]> Git Repo - qemu.git/blame - hw/usb/hcd-xhci.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xhci: move device lookup into xhci_setup_packet
[qemu.git] / hw / usb / hcd-xhci.c
CommitLineData
62c6ae04
HM		 1/*
2 * USB xHCI controller emulation
3 *
4 * Copyright (c) 2011 Securiforest
5 * Date: 2011-05-11 ; Author: Hector Martin <[email protected]>
6 * Based on usb-ohci.c, emulates Renesas NEC USB 3.0
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2 of the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 */
f1ae32a1 21#include "hw/hw.h"
62c6ae04 22#include "qemu-timer.h"
f1ae32a1
GH		 23#include "hw/usb.h"
24#include "hw/pci.h"
f1ae32a1 25#include "hw/msi.h"
2d754a10 26#include "trace.h"
62c6ae04
HM		 27
28//#define DEBUG_XHCI
29//#define DEBUG_DATA
30
31#ifdef DEBUG_XHCI
32#define DPRINTF(...) fprintf(stderr, __VA_ARGS__)
33#else
34#define DPRINTF(...) do {} while (0)
35#endif
36#define FIXME() do { fprintf(stderr, "FIXME %s:%d\n", \
37 __func__, __LINE__); abort(); } while (0)
38
39#define MAXSLOTS 8
40#define MAXINTRS 1
41
42#define USB2_PORTS 4
43#define USB3_PORTS 4
44
45#define MAXPORTS (USB2_PORTS+USB3_PORTS)
46
47#define TD_QUEUE 24
62c6ae04
HM		 48
49/* Very pessimistic, let's hope it's enough for all cases */
50#define EV_QUEUE (((3*TD_QUEUE)+16)*MAXSLOTS)
51/* Do not deliver ER Full events. NEC's driver does some things not bound
52 * to the specs when it gets them */
53#define ER_FULL_HACK
54
55#define LEN_CAP 0x40
56#define OFF_OPER LEN_CAP
57#define LEN_OPER (0x400 + 0x10 * MAXPORTS)
58#define OFF_RUNTIME ((OFF_OPER + LEN_OPER + 0x20) & ~0x1f)
59#define LEN_RUNTIME (0x20 + MAXINTRS * 0x20)
60#define OFF_DOORBELL (OFF_RUNTIME + LEN_RUNTIME)
61#define LEN_DOORBELL ((MAXSLOTS + 1) * 0x20)
62
63/* must be power of 2 */
64#define LEN_REGS 0x2000
65
66#if (OFF_DOORBELL + LEN_DOORBELL) > LEN_REGS
67# error Increase LEN_REGS
68#endif
69
70#if MAXINTRS > 1
71# error TODO: only one interrupter supported
72#endif
73
74/* bit definitions */
75#define USBCMD_RS (1<<0)
76#define USBCMD_HCRST (1<<1)
77#define USBCMD_INTE (1<<2)
78#define USBCMD_HSEE (1<<3)
79#define USBCMD_LHCRST (1<<7)
80#define USBCMD_CSS (1<<8)
81#define USBCMD_CRS (1<<9)
82#define USBCMD_EWE (1<<10)
83#define USBCMD_EU3S (1<<11)
84
85#define USBSTS_HCH (1<<0)
86#define USBSTS_HSE (1<<2)
87#define USBSTS_EINT (1<<3)
88#define USBSTS_PCD (1<<4)
89#define USBSTS_SSS (1<<8)
90#define USBSTS_RSS (1<<9)
91#define USBSTS_SRE (1<<10)
92#define USBSTS_CNR (1<<11)
93#define USBSTS_HCE (1<<12)
94
95
96#define PORTSC_CCS (1<<0)
97#define PORTSC_PED (1<<1)
98#define PORTSC_OCA (1<<3)
99#define PORTSC_PR (1<<4)
100#define PORTSC_PLS_SHIFT 5
101#define PORTSC_PLS_MASK 0xf
102#define PORTSC_PP (1<<9)
103#define PORTSC_SPEED_SHIFT 10
104#define PORTSC_SPEED_MASK 0xf
105#define PORTSC_SPEED_FULL (1<<10)
106#define PORTSC_SPEED_LOW (2<<10)
107#define PORTSC_SPEED_HIGH (3<<10)
108#define PORTSC_SPEED_SUPER (4<<10)
109#define PORTSC_PIC_SHIFT 14
110#define PORTSC_PIC_MASK 0x3
111#define PORTSC_LWS (1<<16)
112#define PORTSC_CSC (1<<17)
113#define PORTSC_PEC (1<<18)
114#define PORTSC_WRC (1<<19)
115#define PORTSC_OCC (1<<20)
116#define PORTSC_PRC (1<<21)
117#define PORTSC_PLC (1<<22)
118#define PORTSC_CEC (1<<23)
119#define PORTSC_CAS (1<<24)
120#define PORTSC_WCE (1<<25)
121#define PORTSC_WDE (1<<26)
122#define PORTSC_WOE (1<<27)
123#define PORTSC_DR (1<<30)
124#define PORTSC_WPR (1<<31)
125
126#define CRCR_RCS (1<<0)
127#define CRCR_CS (1<<1)
128#define CRCR_CA (1<<2)
129#define CRCR_CRR (1<<3)
130
131#define IMAN_IP (1<<0)
132#define IMAN_IE (1<<1)
133
134#define ERDP_EHB (1<<3)
135
136#define TRB_SIZE 16
137typedef struct XHCITRB {
138 uint64_t parameter;
139 uint32_t status;
140 uint32_t control;
59a70ccd 141 dma_addr_t addr;
62c6ae04
HM		 142 bool ccs;
143} XHCITRB;
144
145
146typedef enum TRBType {
147 TRB_RESERVED = 0,
148 TR_NORMAL,
149 TR_SETUP,
150 TR_DATA,
151 TR_STATUS,
152 TR_ISOCH,
153 TR_LINK,
154 TR_EVDATA,
155 TR_NOOP,
156 CR_ENABLE_SLOT,
157 CR_DISABLE_SLOT,
158 CR_ADDRESS_DEVICE,
159 CR_CONFIGURE_ENDPOINT,
160 CR_EVALUATE_CONTEXT,
161 CR_RESET_ENDPOINT,
162 CR_STOP_ENDPOINT,
163 CR_SET_TR_DEQUEUE,
164 CR_RESET_DEVICE,
165 CR_FORCE_EVENT,
166 CR_NEGOTIATE_BW,
167 CR_SET_LATENCY_TOLERANCE,
168 CR_GET_PORT_BANDWIDTH,
169 CR_FORCE_HEADER,
170 CR_NOOP,
171 ER_TRANSFER = 32,
172 ER_COMMAND_COMPLETE,
173 ER_PORT_STATUS_CHANGE,
174 ER_BANDWIDTH_REQUEST,
175 ER_DOORBELL,
176 ER_HOST_CONTROLLER,
177 ER_DEVICE_NOTIFICATION,
178 ER_MFINDEX_WRAP,
179 /* vendor specific bits */
180 CR_VENDOR_VIA_CHALLENGE_RESPONSE = 48,
181 CR_VENDOR_NEC_FIRMWARE_REVISION = 49,
182 CR_VENDOR_NEC_CHALLENGE_RESPONSE = 50,
183} TRBType;
184
185#define CR_LINK TR_LINK
186
187typedef enum TRBCCode {
188 CC_INVALID = 0,
189 CC_SUCCESS,
190 CC_DATA_BUFFER_ERROR,
191 CC_BABBLE_DETECTED,
192 CC_USB_TRANSACTION_ERROR,
193 CC_TRB_ERROR,
194 CC_STALL_ERROR,
195 CC_RESOURCE_ERROR,
196 CC_BANDWIDTH_ERROR,
197 CC_NO_SLOTS_ERROR,
198 CC_INVALID_STREAM_TYPE_ERROR,
199 CC_SLOT_NOT_ENABLED_ERROR,
200 CC_EP_NOT_ENABLED_ERROR,
201 CC_SHORT_PACKET,
202 CC_RING_UNDERRUN,
203 CC_RING_OVERRUN,
204 CC_VF_ER_FULL,
205 CC_PARAMETER_ERROR,
206 CC_BANDWIDTH_OVERRUN,
207 CC_CONTEXT_STATE_ERROR,
208 CC_NO_PING_RESPONSE_ERROR,
209 CC_EVENT_RING_FULL_ERROR,
210 CC_INCOMPATIBLE_DEVICE_ERROR,
211 CC_MISSED_SERVICE_ERROR,
212 CC_COMMAND_RING_STOPPED,
213 CC_COMMAND_ABORTED,
214 CC_STOPPED,
215 CC_STOPPED_LENGTH_INVALID,
216 CC_MAX_EXIT_LATENCY_TOO_LARGE_ERROR = 29,
217 CC_ISOCH_BUFFER_OVERRUN = 31,
218 CC_EVENT_LOST_ERROR,
219 CC_UNDEFINED_ERROR,
220 CC_INVALID_STREAM_ID_ERROR,
221 CC_SECONDARY_BANDWIDTH_ERROR,
222 CC_SPLIT_TRANSACTION_ERROR
223} TRBCCode;
224
225#define TRB_C (1<<0)
226#define TRB_TYPE_SHIFT 10
227#define TRB_TYPE_MASK 0x3f
228#define TRB_TYPE(t) (((t).control >> TRB_TYPE_SHIFT) & TRB_TYPE_MASK)
229
230#define TRB_EV_ED (1<<2)
231
232#define TRB_TR_ENT (1<<1)
233#define TRB_TR_ISP (1<<2)
234#define TRB_TR_NS (1<<3)
235#define TRB_TR_CH (1<<4)
236#define TRB_TR_IOC (1<<5)
237#define TRB_TR_IDT (1<<6)
238#define TRB_TR_TBC_SHIFT 7
239#define TRB_TR_TBC_MASK 0x3
240#define TRB_TR_BEI (1<<9)
241#define TRB_TR_TLBPC_SHIFT 16
242#define TRB_TR_TLBPC_MASK 0xf
243#define TRB_TR_FRAMEID_SHIFT 20
244#define TRB_TR_FRAMEID_MASK 0x7ff
245#define TRB_TR_SIA (1<<31)
246
247#define TRB_TR_DIR (1<<16)
248
249#define TRB_CR_SLOTID_SHIFT 24
250#define TRB_CR_SLOTID_MASK 0xff
251#define TRB_CR_EPID_SHIFT 16
252#define TRB_CR_EPID_MASK 0x1f
253
254#define TRB_CR_BSR (1<<9)
255#define TRB_CR_DC (1<<9)
256
257#define TRB_LK_TC (1<<1)
258
259#define EP_TYPE_MASK 0x7
260#define EP_TYPE_SHIFT 3
261
262#define EP_STATE_MASK 0x7
263#define EP_DISABLED (0<<0)
264#define EP_RUNNING (1<<0)
265#define EP_HALTED (2<<0)
266#define EP_STOPPED (3<<0)
267#define EP_ERROR (4<<0)
268
269#define SLOT_STATE_MASK 0x1f
270#define SLOT_STATE_SHIFT 27
271#define SLOT_STATE(s) (((s)>>SLOT_STATE_SHIFT)&SLOT_STATE_MASK)
272#define SLOT_ENABLED 0
273#define SLOT_DEFAULT 1
274#define SLOT_ADDRESSED 2
275#define SLOT_CONFIGURED 3
276
277#define SLOT_CONTEXT_ENTRIES_MASK 0x1f
278#define SLOT_CONTEXT_ENTRIES_SHIFT 27
279
280typedef enum EPType {
281 ET_INVALID = 0,
282 ET_ISO_OUT,
283 ET_BULK_OUT,
284 ET_INTR_OUT,
285 ET_CONTROL,
286 ET_ISO_IN,
287 ET_BULK_IN,
288 ET_INTR_IN,
289} EPType;
290
291typedef struct XHCIRing {
59a70ccd
DG		 292 dma_addr_t base;
293 dma_addr_t dequeue;
62c6ae04
HM		 294 bool ccs;
295} XHCIRing;
296
297typedef struct XHCIPort {
298 USBPort port;
299 uint32_t portsc;
300} XHCIPort;
301
302struct XHCIState;
303typedef struct XHCIState XHCIState;
304
305typedef struct XHCITransfer {
306 XHCIState *xhci;
307 USBPacket packet;
d5a15814 308 QEMUSGList sgl;
7c605a23
GH		 309 bool running_async;
310 bool running_retry;
62c6ae04
HM		 311 bool cancelled;
312 bool complete;
62c6ae04
HM		 313 unsigned int iso_pkts;
314 unsigned int slotid;
315 unsigned int epid;
316 bool in_xfer;
317 bool iso_xfer;
62c6ae04
HM		 318
319 unsigned int trb_count;
320 unsigned int trb_alloced;
321 XHCITRB *trbs;
322
62c6ae04
HM		 323 TRBCCode status;
324
325 unsigned int pkts;
326 unsigned int pktsize;
327 unsigned int cur_pkt;
328} XHCITransfer;
329
330typedef struct XHCIEPContext {
331 XHCIRing ring;
332 unsigned int next_xfer;
333 unsigned int comp_xfer;
334 XHCITransfer transfers[TD_QUEUE];
7c605a23 335 XHCITransfer *retry;
62c6ae04 336 EPType type;
59a70ccd 337 dma_addr_t pctx;
62c6ae04 338 unsigned int max_psize;
62c6ae04
HM		 339 uint32_t state;
340} XHCIEPContext;
341
342typedef struct XHCISlot {
343 bool enabled;
59a70ccd 344 dma_addr_t ctx;
62c6ae04
HM		 345 unsigned int port;
346 unsigned int devaddr;
347 XHCIEPContext * eps[31];
348} XHCISlot;
349
350typedef struct XHCIEvent {
351 TRBType type;
352 TRBCCode ccode;
353 uint64_t ptr;
354 uint32_t length;
355 uint32_t flags;
356 uint8_t slotid;
357 uint8_t epid;
358} XHCIEvent;
359
360struct XHCIState {
361 PCIDevice pci_dev;
362 USBBus bus;
363 qemu_irq irq;
364 MemoryRegion mem;
365 const char *name;
366 uint32_t msi;
367 unsigned int devaddr;
368
369 /* Operational Registers */
370 uint32_t usbcmd;
371 uint32_t usbsts;
372 uint32_t dnctrl;
373 uint32_t crcr_low;
374 uint32_t crcr_high;
375 uint32_t dcbaap_low;
376 uint32_t dcbaap_high;
377 uint32_t config;
378
379 XHCIPort ports[MAXPORTS];
380 XHCISlot slots[MAXSLOTS];
381
382 /* Runtime Registers */
383 uint32_t mfindex;
384 /* note: we only support one interrupter */
385 uint32_t iman;
386 uint32_t imod;
387 uint32_t erstsz;
388 uint32_t erstba_low;
389 uint32_t erstba_high;
390 uint32_t erdp_low;
391 uint32_t erdp_high;
392
59a70ccd 393 dma_addr_t er_start;
62c6ae04
HM		 394 uint32_t er_size;
395 bool er_pcs;
396 unsigned int er_ep_idx;
397 bool er_full;
398
399 XHCIEvent ev_buffer[EV_QUEUE];
400 unsigned int ev_buffer_put;
401 unsigned int ev_buffer_get;
402
403 XHCIRing cmd_ring;
404};
405
406typedef struct XHCIEvRingSeg {
407 uint32_t addr_low;
408 uint32_t addr_high;
409 uint32_t size;
410 uint32_t rsvd;
411} XHCIEvRingSeg;
412
f10de44e
GH		 413static const char *TRBType_names[] = {
414 [TRB_RESERVED] = "TRB_RESERVED",
415 [TR_NORMAL] = "TR_NORMAL",
416 [TR_SETUP] = "TR_SETUP",
417 [TR_DATA] = "TR_DATA",
418 [TR_STATUS] = "TR_STATUS",
419 [TR_ISOCH] = "TR_ISOCH",
420 [TR_LINK] = "TR_LINK",
421 [TR_EVDATA] = "TR_EVDATA",
422 [TR_NOOP] = "TR_NOOP",
423 [CR_ENABLE_SLOT] = "CR_ENABLE_SLOT",
424 [CR_DISABLE_SLOT] = "CR_DISABLE_SLOT",
425 [CR_ADDRESS_DEVICE] = "CR_ADDRESS_DEVICE",
426 [CR_CONFIGURE_ENDPOINT] = "CR_CONFIGURE_ENDPOINT",
427 [CR_EVALUATE_CONTEXT] = "CR_EVALUATE_CONTEXT",
428 [CR_RESET_ENDPOINT] = "CR_RESET_ENDPOINT",
429 [CR_STOP_ENDPOINT] = "CR_STOP_ENDPOINT",
430 [CR_SET_TR_DEQUEUE] = "CR_SET_TR_DEQUEUE",
431 [CR_RESET_DEVICE] = "CR_RESET_DEVICE",
432 [CR_FORCE_EVENT] = "CR_FORCE_EVENT",
433 [CR_NEGOTIATE_BW] = "CR_NEGOTIATE_BW",
434 [CR_SET_LATENCY_TOLERANCE] = "CR_SET_LATENCY_TOLERANCE",
435 [CR_GET_PORT_BANDWIDTH] = "CR_GET_PORT_BANDWIDTH",
436 [CR_FORCE_HEADER] = "CR_FORCE_HEADER",
437 [CR_NOOP] = "CR_NOOP",
438 [ER_TRANSFER] = "ER_TRANSFER",
439 [ER_COMMAND_COMPLETE] = "ER_COMMAND_COMPLETE",
440 [ER_PORT_STATUS_CHANGE] = "ER_PORT_STATUS_CHANGE",
441 [ER_BANDWIDTH_REQUEST] = "ER_BANDWIDTH_REQUEST",
442 [ER_DOORBELL] = "ER_DOORBELL",
443 [ER_HOST_CONTROLLER] = "ER_HOST_CONTROLLER",
444 [ER_DEVICE_NOTIFICATION] = "ER_DEVICE_NOTIFICATION",
445 [ER_MFINDEX_WRAP] = "ER_MFINDEX_WRAP",
446 [CR_VENDOR_VIA_CHALLENGE_RESPONSE] = "CR_VENDOR_VIA_CHALLENGE_RESPONSE",
447 [CR_VENDOR_NEC_FIRMWARE_REVISION] = "CR_VENDOR_NEC_FIRMWARE_REVISION",
448 [CR_VENDOR_NEC_CHALLENGE_RESPONSE] = "CR_VENDOR_NEC_CHALLENGE_RESPONSE",
449};
450
451static const char *lookup_name(uint32_t index, const char **list, uint32_t llen)
452{
453 if (index >= llen || list[index] == NULL) {
454 return "???";
455 }
456 return list[index];
457}
458
459static const char *trb_name(XHCITRB *trb)
460{
461 return lookup_name(TRB_TYPE(*trb), TRBType_names,
462 ARRAY_SIZE(TRBType_names));
463}
f10de44e 464
62c6ae04
HM		 465static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid,
466 unsigned int epid);
467
59a70ccd 468static inline dma_addr_t xhci_addr64(uint32_t low, uint32_t high)
62c6ae04 469{
59a70ccd
DG		 470 if (sizeof(dma_addr_t) == 4) {
471 return low;
472 } else {
473 return low | (((dma_addr_t)high << 16) << 16);
474 }
62c6ae04
HM		 475}
476
59a70ccd 477static inline dma_addr_t xhci_mask64(uint64_t addr)
62c6ae04 478{
59a70ccd
DG		 479 if (sizeof(dma_addr_t) == 4) {
480 return addr & 0xffffffff;
481 } else {
482 return addr;
483 }
62c6ae04
HM		 484}
485
486static void xhci_irq_update(XHCIState *xhci)
487{
488 int level = 0;
489
490 if (xhci->iman & IMAN_IP && xhci->iman & IMAN_IE &&
215bff17 491 xhci->usbcmd & USBCMD_INTE) {
62c6ae04
HM		 492 level = 1;
493 }
494
62c6ae04
HM		 495 if (xhci->msi && msi_enabled(&xhci->pci_dev)) {
496 if (level) {
7acd279f 497 trace_usb_xhci_irq_msi(0);
62c6ae04
HM		 498 msi_notify(&xhci->pci_dev, 0);
499 }
500 } else {
7acd279f 501 trace_usb_xhci_irq_intx(level);
62c6ae04
HM		 502 qemu_set_irq(xhci->irq, level);
503 }
504}
505
506static inline int xhci_running(XHCIState *xhci)
507{
508 return !(xhci->usbsts & USBSTS_HCH) && !xhci->er_full;
509}
510
511static void xhci_die(XHCIState *xhci)
512{
513 xhci->usbsts |= USBSTS_HCE;
514 fprintf(stderr, "xhci: asserted controller error\n");
515}
516
517static void xhci_write_event(XHCIState *xhci, XHCIEvent *event)
518{
519 XHCITRB ev_trb;
59a70ccd 520 dma_addr_t addr;
62c6ae04
HM		 521
522 ev_trb.parameter = cpu_to_le64(event->ptr);
523 ev_trb.status = cpu_to_le32(event->length | (event->ccode << 24));
524 ev_trb.control = (event->slotid << 24) | (event->epid << 16) |
525 event->flags | (event->type << TRB_TYPE_SHIFT);
526 if (xhci->er_pcs) {
527 ev_trb.control |= TRB_C;
528 }
529 ev_trb.control = cpu_to_le32(ev_trb.control);
530
7acd279f
GH		 531 trace_usb_xhci_queue_event(xhci->er_ep_idx, trb_name(&ev_trb),
532 ev_trb.parameter, ev_trb.status, ev_trb.control);
62c6ae04
HM		 533
534 addr = xhci->er_start + TRB_SIZE*xhci->er_ep_idx;
59a70ccd 535 pci_dma_write(&xhci->pci_dev, addr, &ev_trb, TRB_SIZE);
62c6ae04
HM		 536
537 xhci->er_ep_idx++;
538 if (xhci->er_ep_idx >= xhci->er_size) {
539 xhci->er_ep_idx = 0;
540 xhci->er_pcs = !xhci->er_pcs;
541 }
542}
543
544static void xhci_events_update(XHCIState *xhci)
545{
59a70ccd 546 dma_addr_t erdp;
62c6ae04
HM		 547 unsigned int dp_idx;
548 bool do_irq = 0;
549
550 if (xhci->usbsts & USBSTS_HCH) {
551 return;
552 }
553
554 erdp = xhci_addr64(xhci->erdp_low, xhci->erdp_high);
555 if (erdp < xhci->er_start ||
556 erdp >= (xhci->er_start + TRB_SIZE*xhci->er_size)) {
59a70ccd
DG		 557 fprintf(stderr, "xhci: ERDP out of bounds: "DMA_ADDR_FMT"\n", erdp);
558 fprintf(stderr, "xhci: ER at "DMA_ADDR_FMT" len %d\n",
62c6ae04
HM		 559 xhci->er_start, xhci->er_size);
560 xhci_die(xhci);
561 return;
562 }
563 dp_idx = (erdp - xhci->er_start) / TRB_SIZE;
564 assert(dp_idx < xhci->er_size);
565
566 /* NEC didn't read section 4.9.4 of the spec (v1.0 p139 top Note) and thus
567 * deadlocks when the ER is full. Hack it by holding off events until
568 * the driver decides to free at least half of the ring */
569 if (xhci->er_full) {
570 int er_free = dp_idx - xhci->er_ep_idx;
571 if (er_free <= 0) {
572 er_free += xhci->er_size;
573 }
574 if (er_free < (xhci->er_size/2)) {
575 DPRINTF("xhci_events_update(): event ring still "
576 "more than half full (hack)\n");
577 return;
578 }
579 }
580
581 while (xhci->ev_buffer_put != xhci->ev_buffer_get) {
582 assert(xhci->er_full);
583 if (((xhci->er_ep_idx+1) % xhci->er_size) == dp_idx) {
584 DPRINTF("xhci_events_update(): event ring full again\n");
585#ifndef ER_FULL_HACK
586 XHCIEvent full = {ER_HOST_CONTROLLER, CC_EVENT_RING_FULL_ERROR};
587 xhci_write_event(xhci, &full);
588#endif
589 do_irq = 1;
590 break;
591 }
592 XHCIEvent *event = &xhci->ev_buffer[xhci->ev_buffer_get];
593 xhci_write_event(xhci, event);
594 xhci->ev_buffer_get++;
595 do_irq = 1;
596 if (xhci->ev_buffer_get == EV_QUEUE) {
597 xhci->ev_buffer_get = 0;
598 }
599 }
600
601 if (do_irq) {
602 xhci->erdp_low |= ERDP_EHB;
603 xhci->iman |= IMAN_IP;
604 xhci->usbsts |= USBSTS_EINT;
605 xhci_irq_update(xhci);
606 }
607
608 if (xhci->er_full && xhci->ev_buffer_put == xhci->ev_buffer_get) {
609 DPRINTF("xhci_events_update(): event ring no longer full\n");
610 xhci->er_full = 0;
611 }
612 return;
613}
614
615static void xhci_event(XHCIState *xhci, XHCIEvent *event)
616{
59a70ccd 617 dma_addr_t erdp;
62c6ae04
HM		 618 unsigned int dp_idx;
619
620 if (xhci->er_full) {
621 DPRINTF("xhci_event(): ER full, queueing\n");
622 if (((xhci->ev_buffer_put+1) % EV_QUEUE) == xhci->ev_buffer_get) {
623 fprintf(stderr, "xhci: event queue full, dropping event!\n");
624 return;
625 }
626 xhci->ev_buffer[xhci->ev_buffer_put++] = *event;
627 if (xhci->ev_buffer_put == EV_QUEUE) {
628 xhci->ev_buffer_put = 0;
629 }
630 return;
631 }
632
633 erdp = xhci_addr64(xhci->erdp_low, xhci->erdp_high);
634 if (erdp < xhci->er_start ||
635 erdp >= (xhci->er_start + TRB_SIZE*xhci->er_size)) {
59a70ccd
DG		 636 fprintf(stderr, "xhci: ERDP out of bounds: "DMA_ADDR_FMT"\n", erdp);
637 fprintf(stderr, "xhci: ER at "DMA_ADDR_FMT" len %d\n",
62c6ae04
HM		 638 xhci->er_start, xhci->er_size);
639 xhci_die(xhci);
640 return;
641 }
642
643 dp_idx = (erdp - xhci->er_start) / TRB_SIZE;
644 assert(dp_idx < xhci->er_size);
645
646 if ((xhci->er_ep_idx+1) % xhci->er_size == dp_idx) {
647 DPRINTF("xhci_event(): ER full, queueing\n");
648#ifndef ER_FULL_HACK
649 XHCIEvent full = {ER_HOST_CONTROLLER, CC_EVENT_RING_FULL_ERROR};
650 xhci_write_event(xhci, &full);
651#endif
652 xhci->er_full = 1;
653 if (((xhci->ev_buffer_put+1) % EV_QUEUE) == xhci->ev_buffer_get) {
654 fprintf(stderr, "xhci: event queue full, dropping event!\n");
655 return;
656 }
657 xhci->ev_buffer[xhci->ev_buffer_put++] = *event;
658 if (xhci->ev_buffer_put == EV_QUEUE) {
659 xhci->ev_buffer_put = 0;
660 }
661 } else {
662 xhci_write_event(xhci, event);
663 }
664
665 xhci->erdp_low |= ERDP_EHB;
666 xhci->iman |= IMAN_IP;
667 xhci->usbsts |= USBSTS_EINT;
668
669 xhci_irq_update(xhci);
670}
671
672static void xhci_ring_init(XHCIState *xhci, XHCIRing *ring,
59a70ccd 673 dma_addr_t base)
62c6ae04
HM		 674{
675 ring->base = base;
676 ring->dequeue = base;
677 ring->ccs = 1;
678}
679
680static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb,
59a70ccd 681 dma_addr_t *addr)
62c6ae04
HM		 682{
683 while (1) {
684 TRBType type;
59a70ccd 685 pci_dma_read(&xhci->pci_dev, ring->dequeue, trb, TRB_SIZE);
62c6ae04
HM		 686 trb->addr = ring->dequeue;
687 trb->ccs = ring->ccs;
688 le64_to_cpus(&trb->parameter);
689 le32_to_cpus(&trb->status);
690 le32_to_cpus(&trb->control);
691
0703a4a7
GH		 692 trace_usb_xhci_fetch_trb(ring->dequeue, trb_name(trb),
693 trb->parameter, trb->status, trb->control);
62c6ae04
HM		 694
695 if ((trb->control & TRB_C) != ring->ccs) {
696 return 0;
697 }
698
699 type = TRB_TYPE(*trb);
700
701 if (type != TR_LINK) {
702 if (addr) {
703 *addr = ring->dequeue;
704 }
705 ring->dequeue += TRB_SIZE;
706 return type;
707 } else {
708 ring->dequeue = xhci_mask64(trb->parameter);
709 if (trb->control & TRB_LK_TC) {
710 ring->ccs = !ring->ccs;
711 }
712 }
713 }
714}
715
716static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring)
717{
718 XHCITRB trb;
719 int length = 0;
59a70ccd 720 dma_addr_t dequeue = ring->dequeue;
62c6ae04
HM		 721 bool ccs = ring->ccs;
722 /* hack to bundle together the two/three TDs that make a setup transfer */
723 bool control_td_set = 0;
724
725 while (1) {
726 TRBType type;
59a70ccd 727 pci_dma_read(&xhci->pci_dev, dequeue, &trb, TRB_SIZE);
62c6ae04
HM		 728 le64_to_cpus(&trb.parameter);
729 le32_to_cpus(&trb.status);
730 le32_to_cpus(&trb.control);
731
62c6ae04
HM		 732 if ((trb.control & TRB_C) != ccs) {
733 return -length;
734 }
735
736 type = TRB_TYPE(trb);
737
738 if (type == TR_LINK) {
739 dequeue = xhci_mask64(trb.parameter);
740 if (trb.control & TRB_LK_TC) {
741 ccs = !ccs;
742 }
743 continue;
744 }
745
746 length += 1;
747 dequeue += TRB_SIZE;
748
749 if (type == TR_SETUP) {
750 control_td_set = 1;
751 } else if (type == TR_STATUS) {
752 control_td_set = 0;
753 }
754
755 if (!control_td_set && !(trb.control & TRB_TR_CH)) {
756 return length;
757 }
758 }
759}
760
761static void xhci_er_reset(XHCIState *xhci)
762{
763 XHCIEvRingSeg seg;
764
765 /* cache the (sole) event ring segment location */
766 if (xhci->erstsz != 1) {
767 fprintf(stderr, "xhci: invalid value for ERSTSZ: %d\n", xhci->erstsz);
768 xhci_die(xhci);
769 return;
770 }
59a70ccd
DG		 771 dma_addr_t erstba = xhci_addr64(xhci->erstba_low, xhci->erstba_high);
772 pci_dma_read(&xhci->pci_dev, erstba, &seg, sizeof(seg));
62c6ae04
HM		 773 le32_to_cpus(&seg.addr_low);
774 le32_to_cpus(&seg.addr_high);
775 le32_to_cpus(&seg.size);
776 if (seg.size < 16 || seg.size > 4096) {
777 fprintf(stderr, "xhci: invalid value for segment size: %d\n", seg.size);
778 xhci_die(xhci);
779 return;
780 }
781 xhci->er_start = xhci_addr64(seg.addr_low, seg.addr_high);
782 xhci->er_size = seg.size;
783
784 xhci->er_ep_idx = 0;
785 xhci->er_pcs = 1;
786 xhci->er_full = 0;
787
59a70ccd 788 DPRINTF("xhci: event ring:" DMA_ADDR_FMT " [%d]\n",
62c6ae04
HM		 789 xhci->er_start, xhci->er_size);
790}
791
792static void xhci_run(XHCIState *xhci)
793{
fc0ddaca 794 trace_usb_xhci_run();
62c6ae04
HM		 795 xhci->usbsts &= ~USBSTS_HCH;
796}
797
798static void xhci_stop(XHCIState *xhci)
799{
fc0ddaca 800 trace_usb_xhci_stop();
62c6ae04
HM		 801 xhci->usbsts |= USBSTS_HCH;
802 xhci->crcr_low &= ~CRCR_CRR;
803}
804
805static void xhci_set_ep_state(XHCIState *xhci, XHCIEPContext *epctx,
806 uint32_t state)
807{
808 uint32_t ctx[5];
809 if (epctx->state == state) {
810 return;
811 }
812
59a70ccd 813 pci_dma_read(&xhci->pci_dev, epctx->pctx, ctx, sizeof(ctx));
62c6ae04
HM		 814 ctx[0] &= ~EP_STATE_MASK;
815 ctx[0] |= state;
816 ctx[2] = epctx->ring.dequeue | epctx->ring.ccs;
817 ctx[3] = (epctx->ring.dequeue >> 16) >> 16;
59a70ccd 818 DPRINTF("xhci: set epctx: " DMA_ADDR_FMT " state=%d dequeue=%08x%08x\n",
62c6ae04 819 epctx->pctx, state, ctx[3], ctx[2]);
59a70ccd 820 pci_dma_write(&xhci->pci_dev, epctx->pctx, ctx, sizeof(ctx));
62c6ae04
HM		 821 epctx->state = state;
822}
823
824static TRBCCode xhci_enable_ep(XHCIState *xhci, unsigned int slotid,
59a70ccd 825 unsigned int epid, dma_addr_t pctx,
62c6ae04
HM		 826 uint32_t *ctx)
827{
828 XHCISlot *slot;
829 XHCIEPContext *epctx;
59a70ccd 830 dma_addr_t dequeue;
62c6ae04
HM		 831 int i;
832
c1f6b493 833 trace_usb_xhci_ep_enable(slotid, epid);
62c6ae04
HM		 834 assert(slotid >= 1 && slotid <= MAXSLOTS);
835 assert(epid >= 1 && epid <= 31);
836
62c6ae04
HM		 837 slot = &xhci->slots[slotid-1];
838 if (slot->eps[epid-1]) {
839 fprintf(stderr, "xhci: slot %d ep %d already enabled!\n", slotid, epid);
840 return CC_TRB_ERROR;
841 }
842
843 epctx = g_malloc(sizeof(XHCIEPContext));
844 memset(epctx, 0, sizeof(XHCIEPContext));
845
846 slot->eps[epid-1] = epctx;
847
848 dequeue = xhci_addr64(ctx[2] & ~0xf, ctx[3]);
849 xhci_ring_init(xhci, &epctx->ring, dequeue);
850 epctx->ring.ccs = ctx[2] & 1;
851
852 epctx->type = (ctx[1] >> EP_TYPE_SHIFT) & EP_TYPE_MASK;
853 DPRINTF("xhci: endpoint %d.%d type is %d\n", epid/2, epid%2, epctx->type);
854 epctx->pctx = pctx;
855 epctx->max_psize = ctx[1]>>16;
856 epctx->max_psize *= 1+((ctx[1]>>8)&0xff);
62c6ae04
HM		 857 DPRINTF("xhci: endpoint %d.%d max transaction (burst) size is %d\n",
858 epid/2, epid%2, epctx->max_psize);
859 for (i = 0; i < ARRAY_SIZE(epctx->transfers); i++) {
860 usb_packet_init(&epctx->transfers[i].packet);
861 }
862
863 epctx->state = EP_RUNNING;
864 ctx[0] &= ~EP_STATE_MASK;
865 ctx[0] |= EP_RUNNING;
866
867 return CC_SUCCESS;
868}
869
870static int xhci_ep_nuke_xfers(XHCIState *xhci, unsigned int slotid,
871 unsigned int epid)
872{
873 XHCISlot *slot;
874 XHCIEPContext *epctx;
875 int i, xferi, killed = 0;
876 assert(slotid >= 1 && slotid <= MAXSLOTS);
877 assert(epid >= 1 && epid <= 31);
878
879 DPRINTF("xhci_ep_nuke_xfers(%d, %d)\n", slotid, epid);
880
881 slot = &xhci->slots[slotid-1];
882
883 if (!slot->eps[epid-1]) {
884 return 0;
885 }
886
887 epctx = slot->eps[epid-1];
888
889 xferi = epctx->next_xfer;
890 for (i = 0; i < TD_QUEUE; i++) {
891 XHCITransfer *t = &epctx->transfers[xferi];
7c605a23
GH		 892 if (t->running_async) {
893 usb_cancel_packet(&t->packet);
894 t->running_async = 0;
62c6ae04 895 t->cancelled = 1;
62c6ae04
HM		 896 DPRINTF("xhci: cancelling transfer %d, waiting for it to complete...\n", i);
897 killed++;
898 }
7c605a23
GH		 899 if (t->running_retry) {
900 t->running_retry = 0;
901 epctx->retry = NULL;
902 }
62c6ae04
HM		 903 if (t->trbs) {
904 g_free(t->trbs);
905 }
62c6ae04
HM		 906
907 t->trbs = NULL;
62c6ae04 908 t->trb_count = t->trb_alloced = 0;
62c6ae04
HM		 909 xferi = (xferi + 1) % TD_QUEUE;
910 }
62c6ae04
HM		 911 return killed;
912}
913
914static TRBCCode xhci_disable_ep(XHCIState *xhci, unsigned int slotid,
915 unsigned int epid)
916{
917 XHCISlot *slot;
918 XHCIEPContext *epctx;
919
c1f6b493 920 trace_usb_xhci_ep_disable(slotid, epid);
62c6ae04
HM		 921 assert(slotid >= 1 && slotid <= MAXSLOTS);
922 assert(epid >= 1 && epid <= 31);
923
62c6ae04
HM		 924 slot = &xhci->slots[slotid-1];
925
926 if (!slot->eps[epid-1]) {
927 DPRINTF("xhci: slot %d ep %d already disabled\n", slotid, epid);
928 return CC_SUCCESS;
929 }
930
931 xhci_ep_nuke_xfers(xhci, slotid, epid);
932
933 epctx = slot->eps[epid-1];
934
935 xhci_set_ep_state(xhci, epctx, EP_DISABLED);
936
937 g_free(epctx);
938 slot->eps[epid-1] = NULL;
939
940 return CC_SUCCESS;
941}
942
943static TRBCCode xhci_stop_ep(XHCIState *xhci, unsigned int slotid,
944 unsigned int epid)
945{
946 XHCISlot *slot;
947 XHCIEPContext *epctx;
948
c1f6b493 949 trace_usb_xhci_ep_stop(slotid, epid);
62c6ae04
HM		 950 assert(slotid >= 1 && slotid <= MAXSLOTS);
951
952 if (epid < 1 || epid > 31) {
953 fprintf(stderr, "xhci: bad ep %d\n", epid);
954 return CC_TRB_ERROR;
955 }
956
957 slot = &xhci->slots[slotid-1];
958
959 if (!slot->eps[epid-1]) {
960 DPRINTF("xhci: slot %d ep %d not enabled\n", slotid, epid);
961 return CC_EP_NOT_ENABLED_ERROR;
962 }
963
964 if (xhci_ep_nuke_xfers(xhci, slotid, epid) > 0) {
965 fprintf(stderr, "xhci: FIXME: endpoint stopped w/ xfers running, "
966 "data might be lost\n");
967 }
968
969 epctx = slot->eps[epid-1];
970
971 xhci_set_ep_state(xhci, epctx, EP_STOPPED);
972
973 return CC_SUCCESS;
974}
975
976static TRBCCode xhci_reset_ep(XHCIState *xhci, unsigned int slotid,
977 unsigned int epid)
978{
979 XHCISlot *slot;
980 XHCIEPContext *epctx;
981 USBDevice *dev;
982
c1f6b493 983 trace_usb_xhci_ep_reset(slotid, epid);
62c6ae04
HM		 984 assert(slotid >= 1 && slotid <= MAXSLOTS);
985
62c6ae04
HM		 986 if (epid < 1 || epid > 31) {
987 fprintf(stderr, "xhci: bad ep %d\n", epid);
988 return CC_TRB_ERROR;
989 }
990
991 slot = &xhci->slots[slotid-1];
992
993 if (!slot->eps[epid-1]) {
994 DPRINTF("xhci: slot %d ep %d not enabled\n", slotid, epid);
995 return CC_EP_NOT_ENABLED_ERROR;
996 }
997
998 epctx = slot->eps[epid-1];
999
1000 if (epctx->state != EP_HALTED) {
1001 fprintf(stderr, "xhci: reset EP while EP %d not halted (%d)\n",
1002 epid, epctx->state);
1003 return CC_CONTEXT_STATE_ERROR;
1004 }
1005
1006 if (xhci_ep_nuke_xfers(xhci, slotid, epid) > 0) {
1007 fprintf(stderr, "xhci: FIXME: endpoint reset w/ xfers running, "
1008 "data might be lost\n");
1009 }
1010
1011 uint8_t ep = epid>>1;
1012
1013 if (epid & 1) {
1014 ep |= 0x80;
1015 }
1016
1017 dev = xhci->ports[xhci->slots[slotid-1].port-1].port.dev;
1018 if (!dev) {
1019 return CC_USB_TRANSACTION_ERROR;
1020 }
1021
1022 xhci_set_ep_state(xhci, epctx, EP_STOPPED);
1023
1024 return CC_SUCCESS;
1025}
1026
1027static TRBCCode xhci_set_ep_dequeue(XHCIState *xhci, unsigned int slotid,
1028 unsigned int epid, uint64_t pdequeue)
1029{
1030 XHCISlot *slot;
1031 XHCIEPContext *epctx;
59a70ccd 1032 dma_addr_t dequeue;
62c6ae04
HM		 1033
1034 assert(slotid >= 1 && slotid <= MAXSLOTS);
1035
1036 if (epid < 1 || epid > 31) {
1037 fprintf(stderr, "xhci: bad ep %d\n", epid);
1038 return CC_TRB_ERROR;
1039 }
1040
1041 DPRINTF("xhci_set_ep_dequeue(%d, %d, %016"PRIx64")\n", slotid, epid, pdequeue);
1042 dequeue = xhci_mask64(pdequeue);
1043
1044 slot = &xhci->slots[slotid-1];
1045
1046 if (!slot->eps[epid-1]) {
1047 DPRINTF("xhci: slot %d ep %d not enabled\n", slotid, epid);
1048 return CC_EP_NOT_ENABLED_ERROR;
1049 }
1050
1051 epctx = slot->eps[epid-1];
1052
1053
1054 if (epctx->state != EP_STOPPED) {
1055 fprintf(stderr, "xhci: set EP dequeue pointer while EP %d not stopped\n", epid);
1056 return CC_CONTEXT_STATE_ERROR;
1057 }
1058
1059 xhci_ring_init(xhci, &epctx->ring, dequeue & ~0xF);
1060 epctx->ring.ccs = dequeue & 1;
1061
1062 xhci_set_ep_state(xhci, epctx, EP_STOPPED);
1063
1064 return CC_SUCCESS;
1065}
1066
d5a15814 1067static int xhci_xfer_map(XHCITransfer *xfer)
62c6ae04 1068{
d5a15814 1069 int in_xfer = (xfer->packet.pid == USB_TOKEN_IN);
62c6ae04 1070 XHCIState *xhci = xfer->xhci;
d5a15814 1071 int i;
62c6ae04 1072
d5a15814 1073 pci_dma_sglist_init(&xfer->sgl, &xhci->pci_dev, xfer->trb_count);
62c6ae04
HM		 1074 for (i = 0; i < xfer->trb_count; i++) {
1075 XHCITRB *trb = &xfer->trbs[i];
59a70ccd 1076 dma_addr_t addr;
62c6ae04
HM		 1077 unsigned int chunk = 0;
1078
1079 switch (TRB_TYPE(*trb)) {
1080 case TR_DATA:
1081 if ((!(trb->control & TRB_TR_DIR)) != (!in_xfer)) {
1082 fprintf(stderr, "xhci: data direction mismatch for TR_DATA\n");
d5a15814 1083 goto err;
62c6ae04
HM		 1084 }
1085 /* fallthrough */
1086 case TR_NORMAL:
1087 case TR_ISOCH:
1088 addr = xhci_mask64(trb->parameter);
d5a15814
GH		 1089 chunk = trb->status & 0x1ffff;
1090 if (trb->control & TRB_TR_IDT) {
1091 if (chunk > 8 || in_xfer) {
1092 fprintf(stderr, "xhci: invalid immediate data TRB\n");
1093 goto err;
1094 }
1095 qemu_sglist_add(&xfer->sgl, trb->addr, chunk);
1096 } else {
1097 qemu_sglist_add(&xfer->sgl, addr, chunk);
1098 }
1099 break;
1100 }
1101 }
1102
1103 usb_packet_map(&xfer->packet, &xfer->sgl);
1104 return 0;
1105
1106err:
1107 qemu_sglist_destroy(&xfer->sgl);
1108 xhci_die(xhci);
1109 return -1;
1110}
1111
1112static void xhci_xfer_unmap(XHCITransfer *xfer)
1113{
1114 usb_packet_unmap(&xfer->packet, &xfer->sgl);
1115 qemu_sglist_destroy(&xfer->sgl);
1116}
1117
1118static void xhci_xfer_report(XHCITransfer *xfer)
1119{
1120 uint32_t edtla = 0;
1121 unsigned int left;
1122 bool reported = 0;
1123 bool shortpkt = 0;
1124 XHCIEvent event = {ER_TRANSFER, CC_SUCCESS};
1125 XHCIState *xhci = xfer->xhci;
1126 int i;
1127
1128 left = xfer->packet.result < 0 ? 0 : xfer->packet.result;
1129
1130 for (i = 0; i < xfer->trb_count; i++) {
1131 XHCITRB *trb = &xfer->trbs[i];
1132 unsigned int chunk = 0;
1133
1134 switch (TRB_TYPE(*trb)) {
1135 case TR_DATA:
1136 case TR_NORMAL:
1137 case TR_ISOCH:
62c6ae04
HM		 1138 chunk = trb->status & 0x1ffff;
1139 if (chunk > left) {
1140 chunk = left;
d5a15814
GH		 1141 if (xfer->status == CC_SUCCESS) {
1142 shortpkt = 1;
62c6ae04
HM		 1143 }
1144 }
1145 left -= chunk;
62c6ae04 1146 edtla += chunk;
62c6ae04
HM		 1147 break;
1148 case TR_STATUS:
1149 reported = 0;
1150 shortpkt = 0;
1151 break;
1152 }
1153
d5a15814
GH		 1154 if (!reported && ((trb->control & TRB_TR_IOC) ||
1155 (shortpkt && (trb->control & TRB_TR_ISP)) ||
1156 (xfer->status != CC_SUCCESS))) {
62c6ae04
HM		 1157 event.slotid = xfer->slotid;
1158 event.epid = xfer->epid;
1159 event.length = (trb->status & 0x1ffff) - chunk;
1160 event.flags = 0;
1161 event.ptr = trb->addr;
1162 if (xfer->status == CC_SUCCESS) {
1163 event.ccode = shortpkt ? CC_SHORT_PACKET : CC_SUCCESS;
1164 } else {
1165 event.ccode = xfer->status;
1166 }
1167 if (TRB_TYPE(*trb) == TR_EVDATA) {
1168 event.ptr = trb->parameter;
1169 event.flags |= TRB_EV_ED;
1170 event.length = edtla & 0xffffff;
1171 DPRINTF("xhci_xfer_data: EDTLA=%d\n", event.length);
1172 edtla = 0;
1173 }
1174 xhci_event(xhci, &event);
1175 reported = 1;
d5a15814
GH		 1176 if (xfer->status != CC_SUCCESS) {
1177 return;
1178 }
62c6ae04
HM		 1179 }
1180 }
62c6ae04
HM		 1181}
1182
1183static void xhci_stall_ep(XHCITransfer *xfer)
1184{
1185 XHCIState *xhci = xfer->xhci;
1186 XHCISlot *slot = &xhci->slots[xfer->slotid-1];
1187 XHCIEPContext *epctx = slot->eps[xfer->epid-1];
1188
1189 epctx->ring.dequeue = xfer->trbs[0].addr;
1190 epctx->ring.ccs = xfer->trbs[0].ccs;
1191 xhci_set_ep_state(xhci, epctx, EP_HALTED);
1192 DPRINTF("xhci: stalled slot %d ep %d\n", xfer->slotid, xfer->epid);
59a70ccd 1193 DPRINTF("xhci: will continue at "DMA_ADDR_FMT"\n", epctx->ring.dequeue);
62c6ae04
HM		 1194}
1195
1196static int xhci_submit(XHCIState *xhci, XHCITransfer *xfer,
1197 XHCIEPContext *epctx);
1198
5c08106f 1199static USBDevice *xhci_find_device(XHCIPort *port, uint8_t addr)
62c6ae04 1200{
5c08106f
GH		 1201 if (!(port->portsc & PORTSC_PED)) {
1202 return NULL;
1203 }
1204 return usb_find_device(&port->port, addr);
1205}
1206
1207static int xhci_setup_packet(XHCITransfer *xfer)
1208{
1209 XHCIState *xhci = xfer->xhci;
1210 XHCIPort *port;
1211 USBDevice *dev;
079d0b7f
GH		 1212 USBEndpoint *ep;
1213 int dir;
1214
1215 dir = xfer->in_xfer ? USB_TOKEN_IN : USB_TOKEN_OUT;
5c08106f
GH		 1216
1217 if (xfer->packet.ep) {
1218 ep = xfer->packet.ep;
1219 dev = ep->dev;
1220 } else {
1221 port = &xhci->ports[xhci->slots[xfer->slotid-1].port-1];
1222 dev = xhci_find_device(port, xhci->slots[xfer->slotid-1].devaddr);
1223 if (!dev) {
1224 fprintf(stderr, "xhci: slot %d port %d has no device\n",
1225 xfer->slotid, xhci->slots[xfer->slotid-1].port);
1226 return -1;
1227 }
1228 ep = usb_ep_get(dev, dir, xfer->epid >> 1);
1229 }
1230
e983395d 1231 usb_packet_setup(&xfer->packet, dir, ep, xfer->trbs[0].addr);
d5a15814 1232 xhci_xfer_map(xfer);
62c6ae04 1233 DPRINTF("xhci: setup packet pid 0x%x addr %d ep %d\n",
079d0b7f 1234 xfer->packet.pid, dev->addr, ep->nr);
62c6ae04
HM		 1235 return 0;
1236}
1237
1238static int xhci_complete_packet(XHCITransfer *xfer, int ret)
1239{
1240 if (ret == USB_RET_ASYNC) {
97df650b 1241 trace_usb_xhci_xfer_async(xfer);
7c605a23
GH		 1242 xfer->running_async = 1;
1243 xfer->running_retry = 0;
1244 xfer->complete = 0;
1245 xfer->cancelled = 0;
1246 return 0;
1247 } else if (ret == USB_RET_NAK) {
97df650b 1248 trace_usb_xhci_xfer_nak(xfer);
7c605a23
GH		 1249 xfer->running_async = 0;
1250 xfer->running_retry = 1;
62c6ae04
HM		 1251 xfer->complete = 0;
1252 xfer->cancelled = 0;
1253 return 0;
1254 } else {
7c605a23
GH		 1255 xfer->running_async = 0;
1256 xfer->running_retry = 0;
62c6ae04 1257 xfer->complete = 1;
d5a15814 1258 xhci_xfer_unmap(xfer);
62c6ae04
HM		 1259 }
1260
1261 if (ret >= 0) {
97df650b 1262 trace_usb_xhci_xfer_success(xfer, ret);
d5a15814
GH		 1263 xfer->status = CC_SUCCESS;
1264 xhci_xfer_report(xfer);
62c6ae04
HM		 1265 return 0;
1266 }
1267
1268 /* error */
97df650b 1269 trace_usb_xhci_xfer_error(xfer, ret);
62c6ae04
HM		 1270 switch (ret) {
1271 case USB_RET_NODEV:
1272 xfer->status = CC_USB_TRANSACTION_ERROR;
d5a15814 1273 xhci_xfer_report(xfer);
62c6ae04
HM		 1274 xhci_stall_ep(xfer);
1275 break;
1276 case USB_RET_STALL:
1277 xfer->status = CC_STALL_ERROR;
d5a15814 1278 xhci_xfer_report(xfer);
62c6ae04
HM		 1279 xhci_stall_ep(xfer);
1280 break;
1281 default:
1282 fprintf(stderr, "%s: FIXME: ret = %d\n", __FUNCTION__, ret);
1283 FIXME();
1284 }
1285 return 0;
1286}
1287
1288static int xhci_fire_ctl_transfer(XHCIState *xhci, XHCITransfer *xfer)
1289{
1290 XHCITRB *trb_setup, *trb_status;
2850ca9e 1291 uint8_t bmRequestType;
62c6ae04
HM		 1292 int ret;
1293
62c6ae04
HM		 1294 trb_setup = &xfer->trbs[0];
1295 trb_status = &xfer->trbs[xfer->trb_count-1];
1296
d5a15814 1297 trace_usb_xhci_xfer_start(xfer, xfer->slotid, xfer->epid);
97df650b 1298
62c6ae04
HM		 1299 /* at most one Event Data TRB allowed after STATUS */
1300 if (TRB_TYPE(*trb_status) == TR_EVDATA && xfer->trb_count > 2) {
1301 trb_status--;
1302 }
1303
1304 /* do some sanity checks */
1305 if (TRB_TYPE(*trb_setup) != TR_SETUP) {
1306 fprintf(stderr, "xhci: ep0 first TD not SETUP: %d\n",
1307 TRB_TYPE(*trb_setup));
1308 return -1;
1309 }
1310 if (TRB_TYPE(*trb_status) != TR_STATUS) {
1311 fprintf(stderr, "xhci: ep0 last TD not STATUS: %d\n",
1312 TRB_TYPE(*trb_status));
1313 return -1;
1314 }
1315 if (!(trb_setup->control & TRB_TR_IDT)) {
1316 fprintf(stderr, "xhci: Setup TRB doesn't have IDT set\n");
1317 return -1;
1318 }
1319 if ((trb_setup->status & 0x1ffff) != 8) {
1320 fprintf(stderr, "xhci: Setup TRB has bad length (%d)\n",
1321 (trb_setup->status & 0x1ffff));
1322 return -1;
1323 }
1324
1325 bmRequestType = trb_setup->parameter;
62c6ae04 1326
62c6ae04
HM		 1327 xfer->in_xfer = bmRequestType & USB_DIR_IN;
1328 xfer->iso_xfer = false;
1329
5c08106f
GH		 1330 if (xhci_setup_packet(xfer) < 0) {
1331 return -1;
1332 }
2850ca9e 1333 xfer->packet.parameter = trb_setup->parameter;
2850ca9e 1334
5c08106f 1335 ret = usb_handle_packet(xfer->packet.ep->dev, &xfer->packet);
62c6ae04
HM		 1336
1337 xhci_complete_packet(xfer, ret);
7c605a23 1338 if (!xfer->running_async && !xfer->running_retry) {
62c6ae04
HM		 1339 xhci_kick_ep(xhci, xfer->slotid, xfer->epid);
1340 }
1341 return 0;
1342}
1343
1344static int xhci_submit(XHCIState *xhci, XHCITransfer *xfer, XHCIEPContext *epctx)
1345{
62c6ae04
HM		 1346 int ret;
1347
1348 DPRINTF("xhci_submit(slotid=%d,epid=%d)\n", xfer->slotid, xfer->epid);
62c6ae04
HM		 1349
1350 xfer->in_xfer = epctx->type>>2;
62c6ae04 1351
62c6ae04 1352 if (epctx->type == ET_ISO_IN || epctx->type == ET_ISO_OUT) {
331e9406 1353 xfer->pkts = 1;
62c6ae04
HM		 1354 } else {
1355 xfer->pkts = 0;
1356 }
1357
62c6ae04
HM		 1358 switch(epctx->type) {
1359 case ET_INTR_OUT:
1360 case ET_INTR_IN:
1361 case ET_BULK_OUT:
1362 case ET_BULK_IN:
1363 break;
1364 case ET_ISO_OUT:
1365 case ET_ISO_IN:
1366 FIXME();
1367 break;
1368 default:
079d0b7f
GH		 1369 fprintf(stderr, "xhci: unknown or unhandled EP "
1370 "(type %d, in %d, ep %02x)\n",
1371 epctx->type, xfer->in_xfer, xfer->epid);
62c6ae04
HM		 1372 return -1;
1373 }
1374
5c08106f
GH		 1375 if (xhci_setup_packet(xfer) < 0) {
1376 return -1;
1377 }
1378 ret = usb_handle_packet(xfer->packet.ep->dev, &xfer->packet);
62c6ae04
HM		 1379
1380 xhci_complete_packet(xfer, ret);
7c605a23 1381 if (!xfer->running_async && !xfer->running_retry) {
62c6ae04
HM		 1382 xhci_kick_ep(xhci, xfer->slotid, xfer->epid);
1383 }
1384 return 0;
1385}
1386
1387static int xhci_fire_transfer(XHCIState *xhci, XHCITransfer *xfer, XHCIEPContext *epctx)
1388{
d5a15814 1389 trace_usb_xhci_xfer_start(xfer, xfer->slotid, xfer->epid);
331e9406 1390 return xhci_submit(xhci, xfer, epctx);
62c6ae04
HM		 1391}
1392
1393static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid, unsigned int epid)
1394{
1395 XHCIEPContext *epctx;
1396 int length;
1397 int i;
1398
c1f6b493 1399 trace_usb_xhci_ep_kick(slotid, epid);
62c6ae04
HM		 1400 assert(slotid >= 1 && slotid <= MAXSLOTS);
1401 assert(epid >= 1 && epid <= 31);
62c6ae04
HM		 1402
1403 if (!xhci->slots[slotid-1].enabled) {
1404 fprintf(stderr, "xhci: xhci_kick_ep for disabled slot %d\n", slotid);
1405 return;
1406 }
1407 epctx = xhci->slots[slotid-1].eps[epid-1];
1408 if (!epctx) {
1409 fprintf(stderr, "xhci: xhci_kick_ep for disabled endpoint %d,%d\n",
1410 epid, slotid);
1411 return;
1412 }
1413
7c605a23
GH		 1414 if (epctx->retry) {
1415 /* retry nak'ed transfer */
1416 XHCITransfer *xfer = epctx->retry;
1417 int result;
1418
97df650b 1419 trace_usb_xhci_xfer_retry(xfer);
7c605a23 1420 assert(xfer->running_retry);
5c08106f
GH		 1421 if (xhci_setup_packet(xfer) < 0) {
1422 return;
1423 }
7c605a23
GH		 1424 result = usb_handle_packet(xfer->packet.ep->dev, &xfer->packet);
1425 if (result == USB_RET_NAK) {
7c605a23
GH		 1426 return;
1427 }
7c605a23
GH		 1428 xhci_complete_packet(xfer, result);
1429 assert(!xfer->running_retry);
1430 epctx->retry = NULL;
1431 }
1432
62c6ae04
HM		 1433 if (epctx->state == EP_HALTED) {
1434 DPRINTF("xhci: ep halted, not running schedule\n");
1435 return;
1436 }
1437
1438 xhci_set_ep_state(xhci, epctx, EP_RUNNING);
1439
1440 while (1) {
1441 XHCITransfer *xfer = &epctx->transfers[epctx->next_xfer];
331e9406 1442 if (xfer->running_async || xfer->running_retry) {
62c6ae04
HM		 1443 break;
1444 }
1445 length = xhci_ring_chain_length(xhci, &epctx->ring);
1446 if (length < 0) {
62c6ae04
HM		 1447 break;
1448 } else if (length == 0) {
1449 break;
1450 }
62c6ae04
HM		 1451 if (xfer->trbs && xfer->trb_alloced < length) {
1452 xfer->trb_count = 0;
1453 xfer->trb_alloced = 0;
1454 g_free(xfer->trbs);
1455 xfer->trbs = NULL;
1456 }
1457 if (!xfer->trbs) {
1458 xfer->trbs = g_malloc(sizeof(XHCITRB) * length);
1459 xfer->trb_alloced = length;
1460 }
1461 xfer->trb_count = length;
1462
1463 for (i = 0; i < length; i++) {
1464 assert(xhci_ring_fetch(xhci, &epctx->ring, &xfer->trbs[i], NULL));
1465 }
1466 xfer->xhci = xhci;
1467 xfer->epid = epid;
1468 xfer->slotid = slotid;
1469
1470 if (epid == 1) {
1471 if (xhci_fire_ctl_transfer(xhci, xfer) >= 0) {
1472 epctx->next_xfer = (epctx->next_xfer + 1) % TD_QUEUE;
1473 } else {
1474 fprintf(stderr, "xhci: error firing CTL transfer\n");
1475 }
1476 } else {
1477 if (xhci_fire_transfer(xhci, xfer, epctx) >= 0) {
1478 epctx->next_xfer = (epctx->next_xfer + 1) % TD_QUEUE;
1479 } else {
1480 fprintf(stderr, "xhci: error firing data transfer\n");
1481 }
1482 }
1483
3c4866e0 1484 if (epctx->state == EP_HALTED) {
3c4866e0
GH		 1485 break;
1486 }
7c605a23
GH		 1487 if (xfer->running_retry) {
1488 DPRINTF("xhci: xfer nacked, stopping schedule\n");
1489 epctx->retry = xfer;
1490 break;
1491 }
62c6ae04
HM		 1492 }
1493}
1494
1495static TRBCCode xhci_enable_slot(XHCIState *xhci, unsigned int slotid)
1496{
348f1037 1497 trace_usb_xhci_slot_enable(slotid);
62c6ae04 1498 assert(slotid >= 1 && slotid <= MAXSLOTS);
62c6ae04
HM		 1499 xhci->slots[slotid-1].enabled = 1;
1500 xhci->slots[slotid-1].port = 0;
1501 memset(xhci->slots[slotid-1].eps, 0, sizeof(XHCIEPContext*)*31);
1502
1503 return CC_SUCCESS;
1504}
1505
1506static TRBCCode xhci_disable_slot(XHCIState *xhci, unsigned int slotid)
1507{
1508 int i;
1509
348f1037 1510 trace_usb_xhci_slot_disable(slotid);
62c6ae04 1511 assert(slotid >= 1 && slotid <= MAXSLOTS);
62c6ae04
HM		 1512
1513 for (i = 1; i <= 31; i++) {
1514 if (xhci->slots[slotid-1].eps[i-1]) {
1515 xhci_disable_ep(xhci, slotid, i);
1516 }
1517 }
1518
1519 xhci->slots[slotid-1].enabled = 0;
1520 return CC_SUCCESS;
1521}
1522
1523static TRBCCode xhci_address_slot(XHCIState *xhci, unsigned int slotid,
1524 uint64_t pictx, bool bsr)
1525{
1526 XHCISlot *slot;
1527 USBDevice *dev;
59a70ccd 1528 dma_addr_t ictx, octx, dcbaap;
62c6ae04
HM		 1529 uint64_t poctx;
1530 uint32_t ictl_ctx[2];
1531 uint32_t slot_ctx[4];
1532 uint32_t ep0_ctx[5];
1533 unsigned int port;
1534 int i;
1535 TRBCCode res;
1536
348f1037 1537 trace_usb_xhci_slot_address(slotid);
62c6ae04 1538 assert(slotid >= 1 && slotid <= MAXSLOTS);
62c6ae04
HM		 1539
1540 dcbaap = xhci_addr64(xhci->dcbaap_low, xhci->dcbaap_high);
59a70ccd 1541 pci_dma_read(&xhci->pci_dev, dcbaap + 8*slotid, &poctx, sizeof(poctx));
62c6ae04
HM		 1542 ictx = xhci_mask64(pictx);
1543 octx = xhci_mask64(le64_to_cpu(poctx));
1544
59a70ccd
DG		 1545 DPRINTF("xhci: input context at "DMA_ADDR_FMT"\n", ictx);
1546 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx);
62c6ae04 1547
59a70ccd 1548 pci_dma_read(&xhci->pci_dev, ictx, ictl_ctx, sizeof(ictl_ctx));
62c6ae04
HM		 1549
1550 if (ictl_ctx[0] != 0x0 || ictl_ctx[1] != 0x3) {
1551 fprintf(stderr, "xhci: invalid input context control %08x %08x\n",
1552 ictl_ctx[0], ictl_ctx[1]);
1553 return CC_TRB_ERROR;
1554 }
1555
59a70ccd
DG		 1556 pci_dma_read(&xhci->pci_dev, ictx+32, slot_ctx, sizeof(slot_ctx));
1557 pci_dma_read(&xhci->pci_dev, ictx+64, ep0_ctx, sizeof(ep0_ctx));
62c6ae04
HM		 1558
1559 DPRINTF("xhci: input slot context: %08x %08x %08x %08x\n",
1560 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]);
1561
1562 DPRINTF("xhci: input ep0 context: %08x %08x %08x %08x %08x\n",
1563 ep0_ctx[0], ep0_ctx[1], ep0_ctx[2], ep0_ctx[3], ep0_ctx[4]);
1564
1565 port = (slot_ctx[1]>>16) & 0xFF;
1566 dev = xhci->ports[port-1].port.dev;
1567
1568 if (port < 1 || port > MAXPORTS) {
1569 fprintf(stderr, "xhci: bad port %d\n", port);
1570 return CC_TRB_ERROR;
1571 } else if (!dev) {
1572 fprintf(stderr, "xhci: port %d not connected\n", port);
1573 return CC_USB_TRANSACTION_ERROR;
1574 }
1575
1576 for (i = 0; i < MAXSLOTS; i++) {
1577 if (xhci->slots[i].port == port) {
1578 fprintf(stderr, "xhci: port %d already assigned to slot %d\n",
1579 port, i+1);
1580 return CC_TRB_ERROR;
1581 }
1582 }
1583
1584 slot = &xhci->slots[slotid-1];
1585 slot->port = port;
1586 slot->ctx = octx;
1587
1588 if (bsr) {
1589 slot_ctx[3] = SLOT_DEFAULT << SLOT_STATE_SHIFT;
1590 } else {
1591 slot->devaddr = xhci->devaddr++;
1592 slot_ctx[3] = (SLOT_ADDRESSED << SLOT_STATE_SHIFT) | slot->devaddr;
1593 DPRINTF("xhci: device address is %d\n", slot->devaddr);
62aed765 1594 usb_device_handle_control(dev, NULL,
62c6ae04
HM		 1595 DeviceOutRequest | USB_REQ_SET_ADDRESS,
1596 slot->devaddr, 0, 0, NULL);
1597 }
1598
1599 res = xhci_enable_ep(xhci, slotid, 1, octx+32, ep0_ctx);
1600
1601 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n",
1602 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]);
1603 DPRINTF("xhci: output ep0 context: %08x %08x %08x %08x %08x\n",
1604 ep0_ctx[0], ep0_ctx[1], ep0_ctx[2], ep0_ctx[3], ep0_ctx[4]);
1605
59a70ccd
DG		 1606 pci_dma_write(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
1607 pci_dma_write(&xhci->pci_dev, octx+32, ep0_ctx, sizeof(ep0_ctx));
62c6ae04
HM		 1608
1609 return res;
1610}
1611
1612
1613static TRBCCode xhci_configure_slot(XHCIState *xhci, unsigned int slotid,
1614 uint64_t pictx, bool dc)
1615{
59a70ccd 1616 dma_addr_t ictx, octx;
62c6ae04
HM		 1617 uint32_t ictl_ctx[2];
1618 uint32_t slot_ctx[4];
1619 uint32_t islot_ctx[4];
1620 uint32_t ep_ctx[5];
1621 int i;
1622 TRBCCode res;
1623
348f1037 1624 trace_usb_xhci_slot_configure(slotid);
62c6ae04 1625 assert(slotid >= 1 && slotid <= MAXSLOTS);
62c6ae04
HM		 1626
1627 ictx = xhci_mask64(pictx);
1628 octx = xhci->slots[slotid-1].ctx;
1629
59a70ccd
DG		 1630 DPRINTF("xhci: input context at "DMA_ADDR_FMT"\n", ictx);
1631 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx);
62c6ae04
HM		 1632
1633 if (dc) {
1634 for (i = 2; i <= 31; i++) {
1635 if (xhci->slots[slotid-1].eps[i-1]) {
1636 xhci_disable_ep(xhci, slotid, i);
1637 }
1638 }
1639
59a70ccd 1640 pci_dma_read(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
62c6ae04
HM		 1641 slot_ctx[3] &= ~(SLOT_STATE_MASK << SLOT_STATE_SHIFT);
1642 slot_ctx[3] |= SLOT_ADDRESSED << SLOT_STATE_SHIFT;
1643 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n",
1644 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]);
59a70ccd 1645 pci_dma_write(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
62c6ae04
HM		 1646
1647 return CC_SUCCESS;
1648 }
1649
59a70ccd 1650 pci_dma_read(&xhci->pci_dev, ictx, ictl_ctx, sizeof(ictl_ctx));
62c6ae04
HM		 1651
1652 if ((ictl_ctx[0] & 0x3) != 0x0 || (ictl_ctx[1] & 0x3) != 0x1) {
1653 fprintf(stderr, "xhci: invalid input context control %08x %08x\n",
1654 ictl_ctx[0], ictl_ctx[1]);
1655 return CC_TRB_ERROR;
1656 }
1657
59a70ccd
DG		 1658 pci_dma_read(&xhci->pci_dev, ictx+32, islot_ctx, sizeof(islot_ctx));
1659 pci_dma_read(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
62c6ae04
HM		 1660
1661 if (SLOT_STATE(slot_ctx[3]) < SLOT_ADDRESSED) {
1662 fprintf(stderr, "xhci: invalid slot state %08x\n", slot_ctx[3]);
1663 return CC_CONTEXT_STATE_ERROR;
1664 }
1665
1666 for (i = 2; i <= 31; i++) {
1667 if (ictl_ctx[0] & (1<<i)) {
1668 xhci_disable_ep(xhci, slotid, i);
1669 }
1670 if (ictl_ctx[1] & (1<<i)) {
59a70ccd
DG		 1671 pci_dma_read(&xhci->pci_dev, ictx+32+(32*i), ep_ctx,
1672 sizeof(ep_ctx));
62c6ae04
HM		 1673 DPRINTF("xhci: input ep%d.%d context: %08x %08x %08x %08x %08x\n",
1674 i/2, i%2, ep_ctx[0], ep_ctx[1], ep_ctx[2],
1675 ep_ctx[3], ep_ctx[4]);
1676 xhci_disable_ep(xhci, slotid, i);
1677 res = xhci_enable_ep(xhci, slotid, i, octx+(32*i), ep_ctx);
1678 if (res != CC_SUCCESS) {
1679 return res;
1680 }
1681 DPRINTF("xhci: output ep%d.%d context: %08x %08x %08x %08x %08x\n",
1682 i/2, i%2, ep_ctx[0], ep_ctx[1], ep_ctx[2],
1683 ep_ctx[3], ep_ctx[4]);
59a70ccd 1684 pci_dma_write(&xhci->pci_dev, octx+(32*i), ep_ctx, sizeof(ep_ctx));
62c6ae04
HM		 1685 }
1686 }
1687
1688 slot_ctx[3] &= ~(SLOT_STATE_MASK << SLOT_STATE_SHIFT);
1689 slot_ctx[3] |= SLOT_CONFIGURED << SLOT_STATE_SHIFT;
1690 slot_ctx[0] &= ~(SLOT_CONTEXT_ENTRIES_MASK << SLOT_CONTEXT_ENTRIES_SHIFT);
1691 slot_ctx[0] |= islot_ctx[0] & (SLOT_CONTEXT_ENTRIES_MASK <<
1692 SLOT_CONTEXT_ENTRIES_SHIFT);
1693 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n",
1694 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]);
1695
59a70ccd 1696 pci_dma_write(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
62c6ae04
HM		 1697
1698 return CC_SUCCESS;
1699}
1700
1701
1702static TRBCCode xhci_evaluate_slot(XHCIState *xhci, unsigned int slotid,
1703 uint64_t pictx)
1704{
59a70ccd 1705 dma_addr_t ictx, octx;
62c6ae04
HM		 1706 uint32_t ictl_ctx[2];
1707 uint32_t iep0_ctx[5];
1708 uint32_t ep0_ctx[5];
1709 uint32_t islot_ctx[4];
1710 uint32_t slot_ctx[4];
1711
348f1037 1712 trace_usb_xhci_slot_evaluate(slotid);
62c6ae04 1713 assert(slotid >= 1 && slotid <= MAXSLOTS);
62c6ae04
HM		 1714
1715 ictx = xhci_mask64(pictx);
1716 octx = xhci->slots[slotid-1].ctx;
1717
59a70ccd
DG		 1718 DPRINTF("xhci: input context at "DMA_ADDR_FMT"\n", ictx);
1719 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx);
62c6ae04 1720
59a70ccd 1721 pci_dma_read(&xhci->pci_dev, ictx, ictl_ctx, sizeof(ictl_ctx));
62c6ae04
HM		 1722
1723 if (ictl_ctx[0] != 0x0 || ictl_ctx[1] & ~0x3) {
1724 fprintf(stderr, "xhci: invalid input context control %08x %08x\n",
1725 ictl_ctx[0], ictl_ctx[1]);
1726 return CC_TRB_ERROR;
1727 }
1728
1729 if (ictl_ctx[1] & 0x1) {
59a70ccd 1730 pci_dma_read(&xhci->pci_dev, ictx+32, islot_ctx, sizeof(islot_ctx));
62c6ae04
HM		 1731
1732 DPRINTF("xhci: input slot context: %08x %08x %08x %08x\n",
1733 islot_ctx[0], islot_ctx[1], islot_ctx[2], islot_ctx[3]);
1734
59a70ccd 1735 pci_dma_read(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
62c6ae04
HM		 1736
1737 slot_ctx[1] &= ~0xFFFF; /* max exit latency */
1738 slot_ctx[1] |= islot_ctx[1] & 0xFFFF;
1739 slot_ctx[2] &= ~0xFF00000; /* interrupter target */
1740 slot_ctx[2] |= islot_ctx[2] & 0xFF000000;
1741
1742 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n",
1743 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]);
1744
59a70ccd 1745 pci_dma_write(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
62c6ae04
HM		 1746 }
1747
1748 if (ictl_ctx[1] & 0x2) {
59a70ccd 1749 pci_dma_read(&xhci->pci_dev, ictx+64, iep0_ctx, sizeof(iep0_ctx));
62c6ae04
HM		 1750
1751 DPRINTF("xhci: input ep0 context: %08x %08x %08x %08x %08x\n",
1752 iep0_ctx[0], iep0_ctx[1], iep0_ctx[2],
1753 iep0_ctx[3], iep0_ctx[4]);
1754
59a70ccd 1755 pci_dma_read(&xhci->pci_dev, octx+32, ep0_ctx, sizeof(ep0_ctx));
62c6ae04
HM		 1756
1757 ep0_ctx[1] &= ~0xFFFF0000; /* max packet size*/
1758 ep0_ctx[1] |= iep0_ctx[1] & 0xFFFF0000;
1759
1760 DPRINTF("xhci: output ep0 context: %08x %08x %08x %08x %08x\n",
1761 ep0_ctx[0], ep0_ctx[1], ep0_ctx[2], ep0_ctx[3], ep0_ctx[4]);
1762
59a70ccd 1763 pci_dma_write(&xhci->pci_dev, octx+32, ep0_ctx, sizeof(ep0_ctx));
62c6ae04
HM		 1764 }
1765
1766 return CC_SUCCESS;
1767}
1768
1769static TRBCCode xhci_reset_slot(XHCIState *xhci, unsigned int slotid)
1770{
1771 uint32_t slot_ctx[4];
59a70ccd 1772 dma_addr_t octx;
62c6ae04
HM		 1773 int i;
1774
348f1037 1775 trace_usb_xhci_slot_reset(slotid);
62c6ae04 1776 assert(slotid >= 1 && slotid <= MAXSLOTS);
62c6ae04
HM		 1777
1778 octx = xhci->slots[slotid-1].ctx;
1779
59a70ccd 1780 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx);
62c6ae04
HM		 1781
1782 for (i = 2; i <= 31; i++) {
1783 if (xhci->slots[slotid-1].eps[i-1]) {
1784 xhci_disable_ep(xhci, slotid, i);
1785 }
1786 }
1787
59a70ccd 1788 pci_dma_read(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
62c6ae04
HM		 1789 slot_ctx[3] &= ~(SLOT_STATE_MASK << SLOT_STATE_SHIFT);
1790 slot_ctx[3] |= SLOT_DEFAULT << SLOT_STATE_SHIFT;
1791 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n",
1792 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]);
59a70ccd 1793 pci_dma_write(&xhci->pci_dev, octx, slot_ctx, sizeof(slot_ctx));
62c6ae04
HM		 1794
1795 return CC_SUCCESS;
1796}
1797
1798static unsigned int xhci_get_slot(XHCIState *xhci, XHCIEvent *event, XHCITRB *trb)
1799{
1800 unsigned int slotid;
1801 slotid = (trb->control >> TRB_CR_SLOTID_SHIFT) & TRB_CR_SLOTID_MASK;
1802 if (slotid < 1 || slotid > MAXSLOTS) {
1803 fprintf(stderr, "xhci: bad slot id %d\n", slotid);
1804 event->ccode = CC_TRB_ERROR;
1805 return 0;
1806 } else if (!xhci->slots[slotid-1].enabled) {
1807 fprintf(stderr, "xhci: slot id %d not enabled\n", slotid);
1808 event->ccode = CC_SLOT_NOT_ENABLED_ERROR;
1809 return 0;
1810 }
1811 return slotid;
1812}
1813
1814static TRBCCode xhci_get_port_bandwidth(XHCIState *xhci, uint64_t pctx)
1815{
59a70ccd 1816 dma_addr_t ctx;
62c6ae04
HM		 1817 uint8_t bw_ctx[MAXPORTS+1];
1818
1819 DPRINTF("xhci_get_port_bandwidth()\n");
1820
1821 ctx = xhci_mask64(pctx);
1822
59a70ccd 1823 DPRINTF("xhci: bandwidth context at "DMA_ADDR_FMT"\n", ctx);
62c6ae04
HM		 1824
1825 /* TODO: actually implement real values here */
1826 bw_ctx[0] = 0;
1827 memset(&bw_ctx[1], 80, MAXPORTS); /* 80% */
59a70ccd 1828 pci_dma_write(&xhci->pci_dev, ctx, bw_ctx, sizeof(bw_ctx));
62c6ae04
HM		 1829
1830 return CC_SUCCESS;
1831}
1832
1833static uint32_t rotl(uint32_t v, unsigned count)
1834{
1835 count &= 31;
1836 return (v << count) | (v >> (32 - count));
1837}
1838
1839
1840static uint32_t xhci_nec_challenge(uint32_t hi, uint32_t lo)
1841{
1842 uint32_t val;
1843 val = rotl(lo - 0x49434878, 32 - ((hi>>8) & 0x1F));
1844 val += rotl(lo + 0x49434878, hi & 0x1F);
1845 val -= rotl(hi ^ 0x49434878, (lo >> 16) & 0x1F);
1846 return ~val;
1847}
1848
59a70ccd 1849static void xhci_via_challenge(XHCIState *xhci, uint64_t addr)
62c6ae04
HM		 1850{
1851 uint32_t buf[8];
1852 uint32_t obuf[8];
59a70ccd 1853 dma_addr_t paddr = xhci_mask64(addr);
62c6ae04 1854
59a70ccd 1855 pci_dma_read(&xhci->pci_dev, paddr, &buf, 32);
62c6ae04
HM		 1856
1857 memcpy(obuf, buf, sizeof(obuf));
1858
1859 if ((buf[0] & 0xff) == 2) {
1860 obuf[0] = 0x49932000 + 0x54dc200 * buf[2] + 0x7429b578 * buf[3];
1861 obuf[0] |= (buf[2] * buf[3]) & 0xff;
1862 obuf[1] = 0x0132bb37 + 0xe89 * buf[2] + 0xf09 * buf[3];
1863 obuf[2] = 0x0066c2e9 + 0x2091 * buf[2] + 0x19bd * buf[3];
1864 obuf[3] = 0xd5281342 + 0x2cc9691 * buf[2] + 0x2367662 * buf[3];
1865 obuf[4] = 0x0123c75c + 0x1595 * buf[2] + 0x19ec * buf[3];
1866 obuf[5] = 0x00f695de + 0x26fd * buf[2] + 0x3e9 * buf[3];
1867 obuf[6] = obuf[2] ^ obuf[3] ^ 0x29472956;
1868 obuf[7] = obuf[2] ^ obuf[3] ^ 0x65866593;
1869 }
1870
59a70ccd 1871 pci_dma_write(&xhci->pci_dev, paddr, &obuf, 32);
62c6ae04
HM		 1872}
1873
1874static void xhci_process_commands(XHCIState *xhci)
1875{
1876 XHCITRB trb;
1877 TRBType type;
1878 XHCIEvent event = {ER_COMMAND_COMPLETE, CC_SUCCESS};
59a70ccd 1879 dma_addr_t addr;
62c6ae04
HM		 1880 unsigned int i, slotid = 0;
1881
1882 DPRINTF("xhci_process_commands()\n");
1883 if (!xhci_running(xhci)) {
1884 DPRINTF("xhci_process_commands() called while xHC stopped or paused\n");
1885 return;
1886 }
1887
1888 xhci->crcr_low |= CRCR_CRR;
1889
1890 while ((type = xhci_ring_fetch(xhci, &xhci->cmd_ring, &trb, &addr))) {
1891 event.ptr = addr;
1892 switch (type) {
1893 case CR_ENABLE_SLOT:
1894 for (i = 0; i < MAXSLOTS; i++) {
1895 if (!xhci->slots[i].enabled) {
1896 break;
1897 }
1898 }
1899 if (i >= MAXSLOTS) {
1900 fprintf(stderr, "xhci: no device slots available\n");
1901 event.ccode = CC_NO_SLOTS_ERROR;
1902 } else {
1903 slotid = i+1;
1904 event.ccode = xhci_enable_slot(xhci, slotid);
1905 }
1906 break;
1907 case CR_DISABLE_SLOT:
1908 slotid = xhci_get_slot(xhci, &event, &trb);
1909 if (slotid) {
1910 event.ccode = xhci_disable_slot(xhci, slotid);
1911 }
1912 break;
1913 case CR_ADDRESS_DEVICE:
1914 slotid = xhci_get_slot(xhci, &event, &trb);
1915 if (slotid) {
1916 event.ccode = xhci_address_slot(xhci, slotid, trb.parameter,
1917 trb.control & TRB_CR_BSR);
1918 }
1919 break;
1920 case CR_CONFIGURE_ENDPOINT:
1921 slotid = xhci_get_slot(xhci, &event, &trb);
1922 if (slotid) {
1923 event.ccode = xhci_configure_slot(xhci, slotid, trb.parameter,
1924 trb.control & TRB_CR_DC);
1925 }
1926 break;
1927 case CR_EVALUATE_CONTEXT:
1928 slotid = xhci_get_slot(xhci, &event, &trb);
1929 if (slotid) {
1930 event.ccode = xhci_evaluate_slot(xhci, slotid, trb.parameter);
1931 }
1932 break;
1933 case CR_STOP_ENDPOINT:
1934 slotid = xhci_get_slot(xhci, &event, &trb);
1935 if (slotid) {
1936 unsigned int epid = (trb.control >> TRB_CR_EPID_SHIFT)
1937 & TRB_CR_EPID_MASK;
1938 event.ccode = xhci_stop_ep(xhci, slotid, epid);
1939 }
1940 break;
1941 case CR_RESET_ENDPOINT:
1942 slotid = xhci_get_slot(xhci, &event, &trb);
1943 if (slotid) {
1944 unsigned int epid = (trb.control >> TRB_CR_EPID_SHIFT)
1945 & TRB_CR_EPID_MASK;
1946 event.ccode = xhci_reset_ep(xhci, slotid, epid);
1947 }
1948 break;
1949 case CR_SET_TR_DEQUEUE:
1950 slotid = xhci_get_slot(xhci, &event, &trb);
1951 if (slotid) {
1952 unsigned int epid = (trb.control >> TRB_CR_EPID_SHIFT)
1953 & TRB_CR_EPID_MASK;
1954 event.ccode = xhci_set_ep_dequeue(xhci, slotid, epid,
1955 trb.parameter);
1956 }
1957 break;
1958 case CR_RESET_DEVICE:
1959 slotid = xhci_get_slot(xhci, &event, &trb);
1960 if (slotid) {
1961 event.ccode = xhci_reset_slot(xhci, slotid);
1962 }
1963 break;
1964 case CR_GET_PORT_BANDWIDTH:
1965 event.ccode = xhci_get_port_bandwidth(xhci, trb.parameter);
1966 break;
1967 case CR_VENDOR_VIA_CHALLENGE_RESPONSE:
59a70ccd 1968 xhci_via_challenge(xhci, trb.parameter);
62c6ae04
HM		 1969 break;
1970 case CR_VENDOR_NEC_FIRMWARE_REVISION:
1971 event.type = 48; /* NEC reply */
1972 event.length = 0x3025;
1973 break;
1974 case CR_VENDOR_NEC_CHALLENGE_RESPONSE:
1975 {
1976 uint32_t chi = trb.parameter >> 32;
1977 uint32_t clo = trb.parameter;
1978 uint32_t val = xhci_nec_challenge(chi, clo);
1979 event.length = val & 0xFFFF;
1980 event.epid = val >> 16;
1981 slotid = val >> 24;
1982 event.type = 48; /* NEC reply */
1983 }
1984 break;
1985 default:
1986 fprintf(stderr, "xhci: unimplemented command %d\n", type);
1987 event.ccode = CC_TRB_ERROR;
1988 break;
1989 }
1990 event.slotid = slotid;
1991 xhci_event(xhci, &event);
1992 }
1993}
1994
1995static void xhci_update_port(XHCIState *xhci, XHCIPort *port, int is_detach)
1996{
1997 int nr = port->port.index + 1;
1998
1999 port->portsc = PORTSC_PP;
cf21a4ae 2000 if (port->port.dev && port->port.dev->attached && !is_detach) {
62c6ae04
HM		 2001 port->portsc |= PORTSC_CCS;
2002 switch (port->port.dev->speed) {
2003 case USB_SPEED_LOW:
2004 port->portsc |= PORTSC_SPEED_LOW;
2005 break;
2006 case USB_SPEED_FULL:
2007 port->portsc |= PORTSC_SPEED_FULL;
2008 break;
2009 case USB_SPEED_HIGH:
2010 port->portsc |= PORTSC_SPEED_HIGH;
2011 break;
2012 }
2013 }
2014
2015 if (xhci_running(xhci)) {
2016 port->portsc |= PORTSC_CSC;
2017 XHCIEvent ev = { ER_PORT_STATUS_CHANGE, CC_SUCCESS, nr << 24};
2018 xhci_event(xhci, &ev);
2019 DPRINTF("xhci: port change event for port %d\n", nr);
2020 }
2021}
2022
64619739 2023static void xhci_reset(DeviceState *dev)
62c6ae04 2024{
64619739 2025 XHCIState *xhci = DO_UPCAST(XHCIState, pci_dev.qdev, dev);
62c6ae04
HM		 2026 int i;
2027
2d754a10 2028 trace_usb_xhci_reset();
62c6ae04
HM		 2029 if (!(xhci->usbsts & USBSTS_HCH)) {
2030 fprintf(stderr, "xhci: reset while running!\n");
2031 }
2032
2033 xhci->usbcmd = 0;
2034 xhci->usbsts = USBSTS_HCH;
2035 xhci->dnctrl = 0;
2036 xhci->crcr_low = 0;
2037 xhci->crcr_high = 0;
2038 xhci->dcbaap_low = 0;
2039 xhci->dcbaap_high = 0;
2040 xhci->config = 0;
2041 xhci->devaddr = 2;
2042
2043 for (i = 0; i < MAXSLOTS; i++) {
2044 xhci_disable_slot(xhci, i+1);
2045 }
2046
2047 for (i = 0; i < MAXPORTS; i++) {
2048 xhci_update_port(xhci, xhci->ports + i, 0);
2049 }
2050
2051 xhci->mfindex = 0;
2052 xhci->iman = 0;
2053 xhci->imod = 0;
2054 xhci->erstsz = 0;
2055 xhci->erstba_low = 0;
2056 xhci->erstba_high = 0;
2057 xhci->erdp_low = 0;
2058 xhci->erdp_high = 0;
2059
2060 xhci->er_ep_idx = 0;
2061 xhci->er_pcs = 1;
2062 xhci->er_full = 0;
2063 xhci->ev_buffer_put = 0;
2064 xhci->ev_buffer_get = 0;
2065}
2066
2067static uint32_t xhci_cap_read(XHCIState *xhci, uint32_t reg)
2068{
2d754a10 2069 uint32_t ret;
62c6ae04
HM		 2070
2071 switch (reg) {
2072 case 0x00: /* HCIVERSION, CAPLENGTH */
2d754a10
GH		 2073 ret = 0x01000000 | LEN_CAP;
2074 break;
62c6ae04 2075 case 0x04: /* HCSPARAMS 1 */
2d754a10
GH		 2076 ret = (MAXPORTS<<24) | (MAXINTRS<<8) | MAXSLOTS;
2077 break;
62c6ae04 2078 case 0x08: /* HCSPARAMS 2 */
2d754a10
GH		 2079 ret = 0x0000000f;
2080 break;
62c6ae04 2081 case 0x0c: /* HCSPARAMS 3 */
2d754a10
GH		 2082 ret = 0x00000000;
2083 break;
62c6ae04 2084 case 0x10: /* HCCPARAMS */
2d754a10
GH		 2085 if (sizeof(dma_addr_t) == 4) {
2086 ret = 0x00081000;
2087 } else {
2088 ret = 0x00081001;
2089 }
2090 break;
62c6ae04 2091 case 0x14: /* DBOFF */
2d754a10
GH		 2092 ret = OFF_DOORBELL;
2093 break;
62c6ae04 2094 case 0x18: /* RTSOFF */
2d754a10
GH		 2095 ret = OFF_RUNTIME;
2096 break;
62c6ae04
HM		 2097
2098 /* extended capabilities */
2099 case 0x20: /* Supported Protocol:00 */
2d754a10
GH		 2100 ret = 0x02000402; /* USB 2.0 */
2101 break;
62c6ae04 2102 case 0x24: /* Supported Protocol:04 */
2d754a10
GH		 2103 ret = 0x20425455; /* "USB " */
2104 break;
62c6ae04 2105 case 0x28: /* Supported Protocol:08 */
2d754a10
GH		 2106 ret = 0x00000001 | (USB2_PORTS<<8);
2107 break;
62c6ae04 2108 case 0x2c: /* Supported Protocol:0c */
2d754a10
GH		 2109 ret = 0x00000000; /* reserved */
2110 break;
62c6ae04 2111 case 0x30: /* Supported Protocol:00 */
2d754a10
GH		 2112 ret = 0x03000002; /* USB 3.0 */
2113 break;
62c6ae04 2114 case 0x34: /* Supported Protocol:04 */
2d754a10
GH		 2115 ret = 0x20425455; /* "USB " */
2116 break;
62c6ae04 2117 case 0x38: /* Supported Protocol:08 */
2d754a10
GH		 2118 ret = 0x00000000 | (USB2_PORTS+1) | (USB3_PORTS<<8);
2119 break;
62c6ae04 2120 case 0x3c: /* Supported Protocol:0c */
2d754a10
GH		 2121 ret = 0x00000000; /* reserved */
2122 break;
62c6ae04
HM		 2123 default:
2124 fprintf(stderr, "xhci_cap_read: reg %d unimplemented\n", reg);
2d754a10 2125 ret = 0;
62c6ae04 2126 }
2d754a10
GH		 2127
2128 trace_usb_xhci_cap_read(reg, ret);
2129 return ret;
62c6ae04
HM		 2130}
2131
2132static uint32_t xhci_port_read(XHCIState *xhci, uint32_t reg)
2133{
2134 uint32_t port = reg >> 4;
2d754a10
GH		 2135 uint32_t ret;
2136
62c6ae04
HM		 2137 if (port >= MAXPORTS) {
2138 fprintf(stderr, "xhci_port_read: port %d out of bounds\n", port);
2d754a10
GH		 2139 ret = 0;
2140 goto out;
62c6ae04
HM		 2141 }
2142
2143 switch (reg & 0xf) {
2144 case 0x00: /* PORTSC */
2d754a10
GH		 2145 ret = xhci->ports[port].portsc;
2146 break;
62c6ae04
HM		 2147 case 0x04: /* PORTPMSC */
2148 case 0x08: /* PORTLI */
2d754a10
GH		 2149 ret = 0;
2150 break;
62c6ae04
HM		 2151 case 0x0c: /* reserved */
2152 default:
2153 fprintf(stderr, "xhci_port_read (port %d): reg 0x%x unimplemented\n",
2154 port, reg);
2d754a10 2155 ret = 0;
62c6ae04 2156 }
2d754a10
GH		 2157
2158out:
2159 trace_usb_xhci_port_read(port, reg & 0x0f, ret);
2160 return ret;
62c6ae04
HM		 2161}
2162
2163static void xhci_port_write(XHCIState *xhci, uint32_t reg, uint32_t val)
2164{
2165 uint32_t port = reg >> 4;
2166 uint32_t portsc;
2167
2d754a10
GH		 2168 trace_usb_xhci_port_write(port, reg & 0x0f, val);
2169
62c6ae04
HM		 2170 if (port >= MAXPORTS) {
2171 fprintf(stderr, "xhci_port_read: port %d out of bounds\n", port);
2172 return;
2173 }
2174
2175 switch (reg & 0xf) {
2176 case 0x00: /* PORTSC */
2177 portsc = xhci->ports[port].portsc;
2178 /* write-1-to-clear bits*/
2179 portsc &= ~(val & (PORTSC_CSC|PORTSC_PEC|PORTSC_WRC|PORTSC_OCC|
2180 PORTSC_PRC|PORTSC_PLC|PORTSC_CEC));
2181 if (val & PORTSC_LWS) {
2182 /* overwrite PLS only when LWS=1 */
2183 portsc &= ~(PORTSC_PLS_MASK << PORTSC_PLS_SHIFT);
2184 portsc |= val & (PORTSC_PLS_MASK << PORTSC_PLS_SHIFT);
2185 }
2186 /* read/write bits */
2187 portsc &= ~(PORTSC_PP|PORTSC_WCE|PORTSC_WDE|PORTSC_WOE);
2188 portsc |= (val & (PORTSC_PP|PORTSC_WCE|PORTSC_WDE|PORTSC_WOE));
2189 /* write-1-to-start bits */
2190 if (val & PORTSC_PR) {
2191 DPRINTF("xhci: port %d reset\n", port);
d28f4e2d 2192 usb_device_reset(xhci->ports[port].port.dev);
62c6ae04
HM		 2193 portsc |= PORTSC_PRC | PORTSC_PED;
2194 }
2195 xhci->ports[port].portsc = portsc;
2196 break;
2197 case 0x04: /* PORTPMSC */
2198 case 0x08: /* PORTLI */
2199 default:
2200 fprintf(stderr, "xhci_port_write (port %d): reg 0x%x unimplemented\n",
2201 port, reg);
2202 }
2203}
2204
2205static uint32_t xhci_oper_read(XHCIState *xhci, uint32_t reg)
2206{
2d754a10 2207 uint32_t ret;
62c6ae04
HM		 2208
2209 if (reg >= 0x400) {
2210 return xhci_port_read(xhci, reg - 0x400);
2211 }
2212
2213 switch (reg) {
2214 case 0x00: /* USBCMD */
2d754a10
GH		 2215 ret = xhci->usbcmd;
2216 break;
62c6ae04 2217 case 0x04: /* USBSTS */
2d754a10
GH		 2218 ret = xhci->usbsts;
2219 break;
62c6ae04 2220 case 0x08: /* PAGESIZE */
2d754a10
GH		 2221 ret = 1; /* 4KiB */
2222 break;
62c6ae04 2223 case 0x14: /* DNCTRL */
2d754a10
GH		 2224 ret = xhci->dnctrl;
2225 break;
62c6ae04 2226 case 0x18: /* CRCR low */
2d754a10
GH		 2227 ret = xhci->crcr_low & ~0xe;
2228 break;
62c6ae04 2229 case 0x1c: /* CRCR high */
2d754a10
GH		 2230 ret = xhci->crcr_high;
2231 break;
62c6ae04 2232 case 0x30: /* DCBAAP low */
2d754a10
GH		 2233 ret = xhci->dcbaap_low;
2234 break;
62c6ae04 2235 case 0x34: /* DCBAAP high */
2d754a10
GH		 2236 ret = xhci->dcbaap_high;
2237 break;
62c6ae04 2238 case 0x38: /* CONFIG */
2d754a10
GH		 2239 ret = xhci->config;
2240 break;
62c6ae04
HM		 2241 default:
2242 fprintf(stderr, "xhci_oper_read: reg 0x%x unimplemented\n", reg);
2d754a10 2243 ret = 0;
62c6ae04 2244 }
2d754a10
GH		 2245
2246 trace_usb_xhci_oper_read(reg, ret);
2247 return ret;
62c6ae04
HM		 2248}
2249
2250static void xhci_oper_write(XHCIState *xhci, uint32_t reg, uint32_t val)
2251{
62c6ae04
HM		 2252 if (reg >= 0x400) {
2253 xhci_port_write(xhci, reg - 0x400, val);
2254 return;
2255 }
2256
2d754a10
GH		 2257 trace_usb_xhci_oper_write(reg, val);
2258
62c6ae04
HM		 2259 switch (reg) {
2260 case 0x00: /* USBCMD */
2261 if ((val & USBCMD_RS) && !(xhci->usbcmd & USBCMD_RS)) {
2262 xhci_run(xhci);
2263 } else if (!(val & USBCMD_RS) && (xhci->usbcmd & USBCMD_RS)) {
2264 xhci_stop(xhci);
2265 }
2266 xhci->usbcmd = val & 0xc0f;
2267 if (val & USBCMD_HCRST) {
64619739 2268 xhci_reset(&xhci->pci_dev.qdev);
62c6ae04
HM		 2269 }
2270 xhci_irq_update(xhci);
2271 break;
2272
2273 case 0x04: /* USBSTS */
2274 /* these bits are write-1-to-clear */
2275 xhci->usbsts &= ~(val & (USBSTS_HSE|USBSTS_EINT|USBSTS_PCD|USBSTS_SRE));
2276 xhci_irq_update(xhci);
2277 break;
2278
2279 case 0x14: /* DNCTRL */
2280 xhci->dnctrl = val & 0xffff;
2281 break;
2282 case 0x18: /* CRCR low */
2283 xhci->crcr_low = (val & 0xffffffcf) | (xhci->crcr_low & CRCR_CRR);
2284 break;
2285 case 0x1c: /* CRCR high */
2286 xhci->crcr_high = val;
2287 if (xhci->crcr_low & (CRCR_CA|CRCR_CS) && (xhci->crcr_low & CRCR_CRR)) {
2288 XHCIEvent event = {ER_COMMAND_COMPLETE, CC_COMMAND_RING_STOPPED};
2289 xhci->crcr_low &= ~CRCR_CRR;
2290 xhci_event(xhci, &event);
2291 DPRINTF("xhci: command ring stopped (CRCR=%08x)\n", xhci->crcr_low);
2292 } else {
59a70ccd 2293 dma_addr_t base = xhci_addr64(xhci->crcr_low & ~0x3f, val);
62c6ae04
HM		 2294 xhci_ring_init(xhci, &xhci->cmd_ring, base);
2295 }
2296 xhci->crcr_low &= ~(CRCR_CA | CRCR_CS);
2297 break;
2298 case 0x30: /* DCBAAP low */
2299 xhci->dcbaap_low = val & 0xffffffc0;
2300 break;
2301 case 0x34: /* DCBAAP high */
2302 xhci->dcbaap_high = val;
2303 break;
2304 case 0x38: /* CONFIG */
2305 xhci->config = val & 0xff;
2306 break;
2307 default:
2308 fprintf(stderr, "xhci_oper_write: reg 0x%x unimplemented\n", reg);
2309 }
2310}
2311
2312static uint32_t xhci_runtime_read(XHCIState *xhci, uint32_t reg)
2313{
2d754a10 2314 uint32_t ret;
62c6ae04
HM		 2315
2316 switch (reg) {
2317 case 0x00: /* MFINDEX */
2318 fprintf(stderr, "xhci_runtime_read: MFINDEX not yet implemented\n");
2d754a10
GH		 2319 ret = xhci->mfindex;
2320 break;
62c6ae04 2321 case 0x20: /* IMAN */
2d754a10
GH		 2322 ret = xhci->iman;
2323 break;
62c6ae04 2324 case 0x24: /* IMOD */
2d754a10
GH		 2325 ret = xhci->imod;
2326 break;
62c6ae04 2327 case 0x28: /* ERSTSZ */
2d754a10
GH		 2328 ret = xhci->erstsz;
2329 break;
62c6ae04 2330 case 0x30: /* ERSTBA low */
2d754a10
GH		 2331 ret = xhci->erstba_low;
2332 break;
62c6ae04 2333 case 0x34: /* ERSTBA high */
2d754a10
GH		 2334 ret = xhci->erstba_high;
2335 break;
62c6ae04 2336 case 0x38: /* ERDP low */
2d754a10
GH		 2337 ret = xhci->erdp_low;
2338 break;
62c6ae04 2339 case 0x3c: /* ERDP high */
2d754a10
GH		 2340 ret = xhci->erdp_high;
2341 break;
62c6ae04
HM		 2342 default:
2343 fprintf(stderr, "xhci_runtime_read: reg 0x%x unimplemented\n", reg);
2d754a10 2344 ret = 0;
62c6ae04 2345 }
2d754a10
GH		 2346
2347 trace_usb_xhci_runtime_read(reg, ret);
2348 return ret;
62c6ae04
HM		 2349}
2350
2351static void xhci_runtime_write(XHCIState *xhci, uint32_t reg, uint32_t val)
2352{
2d754a10 2353 trace_usb_xhci_runtime_read(reg, val);
62c6ae04
HM		 2354
2355 switch (reg) {
2356 case 0x20: /* IMAN */
2357 if (val & IMAN_IP) {
2358 xhci->iman &= ~IMAN_IP;
2359 }
2360 xhci->iman &= ~IMAN_IE;
2361 xhci->iman |= val & IMAN_IE;
2362 xhci_irq_update(xhci);
2363 break;
2364 case 0x24: /* IMOD */
2365 xhci->imod = val;
2366 break;
2367 case 0x28: /* ERSTSZ */
2368 xhci->erstsz = val & 0xffff;
2369 break;
2370 case 0x30: /* ERSTBA low */
2371 /* XXX NEC driver bug: it doesn't align this to 64 bytes
2372 xhci->erstba_low = val & 0xffffffc0; */
2373 xhci->erstba_low = val & 0xfffffff0;
2374 break;
2375 case 0x34: /* ERSTBA high */
2376 xhci->erstba_high = val;
2377 xhci_er_reset(xhci);
2378 break;
2379 case 0x38: /* ERDP low */
2380 if (val & ERDP_EHB) {
2381 xhci->erdp_low &= ~ERDP_EHB;
2382 }
2383 xhci->erdp_low = (val & ~ERDP_EHB) | (xhci->erdp_low & ERDP_EHB);
2384 break;
2385 case 0x3c: /* ERDP high */
2386 xhci->erdp_high = val;
2387 xhci_events_update(xhci);
2388 break;
2389 default:
2390 fprintf(stderr, "xhci_oper_write: reg 0x%x unimplemented\n", reg);
2391 }
2392}
2393
2394static uint32_t xhci_doorbell_read(XHCIState *xhci, uint32_t reg)
2395{
62c6ae04 2396 /* doorbells always read as 0 */
2d754a10 2397 trace_usb_xhci_doorbell_read(reg, 0);
62c6ae04
HM		 2398 return 0;
2399}
2400
2401static void xhci_doorbell_write(XHCIState *xhci, uint32_t reg, uint32_t val)
2402{
2d754a10 2403 trace_usb_xhci_doorbell_write(reg, val);
62c6ae04
HM		 2404
2405 if (!xhci_running(xhci)) {
2406 fprintf(stderr, "xhci: wrote doorbell while xHC stopped or paused\n");
2407 return;
2408 }
2409
2410 reg >>= 2;
2411
2412 if (reg == 0) {
2413 if (val == 0) {
2414 xhci_process_commands(xhci);
2415 } else {
2416 fprintf(stderr, "xhci: bad doorbell 0 write: 0x%x\n", val);
2417 }
2418 } else {
2419 if (reg > MAXSLOTS) {
2420 fprintf(stderr, "xhci: bad doorbell %d\n", reg);
2421 } else if (val > 31) {
2422 fprintf(stderr, "xhci: bad doorbell %d write: 0x%x\n", reg, val);
2423 } else {
2424 xhci_kick_ep(xhci, reg, val);
2425 }
2426 }
2427}
2428
2429static uint64_t xhci_mem_read(void *ptr, target_phys_addr_t addr,
2430 unsigned size)
2431{
2432 XHCIState *xhci = ptr;
2433
2434 /* Only aligned reads are allowed on xHCI */
2435 if (addr & 3) {
2436 fprintf(stderr, "xhci_mem_read: Mis-aligned read\n");
2437 return 0;
2438 }
2439
2440 if (addr < LEN_CAP) {
2441 return xhci_cap_read(xhci, addr);
2442 } else if (addr >= OFF_OPER && addr < (OFF_OPER + LEN_OPER)) {
2443 return xhci_oper_read(xhci, addr - OFF_OPER);
2444 } else if (addr >= OFF_RUNTIME && addr < (OFF_RUNTIME + LEN_RUNTIME)) {
2445 return xhci_runtime_read(xhci, addr - OFF_RUNTIME);
2446 } else if (addr >= OFF_DOORBELL && addr < (OFF_DOORBELL + LEN_DOORBELL)) {
2447 return xhci_doorbell_read(xhci, addr - OFF_DOORBELL);
2448 } else {
2449 fprintf(stderr, "xhci_mem_read: Bad offset %x\n", (int)addr);
2450 return 0;
2451 }
2452}
2453
2454static void xhci_mem_write(void *ptr, target_phys_addr_t addr,
2455 uint64_t val, unsigned size)
2456{
2457 XHCIState *xhci = ptr;
2458
2459 /* Only aligned writes are allowed on xHCI */
2460 if (addr & 3) {
2461 fprintf(stderr, "xhci_mem_write: Mis-aligned write\n");
2462 return;
2463 }
2464
2465 if (addr >= OFF_OPER && addr < (OFF_OPER + LEN_OPER)) {
2466 xhci_oper_write(xhci, addr - OFF_OPER, val);
2467 } else if (addr >= OFF_RUNTIME && addr < (OFF_RUNTIME + LEN_RUNTIME)) {
2468 xhci_runtime_write(xhci, addr - OFF_RUNTIME, val);
2469 } else if (addr >= OFF_DOORBELL && addr < (OFF_DOORBELL + LEN_DOORBELL)) {
2470 xhci_doorbell_write(xhci, addr - OFF_DOORBELL, val);
2471 } else {
2472 fprintf(stderr, "xhci_mem_write: Bad offset %x\n", (int)addr);
2473 }
2474}
2475
2476static const MemoryRegionOps xhci_mem_ops = {
2477 .read = xhci_mem_read,
2478 .write = xhci_mem_write,
2479 .valid.min_access_size = 4,
2480 .valid.max_access_size = 4,
2481 .endianness = DEVICE_LITTLE_ENDIAN,
2482};
2483
2484static void xhci_attach(USBPort *usbport)
2485{
2486 XHCIState *xhci = usbport->opaque;
2487 XHCIPort *port = &xhci->ports[usbport->index];
2488
2489 xhci_update_port(xhci, port, 0);
2490}
2491
2492static void xhci_detach(USBPort *usbport)
2493{
2494 XHCIState *xhci = usbport->opaque;
2495 XHCIPort *port = &xhci->ports[usbport->index];
2496
2497 xhci_update_port(xhci, port, 1);
2498}
2499
8c735e43
GH		 2500static void xhci_wakeup(USBPort *usbport)
2501{
2502 XHCIState *xhci = usbport->opaque;
2503 XHCIPort *port = &xhci->ports[usbport->index];
2504 int nr = port->port.index + 1;
2505 XHCIEvent ev = { ER_PORT_STATUS_CHANGE, CC_SUCCESS, nr << 24};
2506 uint32_t pls;
2507
2508 pls = (port->portsc >> PORTSC_PLS_SHIFT) & PORTSC_PLS_MASK;
2509 if (pls != 3) {
2510 return;
2511 }
2512 port->portsc |= 0xf << PORTSC_PLS_SHIFT;
2513 if (port->portsc & PORTSC_PLC) {
2514 return;
2515 }
2516 port->portsc |= PORTSC_PLC;
2517 xhci_event(xhci, &ev);
2518}
2519
62c6ae04
HM		 2520static void xhci_complete(USBPort *port, USBPacket *packet)
2521{
2522 XHCITransfer *xfer = container_of(packet, XHCITransfer, packet);
2523
2524 xhci_complete_packet(xfer, packet->result);
2525 xhci_kick_ep(xfer->xhci, xfer->slotid, xfer->epid);
2526}
2527
2528static void xhci_child_detach(USBPort *port, USBDevice *child)
2529{
2530 FIXME();
2531}
2532
2533static USBPortOps xhci_port_ops = {
2534 .attach = xhci_attach,
2535 .detach = xhci_detach,
8c735e43 2536 .wakeup = xhci_wakeup,
62c6ae04
HM		 2537 .complete = xhci_complete,
2538 .child_detach = xhci_child_detach,
2539};
2540
7c605a23
GH		 2541static int xhci_find_slotid(XHCIState *xhci, USBDevice *dev)
2542{
2543 XHCISlot *slot;
2544 int slotid;
2545
2546 for (slotid = 1; slotid <= MAXSLOTS; slotid++) {
2547 slot = &xhci->slots[slotid-1];
2548 if (slot->devaddr == dev->addr) {
2549 return slotid;
2550 }
2551 }
2552 return 0;
2553}
2554
2555static int xhci_find_epid(USBEndpoint *ep)
2556{
2557 if (ep->nr == 0) {
2558 return 1;
2559 }
2560 if (ep->pid == USB_TOKEN_IN) {
2561 return ep->nr * 2 + 1;
2562 } else {
2563 return ep->nr * 2;
2564 }
2565}
2566
2567static void xhci_wakeup_endpoint(USBBus *bus, USBEndpoint *ep)
2568{
2569 XHCIState *xhci = container_of(bus, XHCIState, bus);
2570 int slotid;
2571
2572 DPRINTF("%s\n", __func__);
2573 slotid = xhci_find_slotid(xhci, ep->dev);
2574 if (slotid == 0 || !xhci->slots[slotid-1].enabled) {
2575 DPRINTF("%s: oops, no slot for dev %d\n", __func__, ep->dev->addr);
2576 return;
2577 }
2578 xhci_kick_ep(xhci, slotid, xhci_find_epid(ep));
2579}
2580
62c6ae04 2581static USBBusOps xhci_bus_ops = {
7c605a23 2582 .wakeup_endpoint = xhci_wakeup_endpoint,
62c6ae04
HM		 2583};
2584
2585static void usb_xhci_init(XHCIState *xhci, DeviceState *dev)
2586{
2587 int i;
2588
2589 xhci->usbsts = USBSTS_HCH;
2590
2591 usb_bus_new(&xhci->bus, &xhci_bus_ops, &xhci->pci_dev.qdev);
2592
2593 for (i = 0; i < MAXPORTS; i++) {
2594 memset(&xhci->ports[i], 0, sizeof(xhci->ports[i]));
2595 usb_register_port(&xhci->bus, &xhci->ports[i].port, xhci, i,
606352b7
GH		 2596 &xhci_port_ops,
2597 USB_SPEED_MASK_LOW |
2598 USB_SPEED_MASK_FULL |
2599 USB_SPEED_MASK_HIGH);
62c6ae04
HM		 2600 }
2601 for (i = 0; i < MAXSLOTS; i++) {
2602 xhci->slots[i].enabled = 0;
2603 }
62c6ae04
HM		 2604}
2605
2606static int usb_xhci_initfn(struct PCIDevice *dev)
2607{
2608 int ret;
2609
2610 XHCIState *xhci = DO_UPCAST(XHCIState, pci_dev, dev);
2611
2612 xhci->pci_dev.config[PCI_CLASS_PROG] = 0x30; /* xHCI */
2613 xhci->pci_dev.config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin 1 */
2614 xhci->pci_dev.config[PCI_CACHE_LINE_SIZE] = 0x10;
2615 xhci->pci_dev.config[0x60] = 0x30; /* release number */
2616
2617 usb_xhci_init(xhci, &dev->qdev);
2618
2619 xhci->irq = xhci->pci_dev.irq[0];
2620
2621 memory_region_init_io(&xhci->mem, &xhci_mem_ops, xhci,
2622 "xhci", LEN_REGS);
2623 pci_register_bar(&xhci->pci_dev, 0,
2624 PCI_BASE_ADDRESS_SPACE_MEMORY|PCI_BASE_ADDRESS_MEM_TYPE_64,
2625 &xhci->mem);
2626
2627 ret = pcie_cap_init(&xhci->pci_dev, 0xa0, PCI_EXP_TYPE_ENDPOINT, 0);
2628 assert(ret >= 0);
2629
2630 if (xhci->msi) {
2631 ret = msi_init(&xhci->pci_dev, 0x70, 1, true, false);
2632 assert(ret >= 0);
2633 }
2634
2635 return 0;
2636}
2637
2638static void xhci_write_config(PCIDevice *dev, uint32_t addr, uint32_t val,
2639 int len)
2640{
2641 XHCIState *xhci = DO_UPCAST(XHCIState, pci_dev, dev);
2642
2643 pci_default_write_config(dev, addr, val, len);
2644 if (xhci->msi) {
2645 msi_write_config(dev, addr, val, len);
2646 }
2647}
2648
2649static const VMStateDescription vmstate_xhci = {
2650 .name = "xhci",
2651 .unmigratable = 1,
2652};
2653
39bffca2
AL		 2654static Property xhci_properties[] = {
2655 DEFINE_PROP_UINT32("msi", XHCIState, msi, 0),
2656 DEFINE_PROP_END_OF_LIST(),
2657};
2658
40021f08
AL		 2659static void xhci_class_init(ObjectClass *klass, void *data)
2660{
2661 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
39bffca2 2662 DeviceClass *dc = DEVICE_CLASS(klass);
40021f08 2663
39bffca2
AL		 2664 dc->vmsd = &vmstate_xhci;
2665 dc->props = xhci_properties;
64619739 2666 dc->reset = xhci_reset;
40021f08
AL		 2667 k->init = usb_xhci_initfn;
2668 k->vendor_id = PCI_VENDOR_ID_NEC;
2669 k->device_id = PCI_DEVICE_ID_NEC_UPD720200;
2670 k->class_id = PCI_CLASS_SERIAL_USB;
2671 k->revision = 0x03;
2672 k->is_express = 1;
2673 k->config_write = xhci_write_config;
2674}
2675
39bffca2
AL		 2676static TypeInfo xhci_info = {
2677 .name = "nec-usb-xhci",
2678 .parent = TYPE_PCI_DEVICE,
2679 .instance_size = sizeof(XHCIState),
2680 .class_init = xhci_class_init,
62c6ae04
HM		 2681};
2682
83f7d43a 2683static void xhci_register_types(void)
62c6ae04 2684{
39bffca2 2685 type_register_static(&xhci_info);
62c6ae04 2686}
83f7d43a
AF		 2687
2688type_init(xhci_register_types)
Empty description
This page took 0.495501 seconds and 4 git commands to generate.