vmdk: fix double free
[qemu.git] / hw / usb-ohci.c
blob5c5dc4a2a261f22fedf86a08338508bfc3a86807
1 /*
2 * QEMU USB OHCI Emulation
3 * Copyright (c) 2004 Gianni Tedesco
4 * Copyright (c) 2006 CodeSourcery
5 * Copyright (c) 2006 Openedhand Ltd.
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 * TODO:
21 * o Isochronous transfers
22 * o Allocate bandwidth in frames properly
23 * o Disable timers when nothing needs to be done, or remove timer usage
24 * all together.
25 * o Handle unrecoverable errors properly
26 * o BIOS work to boot from USB storage
29 #include "hw.h"
30 #include "qemu-timer.h"
31 #include "usb.h"
32 #include "pci.h"
33 #include "pxa.h"
34 #include "devices.h"
35 #include "usb-ohci.h"
37 //#define DEBUG_OHCI
38 /* Dump packet contents. */
39 //#define DEBUG_PACKET
40 //#define DEBUG_ISOCH
41 /* This causes frames to occur 1000x slower */
42 //#define OHCI_TIME_WARP 1
44 #ifdef DEBUG_OHCI
45 #define DPRINTF printf
46 #else
47 #define DPRINTF(...)
48 #endif
50 /* Number of Downstream Ports on the root hub. */
52 #define OHCI_MAX_PORTS 15
54 static int64_t usb_frame_time;
55 static int64_t usb_bit_time;
57 typedef struct OHCIPort {
58 USBPort port;
59 uint32_t ctrl;
60 } OHCIPort;
62 enum ohci_type {
63 OHCI_TYPE_PCI,
64 OHCI_TYPE_PXA,
65 OHCI_TYPE_SM501,
68 typedef struct {
69 USBBus bus;
70 qemu_irq irq;
71 enum ohci_type type;
72 int mem;
73 int num_ports;
74 const char *name;
76 QEMUTimer *eof_timer;
77 int64_t sof_time;
79 /* OHCI state */
80 /* Control partition */
81 uint32_t ctl, status;
82 uint32_t intr_status;
83 uint32_t intr;
85 /* memory pointer partition */
86 uint32_t hcca;
87 uint32_t ctrl_head, ctrl_cur;
88 uint32_t bulk_head, bulk_cur;
89 uint32_t per_cur;
90 uint32_t done;
91 int done_count;
93 /* Frame counter partition */
94 uint32_t fsmps:15;
95 uint32_t fit:1;
96 uint32_t fi:14;
97 uint32_t frt:1;
98 uint16_t frame_number;
99 uint16_t padding;
100 uint32_t pstart;
101 uint32_t lst;
103 /* Root Hub partition */
104 uint32_t rhdesc_a, rhdesc_b;
105 uint32_t rhstatus;
106 OHCIPort rhport[OHCI_MAX_PORTS];
108 /* PXA27x Non-OHCI events */
109 uint32_t hstatus;
110 uint32_t hmask;
111 uint32_t hreset;
112 uint32_t htest;
114 /* SM501 local memory offset */
115 target_phys_addr_t localmem_base;
117 /* Active packets. */
118 uint32_t old_ctl;
119 USBPacket usb_packet;
120 uint8_t usb_buf[8192];
121 uint32_t async_td;
122 int async_complete;
124 } OHCIState;
126 /* Host Controller Communications Area */
127 struct ohci_hcca {
128 uint32_t intr[32];
129 uint16_t frame, pad;
130 uint32_t done;
133 static void ohci_bus_stop(OHCIState *ohci);
135 /* Bitfields for the first word of an Endpoint Desciptor. */
136 #define OHCI_ED_FA_SHIFT 0
137 #define OHCI_ED_FA_MASK (0x7f<<OHCI_ED_FA_SHIFT)
138 #define OHCI_ED_EN_SHIFT 7
139 #define OHCI_ED_EN_MASK (0xf<<OHCI_ED_EN_SHIFT)
140 #define OHCI_ED_D_SHIFT 11
141 #define OHCI_ED_D_MASK (3<<OHCI_ED_D_SHIFT)
142 #define OHCI_ED_S (1<<13)
143 #define OHCI_ED_K (1<<14)
144 #define OHCI_ED_F (1<<15)
145 #define OHCI_ED_MPS_SHIFT 16
146 #define OHCI_ED_MPS_MASK (0x7ff<<OHCI_ED_MPS_SHIFT)
148 /* Flags in the head field of an Endpoint Desciptor. */
149 #define OHCI_ED_H 1
150 #define OHCI_ED_C 2
152 /* Bitfields for the first word of a Transfer Desciptor. */
153 #define OHCI_TD_R (1<<18)
154 #define OHCI_TD_DP_SHIFT 19
155 #define OHCI_TD_DP_MASK (3<<OHCI_TD_DP_SHIFT)
156 #define OHCI_TD_DI_SHIFT 21
157 #define OHCI_TD_DI_MASK (7<<OHCI_TD_DI_SHIFT)
158 #define OHCI_TD_T0 (1<<24)
159 #define OHCI_TD_T1 (1<<24)
160 #define OHCI_TD_EC_SHIFT 26
161 #define OHCI_TD_EC_MASK (3<<OHCI_TD_EC_SHIFT)
162 #define OHCI_TD_CC_SHIFT 28
163 #define OHCI_TD_CC_MASK (0xf<<OHCI_TD_CC_SHIFT)
165 /* Bitfields for the first word of an Isochronous Transfer Desciptor. */
166 /* CC & DI - same as in the General Transfer Desciptor */
167 #define OHCI_TD_SF_SHIFT 0
168 #define OHCI_TD_SF_MASK (0xffff<<OHCI_TD_SF_SHIFT)
169 #define OHCI_TD_FC_SHIFT 24
170 #define OHCI_TD_FC_MASK (7<<OHCI_TD_FC_SHIFT)
172 /* Isochronous Transfer Desciptor - Offset / PacketStatusWord */
173 #define OHCI_TD_PSW_CC_SHIFT 12
174 #define OHCI_TD_PSW_CC_MASK (0xf<<OHCI_TD_PSW_CC_SHIFT)
175 #define OHCI_TD_PSW_SIZE_SHIFT 0
176 #define OHCI_TD_PSW_SIZE_MASK (0xfff<<OHCI_TD_PSW_SIZE_SHIFT)
178 #define OHCI_PAGE_MASK 0xfffff000
179 #define OHCI_OFFSET_MASK 0xfff
181 #define OHCI_DPTR_MASK 0xfffffff0
183 #define OHCI_BM(val, field) \
184 (((val) & OHCI_##field##_MASK) >> OHCI_##field##_SHIFT)
186 #define OHCI_SET_BM(val, field, newval) do { \
187 val &= ~OHCI_##field##_MASK; \
188 val |= ((newval) << OHCI_##field##_SHIFT) & OHCI_##field##_MASK; \
189 } while(0)
191 /* endpoint descriptor */
192 struct ohci_ed {
193 uint32_t flags;
194 uint32_t tail;
195 uint32_t head;
196 uint32_t next;
199 /* General transfer descriptor */
200 struct ohci_td {
201 uint32_t flags;
202 uint32_t cbp;
203 uint32_t next;
204 uint32_t be;
207 /* Isochronous transfer descriptor */
208 struct ohci_iso_td {
209 uint32_t flags;
210 uint32_t bp;
211 uint32_t next;
212 uint32_t be;
213 uint16_t offset[8];
216 #define USB_HZ 12000000
218 /* OHCI Local stuff */
219 #define OHCI_CTL_CBSR ((1<<0)|(1<<1))
220 #define OHCI_CTL_PLE (1<<2)
221 #define OHCI_CTL_IE (1<<3)
222 #define OHCI_CTL_CLE (1<<4)
223 #define OHCI_CTL_BLE (1<<5)
224 #define OHCI_CTL_HCFS ((1<<6)|(1<<7))
225 #define OHCI_USB_RESET 0x00
226 #define OHCI_USB_RESUME 0x40
227 #define OHCI_USB_OPERATIONAL 0x80
228 #define OHCI_USB_SUSPEND 0xc0
229 #define OHCI_CTL_IR (1<<8)
230 #define OHCI_CTL_RWC (1<<9)
231 #define OHCI_CTL_RWE (1<<10)
233 #define OHCI_STATUS_HCR (1<<0)
234 #define OHCI_STATUS_CLF (1<<1)
235 #define OHCI_STATUS_BLF (1<<2)
236 #define OHCI_STATUS_OCR (1<<3)
237 #define OHCI_STATUS_SOC ((1<<6)|(1<<7))
239 #define OHCI_INTR_SO (1<<0) /* Scheduling overrun */
240 #define OHCI_INTR_WD (1<<1) /* HcDoneHead writeback */
241 #define OHCI_INTR_SF (1<<2) /* Start of frame */
242 #define OHCI_INTR_RD (1<<3) /* Resume detect */
243 #define OHCI_INTR_UE (1<<4) /* Unrecoverable error */
244 #define OHCI_INTR_FNO (1<<5) /* Frame number overflow */
245 #define OHCI_INTR_RHSC (1<<6) /* Root hub status change */
246 #define OHCI_INTR_OC (1<<30) /* Ownership change */
247 #define OHCI_INTR_MIE (1<<31) /* Master Interrupt Enable */
249 #define OHCI_HCCA_SIZE 0x100
250 #define OHCI_HCCA_MASK 0xffffff00
252 #define OHCI_EDPTR_MASK 0xfffffff0
254 #define OHCI_FMI_FI 0x00003fff
255 #define OHCI_FMI_FSMPS 0xffff0000
256 #define OHCI_FMI_FIT 0x80000000
258 #define OHCI_FR_RT (1<<31)
260 #define OHCI_LS_THRESH 0x628
262 #define OHCI_RHA_RW_MASK 0x00000000 /* Mask of supported features. */
263 #define OHCI_RHA_PSM (1<<8)
264 #define OHCI_RHA_NPS (1<<9)
265 #define OHCI_RHA_DT (1<<10)
266 #define OHCI_RHA_OCPM (1<<11)
267 #define OHCI_RHA_NOCP (1<<12)
268 #define OHCI_RHA_POTPGT_MASK 0xff000000
270 #define OHCI_RHS_LPS (1<<0)
271 #define OHCI_RHS_OCI (1<<1)
272 #define OHCI_RHS_DRWE (1<<15)
273 #define OHCI_RHS_LPSC (1<<16)
274 #define OHCI_RHS_OCIC (1<<17)
275 #define OHCI_RHS_CRWE (1<<31)
277 #define OHCI_PORT_CCS (1<<0)
278 #define OHCI_PORT_PES (1<<1)
279 #define OHCI_PORT_PSS (1<<2)
280 #define OHCI_PORT_POCI (1<<3)
281 #define OHCI_PORT_PRS (1<<4)
282 #define OHCI_PORT_PPS (1<<8)
283 #define OHCI_PORT_LSDA (1<<9)
284 #define OHCI_PORT_CSC (1<<16)
285 #define OHCI_PORT_PESC (1<<17)
286 #define OHCI_PORT_PSSC (1<<18)
287 #define OHCI_PORT_OCIC (1<<19)
288 #define OHCI_PORT_PRSC (1<<20)
289 #define OHCI_PORT_WTC (OHCI_PORT_CSC|OHCI_PORT_PESC|OHCI_PORT_PSSC \
290 |OHCI_PORT_OCIC|OHCI_PORT_PRSC)
292 #define OHCI_TD_DIR_SETUP 0x0
293 #define OHCI_TD_DIR_OUT 0x1
294 #define OHCI_TD_DIR_IN 0x2
295 #define OHCI_TD_DIR_RESERVED 0x3
297 #define OHCI_CC_NOERROR 0x0
298 #define OHCI_CC_CRC 0x1
299 #define OHCI_CC_BITSTUFFING 0x2
300 #define OHCI_CC_DATATOGGLEMISMATCH 0x3
301 #define OHCI_CC_STALL 0x4
302 #define OHCI_CC_DEVICENOTRESPONDING 0x5
303 #define OHCI_CC_PIDCHECKFAILURE 0x6
304 #define OHCI_CC_UNDEXPETEDPID 0x7
305 #define OHCI_CC_DATAOVERRUN 0x8
306 #define OHCI_CC_DATAUNDERRUN 0x9
307 #define OHCI_CC_BUFFEROVERRUN 0xc
308 #define OHCI_CC_BUFFERUNDERRUN 0xd
310 #define OHCI_HRESET_FSBIR (1 << 0)
312 /* Update IRQ levels */
313 static inline void ohci_intr_update(OHCIState *ohci)
315 int level = 0;
317 if ((ohci->intr & OHCI_INTR_MIE) &&
318 (ohci->intr_status & ohci->intr))
319 level = 1;
321 qemu_set_irq(ohci->irq, level);
324 /* Set an interrupt */
325 static inline void ohci_set_interrupt(OHCIState *ohci, uint32_t intr)
327 ohci->intr_status |= intr;
328 ohci_intr_update(ohci);
331 /* Attach or detach a device on a root hub port. */
332 static void ohci_attach(USBPort *port1, USBDevice *dev)
334 OHCIState *s = port1->opaque;
335 OHCIPort *port = &s->rhport[port1->index];
336 uint32_t old_state = port->ctrl;
338 if (dev) {
339 if (port->port.dev) {
340 usb_attach(port1, NULL);
342 /* set connect status */
343 port->ctrl |= OHCI_PORT_CCS | OHCI_PORT_CSC;
345 /* update speed */
346 if (dev->speed == USB_SPEED_LOW)
347 port->ctrl |= OHCI_PORT_LSDA;
348 else
349 port->ctrl &= ~OHCI_PORT_LSDA;
350 port->port.dev = dev;
352 /* notify of remote-wakeup */
353 if ((s->ctl & OHCI_CTL_HCFS) == OHCI_USB_SUSPEND)
354 ohci_set_interrupt(s, OHCI_INTR_RD);
356 /* send the attach message */
357 usb_send_msg(dev, USB_MSG_ATTACH);
358 DPRINTF("usb-ohci: Attached port %d\n", port1->index);
359 } else {
360 /* set connect status */
361 if (port->ctrl & OHCI_PORT_CCS) {
362 port->ctrl &= ~OHCI_PORT_CCS;
363 port->ctrl |= OHCI_PORT_CSC;
365 /* disable port */
366 if (port->ctrl & OHCI_PORT_PES) {
367 port->ctrl &= ~OHCI_PORT_PES;
368 port->ctrl |= OHCI_PORT_PESC;
370 dev = port->port.dev;
371 if (dev) {
372 /* send the detach message */
373 usb_send_msg(dev, USB_MSG_DETACH);
375 port->port.dev = NULL;
376 DPRINTF("usb-ohci: Detached port %d\n", port1->index);
379 if (old_state != port->ctrl)
380 ohci_set_interrupt(s, OHCI_INTR_RHSC);
383 /* Reset the controller */
384 static void ohci_reset(void *opaque)
386 OHCIState *ohci = opaque;
387 OHCIPort *port;
388 int i;
390 ohci_bus_stop(ohci);
391 ohci->ctl = 0;
392 ohci->old_ctl = 0;
393 ohci->status = 0;
394 ohci->intr_status = 0;
395 ohci->intr = OHCI_INTR_MIE;
397 ohci->hcca = 0;
398 ohci->ctrl_head = ohci->ctrl_cur = 0;
399 ohci->bulk_head = ohci->bulk_cur = 0;
400 ohci->per_cur = 0;
401 ohci->done = 0;
402 ohci->done_count = 7;
404 /* FSMPS is marked TBD in OCHI 1.0, what gives ffs?
405 * I took the value linux sets ...
407 ohci->fsmps = 0x2778;
408 ohci->fi = 0x2edf;
409 ohci->fit = 0;
410 ohci->frt = 0;
411 ohci->frame_number = 0;
412 ohci->pstart = 0;
413 ohci->lst = OHCI_LS_THRESH;
415 ohci->rhdesc_a = OHCI_RHA_NPS | ohci->num_ports;
416 ohci->rhdesc_b = 0x0; /* Impl. specific */
417 ohci->rhstatus = 0;
419 for (i = 0; i < ohci->num_ports; i++)
421 port = &ohci->rhport[i];
422 port->ctrl = 0;
423 if (port->port.dev)
424 ohci_attach(&port->port, port->port.dev);
426 if (ohci->async_td) {
427 usb_cancel_packet(&ohci->usb_packet);
428 ohci->async_td = 0;
430 DPRINTF("usb-ohci: Reset %s\n", ohci->name);
433 /* Get an array of dwords from main memory */
434 static inline int get_dwords(OHCIState *ohci,
435 uint32_t addr, uint32_t *buf, int num)
437 int i;
439 addr += ohci->localmem_base;
441 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
442 cpu_physical_memory_rw(addr, (uint8_t *)buf, sizeof(*buf), 0);
443 *buf = le32_to_cpu(*buf);
446 return 1;
449 /* Put an array of dwords in to main memory */
450 static inline int put_dwords(OHCIState *ohci,
451 uint32_t addr, uint32_t *buf, int num)
453 int i;
455 addr += ohci->localmem_base;
457 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
458 uint32_t tmp = cpu_to_le32(*buf);
459 cpu_physical_memory_rw(addr, (uint8_t *)&tmp, sizeof(tmp), 1);
462 return 1;
465 /* Get an array of words from main memory */
466 static inline int get_words(OHCIState *ohci,
467 uint32_t addr, uint16_t *buf, int num)
469 int i;
471 addr += ohci->localmem_base;
473 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
474 cpu_physical_memory_rw(addr, (uint8_t *)buf, sizeof(*buf), 0);
475 *buf = le16_to_cpu(*buf);
478 return 1;
481 /* Put an array of words in to main memory */
482 static inline int put_words(OHCIState *ohci,
483 uint32_t addr, uint16_t *buf, int num)
485 int i;
487 addr += ohci->localmem_base;
489 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
490 uint16_t tmp = cpu_to_le16(*buf);
491 cpu_physical_memory_rw(addr, (uint8_t *)&tmp, sizeof(tmp), 1);
494 return 1;
497 static inline int ohci_read_ed(OHCIState *ohci,
498 uint32_t addr, struct ohci_ed *ed)
500 return get_dwords(ohci, addr, (uint32_t *)ed, sizeof(*ed) >> 2);
503 static inline int ohci_read_td(OHCIState *ohci,
504 uint32_t addr, struct ohci_td *td)
506 return get_dwords(ohci, addr, (uint32_t *)td, sizeof(*td) >> 2);
509 static inline int ohci_read_iso_td(OHCIState *ohci,
510 uint32_t addr, struct ohci_iso_td *td)
512 return (get_dwords(ohci, addr, (uint32_t *)td, 4) &&
513 get_words(ohci, addr + 16, td->offset, 8));
516 static inline int ohci_read_hcca(OHCIState *ohci,
517 uint32_t addr, struct ohci_hcca *hcca)
519 cpu_physical_memory_rw(addr + ohci->localmem_base,
520 (uint8_t *)hcca, sizeof(*hcca), 0);
521 return 1;
524 static inline int ohci_put_ed(OHCIState *ohci,
525 uint32_t addr, struct ohci_ed *ed)
527 return put_dwords(ohci, addr, (uint32_t *)ed, sizeof(*ed) >> 2);
530 static inline int ohci_put_td(OHCIState *ohci,
531 uint32_t addr, struct ohci_td *td)
533 return put_dwords(ohci, addr, (uint32_t *)td, sizeof(*td) >> 2);
536 static inline int ohci_put_iso_td(OHCIState *ohci,
537 uint32_t addr, struct ohci_iso_td *td)
539 return (put_dwords(ohci, addr, (uint32_t *)td, 4) &&
540 put_words(ohci, addr + 16, td->offset, 8));
543 static inline int ohci_put_hcca(OHCIState *ohci,
544 uint32_t addr, struct ohci_hcca *hcca)
546 cpu_physical_memory_rw(addr + ohci->localmem_base,
547 (uint8_t *)hcca, sizeof(*hcca), 1);
548 return 1;
551 /* Read/Write the contents of a TD from/to main memory. */
552 static void ohci_copy_td(OHCIState *ohci, struct ohci_td *td,
553 uint8_t *buf, int len, int write)
555 uint32_t ptr;
556 uint32_t n;
558 ptr = td->cbp;
559 n = 0x1000 - (ptr & 0xfff);
560 if (n > len)
561 n = len;
562 cpu_physical_memory_rw(ptr + ohci->localmem_base, buf, n, write);
563 if (n == len)
564 return;
565 ptr = td->be & ~0xfffu;
566 buf += n;
567 cpu_physical_memory_rw(ptr + ohci->localmem_base, buf, len - n, write);
570 /* Read/Write the contents of an ISO TD from/to main memory. */
571 static void ohci_copy_iso_td(OHCIState *ohci,
572 uint32_t start_addr, uint32_t end_addr,
573 uint8_t *buf, int len, int write)
575 uint32_t ptr;
576 uint32_t n;
578 ptr = start_addr;
579 n = 0x1000 - (ptr & 0xfff);
580 if (n > len)
581 n = len;
582 cpu_physical_memory_rw(ptr + ohci->localmem_base, buf, n, write);
583 if (n == len)
584 return;
585 ptr = end_addr & ~0xfffu;
586 buf += n;
587 cpu_physical_memory_rw(ptr + ohci->localmem_base, buf, len - n, write);
590 static void ohci_process_lists(OHCIState *ohci, int completion);
592 static void ohci_async_complete_packet(USBPacket *packet, void *opaque)
594 OHCIState *ohci = opaque;
595 #ifdef DEBUG_PACKET
596 DPRINTF("Async packet complete\n");
597 #endif
598 ohci->async_complete = 1;
599 ohci_process_lists(ohci, 1);
602 #define USUB(a, b) ((int16_t)((uint16_t)(a) - (uint16_t)(b)))
604 static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
605 int completion)
607 int dir;
608 size_t len = 0;
609 const char *str = NULL;
610 int pid;
611 int ret;
612 int i;
613 USBDevice *dev;
614 struct ohci_iso_td iso_td;
615 uint32_t addr;
616 uint16_t starting_frame;
617 int16_t relative_frame_number;
618 int frame_count;
619 uint32_t start_offset, next_offset, end_offset = 0;
620 uint32_t start_addr, end_addr;
622 addr = ed->head & OHCI_DPTR_MASK;
624 if (!ohci_read_iso_td(ohci, addr, &iso_td)) {
625 printf("usb-ohci: ISO_TD read error at %x\n", addr);
626 return 0;
629 starting_frame = OHCI_BM(iso_td.flags, TD_SF);
630 frame_count = OHCI_BM(iso_td.flags, TD_FC);
631 relative_frame_number = USUB(ohci->frame_number, starting_frame);
633 #ifdef DEBUG_ISOCH
634 printf("--- ISO_TD ED head 0x%.8x tailp 0x%.8x\n"
635 "0x%.8x 0x%.8x 0x%.8x 0x%.8x\n"
636 "0x%.8x 0x%.8x 0x%.8x 0x%.8x\n"
637 "0x%.8x 0x%.8x 0x%.8x 0x%.8x\n"
638 "frame_number 0x%.8x starting_frame 0x%.8x\n"
639 "frame_count 0x%.8x relative %d\n"
640 "di 0x%.8x cc 0x%.8x\n",
641 ed->head & OHCI_DPTR_MASK, ed->tail & OHCI_DPTR_MASK,
642 iso_td.flags, iso_td.bp, iso_td.next, iso_td.be,
643 iso_td.offset[0], iso_td.offset[1], iso_td.offset[2], iso_td.offset[3],
644 iso_td.offset[4], iso_td.offset[5], iso_td.offset[6], iso_td.offset[7],
645 ohci->frame_number, starting_frame,
646 frame_count, relative_frame_number,
647 OHCI_BM(iso_td.flags, TD_DI), OHCI_BM(iso_td.flags, TD_CC));
648 #endif
650 if (relative_frame_number < 0) {
651 DPRINTF("usb-ohci: ISO_TD R=%d < 0\n", relative_frame_number);
652 return 1;
653 } else if (relative_frame_number > frame_count) {
654 /* ISO TD expired - retire the TD to the Done Queue and continue with
655 the next ISO TD of the same ED */
656 DPRINTF("usb-ohci: ISO_TD R=%d > FC=%d\n", relative_frame_number,
657 frame_count);
658 OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_DATAOVERRUN);
659 ed->head &= ~OHCI_DPTR_MASK;
660 ed->head |= (iso_td.next & OHCI_DPTR_MASK);
661 iso_td.next = ohci->done;
662 ohci->done = addr;
663 i = OHCI_BM(iso_td.flags, TD_DI);
664 if (i < ohci->done_count)
665 ohci->done_count = i;
666 ohci_put_iso_td(ohci, addr, &iso_td);
667 return 0;
670 dir = OHCI_BM(ed->flags, ED_D);
671 switch (dir) {
672 case OHCI_TD_DIR_IN:
673 str = "in";
674 pid = USB_TOKEN_IN;
675 break;
676 case OHCI_TD_DIR_OUT:
677 str = "out";
678 pid = USB_TOKEN_OUT;
679 break;
680 case OHCI_TD_DIR_SETUP:
681 str = "setup";
682 pid = USB_TOKEN_SETUP;
683 break;
684 default:
685 printf("usb-ohci: Bad direction %d\n", dir);
686 return 1;
689 if (!iso_td.bp || !iso_td.be) {
690 printf("usb-ohci: ISO_TD bp 0x%.8x be 0x%.8x\n", iso_td.bp, iso_td.be);
691 return 1;
694 start_offset = iso_td.offset[relative_frame_number];
695 next_offset = iso_td.offset[relative_frame_number + 1];
697 if (!(OHCI_BM(start_offset, TD_PSW_CC) & 0xe) ||
698 ((relative_frame_number < frame_count) &&
699 !(OHCI_BM(next_offset, TD_PSW_CC) & 0xe))) {
700 printf("usb-ohci: ISO_TD cc != not accessed 0x%.8x 0x%.8x\n",
701 start_offset, next_offset);
702 return 1;
705 if ((relative_frame_number < frame_count) && (start_offset > next_offset)) {
706 printf("usb-ohci: ISO_TD start_offset=0x%.8x > next_offset=0x%.8x\n",
707 start_offset, next_offset);
708 return 1;
711 if ((start_offset & 0x1000) == 0) {
712 start_addr = (iso_td.bp & OHCI_PAGE_MASK) |
713 (start_offset & OHCI_OFFSET_MASK);
714 } else {
715 start_addr = (iso_td.be & OHCI_PAGE_MASK) |
716 (start_offset & OHCI_OFFSET_MASK);
719 if (relative_frame_number < frame_count) {
720 end_offset = next_offset - 1;
721 if ((end_offset & 0x1000) == 0) {
722 end_addr = (iso_td.bp & OHCI_PAGE_MASK) |
723 (end_offset & OHCI_OFFSET_MASK);
724 } else {
725 end_addr = (iso_td.be & OHCI_PAGE_MASK) |
726 (end_offset & OHCI_OFFSET_MASK);
728 } else {
729 /* Last packet in the ISO TD */
730 end_addr = iso_td.be;
733 if ((start_addr & OHCI_PAGE_MASK) != (end_addr & OHCI_PAGE_MASK)) {
734 len = (end_addr & OHCI_OFFSET_MASK) + 0x1001
735 - (start_addr & OHCI_OFFSET_MASK);
736 } else {
737 len = end_addr - start_addr + 1;
740 if (len && dir != OHCI_TD_DIR_IN) {
741 ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, len, 0);
744 if (completion) {
745 ret = ohci->usb_packet.len;
746 } else {
747 ret = USB_RET_NODEV;
748 for (i = 0; i < ohci->num_ports; i++) {
749 dev = ohci->rhport[i].port.dev;
750 if ((ohci->rhport[i].ctrl & OHCI_PORT_PES) == 0)
751 continue;
752 ohci->usb_packet.pid = pid;
753 ohci->usb_packet.devaddr = OHCI_BM(ed->flags, ED_FA);
754 ohci->usb_packet.devep = OHCI_BM(ed->flags, ED_EN);
755 ohci->usb_packet.data = ohci->usb_buf;
756 ohci->usb_packet.len = len;
757 ohci->usb_packet.complete_cb = ohci_async_complete_packet;
758 ohci->usb_packet.complete_opaque = ohci;
759 ret = dev->info->handle_packet(dev, &ohci->usb_packet);
760 if (ret != USB_RET_NODEV)
761 break;
764 if (ret == USB_RET_ASYNC) {
765 return 1;
769 #ifdef DEBUG_ISOCH
770 printf("so 0x%.8x eo 0x%.8x\nsa 0x%.8x ea 0x%.8x\ndir %s len %zu ret %d\n",
771 start_offset, end_offset, start_addr, end_addr, str, len, ret);
772 #endif
774 /* Writeback */
775 if (dir == OHCI_TD_DIR_IN && ret >= 0 && ret <= len) {
776 /* IN transfer succeeded */
777 ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, ret, 1);
778 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
779 OHCI_CC_NOERROR);
780 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE, ret);
781 } else if (dir == OHCI_TD_DIR_OUT && ret == len) {
782 /* OUT transfer succeeded */
783 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
784 OHCI_CC_NOERROR);
785 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE, 0);
786 } else {
787 if (ret > (ssize_t) len) {
788 printf("usb-ohci: DataOverrun %d > %zu\n", ret, len);
789 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
790 OHCI_CC_DATAOVERRUN);
791 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
792 len);
793 } else if (ret >= 0) {
794 printf("usb-ohci: DataUnderrun %d\n", ret);
795 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
796 OHCI_CC_DATAUNDERRUN);
797 } else {
798 switch (ret) {
799 case USB_RET_NODEV:
800 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
801 OHCI_CC_DEVICENOTRESPONDING);
802 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
804 break;
805 case USB_RET_NAK:
806 case USB_RET_STALL:
807 printf("usb-ohci: got NAK/STALL %d\n", ret);
808 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
809 OHCI_CC_STALL);
810 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
812 break;
813 default:
814 printf("usb-ohci: Bad device response %d\n", ret);
815 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
816 OHCI_CC_UNDEXPETEDPID);
817 break;
822 if (relative_frame_number == frame_count) {
823 /* Last data packet of ISO TD - retire the TD to the Done Queue */
824 OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_NOERROR);
825 ed->head &= ~OHCI_DPTR_MASK;
826 ed->head |= (iso_td.next & OHCI_DPTR_MASK);
827 iso_td.next = ohci->done;
828 ohci->done = addr;
829 i = OHCI_BM(iso_td.flags, TD_DI);
830 if (i < ohci->done_count)
831 ohci->done_count = i;
833 ohci_put_iso_td(ohci, addr, &iso_td);
834 return 1;
837 /* Service a transport descriptor.
838 Returns nonzero to terminate processing of this endpoint. */
840 static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed)
842 int dir;
843 size_t len = 0;
844 const char *str = NULL;
845 int pid;
846 int ret;
847 int i;
848 USBDevice *dev;
849 struct ohci_td td;
850 uint32_t addr;
851 int flag_r;
852 int completion;
854 addr = ed->head & OHCI_DPTR_MASK;
855 /* See if this TD has already been submitted to the device. */
856 completion = (addr == ohci->async_td);
857 if (completion && !ohci->async_complete) {
858 #ifdef DEBUG_PACKET
859 DPRINTF("Skipping async TD\n");
860 #endif
861 return 1;
863 if (!ohci_read_td(ohci, addr, &td)) {
864 fprintf(stderr, "usb-ohci: TD read error at %x\n", addr);
865 return 0;
868 dir = OHCI_BM(ed->flags, ED_D);
869 switch (dir) {
870 case OHCI_TD_DIR_OUT:
871 case OHCI_TD_DIR_IN:
872 /* Same value. */
873 break;
874 default:
875 dir = OHCI_BM(td.flags, TD_DP);
876 break;
879 switch (dir) {
880 case OHCI_TD_DIR_IN:
881 str = "in";
882 pid = USB_TOKEN_IN;
883 break;
884 case OHCI_TD_DIR_OUT:
885 str = "out";
886 pid = USB_TOKEN_OUT;
887 break;
888 case OHCI_TD_DIR_SETUP:
889 str = "setup";
890 pid = USB_TOKEN_SETUP;
891 break;
892 default:
893 fprintf(stderr, "usb-ohci: Bad direction\n");
894 return 1;
896 if (td.cbp && td.be) {
897 if ((td.cbp & 0xfffff000) != (td.be & 0xfffff000)) {
898 len = (td.be & 0xfff) + 0x1001 - (td.cbp & 0xfff);
899 } else {
900 len = (td.be - td.cbp) + 1;
903 if (len && dir != OHCI_TD_DIR_IN && !completion) {
904 ohci_copy_td(ohci, &td, ohci->usb_buf, len, 0);
908 flag_r = (td.flags & OHCI_TD_R) != 0;
909 #ifdef DEBUG_PACKET
910 DPRINTF(" TD @ 0x%.8x %" PRId64 " bytes %s r=%d cbp=0x%.8x be=0x%.8x\n",
911 addr, len, str, flag_r, td.cbp, td.be);
913 if (len > 0 && dir != OHCI_TD_DIR_IN) {
914 DPRINTF(" data:");
915 for (i = 0; i < len; i++)
916 printf(" %.2x", ohci->usb_buf[i]);
917 DPRINTF("\n");
919 #endif
920 if (completion) {
921 ret = ohci->usb_packet.len;
922 ohci->async_td = 0;
923 ohci->async_complete = 0;
924 } else {
925 ret = USB_RET_NODEV;
926 for (i = 0; i < ohci->num_ports; i++) {
927 dev = ohci->rhport[i].port.dev;
928 if ((ohci->rhport[i].ctrl & OHCI_PORT_PES) == 0)
929 continue;
931 if (ohci->async_td) {
932 /* ??? The hardware should allow one active packet per
933 endpoint. We only allow one active packet per controller.
934 This should be sufficient as long as devices respond in a
935 timely manner.
937 #ifdef DEBUG_PACKET
938 DPRINTF("Too many pending packets\n");
939 #endif
940 return 1;
942 ohci->usb_packet.pid = pid;
943 ohci->usb_packet.devaddr = OHCI_BM(ed->flags, ED_FA);
944 ohci->usb_packet.devep = OHCI_BM(ed->flags, ED_EN);
945 ohci->usb_packet.data = ohci->usb_buf;
946 ohci->usb_packet.len = len;
947 ohci->usb_packet.complete_cb = ohci_async_complete_packet;
948 ohci->usb_packet.complete_opaque = ohci;
949 ret = dev->info->handle_packet(dev, &ohci->usb_packet);
950 if (ret != USB_RET_NODEV)
951 break;
953 #ifdef DEBUG_PACKET
954 DPRINTF("ret=%d\n", ret);
955 #endif
956 if (ret == USB_RET_ASYNC) {
957 ohci->async_td = addr;
958 return 1;
961 if (ret >= 0) {
962 if (dir == OHCI_TD_DIR_IN) {
963 ohci_copy_td(ohci, &td, ohci->usb_buf, ret, 1);
964 #ifdef DEBUG_PACKET
965 DPRINTF(" data:");
966 for (i = 0; i < ret; i++)
967 printf(" %.2x", ohci->usb_buf[i]);
968 DPRINTF("\n");
969 #endif
970 } else {
971 ret = len;
975 /* Writeback */
976 if (ret == len || (dir == OHCI_TD_DIR_IN && ret >= 0 && flag_r)) {
977 /* Transmission succeeded. */
978 if (ret == len) {
979 td.cbp = 0;
980 } else {
981 td.cbp += ret;
982 if ((td.cbp & 0xfff) + ret > 0xfff) {
983 td.cbp &= 0xfff;
984 td.cbp |= td.be & ~0xfff;
987 td.flags |= OHCI_TD_T1;
988 td.flags ^= OHCI_TD_T0;
989 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_NOERROR);
990 OHCI_SET_BM(td.flags, TD_EC, 0);
992 ed->head &= ~OHCI_ED_C;
993 if (td.flags & OHCI_TD_T0)
994 ed->head |= OHCI_ED_C;
995 } else {
996 if (ret >= 0) {
997 DPRINTF("usb-ohci: Underrun\n");
998 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DATAUNDERRUN);
999 } else {
1000 switch (ret) {
1001 case USB_RET_NODEV:
1002 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DEVICENOTRESPONDING);
1003 case USB_RET_NAK:
1004 DPRINTF("usb-ohci: got NAK\n");
1005 return 1;
1006 case USB_RET_STALL:
1007 DPRINTF("usb-ohci: got STALL\n");
1008 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_STALL);
1009 break;
1010 case USB_RET_BABBLE:
1011 DPRINTF("usb-ohci: got BABBLE\n");
1012 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DATAOVERRUN);
1013 break;
1014 default:
1015 fprintf(stderr, "usb-ohci: Bad device response %d\n", ret);
1016 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_UNDEXPETEDPID);
1017 OHCI_SET_BM(td.flags, TD_EC, 3);
1018 break;
1021 ed->head |= OHCI_ED_H;
1024 /* Retire this TD */
1025 ed->head &= ~OHCI_DPTR_MASK;
1026 ed->head |= td.next & OHCI_DPTR_MASK;
1027 td.next = ohci->done;
1028 ohci->done = addr;
1029 i = OHCI_BM(td.flags, TD_DI);
1030 if (i < ohci->done_count)
1031 ohci->done_count = i;
1032 ohci_put_td(ohci, addr, &td);
1033 return OHCI_BM(td.flags, TD_CC) != OHCI_CC_NOERROR;
1036 /* Service an endpoint list. Returns nonzero if active TD were found. */
1037 static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
1039 struct ohci_ed ed;
1040 uint32_t next_ed;
1041 uint32_t cur;
1042 int active;
1044 active = 0;
1046 if (head == 0)
1047 return 0;
1049 for (cur = head; cur; cur = next_ed) {
1050 if (!ohci_read_ed(ohci, cur, &ed)) {
1051 fprintf(stderr, "usb-ohci: ED read error at %x\n", cur);
1052 return 0;
1055 next_ed = ed.next & OHCI_DPTR_MASK;
1057 if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) {
1058 uint32_t addr;
1059 /* Cancel pending packets for ED that have been paused. */
1060 addr = ed.head & OHCI_DPTR_MASK;
1061 if (ohci->async_td && addr == ohci->async_td) {
1062 usb_cancel_packet(&ohci->usb_packet);
1063 ohci->async_td = 0;
1065 continue;
1068 while ((ed.head & OHCI_DPTR_MASK) != ed.tail) {
1069 #ifdef DEBUG_PACKET
1070 DPRINTF("ED @ 0x%.8x fa=%u en=%u d=%u s=%u k=%u f=%u mps=%u "
1071 "h=%u c=%u\n head=0x%.8x tailp=0x%.8x next=0x%.8x\n", cur,
1072 OHCI_BM(ed.flags, ED_FA), OHCI_BM(ed.flags, ED_EN),
1073 OHCI_BM(ed.flags, ED_D), (ed.flags & OHCI_ED_S)!= 0,
1074 (ed.flags & OHCI_ED_K) != 0, (ed.flags & OHCI_ED_F) != 0,
1075 OHCI_BM(ed.flags, ED_MPS), (ed.head & OHCI_ED_H) != 0,
1076 (ed.head & OHCI_ED_C) != 0, ed.head & OHCI_DPTR_MASK,
1077 ed.tail & OHCI_DPTR_MASK, ed.next & OHCI_DPTR_MASK);
1078 #endif
1079 active = 1;
1081 if ((ed.flags & OHCI_ED_F) == 0) {
1082 if (ohci_service_td(ohci, &ed))
1083 break;
1084 } else {
1085 /* Handle isochronous endpoints */
1086 if (ohci_service_iso_td(ohci, &ed, completion))
1087 break;
1091 ohci_put_ed(ohci, cur, &ed);
1094 return active;
1097 /* Generate a SOF event, and set a timer for EOF */
1098 static void ohci_sof(OHCIState *ohci)
1100 ohci->sof_time = qemu_get_clock(vm_clock);
1101 qemu_mod_timer(ohci->eof_timer, ohci->sof_time + usb_frame_time);
1102 ohci_set_interrupt(ohci, OHCI_INTR_SF);
1105 /* Process Control and Bulk lists. */
1106 static void ohci_process_lists(OHCIState *ohci, int completion)
1108 if ((ohci->ctl & OHCI_CTL_CLE) && (ohci->status & OHCI_STATUS_CLF)) {
1109 if (ohci->ctrl_cur && ohci->ctrl_cur != ohci->ctrl_head)
1110 DPRINTF("usb-ohci: head %x, cur %x\n",
1111 ohci->ctrl_head, ohci->ctrl_cur);
1112 if (!ohci_service_ed_list(ohci, ohci->ctrl_head, completion)) {
1113 ohci->ctrl_cur = 0;
1114 ohci->status &= ~OHCI_STATUS_CLF;
1118 if ((ohci->ctl & OHCI_CTL_BLE) && (ohci->status & OHCI_STATUS_BLF)) {
1119 if (!ohci_service_ed_list(ohci, ohci->bulk_head, completion)) {
1120 ohci->bulk_cur = 0;
1121 ohci->status &= ~OHCI_STATUS_BLF;
1126 /* Do frame processing on frame boundary */
1127 static void ohci_frame_boundary(void *opaque)
1129 OHCIState *ohci = opaque;
1130 struct ohci_hcca hcca;
1132 ohci_read_hcca(ohci, ohci->hcca, &hcca);
1134 /* Process all the lists at the end of the frame */
1135 if (ohci->ctl & OHCI_CTL_PLE) {
1136 int n;
1138 n = ohci->frame_number & 0x1f;
1139 ohci_service_ed_list(ohci, le32_to_cpu(hcca.intr[n]), 0);
1142 /* Cancel all pending packets if either of the lists has been disabled. */
1143 if (ohci->async_td &&
1144 ohci->old_ctl & (~ohci->ctl) & (OHCI_CTL_BLE | OHCI_CTL_CLE)) {
1145 usb_cancel_packet(&ohci->usb_packet);
1146 ohci->async_td = 0;
1148 ohci->old_ctl = ohci->ctl;
1149 ohci_process_lists(ohci, 0);
1151 /* Frame boundary, so do EOF stuf here */
1152 ohci->frt = ohci->fit;
1154 /* Increment frame number and take care of endianness. */
1155 ohci->frame_number = (ohci->frame_number + 1) & 0xffff;
1156 hcca.frame = cpu_to_le16(ohci->frame_number);
1158 if (ohci->done_count == 0 && !(ohci->intr_status & OHCI_INTR_WD)) {
1159 if (!ohci->done)
1160 abort();
1161 if (ohci->intr & ohci->intr_status)
1162 ohci->done |= 1;
1163 hcca.done = cpu_to_le32(ohci->done);
1164 ohci->done = 0;
1165 ohci->done_count = 7;
1166 ohci_set_interrupt(ohci, OHCI_INTR_WD);
1169 if (ohci->done_count != 7 && ohci->done_count != 0)
1170 ohci->done_count--;
1172 /* Do SOF stuff here */
1173 ohci_sof(ohci);
1175 /* Writeback HCCA */
1176 ohci_put_hcca(ohci, ohci->hcca, &hcca);
1179 /* Start sending SOF tokens across the USB bus, lists are processed in
1180 * next frame
1182 static int ohci_bus_start(OHCIState *ohci)
1184 ohci->eof_timer = qemu_new_timer(vm_clock,
1185 ohci_frame_boundary,
1186 ohci);
1188 if (ohci->eof_timer == NULL) {
1189 fprintf(stderr, "usb-ohci: %s: qemu_new_timer failed\n", ohci->name);
1190 /* TODO: Signal unrecoverable error */
1191 return 0;
1194 DPRINTF("usb-ohci: %s: USB Operational\n", ohci->name);
1196 ohci_sof(ohci);
1198 return 1;
1201 /* Stop sending SOF tokens on the bus */
1202 static void ohci_bus_stop(OHCIState *ohci)
1204 if (ohci->eof_timer)
1205 qemu_del_timer(ohci->eof_timer);
1206 ohci->eof_timer = NULL;
1209 /* Sets a flag in a port status register but only set it if the port is
1210 * connected, if not set ConnectStatusChange flag. If flag is enabled
1211 * return 1.
1213 static int ohci_port_set_if_connected(OHCIState *ohci, int i, uint32_t val)
1215 int ret = 1;
1217 /* writing a 0 has no effect */
1218 if (val == 0)
1219 return 0;
1221 /* If CurrentConnectStatus is cleared we set
1222 * ConnectStatusChange
1224 if (!(ohci->rhport[i].ctrl & OHCI_PORT_CCS)) {
1225 ohci->rhport[i].ctrl |= OHCI_PORT_CSC;
1226 if (ohci->rhstatus & OHCI_RHS_DRWE) {
1227 /* TODO: CSC is a wakeup event */
1229 return 0;
1232 if (ohci->rhport[i].ctrl & val)
1233 ret = 0;
1235 /* set the bit */
1236 ohci->rhport[i].ctrl |= val;
1238 return ret;
1241 /* Set the frame interval - frame interval toggle is manipulated by the hcd only */
1242 static void ohci_set_frame_interval(OHCIState *ohci, uint16_t val)
1244 val &= OHCI_FMI_FI;
1246 if (val != ohci->fi) {
1247 DPRINTF("usb-ohci: %s: FrameInterval = 0x%x (%u)\n",
1248 ohci->name, ohci->fi, ohci->fi);
1251 ohci->fi = val;
1254 static void ohci_port_power(OHCIState *ohci, int i, int p)
1256 if (p) {
1257 ohci->rhport[i].ctrl |= OHCI_PORT_PPS;
1258 } else {
1259 ohci->rhport[i].ctrl &= ~(OHCI_PORT_PPS|
1260 OHCI_PORT_CCS|
1261 OHCI_PORT_PSS|
1262 OHCI_PORT_PRS);
1266 /* Set HcControlRegister */
1267 static void ohci_set_ctl(OHCIState *ohci, uint32_t val)
1269 uint32_t old_state;
1270 uint32_t new_state;
1272 old_state = ohci->ctl & OHCI_CTL_HCFS;
1273 ohci->ctl = val;
1274 new_state = ohci->ctl & OHCI_CTL_HCFS;
1276 /* no state change */
1277 if (old_state == new_state)
1278 return;
1280 switch (new_state) {
1281 case OHCI_USB_OPERATIONAL:
1282 ohci_bus_start(ohci);
1283 break;
1284 case OHCI_USB_SUSPEND:
1285 ohci_bus_stop(ohci);
1286 DPRINTF("usb-ohci: %s: USB Suspended\n", ohci->name);
1287 break;
1288 case OHCI_USB_RESUME:
1289 DPRINTF("usb-ohci: %s: USB Resume\n", ohci->name);
1290 break;
1291 case OHCI_USB_RESET:
1292 ohci_reset(ohci);
1293 DPRINTF("usb-ohci: %s: USB Reset\n", ohci->name);
1294 break;
1298 static uint32_t ohci_get_frame_remaining(OHCIState *ohci)
1300 uint16_t fr;
1301 int64_t tks;
1303 if ((ohci->ctl & OHCI_CTL_HCFS) != OHCI_USB_OPERATIONAL)
1304 return (ohci->frt << 31);
1306 /* Being in USB operational state guarnatees sof_time was
1307 * set already.
1309 tks = qemu_get_clock(vm_clock) - ohci->sof_time;
1311 /* avoid muldiv if possible */
1312 if (tks >= usb_frame_time)
1313 return (ohci->frt << 31);
1315 tks = muldiv64(1, tks, usb_bit_time);
1316 fr = (uint16_t)(ohci->fi - tks);
1318 return (ohci->frt << 31) | fr;
1322 /* Set root hub status */
1323 static void ohci_set_hub_status(OHCIState *ohci, uint32_t val)
1325 uint32_t old_state;
1327 old_state = ohci->rhstatus;
1329 /* write 1 to clear OCIC */
1330 if (val & OHCI_RHS_OCIC)
1331 ohci->rhstatus &= ~OHCI_RHS_OCIC;
1333 if (val & OHCI_RHS_LPS) {
1334 int i;
1336 for (i = 0; i < ohci->num_ports; i++)
1337 ohci_port_power(ohci, i, 0);
1338 DPRINTF("usb-ohci: powered down all ports\n");
1341 if (val & OHCI_RHS_LPSC) {
1342 int i;
1344 for (i = 0; i < ohci->num_ports; i++)
1345 ohci_port_power(ohci, i, 1);
1346 DPRINTF("usb-ohci: powered up all ports\n");
1349 if (val & OHCI_RHS_DRWE)
1350 ohci->rhstatus |= OHCI_RHS_DRWE;
1352 if (val & OHCI_RHS_CRWE)
1353 ohci->rhstatus &= ~OHCI_RHS_DRWE;
1355 if (old_state != ohci->rhstatus)
1356 ohci_set_interrupt(ohci, OHCI_INTR_RHSC);
1359 /* Set root hub port status */
1360 static void ohci_port_set_status(OHCIState *ohci, int portnum, uint32_t val)
1362 uint32_t old_state;
1363 OHCIPort *port;
1365 port = &ohci->rhport[portnum];
1366 old_state = port->ctrl;
1368 /* Write to clear CSC, PESC, PSSC, OCIC, PRSC */
1369 if (val & OHCI_PORT_WTC)
1370 port->ctrl &= ~(val & OHCI_PORT_WTC);
1372 if (val & OHCI_PORT_CCS)
1373 port->ctrl &= ~OHCI_PORT_PES;
1375 ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PES);
1377 if (ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PSS))
1378 DPRINTF("usb-ohci: port %d: SUSPEND\n", portnum);
1380 if (ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PRS)) {
1381 DPRINTF("usb-ohci: port %d: RESET\n", portnum);
1382 usb_send_msg(port->port.dev, USB_MSG_RESET);
1383 port->ctrl &= ~OHCI_PORT_PRS;
1384 /* ??? Should this also set OHCI_PORT_PESC. */
1385 port->ctrl |= OHCI_PORT_PES | OHCI_PORT_PRSC;
1388 /* Invert order here to ensure in ambiguous case, device is
1389 * powered up...
1391 if (val & OHCI_PORT_LSDA)
1392 ohci_port_power(ohci, portnum, 0);
1393 if (val & OHCI_PORT_PPS)
1394 ohci_port_power(ohci, portnum, 1);
1396 if (old_state != port->ctrl)
1397 ohci_set_interrupt(ohci, OHCI_INTR_RHSC);
1399 return;
1402 static uint32_t ohci_mem_read(void *ptr, target_phys_addr_t addr)
1404 OHCIState *ohci = ptr;
1405 uint32_t retval;
1407 /* Only aligned reads are allowed on OHCI */
1408 if (addr & 3) {
1409 fprintf(stderr, "usb-ohci: Mis-aligned read\n");
1410 return 0xffffffff;
1411 } else if (addr >= 0x54 && addr < 0x54 + ohci->num_ports * 4) {
1412 /* HcRhPortStatus */
1413 retval = ohci->rhport[(addr - 0x54) >> 2].ctrl | OHCI_PORT_PPS;
1414 } else {
1415 switch (addr >> 2) {
1416 case 0: /* HcRevision */
1417 retval = 0x10;
1418 break;
1420 case 1: /* HcControl */
1421 retval = ohci->ctl;
1422 break;
1424 case 2: /* HcCommandStatus */
1425 retval = ohci->status;
1426 break;
1428 case 3: /* HcInterruptStatus */
1429 retval = ohci->intr_status;
1430 break;
1432 case 4: /* HcInterruptEnable */
1433 case 5: /* HcInterruptDisable */
1434 retval = ohci->intr;
1435 break;
1437 case 6: /* HcHCCA */
1438 retval = ohci->hcca;
1439 break;
1441 case 7: /* HcPeriodCurrentED */
1442 retval = ohci->per_cur;
1443 break;
1445 case 8: /* HcControlHeadED */
1446 retval = ohci->ctrl_head;
1447 break;
1449 case 9: /* HcControlCurrentED */
1450 retval = ohci->ctrl_cur;
1451 break;
1453 case 10: /* HcBulkHeadED */
1454 retval = ohci->bulk_head;
1455 break;
1457 case 11: /* HcBulkCurrentED */
1458 retval = ohci->bulk_cur;
1459 break;
1461 case 12: /* HcDoneHead */
1462 retval = ohci->done;
1463 break;
1465 case 13: /* HcFmInterretval */
1466 retval = (ohci->fit << 31) | (ohci->fsmps << 16) | (ohci->fi);
1467 break;
1469 case 14: /* HcFmRemaining */
1470 retval = ohci_get_frame_remaining(ohci);
1471 break;
1473 case 15: /* HcFmNumber */
1474 retval = ohci->frame_number;
1475 break;
1477 case 16: /* HcPeriodicStart */
1478 retval = ohci->pstart;
1479 break;
1481 case 17: /* HcLSThreshold */
1482 retval = ohci->lst;
1483 break;
1485 case 18: /* HcRhDescriptorA */
1486 retval = ohci->rhdesc_a;
1487 break;
1489 case 19: /* HcRhDescriptorB */
1490 retval = ohci->rhdesc_b;
1491 break;
1493 case 20: /* HcRhStatus */
1494 retval = ohci->rhstatus;
1495 break;
1497 /* PXA27x specific registers */
1498 case 24: /* HcStatus */
1499 retval = ohci->hstatus & ohci->hmask;
1500 break;
1502 case 25: /* HcHReset */
1503 retval = ohci->hreset;
1504 break;
1506 case 26: /* HcHInterruptEnable */
1507 retval = ohci->hmask;
1508 break;
1510 case 27: /* HcHInterruptTest */
1511 retval = ohci->htest;
1512 break;
1514 default:
1515 fprintf(stderr, "ohci_read: Bad offset %x\n", (int)addr);
1516 retval = 0xffffffff;
1520 #ifdef TARGET_WORDS_BIGENDIAN
1521 retval = bswap32(retval);
1522 #endif
1523 return retval;
1526 static void ohci_mem_write(void *ptr, target_phys_addr_t addr, uint32_t val)
1528 OHCIState *ohci = ptr;
1530 #ifdef TARGET_WORDS_BIGENDIAN
1531 val = bswap32(val);
1532 #endif
1534 /* Only aligned reads are allowed on OHCI */
1535 if (addr & 3) {
1536 fprintf(stderr, "usb-ohci: Mis-aligned write\n");
1537 return;
1540 if (addr >= 0x54 && addr < 0x54 + ohci->num_ports * 4) {
1541 /* HcRhPortStatus */
1542 ohci_port_set_status(ohci, (addr - 0x54) >> 2, val);
1543 return;
1546 switch (addr >> 2) {
1547 case 1: /* HcControl */
1548 ohci_set_ctl(ohci, val);
1549 break;
1551 case 2: /* HcCommandStatus */
1552 /* SOC is read-only */
1553 val = (val & ~OHCI_STATUS_SOC);
1555 /* Bits written as '0' remain unchanged in the register */
1556 ohci->status |= val;
1558 if (ohci->status & OHCI_STATUS_HCR)
1559 ohci_reset(ohci);
1560 break;
1562 case 3: /* HcInterruptStatus */
1563 ohci->intr_status &= ~val;
1564 ohci_intr_update(ohci);
1565 break;
1567 case 4: /* HcInterruptEnable */
1568 ohci->intr |= val;
1569 ohci_intr_update(ohci);
1570 break;
1572 case 5: /* HcInterruptDisable */
1573 ohci->intr &= ~val;
1574 ohci_intr_update(ohci);
1575 break;
1577 case 6: /* HcHCCA */
1578 ohci->hcca = val & OHCI_HCCA_MASK;
1579 break;
1581 case 8: /* HcControlHeadED */
1582 ohci->ctrl_head = val & OHCI_EDPTR_MASK;
1583 break;
1585 case 9: /* HcControlCurrentED */
1586 ohci->ctrl_cur = val & OHCI_EDPTR_MASK;
1587 break;
1589 case 10: /* HcBulkHeadED */
1590 ohci->bulk_head = val & OHCI_EDPTR_MASK;
1591 break;
1593 case 11: /* HcBulkCurrentED */
1594 ohci->bulk_cur = val & OHCI_EDPTR_MASK;
1595 break;
1597 case 13: /* HcFmInterval */
1598 ohci->fsmps = (val & OHCI_FMI_FSMPS) >> 16;
1599 ohci->fit = (val & OHCI_FMI_FIT) >> 31;
1600 ohci_set_frame_interval(ohci, val);
1601 break;
1603 case 15: /* HcFmNumber */
1604 break;
1606 case 16: /* HcPeriodicStart */
1607 ohci->pstart = val & 0xffff;
1608 break;
1610 case 17: /* HcLSThreshold */
1611 ohci->lst = val & 0xffff;
1612 break;
1614 case 18: /* HcRhDescriptorA */
1615 ohci->rhdesc_a &= ~OHCI_RHA_RW_MASK;
1616 ohci->rhdesc_a |= val & OHCI_RHA_RW_MASK;
1617 break;
1619 case 19: /* HcRhDescriptorB */
1620 break;
1622 case 20: /* HcRhStatus */
1623 ohci_set_hub_status(ohci, val);
1624 break;
1626 /* PXA27x specific registers */
1627 case 24: /* HcStatus */
1628 ohci->hstatus &= ~(val & ohci->hmask);
1630 case 25: /* HcHReset */
1631 ohci->hreset = val & ~OHCI_HRESET_FSBIR;
1632 if (val & OHCI_HRESET_FSBIR)
1633 ohci_reset(ohci);
1634 break;
1636 case 26: /* HcHInterruptEnable */
1637 ohci->hmask = val;
1638 break;
1640 case 27: /* HcHInterruptTest */
1641 ohci->htest = val;
1642 break;
1644 default:
1645 fprintf(stderr, "ohci_write: Bad offset %x\n", (int)addr);
1646 break;
1650 /* Only dword reads are defined on OHCI register space */
1651 static CPUReadMemoryFunc * const ohci_readfn[3]={
1652 ohci_mem_read,
1653 ohci_mem_read,
1654 ohci_mem_read
1657 /* Only dword writes are defined on OHCI register space */
1658 static CPUWriteMemoryFunc * const ohci_writefn[3]={
1659 ohci_mem_write,
1660 ohci_mem_write,
1661 ohci_mem_write
1664 static void usb_ohci_init(OHCIState *ohci, DeviceState *dev,
1665 int num_ports, int devfn,
1666 qemu_irq irq, enum ohci_type type,
1667 const char *name, uint32_t localmem_base)
1669 int i;
1671 if (usb_frame_time == 0) {
1672 #ifdef OHCI_TIME_WARP
1673 usb_frame_time = get_ticks_per_sec();
1674 usb_bit_time = muldiv64(1, get_ticks_per_sec(), USB_HZ/1000);
1675 #else
1676 usb_frame_time = muldiv64(1, get_ticks_per_sec(), 1000);
1677 if (get_ticks_per_sec() >= USB_HZ) {
1678 usb_bit_time = muldiv64(1, get_ticks_per_sec(), USB_HZ);
1679 } else {
1680 usb_bit_time = 1;
1682 #endif
1683 DPRINTF("usb-ohci: usb_bit_time=%" PRId64 " usb_frame_time=%" PRId64 "\n",
1684 usb_frame_time, usb_bit_time);
1687 ohci->mem = cpu_register_io_memory(ohci_readfn, ohci_writefn, ohci);
1688 ohci->localmem_base = localmem_base;
1689 ohci->name = name;
1691 ohci->irq = irq;
1692 ohci->type = type;
1694 usb_bus_new(&ohci->bus, dev);
1695 ohci->num_ports = num_ports;
1696 for (i = 0; i < num_ports; i++) {
1697 usb_register_port(&ohci->bus, &ohci->rhport[i].port, ohci, i, ohci_attach);
1700 ohci->async_td = 0;
1701 qemu_register_reset(ohci_reset, ohci);
1704 typedef struct {
1705 PCIDevice pci_dev;
1706 OHCIState state;
1707 } OHCIPCIState;
1709 static void ohci_mapfunc(PCIDevice *pci_dev, int i,
1710 pcibus_t addr, pcibus_t size, int type)
1712 OHCIPCIState *ohci = DO_UPCAST(OHCIPCIState, pci_dev, pci_dev);
1713 cpu_register_physical_memory(addr, size, ohci->state.mem);
1716 static int usb_ohci_initfn_pci(struct PCIDevice *dev)
1718 OHCIPCIState *ohci = DO_UPCAST(OHCIPCIState, pci_dev, dev);
1719 int num_ports = 3;
1721 pci_config_set_vendor_id(ohci->pci_dev.config, PCI_VENDOR_ID_APPLE);
1722 pci_config_set_device_id(ohci->pci_dev.config,
1723 PCI_DEVICE_ID_APPLE_IPID_USB);
1724 ohci->pci_dev.config[PCI_CLASS_PROG] = 0x10; /* OHCI */
1725 pci_config_set_class(ohci->pci_dev.config, PCI_CLASS_SERIAL_USB);
1726 /* TODO: RST# value should be 0. */
1727 ohci->pci_dev.config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin 1 */
1729 usb_ohci_init(&ohci->state, &dev->qdev, num_ports,
1730 ohci->pci_dev.devfn, ohci->pci_dev.irq[0],
1731 OHCI_TYPE_PCI, ohci->pci_dev.name, 0);
1733 /* TODO: avoid cast below by using dev */
1734 pci_register_bar((struct PCIDevice *)ohci, 0, 256,
1735 PCI_BASE_ADDRESS_SPACE_MEMORY, ohci_mapfunc);
1736 return 0;
1739 void usb_ohci_init_pci(struct PCIBus *bus, int devfn)
1741 pci_create_simple(bus, devfn, "pci-ohci");
1744 void usb_ohci_init_pxa(target_phys_addr_t base, int num_ports, int devfn,
1745 qemu_irq irq)
1747 OHCIState *ohci = (OHCIState *)qemu_mallocz(sizeof(OHCIState));
1749 usb_ohci_init(ohci, NULL /* FIXME */, num_ports, devfn, irq,
1750 OHCI_TYPE_PXA, "OHCI USB", 0);
1752 cpu_register_physical_memory(base, 0x1000, ohci->mem);
1755 void usb_ohci_init_sm501(uint32_t mmio_base, uint32_t localmem_base,
1756 int num_ports, int devfn, qemu_irq irq)
1758 OHCIState *ohci = (OHCIState *)qemu_mallocz(sizeof(OHCIState));
1760 usb_ohci_init(ohci, NULL /* FIXME */, num_ports, devfn, irq,
1761 OHCI_TYPE_SM501, "OHCI USB", localmem_base);
1763 cpu_register_physical_memory(mmio_base, 0x1000, ohci->mem);
1766 static PCIDeviceInfo ohci_info = {
1767 .qdev.name = "pci-ohci",
1768 .qdev.desc = "Apple USB Controller",
1769 .qdev.size = sizeof(OHCIPCIState),
1770 .init = usb_ohci_initfn_pci,
1773 static void ohci_register(void)
1775 pci_qdev_register(&ohci_info);
1777 device_init(ohci_register);