search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix 32-bit overflow in parallels image support
[qemu-kvm/fedora.git] / hw / usb-ohci.c
blob4c42ec0de823db30afa22d2d14cefb430e2e0580
1 /*
2 * QEMU USB OHCI Emulation
3 * Copyright (c) 2004 Gianni Tedesco
4 * Copyright (c) 2006 CodeSourcery
5 * Copyright (c) 2006 Openedhand Ltd.
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 *
20 * TODO:
21 * o Isochronous transfers
22 * o Allocate bandwidth in frames properly
23 * o Disable timers when nothing needs to be done, or remove timer usage
24 * all together.
25 * o Handle unrecoverable errors properly
26 * o BIOS work to boot from USB storage
27 */
28
29 #include "hw.h"
30 #include "qemu-timer.h"
31 #include "usb.h"
32 #include "pci.h"
33 #include "pxa.h"
34 #include "devices.h"
35
36 //#define DEBUG_OHCI
37 /* Dump packet contents. */
38 //#define DEBUG_PACKET
39 //#define DEBUG_ISOCH
40 /* This causes frames to occur 1000x slower */
41 //#define OHCI_TIME_WARP 1
42
43 #ifdef DEBUG_OHCI
44 #define dprintf printf
45 #else
46 #define dprintf(...)
47 #endif
48
49 /* Number of Downstream Ports on the root hub. */
50
51 #define OHCI_MAX_PORTS 15
52
53 static int64_t usb_frame_time;
54 static int64_t usb_bit_time;
55
56 typedef struct OHCIPort {
57 USBPort port;
58 uint32_t ctrl;
59 } OHCIPort;
60
61 enum ohci_type {
62 OHCI_TYPE_PCI,
63 OHCI_TYPE_PXA,
64 OHCI_TYPE_SM501,
65 };
66
67 typedef struct {
68 qemu_irq irq;
69 enum ohci_type type;
70 int mem;
71 int num_ports;
72 const char *name;
73
74 QEMUTimer *eof_timer;
75 int64_t sof_time;
76
77 /* OHCI state */
78 /* Control partition */
79 uint32_t ctl, status;
80 uint32_t intr_status;
81 uint32_t intr;
82
83 /* memory pointer partition */
84 uint32_t hcca;
85 uint32_t ctrl_head, ctrl_cur;
86 uint32_t bulk_head, bulk_cur;
87 uint32_t per_cur;
88 uint32_t done;
89 int done_count;
90
91 /* Frame counter partition */
92 uint32_t fsmps:15;
93 uint32_t fit:1;
94 uint32_t fi:14;
95 uint32_t frt:1;
96 uint16_t frame_number;
97 uint16_t padding;
98 uint32_t pstart;
99 uint32_t lst;
100
101 /* Root Hub partition */
102 uint32_t rhdesc_a, rhdesc_b;
103 uint32_t rhstatus;
104 OHCIPort rhport[OHCI_MAX_PORTS];
105
106 /* PXA27x Non-OHCI events */
107 uint32_t hstatus;
108 uint32_t hmask;
109 uint32_t hreset;
110 uint32_t htest;
111
112 /* SM501 local memory offset */
113 target_phys_addr_t localmem_base;
114
115 /* Active packets. */
116 uint32_t old_ctl;
117 USBPacket usb_packet;
118 uint8_t usb_buf[8192];
119 uint32_t async_td;
120 int async_complete;
121
122 } OHCIState;
123
124 /* Host Controller Communications Area */
125 struct ohci_hcca {
126 uint32_t intr[32];
127 uint16_t frame, pad;
128 uint32_t done;
129 };
130
131 static void ohci_bus_stop(OHCIState *ohci);
132
133 /* Bitfields for the first word of an Endpoint Desciptor. */
134 #define OHCI_ED_FA_SHIFT 0
135 #define OHCI_ED_FA_MASK (0x7f<<OHCI_ED_FA_SHIFT)
136 #define OHCI_ED_EN_SHIFT 7
137 #define OHCI_ED_EN_MASK (0xf<<OHCI_ED_EN_SHIFT)
138 #define OHCI_ED_D_SHIFT 11
139 #define OHCI_ED_D_MASK (3<<OHCI_ED_D_SHIFT)
140 #define OHCI_ED_S (1<<13)
141 #define OHCI_ED_K (1<<14)
142 #define OHCI_ED_F (1<<15)
143 #define OHCI_ED_MPS_SHIFT 16
144 #define OHCI_ED_MPS_MASK (0x7ff<<OHCI_ED_MPS_SHIFT)
145
146 /* Flags in the head field of an Endpoint Desciptor. */
147 #define OHCI_ED_H 1
148 #define OHCI_ED_C 2
149
150 /* Bitfields for the first word of a Transfer Desciptor. */
151 #define OHCI_TD_R (1<<18)
152 #define OHCI_TD_DP_SHIFT 19
153 #define OHCI_TD_DP_MASK (3<<OHCI_TD_DP_SHIFT)
154 #define OHCI_TD_DI_SHIFT 21
155 #define OHCI_TD_DI_MASK (7<<OHCI_TD_DI_SHIFT)
156 #define OHCI_TD_T0 (1<<24)
157 #define OHCI_TD_T1 (1<<24)
158 #define OHCI_TD_EC_SHIFT 26
159 #define OHCI_TD_EC_MASK (3<<OHCI_TD_EC_SHIFT)
160 #define OHCI_TD_CC_SHIFT 28
161 #define OHCI_TD_CC_MASK (0xf<<OHCI_TD_CC_SHIFT)
162
163 /* Bitfields for the first word of an Isochronous Transfer Desciptor. */
164 /* CC & DI - same as in the General Transfer Desciptor */
165 #define OHCI_TD_SF_SHIFT 0
166 #define OHCI_TD_SF_MASK (0xffff<<OHCI_TD_SF_SHIFT)
167 #define OHCI_TD_FC_SHIFT 24
168 #define OHCI_TD_FC_MASK (7<<OHCI_TD_FC_SHIFT)
169
170 /* Isochronous Transfer Desciptor - Offset / PacketStatusWord */
171 #define OHCI_TD_PSW_CC_SHIFT 12
172 #define OHCI_TD_PSW_CC_MASK (0xf<<OHCI_TD_PSW_CC_SHIFT)
173 #define OHCI_TD_PSW_SIZE_SHIFT 0
174 #define OHCI_TD_PSW_SIZE_MASK (0xfff<<OHCI_TD_PSW_SIZE_SHIFT)
175
176 #define OHCI_PAGE_MASK 0xfffff000
177 #define OHCI_OFFSET_MASK 0xfff
178
179 #define OHCI_DPTR_MASK 0xfffffff0
180
181 #define OHCI_BM(val, field) \
182 (((val) & OHCI_##field##_MASK) >> OHCI_##field##_SHIFT)
183
184 #define OHCI_SET_BM(val, field, newval) do { \
185 val &= ~OHCI_##field##_MASK; \
186 val |= ((newval) << OHCI_##field##_SHIFT) & OHCI_##field##_MASK; \
187 } while(0)
188
189 /* endpoint descriptor */
190 struct ohci_ed {
191 uint32_t flags;
192 uint32_t tail;
193 uint32_t head;
194 uint32_t next;
195 };
196
197 /* General transfer descriptor */
198 struct ohci_td {
199 uint32_t flags;
200 uint32_t cbp;
201 uint32_t next;
202 uint32_t be;
203 };
204
205 /* Isochronous transfer descriptor */
206 struct ohci_iso_td {
207 uint32_t flags;
208 uint32_t bp;
209 uint32_t next;
210 uint32_t be;
211 uint16_t offset[8];
212 };
213
214 #define USB_HZ 12000000
215
216 /* OHCI Local stuff */
217 #define OHCI_CTL_CBSR ((1<<0)|(1<<1))
218 #define OHCI_CTL_PLE (1<<2)
219 #define OHCI_CTL_IE (1<<3)
220 #define OHCI_CTL_CLE (1<<4)
221 #define OHCI_CTL_BLE (1<<5)
222 #define OHCI_CTL_HCFS ((1<<6)|(1<<7))
223 #define OHCI_USB_RESET 0x00
224 #define OHCI_USB_RESUME 0x40
225 #define OHCI_USB_OPERATIONAL 0x80
226 #define OHCI_USB_SUSPEND 0xc0
227 #define OHCI_CTL_IR (1<<8)
228 #define OHCI_CTL_RWC (1<<9)
229 #define OHCI_CTL_RWE (1<<10)
230
231 #define OHCI_STATUS_HCR (1<<0)
232 #define OHCI_STATUS_CLF (1<<1)
233 #define OHCI_STATUS_BLF (1<<2)
234 #define OHCI_STATUS_OCR (1<<3)
235 #define OHCI_STATUS_SOC ((1<<6)|(1<<7))
236
237 #define OHCI_INTR_SO (1<<0) /* Scheduling overrun */
238 #define OHCI_INTR_WD (1<<1) /* HcDoneHead writeback */
239 #define OHCI_INTR_SF (1<<2) /* Start of frame */
240 #define OHCI_INTR_RD (1<<3) /* Resume detect */
241 #define OHCI_INTR_UE (1<<4) /* Unrecoverable error */
242 #define OHCI_INTR_FNO (1<<5) /* Frame number overflow */
243 #define OHCI_INTR_RHSC (1<<6) /* Root hub status change */
244 #define OHCI_INTR_OC (1<<30) /* Ownership change */
245 #define OHCI_INTR_MIE (1<<31) /* Master Interrupt Enable */
246
247 #define OHCI_HCCA_SIZE 0x100
248 #define OHCI_HCCA_MASK 0xffffff00
249
250 #define OHCI_EDPTR_MASK 0xfffffff0
251
252 #define OHCI_FMI_FI 0x00003fff
253 #define OHCI_FMI_FSMPS 0xffff0000
254 #define OHCI_FMI_FIT 0x80000000
255
256 #define OHCI_FR_RT (1<<31)
257
258 #define OHCI_LS_THRESH 0x628
259
260 #define OHCI_RHA_RW_MASK 0x00000000 /* Mask of supported features. */
261 #define OHCI_RHA_PSM (1<<8)
262 #define OHCI_RHA_NPS (1<<9)
263 #define OHCI_RHA_DT (1<<10)
264 #define OHCI_RHA_OCPM (1<<11)
265 #define OHCI_RHA_NOCP (1<<12)
266 #define OHCI_RHA_POTPGT_MASK 0xff000000
267
268 #define OHCI_RHS_LPS (1<<0)
269 #define OHCI_RHS_OCI (1<<1)
270 #define OHCI_RHS_DRWE (1<<15)
271 #define OHCI_RHS_LPSC (1<<16)
272 #define OHCI_RHS_OCIC (1<<17)
273 #define OHCI_RHS_CRWE (1<<31)
274
275 #define OHCI_PORT_CCS (1<<0)
276 #define OHCI_PORT_PES (1<<1)
277 #define OHCI_PORT_PSS (1<<2)
278 #define OHCI_PORT_POCI (1<<3)
279 #define OHCI_PORT_PRS (1<<4)
280 #define OHCI_PORT_PPS (1<<8)
281 #define OHCI_PORT_LSDA (1<<9)
282 #define OHCI_PORT_CSC (1<<16)
283 #define OHCI_PORT_PESC (1<<17)
284 #define OHCI_PORT_PSSC (1<<18)
285 #define OHCI_PORT_OCIC (1<<19)
286 #define OHCI_PORT_PRSC (1<<20)
287 #define OHCI_PORT_WTC (OHCI_PORT_CSC|OHCI_PORT_PESC|OHCI_PORT_PSSC \
288 |OHCI_PORT_OCIC|OHCI_PORT_PRSC)
289
290 #define OHCI_TD_DIR_SETUP 0x0
291 #define OHCI_TD_DIR_OUT 0x1
292 #define OHCI_TD_DIR_IN 0x2
293 #define OHCI_TD_DIR_RESERVED 0x3
294
295 #define OHCI_CC_NOERROR 0x0
296 #define OHCI_CC_CRC 0x1
297 #define OHCI_CC_BITSTUFFING 0x2
298 #define OHCI_CC_DATATOGGLEMISMATCH 0x3
299 #define OHCI_CC_STALL 0x4
300 #define OHCI_CC_DEVICENOTRESPONDING 0x5
301 #define OHCI_CC_PIDCHECKFAILURE 0x6
302 #define OHCI_CC_UNDEXPETEDPID 0x7
303 #define OHCI_CC_DATAOVERRUN 0x8
304 #define OHCI_CC_DATAUNDERRUN 0x9
305 #define OHCI_CC_BUFFEROVERRUN 0xc
306 #define OHCI_CC_BUFFERUNDERRUN 0xd
307
308 #define OHCI_HRESET_FSBIR (1 << 0)
309
310 /* Update IRQ levels */
311 static inline void ohci_intr_update(OHCIState *ohci)
312 {
313 int level = 0;
314
315 if ((ohci->intr & OHCI_INTR_MIE) &&
316 (ohci->intr_status & ohci->intr))
317 level = 1;
318
319 qemu_set_irq(ohci->irq, level);
320 }
321
322 /* Set an interrupt */
323 static inline void ohci_set_interrupt(OHCIState *ohci, uint32_t intr)
324 {
325 ohci->intr_status |= intr;
326 ohci_intr_update(ohci);
327 }
328
329 /* Attach or detach a device on a root hub port. */
330 static void ohci_attach(USBPort *port1, USBDevice *dev)
331 {
332 OHCIState *s = port1->opaque;
333 OHCIPort *port = &s->rhport[port1->index];
334 uint32_t old_state = port->ctrl;
335
336 if (dev) {
337 if (port->port.dev) {
338 usb_attach(port1, NULL);
339 }
340 /* set connect status */
341 port->ctrl |= OHCI_PORT_CCS | OHCI_PORT_CSC;
342
343 /* update speed */
344 if (dev->speed == USB_SPEED_LOW)
345 port->ctrl |= OHCI_PORT_LSDA;
346 else
347 port->ctrl &= ~OHCI_PORT_LSDA;
348 port->port.dev = dev;
349
350 /* notify of remote-wakeup */
351 if ((s->ctl & OHCI_CTL_HCFS) == OHCI_USB_SUSPEND)
352 ohci_set_interrupt(s, OHCI_INTR_RD);
353
354 /* send the attach message */
355 usb_send_msg(dev, USB_MSG_ATTACH);
356 dprintf("usb-ohci: Attached port %d\n", port1->index);
357 } else {
358 /* set connect status */
359 if (port->ctrl & OHCI_PORT_CCS) {
360 port->ctrl &= ~OHCI_PORT_CCS;
361 port->ctrl |= OHCI_PORT_CSC;
362 }
363 /* disable port */
364 if (port->ctrl & OHCI_PORT_PES) {
365 port->ctrl &= ~OHCI_PORT_PES;
366 port->ctrl |= OHCI_PORT_PESC;
367 }
368 dev = port->port.dev;
369 if (dev) {
370 /* send the detach message */
371 usb_send_msg(dev, USB_MSG_DETACH);
372 }
373 port->port.dev = NULL;
374 dprintf("usb-ohci: Detached port %d\n", port1->index);
375 }
376
377 if (old_state != port->ctrl)
378 ohci_set_interrupt(s, OHCI_INTR_RHSC);
379 }
380
381 /* Reset the controller */
382 static void ohci_reset(void *opaque)
383 {
384 OHCIState *ohci = opaque;
385 OHCIPort *port;
386 int i;
387
388 ohci_bus_stop(ohci);
389 ohci->ctl = 0;
390 ohci->old_ctl = 0;
391 ohci->status = 0;
392 ohci->intr_status = 0;
393 ohci->intr = OHCI_INTR_MIE;
394
395 ohci->hcca = 0;
396 ohci->ctrl_head = ohci->ctrl_cur = 0;
397 ohci->bulk_head = ohci->bulk_cur = 0;
398 ohci->per_cur = 0;
399 ohci->done = 0;
400 ohci->done_count = 7;
401
402 /* FSMPS is marked TBD in OCHI 1.0, what gives ffs?
403 * I took the value linux sets ...
404 */
405 ohci->fsmps = 0x2778;
406 ohci->fi = 0x2edf;
407 ohci->fit = 0;
408 ohci->frt = 0;
409 ohci->frame_number = 0;
410 ohci->pstart = 0;
411 ohci->lst = OHCI_LS_THRESH;
412
413 ohci->rhdesc_a = OHCI_RHA_NPS | ohci->num_ports;
414 ohci->rhdesc_b = 0x0; /* Impl. specific */
415 ohci->rhstatus = 0;
416
417 for (i = 0; i < ohci->num_ports; i++)
418 {
419 port = &ohci->rhport[i];
420 port->ctrl = 0;
421 if (port->port.dev)
422 ohci_attach(&port->port, port->port.dev);
423 }
424 if (ohci->async_td) {
425 usb_cancel_packet(&ohci->usb_packet);
426 ohci->async_td = 0;
427 }
428 dprintf("usb-ohci: Reset %s\n", ohci->name);
429 }
430
431 /* Get an array of dwords from main memory */
432 static inline int get_dwords(OHCIState *ohci,
433 uint32_t addr, uint32_t *buf, int num)
434 {
435 int i;
436
437 addr += ohci->localmem_base;
438
439 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
440 cpu_physical_memory_rw(addr, (uint8_t *)buf, sizeof(*buf), 0);
441 *buf = le32_to_cpu(*buf);
442 }
443
444 return 1;
445 }
446
447 /* Put an array of dwords in to main memory */
448 static inline int put_dwords(OHCIState *ohci,
449 uint32_t addr, uint32_t *buf, int num)
450 {
451 int i;
452
453 addr += ohci->localmem_base;
454
455 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
456 uint32_t tmp = cpu_to_le32(*buf);
457 cpu_physical_memory_rw(addr, (uint8_t *)&tmp, sizeof(tmp), 1);
458 }
459
460 return 1;
461 }
462
463 /* Get an array of words from main memory */
464 static inline int get_words(OHCIState *ohci,
465 uint32_t addr, uint16_t *buf, int num)
466 {
467 int i;
468
469 addr += ohci->localmem_base;
470
471 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
472 cpu_physical_memory_rw(addr, (uint8_t *)buf, sizeof(*buf), 0);
473 *buf = le16_to_cpu(*buf);
474 }
475
476 return 1;
477 }
478
479 /* Put an array of words in to main memory */
480 static inline int put_words(OHCIState *ohci,
481 uint32_t addr, uint16_t *buf, int num)
482 {
483 int i;
484
485 addr += ohci->localmem_base;
486
487 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
488 uint16_t tmp = cpu_to_le16(*buf);
489 cpu_physical_memory_rw(addr, (uint8_t *)&tmp, sizeof(tmp), 1);
490 }
491
492 return 1;
493 }
494
495 static inline int ohci_read_ed(OHCIState *ohci,
496 uint32_t addr, struct ohci_ed *ed)
497 {
498 return get_dwords(ohci, addr, (uint32_t *)ed, sizeof(*ed) >> 2);
499 }
500
501 static inline int ohci_read_td(OHCIState *ohci,
502 uint32_t addr, struct ohci_td *td)
503 {
504 return get_dwords(ohci, addr, (uint32_t *)td, sizeof(*td) >> 2);
505 }
506
507 static inline int ohci_read_iso_td(OHCIState *ohci,
508 uint32_t addr, struct ohci_iso_td *td)
509 {
510 return (get_dwords(ohci, addr, (uint32_t *)td, 4) &&
511 get_words(ohci, addr + 16, td->offset, 8));
512 }
513
514 static inline int ohci_read_hcca(OHCIState *ohci,
515 uint32_t addr, struct ohci_hcca *hcca)
516 {
517 cpu_physical_memory_rw(addr + ohci->localmem_base,
518 (uint8_t *)hcca, sizeof(*hcca), 0);
519 return 1;
520 }
521
522 static inline int ohci_put_ed(OHCIState *ohci,
523 uint32_t addr, struct ohci_ed *ed)
524 {
525 return put_dwords(ohci, addr, (uint32_t *)ed, sizeof(*ed) >> 2);
526 }
527
528 static inline int ohci_put_td(OHCIState *ohci,
529 uint32_t addr, struct ohci_td *td)
530 {
531 return put_dwords(ohci, addr, (uint32_t *)td, sizeof(*td) >> 2);
532 }
533
534 static inline int ohci_put_iso_td(OHCIState *ohci,
535 uint32_t addr, struct ohci_iso_td *td)
536 {
537 return (put_dwords(ohci, addr, (uint32_t *)td, 4) &&
538 put_words(ohci, addr + 16, td->offset, 8));
539 }
540
541 static inline int ohci_put_hcca(OHCIState *ohci,
542 uint32_t addr, struct ohci_hcca *hcca)
543 {
544 cpu_physical_memory_rw(addr + ohci->localmem_base,
545 (uint8_t *)hcca, sizeof(*hcca), 1);
546 return 1;
547 }
548
549 /* Read/Write the contents of a TD from/to main memory. */
550 static void ohci_copy_td(OHCIState *ohci, struct ohci_td *td,
551 uint8_t *buf, int len, int write)
552 {
553 uint32_t ptr;
554 uint32_t n;
555
556 ptr = td->cbp;
557 n = 0x1000 - (ptr & 0xfff);
558 if (n > len)
559 n = len;
560 cpu_physical_memory_rw(ptr + ohci->localmem_base, buf, n, write);
561 if (n == len)
562 return;
563 ptr = td->be & ~0xfffu;
564 buf += n;
565 cpu_physical_memory_rw(ptr + ohci->localmem_base, buf, len - n, write);
566 }
567
568 /* Read/Write the contents of an ISO TD from/to main memory. */
569 static void ohci_copy_iso_td(OHCIState *ohci,
570 uint32_t start_addr, uint32_t end_addr,
571 uint8_t *buf, int len, int write)
572 {
573 uint32_t ptr;
574 uint32_t n;
575
576 ptr = start_addr;
577 n = 0x1000 - (ptr & 0xfff);
578 if (n > len)
579 n = len;
580 cpu_physical_memory_rw(ptr + ohci->localmem_base, buf, n, write);
581 if (n == len)
582 return;
583 ptr = end_addr & ~0xfffu;
584 buf += n;
585 cpu_physical_memory_rw(ptr + ohci->localmem_base, buf, len - n, write);
586 }
587
588 static void ohci_process_lists(OHCIState *ohci, int completion);
589
590 static void ohci_async_complete_packet(USBPacket *packet, void *opaque)
591 {
592 OHCIState *ohci = opaque;
593 #ifdef DEBUG_PACKET
594 dprintf("Async packet complete\n");
595 #endif
596 ohci->async_complete = 1;
597 ohci_process_lists(ohci, 1);
598 }
599
600 #define USUB(a, b) ((int16_t)((uint16_t)(a) - (uint16_t)(b)))
601
602 static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
603 int completion)
604 {
605 int dir;
606 size_t len = 0;
607 const char *str = NULL;
608 int pid;
609 int ret;
610 int i;
611 USBDevice *dev;
612 struct ohci_iso_td iso_td;
613 uint32_t addr;
614 uint16_t starting_frame;
615 int16_t relative_frame_number;
616 int frame_count;
617 uint32_t start_offset, next_offset, end_offset = 0;
618 uint32_t start_addr, end_addr;
619
620 addr = ed->head & OHCI_DPTR_MASK;
621
622 if (!ohci_read_iso_td(ohci, addr, &iso_td)) {
623 printf("usb-ohci: ISO_TD read error at %x\n", addr);
624 return 0;
625 }
626
627 starting_frame = OHCI_BM(iso_td.flags, TD_SF);
628 frame_count = OHCI_BM(iso_td.flags, TD_FC);
629 relative_frame_number = USUB(ohci->frame_number, starting_frame);
630
631 #ifdef DEBUG_ISOCH
632 printf("--- ISO_TD ED head 0x%.8x tailp 0x%.8x\n"
633 "0x%.8x 0x%.8x 0x%.8x 0x%.8x\n"
634 "0x%.8x 0x%.8x 0x%.8x 0x%.8x\n"
635 "0x%.8x 0x%.8x 0x%.8x 0x%.8x\n"
636 "frame_number 0x%.8x starting_frame 0x%.8x\n"
637 "frame_count 0x%.8x relative %d\n"
638 "di 0x%.8x cc 0x%.8x\n",
639 ed->head & OHCI_DPTR_MASK, ed->tail & OHCI_DPTR_MASK,
640 iso_td.flags, iso_td.bp, iso_td.next, iso_td.be,
641 iso_td.offset[0], iso_td.offset[1], iso_td.offset[2], iso_td.offset[3],
642 iso_td.offset[4], iso_td.offset[5], iso_td.offset[6], iso_td.offset[7],
643 ohci->frame_number, starting_frame,
644 frame_count, relative_frame_number,
645 OHCI_BM(iso_td.flags, TD_DI), OHCI_BM(iso_td.flags, TD_CC));
646 #endif
647
648 if (relative_frame_number < 0) {
649 dprintf("usb-ohci: ISO_TD R=%d < 0\n", relative_frame_number);
650 return 1;
651 } else if (relative_frame_number > frame_count) {
652 /* ISO TD expired - retire the TD to the Done Queue and continue with
653 the next ISO TD of the same ED */
654 dprintf("usb-ohci: ISO_TD R=%d > FC=%d\n", relative_frame_number,
655 frame_count);
656 OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_DATAOVERRUN);
657 ed->head &= ~OHCI_DPTR_MASK;
658 ed->head |= (iso_td.next & OHCI_DPTR_MASK);
659 iso_td.next = ohci->done;
660 ohci->done = addr;
661 i = OHCI_BM(iso_td.flags, TD_DI);
662 if (i < ohci->done_count)
663 ohci->done_count = i;
664 ohci_put_iso_td(ohci, addr, &iso_td);
665 return 0;
666 }
667
668 dir = OHCI_BM(ed->flags, ED_D);
669 switch (dir) {
670 case OHCI_TD_DIR_IN:
671 str = "in";
672 pid = USB_TOKEN_IN;
673 break;
674 case OHCI_TD_DIR_OUT:
675 str = "out";
676 pid = USB_TOKEN_OUT;
677 break;
678 case OHCI_TD_DIR_SETUP:
679 str = "setup";
680 pid = USB_TOKEN_SETUP;
681 break;
682 default:
683 printf("usb-ohci: Bad direction %d\n", dir);
684 return 1;
685 }
686
687 if (!iso_td.bp || !iso_td.be) {
688 printf("usb-ohci: ISO_TD bp 0x%.8x be 0x%.8x\n", iso_td.bp, iso_td.be);
689 return 1;
690 }
691
692 start_offset = iso_td.offset[relative_frame_number];
693 next_offset = iso_td.offset[relative_frame_number + 1];
694
695 if (!(OHCI_BM(start_offset, TD_PSW_CC) & 0xe) ||
696 ((relative_frame_number < frame_count) &&
697 !(OHCI_BM(next_offset, TD_PSW_CC) & 0xe))) {
698 printf("usb-ohci: ISO_TD cc != not accessed 0x%.8x 0x%.8x\n",
699 start_offset, next_offset);
700 return 1;
701 }
702
703 if ((relative_frame_number < frame_count) && (start_offset > next_offset)) {
704 printf("usb-ohci: ISO_TD start_offset=0x%.8x > next_offset=0x%.8x\n",
705 start_offset, next_offset);
706 return 1;
707 }
708
709 if ((start_offset & 0x1000) == 0) {
710 start_addr = (iso_td.bp & OHCI_PAGE_MASK) |
711 (start_offset & OHCI_OFFSET_MASK);
712 } else {
713 start_addr = (iso_td.be & OHCI_PAGE_MASK) |
714 (start_offset & OHCI_OFFSET_MASK);
715 }
716
717 if (relative_frame_number < frame_count) {
718 end_offset = next_offset - 1;
719 if ((end_offset & 0x1000) == 0) {
720 end_addr = (iso_td.bp & OHCI_PAGE_MASK) |
721 (end_offset & OHCI_OFFSET_MASK);
722 } else {
723 end_addr = (iso_td.be & OHCI_PAGE_MASK) |
724 (end_offset & OHCI_OFFSET_MASK);
725 }
726 } else {
727 /* Last packet in the ISO TD */
728 end_addr = iso_td.be;
729 }
730
731 if ((start_addr & OHCI_PAGE_MASK) != (end_addr & OHCI_PAGE_MASK)) {
732 len = (end_addr & OHCI_OFFSET_MASK) + 0x1001
733 - (start_addr & OHCI_OFFSET_MASK);
734 } else {
735 len = end_addr - start_addr + 1;
736 }
737
738 if (len && dir != OHCI_TD_DIR_IN) {
739 ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, len, 0);
740 }
741
742 if (completion) {
743 ret = ohci->usb_packet.len;
744 } else {
745 ret = USB_RET_NODEV;
746 for (i = 0; i < ohci->num_ports; i++) {
747 dev = ohci->rhport[i].port.dev;
748 if ((ohci->rhport[i].ctrl & OHCI_PORT_PES) == 0)
749 continue;
750 ohci->usb_packet.pid = pid;
751 ohci->usb_packet.devaddr = OHCI_BM(ed->flags, ED_FA);
752 ohci->usb_packet.devep = OHCI_BM(ed->flags, ED_EN);
753 ohci->usb_packet.data = ohci->usb_buf;
754 ohci->usb_packet.len = len;
755 ohci->usb_packet.complete_cb = ohci_async_complete_packet;
756 ohci->usb_packet.complete_opaque = ohci;
757 ret = dev->handle_packet(dev, &ohci->usb_packet);
758 if (ret != USB_RET_NODEV)
759 break;
760 }
761
762 if (ret == USB_RET_ASYNC) {
763 return 1;
764 }
765 }
766
767 #ifdef DEBUG_ISOCH
768 printf("so 0x%.8x eo 0x%.8x\nsa 0x%.8x ea 0x%.8x\ndir %s len %zu ret %d\n",
769 start_offset, end_offset, start_addr, end_addr, str, len, ret);
770 #endif
771
772 /* Writeback */
773 if (dir == OHCI_TD_DIR_IN && ret >= 0 && ret <= len) {
774 /* IN transfer succeeded */
775 ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, ret, 1);
776 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
777 OHCI_CC_NOERROR);
778 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE, ret);
779 } else if (dir == OHCI_TD_DIR_OUT && ret == len) {
780 /* OUT transfer succeeded */
781 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
782 OHCI_CC_NOERROR);
783 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE, 0);
784 } else {
785 if (ret > (ssize_t) len) {
786 printf("usb-ohci: DataOverrun %d > %zu\n", ret, len);
787 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
788 OHCI_CC_DATAOVERRUN);
789 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
790 len);
791 } else if (ret >= 0) {
792 printf("usb-ohci: DataUnderrun %d\n", ret);
793 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
794 OHCI_CC_DATAUNDERRUN);
795 } else {
796 switch (ret) {
797 case USB_RET_NODEV:
798 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
799 OHCI_CC_DEVICENOTRESPONDING);
800 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
801 0);
802 break;
803 case USB_RET_NAK:
804 case USB_RET_STALL:
805 printf("usb-ohci: got NAK/STALL %d\n", ret);
806 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
807 OHCI_CC_STALL);
808 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
809 0);
810 break;
811 default:
812 printf("usb-ohci: Bad device response %d\n", ret);
813 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
814 OHCI_CC_UNDEXPETEDPID);
815 break;
816 }
817 }
818 }
819
820 if (relative_frame_number == frame_count) {
821 /* Last data packet of ISO TD - retire the TD to the Done Queue */
822 OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_NOERROR);
823 ed->head &= ~OHCI_DPTR_MASK;
824 ed->head |= (iso_td.next & OHCI_DPTR_MASK);
825 iso_td.next = ohci->done;
826 ohci->done = addr;
827 i = OHCI_BM(iso_td.flags, TD_DI);
828 if (i < ohci->done_count)
829 ohci->done_count = i;
830 }
831 ohci_put_iso_td(ohci, addr, &iso_td);
832 return 1;
833 }
834
835 /* Service a transport descriptor.
836 Returns nonzero to terminate processing of this endpoint. */
837
838 static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed)
839 {
840 int dir;
841 size_t len = 0;
842 const char *str = NULL;
843 int pid;
844 int ret;
845 int i;
846 USBDevice *dev;
847 struct ohci_td td;
848 uint32_t addr;
849 int flag_r;
850 int completion;
851
852 addr = ed->head & OHCI_DPTR_MASK;
853 /* See if this TD has already been submitted to the device. */
854 completion = (addr == ohci->async_td);
855 if (completion && !ohci->async_complete) {
856 #ifdef DEBUG_PACKET
857 dprintf("Skipping async TD\n");
858 #endif
859 return 1;
860 }
861 if (!ohci_read_td(ohci, addr, &td)) {
862 fprintf(stderr, "usb-ohci: TD read error at %x\n", addr);
863 return 0;
864 }
865
866 dir = OHCI_BM(ed->flags, ED_D);
867 switch (dir) {
868 case OHCI_TD_DIR_OUT:
869 case OHCI_TD_DIR_IN:
870 /* Same value. */
871 break;
872 default:
873 dir = OHCI_BM(td.flags, TD_DP);
874 break;
875 }
876
877 switch (dir) {
878 case OHCI_TD_DIR_IN:
879 str = "in";
880 pid = USB_TOKEN_IN;
881 break;
882 case OHCI_TD_DIR_OUT:
883 str = "out";
884 pid = USB_TOKEN_OUT;
885 break;
886 case OHCI_TD_DIR_SETUP:
887 str = "setup";
888 pid = USB_TOKEN_SETUP;
889 break;
890 default:
891 fprintf(stderr, "usb-ohci: Bad direction\n");
892 return 1;
893 }
894 if (td.cbp && td.be) {
895 if ((td.cbp & 0xfffff000) != (td.be & 0xfffff000)) {
896 len = (td.be & 0xfff) + 0x1001 - (td.cbp & 0xfff);
897 } else {
898 len = (td.be - td.cbp) + 1;
899 }
900
901 if (len && dir != OHCI_TD_DIR_IN && !completion) {
902 ohci_copy_td(ohci, &td, ohci->usb_buf, len, 0);
903 }
904 }
905
906 flag_r = (td.flags & OHCI_TD_R) != 0;
907 #ifdef DEBUG_PACKET
908 dprintf(" TD @ 0x%.8x %" PRId64 " bytes %s r=%d cbp=0x%.8x be=0x%.8x\n",
909 addr, len, str, flag_r, td.cbp, td.be);
910
911 if (len > 0 && dir != OHCI_TD_DIR_IN) {
912 dprintf(" data:");
913 for (i = 0; i < len; i++)
914 printf(" %.2x", ohci->usb_buf[i]);
915 dprintf("\n");
916 }
917 #endif
918 if (completion) {
919 ret = ohci->usb_packet.len;
920 ohci->async_td = 0;
921 ohci->async_complete = 0;
922 } else {
923 ret = USB_RET_NODEV;
924 for (i = 0; i < ohci->num_ports; i++) {
925 dev = ohci->rhport[i].port.dev;
926 if ((ohci->rhport[i].ctrl & OHCI_PORT_PES) == 0)
927 continue;
928
929 if (ohci->async_td) {
930 /* ??? The hardware should allow one active packet per
931 endpoint. We only allow one active packet per controller.
932 This should be sufficient as long as devices respond in a
933 timely manner.
934 */
935 #ifdef DEBUG_PACKET
936 dprintf("Too many pending packets\n");
937 #endif
938 return 1;
939 }
940 ohci->usb_packet.pid = pid;
941 ohci->usb_packet.devaddr = OHCI_BM(ed->flags, ED_FA);
942 ohci->usb_packet.devep = OHCI_BM(ed->flags, ED_EN);
943 ohci->usb_packet.data = ohci->usb_buf;
944 ohci->usb_packet.len = len;
945 ohci->usb_packet.complete_cb = ohci_async_complete_packet;
946 ohci->usb_packet.complete_opaque = ohci;
947 ret = dev->handle_packet(dev, &ohci->usb_packet);
948 if (ret != USB_RET_NODEV)
949 break;
950 }
951 #ifdef DEBUG_PACKET
952 dprintf("ret=%d\n", ret);
953 #endif
954 if (ret == USB_RET_ASYNC) {
955 ohci->async_td = addr;
956 return 1;
957 }
958 }
959 if (ret >= 0) {
960 if (dir == OHCI_TD_DIR_IN) {
961 ohci_copy_td(ohci, &td, ohci->usb_buf, ret, 1);
962 #ifdef DEBUG_PACKET
963 dprintf(" data:");
964 for (i = 0; i < ret; i++)
965 printf(" %.2x", ohci->usb_buf[i]);
966 dprintf("\n");
967 #endif
968 } else {
969 ret = len;
970 }
971 }
972
973 /* Writeback */
974 if (ret == len || (dir == OHCI_TD_DIR_IN && ret >= 0 && flag_r)) {
975 /* Transmission succeeded. */
976 if (ret == len) {
977 td.cbp = 0;
978 } else {
979 td.cbp += ret;
980 if ((td.cbp & 0xfff) + ret > 0xfff) {
981 td.cbp &= 0xfff;
982 td.cbp |= td.be & ~0xfff;
983 }
984 }
985 td.flags |= OHCI_TD_T1;
986 td.flags ^= OHCI_TD_T0;
987 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_NOERROR);
988 OHCI_SET_BM(td.flags, TD_EC, 0);
989
990 ed->head &= ~OHCI_ED_C;
991 if (td.flags & OHCI_TD_T0)
992 ed->head |= OHCI_ED_C;
993 } else {
994 if (ret >= 0) {
995 dprintf("usb-ohci: Underrun\n");
996 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DATAUNDERRUN);
997 } else {
998 switch (ret) {
999 case USB_RET_NODEV:
1000 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DEVICENOTRESPONDING);
1001 case USB_RET_NAK:
1002 dprintf("usb-ohci: got NAK\n");
1003 return 1;
1004 case USB_RET_STALL:
1005 dprintf("usb-ohci: got STALL\n");
1006 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_STALL);
1007 break;
1008 case USB_RET_BABBLE:
1009 dprintf("usb-ohci: got BABBLE\n");
1010 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DATAOVERRUN);
1011 break;
1012 default:
1013 fprintf(stderr, "usb-ohci: Bad device response %d\n", ret);
1014 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_UNDEXPETEDPID);
1015 OHCI_SET_BM(td.flags, TD_EC, 3);
1016 break;
1017 }
1018 }
1019 ed->head |= OHCI_ED_H;
1020 }
1021
1022 /* Retire this TD */
1023 ed->head &= ~OHCI_DPTR_MASK;
1024 ed->head |= td.next & OHCI_DPTR_MASK;
1025 td.next = ohci->done;
1026 ohci->done = addr;
1027 i = OHCI_BM(td.flags, TD_DI);
1028 if (i < ohci->done_count)
1029 ohci->done_count = i;
1030 ohci_put_td(ohci, addr, &td);
1031 return OHCI_BM(td.flags, TD_CC) != OHCI_CC_NOERROR;
1032 }
1033
1034 /* Service an endpoint list. Returns nonzero if active TD were found. */
1035 static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
1036 {
1037 struct ohci_ed ed;
1038 uint32_t next_ed;
1039 uint32_t cur;
1040 int active;
1041
1042 active = 0;
1043
1044 if (head == 0)
1045 return 0;
1046
1047 for (cur = head; cur; cur = next_ed) {
1048 if (!ohci_read_ed(ohci, cur, &ed)) {
1049 fprintf(stderr, "usb-ohci: ED read error at %x\n", cur);
1050 return 0;
1051 }
1052
1053 next_ed = ed.next & OHCI_DPTR_MASK;
1054
1055 if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) {
1056 uint32_t addr;
1057 /* Cancel pending packets for ED that have been paused. */
1058 addr = ed.head & OHCI_DPTR_MASK;
1059 if (ohci->async_td && addr == ohci->async_td) {
1060 usb_cancel_packet(&ohci->usb_packet);
1061 ohci->async_td = 0;
1062 }
1063 continue;
1064 }
1065
1066 while ((ed.head & OHCI_DPTR_MASK) != ed.tail) {
1067 #ifdef DEBUG_PACKET
1068 dprintf("ED @ 0x%.8x fa=%u en=%u d=%u s=%u k=%u f=%u mps=%u "
1069 "h=%u c=%u\n head=0x%.8x tailp=0x%.8x next=0x%.8x\n", cur,
1070 OHCI_BM(ed.flags, ED_FA), OHCI_BM(ed.flags, ED_EN),
1071 OHCI_BM(ed.flags, ED_D), (ed.flags & OHCI_ED_S)!= 0,
1072 (ed.flags & OHCI_ED_K) != 0, (ed.flags & OHCI_ED_F) != 0,
1073 OHCI_BM(ed.flags, ED_MPS), (ed.head & OHCI_ED_H) != 0,
1074 (ed.head & OHCI_ED_C) != 0, ed.head & OHCI_DPTR_MASK,
1075 ed.tail & OHCI_DPTR_MASK, ed.next & OHCI_DPTR_MASK);
1076 #endif
1077 active = 1;
1078
1079 if ((ed.flags & OHCI_ED_F) == 0) {
1080 if (ohci_service_td(ohci, &ed))
1081 break;
1082 } else {
1083 /* Handle isochronous endpoints */
1084 if (ohci_service_iso_td(ohci, &ed, completion))
1085 break;
1086 }
1087 }
1088
1089 ohci_put_ed(ohci, cur, &ed);
1090 }
1091
1092 return active;
1093 }
1094
1095 /* Generate a SOF event, and set a timer for EOF */
1096 static void ohci_sof(OHCIState *ohci)
1097 {
1098 ohci->sof_time = qemu_get_clock(vm_clock);
1099 qemu_mod_timer(ohci->eof_timer, ohci->sof_time + usb_frame_time);
1100 ohci_set_interrupt(ohci, OHCI_INTR_SF);
1101 }
1102
1103 /* Process Control and Bulk lists. */
1104 static void ohci_process_lists(OHCIState *ohci, int completion)
1105 {
1106 if ((ohci->ctl & OHCI_CTL_CLE) && (ohci->status & OHCI_STATUS_CLF)) {
1107 if (ohci->ctrl_cur && ohci->ctrl_cur != ohci->ctrl_head)
1108 dprintf("usb-ohci: head %x, cur %x\n",
1109 ohci->ctrl_head, ohci->ctrl_cur);
1110 if (!ohci_service_ed_list(ohci, ohci->ctrl_head, completion)) {
1111 ohci->ctrl_cur = 0;
1112 ohci->status &= ~OHCI_STATUS_CLF;
1113 }
1114 }
1115
1116 if ((ohci->ctl & OHCI_CTL_BLE) && (ohci->status & OHCI_STATUS_BLF)) {
1117 if (!ohci_service_ed_list(ohci, ohci->bulk_head, completion)) {
1118 ohci->bulk_cur = 0;
1119 ohci->status &= ~OHCI_STATUS_BLF;
1120 }
1121 }
1122 }
1123
1124 /* Do frame processing on frame boundary */
1125 static void ohci_frame_boundary(void *opaque)
1126 {
1127 OHCIState *ohci = opaque;
1128 struct ohci_hcca hcca;
1129
1130 ohci_read_hcca(ohci, ohci->hcca, &hcca);
1131
1132 /* Process all the lists at the end of the frame */
1133 if (ohci->ctl & OHCI_CTL_PLE) {
1134 int n;
1135
1136 n = ohci->frame_number & 0x1f;
1137 ohci_service_ed_list(ohci, le32_to_cpu(hcca.intr[n]), 0);
1138 }
1139
1140 /* Cancel all pending packets if either of the lists has been disabled. */
1141 if (ohci->async_td &&
1142 ohci->old_ctl & (~ohci->ctl) & (OHCI_CTL_BLE | OHCI_CTL_CLE)) {
1143 usb_cancel_packet(&ohci->usb_packet);
1144 ohci->async_td = 0;
1145 }
1146 ohci->old_ctl = ohci->ctl;
1147 ohci_process_lists(ohci, 0);
1148
1149 /* Frame boundary, so do EOF stuf here */
1150 ohci->frt = ohci->fit;
1151
1152 /* Increment frame number and take care of endianness. */
1153 ohci->frame_number = (ohci->frame_number + 1) & 0xffff;
1154 hcca.frame = cpu_to_le16(ohci->frame_number);
1155
1156 if (ohci->done_count == 0 && !(ohci->intr_status & OHCI_INTR_WD)) {
1157 if (!ohci->done)
1158 abort();
1159 if (ohci->intr & ohci->intr_status)
1160 ohci->done |= 1;
1161 hcca.done = cpu_to_le32(ohci->done);
1162 ohci->done = 0;
1163 ohci->done_count = 7;
1164 ohci_set_interrupt(ohci, OHCI_INTR_WD);
1165 }
1166
1167 if (ohci->done_count != 7 && ohci->done_count != 0)
1168 ohci->done_count--;
1169
1170 /* Do SOF stuff here */
1171 ohci_sof(ohci);
1172
1173 /* Writeback HCCA */
1174 ohci_put_hcca(ohci, ohci->hcca, &hcca);
1175 }
1176
1177 /* Start sending SOF tokens across the USB bus, lists are processed in
1178 * next frame
1179 */
1180 static int ohci_bus_start(OHCIState *ohci)
1181 {
1182 ohci->eof_timer = qemu_new_timer(vm_clock,
1183 ohci_frame_boundary,
1184 ohci);
1185
1186 if (ohci->eof_timer == NULL) {
1187 fprintf(stderr, "usb-ohci: %s: qemu_new_timer failed\n", ohci->name);
1188 /* TODO: Signal unrecoverable error */
1189 return 0;
1190 }
1191
1192 dprintf("usb-ohci: %s: USB Operational\n", ohci->name);
1193
1194 ohci_sof(ohci);
1195
1196 return 1;
1197 }
1198
1199 /* Stop sending SOF tokens on the bus */
1200 static void ohci_bus_stop(OHCIState *ohci)
1201 {
1202 if (ohci->eof_timer)
1203 qemu_del_timer(ohci->eof_timer);
1204 ohci->eof_timer = NULL;
1205 }
1206
1207 /* Sets a flag in a port status register but only set it if the port is
1208 * connected, if not set ConnectStatusChange flag. If flag is enabled
1209 * return 1.
1210 */
1211 static int ohci_port_set_if_connected(OHCIState *ohci, int i, uint32_t val)
1212 {
1213 int ret = 1;
1214
1215 /* writing a 0 has no effect */
1216 if (val == 0)
1217 return 0;
1218
1219 /* If CurrentConnectStatus is cleared we set
1220 * ConnectStatusChange
1221 */
1222 if (!(ohci->rhport[i].ctrl & OHCI_PORT_CCS)) {
1223 ohci->rhport[i].ctrl |= OHCI_PORT_CSC;
1224 if (ohci->rhstatus & OHCI_RHS_DRWE) {
1225 /* TODO: CSC is a wakeup event */
1226 }
1227 return 0;
1228 }
1229
1230 if (ohci->rhport[i].ctrl & val)
1231 ret = 0;
1232
1233 /* set the bit */
1234 ohci->rhport[i].ctrl |= val;
1235
1236 return ret;
1237 }
1238
1239 /* Set the frame interval - frame interval toggle is manipulated by the hcd only */
1240 static void ohci_set_frame_interval(OHCIState *ohci, uint16_t val)
1241 {
1242 val &= OHCI_FMI_FI;
1243
1244 if (val != ohci->fi) {
1245 dprintf("usb-ohci: %s: FrameInterval = 0x%x (%u)\n",
1246 ohci->name, ohci->fi, ohci->fi);
1247 }
1248
1249 ohci->fi = val;
1250 }
1251
1252 static void ohci_port_power(OHCIState *ohci, int i, int p)
1253 {
1254 if (p) {
1255 ohci->rhport[i].ctrl |= OHCI_PORT_PPS;
1256 } else {
1257 ohci->rhport[i].ctrl &= ~(OHCI_PORT_PPS|
1258 OHCI_PORT_CCS|
1259 OHCI_PORT_PSS|
1260 OHCI_PORT_PRS);
1261 }
1262 }
1263
1264 /* Set HcControlRegister */
1265 static void ohci_set_ctl(OHCIState *ohci, uint32_t val)
1266 {
1267 uint32_t old_state;
1268 uint32_t new_state;
1269
1270 old_state = ohci->ctl & OHCI_CTL_HCFS;
1271 ohci->ctl = val;
1272 new_state = ohci->ctl & OHCI_CTL_HCFS;
1273
1274 /* no state change */
1275 if (old_state == new_state)
1276 return;
1277
1278 switch (new_state) {
1279 case OHCI_USB_OPERATIONAL:
1280 ohci_bus_start(ohci);
1281 break;
1282 case OHCI_USB_SUSPEND:
1283 ohci_bus_stop(ohci);
1284 dprintf("usb-ohci: %s: USB Suspended\n", ohci->name);
1285 break;
1286 case OHCI_USB_RESUME:
1287 dprintf("usb-ohci: %s: USB Resume\n", ohci->name);
1288 break;
1289 case OHCI_USB_RESET:
1290 ohci_reset(ohci);
1291 dprintf("usb-ohci: %s: USB Reset\n", ohci->name);
1292 break;
1293 }
1294 }
1295
1296 static uint32_t ohci_get_frame_remaining(OHCIState *ohci)
1297 {
1298 uint16_t fr;
1299 int64_t tks;
1300
1301 if ((ohci->ctl & OHCI_CTL_HCFS) != OHCI_USB_OPERATIONAL)
1302 return (ohci->frt << 31);
1303
1304 /* Being in USB operational state guarnatees sof_time was
1305 * set already.
1306 */
1307 tks = qemu_get_clock(vm_clock) - ohci->sof_time;
1308
1309 /* avoid muldiv if possible */
1310 if (tks >= usb_frame_time)
1311 return (ohci->frt << 31);
1312
1313 tks = muldiv64(1, tks, usb_bit_time);
1314 fr = (uint16_t)(ohci->fi - tks);
1315
1316 return (ohci->frt << 31) | fr;
1317 }
1318
1319
1320 /* Set root hub status */
1321 static void ohci_set_hub_status(OHCIState *ohci, uint32_t val)
1322 {
1323 uint32_t old_state;
1324
1325 old_state = ohci->rhstatus;
1326
1327 /* write 1 to clear OCIC */
1328 if (val & OHCI_RHS_OCIC)
1329 ohci->rhstatus &= ~OHCI_RHS_OCIC;
1330
1331 if (val & OHCI_RHS_LPS) {
1332 int i;
1333
1334 for (i = 0; i < ohci->num_ports; i++)
1335 ohci_port_power(ohci, i, 0);
1336 dprintf("usb-ohci: powered down all ports\n");
1337 }
1338
1339 if (val & OHCI_RHS_LPSC) {
1340 int i;
1341
1342 for (i = 0; i < ohci->num_ports; i++)
1343 ohci_port_power(ohci, i, 1);
1344 dprintf("usb-ohci: powered up all ports\n");
1345 }
1346
1347 if (val & OHCI_RHS_DRWE)
1348 ohci->rhstatus |= OHCI_RHS_DRWE;
1349
1350 if (val & OHCI_RHS_CRWE)
1351 ohci->rhstatus &= ~OHCI_RHS_DRWE;
1352
1353 if (old_state != ohci->rhstatus)
1354 ohci_set_interrupt(ohci, OHCI_INTR_RHSC);
1355 }
1356
1357 /* Set root hub port status */
1358 static void ohci_port_set_status(OHCIState *ohci, int portnum, uint32_t val)
1359 {
1360 uint32_t old_state;
1361 OHCIPort *port;
1362
1363 port = &ohci->rhport[portnum];
1364 old_state = port->ctrl;
1365
1366 /* Write to clear CSC, PESC, PSSC, OCIC, PRSC */
1367 if (val & OHCI_PORT_WTC)
1368 port->ctrl &= ~(val & OHCI_PORT_WTC);
1369
1370 if (val & OHCI_PORT_CCS)
1371 port->ctrl &= ~OHCI_PORT_PES;
1372
1373 ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PES);
1374
1375 if (ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PSS))
1376 dprintf("usb-ohci: port %d: SUSPEND\n", portnum);
1377
1378 if (ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PRS)) {
1379 dprintf("usb-ohci: port %d: RESET\n", portnum);
1380 usb_send_msg(port->port.dev, USB_MSG_RESET);
1381 port->ctrl &= ~OHCI_PORT_PRS;
1382 /* ??? Should this also set OHCI_PORT_PESC. */
1383 port->ctrl |= OHCI_PORT_PES | OHCI_PORT_PRSC;
1384 }
1385
1386 /* Invert order here to ensure in ambiguous case, device is
1387 * powered up...
1388 */
1389 if (val & OHCI_PORT_LSDA)
1390 ohci_port_power(ohci, portnum, 0);
1391 if (val & OHCI_PORT_PPS)
1392 ohci_port_power(ohci, portnum, 1);
1393
1394 if (old_state != port->ctrl)
1395 ohci_set_interrupt(ohci, OHCI_INTR_RHSC);
1396
1397 return;
1398 }
1399
1400 static uint32_t ohci_mem_read(void *ptr, target_phys_addr_t addr)
1401 {
1402 OHCIState *ohci = ptr;
1403 uint32_t retval;
1404
1405 /* Only aligned reads are allowed on OHCI */
1406 if (addr & 3) {
1407 fprintf(stderr, "usb-ohci: Mis-aligned read\n");
1408 return 0xffffffff;
1409 } else if (addr >= 0x54 && addr < 0x54 + ohci->num_ports * 4) {
1410 /* HcRhPortStatus */
1411 retval = ohci->rhport[(addr - 0x54) >> 2].ctrl | OHCI_PORT_PPS;
1412 } else {
1413 switch (addr >> 2) {
1414 case 0: /* HcRevision */
1415 retval = 0x10;
1416 break;
1417
1418 case 1: /* HcControl */
1419 retval = ohci->ctl;
1420 break;
1421
1422 case 2: /* HcCommandStatus */
1423 retval = ohci->status;
1424 break;
1425
1426 case 3: /* HcInterruptStatus */
1427 retval = ohci->intr_status;
1428 break;
1429
1430 case 4: /* HcInterruptEnable */
1431 case 5: /* HcInterruptDisable */
1432 retval = ohci->intr;
1433 break;
1434
1435 case 6: /* HcHCCA */
1436 retval = ohci->hcca;
1437 break;
1438
1439 case 7: /* HcPeriodCurrentED */
1440 retval = ohci->per_cur;
1441 break;
1442
1443 case 8: /* HcControlHeadED */
1444 retval = ohci->ctrl_head;
1445 break;
1446
1447 case 9: /* HcControlCurrentED */
1448 retval = ohci->ctrl_cur;
1449 break;
1450
1451 case 10: /* HcBulkHeadED */
1452 retval = ohci->bulk_head;
1453 break;
1454
1455 case 11: /* HcBulkCurrentED */
1456 retval = ohci->bulk_cur;
1457 break;
1458
1459 case 12: /* HcDoneHead */
1460 retval = ohci->done;
1461 break;
1462
1463 case 13: /* HcFmInterretval */
1464 retval = (ohci->fit << 31) | (ohci->fsmps << 16) | (ohci->fi);
1465 break;
1466
1467 case 14: /* HcFmRemaining */
1468 retval = ohci_get_frame_remaining(ohci);
1469 break;
1470
1471 case 15: /* HcFmNumber */
1472 retval = ohci->frame_number;
1473 break;
1474
1475 case 16: /* HcPeriodicStart */
1476 retval = ohci->pstart;
1477 break;
1478
1479 case 17: /* HcLSThreshold */
1480 retval = ohci->lst;
1481 break;
1482
1483 case 18: /* HcRhDescriptorA */
1484 retval = ohci->rhdesc_a;
1485 break;
1486
1487 case 19: /* HcRhDescriptorB */
1488 retval = ohci->rhdesc_b;
1489 break;
1490
1491 case 20: /* HcRhStatus */
1492 retval = ohci->rhstatus;
1493 break;
1494
1495 /* PXA27x specific registers */
1496 case 24: /* HcStatus */
1497 retval = ohci->hstatus & ohci->hmask;
1498 break;
1499
1500 case 25: /* HcHReset */
1501 retval = ohci->hreset;
1502 break;
1503
1504 case 26: /* HcHInterruptEnable */
1505 retval = ohci->hmask;
1506 break;
1507
1508 case 27: /* HcHInterruptTest */
1509 retval = ohci->htest;
1510 break;
1511
1512 default:
1513 fprintf(stderr, "ohci_read: Bad offset %x\n", (int)addr);
1514 retval = 0xffffffff;
1515 }
1516 }
1517
1518 #ifdef TARGET_WORDS_BIGENDIAN
1519 retval = bswap32(retval);
1520 #endif
1521 return retval;
1522 }
1523
1524 static void ohci_mem_write(void *ptr, target_phys_addr_t addr, uint32_t val)
1525 {
1526 OHCIState *ohci = ptr;
1527
1528 #ifdef TARGET_WORDS_BIGENDIAN
1529 val = bswap32(val);
1530 #endif
1531
1532 /* Only aligned reads are allowed on OHCI */
1533 if (addr & 3) {
1534 fprintf(stderr, "usb-ohci: Mis-aligned write\n");
1535 return;
1536 }
1537
1538 if (addr >= 0x54 && addr < 0x54 + ohci->num_ports * 4) {
1539 /* HcRhPortStatus */
1540 ohci_port_set_status(ohci, (addr - 0x54) >> 2, val);
1541 return;
1542 }
1543
1544 switch (addr >> 2) {
1545 case 1: /* HcControl */
1546 ohci_set_ctl(ohci, val);
1547 break;
1548
1549 case 2: /* HcCommandStatus */
1550 /* SOC is read-only */
1551 val = (val & ~OHCI_STATUS_SOC);
1552
1553 /* Bits written as '0' remain unchanged in the register */
1554 ohci->status |= val;
1555
1556 if (ohci->status & OHCI_STATUS_HCR)
1557 ohci_reset(ohci);
1558 break;
1559
1560 case 3: /* HcInterruptStatus */
1561 ohci->intr_status &= ~val;
1562 ohci_intr_update(ohci);
1563 break;
1564
1565 case 4: /* HcInterruptEnable */
1566 ohci->intr |= val;
1567 ohci_intr_update(ohci);
1568 break;
1569
1570 case 5: /* HcInterruptDisable */
1571 ohci->intr &= ~val;
1572 ohci_intr_update(ohci);
1573 break;
1574
1575 case 6: /* HcHCCA */
1576 ohci->hcca = val & OHCI_HCCA_MASK;
1577 break;
1578
1579 case 8: /* HcControlHeadED */
1580 ohci->ctrl_head = val & OHCI_EDPTR_MASK;
1581 break;
1582
1583 case 9: /* HcControlCurrentED */
1584 ohci->ctrl_cur = val & OHCI_EDPTR_MASK;
1585 break;
1586
1587 case 10: /* HcBulkHeadED */
1588 ohci->bulk_head = val & OHCI_EDPTR_MASK;
1589 break;
1590
1591 case 11: /* HcBulkCurrentED */
1592 ohci->bulk_cur = val & OHCI_EDPTR_MASK;
1593 break;
1594
1595 case 13: /* HcFmInterval */
1596 ohci->fsmps = (val & OHCI_FMI_FSMPS) >> 16;
1597 ohci->fit = (val & OHCI_FMI_FIT) >> 31;
1598 ohci_set_frame_interval(ohci, val);
1599 break;
1600
1601 case 15: /* HcFmNumber */
1602 break;
1603
1604 case 16: /* HcPeriodicStart */
1605 ohci->pstart = val & 0xffff;
1606 break;
1607
1608 case 17: /* HcLSThreshold */
1609 ohci->lst = val & 0xffff;
1610 break;
1611
1612 case 18: /* HcRhDescriptorA */
1613 ohci->rhdesc_a &= ~OHCI_RHA_RW_MASK;
1614 ohci->rhdesc_a |= val & OHCI_RHA_RW_MASK;
1615 break;
1616
1617 case 19: /* HcRhDescriptorB */
1618 break;
1619
1620 case 20: /* HcRhStatus */
1621 ohci_set_hub_status(ohci, val);
1622 break;
1623
1624 /* PXA27x specific registers */
1625 case 24: /* HcStatus */
1626 ohci->hstatus &= ~(val & ohci->hmask);
1627
1628 case 25: /* HcHReset */
1629 ohci->hreset = val & ~OHCI_HRESET_FSBIR;
1630 if (val & OHCI_HRESET_FSBIR)
1631 ohci_reset(ohci);
1632 break;
1633
1634 case 26: /* HcHInterruptEnable */
1635 ohci->hmask = val;
1636 break;
1637
1638 case 27: /* HcHInterruptTest */
1639 ohci->htest = val;
1640 break;
1641
1642 default:
1643 fprintf(stderr, "ohci_write: Bad offset %x\n", (int)addr);
1644 break;
1645 }
1646 }
1647
1648 /* Only dword reads are defined on OHCI register space */
1649 static CPUReadMemoryFunc *ohci_readfn[3]={
1650 ohci_mem_read,
1651 ohci_mem_read,
1652 ohci_mem_read
1653 };
1654
1655 /* Only dword writes are defined on OHCI register space */
1656 static CPUWriteMemoryFunc *ohci_writefn[3]={
1657 ohci_mem_write,
1658 ohci_mem_write,
1659 ohci_mem_write
1660 };
1661
1662 static void usb_ohci_init(OHCIState *ohci, int num_ports, int devfn,
1663 qemu_irq irq, enum ohci_type type,
1664 const char *name, uint32_t localmem_base)
1665 {
1666 int i;
1667
1668 if (usb_frame_time == 0) {
1669 #ifdef OHCI_TIME_WARP
1670 usb_frame_time = ticks_per_sec;
1671 usb_bit_time = muldiv64(1, ticks_per_sec, USB_HZ/1000);
1672 #else
1673 usb_frame_time = muldiv64(1, ticks_per_sec, 1000);
1674 if (ticks_per_sec >= USB_HZ) {
1675 usb_bit_time = muldiv64(1, ticks_per_sec, USB_HZ);
1676 } else {
1677 usb_bit_time = 1;
1678 }
1679 #endif
1680 dprintf("usb-ohci: usb_bit_time=%" PRId64 " usb_frame_time=%" PRId64 "\n",
1681 usb_frame_time, usb_bit_time);
1682 }
1683
1684 ohci->mem = cpu_register_io_memory(ohci_readfn, ohci_writefn, ohci);
1685 ohci->localmem_base = localmem_base;
1686 ohci->name = name;
1687
1688 ohci->irq = irq;
1689 ohci->type = type;
1690
1691 ohci->num_ports = num_ports;
1692 for (i = 0; i < num_ports; i++) {
1693 qemu_register_usb_port(&ohci->rhport[i].port, ohci, i, ohci_attach);
1694 }
1695
1696 ohci->async_td = 0;
1697 qemu_register_reset(ohci_reset, ohci);
1698 ohci_reset(ohci);
1699 }
1700
1701 typedef struct {
1702 PCIDevice pci_dev;
1703 OHCIState state;
1704 } OHCIPCIState;
1705
1706 static void ohci_mapfunc(PCIDevice *pci_dev, int i,
1707 uint32_t addr, uint32_t size, int type)
1708 {
1709 OHCIPCIState *ohci = (OHCIPCIState *)pci_dev;
1710 cpu_register_physical_memory(addr, size, ohci->state.mem);
1711 }
1712
1713 void usb_ohci_init_pci(struct PCIBus *bus, int num_ports, int devfn)
1714 {
1715 OHCIPCIState *ohci;
1716
1717 ohci = (OHCIPCIState *)pci_register_device(bus, "OHCI USB", sizeof(*ohci),
1718 devfn, NULL, NULL);
1719 if (ohci == NULL) {
1720 fprintf(stderr, "usb-ohci: Failed to register PCI device\n");
1721 return;
1722 }
1723
1724 pci_config_set_vendor_id(ohci->pci_dev.config, PCI_VENDOR_ID_APPLE);
1725 pci_config_set_device_id(ohci->pci_dev.config,
1726 PCI_DEVICE_ID_APPLE_IPID_USB);
1727 ohci->pci_dev.config[0x09] = 0x10; /* OHCI */
1728 pci_config_set_class(ohci->pci_dev.config, PCI_CLASS_SERIAL_USB);
1729 ohci->pci_dev.config[0x3d] = 0x01; /* interrupt pin 1 */
1730
1731 usb_ohci_init(&ohci->state, num_ports, devfn, ohci->pci_dev.irq[0],
1732 OHCI_TYPE_PCI, ohci->pci_dev.name, 0);
1733
1734 pci_register_bar((struct PCIDevice *)ohci, 0, 256,
1735 PCI_ADDRESS_SPACE_MEM, ohci_mapfunc);
1736 }
1737
1738 void usb_ohci_init_pxa(target_phys_addr_t base, int num_ports, int devfn,
1739 qemu_irq irq)
1740 {
1741 OHCIState *ohci = (OHCIState *)qemu_mallocz(sizeof(OHCIState));
1742
1743 usb_ohci_init(ohci, num_ports, devfn, irq,
1744 OHCI_TYPE_PXA, "OHCI USB", 0);
1745
1746 cpu_register_physical_memory(base, 0x1000, ohci->mem);
1747 }
1748
1749 void usb_ohci_init_sm501(uint32_t mmio_base, uint32_t localmem_base,
1750 int num_ports, int devfn, qemu_irq irq)
1751 {
1752 OHCIState *ohci = (OHCIState *)qemu_mallocz(sizeof(OHCIState));
1753
1754 usb_ohci_init(ohci, num_ports, devfn, irq,
1755 OHCI_TYPE_SM501, "OHCI USB", localmem_base);
1756
1757 cpu_register_physical_memory(mmio_base, 0x1000, ohci->mem);
1758 }
1759
Patches shipped by Fedora