]> git.proxmox.com Git - mirror_qemu.git/blame - hw/usb/hcd-ehci.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ehci: Get rid of the magical PROC_ERR status
[mirror_qemu.git] / hw / usb / hcd-ehci.c
CommitLineData
94527ead
GH		 1/*
2 * QEMU USB EHCI Emulation
3 *
4 * Copyright(c) 2008 Emutex Ltd. (address@hidden)
522079dd
HG		 5 * Copyright(c) 2011-2012 Red Hat, Inc.
6 *
7 * Red Hat Authors:
8 * Gerd Hoffmann <kraxel@redhat.com>
9 * Hans de Goede <hdegoede@redhat.com>
94527ead
GH		 10 *
11 * EHCI project was started by Mark Burkley, with contributions by
12 * Niels de Vos. David S. Ahern continued working on it. Kevin Wolf,
13 * Jan Kiszka and Vincent Palatin contributed bugfixes.
14 *
15 *
16 * This library is free software; you can redistribute it and/or
17 * modify it under the terms of the GNU Lesser General Public
18 * License as published by the Free Software Foundation; either
19 * version 2 of the License, or(at your option) any later version.
20 *
21 * This library is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
24 * Lesser General Public License for more details.
25 *
26 * You should have received a copy of the GNU General Public License
27 * along with this program; if not, see <http://www.gnu.org/licenses/>.
94527ead
GH		 28 */
29
0bf96f94 30#include "hw/usb/hcd-ehci.h"
94527ead 31
94527ead 32/* Capability Registers Base Address - section 2.2 */
27a11324
PC		 33#define CAPLENGTH 0x0000 /* 1-byte, 0x0001 reserved */
34#define HCIVERSION 0x0002 /* 2-bytes, i/f version # */
35#define HCSPARAMS 0x0004 /* 4-bytes, structural params */
36#define HCCPARAMS 0x0008 /* 4-bytes, capability params */
94527ead 37#define EECP HCCPARAMS + 1
27a11324
PC		 38#define HCSPPORTROUTE1 0x000c
39#define HCSPPORTROUTE2 0x0010
94527ead 40
27a11324 41#define USBCMD 0x0000
94527ead
GH		 42#define USBCMD_RUNSTOP (1 << 0) // run / Stop
43#define USBCMD_HCRESET (1 << 1) // HC Reset
44#define USBCMD_FLS (3 << 2) // Frame List Size
45#define USBCMD_FLS_SH 2 // Frame List Size Shift
46#define USBCMD_PSE (1 << 4) // Periodic Schedule Enable
47#define USBCMD_ASE (1 << 5) // Asynch Schedule Enable
48#define USBCMD_IAAD (1 << 6) // Int Asynch Advance Doorbell
49#define USBCMD_LHCR (1 << 7) // Light Host Controller Reset
50#define USBCMD_ASPMC (3 << 8) // Async Sched Park Mode Count
51#define USBCMD_ASPME (1 << 11) // Async Sched Park Mode Enable
52#define USBCMD_ITC (0x7f << 16) // Int Threshold Control
53#define USBCMD_ITC_SH 16 // Int Threshold Control Shift
54
27a11324 55#define USBSTS 0x0004
94527ead
GH		 56#define USBSTS_RO_MASK 0x0000003f
57#define USBSTS_INT (1 << 0) // USB Interrupt
58#define USBSTS_ERRINT (1 << 1) // Error Interrupt
59#define USBSTS_PCD (1 << 2) // Port Change Detect
60#define USBSTS_FLR (1 << 3) // Frame List Rollover
61#define USBSTS_HSE (1 << 4) // Host System Error
62#define USBSTS_IAA (1 << 5) // Interrupt on Async Advance
63#define USBSTS_HALT (1 << 12) // HC Halted
64#define USBSTS_REC (1 << 13) // Reclamation
65#define USBSTS_PSS (1 << 14) // Periodic Schedule Status
66#define USBSTS_ASS (1 << 15) // Asynchronous Schedule Status
67
68/*
69 * Interrupt enable bits correspond to the interrupt active bits in USBSTS
70 * so no need to redefine here.
71 */
27a11324 72#define USBINTR 0x0008
94527ead
GH		 73#define USBINTR_MASK 0x0000003f
74
27a11324
PC		 75#define FRINDEX 0x000c
76#define CTRLDSSEGMENT 0x0010
77#define PERIODICLISTBASE 0x0014
78#define ASYNCLISTADDR 0x0018
94527ead
GH		 79#define ASYNCLISTADDR_MASK 0xffffffe0
80
27a11324 81#define CONFIGFLAG 0x0040
94527ead 82
94527ead 83/*
c44fd61c 84 * Bits that are reserved or are read-only are masked out of values
94527ead
GH		 85 * written to us by software
86 */
a0a3167a 87#define PORTSC_RO_MASK 0x007001c0
94527ead
GH		 88#define PORTSC_RWC_MASK 0x0000002a
89#define PORTSC_WKOC_E (1 << 22) // Wake on Over Current Enable
90#define PORTSC_WKDS_E (1 << 21) // Wake on Disconnect Enable
91#define PORTSC_WKCN_E (1 << 20) // Wake on Connect Enable
92#define PORTSC_PTC (15 << 16) // Port Test Control
93#define PORTSC_PTC_SH 16 // Port Test Control shift
94#define PORTSC_PIC (3 << 14) // Port Indicator Control
95#define PORTSC_PIC_SH 14 // Port Indicator Control Shift
96#define PORTSC_POWNER (1 << 13) // Port Owner
97#define PORTSC_PPOWER (1 << 12) // Port Power
98#define PORTSC_LINESTAT (3 << 10) // Port Line Status
99#define PORTSC_LINESTAT_SH 10 // Port Line Status Shift
100#define PORTSC_PRESET (1 << 8) // Port Reset
101#define PORTSC_SUSPEND (1 << 7) // Port Suspend
102#define PORTSC_FPRES (1 << 6) // Force Port Resume
103#define PORTSC_OCC (1 << 5) // Over Current Change
104#define PORTSC_OCA (1 << 4) // Over Current Active
105#define PORTSC_PEDC (1 << 3) // Port Enable/Disable Change
106#define PORTSC_PED (1 << 2) // Port Enable/Disable
107#define PORTSC_CSC (1 << 1) // Connect Status Change
108#define PORTSC_CONNECT (1 << 0) // Current Connect Status
109
110#define FRAME_TIMER_FREQ 1000
adddecb1 111#define FRAME_TIMER_NS (1000000000 / FRAME_TIMER_FREQ)
94527ead
GH		 112
113#define NB_MAXINTRATE 8 // Max rate at which controller issues ints
94527ead 114#define BUFF_SIZE 5*4096 // Max bytes to transfer per transaction
94527ead 115#define MAX_QH 100 // Max allowable queue heads in a chain
8f74ed1e 116#define MIN_FR_PER_TICK 3 // Min frames to process when catching up
94527ead
GH		 117
118/* Internal periodic / asynchronous schedule state machine states
119 */
120typedef enum {
121 EST_INACTIVE = 1000,
122 EST_ACTIVE,
123 EST_EXECUTING,
124 EST_SLEEPING,
125 /* The following states are internal to the state machine function
126 */
127 EST_WAITLISTHEAD,
128 EST_FETCHENTRY,
129 EST_FETCHQH,
130 EST_FETCHITD,
2fe80192 131 EST_FETCHSITD,
94527ead
GH		 132 EST_ADVANCEQUEUE,
133 EST_FETCHQTD,
134 EST_EXECUTE,
135 EST_WRITEBACK,
136 EST_HORIZONTALQH
137} EHCI_STATES;
138
139/* macros for accessing fields within next link pointer entry */
140#define NLPTR_GET(x) ((x) & 0xffffffe0)
141#define NLPTR_TYPE_GET(x) (((x) >> 1) & 3)
142#define NLPTR_TBIT(x) ((x) & 1) // 1=invalid, 0=valid
143
144/* link pointer types */
145#define NLPTR_TYPE_ITD 0 // isoc xfer descriptor
146#define NLPTR_TYPE_QH 1 // queue head
147#define NLPTR_TYPE_STITD 2 // split xaction, isoc xfer descriptor
148#define NLPTR_TYPE_FSTN 3 // frame span traversal node
149
94527ead 150#define SET_LAST_RUN_CLOCK(s) \
adddecb1 151 (s)->last_run_ns = qemu_get_clock_ns(vm_clock);
94527ead
GH		 152
153/* nifty macros from Arnon's EHCI version */
154#define get_field(data, field) \
155 (((data) & field##_MASK) >> field##_SH)
156
157#define set_field(data, newval, field) do { \
158 uint32_t val = *data; \
159 val &= ~ field##_MASK; \
160 val |= ((newval) << field##_SH) & field##_MASK; \
161 *data = val; \
162 } while(0)
163
26d53979 164static const char *ehci_state_names[] = {
aac882e7
GH		 165 [EST_INACTIVE] = "INACTIVE",
166 [EST_ACTIVE] = "ACTIVE",
167 [EST_EXECUTING] = "EXECUTING",
168 [EST_SLEEPING] = "SLEEPING",
169 [EST_WAITLISTHEAD] = "WAITLISTHEAD",
170 [EST_FETCHENTRY] = "FETCH ENTRY",
171 [EST_FETCHQH] = "FETCH QH",
172 [EST_FETCHITD] = "FETCH ITD",
173 [EST_ADVANCEQUEUE] = "ADVANCEQUEUE",
174 [EST_FETCHQTD] = "FETCH QTD",
175 [EST_EXECUTE] = "EXECUTE",
176 [EST_WRITEBACK] = "WRITEBACK",
177 [EST_HORIZONTALQH] = "HORIZONTALQH",
26d53979
GH		 178};
179
180static const char *ehci_mmio_names[] = {
aac882e7
GH		 181 [USBCMD] = "USBCMD",
182 [USBSTS] = "USBSTS",
183 [USBINTR] = "USBINTR",
184 [FRINDEX] = "FRINDEX",
185 [PERIODICLISTBASE] = "P-LIST BASE",
186 [ASYNCLISTADDR] = "A-LIST ADDR",
aac882e7 187 [CONFIGFLAG] = "CONFIGFLAG",
26d53979 188};
94527ead 189
4b63a0df
HG		 190static int ehci_state_executing(EHCIQueue *q);
191static int ehci_state_writeback(EHCIQueue *q);
b4ea8664 192static int ehci_fill_queue(EHCIPacket *p);
4b63a0df 193
26d53979 194static const char *nr2str(const char **n, size_t len, uint32_t nr)
94527ead 195{
26d53979
GH		 196 if (nr < len && n[nr] != NULL) {
197 return n[nr];
94527ead 198 } else {
26d53979 199 return "unknown";
94527ead
GH		 200 }
201}
94527ead 202
26d53979
GH		 203static const char *state2str(uint32_t state)
204{
205 return nr2str(ehci_state_names, ARRAY_SIZE(ehci_state_names), state);
206}
207
a8170e5e 208static const char *addr2str(hwaddr addr)
26d53979 209{
27a11324 210 return nr2str(ehci_mmio_names, ARRAY_SIZE(ehci_mmio_names), addr);
26d53979
GH		 211}
212
439a97cc
GH		 213static void ehci_trace_usbsts(uint32_t mask, int state)
214{
215 /* interrupts */
216 if (mask & USBSTS_INT) {
217 trace_usb_ehci_usbsts("INT", state);
218 }
219 if (mask & USBSTS_ERRINT) {
220 trace_usb_ehci_usbsts("ERRINT", state);
221 }
222 if (mask & USBSTS_PCD) {
223 trace_usb_ehci_usbsts("PCD", state);
224 }
225 if (mask & USBSTS_FLR) {
226 trace_usb_ehci_usbsts("FLR", state);
227 }
228 if (mask & USBSTS_HSE) {
229 trace_usb_ehci_usbsts("HSE", state);
230 }
231 if (mask & USBSTS_IAA) {
232 trace_usb_ehci_usbsts("IAA", state);
233 }
234
235 /* status */
236 if (mask & USBSTS_HALT) {
237 trace_usb_ehci_usbsts("HALT", state);
238 }
239 if (mask & USBSTS_REC) {
240 trace_usb_ehci_usbsts("REC", state);
241 }
242 if (mask & USBSTS_PSS) {
243 trace_usb_ehci_usbsts("PSS", state);
244 }
245 if (mask & USBSTS_ASS) {
246 trace_usb_ehci_usbsts("ASS", state);
247 }
248}
249
250static inline void ehci_set_usbsts(EHCIState *s, int mask)
251{
252 if ((s->usbsts & mask) == mask) {
253 return;
254 }
255 ehci_trace_usbsts(mask, 1);
256 s->usbsts |= mask;
257}
258
259static inline void ehci_clear_usbsts(EHCIState *s, int mask)
260{
261 if ((s->usbsts & mask) == 0) {
262 return;
263 }
264 ehci_trace_usbsts(mask, 0);
265 s->usbsts &= ~mask;
266}
94527ead 267
7efc17af
GH		 268/* update irq line */
269static inline void ehci_update_irq(EHCIState *s)
94527ead
GH		 270{
271 int level = 0;
272
94527ead
GH		 273 if ((s->usbsts & USBINTR_MASK) & s->usbintr) {
274 level = 1;
275 }
276
7efc17af 277 trace_usb_ehci_irq(level, s->frindex, s->usbsts, s->usbintr);
94527ead
GH		 278 qemu_set_irq(s->irq, level);
279}
280
7efc17af
GH		 281/* flag interrupt condition */
282static inline void ehci_raise_irq(EHCIState *s, int intr)
94527ead 283{
6d3b6d3d
GH		 284 if (intr & (USBSTS_PCD | USBSTS_FLR | USBSTS_HSE)) {
285 s->usbsts |= intr;
286 ehci_update_irq(s);
287 } else {
288 s->usbsts_pending |= intr;
289 }
94527ead
GH		 290}
291
7efc17af
GH		 292/*
293 * Commit pending interrupts (added via ehci_raise_irq),
294 * at the rate allowed by "Interrupt Threshold Control".
295 */
296static inline void ehci_commit_irq(EHCIState *s)
94527ead 297{
7efc17af
GH		 298 uint32_t itc;
299
94527ead
GH		 300 if (!s->usbsts_pending) {
301 return;
302 }
7efc17af
GH		 303 if (s->usbsts_frindex > s->frindex) {
304 return;
305 }
306
307 itc = (s->usbcmd >> 16) & 0xff;
308 s->usbsts |= s->usbsts_pending;
94527ead 309 s->usbsts_pending = 0;
7efc17af
GH		 310 s->usbsts_frindex = s->frindex + itc;
311 ehci_update_irq(s);
94527ead
GH		 312}
313
daf25307
GH		 314static void ehci_update_halt(EHCIState *s)
315{
316 if (s->usbcmd & USBCMD_RUNSTOP) {
317 ehci_clear_usbsts(s, USBSTS_HALT);
318 } else {
319 if (s->astate == EST_INACTIVE && s->pstate == EST_INACTIVE) {
320 ehci_set_usbsts(s, USBSTS_HALT);
321 }
322 }
323}
324
26d53979
GH		 325static void ehci_set_state(EHCIState *s, int async, int state)
326{
327 if (async) {
328 trace_usb_ehci_state("async", state2str(state));
329 s->astate = state;
b53f685d
GH		 330 if (s->astate == EST_INACTIVE) {
331 ehci_clear_usbsts(s, USBSTS_ASS);
daf25307 332 ehci_update_halt(s);
b53f685d
GH		 333 } else {
334 ehci_set_usbsts(s, USBSTS_ASS);
335 }
26d53979
GH		 336 } else {
337 trace_usb_ehci_state("periodic", state2str(state));
338 s->pstate = state;
b53f685d
GH		 339 if (s->pstate == EST_INACTIVE) {
340 ehci_clear_usbsts(s, USBSTS_PSS);
daf25307 341 ehci_update_halt(s);
b53f685d
GH		 342 } else {
343 ehci_set_usbsts(s, USBSTS_PSS);
344 }
26d53979
GH		 345 }
346}
347
348static int ehci_get_state(EHCIState *s, int async)
349{
350 return async ? s->astate : s->pstate;
351}
352
0122f472
GH		 353static void ehci_set_fetch_addr(EHCIState *s, int async, uint32_t addr)
354{
355 if (async) {
356 s->a_fetch_addr = addr;
357 } else {
358 s->p_fetch_addr = addr;
359 }
360}
361
362static int ehci_get_fetch_addr(EHCIState *s, int async)
363{
364 return async ? s->a_fetch_addr : s->p_fetch_addr;
365}
366
a8170e5e 367static void ehci_trace_qh(EHCIQueue *q, hwaddr addr, EHCIqh *qh)
26d53979 368{
025b168c
GH		 369 /* need three here due to argument count limits */
370 trace_usb_ehci_qh_ptrs(q, addr, qh->next,
371 qh->current_qtd, qh->next_qtd, qh->altnext_qtd);
372 trace_usb_ehci_qh_fields(addr,
373 get_field(qh->epchar, QH_EPCHAR_RL),
374 get_field(qh->epchar, QH_EPCHAR_MPLEN),
375 get_field(qh->epchar, QH_EPCHAR_EPS),
376 get_field(qh->epchar, QH_EPCHAR_EP),
377 get_field(qh->epchar, QH_EPCHAR_DEVADDR));
378 trace_usb_ehci_qh_bits(addr,
379 (bool)(qh->epchar & QH_EPCHAR_C),
380 (bool)(qh->epchar & QH_EPCHAR_H),
381 (bool)(qh->epchar & QH_EPCHAR_DTC),
382 (bool)(qh->epchar & QH_EPCHAR_I));
26d53979
GH		 383}
384
a8170e5e 385static void ehci_trace_qtd(EHCIQueue *q, hwaddr addr, EHCIqtd *qtd)
26d53979 386{
025b168c
GH		 387 /* need three here due to argument count limits */
388 trace_usb_ehci_qtd_ptrs(q, addr, qtd->next, qtd->altnext);
389 trace_usb_ehci_qtd_fields(addr,
390 get_field(qtd->token, QTD_TOKEN_TBYTES),
391 get_field(qtd->token, QTD_TOKEN_CPAGE),
392 get_field(qtd->token, QTD_TOKEN_CERR),
393 get_field(qtd->token, QTD_TOKEN_PID));
394 trace_usb_ehci_qtd_bits(addr,
395 (bool)(qtd->token & QTD_TOKEN_IOC),
396 (bool)(qtd->token & QTD_TOKEN_ACTIVE),
397 (bool)(qtd->token & QTD_TOKEN_HALT),
398 (bool)(qtd->token & QTD_TOKEN_BABBLE),
399 (bool)(qtd->token & QTD_TOKEN_XACTERR));
26d53979
GH		 400}
401
a8170e5e 402static void ehci_trace_itd(EHCIState *s, hwaddr addr, EHCIitd *itd)
26d53979 403{
e654887f
GH		 404 trace_usb_ehci_itd(addr, itd->next,
405 get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT),
406 get_field(itd->bufptr[2], ITD_BUFPTR_MULT),
407 get_field(itd->bufptr[0], ITD_BUFPTR_EP),
408 get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR));
26d53979
GH		 409}
410
a8170e5e 411static void ehci_trace_sitd(EHCIState *s, hwaddr addr,
2fe80192
GH		 412 EHCIsitd *sitd)
413{
414 trace_usb_ehci_sitd(addr, sitd->next,
415 (bool)(sitd->results & SITD_RESULTS_ACTIVE));
416}
417
5c514681
GH		 418static void ehci_trace_guest_bug(EHCIState *s, const char *message)
419{
420 trace_usb_ehci_guest_bug(message);
421 fprintf(stderr, "ehci warning: %s\n", message);
422}
423
ec807d12
GH		 424static inline bool ehci_enabled(EHCIState *s)
425{
426 return s->usbcmd & USBCMD_RUNSTOP;
427}
428
429static inline bool ehci_async_enabled(EHCIState *s)
430{
431 return ehci_enabled(s) && (s->usbcmd & USBCMD_ASE);
432}
433
434static inline bool ehci_periodic_enabled(EHCIState *s)
435{
436 return ehci_enabled(s) && (s->usbcmd & USBCMD_PSE);
437}
438
eb36a88e
GH		 439/* packet management */
440
441static EHCIPacket *ehci_alloc_packet(EHCIQueue *q)
442{
443 EHCIPacket *p;
444
eb36a88e
GH		 445 p = g_new0(EHCIPacket, 1);
446 p->queue = q;
447 usb_packet_init(&p->packet);
448 QTAILQ_INSERT_TAIL(&q->packets, p, next);
449 trace_usb_ehci_packet_action(p->queue, p, "alloc");
450 return p;
451}
452
453static void ehci_free_packet(EHCIPacket *p)
454{
4b63a0df
HG		 455 if (p->async == EHCI_ASYNC_FINISHED) {
456 int state = ehci_get_state(p->queue->ehci, p->queue->async);
457 /* This is a normal, but rare condition (cancel racing completion) */
458 fprintf(stderr, "EHCI: Warning packet completed but not processed\n");
459 ehci_state_executing(p->queue);
460 ehci_state_writeback(p->queue);
461 ehci_set_state(p->queue->ehci, p->queue->async, state);
462 /* state_writeback recurses into us with async == EHCI_ASYNC_NONE!! */
463 return;
464 }
616789cd 465 trace_usb_ehci_packet_action(p->queue, p, "free");
ef5b2344
HG		 466 if (p->async == EHCI_ASYNC_INITIALIZED) {
467 usb_packet_unmap(&p->packet, &p->sgl);
468 qemu_sglist_destroy(&p->sgl);
469 }
616789cd
GH		 470 if (p->async == EHCI_ASYNC_INFLIGHT) {
471 usb_cancel_packet(&p->packet);
472 usb_packet_unmap(&p->packet, &p->sgl);
473 qemu_sglist_destroy(&p->sgl);
474 }
eb36a88e
GH		 475 QTAILQ_REMOVE(&p->queue->packets, p, next);
476 usb_packet_cleanup(&p->packet);
477 g_free(p);
478}
479
8ac6d699
GH		 480/* queue management */
481
8f6d5e26 482static EHCIQueue *ehci_alloc_queue(EHCIState *ehci, uint32_t addr, int async)
8ac6d699 483{
df5d5c5c 484 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
8ac6d699
GH		 485 EHCIQueue *q;
486
7267c094 487 q = g_malloc0(sizeof(*q));
8ac6d699 488 q->ehci = ehci;
8f6d5e26 489 q->qhaddr = addr;
ae0138a8 490 q->async = async;
eb36a88e 491 QTAILQ_INIT(&q->packets);
df5d5c5c 492 QTAILQ_INSERT_HEAD(head, q, next);
8ac6d699
GH		 493 trace_usb_ehci_queue_action(q, "alloc");
494 return q;
495}
496
5c514681 497static int ehci_cancel_queue(EHCIQueue *q)
c7cdca3b
GH		 498{
499 EHCIPacket *p;
5c514681 500 int packets = 0;
c7cdca3b
GH		 501
502 p = QTAILQ_FIRST(&q->packets);
503 if (p == NULL) {
5c514681 504 return 0;
c7cdca3b
GH		 505 }
506
507 trace_usb_ehci_queue_action(q, "cancel");
508 do {
509 ehci_free_packet(p);
5c514681 510 packets++;
c7cdca3b 511 } while ((p = QTAILQ_FIRST(&q->packets)) != NULL);
5c514681 512 return packets;
c7cdca3b
GH		 513}
514
5c514681 515static int ehci_reset_queue(EHCIQueue *q)
dafe31fc 516{
5c514681
GH		 517 int packets;
518
dafe31fc 519 trace_usb_ehci_queue_action(q, "reset");
5c514681 520 packets = ehci_cancel_queue(q);
dafe31fc
HG		 521 q->dev = NULL;
522 q->qtdaddr = 0;
5c514681 523 return packets;
dafe31fc
HG		 524}
525
3a8ca08e 526static void ehci_free_queue(EHCIQueue *q, const char *warn)
8ac6d699 527{
ae0138a8 528 EHCIQueueHead *head = q->async ? &q->ehci->aqueues : &q->ehci->pqueues;
3a8ca08e 529 int cancelled;
eb36a88e 530
8ac6d699 531 trace_usb_ehci_queue_action(q, "free");
3a8ca08e
HG		 532 cancelled = ehci_cancel_queue(q);
533 if (warn && cancelled > 0) {
534 ehci_trace_guest_bug(q->ehci, warn);
535 }
df5d5c5c 536 QTAILQ_REMOVE(head, q, next);
7267c094 537 g_free(q);
8ac6d699
GH		 538}
539
df5d5c5c
HG		 540static EHCIQueue *ehci_find_queue_by_qh(EHCIState *ehci, uint32_t addr,
541 int async)
8ac6d699 542{
df5d5c5c 543 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
8ac6d699
GH		 544 EHCIQueue *q;
545
df5d5c5c 546 QTAILQ_FOREACH(q, head, next) {
8ac6d699
GH		 547 if (addr == q->qhaddr) {
548 return q;
549 }
550 }
551 return NULL;
552}
553
8f5457eb 554static void ehci_queues_rip_unused(EHCIState *ehci, int async)
8ac6d699 555{
df5d5c5c 556 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
8f5457eb 557 const char *warn = async ? "guest unlinked busy QH" : NULL;
3a215326 558 uint64_t maxage = FRAME_TIMER_NS * ehci->maxframes * 4;
8ac6d699
GH		 559 EHCIQueue *q, *tmp;
560
df5d5c5c 561 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
8ac6d699
GH		 562 if (q->seen) {
563 q->seen = 0;
adddecb1 564 q->ts = ehci->last_run_ns;
8ac6d699
GH		 565 continue;
566 }
8f5457eb 567 if (ehci->last_run_ns < q->ts + maxage) {
8ac6d699
GH		 568 continue;
569 }
3a8ca08e 570 ehci_free_queue(q, warn);
8ac6d699
GH		 571 }
572}
573
8f5457eb
HG		 574static void ehci_queues_rip_unseen(EHCIState *ehci, int async)
575{
576 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
577 EHCIQueue *q, *tmp;
578
579 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
580 if (!q->seen) {
581 ehci_free_queue(q, NULL);
582 }
583 }
584}
585
df5d5c5c 586static void ehci_queues_rip_device(EHCIState *ehci, USBDevice *dev, int async)
07771f6f 587{
df5d5c5c 588 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
07771f6f
GH		 589 EHCIQueue *q, *tmp;
590
df5d5c5c 591 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
e59928b3 592 if (q->dev != dev) {
07771f6f
GH		 593 continue;
594 }
3a8ca08e 595 ehci_free_queue(q, NULL);
07771f6f
GH		 596 }
597}
598
df5d5c5c 599static void ehci_queues_rip_all(EHCIState *ehci, int async)
8ac6d699 600{
df5d5c5c 601 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
3a8ca08e 602 const char *warn = async ? "guest stopped busy async schedule" : NULL;
8ac6d699
GH		 603 EHCIQueue *q, *tmp;
604
df5d5c5c 605 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
3a8ca08e 606 ehci_free_queue(q, warn);
8ac6d699
GH		 607 }
608}
609
94527ead
GH		 610/* Attach or detach a device on root hub */
611
612static void ehci_attach(USBPort *port)
613{
614 EHCIState *s = port->opaque;
615 uint32_t *portsc = &s->portsc[port->index];
30e9d412 616 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci";
94527ead 617
30e9d412 618 trace_usb_ehci_port_attach(port->index, owner, port->dev->product_desc);
94527ead 619
a0a3167a
HG		 620 if (*portsc & PORTSC_POWNER) {
621 USBPort *companion = s->companion_ports[port->index];
622 companion->dev = port->dev;
623 companion->ops->attach(companion);
624 return;
625 }
626
94527ead
GH		 627 *portsc |= PORTSC_CONNECT;
628 *portsc |= PORTSC_CSC;
629
7efc17af
GH		 630 ehci_raise_irq(s, USBSTS_PCD);
631 ehci_commit_irq(s);
94527ead
GH		 632}
633
634static void ehci_detach(USBPort *port)
635{
636 EHCIState *s = port->opaque;
637 uint32_t *portsc = &s->portsc[port->index];
30e9d412 638 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci";
94527ead 639
30e9d412 640 trace_usb_ehci_port_detach(port->index, owner);
94527ead 641
a0a3167a
HG		 642 if (*portsc & PORTSC_POWNER) {
643 USBPort *companion = s->companion_ports[port->index];
644 companion->ops->detach(companion);
645 companion->dev = NULL;
f76e1d81
HG		 646 /*
647 * EHCI spec 4.2.2: "When a disconnect occurs... On the event,
648 * the port ownership is returned immediately to the EHCI controller."
649 */
650 *portsc &= ~PORTSC_POWNER;
a0a3167a
HG		 651 return;
652 }
653
df5d5c5c
HG		 654 ehci_queues_rip_device(s, port->dev, 0);
655 ehci_queues_rip_device(s, port->dev, 1);
4706ab6c 656
fbd97532 657 *portsc &= ~(PORTSC_CONNECT|PORTSC_PED);
94527ead
GH		 658 *portsc |= PORTSC_CSC;
659
7efc17af
GH		 660 ehci_raise_irq(s, USBSTS_PCD);
661 ehci_commit_irq(s);
94527ead
GH		 662}
663
4706ab6c
HG		 664static void ehci_child_detach(USBPort *port, USBDevice *child)
665{
666 EHCIState *s = port->opaque;
a0a3167a
HG		 667 uint32_t portsc = s->portsc[port->index];
668
669 if (portsc & PORTSC_POWNER) {
670 USBPort *companion = s->companion_ports[port->index];
671 companion->ops->child_detach(companion, child);
a0a3167a
HG		 672 return;
673 }
4706ab6c 674
df5d5c5c
HG		 675 ehci_queues_rip_device(s, child, 0);
676 ehci_queues_rip_device(s, child, 1);
4706ab6c
HG		 677}
678
a0a3167a
HG		 679static void ehci_wakeup(USBPort *port)
680{
681 EHCIState *s = port->opaque;
682 uint32_t portsc = s->portsc[port->index];
683
684 if (portsc & PORTSC_POWNER) {
685 USBPort *companion = s->companion_ports[port->index];
686 if (companion->ops->wakeup) {
687 companion->ops->wakeup(companion);
688 }
37952117 689 return;
a0a3167a 690 }
37952117
HG		 691
692 qemu_bh_schedule(s->async_bh);
a0a3167a
HG		 693}
694
695static int ehci_register_companion(USBBus *bus, USBPort *ports[],
696 uint32_t portcount, uint32_t firstport)
697{
698 EHCIState *s = container_of(bus, EHCIState, bus);
699 uint32_t i;
700
701 if (firstport + portcount > NB_PORTS) {
702 qerror_report(QERR_INVALID_PARAMETER_VALUE, "firstport",
703 "firstport on masterbus");
704 error_printf_unless_qmp(
705 "firstport value of %u makes companion take ports %u - %u, which "
706 "is outside of the valid range of 0 - %u\n", firstport, firstport,
707 firstport + portcount - 1, NB_PORTS - 1);
708 return -1;
709 }
710
711 for (i = 0; i < portcount; i++) {
712 if (s->companion_ports[firstport + i]) {
713 qerror_report(QERR_INVALID_PARAMETER_VALUE, "masterbus",
714 "an USB masterbus");
715 error_printf_unless_qmp(
716 "port %u on masterbus %s already has a companion assigned\n",
717 firstport + i, bus->qbus.name);
718 return -1;
719 }
720 }
721
722 for (i = 0; i < portcount; i++) {
723 s->companion_ports[firstport + i] = ports[i];
724 s->ports[firstport + i].speedmask |=
725 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL;
726 /* Ensure devs attached before the initial reset go to the companion */
727 s->portsc[firstport + i] = PORTSC_POWNER;
728 }
729
730 s->companion_count++;
3e4f910c 731 s->caps[0x05] = (s->companion_count << 4) | portcount;
a0a3167a
HG		 732
733 return 0;
734}
735
828143c6
GH		 736static USBDevice *ehci_find_device(EHCIState *ehci, uint8_t addr)
737{
738 USBDevice *dev;
739 USBPort *port;
740 int i;
741
742 for (i = 0; i < NB_PORTS; i++) {
743 port = &ehci->ports[i];
744 if (!(ehci->portsc[i] & PORTSC_PED)) {
745 DPRINTF("Port %d not enabled\n", i);
746 continue;
747 }
748 dev = usb_find_device(port, addr);
749 if (dev != NULL) {
750 return dev;
751 }
752 }
753 return NULL;
754}
755
94527ead
GH		 756/* 4.1 host controller initialization */
757static void ehci_reset(void *opaque)
758{
759 EHCIState *s = opaque;
94527ead 760 int i;
a0a3167a 761 USBDevice *devs[NB_PORTS];
94527ead 762
439a97cc 763 trace_usb_ehci_reset();
94527ead 764
a0a3167a
HG		 765 /*
766 * Do the detach before touching portsc, so that it correctly gets send to
767 * us or to our companion based on PORTSC_POWNER before the reset.
768 */
769 for(i = 0; i < NB_PORTS; i++) {
770 devs[i] = s->ports[i].dev;
891fb2cd
GH		 771 if (devs[i] && devs[i]->attached) {
772 usb_detach(&s->ports[i]);
a0a3167a
HG		 773 }
774 }
775
3e4f910c
GH		 776 memset(&s->opreg, 0x00, sizeof(s->opreg));
777 memset(&s->portsc, 0x00, sizeof(s->portsc));
94527ead
GH		 778
779 s->usbcmd = NB_MAXINTRATE << USBCMD_ITC_SH;
780 s->usbsts = USBSTS_HALT;
7efc17af
GH		 781 s->usbsts_pending = 0;
782 s->usbsts_frindex = 0;
94527ead
GH		 783
784 s->astate = EST_INACTIVE;
785 s->pstate = EST_INACTIVE;
94527ead
GH		 786
787 for(i = 0; i < NB_PORTS; i++) {
a0a3167a
HG		 788 if (s->companion_ports[i]) {
789 s->portsc[i] = PORTSC_POWNER | PORTSC_PPOWER;
790 } else {
791 s->portsc[i] = PORTSC_PPOWER;
792 }
891fb2cd
GH		 793 if (devs[i] && devs[i]->attached) {
794 usb_attach(&s->ports[i]);
d28f4e2d 795 usb_device_reset(devs[i]);
94527ead
GH		 796 }
797 }
df5d5c5c
HG		 798 ehci_queues_rip_all(s, 0);
799 ehci_queues_rip_all(s, 1);
81d37739 800 qemu_del_timer(s->frame_timer);
0fb3e299 801 qemu_bh_cancel(s->async_bh);
94527ead
GH		 802}
803
a8170e5e 804static uint64_t ehci_caps_read(void *ptr, hwaddr addr,
3e4f910c 805 unsigned size)
94527ead
GH		 806{
807 EHCIState *s = ptr;
3e4f910c 808 return s->caps[addr];
94527ead
GH		 809}
810
a8170e5e 811static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
3e4f910c 812 unsigned size)
94527ead
GH		 813{
814 EHCIState *s = ptr;
815 uint32_t val;
816
3e4f910c 817 val = s->opreg[addr >> 2];
27a11324 818 trace_usb_ehci_opreg_read(addr + s->opregbase, addr2str(addr), val);
94527ead
GH		 819 return val;
820}
821
a8170e5e 822static uint64_t ehci_port_read(void *ptr, hwaddr addr,
3e4f910c 823 unsigned size)
94527ead
GH		 824{
825 EHCIState *s = ptr;
826 uint32_t val;
827
3e4f910c
GH		 828 val = s->portsc[addr >> 2];
829 trace_usb_ehci_portsc_read(addr + PORTSC_BEGIN, addr >> 2, val);
94527ead
GH		 830 return val;
831}
832
a0a3167a
HG		 833static void handle_port_owner_write(EHCIState *s, int port, uint32_t owner)
834{
835 USBDevice *dev = s->ports[port].dev;
836 uint32_t *portsc = &s->portsc[port];
837 uint32_t orig;
838
839 if (s->companion_ports[port] == NULL)
840 return;
841
842 owner = owner & PORTSC_POWNER;
843 orig = *portsc & PORTSC_POWNER;
844
845 if (!(owner ^ orig)) {
846 return;
847 }
848
891fb2cd
GH		 849 if (dev && dev->attached) {
850 usb_detach(&s->ports[port]);
a0a3167a
HG		 851 }
852
853 *portsc &= ~PORTSC_POWNER;
854 *portsc |= owner;
855
891fb2cd
GH		 856 if (dev && dev->attached) {
857 usb_attach(&s->ports[port]);
a0a3167a
HG		 858 }
859}
860
a8170e5e 861static void ehci_port_write(void *ptr, hwaddr addr,
3e4f910c 862 uint64_t val, unsigned size)
94527ead 863{
3e4f910c
GH		 864 EHCIState *s = ptr;
865 int port = addr >> 2;
94527ead 866 uint32_t *portsc = &s->portsc[port];
3e4f910c 867 uint32_t old = *portsc;
94527ead
GH		 868 USBDevice *dev = s->ports[port].dev;
869
3e4f910c
GH		 870 trace_usb_ehci_portsc_write(addr + PORTSC_BEGIN, addr >> 2, val);
871
fbd97532
HG		 872 /* Clear rwc bits */
873 *portsc &= ~(val & PORTSC_RWC_MASK);
874 /* The guest may clear, but not set the PED bit */
875 *portsc &= val | ~PORTSC_PED;
a0a3167a
HG		 876 /* POWNER is masked out by RO_MASK as it is RO when we've no companion */
877 handle_port_owner_write(s, port, val);
878 /* And finally apply RO_MASK */
94527ead
GH		 879 val &= PORTSC_RO_MASK;
880
94527ead 881 if ((val & PORTSC_PRESET) && !(*portsc & PORTSC_PRESET)) {
dcbd0b5c 882 trace_usb_ehci_port_reset(port, 1);
94527ead
GH		 883 }
884
885 if (!(val & PORTSC_PRESET) &&(*portsc & PORTSC_PRESET)) {
dcbd0b5c 886 trace_usb_ehci_port_reset(port, 0);
891fb2cd 887 if (dev && dev->attached) {
d28f4e2d 888 usb_port_reset(&s->ports[port]);
94527ead
GH		 889 *portsc &= ~PORTSC_CSC;
890 }
891
fbd97532
HG		 892 /*
893 * Table 2.16 Set the enable bit(and enable bit change) to indicate
94527ead 894 * to SW that this port has a high speed device attached
94527ead 895 */
891fb2cd 896 if (dev && dev->attached && (dev->speedmask & USB_SPEED_MASK_HIGH)) {
fbd97532
HG		 897 val |= PORTSC_PED;
898 }
94527ead
GH		 899 }
900
901 *portsc &= ~PORTSC_RO_MASK;
902 *portsc |= val;
3e4f910c 903 trace_usb_ehci_portsc_change(addr + PORTSC_BEGIN, addr >> 2, *portsc, old);
94527ead
GH		 904}
905
a8170e5e 906static void ehci_opreg_write(void *ptr, hwaddr addr,
3e4f910c 907 uint64_t val, unsigned size)
94527ead
GH		 908{
909 EHCIState *s = ptr;
3e4f910c 910 uint32_t *mmio = s->opreg + (addr >> 2);
c4f8e211 911 uint32_t old = *mmio;
94527ead 912 int i;
439a97cc 913
27a11324 914 trace_usb_ehci_opreg_write(addr + s->opregbase, addr2str(addr), val);
94527ead 915
27a11324 916 switch (addr) {
94527ead 917 case USBCMD:
7046530c
GH		 918 if (val & USBCMD_HCRESET) {
919 ehci_reset(s);
920 val = s->usbcmd;
921 break;
922 }
923
47d073cc
HG		 924 /* not supporting dynamic frame list size at the moment */
925 if ((val & USBCMD_FLS) && !(s->usbcmd & USBCMD_FLS)) {
926 fprintf(stderr, "attempt to set frame list size -- value %d\n",
3e4f910c 927 (int)val & USBCMD_FLS);
47d073cc
HG		 928 val &= ~USBCMD_FLS;
929 }
930
a1c3e4b8
HG		 931 if (val & USBCMD_IAAD) {
932 /*
933 * Process IAAD immediately, otherwise the Linux IAAD watchdog may
934 * trigger and re-use a qh without us seeing the unlink.
935 */
936 s->async_stepdown = 0;
937 qemu_bh_schedule(s->async_bh);
1defcbd1 938 trace_usb_ehci_doorbell_ring();
a1c3e4b8
HG		 939 }
940
daf25307
GH		 941 if (((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & val) !=
942 ((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & s->usbcmd)) {
3a215326 943 if (s->pstate == EST_INACTIVE) {
daf25307
GH		 944 SET_LAST_RUN_CLOCK(s);
945 }
47d073cc 946 s->usbcmd = val; /* Set usbcmd for ehci_update_halt() */
daf25307 947 ehci_update_halt(s);
3a215326 948 s->async_stepdown = 0;
0262f65a 949 qemu_bh_schedule(s->async_bh);
94527ead 950 }
94527ead
GH		 951 break;
952
94527ead 953 case USBSTS:
a31f0531
JM		 954 val &= USBSTS_RO_MASK; // bits 6 through 31 are RO
955 ehci_clear_usbsts(s, val); // bits 0 through 5 are R/WC
439a97cc 956 val = s->usbsts;
7efc17af 957 ehci_update_irq(s);
94527ead
GH		 958 break;
959
94527ead
GH		 960 case USBINTR:
961 val &= USBINTR_MASK;
94527ead
GH		 962 break;
963
8a771f77
HG		 964 case FRINDEX:
965 val &= 0x00003ff8; /* frindex is 14bits and always a multiple of 8 */
966 break;
967
94527ead 968 case CONFIGFLAG:
94527ead
GH		 969 val &= 0x1;
970 if (val) {
971 for(i = 0; i < NB_PORTS; i++)
a0a3167a 972 handle_port_owner_write(s, i, 0);
94527ead
GH		 973 }
974 break;
975
976 case PERIODICLISTBASE:
ec807d12 977 if (ehci_periodic_enabled(s)) {
94527ead
GH		 978 fprintf(stderr,
979 "ehci: PERIODIC list base register set while periodic schedule\n"
980 " is enabled and HC is enabled\n");
981 }
94527ead
GH		 982 break;
983
984 case ASYNCLISTADDR:
ec807d12 985 if (ehci_async_enabled(s)) {
94527ead
GH		 986 fprintf(stderr,
987 "ehci: ASYNC list address register set while async schedule\n"
988 " is enabled and HC is enabled\n");
989 }
94527ead
GH		 990 break;
991 }
992
c4f8e211 993 *mmio = val;
27a11324
PC		 994 trace_usb_ehci_opreg_change(addr + s->opregbase, addr2str(addr),
995 *mmio, old);
94527ead
GH		 996}
997
998
999// TODO : Put in common header file, duplication from usb-ohci.c
1000
1001/* Get an array of dwords from main memory */
68d55358
DG		 1002static inline int get_dwords(EHCIState *ehci, uint32_t addr,
1003 uint32_t *buf, int num)
94527ead
GH		 1004{
1005 int i;
1006
1007 for(i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
7ae6ce02 1008 dma_memory_read(ehci->dma, addr, buf, sizeof(*buf));
94527ead
GH		 1009 *buf = le32_to_cpu(*buf);
1010 }
1011
1012 return 1;
1013}
1014
1015/* Put an array of dwords in to main memory */
68d55358
DG		 1016static inline int put_dwords(EHCIState *ehci, uint32_t addr,
1017 uint32_t *buf, int num)
94527ead
GH		 1018{
1019 int i;
1020
1021 for(i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
1022 uint32_t tmp = cpu_to_le32(*buf);
7ae6ce02 1023 dma_memory_write(ehci->dma, addr, &tmp, sizeof(tmp));
94527ead
GH		 1024 }
1025
1026 return 1;
1027}
1028
a5e0139a
GH		 1029/*
1030 * Write the qh back to guest physical memory. This step isn't
1031 * in the EHCI spec but we need to do it since we don't share
1032 * physical memory with our guest VM.
1033 *
1034 * The first three dwords are read-only for the EHCI, so skip them
1035 * when writing back the qh.
1036 */
1037static void ehci_flush_qh(EHCIQueue *q)
1038{
1039 uint32_t *qh = (uint32_t *) &q->qh;
1040 uint32_t dwords = sizeof(EHCIqh) >> 2;
1041 uint32_t addr = NLPTR_GET(q->qhaddr);
1042
1043 put_dwords(q->ehci, addr + 3 * sizeof(uint32_t), qh + 3, dwords - 3);
1044}
1045
94527ead
GH		 1046// 4.10.2
1047
0122f472 1048static int ehci_qh_do_overlay(EHCIQueue *q)
94527ead 1049{
eb36a88e 1050 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
94527ead
GH		 1051 int i;
1052 int dtoggle;
1053 int ping;
1054 int eps;
1055 int reload;
1056
eb36a88e
GH		 1057 assert(p != NULL);
1058 assert(p->qtdaddr == q->qtdaddr);
1059
94527ead
GH		 1060 // remember values in fields to preserve in qh after overlay
1061
0122f472
GH		 1062 dtoggle = q->qh.token & QTD_TOKEN_DTOGGLE;
1063 ping = q->qh.token & QTD_TOKEN_PING;
94527ead 1064
eb36a88e
GH		 1065 q->qh.current_qtd = p->qtdaddr;
1066 q->qh.next_qtd = p->qtd.next;
1067 q->qh.altnext_qtd = p->qtd.altnext;
1068 q->qh.token = p->qtd.token;
94527ead
GH		 1069
1070
0122f472 1071 eps = get_field(q->qh.epchar, QH_EPCHAR_EPS);
94527ead 1072 if (eps == EHCI_QH_EPS_HIGH) {
0122f472
GH		 1073 q->qh.token &= ~QTD_TOKEN_PING;
1074 q->qh.token |= ping;
94527ead
GH		 1075 }
1076
0122f472
GH		 1077 reload = get_field(q->qh.epchar, QH_EPCHAR_RL);
1078 set_field(&q->qh.altnext_qtd, reload, QH_ALTNEXT_NAKCNT);
94527ead
GH		 1079
1080 for (i = 0; i < 5; i++) {
eb36a88e 1081 q->qh.bufptr[i] = p->qtd.bufptr[i];
94527ead
GH		 1082 }
1083
0122f472 1084 if (!(q->qh.epchar & QH_EPCHAR_DTC)) {
94527ead 1085 // preserve QH DT bit
0122f472
GH		 1086 q->qh.token &= ~QTD_TOKEN_DTOGGLE;
1087 q->qh.token |= dtoggle;
94527ead
GH		 1088 }
1089
0122f472
GH		 1090 q->qh.bufptr[1] &= ~BUFPTR_CPROGMASK_MASK;
1091 q->qh.bufptr[2] &= ~BUFPTR_FRAMETAG_MASK;
94527ead 1092
a5e0139a 1093 ehci_flush_qh(q);
94527ead
GH		 1094
1095 return 0;
1096}
1097
eb36a88e 1098static int ehci_init_transfer(EHCIPacket *p)
94527ead 1099{
0ce668bc 1100 uint32_t cpage, offset, bytes, plen;
68d55358 1101 dma_addr_t page;
94527ead 1102
eb36a88e
GH		 1103 cpage = get_field(p->qtd.token, QTD_TOKEN_CPAGE);
1104 bytes = get_field(p->qtd.token, QTD_TOKEN_TBYTES);
1105 offset = p->qtd.bufptr[0] & ~QTD_BUFPTR_MASK;
7ae6ce02 1106 qemu_sglist_init(&p->sgl, 5, p->queue->ehci->dma);
94527ead 1107
0ce668bc
GH		 1108 while (bytes > 0) {
1109 if (cpage > 4) {
1110 fprintf(stderr, "cpage out of range (%d)\n", cpage);
01e26b0e 1111 return -1;
0ce668bc 1112 }
94527ead 1113
eb36a88e 1114 page = p->qtd.bufptr[cpage] & QTD_BUFPTR_MASK;
0ce668bc
GH		 1115 page += offset;
1116 plen = bytes;
1117 if (plen > 4096 - offset) {
1118 plen = 4096 - offset;
1119 offset = 0;
1120 cpage++;
94527ead
GH		 1121 }
1122
eb36a88e 1123 qemu_sglist_add(&p->sgl, page, plen);
0ce668bc
GH		 1124 bytes -= plen;
1125 }
1126 return 0;
1127}
94527ead 1128
0ce668bc
GH		 1129static void ehci_finish_transfer(EHCIQueue *q, int status)
1130{
1131 uint32_t cpage, offset;
94527ead 1132
0ce668bc
GH		 1133 if (status > 0) {
1134 /* update cpage & offset */
1135 cpage = get_field(q->qh.token, QTD_TOKEN_CPAGE);
1136 offset = q->qh.bufptr[0] & ~QTD_BUFPTR_MASK;
94527ead 1137
0ce668bc
GH		 1138 offset += status;
1139 cpage += offset >> QTD_BUFPTR_SH;
1140 offset &= ~QTD_BUFPTR_MASK;
94527ead 1141
0ce668bc
GH		 1142 set_field(&q->qh.token, cpage, QTD_TOKEN_CPAGE);
1143 q->qh.bufptr[0] &= QTD_BUFPTR_MASK;
1144 q->qh.bufptr[0] |= offset;
1145 }
94527ead
GH		 1146}
1147
d47e59b8 1148static void ehci_async_complete_packet(USBPort *port, USBPacket *packet)
94527ead 1149{
eb36a88e 1150 EHCIPacket *p;
a0a3167a
HG		 1151 EHCIState *s = port->opaque;
1152 uint32_t portsc = s->portsc[port->index];
1153
1154 if (portsc & PORTSC_POWNER) {
1155 USBPort *companion = s->companion_ports[port->index];
1156 companion->ops->complete(companion, packet);
1157 return;
1158 }
94527ead 1159
eb36a88e 1160 p = container_of(packet, EHCIPacket, packet);
eb36a88e 1161 assert(p->async == EHCI_ASYNC_INFLIGHT);
0cae7b1a 1162
9a77a0f5 1163 if (packet->status == USB_RET_REMOVE_FROM_QUEUE) {
0cae7b1a
HG		 1164 trace_usb_ehci_packet_action(p->queue, p, "remove");
1165 ehci_free_packet(p);
1166 return;
1167 }
1168
1169 trace_usb_ehci_packet_action(p->queue, p, "wakeup");
eb36a88e 1170 p->async = EHCI_ASYNC_FINISHED;
9a77a0f5 1171 p->usb_status = packet->status ? packet->status : packet->actual_length;
ae710b99
GH		 1172
1173 if (p->queue->async) {
1174 qemu_bh_schedule(p->queue->ehci->async_bh);
1175 }
94527ead
GH		 1176}
1177
0122f472 1178static void ehci_execute_complete(EHCIQueue *q)
94527ead 1179{
eb36a88e
GH		 1180 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1181
1182 assert(p != NULL);
1183 assert(p->qtdaddr == q->qtdaddr);
ef5b2344
HG		 1184 assert(p->async == EHCI_ASYNC_INITIALIZED ||
1185 p->async == EHCI_ASYNC_FINISHED);
94527ead
GH		 1186
1187 DPRINTF("execute_complete: qhaddr 0x%x, next %x, qtdaddr 0x%x, status %d\n",
0122f472 1188 q->qhaddr, q->qh.next, q->qtdaddr, q->usb_status);
94527ead 1189
eb36a88e
GH		 1190 if (p->usb_status < 0) {
1191 switch (p->usb_status) {
d61000a8 1192 case USB_RET_IOERROR:
94527ead 1193 case USB_RET_NODEV:
d2bd525f 1194 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_XACTERR);
dd54cfe0 1195 set_field(&q->qh.token, 0, QTD_TOKEN_CERR);
7efc17af 1196 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
94527ead
GH		 1197 break;
1198 case USB_RET_STALL:
0122f472 1199 q->qh.token |= QTD_TOKEN_HALT;
7efc17af 1200 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
94527ead
GH		 1201 break;
1202 case USB_RET_NAK:
553a6a59
HG		 1203 set_field(&q->qh.altnext_qtd, 0, QH_ALTNEXT_NAKCNT);
1204 return; /* We're not done yet with this transaction */
94527ead 1205 case USB_RET_BABBLE:
d2bd525f 1206 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_BABBLE);
7efc17af 1207 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
94527ead
GH		 1208 break;
1209 default:
0122f472 1210 /* should not be triggerable */
eb36a88e 1211 fprintf(stderr, "USB invalid response %d\n", p->usb_status);
0122f472 1212 assert(0);
94527ead
GH		 1213 break;
1214 }
1215 } else {
94527ead 1216 // TODO check 4.12 for splits
549a3c3d 1217 uint32_t tbytes = get_field(q->qh.token, QTD_TOKEN_TBYTES);
94527ead 1218
549a3c3d
HG		 1219 if (tbytes && p->pid == USB_TOKEN_IN) {
1220 tbytes -= p->usb_status;
cf08a8a1
HG		 1221 if (tbytes) {
1222 /* 4.15.1.2 must raise int on a short input packet */
1223 ehci_raise_irq(q->ehci, USBSTS_INT);
1224 }
94527ead 1225 } else {
549a3c3d 1226 tbytes = 0;
94527ead
GH		 1227 }
1228
549a3c3d
HG		 1229 DPRINTF("updating tbytes to %d\n", tbytes);
1230 set_field(&q->qh.token, tbytes, QTD_TOKEN_TBYTES);
94527ead 1231 }
eb36a88e 1232 ehci_finish_transfer(q, p->usb_status);
e2f89926 1233 usb_packet_unmap(&p->packet, &p->sgl);
eb36a88e 1234 qemu_sglist_destroy(&p->sgl);
ef5b2344 1235 p->async = EHCI_ASYNC_NONE;
94527ead 1236
0122f472
GH		 1237 q->qh.token ^= QTD_TOKEN_DTOGGLE;
1238 q->qh.token &= ~QTD_TOKEN_ACTIVE;
94527ead 1239
553a6a59 1240 if (q->qh.token & QTD_TOKEN_IOC) {
7efc17af 1241 ehci_raise_irq(q->ehci, USBSTS_INT);
44272b0f
HG		 1242 if (q->async) {
1243 q->ehci->int_req_by_async = true;
1244 }
94527ead 1245 }
94527ead
GH		 1246}
1247
01e26b0e 1248/* 4.10.3 returns "again" */
773dc9cd 1249static int ehci_execute(EHCIPacket *p, const char *action)
94527ead 1250{
079d0b7f 1251 USBEndpoint *ep;
94527ead 1252 int endp;
6ba43f1f 1253 bool spd;
94527ead 1254
ef5b2344
HG		 1255 assert(p->async == EHCI_ASYNC_NONE ||
1256 p->async == EHCI_ASYNC_INITIALIZED);
1257
4224558f
GH		 1258 if (!(p->qtd.token & QTD_TOKEN_ACTIVE)) {
1259 fprintf(stderr, "Attempting to execute inactive qtd\n");
01e26b0e 1260 return -1;
94527ead
GH		 1261 }
1262
549a3c3d 1263 if (get_field(p->qtd.token, QTD_TOKEN_TBYTES) > BUFF_SIZE) {
3a8ca08e
HG		 1264 ehci_trace_guest_bug(p->queue->ehci,
1265 "guest requested more bytes than allowed");
01e26b0e 1266 return -1;
94527ead
GH		 1267 }
1268
4224558f 1269 p->pid = (p->qtd.token & QTD_TOKEN_PID_MASK) >> QTD_TOKEN_PID_SH;
eb36a88e
GH		 1270 switch (p->pid) {
1271 case 0:
1272 p->pid = USB_TOKEN_OUT;
1273 break;
1274 case 1:
1275 p->pid = USB_TOKEN_IN;
1276 break;
1277 case 2:
1278 p->pid = USB_TOKEN_SETUP;
1279 break;
1280 default:
1281 fprintf(stderr, "bad token\n");
1282 break;
94527ead
GH		 1283 }
1284
4224558f 1285 endp = get_field(p->queue->qh.epchar, QH_EPCHAR_EP);
e59928b3 1286 ep = usb_ep_get(p->queue->dev, p->pid, endp);
94527ead 1287
ef5b2344
HG		 1288 if (p->async == EHCI_ASYNC_NONE) {
1289 if (ehci_init_transfer(p) != 0) {
01e26b0e 1290 return -1;
ef5b2344
HG		 1291 }
1292
6ba43f1f 1293 spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0);
a6fb2ddb
HG		 1294 usb_packet_setup(&p->packet, p->pid, ep, p->qtdaddr, spd,
1295 (p->qtd.token & QTD_TOKEN_IOC) != 0);
ef5b2344
HG		 1296 usb_packet_map(&p->packet, &p->sgl);
1297 p->async = EHCI_ASYNC_INITIALIZED;
1298 }
0ce668bc 1299
773dc9cd 1300 trace_usb_ehci_packet_action(p->queue, p, action);
9a77a0f5
HG		 1301 usb_handle_packet(p->queue->dev, &p->packet);
1302 DPRINTF("submit: qh 0x%x next 0x%x qtd 0x%x pid 0x%x len %zd endp 0x%x "
1303 "status %d actual_length %d\n", p->queue->qhaddr, p->qtd.next,
1304 p->qtdaddr, p->pid, p->packet.iov.size, endp, p->packet.status,
1305 p->packet.actual_length);
94527ead 1306
9a77a0f5 1307 if (p->packet.actual_length > BUFF_SIZE) {
94527ead 1308 fprintf(stderr, "ret from usb_handle_packet > BUFF_SIZE\n");
01e26b0e 1309 return -1;
94527ead
GH		 1310 }
1311
01e26b0e 1312 return 1;
94527ead
GH		 1313}
1314
1315/* 4.7.2
1316 */
1317
1318static int ehci_process_itd(EHCIState *ehci,
e983395d
GH		 1319 EHCIitd *itd,
1320 uint32_t addr)
94527ead 1321{
94527ead 1322 USBDevice *dev;
079d0b7f 1323 USBEndpoint *ep;
94527ead 1324 int ret;
828143c6 1325 uint32_t i, len, pid, dir, devaddr, endp;
e654887f 1326 uint32_t pg, off, ptr1, ptr2, max, mult;
94527ead
GH		 1327
1328 dir =(itd->bufptr[1] & ITD_BUFPTR_DIRECTION);
e654887f 1329 devaddr = get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR);
94527ead 1330 endp = get_field(itd->bufptr[0], ITD_BUFPTR_EP);
e654887f
GH		 1331 max = get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT);
1332 mult = get_field(itd->bufptr[2], ITD_BUFPTR_MULT);
94527ead
GH		 1333
1334 for(i = 0; i < 8; i++) {
1335 if (itd->transact[i] & ITD_XACT_ACTIVE) {
e654887f
GH		 1336 pg = get_field(itd->transact[i], ITD_XACT_PGSEL);
1337 off = itd->transact[i] & ITD_XACT_OFFSET_MASK;
1338 ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
1339 ptr2 = (itd->bufptr[pg+1] & ITD_BUFPTR_MASK);
1340 len = get_field(itd->transact[i], ITD_XACT_LENGTH);
1341
1342 if (len > max * mult) {
1343 len = max * mult;
1344 }
94527ead
GH		 1345
1346 if (len > BUFF_SIZE) {
01e26b0e 1347 return -1;
94527ead
GH		 1348 }
1349
7ae6ce02 1350 qemu_sglist_init(&ehci->isgl, 2, ehci->dma);
e654887f
GH		 1351 if (off + len > 4096) {
1352 /* transfer crosses page border */
0ce668bc
GH		 1353 uint32_t len2 = off + len - 4096;
1354 uint32_t len1 = len - len2;
1355 qemu_sglist_add(&ehci->isgl, ptr1 + off, len1);
1356 qemu_sglist_add(&ehci->isgl, ptr2, len2);
e654887f 1357 } else {
0ce668bc 1358 qemu_sglist_add(&ehci->isgl, ptr1 + off, len);
e654887f 1359 }
94527ead 1360
0ce668bc 1361 pid = dir ? USB_TOKEN_IN : USB_TOKEN_OUT;
94527ead 1362
079d0b7f
GH		 1363 dev = ehci_find_device(ehci, devaddr);
1364 ep = usb_ep_get(dev, pid, endp);
7ce86aa1 1365 if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) {
a6fb2ddb
HG		 1366 usb_packet_setup(&ehci->ipacket, pid, ep, addr, false,
1367 (itd->transact[i] & ITD_XACT_IOC) != 0);
aa0568ff 1368 usb_packet_map(&ehci->ipacket, &ehci->isgl);
9a77a0f5 1369 usb_handle_packet(dev, &ehci->ipacket);
e2f89926 1370 usb_packet_unmap(&ehci->ipacket, &ehci->isgl);
9a77a0f5
HG		 1371 ret = (ehci->ipacket.status == USB_RET_SUCCESS) ?
1372 ehci->ipacket.actual_length : ehci->ipacket.status;
aa0568ff
GH		 1373 } else {
1374 DPRINTF("ISOCH: attempt to addess non-iso endpoint\n");
1375 ret = USB_RET_NAK;
1376 }
0ce668bc
GH		 1377 qemu_sglist_destroy(&ehci->isgl);
1378
5eafd438 1379 if (ret < 0) {
df787185
HG		 1380 switch (ret) {
1381 default:
1382 fprintf(stderr, "Unexpected iso usb result: %d\n", ret);
1383 /* Fall through */
d61000a8 1384 case USB_RET_IOERROR:
df787185
HG		 1385 case USB_RET_NODEV:
1386 /* 3.3.2: XACTERR is only allowed on IN transactions */
1387 if (dir) {
1388 itd->transact[i] |= ITD_XACT_XACTERR;
7efc17af 1389 ehci_raise_irq(ehci, USBSTS_ERRINT);
df787185
HG		 1390 }
1391 break;
1392 case USB_RET_BABBLE:
1393 itd->transact[i] |= ITD_XACT_BABBLE;
7efc17af 1394 ehci_raise_irq(ehci, USBSTS_ERRINT);
df787185 1395 break;
5eafd438
HG		 1396 case USB_RET_NAK:
1397 /* no data for us, so do a zero-length transfer */
1398 ret = 0;
1399 break;
1400 }
1401 }
1402 if (ret >= 0) {
1403 if (!dir) {
1404 /* OUT */
1405 set_field(&itd->transact[i], len - ret, ITD_XACT_LENGTH);
1406 } else {
1407 /* IN */
1408 set_field(&itd->transact[i], ret, ITD_XACT_LENGTH);
94527ead
GH		 1409 }
1410 }
df787185 1411 if (itd->transact[i] & ITD_XACT_IOC) {
7efc17af 1412 ehci_raise_irq(ehci, USBSTS_INT);
df787185 1413 }
e654887f 1414 itd->transact[i] &= ~ITD_XACT_ACTIVE;
94527ead
GH		 1415 }
1416 }
1417 return 0;
1418}
1419
cd665715 1420
94527ead
GH		 1421/* This state is the entry point for asynchronous schedule
1422 * processing. Entry here consitutes a EHCI start event state (4.8.5)
1423 */
26d53979 1424static int ehci_state_waitlisthead(EHCIState *ehci, int async)
94527ead 1425{
0122f472 1426 EHCIqh qh;
94527ead
GH		 1427 int i = 0;
1428 int again = 0;
1429 uint32_t entry = ehci->asynclistaddr;
1430
1431 /* set reclamation flag at start event (4.8.6) */
1432 if (async) {
439a97cc 1433 ehci_set_usbsts(ehci, USBSTS_REC);
94527ead
GH		 1434 }
1435
8f5457eb 1436 ehci_queues_rip_unused(ehci, async);
8ac6d699 1437
94527ead
GH		 1438 /* Find the head of the list (4.9.1.1) */
1439 for(i = 0; i < MAX_QH; i++) {
68d55358
DG		 1440 get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &qh,
1441 sizeof(EHCIqh) >> 2);
8ac6d699 1442 ehci_trace_qh(NULL, NLPTR_GET(entry), &qh);
94527ead 1443
0122f472 1444 if (qh.epchar & QH_EPCHAR_H) {
94527ead
GH		 1445 if (async) {
1446 entry |= (NLPTR_TYPE_QH << 1);
1447 }
1448
0122f472 1449 ehci_set_fetch_addr(ehci, async, entry);
26d53979 1450 ehci_set_state(ehci, async, EST_FETCHENTRY);
94527ead
GH		 1451 again = 1;
1452 goto out;
1453 }
1454
0122f472 1455 entry = qh.next;
94527ead 1456 if (entry == ehci->asynclistaddr) {
94527ead
GH		 1457 break;
1458 }
1459 }
1460
1461 /* no head found for list. */
1462
26d53979 1463 ehci_set_state(ehci, async, EST_ACTIVE);
94527ead
GH		 1464
1465out:
1466 return again;
1467}
1468
1469
1470/* This state is the entry point for periodic schedule processing as
1471 * well as being a continuation state for async processing.
1472 */
26d53979 1473static int ehci_state_fetchentry(EHCIState *ehci, int async)
94527ead
GH		 1474{
1475 int again = 0;
0122f472 1476 uint32_t entry = ehci_get_fetch_addr(ehci, async);
94527ead 1477
2a5ff735 1478 if (NLPTR_TBIT(entry)) {
26d53979 1479 ehci_set_state(ehci, async, EST_ACTIVE);
94527ead
GH		 1480 goto out;
1481 }
1482
1483 /* section 4.8, only QH in async schedule */
1484 if (async && (NLPTR_TYPE_GET(entry) != NLPTR_TYPE_QH)) {
1485 fprintf(stderr, "non queue head request in async schedule\n");
1486 return -1;
1487 }
1488
1489 switch (NLPTR_TYPE_GET(entry)) {
1490 case NLPTR_TYPE_QH:
26d53979 1491 ehci_set_state(ehci, async, EST_FETCHQH);
94527ead
GH		 1492 again = 1;
1493 break;
1494
1495 case NLPTR_TYPE_ITD:
26d53979 1496 ehci_set_state(ehci, async, EST_FETCHITD);
94527ead
GH		 1497 again = 1;
1498 break;
1499
2fe80192
GH		 1500 case NLPTR_TYPE_STITD:
1501 ehci_set_state(ehci, async, EST_FETCHSITD);
1502 again = 1;
1503 break;
1504
94527ead 1505 default:
2fe80192 1506 /* TODO: handle FSTN type */
94527ead
GH		 1507 fprintf(stderr, "FETCHENTRY: entry at %X is of type %d "
1508 "which is not supported yet\n", entry, NLPTR_TYPE_GET(entry));
1509 return -1;
1510 }
1511
1512out:
1513 return again;
1514}
1515
0122f472 1516static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async)
94527ead 1517{
eb36a88e 1518 EHCIPacket *p;
dafe31fc 1519 uint32_t entry, devaddr, endp;
0122f472 1520 EHCIQueue *q;
dafe31fc 1521 EHCIqh qh;
94527ead 1522
0122f472 1523 entry = ehci_get_fetch_addr(ehci, async);
df5d5c5c 1524 q = ehci_find_queue_by_qh(ehci, entry, async);
8ac6d699 1525 if (NULL == q) {
8f6d5e26 1526 q = ehci_alloc_queue(ehci, entry, async);
8ac6d699 1527 }
eb36a88e 1528 p = QTAILQ_FIRST(&q->packets);
8ac6d699 1529
8f6d5e26 1530 q->seen++;
8ac6d699
GH		 1531 if (q->seen > 1) {
1532 /* we are going in circles -- stop processing */
1533 ehci_set_state(ehci, async, EST_ACTIVE);
1534 q = NULL;
1535 goto out;
1536 }
94527ead 1537
68d55358 1538 get_dwords(ehci, NLPTR_GET(q->qhaddr),
dafe31fc
HG		 1539 (uint32_t *) &qh, sizeof(EHCIqh) >> 2);
1540 ehci_trace_qh(q, NLPTR_GET(q->qhaddr), &qh);
1541
1542 /*
1543 * The overlay area of the qh should never be changed by the guest,
1544 * except when idle, in which case the reset is a nop.
1545 */
1546 devaddr = get_field(qh.epchar, QH_EPCHAR_DEVADDR);
1547 endp = get_field(qh.epchar, QH_EPCHAR_EP);
1548 if ((devaddr != get_field(q->qh.epchar, QH_EPCHAR_DEVADDR)) ||
1549 (endp != get_field(q->qh.epchar, QH_EPCHAR_EP)) ||
1550 (memcmp(&qh.current_qtd, &q->qh.current_qtd,
1551 9 * sizeof(uint32_t)) != 0) ||
1552 (q->dev != NULL && q->dev->addr != devaddr)) {
5c514681
GH		 1553 if (ehci_reset_queue(q) > 0) {
1554 ehci_trace_guest_bug(ehci, "guest updated active QH");
1555 }
dafe31fc
HG		 1556 p = NULL;
1557 }
1558 q->qh = qh;
1559
cae5d3f4
HG		 1560 q->transact_ctr = get_field(q->qh.epcap, QH_EPCAP_MULT);
1561 if (q->transact_ctr == 0) { /* Guest bug in some versions of windows */
1562 q->transact_ctr = 4;
1563 }
1564
e59928b3
GH		 1565 if (q->dev == NULL) {
1566 q->dev = ehci_find_device(q->ehci, devaddr);
1567 }
1568
eb36a88e 1569 if (p && p->async == EHCI_ASYNC_FINISHED) {
8ac6d699 1570 /* I/O finished -- continue processing queue */
773dc9cd 1571 trace_usb_ehci_packet_action(p->queue, p, "complete");
8ac6d699
GH		 1572 ehci_set_state(ehci, async, EST_EXECUTING);
1573 goto out;
1574 }
0122f472
GH		 1575
1576 if (async && (q->qh.epchar & QH_EPCHAR_H)) {
94527ead
GH		 1577
1578 /* EHCI spec version 1.0 Section 4.8.3 & 4.10.1 */
1579 if (ehci->usbsts & USBSTS_REC) {
439a97cc 1580 ehci_clear_usbsts(ehci, USBSTS_REC);
94527ead
GH		 1581 } else {
1582 DPRINTF("FETCHQH: QH 0x%08x. H-bit set, reclamation status reset"
0122f472 1583 " - done processing\n", q->qhaddr);
26d53979 1584 ehci_set_state(ehci, async, EST_ACTIVE);
0122f472 1585 q = NULL;
94527ead
GH		 1586 goto out;
1587 }
1588 }
1589
1590#if EHCI_DEBUG
0122f472 1591 if (q->qhaddr != q->qh.next) {
94527ead 1592 DPRINTF("FETCHQH: QH 0x%08x (h %x halt %x active %x) next 0x%08x\n",
0122f472
GH		 1593 q->qhaddr,
1594 q->qh.epchar & QH_EPCHAR_H,
1595 q->qh.token & QTD_TOKEN_HALT,
1596 q->qh.token & QTD_TOKEN_ACTIVE,
1597 q->qh.next);
94527ead
GH		 1598 }
1599#endif
1600
0122f472 1601 if (q->qh.token & QTD_TOKEN_HALT) {
26d53979 1602 ehci_set_state(ehci, async, EST_HORIZONTALQH);
94527ead 1603
2a5ff735
HG		 1604 } else if ((q->qh.token & QTD_TOKEN_ACTIVE) &&
1605 (NLPTR_TBIT(q->qh.current_qtd) == 0)) {
0122f472 1606 q->qtdaddr = q->qh.current_qtd;
26d53979 1607 ehci_set_state(ehci, async, EST_FETCHQTD);
94527ead
GH		 1608
1609 } else {
1610 /* EHCI spec version 1.0 Section 4.10.2 */
26d53979 1611 ehci_set_state(ehci, async, EST_ADVANCEQUEUE);
94527ead
GH		 1612 }
1613
1614out:
0122f472 1615 return q;
94527ead
GH		 1616}
1617
26d53979 1618static int ehci_state_fetchitd(EHCIState *ehci, int async)
94527ead 1619{
0122f472 1620 uint32_t entry;
94527ead
GH		 1621 EHCIitd itd;
1622
0122f472
GH		 1623 assert(!async);
1624 entry = ehci_get_fetch_addr(ehci, async);
1625
68d55358 1626 get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd,
94527ead 1627 sizeof(EHCIitd) >> 2);
0122f472 1628 ehci_trace_itd(ehci, entry, &itd);
94527ead 1629
e983395d 1630 if (ehci_process_itd(ehci, &itd, entry) != 0) {
94527ead
GH		 1631 return -1;
1632 }
1633
68d55358
DG		 1634 put_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd,
1635 sizeof(EHCIitd) >> 2);
0122f472 1636 ehci_set_fetch_addr(ehci, async, itd.next);
26d53979 1637 ehci_set_state(ehci, async, EST_FETCHENTRY);
94527ead
GH		 1638
1639 return 1;
1640}
1641
2fe80192
GH		 1642static int ehci_state_fetchsitd(EHCIState *ehci, int async)
1643{
1644 uint32_t entry;
1645 EHCIsitd sitd;
1646
1647 assert(!async);
1648 entry = ehci_get_fetch_addr(ehci, async);
1649
68d55358 1650 get_dwords(ehci, NLPTR_GET(entry), (uint32_t *)&sitd,
2fe80192
GH		 1651 sizeof(EHCIsitd) >> 2);
1652 ehci_trace_sitd(ehci, entry, &sitd);
1653
1654 if (!(sitd.results & SITD_RESULTS_ACTIVE)) {
1655 /* siTD is not active, nothing to do */;
1656 } else {
1657 /* TODO: split transfers are not implemented */
1658 fprintf(stderr, "WARNING: Skipping active siTD\n");
1659 }
1660
1661 ehci_set_fetch_addr(ehci, async, sitd.next);
1662 ehci_set_state(ehci, async, EST_FETCHENTRY);
1663 return 1;
1664}
1665
94527ead 1666/* Section 4.10.2 - paragraph 3 */
ae0138a8 1667static int ehci_state_advqueue(EHCIQueue *q)
94527ead
GH		 1668{
1669#if 0
1670 /* TO-DO: 4.10.2 - paragraph 2
1671 * if I-bit is set to 1 and QH is not active
1672 * go to horizontal QH
1673 */
1674 if (I-bit set) {
26d53979 1675 ehci_set_state(ehci, async, EST_HORIZONTALQH);
94527ead
GH		 1676 goto out;
1677 }
1678#endif
1679
1680 /*
1681 * want data and alt-next qTD is valid
1682 */
0122f472 1683 if (((q->qh.token & QTD_TOKEN_TBYTES_MASK) != 0) &&
0122f472
GH		 1684 (NLPTR_TBIT(q->qh.altnext_qtd) == 0)) {
1685 q->qtdaddr = q->qh.altnext_qtd;
ae0138a8 1686 ehci_set_state(q->ehci, q->async, EST_FETCHQTD);
94527ead
GH		 1687
1688 /*
1689 * next qTD is valid
1690 */
2a5ff735 1691 } else if (NLPTR_TBIT(q->qh.next_qtd) == 0) {
0122f472 1692 q->qtdaddr = q->qh.next_qtd;
ae0138a8 1693 ehci_set_state(q->ehci, q->async, EST_FETCHQTD);
94527ead
GH		 1694
1695 /*
1696 * no valid qTD, try next QH
1697 */
1698 } else {
ae0138a8 1699 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
94527ead
GH		 1700 }
1701
1702 return 1;
1703}
1704
1705/* Section 4.10.2 - paragraph 4 */
ae0138a8 1706static int ehci_state_fetchqtd(EHCIQueue *q)
94527ead 1707{
eb36a88e
GH		 1708 EHCIqtd qtd;
1709 EHCIPacket *p;
b4ea8664 1710 int again = 1;
94527ead 1711
eb36a88e 1712 get_dwords(q->ehci, NLPTR_GET(q->qtdaddr), (uint32_t *) &qtd,
68d55358 1713 sizeof(EHCIqtd) >> 2);
eb36a88e 1714 ehci_trace_qtd(q, NLPTR_GET(q->qtdaddr), &qtd);
94527ead 1715
773dc9cd 1716 p = QTAILQ_FIRST(&q->packets);
773dc9cd 1717 if (p != NULL) {
287fd3f1
GH		 1718 if (p->qtdaddr != q->qtdaddr ||
1719 (!NLPTR_TBIT(p->qtd.next) && (p->qtd.next != qtd.next)) ||
1720 (!NLPTR_TBIT(p->qtd.altnext) && (p->qtd.altnext != qtd.altnext)) ||
1721 p->qtd.bufptr[0] != qtd.bufptr[0]) {
287fd3f1 1722 ehci_cancel_queue(q);
5c514681 1723 ehci_trace_guest_bug(q->ehci, "guest updated active QH or qTD");
287fd3f1
GH		 1724 p = NULL;
1725 } else {
1726 p->qtd = qtd;
1727 ehci_qh_do_overlay(q);
1728 }
1729 }
1730
1731 if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
1732 if (p != NULL) {
1733 /* transfer canceled by guest (clear active) */
1734 ehci_cancel_queue(q);
1735 p = NULL;
1736 }
1737 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
287fd3f1 1738 } else if (p != NULL) {
adf47834
HG		 1739 switch (p->async) {
1740 case EHCI_ASYNC_NONE:
ef5b2344 1741 case EHCI_ASYNC_INITIALIZED:
cae5d3f4 1742 /* Not yet executed (MULT), or previously nacked (int) packet */
ef5b2344
HG		 1743 ehci_set_state(q->ehci, q->async, EST_EXECUTE);
1744 break;
adf47834 1745 case EHCI_ASYNC_INFLIGHT:
b4ea8664 1746 /* Check if the guest has added new tds to the queue */
01e26b0e 1747 again = ehci_fill_queue(QTAILQ_LAST(&q->packets, pkts_head));
ef5b2344 1748 /* Unfinished async handled packet, go horizontal */
ae0138a8 1749 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
adf47834
HG		 1750 break;
1751 case EHCI_ASYNC_FINISHED:
cf1f8169
HG		 1752 /*
1753 * We get here when advqueue moves to a packet which is already
1754 * finished, which can happen with packets queued up by fill_queue
1755 */
ae0138a8 1756 ehci_set_state(q->ehci, q->async, EST_EXECUTING);
adf47834 1757 break;
773dc9cd 1758 }
287fd3f1 1759 } else {
eb36a88e
GH		 1760 p = ehci_alloc_packet(q);
1761 p->qtdaddr = q->qtdaddr;
1762 p->qtd = qtd;
ae0138a8 1763 ehci_set_state(q->ehci, q->async, EST_EXECUTE);
94527ead
GH		 1764 }
1765
1766 return again;
1767}
1768
ae0138a8 1769static int ehci_state_horizqh(EHCIQueue *q)
94527ead
GH		 1770{
1771 int again = 0;
1772
ae0138a8
GH		 1773 if (ehci_get_fetch_addr(q->ehci, q->async) != q->qh.next) {
1774 ehci_set_fetch_addr(q->ehci, q->async, q->qh.next);
1775 ehci_set_state(q->ehci, q->async, EST_FETCHENTRY);
94527ead
GH		 1776 again = 1;
1777 } else {
ae0138a8 1778 ehci_set_state(q->ehci, q->async, EST_ACTIVE);
94527ead
GH		 1779 }
1780
1781 return again;
1782}
1783
01e26b0e 1784/* Returns "again" */
eff6dce7 1785static int ehci_fill_queue(EHCIPacket *p)
773dc9cd 1786{
36dfe324 1787 USBEndpoint *ep = p->packet.ep;
773dc9cd
GH		 1788 EHCIQueue *q = p->queue;
1789 EHCIqtd qtd = p->qtd;
e3a36bce 1790 uint32_t qtdaddr, start_addr = p->qtdaddr;
773dc9cd
GH		 1791
1792 for (;;) {
773dc9cd
GH		 1793 if (NLPTR_TBIT(qtd.next) != 0) {
1794 break;
1795 }
1796 qtdaddr = qtd.next;
e3a36bce
HG		 1797 /*
1798 * Detect circular td lists, Windows creates these, counting on the
1799 * active bit going low after execution to make the queue stop.
1800 */
1801 if (qtdaddr == start_addr) {
1802 break;
1803 }
773dc9cd
GH		 1804 get_dwords(q->ehci, NLPTR_GET(qtdaddr),
1805 (uint32_t *) &qtd, sizeof(EHCIqtd) >> 2);
1806 ehci_trace_qtd(q, NLPTR_GET(qtdaddr), &qtd);
1807 if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
1808 break;
1809 }
1810 p = ehci_alloc_packet(q);
1811 p->qtdaddr = qtdaddr;
1812 p->qtd = qtd;
01e26b0e
HG		 1813 if (ehci_execute(p, "queue") == -1) {
1814 return -1;
eff6dce7 1815 }
01e26b0e 1816 assert(p->packet.status == USB_RET_ASYNC);
773dc9cd
GH		 1817 p->async = EHCI_ASYNC_INFLIGHT;
1818 }
01e26b0e
HG		 1819 usb_device_flush_ep_queue(ep->dev, ep);
1820 return 1;
773dc9cd
GH		 1821}
1822
ae0138a8 1823static int ehci_state_execute(EHCIQueue *q)
94527ead 1824{
eb36a88e 1825 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
94527ead 1826 int again = 0;
94527ead 1827
eb36a88e
GH		 1828 assert(p != NULL);
1829 assert(p->qtdaddr == q->qtdaddr);
1830
0122f472 1831 if (ehci_qh_do_overlay(q) != 0) {
94527ead
GH		 1832 return -1;
1833 }
1834
94527ead
GH		 1835 // TODO verify enough time remains in the uframe as in 4.4.1.1
1836 // TODO write back ptr to async list when done or out of time
94527ead 1837
cae5d3f4
HG		 1838 /* 4.10.3, bottom of page 82, go horizontal on transaction counter == 0 */
1839 if (!q->async && q->transact_ctr == 0) {
1840 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1841 again = 1;
1842 goto out;
94527ead
GH		 1843 }
1844
ae0138a8 1845 if (q->async) {
0122f472 1846 ehci_set_usbsts(q->ehci, USBSTS_REC);
94527ead
GH		 1847 }
1848
01e26b0e
HG		 1849 again = ehci_execute(p, "process");
1850 if (again == -1) {
94527ead
GH		 1851 goto out;
1852 }
01e26b0e 1853 if (p->packet.status == USB_RET_ASYNC) {
8ac6d699 1854 ehci_flush_qh(q);
773dc9cd 1855 trace_usb_ehci_packet_action(p->queue, p, "async");
eb36a88e 1856 p->async = EHCI_ASYNC_INFLIGHT;
ae0138a8 1857 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
cae5d3f4 1858 if (q->async) {
01e26b0e 1859 again = ehci_fill_queue(p);
cae5d3f4
HG		 1860 } else {
1861 again = 1;
1862 }
8ac6d699 1863 goto out;
94527ead 1864 }
01e26b0e
HG		 1865 if (p->packet.status == USB_RET_SUCCESS) {
1866 p->usb_status = p->packet.actual_length;
1867 } else {
1868 p->usb_status = p->packet.status;
1869 }
94527ead 1870
ae0138a8 1871 ehci_set_state(q->ehci, q->async, EST_EXECUTING);
8ac6d699
GH		 1872 again = 1;
1873
94527ead
GH		 1874out:
1875 return again;
1876}
1877
ae0138a8 1878static int ehci_state_executing(EHCIQueue *q)
94527ead 1879{
eb36a88e 1880 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
94527ead 1881
eb36a88e
GH		 1882 assert(p != NULL);
1883 assert(p->qtdaddr == q->qtdaddr);
1884
0122f472 1885 ehci_execute_complete(q);
94527ead 1886
cae5d3f4
HG		 1887 /* 4.10.3 */
1888 if (!q->async && q->transact_ctr > 0) {
1889 q->transact_ctr--;
94527ead
GH		 1890 }
1891
94527ead 1892 /* 4.10.5 */
eb36a88e 1893 if (p->usb_status == USB_RET_NAK) {
ae0138a8 1894 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
94527ead 1895 } else {
ae0138a8 1896 ehci_set_state(q->ehci, q->async, EST_WRITEBACK);
94527ead
GH		 1897 }
1898
8ac6d699 1899 ehci_flush_qh(q);
574ef171 1900 return 1;
94527ead
GH		 1901}
1902
1903
ae0138a8 1904static int ehci_state_writeback(EHCIQueue *q)
94527ead 1905{
eb36a88e 1906 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
4ed1c57a 1907 uint32_t *qtd, addr;
94527ead
GH		 1908 int again = 0;
1909
1910 /* Write back the QTD from the QH area */
eb36a88e
GH		 1911 assert(p != NULL);
1912 assert(p->qtdaddr == q->qtdaddr);
1913
1914 ehci_trace_qtd(q, NLPTR_GET(p->qtdaddr), (EHCIqtd *) &q->qh.next_qtd);
4ed1c57a
GH		 1915 qtd = (uint32_t *) &q->qh.next_qtd;
1916 addr = NLPTR_GET(p->qtdaddr);
1917 put_dwords(q->ehci, addr + 2 * sizeof(uint32_t), qtd + 2, 2);
eb36a88e 1918 ehci_free_packet(p);
94527ead 1919
d2bd525f
GH		 1920 /*
1921 * EHCI specs say go horizontal here.
1922 *
1923 * We can also advance the queue here for performance reasons. We
1924 * need to take care to only take that shortcut in case we've
1925 * processed the qtd just written back without errors, i.e. halt
1926 * bit is clear.
94527ead 1927 */
d2bd525f 1928 if (q->qh.token & QTD_TOKEN_HALT) {
ae0138a8 1929 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
d2bd525f
GH		 1930 again = 1;
1931 } else {
ae0138a8 1932 ehci_set_state(q->ehci, q->async, EST_ADVANCEQUEUE);
94527ead 1933 again = 1;
d2bd525f 1934 }
94527ead
GH		 1935 return again;
1936}
1937
1938/*
1939 * This is the state machine that is common to both async and periodic
1940 */
1941
ae0138a8 1942static void ehci_advance_state(EHCIState *ehci, int async)
94527ead 1943{
0122f472 1944 EHCIQueue *q = NULL;
94527ead 1945 int again;
94527ead
GH		 1946
1947 do {
26d53979 1948 switch(ehci_get_state(ehci, async)) {
94527ead 1949 case EST_WAITLISTHEAD:
26d53979 1950 again = ehci_state_waitlisthead(ehci, async);
94527ead
GH		 1951 break;
1952
1953 case EST_FETCHENTRY:
26d53979 1954 again = ehci_state_fetchentry(ehci, async);
94527ead
GH		 1955 break;
1956
1957 case EST_FETCHQH:
0122f472 1958 q = ehci_state_fetchqh(ehci, async);
ae0138a8
GH		 1959 if (q != NULL) {
1960 assert(q->async == async);
1961 again = 1;
1962 } else {
1963 again = 0;
1964 }
94527ead
GH		 1965 break;
1966
1967 case EST_FETCHITD:
26d53979 1968 again = ehci_state_fetchitd(ehci, async);
94527ead
GH		 1969 break;
1970
2fe80192
GH		 1971 case EST_FETCHSITD:
1972 again = ehci_state_fetchsitd(ehci, async);
1973 break;
1974
94527ead 1975 case EST_ADVANCEQUEUE:
ae0138a8 1976 again = ehci_state_advqueue(q);
94527ead
GH		 1977 break;
1978
1979 case EST_FETCHQTD:
ae0138a8 1980 again = ehci_state_fetchqtd(q);
94527ead
GH		 1981 break;
1982
1983 case EST_HORIZONTALQH:
ae0138a8 1984 again = ehci_state_horizqh(q);
94527ead
GH		 1985 break;
1986
1987 case EST_EXECUTE:
ae0138a8 1988 again = ehci_state_execute(q);
3a215326
GH		 1989 if (async) {
1990 ehci->async_stepdown = 0;
1991 }
94527ead
GH		 1992 break;
1993
1994 case EST_EXECUTING:
8ac6d699 1995 assert(q != NULL);
3a215326
GH		 1996 if (async) {
1997 ehci->async_stepdown = 0;
1998 }
ae0138a8 1999 again = ehci_state_executing(q);
94527ead
GH		 2000 break;
2001
2002 case EST_WRITEBACK:
b2467216 2003 assert(q != NULL);
ae0138a8 2004 again = ehci_state_writeback(q);
94527ead
GH		 2005 break;
2006
2007 default:
2008 fprintf(stderr, "Bad state!\n");
2009 again = -1;
8ac6d699 2010 assert(0);
94527ead
GH		 2011 break;
2012 }
2013
2014 if (again < 0) {
2015 fprintf(stderr, "processing error - resetting ehci HC\n");
2016 ehci_reset(ehci);
2017 again = 0;
2018 }
2019 }
2020 while (again);
94527ead
GH		 2021}
2022
2023static void ehci_advance_async_state(EHCIState *ehci)
2024{
df5d5c5c 2025 const int async = 1;
94527ead 2026
26d53979 2027 switch(ehci_get_state(ehci, async)) {
94527ead 2028 case EST_INACTIVE:
ec807d12 2029 if (!ehci_async_enabled(ehci)) {
94527ead
GH		 2030 break;
2031 }
26d53979 2032 ehci_set_state(ehci, async, EST_ACTIVE);
94527ead
GH		 2033 // No break, fall through to ACTIVE
2034
2035 case EST_ACTIVE:
ec807d12 2036 if (!ehci_async_enabled(ehci)) {
e850c2b4 2037 ehci_queues_rip_all(ehci, async);
26d53979 2038 ehci_set_state(ehci, async, EST_INACTIVE);
94527ead
GH		 2039 break;
2040 }
2041
4be23939 2042 /* make sure guest has acknowledged the doorbell interrupt */
94527ead
GH		 2043 /* TO-DO: is this really needed? */
2044 if (ehci->usbsts & USBSTS_IAA) {
2045 DPRINTF("IAA status bit still set.\n");
2046 break;
2047 }
2048
94527ead
GH		 2049 /* check that address register has been set */
2050 if (ehci->asynclistaddr == 0) {
2051 break;
2052 }
2053
26d53979 2054 ehci_set_state(ehci, async, EST_WAITLISTHEAD);
26d53979 2055 ehci_advance_state(ehci, async);
4be23939
HG		 2056
2057 /* If the doorbell is set, the guest wants to make a change to the
2058 * schedule. The host controller needs to release cached data.
2059 * (section 4.8.2)
2060 */
2061 if (ehci->usbcmd & USBCMD_IAAD) {
2062 /* Remove all unseen qhs from the async qhs queue */
8f5457eb 2063 ehci_queues_rip_unseen(ehci, async);
1defcbd1 2064 trace_usb_ehci_doorbell_ack();
4be23939 2065 ehci->usbcmd &= ~USBCMD_IAAD;
7efc17af 2066 ehci_raise_irq(ehci, USBSTS_IAA);
4be23939 2067 }
94527ead
GH		 2068 break;
2069
2070 default:
2071 /* this should only be due to a developer mistake */
2072 fprintf(stderr, "ehci: Bad asynchronous state %d. "
2073 "Resetting to active\n", ehci->astate);
0122f472 2074 assert(0);
94527ead
GH		 2075 }
2076}
2077
2078static void ehci_advance_periodic_state(EHCIState *ehci)
2079{
2080 uint32_t entry;
2081 uint32_t list;
df5d5c5c 2082 const int async = 0;
94527ead
GH		 2083
2084 // 4.6
2085
26d53979 2086 switch(ehci_get_state(ehci, async)) {
94527ead 2087 case EST_INACTIVE:
ec807d12 2088 if (!(ehci->frindex & 7) && ehci_periodic_enabled(ehci)) {
26d53979 2089 ehci_set_state(ehci, async, EST_ACTIVE);
94527ead
GH		 2090 // No break, fall through to ACTIVE
2091 } else
2092 break;
2093
2094 case EST_ACTIVE:
ec807d12 2095 if (!(ehci->frindex & 7) && !ehci_periodic_enabled(ehci)) {
e850c2b4 2096 ehci_queues_rip_all(ehci, async);
26d53979 2097 ehci_set_state(ehci, async, EST_INACTIVE);
94527ead
GH		 2098 break;
2099 }
2100
2101 list = ehci->periodiclistbase & 0xfffff000;
2102 /* check that register has been set */
2103 if (list == 0) {
2104 break;
2105 }
2106 list |= ((ehci->frindex & 0x1ff8) >> 1);
2107
7ae6ce02 2108 dma_memory_read(ehci->dma, list, &entry, sizeof entry);
94527ead
GH		 2109 entry = le32_to_cpu(entry);
2110
2111 DPRINTF("PERIODIC state adv fr=%d. [%08X] -> %08X\n",
2112 ehci->frindex / 8, list, entry);
0122f472 2113 ehci_set_fetch_addr(ehci, async,entry);
26d53979
GH		 2114 ehci_set_state(ehci, async, EST_FETCHENTRY);
2115 ehci_advance_state(ehci, async);
8f5457eb 2116 ehci_queues_rip_unused(ehci, async);
94527ead
GH		 2117 break;
2118
94527ead
GH		 2119 default:
2120 /* this should only be due to a developer mistake */
2121 fprintf(stderr, "ehci: Bad periodic state %d. "
2122 "Resetting to active\n", ehci->pstate);
0122f472 2123 assert(0);
94527ead
GH		 2124 }
2125}
2126
6ceced0b
GH		 2127static void ehci_update_frindex(EHCIState *ehci, int frames)
2128{
2129 int i;
2130
2131 if (!ehci_enabled(ehci)) {
2132 return;
2133 }
2134
2135 for (i = 0; i < frames; i++) {
2136 ehci->frindex += 8;
2137
2138 if (ehci->frindex == 0x00002000) {
7efc17af 2139 ehci_raise_irq(ehci, USBSTS_FLR);
6ceced0b
GH		 2140 }
2141
2142 if (ehci->frindex == 0x00004000) {
7efc17af 2143 ehci_raise_irq(ehci, USBSTS_FLR);
6ceced0b 2144 ehci->frindex = 0;
ffa1f2e0 2145 if (ehci->usbsts_frindex >= 0x00004000) {
7efc17af
GH		 2146 ehci->usbsts_frindex -= 0x00004000;
2147 } else {
2148 ehci->usbsts_frindex = 0;
2149 }
6ceced0b
GH		 2150 }
2151 }
2152}
2153
94527ead
GH		 2154static void ehci_frame_timer(void *opaque)
2155{
2156 EHCIState *ehci = opaque;
7efc17af 2157 int need_timer = 0;
94527ead 2158 int64_t expire_time, t_now;
adddecb1 2159 uint64_t ns_elapsed;
f020ed36 2160 int frames, skipped_frames;
94527ead 2161 int i;
94527ead 2162
94527ead 2163 t_now = qemu_get_clock_ns(vm_clock);
adddecb1
GH		 2164 ns_elapsed = t_now - ehci->last_run_ns;
2165 frames = ns_elapsed / FRAME_TIMER_NS;
94527ead 2166
3a215326 2167 if (ehci_periodic_enabled(ehci) || ehci->pstate != EST_INACTIVE) {
7efc17af 2168 need_timer++;
afb7a0b8 2169 ehci->async_stepdown = 0;
94527ead 2170
f020ed36
GH		 2171 if (frames > ehci->maxframes) {
2172 skipped_frames = frames - ehci->maxframes;
2173 ehci_update_frindex(ehci, skipped_frames);
2174 ehci->last_run_ns += FRAME_TIMER_NS * skipped_frames;
2175 frames -= skipped_frames;
2176 DPRINTF("WARNING - EHCI skipped %d frames\n", skipped_frames);
2177 }
2178
3a215326 2179 for (i = 0; i < frames; i++) {
8f74ed1e
HG		 2180 /*
2181 * If we're running behind schedule, we should not catch up
2182 * too fast, as that will make some guests unhappy:
2183 * 1) We must process a minimum of MIN_FR_PER_TICK frames,
2184 * otherwise we will never catch up
2185 * 2) Process frames until the guest has requested an irq (IOC)
2186 */
2187 if (i >= MIN_FR_PER_TICK) {
2188 ehci_commit_irq(ehci);
2189 if ((ehci->usbsts & USBINTR_MASK) & ehci->usbintr) {
2190 break;
2191 }
2192 }
3a215326 2193 ehci_update_frindex(ehci, 1);
f020ed36 2194 ehci_advance_periodic_state(ehci);
3a215326
GH		 2195 ehci->last_run_ns += FRAME_TIMER_NS;
2196 }
2197 } else {
2198 if (ehci->async_stepdown < ehci->maxframes / 2) {
2199 ehci->async_stepdown++;
2200 }
3a215326
GH		 2201 ehci_update_frindex(ehci, frames);
2202 ehci->last_run_ns += FRAME_TIMER_NS * frames;
94527ead
GH		 2203 }
2204
94527ead
GH		 2205 /* Async is not inside loop since it executes everything it can once
2206 * called
2207 */
3a215326 2208 if (ehci_async_enabled(ehci) || ehci->astate != EST_INACTIVE) {
7efc17af 2209 need_timer++;
afb7a0b8 2210 ehci_advance_async_state(ehci);
3a215326 2211 }
94527ead 2212
7efc17af
GH		 2213 ehci_commit_irq(ehci);
2214 if (ehci->usbsts_pending) {
2215 need_timer++;
2216 ehci->async_stepdown = 0;
daf25307 2217 }
f0ad01f9 2218
7efc17af 2219 if (need_timer) {
44272b0f
HG		 2220 /* If we've raised int, we speed up the timer, so that we quickly
2221 * notice any new packets queued up in response */
2222 if (ehci->int_req_by_async && (ehci->usbsts & USBSTS_INT)) {
2223 expire_time = t_now + get_ticks_per_sec() / (FRAME_TIMER_FREQ * 2);
2224 ehci->int_req_by_async = false;
2225 } else {
2226 expire_time = t_now + (get_ticks_per_sec()
afb7a0b8 2227 * (ehci->async_stepdown+1) / FRAME_TIMER_FREQ);
44272b0f 2228 }
7efc17af
GH		 2229 qemu_mod_timer(ehci->frame_timer, expire_time);
2230 }
94527ead
GH		 2231}
2232
3e4f910c
GH		 2233static const MemoryRegionOps ehci_mmio_caps_ops = {
2234 .read = ehci_caps_read,
2235 .valid.min_access_size = 1,
2236 .valid.max_access_size = 4,
2237 .impl.min_access_size = 1,
2238 .impl.max_access_size = 1,
2239 .endianness = DEVICE_LITTLE_ENDIAN,
2240};
2241
2242static const MemoryRegionOps ehci_mmio_opreg_ops = {
2243 .read = ehci_opreg_read,
2244 .write = ehci_opreg_write,
2245 .valid.min_access_size = 4,
2246 .valid.max_access_size = 4,
2247 .endianness = DEVICE_LITTLE_ENDIAN,
2248};
2249
2250static const MemoryRegionOps ehci_mmio_port_ops = {
2251 .read = ehci_port_read,
2252 .write = ehci_port_write,
2253 .valid.min_access_size = 4,
2254 .valid.max_access_size = 4,
e57964f5 2255 .endianness = DEVICE_LITTLE_ENDIAN,
94527ead
GH		 2256};
2257
94527ead
GH		 2258static USBPortOps ehci_port_ops = {
2259 .attach = ehci_attach,
2260 .detach = ehci_detach,
4706ab6c 2261 .child_detach = ehci_child_detach,
a0a3167a 2262 .wakeup = ehci_wakeup,
94527ead
GH		 2263 .complete = ehci_async_complete_packet,
2264};
2265
07771f6f 2266static USBBusOps ehci_bus_ops = {
a0a3167a 2267 .register_companion = ehci_register_companion,
07771f6f
GH		 2268};
2269
9a773408
GH		 2270static int usb_ehci_post_load(void *opaque, int version_id)
2271{
2272 EHCIState *s = opaque;
2273 int i;
2274
2275 for (i = 0; i < NB_PORTS; i++) {
2276 USBPort *companion = s->companion_ports[i];
2277 if (companion == NULL) {
2278 continue;
2279 }
2280 if (s->portsc[i] & PORTSC_POWNER) {
2281 companion->dev = s->ports[i].dev;
2282 } else {
2283 companion->dev = NULL;
2284 }
2285 }
2286
2287 return 0;
2288}
2289
ceab6f96
HG		 2290static void usb_ehci_vm_state_change(void *opaque, int running, RunState state)
2291{
2292 EHCIState *ehci = opaque;
2293
2294 /*
2295 * We don't migrate the EHCIQueue-s, instead we rebuild them for the
2296 * schedule in guest memory. We must do the rebuilt ASAP, so that
2297 * USB-devices which have async handled packages have a packet in the
2298 * ep queue to match the completion with.
2299 */
2300 if (state == RUN_STATE_RUNNING) {
2301 ehci_advance_async_state(ehci);
2302 }
2303
2304 /*
2305 * The schedule rebuilt from guest memory could cause the migration dest
2306 * to miss a QH unlink, and fail to cancel packets, since the unlinked QH
2307 * will never have existed on the destination. Therefor we must flush the
2308 * async schedule on savevm to catch any not yet noticed unlinks.
2309 */
2310 if (state == RUN_STATE_SAVE_VM) {
2311 ehci_advance_async_state(ehci);
2312 ehci_queues_rip_unseen(ehci, 1);
2313 }
2314}
2315
0bf96f94 2316const VMStateDescription vmstate_ehci = {
5010d4dc 2317 .name = "ehci-core",
6d3b6d3d
GH		 2318 .version_id = 2,
2319 .minimum_version_id = 1,
9a773408
GH		 2320 .post_load = usb_ehci_post_load,
2321 .fields = (VMStateField[]) {
9a773408
GH		 2322 /* mmio registers */
2323 VMSTATE_UINT32(usbcmd, EHCIState),
2324 VMSTATE_UINT32(usbsts, EHCIState),
6d3b6d3d
GH		 2325 VMSTATE_UINT32_V(usbsts_pending, EHCIState, 2),
2326 VMSTATE_UINT32_V(usbsts_frindex, EHCIState, 2),
9a773408
GH		 2327 VMSTATE_UINT32(usbintr, EHCIState),
2328 VMSTATE_UINT32(frindex, EHCIState),
2329 VMSTATE_UINT32(ctrldssegment, EHCIState),
2330 VMSTATE_UINT32(periodiclistbase, EHCIState),
2331 VMSTATE_UINT32(asynclistaddr, EHCIState),
2332 VMSTATE_UINT32(configflag, EHCIState),
2333 VMSTATE_UINT32(portsc[0], EHCIState),
2334 VMSTATE_UINT32(portsc[1], EHCIState),
2335 VMSTATE_UINT32(portsc[2], EHCIState),
2336 VMSTATE_UINT32(portsc[3], EHCIState),
2337 VMSTATE_UINT32(portsc[4], EHCIState),
2338 VMSTATE_UINT32(portsc[5], EHCIState),
2339 /* frame timer */
2340 VMSTATE_TIMER(frame_timer, EHCIState),
2341 VMSTATE_UINT64(last_run_ns, EHCIState),
2342 VMSTATE_UINT32(async_stepdown, EHCIState),
2343 /* schedule state */
2344 VMSTATE_UINT32(astate, EHCIState),
2345 VMSTATE_UINT32(pstate, EHCIState),
2346 VMSTATE_UINT32(a_fetch_addr, EHCIState),
2347 VMSTATE_UINT32(p_fetch_addr, EHCIState),
2348 VMSTATE_END_OF_LIST()
2349 }
9490fb06
GH		 2350};
2351
0bf96f94 2352void usb_ehci_initfn(EHCIState *s, DeviceState *dev)
94527ead 2353{
94527ead
GH		 2354 int i;
2355
3e4f910c 2356 /* 2.2 host controller interface version */
27a11324 2357 s->caps[0x00] = (uint8_t)(s->opregbase - s->capsbase);
3e4f910c
GH		 2358 s->caps[0x01] = 0x00;
2359 s->caps[0x02] = 0x00;
2360 s->caps[0x03] = 0x01; /* HC version */
2361 s->caps[0x04] = NB_PORTS; /* Number of downstream ports */
2362 s->caps[0x05] = 0x00; /* No companion ports at present */
2363 s->caps[0x06] = 0x00;
2364 s->caps[0x07] = 0x00;
2365 s->caps[0x08] = 0x80; /* We can cache whole frame, no 64-bit */
3e4f910c
GH		 2366 s->caps[0x0a] = 0x00;
2367 s->caps[0x0b] = 0x00;
94527ead 2368
5010d4dc 2369 usb_bus_new(&s->bus, &ehci_bus_ops, dev);
94527ead
GH		 2370 for(i = 0; i < NB_PORTS; i++) {
2371 usb_register_port(&s->bus, &s->ports[i], s, i, &ehci_port_ops,
2372 USB_SPEED_MASK_HIGH);
94527ead
GH		 2373 s->ports[i].dev = 0;
2374 }
2375
2376 s->frame_timer = qemu_new_timer_ns(vm_clock, ehci_frame_timer, s);
0262f65a 2377 s->async_bh = qemu_bh_new(ehci_frame_timer, s);
df5d5c5c
HG		 2378 QTAILQ_INIT(&s->aqueues);
2379 QTAILQ_INIT(&s->pqueues);
7341ea07 2380 usb_packet_init(&s->ipacket);
94527ead
GH		 2381
2382 qemu_register_reset(ehci_reset, s);
ceab6f96 2383 qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s);
94527ead 2384
3e4f910c
GH		 2385 memory_region_init(&s->mem, "ehci", MMIO_SIZE);
2386 memory_region_init_io(&s->mem_caps, &ehci_mmio_caps_ops, s,
27a11324 2387 "capabilities", CAPA_SIZE);
3e4f910c 2388 memory_region_init_io(&s->mem_opreg, &ehci_mmio_opreg_ops, s,
27a11324 2389 "operational", PORTSC_BEGIN);
3e4f910c
GH		 2390 memory_region_init_io(&s->mem_ports, &ehci_mmio_port_ops, s,
2391 "ports", PORTSC_END - PORTSC_BEGIN);
2392
27a11324
PC		 2393 memory_region_add_subregion(&s->mem, s->capsbase, &s->mem_caps);
2394 memory_region_add_subregion(&s->mem, s->opregbase, &s->mem_opreg);
2395 memory_region_add_subregion(&s->mem, s->opregbase + PORTSC_BEGIN,
2396 &s->mem_ports);
5010d4dc
PC		 2397}
2398
94527ead
GH		 2399/*
2400 * vim: expandtab ts=4
2401 */
QEMU mirror