2 * USB UHCI controller emulation
4 * Copyright (c) 2005 Fabrice Bellard
6 * Copyright (c) 2008 Max Krasnyansky
7 * Magor rewrite of the UHCI data structures parser and frame processor
8 * Support for fully async operation and multiple outstanding transactions
10 * Permission is hereby granted, free of charge, to any person obtaining a copy
11 * of this software and associated documentation files (the "Software"), to deal
12 * in the Software without restriction, including without limitation the rights
13 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
14 * copies of the Software, and to permit persons to whom the Software is
15 * furnished to do so, subject to the following conditions:
17 * The above copyright notice and this permission notice shall be included in
18 * all copies or substantial portions of the Software.
20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
23 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
25 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
31 #include "qemu-timer.h"
37 //#define DEBUG_DUMP_DATA
39 #define UHCI_CMD_FGR (1 << 4)
40 #define UHCI_CMD_EGSM (1 << 3)
41 #define UHCI_CMD_GRESET (1 << 2)
42 #define UHCI_CMD_HCRESET (1 << 1)
43 #define UHCI_CMD_RS (1 << 0)
45 #define UHCI_STS_HCHALTED (1 << 5)
46 #define UHCI_STS_HCPERR (1 << 4)
47 #define UHCI_STS_HSERR (1 << 3)
48 #define UHCI_STS_RD (1 << 2)
49 #define UHCI_STS_USBERR (1 << 1)
50 #define UHCI_STS_USBINT (1 << 0)
52 #define TD_CTRL_SPD (1 << 29)
53 #define TD_CTRL_ERROR_SHIFT 27
54 #define TD_CTRL_IOS (1 << 25)
55 #define TD_CTRL_IOC (1 << 24)
56 #define TD_CTRL_ACTIVE (1 << 23)
57 #define TD_CTRL_STALL (1 << 22)
58 #define TD_CTRL_BABBLE (1 << 20)
59 #define TD_CTRL_NAK (1 << 19)
60 #define TD_CTRL_TIMEOUT (1 << 18)
62 #define UHCI_PORT_SUSPEND (1 << 12)
63 #define UHCI_PORT_RESET (1 << 9)
64 #define UHCI_PORT_LSDA (1 << 8)
65 #define UHCI_PORT_RD (1 << 6)
66 #define UHCI_PORT_ENC (1 << 3)
67 #define UHCI_PORT_EN (1 << 2)
68 #define UHCI_PORT_CSC (1 << 1)
69 #define UHCI_PORT_CCS (1 << 0)
71 #define UHCI_PORT_READ_ONLY (0x1bb)
72 #define UHCI_PORT_WRITE_CLEAR (UHCI_PORT_CSC | UHCI_PORT_ENC)
74 #define FRAME_TIMER_FREQ 1000
76 #define FRAME_MAX_LOOPS 100
81 #define DPRINTF printf
83 static const char *pid2str(int pid)
86 case USB_TOKEN_SETUP: return "SETUP";
87 case USB_TOKEN_IN: return "IN";
88 case USB_TOKEN_OUT: return "OUT";
97 #ifdef DEBUG_DUMP_DATA
98 static void dump_data(USBPacket *p, int ret)
100 iov_hexdump(p->iov.iov, p->iov.niov, stderr, "uhci", ret);
103 static void dump_data(USBPacket *p, int ret) {}
106 typedef struct UHCIState UHCIState;
109 * Pending async transaction.
110 * 'packet' must be the first field because completion
111 * handler does "(UHCIAsync *) pkt" cast.
113 typedef struct UHCIAsync {
117 QTAILQ_ENTRY(UHCIAsync) next;
125 typedef struct UHCIPort {
133 USBBus bus; /* Note unused when we're a companion controller */
134 uint16_t cmd; /* cmd register */
136 uint16_t intr; /* interrupt enable register */
137 uint16_t frnum; /* frame number */
138 uint32_t fl_base_addr; /* frame list base address */
140 uint8_t status2; /* bit 0 and 1 are used to generate UHCI_STS_USBINT */
142 QEMUTimer *frame_timer;
143 UHCIPort ports[NB_PORTS];
145 /* Interrupts that should be raised at the end of the current frame. */
146 uint32_t pending_int_mask;
149 QTAILQ_HEAD(,UHCIAsync) async_pending;
150 uint8_t num_ports_vmstate;
157 typedef struct UHCI_TD {
159 uint32_t ctrl; /* see TD_CTRL_xxx */
164 typedef struct UHCI_QH {
169 static UHCIAsync *uhci_async_alloc(UHCIState *s)
171 UHCIAsync *async = g_malloc(sizeof(UHCIAsync));
173 memset(&async->packet, 0, sizeof(async->packet));
180 usb_packet_init(&async->packet);
181 qemu_sglist_init(&async->sgl, 1);
186 static void uhci_async_free(UHCIState *s, UHCIAsync *async)
188 usb_packet_cleanup(&async->packet);
189 qemu_sglist_destroy(&async->sgl);
193 static void uhci_async_link(UHCIState *s, UHCIAsync *async)
195 QTAILQ_INSERT_HEAD(&s->async_pending, async, next);
198 static void uhci_async_unlink(UHCIState *s, UHCIAsync *async)
200 QTAILQ_REMOVE(&s->async_pending, async, next);
203 static void uhci_async_cancel(UHCIState *s, UHCIAsync *async)
205 DPRINTF("uhci: cancel td 0x%x token 0x%x done %u\n",
206 async->td, async->token, async->done);
209 usb_cancel_packet(&async->packet);
210 uhci_async_free(s, async);
214 * Mark all outstanding async packets as invalid.
215 * This is used for canceling them when TDs are removed by the HCD.
217 static UHCIAsync *uhci_async_validate_begin(UHCIState *s)
221 QTAILQ_FOREACH(async, &s->async_pending, next) {
228 * Cancel async packets that are no longer valid
230 static void uhci_async_validate_end(UHCIState *s)
234 QTAILQ_FOREACH_SAFE(curr, &s->async_pending, next, n) {
235 if (curr->valid > 0) {
238 uhci_async_unlink(s, curr);
239 uhci_async_cancel(s, curr);
243 static void uhci_async_cancel_device(UHCIState *s, USBDevice *dev)
247 QTAILQ_FOREACH_SAFE(curr, &s->async_pending, next, n) {
248 if (curr->packet.owner != dev) {
251 uhci_async_unlink(s, curr);
252 uhci_async_cancel(s, curr);
256 static void uhci_async_cancel_all(UHCIState *s)
260 QTAILQ_FOREACH_SAFE(curr, &s->async_pending, next, n) {
261 uhci_async_unlink(s, curr);
262 uhci_async_cancel(s, curr);
266 static UHCIAsync *uhci_async_find_td(UHCIState *s, uint32_t addr, uint32_t token)
269 UHCIAsync *match = NULL;
273 * We're looking for the best match here. ie both td addr and token.
274 * Otherwise we return last good match. ie just token.
275 * It's ok to match just token because it identifies the transaction
276 * rather well, token includes: device addr, endpoint, size, etc.
278 * Also since we queue async transactions in reverse order by returning
279 * last good match we restores the order.
281 * It's expected that we wont have a ton of outstanding transactions.
282 * If we ever do we'd want to optimize this algorithm.
285 QTAILQ_FOREACH(async, &s->async_pending, next) {
286 if (async->token == token) {
290 if (async->td == addr) {
299 fprintf(stderr, "uhci: warning lots of async transactions\n");
304 static void uhci_update_irq(UHCIState *s)
307 if (((s->status2 & 1) && (s->intr & (1 << 2))) ||
308 ((s->status2 & 2) && (s->intr & (1 << 3))) ||
309 ((s->status & UHCI_STS_USBERR) && (s->intr & (1 << 0))) ||
310 ((s->status & UHCI_STS_RD) && (s->intr & (1 << 1))) ||
311 (s->status & UHCI_STS_HSERR) ||
312 (s->status & UHCI_STS_HCPERR)) {
317 qemu_set_irq(s->dev.irq[3], level);
320 static void uhci_reset(void *opaque)
322 UHCIState *s = opaque;
327 DPRINTF("uhci: full reset\n");
329 pci_conf = s->dev.config;
331 pci_conf[0x6a] = 0x01; /* usb clock */
332 pci_conf[0x6b] = 0x00;
340 for(i = 0; i < NB_PORTS; i++) {
343 if (port->port.dev && port->port.dev->attached) {
344 usb_reset(&port->port);
348 uhci_async_cancel_all(s);
351 static void uhci_pre_save(void *opaque)
353 UHCIState *s = opaque;
355 uhci_async_cancel_all(s);
358 static const VMStateDescription vmstate_uhci_port = {
361 .minimum_version_id = 1,
362 .minimum_version_id_old = 1,
363 .fields = (VMStateField []) {
364 VMSTATE_UINT16(ctrl, UHCIPort),
365 VMSTATE_END_OF_LIST()
369 static const VMStateDescription vmstate_uhci = {
372 .minimum_version_id = 1,
373 .minimum_version_id_old = 1,
374 .pre_save = uhci_pre_save,
375 .fields = (VMStateField []) {
376 VMSTATE_PCI_DEVICE(dev, UHCIState),
377 VMSTATE_UINT8_EQUAL(num_ports_vmstate, UHCIState),
378 VMSTATE_STRUCT_ARRAY(ports, UHCIState, NB_PORTS, 1,
379 vmstate_uhci_port, UHCIPort),
380 VMSTATE_UINT16(cmd, UHCIState),
381 VMSTATE_UINT16(status, UHCIState),
382 VMSTATE_UINT16(intr, UHCIState),
383 VMSTATE_UINT16(frnum, UHCIState),
384 VMSTATE_UINT32(fl_base_addr, UHCIState),
385 VMSTATE_UINT8(sof_timing, UHCIState),
386 VMSTATE_UINT8(status2, UHCIState),
387 VMSTATE_TIMER(frame_timer, UHCIState),
388 VMSTATE_INT64_V(expire_time, UHCIState, 2),
389 VMSTATE_END_OF_LIST()
393 static void uhci_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
395 UHCIState *s = opaque;
405 static uint32_t uhci_ioport_readb(void *opaque, uint32_t addr)
407 UHCIState *s = opaque;
422 static void uhci_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
424 UHCIState *s = opaque;
427 DPRINTF("uhci: writew port=0x%04x val=0x%04x\n", addr, val);
431 if ((val & UHCI_CMD_RS) && !(s->cmd & UHCI_CMD_RS)) {
432 /* start frame processing */
433 s->expire_time = qemu_get_clock_ns(vm_clock) +
434 (get_ticks_per_sec() / FRAME_TIMER_FREQ);
435 qemu_mod_timer(s->frame_timer, qemu_get_clock_ns(vm_clock));
436 s->status &= ~UHCI_STS_HCHALTED;
437 } else if (!(val & UHCI_CMD_RS)) {
438 s->status |= UHCI_STS_HCHALTED;
440 if (val & UHCI_CMD_GRESET) {
445 /* send reset on the USB bus */
446 for(i = 0; i < NB_PORTS; i++) {
448 dev = port->port.dev;
449 if (dev && dev->attached) {
450 usb_send_msg(dev, USB_MSG_RESET);
456 if (val & UHCI_CMD_HCRESET) {
464 /* XXX: the chip spec is not coherent, so we add a hidden
465 register to distinguish between IOC and SPD */
466 if (val & UHCI_STS_USBINT)
475 if (s->status & UHCI_STS_HCHALTED)
476 s->frnum = val & 0x7ff;
488 dev = port->port.dev;
489 if (dev && dev->attached) {
491 if ( (val & UHCI_PORT_RESET) &&
492 !(port->ctrl & UHCI_PORT_RESET) ) {
493 usb_send_msg(dev, USB_MSG_RESET);
496 port->ctrl &= UHCI_PORT_READ_ONLY;
497 port->ctrl |= (val & ~UHCI_PORT_READ_ONLY);
498 /* some bits are reset when a '1' is written to them */
499 port->ctrl &= ~(val & UHCI_PORT_WRITE_CLEAR);
505 static uint32_t uhci_ioport_readw(void *opaque, uint32_t addr)
507 UHCIState *s = opaque;
537 val = 0xff7f; /* disabled port */
541 DPRINTF("uhci: readw port=0x%04x val=0x%04x\n", addr, val);
546 static void uhci_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
548 UHCIState *s = opaque;
551 DPRINTF("uhci: writel port=0x%04x val=0x%08x\n", addr, val);
555 s->fl_base_addr = val & ~0xfff;
560 static uint32_t uhci_ioport_readl(void *opaque, uint32_t addr)
562 UHCIState *s = opaque;
568 val = s->fl_base_addr;
577 /* signal resume if controller suspended */
578 static void uhci_resume (void *opaque)
580 UHCIState *s = (UHCIState *)opaque;
585 if (s->cmd & UHCI_CMD_EGSM) {
586 s->cmd |= UHCI_CMD_FGR;
587 s->status |= UHCI_STS_RD;
592 static void uhci_attach(USBPort *port1)
594 UHCIState *s = port1->opaque;
595 UHCIPort *port = &s->ports[port1->index];
597 /* set connect status */
598 port->ctrl |= UHCI_PORT_CCS | UHCI_PORT_CSC;
601 if (port->port.dev->speed == USB_SPEED_LOW) {
602 port->ctrl |= UHCI_PORT_LSDA;
604 port->ctrl &= ~UHCI_PORT_LSDA;
610 static void uhci_detach(USBPort *port1)
612 UHCIState *s = port1->opaque;
613 UHCIPort *port = &s->ports[port1->index];
615 uhci_async_cancel_device(s, port1->dev);
617 /* set connect status */
618 if (port->ctrl & UHCI_PORT_CCS) {
619 port->ctrl &= ~UHCI_PORT_CCS;
620 port->ctrl |= UHCI_PORT_CSC;
623 if (port->ctrl & UHCI_PORT_EN) {
624 port->ctrl &= ~UHCI_PORT_EN;
625 port->ctrl |= UHCI_PORT_ENC;
631 static void uhci_child_detach(USBPort *port1, USBDevice *child)
633 UHCIState *s = port1->opaque;
635 uhci_async_cancel_device(s, child);
638 static void uhci_wakeup(USBPort *port1)
640 UHCIState *s = port1->opaque;
641 UHCIPort *port = &s->ports[port1->index];
643 if (port->ctrl & UHCI_PORT_SUSPEND && !(port->ctrl & UHCI_PORT_RD)) {
644 port->ctrl |= UHCI_PORT_RD;
649 static int uhci_broadcast_packet(UHCIState *s, USBPacket *p)
653 DPRINTF("uhci: packet enter. pid %s addr 0x%02x ep %d len %zd\n",
654 pid2str(p->pid), p->devaddr, p->devep, p->iov.size);
655 if (p->pid == USB_TOKEN_OUT || p->pid == USB_TOKEN_SETUP)
659 for (i = 0; i < NB_PORTS && ret == USB_RET_NODEV; i++) {
660 UHCIPort *port = &s->ports[i];
661 USBDevice *dev = port->port.dev;
663 if (dev && dev->attached && (port->ctrl & UHCI_PORT_EN)) {
664 ret = usb_handle_packet(dev, p);
668 DPRINTF("uhci: packet exit. ret %d len %zd\n", ret, p->iov.size);
669 if (p->pid == USB_TOKEN_IN && ret > 0)
675 static void uhci_async_complete(USBPort *port, USBPacket *packet);
676 static void uhci_process_frame(UHCIState *s);
678 /* return -1 if fatal error (frame must be stopped)
680 1 if TD unsuccessful or inactive
682 static int uhci_complete_td(UHCIState *s, UHCI_TD *td, UHCIAsync *async, uint32_t *int_mask)
684 int len = 0, max_len, err, ret;
687 max_len = ((td->token >> 21) + 1) & 0x7ff;
688 pid = td->token & 0xff;
690 ret = async->packet.result;
692 if (td->ctrl & TD_CTRL_IOS)
693 td->ctrl &= ~TD_CTRL_ACTIVE;
698 len = async->packet.result;
699 td->ctrl = (td->ctrl & ~0x7ff) | ((len - 1) & 0x7ff);
701 /* The NAK bit may have been set by a previous frame, so clear it
702 here. The docs are somewhat unclear, but win2k relies on this
704 td->ctrl &= ~(TD_CTRL_ACTIVE | TD_CTRL_NAK);
705 if (td->ctrl & TD_CTRL_IOC)
708 if (pid == USB_TOKEN_IN) {
710 ret = USB_RET_BABBLE;
714 if ((td->ctrl & TD_CTRL_SPD) && len < max_len) {
716 /* short packet: do not update QH */
717 DPRINTF("uhci: short packet. td 0x%x token 0x%x\n", async->td, async->token);
728 td->ctrl |= TD_CTRL_STALL;
729 td->ctrl &= ~TD_CTRL_ACTIVE;
730 s->status |= UHCI_STS_USBERR;
731 if (td->ctrl & TD_CTRL_IOC) {
738 td->ctrl |= TD_CTRL_BABBLE | TD_CTRL_STALL;
739 td->ctrl &= ~TD_CTRL_ACTIVE;
740 s->status |= UHCI_STS_USBERR;
741 if (td->ctrl & TD_CTRL_IOC) {
745 /* frame interrupted */
749 td->ctrl |= TD_CTRL_NAK;
750 if (pid == USB_TOKEN_SETUP)
759 /* Retry the TD if error count is not zero */
761 td->ctrl |= TD_CTRL_TIMEOUT;
762 err = (td->ctrl >> TD_CTRL_ERROR_SHIFT) & 3;
766 td->ctrl &= ~TD_CTRL_ACTIVE;
767 s->status |= UHCI_STS_USBERR;
768 if (td->ctrl & TD_CTRL_IOC)
773 td->ctrl = (td->ctrl & ~(3 << TD_CTRL_ERROR_SHIFT)) |
774 (err << TD_CTRL_ERROR_SHIFT);
778 static int uhci_handle_td(UHCIState *s, uint32_t addr, UHCI_TD *td, uint32_t *int_mask)
781 int len = 0, max_len;
786 if (!(td->ctrl & TD_CTRL_ACTIVE))
789 /* token field is not unique for isochronous requests,
790 * so use the destination buffer
792 if (td->ctrl & TD_CTRL_IOS) {
800 async = uhci_async_find_td(s, addr, token);
802 /* Already submitted */
808 uhci_async_unlink(s, async);
812 /* Allocate new packet */
813 async = uhci_async_alloc(s);
817 /* valid needs to be large enough to handle 10 frame delay
818 * for initial isochronous requests
822 async->token = token;
825 max_len = ((td->token >> 21) + 1) & 0x7ff;
826 pid = td->token & 0xff;
828 usb_packet_setup(&async->packet, pid, (td->token >> 8) & 0x7f,
829 (td->token >> 15) & 0xf);
830 qemu_sglist_add(&async->sgl, td->buffer, max_len);
831 usb_packet_map(&async->packet, &async->sgl);
835 case USB_TOKEN_SETUP:
836 len = uhci_broadcast_packet(s, &async->packet);
842 len = uhci_broadcast_packet(s, &async->packet);
846 /* invalid pid : frame interrupted */
847 uhci_async_free(s, async);
848 s->status |= UHCI_STS_HCPERR;
853 if (len == USB_RET_ASYNC) {
854 uhci_async_link(s, async);
858 async->packet.result = len;
861 len = uhci_complete_td(s, td, async, int_mask);
862 usb_packet_unmap(&async->packet);
863 uhci_async_free(s, async);
867 static void uhci_async_complete(USBPort *port, USBPacket *packet)
869 UHCIAsync *async = container_of(packet, UHCIAsync, packet);
870 UHCIState *s = async->uhci;
872 DPRINTF("uhci: async complete. td 0x%x token 0x%x\n", async->td, async->token);
876 uint32_t link = async->td;
877 uint32_t int_mask = 0, val;
879 cpu_physical_memory_read(link & ~0xf, (uint8_t *) &td, sizeof(td));
880 le32_to_cpus(&td.link);
881 le32_to_cpus(&td.ctrl);
882 le32_to_cpus(&td.token);
883 le32_to_cpus(&td.buffer);
885 uhci_async_unlink(s, async);
886 uhci_complete_td(s, &td, async, &int_mask);
887 s->pending_int_mask |= int_mask;
889 /* update the status bits of the TD */
890 val = cpu_to_le32(td.ctrl);
891 cpu_physical_memory_write((link & ~0xf) + 4,
892 (const uint8_t *)&val, sizeof(val));
893 uhci_async_free(s, async);
896 uhci_process_frame(s);
900 static int is_valid(uint32_t link)
902 return (link & 1) == 0;
905 static int is_qh(uint32_t link)
907 return (link & 2) != 0;
910 static int depth_first(uint32_t link)
912 return (link & 4) != 0;
915 /* QH DB used for detecting QH loops */
916 #define UHCI_MAX_QUEUES 128
918 uint32_t addr[UHCI_MAX_QUEUES];
922 static void qhdb_reset(QhDb *db)
927 /* Add QH to DB. Returns 1 if already present or DB is full. */
928 static int qhdb_insert(QhDb *db, uint32_t addr)
931 for (i = 0; i < db->count; i++)
932 if (db->addr[i] == addr)
935 if (db->count >= UHCI_MAX_QUEUES)
938 db->addr[db->count++] = addr;
942 static void uhci_process_frame(UHCIState *s)
944 uint32_t frame_addr, link, old_td_ctrl, val, int_mask;
951 frame_addr = s->fl_base_addr + ((s->frnum & 0x3ff) << 2);
953 DPRINTF("uhci: processing frame %d addr 0x%x\n" , s->frnum, frame_addr);
955 cpu_physical_memory_read(frame_addr, (uint8_t *)&link, 4);
963 for (cnt = FRAME_MAX_LOOPS; is_valid(link) && cnt; cnt--) {
967 if (qhdb_insert(&qhdb, link)) {
969 * We're going in circles. Which is not a bug because
970 * HCD is allowed to do that as part of the BW management.
971 * In our case though it makes no sense to spin here. Sync transations
972 * are already done, and async completion handler will re-process
973 * the frame when something is ready.
975 DPRINTF("uhci: detected loop. qh 0x%x\n", link);
979 cpu_physical_memory_read(link & ~0xf, (uint8_t *) &qh, sizeof(qh));
980 le32_to_cpus(&qh.link);
981 le32_to_cpus(&qh.el_link);
983 DPRINTF("uhci: QH 0x%x load. link 0x%x elink 0x%x\n",
984 link, qh.link, qh.el_link);
986 if (!is_valid(qh.el_link)) {
987 /* QH w/o elements */
991 /* QH with elements */
999 cpu_physical_memory_read(link & ~0xf, (uint8_t *) &td, sizeof(td));
1000 le32_to_cpus(&td.link);
1001 le32_to_cpus(&td.ctrl);
1002 le32_to_cpus(&td.token);
1003 le32_to_cpus(&td.buffer);
1005 DPRINTF("uhci: TD 0x%x load. link 0x%x ctrl 0x%x token 0x%x qh 0x%x\n",
1006 link, td.link, td.ctrl, td.token, curr_qh);
1008 old_td_ctrl = td.ctrl;
1009 ret = uhci_handle_td(s, link, &td, &int_mask);
1010 if (old_td_ctrl != td.ctrl) {
1011 /* update the status bits of the TD */
1012 val = cpu_to_le32(td.ctrl);
1013 cpu_physical_memory_write((link & ~0xf) + 4,
1014 (const uint8_t *)&val, sizeof(val));
1018 /* interrupted frame */
1022 if (ret == 2 || ret == 1) {
1023 DPRINTF("uhci: TD 0x%x %s. link 0x%x ctrl 0x%x token 0x%x qh 0x%x\n",
1024 link, ret == 2 ? "pend" : "skip",
1025 td.link, td.ctrl, td.token, curr_qh);
1027 link = curr_qh ? qh.link : td.link;
1033 DPRINTF("uhci: TD 0x%x done. link 0x%x ctrl 0x%x token 0x%x qh 0x%x\n",
1034 link, td.link, td.ctrl, td.token, curr_qh);
1039 /* update QH element link */
1041 val = cpu_to_le32(qh.el_link);
1042 cpu_physical_memory_write((curr_qh & ~0xf) + 4,
1043 (const uint8_t *)&val, sizeof(val));
1045 if (!depth_first(link)) {
1046 /* done with this QH */
1048 DPRINTF("uhci: QH 0x%x done. link 0x%x elink 0x%x\n",
1049 curr_qh, qh.link, qh.el_link);
1056 /* go to the next entry */
1059 s->pending_int_mask |= int_mask;
1062 static void uhci_frame_timer(void *opaque)
1064 UHCIState *s = opaque;
1066 /* prepare the timer for the next frame */
1067 s->expire_time += (get_ticks_per_sec() / FRAME_TIMER_FREQ);
1069 if (!(s->cmd & UHCI_CMD_RS)) {
1071 qemu_del_timer(s->frame_timer);
1072 /* set hchalted bit in status - UHCI11D 2.1.2 */
1073 s->status |= UHCI_STS_HCHALTED;
1075 DPRINTF("uhci: halted\n");
1079 /* Complete the previous frame */
1080 if (s->pending_int_mask) {
1081 s->status2 |= s->pending_int_mask;
1082 s->status |= UHCI_STS_USBINT;
1085 s->pending_int_mask = 0;
1087 /* Start new frame */
1088 s->frnum = (s->frnum + 1) & 0x7ff;
1090 DPRINTF("uhci: new frame #%u\n" , s->frnum);
1092 uhci_async_validate_begin(s);
1094 uhci_process_frame(s);
1096 uhci_async_validate_end(s);
1098 qemu_mod_timer(s->frame_timer, s->expire_time);
1101 static const MemoryRegionPortio uhci_portio[] = {
1102 { 0, 32, 2, .write = uhci_ioport_writew, },
1103 { 0, 32, 2, .read = uhci_ioport_readw, },
1104 { 0, 32, 4, .write = uhci_ioport_writel, },
1105 { 0, 32, 4, .read = uhci_ioport_readl, },
1106 { 0, 32, 1, .write = uhci_ioport_writeb, },
1107 { 0, 32, 1, .read = uhci_ioport_readb, },
1108 PORTIO_END_OF_LIST()
1111 static const MemoryRegionOps uhci_ioport_ops = {
1112 .old_portio = uhci_portio,
1115 static USBPortOps uhci_port_ops = {
1116 .attach = uhci_attach,
1117 .detach = uhci_detach,
1118 .child_detach = uhci_child_detach,
1119 .wakeup = uhci_wakeup,
1120 .complete = uhci_async_complete,
1123 static USBBusOps uhci_bus_ops = {
1126 static int usb_uhci_common_initfn(PCIDevice *dev)
1128 UHCIState *s = DO_UPCAST(UHCIState, dev, dev);
1129 uint8_t *pci_conf = s->dev.config;
1132 pci_conf[PCI_CLASS_PROG] = 0x00;
1133 /* TODO: reset value should be 0. */
1134 pci_conf[PCI_INTERRUPT_PIN] = 4; /* interrupt pin D */
1135 pci_conf[USB_SBRN] = USB_RELEASE_1; // release number
1138 USBPort *ports[NB_PORTS];
1139 for(i = 0; i < NB_PORTS; i++) {
1140 ports[i] = &s->ports[i].port;
1142 if (usb_register_companion(s->masterbus, ports, NB_PORTS,
1143 s->firstport, s, &uhci_port_ops,
1144 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL) != 0) {
1148 usb_bus_new(&s->bus, &uhci_bus_ops, &s->dev.qdev);
1149 for (i = 0; i < NB_PORTS; i++) {
1150 usb_register_port(&s->bus, &s->ports[i].port, s, i, &uhci_port_ops,
1151 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL);
1154 s->frame_timer = qemu_new_timer_ns(vm_clock, uhci_frame_timer, s);
1155 s->num_ports_vmstate = NB_PORTS;
1156 QTAILQ_INIT(&s->async_pending);
1158 qemu_register_reset(uhci_reset, s);
1160 memory_region_init_io(&s->io_bar, &uhci_ioport_ops, s, "uhci", 0x20);
1161 /* Use region 4 for consistency with real hardware. BSD guests seem
1163 pci_register_bar(&s->dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
1168 static int usb_uhci_vt82c686b_initfn(PCIDevice *dev)
1170 UHCIState *s = DO_UPCAST(UHCIState, dev, dev);
1171 uint8_t *pci_conf = s->dev.config;
1173 /* USB misc control 1/2 */
1174 pci_set_long(pci_conf + 0x40,0x00001000);
1176 pci_set_long(pci_conf + 0x80,0x00020001);
1177 /* USB legacy support */
1178 pci_set_long(pci_conf + 0xc0,0x00002000);
1180 return usb_uhci_common_initfn(dev);
1183 static int usb_uhci_exit(PCIDevice *dev)
1185 UHCIState *s = DO_UPCAST(UHCIState, dev, dev);
1187 memory_region_destroy(&s->io_bar);
1191 static Property uhci_properties[] = {
1192 DEFINE_PROP_STRING("masterbus", UHCIState, masterbus),
1193 DEFINE_PROP_UINT32("firstport", UHCIState, firstport, 0),
1194 DEFINE_PROP_END_OF_LIST(),
1197 static PCIDeviceInfo uhci_info[] = {
1199 .qdev.name = "piix3-usb-uhci",
1200 .qdev.size = sizeof(UHCIState),
1201 .qdev.vmsd = &vmstate_uhci,
1202 .init = usb_uhci_common_initfn,
1203 .exit = usb_uhci_exit,
1204 .vendor_id = PCI_VENDOR_ID_INTEL,
1205 .device_id = PCI_DEVICE_ID_INTEL_82371SB_2,
1207 .class_id = PCI_CLASS_SERIAL_USB,
1208 .qdev.props = uhci_properties,
1210 .qdev.name = "piix4-usb-uhci",
1211 .qdev.size = sizeof(UHCIState),
1212 .qdev.vmsd = &vmstate_uhci,
1213 .init = usb_uhci_common_initfn,
1214 .exit = usb_uhci_exit,
1215 .vendor_id = PCI_VENDOR_ID_INTEL,
1216 .device_id = PCI_DEVICE_ID_INTEL_82371AB_2,
1218 .class_id = PCI_CLASS_SERIAL_USB,
1219 .qdev.props = uhci_properties,
1221 .qdev.name = "vt82c686b-usb-uhci",
1222 .qdev.size = sizeof(UHCIState),
1223 .qdev.vmsd = &vmstate_uhci,
1224 .init = usb_uhci_vt82c686b_initfn,
1225 .exit = usb_uhci_exit,
1226 .vendor_id = PCI_VENDOR_ID_VIA,
1227 .device_id = PCI_DEVICE_ID_VIA_UHCI,
1229 .class_id = PCI_CLASS_SERIAL_USB,
1230 .qdev.props = uhci_properties,
1232 .qdev.name = "ich9-usb-uhci1",
1233 .qdev.size = sizeof(UHCIState),
1234 .qdev.vmsd = &vmstate_uhci,
1235 .init = usb_uhci_common_initfn,
1236 .vendor_id = PCI_VENDOR_ID_INTEL,
1237 .device_id = PCI_DEVICE_ID_INTEL_82801I_UHCI1,
1239 .class_id = PCI_CLASS_SERIAL_USB,
1240 .qdev.props = uhci_properties,
1242 .qdev.name = "ich9-usb-uhci2",
1243 .qdev.size = sizeof(UHCIState),
1244 .qdev.vmsd = &vmstate_uhci,
1245 .init = usb_uhci_common_initfn,
1246 .vendor_id = PCI_VENDOR_ID_INTEL,
1247 .device_id = PCI_DEVICE_ID_INTEL_82801I_UHCI2,
1249 .class_id = PCI_CLASS_SERIAL_USB,
1250 .qdev.props = uhci_properties,
1252 .qdev.name = "ich9-usb-uhci3",
1253 .qdev.size = sizeof(UHCIState),
1254 .qdev.vmsd = &vmstate_uhci,
1255 .init = usb_uhci_common_initfn,
1256 .vendor_id = PCI_VENDOR_ID_INTEL,
1257 .device_id = PCI_DEVICE_ID_INTEL_82801I_UHCI3,
1259 .class_id = PCI_CLASS_SERIAL_USB,
1260 .qdev.props = uhci_properties,
1266 static void uhci_register(void)
1268 pci_qdev_register_many(uhci_info);
1270 device_init(uhci_register);
1272 void usb_uhci_piix3_init(PCIBus *bus, int devfn)
1274 pci_create_simple(bus, devfn, "piix3-usb-uhci");
1277 void usb_uhci_piix4_init(PCIBus *bus, int devfn)
1279 pci_create_simple(bus, devfn, "piix4-usb-uhci");
1282 void usb_uhci_vt82c686b_init(PCIBus *bus, int devfn)
1284 pci_create_simple(bus, devfn, "vt82c686b-usb-uhci");
projects / qemu.git / blob