1 /*
2 * QEMU USB OHCI Emulation
3 * Copyright (c) 2004 Gianni Tedesco
4 * Copyright (c) 2006 CodeSourcery
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 *
20 * TODO:
21 * o Isochronous transfers
22 * o Allocate bandwidth in frames properly
23 * o Disable timers when nothing needs to be done, or remove timer usage
24 * all together.
25 * o BIOS work to boot from USB storage
26 */
27
28 #include "qemu/osdep.h"
29 #include "hw/irq.h"
30 #include "qapi/error.h"
31 #include "qemu/module.h"
32 #include "qemu/timer.h"
33 #include "hw/usb.h"
34 #include "migration/vmstate.h"
35 #include "hw/sysbus.h"
36 #include "hw/qdev-dma.h"
37 #include "hw/qdev-properties.h"
38 #include "trace.h"
39 #include "hcd-ohci.h"
40
41 /* This causes frames to occur 1000x slower */
42 //#define OHCI_TIME_WARP 1
43
44 #define ED_LINK_LIMIT 32
45
46 static int64_t usb_frame_time;
47 static int64_t usb_bit_time;
48
49 /* Host Controller Communications Area */
50 struct ohci_hcca {
51 uint32_t intr[32];
52 uint16_t frame, pad;
53 uint32_t done;
54 };
55 #define HCCA_WRITEBACK_OFFSET offsetof(struct ohci_hcca, frame)
56 #define HCCA_WRITEBACK_SIZE 8 /* frame, pad, done */
57
58 #define ED_WBACK_OFFSET offsetof(struct ohci_ed, head)
59 #define ED_WBACK_SIZE 4
60
61 static void ohci_async_cancel_device(OHCIState *ohci, USBDevice *dev);
62
63 /* Bitfields for the first word of an Endpoint Desciptor. */
64 #define OHCI_ED_FA_SHIFT 0
65 #define OHCI_ED_FA_MASK (0x7f<<OHCI_ED_FA_SHIFT)
66 #define OHCI_ED_EN_SHIFT 7
67 #define OHCI_ED_EN_MASK (0xf<<OHCI_ED_EN_SHIFT)
68 #define OHCI_ED_D_SHIFT 11
69 #define OHCI_ED_D_MASK (3<<OHCI_ED_D_SHIFT)
70 #define OHCI_ED_S (1<<13)
71 #define OHCI_ED_K (1<<14)
72 #define OHCI_ED_F (1<<15)
73 #define OHCI_ED_MPS_SHIFT 16
74 #define OHCI_ED_MPS_MASK (0x7ff<<OHCI_ED_MPS_SHIFT)
75
76 /* Flags in the head field of an Endpoint Desciptor. */
77 #define OHCI_ED_H 1
78 #define OHCI_ED_C 2
79
80 /* Bitfields for the first word of a Transfer Desciptor. */
81 #define OHCI_TD_R (1<<18)
82 #define OHCI_TD_DP_SHIFT 19
83 #define OHCI_TD_DP_MASK (3<<OHCI_TD_DP_SHIFT)
84 #define OHCI_TD_DI_SHIFT 21
85 #define OHCI_TD_DI_MASK (7<<OHCI_TD_DI_SHIFT)
86 #define OHCI_TD_T0 (1<<24)
87 #define OHCI_TD_T1 (1<<25)
88 #define OHCI_TD_EC_SHIFT 26
89 #define OHCI_TD_EC_MASK (3<<OHCI_TD_EC_SHIFT)
90 #define OHCI_TD_CC_SHIFT 28
91 #define OHCI_TD_CC_MASK (0xf<<OHCI_TD_CC_SHIFT)
92
93 /* Bitfields for the first word of an Isochronous Transfer Desciptor. */
94 /* CC & DI - same as in the General Transfer Desciptor */
95 #define OHCI_TD_SF_SHIFT 0
96 #define OHCI_TD_SF_MASK (0xffff<<OHCI_TD_SF_SHIFT)
97 #define OHCI_TD_FC_SHIFT 24
98 #define OHCI_TD_FC_MASK (7<<OHCI_TD_FC_SHIFT)
99
100 /* Isochronous Transfer Desciptor - Offset / PacketStatusWord */
101 #define OHCI_TD_PSW_CC_SHIFT 12
102 #define OHCI_TD_PSW_CC_MASK (0xf<<OHCI_TD_PSW_CC_SHIFT)
103 #define OHCI_TD_PSW_SIZE_SHIFT 0
104 #define OHCI_TD_PSW_SIZE_MASK (0xfff<<OHCI_TD_PSW_SIZE_SHIFT)
105
106 #define OHCI_PAGE_MASK 0xfffff000
107 #define OHCI_OFFSET_MASK 0xfff
108
109 #define OHCI_DPTR_MASK 0xfffffff0
110
111 #define OHCI_BM(val, field) \
112 (((val) & OHCI_##field##_MASK) >> OHCI_##field##_SHIFT)
113
114 #define OHCI_SET_BM(val, field, newval) do { \
115 val &= ~OHCI_##field##_MASK; \
116 val |= ((newval) << OHCI_##field##_SHIFT) & OHCI_##field##_MASK; \
117 } while(0)
118
119 /* endpoint descriptor */
120 struct ohci_ed {
121 uint32_t flags;
122 uint32_t tail;
123 uint32_t head;
124 uint32_t next;
125 };
126
127 /* General transfer descriptor */
128 struct ohci_td {
129 uint32_t flags;
130 uint32_t cbp;
131 uint32_t next;
132 uint32_t be;
133 };
134
135 /* Isochronous transfer descriptor */
136 struct ohci_iso_td {
137 uint32_t flags;
138 uint32_t bp;
139 uint32_t next;
140 uint32_t be;
141 uint16_t offset[8];
142 };
143
144 #define USB_HZ 12000000
145
146 /* OHCI Local stuff */
147 #define OHCI_CTL_CBSR ((1<<0)|(1<<1))
148 #define OHCI_CTL_PLE (1<<2)
149 #define OHCI_CTL_IE (1<<3)
150 #define OHCI_CTL_CLE (1<<4)
151 #define OHCI_CTL_BLE (1<<5)
152 #define OHCI_CTL_HCFS ((1<<6)|(1<<7))
153 #define OHCI_USB_RESET 0x00
154 #define OHCI_USB_RESUME 0x40
155 #define OHCI_USB_OPERATIONAL 0x80
156 #define OHCI_USB_SUSPEND 0xc0
157 #define OHCI_CTL_IR (1<<8)
158 #define OHCI_CTL_RWC (1<<9)
159 #define OHCI_CTL_RWE (1<<10)
160
161 #define OHCI_STATUS_HCR (1<<0)
162 #define OHCI_STATUS_CLF (1<<1)
163 #define OHCI_STATUS_BLF (1<<2)
164 #define OHCI_STATUS_OCR (1<<3)
165 #define OHCI_STATUS_SOC ((1<<6)|(1<<7))
166
167 #define OHCI_INTR_SO (1U<<0) /* Scheduling overrun */
168 #define OHCI_INTR_WD (1U<<1) /* HcDoneHead writeback */
169 #define OHCI_INTR_SF (1U<<2) /* Start of frame */
170 #define OHCI_INTR_RD (1U<<3) /* Resume detect */
171 #define OHCI_INTR_UE (1U<<4) /* Unrecoverable error */
172 #define OHCI_INTR_FNO (1U<<5) /* Frame number overflow */
173 #define OHCI_INTR_RHSC (1U<<6) /* Root hub status change */
174 #define OHCI_INTR_OC (1U<<30) /* Ownership change */
175 #define OHCI_INTR_MIE (1U<<31) /* Master Interrupt Enable */
176
177 #define OHCI_HCCA_SIZE 0x100
178 #define OHCI_HCCA_MASK 0xffffff00
179
180 #define OHCI_EDPTR_MASK 0xfffffff0
181
182 #define OHCI_FMI_FI 0x00003fff
183 #define OHCI_FMI_FSMPS 0xffff0000
184 #define OHCI_FMI_FIT 0x80000000
185
186 #define OHCI_FR_RT (1U<<31)
187
188 #define OHCI_LS_THRESH 0x628
189
190 #define OHCI_RHA_RW_MASK 0x00000000 /* Mask of supported features. */
191 #define OHCI_RHA_PSM (1<<8)
192 #define OHCI_RHA_NPS (1<<9)
193 #define OHCI_RHA_DT (1<<10)
194 #define OHCI_RHA_OCPM (1<<11)
195 #define OHCI_RHA_NOCP (1<<12)
196 #define OHCI_RHA_POTPGT_MASK 0xff000000
197
198 #define OHCI_RHS_LPS (1U<<0)
199 #define OHCI_RHS_OCI (1U<<1)
200 #define OHCI_RHS_DRWE (1U<<15)
201 #define OHCI_RHS_LPSC (1U<<16)
202 #define OHCI_RHS_OCIC (1U<<17)
203 #define OHCI_RHS_CRWE (1U<<31)
204
205 #define OHCI_PORT_CCS (1<<0)
206 #define OHCI_PORT_PES (1<<1)
207 #define OHCI_PORT_PSS (1<<2)
208 #define OHCI_PORT_POCI (1<<3)
209 #define OHCI_PORT_PRS (1<<4)
210 #define OHCI_PORT_PPS (1<<8)
211 #define OHCI_PORT_LSDA (1<<9)
212 #define OHCI_PORT_CSC (1<<16)
213 #define OHCI_PORT_PESC (1<<17)
214 #define OHCI_PORT_PSSC (1<<18)
215 #define OHCI_PORT_OCIC (1<<19)
216 #define OHCI_PORT_PRSC (1<<20)
217 #define OHCI_PORT_WTC (OHCI_PORT_CSC|OHCI_PORT_PESC|OHCI_PORT_PSSC \
218 |OHCI_PORT_OCIC|OHCI_PORT_PRSC)
219
220 #define OHCI_TD_DIR_SETUP 0x0
221 #define OHCI_TD_DIR_OUT 0x1
222 #define OHCI_TD_DIR_IN 0x2
223 #define OHCI_TD_DIR_RESERVED 0x3
224
225 #define OHCI_CC_NOERROR 0x0
226 #define OHCI_CC_CRC 0x1
227 #define OHCI_CC_BITSTUFFING 0x2
228 #define OHCI_CC_DATATOGGLEMISMATCH 0x3
229 #define OHCI_CC_STALL 0x4
230 #define OHCI_CC_DEVICENOTRESPONDING 0x5
231 #define OHCI_CC_PIDCHECKFAILURE 0x6
232 #define OHCI_CC_UNDEXPETEDPID 0x7
233 #define OHCI_CC_DATAOVERRUN 0x8
234 #define OHCI_CC_DATAUNDERRUN 0x9
235 #define OHCI_CC_BUFFEROVERRUN 0xc
236 #define OHCI_CC_BUFFERUNDERRUN 0xd
237
238 #define OHCI_HRESET_FSBIR (1 << 0)
239
ohci_die(OHCIState * ohci)240 static void ohci_die(OHCIState *ohci)
241 {
242 ohci->ohci_die(ohci);
243 }
244
245 /* Update IRQ levels */
ohci_intr_update(OHCIState * ohci)246 static inline void ohci_intr_update(OHCIState *ohci)
247 {
248 int level = 0;
249
250 if ((ohci->intr & OHCI_INTR_MIE) &&
251 (ohci->intr_status & ohci->intr))
252 level = 1;
253
254 qemu_set_irq(ohci->irq, level);
255 }
256
257 /* Set an interrupt */
ohci_set_interrupt(OHCIState * ohci,uint32_t intr)258 static inline void ohci_set_interrupt(OHCIState *ohci, uint32_t intr)
259 {
260 ohci->intr_status |= intr;
261 ohci_intr_update(ohci);
262 }
263
264 /* Attach or detach a device on a root hub port. */
ohci_attach(USBPort * port1)265 static void ohci_attach(USBPort *port1)
266 {
267 OHCIState *s = port1->opaque;
268 OHCIPort *port = &s->rhport[port1->index];
269 uint32_t old_state = port->ctrl;
270
271 /* set connect status */
272 port->ctrl |= OHCI_PORT_CCS | OHCI_PORT_CSC;
273
274 /* update speed */
275 if (port->port.dev->speed == USB_SPEED_LOW) {
276 port->ctrl |= OHCI_PORT_LSDA;
277 } else {
278 port->ctrl &= ~OHCI_PORT_LSDA;
279 }
280
281 /* notify of remote-wakeup */
282 if ((s->ctl & OHCI_CTL_HCFS) == OHCI_USB_SUSPEND) {
283 ohci_set_interrupt(s, OHCI_INTR_RD);
284 }
285
286 trace_usb_ohci_port_attach(port1->index);
287
288 if (old_state != port->ctrl) {
289 ohci_set_interrupt(s, OHCI_INTR_RHSC);
290 }
291 }
292
ohci_detach(USBPort * port1)293 static void ohci_detach(USBPort *port1)
294 {
295 OHCIState *s = port1->opaque;
296 OHCIPort *port = &s->rhport[port1->index];
297 uint32_t old_state = port->ctrl;
298
299 ohci_async_cancel_device(s, port1->dev);
300
301 /* set connect status */
302 if (port->ctrl & OHCI_PORT_CCS) {
303 port->ctrl &= ~OHCI_PORT_CCS;
304 port->ctrl |= OHCI_PORT_CSC;
305 }
306 /* disable port */
307 if (port->ctrl & OHCI_PORT_PES) {
308 port->ctrl &= ~OHCI_PORT_PES;
309 port->ctrl |= OHCI_PORT_PESC;
310 }
311 trace_usb_ohci_port_detach(port1->index);
312
313 if (old_state != port->ctrl) {
314 ohci_set_interrupt(s, OHCI_INTR_RHSC);
315 }
316 }
317
ohci_wakeup(USBPort * port1)318 static void ohci_wakeup(USBPort *port1)
319 {
320 OHCIState *s = port1->opaque;
321 OHCIPort *port = &s->rhport[port1->index];
322 uint32_t intr = 0;
323 if (port->ctrl & OHCI_PORT_PSS) {
324 trace_usb_ohci_port_wakeup(port1->index);
325 port->ctrl |= OHCI_PORT_PSSC;
326 port->ctrl &= ~OHCI_PORT_PSS;
327 intr = OHCI_INTR_RHSC;
328 }
329 /* Note that the controller can be suspended even if this port is not */
330 if ((s->ctl & OHCI_CTL_HCFS) == OHCI_USB_SUSPEND) {
331 trace_usb_ohci_remote_wakeup(s->name);
332 /* This is the one state transition the controller can do by itself */
333 s->ctl &= ~OHCI_CTL_HCFS;
334 s->ctl |= OHCI_USB_RESUME;
335 /* In suspend mode only ResumeDetected is possible, not RHSC:
336 * see the OHCI spec 5.1.2.3.
337 */
338 intr = OHCI_INTR_RD;
339 }
340 ohci_set_interrupt(s, intr);
341 }
342
ohci_child_detach(USBPort * port1,USBDevice * child)343 static void ohci_child_detach(USBPort *port1, USBDevice *child)
344 {
345 OHCIState *s = port1->opaque;
346
347 ohci_async_cancel_device(s, child);
348 }
349
ohci_find_device(OHCIState * ohci,uint8_t addr)350 static USBDevice *ohci_find_device(OHCIState *ohci, uint8_t addr)
351 {
352 USBDevice *dev;
353 int i;
354
355 for (i = 0; i < ohci->num_ports; i++) {
356 if ((ohci->rhport[i].ctrl & OHCI_PORT_PES) == 0) {
357 continue;
358 }
359 dev = usb_find_device(&ohci->rhport[i].port, addr);
360 if (dev != NULL) {
361 return dev;
362 }
363 }
364 return NULL;
365 }
366
ohci_stop_endpoints(OHCIState * ohci)367 void ohci_stop_endpoints(OHCIState *ohci)
368 {
369 USBDevice *dev;
370 int i, j;
371
372 for (i = 0; i < ohci->num_ports; i++) {
373 dev = ohci->rhport[i].port.dev;
374 if (dev && dev->attached) {
375 usb_device_ep_stopped(dev, &dev->ep_ctl);
376 for (j = 0; j < USB_MAX_ENDPOINTS; j++) {
377 usb_device_ep_stopped(dev, &dev->ep_in[j]);
378 usb_device_ep_stopped(dev, &dev->ep_out[j]);
379 }
380 }
381 }
382 }
383
ohci_roothub_reset(OHCIState * ohci)384 static void ohci_roothub_reset(OHCIState *ohci)
385 {
386 OHCIPort *port;
387 int i;
388
389 ohci_bus_stop(ohci);
390 ohci->rhdesc_a = OHCI_RHA_NPS | ohci->num_ports;
391 ohci->rhdesc_b = 0x0; /* Impl. specific */
392 ohci->rhstatus = 0;
393
394 for (i = 0; i < ohci->num_ports; i++) {
395 port = &ohci->rhport[i];
396 port->ctrl = 0;
397 if (port->port.dev && port->port.dev->attached) {
398 usb_port_reset(&port->port);
399 }
400 }
401 if (ohci->async_td) {
402 usb_cancel_packet(&ohci->usb_packet);
403 ohci->async_td = 0;
404 }
405 ohci_stop_endpoints(ohci);
406 }
407
408 /* Reset the controller */
ohci_soft_reset(OHCIState * ohci)409 static void ohci_soft_reset(OHCIState *ohci)
410 {
411 trace_usb_ohci_reset(ohci->name);
412
413 ohci_bus_stop(ohci);
414 ohci->ctl = (ohci->ctl & OHCI_CTL_IR) | OHCI_USB_SUSPEND;
415 ohci->old_ctl = 0;
416 ohci->status = 0;
417 ohci->intr_status = 0;
418 ohci->intr = OHCI_INTR_MIE;
419
420 ohci->hcca = 0;
421 ohci->ctrl_head = ohci->ctrl_cur = 0;
422 ohci->bulk_head = ohci->bulk_cur = 0;
423 ohci->per_cur = 0;
424 ohci->done = 0;
425 ohci->done_count = 7;
426
427 /* FSMPS is marked TBD in OCHI 1.0, what gives ffs?
428 * I took the value linux sets ...
429 */
430 ohci->fsmps = 0x2778;
431 ohci->fi = 0x2edf;
432 ohci->fit = 0;
433 ohci->frt = 0;
434 ohci->frame_number = 0;
435 ohci->pstart = 0;
436 ohci->lst = OHCI_LS_THRESH;
437 }
438
ohci_hard_reset(OHCIState * ohci)439 void ohci_hard_reset(OHCIState *ohci)
440 {
441 ohci_soft_reset(ohci);
442 ohci->ctl = 0;
443 ohci_roothub_reset(ohci);
444 }
445
446 /* Get an array of dwords from main memory */
get_dwords(OHCIState * ohci,dma_addr_t addr,uint32_t * buf,int num)447 static inline int get_dwords(OHCIState *ohci,
448 dma_addr_t addr, uint32_t *buf, int num)
449 {
450 int i;
451
452 addr += ohci->localmem_base;
453
454 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
455 if (dma_memory_read(ohci->as, addr, buf, sizeof(*buf))) {
456 return -1;
457 }
458 *buf = le32_to_cpu(*buf);
459 }
460
461 return 0;
462 }
463
464 /* Put an array of dwords in to main memory */
put_dwords(OHCIState * ohci,dma_addr_t addr,uint32_t * buf,int num)465 static inline int put_dwords(OHCIState *ohci,
466 dma_addr_t addr, uint32_t *buf, int num)
467 {
468 int i;
469
470 addr += ohci->localmem_base;
471
472 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
473 uint32_t tmp = cpu_to_le32(*buf);
474 if (dma_memory_write(ohci->as, addr, &tmp, sizeof(tmp))) {
475 return -1;
476 }
477 }
478
479 return 0;
480 }
481
482 /* Get an array of words from main memory */
get_words(OHCIState * ohci,dma_addr_t addr,uint16_t * buf,int num)483 static inline int get_words(OHCIState *ohci,
484 dma_addr_t addr, uint16_t *buf, int num)
485 {
486 int i;
487
488 addr += ohci->localmem_base;
489
490 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
491 if (dma_memory_read(ohci->as, addr, buf, sizeof(*buf))) {
492 return -1;
493 }
494 *buf = le16_to_cpu(*buf);
495 }
496
497 return 0;
498 }
499
500 /* Put an array of words in to main memory */
put_words(OHCIState * ohci,dma_addr_t addr,uint16_t * buf,int num)501 static inline int put_words(OHCIState *ohci,
502 dma_addr_t addr, uint16_t *buf, int num)
503 {
504 int i;
505
506 addr += ohci->localmem_base;
507
508 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
509 uint16_t tmp = cpu_to_le16(*buf);
510 if (dma_memory_write(ohci->as, addr, &tmp, sizeof(tmp))) {
511 return -1;
512 }
513 }
514
515 return 0;
516 }
517
ohci_read_ed(OHCIState * ohci,dma_addr_t addr,struct ohci_ed * ed)518 static inline int ohci_read_ed(OHCIState *ohci,
519 dma_addr_t addr, struct ohci_ed *ed)
520 {
521 return get_dwords(ohci, addr, (uint32_t *)ed, sizeof(*ed) >> 2);
522 }
523
ohci_read_td(OHCIState * ohci,dma_addr_t addr,struct ohci_td * td)524 static inline int ohci_read_td(OHCIState *ohci,
525 dma_addr_t addr, struct ohci_td *td)
526 {
527 return get_dwords(ohci, addr, (uint32_t *)td, sizeof(*td) >> 2);
528 }
529
ohci_read_iso_td(OHCIState * ohci,dma_addr_t addr,struct ohci_iso_td * td)530 static inline int ohci_read_iso_td(OHCIState *ohci,
531 dma_addr_t addr, struct ohci_iso_td *td)
532 {
533 return get_dwords(ohci, addr, (uint32_t *)td, 4) ||
534 get_words(ohci, addr + 16, td->offset, 8);
535 }
536
ohci_read_hcca(OHCIState * ohci,dma_addr_t addr,struct ohci_hcca * hcca)537 static inline int ohci_read_hcca(OHCIState *ohci,
538 dma_addr_t addr, struct ohci_hcca *hcca)
539 {
540 return dma_memory_read(ohci->as, addr + ohci->localmem_base,
541 hcca, sizeof(*hcca));
542 }
543
ohci_put_ed(OHCIState * ohci,dma_addr_t addr,struct ohci_ed * ed)544 static inline int ohci_put_ed(OHCIState *ohci,
545 dma_addr_t addr, struct ohci_ed *ed)
546 {
547 /* ed->tail is under control of the HCD.
548 * Since just ed->head is changed by HC, just write back this
549 */
550
551 return put_dwords(ohci, addr + ED_WBACK_OFFSET,
552 (uint32_t *)((char *)ed + ED_WBACK_OFFSET),
553 ED_WBACK_SIZE >> 2);
554 }
555
ohci_put_td(OHCIState * ohci,dma_addr_t addr,struct ohci_td * td)556 static inline int ohci_put_td(OHCIState *ohci,
557 dma_addr_t addr, struct ohci_td *td)
558 {
559 return put_dwords(ohci, addr, (uint32_t *)td, sizeof(*td) >> 2);
560 }
561
ohci_put_iso_td(OHCIState * ohci,dma_addr_t addr,struct ohci_iso_td * td)562 static inline int ohci_put_iso_td(OHCIState *ohci,
563 dma_addr_t addr, struct ohci_iso_td *td)
564 {
565 return put_dwords(ohci, addr, (uint32_t *)td, 4) ||
566 put_words(ohci, addr + 16, td->offset, 8);
567 }
568
ohci_put_hcca(OHCIState * ohci,dma_addr_t addr,struct ohci_hcca * hcca)569 static inline int ohci_put_hcca(OHCIState *ohci,
570 dma_addr_t addr, struct ohci_hcca *hcca)
571 {
572 return dma_memory_write(ohci->as,
573 addr + ohci->localmem_base + HCCA_WRITEBACK_OFFSET,
574 (char *)hcca + HCCA_WRITEBACK_OFFSET,
575 HCCA_WRITEBACK_SIZE);
576 }
577
578 /* Read/Write the contents of a TD from/to main memory. */
ohci_copy_td(OHCIState * ohci,struct ohci_td * td,uint8_t * buf,int len,DMADirection dir)579 static int ohci_copy_td(OHCIState *ohci, struct ohci_td *td,
580 uint8_t *buf, int len, DMADirection dir)
581 {
582 dma_addr_t ptr, n;
583
584 ptr = td->cbp;
585 n = 0x1000 - (ptr & 0xfff);
586 if (n > len)
587 n = len;
588
589 if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf, n, dir)) {
590 return -1;
591 }
592 if (n == len) {
593 return 0;
594 }
595 ptr = td->be & ~0xfffu;
596 buf += n;
597 if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf,
598 len - n, dir)) {
599 return -1;
600 }
601 return 0;
602 }
603
604 /* Read/Write the contents of an ISO TD from/to main memory. */
ohci_copy_iso_td(OHCIState * ohci,uint32_t start_addr,uint32_t end_addr,uint8_t * buf,int len,DMADirection dir)605 static int ohci_copy_iso_td(OHCIState *ohci,
606 uint32_t start_addr, uint32_t end_addr,
607 uint8_t *buf, int len, DMADirection dir)
608 {
609 dma_addr_t ptr, n;
610
611 ptr = start_addr;
612 n = 0x1000 - (ptr & 0xfff);
613 if (n > len)
614 n = len;
615
616 if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf, n, dir)) {
617 return -1;
618 }
619 if (n == len) {
620 return 0;
621 }
622 ptr = end_addr & ~0xfffu;
623 buf += n;
624 if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf,
625 len - n, dir)) {
626 return -1;
627 }
628 return 0;
629 }
630
631 static void ohci_process_lists(OHCIState *ohci, int completion);
632
ohci_async_complete_packet(USBPort * port,USBPacket * packet)633 static void ohci_async_complete_packet(USBPort *port, USBPacket *packet)
634 {
635 OHCIState *ohci = container_of(packet, OHCIState, usb_packet);
636
637 trace_usb_ohci_async_complete();
638 ohci->async_complete = true;
639 ohci_process_lists(ohci, 1);
640 }
641
642 #define USUB(a, b) ((int16_t)((uint16_t)(a) - (uint16_t)(b)))
643
ohci_service_iso_td(OHCIState * ohci,struct ohci_ed * ed,int completion)644 static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
645 int completion)
646 {
647 int dir;
648 size_t len = 0;
649 const char *str = NULL;
650 int pid;
651 int ret;
652 int i;
653 USBDevice *dev;
654 USBEndpoint *ep;
655 struct ohci_iso_td iso_td;
656 uint32_t addr;
657 uint16_t starting_frame;
658 int16_t relative_frame_number;
659 int frame_count;
660 uint32_t start_offset, next_offset, end_offset = 0;
661 uint32_t start_addr, end_addr;
662
663 addr = ed->head & OHCI_DPTR_MASK;
664
665 if (ohci_read_iso_td(ohci, addr, &iso_td)) {
666 trace_usb_ohci_iso_td_read_failed(addr);
667 ohci_die(ohci);
668 return 1;
669 }
670
671 starting_frame = OHCI_BM(iso_td.flags, TD_SF);
672 frame_count = OHCI_BM(iso_td.flags, TD_FC);
673 relative_frame_number = USUB(ohci->frame_number, starting_frame);
674
675 trace_usb_ohci_iso_td_head(
676 ed->head & OHCI_DPTR_MASK, ed->tail & OHCI_DPTR_MASK,
677 iso_td.flags, iso_td.bp, iso_td.next, iso_td.be,
678 ohci->frame_number, starting_frame,
679 frame_count, relative_frame_number);
680 trace_usb_ohci_iso_td_head_offset(
681 iso_td.offset[0], iso_td.offset[1],
682 iso_td.offset[2], iso_td.offset[3],
683 iso_td.offset[4], iso_td.offset[5],
684 iso_td.offset[6], iso_td.offset[7]);
685
686 if (relative_frame_number < 0) {
687 trace_usb_ohci_iso_td_relative_frame_number_neg(relative_frame_number);
688 return 1;
689 } else if (relative_frame_number > frame_count) {
690 /* ISO TD expired - retire the TD to the Done Queue and continue with
691 the next ISO TD of the same ED */
692 trace_usb_ohci_iso_td_relative_frame_number_big(relative_frame_number,
693 frame_count);
694 if (OHCI_CC_DATAOVERRUN == OHCI_BM(iso_td.flags, TD_CC)) {
695 /* avoid infinite loop */
696 return 1;
697 }
698 OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_DATAOVERRUN);
699 ed->head &= ~OHCI_DPTR_MASK;
700 ed->head |= (iso_td.next & OHCI_DPTR_MASK);
701 iso_td.next = ohci->done;
702 ohci->done = addr;
703 i = OHCI_BM(iso_td.flags, TD_DI);
704 if (i < ohci->done_count)
705 ohci->done_count = i;
706 if (ohci_put_iso_td(ohci, addr, &iso_td)) {
707 ohci_die(ohci);
708 return 1;
709 }
710 return 0;
711 }
712
713 dir = OHCI_BM(ed->flags, ED_D);
714 switch (dir) {
715 case OHCI_TD_DIR_IN:
716 str = "in";
717 pid = USB_TOKEN_IN;
718 break;
719 case OHCI_TD_DIR_OUT:
720 str = "out";
721 pid = USB_TOKEN_OUT;
722 break;
723 case OHCI_TD_DIR_SETUP:
724 str = "setup";
725 pid = USB_TOKEN_SETUP;
726 break;
727 default:
728 trace_usb_ohci_iso_td_bad_direction(dir);
729 return 1;
730 }
731
732 if (!iso_td.bp || !iso_td.be) {
733 trace_usb_ohci_iso_td_bad_bp_be(iso_td.bp, iso_td.be);
734 return 1;
735 }
736
737 start_offset = iso_td.offset[relative_frame_number];
738 if (relative_frame_number < frame_count) {
739 next_offset = iso_td.offset[relative_frame_number + 1];
740 } else {
741 next_offset = iso_td.be;
742 }
743
744 if (!(OHCI_BM(start_offset, TD_PSW_CC) & 0xe) ||
745 ((relative_frame_number < frame_count) &&
746 !(OHCI_BM(next_offset, TD_PSW_CC) & 0xe))) {
747 trace_usb_ohci_iso_td_bad_cc_not_accessed(start_offset, next_offset);
748 return 1;
749 }
750
751 if ((relative_frame_number < frame_count) && (start_offset > next_offset)) {
752 trace_usb_ohci_iso_td_bad_cc_overrun(start_offset, next_offset);
753 return 1;
754 }
755
756 if ((start_offset & 0x1000) == 0) {
757 start_addr = (iso_td.bp & OHCI_PAGE_MASK) |
758 (start_offset & OHCI_OFFSET_MASK);
759 } else {
760 start_addr = (iso_td.be & OHCI_PAGE_MASK) |
761 (start_offset & OHCI_OFFSET_MASK);
762 }
763
764 if (relative_frame_number < frame_count) {
765 end_offset = next_offset - 1;
766 if ((end_offset & 0x1000) == 0) {
767 end_addr = (iso_td.bp & OHCI_PAGE_MASK) |
768 (end_offset & OHCI_OFFSET_MASK);
769 } else {
770 end_addr = (iso_td.be & OHCI_PAGE_MASK) |
771 (end_offset & OHCI_OFFSET_MASK);
772 }
773 } else {
774 /* Last packet in the ISO TD */
775 end_addr = next_offset;
776 }
777
778 if (start_addr > end_addr) {
779 trace_usb_ohci_iso_td_bad_cc_overrun(start_addr, end_addr);
780 return 1;
781 }
782
783 if ((start_addr & OHCI_PAGE_MASK) != (end_addr & OHCI_PAGE_MASK)) {
784 len = (end_addr & OHCI_OFFSET_MASK) + 0x1001
785 - (start_addr & OHCI_OFFSET_MASK);
786 } else {
787 len = end_addr - start_addr + 1;
788 }
789 if (len > sizeof(ohci->usb_buf)) {
790 len = sizeof(ohci->usb_buf);
791 }
792
793 if (len && dir != OHCI_TD_DIR_IN) {
794 if (ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, len,
795 DMA_DIRECTION_TO_DEVICE)) {
796 ohci_die(ohci);
797 return 1;
798 }
799 }
800
801 if (!completion) {
802 bool int_req = relative_frame_number == frame_count &&
803 OHCI_BM(iso_td.flags, TD_DI) == 0;
804 dev = ohci_find_device(ohci, OHCI_BM(ed->flags, ED_FA));
805 if (dev == NULL) {
806 trace_usb_ohci_td_dev_error();
807 return 1;
808 }
809 ep = usb_ep_get(dev, pid, OHCI_BM(ed->flags, ED_EN));
810 usb_packet_setup(&ohci->usb_packet, pid, ep, 0, addr, false, int_req);
811 usb_packet_addbuf(&ohci->usb_packet, ohci->usb_buf, len);
812 usb_handle_packet(dev, &ohci->usb_packet);
813 if (ohci->usb_packet.status == USB_RET_ASYNC) {
814 usb_device_flush_ep_queue(dev, ep);
815 return 1;
816 }
817 }
818 if (ohci->usb_packet.status == USB_RET_SUCCESS) {
819 ret = ohci->usb_packet.actual_length;
820 } else {
821 ret = ohci->usb_packet.status;
822 }
823
824 trace_usb_ohci_iso_td_so(start_offset, end_offset, start_addr, end_addr,
825 str, len, ret);
826
827 /* Writeback */
828 if (dir == OHCI_TD_DIR_IN && ret >= 0 && ret <= len) {
829 /* IN transfer succeeded */
830 if (ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, ret,
831 DMA_DIRECTION_FROM_DEVICE)) {
832 ohci_die(ohci);
833 return 1;
834 }
835 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
836 OHCI_CC_NOERROR);
837 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE, ret);
838 } else if (dir == OHCI_TD_DIR_OUT && ret == len) {
839 /* OUT transfer succeeded */
840 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
841 OHCI_CC_NOERROR);
842 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE, 0);
843 } else {
844 if (ret > (ssize_t) len) {
845 trace_usb_ohci_iso_td_data_overrun(ret, len);
846 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
847 OHCI_CC_DATAOVERRUN);
848 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
849 len);
850 } else if (ret >= 0) {
851 trace_usb_ohci_iso_td_data_underrun(ret);
852 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
853 OHCI_CC_DATAUNDERRUN);
854 } else {
855 switch (ret) {
856 case USB_RET_IOERROR:
857 case USB_RET_NODEV:
858 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
859 OHCI_CC_DEVICENOTRESPONDING);
860 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
861 0);
862 break;
863 case USB_RET_NAK:
864 case USB_RET_STALL:
865 trace_usb_ohci_iso_td_nak(ret);
866 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
867 OHCI_CC_STALL);
868 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
869 0);
870 break;
871 default:
872 trace_usb_ohci_iso_td_bad_response(ret);
873 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
874 OHCI_CC_UNDEXPETEDPID);
875 break;
876 }
877 }
878 }
879
880 if (relative_frame_number == frame_count) {
881 /* Last data packet of ISO TD - retire the TD to the Done Queue */
882 OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_NOERROR);
883 ed->head &= ~OHCI_DPTR_MASK;
884 ed->head |= (iso_td.next & OHCI_DPTR_MASK);
885 iso_td.next = ohci->done;
886 ohci->done = addr;
887 i = OHCI_BM(iso_td.flags, TD_DI);
888 if (i < ohci->done_count)
889 ohci->done_count = i;
890 }
891 if (ohci_put_iso_td(ohci, addr, &iso_td)) {
892 ohci_die(ohci);
893 }
894 return 1;
895 }
896
ohci_td_pkt(const char * msg,const uint8_t * buf,size_t len)897 static void ohci_td_pkt(const char *msg, const uint8_t *buf, size_t len)
898 {
899 bool print16;
900 bool printall;
901 const int width = 16;
902 int i;
903 char tmp[3 * width + 1];
904 char *p = tmp;
905
906 print16 = !!trace_event_get_state_backends(TRACE_USB_OHCI_TD_PKT_SHORT);
907 printall = !!trace_event_get_state_backends(TRACE_USB_OHCI_TD_PKT_FULL);
908
909 if (!printall && !print16) {
910 return;
911 }
912
913 for (i = 0; ; i++) {
914 if (i && (!(i % width) || (i == len))) {
915 if (!printall) {
916 trace_usb_ohci_td_pkt_short(msg, tmp);
917 break;
918 }
919 trace_usb_ohci_td_pkt_full(msg, tmp);
920 p = tmp;
921 *p = 0;
922 }
923 if (i == len) {
924 break;
925 }
926
927 p += sprintf(p, " %.2x", buf[i]);
928 }
929 }
930
931 /* Service a transport descriptor.
932 Returns nonzero to terminate processing of this endpoint. */
933
ohci_service_td(OHCIState * ohci,struct ohci_ed * ed)934 static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed)
935 {
936 int dir;
937 size_t len = 0, pktlen = 0;
938 const char *str = NULL;
939 int pid;
940 int ret;
941 int i;
942 USBDevice *dev;
943 USBEndpoint *ep;
944 struct ohci_td td;
945 uint32_t addr;
946 int flag_r;
947 int completion;
948
949 addr = ed->head & OHCI_DPTR_MASK;
950 /* See if this TD has already been submitted to the device. */
951 completion = (addr == ohci->async_td);
952 if (completion && !ohci->async_complete) {
953 trace_usb_ohci_td_skip_async();
954 return 1;
955 }
956 if (ohci_read_td(ohci, addr, &td)) {
957 trace_usb_ohci_td_read_error(addr);
958 ohci_die(ohci);
959 return 1;
960 }
961
962 dir = OHCI_BM(ed->flags, ED_D);
963 switch (dir) {
964 case OHCI_TD_DIR_OUT:
965 case OHCI_TD_DIR_IN:
966 /* Same value. */
967 break;
968 default:
969 dir = OHCI_BM(td.flags, TD_DP);
970 break;
971 }
972
973 switch (dir) {
974 case OHCI_TD_DIR_IN:
975 str = "in";
976 pid = USB_TOKEN_IN;
977 break;
978 case OHCI_TD_DIR_OUT:
979 str = "out";
980 pid = USB_TOKEN_OUT;
981 break;
982 case OHCI_TD_DIR_SETUP:
983 str = "setup";
984 pid = USB_TOKEN_SETUP;
985 break;
986 default:
987 trace_usb_ohci_td_bad_direction(dir);
988 return 1;
989 }
990 if (td.cbp && td.be) {
991 if ((td.cbp & 0xfffff000) != (td.be & 0xfffff000)) {
992 len = (td.be & 0xfff) + 0x1001 - (td.cbp & 0xfff);
993 } else {
994 if (td.cbp > td.be) {
995 trace_usb_ohci_iso_td_bad_cc_overrun(td.cbp, td.be);
996 ohci_die(ohci);
997 return 1;
998 }
999 len = (td.be - td.cbp) + 1;
1000 }
1001 if (len > sizeof(ohci->usb_buf)) {
1002 len = sizeof(ohci->usb_buf);
1003 }
1004
1005 pktlen = len;
1006 if (len && dir != OHCI_TD_DIR_IN) {
1007 /* The endpoint may not allow us to transfer it all now */
1008 pktlen = (ed->flags & OHCI_ED_MPS_MASK) >> OHCI_ED_MPS_SHIFT;
1009 if (pktlen > len) {
1010 pktlen = len;
1011 }
1012 if (!completion) {
1013 if (ohci_copy_td(ohci, &td, ohci->usb_buf, pktlen,
1014 DMA_DIRECTION_TO_DEVICE)) {
1015 ohci_die(ohci);
1016 }
1017 }
1018 }
1019 }
1020
1021 flag_r = (td.flags & OHCI_TD_R) != 0;
1022 trace_usb_ohci_td_pkt_hdr(addr, (int64_t)pktlen, (int64_t)len, str,
1023 flag_r, td.cbp, td.be);
1024 ohci_td_pkt("OUT", ohci->usb_buf, pktlen);
1025
1026 if (completion) {
1027 ohci->async_td = 0;
1028 ohci->async_complete = false;
1029 } else {
1030 if (ohci->async_td) {
1031 /* ??? The hardware should allow one active packet per
1032 endpoint. We only allow one active packet per controller.
1033 This should be sufficient as long as devices respond in a
1034 timely manner.
1035 */
1036 trace_usb_ohci_td_too_many_pending();
1037 return 1;
1038 }
1039 dev = ohci_find_device(ohci, OHCI_BM(ed->flags, ED_FA));
1040 if (dev == NULL) {
1041 trace_usb_ohci_td_dev_error();
1042 return 1;
1043 }
1044 ep = usb_ep_get(dev, pid, OHCI_BM(ed->flags, ED_EN));
1045 usb_packet_setup(&ohci->usb_packet, pid, ep, 0, addr, !flag_r,
1046 OHCI_BM(td.flags, TD_DI) == 0);
1047 usb_packet_addbuf(&ohci->usb_packet, ohci->usb_buf, pktlen);
1048 usb_handle_packet(dev, &ohci->usb_packet);
1049 trace_usb_ohci_td_packet_status(ohci->usb_packet.status);
1050
1051 if (ohci->usb_packet.status == USB_RET_ASYNC) {
1052 usb_device_flush_ep_queue(dev, ep);
1053 ohci->async_td = addr;
1054 return 1;
1055 }
1056 }
1057 if (ohci->usb_packet.status == USB_RET_SUCCESS) {
1058 ret = ohci->usb_packet.actual_length;
1059 } else {
1060 ret = ohci->usb_packet.status;
1061 }
1062
1063 if (ret >= 0) {
1064 if (dir == OHCI_TD_DIR_IN) {
1065 if (ohci_copy_td(ohci, &td, ohci->usb_buf, ret,
1066 DMA_DIRECTION_FROM_DEVICE)) {
1067 ohci_die(ohci);
1068 }
1069 ohci_td_pkt("IN", ohci->usb_buf, pktlen);
1070 } else {
1071 ret = pktlen;
1072 }
1073 }
1074
1075 /* Writeback */
1076 if (ret == pktlen || (dir == OHCI_TD_DIR_IN && ret >= 0 && flag_r)) {
1077 /* Transmission succeeded. */
1078 if (ret == len) {
1079 td.cbp = 0;
1080 } else {
1081 if ((td.cbp & 0xfff) + ret > 0xfff) {
1082 td.cbp = (td.be & ~0xfff) + ((td.cbp + ret) & 0xfff);
1083 } else {
1084 td.cbp += ret;
1085 }
1086 }
1087 td.flags |= OHCI_TD_T1;
1088 td.flags ^= OHCI_TD_T0;
1089 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_NOERROR);
1090 OHCI_SET_BM(td.flags, TD_EC, 0);
1091
1092 if ((dir != OHCI_TD_DIR_IN) && (ret != len)) {
1093 /* Partial packet transfer: TD not ready to retire yet */
1094 goto exit_no_retire;
1095 }
1096
1097 /* Setting ED_C is part of the TD retirement process */
1098 ed->head &= ~OHCI_ED_C;
1099 if (td.flags & OHCI_TD_T0)
1100 ed->head |= OHCI_ED_C;
1101 } else {
1102 if (ret >= 0) {
1103 trace_usb_ohci_td_underrun();
1104 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DATAUNDERRUN);
1105 } else {
1106 switch (ret) {
1107 case USB_RET_IOERROR:
1108 case USB_RET_NODEV:
1109 trace_usb_ohci_td_dev_error();
1110 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DEVICENOTRESPONDING);
1111 break;
1112 case USB_RET_NAK:
1113 trace_usb_ohci_td_nak();
1114 return 1;
1115 case USB_RET_STALL:
1116 trace_usb_ohci_td_stall();
1117 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_STALL);
1118 break;
1119 case USB_RET_BABBLE:
1120 trace_usb_ohci_td_babble();
1121 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DATAOVERRUN);
1122 break;
1123 default:
1124 trace_usb_ohci_td_bad_device_response(ret);
1125 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_UNDEXPETEDPID);
1126 OHCI_SET_BM(td.flags, TD_EC, 3);
1127 break;
1128 }
1129 /* An error occurred so we have to clear the interrupt counter. See
1130 * spec at 6.4.4 on page 104 */
1131 ohci->done_count = 0;
1132 }
1133 ed->head |= OHCI_ED_H;
1134 }
1135
1136 /* Retire this TD */
1137 ed->head &= ~OHCI_DPTR_MASK;
1138 ed->head |= td.next & OHCI_DPTR_MASK;
1139 td.next = ohci->done;
1140 ohci->done = addr;
1141 i = OHCI_BM(td.flags, TD_DI);
1142 if (i < ohci->done_count)
1143 ohci->done_count = i;
1144 exit_no_retire:
1145 if (ohci_put_td(ohci, addr, &td)) {
1146 ohci_die(ohci);
1147 return 1;
1148 }
1149 return OHCI_BM(td.flags, TD_CC) != OHCI_CC_NOERROR;
1150 }
1151
1152 /* Service an endpoint list. Returns nonzero if active TD were found. */
ohci_service_ed_list(OHCIState * ohci,uint32_t head,int completion)1153 static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
1154 {
1155 struct ohci_ed ed;
1156 uint32_t next_ed;
1157 uint32_t cur;
1158 int active;
1159 uint32_t link_cnt = 0;
1160 active = 0;
1161
1162 if (head == 0)
1163 return 0;
1164
1165 for (cur = head; cur && link_cnt++ < ED_LINK_LIMIT; cur = next_ed) {
1166 if (ohci_read_ed(ohci, cur, &ed)) {
1167 trace_usb_ohci_ed_read_error(cur);
1168 ohci_die(ohci);
1169 return 0;
1170 }
1171
1172 next_ed = ed.next & OHCI_DPTR_MASK;
1173
1174 if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) {
1175 uint32_t addr;
1176 /* Cancel pending packets for ED that have been paused. */
1177 addr = ed.head & OHCI_DPTR_MASK;
1178 if (ohci->async_td && addr == ohci->async_td) {
1179 usb_cancel_packet(&ohci->usb_packet);
1180 ohci->async_td = 0;
1181 usb_device_ep_stopped(ohci->usb_packet.ep->dev,
1182 ohci->usb_packet.ep);
1183 }
1184 continue;
1185 }
1186
1187 while ((ed.head & OHCI_DPTR_MASK) != ed.tail) {
1188 trace_usb_ohci_ed_pkt(cur, (ed.head & OHCI_ED_H) != 0,
1189 (ed.head & OHCI_ED_C) != 0, ed.head & OHCI_DPTR_MASK,
1190 ed.tail & OHCI_DPTR_MASK, ed.next & OHCI_DPTR_MASK);
1191 trace_usb_ohci_ed_pkt_flags(
1192 OHCI_BM(ed.flags, ED_FA), OHCI_BM(ed.flags, ED_EN),
1193 OHCI_BM(ed.flags, ED_D), (ed.flags & OHCI_ED_S)!= 0,
1194 (ed.flags & OHCI_ED_K) != 0, (ed.flags & OHCI_ED_F) != 0,
1195 OHCI_BM(ed.flags, ED_MPS));
1196
1197 active = 1;
1198
1199 if ((ed.flags & OHCI_ED_F) == 0) {
1200 if (ohci_service_td(ohci, &ed))
1201 break;
1202 } else {
1203 /* Handle isochronous endpoints */
1204 if (ohci_service_iso_td(ohci, &ed, completion))
1205 break;
1206 }
1207 }
1208
1209 if (ohci_put_ed(ohci, cur, &ed)) {
1210 ohci_die(ohci);
1211 return 0;
1212 }
1213 }
1214
1215 return active;
1216 }
1217
1218 /* set a timer for EOF */
ohci_eof_timer(OHCIState * ohci)1219 static void ohci_eof_timer(OHCIState *ohci)
1220 {
1221 timer_mod(ohci->eof_timer, ohci->sof_time + usb_frame_time);
1222 }
1223 /* Set a timer for EOF and generate a SOF event */
ohci_sof(OHCIState * ohci)1224 static void ohci_sof(OHCIState *ohci)
1225 {
1226 ohci->sof_time += usb_frame_time;
1227 ohci_eof_timer(ohci);
1228 ohci_set_interrupt(ohci, OHCI_INTR_SF);
1229 }
1230
1231 /* Process Control and Bulk lists. */
ohci_process_lists(OHCIState * ohci,int completion)1232 static void ohci_process_lists(OHCIState *ohci, int completion)
1233 {
1234 if ((ohci->ctl & OHCI_CTL_CLE) && (ohci->status & OHCI_STATUS_CLF)) {
1235 if (ohci->ctrl_cur && ohci->ctrl_cur != ohci->ctrl_head) {
1236 trace_usb_ohci_process_lists(ohci->ctrl_head, ohci->ctrl_cur);
1237 }
1238 if (!ohci_service_ed_list(ohci, ohci->ctrl_head, completion)) {
1239 ohci->ctrl_cur = 0;
1240 ohci->status &= ~OHCI_STATUS_CLF;
1241 }
1242 }
1243
1244 if ((ohci->ctl & OHCI_CTL_BLE) && (ohci->status & OHCI_STATUS_BLF)) {
1245 if (!ohci_service_ed_list(ohci, ohci->bulk_head, completion)) {
1246 ohci->bulk_cur = 0;
1247 ohci->status &= ~OHCI_STATUS_BLF;
1248 }
1249 }
1250 }
1251
1252 /* Do frame processing on frame boundary */
ohci_frame_boundary(void * opaque)1253 static void ohci_frame_boundary(void *opaque)
1254 {
1255 OHCIState *ohci = opaque;
1256 struct ohci_hcca hcca;
1257
1258 if (ohci_read_hcca(ohci, ohci->hcca, &hcca)) {
1259 trace_usb_ohci_hcca_read_error(ohci->hcca);
1260 ohci_die(ohci);
1261 return;
1262 }
1263
1264 /* Process all the lists at the end of the frame */
1265 if (ohci->ctl & OHCI_CTL_PLE) {
1266 int n;
1267
1268 n = ohci->frame_number & 0x1f;
1269 ohci_service_ed_list(ohci, le32_to_cpu(hcca.intr[n]), 0);
1270 }
1271
1272 /* Cancel all pending packets if either of the lists has been disabled. */
1273 if (ohci->old_ctl & (~ohci->ctl) & (OHCI_CTL_BLE | OHCI_CTL_CLE)) {
1274 if (ohci->async_td) {
1275 usb_cancel_packet(&ohci->usb_packet);
1276 ohci->async_td = 0;
1277 }
1278 ohci_stop_endpoints(ohci);
1279 }
1280 ohci->old_ctl = ohci->ctl;
1281 ohci_process_lists(ohci, 0);
1282
1283 /* Stop if UnrecoverableError happened or ohci_sof will crash */
1284 if (ohci->intr_status & OHCI_INTR_UE) {
1285 return;
1286 }
1287
1288 /* Frame boundary, so do EOF stuf here */
1289 ohci->frt = ohci->fit;
1290
1291 /* Increment frame number and take care of endianness. */
1292 ohci->frame_number = (ohci->frame_number + 1) & 0xffff;
1293 hcca.frame = cpu_to_le16(ohci->frame_number);
1294
1295 if (ohci->done_count == 0 && !(ohci->intr_status & OHCI_INTR_WD)) {
1296 if (!ohci->done)
1297 abort();
1298 if (ohci->intr & ohci->intr_status)
1299 ohci->done |= 1;
1300 hcca.done = cpu_to_le32(ohci->done);
1301 ohci->done = 0;
1302 ohci->done_count = 7;
1303 ohci_set_interrupt(ohci, OHCI_INTR_WD);
1304 }
1305
1306 if (ohci->done_count != 7 && ohci->done_count != 0)
1307 ohci->done_count--;
1308
1309 /* Do SOF stuff here */
1310 ohci_sof(ohci);
1311
1312 /* Writeback HCCA */
1313 if (ohci_put_hcca(ohci, ohci->hcca, &hcca)) {
1314 ohci_die(ohci);
1315 }
1316 }
1317
1318 /* Start sending SOF tokens across the USB bus, lists are processed in
1319 * next frame
1320 */
ohci_bus_start(OHCIState * ohci)1321 static int ohci_bus_start(OHCIState *ohci)
1322 {
1323 trace_usb_ohci_start(ohci->name);
1324
1325 /* Delay the first SOF event by one frame time as
1326 * linux driver is not ready to receive it and
1327 * can meet some race conditions
1328 */
1329
1330 ohci->sof_time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
1331 ohci_eof_timer(ohci);
1332
1333 return 1;
1334 }
1335
1336 /* Stop sending SOF tokens on the bus */
ohci_bus_stop(OHCIState * ohci)1337 void ohci_bus_stop(OHCIState *ohci)
1338 {
1339 trace_usb_ohci_stop(ohci->name);
1340 timer_del(ohci->eof_timer);
1341 }
1342
1343 /* Sets a flag in a port status register but only set it if the port is
1344 * connected, if not set ConnectStatusChange flag. If flag is enabled
1345 * return 1.
1346 */
ohci_port_set_if_connected(OHCIState * ohci,int i,uint32_t val)1347 static int ohci_port_set_if_connected(OHCIState *ohci, int i, uint32_t val)
1348 {
1349 int ret = 1;
1350
1351 /* writing a 0 has no effect */
1352 if (val == 0)
1353 return 0;
1354
1355 /* If CurrentConnectStatus is cleared we set
1356 * ConnectStatusChange
1357 */
1358 if (!(ohci->rhport[i].ctrl & OHCI_PORT_CCS)) {
1359 ohci->rhport[i].ctrl |= OHCI_PORT_CSC;
1360 if (ohci->rhstatus & OHCI_RHS_DRWE) {
1361 /* TODO: CSC is a wakeup event */
1362 }
1363 return 0;
1364 }
1365
1366 if (ohci->rhport[i].ctrl & val)
1367 ret = 0;
1368
1369 /* set the bit */
1370 ohci->rhport[i].ctrl |= val;
1371
1372 return ret;
1373 }
1374
1375 /* Set the frame interval - frame interval toggle is manipulated by the hcd only */
ohci_set_frame_interval(OHCIState * ohci,uint16_t val)1376 static void ohci_set_frame_interval(OHCIState *ohci, uint16_t val)
1377 {
1378 val &= OHCI_FMI_FI;
1379
1380 if (val != ohci->fi) {
1381 trace_usb_ohci_set_frame_interval(ohci->name, ohci->fi, ohci->fi);
1382 }
1383
1384 ohci->fi = val;
1385 }
1386
ohci_port_power(OHCIState * ohci,int i,int p)1387 static void ohci_port_power(OHCIState *ohci, int i, int p)
1388 {
1389 if (p) {
1390 ohci->rhport[i].ctrl |= OHCI_PORT_PPS;
1391 } else {
1392 ohci->rhport[i].ctrl &= ~(OHCI_PORT_PPS|
1393 OHCI_PORT_CCS|
1394 OHCI_PORT_PSS|
1395 OHCI_PORT_PRS);
1396 }
1397 }
1398
1399 /* Set HcControlRegister */
ohci_set_ctl(OHCIState * ohci,uint32_t val)1400 static void ohci_set_ctl(OHCIState *ohci, uint32_t val)
1401 {
1402 uint32_t old_state;
1403 uint32_t new_state;
1404
1405 old_state = ohci->ctl & OHCI_CTL_HCFS;
1406 ohci->ctl = val;
1407 new_state = ohci->ctl & OHCI_CTL_HCFS;
1408
1409 /* no state change */
1410 if (old_state == new_state)
1411 return;
1412
1413 trace_usb_ohci_set_ctl(ohci->name, new_state);
1414 switch (new_state) {
1415 case OHCI_USB_OPERATIONAL:
1416 ohci_bus_start(ohci);
1417 break;
1418 case OHCI_USB_SUSPEND:
1419 ohci_bus_stop(ohci);
1420 /* clear pending SF otherwise linux driver loops in ohci_irq() */
1421 ohci->intr_status &= ~OHCI_INTR_SF;
1422 ohci_intr_update(ohci);
1423 break;
1424 case OHCI_USB_RESUME:
1425 trace_usb_ohci_resume(ohci->name);
1426 break;
1427 case OHCI_USB_RESET:
1428 ohci_roothub_reset(ohci);
1429 break;
1430 }
1431 }
1432
ohci_get_frame_remaining(OHCIState * ohci)1433 static uint32_t ohci_get_frame_remaining(OHCIState *ohci)
1434 {
1435 uint16_t fr;
1436 int64_t tks;
1437
1438 if ((ohci->ctl & OHCI_CTL_HCFS) != OHCI_USB_OPERATIONAL)
1439 return (ohci->frt << 31);
1440
1441 /* Being in USB operational state guarnatees sof_time was
1442 * set already.
1443 */
1444 tks = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) - ohci->sof_time;
1445 if (tks < 0) {
1446 tks = 0;
1447 }
1448
1449 /* avoid muldiv if possible */
1450 if (tks >= usb_frame_time)
1451 return (ohci->frt << 31);
1452
1453 tks = tks / usb_bit_time;
1454 fr = (uint16_t)(ohci->fi - tks);
1455
1456 return (ohci->frt << 31) | fr;
1457 }
1458
1459
1460 /* Set root hub status */
ohci_set_hub_status(OHCIState * ohci,uint32_t val)1461 static void ohci_set_hub_status(OHCIState *ohci, uint32_t val)
1462 {
1463 uint32_t old_state;
1464
1465 old_state = ohci->rhstatus;
1466
1467 /* write 1 to clear OCIC */
1468 if (val & OHCI_RHS_OCIC)
1469 ohci->rhstatus &= ~OHCI_RHS_OCIC;
1470
1471 if (val & OHCI_RHS_LPS) {
1472 int i;
1473
1474 for (i = 0; i < ohci->num_ports; i++)
1475 ohci_port_power(ohci, i, 0);
1476 trace_usb_ohci_hub_power_down();
1477 }
1478
1479 if (val & OHCI_RHS_LPSC) {
1480 int i;
1481
1482 for (i = 0; i < ohci->num_ports; i++)
1483 ohci_port_power(ohci, i, 1);
1484 trace_usb_ohci_hub_power_up();
1485 }
1486
1487 if (val & OHCI_RHS_DRWE)
1488 ohci->rhstatus |= OHCI_RHS_DRWE;
1489
1490 if (val & OHCI_RHS_CRWE)
1491 ohci->rhstatus &= ~OHCI_RHS_DRWE;
1492
1493 if (old_state != ohci->rhstatus)
1494 ohci_set_interrupt(ohci, OHCI_INTR_RHSC);
1495 }
1496
1497 /* Set root hub port status */
ohci_port_set_status(OHCIState * ohci,int portnum,uint32_t val)1498 static void ohci_port_set_status(OHCIState *ohci, int portnum, uint32_t val)
1499 {
1500 uint32_t old_state;
1501 OHCIPort *port;
1502
1503 port = &ohci->rhport[portnum];
1504 old_state = port->ctrl;
1505
1506 /* Write to clear CSC, PESC, PSSC, OCIC, PRSC */
1507 if (val & OHCI_PORT_WTC)
1508 port->ctrl &= ~(val & OHCI_PORT_WTC);
1509
1510 if (val & OHCI_PORT_CCS)
1511 port->ctrl &= ~OHCI_PORT_PES;
1512
1513 ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PES);
1514
1515 if (ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PSS)) {
1516 trace_usb_ohci_port_suspend(portnum);
1517 }
1518
1519 if (ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PRS)) {
1520 trace_usb_ohci_port_reset(portnum);
1521 usb_device_reset(port->port.dev);
1522 port->ctrl &= ~OHCI_PORT_PRS;
1523 /* ??? Should this also set OHCI_PORT_PESC. */
1524 port->ctrl |= OHCI_PORT_PES | OHCI_PORT_PRSC;
1525 }
1526
1527 /* Invert order here to ensure in ambiguous case, device is
1528 * powered up...
1529 */
1530 if (val & OHCI_PORT_LSDA)
1531 ohci_port_power(ohci, portnum, 0);
1532 if (val & OHCI_PORT_PPS)
1533 ohci_port_power(ohci, portnum, 1);
1534
1535 if (old_state != port->ctrl)
1536 ohci_set_interrupt(ohci, OHCI_INTR_RHSC);
1537 }
1538
ohci_mem_read(void * opaque,hwaddr addr,unsigned size)1539 static uint64_t ohci_mem_read(void *opaque,
1540 hwaddr addr,
1541 unsigned size)
1542 {
1543 OHCIState *ohci = opaque;
1544 uint32_t retval;
1545
1546 /* Only aligned reads are allowed on OHCI */
1547 if (addr & 3) {
1548 trace_usb_ohci_mem_read_unaligned(addr);
1549 return 0xffffffff;
1550 } else if (addr >= 0x54 && addr < 0x54 + ohci->num_ports * 4) {
1551 /* HcRhPortStatus */
1552 retval = ohci->rhport[(addr - 0x54) >> 2].ctrl | OHCI_PORT_PPS;
1553 } else {
1554 switch (addr >> 2) {
1555 case 0: /* HcRevision */
1556 retval = 0x10;
1557 break;
1558
1559 case 1: /* HcControl */
1560 retval = ohci->ctl;
1561 break;
1562
1563 case 2: /* HcCommandStatus */
1564 retval = ohci->status;
1565 break;
1566
1567 case 3: /* HcInterruptStatus */
1568 retval = ohci->intr_status;
1569 break;
1570
1571 case 4: /* HcInterruptEnable */
1572 case 5: /* HcInterruptDisable */
1573 retval = ohci->intr;
1574 break;
1575
1576 case 6: /* HcHCCA */
1577 retval = ohci->hcca;
1578 break;
1579
1580 case 7: /* HcPeriodCurrentED */
1581 retval = ohci->per_cur;
1582 break;
1583
1584 case 8: /* HcControlHeadED */
1585 retval = ohci->ctrl_head;
1586 break;
1587
1588 case 9: /* HcControlCurrentED */
1589 retval = ohci->ctrl_cur;
1590 break;
1591
1592 case 10: /* HcBulkHeadED */
1593 retval = ohci->bulk_head;
1594 break;
1595
1596 case 11: /* HcBulkCurrentED */
1597 retval = ohci->bulk_cur;
1598 break;
1599
1600 case 12: /* HcDoneHead */
1601 retval = ohci->done;
1602 break;
1603
1604 case 13: /* HcFmInterretval */
1605 retval = (ohci->fit << 31) | (ohci->fsmps << 16) | (ohci->fi);
1606 break;
1607
1608 case 14: /* HcFmRemaining */
1609 retval = ohci_get_frame_remaining(ohci);
1610 break;
1611
1612 case 15: /* HcFmNumber */
1613 retval = ohci->frame_number;
1614 break;
1615
1616 case 16: /* HcPeriodicStart */
1617 retval = ohci->pstart;
1618 break;
1619
1620 case 17: /* HcLSThreshold */
1621 retval = ohci->lst;
1622 break;
1623
1624 case 18: /* HcRhDescriptorA */
1625 retval = ohci->rhdesc_a;
1626 break;
1627
1628 case 19: /* HcRhDescriptorB */
1629 retval = ohci->rhdesc_b;
1630 break;
1631
1632 case 20: /* HcRhStatus */
1633 retval = ohci->rhstatus;
1634 break;
1635
1636 /* PXA27x specific registers */
1637 case 24: /* HcStatus */
1638 retval = ohci->hstatus & ohci->hmask;
1639 break;
1640
1641 case 25: /* HcHReset */
1642 retval = ohci->hreset;
1643 break;
1644
1645 case 26: /* HcHInterruptEnable */
1646 retval = ohci->hmask;
1647 break;
1648
1649 case 27: /* HcHInterruptTest */
1650 retval = ohci->htest;
1651 break;
1652
1653 default:
1654 trace_usb_ohci_mem_read_bad_offset(addr);
1655 retval = 0xffffffff;
1656 }
1657 }
1658
1659 return retval;
1660 }
1661
ohci_mem_write(void * opaque,hwaddr addr,uint64_t val,unsigned size)1662 static void ohci_mem_write(void *opaque,
1663 hwaddr addr,
1664 uint64_t val,
1665 unsigned size)
1666 {
1667 OHCIState *ohci = opaque;
1668
1669 /* Only aligned reads are allowed on OHCI */
1670 if (addr & 3) {
1671 trace_usb_ohci_mem_write_unaligned(addr);
1672 return;
1673 }
1674
1675 if (addr >= 0x54 && addr < 0x54 + ohci->num_ports * 4) {
1676 /* HcRhPortStatus */
1677 ohci_port_set_status(ohci, (addr - 0x54) >> 2, val);
1678 return;
1679 }
1680
1681 switch (addr >> 2) {
1682 case 1: /* HcControl */
1683 ohci_set_ctl(ohci, val);
1684 break;
1685
1686 case 2: /* HcCommandStatus */
1687 /* SOC is read-only */
1688 val = (val & ~OHCI_STATUS_SOC);
1689
1690 /* Bits written as '0' remain unchanged in the register */
1691 ohci->status |= val;
1692
1693 if (ohci->status & OHCI_STATUS_HCR)
1694 ohci_soft_reset(ohci);
1695 break;
1696
1697 case 3: /* HcInterruptStatus */
1698 ohci->intr_status &= ~val;
1699 ohci_intr_update(ohci);
1700 break;
1701
1702 case 4: /* HcInterruptEnable */
1703 ohci->intr |= val;
1704 ohci_intr_update(ohci);
1705 break;
1706
1707 case 5: /* HcInterruptDisable */
1708 ohci->intr &= ~val;
1709 ohci_intr_update(ohci);
1710 break;
1711
1712 case 6: /* HcHCCA */
1713 ohci->hcca = val & OHCI_HCCA_MASK;
1714 break;
1715
1716 case 7: /* HcPeriodCurrentED */
1717 /* Ignore writes to this read-only register, Linux does them */
1718 break;
1719
1720 case 8: /* HcControlHeadED */
1721 ohci->ctrl_head = val & OHCI_EDPTR_MASK;
1722 break;
1723
1724 case 9: /* HcControlCurrentED */
1725 ohci->ctrl_cur = val & OHCI_EDPTR_MASK;
1726 break;
1727
1728 case 10: /* HcBulkHeadED */
1729 ohci->bulk_head = val & OHCI_EDPTR_MASK;
1730 break;
1731
1732 case 11: /* HcBulkCurrentED */
1733 ohci->bulk_cur = val & OHCI_EDPTR_MASK;
1734 break;
1735
1736 case 13: /* HcFmInterval */
1737 ohci->fsmps = (val & OHCI_FMI_FSMPS) >> 16;
1738 ohci->fit = (val & OHCI_FMI_FIT) >> 31;
1739 ohci_set_frame_interval(ohci, val);
1740 break;
1741
1742 case 15: /* HcFmNumber */
1743 break;
1744
1745 case 16: /* HcPeriodicStart */
1746 ohci->pstart = val & 0xffff;
1747 break;
1748
1749 case 17: /* HcLSThreshold */
1750 ohci->lst = val & 0xffff;
1751 break;
1752
1753 case 18: /* HcRhDescriptorA */
1754 ohci->rhdesc_a &= ~OHCI_RHA_RW_MASK;
1755 ohci->rhdesc_a |= val & OHCI_RHA_RW_MASK;
1756 break;
1757
1758 case 19: /* HcRhDescriptorB */
1759 break;
1760
1761 case 20: /* HcRhStatus */
1762 ohci_set_hub_status(ohci, val);
1763 break;
1764
1765 /* PXA27x specific registers */
1766 case 24: /* HcStatus */
1767 ohci->hstatus &= ~(val & ohci->hmask);
1768 break;
1769
1770 case 25: /* HcHReset */
1771 ohci->hreset = val & ~OHCI_HRESET_FSBIR;
1772 if (val & OHCI_HRESET_FSBIR)
1773 ohci_hard_reset(ohci);
1774 break;
1775
1776 case 26: /* HcHInterruptEnable */
1777 ohci->hmask = val;
1778 break;
1779
1780 case 27: /* HcHInterruptTest */
1781 ohci->htest = val;
1782 break;
1783
1784 default:
1785 trace_usb_ohci_mem_write_bad_offset(addr);
1786 break;
1787 }
1788 }
1789
ohci_async_cancel_device(OHCIState * ohci,USBDevice * dev)1790 static void ohci_async_cancel_device(OHCIState *ohci, USBDevice *dev)
1791 {
1792 if (ohci->async_td &&
1793 usb_packet_is_inflight(&ohci->usb_packet) &&
1794 ohci->usb_packet.ep->dev == dev) {
1795 usb_cancel_packet(&ohci->usb_packet);
1796 ohci->async_td = 0;
1797 }
1798 }
1799
1800 static const MemoryRegionOps ohci_mem_ops = {
1801 .read = ohci_mem_read,
1802 .write = ohci_mem_write,
1803 .endianness = DEVICE_LITTLE_ENDIAN,
1804 };
1805
1806 static USBPortOps ohci_port_ops = {
1807 .attach = ohci_attach,
1808 .detach = ohci_detach,
1809 .child_detach = ohci_child_detach,
1810 .wakeup = ohci_wakeup,
1811 .complete = ohci_async_complete_packet,
1812 };
1813
1814 static USBBusOps ohci_bus_ops = {
1815 };
1816
usb_ohci_init(OHCIState * ohci,DeviceState * dev,uint32_t num_ports,dma_addr_t localmem_base,char * masterbus,uint32_t firstport,AddressSpace * as,void (* ohci_die_fn)(struct OHCIState *),Error ** errp)1817 void usb_ohci_init(OHCIState *ohci, DeviceState *dev, uint32_t num_ports,
1818 dma_addr_t localmem_base, char *masterbus,
1819 uint32_t firstport, AddressSpace *as,
1820 void (*ohci_die_fn)(struct OHCIState *), Error **errp)
1821 {
1822 Error *err = NULL;
1823 int i;
1824
1825 ohci->as = as;
1826 ohci->ohci_die = ohci_die_fn;
1827
1828 if (num_ports > OHCI_MAX_PORTS) {
1829 error_setg(errp, "OHCI num-ports=%u is too big (limit is %u ports)",
1830 num_ports, OHCI_MAX_PORTS);
1831 return;
1832 }
1833
1834 if (usb_frame_time == 0) {
1835 #ifdef OHCI_TIME_WARP
1836 usb_frame_time = NANOSECONDS_PER_SECOND;
1837 usb_bit_time = NANOSECONDS_PER_SECOND / (USB_HZ / 1000);
1838 #else
1839 usb_frame_time = NANOSECONDS_PER_SECOND / 1000;
1840 if (NANOSECONDS_PER_SECOND >= USB_HZ) {
1841 usb_bit_time = NANOSECONDS_PER_SECOND / USB_HZ;
1842 } else {
1843 usb_bit_time = 1;
1844 }
1845 #endif
1846 trace_usb_ohci_init_time(usb_frame_time, usb_bit_time);
1847 }
1848
1849 ohci->num_ports = num_ports;
1850 if (masterbus) {
1851 USBPort *ports[OHCI_MAX_PORTS];
1852 for(i = 0; i < num_ports; i++) {
1853 ports[i] = &ohci->rhport[i].port;
1854 }
1855 usb_register_companion(masterbus, ports, num_ports,
1856 firstport, ohci, &ohci_port_ops,
1857 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL,
1858 &err);
1859 if (err) {
1860 error_propagate(errp, err);
1861 return;
1862 }
1863 } else {
1864 usb_bus_new(&ohci->bus, sizeof(ohci->bus), &ohci_bus_ops, dev);
1865 for (i = 0; i < num_ports; i++) {
1866 usb_register_port(&ohci->bus, &ohci->rhport[i].port,
1867 ohci, i, &ohci_port_ops,
1868 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL);
1869 }
1870 }
1871
1872 memory_region_init_io(&ohci->mem, OBJECT(dev), &ohci_mem_ops,
1873 ohci, "ohci", 256);
1874 ohci->localmem_base = localmem_base;
1875
1876 ohci->name = object_get_typename(OBJECT(dev));
1877 usb_packet_init(&ohci->usb_packet);
1878
1879 ohci->async_td = 0;
1880
1881 ohci->eof_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
1882 ohci_frame_boundary, ohci);
1883 }
1884
1885 /**
1886 * A typical OHCI will stop operating and set itself into error state
1887 * (which can be queried by MMIO) to signal that it got an error.
1888 */
ohci_sysbus_die(struct OHCIState * ohci)1889 void ohci_sysbus_die(struct OHCIState *ohci)
1890 {
1891 trace_usb_ohci_die();
1892
1893 ohci_set_interrupt(ohci, OHCI_INTR_UE);
1894 ohci_bus_stop(ohci);
1895 }
1896
ohci_realize_pxa(DeviceState * dev,Error ** errp)1897 static void ohci_realize_pxa(DeviceState *dev, Error **errp)
1898 {
1899 OHCISysBusState *s = SYSBUS_OHCI(dev);
1900 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1901 Error *err = NULL;
1902
1903 usb_ohci_init(&s->ohci, dev, s->num_ports, s->dma_offset,
1904 s->masterbus, s->firstport,
1905 &address_space_memory, ohci_sysbus_die, &err);
1906 if (err) {
1907 error_propagate(errp, err);
1908 return;
1909 }
1910 sysbus_init_irq(sbd, &s->ohci.irq);
1911 sysbus_init_mmio(sbd, &s->ohci.mem);
1912 }
1913
usb_ohci_reset_sysbus(DeviceState * dev)1914 static void usb_ohci_reset_sysbus(DeviceState *dev)
1915 {
1916 OHCISysBusState *s = SYSBUS_OHCI(dev);
1917 OHCIState *ohci = &s->ohci;
1918
1919 ohci_hard_reset(ohci);
1920 }
1921
1922 static const VMStateDescription vmstate_ohci_state_port = {
1923 .name = "ohci-core/port",
1924 .version_id = 1,
1925 .minimum_version_id = 1,
1926 .fields = (VMStateField[]) {
1927 VMSTATE_UINT32(ctrl, OHCIPort),
1928 VMSTATE_END_OF_LIST()
1929 },
1930 };
1931
ohci_eof_timer_needed(void * opaque)1932 static bool ohci_eof_timer_needed(void *opaque)
1933 {
1934 OHCIState *ohci = opaque;
1935
1936 return timer_pending(ohci->eof_timer);
1937 }
1938
1939 static const VMStateDescription vmstate_ohci_eof_timer = {
1940 .name = "ohci-core/eof-timer",
1941 .version_id = 1,
1942 .minimum_version_id = 1,
1943 .needed = ohci_eof_timer_needed,
1944 .fields = (VMStateField[]) {
1945 VMSTATE_TIMER_PTR(eof_timer, OHCIState),
1946 VMSTATE_END_OF_LIST()
1947 },
1948 };
1949
1950 const VMStateDescription vmstate_ohci_state = {
1951 .name = "ohci-core",
1952 .version_id = 1,
1953 .minimum_version_id = 1,
1954 .fields = (VMStateField[]) {
1955 VMSTATE_INT64(sof_time, OHCIState),
1956 VMSTATE_UINT32(ctl, OHCIState),
1957 VMSTATE_UINT32(status, OHCIState),
1958 VMSTATE_UINT32(intr_status, OHCIState),
1959 VMSTATE_UINT32(intr, OHCIState),
1960 VMSTATE_UINT32(hcca, OHCIState),
1961 VMSTATE_UINT32(ctrl_head, OHCIState),
1962 VMSTATE_UINT32(ctrl_cur, OHCIState),
1963 VMSTATE_UINT32(bulk_head, OHCIState),
1964 VMSTATE_UINT32(bulk_cur, OHCIState),
1965 VMSTATE_UINT32(per_cur, OHCIState),
1966 VMSTATE_UINT32(done, OHCIState),
1967 VMSTATE_INT32(done_count, OHCIState),
1968 VMSTATE_UINT16(fsmps, OHCIState),
1969 VMSTATE_UINT8(fit, OHCIState),
1970 VMSTATE_UINT16(fi, OHCIState),
1971 VMSTATE_UINT8(frt, OHCIState),
1972 VMSTATE_UINT16(frame_number, OHCIState),
1973 VMSTATE_UINT16(padding, OHCIState),
1974 VMSTATE_UINT32(pstart, OHCIState),
1975 VMSTATE_UINT32(lst, OHCIState),
1976 VMSTATE_UINT32(rhdesc_a, OHCIState),
1977 VMSTATE_UINT32(rhdesc_b, OHCIState),
1978 VMSTATE_UINT32(rhstatus, OHCIState),
1979 VMSTATE_STRUCT_ARRAY(rhport, OHCIState, OHCI_MAX_PORTS, 0,
1980 vmstate_ohci_state_port, OHCIPort),
1981 VMSTATE_UINT32(hstatus, OHCIState),
1982 VMSTATE_UINT32(hmask, OHCIState),
1983 VMSTATE_UINT32(hreset, OHCIState),
1984 VMSTATE_UINT32(htest, OHCIState),
1985 VMSTATE_UINT32(old_ctl, OHCIState),
1986 VMSTATE_UINT8_ARRAY(usb_buf, OHCIState, 8192),
1987 VMSTATE_UINT32(async_td, OHCIState),
1988 VMSTATE_BOOL(async_complete, OHCIState),
1989 VMSTATE_END_OF_LIST()
1990 },
1991 .subsections = (const VMStateDescription*[]) {
1992 &vmstate_ohci_eof_timer,
1993 NULL
1994 }
1995 };
1996
1997 static Property ohci_sysbus_properties[] = {
1998 DEFINE_PROP_STRING("masterbus", OHCISysBusState, masterbus),
1999 DEFINE_PROP_UINT32("num-ports", OHCISysBusState, num_ports, 3),
2000 DEFINE_PROP_UINT32("firstport", OHCISysBusState, firstport, 0),
2001 DEFINE_PROP_DMAADDR("dma-offset", OHCISysBusState, dma_offset, 0),
2002 DEFINE_PROP_END_OF_LIST(),
2003 };
2004
ohci_sysbus_class_init(ObjectClass * klass,void * data)2005 static void ohci_sysbus_class_init(ObjectClass *klass, void *data)
2006 {
2007 DeviceClass *dc = DEVICE_CLASS(klass);
2008
2009 dc->realize = ohci_realize_pxa;
2010 set_bit(DEVICE_CATEGORY_USB, dc->categories);
2011 dc->desc = "OHCI USB Controller";
2012 device_class_set_props(dc, ohci_sysbus_properties);
2013 dc->reset = usb_ohci_reset_sysbus;
2014 }
2015
2016 static const TypeInfo ohci_sysbus_info = {
2017 .name = TYPE_SYSBUS_OHCI,
2018 .parent = TYPE_SYS_BUS_DEVICE,
2019 .instance_size = sizeof(OHCISysBusState),
2020 .class_init = ohci_sysbus_class_init,
2021 };
2022
ohci_register_types(void)2023 static void ohci_register_types(void)
2024 {
2025 type_register_static(&ohci_sysbus_info);
2026 }
2027
2028 type_init(ohci_register_types)
2029