794 " but port %u has a companion assigned already",
795 firstport, firstport, firstport + portcount - 1,
796 firstport + i);
797 return;
798 }
799 }
800
801 for (i = 0; i < portcount; i++) {
802 s->companion_ports[firstport + i] = ports[i];
803 s->ports[firstport + i].speedmask |=
804 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL;
805
806 s->portsc[firstport + i] = PORTSC_POWNER;
807 }
808
809 s->companion_count++;
810 s->caps[0x05] = (s->companion_count << 4) | portcount;
811}
812
813static void ehci_wakeup_endpoint(USBBus *bus, USBEndpoint *ep,
814 unsigned int stream)
815{
816 EHCIState *s = container_of(bus, EHCIState, bus);
817 uint32_t portsc = s->portsc[ep->dev->port->index];
818
819 if (portsc & PORTSC_POWNER) {
820 return;
821 }
822
823 s->periodic_sched_active = PERIODIC_ACTIVE;
824 qemu_bh_schedule(s->async_bh);
825}
826
827static USBDevice *ehci_find_device(EHCIState *ehci, uint8_t addr)
828{
829 USBDevice *dev;
830 USBPort *port;
831 int i;
832
833 for (i = 0; i < NB_PORTS; i++) {
834 port = &ehci->ports[i];
835 if (!(ehci->portsc[i] & PORTSC_PED)) {
836 DPRINTF("Port %d not enabled\n", i);
837 continue;
838 }
839 dev = usb_find_device(port, addr);
840 if (dev != NULL) {
841 return dev;
842 }
843 }
844 return NULL;
845}
846
847
848void ehci_reset(void *opaque)
849{
850 EHCIState *s = opaque;
851 int i;
852 USBDevice *devs[NB_PORTS];
853
854 trace_usb_ehci_reset();
855
856
857
858
859
860 for(i = 0; i < NB_PORTS; i++) {
861 devs[i] = s->ports[i].dev;
862 if (devs[i] && devs[i]->attached) {
863 usb_detach(&s->ports[i]);
864 }
865 }
866
867 memset(&s->opreg, 0x00, sizeof(s->opreg));
868 memset(&s->portsc, 0x00, sizeof(s->portsc));
869
870 s->usbcmd = NB_MAXINTRATE << USBCMD_ITC_SH;
871 s->usbsts = USBSTS_HALT;
872 s->usbsts_pending = 0;
873 s->usbsts_frindex = 0;
874 ehci_update_irq(s);
875
876 s->astate = EST_INACTIVE;
877 s->pstate = EST_INACTIVE;
878
879 for(i = 0; i < NB_PORTS; i++) {
880 if (s->companion_ports[i]) {
881 s->portsc[i] = PORTSC_POWNER | PORTSC_PPOWER;
882 } else {
883 s->portsc[i] = PORTSC_PPOWER;
884 }
885 if (devs[i] && devs[i]->attached) {
886 usb_attach(&s->ports[i]);
887 usb_device_reset(devs[i]);
888 }
889 }
890 ehci_queues_rip_all(s, 0);
891 ehci_queues_rip_all(s, 1);
892 timer_del(s->frame_timer);
893 qemu_bh_cancel(s->async_bh);
894}
895
896static uint64_t ehci_caps_read(void *ptr, hwaddr addr,
897 unsigned size)
898{
899 EHCIState *s = ptr;
900 return s->caps[addr];
901}
902
903static void ehci_caps_write(void *ptr, hwaddr addr,
904 uint64_t val, unsigned size)
905{
906}
907
908static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
909 unsigned size)
910{
911 EHCIState *s = ptr;
912 uint32_t val;
913
914 switch (addr) {
915 case FRINDEX:
916
917 val = s->frindex & ~7;
918 break;
919 default:
920 val = s->opreg[addr >> 2];
921 }
922
923 trace_usb_ehci_opreg_read(addr + s->opregbase, addr2str(addr), val);
924 return val;
925}
926
927static uint64_t ehci_port_read(void *ptr, hwaddr addr,
928 unsigned size)
929{
930 EHCIState *s = ptr;
931 uint32_t val;
932
933 val = s->portsc[addr >> 2];
934 trace_usb_ehci_portsc_read(addr + s->portscbase, addr >> 2, val);
935 return val;
936}
937
938static void handle_port_owner_write(EHCIState *s, int port, uint32_t owner)
939{
940 USBDevice *dev = s->ports[port].dev;
941 uint32_t *portsc = &s->portsc[port];
942 uint32_t orig;
943
944 if (s->companion_ports[port] == NULL)
945 return;
946
947 owner = owner & PORTSC_POWNER;
948 orig = *portsc & PORTSC_POWNER;
949
950 if (!(owner ^ orig)) {
951 return;
952 }
953
954 if (dev && dev->attached) {
955 usb_detach(&s->ports[port]);
956 }
957
958 *portsc &= ~PORTSC_POWNER;
959 *portsc |= owner;
960
961 if (dev && dev->attached) {
962 usb_attach(&s->ports[port]);
963 }
964}
965
966static void ehci_port_write(void *ptr, hwaddr addr,
967 uint64_t val, unsigned size)
968{
969 EHCIState *s = ptr;
970 int port = addr >> 2;
971 uint32_t *portsc = &s->portsc[port];
972 uint32_t old = *portsc;
973 USBDevice *dev = s->ports[port].dev;
974
975 trace_usb_ehci_portsc_write(addr + s->portscbase, addr >> 2, val);
976
977
978 *portsc &= ~(val & PORTSC_RWC_MASK);
979
980 *portsc &= val | ~PORTSC_PED;
981
982 handle_port_owner_write(s, port, val);
983
984 val &= PORTSC_RO_MASK;
985
986 if ((val & PORTSC_PRESET) && !(*portsc & PORTSC_PRESET)) {
987 trace_usb_ehci_port_reset(port, 1);
988 }
989
990 if (!(val & PORTSC_PRESET) &&(*portsc & PORTSC_PRESET)) {
991 trace_usb_ehci_port_reset(port, 0);
992 if (dev && dev->attached) {
993 usb_port_reset(&s->ports[port]);
994 *portsc &= ~PORTSC_CSC;
995 }
996
997
998
999
1000
1001 if (dev && dev->attached && (dev->speedmask & USB_SPEED_MASK_HIGH)) {
1002 val |= PORTSC_PED;
1003 }
1004 }
1005
1006 if ((val & PORTSC_SUSPEND) && !(*portsc & PORTSC_SUSPEND)) {
1007 trace_usb_ehci_port_suspend(port);
1008 }
1009 if (!(val & PORTSC_FPRES) && (*portsc & PORTSC_FPRES)) {
1010 trace_usb_ehci_port_resume(port);
1011 val &= ~PORTSC_SUSPEND;
1012 }
1013
1014 *portsc &= ~PORTSC_RO_MASK;
1015 *portsc |= val;
1016 trace_usb_ehci_portsc_change(addr + s->portscbase, addr >> 2, *portsc, old);
1017}
1018
1019static void ehci_opreg_write(void *ptr, hwaddr addr,
1020 uint64_t val, unsigned size)
1021{
1022 EHCIState *s = ptr;
1023 uint32_t *mmio = s->opreg + (addr >> 2);
1024 uint32_t old = *mmio;
1025 int i;
1026
1027 trace_usb_ehci_opreg_write(addr + s->opregbase, addr2str(addr), val);
1028
1029 switch (addr) {
1030 case USBCMD:
1031 if (val & USBCMD_HCRESET) {
1032 ehci_reset(s);
1033 val = s->usbcmd;
1034 break;
1035 }
1036
1037
1038 if ((val & USBCMD_FLS) && !(s->usbcmd & USBCMD_FLS)) {
1039 fprintf(stderr, "attempt to set frame list size -- value %d\n",
1040 (int)val & USBCMD_FLS);
1041 val &= ~USBCMD_FLS;
1042 }
1043
1044 if (val & USBCMD_IAAD) {
1045
1046
1047
1048
1049 s->async_stepdown = 0;
1050 qemu_bh_schedule(s->async_bh);
1051 trace_usb_ehci_doorbell_ring();
1052 }
1053
1054 if (((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & val) !=
1055 ((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & s->usbcmd)) {
1056 if (s->pstate == EST_INACTIVE) {
1057 SET_LAST_RUN_CLOCK(s);
1058 }
1059 s->usbcmd = val;
1060 ehci_update_halt(s);
1061 s->async_stepdown = 0;
1062 qemu_bh_schedule(s->async_bh);
1063 }
1064 break;
1065
1066 case USBSTS:
1067 val &= USBSTS_RO_MASK;
1068 ehci_clear_usbsts(s, val);
1069 val = s->usbsts;
1070 ehci_update_irq(s);
1071 break;
1072
1073 case USBINTR:
1074 val &= USBINTR_MASK;
1075 if (ehci_enabled(s) && (USBSTS_FLR & val)) {
1076 qemu_bh_schedule(s->async_bh);
1077 }
1078 break;
1079
1080 case FRINDEX:
1081 val &= 0x00003fff;
1082 s->usbsts_frindex = val;
1083 break;
1084
1085 case CONFIGFLAG:
1086 val &= 0x1;
1087 if (val) {
1088 for(i = 0; i < NB_PORTS; i++)
1089 handle_port_owner_write(s, i, 0);
1090 }
1091 break;
1092
1093 case PERIODICLISTBASE:
1094 if (ehci_periodic_enabled(s)) {
1095 fprintf(stderr,
1096 "ehci: PERIODIC list base register set while periodic schedule\n"
1097 " is enabled and HC is enabled\n");
1098 }
1099 break;
1100
1101 case ASYNCLISTADDR:
1102 if (ehci_async_enabled(s)) {
1103 fprintf(stderr,
1104 "ehci: ASYNC list address register set while async schedule\n"
1105 " is enabled and HC is enabled\n");
1106 }
1107 break;
1108 }
1109
1110 *mmio = val;
1111 trace_usb_ehci_opreg_change(addr + s->opregbase, addr2str(addr),
1112 *mmio, old);
1113}
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123static void ehci_flush_qh(EHCIQueue *q)
1124{
1125 uint32_t *qh = (uint32_t *) &q->qh;
1126 uint32_t dwords = sizeof(EHCIqh) >> 2;
1127 uint32_t addr = NLPTR_GET(q->qhaddr);
1128
1129 put_dwords(q->ehci, addr + 3 * sizeof(uint32_t), qh + 3, dwords - 3);
1130}
1131
1132
1133
1134static int ehci_qh_do_overlay(EHCIQueue *q)
1135{
1136 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1137 int i;
1138 int dtoggle;
1139 int ping;
1140 int eps;
1141 int reload;
1142
1143 assert(p != NULL);
1144 assert(p->qtdaddr == q->qtdaddr);
1145
1146
1147
1148 dtoggle = q->qh.token & QTD_TOKEN_DTOGGLE;
1149 ping = q->qh.token & QTD_TOKEN_PING;
1150
1151 q->qh.current_qtd = p->qtdaddr;
1152 q->qh.next_qtd = p->qtd.next;
1153 q->qh.altnext_qtd = p->qtd.altnext;
1154 q->qh.token = p->qtd.token;
1155
1156
1157 eps = get_field(q->qh.epchar, QH_EPCHAR_EPS);
1158 if (eps == EHCI_QH_EPS_HIGH) {
1159 q->qh.token &= ~QTD_TOKEN_PING;
1160 q->qh.token |= ping;
1161 }
1162
1163 reload = get_field(q->qh.epchar, QH_EPCHAR_RL);
1164 set_field(&q->qh.altnext_qtd, reload, QH_ALTNEXT_NAKCNT);
1165
1166 for (i = 0; i < 5; i++) {
1167 q->qh.bufptr[i] = p->qtd.bufptr[i];
1168 }
1169
1170 if (!(q->qh.epchar & QH_EPCHAR_DTC)) {
1171
1172 q->qh.token &= ~QTD_TOKEN_DTOGGLE;
1173 q->qh.token |= dtoggle;
1174 }
1175
1176 q->qh.bufptr[1] &= ~BUFPTR_CPROGMASK_MASK;
1177 q->qh.bufptr[2] &= ~BUFPTR_FRAMETAG_MASK;
1178
1179 ehci_flush_qh(q);
1180
1181 return 0;
1182}
1183
1184static int ehci_init_transfer(EHCIPacket *p)
1185{
1186 uint32_t cpage, offset, bytes, plen;
1187 dma_addr_t page;
1188
1189 cpage = get_field(p->qtd.token, QTD_TOKEN_CPAGE);
1190 bytes = get_field(p->qtd.token, QTD_TOKEN_TBYTES);
1191 offset = p->qtd.bufptr[0] & ~QTD_BUFPTR_MASK;
1192 qemu_sglist_init(&p->sgl, p->queue->ehci->device, 5, p->queue->ehci->as);
1193
1194 while (bytes > 0) {
1195 if (cpage > 4) {
1196 fprintf(stderr, "cpage out of range (%d)\n", cpage);
1197 qemu_sglist_destroy(&p->sgl);
1198 return -1;
1199 }
1200
1201 page = p->qtd.bufptr[cpage] & QTD_BUFPTR_MASK;
1202 page += offset;
1203 plen = bytes;
1204 if (plen > 4096 - offset) {
1205 plen = 4096 - offset;
1206 offset = 0;
1207 cpage++;
1208 }
1209
1210 qemu_sglist_add(&p->sgl, page, plen);
1211 bytes -= plen;
1212 }
1213 return 0;
1214}
1215
1216static void ehci_finish_transfer(EHCIQueue *q, int len)
1217{
1218 uint32_t cpage, offset;
1219
1220 if (len > 0) {
1221
1222 cpage = get_field(q->qh.token, QTD_TOKEN_CPAGE);
1223 offset = q->qh.bufptr[0] & ~QTD_BUFPTR_MASK;
1224
1225 offset += len;
1226 cpage += offset >> QTD_BUFPTR_SH;
1227 offset &= ~QTD_BUFPTR_MASK;
1228
1229 set_field(&q->qh.token, cpage, QTD_TOKEN_CPAGE);
1230 q->qh.bufptr[0] &= QTD_BUFPTR_MASK;
1231 q->qh.bufptr[0] |= offset;
1232 }
1233}
1234
1235static void ehci_async_complete_packet(USBPort *port, USBPacket *packet)
1236{
1237 EHCIPacket *p;
1238 EHCIState *s = port->opaque;
1239 uint32_t portsc = s->portsc[port->index];
1240
1241 if (portsc & PORTSC_POWNER) {
1242 USBPort *companion = s->companion_ports[port->index];
1243 companion->ops->complete(companion, packet);
1244 return;
1245 }
1246
1247 p = container_of(packet, EHCIPacket, packet);
1248 assert(p->async == EHCI_ASYNC_INFLIGHT);
1249
1250 if (packet->status == USB_RET_REMOVE_FROM_QUEUE) {
1251 trace_usb_ehci_packet_action(p->queue, p, "remove");
1252 ehci_free_packet(p);
1253 return;
1254 }
1255
1256 trace_usb_ehci_packet_action(p->queue, p, "wakeup");
1257 p->async = EHCI_ASYNC_FINISHED;
1258
1259 if (!p->queue->async) {
1260 s->periodic_sched_active = PERIODIC_ACTIVE;
1261 }
1262 qemu_bh_schedule(s->async_bh);
1263}
1264
1265static void ehci_execute_complete(EHCIQueue *q)
1266{
1267 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1268 uint32_t tbytes;
1269
1270 assert(p != NULL);
1271 assert(p->qtdaddr == q->qtdaddr);
1272 assert(p->async == EHCI_ASYNC_INITIALIZED ||
1273 p->async == EHCI_ASYNC_FINISHED);
1274
1275 DPRINTF("execute_complete: qhaddr 0x%x, next 0x%x, qtdaddr 0x%x, "
1276 "status %d, actual_length %d\n",
1277 q->qhaddr, q->qh.next, q->qtdaddr,
1278 p->packet.status, p->packet.actual_length);
1279
1280 switch (p->packet.status) {
1281 case USB_RET_SUCCESS:
1282 break;
1283 case USB_RET_IOERROR:
1284 case USB_RET_NODEV:
1285 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_XACTERR);
1286 set_field(&q->qh.token, 0, QTD_TOKEN_CERR);
1287 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
1288 break;
1289 case USB_RET_STALL:
1290 q->qh.token |= QTD_TOKEN_HALT;
1291 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
1292 break;
1293 case USB_RET_NAK:
1294 set_field(&q->qh.altnext_qtd, 0, QH_ALTNEXT_NAKCNT);
1295 return;
1296 case USB_RET_BABBLE:
1297 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_BABBLE);
1298 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
1299 break;
1300 default:
1301
1302 fprintf(stderr, "USB invalid response %d\n", p->packet.status);
1303 g_assert_not_reached();
1304 break;
1305 }
1306
1307
1308 tbytes = get_field(q->qh.token, QTD_TOKEN_TBYTES);
1309 if (tbytes && p->pid == USB_TOKEN_IN) {
1310 tbytes -= p->packet.actual_length;
1311 if (tbytes) {
1312
1313 ehci_raise_irq(q->ehci, USBSTS_INT);
1314 if (q->async) {
1315 q->ehci->int_req_by_async = true;
1316 }
1317 }
1318 } else {
1319 tbytes = 0;
1320 }
1321 DPRINTF("updating tbytes to %d\n", tbytes);
1322 set_field(&q->qh.token, tbytes, QTD_TOKEN_TBYTES);
1323
1324 ehci_finish_transfer(q, p->packet.actual_length);
1325 usb_packet_unmap(&p->packet, &p->sgl);
1326 qemu_sglist_destroy(&p->sgl);
1327 p->async = EHCI_ASYNC_NONE;
1328
1329 q->qh.token ^= QTD_TOKEN_DTOGGLE;
1330 q->qh.token &= ~QTD_TOKEN_ACTIVE;
1331
1332 if (q->qh.token & QTD_TOKEN_IOC) {
1333 ehci_raise_irq(q->ehci, USBSTS_INT);
1334 if (q->async) {
1335 q->ehci->int_req_by_async = true;
1336 }
1337 }
1338}
1339
1340
1341static int ehci_execute(EHCIPacket *p, const char *action)
1342{
1343 USBEndpoint *ep;
1344 int endp;
1345 bool spd;
1346
1347 assert(p->async == EHCI_ASYNC_NONE ||
1348 p->async == EHCI_ASYNC_INITIALIZED);
1349
1350 if (!(p->qtd.token & QTD_TOKEN_ACTIVE)) {
1351 fprintf(stderr, "Attempting to execute inactive qtd\n");
1352 return -1;
1353 }
1354
1355 if (get_field(p->qtd.token, QTD_TOKEN_TBYTES) > BUFF_SIZE) {
1356 ehci_trace_guest_bug(p->queue->ehci,
1357 "guest requested more bytes than allowed");
1358 return -1;
1359 }
1360
1361 if (!ehci_verify_pid(p->queue, &p->qtd)) {
1362 ehci_queue_stopped(p->queue);
1363 }
1364 p->pid = ehci_get_pid(&p->qtd);
1365 p->queue->last_pid = p->pid;
1366 endp = get_field(p->queue->qh.epchar, QH_EPCHAR_EP);
1367 ep = usb_ep_get(p->queue->dev, p->pid, endp);
1368
1369 if (p->async == EHCI_ASYNC_NONE) {
1370 if (ehci_init_transfer(p) != 0) {
1371 return -1;
1372 }
1373
1374 spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0);
1375 usb_packet_setup(&p->packet, p->pid, ep, 0, p->qtdaddr, spd,
1376 (p->qtd.token & QTD_TOKEN_IOC) != 0);
1377 usb_packet_map(&p->packet, &p->sgl);
1378 p->async = EHCI_ASYNC_INITIALIZED;
1379 }
1380
1381 trace_usb_ehci_packet_action(p->queue, p, action);
1382 usb_handle_packet(p->queue->dev, &p->packet);
1383 DPRINTF("submit: qh 0x%x next 0x%x qtd 0x%x pid 0x%x len %zd endp 0x%x "
1384 "status %d actual_length %d\n", p->queue->qhaddr, p->qtd.next,
1385 p->qtdaddr, p->pid, p->packet.iov.size, endp, p->packet.status,
1386 p->packet.actual_length);
1387
1388 if (p->packet.actual_length > BUFF_SIZE) {
1389 fprintf(stderr, "ret from usb_handle_packet > BUFF_SIZE\n");
1390 return -1;
1391 }
1392
1393 return 1;
1394}
1395
1396
1397
1398
1399static int ehci_process_itd(EHCIState *ehci,
1400 EHCIitd *itd,
1401 uint32_t addr)
1402{
1403 USBDevice *dev;
1404 USBEndpoint *ep;
1405 uint32_t i, len, pid, dir, devaddr, endp;
1406 uint32_t pg, off, ptr1, ptr2, max, mult;
1407
1408 ehci->periodic_sched_active = PERIODIC_ACTIVE;
1409
1410 dir =(itd->bufptr[1] & ITD_BUFPTR_DIRECTION);
1411 devaddr = get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR);
1412 endp = get_field(itd->bufptr[0], ITD_BUFPTR_EP);
1413 max = get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT);
1414 mult = get_field(itd->bufptr[2], ITD_BUFPTR_MULT);
1415
1416 for(i = 0; i < 8; i++) {
1417 if (itd->transact[i] & ITD_XACT_ACTIVE) {
1418 pg = get_field(itd->transact[i], ITD_XACT_PGSEL);
1419 off = itd->transact[i] & ITD_XACT_OFFSET_MASK;
1420 len = get_field(itd->transact[i], ITD_XACT_LENGTH);
1421
1422 if (len > max * mult) {
1423 len = max * mult;
1424 }
1425 if (len > BUFF_SIZE || pg > 6) {
1426 return -1;
1427 }
1428
1429 ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
1430 qemu_sglist_init(&ehci->isgl, ehci->device, 2, ehci->as);
1431 if (off + len > 4096) {
1432
1433 if (pg == 6) {
1434 qemu_sglist_destroy(&ehci->isgl);
1435 return -1;
1436 }
1437 ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
1438 uint32_t len2 = off + len - 4096;
1439 uint32_t len1 = len - len2;
1440 qemu_sglist_add(&ehci->isgl, ptr1 + off, len1);
1441 qemu_sglist_add(&ehci->isgl, ptr2, len2);
1442 } else {
1443 qemu_sglist_add(&ehci->isgl, ptr1 + off, len);
1444 }
1445
1446 dev = ehci_find_device(ehci, devaddr);
1447 if (dev == NULL) {
1448 ehci_trace_guest_bug(ehci, "no device found");
1449 return -1;
1450 }
1451 pid = dir ? USB_TOKEN_IN : USB_TOKEN_OUT;
1452 ep = usb_ep_get(dev, pid, endp);
1453 if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) {
1454 usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false,
1455 (itd->transact[i] & ITD_XACT_IOC) != 0);
1456 usb_packet_map(&ehci->ipacket, &ehci->isgl);
1457 usb_handle_packet(dev, &ehci->ipacket);
1458 usb_packet_unmap(&ehci->ipacket, &ehci->isgl);
1459 } else {
1460 DPRINTF("ISOCH: attempt to addess non-iso endpoint\n");
1461 ehci->ipacket.status = USB_RET_NAK;
1462 ehci->ipacket.actual_length = 0;
1463 }
1464 qemu_sglist_destroy(&ehci->isgl);
1465
1466 switch (ehci->ipacket.status) {
1467 case USB_RET_SUCCESS:
1468 break;
1469 default:
1470 fprintf(stderr, "Unexpected iso usb result: %d\n",
1471 ehci->ipacket.status);
1472
1473 case USB_RET_IOERROR:
1474 case USB_RET_NODEV:
1475
1476 if (dir) {
1477 itd->transact[i] |= ITD_XACT_XACTERR;
1478 ehci_raise_irq(ehci, USBSTS_ERRINT);
1479 }
1480 break;
1481 case USB_RET_BABBLE:
1482 itd->transact[i] |= ITD_XACT_BABBLE;
1483 ehci_raise_irq(ehci, USBSTS_ERRINT);
1484 break;
1485 case USB_RET_NAK:
1486
1487 ehci->ipacket.actual_length = 0;
1488 break;
1489 }
1490 if (!dir) {
1491 set_field(&itd->transact[i], len - ehci->ipacket.actual_length,
1492 ITD_XACT_LENGTH);
1493 } else {
1494 set_field(&itd->transact[i], ehci->ipacket.actual_length,
1495 ITD_XACT_LENGTH);
1496 }
1497 if (itd->transact[i] & ITD_XACT_IOC) {
1498 ehci_raise_irq(ehci, USBSTS_INT);
1499 }
1500 itd->transact[i] &= ~ITD_XACT_ACTIVE;
1501 }
1502 }
1503 return 0;
1504}
1505
1506
1507
1508
1509
1510static int ehci_state_waitlisthead(EHCIState *ehci, int async)
1511{
1512 EHCIqh qh;
1513 int i = 0;
1514 int again = 0;
1515 uint32_t entry = ehci->asynclistaddr;
1516
1517
1518 if (async) {
1519 ehci_set_usbsts(ehci, USBSTS_REC);
1520 }
1521
1522 ehci_queues_rip_unused(ehci, async);
1523
1524
1525 for(i = 0; i < MAX_QH; i++) {
1526 if (get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &qh,
1527 sizeof(EHCIqh) >> 2) < 0) {
1528 return 0;
1529 }
1530 ehci_trace_qh(NULL, NLPTR_GET(entry), &qh);
1531
1532 if (qh.epchar & QH_EPCHAR_H) {
1533 if (async) {
1534 entry |= (NLPTR_TYPE_QH << 1);
1535 }
1536
1537 ehci_set_fetch_addr(ehci, async, entry);
1538 ehci_set_state(ehci, async, EST_FETCHENTRY);
1539 again = 1;
1540 goto out;
1541 }
1542
1543 entry = qh.next;
1544 if (entry == ehci->asynclistaddr) {
1545 break;
1546 }
1547 }
1548
1549
1550
1551 ehci_set_state(ehci, async, EST_ACTIVE);
1552
1553out:
1554 return again;
1555}
1556
1557
1558
1559
1560
1561static int ehci_state_fetchentry(EHCIState *ehci, int async)
1562{
1563 int again = 0;
1564 uint32_t entry = ehci_get_fetch_addr(ehci, async);
1565
1566 if (NLPTR_TBIT(entry)) {
1567 ehci_set_state(ehci, async, EST_ACTIVE);
1568 goto out;
1569 }
1570
1571
1572 if (async && (NLPTR_TYPE_GET(entry) != NLPTR_TYPE_QH)) {
1573 fprintf(stderr, "non queue head request in async schedule\n");
1574 return -1;
1575 }
1576
1577 switch (NLPTR_TYPE_GET(entry)) {
1578 case NLPTR_TYPE_QH:
1579 ehci_set_state(ehci, async, EST_FETCHQH);
1580 again = 1;
1581 break;
1582
1583 case NLPTR_TYPE_ITD:
1584 ehci_set_state(ehci, async, EST_FETCHITD);
1585 again = 1;
1586 break;
1587
1588 case NLPTR_TYPE_STITD:
1589 ehci_set_state(ehci, async, EST_FETCHSITD);
1590 again = 1;
1591 break;
1592
1593 default:
1594
1595 fprintf(stderr, "FETCHENTRY: entry at %X is of type %d "
1596 "which is not supported yet\n", entry, NLPTR_TYPE_GET(entry));
1597 return -1;
1598 }
1599
1600out:
1601 return again;
1602}
1603
1604static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async)
1605{
1606 uint32_t entry;
1607 EHCIQueue *q;
1608 EHCIqh qh;
1609
1610 entry = ehci_get_fetch_addr(ehci, async);
1611 q = ehci_find_queue_by_qh(ehci, entry, async);
1612 if (q == NULL) {
1613 q = ehci_alloc_queue(ehci, entry, async);
1614 }
1615
1616 q->seen++;
1617 if (q->seen > 1) {
1618
1619 ehci_set_state(ehci, async, EST_ACTIVE);
1620 q = NULL;
1621 goto out;
1622 }
1623
1624 if (get_dwords(ehci, NLPTR_GET(q->qhaddr),
1625 (uint32_t *) &qh, sizeof(EHCIqh) >> 2) < 0) {
1626 q = NULL;
1627 goto out;
1628 }
1629 ehci_trace_qh(q, NLPTR_GET(q->qhaddr), &qh);
1630
1631
1632
1633
1634
1635 if (!ehci_verify_qh(q, &qh)) {
1636 if (ehci_reset_queue(q) > 0) {
1637 ehci_trace_guest_bug(ehci, "guest updated active QH");
1638 }
1639 }
1640 q->qh = qh;
1641
1642 q->transact_ctr = get_field(q->qh.epcap, QH_EPCAP_MULT);
1643 if (q->transact_ctr == 0) {
1644 q->transact_ctr = 4;
1645 }
1646
1647 if (q->dev == NULL) {
1648 q->dev = ehci_find_device(q->ehci,
1649 get_field(q->qh.epchar, QH_EPCHAR_DEVADDR));
1650 }
1651
1652 if (async && (q->qh.epchar & QH_EPCHAR_H)) {
1653
1654
1655 if (ehci->usbsts & USBSTS_REC) {
1656 ehci_clear_usbsts(ehci, USBSTS_REC);
1657 } else {
1658 DPRINTF("FETCHQH: QH 0x%08x. H-bit set, reclamation status reset"
1659 " - done processing\n", q->qhaddr);
1660 ehci_set_state(ehci, async, EST_ACTIVE);
1661 q = NULL;
1662 goto out;
1663 }
1664 }
1665
1666#if EHCI_DEBUG
1667 if (q->qhaddr != q->qh.next) {
1668 DPRINTF("FETCHQH: QH 0x%08x (h %x halt %x active %x) next 0x%08x\n",
1669 q->qhaddr,
1670 q->qh.epchar & QH_EPCHAR_H,
1671 q->qh.token & QTD_TOKEN_HALT,
1672 q->qh.token & QTD_TOKEN_ACTIVE,
1673 q->qh.next);
1674 }
1675#endif
1676
1677 if (q->qh.token & QTD_TOKEN_HALT) {
1678 ehci_set_state(ehci, async, EST_HORIZONTALQH);
1679
1680 } else if ((q->qh.token & QTD_TOKEN_ACTIVE) &&
1681 (NLPTR_TBIT(q->qh.current_qtd) == 0) &&
1682 (q->qh.current_qtd != 0)) {
1683 q->qtdaddr = q->qh.current_qtd;
1684 ehci_set_state(ehci, async, EST_FETCHQTD);
1685
1686 } else {
1687
1688 ehci_set_state(ehci, async, EST_ADVANCEQUEUE);
1689 }
1690
1691out:
1692 return q;
1693}
1694
1695static int ehci_state_fetchitd(EHCIState *ehci, int async)
1696{
1697 uint32_t entry;
1698 EHCIitd itd;
1699
1700 assert(!async);
1701 entry = ehci_get_fetch_addr(ehci, async);
1702
1703 if (get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd,
1704 sizeof(EHCIitd) >> 2) < 0) {
1705 return -1;
1706 }
1707 ehci_trace_itd(ehci, entry, &itd);
1708
1709 if (ehci_process_itd(ehci, &itd, entry) != 0) {
1710 return -1;
1711 }
1712
1713 put_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd,
1714 sizeof(EHCIitd) >> 2);
1715 ehci_set_fetch_addr(ehci, async, itd.next);
1716 ehci_set_state(ehci, async, EST_FETCHENTRY);
1717
1718 return 1;
1719}
1720
1721static int ehci_state_fetchsitd(EHCIState *ehci, int async)
1722{
1723 uint32_t entry;
1724 EHCIsitd sitd;
1725
1726 assert(!async);
1727 entry = ehci_get_fetch_addr(ehci, async);
1728
1729 if (get_dwords(ehci, NLPTR_GET(entry), (uint32_t *)&sitd,
1730 sizeof(EHCIsitd) >> 2) < 0) {
1731 return 0;
1732 }
1733 ehci_trace_sitd(ehci, entry, &sitd);
1734
1735 if (!(sitd.results & SITD_RESULTS_ACTIVE)) {
1736 ;
1737 } else {
1738
1739 warn_report("Skipping active siTD");
1740 }
1741
1742 ehci_set_fetch_addr(ehci, async, sitd.next);
1743 ehci_set_state(ehci, async, EST_FETCHENTRY);
1744 return 1;
1745}
1746
1747
1748static int ehci_state_advqueue(EHCIQueue *q)
1749{
1750#if 0
1751
1752
1753
1754
1755 if (I-bit set) {
1756 ehci_set_state(ehci, async, EST_HORIZONTALQH);
1757 goto out;
1758 }
1759#endif
1760
1761
1762
1763
1764 if (((q->qh.token & QTD_TOKEN_TBYTES_MASK) != 0) &&
1765 (NLPTR_TBIT(q->qh.altnext_qtd) == 0)) {
1766 q->qtdaddr = q->qh.altnext_qtd;
1767 ehci_set_state(q->ehci, q->async, EST_FETCHQTD);
1768
1769
1770
1771
1772 } else if (NLPTR_TBIT(q->qh.next_qtd) == 0) {
1773 q->qtdaddr = q->qh.next_qtd;
1774 ehci_set_state(q->ehci, q->async, EST_FETCHQTD);
1775
1776
1777
1778
1779 } else {
1780 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1781 }
1782
1783 return 1;
1784}
1785
1786
1787static int ehci_state_fetchqtd(EHCIQueue *q)
1788{
1789 EHCIqtd qtd;
1790 EHCIPacket *p;
1791 int again = 1;
1792 uint32_t addr;
1793
1794 addr = NLPTR_GET(q->qtdaddr);
1795 if (get_dwords(q->ehci, addr + 8, &qtd.token, 1) < 0) {
1796 return 0;
1797 }
1798 barrier();
1799 if (get_dwords(q->ehci, addr + 0, &qtd.next, 1) < 0 ||
1800 get_dwords(q->ehci, addr + 4, &qtd.altnext, 1) < 0 ||
1801 get_dwords(q->ehci, addr + 12, qtd.bufptr,
1802 ARRAY_SIZE(qtd.bufptr)) < 0) {
1803 return 0;
1804 }
1805 ehci_trace_qtd(q, NLPTR_GET(q->qtdaddr), &qtd);
1806
1807 p = QTAILQ_FIRST(&q->packets);
1808 if (p != NULL) {
1809 if (!ehci_verify_qtd(p, &qtd)) {
1810 ehci_cancel_queue(q);
1811 if (qtd.token & QTD_TOKEN_ACTIVE) {
1812 ehci_trace_guest_bug(q->ehci, "guest updated active qTD");
1813 }
1814 p = NULL;
1815 } else {
1816 p->qtd = qtd;
1817 ehci_qh_do_overlay(q);
1818 }
1819 }
1820
1821 if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
1822 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1823 } else if (p != NULL) {
1824 switch (p->async) {
1825 case EHCI_ASYNC_NONE:
1826 case EHCI_ASYNC_INITIALIZED:
1827
1828 ehci_set_state(q->ehci, q->async, EST_EXECUTE);
1829 break;
1830 case EHCI_ASYNC_INFLIGHT:
1831
1832 again = ehci_fill_queue(QTAILQ_LAST(&q->packets));
1833
1834 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1835 break;
1836 case EHCI_ASYNC_FINISHED:
1837
1838 ehci_set_state(q->ehci, q->async, EST_EXECUTING);
1839 break;
1840 }
1841 } else if (q->dev == NULL) {
1842 ehci_trace_guest_bug(q->ehci, "no device attached to queue");
1843 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1844 } else {
1845 p = ehci_alloc_packet(q);
1846 p->qtdaddr = q->qtdaddr;
1847 p->qtd = qtd;
1848 ehci_set_state(q->ehci, q->async, EST_EXECUTE);
1849 }
1850
1851 return again;
1852}
1853
1854static int ehci_state_horizqh(EHCIQueue *q)
1855{
1856 int again = 0;
1857
1858 if (ehci_get_fetch_addr(q->ehci, q->async) != q->qh.next) {
1859 ehci_set_fetch_addr(q->ehci, q->async, q->qh.next);
1860 ehci_set_state(q->ehci, q->async, EST_FETCHENTRY);
1861 again = 1;
1862 } else {
1863 ehci_set_state(q->ehci, q->async, EST_ACTIVE);
1864 }
1865
1866 return again;
1867}
1868
1869
1870static int ehci_fill_queue(EHCIPacket *p)
1871{
1872 USBEndpoint *ep = p->packet.ep;
1873 EHCIQueue *q = p->queue;
1874 EHCIqtd qtd = p->qtd;
1875 uint32_t qtdaddr;
1876
1877 for (;;) {
1878 if (NLPTR_TBIT(qtd.next) != 0) {
1879 break;
1880 }
1881 qtdaddr = qtd.next;
1882
1883
1884
1885
1886 QTAILQ_FOREACH(p, &q->packets, next) {
1887 if (p->qtdaddr == qtdaddr) {
1888 goto leave;
1889 }
1890 }
1891 if (get_dwords(q->ehci, NLPTR_GET(qtdaddr),
1892 (uint32_t *) &qtd, sizeof(EHCIqtd) >> 2) < 0) {
1893 return -1;
1894 }
1895 ehci_trace_qtd(q, NLPTR_GET(qtdaddr), &qtd);
1896 if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
1897 break;
1898 }
1899 if (!ehci_verify_pid(q, &qtd)) {
1900 ehci_trace_guest_bug(q->ehci, "guest queued token with wrong pid");
1901 break;
1902 }
1903 p = ehci_alloc_packet(q);
1904 p->qtdaddr = qtdaddr;
1905 p->qtd = qtd;
1906 if (ehci_execute(p, "queue") == -1) {
1907 return -1;
1908 }
1909 assert(p->packet.status == USB_RET_ASYNC);
1910 p->async = EHCI_ASYNC_INFLIGHT;
1911 }
1912leave:
1913 usb_device_flush_ep_queue(ep->dev, ep);
1914 return 1;
1915}
1916
1917static int ehci_state_execute(EHCIQueue *q)
1918{
1919 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1920 int again = 0;
1921
1922 assert(p != NULL);
1923 assert(p->qtdaddr == q->qtdaddr);
1924
1925 if (ehci_qh_do_overlay(q) != 0) {
1926 return -1;
1927 }
1928
1929
1930
1931
1932
1933 if (!q->async && q->transact_ctr == 0) {
1934 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1935 again = 1;
1936 goto out;
1937 }
1938
1939 if (q->async) {
1940 ehci_set_usbsts(q->ehci, USBSTS_REC);
1941 }
1942
1943 again = ehci_execute(p, "process");
1944 if (again == -1) {
1945 goto out;
1946 }
1947 if (p->packet.status == USB_RET_ASYNC) {
1948 ehci_flush_qh(q);
1949 trace_usb_ehci_packet_action(p->queue, p, "async");
1950 p->async = EHCI_ASYNC_INFLIGHT;
1951 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1952 if (q->async) {
1953 again = ehci_fill_queue(p);
1954 } else {
1955 again = 1;
1956 }
1957 goto out;
1958 }
1959
1960 ehci_set_state(q->ehci, q->async, EST_EXECUTING);
1961 again = 1;
1962
1963out:
1964 return again;
1965}
1966
1967static int ehci_state_executing(EHCIQueue *q)
1968{
1969 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1970
1971 assert(p != NULL);
1972 assert(p->qtdaddr == q->qtdaddr);
1973
1974 ehci_execute_complete(q);
1975
1976
1977 if (!q->async && q->transact_ctr > 0) {
1978 q->transact_ctr--;
1979 }
1980
1981
1982 if (p->packet.status == USB_RET_NAK) {
1983 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1984 } else {
1985 ehci_set_state(q->ehci, q->async, EST_WRITEBACK);
1986 }
1987
1988 ehci_flush_qh(q);
1989 return 1;
1990}
1991
1992
1993static int ehci_state_writeback(EHCIQueue *q)
1994{
1995 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1996 uint32_t *qtd, addr;
1997 int again = 0;
1998
1999
2000 assert(p != NULL);
2001 assert(p->qtdaddr == q->qtdaddr);
2002
2003 ehci_trace_qtd(q, NLPTR_GET(p->qtdaddr), (EHCIqtd *) &q->qh.next_qtd);
2004 qtd = (uint32_t *) &q->qh.next_qtd;
2005 addr = NLPTR_GET(p->qtdaddr);
2006 put_dwords(q->ehci, addr + 2 * sizeof(uint32_t), qtd + 2, 2);
2007 ehci_free_packet(p);
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017 if (q->qh.token & QTD_TOKEN_HALT) {
2018 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
2019 again = 1;
2020 } else {
2021 ehci_set_state(q->ehci, q->async, EST_ADVANCEQUEUE);
2022 again = 1;
2023 }
2024 return again;
2025}
2026
2027
2028
2029
2030
2031static void ehci_advance_state(EHCIState *ehci, int async)
2032{
2033 EHCIQueue *q = NULL;
2034 int itd_count = 0;
2035 int again;
2036
2037 do {
2038 switch(ehci_get_state(ehci, async)) {
2039 case EST_WAITLISTHEAD:
2040 again = ehci_state_waitlisthead(ehci, async);
2041 break;
2042
2043 case EST_FETCHENTRY:
2044 again = ehci_state_fetchentry(ehci, async);
2045 break;
2046
2047 case EST_FETCHQH:
2048 q = ehci_state_fetchqh(ehci, async);
2049 if (q != NULL) {
2050 assert(q->async == async);
2051 again = 1;
2052 } else {
2053 again = 0;
2054 }
2055 break;
2056
2057 case EST_FETCHITD:
2058 again = ehci_state_fetchitd(ehci, async);
2059 itd_count++;
2060 break;
2061
2062 case EST_FETCHSITD:
2063 again = ehci_state_fetchsitd(ehci, async);
2064 itd_count++;
2065 break;
2066
2067 case EST_ADVANCEQUEUE:
2068 assert(q != NULL);
2069 again = ehci_state_advqueue(q);
2070 break;
2071
2072 case EST_FETCHQTD:
2073 assert(q != NULL);
2074 again = ehci_state_fetchqtd(q);
2075 break;
2076
2077 case EST_HORIZONTALQH:
2078 assert(q != NULL);
2079 again = ehci_state_horizqh(q);
2080 break;
2081
2082 case EST_EXECUTE:
2083 assert(q != NULL);
2084 again = ehci_state_execute(q);
2085 if (async) {
2086 ehci->async_stepdown = 0;
2087 }
2088 break;
2089
2090 case EST_EXECUTING:
2091 assert(q != NULL);
2092 if (async) {
2093 ehci->async_stepdown = 0;
2094 }
2095 again = ehci_state_executing(q);
2096 break;
2097
2098 case EST_WRITEBACK:
2099 assert(q != NULL);
2100 again = ehci_state_writeback(q);
2101 if (!async) {
2102 ehci->periodic_sched_active = PERIODIC_ACTIVE;
2103 }
2104 break;
2105
2106 default:
2107 fprintf(stderr, "Bad state!\n");
2108 again = -1;
2109 g_assert_not_reached();
2110 break;
2111 }
2112
2113 if (again < 0 || itd_count > 16) {
2114
2115 fprintf(stderr, "processing error - resetting ehci HC\n");
2116 ehci_reset(ehci);
2117 again = 0;
2118 }
2119 }
2120 while (again);
2121}
2122
2123static void ehci_advance_async_state(EHCIState *ehci)
2124{
2125 const int async = 1;
2126
2127 switch(ehci_get_state(ehci, async)) {
2128 case EST_INACTIVE:
2129 if (!ehci_async_enabled(ehci)) {
2130 break;
2131 }
2132 ehci_set_state(ehci, async, EST_ACTIVE);
2133
2134
2135 case EST_ACTIVE:
2136 if (!ehci_async_enabled(ehci)) {
2137 ehci_queues_rip_all(ehci, async);
2138 ehci_set_state(ehci, async, EST_INACTIVE);
2139 break;
2140 }
2141
2142
2143
2144 if (ehci->usbsts & USBSTS_IAA) {
2145 DPRINTF("IAA status bit still set.\n");
2146 break;
2147 }
2148
2149
2150 if (ehci->asynclistaddr == 0) {
2151 break;
2152 }
2153
2154 ehci_set_state(ehci, async, EST_WAITLISTHEAD);
2155 ehci_advance_state(ehci, async);
2156
2157
2158
2159
2160
2161 if (ehci->usbcmd & USBCMD_IAAD) {
2162
2163 ehci_queues_rip_unseen(ehci, async);
2164 trace_usb_ehci_doorbell_ack();
2165 ehci->usbcmd &= ~USBCMD_IAAD;
2166 ehci_raise_irq(ehci, USBSTS_IAA);
2167 }
2168 break;
2169
2170 default:
2171
2172 fprintf(stderr, "ehci: Bad asynchronous state %d. "
2173 "Resetting to active\n", ehci->astate);
2174 g_assert_not_reached();
2175 }
2176}
2177
2178static void ehci_advance_periodic_state(EHCIState *ehci)
2179{
2180 uint32_t entry;
2181 uint32_t list;
2182 const int async = 0;
2183
2184
2185
2186 switch(ehci_get_state(ehci, async)) {
2187 case EST_INACTIVE:
2188 if (!(ehci->frindex & 7) && ehci_periodic_enabled(ehci)) {
2189 ehci_set_state(ehci, async, EST_ACTIVE);
2190
2191 } else
2192 break;
2193
2194 case EST_ACTIVE:
2195 if (!(ehci->frindex & 7) && !ehci_periodic_enabled(ehci)) {
2196 ehci_queues_rip_all(ehci, async);
2197 ehci_set_state(ehci, async, EST_INACTIVE);
2198 break;
2199 }
2200
2201 list = ehci->periodiclistbase & 0xfffff000;
2202
2203 if (list == 0) {
2204 break;
2205 }
2206 list |= ((ehci->frindex & 0x1ff8) >> 1);
2207
2208 if (get_dwords(ehci, list, &entry, 1) < 0) {
2209 break;
2210 }
2211
2212 DPRINTF("PERIODIC state adv fr=%d. [%08X] -> %08X\n",
2213 ehci->frindex / 8, list, entry);
2214 ehci_set_fetch_addr(ehci, async,entry);
2215 ehci_set_state(ehci, async, EST_FETCHENTRY);
2216 ehci_advance_state(ehci, async);
2217 ehci_queues_rip_unused(ehci, async);
2218 break;
2219
2220 default:
2221
2222 fprintf(stderr, "ehci: Bad periodic state %d. "
2223 "Resetting to active\n", ehci->pstate);
2224 g_assert_not_reached();
2225 }
2226}
2227
2228static void ehci_update_frindex(EHCIState *ehci, int uframes)
2229{
2230 if (!ehci_enabled(ehci) && ehci->pstate == EST_INACTIVE) {
2231 return;
2232 }
2233
2234
2235 if ((ehci->frindex % 0x2000) + uframes >= 0x2000) {
2236 ehci_raise_irq(ehci, USBSTS_FLR);
2237 }
2238
2239
2240
2241
2242 int rollovers = (ehci->frindex + uframes) / 0x4000;
2243 if (rollovers > 0) {
2244 if (ehci->usbsts_frindex >= (rollovers * 0x4000)) {
2245 ehci->usbsts_frindex -= 0x4000 * rollovers;
2246 } else {
2247 ehci->usbsts_frindex = 0;
2248 }
2249 }
2250
2251 ehci->frindex = (ehci->frindex + uframes) % 0x4000;
2252}
2253
2254static void ehci_work_bh(void *opaque)
2255{
2256 EHCIState *ehci = opaque;
2257 int need_timer = 0;
2258 int64_t expire_time, t_now;
2259 uint64_t ns_elapsed;
2260 uint64_t uframes, skipped_uframes;
2261 int i;
2262
2263 if (ehci->working) {
2264 return;
2265 }
2266 ehci->working = true;
2267
2268 t_now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
2269 ns_elapsed = t_now - ehci->last_run_ns;
2270 uframes = ns_elapsed / UFRAME_TIMER_NS;
2271
2272 if (ehci_periodic_enabled(ehci) || ehci->pstate != EST_INACTIVE) {
2273 need_timer++;
2274
2275 if (uframes > (ehci->maxframes * 8)) {
2276 skipped_uframes = uframes - (ehci->maxframes * 8);
2277 ehci_update_frindex(ehci, skipped_uframes);
2278 ehci->last_run_ns += UFRAME_TIMER_NS * skipped_uframes;
2279 uframes -= skipped_uframes;
2280 DPRINTF("WARNING - EHCI skipped %d uframes\n", skipped_uframes);
2281 }
2282
2283 for (i = 0; i < uframes; i++) {
2284
2285
2286
2287
2288
2289
2290
2291 if (i >= MIN_UFR_PER_TICK) {
2292 ehci_commit_irq(ehci);
2293 if ((ehci->usbsts & USBINTR_MASK) & ehci->usbintr) {
2294 break;
2295 }
2296 }
2297 if (ehci->periodic_sched_active) {
2298 ehci->periodic_sched_active--;
2299 }
2300 ehci_update_frindex(ehci, 1);
2301 if ((ehci->frindex & 7) == 0) {
2302 ehci_advance_periodic_state(ehci);
2303 }
2304 ehci->last_run_ns += UFRAME_TIMER_NS;
2305 }
2306 } else {
2307 ehci->periodic_sched_active = 0;
2308 ehci_update_frindex(ehci, uframes);
2309 ehci->last_run_ns += UFRAME_TIMER_NS * uframes;
2310 }
2311
2312 if (ehci->periodic_sched_active) {
2313 ehci->async_stepdown = 0;
2314 } else if (ehci->async_stepdown < ehci->maxframes / 2) {
2315 ehci->async_stepdown++;
2316 }
2317
2318
2319
2320
2321 if (ehci_async_enabled(ehci) || ehci->astate != EST_INACTIVE) {
2322 need_timer++;
2323 ehci_advance_async_state(ehci);
2324 }
2325
2326 ehci_commit_irq(ehci);
2327 if (ehci->usbsts_pending) {
2328 need_timer++;
2329 ehci->async_stepdown = 0;
2330 }
2331
2332 if (ehci_enabled(ehci) && (ehci->usbintr & USBSTS_FLR)) {
2333 need_timer++;
2334 }
2335
2336 if (need_timer) {
2337
2338
2339 if (ehci->int_req_by_async && (ehci->usbsts & USBSTS_INT)) {
2340 expire_time = t_now +
2341 NANOSECONDS_PER_SECOND / (FRAME_TIMER_FREQ * 4);
2342 ehci->int_req_by_async = false;
2343 } else {
2344 expire_time = t_now + (NANOSECONDS_PER_SECOND
2345 * (ehci->async_stepdown+1) / FRAME_TIMER_FREQ);
2346 }
2347 timer_mod(ehci->frame_timer, expire_time);
2348 }
2349
2350 ehci->working = false;
2351}
2352
2353static void ehci_work_timer(void *opaque)
2354{
2355 EHCIState *ehci = opaque;
2356
2357 qemu_bh_schedule(ehci->async_bh);
2358}
2359
2360static const MemoryRegionOps ehci_mmio_caps_ops = {
2361 .read = ehci_caps_read,
2362 .write = ehci_caps_write,
2363 .valid.min_access_size = 1,
2364 .valid.max_access_size = 4,
2365 .impl.min_access_size = 1,
2366 .impl.max_access_size = 1,
2367 .endianness = DEVICE_LITTLE_ENDIAN,
2368};
2369
2370static const MemoryRegionOps ehci_mmio_opreg_ops = {
2371 .read = ehci_opreg_read,
2372 .write = ehci_opreg_write,
2373 .valid.min_access_size = 4,
2374 .valid.max_access_size = 4,
2375 .endianness = DEVICE_LITTLE_ENDIAN,
2376};
2377
2378static const MemoryRegionOps ehci_mmio_port_ops = {
2379 .read = ehci_port_read,
2380 .write = ehci_port_write,
2381 .valid.min_access_size = 4,
2382 .valid.max_access_size = 4,
2383 .endianness = DEVICE_LITTLE_ENDIAN,
2384};
2385
2386static USBPortOps ehci_port_ops = {
2387 .attach = ehci_attach,
2388 .detach = ehci_detach,
2389 .child_detach = ehci_child_detach,
2390 .wakeup = ehci_wakeup,
2391 .complete = ehci_async_complete_packet,
2392};
2393
2394static USBBusOps ehci_bus_ops_companion = {
2395 .register_companion = ehci_register_companion,
2396 .wakeup_endpoint = ehci_wakeup_endpoint,
2397};
2398static USBBusOps ehci_bus_ops_standalone = {
2399 .wakeup_endpoint = ehci_wakeup_endpoint,
2400};
2401
2402static int usb_ehci_pre_save(void *opaque)
2403{
2404 EHCIState *ehci = opaque;
2405 uint32_t new_frindex;
2406
2407
2408 new_frindex = ehci->frindex & ~7;
2409 ehci->last_run_ns -= (ehci->frindex - new_frindex) * UFRAME_TIMER_NS;
2410 ehci->frindex = new_frindex;
2411
2412 return 0;
2413}
2414
2415static int usb_ehci_post_load(void *opaque, int version_id)
2416{
2417 EHCIState *s = opaque;
2418 int i;
2419
2420 for (i = 0; i < NB_PORTS; i++) {
2421 USBPort *companion = s->companion_ports[i];
2422 if (companion == NULL) {
2423 continue;
2424 }
2425 if (s->portsc[i] & PORTSC_POWNER) {
2426 companion->dev = s->ports[i].dev;
2427 } else {
2428 companion->dev = NULL;
2429 }
2430 }
2431
2432 return 0;
2433}
2434
2435static void usb_ehci_vm_state_change(void *opaque, int running, RunState state)
2436{
2437 EHCIState *ehci = opaque;
2438
2439
2440
2441
2442
2443
2444
2445 if (state == RUN_STATE_RUNNING) {
2446 ehci_advance_async_state(ehci);
2447 }
2448
2449
2450
2451
2452
2453
2454
2455 if (state == RUN_STATE_SAVE_VM) {
2456 ehci_advance_async_state(ehci);
2457 ehci_queues_rip_unseen(ehci, 1);
2458 }
2459}
2460
2461const VMStateDescription vmstate_ehci = {
2462 .name = "ehci-core",
2463 .version_id = 2,
2464 .minimum_version_id = 1,
2465 .pre_save = usb_ehci_pre_save,
2466 .post_load = usb_ehci_post_load,
2467 .fields = (VMStateField[]) {
2468
2469 VMSTATE_UINT32(usbcmd, EHCIState),
2470 VMSTATE_UINT32(usbsts, EHCIState),
2471 VMSTATE_UINT32_V(usbsts_pending, EHCIState, 2),
2472 VMSTATE_UINT32_V(usbsts_frindex, EHCIState, 2),
2473 VMSTATE_UINT32(usbintr, EHCIState),
2474 VMSTATE_UINT32(frindex, EHCIState),
2475 VMSTATE_UINT32(ctrldssegment, EHCIState),
2476 VMSTATE_UINT32(periodiclistbase, EHCIState),
2477 VMSTATE_UINT32(asynclistaddr, EHCIState),
2478 VMSTATE_UINT32(configflag, EHCIState),
2479 VMSTATE_UINT32(portsc[0], EHCIState),
2480 VMSTATE_UINT32(portsc[1], EHCIState),
2481 VMSTATE_UINT32(portsc[2], EHCIState),
2482 VMSTATE_UINT32(portsc[3], EHCIState),
2483 VMSTATE_UINT32(portsc[4], EHCIState),
2484 VMSTATE_UINT32(portsc[5], EHCIState),
2485
2486 VMSTATE_TIMER_PTR(frame_timer, EHCIState),
2487 VMSTATE_UINT64(last_run_ns, EHCIState),
2488 VMSTATE_UINT32(async_stepdown, EHCIState),
2489
2490 VMSTATE_UINT32(astate, EHCIState),
2491 VMSTATE_UINT32(pstate, EHCIState),
2492 VMSTATE_UINT32(a_fetch_addr, EHCIState),
2493 VMSTATE_UINT32(p_fetch_addr, EHCIState),
2494 VMSTATE_END_OF_LIST()
2495 }
2496};
2497
2498void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp)
2499{
2500 int i;
2501
2502 if (s->portnr > NB_PORTS) {
2503 error_setg(errp, "Too many ports! Max. port number is %d.",
2504 NB_PORTS);
2505 return;
2506 }
2507 if (s->maxframes < 8 || s->maxframes > 512) {
2508 error_setg(errp, "maxframes %d out if range (8 .. 512)",
2509 s->maxframes);
2510 return;
2511 }
2512
2513 usb_bus_new(&s->bus, sizeof(s->bus), s->companion_enable ?
2514 &ehci_bus_ops_companion : &ehci_bus_ops_standalone, dev);
2515 for (i = 0; i < s->portnr; i++) {
2516 usb_register_port(&s->bus, &s->ports[i], s, i, &ehci_port_ops,
2517 USB_SPEED_MASK_HIGH);
2518 s->ports[i].dev = 0;
2519 }
2520
2521 s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ehci_work_timer, s);
2522 s->async_bh = qemu_bh_new(ehci_work_bh, s);
2523 s->device = dev;
2524
2525 s->vmstate = qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s);
2526}
2527
2528void usb_ehci_unrealize(EHCIState *s, DeviceState *dev, Error **errp)
2529{
2530 trace_usb_ehci_unrealize();
2531
2532 if (s->frame_timer) {
2533 timer_del(s->frame_timer);
2534 timer_free(s->frame_timer);
2535 s->frame_timer = NULL;
2536 }
2537 if (s->async_bh) {
2538 qemu_bh_delete(s->async_bh);
2539 }
2540
2541 ehci_queues_rip_all(s, 0);
2542 ehci_queues_rip_all(s, 1);
2543
2544 memory_region_del_subregion(&s->mem, &s->mem_caps);
2545 memory_region_del_subregion(&s->mem, &s->mem_opreg);
2546 memory_region_del_subregion(&s->mem, &s->mem_ports);
2547
2548 usb_bus_release(&s->bus);
2549
2550 if (s->vmstate) {
2551 qemu_del_vm_change_state_handler(s->vmstate);
2552 }
2553}
2554
2555void usb_ehci_init(EHCIState *s, DeviceState *dev)
2556{
2557
2558 s->caps[0x00] = (uint8_t)(s->opregbase - s->capsbase);
2559 s->caps[0x01] = 0x00;
2560 s->caps[0x02] = 0x00;
2561 s->caps[0x03] = 0x01;
2562 s->caps[0x04] = s->portnr;
2563 s->caps[0x05] = 0x00;
2564 s->caps[0x06] = 0x00;
2565 s->caps[0x07] = 0x00;
2566 s->caps[0x08] = 0x80;
2567 s->caps[0x0a] = 0x00;
2568 s->caps[0x0b] = 0x00;
2569
2570 QTAILQ_INIT(&s->aqueues);
2571 QTAILQ_INIT(&s->pqueues);
2572 usb_packet_init(&s->ipacket);
2573
2574 memory_region_init(&s->mem, OBJECT(dev), "ehci", MMIO_SIZE);
2575 memory_region_init_io(&s->mem_caps, OBJECT(dev), &ehci_mmio_caps_ops, s,
2576 "capabilities", CAPA_SIZE);
2577 memory_region_init_io(&s->mem_opreg, OBJECT(dev), &ehci_mmio_opreg_ops, s,
2578 "operational", s->portscbase);
2579 memory_region_init_io(&s->mem_ports, OBJECT(dev), &ehci_mmio_port_ops, s,
2580 "ports", 4 * s->portnr);
2581
2582 memory_region_add_subregion(&s->mem, s->capsbase, &s->mem_caps);
2583 memory_region_add_subregion(&s->mem, s->opregbase, &s->mem_opreg);
2584 memory_region_add_subregion(&s->mem, s->opregbase + s->portscbase,
2585 &s->mem_ports);
2586}
2587
2588void usb_ehci_finalize(EHCIState *s)
2589{
2590 usb_packet_cleanup(&s->ipacket);
2591}
2592
2593
2594
2595
2596
