monitor: Convert do_physical_memory_save() to QObject
[qemu.git] / hw / usb-musb.c
blob09ec5a125660f972a59c3d0bef1de85f6d0bfaa0
1 /*
2 * "Inventra" High-speed Dual-Role Controller (MUSB-HDRC), Mentor Graphics,
3 * USB2.0 OTG compliant core used in various chips.
5 * Copyright (C) 2008 Nokia Corporation
6 * Written by Andrzej Zaborowski <andrew@openedhand.com>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License as
10 * published by the Free Software Foundation; either version 2 or
11 * (at your option) version 3 of the License.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, see <http://www.gnu.org/licenses/>.
21 * Only host-mode and non-DMA accesses are currently supported.
23 #include "qemu-common.h"
24 #include "qemu-timer.h"
25 #include "usb.h"
26 #include "irq.h"
28 /* Common USB registers */
29 #define MUSB_HDRC_FADDR 0x00 /* 8-bit */
30 #define MUSB_HDRC_POWER 0x01 /* 8-bit */
32 #define MUSB_HDRC_INTRTX 0x02 /* 16-bit */
33 #define MUSB_HDRC_INTRRX 0x04
34 #define MUSB_HDRC_INTRTXE 0x06
35 #define MUSB_HDRC_INTRRXE 0x08
36 #define MUSB_HDRC_INTRUSB 0x0a /* 8 bit */
37 #define MUSB_HDRC_INTRUSBE 0x0b /* 8 bit */
38 #define MUSB_HDRC_FRAME 0x0c /* 16-bit */
39 #define MUSB_HDRC_INDEX 0x0e /* 8 bit */
40 #define MUSB_HDRC_TESTMODE 0x0f /* 8 bit */
42 /* Per-EP registers in indexed mode */
43 #define MUSB_HDRC_EP_IDX 0x10 /* 8-bit */
45 /* EP FIFOs */
46 #define MUSB_HDRC_FIFO 0x20
48 /* Additional Control Registers */
49 #define MUSB_HDRC_DEVCTL 0x60 /* 8 bit */
51 /* These are indexed */
52 #define MUSB_HDRC_TXFIFOSZ 0x62 /* 8 bit (see masks) */
53 #define MUSB_HDRC_RXFIFOSZ 0x63 /* 8 bit (see masks) */
54 #define MUSB_HDRC_TXFIFOADDR 0x64 /* 16 bit offset shifted right 3 */
55 #define MUSB_HDRC_RXFIFOADDR 0x66 /* 16 bit offset shifted right 3 */
57 /* Some more registers */
58 #define MUSB_HDRC_VCTRL 0x68 /* 8 bit */
59 #define MUSB_HDRC_HWVERS 0x6c /* 8 bit */
61 /* Added in HDRC 1.9(?) & MHDRC 1.4 */
62 /* ULPI pass-through */
63 #define MUSB_HDRC_ULPI_VBUSCTL 0x70
64 #define MUSB_HDRC_ULPI_REGDATA 0x74
65 #define MUSB_HDRC_ULPI_REGADDR 0x75
66 #define MUSB_HDRC_ULPI_REGCTL 0x76
68 /* Extended config & PHY control */
69 #define MUSB_HDRC_ENDCOUNT 0x78 /* 8 bit */
70 #define MUSB_HDRC_DMARAMCFG 0x79 /* 8 bit */
71 #define MUSB_HDRC_PHYWAIT 0x7a /* 8 bit */
72 #define MUSB_HDRC_PHYVPLEN 0x7b /* 8 bit */
73 #define MUSB_HDRC_HS_EOF1 0x7c /* 8 bit, units of 546.1 us */
74 #define MUSB_HDRC_FS_EOF1 0x7d /* 8 bit, units of 533.3 ns */
75 #define MUSB_HDRC_LS_EOF1 0x7e /* 8 bit, units of 1.067 us */
77 /* Per-EP BUSCTL registers */
78 #define MUSB_HDRC_BUSCTL 0x80
80 /* Per-EP registers in flat mode */
81 #define MUSB_HDRC_EP 0x100
83 /* offsets to registers in flat model */
84 #define MUSB_HDRC_TXMAXP 0x00 /* 16 bit apparently */
85 #define MUSB_HDRC_TXCSR 0x02 /* 16 bit apparently */
86 #define MUSB_HDRC_CSR0 MUSB_HDRC_TXCSR /* re-used for EP0 */
87 #define MUSB_HDRC_RXMAXP 0x04 /* 16 bit apparently */
88 #define MUSB_HDRC_RXCSR 0x06 /* 16 bit apparently */
89 #define MUSB_HDRC_RXCOUNT 0x08 /* 16 bit apparently */
90 #define MUSB_HDRC_COUNT0 MUSB_HDRC_RXCOUNT /* re-used for EP0 */
91 #define MUSB_HDRC_TXTYPE 0x0a /* 8 bit apparently */
92 #define MUSB_HDRC_TYPE0 MUSB_HDRC_TXTYPE /* re-used for EP0 */
93 #define MUSB_HDRC_TXINTERVAL 0x0b /* 8 bit apparently */
94 #define MUSB_HDRC_NAKLIMIT0 MUSB_HDRC_TXINTERVAL /* re-used for EP0 */
95 #define MUSB_HDRC_RXTYPE 0x0c /* 8 bit apparently */
96 #define MUSB_HDRC_RXINTERVAL 0x0d /* 8 bit apparently */
97 #define MUSB_HDRC_FIFOSIZE 0x0f /* 8 bit apparently */
98 #define MUSB_HDRC_CONFIGDATA MGC_O_HDRC_FIFOSIZE /* re-used for EP0 */
100 /* "Bus control" registers */
101 #define MUSB_HDRC_TXFUNCADDR 0x00
102 #define MUSB_HDRC_TXHUBADDR 0x02
103 #define MUSB_HDRC_TXHUBPORT 0x03
105 #define MUSB_HDRC_RXFUNCADDR 0x04
106 #define MUSB_HDRC_RXHUBADDR 0x06
107 #define MUSB_HDRC_RXHUBPORT 0x07
110 * MUSBHDRC Register bit masks
113 /* POWER */
114 #define MGC_M_POWER_ISOUPDATE 0x80
115 #define MGC_M_POWER_SOFTCONN 0x40
116 #define MGC_M_POWER_HSENAB 0x20
117 #define MGC_M_POWER_HSMODE 0x10
118 #define MGC_M_POWER_RESET 0x08
119 #define MGC_M_POWER_RESUME 0x04
120 #define MGC_M_POWER_SUSPENDM 0x02
121 #define MGC_M_POWER_ENSUSPEND 0x01
123 /* INTRUSB */
124 #define MGC_M_INTR_SUSPEND 0x01
125 #define MGC_M_INTR_RESUME 0x02
126 #define MGC_M_INTR_RESET 0x04
127 #define MGC_M_INTR_BABBLE 0x04
128 #define MGC_M_INTR_SOF 0x08
129 #define MGC_M_INTR_CONNECT 0x10
130 #define MGC_M_INTR_DISCONNECT 0x20
131 #define MGC_M_INTR_SESSREQ 0x40
132 #define MGC_M_INTR_VBUSERROR 0x80 /* FOR SESSION END */
133 #define MGC_M_INTR_EP0 0x01 /* FOR EP0 INTERRUPT */
135 /* DEVCTL */
136 #define MGC_M_DEVCTL_BDEVICE 0x80
137 #define MGC_M_DEVCTL_FSDEV 0x40
138 #define MGC_M_DEVCTL_LSDEV 0x20
139 #define MGC_M_DEVCTL_VBUS 0x18
140 #define MGC_S_DEVCTL_VBUS 3
141 #define MGC_M_DEVCTL_HM 0x04
142 #define MGC_M_DEVCTL_HR 0x02
143 #define MGC_M_DEVCTL_SESSION 0x01
145 /* TESTMODE */
146 #define MGC_M_TEST_FORCE_HOST 0x80
147 #define MGC_M_TEST_FIFO_ACCESS 0x40
148 #define MGC_M_TEST_FORCE_FS 0x20
149 #define MGC_M_TEST_FORCE_HS 0x10
150 #define MGC_M_TEST_PACKET 0x08
151 #define MGC_M_TEST_K 0x04
152 #define MGC_M_TEST_J 0x02
153 #define MGC_M_TEST_SE0_NAK 0x01
155 /* CSR0 */
156 #define MGC_M_CSR0_FLUSHFIFO 0x0100
157 #define MGC_M_CSR0_TXPKTRDY 0x0002
158 #define MGC_M_CSR0_RXPKTRDY 0x0001
160 /* CSR0 in Peripheral mode */
161 #define MGC_M_CSR0_P_SVDSETUPEND 0x0080
162 #define MGC_M_CSR0_P_SVDRXPKTRDY 0x0040
163 #define MGC_M_CSR0_P_SENDSTALL 0x0020
164 #define MGC_M_CSR0_P_SETUPEND 0x0010
165 #define MGC_M_CSR0_P_DATAEND 0x0008
166 #define MGC_M_CSR0_P_SENTSTALL 0x0004
168 /* CSR0 in Host mode */
169 #define MGC_M_CSR0_H_NO_PING 0x0800
170 #define MGC_M_CSR0_H_WR_DATATOGGLE 0x0400 /* set to allow setting: */
171 #define MGC_M_CSR0_H_DATATOGGLE 0x0200 /* data toggle control */
172 #define MGC_M_CSR0_H_NAKTIMEOUT 0x0080
173 #define MGC_M_CSR0_H_STATUSPKT 0x0040
174 #define MGC_M_CSR0_H_REQPKT 0x0020
175 #define MGC_M_CSR0_H_ERROR 0x0010
176 #define MGC_M_CSR0_H_SETUPPKT 0x0008
177 #define MGC_M_CSR0_H_RXSTALL 0x0004
179 /* CONFIGDATA */
180 #define MGC_M_CONFIGDATA_MPRXE 0x80 /* auto bulk pkt combining */
181 #define MGC_M_CONFIGDATA_MPTXE 0x40 /* auto bulk pkt splitting */
182 #define MGC_M_CONFIGDATA_BIGENDIAN 0x20
183 #define MGC_M_CONFIGDATA_HBRXE 0x10 /* HB-ISO for RX */
184 #define MGC_M_CONFIGDATA_HBTXE 0x08 /* HB-ISO for TX */
185 #define MGC_M_CONFIGDATA_DYNFIFO 0x04 /* dynamic FIFO sizing */
186 #define MGC_M_CONFIGDATA_SOFTCONE 0x02 /* SoftConnect */
187 #define MGC_M_CONFIGDATA_UTMIDW 0x01 /* Width, 0 => 8b, 1 => 16b */
189 /* TXCSR in Peripheral and Host mode */
190 #define MGC_M_TXCSR_AUTOSET 0x8000
191 #define MGC_M_TXCSR_ISO 0x4000
192 #define MGC_M_TXCSR_MODE 0x2000
193 #define MGC_M_TXCSR_DMAENAB 0x1000
194 #define MGC_M_TXCSR_FRCDATATOG 0x0800
195 #define MGC_M_TXCSR_DMAMODE 0x0400
196 #define MGC_M_TXCSR_CLRDATATOG 0x0040
197 #define MGC_M_TXCSR_FLUSHFIFO 0x0008
198 #define MGC_M_TXCSR_FIFONOTEMPTY 0x0002
199 #define MGC_M_TXCSR_TXPKTRDY 0x0001
201 /* TXCSR in Peripheral mode */
202 #define MGC_M_TXCSR_P_INCOMPTX 0x0080
203 #define MGC_M_TXCSR_P_SENTSTALL 0x0020
204 #define MGC_M_TXCSR_P_SENDSTALL 0x0010
205 #define MGC_M_TXCSR_P_UNDERRUN 0x0004
207 /* TXCSR in Host mode */
208 #define MGC_M_TXCSR_H_WR_DATATOGGLE 0x0200
209 #define MGC_M_TXCSR_H_DATATOGGLE 0x0100
210 #define MGC_M_TXCSR_H_NAKTIMEOUT 0x0080
211 #define MGC_M_TXCSR_H_RXSTALL 0x0020
212 #define MGC_M_TXCSR_H_ERROR 0x0004
214 /* RXCSR in Peripheral and Host mode */
215 #define MGC_M_RXCSR_AUTOCLEAR 0x8000
216 #define MGC_M_RXCSR_DMAENAB 0x2000
217 #define MGC_M_RXCSR_DISNYET 0x1000
218 #define MGC_M_RXCSR_DMAMODE 0x0800
219 #define MGC_M_RXCSR_INCOMPRX 0x0100
220 #define MGC_M_RXCSR_CLRDATATOG 0x0080
221 #define MGC_M_RXCSR_FLUSHFIFO 0x0010
222 #define MGC_M_RXCSR_DATAERROR 0x0008
223 #define MGC_M_RXCSR_FIFOFULL 0x0002
224 #define MGC_M_RXCSR_RXPKTRDY 0x0001
226 /* RXCSR in Peripheral mode */
227 #define MGC_M_RXCSR_P_ISO 0x4000
228 #define MGC_M_RXCSR_P_SENTSTALL 0x0040
229 #define MGC_M_RXCSR_P_SENDSTALL 0x0020
230 #define MGC_M_RXCSR_P_OVERRUN 0x0004
232 /* RXCSR in Host mode */
233 #define MGC_M_RXCSR_H_AUTOREQ 0x4000
234 #define MGC_M_RXCSR_H_WR_DATATOGGLE 0x0400
235 #define MGC_M_RXCSR_H_DATATOGGLE 0x0200
236 #define MGC_M_RXCSR_H_RXSTALL 0x0040
237 #define MGC_M_RXCSR_H_REQPKT 0x0020
238 #define MGC_M_RXCSR_H_ERROR 0x0004
240 /* HUBADDR */
241 #define MGC_M_HUBADDR_MULTI_TT 0x80
243 /* ULPI: Added in HDRC 1.9(?) & MHDRC 1.4 */
244 #define MGC_M_ULPI_VBCTL_USEEXTVBUSIND 0x02
245 #define MGC_M_ULPI_VBCTL_USEEXTVBUS 0x01
246 #define MGC_M_ULPI_REGCTL_INT_ENABLE 0x08
247 #define MGC_M_ULPI_REGCTL_READNOTWRITE 0x04
248 #define MGC_M_ULPI_REGCTL_COMPLETE 0x02
249 #define MGC_M_ULPI_REGCTL_REG 0x01
251 static void musb_attach(USBPort *port, USBDevice *dev);
253 typedef struct {
254 uint16_t faddr[2];
255 uint8_t haddr[2];
256 uint8_t hport[2];
257 uint16_t csr[2];
258 uint16_t maxp[2];
259 uint16_t rxcount;
260 uint8_t type[2];
261 uint8_t interval[2];
262 uint8_t config;
263 uint8_t fifosize;
264 int timeout[2]; /* Always in microframes */
266 uint32_t *buf[2];
267 int fifolen[2];
268 int fifostart[2];
269 int fifoaddr[2];
270 USBPacket packey[2];
271 int status[2];
272 int ext_size[2];
274 /* For callbacks' use */
275 int epnum;
276 int interrupt[2];
277 MUSBState *musb;
278 USBCallback *delayed_cb[2];
279 QEMUTimer *intv_timer[2];
280 } MUSBEndPoint;
282 struct MUSBState {
283 qemu_irq *irqs;
284 USBBus bus;
285 USBPort port;
287 int idx;
288 uint8_t devctl;
289 uint8_t power;
290 uint8_t faddr;
292 uint8_t intr;
293 uint8_t mask;
294 uint16_t tx_intr;
295 uint16_t tx_mask;
296 uint16_t rx_intr;
297 uint16_t rx_mask;
299 int setup_len;
300 int session;
302 uint32_t buf[0x2000];
304 /* Duplicating the world since 2008!... probably we should have 32
305 * logical, single endpoints instead. */
306 MUSBEndPoint ep[16];
307 } *musb_init(qemu_irq *irqs)
309 MUSBState *s = qemu_mallocz(sizeof(*s));
310 int i;
312 s->irqs = irqs;
314 s->faddr = 0x00;
315 s->power = MGC_M_POWER_HSENAB;
316 s->tx_intr = 0x0000;
317 s->rx_intr = 0x0000;
318 s->tx_mask = 0xffff;
319 s->rx_mask = 0xffff;
320 s->intr = 0x00;
321 s->mask = 0x06;
322 s->idx = 0;
324 /* TODO: _DW */
325 s->ep[0].config = MGC_M_CONFIGDATA_SOFTCONE | MGC_M_CONFIGDATA_DYNFIFO;
326 for (i = 0; i < 16; i ++) {
327 s->ep[i].fifosize = 64;
328 s->ep[i].maxp[0] = 0x40;
329 s->ep[i].maxp[1] = 0x40;
330 s->ep[i].musb = s;
331 s->ep[i].epnum = i;
334 usb_bus_new(&s->bus, NULL /* FIXME */);
335 usb_register_port(&s->bus, &s->port, s, 0, musb_attach);
337 return s;
340 static void musb_vbus_set(MUSBState *s, int level)
342 if (level)
343 s->devctl |= 3 << MGC_S_DEVCTL_VBUS;
344 else
345 s->devctl &= ~MGC_M_DEVCTL_VBUS;
347 qemu_set_irq(s->irqs[musb_set_vbus], level);
350 static void musb_intr_set(MUSBState *s, int line, int level)
352 if (!level) {
353 s->intr &= ~(1 << line);
354 qemu_irq_lower(s->irqs[line]);
355 } else if (s->mask & (1 << line)) {
356 s->intr |= 1 << line;
357 qemu_irq_raise(s->irqs[line]);
361 static void musb_tx_intr_set(MUSBState *s, int line, int level)
363 if (!level) {
364 s->tx_intr &= ~(1 << line);
365 if (!s->tx_intr)
366 qemu_irq_lower(s->irqs[musb_irq_tx]);
367 } else if (s->tx_mask & (1 << line)) {
368 s->tx_intr |= 1 << line;
369 qemu_irq_raise(s->irqs[musb_irq_tx]);
373 static void musb_rx_intr_set(MUSBState *s, int line, int level)
375 if (line) {
376 if (!level) {
377 s->rx_intr &= ~(1 << line);
378 if (!s->rx_intr)
379 qemu_irq_lower(s->irqs[musb_irq_rx]);
380 } else if (s->rx_mask & (1 << line)) {
381 s->rx_intr |= 1 << line;
382 qemu_irq_raise(s->irqs[musb_irq_rx]);
384 } else
385 musb_tx_intr_set(s, line, level);
388 uint32_t musb_core_intr_get(MUSBState *s)
390 return (s->rx_intr << 15) | s->tx_intr;
393 void musb_core_intr_clear(MUSBState *s, uint32_t mask)
395 if (s->rx_intr) {
396 s->rx_intr &= mask >> 15;
397 if (!s->rx_intr)
398 qemu_irq_lower(s->irqs[musb_irq_rx]);
401 if (s->tx_intr) {
402 s->tx_intr &= mask & 0xffff;
403 if (!s->tx_intr)
404 qemu_irq_lower(s->irqs[musb_irq_tx]);
408 void musb_set_size(MUSBState *s, int epnum, int size, int is_tx)
410 s->ep[epnum].ext_size[!is_tx] = size;
411 s->ep[epnum].fifostart[0] = 0;
412 s->ep[epnum].fifostart[1] = 0;
413 s->ep[epnum].fifolen[0] = 0;
414 s->ep[epnum].fifolen[1] = 0;
417 static void musb_session_update(MUSBState *s, int prev_dev, int prev_sess)
419 int detect_prev = prev_dev && prev_sess;
420 int detect = !!s->port.dev && s->session;
422 if (detect && !detect_prev) {
423 /* Let's skip the ID pin sense and VBUS sense formalities and
424 * and signal a successful SRP directly. This should work at least
425 * for the Linux driver stack. */
426 musb_intr_set(s, musb_irq_connect, 1);
428 if (s->port.dev->speed == USB_SPEED_LOW) {
429 s->devctl &= ~MGC_M_DEVCTL_FSDEV;
430 s->devctl |= MGC_M_DEVCTL_LSDEV;
431 } else {
432 s->devctl |= MGC_M_DEVCTL_FSDEV;
433 s->devctl &= ~MGC_M_DEVCTL_LSDEV;
436 /* A-mode? */
437 s->devctl &= ~MGC_M_DEVCTL_BDEVICE;
439 /* Host-mode bit? */
440 s->devctl |= MGC_M_DEVCTL_HM;
441 #if 1
442 musb_vbus_set(s, 1);
443 #endif
444 } else if (!detect && detect_prev) {
445 #if 1
446 musb_vbus_set(s, 0);
447 #endif
451 /* Attach or detach a device on our only port. */
452 static void musb_attach(USBPort *port, USBDevice *dev)
454 MUSBState *s = (MUSBState *) port->opaque;
455 USBDevice *curr;
457 port = &s->port;
458 curr = port->dev;
460 if (dev) {
461 if (curr) {
462 usb_attach(port, NULL);
463 /* TODO: signal some interrupts */
466 musb_intr_set(s, musb_irq_vbus_request, 1);
468 /* Send the attach message to device */
469 usb_send_msg(dev, USB_MSG_ATTACH);
470 } else if (curr) {
471 /* Send the detach message */
472 usb_send_msg(curr, USB_MSG_DETACH);
474 musb_intr_set(s, musb_irq_disconnect, 1);
477 port->dev = dev;
479 musb_session_update(s, !!curr, s->session);
482 static inline void musb_cb_tick0(void *opaque)
484 MUSBEndPoint *ep = (MUSBEndPoint *) opaque;
486 ep->delayed_cb[0](&ep->packey[0], opaque);
489 static inline void musb_cb_tick1(void *opaque)
491 MUSBEndPoint *ep = (MUSBEndPoint *) opaque;
493 ep->delayed_cb[1](&ep->packey[1], opaque);
496 #define musb_cb_tick (dir ? musb_cb_tick1 : musb_cb_tick0)
498 static inline void musb_schedule_cb(USBPacket *packey, void *opaque, int dir)
500 MUSBEndPoint *ep = (MUSBEndPoint *) opaque;
501 int timeout = 0;
503 if (ep->status[dir] == USB_RET_NAK)
504 timeout = ep->timeout[dir];
505 else if (ep->interrupt[dir])
506 timeout = 8;
507 else
508 return musb_cb_tick(opaque);
510 if (!ep->intv_timer[dir])
511 ep->intv_timer[dir] = qemu_new_timer(vm_clock, musb_cb_tick, opaque);
513 qemu_mod_timer(ep->intv_timer[dir], qemu_get_clock(vm_clock) +
514 muldiv64(timeout, get_ticks_per_sec(), 8000));
517 static void musb_schedule0_cb(USBPacket *packey, void *opaque)
519 return musb_schedule_cb(packey, opaque, 0);
522 static void musb_schedule1_cb(USBPacket *packey, void *opaque)
524 return musb_schedule_cb(packey, opaque, 1);
527 static int musb_timeout(int ttype, int speed, int val)
529 #if 1
530 return val << 3;
531 #endif
533 switch (ttype) {
534 case USB_ENDPOINT_XFER_CONTROL:
535 if (val < 2)
536 return 0;
537 else if (speed == USB_SPEED_HIGH)
538 return 1 << (val - 1);
539 else
540 return 8 << (val - 1);
542 case USB_ENDPOINT_XFER_INT:
543 if (speed == USB_SPEED_HIGH)
544 if (val < 2)
545 return 0;
546 else
547 return 1 << (val - 1);
548 else
549 return val << 3;
551 case USB_ENDPOINT_XFER_BULK:
552 case USB_ENDPOINT_XFER_ISOC:
553 if (val < 2)
554 return 0;
555 else if (speed == USB_SPEED_HIGH)
556 return 1 << (val - 1);
557 else
558 return 8 << (val - 1);
559 /* TODO: what with low-speed Bulk and Isochronous? */
562 hw_error("bad interval\n");
565 static inline void musb_packet(MUSBState *s, MUSBEndPoint *ep,
566 int epnum, int pid, int len, USBCallback cb, int dir)
568 int ret;
569 int idx = epnum && dir;
570 int ttype;
572 /* ep->type[0,1] contains:
573 * in bits 7:6 the speed (0 - invalid, 1 - high, 2 - full, 3 - slow)
574 * in bits 5:4 the transfer type (BULK / INT)
575 * in bits 3:0 the EP num
577 ttype = epnum ? (ep->type[idx] >> 4) & 3 : 0;
579 ep->timeout[dir] = musb_timeout(ttype,
580 ep->type[idx] >> 6, ep->interval[idx]);
581 ep->interrupt[dir] = ttype == USB_ENDPOINT_XFER_INT;
582 ep->delayed_cb[dir] = cb;
583 cb = dir ? musb_schedule1_cb : musb_schedule0_cb;
585 ep->packey[dir].pid = pid;
586 /* A wild guess on the FADDR semantics... */
587 ep->packey[dir].devaddr = ep->faddr[idx];
588 ep->packey[dir].devep = ep->type[idx] & 0xf;
589 ep->packey[dir].data = (void *) ep->buf[idx];
590 ep->packey[dir].len = len;
591 ep->packey[dir].complete_cb = cb;
592 ep->packey[dir].complete_opaque = ep;
594 if (s->port.dev)
595 ret = s->port.dev->info->handle_packet(s->port.dev, &ep->packey[dir]);
596 else
597 ret = USB_RET_NODEV;
599 if (ret == USB_RET_ASYNC) {
600 ep->status[dir] = len;
601 return;
604 ep->status[dir] = ret;
605 usb_packet_complete(&ep->packey[dir]);
608 static void musb_tx_packet_complete(USBPacket *packey, void *opaque)
610 /* Unfortunately we can't use packey->devep because that's the remote
611 * endpoint number and may be different than our local. */
612 MUSBEndPoint *ep = (MUSBEndPoint *) opaque;
613 int epnum = ep->epnum;
614 MUSBState *s = ep->musb;
616 ep->fifostart[0] = 0;
617 ep->fifolen[0] = 0;
618 #ifdef CLEAR_NAK
619 if (ep->status[0] != USB_RET_NAK) {
620 #endif
621 if (epnum)
622 ep->csr[0] &= ~(MGC_M_TXCSR_FIFONOTEMPTY | MGC_M_TXCSR_TXPKTRDY);
623 else
624 ep->csr[0] &= ~MGC_M_CSR0_TXPKTRDY;
625 #ifdef CLEAR_NAK
627 #endif
629 /* Clear all of the error bits first */
630 if (epnum)
631 ep->csr[0] &= ~(MGC_M_TXCSR_H_ERROR | MGC_M_TXCSR_H_RXSTALL |
632 MGC_M_TXCSR_H_NAKTIMEOUT);
633 else
634 ep->csr[0] &= ~(MGC_M_CSR0_H_ERROR | MGC_M_CSR0_H_RXSTALL |
635 MGC_M_CSR0_H_NAKTIMEOUT | MGC_M_CSR0_H_NO_PING);
637 if (ep->status[0] == USB_RET_STALL) {
638 /* Command not supported by target! */
639 ep->status[0] = 0;
641 if (epnum)
642 ep->csr[0] |= MGC_M_TXCSR_H_RXSTALL;
643 else
644 ep->csr[0] |= MGC_M_CSR0_H_RXSTALL;
647 if (ep->status[0] == USB_RET_NAK) {
648 ep->status[0] = 0;
650 /* NAK timeouts are only generated in Bulk transfers and
651 * Data-errors in Isochronous. */
652 if (ep->interrupt[0]) {
653 return;
656 if (epnum)
657 ep->csr[0] |= MGC_M_TXCSR_H_NAKTIMEOUT;
658 else
659 ep->csr[0] |= MGC_M_CSR0_H_NAKTIMEOUT;
662 if (ep->status[0] < 0) {
663 if (ep->status[0] == USB_RET_BABBLE)
664 musb_intr_set(s, musb_irq_rst_babble, 1);
666 /* Pretend we've tried three times already and failed (in
667 * case of USB_TOKEN_SETUP). */
668 if (epnum)
669 ep->csr[0] |= MGC_M_TXCSR_H_ERROR;
670 else
671 ep->csr[0] |= MGC_M_CSR0_H_ERROR;
673 musb_tx_intr_set(s, epnum, 1);
674 return;
676 /* TODO: check len for over/underruns of an OUT packet? */
678 #ifdef SETUPLEN_HACK
679 if (!epnum && ep->packey[0].pid == USB_TOKEN_SETUP)
680 s->setup_len = ep->packey[0].data[6];
681 #endif
683 /* In DMA mode: if no error, assert DMA request for this EP,
684 * and skip the interrupt. */
685 musb_tx_intr_set(s, epnum, 1);
688 static void musb_rx_packet_complete(USBPacket *packey, void *opaque)
690 /* Unfortunately we can't use packey->devep because that's the remote
691 * endpoint number and may be different than our local. */
692 MUSBEndPoint *ep = (MUSBEndPoint *) opaque;
693 int epnum = ep->epnum;
694 MUSBState *s = ep->musb;
696 ep->fifostart[1] = 0;
697 ep->fifolen[1] = 0;
699 #ifdef CLEAR_NAK
700 if (ep->status[1] != USB_RET_NAK) {
701 #endif
702 ep->csr[1] &= ~MGC_M_RXCSR_H_REQPKT;
703 if (!epnum)
704 ep->csr[0] &= ~MGC_M_CSR0_H_REQPKT;
705 #ifdef CLEAR_NAK
707 #endif
709 /* Clear all of the imaginable error bits first */
710 ep->csr[1] &= ~(MGC_M_RXCSR_H_ERROR | MGC_M_RXCSR_H_RXSTALL |
711 MGC_M_RXCSR_DATAERROR);
712 if (!epnum)
713 ep->csr[0] &= ~(MGC_M_CSR0_H_ERROR | MGC_M_CSR0_H_RXSTALL |
714 MGC_M_CSR0_H_NAKTIMEOUT | MGC_M_CSR0_H_NO_PING);
716 if (ep->status[1] == USB_RET_STALL) {
717 ep->status[1] = 0;
718 packey->len = 0;
720 ep->csr[1] |= MGC_M_RXCSR_H_RXSTALL;
721 if (!epnum)
722 ep->csr[0] |= MGC_M_CSR0_H_RXSTALL;
725 if (ep->status[1] == USB_RET_NAK) {
726 ep->status[1] = 0;
728 /* NAK timeouts are only generated in Bulk transfers and
729 * Data-errors in Isochronous. */
730 if (ep->interrupt[1])
731 return musb_packet(s, ep, epnum, USB_TOKEN_IN,
732 packey->len, musb_rx_packet_complete, 1);
734 ep->csr[1] |= MGC_M_RXCSR_DATAERROR;
735 if (!epnum)
736 ep->csr[0] |= MGC_M_CSR0_H_NAKTIMEOUT;
739 if (ep->status[1] < 0) {
740 if (ep->status[1] == USB_RET_BABBLE) {
741 musb_intr_set(s, musb_irq_rst_babble, 1);
742 return;
745 /* Pretend we've tried three times already and failed (in
746 * case of a control transfer). */
747 ep->csr[1] |= MGC_M_RXCSR_H_ERROR;
748 if (!epnum)
749 ep->csr[0] |= MGC_M_CSR0_H_ERROR;
751 musb_rx_intr_set(s, epnum, 1);
752 return;
754 /* TODO: check len for over/underruns of an OUT packet? */
755 /* TODO: perhaps make use of e->ext_size[1] here. */
757 packey->len = ep->status[1];
759 if (!(ep->csr[1] & (MGC_M_RXCSR_H_RXSTALL | MGC_M_RXCSR_DATAERROR))) {
760 ep->csr[1] |= MGC_M_RXCSR_FIFOFULL | MGC_M_RXCSR_RXPKTRDY;
761 if (!epnum)
762 ep->csr[0] |= MGC_M_CSR0_RXPKTRDY;
764 ep->rxcount = packey->len; /* XXX: MIN(packey->len, ep->maxp[1]); */
765 /* In DMA mode: assert DMA request for this EP */
768 /* Only if DMA has not been asserted */
769 musb_rx_intr_set(s, epnum, 1);
772 static void musb_tx_rdy(MUSBState *s, int epnum)
774 MUSBEndPoint *ep = s->ep + epnum;
775 int pid;
776 int total, valid = 0;
778 ep->fifostart[0] += ep->fifolen[0];
779 ep->fifolen[0] = 0;
781 /* XXX: how's the total size of the packet retrieved exactly in
782 * the generic case? */
783 total = ep->maxp[0] & 0x3ff;
785 if (ep->ext_size[0]) {
786 total = ep->ext_size[0];
787 ep->ext_size[0] = 0;
788 valid = 1;
791 /* If the packet is not fully ready yet, wait for a next segment. */
792 if (epnum && (ep->fifostart[0] << 2) < total)
793 return;
795 if (!valid)
796 total = ep->fifostart[0] << 2;
798 pid = USB_TOKEN_OUT;
799 if (!epnum && (ep->csr[0] & MGC_M_CSR0_H_SETUPPKT)) {
800 pid = USB_TOKEN_SETUP;
801 if (total != 8)
802 printf("%s: illegal SETUPPKT length of %i bytes\n",
803 __FUNCTION__, total);
804 /* Controller should retry SETUP packets three times on errors
805 * but it doesn't make sense for us to do that. */
808 return musb_packet(s, ep, epnum, pid,
809 total, musb_tx_packet_complete, 0);
812 static void musb_rx_req(MUSBState *s, int epnum)
814 MUSBEndPoint *ep = s->ep + epnum;
815 int total;
817 /* If we already have a packet, which didn't fit into the
818 * 64 bytes of the FIFO, only move the FIFO start and return. (Obsolete) */
819 if (ep->packey[1].pid == USB_TOKEN_IN && ep->status[1] >= 0 &&
820 (ep->fifostart[1] << 2) + ep->rxcount <
821 ep->packey[1].len) {
822 ep->fifostart[1] += ep->rxcount >> 2;
823 ep->fifolen[1] = 0;
825 ep->rxcount = MIN(ep->packey[0].len - (ep->fifostart[1] << 2),
826 ep->maxp[1]);
828 ep->csr[1] &= ~MGC_M_RXCSR_H_REQPKT;
829 if (!epnum)
830 ep->csr[0] &= ~MGC_M_CSR0_H_REQPKT;
832 /* Clear all of the error bits first */
833 ep->csr[1] &= ~(MGC_M_RXCSR_H_ERROR | MGC_M_RXCSR_H_RXSTALL |
834 MGC_M_RXCSR_DATAERROR);
835 if (!epnum)
836 ep->csr[0] &= ~(MGC_M_CSR0_H_ERROR | MGC_M_CSR0_H_RXSTALL |
837 MGC_M_CSR0_H_NAKTIMEOUT | MGC_M_CSR0_H_NO_PING);
839 ep->csr[1] |= MGC_M_RXCSR_FIFOFULL | MGC_M_RXCSR_RXPKTRDY;
840 if (!epnum)
841 ep->csr[0] |= MGC_M_CSR0_RXPKTRDY;
842 musb_rx_intr_set(s, epnum, 1);
843 return;
846 /* The driver sets maxp[1] to 64 or less because it knows the hardware
847 * FIFO is this deep. Bigger packets get split in
848 * usb_generic_handle_packet but we can also do the splitting locally
849 * for performance. It turns out we can also have a bigger FIFO and
850 * ignore the limit set in ep->maxp[1]. The Linux MUSB driver deals
851 * OK with single packets of even 32KB and we avoid splitting, however
852 * usb_msd.c sometimes sends a packet bigger than what Linux expects
853 * (e.g. 8192 bytes instead of 4096) and we get an OVERRUN. Splitting
854 * hides this overrun from Linux. Up to 4096 everything is fine
855 * though. Currently this is disabled.
857 * XXX: mind ep->fifosize. */
858 total = MIN(ep->maxp[1] & 0x3ff, sizeof(s->buf));
860 #ifdef SETUPLEN_HACK
861 /* Why should *we* do that instead of Linux? */
862 if (!epnum) {
863 if (ep->packey[0].devaddr == 2)
864 total = MIN(s->setup_len, 8);
865 else
866 total = MIN(s->setup_len, 64);
867 s->setup_len -= total;
869 #endif
871 return musb_packet(s, ep, epnum, USB_TOKEN_IN,
872 total, musb_rx_packet_complete, 1);
875 static void musb_ep_frame_cancel(MUSBEndPoint *ep, int dir)
877 if (ep->intv_timer[dir])
878 qemu_del_timer(ep->intv_timer[dir]);
881 /* Bus control */
882 static uint8_t musb_busctl_readb(void *opaque, int ep, int addr)
884 MUSBState *s = (MUSBState *) opaque;
886 switch (addr) {
887 /* For USB2.0 HS hubs only */
888 case MUSB_HDRC_TXHUBADDR:
889 return s->ep[ep].haddr[0];
890 case MUSB_HDRC_TXHUBPORT:
891 return s->ep[ep].hport[0];
892 case MUSB_HDRC_RXHUBADDR:
893 return s->ep[ep].haddr[1];
894 case MUSB_HDRC_RXHUBPORT:
895 return s->ep[ep].hport[1];
897 default:
898 printf("%s: unknown register at %02x\n", __FUNCTION__, addr);
899 return 0x00;
903 static void musb_busctl_writeb(void *opaque, int ep, int addr, uint8_t value)
905 MUSBState *s = (MUSBState *) opaque;
907 switch (addr) {
908 case MUSB_HDRC_TXHUBADDR:
909 s->ep[ep].haddr[0] = value;
910 break;
911 case MUSB_HDRC_TXHUBPORT:
912 s->ep[ep].hport[0] = value;
913 break;
914 case MUSB_HDRC_RXHUBADDR:
915 s->ep[ep].haddr[1] = value;
916 break;
917 case MUSB_HDRC_RXHUBPORT:
918 s->ep[ep].hport[1] = value;
919 break;
921 default:
922 printf("%s: unknown register at %02x\n", __FUNCTION__, addr);
926 static uint16_t musb_busctl_readh(void *opaque, int ep, int addr)
928 MUSBState *s = (MUSBState *) opaque;
930 switch (addr) {
931 case MUSB_HDRC_TXFUNCADDR:
932 return s->ep[ep].faddr[0];
933 case MUSB_HDRC_RXFUNCADDR:
934 return s->ep[ep].faddr[1];
936 default:
937 return musb_busctl_readb(s, ep, addr) |
938 (musb_busctl_readb(s, ep, addr | 1) << 8);
942 static void musb_busctl_writeh(void *opaque, int ep, int addr, uint16_t value)
944 MUSBState *s = (MUSBState *) opaque;
946 switch (addr) {
947 case MUSB_HDRC_TXFUNCADDR:
948 s->ep[ep].faddr[0] = value;
949 break;
950 case MUSB_HDRC_RXFUNCADDR:
951 s->ep[ep].faddr[1] = value;
952 break;
954 default:
955 musb_busctl_writeb(s, ep, addr, value & 0xff);
956 musb_busctl_writeb(s, ep, addr | 1, value >> 8);
960 /* Endpoint control */
961 static uint8_t musb_ep_readb(void *opaque, int ep, int addr)
963 MUSBState *s = (MUSBState *) opaque;
965 switch (addr) {
966 case MUSB_HDRC_TXTYPE:
967 return s->ep[ep].type[0];
968 case MUSB_HDRC_TXINTERVAL:
969 return s->ep[ep].interval[0];
970 case MUSB_HDRC_RXTYPE:
971 return s->ep[ep].type[1];
972 case MUSB_HDRC_RXINTERVAL:
973 return s->ep[ep].interval[1];
974 case (MUSB_HDRC_FIFOSIZE & ~1):
975 return 0x00;
976 case MUSB_HDRC_FIFOSIZE:
977 return ep ? s->ep[ep].fifosize : s->ep[ep].config;
979 default:
980 printf("%s: unknown register at %02x\n", __FUNCTION__, addr);
981 return 0x00;
985 static void musb_ep_writeb(void *opaque, int ep, int addr, uint8_t value)
987 MUSBState *s = (MUSBState *) opaque;
989 switch (addr) {
990 case MUSB_HDRC_TXTYPE:
991 s->ep[ep].type[0] = value;
992 break;
993 case MUSB_HDRC_TXINTERVAL:
994 s->ep[ep].interval[0] = value;
995 musb_ep_frame_cancel(&s->ep[ep], 0);
996 break;
997 case MUSB_HDRC_RXTYPE:
998 s->ep[ep].type[1] = value;
999 break;
1000 case MUSB_HDRC_RXINTERVAL:
1001 s->ep[ep].interval[1] = value;
1002 musb_ep_frame_cancel(&s->ep[ep], 1);
1003 break;
1004 case (MUSB_HDRC_FIFOSIZE & ~1):
1005 break;
1006 case MUSB_HDRC_FIFOSIZE:
1007 printf("%s: somebody messes with fifosize (now %i bytes)\n",
1008 __FUNCTION__, value);
1009 s->ep[ep].fifosize = value;
1010 break;
1012 default:
1013 printf("%s: unknown register at %02x\n", __FUNCTION__, addr);
1017 static uint16_t musb_ep_readh(void *opaque, int ep, int addr)
1019 MUSBState *s = (MUSBState *) opaque;
1020 uint16_t ret;
1022 switch (addr) {
1023 case MUSB_HDRC_TXMAXP:
1024 return s->ep[ep].maxp[0];
1025 case MUSB_HDRC_TXCSR:
1026 return s->ep[ep].csr[0];
1027 case MUSB_HDRC_RXMAXP:
1028 return s->ep[ep].maxp[1];
1029 case MUSB_HDRC_RXCSR:
1030 ret = s->ep[ep].csr[1];
1032 /* TODO: This and other bits probably depend on
1033 * ep->csr[1] & MGC_M_RXCSR_AUTOCLEAR. */
1034 if (s->ep[ep].csr[1] & MGC_M_RXCSR_AUTOCLEAR)
1035 s->ep[ep].csr[1] &= ~MGC_M_RXCSR_RXPKTRDY;
1037 return ret;
1038 case MUSB_HDRC_RXCOUNT:
1039 return s->ep[ep].rxcount;
1041 default:
1042 return musb_ep_readb(s, ep, addr) |
1043 (musb_ep_readb(s, ep, addr | 1) << 8);
1047 static void musb_ep_writeh(void *opaque, int ep, int addr, uint16_t value)
1049 MUSBState *s = (MUSBState *) opaque;
1051 switch (addr) {
1052 case MUSB_HDRC_TXMAXP:
1053 s->ep[ep].maxp[0] = value;
1054 break;
1055 case MUSB_HDRC_TXCSR:
1056 if (ep) {
1057 s->ep[ep].csr[0] &= value & 0xa6;
1058 s->ep[ep].csr[0] |= value & 0xff59;
1059 } else {
1060 s->ep[ep].csr[0] &= value & 0x85;
1061 s->ep[ep].csr[0] |= value & 0xf7a;
1064 musb_ep_frame_cancel(&s->ep[ep], 0);
1066 if ((ep && (value & MGC_M_TXCSR_FLUSHFIFO)) ||
1067 (!ep && (value & MGC_M_CSR0_FLUSHFIFO))) {
1068 s->ep[ep].fifolen[0] = 0;
1069 s->ep[ep].fifostart[0] = 0;
1070 if (ep)
1071 s->ep[ep].csr[0] &=
1072 ~(MGC_M_TXCSR_FIFONOTEMPTY | MGC_M_TXCSR_TXPKTRDY);
1073 else
1074 s->ep[ep].csr[0] &=
1075 ~(MGC_M_CSR0_TXPKTRDY | MGC_M_CSR0_RXPKTRDY);
1077 if (
1078 (ep &&
1079 #ifdef CLEAR_NAK
1080 (value & MGC_M_TXCSR_TXPKTRDY) &&
1081 !(value & MGC_M_TXCSR_H_NAKTIMEOUT)) ||
1082 #else
1083 (value & MGC_M_TXCSR_TXPKTRDY)) ||
1084 #endif
1085 (!ep &&
1086 #ifdef CLEAR_NAK
1087 (value & MGC_M_CSR0_TXPKTRDY) &&
1088 !(value & MGC_M_CSR0_H_NAKTIMEOUT)))
1089 #else
1090 (value & MGC_M_CSR0_TXPKTRDY)))
1091 #endif
1092 musb_tx_rdy(s, ep);
1093 if (!ep &&
1094 (value & MGC_M_CSR0_H_REQPKT) &&
1095 #ifdef CLEAR_NAK
1096 !(value & (MGC_M_CSR0_H_NAKTIMEOUT |
1097 MGC_M_CSR0_RXPKTRDY)))
1098 #else
1099 !(value & MGC_M_CSR0_RXPKTRDY))
1100 #endif
1101 musb_rx_req(s, ep);
1102 break;
1104 case MUSB_HDRC_RXMAXP:
1105 s->ep[ep].maxp[1] = value;
1106 break;
1107 case MUSB_HDRC_RXCSR:
1108 /* (DMA mode only) */
1109 if (
1110 (value & MGC_M_RXCSR_H_AUTOREQ) &&
1111 !(value & MGC_M_RXCSR_RXPKTRDY) &&
1112 (s->ep[ep].csr[1] & MGC_M_RXCSR_RXPKTRDY))
1113 value |= MGC_M_RXCSR_H_REQPKT;
1115 s->ep[ep].csr[1] &= 0x102 | (value & 0x4d);
1116 s->ep[ep].csr[1] |= value & 0xfeb0;
1118 musb_ep_frame_cancel(&s->ep[ep], 1);
1120 if (value & MGC_M_RXCSR_FLUSHFIFO) {
1121 s->ep[ep].fifolen[1] = 0;
1122 s->ep[ep].fifostart[1] = 0;
1123 s->ep[ep].csr[1] &= ~(MGC_M_RXCSR_FIFOFULL | MGC_M_RXCSR_RXPKTRDY);
1124 /* If double buffering and we have two packets ready, flush
1125 * only the first one and set up the fifo at the second packet. */
1127 #ifdef CLEAR_NAK
1128 if ((value & MGC_M_RXCSR_H_REQPKT) && !(value & MGC_M_RXCSR_DATAERROR))
1129 #else
1130 if (value & MGC_M_RXCSR_H_REQPKT)
1131 #endif
1132 musb_rx_req(s, ep);
1133 break;
1134 case MUSB_HDRC_RXCOUNT:
1135 s->ep[ep].rxcount = value;
1136 break;
1138 default:
1139 musb_ep_writeb(s, ep, addr, value & 0xff);
1140 musb_ep_writeb(s, ep, addr | 1, value >> 8);
1144 /* Generic control */
1145 static uint32_t musb_readb(void *opaque, target_phys_addr_t addr)
1147 MUSBState *s = (MUSBState *) opaque;
1148 int ep, i;
1149 uint8_t ret;
1151 switch (addr) {
1152 case MUSB_HDRC_FADDR:
1153 return s->faddr;
1154 case MUSB_HDRC_POWER:
1155 return s->power;
1156 case MUSB_HDRC_INTRUSB:
1157 ret = s->intr;
1158 for (i = 0; i < sizeof(ret) * 8; i ++)
1159 if (ret & (1 << i))
1160 musb_intr_set(s, i, 0);
1161 return ret;
1162 case MUSB_HDRC_INTRUSBE:
1163 return s->mask;
1164 case MUSB_HDRC_INDEX:
1165 return s->idx;
1166 case MUSB_HDRC_TESTMODE:
1167 return 0x00;
1169 case MUSB_HDRC_EP_IDX ... (MUSB_HDRC_EP_IDX + 0xf):
1170 return musb_ep_readb(s, s->idx, addr & 0xf);
1172 case MUSB_HDRC_DEVCTL:
1173 return s->devctl;
1175 case MUSB_HDRC_TXFIFOSZ:
1176 case MUSB_HDRC_RXFIFOSZ:
1177 case MUSB_HDRC_VCTRL:
1178 /* TODO */
1179 return 0x00;
1181 case MUSB_HDRC_HWVERS:
1182 return (1 << 10) | 400;
1184 case (MUSB_HDRC_VCTRL | 1):
1185 case (MUSB_HDRC_HWVERS | 1):
1186 case (MUSB_HDRC_DEVCTL | 1):
1187 return 0x00;
1189 case MUSB_HDRC_BUSCTL ... (MUSB_HDRC_BUSCTL + 0x7f):
1190 ep = (addr >> 3) & 0xf;
1191 return musb_busctl_readb(s, ep, addr & 0x7);
1193 case MUSB_HDRC_EP ... (MUSB_HDRC_EP + 0xff):
1194 ep = (addr >> 4) & 0xf;
1195 return musb_ep_readb(s, ep, addr & 0xf);
1197 default:
1198 printf("%s: unknown register at %02x\n", __FUNCTION__, (int) addr);
1199 return 0x00;
1203 static void musb_writeb(void *opaque, target_phys_addr_t addr, uint32_t value)
1205 MUSBState *s = (MUSBState *) opaque;
1206 int ep;
1208 switch (addr) {
1209 case MUSB_HDRC_FADDR:
1210 s->faddr = value & 0x7f;
1211 break;
1212 case MUSB_HDRC_POWER:
1213 s->power = (value & 0xef) | (s->power & 0x10);
1214 /* MGC_M_POWER_RESET is also read-only in Peripheral Mode */
1215 if ((value & MGC_M_POWER_RESET) && s->port.dev) {
1216 usb_send_msg(s->port.dev, USB_MSG_RESET);
1217 /* Negotiate high-speed operation if MGC_M_POWER_HSENAB is set. */
1218 if ((value & MGC_M_POWER_HSENAB) &&
1219 s->port.dev->speed == USB_SPEED_HIGH)
1220 s->power |= MGC_M_POWER_HSMODE; /* Success */
1221 /* Restart frame counting. */
1223 if (value & MGC_M_POWER_SUSPENDM) {
1224 /* When all transfers finish, suspend and if MGC_M_POWER_ENSUSPEND
1225 * is set, also go into low power mode. Frame counting stops. */
1226 /* XXX: Cleared when the interrupt register is read */
1228 if (value & MGC_M_POWER_RESUME) {
1229 /* Wait 20ms and signal resuming on the bus. Frame counting
1230 * restarts. */
1232 break;
1233 case MUSB_HDRC_INTRUSB:
1234 break;
1235 case MUSB_HDRC_INTRUSBE:
1236 s->mask = value & 0xff;
1237 break;
1238 case MUSB_HDRC_INDEX:
1239 s->idx = value & 0xf;
1240 break;
1241 case MUSB_HDRC_TESTMODE:
1242 break;
1244 case MUSB_HDRC_EP_IDX ... (MUSB_HDRC_EP_IDX + 0xf):
1245 musb_ep_writeb(s, s->idx, addr & 0xf, value);
1246 break;
1248 case MUSB_HDRC_DEVCTL:
1249 s->session = !!(value & MGC_M_DEVCTL_SESSION);
1250 musb_session_update(s,
1251 !!s->port.dev,
1252 !!(s->devctl & MGC_M_DEVCTL_SESSION));
1254 /* It seems this is the only R/W bit in this register? */
1255 s->devctl &= ~MGC_M_DEVCTL_SESSION;
1256 s->devctl |= value & MGC_M_DEVCTL_SESSION;
1257 break;
1259 case MUSB_HDRC_TXFIFOSZ:
1260 case MUSB_HDRC_RXFIFOSZ:
1261 case MUSB_HDRC_VCTRL:
1262 /* TODO */
1263 break;
1265 case (MUSB_HDRC_VCTRL | 1):
1266 case (MUSB_HDRC_DEVCTL | 1):
1267 break;
1269 case MUSB_HDRC_BUSCTL ... (MUSB_HDRC_BUSCTL + 0x7f):
1270 ep = (addr >> 3) & 0xf;
1271 musb_busctl_writeb(s, ep, addr & 0x7, value);
1272 break;
1274 case MUSB_HDRC_EP ... (MUSB_HDRC_EP + 0xff):
1275 ep = (addr >> 4) & 0xf;
1276 musb_ep_writeb(s, ep, addr & 0xf, value);
1277 break;
1279 default:
1280 printf("%s: unknown register at %02x\n", __FUNCTION__, (int) addr);
1284 static uint32_t musb_readh(void *opaque, target_phys_addr_t addr)
1286 MUSBState *s = (MUSBState *) opaque;
1287 int ep, i;
1288 uint16_t ret;
1290 switch (addr) {
1291 case MUSB_HDRC_INTRTX:
1292 ret = s->tx_intr;
1293 /* Auto clear */
1294 for (i = 0; i < sizeof(ret) * 8; i ++)
1295 if (ret & (1 << i))
1296 musb_tx_intr_set(s, i, 0);
1297 return ret;
1298 case MUSB_HDRC_INTRRX:
1299 ret = s->rx_intr;
1300 /* Auto clear */
1301 for (i = 0; i < sizeof(ret) * 8; i ++)
1302 if (ret & (1 << i))
1303 musb_rx_intr_set(s, i, 0);
1304 return ret;
1305 case MUSB_HDRC_INTRTXE:
1306 return s->tx_mask;
1307 case MUSB_HDRC_INTRRXE:
1308 return s->rx_mask;
1310 case MUSB_HDRC_FRAME:
1311 /* TODO */
1312 return 0x0000;
1313 case MUSB_HDRC_TXFIFOADDR:
1314 return s->ep[s->idx].fifoaddr[0];
1315 case MUSB_HDRC_RXFIFOADDR:
1316 return s->ep[s->idx].fifoaddr[1];
1318 case MUSB_HDRC_EP_IDX ... (MUSB_HDRC_EP_IDX + 0xf):
1319 return musb_ep_readh(s, s->idx, addr & 0xf);
1321 case MUSB_HDRC_BUSCTL ... (MUSB_HDRC_BUSCTL + 0x7f):
1322 ep = (addr >> 3) & 0xf;
1323 return musb_busctl_readh(s, ep, addr & 0x7);
1325 case MUSB_HDRC_EP ... (MUSB_HDRC_EP + 0xff):
1326 ep = (addr >> 4) & 0xf;
1327 return musb_ep_readh(s, ep, addr & 0xf);
1329 default:
1330 return musb_readb(s, addr) | (musb_readb(s, addr | 1) << 8);
1334 static void musb_writeh(void *opaque, target_phys_addr_t addr, uint32_t value)
1336 MUSBState *s = (MUSBState *) opaque;
1337 int ep;
1339 switch (addr) {
1340 case MUSB_HDRC_INTRTXE:
1341 s->tx_mask = value;
1342 /* XXX: the masks seem to apply on the raising edge like with
1343 * edge-triggered interrupts, thus no need to update. I may be
1344 * wrong though. */
1345 break;
1346 case MUSB_HDRC_INTRRXE:
1347 s->rx_mask = value;
1348 break;
1350 case MUSB_HDRC_FRAME:
1351 /* TODO */
1352 break;
1353 case MUSB_HDRC_TXFIFOADDR:
1354 s->ep[s->idx].fifoaddr[0] = value;
1355 s->ep[s->idx].buf[0] =
1356 s->buf + ((value << 1) & (sizeof(s->buf) / 4 - 1));
1357 break;
1358 case MUSB_HDRC_RXFIFOADDR:
1359 s->ep[s->idx].fifoaddr[1] = value;
1360 s->ep[s->idx].buf[1] =
1361 s->buf + ((value << 1) & (sizeof(s->buf) / 4 - 1));
1362 break;
1364 case MUSB_HDRC_EP_IDX ... (MUSB_HDRC_EP_IDX + 0xf):
1365 musb_ep_writeh(s, s->idx, addr & 0xf, value);
1366 break;
1368 case MUSB_HDRC_BUSCTL ... (MUSB_HDRC_BUSCTL + 0x7f):
1369 ep = (addr >> 3) & 0xf;
1370 musb_busctl_writeh(s, ep, addr & 0x7, value);
1371 break;
1373 case MUSB_HDRC_EP ... (MUSB_HDRC_EP + 0xff):
1374 ep = (addr >> 4) & 0xf;
1375 musb_ep_writeh(s, ep, addr & 0xf, value);
1376 break;
1378 default:
1379 musb_writeb(s, addr, value & 0xff);
1380 musb_writeb(s, addr | 1, value >> 8);
1384 static uint32_t musb_readw(void *opaque, target_phys_addr_t addr)
1386 MUSBState *s = (MUSBState *) opaque;
1387 MUSBEndPoint *ep;
1388 int epnum;
1390 switch (addr) {
1391 case MUSB_HDRC_FIFO ... (MUSB_HDRC_FIFO + 0x3f):
1392 epnum = ((addr - MUSB_HDRC_FIFO) >> 2) & 0xf;
1393 ep = s->ep + epnum;
1395 if (ep->fifolen[1] >= 16) {
1396 /* We have a FIFO underrun */
1397 printf("%s: EP%i FIFO is now empty, stop reading\n",
1398 __FUNCTION__, epnum);
1399 return 0x00000000;
1401 /* In DMA mode clear RXPKTRDY and set REQPKT automatically
1402 * (if AUTOREQ is set) */
1404 ep->csr[1] &= ~MGC_M_RXCSR_FIFOFULL;
1405 return ep->buf[1][ep->fifostart[1] + ep->fifolen[1] ++];
1407 default:
1408 printf("%s: unknown register at %02x\n", __FUNCTION__, (int) addr);
1409 return 0x00000000;
1413 static void musb_writew(void *opaque, target_phys_addr_t addr, uint32_t value)
1415 MUSBState *s = (MUSBState *) opaque;
1416 MUSBEndPoint *ep;
1417 int epnum;
1419 switch (addr) {
1420 case MUSB_HDRC_FIFO ... (MUSB_HDRC_FIFO + 0x3f):
1421 epnum = ((addr - MUSB_HDRC_FIFO) >> 2) & 0xf;
1422 ep = s->ep + epnum;
1424 if (ep->fifolen[0] >= 16) {
1425 /* We have a FIFO overrun */
1426 printf("%s: EP%i FIFO exceeded 64 bytes, stop feeding data\n",
1427 __FUNCTION__, epnum);
1428 break;
1431 ep->buf[0][ep->fifostart[0] + ep->fifolen[0] ++] = value;
1432 if (epnum)
1433 ep->csr[0] |= MGC_M_TXCSR_FIFONOTEMPTY;
1434 break;
1436 default:
1437 printf("%s: unknown register at %02x\n", __FUNCTION__, (int) addr);
1441 CPUReadMemoryFunc * const musb_read[] = {
1442 musb_readb,
1443 musb_readh,
1444 musb_readw,
1447 CPUWriteMemoryFunc * const musb_write[] = {
1448 musb_writeb,
1449 musb_writeh,
1450 musb_writew,