2 * QEMU USB EHCI Emulation
4 * Copyright(c) 2008 Emutex Ltd. (address@hidden)
5 * Copyright(c) 2011-2012 Red Hat, Inc.
11 * EHCI project was started by Mark Burkley, with contributions by
12 * Niels de Vos. David S. Ahern continued working on it. Kevin Wolf,
13 * Jan Kiszka and Vincent Palatin contributed bugfixes.
15 * This library is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU Lesser General Public
17 * License as published by the Free Software Foundation; either
18 * version 2.1 of the License, or (at your option) any later version.
20 * This library is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23 * Lesser General Public License for more details.
25 * You should have received a copy of the GNU Lesser General Public License
26 * along with this program; if not, see <http://www.gnu.org/licenses/>.
29 #include "qemu/osdep.h"
30 #include "qapi/error.h"
32 #include "hw/usb/ehci-regs.h"
33 #include "hw/usb/hcd-ehci.h"
34 #include "migration/vmstate.h"
36 #include "qemu/error-report.h"
37 #include "qemu/main-loop.h"
39 #define FRAME_TIMER_FREQ 1000
40 #define FRAME_TIMER_NS (NANOSECONDS_PER_SECOND / FRAME_TIMER_FREQ)
41 #define UFRAME_TIMER_NS (FRAME_TIMER_NS / 8)
43 #define NB_MAXINTRATE 8 // Max rate at which controller issues ints
44 #define BUFF_SIZE 5*4096 // Max bytes to transfer per transaction
45 #define MAX_QH 100 // Max allowable queue heads in a chain
46 #define MIN_UFR_PER_TICK 24 /* Min frames to process when catching up */
47 #define PERIODIC_ACTIVE 512 /* Micro-frames */
49 /* Internal periodic / asynchronous schedule state machine states
56 /* The following states are internal to the state machine function
70 /* macros for accessing fields within next link pointer entry */
71 #define NLPTR_GET(x) ((x) & 0xffffffe0)
72 #define NLPTR_TYPE_GET(x) (((x) >> 1) & 3)
73 #define NLPTR_TBIT(x) ((x) & 1) // 1=invalid, 0=valid
75 /* link pointer types */
76 #define NLPTR_TYPE_ITD 0 // isoc xfer descriptor
77 #define NLPTR_TYPE_QH 1 // queue head
78 #define NLPTR_TYPE_STITD 2 // split xaction, isoc xfer descriptor
79 #define NLPTR_TYPE_FSTN 3 // frame span traversal node
81 #define SET_LAST_RUN_CLOCK(s) \
82 (s)->last_run_ns = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
84 /* nifty macros from Arnon's EHCI version */
85 #define get_field(data, field) \
86 (((data) & field##_MASK) >> field##_SH)
88 #define set_field(data, newval, field) do { \
89 uint32_t val = *data; \
90 val &= ~ field##_MASK; \
91 val |= ((newval) << field##_SH) & field##_MASK; \
95 static const char *ehci_state_names[] = {
96 [EST_INACTIVE] = "INACTIVE",
97 [EST_ACTIVE] = "ACTIVE",
98 [EST_EXECUTING] = "EXECUTING",
99 [EST_SLEEPING] = "SLEEPING",
100 [EST_WAITLISTHEAD] = "WAITLISTHEAD",
101 [EST_FETCHENTRY] = "FETCH ENTRY",
102 [EST_FETCHQH] = "FETCH QH",
103 [EST_FETCHITD] = "FETCH ITD",
104 [EST_ADVANCEQUEUE] = "ADVANCEQUEUE",
105 [EST_FETCHQTD] = "FETCH QTD",
106 [EST_EXECUTE] = "EXECUTE",
107 [EST_WRITEBACK] = "WRITEBACK",
108 [EST_HORIZONTALQH] = "HORIZONTALQH",
111 static const char *ehci_mmio_names[] = {
114 [USBINTR] = "USBINTR",
115 [FRINDEX] = "FRINDEX",
116 [PERIODICLISTBASE] = "P-LIST BASE",
117 [ASYNCLISTADDR] = "A-LIST ADDR",
118 [CONFIGFLAG] = "CONFIGFLAG",
121 static int ehci_state_executing(EHCIQueue *q);
122 static int ehci_state_writeback(EHCIQueue *q);
123 static int ehci_state_advqueue(EHCIQueue *q);
124 static int ehci_fill_queue(EHCIPacket *p);
125 static void ehci_free_packet(EHCIPacket *p);
127 static const char *nr2str(const char **n, size_t len, uint32_t nr)
129 if (nr < len && n[nr] != NULL) {
136 static const char *state2str(uint32_t state)
138 return nr2str(ehci_state_names, ARRAY_SIZE(ehci_state_names), state);
141 static const char *addr2str(hwaddr addr)
143 return nr2str(ehci_mmio_names, ARRAY_SIZE(ehci_mmio_names), addr);
146 static void ehci_trace_usbsts(uint32_t mask, int state)
149 if (mask & USBSTS_INT) {
150 trace_usb_ehci_usbsts("INT", state);
152 if (mask & USBSTS_ERRINT) {
153 trace_usb_ehci_usbsts("ERRINT", state);
155 if (mask & USBSTS_PCD) {
156 trace_usb_ehci_usbsts("PCD", state);
158 if (mask & USBSTS_FLR) {
159 trace_usb_ehci_usbsts("FLR", state);
161 if (mask & USBSTS_HSE) {
162 trace_usb_ehci_usbsts("HSE", state);
164 if (mask & USBSTS_IAA) {
165 trace_usb_ehci_usbsts("IAA", state);
169 if (mask & USBSTS_HALT) {
170 trace_usb_ehci_usbsts("HALT", state);
172 if (mask & USBSTS_REC) {
173 trace_usb_ehci_usbsts("REC", state);
175 if (mask & USBSTS_PSS) {
176 trace_usb_ehci_usbsts("PSS", state);
178 if (mask & USBSTS_ASS) {
179 trace_usb_ehci_usbsts("ASS", state);
183 static inline void ehci_set_usbsts(EHCIState *s, int mask)
185 if ((s->usbsts & mask) == mask) {
188 ehci_trace_usbsts(mask, 1);
192 static inline void ehci_clear_usbsts(EHCIState *s, int mask)
194 if ((s->usbsts & mask) == 0) {
197 ehci_trace_usbsts(mask, 0);
201 /* update irq line */
202 static inline void ehci_update_irq(EHCIState *s)
206 if ((s->usbsts & USBINTR_MASK) & s->usbintr) {
210 trace_usb_ehci_irq(level, s->frindex, s->usbsts, s->usbintr);
211 qemu_set_irq(s->irq, level);
214 /* flag interrupt condition */
215 static inline void ehci_raise_irq(EHCIState *s, int intr)
217 if (intr & (USBSTS_PCD | USBSTS_FLR | USBSTS_HSE)) {
221 s->usbsts_pending |= intr;
226 * Commit pending interrupts (added via ehci_raise_irq),
227 * at the rate allowed by "Interrupt Threshold Control".
229 static inline void ehci_commit_irq(EHCIState *s)
233 if (!s->usbsts_pending) {
236 if (s->usbsts_frindex > s->frindex) {
240 itc = (s->usbcmd >> 16) & 0xff;
241 s->usbsts |= s->usbsts_pending;
242 s->usbsts_pending = 0;
243 s->usbsts_frindex = s->frindex + itc;
247 static void ehci_update_halt(EHCIState *s)
249 if (s->usbcmd & USBCMD_RUNSTOP) {
250 ehci_clear_usbsts(s, USBSTS_HALT);
252 if (s->astate == EST_INACTIVE && s->pstate == EST_INACTIVE) {
253 ehci_set_usbsts(s, USBSTS_HALT);
258 static void ehci_set_state(EHCIState *s, int async, int state)
261 trace_usb_ehci_state("async", state2str(state));
263 if (s->astate == EST_INACTIVE) {
264 ehci_clear_usbsts(s, USBSTS_ASS);
267 ehci_set_usbsts(s, USBSTS_ASS);
270 trace_usb_ehci_state("periodic", state2str(state));
272 if (s->pstate == EST_INACTIVE) {
273 ehci_clear_usbsts(s, USBSTS_PSS);
276 ehci_set_usbsts(s, USBSTS_PSS);
281 static int ehci_get_state(EHCIState *s, int async)
283 return async ? s->astate : s->pstate;
286 static void ehci_set_fetch_addr(EHCIState *s, int async, uint32_t addr)
289 s->a_fetch_addr = addr;
291 s->p_fetch_addr = addr;
295 static int ehci_get_fetch_addr(EHCIState *s, int async)
297 return async ? s->a_fetch_addr : s->p_fetch_addr;
300 static void ehci_trace_qh(EHCIQueue *q, hwaddr addr, EHCIqh *qh)
302 /* need three here due to argument count limits */
303 trace_usb_ehci_qh_ptrs(q, addr, qh->next,
304 qh->current_qtd, qh->next_qtd, qh->altnext_qtd);
305 trace_usb_ehci_qh_fields(addr,
306 get_field(qh->epchar, QH_EPCHAR_RL),
307 get_field(qh->epchar, QH_EPCHAR_MPLEN),
308 get_field(qh->epchar, QH_EPCHAR_EPS),
309 get_field(qh->epchar, QH_EPCHAR_EP),
310 get_field(qh->epchar, QH_EPCHAR_DEVADDR));
311 trace_usb_ehci_qh_bits(addr,
312 (bool)(qh->epchar & QH_EPCHAR_C),
313 (bool)(qh->epchar & QH_EPCHAR_H),
314 (bool)(qh->epchar & QH_EPCHAR_DTC),
315 (bool)(qh->epchar & QH_EPCHAR_I));
318 static void ehci_trace_qtd(EHCIQueue *q, hwaddr addr, EHCIqtd *qtd)
320 /* need three here due to argument count limits */
321 trace_usb_ehci_qtd_ptrs(q, addr, qtd->next, qtd->altnext);
322 trace_usb_ehci_qtd_fields(addr,
323 get_field(qtd->token, QTD_TOKEN_TBYTES),
324 get_field(qtd->token, QTD_TOKEN_CPAGE),
325 get_field(qtd->token, QTD_TOKEN_CERR),
326 get_field(qtd->token, QTD_TOKEN_PID));
327 trace_usb_ehci_qtd_bits(addr,
328 (bool)(qtd->token & QTD_TOKEN_IOC),
329 (bool)(qtd->token & QTD_TOKEN_ACTIVE),
330 (bool)(qtd->token & QTD_TOKEN_HALT),
331 (bool)(qtd->token & QTD_TOKEN_BABBLE),
332 (bool)(qtd->token & QTD_TOKEN_XACTERR));
335 static void ehci_trace_itd(EHCIState *s, hwaddr addr, EHCIitd *itd)
337 trace_usb_ehci_itd(addr, itd->next,
338 get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT),
339 get_field(itd->bufptr[2], ITD_BUFPTR_MULT),
340 get_field(itd->bufptr[0], ITD_BUFPTR_EP),
341 get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR));
344 static void ehci_trace_sitd(EHCIState *s, hwaddr addr,
347 trace_usb_ehci_sitd(addr, sitd->next,
348 (bool)(sitd->results & SITD_RESULTS_ACTIVE));
351 static void ehci_trace_guest_bug(EHCIState *s, const char *message)
353 trace_usb_ehci_guest_bug(message);
354 warn_report("%s", message);
357 static inline bool ehci_enabled(EHCIState *s)
359 return s->usbcmd & USBCMD_RUNSTOP;
362 static inline bool ehci_async_enabled(EHCIState *s)
364 return ehci_enabled(s) && (s->usbcmd & USBCMD_ASE);
367 static inline bool ehci_periodic_enabled(EHCIState *s)
369 return ehci_enabled(s) && (s->usbcmd & USBCMD_PSE);
372 /* Get an array of dwords from main memory */
373 static inline int get_dwords(EHCIState *ehci, uint32_t addr,
374 uint32_t *buf, int num)
379 ehci_raise_irq(ehci, USBSTS_HSE);
380 ehci->usbcmd &= ~USBCMD_RUNSTOP;
381 trace_usb_ehci_dma_error();
385 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
386 dma_memory_read(ehci->as, addr, buf, sizeof(*buf));
387 *buf = le32_to_cpu(*buf);
393 /* Put an array of dwords in to main memory */
394 static inline int put_dwords(EHCIState *ehci, uint32_t addr,
395 uint32_t *buf, int num)
400 ehci_raise_irq(ehci, USBSTS_HSE);
401 ehci->usbcmd &= ~USBCMD_RUNSTOP;
402 trace_usb_ehci_dma_error();
406 for (i = 0; i < num; i++, buf++, addr += sizeof(*buf)) {
407 uint32_t tmp = cpu_to_le32(*buf);
408 dma_memory_write(ehci->as, addr, &tmp, sizeof(tmp));
414 static int ehci_get_pid(EHCIqtd *qtd)
416 switch (get_field(qtd->token, QTD_TOKEN_PID)) {
418 return USB_TOKEN_OUT;
422 return USB_TOKEN_SETUP;
424 fprintf(stderr, "bad token\n");
429 static bool ehci_verify_qh(EHCIQueue *q, EHCIqh *qh)
431 uint32_t devaddr = get_field(qh->epchar, QH_EPCHAR_DEVADDR);
432 uint32_t endp = get_field(qh->epchar, QH_EPCHAR_EP);
433 if ((devaddr != get_field(q->qh.epchar, QH_EPCHAR_DEVADDR)) ||
434 (endp != get_field(q->qh.epchar, QH_EPCHAR_EP)) ||
435 (qh->current_qtd != q->qh.current_qtd) ||
436 (q->async && qh->next_qtd != q->qh.next_qtd) ||
437 (memcmp(&qh->altnext_qtd, &q->qh.altnext_qtd,
438 7 * sizeof(uint32_t)) != 0) ||
439 (q->dev != NULL && q->dev->addr != devaddr)) {
446 static bool ehci_verify_qtd(EHCIPacket *p, EHCIqtd *qtd)
448 if (p->qtdaddr != p->queue->qtdaddr ||
449 (p->queue->async && !NLPTR_TBIT(p->qtd.next) &&
450 (p->qtd.next != qtd->next)) ||
451 (!NLPTR_TBIT(p->qtd.altnext) && (p->qtd.altnext != qtd->altnext)) ||
452 p->qtd.token != qtd->token ||
453 p->qtd.bufptr[0] != qtd->bufptr[0]) {
460 static bool ehci_verify_pid(EHCIQueue *q, EHCIqtd *qtd)
462 int ep = get_field(q->qh.epchar, QH_EPCHAR_EP);
463 int pid = ehci_get_pid(qtd);
465 /* Note the pid changing is normal for ep 0 (the control ep) */
466 if (q->last_pid && ep != 0 && pid != q->last_pid) {
473 /* Finish executing and writeback a packet outside of the regular
474 fetchqh -> fetchqtd -> execute -> writeback cycle */
475 static void ehci_writeback_async_complete_packet(EHCIPacket *p)
477 EHCIQueue *q = p->queue;
482 /* Verify the qh + qtd, like we do when going through fetchqh & fetchqtd */
483 get_dwords(q->ehci, NLPTR_GET(q->qhaddr),
484 (uint32_t *) &qh, sizeof(EHCIqh) >> 2);
485 get_dwords(q->ehci, NLPTR_GET(q->qtdaddr),
486 (uint32_t *) &qtd, sizeof(EHCIqtd) >> 2);
487 if (!ehci_verify_qh(q, &qh) || !ehci_verify_qtd(p, &qtd)) {
488 p->async = EHCI_ASYNC_INITIALIZED;
493 state = ehci_get_state(q->ehci, q->async);
494 ehci_state_executing(q);
495 ehci_state_writeback(q); /* Frees the packet! */
496 if (!(q->qh.token & QTD_TOKEN_HALT)) {
497 ehci_state_advqueue(q);
499 ehci_set_state(q->ehci, q->async, state);
502 /* packet management */
504 static EHCIPacket *ehci_alloc_packet(EHCIQueue *q)
508 p = g_new0(EHCIPacket, 1);
510 usb_packet_init(&p->packet);
511 QTAILQ_INSERT_TAIL(&q->packets, p, next);
512 trace_usb_ehci_packet_action(p->queue, p, "alloc");
516 static void ehci_free_packet(EHCIPacket *p)
518 if (p->async == EHCI_ASYNC_FINISHED &&
519 !(p->queue->qh.token & QTD_TOKEN_HALT)) {
520 ehci_writeback_async_complete_packet(p);
523 trace_usb_ehci_packet_action(p->queue, p, "free");
524 if (p->async == EHCI_ASYNC_INFLIGHT) {
525 usb_cancel_packet(&p->packet);
527 if (p->async == EHCI_ASYNC_FINISHED &&
528 p->packet.status == USB_RET_SUCCESS) {
530 "EHCI: Dropping completed packet from halted %s ep %02X\n",
531 (p->pid == USB_TOKEN_IN) ? "in" : "out",
532 get_field(p->queue->qh.epchar, QH_EPCHAR_EP));
534 if (p->async != EHCI_ASYNC_NONE) {
535 usb_packet_unmap(&p->packet, &p->sgl);
536 qemu_sglist_destroy(&p->sgl);
538 QTAILQ_REMOVE(&p->queue->packets, p, next);
539 usb_packet_cleanup(&p->packet);
543 /* queue management */
545 static EHCIQueue *ehci_alloc_queue(EHCIState *ehci, uint32_t addr, int async)
547 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
550 q = g_malloc0(sizeof(*q));
554 QTAILQ_INIT(&q->packets);
555 QTAILQ_INSERT_HEAD(head, q, next);
556 trace_usb_ehci_queue_action(q, "alloc");
560 static void ehci_queue_stopped(EHCIQueue *q)
562 int endp = get_field(q->qh.epchar, QH_EPCHAR_EP);
564 if (!q->last_pid || !q->dev) {
568 usb_device_ep_stopped(q->dev, usb_ep_get(q->dev, q->last_pid, endp));
571 static int ehci_cancel_queue(EHCIQueue *q)
576 p = QTAILQ_FIRST(&q->packets);
581 trace_usb_ehci_queue_action(q, "cancel");
585 } while ((p = QTAILQ_FIRST(&q->packets)) != NULL);
588 ehci_queue_stopped(q);
592 static int ehci_reset_queue(EHCIQueue *q)
596 trace_usb_ehci_queue_action(q, "reset");
597 packets = ehci_cancel_queue(q);
604 static void ehci_free_queue(EHCIQueue *q, const char *warn)
606 EHCIQueueHead *head = q->async ? &q->ehci->aqueues : &q->ehci->pqueues;
609 trace_usb_ehci_queue_action(q, "free");
610 cancelled = ehci_cancel_queue(q);
611 if (warn && cancelled > 0) {
612 ehci_trace_guest_bug(q->ehci, warn);
614 QTAILQ_REMOVE(head, q, next);
618 static EHCIQueue *ehci_find_queue_by_qh(EHCIState *ehci, uint32_t addr,
621 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
624 QTAILQ_FOREACH(q, head, next) {
625 if (addr == q->qhaddr) {
632 static void ehci_queues_rip_unused(EHCIState *ehci, int async)
634 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
635 const char *warn = async ? "guest unlinked busy QH" : NULL;
636 uint64_t maxage = FRAME_TIMER_NS * ehci->maxframes * 4;
639 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
642 q->ts = ehci->last_run_ns;
645 if (ehci->last_run_ns < q->ts + maxage) {
648 ehci_free_queue(q, warn);
652 static void ehci_queues_rip_unseen(EHCIState *ehci, int async)
654 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
657 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
659 ehci_free_queue(q, NULL);
664 static void ehci_queues_rip_device(EHCIState *ehci, USBDevice *dev, int async)
666 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
669 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
673 ehci_free_queue(q, NULL);
677 static void ehci_queues_rip_all(EHCIState *ehci, int async)
679 EHCIQueueHead *head = async ? &ehci->aqueues : &ehci->pqueues;
680 const char *warn = async ? "guest stopped busy async schedule" : NULL;
683 QTAILQ_FOREACH_SAFE(q, head, next, tmp) {
684 ehci_free_queue(q, warn);
688 /* Attach or detach a device on root hub */
690 static void ehci_attach(USBPort *port)
692 EHCIState *s = port->opaque;
693 uint32_t *portsc = &s->portsc[port->index];
694 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci";
696 trace_usb_ehci_port_attach(port->index, owner, port->dev->product_desc);
698 if (*portsc & PORTSC_POWNER) {
699 USBPort *companion = s->companion_ports[port->index];
700 companion->dev = port->dev;
701 companion->ops->attach(companion);
705 *portsc |= PORTSC_CONNECT;
706 *portsc |= PORTSC_CSC;
708 ehci_raise_irq(s, USBSTS_PCD);
711 static void ehci_detach(USBPort *port)
713 EHCIState *s = port->opaque;
714 uint32_t *portsc = &s->portsc[port->index];
715 const char *owner = (*portsc & PORTSC_POWNER) ? "comp" : "ehci";
717 trace_usb_ehci_port_detach(port->index, owner);
719 if (*portsc & PORTSC_POWNER) {
720 USBPort *companion = s->companion_ports[port->index];
721 companion->ops->detach(companion);
722 companion->dev = NULL;
724 * EHCI spec 4.2.2: "When a disconnect occurs... On the event,
725 * the port ownership is returned immediately to the EHCI controller."
727 *portsc &= ~PORTSC_POWNER;
731 ehci_queues_rip_device(s, port->dev, 0);
732 ehci_queues_rip_device(s, port->dev, 1);
734 *portsc &= ~(PORTSC_CONNECT|PORTSC_PED|PORTSC_SUSPEND);
735 *portsc |= PORTSC_CSC;
737 ehci_raise_irq(s, USBSTS_PCD);
740 static void ehci_child_detach(USBPort *port, USBDevice *child)
742 EHCIState *s = port->opaque;
743 uint32_t portsc = s->portsc[port->index];
745 if (portsc & PORTSC_POWNER) {
746 USBPort *companion = s->companion_ports[port->index];
747 companion->ops->child_detach(companion, child);
751 ehci_queues_rip_device(s, child, 0);
752 ehci_queues_rip_device(s, child, 1);
755 static void ehci_wakeup(USBPort *port)
757 EHCIState *s = port->opaque;
758 uint32_t *portsc = &s->portsc[port->index];
760 if (*portsc & PORTSC_POWNER) {
761 USBPort *companion = s->companion_ports[port->index];
762 if (companion->ops->wakeup) {
763 companion->ops->wakeup(companion);
768 if (*portsc & PORTSC_SUSPEND) {
769 trace_usb_ehci_port_wakeup(port->index);
770 *portsc |= PORTSC_FPRES;
771 ehci_raise_irq(s, USBSTS_PCD);
774 qemu_bh_schedule(s->async_bh);
777 static void ehci_register_companion(USBBus *bus, USBPort *ports[],
778 uint32_t portcount, uint32_t firstport,
781 EHCIState *s = container_of(bus, EHCIState, bus);
784 if (firstport + portcount > NB_PORTS) {
785 error_setg(errp, "firstport must be between 0 and %u",
786 NB_PORTS - portcount);
790 for (i = 0; i < portcount; i++) {
791 if (s->companion_ports[firstport + i]) {
792 error_setg(errp, "firstport %u asks for ports %u-%u,"
793 " but port %u has a companion assigned already",
794 firstport, firstport, firstport + portcount - 1,
800 for (i = 0; i < portcount; i++) {
801 s->companion_ports[firstport + i] = ports[i];
802 s->ports[firstport + i].speedmask |=
803 USB_SPEED_MASK_LOW | USB_SPEED_MASK_FULL;
804 /* Ensure devs attached before the initial reset go to the companion */
805 s->portsc[firstport + i] = PORTSC_POWNER;
808 s->companion_count++;
809 s->caps[0x05] = (s->companion_count << 4) | portcount;
812 static void ehci_wakeup_endpoint(USBBus *bus, USBEndpoint *ep,
815 EHCIState *s = container_of(bus, EHCIState, bus);
816 uint32_t portsc = s->portsc[ep->dev->port->index];
818 if (portsc & PORTSC_POWNER) {
822 s->periodic_sched_active = PERIODIC_ACTIVE;
823 qemu_bh_schedule(s->async_bh);
826 static USBDevice *ehci_find_device(EHCIState *ehci, uint8_t addr)
832 for (i = 0; i < NB_PORTS; i++) {
833 port = &ehci->ports[i];
834 if (!(ehci->portsc[i] & PORTSC_PED)) {
835 DPRINTF("Port %d not enabled\n", i);
838 dev = usb_find_device(port, addr);
846 /* 4.1 host controller initialization */
847 void ehci_reset(void *opaque)
849 EHCIState *s = opaque;
851 USBDevice *devs[NB_PORTS];
853 trace_usb_ehci_reset();
856 * Do the detach before touching portsc, so that it correctly gets send to
857 * us or to our companion based on PORTSC_POWNER before the reset.
859 for(i = 0; i < NB_PORTS; i++) {
860 devs[i] = s->ports[i].dev;
861 if (devs[i] && devs[i]->attached) {
862 usb_detach(&s->ports[i]);
866 memset(&s->opreg, 0x00, sizeof(s->opreg));
867 memset(&s->portsc, 0x00, sizeof(s->portsc));
869 s->usbcmd = NB_MAXINTRATE << USBCMD_ITC_SH;
870 s->usbsts = USBSTS_HALT;
871 s->usbsts_pending = 0;
872 s->usbsts_frindex = 0;
875 s->astate = EST_INACTIVE;
876 s->pstate = EST_INACTIVE;
878 for(i = 0; i < NB_PORTS; i++) {
879 if (s->companion_ports[i]) {
880 s->portsc[i] = PORTSC_POWNER | PORTSC_PPOWER;
882 s->portsc[i] = PORTSC_PPOWER;
884 if (devs[i] && devs[i]->attached) {
885 usb_attach(&s->ports[i]);
886 usb_device_reset(devs[i]);
889 ehci_queues_rip_all(s, 0);
890 ehci_queues_rip_all(s, 1);
891 timer_del(s->frame_timer);
892 qemu_bh_cancel(s->async_bh);
895 static uint64_t ehci_caps_read(void *ptr, hwaddr addr,
899 return s->caps[addr];
902 static void ehci_caps_write(void *ptr, hwaddr addr,
903 uint64_t val, unsigned size)
907 static uint64_t ehci_opreg_read(void *ptr, hwaddr addr,
915 /* Round down to mult of 8, else it can go backwards on migration */
916 val = s->frindex & ~7;
919 val = s->opreg[addr >> 2];
922 trace_usb_ehci_opreg_read(addr + s->opregbase, addr2str(addr), val);
926 static uint64_t ehci_port_read(void *ptr, hwaddr addr,
932 val = s->portsc[addr >> 2];
933 trace_usb_ehci_portsc_read(addr + s->portscbase, addr >> 2, val);
937 static void handle_port_owner_write(EHCIState *s, int port, uint32_t owner)
939 USBDevice *dev = s->ports[port].dev;
940 uint32_t *portsc = &s->portsc[port];
943 if (s->companion_ports[port] == NULL)
946 owner = owner & PORTSC_POWNER;
947 orig = *portsc & PORTSC_POWNER;
949 if (!(owner ^ orig)) {
953 if (dev && dev->attached) {
954 usb_detach(&s->ports[port]);
957 *portsc &= ~PORTSC_POWNER;
960 if (dev && dev->attached) {
961 usb_attach(&s->ports[port]);
965 static void ehci_port_write(void *ptr, hwaddr addr,
966 uint64_t val, unsigned size)
969 int port = addr >> 2;
970 uint32_t *portsc = &s->portsc[port];
971 uint32_t old = *portsc;
972 USBDevice *dev = s->ports[port].dev;
974 trace_usb_ehci_portsc_write(addr + s->portscbase, addr >> 2, val);
977 *portsc &= ~(val & PORTSC_RWC_MASK);
978 /* The guest may clear, but not set the PED bit */
979 *portsc &= val | ~PORTSC_PED;
980 /* POWNER is masked out by RO_MASK as it is RO when we've no companion */
981 handle_port_owner_write(s, port, val);
982 /* And finally apply RO_MASK */
983 val &= PORTSC_RO_MASK;
985 if ((val & PORTSC_PRESET) && !(*portsc & PORTSC_PRESET)) {
986 trace_usb_ehci_port_reset(port, 1);
989 if (!(val & PORTSC_PRESET) &&(*portsc & PORTSC_PRESET)) {
990 trace_usb_ehci_port_reset(port, 0);
991 if (dev && dev->attached) {
992 usb_port_reset(&s->ports[port]);
993 *portsc &= ~PORTSC_CSC;
997 * Table 2.16 Set the enable bit(and enable bit change) to indicate
998 * to SW that this port has a high speed device attached
1000 if (dev && dev->attached && (dev->speedmask & USB_SPEED_MASK_HIGH)) {
1005 if ((val & PORTSC_SUSPEND) && !(*portsc & PORTSC_SUSPEND)) {
1006 trace_usb_ehci_port_suspend(port);
1008 if (!(val & PORTSC_FPRES) && (*portsc & PORTSC_FPRES)) {
1009 trace_usb_ehci_port_resume(port);
1010 val &= ~PORTSC_SUSPEND;
1013 *portsc &= ~PORTSC_RO_MASK;
1015 trace_usb_ehci_portsc_change(addr + s->portscbase, addr >> 2, *portsc, old);
1018 static void ehci_opreg_write(void *ptr, hwaddr addr,
1019 uint64_t val, unsigned size)
1022 uint32_t *mmio = s->opreg + (addr >> 2);
1023 uint32_t old = *mmio;
1026 trace_usb_ehci_opreg_write(addr + s->opregbase, addr2str(addr), val);
1030 if (val & USBCMD_HCRESET) {
1036 /* not supporting dynamic frame list size at the moment */
1037 if ((val & USBCMD_FLS) && !(s->usbcmd & USBCMD_FLS)) {
1038 fprintf(stderr, "attempt to set frame list size -- value %d\n",
1039 (int)val & USBCMD_FLS);
1043 if (val & USBCMD_IAAD) {
1045 * Process IAAD immediately, otherwise the Linux IAAD watchdog may
1046 * trigger and re-use a qh without us seeing the unlink.
1048 s->async_stepdown = 0;
1049 qemu_bh_schedule(s->async_bh);
1050 trace_usb_ehci_doorbell_ring();
1053 if (((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & val) !=
1054 ((USBCMD_RUNSTOP | USBCMD_PSE | USBCMD_ASE) & s->usbcmd)) {
1055 if (s->pstate == EST_INACTIVE) {
1056 SET_LAST_RUN_CLOCK(s);
1058 s->usbcmd = val; /* Set usbcmd for ehci_update_halt() */
1059 ehci_update_halt(s);
1060 s->async_stepdown = 0;
1061 qemu_bh_schedule(s->async_bh);
1066 val &= USBSTS_RO_MASK; // bits 6 through 31 are RO
1067 ehci_clear_usbsts(s, val); // bits 0 through 5 are R/WC
1073 val &= USBINTR_MASK;
1074 if (ehci_enabled(s) && (USBSTS_FLR & val)) {
1075 qemu_bh_schedule(s->async_bh);
1080 val &= 0x00003fff; /* frindex is 14bits */
1081 s->usbsts_frindex = val;
1087 for(i = 0; i < NB_PORTS; i++)
1088 handle_port_owner_write(s, i, 0);
1092 case PERIODICLISTBASE:
1093 if (ehci_periodic_enabled(s)) {
1095 "ehci: PERIODIC list base register set while periodic schedule\n"
1096 " is enabled and HC is enabled\n");
1101 if (ehci_async_enabled(s)) {
1103 "ehci: ASYNC list address register set while async schedule\n"
1104 " is enabled and HC is enabled\n");
1110 trace_usb_ehci_opreg_change(addr + s->opregbase, addr2str(addr),
1115 * Write the qh back to guest physical memory. This step isn't
1116 * in the EHCI spec but we need to do it since we don't share
1117 * physical memory with our guest VM.
1119 * The first three dwords are read-only for the EHCI, so skip them
1120 * when writing back the qh.
1122 static void ehci_flush_qh(EHCIQueue *q)
1124 uint32_t *qh = (uint32_t *) &q->qh;
1125 uint32_t dwords = sizeof(EHCIqh) >> 2;
1126 uint32_t addr = NLPTR_GET(q->qhaddr);
1128 put_dwords(q->ehci, addr + 3 * sizeof(uint32_t), qh + 3, dwords - 3);
1133 static int ehci_qh_do_overlay(EHCIQueue *q)
1135 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1143 assert(p->qtdaddr == q->qtdaddr);
1145 // remember values in fields to preserve in qh after overlay
1147 dtoggle = q->qh.token & QTD_TOKEN_DTOGGLE;
1148 ping = q->qh.token & QTD_TOKEN_PING;
1150 q->qh.current_qtd = p->qtdaddr;
1151 q->qh.next_qtd = p->qtd.next;
1152 q->qh.altnext_qtd = p->qtd.altnext;
1153 q->qh.token = p->qtd.token;
1156 eps = get_field(q->qh.epchar, QH_EPCHAR_EPS);
1157 if (eps == EHCI_QH_EPS_HIGH) {
1158 q->qh.token &= ~QTD_TOKEN_PING;
1159 q->qh.token |= ping;
1162 reload = get_field(q->qh.epchar, QH_EPCHAR_RL);
1163 set_field(&q->qh.altnext_qtd, reload, QH_ALTNEXT_NAKCNT);
1165 for (i = 0; i < 5; i++) {
1166 q->qh.bufptr[i] = p->qtd.bufptr[i];
1169 if (!(q->qh.epchar & QH_EPCHAR_DTC)) {
1170 // preserve QH DT bit
1171 q->qh.token &= ~QTD_TOKEN_DTOGGLE;
1172 q->qh.token |= dtoggle;
1175 q->qh.bufptr[1] &= ~BUFPTR_CPROGMASK_MASK;
1176 q->qh.bufptr[2] &= ~BUFPTR_FRAMETAG_MASK;
1183 static int ehci_init_transfer(EHCIPacket *p)
1185 uint32_t cpage, offset, bytes, plen;
1188 cpage = get_field(p->qtd.token, QTD_TOKEN_CPAGE);
1189 bytes = get_field(p->qtd.token, QTD_TOKEN_TBYTES);
1190 offset = p->qtd.bufptr[0] & ~QTD_BUFPTR_MASK;
1191 qemu_sglist_init(&p->sgl, p->queue->ehci->device, 5, p->queue->ehci->as);
1195 fprintf(stderr, "cpage out of range (%d)\n", cpage);
1196 qemu_sglist_destroy(&p->sgl);
1200 page = p->qtd.bufptr[cpage] & QTD_BUFPTR_MASK;
1203 if (plen > 4096 - offset) {
1204 plen = 4096 - offset;
1209 qemu_sglist_add(&p->sgl, page, plen);
1215 static void ehci_finish_transfer(EHCIQueue *q, int len)
1217 uint32_t cpage, offset;
1220 /* update cpage & offset */
1221 cpage = get_field(q->qh.token, QTD_TOKEN_CPAGE);
1222 offset = q->qh.bufptr[0] & ~QTD_BUFPTR_MASK;
1225 cpage += offset >> QTD_BUFPTR_SH;
1226 offset &= ~QTD_BUFPTR_MASK;
1228 set_field(&q->qh.token, cpage, QTD_TOKEN_CPAGE);
1229 q->qh.bufptr[0] &= QTD_BUFPTR_MASK;
1230 q->qh.bufptr[0] |= offset;
1234 static void ehci_async_complete_packet(USBPort *port, USBPacket *packet)
1237 EHCIState *s = port->opaque;
1238 uint32_t portsc = s->portsc[port->index];
1240 if (portsc & PORTSC_POWNER) {
1241 USBPort *companion = s->companion_ports[port->index];
1242 companion->ops->complete(companion, packet);
1246 p = container_of(packet, EHCIPacket, packet);
1247 assert(p->async == EHCI_ASYNC_INFLIGHT);
1249 if (packet->status == USB_RET_REMOVE_FROM_QUEUE) {
1250 trace_usb_ehci_packet_action(p->queue, p, "remove");
1251 ehci_free_packet(p);
1255 trace_usb_ehci_packet_action(p->queue, p, "wakeup");
1256 p->async = EHCI_ASYNC_FINISHED;
1258 if (!p->queue->async) {
1259 s->periodic_sched_active = PERIODIC_ACTIVE;
1261 qemu_bh_schedule(s->async_bh);
1264 static void ehci_execute_complete(EHCIQueue *q)
1266 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1270 assert(p->qtdaddr == q->qtdaddr);
1271 assert(p->async == EHCI_ASYNC_INITIALIZED ||
1272 p->async == EHCI_ASYNC_FINISHED);
1274 DPRINTF("execute_complete: qhaddr 0x%x, next 0x%x, qtdaddr 0x%x, "
1275 "status %d, actual_length %d\n",
1276 q->qhaddr, q->qh.next, q->qtdaddr,
1277 p->packet.status, p->packet.actual_length);
1279 switch (p->packet.status) {
1280 case USB_RET_SUCCESS:
1282 case USB_RET_IOERROR:
1284 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_XACTERR);
1285 set_field(&q->qh.token, 0, QTD_TOKEN_CERR);
1286 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
1289 q->qh.token |= QTD_TOKEN_HALT;
1290 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
1293 set_field(&q->qh.altnext_qtd, 0, QH_ALTNEXT_NAKCNT);
1294 return; /* We're not done yet with this transaction */
1295 case USB_RET_BABBLE:
1296 q->qh.token |= (QTD_TOKEN_HALT | QTD_TOKEN_BABBLE);
1297 ehci_raise_irq(q->ehci, USBSTS_ERRINT);
1300 /* should not be triggerable */
1301 fprintf(stderr, "USB invalid response %d\n", p->packet.status);
1302 g_assert_not_reached();
1306 /* TODO check 4.12 for splits */
1307 tbytes = get_field(q->qh.token, QTD_TOKEN_TBYTES);
1308 if (tbytes && p->pid == USB_TOKEN_IN) {
1309 tbytes -= p->packet.actual_length;
1311 /* 4.15.1.2 must raise int on a short input packet */
1312 ehci_raise_irq(q->ehci, USBSTS_INT);
1314 q->ehci->int_req_by_async = true;
1320 DPRINTF("updating tbytes to %d\n", tbytes);
1321 set_field(&q->qh.token, tbytes, QTD_TOKEN_TBYTES);
1323 ehci_finish_transfer(q, p->packet.actual_length);
1324 usb_packet_unmap(&p->packet, &p->sgl);
1325 qemu_sglist_destroy(&p->sgl);
1326 p->async = EHCI_ASYNC_NONE;
1328 q->qh.token ^= QTD_TOKEN_DTOGGLE;
1329 q->qh.token &= ~QTD_TOKEN_ACTIVE;
1331 if (q->qh.token & QTD_TOKEN_IOC) {
1332 ehci_raise_irq(q->ehci, USBSTS_INT);
1334 q->ehci->int_req_by_async = true;
1339 /* 4.10.3 returns "again" */
1340 static int ehci_execute(EHCIPacket *p, const char *action)
1346 assert(p->async == EHCI_ASYNC_NONE ||
1347 p->async == EHCI_ASYNC_INITIALIZED);
1349 if (!(p->qtd.token & QTD_TOKEN_ACTIVE)) {
1350 fprintf(stderr, "Attempting to execute inactive qtd\n");
1354 if (get_field(p->qtd.token, QTD_TOKEN_TBYTES) > BUFF_SIZE) {
1355 ehci_trace_guest_bug(p->queue->ehci,
1356 "guest requested more bytes than allowed");
1360 if (!ehci_verify_pid(p->queue, &p->qtd)) {
1361 ehci_queue_stopped(p->queue); /* Mark the ep in the prev dir stopped */
1363 p->pid = ehci_get_pid(&p->qtd);
1364 p->queue->last_pid = p->pid;
1365 endp = get_field(p->queue->qh.epchar, QH_EPCHAR_EP);
1366 ep = usb_ep_get(p->queue->dev, p->pid, endp);
1368 if (p->async == EHCI_ASYNC_NONE) {
1369 if (ehci_init_transfer(p) != 0) {
1373 spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0);
1374 usb_packet_setup(&p->packet, p->pid, ep, 0, p->qtdaddr, spd,
1375 (p->qtd.token & QTD_TOKEN_IOC) != 0);
1376 usb_packet_map(&p->packet, &p->sgl);
1377 p->async = EHCI_ASYNC_INITIALIZED;
1380 trace_usb_ehci_packet_action(p->queue, p, action);
1381 usb_handle_packet(p->queue->dev, &p->packet);
1382 DPRINTF("submit: qh 0x%x next 0x%x qtd 0x%x pid 0x%x len %zd endp 0x%x "
1383 "status %d actual_length %d\n", p->queue->qhaddr, p->qtd.next,
1384 p->qtdaddr, p->pid, p->packet.iov.size, endp, p->packet.status,
1385 p->packet.actual_length);
1387 if (p->packet.actual_length > BUFF_SIZE) {
1388 fprintf(stderr, "ret from usb_handle_packet > BUFF_SIZE\n");
1398 static int ehci_process_itd(EHCIState *ehci,
1404 uint32_t i, len, pid, dir, devaddr, endp;
1405 uint32_t pg, off, ptr1, ptr2, max, mult;
1407 ehci->periodic_sched_active = PERIODIC_ACTIVE;
1409 dir =(itd->bufptr[1] & ITD_BUFPTR_DIRECTION);
1410 devaddr = get_field(itd->bufptr[0], ITD_BUFPTR_DEVADDR);
1411 endp = get_field(itd->bufptr[0], ITD_BUFPTR_EP);
1412 max = get_field(itd->bufptr[1], ITD_BUFPTR_MAXPKT);
1413 mult = get_field(itd->bufptr[2], ITD_BUFPTR_MULT);
1415 for(i = 0; i < 8; i++) {
1416 if (itd->transact[i] & ITD_XACT_ACTIVE) {
1417 pg = get_field(itd->transact[i], ITD_XACT_PGSEL);
1418 off = itd->transact[i] & ITD_XACT_OFFSET_MASK;
1419 len = get_field(itd->transact[i], ITD_XACT_LENGTH);
1421 if (len > max * mult) {
1424 if (len > BUFF_SIZE || pg > 6) {
1428 ptr1 = (itd->bufptr[pg] & ITD_BUFPTR_MASK);
1429 qemu_sglist_init(&ehci->isgl, ehci->device, 2, ehci->as);
1430 if (off + len > 4096) {
1431 /* transfer crosses page border */
1433 qemu_sglist_destroy(&ehci->isgl);
1434 return -1; /* avoid page pg + 1 */
1436 ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);
1437 uint32_t len2 = off + len - 4096;
1438 uint32_t len1 = len - len2;
1439 qemu_sglist_add(&ehci->isgl, ptr1 + off, len1);
1440 qemu_sglist_add(&ehci->isgl, ptr2, len2);
1442 qemu_sglist_add(&ehci->isgl, ptr1 + off, len);
1445 dev = ehci_find_device(ehci, devaddr);
1447 ehci_trace_guest_bug(ehci, "no device found");
1450 pid = dir ? USB_TOKEN_IN : USB_TOKEN_OUT;
1451 ep = usb_ep_get(dev, pid, endp);
1452 if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) {
1453 usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false,
1454 (itd->transact[i] & ITD_XACT_IOC) != 0);
1455 usb_packet_map(&ehci->ipacket, &ehci->isgl);
1456 usb_handle_packet(dev, &ehci->ipacket);
1457 usb_packet_unmap(&ehci->ipacket, &ehci->isgl);
1459 DPRINTF("ISOCH: attempt to addess non-iso endpoint\n");
1460 ehci->ipacket.status = USB_RET_NAK;
1461 ehci->ipacket.actual_length = 0;
1463 qemu_sglist_destroy(&ehci->isgl);
1465 switch (ehci->ipacket.status) {
1466 case USB_RET_SUCCESS:
1469 fprintf(stderr, "Unexpected iso usb result: %d\n",
1470 ehci->ipacket.status);
1472 case USB_RET_IOERROR:
1474 /* 3.3.2: XACTERR is only allowed on IN transactions */
1476 itd->transact[i] |= ITD_XACT_XACTERR;
1477 ehci_raise_irq(ehci, USBSTS_ERRINT);
1480 case USB_RET_BABBLE:
1481 itd->transact[i] |= ITD_XACT_BABBLE;
1482 ehci_raise_irq(ehci, USBSTS_ERRINT);
1485 /* no data for us, so do a zero-length transfer */
1486 ehci->ipacket.actual_length = 0;
1490 set_field(&itd->transact[i], len - ehci->ipacket.actual_length,
1491 ITD_XACT_LENGTH); /* OUT */
1493 set_field(&itd->transact[i], ehci->ipacket.actual_length,
1494 ITD_XACT_LENGTH); /* IN */
1496 if (itd->transact[i] & ITD_XACT_IOC) {
1497 ehci_raise_irq(ehci, USBSTS_INT);
1499 itd->transact[i] &= ~ITD_XACT_ACTIVE;
1506 /* This state is the entry point for asynchronous schedule
1507 * processing. Entry here consitutes a EHCI start event state (4.8.5)
1509 static int ehci_state_waitlisthead(EHCIState *ehci, int async)
1514 uint32_t entry = ehci->asynclistaddr;
1516 /* set reclamation flag at start event (4.8.6) */
1518 ehci_set_usbsts(ehci, USBSTS_REC);
1521 ehci_queues_rip_unused(ehci, async);
1523 /* Find the head of the list (4.9.1.1) */
1524 for(i = 0; i < MAX_QH; i++) {
1525 if (get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &qh,
1526 sizeof(EHCIqh) >> 2) < 0) {
1529 ehci_trace_qh(NULL, NLPTR_GET(entry), &qh);
1531 if (qh.epchar & QH_EPCHAR_H) {
1533 entry |= (NLPTR_TYPE_QH << 1);
1536 ehci_set_fetch_addr(ehci, async, entry);
1537 ehci_set_state(ehci, async, EST_FETCHENTRY);
1543 if (entry == ehci->asynclistaddr) {
1548 /* no head found for list. */
1550 ehci_set_state(ehci, async, EST_ACTIVE);
1557 /* This state is the entry point for periodic schedule processing as
1558 * well as being a continuation state for async processing.
1560 static int ehci_state_fetchentry(EHCIState *ehci, int async)
1563 uint32_t entry = ehci_get_fetch_addr(ehci, async);
1565 if (NLPTR_TBIT(entry)) {
1566 ehci_set_state(ehci, async, EST_ACTIVE);
1570 /* section 4.8, only QH in async schedule */
1571 if (async && (NLPTR_TYPE_GET(entry) != NLPTR_TYPE_QH)) {
1572 fprintf(stderr, "non queue head request in async schedule\n");
1576 switch (NLPTR_TYPE_GET(entry)) {
1578 ehci_set_state(ehci, async, EST_FETCHQH);
1582 case NLPTR_TYPE_ITD:
1583 ehci_set_state(ehci, async, EST_FETCHITD);
1587 case NLPTR_TYPE_STITD:
1588 ehci_set_state(ehci, async, EST_FETCHSITD);
1593 /* TODO: handle FSTN type */
1594 fprintf(stderr, "FETCHENTRY: entry at %X is of type %d "
1595 "which is not supported yet\n", entry, NLPTR_TYPE_GET(entry));
1603 static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async)
1609 entry = ehci_get_fetch_addr(ehci, async);
1610 q = ehci_find_queue_by_qh(ehci, entry, async);
1612 q = ehci_alloc_queue(ehci, entry, async);
1617 /* we are going in circles -- stop processing */
1618 ehci_set_state(ehci, async, EST_ACTIVE);
1623 if (get_dwords(ehci, NLPTR_GET(q->qhaddr),
1624 (uint32_t *) &qh, sizeof(EHCIqh) >> 2) < 0) {
1628 ehci_trace_qh(q, NLPTR_GET(q->qhaddr), &qh);
1631 * The overlay area of the qh should never be changed by the guest,
1632 * except when idle, in which case the reset is a nop.
1634 if (!ehci_verify_qh(q, &qh)) {
1635 if (ehci_reset_queue(q) > 0) {
1636 ehci_trace_guest_bug(ehci, "guest updated active QH");
1641 q->transact_ctr = get_field(q->qh.epcap, QH_EPCAP_MULT);
1642 if (q->transact_ctr == 0) { /* Guest bug in some versions of windows */
1643 q->transact_ctr = 4;
1646 if (q->dev == NULL) {
1647 q->dev = ehci_find_device(q->ehci,
1648 get_field(q->qh.epchar, QH_EPCHAR_DEVADDR));
1651 if (async && (q->qh.epchar & QH_EPCHAR_H)) {
1653 /* EHCI spec version 1.0 Section 4.8.3 & 4.10.1 */
1654 if (ehci->usbsts & USBSTS_REC) {
1655 ehci_clear_usbsts(ehci, USBSTS_REC);
1657 DPRINTF("FETCHQH: QH 0x%08x. H-bit set, reclamation status reset"
1658 " - done processing\n", q->qhaddr);
1659 ehci_set_state(ehci, async, EST_ACTIVE);
1666 if (q->qhaddr != q->qh.next) {
1667 DPRINTF("FETCHQH: QH 0x%08x (h %x halt %x active %x) next 0x%08x\n",
1669 q->qh.epchar & QH_EPCHAR_H,
1670 q->qh.token & QTD_TOKEN_HALT,
1671 q->qh.token & QTD_TOKEN_ACTIVE,
1676 if (q->qh.token & QTD_TOKEN_HALT) {
1677 ehci_set_state(ehci, async, EST_HORIZONTALQH);
1679 } else if ((q->qh.token & QTD_TOKEN_ACTIVE) &&
1680 (NLPTR_TBIT(q->qh.current_qtd) == 0) &&
1681 (q->qh.current_qtd != 0)) {
1682 q->qtdaddr = q->qh.current_qtd;
1683 ehci_set_state(ehci, async, EST_FETCHQTD);
1686 /* EHCI spec version 1.0 Section 4.10.2 */
1687 ehci_set_state(ehci, async, EST_ADVANCEQUEUE);
1694 static int ehci_state_fetchitd(EHCIState *ehci, int async)
1700 entry = ehci_get_fetch_addr(ehci, async);
1702 if (get_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd,
1703 sizeof(EHCIitd) >> 2) < 0) {
1706 ehci_trace_itd(ehci, entry, &itd);
1708 if (ehci_process_itd(ehci, &itd, entry) != 0) {
1712 put_dwords(ehci, NLPTR_GET(entry), (uint32_t *) &itd,
1713 sizeof(EHCIitd) >> 2);
1714 ehci_set_fetch_addr(ehci, async, itd.next);
1715 ehci_set_state(ehci, async, EST_FETCHENTRY);
1720 static int ehci_state_fetchsitd(EHCIState *ehci, int async)
1726 entry = ehci_get_fetch_addr(ehci, async);
1728 if (get_dwords(ehci, NLPTR_GET(entry), (uint32_t *)&sitd,
1729 sizeof(EHCIsitd) >> 2) < 0) {
1732 ehci_trace_sitd(ehci, entry, &sitd);
1734 if (!(sitd.results & SITD_RESULTS_ACTIVE)) {
1735 /* siTD is not active, nothing to do */;
1737 /* TODO: split transfers are not implemented */
1738 warn_report("Skipping active siTD");
1741 ehci_set_fetch_addr(ehci, async, sitd.next);
1742 ehci_set_state(ehci, async, EST_FETCHENTRY);
1746 /* Section 4.10.2 - paragraph 3 */
1747 static int ehci_state_advqueue(EHCIQueue *q)
1750 /* TO-DO: 4.10.2 - paragraph 2
1751 * if I-bit is set to 1 and QH is not active
1752 * go to horizontal QH
1755 ehci_set_state(ehci, async, EST_HORIZONTALQH);
1761 * want data and alt-next qTD is valid
1763 if (((q->qh.token & QTD_TOKEN_TBYTES_MASK) != 0) &&
1764 (NLPTR_TBIT(q->qh.altnext_qtd) == 0)) {
1765 q->qtdaddr = q->qh.altnext_qtd;
1766 ehci_set_state(q->ehci, q->async, EST_FETCHQTD);
1771 } else if (NLPTR_TBIT(q->qh.next_qtd) == 0) {
1772 q->qtdaddr = q->qh.next_qtd;
1773 ehci_set_state(q->ehci, q->async, EST_FETCHQTD);
1776 * no valid qTD, try next QH
1779 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1785 /* Section 4.10.2 - paragraph 4 */
1786 static int ehci_state_fetchqtd(EHCIQueue *q)
1793 addr = NLPTR_GET(q->qtdaddr);
1794 if (get_dwords(q->ehci, addr + 8, &qtd.token, 1) < 0) {
1798 if (get_dwords(q->ehci, addr + 0, &qtd.next, 1) < 0 ||
1799 get_dwords(q->ehci, addr + 4, &qtd.altnext, 1) < 0 ||
1800 get_dwords(q->ehci, addr + 12, qtd.bufptr,
1801 ARRAY_SIZE(qtd.bufptr)) < 0) {
1804 ehci_trace_qtd(q, NLPTR_GET(q->qtdaddr), &qtd);
1806 p = QTAILQ_FIRST(&q->packets);
1808 if (!ehci_verify_qtd(p, &qtd)) {
1809 ehci_cancel_queue(q);
1810 if (qtd.token & QTD_TOKEN_ACTIVE) {
1811 ehci_trace_guest_bug(q->ehci, "guest updated active qTD");
1816 ehci_qh_do_overlay(q);
1820 if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
1821 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1822 } else if (p != NULL) {
1824 case EHCI_ASYNC_NONE:
1825 case EHCI_ASYNC_INITIALIZED:
1826 /* Not yet executed (MULT), or previously nacked (int) packet */
1827 ehci_set_state(q->ehci, q->async, EST_EXECUTE);
1829 case EHCI_ASYNC_INFLIGHT:
1830 /* Check if the guest has added new tds to the queue */
1831 again = ehci_fill_queue(QTAILQ_LAST(&q->packets));
1832 /* Unfinished async handled packet, go horizontal */
1833 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1835 case EHCI_ASYNC_FINISHED:
1836 /* Complete executing of the packet */
1837 ehci_set_state(q->ehci, q->async, EST_EXECUTING);
1841 p = ehci_alloc_packet(q);
1842 p->qtdaddr = q->qtdaddr;
1844 ehci_set_state(q->ehci, q->async, EST_EXECUTE);
1850 static int ehci_state_horizqh(EHCIQueue *q)
1854 if (ehci_get_fetch_addr(q->ehci, q->async) != q->qh.next) {
1855 ehci_set_fetch_addr(q->ehci, q->async, q->qh.next);
1856 ehci_set_state(q->ehci, q->async, EST_FETCHENTRY);
1859 ehci_set_state(q->ehci, q->async, EST_ACTIVE);
1865 /* Returns "again" */
1866 static int ehci_fill_queue(EHCIPacket *p)
1868 USBEndpoint *ep = p->packet.ep;
1869 EHCIQueue *q = p->queue;
1870 EHCIqtd qtd = p->qtd;
1874 if (NLPTR_TBIT(qtd.next) != 0) {
1879 * Detect circular td lists, Windows creates these, counting on the
1880 * active bit going low after execution to make the queue stop.
1882 QTAILQ_FOREACH(p, &q->packets, next) {
1883 if (p->qtdaddr == qtdaddr) {
1887 if (get_dwords(q->ehci, NLPTR_GET(qtdaddr),
1888 (uint32_t *) &qtd, sizeof(EHCIqtd) >> 2) < 0) {
1891 ehci_trace_qtd(q, NLPTR_GET(qtdaddr), &qtd);
1892 if (!(qtd.token & QTD_TOKEN_ACTIVE)) {
1895 if (!ehci_verify_pid(q, &qtd)) {
1896 ehci_trace_guest_bug(q->ehci, "guest queued token with wrong pid");
1899 p = ehci_alloc_packet(q);
1900 p->qtdaddr = qtdaddr;
1902 if (ehci_execute(p, "queue") == -1) {
1905 assert(p->packet.status == USB_RET_ASYNC);
1906 p->async = EHCI_ASYNC_INFLIGHT;
1909 usb_device_flush_ep_queue(ep->dev, ep);
1913 static int ehci_state_execute(EHCIQueue *q)
1915 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1919 assert(p->qtdaddr == q->qtdaddr);
1921 if (ehci_qh_do_overlay(q) != 0) {
1925 // TODO verify enough time remains in the uframe as in 4.4.1.1
1926 // TODO write back ptr to async list when done or out of time
1928 /* 4.10.3, bottom of page 82, go horizontal on transaction counter == 0 */
1929 if (!q->async && q->transact_ctr == 0) {
1930 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1936 ehci_set_usbsts(q->ehci, USBSTS_REC);
1939 again = ehci_execute(p, "process");
1943 if (p->packet.status == USB_RET_ASYNC) {
1945 trace_usb_ehci_packet_action(p->queue, p, "async");
1946 p->async = EHCI_ASYNC_INFLIGHT;
1947 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1949 again = ehci_fill_queue(p);
1956 ehci_set_state(q->ehci, q->async, EST_EXECUTING);
1963 static int ehci_state_executing(EHCIQueue *q)
1965 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1968 assert(p->qtdaddr == q->qtdaddr);
1970 ehci_execute_complete(q);
1973 if (!q->async && q->transact_ctr > 0) {
1978 if (p->packet.status == USB_RET_NAK) {
1979 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
1981 ehci_set_state(q->ehci, q->async, EST_WRITEBACK);
1989 static int ehci_state_writeback(EHCIQueue *q)
1991 EHCIPacket *p = QTAILQ_FIRST(&q->packets);
1992 uint32_t *qtd, addr;
1995 /* Write back the QTD from the QH area */
1997 assert(p->qtdaddr == q->qtdaddr);
1999 ehci_trace_qtd(q, NLPTR_GET(p->qtdaddr), (EHCIqtd *) &q->qh.next_qtd);
2000 qtd = (uint32_t *) &q->qh.next_qtd;
2001 addr = NLPTR_GET(p->qtdaddr);
2002 put_dwords(q->ehci, addr + 2 * sizeof(uint32_t), qtd + 2, 2);
2003 ehci_free_packet(p);
2006 * EHCI specs say go horizontal here.
2008 * We can also advance the queue here for performance reasons. We
2009 * need to take care to only take that shortcut in case we've
2010 * processed the qtd just written back without errors, i.e. halt
2013 if (q->qh.token & QTD_TOKEN_HALT) {
2014 ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
2017 ehci_set_state(q->ehci, q->async, EST_ADVANCEQUEUE);
2024 * This is the state machine that is common to both async and periodic
2027 static void ehci_advance_state(EHCIState *ehci, int async)
2029 EHCIQueue *q = NULL;
2034 switch(ehci_get_state(ehci, async)) {
2035 case EST_WAITLISTHEAD:
2036 again = ehci_state_waitlisthead(ehci, async);
2039 case EST_FETCHENTRY:
2040 again = ehci_state_fetchentry(ehci, async);
2044 q = ehci_state_fetchqh(ehci, async);
2046 assert(q->async == async);
2054 again = ehci_state_fetchitd(ehci, async);
2059 again = ehci_state_fetchsitd(ehci, async);
2063 case EST_ADVANCEQUEUE:
2065 again = ehci_state_advqueue(q);
2070 again = ehci_state_fetchqtd(q);
2073 case EST_HORIZONTALQH:
2075 again = ehci_state_horizqh(q);
2080 again = ehci_state_execute(q);
2082 ehci->async_stepdown = 0;
2089 ehci->async_stepdown = 0;
2091 again = ehci_state_executing(q);
2096 again = ehci_state_writeback(q);
2098 ehci->periodic_sched_active = PERIODIC_ACTIVE;
2103 fprintf(stderr, "Bad state!\n");
2105 g_assert_not_reached();
2109 if (again < 0 || itd_count > 16) {
2110 /* TODO: notify guest (raise HSE irq?) */
2111 fprintf(stderr, "processing error - resetting ehci HC\n");
2119 static void ehci_advance_async_state(EHCIState *ehci)
2121 const int async = 1;
2123 switch(ehci_get_state(ehci, async)) {
2125 if (!ehci_async_enabled(ehci)) {
2128 ehci_set_state(ehci, async, EST_ACTIVE);
2129 // No break, fall through to ACTIVE
2132 if (!ehci_async_enabled(ehci)) {
2133 ehci_queues_rip_all(ehci, async);
2134 ehci_set_state(ehci, async, EST_INACTIVE);
2138 /* make sure guest has acknowledged the doorbell interrupt */
2139 /* TO-DO: is this really needed? */
2140 if (ehci->usbsts & USBSTS_IAA) {
2141 DPRINTF("IAA status bit still set.\n");
2145 /* check that address register has been set */
2146 if (ehci->asynclistaddr == 0) {
2150 ehci_set_state(ehci, async, EST_WAITLISTHEAD);
2151 ehci_advance_state(ehci, async);
2153 /* If the doorbell is set, the guest wants to make a change to the
2154 * schedule. The host controller needs to release cached data.
2157 if (ehci->usbcmd & USBCMD_IAAD) {
2158 /* Remove all unseen qhs from the async qhs queue */
2159 ehci_queues_rip_unseen(ehci, async);
2160 trace_usb_ehci_doorbell_ack();
2161 ehci->usbcmd &= ~USBCMD_IAAD;
2162 ehci_raise_irq(ehci, USBSTS_IAA);
2167 /* this should only be due to a developer mistake */
2168 fprintf(stderr, "ehci: Bad asynchronous state %d. "
2169 "Resetting to active\n", ehci->astate);
2170 g_assert_not_reached();
2174 static void ehci_advance_periodic_state(EHCIState *ehci)
2178 const int async = 0;
2182 switch(ehci_get_state(ehci, async)) {
2184 if (!(ehci->frindex & 7) && ehci_periodic_enabled(ehci)) {
2185 ehci_set_state(ehci, async, EST_ACTIVE);
2186 // No break, fall through to ACTIVE
2191 if (!(ehci->frindex & 7) && !ehci_periodic_enabled(ehci)) {
2192 ehci_queues_rip_all(ehci, async);
2193 ehci_set_state(ehci, async, EST_INACTIVE);
2197 list = ehci->periodiclistbase & 0xfffff000;
2198 /* check that register has been set */
2202 list |= ((ehci->frindex & 0x1ff8) >> 1);
2204 if (get_dwords(ehci, list, &entry, 1) < 0) {
2208 DPRINTF("PERIODIC state adv fr=%d. [%08X] -> %08X\n",
2209 ehci->frindex / 8, list, entry);
2210 ehci_set_fetch_addr(ehci, async,entry);
2211 ehci_set_state(ehci, async, EST_FETCHENTRY);
2212 ehci_advance_state(ehci, async);
2213 ehci_queues_rip_unused(ehci, async);
2217 /* this should only be due to a developer mistake */
2218 fprintf(stderr, "ehci: Bad periodic state %d. "
2219 "Resetting to active\n", ehci->pstate);
2220 g_assert_not_reached();
2224 static void ehci_update_frindex(EHCIState *ehci, int uframes)
2226 if (!ehci_enabled(ehci) && ehci->pstate == EST_INACTIVE) {
2230 /* Generate FLR interrupt if frame index rolls over 0x2000 */
2231 if ((ehci->frindex % 0x2000) + uframes >= 0x2000) {
2232 ehci_raise_irq(ehci, USBSTS_FLR);
2235 /* How many times will frindex roll over 0x4000 with this frame count?
2236 * usbsts_frindex is decremented by 0x4000 on rollover until it reaches 0
2238 int rollovers = (ehci->frindex + uframes) / 0x4000;
2239 if (rollovers > 0) {
2240 if (ehci->usbsts_frindex >= (rollovers * 0x4000)) {
2241 ehci->usbsts_frindex -= 0x4000 * rollovers;
2243 ehci->usbsts_frindex = 0;
2247 ehci->frindex = (ehci->frindex + uframes) % 0x4000;
2250 static void ehci_work_bh(void *opaque)
2252 EHCIState *ehci = opaque;
2254 int64_t expire_time, t_now;
2255 uint64_t ns_elapsed;
2256 uint64_t uframes, skipped_uframes;
2259 if (ehci->working) {
2262 ehci->working = true;
2264 t_now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
2265 ns_elapsed = t_now - ehci->last_run_ns;
2266 uframes = ns_elapsed / UFRAME_TIMER_NS;
2268 if (ehci_periodic_enabled(ehci) || ehci->pstate != EST_INACTIVE) {
2271 if (uframes > (ehci->maxframes * 8)) {
2272 skipped_uframes = uframes - (ehci->maxframes * 8);
2273 ehci_update_frindex(ehci, skipped_uframes);
2274 ehci->last_run_ns += UFRAME_TIMER_NS * skipped_uframes;
2275 uframes -= skipped_uframes;
2276 DPRINTF("WARNING - EHCI skipped %d uframes\n", skipped_uframes);
2279 for (i = 0; i < uframes; i++) {
2281 * If we're running behind schedule, we should not catch up
2282 * too fast, as that will make some guests unhappy:
2283 * 1) We must process a minimum of MIN_UFR_PER_TICK frames,
2284 * otherwise we will never catch up
2285 * 2) Process frames until the guest has requested an irq (IOC)
2287 if (i >= MIN_UFR_PER_TICK) {
2288 ehci_commit_irq(ehci);
2289 if ((ehci->usbsts & USBINTR_MASK) & ehci->usbintr) {
2293 if (ehci->periodic_sched_active) {
2294 ehci->periodic_sched_active--;
2296 ehci_update_frindex(ehci, 1);
2297 if ((ehci->frindex & 7) == 0) {
2298 ehci_advance_periodic_state(ehci);
2300 ehci->last_run_ns += UFRAME_TIMER_NS;
2303 ehci->periodic_sched_active = 0;
2304 ehci_update_frindex(ehci, uframes);
2305 ehci->last_run_ns += UFRAME_TIMER_NS * uframes;
2308 if (ehci->periodic_sched_active) {
2309 ehci->async_stepdown = 0;
2310 } else if (ehci->async_stepdown < ehci->maxframes / 2) {
2311 ehci->async_stepdown++;
2314 /* Async is not inside loop since it executes everything it can once
2317 if (ehci_async_enabled(ehci) || ehci->astate != EST_INACTIVE) {
2319 ehci_advance_async_state(ehci);
2322 ehci_commit_irq(ehci);
2323 if (ehci->usbsts_pending) {
2325 ehci->async_stepdown = 0;
2328 if (ehci_enabled(ehci) && (ehci->usbintr & USBSTS_FLR)) {
2333 /* If we've raised int, we speed up the timer, so that we quickly
2334 * notice any new packets queued up in response */
2335 if (ehci->int_req_by_async && (ehci->usbsts & USBSTS_INT)) {
2336 expire_time = t_now +
2337 NANOSECONDS_PER_SECOND / (FRAME_TIMER_FREQ * 4);
2338 ehci->int_req_by_async = false;
2340 expire_time = t_now + (NANOSECONDS_PER_SECOND
2341 * (ehci->async_stepdown+1) / FRAME_TIMER_FREQ);
2343 timer_mod(ehci->frame_timer, expire_time);
2346 ehci->working = false;
2349 static void ehci_work_timer(void *opaque)
2351 EHCIState *ehci = opaque;
2353 qemu_bh_schedule(ehci->async_bh);
2356 static const MemoryRegionOps ehci_mmio_caps_ops = {
2357 .read = ehci_caps_read,
2358 .write = ehci_caps_write,
2359 .valid.min_access_size = 1,
2360 .valid.max_access_size = 4,
2361 .impl.min_access_size = 1,
2362 .impl.max_access_size = 1,
2363 .endianness = DEVICE_LITTLE_ENDIAN,
2366 static const MemoryRegionOps ehci_mmio_opreg_ops = {
2367 .read = ehci_opreg_read,
2368 .write = ehci_opreg_write,
2369 .valid.min_access_size = 4,
2370 .valid.max_access_size = 4,
2371 .endianness = DEVICE_LITTLE_ENDIAN,
2374 static const MemoryRegionOps ehci_mmio_port_ops = {
2375 .read = ehci_port_read,
2376 .write = ehci_port_write,
2377 .valid.min_access_size = 4,
2378 .valid.max_access_size = 4,
2379 .endianness = DEVICE_LITTLE_ENDIAN,
2382 static USBPortOps ehci_port_ops = {
2383 .attach = ehci_attach,
2384 .detach = ehci_detach,
2385 .child_detach = ehci_child_detach,
2386 .wakeup = ehci_wakeup,
2387 .complete = ehci_async_complete_packet,
2390 static USBBusOps ehci_bus_ops_companion = {
2391 .register_companion = ehci_register_companion,
2392 .wakeup_endpoint = ehci_wakeup_endpoint,
2394 static USBBusOps ehci_bus_ops_standalone = {
2395 .wakeup_endpoint = ehci_wakeup_endpoint,
2398 static int usb_ehci_pre_save(void *opaque)
2400 EHCIState *ehci = opaque;
2401 uint32_t new_frindex;
2403 /* Round down frindex to a multiple of 8 for migration compatibility */
2404 new_frindex = ehci->frindex & ~7;
2405 ehci->last_run_ns -= (ehci->frindex - new_frindex) * UFRAME_TIMER_NS;
2406 ehci->frindex = new_frindex;
2411 static int usb_ehci_post_load(void *opaque, int version_id)
2413 EHCIState *s = opaque;
2416 for (i = 0; i < NB_PORTS; i++) {
2417 USBPort *companion = s->companion_ports[i];
2418 if (companion == NULL) {
2421 if (s->portsc[i] & PORTSC_POWNER) {
2422 companion->dev = s->ports[i].dev;
2424 companion->dev = NULL;
2431 static void usb_ehci_vm_state_change(void *opaque, int running, RunState state)
2433 EHCIState *ehci = opaque;
2436 * We don't migrate the EHCIQueue-s, instead we rebuild them for the
2437 * schedule in guest memory. We must do the rebuilt ASAP, so that
2438 * USB-devices which have async handled packages have a packet in the
2439 * ep queue to match the completion with.
2441 if (state == RUN_STATE_RUNNING) {
2442 ehci_advance_async_state(ehci);
2446 * The schedule rebuilt from guest memory could cause the migration dest
2447 * to miss a QH unlink, and fail to cancel packets, since the unlinked QH
2448 * will never have existed on the destination. Therefor we must flush the
2449 * async schedule on savevm to catch any not yet noticed unlinks.
2451 if (state == RUN_STATE_SAVE_VM) {
2452 ehci_advance_async_state(ehci);
2453 ehci_queues_rip_unseen(ehci, 1);
2457 const VMStateDescription vmstate_ehci = {
2458 .name = "ehci-core",
2460 .minimum_version_id = 1,
2461 .pre_save = usb_ehci_pre_save,
2462 .post_load = usb_ehci_post_load,
2463 .fields = (VMStateField[]) {
2464 /* mmio registers */
2465 VMSTATE_UINT32(usbcmd, EHCIState),
2466 VMSTATE_UINT32(usbsts, EHCIState),
2467 VMSTATE_UINT32_V(usbsts_pending, EHCIState, 2),
2468 VMSTATE_UINT32_V(usbsts_frindex, EHCIState, 2),
2469 VMSTATE_UINT32(usbintr, EHCIState),
2470 VMSTATE_UINT32(frindex, EHCIState),
2471 VMSTATE_UINT32(ctrldssegment, EHCIState),
2472 VMSTATE_UINT32(periodiclistbase, EHCIState),
2473 VMSTATE_UINT32(asynclistaddr, EHCIState),
2474 VMSTATE_UINT32(configflag, EHCIState),
2475 VMSTATE_UINT32(portsc[0], EHCIState),
2476 VMSTATE_UINT32(portsc[1], EHCIState),
2477 VMSTATE_UINT32(portsc[2], EHCIState),
2478 VMSTATE_UINT32(portsc[3], EHCIState),
2479 VMSTATE_UINT32(portsc[4], EHCIState),
2480 VMSTATE_UINT32(portsc[5], EHCIState),
2482 VMSTATE_TIMER_PTR(frame_timer, EHCIState),
2483 VMSTATE_UINT64(last_run_ns, EHCIState),
2484 VMSTATE_UINT32(async_stepdown, EHCIState),
2485 /* schedule state */
2486 VMSTATE_UINT32(astate, EHCIState),
2487 VMSTATE_UINT32(pstate, EHCIState),
2488 VMSTATE_UINT32(a_fetch_addr, EHCIState),
2489 VMSTATE_UINT32(p_fetch_addr, EHCIState),
2490 VMSTATE_END_OF_LIST()
2494 void usb_ehci_realize(EHCIState *s, DeviceState *dev, Error **errp)
2498 if (s->portnr > NB_PORTS) {
2499 error_setg(errp, "Too many ports! Max. port number is %d.",
2503 if (s->maxframes < 8 || s->maxframes > 512) {
2504 error_setg(errp, "maxframes %d out if range (8 .. 512)",
2509 usb_bus_new(&s->bus, sizeof(s->bus), s->companion_enable ?
2510 &ehci_bus_ops_companion : &ehci_bus_ops_standalone, dev);
2511 for (i = 0; i < s->portnr; i++) {
2512 usb_register_port(&s->bus, &s->ports[i], s, i, &ehci_port_ops,
2513 USB_SPEED_MASK_HIGH);
2514 s->ports[i].dev = 0;
2517 s->frame_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ehci_work_timer, s);
2518 s->async_bh = qemu_bh_new(ehci_work_bh, s);
2521 s->vmstate = qemu_add_vm_change_state_handler(usb_ehci_vm_state_change, s);
2524 void usb_ehci_unrealize(EHCIState *s, DeviceState *dev, Error **errp)
2526 trace_usb_ehci_unrealize();
2528 if (s->frame_timer) {
2529 timer_del(s->frame_timer);
2530 timer_free(s->frame_timer);
2531 s->frame_timer = NULL;
2534 qemu_bh_delete(s->async_bh);
2537 ehci_queues_rip_all(s, 0);
2538 ehci_queues_rip_all(s, 1);
2540 memory_region_del_subregion(&s->mem, &s->mem_caps);
2541 memory_region_del_subregion(&s->mem, &s->mem_opreg);
2542 memory_region_del_subregion(&s->mem, &s->mem_ports);
2544 usb_bus_release(&s->bus);
2547 qemu_del_vm_change_state_handler(s->vmstate);
2551 void usb_ehci_init(EHCIState *s, DeviceState *dev)
2553 /* 2.2 host controller interface version */
2554 s->caps[0x00] = (uint8_t)(s->opregbase - s->capsbase);
2555 s->caps[0x01] = 0x00;
2556 s->caps[0x02] = 0x00;
2557 s->caps[0x03] = 0x01; /* HC version */
2558 s->caps[0x04] = s->portnr; /* Number of downstream ports */
2559 s->caps[0x05] = 0x00; /* No companion ports at present */
2560 s->caps[0x06] = 0x00;
2561 s->caps[0x07] = 0x00;
2562 s->caps[0x08] = 0x80; /* We can cache whole frame, no 64-bit */
2563 s->caps[0x0a] = 0x00;
2564 s->caps[0x0b] = 0x00;
2566 QTAILQ_INIT(&s->aqueues);
2567 QTAILQ_INIT(&s->pqueues);
2568 usb_packet_init(&s->ipacket);
2570 memory_region_init(&s->mem, OBJECT(dev), "ehci", MMIO_SIZE);
2571 memory_region_init_io(&s->mem_caps, OBJECT(dev), &ehci_mmio_caps_ops, s,
2572 "capabilities", CAPA_SIZE);
2573 memory_region_init_io(&s->mem_opreg, OBJECT(dev), &ehci_mmio_opreg_ops, s,
2574 "operational", s->portscbase);
2575 memory_region_init_io(&s->mem_ports, OBJECT(dev), &ehci_mmio_port_ops, s,
2576 "ports", 4 * s->portnr);
2578 memory_region_add_subregion(&s->mem, s->capsbase, &s->mem_caps);
2579 memory_region_add_subregion(&s->mem, s->opregbase, &s->mem_opreg);
2580 memory_region_add_subregion(&s->mem, s->opregbase + s->portscbase,
2584 void usb_ehci_finalize(EHCIState *s)
2586 usb_packet_cleanup(&s->ipacket);
2590 * vim: expandtab ts=4
projects / qemu.git / blob