search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Large kernel initrd fix (initial patch by Daniel Jacobowitz).
[qemu/mini2440.git] / hw / usb-uhci.c
blob509c54f7ca5471b2c89330fc309e61e06b18961c
1 /*
2 * USB UHCI controller emulation
3 *
4 * Copyright (c) 2005 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24 #include "vl.h"
25
26 //#define DEBUG
27 //#define DEBUG_PACKET
28
29 #define UHCI_CMD_FGR (1 << 4)
30 #define UHCI_CMD_EGSM (1 << 3)
31 #define UHCI_CMD_GRESET (1 << 2)
32 #define UHCI_CMD_HCRESET (1 << 1)
33 #define UHCI_CMD_RS (1 << 0)
34
35 #define UHCI_STS_HCHALTED (1 << 5)
36 #define UHCI_STS_HCPERR (1 << 4)
37 #define UHCI_STS_HSERR (1 << 3)
38 #define UHCI_STS_RD (1 << 2)
39 #define UHCI_STS_USBERR (1 << 1)
40 #define UHCI_STS_USBINT (1 << 0)
41
42 #define TD_CTRL_SPD (1 << 29)
43 #define TD_CTRL_ERROR_SHIFT 27
44 #define TD_CTRL_IOS (1 << 25)
45 #define TD_CTRL_IOC (1 << 24)
46 #define TD_CTRL_ACTIVE (1 << 23)
47 #define TD_CTRL_STALL (1 << 22)
48 #define TD_CTRL_BABBLE (1 << 20)
49 #define TD_CTRL_NAK (1 << 19)
50 #define TD_CTRL_TIMEOUT (1 << 18)
51
52 #define UHCI_PORT_RESET (1 << 9)
53 #define UHCI_PORT_LSDA (1 << 8)
54 #define UHCI_PORT_ENC (1 << 3)
55 #define UHCI_PORT_EN (1 << 2)
56 #define UHCI_PORT_CSC (1 << 1)
57 #define UHCI_PORT_CCS (1 << 0)
58
59 #define FRAME_TIMER_FREQ 1000
60
61 #define FRAME_MAX_LOOPS 100
62
63 #define NB_PORTS 2
64
65 typedef struct UHCIPort {
66 USBPort port;
67 uint16_t ctrl;
68 } UHCIPort;
69
70 typedef struct UHCIState {
71 PCIDevice dev;
72 uint16_t cmd; /* cmd register */
73 uint16_t status;
74 uint16_t intr; /* interrupt enable register */
75 uint16_t frnum; /* frame number */
76 uint32_t fl_base_addr; /* frame list base address */
77 uint8_t sof_timing;
78 uint8_t status2; /* bit 0 and 1 are used to generate UHCI_STS_USBINT */
79 QEMUTimer *frame_timer;
80 UHCIPort ports[NB_PORTS];
81
82 /* Interrupts that should be raised at the end of the current frame. */
83 uint32_t pending_int_mask;
84 /* For simplicity of implementation we only allow a single pending USB
85 request. This means all usb traffic on this controller is effectively
86 suspended until that transfer completes. When the transfer completes
87 the next transfer from that queue will be processed. However
88 other queues will not be processed until the next frame. The solution
89 is to allow multiple pending requests. */
90 uint32_t async_qh;
91 USBPacket usb_packet;
92 uint8_t usb_buf[2048];
93 } UHCIState;
94
95 typedef struct UHCI_TD {
96 uint32_t link;
97 uint32_t ctrl; /* see TD_CTRL_xxx */
98 uint32_t token;
99 uint32_t buffer;
100 } UHCI_TD;
101
102 typedef struct UHCI_QH {
103 uint32_t link;
104 uint32_t el_link;
105 } UHCI_QH;
106
107 static void uhci_attach(USBPort *port1, USBDevice *dev);
108
109 static void uhci_update_irq(UHCIState *s)
110 {
111 int level;
112 if (((s->status2 & 1) && (s->intr & (1 << 2))) ||
113 ((s->status2 & 2) && (s->intr & (1 << 3))) ||
114 ((s->status & UHCI_STS_USBERR) && (s->intr & (1 << 0))) ||
115 ((s->status & UHCI_STS_RD) && (s->intr & (1 << 1))) ||
116 (s->status & UHCI_STS_HSERR) ||
117 (s->status & UHCI_STS_HCPERR)) {
118 level = 1;
119 } else {
120 level = 0;
121 }
122 pci_set_irq(&s->dev, 3, level);
123 }
124
125 static void uhci_reset(UHCIState *s)
126 {
127 uint8_t *pci_conf;
128 int i;
129 UHCIPort *port;
130
131 pci_conf = s->dev.config;
132
133 pci_conf[0x6a] = 0x01; /* usb clock */
134 pci_conf[0x6b] = 0x00;
135 s->cmd = 0;
136 s->status = 0;
137 s->status2 = 0;
138 s->intr = 0;
139 s->fl_base_addr = 0;
140 s->sof_timing = 64;
141 for(i = 0; i < NB_PORTS; i++) {
142 port = &s->ports[i];
143 port->ctrl = 0x0080;
144 if (port->port.dev)
145 uhci_attach(&port->port, port->port.dev);
146 }
147 }
148
149 static void uhci_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
150 {
151 UHCIState *s = opaque;
152
153 addr &= 0x1f;
154 switch(addr) {
155 case 0x0c:
156 s->sof_timing = val;
157 break;
158 }
159 }
160
161 static uint32_t uhci_ioport_readb(void *opaque, uint32_t addr)
162 {
163 UHCIState *s = opaque;
164 uint32_t val;
165
166 addr &= 0x1f;
167 switch(addr) {
168 case 0x0c:
169 val = s->sof_timing;
170 break;
171 default:
172 val = 0xff;
173 break;
174 }
175 return val;
176 }
177
178 static void uhci_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
179 {
180 UHCIState *s = opaque;
181
182 addr &= 0x1f;
183 #ifdef DEBUG
184 printf("uhci writew port=0x%04x val=0x%04x\n", addr, val);
185 #endif
186 switch(addr) {
187 case 0x00:
188 if ((val & UHCI_CMD_RS) && !(s->cmd & UHCI_CMD_RS)) {
189 /* start frame processing */
190 qemu_mod_timer(s->frame_timer, qemu_get_clock(vm_clock));
191 s->status &= ~UHCI_STS_HCHALTED;
192 } else if (!(val & UHCI_CMD_RS)) {
193 s->status |= UHCI_STS_HCHALTED;
194 }
195 if (val & UHCI_CMD_GRESET) {
196 UHCIPort *port;
197 USBDevice *dev;
198 int i;
199
200 /* send reset on the USB bus */
201 for(i = 0; i < NB_PORTS; i++) {
202 port = &s->ports[i];
203 dev = port->port.dev;
204 if (dev) {
205 usb_send_msg(dev, USB_MSG_RESET);
206 }
207 }
208 uhci_reset(s);
209 return;
210 }
211 if (val & UHCI_CMD_HCRESET) {
212 uhci_reset(s);
213 return;
214 }
215 s->cmd = val;
216 break;
217 case 0x02:
218 s->status &= ~val;
219 /* XXX: the chip spec is not coherent, so we add a hidden
220 register to distinguish between IOC and SPD */
221 if (val & UHCI_STS_USBINT)
222 s->status2 = 0;
223 uhci_update_irq(s);
224 break;
225 case 0x04:
226 s->intr = val;
227 uhci_update_irq(s);
228 break;
229 case 0x06:
230 if (s->status & UHCI_STS_HCHALTED)
231 s->frnum = val & 0x7ff;
232 break;
233 case 0x10 ... 0x1f:
234 {
235 UHCIPort *port;
236 USBDevice *dev;
237 int n;
238
239 n = (addr >> 1) & 7;
240 if (n >= NB_PORTS)
241 return;
242 port = &s->ports[n];
243 dev = port->port.dev;
244 if (dev) {
245 /* port reset */
246 if ( (val & UHCI_PORT_RESET) &&
247 !(port->ctrl & UHCI_PORT_RESET) ) {
248 usb_send_msg(dev, USB_MSG_RESET);
249 }
250 }
251 port->ctrl = (port->ctrl & 0x01fb) | (val & ~0x01fb);
252 /* some bits are reset when a '1' is written to them */
253 port->ctrl &= ~(val & 0x000a);
254 }
255 break;
256 }
257 }
258
259 static uint32_t uhci_ioport_readw(void *opaque, uint32_t addr)
260 {
261 UHCIState *s = opaque;
262 uint32_t val;
263
264 addr &= 0x1f;
265 switch(addr) {
266 case 0x00:
267 val = s->cmd;
268 break;
269 case 0x02:
270 val = s->status;
271 break;
272 case 0x04:
273 val = s->intr;
274 break;
275 case 0x06:
276 val = s->frnum;
277 break;
278 case 0x10 ... 0x1f:
279 {
280 UHCIPort *port;
281 int n;
282 n = (addr >> 1) & 7;
283 if (n >= NB_PORTS)
284 goto read_default;
285 port = &s->ports[n];
286 val = port->ctrl;
287 }
288 break;
289 default:
290 read_default:
291 val = 0xff7f; /* disabled port */
292 break;
293 }
294 #ifdef DEBUG
295 printf("uhci readw port=0x%04x val=0x%04x\n", addr, val);
296 #endif
297 return val;
298 }
299
300 static void uhci_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
301 {
302 UHCIState *s = opaque;
303
304 addr &= 0x1f;
305 #ifdef DEBUG
306 printf("uhci writel port=0x%04x val=0x%08x\n", addr, val);
307 #endif
308 switch(addr) {
309 case 0x08:
310 s->fl_base_addr = val & ~0xfff;
311 break;
312 }
313 }
314
315 static uint32_t uhci_ioport_readl(void *opaque, uint32_t addr)
316 {
317 UHCIState *s = opaque;
318 uint32_t val;
319
320 addr &= 0x1f;
321 switch(addr) {
322 case 0x08:
323 val = s->fl_base_addr;
324 break;
325 default:
326 val = 0xffffffff;
327 break;
328 }
329 return val;
330 }
331
332 /* signal resume if controller suspended */
333 static void uhci_resume (void *opaque)
334 {
335 UHCIState *s = (UHCIState *)opaque;
336
337 if (!s)
338 return;
339
340 if (s->cmd & UHCI_CMD_EGSM) {
341 s->cmd |= UHCI_CMD_FGR;
342 s->status |= UHCI_STS_RD;
343 uhci_update_irq(s);
344 }
345 }
346
347 static void uhci_attach(USBPort *port1, USBDevice *dev)
348 {
349 UHCIState *s = port1->opaque;
350 UHCIPort *port = &s->ports[port1->index];
351
352 if (dev) {
353 if (port->port.dev) {
354 usb_attach(port1, NULL);
355 }
356 /* set connect status */
357 port->ctrl |= UHCI_PORT_CCS | UHCI_PORT_CSC;
358
359 /* update speed */
360 if (dev->speed == USB_SPEED_LOW)
361 port->ctrl |= UHCI_PORT_LSDA;
362 else
363 port->ctrl &= ~UHCI_PORT_LSDA;
364
365 uhci_resume(s);
366
367 port->port.dev = dev;
368 /* send the attach message */
369 usb_send_msg(dev, USB_MSG_ATTACH);
370 } else {
371 /* set connect status */
372 if (port->ctrl & UHCI_PORT_CCS) {
373 port->ctrl &= ~UHCI_PORT_CCS;
374 port->ctrl |= UHCI_PORT_CSC;
375 }
376 /* disable port */
377 if (port->ctrl & UHCI_PORT_EN) {
378 port->ctrl &= ~UHCI_PORT_EN;
379 port->ctrl |= UHCI_PORT_ENC;
380 }
381
382 uhci_resume(s);
383
384 dev = port->port.dev;
385 if (dev) {
386 /* send the detach message */
387 usb_send_msg(dev, USB_MSG_DETACH);
388 }
389 port->port.dev = NULL;
390 }
391 }
392
393 static int uhci_broadcast_packet(UHCIState *s, USBPacket *p)
394 {
395 UHCIPort *port;
396 USBDevice *dev;
397 int i, ret;
398
399 #ifdef DEBUG_PACKET
400 {
401 const char *pidstr;
402 switch(p->pid) {
403 case USB_TOKEN_SETUP: pidstr = "SETUP"; break;
404 case USB_TOKEN_IN: pidstr = "IN"; break;
405 case USB_TOKEN_OUT: pidstr = "OUT"; break;
406 default: pidstr = "?"; break;
407 }
408 printf("frame %d: pid=%s addr=0x%02x ep=%d len=%d\n",
409 s->frnum, pidstr, p->devaddr, p->devep, p->len);
410 if (p->pid != USB_TOKEN_IN) {
411 printf(" data_out=");
412 for(i = 0; i < p->len; i++) {
413 printf(" %02x", p->data[i]);
414 }
415 printf("\n");
416 }
417 }
418 #endif
419 for(i = 0; i < NB_PORTS; i++) {
420 port = &s->ports[i];
421 dev = port->port.dev;
422 if (dev && (port->ctrl & UHCI_PORT_EN)) {
423 ret = dev->handle_packet(dev, p);
424 if (ret != USB_RET_NODEV) {
425 #ifdef DEBUG_PACKET
426 if (ret == USB_RET_ASYNC) {
427 printf("usb-uhci: Async packet\n");
428 } else {
429 printf(" ret=%d ", ret);
430 if (p->pid == USB_TOKEN_IN && ret > 0) {
431 printf("data_in=");
432 for(i = 0; i < ret; i++) {
433 printf(" %02x", p->data[i]);
434 }
435 }
436 printf("\n");
437 }
438 #endif
439 return ret;
440 }
441 }
442 }
443 return USB_RET_NODEV;
444 }
445
446 static void uhci_async_complete_packet(USBPacket * packet, void *opaque);
447
448 /* return -1 if fatal error (frame must be stopped)
449 0 if TD successful
450 1 if TD unsuccessful or inactive
451 */
452 static int uhci_handle_td(UHCIState *s, UHCI_TD *td, int *int_mask)
453 {
454 uint8_t pid;
455 int len, max_len, err, ret;
456
457 /* ??? This is wrong for async completion. */
458 if (td->ctrl & TD_CTRL_IOC) {
459 *int_mask |= 0x01;
460 }
461
462 if (!(td->ctrl & TD_CTRL_ACTIVE))
463 return 1;
464
465 /* TD is active */
466 max_len = ((td->token >> 21) + 1) & 0x7ff;
467 pid = td->token & 0xff;
468 if (s->async_qh) {
469 ret = s->usb_packet.len;
470 if (ret >= 0) {
471 len = ret;
472 if (len > max_len) {
473 len = max_len;
474 ret = USB_RET_BABBLE;
475 }
476 if (len > 0) {
477 /* write the data back */
478 cpu_physical_memory_write(td->buffer, s->usb_buf, len);
479 }
480 } else {
481 len = 0;
482 }
483 s->async_qh = 0;
484 } else {
485 s->usb_packet.pid = pid;
486 s->usb_packet.devaddr = (td->token >> 8) & 0x7f;
487 s->usb_packet.devep = (td->token >> 15) & 0xf;
488 s->usb_packet.data = s->usb_buf;
489 s->usb_packet.len = max_len;
490 s->usb_packet.complete_cb = uhci_async_complete_packet;
491 s->usb_packet.complete_opaque = s;
492 switch(pid) {
493 case USB_TOKEN_OUT:
494 case USB_TOKEN_SETUP:
495 cpu_physical_memory_read(td->buffer, s->usb_buf, max_len);
496 ret = uhci_broadcast_packet(s, &s->usb_packet);
497 len = max_len;
498 break;
499 case USB_TOKEN_IN:
500 ret = uhci_broadcast_packet(s, &s->usb_packet);
501 if (ret >= 0) {
502 len = ret;
503 if (len > max_len) {
504 len = max_len;
505 ret = USB_RET_BABBLE;
506 }
507 if (len > 0) {
508 /* write the data back */
509 cpu_physical_memory_write(td->buffer, s->usb_buf, len);
510 }
511 } else {
512 len = 0;
513 }
514 break;
515 default:
516 /* invalid pid : frame interrupted */
517 s->status |= UHCI_STS_HCPERR;
518 uhci_update_irq(s);
519 return -1;
520 }
521 }
522 if (ret == USB_RET_ASYNC) {
523 return 2;
524 }
525 if (td->ctrl & TD_CTRL_IOS)
526 td->ctrl &= ~TD_CTRL_ACTIVE;
527 if (ret >= 0) {
528 td->ctrl = (td->ctrl & ~0x7ff) | ((len - 1) & 0x7ff);
529 td->ctrl &= ~TD_CTRL_ACTIVE;
530 if (pid == USB_TOKEN_IN &&
531 (td->ctrl & TD_CTRL_SPD) &&
532 len < max_len) {
533 *int_mask |= 0x02;
534 /* short packet: do not update QH */
535 return 1;
536 } else {
537 /* success */
538 return 0;
539 }
540 } else {
541 switch(ret) {
542 default:
543 case USB_RET_NODEV:
544 do_timeout:
545 td->ctrl |= TD_CTRL_TIMEOUT;
546 err = (td->ctrl >> TD_CTRL_ERROR_SHIFT) & 3;
547 if (err != 0) {
548 err--;
549 if (err == 0) {
550 td->ctrl &= ~TD_CTRL_ACTIVE;
551 s->status |= UHCI_STS_USBERR;
552 uhci_update_irq(s);
553 }
554 }
555 td->ctrl = (td->ctrl & ~(3 << TD_CTRL_ERROR_SHIFT)) |
556 (err << TD_CTRL_ERROR_SHIFT);
557 return 1;
558 case USB_RET_NAK:
559 td->ctrl |= TD_CTRL_NAK;
560 if (pid == USB_TOKEN_SETUP)
561 goto do_timeout;
562 return 1;
563 case USB_RET_STALL:
564 td->ctrl |= TD_CTRL_STALL;
565 td->ctrl &= ~TD_CTRL_ACTIVE;
566 return 1;
567 case USB_RET_BABBLE:
568 td->ctrl |= TD_CTRL_BABBLE | TD_CTRL_STALL;
569 td->ctrl &= ~TD_CTRL_ACTIVE;
570 /* frame interrupted */
571 return -1;
572 }
573 }
574 }
575
576 static void uhci_async_complete_packet(USBPacket * packet, void *opaque)
577 {
578 UHCIState *s = opaque;
579 UHCI_QH qh;
580 UHCI_TD td;
581 uint32_t link;
582 uint32_t old_td_ctrl;
583 uint32_t val;
584 int ret;
585
586 link = s->async_qh;
587 if (!link) {
588 /* This should never happen. It means a TD somehow got removed
589 without cancelling the associated async IO request. */
590 return;
591 }
592 cpu_physical_memory_read(link & ~0xf, (uint8_t *)&qh, sizeof(qh));
593 le32_to_cpus(&qh.link);
594 le32_to_cpus(&qh.el_link);
595 /* Re-process the queue containing the async packet. */
596 while (1) {
597 cpu_physical_memory_read(qh.el_link & ~0xf,
598 (uint8_t *)&td, sizeof(td));
599 le32_to_cpus(&td.link);
600 le32_to_cpus(&td.ctrl);
601 le32_to_cpus(&td.token);
602 le32_to_cpus(&td.buffer);
603 old_td_ctrl = td.ctrl;
604 ret = uhci_handle_td(s, &td, &s->pending_int_mask);
605 /* update the status bits of the TD */
606 if (old_td_ctrl != td.ctrl) {
607 val = cpu_to_le32(td.ctrl);
608 cpu_physical_memory_write((qh.el_link & ~0xf) + 4,
609 (const uint8_t *)&val,
610 sizeof(val));
611 }
612 if (ret < 0)
613 break; /* interrupted frame */
614 if (ret == 2) {
615 s->async_qh = link;
616 break;
617 } else if (ret == 0) {
618 /* update qh element link */
619 qh.el_link = td.link;
620 val = cpu_to_le32(qh.el_link);
621 cpu_physical_memory_write((link & ~0xf) + 4,
622 (const uint8_t *)&val,
623 sizeof(val));
624 if (!(qh.el_link & 4))
625 break;
626 }
627 break;
628 }
629 }
630
631 static void uhci_frame_timer(void *opaque)
632 {
633 UHCIState *s = opaque;
634 int64_t expire_time;
635 uint32_t frame_addr, link, old_td_ctrl, val;
636 int int_mask, cnt, ret;
637 UHCI_TD td;
638 UHCI_QH qh;
639 uint32_t old_async_qh;
640
641 if (!(s->cmd & UHCI_CMD_RS)) {
642 qemu_del_timer(s->frame_timer);
643 /* set hchalted bit in status - UHCI11D 2.1.2 */
644 s->status |= UHCI_STS_HCHALTED;
645 return;
646 }
647 /* Complete the previous frame. */
648 s->frnum = (s->frnum + 1) & 0x7ff;
649 if (s->pending_int_mask) {
650 s->status2 |= s->pending_int_mask;
651 s->status |= UHCI_STS_USBINT;
652 uhci_update_irq(s);
653 }
654 old_async_qh = s->async_qh;
655 frame_addr = s->fl_base_addr + ((s->frnum & 0x3ff) << 2);
656 cpu_physical_memory_read(frame_addr, (uint8_t *)&link, 4);
657 le32_to_cpus(&link);
658 int_mask = 0;
659 cnt = FRAME_MAX_LOOPS;
660 while ((link & 1) == 0) {
661 if (--cnt == 0)
662 break;
663 /* valid frame */
664 if (link & 2) {
665 /* QH */
666 if (link == s->async_qh) {
667 /* We've found a previously issues packet.
668 Nothing else to do. */
669 old_async_qh = 0;
670 break;
671 }
672 cpu_physical_memory_read(link & ~0xf, (uint8_t *)&qh, sizeof(qh));
673 le32_to_cpus(&qh.link);
674 le32_to_cpus(&qh.el_link);
675 depth_first:
676 if (qh.el_link & 1) {
677 /* no element : go to next entry */
678 link = qh.link;
679 } else if (qh.el_link & 2) {
680 /* QH */
681 link = qh.el_link;
682 } else if (s->async_qh) {
683 /* We can only cope with one pending packet. Keep looking
684 for the previously issued packet. */
685 link = qh.link;
686 } else {
687 /* TD */
688 if (--cnt == 0)
689 break;
690 cpu_physical_memory_read(qh.el_link & ~0xf,
691 (uint8_t *)&td, sizeof(td));
692 le32_to_cpus(&td.link);
693 le32_to_cpus(&td.ctrl);
694 le32_to_cpus(&td.token);
695 le32_to_cpus(&td.buffer);
696 old_td_ctrl = td.ctrl;
697 ret = uhci_handle_td(s, &td, &int_mask);
698 /* update the status bits of the TD */
699 if (old_td_ctrl != td.ctrl) {
700 val = cpu_to_le32(td.ctrl);
701 cpu_physical_memory_write((qh.el_link & ~0xf) + 4,
702 (const uint8_t *)&val,
703 sizeof(val));
704 }
705 if (ret < 0)
706 break; /* interrupted frame */
707 if (ret == 2) {
708 s->async_qh = link;
709 } else if (ret == 0) {
710 /* update qh element link */
711 qh.el_link = td.link;
712 val = cpu_to_le32(qh.el_link);
713 cpu_physical_memory_write((link & ~0xf) + 4,
714 (const uint8_t *)&val,
715 sizeof(val));
716 if (qh.el_link & 4) {
717 /* depth first */
718 goto depth_first;
719 }
720 }
721 /* go to next entry */
722 link = qh.link;
723 }
724 } else {
725 /* TD */
726 cpu_physical_memory_read(link & ~0xf, (uint8_t *)&td, sizeof(td));
727 le32_to_cpus(&td.link);
728 le32_to_cpus(&td.ctrl);
729 le32_to_cpus(&td.token);
730 le32_to_cpus(&td.buffer);
731 /* Ignore isochonous transfers while there is an async packet
732 pending. This is wrong, but we don't implement isochronous
733 transfers anyway. */
734 if (s->async_qh == 0) {
735 old_td_ctrl = td.ctrl;
736 ret = uhci_handle_td(s, &td, &int_mask);
737 /* update the status bits of the TD */
738 if (old_td_ctrl != td.ctrl) {
739 val = cpu_to_le32(td.ctrl);
740 cpu_physical_memory_write((link & ~0xf) + 4,
741 (const uint8_t *)&val,
742 sizeof(val));
743 }
744 if (ret < 0)
745 break; /* interrupted frame */
746 if (ret == 2) {
747 /* We can't handle async isochronous transfers.
748 Cancel The packet. */
749 fprintf(stderr, "usb-uhci: Unimplemented async packet\n");
750 usb_cancel_packet(&s->usb_packet);
751 }
752 }
753 link = td.link;
754 }
755 }
756 s->pending_int_mask = int_mask;
757 if (old_async_qh) {
758 /* A previously started transfer has disappeared from the transfer
759 list. There's nothing useful we can do with it now, so just
760 discard the packet and hope it wasn't too important. */
761 #ifdef DEBUG
762 printf("Discarding USB packet\n");
763 #endif
764 usb_cancel_packet(&s->usb_packet);
765 s->async_qh = 0;
766 }
767 /* prepare the timer for the next frame */
768 expire_time = qemu_get_clock(vm_clock) +
769 (ticks_per_sec / FRAME_TIMER_FREQ);
770 qemu_mod_timer(s->frame_timer, expire_time);
771 }
772
773 static void uhci_map(PCIDevice *pci_dev, int region_num,
774 uint32_t addr, uint32_t size, int type)
775 {
776 UHCIState *s = (UHCIState *)pci_dev;
777
778 register_ioport_write(addr, 32, 2, uhci_ioport_writew, s);
779 register_ioport_read(addr, 32, 2, uhci_ioport_readw, s);
780 register_ioport_write(addr, 32, 4, uhci_ioport_writel, s);
781 register_ioport_read(addr, 32, 4, uhci_ioport_readl, s);
782 register_ioport_write(addr, 32, 1, uhci_ioport_writeb, s);
783 register_ioport_read(addr, 32, 1, uhci_ioport_readb, s);
784 }
785
786 void usb_uhci_init(PCIBus *bus, int devfn)
787 {
788 UHCIState *s;
789 uint8_t *pci_conf;
790 int i;
791
792 s = (UHCIState *)pci_register_device(bus,
793 "USB-UHCI", sizeof(UHCIState),
794 devfn, NULL, NULL);
795 pci_conf = s->dev.config;
796 pci_conf[0x00] = 0x86;
797 pci_conf[0x01] = 0x80;
798 pci_conf[0x02] = 0x20;
799 pci_conf[0x03] = 0x70;
800 pci_conf[0x08] = 0x01; // revision number
801 pci_conf[0x09] = 0x00;
802 pci_conf[0x0a] = 0x03;
803 pci_conf[0x0b] = 0x0c;
804 pci_conf[0x0e] = 0x00; // header_type
805 pci_conf[0x3d] = 4; // interrupt pin 3
806 pci_conf[0x60] = 0x10; // release number
807
808 for(i = 0; i < NB_PORTS; i++) {
809 qemu_register_usb_port(&s->ports[i].port, s, i, uhci_attach);
810 }
811 s->frame_timer = qemu_new_timer(vm_clock, uhci_frame_timer, s);
812
813 uhci_reset(s);
814
815 /* Use region 4 for consistency with real hardware. BSD guests seem
816 to rely on this. */
817 pci_register_io_region(&s->dev, 4, 0x20,
818 PCI_ADDRESS_SPACE_IO, uhci_map);
819 }
Samsung s3c2440 and arm920t support for the mini2440 dev board