search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vt82c686: fix coverity warning about out-of-bounds write
[qemu/ar7.git] / hw / usb / dev-hub.c
blob0482f58719ba9f510f25e7d6bad1b5a8c2826f85
1 /*
2 * QEMU USB HUB emulation
3 *
4 * Copyright (c) 2005 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24 #include "qemu-common.h"
25 #include "trace.h"
26 #include "hw/usb.h"
27 #include "hw/usb/desc.h"
28 #include "qemu/error-report.h"
29
30 #define NUM_PORTS 8
31
32 typedef struct USBHubPort {
33 USBPort port;
34 uint16_t wPortStatus;
35 uint16_t wPortChange;
36 } USBHubPort;
37
38 typedef struct USBHubState {
39 USBDevice dev;
40 USBEndpoint *intr;
41 USBHubPort ports[NUM_PORTS];
42 } USBHubState;
43
44 #define ClearHubFeature (0x2000 | USB_REQ_CLEAR_FEATURE)
45 #define ClearPortFeature (0x2300 | USB_REQ_CLEAR_FEATURE)
46 #define GetHubDescriptor (0xa000 | USB_REQ_GET_DESCRIPTOR)
47 #define GetHubStatus (0xa000 | USB_REQ_GET_STATUS)
48 #define GetPortStatus (0xa300 | USB_REQ_GET_STATUS)
49 #define SetHubFeature (0x2000 | USB_REQ_SET_FEATURE)
50 #define SetPortFeature (0x2300 | USB_REQ_SET_FEATURE)
51
52 #define PORT_STAT_CONNECTION 0x0001
53 #define PORT_STAT_ENABLE 0x0002
54 #define PORT_STAT_SUSPEND 0x0004
55 #define PORT_STAT_OVERCURRENT 0x0008
56 #define PORT_STAT_RESET 0x0010
57 #define PORT_STAT_POWER 0x0100
58 #define PORT_STAT_LOW_SPEED 0x0200
59 #define PORT_STAT_HIGH_SPEED 0x0400
60 #define PORT_STAT_TEST 0x0800
61 #define PORT_STAT_INDICATOR 0x1000
62
63 #define PORT_STAT_C_CONNECTION 0x0001
64 #define PORT_STAT_C_ENABLE 0x0002
65 #define PORT_STAT_C_SUSPEND 0x0004
66 #define PORT_STAT_C_OVERCURRENT 0x0008
67 #define PORT_STAT_C_RESET 0x0010
68
69 #define PORT_CONNECTION 0
70 #define PORT_ENABLE 1
71 #define PORT_SUSPEND 2
72 #define PORT_OVERCURRENT 3
73 #define PORT_RESET 4
74 #define PORT_POWER 8
75 #define PORT_LOWSPEED 9
76 #define PORT_HIGHSPEED 10
77 #define PORT_C_CONNECTION 16
78 #define PORT_C_ENABLE 17
79 #define PORT_C_SUSPEND 18
80 #define PORT_C_OVERCURRENT 19
81 #define PORT_C_RESET 20
82 #define PORT_TEST 21
83 #define PORT_INDICATOR 22
84
85 /* same as Linux kernel root hubs */
86
87 enum {
88 STR_MANUFACTURER = 1,
89 STR_PRODUCT,
90 STR_SERIALNUMBER,
91 };
92
93 static const USBDescStrings desc_strings = {
94 [STR_MANUFACTURER] = "QEMU",
95 [STR_PRODUCT] = "QEMU USB Hub",
96 [STR_SERIALNUMBER] = "314159",
97 };
98
99 static const USBDescIface desc_iface_hub = {
100 .bInterfaceNumber = 0,
101 .bNumEndpoints = 1,
102 .bInterfaceClass = USB_CLASS_HUB,
103 .eps = (USBDescEndpoint[]) {
104 {
105 .bEndpointAddress = USB_DIR_IN | 0x01,
106 .bmAttributes = USB_ENDPOINT_XFER_INT,
107 .wMaxPacketSize = 1 + (NUM_PORTS + 7) / 8,
108 .bInterval = 0xff,
109 },
110 }
111 };
112
113 static const USBDescDevice desc_device_hub = {
114 .bcdUSB = 0x0110,
115 .bDeviceClass = USB_CLASS_HUB,
116 .bMaxPacketSize0 = 8,
117 .bNumConfigurations = 1,
118 .confs = (USBDescConfig[]) {
119 {
120 .bNumInterfaces = 1,
121 .bConfigurationValue = 1,
122 .bmAttributes = USB_CFG_ATT_ONE | USB_CFG_ATT_SELFPOWER |
123 USB_CFG_ATT_WAKEUP,
124 .nif = 1,
125 .ifs = &desc_iface_hub,
126 },
127 },
128 };
129
130 static const USBDesc desc_hub = {
131 .id = {
132 .idVendor = 0x0409,
133 .idProduct = 0x55aa,
134 .bcdDevice = 0x0101,
135 .iManufacturer = STR_MANUFACTURER,
136 .iProduct = STR_PRODUCT,
137 .iSerialNumber = STR_SERIALNUMBER,
138 },
139 .full = &desc_device_hub,
140 .str = desc_strings,
141 };
142
143 static const uint8_t qemu_hub_hub_descriptor[] =
144 {
145 0x00, /* u8 bLength; patched in later */
146 0x29, /* u8 bDescriptorType; Hub-descriptor */
147 0x00, /* u8 bNbrPorts; (patched later) */
148 0x0a, /* u16 wHubCharacteristics; */
149 0x00, /* (per-port OC, no power switching) */
150 0x01, /* u8 bPwrOn2pwrGood; 2ms */
151 0x00 /* u8 bHubContrCurrent; 0 mA */
152
153 /* DeviceRemovable and PortPwrCtrlMask patched in later */
154 };
155
156 static void usb_hub_attach(USBPort *port1)
157 {
158 USBHubState *s = port1->opaque;
159 USBHubPort *port = &s->ports[port1->index];
160
161 trace_usb_hub_attach(s->dev.addr, port1->index + 1);
162 port->wPortStatus |= PORT_STAT_CONNECTION;
163 port->wPortChange |= PORT_STAT_C_CONNECTION;
164 if (port->port.dev->speed == USB_SPEED_LOW) {
165 port->wPortStatus |= PORT_STAT_LOW_SPEED;
166 } else {
167 port->wPortStatus &= ~PORT_STAT_LOW_SPEED;
168 }
169 usb_wakeup(s->intr, 0);
170 }
171
172 static void usb_hub_detach(USBPort *port1)
173 {
174 USBHubState *s = port1->opaque;
175 USBHubPort *port = &s->ports[port1->index];
176
177 trace_usb_hub_detach(s->dev.addr, port1->index + 1);
178 usb_wakeup(s->intr, 0);
179
180 /* Let upstream know the device on this port is gone */
181 s->dev.port->ops->child_detach(s->dev.port, port1->dev);
182
183 port->wPortStatus &= ~PORT_STAT_CONNECTION;
184 port->wPortChange |= PORT_STAT_C_CONNECTION;
185 if (port->wPortStatus & PORT_STAT_ENABLE) {
186 port->wPortStatus &= ~PORT_STAT_ENABLE;
187 port->wPortChange |= PORT_STAT_C_ENABLE;
188 }
189 usb_wakeup(s->intr, 0);
190 }
191
192 static void usb_hub_child_detach(USBPort *port1, USBDevice *child)
193 {
194 USBHubState *s = port1->opaque;
195
196 /* Pass along upstream */
197 s->dev.port->ops->child_detach(s->dev.port, child);
198 }
199
200 static void usb_hub_wakeup(USBPort *port1)
201 {
202 USBHubState *s = port1->opaque;
203 USBHubPort *port = &s->ports[port1->index];
204
205 if (port->wPortStatus & PORT_STAT_SUSPEND) {
206 port->wPortChange |= PORT_STAT_C_SUSPEND;
207 usb_wakeup(s->intr, 0);
208 }
209 }
210
211 static void usb_hub_complete(USBPort *port, USBPacket *packet)
212 {
213 USBHubState *s = port->opaque;
214
215 /*
216 * Just pass it along upstream for now.
217 *
218 * If we ever implement usb 2.0 split transactions this will
219 * become a little more complicated ...
220 *
221 * Can't use usb_packet_complete() here because packet->owner is
222 * cleared already, go call the ->complete() callback directly
223 * instead.
224 */
225 s->dev.port->ops->complete(s->dev.port, packet);
226 }
227
228 static USBDevice *usb_hub_find_device(USBDevice *dev, uint8_t addr)
229 {
230 USBHubState *s = DO_UPCAST(USBHubState, dev, dev);
231 USBHubPort *port;
232 USBDevice *downstream;
233 int i;
234
235 for (i = 0; i < NUM_PORTS; i++) {
236 port = &s->ports[i];
237 if (!(port->wPortStatus & PORT_STAT_ENABLE)) {
238 continue;
239 }
240 downstream = usb_find_device(&port->port, addr);
241 if (downstream != NULL) {
242 return downstream;
243 }
244 }
245 return NULL;
246 }
247
248 static void usb_hub_handle_reset(USBDevice *dev)
249 {
250 USBHubState *s = DO_UPCAST(USBHubState, dev, dev);
251 USBHubPort *port;
252 int i;
253
254 trace_usb_hub_reset(s->dev.addr);
255 for (i = 0; i < NUM_PORTS; i++) {
256 port = s->ports + i;
257 port->wPortStatus = PORT_STAT_POWER;
258 port->wPortChange = 0;
259 if (port->port.dev && port->port.dev->attached) {
260 port->wPortStatus |= PORT_STAT_CONNECTION;
261 port->wPortChange |= PORT_STAT_C_CONNECTION;
262 if (port->port.dev->speed == USB_SPEED_LOW) {
263 port->wPortStatus |= PORT_STAT_LOW_SPEED;
264 }
265 }
266 }
267 }
268
269 static const char *feature_name(int feature)
270 {
271 static const char *name[] = {
272 [PORT_CONNECTION] = "connection",
273 [PORT_ENABLE] = "enable",
274 [PORT_SUSPEND] = "suspend",
275 [PORT_OVERCURRENT] = "overcurrent",
276 [PORT_RESET] = "reset",
277 [PORT_POWER] = "power",
278 [PORT_LOWSPEED] = "lowspeed",
279 [PORT_HIGHSPEED] = "highspeed",
280 [PORT_C_CONNECTION] = "change connection",
281 [PORT_C_ENABLE] = "change enable",
282 [PORT_C_SUSPEND] = "change suspend",
283 [PORT_C_OVERCURRENT] = "change overcurrent",
284 [PORT_C_RESET] = "change reset",
285 [PORT_TEST] = "test",
286 [PORT_INDICATOR] = "indicator",
287 };
288 if (feature < 0 || feature >= ARRAY_SIZE(name)) {
289 return "?";
290 }
291 return name[feature] ?: "?";
292 }
293
294 static void usb_hub_handle_control(USBDevice *dev, USBPacket *p,
295 int request, int value, int index, int length, uint8_t *data)
296 {
297 USBHubState *s = (USBHubState *)dev;
298 int ret;
299
300 trace_usb_hub_control(s->dev.addr, request, value, index, length);
301
302 ret = usb_desc_handle_control(dev, p, request, value, index, length, data);
303 if (ret >= 0) {
304 return;
305 }
306
307 switch(request) {
308 case EndpointOutRequest | USB_REQ_CLEAR_FEATURE:
309 if (value == 0 && index != 0x81) { /* clear ep halt */
310 goto fail;
311 }
312 break;
313 /* usb specific requests */
314 case GetHubStatus:
315 data[0] = 0;
316 data[1] = 0;
317 data[2] = 0;
318 data[3] = 0;
319 p->actual_length = 4;
320 break;
321 case GetPortStatus:
322 {
323 unsigned int n = index - 1;
324 USBHubPort *port;
325 if (n >= NUM_PORTS) {
326 goto fail;
327 }
328 port = &s->ports[n];
329 trace_usb_hub_get_port_status(s->dev.addr, index,
330 port->wPortStatus,
331 port->wPortChange);
332 data[0] = port->wPortStatus;
333 data[1] = port->wPortStatus >> 8;
334 data[2] = port->wPortChange;
335 data[3] = port->wPortChange >> 8;
336 p->actual_length = 4;
337 }
338 break;
339 case SetHubFeature:
340 case ClearHubFeature:
341 if (value != 0 && value != 1) {
342 goto fail;
343 }
344 break;
345 case SetPortFeature:
346 {
347 unsigned int n = index - 1;
348 USBHubPort *port;
349 USBDevice *dev;
350
351 trace_usb_hub_set_port_feature(s->dev.addr, index,
352 feature_name(value));
353
354 if (n >= NUM_PORTS) {
355 goto fail;
356 }
357 port = &s->ports[n];
358 dev = port->port.dev;
359 switch(value) {
360 case PORT_SUSPEND:
361 port->wPortStatus |= PORT_STAT_SUSPEND;
362 break;
363 case PORT_RESET:
364 if (dev && dev->attached) {
365 usb_device_reset(dev);
366 port->wPortChange |= PORT_STAT_C_RESET;
367 /* set enable bit */
368 port->wPortStatus |= PORT_STAT_ENABLE;
369 usb_wakeup(s->intr, 0);
370 }
371 break;
372 case PORT_POWER:
373 break;
374 default:
375 goto fail;
376 }
377 }
378 break;
379 case ClearPortFeature:
380 {
381 unsigned int n = index - 1;
382 USBHubPort *port;
383
384 trace_usb_hub_clear_port_feature(s->dev.addr, index,
385 feature_name(value));
386
387 if (n >= NUM_PORTS) {
388 goto fail;
389 }
390 port = &s->ports[n];
391 switch(value) {
392 case PORT_ENABLE:
393 port->wPortStatus &= ~PORT_STAT_ENABLE;
394 break;
395 case PORT_C_ENABLE:
396 port->wPortChange &= ~PORT_STAT_C_ENABLE;
397 break;
398 case PORT_SUSPEND:
399 port->wPortStatus &= ~PORT_STAT_SUSPEND;
400 break;
401 case PORT_C_SUSPEND:
402 port->wPortChange &= ~PORT_STAT_C_SUSPEND;
403 break;
404 case PORT_C_CONNECTION:
405 port->wPortChange &= ~PORT_STAT_C_CONNECTION;
406 break;
407 case PORT_C_OVERCURRENT:
408 port->wPortChange &= ~PORT_STAT_C_OVERCURRENT;
409 break;
410 case PORT_C_RESET:
411 port->wPortChange &= ~PORT_STAT_C_RESET;
412 break;
413 default:
414 goto fail;
415 }
416 }
417 break;
418 case GetHubDescriptor:
419 {
420 unsigned int n, limit, var_hub_size = 0;
421 memcpy(data, qemu_hub_hub_descriptor,
422 sizeof(qemu_hub_hub_descriptor));
423 data[2] = NUM_PORTS;
424
425 /* fill DeviceRemovable bits */
426 limit = ((NUM_PORTS + 1 + 7) / 8) + 7;
427 for (n = 7; n < limit; n++) {
428 data[n] = 0x00;
429 var_hub_size++;
430 }
431
432 /* fill PortPwrCtrlMask bits */
433 limit = limit + ((NUM_PORTS + 7) / 8);
434 for (;n < limit; n++) {
435 data[n] = 0xff;
436 var_hub_size++;
437 }
438
439 p->actual_length = sizeof(qemu_hub_hub_descriptor) + var_hub_size;
440 data[0] = p->actual_length;
441 break;
442 }
443 default:
444 fail:
445 p->status = USB_RET_STALL;
446 break;
447 }
448 }
449
450 static void usb_hub_handle_data(USBDevice *dev, USBPacket *p)
451 {
452 USBHubState *s = (USBHubState *)dev;
453
454 switch(p->pid) {
455 case USB_TOKEN_IN:
456 if (p->ep->nr == 1) {
457 USBHubPort *port;
458 unsigned int status;
459 uint8_t buf[4];
460 int i, n;
461 n = (NUM_PORTS + 1 + 7) / 8;
462 if (p->iov.size == 1) { /* FreeBSD workaround */
463 n = 1;
464 } else if (n > p->iov.size) {
465 p->status = USB_RET_BABBLE;
466 return;
467 }
468 status = 0;
469 for(i = 0; i < NUM_PORTS; i++) {
470 port = &s->ports[i];
471 if (port->wPortChange)
472 status |= (1 << (i + 1));
473 }
474 if (status != 0) {
475 trace_usb_hub_status_report(s->dev.addr, status);
476 for(i = 0; i < n; i++) {
477 buf[i] = status >> (8 * i);
478 }
479 usb_packet_copy(p, buf, n);
480 } else {
481 p->status = USB_RET_NAK; /* usb11 11.13.1 */
482 }
483 } else {
484 goto fail;
485 }
486 break;
487 case USB_TOKEN_OUT:
488 default:
489 fail:
490 p->status = USB_RET_STALL;
491 break;
492 }
493 }
494
495 static void usb_hub_handle_destroy(USBDevice *dev)
496 {
497 USBHubState *s = (USBHubState *)dev;
498 int i;
499
500 for (i = 0; i < NUM_PORTS; i++) {
501 usb_unregister_port(usb_bus_from_device(dev),
502 &s->ports[i].port);
503 }
504 }
505
506 static USBPortOps usb_hub_port_ops = {
507 .attach = usb_hub_attach,
508 .detach = usb_hub_detach,
509 .child_detach = usb_hub_child_detach,
510 .wakeup = usb_hub_wakeup,
511 .complete = usb_hub_complete,
512 };
513
514 static void usb_hub_realize(USBDevice *dev, Error **errp)
515 {
516 USBHubState *s = DO_UPCAST(USBHubState, dev, dev);
517 USBHubPort *port;
518 int i;
519
520 if (dev->port->hubcount == 5) {
521 error_setg(errp, "usb hub chain too deep");
522 return;
523 }
524
525 usb_desc_create_serial(dev);
526 usb_desc_init(dev);
527 s->intr = usb_ep_get(dev, USB_TOKEN_IN, 1);
528 for (i = 0; i < NUM_PORTS; i++) {
529 port = &s->ports[i];
530 usb_register_port(usb_bus_from_device(dev),
531 &port->port, s, i, &usb_hub_port_ops,
532 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL);
533 usb_port_location(&port->port, dev->port, i+1);
534 }
535 usb_hub_handle_reset(dev);
536 }
537
538 static const VMStateDescription vmstate_usb_hub_port = {
539 .name = "usb-hub-port",
540 .version_id = 1,
541 .minimum_version_id = 1,
542 .fields = (VMStateField[]) {
543 VMSTATE_UINT16(wPortStatus, USBHubPort),
544 VMSTATE_UINT16(wPortChange, USBHubPort),
545 VMSTATE_END_OF_LIST()
546 }
547 };
548
549 static const VMStateDescription vmstate_usb_hub = {
550 .name = "usb-hub",
551 .version_id = 1,
552 .minimum_version_id = 1,
553 .fields = (VMStateField[]) {
554 VMSTATE_USB_DEVICE(dev, USBHubState),
555 VMSTATE_STRUCT_ARRAY(ports, USBHubState, NUM_PORTS, 0,
556 vmstate_usb_hub_port, USBHubPort),
557 VMSTATE_END_OF_LIST()
558 }
559 };
560
561 static void usb_hub_class_initfn(ObjectClass *klass, void *data)
562 {
563 DeviceClass *dc = DEVICE_CLASS(klass);
564 USBDeviceClass *uc = USB_DEVICE_CLASS(klass);
565
566 uc->realize = usb_hub_realize;
567 uc->product_desc = "QEMU USB Hub";
568 uc->usb_desc = &desc_hub;
569 uc->find_device = usb_hub_find_device;
570 uc->handle_reset = usb_hub_handle_reset;
571 uc->handle_control = usb_hub_handle_control;
572 uc->handle_data = usb_hub_handle_data;
573 uc->handle_destroy = usb_hub_handle_destroy;
574 set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
575 dc->fw_name = "hub";
576 dc->vmsd = &vmstate_usb_hub;
577 }
578
579 static const TypeInfo hub_info = {
580 .name = "usb-hub",
581 .parent = TYPE_USB_DEVICE,
582 .instance_size = sizeof(USBHubState),
583 .class_init = usb_hub_class_initfn,
584 };
585
586 static void usb_hub_register_types(void)
587 {
588 type_register_static(&hub_info);
589 }
590
591 type_init(usb_hub_register_types)
AR7 emulation for QEMU