]> git.proxmox.com Git - mirror_qemu.git/blame - hw/usb/hcd-ohci.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ohci: don't die on ED_LINK_LIMIT overflow
[mirror_qemu.git] / hw / usb / hcd-ohci.c
CommitLineData
0d92ed30
PB		 1/*
2 * QEMU USB OHCI Emulation
3 * Copyright (c) 2004 Gianni Tedesco
4 * Copyright (c) 2006 CodeSourcery
e24ad6f1 5 * Copyright (c) 2006 Openedhand Ltd.
0d92ed30
PB		 6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
8167ee88 18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
0d92ed30
PB		 19 *
20 * TODO:
21 * o Isochronous transfers
22 * o Allocate bandwidth in frames properly
23 * o Disable timers when nothing needs to be done, or remove timer usage
24 * all together.
0d92ed30
PB		 25 * o BIOS work to boot from USB storage
26*/
27
e532b2e0 28#include "qemu/osdep.h"
f1ae32a1 29#include "hw/hw.h"
da34e65c 30#include "qapi/error.h"
1de7afc9 31#include "qemu/timer.h"
f1ae32a1 32#include "hw/usb.h"
a2cb15b0 33#include "hw/pci/pci.h"
f1ae32a1 34#include "hw/sysbus.h"
9ac6a217 35#include "hw/qdev-dma.h"
dc1f5988 36#include "trace.h"
0d92ed30 37
0d92ed30
PB		 38/* This causes frames to occur 1000x slower */
39//#define OHCI_TIME_WARP 1
40
0d92ed30
PB		 41/* Number of Downstream Ports on the root hub. */
42
43#define OHCI_MAX_PORTS 15
44
ab6b1105 45#define ED_LINK_LIMIT 32
95ed5693 46
0d92ed30
PB		 47static int64_t usb_frame_time;
48static int64_t usb_bit_time;
49
50typedef struct OHCIPort {
51 USBPort port;
52 uint32_t ctrl;
53} OHCIPort;
54
55typedef struct {
b2317837 56 USBBus bus;
d537cf6c 57 qemu_irq irq;
6da48311 58 MemoryRegion mem;
df32fd1c 59 AddressSpace *as;
b9a3a4f2 60 uint32_t num_ports;
e24ad6f1 61 const char *name;
0d92ed30
PB		 62
63 QEMUTimer *eof_timer;
64 int64_t sof_time;
65
66 /* OHCI state */
67 /* Control partition */
68 uint32_t ctl, status;
69 uint32_t intr_status;
70 uint32_t intr;
71
72 /* memory pointer partition */
73 uint32_t hcca;
74 uint32_t ctrl_head, ctrl_cur;
75 uint32_t bulk_head, bulk_cur;
76 uint32_t per_cur;
77 uint32_t done;
69e25d26 78 int32_t done_count;
0d92ed30
PB		 79
80 /* Frame counter partition */
69e25d26
AK		 81 uint16_t fsmps;
82 uint8_t fit;
83 uint16_t fi;
84 uint8_t frt;
0d92ed30
PB		 85 uint16_t frame_number;
86 uint16_t padding;
87 uint32_t pstart;
88 uint32_t lst;
89
90 /* Root Hub partition */
91 uint32_t rhdesc_a, rhdesc_b;
92 uint32_t rhstatus;
93 OHCIPort rhport[OHCI_MAX_PORTS];
4d611c9a 94
e24ad6f1
PB		 95 /* PXA27x Non-OHCI events */
96 uint32_t hstatus;
97 uint32_t hmask;
98 uint32_t hreset;
99 uint32_t htest;
100
ac611340 101 /* SM501 local memory offset */
9ac6a217 102 dma_addr_t localmem_base;
ac611340 103
4d611c9a
PB		 104 /* Active packets. */
105 uint32_t old_ctl;
106 USBPacket usb_packet;
107 uint8_t usb_buf[8192];
108 uint32_t async_td;
69e25d26 109 bool async_complete;
4d611c9a 110
0d92ed30
PB		 111} OHCIState;
112
113/* Host Controller Communications Area */
114struct ohci_hcca {
115 uint32_t intr[32];
116 uint16_t frame, pad;
117 uint32_t done;
118};
86e18cae
WY		 119#define HCCA_WRITEBACK_OFFSET offsetof(struct ohci_hcca, frame)
120#define HCCA_WRITEBACK_SIZE 8 /* frame, pad, done */
121
122#define ED_WBACK_OFFSET offsetof(struct ohci_ed, head)
123#define ED_WBACK_SIZE 4
0d92ed30 124
73221b12 125static void ohci_bus_stop(OHCIState *ohci);
4706ab6c 126static void ohci_async_cancel_device(OHCIState *ohci, USBDevice *dev);
73221b12 127
0d92ed30
PB		 128/* Bitfields for the first word of an Endpoint Desciptor. */
129#define OHCI_ED_FA_SHIFT 0
130#define OHCI_ED_FA_MASK (0x7f<<OHCI_ED_FA_SHIFT)
131#define OHCI_ED_EN_SHIFT 7
132#define OHCI_ED_EN_MASK (0xf<<OHCI_ED_EN_SHIFT)
133#define OHCI_ED_D_SHIFT 11
134#define OHCI_ED_D_MASK (3<<OHCI_ED_D_SHIFT)
135#define OHCI_ED_S (1<<13)
136#define OHCI_ED_K (1<<14)
137#define OHCI_ED_F (1<<15)
7bfe5777
AZ		 138#define OHCI_ED_MPS_SHIFT 16
139#define OHCI_ED_MPS_MASK (0x7ff<<OHCI_ED_MPS_SHIFT)
0d92ed30
PB		 140
141/* Flags in the head field of an Endpoint Desciptor. */
142#define OHCI_ED_H 1
143#define OHCI_ED_C 2
144
145/* Bitfields for the first word of a Transfer Desciptor. */
146#define OHCI_TD_R (1<<18)
147#define OHCI_TD_DP_SHIFT 19
148#define OHCI_TD_DP_MASK (3<<OHCI_TD_DP_SHIFT)
149#define OHCI_TD_DI_SHIFT 21
150#define OHCI_TD_DI_MASK (7<<OHCI_TD_DI_SHIFT)
151#define OHCI_TD_T0 (1<<24)
8d11b78c 152#define OHCI_TD_T1 (1<<25)
0d92ed30
PB		 153#define OHCI_TD_EC_SHIFT 26
154#define OHCI_TD_EC_MASK (3<<OHCI_TD_EC_SHIFT)
155#define OHCI_TD_CC_SHIFT 28
156#define OHCI_TD_CC_MASK (0xf<<OHCI_TD_CC_SHIFT)
157
7bfe5777
AZ		 158/* Bitfields for the first word of an Isochronous Transfer Desciptor. */
159/* CC & DI - same as in the General Transfer Desciptor */
160#define OHCI_TD_SF_SHIFT 0
161#define OHCI_TD_SF_MASK (0xffff<<OHCI_TD_SF_SHIFT)
162#define OHCI_TD_FC_SHIFT 24
163#define OHCI_TD_FC_MASK (7<<OHCI_TD_FC_SHIFT)
164
165/* Isochronous Transfer Desciptor - Offset / PacketStatusWord */
166#define OHCI_TD_PSW_CC_SHIFT 12
167#define OHCI_TD_PSW_CC_MASK (0xf<<OHCI_TD_PSW_CC_SHIFT)
168#define OHCI_TD_PSW_SIZE_SHIFT 0
169#define OHCI_TD_PSW_SIZE_MASK (0xfff<<OHCI_TD_PSW_SIZE_SHIFT)
170
171#define OHCI_PAGE_MASK 0xfffff000
172#define OHCI_OFFSET_MASK 0xfff
173
0d92ed30
PB		 174#define OHCI_DPTR_MASK 0xfffffff0
175
176#define OHCI_BM(val, field) \
177 (((val) & OHCI_##field##_MASK) >> OHCI_##field##_SHIFT)
178
179#define OHCI_SET_BM(val, field, newval) do { \
180 val &= ~OHCI_##field##_MASK; \
181 val |= ((newval) << OHCI_##field##_SHIFT) & OHCI_##field##_MASK; \
182 } while(0)
183
184/* endpoint descriptor */
185struct ohci_ed {
186 uint32_t flags;
187 uint32_t tail;
188 uint32_t head;
189 uint32_t next;
190};
191
192/* General transfer descriptor */
193struct ohci_td {
194 uint32_t flags;
195 uint32_t cbp;
196 uint32_t next;
197 uint32_t be;
198};
199
7bfe5777
AZ		 200/* Isochronous transfer descriptor */
201struct ohci_iso_td {
202 uint32_t flags;
203 uint32_t bp;
204 uint32_t next;
205 uint32_t be;
206 uint16_t offset[8];
207};
208
0d92ed30
PB		 209#define USB_HZ 12000000
210
211/* OHCI Local stuff */
212#define OHCI_CTL_CBSR ((1<<0)|(1<<1))
213#define OHCI_CTL_PLE (1<<2)
214#define OHCI_CTL_IE (1<<3)
215#define OHCI_CTL_CLE (1<<4)
216#define OHCI_CTL_BLE (1<<5)
217#define OHCI_CTL_HCFS ((1<<6)|(1<<7))
218#define OHCI_USB_RESET 0x00
219#define OHCI_USB_RESUME 0x40
220#define OHCI_USB_OPERATIONAL 0x80
221#define OHCI_USB_SUSPEND 0xc0
222#define OHCI_CTL_IR (1<<8)
223#define OHCI_CTL_RWC (1<<9)
224#define OHCI_CTL_RWE (1<<10)
225
226#define OHCI_STATUS_HCR (1<<0)
227#define OHCI_STATUS_CLF (1<<1)
228#define OHCI_STATUS_BLF (1<<2)
229#define OHCI_STATUS_OCR (1<<3)
230#define OHCI_STATUS_SOC ((1<<6)|(1<<7))
231
00b01793
PM		 232#define OHCI_INTR_SO (1U<<0) /* Scheduling overrun */
233#define OHCI_INTR_WD (1U<<1) /* HcDoneHead writeback */
234#define OHCI_INTR_SF (1U<<2) /* Start of frame */
235#define OHCI_INTR_RD (1U<<3) /* Resume detect */
236#define OHCI_INTR_UE (1U<<4) /* Unrecoverable error */
237#define OHCI_INTR_FNO (1U<<5) /* Frame number overflow */
238#define OHCI_INTR_RHSC (1U<<6) /* Root hub status change */
239#define OHCI_INTR_OC (1U<<30) /* Ownership change */
240#define OHCI_INTR_MIE (1U<<31) /* Master Interrupt Enable */
0d92ed30
PB		 241
242#define OHCI_HCCA_SIZE 0x100
243#define OHCI_HCCA_MASK 0xffffff00
244
245#define OHCI_EDPTR_MASK 0xfffffff0
246
247#define OHCI_FMI_FI 0x00003fff
248#define OHCI_FMI_FSMPS 0xffff0000
249#define OHCI_FMI_FIT 0x80000000
250
00b01793 251#define OHCI_FR_RT (1U<<31)
0d92ed30
PB		 252
253#define OHCI_LS_THRESH 0x628
254
255#define OHCI_RHA_RW_MASK 0x00000000 /* Mask of supported features. */
256#define OHCI_RHA_PSM (1<<8)
257#define OHCI_RHA_NPS (1<<9)
258#define OHCI_RHA_DT (1<<10)
259#define OHCI_RHA_OCPM (1<<11)
260#define OHCI_RHA_NOCP (1<<12)
261#define OHCI_RHA_POTPGT_MASK 0xff000000
262
00b01793
PM		 263#define OHCI_RHS_LPS (1U<<0)
264#define OHCI_RHS_OCI (1U<<1)
265#define OHCI_RHS_DRWE (1U<<15)
266#define OHCI_RHS_LPSC (1U<<16)
267#define OHCI_RHS_OCIC (1U<<17)
268#define OHCI_RHS_CRWE (1U<<31)
0d92ed30
PB		 269
270#define OHCI_PORT_CCS (1<<0)
271#define OHCI_PORT_PES (1<<1)
272#define OHCI_PORT_PSS (1<<2)
273#define OHCI_PORT_POCI (1<<3)
274#define OHCI_PORT_PRS (1<<4)
275#define OHCI_PORT_PPS (1<<8)
276#define OHCI_PORT_LSDA (1<<9)
277#define OHCI_PORT_CSC (1<<16)
278#define OHCI_PORT_PESC (1<<17)
279#define OHCI_PORT_PSSC (1<<18)
280#define OHCI_PORT_OCIC (1<<19)
281#define OHCI_PORT_PRSC (1<<20)
282#define OHCI_PORT_WTC (OHCI_PORT_CSC|OHCI_PORT_PESC|OHCI_PORT_PSSC \
283 |OHCI_PORT_OCIC|OHCI_PORT_PRSC)
284
285#define OHCI_TD_DIR_SETUP 0x0
286#define OHCI_TD_DIR_OUT 0x1
287#define OHCI_TD_DIR_IN 0x2
288#define OHCI_TD_DIR_RESERVED 0x3
289
290#define OHCI_CC_NOERROR 0x0
291#define OHCI_CC_CRC 0x1
292#define OHCI_CC_BITSTUFFING 0x2
293#define OHCI_CC_DATATOGGLEMISMATCH 0x3
294#define OHCI_CC_STALL 0x4
295#define OHCI_CC_DEVICENOTRESPONDING 0x5
296#define OHCI_CC_PIDCHECKFAILURE 0x6
297#define OHCI_CC_UNDEXPETEDPID 0x7
298#define OHCI_CC_DATAOVERRUN 0x8
299#define OHCI_CC_DATAUNDERRUN 0x9
300#define OHCI_CC_BUFFEROVERRUN 0xc
301#define OHCI_CC_BUFFERUNDERRUN 0xd
302
e24ad6f1
PB		 303#define OHCI_HRESET_FSBIR (1 << 0)
304
cf66ee8e
AK		 305static void ohci_die(OHCIState *ohci);
306
61064870
PB		 307/* Update IRQ levels */
308static inline void ohci_intr_update(OHCIState *ohci)
309{
310 int level = 0;
311
312 if ((ohci->intr & OHCI_INTR_MIE) &&
313 (ohci->intr_status & ohci->intr))
314 level = 1;
315
d537cf6c 316 qemu_set_irq(ohci->irq, level);
61064870
PB		 317}
318
319/* Set an interrupt */
320static inline void ohci_set_interrupt(OHCIState *ohci, uint32_t intr)
321{
322 ohci->intr_status |= intr;
323 ohci_intr_update(ohci);
324}
325
326/* Attach or detach a device on a root hub port. */
618c169b 327static void ohci_attach(USBPort *port1)
0d92ed30
PB		 328{
329 OHCIState *s = port1->opaque;
330 OHCIPort *port = &s->rhport[port1->index];
3dc345d5 331 uint32_t old_state = port->ctrl;
0d92ed30 332
618c169b
GH		 333 /* set connect status */
334 port->ctrl |= OHCI_PORT_CCS | OHCI_PORT_CSC;
335
336 /* update speed */
337 if (port->port.dev->speed == USB_SPEED_LOW) {
338 port->ctrl |= OHCI_PORT_LSDA;
0d92ed30 339 } else {
618c169b
GH		 340 port->ctrl &= ~OHCI_PORT_LSDA;
341 }
342
343 /* notify of remote-wakeup */
344 if ((s->ctl & OHCI_CTL_HCFS) == OHCI_USB_SUSPEND) {
345 ohci_set_interrupt(s, OHCI_INTR_RD);
346 }
347
dc1f5988 348 trace_usb_ohci_port_attach(port1->index);
3dc345d5
GH		 349
350 if (old_state != port->ctrl) {
351 ohci_set_interrupt(s, OHCI_INTR_RHSC);
352 }
618c169b
GH		 353}
354
355static void ohci_detach(USBPort *port1)
356{
357 OHCIState *s = port1->opaque;
358 OHCIPort *port = &s->rhport[port1->index];
359 uint32_t old_state = port->ctrl;
360
4706ab6c
HG		 361 ohci_async_cancel_device(s, port1->dev);
362
618c169b
GH		 363 /* set connect status */
364 if (port->ctrl & OHCI_PORT_CCS) {
365 port->ctrl &= ~OHCI_PORT_CCS;
366 port->ctrl |= OHCI_PORT_CSC;
367 }
368 /* disable port */
369 if (port->ctrl & OHCI_PORT_PES) {
370 port->ctrl &= ~OHCI_PORT_PES;
371 port->ctrl |= OHCI_PORT_PESC;
0d92ed30 372 }
dc1f5988 373 trace_usb_ohci_port_detach(port1->index);
61064870 374
3dc345d5 375 if (old_state != port->ctrl) {
61064870 376 ohci_set_interrupt(s, OHCI_INTR_RHSC);
3dc345d5 377 }
0d92ed30
PB		 378}
379
d47e59b8 380static void ohci_wakeup(USBPort *port1)
9bba1eb1 381{
d47e59b8
HG		 382 OHCIState *s = port1->opaque;
383 OHCIPort *port = &s->rhport[port1->index];
f3dc0051 384 uint32_t intr = 0;
9bba1eb1 385 if (port->ctrl & OHCI_PORT_PSS) {
dc1f5988 386 trace_usb_ohci_port_wakeup(port1->index);
9bba1eb1
PM		 387 port->ctrl |= OHCI_PORT_PSSC;
388 port->ctrl &= ~OHCI_PORT_PSS;
f3dc0051 389 intr = OHCI_INTR_RHSC;
9bba1eb1 390 }
f3dc0051
PM		 391 /* Note that the controller can be suspended even if this port is not */
392 if ((s->ctl & OHCI_CTL_HCFS) == OHCI_USB_SUSPEND) {
dc1f5988 393 trace_usb_ohci_remote_wakeup(s->name);
f3dc0051
PM		 394 /* This is the one state transition the controller can do by itself */
395 s->ctl &= ~OHCI_CTL_HCFS;
396 s->ctl |= OHCI_USB_RESUME;
397 /* In suspend mode only ResumeDetected is possible, not RHSC:
398 * see the OHCI spec 5.1.2.3.
399 */
400 intr = OHCI_INTR_RD;
401 }
402 ohci_set_interrupt(s, intr);
9bba1eb1
PM		 403}
404
4706ab6c
HG		 405static void ohci_child_detach(USBPort *port1, USBDevice *child)
406{
407 OHCIState *s = port1->opaque;
408
409 ohci_async_cancel_device(s, child);
410}
411
993048bb
GH		 412static USBDevice *ohci_find_device(OHCIState *ohci, uint8_t addr)
413{
414 USBDevice *dev;
415 int i;
416
417 for (i = 0; i < ohci->num_ports; i++) {
418 if ((ohci->rhport[i].ctrl & OHCI_PORT_PES) == 0) {
419 continue;
420 }
421 dev = usb_find_device(&ohci->rhport[i].port, addr);
422 if (dev != NULL) {
423 return dev;
424 }
425 }
426 return NULL;
427}
428
f79738b0
HG		 429static void ohci_stop_endpoints(OHCIState *ohci)
430{
431 USBDevice *dev;
432 int i, j;
433
434 for (i = 0; i < ohci->num_ports; i++) {
435 dev = ohci->rhport[i].port.dev;
436 if (dev && dev->attached) {
437 usb_device_ep_stopped(dev, &dev->ep_ctl);
438 for (j = 0; j < USB_MAX_ENDPOINTS; j++) {
439 usb_device_ep_stopped(dev, &dev->ep_in[j]);
440 usb_device_ep_stopped(dev, &dev->ep_out[j]);
441 }
442 }
443 }
444}
445
84d04e21 446static void ohci_roothub_reset(OHCIState *ohci)
0d92ed30
PB		 447{
448 OHCIPort *port;
449 int i;
450
73221b12 451 ohci_bus_stop(ohci);
84d04e21
HP		 452 ohci->rhdesc_a = OHCI_RHA_NPS | ohci->num_ports;
453 ohci->rhdesc_b = 0x0; /* Impl. specific */
454 ohci->rhstatus = 0;
455
456 for (i = 0; i < ohci->num_ports; i++) {
457 port = &ohci->rhport[i];
458 port->ctrl = 0;
459 if (port->port.dev && port->port.dev->attached) {
460 usb_port_reset(&port->port);
461 }
462 }
463 if (ohci->async_td) {
464 usb_cancel_packet(&ohci->usb_packet);
465 ohci->async_td = 0;
466 }
467 ohci_stop_endpoints(ohci);
468}
469
470/* Reset the controller */
471static void ohci_soft_reset(OHCIState *ohci)
472{
473 trace_usb_ohci_reset(ohci->name);
474
475 ohci_bus_stop(ohci);
476 ohci->ctl = (ohci->ctl & OHCI_CTL_IR) | OHCI_USB_SUSPEND;
4d611c9a 477 ohci->old_ctl = 0;
0d92ed30
PB		 478 ohci->status = 0;
479 ohci->intr_status = 0;
480 ohci->intr = OHCI_INTR_MIE;
481
482 ohci->hcca = 0;
483 ohci->ctrl_head = ohci->ctrl_cur = 0;
484 ohci->bulk_head = ohci->bulk_cur = 0;
485 ohci->per_cur = 0;
486 ohci->done = 0;
487 ohci->done_count = 7;
488
489 /* FSMPS is marked TBD in OCHI 1.0, what gives ffs?
490 * I took the value linux sets ...
491 */
492 ohci->fsmps = 0x2778;
493 ohci->fi = 0x2edf;
494 ohci->fit = 0;
495 ohci->frt = 0;
496 ohci->frame_number = 0;
497 ohci->pstart = 0;
498 ohci->lst = OHCI_LS_THRESH;
84d04e21 499}
0d92ed30 500
84d04e21
HP		 501static void ohci_hard_reset(OHCIState *ohci)
502{
503 ohci_soft_reset(ohci);
504 ohci->ctl = 0;
505 ohci_roothub_reset(ohci);
0d92ed30
PB		 506}
507
0d92ed30 508/* Get an array of dwords from main memory */
ac611340 509static inline int get_dwords(OHCIState *ohci,
9ac6a217 510 dma_addr_t addr, uint32_t *buf, int num)
0d92ed30
PB		 511{
512 int i;
513
ac611340
AJ		 514 addr += ohci->localmem_base;
515
0d92ed30 516 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
cf66ee8e
AK		 517 if (dma_memory_read(ohci->as, addr, buf, sizeof(*buf))) {
518 return -1;
519 }
0d92ed30
PB		 520 *buf = le32_to_cpu(*buf);
521 }
522
cf66ee8e 523 return 0;
0d92ed30
PB		 524}
525
526/* Put an array of dwords in to main memory */
ac611340 527static inline int put_dwords(OHCIState *ohci,
9ac6a217 528 dma_addr_t addr, uint32_t *buf, int num)
0d92ed30
PB		 529{
530 int i;
531
ac611340
AJ		 532 addr += ohci->localmem_base;
533
0d92ed30
PB		 534 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
535 uint32_t tmp = cpu_to_le32(*buf);
cf66ee8e
AK		 536 if (dma_memory_write(ohci->as, addr, &tmp, sizeof(tmp))) {
537 return -1;
538 }
0d92ed30
PB		 539 }
540
cf66ee8e 541 return 0;
0d92ed30
PB		 542}
543
7bfe5777 544/* Get an array of words from main memory */
ac611340 545static inline int get_words(OHCIState *ohci,
9ac6a217 546 dma_addr_t addr, uint16_t *buf, int num)
7bfe5777
AZ		 547{
548 int i;
549
ac611340
AJ		 550 addr += ohci->localmem_base;
551
7bfe5777 552 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
cf66ee8e
AK		 553 if (dma_memory_read(ohci->as, addr, buf, sizeof(*buf))) {
554 return -1;
555 }
7bfe5777
AZ		 556 *buf = le16_to_cpu(*buf);
557 }
558
cf66ee8e 559 return 0;
7bfe5777
AZ		 560}
561
562/* Put an array of words in to main memory */
ac611340 563static inline int put_words(OHCIState *ohci,
9ac6a217 564 dma_addr_t addr, uint16_t *buf, int num)
7bfe5777
AZ		 565{
566 int i;
567
ac611340
AJ		 568 addr += ohci->localmem_base;
569
7bfe5777
AZ		 570 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
571 uint16_t tmp = cpu_to_le16(*buf);
cf66ee8e
AK		 572 if (dma_memory_write(ohci->as, addr, &tmp, sizeof(tmp))) {
573 return -1;
574 }
7bfe5777
AZ		 575 }
576
cf66ee8e 577 return 0;
7bfe5777
AZ		 578}
579
ac611340 580static inline int ohci_read_ed(OHCIState *ohci,
9ac6a217 581 dma_addr_t addr, struct ohci_ed *ed)
0d92ed30 582{
ac611340 583 return get_dwords(ohci, addr, (uint32_t *)ed, sizeof(*ed) >> 2);
0d92ed30
PB		 584}
585
ac611340 586static inline int ohci_read_td(OHCIState *ohci,
9ac6a217 587 dma_addr_t addr, struct ohci_td *td)
0d92ed30 588{
ac611340 589 return get_dwords(ohci, addr, (uint32_t *)td, sizeof(*td) >> 2);
0d92ed30
PB		 590}
591
ac611340 592static inline int ohci_read_iso_td(OHCIState *ohci,
9ac6a217 593 dma_addr_t addr, struct ohci_iso_td *td)
7bfe5777 594{
cf66ee8e
AK		 595 return get_dwords(ohci, addr, (uint32_t *)td, 4) ||
596 get_words(ohci, addr + 16, td->offset, 8);
7bfe5777
AZ		 597}
598
ac611340 599static inline int ohci_read_hcca(OHCIState *ohci,
9ac6a217 600 dma_addr_t addr, struct ohci_hcca *hcca)
0d92ed30 601{
cf66ee8e
AK		 602 return dma_memory_read(ohci->as, addr + ohci->localmem_base,
603 hcca, sizeof(*hcca));
0d92ed30
PB		 604}
605
ac611340 606static inline int ohci_put_ed(OHCIState *ohci,
9ac6a217 607 dma_addr_t addr, struct ohci_ed *ed)
0d92ed30 608{
86e18cae
WY		 609 /* ed->tail is under control of the HCD.
610 * Since just ed->head is changed by HC, just write back this
611 */
612
613 return put_dwords(ohci, addr + ED_WBACK_OFFSET,
614 (uint32_t *)((char *)ed + ED_WBACK_OFFSET),
615 ED_WBACK_SIZE >> 2);
0d92ed30
PB		 616}
617
ac611340 618static inline int ohci_put_td(OHCIState *ohci,
9ac6a217 619 dma_addr_t addr, struct ohci_td *td)
7bfe5777 620{
ac611340
AJ		 621 return put_dwords(ohci, addr, (uint32_t *)td, sizeof(*td) >> 2);
622}
623
624static inline int ohci_put_iso_td(OHCIState *ohci,
9ac6a217 625 dma_addr_t addr, struct ohci_iso_td *td)
ac611340 626{
cae7f29c
JU		 627 return put_dwords(ohci, addr, (uint32_t *)td, 4) ||
628 put_words(ohci, addr + 16, td->offset, 8);
ac611340
AJ		 629}
630
631static inline int ohci_put_hcca(OHCIState *ohci,
9ac6a217 632 dma_addr_t addr, struct ohci_hcca *hcca)
ac611340 633{
cf66ee8e
AK		 634 return dma_memory_write(ohci->as,
635 addr + ohci->localmem_base + HCCA_WRITEBACK_OFFSET,
636 (char *)hcca + HCCA_WRITEBACK_OFFSET,
637 HCCA_WRITEBACK_SIZE);
7bfe5777
AZ		 638}
639
0d92ed30 640/* Read/Write the contents of a TD from/to main memory. */
cf66ee8e
AK		 641static int ohci_copy_td(OHCIState *ohci, struct ohci_td *td,
642 uint8_t *buf, int len, DMADirection dir)
0d92ed30 643{
9ac6a217 644 dma_addr_t ptr, n;
0d92ed30
PB		 645
646 ptr = td->cbp;
647 n = 0x1000 - (ptr & 0xfff);
648 if (n > len)
649 n = len;
cf66ee8e
AK		 650
651 if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf, n, dir)) {
652 return -1;
653 }
654 if (n == len) {
655 return 0;
656 }
0d92ed30 657 ptr = td->be & ~0xfffu;
e6f3e5e0 658 buf += n;
cf66ee8e
AK		 659 if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf,
660 len - n, dir)) {
661 return -1;
662 }
663 return 0;
0d92ed30
PB		 664}
665
7bfe5777 666/* Read/Write the contents of an ISO TD from/to main memory. */
cf66ee8e
AK		 667static int ohci_copy_iso_td(OHCIState *ohci,
668 uint32_t start_addr, uint32_t end_addr,
669 uint8_t *buf, int len, DMADirection dir)
7bfe5777 670{
9ac6a217 671 dma_addr_t ptr, n;
4d611c9a 672
7bfe5777
AZ		 673 ptr = start_addr;
674 n = 0x1000 - (ptr & 0xfff);
675 if (n > len)
676 n = len;
cf66ee8e
AK		 677
678 if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf, n, dir)) {
679 return -1;
680 }
681 if (n == len) {
682 return 0;
683 }
7bfe5777
AZ		 684 ptr = end_addr & ~0xfffu;
685 buf += n;
cf66ee8e
AK		 686 if (dma_memory_rw(ohci->as, ptr + ohci->localmem_base, buf,
687 len - n, dir)) {
688 return -1;
689 }
690 return 0;
7bfe5777
AZ		 691}
692
693static void ohci_process_lists(OHCIState *ohci, int completion);
694
d47e59b8 695static void ohci_async_complete_packet(USBPort *port, USBPacket *packet)
4d611c9a 696{
9066df13 697 OHCIState *ohci = container_of(packet, OHCIState, usb_packet);
dc1f5988
AK		 698
699 trace_usb_ohci_async_complete();
69e25d26 700 ohci->async_complete = true;
7bfe5777
AZ		 701 ohci_process_lists(ohci, 1);
702}
703
704#define USUB(a, b) ((int16_t)((uint16_t)(a) - (uint16_t)(b)))
705
706static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
707 int completion)
708{
709 int dir;
710 size_t len = 0;
7ccfb2eb 711 const char *str = NULL;
7bfe5777
AZ		 712 int pid;
713 int ret;
714 int i;
715 USBDevice *dev;
079d0b7f 716 USBEndpoint *ep;
7bfe5777
AZ		 717 struct ohci_iso_td iso_td;
718 uint32_t addr;
719 uint16_t starting_frame;
720 int16_t relative_frame_number;
721 int frame_count;
722 uint32_t start_offset, next_offset, end_offset = 0;
723 uint32_t start_addr, end_addr;
724
725 addr = ed->head & OHCI_DPTR_MASK;
726
cf66ee8e 727 if (ohci_read_iso_td(ohci, addr, &iso_td)) {
dc1f5988 728 trace_usb_ohci_iso_td_read_failed(addr);
cf66ee8e 729 ohci_die(ohci);
26f670a2 730 return 1;
7bfe5777
AZ		 731 }
732
733 starting_frame = OHCI_BM(iso_td.flags, TD_SF);
734 frame_count = OHCI_BM(iso_td.flags, TD_FC);
735 relative_frame_number = USUB(ohci->frame_number, starting_frame);
736
dc1f5988 737 trace_usb_ohci_iso_td_head(
7bfe5777
AZ		 738 ed->head & OHCI_DPTR_MASK, ed->tail & OHCI_DPTR_MASK,
739 iso_td.flags, iso_td.bp, iso_td.next, iso_td.be,
3af8f177 740 ohci->frame_number, starting_frame,
bc0d104c 741 frame_count, relative_frame_number);
3af8f177
AK		 742 trace_usb_ohci_iso_td_head_offset(
743 iso_td.offset[0], iso_td.offset[1],
744 iso_td.offset[2], iso_td.offset[3],
745 iso_td.offset[4], iso_td.offset[5],
746 iso_td.offset[6], iso_td.offset[7]);
7bfe5777
AZ		 747
748 if (relative_frame_number < 0) {
dc1f5988 749 trace_usb_ohci_iso_td_relative_frame_number_neg(relative_frame_number);
7bfe5777
AZ		 750 return 1;
751 } else if (relative_frame_number > frame_count) {
752 /* ISO TD expired - retire the TD to the Done Queue and continue with
753 the next ISO TD of the same ED */
dc1f5988
AK		 754 trace_usb_ohci_iso_td_relative_frame_number_big(relative_frame_number,
755 frame_count);
7bfe5777
AZ		 756 OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_DATAOVERRUN);
757 ed->head &= ~OHCI_DPTR_MASK;
758 ed->head |= (iso_td.next & OHCI_DPTR_MASK);
759 iso_td.next = ohci->done;
760 ohci->done = addr;
761 i = OHCI_BM(iso_td.flags, TD_DI);
762 if (i < ohci->done_count)
763 ohci->done_count = i;
cf66ee8e
AK		 764 if (ohci_put_iso_td(ohci, addr, &iso_td)) {
765 ohci_die(ohci);
766 return 1;
767 }
7bfe5777
AZ		 768 return 0;
769 }
770
771 dir = OHCI_BM(ed->flags, ED_D);
772 switch (dir) {
773 case OHCI_TD_DIR_IN:
774 str = "in";
775 pid = USB_TOKEN_IN;
776 break;
777 case OHCI_TD_DIR_OUT:
778 str = "out";
779 pid = USB_TOKEN_OUT;
780 break;
781 case OHCI_TD_DIR_SETUP:
782 str = "setup";
783 pid = USB_TOKEN_SETUP;
784 break;
785 default:
dc1f5988 786 trace_usb_ohci_iso_td_bad_direction(dir);
7bfe5777
AZ		 787 return 1;
788 }
789
790 if (!iso_td.bp || !iso_td.be) {
dc1f5988 791 trace_usb_ohci_iso_td_bad_bp_be(iso_td.bp, iso_td.be);
7bfe5777
AZ		 792 return 1;
793 }
794
795 start_offset = iso_td.offset[relative_frame_number];
796 next_offset = iso_td.offset[relative_frame_number + 1];
797
798 if (!(OHCI_BM(start_offset, TD_PSW_CC) & 0xe) ||
799 ((relative_frame_number < frame_count) &&
800 !(OHCI_BM(next_offset, TD_PSW_CC) & 0xe))) {
dc1f5988 801 trace_usb_ohci_iso_td_bad_cc_not_accessed(start_offset, next_offset);
7bfe5777
AZ		 802 return 1;
803 }
804
805 if ((relative_frame_number < frame_count) && (start_offset > next_offset)) {
dc1f5988 806 trace_usb_ohci_iso_td_bad_cc_overrun(start_offset, next_offset);
7bfe5777
AZ		 807 return 1;
808 }
809
810 if ((start_offset & 0x1000) == 0) {
811 start_addr = (iso_td.bp & OHCI_PAGE_MASK) |
812 (start_offset & OHCI_OFFSET_MASK);
813 } else {
814 start_addr = (iso_td.be & OHCI_PAGE_MASK) |
815 (start_offset & OHCI_OFFSET_MASK);
816 }
817
818 if (relative_frame_number < frame_count) {
819 end_offset = next_offset - 1;
820 if ((end_offset & 0x1000) == 0) {
821 end_addr = (iso_td.bp & OHCI_PAGE_MASK) |
822 (end_offset & OHCI_OFFSET_MASK);
823 } else {
824 end_addr = (iso_td.be & OHCI_PAGE_MASK) |
825 (end_offset & OHCI_OFFSET_MASK);
826 }
827 } else {
828 /* Last packet in the ISO TD */
829 end_addr = iso_td.be;
830 }
831
832 if ((start_addr & OHCI_PAGE_MASK) != (end_addr & OHCI_PAGE_MASK)) {
833 len = (end_addr & OHCI_OFFSET_MASK) + 0x1001
834 - (start_addr & OHCI_OFFSET_MASK);
835 } else {
836 len = end_addr - start_addr + 1;
837 }
838
839 if (len && dir != OHCI_TD_DIR_IN) {
cf66ee8e
AK		 840 if (ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, len,
841 DMA_DIRECTION_TO_DEVICE)) {
842 ohci_die(ohci);
843 return 1;
844 }
7bfe5777
AZ		 845 }
846
9a77a0f5 847 if (!completion) {
a6fb2ddb
HG		 848 bool int_req = relative_frame_number == frame_count &&
849 OHCI_BM(iso_td.flags, TD_DI) == 0;
079d0b7f 850 dev = ohci_find_device(ohci, OHCI_BM(ed->flags, ED_FA));
42340fc3
LM		 851 if (dev == NULL) {
852 trace_usb_ohci_td_dev_error();
853 return 1;
854 }
079d0b7f 855 ep = usb_ep_get(dev, pid, OHCI_BM(ed->flags, ED_EN));
8550a02d 856 usb_packet_setup(&ohci->usb_packet, pid, ep, 0, addr, false, int_req);
993048bb 857 usb_packet_addbuf(&ohci->usb_packet, ohci->usb_buf, len);
9a77a0f5
HG		 858 usb_handle_packet(dev, &ohci->usb_packet);
859 if (ohci->usb_packet.status == USB_RET_ASYNC) {
36dfe324 860 usb_device_flush_ep_queue(dev, ep);
7bfe5777
AZ		 861 return 1;
862 }
863 }
9a77a0f5
HG		 864 if (ohci->usb_packet.status == USB_RET_SUCCESS) {
865 ret = ohci->usb_packet.actual_length;
866 } else {
867 ret = ohci->usb_packet.status;
868 }
7bfe5777 869
dc1f5988
AK		 870 trace_usb_ohci_iso_td_so(start_offset, end_offset, start_addr, end_addr,
871 str, len, ret);
7bfe5777
AZ		 872
873 /* Writeback */
874 if (dir == OHCI_TD_DIR_IN && ret >= 0 && ret <= len) {
875 /* IN transfer succeeded */
cf66ee8e
AK		 876 if (ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, ret,
877 DMA_DIRECTION_FROM_DEVICE)) {
878 ohci_die(ohci);
879 return 1;
880 }
7bfe5777
AZ		 881 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
882 OHCI_CC_NOERROR);
883 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE, ret);
884 } else if (dir == OHCI_TD_DIR_OUT && ret == len) {
885 /* OUT transfer succeeded */
886 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
887 OHCI_CC_NOERROR);
888 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE, 0);
889 } else {
87283515 890 if (ret > (ssize_t) len) {
dc1f5988 891 trace_usb_ohci_iso_td_data_overrun(ret, len);
7bfe5777
AZ		 892 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
893 OHCI_CC_DATAOVERRUN);
894 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
895 len);
896 } else if (ret >= 0) {
dc1f5988 897 trace_usb_ohci_iso_td_data_underrun(ret);
7bfe5777
AZ		 898 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
899 OHCI_CC_DATAUNDERRUN);
900 } else {
901 switch (ret) {
d61000a8 902 case USB_RET_IOERROR:
7bfe5777
AZ		 903 case USB_RET_NODEV:
904 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
905 OHCI_CC_DEVICENOTRESPONDING);
906 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
907 0);
908 break;
909 case USB_RET_NAK:
910 case USB_RET_STALL:
dc1f5988 911 trace_usb_ohci_iso_td_nak(ret);
7bfe5777
AZ		 912 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
913 OHCI_CC_STALL);
914 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
915 0);
916 break;
917 default:
dc1f5988 918 trace_usb_ohci_iso_td_bad_response(ret);
7bfe5777
AZ		 919 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
920 OHCI_CC_UNDEXPETEDPID);
921 break;
922 }
923 }
924 }
925
926 if (relative_frame_number == frame_count) {
927 /* Last data packet of ISO TD - retire the TD to the Done Queue */
928 OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_NOERROR);
929 ed->head &= ~OHCI_DPTR_MASK;
930 ed->head |= (iso_td.next & OHCI_DPTR_MASK);
931 iso_td.next = ohci->done;
932 ohci->done = addr;
933 i = OHCI_BM(iso_td.flags, TD_DI);
934 if (i < ohci->done_count)
935 ohci->done_count = i;
936 }
cf66ee8e
AK		 937 if (ohci_put_iso_td(ohci, addr, &iso_td)) {
938 ohci_die(ohci);
939 }
7bfe5777 940 return 1;
4d611c9a
PB		 941}
942
dc1f5988
AK		 943static void ohci_td_pkt(const char *msg, const uint8_t *buf, size_t len)
944{
d87aa138
SH		 945 bool print16;
946 bool printall;
dc1f5988
AK		 947 const int width = 16;
948 int i;
949 char tmp[3 * width + 1];
950 char *p = tmp;
951
d87aa138
SH		 952 print16 = !!trace_event_get_state_backends(TRACE_USB_OHCI_TD_PKT_SHORT);
953 printall = !!trace_event_get_state_backends(TRACE_USB_OHCI_TD_PKT_FULL);
954
dc1f5988
AK		 955 if (!printall && !print16) {
956 return;
957 }
958
959 for (i = 0; ; i++) {
960 if (i && (!(i % width) || (i == len))) {
961 if (!printall) {
962 trace_usb_ohci_td_pkt_short(msg, tmp);
963 break;
964 }
965 trace_usb_ohci_td_pkt_full(msg, tmp);
966 p = tmp;
967 *p = 0;
968 }
969 if (i == len) {
970 break;
971 }
972
973 p += sprintf(p, " %.2x", buf[i]);
974 }
975}
dc1f5988 976
0d92ed30
PB		 977/* Service a transport descriptor.
978 Returns nonzero to terminate processing of this endpoint. */
979
980static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed)
981{
982 int dir;
905fb034 983 size_t len = 0, pktlen = 0;
7ccfb2eb 984 const char *str = NULL;
0d92ed30
PB		 985 int pid;
986 int ret;
987 int i;
988 USBDevice *dev;
079d0b7f 989 USBEndpoint *ep;
0d92ed30
PB		 990 struct ohci_td td;
991 uint32_t addr;
992 int flag_r;
4d611c9a 993 int completion;
0d92ed30
PB		 994
995 addr = ed->head & OHCI_DPTR_MASK;
4d611c9a
PB		 996 /* See if this TD has already been submitted to the device. */
997 completion = (addr == ohci->async_td);
998 if (completion && !ohci->async_complete) {
dc1f5988 999 trace_usb_ohci_td_skip_async();
4d611c9a
PB		 1000 return 1;
1001 }
cf66ee8e 1002 if (ohci_read_td(ohci, addr, &td)) {
dc1f5988 1003 trace_usb_ohci_td_read_error(addr);
cf66ee8e 1004 ohci_die(ohci);
6ebc069d 1005 return 1;
0d92ed30
PB		 1006 }
1007
1008 dir = OHCI_BM(ed->flags, ED_D);
1009 switch (dir) {
1010 case OHCI_TD_DIR_OUT:
1011 case OHCI_TD_DIR_IN:
1012 /* Same value. */
1013 break;
1014 default:
1015 dir = OHCI_BM(td.flags, TD_DP);
1016 break;
1017 }
1018
1019 switch (dir) {
1020 case OHCI_TD_DIR_IN:
1021 str = "in";
1022 pid = USB_TOKEN_IN;
1023 break;
1024 case OHCI_TD_DIR_OUT:
1025 str = "out";
1026 pid = USB_TOKEN_OUT;
1027 break;
1028 case OHCI_TD_DIR_SETUP:
1029 str = "setup";
1030 pid = USB_TOKEN_SETUP;
1031 break;
1032 default:
dc1f5988 1033 trace_usb_ohci_td_bad_direction(dir);
0d92ed30
PB		 1034 return 1;
1035 }
1036 if (td.cbp && td.be) {
e6f3e5e0
PB		 1037 if ((td.cbp & 0xfffff000) != (td.be & 0xfffff000)) {
1038 len = (td.be & 0xfff) + 0x1001 - (td.cbp & 0xfff);
1039 } else {
1040 len = (td.be - td.cbp) + 1;
1041 }
1042
905fb034
PM		 1043 pktlen = len;
1044 if (len && dir != OHCI_TD_DIR_IN) {
1045 /* The endpoint may not allow us to transfer it all now */
1046 pktlen = (ed->flags & OHCI_ED_MPS_MASK) >> OHCI_ED_MPS_SHIFT;
1047 if (pktlen > len) {
1048 pktlen = len;
1049 }
1050 if (!completion) {
cf66ee8e
AK		 1051 if (ohci_copy_td(ohci, &td, ohci->usb_buf, pktlen,
1052 DMA_DIRECTION_TO_DEVICE)) {
1053 ohci_die(ohci);
1054 }
905fb034 1055 }
0d92ed30
PB		 1056 }
1057 }
1058
1059 flag_r = (td.flags & OHCI_TD_R) != 0;
dc1f5988
AK		 1060 trace_usb_ohci_td_pkt_hdr(addr, (int64_t)pktlen, (int64_t)len, str,
1061 flag_r, td.cbp, td.be);
1062 ohci_td_pkt("OUT", ohci->usb_buf, pktlen);
1063
4d611c9a 1064 if (completion) {
4d611c9a 1065 ohci->async_td = 0;
69e25d26 1066 ohci->async_complete = false;
4d611c9a 1067 } else {
993048bb
GH		 1068 if (ohci->async_td) {
1069 /* ??? The hardware should allow one active packet per
1070 endpoint. We only allow one active packet per controller.
1071 This should be sufficient as long as devices respond in a
1072 timely manner.
1073 */
dc1f5988 1074 trace_usb_ohci_td_too_many_pending();
993048bb 1075 return 1;
4d611c9a 1076 }
079d0b7f 1077 dev = ohci_find_device(ohci, OHCI_BM(ed->flags, ED_FA));
42340fc3
LM		 1078 if (dev == NULL) {
1079 trace_usb_ohci_td_dev_error();
1080 return 1;
1081 }
079d0b7f 1082 ep = usb_ep_get(dev, pid, OHCI_BM(ed->flags, ED_EN));
8550a02d 1083 usb_packet_setup(&ohci->usb_packet, pid, ep, 0, addr, !flag_r,
a6fb2ddb 1084 OHCI_BM(td.flags, TD_DI) == 0);
993048bb 1085 usb_packet_addbuf(&ohci->usb_packet, ohci->usb_buf, pktlen);
9a77a0f5 1086 usb_handle_packet(dev, &ohci->usb_packet);
dc1f5988
AK		 1087 trace_usb_ohci_td_packet_status(ohci->usb_packet.status);
1088
9a77a0f5 1089 if (ohci->usb_packet.status == USB_RET_ASYNC) {
36dfe324 1090 usb_device_flush_ep_queue(dev, ep);
4d611c9a
PB		 1091 ohci->async_td = addr;
1092 return 1;
1093 }
1094 }
9a77a0f5
HG		 1095 if (ohci->usb_packet.status == USB_RET_SUCCESS) {
1096 ret = ohci->usb_packet.actual_length;
1097 } else {
1098 ret = ohci->usb_packet.status;
1099 }
1100
0d92ed30
PB		 1101 if (ret >= 0) {
1102 if (dir == OHCI_TD_DIR_IN) {
cf66ee8e
AK		 1103 if (ohci_copy_td(ohci, &td, ohci->usb_buf, ret,
1104 DMA_DIRECTION_FROM_DEVICE)) {
1105 ohci_die(ohci);
1106 }
dc1f5988 1107 ohci_td_pkt("IN", ohci->usb_buf, pktlen);
0d92ed30 1108 } else {
905fb034 1109 ret = pktlen;
0d92ed30
PB		 1110 }
1111 }
1112
1113 /* Writeback */
905fb034 1114 if (ret == pktlen || (dir == OHCI_TD_DIR_IN && ret >= 0 && flag_r)) {
0d92ed30
PB		 1115 /* Transmission succeeded. */
1116 if (ret == len) {
1117 td.cbp = 0;
1118 } else {
0d92ed30 1119 if ((td.cbp & 0xfff) + ret > 0xfff) {
fd891c93
AG		 1120 td.cbp = (td.be & ~0xfff) + ((td.cbp + ret) & 0xfff);
1121 } else {
1122 td.cbp += ret;
0d92ed30
PB		 1123 }
1124 }
1125 td.flags |= OHCI_TD_T1;
1126 td.flags ^= OHCI_TD_T0;
1127 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_NOERROR);
1128 OHCI_SET_BM(td.flags, TD_EC, 0);
1129
905fb034
PM		 1130 if ((dir != OHCI_TD_DIR_IN) && (ret != len)) {
1131 /* Partial packet transfer: TD not ready to retire yet */
1132 goto exit_no_retire;
1133 }
1134
1135 /* Setting ED_C is part of the TD retirement process */
0d92ed30
PB		 1136 ed->head &= ~OHCI_ED_C;
1137 if (td.flags & OHCI_TD_T0)
1138 ed->head |= OHCI_ED_C;
1139 } else {
1140 if (ret >= 0) {
dc1f5988 1141 trace_usb_ohci_td_underrun();
0d92ed30
PB		 1142 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DATAUNDERRUN);
1143 } else {
1144 switch (ret) {
d61000a8 1145 case USB_RET_IOERROR:
0d92ed30 1146 case USB_RET_NODEV:
dc1f5988 1147 trace_usb_ohci_td_dev_error();
0d92ed30 1148 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DEVICENOTRESPONDING);
4b351a0f 1149 break;
0d92ed30 1150 case USB_RET_NAK:
dc1f5988 1151 trace_usb_ohci_td_nak();
0d92ed30
PB		 1152 return 1;
1153 case USB_RET_STALL:
dc1f5988 1154 trace_usb_ohci_td_stall();
0d92ed30
PB		 1155 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_STALL);
1156 break;
1157 case USB_RET_BABBLE:
dc1f5988 1158 trace_usb_ohci_td_babble();
0d92ed30
PB		 1159 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DATAOVERRUN);
1160 break;
1161 default:
dc1f5988 1162 trace_usb_ohci_td_bad_device_response(ret);
0d92ed30
PB		 1163 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_UNDEXPETEDPID);
1164 OHCI_SET_BM(td.flags, TD_EC, 3);
1165 break;
1166 }
7c48b95d
SB		 1167 /* An error occured so we have to clear the interrupt counter. See
1168 * spec at 6.4.4 on page 104 */
1169 ohci->done_count = 0;
0d92ed30
PB		 1170 }
1171 ed->head |= OHCI_ED_H;
1172 }
1173
1174 /* Retire this TD */
1175 ed->head &= ~OHCI_DPTR_MASK;
1176 ed->head |= td.next & OHCI_DPTR_MASK;
1177 td.next = ohci->done;
1178 ohci->done = addr;
1179 i = OHCI_BM(td.flags, TD_DI);
1180 if (i < ohci->done_count)
1181 ohci->done_count = i;
905fb034 1182exit_no_retire:
cf66ee8e
AK		 1183 if (ohci_put_td(ohci, addr, &td)) {
1184 ohci_die(ohci);
1185 return 1;
1186 }
0d92ed30
PB		 1187 return OHCI_BM(td.flags, TD_CC) != OHCI_CC_NOERROR;
1188}
1189
1190/* Service an endpoint list. Returns nonzero if active TD were found. */
7bfe5777 1191static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
0d92ed30
PB		 1192{
1193 struct ohci_ed ed;
1194 uint32_t next_ed;
1195 uint32_t cur;
1196 int active;
95ed5693 1197 uint32_t link_cnt = 0;
0d92ed30
PB		 1198 active = 0;
1199
1200 if (head == 0)
1201 return 0;
1202
ab878998 1203 for (cur = head; cur && link_cnt++ < ED_LINK_LIMIT; cur = next_ed) {
cf66ee8e 1204 if (ohci_read_ed(ohci, cur, &ed)) {
dc1f5988 1205 trace_usb_ohci_ed_read_error(cur);
cf66ee8e 1206 ohci_die(ohci);
0d92ed30
PB		 1207 return 0;
1208 }
1209
1210 next_ed = ed.next & OHCI_DPTR_MASK;
1211
4d611c9a
PB		 1212 if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) {
1213 uint32_t addr;
1214 /* Cancel pending packets for ED that have been paused. */
1215 addr = ed.head & OHCI_DPTR_MASK;
1216 if (ohci->async_td && addr == ohci->async_td) {
1217 usb_cancel_packet(&ohci->usb_packet);
1218 ohci->async_td = 0;
f79738b0
HG		 1219 usb_device_ep_stopped(ohci->usb_packet.ep->dev,
1220 ohci->usb_packet.ep);
4d611c9a 1221 }
0d92ed30 1222 continue;
4d611c9a 1223 }
0d92ed30 1224
0d92ed30 1225 while ((ed.head & OHCI_DPTR_MASK) != ed.tail) {
3af8f177
AK		 1226 trace_usb_ohci_ed_pkt(cur, (ed.head & OHCI_ED_H) != 0,
1227 (ed.head & OHCI_ED_C) != 0, ed.head & OHCI_DPTR_MASK,
1228 ed.tail & OHCI_DPTR_MASK, ed.next & OHCI_DPTR_MASK);
1229 trace_usb_ohci_ed_pkt_flags(
0d92ed30
PB		 1230 OHCI_BM(ed.flags, ED_FA), OHCI_BM(ed.flags, ED_EN),
1231 OHCI_BM(ed.flags, ED_D), (ed.flags & OHCI_ED_S)!= 0,
1232 (ed.flags & OHCI_ED_K) != 0, (ed.flags & OHCI_ED_F) != 0,
3af8f177 1233 OHCI_BM(ed.flags, ED_MPS));
dc1f5988 1234
0d92ed30
PB		 1235 active = 1;
1236
7bfe5777
AZ		 1237 if ((ed.flags & OHCI_ED_F) == 0) {
1238 if (ohci_service_td(ohci, &ed))
1239 break;
1240 } else {
1241 /* Handle isochronous endpoints */
1242 if (ohci_service_iso_td(ohci, &ed, completion))
1243 break;
1244 }
0d92ed30
PB		 1245 }
1246
cf66ee8e
AK		 1247 if (ohci_put_ed(ohci, cur, &ed)) {
1248 ohci_die(ohci);
1249 return 0;
1250 }
0d92ed30
PB		 1251 }
1252
1253 return active;
1254}
1255
fd0a10cd
LV		 1256/* set a timer for EOF */
1257static void ohci_eof_timer(OHCIState *ohci)
0d92ed30 1258{
bc72ad67 1259 timer_mod(ohci->eof_timer, ohci->sof_time + usb_frame_time);
fd0a10cd
LV		 1260}
1261/* Set a timer for EOF and generate a SOF event */
1262static void ohci_sof(OHCIState *ohci)
1263{
a60f39a4 1264 ohci->sof_time += usb_frame_time;
fd0a10cd 1265 ohci_eof_timer(ohci);
0d92ed30
PB		 1266 ohci_set_interrupt(ohci, OHCI_INTR_SF);
1267}
1268
4d611c9a 1269/* Process Control and Bulk lists. */
7bfe5777 1270static void ohci_process_lists(OHCIState *ohci, int completion)
4d611c9a
PB		 1271{
1272 if ((ohci->ctl & OHCI_CTL_CLE) && (ohci->status & OHCI_STATUS_CLF)) {
6ad6135d 1273 if (ohci->ctrl_cur && ohci->ctrl_cur != ohci->ctrl_head) {
dc1f5988 1274 trace_usb_ohci_process_lists(ohci->ctrl_head, ohci->ctrl_cur);
6ad6135d 1275 }
7bfe5777 1276 if (!ohci_service_ed_list(ohci, ohci->ctrl_head, completion)) {
4d611c9a
PB		 1277 ohci->ctrl_cur = 0;
1278 ohci->status &= ~OHCI_STATUS_CLF;
1279 }
1280 }
1281
1282 if ((ohci->ctl & OHCI_CTL_BLE) && (ohci->status & OHCI_STATUS_BLF)) {
7bfe5777 1283 if (!ohci_service_ed_list(ohci, ohci->bulk_head, completion)) {
4d611c9a
PB		 1284 ohci->bulk_cur = 0;
1285 ohci->status &= ~OHCI_STATUS_BLF;
1286 }
1287 }
1288}
1289
0d92ed30
PB		 1290/* Do frame processing on frame boundary */
1291static void ohci_frame_boundary(void *opaque)
1292{
1293 OHCIState *ohci = opaque;
1294 struct ohci_hcca hcca;
1295
cf66ee8e 1296 if (ohci_read_hcca(ohci, ohci->hcca, &hcca)) {
dc1f5988 1297 trace_usb_ohci_hcca_read_error(ohci->hcca);
cf66ee8e
AK		 1298 ohci_die(ohci);
1299 return;
1300 }
0d92ed30
PB		 1301
1302 /* Process all the lists at the end of the frame */
1303 if (ohci->ctl & OHCI_CTL_PLE) {
1304 int n;
1305
1306 n = ohci->frame_number & 0x1f;
7bfe5777 1307 ohci_service_ed_list(ohci, le32_to_cpu(hcca.intr[n]), 0);
0d92ed30 1308 }
0d92ed30 1309
4d611c9a 1310 /* Cancel all pending packets if either of the lists has been disabled. */
f79738b0
HG		 1311 if (ohci->old_ctl & (~ohci->ctl) & (OHCI_CTL_BLE | OHCI_CTL_CLE)) {
1312 if (ohci->async_td) {
1313 usb_cancel_packet(&ohci->usb_packet);
1314 ohci->async_td = 0;
1315 }
1316 ohci_stop_endpoints(ohci);
0d92ed30 1317 }
4d611c9a 1318 ohci->old_ctl = ohci->ctl;
7bfe5777 1319 ohci_process_lists(ohci, 0);
0d92ed30 1320
cf66ee8e
AK		 1321 /* Stop if UnrecoverableError happened or ohci_sof will crash */
1322 if (ohci->intr_status & OHCI_INTR_UE) {
1323 return;
1324 }
1325
0d92ed30
PB		 1326 /* Frame boundary, so do EOF stuf here */
1327 ohci->frt = ohci->fit;
1328
1fa63e43 1329 /* Increment frame number and take care of endianness. */
0d92ed30 1330 ohci->frame_number = (ohci->frame_number + 1) & 0xffff;
1fa63e43 1331 hcca.frame = cpu_to_le16(ohci->frame_number);
0d92ed30
PB		 1332
1333 if (ohci->done_count == 0 && !(ohci->intr_status & OHCI_INTR_WD)) {
1334 if (!ohci->done)
1335 abort();
1336 if (ohci->intr & ohci->intr_status)
1337 ohci->done |= 1;
1338 hcca.done = cpu_to_le32(ohci->done);
1339 ohci->done = 0;
1340 ohci->done_count = 7;
1341 ohci_set_interrupt(ohci, OHCI_INTR_WD);
1342 }
1343
1344 if (ohci->done_count != 7 && ohci->done_count != 0)
1345 ohci->done_count--;
1346
1347 /* Do SOF stuff here */
1348 ohci_sof(ohci);
1349
1350 /* Writeback HCCA */
cf66ee8e
AK		 1351 if (ohci_put_hcca(ohci, ohci->hcca, &hcca)) {
1352 ohci_die(ohci);
1353 }
0d92ed30
PB		 1354}
1355
1356/* Start sending SOF tokens across the USB bus, lists are processed in
1357 * next frame
1358 */
1359static int ohci_bus_start(OHCIState *ohci)
1360{
dc1f5988 1361 trace_usb_ohci_start(ohci->name);
0d92ed30 1362
fd0a10cd
LV		 1363 /* Delay the first SOF event by one frame time as
1364 * linux driver is not ready to receive it and
1365 * can meet some race conditions
1366 */
1367
a60f39a4 1368 ohci->sof_time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
fd0a10cd 1369 ohci_eof_timer(ohci);
0d92ed30
PB		 1370
1371 return 1;
1372}
1373
1374/* Stop sending SOF tokens on the bus */
1375static void ohci_bus_stop(OHCIState *ohci)
1376{
dc1f5988 1377 trace_usb_ohci_stop(ohci->name);
fa1298c2 1378 timer_del(ohci->eof_timer);
0d92ed30
PB		 1379}
1380
1381/* Sets a flag in a port status register but only set it if the port is
1382 * connected, if not set ConnectStatusChange flag. If flag is enabled
1383 * return 1.
1384 */
1385static int ohci_port_set_if_connected(OHCIState *ohci, int i, uint32_t val)
1386{
1387 int ret = 1;
1388
1389 /* writing a 0 has no effect */
1390 if (val == 0)
1391 return 0;
1392
1393 /* If CurrentConnectStatus is cleared we set
1394 * ConnectStatusChange
1395 */
1396 if (!(ohci->rhport[i].ctrl & OHCI_PORT_CCS)) {
1397 ohci->rhport[i].ctrl |= OHCI_PORT_CSC;
1398 if (ohci->rhstatus & OHCI_RHS_DRWE) {
1399 /* TODO: CSC is a wakeup event */
1400 }
1401 return 0;
1402 }
1403
1404 if (ohci->rhport[i].ctrl & val)
1405 ret = 0;
1406
1407 /* set the bit */
1408 ohci->rhport[i].ctrl |= val;
1409
1410 return ret;
1411}
1412
1413/* Set the frame interval - frame interval toggle is manipulated by the hcd only */
1414static void ohci_set_frame_interval(OHCIState *ohci, uint16_t val)
1415{
1416 val &= OHCI_FMI_FI;
1417
1418 if (val != ohci->fi) {
dc1f5988 1419 trace_usb_ohci_set_frame_interval(ohci->name, ohci->fi, ohci->fi);
0d92ed30
PB		 1420 }
1421
1422 ohci->fi = val;
1423}
1424
1425static void ohci_port_power(OHCIState *ohci, int i, int p)
1426{
1427 if (p) {
1428 ohci->rhport[i].ctrl |= OHCI_PORT_PPS;
1429 } else {
1430 ohci->rhport[i].ctrl &= ~(OHCI_PORT_PPS|
1431 OHCI_PORT_CCS|
1432 OHCI_PORT_PSS|
1433 OHCI_PORT_PRS);
1434 }
1435}
1436
1437/* Set HcControlRegister */
1438static void ohci_set_ctl(OHCIState *ohci, uint32_t val)
1439{
1440 uint32_t old_state;
1441 uint32_t new_state;
1442
1443 old_state = ohci->ctl & OHCI_CTL_HCFS;
1444 ohci->ctl = val;
1445 new_state = ohci->ctl & OHCI_CTL_HCFS;
1446
1447 /* no state change */
1448 if (old_state == new_state)
1449 return;
1450
dc1f5988 1451 trace_usb_ohci_set_ctl(ohci->name, new_state);
0d92ed30
PB		 1452 switch (new_state) {
1453 case OHCI_USB_OPERATIONAL:
1454 ohci_bus_start(ohci);
1455 break;
1456 case OHCI_USB_SUSPEND:
1457 ohci_bus_stop(ohci);
087462c7
LV		 1458 /* clear pending SF otherwise linux driver loops in ohci_irq() */
1459 ohci->intr_status &= ~OHCI_INTR_SF;
1460 ohci_intr_update(ohci);
0d92ed30
PB		 1461 break;
1462 case OHCI_USB_RESUME:
dc1f5988 1463 trace_usb_ohci_resume(ohci->name);
0d92ed30
PB		 1464 break;
1465 case OHCI_USB_RESET:
7d938fd1 1466 ohci_roothub_reset(ohci);
0d92ed30
PB		 1467 break;
1468 }
1469}
1470
1471static uint32_t ohci_get_frame_remaining(OHCIState *ohci)
1472{
1473 uint16_t fr;
1474 int64_t tks;
1475
1476 if ((ohci->ctl & OHCI_CTL_HCFS) != OHCI_USB_OPERATIONAL)
1477 return (ohci->frt << 31);
1478
1479 /* Being in USB operational state guarnatees sof_time was
1480 * set already.
1481 */
bc72ad67 1482 tks = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) - ohci->sof_time;
a60f39a4
MG		 1483 if (tks < 0) {
1484 tks = 0;
1485 }
0d92ed30
PB		 1486
1487 /* avoid muldiv if possible */
1488 if (tks >= usb_frame_time)
1489 return (ohci->frt << 31);
1490
cd1f16f9 1491 tks = tks / usb_bit_time;
0d92ed30
PB		 1492 fr = (uint16_t)(ohci->fi - tks);
1493
1494 return (ohci->frt << 31) | fr;
1495}
1496
1497
1498/* Set root hub status */
1499static void ohci_set_hub_status(OHCIState *ohci, uint32_t val)
1500{
1501 uint32_t old_state;
1502
1503 old_state = ohci->rhstatus;
1504
1505 /* write 1 to clear OCIC */
1506 if (val & OHCI_RHS_OCIC)
1507 ohci->rhstatus &= ~OHCI_RHS_OCIC;
1508
1509 if (val & OHCI_RHS_LPS) {
1510 int i;
1511
1512 for (i = 0; i < ohci->num_ports; i++)
1513 ohci_port_power(ohci, i, 0);
dc1f5988 1514 trace_usb_ohci_hub_power_down();
0d92ed30
PB		 1515 }
1516
1517 if (val & OHCI_RHS_LPSC) {
1518 int i;
1519
1520 for (i = 0; i < ohci->num_ports; i++)
1521 ohci_port_power(ohci, i, 1);
dc1f5988 1522 trace_usb_ohci_hub_power_up();
0d92ed30
PB		 1523 }
1524
1525 if (val & OHCI_RHS_DRWE)
1526 ohci->rhstatus |= OHCI_RHS_DRWE;
1527
1528 if (val & OHCI_RHS_CRWE)
1529 ohci->rhstatus &= ~OHCI_RHS_DRWE;
1530
1531 if (old_state != ohci->rhstatus)
1532 ohci_set_interrupt(ohci, OHCI_INTR_RHSC);
1533}
1534
1535/* Set root hub port status */
1536static void ohci_port_set_status(OHCIState *ohci, int portnum, uint32_t val)
1537{
1538 uint32_t old_state;
1539 OHCIPort *port;
1540
1541 port = &ohci->rhport[portnum];
1542 old_state = port->ctrl;
1543
1544 /* Write to clear CSC, PESC, PSSC, OCIC, PRSC */
1545 if (val & OHCI_PORT_WTC)
1546 port->ctrl &= ~(val & OHCI_PORT_WTC);
1547
1548 if (val & OHCI_PORT_CCS)
1549 port->ctrl &= ~OHCI_PORT_PES;
1550
1551 ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PES);
1552
6ad6135d 1553 if (ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PSS)) {
dc1f5988 1554 trace_usb_ohci_port_suspend(portnum);
6ad6135d 1555 }
0d92ed30
PB		 1556
1557 if (ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PRS)) {
dc1f5988 1558 trace_usb_ohci_port_reset(portnum);
d28f4e2d 1559 usb_device_reset(port->port.dev);
0d92ed30
PB		 1560 port->ctrl &= ~OHCI_PORT_PRS;
1561 /* ??? Should this also set OHCI_PORT_PESC. */
1562 port->ctrl |= OHCI_PORT_PES | OHCI_PORT_PRSC;
1563 }
1564
1565 /* Invert order here to ensure in ambiguous case, device is
1566 * powered up...
1567 */
1568 if (val & OHCI_PORT_LSDA)
1569 ohci_port_power(ohci, portnum, 0);
1570 if (val & OHCI_PORT_PPS)
1571 ohci_port_power(ohci, portnum, 1);
1572
1573 if (old_state != port->ctrl)
1574 ohci_set_interrupt(ohci, OHCI_INTR_RHSC);
0d92ed30
PB		 1575}
1576
6da48311 1577static uint64_t ohci_mem_read(void *opaque,
a8170e5e 1578 hwaddr addr,
6da48311 1579 unsigned size)
0d92ed30 1580{
6da48311 1581 OHCIState *ohci = opaque;
65e1d81b 1582 uint32_t retval;
0d92ed30 1583
0d92ed30
PB		 1584 /* Only aligned reads are allowed on OHCI */
1585 if (addr & 3) {
dc1f5988 1586 trace_usb_ohci_mem_read_unaligned(addr);
0d92ed30 1587 return 0xffffffff;
65e1d81b 1588 } else if (addr >= 0x54 && addr < 0x54 + ohci->num_ports * 4) {
0d92ed30 1589 /* HcRhPortStatus */
65e1d81b
AJ		 1590 retval = ohci->rhport[(addr - 0x54) >> 2].ctrl | OHCI_PORT_PPS;
1591 } else {
1592 switch (addr >> 2) {
1593 case 0: /* HcRevision */
1594 retval = 0x10;
1595 break;
1596
1597 case 1: /* HcControl */
1598 retval = ohci->ctl;
1599 break;
1600
1601 case 2: /* HcCommandStatus */
1602 retval = ohci->status;
1603 break;
1604
1605 case 3: /* HcInterruptStatus */
1606 retval = ohci->intr_status;
1607 break;
1608
1609 case 4: /* HcInterruptEnable */
1610 case 5: /* HcInterruptDisable */
1611 retval = ohci->intr;
1612 break;
1613
1614 case 6: /* HcHCCA */
1615 retval = ohci->hcca;
1616 break;
1617
1618 case 7: /* HcPeriodCurrentED */
1619 retval = ohci->per_cur;
1620 break;
1621
1622 case 8: /* HcControlHeadED */
1623 retval = ohci->ctrl_head;
1624 break;
1625
1626 case 9: /* HcControlCurrentED */
1627 retval = ohci->ctrl_cur;
1628 break;
1629
1630 case 10: /* HcBulkHeadED */
1631 retval = ohci->bulk_head;
1632 break;
1633
1634 case 11: /* HcBulkCurrentED */
1635 retval = ohci->bulk_cur;
1636 break;
1637
1638 case 12: /* HcDoneHead */
1639 retval = ohci->done;
1640 break;
1641
1642 case 13: /* HcFmInterretval */
1643 retval = (ohci->fit << 31) | (ohci->fsmps << 16) | (ohci->fi);
1644 break;
1645
1646 case 14: /* HcFmRemaining */
1647 retval = ohci_get_frame_remaining(ohci);
1648 break;
1649
1650 case 15: /* HcFmNumber */
1651 retval = ohci->frame_number;
1652 break;
1653
1654 case 16: /* HcPeriodicStart */
1655 retval = ohci->pstart;
1656 break;
1657
1658 case 17: /* HcLSThreshold */
1659 retval = ohci->lst;
1660 break;
1661
1662 case 18: /* HcRhDescriptorA */
1663 retval = ohci->rhdesc_a;
1664 break;
1665
1666 case 19: /* HcRhDescriptorB */
1667 retval = ohci->rhdesc_b;
1668 break;
1669
1670 case 20: /* HcRhStatus */
1671 retval = ohci->rhstatus;
1672 break;
1673
1674 /* PXA27x specific registers */
1675 case 24: /* HcStatus */
1676 retval = ohci->hstatus & ohci->hmask;
1677 break;
1678
1679 case 25: /* HcHReset */
1680 retval = ohci->hreset;
1681 break;
1682
1683 case 26: /* HcHInterruptEnable */
1684 retval = ohci->hmask;
1685 break;
1686
1687 case 27: /* HcHInterruptTest */
1688 retval = ohci->htest;
1689 break;
1690
1691 default:
dc1f5988 1692 trace_usb_ohci_mem_read_bad_offset(addr);
65e1d81b
AJ		 1693 retval = 0xffffffff;
1694 }
0d92ed30
PB		 1695 }
1696
65e1d81b 1697 return retval;
0d92ed30
PB		 1698}
1699
6da48311 1700static void ohci_mem_write(void *opaque,
a8170e5e 1701 hwaddr addr,
6da48311
AK		 1702 uint64_t val,
1703 unsigned size)
0d92ed30 1704{
6da48311 1705 OHCIState *ohci = opaque;
09564574 1706
0d92ed30
PB		 1707 /* Only aligned reads are allowed on OHCI */
1708 if (addr & 3) {
dc1f5988 1709 trace_usb_ohci_mem_write_unaligned(addr);
0d92ed30
PB		 1710 return;
1711 }
1712
1713 if (addr >= 0x54 && addr < 0x54 + ohci->num_ports * 4) {
1714 /* HcRhPortStatus */
1715 ohci_port_set_status(ohci, (addr - 0x54) >> 2, val);
1716 return;
1717 }
1718
1719 switch (addr >> 2) {
1720 case 1: /* HcControl */
1721 ohci_set_ctl(ohci, val);
1722 break;
1723
1724 case 2: /* HcCommandStatus */
1725 /* SOC is read-only */
1726 val = (val & ~OHCI_STATUS_SOC);
1727
1728 /* Bits written as '0' remain unchanged in the register */
1729 ohci->status |= val;
1730
1731 if (ohci->status & OHCI_STATUS_HCR)
0922c3f6 1732 ohci_soft_reset(ohci);
0d92ed30
PB		 1733 break;
1734
1735 case 3: /* HcInterruptStatus */
1736 ohci->intr_status &= ~val;
1737 ohci_intr_update(ohci);
1738 break;
1739
1740 case 4: /* HcInterruptEnable */
1741 ohci->intr |= val;
1742 ohci_intr_update(ohci);
1743 break;
1744
1745 case 5: /* HcInterruptDisable */
1746 ohci->intr &= ~val;
1747 ohci_intr_update(ohci);
1748 break;
1749
1750 case 6: /* HcHCCA */
1751 ohci->hcca = val & OHCI_HCCA_MASK;
1752 break;
1753
4b0315d7
PM		 1754 case 7: /* HcPeriodCurrentED */
1755 /* Ignore writes to this read-only register, Linux does them */
1756 break;
1757
0d92ed30
PB		 1758 case 8: /* HcControlHeadED */
1759 ohci->ctrl_head = val & OHCI_EDPTR_MASK;
1760 break;
1761
1762 case 9: /* HcControlCurrentED */
1763 ohci->ctrl_cur = val & OHCI_EDPTR_MASK;
1764 break;
1765
1766 case 10: /* HcBulkHeadED */
1767 ohci->bulk_head = val & OHCI_EDPTR_MASK;
1768 break;
1769
1770 case 11: /* HcBulkCurrentED */
1771 ohci->bulk_cur = val & OHCI_EDPTR_MASK;
1772 break;
1773
1774 case 13: /* HcFmInterval */
1775 ohci->fsmps = (val & OHCI_FMI_FSMPS) >> 16;
1776 ohci->fit = (val & OHCI_FMI_FIT) >> 31;
1777 ohci_set_frame_interval(ohci, val);
1778 break;
1779
7bfe5777
AZ		 1780 case 15: /* HcFmNumber */
1781 break;
1782
0d92ed30
PB		 1783 case 16: /* HcPeriodicStart */
1784 ohci->pstart = val & 0xffff;
1785 break;
1786
1787 case 17: /* HcLSThreshold */
1788 ohci->lst = val & 0xffff;
1789 break;
1790
1791 case 18: /* HcRhDescriptorA */
1792 ohci->rhdesc_a &= ~OHCI_RHA_RW_MASK;
1793 ohci->rhdesc_a |= val & OHCI_RHA_RW_MASK;
1794 break;
1795
1796 case 19: /* HcRhDescriptorB */
1797 break;
1798
1799 case 20: /* HcRhStatus */
1800 ohci_set_hub_status(ohci, val);
1801 break;
1802
e24ad6f1
PB		 1803 /* PXA27x specific registers */
1804 case 24: /* HcStatus */
1805 ohci->hstatus &= ~(val & ohci->hmask);
7fa96d73 1806 break;
e24ad6f1
PB		 1807
1808 case 25: /* HcHReset */
1809 ohci->hreset = val & ~OHCI_HRESET_FSBIR;
1810 if (val & OHCI_HRESET_FSBIR)
84d04e21 1811 ohci_hard_reset(ohci);
e24ad6f1
PB		 1812 break;
1813
1814 case 26: /* HcHInterruptEnable */
1815 ohci->hmask = val;
1816 break;
1817
1818 case 27: /* HcHInterruptTest */
1819 ohci->htest = val;
1820 break;
1821
0d92ed30 1822 default:
dc1f5988 1823 trace_usb_ohci_mem_write_bad_offset(addr);
0d92ed30
PB		 1824 break;
1825 }
1826}
1827
4706ab6c 1828static void ohci_async_cancel_device(OHCIState *ohci, USBDevice *dev)
07771f6f 1829{
25d5de7d 1830 if (ohci->async_td &&
f53c398a
GH		 1831 usb_packet_is_inflight(&ohci->usb_packet) &&
1832 ohci->usb_packet.ep->dev == dev) {
07771f6f
GH		 1833 usb_cancel_packet(&ohci->usb_packet);
1834 ohci->async_td = 0;
1835 }
1836}
1837
6da48311
AK		 1838static const MemoryRegionOps ohci_mem_ops = {
1839 .read = ohci_mem_read,
1840 .write = ohci_mem_write,
1841 .endianness = DEVICE_LITTLE_ENDIAN,
0d92ed30
PB		 1842};
1843
0d86d2be
GH		 1844static USBPortOps ohci_port_ops = {
1845 .attach = ohci_attach,
618c169b 1846 .detach = ohci_detach,
4706ab6c 1847 .child_detach = ohci_child_detach,
9bba1eb1 1848 .wakeup = ohci_wakeup,
13a9a0d3 1849 .complete = ohci_async_complete_packet,
0d86d2be
GH		 1850};
1851
07771f6f 1852static USBBusOps ohci_bus_ops = {
07771f6f
GH		 1853};
1854
87581fea 1855static void usb_ohci_init(OHCIState *ohci, DeviceState *dev,
b9a3a4f2 1856 uint32_t num_ports, dma_addr_t localmem_base,
87581fea
MA		 1857 char *masterbus, uint32_t firstport,
1858 AddressSpace *as, Error **errp)
0d92ed30 1859{
f4bbaaf5 1860 Error *err = NULL;
0d92ed30
PB		 1861 int i;
1862
df32fd1c 1863 ohci->as = as;
9ac6a217 1864
d400fc01 1865 if (num_ports > OHCI_MAX_PORTS) {
b9a3a4f2 1866 error_setg(errp, "OHCI num-ports=%u is too big (limit is %u ports)",
d400fc01
TH		 1867 num_ports, OHCI_MAX_PORTS);
1868 return;
1869 }
1870
0d92ed30 1871 if (usb_frame_time == 0) {
eb38c52c 1872#ifdef OHCI_TIME_WARP
73bcb24d
RS		 1873 usb_frame_time = NANOSECONDS_PER_SECOND;
1874 usb_bit_time = NANOSECONDS_PER_SECOND / (USB_HZ / 1000);
0d92ed30 1875#else
73bcb24d
RS		 1876 usb_frame_time = NANOSECONDS_PER_SECOND / 1000;
1877 if (NANOSECONDS_PER_SECOND >= USB_HZ) {
1878 usb_bit_time = NANOSECONDS_PER_SECOND / USB_HZ;
0d92ed30
PB		 1879 } else {
1880 usb_bit_time = 1;
1881 }
1882#endif
dc1f5988 1883 trace_usb_ohci_init_time(usb_frame_time, usb_bit_time);
0d92ed30
PB		 1884 }
1885
9c9fc334
HG		 1886 ohci->num_ports = num_ports;
1887 if (masterbus) {
1888 USBPort *ports[OHCI_MAX_PORTS];
1889 for(i = 0; i < num_ports; i++) {
1890 ports[i] = &ohci->rhport[i].port;
1891 }
f4bbaaf5
MA		 1892 usb_register_companion(masterbus, ports, num_ports,
1893 firstport, ohci, &ohci_port_ops,
1894 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL,
1895 &err);
1896 if (err) {
87581fea
MA		 1897 error_propagate(errp, err);
1898 return;
9c9fc334
HG		 1899 }
1900 } else {
c889b3a5 1901 usb_bus_new(&ohci->bus, sizeof(ohci->bus), &ohci_bus_ops, dev);
9c9fc334
HG		 1902 for (i = 0; i < num_ports; i++) {
1903 usb_register_port(&ohci->bus, &ohci->rhport[i].port,
1904 ohci, i, &ohci_port_ops,
1905 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL);
1906 }
1907 }
1908
22fc860b
PB		 1909 memory_region_init_io(&ohci->mem, OBJECT(dev), &ohci_mem_ops,
1910 ohci, "ohci", 256);
ac611340 1911 ohci->localmem_base = localmem_base;
e24ad6f1 1912
f79f2bfc 1913 ohci->name = object_get_typename(OBJECT(dev));
4f4321c1 1914 usb_packet_init(&ohci->usb_packet);
e24ad6f1 1915
e24ad6f1 1916 ohci->async_td = 0;
fa1298c2
GH		 1917
1918 ohci->eof_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
1919 ohci_frame_boundary, ohci);
e24ad6f1
PB		 1920}
1921
1aa0c0c7
HT		 1922#define TYPE_PCI_OHCI "pci-ohci"
1923#define PCI_OHCI(obj) OBJECT_CHECK(OHCIPCIState, (obj), TYPE_PCI_OHCI)
1924
e24ad6f1 1925typedef struct {
1aa0c0c7
HT		 1926 /*< private >*/
1927 PCIDevice parent_obj;
1928 /*< public >*/
1929
e24ad6f1 1930 OHCIState state;
9c9fc334
HG		 1931 char *masterbus;
1932 uint32_t num_ports;
1933 uint32_t firstport;
e24ad6f1
PB		 1934} OHCIPCIState;
1935
cf66ee8e
AK		 1936/** A typical O/EHCI will stop operating, set itself into error state
1937 * (which can be queried by MMIO) and will set PERR in its config
1938 * space to signal that it got an error
1939 */
1940static void ohci_die(OHCIState *ohci)
1941{
1942 OHCIPCIState *dev = container_of(ohci, OHCIPCIState, state);
1943
dc1f5988 1944 trace_usb_ohci_die();
cf66ee8e
AK		 1945
1946 ohci_set_interrupt(ohci, OHCI_INTR_UE);
1947 ohci_bus_stop(ohci);
1948 pci_set_word(dev->parent_obj.config + PCI_STATUS,
1949 PCI_STATUS_DETECTED_PARITY);
1950}
1951
87581fea 1952static void usb_ohci_realize_pci(PCIDevice *dev, Error **errp)
e24ad6f1 1953{
87581fea 1954 Error *err = NULL;
1aa0c0c7 1955 OHCIPCIState *ohci = PCI_OHCI(dev);
0d92ed30 1956
1aa0c0c7
HT		 1957 dev->config[PCI_CLASS_PROG] = 0x10; /* OHCI */
1958 dev->config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin A */
0d92ed30 1959
87581fea
MA		 1960 usb_ohci_init(&ohci->state, DEVICE(dev), ohci->num_ports, 0,
1961 ohci->masterbus, ohci->firstport,
1962 pci_get_address_space(dev), &err);
1963 if (err) {
1964 error_propagate(errp, err);
1965 return;
9c9fc334 1966 }
0d92ed30 1967
87581fea 1968 ohci->state.irq = pci_allocate_irq(dev);
1aa0c0c7 1969 pci_register_bar(dev, 0, 0, &ohci->state.mem);
5b19d9a2
GH		 1970}
1971
07832c38
GA		 1972static void usb_ohci_exit(PCIDevice *dev)
1973{
1974 OHCIPCIState *ohci = PCI_OHCI(dev);
1975 OHCIState *s = &ohci->state;
1976
dc1f5988 1977 trace_usb_ohci_exit(s->name);
07832c38
GA		 1978 ohci_bus_stop(s);
1979
1980 if (s->async_td) {
1981 usb_cancel_packet(&s->usb_packet);
1982 s->async_td = 0;
1983 }
1984 ohci_stop_endpoints(s);
1985
1986 if (!ohci->masterbus) {
1987 usb_bus_release(&s->bus);
1988 }
fa1298c2
GH		 1989
1990 timer_del(s->eof_timer);
1991 timer_free(s->eof_timer);
07832c38
GA		 1992}
1993
88dd1b8d
GA		 1994static void usb_ohci_reset_pci(DeviceState *d)
1995{
1996 PCIDevice *dev = PCI_DEVICE(d);
1997 OHCIPCIState *ohci = PCI_OHCI(dev);
1998 OHCIState *s = &ohci->state;
1999
84d04e21 2000 ohci_hard_reset(s);
88dd1b8d
GA		 2001}
2002
1aa0c0c7
HT		 2003#define TYPE_SYSBUS_OHCI "sysbus-ohci"
2004#define SYSBUS_OHCI(obj) OBJECT_CHECK(OHCISysBusState, (obj), TYPE_SYSBUS_OHCI)
2005
61d3cf93 2006typedef struct {
1aa0c0c7
HT		 2007 /*< private >*/
2008 SysBusDevice parent_obj;
2009 /*< public >*/
2010
61d3cf93 2011 OHCIState ohci;
d7145b66 2012 char *masterbus;
61d3cf93 2013 uint32_t num_ports;
d7145b66 2014 uint32_t firstport;
9ac6a217 2015 dma_addr_t dma_offset;
61d3cf93 2016} OHCISysBusState;
ac611340 2017
457215ec 2018static void ohci_realize_pxa(DeviceState *dev, Error **errp)
ac611340 2019{
1aa0c0c7 2020 OHCISysBusState *s = SYSBUS_OHCI(dev);
457215ec 2021 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
d7145b66 2022 Error *err = NULL;
ac611340 2023
d7145b66
BZ		 2024 usb_ohci_init(&s->ohci, dev, s->num_ports, s->dma_offset,
2025 s->masterbus, s->firstport,
2026 &address_space_memory, &err);
2027 if (err) {
2028 error_propagate(errp, err);
2029 return;
2030 }
457215ec
HT		 2031 sysbus_init_irq(sbd, &s->ohci.irq);
2032 sysbus_init_mmio(sbd, &s->ohci.mem);
ac611340
AJ		 2033}
2034
88dd1b8d
GA		 2035static void usb_ohci_reset_sysbus(DeviceState *dev)
2036{
2037 OHCISysBusState *s = SYSBUS_OHCI(dev);
2038 OHCIState *ohci = &s->ohci;
2039
84d04e21 2040 ohci_hard_reset(ohci);
88dd1b8d
GA		 2041}
2042
40021f08
AL		 2043static Property ohci_pci_properties[] = {
2044 DEFINE_PROP_STRING("masterbus", OHCIPCIState, masterbus),
2045 DEFINE_PROP_UINT32("num-ports", OHCIPCIState, num_ports, 3),
2046 DEFINE_PROP_UINT32("firstport", OHCIPCIState, firstport, 0),
2047 DEFINE_PROP_END_OF_LIST(),
2048};
2049
69e25d26
AK		 2050static const VMStateDescription vmstate_ohci_state_port = {
2051 .name = "ohci-core/port",
2052 .version_id = 1,
2053 .minimum_version_id = 1,
25feab2f 2054 .fields = (VMStateField[]) {
69e25d26
AK		 2055 VMSTATE_UINT32(ctrl, OHCIPort),
2056 VMSTATE_END_OF_LIST()
2057 },
2058};
2059
2060static bool ohci_eof_timer_needed(void *opaque)
2061{
2062 OHCIState *ohci = opaque;
2063
fa1298c2 2064 return timer_pending(ohci->eof_timer);
69e25d26
AK		 2065}
2066
2067static const VMStateDescription vmstate_ohci_eof_timer = {
2068 .name = "ohci-core/eof-timer",
2069 .version_id = 1,
2070 .minimum_version_id = 1,
5cd8cada 2071 .needed = ohci_eof_timer_needed,
25feab2f 2072 .fields = (VMStateField[]) {
e720677e 2073 VMSTATE_TIMER_PTR(eof_timer, OHCIState),
69e25d26
AK		 2074 VMSTATE_END_OF_LIST()
2075 },
2076};
2077
b9b45b4a 2078static const VMStateDescription vmstate_ohci_state = {
69e25d26
AK		 2079 .name = "ohci-core",
2080 .version_id = 1,
2081 .minimum_version_id = 1,
2082 .fields = (VMStateField[]) {
2083 VMSTATE_INT64(sof_time, OHCIState),
2084 VMSTATE_UINT32(ctl, OHCIState),
2085 VMSTATE_UINT32(status, OHCIState),
2086 VMSTATE_UINT32(intr_status, OHCIState),
2087 VMSTATE_UINT32(intr, OHCIState),
2088 VMSTATE_UINT32(hcca, OHCIState),
2089 VMSTATE_UINT32(ctrl_head, OHCIState),
2090 VMSTATE_UINT32(ctrl_cur, OHCIState),
2091 VMSTATE_UINT32(bulk_head, OHCIState),
2092 VMSTATE_UINT32(bulk_cur, OHCIState),
2093 VMSTATE_UINT32(per_cur, OHCIState),
2094 VMSTATE_UINT32(done, OHCIState),
2095 VMSTATE_INT32(done_count, OHCIState),
2096 VMSTATE_UINT16(fsmps, OHCIState),
2097 VMSTATE_UINT8(fit, OHCIState),
2098 VMSTATE_UINT16(fi, OHCIState),
2099 VMSTATE_UINT8(frt, OHCIState),
2100 VMSTATE_UINT16(frame_number, OHCIState),
2101 VMSTATE_UINT16(padding, OHCIState),
2102 VMSTATE_UINT32(pstart, OHCIState),
2103 VMSTATE_UINT32(lst, OHCIState),
2104 VMSTATE_UINT32(rhdesc_a, OHCIState),
2105 VMSTATE_UINT32(rhdesc_b, OHCIState),
2106 VMSTATE_UINT32(rhstatus, OHCIState),
2107 VMSTATE_STRUCT_ARRAY(rhport, OHCIState, OHCI_MAX_PORTS, 0,
2108 vmstate_ohci_state_port, OHCIPort),
2109 VMSTATE_UINT32(hstatus, OHCIState),
2110 VMSTATE_UINT32(hmask, OHCIState),
2111 VMSTATE_UINT32(hreset, OHCIState),
2112 VMSTATE_UINT32(htest, OHCIState),
2113 VMSTATE_UINT32(old_ctl, OHCIState),
2114 VMSTATE_UINT8_ARRAY(usb_buf, OHCIState, 8192),
2115 VMSTATE_UINT32(async_td, OHCIState),
2116 VMSTATE_BOOL(async_complete, OHCIState),
2117 VMSTATE_END_OF_LIST()
2118 },
5cd8cada
JQ		 2119 .subsections = (const VMStateDescription*[]) {
2120 &vmstate_ohci_eof_timer,
2121 NULL
69e25d26
AK		 2122 }
2123};
2124
2125static const VMStateDescription vmstate_ohci = {
2126 .name = "ohci",
2127 .version_id = 1,
2128 .minimum_version_id = 1,
69e25d26
AK		 2129 .fields = (VMStateField[]) {
2130 VMSTATE_PCI_DEVICE(parent_obj, OHCIPCIState),
2131 VMSTATE_STRUCT(state, OHCIPCIState, 1, vmstate_ohci_state, OHCIState),
2132 VMSTATE_END_OF_LIST()
2133 }
2134};
2135
40021f08
AL		 2136static void ohci_pci_class_init(ObjectClass *klass, void *data)
2137{
39bffca2 2138 DeviceClass *dc = DEVICE_CLASS(klass);
40021f08
AL		 2139 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2140
87581fea 2141 k->realize = usb_ohci_realize_pci;
07832c38 2142 k->exit = usb_ohci_exit;
40021f08
AL		 2143 k->vendor_id = PCI_VENDOR_ID_APPLE;
2144 k->device_id = PCI_DEVICE_ID_APPLE_IPID_USB;
2145 k->class_id = PCI_CLASS_SERIAL_USB;
125ee0ed 2146 set_bit(DEVICE_CATEGORY_USB, dc->categories);
39bffca2
AL		 2147 dc->desc = "Apple USB Controller";
2148 dc->props = ohci_pci_properties;
2897ae02 2149 dc->hotpluggable = false;
69e25d26 2150 dc->vmsd = &vmstate_ohci;
88dd1b8d 2151 dc->reset = usb_ohci_reset_pci;
40021f08
AL		 2152}
2153
8c43a6f0 2154static const TypeInfo ohci_pci_info = {
1aa0c0c7 2155 .name = TYPE_PCI_OHCI,
39bffca2
AL		 2156 .parent = TYPE_PCI_DEVICE,
2157 .instance_size = sizeof(OHCIPCIState),
2158 .class_init = ohci_pci_class_init,
fd3b02c8
EH		 2159 .interfaces = (InterfaceInfo[]) {
2160 { INTERFACE_CONVENTIONAL_PCI_DEVICE },
2161 { },
2162 },
39bffca2
AL		 2163};
2164
2165static Property ohci_sysbus_properties[] = {
d7145b66 2166 DEFINE_PROP_STRING("masterbus", OHCISysBusState, masterbus),
39bffca2 2167 DEFINE_PROP_UINT32("num-ports", OHCISysBusState, num_ports, 3),
d7145b66 2168 DEFINE_PROP_UINT32("firstport", OHCISysBusState, firstport, 0),
6998b6c7 2169 DEFINE_PROP_DMAADDR("dma-offset", OHCISysBusState, dma_offset, 0),
39bffca2 2170 DEFINE_PROP_END_OF_LIST(),
5b19d9a2
GH		 2171};
2172
999e12bb
AL		 2173static void ohci_sysbus_class_init(ObjectClass *klass, void *data)
2174{
39bffca2 2175 DeviceClass *dc = DEVICE_CLASS(klass);
999e12bb 2176
457215ec 2177 dc->realize = ohci_realize_pxa;
125ee0ed 2178 set_bit(DEVICE_CATEGORY_USB, dc->categories);
39bffca2
AL		 2179 dc->desc = "OHCI USB Controller";
2180 dc->props = ohci_sysbus_properties;
88dd1b8d 2181 dc->reset = usb_ohci_reset_sysbus;
999e12bb
AL		 2182}
2183
8c43a6f0 2184static const TypeInfo ohci_sysbus_info = {
1aa0c0c7 2185 .name = TYPE_SYSBUS_OHCI,
39bffca2
AL		 2186 .parent = TYPE_SYS_BUS_DEVICE,
2187 .instance_size = sizeof(OHCISysBusState),
2188 .class_init = ohci_sysbus_class_init,
61d3cf93
PB		 2189};
2190
83f7d43a 2191static void ohci_register_types(void)
5b19d9a2 2192{
39bffca2
AL		 2193 type_register_static(&ohci_pci_info);
2194 type_register_static(&ohci_sysbus_info);
5b19d9a2 2195}
83f7d43a
AF		 2196
2197type_init(ohci_register_types)
QEMU mirror