• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * QEMU USB OHCI Emulation
3  * Copyright (c) 2004 Gianni Tedesco
4  * Copyright (c) 2006 CodeSourcery
5  * Copyright (c) 2006 Openedhand Ltd.
6  *
7  * This library is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2 of the License, or (at your option) any later version.
11  *
12  * This library is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19  *
20  * TODO:
21  *  o Isochronous transfers
22  *  o Allocate bandwidth in frames properly
23  *  o Disable timers when nothing needs to be done, or remove timer usage
24  *    all together.
25  *  o Handle unrecoverable errors properly
26  *  o BIOS work to boot from USB storage
27 */
28 
29 #include "hw.h"
30 #include "qemu-timer.h"
31 #include "usb.h"
32 #include "pci.h"
33 #include "pxa.h"
34 #include "devices.h"
35 
36 //#define DEBUG_OHCI
37 /* Dump packet contents.  */
38 //#define DEBUG_PACKET
39 //#define DEBUG_ISOCH
40 /* This causes frames to occur 1000x slower */
41 //#define OHCI_TIME_WARP 1
42 
43 #ifdef DEBUG_OHCI
44 #define dprintf printf
45 #else
46 #define dprintf(...)
47 #endif
48 
49 /* Number of Downstream Ports on the root hub.  */
50 
51 #define OHCI_MAX_PORTS 15
52 
53 static int64_t usb_frame_time;
54 static int64_t usb_bit_time;
55 
56 typedef struct OHCIPort {
57     USBPort port;
58     uint32_t ctrl;
59 } OHCIPort;
60 
61 enum ohci_type {
62     OHCI_TYPE_PCI,
63     OHCI_TYPE_PXA,
64     OHCI_TYPE_SM501,
65 };
66 
67 typedef struct {
68     qemu_irq irq;
69     enum ohci_type type;
70     int mem;
71     int num_ports;
72     const char *name;
73 
74     QEMUTimer *eof_timer;
75     int64_t sof_time;
76 
77     /* OHCI state */
78     /* Control partition */
79     uint32_t ctl, status;
80     uint32_t intr_status;
81     uint32_t intr;
82 
83     /* memory pointer partition */
84     uint32_t hcca;
85     uint32_t ctrl_head, ctrl_cur;
86     uint32_t bulk_head, bulk_cur;
87     uint32_t per_cur;
88     uint32_t done;
89     int done_count;
90 
91     /* Frame counter partition */
92     uint32_t fsmps:15;
93     uint32_t fit:1;
94     uint32_t fi:14;
95     uint32_t frt:1;
96     uint16_t frame_number;
97     uint16_t padding;
98     uint32_t pstart;
99     uint32_t lst;
100 
101     /* Root Hub partition */
102     uint32_t rhdesc_a, rhdesc_b;
103     uint32_t rhstatus;
104     OHCIPort rhport[OHCI_MAX_PORTS];
105 
106     /* PXA27x Non-OHCI events */
107     uint32_t hstatus;
108     uint32_t hmask;
109     uint32_t hreset;
110     uint32_t htest;
111 
112     /* SM501 local memory offset */
113     target_phys_addr_t localmem_base;
114 
115     /* Active packets.  */
116     uint32_t old_ctl;
117     USBPacket usb_packet;
118     uint8_t usb_buf[8192];
119     uint32_t async_td;
120     int async_complete;
121 
122 } OHCIState;
123 
124 /* Host Controller Communications Area */
125 struct ohci_hcca {
126     uint32_t intr[32];
127     uint16_t frame, pad;
128     uint32_t done;
129 };
130 
131 static void ohci_bus_stop(OHCIState *ohci);
132 
133 /* Bitfields for the first word of an Endpoint Desciptor.  */
134 #define OHCI_ED_FA_SHIFT  0
135 #define OHCI_ED_FA_MASK   (0x7f<<OHCI_ED_FA_SHIFT)
136 #define OHCI_ED_EN_SHIFT  7
137 #define OHCI_ED_EN_MASK   (0xf<<OHCI_ED_EN_SHIFT)
138 #define OHCI_ED_D_SHIFT   11
139 #define OHCI_ED_D_MASK    (3<<OHCI_ED_D_SHIFT)
140 #define OHCI_ED_S         (1<<13)
141 #define OHCI_ED_K         (1<<14)
142 #define OHCI_ED_F         (1<<15)
143 #define OHCI_ED_MPS_SHIFT 16
144 #define OHCI_ED_MPS_MASK  (0x7ff<<OHCI_ED_MPS_SHIFT)
145 
146 /* Flags in the head field of an Endpoint Desciptor.  */
147 #define OHCI_ED_H         1
148 #define OHCI_ED_C         2
149 
150 /* Bitfields for the first word of a Transfer Desciptor.  */
151 #define OHCI_TD_R         (1<<18)
152 #define OHCI_TD_DP_SHIFT  19
153 #define OHCI_TD_DP_MASK   (3<<OHCI_TD_DP_SHIFT)
154 #define OHCI_TD_DI_SHIFT  21
155 #define OHCI_TD_DI_MASK   (7<<OHCI_TD_DI_SHIFT)
156 #define OHCI_TD_T0        (1<<24)
157 #define OHCI_TD_T1        (1<<24)
158 #define OHCI_TD_EC_SHIFT  26
159 #define OHCI_TD_EC_MASK   (3<<OHCI_TD_EC_SHIFT)
160 #define OHCI_TD_CC_SHIFT  28
161 #define OHCI_TD_CC_MASK   (0xf<<OHCI_TD_CC_SHIFT)
162 
163 /* Bitfields for the first word of an Isochronous Transfer Desciptor.  */
164 /* CC & DI - same as in the General Transfer Desciptor */
165 #define OHCI_TD_SF_SHIFT  0
166 #define OHCI_TD_SF_MASK   (0xffff<<OHCI_TD_SF_SHIFT)
167 #define OHCI_TD_FC_SHIFT  24
168 #define OHCI_TD_FC_MASK   (7<<OHCI_TD_FC_SHIFT)
169 
170 /* Isochronous Transfer Desciptor - Offset / PacketStatusWord */
171 #define OHCI_TD_PSW_CC_SHIFT 12
172 #define OHCI_TD_PSW_CC_MASK  (0xf<<OHCI_TD_PSW_CC_SHIFT)
173 #define OHCI_TD_PSW_SIZE_SHIFT 0
174 #define OHCI_TD_PSW_SIZE_MASK  (0xfff<<OHCI_TD_PSW_SIZE_SHIFT)
175 
176 #define OHCI_PAGE_MASK    0xfffff000
177 #define OHCI_OFFSET_MASK  0xfff
178 
179 #define OHCI_DPTR_MASK    0xfffffff0
180 
181 #define OHCI_BM(val, field) \
182   (((val) & OHCI_##field##_MASK) >> OHCI_##field##_SHIFT)
183 
184 #define OHCI_SET_BM(val, field, newval) do { \
185     val &= ~OHCI_##field##_MASK; \
186     val |= ((newval) << OHCI_##field##_SHIFT) & OHCI_##field##_MASK; \
187     } while(0)
188 
189 /* endpoint descriptor */
190 struct ohci_ed {
191     uint32_t flags;
192     uint32_t tail;
193     uint32_t head;
194     uint32_t next;
195 };
196 
197 /* General transfer descriptor */
198 struct ohci_td {
199     uint32_t flags;
200     uint32_t cbp;
201     uint32_t next;
202     uint32_t be;
203 };
204 
205 /* Isochronous transfer descriptor */
206 struct ohci_iso_td {
207     uint32_t flags;
208     uint32_t bp;
209     uint32_t next;
210     uint32_t be;
211     uint16_t offset[8];
212 };
213 
214 #define USB_HZ                      12000000
215 
216 /* OHCI Local stuff */
217 #define OHCI_CTL_CBSR         ((1<<0)|(1<<1))
218 #define OHCI_CTL_PLE          (1<<2)
219 #define OHCI_CTL_IE           (1<<3)
220 #define OHCI_CTL_CLE          (1<<4)
221 #define OHCI_CTL_BLE          (1<<5)
222 #define OHCI_CTL_HCFS         ((1<<6)|(1<<7))
223 #define  OHCI_USB_RESET       0x00
224 #define  OHCI_USB_RESUME      0x40
225 #define  OHCI_USB_OPERATIONAL 0x80
226 #define  OHCI_USB_SUSPEND     0xc0
227 #define OHCI_CTL_IR           (1<<8)
228 #define OHCI_CTL_RWC          (1<<9)
229 #define OHCI_CTL_RWE          (1<<10)
230 
231 #define OHCI_STATUS_HCR       (1<<0)
232 #define OHCI_STATUS_CLF       (1<<1)
233 #define OHCI_STATUS_BLF       (1<<2)
234 #define OHCI_STATUS_OCR       (1<<3)
235 #define OHCI_STATUS_SOC       ((1<<6)|(1<<7))
236 
237 #define OHCI_INTR_SO          (1<<0) /* Scheduling overrun */
238 #define OHCI_INTR_WD          (1<<1) /* HcDoneHead writeback */
239 #define OHCI_INTR_SF          (1<<2) /* Start of frame */
240 #define OHCI_INTR_RD          (1<<3) /* Resume detect */
241 #define OHCI_INTR_UE          (1<<4) /* Unrecoverable error */
242 #define OHCI_INTR_FNO         (1<<5) /* Frame number overflow */
243 #define OHCI_INTR_RHSC        (1<<6) /* Root hub status change */
244 #define OHCI_INTR_OC          (1<<30) /* Ownership change */
245 #define OHCI_INTR_MIE         (1<<31) /* Master Interrupt Enable */
246 
247 #define OHCI_HCCA_SIZE        0x100
248 #define OHCI_HCCA_MASK        0xffffff00
249 
250 #define OHCI_EDPTR_MASK       0xfffffff0
251 
252 #define OHCI_FMI_FI           0x00003fff
253 #define OHCI_FMI_FSMPS        0xffff0000
254 #define OHCI_FMI_FIT          0x80000000
255 
256 #define OHCI_FR_RT            (1<<31)
257 
258 #define OHCI_LS_THRESH        0x628
259 
260 #define OHCI_RHA_RW_MASK      0x00000000 /* Mask of supported features.  */
261 #define OHCI_RHA_PSM          (1<<8)
262 #define OHCI_RHA_NPS          (1<<9)
263 #define OHCI_RHA_DT           (1<<10)
264 #define OHCI_RHA_OCPM         (1<<11)
265 #define OHCI_RHA_NOCP         (1<<12)
266 #define OHCI_RHA_POTPGT_MASK  0xff000000
267 
268 #define OHCI_RHS_LPS          (1<<0)
269 #define OHCI_RHS_OCI          (1<<1)
270 #define OHCI_RHS_DRWE         (1<<15)
271 #define OHCI_RHS_LPSC         (1<<16)
272 #define OHCI_RHS_OCIC         (1<<17)
273 #define OHCI_RHS_CRWE         (1<<31)
274 
275 #define OHCI_PORT_CCS         (1<<0)
276 #define OHCI_PORT_PES         (1<<1)
277 #define OHCI_PORT_PSS         (1<<2)
278 #define OHCI_PORT_POCI        (1<<3)
279 #define OHCI_PORT_PRS         (1<<4)
280 #define OHCI_PORT_PPS         (1<<8)
281 #define OHCI_PORT_LSDA        (1<<9)
282 #define OHCI_PORT_CSC         (1<<16)
283 #define OHCI_PORT_PESC        (1<<17)
284 #define OHCI_PORT_PSSC        (1<<18)
285 #define OHCI_PORT_OCIC        (1<<19)
286 #define OHCI_PORT_PRSC        (1<<20)
287 #define OHCI_PORT_WTC         (OHCI_PORT_CSC|OHCI_PORT_PESC|OHCI_PORT_PSSC \
288                                |OHCI_PORT_OCIC|OHCI_PORT_PRSC)
289 
290 #define OHCI_TD_DIR_SETUP     0x0
291 #define OHCI_TD_DIR_OUT       0x1
292 #define OHCI_TD_DIR_IN        0x2
293 #define OHCI_TD_DIR_RESERVED  0x3
294 
295 #define OHCI_CC_NOERROR             0x0
296 #define OHCI_CC_CRC                 0x1
297 #define OHCI_CC_BITSTUFFING         0x2
298 #define OHCI_CC_DATATOGGLEMISMATCH  0x3
299 #define OHCI_CC_STALL               0x4
300 #define OHCI_CC_DEVICENOTRESPONDING 0x5
301 #define OHCI_CC_PIDCHECKFAILURE     0x6
302 #define OHCI_CC_UNDEXPETEDPID       0x7
303 #define OHCI_CC_DATAOVERRUN         0x8
304 #define OHCI_CC_DATAUNDERRUN        0x9
305 #define OHCI_CC_BUFFEROVERRUN       0xc
306 #define OHCI_CC_BUFFERUNDERRUN      0xd
307 
308 #define OHCI_HRESET_FSBIR       (1 << 0)
309 
310 /* Update IRQ levels */
ohci_intr_update(OHCIState * ohci)311 static inline void ohci_intr_update(OHCIState *ohci)
312 {
313     int level = 0;
314 
315     if ((ohci->intr & OHCI_INTR_MIE) &&
316         (ohci->intr_status & ohci->intr))
317         level = 1;
318 
319     qemu_set_irq(ohci->irq, level);
320 }
321 
322 /* Set an interrupt */
ohci_set_interrupt(OHCIState * ohci,uint32_t intr)323 static inline void ohci_set_interrupt(OHCIState *ohci, uint32_t intr)
324 {
325     ohci->intr_status |= intr;
326     ohci_intr_update(ohci);
327 }
328 
329 /* Attach or detach a device on a root hub port.  */
ohci_attach(USBPort * port1,USBDevice * dev)330 static void ohci_attach(USBPort *port1, USBDevice *dev)
331 {
332     OHCIState *s = port1->opaque;
333     OHCIPort *port = &s->rhport[port1->index];
334     uint32_t old_state = port->ctrl;
335 
336     if (dev) {
337         if (port->port.dev) {
338             usb_attach(port1, NULL);
339         }
340         /* set connect status */
341         port->ctrl |= OHCI_PORT_CCS | OHCI_PORT_CSC;
342 
343         /* update speed */
344         if (dev->speed == USB_SPEED_LOW)
345             port->ctrl |= OHCI_PORT_LSDA;
346         else
347             port->ctrl &= ~OHCI_PORT_LSDA;
348         port->port.dev = dev;
349 
350         /* notify of remote-wakeup */
351         if ((s->ctl & OHCI_CTL_HCFS) == OHCI_USB_SUSPEND)
352             ohci_set_interrupt(s, OHCI_INTR_RD);
353 
354         /* send the attach message */
355         usb_send_msg(dev, USB_MSG_ATTACH);
356         dprintf("usb-ohci: Attached port %d\n", port1->index);
357     } else {
358         /* set connect status */
359         if (port->ctrl & OHCI_PORT_CCS) {
360             port->ctrl &= ~OHCI_PORT_CCS;
361             port->ctrl |= OHCI_PORT_CSC;
362         }
363         /* disable port */
364         if (port->ctrl & OHCI_PORT_PES) {
365             port->ctrl &= ~OHCI_PORT_PES;
366             port->ctrl |= OHCI_PORT_PESC;
367         }
368         dev = port->port.dev;
369         if (dev) {
370             /* send the detach message */
371             usb_send_msg(dev, USB_MSG_DETACH);
372         }
373         port->port.dev = NULL;
374         dprintf("usb-ohci: Detached port %d\n", port1->index);
375     }
376 
377     if (old_state != port->ctrl)
378         ohci_set_interrupt(s, OHCI_INTR_RHSC);
379 }
380 
381 /* Reset the controller */
ohci_reset(void * opaque)382 static void ohci_reset(void *opaque)
383 {
384     OHCIState *ohci = opaque;
385     OHCIPort *port;
386     int i;
387 
388     ohci_bus_stop(ohci);
389     ohci->ctl = 0;
390     ohci->old_ctl = 0;
391     ohci->status = 0;
392     ohci->intr_status = 0;
393     ohci->intr = OHCI_INTR_MIE;
394 
395     ohci->hcca = 0;
396     ohci->ctrl_head = ohci->ctrl_cur = 0;
397     ohci->bulk_head = ohci->bulk_cur = 0;
398     ohci->per_cur = 0;
399     ohci->done = 0;
400     ohci->done_count = 7;
401 
402     /* FSMPS is marked TBD in OCHI 1.0, what gives ffs?
403      * I took the value linux sets ...
404      */
405     ohci->fsmps = 0x2778;
406     ohci->fi = 0x2edf;
407     ohci->fit = 0;
408     ohci->frt = 0;
409     ohci->frame_number = 0;
410     ohci->pstart = 0;
411     ohci->lst = OHCI_LS_THRESH;
412 
413     ohci->rhdesc_a = OHCI_RHA_NPS | ohci->num_ports;
414     ohci->rhdesc_b = 0x0; /* Impl. specific */
415     ohci->rhstatus = 0;
416 
417     for (i = 0; i < ohci->num_ports; i++)
418       {
419         port = &ohci->rhport[i];
420         port->ctrl = 0;
421         if (port->port.dev)
422             ohci_attach(&port->port, port->port.dev);
423       }
424     if (ohci->async_td) {
425         usb_cancel_packet(&ohci->usb_packet);
426         ohci->async_td = 0;
427     }
428     dprintf("usb-ohci: Reset %s\n", ohci->name);
429 }
430 
431 /* Get an array of dwords from main memory */
get_dwords(OHCIState * ohci,uint32_t addr,uint32_t * buf,int num)432 static inline int get_dwords(OHCIState *ohci,
433                              uint32_t addr, uint32_t *buf, int num)
434 {
435     int i;
436 
437     addr += ohci->localmem_base;
438 
439     for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
440         cpu_physical_memory_rw(addr, (uint8_t *)buf, sizeof(*buf), 0);
441         *buf = le32_to_cpu(*buf);
442     }
443 
444     return 1;
445 }
446 
447 /* Put an array of dwords in to main memory */
put_dwords(OHCIState * ohci,uint32_t addr,uint32_t * buf,int num)448 static inline int put_dwords(OHCIState *ohci,
449                              uint32_t addr, uint32_t *buf, int num)
450 {
451     int i;
452 
453     addr += ohci->localmem_base;
454 
455     for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
456         uint32_t tmp = cpu_to_le32(*buf);
457         cpu_physical_memory_rw(addr, (uint8_t *)&tmp, sizeof(tmp), 1);
458     }
459 
460     return 1;
461 }
462 
463 /* Get an array of words from main memory */
get_words(OHCIState * ohci,uint32_t addr,uint16_t * buf,int num)464 static inline int get_words(OHCIState *ohci,
465                             uint32_t addr, uint16_t *buf, int num)
466 {
467     int i;
468 
469     addr += ohci->localmem_base;
470 
471     for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
472         cpu_physical_memory_rw(addr, (uint8_t *)buf, sizeof(*buf), 0);
473         *buf = le16_to_cpu(*buf);
474     }
475 
476     return 1;
477 }
478 
479 /* Put an array of words in to main memory */
put_words(OHCIState * ohci,uint32_t addr,uint16_t * buf,int num)480 static inline int put_words(OHCIState *ohci,
481                             uint32_t addr, uint16_t *buf, int num)
482 {
483     int i;
484 
485     addr += ohci->localmem_base;
486 
487     for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
488         uint16_t tmp = cpu_to_le16(*buf);
489         cpu_physical_memory_rw(addr, (uint8_t *)&tmp, sizeof(tmp), 1);
490     }
491 
492     return 1;
493 }
494 
ohci_read_ed(OHCIState * ohci,uint32_t addr,struct ohci_ed * ed)495 static inline int ohci_read_ed(OHCIState *ohci,
496                                uint32_t addr, struct ohci_ed *ed)
497 {
498     return get_dwords(ohci, addr, (uint32_t *)ed, sizeof(*ed) >> 2);
499 }
500 
ohci_read_td(OHCIState * ohci,uint32_t addr,struct ohci_td * td)501 static inline int ohci_read_td(OHCIState *ohci,
502                                uint32_t addr, struct ohci_td *td)
503 {
504     return get_dwords(ohci, addr, (uint32_t *)td, sizeof(*td) >> 2);
505 }
506 
ohci_read_iso_td(OHCIState * ohci,uint32_t addr,struct ohci_iso_td * td)507 static inline int ohci_read_iso_td(OHCIState *ohci,
508                                    uint32_t addr, struct ohci_iso_td *td)
509 {
510     return (get_dwords(ohci, addr, (uint32_t *)td, 4) &&
511             get_words(ohci, addr + 16, td->offset, 8));
512 }
513 
ohci_read_hcca(OHCIState * ohci,uint32_t addr,struct ohci_hcca * hcca)514 static inline int ohci_read_hcca(OHCIState *ohci,
515                                  uint32_t addr, struct ohci_hcca *hcca)
516 {
517     cpu_physical_memory_rw(addr + ohci->localmem_base,
518                            (uint8_t *)hcca, sizeof(*hcca), 0);
519     return 1;
520 }
521 
ohci_put_ed(OHCIState * ohci,uint32_t addr,struct ohci_ed * ed)522 static inline int ohci_put_ed(OHCIState *ohci,
523                               uint32_t addr, struct ohci_ed *ed)
524 {
525     return put_dwords(ohci, addr, (uint32_t *)ed, sizeof(*ed) >> 2);
526 }
527 
ohci_put_td(OHCIState * ohci,uint32_t addr,struct ohci_td * td)528 static inline int ohci_put_td(OHCIState *ohci,
529                               uint32_t addr, struct ohci_td *td)
530 {
531     return put_dwords(ohci, addr, (uint32_t *)td, sizeof(*td) >> 2);
532 }
533 
ohci_put_iso_td(OHCIState * ohci,uint32_t addr,struct ohci_iso_td * td)534 static inline int ohci_put_iso_td(OHCIState *ohci,
535                                   uint32_t addr, struct ohci_iso_td *td)
536 {
537     return (put_dwords(ohci, addr, (uint32_t *)td, 4) &&
538             put_words(ohci, addr + 16, td->offset, 8));
539 }
540 
ohci_put_hcca(OHCIState * ohci,uint32_t addr,struct ohci_hcca * hcca)541 static inline int ohci_put_hcca(OHCIState *ohci,
542                                 uint32_t addr, struct ohci_hcca *hcca)
543 {
544     cpu_physical_memory_rw(addr + ohci->localmem_base,
545                            (uint8_t *)hcca, sizeof(*hcca), 1);
546     return 1;
547 }
548 
549 /* Read/Write the contents of a TD from/to main memory.  */
ohci_copy_td(OHCIState * ohci,struct ohci_td * td,uint8_t * buf,int len,int write)550 static void ohci_copy_td(OHCIState *ohci, struct ohci_td *td,
551                          uint8_t *buf, int len, int write)
552 {
553     uint32_t ptr;
554     uint32_t n;
555 
556     ptr = td->cbp;
557     n = 0x1000 - (ptr & 0xfff);
558     if (n > len)
559         n = len;
560     cpu_physical_memory_rw(ptr + ohci->localmem_base, buf, n, write);
561     if (n == len)
562         return;
563     ptr = td->be & ~0xfffu;
564     buf += n;
565     cpu_physical_memory_rw(ptr + ohci->localmem_base, buf, len - n, write);
566 }
567 
568 /* Read/Write the contents of an ISO TD from/to main memory.  */
ohci_copy_iso_td(OHCIState * ohci,uint32_t start_addr,uint32_t end_addr,uint8_t * buf,int len,int write)569 static void ohci_copy_iso_td(OHCIState *ohci,
570                              uint32_t start_addr, uint32_t end_addr,
571                              uint8_t *buf, int len, int write)
572 {
573     uint32_t ptr;
574     uint32_t n;
575 
576     ptr = start_addr;
577     n = 0x1000 - (ptr & 0xfff);
578     if (n > len)
579         n = len;
580     cpu_physical_memory_rw(ptr + ohci->localmem_base, buf, n, write);
581     if (n == len)
582         return;
583     ptr = end_addr & ~0xfffu;
584     buf += n;
585     cpu_physical_memory_rw(ptr + ohci->localmem_base, buf, len - n, write);
586 }
587 
588 static void ohci_process_lists(OHCIState *ohci, int completion);
589 
ohci_async_complete_packet(USBPacket * packet,void * opaque)590 static void ohci_async_complete_packet(USBPacket *packet, void *opaque)
591 {
592     OHCIState *ohci = opaque;
593 #ifdef DEBUG_PACKET
594     dprintf("Async packet complete\n");
595 #endif
596     ohci->async_complete = 1;
597     ohci_process_lists(ohci, 1);
598 }
599 
600 #define USUB(a, b) ((int16_t)((uint16_t)(a) - (uint16_t)(b)))
601 
ohci_service_iso_td(OHCIState * ohci,struct ohci_ed * ed,int completion)602 static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
603                                int completion)
604 {
605     int dir;
606     size_t len = 0;
607     const char *str = NULL;
608     int pid;
609     int ret;
610     int i;
611     USBDevice *dev;
612     struct ohci_iso_td iso_td;
613     uint32_t addr;
614     uint16_t starting_frame;
615     int16_t relative_frame_number;
616     int frame_count;
617     uint32_t start_offset, next_offset, end_offset = 0;
618     uint32_t start_addr, end_addr;
619 
620     addr = ed->head & OHCI_DPTR_MASK;
621 
622     if (!ohci_read_iso_td(ohci, addr, &iso_td)) {
623         printf("usb-ohci: ISO_TD read error at %x\n", addr);
624         return 0;
625     }
626 
627     starting_frame = OHCI_BM(iso_td.flags, TD_SF);
628     frame_count = OHCI_BM(iso_td.flags, TD_FC);
629     relative_frame_number = USUB(ohci->frame_number, starting_frame);
630 
631 #ifdef DEBUG_ISOCH
632     printf("--- ISO_TD ED head 0x%.8x tailp 0x%.8x\n"
633            "0x%.8x 0x%.8x 0x%.8x 0x%.8x\n"
634            "0x%.8x 0x%.8x 0x%.8x 0x%.8x\n"
635            "0x%.8x 0x%.8x 0x%.8x 0x%.8x\n"
636            "frame_number 0x%.8x starting_frame 0x%.8x\n"
637            "frame_count  0x%.8x relative %d\n"
638            "di 0x%.8x cc 0x%.8x\n",
639            ed->head & OHCI_DPTR_MASK, ed->tail & OHCI_DPTR_MASK,
640            iso_td.flags, iso_td.bp, iso_td.next, iso_td.be,
641            iso_td.offset[0], iso_td.offset[1], iso_td.offset[2], iso_td.offset[3],
642            iso_td.offset[4], iso_td.offset[5], iso_td.offset[6], iso_td.offset[7],
643            ohci->frame_number, starting_frame,
644            frame_count, relative_frame_number,
645            OHCI_BM(iso_td.flags, TD_DI), OHCI_BM(iso_td.flags, TD_CC));
646 #endif
647 
648     if (relative_frame_number < 0) {
649         dprintf("usb-ohci: ISO_TD R=%d < 0\n", relative_frame_number);
650         return 1;
651     } else if (relative_frame_number > frame_count) {
652         /* ISO TD expired - retire the TD to the Done Queue and continue with
653            the next ISO TD of the same ED */
654         dprintf("usb-ohci: ISO_TD R=%d > FC=%d\n", relative_frame_number,
655                frame_count);
656         OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_DATAOVERRUN);
657         ed->head &= ~OHCI_DPTR_MASK;
658         ed->head |= (iso_td.next & OHCI_DPTR_MASK);
659         iso_td.next = ohci->done;
660         ohci->done = addr;
661         i = OHCI_BM(iso_td.flags, TD_DI);
662         if (i < ohci->done_count)
663             ohci->done_count = i;
664         ohci_put_iso_td(ohci, addr, &iso_td);
665         return 0;
666     }
667 
668     dir = OHCI_BM(ed->flags, ED_D);
669     switch (dir) {
670     case OHCI_TD_DIR_IN:
671         str = "in";
672         pid = USB_TOKEN_IN;
673         break;
674     case OHCI_TD_DIR_OUT:
675         str = "out";
676         pid = USB_TOKEN_OUT;
677         break;
678     case OHCI_TD_DIR_SETUP:
679         str = "setup";
680         pid = USB_TOKEN_SETUP;
681         break;
682     default:
683         printf("usb-ohci: Bad direction %d\n", dir);
684         return 1;
685     }
686 
687     if (!iso_td.bp || !iso_td.be) {
688         printf("usb-ohci: ISO_TD bp 0x%.8x be 0x%.8x\n", iso_td.bp, iso_td.be);
689         return 1;
690     }
691 
692     start_offset = iso_td.offset[relative_frame_number];
693     next_offset = iso_td.offset[relative_frame_number + 1];
694 
695     if (!(OHCI_BM(start_offset, TD_PSW_CC) & 0xe) ||
696         ((relative_frame_number < frame_count) &&
697          !(OHCI_BM(next_offset, TD_PSW_CC) & 0xe))) {
698         printf("usb-ohci: ISO_TD cc != not accessed 0x%.8x 0x%.8x\n",
699                start_offset, next_offset);
700         return 1;
701     }
702 
703     if ((relative_frame_number < frame_count) && (start_offset > next_offset)) {
704         printf("usb-ohci: ISO_TD start_offset=0x%.8x > next_offset=0x%.8x\n",
705                 start_offset, next_offset);
706         return 1;
707     }
708 
709     if ((start_offset & 0x1000) == 0) {
710         start_addr = (iso_td.bp & OHCI_PAGE_MASK) |
711             (start_offset & OHCI_OFFSET_MASK);
712     } else {
713         start_addr = (iso_td.be & OHCI_PAGE_MASK) |
714             (start_offset & OHCI_OFFSET_MASK);
715     }
716 
717     if (relative_frame_number < frame_count) {
718         end_offset = next_offset - 1;
719         if ((end_offset & 0x1000) == 0) {
720             end_addr = (iso_td.bp & OHCI_PAGE_MASK) |
721                 (end_offset & OHCI_OFFSET_MASK);
722         } else {
723             end_addr = (iso_td.be & OHCI_PAGE_MASK) |
724                 (end_offset & OHCI_OFFSET_MASK);
725         }
726     } else {
727         /* Last packet in the ISO TD */
728         end_addr = iso_td.be;
729     }
730 
731     if ((start_addr & OHCI_PAGE_MASK) != (end_addr & OHCI_PAGE_MASK)) {
732         len = (end_addr & OHCI_OFFSET_MASK) + 0x1001
733             - (start_addr & OHCI_OFFSET_MASK);
734     } else {
735         len = end_addr - start_addr + 1;
736     }
737 
738     if (len && dir != OHCI_TD_DIR_IN) {
739         ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, len, 0);
740     }
741 
742     if (completion) {
743         ret = ohci->usb_packet.len;
744     } else {
745         ret = USB_RET_NODEV;
746         for (i = 0; i < ohci->num_ports; i++) {
747             dev = ohci->rhport[i].port.dev;
748             if ((ohci->rhport[i].ctrl & OHCI_PORT_PES) == 0)
749                 continue;
750             ohci->usb_packet.pid = pid;
751             ohci->usb_packet.devaddr = OHCI_BM(ed->flags, ED_FA);
752             ohci->usb_packet.devep = OHCI_BM(ed->flags, ED_EN);
753             ohci->usb_packet.data = ohci->usb_buf;
754             ohci->usb_packet.len = len;
755             ohci->usb_packet.complete_cb = ohci_async_complete_packet;
756             ohci->usb_packet.complete_opaque = ohci;
757             ret = dev->handle_packet(dev, &ohci->usb_packet);
758             if (ret != USB_RET_NODEV)
759                 break;
760         }
761 
762         if (ret == USB_RET_ASYNC) {
763             return 1;
764         }
765     }
766 
767 #ifdef DEBUG_ISOCH
768     printf("so 0x%.8x eo 0x%.8x\nsa 0x%.8x ea 0x%.8x\ndir %s len %zu ret %d\n",
769            start_offset, end_offset, start_addr, end_addr, str, len, ret);
770 #endif
771 
772     /* Writeback */
773     if (dir == OHCI_TD_DIR_IN && ret >= 0 && ret <= len) {
774         /* IN transfer succeeded */
775         ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, ret, 1);
776         OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
777                     OHCI_CC_NOERROR);
778         OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE, ret);
779     } else if (dir == OHCI_TD_DIR_OUT && ret == len) {
780         /* OUT transfer succeeded */
781         OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
782                     OHCI_CC_NOERROR);
783         OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE, 0);
784     } else {
785         if (ret > (ssize_t) len) {
786             printf("usb-ohci: DataOverrun %d > %zu\n", ret, len);
787             OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
788                         OHCI_CC_DATAOVERRUN);
789             OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
790                         len);
791         } else if (ret >= 0) {
792             printf("usb-ohci: DataUnderrun %d\n", ret);
793             OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
794                         OHCI_CC_DATAUNDERRUN);
795         } else {
796             switch (ret) {
797             case USB_RET_NODEV:
798                 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
799                             OHCI_CC_DEVICENOTRESPONDING);
800                 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
801                             0);
802                 break;
803             case USB_RET_NAK:
804             case USB_RET_STALL:
805                 printf("usb-ohci: got NAK/STALL %d\n", ret);
806                 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
807                             OHCI_CC_STALL);
808                 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_SIZE,
809                             0);
810                 break;
811             default:
812                 printf("usb-ohci: Bad device response %d\n", ret);
813                 OHCI_SET_BM(iso_td.offset[relative_frame_number], TD_PSW_CC,
814                             OHCI_CC_UNDEXPETEDPID);
815                 break;
816             }
817         }
818     }
819 
820     if (relative_frame_number == frame_count) {
821         /* Last data packet of ISO TD - retire the TD to the Done Queue */
822         OHCI_SET_BM(iso_td.flags, TD_CC, OHCI_CC_NOERROR);
823         ed->head &= ~OHCI_DPTR_MASK;
824         ed->head |= (iso_td.next & OHCI_DPTR_MASK);
825         iso_td.next = ohci->done;
826         ohci->done = addr;
827         i = OHCI_BM(iso_td.flags, TD_DI);
828         if (i < ohci->done_count)
829             ohci->done_count = i;
830     }
831     ohci_put_iso_td(ohci, addr, &iso_td);
832     return 1;
833 }
834 
835 /* Service a transport descriptor.
836    Returns nonzero to terminate processing of this endpoint.  */
837 
ohci_service_td(OHCIState * ohci,struct ohci_ed * ed)838 static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed)
839 {
840     int dir;
841     size_t len = 0;
842     const char *str = NULL;
843     int pid;
844     int ret;
845     int i;
846     USBDevice *dev;
847     struct ohci_td td;
848     uint32_t addr;
849     int flag_r;
850     int completion;
851 
852     addr = ed->head & OHCI_DPTR_MASK;
853     /* See if this TD has already been submitted to the device.  */
854     completion = (addr == ohci->async_td);
855     if (completion && !ohci->async_complete) {
856 #ifdef DEBUG_PACKET
857         dprintf("Skipping async TD\n");
858 #endif
859         return 1;
860     }
861     if (!ohci_read_td(ohci, addr, &td)) {
862         fprintf(stderr, "usb-ohci: TD read error at %x\n", addr);
863         return 0;
864     }
865 
866     dir = OHCI_BM(ed->flags, ED_D);
867     switch (dir) {
868     case OHCI_TD_DIR_OUT:
869     case OHCI_TD_DIR_IN:
870         /* Same value.  */
871         break;
872     default:
873         dir = OHCI_BM(td.flags, TD_DP);
874         break;
875     }
876 
877     switch (dir) {
878     case OHCI_TD_DIR_IN:
879         str = "in";
880         pid = USB_TOKEN_IN;
881         break;
882     case OHCI_TD_DIR_OUT:
883         str = "out";
884         pid = USB_TOKEN_OUT;
885         break;
886     case OHCI_TD_DIR_SETUP:
887         str = "setup";
888         pid = USB_TOKEN_SETUP;
889         break;
890     default:
891         fprintf(stderr, "usb-ohci: Bad direction\n");
892         return 1;
893     }
894     if (td.cbp && td.be) {
895         if ((td.cbp & 0xfffff000) != (td.be & 0xfffff000)) {
896             len = (td.be & 0xfff) + 0x1001 - (td.cbp & 0xfff);
897         } else {
898             len = (td.be - td.cbp) + 1;
899         }
900 
901         if (len && dir != OHCI_TD_DIR_IN && !completion) {
902             ohci_copy_td(ohci, &td, ohci->usb_buf, len, 0);
903         }
904     }
905 
906     flag_r = (td.flags & OHCI_TD_R) != 0;
907 #ifdef DEBUG_PACKET
908     dprintf(" TD @ 0x%.8x %u bytes %s r=%d cbp=0x%.8x be=0x%.8x\n",
909             addr, len, str, flag_r, td.cbp, td.be);
910 
911     if (len > 0 && dir != OHCI_TD_DIR_IN) {
912         dprintf("  data:");
913         for (i = 0; i < len; i++)
914             printf(" %.2x", ohci->usb_buf[i]);
915         dprintf("\n");
916     }
917 #endif
918     if (completion) {
919         ret = ohci->usb_packet.len;
920         ohci->async_td = 0;
921         ohci->async_complete = 0;
922     } else {
923         ret = USB_RET_NODEV;
924         for (i = 0; i < ohci->num_ports; i++) {
925             dev = ohci->rhport[i].port.dev;
926             if ((ohci->rhport[i].ctrl & OHCI_PORT_PES) == 0)
927                 continue;
928 
929             if (ohci->async_td) {
930                 /* ??? The hardware should allow one active packet per
931                    endpoint.  We only allow one active packet per controller.
932                    This should be sufficient as long as devices respond in a
933                    timely manner.
934                  */
935 #ifdef DEBUG_PACKET
936                 dprintf("Too many pending packets\n");
937 #endif
938                 return 1;
939             }
940             ohci->usb_packet.pid = pid;
941             ohci->usb_packet.devaddr = OHCI_BM(ed->flags, ED_FA);
942             ohci->usb_packet.devep = OHCI_BM(ed->flags, ED_EN);
943             ohci->usb_packet.data = ohci->usb_buf;
944             ohci->usb_packet.len = len;
945             ohci->usb_packet.complete_cb = ohci_async_complete_packet;
946             ohci->usb_packet.complete_opaque = ohci;
947             ret = dev->handle_packet(dev, &ohci->usb_packet);
948             if (ret != USB_RET_NODEV)
949                 break;
950         }
951 #ifdef DEBUG_PACKET
952         dprintf("ret=%d\n", ret);
953 #endif
954         if (ret == USB_RET_ASYNC) {
955             ohci->async_td = addr;
956             return 1;
957         }
958     }
959     if (ret >= 0) {
960         if (dir == OHCI_TD_DIR_IN) {
961             ohci_copy_td(ohci, &td, ohci->usb_buf, ret, 1);
962 #ifdef DEBUG_PACKET
963             dprintf("  data:");
964             for (i = 0; i < ret; i++)
965                 printf(" %.2x", ohci->usb_buf[i]);
966             dprintf("\n");
967 #endif
968         } else {
969             ret = len;
970         }
971     }
972 
973     /* Writeback */
974     if (ret == len || (dir == OHCI_TD_DIR_IN && ret >= 0 && flag_r)) {
975         /* Transmission succeeded.  */
976         if (ret == len) {
977             td.cbp = 0;
978         } else {
979             td.cbp += ret;
980             if ((td.cbp & 0xfff) + ret > 0xfff) {
981                 td.cbp &= 0xfff;
982                 td.cbp |= td.be & ~0xfff;
983             }
984         }
985         td.flags |= OHCI_TD_T1;
986         td.flags ^= OHCI_TD_T0;
987         OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_NOERROR);
988         OHCI_SET_BM(td.flags, TD_EC, 0);
989 
990         ed->head &= ~OHCI_ED_C;
991         if (td.flags & OHCI_TD_T0)
992             ed->head |= OHCI_ED_C;
993     } else {
994         if (ret >= 0) {
995             dprintf("usb-ohci: Underrun\n");
996             OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DATAUNDERRUN);
997         } else {
998             switch (ret) {
999             case USB_RET_NODEV:
1000                 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DEVICENOTRESPONDING);
1001             case USB_RET_NAK:
1002                 dprintf("usb-ohci: got NAK\n");
1003                 return 1;
1004             case USB_RET_STALL:
1005                 dprintf("usb-ohci: got STALL\n");
1006                 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_STALL);
1007                 break;
1008             case USB_RET_BABBLE:
1009                 dprintf("usb-ohci: got BABBLE\n");
1010                 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_DATAOVERRUN);
1011                 break;
1012             default:
1013                 fprintf(stderr, "usb-ohci: Bad device response %d\n", ret);
1014                 OHCI_SET_BM(td.flags, TD_CC, OHCI_CC_UNDEXPETEDPID);
1015                 OHCI_SET_BM(td.flags, TD_EC, 3);
1016                 break;
1017             }
1018         }
1019         ed->head |= OHCI_ED_H;
1020     }
1021 
1022     /* Retire this TD */
1023     ed->head &= ~OHCI_DPTR_MASK;
1024     ed->head |= td.next & OHCI_DPTR_MASK;
1025     td.next = ohci->done;
1026     ohci->done = addr;
1027     i = OHCI_BM(td.flags, TD_DI);
1028     if (i < ohci->done_count)
1029         ohci->done_count = i;
1030     ohci_put_td(ohci, addr, &td);
1031     return OHCI_BM(td.flags, TD_CC) != OHCI_CC_NOERROR;
1032 }
1033 
1034 /* Service an endpoint list.  Returns nonzero if active TD were found.  */
ohci_service_ed_list(OHCIState * ohci,uint32_t head,int completion)1035 static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
1036 {
1037     struct ohci_ed ed;
1038     uint32_t next_ed;
1039     uint32_t cur;
1040     int active;
1041 
1042     active = 0;
1043 
1044     if (head == 0)
1045         return 0;
1046 
1047     for (cur = head; cur; cur = next_ed) {
1048         if (!ohci_read_ed(ohci, cur, &ed)) {
1049             fprintf(stderr, "usb-ohci: ED read error at %x\n", cur);
1050             return 0;
1051         }
1052 
1053         next_ed = ed.next & OHCI_DPTR_MASK;
1054 
1055         if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) {
1056             uint32_t addr;
1057             /* Cancel pending packets for ED that have been paused.  */
1058             addr = ed.head & OHCI_DPTR_MASK;
1059             if (ohci->async_td && addr == ohci->async_td) {
1060                 usb_cancel_packet(&ohci->usb_packet);
1061                 ohci->async_td = 0;
1062             }
1063             continue;
1064         }
1065 
1066         while ((ed.head & OHCI_DPTR_MASK) != ed.tail) {
1067 #ifdef DEBUG_PACKET
1068             dprintf("ED @ 0x%.8x fa=%u en=%u d=%u s=%u k=%u f=%u mps=%u "
1069                     "h=%u c=%u\n  head=0x%.8x tailp=0x%.8x next=0x%.8x\n", cur,
1070                     OHCI_BM(ed.flags, ED_FA), OHCI_BM(ed.flags, ED_EN),
1071                     OHCI_BM(ed.flags, ED_D), (ed.flags & OHCI_ED_S)!= 0,
1072                     (ed.flags & OHCI_ED_K) != 0, (ed.flags & OHCI_ED_F) != 0,
1073                     OHCI_BM(ed.flags, ED_MPS), (ed.head & OHCI_ED_H) != 0,
1074                     (ed.head & OHCI_ED_C) != 0, ed.head & OHCI_DPTR_MASK,
1075                     ed.tail & OHCI_DPTR_MASK, ed.next & OHCI_DPTR_MASK);
1076 #endif
1077             active = 1;
1078 
1079             if ((ed.flags & OHCI_ED_F) == 0) {
1080                 if (ohci_service_td(ohci, &ed))
1081                     break;
1082             } else {
1083                 /* Handle isochronous endpoints */
1084                 if (ohci_service_iso_td(ohci, &ed, completion))
1085                     break;
1086             }
1087         }
1088 
1089         ohci_put_ed(ohci, cur, &ed);
1090     }
1091 
1092     return active;
1093 }
1094 
1095 /* Generate a SOF event, and set a timer for EOF */
ohci_sof(OHCIState * ohci)1096 static void ohci_sof(OHCIState *ohci)
1097 {
1098     ohci->sof_time = qemu_get_clock_ns(vm_clock);
1099     qemu_mod_timer(ohci->eof_timer, ohci->sof_time + usb_frame_time);
1100     ohci_set_interrupt(ohci, OHCI_INTR_SF);
1101 }
1102 
1103 /* Process Control and Bulk lists.  */
ohci_process_lists(OHCIState * ohci,int completion)1104 static void ohci_process_lists(OHCIState *ohci, int completion)
1105 {
1106     if ((ohci->ctl & OHCI_CTL_CLE) && (ohci->status & OHCI_STATUS_CLF)) {
1107         if (ohci->ctrl_cur && ohci->ctrl_cur != ohci->ctrl_head)
1108           dprintf("usb-ohci: head %x, cur %x\n",
1109                           ohci->ctrl_head, ohci->ctrl_cur);
1110         if (!ohci_service_ed_list(ohci, ohci->ctrl_head, completion)) {
1111             ohci->ctrl_cur = 0;
1112             ohci->status &= ~OHCI_STATUS_CLF;
1113         }
1114     }
1115 
1116     if ((ohci->ctl & OHCI_CTL_BLE) && (ohci->status & OHCI_STATUS_BLF)) {
1117         if (!ohci_service_ed_list(ohci, ohci->bulk_head, completion)) {
1118             ohci->bulk_cur = 0;
1119             ohci->status &= ~OHCI_STATUS_BLF;
1120         }
1121     }
1122 }
1123 
1124 /* Do frame processing on frame boundary */
ohci_frame_boundary(void * opaque)1125 static void ohci_frame_boundary(void *opaque)
1126 {
1127     OHCIState *ohci = opaque;
1128     struct ohci_hcca hcca;
1129 
1130     ohci_read_hcca(ohci, ohci->hcca, &hcca);
1131 
1132     /* Process all the lists at the end of the frame */
1133     if (ohci->ctl & OHCI_CTL_PLE) {
1134         int n;
1135 
1136         n = ohci->frame_number & 0x1f;
1137         ohci_service_ed_list(ohci, le32_to_cpu(hcca.intr[n]), 0);
1138     }
1139 
1140     /* Cancel all pending packets if either of the lists has been disabled.  */
1141     if (ohci->async_td &&
1142         ohci->old_ctl & (~ohci->ctl) & (OHCI_CTL_BLE | OHCI_CTL_CLE)) {
1143         usb_cancel_packet(&ohci->usb_packet);
1144         ohci->async_td = 0;
1145     }
1146     ohci->old_ctl = ohci->ctl;
1147     ohci_process_lists(ohci, 0);
1148 
1149     /* Frame boundary, so do EOF stuf here */
1150     ohci->frt = ohci->fit;
1151 
1152     /* XXX: endianness */
1153     ohci->frame_number = (ohci->frame_number + 1) & 0xffff;
1154     hcca.frame = cpu_to_le32(ohci->frame_number);
1155 
1156     if (ohci->done_count == 0 && !(ohci->intr_status & OHCI_INTR_WD)) {
1157         if (!ohci->done)
1158             abort();
1159         if (ohci->intr & ohci->intr_status)
1160             ohci->done |= 1;
1161         hcca.done = cpu_to_le32(ohci->done);
1162         ohci->done = 0;
1163         ohci->done_count = 7;
1164         ohci_set_interrupt(ohci, OHCI_INTR_WD);
1165     }
1166 
1167     if (ohci->done_count != 7 && ohci->done_count != 0)
1168         ohci->done_count--;
1169 
1170     /* Do SOF stuff here */
1171     ohci_sof(ohci);
1172 
1173     /* Writeback HCCA */
1174     ohci_put_hcca(ohci, ohci->hcca, &hcca);
1175 }
1176 
1177 /* Start sending SOF tokens across the USB bus, lists are processed in
1178  * next frame
1179  */
ohci_bus_start(OHCIState * ohci)1180 static int ohci_bus_start(OHCIState *ohci)
1181 {
1182     ohci->eof_timer = qemu_new_timer_ns(vm_clock,
1183                     ohci_frame_boundary,
1184                     ohci);
1185 
1186     if (ohci->eof_timer == NULL) {
1187         fprintf(stderr, "usb-ohci: %s: qemu_new_timer_ns failed\n", ohci->name);
1188         /* TODO: Signal unrecoverable error */
1189         return 0;
1190     }
1191 
1192     dprintf("usb-ohci: %s: USB Operational\n", ohci->name);
1193 
1194     ohci_sof(ohci);
1195 
1196     return 1;
1197 }
1198 
1199 /* Stop sending SOF tokens on the bus */
ohci_bus_stop(OHCIState * ohci)1200 static void ohci_bus_stop(OHCIState *ohci)
1201 {
1202     if (ohci->eof_timer)
1203         qemu_del_timer(ohci->eof_timer);
1204     ohci->eof_timer = NULL;
1205 }
1206 
1207 /* Sets a flag in a port status register but only set it if the port is
1208  * connected, if not set ConnectStatusChange flag. If flag is enabled
1209  * return 1.
1210  */
ohci_port_set_if_connected(OHCIState * ohci,int i,uint32_t val)1211 static int ohci_port_set_if_connected(OHCIState *ohci, int i, uint32_t val)
1212 {
1213     int ret = 1;
1214 
1215     /* writing a 0 has no effect */
1216     if (val == 0)
1217         return 0;
1218 
1219     /* If CurrentConnectStatus is cleared we set
1220      * ConnectStatusChange
1221      */
1222     if (!(ohci->rhport[i].ctrl & OHCI_PORT_CCS)) {
1223         ohci->rhport[i].ctrl |= OHCI_PORT_CSC;
1224         if (ohci->rhstatus & OHCI_RHS_DRWE) {
1225             /* TODO: CSC is a wakeup event */
1226         }
1227         return 0;
1228     }
1229 
1230     if (ohci->rhport[i].ctrl & val)
1231         ret = 0;
1232 
1233     /* set the bit */
1234     ohci->rhport[i].ctrl |= val;
1235 
1236     return ret;
1237 }
1238 
1239 /* Set the frame interval - frame interval toggle is manipulated by the hcd only */
ohci_set_frame_interval(OHCIState * ohci,uint16_t val)1240 static void ohci_set_frame_interval(OHCIState *ohci, uint16_t val)
1241 {
1242     val &= OHCI_FMI_FI;
1243 
1244     if (val != ohci->fi) {
1245         dprintf("usb-ohci: %s: FrameInterval = 0x%x (%u)\n",
1246             ohci->name, ohci->fi, ohci->fi);
1247     }
1248 
1249     ohci->fi = val;
1250 }
1251 
ohci_port_power(OHCIState * ohci,int i,int p)1252 static void ohci_port_power(OHCIState *ohci, int i, int p)
1253 {
1254     if (p) {
1255         ohci->rhport[i].ctrl |= OHCI_PORT_PPS;
1256     } else {
1257         ohci->rhport[i].ctrl &= ~(OHCI_PORT_PPS|
1258                     OHCI_PORT_CCS|
1259                     OHCI_PORT_PSS|
1260                     OHCI_PORT_PRS);
1261     }
1262 }
1263 
1264 /* Set HcControlRegister */
ohci_set_ctl(OHCIState * ohci,uint32_t val)1265 static void ohci_set_ctl(OHCIState *ohci, uint32_t val)
1266 {
1267     uint32_t old_state;
1268     uint32_t new_state;
1269 
1270     old_state = ohci->ctl & OHCI_CTL_HCFS;
1271     ohci->ctl = val;
1272     new_state = ohci->ctl & OHCI_CTL_HCFS;
1273 
1274     /* no state change */
1275     if (old_state == new_state)
1276         return;
1277 
1278     switch (new_state) {
1279     case OHCI_USB_OPERATIONAL:
1280         ohci_bus_start(ohci);
1281         break;
1282     case OHCI_USB_SUSPEND:
1283         ohci_bus_stop(ohci);
1284         dprintf("usb-ohci: %s: USB Suspended\n", ohci->name);
1285         break;
1286     case OHCI_USB_RESUME:
1287         dprintf("usb-ohci: %s: USB Resume\n", ohci->name);
1288         break;
1289     case OHCI_USB_RESET:
1290         ohci_reset(ohci);
1291         dprintf("usb-ohci: %s: USB Reset\n", ohci->name);
1292         break;
1293     }
1294 }
1295 
ohci_get_frame_remaining(OHCIState * ohci)1296 static uint32_t ohci_get_frame_remaining(OHCIState *ohci)
1297 {
1298     uint16_t fr;
1299     int64_t tks;
1300 
1301     if ((ohci->ctl & OHCI_CTL_HCFS) != OHCI_USB_OPERATIONAL)
1302         return (ohci->frt << 31);
1303 
1304     /* Being in USB operational state guarnatees sof_time was
1305      * set already.
1306      */
1307     tks = qemu_get_clock_ns(vm_clock) - ohci->sof_time;
1308 
1309     /* avoid muldiv if possible */
1310     if (tks >= usb_frame_time)
1311         return (ohci->frt << 31);
1312 
1313     tks = muldiv64(1, tks, usb_bit_time);
1314     fr = (uint16_t)(ohci->fi - tks);
1315 
1316     return (ohci->frt << 31) | fr;
1317 }
1318 
1319 
1320 /* Set root hub status */
ohci_set_hub_status(OHCIState * ohci,uint32_t val)1321 static void ohci_set_hub_status(OHCIState *ohci, uint32_t val)
1322 {
1323     uint32_t old_state;
1324 
1325     old_state = ohci->rhstatus;
1326 
1327     /* write 1 to clear OCIC */
1328     if (val & OHCI_RHS_OCIC)
1329         ohci->rhstatus &= ~OHCI_RHS_OCIC;
1330 
1331     if (val & OHCI_RHS_LPS) {
1332         int i;
1333 
1334         for (i = 0; i < ohci->num_ports; i++)
1335             ohci_port_power(ohci, i, 0);
1336         dprintf("usb-ohci: powered down all ports\n");
1337     }
1338 
1339     if (val & OHCI_RHS_LPSC) {
1340         int i;
1341 
1342         for (i = 0; i < ohci->num_ports; i++)
1343             ohci_port_power(ohci, i, 1);
1344         dprintf("usb-ohci: powered up all ports\n");
1345     }
1346 
1347     if (val & OHCI_RHS_DRWE)
1348         ohci->rhstatus |= OHCI_RHS_DRWE;
1349 
1350     if (val & OHCI_RHS_CRWE)
1351         ohci->rhstatus &= ~OHCI_RHS_DRWE;
1352 
1353     if (old_state != ohci->rhstatus)
1354         ohci_set_interrupt(ohci, OHCI_INTR_RHSC);
1355 }
1356 
1357 /* Set root hub port status */
ohci_port_set_status(OHCIState * ohci,int portnum,uint32_t val)1358 static void ohci_port_set_status(OHCIState *ohci, int portnum, uint32_t val)
1359 {
1360     uint32_t old_state;
1361     OHCIPort *port;
1362 
1363     port = &ohci->rhport[portnum];
1364     old_state = port->ctrl;
1365 
1366     /* Write to clear CSC, PESC, PSSC, OCIC, PRSC */
1367     if (val & OHCI_PORT_WTC)
1368         port->ctrl &= ~(val & OHCI_PORT_WTC);
1369 
1370     if (val & OHCI_PORT_CCS)
1371         port->ctrl &= ~OHCI_PORT_PES;
1372 
1373     ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PES);
1374 
1375     if (ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PSS))
1376         dprintf("usb-ohci: port %d: SUSPEND\n", portnum);
1377 
1378     if (ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PRS)) {
1379         dprintf("usb-ohci: port %d: RESET\n", portnum);
1380         usb_send_msg(port->port.dev, USB_MSG_RESET);
1381         port->ctrl &= ~OHCI_PORT_PRS;
1382         /* ??? Should this also set OHCI_PORT_PESC.  */
1383         port->ctrl |= OHCI_PORT_PES | OHCI_PORT_PRSC;
1384     }
1385 
1386     /* Invert order here to ensure in ambiguous case, device is
1387      * powered up...
1388      */
1389     if (val & OHCI_PORT_LSDA)
1390         ohci_port_power(ohci, portnum, 0);
1391     if (val & OHCI_PORT_PPS)
1392         ohci_port_power(ohci, portnum, 1);
1393 
1394     if (old_state != port->ctrl)
1395         ohci_set_interrupt(ohci, OHCI_INTR_RHSC);
1396 
1397     return;
1398 }
1399 
ohci_mem_read(void * ptr,target_phys_addr_t addr)1400 static uint32_t ohci_mem_read(void *ptr, target_phys_addr_t addr)
1401 {
1402     OHCIState *ohci = ptr;
1403     uint32_t retval;
1404 
1405     /* Only aligned reads are allowed on OHCI */
1406     if (addr & 3) {
1407         fprintf(stderr, "usb-ohci: Mis-aligned read\n");
1408         return 0xffffffff;
1409     } else if (addr >= 0x54 && addr < 0x54 + ohci->num_ports * 4) {
1410         /* HcRhPortStatus */
1411         retval = ohci->rhport[(addr - 0x54) >> 2].ctrl | OHCI_PORT_PPS;
1412     } else {
1413         switch (addr >> 2) {
1414         case 0: /* HcRevision */
1415             retval = 0x10;
1416             break;
1417 
1418         case 1: /* HcControl */
1419             retval = ohci->ctl;
1420             break;
1421 
1422         case 2: /* HcCommandStatus */
1423             retval = ohci->status;
1424             break;
1425 
1426         case 3: /* HcInterruptStatus */
1427             retval = ohci->intr_status;
1428             break;
1429 
1430         case 4: /* HcInterruptEnable */
1431         case 5: /* HcInterruptDisable */
1432             retval = ohci->intr;
1433             break;
1434 
1435         case 6: /* HcHCCA */
1436             retval = ohci->hcca;
1437             break;
1438 
1439         case 7: /* HcPeriodCurrentED */
1440             retval = ohci->per_cur;
1441             break;
1442 
1443         case 8: /* HcControlHeadED */
1444             retval = ohci->ctrl_head;
1445             break;
1446 
1447         case 9: /* HcControlCurrentED */
1448             retval = ohci->ctrl_cur;
1449             break;
1450 
1451         case 10: /* HcBulkHeadED */
1452             retval = ohci->bulk_head;
1453             break;
1454 
1455         case 11: /* HcBulkCurrentED */
1456             retval = ohci->bulk_cur;
1457             break;
1458 
1459         case 12: /* HcDoneHead */
1460             retval = ohci->done;
1461             break;
1462 
1463         case 13: /* HcFmInterretval */
1464             retval = (ohci->fit << 31) | (ohci->fsmps << 16) | (ohci->fi);
1465             break;
1466 
1467         case 14: /* HcFmRemaining */
1468             retval = ohci_get_frame_remaining(ohci);
1469             break;
1470 
1471         case 15: /* HcFmNumber */
1472             retval = ohci->frame_number;
1473             break;
1474 
1475         case 16: /* HcPeriodicStart */
1476             retval = ohci->pstart;
1477             break;
1478 
1479         case 17: /* HcLSThreshold */
1480             retval = ohci->lst;
1481             break;
1482 
1483         case 18: /* HcRhDescriptorA */
1484             retval = ohci->rhdesc_a;
1485             break;
1486 
1487         case 19: /* HcRhDescriptorB */
1488             retval = ohci->rhdesc_b;
1489             break;
1490 
1491         case 20: /* HcRhStatus */
1492             retval = ohci->rhstatus;
1493             break;
1494 
1495         /* PXA27x specific registers */
1496         case 24: /* HcStatus */
1497             retval = ohci->hstatus & ohci->hmask;
1498             break;
1499 
1500         case 25: /* HcHReset */
1501             retval = ohci->hreset;
1502             break;
1503 
1504         case 26: /* HcHInterruptEnable */
1505             retval = ohci->hmask;
1506             break;
1507 
1508         case 27: /* HcHInterruptTest */
1509             retval = ohci->htest;
1510             break;
1511 
1512         default:
1513             fprintf(stderr, "ohci_read: Bad offset %x\n", (int)addr);
1514             retval = 0xffffffff;
1515         }
1516     }
1517 
1518 #ifdef TARGET_WORDS_BIGENDIAN
1519     retval = bswap32(retval);
1520 #endif
1521     return retval;
1522 }
1523 
ohci_mem_write(void * ptr,target_phys_addr_t addr,uint32_t val)1524 static void ohci_mem_write(void *ptr, target_phys_addr_t addr, uint32_t val)
1525 {
1526     OHCIState *ohci = ptr;
1527 
1528 #ifdef TARGET_WORDS_BIGENDIAN
1529     val = bswap32(val);
1530 #endif
1531 
1532     /* Only aligned reads are allowed on OHCI */
1533     if (addr & 3) {
1534         fprintf(stderr, "usb-ohci: Mis-aligned write\n");
1535         return;
1536     }
1537 
1538     if (addr >= 0x54 && addr < 0x54 + ohci->num_ports * 4) {
1539         /* HcRhPortStatus */
1540         ohci_port_set_status(ohci, (addr - 0x54) >> 2, val);
1541         return;
1542     }
1543 
1544     switch (addr >> 2) {
1545     case 1: /* HcControl */
1546         ohci_set_ctl(ohci, val);
1547         break;
1548 
1549     case 2: /* HcCommandStatus */
1550         /* SOC is read-only */
1551         val = (val & ~OHCI_STATUS_SOC);
1552 
1553         /* Bits written as '0' remain unchanged in the register */
1554         ohci->status |= val;
1555 
1556         if (ohci->status & OHCI_STATUS_HCR)
1557             ohci_reset(ohci);
1558         break;
1559 
1560     case 3: /* HcInterruptStatus */
1561         ohci->intr_status &= ~val;
1562         ohci_intr_update(ohci);
1563         break;
1564 
1565     case 4: /* HcInterruptEnable */
1566         ohci->intr |= val;
1567         ohci_intr_update(ohci);
1568         break;
1569 
1570     case 5: /* HcInterruptDisable */
1571         ohci->intr &= ~val;
1572         ohci_intr_update(ohci);
1573         break;
1574 
1575     case 6: /* HcHCCA */
1576         ohci->hcca = val & OHCI_HCCA_MASK;
1577         break;
1578 
1579     case 8: /* HcControlHeadED */
1580         ohci->ctrl_head = val & OHCI_EDPTR_MASK;
1581         break;
1582 
1583     case 9: /* HcControlCurrentED */
1584         ohci->ctrl_cur = val & OHCI_EDPTR_MASK;
1585         break;
1586 
1587     case 10: /* HcBulkHeadED */
1588         ohci->bulk_head = val & OHCI_EDPTR_MASK;
1589         break;
1590 
1591     case 11: /* HcBulkCurrentED */
1592         ohci->bulk_cur = val & OHCI_EDPTR_MASK;
1593         break;
1594 
1595     case 13: /* HcFmInterval */
1596         ohci->fsmps = (val & OHCI_FMI_FSMPS) >> 16;
1597         ohci->fit = (val & OHCI_FMI_FIT) >> 31;
1598         ohci_set_frame_interval(ohci, val);
1599         break;
1600 
1601     case 15: /* HcFmNumber */
1602         break;
1603 
1604     case 16: /* HcPeriodicStart */
1605         ohci->pstart = val & 0xffff;
1606         break;
1607 
1608     case 17: /* HcLSThreshold */
1609         ohci->lst = val & 0xffff;
1610         break;
1611 
1612     case 18: /* HcRhDescriptorA */
1613         ohci->rhdesc_a &= ~OHCI_RHA_RW_MASK;
1614         ohci->rhdesc_a |= val & OHCI_RHA_RW_MASK;
1615         break;
1616 
1617     case 19: /* HcRhDescriptorB */
1618         break;
1619 
1620     case 20: /* HcRhStatus */
1621         ohci_set_hub_status(ohci, val);
1622         break;
1623 
1624     /* PXA27x specific registers */
1625     case 24: /* HcStatus */
1626         ohci->hstatus &= ~(val & ohci->hmask);
1627 
1628     case 25: /* HcHReset */
1629         ohci->hreset = val & ~OHCI_HRESET_FSBIR;
1630         if (val & OHCI_HRESET_FSBIR)
1631             ohci_reset(ohci);
1632         break;
1633 
1634     case 26: /* HcHInterruptEnable */
1635         ohci->hmask = val;
1636         break;
1637 
1638     case 27: /* HcHInterruptTest */
1639         ohci->htest = val;
1640         break;
1641 
1642     default:
1643         fprintf(stderr, "ohci_write: Bad offset %x\n", (int)addr);
1644         break;
1645     }
1646 }
1647 
1648 /* Only dword reads are defined on OHCI register space */
1649 static CPUReadMemoryFunc *ohci_readfn[3]={
1650     ohci_mem_read,
1651     ohci_mem_read,
1652     ohci_mem_read
1653 };
1654 
1655 /* Only dword writes are defined on OHCI register space */
1656 static CPUWriteMemoryFunc *ohci_writefn[3]={
1657     ohci_mem_write,
1658     ohci_mem_write,
1659     ohci_mem_write
1660 };
1661 
usb_ohci_init(OHCIState * ohci,int num_ports,int devfn,qemu_irq irq,enum ohci_type type,const char * name,uint32_t localmem_base)1662 static void usb_ohci_init(OHCIState *ohci, int num_ports, int devfn,
1663                           qemu_irq irq, enum ohci_type type,
1664                           const char *name, uint32_t localmem_base)
1665 {
1666     int i;
1667 
1668     if (usb_frame_time == 0) {
1669 #ifdef OHCI_TIME_WARP
1670         usb_frame_time = get_ticks_per_sec();
1671         usb_bit_time = muldiv64(1, get_ticks_per_sec(), USB_HZ/1000);
1672 #else
1673         usb_frame_time = muldiv64(1, get_ticks_per_sec(), 1000);
1674         if (get_ticks_per_sec() >= USB_HZ) {
1675             usb_bit_time = muldiv64(1, get_ticks_per_sec(), USB_HZ);
1676         } else {
1677             usb_bit_time = 1;
1678         }
1679 #endif
1680         dprintf("usb-ohci: usb_bit_time=%lli usb_frame_time=%lli\n",
1681                 usb_frame_time, usb_bit_time);
1682     }
1683 
1684     ohci->mem = cpu_register_io_memory(ohci_readfn, ohci_writefn, ohci);
1685     ohci->localmem_base = localmem_base;
1686     ohci->name = name;
1687 
1688     ohci->irq = irq;
1689     ohci->type = type;
1690 
1691     ohci->num_ports = num_ports;
1692     for (i = 0; i < num_ports; i++) {
1693         qemu_register_usb_port(&ohci->rhport[i].port, ohci, i, ohci_attach);
1694     }
1695 
1696     ohci->async_td = 0;
1697     qemu_register_reset(ohci_reset, 0, ohci);
1698     ohci_reset(ohci);
1699 }
1700 
1701 typedef struct {
1702     PCIDevice pci_dev;
1703     OHCIState state;
1704 } OHCIPCIState;
1705 
ohci_mapfunc(PCIDevice * pci_dev,int i,uint32_t addr,uint32_t size,int type)1706 static void ohci_mapfunc(PCIDevice *pci_dev, int i,
1707             uint32_t addr, uint32_t size, int type)
1708 {
1709     OHCIPCIState *ohci = (OHCIPCIState *)pci_dev;
1710     cpu_register_physical_memory(addr, size, ohci->state.mem);
1711 }
1712 
usb_ohci_init_pci(struct PCIBus * bus,int num_ports,int devfn)1713 void usb_ohci_init_pci(struct PCIBus *bus, int num_ports, int devfn)
1714 {
1715     OHCIPCIState *ohci;
1716 
1717     ohci = (OHCIPCIState *)pci_register_device(bus, "OHCI USB", sizeof(*ohci),
1718                                                devfn, NULL, NULL);
1719     if (ohci == NULL) {
1720         fprintf(stderr, "usb-ohci: Failed to register PCI device\n");
1721         return;
1722     }
1723 
1724     pci_config_set_vendor_id(ohci->pci_dev.config, PCI_VENDOR_ID_APPLE);
1725     pci_config_set_device_id(ohci->pci_dev.config,
1726                              PCI_DEVICE_ID_APPLE_IPID_USB);
1727     ohci->pci_dev.config[0x09] = 0x10; /* OHCI */
1728     pci_config_set_class(ohci->pci_dev.config, PCI_CLASS_SERIAL_USB);
1729     ohci->pci_dev.config[0x3d] = 0x01; /* interrupt pin 1 */
1730 
1731     usb_ohci_init(&ohci->state, num_ports, devfn, ohci->pci_dev.irq[0],
1732                   OHCI_TYPE_PCI, ohci->pci_dev.name, 0);
1733 
1734     pci_register_bar((struct PCIDevice *)ohci, 0, 256,
1735                            PCI_ADDRESS_SPACE_MEM, ohci_mapfunc);
1736 }
1737 
usb_ohci_init_pxa(target_phys_addr_t base,int num_ports,int devfn,qemu_irq irq)1738 void usb_ohci_init_pxa(target_phys_addr_t base, int num_ports, int devfn,
1739                        qemu_irq irq)
1740 {
1741     OHCIState *ohci = (OHCIState *)qemu_mallocz(sizeof(OHCIState));
1742 
1743     usb_ohci_init(ohci, num_ports, devfn, irq,
1744                   OHCI_TYPE_PXA, "OHCI USB", 0);
1745 
1746     cpu_register_physical_memory(base, 0x1000, ohci->mem);
1747 }
1748 
usb_ohci_init_sm501(uint32_t mmio_base,uint32_t localmem_base,int num_ports,int devfn,qemu_irq irq)1749 void usb_ohci_init_sm501(uint32_t mmio_base, uint32_t localmem_base,
1750                          int num_ports, int devfn, qemu_irq irq)
1751 {
1752     OHCIState *ohci = (OHCIState *)qemu_mallocz(sizeof(OHCIState));
1753 
1754     usb_ohci_init(ohci, num_ports, devfn, irq,
1755                   OHCI_TYPE_SM501, "OHCI USB", localmem_base);
1756 
1757     cpu_register_physical_memory(mmio_base, 0x1000, ohci->mem);
1758 }
1759 
1760