]> git.proxmox.com Git - qemu.git/blob - hw/usb/hcd-xhci.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xhci: rip out background transfer code
[qemu.git] / hw / usb / hcd-xhci.c
1 /*
2 * USB xHCI controller emulation
3 *
4 * Copyright (c) 2011 Securiforest
5 * Date: 2011-05-11 ; Author: Hector Martin <hector@marcansoft.com>
6 * Based on usb-ohci.c, emulates Renesas NEC USB 3.0
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2 of the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 */
21 #include "hw/hw.h"
22 #include "qemu-timer.h"
23 #include "hw/usb.h"
24 #include "hw/pci.h"
25 #include "hw/msi.h"
26 #include "trace.h"
27
28 //#define DEBUG_XHCI
29 //#define DEBUG_DATA
30
31 #ifdef DEBUG_XHCI
32 #define DPRINTF(...) fprintf(stderr, __VA_ARGS__)
33 #else
34 #define DPRINTF(...) do {} while (0)
35 #endif
36 #define FIXME() do { fprintf(stderr, "FIXME %s:%d\n", \
37 __func__, __LINE__); abort(); } while (0)
38
39 #define MAXSLOTS 8
40 #define MAXINTRS 1
41
42 #define USB2_PORTS 4
43 #define USB3_PORTS 4
44
45 #define MAXPORTS (USB2_PORTS+USB3_PORTS)
46
47 #define TD_QUEUE 24
48
49 /* Very pessimistic, let's hope it's enough for all cases */
50 #define EV_QUEUE (((3*TD_QUEUE)+16)*MAXSLOTS)
51 /* Do not deliver ER Full events. NEC's driver does some things not bound
52 * to the specs when it gets them */
53 #define ER_FULL_HACK
54
55 #define LEN_CAP 0x40
56 #define OFF_OPER LEN_CAP
57 #define LEN_OPER (0x400 + 0x10 * MAXPORTS)
58 #define OFF_RUNTIME ((OFF_OPER + LEN_OPER + 0x20) & ~0x1f)
59 #define LEN_RUNTIME (0x20 + MAXINTRS * 0x20)
60 #define OFF_DOORBELL (OFF_RUNTIME + LEN_RUNTIME)
61 #define LEN_DOORBELL ((MAXSLOTS + 1) * 0x20)
62
63 /* must be power of 2 */
64 #define LEN_REGS 0x2000
65
66 #if (OFF_DOORBELL + LEN_DOORBELL) > LEN_REGS
67 # error Increase LEN_REGS
68 #endif
69
70 #if MAXINTRS > 1
71 # error TODO: only one interrupter supported
72 #endif
73
74 /* bit definitions */
75 #define USBCMD_RS (1<<0)
76 #define USBCMD_HCRST (1<<1)
77 #define USBCMD_INTE (1<<2)
78 #define USBCMD_HSEE (1<<3)
79 #define USBCMD_LHCRST (1<<7)
80 #define USBCMD_CSS (1<<8)
81 #define USBCMD_CRS (1<<9)
82 #define USBCMD_EWE (1<<10)
83 #define USBCMD_EU3S (1<<11)
84
85 #define USBSTS_HCH (1<<0)
86 #define USBSTS_HSE (1<<2)
87 #define USBSTS_EINT (1<<3)
88 #define USBSTS_PCD (1<<4)
89 #define USBSTS_SSS (1<<8)
90 #define USBSTS_RSS (1<<9)
91 #define USBSTS_SRE (1<<10)
92 #define USBSTS_CNR (1<<11)
93 #define USBSTS_HCE (1<<12)
94
95
96 #define PORTSC_CCS (1<<0)
97 #define PORTSC_PED (1<<1)
98 #define PORTSC_OCA (1<<3)
99 #define PORTSC_PR (1<<4)
100 #define PORTSC_PLS_SHIFT 5
101 #define PORTSC_PLS_MASK 0xf
102 #define PORTSC_PP (1<<9)
103 #define PORTSC_SPEED_SHIFT 10
104 #define PORTSC_SPEED_MASK 0xf
105 #define PORTSC_SPEED_FULL (1<<10)
106 #define PORTSC_SPEED_LOW (2<<10)
107 #define PORTSC_SPEED_HIGH (3<<10)
108 #define PORTSC_SPEED_SUPER (4<<10)
109 #define PORTSC_PIC_SHIFT 14
110 #define PORTSC_PIC_MASK 0x3
111 #define PORTSC_LWS (1<<16)
112 #define PORTSC_CSC (1<<17)
113 #define PORTSC_PEC (1<<18)
114 #define PORTSC_WRC (1<<19)
115 #define PORTSC_OCC (1<<20)
116 #define PORTSC_PRC (1<<21)
117 #define PORTSC_PLC (1<<22)
118 #define PORTSC_CEC (1<<23)
119 #define PORTSC_CAS (1<<24)
120 #define PORTSC_WCE (1<<25)
121 #define PORTSC_WDE (1<<26)
122 #define PORTSC_WOE (1<<27)
123 #define PORTSC_DR (1<<30)
124 #define PORTSC_WPR (1<<31)
125
126 #define CRCR_RCS (1<<0)
127 #define CRCR_CS (1<<1)
128 #define CRCR_CA (1<<2)
129 #define CRCR_CRR (1<<3)
130
131 #define IMAN_IP (1<<0)
132 #define IMAN_IE (1<<1)
133
134 #define ERDP_EHB (1<<3)
135
136 #define TRB_SIZE 16
137 typedef struct XHCITRB {
138 uint64_t parameter;
139 uint32_t status;
140 uint32_t control;
141 dma_addr_t addr;
142 bool ccs;
143 } XHCITRB;
144
145
146 typedef enum TRBType {
147 TRB_RESERVED = 0,
148 TR_NORMAL,
149 TR_SETUP,
150 TR_DATA,
151 TR_STATUS,
152 TR_ISOCH,
153 TR_LINK,
154 TR_EVDATA,
155 TR_NOOP,
156 CR_ENABLE_SLOT,
157 CR_DISABLE_SLOT,
158 CR_ADDRESS_DEVICE,
159 CR_CONFIGURE_ENDPOINT,
160 CR_EVALUATE_CONTEXT,
161 CR_RESET_ENDPOINT,
162 CR_STOP_ENDPOINT,
163 CR_SET_TR_DEQUEUE,
164 CR_RESET_DEVICE,
165 CR_FORCE_EVENT,
166 CR_NEGOTIATE_BW,
167 CR_SET_LATENCY_TOLERANCE,
168 CR_GET_PORT_BANDWIDTH,
169 CR_FORCE_HEADER,
170 CR_NOOP,
171 ER_TRANSFER = 32,
172 ER_COMMAND_COMPLETE,
173 ER_PORT_STATUS_CHANGE,
174 ER_BANDWIDTH_REQUEST,
175 ER_DOORBELL,
176 ER_HOST_CONTROLLER,
177 ER_DEVICE_NOTIFICATION,
178 ER_MFINDEX_WRAP,
179 /* vendor specific bits */
180 CR_VENDOR_VIA_CHALLENGE_RESPONSE = 48,
181 CR_VENDOR_NEC_FIRMWARE_REVISION = 49,
182 CR_VENDOR_NEC_CHALLENGE_RESPONSE = 50,
183 } TRBType;
184
185 #define CR_LINK TR_LINK
186
187 typedef enum TRBCCode {
188 CC_INVALID = 0,
189 CC_SUCCESS,
190 CC_DATA_BUFFER_ERROR,
191 CC_BABBLE_DETECTED,
192 CC_USB_TRANSACTION_ERROR,
193 CC_TRB_ERROR,
194 CC_STALL_ERROR,
195 CC_RESOURCE_ERROR,
196 CC_BANDWIDTH_ERROR,
197 CC_NO_SLOTS_ERROR,
198 CC_INVALID_STREAM_TYPE_ERROR,
199 CC_SLOT_NOT_ENABLED_ERROR,
200 CC_EP_NOT_ENABLED_ERROR,
201 CC_SHORT_PACKET,
202 CC_RING_UNDERRUN,
203 CC_RING_OVERRUN,
204 CC_VF_ER_FULL,
205 CC_PARAMETER_ERROR,
206 CC_BANDWIDTH_OVERRUN,
207 CC_CONTEXT_STATE_ERROR,
208 CC_NO_PING_RESPONSE_ERROR,
209 CC_EVENT_RING_FULL_ERROR,
210 CC_INCOMPATIBLE_DEVICE_ERROR,
211 CC_MISSED_SERVICE_ERROR,
212 CC_COMMAND_RING_STOPPED,
213 CC_COMMAND_ABORTED,
214 CC_STOPPED,
215 CC_STOPPED_LENGTH_INVALID,
216 CC_MAX_EXIT_LATENCY_TOO_LARGE_ERROR = 29,
217 CC_ISOCH_BUFFER_OVERRUN = 31,
218 CC_EVENT_LOST_ERROR,
219 CC_UNDEFINED_ERROR,
220 CC_INVALID_STREAM_ID_ERROR,
221 CC_SECONDARY_BANDWIDTH_ERROR,
222 CC_SPLIT_TRANSACTION_ERROR
223 } TRBCCode;
224
225 #define TRB_C (1<<0)
226 #define TRB_TYPE_SHIFT 10
227 #define TRB_TYPE_MASK 0x3f
228 #define TRB_TYPE(t) (((t).control >> TRB_TYPE_SHIFT) & TRB_TYPE_MASK)
229
230 #define TRB_EV_ED (1<<2)
231
232 #define TRB_TR_ENT (1<<1)
233 #define TRB_TR_ISP (1<<2)
234 #define TRB_TR_NS (1<<3)
235 #define TRB_TR_CH (1<<4)
236 #define TRB_TR_IOC (1<<5)
237 #define TRB_TR_IDT (1<<6)
238 #define TRB_TR_TBC_SHIFT 7
239 #define TRB_TR_TBC_MASK 0x3
240 #define TRB_TR_BEI (1<<9)
241 #define TRB_TR_TLBPC_SHIFT 16
242 #define TRB_TR_TLBPC_MASK 0xf
243 #define TRB_TR_FRAMEID_SHIFT 20
244 #define TRB_TR_FRAMEID_MASK 0x7ff
245 #define TRB_TR_SIA (1<<31)
246
247 #define TRB_TR_DIR (1<<16)
248
249 #define TRB_CR_SLOTID_SHIFT 24
250 #define TRB_CR_SLOTID_MASK 0xff
251 #define TRB_CR_EPID_SHIFT 16
252 #define TRB_CR_EPID_MASK 0x1f
253
254 #define TRB_CR_BSR (1<<9)
255 #define TRB_CR_DC (1<<9)
256
257 #define TRB_LK_TC (1<<1)
258
259 #define EP_TYPE_MASK 0x7
260 #define EP_TYPE_SHIFT 3
261
262 #define EP_STATE_MASK 0x7
263 #define EP_DISABLED (0<<0)
264 #define EP_RUNNING (1<<0)
265 #define EP_HALTED (2<<0)
266 #define EP_STOPPED (3<<0)
267 #define EP_ERROR (4<<0)
268
269 #define SLOT_STATE_MASK 0x1f
270 #define SLOT_STATE_SHIFT 27
271 #define SLOT_STATE(s) (((s)>>SLOT_STATE_SHIFT)&SLOT_STATE_MASK)
272 #define SLOT_ENABLED 0
273 #define SLOT_DEFAULT 1
274 #define SLOT_ADDRESSED 2
275 #define SLOT_CONFIGURED 3
276
277 #define SLOT_CONTEXT_ENTRIES_MASK 0x1f
278 #define SLOT_CONTEXT_ENTRIES_SHIFT 27
279
280 typedef enum EPType {
281 ET_INVALID = 0,
282 ET_ISO_OUT,
283 ET_BULK_OUT,
284 ET_INTR_OUT,
285 ET_CONTROL,
286 ET_ISO_IN,
287 ET_BULK_IN,
288 ET_INTR_IN,
289 } EPType;
290
291 typedef struct XHCIRing {
292 dma_addr_t base;
293 dma_addr_t dequeue;
294 bool ccs;
295 } XHCIRing;
296
297 typedef struct XHCIPort {
298 USBPort port;
299 uint32_t portsc;
300 } XHCIPort;
301
302 struct XHCIState;
303 typedef struct XHCIState XHCIState;
304
305 typedef struct XHCITransfer {
306 XHCIState *xhci;
307 USBPacket packet;
308 bool running_async;
309 bool running_retry;
310 bool cancelled;
311 bool complete;
312 unsigned int iso_pkts;
313 unsigned int slotid;
314 unsigned int epid;
315 bool in_xfer;
316 bool iso_xfer;
317
318 unsigned int trb_count;
319 unsigned int trb_alloced;
320 XHCITRB *trbs;
321
322 unsigned int data_length;
323 unsigned int data_alloced;
324 uint8_t *data;
325
326 TRBCCode status;
327
328 unsigned int pkts;
329 unsigned int pktsize;
330 unsigned int cur_pkt;
331 } XHCITransfer;
332
333 typedef struct XHCIEPContext {
334 XHCIRing ring;
335 unsigned int next_xfer;
336 unsigned int comp_xfer;
337 XHCITransfer transfers[TD_QUEUE];
338 XHCITransfer *retry;
339 EPType type;
340 dma_addr_t pctx;
341 unsigned int max_psize;
342 uint32_t state;
343 } XHCIEPContext;
344
345 typedef struct XHCISlot {
346 bool enabled;
347 dma_addr_t ctx;
348 unsigned int port;
349 unsigned int devaddr;
350 XHCIEPContext * eps[31];
351 } XHCISlot;
352
353 typedef struct XHCIEvent {
354 TRBType type;
355 TRBCCode ccode;
356 uint64_t ptr;
357 uint32_t length;
358 uint32_t flags;
359 uint8_t slotid;
360 uint8_t epid;
361 } XHCIEvent;
362
363 struct XHCIState {
364 PCIDevice pci_dev;
365 USBBus bus;
366 qemu_irq irq;
367 MemoryRegion mem;
368 const char *name;
369 uint32_t msi;
370 unsigned int devaddr;
371
372 /* Operational Registers */
373 uint32_t usbcmd;
374 uint32_t usbsts;
375 uint32_t dnctrl;
376 uint32_t crcr_low;
377 uint32_t crcr_high;
378 uint32_t dcbaap_low;
379 uint32_t dcbaap_high;
380 uint32_t config;
381
382 XHCIPort ports[MAXPORTS];
383 XHCISlot slots[MAXSLOTS];
384
385 /* Runtime Registers */
386 uint32_t mfindex;
387 /* note: we only support one interrupter */
388 uint32_t iman;
389 uint32_t imod;
390 uint32_t erstsz;
391 uint32_t erstba_low;
392 uint32_t erstba_high;
393 uint32_t erdp_low;
394 uint32_t erdp_high;
395
396 dma_addr_t er_start;
397 uint32_t er_size;
398 bool er_pcs;
399 unsigned int er_ep_idx;
400 bool er_full;
401
402 XHCIEvent ev_buffer[EV_QUEUE];
403 unsigned int ev_buffer_put;
404 unsigned int ev_buffer_get;
405
406 XHCIRing cmd_ring;
407 };
408
409 typedef struct XHCIEvRingSeg {
410 uint32_t addr_low;
411 uint32_t addr_high;
412 uint32_t size;
413 uint32_t rsvd;
414 } XHCIEvRingSeg;
415
416 static const char *TRBType_names[] = {
417 [TRB_RESERVED] = "TRB_RESERVED",
418 [TR_NORMAL] = "TR_NORMAL",
419 [TR_SETUP] = "TR_SETUP",
420 [TR_DATA] = "TR_DATA",
421 [TR_STATUS] = "TR_STATUS",
422 [TR_ISOCH] = "TR_ISOCH",
423 [TR_LINK] = "TR_LINK",
424 [TR_EVDATA] = "TR_EVDATA",
425 [TR_NOOP] = "TR_NOOP",
426 [CR_ENABLE_SLOT] = "CR_ENABLE_SLOT",
427 [CR_DISABLE_SLOT] = "CR_DISABLE_SLOT",
428 [CR_ADDRESS_DEVICE] = "CR_ADDRESS_DEVICE",
429 [CR_CONFIGURE_ENDPOINT] = "CR_CONFIGURE_ENDPOINT",
430 [CR_EVALUATE_CONTEXT] = "CR_EVALUATE_CONTEXT",
431 [CR_RESET_ENDPOINT] = "CR_RESET_ENDPOINT",
432 [CR_STOP_ENDPOINT] = "CR_STOP_ENDPOINT",
433 [CR_SET_TR_DEQUEUE] = "CR_SET_TR_DEQUEUE",
434 [CR_RESET_DEVICE] = "CR_RESET_DEVICE",
435 [CR_FORCE_EVENT] = "CR_FORCE_EVENT",
436 [CR_NEGOTIATE_BW] = "CR_NEGOTIATE_BW",
437 [CR_SET_LATENCY_TOLERANCE] = "CR_SET_LATENCY_TOLERANCE",
438 [CR_GET_PORT_BANDWIDTH] = "CR_GET_PORT_BANDWIDTH",
439 [CR_FORCE_HEADER] = "CR_FORCE_HEADER",
440 [CR_NOOP] = "CR_NOOP",
441 [ER_TRANSFER] = "ER_TRANSFER",
442 [ER_COMMAND_COMPLETE] = "ER_COMMAND_COMPLETE",
443 [ER_PORT_STATUS_CHANGE] = "ER_PORT_STATUS_CHANGE",
444 [ER_BANDWIDTH_REQUEST] = "ER_BANDWIDTH_REQUEST",
445 [ER_DOORBELL] = "ER_DOORBELL",
446 [ER_HOST_CONTROLLER] = "ER_HOST_CONTROLLER",
447 [ER_DEVICE_NOTIFICATION] = "ER_DEVICE_NOTIFICATION",
448 [ER_MFINDEX_WRAP] = "ER_MFINDEX_WRAP",
449 [CR_VENDOR_VIA_CHALLENGE_RESPONSE] = "CR_VENDOR_VIA_CHALLENGE_RESPONSE",
450 [CR_VENDOR_NEC_FIRMWARE_REVISION] = "CR_VENDOR_NEC_FIRMWARE_REVISION",
451 [CR_VENDOR_NEC_CHALLENGE_RESPONSE] = "CR_VENDOR_NEC_CHALLENGE_RESPONSE",
452 };
453
454 static const char *lookup_name(uint32_t index, const char **list, uint32_t llen)
455 {
456 if (index >= llen || list[index] == NULL) {
457 return "???";
458 }
459 return list[index];
460 }
461
462 static const char *trb_name(XHCITRB *trb)
463 {
464 return lookup_name(TRB_TYPE(*trb), TRBType_names,
465 ARRAY_SIZE(TRBType_names));
466 }
467
468 static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid,
469 unsigned int epid);
470
471 static inline dma_addr_t xhci_addr64(uint32_t low, uint32_t high)
472 {
473 if (sizeof(dma_addr_t) == 4) {
474 return low;
475 } else {
476 return low | (((dma_addr_t)high << 16) << 16);
477 }
478 }
479
480 static inline dma_addr_t xhci_mask64(uint64_t addr)
481 {
482 if (sizeof(dma_addr_t) == 4) {
483 return addr & 0xffffffff;
484 } else {
485 return addr;
486 }
487 }
488
489 static void xhci_irq_update(XHCIState *xhci)
490 {
491 int level = 0;
492
493 if (xhci->iman & IMAN_IP && xhci->iman & IMAN_IE &&
494 xhci->usbcmd & USBCMD_INTE) {
495 level = 1;
496 }
497
498 if (xhci->msi && msi_enabled(&xhci->pci_dev)) {
499 if (level) {
500 trace_usb_xhci_irq_msi(0);
501 msi_notify(&xhci->pci_dev, 0);
502 }
503 } else {
504 trace_usb_xhci_irq_intx(level);
505 qemu_set_irq(xhci->irq, level);
506 }
507 }
508
509 static inline int xhci_running(XHCIState *xhci)
510 {
511 return !(xhci->usbsts & USBSTS_HCH) && !xhci->er_full;
512 }
513
514 static void xhci_die(XHCIState *xhci)
515 {
516 xhci->usbsts |= USBSTS_HCE;
517 fprintf(stderr, "xhci: asserted controller error\n");
518 }
519
520 static void xhci_write_event(XHCIState *xhci, XHCIEvent *event)
521 {
522 XHCITRB ev_trb;
523 dma_addr_t addr;
524
525 ev_trb.parameter = cpu_to_le64(event->ptr);
526 ev_trb.status = cpu_to_le32(event->length | (event->ccode << 24));
527 ev_trb.control = (event->slotid << 24) | (event->epid << 16) |
528 event->flags | (event->type << TRB_TYPE_SHIFT);
529 if (xhci->er_pcs) {
530 ev_trb.control |= TRB_C;
531 }
532 ev_trb.control = cpu_to_le32(ev_trb.control);
533
534 trace_usb_xhci_queue_event(xhci->er_ep_idx, trb_name(&ev_trb),
535 ev_trb.parameter, ev_trb.status, ev_trb.control);
536
537 addr = xhci->er_start + TRB_SIZE*xhci->er_ep_idx;
538 pci_dma_write(&xhci->pci_dev, addr, &ev_trb, TRB_SIZE);
539
540 xhci->er_ep_idx++;
541 if (xhci->er_ep_idx >= xhci->er_size) {
542 xhci->er_ep_idx = 0;
543 xhci->er_pcs = !xhci->er_pcs;
544 }
545 }
546
547 static void xhci_events_update(XHCIState *xhci)
548 {
549 dma_addr_t erdp;
550 unsigned int dp_idx;
551 bool do_irq = 0;
552
553 if (xhci->usbsts & USBSTS_HCH) {
554 return;
555 }
556
557 erdp = xhci_addr64(xhci->erdp_low, xhci->erdp_high);
558 if (erdp < xhci->er_start ||
559 erdp >= (xhci->er_start + TRB_SIZE*xhci->er_size)) {
560 fprintf(stderr, "xhci: ERDP out of bounds: "DMA_ADDR_FMT"\n", erdp);
561 fprintf(stderr, "xhci: ER at "DMA_ADDR_FMT" len %d\n",
562 xhci->er_start, xhci->er_size);
563 xhci_die(xhci);
564 return;
565 }
566 dp_idx = (erdp - xhci->er_start) / TRB_SIZE;
567 assert(dp_idx < xhci->er_size);
568
569 /* NEC didn't read section 4.9.4 of the spec (v1.0 p139 top Note) and thus
570 * deadlocks when the ER is full. Hack it by holding off events until
571 * the driver decides to free at least half of the ring */
572 if (xhci->er_full) {
573 int er_free = dp_idx - xhci->er_ep_idx;
574 if (er_free <= 0) {
575 er_free += xhci->er_size;
576 }
577 if (er_free < (xhci->er_size/2)) {
578 DPRINTF("xhci_events_update(): event ring still "
579 "more than half full (hack)\n");
580 return;
581 }
582 }
583
584 while (xhci->ev_buffer_put != xhci->ev_buffer_get) {
585 assert(xhci->er_full);
586 if (((xhci->er_ep_idx+1) % xhci->er_size) == dp_idx) {
587 DPRINTF("xhci_events_update(): event ring full again\n");
588 #ifndef ER_FULL_HACK
589 XHCIEvent full = {ER_HOST_CONTROLLER, CC_EVENT_RING_FULL_ERROR};
590 xhci_write_event(xhci, &full);
591 #endif
592 do_irq = 1;
593 break;
594 }
595 XHCIEvent *event = &xhci->ev_buffer[xhci->ev_buffer_get];
596 xhci_write_event(xhci, event);
597 xhci->ev_buffer_get++;
598 do_irq = 1;
599 if (xhci->ev_buffer_get == EV_QUEUE) {
600 xhci->ev_buffer_get = 0;
601 }
602 }
603
604 if (do_irq) {
605 xhci->erdp_low |= ERDP_EHB;
606 xhci->iman |= IMAN_IP;
607 xhci->usbsts |= USBSTS_EINT;
608 xhci_irq_update(xhci);
609 }
610
611 if (xhci->er_full && xhci->ev_buffer_put == xhci->ev_buffer_get) {
612 DPRINTF("xhci_events_update(): event ring no longer full\n");
613 xhci->er_full = 0;
614 }
615 return;
616 }
617
618 static void xhci_event(XHCIState *xhci, XHCIEvent *event)
619 {
620 dma_addr_t erdp;
621 unsigned int dp_idx;
622
623 if (xhci->er_full) {
624 DPRINTF("xhci_event(): ER full, queueing\n");
625 if (((xhci->ev_buffer_put+1) % EV_QUEUE) == xhci->ev_buffer_get) {
626 fprintf(stderr, "xhci: event queue full, dropping event!\n");
627 return;
628 }
629 xhci->ev_buffer[xhci->ev_buffer_put++] = *event;
630 if (xhci->ev_buffer_put == EV_QUEUE) {
631 xhci->ev_buffer_put = 0;
632 }
633 return;
634 }
635
636 erdp = xhci_addr64(xhci->erdp_low, xhci->erdp_high);
637 if (erdp < xhci->er_start ||
638 erdp >= (xhci->er_start + TRB_SIZE*xhci->er_size)) {
639 fprintf(stderr, "xhci: ERDP out of bounds: "DMA_ADDR_FMT"\n", erdp);
640 fprintf(stderr, "xhci: ER at "DMA_ADDR_FMT" len %d\n",
641 xhci->er_start, xhci->er_size);
642 xhci_die(xhci);
643 return;
644 }
645
646 dp_idx = (erdp - xhci->er_start) / TRB_SIZE;
647 assert(dp_idx < xhci->er_size);
648
649 if ((xhci->er_ep_idx+1) % xhci->er_size == dp_idx) {
650 DPRINTF("xhci_event(): ER full, queueing\n");
651 #ifndef ER_FULL_HACK
652 XHCIEvent full = {ER_HOST_CONTROLLER, CC_EVENT_RING_FULL_ERROR};
653 xhci_write_event(xhci, &full);
654 #endif
655 xhci->er_full = 1;
656 if (((xhci->ev_buffer_put+1) % EV_QUEUE) == xhci->ev_buffer_get) {
657 fprintf(stderr, "xhci: event queue full, dropping event!\n");
658 return;
659 }
660 xhci->ev_buffer[xhci->ev_buffer_put++] = *event;
661 if (xhci->ev_buffer_put == EV_QUEUE) {
662 xhci->ev_buffer_put = 0;
663 }
664 } else {
665 xhci_write_event(xhci, event);
666 }
667
668 xhci->erdp_low |= ERDP_EHB;
669 xhci->iman |= IMAN_IP;
670 xhci->usbsts |= USBSTS_EINT;
671
672 xhci_irq_update(xhci);
673 }
674
675 static void xhci_ring_init(XHCIState *xhci, XHCIRing *ring,
676 dma_addr_t base)
677 {
678 ring->base = base;
679 ring->dequeue = base;
680 ring->ccs = 1;
681 }
682
683 static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
684 dma_addr_t *addr)
685 {
686 while (1) {
687 TRBType type;
688 pci_dma_read(&xhci->pci_dev, ring->dequeue, trb, TRB_SIZE);
689 trb->addr = ring->dequeue;
690 trb->ccs = ring->ccs;
691 le64_to_cpus(&trb->parameter);
692 le32_to_cpus(&trb->status);
693 le32_to_cpus(&trb->control);
694
695 trace_usb_xhci_fetch_trb(ring->dequeue, trb_name(trb),
696 trb->parameter, trb->status, trb->control);
697
698 if ((trb->control & TRB_C) != ring->ccs) {
699 return 0;
700 }
701
702 type = TRB_TYPE(*trb);
703
704 if (type != TR_LINK) {
705 if (addr) {
706 *addr = ring->dequeue;
707 }
708 ring->dequeue += TRB_SIZE;
709 return type;
710 } else {
711 ring->dequeue = xhci_mask64(trb->parameter);
712 if (trb->control & TRB_LK_TC) {
713 ring->ccs = !ring->ccs;
714 }
715 }
716 }
717 }
718
719 static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
720 {
721 XHCITRB trb;
722 int length = 0;
723 dma_addr_t dequeue = ring->dequeue;
724 bool ccs = ring->ccs;
725 /* hack to bundle together the two/three TDs that make a setup transfer */
726 bool control_td_set = 0;
727
728 while (1) {
729 TRBType type;
730 pci_dma_read(&xhci->pci_dev, dequeue, &trb, TRB_SIZE);
731 le64_to_cpus(&trb.parameter);
732 le32_to_cpus(&trb.status);
733 le32_to_cpus(&trb.control);
734
735 if ((trb.control & TRB_C) != ccs) {
736 return -length;
737 }
738
739 type = TRB_TYPE(trb);
740
741 if (type == TR_LINK) {
742 dequeue = xhci_mask64(trb.parameter);
743 if (trb.control & TRB_LK_TC) {
744 ccs = !ccs;
745 }
746 continue;
747 }
748
749 length += 1;
750 dequeue += TRB_SIZE;
751
752 if (type == TR_SETUP) {
753 control_td_set = 1;
754 } else if (type == TR_STATUS) {
755 control_td_set = 0;
756 }
757
758 if (!control_td_set && !(trb.control & TRB_TR_CH)) {
759 return length;
760 }
761 }
762 }
763
764 static void xhci_er_reset(XHCIState *xhci)
765 {
766 XHCIEvRingSeg seg;
767
768 /* cache the (sole) event ring segment location */
769 if (xhci->erstsz != 1) {
770 fprintf(stderr, "xhci: invalid value for ERSTSZ: %d\n", xhci->erstsz);
771 xhci_die(xhci);
772 return;
773 }
774 dma_addr_t erstba = xhci_addr64(xhci->erstba_low, xhci->erstba_high);
775 pci_dma_read(&xhci->pci_dev, erstba, &seg, sizeof(seg));
776 le32_to_cpus(&seg.addr_low);
777 le32_to_cpus(&seg.addr_high);
778 le32_to_cpus(&seg.size);
779 if (seg.size < 16 || seg.size > 4096) {
780 fprintf(stderr, "xhci: invalid value for segment size: %d\n", seg.size);
781 xhci_die(xhci);
782 return;
783 }
784 xhci->er_start = xhci_addr64(seg.addr_low, seg.addr_high);
785 xhci->er_size = seg.size;
786
787 xhci->er_ep_idx = 0;
788 xhci->er_pcs = 1;
789 xhci->er_full = 0;
790
791 DPRINTF("xhci: event ring:" DMA_ADDR_FMT " [%d]\n",
792 xhci->er_start, xhci->er_size);
793 }
794
795 static void xhci_run(XHCIState *xhci)
796 {
797 trace_usb_xhci_run();
798 xhci->usbsts &= ~USBSTS_HCH;
799 }
800
801 static void xhci_stop(XHCIState *xhci)
802 {
803 trace_usb_xhci_stop();
804 xhci->usbsts |= USBSTS_HCH;
805 xhci->crcr_low &= ~CRCR_CRR;
806 }
807
808 static void xhci_set_ep_state(XHCIState *xhci, XHCIEPContext *epctx,
809 uint32_t state)
810 {
811 uint32_t ctx[5];
812 if (epctx->state == state) {
813 return;
814 }
815
816 pci_dma_read(&xhci->pci_dev, epctx->pctx, ctx, sizeof(ctx));
817 ctx[0] &= ~EP_STATE_MASK;
818 ctx[0] |= state;
819 ctx[2] = epctx->ring.dequeue | epctx->ring.ccs;
820 ctx[3] = (epctx->ring.dequeue >> 16) >> 16;
821 DPRINTF("xhci: set epctx: " DMA_ADDR_FMT " state=%d dequeue=%08x%08x\n",
822 epctx->pctx, state, ctx[3], ctx[2]);
823 pci_dma_write(&xhci->pci_dev, epctx->pctx, ctx, sizeof(ctx));
824 epctx->state = state;
825 }
826
827 static TRBCCode xhci_enable_ep(XHCIState *xhci, unsigned int slotid,
828 unsigned int epid, dma_addr_t pctx,
829 uint32_t *ctx)
830 {
831 XHCISlot *slot;
832 XHCIEPContext *epctx;
833 dma_addr_t dequeue;
834 int i;
835
836 trace_usb_xhci_ep_enable(slotid, epid);
837 assert(slotid >= 1 && slotid <= MAXSLOTS);
838 assert(epid >= 1 && epid <= 31);
839
840 slot = &xhci->slots[slotid-1];
841 if (slot->eps[epid-1]) {
842 fprintf(stderr, "xhci: slot %d ep %d already enabled!\n", slotid, epid);
843 return CC_TRB_ERROR;
844 }
845
846 epctx = g_malloc(sizeof(XHCIEPContext));
847 memset(epctx, 0, sizeof(XHCIEPContext));
848
849 slot->eps[epid-1] = epctx;
850
851 dequeue = xhci_addr64(ctx[2] & ~0xf, ctx[3]);
852 xhci_ring_init(xhci, &epctx->ring, dequeue);
853 epctx->ring.ccs = ctx[2] & 1;
854
855 epctx->type = (ctx[1] >> EP_TYPE_SHIFT) & EP_TYPE_MASK;
856 DPRINTF("xhci: endpoint %d.%d type is %d\n", epid/2, epid%2, epctx->type);
857 epctx->pctx = pctx;
858 epctx->max_psize = ctx[1]>>16;
859 epctx->max_psize *= 1+((ctx[1]>>8)&0xff);
860 DPRINTF("xhci: endpoint %d.%d max transaction (burst) size is %d\n",
861 epid/2, epid%2, epctx->max_psize);
862 for (i = 0; i < ARRAY_SIZE(epctx->transfers); i++) {
863 usb_packet_init(&epctx->transfers[i].packet);
864 }
865
866 epctx->state = EP_RUNNING;
867 ctx[0] &= ~EP_STATE_MASK;
868 ctx[0] |= EP_RUNNING;
869
870 return CC_SUCCESS;
871 }
872
873 static int xhci_ep_nuke_xfers(XHCIState *xhci, unsigned int slotid,
874 unsigned int epid)
875 {
876 XHCISlot *slot;
877 XHCIEPContext *epctx;
878 int i, xferi, killed = 0;
879 assert(slotid >= 1 && slotid <= MAXSLOTS);
880 assert(epid >= 1 && epid <= 31);
881
882 DPRINTF("xhci_ep_nuke_xfers(%d, %d)\n", slotid, epid);
883
884 slot = &xhci->slots[slotid-1];
885
886 if (!slot->eps[epid-1]) {
887 return 0;
888 }
889
890 epctx = slot->eps[epid-1];
891
892 xferi = epctx->next_xfer;
893 for (i = 0; i < TD_QUEUE; i++) {
894 XHCITransfer *t = &epctx->transfers[xferi];
895 if (t->running_async) {
896 usb_cancel_packet(&t->packet);
897 t->running_async = 0;
898 t->cancelled = 1;
899 DPRINTF("xhci: cancelling transfer %d, waiting for it to complete...\n", i);
900 killed++;
901 }
902 if (t->running_retry) {
903 t->running_retry = 0;
904 epctx->retry = NULL;
905 }
906 if (t->trbs) {
907 g_free(t->trbs);
908 }
909 if (t->data) {
910 g_free(t->data);
911 }
912
913 t->trbs = NULL;
914 t->data = NULL;
915 t->trb_count = t->trb_alloced = 0;
916 t->data_length = t->data_alloced = 0;
917 xferi = (xferi + 1) % TD_QUEUE;
918 }
919 return killed;
920 }
921
922 static TRBCCode xhci_disable_ep(XHCIState *xhci, unsigned int slotid,
923 unsigned int epid)
924 {
925 XHCISlot *slot;
926 XHCIEPContext *epctx;
927
928 trace_usb_xhci_ep_disable(slotid, epid);
929 assert(slotid >= 1 && slotid <= MAXSLOTS);
930 assert(epid >= 1 && epid <= 31);
931
932 slot = &xhci->slots[slotid-1];
933
934 if (!slot->eps[epid-1]) {
935 DPRINTF("xhci: slot %d ep %d already disabled\n", slotid, epid);
936 return CC_SUCCESS;
937 }
938
939 xhci_ep_nuke_xfers(xhci, slotid, epid);
940
941 epctx = slot->eps[epid-1];
942
943 xhci_set_ep_state(xhci, epctx, EP_DISABLED);
944
945 g_free(epctx);
946 slot->eps[epid-1] = NULL;
947
948 return CC_SUCCESS;
949 }
950
951 static TRBCCode xhci_stop_ep(XHCIState *xhci, unsigned int slotid,
952 unsigned int epid)
953 {
954 XHCISlot *slot;
955 XHCIEPContext *epctx;
956
957 trace_usb_xhci_ep_stop(slotid, epid);
958 assert(slotid >= 1 && slotid <= MAXSLOTS);
959
960 if (epid < 1 || epid > 31) {
961 fprintf(stderr, "xhci: bad ep %d\n", epid);
962 return CC_TRB_ERROR;
963 }
964
965 slot = &xhci->slots[slotid-1];
966
967 if (!slot->eps[epid-1]) {
968 DPRINTF("xhci: slot %d ep %d not enabled\n", slotid, epid);
969 return CC_EP_NOT_ENABLED_ERROR;
970 }
971
972 if (xhci_ep_nuke_xfers(xhci, slotid, epid) > 0) {
973 fprintf(stderr, "xhci: FIXME: endpoint stopped w/ xfers running, "
974 "data might be lost\n");
975 }
976
977 epctx = slot->eps[epid-1];
978
979 xhci_set_ep_state(xhci, epctx, EP_STOPPED);
980
981 return CC_SUCCESS;
982 }
983
984 static TRBCCode xhci_reset_ep(XHCIState *xhci, unsigned int slotid,
985 unsigned int epid)
986 {
987 XHCISlot *slot;
988 XHCIEPContext *epctx;
989 USBDevice *dev;
990
991 trace_usb_xhci_ep_reset(slotid, epid);
992 assert(slotid >= 1 && slotid <= MAXSLOTS);
993
994 if (epid < 1 || epid > 31) {
995 fprintf(stderr, "xhci: bad ep %d\n", epid);
996 return CC_TRB_ERROR;
997 }
998
999 slot = &xhci->slots[slotid-1];
1000
1001 if (!slot->eps[epid-1]) {
1002 DPRINTF("xhci: slot %d ep %d not enabled\n", slotid, epid);
1003 return CC_EP_NOT_ENABLED_ERROR;
1004 }
1005
1006 epctx = slot->eps[epid-1];
1007
1008 if (epctx->state != EP_HALTED) {
1009 fprintf(stderr, "xhci: reset EP while EP %d not halted (%d)\n",
1010 epid, epctx->state);
1011 return CC_CONTEXT_STATE_ERROR;
1012 }
1013
1014 if (xhci_ep_nuke_xfers(xhci, slotid, epid) > 0) {
1015 fprintf(stderr, "xhci: FIXME: endpoint reset w/ xfers running, "
1016 "data might be lost\n");
1017 }
1018
1019 uint8_t ep = epid>>1;
1020
1021 if (epid & 1) {
1022 ep |= 0x80;
1023 }
1024
1025 dev = xhci->ports[xhci->slots[slotid-1].port-1].port.dev;
1026 if (!dev) {
1027 return CC_USB_TRANSACTION_ERROR;
1028 }
1029
1030 xhci_set_ep_state(xhci, epctx, EP_STOPPED);
1031
1032 return CC_SUCCESS;
1033 }
1034
1035 static TRBCCode xhci_set_ep_dequeue(XHCIState *xhci, unsigned int slotid,
1036 unsigned int epid, uint64_t pdequeue)
1037 {
1038 XHCISlot *slot;
1039 XHCIEPContext *epctx;
1040 dma_addr_t dequeue;
1041
1042 assert(slotid >= 1 && slotid <= MAXSLOTS);
1043
1044 if (epid < 1 || epid > 31) {
1045 fprintf(stderr, "xhci: bad ep %d\n", epid);
1046 return CC_TRB_ERROR;
1047 }
1048
1049 DPRINTF("xhci_set_ep_dequeue(%d, %d, %016"PRIx64")\n", slotid, epid, pdequeue);
1050 dequeue = xhci_mask64(pdequeue);
1051
1052 slot = &xhci->slots[slotid-1];
1053
1054 if (!slot->eps[epid-1]) {
1055 DPRINTF("xhci: slot %d ep %d not enabled\n", slotid, epid);
1056 return CC_EP_NOT_ENABLED_ERROR;
1057 }
1058
1059 epctx = slot->eps[epid-1];
1060
1061
1062 if (epctx->state != EP_STOPPED) {
1063 fprintf(stderr, "xhci: set EP dequeue pointer while EP %d not stopped\n", epid);
1064 return CC_CONTEXT_STATE_ERROR;
1065 }
1066
1067 xhci_ring_init(xhci, &epctx->ring, dequeue & ~0xF);
1068 epctx->ring.ccs = dequeue & 1;
1069
1070 xhci_set_ep_state(xhci, epctx, EP_STOPPED);
1071
1072 return CC_SUCCESS;
1073 }
1074
1075 static int xhci_xfer_data(XHCITransfer *xfer, uint8_t *data,
1076 unsigned int length, bool in_xfer, bool out_xfer,
1077 bool report)
1078 {
1079 int i;
1080 uint32_t edtla = 0;
1081 unsigned int transferred = 0;
1082 unsigned int left = length;
1083 bool reported = 0;
1084 bool shortpkt = 0;
1085 XHCIEvent event = {ER_TRANSFER, CC_SUCCESS};
1086 XHCIState *xhci = xfer->xhci;
1087
1088 DPRINTF("xhci_xfer_data(len=%d, in_xfer=%d, out_xfer=%d, report=%d)\n",
1089 length, in_xfer, out_xfer, report);
1090
1091 assert(!(in_xfer && out_xfer));
1092
1093 for (i = 0; i < xfer->trb_count; i++) {
1094 XHCITRB *trb = &xfer->trbs[i];
1095 dma_addr_t addr;
1096 unsigned int chunk = 0;
1097
1098 switch (TRB_TYPE(*trb)) {
1099 case TR_DATA:
1100 if ((!(trb->control & TRB_TR_DIR)) != (!in_xfer)) {
1101 fprintf(stderr, "xhci: data direction mismatch for TR_DATA\n");
1102 xhci_die(xhci);
1103 return transferred;
1104 }
1105 /* fallthrough */
1106 case TR_NORMAL:
1107 case TR_ISOCH:
1108 addr = xhci_mask64(trb->parameter);
1109 chunk = trb->status & 0x1ffff;
1110 if (chunk > left) {
1111 chunk = left;
1112 shortpkt = 1;
1113 }
1114 if (in_xfer || out_xfer) {
1115 if (trb->control & TRB_TR_IDT) {
1116 uint64_t idata;
1117 if (chunk > 8 || in_xfer) {
1118 fprintf(stderr, "xhci: invalid immediate data TRB\n");
1119 xhci_die(xhci);
1120 return transferred;
1121 }
1122 idata = le64_to_cpu(trb->parameter);
1123 memcpy(data, &idata, chunk);
1124 } else {
1125 DPRINTF("xhci_xfer_data: r/w(%d) %d bytes at "
1126 DMA_ADDR_FMT "\n", in_xfer, chunk, addr);
1127 if (in_xfer) {
1128 pci_dma_write(&xhci->pci_dev, addr, data, chunk);
1129 } else {
1130 pci_dma_read(&xhci->pci_dev, addr, data, chunk);
1131 }
1132 #ifdef DEBUG_DATA
1133 unsigned int count = chunk;
1134 int i;
1135 if (count > 16) {
1136 count = 16;
1137 }
1138 DPRINTF(" ::");
1139 for (i = 0; i < count; i++) {
1140 DPRINTF(" %02x", data[i]);
1141 }
1142 DPRINTF("\n");
1143 #endif
1144 }
1145 }
1146 left -= chunk;
1147 data += chunk;
1148 edtla += chunk;
1149 transferred += chunk;
1150 break;
1151 case TR_STATUS:
1152 reported = 0;
1153 shortpkt = 0;
1154 break;
1155 }
1156
1157 if (report && !reported && (trb->control & TRB_TR_IOC ||
1158 (shortpkt && (trb->control & TRB_TR_ISP)))) {
1159 event.slotid = xfer->slotid;
1160 event.epid = xfer->epid;
1161 event.length = (trb->status & 0x1ffff) - chunk;
1162 event.flags = 0;
1163 event.ptr = trb->addr;
1164 if (xfer->status == CC_SUCCESS) {
1165 event.ccode = shortpkt ? CC_SHORT_PACKET : CC_SUCCESS;
1166 } else {
1167 event.ccode = xfer->status;
1168 }
1169 if (TRB_TYPE(*trb) == TR_EVDATA) {
1170 event.ptr = trb->parameter;
1171 event.flags |= TRB_EV_ED;
1172 event.length = edtla & 0xffffff;
1173 DPRINTF("xhci_xfer_data: EDTLA=%d\n", event.length);
1174 edtla = 0;
1175 }
1176 xhci_event(xhci, &event);
1177 reported = 1;
1178 }
1179 }
1180 return transferred;
1181 }
1182
1183 static void xhci_stall_ep(XHCITransfer *xfer)
1184 {
1185 XHCIState *xhci = xfer->xhci;
1186 XHCISlot *slot = &xhci->slots[xfer->slotid-1];
1187 XHCIEPContext *epctx = slot->eps[xfer->epid-1];
1188
1189 epctx->ring.dequeue = xfer->trbs[0].addr;
1190 epctx->ring.ccs = xfer->trbs[0].ccs;
1191 xhci_set_ep_state(xhci, epctx, EP_HALTED);
1192 DPRINTF("xhci: stalled slot %d ep %d\n", xfer->slotid, xfer->epid);
1193 DPRINTF("xhci: will continue at "DMA_ADDR_FMT"\n", epctx->ring.dequeue);
1194 }
1195
1196 static int xhci_submit(XHCIState *xhci, XHCITransfer *xfer,
1197 XHCIEPContext *epctx);
1198
1199 static int xhci_setup_packet(XHCITransfer *xfer, USBDevice *dev)
1200 {
1201 USBEndpoint *ep;
1202 int dir;
1203
1204 dir = xfer->in_xfer ? USB_TOKEN_IN : USB_TOKEN_OUT;
1205 ep = usb_ep_get(dev, dir, xfer->epid >> 1);
1206 usb_packet_setup(&xfer->packet, dir, ep, xfer->trbs[0].addr);
1207 usb_packet_addbuf(&xfer->packet, xfer->data, xfer->data_length);
1208 DPRINTF("xhci: setup packet pid 0x%x addr %d ep %d\n",
1209 xfer->packet.pid, dev->addr, ep->nr);
1210 return 0;
1211 }
1212
1213 static int xhci_complete_packet(XHCITransfer *xfer, int ret)
1214 {
1215 if (ret == USB_RET_ASYNC) {
1216 trace_usb_xhci_xfer_async(xfer);
1217 xfer->running_async = 1;
1218 xfer->running_retry = 0;
1219 xfer->complete = 0;
1220 xfer->cancelled = 0;
1221 return 0;
1222 } else if (ret == USB_RET_NAK) {
1223 trace_usb_xhci_xfer_nak(xfer);
1224 xfer->running_async = 0;
1225 xfer->running_retry = 1;
1226 xfer->complete = 0;
1227 xfer->cancelled = 0;
1228 return 0;
1229 } else {
1230 xfer->running_async = 0;
1231 xfer->running_retry = 0;
1232 xfer->complete = 1;
1233 }
1234
1235 if (ret >= 0) {
1236 xfer->status = CC_SUCCESS;
1237 xhci_xfer_data(xfer, xfer->data, ret, xfer->in_xfer, 0, 1);
1238 trace_usb_xhci_xfer_success(xfer, ret);
1239 return 0;
1240 }
1241
1242 /* error */
1243 trace_usb_xhci_xfer_error(xfer, ret);
1244 switch (ret) {
1245 case USB_RET_NODEV:
1246 xfer->status = CC_USB_TRANSACTION_ERROR;
1247 xhci_xfer_data(xfer, xfer->data, 0, xfer->in_xfer, 0, 1);
1248 xhci_stall_ep(xfer);
1249 break;
1250 case USB_RET_STALL:
1251 xfer->status = CC_STALL_ERROR;
1252 xhci_xfer_data(xfer, xfer->data, 0, xfer->in_xfer, 0, 1);
1253 xhci_stall_ep(xfer);
1254 break;
1255 default:
1256 fprintf(stderr, "%s: FIXME: ret = %d\n", __FUNCTION__, ret);
1257 FIXME();
1258 }
1259 return 0;
1260 }
1261
1262 static USBDevice *xhci_find_device(XHCIPort *port, uint8_t addr)
1263 {
1264 if (!(port->portsc & PORTSC_PED)) {
1265 return NULL;
1266 }
1267 return usb_find_device(&port->port, addr);
1268 }
1269
1270 static int xhci_fire_ctl_transfer(XHCIState *xhci, XHCITransfer *xfer)
1271 {
1272 XHCITRB *trb_setup, *trb_status;
1273 uint8_t bmRequestType;
1274 uint16_t wLength;
1275 XHCIPort *port;
1276 USBDevice *dev;
1277 int ret;
1278
1279 trb_setup = &xfer->trbs[0];
1280 trb_status = &xfer->trbs[xfer->trb_count-1];
1281
1282 trace_usb_xhci_xfer_start(xfer, xfer->slotid, xfer->epid,
1283 trb_setup->parameter >> 48);
1284
1285 /* at most one Event Data TRB allowed after STATUS */
1286 if (TRB_TYPE(*trb_status) == TR_EVDATA && xfer->trb_count > 2) {
1287 trb_status--;
1288 }
1289
1290 /* do some sanity checks */
1291 if (TRB_TYPE(*trb_setup) != TR_SETUP) {
1292 fprintf(stderr, "xhci: ep0 first TD not SETUP: %d\n",
1293 TRB_TYPE(*trb_setup));
1294 return -1;
1295 }
1296 if (TRB_TYPE(*trb_status) != TR_STATUS) {
1297 fprintf(stderr, "xhci: ep0 last TD not STATUS: %d\n",
1298 TRB_TYPE(*trb_status));
1299 return -1;
1300 }
1301 if (!(trb_setup->control & TRB_TR_IDT)) {
1302 fprintf(stderr, "xhci: Setup TRB doesn't have IDT set\n");
1303 return -1;
1304 }
1305 if ((trb_setup->status & 0x1ffff) != 8) {
1306 fprintf(stderr, "xhci: Setup TRB has bad length (%d)\n",
1307 (trb_setup->status & 0x1ffff));
1308 return -1;
1309 }
1310
1311 bmRequestType = trb_setup->parameter;
1312 wLength = trb_setup->parameter >> 48;
1313
1314 if (xfer->data && xfer->data_alloced < wLength) {
1315 xfer->data_alloced = 0;
1316 g_free(xfer->data);
1317 xfer->data = NULL;
1318 }
1319 if (!xfer->data) {
1320 DPRINTF("xhci: alloc %d bytes data\n", wLength);
1321 xfer->data = g_malloc(wLength+1);
1322 xfer->data_alloced = wLength;
1323 }
1324 xfer->data_length = wLength;
1325
1326 port = &xhci->ports[xhci->slots[xfer->slotid-1].port-1];
1327 dev = xhci_find_device(port, xhci->slots[xfer->slotid-1].devaddr);
1328 if (!dev) {
1329 fprintf(stderr, "xhci: slot %d port %d has no device\n", xfer->slotid,
1330 xhci->slots[xfer->slotid-1].port);
1331 return -1;
1332 }
1333
1334 xfer->in_xfer = bmRequestType & USB_DIR_IN;
1335 xfer->iso_xfer = false;
1336
1337 xhci_setup_packet(xfer, dev);
1338 xfer->packet.parameter = trb_setup->parameter;
1339 if (!xfer->in_xfer) {
1340 xhci_xfer_data(xfer, xfer->data, wLength, 0, 1, 0);
1341 }
1342
1343 ret = usb_handle_packet(dev, &xfer->packet);
1344
1345 xhci_complete_packet(xfer, ret);
1346 if (!xfer->running_async && !xfer->running_retry) {
1347 xhci_kick_ep(xhci, xfer->slotid, xfer->epid);
1348 }
1349 return 0;
1350 }
1351
1352 static int xhci_submit(XHCIState *xhci, XHCITransfer *xfer, XHCIEPContext *epctx)
1353 {
1354 XHCIPort *port;
1355 USBDevice *dev;
1356 int ret;
1357
1358 DPRINTF("xhci_submit(slotid=%d,epid=%d)\n", xfer->slotid, xfer->epid);
1359
1360 xfer->in_xfer = epctx->type>>2;
1361
1362 if (xfer->data && xfer->data_alloced < xfer->data_length) {
1363 xfer->data_alloced = 0;
1364 g_free(xfer->data);
1365 xfer->data = NULL;
1366 }
1367 if (!xfer->data && xfer->data_length) {
1368 DPRINTF("xhci: alloc %d bytes data\n", xfer->data_length);
1369 xfer->data = g_malloc(xfer->data_length);
1370 xfer->data_alloced = xfer->data_length;
1371 }
1372 if (epctx->type == ET_ISO_IN || epctx->type == ET_ISO_OUT) {
1373 xfer->pkts = 1;
1374 } else {
1375 xfer->pkts = 0;
1376 }
1377
1378 port = &xhci->ports[xhci->slots[xfer->slotid-1].port-1];
1379 dev = xhci_find_device(port, xhci->slots[xfer->slotid-1].devaddr);
1380 if (!dev) {
1381 fprintf(stderr, "xhci: slot %d port %d has no device\n", xfer->slotid,
1382 xhci->slots[xfer->slotid-1].port);
1383 return -1;
1384 }
1385
1386 xhci_setup_packet(xfer, dev);
1387
1388 switch(epctx->type) {
1389 case ET_INTR_OUT:
1390 case ET_INTR_IN:
1391 case ET_BULK_OUT:
1392 case ET_BULK_IN:
1393 break;
1394 case ET_ISO_OUT:
1395 case ET_ISO_IN:
1396 FIXME();
1397 break;
1398 default:
1399 fprintf(stderr, "xhci: unknown or unhandled EP "
1400 "(type %d, in %d, ep %02x)\n",
1401 epctx->type, xfer->in_xfer, xfer->epid);
1402 return -1;
1403 }
1404
1405 if (!xfer->in_xfer) {
1406 xhci_xfer_data(xfer, xfer->data, xfer->data_length, 0, 1, 0);
1407 }
1408 ret = usb_handle_packet(dev, &xfer->packet);
1409
1410 xhci_complete_packet(xfer, ret);
1411 if (!xfer->running_async && !xfer->running_retry) {
1412 xhci_kick_ep(xhci, xfer->slotid, xfer->epid);
1413 }
1414 return 0;
1415 }
1416
1417 static int xhci_fire_transfer(XHCIState *xhci, XHCITransfer *xfer, XHCIEPContext *epctx)
1418 {
1419 int i;
1420 unsigned int length = 0;
1421 XHCITRB *trb;
1422
1423 for (i = 0; i < xfer->trb_count; i++) {
1424 trb = &xfer->trbs[i];
1425 if (TRB_TYPE(*trb) == TR_NORMAL || TRB_TYPE(*trb) == TR_ISOCH) {
1426 length += trb->status & 0x1ffff;
1427 }
1428 }
1429
1430 trace_usb_xhci_xfer_start(xfer, xfer->slotid, xfer->epid, length);
1431
1432 xfer->data_length = length;
1433 return xhci_submit(xhci, xfer, epctx);
1434 }
1435
1436 static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid, unsigned int epid)
1437 {
1438 XHCIEPContext *epctx;
1439 int length;
1440 int i;
1441
1442 trace_usb_xhci_ep_kick(slotid, epid);
1443 assert(slotid >= 1 && slotid <= MAXSLOTS);
1444 assert(epid >= 1 && epid <= 31);
1445
1446 if (!xhci->slots[slotid-1].enabled) {
1447 fprintf(stderr, "xhci: xhci_kick_ep for disabled slot %d\n", slotid);
1448 return;
1449 }
1450 epctx = xhci->slots[slotid-1].eps[epid-1];
1451 if (!epctx) {
1452 fprintf(stderr, "xhci: xhci_kick_ep for disabled endpoint %d,%d\n",
1453 epid, slotid);
1454 return;
1455 }
1456
1457 if (epctx->retry) {
1458 /* retry nak'ed transfer */
1459 XHCITransfer *xfer = epctx->retry;
1460 int result;
1461
1462 trace_usb_xhci_xfer_retry(xfer);
1463 assert(xfer->running_retry);
1464 xhci_setup_packet(xfer, xfer->packet.ep->dev);
1465 result = usb_handle_packet(xfer->packet.ep->dev, &xfer->packet);
1466 if (result == USB_RET_NAK) {
1467 return;
1468 }
1469 xhci_complete_packet(xfer, result);
1470 assert(!xfer->running_retry);
1471 epctx->retry = NULL;
1472 }
1473
1474 if (epctx->state == EP_HALTED) {
1475 DPRINTF("xhci: ep halted, not running schedule\n");
1476 return;
1477 }
1478
1479 xhci_set_ep_state(xhci, epctx, EP_RUNNING);
1480
1481 while (1) {
1482 XHCITransfer *xfer = &epctx->transfers[epctx->next_xfer];
1483 if (xfer->running_async || xfer->running_retry) {
1484 break;
1485 }
1486 length = xhci_ring_chain_length(xhci, &epctx->ring);
1487 if (length < 0) {
1488 break;
1489 } else if (length == 0) {
1490 break;
1491 }
1492 if (xfer->trbs && xfer->trb_alloced < length) {
1493 xfer->trb_count = 0;
1494 xfer->trb_alloced = 0;
1495 g_free(xfer->trbs);
1496 xfer->trbs = NULL;
1497 }
1498 if (!xfer->trbs) {
1499 xfer->trbs = g_malloc(sizeof(XHCITRB) * length);
1500 xfer->trb_alloced = length;
1501 }
1502 xfer->trb_count = length;
1503
1504 for (i = 0; i < length; i++) {
1505 assert(xhci_ring_fetch(xhci, &epctx->ring, &xfer->trbs[i], NULL));
1506 }
1507 xfer->xhci = xhci;
1508 xfer->epid = epid;
1509 xfer->slotid = slotid;
1510
1511 if (epid == 1) {
1512 if (xhci_fire_ctl_transfer(xhci, xfer) >= 0) {
1513 epctx->next_xfer = (epctx->next_xfer + 1) % TD_QUEUE;
1514 } else {
1515 fprintf(stderr, "xhci: error firing CTL transfer\n");
1516 }
1517 } else {
1518 if (xhci_fire_transfer(xhci, xfer, epctx) >= 0) {
1519 epctx->next_xfer = (epctx->next_xfer + 1) % TD_QUEUE;
1520 } else {
1521 fprintf(stderr, "xhci: error firing data transfer\n");
1522 }
1523 }
1524
1525 if (epctx->state == EP_HALTED) {
1526 break;
1527 }
1528 if (xfer->running_retry) {
1529 DPRINTF("xhci: xfer nacked, stopping schedule\n");
1530 epctx->retry = xfer;
1531 break;
1532 }
1533 }
1534 }
1535
1536 static TRBCCode xhci_enable_slot(XHCIState *xhci, unsigned int slotid)
1537 {
1538 trace_usb_xhci_slot_enable(slotid);
1539 assert(slotid >= 1 && slotid <= MAXSLOTS);
1540 xhci->slots[slotid-1].enabled = 1;
1541 xhci->slots[slotid-1].port = 0;
1542 memset(xhci->slots[slotid-1].eps, 0, sizeof(XHCIEPContext*)*31);
1543
1544 return CC_SUCCESS;
1545 }
1546
1547 static TRBCCode xhci_disable_slot(XHCIState *xhci, unsigned int slotid)
1548 {
1549 int i;
1550
1551 trace_usb_xhci_slot_disable(slotid);
1552 assert(slotid >= 1 && slotid <= MAXSLOTS);
1553
1554 for (i = 1; i <= 31; i++) {
1555 if (xhci->slots[slotid-1].eps[i-1]) {
1556 xhci_disable_ep(xhci, slotid, i);
1557 }
1558 }
1559
1560 xhci->slots[slotid-1].enabled = 0;
1561 return CC_SUCCESS;
1562 }
1563
1564 static TRBCCode xhci_address_slot(XHCIState *xhci, unsigned int slotid,
1565 uint64_t pictx, bool bsr)
1566 {
1567 XHCISlot *slot;
1568 USBDevice *dev;
1569 dma_addr_t ictx, octx, dcbaap;
1570 uint64_t poctx;
1571 uint32_t ictl_ctx[2];
1572 uint32_t slot_ctx[4];
1573 uint32_t ep0_ctx[5];
1574 unsigned int port;
1575 int i;
1576 TRBCCode res;
1577
1578 trace_usb_xhci_slot_address(slotid);
1579 assert(slotid >= 1 && slotid <= MAXSLOTS);
1580
1581 dcbaap = xhci_addr64(xhci->dcbaap_low, xhci->dcbaap_high);
1582 pci_dma_read(&xhci->pci_dev, dcbaap + 8*slotid, &poctx, sizeof(poctx));
1583 ictx = xhci_mask64(pictx);
1584 octx = xhci_mask64(le64_to_cpu(poctx));
1585
1586 DPRINTF("xhci: input context at "DMA_ADDR_FMT"\n", ictx);
1587 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx);
1588
1589 pci_dma_read(&xhci->pci_dev, ictx, ictl_ctx, sizeof(ictl_ctx));
1590
1591 if (ictl_ctx[0] != 0x0 || ictl_ctx[1] != 0x3) {
1592 fprintf(stderr, "xhci: invalid input context control %08x %08x\n",
1593 ictl_ctx[0], ictl_ctx[1]);
1594 return CC_TRB_ERROR;
1595 }
1596
1597 pci_dma_read(&xhci->pci_dev, ictx+32, slot_ctx, sizeof(slot_ctx));
1598 pci_dma_read(&xhci->pci_dev, ictx+64, ep0_ctx, sizeof(ep0_ctx));
1599
1600 DPRINTF("xhci: input slot context: %08x %08x %08x %08x\n",
1601 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]);
1602
1603 DPRINTF("xhci: input ep0 context: %08x %08x %08x %08x %08x\n",
1604 ep0_ctx[0], ep0_ctx[1], ep0_ctx[2], ep0_ctx[3], ep0_ctx[4]);
1605
1606 port = (slot_ctx[1]>>16) & 0xFF;
1607 dev = xhci->ports[port-1].port.dev;
1608
1609 if (port < 1 || port > MAXPORTS) {
1610 fprintf(stderr, "xhci: bad port %d\n", port);
1611 return CC_TRB_ERROR;
1612 } else if (!dev) {
1613 fprintf(stderr, "xhci: port %d not connected\n", port);
1614 return CC_USB_TRANSACTION_ERROR;
1615 }
1616
1617 for (i = 0; i < MAXSLOTS; i++) {
1618 if (xhci->slots[i].port == port) {
1619 fprintf(stderr, "xhci: port %d already assigned to slot %d\n",
1620 port, i+1);
1621 return CC_TRB_ERROR;
1622 }
1623 }
1624
1625 slot = &xhci->slots[slotid-1];
1626 slot->port = port;
1627 slot->ctx = octx;
1628
1629 if (bsr) {
1630 slot_ctx[3] = SLOT_DEFAULT << SLOT_STATE_SHIFT;
1631 } else {
1632 slot->devaddr = xhci->devaddr++;
1633 slot_ctx[3] = (SLOT_ADDRESSED << SLOT_STATE_SHIFT) | slot->devaddr;
1634 DPRINTF("xhci: device address is %d\n", slot->devaddr);
1635 usb_device_handle_control(dev, NULL,
1636 DeviceOutRequest | USB_REQ_SET_ADDRESS,
1637 slot->devaddr, 0, 0, NULL);
1638 }
1639
1640 res = xhci_enable_ep(xhci, slotid, 1, octx+32, ep0_ctx);
1641
1642 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n",
1643 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]);
1644 DPRINTF("xhci: output ep0 context: %08x %08x %08x %08x %08x\n",
1645 ep0_ctx[0], ep0_ctx[1], ep0_ctx[2], ep0_ctx[3], ep0_ctx[4]);
1646
1647 pci_dma_write(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
1648 pci_dma_write(&xhci->pci_dev, octx+32, ep0_ctx, sizeof(ep0_ctx));
1649
1650 return res;
1651 }
1652
1653
1654 static TRBCCode xhci_configure_slot(XHCIState *xhci, unsigned int slotid,
1655 uint64_t pictx, bool dc)
1656 {
1657 dma_addr_t ictx, octx;
1658 uint32_t ictl_ctx[2];
1659 uint32_t slot_ctx[4];
1660 uint32_t islot_ctx[4];
1661 uint32_t ep_ctx[5];
1662 int i;
1663 TRBCCode res;
1664
1665 trace_usb_xhci_slot_configure(slotid);
1666 assert(slotid >= 1 && slotid <= MAXSLOTS);
1667
1668 ictx = xhci_mask64(pictx);
1669 octx = xhci->slots[slotid-1].ctx;
1670
1671 DPRINTF("xhci: input context at "DMA_ADDR_FMT"\n", ictx);
1672 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx);
1673
1674 if (dc) {
1675 for (i = 2; i <= 31; i++) {
1676 if (xhci->slots[slotid-1].eps[i-1]) {
1677 xhci_disable_ep(xhci, slotid, i);
1678 }
1679 }
1680
1681 pci_dma_read(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
1682 slot_ctx[3] &= ~(SLOT_STATE_MASK << SLOT_STATE_SHIFT);
1683 slot_ctx[3] |= SLOT_ADDRESSED << SLOT_STATE_SHIFT;
1684 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n",
1685 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]);
1686 pci_dma_write(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
1687
1688 return CC_SUCCESS;
1689 }
1690
1691 pci_dma_read(&xhci->pci_dev, ictx, ictl_ctx, sizeof(ictl_ctx));
1692
1693 if ((ictl_ctx[0] & 0x3) != 0x0 || (ictl_ctx[1] & 0x3) != 0x1) {
1694 fprintf(stderr, "xhci: invalid input context control %08x %08x\n",
1695 ictl_ctx[0], ictl_ctx[1]);
1696 return CC_TRB_ERROR;
1697 }
1698
1699 pci_dma_read(&xhci->pci_dev, ictx+32, islot_ctx, sizeof(islot_ctx));
1700 pci_dma_read(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
1701
1702 if (SLOT_STATE(slot_ctx[3]) < SLOT_ADDRESSED) {
1703 fprintf(stderr, "xhci: invalid slot state %08x\n", slot_ctx[3]);
1704 return CC_CONTEXT_STATE_ERROR;
1705 }
1706
1707 for (i = 2; i <= 31; i++) {
1708 if (ictl_ctx[0] & (1<<i)) {
1709 xhci_disable_ep(xhci, slotid, i);
1710 }
1711 if (ictl_ctx[1] & (1<<i)) {
1712 pci_dma_read(&xhci->pci_dev, ictx+32+(32*i), ep_ctx,
1713 sizeof(ep_ctx));
1714 DPRINTF("xhci: input ep%d.%d context: %08x %08x %08x %08x %08x\n",
1715 i/2, i%2, ep_ctx[0], ep_ctx[1], ep_ctx[2],
1716 ep_ctx[3], ep_ctx[4]);
1717 xhci_disable_ep(xhci, slotid, i);
1718 res = xhci_enable_ep(xhci, slotid, i, octx+(32*i), ep_ctx);
1719 if (res != CC_SUCCESS) {
1720 return res;
1721 }
1722 DPRINTF("xhci: output ep%d.%d context: %08x %08x %08x %08x %08x\n",
1723 i/2, i%2, ep_ctx[0], ep_ctx[1], ep_ctx[2],
1724 ep_ctx[3], ep_ctx[4]);
1725 pci_dma_write(&xhci->pci_dev, octx+(32*i), ep_ctx, sizeof(ep_ctx));
1726 }
1727 }
1728
1729 slot_ctx[3] &= ~(SLOT_STATE_MASK << SLOT_STATE_SHIFT);
1730 slot_ctx[3] |= SLOT_CONFIGURED << SLOT_STATE_SHIFT;
1731 slot_ctx[0] &= ~(SLOT_CONTEXT_ENTRIES_MASK << SLOT_CONTEXT_ENTRIES_SHIFT);
1732 slot_ctx[0] |= islot_ctx[0] & (SLOT_CONTEXT_ENTRIES_MASK <<
1733 SLOT_CONTEXT_ENTRIES_SHIFT);
1734 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n",
1735 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]);
1736
1737 pci_dma_write(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
1738
1739 return CC_SUCCESS;
1740 }
1741
1742
1743 static TRBCCode xhci_evaluate_slot(XHCIState *xhci, unsigned int slotid,
1744 uint64_t pictx)
1745 {
1746 dma_addr_t ictx, octx;
1747 uint32_t ictl_ctx[2];
1748 uint32_t iep0_ctx[5];
1749 uint32_t ep0_ctx[5];
1750 uint32_t islot_ctx[4];
1751 uint32_t slot_ctx[4];
1752
1753 trace_usb_xhci_slot_evaluate(slotid);
1754 assert(slotid >= 1 && slotid <= MAXSLOTS);
1755
1756 ictx = xhci_mask64(pictx);
1757 octx = xhci->slots[slotid-1].ctx;
1758
1759 DPRINTF("xhci: input context at "DMA_ADDR_FMT"\n", ictx);
1760 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx);
1761
1762 pci_dma_read(&xhci->pci_dev, ictx, ictl_ctx, sizeof(ictl_ctx));
1763
1764 if (ictl_ctx[0] != 0x0 || ictl_ctx[1] & ~0x3) {
1765 fprintf(stderr, "xhci: invalid input context control %08x %08x\n",
1766 ictl_ctx[0], ictl_ctx[1]);
1767 return CC_TRB_ERROR;
1768 }
1769
1770 if (ictl_ctx[1] & 0x1) {
1771 pci_dma_read(&xhci->pci_dev, ictx+32, islot_ctx, sizeof(islot_ctx));
1772
1773 DPRINTF("xhci: input slot context: %08x %08x %08x %08x\n",
1774 islot_ctx[0], islot_ctx[1], islot_ctx[2], islot_ctx[3]);
1775
1776 pci_dma_read(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
1777
1778 slot_ctx[1] &= ~0xFFFF; /* max exit latency */
1779 slot_ctx[1] |= islot_ctx[1] & 0xFFFF;
1780 slot_ctx[2] &= ~0xFF00000; /* interrupter target */
1781 slot_ctx[2] |= islot_ctx[2] & 0xFF000000;
1782
1783 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n",
1784 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]);
1785
1786 pci_dma_write(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
1787 }
1788
1789 if (ictl_ctx[1] & 0x2) {
1790 pci_dma_read(&xhci->pci_dev, ictx+64, iep0_ctx, sizeof(iep0_ctx));
1791
1792 DPRINTF("xhci: input ep0 context: %08x %08x %08x %08x %08x\n",
1793 iep0_ctx[0], iep0_ctx[1], iep0_ctx[2],
1794 iep0_ctx[3], iep0_ctx[4]);
1795
1796 pci_dma_read(&xhci->pci_dev, octx+32, ep0_ctx, sizeof(ep0_ctx));
1797
1798 ep0_ctx[1] &= ~0xFFFF0000; /* max packet size*/
1799 ep0_ctx[1] |= iep0_ctx[1] & 0xFFFF0000;
1800
1801 DPRINTF("xhci: output ep0 context: %08x %08x %08x %08x %08x\n",
1802 ep0_ctx[0], ep0_ctx[1], ep0_ctx[2], ep0_ctx[3], ep0_ctx[4]);
1803
1804 pci_dma_write(&xhci->pci_dev, octx+32, ep0_ctx, sizeof(ep0_ctx));
1805 }
1806
1807 return CC_SUCCESS;
1808 }
1809
1810 static TRBCCode xhci_reset_slot(XHCIState *xhci, unsigned int slotid)
1811 {
1812 uint32_t slot_ctx[4];
1813 dma_addr_t octx;
1814 int i;
1815
1816 trace_usb_xhci_slot_reset(slotid);
1817 assert(slotid >= 1 && slotid <= MAXSLOTS);
1818
1819 octx = xhci->slots[slotid-1].ctx;
1820
1821 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx);
1822
1823 for (i = 2; i <= 31; i++) {
1824 if (xhci->slots[slotid-1].eps[i-1]) {
1825 xhci_disable_ep(xhci, slotid, i);
1826 }
1827 }
1828
1829 pci_dma_read(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
1830 slot_ctx[3] &= ~(SLOT_STATE_MASK << SLOT_STATE_SHIFT);
1831 slot_ctx[3] |= SLOT_DEFAULT << SLOT_STATE_SHIFT;
1832 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n",
1833 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]);
1834 pci_dma_write(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
1835
1836 return CC_SUCCESS;
1837 }
1838
1839 static unsigned int xhci_get_slot(XHCIState *xhci, XHCIEvent *event, XHCITRB *trb)
1840 {
1841 unsigned int slotid;
1842 slotid = (trb->control >> TRB_CR_SLOTID_SHIFT) & TRB_CR_SLOTID_MASK;
1843 if (slotid < 1 || slotid > MAXSLOTS) {
1844 fprintf(stderr, "xhci: bad slot id %d\n", slotid);
1845 event->ccode = CC_TRB_ERROR;
1846 return 0;
1847 } else if (!xhci->slots[slotid-1].enabled) {
1848 fprintf(stderr, "xhci: slot id %d not enabled\n", slotid);
1849 event->ccode = CC_SLOT_NOT_ENABLED_ERROR;
1850 return 0;
1851 }
1852 return slotid;
1853 }
1854
1855 static TRBCCode xhci_get_port_bandwidth(XHCIState *xhci, uint64_t pctx)
1856 {
1857 dma_addr_t ctx;
1858 uint8_t bw_ctx[MAXPORTS+1];
1859
1860 DPRINTF("xhci_get_port_bandwidth()\n");
1861
1862 ctx = xhci_mask64(pctx);
1863
1864 DPRINTF("xhci: bandwidth context at "DMA_ADDR_FMT"\n", ctx);
1865
1866 /* TODO: actually implement real values here */
1867 bw_ctx[0] = 0;
1868 memset(&bw_ctx[1], 80, MAXPORTS); /* 80% */
1869 pci_dma_write(&xhci->pci_dev, ctx, bw_ctx, sizeof(bw_ctx));
1870
1871 return CC_SUCCESS;
1872 }
1873
1874 static uint32_t rotl(uint32_t v, unsigned count)
1875 {
1876 count &= 31;
1877 return (v << count) | (v >> (32 - count));
1878 }
1879
1880
1881 static uint32_t xhci_nec_challenge(uint32_t hi, uint32_t lo)
1882 {
1883 uint32_t val;
1884 val = rotl(lo - 0x49434878, 32 - ((hi>>8) & 0x1F));
1885 val += rotl(lo + 0x49434878, hi & 0x1F);
1886 val -= rotl(hi ^ 0x49434878, (lo >> 16) & 0x1F);
1887 return ~val;
1888 }
1889
1890 static void xhci_via_challenge(XHCIState *xhci, uint64_t addr)
1891 {
1892 uint32_t buf[8];
1893 uint32_t obuf[8];
1894 dma_addr_t paddr = xhci_mask64(addr);
1895
1896 pci_dma_read(&xhci->pci_dev, paddr, &buf, 32);
1897
1898 memcpy(obuf, buf, sizeof(obuf));
1899
1900 if ((buf[0] & 0xff) == 2) {
1901 obuf[0] = 0x49932000 + 0x54dc200 * buf[2] + 0x7429b578 * buf[3];
1902 obuf[0] |= (buf[2] * buf[3]) & 0xff;
1903 obuf[1] = 0x0132bb37 + 0xe89 * buf[2] + 0xf09 * buf[3];
1904 obuf[2] = 0x0066c2e9 + 0x2091 * buf[2] + 0x19bd * buf[3];
1905 obuf[3] = 0xd5281342 + 0x2cc9691 * buf[2] + 0x2367662 * buf[3];
1906 obuf[4] = 0x0123c75c + 0x1595 * buf[2] + 0x19ec * buf[3];
1907 obuf[5] = 0x00f695de + 0x26fd * buf[2] + 0x3e9 * buf[3];
1908 obuf[6] = obuf[2] ^ obuf[3] ^ 0x29472956;
1909 obuf[7] = obuf[2] ^ obuf[3] ^ 0x65866593;
1910 }
1911
1912 pci_dma_write(&xhci->pci_dev, paddr, &obuf, 32);
1913 }
1914
1915 static void xhci_process_commands(XHCIState *xhci)
1916 {
1917 XHCITRB trb;
1918 TRBType type;
1919 XHCIEvent event = {ER_COMMAND_COMPLETE, CC_SUCCESS};
1920 dma_addr_t addr;
1921 unsigned int i, slotid = 0;
1922
1923 DPRINTF("xhci_process_commands()\n");
1924 if (!xhci_running(xhci)) {
1925 DPRINTF("xhci_process_commands() called while xHC stopped or paused\n");
1926 return;
1927 }
1928
1929 xhci->crcr_low |= CRCR_CRR;
1930
1931 while ((type = xhci_ring_fetch(xhci, &xhci->cmd_ring, &trb, &addr))) {
1932 event.ptr = addr;
1933 switch (type) {
1934 case CR_ENABLE_SLOT:
1935 for (i = 0; i < MAXSLOTS; i++) {
1936 if (!xhci->slots[i].enabled) {
1937 break;
1938 }
1939 }
1940 if (i >= MAXSLOTS) {
1941 fprintf(stderr, "xhci: no device slots available\n");
1942 event.ccode = CC_NO_SLOTS_ERROR;
1943 } else {
1944 slotid = i+1;
1945 event.ccode = xhci_enable_slot(xhci, slotid);
1946 }
1947 break;
1948 case CR_DISABLE_SLOT:
1949 slotid = xhci_get_slot(xhci, &event, &trb);
1950 if (slotid) {
1951 event.ccode = xhci_disable_slot(xhci, slotid);
1952 }
1953 break;
1954 case CR_ADDRESS_DEVICE:
1955 slotid = xhci_get_slot(xhci, &event, &trb);
1956 if (slotid) {
1957 event.ccode = xhci_address_slot(xhci, slotid, trb.parameter,
1958 trb.control & TRB_CR_BSR);
1959 }
1960 break;
1961 case CR_CONFIGURE_ENDPOINT:
1962 slotid = xhci_get_slot(xhci, &event, &trb);
1963 if (slotid) {
1964 event.ccode = xhci_configure_slot(xhci, slotid, trb.parameter,
1965 trb.control & TRB_CR_DC);
1966 }
1967 break;
1968 case CR_EVALUATE_CONTEXT:
1969 slotid = xhci_get_slot(xhci, &event, &trb);
1970 if (slotid) {
1971 event.ccode = xhci_evaluate_slot(xhci, slotid, trb.parameter);
1972 }
1973 break;
1974 case CR_STOP_ENDPOINT:
1975 slotid = xhci_get_slot(xhci, &event, &trb);
1976 if (slotid) {
1977 unsigned int epid = (trb.control >> TRB_CR_EPID_SHIFT)
1978 & TRB_CR_EPID_MASK;
1979 event.ccode = xhci_stop_ep(xhci, slotid, epid);
1980 }
1981 break;
1982 case CR_RESET_ENDPOINT:
1983 slotid = xhci_get_slot(xhci, &event, &trb);
1984 if (slotid) {
1985 unsigned int epid = (trb.control >> TRB_CR_EPID_SHIFT)
1986 & TRB_CR_EPID_MASK;
1987 event.ccode = xhci_reset_ep(xhci, slotid, epid);
1988 }
1989 break;
1990 case CR_SET_TR_DEQUEUE:
1991 slotid = xhci_get_slot(xhci, &event, &trb);
1992 if (slotid) {
1993 unsigned int epid = (trb.control >> TRB_CR_EPID_SHIFT)
1994 & TRB_CR_EPID_MASK;
1995 event.ccode = xhci_set_ep_dequeue(xhci, slotid, epid,
1996 trb.parameter);
1997 }
1998 break;
1999 case CR_RESET_DEVICE:
2000 slotid = xhci_get_slot(xhci, &event, &trb);
2001 if (slotid) {
2002 event.ccode = xhci_reset_slot(xhci, slotid);
2003 }
2004 break;
2005 case CR_GET_PORT_BANDWIDTH:
2006 event.ccode = xhci_get_port_bandwidth(xhci, trb.parameter);
2007 break;
2008 case CR_VENDOR_VIA_CHALLENGE_RESPONSE:
2009 xhci_via_challenge(xhci, trb.parameter);
2010 break;
2011 case CR_VENDOR_NEC_FIRMWARE_REVISION:
2012 event.type = 48; /* NEC reply */
2013 event.length = 0x3025;
2014 break;
2015 case CR_VENDOR_NEC_CHALLENGE_RESPONSE:
2016 {
2017 uint32_t chi = trb.parameter >> 32;
2018 uint32_t clo = trb.parameter;
2019 uint32_t val = xhci_nec_challenge(chi, clo);
2020 event.length = val & 0xFFFF;
2021 event.epid = val >> 16;
2022 slotid = val >> 24;
2023 event.type = 48; /* NEC reply */
2024 }
2025 break;
2026 default:
2027 fprintf(stderr, "xhci: unimplemented command %d\n", type);
2028 event.ccode = CC_TRB_ERROR;
2029 break;
2030 }
2031 event.slotid = slotid;
2032 xhci_event(xhci, &event);
2033 }
2034 }
2035
2036 static void xhci_update_port(XHCIState *xhci, XHCIPort *port, int is_detach)
2037 {
2038 int nr = port->port.index + 1;
2039
2040 port->portsc = PORTSC_PP;
2041 if (port->port.dev && port->port.dev->attached && !is_detach) {
2042 port->portsc |= PORTSC_CCS;
2043 switch (port->port.dev->speed) {
2044 case USB_SPEED_LOW:
2045 port->portsc |= PORTSC_SPEED_LOW;
2046 break;
2047 case USB_SPEED_FULL:
2048 port->portsc |= PORTSC_SPEED_FULL;
2049 break;
2050 case USB_SPEED_HIGH:
2051 port->portsc |= PORTSC_SPEED_HIGH;
2052 break;
2053 }
2054 }
2055
2056 if (xhci_running(xhci)) {
2057 port->portsc |= PORTSC_CSC;
2058 XHCIEvent ev = { ER_PORT_STATUS_CHANGE, CC_SUCCESS, nr << 24};
2059 xhci_event(xhci, &ev);
2060 DPRINTF("xhci: port change event for port %d\n", nr);
2061 }
2062 }
2063
2064 static void xhci_reset(DeviceState *dev)
2065 {
2066 XHCIState *xhci = DO_UPCAST(XHCIState, pci_dev.qdev, dev);
2067 int i;
2068
2069 trace_usb_xhci_reset();
2070 if (!(xhci->usbsts & USBSTS_HCH)) {
2071 fprintf(stderr, "xhci: reset while running!\n");
2072 }
2073
2074 xhci->usbcmd = 0;
2075 xhci->usbsts = USBSTS_HCH;
2076 xhci->dnctrl = 0;
2077 xhci->crcr_low = 0;
2078 xhci->crcr_high = 0;
2079 xhci->dcbaap_low = 0;
2080 xhci->dcbaap_high = 0;
2081 xhci->config = 0;
2082 xhci->devaddr = 2;
2083
2084 for (i = 0; i < MAXSLOTS; i++) {
2085 xhci_disable_slot(xhci, i+1);
2086 }
2087
2088 for (i = 0; i < MAXPORTS; i++) {
2089 xhci_update_port(xhci, xhci->ports + i, 0);
2090 }
2091
2092 xhci->mfindex = 0;
2093 xhci->iman = 0;
2094 xhci->imod = 0;
2095 xhci->erstsz = 0;
2096 xhci->erstba_low = 0;
2097 xhci->erstba_high = 0;
2098 xhci->erdp_low = 0;
2099 xhci->erdp_high = 0;
2100
2101 xhci->er_ep_idx = 0;
2102 xhci->er_pcs = 1;
2103 xhci->er_full = 0;
2104 xhci->ev_buffer_put = 0;
2105 xhci->ev_buffer_get = 0;
2106 }
2107
2108 static uint32_t xhci_cap_read(XHCIState *xhci, uint32_t reg)
2109 {
2110 uint32_t ret;
2111
2112 switch (reg) {
2113 case 0x00: /* HCIVERSION, CAPLENGTH */
2114 ret = 0x01000000 | LEN_CAP;
2115 break;
2116 case 0x04: /* HCSPARAMS 1 */
2117 ret = (MAXPORTS<<24) | (MAXINTRS<<8) | MAXSLOTS;
2118 break;
2119 case 0x08: /* HCSPARAMS 2 */
2120 ret = 0x0000000f;
2121 break;
2122 case 0x0c: /* HCSPARAMS 3 */
2123 ret = 0x00000000;
2124 break;
2125 case 0x10: /* HCCPARAMS */
2126 if (sizeof(dma_addr_t) == 4) {
2127 ret = 0x00081000;
2128 } else {
2129 ret = 0x00081001;
2130 }
2131 break;
2132 case 0x14: /* DBOFF */
2133 ret = OFF_DOORBELL;
2134 break;
2135 case 0x18: /* RTSOFF */
2136 ret = OFF_RUNTIME;
2137 break;
2138
2139 /* extended capabilities */
2140 case 0x20: /* Supported Protocol:00 */
2141 ret = 0x02000402; /* USB 2.0 */
2142 break;
2143 case 0x24: /* Supported Protocol:04 */
2144 ret = 0x20425455; /* "USB " */
2145 break;
2146 case 0x28: /* Supported Protocol:08 */
2147 ret = 0x00000001 | (USB2_PORTS<<8);
2148 break;
2149 case 0x2c: /* Supported Protocol:0c */
2150 ret = 0x00000000; /* reserved */
2151 break;
2152 case 0x30: /* Supported Protocol:00 */
2153 ret = 0x03000002; /* USB 3.0 */
2154 break;
2155 case 0x34: /* Supported Protocol:04 */
2156 ret = 0x20425455; /* "USB " */
2157 break;
2158 case 0x38: /* Supported Protocol:08 */
2159 ret = 0x00000000 | (USB2_PORTS+1) | (USB3_PORTS<<8);
2160 break;
2161 case 0x3c: /* Supported Protocol:0c */
2162 ret = 0x00000000; /* reserved */
2163 break;
2164 default:
2165 fprintf(stderr, "xhci_cap_read: reg %d unimplemented\n", reg);
2166 ret = 0;
2167 }
2168
2169 trace_usb_xhci_cap_read(reg, ret);
2170 return ret;
2171 }
2172
2173 static uint32_t xhci_port_read(XHCIState *xhci, uint32_t reg)
2174 {
2175 uint32_t port = reg >> 4;
2176 uint32_t ret;
2177
2178 if (port >= MAXPORTS) {
2179 fprintf(stderr, "xhci_port_read: port %d out of bounds\n", port);
2180 ret = 0;
2181 goto out;
2182 }
2183
2184 switch (reg & 0xf) {
2185 case 0x00: /* PORTSC */
2186 ret = xhci->ports[port].portsc;
2187 break;
2188 case 0x04: /* PORTPMSC */
2189 case 0x08: /* PORTLI */
2190 ret = 0;
2191 break;
2192 case 0x0c: /* reserved */
2193 default:
2194 fprintf(stderr, "xhci_port_read (port %d): reg 0x%x unimplemented\n",
2195 port, reg);
2196 ret = 0;
2197 }
2198
2199 out:
2200 trace_usb_xhci_port_read(port, reg & 0x0f, ret);
2201 return ret;
2202 }
2203
2204 static void xhci_port_write(XHCIState *xhci, uint32_t reg, uint32_t val)
2205 {
2206 uint32_t port = reg >> 4;
2207 uint32_t portsc;
2208
2209 trace_usb_xhci_port_write(port, reg & 0x0f, val);
2210
2211 if (port >= MAXPORTS) {
2212 fprintf(stderr, "xhci_port_read: port %d out of bounds\n", port);
2213 return;
2214 }
2215
2216 switch (reg & 0xf) {
2217 case 0x00: /* PORTSC */
2218 portsc = xhci->ports[port].portsc;
2219 /* write-1-to-clear bits*/
2220 portsc &= ~(val & (PORTSC_CSC|PORTSC_PEC|PORTSC_WRC|PORTSC_OCC|
2221 PORTSC_PRC|PORTSC_PLC|PORTSC_CEC));
2222 if (val & PORTSC_LWS) {
2223 /* overwrite PLS only when LWS=1 */
2224 portsc &= ~(PORTSC_PLS_MASK << PORTSC_PLS_SHIFT);
2225 portsc |= val & (PORTSC_PLS_MASK << PORTSC_PLS_SHIFT);
2226 }
2227 /* read/write bits */
2228 portsc &= ~(PORTSC_PP|PORTSC_WCE|PORTSC_WDE|PORTSC_WOE);
2229 portsc |= (val & (PORTSC_PP|PORTSC_WCE|PORTSC_WDE|PORTSC_WOE));
2230 /* write-1-to-start bits */
2231 if (val & PORTSC_PR) {
2232 DPRINTF("xhci: port %d reset\n", port);
2233 usb_device_reset(xhci->ports[port].port.dev);
2234 portsc |= PORTSC_PRC | PORTSC_PED;
2235 }
2236 xhci->ports[port].portsc = portsc;
2237 break;
2238 case 0x04: /* PORTPMSC */
2239 case 0x08: /* PORTLI */
2240 default:
2241 fprintf(stderr, "xhci_port_write (port %d): reg 0x%x unimplemented\n",
2242 port, reg);
2243 }
2244 }
2245
2246 static uint32_t xhci_oper_read(XHCIState *xhci, uint32_t reg)
2247 {
2248 uint32_t ret;
2249
2250 if (reg >= 0x400) {
2251 return xhci_port_read(xhci, reg - 0x400);
2252 }
2253
2254 switch (reg) {
2255 case 0x00: /* USBCMD */
2256 ret = xhci->usbcmd;
2257 break;
2258 case 0x04: /* USBSTS */
2259 ret = xhci->usbsts;
2260 break;
2261 case 0x08: /* PAGESIZE */
2262 ret = 1; /* 4KiB */
2263 break;
2264 case 0x14: /* DNCTRL */
2265 ret = xhci->dnctrl;
2266 break;
2267 case 0x18: /* CRCR low */
2268 ret = xhci->crcr_low & ~0xe;
2269 break;
2270 case 0x1c: /* CRCR high */
2271 ret = xhci->crcr_high;
2272 break;
2273 case 0x30: /* DCBAAP low */
2274 ret = xhci->dcbaap_low;
2275 break;
2276 case 0x34: /* DCBAAP high */
2277 ret = xhci->dcbaap_high;
2278 break;
2279 case 0x38: /* CONFIG */
2280 ret = xhci->config;
2281 break;
2282 default:
2283 fprintf(stderr, "xhci_oper_read: reg 0x%x unimplemented\n", reg);
2284 ret = 0;
2285 }
2286
2287 trace_usb_xhci_oper_read(reg, ret);
2288 return ret;
2289 }
2290
2291 static void xhci_oper_write(XHCIState *xhci, uint32_t reg, uint32_t val)
2292 {
2293 if (reg >= 0x400) {
2294 xhci_port_write(xhci, reg - 0x400, val);
2295 return;
2296 }
2297
2298 trace_usb_xhci_oper_write(reg, val);
2299
2300 switch (reg) {
2301 case 0x00: /* USBCMD */
2302 if ((val & USBCMD_RS) && !(xhci->usbcmd & USBCMD_RS)) {
2303 xhci_run(xhci);
2304 } else if (!(val & USBCMD_RS) && (xhci->usbcmd & USBCMD_RS)) {
2305 xhci_stop(xhci);
2306 }
2307 xhci->usbcmd = val & 0xc0f;
2308 if (val & USBCMD_HCRST) {
2309 xhci_reset(&xhci->pci_dev.qdev);
2310 }
2311 xhci_irq_update(xhci);
2312 break;
2313
2314 case 0x04: /* USBSTS */
2315 /* these bits are write-1-to-clear */
2316 xhci->usbsts &= ~(val & (USBSTS_HSE|USBSTS_EINT|USBSTS_PCD|USBSTS_SRE));
2317 xhci_irq_update(xhci);
2318 break;
2319
2320 case 0x14: /* DNCTRL */
2321 xhci->dnctrl = val & 0xffff;
2322 break;
2323 case 0x18: /* CRCR low */
2324 xhci->crcr_low = (val & 0xffffffcf) | (xhci->crcr_low & CRCR_CRR);
2325 break;
2326 case 0x1c: /* CRCR high */
2327 xhci->crcr_high = val;
2328 if (xhci->crcr_low & (CRCR_CA|CRCR_CS) && (xhci->crcr_low & CRCR_CRR)) {
2329 XHCIEvent event = {ER_COMMAND_COMPLETE, CC_COMMAND_RING_STOPPED};
2330 xhci->crcr_low &= ~CRCR_CRR;
2331 xhci_event(xhci, &event);
2332 DPRINTF("xhci: command ring stopped (CRCR=%08x)\n", xhci->crcr_low);
2333 } else {
2334 dma_addr_t base = xhci_addr64(xhci->crcr_low & ~0x3f, val);
2335 xhci_ring_init(xhci, &xhci->cmd_ring, base);
2336 }
2337 xhci->crcr_low &= ~(CRCR_CA | CRCR_CS);
2338 break;
2339 case 0x30: /* DCBAAP low */
2340 xhci->dcbaap_low = val & 0xffffffc0;
2341 break;
2342 case 0x34: /* DCBAAP high */
2343 xhci->dcbaap_high = val;
2344 break;
2345 case 0x38: /* CONFIG */
2346 xhci->config = val & 0xff;
2347 break;
2348 default:
2349 fprintf(stderr, "xhci_oper_write: reg 0x%x unimplemented\n", reg);
2350 }
2351 }
2352
2353 static uint32_t xhci_runtime_read(XHCIState *xhci, uint32_t reg)
2354 {
2355 uint32_t ret;
2356
2357 switch (reg) {
2358 case 0x00: /* MFINDEX */
2359 fprintf(stderr, "xhci_runtime_read: MFINDEX not yet implemented\n");
2360 ret = xhci->mfindex;
2361 break;
2362 case 0x20: /* IMAN */
2363 ret = xhci->iman;
2364 break;
2365 case 0x24: /* IMOD */
2366 ret = xhci->imod;
2367 break;
2368 case 0x28: /* ERSTSZ */
2369 ret = xhci->erstsz;
2370 break;
2371 case 0x30: /* ERSTBA low */
2372 ret = xhci->erstba_low;
2373 break;
2374 case 0x34: /* ERSTBA high */
2375 ret = xhci->erstba_high;
2376 break;
2377 case 0x38: /* ERDP low */
2378 ret = xhci->erdp_low;
2379 break;
2380 case 0x3c: /* ERDP high */
2381 ret = xhci->erdp_high;
2382 break;
2383 default:
2384 fprintf(stderr, "xhci_runtime_read: reg 0x%x unimplemented\n", reg);
2385 ret = 0;
2386 }
2387
2388 trace_usb_xhci_runtime_read(reg, ret);
2389 return ret;
2390 }
2391
2392 static void xhci_runtime_write(XHCIState *xhci, uint32_t reg, uint32_t val)
2393 {
2394 trace_usb_xhci_runtime_read(reg, val);
2395
2396 switch (reg) {
2397 case 0x20: /* IMAN */
2398 if (val & IMAN_IP) {
2399 xhci->iman &= ~IMAN_IP;
2400 }
2401 xhci->iman &= ~IMAN_IE;
2402 xhci->iman |= val & IMAN_IE;
2403 xhci_irq_update(xhci);
2404 break;
2405 case 0x24: /* IMOD */
2406 xhci->imod = val;
2407 break;
2408 case 0x28: /* ERSTSZ */
2409 xhci->erstsz = val & 0xffff;
2410 break;
2411 case 0x30: /* ERSTBA low */
2412 /* XXX NEC driver bug: it doesn't align this to 64 bytes
2413 xhci->erstba_low = val & 0xffffffc0; */
2414 xhci->erstba_low = val & 0xfffffff0;
2415 break;
2416 case 0x34: /* ERSTBA high */
2417 xhci->erstba_high = val;
2418 xhci_er_reset(xhci);
2419 break;
2420 case 0x38: /* ERDP low */
2421 if (val & ERDP_EHB) {
2422 xhci->erdp_low &= ~ERDP_EHB;
2423 }
2424 xhci->erdp_low = (val & ~ERDP_EHB) | (xhci->erdp_low & ERDP_EHB);
2425 break;
2426 case 0x3c: /* ERDP high */
2427 xhci->erdp_high = val;
2428 xhci_events_update(xhci);
2429 break;
2430 default:
2431 fprintf(stderr, "xhci_oper_write: reg 0x%x unimplemented\n", reg);
2432 }
2433 }
2434
2435 static uint32_t xhci_doorbell_read(XHCIState *xhci, uint32_t reg)
2436 {
2437 /* doorbells always read as 0 */
2438 trace_usb_xhci_doorbell_read(reg, 0);
2439 return 0;
2440 }
2441
2442 static void xhci_doorbell_write(XHCIState *xhci, uint32_t reg, uint32_t val)
2443 {
2444 trace_usb_xhci_doorbell_write(reg, val);
2445
2446 if (!xhci_running(xhci)) {
2447 fprintf(stderr, "xhci: wrote doorbell while xHC stopped or paused\n");
2448 return;
2449 }
2450
2451 reg >>= 2;
2452
2453 if (reg == 0) {
2454 if (val == 0) {
2455 xhci_process_commands(xhci);
2456 } else {
2457 fprintf(stderr, "xhci: bad doorbell 0 write: 0x%x\n", val);
2458 }
2459 } else {
2460 if (reg > MAXSLOTS) {
2461 fprintf(stderr, "xhci: bad doorbell %d\n", reg);
2462 } else if (val > 31) {
2463 fprintf(stderr, "xhci: bad doorbell %d write: 0x%x\n", reg, val);
2464 } else {
2465 xhci_kick_ep(xhci, reg, val);
2466 }
2467 }
2468 }
2469
2470 static uint64_t xhci_mem_read(void *ptr, target_phys_addr_t addr,
2471 unsigned size)
2472 {
2473 XHCIState *xhci = ptr;
2474
2475 /* Only aligned reads are allowed on xHCI */
2476 if (addr & 3) {
2477 fprintf(stderr, "xhci_mem_read: Mis-aligned read\n");
2478 return 0;
2479 }
2480
2481 if (addr < LEN_CAP) {
2482 return xhci_cap_read(xhci, addr);
2483 } else if (addr >= OFF_OPER && addr < (OFF_OPER + LEN_OPER)) {
2484 return xhci_oper_read(xhci, addr - OFF_OPER);
2485 } else if (addr >= OFF_RUNTIME && addr < (OFF_RUNTIME + LEN_RUNTIME)) {
2486 return xhci_runtime_read(xhci, addr - OFF_RUNTIME);
2487 } else if (addr >= OFF_DOORBELL && addr < (OFF_DOORBELL + LEN_DOORBELL)) {
2488 return xhci_doorbell_read(xhci, addr - OFF_DOORBELL);
2489 } else {
2490 fprintf(stderr, "xhci_mem_read: Bad offset %x\n", (int)addr);
2491 return 0;
2492 }
2493 }
2494
2495 static void xhci_mem_write(void *ptr, target_phys_addr_t addr,
2496 uint64_t val, unsigned size)
2497 {
2498 XHCIState *xhci = ptr;
2499
2500 /* Only aligned writes are allowed on xHCI */
2501 if (addr & 3) {
2502 fprintf(stderr, "xhci_mem_write: Mis-aligned write\n");
2503 return;
2504 }
2505
2506 if (addr >= OFF_OPER && addr < (OFF_OPER + LEN_OPER)) {
2507 xhci_oper_write(xhci, addr - OFF_OPER, val);
2508 } else if (addr >= OFF_RUNTIME && addr < (OFF_RUNTIME + LEN_RUNTIME)) {
2509 xhci_runtime_write(xhci, addr - OFF_RUNTIME, val);
2510 } else if (addr >= OFF_DOORBELL && addr < (OFF_DOORBELL + LEN_DOORBELL)) {
2511 xhci_doorbell_write(xhci, addr - OFF_DOORBELL, val);
2512 } else {
2513 fprintf(stderr, "xhci_mem_write: Bad offset %x\n", (int)addr);
2514 }
2515 }
2516
2517 static const MemoryRegionOps xhci_mem_ops = {
2518 .read = xhci_mem_read,
2519 .write = xhci_mem_write,
2520 .valid.min_access_size = 4,
2521 .valid.max_access_size = 4,
2522 .endianness = DEVICE_LITTLE_ENDIAN,
2523 };
2524
2525 static void xhci_attach(USBPort *usbport)
2526 {
2527 XHCIState *xhci = usbport->opaque;
2528 XHCIPort *port = &xhci->ports[usbport->index];
2529
2530 xhci_update_port(xhci, port, 0);
2531 }
2532
2533 static void xhci_detach(USBPort *usbport)
2534 {
2535 XHCIState *xhci = usbport->opaque;
2536 XHCIPort *port = &xhci->ports[usbport->index];
2537
2538 xhci_update_port(xhci, port, 1);
2539 }
2540
2541 static void xhci_wakeup(USBPort *usbport)
2542 {
2543 XHCIState *xhci = usbport->opaque;
2544 XHCIPort *port = &xhci->ports[usbport->index];
2545 int nr = port->port.index + 1;
2546 XHCIEvent ev = { ER_PORT_STATUS_CHANGE, CC_SUCCESS, nr << 24};
2547 uint32_t pls;
2548
2549 pls = (port->portsc >> PORTSC_PLS_SHIFT) & PORTSC_PLS_MASK;
2550 if (pls != 3) {
2551 return;
2552 }
2553 port->portsc |= 0xf << PORTSC_PLS_SHIFT;
2554 if (port->portsc & PORTSC_PLC) {
2555 return;
2556 }
2557 port->portsc |= PORTSC_PLC;
2558 xhci_event(xhci, &ev);
2559 }
2560
2561 static void xhci_complete(USBPort *port, USBPacket *packet)
2562 {
2563 XHCITransfer *xfer = container_of(packet, XHCITransfer, packet);
2564
2565 xhci_complete_packet(xfer, packet->result);
2566 xhci_kick_ep(xfer->xhci, xfer->slotid, xfer->epid);
2567 }
2568
2569 static void xhci_child_detach(USBPort *port, USBDevice *child)
2570 {
2571 FIXME();
2572 }
2573
2574 static USBPortOps xhci_port_ops = {
2575 .attach = xhci_attach,
2576 .detach = xhci_detach,
2577 .wakeup = xhci_wakeup,
2578 .complete = xhci_complete,
2579 .child_detach = xhci_child_detach,
2580 };
2581
2582 static int xhci_find_slotid(XHCIState *xhci, USBDevice *dev)
2583 {
2584 XHCISlot *slot;
2585 int slotid;
2586
2587 for (slotid = 1; slotid <= MAXSLOTS; slotid++) {
2588 slot = &xhci->slots[slotid-1];
2589 if (slot->devaddr == dev->addr) {
2590 return slotid;
2591 }
2592 }
2593 return 0;
2594 }
2595
2596 static int xhci_find_epid(USBEndpoint *ep)
2597 {
2598 if (ep->nr == 0) {
2599 return 1;
2600 }
2601 if (ep->pid == USB_TOKEN_IN) {
2602 return ep->nr * 2 + 1;
2603 } else {
2604 return ep->nr * 2;
2605 }
2606 }
2607
2608 static void xhci_wakeup_endpoint(USBBus *bus, USBEndpoint *ep)
2609 {
2610 XHCIState *xhci = container_of(bus, XHCIState, bus);
2611 int slotid;
2612
2613 DPRINTF("%s\n", __func__);
2614 slotid = xhci_find_slotid(xhci, ep->dev);
2615 if (slotid == 0 || !xhci->slots[slotid-1].enabled) {
2616 DPRINTF("%s: oops, no slot for dev %d\n", __func__, ep->dev->addr);
2617 return;
2618 }
2619 xhci_kick_ep(xhci, slotid, xhci_find_epid(ep));
2620 }
2621
2622 static USBBusOps xhci_bus_ops = {
2623 .wakeup_endpoint = xhci_wakeup_endpoint,
2624 };
2625
2626 static void usb_xhci_init(XHCIState *xhci, DeviceState *dev)
2627 {
2628 int i;
2629
2630 xhci->usbsts = USBSTS_HCH;
2631
2632 usb_bus_new(&xhci->bus, &xhci_bus_ops, &xhci->pci_dev.qdev);
2633
2634 for (i = 0; i < MAXPORTS; i++) {
2635 memset(&xhci->ports[i], 0, sizeof(xhci->ports[i]));
2636 usb_register_port(&xhci->bus, &xhci->ports[i].port, xhci, i,
2637 &xhci_port_ops,
2638 USB_SPEED_MASK_LOW |
2639 USB_SPEED_MASK_FULL |
2640 USB_SPEED_MASK_HIGH);
2641 }
2642 for (i = 0; i < MAXSLOTS; i++) {
2643 xhci->slots[i].enabled = 0;
2644 }
2645 }
2646
2647 static int usb_xhci_initfn(struct PCIDevice *dev)
2648 {
2649 int ret;
2650
2651 XHCIState *xhci = DO_UPCAST(XHCIState, pci_dev, dev);
2652
2653 xhci->pci_dev.config[PCI_CLASS_PROG] = 0x30; /* xHCI */
2654 xhci->pci_dev.config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin 1 */
2655 xhci->pci_dev.config[PCI_CACHE_LINE_SIZE] = 0x10;
2656 xhci->pci_dev.config[0x60] = 0x30; /* release number */
2657
2658 usb_xhci_init(xhci, &dev->qdev);
2659
2660 xhci->irq = xhci->pci_dev.irq[0];
2661
2662 memory_region_init_io(&xhci->mem, &xhci_mem_ops, xhci,
2663 "xhci", LEN_REGS);
2664 pci_register_bar(&xhci->pci_dev, 0,
2665 PCI_BASE_ADDRESS_SPACE_MEMORY|PCI_BASE_ADDRESS_MEM_TYPE_64,
2666 &xhci->mem);
2667
2668 ret = pcie_cap_init(&xhci->pci_dev, 0xa0, PCI_EXP_TYPE_ENDPOINT, 0);
2669 assert(ret >= 0);
2670
2671 if (xhci->msi) {
2672 ret = msi_init(&xhci->pci_dev, 0x70, 1, true, false);
2673 assert(ret >= 0);
2674 }
2675
2676 return 0;
2677 }
2678
2679 static void xhci_write_config(PCIDevice *dev, uint32_t addr, uint32_t val,
2680 int len)
2681 {
2682 XHCIState *xhci = DO_UPCAST(XHCIState, pci_dev, dev);
2683
2684 pci_default_write_config(dev, addr, val, len);
2685 if (xhci->msi) {
2686 msi_write_config(dev, addr, val, len);
2687 }
2688 }
2689
2690 static const VMStateDescription vmstate_xhci = {
2691 .name = "xhci",
2692 .unmigratable = 1,
2693 };
2694
2695 static Property xhci_properties[] = {
2696 DEFINE_PROP_UINT32("msi", XHCIState, msi, 0),
2697 DEFINE_PROP_END_OF_LIST(),
2698 };
2699
2700 static void xhci_class_init(ObjectClass *klass, void *data)
2701 {
2702 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2703 DeviceClass *dc = DEVICE_CLASS(klass);
2704
2705 dc->vmsd = &vmstate_xhci;
2706 dc->props = xhci_properties;
2707 dc->reset = xhci_reset;
2708 k->init = usb_xhci_initfn;
2709 k->vendor_id = PCI_VENDOR_ID_NEC;
2710 k->device_id = PCI_DEVICE_ID_NEC_UPD720200;
2711 k->class_id = PCI_CLASS_SERIAL_USB;
2712 k->revision = 0x03;
2713 k->is_express = 1;
2714 k->config_write = xhci_write_config;
2715 }
2716
2717 static TypeInfo xhci_info = {
2718 .name = "nec-usb-xhci",
2719 .parent = TYPE_PCI_DEVICE,
2720 .instance_size = sizeof(XHCIState),
2721 .class_init = xhci_class_init,
2722 };
2723
2724 static void xhci_register_types(void)
2725 {
2726 type_register_static(&xhci_info);
2727 }
2728
2729 type_init(xhci_register_types)
Qemu copy for testing