1 /* 2 * QEMU USB EHCI Emulation 3 * 4 * Copyright(c) 2008 Emutex Ltd. (address@hidden) 5 * Copyright(c) 2011-2012 Red Hat, Inc. 6 * 7 * Red Hat Authors: 8 * Gerd Hoffmann <kraxel@redhat.com> 9 * Hans de Goede <hdegoede@redhat.com> 10 * 11 * EHCI project was started by Mark Burkley, with contributions by 12 * Niels de Vos. David S. Ahern continued working on it. Kevin Wolf, 13 * Jan Kiszka and Vincent Palatin contributed bugfixes. 14 * 15 * 16 * This library is free software; you can redistribute it and/or 17 * modify it under the terms of the GNU Lesser General Public 18 * License as published by the Free Software Foundation; either 19 * version 2 of the License, or(at your option) any later version. 20 * 21 * This library is distributed in the hope that it will be useful, 22 * but WITHOUT ANY WARRANTY; without even the implied warranty of 23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 24 * Lesser General Public License for more details. 25 * 26 * You should have received a copy of the GNU General Public License 27 * along with this program; if not, see <http://www.gnu.org/licenses/>. 28 */ 29 30 #include "hw/hw.h" 31 #include "qemu-timer.h" 32 #include "hw/usb.h" 33 #include "hw/pci.h" 34 #include "monitor.h" 35 #include "trace.h" 36 #include "dma.h" 37 #include "sysemu.h" 38 39 #define EHCI_DEBUG 0 40 41 #if EHCI_DEBUG 42 #define DPRINTF printf 43 #else 44 #define DPRINTF(...) 45 #endif 46 47 /* internal processing - reset HC to try and recover */ 48 #define USB_RET_PROCERR (-99) 49 50 #define MMIO_SIZE 0x1000 51 52 /* Capability Registers Base Address - section 2.2 */ 53 #define CAPREGBASE 0x0000 54 #define CAPLENGTH CAPREGBASE + 0x0000 // 1-byte, 0x0001 reserved 55 #define HCIVERSION CAPREGBASE + 0x0002 // 2-bytes, i/f version # 56 #define HCSPARAMS CAPREGBASE + 0x0004 // 4-bytes, structural params 57 #define HCCPARAMS CAPREGBASE + 0x0008 // 4-bytes, capability params 58 #define EECP HCCPARAMS + 1 59 #define HCSPPORTROUTE1 CAPREGBASE + 0x000c 60 #define HCSPPORTROUTE2 CAPREGBASE + 0x0010 61 62 #define OPREGBASE 0x0020 // Operational Registers Base Address 63 64 #define USBCMD OPREGBASE + 0x0000 65 #define USBCMD_RUNSTOP (1 << 0) // run / Stop 66 #define USBCMD_HCRESET (1 << 1) // HC Reset 67 #define USBCMD_FLS (3 << 2) // Frame List Size 68 #define USBCMD_FLS_SH 2 // Frame List Size Shift 69 #define USBCMD_PSE (1 << 4) // Periodic Schedule Enable 70 #define USBCMD_ASE (1 << 5) // Asynch Schedule Enable 71 #define USBCMD_IAAD (1 << 6) // Int Asynch Advance Doorbell 72 #define USBCMD_LHCR (1 << 7) // Light Host Controller Reset 73 #define USBCMD_ASPMC (3 << 8) // Async Sched Park Mode Count 74 #define USBCMD_ASPME (1 << 11) // Async Sched Park Mode Enable 75 #define USBCMD_ITC (0x7f << 16) // Int Threshold Control 76 #define USBCMD_ITC_SH 16 // Int Threshold Control Shift 77 78 #define USBSTS OPREGBASE + 0x0004 79 #define USBSTS_RO_MASK 0x0000003f 80 #define USBSTS_INT (1 << 0) // USB Interrupt 81 #define USBSTS_ERRINT (1 << 1) // Error Interrupt 82 #define USBSTS_PCD (1 << 2) // Port Change Detect 83 #define USBSTS_FLR (1 << 3) // Frame List Rollover 84 #define USBSTS_HSE (1 << 4) // Host System Error 85 #define USBSTS_IAA (1 << 5) // Interrupt on Async Advance 86 #define USBSTS_HALT (1 << 12) // HC Halted 87 #define USBSTS_REC (1 << 13) // Reclamation 88 #define USBSTS_PSS (1 << 14) // Periodic Schedule Status 89 #define USBSTS_ASS (1 << 15) // Asynchronous Schedule Status 90 91 /* 92 * Interrupt enable bits correspond to the interrupt active bits in USBSTS 93 * so no need to redefine here. 94 */ 95 #define USBINTR OPREGBASE + 0x0008 96 #define USBINTR_MASK 0x0000003f 97 98 #define FRINDEX OPREGBASE + 0x000c 99 #define CTRLDSSEGMENT OPREGBASE + 0x0010 100 #define PERIODICLISTBASE OPREGBASE + 0x0014 101 #define ASYNCLISTADDR OPREGBASE + 0x0018 102 #define ASYNCLISTADDR_MASK 0xffffffe0 103 104 #define CONFIGFLAG OPREGBASE + 0x0040 105 106 #define PORTSC (OPREGBASE + 0x0044) 107 #define PORTSC_BEGIN PORTSC 108 #define PORTSC_END (PORTSC + 4 * NB_PORTS) 109 /* 110 * Bits that are reserved or are read-only are masked out of values 111 * written to us by software 112 */ 113 #define PORTSC_RO_MASK 0x007001c0 114 #define PORTSC_RWC_MASK 0x0000002a 115 #define PORTSC_WKOC_E (1 << 22) // Wake on Over Current Enable 116 #define PORTSC_WKDS_E (1 << 21) // Wake on Disconnect Enable 117 #define PORTSC_WKCN_E (1 << 20) // Wake on Connect Enable 118 #define PORTSC_PTC (15 << 16) // Port Test Control 119 #define PORTSC_PTC_SH 16 // Port Test Control shift 120 #define PORTSC_PIC (3 << 14) // Port Indicator Control 121 #define PORTSC_PIC_SH 14 // Port Indicator Control Shift 122 #define PORTSC_POWNER (1 << 13) // Port Owner 123 #define PORTSC_PPOWER (1 << 12) // Port Power 124 #define PORTSC_LINESTAT (3 << 10) // Port Line Status 125 #define PORTSC_LINESTAT_SH 10 // Port Line Status Shift 126 #define PORTSC_PRESET (1 << 8) // Port Reset 127 #define PORTSC_SUSPEND (1 << 7) // Port Suspend 128 #define PORTSC_FPRES (1 << 6) // Force Port Resume 129 #define PORTSC_OCC (1 << 5) // Over Current Change 130 #define PORTSC_OCA (1 << 4) // Over Current Active 131 #define PORTSC_PEDC (1 << 3) // Port Enable/Disable Change 132 #define PORTSC_PED (1 << 2) // Port Enable/Disable 133 #define PORTSC_CSC (1 << 1) // Connect Status Change 134 #define PORTSC_CONNECT (1 << 0) // Current Connect Status 135 136 #define FRAME_TIMER_FREQ 1000 137 #define FRAME_TIMER_NS (1000000000 / FRAME_TIMER_FREQ) 138 139 #define NB_MAXINTRATE 8 // Max rate at which controller issues ints 140 #define NB_PORTS 6 // Number of downstream ports 141 #define BUFF_SIZE 5*4096 // Max bytes to transfer per transaction 142 #define MAX_QH 100 // Max allowable queue heads in a chain 143 #define MIN_FR_PER_TICK 3 // Min frames to process when catching up 144 145 /* Internal periodic / asynchronous schedule state machine states 146 */ 147 typedef enum { 148 EST_INACTIVE = 1000, 149 EST_ACTIVE, 150 EST_EXECUTING, 151 EST_SLEEPING, 152 /* The following states are internal to the state machine function 153 */ 154 EST_WAITLISTHEAD, 155 EST_FETCHENTRY, 156 EST_FETCHQH, 157 EST_FETCHITD, 158 EST_FETCHSITD, 159 EST_ADVANCEQUEUE, 160 EST_FETCHQTD, 161 EST_EXECUTE, 162 EST_WRITEBACK, 163 EST_HORIZONTALQH 164 } EHCI_STATES; 165 166 /* macros for accessing fields within next link pointer entry */ 167 #define NLPTR_GET(x) ((x) & 0xffffffe0) 168 #define NLPTR_TYPE_GET(x) (((x) >> 1) & 3) 169 #define NLPTR_TBIT(x) ((x) & 1) // 1=invalid, 0=valid 170 171 /* link pointer types */ 172 #define NLPTR_TYPE_ITD 0 // isoc xfer descriptor 173 #define NLPTR_TYPE_QH 1 // queue head 174 #define NLPTR_TYPE_STITD 2 // split xaction, isoc xfer descriptor 175 #define NLPTR_TYPE_FSTN 3 // frame span traversal node 176 177 178 /* EHCI spec version 1.0 Section 3.3 179 */ 180 typedef struct EHCIitd { 181 uint32_t next; 182 183 uint32_t transact[8]; 184 #define ITD_XACT_ACTIVE (1 << 31) 185 #define ITD_XACT_DBERROR (1 << 30) 186 #define ITD_XACT_BABBLE (1 << 29) 187 #define ITD_XACT_XACTERR (1 << 28) 188 #define ITD_XACT_LENGTH_MASK 0x0fff0000 189 #define ITD_XACT_LENGTH_SH 16 190 #define ITD_XACT_IOC (1 << 15) 191 #define ITD_XACT_PGSEL_MASK 0x00007000 192 #define ITD_XACT_PGSEL_SH 12 193 #define ITD_XACT_OFFSET_MASK 0x00000fff 194 195 uint32_t bufptr[7]; 196 #define ITD_BUFPTR_MASK 0xfffff000 197 #define ITD_BUFPTR_SH 12 198 #define ITD_BUFPTR_EP_MASK 0x00000f00 199 #define ITD_BUFPTR_EP_SH 8 200 #define ITD_BUFPTR_DEVADDR_MASK 0x0000007f 201 #define ITD_BUFPTR_DEVADDR_SH 0 202 #define ITD_BUFPTR_DIRECTION (1 << 11) 203 #define ITD_BUFPTR_MAXPKT_MASK 0x000007ff 204 #define ITD_BUFPTR_MAXPKT_SH 0 205 #define ITD_BUFPTR_MULT_MASK 0x00000003 206 #define ITD_BUFPTR_MULT_SH 0 207 } EHCIitd; 208 209 /* EHCI spec version 1.0 Section 3.4 210 */ 211 typedef struct EHCIsitd { 212 uint32_t next; // Standard next link pointer 213 uint32_t epchar; 214 #define SITD_EPCHAR_IO (1 << 31) 215 #define SITD_EPCHAR_PORTNUM_MASK 0x7f000000 216 #define SITD_EPCHAR_PORTNUM_SH 24 217 #define SITD_EPCHAR_HUBADD_MASK 0x007f0000 218 #define SITD_EPCHAR_HUBADDR_SH 16 219 #define SITD_EPCHAR_EPNUM_MASK 0x00000f00 220 #define SITD_EPCHAR_EPNUM_SH 8 221 #define SITD_EPCHAR_DEVADDR_MASK 0x0000007f 222 223 uint32_t uframe; 224 #define SITD_UFRAME_CMASK_MASK 0x0000ff00 225 #define SITD_UFRAME_CMASK_SH 8 226 #define SITD_UFRAME_SMASK_MASK 0x000000ff 227 228 uint32_t results; 229 #define SITD_RESULTS_IOC (1 << 31) 230 #define SITD_RESULTS_PGSEL (1 << 30) 231 #define SITD_RESULTS_TBYTES_MASK 0x03ff0000 232 #define SITD_RESULTS_TYBYTES_SH 16 233 #define SITD_RESULTS_CPROGMASK_MASK 0x0000ff00 234 #define SITD_RESULTS_CPROGMASK_SH 8 235 #define SITD_RESULTS_ACTIVE (1 << 7) 236 #define SITD_RESULTS_ERR (1 << 6) 237 #define SITD_RESULTS_DBERR (1 << 5) 238 #define SITD_RESULTS_BABBLE (1 << 4) 239 #define SITD_RESULTS_XACTERR (1 << 3) 240 #define SITD_RESULTS_MISSEDUF (1 << 2) 241 #define SITD_RESULTS_SPLITXSTATE (1 << 1) 242 243 uint32_t bufptr[2]; 244 #define SITD_BUFPTR_MASK 0xfffff000 245 #define SITD_BUFPTR_CURROFF_MASK 0x00000fff 246 #define SITD_BUFPTR_TPOS_MASK 0x00000018 247 #define SITD_BUFPTR_TPOS_SH 3 248 #define SITD_BUFPTR_TCNT_MASK 0x00000007 249 250 uint32_t backptr; // Standard next link pointer 251 } EHCIsitd; 252 253 /* EHCI spec version 1.0 Section 3.5 254 */ 255 typedef struct EHCIqtd { 256 uint32_t next; // Standard next link pointer 257 uint32_t altnext; // Standard next link pointer 258 uint32_t token; 259 #define QTD_TOKEN_DTOGGLE (1 << 31) 260 #define QTD_TOKEN_TBYTES_MASK 0x7fff0000 261 #define QTD_TOKEN_TBYTES_SH 16 262 #define QTD_TOKEN_IOC (1 << 15) 263 #define QTD_TOKEN_CPAGE_MASK 0x00007000 264 #define QTD_TOKEN_CPAGE_SH 12 265 #define QTD_TOKEN_CERR_MASK 0x00000c00 266 #define QTD_TOKEN_CERR_SH 10 267 #define QTD_TOKEN_PID_MASK 0x00000300 268 #define QTD_TOKEN_PID_SH 8 269 #define QTD_TOKEN_ACTIVE (1 << 7) 270 #define QTD_TOKEN_HALT (1 << 6) 271 #define QTD_TOKEN_DBERR (1 << 5) 272 #define QTD_TOKEN_BABBLE (1 << 4) 273 #define QTD_TOKEN_XACTERR (1 << 3) 274 #define QTD_TOKEN_MISSEDUF (1 << 2) 275 #define QTD_TOKEN_SPLITXSTATE (1 << 1) 276 #define QTD_TOKEN_PING (1 << 0) 277 278 uint32_t bufptr[5]; // Standard buffer pointer 279 #define QTD_BUFPTR_MASK 0xfffff000 280 #define QTD_BUFPTR_SH 12 281 } EHCIqtd; 282 283 /* EHCI spec version 1.0 Section 3.6 284 */ 285 typedef struct EHCIqh { 286 uint32_t next; // Standard next link pointer 287 288 /* endpoint characteristics */ 289 uint32_t epchar; 290 #define QH_EPCHAR_RL_MASK 0xf0000000 291 #define QH_EPCHAR_RL_SH 28 292 #define QH_EPCHAR_C (1 << 27) 293 #define QH_EPCHAR_MPLEN_MASK 0x07FF0000 294 #define QH_EPCHAR_MPLEN_SH 16 295 #define QH_EPCHAR_H (1 << 15) 296 #define QH_EPCHAR_DTC (1 << 14) 297 #define QH_EPCHAR_EPS_MASK 0x00003000 298 #define QH_EPCHAR_EPS_SH 12 299 #define EHCI_QH_EPS_FULL 0 300 #define EHCI_QH_EPS_LOW 1 301 #define EHCI_QH_EPS_HIGH 2 302 #define EHCI_QH_EPS_RESERVED 3 303 304 #define QH_EPCHAR_EP_MASK 0x00000f00 305 #define QH_EPCHAR_EP_SH 8 306 #define QH_EPCHAR_I (1 << 7) 307 #define QH_EPCHAR_DEVADDR_MASK 0x0000007f 308 #define QH_EPCHAR_DEVADDR_SH 0 309 310 /* endpoint capabilities */ 311 uint32_t epcap; 312 #define QH_EPCAP_MULT_MASK 0xc0000000 313 #define QH_EPCAP_MULT_SH 30 314 #define QH_EPCAP_PORTNUM_MASK 0x3f800000 315 #define QH_EPCAP_PORTNUM_SH 23 316 #define QH_EPCAP_HUBADDR_MASK 0x007f0000 317 #define QH_EPCAP_HUBADDR_SH 16 318 #define QH_EPCAP_CMASK_MASK 0x0000ff00 319 #define QH_EPCAP_CMASK_SH 8 320 #define QH_EPCAP_SMASK_MASK 0x000000ff 321 #define QH_EPCAP_SMASK_SH 0 322 323 uint32_t current_qtd; // Standard next link pointer 324 uint32_t next_qtd; // Standard next link pointer 325 uint32_t altnext_qtd; 326 #define QH_ALTNEXT_NAKCNT_MASK 0x0000001e 327 #define QH_ALTNEXT_NAKCNT_SH 1 328 329 uint32_t token; // Same as QTD token 330 uint32_t bufptr[5]; // Standard buffer pointer 331 #define BUFPTR_CPROGMASK_MASK 0x000000ff 332 #define BUFPTR_FRAMETAG_MASK 0x0000001f 333 #define BUFPTR_SBYTES_MASK 0x00000fe0 334 #define BUFPTR_SBYTES_SH 5 335 } EHCIqh; 336 337 /* EHCI spec version 1.0 Section 3.7 338 */ 339 typedef struct EHCIfstn { 340 uint32_t next; // Standard next link pointer 341 uint32_t backptr; // Standard next link pointer 342 } EHCIfstn; 343 344 typedef struct EHCIPacket EHCIPacket; 345 typedef struct EHCIQueue EHCIQueue; 346 typedef struct EHCIState EHCIState; 347 348 enum async_state { 349 EHCI_ASYNC_NONE = 0, 350 EHCI_ASYNC_INITIALIZED, 351 EHCI_ASYNC_INFLIGHT, 352 EHCI_ASYNC_FINISHED, 353 }; 354 355 struct EHCIPacket { 356 EHCIQueue *queue; 357 QTAILQ_ENTRY(EHCIPacket) next; 358 359 EHCIqtd qtd; /* copy of current QTD (being worked on) */ 360 uint32_t qtdaddr; /* address QTD read from */ 361 362 USBPacket packet; 363 QEMUSGList sgl; 364 int pid; 365 enum async_state async; 366 int usb_status; 367 }; 368 369 struct EHCIQueue { 370 EHCIState *ehci; 371 QTAILQ_ENTRY(EHCIQueue) next; 372 uint32_t seen; 373 uint64_t ts; 374 int async; 375 int transact_ctr; 376 377 /* cached data from guest - needs to be flushed 378 * when guest removes an entry (doorbell, handshake sequence) 379 */ 380 EHCIqh qh; /* copy of current QH (being worked on) */ 381 uint32_t qhaddr; /* address QH read from */ 382 uint32_t qtdaddr; /* address QTD read from */ 383 USBDevice *dev; 384 QTAILQ_HEAD(pkts_head, EHCIPacket) packets; 385 }; 386 387 typedef QTAILQ_HEAD(EHCIQueueHead, EHCIQueue) EHCIQueueHead; 388 389 struct EHCIState { 390 PCIDevice dev; 391 USBBus bus; 392 qemu_irq irq; 393 MemoryRegion mem; 394 MemoryRegion mem_caps; 395 MemoryRegion mem_opreg; 396 MemoryRegion mem_ports; 397 int companion_count; 398 399 /* properties */ 400 uint32_t maxframes; 401 402 /* 403 * EHCI spec version 1.0 Section 2.3 404 * Host Controller Operational Registers 405 */ 406 uint8_t caps[OPREGBASE]; 407 union { 408 uint32_t opreg[(PORTSC_BEGIN-OPREGBASE)/sizeof(uint32_t)]; 409 struct { 410 uint32_t usbcmd; 411 uint32_t usbsts; 412 uint32_t usbintr; 413 uint32_t frindex; 414 uint32_t ctrldssegment; 415 uint32_t periodiclistbase; 416 uint32_t asynclistaddr; 417 uint32_t notused[9]; 418 uint32_t configflag; 419 }; 420 }; 421 uint32_t portsc[NB_PORTS]; 422 423 /* 424 * Internal states, shadow registers, etc 425 */ 426 QEMUTimer *frame_timer; 427 QEMUBH *async_bh; 428 uint32_t astate; /* Current state in asynchronous schedule */ 429 uint32_t pstate; /* Current state in periodic schedule */ 430 USBPort ports[NB_PORTS]; 431 USBPort *companion_ports[NB_PORTS]; 432 uint32_t usbsts_pending; 433 uint32_t usbsts_frindex; 434 EHCIQueueHead aqueues; 435 EHCIQueueHead pqueues; 436 437 /* which address to look at next */ 438 uint32_t a_fetch_addr; 439 uint32_t p_fetch_addr; 440 441 USBPacket ipacket; 442 QEMUSGList isgl; 443 444 uint64_t last_run_ns; 445 uint32_t async_stepdown; 446 bool int_req_by_async; 447 }; 448 449 #define SET_LAST_RUN_CLOCK(s) \ 450 (s)->last_run_ns = qemu_get_clock_ns(vm_clock); 451 452 /* nifty macros from Arnon's EHCI version */ 453 #define get_field(data, field) \ 454 (((data) & field##_MASK) >> field##_SH) 455 456 #define set_field(data, newval, field) do { \ 457 uint32_t val = *data; \ 458 val &= ~ field##_MASK; \ 459 val |= ((newval) << field##_SH) & field##_MASK; \ 460 *data = val; \ 461 } while(0) 462 463 static const char *ehci_state_names[] = { 464 [EST_INACTIVE] = "INACTIVE", 465 [EST_ACTIVE] = "ACTIVE", 466 [EST_EXECUTING] = "EXECUTING", 467 [EST_SLEEPING] = "SLEEPING", 468 [EST_WAITLISTHEAD] = "WAITLISTHEAD", 469 [EST_FETCHENTRY] = "FETCH ENTRY", 470 [EST_FETCHQH] = "FETCH QH", 471 [EST_FETCHITD] = "FETCH ITD", 472 [EST_ADVANCEQUEUE] = "ADVANCEQUEUE", 473 [EST_FETCHQTD] = "FETCH QTD", 474 [EST_EXECUTE] = "EXECUTE", 475 [EST_WRITEBACK] = "WRITEBACK", 476 [EST_HORIZONTALQH] = "HORIZONTALQH", 477 }; 478 479 static const char *ehci_mmio_names[] = { 480 [USBCMD] = "USBCMD", 481 [USBSTS] = "USBSTS", 482 [USBINTR] = "USBINTR", 483 [FRINDEX] = "FRINDEX", 484 [PERIODICLISTBASE] = "P-LIST BASE", 485 [ASYNCLISTADDR] = "A-LIST ADDR", 486 [CONFIGFLAG] = "CONFIGFLAG", 487 }; 488 489 static int ehci_state_executing(EHCIQueue *q); 490 static int ehci_state_writeback(EHCIQueue *q); 491 static int ehci_fill_queue(EHCIPacket *p); 492 493 static const char *nr2str(const char **n, size_t len, uint32_t nr) 494 { 495 if (nr < len && n[nr] != NULL) { 496 return n[nr]; 497 } else { 498 return "unknown"; 499 } 500 } 501 502 static const char *state2str(uint32_t state) 503 { 504 return nr2str(ehci_state_names, ARRAY_SIZE(ehci_state_names), state); 505 } 506 507 static const char *addr2str(hwaddr addr) 508 { 509 return nr2str(ehci_mmio_names, ARRAY_SIZE(ehci_mmio_names), 510 addr + OPREGBASE); 511 } 512 513 static void ehci_trace_usbsts(uint32_t mask, int state) 514 { 515 /* interrupts */ 516 if (mask & USBSTS_INT) { 517 trace_usb_ehci_usbsts("INT", state); 518 } 519 if (mask & USBSTS_ERRINT) { 520 trace_usb_ehci_usbsts("ERRINT", state); 521 } 522 if (mask & USBSTS_PCD) { 523 trace_usb_ehci_usbsts("PCD", state); 524 } 525 if (mask & USBSTS_FLR) { 526 trace_usb_ehci_usbsts("FLR", state); 527 } 528 if (mask & USBSTS_HSE) { 529 trace_usb_ehci_usbsts("HSE", state); 530 } 531 if (mask & USBSTS_IAA) { 532 trace_usb_ehci_usbsts("IAA", state); 533 } 534 535 /* status */ 536 if (mask & USBSTS_HALT) { 537 trace_usb_ehci_usbsts("HALT", state); 538 } 539 if (mask & USBSTS_REC) { 540 trace_usb_ehci_usbsts("REC", state); 541 } 542 if (mask & USBSTS_PSS) { 543 trace_usb_ehci_usbsts("PSS", state); 544 } 545 if (mask & USBSTS_ASS) { 546 trace_usb_ehci_usbsts("ASS", state); 547 } 548 } 549 550 static inline void ehci_set_usbsts(EHCIState *s, int mask) 551 { 552 if ((s->usbsts & mask) == mask) { 553 return; 554 } 555 ehci_trace_usbsts(mask, 1); 556 s->usbsts |= mask; 557 } 558 559 static inline void ehci_clear_usbsts(EHCIState *s, int mask) 560 { 561 if ((s->usbsts & mask) == 0) { 562 return; 563 } 564 ehci_trace_usbsts(mask, 0); 565 s->usbsts &= ~mask; 566 } 567 568 /* update irq line */ 569 static inline void ehci_update_irq(EHCIState *s) 570 { 571 int level = 0; 572 573 if ((s->usbsts & USBINTR_MASK) & s->usbintr) { 574 level = 1; 575 } 576 577 trace_usb_ehci_irq(level, s->frindex, s->usbsts, s->usbintr); 578 qemu_set_irq(s->irq, level); 579 } 580 581 /* flag interrupt condition */ 582 static inline void ehci_raise_irq(EHCIState *s, int intr) 583 { 584 if (intr & (USBSTS_PCD | USBSTS_FLR | USBSTS_HSE)) { 585 s->usbsts |= intr; 586 ehci_update_irq(s); 587 } else { 588 s->usbsts_pending |= intr; 589 } 590 } 591 592 /* 593 * Commit pending interrupts (added via ehci_raise_irq), 594 * at the rate allowed by "Interrupt Threshold Control". 595 */ 596 static inline void ehci_commit_irq(EHCIState *s) 597 { 598 uint32_t itc; 599 600 if (!s->usbsts_pending) { 601 return; 602 } 603 if (s->usbsts_frindex > s->frindex) { 604 return; 605 } 606 607 itc = (s->usbcmd >> 16) & 0xff; 608 s->usbsts |= s->usbsts_pending; 609 s->usbsts_pending = 0; 610 s->usbsts_frindex = s->frindex + itc; 611 ehci_update_irq(s); 612 } 613 614 static void ehci_update_halt(EHCIState *s) 615 { 616 if (s->usbcmd & USBCMD_RUNSTOP) { 617 ehci_clear_usbsts(s, USBSTS_HALT); 618 } else { 619 if (s->astate == EST_INACTIVE && s->pstate == EST_INACTIVE) { 620 ehci_set_usbsts(s, USBSTS_HALT); 621 } 622 } 623 } 624 625 static void ehci_set_state(EHCIState *s, int async, int state) 626 { 627 if (async) { 628 trace_usb_ehci_state("async", state2str(state)); 629 s->astate = state; 630 if (s->astate == EST_INACTIVE) { 631 ehci_clear_usbsts(s, USBSTS_ASS); 632 ehci_update_halt(s); 633 } else { 634 ehci_set_usbsts(s, USBSTS_ASS); 635 } 636 } else { 637 trace_usb_ehci_state("periodic", state2str(state)); 638 s->pstate = state; 639 if (s->pstate == EST_INACTIVE) { 640 ehci_clear_usbsts(s, USBSTS_PSS); 641 ehci_update_halt(s); 642 } else { 643 ehci_set_usbsts(s, USBSTS_PSS); 644 } 645 } 646 } 647 648 static int ehci_get_state(EHCIState *s, int async) 649 { 650 return async ? s->astate : s->pstate; 651 } 652 653 static void ehci_set_fetch_addr(EHCIState *s, int async, uint32_t addr) 654 { 655 if (async) { 656 s->a_fetch_addr = addr; 657 } else { 658 s->p_fetch_addr = addr; 659 } 660 } 661 662 static int ehci_get_fetch_addr(EHCIState *s, int async) 663 { 664 return async ? s->a_fetch_addr : s->p_fetch_addr; 665 } 666 667 static void ehci_trace_qh(EHCIQueue *q, hwaddr addr, EHCIqh *qh) 668 { 669 /* need three here due to argument count limits */ 670 trace_usb_ehci_qh_ptrs(q, addr, qh->next, 671 qh->current_qtd, qh->next_qtd, qh->altnext_qtd); 672 trace_usb_ehci_qh_fields(addr, 673 get_field(qh->epchar, QH_EPCHAR_RL), 674 get_field(qh->epchar, QH_EPCHAR_MPLEN), 675 get_field(qh->epchar, QH_EPCHAR_EPS), 676 get_field(qh->epchar, QH_EPCHAR_EP), 677 get_field(qh->epchar, QH_EPCHAR_DEVADDR)); 678 trace_usb_ehci_qh_bits(addr, 679 (bool)(qh->epchar & QH_EPCHAR_C), 680 (bool)(qh->epchar & QH_EPCHAR_H), 681 (bool)(qh->epchar & QH_EPCHAR_DTC), 682 (bool)(qh->epchar & QH_EPCHAR_I)); 683 } 684 685 static void ehci_trace_qtd(EHCIQueue *q, hwaddr addr, EHCIqtd *qtd) 686 { 687 /* need three here due to argument count limits */ 688 trace_usb_ehci_qtd_ptrs(q, addr, qtd->next, qtd->altnext); 689 trace_usb_ehci_qtd_fields(addr, 690 get_field(qtd->token, QTD_TOKEN_TBYTES), 691 get_field(qtd->token, QTD_TOKEN_CPAGE), 692 get_field(qtd->token, QTD_TOKEN_CERR), 693 get_field(qtd->token, QTD_TOKEN_PID)); 694 trace_usb_ehci_qtd_bits(addr, 695 (bool)(qtd->token & QTD_TOKEN_IOC), 696 (bool)(qtd->token & QTD_TOKEN_ACTIVE), 697 (bool)(qtd->token & QTD_TOKEN_HALT), 698 (bool)(qtd->token & QTD_TOKEN_BABBLE), 699 (bool)(qtd->token & QTD_TOKEN_XACTERR)); 700 } 701 702 static void ehci_trace_itd(EHCIState *s, hwaddr addr, EHCIitd *itd) 703 { 704 trace_usb_ehci_itd(addr, itd->next, 705 get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT), 706 get_field(itd->bufptr[2], ITD_BUFPTR_MULT), 707 get_field(itd->bufptr[0], ITD_BUFPTR_EP), 708 get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR)); 709 } 710 711 static void ehci_trace_sitd(EHCIState *s, hwaddr addr, 712 EHCIsitd *sitd) 713 { 714 trace_usb_ehci_sitd(addr, sitd->next, 715 (bool)(sitd->results & SITD_RESULTS_ACTIVE)); 716 } 717 718 static void ehci_trace_guest_bug(EHCIState *s, const char *message) 719 { 720 trace_usb_ehci_guest_bug(message); 721 fprintf(stderr, "ehci warning: %s\n", message); 722 } 723 724 static inline bool ehci_enabled(EHCIState *s) 725 { 726 return s->usbcmd & USBCMD_RUNSTOP; 727 } 728 729 static inline bool ehci_async_enabled(EHCIState *s) 730 { 731 return ehci_enabled(s) && (s->usbcmd & USBCMD_ASE); 732 } 733 734 static inline bool ehci_periodic_enabled(EHCIState *s) 735 { 736 return ehci_enabled(s) && (s->usbcmd & USBCMD_PSE); 737 } 738 739 /* packet management */ 740 741 static EHCIPacket *ehci_alloc_packet(EHCIQueue *q) 742 { 743 EHCIPacket *p; 744 745 p = g_new0(EHCIPacket, 1); 746 p->queue = q; 747 usb_packet_init(&p->packet); 748 QTAILQ_INSERT_TAIL(&q->packets, p, next); 749 trace_usb_ehci_packet_action(p->queue, p, "alloc"); 750 return p; 751 } 752 753 static void ehci_free_packet(EHCIPacket *p) 754 { 755 if (p->async == EHCI_ASYNC_FINISHED) { 756 int state = ehci_get_state(p->queue->ehci, p->queue->async); 757 /* This is a normal, but rare condition (cancel racing completion) */ 758 fprintf(stderr, "EHCI: Warning packet completed but not processed\n"); 759 ehci_state_executing(p->queue); 760 ehci_state_writeback(p->queue); 761 ehci_set_state(p->queue->ehci, p->queue->async, state); 762 /* state_writeback recurses into us with async == EHCI_ASYNC_NONE!! */ 763 return; 764 } 765 trace_usb_ehci_packet_action(p->queue, p, "free"); 766 if (p->async == EHCI_ASYNC_INITIALIZED) { 767 usb_packet_unmap(&p->packet, &p->sgl); 768 qemu_sglist_destroy(&p->sgl); 769 } 770 if (p->async == EHCI_ASYNC_INFLIGHT) { 771 usb_cancel_packet(&p->packet); 772 usb_packet_unmap(&p->packet, &p->sgl); 773 qemu_sglist_destroy(&p->sgl); 774 } 775 QTAILQ_REMOVE(&p->queue->packets, p, next); 776 usb_packet_cleanup(&p->packet); 777 g_free(p); 778 } 779 780 /* queue management */ 781 782 static EHCIQueue *ehci_alloc_queue(EHCIState *ehci, uint32_t addr, int async) 783 { 784 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 785 EHCIQueue *q; 786 787 q = g_malloc0(sizeof(*q)); 788 q->ehci = ehci; 789 q->qhaddr = addr; 790 q->async = async; 791 QTAILQ_INIT(&q->packets); 792 QTAILQ_INSERT_HEAD(head, q, next); 793 trace_usb_ehci_queue_action(q, "alloc"); 794 return q; 795 } 796 797 static int ehci_cancel_queue(EHCIQueue *q) 798 { 799 EHCIPacket *p; 800 int packets = 0; 801 802 p = QTAILQ_FIRST(&q->packets); 803 if (p == NULL) { 804 return 0; 805 } 806 807 trace_usb_ehci_queue_action(q, "cancel"); 808 do { 809 ehci_free_packet(p); 810 packets++; 811 } while ((p = QTAILQ_FIRST(&q->packets)) != NULL); 812 return packets; 813 } 814 815 static int ehci_reset_queue(EHCIQueue *q) 816 { 817 int packets; 818 819 trace_usb_ehci_queue_action(q, "reset"); 820 packets = ehci_cancel_queue(q); 821 q->dev = NULL; 822 q->qtdaddr = 0; 823 return packets; 824 } 825 826 static void ehci_free_queue(EHCIQueue *q, const char *warn) 827 { 828 EHCIQueueHead *head = q->async ? &q->ehci->aqueues : &q->ehci->pqueues; 829 int cancelled; 830 831 trace_usb_ehci_queue_action(q, "free"); 832 cancelled = ehci_cancel_queue(q); 833 if (warn && cancelled > 0) { 834 ehci_trace_guest_bug(q->ehci, warn); 835 } 836 QTAILQ_REMOVE(head, q, next); 837 g_free(q); 838 } 839 840 static EHCIQueue *ehci_find_queue_by_qh(EHCIState *ehci, uint32_t addr, 841 int async) 842 { 843 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 844 EHCIQueue *q; 845 846 QTAILQ_FOREACH(q, head, next) { 847 if (addr == q->qhaddr) { 848 return q; 849 } 850 } 851 return NULL; 852 } 853 854 static void ehci_queues_rip_unused(EHCIState *ehci, int async) 855 { 856 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 857 const char *warn = async ? "guest unlinked busy QH" : NULL; 858 uint64_t maxage = FRAME_TIMER_NS * ehci->maxframes * 4; 859 EHCIQueue *q, *tmp; 860 861 QTAILQ_FOREACH_SAFE(q, head, next, tmp) { 862 if (q->seen) { 863 q->seen = 0; 864 q->ts = ehci->last_run_ns; 865 continue; 866 } 867 if (ehci->last_run_ns < q->ts + maxage) { 868 continue; 869 } 870 ehci_free_queue(q, warn); 871 } 872 } 873 874 static void ehci_queues_rip_unseen(EHCIState *ehci, int async) 875 { 876 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 877 EHCIQueue *q, *tmp; 878 879 QTAILQ_FOREACH_SAFE(q, head, next, tmp) { 880 if (!q->seen) { 881 ehci_free_queue(q, NULL); 882 } 883 } 884 } 885 886 static void ehci_queues_rip_device(EHCIState *ehci, USBDevice *dev, int async) 887 { 888 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 889 EHCIQueue *q, *tmp; 890 891 QTAILQ_FOREACH_SAFE(q, head, next, tmp) { 892 if (q->dev != dev) { 893 continue; 894 } 895 ehci_free_queue(q, NULL); 896 } 897 } 898 899 static void ehci_queues_rip_all(EHCIState *ehci, int async) 900 { 901 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues; 902 const char *warn = async ? "guest stopped busy async schedule" : NULL; 903 EHCIQueue *q, *tmp; 904 905 QTAILQ_FOREACH_SAFE(q, head, next, tmp) { 906 ehci_free_queue(q, warn); 907 } 908 } 909 910 /* Attach or detach a device on root hub */ 911 912 static void ehci_attach(USBPort *port) 913 { 914 EHCIState *s = port->opaque; 915 uint32_t *portsc = &s->portsc[port->index]; 916 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci"; 917 918 trace_usb_ehci_port_attach(port->index, owner, port->dev->product_desc); 919 920 if (*portsc & PORTSC_POWNER) { 921 USBPort *companion = s->companion_ports[port->index]; 922 companion->dev = port->dev; 923 companion->ops->attach(companion); 924 return; 925 } 926 927 *portsc |= PORTSC_CONNECT; 928 *portsc |= PORTSC_CSC; 929 930 ehci_raise_irq(s, USBSTS_PCD); 931 ehci_commit_irq(s); 932 } 933 934 static void ehci_detach(USBPort *port) 935 { 936 EHCIState *s = port->opaque; 937 uint32_t *portsc = &s->portsc[port->index]; 938 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci"; 939 940 trace_usb_ehci_port_detach(port->index, owner); 941 942 if (*portsc & PORTSC_POWNER) { 943 USBPort *companion = s->companion_ports[port->index]; 944 companion->ops->detach(companion); 945 companion->dev = NULL; 946 /* 947 * EHCI spec 4.2.2: "When a disconnect occurs... On the event, 948 * the port ownership is returned immediately to the EHCI controller." 949 */ 950 *portsc &= ~PORTSC_POWNER; 951 return; 952 } 953 954 ehci_queues_rip_device(s, port->dev, 0); 955 ehci_queues_rip_device(s, port->dev, 1); 956 957 *portsc &= ~(PORTSC_CONNECT|PORTSC_PED); 958 *portsc |= PORTSC_CSC; 959 960 ehci_raise_irq(s, USBSTS_PCD); 961 ehci_commit_irq(s); 962 } 963 964 static void ehci_child_detach(USBPort *port, USBDevice *child) 965 { 966 EHCIState *s = port->opaque; 967 uint32_t portsc = s->portsc[port->index]; 968 969 if (portsc & PORTSC_POWNER) { 970 USBPort *companion = s->companion_ports[port->index]; 971 companion->ops->child_detach(companion, child); 972 return; 973 } 974 975 ehci_queues_rip_device(s, child, 0); 976 ehci_queues_rip_device(s, child, 1); 977 } 978 979 static void ehci_wakeup(USBPort *port) 980 { 981 EHCIState *s = port->opaque; 982 uint32_t portsc = s->portsc[port->index]; 983 984 if (portsc & PORTSC_POWNER) { 985 USBPort *companion = s->companion_ports[port->index]; 986 if (companion->ops->wakeup) { 987 companion->ops->wakeup(companion); 988 } 989 return; 990 } 991 992 qemu_bh_schedule(s->async_bh); 993 } 994 995 static int ehci_register_companion(USBBus *bus, USBPort *ports[], 996 uint32_t portcount, uint32_t firstport) 997 { 998 EHCIState *s = container_of(bus, EHCIState, bus); 999 uint32_t i; 1000 1001 if (firstport + portcount > NB_PORTS) { 1002 qerror_report(QERR_INVALID_PARAMETER_VALUE, "firstport", 1003 "firstport on masterbus"); 1004 error_printf_unless_qmp( 1005 "firstport value of %u makes companion take ports %u - %u, which " 1006 "is outside of the valid range of 0 - %u\n", firstport, firstport, 1007 firstport + portcount - 1, NB_PORTS - 1); 1008 return -1; 1009 } 1010 1011 for (i = 0; i < portcount; i++) { 1012 if (s->companion_ports[firstport + i]) { 1013 qerror_report(QERR_INVALID_PARAMETER_VALUE, "masterbus", 1014 "an USB masterbus"); 1015 error_printf_unless_qmp( 1016 "port %u on masterbus %s already has a companion assigned\n", 1017 firstport + i, bus->qbus.name); 1018 return -1; 1019 } 1020 } 1021 1022 for (i = 0; i < portcount; i++) { 1023 s->companion_ports[firstport + i] = ports[i]; 1024 s->ports[firstport + i].speedmask |= 1025 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL; 1026 /* Ensure devs attached before the initial reset go to the companion */ 1027 s->portsc[firstport + i] = PORTSC_POWNER; 1028 } 1029 1030 s->companion_count++; 1031 s->caps[0x05] = (s->companion_count << 4) | portcount; 1032 1033 return 0; 1034 } 1035 1036 static USBDevice *ehci_find_device(EHCIState *ehci, uint8_t addr) 1037 { 1038 USBDevice *dev; 1039 USBPort *port; 1040 int i; 1041 1042 for (i = 0; i < NB_PORTS; i++) { 1043 port = &ehci->ports[i]; 1044 if (!(ehci->portsc[i] & PORTSC_PED)) { 1045 DPRINTF("Port %d not enabled\n", i); 1046 continue; 1047 } 1048 dev = usb_find_device(port, addr); 1049 if (dev != NULL) { 1050 return dev; 1051 } 1052 } 1053 return NULL; 1054 } 1055 1056 /* 4.1 host controller initialization */ 1057 static void ehci_reset(void *opaque) 1058 { 1059 EHCIState *s = opaque; 1060 int i; 1061 USBDevice *devs[NB_PORTS]; 1062 1063 trace_usb_ehci_reset(); 1064 1065 /* 1066 * Do the detach before touching portsc, so that it correctly gets send to 1067 * us or to our companion based on PORTSC_POWNER before the reset. 1068 */ 1069 for(i = 0; i < NB_PORTS; i++) { 1070 devs[i] = s->ports[i].dev; 1071 if (devs[i] && devs[i]->attached) { 1072 usb_detach(&s->ports[i]); 1073 } 1074 } 1075 1076 memset(&s->opreg, 0x00, sizeof(s->opreg)); 1077 memset(&s->portsc, 0x00, sizeof(s->portsc)); 1078 1079 s->usbcmd = NB_MAXINTRATE << USBCMD_ITC_SH; 1080 s->usbsts = USBSTS_HALT; 1081 s->usbsts_pending = 0; 1082 s->usbsts_frindex = 0; 1083 1084 s->astate = EST_INACTIVE; 1085 s->pstate = EST_INACTIVE; 1086 1087 for(i = 0; i < NB_PORTS; i++) { 1088 if (s->companion_ports[i]) { 1089 s->portsc[i] = PORTSC_POWNER | PORTSC_PPOWER; 1090 } else { 1091 s->portsc[i] = PORTSC_PPOWER; 1092 } 1093 if (devs[i] && devs[i]->attached) { 1094 usb_attach(&s->ports[i]); 1095 usb_device_reset(devs[i]); 1096 } 1097 } 1098 ehci_queues_rip_all(s, 0); 1099 ehci_queues_rip_all(s, 1); 1100 qemu_del_timer(s->frame_timer); 1101 qemu_bh_cancel(s->async_bh); 1102 } 1103 1104 static uint64_t ehci_caps_read(void *ptr, hwaddr addr, 1105 unsigned size) 1106 { 1107 EHCIState *s = ptr; 1108 return s->caps[addr]; 1109 } 1110 1111 static uint64_t ehci_opreg_read(void *ptr, hwaddr addr, 1112 unsigned size) 1113 { 1114 EHCIState *s = ptr; 1115 uint32_t val; 1116 1117 val = s->opreg[addr >> 2]; 1118 trace_usb_ehci_opreg_read(addr + OPREGBASE, addr2str(addr), val); 1119 return val; 1120 } 1121 1122 static uint64_t ehci_port_read(void *ptr, hwaddr addr, 1123 unsigned size) 1124 { 1125 EHCIState *s = ptr; 1126 uint32_t val; 1127 1128 val = s->portsc[addr >> 2]; 1129 trace_usb_ehci_portsc_read(addr + PORTSC_BEGIN, addr >> 2, val); 1130 return val; 1131 } 1132 1133 static void handle_port_owner_write(EHCIState *s, int port, uint32_t owner) 1134 { 1135 USBDevice *dev = s->ports[port].dev; 1136 uint32_t *portsc = &s->portsc[port]; 1137 uint32_t orig; 1138 1139 if (s->companion_ports[port] == NULL) 1140 return; 1141 1142 owner = owner & PORTSC_POWNER; 1143 orig = *portsc & PORTSC_POWNER; 1144 1145 if (!(owner ^ orig)) { 1146 return; 1147 } 1148 1149 if (dev && dev->attached) { 1150 usb_detach(&s->ports[port]); 1151 } 1152 1153 *portsc &= ~PORTSC_POWNER; 1154 *portsc |= owner; 1155 1156 if (dev && dev->attached) { 1157 usb_attach(&s->ports[port]); 1158 } 1159 } 1160 1161 static void ehci_port_write(void *ptr, hwaddr addr, 1162 uint64_t val, unsigned size) 1163 { 1164 EHCIState *s = ptr; 1165 int port = addr >> 2; 1166 uint32_t *portsc = &s->portsc[port]; 1167 uint32_t old = *portsc; 1168 USBDevice *dev = s->ports[port].dev; 1169 1170 trace_usb_ehci_portsc_write(addr + PORTSC_BEGIN, addr >> 2, val); 1171 1172 /* Clear rwc bits */ 1173 *portsc &= ~(val & PORTSC_RWC_MASK); 1174 /* The guest may clear, but not set the PED bit */ 1175 *portsc &= val | ~PORTSC_PED; 1176 /* POWNER is masked out by RO_MASK as it is RO when we've no companion */ 1177 handle_port_owner_write(s, port, val); 1178 /* And finally apply RO_MASK */ 1179 val &= PORTSC_RO_MASK; 1180 1181 if ((val & PORTSC_PRESET) && !(*portsc & PORTSC_PRESET)) { 1182 trace_usb_ehci_port_reset(port, 1); 1183 } 1184 1185 if (!(val & PORTSC_PRESET) &&(*portsc & PORTSC_PRESET)) { 1186 trace_usb_ehci_port_reset(port, 0); 1187 if (dev && dev->attached) { 1188 usb_port_reset(&s->ports[port]); 1189 *portsc &= ~PORTSC_CSC; 1190 } 1191 1192 /* 1193 * Table 2.16 Set the enable bit(and enable bit change) to indicate 1194 * to SW that this port has a high speed device attached 1195 */ 1196 if (dev && dev->attached && (dev->speedmask & USB_SPEED_MASK_HIGH)) { 1197 val |= PORTSC_PED; 1198 } 1199 } 1200 1201 *portsc &= ~PORTSC_RO_MASK; 1202 *portsc |= val; 1203 trace_usb_ehci_portsc_change(addr + PORTSC_BEGIN, addr >> 2, *portsc, old); 1204 } 1205 1206 static void ehci_opreg_write(void *ptr, hwaddr addr, 1207 uint64_t val, unsigned size) 1208 { 1209 EHCIState *s = ptr; 1210 uint32_t *mmio = s->opreg + (addr >> 2); 1211 uint32_t old = *mmio; 1212 int i; 1213 1214 trace_usb_ehci_opreg_write(addr + OPREGBASE, addr2str(addr), val); 1215 1216 switch (addr + OPREGBASE) { 1217 case USBCMD: 1218 if (val & USBCMD_HCRESET) { 1219 ehci_reset(s); 1220 val = s->usbcmd; 1221 break; 1222 } 1223 1224 /* not supporting dynamic frame list size at the moment */ 1225 if ((val & USBCMD_FLS) && !(s->usbcmd & USBCMD_FLS)) { 1226 fprintf(stderr, "attempt to set frame list size -- value %d\n", 1227 (int)val & USBCMD_FLS); 1228 val &= ~USBCMD_FLS; 1229 } 1230 1231 if (val & USBCMD_IAAD) { 1232 /* 1233 * Process IAAD immediately, otherwise the Linux IAAD watchdog may 1234 * trigger and re-use a qh without us seeing the unlink. 1235 */ 1236 s->async_stepdown = 0; 1237 qemu_bh_schedule(s->async_bh); 1238 trace_usb_ehci_doorbell_ring(); 1239 } 1240 1241 if (((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & val) != 1242 ((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & s->usbcmd)) { 1243 if (s->pstate == EST_INACTIVE) { 1244 SET_LAST_RUN_CLOCK(s); 1245 } 1246 s->usbcmd = val; /* Set usbcmd for ehci_update_halt() */ 1247 ehci_update_halt(s); 1248 s->async_stepdown = 0; 1249 qemu_bh_schedule(s->async_bh); 1250 } 1251 break; 1252 1253 case USBSTS: 1254 val &= USBSTS_RO_MASK; // bits 6 through 31 are RO 1255 ehci_clear_usbsts(s, val); // bits 0 through 5 are R/WC 1256 val = s->usbsts; 1257 ehci_update_irq(s); 1258 break; 1259 1260 case USBINTR: 1261 val &= USBINTR_MASK; 1262 break; 1263 1264 case FRINDEX: 1265 val &= 0x00003ff8; /* frindex is 14bits and always a multiple of 8 */ 1266 break; 1267 1268 case CONFIGFLAG: 1269 val &= 0x1; 1270 if (val) { 1271 for(i = 0; i < NB_PORTS; i++) 1272 handle_port_owner_write(s, i, 0); 1273 } 1274 break; 1275 1276 case PERIODICLISTBASE: 1277 if (ehci_periodic_enabled(s)) { 1278 fprintf(stderr, 1279 "ehci: PERIODIC list base register set while periodic schedule\n" 1280 " is enabled and HC is enabled\n"); 1281 } 1282 break; 1283 1284 case ASYNCLISTADDR: 1285 if (ehci_async_enabled(s)) { 1286 fprintf(stderr, 1287 "ehci: ASYNC list address register set while async schedule\n" 1288 " is enabled and HC is enabled\n"); 1289 } 1290 break; 1291 } 1292 1293 *mmio = val; 1294 trace_usb_ehci_opreg_change(addr + OPREGBASE, addr2str(addr), *mmio, old); 1295 } 1296 1297 1298 // TODO : Put in common header file, duplication from usb-ohci.c 1299 1300 /* Get an array of dwords from main memory */ 1301 static inline int get_dwords(EHCIState *ehci, uint32_t addr, 1302 uint32_t *buf, int num) 1303 { 1304 int i; 1305 1306 for(i = 0; i < num; i++, buf++, addr += sizeof(*buf)) { 1307 pci_dma_read(&ehci->dev, addr, buf, sizeof(*buf)); 1308 *buf = le32_to_cpu(*buf); 1309 } 1310 1311 return 1; 1312 } 1313 1314 /* Put an array of dwords in to main memory */ 1315 static inline int put_dwords(EHCIState *ehci, uint32_t addr, 1316 uint32_t *buf, int num) 1317 { 1318 int i; 1319 1320 for(i = 0; i < num; i++, buf++, addr += sizeof(*buf)) { 1321 uint32_t tmp = cpu_to_le32(*buf); 1322 pci_dma_write(&ehci->dev, addr, &tmp, sizeof(tmp)); 1323 } 1324 1325 return 1; 1326 } 1327 1328 /* 1329 * Write the qh back to guest physical memory. This step isn't 1330 * in the EHCI spec but we need to do it since we don't share 1331 * physical memory with our guest VM. 1332 * 1333 * The first three dwords are read-only for the EHCI, so skip them 1334 * when writing back the qh. 1335 */ 1336 static void ehci_flush_qh(EHCIQueue *q) 1337 { 1338 uint32_t *qh = (uint32_t *) &q->qh; 1339 uint32_t dwords = sizeof(EHCIqh) >> 2; 1340 uint32_t addr = NLPTR_GET(q->qhaddr); 1341 1342 put_dwords(q->ehci, addr + 3 * sizeof(uint32_t), qh + 3, dwords - 3); 1343 } 1344 1345 // 4.10.2 1346 1347 static int ehci_qh_do_overlay(EHCIQueue *q) 1348 { 1349 EHCIPacket *p = QTAILQ_FIRST(&q->packets); 1350 int i; 1351 int dtoggle; 1352 int ping; 1353 int eps; 1354 int reload; 1355 1356 assert(p != NULL); 1357 assert(p->qtdaddr == q->qtdaddr); 1358 1359 // remember values in fields to preserve in qh after overlay 1360 1361 dtoggle = q->qh.token & QTD_TOKEN_DTOGGLE; 1362 ping = q->qh.token & QTD_TOKEN_PING; 1363 1364 q->qh.current_qtd = p->qtdaddr; 1365 q->qh.next_qtd = p->qtd.next; 1366 q->qh.altnext_qtd = p->qtd.altnext; 1367 q->qh.token = p->qtd.token; 1368 1369 1370 eps = get_field(q->qh.epchar, QH_EPCHAR_EPS); 1371 if (eps == EHCI_QH_EPS_HIGH) { 1372 q->qh.token &= ~QTD_TOKEN_PING; 1373 q->qh.token |= ping; 1374 } 1375 1376 reload = get_field(q->qh.epchar, QH_EPCHAR_RL); 1377 set_field(&q->qh.altnext_qtd, reload, QH_ALTNEXT_NAKCNT); 1378 1379 for (i = 0; i < 5; i++) { 1380 q->qh.bufptr[i] = p->qtd.bufptr[i]; 1381 } 1382 1383 if (!(q->qh.epchar & QH_EPCHAR_DTC)) { 1384 // preserve QH DT bit 1385 q->qh.token &= ~QTD_TOKEN_DTOGGLE; 1386 q->qh.token |= dtoggle; 1387 } 1388 1389 q->qh.bufptr[1] &= ~BUFPTR_CPROGMASK_MASK; 1390 q->qh.bufptr[2] &= ~BUFPTR_FRAMETAG_MASK; 1391 1392 ehci_flush_qh(q); 1393 1394 return 0; 1395 } 1396 1397 static int ehci_init_transfer(EHCIPacket *p) 1398 { 1399 uint32_t cpage, offset, bytes, plen; 1400 dma_addr_t page; 1401 1402 cpage = get_field(p->qtd.token, QTD_TOKEN_CPAGE); 1403 bytes = get_field(p->qtd.token, QTD_TOKEN_TBYTES); 1404 offset = p->qtd.bufptr[0] & ~QTD_BUFPTR_MASK; 1405 pci_dma_sglist_init(&p->sgl, &p->queue->ehci->dev, 5); 1406 1407 while (bytes > 0) { 1408 if (cpage > 4) { 1409 fprintf(stderr, "cpage out of range (%d)\n", cpage); 1410 return USB_RET_PROCERR; 1411 } 1412 1413 page = p->qtd.bufptr[cpage] & QTD_BUFPTR_MASK; 1414 page += offset; 1415 plen = bytes; 1416 if (plen > 4096 - offset) { 1417 plen = 4096 - offset; 1418 offset = 0; 1419 cpage++; 1420 } 1421 1422 qemu_sglist_add(&p->sgl, page, plen); 1423 bytes -= plen; 1424 } 1425 return 0; 1426 } 1427 1428 static void ehci_finish_transfer(EHCIQueue *q, int status) 1429 { 1430 uint32_t cpage, offset; 1431 1432 if (status > 0) { 1433 /* update cpage & offset */ 1434 cpage = get_field(q->qh.token, QTD_TOKEN_CPAGE); 1435 offset = q->qh.bufptr[0] & ~QTD_BUFPTR_MASK; 1436 1437 offset += status; 1438 cpage += offset >> QTD_BUFPTR_SH; 1439 offset &= ~QTD_BUFPTR_MASK; 1440 1441 set_field(&q->qh.token, cpage, QTD_TOKEN_CPAGE); 1442 q->qh.bufptr[0] &= QTD_BUFPTR_MASK; 1443 q->qh.bufptr[0] |= offset; 1444 } 1445 } 1446 1447 static void ehci_async_complete_packet(USBPort *port, USBPacket *packet) 1448 { 1449 EHCIPacket *p; 1450 EHCIState *s = port->opaque; 1451 uint32_t portsc = s->portsc[port->index]; 1452 1453 if (portsc & PORTSC_POWNER) { 1454 USBPort *companion = s->companion_ports[port->index]; 1455 companion->ops->complete(companion, packet); 1456 return; 1457 } 1458 1459 p = container_of(packet, EHCIPacket, packet); 1460 assert(p->async == EHCI_ASYNC_INFLIGHT); 1461 1462 if (packet->result == USB_RET_REMOVE_FROM_QUEUE) { 1463 trace_usb_ehci_packet_action(p->queue, p, "remove"); 1464 ehci_free_packet(p); 1465 return; 1466 } 1467 1468 trace_usb_ehci_packet_action(p->queue, p, "wakeup"); 1469 p->async = EHCI_ASYNC_FINISHED; 1470 p->usb_status = packet->result; 1471 1472 if (p->queue->async) { 1473 qemu_bh_schedule(p->queue->ehci->async_bh); 1474 } 1475 } 1476 1477 static void ehci_execute_complete(EHCIQueue *q) 1478 { 1479 EHCIPacket *p = QTAILQ_FIRST(&q->packets); 1480 1481 assert(p != NULL); 1482 assert(p->qtdaddr == q->qtdaddr); 1483 assert(p->async == EHCI_ASYNC_INITIALIZED || 1484 p->async == EHCI_ASYNC_FINISHED); 1485 1486 DPRINTF("execute_complete: qhaddr 0x%x, next %x, qtdaddr 0x%x, status %d\n", 1487 q->qhaddr, q->qh.next, q->qtdaddr, q->usb_status); 1488 1489 if (p->usb_status < 0) { 1490 switch (p->usb_status) { 1491 case USB_RET_IOERROR: 1492 case USB_RET_NODEV: 1493 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_XACTERR); 1494 set_field(&q->qh.token, 0, QTD_TOKEN_CERR); 1495 ehci_raise_irq(q->ehci, USBSTS_ERRINT); 1496 break; 1497 case USB_RET_STALL: 1498 q->qh.token |= QTD_TOKEN_HALT; 1499 ehci_raise_irq(q->ehci, USBSTS_ERRINT); 1500 break; 1501 case USB_RET_NAK: 1502 set_field(&q->qh.altnext_qtd, 0, QH_ALTNEXT_NAKCNT); 1503 return; /* We're not done yet with this transaction */ 1504 case USB_RET_BABBLE: 1505 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_BABBLE); 1506 ehci_raise_irq(q->ehci, USBSTS_ERRINT); 1507 break; 1508 default: 1509 /* should not be triggerable */ 1510 fprintf(stderr, "USB invalid response %d\n", p->usb_status); 1511 assert(0); 1512 break; 1513 } 1514 } else { 1515 // TODO check 4.12 for splits 1516 uint32_t tbytes = get_field(q->qh.token, QTD_TOKEN_TBYTES); 1517 1518 if (tbytes && p->pid == USB_TOKEN_IN) { 1519 tbytes -= p->usb_status; 1520 if (tbytes) { 1521 /* 4.15.1.2 must raise int on a short input packet */ 1522 ehci_raise_irq(q->ehci, USBSTS_INT); 1523 } 1524 } else { 1525 tbytes = 0; 1526 } 1527 1528 DPRINTF("updating tbytes to %d\n", tbytes); 1529 set_field(&q->qh.token, tbytes, QTD_TOKEN_TBYTES); 1530 } 1531 ehci_finish_transfer(q, p->usb_status); 1532 usb_packet_unmap(&p->packet, &p->sgl); 1533 qemu_sglist_destroy(&p->sgl); 1534 p->async = EHCI_ASYNC_NONE; 1535 1536 q->qh.token ^= QTD_TOKEN_DTOGGLE; 1537 q->qh.token &= ~QTD_TOKEN_ACTIVE; 1538 1539 if (q->qh.token & QTD_TOKEN_IOC) { 1540 ehci_raise_irq(q->ehci, USBSTS_INT); 1541 if (q->async) { 1542 q->ehci->int_req_by_async = true; 1543 } 1544 } 1545 } 1546 1547 // 4.10.3 1548 1549 static int ehci_execute(EHCIPacket *p, const char *action) 1550 { 1551 USBEndpoint *ep; 1552 int ret; 1553 int endp; 1554 bool spd; 1555 1556 assert(p->async == EHCI_ASYNC_NONE || 1557 p->async == EHCI_ASYNC_INITIALIZED); 1558 1559 if (!(p->qtd.token & QTD_TOKEN_ACTIVE)) { 1560 fprintf(stderr, "Attempting to execute inactive qtd\n"); 1561 return USB_RET_PROCERR; 1562 } 1563 1564 if (get_field(p->qtd.token, QTD_TOKEN_TBYTES) > BUFF_SIZE) { 1565 ehci_trace_guest_bug(p->queue->ehci, 1566 "guest requested more bytes than allowed"); 1567 return USB_RET_PROCERR; 1568 } 1569 1570 p->pid = (p->qtd.token & QTD_TOKEN_PID_MASK) >> QTD_TOKEN_PID_SH; 1571 switch (p->pid) { 1572 case 0: 1573 p->pid = USB_TOKEN_OUT; 1574 break; 1575 case 1: 1576 p->pid = USB_TOKEN_IN; 1577 break; 1578 case 2: 1579 p->pid = USB_TOKEN_SETUP; 1580 break; 1581 default: 1582 fprintf(stderr, "bad token\n"); 1583 break; 1584 } 1585 1586 endp = get_field(p->queue->qh.epchar, QH_EPCHAR_EP); 1587 ep = usb_ep_get(p->queue->dev, p->pid, endp); 1588 1589 if (p->async == EHCI_ASYNC_NONE) { 1590 if (ehci_init_transfer(p) != 0) { 1591 return USB_RET_PROCERR; 1592 } 1593 1594 spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0); 1595 usb_packet_setup(&p->packet, p->pid, ep, p->qtdaddr, spd, 1596 (p->qtd.token & QTD_TOKEN_IOC) != 0); 1597 usb_packet_map(&p->packet, &p->sgl); 1598 p->async = EHCI_ASYNC_INITIALIZED; 1599 } 1600 1601 trace_usb_ehci_packet_action(p->queue, p, action); 1602 ret = usb_handle_packet(p->queue->dev, &p->packet); 1603 DPRINTF("submit: qh %x next %x qtd %x pid %x len %zd endp %x ret %d\n", 1604 q->qhaddr, q->qh.next, q->qtdaddr, q->pid, 1605 q->packet.iov.size, endp, ret); 1606 1607 if (ret > BUFF_SIZE) { 1608 fprintf(stderr, "ret from usb_handle_packet > BUFF_SIZE\n"); 1609 return USB_RET_PROCERR; 1610 } 1611 1612 return ret; 1613 } 1614 1615 /* 4.7.2 1616 */ 1617 1618 static int ehci_process_itd(EHCIState *ehci, 1619 EHCIitd *itd, 1620 uint32_t addr) 1621 { 1622 USBDevice *dev; 1623 USBEndpoint *ep; 1624 int ret; 1625 uint32_t i, len, pid, dir, devaddr, endp; 1626 uint32_t pg, off, ptr1, ptr2, max, mult; 1627 1628 dir =(itd->bufptr[1] & ITD_BUFPTR_DIRECTION); 1629 devaddr = get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR); 1630 endp = get_field(itd->bufptr[0], ITD_BUFPTR_EP); 1631 max = get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT); 1632 mult = get_field(itd->bufptr[2], ITD_BUFPTR_MULT); 1633 1634 for(i = 0; i < 8; i++) { 1635 if (itd->transact[i] & ITD_XACT_ACTIVE) { 1636 pg = get_field(itd->transact[i], ITD_XACT_PGSEL); 1637 off = itd->transact[i] & ITD_XACT_OFFSET_MASK; 1638 ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK); 1639 ptr2 = (itd->bufptr[pg+1] & ITD_BUFPTR_MASK); 1640 len = get_field(itd->transact[i], ITD_XACT_LENGTH); 1641 1642 if (len > max * mult) { 1643 len = max * mult; 1644 } 1645 1646 if (len > BUFF_SIZE) { 1647 return USB_RET_PROCERR; 1648 } 1649 1650 pci_dma_sglist_init(&ehci->isgl, &ehci->dev, 2); 1651 if (off + len > 4096) { 1652 /* transfer crosses page border */ 1653 uint32_t len2 = off + len - 4096; 1654 uint32_t len1 = len - len2; 1655 qemu_sglist_add(&ehci->isgl, ptr1 + off, len1); 1656 qemu_sglist_add(&ehci->isgl, ptr2, len2); 1657 } else { 1658 qemu_sglist_add(&ehci->isgl, ptr1 + off, len); 1659 } 1660 1661 pid = dir ? USB_TOKEN_IN : USB_TOKEN_OUT; 1662 1663 dev = ehci_find_device(ehci, devaddr); 1664 ep = usb_ep_get(dev, pid, endp); 1665 if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) { 1666 usb_packet_setup(&ehci->ipacket, pid, ep, addr, false, 1667 (itd->transact[i] & ITD_XACT_IOC) != 0); 1668 usb_packet_map(&ehci->ipacket, &ehci->isgl); 1669 ret = usb_handle_packet(dev, &ehci->ipacket); 1670 usb_packet_unmap(&ehci->ipacket, &ehci->isgl); 1671 } else { 1672 DPRINTF("ISOCH: attempt to addess non-iso endpoint\n"); 1673 ret = USB_RET_NAK; 1674 } 1675 qemu_sglist_destroy(&ehci->isgl); 1676 1677 if (ret < 0) { 1678 switch (ret) { 1679 default: 1680 fprintf(stderr, "Unexpected iso usb result: %d\n", ret); 1681 /* Fall through */ 1682 case USB_RET_IOERROR: 1683 case USB_RET_NODEV: 1684 /* 3.3.2: XACTERR is only allowed on IN transactions */ 1685 if (dir) { 1686 itd->transact[i] |= ITD_XACT_XACTERR; 1687 ehci_raise_irq(ehci, USBSTS_ERRINT); 1688 } 1689 break; 1690 case USB_RET_BABBLE: 1691 itd->transact[i] |= ITD_XACT_BABBLE; 1692 ehci_raise_irq(ehci, USBSTS_ERRINT); 1693 break; 1694 case USB_RET_NAK: 1695 /* no data for us, so do a zero-length transfer */ 1696 ret = 0; 1697 break; 1698 } 1699 } 1700 if (ret >= 0) { 1701 if (!dir) { 1702 /* OUT */ 1703 set_field(&itd->transact[i], len - ret, ITD_XACT_LENGTH); 1704 } else { 1705 /* IN */ 1706 set_field(&itd->transact[i], ret, ITD_XACT_LENGTH); 1707 } 1708 } 1709 if (itd->transact[i] & ITD_XACT_IOC) { 1710 ehci_raise_irq(ehci, USBSTS_INT); 1711 } 1712 itd->transact[i] &= ~ITD_XACT_ACTIVE; 1713 } 1714 } 1715 return 0; 1716 } 1717 1718 1719 /* This state is the entry point for asynchronous schedule 1720 * processing. Entry here consitutes a EHCI start event state (4.8.5) 1721 */ 1722 static int ehci_state_waitlisthead(EHCIState *ehci, int async) 1723 { 1724 EHCIqh qh; 1725 int i = 0; 1726 int again = 0; 1727 uint32_t entry = ehci->asynclistaddr; 1728 1729 /* set reclamation flag at start event (4.8.6) */ 1730 if (async) { 1731 ehci_set_usbsts(ehci, USBSTS_REC); 1732 } 1733 1734 ehci_queues_rip_unused(ehci, async); 1735 1736 /* Find the head of the list (4.9.1.1) */ 1737 for(i = 0; i < MAX_QH; i++) { 1738 get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &qh, 1739 sizeof(EHCIqh) >> 2); 1740 ehci_trace_qh(NULL, NLPTR_GET(entry), &qh); 1741 1742 if (qh.epchar & QH_EPCHAR_H) { 1743 if (async) { 1744 entry |= (NLPTR_TYPE_QH << 1); 1745 } 1746 1747 ehci_set_fetch_addr(ehci, async, entry); 1748 ehci_set_state(ehci, async, EST_FETCHENTRY); 1749 again = 1; 1750 goto out; 1751 } 1752 1753 entry = qh.next; 1754 if (entry == ehci->asynclistaddr) { 1755 break; 1756 } 1757 } 1758 1759 /* no head found for list. */ 1760 1761 ehci_set_state(ehci, async, EST_ACTIVE); 1762 1763 out: 1764 return again; 1765 } 1766 1767 1768 /* This state is the entry point for periodic schedule processing as 1769 * well as being a continuation state for async processing. 1770 */ 1771 static int ehci_state_fetchentry(EHCIState *ehci, int async) 1772 { 1773 int again = 0; 1774 uint32_t entry = ehci_get_fetch_addr(ehci, async); 1775 1776 if (NLPTR_TBIT(entry)) { 1777 ehci_set_state(ehci, async, EST_ACTIVE); 1778 goto out; 1779 } 1780 1781 /* section 4.8, only QH in async schedule */ 1782 if (async && (NLPTR_TYPE_GET(entry) != NLPTR_TYPE_QH)) { 1783 fprintf(stderr, "non queue head request in async schedule\n"); 1784 return -1; 1785 } 1786 1787 switch (NLPTR_TYPE_GET(entry)) { 1788 case NLPTR_TYPE_QH: 1789 ehci_set_state(ehci, async, EST_FETCHQH); 1790 again = 1; 1791 break; 1792 1793 case NLPTR_TYPE_ITD: 1794 ehci_set_state(ehci, async, EST_FETCHITD); 1795 again = 1; 1796 break; 1797 1798 case NLPTR_TYPE_STITD: 1799 ehci_set_state(ehci, async, EST_FETCHSITD); 1800 again = 1; 1801 break; 1802 1803 default: 1804 /* TODO: handle FSTN type */ 1805 fprintf(stderr, "FETCHENTRY: entry at %X is of type %d " 1806 "which is not supported yet\n", entry, NLPTR_TYPE_GET(entry)); 1807 return -1; 1808 } 1809 1810 out: 1811 return again; 1812 } 1813 1814 static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async) 1815 { 1816 EHCIPacket *p; 1817 uint32_t entry, devaddr, endp; 1818 EHCIQueue *q; 1819 EHCIqh qh; 1820 1821 entry = ehci_get_fetch_addr(ehci, async); 1822 q = ehci_find_queue_by_qh(ehci, entry, async); 1823 if (NULL == q) { 1824 q = ehci_alloc_queue(ehci, entry, async); 1825 } 1826 p = QTAILQ_FIRST(&q->packets); 1827 1828 q->seen++; 1829 if (q->seen > 1) { 1830 /* we are going in circles -- stop processing */ 1831 ehci_set_state(ehci, async, EST_ACTIVE); 1832 q = NULL; 1833 goto out; 1834 } 1835 1836 get_dwords(ehci, NLPTR_GET(q->qhaddr), 1837 (uint32_t *) &qh, sizeof(EHCIqh) >> 2); 1838 ehci_trace_qh(q, NLPTR_GET(q->qhaddr), &qh); 1839 1840 /* 1841 * The overlay area of the qh should never be changed by the guest, 1842 * except when idle, in which case the reset is a nop. 1843 */ 1844 devaddr = get_field(qh.epchar, QH_EPCHAR_DEVADDR); 1845 endp = get_field(qh.epchar, QH_EPCHAR_EP); 1846 if ((devaddr != get_field(q->qh.epchar, QH_EPCHAR_DEVADDR)) || 1847 (endp != get_field(q->qh.epchar, QH_EPCHAR_EP)) || 1848 (memcmp(&qh.current_qtd, &q->qh.current_qtd, 1849 9 * sizeof(uint32_t)) != 0) || 1850 (q->dev != NULL && q->dev->addr != devaddr)) { 1851 if (ehci_reset_queue(q) > 0) { 1852 ehci_trace_guest_bug(ehci, "guest updated active QH"); 1853 } 1854 p = NULL; 1855 } 1856 q->qh = qh; 1857 1858 q->transact_ctr = get_field(q->qh.epcap, QH_EPCAP_MULT); 1859 if (q->transact_ctr == 0) { /* Guest bug in some versions of windows */ 1860 q->transact_ctr = 4; 1861 } 1862 1863 if (q->dev == NULL) { 1864 q->dev = ehci_find_device(q->ehci, devaddr); 1865 } 1866 1867 if (p && p->async == EHCI_ASYNC_FINISHED) { 1868 /* I/O finished -- continue processing queue */ 1869 trace_usb_ehci_packet_action(p->queue, p, "complete"); 1870 ehci_set_state(ehci, async, EST_EXECUTING); 1871 goto out; 1872 } 1873 1874 if (async && (q->qh.epchar & QH_EPCHAR_H)) { 1875 1876 /* EHCI spec version 1.0 Section 4.8.3 & 4.10.1 */ 1877 if (ehci->usbsts & USBSTS_REC) { 1878 ehci_clear_usbsts(ehci, USBSTS_REC); 1879 } else { 1880 DPRINTF("FETCHQH: QH 0x%08x. H-bit set, reclamation status reset" 1881 " - done processing\n", q->qhaddr); 1882 ehci_set_state(ehci, async, EST_ACTIVE); 1883 q = NULL; 1884 goto out; 1885 } 1886 } 1887 1888 #if EHCI_DEBUG 1889 if (q->qhaddr != q->qh.next) { 1890 DPRINTF("FETCHQH: QH 0x%08x (h %x halt %x active %x) next 0x%08x\n", 1891 q->qhaddr, 1892 q->qh.epchar & QH_EPCHAR_H, 1893 q->qh.token & QTD_TOKEN_HALT, 1894 q->qh.token & QTD_TOKEN_ACTIVE, 1895 q->qh.next); 1896 } 1897 #endif 1898 1899 if (q->qh.token & QTD_TOKEN_HALT) { 1900 ehci_set_state(ehci, async, EST_HORIZONTALQH); 1901 1902 } else if ((q->qh.token & QTD_TOKEN_ACTIVE) && 1903 (NLPTR_TBIT(q->qh.current_qtd) == 0)) { 1904 q->qtdaddr = q->qh.current_qtd; 1905 ehci_set_state(ehci, async, EST_FETCHQTD); 1906 1907 } else { 1908 /* EHCI spec version 1.0 Section 4.10.2 */ 1909 ehci_set_state(ehci, async, EST_ADVANCEQUEUE); 1910 } 1911 1912 out: 1913 return q; 1914 } 1915 1916 static int ehci_state_fetchitd(EHCIState *ehci, int async) 1917 { 1918 uint32_t entry; 1919 EHCIitd itd; 1920 1921 assert(!async); 1922 entry = ehci_get_fetch_addr(ehci, async); 1923 1924 get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd, 1925 sizeof(EHCIitd) >> 2); 1926 ehci_trace_itd(ehci, entry, &itd); 1927 1928 if (ehci_process_itd(ehci, &itd, entry) != 0) { 1929 return -1; 1930 } 1931 1932 put_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd, 1933 sizeof(EHCIitd) >> 2); 1934 ehci_set_fetch_addr(ehci, async, itd.next); 1935 ehci_set_state(ehci, async, EST_FETCHENTRY); 1936 1937 return 1; 1938 } 1939 1940 static int ehci_state_fetchsitd(EHCIState *ehci, int async) 1941 { 1942 uint32_t entry; 1943 EHCIsitd sitd; 1944 1945 assert(!async); 1946 entry = ehci_get_fetch_addr(ehci, async); 1947 1948 get_dwords(ehci, NLPTR_GET(entry), (uint32_t *)&sitd, 1949 sizeof(EHCIsitd) >> 2); 1950 ehci_trace_sitd(ehci, entry, &sitd); 1951 1952 if (!(sitd.results & SITD_RESULTS_ACTIVE)) { 1953 /* siTD is not active, nothing to do */; 1954 } else { 1955 /* TODO: split transfers are not implemented */ 1956 fprintf(stderr, "WARNING: Skipping active siTD\n"); 1957 } 1958 1959 ehci_set_fetch_addr(ehci, async, sitd.next); 1960 ehci_set_state(ehci, async, EST_FETCHENTRY); 1961 return 1; 1962 } 1963 1964 /* Section 4.10.2 - paragraph 3 */ 1965 static int ehci_state_advqueue(EHCIQueue *q) 1966 { 1967 #if 0 1968 /* TO-DO: 4.10.2 - paragraph 2 1969 * if I-bit is set to 1 and QH is not active 1970 * go to horizontal QH 1971 */ 1972 if (I-bit set) { 1973 ehci_set_state(ehci, async, EST_HORIZONTALQH); 1974 goto out; 1975 } 1976 #endif 1977 1978 /* 1979 * want data and alt-next qTD is valid 1980 */ 1981 if (((q->qh.token & QTD_TOKEN_TBYTES_MASK) != 0) && 1982 (NLPTR_TBIT(q->qh.altnext_qtd) == 0)) { 1983 q->qtdaddr = q->qh.altnext_qtd; 1984 ehci_set_state(q->ehci, q->async, EST_FETCHQTD); 1985 1986 /* 1987 * next qTD is valid 1988 */ 1989 } else if (NLPTR_TBIT(q->qh.next_qtd) == 0) { 1990 q->qtdaddr = q->qh.next_qtd; 1991 ehci_set_state(q->ehci, q->async, EST_FETCHQTD); 1992 1993 /* 1994 * no valid qTD, try next QH 1995 */ 1996 } else { 1997 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); 1998 } 1999 2000 return 1; 2001 } 2002 2003 /* Section 4.10.2 - paragraph 4 */ 2004 static int ehci_state_fetchqtd(EHCIQueue *q) 2005 { 2006 EHCIqtd qtd; 2007 EHCIPacket *p; 2008 int again = 1; 2009 2010 get_dwords(q->ehci, NLPTR_GET(q->qtdaddr), (uint32_t *) &qtd, 2011 sizeof(EHCIqtd) >> 2); 2012 ehci_trace_qtd(q, NLPTR_GET(q->qtdaddr), &qtd); 2013 2014 p = QTAILQ_FIRST(&q->packets); 2015 if (p != NULL) { 2016 if (p->qtdaddr != q->qtdaddr || 2017 (!NLPTR_TBIT(p->qtd.next) && (p->qtd.next != qtd.next)) || 2018 (!NLPTR_TBIT(p->qtd.altnext) && (p->qtd.altnext != qtd.altnext)) || 2019 p->qtd.bufptr[0] != qtd.bufptr[0]) { 2020 ehci_cancel_queue(q); 2021 ehci_trace_guest_bug(q->ehci, "guest updated active QH or qTD"); 2022 p = NULL; 2023 } else { 2024 p->qtd = qtd; 2025 ehci_qh_do_overlay(q); 2026 } 2027 } 2028 2029 if (!(qtd.token & QTD_TOKEN_ACTIVE)) { 2030 if (p != NULL) { 2031 /* transfer canceled by guest (clear active) */ 2032 ehci_cancel_queue(q); 2033 p = NULL; 2034 } 2035 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); 2036 } else if (p != NULL) { 2037 switch (p->async) { 2038 case EHCI_ASYNC_NONE: 2039 case EHCI_ASYNC_INITIALIZED: 2040 /* Not yet executed (MULT), or previously nacked (int) packet */ 2041 ehci_set_state(q->ehci, q->async, EST_EXECUTE); 2042 break; 2043 case EHCI_ASYNC_INFLIGHT: 2044 /* Check if the guest has added new tds to the queue */ 2045 again = (ehci_fill_queue(QTAILQ_LAST(&q->packets, pkts_head)) == 2046 USB_RET_PROCERR) ? -1 : 1; 2047 /* Unfinished async handled packet, go horizontal */ 2048 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); 2049 break; 2050 case EHCI_ASYNC_FINISHED: 2051 /* 2052 * We get here when advqueue moves to a packet which is already 2053 * finished, which can happen with packets queued up by fill_queue 2054 */ 2055 ehci_set_state(q->ehci, q->async, EST_EXECUTING); 2056 break; 2057 } 2058 } else { 2059 p = ehci_alloc_packet(q); 2060 p->qtdaddr = q->qtdaddr; 2061 p->qtd = qtd; 2062 ehci_set_state(q->ehci, q->async, EST_EXECUTE); 2063 } 2064 2065 return again; 2066 } 2067 2068 static int ehci_state_horizqh(EHCIQueue *q) 2069 { 2070 int again = 0; 2071 2072 if (ehci_get_fetch_addr(q->ehci, q->async) != q->qh.next) { 2073 ehci_set_fetch_addr(q->ehci, q->async, q->qh.next); 2074 ehci_set_state(q->ehci, q->async, EST_FETCHENTRY); 2075 again = 1; 2076 } else { 2077 ehci_set_state(q->ehci, q->async, EST_ACTIVE); 2078 } 2079 2080 return again; 2081 } 2082 2083 static int ehci_fill_queue(EHCIPacket *p) 2084 { 2085 USBEndpoint *ep = p->packet.ep; 2086 EHCIQueue *q = p->queue; 2087 EHCIqtd qtd = p->qtd; 2088 uint32_t qtdaddr, start_addr = p->qtdaddr; 2089 2090 for (;;) { 2091 if (NLPTR_TBIT(qtd.next) != 0) { 2092 break; 2093 } 2094 qtdaddr = qtd.next; 2095 /* 2096 * Detect circular td lists, Windows creates these, counting on the 2097 * active bit going low after execution to make the queue stop. 2098 */ 2099 if (qtdaddr == start_addr) { 2100 break; 2101 } 2102 get_dwords(q->ehci, NLPTR_GET(qtdaddr), 2103 (uint32_t *) &qtd, sizeof(EHCIqtd) >> 2); 2104 ehci_trace_qtd(q, NLPTR_GET(qtdaddr), &qtd); 2105 if (!(qtd.token & QTD_TOKEN_ACTIVE)) { 2106 break; 2107 } 2108 p = ehci_alloc_packet(q); 2109 p->qtdaddr = qtdaddr; 2110 p->qtd = qtd; 2111 p->usb_status = ehci_execute(p, "queue"); 2112 if (p->usb_status == USB_RET_PROCERR) { 2113 break; 2114 } 2115 assert(p->usb_status == USB_RET_ASYNC); 2116 p->async = EHCI_ASYNC_INFLIGHT; 2117 } 2118 if (p->usb_status != USB_RET_PROCERR) { 2119 usb_device_flush_ep_queue(ep->dev, ep); 2120 } 2121 return p->usb_status; 2122 } 2123 2124 static int ehci_state_execute(EHCIQueue *q) 2125 { 2126 EHCIPacket *p = QTAILQ_FIRST(&q->packets); 2127 int again = 0; 2128 2129 assert(p != NULL); 2130 assert(p->qtdaddr == q->qtdaddr); 2131 2132 if (ehci_qh_do_overlay(q) != 0) { 2133 return -1; 2134 } 2135 2136 // TODO verify enough time remains in the uframe as in 4.4.1.1 2137 // TODO write back ptr to async list when done or out of time 2138 2139 /* 4.10.3, bottom of page 82, go horizontal on transaction counter == 0 */ 2140 if (!q->async && q->transact_ctr == 0) { 2141 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); 2142 again = 1; 2143 goto out; 2144 } 2145 2146 if (q->async) { 2147 ehci_set_usbsts(q->ehci, USBSTS_REC); 2148 } 2149 2150 p->usb_status = ehci_execute(p, "process"); 2151 if (p->usb_status == USB_RET_PROCERR) { 2152 again = -1; 2153 goto out; 2154 } 2155 if (p->usb_status == USB_RET_ASYNC) { 2156 ehci_flush_qh(q); 2157 trace_usb_ehci_packet_action(p->queue, p, "async"); 2158 p->async = EHCI_ASYNC_INFLIGHT; 2159 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); 2160 if (q->async) { 2161 again = (ehci_fill_queue(p) == USB_RET_PROCERR) ? -1 : 1; 2162 } else { 2163 again = 1; 2164 } 2165 goto out; 2166 } 2167 2168 ehci_set_state(q->ehci, q->async, EST_EXECUTING); 2169 again = 1; 2170 2171 out: 2172 return again; 2173 } 2174 2175 static int ehci_state_executing(EHCIQueue *q) 2176 { 2177 EHCIPacket *p = QTAILQ_FIRST(&q->packets); 2178 2179 assert(p != NULL); 2180 assert(p->qtdaddr == q->qtdaddr); 2181 2182 ehci_execute_complete(q); 2183 2184 /* 4.10.3 */ 2185 if (!q->async && q->transact_ctr > 0) { 2186 q->transact_ctr--; 2187 } 2188 2189 /* 4.10.5 */ 2190 if (p->usb_status == USB_RET_NAK) { 2191 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); 2192 } else { 2193 ehci_set_state(q->ehci, q->async, EST_WRITEBACK); 2194 } 2195 2196 ehci_flush_qh(q); 2197 return 1; 2198 } 2199 2200 2201 static int ehci_state_writeback(EHCIQueue *q) 2202 { 2203 EHCIPacket *p = QTAILQ_FIRST(&q->packets); 2204 uint32_t *qtd, addr; 2205 int again = 0; 2206 2207 /* Write back the QTD from the QH area */ 2208 assert(p != NULL); 2209 assert(p->qtdaddr == q->qtdaddr); 2210 2211 ehci_trace_qtd(q, NLPTR_GET(p->qtdaddr), (EHCIqtd *) &q->qh.next_qtd); 2212 qtd = (uint32_t *) &q->qh.next_qtd; 2213 addr = NLPTR_GET(p->qtdaddr); 2214 put_dwords(q->ehci, addr + 2 * sizeof(uint32_t), qtd + 2, 2); 2215 ehci_free_packet(p); 2216 2217 /* 2218 * EHCI specs say go horizontal here. 2219 * 2220 * We can also advance the queue here for performance reasons. We 2221 * need to take care to only take that shortcut in case we've 2222 * processed the qtd just written back without errors, i.e. halt 2223 * bit is clear. 2224 */ 2225 if (q->qh.token & QTD_TOKEN_HALT) { 2226 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH); 2227 again = 1; 2228 } else { 2229 ehci_set_state(q->ehci, q->async, EST_ADVANCEQUEUE); 2230 again = 1; 2231 } 2232 return again; 2233 } 2234 2235 /* 2236 * This is the state machine that is common to both async and periodic 2237 */ 2238 2239 static void ehci_advance_state(EHCIState *ehci, int async) 2240 { 2241 EHCIQueue *q = NULL; 2242 int again; 2243 2244 do { 2245 switch(ehci_get_state(ehci, async)) { 2246 case EST_WAITLISTHEAD: 2247 again = ehci_state_waitlisthead(ehci, async); 2248 break; 2249 2250 case EST_FETCHENTRY: 2251 again = ehci_state_fetchentry(ehci, async); 2252 break; 2253 2254 case EST_FETCHQH: 2255 q = ehci_state_fetchqh(ehci, async); 2256 if (q != NULL) { 2257 assert(q->async == async); 2258 again = 1; 2259 } else { 2260 again = 0; 2261 } 2262 break; 2263 2264 case EST_FETCHITD: 2265 again = ehci_state_fetchitd(ehci, async); 2266 break; 2267 2268 case EST_FETCHSITD: 2269 again = ehci_state_fetchsitd(ehci, async); 2270 break; 2271 2272 case EST_ADVANCEQUEUE: 2273 again = ehci_state_advqueue(q); 2274 break; 2275 2276 case EST_FETCHQTD: 2277 again = ehci_state_fetchqtd(q); 2278 break; 2279 2280 case EST_HORIZONTALQH: 2281 again = ehci_state_horizqh(q); 2282 break; 2283 2284 case EST_EXECUTE: 2285 again = ehci_state_execute(q); 2286 if (async) { 2287 ehci->async_stepdown = 0; 2288 } 2289 break; 2290 2291 case EST_EXECUTING: 2292 assert(q != NULL); 2293 if (async) { 2294 ehci->async_stepdown = 0; 2295 } 2296 again = ehci_state_executing(q); 2297 break; 2298 2299 case EST_WRITEBACK: 2300 assert(q != NULL); 2301 again = ehci_state_writeback(q); 2302 break; 2303 2304 default: 2305 fprintf(stderr, "Bad state!\n"); 2306 again = -1; 2307 assert(0); 2308 break; 2309 } 2310 2311 if (again < 0) { 2312 fprintf(stderr, "processing error - resetting ehci HC\n"); 2313 ehci_reset(ehci); 2314 again = 0; 2315 } 2316 } 2317 while (again); 2318 } 2319 2320 static void ehci_advance_async_state(EHCIState *ehci) 2321 { 2322 const int async = 1; 2323 2324 switch(ehci_get_state(ehci, async)) { 2325 case EST_INACTIVE: 2326 if (!ehci_async_enabled(ehci)) { 2327 break; 2328 } 2329 ehci_set_state(ehci, async, EST_ACTIVE); 2330 // No break, fall through to ACTIVE 2331 2332 case EST_ACTIVE: 2333 if (!ehci_async_enabled(ehci)) { 2334 ehci_queues_rip_all(ehci, async); 2335 ehci_set_state(ehci, async, EST_INACTIVE); 2336 break; 2337 } 2338 2339 /* make sure guest has acknowledged the doorbell interrupt */ 2340 /* TO-DO: is this really needed? */ 2341 if (ehci->usbsts & USBSTS_IAA) { 2342 DPRINTF("IAA status bit still set.\n"); 2343 break; 2344 } 2345 2346 /* check that address register has been set */ 2347 if (ehci->asynclistaddr == 0) { 2348 break; 2349 } 2350 2351 ehci_set_state(ehci, async, EST_WAITLISTHEAD); 2352 ehci_advance_state(ehci, async); 2353 2354 /* If the doorbell is set, the guest wants to make a change to the 2355 * schedule. The host controller needs to release cached data. 2356 * (section 4.8.2) 2357 */ 2358 if (ehci->usbcmd & USBCMD_IAAD) { 2359 /* Remove all unseen qhs from the async qhs queue */ 2360 ehci_queues_rip_unseen(ehci, async); 2361 trace_usb_ehci_doorbell_ack(); 2362 ehci->usbcmd &= ~USBCMD_IAAD; 2363 ehci_raise_irq(ehci, USBSTS_IAA); 2364 } 2365 break; 2366 2367 default: 2368 /* this should only be due to a developer mistake */ 2369 fprintf(stderr, "ehci: Bad asynchronous state %d. " 2370 "Resetting to active\n", ehci->astate); 2371 assert(0); 2372 } 2373 } 2374 2375 static void ehci_advance_periodic_state(EHCIState *ehci) 2376 { 2377 uint32_t entry; 2378 uint32_t list; 2379 const int async = 0; 2380 2381 // 4.6 2382 2383 switch(ehci_get_state(ehci, async)) { 2384 case EST_INACTIVE: 2385 if (!(ehci->frindex & 7) && ehci_periodic_enabled(ehci)) { 2386 ehci_set_state(ehci, async, EST_ACTIVE); 2387 // No break, fall through to ACTIVE 2388 } else 2389 break; 2390 2391 case EST_ACTIVE: 2392 if (!(ehci->frindex & 7) && !ehci_periodic_enabled(ehci)) { 2393 ehci_queues_rip_all(ehci, async); 2394 ehci_set_state(ehci, async, EST_INACTIVE); 2395 break; 2396 } 2397 2398 list = ehci->periodiclistbase & 0xfffff000; 2399 /* check that register has been set */ 2400 if (list == 0) { 2401 break; 2402 } 2403 list |= ((ehci->frindex & 0x1ff8) >> 1); 2404 2405 pci_dma_read(&ehci->dev, list, &entry, sizeof entry); 2406 entry = le32_to_cpu(entry); 2407 2408 DPRINTF("PERIODIC state adv fr=%d. [%08X] -> %08X\n", 2409 ehci->frindex / 8, list, entry); 2410 ehci_set_fetch_addr(ehci, async,entry); 2411 ehci_set_state(ehci, async, EST_FETCHENTRY); 2412 ehci_advance_state(ehci, async); 2413 ehci_queues_rip_unused(ehci, async); 2414 break; 2415 2416 default: 2417 /* this should only be due to a developer mistake */ 2418 fprintf(stderr, "ehci: Bad periodic state %d. " 2419 "Resetting to active\n", ehci->pstate); 2420 assert(0); 2421 } 2422 } 2423 2424 static void ehci_update_frindex(EHCIState *ehci, int frames) 2425 { 2426 int i; 2427 2428 if (!ehci_enabled(ehci)) { 2429 return; 2430 } 2431 2432 for (i = 0; i < frames; i++) { 2433 ehci->frindex += 8; 2434 2435 if (ehci->frindex == 0x00002000) { 2436 ehci_raise_irq(ehci, USBSTS_FLR); 2437 } 2438 2439 if (ehci->frindex == 0x00004000) { 2440 ehci_raise_irq(ehci, USBSTS_FLR); 2441 ehci->frindex = 0; 2442 if (ehci->usbsts_frindex >= 0x00004000) { 2443 ehci->usbsts_frindex -= 0x00004000; 2444 } else { 2445 ehci->usbsts_frindex = 0; 2446 } 2447 } 2448 } 2449 } 2450 2451 static void ehci_frame_timer(void *opaque) 2452 { 2453 EHCIState *ehci = opaque; 2454 int need_timer = 0; 2455 int64_t expire_time, t_now; 2456 uint64_t ns_elapsed; 2457 int frames, skipped_frames; 2458 int i; 2459 2460 t_now = qemu_get_clock_ns(vm_clock); 2461 ns_elapsed = t_now - ehci->last_run_ns; 2462 frames = ns_elapsed / FRAME_TIMER_NS; 2463 2464 if (ehci_periodic_enabled(ehci) || ehci->pstate != EST_INACTIVE) { 2465 need_timer++; 2466 ehci->async_stepdown = 0; 2467 2468 if (frames > ehci->maxframes) { 2469 skipped_frames = frames - ehci->maxframes; 2470 ehci_update_frindex(ehci, skipped_frames); 2471 ehci->last_run_ns += FRAME_TIMER_NS * skipped_frames; 2472 frames -= skipped_frames; 2473 DPRINTF("WARNING - EHCI skipped %d frames\n", skipped_frames); 2474 } 2475 2476 for (i = 0; i < frames; i++) { 2477 /* 2478 * If we're running behind schedule, we should not catch up 2479 * too fast, as that will make some guests unhappy: 2480 * 1) We must process a minimum of MIN_FR_PER_TICK frames, 2481 * otherwise we will never catch up 2482 * 2) Process frames until the guest has requested an irq (IOC) 2483 */ 2484 if (i >= MIN_FR_PER_TICK) { 2485 ehci_commit_irq(ehci); 2486 if ((ehci->usbsts & USBINTR_MASK) & ehci->usbintr) { 2487 break; 2488 } 2489 } 2490 ehci_update_frindex(ehci, 1); 2491 ehci_advance_periodic_state(ehci); 2492 ehci->last_run_ns += FRAME_TIMER_NS; 2493 } 2494 } else { 2495 if (ehci->async_stepdown < ehci->maxframes / 2) { 2496 ehci->async_stepdown++; 2497 } 2498 ehci_update_frindex(ehci, frames); 2499 ehci->last_run_ns += FRAME_TIMER_NS * frames; 2500 } 2501 2502 /* Async is not inside loop since it executes everything it can once 2503 * called 2504 */ 2505 if (ehci_async_enabled(ehci) || ehci->astate != EST_INACTIVE) { 2506 need_timer++; 2507 ehci_advance_async_state(ehci); 2508 } 2509 2510 ehci_commit_irq(ehci); 2511 if (ehci->usbsts_pending) { 2512 need_timer++; 2513 ehci->async_stepdown = 0; 2514 } 2515 2516 if (need_timer) { 2517 /* If we've raised int, we speed up the timer, so that we quickly 2518 * notice any new packets queued up in response */ 2519 if (ehci->int_req_by_async && (ehci->usbsts & USBSTS_INT)) { 2520 expire_time = t_now + get_ticks_per_sec() / (FRAME_TIMER_FREQ * 2); 2521 ehci->int_req_by_async = false; 2522 } else { 2523 expire_time = t_now + (get_ticks_per_sec() 2524 * (ehci->async_stepdown+1) / FRAME_TIMER_FREQ); 2525 } 2526 qemu_mod_timer(ehci->frame_timer, expire_time); 2527 } 2528 } 2529 2530 static const MemoryRegionOps ehci_mmio_caps_ops = { 2531 .read = ehci_caps_read, 2532 .valid.min_access_size = 1, 2533 .valid.max_access_size = 4, 2534 .impl.min_access_size = 1, 2535 .impl.max_access_size = 1, 2536 .endianness = DEVICE_LITTLE_ENDIAN, 2537 }; 2538 2539 static const MemoryRegionOps ehci_mmio_opreg_ops = { 2540 .read = ehci_opreg_read, 2541 .write = ehci_opreg_write, 2542 .valid.min_access_size = 4, 2543 .valid.max_access_size = 4, 2544 .endianness = DEVICE_LITTLE_ENDIAN, 2545 }; 2546 2547 static const MemoryRegionOps ehci_mmio_port_ops = { 2548 .read = ehci_port_read, 2549 .write = ehci_port_write, 2550 .valid.min_access_size = 4, 2551 .valid.max_access_size = 4, 2552 .endianness = DEVICE_LITTLE_ENDIAN, 2553 }; 2554 2555 static int usb_ehci_initfn(PCIDevice *dev); 2556 2557 static USBPortOps ehci_port_ops = { 2558 .attach = ehci_attach, 2559 .detach = ehci_detach, 2560 .child_detach = ehci_child_detach, 2561 .wakeup = ehci_wakeup, 2562 .complete = ehci_async_complete_packet, 2563 }; 2564 2565 static USBBusOps ehci_bus_ops = { 2566 .register_companion = ehci_register_companion, 2567 }; 2568 2569 static int usb_ehci_post_load(void *opaque, int version_id) 2570 { 2571 EHCIState *s = opaque; 2572 int i; 2573 2574 for (i = 0; i < NB_PORTS; i++) { 2575 USBPort *companion = s->companion_ports[i]; 2576 if (companion == NULL) { 2577 continue; 2578 } 2579 if (s->portsc[i] & PORTSC_POWNER) { 2580 companion->dev = s->ports[i].dev; 2581 } else { 2582 companion->dev = NULL; 2583 } 2584 } 2585 2586 return 0; 2587 } 2588 2589 static void usb_ehci_vm_state_change(void *opaque, int running, RunState state) 2590 { 2591 EHCIState *ehci = opaque; 2592 2593 /* 2594 * We don't migrate the EHCIQueue-s, instead we rebuild them for the 2595 * schedule in guest memory. We must do the rebuilt ASAP, so that 2596 * USB-devices which have async handled packages have a packet in the 2597 * ep queue to match the completion with. 2598 */ 2599 if (state == RUN_STATE_RUNNING) { 2600 ehci_advance_async_state(ehci); 2601 } 2602 2603 /* 2604 * The schedule rebuilt from guest memory could cause the migration dest 2605 * to miss a QH unlink, and fail to cancel packets, since the unlinked QH 2606 * will never have existed on the destination. Therefor we must flush the 2607 * async schedule on savevm to catch any not yet noticed unlinks. 2608 */ 2609 if (state == RUN_STATE_SAVE_VM) { 2610 ehci_advance_async_state(ehci); 2611 ehci_queues_rip_unseen(ehci, 1); 2612 } 2613 } 2614 2615 static const VMStateDescription vmstate_ehci = { 2616 .name = "ehci", 2617 .version_id = 2, 2618 .minimum_version_id = 1, 2619 .post_load = usb_ehci_post_load, 2620 .fields = (VMStateField[]) { 2621 VMSTATE_PCI_DEVICE(dev, EHCIState), 2622 /* mmio registers */ 2623 VMSTATE_UINT32(usbcmd, EHCIState), 2624 VMSTATE_UINT32(usbsts, EHCIState), 2625 VMSTATE_UINT32_V(usbsts_pending, EHCIState, 2), 2626 VMSTATE_UINT32_V(usbsts_frindex, EHCIState, 2), 2627 VMSTATE_UINT32(usbintr, EHCIState), 2628 VMSTATE_UINT32(frindex, EHCIState), 2629 VMSTATE_UINT32(ctrldssegment, EHCIState), 2630 VMSTATE_UINT32(periodiclistbase, EHCIState), 2631 VMSTATE_UINT32(asynclistaddr, EHCIState), 2632 VMSTATE_UINT32(configflag, EHCIState), 2633 VMSTATE_UINT32(portsc[0], EHCIState), 2634 VMSTATE_UINT32(portsc[1], EHCIState), 2635 VMSTATE_UINT32(portsc[2], EHCIState), 2636 VMSTATE_UINT32(portsc[3], EHCIState), 2637 VMSTATE_UINT32(portsc[4], EHCIState), 2638 VMSTATE_UINT32(portsc[5], EHCIState), 2639 /* frame timer */ 2640 VMSTATE_TIMER(frame_timer, EHCIState), 2641 VMSTATE_UINT64(last_run_ns, EHCIState), 2642 VMSTATE_UINT32(async_stepdown, EHCIState), 2643 /* schedule state */ 2644 VMSTATE_UINT32(astate, EHCIState), 2645 VMSTATE_UINT32(pstate, EHCIState), 2646 VMSTATE_UINT32(a_fetch_addr, EHCIState), 2647 VMSTATE_UINT32(p_fetch_addr, EHCIState), 2648 VMSTATE_END_OF_LIST() 2649 } 2650 }; 2651 2652 static Property ehci_properties[] = { 2653 DEFINE_PROP_UINT32("maxframes", EHCIState, maxframes, 128), 2654 DEFINE_PROP_END_OF_LIST(), 2655 }; 2656 2657 static void ehci_class_init(ObjectClass *klass, void *data) 2658 { 2659 DeviceClass *dc = DEVICE_CLASS(klass); 2660 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2661 2662 k->init = usb_ehci_initfn; 2663 k->vendor_id = PCI_VENDOR_ID_INTEL; 2664 k->device_id = PCI_DEVICE_ID_INTEL_82801D; /* ich4 */ 2665 k->revision = 0x10; 2666 k->class_id = PCI_CLASS_SERIAL_USB; 2667 dc->vmsd = &vmstate_ehci; 2668 dc->props = ehci_properties; 2669 } 2670 2671 static TypeInfo ehci_info = { 2672 .name = "usb-ehci", 2673 .parent = TYPE_PCI_DEVICE, 2674 .instance_size = sizeof(EHCIState), 2675 .class_init = ehci_class_init, 2676 }; 2677 2678 static void ich9_ehci_class_init(ObjectClass *klass, void *data) 2679 { 2680 DeviceClass *dc = DEVICE_CLASS(klass); 2681 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 2682 2683 k->init = usb_ehci_initfn; 2684 k->vendor_id = PCI_VENDOR_ID_INTEL; 2685 k->device_id = PCI_DEVICE_ID_INTEL_82801I_EHCI1; 2686 k->revision = 0x03; 2687 k->class_id = PCI_CLASS_SERIAL_USB; 2688 dc->vmsd = &vmstate_ehci; 2689 dc->props = ehci_properties; 2690 } 2691 2692 static TypeInfo ich9_ehci_info = { 2693 .name = "ich9-usb-ehci1", 2694 .parent = TYPE_PCI_DEVICE, 2695 .instance_size = sizeof(EHCIState), 2696 .class_init = ich9_ehci_class_init, 2697 }; 2698 2699 static int usb_ehci_initfn(PCIDevice *dev) 2700 { 2701 EHCIState *s = DO_UPCAST(EHCIState, dev, dev); 2702 uint8_t *pci_conf = s->dev.config; 2703 int i; 2704 2705 pci_set_byte(&pci_conf[PCI_CLASS_PROG], 0x20); 2706 2707 /* capabilities pointer */ 2708 pci_set_byte(&pci_conf[PCI_CAPABILITY_LIST], 0x00); 2709 //pci_set_byte(&pci_conf[PCI_CAPABILITY_LIST], 0x50); 2710 2711 pci_set_byte(&pci_conf[PCI_INTERRUPT_PIN], 4); /* interrupt pin D */ 2712 pci_set_byte(&pci_conf[PCI_MIN_GNT], 0); 2713 pci_set_byte(&pci_conf[PCI_MAX_LAT], 0); 2714 2715 // pci_conf[0x50] = 0x01; // power management caps 2716 2717 pci_set_byte(&pci_conf[USB_SBRN], USB_RELEASE_2); // release number (2.1.4) 2718 pci_set_byte(&pci_conf[0x61], 0x20); // frame length adjustment (2.1.5) 2719 pci_set_word(&pci_conf[0x62], 0x00); // port wake up capability (2.1.6) 2720 2721 pci_conf[0x64] = 0x00; 2722 pci_conf[0x65] = 0x00; 2723 pci_conf[0x66] = 0x00; 2724 pci_conf[0x67] = 0x00; 2725 pci_conf[0x68] = 0x01; 2726 pci_conf[0x69] = 0x00; 2727 pci_conf[0x6a] = 0x00; 2728 pci_conf[0x6b] = 0x00; // USBLEGSUP 2729 pci_conf[0x6c] = 0x00; 2730 pci_conf[0x6d] = 0x00; 2731 pci_conf[0x6e] = 0x00; 2732 pci_conf[0x6f] = 0xc0; // USBLEFCTLSTS 2733 2734 /* 2.2 host controller interface version */ 2735 s->caps[0x00] = (uint8_t) OPREGBASE; 2736 s->caps[0x01] = 0x00; 2737 s->caps[0x02] = 0x00; 2738 s->caps[0x03] = 0x01; /* HC version */ 2739 s->caps[0x04] = NB_PORTS; /* Number of downstream ports */ 2740 s->caps[0x05] = 0x00; /* No companion ports at present */ 2741 s->caps[0x06] = 0x00; 2742 s->caps[0x07] = 0x00; 2743 s->caps[0x08] = 0x80; /* We can cache whole frame, no 64-bit */ 2744 s->caps[0x09] = 0x68; /* EECP */ 2745 s->caps[0x0a] = 0x00; 2746 s->caps[0x0b] = 0x00; 2747 2748 s->irq = s->dev.irq[3]; 2749 2750 usb_bus_new(&s->bus, &ehci_bus_ops, &s->dev.qdev); 2751 for(i = 0; i < NB_PORTS; i++) { 2752 usb_register_port(&s->bus, &s->ports[i], s, i, &ehci_port_ops, 2753 USB_SPEED_MASK_HIGH); 2754 s->ports[i].dev = 0; 2755 } 2756 2757 s->frame_timer = qemu_new_timer_ns(vm_clock, ehci_frame_timer, s); 2758 s->async_bh = qemu_bh_new(ehci_frame_timer, s); 2759 QTAILQ_INIT(&s->aqueues); 2760 QTAILQ_INIT(&s->pqueues); 2761 usb_packet_init(&s->ipacket); 2762 2763 qemu_register_reset(ehci_reset, s); 2764 qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s); 2765 2766 memory_region_init(&s->mem, "ehci", MMIO_SIZE); 2767 memory_region_init_io(&s->mem_caps, &ehci_mmio_caps_ops, s, 2768 "capabilities", OPREGBASE); 2769 memory_region_init_io(&s->mem_opreg, &ehci_mmio_opreg_ops, s, 2770 "operational", PORTSC_BEGIN - OPREGBASE); 2771 memory_region_init_io(&s->mem_ports, &ehci_mmio_port_ops, s, 2772 "ports", PORTSC_END - PORTSC_BEGIN); 2773 2774 memory_region_add_subregion(&s->mem, 0, &s->mem_caps); 2775 memory_region_add_subregion(&s->mem, OPREGBASE, &s->mem_opreg); 2776 memory_region_add_subregion(&s->mem, PORTSC_BEGIN, &s->mem_ports); 2777 2778 pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mem); 2779 2780 return 0; 2781 } 2782 2783 static void ehci_register_types(void) 2784 { 2785 type_register_static(&ehci_info); 2786 type_register_static(&ich9_ehci_info); 2787 } 2788 2789 type_init(ehci_register_types) 2790 2791 /* 2792 * vim: expandtab ts=4 2793 */ 2794