2 * USB UHCI controller emulation
4 * Copyright (c) 2005 Fabrice Bellard
6 * Copyright (c) 2008 Max Krasnyansky
7 * Magor rewrite of the UHCI data structures parser and frame processor
8 * Support for fully async operation and multiple outstanding transactions
10 * Permission is hereby granted, free of charge, to any person obtaining a copy
11 * of this software and associated documentation files (the "Software"), to deal
12 * in the Software without restriction, including without limitation the rights
13 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
14 * copies of the Software, and to permit persons to whom the Software is
15 * furnished to do so, subject to the following conditions:
17 * The above copyright notice and this permission notice shall be included in
18 * all copies or substantial portions of the Software.
20 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
21 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
23 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
24 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
25 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
31 #include "qemu-timer.h"
35 //#define DEBUG_DUMP_DATA
37 #define UHCI_CMD_FGR (1 << 4)
38 #define UHCI_CMD_EGSM (1 << 3)
39 #define UHCI_CMD_GRESET (1 << 2)
40 #define UHCI_CMD_HCRESET (1 << 1)
41 #define UHCI_CMD_RS (1 << 0)
43 #define UHCI_STS_HCHALTED (1 << 5)
44 #define UHCI_STS_HCPERR (1 << 4)
45 #define UHCI_STS_HSERR (1 << 3)
46 #define UHCI_STS_RD (1 << 2)
47 #define UHCI_STS_USBERR (1 << 1)
48 #define UHCI_STS_USBINT (1 << 0)
50 #define TD_CTRL_SPD (1 << 29)
51 #define TD_CTRL_ERROR_SHIFT 27
52 #define TD_CTRL_IOS (1 << 25)
53 #define TD_CTRL_IOC (1 << 24)
54 #define TD_CTRL_ACTIVE (1 << 23)
55 #define TD_CTRL_STALL (1 << 22)
56 #define TD_CTRL_BABBLE (1 << 20)
57 #define TD_CTRL_NAK (1 << 19)
58 #define TD_CTRL_TIMEOUT (1 << 18)
60 #define UHCI_PORT_RESET (1 << 9)
61 #define UHCI_PORT_LSDA (1 << 8)
62 #define UHCI_PORT_ENC (1 << 3)
63 #define UHCI_PORT_EN (1 << 2)
64 #define UHCI_PORT_CSC (1 << 1)
65 #define UHCI_PORT_CCS (1 << 0)
67 #define FRAME_TIMER_FREQ 1000
69 #define FRAME_MAX_LOOPS 100
74 #define DPRINTF printf
76 static const char *pid2str(int pid)
79 case USB_TOKEN_SETUP: return "SETUP";
80 case USB_TOKEN_IN: return "IN";
81 case USB_TOKEN_OUT: return "OUT";
90 #ifdef DEBUG_DUMP_DATA
91 static void dump_data(const uint8_t *data, int len)
95 printf("uhci: data: ");
96 for(i = 0; i < len; i++)
97 printf(" %02x", data[i]);
101 static void dump_data(const uint8_t *data, int len) {}
105 * Pending async transaction.
106 * 'packet' must be the first field because completion
107 * handler does "(UHCIAsync *) pkt" cast.
109 typedef struct UHCIAsync {
111 struct UHCIAsync *next;
117 uint8_t buffer[2048];
120 typedef struct UHCIPort {
125 typedef struct UHCIState {
128 uint16_t cmd; /* cmd register */
130 uint16_t intr; /* interrupt enable register */
131 uint16_t frnum; /* frame number */
132 uint32_t fl_base_addr; /* frame list base address */
134 uint8_t status2; /* bit 0 and 1 are used to generate UHCI_STS_USBINT */
136 QEMUTimer *frame_timer;
137 UHCIPort ports[NB_PORTS];
139 /* Interrupts that should be raised at the end of the current frame. */
140 uint32_t pending_int_mask;
143 UHCIAsync *async_pending;
144 UHCIAsync *async_pool;
145 uint8_t num_ports_vmstate;
148 typedef struct UHCI_TD {
150 uint32_t ctrl; /* see TD_CTRL_xxx */
155 typedef struct UHCI_QH {
160 static UHCIAsync *uhci_async_alloc(UHCIState *s)
162 UHCIAsync *async = qemu_malloc(sizeof(UHCIAsync));
164 memset(&async->packet, 0, sizeof(async->packet));
175 static void uhci_async_free(UHCIState *s, UHCIAsync *async)
180 static void uhci_async_link(UHCIState *s, UHCIAsync *async)
182 async->next = s->async_pending;
183 s->async_pending = async;
186 static void uhci_async_unlink(UHCIState *s, UHCIAsync *async)
188 UHCIAsync *curr = s->async_pending;
189 UHCIAsync **prev = &s->async_pending;
202 static void uhci_async_cancel(UHCIState *s, UHCIAsync *async)
204 DPRINTF("uhci: cancel td 0x%x token 0x%x done %u\n",
205 async->td, async->token, async->done);
208 usb_cancel_packet(&async->packet);
209 uhci_async_free(s, async);
213 * Mark all outstanding async packets as invalid.
214 * This is used for canceling them when TDs are removed by the HCD.
216 static UHCIAsync *uhci_async_validate_begin(UHCIState *s)
218 UHCIAsync *async = s->async_pending;
228 * Cancel async packets that are no longer valid
230 static void uhci_async_validate_end(UHCIState *s)
232 UHCIAsync *curr = s->async_pending;
233 UHCIAsync **prev = &s->async_pending;
237 if (curr->valid > 0) {
248 uhci_async_cancel(s, curr);
254 static void uhci_async_cancel_all(UHCIState *s)
256 UHCIAsync *curr = s->async_pending;
262 uhci_async_cancel(s, curr);
267 s->async_pending = NULL;
270 static UHCIAsync *uhci_async_find_td(UHCIState *s, uint32_t addr, uint32_t token)
272 UHCIAsync *async = s->async_pending;
273 UHCIAsync *match = NULL;
277 * We're looking for the best match here. ie both td addr and token.
278 * Otherwise we return last good match. ie just token.
279 * It's ok to match just token because it identifies the transaction
280 * rather well, token includes: device addr, endpoint, size, etc.
282 * Also since we queue async transactions in reverse order by returning
283 * last good match we restores the order.
285 * It's expected that we wont have a ton of outstanding transactions.
286 * If we ever do we'd want to optimize this algorithm.
290 if (async->token == token) {
294 if (async->td == addr) {
305 fprintf(stderr, "uhci: warning lots of async transactions\n");
310 static void uhci_attach(USBPort *port1, USBDevice *dev);
312 static void uhci_update_irq(UHCIState *s)
315 if (((s->status2 & 1) && (s->intr & (1 << 2))) ||
316 ((s->status2 & 2) && (s->intr & (1 << 3))) ||
317 ((s->status & UHCI_STS_USBERR) && (s->intr & (1 << 0))) ||
318 ((s->status & UHCI_STS_RD) && (s->intr & (1 << 1))) ||
319 (s->status & UHCI_STS_HSERR) ||
320 (s->status & UHCI_STS_HCPERR)) {
325 qemu_set_irq(s->dev.irq[3], level);
328 static void uhci_reset(void *opaque)
330 UHCIState *s = opaque;
335 DPRINTF("uhci: full reset\n");
337 pci_conf = s->dev.config;
339 pci_conf[0x6a] = 0x01; /* usb clock */
340 pci_conf[0x6b] = 0x00;
348 for(i = 0; i < NB_PORTS; i++) {
352 uhci_attach(&port->port, port->port.dev);
355 uhci_async_cancel_all(s);
358 static void uhci_pre_save(void *opaque)
360 UHCIState *s = opaque;
362 uhci_async_cancel_all(s);
365 static const VMStateDescription vmstate_uhci_port = {
368 .minimum_version_id = 1,
369 .minimum_version_id_old = 1,
370 .fields = (VMStateField []) {
371 VMSTATE_UINT16(ctrl, UHCIPort),
372 VMSTATE_END_OF_LIST()
376 static const VMStateDescription vmstate_uhci = {
379 .minimum_version_id = 1,
380 .minimum_version_id_old = 1,
381 .pre_save = uhci_pre_save,
382 .fields = (VMStateField []) {
383 VMSTATE_PCI_DEVICE(dev, UHCIState),
384 VMSTATE_UINT8_EQUAL(num_ports_vmstate, UHCIState),
385 VMSTATE_STRUCT_ARRAY(ports, UHCIState, NB_PORTS, 1,
386 vmstate_uhci_port, UHCIPort),
387 VMSTATE_UINT16(cmd, UHCIState),
388 VMSTATE_UINT16(status, UHCIState),
389 VMSTATE_UINT16(intr, UHCIState),
390 VMSTATE_UINT16(frnum, UHCIState),
391 VMSTATE_UINT32(fl_base_addr, UHCIState),
392 VMSTATE_UINT8(sof_timing, UHCIState),
393 VMSTATE_UINT8(status2, UHCIState),
394 VMSTATE_TIMER(frame_timer, UHCIState),
395 VMSTATE_INT64_V(expire_time, UHCIState, 2),
396 VMSTATE_END_OF_LIST()
400 static void uhci_ioport_writeb(void *opaque, uint32_t addr, uint32_t val)
402 UHCIState *s = opaque;
412 static uint32_t uhci_ioport_readb(void *opaque, uint32_t addr)
414 UHCIState *s = opaque;
429 static void uhci_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
431 UHCIState *s = opaque;
434 DPRINTF("uhci: writew port=0x%04x val=0x%04x\n", addr, val);
438 if ((val & UHCI_CMD_RS) && !(s->cmd & UHCI_CMD_RS)) {
439 /* start frame processing */
440 qemu_mod_timer(s->frame_timer, qemu_get_clock(vm_clock));
441 s->status &= ~UHCI_STS_HCHALTED;
442 } else if (!(val & UHCI_CMD_RS)) {
443 s->status |= UHCI_STS_HCHALTED;
445 if (val & UHCI_CMD_GRESET) {
450 /* send reset on the USB bus */
451 for(i = 0; i < NB_PORTS; i++) {
453 dev = port->port.dev;
455 usb_send_msg(dev, USB_MSG_RESET);
461 if (val & UHCI_CMD_HCRESET) {
469 /* XXX: the chip spec is not coherent, so we add a hidden
470 register to distinguish between IOC and SPD */
471 if (val & UHCI_STS_USBINT)
480 if (s->status & UHCI_STS_HCHALTED)
481 s->frnum = val & 0x7ff;
493 dev = port->port.dev;
496 if ( (val & UHCI_PORT_RESET) &&
497 !(port->ctrl & UHCI_PORT_RESET) ) {
498 usb_send_msg(dev, USB_MSG_RESET);
501 port->ctrl = (port->ctrl & 0x01fb) | (val & ~0x01fb);
502 /* some bits are reset when a '1' is written to them */
503 port->ctrl &= ~(val & 0x000a);
509 static uint32_t uhci_ioport_readw(void *opaque, uint32_t addr)
511 UHCIState *s = opaque;
541 val = 0xff7f; /* disabled port */
545 DPRINTF("uhci: readw port=0x%04x val=0x%04x\n", addr, val);
550 static void uhci_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
552 UHCIState *s = opaque;
555 DPRINTF("uhci: writel port=0x%04x val=0x%08x\n", addr, val);
559 s->fl_base_addr = val & ~0xfff;
564 static uint32_t uhci_ioport_readl(void *opaque, uint32_t addr)
566 UHCIState *s = opaque;
572 val = s->fl_base_addr;
581 /* signal resume if controller suspended */
582 static void uhci_resume (void *opaque)
584 UHCIState *s = (UHCIState *)opaque;
589 if (s->cmd & UHCI_CMD_EGSM) {
590 s->cmd |= UHCI_CMD_FGR;
591 s->status |= UHCI_STS_RD;
596 static void uhci_attach(USBPort *port1, USBDevice *dev)
598 UHCIState *s = port1->opaque;
599 UHCIPort *port = &s->ports[port1->index];
602 if (port->port.dev) {
603 usb_attach(port1, NULL);
605 /* set connect status */
606 port->ctrl |= UHCI_PORT_CCS | UHCI_PORT_CSC;
609 if (dev->speed == USB_SPEED_LOW)
610 port->ctrl |= UHCI_PORT_LSDA;
612 port->ctrl &= ~UHCI_PORT_LSDA;
616 port->port.dev = dev;
617 /* send the attach message */
618 usb_send_msg(dev, USB_MSG_ATTACH);
620 /* set connect status */
621 if (port->ctrl & UHCI_PORT_CCS) {
622 port->ctrl &= ~UHCI_PORT_CCS;
623 port->ctrl |= UHCI_PORT_CSC;
626 if (port->ctrl & UHCI_PORT_EN) {
627 port->ctrl &= ~UHCI_PORT_EN;
628 port->ctrl |= UHCI_PORT_ENC;
633 dev = port->port.dev;
635 /* send the detach message */
636 usb_send_msg(dev, USB_MSG_DETACH);
638 port->port.dev = NULL;
642 static int uhci_broadcast_packet(UHCIState *s, USBPacket *p)
646 DPRINTF("uhci: packet enter. pid %s addr 0x%02x ep %d len %d\n",
647 pid2str(p->pid), p->devaddr, p->devep, p->len);
648 if (p->pid == USB_TOKEN_OUT || p->pid == USB_TOKEN_SETUP)
649 dump_data(p->data, p->len);
652 for (i = 0; i < NB_PORTS && ret == USB_RET_NODEV; i++) {
653 UHCIPort *port = &s->ports[i];
654 USBDevice *dev = port->port.dev;
656 if (dev && (port->ctrl & UHCI_PORT_EN))
657 ret = dev->info->handle_packet(dev, p);
660 DPRINTF("uhci: packet exit. ret %d len %d\n", ret, p->len);
661 if (p->pid == USB_TOKEN_IN && ret > 0)
662 dump_data(p->data, ret);
667 static void uhci_async_complete(USBPacket * packet, void *opaque);
668 static void uhci_process_frame(UHCIState *s);
670 /* return -1 if fatal error (frame must be stopped)
672 1 if TD unsuccessful or inactive
674 static int uhci_complete_td(UHCIState *s, UHCI_TD *td, UHCIAsync *async, uint32_t *int_mask)
676 int len = 0, max_len, err, ret;
679 max_len = ((td->token >> 21) + 1) & 0x7ff;
680 pid = td->token & 0xff;
682 ret = async->packet.len;
684 if (td->ctrl & TD_CTRL_IOS)
685 td->ctrl &= ~TD_CTRL_ACTIVE;
690 len = async->packet.len;
691 td->ctrl = (td->ctrl & ~0x7ff) | ((len - 1) & 0x7ff);
693 /* The NAK bit may have been set by a previous frame, so clear it
694 here. The docs are somewhat unclear, but win2k relies on this
696 td->ctrl &= ~(TD_CTRL_ACTIVE | TD_CTRL_NAK);
697 if (td->ctrl & TD_CTRL_IOC)
700 if (pid == USB_TOKEN_IN) {
702 ret = USB_RET_BABBLE;
707 /* write the data back */
708 cpu_physical_memory_write(td->buffer, async->buffer, len);
711 if ((td->ctrl & TD_CTRL_SPD) && len < max_len) {
713 /* short packet: do not update QH */
714 DPRINTF("uhci: short packet. td 0x%x token 0x%x\n", async->td, async->token);
725 td->ctrl |= TD_CTRL_STALL;
726 td->ctrl &= ~TD_CTRL_ACTIVE;
730 td->ctrl |= TD_CTRL_BABBLE | TD_CTRL_STALL;
731 td->ctrl &= ~TD_CTRL_ACTIVE;
732 /* frame interrupted */
736 td->ctrl |= TD_CTRL_NAK;
737 if (pid == USB_TOKEN_SETUP)
746 /* Retry the TD if error count is not zero */
748 td->ctrl |= TD_CTRL_TIMEOUT;
749 err = (td->ctrl >> TD_CTRL_ERROR_SHIFT) & 3;
753 td->ctrl &= ~TD_CTRL_ACTIVE;
754 s->status |= UHCI_STS_USBERR;
755 if (td->ctrl & TD_CTRL_IOC)
760 td->ctrl = (td->ctrl & ~(3 << TD_CTRL_ERROR_SHIFT)) |
761 (err << TD_CTRL_ERROR_SHIFT);
765 static int uhci_handle_td(UHCIState *s, uint32_t addr, UHCI_TD *td, uint32_t *int_mask)
768 int len = 0, max_len;
773 if (!(td->ctrl & TD_CTRL_ACTIVE))
776 /* token field is not unique for isochronous requests,
777 * so use the destination buffer
779 if (td->ctrl & TD_CTRL_IOS) {
787 async = uhci_async_find_td(s, addr, token);
789 /* Already submitted */
795 uhci_async_unlink(s, async);
799 /* Allocate new packet */
800 async = uhci_async_alloc(s);
804 /* valid needs to be large enough to handle 10 frame delay
805 * for initial isochronous requests
809 async->token = token;
812 max_len = ((td->token >> 21) + 1) & 0x7ff;
813 pid = td->token & 0xff;
815 async->packet.pid = pid;
816 async->packet.devaddr = (td->token >> 8) & 0x7f;
817 async->packet.devep = (td->token >> 15) & 0xf;
818 async->packet.data = async->buffer;
819 async->packet.len = max_len;
820 async->packet.complete_cb = uhci_async_complete;
821 async->packet.complete_opaque = s;
825 case USB_TOKEN_SETUP:
826 cpu_physical_memory_read(td->buffer, async->buffer, max_len);
827 len = uhci_broadcast_packet(s, &async->packet);
833 len = uhci_broadcast_packet(s, &async->packet);
837 /* invalid pid : frame interrupted */
838 uhci_async_free(s, async);
839 s->status |= UHCI_STS_HCPERR;
844 if (len == USB_RET_ASYNC) {
845 uhci_async_link(s, async);
849 async->packet.len = len;
852 len = uhci_complete_td(s, td, async, int_mask);
853 uhci_async_free(s, async);
857 static void uhci_async_complete(USBPacket *packet, void *opaque)
859 UHCIState *s = opaque;
860 UHCIAsync *async = (UHCIAsync *) packet;
862 DPRINTF("uhci: async complete. td 0x%x token 0x%x\n", async->td, async->token);
866 uint32_t link = async->td;
867 uint32_t int_mask = 0, val;
869 cpu_physical_memory_read(link & ~0xf, (uint8_t *) &td, sizeof(td));
870 le32_to_cpus(&td.link);
871 le32_to_cpus(&td.ctrl);
872 le32_to_cpus(&td.token);
873 le32_to_cpus(&td.buffer);
875 uhci_async_unlink(s, async);
876 uhci_complete_td(s, &td, async, &int_mask);
877 s->pending_int_mask |= int_mask;
879 /* update the status bits of the TD */
880 val = cpu_to_le32(td.ctrl);
881 cpu_physical_memory_write((link & ~0xf) + 4,
882 (const uint8_t *)&val, sizeof(val));
883 uhci_async_free(s, async);
886 uhci_process_frame(s);
890 static int is_valid(uint32_t link)
892 return (link & 1) == 0;
895 static int is_qh(uint32_t link)
897 return (link & 2) != 0;
900 static int depth_first(uint32_t link)
902 return (link & 4) != 0;
905 /* QH DB used for detecting QH loops */
906 #define UHCI_MAX_QUEUES 128
908 uint32_t addr[UHCI_MAX_QUEUES];
912 static void qhdb_reset(QhDb *db)
917 /* Add QH to DB. Returns 1 if already present or DB is full. */
918 static int qhdb_insert(QhDb *db, uint32_t addr)
921 for (i = 0; i < db->count; i++)
922 if (db->addr[i] == addr)
925 if (db->count >= UHCI_MAX_QUEUES)
928 db->addr[db->count++] = addr;
932 static void uhci_process_frame(UHCIState *s)
934 uint32_t frame_addr, link, old_td_ctrl, val, int_mask;
941 frame_addr = s->fl_base_addr + ((s->frnum & 0x3ff) << 2);
943 DPRINTF("uhci: processing frame %d addr 0x%x\n" , s->frnum, frame_addr);
945 cpu_physical_memory_read(frame_addr, (uint8_t *)&link, 4);
953 for (cnt = FRAME_MAX_LOOPS; is_valid(link) && cnt; cnt--) {
957 if (qhdb_insert(&qhdb, link)) {
959 * We're going in circles. Which is not a bug because
960 * HCD is allowed to do that as part of the BW management.
961 * In our case though it makes no sense to spin here. Sync transations
962 * are already done, and async completion handler will re-process
963 * the frame when something is ready.
965 DPRINTF("uhci: detected loop. qh 0x%x\n", link);
969 cpu_physical_memory_read(link & ~0xf, (uint8_t *) &qh, sizeof(qh));
970 le32_to_cpus(&qh.link);
971 le32_to_cpus(&qh.el_link);
973 DPRINTF("uhci: QH 0x%x load. link 0x%x elink 0x%x\n",
974 link, qh.link, qh.el_link);
976 if (!is_valid(qh.el_link)) {
977 /* QH w/o elements */
981 /* QH with elements */
989 cpu_physical_memory_read(link & ~0xf, (uint8_t *) &td, sizeof(td));
990 le32_to_cpus(&td.link);
991 le32_to_cpus(&td.ctrl);
992 le32_to_cpus(&td.token);
993 le32_to_cpus(&td.buffer);
995 DPRINTF("uhci: TD 0x%x load. link 0x%x ctrl 0x%x token 0x%x qh 0x%x\n",
996 link, td.link, td.ctrl, td.token, curr_qh);
998 old_td_ctrl = td.ctrl;
999 ret = uhci_handle_td(s, link, &td, &int_mask);
1000 if (old_td_ctrl != td.ctrl) {
1001 /* update the status bits of the TD */
1002 val = cpu_to_le32(td.ctrl);
1003 cpu_physical_memory_write((link & ~0xf) + 4,
1004 (const uint8_t *)&val, sizeof(val));
1008 /* interrupted frame */
1012 if (ret == 2 || ret == 1) {
1013 DPRINTF("uhci: TD 0x%x %s. link 0x%x ctrl 0x%x token 0x%x qh 0x%x\n",
1014 link, ret == 2 ? "pend" : "skip",
1015 td.link, td.ctrl, td.token, curr_qh);
1017 link = curr_qh ? qh.link : td.link;
1023 DPRINTF("uhci: TD 0x%x done. link 0x%x ctrl 0x%x token 0x%x qh 0x%x\n",
1024 link, td.link, td.ctrl, td.token, curr_qh);
1029 /* update QH element link */
1031 val = cpu_to_le32(qh.el_link);
1032 cpu_physical_memory_write((curr_qh & ~0xf) + 4,
1033 (const uint8_t *)&val, sizeof(val));
1035 if (!depth_first(link)) {
1036 /* done with this QH */
1038 DPRINTF("uhci: QH 0x%x done. link 0x%x elink 0x%x\n",
1039 curr_qh, qh.link, qh.el_link);
1046 /* go to the next entry */
1049 s->pending_int_mask |= int_mask;
1052 static void uhci_frame_timer(void *opaque)
1054 UHCIState *s = opaque;
1056 /* prepare the timer for the next frame */
1057 s->expire_time += (get_ticks_per_sec() / FRAME_TIMER_FREQ);
1059 if (!(s->cmd & UHCI_CMD_RS)) {
1061 qemu_del_timer(s->frame_timer);
1062 /* set hchalted bit in status - UHCI11D 2.1.2 */
1063 s->status |= UHCI_STS_HCHALTED;
1065 DPRINTF("uhci: halted\n");
1069 /* Complete the previous frame */
1070 if (s->pending_int_mask) {
1071 s->status2 |= s->pending_int_mask;
1072 s->status |= UHCI_STS_USBINT;
1075 s->pending_int_mask = 0;
1077 /* Start new frame */
1078 s->frnum = (s->frnum + 1) & 0x7ff;
1080 DPRINTF("uhci: new frame #%u\n" , s->frnum);
1082 uhci_async_validate_begin(s);
1084 uhci_process_frame(s);
1086 uhci_async_validate_end(s);
1088 qemu_mod_timer(s->frame_timer, s->expire_time);
1091 static void uhci_map(PCIDevice *pci_dev, int region_num,
1092 pcibus_t addr, pcibus_t size, int type)
1094 UHCIState *s = (UHCIState *)pci_dev;
1096 register_ioport_write(addr, 32, 2, uhci_ioport_writew, s);
1097 register_ioport_read(addr, 32, 2, uhci_ioport_readw, s);
1098 register_ioport_write(addr, 32, 4, uhci_ioport_writel, s);
1099 register_ioport_read(addr, 32, 4, uhci_ioport_readl, s);
1100 register_ioport_write(addr, 32, 1, uhci_ioport_writeb, s);
1101 register_ioport_read(addr, 32, 1, uhci_ioport_readb, s);
1104 static int usb_uhci_common_initfn(UHCIState *s)
1106 uint8_t *pci_conf = s->dev.config;
1109 pci_conf[PCI_REVISION_ID] = 0x01; // revision number
1110 pci_conf[PCI_CLASS_PROG] = 0x00;
1111 pci_config_set_class(pci_conf, PCI_CLASS_SERIAL_USB);
1112 /* TODO: reset value should be 0. */
1113 pci_conf[PCI_INTERRUPT_PIN] = 4; // interrupt pin 3
1114 pci_conf[0x60] = 0x10; // release number
1116 usb_bus_new(&s->bus, &s->dev.qdev);
1117 for(i = 0; i < NB_PORTS; i++) {
1118 usb_register_port(&s->bus, &s->ports[i].port, s, i, NULL, uhci_attach);
1120 s->frame_timer = qemu_new_timer(vm_clock, uhci_frame_timer, s);
1121 s->expire_time = qemu_get_clock(vm_clock) +
1122 (get_ticks_per_sec() / FRAME_TIMER_FREQ);
1123 s->num_ports_vmstate = NB_PORTS;
1125 qemu_register_reset(uhci_reset, s);
1127 /* Use region 4 for consistency with real hardware. BSD guests seem
1129 pci_register_bar(&s->dev, 4, 0x20,
1130 PCI_BASE_ADDRESS_SPACE_IO, uhci_map);
1135 static int usb_uhci_piix3_initfn(PCIDevice *dev)
1137 UHCIState *s = DO_UPCAST(UHCIState, dev, dev);
1138 uint8_t *pci_conf = s->dev.config;
1140 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
1141 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371SB_2);
1142 return usb_uhci_common_initfn(s);
1145 static int usb_uhci_piix4_initfn(PCIDevice *dev)
1147 UHCIState *s = DO_UPCAST(UHCIState, dev, dev);
1148 uint8_t *pci_conf = s->dev.config;
1150 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
1151 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82371AB_2);
1152 return usb_uhci_common_initfn(s);
1155 static int usb_uhci_vt82c686b_initfn(PCIDevice *dev)
1157 UHCIState *s = DO_UPCAST(UHCIState, dev, dev);
1158 uint8_t *pci_conf = s->dev.config;
1160 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_VIA);
1161 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_VIA_UHCI);
1163 /* USB misc control 1/2 */
1164 pci_set_long(pci_conf + 0x40,0x00001000);
1166 pci_set_long(pci_conf + 0x80,0x00020001);
1167 /* USB legacy support */
1168 pci_set_long(pci_conf + 0xc0,0x00002000);
1170 return usb_uhci_common_initfn(s);
1173 static PCIDeviceInfo uhci_info[] = {
1175 .qdev.name = "piix3-usb-uhci",
1176 .qdev.size = sizeof(UHCIState),
1177 .qdev.vmsd = &vmstate_uhci,
1178 .init = usb_uhci_piix3_initfn,
1180 .qdev.name = "piix4-usb-uhci",
1181 .qdev.size = sizeof(UHCIState),
1182 .qdev.vmsd = &vmstate_uhci,
1183 .init = usb_uhci_piix4_initfn,
1185 .qdev.name = "vt82c686b-usb-uhci",
1186 .qdev.size = sizeof(UHCIState),
1187 .qdev.vmsd = &vmstate_uhci,
1188 .init = usb_uhci_vt82c686b_initfn,
1194 static void uhci_register(void)
1196 pci_qdev_register_many(uhci_info);
1198 device_init(uhci_register);
1200 void usb_uhci_piix3_init(PCIBus *bus, int devfn)
1202 pci_create_simple(bus, devfn, "piix3-usb-uhci");
1205 void usb_uhci_piix4_init(PCIBus *bus, int devfn)
1207 pci_create_simple(bus, devfn, "piix4-usb-uhci");
1210 void usb_uhci_vt82c686b_init(PCIBus *bus, int devfn)
1212 pci_create_simple(bus, devfn, "vt82c686b-usb-uhci");
projects / qemu.git / blob