2 * QEMU USB OHCI Emulation
3 * Copyright (c) 2004 Gianni Tedesco
4 * Copyright (c) 2006 CodeSourcery
5 * Copyright (c) 2006 Openedhand Ltd.
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 * o Isochronous transfers
22 * o Allocate bandwidth in frames properly
23 * o Disable timers when nothing needs to be done, or remove timer usage
25 * o BIOS work to boot from USB storage
28 #include "qemu/osdep.h"
30 #include "qapi/error.h"
31 #include "qemu/module.h"
32 #include "qemu/timer.h"
34 #include "migration/vmstate.h"
35 #include "hw/sysbus.h"
36 #include "hw/qdev-dma.h"
37 #include "hw/qdev-properties.h"
41 /* This causes frames to occur 1000x slower */
42 /*#define OHCI_TIME_WARP 1*/
44 #define ED_LINK_LIMIT 32
46 static int64_t usb_frame_time
;
47 static int64_t usb_bit_time
;
49 /* Host Controller Communications Area */
55 #define HCCA_WRITEBACK_OFFSET offsetof(struct ohci_hcca, frame)
56 #define HCCA_WRITEBACK_SIZE 8 /* frame, pad, done */
58 #define ED_WBACK_OFFSET offsetof(struct ohci_ed, head)
59 #define ED_WBACK_SIZE 4
61 /* Bitfields for the first word of an Endpoint Descriptor. */
62 #define OHCI_ED_FA_SHIFT 0
63 #define OHCI_ED_FA_MASK (0x7f << OHCI_ED_FA_SHIFT)
64 #define OHCI_ED_EN_SHIFT 7
65 #define OHCI_ED_EN_MASK (0xf << OHCI_ED_EN_SHIFT)
66 #define OHCI_ED_D_SHIFT 11
67 #define OHCI_ED_D_MASK (3 << OHCI_ED_D_SHIFT)
68 #define OHCI_ED_S (1 << 13)
69 #define OHCI_ED_K (1 << 14)
70 #define OHCI_ED_F (1 << 15)
71 #define OHCI_ED_MPS_SHIFT 16
72 #define OHCI_ED_MPS_MASK (0x7ff << OHCI_ED_MPS_SHIFT)
74 /* Flags in the head field of an Endpoint Descriptor. */
78 /* Bitfields for the first word of a Transfer Descriptor. */
79 #define OHCI_TD_R (1 << 18)
80 #define OHCI_TD_DP_SHIFT 19
81 #define OHCI_TD_DP_MASK (3 << OHCI_TD_DP_SHIFT)
82 #define OHCI_TD_DI_SHIFT 21
83 #define OHCI_TD_DI_MASK (7 << OHCI_TD_DI_SHIFT)
84 #define OHCI_TD_T0 (1 << 24)
85 #define OHCI_TD_T1 (1 << 25)
86 #define OHCI_TD_EC_SHIFT 26
87 #define OHCI_TD_EC_MASK (3 << OHCI_TD_EC_SHIFT)
88 #define OHCI_TD_CC_SHIFT 28
89 #define OHCI_TD_CC_MASK (0xf << OHCI_TD_CC_SHIFT)
91 /* Bitfields for the first word of an Isochronous Transfer Descriptor. */
92 /* CC & DI - same as in the General Transfer Descriptor */
93 #define OHCI_TD_SF_SHIFT 0
94 #define OHCI_TD_SF_MASK (0xffff << OHCI_TD_SF_SHIFT)
95 #define OHCI_TD_FC_SHIFT 24
96 #define OHCI_TD_FC_MASK (7 << OHCI_TD_FC_SHIFT)
98 /* Isochronous Transfer Descriptor - Offset / PacketStatusWord */
99 #define OHCI_TD_PSW_CC_SHIFT 12
100 #define OHCI_TD_PSW_CC_MASK (0xf << OHCI_TD_PSW_CC_SHIFT)
101 #define OHCI_TD_PSW_SIZE_SHIFT 0
102 #define OHCI_TD_PSW_SIZE_MASK (0xfff << OHCI_TD_PSW_SIZE_SHIFT)
104 #define OHCI_PAGE_MASK 0xfffff000
105 #define OHCI_OFFSET_MASK 0xfff
107 #define OHCI_DPTR_MASK 0xfffffff0
109 #define OHCI_BM(val, field) \
110 (((val) & OHCI_##field##_MASK) >> OHCI_##field##_SHIFT)
112 #define OHCI_SET_BM(val, field, newval) do { \
113 val &= ~OHCI_##field##_MASK; \
114 val |= ((newval) << OHCI_##field##_SHIFT) & OHCI_##field##_MASK; \
117 /* endpoint descriptor */
125 /* General transfer descriptor */
133 /* Isochronous transfer descriptor */
142 #define USB_HZ 12000000
144 /* OHCI Local stuff */
145 #define OHCI_CTL_CBSR ((1 << 0) | (1 << 1))
146 #define OHCI_CTL_PLE (1 << 2)
147 #define OHCI_CTL_IE (1 << 3)
148 #define OHCI_CTL_CLE (1 << 4)
149 #define OHCI_CTL_BLE (1 << 5)
150 #define OHCI_CTL_HCFS ((1 << 6) | (1 << 7))
151 #define OHCI_USB_RESET 0x00
152 #define OHCI_USB_RESUME 0x40
153 #define OHCI_USB_OPERATIONAL 0x80
154 #define OHCI_USB_SUSPEND 0xc0
155 #define OHCI_CTL_IR (1 << 8)
156 #define OHCI_CTL_RWC (1 << 9)
157 #define OHCI_CTL_RWE (1 << 10)
159 #define OHCI_STATUS_HCR (1 << 0)
160 #define OHCI_STATUS_CLF (1 << 1)
161 #define OHCI_STATUS_BLF (1 << 2)
162 #define OHCI_STATUS_OCR (1 << 3)
163 #define OHCI_STATUS_SOC ((1 << 6) | (1 << 7))
165 #define OHCI_INTR_SO (1U << 0) /* Scheduling overrun */
166 #define OHCI_INTR_WD (1U << 1) /* HcDoneHead writeback */
167 #define OHCI_INTR_SF (1U << 2) /* Start of frame */
168 #define OHCI_INTR_RD (1U << 3) /* Resume detect */
169 #define OHCI_INTR_UE (1U << 4) /* Unrecoverable error */
170 #define OHCI_INTR_FNO (1U << 5) /* Frame number overflow */
171 #define OHCI_INTR_RHSC (1U << 6) /* Root hub status change */
172 #define OHCI_INTR_OC (1U << 30) /* Ownership change */
173 #define OHCI_INTR_MIE (1U << 31) /* Master Interrupt Enable */
175 #define OHCI_HCCA_SIZE 0x100
176 #define OHCI_HCCA_MASK 0xffffff00
178 #define OHCI_EDPTR_MASK 0xfffffff0
180 #define OHCI_FMI_FI 0x00003fff
181 #define OHCI_FMI_FSMPS 0xffff0000
182 #define OHCI_FMI_FIT 0x80000000
184 #define OHCI_FR_RT (1U << 31)
186 #define OHCI_LS_THRESH 0x628
188 #define OHCI_RHA_RW_MASK 0x00000000 /* Mask of supported features. */
189 #define OHCI_RHA_PSM (1 << 8)
190 #define OHCI_RHA_NPS (1 << 9)
191 #define OHCI_RHA_DT (1 << 10)
192 #define OHCI_RHA_OCPM (1 << 11)
193 #define OHCI_RHA_NOCP (1 << 12)
194 #define OHCI_RHA_POTPGT_MASK 0xff000000
196 #define OHCI_RHS_LPS (1U << 0)
197 #define OHCI_RHS_OCI (1U << 1)
198 #define OHCI_RHS_DRWE (1U << 15)
199 #define OHCI_RHS_LPSC (1U << 16)
200 #define OHCI_RHS_OCIC (1U << 17)
201 #define OHCI_RHS_CRWE (1U << 31)
203 #define OHCI_PORT_CCS (1 << 0)
204 #define OHCI_PORT_PES (1 << 1)
205 #define OHCI_PORT_PSS (1 << 2)
206 #define OHCI_PORT_POCI (1 << 3)
207 #define OHCI_PORT_PRS (1 << 4)
208 #define OHCI_PORT_PPS (1 << 8)
209 #define OHCI_PORT_LSDA (1 << 9)
210 #define OHCI_PORT_CSC (1 << 16)
211 #define OHCI_PORT_PESC (1 << 17)
212 #define OHCI_PORT_PSSC (1 << 18)
213 #define OHCI_PORT_OCIC (1 << 19)
214 #define OHCI_PORT_PRSC (1 << 20)
215 #define OHCI_PORT_WTC (OHCI_PORT_CSC | OHCI_PORT_PESC | \
216 OHCI_PORT_PSSC | OHCI_PORT_OCIC | \
218 #define OHCI_TD_DIR_SETUP 0x0
219 #define OHCI_TD_DIR_OUT 0x1
220 #define OHCI_TD_DIR_IN 0x2
221 #define OHCI_TD_DIR_RESERVED 0x3
223 #define OHCI_CC_NOERROR 0x0
224 #define OHCI_CC_CRC 0x1
225 #define OHCI_CC_BITSTUFFING 0x2
226 #define OHCI_CC_DATATOGGLEMISMATCH 0x3
227 #define OHCI_CC_STALL 0x4
228 #define OHCI_CC_DEVICENOTRESPONDING 0x5
229 #define OHCI_CC_PIDCHECKFAILURE 0x6
230 #define OHCI_CC_UNDEXPETEDPID 0x7
231 #define OHCI_CC_DATAOVERRUN 0x8
232 #define OHCI_CC_DATAUNDERRUN 0x9
233 #define OHCI_CC_BUFFEROVERRUN 0xc
234 #define OHCI_CC_BUFFERUNDERRUN 0xd
236 #define OHCI_HRESET_FSBIR (1 << 0)
238 static const char *ohci_reg_names
[] = {
239 "HcRevision", "HcControl", "HcCommandStatus", "HcInterruptStatus",
240 "HcInterruptEnable", "HcInterruptDisable", "HcHCCA", "HcPeriodCurrentED",
241 "HcControlHeadED", "HcControlCurrentED", "HcBulkHeadED", "HcBulkCurrentED",
242 "HcDoneHead", "HcFmInterval", "HcFmRemaining", "HcFmNumber",
243 "HcPeriodicStart", "HcLSThreshold", "HcRhDescriptorA", "HcRhDescriptorB",
247 static const char *ohci_reg_name(hwaddr addr
)
249 if (addr
>> 2 < ARRAY_SIZE(ohci_reg_names
)) {
250 return ohci_reg_names
[addr
>> 2];
256 static void ohci_die(OHCIState
*ohci
)
258 ohci
->ohci_die(ohci
);
261 /* Update IRQ levels */
262 static inline void ohci_intr_update(OHCIState
*ohci
)
266 if ((ohci
->intr
& OHCI_INTR_MIE
) &&
267 (ohci
->intr_status
& ohci
->intr
))
270 qemu_set_irq(ohci
->irq
, level
);
273 /* Set an interrupt */
274 static inline void ohci_set_interrupt(OHCIState
*ohci
, uint32_t intr
)
276 ohci
->intr_status
|= intr
;
277 ohci_intr_update(ohci
);
280 static USBDevice
*ohci_find_device(OHCIState
*ohci
, uint8_t addr
)
285 for (i
= 0; i
< ohci
->num_ports
; i
++) {
286 if ((ohci
->rhport
[i
].ctrl
& OHCI_PORT_PES
) == 0) {
289 dev
= usb_find_device(&ohci
->rhport
[i
].port
, addr
);
297 void ohci_stop_endpoints(OHCIState
*ohci
)
302 if (ohci
->async_td
) {
303 usb_cancel_packet(&ohci
->usb_packet
);
306 for (i
= 0; i
< ohci
->num_ports
; i
++) {
307 dev
= ohci
->rhport
[i
].port
.dev
;
308 if (dev
&& dev
->attached
) {
309 usb_device_ep_stopped(dev
, &dev
->ep_ctl
);
310 for (j
= 0; j
< USB_MAX_ENDPOINTS
; j
++) {
311 usb_device_ep_stopped(dev
, &dev
->ep_in
[j
]);
312 usb_device_ep_stopped(dev
, &dev
->ep_out
[j
]);
318 static void ohci_roothub_reset(OHCIState
*ohci
)
324 ohci
->rhdesc_a
= OHCI_RHA_NPS
| ohci
->num_ports
;
325 ohci
->rhdesc_b
= 0x0; /* Impl. specific */
328 for (i
= 0; i
< ohci
->num_ports
; i
++) {
329 port
= &ohci
->rhport
[i
];
331 if (port
->port
.dev
&& port
->port
.dev
->attached
) {
332 usb_port_reset(&port
->port
);
335 ohci_stop_endpoints(ohci
);
338 /* Reset the controller */
339 static void ohci_soft_reset(OHCIState
*ohci
)
341 trace_usb_ohci_reset(ohci
->name
);
344 ohci
->ctl
= (ohci
->ctl
& OHCI_CTL_IR
) | OHCI_USB_SUSPEND
;
347 ohci
->intr_status
= 0;
348 ohci
->intr
= OHCI_INTR_MIE
;
351 ohci
->ctrl_head
= ohci
->ctrl_cur
= 0;
352 ohci
->bulk_head
= ohci
->bulk_cur
= 0;
355 ohci
->done_count
= 7;
357 * FSMPS is marked TBD in OCHI 1.0, what gives ffs?
358 * I took the value linux sets ...
360 ohci
->fsmps
= 0x2778;
364 ohci
->frame_number
= 0;
366 ohci
->lst
= OHCI_LS_THRESH
;
369 void ohci_hard_reset(OHCIState
*ohci
)
371 ohci_soft_reset(ohci
);
373 ohci_roothub_reset(ohci
);
376 /* Get an array of dwords from main memory */
377 static inline int get_dwords(OHCIState
*ohci
,
378 dma_addr_t addr
, uint32_t *buf
, int num
)
382 addr
+= ohci
->localmem_base
;
384 for (i
= 0; i
< num
; i
++, buf
++, addr
+= sizeof(*buf
)) {
385 if (dma_memory_read(ohci
->as
, addr
,
386 buf
, sizeof(*buf
), MEMTXATTRS_UNSPECIFIED
)) {
389 *buf
= le32_to_cpu(*buf
);
395 /* Put an array of dwords in to main memory */
396 static inline int put_dwords(OHCIState
*ohci
,
397 dma_addr_t addr
, uint32_t *buf
, int num
)
401 addr
+= ohci
->localmem_base
;
403 for (i
= 0; i
< num
; i
++, buf
++, addr
+= sizeof(*buf
)) {
404 uint32_t tmp
= cpu_to_le32(*buf
);
405 if (dma_memory_write(ohci
->as
, addr
,
406 &tmp
, sizeof(tmp
), MEMTXATTRS_UNSPECIFIED
)) {
414 /* Get an array of words from main memory */
415 static inline int get_words(OHCIState
*ohci
,
416 dma_addr_t addr
, uint16_t *buf
, int num
)
420 addr
+= ohci
->localmem_base
;
422 for (i
= 0; i
< num
; i
++, buf
++, addr
+= sizeof(*buf
)) {
423 if (dma_memory_read(ohci
->as
, addr
,
424 buf
, sizeof(*buf
), MEMTXATTRS_UNSPECIFIED
)) {
427 *buf
= le16_to_cpu(*buf
);
433 /* Put an array of words in to main memory */
434 static inline int put_words(OHCIState
*ohci
,
435 dma_addr_t addr
, uint16_t *buf
, int num
)
439 addr
+= ohci
->localmem_base
;
441 for (i
= 0; i
< num
; i
++, buf
++, addr
+= sizeof(*buf
)) {
442 uint16_t tmp
= cpu_to_le16(*buf
);
443 if (dma_memory_write(ohci
->as
, addr
,
444 &tmp
, sizeof(tmp
), MEMTXATTRS_UNSPECIFIED
)) {
452 static inline int ohci_read_ed(OHCIState
*ohci
,
453 dma_addr_t addr
, struct ohci_ed
*ed
)
455 return get_dwords(ohci
, addr
, (uint32_t *)ed
, sizeof(*ed
) >> 2);
458 static inline int ohci_read_td(OHCIState
*ohci
,
459 dma_addr_t addr
, struct ohci_td
*td
)
461 return get_dwords(ohci
, addr
, (uint32_t *)td
, sizeof(*td
) >> 2);
464 static inline int ohci_read_iso_td(OHCIState
*ohci
,
465 dma_addr_t addr
, struct ohci_iso_td
*td
)
467 return get_dwords(ohci
, addr
, (uint32_t *)td
, 4) ||
468 get_words(ohci
, addr
+ 16, td
->offset
, 8);
471 static inline int ohci_read_hcca(OHCIState
*ohci
,
472 dma_addr_t addr
, struct ohci_hcca
*hcca
)
474 return dma_memory_read(ohci
->as
, addr
+ ohci
->localmem_base
, hcca
,
475 sizeof(*hcca
), MEMTXATTRS_UNSPECIFIED
);
478 static inline int ohci_put_ed(OHCIState
*ohci
,
479 dma_addr_t addr
, struct ohci_ed
*ed
)
482 * ed->tail is under control of the HCD.
483 * Since just ed->head is changed by HC, just write back this
485 return put_dwords(ohci
, addr
+ ED_WBACK_OFFSET
,
486 (uint32_t *)((char *)ed
+ ED_WBACK_OFFSET
),
490 static inline int ohci_put_td(OHCIState
*ohci
,
491 dma_addr_t addr
, struct ohci_td
*td
)
493 return put_dwords(ohci
, addr
, (uint32_t *)td
, sizeof(*td
) >> 2);
496 static inline int ohci_put_iso_td(OHCIState
*ohci
,
497 dma_addr_t addr
, struct ohci_iso_td
*td
)
499 return put_dwords(ohci
, addr
, (uint32_t *)td
, 4) ||
500 put_words(ohci
, addr
+ 16, td
->offset
, 8);
503 static inline int ohci_put_hcca(OHCIState
*ohci
,
504 dma_addr_t addr
, struct ohci_hcca
*hcca
)
506 return dma_memory_write(ohci
->as
,
507 addr
+ ohci
->localmem_base
+ HCCA_WRITEBACK_OFFSET
,
508 (char *)hcca
+ HCCA_WRITEBACK_OFFSET
,
509 HCCA_WRITEBACK_SIZE
, MEMTXATTRS_UNSPECIFIED
);
512 /* Read/Write the contents of a TD from/to main memory. */
513 static int ohci_copy_td(OHCIState
*ohci
, struct ohci_td
*td
,
514 uint8_t *buf
, int len
, DMADirection dir
)
519 n
= 0x1000 - (ptr
& 0xfff);
523 if (dma_memory_rw(ohci
->as
, ptr
+ ohci
->localmem_base
, buf
,
524 n
, dir
, MEMTXATTRS_UNSPECIFIED
)) {
530 ptr
= td
->be
& ~0xfffu
;
532 if (dma_memory_rw(ohci
->as
, ptr
+ ohci
->localmem_base
, buf
,
533 len
- n
, dir
, MEMTXATTRS_UNSPECIFIED
)) {
539 /* Read/Write the contents of an ISO TD from/to main memory. */
540 static int ohci_copy_iso_td(OHCIState
*ohci
,
541 uint32_t start_addr
, uint32_t end_addr
,
542 uint8_t *buf
, int len
, DMADirection dir
)
547 n
= 0x1000 - (ptr
& 0xfff);
551 if (dma_memory_rw(ohci
->as
, ptr
+ ohci
->localmem_base
, buf
,
552 n
, dir
, MEMTXATTRS_UNSPECIFIED
)) {
558 ptr
= end_addr
& ~0xfffu
;
560 if (dma_memory_rw(ohci
->as
, ptr
+ ohci
->localmem_base
, buf
,
561 len
- n
, dir
, MEMTXATTRS_UNSPECIFIED
)) {
567 #define USUB(a, b) ((int16_t)((uint16_t)(a) - (uint16_t)(b)))
569 static int ohci_service_iso_td(OHCIState
*ohci
, struct ohci_ed
*ed
)
573 const char *str
= NULL
;
582 struct ohci_iso_td iso_td
;
584 uint16_t starting_frame
;
585 int16_t relative_frame_number
;
587 uint32_t start_offset
, next_offset
, end_offset
= 0;
588 uint32_t start_addr
, end_addr
;
590 addr
= ed
->head
& OHCI_DPTR_MASK
;
597 if (ohci_read_iso_td(ohci
, addr
, &iso_td
)) {
598 trace_usb_ohci_iso_td_read_failed(addr
);
603 starting_frame
= OHCI_BM(iso_td
.flags
, TD_SF
);
604 frame_count
= OHCI_BM(iso_td
.flags
, TD_FC
);
605 relative_frame_number
= USUB(ohci
->frame_number
, starting_frame
);
607 trace_usb_ohci_iso_td_head(
608 ed
->head
& OHCI_DPTR_MASK
, ed
->tail
& OHCI_DPTR_MASK
,
609 iso_td
.flags
, iso_td
.bp
, iso_td
.next
, iso_td
.be
,
610 ohci
->frame_number
, starting_frame
,
611 frame_count
, relative_frame_number
);
612 trace_usb_ohci_iso_td_head_offset(
613 iso_td
.offset
[0], iso_td
.offset
[1],
614 iso_td
.offset
[2], iso_td
.offset
[3],
615 iso_td
.offset
[4], iso_td
.offset
[5],
616 iso_td
.offset
[6], iso_td
.offset
[7]);
618 if (relative_frame_number
< 0) {
619 trace_usb_ohci_iso_td_relative_frame_number_neg(relative_frame_number
);
621 } else if (relative_frame_number
> frame_count
) {
623 * ISO TD expired - retire the TD to the Done Queue and continue with
624 * the next ISO TD of the same ED
626 trace_usb_ohci_iso_td_relative_frame_number_big(relative_frame_number
,
628 if (OHCI_CC_DATAOVERRUN
== OHCI_BM(iso_td
.flags
, TD_CC
)) {
629 /* avoid infinite loop */
632 OHCI_SET_BM(iso_td
.flags
, TD_CC
, OHCI_CC_DATAOVERRUN
);
633 ed
->head
&= ~OHCI_DPTR_MASK
;
634 ed
->head
|= (iso_td
.next
& OHCI_DPTR_MASK
);
635 iso_td
.next
= ohci
->done
;
637 i
= OHCI_BM(iso_td
.flags
, TD_DI
);
638 if (i
< ohci
->done_count
) {
639 ohci
->done_count
= i
;
641 if (ohci_put_iso_td(ohci
, addr
, &iso_td
)) {
648 dir
= OHCI_BM(ed
->flags
, ED_D
);
654 case OHCI_TD_DIR_OUT
:
658 case OHCI_TD_DIR_SETUP
:
660 pid
= USB_TOKEN_SETUP
;
663 trace_usb_ohci_iso_td_bad_direction(dir
);
667 if (!iso_td
.bp
|| !iso_td
.be
) {
668 trace_usb_ohci_iso_td_bad_bp_be(iso_td
.bp
, iso_td
.be
);
672 start_offset
= iso_td
.offset
[relative_frame_number
];
673 if (relative_frame_number
< frame_count
) {
674 next_offset
= iso_td
.offset
[relative_frame_number
+ 1];
676 next_offset
= iso_td
.be
;
679 if (!(OHCI_BM(start_offset
, TD_PSW_CC
) & 0xe) ||
680 ((relative_frame_number
< frame_count
) &&
681 !(OHCI_BM(next_offset
, TD_PSW_CC
) & 0xe))) {
682 trace_usb_ohci_iso_td_bad_cc_not_accessed(start_offset
, next_offset
);
686 if ((relative_frame_number
< frame_count
) && (start_offset
> next_offset
)) {
687 trace_usb_ohci_iso_td_bad_cc_overrun(start_offset
, next_offset
);
691 if ((start_offset
& 0x1000) == 0) {
692 start_addr
= (iso_td
.bp
& OHCI_PAGE_MASK
) |
693 (start_offset
& OHCI_OFFSET_MASK
);
695 start_addr
= (iso_td
.be
& OHCI_PAGE_MASK
) |
696 (start_offset
& OHCI_OFFSET_MASK
);
699 if (relative_frame_number
< frame_count
) {
700 end_offset
= next_offset
- 1;
701 if ((end_offset
& 0x1000) == 0) {
702 end_addr
= (iso_td
.bp
& OHCI_PAGE_MASK
) |
703 (end_offset
& OHCI_OFFSET_MASK
);
705 end_addr
= (iso_td
.be
& OHCI_PAGE_MASK
) |
706 (end_offset
& OHCI_OFFSET_MASK
);
709 /* Last packet in the ISO TD */
710 end_addr
= next_offset
;
713 if (start_addr
> end_addr
) {
714 trace_usb_ohci_iso_td_bad_cc_overrun(start_addr
, end_addr
);
718 if ((start_addr
& OHCI_PAGE_MASK
) != (end_addr
& OHCI_PAGE_MASK
)) {
719 len
= (end_addr
& OHCI_OFFSET_MASK
) + 0x1001
720 - (start_addr
& OHCI_OFFSET_MASK
);
722 len
= end_addr
- start_addr
+ 1;
724 if (len
> sizeof(buf
)) {
728 if (len
&& dir
!= OHCI_TD_DIR_IN
) {
729 if (ohci_copy_iso_td(ohci
, start_addr
, end_addr
, buf
, len
,
730 DMA_DIRECTION_TO_DEVICE
)) {
736 dev
= ohci_find_device(ohci
, OHCI_BM(ed
->flags
, ED_FA
));
738 trace_usb_ohci_td_dev_error();
741 ep
= usb_ep_get(dev
, pid
, OHCI_BM(ed
->flags
, ED_EN
));
742 pkt
= g_new0(USBPacket
, 1);
743 usb_packet_init(pkt
);
744 int_req
= relative_frame_number
== frame_count
&&
745 OHCI_BM(iso_td
.flags
, TD_DI
) == 0;
746 usb_packet_setup(pkt
, pid
, ep
, 0, addr
, false, int_req
);
747 usb_packet_addbuf(pkt
, buf
, len
);
748 usb_handle_packet(dev
, pkt
);
749 if (pkt
->status
== USB_RET_ASYNC
) {
750 usb_device_flush_ep_queue(dev
, ep
);
754 if (pkt
->status
== USB_RET_SUCCESS
) {
755 ret
= pkt
->actual_length
;
761 trace_usb_ohci_iso_td_so(start_offset
, end_offset
, start_addr
, end_addr
,
765 if (dir
== OHCI_TD_DIR_IN
&& ret
>= 0 && ret
<= len
) {
766 /* IN transfer succeeded */
767 if (ohci_copy_iso_td(ohci
, start_addr
, end_addr
, buf
, ret
,
768 DMA_DIRECTION_FROM_DEVICE
)) {
772 OHCI_SET_BM(iso_td
.offset
[relative_frame_number
], TD_PSW_CC
,
774 OHCI_SET_BM(iso_td
.offset
[relative_frame_number
], TD_PSW_SIZE
, ret
);
775 } else if (dir
== OHCI_TD_DIR_OUT
&& ret
== len
) {
776 /* OUT transfer succeeded */
777 OHCI_SET_BM(iso_td
.offset
[relative_frame_number
], TD_PSW_CC
,
779 OHCI_SET_BM(iso_td
.offset
[relative_frame_number
], TD_PSW_SIZE
, 0);
781 if (ret
> (ssize_t
) len
) {
782 trace_usb_ohci_iso_td_data_overrun(ret
, len
);
783 OHCI_SET_BM(iso_td
.offset
[relative_frame_number
], TD_PSW_CC
,
784 OHCI_CC_DATAOVERRUN
);
785 OHCI_SET_BM(iso_td
.offset
[relative_frame_number
], TD_PSW_SIZE
,
787 } else if (ret
>= 0) {
788 trace_usb_ohci_iso_td_data_underrun(ret
);
789 OHCI_SET_BM(iso_td
.offset
[relative_frame_number
], TD_PSW_CC
,
790 OHCI_CC_DATAUNDERRUN
);
793 case USB_RET_IOERROR
:
795 OHCI_SET_BM(iso_td
.offset
[relative_frame_number
], TD_PSW_CC
,
796 OHCI_CC_DEVICENOTRESPONDING
);
797 OHCI_SET_BM(iso_td
.offset
[relative_frame_number
], TD_PSW_SIZE
,
802 trace_usb_ohci_iso_td_nak(ret
);
803 OHCI_SET_BM(iso_td
.offset
[relative_frame_number
], TD_PSW_CC
,
805 OHCI_SET_BM(iso_td
.offset
[relative_frame_number
], TD_PSW_SIZE
,
809 trace_usb_ohci_iso_td_bad_response(ret
);
810 OHCI_SET_BM(iso_td
.offset
[relative_frame_number
], TD_PSW_CC
,
811 OHCI_CC_UNDEXPETEDPID
);
817 if (relative_frame_number
== frame_count
) {
818 /* Last data packet of ISO TD - retire the TD to the Done Queue */
819 OHCI_SET_BM(iso_td
.flags
, TD_CC
, OHCI_CC_NOERROR
);
820 ed
->head
&= ~OHCI_DPTR_MASK
;
821 ed
->head
|= (iso_td
.next
& OHCI_DPTR_MASK
);
822 iso_td
.next
= ohci
->done
;
824 i
= OHCI_BM(iso_td
.flags
, TD_DI
);
825 if (i
< ohci
->done_count
) {
826 ohci
->done_count
= i
;
829 if (ohci_put_iso_td(ohci
, addr
, &iso_td
)) {
835 #define HEX_CHAR_PER_LINE 16
837 static void ohci_td_pkt(const char *msg
, const uint8_t *buf
, size_t len
)
842 char tmp
[3 * HEX_CHAR_PER_LINE
+ 1];
845 print16
= !!trace_event_get_state_backends(TRACE_USB_OHCI_TD_PKT_SHORT
);
846 printall
= !!trace_event_get_state_backends(TRACE_USB_OHCI_TD_PKT_FULL
);
848 if (!printall
&& !print16
) {
853 if (i
&& (!(i
% HEX_CHAR_PER_LINE
) || (i
== len
))) {
855 trace_usb_ohci_td_pkt_short(msg
, tmp
);
858 trace_usb_ohci_td_pkt_full(msg
, tmp
);
866 p
+= sprintf(p
, " %.2x", buf
[i
]);
871 * Service a transport descriptor.
872 * Returns nonzero to terminate processing of this endpoint.
874 static int ohci_service_td(OHCIState
*ohci
, struct ohci_ed
*ed
)
877 size_t len
= 0, pktlen
= 0;
878 const char *str
= NULL
;
889 addr
= ed
->head
& OHCI_DPTR_MASK
;
895 /* See if this TD has already been submitted to the device. */
896 completion
= (addr
== ohci
->async_td
);
897 if (completion
&& !ohci
->async_complete
) {
898 trace_usb_ohci_td_skip_async();
901 if (ohci_read_td(ohci
, addr
, &td
)) {
902 trace_usb_ohci_td_read_error(addr
);
907 dir
= OHCI_BM(ed
->flags
, ED_D
);
909 case OHCI_TD_DIR_OUT
:
914 dir
= OHCI_BM(td
.flags
, TD_DP
);
923 case OHCI_TD_DIR_OUT
:
927 case OHCI_TD_DIR_SETUP
:
929 pid
= USB_TOKEN_SETUP
;
932 trace_usb_ohci_td_bad_direction(dir
);
935 if (td
.cbp
&& td
.be
) {
936 if ((td
.cbp
& 0xfffff000) != (td
.be
& 0xfffff000)) {
937 len
= (td
.be
& 0xfff) + 0x1001 - (td
.cbp
& 0xfff);
939 if (td
.cbp
> td
.be
) {
940 trace_usb_ohci_iso_td_bad_cc_overrun(td
.cbp
, td
.be
);
944 len
= (td
.be
- td
.cbp
) + 1;
946 if (len
> sizeof(ohci
->usb_buf
)) {
947 len
= sizeof(ohci
->usb_buf
);
951 if (len
&& dir
!= OHCI_TD_DIR_IN
) {
952 /* The endpoint may not allow us to transfer it all now */
953 pktlen
= (ed
->flags
& OHCI_ED_MPS_MASK
) >> OHCI_ED_MPS_SHIFT
;
958 if (ohci_copy_td(ohci
, &td
, ohci
->usb_buf
, pktlen
,
959 DMA_DIRECTION_TO_DEVICE
)) {
966 flag_r
= (td
.flags
& OHCI_TD_R
) != 0;
967 trace_usb_ohci_td_pkt_hdr(addr
, (int64_t)pktlen
, (int64_t)len
, str
,
968 flag_r
, td
.cbp
, td
.be
);
969 ohci_td_pkt("OUT", ohci
->usb_buf
, pktlen
);
973 ohci
->async_complete
= false;
975 dev
= ohci_find_device(ohci
, OHCI_BM(ed
->flags
, ED_FA
));
977 trace_usb_ohci_td_dev_error();
980 ep
= usb_ep_get(dev
, pid
, OHCI_BM(ed
->flags
, ED_EN
));
981 if (ohci
->async_td
) {
983 * ??? The hardware should allow one active packet per
984 * endpoint. We only allow one active packet per controller.
985 * This should be sufficient as long as devices respond in a
988 trace_usb_ohci_td_too_many_pending(ep
->nr
);
991 usb_packet_setup(&ohci
->usb_packet
, pid
, ep
, 0, addr
, !flag_r
,
992 OHCI_BM(td
.flags
, TD_DI
) == 0);
993 usb_packet_addbuf(&ohci
->usb_packet
, ohci
->usb_buf
, pktlen
);
994 usb_handle_packet(dev
, &ohci
->usb_packet
);
995 trace_usb_ohci_td_packet_status(ohci
->usb_packet
.status
);
997 if (ohci
->usb_packet
.status
== USB_RET_ASYNC
) {
998 usb_device_flush_ep_queue(dev
, ep
);
999 ohci
->async_td
= addr
;
1003 if (ohci
->usb_packet
.status
== USB_RET_SUCCESS
) {
1004 ret
= ohci
->usb_packet
.actual_length
;
1006 ret
= ohci
->usb_packet
.status
;
1010 if (dir
== OHCI_TD_DIR_IN
) {
1011 if (ohci_copy_td(ohci
, &td
, ohci
->usb_buf
, ret
,
1012 DMA_DIRECTION_FROM_DEVICE
)) {
1015 ohci_td_pkt("IN", ohci
->usb_buf
, pktlen
);
1022 if (ret
== pktlen
|| (dir
== OHCI_TD_DIR_IN
&& ret
>= 0 && flag_r
)) {
1023 /* Transmission succeeded. */
1027 if ((td
.cbp
& 0xfff) + ret
> 0xfff) {
1028 td
.cbp
= (td
.be
& ~0xfff) + ((td
.cbp
+ ret
) & 0xfff);
1033 td
.flags
|= OHCI_TD_T1
;
1034 td
.flags
^= OHCI_TD_T0
;
1035 OHCI_SET_BM(td
.flags
, TD_CC
, OHCI_CC_NOERROR
);
1036 OHCI_SET_BM(td
.flags
, TD_EC
, 0);
1038 if ((dir
!= OHCI_TD_DIR_IN
) && (ret
!= len
)) {
1039 /* Partial packet transfer: TD not ready to retire yet */
1040 goto exit_no_retire
;
1043 /* Setting ED_C is part of the TD retirement process */
1044 ed
->head
&= ~OHCI_ED_C
;
1045 if (td
.flags
& OHCI_TD_T0
) {
1046 ed
->head
|= OHCI_ED_C
;
1050 trace_usb_ohci_td_underrun();
1051 OHCI_SET_BM(td
.flags
, TD_CC
, OHCI_CC_DATAUNDERRUN
);
1054 case USB_RET_IOERROR
:
1056 trace_usb_ohci_td_dev_error();
1057 OHCI_SET_BM(td
.flags
, TD_CC
, OHCI_CC_DEVICENOTRESPONDING
);
1060 trace_usb_ohci_td_nak();
1063 trace_usb_ohci_td_stall();
1064 OHCI_SET_BM(td
.flags
, TD_CC
, OHCI_CC_STALL
);
1066 case USB_RET_BABBLE
:
1067 trace_usb_ohci_td_babble();
1068 OHCI_SET_BM(td
.flags
, TD_CC
, OHCI_CC_DATAOVERRUN
);
1071 trace_usb_ohci_td_bad_device_response(ret
);
1072 OHCI_SET_BM(td
.flags
, TD_CC
, OHCI_CC_UNDEXPETEDPID
);
1073 OHCI_SET_BM(td
.flags
, TD_EC
, 3);
1077 * An error occurred so we have to clear the interrupt counter.
1078 * See spec at 6.4.4 on page 104
1080 ohci
->done_count
= 0;
1082 ed
->head
|= OHCI_ED_H
;
1085 /* Retire this TD */
1086 ed
->head
&= ~OHCI_DPTR_MASK
;
1087 ed
->head
|= td
.next
& OHCI_DPTR_MASK
;
1088 td
.next
= ohci
->done
;
1090 i
= OHCI_BM(td
.flags
, TD_DI
);
1091 if (i
< ohci
->done_count
) {
1092 ohci
->done_count
= i
;
1095 if (ohci_put_td(ohci
, addr
, &td
)) {
1099 return OHCI_BM(td
.flags
, TD_CC
) != OHCI_CC_NOERROR
;
1102 /* Service an endpoint list. Returns nonzero if active TD were found. */
1103 static int ohci_service_ed_list(OHCIState
*ohci
, uint32_t head
)
1109 uint32_t link_cnt
= 0;
1115 for (cur
= head
; cur
&& link_cnt
++ < ED_LINK_LIMIT
; cur
= next_ed
) {
1116 if (ohci_read_ed(ohci
, cur
, &ed
)) {
1117 trace_usb_ohci_ed_read_error(cur
);
1122 next_ed
= ed
.next
& OHCI_DPTR_MASK
;
1124 if ((ed
.head
& OHCI_ED_H
) || (ed
.flags
& OHCI_ED_K
)) {
1126 /* Cancel pending packets for ED that have been paused. */
1127 addr
= ed
.head
& OHCI_DPTR_MASK
;
1128 if (ohci
->async_td
&& addr
== ohci
->async_td
) {
1129 usb_cancel_packet(&ohci
->usb_packet
);
1131 usb_device_ep_stopped(ohci
->usb_packet
.ep
->dev
,
1132 ohci
->usb_packet
.ep
);
1137 while ((ed
.head
& OHCI_DPTR_MASK
) != ed
.tail
) {
1138 trace_usb_ohci_ed_pkt(cur
, (ed
.head
& OHCI_ED_H
) != 0,
1139 (ed
.head
& OHCI_ED_C
) != 0, ed
.head
& OHCI_DPTR_MASK
,
1140 ed
.tail
& OHCI_DPTR_MASK
, ed
.next
& OHCI_DPTR_MASK
);
1141 trace_usb_ohci_ed_pkt_flags(
1142 OHCI_BM(ed
.flags
, ED_FA
), OHCI_BM(ed
.flags
, ED_EN
),
1143 OHCI_BM(ed
.flags
, ED_D
), (ed
.flags
& OHCI_ED_S
) != 0,
1144 (ed
.flags
& OHCI_ED_K
) != 0, (ed
.flags
& OHCI_ED_F
) != 0,
1145 OHCI_BM(ed
.flags
, ED_MPS
));
1149 if ((ed
.flags
& OHCI_ED_F
) == 0) {
1150 if (ohci_service_td(ohci
, &ed
)) {
1154 /* Handle isochronous endpoints */
1155 if (ohci_service_iso_td(ohci
, &ed
)) {
1161 if (ohci_put_ed(ohci
, cur
, &ed
)) {
1170 /* set a timer for EOF */
1171 static void ohci_eof_timer(OHCIState
*ohci
)
1173 timer_mod(ohci
->eof_timer
, ohci
->sof_time
+ usb_frame_time
);
1175 /* Set a timer for EOF and generate a SOF event */
1176 static void ohci_sof(OHCIState
*ohci
)
1178 ohci
->sof_time
+= usb_frame_time
;
1179 ohci_eof_timer(ohci
);
1180 ohci_set_interrupt(ohci
, OHCI_INTR_SF
);
1183 /* Process Control and Bulk lists. */
1184 static void ohci_process_lists(OHCIState
*ohci
)
1186 if ((ohci
->ctl
& OHCI_CTL_CLE
) && (ohci
->status
& OHCI_STATUS_CLF
)) {
1187 if (ohci
->ctrl_cur
&& ohci
->ctrl_cur
!= ohci
->ctrl_head
) {
1188 trace_usb_ohci_process_lists(ohci
->ctrl_head
, ohci
->ctrl_cur
);
1190 if (!ohci_service_ed_list(ohci
, ohci
->ctrl_head
)) {
1192 ohci
->status
&= ~OHCI_STATUS_CLF
;
1196 if ((ohci
->ctl
& OHCI_CTL_BLE
) && (ohci
->status
& OHCI_STATUS_BLF
)) {
1197 if (!ohci_service_ed_list(ohci
, ohci
->bulk_head
)) {
1199 ohci
->status
&= ~OHCI_STATUS_BLF
;
1204 /* Do frame processing on frame boundary */
1205 static void ohci_frame_boundary(void *opaque
)
1207 OHCIState
*ohci
= opaque
;
1208 struct ohci_hcca hcca
;
1210 if (ohci_read_hcca(ohci
, ohci
->hcca
, &hcca
)) {
1211 trace_usb_ohci_hcca_read_error(ohci
->hcca
);
1216 /* Process all the lists at the end of the frame */
1217 if (ohci
->ctl
& OHCI_CTL_PLE
) {
1220 n
= ohci
->frame_number
& 0x1f;
1221 ohci_service_ed_list(ohci
, le32_to_cpu(hcca
.intr
[n
]));
1224 /* Cancel all pending packets if either of the lists has been disabled. */
1225 if (ohci
->old_ctl
& (~ohci
->ctl
) & (OHCI_CTL_BLE
| OHCI_CTL_CLE
)) {
1226 ohci_stop_endpoints(ohci
);
1228 ohci
->old_ctl
= ohci
->ctl
;
1229 ohci_process_lists(ohci
);
1231 /* Stop if UnrecoverableError happened or ohci_sof will crash */
1232 if (ohci
->intr_status
& OHCI_INTR_UE
) {
1236 /* Frame boundary, so do EOF stuf here */
1237 ohci
->frt
= ohci
->fit
;
1239 /* Increment frame number and take care of endianness. */
1240 ohci
->frame_number
= (ohci
->frame_number
+ 1) & 0xffff;
1241 hcca
.frame
= cpu_to_le16(ohci
->frame_number
);
1242 /* When the HC updates frame number, set pad to 0. Ref OHCI Spec 4.4.1*/
1245 if (ohci
->done_count
== 0 && !(ohci
->intr_status
& OHCI_INTR_WD
)) {
1249 if (ohci
->intr
& ohci
->intr_status
) {
1252 hcca
.done
= cpu_to_le32(ohci
->done
);
1254 ohci
->done_count
= 7;
1255 ohci_set_interrupt(ohci
, OHCI_INTR_WD
);
1258 if (ohci
->done_count
!= 7 && ohci
->done_count
!= 0) {
1261 /* Do SOF stuff here */
1264 /* Writeback HCCA */
1265 if (ohci_put_hcca(ohci
, ohci
->hcca
, &hcca
)) {
1271 * Start sending SOF tokens across the USB bus, lists are processed in
1274 static int ohci_bus_start(OHCIState
*ohci
)
1276 trace_usb_ohci_start(ohci
->name
);
1278 * Delay the first SOF event by one frame time as linux driver is
1279 * not ready to receive it and can meet some race conditions
1281 ohci
->sof_time
= qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL
);
1282 ohci_eof_timer(ohci
);
1287 /* Stop sending SOF tokens on the bus */
1288 void ohci_bus_stop(OHCIState
*ohci
)
1290 trace_usb_ohci_stop(ohci
->name
);
1291 timer_del(ohci
->eof_timer
);
1294 /* Frame interval toggle is manipulated by the hcd only */
1295 static void ohci_set_frame_interval(OHCIState
*ohci
, uint16_t val
)
1299 if (val
!= ohci
->fi
) {
1300 trace_usb_ohci_set_frame_interval(ohci
->name
, ohci
->fi
, ohci
->fi
);
1306 static void ohci_port_power(OHCIState
*ohci
, int i
, int p
)
1309 ohci
->rhport
[i
].ctrl
|= OHCI_PORT_PPS
;
1311 ohci
->rhport
[i
].ctrl
&= ~(OHCI_PORT_PPS
| OHCI_PORT_CCS
|
1312 OHCI_PORT_PSS
| OHCI_PORT_PRS
);
1316 /* Set HcControlRegister */
1317 static void ohci_set_ctl(OHCIState
*ohci
, uint32_t val
)
1322 old_state
= ohci
->ctl
& OHCI_CTL_HCFS
;
1324 new_state
= ohci
->ctl
& OHCI_CTL_HCFS
;
1326 /* no state change */
1327 if (old_state
== new_state
) {
1330 trace_usb_ohci_set_ctl(ohci
->name
, new_state
);
1331 switch (new_state
) {
1332 case OHCI_USB_OPERATIONAL
:
1333 ohci_bus_start(ohci
);
1335 case OHCI_USB_SUSPEND
:
1336 ohci_bus_stop(ohci
);
1337 /* clear pending SF otherwise linux driver loops in ohci_irq() */
1338 ohci
->intr_status
&= ~OHCI_INTR_SF
;
1339 ohci_intr_update(ohci
);
1341 case OHCI_USB_RESUME
:
1342 trace_usb_ohci_resume(ohci
->name
);
1344 case OHCI_USB_RESET
:
1345 ohci_roothub_reset(ohci
);
1350 static uint32_t ohci_get_frame_remaining(OHCIState
*ohci
)
1355 if ((ohci
->ctl
& OHCI_CTL_HCFS
) != OHCI_USB_OPERATIONAL
) {
1356 return ohci
->frt
<< 31;
1358 /* Being in USB operational state guarantees sof_time was set already. */
1359 tks
= qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL
) - ohci
->sof_time
;
1364 /* avoid muldiv if possible */
1365 if (tks
>= usb_frame_time
) {
1366 return ohci
->frt
<< 31;
1368 tks
= tks
/ usb_bit_time
;
1369 fr
= (uint16_t)(ohci
->fi
- tks
);
1371 return (ohci
->frt
<< 31) | fr
;
1375 /* Set root hub status */
1376 static void ohci_set_hub_status(OHCIState
*ohci
, uint32_t val
)
1380 old_state
= ohci
->rhstatus
;
1382 /* write 1 to clear OCIC */
1383 if (val
& OHCI_RHS_OCIC
) {
1384 ohci
->rhstatus
&= ~OHCI_RHS_OCIC
;
1386 if (val
& OHCI_RHS_LPS
) {
1389 for (i
= 0; i
< ohci
->num_ports
; i
++) {
1390 ohci_port_power(ohci
, i
, 0);
1392 trace_usb_ohci_hub_power_down();
1395 if (val
& OHCI_RHS_LPSC
) {
1398 for (i
= 0; i
< ohci
->num_ports
; i
++) {
1399 ohci_port_power(ohci
, i
, 1);
1401 trace_usb_ohci_hub_power_up();
1404 if (val
& OHCI_RHS_DRWE
) {
1405 ohci
->rhstatus
|= OHCI_RHS_DRWE
;
1407 if (val
& OHCI_RHS_CRWE
) {
1408 ohci
->rhstatus
&= ~OHCI_RHS_DRWE
;
1410 if (old_state
!= ohci
->rhstatus
) {
1411 ohci_set_interrupt(ohci
, OHCI_INTR_RHSC
);
1415 /* This is the one state transition the controller can do by itself */
1416 static bool ohci_resume(OHCIState
*s
)
1418 if ((s
->ctl
& OHCI_CTL_HCFS
) == OHCI_USB_SUSPEND
) {
1419 trace_usb_ohci_remote_wakeup(s
->name
);
1420 s
->ctl
&= ~OHCI_CTL_HCFS
;
1421 s
->ctl
|= OHCI_USB_RESUME
;
1428 * Sets a flag in a port status reg but only set it if the port is connected.
1429 * If not set ConnectStatusChange flag. If flag is enabled return 1.
1431 static int ohci_port_set_if_connected(OHCIState
*ohci
, int i
, uint32_t val
)
1435 /* writing a 0 has no effect */
1439 /* If CurrentConnectStatus is cleared we set ConnectStatusChange */
1440 if (!(ohci
->rhport
[i
].ctrl
& OHCI_PORT_CCS
)) {
1441 ohci
->rhport
[i
].ctrl
|= OHCI_PORT_CSC
;
1442 if (ohci
->rhstatus
& OHCI_RHS_DRWE
) {
1443 /* CSC is a wakeup event */
1444 if (ohci_resume(ohci
)) {
1445 ohci_set_interrupt(ohci
, OHCI_INTR_RD
);
1451 if (ohci
->rhport
[i
].ctrl
& val
) {
1455 ohci
->rhport
[i
].ctrl
|= val
;
1460 /* Set root hub port status */
1461 static void ohci_port_set_status(OHCIState
*ohci
, int portnum
, uint32_t val
)
1466 port
= &ohci
->rhport
[portnum
];
1467 old_state
= port
->ctrl
;
1469 /* Write to clear CSC, PESC, PSSC, OCIC, PRSC */
1470 if (val
& OHCI_PORT_WTC
) {
1471 port
->ctrl
&= ~(val
& OHCI_PORT_WTC
);
1473 if (val
& OHCI_PORT_CCS
) {
1474 port
->ctrl
&= ~OHCI_PORT_PES
;
1476 ohci_port_set_if_connected(ohci
, portnum
, val
& OHCI_PORT_PES
);
1478 if (ohci_port_set_if_connected(ohci
, portnum
, val
& OHCI_PORT_PSS
)) {
1479 trace_usb_ohci_port_suspend(portnum
);
1482 if (ohci_port_set_if_connected(ohci
, portnum
, val
& OHCI_PORT_PRS
)) {
1483 trace_usb_ohci_port_reset(portnum
);
1484 usb_device_reset(port
->port
.dev
);
1485 port
->ctrl
&= ~OHCI_PORT_PRS
;
1486 /* ??? Should this also set OHCI_PORT_PESC. */
1487 port
->ctrl
|= OHCI_PORT_PES
| OHCI_PORT_PRSC
;
1490 /* Invert order here to ensure in ambiguous case, device is powered up. */
1491 if (val
& OHCI_PORT_LSDA
) {
1492 ohci_port_power(ohci
, portnum
, 0);
1494 if (val
& OHCI_PORT_PPS
) {
1495 ohci_port_power(ohci
, portnum
, 1);
1497 if (old_state
!= port
->ctrl
) {
1498 ohci_set_interrupt(ohci
, OHCI_INTR_RHSC
);
1502 static uint64_t ohci_mem_read(void *opaque
,
1506 OHCIState
*ohci
= opaque
;
1509 /* Only aligned reads are allowed on OHCI */
1511 trace_usb_ohci_mem_read_unaligned(addr
);
1513 } else if (addr
>= 0x54 && addr
< 0x54 + ohci
->num_ports
* 4) {
1514 /* HcRhPortStatus */
1515 retval
= ohci
->rhport
[(addr
- 0x54) >> 2].ctrl
| OHCI_PORT_PPS
;
1516 trace_usb_ohci_mem_port_read(size
, "HcRhPortStatus", (addr
- 0x50) >> 2,
1517 addr
, addr
>> 2, retval
);
1519 switch (addr
>> 2) {
1520 case 0: /* HcRevision */
1524 case 1: /* HcControl */
1528 case 2: /* HcCommandStatus */
1529 retval
= ohci
->status
;
1532 case 3: /* HcInterruptStatus */
1533 retval
= ohci
->intr_status
;
1536 case 4: /* HcInterruptEnable */
1537 case 5: /* HcInterruptDisable */
1538 retval
= ohci
->intr
;
1541 case 6: /* HcHCCA */
1542 retval
= ohci
->hcca
;
1545 case 7: /* HcPeriodCurrentED */
1546 retval
= ohci
->per_cur
;
1549 case 8: /* HcControlHeadED */
1550 retval
= ohci
->ctrl_head
;
1553 case 9: /* HcControlCurrentED */
1554 retval
= ohci
->ctrl_cur
;
1557 case 10: /* HcBulkHeadED */
1558 retval
= ohci
->bulk_head
;
1561 case 11: /* HcBulkCurrentED */
1562 retval
= ohci
->bulk_cur
;
1565 case 12: /* HcDoneHead */
1566 retval
= ohci
->done
;
1569 case 13: /* HcFmInterretval */
1570 retval
= (ohci
->fit
<< 31) | (ohci
->fsmps
<< 16) | (ohci
->fi
);
1573 case 14: /* HcFmRemaining */
1574 retval
= ohci_get_frame_remaining(ohci
);
1577 case 15: /* HcFmNumber */
1578 retval
= ohci
->frame_number
;
1581 case 16: /* HcPeriodicStart */
1582 retval
= ohci
->pstart
;
1585 case 17: /* HcLSThreshold */
1589 case 18: /* HcRhDescriptorA */
1590 retval
= ohci
->rhdesc_a
;
1593 case 19: /* HcRhDescriptorB */
1594 retval
= ohci
->rhdesc_b
;
1597 case 20: /* HcRhStatus */
1598 retval
= ohci
->rhstatus
;
1601 /* PXA27x specific registers */
1602 case 24: /* HcStatus */
1603 retval
= ohci
->hstatus
& ohci
->hmask
;
1606 case 25: /* HcHReset */
1607 retval
= ohci
->hreset
;
1610 case 26: /* HcHInterruptEnable */
1611 retval
= ohci
->hmask
;
1614 case 27: /* HcHInterruptTest */
1615 retval
= ohci
->htest
;
1619 trace_usb_ohci_mem_read_bad_offset(addr
);
1620 retval
= 0xffffffff;
1622 if (addr
!= 0xc || retval
) {
1623 trace_usb_ohci_mem_read(size
, ohci_reg_name(addr
), addr
, addr
>> 2,
1631 static void ohci_mem_write(void *opaque
,
1636 OHCIState
*ohci
= opaque
;
1638 /* Only aligned reads are allowed on OHCI */
1640 trace_usb_ohci_mem_write_unaligned(addr
);
1644 if (addr
>= 0x54 && addr
< 0x54 + ohci
->num_ports
* 4) {
1645 /* HcRhPortStatus */
1646 trace_usb_ohci_mem_port_write(size
, "HcRhPortStatus",
1647 (addr
- 0x50) >> 2, addr
, addr
>> 2, val
);
1648 ohci_port_set_status(ohci
, (addr
- 0x54) >> 2, val
);
1652 trace_usb_ohci_mem_write(size
, ohci_reg_name(addr
), addr
, addr
>> 2, val
);
1653 switch (addr
>> 2) {
1654 case 1: /* HcControl */
1655 ohci_set_ctl(ohci
, val
);
1658 case 2: /* HcCommandStatus */
1659 /* SOC is read-only */
1660 val
= (val
& ~OHCI_STATUS_SOC
);
1662 /* Bits written as '0' remain unchanged in the register */
1663 ohci
->status
|= val
;
1665 if (ohci
->status
& OHCI_STATUS_HCR
) {
1666 ohci_soft_reset(ohci
);
1670 case 3: /* HcInterruptStatus */
1671 ohci
->intr_status
&= ~val
;
1672 ohci_intr_update(ohci
);
1675 case 4: /* HcInterruptEnable */
1677 ohci_intr_update(ohci
);
1680 case 5: /* HcInterruptDisable */
1682 ohci_intr_update(ohci
);
1685 case 6: /* HcHCCA */
1686 ohci
->hcca
= val
& OHCI_HCCA_MASK
;
1689 case 7: /* HcPeriodCurrentED */
1690 /* Ignore writes to this read-only register, Linux does them */
1693 case 8: /* HcControlHeadED */
1694 ohci
->ctrl_head
= val
& OHCI_EDPTR_MASK
;
1697 case 9: /* HcControlCurrentED */
1698 ohci
->ctrl_cur
= val
& OHCI_EDPTR_MASK
;
1701 case 10: /* HcBulkHeadED */
1702 ohci
->bulk_head
= val
& OHCI_EDPTR_MASK
;
1705 case 11: /* HcBulkCurrentED */
1706 ohci
->bulk_cur
= val
& OHCI_EDPTR_MASK
;
1709 case 13: /* HcFmInterval */
1710 ohci
->fsmps
= (val
& OHCI_FMI_FSMPS
) >> 16;
1711 ohci
->fit
= (val
& OHCI_FMI_FIT
) >> 31;
1712 ohci_set_frame_interval(ohci
, val
);
1715 case 15: /* HcFmNumber */
1718 case 16: /* HcPeriodicStart */
1719 ohci
->pstart
= val
& 0xffff;
1722 case 17: /* HcLSThreshold */
1723 ohci
->lst
= val
& 0xffff;
1726 case 18: /* HcRhDescriptorA */
1727 ohci
->rhdesc_a
&= ~OHCI_RHA_RW_MASK
;
1728 ohci
->rhdesc_a
|= val
& OHCI_RHA_RW_MASK
;
1731 case 19: /* HcRhDescriptorB */
1734 case 20: /* HcRhStatus */
1735 ohci_set_hub_status(ohci
, val
);
1738 /* PXA27x specific registers */
1739 case 24: /* HcStatus */
1740 ohci
->hstatus
&= ~(val
& ohci
->hmask
);
1743 case 25: /* HcHReset */
1744 ohci
->hreset
= val
& ~OHCI_HRESET_FSBIR
;
1745 if (val
& OHCI_HRESET_FSBIR
) {
1746 ohci_hard_reset(ohci
);
1750 case 26: /* HcHInterruptEnable */
1754 case 27: /* HcHInterruptTest */
1759 trace_usb_ohci_mem_write_bad_offset(addr
);
1764 static const MemoryRegionOps ohci_mem_ops
= {
1765 .read
= ohci_mem_read
,
1766 .write
= ohci_mem_write
,
1767 .endianness
= DEVICE_LITTLE_ENDIAN
,
1771 static void ohci_attach(USBPort
*port1
)
1773 OHCIState
*s
= port1
->opaque
;
1774 OHCIPort
*port
= &s
->rhport
[port1
->index
];
1775 uint32_t old_state
= port
->ctrl
;
1777 /* set connect status */
1778 port
->ctrl
|= OHCI_PORT_CCS
| OHCI_PORT_CSC
;
1781 if (port
->port
.dev
->speed
== USB_SPEED_LOW
) {
1782 port
->ctrl
|= OHCI_PORT_LSDA
;
1784 port
->ctrl
&= ~OHCI_PORT_LSDA
;
1787 /* notify of remote-wakeup */
1788 if ((s
->ctl
& OHCI_CTL_HCFS
) == OHCI_USB_SUSPEND
) {
1789 ohci_set_interrupt(s
, OHCI_INTR_RD
);
1792 trace_usb_ohci_port_attach(port1
->index
);
1794 if (old_state
!= port
->ctrl
) {
1795 ohci_set_interrupt(s
, OHCI_INTR_RHSC
);
1799 static void ohci_child_detach(USBPort
*port1
, USBDevice
*dev
)
1801 OHCIState
*ohci
= port1
->opaque
;
1803 if (ohci
->async_td
&&
1804 usb_packet_is_inflight(&ohci
->usb_packet
) &&
1805 ohci
->usb_packet
.ep
->dev
== dev
) {
1806 usb_cancel_packet(&ohci
->usb_packet
);
1811 static void ohci_detach(USBPort
*port1
)
1813 OHCIState
*s
= port1
->opaque
;
1814 OHCIPort
*port
= &s
->rhport
[port1
->index
];
1815 uint32_t old_state
= port
->ctrl
;
1817 ohci_child_detach(port1
, port1
->dev
);
1819 /* set connect status */
1820 if (port
->ctrl
& OHCI_PORT_CCS
) {
1821 port
->ctrl
&= ~OHCI_PORT_CCS
;
1822 port
->ctrl
|= OHCI_PORT_CSC
;
1825 if (port
->ctrl
& OHCI_PORT_PES
) {
1826 port
->ctrl
&= ~OHCI_PORT_PES
;
1827 port
->ctrl
|= OHCI_PORT_PESC
;
1829 trace_usb_ohci_port_detach(port1
->index
);
1831 if (old_state
!= port
->ctrl
) {
1832 ohci_set_interrupt(s
, OHCI_INTR_RHSC
);
1836 static void ohci_wakeup(USBPort
*port1
)
1838 OHCIState
*s
= port1
->opaque
;
1839 OHCIPort
*port
= &s
->rhport
[port1
->index
];
1841 if (port
->ctrl
& OHCI_PORT_PSS
) {
1842 trace_usb_ohci_port_wakeup(port1
->index
);
1843 port
->ctrl
|= OHCI_PORT_PSSC
;
1844 port
->ctrl
&= ~OHCI_PORT_PSS
;
1845 intr
= OHCI_INTR_RHSC
;
1847 /* Note that the controller can be suspended even if this port is not */
1848 if (ohci_resume(s
)) {
1850 * In suspend mode only ResumeDetected is possible, not RHSC:
1851 * see the OHCI spec 5.1.2.3.
1853 intr
= OHCI_INTR_RD
;
1855 ohci_set_interrupt(s
, intr
);
1858 static void ohci_async_complete_packet(USBPort
*port
, USBPacket
*packet
)
1860 OHCIState
*ohci
= container_of(packet
, OHCIState
, usb_packet
);
1862 trace_usb_ohci_async_complete();
1863 ohci
->async_complete
= true;
1864 ohci_process_lists(ohci
);
1867 static USBPortOps ohci_port_ops
= {
1868 .attach
= ohci_attach
,
1869 .detach
= ohci_detach
,
1870 .child_detach
= ohci_child_detach
,
1871 .wakeup
= ohci_wakeup
,
1872 .complete
= ohci_async_complete_packet
,
1875 static USBBusOps ohci_bus_ops
= {
1878 void usb_ohci_init(OHCIState
*ohci
, DeviceState
*dev
, uint32_t num_ports
,
1879 dma_addr_t localmem_base
, char *masterbus
,
1880 uint32_t firstport
, AddressSpace
*as
,
1881 void (*ohci_die_fn
)(OHCIState
*), Error
**errp
)
1887 ohci
->ohci_die
= ohci_die_fn
;
1889 if (num_ports
> OHCI_MAX_PORTS
) {
1890 error_setg(errp
, "OHCI num-ports=%u is too big (limit is %u ports)",
1891 num_ports
, OHCI_MAX_PORTS
);
1895 if (usb_frame_time
== 0) {
1896 #ifdef OHCI_TIME_WARP
1897 usb_frame_time
= NANOSECONDS_PER_SECOND
;
1898 usb_bit_time
= NANOSECONDS_PER_SECOND
/ (USB_HZ
/ 1000);
1900 usb_frame_time
= NANOSECONDS_PER_SECOND
/ 1000;
1901 if (NANOSECONDS_PER_SECOND
>= USB_HZ
) {
1902 usb_bit_time
= NANOSECONDS_PER_SECOND
/ USB_HZ
;
1907 trace_usb_ohci_init_time(usb_frame_time
, usb_bit_time
);
1910 ohci
->num_ports
= num_ports
;
1912 USBPort
*ports
[OHCI_MAX_PORTS
];
1913 for (i
= 0; i
< num_ports
; i
++) {
1914 ports
[i
] = &ohci
->rhport
[i
].port
;
1916 usb_register_companion(masterbus
, ports
, num_ports
,
1917 firstport
, ohci
, &ohci_port_ops
,
1918 USB_SPEED_MASK_LOW
| USB_SPEED_MASK_FULL
,
1921 error_propagate(errp
, err
);
1925 usb_bus_new(&ohci
->bus
, sizeof(ohci
->bus
), &ohci_bus_ops
, dev
);
1926 for (i
= 0; i
< num_ports
; i
++) {
1927 usb_register_port(&ohci
->bus
, &ohci
->rhport
[i
].port
,
1928 ohci
, i
, &ohci_port_ops
,
1929 USB_SPEED_MASK_LOW
| USB_SPEED_MASK_FULL
);
1933 memory_region_init_io(&ohci
->mem
, OBJECT(dev
), &ohci_mem_ops
,
1935 ohci
->localmem_base
= localmem_base
;
1937 ohci
->name
= object_get_typename(OBJECT(dev
));
1938 usb_packet_init(&ohci
->usb_packet
);
1942 ohci
->eof_timer
= timer_new_ns(QEMU_CLOCK_VIRTUAL
,
1943 ohci_frame_boundary
, ohci
);
1947 * A typical OHCI will stop operating and set itself into error state
1948 * (which can be queried by MMIO) to signal that it got an error.
1950 void ohci_sysbus_die(struct OHCIState
*ohci
)
1952 trace_usb_ohci_die();
1954 ohci_set_interrupt(ohci
, OHCI_INTR_UE
);
1955 ohci_bus_stop(ohci
);
1958 static const VMStateDescription vmstate_ohci_state_port
= {
1959 .name
= "ohci-core/port",
1961 .minimum_version_id
= 1,
1962 .fields
= (const VMStateField
[]) {
1963 VMSTATE_UINT32(ctrl
, OHCIPort
),
1964 VMSTATE_END_OF_LIST()
1968 static bool ohci_eof_timer_needed(void *opaque
)
1970 OHCIState
*ohci
= opaque
;
1972 return timer_pending(ohci
->eof_timer
);
1975 static const VMStateDescription vmstate_ohci_eof_timer
= {
1976 .name
= "ohci-core/eof-timer",
1978 .minimum_version_id
= 1,
1979 .needed
= ohci_eof_timer_needed
,
1980 .fields
= (const VMStateField
[]) {
1981 VMSTATE_TIMER_PTR(eof_timer
, OHCIState
),
1982 VMSTATE_END_OF_LIST()
1986 const VMStateDescription vmstate_ohci_state
= {
1987 .name
= "ohci-core",
1989 .minimum_version_id
= 1,
1990 .fields
= (const VMStateField
[]) {
1991 VMSTATE_INT64(sof_time
, OHCIState
),
1992 VMSTATE_UINT32(ctl
, OHCIState
),
1993 VMSTATE_UINT32(status
, OHCIState
),
1994 VMSTATE_UINT32(intr_status
, OHCIState
),
1995 VMSTATE_UINT32(intr
, OHCIState
),
1996 VMSTATE_UINT32(hcca
, OHCIState
),
1997 VMSTATE_UINT32(ctrl_head
, OHCIState
),
1998 VMSTATE_UINT32(ctrl_cur
, OHCIState
),
1999 VMSTATE_UINT32(bulk_head
, OHCIState
),
2000 VMSTATE_UINT32(bulk_cur
, OHCIState
),
2001 VMSTATE_UINT32(per_cur
, OHCIState
),
2002 VMSTATE_UINT32(done
, OHCIState
),
2003 VMSTATE_INT32(done_count
, OHCIState
),
2004 VMSTATE_UINT16(fsmps
, OHCIState
),
2005 VMSTATE_UINT8(fit
, OHCIState
),
2006 VMSTATE_UINT16(fi
, OHCIState
),
2007 VMSTATE_UINT8(frt
, OHCIState
),
2008 VMSTATE_UINT16(frame_number
, OHCIState
),
2009 VMSTATE_UINT16(padding
, OHCIState
),
2010 VMSTATE_UINT32(pstart
, OHCIState
),
2011 VMSTATE_UINT32(lst
, OHCIState
),
2012 VMSTATE_UINT32(rhdesc_a
, OHCIState
),
2013 VMSTATE_UINT32(rhdesc_b
, OHCIState
),
2014 VMSTATE_UINT32(rhstatus
, OHCIState
),
2015 VMSTATE_STRUCT_ARRAY(rhport
, OHCIState
, OHCI_MAX_PORTS
, 0,
2016 vmstate_ohci_state_port
, OHCIPort
),
2017 VMSTATE_UINT32(hstatus
, OHCIState
),
2018 VMSTATE_UINT32(hmask
, OHCIState
),
2019 VMSTATE_UINT32(hreset
, OHCIState
),
2020 VMSTATE_UINT32(htest
, OHCIState
),
2021 VMSTATE_UINT32(old_ctl
, OHCIState
),
2022 VMSTATE_UINT8_ARRAY(usb_buf
, OHCIState
, 8192),
2023 VMSTATE_UINT32(async_td
, OHCIState
),
2024 VMSTATE_BOOL(async_complete
, OHCIState
),
2025 VMSTATE_END_OF_LIST()
2027 .subsections
= (const VMStateDescription
* const []) {
2028 &vmstate_ohci_eof_timer
,
