search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'qemu-vendor-drops' (qemu as of 2007-10-01)
[qemu-kvm/fedora.git] / hw / usb-uhci.c
blob8c3cb01989cc11201cd5c7bb553e9a269f4e8459
1 /*
2 * USB UHCI controller emulation
3 *
4 * Copyright (c) 2005 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24 #include "vl.h"
25
26 //#define DEBUG
27 //#define DEBUG_PACKET
28
29 #define UHCI_CMD_FGR (1 << 4)
30 #define UHCI_CMD_EGSM (1 << 3)
31 #define UHCI_CMD_GRESET (1 << 2)
32 #define UHCI_CMD_HCRESET (1 << 1)
33 #define UHCI_CMD_RS (1 << 0)
34
35 #define UHCI_STS_HCHALTED (1 << 5)
36 #define UHCI_STS_HCPERR (1 << 4)
37 #define UHCI_STS_HSERR (1 << 3)
38 #define UHCI_STS_RD (1 << 2)
39 #define UHCI_STS_USBERR (1 << 1)
40 #define UHCI_STS_USBINT (1 << 0)
41
42 #define TD_CTRL_SPD (1 << 29)
43 #define TD_CTRL_ERROR_SHIFT 27
44 #define TD_CTRL_IOS (1 << 25)
45 #define TD_CTRL_IOC (1 << 24)
46 #define TD_CTRL_ACTIVE (1 << 23)
47 #define TD_CTRL_STALL (1 << 22)
48 #define TD_CTRL_BABBLE (1 << 20)
49 #define TD_CTRL_NAK (1 << 19)
50 #define TD_CTRL_TIMEOUT (1 << 18)
51
52 #define UHCI_PORT_RESET (1 << 9)
53 #define UHCI_PORT_LSDA (1 << 8)
54 #define UHCI_PORT_ENC (1 << 3)
55 #define UHCI_PORT_EN (1 << 2)
56 #define UHCI_PORT_CSC (1 << 1)
57 #define UHCI_PORT_CCS (1 << 0)
58
59 #define FRAME_TIMER_FREQ 1000
60
61 #define FRAME_MAX_LOOPS 100
62
63 #define NB_PORTS 2
64
65 typedef struct UHCIPort {
66 USBPort port;
67 uint16_t ctrl;
68 } UHCIPort;
69
70 typedef struct UHCIState {
71 PCIDevice dev;
72 uint16_t cmd; /* cmd register */
73 uint16_t status;
74 uint16_t intr; /* interrupt enable register */
75 uint16_t frnum; /* frame number */
76 uint32_t fl_base_addr; /* frame list base address */
77 uint8_t sof_timing;
78 uint8_t status2; /* bit 0 and 1 are used to generate UHCI_STS_USBINT */
79 QEMUTimer *frame_timer;
80 UHCIPort ports[NB_PORTS];
81
82 /* Interrupts that should be raised at the end of the current frame. */
83 uint32_t pending_int_mask;
84 /* For simplicity of implementation we only allow a single pending USB
85 request. This means all usb traffic on this controller is effectively
86 suspended until that transfer completes. When the transfer completes
87 the next transfer from that queue will be processed. However
88 other queues will not be processed until the next frame. The solution
89 is to allow multiple pending requests. */
90 uint32_t async_qh;
91 USBPacket usb_packet;
92 uint8_t usb_buf[2048];
93 } UHCIState;
94
95 typedef struct UHCI_TD {
96 uint32_t link;
97 uint32_t ctrl; /* see TD_CTRL_xxx */
98 uint32_t token;
99 uint32_t buffer;
100 } UHCI_TD;
101
102 typedef struct UHCI_QH {
103 uint32_t link;
104 uint32_t el_link;
105 } UHCI_QH;
106
107 static void uhci_attach(USBPort *port1, USBDevice *dev);
108
109 static void uhci_update_irq(UHCIState *s)
110 {
111 int level;
112 if (((s->status2 & 1) && (s->intr & (1 << 2))) ||
113 ((s->status2 & 2) && (s->intr & (1 << 3))) ||
114 ((s->status & UHCI_STS_USBERR) && (s->intr & (1 << 0))) ||
115 ((s->status & UHCI_STS_RD) && (s->intr & (1 << 1))) ||
116 (s->status & UHCI_STS_HSERR) ||
117 (s->status & UHCI_STS_HCPERR)) {
118 level = 1;
119 } else {
120 level = 0;
121 }
122 qemu_set_irq(s->dev.irq[3], level);
123 }
124
125 static void uhci_reset(UHCIState *s)
126 {
127 uint8_t *pci_conf;
128 int i;
129 UHCIPort *port;
130
131 pci_conf = s->dev.config;
132
133 pci_conf[0x6a] = 0x01; /* usb clock */
134 pci_conf[0x6b] = 0x00;
135 s->cmd = 0;
136 s->status = 0;
137 s->status2 = 0;
138 s->intr = 0;
139 s->fl_base_addr = 0;
140 s->sof_timing = 64;
141 for(i = 0; i < NB_PORTS; i++) {
142 port = &s->ports[i];
143 port->ctrl = 0x0080;
144 if (port->port.dev)
145 uhci_attach(&port->port, port->port.dev);
146 }
147 }
148
149 static void uhci_save(QEMUFile *f, void *opaque)
150 {
151 UHCIState *s = opaque;
152 uint8_t num_ports = NB_PORTS;
153 int i;
154
155 pci_device_save(&s->dev, f);
156
157 qemu_put_8s(f, &num_ports);
158 for (i = 0; i < num_ports; ++i)
159 qemu_put_be16s(f, &s->ports[i].ctrl);
160 qemu_put_be16s(f, &s->cmd);
161 qemu_put_be16s(f, &s->status);
162 qemu_put_be16s(f, &s->intr);
163 qemu_put_be16s(f, &s->frnum);
164 qemu_put_be32s(f, &s->fl_base_addr);
165 qemu_put_8s(f, &s->sof_timing);
166 qemu_put_8s(f, &s->status2);
167 qemu_put_timer(f, s->frame_timer);
168 }
169
170 static int uhci_load(QEMUFile* f,void* opaque,int version_id)
171 {
172 UHCIState *s = opaque;
173 uint8_t num_ports;
174 int i, ret;
175
176 if (version_id > 1)
177 return -EINVAL;
178
179 ret = pci_device_load(&s->dev, f);
180 if (ret < 0)
181 return ret;
182
183 qemu_get_8s(f, &num_ports);
184 if (num_ports != NB_PORTS)
185 return -EINVAL;
186
187 for (i = 0; i < num_ports; ++i)
188 qemu_get_be16s(f, &s->ports[i].ctrl);
189 qemu_get_be16s(f, &s->cmd);
190 qemu_get_be16s(f, &s->status);
191 qemu_get_be16s(f, &s->intr);
192 qemu_get_be16s(f, &s->frnum);
193 qemu_get_be32s(f, &s->fl_base_addr);
194 qemu_get_8s(f, &s->sof_timing);
195 qemu_get_8s(f, &s->status2);
196 qemu_get_timer(f, s->frame_timer);
197
198 return 0;
199 }
200
201 static void uhci_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
202 {
203 UHCIState *s = opaque;
204
205 addr &= 0x1f;
206 switch(addr) {
207 case 0x0c:
208 s->sof_timing = val;
209 break;
210 }
211 }
212
213 static uint32_t uhci_ioport_readb(void *opaque, uint32_t addr)
214 {
215 UHCIState *s = opaque;
216 uint32_t val;
217
218 addr &= 0x1f;
219 switch(addr) {
220 case 0x0c:
221 val = s->sof_timing;
222 break;
223 default:
224 val = 0xff;
225 break;
226 }
227 return val;
228 }
229
230 static void uhci_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
231 {
232 UHCIState *s = opaque;
233
234 addr &= 0x1f;
235 #ifdef DEBUG
236 printf("uhci writew port=0x%04x val=0x%04x\n", addr, val);
237 #endif
238 switch(addr) {
239 case 0x00:
240 if ((val & UHCI_CMD_RS) && !(s->cmd & UHCI_CMD_RS)) {
241 /* start frame processing */
242 qemu_mod_timer(s->frame_timer, qemu_get_clock(vm_clock));
243 s->status &= ~UHCI_STS_HCHALTED;
244 } else if (!(val & UHCI_CMD_RS)) {
245 s->status |= UHCI_STS_HCHALTED;
246 }
247 if (val & UHCI_CMD_GRESET) {
248 UHCIPort *port;
249 USBDevice *dev;
250 int i;
251
252 /* send reset on the USB bus */
253 for(i = 0; i < NB_PORTS; i++) {
254 port = &s->ports[i];
255 dev = port->port.dev;
256 if (dev) {
257 usb_send_msg(dev, USB_MSG_RESET);
258 }
259 }
260 uhci_reset(s);
261 return;
262 }
263 if (val & UHCI_CMD_HCRESET) {
264 uhci_reset(s);
265 return;
266 }
267 s->cmd = val;
268 break;
269 case 0x02:
270 s->status &= ~val;
271 /* XXX: the chip spec is not coherent, so we add a hidden
272 register to distinguish between IOC and SPD */
273 if (val & UHCI_STS_USBINT)
274 s->status2 = 0;
275 uhci_update_irq(s);
276 break;
277 case 0x04:
278 s->intr = val;
279 uhci_update_irq(s);
280 break;
281 case 0x06:
282 if (s->status & UHCI_STS_HCHALTED)
283 s->frnum = val & 0x7ff;
284 break;
285 case 0x10 ... 0x1f:
286 {
287 UHCIPort *port;
288 USBDevice *dev;
289 int n;
290
291 n = (addr >> 1) & 7;
292 if (n >= NB_PORTS)
293 return;
294 port = &s->ports[n];
295 dev = port->port.dev;
296 if (dev) {
297 /* port reset */
298 if ( (val & UHCI_PORT_RESET) &&
299 !(port->ctrl & UHCI_PORT_RESET) ) {
300 usb_send_msg(dev, USB_MSG_RESET);
301 }
302 }
303 port->ctrl = (port->ctrl & 0x01fb) | (val & ~0x01fb);
304 /* some bits are reset when a '1' is written to them */
305 port->ctrl &= ~(val & 0x000a);
306 }
307 break;
308 }
309 }
310
311 static uint32_t uhci_ioport_readw(void *opaque, uint32_t addr)
312 {
313 UHCIState *s = opaque;
314 uint32_t val;
315
316 addr &= 0x1f;
317 switch(addr) {
318 case 0x00:
319 val = s->cmd;
320 break;
321 case 0x02:
322 val = s->status;
323 break;
324 case 0x04:
325 val = s->intr;
326 break;
327 case 0x06:
328 val = s->frnum;
329 break;
330 case 0x10 ... 0x1f:
331 {
332 UHCIPort *port;
333 int n;
334 n = (addr >> 1) & 7;
335 if (n >= NB_PORTS)
336 goto read_default;
337 port = &s->ports[n];
338 val = port->ctrl;
339 }
340 break;
341 default:
342 read_default:
343 val = 0xff7f; /* disabled port */
344 break;
345 }
346 #ifdef DEBUG
347 printf("uhci readw port=0x%04x val=0x%04x\n", addr, val);
348 #endif
349 return val;
350 }
351
352 static void uhci_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
353 {
354 UHCIState *s = opaque;
355
356 addr &= 0x1f;
357 #ifdef DEBUG
358 printf("uhci writel port=0x%04x val=0x%08x\n", addr, val);
359 #endif
360 switch(addr) {
361 case 0x08:
362 s->fl_base_addr = val & ~0xfff;
363 break;
364 }
365 }
366
367 static uint32_t uhci_ioport_readl(void *opaque, uint32_t addr)
368 {
369 UHCIState *s = opaque;
370 uint32_t val;
371
372 addr &= 0x1f;
373 switch(addr) {
374 case 0x08:
375 val = s->fl_base_addr;
376 break;
377 default:
378 val = 0xffffffff;
379 break;
380 }
381 return val;
382 }
383
384 /* signal resume if controller suspended */
385 static void uhci_resume (void *opaque)
386 {
387 UHCIState *s = (UHCIState *)opaque;
388
389 if (!s)
390 return;
391
392 if (s->cmd & UHCI_CMD_EGSM) {
393 s->cmd |= UHCI_CMD_FGR;
394 s->status |= UHCI_STS_RD;
395 uhci_update_irq(s);
396 }
397 }
398
399 static void uhci_attach(USBPort *port1, USBDevice *dev)
400 {
401 UHCIState *s = port1->opaque;
402 UHCIPort *port = &s->ports[port1->index];
403
404 if (dev) {
405 if (port->port.dev) {
406 usb_attach(port1, NULL);
407 }
408 /* set connect status */
409 port->ctrl |= UHCI_PORT_CCS | UHCI_PORT_CSC;
410
411 /* update speed */
412 if (dev->speed == USB_SPEED_LOW)
413 port->ctrl |= UHCI_PORT_LSDA;
414 else
415 port->ctrl &= ~UHCI_PORT_LSDA;
416
417 uhci_resume(s);
418
419 port->port.dev = dev;
420 /* send the attach message */
421 usb_send_msg(dev, USB_MSG_ATTACH);
422 } else {
423 /* set connect status */
424 if (port->ctrl & UHCI_PORT_CCS) {
425 port->ctrl &= ~UHCI_PORT_CCS;
426 port->ctrl |= UHCI_PORT_CSC;
427 }
428 /* disable port */
429 if (port->ctrl & UHCI_PORT_EN) {
430 port->ctrl &= ~UHCI_PORT_EN;
431 port->ctrl |= UHCI_PORT_ENC;
432 }
433
434 uhci_resume(s);
435
436 dev = port->port.dev;
437 if (dev) {
438 /* send the detach message */
439 usb_send_msg(dev, USB_MSG_DETACH);
440 }
441 port->port.dev = NULL;
442 }
443 }
444
445 static int uhci_broadcast_packet(UHCIState *s, USBPacket *p)
446 {
447 UHCIPort *port;
448 USBDevice *dev;
449 int i, ret;
450
451 #ifdef DEBUG_PACKET
452 {
453 const char *pidstr;
454 switch(p->pid) {
455 case USB_TOKEN_SETUP: pidstr = "SETUP"; break;
456 case USB_TOKEN_IN: pidstr = "IN"; break;
457 case USB_TOKEN_OUT: pidstr = "OUT"; break;
458 default: pidstr = "?"; break;
459 }
460 printf("frame %d: pid=%s addr=0x%02x ep=%d len=%d\n",
461 s->frnum, pidstr, p->devaddr, p->devep, p->len);
462 if (p->pid != USB_TOKEN_IN) {
463 printf(" data_out=");
464 for(i = 0; i < p->len; i++) {
465 printf(" %02x", p->data[i]);
466 }
467 printf("\n");
468 }
469 }
470 #endif
471 for(i = 0; i < NB_PORTS; i++) {
472 port = &s->ports[i];
473 dev = port->port.dev;
474 if (dev && (port->ctrl & UHCI_PORT_EN)) {
475 ret = dev->handle_packet(dev, p);
476 if (ret != USB_RET_NODEV) {
477 #ifdef DEBUG_PACKET
478 if (ret == USB_RET_ASYNC) {
479 printf("usb-uhci: Async packet\n");
480 } else {
481 printf(" ret=%d ", ret);
482 if (p->pid == USB_TOKEN_IN && ret > 0) {
483 printf("data_in=");
484 for(i = 0; i < ret; i++) {
485 printf(" %02x", p->data[i]);
486 }
487 }
488 printf("\n");
489 }
490 #endif
491 return ret;
492 }
493 }
494 }
495 return USB_RET_NODEV;
496 }
497
498 static void uhci_async_complete_packet(USBPacket * packet, void *opaque);
499
500 /* return -1 if fatal error (frame must be stopped)
501 0 if TD successful
502 1 if TD unsuccessful or inactive
503 */
504 static int uhci_handle_td(UHCIState *s, UHCI_TD *td, int *int_mask)
505 {
506 uint8_t pid;
507 int len, max_len, err, ret;
508
509 /* ??? This is wrong for async completion. */
510 if (td->ctrl & TD_CTRL_IOC) {
511 *int_mask |= 0x01;
512 }
513
514 if (!(td->ctrl & TD_CTRL_ACTIVE))
515 return 1;
516
517 /* TD is active */
518 max_len = ((td->token >> 21) + 1) & 0x7ff;
519 pid = td->token & 0xff;
520 if (s->async_qh) {
521 ret = s->usb_packet.len;
522 if (ret >= 0) {
523 len = ret;
524 if (len > max_len) {
525 len = max_len;
526 ret = USB_RET_BABBLE;
527 }
528 if (len > 0) {
529 /* write the data back */
530 cpu_physical_memory_write(td->buffer, s->usb_buf, len);
531 }
532 } else {
533 len = 0;
534 }
535 s->async_qh = 0;
536 } else {
537 s->usb_packet.pid = pid;
538 s->usb_packet.devaddr = (td->token >> 8) & 0x7f;
539 s->usb_packet.devep = (td->token >> 15) & 0xf;
540 s->usb_packet.data = s->usb_buf;
541 s->usb_packet.len = max_len;
542 s->usb_packet.complete_cb = uhci_async_complete_packet;
543 s->usb_packet.complete_opaque = s;
544 switch(pid) {
545 case USB_TOKEN_OUT:
546 case USB_TOKEN_SETUP:
547 cpu_physical_memory_read(td->buffer, s->usb_buf, max_len);
548 ret = uhci_broadcast_packet(s, &s->usb_packet);
549 len = max_len;
550 break;
551 case USB_TOKEN_IN:
552 ret = uhci_broadcast_packet(s, &s->usb_packet);
553 if (ret >= 0) {
554 len = ret;
555 if (len > max_len) {
556 len = max_len;
557 ret = USB_RET_BABBLE;
558 }
559 if (len > 0) {
560 /* write the data back */
561 cpu_physical_memory_write(td->buffer, s->usb_buf, len);
562 }
563 } else {
564 len = 0;
565 }
566 break;
567 default:
568 /* invalid pid : frame interrupted */
569 s->status |= UHCI_STS_HCPERR;
570 uhci_update_irq(s);
571 return -1;
572 }
573 }
574 if (ret == USB_RET_ASYNC) {
575 return 2;
576 }
577 if (td->ctrl & TD_CTRL_IOS)
578 td->ctrl &= ~TD_CTRL_ACTIVE;
579 if (ret >= 0) {
580 td->ctrl = (td->ctrl & ~0x7ff) | ((len - 1) & 0x7ff);
581 /* The NAK bit may have been set by a previous frame, so clear it
582 here. The docs are somewhat unclear, but win2k relies on this
583 behavior. */
584 td->ctrl &= ~(TD_CTRL_ACTIVE | TD_CTRL_NAK);
585 if (pid == USB_TOKEN_IN &&
586 (td->ctrl & TD_CTRL_SPD) &&
587 len < max_len) {
588 *int_mask |= 0x02;
589 /* short packet: do not update QH */
590 return 1;
591 } else {
592 /* success */
593 return 0;
594 }
595 } else {
596 switch(ret) {
597 default:
598 case USB_RET_NODEV:
599 do_timeout:
600 td->ctrl |= TD_CTRL_TIMEOUT;
601 err = (td->ctrl >> TD_CTRL_ERROR_SHIFT) & 3;
602 if (err != 0) {
603 err--;
604 if (err == 0) {
605 td->ctrl &= ~TD_CTRL_ACTIVE;
606 s->status |= UHCI_STS_USBERR;
607 uhci_update_irq(s);
608 }
609 }
610 td->ctrl = (td->ctrl & ~(3 << TD_CTRL_ERROR_SHIFT)) |
611 (err << TD_CTRL_ERROR_SHIFT);
612 return 1;
613 case USB_RET_NAK:
614 td->ctrl |= TD_CTRL_NAK;
615 if (pid == USB_TOKEN_SETUP)
616 goto do_timeout;
617 return 1;
618 case USB_RET_STALL:
619 td->ctrl |= TD_CTRL_STALL;
620 td->ctrl &= ~TD_CTRL_ACTIVE;
621 return 1;
622 case USB_RET_BABBLE:
623 td->ctrl |= TD_CTRL_BABBLE | TD_CTRL_STALL;
624 td->ctrl &= ~TD_CTRL_ACTIVE;
625 /* frame interrupted */
626 return -1;
627 }
628 }
629 }
630
631 static void uhci_async_complete_packet(USBPacket * packet, void *opaque)
632 {
633 UHCIState *s = opaque;
634 UHCI_QH qh;
635 UHCI_TD td;
636 uint32_t link;
637 uint32_t old_td_ctrl;
638 uint32_t val;
639 int ret;
640
641 link = s->async_qh;
642 if (!link) {
643 /* This should never happen. It means a TD somehow got removed
644 without cancelling the associated async IO request. */
645 return;
646 }
647 cpu_physical_memory_read(link & ~0xf, (uint8_t *)&qh, sizeof(qh));
648 le32_to_cpus(&qh.link);
649 le32_to_cpus(&qh.el_link);
650 /* Re-process the queue containing the async packet. */
651 while (1) {
652 cpu_physical_memory_read(qh.el_link & ~0xf,
653 (uint8_t *)&td, sizeof(td));
654 le32_to_cpus(&td.link);
655 le32_to_cpus(&td.ctrl);
656 le32_to_cpus(&td.token);
657 le32_to_cpus(&td.buffer);
658 old_td_ctrl = td.ctrl;
659 ret = uhci_handle_td(s, &td, &s->pending_int_mask);
660 /* update the status bits of the TD */
661 if (old_td_ctrl != td.ctrl) {
662 val = cpu_to_le32(td.ctrl);
663 cpu_physical_memory_write((qh.el_link & ~0xf) + 4,
664 (const uint8_t *)&val,
665 sizeof(val));
666 }
667 if (ret < 0)
668 break; /* interrupted frame */
669 if (ret == 2) {
670 s->async_qh = link;
671 break;
672 } else if (ret == 0) {
673 /* update qh element link */
674 qh.el_link = td.link;
675 val = cpu_to_le32(qh.el_link);
676 cpu_physical_memory_write((link & ~0xf) + 4,
677 (const uint8_t *)&val,
678 sizeof(val));
679 if (!(qh.el_link & 4))
680 break;
681 }
682 break;
683 }
684 }
685
686 static void uhci_frame_timer(void *opaque)
687 {
688 UHCIState *s = opaque;
689 int64_t expire_time;
690 uint32_t frame_addr, link, old_td_ctrl, val;
691 int int_mask, cnt, ret;
692 UHCI_TD td;
693 UHCI_QH qh;
694 uint32_t old_async_qh;
695
696 if (!(s->cmd & UHCI_CMD_RS)) {
697 qemu_del_timer(s->frame_timer);
698 /* set hchalted bit in status - UHCI11D 2.1.2 */
699 s->status |= UHCI_STS_HCHALTED;
700 return;
701 }
702 /* Complete the previous frame. */
703 s->frnum = (s->frnum + 1) & 0x7ff;
704 if (s->pending_int_mask) {
705 s->status2 |= s->pending_int_mask;
706 s->status |= UHCI_STS_USBINT;
707 uhci_update_irq(s);
708 }
709 old_async_qh = s->async_qh;
710 frame_addr = s->fl_base_addr + ((s->frnum & 0x3ff) << 2);
711 cpu_physical_memory_read(frame_addr, (uint8_t *)&link, 4);
712 le32_to_cpus(&link);
713 int_mask = 0;
714 cnt = FRAME_MAX_LOOPS;
715 while ((link & 1) == 0) {
716 if (--cnt == 0)
717 break;
718 /* valid frame */
719 if (link & 2) {
720 /* QH */
721 if (link == s->async_qh) {
722 /* We've found a previously issues packet.
723 Nothing else to do. */
724 old_async_qh = 0;
725 break;
726 }
727 cpu_physical_memory_read(link & ~0xf, (uint8_t *)&qh, sizeof(qh));
728 le32_to_cpus(&qh.link);
729 le32_to_cpus(&qh.el_link);
730 depth_first:
731 if (qh.el_link & 1) {
732 /* no element : go to next entry */
733 link = qh.link;
734 } else if (qh.el_link & 2) {
735 /* QH */
736 link = qh.el_link;
737 } else if (s->async_qh) {
738 /* We can only cope with one pending packet. Keep looking
739 for the previously issued packet. */
740 link = qh.link;
741 } else {
742 /* TD */
743 if (--cnt == 0)
744 break;
745 cpu_physical_memory_read(qh.el_link & ~0xf,
746 (uint8_t *)&td, sizeof(td));
747 le32_to_cpus(&td.link);
748 le32_to_cpus(&td.ctrl);
749 le32_to_cpus(&td.token);
750 le32_to_cpus(&td.buffer);
751 old_td_ctrl = td.ctrl;
752 ret = uhci_handle_td(s, &td, &int_mask);
753 /* update the status bits of the TD */
754 if (old_td_ctrl != td.ctrl) {
755 val = cpu_to_le32(td.ctrl);
756 cpu_physical_memory_write((qh.el_link & ~0xf) + 4,
757 (const uint8_t *)&val,
758 sizeof(val));
759 }
760 if (ret < 0)
761 break; /* interrupted frame */
762 if (ret == 2) {
763 s->async_qh = link;
764 } else if (ret == 0) {
765 /* update qh element link */
766 qh.el_link = td.link;
767 val = cpu_to_le32(qh.el_link);
768 cpu_physical_memory_write((link & ~0xf) + 4,
769 (const uint8_t *)&val,
770 sizeof(val));
771 if (qh.el_link & 4) {
772 /* depth first */
773 goto depth_first;
774 }
775 }
776 /* go to next entry */
777 link = qh.link;
778 }
779 } else {
780 /* TD */
781 cpu_physical_memory_read(link & ~0xf, (uint8_t *)&td, sizeof(td));
782 le32_to_cpus(&td.link);
783 le32_to_cpus(&td.ctrl);
784 le32_to_cpus(&td.token);
785 le32_to_cpus(&td.buffer);
786 /* Ignore isochonous transfers while there is an async packet
787 pending. This is wrong, but we don't implement isochronous
788 transfers anyway. */
789 if (s->async_qh == 0) {
790 old_td_ctrl = td.ctrl;
791 ret = uhci_handle_td(s, &td, &int_mask);
792 /* update the status bits of the TD */
793 if (old_td_ctrl != td.ctrl) {
794 val = cpu_to_le32(td.ctrl);
795 cpu_physical_memory_write((link & ~0xf) + 4,
796 (const uint8_t *)&val,
797 sizeof(val));
798 }
799 if (ret < 0)
800 break; /* interrupted frame */
801 if (ret == 2) {
802 /* We can't handle async isochronous transfers.
803 Cancel The packet. */
804 fprintf(stderr, "usb-uhci: Unimplemented async packet\n");
805 usb_cancel_packet(&s->usb_packet);
806 }
807 }
808 link = td.link;
809 }
810 }
811 s->pending_int_mask = int_mask;
812 if (old_async_qh) {
813 /* A previously started transfer has disappeared from the transfer
814 list. There's nothing useful we can do with it now, so just
815 discard the packet and hope it wasn't too important. */
816 #ifdef DEBUG
817 printf("Discarding USB packet\n");
818 #endif
819 usb_cancel_packet(&s->usb_packet);
820 s->async_qh = 0;
821 }
822 /* prepare the timer for the next frame */
823 expire_time = qemu_get_clock(vm_clock) +
824 (ticks_per_sec / FRAME_TIMER_FREQ);
825 qemu_mod_timer(s->frame_timer, expire_time);
826 }
827
828 static void uhci_map(PCIDevice *pci_dev, int region_num,
829 uint32_t addr, uint32_t size, int type)
830 {
831 UHCIState *s = (UHCIState *)pci_dev;
832
833 register_ioport_write(addr, 32, 2, uhci_ioport_writew, s);
834 register_ioport_read(addr, 32, 2, uhci_ioport_readw, s);
835 register_ioport_write(addr, 32, 4, uhci_ioport_writel, s);
836 register_ioport_read(addr, 32, 4, uhci_ioport_readl, s);
837 register_ioport_write(addr, 32, 1, uhci_ioport_writeb, s);
838 register_ioport_read(addr, 32, 1, uhci_ioport_readb, s);
839 }
840
841 void usb_uhci_piix3_init(PCIBus *bus, int devfn)
842 {
843 UHCIState *s;
844 uint8_t *pci_conf;
845 int i;
846
847 s = (UHCIState *)pci_register_device(bus,
848 "USB-UHCI", sizeof(UHCIState),
849 devfn, NULL, NULL);
850 pci_conf = s->dev.config;
851 pci_conf[0x00] = 0x86;
852 pci_conf[0x01] = 0x80;
853 pci_conf[0x02] = 0x20;
854 pci_conf[0x03] = 0x70;
855 pci_conf[0x08] = 0x01; // revision number
856 pci_conf[0x09] = 0x00;
857 pci_conf[0x0a] = 0x03;
858 pci_conf[0x0b] = 0x0c;
859 pci_conf[0x0e] = 0x00; // header_type
860 pci_conf[0x3d] = 4; // interrupt pin 3
861 pci_conf[0x60] = 0x10; // release number
862
863 for(i = 0; i < NB_PORTS; i++) {
864 qemu_register_usb_port(&s->ports[i].port, s, i, uhci_attach);
865 }
866 s->frame_timer = qemu_new_timer(vm_clock, uhci_frame_timer, s);
867
868 uhci_reset(s);
869
870 /* Use region 4 for consistency with real hardware. BSD guests seem
871 to rely on this. */
872 pci_register_io_region(&s->dev, 4, 0x20,
873 PCI_ADDRESS_SPACE_IO, uhci_map);
874 }
875
876 void usb_uhci_piix4_init(PCIBus *bus, int devfn)
877 {
878 UHCIState *s;
879 uint8_t *pci_conf;
880 int i;
881
882 s = (UHCIState *)pci_register_device(bus,
883 "USB-UHCI", sizeof(UHCIState),
884 devfn, NULL, NULL);
885 pci_conf = s->dev.config;
886 pci_conf[0x00] = 0x86;
887 pci_conf[0x01] = 0x80;
888 pci_conf[0x02] = 0x12;
889 pci_conf[0x03] = 0x71;
890 pci_conf[0x08] = 0x01; // revision number
891 pci_conf[0x09] = 0x00;
892 pci_conf[0x0a] = 0x03;
893 pci_conf[0x0b] = 0x0c;
894 pci_conf[0x0e] = 0x00; // header_type
895 pci_conf[0x3d] = 4; // interrupt pin 3
896 pci_conf[0x60] = 0x10; // release number
897
898 for(i = 0; i < NB_PORTS; i++) {
899 qemu_register_usb_port(&s->ports[i].port, s, i, uhci_attach);
900 }
901 s->frame_timer = qemu_new_timer(vm_clock, uhci_frame_timer, s);
902
903 uhci_reset(s);
904
905 /* Use region 4 for consistency with real hardware. BSD guests seem
906 to rely on this. */
907 pci_register_io_region(&s->dev, 4, 0x20,
908 PCI_ADDRESS_SPACE_IO, uhci_map);
909
910 register_savevm("uhci", 0, 1, uhci_save, uhci_load, s);
911 }
912
Patches shipped by Fedora