1 /* 2 * QEMU USB emulation 3 * 4 * Copyright (c) 2005 Fabrice Bellard 5 * 6 * 2008 Generic packet handler rewrite by Max Krasnyansky 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 #include "qemu-common.h" 27 #include "usb.h" 28 #include "iov.h" 29 30 void usb_attach(USBPort *port, USBDevice *dev) 31 { 32 if (dev != NULL) { 33 /* attach */ 34 if (port->dev) { 35 usb_attach(port, NULL); 36 } 37 dev->port = port; 38 port->dev = dev; 39 port->ops->attach(port); 40 usb_send_msg(dev, USB_MSG_ATTACH); 41 } else { 42 /* detach */ 43 dev = port->dev; 44 assert(dev); 45 port->ops->detach(port); 46 usb_send_msg(dev, USB_MSG_DETACH); 47 dev->port = NULL; 48 port->dev = NULL; 49 } 50 } 51 52 void usb_wakeup(USBDevice *dev) 53 { 54 if (dev->remote_wakeup && dev->port && dev->port->ops->wakeup) { 55 dev->port->ops->wakeup(dev->port); 56 } 57 } 58 59 /**********************/ 60 61 /* generic USB device helpers (you are not forced to use them when 62 writing your USB device driver, but they help handling the 63 protocol) 64 */ 65 66 #define SETUP_STATE_IDLE 0 67 #define SETUP_STATE_SETUP 1 68 #define SETUP_STATE_DATA 2 69 #define SETUP_STATE_ACK 3 70 71 static int do_token_setup(USBDevice *s, USBPacket *p) 72 { 73 int request, value, index; 74 int ret = 0; 75 76 if (p->iov.size != 8) { 77 return USB_RET_STALL; 78 } 79 80 usb_packet_copy(p, s->setup_buf, p->iov.size); 81 s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; 82 s->setup_index = 0; 83 84 request = (s->setup_buf[0] << 8) | s->setup_buf[1]; 85 value = (s->setup_buf[3] << 8) | s->setup_buf[2]; 86 index = (s->setup_buf[5] << 8) | s->setup_buf[4]; 87 88 if (s->setup_buf[0] & USB_DIR_IN) { 89 ret = s->info->handle_control(s, p, request, value, index, 90 s->setup_len, s->data_buf); 91 if (ret == USB_RET_ASYNC) { 92 s->setup_state = SETUP_STATE_SETUP; 93 return USB_RET_ASYNC; 94 } 95 if (ret < 0) 96 return ret; 97 98 if (ret < s->setup_len) 99 s->setup_len = ret; 100 s->setup_state = SETUP_STATE_DATA; 101 } else { 102 if (s->setup_len > sizeof(s->data_buf)) { 103 fprintf(stderr, 104 "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", 105 s->setup_len, sizeof(s->data_buf)); 106 return USB_RET_STALL; 107 } 108 if (s->setup_len == 0) 109 s->setup_state = SETUP_STATE_ACK; 110 else 111 s->setup_state = SETUP_STATE_DATA; 112 } 113 114 return ret; 115 } 116 117 static int do_token_in(USBDevice *s, USBPacket *p) 118 { 119 int request, value, index; 120 int ret = 0; 121 122 if (p->devep != 0) 123 return s->info->handle_data(s, p); 124 125 request = (s->setup_buf[0] << 8) | s->setup_buf[1]; 126 value = (s->setup_buf[3] << 8) | s->setup_buf[2]; 127 index = (s->setup_buf[5] << 8) | s->setup_buf[4]; 128 129 switch(s->setup_state) { 130 case SETUP_STATE_ACK: 131 if (!(s->setup_buf[0] & USB_DIR_IN)) { 132 ret = s->info->handle_control(s, p, request, value, index, 133 s->setup_len, s->data_buf); 134 if (ret == USB_RET_ASYNC) { 135 return USB_RET_ASYNC; 136 } 137 s->setup_state = SETUP_STATE_IDLE; 138 if (ret > 0) 139 return 0; 140 return ret; 141 } 142 143 /* return 0 byte */ 144 return 0; 145 146 case SETUP_STATE_DATA: 147 if (s->setup_buf[0] & USB_DIR_IN) { 148 int len = s->setup_len - s->setup_index; 149 if (len > p->iov.size) { 150 len = p->iov.size; 151 } 152 usb_packet_copy(p, s->data_buf + s->setup_index, len); 153 s->setup_index += len; 154 if (s->setup_index >= s->setup_len) 155 s->setup_state = SETUP_STATE_ACK; 156 return len; 157 } 158 159 s->setup_state = SETUP_STATE_IDLE; 160 return USB_RET_STALL; 161 162 default: 163 return USB_RET_STALL; 164 } 165 } 166 167 static int do_token_out(USBDevice *s, USBPacket *p) 168 { 169 if (p->devep != 0) 170 return s->info->handle_data(s, p); 171 172 switch(s->setup_state) { 173 case SETUP_STATE_ACK: 174 if (s->setup_buf[0] & USB_DIR_IN) { 175 s->setup_state = SETUP_STATE_IDLE; 176 /* transfer OK */ 177 } else { 178 /* ignore additional output */ 179 } 180 return 0; 181 182 case SETUP_STATE_DATA: 183 if (!(s->setup_buf[0] & USB_DIR_IN)) { 184 int len = s->setup_len - s->setup_index; 185 if (len > p->iov.size) { 186 len = p->iov.size; 187 } 188 usb_packet_copy(p, s->data_buf + s->setup_index, len); 189 s->setup_index += len; 190 if (s->setup_index >= s->setup_len) 191 s->setup_state = SETUP_STATE_ACK; 192 return len; 193 } 194 195 s->setup_state = SETUP_STATE_IDLE; 196 return USB_RET_STALL; 197 198 default: 199 return USB_RET_STALL; 200 } 201 } 202 203 /* 204 * Generic packet handler. 205 * Called by the HC (host controller). 206 * 207 * Returns length of the transaction or one of the USB_RET_XXX codes. 208 */ 209 int usb_generic_handle_packet(USBDevice *s, USBPacket *p) 210 { 211 switch(p->pid) { 212 case USB_MSG_ATTACH: 213 s->state = USB_STATE_ATTACHED; 214 if (s->info->handle_attach) { 215 s->info->handle_attach(s); 216 } 217 return 0; 218 219 case USB_MSG_DETACH: 220 s->state = USB_STATE_NOTATTACHED; 221 return 0; 222 223 case USB_MSG_RESET: 224 s->remote_wakeup = 0; 225 s->addr = 0; 226 s->state = USB_STATE_DEFAULT; 227 if (s->info->handle_reset) { 228 s->info->handle_reset(s); 229 } 230 return 0; 231 } 232 233 /* Rest of the PIDs must match our address */ 234 if (s->state < USB_STATE_DEFAULT || p->devaddr != s->addr) 235 return USB_RET_NODEV; 236 237 switch (p->pid) { 238 case USB_TOKEN_SETUP: 239 return do_token_setup(s, p); 240 241 case USB_TOKEN_IN: 242 return do_token_in(s, p); 243 244 case USB_TOKEN_OUT: 245 return do_token_out(s, p); 246 247 default: 248 return USB_RET_STALL; 249 } 250 } 251 252 /* ctrl complete function for devices which use usb_generic_handle_packet and 253 may return USB_RET_ASYNC from their handle_control callback. Device code 254 which does this *must* call this function instead of the normal 255 usb_packet_complete to complete their async control packets. */ 256 void usb_generic_async_ctrl_complete(USBDevice *s, USBPacket *p) 257 { 258 if (p->result < 0) { 259 s->setup_state = SETUP_STATE_IDLE; 260 } 261 262 switch (s->setup_state) { 263 case SETUP_STATE_SETUP: 264 if (p->result < s->setup_len) { 265 s->setup_len = p->result; 266 } 267 s->setup_state = SETUP_STATE_DATA; 268 p->result = 8; 269 break; 270 271 case SETUP_STATE_ACK: 272 s->setup_state = SETUP_STATE_IDLE; 273 p->result = 0; 274 break; 275 276 default: 277 break; 278 } 279 usb_packet_complete(s, p); 280 } 281 282 /* XXX: fix overflow */ 283 int set_usb_string(uint8_t *buf, const char *str) 284 { 285 int len, i; 286 uint8_t *q; 287 288 q = buf; 289 len = strlen(str); 290 *q++ = 2 * len + 2; 291 *q++ = 3; 292 for(i = 0; i < len; i++) { 293 *q++ = str[i]; 294 *q++ = 0; 295 } 296 return q - buf; 297 } 298 299 /* Send an internal message to a USB device. */ 300 void usb_send_msg(USBDevice *dev, int msg) 301 { 302 USBPacket p; 303 int ret; 304 305 memset(&p, 0, sizeof(p)); 306 p.pid = msg; 307 ret = usb_handle_packet(dev, &p); 308 /* This _must_ be synchronous */ 309 assert(ret != USB_RET_ASYNC); 310 } 311 312 /* Hand over a packet to a device for processing. Return value 313 USB_RET_ASYNC indicates the processing isn't finished yet, the 314 driver will call usb_packet_complete() when done processing it. */ 315 int usb_handle_packet(USBDevice *dev, USBPacket *p) 316 { 317 int ret; 318 319 assert(p->owner == NULL); 320 ret = dev->info->handle_packet(dev, p); 321 if (ret == USB_RET_ASYNC) { 322 if (p->owner == NULL) { 323 p->owner = dev; 324 } else { 325 /* We'll end up here when usb_handle_packet is called 326 * recursively due to a hub being in the chain. Nothing 327 * to do. Leave p->owner pointing to the device, not the 328 * hub. */; 329 } 330 } 331 return ret; 332 } 333 334 /* Notify the controller that an async packet is complete. This should only 335 be called for packets previously deferred by returning USB_RET_ASYNC from 336 handle_packet. */ 337 void usb_packet_complete(USBDevice *dev, USBPacket *p) 338 { 339 /* Note: p->owner != dev is possible in case dev is a hub */ 340 assert(p->owner != NULL); 341 dev->port->ops->complete(dev->port, p); 342 p->owner = NULL; 343 } 344 345 /* Cancel an active packet. The packed must have been deferred by 346 returning USB_RET_ASYNC from handle_packet, and not yet 347 completed. */ 348 void usb_cancel_packet(USBPacket * p) 349 { 350 assert(p->owner != NULL); 351 p->owner->info->cancel_packet(p->owner, p); 352 p->owner = NULL; 353 } 354 355 356 void usb_packet_init(USBPacket *p) 357 { 358 qemu_iovec_init(&p->iov, 1); 359 } 360 361 void usb_packet_setup(USBPacket *p, int pid, uint8_t addr, uint8_t ep) 362 { 363 p->pid = pid; 364 p->devaddr = addr; 365 p->devep = ep; 366 p->result = 0; 367 qemu_iovec_reset(&p->iov); 368 } 369 370 void usb_packet_addbuf(USBPacket *p, void *ptr, size_t len) 371 { 372 qemu_iovec_add(&p->iov, ptr, len); 373 } 374 375 void usb_packet_copy(USBPacket *p, void *ptr, size_t bytes) 376 { 377 assert(p->result >= 0); 378 assert(p->result + bytes <= p->iov.size); 379 switch (p->pid) { 380 case USB_TOKEN_SETUP: 381 case USB_TOKEN_OUT: 382 iov_to_buf(p->iov.iov, p->iov.niov, ptr, p->result, bytes); 383 break; 384 case USB_TOKEN_IN: 385 iov_from_buf(p->iov.iov, p->iov.niov, ptr, p->result, bytes); 386 break; 387 default: 388 fprintf(stderr, "%s: invalid pid: %x\n", __func__, p->pid); 389 abort(); 390 } 391 p->result += bytes; 392 } 393 394 void usb_packet_skip(USBPacket *p, size_t bytes) 395 { 396 assert(p->result >= 0); 397 assert(p->result + bytes <= p->iov.size); 398 if (p->pid == USB_TOKEN_IN) { 399 iov_clear(p->iov.iov, p->iov.niov, p->result, bytes); 400 } 401 p->result += bytes; 402 } 403 404 void usb_packet_cleanup(USBPacket *p) 405 { 406 qemu_iovec_destroy(&p->iov); 407 } 408