]> git.proxmox.com Git - qemu.git/blame - hw/usb-uhci.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
uhci: switch to QTAILQ
[qemu.git] / hw / usb-uhci.c
CommitLineData
bb36d470
FB		 1/*
2 * USB UHCI controller emulation
5fafdf24 3 *
bb36d470 4 * Copyright (c) 2005 Fabrice Bellard
5fafdf24 5 *
54f254f9
AL		 6 * Copyright (c) 2008 Max Krasnyansky
7 * Magor rewrite of the UHCI data structures parser and frame processor
8 * Support for fully async operation and multiple outstanding transactions
9 *
bb36d470
FB		 10 * Permission is hereby granted, free of charge, to any person obtaining a copy
11 * of this software and associated documentation files (the "Software"), to deal
12 * in the Software without restriction, including without limitation the rights
13 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
14 * copies of the Software, and to permit persons to whom the Software is
15 * furnished to do so, subject to the following conditions:
16 *
17 * The above copyright notice and this permission notice shall be included in
18 * all copies or substantial portions of the Software.
19 *
20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
23 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
25 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 * THE SOFTWARE.
27 */
87ecb68b
PB		 28#include "hw.h"
29#include "usb.h"
30#include "pci.h"
31#include "qemu-timer.h"
18e08a55 32#include "usb-uhci.h"
bb36d470
FB		 33
34//#define DEBUG
54f254f9 35//#define DEBUG_DUMP_DATA
bb36d470 36
96217e31
TS		 37#define UHCI_CMD_FGR (1 << 4)
38#define UHCI_CMD_EGSM (1 << 3)
bb36d470
FB		 39#define UHCI_CMD_GRESET (1 << 2)
40#define UHCI_CMD_HCRESET (1 << 1)
41#define UHCI_CMD_RS (1 << 0)
42
43#define UHCI_STS_HCHALTED (1 << 5)
44#define UHCI_STS_HCPERR (1 << 4)
45#define UHCI_STS_HSERR (1 << 3)
46#define UHCI_STS_RD (1 << 2)
47#define UHCI_STS_USBERR (1 << 1)
48#define UHCI_STS_USBINT (1 << 0)
49
50#define TD_CTRL_SPD (1 << 29)
51#define TD_CTRL_ERROR_SHIFT 27
52#define TD_CTRL_IOS (1 << 25)
53#define TD_CTRL_IOC (1 << 24)
54#define TD_CTRL_ACTIVE (1 << 23)
55#define TD_CTRL_STALL (1 << 22)
56#define TD_CTRL_BABBLE (1 << 20)
57#define TD_CTRL_NAK (1 << 19)
58#define TD_CTRL_TIMEOUT (1 << 18)
59
9159f679 60#define UHCI_PORT_SUSPEND (1 << 12)
bb36d470
FB		 61#define UHCI_PORT_RESET (1 << 9)
62#define UHCI_PORT_LSDA (1 << 8)
9159f679 63#define UHCI_PORT_RD (1 << 6)
bb36d470
FB		 64#define UHCI_PORT_ENC (1 << 3)
65#define UHCI_PORT_EN (1 << 2)
66#define UHCI_PORT_CSC (1 << 1)
67#define UHCI_PORT_CCS (1 << 0)
68
9159f679
GH		 69#define UHCI_PORT_READ_ONLY (0x1bb)
70#define UHCI_PORT_WRITE_CLEAR (UHCI_PORT_CSC | UHCI_PORT_ENC)
71
bb36d470
FB		 72#define FRAME_TIMER_FREQ 1000
73
74#define FRAME_MAX_LOOPS 100
75
76#define NB_PORTS 2
77
54f254f9 78#ifdef DEBUG
d0f2c4c6 79#define DPRINTF printf
54f254f9 80
0bf9e31a 81static const char *pid2str(int pid)
54f254f9
AL		 82{
83 switch (pid) {
84 case USB_TOKEN_SETUP: return "SETUP";
85 case USB_TOKEN_IN: return "IN";
86 case USB_TOKEN_OUT: return "OUT";
87 }
88 return "?";
89}
90
91#else
d0f2c4c6 92#define DPRINTF(...)
54f254f9
AL		 93#endif
94
95#ifdef DEBUG_DUMP_DATA
96static void dump_data(const uint8_t *data, int len)
97{
98 int i;
99
100 printf("uhci: data: ");
101 for(i = 0; i < len; i++)
102 printf(" %02x", data[i]);
103 printf("\n");
104}
105#else
106static void dump_data(const uint8_t *data, int len) {}
107#endif
108
109/*
110 * Pending async transaction.
111 * 'packet' must be the first field because completion
112 * handler does "(UHCIAsync *) pkt" cast.
113 */
114typedef struct UHCIAsync {
115 USBPacket packet;
ddf6583f 116 QTAILQ_ENTRY(UHCIAsync) next;
54f254f9
AL		 117 uint32_t td;
118 uint32_t token;
119 int8_t valid;
8e65b7c0 120 uint8_t isoc;
54f254f9
AL		 121 uint8_t done;
122 uint8_t buffer[2048];
123} UHCIAsync;
124
bb36d470
FB		 125typedef struct UHCIPort {
126 USBPort port;
127 uint16_t ctrl;
bb36d470
FB		 128} UHCIPort;
129
130typedef struct UHCIState {
131 PCIDevice dev;
b2317837 132 USBBus bus;
bb36d470
FB		 133 uint16_t cmd; /* cmd register */
134 uint16_t status;
135 uint16_t intr; /* interrupt enable register */
136 uint16_t frnum; /* frame number */
137 uint32_t fl_base_addr; /* frame list base address */
138 uint8_t sof_timing;
139 uint8_t status2; /* bit 0 and 1 are used to generate UHCI_STS_USBINT */
8e65b7c0 140 int64_t expire_time;
bb36d470
FB		 141 QEMUTimer *frame_timer;
142 UHCIPort ports[NB_PORTS];
4d611c9a
PB		 143
144 /* Interrupts that should be raised at the end of the current frame. */
145 uint32_t pending_int_mask;
54f254f9
AL		 146
147 /* Active packets */
ddf6583f 148 QTAILQ_HEAD(,UHCIAsync) async_pending;
64e58fe5 149 uint8_t num_ports_vmstate;
bb36d470
FB		 150} UHCIState;
151
152typedef struct UHCI_TD {
153 uint32_t link;
154 uint32_t ctrl; /* see TD_CTRL_xxx */
155 uint32_t token;
156 uint32_t buffer;
157} UHCI_TD;
158
159typedef struct UHCI_QH {
160 uint32_t link;
161 uint32_t el_link;
162} UHCI_QH;
163
54f254f9
AL		 164static UHCIAsync *uhci_async_alloc(UHCIState *s)
165{
166 UHCIAsync *async = qemu_malloc(sizeof(UHCIAsync));
487414f1
AL		 167
168 memset(&async->packet, 0, sizeof(async->packet));
169 async->valid = 0;
170 async->td = 0;
171 async->token = 0;
172 async->done = 0;
8e65b7c0 173 async->isoc = 0;
54f254f9
AL		 174
175 return async;
176}
177
178static void uhci_async_free(UHCIState *s, UHCIAsync *async)
179{
180 qemu_free(async);
181}
182
183static void uhci_async_link(UHCIState *s, UHCIAsync *async)
184{
ddf6583f 185 QTAILQ_INSERT_HEAD(&s->async_pending, async, next);
54f254f9
AL		 186}
187
188static void uhci_async_unlink(UHCIState *s, UHCIAsync *async)
189{
ddf6583f 190 QTAILQ_REMOVE(&s->async_pending, async, next);
54f254f9
AL		 191}
192
193static void uhci_async_cancel(UHCIState *s, UHCIAsync *async)
194{
d0f2c4c6 195 DPRINTF("uhci: cancel td 0x%x token 0x%x done %u\n",
54f254f9
AL		 196 async->td, async->token, async->done);
197
198 if (!async->done)
199 usb_cancel_packet(&async->packet);
200 uhci_async_free(s, async);
201}
202
203/*
204 * Mark all outstanding async packets as invalid.
205 * This is used for canceling them when TDs are removed by the HCD.
206 */
207static UHCIAsync *uhci_async_validate_begin(UHCIState *s)
208{
ddf6583f 209 UHCIAsync *async;
54f254f9 210
ddf6583f 211 QTAILQ_FOREACH(async, &s->async_pending, next) {
54f254f9 212 async->valid--;
54f254f9
AL		 213 }
214 return NULL;
215}
216
217/*
218 * Cancel async packets that are no longer valid
219 */
220static void uhci_async_validate_end(UHCIState *s)
221{
ddf6583f 222 UHCIAsync *curr, *n;
54f254f9 223
ddf6583f 224 QTAILQ_FOREACH_SAFE(curr, &s->async_pending, next, n) {
54f254f9 225 if (curr->valid > 0) {
54f254f9
AL		 226 continue;
227 }
ddf6583f 228 uhci_async_unlink(s, curr);
54f254f9 229 uhci_async_cancel(s, curr);
54f254f9
AL		 230 }
231}
232
233static void uhci_async_cancel_all(UHCIState *s)
234{
ddf6583f 235 UHCIAsync *curr, *n;
54f254f9 236
ddf6583f
GH		 237 QTAILQ_FOREACH_SAFE(curr, &s->async_pending, next, n) {
238 uhci_async_unlink(s, curr);
54f254f9 239 uhci_async_cancel(s, curr);
54f254f9 240 }
54f254f9
AL		 241}
242
243static UHCIAsync *uhci_async_find_td(UHCIState *s, uint32_t addr, uint32_t token)
244{
ddf6583f 245 UHCIAsync *async;
e8ee3c72
AJ		 246 UHCIAsync *match = NULL;
247 int count = 0;
248
249 /*
250 * We're looking for the best match here. ie both td addr and token.
251 * Otherwise we return last good match. ie just token.
252 * It's ok to match just token because it identifies the transaction
253 * rather well, token includes: device addr, endpoint, size, etc.
254 *
255 * Also since we queue async transactions in reverse order by returning
256 * last good match we restores the order.
257 *
258 * It's expected that we wont have a ton of outstanding transactions.
259 * If we ever do we'd want to optimize this algorithm.
260 */
54f254f9 261
ddf6583f 262 QTAILQ_FOREACH(async, &s->async_pending, next) {
e8ee3c72
AJ		 263 if (async->token == token) {
264 /* Good match */
265 match = async;
266
267 if (async->td == addr) {
268 /* Best match */
269 break;
54f254f9
AL		 270 }
271 }
e8ee3c72 272 count++;
54f254f9 273 }
e8ee3c72
AJ		 274
275 if (count > 64)
276 fprintf(stderr, "uhci: warning lots of async transactions\n");
277
278 return match;
54f254f9
AL		 279}
280
bb36d470
FB		 281static void uhci_update_irq(UHCIState *s)
282{
283 int level;
284 if (((s->status2 & 1) && (s->intr & (1 << 2))) ||
285 ((s->status2 & 2) && (s->intr & (1 << 3))) ||
286 ((s->status & UHCI_STS_USBERR) && (s->intr & (1 << 0))) ||
287 ((s->status & UHCI_STS_RD) && (s->intr & (1 << 1))) ||
288 (s->status & UHCI_STS_HSERR) ||
289 (s->status & UHCI_STS_HCPERR)) {
290 level = 1;
291 } else {
292 level = 0;
293 }
d537cf6c 294 qemu_set_irq(s->dev.irq[3], level);
bb36d470
FB		 295}
296
c8075ac3 297static void uhci_reset(void *opaque)
bb36d470 298{
c8075ac3 299 UHCIState *s = opaque;
bb36d470
FB		 300 uint8_t *pci_conf;
301 int i;
302 UHCIPort *port;
303
d0f2c4c6 304 DPRINTF("uhci: full reset\n");
6f382b5e 305
bb36d470
FB		 306 pci_conf = s->dev.config;
307
308 pci_conf[0x6a] = 0x01; /* usb clock */
309 pci_conf[0x6b] = 0x00;
310 s->cmd = 0;
311 s->status = 0;
312 s->status2 = 0;
313 s->intr = 0;
314 s->fl_base_addr = 0;
315 s->sof_timing = 64;
54f254f9 316
bb36d470
FB		 317 for(i = 0; i < NB_PORTS; i++) {
318 port = &s->ports[i];
319 port->ctrl = 0x0080;
618c169b
GH		 320 if (port->port.dev) {
321 usb_attach(&port->port, port->port.dev);
322 }
bb36d470 323 }
54f254f9
AL		 324
325 uhci_async_cancel_all(s);
bb36d470
FB		 326}
327
817afc61 328static void uhci_pre_save(void *opaque)
b9dc033c
AZ		 329{
330 UHCIState *s = opaque;
b9dc033c 331
6f382b5e 332 uhci_async_cancel_all(s);
b9dc033c
AZ		 333}
334
817afc61
JQ		 335static const VMStateDescription vmstate_uhci_port = {
336 .name = "uhci port",
337 .version_id = 1,
338 .minimum_version_id = 1,
339 .minimum_version_id_old = 1,
340 .fields = (VMStateField []) {
341 VMSTATE_UINT16(ctrl, UHCIPort),
342 VMSTATE_END_OF_LIST()
343 }
344};
345
346static const VMStateDescription vmstate_uhci = {
347 .name = "uhci",
6881dd5f 348 .version_id = 2,
817afc61
JQ		 349 .minimum_version_id = 1,
350 .minimum_version_id_old = 1,
351 .pre_save = uhci_pre_save,
352 .fields = (VMStateField []) {
353 VMSTATE_PCI_DEVICE(dev, UHCIState),
354 VMSTATE_UINT8_EQUAL(num_ports_vmstate, UHCIState),
355 VMSTATE_STRUCT_ARRAY(ports, UHCIState, NB_PORTS, 1,
356 vmstate_uhci_port, UHCIPort),
357 VMSTATE_UINT16(cmd, UHCIState),
358 VMSTATE_UINT16(status, UHCIState),
359 VMSTATE_UINT16(intr, UHCIState),
360 VMSTATE_UINT16(frnum, UHCIState),
361 VMSTATE_UINT32(fl_base_addr, UHCIState),
362 VMSTATE_UINT8(sof_timing, UHCIState),
363 VMSTATE_UINT8(status2, UHCIState),
364 VMSTATE_TIMER(frame_timer, UHCIState),
6881dd5f 365 VMSTATE_INT64_V(expire_time, UHCIState, 2),
817afc61
JQ		 366 VMSTATE_END_OF_LIST()
367 }
368};
b9dc033c 369
bb36d470
FB		 370static void uhci_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
371{
372 UHCIState *s = opaque;
3b46e624 373
bb36d470
FB		 374 addr &= 0x1f;
375 switch(addr) {
376 case 0x0c:
377 s->sof_timing = val;
378 break;
379 }
380}
381
382static uint32_t uhci_ioport_readb(void *opaque, uint32_t addr)
383{
384 UHCIState *s = opaque;
385 uint32_t val;
386
387 addr &= 0x1f;
388 switch(addr) {
389 case 0x0c:
390 val = s->sof_timing;
d80cfb3f 391 break;
bb36d470
FB		 392 default:
393 val = 0xff;
394 break;
395 }
396 return val;
397}
398
399static void uhci_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
400{
401 UHCIState *s = opaque;
3b46e624 402
bb36d470 403 addr &= 0x1f;
d0f2c4c6 404 DPRINTF("uhci: writew port=0x%04x val=0x%04x\n", addr, val);
54f254f9 405
bb36d470
FB		 406 switch(addr) {
407 case 0x00:
408 if ((val & UHCI_CMD_RS) && !(s->cmd & UHCI_CMD_RS)) {
409 /* start frame processing */
74475455 410 qemu_mod_timer(s->frame_timer, qemu_get_clock_ns(vm_clock));
52328140 411 s->status &= ~UHCI_STS_HCHALTED;
467d409f 412 } else if (!(val & UHCI_CMD_RS)) {
52328140 413 s->status |= UHCI_STS_HCHALTED;
bb36d470
FB		 414 }
415 if (val & UHCI_CMD_GRESET) {
416 UHCIPort *port;
417 USBDevice *dev;
418 int i;
419
420 /* send reset on the USB bus */
421 for(i = 0; i < NB_PORTS; i++) {
422 port = &s->ports[i];
a594cfbf 423 dev = port->port.dev;
bb36d470 424 if (dev) {
4d611c9a 425 usb_send_msg(dev, USB_MSG_RESET);
bb36d470
FB		 426 }
427 }
428 uhci_reset(s);
429 return;
430 }
5e9ab4c4 431 if (val & UHCI_CMD_HCRESET) {
bb36d470
FB		 432 uhci_reset(s);
433 return;
434 }
435 s->cmd = val;
436 break;
437 case 0x02:
438 s->status &= ~val;
439 /* XXX: the chip spec is not coherent, so we add a hidden
440 register to distinguish between IOC and SPD */
441 if (val & UHCI_STS_USBINT)
442 s->status2 = 0;
443 uhci_update_irq(s);
444 break;
445 case 0x04:
446 s->intr = val;
447 uhci_update_irq(s);
448 break;
449 case 0x06:
450 if (s->status & UHCI_STS_HCHALTED)
451 s->frnum = val & 0x7ff;
452 break;
453 case 0x10 ... 0x1f:
454 {
455 UHCIPort *port;
456 USBDevice *dev;
457 int n;
458
459 n = (addr >> 1) & 7;
460 if (n >= NB_PORTS)
461 return;
462 port = &s->ports[n];
a594cfbf 463 dev = port->port.dev;
bb36d470
FB		 464 if (dev) {
465 /* port reset */
5fafdf24 466 if ( (val & UHCI_PORT_RESET) &&
bb36d470 467 !(port->ctrl & UHCI_PORT_RESET) ) {
4d611c9a 468 usb_send_msg(dev, USB_MSG_RESET);
bb36d470
FB		 469 }
470 }
9159f679
GH		 471 port->ctrl &= UHCI_PORT_READ_ONLY;
472 port->ctrl |= (val & ~UHCI_PORT_READ_ONLY);
bb36d470 473 /* some bits are reset when a '1' is written to them */
9159f679 474 port->ctrl &= ~(val & UHCI_PORT_WRITE_CLEAR);
bb36d470
FB		 475 }
476 break;
477 }
478}
479
480static uint32_t uhci_ioport_readw(void *opaque, uint32_t addr)
481{
482 UHCIState *s = opaque;
483 uint32_t val;
484
485 addr &= 0x1f;
486 switch(addr) {
487 case 0x00:
488 val = s->cmd;
489 break;
490 case 0x02:
491 val = s->status;
492 break;
493 case 0x04:
494 val = s->intr;
495 break;
496 case 0x06:
497 val = s->frnum;
498 break;
499 case 0x10 ... 0x1f:
500 {
501 UHCIPort *port;
502 int n;
503 n = (addr >> 1) & 7;
5fafdf24 504 if (n >= NB_PORTS)
bb36d470
FB		 505 goto read_default;
506 port = &s->ports[n];
507 val = port->ctrl;
508 }
509 break;
510 default:
511 read_default:
512 val = 0xff7f; /* disabled port */
513 break;
514 }
54f254f9 515
d0f2c4c6 516 DPRINTF("uhci: readw port=0x%04x val=0x%04x\n", addr, val);
54f254f9 517
bb36d470
FB		 518 return val;
519}
520
521static void uhci_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
522{
523 UHCIState *s = opaque;
524
525 addr &= 0x1f;
d0f2c4c6 526 DPRINTF("uhci: writel port=0x%04x val=0x%08x\n", addr, val);
54f254f9 527
bb36d470
FB		 528 switch(addr) {
529 case 0x08:
530 s->fl_base_addr = val & ~0xfff;
531 break;
532 }
533}
534
535static uint32_t uhci_ioport_readl(void *opaque, uint32_t addr)
536{
537 UHCIState *s = opaque;
538 uint32_t val;
539
540 addr &= 0x1f;
541 switch(addr) {
542 case 0x08:
543 val = s->fl_base_addr;
544 break;
545 default:
546 val = 0xffffffff;
547 break;
548 }
549 return val;
550}
551
96217e31
TS		 552/* signal resume if controller suspended */
553static void uhci_resume (void *opaque)
554{
555 UHCIState *s = (UHCIState *)opaque;
556
557 if (!s)
558 return;
559
560 if (s->cmd & UHCI_CMD_EGSM) {
561 s->cmd |= UHCI_CMD_FGR;
562 s->status |= UHCI_STS_RD;
563 uhci_update_irq(s);
564 }
565}
566
618c169b 567static void uhci_attach(USBPort *port1)
bb36d470
FB		 568{
569 UHCIState *s = port1->opaque;
570 UHCIPort *port = &s->ports[port1->index];
571
618c169b
GH		 572 /* set connect status */
573 port->ctrl |= UHCI_PORT_CCS | UHCI_PORT_CSC;
61064870 574
618c169b
GH		 575 /* update speed */
576 if (port->port.dev->speed == USB_SPEED_LOW) {
577 port->ctrl |= UHCI_PORT_LSDA;
bb36d470 578 } else {
618c169b
GH		 579 port->ctrl &= ~UHCI_PORT_LSDA;
580 }
96217e31 581
618c169b
GH		 582 uhci_resume(s);
583}
96217e31 584
618c169b
GH		 585static void uhci_detach(USBPort *port1)
586{
587 UHCIState *s = port1->opaque;
588 UHCIPort *port = &s->ports[port1->index];
589
590 /* set connect status */
591 if (port->ctrl & UHCI_PORT_CCS) {
592 port->ctrl &= ~UHCI_PORT_CCS;
593 port->ctrl |= UHCI_PORT_CSC;
bb36d470 594 }
618c169b
GH		 595 /* disable port */
596 if (port->ctrl & UHCI_PORT_EN) {
597 port->ctrl &= ~UHCI_PORT_EN;
598 port->ctrl |= UHCI_PORT_ENC;
599 }
600
601 uhci_resume(s);
bb36d470
FB		 602}
603
9159f679
GH		 604static void uhci_wakeup(USBDevice *dev)
605{
606 USBBus *bus = usb_bus_from_device(dev);
607 UHCIState *s = container_of(bus, UHCIState, bus);
608 UHCIPort *port = s->ports + dev->port->index;
609
610 if (port->ctrl & UHCI_PORT_SUSPEND && !(port->ctrl & UHCI_PORT_RD)) {
611 port->ctrl |= UHCI_PORT_RD;
612 uhci_resume(s);
613 }
614}
615
4d611c9a 616static int uhci_broadcast_packet(UHCIState *s, USBPacket *p)
bb36d470 617{
bb36d470
FB		 618 int i, ret;
619
d0f2c4c6 620 DPRINTF("uhci: packet enter. pid %s addr 0x%02x ep %d len %d\n",
54f254f9 621 pid2str(p->pid), p->devaddr, p->devep, p->len);
5d808245 622 if (p->pid == USB_TOKEN_OUT || p->pid == USB_TOKEN_SETUP)
54f254f9
AL		 623 dump_data(p->data, p->len);
624
625 ret = USB_RET_NODEV;
626 for (i = 0; i < NB_PORTS && ret == USB_RET_NODEV; i++) {
627 UHCIPort *port = &s->ports[i];
628 USBDevice *dev = port->port.dev;
629
630 if (dev && (port->ctrl & UHCI_PORT_EN))
806b6024 631 ret = dev->info->handle_packet(dev, p);
bb36d470 632 }
54f254f9 633
d0f2c4c6 634 DPRINTF("uhci: packet exit. ret %d len %d\n", ret, p->len);
54f254f9
AL		 635 if (p->pid == USB_TOKEN_IN && ret > 0)
636 dump_data(p->data, ret);
637
638 return ret;
bb36d470
FB		 639}
640
54f254f9
AL		 641static void uhci_async_complete(USBPacket * packet, void *opaque);
642static void uhci_process_frame(UHCIState *s);
4d611c9a 643
bb36d470
FB		 644/* return -1 if fatal error (frame must be stopped)
645 0 if TD successful
646 1 if TD unsuccessful or inactive
647*/
54f254f9 648static int uhci_complete_td(UHCIState *s, UHCI_TD *td, UHCIAsync *async, uint32_t *int_mask)
bb36d470 649{
54f254f9 650 int len = 0, max_len, err, ret;
bb36d470 651 uint8_t pid;
bb36d470 652
54f254f9
AL		 653 max_len = ((td->token >> 21) + 1) & 0x7ff;
654 pid = td->token & 0xff;
655
656 ret = async->packet.len;
657
54f254f9
AL		 658 if (td->ctrl & TD_CTRL_IOS)
659 td->ctrl &= ~TD_CTRL_ACTIVE;
bb36d470 660
54f254f9
AL		 661 if (ret < 0)
662 goto out;
b9dc033c 663
54f254f9
AL		 664 len = async->packet.len;
665 td->ctrl = (td->ctrl & ~0x7ff) | ((len - 1) & 0x7ff);
666
667 /* The NAK bit may have been set by a previous frame, so clear it
668 here. The docs are somewhat unclear, but win2k relies on this
669 behavior. */
670 td->ctrl &= ~(TD_CTRL_ACTIVE | TD_CTRL_NAK);
5bd2c0d7
PB		 671 if (td->ctrl & TD_CTRL_IOC)
672 *int_mask |= 0x01;
54f254f9
AL		 673
674 if (pid == USB_TOKEN_IN) {
675 if (len > max_len) {
54f254f9
AL		 676 ret = USB_RET_BABBLE;
677 goto out;
4d611c9a 678 }
b9dc033c 679
54f254f9
AL		 680 if (len > 0) {
681 /* write the data back */
682 cpu_physical_memory_write(td->buffer, async->buffer, len);
683 }
684
685 if ((td->ctrl & TD_CTRL_SPD) && len < max_len) {
bb36d470
FB		 686 *int_mask |= 0x02;
687 /* short packet: do not update QH */
d0f2c4c6 688 DPRINTF("uhci: short packet. td 0x%x token 0x%x\n", async->td, async->token);
bb36d470 689 return 1;
bb36d470 690 }
54f254f9
AL		 691 }
692
693 /* success */
694 return 0;
695
696out:
697 switch(ret) {
698 case USB_RET_STALL:
699 td->ctrl |= TD_CTRL_STALL;
700 td->ctrl &= ~TD_CTRL_ACTIVE;
701 return 1;
702
703 case USB_RET_BABBLE:
704 td->ctrl |= TD_CTRL_BABBLE | TD_CTRL_STALL;
705 td->ctrl &= ~TD_CTRL_ACTIVE;
706 /* frame interrupted */
707 return -1;
708
709 case USB_RET_NAK:
710 td->ctrl |= TD_CTRL_NAK;
711 if (pid == USB_TOKEN_SETUP)
712 break;
713 return 1;
714
715 case USB_RET_NODEV:
716 default:
717 break;
718 }
719
720 /* Retry the TD if error count is not zero */
721
722 td->ctrl |= TD_CTRL_TIMEOUT;
723 err = (td->ctrl >> TD_CTRL_ERROR_SHIFT) & 3;
724 if (err != 0) {
725 err--;
726 if (err == 0) {
bb36d470 727 td->ctrl &= ~TD_CTRL_ACTIVE;
54f254f9 728 s->status |= UHCI_STS_USBERR;
5bd2c0d7
PB		 729 if (td->ctrl & TD_CTRL_IOC)
730 *int_mask |= 0x01;
54f254f9 731 uhci_update_irq(s);
bb36d470
FB		 732 }
733 }
54f254f9
AL		 734 td->ctrl = (td->ctrl & ~(3 << TD_CTRL_ERROR_SHIFT)) |
735 (err << TD_CTRL_ERROR_SHIFT);
736 return 1;
bb36d470
FB		 737}
738
54f254f9
AL		 739static int uhci_handle_td(UHCIState *s, uint32_t addr, UHCI_TD *td, uint32_t *int_mask)
740{
741 UHCIAsync *async;
5d808245 742 int len = 0, max_len;
8e65b7c0
DA		 743 uint8_t pid, isoc;
744 uint32_t token;
54f254f9
AL		 745
746 /* Is active ? */
747 if (!(td->ctrl & TD_CTRL_ACTIVE))
748 return 1;
749
8e65b7c0
DA		 750 /* token field is not unique for isochronous requests,
751 * so use the destination buffer
752 */
753 if (td->ctrl & TD_CTRL_IOS) {
754 token = td->buffer;
755 isoc = 1;
756 } else {
757 token = td->token;
758 isoc = 0;
759 }
760
761 async = uhci_async_find_td(s, addr, token);
54f254f9
AL		 762 if (async) {
763 /* Already submitted */
a145ea51 764 async->valid = 32;
54f254f9
AL		 765
766 if (!async->done)
767 return 1;
768
769 uhci_async_unlink(s, async);
770 goto done;
771 }
772
773 /* Allocate new packet */
774 async = uhci_async_alloc(s);
775 if (!async)
776 return 1;
777
8e65b7c0
DA		 778 /* valid needs to be large enough to handle 10 frame delay
779 * for initial isochronous requests
780 */
781 async->valid = 32;
54f254f9 782 async->td = addr;
8e65b7c0
DA		 783 async->token = token;
784 async->isoc = isoc;
54f254f9
AL		 785
786 max_len = ((td->token >> 21) + 1) & 0x7ff;
787 pid = td->token & 0xff;
788
789 async->packet.pid = pid;
790 async->packet.devaddr = (td->token >> 8) & 0x7f;
791 async->packet.devep = (td->token >> 15) & 0xf;
792 async->packet.data = async->buffer;
793 async->packet.len = max_len;
794 async->packet.complete_cb = uhci_async_complete;
795 async->packet.complete_opaque = s;
796
797 switch(pid) {
798 case USB_TOKEN_OUT:
799 case USB_TOKEN_SETUP:
800 cpu_physical_memory_read(td->buffer, async->buffer, max_len);
5d808245
AJ		 801 len = uhci_broadcast_packet(s, &async->packet);
802 if (len >= 0)
803 len = max_len;
54f254f9
AL		 804 break;
805
806 case USB_TOKEN_IN:
5d808245 807 len = uhci_broadcast_packet(s, &async->packet);
54f254f9
AL		 808 break;
809
810 default:
811 /* invalid pid : frame interrupted */
812 uhci_async_free(s, async);
813 s->status |= UHCI_STS_HCPERR;
814 uhci_update_irq(s);
815 return -1;
816 }
817
5d808245 818 if (len == USB_RET_ASYNC) {
54f254f9
AL		 819 uhci_async_link(s, async);
820 return 2;
821 }
822
5d808245 823 async->packet.len = len;
54f254f9
AL		 824
825done:
5d808245 826 len = uhci_complete_td(s, td, async, int_mask);
54f254f9 827 uhci_async_free(s, async);
5d808245 828 return len;
54f254f9
AL		 829}
830
831static void uhci_async_complete(USBPacket *packet, void *opaque)
4d611c9a
PB		 832{
833 UHCIState *s = opaque;
54f254f9
AL		 834 UHCIAsync *async = (UHCIAsync *) packet;
835
d0f2c4c6 836 DPRINTF("uhci: async complete. td 0x%x token 0x%x\n", async->td, async->token);
54f254f9 837
8e65b7c0
DA		 838 if (async->isoc) {
839 UHCI_TD td;
840 uint32_t link = async->td;
841 uint32_t int_mask = 0, val;
d4c4e6fd 842
8e65b7c0
DA		 843 cpu_physical_memory_read(link & ~0xf, (uint8_t *) &td, sizeof(td));
844 le32_to_cpus(&td.link);
845 le32_to_cpus(&td.ctrl);
846 le32_to_cpus(&td.token);
847 le32_to_cpus(&td.buffer);
848
849 uhci_async_unlink(s, async);
d4c4e6fd 850 uhci_complete_td(s, &td, async, &int_mask);
8e65b7c0 851 s->pending_int_mask |= int_mask;
54f254f9 852
8e65b7c0
DA		 853 /* update the status bits of the TD */
854 val = cpu_to_le32(td.ctrl);
855 cpu_physical_memory_write((link & ~0xf) + 4,
856 (const uint8_t *)&val, sizeof(val));
857 uhci_async_free(s, async);
858 } else {
859 async->done = 1;
860 uhci_process_frame(s);
861 }
54f254f9
AL		 862}
863
864static int is_valid(uint32_t link)
865{
866 return (link & 1) == 0;
867}
868
869static int is_qh(uint32_t link)
870{
871 return (link & 2) != 0;
872}
873
874static int depth_first(uint32_t link)
875{
876 return (link & 4) != 0;
877}
878
879/* QH DB used for detecting QH loops */
880#define UHCI_MAX_QUEUES 128
881typedef struct {
882 uint32_t addr[UHCI_MAX_QUEUES];
883 int count;
884} QhDb;
885
886static void qhdb_reset(QhDb *db)
887{
888 db->count = 0;
889}
890
891/* Add QH to DB. Returns 1 if already present or DB is full. */
892static int qhdb_insert(QhDb *db, uint32_t addr)
893{
894 int i;
895 for (i = 0; i < db->count; i++)
896 if (db->addr[i] == addr)
897 return 1;
898
899 if (db->count >= UHCI_MAX_QUEUES)
900 return 1;
901
902 db->addr[db->count++] = addr;
903 return 0;
904}
905
906static void uhci_process_frame(UHCIState *s)
907{
908 uint32_t frame_addr, link, old_td_ctrl, val, int_mask;
909 uint32_t curr_qh;
910 int cnt, ret;
4d611c9a 911 UHCI_TD td;
54f254f9
AL		 912 UHCI_QH qh;
913 QhDb qhdb;
4d611c9a 914
54f254f9
AL		 915 frame_addr = s->fl_base_addr + ((s->frnum & 0x3ff) << 2);
916
d0f2c4c6 917 DPRINTF("uhci: processing frame %d addr 0x%x\n" , s->frnum, frame_addr);
54f254f9
AL		 918
919 cpu_physical_memory_read(frame_addr, (uint8_t *)&link, 4);
920 le32_to_cpus(&link);
b9dc033c 921
54f254f9
AL		 922 int_mask = 0;
923 curr_qh = 0;
924
925 qhdb_reset(&qhdb);
926
927 for (cnt = FRAME_MAX_LOOPS; is_valid(link) && cnt; cnt--) {
928 if (is_qh(link)) {
929 /* QH */
930
931 if (qhdb_insert(&qhdb, link)) {
932 /*
933 * We're going in circles. Which is not a bug because
934 * HCD is allowed to do that as part of the BW management.
935 * In our case though it makes no sense to spin here. Sync transations
936 * are already done, and async completion handler will re-process
937 * the frame when something is ready.
938 */
d0f2c4c6 939 DPRINTF("uhci: detected loop. qh 0x%x\n", link);
54f254f9
AL		 940 break;
941 }
942
943 cpu_physical_memory_read(link & ~0xf, (uint8_t *) &qh, sizeof(qh));
944 le32_to_cpus(&qh.link);
945 le32_to_cpus(&qh.el_link);
946
d0f2c4c6 947 DPRINTF("uhci: QH 0x%x load. link 0x%x elink 0x%x\n",
54f254f9
AL		 948 link, qh.link, qh.el_link);
949
950 if (!is_valid(qh.el_link)) {
951 /* QH w/o elements */
952 curr_qh = 0;
953 link = qh.link;
954 } else {
955 /* QH with elements */
956 curr_qh = link;
957 link = qh.el_link;
958 }
959 continue;
960 }
961
962 /* TD */
963 cpu_physical_memory_read(link & ~0xf, (uint8_t *) &td, sizeof(td));
b9dc033c
AZ		 964 le32_to_cpus(&td.link);
965 le32_to_cpus(&td.ctrl);
966 le32_to_cpus(&td.token);
967 le32_to_cpus(&td.buffer);
b9dc033c 968
d0f2c4c6 969 DPRINTF("uhci: TD 0x%x load. link 0x%x ctrl 0x%x token 0x%x qh 0x%x\n",
54f254f9
AL		 970 link, td.link, td.ctrl, td.token, curr_qh);
971
972 old_td_ctrl = td.ctrl;
973 ret = uhci_handle_td(s, link, &td, &int_mask);
b9dc033c 974 if (old_td_ctrl != td.ctrl) {
54f254f9 975 /* update the status bits of the TD */
b9dc033c
AZ		 976 val = cpu_to_le32(td.ctrl);
977 cpu_physical_memory_write((link & ~0xf) + 4,
54f254f9 978 (const uint8_t *)&val, sizeof(val));
b9dc033c 979 }
54f254f9
AL		 980
981 if (ret < 0) {
982 /* interrupted frame */
983 break;
b9dc033c 984 }
b9dc033c 985
54f254f9 986 if (ret == 2 || ret == 1) {
d0f2c4c6 987 DPRINTF("uhci: TD 0x%x %s. link 0x%x ctrl 0x%x token 0x%x qh 0x%x\n",
54f254f9
AL		 988 link, ret == 2 ? "pend" : "skip",
989 td.link, td.ctrl, td.token, curr_qh);
b9dc033c 990
54f254f9
AL		 991 link = curr_qh ? qh.link : td.link;
992 continue;
4d611c9a 993 }
54f254f9
AL		 994
995 /* completed TD */
996
d0f2c4c6 997 DPRINTF("uhci: TD 0x%x done. link 0x%x ctrl 0x%x token 0x%x qh 0x%x\n",
54f254f9
AL		 998 link, td.link, td.ctrl, td.token, curr_qh);
999
1000 link = td.link;
1001
1002 if (curr_qh) {
1003 /* update QH element link */
1004 qh.el_link = link;
4d611c9a 1005 val = cpu_to_le32(qh.el_link);
54f254f9
AL		 1006 cpu_physical_memory_write((curr_qh & ~0xf) + 4,
1007 (const uint8_t *)&val, sizeof(val));
1008
1009 if (!depth_first(link)) {
1010 /* done with this QH */
1011
d0f2c4c6 1012 DPRINTF("uhci: QH 0x%x done. link 0x%x elink 0x%x\n",
54f254f9
AL		 1013 curr_qh, qh.link, qh.el_link);
1014
1015 curr_qh = 0;
1016 link = qh.link;
1017 }
4d611c9a 1018 }
54f254f9
AL		 1019
1020 /* go to the next entry */
4d611c9a 1021 }
54f254f9 1022
8e65b7c0 1023 s->pending_int_mask |= int_mask;
4d611c9a
PB		 1024}
1025
bb36d470
FB		 1026static void uhci_frame_timer(void *opaque)
1027{
1028 UHCIState *s = opaque;
8e65b7c0
DA		 1029
1030 /* prepare the timer for the next frame */
1031 s->expire_time += (get_ticks_per_sec() / FRAME_TIMER_FREQ);
bb36d470
FB		 1032
1033 if (!(s->cmd & UHCI_CMD_RS)) {
54f254f9 1034 /* Full stop */
bb36d470 1035 qemu_del_timer(s->frame_timer);
52328140
FB		 1036 /* set hchalted bit in status - UHCI11D 2.1.2 */
1037 s->status |= UHCI_STS_HCHALTED;
6f382b5e 1038
d0f2c4c6 1039 DPRINTF("uhci: halted\n");
bb36d470
FB		 1040 return;
1041 }
54f254f9
AL		 1042
1043 /* Complete the previous frame */
4d611c9a
PB		 1044 if (s->pending_int_mask) {
1045 s->status2 |= s->pending_int_mask;
54f254f9 1046 s->status |= UHCI_STS_USBINT;
4d611c9a
PB		 1047 uhci_update_irq(s);
1048 }
8e65b7c0 1049 s->pending_int_mask = 0;
b9dc033c 1050
54f254f9
AL		 1051 /* Start new frame */
1052 s->frnum = (s->frnum + 1) & 0x7ff;
1053
d0f2c4c6 1054 DPRINTF("uhci: new frame #%u\n" , s->frnum);
54f254f9
AL		 1055
1056 uhci_async_validate_begin(s);
1057
1058 uhci_process_frame(s);
1059
1060 uhci_async_validate_end(s);
b9dc033c 1061
8e65b7c0 1062 qemu_mod_timer(s->frame_timer, s->expire_time);
bb36d470
FB		 1063}
1064
5fafdf24 1065static void uhci_map(PCIDevice *pci_dev, int region_num,
6e355d90 1066 pcibus_t addr, pcibus_t size, int type)
bb36d470
FB		 1067{
1068 UHCIState *s = (UHCIState *)pci_dev;
1069
1070 register_ioport_write(addr, 32, 2, uhci_ioport_writew, s);
1071 register_ioport_read(addr, 32, 2, uhci_ioport_readw, s);
1072 register_ioport_write(addr, 32, 4, uhci_ioport_writel, s);
1073 register_ioport_read(addr, 32, 4, uhci_ioport_readl, s);
1074 register_ioport_write(addr, 32, 1, uhci_ioport_writeb, s);
1075 register_ioport_read(addr, 32, 1, uhci_ioport_readb, s);
1076}
1077
0d86d2be
GH		 1078static USBPortOps uhci_port_ops = {
1079 .attach = uhci_attach,
618c169b 1080 .detach = uhci_detach,
9159f679 1081 .wakeup = uhci_wakeup,
0d86d2be
GH		 1082};
1083
6cf9b6f1 1084static int usb_uhci_common_initfn(UHCIState *s)
bb36d470 1085{
6cf9b6f1 1086 uint8_t *pci_conf = s->dev.config;
bb36d470
FB		 1087 int i;
1088
db579e9e
MT		 1089 pci_conf[PCI_REVISION_ID] = 0x01; // revision number
1090 pci_conf[PCI_CLASS_PROG] = 0x00;
173a543b 1091 pci_config_set_class(pci_conf, PCI_CLASS_SERIAL_USB);
db579e9e
MT		 1092 /* TODO: reset value should be 0. */
1093 pci_conf[PCI_INTERRUPT_PIN] = 4; // interrupt pin 3
38ca0f6d 1094 pci_conf[0x60] = 0x10; // release number
3b46e624 1095
b2317837 1096 usb_bus_new(&s->bus, &s->dev.qdev);
bb36d470 1097 for(i = 0; i < NB_PORTS; i++) {
ace1318b 1098 usb_register_port(&s->bus, &s->ports[i].port, s, i, &uhci_port_ops,
843d4e0c 1099 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL);
c7a2196a 1100 usb_port_location(&s->ports[i].port, NULL, i+1);
bb36d470 1101 }
74475455
PB		 1102 s->frame_timer = qemu_new_timer_ns(vm_clock, uhci_frame_timer, s);
1103 s->expire_time = qemu_get_clock_ns(vm_clock) +
8e65b7c0 1104 (get_ticks_per_sec() / FRAME_TIMER_FREQ);
64e58fe5 1105 s->num_ports_vmstate = NB_PORTS;
ddf6583f 1106 QTAILQ_INIT(&s->async_pending);
bb36d470 1107
a08d4367 1108 qemu_register_reset(uhci_reset, s);
bb36d470 1109
38ca0f6d
PB		 1110 /* Use region 4 for consistency with real hardware. BSD guests seem
1111 to rely on this. */
28c2c264 1112 pci_register_bar(&s->dev, 4, 0x20,
0392a017 1113 PCI_BASE_ADDRESS_SPACE_IO, uhci_map);
6f382b5e 1114
6cf9b6f1 1115 return 0;
bb36d470 1116}
afcc3cdf 1117
6cf9b6f1 1118static int usb_uhci_piix3_initfn(PCIDevice *dev)
afcc3cdf 1119{
6cf9b6f1
GH		 1120 UHCIState *s = DO_UPCAST(UHCIState, dev, dev);
1121 uint8_t *pci_conf = s->dev.config;
1122
1123 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
1124 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_2);
1125 return usb_uhci_common_initfn(s);
1126}
1127
1128static int usb_uhci_piix4_initfn(PCIDevice *dev)
1129{
1130 UHCIState *s = DO_UPCAST(UHCIState, dev, dev);
1131 uint8_t *pci_conf = s->dev.config;
afcc3cdf 1132
deb54399
AL		 1133 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
1134 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB_2);
6cf9b6f1
GH		 1135 return usb_uhci_common_initfn(s);
1136}
afcc3cdf 1137
30235a54
HC		 1138static int usb_uhci_vt82c686b_initfn(PCIDevice *dev)
1139{
1140 UHCIState *s = DO_UPCAST(UHCIState, dev, dev);
1141 uint8_t *pci_conf = s->dev.config;
1142
1143 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_VIA);
1144 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_VIA_UHCI);
1145
1146 /* USB misc control 1/2 */
1147 pci_set_long(pci_conf + 0x40,0x00001000);
1148 /* PM capability */
1149 pci_set_long(pci_conf + 0x80,0x00020001);
1150 /* USB legacy support */
1151 pci_set_long(pci_conf + 0xc0,0x00002000);
1152
1153 return usb_uhci_common_initfn(s);
1154}
1155
6cf9b6f1
GH		 1156static PCIDeviceInfo uhci_info[] = {
1157 {
556cd098 1158 .qdev.name = "piix3-usb-uhci",
6cf9b6f1 1159 .qdev.size = sizeof(UHCIState),
be73cfe2 1160 .qdev.vmsd = &vmstate_uhci,
6cf9b6f1
GH		 1161 .init = usb_uhci_piix3_initfn,
1162 },{
556cd098 1163 .qdev.name = "piix4-usb-uhci",
6cf9b6f1 1164 .qdev.size = sizeof(UHCIState),
be73cfe2 1165 .qdev.vmsd = &vmstate_uhci,
6cf9b6f1 1166 .init = usb_uhci_piix4_initfn,
30235a54
HC		 1167 },{
1168 .qdev.name = "vt82c686b-usb-uhci",
1169 .qdev.size = sizeof(UHCIState),
1170 .qdev.vmsd = &vmstate_uhci,
1171 .init = usb_uhci_vt82c686b_initfn,
6cf9b6f1
GH		 1172 },{
1173 /* end of list */
afcc3cdf 1174 }
6cf9b6f1 1175};
afcc3cdf 1176
6cf9b6f1
GH		 1177static void uhci_register(void)
1178{
1179 pci_qdev_register_many(uhci_info);
1180}
1181device_init(uhci_register);
afcc3cdf 1182
6cf9b6f1
GH		 1183void usb_uhci_piix3_init(PCIBus *bus, int devfn)
1184{
556cd098 1185 pci_create_simple(bus, devfn, "piix3-usb-uhci");
6cf9b6f1 1186}
54f254f9 1187
6cf9b6f1
GH		 1188void usb_uhci_piix4_init(PCIBus *bus, int devfn)
1189{
556cd098 1190 pci_create_simple(bus, devfn, "piix4-usb-uhci");
afcc3cdf 1191}
30235a54
HC		 1192
1193void usb_uhci_vt82c686b_init(PCIBus *bus, int devfn)
1194{
1195 pci_create_simple(bus, devfn, "vt82c686b-usb-uhci");
1196}
Qemu copy for testing