2 * USB UHCI controller emulation
4 * Copyright (c) 2005 Fabrice Bellard
6 * Copyright (c) 2008 Max Krasnyansky
7 * Magor rewrite of the UHCI data structures parser and frame processor
8 * Support for fully async operation and multiple outstanding transactions
10 * Permission is hereby granted, free of charge, to any person obtaining a copy
11 * of this software and associated documentation files (the "Software"), to deal
12 * in the Software without restriction, including without limitation the rights
13 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
14 * copies of the Software, and to permit persons to whom the Software is
15 * furnished to do so, subject to the following conditions:
17 * The above copyright notice and this permission notice shall be included in
18 * all copies or substantial portions of the Software.
20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
23 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
25 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
31 #include "qemu-timer.h"
37 //#define DEBUG_DUMP_DATA
39 #define UHCI_CMD_FGR (1 << 4)
40 #define UHCI_CMD_EGSM (1 << 3)
41 #define UHCI_CMD_GRESET (1 << 2)
42 #define UHCI_CMD_HCRESET (1 << 1)
43 #define UHCI_CMD_RS (1 << 0)
45 #define UHCI_STS_HCHALTED (1 << 5)
46 #define UHCI_STS_HCPERR (1 << 4)
47 #define UHCI_STS_HSERR (1 << 3)
48 #define UHCI_STS_RD (1 << 2)
49 #define UHCI_STS_USBERR (1 << 1)
50 #define UHCI_STS_USBINT (1 << 0)
52 #define TD_CTRL_SPD (1 << 29)
53 #define TD_CTRL_ERROR_SHIFT 27
54 #define TD_CTRL_IOS (1 << 25)
55 #define TD_CTRL_IOC (1 << 24)
56 #define TD_CTRL_ACTIVE (1 << 23)
57 #define TD_CTRL_STALL (1 << 22)
58 #define TD_CTRL_BABBLE (1 << 20)
59 #define TD_CTRL_NAK (1 << 19)
60 #define TD_CTRL_TIMEOUT (1 << 18)
62 #define UHCI_PORT_SUSPEND (1 << 12)
63 #define UHCI_PORT_RESET (1 << 9)
64 #define UHCI_PORT_LSDA (1 << 8)
65 #define UHCI_PORT_RD (1 << 6)
66 #define UHCI_PORT_ENC (1 << 3)
67 #define UHCI_PORT_EN (1 << 2)
68 #define UHCI_PORT_CSC (1 << 1)
69 #define UHCI_PORT_CCS (1 << 0)
71 #define UHCI_PORT_READ_ONLY (0x1bb)
72 #define UHCI_PORT_WRITE_CLEAR (UHCI_PORT_CSC | UHCI_PORT_ENC)
74 #define FRAME_TIMER_FREQ 1000
76 #define FRAME_MAX_LOOPS 100
81 #define DPRINTF printf
83 static const char *pid2str(int pid)
86 case USB_TOKEN_SETUP: return "SETUP";
87 case USB_TOKEN_IN: return "IN";
88 case USB_TOKEN_OUT: return "OUT";
97 #ifdef DEBUG_DUMP_DATA
98 static void dump_data(USBPacket *p, int ret)
100 iov_hexdump(p->iov.iov, p->iov.niov, stderr, "uhci", ret);
103 static void dump_data(USBPacket *p, int ret) {}
106 typedef struct UHCIState UHCIState;
109 * Pending async transaction.
110 * 'packet' must be the first field because completion
111 * handler does "(UHCIAsync *) pkt" cast.
113 typedef struct UHCIAsync {
117 QTAILQ_ENTRY(UHCIAsync) next;
125 typedef struct UHCIPort {
132 USBBus bus; /* Note unused when we're a companion controller */
133 uint16_t cmd; /* cmd register */
135 uint16_t intr; /* interrupt enable register */
136 uint16_t frnum; /* frame number */
137 uint32_t fl_base_addr; /* frame list base address */
139 uint8_t status2; /* bit 0 and 1 are used to generate UHCI_STS_USBINT */
141 QEMUTimer *frame_timer;
142 UHCIPort ports[NB_PORTS];
144 /* Interrupts that should be raised at the end of the current frame. */
145 uint32_t pending_int_mask;
148 QTAILQ_HEAD(,UHCIAsync) async_pending;
149 uint8_t num_ports_vmstate;
156 typedef struct UHCI_TD {
158 uint32_t ctrl; /* see TD_CTRL_xxx */
163 typedef struct UHCI_QH {
168 static UHCIAsync *uhci_async_alloc(UHCIState *s)
170 UHCIAsync *async = qemu_malloc(sizeof(UHCIAsync));
172 memset(&async->packet, 0, sizeof(async->packet));
179 usb_packet_init(&async->packet);
180 qemu_sglist_init(&async->sgl, 1);
185 static void uhci_async_free(UHCIState *s, UHCIAsync *async)
187 usb_packet_cleanup(&async->packet);
188 qemu_sglist_destroy(&async->sgl);
192 static void uhci_async_link(UHCIState *s, UHCIAsync *async)
194 QTAILQ_INSERT_HEAD(&s->async_pending, async, next);
197 static void uhci_async_unlink(UHCIState *s, UHCIAsync *async)
199 QTAILQ_REMOVE(&s->async_pending, async, next);
202 static void uhci_async_cancel(UHCIState *s, UHCIAsync *async)
204 DPRINTF("uhci: cancel td 0x%x token 0x%x done %u\n",
205 async->td, async->token, async->done);
208 usb_cancel_packet(&async->packet);
209 uhci_async_free(s, async);
213 * Mark all outstanding async packets as invalid.
214 * This is used for canceling them when TDs are removed by the HCD.
216 static UHCIAsync *uhci_async_validate_begin(UHCIState *s)
220 QTAILQ_FOREACH(async, &s->async_pending, next) {
227 * Cancel async packets that are no longer valid
229 static void uhci_async_validate_end(UHCIState *s)
233 QTAILQ_FOREACH_SAFE(curr, &s->async_pending, next, n) {
234 if (curr->valid > 0) {
237 uhci_async_unlink(s, curr);
238 uhci_async_cancel(s, curr);
242 static void uhci_async_cancel_device(UHCIState *s, USBDevice *dev)
246 QTAILQ_FOREACH_SAFE(curr, &s->async_pending, next, n) {
247 if (curr->packet.owner != dev) {
250 uhci_async_unlink(s, curr);
251 uhci_async_cancel(s, curr);
255 static void uhci_async_cancel_all(UHCIState *s)
259 QTAILQ_FOREACH_SAFE(curr, &s->async_pending, next, n) {
260 uhci_async_unlink(s, curr);
261 uhci_async_cancel(s, curr);
265 static UHCIAsync *uhci_async_find_td(UHCIState *s, uint32_t addr, uint32_t token)
268 UHCIAsync *match = NULL;
272 * We're looking for the best match here. ie both td addr and token.
273 * Otherwise we return last good match. ie just token.
274 * It's ok to match just token because it identifies the transaction
275 * rather well, token includes: device addr, endpoint, size, etc.
277 * Also since we queue async transactions in reverse order by returning
278 * last good match we restores the order.
280 * It's expected that we wont have a ton of outstanding transactions.
281 * If we ever do we'd want to optimize this algorithm.
284 QTAILQ_FOREACH(async, &s->async_pending, next) {
285 if (async->token == token) {
289 if (async->td == addr) {
298 fprintf(stderr, "uhci: warning lots of async transactions\n");
303 static void uhci_update_irq(UHCIState *s)
306 if (((s->status2 & 1) && (s->intr & (1 << 2))) ||
307 ((s->status2 & 2) && (s->intr & (1 << 3))) ||
308 ((s->status & UHCI_STS_USBERR) && (s->intr & (1 << 0))) ||
309 ((s->status & UHCI_STS_RD) && (s->intr & (1 << 1))) ||
310 (s->status & UHCI_STS_HSERR) ||
311 (s->status & UHCI_STS_HCPERR)) {
316 qemu_set_irq(s->dev.irq[3], level);
319 static void uhci_reset(void *opaque)
321 UHCIState *s = opaque;
326 DPRINTF("uhci: full reset\n");
328 pci_conf = s->dev.config;
330 pci_conf[0x6a] = 0x01; /* usb clock */
331 pci_conf[0x6b] = 0x00;
339 for(i = 0; i < NB_PORTS; i++) {
342 if (port->port.dev) {
343 usb_attach(&port->port, port->port.dev);
347 uhci_async_cancel_all(s);
350 static void uhci_pre_save(void *opaque)
352 UHCIState *s = opaque;
354 uhci_async_cancel_all(s);
357 static const VMStateDescription vmstate_uhci_port = {
360 .minimum_version_id = 1,
361 .minimum_version_id_old = 1,
362 .fields = (VMStateField []) {
363 VMSTATE_UINT16(ctrl, UHCIPort),
364 VMSTATE_END_OF_LIST()
368 static const VMStateDescription vmstate_uhci = {
371 .minimum_version_id = 1,
372 .minimum_version_id_old = 1,
373 .pre_save = uhci_pre_save,
374 .fields = (VMStateField []) {
375 VMSTATE_PCI_DEVICE(dev, UHCIState),
376 VMSTATE_UINT8_EQUAL(num_ports_vmstate, UHCIState),
377 VMSTATE_STRUCT_ARRAY(ports, UHCIState, NB_PORTS, 1,
378 vmstate_uhci_port, UHCIPort),
379 VMSTATE_UINT16(cmd, UHCIState),
380 VMSTATE_UINT16(status, UHCIState),
381 VMSTATE_UINT16(intr, UHCIState),
382 VMSTATE_UINT16(frnum, UHCIState),
383 VMSTATE_UINT32(fl_base_addr, UHCIState),
384 VMSTATE_UINT8(sof_timing, UHCIState),
385 VMSTATE_UINT8(status2, UHCIState),
386 VMSTATE_TIMER(frame_timer, UHCIState),
387 VMSTATE_INT64_V(expire_time, UHCIState, 2),
388 VMSTATE_END_OF_LIST()
392 static void uhci_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
394 UHCIState *s = opaque;
404 static uint32_t uhci_ioport_readb(void *opaque, uint32_t addr)
406 UHCIState *s = opaque;
421 static void uhci_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
423 UHCIState *s = opaque;
426 DPRINTF("uhci: writew port=0x%04x val=0x%04x\n", addr, val);
430 if ((val & UHCI_CMD_RS) && !(s->cmd & UHCI_CMD_RS)) {
431 /* start frame processing */
432 s->expire_time = qemu_get_clock_ns(vm_clock) +
433 (get_ticks_per_sec() / FRAME_TIMER_FREQ);
434 qemu_mod_timer(s->frame_timer, qemu_get_clock_ns(vm_clock));
435 s->status &= ~UHCI_STS_HCHALTED;
436 } else if (!(val & UHCI_CMD_RS)) {
437 s->status |= UHCI_STS_HCHALTED;
439 if (val & UHCI_CMD_GRESET) {
444 /* send reset on the USB bus */
445 for(i = 0; i < NB_PORTS; i++) {
447 dev = port->port.dev;
449 usb_send_msg(dev, USB_MSG_RESET);
455 if (val & UHCI_CMD_HCRESET) {
463 /* XXX: the chip spec is not coherent, so we add a hidden
464 register to distinguish between IOC and SPD */
465 if (val & UHCI_STS_USBINT)
474 if (s->status & UHCI_STS_HCHALTED)
475 s->frnum = val & 0x7ff;
487 dev = port->port.dev;
490 if ( (val & UHCI_PORT_RESET) &&
491 !(port->ctrl & UHCI_PORT_RESET) ) {
492 usb_send_msg(dev, USB_MSG_RESET);
495 port->ctrl &= UHCI_PORT_READ_ONLY;
496 port->ctrl |= (val & ~UHCI_PORT_READ_ONLY);
497 /* some bits are reset when a '1' is written to them */
498 port->ctrl &= ~(val & UHCI_PORT_WRITE_CLEAR);
504 static uint32_t uhci_ioport_readw(void *opaque, uint32_t addr)
506 UHCIState *s = opaque;
536 val = 0xff7f; /* disabled port */
540 DPRINTF("uhci: readw port=0x%04x val=0x%04x\n", addr, val);
545 static void uhci_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
547 UHCIState *s = opaque;
550 DPRINTF("uhci: writel port=0x%04x val=0x%08x\n", addr, val);
554 s->fl_base_addr = val & ~0xfff;
559 static uint32_t uhci_ioport_readl(void *opaque, uint32_t addr)
561 UHCIState *s = opaque;
567 val = s->fl_base_addr;
576 /* signal resume if controller suspended */
577 static void uhci_resume (void *opaque)
579 UHCIState *s = (UHCIState *)opaque;
584 if (s->cmd & UHCI_CMD_EGSM) {
585 s->cmd |= UHCI_CMD_FGR;
586 s->status |= UHCI_STS_RD;
591 static void uhci_attach(USBPort *port1)
593 UHCIState *s = port1->opaque;
594 UHCIPort *port = &s->ports[port1->index];
596 /* set connect status */
597 port->ctrl |= UHCI_PORT_CCS | UHCI_PORT_CSC;
600 if (port->port.dev->speed == USB_SPEED_LOW) {
601 port->ctrl |= UHCI_PORT_LSDA;
603 port->ctrl &= ~UHCI_PORT_LSDA;
609 static void uhci_detach(USBPort *port1)
611 UHCIState *s = port1->opaque;
612 UHCIPort *port = &s->ports[port1->index];
614 uhci_async_cancel_device(s, port1->dev);
616 /* set connect status */
617 if (port->ctrl & UHCI_PORT_CCS) {
618 port->ctrl &= ~UHCI_PORT_CCS;
619 port->ctrl |= UHCI_PORT_CSC;
622 if (port->ctrl & UHCI_PORT_EN) {
623 port->ctrl &= ~UHCI_PORT_EN;
624 port->ctrl |= UHCI_PORT_ENC;
630 static void uhci_child_detach(USBPort *port1, USBDevice *child)
632 UHCIState *s = port1->opaque;
634 uhci_async_cancel_device(s, child);
637 static void uhci_wakeup(USBPort *port1)
639 UHCIState *s = port1->opaque;
640 UHCIPort *port = &s->ports[port1->index];
642 if (port->ctrl & UHCI_PORT_SUSPEND && !(port->ctrl & UHCI_PORT_RD)) {
643 port->ctrl |= UHCI_PORT_RD;
648 static int uhci_broadcast_packet(UHCIState *s, USBPacket *p)
652 DPRINTF("uhci: packet enter. pid %s addr 0x%02x ep %d len %zd\n",
653 pid2str(p->pid), p->devaddr, p->devep, p->iov.size);
654 if (p->pid == USB_TOKEN_OUT || p->pid == USB_TOKEN_SETUP)
658 for (i = 0; i < NB_PORTS && ret == USB_RET_NODEV; i++) {
659 UHCIPort *port = &s->ports[i];
660 USBDevice *dev = port->port.dev;
662 if (dev && (port->ctrl & UHCI_PORT_EN))
663 ret = usb_handle_packet(dev, p);
666 DPRINTF("uhci: packet exit. ret %d len %zd\n", ret, p->iov.size);
667 if (p->pid == USB_TOKEN_IN && ret > 0)
673 static void uhci_async_complete(USBPort *port, USBPacket *packet);
674 static void uhci_process_frame(UHCIState *s);
676 /* return -1 if fatal error (frame must be stopped)
678 1 if TD unsuccessful or inactive
680 static int uhci_complete_td(UHCIState *s, UHCI_TD *td, UHCIAsync *async, uint32_t *int_mask)
682 int len = 0, max_len, err, ret;
685 max_len = ((td->token >> 21) + 1) & 0x7ff;
686 pid = td->token & 0xff;
688 ret = async->packet.result;
690 if (td->ctrl & TD_CTRL_IOS)
691 td->ctrl &= ~TD_CTRL_ACTIVE;
696 len = async->packet.result;
697 td->ctrl = (td->ctrl & ~0x7ff) | ((len - 1) & 0x7ff);
699 /* The NAK bit may have been set by a previous frame, so clear it
700 here. The docs are somewhat unclear, but win2k relies on this
702 td->ctrl &= ~(TD_CTRL_ACTIVE | TD_CTRL_NAK);
703 if (td->ctrl & TD_CTRL_IOC)
706 if (pid == USB_TOKEN_IN) {
708 ret = USB_RET_BABBLE;
712 if ((td->ctrl & TD_CTRL_SPD) && len < max_len) {
714 /* short packet: do not update QH */
715 DPRINTF("uhci: short packet. td 0x%x token 0x%x\n", async->td, async->token);
726 td->ctrl |= TD_CTRL_STALL;
727 td->ctrl &= ~TD_CTRL_ACTIVE;
728 s->status |= UHCI_STS_USBERR;
729 if (td->ctrl & TD_CTRL_IOC) {
736 td->ctrl |= TD_CTRL_BABBLE | TD_CTRL_STALL;
737 td->ctrl &= ~TD_CTRL_ACTIVE;
738 s->status |= UHCI_STS_USBERR;
739 if (td->ctrl & TD_CTRL_IOC) {
743 /* frame interrupted */
747 td->ctrl |= TD_CTRL_NAK;
748 if (pid == USB_TOKEN_SETUP)
757 /* Retry the TD if error count is not zero */
759 td->ctrl |= TD_CTRL_TIMEOUT;
760 err = (td->ctrl >> TD_CTRL_ERROR_SHIFT) & 3;
764 td->ctrl &= ~TD_CTRL_ACTIVE;
765 s->status |= UHCI_STS_USBERR;
766 if (td->ctrl & TD_CTRL_IOC)
771 td->ctrl = (td->ctrl & ~(3 << TD_CTRL_ERROR_SHIFT)) |
772 (err << TD_CTRL_ERROR_SHIFT);
776 static int uhci_handle_td(UHCIState *s, uint32_t addr, UHCI_TD *td, uint32_t *int_mask)
779 int len = 0, max_len;
784 if (!(td->ctrl & TD_CTRL_ACTIVE))
787 /* token field is not unique for isochronous requests,
788 * so use the destination buffer
790 if (td->ctrl & TD_CTRL_IOS) {
798 async = uhci_async_find_td(s, addr, token);
800 /* Already submitted */
806 uhci_async_unlink(s, async);
810 /* Allocate new packet */
811 async = uhci_async_alloc(s);
815 /* valid needs to be large enough to handle 10 frame delay
816 * for initial isochronous requests
820 async->token = token;
823 max_len = ((td->token >> 21) + 1) & 0x7ff;
824 pid = td->token & 0xff;
826 usb_packet_setup(&async->packet, pid, (td->token >> 8) & 0x7f,
827 (td->token >> 15) & 0xf);
828 qemu_sglist_add(&async->sgl, td->buffer, max_len);
829 usb_packet_map(&async->packet, &async->sgl);
833 case USB_TOKEN_SETUP:
834 len = uhci_broadcast_packet(s, &async->packet);
840 len = uhci_broadcast_packet(s, &async->packet);
844 /* invalid pid : frame interrupted */
845 uhci_async_free(s, async);
846 s->status |= UHCI_STS_HCPERR;
851 if (len == USB_RET_ASYNC) {
852 uhci_async_link(s, async);
856 async->packet.result = len;
859 len = uhci_complete_td(s, td, async, int_mask);
860 usb_packet_unmap(&async->packet);
861 uhci_async_free(s, async);
865 static void uhci_async_complete(USBPort *port, USBPacket *packet)
867 UHCIAsync *async = container_of(packet, UHCIAsync, packet);
868 UHCIState *s = async->uhci;
870 DPRINTF("uhci: async complete. td 0x%x token 0x%x\n", async->td, async->token);
874 uint32_t link = async->td;
875 uint32_t int_mask = 0, val;
877 cpu_physical_memory_read(link & ~0xf, (uint8_t *) &td, sizeof(td));
878 le32_to_cpus(&td.link);
879 le32_to_cpus(&td.ctrl);
880 le32_to_cpus(&td.token);
881 le32_to_cpus(&td.buffer);
883 uhci_async_unlink(s, async);
884 uhci_complete_td(s, &td, async, &int_mask);
885 s->pending_int_mask |= int_mask;
887 /* update the status bits of the TD */
888 val = cpu_to_le32(td.ctrl);
889 cpu_physical_memory_write((link & ~0xf) + 4,
890 (const uint8_t *)&val, sizeof(val));
891 uhci_async_free(s, async);
894 uhci_process_frame(s);
898 static int is_valid(uint32_t link)
900 return (link & 1) == 0;
903 static int is_qh(uint32_t link)
905 return (link & 2) != 0;
908 static int depth_first(uint32_t link)
910 return (link & 4) != 0;
913 /* QH DB used for detecting QH loops */
914 #define UHCI_MAX_QUEUES 128
916 uint32_t addr[UHCI_MAX_QUEUES];
920 static void qhdb_reset(QhDb *db)
925 /* Add QH to DB. Returns 1 if already present or DB is full. */
926 static int qhdb_insert(QhDb *db, uint32_t addr)
929 for (i = 0; i < db->count; i++)
930 if (db->addr[i] == addr)
933 if (db->count >= UHCI_MAX_QUEUES)
936 db->addr[db->count++] = addr;
940 static void uhci_process_frame(UHCIState *s)
942 uint32_t frame_addr, link, old_td_ctrl, val, int_mask;
949 frame_addr = s->fl_base_addr + ((s->frnum & 0x3ff) << 2);
951 DPRINTF("uhci: processing frame %d addr 0x%x\n" , s->frnum, frame_addr);
953 cpu_physical_memory_read(frame_addr, (uint8_t *)&link, 4);
961 for (cnt = FRAME_MAX_LOOPS; is_valid(link) && cnt; cnt--) {
965 if (qhdb_insert(&qhdb, link)) {
967 * We're going in circles. Which is not a bug because
968 * HCD is allowed to do that as part of the BW management.
969 * In our case though it makes no sense to spin here. Sync transations
970 * are already done, and async completion handler will re-process
971 * the frame when something is ready.
973 DPRINTF("uhci: detected loop. qh 0x%x\n", link);
977 cpu_physical_memory_read(link & ~0xf, (uint8_t *) &qh, sizeof(qh));
978 le32_to_cpus(&qh.link);
979 le32_to_cpus(&qh.el_link);
981 DPRINTF("uhci: QH 0x%x load. link 0x%x elink 0x%x\n",
982 link, qh.link, qh.el_link);
984 if (!is_valid(qh.el_link)) {
985 /* QH w/o elements */
989 /* QH with elements */
997 cpu_physical_memory_read(link & ~0xf, (uint8_t *) &td, sizeof(td));
998 le32_to_cpus(&td.link);
999 le32_to_cpus(&td.ctrl);
1000 le32_to_cpus(&td.token);
1001 le32_to_cpus(&td.buffer);
1003 DPRINTF("uhci: TD 0x%x load. link 0x%x ctrl 0x%x token 0x%x qh 0x%x\n",
1004 link, td.link, td.ctrl, td.token, curr_qh);
1006 old_td_ctrl = td.ctrl;
1007 ret = uhci_handle_td(s, link, &td, &int_mask);
1008 if (old_td_ctrl != td.ctrl) {
1009 /* update the status bits of the TD */
1010 val = cpu_to_le32(td.ctrl);
1011 cpu_physical_memory_write((link & ~0xf) + 4,
1012 (const uint8_t *)&val, sizeof(val));
1016 /* interrupted frame */
1020 if (ret == 2 || ret == 1) {
1021 DPRINTF("uhci: TD 0x%x %s. link 0x%x ctrl 0x%x token 0x%x qh 0x%x\n",
1022 link, ret == 2 ? "pend" : "skip",
1023 td.link, td.ctrl, td.token, curr_qh);
1025 link = curr_qh ? qh.link : td.link;
1031 DPRINTF("uhci: TD 0x%x done. link 0x%x ctrl 0x%x token 0x%x qh 0x%x\n",
1032 link, td.link, td.ctrl, td.token, curr_qh);
1037 /* update QH element link */
1039 val = cpu_to_le32(qh.el_link);
1040 cpu_physical_memory_write((curr_qh & ~0xf) + 4,
1041 (const uint8_t *)&val, sizeof(val));
1043 if (!depth_first(link)) {
1044 /* done with this QH */
1046 DPRINTF("uhci: QH 0x%x done. link 0x%x elink 0x%x\n",
1047 curr_qh, qh.link, qh.el_link);
1054 /* go to the next entry */
1057 s->pending_int_mask |= int_mask;
1060 static void uhci_frame_timer(void *opaque)
1062 UHCIState *s = opaque;
1064 /* prepare the timer for the next frame */
1065 s->expire_time += (get_ticks_per_sec() / FRAME_TIMER_FREQ);
1067 if (!(s->cmd & UHCI_CMD_RS)) {
1069 qemu_del_timer(s->frame_timer);
1070 /* set hchalted bit in status - UHCI11D 2.1.2 */
1071 s->status |= UHCI_STS_HCHALTED;
1073 DPRINTF("uhci: halted\n");
1077 /* Complete the previous frame */
1078 if (s->pending_int_mask) {
1079 s->status2 |= s->pending_int_mask;
1080 s->status |= UHCI_STS_USBINT;
1083 s->pending_int_mask = 0;
1085 /* Start new frame */
1086 s->frnum = (s->frnum + 1) & 0x7ff;
1088 DPRINTF("uhci: new frame #%u\n" , s->frnum);
1090 uhci_async_validate_begin(s);
1092 uhci_process_frame(s);
1094 uhci_async_validate_end(s);
1096 qemu_mod_timer(s->frame_timer, s->expire_time);
1099 static void uhci_map(PCIDevice *pci_dev, int region_num,
1100 pcibus_t addr, pcibus_t size, int type)
1102 UHCIState *s = (UHCIState *)pci_dev;
1104 register_ioport_write(addr, 32, 2, uhci_ioport_writew, s);
1105 register_ioport_read(addr, 32, 2, uhci_ioport_readw, s);
1106 register_ioport_write(addr, 32, 4, uhci_ioport_writel, s);
1107 register_ioport_read(addr, 32, 4, uhci_ioport_readl, s);
1108 register_ioport_write(addr, 32, 1, uhci_ioport_writeb, s);
1109 register_ioport_read(addr, 32, 1, uhci_ioport_readb, s);
1112 static USBPortOps uhci_port_ops = {
1113 .attach = uhci_attach,
1114 .detach = uhci_detach,
1115 .child_detach = uhci_child_detach,
1116 .wakeup = uhci_wakeup,
1117 .complete = uhci_async_complete,
1120 static USBBusOps uhci_bus_ops = {
1123 static int usb_uhci_common_initfn(PCIDevice *dev)
1125 UHCIState *s = DO_UPCAST(UHCIState, dev, dev);
1126 uint8_t *pci_conf = s->dev.config;
1129 pci_conf[PCI_CLASS_PROG] = 0x00;
1130 /* TODO: reset value should be 0. */
1131 pci_conf[PCI_INTERRUPT_PIN] = 4; // interrupt pin 3
1132 pci_conf[USB_SBRN] = USB_RELEASE_1; // release number
1135 USBPort *ports[NB_PORTS];
1136 for(i = 0; i < NB_PORTS; i++) {
1137 ports[i] = &s->ports[i].port;
1139 if (usb_register_companion(s->masterbus, ports, NB_PORTS,
1140 s->firstport, s, &uhci_port_ops,
1141 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL) != 0) {
1145 usb_bus_new(&s->bus, &uhci_bus_ops, &s->dev.qdev);
1146 for (i = 0; i < NB_PORTS; i++) {
1147 usb_register_port(&s->bus, &s->ports[i].port, s, i, &uhci_port_ops,
1148 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL);
1151 s->frame_timer = qemu_new_timer_ns(vm_clock, uhci_frame_timer, s);
1152 s->num_ports_vmstate = NB_PORTS;
1153 QTAILQ_INIT(&s->async_pending);
1155 qemu_register_reset(uhci_reset, s);
1157 /* Use region 4 for consistency with real hardware. BSD guests seem
1159 pci_register_bar(&s->dev, 4, 0x20,
1160 PCI_BASE_ADDRESS_SPACE_IO, uhci_map);
1165 static int usb_uhci_vt82c686b_initfn(PCIDevice *dev)
1167 UHCIState *s = DO_UPCAST(UHCIState, dev, dev);
1168 uint8_t *pci_conf = s->dev.config;
1170 /* USB misc control 1/2 */
1171 pci_set_long(pci_conf + 0x40,0x00001000);
1173 pci_set_long(pci_conf + 0x80,0x00020001);
1174 /* USB legacy support */
1175 pci_set_long(pci_conf + 0xc0,0x00002000);
1177 return usb_uhci_common_initfn(dev);
1180 static Property uhci_properties[] = {
1181 DEFINE_PROP_STRING("masterbus", UHCIState, masterbus),
1182 DEFINE_PROP_UINT32("firstport", UHCIState, firstport, 0),
1183 DEFINE_PROP_END_OF_LIST(),
1186 static PCIDeviceInfo uhci_info[] = {
1188 .qdev.name = "piix3-usb-uhci",
1189 .qdev.size = sizeof(UHCIState),
1190 .qdev.vmsd = &vmstate_uhci,
1191 .init = usb_uhci_common_initfn,
1192 .vendor_id = PCI_VENDOR_ID_INTEL,
1193 .device_id = PCI_DEVICE_ID_INTEL_82371SB_2,
1195 .class_id = PCI_CLASS_SERIAL_USB,
1196 .qdev.props = uhci_properties,
1198 .qdev.name = "piix4-usb-uhci",
1199 .qdev.size = sizeof(UHCIState),
1200 .qdev.vmsd = &vmstate_uhci,
1201 .init = usb_uhci_common_initfn,
1202 .vendor_id = PCI_VENDOR_ID_INTEL,
1203 .device_id = PCI_DEVICE_ID_INTEL_82371AB_2,
1205 .class_id = PCI_CLASS_SERIAL_USB,
1206 .qdev.props = uhci_properties,
1208 .qdev.name = "vt82c686b-usb-uhci",
1209 .qdev.size = sizeof(UHCIState),
1210 .qdev.vmsd = &vmstate_uhci,
1211 .init = usb_uhci_vt82c686b_initfn,
1212 .vendor_id = PCI_VENDOR_ID_VIA,
1213 .device_id = PCI_DEVICE_ID_VIA_UHCI,
1215 .class_id = PCI_CLASS_SERIAL_USB,
1216 .qdev.props = uhci_properties,
1218 .qdev.name = "ich9-usb-uhci1",
1219 .qdev.size = sizeof(UHCIState),
1220 .qdev.vmsd = &vmstate_uhci,
1221 .init = usb_uhci_common_initfn,
1222 .vendor_id = PCI_VENDOR_ID_INTEL,
1223 .device_id = PCI_DEVICE_ID_INTEL_82801I_UHCI1,
1225 .class_id = PCI_CLASS_SERIAL_USB,
1226 .qdev.props = uhci_properties,
1228 .qdev.name = "ich9-usb-uhci2",
1229 .qdev.size = sizeof(UHCIState),
1230 .qdev.vmsd = &vmstate_uhci,
1231 .init = usb_uhci_common_initfn,
1232 .vendor_id = PCI_VENDOR_ID_INTEL,
1233 .device_id = PCI_DEVICE_ID_INTEL_82801I_UHCI2,
1235 .class_id = PCI_CLASS_SERIAL_USB,
1236 .qdev.props = uhci_properties,
1238 .qdev.name = "ich9-usb-uhci3",
1239 .qdev.size = sizeof(UHCIState),
1240 .qdev.vmsd = &vmstate_uhci,
1241 .init = usb_uhci_common_initfn,
1242 .vendor_id = PCI_VENDOR_ID_INTEL,
1243 .device_id = PCI_DEVICE_ID_INTEL_82801I_UHCI3,
1245 .class_id = PCI_CLASS_SERIAL_USB,
1246 .qdev.props = uhci_properties,
1252 static void uhci_register(void)
1254 pci_qdev_register_many(uhci_info);
1256 device_init(uhci_register);
1258 void usb_uhci_piix3_init(PCIBus *bus, int devfn)
1260 pci_create_simple(bus, devfn, "piix3-usb-uhci");
1263 void usb_uhci_piix4_init(PCIBus *bus, int devfn)
1265 pci_create_simple(bus, devfn, "piix4-usb-uhci");
1268 void usb_uhci_vt82c686b_init(PCIBus *bus, int devfn)
1270 pci_create_simple(bus, devfn, "vt82c686b-usb-uhci");
projects / qemu.git / blob