hcd-xhci.c (109522B)
1 /* 2 * USB xHCI controller emulation 3 * 4 * Copyright (c) 2011 Securiforest 5 * Date: 2011-05-11 ; Author: Hector Martin <hector@marcansoft.com> 6 * Based on usb-ohci.c, emulates Renesas NEC USB 3.0 7 * 8 * This library is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU Lesser General Public 10 * License as published by the Free Software Foundation; either 11 * version 2.1 of the License, or (at your option) any later version. 12 * 13 * This library is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * Lesser General Public License for more details. 17 * 18 * You should have received a copy of the GNU Lesser General Public 19 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 20 */ 21 22 #include "qemu/osdep.h" 23 #include "qemu/timer.h" 24 #include "qemu/log.h" 25 #include "qemu/module.h" 26 #include "qemu/queue.h" 27 #include "migration/vmstate.h" 28 #include "hw/qdev-properties.h" 29 #include "trace.h" 30 #include "qapi/error.h" 31 32 #include "hcd-xhci.h" 33 34 //#define DEBUG_XHCI 35 //#define DEBUG_DATA 36 37 #ifdef DEBUG_XHCI 38 #define DPRINTF(...) fprintf(stderr, __VA_ARGS__) 39 #else 40 #define DPRINTF(...) do {} while (0) 41 #endif 42 #define FIXME(_msg) do { fprintf(stderr, "FIXME %s:%d %s\n", \ 43 __func__, __LINE__, _msg); abort(); } while (0) 44 45 #define TRB_LINK_LIMIT 32 46 #define COMMAND_LIMIT 256 47 #define TRANSFER_LIMIT 256 48 49 #define LEN_CAP 0x40 50 #define LEN_OPER (0x400 + 0x10 * XHCI_MAXPORTS) 51 #define LEN_RUNTIME ((XHCI_MAXINTRS + 1) * 0x20) 52 #define LEN_DOORBELL ((XHCI_MAXSLOTS + 1) * 0x20) 53 54 #define OFF_OPER LEN_CAP 55 #define OFF_RUNTIME 0x1000 56 #define OFF_DOORBELL 0x2000 57 58 #if (OFF_OPER + LEN_OPER) > OFF_RUNTIME 59 #error Increase OFF_RUNTIME 60 #endif 61 #if (OFF_RUNTIME + LEN_RUNTIME) > OFF_DOORBELL 62 #error Increase OFF_DOORBELL 63 #endif 64 #if (OFF_DOORBELL + LEN_DOORBELL) > XHCI_LEN_REGS 65 # error Increase XHCI_LEN_REGS 66 #endif 67 68 /* bit definitions */ 69 #define USBCMD_RS (1<<0) 70 #define USBCMD_HCRST (1<<1) 71 #define USBCMD_INTE (1<<2) 72 #define USBCMD_HSEE (1<<3) 73 #define USBCMD_LHCRST (1<<7) 74 #define USBCMD_CSS (1<<8) 75 #define USBCMD_CRS (1<<9) 76 #define USBCMD_EWE (1<<10) 77 #define USBCMD_EU3S (1<<11) 78 79 #define USBSTS_HCH (1<<0) 80 #define USBSTS_HSE (1<<2) 81 #define USBSTS_EINT (1<<3) 82 #define USBSTS_PCD (1<<4) 83 #define USBSTS_SSS (1<<8) 84 #define USBSTS_RSS (1<<9) 85 #define USBSTS_SRE (1<<10) 86 #define USBSTS_CNR (1<<11) 87 #define USBSTS_HCE (1<<12) 88 89 90 #define PORTSC_CCS (1<<0) 91 #define PORTSC_PED (1<<1) 92 #define PORTSC_OCA (1<<3) 93 #define PORTSC_PR (1<<4) 94 #define PORTSC_PLS_SHIFT 5 95 #define PORTSC_PLS_MASK 0xf 96 #define PORTSC_PP (1<<9) 97 #define PORTSC_SPEED_SHIFT 10 98 #define PORTSC_SPEED_MASK 0xf 99 #define PORTSC_SPEED_FULL (1<<10) 100 #define PORTSC_SPEED_LOW (2<<10) 101 #define PORTSC_SPEED_HIGH (3<<10) 102 #define PORTSC_SPEED_SUPER (4<<10) 103 #define PORTSC_PIC_SHIFT 14 104 #define PORTSC_PIC_MASK 0x3 105 #define PORTSC_LWS (1<<16) 106 #define PORTSC_CSC (1<<17) 107 #define PORTSC_PEC (1<<18) 108 #define PORTSC_WRC (1<<19) 109 #define PORTSC_OCC (1<<20) 110 #define PORTSC_PRC (1<<21) 111 #define PORTSC_PLC (1<<22) 112 #define PORTSC_CEC (1<<23) 113 #define PORTSC_CAS (1<<24) 114 #define PORTSC_WCE (1<<25) 115 #define PORTSC_WDE (1<<26) 116 #define PORTSC_WOE (1<<27) 117 #define PORTSC_DR (1<<30) 118 #define PORTSC_WPR (1<<31) 119 120 #define CRCR_RCS (1<<0) 121 #define CRCR_CS (1<<1) 122 #define CRCR_CA (1<<2) 123 #define CRCR_CRR (1<<3) 124 125 #define IMAN_IP (1<<0) 126 #define IMAN_IE (1<<1) 127 128 #define ERDP_EHB (1<<3) 129 130 #define TRB_SIZE 16 131 typedef struct XHCITRB { 132 uint64_t parameter; 133 uint32_t status; 134 uint32_t control; 135 dma_addr_t addr; 136 bool ccs; 137 } XHCITRB; 138 139 enum { 140 PLS_U0 = 0, 141 PLS_U1 = 1, 142 PLS_U2 = 2, 143 PLS_U3 = 3, 144 PLS_DISABLED = 4, 145 PLS_RX_DETECT = 5, 146 PLS_INACTIVE = 6, 147 PLS_POLLING = 7, 148 PLS_RECOVERY = 8, 149 PLS_HOT_RESET = 9, 150 PLS_COMPILANCE_MODE = 10, 151 PLS_TEST_MODE = 11, 152 PLS_RESUME = 15, 153 }; 154 155 #define CR_LINK TR_LINK 156 157 #define TRB_C (1<<0) 158 #define TRB_TYPE_SHIFT 10 159 #define TRB_TYPE_MASK 0x3f 160 #define TRB_TYPE(t) (((t).control >> TRB_TYPE_SHIFT) & TRB_TYPE_MASK) 161 162 #define TRB_EV_ED (1<<2) 163 164 #define TRB_TR_ENT (1<<1) 165 #define TRB_TR_ISP (1<<2) 166 #define TRB_TR_NS (1<<3) 167 #define TRB_TR_CH (1<<4) 168 #define TRB_TR_IOC (1<<5) 169 #define TRB_TR_IDT (1<<6) 170 #define TRB_TR_TBC_SHIFT 7 171 #define TRB_TR_TBC_MASK 0x3 172 #define TRB_TR_BEI (1<<9) 173 #define TRB_TR_TLBPC_SHIFT 16 174 #define TRB_TR_TLBPC_MASK 0xf 175 #define TRB_TR_FRAMEID_SHIFT 20 176 #define TRB_TR_FRAMEID_MASK 0x7ff 177 #define TRB_TR_SIA (1<<31) 178 179 #define TRB_TR_DIR (1<<16) 180 181 #define TRB_CR_SLOTID_SHIFT 24 182 #define TRB_CR_SLOTID_MASK 0xff 183 #define TRB_CR_EPID_SHIFT 16 184 #define TRB_CR_EPID_MASK 0x1f 185 186 #define TRB_CR_BSR (1<<9) 187 #define TRB_CR_DC (1<<9) 188 189 #define TRB_LK_TC (1<<1) 190 191 #define TRB_INTR_SHIFT 22 192 #define TRB_INTR_MASK 0x3ff 193 #define TRB_INTR(t) (((t).status >> TRB_INTR_SHIFT) & TRB_INTR_MASK) 194 195 #define EP_TYPE_MASK 0x7 196 #define EP_TYPE_SHIFT 3 197 198 #define EP_STATE_MASK 0x7 199 #define EP_DISABLED (0<<0) 200 #define EP_RUNNING (1<<0) 201 #define EP_HALTED (2<<0) 202 #define EP_STOPPED (3<<0) 203 #define EP_ERROR (4<<0) 204 205 #define SLOT_STATE_MASK 0x1f 206 #define SLOT_STATE_SHIFT 27 207 #define SLOT_STATE(s) (((s)>>SLOT_STATE_SHIFT)&SLOT_STATE_MASK) 208 #define SLOT_ENABLED 0 209 #define SLOT_DEFAULT 1 210 #define SLOT_ADDRESSED 2 211 #define SLOT_CONFIGURED 3 212 213 #define SLOT_CONTEXT_ENTRIES_MASK 0x1f 214 #define SLOT_CONTEXT_ENTRIES_SHIFT 27 215 216 #define get_field(data, field) \ 217 (((data) >> field##_SHIFT) & field##_MASK) 218 219 #define set_field(data, newval, field) do { \ 220 uint32_t val = *data; \ 221 val &= ~(field##_MASK << field##_SHIFT); \ 222 val |= ((newval) & field##_MASK) << field##_SHIFT; \ 223 *data = val; \ 224 } while (0) 225 226 typedef enum EPType { 227 ET_INVALID = 0, 228 ET_ISO_OUT, 229 ET_BULK_OUT, 230 ET_INTR_OUT, 231 ET_CONTROL, 232 ET_ISO_IN, 233 ET_BULK_IN, 234 ET_INTR_IN, 235 } EPType; 236 237 typedef struct XHCITransfer { 238 XHCIEPContext *epctx; 239 USBPacket packet; 240 QEMUSGList sgl; 241 bool running_async; 242 bool running_retry; 243 bool complete; 244 bool int_req; 245 unsigned int iso_pkts; 246 unsigned int streamid; 247 bool in_xfer; 248 bool iso_xfer; 249 bool timed_xfer; 250 251 unsigned int trb_count; 252 XHCITRB *trbs; 253 254 TRBCCode status; 255 256 unsigned int pkts; 257 unsigned int pktsize; 258 unsigned int cur_pkt; 259 260 uint64_t mfindex_kick; 261 262 QTAILQ_ENTRY(XHCITransfer) next; 263 } XHCITransfer; 264 265 struct XHCIStreamContext { 266 dma_addr_t pctx; 267 unsigned int sct; 268 XHCIRing ring; 269 }; 270 271 struct XHCIEPContext { 272 XHCIState *xhci; 273 unsigned int slotid; 274 unsigned int epid; 275 276 XHCIRing ring; 277 uint32_t xfer_count; 278 QTAILQ_HEAD(, XHCITransfer) transfers; 279 XHCITransfer *retry; 280 EPType type; 281 dma_addr_t pctx; 282 unsigned int max_psize; 283 uint32_t state; 284 uint32_t kick_active; 285 286 /* streams */ 287 unsigned int max_pstreams; 288 bool lsa; 289 unsigned int nr_pstreams; 290 XHCIStreamContext *pstreams; 291 292 /* iso xfer scheduling */ 293 unsigned int interval; 294 int64_t mfindex_last; 295 QEMUTimer *kick_timer; 296 }; 297 298 typedef struct XHCIEvRingSeg { 299 uint32_t addr_low; 300 uint32_t addr_high; 301 uint32_t size; 302 uint32_t rsvd; 303 } XHCIEvRingSeg; 304 305 static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid, 306 unsigned int epid, unsigned int streamid); 307 static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid); 308 static TRBCCode xhci_disable_ep(XHCIState *xhci, unsigned int slotid, 309 unsigned int epid); 310 static void xhci_xfer_report(XHCITransfer *xfer); 311 static void xhci_event(XHCIState *xhci, XHCIEvent *event, int v); 312 static void xhci_write_event(XHCIState *xhci, XHCIEvent *event, int v); 313 static USBEndpoint *xhci_epid_to_usbep(XHCIEPContext *epctx); 314 315 static const char *TRBType_names[] = { 316 [TRB_RESERVED] = "TRB_RESERVED", 317 [TR_NORMAL] = "TR_NORMAL", 318 [TR_SETUP] = "TR_SETUP", 319 [TR_DATA] = "TR_DATA", 320 [TR_STATUS] = "TR_STATUS", 321 [TR_ISOCH] = "TR_ISOCH", 322 [TR_LINK] = "TR_LINK", 323 [TR_EVDATA] = "TR_EVDATA", 324 [TR_NOOP] = "TR_NOOP", 325 [CR_ENABLE_SLOT] = "CR_ENABLE_SLOT", 326 [CR_DISABLE_SLOT] = "CR_DISABLE_SLOT", 327 [CR_ADDRESS_DEVICE] = "CR_ADDRESS_DEVICE", 328 [CR_CONFIGURE_ENDPOINT] = "CR_CONFIGURE_ENDPOINT", 329 [CR_EVALUATE_CONTEXT] = "CR_EVALUATE_CONTEXT", 330 [CR_RESET_ENDPOINT] = "CR_RESET_ENDPOINT", 331 [CR_STOP_ENDPOINT] = "CR_STOP_ENDPOINT", 332 [CR_SET_TR_DEQUEUE] = "CR_SET_TR_DEQUEUE", 333 [CR_RESET_DEVICE] = "CR_RESET_DEVICE", 334 [CR_FORCE_EVENT] = "CR_FORCE_EVENT", 335 [CR_NEGOTIATE_BW] = "CR_NEGOTIATE_BW", 336 [CR_SET_LATENCY_TOLERANCE] = "CR_SET_LATENCY_TOLERANCE", 337 [CR_GET_PORT_BANDWIDTH] = "CR_GET_PORT_BANDWIDTH", 338 [CR_FORCE_HEADER] = "CR_FORCE_HEADER", 339 [CR_NOOP] = "CR_NOOP", 340 [ER_TRANSFER] = "ER_TRANSFER", 341 [ER_COMMAND_COMPLETE] = "ER_COMMAND_COMPLETE", 342 [ER_PORT_STATUS_CHANGE] = "ER_PORT_STATUS_CHANGE", 343 [ER_BANDWIDTH_REQUEST] = "ER_BANDWIDTH_REQUEST", 344 [ER_DOORBELL] = "ER_DOORBELL", 345 [ER_HOST_CONTROLLER] = "ER_HOST_CONTROLLER", 346 [ER_DEVICE_NOTIFICATION] = "ER_DEVICE_NOTIFICATION", 347 [ER_MFINDEX_WRAP] = "ER_MFINDEX_WRAP", 348 [CR_VENDOR_NEC_FIRMWARE_REVISION] = "CR_VENDOR_NEC_FIRMWARE_REVISION", 349 [CR_VENDOR_NEC_CHALLENGE_RESPONSE] = "CR_VENDOR_NEC_CHALLENGE_RESPONSE", 350 }; 351 352 static const char *TRBCCode_names[] = { 353 [CC_INVALID] = "CC_INVALID", 354 [CC_SUCCESS] = "CC_SUCCESS", 355 [CC_DATA_BUFFER_ERROR] = "CC_DATA_BUFFER_ERROR", 356 [CC_BABBLE_DETECTED] = "CC_BABBLE_DETECTED", 357 [CC_USB_TRANSACTION_ERROR] = "CC_USB_TRANSACTION_ERROR", 358 [CC_TRB_ERROR] = "CC_TRB_ERROR", 359 [CC_STALL_ERROR] = "CC_STALL_ERROR", 360 [CC_RESOURCE_ERROR] = "CC_RESOURCE_ERROR", 361 [CC_BANDWIDTH_ERROR] = "CC_BANDWIDTH_ERROR", 362 [CC_NO_SLOTS_ERROR] = "CC_NO_SLOTS_ERROR", 363 [CC_INVALID_STREAM_TYPE_ERROR] = "CC_INVALID_STREAM_TYPE_ERROR", 364 [CC_SLOT_NOT_ENABLED_ERROR] = "CC_SLOT_NOT_ENABLED_ERROR", 365 [CC_EP_NOT_ENABLED_ERROR] = "CC_EP_NOT_ENABLED_ERROR", 366 [CC_SHORT_PACKET] = "CC_SHORT_PACKET", 367 [CC_RING_UNDERRUN] = "CC_RING_UNDERRUN", 368 [CC_RING_OVERRUN] = "CC_RING_OVERRUN", 369 [CC_VF_ER_FULL] = "CC_VF_ER_FULL", 370 [CC_PARAMETER_ERROR] = "CC_PARAMETER_ERROR", 371 [CC_BANDWIDTH_OVERRUN] = "CC_BANDWIDTH_OVERRUN", 372 [CC_CONTEXT_STATE_ERROR] = "CC_CONTEXT_STATE_ERROR", 373 [CC_NO_PING_RESPONSE_ERROR] = "CC_NO_PING_RESPONSE_ERROR", 374 [CC_EVENT_RING_FULL_ERROR] = "CC_EVENT_RING_FULL_ERROR", 375 [CC_INCOMPATIBLE_DEVICE_ERROR] = "CC_INCOMPATIBLE_DEVICE_ERROR", 376 [CC_MISSED_SERVICE_ERROR] = "CC_MISSED_SERVICE_ERROR", 377 [CC_COMMAND_RING_STOPPED] = "CC_COMMAND_RING_STOPPED", 378 [CC_COMMAND_ABORTED] = "CC_COMMAND_ABORTED", 379 [CC_STOPPED] = "CC_STOPPED", 380 [CC_STOPPED_LENGTH_INVALID] = "CC_STOPPED_LENGTH_INVALID", 381 [CC_MAX_EXIT_LATENCY_TOO_LARGE_ERROR] 382 = "CC_MAX_EXIT_LATENCY_TOO_LARGE_ERROR", 383 [CC_ISOCH_BUFFER_OVERRUN] = "CC_ISOCH_BUFFER_OVERRUN", 384 [CC_EVENT_LOST_ERROR] = "CC_EVENT_LOST_ERROR", 385 [CC_UNDEFINED_ERROR] = "CC_UNDEFINED_ERROR", 386 [CC_INVALID_STREAM_ID_ERROR] = "CC_INVALID_STREAM_ID_ERROR", 387 [CC_SECONDARY_BANDWIDTH_ERROR] = "CC_SECONDARY_BANDWIDTH_ERROR", 388 [CC_SPLIT_TRANSACTION_ERROR] = "CC_SPLIT_TRANSACTION_ERROR", 389 }; 390 391 static const char *ep_state_names[] = { 392 [EP_DISABLED] = "disabled", 393 [EP_RUNNING] = "running", 394 [EP_HALTED] = "halted", 395 [EP_STOPPED] = "stopped", 396 [EP_ERROR] = "error", 397 }; 398 399 static const char *lookup_name(uint32_t index, const char **list, uint32_t llen) 400 { 401 if (index >= llen || list[index] == NULL) { 402 return "???"; 403 } 404 return list[index]; 405 } 406 407 static const char *trb_name(XHCITRB *trb) 408 { 409 return lookup_name(TRB_TYPE(*trb), TRBType_names, 410 ARRAY_SIZE(TRBType_names)); 411 } 412 413 static const char *event_name(XHCIEvent *event) 414 { 415 return lookup_name(event->ccode, TRBCCode_names, 416 ARRAY_SIZE(TRBCCode_names)); 417 } 418 419 static const char *ep_state_name(uint32_t state) 420 { 421 return lookup_name(state, ep_state_names, 422 ARRAY_SIZE(ep_state_names)); 423 } 424 425 bool xhci_get_flag(XHCIState *xhci, enum xhci_flags bit) 426 { 427 return xhci->flags & (1 << bit); 428 } 429 430 void xhci_set_flag(XHCIState *xhci, enum xhci_flags bit) 431 { 432 xhci->flags |= (1 << bit); 433 } 434 435 static uint64_t xhci_mfindex_get(XHCIState *xhci) 436 { 437 int64_t now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 438 return (now - xhci->mfindex_start) / 125000; 439 } 440 441 static void xhci_mfwrap_update(XHCIState *xhci) 442 { 443 const uint32_t bits = USBCMD_RS | USBCMD_EWE; 444 uint32_t mfindex, left; 445 int64_t now; 446 447 if ((xhci->usbcmd & bits) == bits) { 448 now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 449 mfindex = ((now - xhci->mfindex_start) / 125000) & 0x3fff; 450 left = 0x4000 - mfindex; 451 timer_mod(xhci->mfwrap_timer, now + left * 125000); 452 } else { 453 timer_del(xhci->mfwrap_timer); 454 } 455 } 456 457 static void xhci_mfwrap_timer(void *opaque) 458 { 459 XHCIState *xhci = opaque; 460 XHCIEvent wrap = { ER_MFINDEX_WRAP, CC_SUCCESS }; 461 462 xhci_event(xhci, &wrap, 0); 463 xhci_mfwrap_update(xhci); 464 } 465 466 static void xhci_die(XHCIState *xhci) 467 { 468 xhci->usbsts |= USBSTS_HCE; 469 DPRINTF("xhci: asserted controller error\n"); 470 } 471 472 static inline dma_addr_t xhci_addr64(uint32_t low, uint32_t high) 473 { 474 if (sizeof(dma_addr_t) == 4) { 475 return low; 476 } else { 477 return low | (((dma_addr_t)high << 16) << 16); 478 } 479 } 480 481 static inline dma_addr_t xhci_mask64(uint64_t addr) 482 { 483 if (sizeof(dma_addr_t) == 4) { 484 return addr & 0xffffffff; 485 } else { 486 return addr; 487 } 488 } 489 490 static inline void xhci_dma_read_u32s(XHCIState *xhci, dma_addr_t addr, 491 uint32_t *buf, size_t len) 492 { 493 int i; 494 495 assert((len % sizeof(uint32_t)) == 0); 496 497 if (dma_memory_read(xhci->as, addr, buf, len, 498 MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) { 499 qemu_log_mask(LOG_GUEST_ERROR, "%s: DMA memory access failed!\n", 500 __func__); 501 memset(buf, 0xff, len); 502 xhci_die(xhci); 503 return; 504 } 505 506 for (i = 0; i < (len / sizeof(uint32_t)); i++) { 507 buf[i] = le32_to_cpu(buf[i]); 508 } 509 } 510 511 static inline void xhci_dma_write_u32s(XHCIState *xhci, dma_addr_t addr, 512 const uint32_t *buf, size_t len) 513 { 514 int i; 515 uint32_t tmp[5]; 516 uint32_t n = len / sizeof(uint32_t); 517 518 assert((len % sizeof(uint32_t)) == 0); 519 assert(n <= ARRAY_SIZE(tmp)); 520 521 for (i = 0; i < n; i++) { 522 tmp[i] = cpu_to_le32(buf[i]); 523 } 524 if (dma_memory_write(xhci->as, addr, tmp, len, 525 MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) { 526 qemu_log_mask(LOG_GUEST_ERROR, "%s: DMA memory access failed!\n", 527 __func__); 528 xhci_die(xhci); 529 return; 530 } 531 } 532 533 static XHCIPort *xhci_lookup_port(XHCIState *xhci, struct USBPort *uport) 534 { 535 int index; 536 537 if (!uport->dev) { 538 return NULL; 539 } 540 switch (uport->dev->speed) { 541 case USB_SPEED_LOW: 542 case USB_SPEED_FULL: 543 case USB_SPEED_HIGH: 544 if (xhci_get_flag(xhci, XHCI_FLAG_SS_FIRST)) { 545 index = uport->index + xhci->numports_3; 546 } else { 547 index = uport->index; 548 } 549 break; 550 case USB_SPEED_SUPER: 551 if (xhci_get_flag(xhci, XHCI_FLAG_SS_FIRST)) { 552 index = uport->index; 553 } else { 554 index = uport->index + xhci->numports_2; 555 } 556 break; 557 default: 558 return NULL; 559 } 560 return &xhci->ports[index]; 561 } 562 563 static void xhci_intr_update(XHCIState *xhci, int v) 564 { 565 int level = 0; 566 567 if (v == 0) { 568 if (xhci->intr[0].iman & IMAN_IP && 569 xhci->intr[0].iman & IMAN_IE && 570 xhci->usbcmd & USBCMD_INTE) { 571 level = 1; 572 } 573 if (xhci->intr_raise) { 574 if (xhci->intr_raise(xhci, 0, level)) { 575 xhci->intr[0].iman &= ~IMAN_IP; 576 } 577 } 578 } 579 if (xhci->intr_update) { 580 xhci->intr_update(xhci, v, 581 xhci->intr[v].iman & IMAN_IE); 582 } 583 } 584 585 static void xhci_intr_raise(XHCIState *xhci, int v) 586 { 587 bool pending = (xhci->intr[v].erdp_low & ERDP_EHB); 588 589 xhci->intr[v].erdp_low |= ERDP_EHB; 590 xhci->intr[v].iman |= IMAN_IP; 591 xhci->usbsts |= USBSTS_EINT; 592 593 if (pending) { 594 return; 595 } 596 if (!(xhci->intr[v].iman & IMAN_IE)) { 597 return; 598 } 599 600 if (!(xhci->usbcmd & USBCMD_INTE)) { 601 return; 602 } 603 if (xhci->intr_raise) { 604 if (xhci->intr_raise(xhci, v, true)) { 605 xhci->intr[v].iman &= ~IMAN_IP; 606 } 607 } 608 } 609 610 static inline int xhci_running(XHCIState *xhci) 611 { 612 return !(xhci->usbsts & USBSTS_HCH); 613 } 614 615 static void xhci_write_event(XHCIState *xhci, XHCIEvent *event, int v) 616 { 617 XHCIInterrupter *intr = &xhci->intr[v]; 618 XHCITRB ev_trb; 619 dma_addr_t addr; 620 621 ev_trb.parameter = cpu_to_le64(event->ptr); 622 ev_trb.status = cpu_to_le32(event->length | (event->ccode << 24)); 623 ev_trb.control = (event->slotid << 24) | (event->epid << 16) | 624 event->flags | (event->type << TRB_TYPE_SHIFT); 625 if (intr->er_pcs) { 626 ev_trb.control |= TRB_C; 627 } 628 ev_trb.control = cpu_to_le32(ev_trb.control); 629 630 trace_usb_xhci_queue_event(v, intr->er_ep_idx, trb_name(&ev_trb), 631 event_name(event), ev_trb.parameter, 632 ev_trb.status, ev_trb.control); 633 634 addr = intr->er_start + TRB_SIZE*intr->er_ep_idx; 635 if (dma_memory_write(xhci->as, addr, &ev_trb, TRB_SIZE, 636 MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) { 637 qemu_log_mask(LOG_GUEST_ERROR, "%s: DMA memory access failed!\n", 638 __func__); 639 xhci_die(xhci); 640 } 641 642 intr->er_ep_idx++; 643 if (intr->er_ep_idx >= intr->er_size) { 644 intr->er_ep_idx = 0; 645 intr->er_pcs = !intr->er_pcs; 646 } 647 } 648 649 static void xhci_event(XHCIState *xhci, XHCIEvent *event, int v) 650 { 651 XHCIInterrupter *intr; 652 dma_addr_t erdp; 653 unsigned int dp_idx; 654 655 if (v >= xhci->numintrs) { 656 DPRINTF("intr nr out of range (%d >= %d)\n", v, xhci->numintrs); 657 return; 658 } 659 intr = &xhci->intr[v]; 660 661 erdp = xhci_addr64(intr->erdp_low, intr->erdp_high); 662 if (erdp < intr->er_start || 663 erdp >= (intr->er_start + TRB_SIZE*intr->er_size)) { 664 DPRINTF("xhci: ERDP out of bounds: "DMA_ADDR_FMT"\n", erdp); 665 DPRINTF("xhci: ER[%d] at "DMA_ADDR_FMT" len %d\n", 666 v, intr->er_start, intr->er_size); 667 xhci_die(xhci); 668 return; 669 } 670 671 dp_idx = (erdp - intr->er_start) / TRB_SIZE; 672 assert(dp_idx < intr->er_size); 673 674 if ((intr->er_ep_idx + 2) % intr->er_size == dp_idx) { 675 DPRINTF("xhci: ER %d full, send ring full error\n", v); 676 XHCIEvent full = {ER_HOST_CONTROLLER, CC_EVENT_RING_FULL_ERROR}; 677 xhci_write_event(xhci, &full, v); 678 } else if ((intr->er_ep_idx + 1) % intr->er_size == dp_idx) { 679 DPRINTF("xhci: ER %d full, drop event\n", v); 680 } else { 681 xhci_write_event(xhci, event, v); 682 } 683 684 xhci_intr_raise(xhci, v); 685 } 686 687 static void xhci_ring_init(XHCIState *xhci, XHCIRing *ring, 688 dma_addr_t base) 689 { 690 ring->dequeue = base; 691 ring->ccs = 1; 692 } 693 694 static TRBType xhci_ring_fetch(XHCIState *xhci, XHCIRing *ring, XHCITRB *trb, 695 dma_addr_t *addr) 696 { 697 uint32_t link_cnt = 0; 698 699 while (1) { 700 TRBType type; 701 if (dma_memory_read(xhci->as, ring->dequeue, trb, TRB_SIZE, 702 MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) { 703 qemu_log_mask(LOG_GUEST_ERROR, "%s: DMA memory access failed!\n", 704 __func__); 705 return 0; 706 } 707 trb->addr = ring->dequeue; 708 trb->ccs = ring->ccs; 709 le64_to_cpus(&trb->parameter); 710 le32_to_cpus(&trb->status); 711 le32_to_cpus(&trb->control); 712 713 trace_usb_xhci_fetch_trb(ring->dequeue, trb_name(trb), 714 trb->parameter, trb->status, trb->control); 715 716 if ((trb->control & TRB_C) != ring->ccs) { 717 return 0; 718 } 719 720 type = TRB_TYPE(*trb); 721 722 if (type != TR_LINK) { 723 if (addr) { 724 *addr = ring->dequeue; 725 } 726 ring->dequeue += TRB_SIZE; 727 return type; 728 } else { 729 if (++link_cnt > TRB_LINK_LIMIT) { 730 trace_usb_xhci_enforced_limit("trb-link"); 731 return 0; 732 } 733 ring->dequeue = xhci_mask64(trb->parameter); 734 if (trb->control & TRB_LK_TC) { 735 ring->ccs = !ring->ccs; 736 } 737 } 738 } 739 } 740 741 static int xhci_ring_chain_length(XHCIState *xhci, const XHCIRing *ring) 742 { 743 XHCITRB trb; 744 int length = 0; 745 dma_addr_t dequeue = ring->dequeue; 746 bool ccs = ring->ccs; 747 /* hack to bundle together the two/three TDs that make a setup transfer */ 748 bool control_td_set = 0; 749 uint32_t link_cnt = 0; 750 751 do { 752 TRBType type; 753 if (dma_memory_read(xhci->as, dequeue, &trb, TRB_SIZE, 754 MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) { 755 qemu_log_mask(LOG_GUEST_ERROR, "%s: DMA memory access failed!\n", 756 __func__); 757 return -1; 758 } 759 le64_to_cpus(&trb.parameter); 760 le32_to_cpus(&trb.status); 761 le32_to_cpus(&trb.control); 762 763 if ((trb.control & TRB_C) != ccs) { 764 return -length; 765 } 766 767 type = TRB_TYPE(trb); 768 769 if (type == TR_LINK) { 770 if (++link_cnt > TRB_LINK_LIMIT) { 771 return -length; 772 } 773 dequeue = xhci_mask64(trb.parameter); 774 if (trb.control & TRB_LK_TC) { 775 ccs = !ccs; 776 } 777 continue; 778 } 779 780 length += 1; 781 dequeue += TRB_SIZE; 782 783 if (type == TR_SETUP) { 784 control_td_set = 1; 785 } else if (type == TR_STATUS) { 786 control_td_set = 0; 787 } 788 789 if (!control_td_set && !(trb.control & TRB_TR_CH)) { 790 return length; 791 } 792 793 /* 794 * According to the xHCI spec, Transfer Ring segments should have 795 * a maximum size of 64 kB (see chapter "6 Data Structures") 796 */ 797 } while (length < TRB_LINK_LIMIT * 65536 / TRB_SIZE); 798 799 qemu_log_mask(LOG_GUEST_ERROR, "%s: exceeded maximum transfer ring size!\n", 800 __func__); 801 802 return -1; 803 } 804 805 static void xhci_er_reset(XHCIState *xhci, int v) 806 { 807 XHCIInterrupter *intr = &xhci->intr[v]; 808 XHCIEvRingSeg seg; 809 dma_addr_t erstba = xhci_addr64(intr->erstba_low, intr->erstba_high); 810 811 if (intr->erstsz == 0 || erstba == 0) { 812 /* disabled */ 813 intr->er_start = 0; 814 intr->er_size = 0; 815 return; 816 } 817 /* cache the (sole) event ring segment location */ 818 if (intr->erstsz != 1) { 819 DPRINTF("xhci: invalid value for ERSTSZ: %d\n", intr->erstsz); 820 xhci_die(xhci); 821 return; 822 } 823 if (dma_memory_read(xhci->as, erstba, &seg, sizeof(seg), 824 MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) { 825 qemu_log_mask(LOG_GUEST_ERROR, "%s: DMA memory access failed!\n", 826 __func__); 827 xhci_die(xhci); 828 return; 829 } 830 831 le32_to_cpus(&seg.addr_low); 832 le32_to_cpus(&seg.addr_high); 833 le32_to_cpus(&seg.size); 834 if (seg.size < 16 || seg.size > 4096) { 835 DPRINTF("xhci: invalid value for segment size: %d\n", seg.size); 836 xhci_die(xhci); 837 return; 838 } 839 intr->er_start = xhci_addr64(seg.addr_low, seg.addr_high); 840 intr->er_size = seg.size; 841 842 intr->er_ep_idx = 0; 843 intr->er_pcs = 1; 844 845 DPRINTF("xhci: event ring[%d]:" DMA_ADDR_FMT " [%d]\n", 846 v, intr->er_start, intr->er_size); 847 } 848 849 static void xhci_run(XHCIState *xhci) 850 { 851 trace_usb_xhci_run(); 852 xhci->usbsts &= ~USBSTS_HCH; 853 xhci->mfindex_start = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 854 } 855 856 static void xhci_stop(XHCIState *xhci) 857 { 858 trace_usb_xhci_stop(); 859 xhci->usbsts |= USBSTS_HCH; 860 xhci->crcr_low &= ~CRCR_CRR; 861 } 862 863 static XHCIStreamContext *xhci_alloc_stream_contexts(unsigned count, 864 dma_addr_t base) 865 { 866 XHCIStreamContext *stctx; 867 unsigned int i; 868 869 stctx = g_new0(XHCIStreamContext, count); 870 for (i = 0; i < count; i++) { 871 stctx[i].pctx = base + i * 16; 872 stctx[i].sct = -1; 873 } 874 return stctx; 875 } 876 877 static void xhci_reset_streams(XHCIEPContext *epctx) 878 { 879 unsigned int i; 880 881 for (i = 0; i < epctx->nr_pstreams; i++) { 882 epctx->pstreams[i].sct = -1; 883 } 884 } 885 886 static void xhci_alloc_streams(XHCIEPContext *epctx, dma_addr_t base) 887 { 888 assert(epctx->pstreams == NULL); 889 epctx->nr_pstreams = 2 << epctx->max_pstreams; 890 epctx->pstreams = xhci_alloc_stream_contexts(epctx->nr_pstreams, base); 891 } 892 893 static void xhci_free_streams(XHCIEPContext *epctx) 894 { 895 assert(epctx->pstreams != NULL); 896 897 g_free(epctx->pstreams); 898 epctx->pstreams = NULL; 899 epctx->nr_pstreams = 0; 900 } 901 902 static int xhci_epmask_to_eps_with_streams(XHCIState *xhci, 903 unsigned int slotid, 904 uint32_t epmask, 905 XHCIEPContext **epctxs, 906 USBEndpoint **eps) 907 { 908 XHCISlot *slot; 909 XHCIEPContext *epctx; 910 USBEndpoint *ep; 911 int i, j; 912 913 assert(slotid >= 1 && slotid <= xhci->numslots); 914 915 slot = &xhci->slots[slotid - 1]; 916 917 for (i = 2, j = 0; i <= 31; i++) { 918 if (!(epmask & (1u << i))) { 919 continue; 920 } 921 922 epctx = slot->eps[i - 1]; 923 ep = xhci_epid_to_usbep(epctx); 924 if (!epctx || !epctx->nr_pstreams || !ep) { 925 continue; 926 } 927 928 if (epctxs) { 929 epctxs[j] = epctx; 930 } 931 eps[j++] = ep; 932 } 933 return j; 934 } 935 936 static void xhci_free_device_streams(XHCIState *xhci, unsigned int slotid, 937 uint32_t epmask) 938 { 939 USBEndpoint *eps[30]; 940 int nr_eps; 941 942 nr_eps = xhci_epmask_to_eps_with_streams(xhci, slotid, epmask, NULL, eps); 943 if (nr_eps) { 944 usb_device_free_streams(eps[0]->dev, eps, nr_eps); 945 } 946 } 947 948 static TRBCCode xhci_alloc_device_streams(XHCIState *xhci, unsigned int slotid, 949 uint32_t epmask) 950 { 951 XHCIEPContext *epctxs[30]; 952 USBEndpoint *eps[30]; 953 int i, r, nr_eps, req_nr_streams, dev_max_streams; 954 955 nr_eps = xhci_epmask_to_eps_with_streams(xhci, slotid, epmask, epctxs, 956 eps); 957 if (nr_eps == 0) { 958 return CC_SUCCESS; 959 } 960 961 req_nr_streams = epctxs[0]->nr_pstreams; 962 dev_max_streams = eps[0]->max_streams; 963 964 for (i = 1; i < nr_eps; i++) { 965 /* 966 * HdG: I don't expect these to ever trigger, but if they do we need 967 * to come up with another solution, ie group identical endpoints 968 * together and make an usb_device_alloc_streams call per group. 969 */ 970 if (epctxs[i]->nr_pstreams != req_nr_streams) { 971 FIXME("guest streams config not identical for all eps"); 972 return CC_RESOURCE_ERROR; 973 } 974 if (eps[i]->max_streams != dev_max_streams) { 975 FIXME("device streams config not identical for all eps"); 976 return CC_RESOURCE_ERROR; 977 } 978 } 979 980 /* 981 * max-streams in both the device descriptor and in the controller is a 982 * power of 2. But stream id 0 is reserved, so if a device can do up to 4 983 * streams the guest will ask for 5 rounded up to the next power of 2 which 984 * becomes 8. For emulated devices usb_device_alloc_streams is a nop. 985 * 986 * For redirected devices however this is an issue, as there we must ask 987 * the real xhci controller to alloc streams, and the host driver for the 988 * real xhci controller will likely disallow allocating more streams then 989 * the device can handle. 990 * 991 * So we limit the requested nr_streams to the maximum number the device 992 * can handle. 993 */ 994 if (req_nr_streams > dev_max_streams) { 995 req_nr_streams = dev_max_streams; 996 } 997 998 r = usb_device_alloc_streams(eps[0]->dev, eps, nr_eps, req_nr_streams); 999 if (r != 0) { 1000 DPRINTF("xhci: alloc streams failed\n"); 1001 return CC_RESOURCE_ERROR; 1002 } 1003 1004 return CC_SUCCESS; 1005 } 1006 1007 static XHCIStreamContext *xhci_find_stream(XHCIEPContext *epctx, 1008 unsigned int streamid, 1009 uint32_t *cc_error) 1010 { 1011 XHCIStreamContext *sctx; 1012 dma_addr_t base; 1013 uint32_t ctx[2], sct; 1014 1015 assert(streamid != 0); 1016 if (epctx->lsa) { 1017 if (streamid >= epctx->nr_pstreams) { 1018 *cc_error = CC_INVALID_STREAM_ID_ERROR; 1019 return NULL; 1020 } 1021 sctx = epctx->pstreams + streamid; 1022 } else { 1023 fprintf(stderr, "xhci: FIXME: secondary streams not implemented yet"); 1024 *cc_error = CC_INVALID_STREAM_TYPE_ERROR; 1025 return NULL; 1026 } 1027 1028 if (sctx->sct == -1) { 1029 xhci_dma_read_u32s(epctx->xhci, sctx->pctx, ctx, sizeof(ctx)); 1030 sct = (ctx[0] >> 1) & 0x07; 1031 if (epctx->lsa && sct != 1) { 1032 *cc_error = CC_INVALID_STREAM_TYPE_ERROR; 1033 return NULL; 1034 } 1035 sctx->sct = sct; 1036 base = xhci_addr64(ctx[0] & ~0xf, ctx[1]); 1037 xhci_ring_init(epctx->xhci, &sctx->ring, base); 1038 } 1039 return sctx; 1040 } 1041 1042 static void xhci_set_ep_state(XHCIState *xhci, XHCIEPContext *epctx, 1043 XHCIStreamContext *sctx, uint32_t state) 1044 { 1045 XHCIRing *ring = NULL; 1046 uint32_t ctx[5]; 1047 uint32_t ctx2[2]; 1048 1049 xhci_dma_read_u32s(xhci, epctx->pctx, ctx, sizeof(ctx)); 1050 ctx[0] &= ~EP_STATE_MASK; 1051 ctx[0] |= state; 1052 1053 /* update ring dequeue ptr */ 1054 if (epctx->nr_pstreams) { 1055 if (sctx != NULL) { 1056 ring = &sctx->ring; 1057 xhci_dma_read_u32s(xhci, sctx->pctx, ctx2, sizeof(ctx2)); 1058 ctx2[0] &= 0xe; 1059 ctx2[0] |= sctx->ring.dequeue | sctx->ring.ccs; 1060 ctx2[1] = (sctx->ring.dequeue >> 16) >> 16; 1061 xhci_dma_write_u32s(xhci, sctx->pctx, ctx2, sizeof(ctx2)); 1062 } 1063 } else { 1064 ring = &epctx->ring; 1065 } 1066 if (ring) { 1067 ctx[2] = ring->dequeue | ring->ccs; 1068 ctx[3] = (ring->dequeue >> 16) >> 16; 1069 1070 DPRINTF("xhci: set epctx: " DMA_ADDR_FMT " state=%d dequeue=%08x%08x\n", 1071 epctx->pctx, state, ctx[3], ctx[2]); 1072 } 1073 1074 xhci_dma_write_u32s(xhci, epctx->pctx, ctx, sizeof(ctx)); 1075 if (epctx->state != state) { 1076 trace_usb_xhci_ep_state(epctx->slotid, epctx->epid, 1077 ep_state_name(epctx->state), 1078 ep_state_name(state)); 1079 } 1080 epctx->state = state; 1081 } 1082 1083 static void xhci_ep_kick_timer(void *opaque) 1084 { 1085 XHCIEPContext *epctx = opaque; 1086 xhci_kick_epctx(epctx, 0); 1087 } 1088 1089 static XHCIEPContext *xhci_alloc_epctx(XHCIState *xhci, 1090 unsigned int slotid, 1091 unsigned int epid) 1092 { 1093 XHCIEPContext *epctx; 1094 1095 epctx = g_new0(XHCIEPContext, 1); 1096 epctx->xhci = xhci; 1097 epctx->slotid = slotid; 1098 epctx->epid = epid; 1099 1100 QTAILQ_INIT(&epctx->transfers); 1101 epctx->kick_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, xhci_ep_kick_timer, epctx); 1102 1103 return epctx; 1104 } 1105 1106 static void xhci_init_epctx(XHCIEPContext *epctx, 1107 dma_addr_t pctx, uint32_t *ctx) 1108 { 1109 dma_addr_t dequeue; 1110 1111 dequeue = xhci_addr64(ctx[2] & ~0xf, ctx[3]); 1112 1113 epctx->type = (ctx[1] >> EP_TYPE_SHIFT) & EP_TYPE_MASK; 1114 epctx->pctx = pctx; 1115 epctx->max_psize = ctx[1]>>16; 1116 epctx->max_psize *= 1+((ctx[1]>>8)&0xff); 1117 epctx->max_pstreams = (ctx[0] >> 10) & epctx->xhci->max_pstreams_mask; 1118 epctx->lsa = (ctx[0] >> 15) & 1; 1119 if (epctx->max_pstreams) { 1120 xhci_alloc_streams(epctx, dequeue); 1121 } else { 1122 xhci_ring_init(epctx->xhci, &epctx->ring, dequeue); 1123 epctx->ring.ccs = ctx[2] & 1; 1124 } 1125 1126 epctx->interval = 1 << ((ctx[0] >> 16) & 0xff); 1127 } 1128 1129 static TRBCCode xhci_enable_ep(XHCIState *xhci, unsigned int slotid, 1130 unsigned int epid, dma_addr_t pctx, 1131 uint32_t *ctx) 1132 { 1133 XHCISlot *slot; 1134 XHCIEPContext *epctx; 1135 1136 trace_usb_xhci_ep_enable(slotid, epid); 1137 assert(slotid >= 1 && slotid <= xhci->numslots); 1138 assert(epid >= 1 && epid <= 31); 1139 1140 slot = &xhci->slots[slotid-1]; 1141 if (slot->eps[epid-1]) { 1142 xhci_disable_ep(xhci, slotid, epid); 1143 } 1144 1145 epctx = xhci_alloc_epctx(xhci, slotid, epid); 1146 slot->eps[epid-1] = epctx; 1147 xhci_init_epctx(epctx, pctx, ctx); 1148 1149 DPRINTF("xhci: endpoint %d.%d type is %d, max transaction (burst) " 1150 "size is %d\n", epid/2, epid%2, epctx->type, epctx->max_psize); 1151 1152 epctx->mfindex_last = 0; 1153 1154 epctx->state = EP_RUNNING; 1155 ctx[0] &= ~EP_STATE_MASK; 1156 ctx[0] |= EP_RUNNING; 1157 1158 return CC_SUCCESS; 1159 } 1160 1161 static XHCITransfer *xhci_ep_alloc_xfer(XHCIEPContext *epctx, 1162 uint32_t length) 1163 { 1164 uint32_t limit = epctx->nr_pstreams + 16; 1165 XHCITransfer *xfer; 1166 1167 if (epctx->xfer_count >= limit) { 1168 return NULL; 1169 } 1170 1171 xfer = g_new0(XHCITransfer, 1); 1172 xfer->epctx = epctx; 1173 xfer->trbs = g_new(XHCITRB, length); 1174 xfer->trb_count = length; 1175 usb_packet_init(&xfer->packet); 1176 1177 QTAILQ_INSERT_TAIL(&epctx->transfers, xfer, next); 1178 epctx->xfer_count++; 1179 1180 return xfer; 1181 } 1182 1183 static void xhci_ep_free_xfer(XHCITransfer *xfer) 1184 { 1185 QTAILQ_REMOVE(&xfer->epctx->transfers, xfer, next); 1186 xfer->epctx->xfer_count--; 1187 1188 usb_packet_cleanup(&xfer->packet); 1189 g_free(xfer->trbs); 1190 g_free(xfer); 1191 } 1192 1193 static int xhci_ep_nuke_one_xfer(XHCITransfer *t, TRBCCode report) 1194 { 1195 int killed = 0; 1196 1197 if (report && (t->running_async || t->running_retry)) { 1198 t->status = report; 1199 xhci_xfer_report(t); 1200 } 1201 1202 if (t->running_async) { 1203 usb_cancel_packet(&t->packet); 1204 t->running_async = 0; 1205 killed = 1; 1206 } 1207 if (t->running_retry) { 1208 if (t->epctx) { 1209 t->epctx->retry = NULL; 1210 timer_del(t->epctx->kick_timer); 1211 } 1212 t->running_retry = 0; 1213 killed = 1; 1214 } 1215 g_free(t->trbs); 1216 1217 t->trbs = NULL; 1218 t->trb_count = 0; 1219 1220 return killed; 1221 } 1222 1223 static int xhci_ep_nuke_xfers(XHCIState *xhci, unsigned int slotid, 1224 unsigned int epid, TRBCCode report) 1225 { 1226 XHCISlot *slot; 1227 XHCIEPContext *epctx; 1228 XHCITransfer *xfer; 1229 int killed = 0; 1230 USBEndpoint *ep = NULL; 1231 assert(slotid >= 1 && slotid <= xhci->numslots); 1232 assert(epid >= 1 && epid <= 31); 1233 1234 DPRINTF("xhci_ep_nuke_xfers(%d, %d)\n", slotid, epid); 1235 1236 slot = &xhci->slots[slotid-1]; 1237 1238 if (!slot->eps[epid-1]) { 1239 return 0; 1240 } 1241 1242 epctx = slot->eps[epid-1]; 1243 1244 for (;;) { 1245 xfer = QTAILQ_FIRST(&epctx->transfers); 1246 if (xfer == NULL) { 1247 break; 1248 } 1249 killed += xhci_ep_nuke_one_xfer(xfer, report); 1250 if (killed) { 1251 report = 0; /* Only report once */ 1252 } 1253 xhci_ep_free_xfer(xfer); 1254 } 1255 1256 ep = xhci_epid_to_usbep(epctx); 1257 if (ep) { 1258 usb_device_ep_stopped(ep->dev, ep); 1259 } 1260 return killed; 1261 } 1262 1263 static TRBCCode xhci_disable_ep(XHCIState *xhci, unsigned int slotid, 1264 unsigned int epid) 1265 { 1266 XHCISlot *slot; 1267 XHCIEPContext *epctx; 1268 1269 trace_usb_xhci_ep_disable(slotid, epid); 1270 assert(slotid >= 1 && slotid <= xhci->numslots); 1271 assert(epid >= 1 && epid <= 31); 1272 1273 slot = &xhci->slots[slotid-1]; 1274 1275 if (!slot->eps[epid-1]) { 1276 DPRINTF("xhci: slot %d ep %d already disabled\n", slotid, epid); 1277 return CC_SUCCESS; 1278 } 1279 1280 xhci_ep_nuke_xfers(xhci, slotid, epid, 0); 1281 1282 epctx = slot->eps[epid-1]; 1283 1284 if (epctx->nr_pstreams) { 1285 xhci_free_streams(epctx); 1286 } 1287 1288 /* only touch guest RAM if we're not resetting the HC */ 1289 if (xhci->dcbaap_low || xhci->dcbaap_high) { 1290 xhci_set_ep_state(xhci, epctx, NULL, EP_DISABLED); 1291 } 1292 1293 timer_free(epctx->kick_timer); 1294 g_free(epctx); 1295 slot->eps[epid-1] = NULL; 1296 1297 return CC_SUCCESS; 1298 } 1299 1300 static TRBCCode xhci_stop_ep(XHCIState *xhci, unsigned int slotid, 1301 unsigned int epid) 1302 { 1303 XHCISlot *slot; 1304 XHCIEPContext *epctx; 1305 1306 trace_usb_xhci_ep_stop(slotid, epid); 1307 assert(slotid >= 1 && slotid <= xhci->numslots); 1308 1309 if (epid < 1 || epid > 31) { 1310 DPRINTF("xhci: bad ep %d\n", epid); 1311 return CC_TRB_ERROR; 1312 } 1313 1314 slot = &xhci->slots[slotid-1]; 1315 1316 if (!slot->eps[epid-1]) { 1317 DPRINTF("xhci: slot %d ep %d not enabled\n", slotid, epid); 1318 return CC_EP_NOT_ENABLED_ERROR; 1319 } 1320 1321 if (xhci_ep_nuke_xfers(xhci, slotid, epid, CC_STOPPED) > 0) { 1322 DPRINTF("xhci: FIXME: endpoint stopped w/ xfers running, " 1323 "data might be lost\n"); 1324 } 1325 1326 epctx = slot->eps[epid-1]; 1327 1328 xhci_set_ep_state(xhci, epctx, NULL, EP_STOPPED); 1329 1330 if (epctx->nr_pstreams) { 1331 xhci_reset_streams(epctx); 1332 } 1333 1334 return CC_SUCCESS; 1335 } 1336 1337 static TRBCCode xhci_reset_ep(XHCIState *xhci, unsigned int slotid, 1338 unsigned int epid) 1339 { 1340 XHCISlot *slot; 1341 XHCIEPContext *epctx; 1342 1343 trace_usb_xhci_ep_reset(slotid, epid); 1344 assert(slotid >= 1 && slotid <= xhci->numslots); 1345 1346 if (epid < 1 || epid > 31) { 1347 DPRINTF("xhci: bad ep %d\n", epid); 1348 return CC_TRB_ERROR; 1349 } 1350 1351 slot = &xhci->slots[slotid-1]; 1352 1353 if (!slot->eps[epid-1]) { 1354 DPRINTF("xhci: slot %d ep %d not enabled\n", slotid, epid); 1355 return CC_EP_NOT_ENABLED_ERROR; 1356 } 1357 1358 epctx = slot->eps[epid-1]; 1359 1360 if (epctx->state != EP_HALTED) { 1361 DPRINTF("xhci: reset EP while EP %d not halted (%d)\n", 1362 epid, epctx->state); 1363 return CC_CONTEXT_STATE_ERROR; 1364 } 1365 1366 if (xhci_ep_nuke_xfers(xhci, slotid, epid, 0) > 0) { 1367 DPRINTF("xhci: FIXME: endpoint reset w/ xfers running, " 1368 "data might be lost\n"); 1369 } 1370 1371 if (!xhci->slots[slotid-1].uport || 1372 !xhci->slots[slotid-1].uport->dev || 1373 !xhci->slots[slotid-1].uport->dev->attached) { 1374 return CC_USB_TRANSACTION_ERROR; 1375 } 1376 1377 xhci_set_ep_state(xhci, epctx, NULL, EP_STOPPED); 1378 1379 if (epctx->nr_pstreams) { 1380 xhci_reset_streams(epctx); 1381 } 1382 1383 return CC_SUCCESS; 1384 } 1385 1386 static TRBCCode xhci_set_ep_dequeue(XHCIState *xhci, unsigned int slotid, 1387 unsigned int epid, unsigned int streamid, 1388 uint64_t pdequeue) 1389 { 1390 XHCISlot *slot; 1391 XHCIEPContext *epctx; 1392 XHCIStreamContext *sctx; 1393 dma_addr_t dequeue; 1394 1395 assert(slotid >= 1 && slotid <= xhci->numslots); 1396 1397 if (epid < 1 || epid > 31) { 1398 DPRINTF("xhci: bad ep %d\n", epid); 1399 return CC_TRB_ERROR; 1400 } 1401 1402 trace_usb_xhci_ep_set_dequeue(slotid, epid, streamid, pdequeue); 1403 dequeue = xhci_mask64(pdequeue); 1404 1405 slot = &xhci->slots[slotid-1]; 1406 1407 if (!slot->eps[epid-1]) { 1408 DPRINTF("xhci: slot %d ep %d not enabled\n", slotid, epid); 1409 return CC_EP_NOT_ENABLED_ERROR; 1410 } 1411 1412 epctx = slot->eps[epid-1]; 1413 1414 if (epctx->state != EP_STOPPED) { 1415 DPRINTF("xhci: set EP dequeue pointer while EP %d not stopped\n", epid); 1416 return CC_CONTEXT_STATE_ERROR; 1417 } 1418 1419 if (epctx->nr_pstreams) { 1420 uint32_t err; 1421 sctx = xhci_find_stream(epctx, streamid, &err); 1422 if (sctx == NULL) { 1423 return err; 1424 } 1425 xhci_ring_init(xhci, &sctx->ring, dequeue & ~0xf); 1426 sctx->ring.ccs = dequeue & 1; 1427 } else { 1428 sctx = NULL; 1429 xhci_ring_init(xhci, &epctx->ring, dequeue & ~0xF); 1430 epctx->ring.ccs = dequeue & 1; 1431 } 1432 1433 xhci_set_ep_state(xhci, epctx, sctx, EP_STOPPED); 1434 1435 return CC_SUCCESS; 1436 } 1437 1438 static int xhci_xfer_create_sgl(XHCITransfer *xfer, int in_xfer) 1439 { 1440 XHCIState *xhci = xfer->epctx->xhci; 1441 int i; 1442 1443 xfer->int_req = false; 1444 qemu_sglist_init(&xfer->sgl, DEVICE(xhci), xfer->trb_count, xhci->as); 1445 for (i = 0; i < xfer->trb_count; i++) { 1446 XHCITRB *trb = &xfer->trbs[i]; 1447 dma_addr_t addr; 1448 unsigned int chunk = 0; 1449 1450 if (trb->control & TRB_TR_IOC) { 1451 xfer->int_req = true; 1452 } 1453 1454 switch (TRB_TYPE(*trb)) { 1455 case TR_DATA: 1456 if ((!(trb->control & TRB_TR_DIR)) != (!in_xfer)) { 1457 DPRINTF("xhci: data direction mismatch for TR_DATA\n"); 1458 goto err; 1459 } 1460 /* fallthrough */ 1461 case TR_NORMAL: 1462 case TR_ISOCH: 1463 addr = xhci_mask64(trb->parameter); 1464 chunk = trb->status & 0x1ffff; 1465 if (trb->control & TRB_TR_IDT) { 1466 if (chunk > 8 || in_xfer) { 1467 DPRINTF("xhci: invalid immediate data TRB\n"); 1468 goto err; 1469 } 1470 qemu_sglist_add(&xfer->sgl, trb->addr, chunk); 1471 } else { 1472 qemu_sglist_add(&xfer->sgl, addr, chunk); 1473 } 1474 break; 1475 } 1476 } 1477 1478 return 0; 1479 1480 err: 1481 qemu_sglist_destroy(&xfer->sgl); 1482 xhci_die(xhci); 1483 return -1; 1484 } 1485 1486 static void xhci_xfer_unmap(XHCITransfer *xfer) 1487 { 1488 usb_packet_unmap(&xfer->packet, &xfer->sgl); 1489 qemu_sglist_destroy(&xfer->sgl); 1490 } 1491 1492 static void xhci_xfer_report(XHCITransfer *xfer) 1493 { 1494 uint32_t edtla = 0; 1495 unsigned int left; 1496 bool reported = 0; 1497 bool shortpkt = 0; 1498 XHCIEvent event = {ER_TRANSFER, CC_SUCCESS}; 1499 XHCIState *xhci = xfer->epctx->xhci; 1500 int i; 1501 1502 left = xfer->packet.actual_length; 1503 1504 for (i = 0; i < xfer->trb_count; i++) { 1505 XHCITRB *trb = &xfer->trbs[i]; 1506 unsigned int chunk = 0; 1507 1508 switch (TRB_TYPE(*trb)) { 1509 case TR_SETUP: 1510 chunk = trb->status & 0x1ffff; 1511 if (chunk > 8) { 1512 chunk = 8; 1513 } 1514 break; 1515 case TR_DATA: 1516 case TR_NORMAL: 1517 case TR_ISOCH: 1518 chunk = trb->status & 0x1ffff; 1519 if (chunk > left) { 1520 chunk = left; 1521 if (xfer->status == CC_SUCCESS) { 1522 shortpkt = 1; 1523 } 1524 } 1525 left -= chunk; 1526 edtla += chunk; 1527 break; 1528 case TR_STATUS: 1529 reported = 0; 1530 shortpkt = 0; 1531 break; 1532 } 1533 1534 if (!reported && ((trb->control & TRB_TR_IOC) || 1535 (shortpkt && (trb->control & TRB_TR_ISP)) || 1536 (xfer->status != CC_SUCCESS && left == 0))) { 1537 event.slotid = xfer->epctx->slotid; 1538 event.epid = xfer->epctx->epid; 1539 event.length = (trb->status & 0x1ffff) - chunk; 1540 event.flags = 0; 1541 event.ptr = trb->addr; 1542 if (xfer->status == CC_SUCCESS) { 1543 event.ccode = shortpkt ? CC_SHORT_PACKET : CC_SUCCESS; 1544 } else { 1545 event.ccode = xfer->status; 1546 } 1547 if (TRB_TYPE(*trb) == TR_EVDATA) { 1548 event.ptr = trb->parameter; 1549 event.flags |= TRB_EV_ED; 1550 event.length = edtla & 0xffffff; 1551 DPRINTF("xhci_xfer_data: EDTLA=%d\n", event.length); 1552 edtla = 0; 1553 } 1554 xhci_event(xhci, &event, TRB_INTR(*trb)); 1555 reported = 1; 1556 if (xfer->status != CC_SUCCESS) { 1557 return; 1558 } 1559 } 1560 1561 switch (TRB_TYPE(*trb)) { 1562 case TR_SETUP: 1563 reported = 0; 1564 shortpkt = 0; 1565 break; 1566 } 1567 1568 } 1569 } 1570 1571 static void xhci_stall_ep(XHCITransfer *xfer) 1572 { 1573 XHCIEPContext *epctx = xfer->epctx; 1574 XHCIState *xhci = epctx->xhci; 1575 uint32_t err; 1576 XHCIStreamContext *sctx; 1577 1578 if (epctx->type == ET_ISO_IN || epctx->type == ET_ISO_OUT) { 1579 /* never halt isoch endpoints, 4.10.2 */ 1580 return; 1581 } 1582 1583 if (epctx->nr_pstreams) { 1584 sctx = xhci_find_stream(epctx, xfer->streamid, &err); 1585 if (sctx == NULL) { 1586 return; 1587 } 1588 sctx->ring.dequeue = xfer->trbs[0].addr; 1589 sctx->ring.ccs = xfer->trbs[0].ccs; 1590 xhci_set_ep_state(xhci, epctx, sctx, EP_HALTED); 1591 } else { 1592 epctx->ring.dequeue = xfer->trbs[0].addr; 1593 epctx->ring.ccs = xfer->trbs[0].ccs; 1594 xhci_set_ep_state(xhci, epctx, NULL, EP_HALTED); 1595 } 1596 } 1597 1598 static int xhci_setup_packet(XHCITransfer *xfer) 1599 { 1600 USBEndpoint *ep; 1601 int dir; 1602 1603 dir = xfer->in_xfer ? USB_TOKEN_IN : USB_TOKEN_OUT; 1604 1605 if (xfer->packet.ep) { 1606 ep = xfer->packet.ep; 1607 } else { 1608 ep = xhci_epid_to_usbep(xfer->epctx); 1609 if (!ep) { 1610 DPRINTF("xhci: slot %d has no device\n", 1611 xfer->epctx->slotid); 1612 return -1; 1613 } 1614 } 1615 1616 xhci_xfer_create_sgl(xfer, dir == USB_TOKEN_IN); /* Also sets int_req */ 1617 usb_packet_setup(&xfer->packet, dir, ep, xfer->streamid, 1618 xfer->trbs[0].addr, false, xfer->int_req); 1619 if (usb_packet_map(&xfer->packet, &xfer->sgl)) { 1620 qemu_sglist_destroy(&xfer->sgl); 1621 return -1; 1622 } 1623 DPRINTF("xhci: setup packet pid 0x%x addr %d ep %d\n", 1624 xfer->packet.pid, ep->dev->addr, ep->nr); 1625 return 0; 1626 } 1627 1628 static int xhci_try_complete_packet(XHCITransfer *xfer) 1629 { 1630 if (xfer->packet.status == USB_RET_ASYNC) { 1631 trace_usb_xhci_xfer_async(xfer); 1632 xfer->running_async = 1; 1633 xfer->running_retry = 0; 1634 xfer->complete = 0; 1635 return 0; 1636 } else if (xfer->packet.status == USB_RET_NAK) { 1637 trace_usb_xhci_xfer_nak(xfer); 1638 xfer->running_async = 0; 1639 xfer->running_retry = 1; 1640 xfer->complete = 0; 1641 return 0; 1642 } else { 1643 xfer->running_async = 0; 1644 xfer->running_retry = 0; 1645 xfer->complete = 1; 1646 xhci_xfer_unmap(xfer); 1647 } 1648 1649 if (xfer->packet.status == USB_RET_SUCCESS) { 1650 trace_usb_xhci_xfer_success(xfer, xfer->packet.actual_length); 1651 xfer->status = CC_SUCCESS; 1652 xhci_xfer_report(xfer); 1653 return 0; 1654 } 1655 1656 /* error */ 1657 trace_usb_xhci_xfer_error(xfer, xfer->packet.status); 1658 switch (xfer->packet.status) { 1659 case USB_RET_NODEV: 1660 case USB_RET_IOERROR: 1661 xfer->status = CC_USB_TRANSACTION_ERROR; 1662 xhci_xfer_report(xfer); 1663 xhci_stall_ep(xfer); 1664 break; 1665 case USB_RET_STALL: 1666 xfer->status = CC_STALL_ERROR; 1667 xhci_xfer_report(xfer); 1668 xhci_stall_ep(xfer); 1669 break; 1670 case USB_RET_BABBLE: 1671 xfer->status = CC_BABBLE_DETECTED; 1672 xhci_xfer_report(xfer); 1673 xhci_stall_ep(xfer); 1674 break; 1675 default: 1676 DPRINTF("%s: FIXME: status = %d\n", __func__, 1677 xfer->packet.status); 1678 FIXME("unhandled USB_RET_*"); 1679 } 1680 return 0; 1681 } 1682 1683 static int xhci_fire_ctl_transfer(XHCIState *xhci, XHCITransfer *xfer) 1684 { 1685 XHCITRB *trb_setup, *trb_status; 1686 uint8_t bmRequestType; 1687 1688 trb_setup = &xfer->trbs[0]; 1689 trb_status = &xfer->trbs[xfer->trb_count-1]; 1690 1691 trace_usb_xhci_xfer_start(xfer, xfer->epctx->slotid, 1692 xfer->epctx->epid, xfer->streamid); 1693 1694 /* at most one Event Data TRB allowed after STATUS */ 1695 if (TRB_TYPE(*trb_status) == TR_EVDATA && xfer->trb_count > 2) { 1696 trb_status--; 1697 } 1698 1699 /* do some sanity checks */ 1700 if (TRB_TYPE(*trb_setup) != TR_SETUP) { 1701 DPRINTF("xhci: ep0 first TD not SETUP: %d\n", 1702 TRB_TYPE(*trb_setup)); 1703 return -1; 1704 } 1705 if (TRB_TYPE(*trb_status) != TR_STATUS) { 1706 DPRINTF("xhci: ep0 last TD not STATUS: %d\n", 1707 TRB_TYPE(*trb_status)); 1708 return -1; 1709 } 1710 if (!(trb_setup->control & TRB_TR_IDT)) { 1711 DPRINTF("xhci: Setup TRB doesn't have IDT set\n"); 1712 return -1; 1713 } 1714 if ((trb_setup->status & 0x1ffff) != 8) { 1715 DPRINTF("xhci: Setup TRB has bad length (%d)\n", 1716 (trb_setup->status & 0x1ffff)); 1717 return -1; 1718 } 1719 1720 bmRequestType = trb_setup->parameter; 1721 1722 xfer->in_xfer = bmRequestType & USB_DIR_IN; 1723 xfer->iso_xfer = false; 1724 xfer->timed_xfer = false; 1725 1726 if (xhci_setup_packet(xfer) < 0) { 1727 return -1; 1728 } 1729 xfer->packet.parameter = trb_setup->parameter; 1730 1731 usb_handle_packet(xfer->packet.ep->dev, &xfer->packet); 1732 xhci_try_complete_packet(xfer); 1733 return 0; 1734 } 1735 1736 static void xhci_calc_intr_kick(XHCIState *xhci, XHCITransfer *xfer, 1737 XHCIEPContext *epctx, uint64_t mfindex) 1738 { 1739 uint64_t asap = ((mfindex + epctx->interval - 1) & 1740 ~(epctx->interval-1)); 1741 uint64_t kick = epctx->mfindex_last + epctx->interval; 1742 1743 assert(epctx->interval != 0); 1744 xfer->mfindex_kick = MAX(asap, kick); 1745 } 1746 1747 static void xhci_calc_iso_kick(XHCIState *xhci, XHCITransfer *xfer, 1748 XHCIEPContext *epctx, uint64_t mfindex) 1749 { 1750 if (xfer->trbs[0].control & TRB_TR_SIA) { 1751 uint64_t asap = ((mfindex + epctx->interval - 1) & 1752 ~(epctx->interval-1)); 1753 if (asap >= epctx->mfindex_last && 1754 asap <= epctx->mfindex_last + epctx->interval * 4) { 1755 xfer->mfindex_kick = epctx->mfindex_last + epctx->interval; 1756 } else { 1757 xfer->mfindex_kick = asap; 1758 } 1759 } else { 1760 xfer->mfindex_kick = ((xfer->trbs[0].control >> TRB_TR_FRAMEID_SHIFT) 1761 & TRB_TR_FRAMEID_MASK) << 3; 1762 xfer->mfindex_kick |= mfindex & ~0x3fff; 1763 if (xfer->mfindex_kick + 0x100 < mfindex) { 1764 xfer->mfindex_kick += 0x4000; 1765 } 1766 } 1767 } 1768 1769 static void xhci_check_intr_iso_kick(XHCIState *xhci, XHCITransfer *xfer, 1770 XHCIEPContext *epctx, uint64_t mfindex) 1771 { 1772 if (xfer->mfindex_kick > mfindex) { 1773 timer_mod(epctx->kick_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 1774 (xfer->mfindex_kick - mfindex) * 125000); 1775 xfer->running_retry = 1; 1776 } else { 1777 epctx->mfindex_last = xfer->mfindex_kick; 1778 timer_del(epctx->kick_timer); 1779 xfer->running_retry = 0; 1780 } 1781 } 1782 1783 1784 static int xhci_submit(XHCIState *xhci, XHCITransfer *xfer, XHCIEPContext *epctx) 1785 { 1786 uint64_t mfindex; 1787 1788 DPRINTF("xhci_submit(slotid=%d,epid=%d)\n", epctx->slotid, epctx->epid); 1789 1790 xfer->in_xfer = epctx->type>>2; 1791 1792 switch(epctx->type) { 1793 case ET_INTR_OUT: 1794 case ET_INTR_IN: 1795 xfer->pkts = 0; 1796 xfer->iso_xfer = false; 1797 xfer->timed_xfer = true; 1798 mfindex = xhci_mfindex_get(xhci); 1799 xhci_calc_intr_kick(xhci, xfer, epctx, mfindex); 1800 xhci_check_intr_iso_kick(xhci, xfer, epctx, mfindex); 1801 if (xfer->running_retry) { 1802 return -1; 1803 } 1804 break; 1805 case ET_BULK_OUT: 1806 case ET_BULK_IN: 1807 xfer->pkts = 0; 1808 xfer->iso_xfer = false; 1809 xfer->timed_xfer = false; 1810 break; 1811 case ET_ISO_OUT: 1812 case ET_ISO_IN: 1813 xfer->pkts = 1; 1814 xfer->iso_xfer = true; 1815 xfer->timed_xfer = true; 1816 mfindex = xhci_mfindex_get(xhci); 1817 xhci_calc_iso_kick(xhci, xfer, epctx, mfindex); 1818 xhci_check_intr_iso_kick(xhci, xfer, epctx, mfindex); 1819 if (xfer->running_retry) { 1820 return -1; 1821 } 1822 break; 1823 default: 1824 trace_usb_xhci_unimplemented("endpoint type", epctx->type); 1825 return -1; 1826 } 1827 1828 if (xhci_setup_packet(xfer) < 0) { 1829 return -1; 1830 } 1831 usb_handle_packet(xfer->packet.ep->dev, &xfer->packet); 1832 xhci_try_complete_packet(xfer); 1833 return 0; 1834 } 1835 1836 static int xhci_fire_transfer(XHCIState *xhci, XHCITransfer *xfer, XHCIEPContext *epctx) 1837 { 1838 trace_usb_xhci_xfer_start(xfer, xfer->epctx->slotid, 1839 xfer->epctx->epid, xfer->streamid); 1840 return xhci_submit(xhci, xfer, epctx); 1841 } 1842 1843 static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid, 1844 unsigned int epid, unsigned int streamid) 1845 { 1846 XHCIEPContext *epctx; 1847 1848 assert(slotid >= 1 && slotid <= xhci->numslots); 1849 assert(epid >= 1 && epid <= 31); 1850 1851 if (!xhci->slots[slotid-1].enabled) { 1852 DPRINTF("xhci: xhci_kick_ep for disabled slot %d\n", slotid); 1853 return; 1854 } 1855 epctx = xhci->slots[slotid-1].eps[epid-1]; 1856 if (!epctx) { 1857 DPRINTF("xhci: xhci_kick_ep for disabled endpoint %d,%d\n", 1858 epid, slotid); 1859 return; 1860 } 1861 1862 if (epctx->kick_active) { 1863 return; 1864 } 1865 xhci_kick_epctx(epctx, streamid); 1866 } 1867 1868 static bool xhci_slot_ok(XHCIState *xhci, int slotid) 1869 { 1870 return (xhci->slots[slotid - 1].uport && 1871 xhci->slots[slotid - 1].uport->dev && 1872 xhci->slots[slotid - 1].uport->dev->attached); 1873 } 1874 1875 static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid) 1876 { 1877 XHCIState *xhci = epctx->xhci; 1878 XHCIStreamContext *stctx = NULL; 1879 XHCITransfer *xfer; 1880 XHCIRing *ring; 1881 USBEndpoint *ep = NULL; 1882 uint64_t mfindex; 1883 unsigned int count = 0; 1884 int length; 1885 int i; 1886 1887 trace_usb_xhci_ep_kick(epctx->slotid, epctx->epid, streamid); 1888 assert(!epctx->kick_active); 1889 1890 /* If the device has been detached, but the guest has not noticed this 1891 yet the 2 above checks will succeed, but we must NOT continue */ 1892 if (!xhci_slot_ok(xhci, epctx->slotid)) { 1893 return; 1894 } 1895 1896 if (epctx->retry) { 1897 XHCITransfer *xfer = epctx->retry; 1898 1899 trace_usb_xhci_xfer_retry(xfer); 1900 assert(xfer->running_retry); 1901 if (xfer->timed_xfer) { 1902 /* time to kick the transfer? */ 1903 mfindex = xhci_mfindex_get(xhci); 1904 xhci_check_intr_iso_kick(xhci, xfer, epctx, mfindex); 1905 if (xfer->running_retry) { 1906 return; 1907 } 1908 xfer->timed_xfer = 0; 1909 xfer->running_retry = 1; 1910 } 1911 if (xfer->iso_xfer) { 1912 /* retry iso transfer */ 1913 if (xhci_setup_packet(xfer) < 0) { 1914 return; 1915 } 1916 usb_handle_packet(xfer->packet.ep->dev, &xfer->packet); 1917 assert(xfer->packet.status != USB_RET_NAK); 1918 xhci_try_complete_packet(xfer); 1919 } else { 1920 /* retry nak'ed transfer */ 1921 if (xhci_setup_packet(xfer) < 0) { 1922 return; 1923 } 1924 usb_handle_packet(xfer->packet.ep->dev, &xfer->packet); 1925 if (xfer->packet.status == USB_RET_NAK) { 1926 xhci_xfer_unmap(xfer); 1927 return; 1928 } 1929 xhci_try_complete_packet(xfer); 1930 } 1931 assert(!xfer->running_retry); 1932 if (xfer->complete) { 1933 /* update ring dequeue ptr */ 1934 xhci_set_ep_state(xhci, epctx, stctx, epctx->state); 1935 xhci_ep_free_xfer(epctx->retry); 1936 } 1937 epctx->retry = NULL; 1938 } 1939 1940 if (epctx->state == EP_HALTED) { 1941 DPRINTF("xhci: ep halted, not running schedule\n"); 1942 return; 1943 } 1944 1945 1946 if (epctx->nr_pstreams) { 1947 uint32_t err; 1948 stctx = xhci_find_stream(epctx, streamid, &err); 1949 if (stctx == NULL) { 1950 return; 1951 } 1952 ring = &stctx->ring; 1953 xhci_set_ep_state(xhci, epctx, stctx, EP_RUNNING); 1954 } else { 1955 ring = &epctx->ring; 1956 streamid = 0; 1957 xhci_set_ep_state(xhci, epctx, NULL, EP_RUNNING); 1958 } 1959 if (!ring->dequeue) { 1960 return; 1961 } 1962 1963 epctx->kick_active++; 1964 while (1) { 1965 length = xhci_ring_chain_length(xhci, ring); 1966 if (length <= 0) { 1967 if (epctx->type == ET_ISO_OUT || epctx->type == ET_ISO_IN) { 1968 /* 4.10.3.1 */ 1969 XHCIEvent ev = { ER_TRANSFER }; 1970 ev.ccode = epctx->type == ET_ISO_IN ? 1971 CC_RING_OVERRUN : CC_RING_UNDERRUN; 1972 ev.slotid = epctx->slotid; 1973 ev.epid = epctx->epid; 1974 ev.ptr = epctx->ring.dequeue; 1975 xhci_event(xhci, &ev, xhci->slots[epctx->slotid-1].intr); 1976 } 1977 break; 1978 } 1979 xfer = xhci_ep_alloc_xfer(epctx, length); 1980 if (xfer == NULL) { 1981 break; 1982 } 1983 1984 for (i = 0; i < length; i++) { 1985 TRBType type; 1986 type = xhci_ring_fetch(xhci, ring, &xfer->trbs[i], NULL); 1987 if (!type) { 1988 xhci_die(xhci); 1989 xhci_ep_free_xfer(xfer); 1990 epctx->kick_active--; 1991 return; 1992 } 1993 } 1994 xfer->streamid = streamid; 1995 1996 if (epctx->epid == 1) { 1997 xhci_fire_ctl_transfer(xhci, xfer); 1998 } else { 1999 xhci_fire_transfer(xhci, xfer, epctx); 2000 } 2001 if (!xhci_slot_ok(xhci, epctx->slotid)) { 2002 /* surprise removal -> stop processing */ 2003 break; 2004 } 2005 if (xfer->complete) { 2006 /* update ring dequeue ptr */ 2007 xhci_set_ep_state(xhci, epctx, stctx, epctx->state); 2008 xhci_ep_free_xfer(xfer); 2009 xfer = NULL; 2010 } 2011 2012 if (epctx->state == EP_HALTED) { 2013 break; 2014 } 2015 if (xfer != NULL && xfer->running_retry) { 2016 DPRINTF("xhci: xfer nacked, stopping schedule\n"); 2017 epctx->retry = xfer; 2018 xhci_xfer_unmap(xfer); 2019 break; 2020 } 2021 if (count++ > TRANSFER_LIMIT) { 2022 trace_usb_xhci_enforced_limit("transfers"); 2023 break; 2024 } 2025 } 2026 epctx->kick_active--; 2027 2028 ep = xhci_epid_to_usbep(epctx); 2029 if (ep) { 2030 usb_device_flush_ep_queue(ep->dev, ep); 2031 } 2032 } 2033 2034 static TRBCCode xhci_enable_slot(XHCIState *xhci, unsigned int slotid) 2035 { 2036 trace_usb_xhci_slot_enable(slotid); 2037 assert(slotid >= 1 && slotid <= xhci->numslots); 2038 xhci->slots[slotid-1].enabled = 1; 2039 xhci->slots[slotid-1].uport = NULL; 2040 memset(xhci->slots[slotid-1].eps, 0, sizeof(XHCIEPContext*)*31); 2041 2042 return CC_SUCCESS; 2043 } 2044 2045 static TRBCCode xhci_disable_slot(XHCIState *xhci, unsigned int slotid) 2046 { 2047 int i; 2048 2049 trace_usb_xhci_slot_disable(slotid); 2050 assert(slotid >= 1 && slotid <= xhci->numslots); 2051 2052 for (i = 1; i <= 31; i++) { 2053 if (xhci->slots[slotid-1].eps[i-1]) { 2054 xhci_disable_ep(xhci, slotid, i); 2055 } 2056 } 2057 2058 xhci->slots[slotid-1].enabled = 0; 2059 xhci->slots[slotid-1].addressed = 0; 2060 xhci->slots[slotid-1].uport = NULL; 2061 xhci->slots[slotid-1].intr = 0; 2062 return CC_SUCCESS; 2063 } 2064 2065 static USBPort *xhci_lookup_uport(XHCIState *xhci, uint32_t *slot_ctx) 2066 { 2067 USBPort *uport; 2068 char path[32]; 2069 int i, pos, port; 2070 2071 port = (slot_ctx[1]>>16) & 0xFF; 2072 if (port < 1 || port > xhci->numports) { 2073 return NULL; 2074 } 2075 port = xhci->ports[port-1].uport->index+1; 2076 pos = snprintf(path, sizeof(path), "%d", port); 2077 for (i = 0; i < 5; i++) { 2078 port = (slot_ctx[0] >> 4*i) & 0x0f; 2079 if (!port) { 2080 break; 2081 } 2082 pos += snprintf(path + pos, sizeof(path) - pos, ".%d", port); 2083 } 2084 2085 QTAILQ_FOREACH(uport, &xhci->bus.used, next) { 2086 if (strcmp(uport->path, path) == 0) { 2087 return uport; 2088 } 2089 } 2090 return NULL; 2091 } 2092 2093 static TRBCCode xhci_address_slot(XHCIState *xhci, unsigned int slotid, 2094 uint64_t pictx, bool bsr) 2095 { 2096 XHCISlot *slot; 2097 USBPort *uport; 2098 USBDevice *dev; 2099 dma_addr_t ictx, octx, dcbaap; 2100 uint64_t poctx; 2101 uint32_t ictl_ctx[2]; 2102 uint32_t slot_ctx[4]; 2103 uint32_t ep0_ctx[5]; 2104 int i; 2105 TRBCCode res; 2106 2107 assert(slotid >= 1 && slotid <= xhci->numslots); 2108 2109 dcbaap = xhci_addr64(xhci->dcbaap_low, xhci->dcbaap_high); 2110 ldq_le_dma(xhci->as, dcbaap + 8 * slotid, &poctx, MEMTXATTRS_UNSPECIFIED); 2111 ictx = xhci_mask64(pictx); 2112 octx = xhci_mask64(poctx); 2113 2114 DPRINTF("xhci: input context at "DMA_ADDR_FMT"\n", ictx); 2115 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx); 2116 2117 xhci_dma_read_u32s(xhci, ictx, ictl_ctx, sizeof(ictl_ctx)); 2118 2119 if (ictl_ctx[0] != 0x0 || ictl_ctx[1] != 0x3) { 2120 DPRINTF("xhci: invalid input context control %08x %08x\n", 2121 ictl_ctx[0], ictl_ctx[1]); 2122 return CC_TRB_ERROR; 2123 } 2124 2125 xhci_dma_read_u32s(xhci, ictx+32, slot_ctx, sizeof(slot_ctx)); 2126 xhci_dma_read_u32s(xhci, ictx+64, ep0_ctx, sizeof(ep0_ctx)); 2127 2128 DPRINTF("xhci: input slot context: %08x %08x %08x %08x\n", 2129 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]); 2130 2131 DPRINTF("xhci: input ep0 context: %08x %08x %08x %08x %08x\n", 2132 ep0_ctx[0], ep0_ctx[1], ep0_ctx[2], ep0_ctx[3], ep0_ctx[4]); 2133 2134 uport = xhci_lookup_uport(xhci, slot_ctx); 2135 if (uport == NULL) { 2136 DPRINTF("xhci: port not found\n"); 2137 return CC_TRB_ERROR; 2138 } 2139 trace_usb_xhci_slot_address(slotid, uport->path); 2140 2141 dev = uport->dev; 2142 if (!dev || !dev->attached) { 2143 DPRINTF("xhci: port %s not connected\n", uport->path); 2144 return CC_USB_TRANSACTION_ERROR; 2145 } 2146 2147 for (i = 0; i < xhci->numslots; i++) { 2148 if (i == slotid-1) { 2149 continue; 2150 } 2151 if (xhci->slots[i].uport == uport) { 2152 DPRINTF("xhci: port %s already assigned to slot %d\n", 2153 uport->path, i+1); 2154 return CC_TRB_ERROR; 2155 } 2156 } 2157 2158 slot = &xhci->slots[slotid-1]; 2159 slot->uport = uport; 2160 slot->ctx = octx; 2161 slot->intr = get_field(slot_ctx[2], TRB_INTR); 2162 2163 /* Make sure device is in USB_STATE_DEFAULT state */ 2164 usb_device_reset(dev); 2165 if (bsr) { 2166 slot_ctx[3] = SLOT_DEFAULT << SLOT_STATE_SHIFT; 2167 } else { 2168 USBPacket p; 2169 uint8_t buf[1]; 2170 2171 slot_ctx[3] = (SLOT_ADDRESSED << SLOT_STATE_SHIFT) | slotid; 2172 memset(&p, 0, sizeof(p)); 2173 usb_packet_addbuf(&p, buf, sizeof(buf)); 2174 usb_packet_setup(&p, USB_TOKEN_OUT, 2175 usb_ep_get(dev, USB_TOKEN_OUT, 0), 0, 2176 0, false, false); 2177 usb_device_handle_control(dev, &p, 2178 DeviceOutRequest | USB_REQ_SET_ADDRESS, 2179 slotid, 0, 0, NULL); 2180 assert(p.status != USB_RET_ASYNC); 2181 usb_packet_cleanup(&p); 2182 } 2183 2184 res = xhci_enable_ep(xhci, slotid, 1, octx+32, ep0_ctx); 2185 2186 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n", 2187 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]); 2188 DPRINTF("xhci: output ep0 context: %08x %08x %08x %08x %08x\n", 2189 ep0_ctx[0], ep0_ctx[1], ep0_ctx[2], ep0_ctx[3], ep0_ctx[4]); 2190 2191 xhci_dma_write_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2192 xhci_dma_write_u32s(xhci, octx+32, ep0_ctx, sizeof(ep0_ctx)); 2193 2194 xhci->slots[slotid-1].addressed = 1; 2195 return res; 2196 } 2197 2198 2199 static TRBCCode xhci_configure_slot(XHCIState *xhci, unsigned int slotid, 2200 uint64_t pictx, bool dc) 2201 { 2202 dma_addr_t ictx, octx; 2203 uint32_t ictl_ctx[2]; 2204 uint32_t slot_ctx[4]; 2205 uint32_t islot_ctx[4]; 2206 uint32_t ep_ctx[5]; 2207 int i; 2208 TRBCCode res; 2209 2210 trace_usb_xhci_slot_configure(slotid); 2211 assert(slotid >= 1 && slotid <= xhci->numslots); 2212 2213 ictx = xhci_mask64(pictx); 2214 octx = xhci->slots[slotid-1].ctx; 2215 2216 DPRINTF("xhci: input context at "DMA_ADDR_FMT"\n", ictx); 2217 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx); 2218 2219 if (dc) { 2220 for (i = 2; i <= 31; i++) { 2221 if (xhci->slots[slotid-1].eps[i-1]) { 2222 xhci_disable_ep(xhci, slotid, i); 2223 } 2224 } 2225 2226 xhci_dma_read_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2227 slot_ctx[3] &= ~(SLOT_STATE_MASK << SLOT_STATE_SHIFT); 2228 slot_ctx[3] |= SLOT_ADDRESSED << SLOT_STATE_SHIFT; 2229 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n", 2230 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]); 2231 xhci_dma_write_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2232 2233 return CC_SUCCESS; 2234 } 2235 2236 xhci_dma_read_u32s(xhci, ictx, ictl_ctx, sizeof(ictl_ctx)); 2237 2238 if ((ictl_ctx[0] & 0x3) != 0x0 || (ictl_ctx[1] & 0x3) != 0x1) { 2239 DPRINTF("xhci: invalid input context control %08x %08x\n", 2240 ictl_ctx[0], ictl_ctx[1]); 2241 return CC_TRB_ERROR; 2242 } 2243 2244 xhci_dma_read_u32s(xhci, ictx+32, islot_ctx, sizeof(islot_ctx)); 2245 xhci_dma_read_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2246 2247 if (SLOT_STATE(slot_ctx[3]) < SLOT_ADDRESSED) { 2248 DPRINTF("xhci: invalid slot state %08x\n", slot_ctx[3]); 2249 return CC_CONTEXT_STATE_ERROR; 2250 } 2251 2252 xhci_free_device_streams(xhci, slotid, ictl_ctx[0] | ictl_ctx[1]); 2253 2254 for (i = 2; i <= 31; i++) { 2255 if (ictl_ctx[0] & (1<<i)) { 2256 xhci_disable_ep(xhci, slotid, i); 2257 } 2258 if (ictl_ctx[1] & (1<<i)) { 2259 xhci_dma_read_u32s(xhci, ictx+32+(32*i), ep_ctx, sizeof(ep_ctx)); 2260 DPRINTF("xhci: input ep%d.%d context: %08x %08x %08x %08x %08x\n", 2261 i/2, i%2, ep_ctx[0], ep_ctx[1], ep_ctx[2], 2262 ep_ctx[3], ep_ctx[4]); 2263 xhci_disable_ep(xhci, slotid, i); 2264 res = xhci_enable_ep(xhci, slotid, i, octx+(32*i), ep_ctx); 2265 if (res != CC_SUCCESS) { 2266 return res; 2267 } 2268 DPRINTF("xhci: output ep%d.%d context: %08x %08x %08x %08x %08x\n", 2269 i/2, i%2, ep_ctx[0], ep_ctx[1], ep_ctx[2], 2270 ep_ctx[3], ep_ctx[4]); 2271 xhci_dma_write_u32s(xhci, octx+(32*i), ep_ctx, sizeof(ep_ctx)); 2272 } 2273 } 2274 2275 res = xhci_alloc_device_streams(xhci, slotid, ictl_ctx[1]); 2276 if (res != CC_SUCCESS) { 2277 for (i = 2; i <= 31; i++) { 2278 if (ictl_ctx[1] & (1u << i)) { 2279 xhci_disable_ep(xhci, slotid, i); 2280 } 2281 } 2282 return res; 2283 } 2284 2285 slot_ctx[3] &= ~(SLOT_STATE_MASK << SLOT_STATE_SHIFT); 2286 slot_ctx[3] |= SLOT_CONFIGURED << SLOT_STATE_SHIFT; 2287 slot_ctx[0] &= ~(SLOT_CONTEXT_ENTRIES_MASK << SLOT_CONTEXT_ENTRIES_SHIFT); 2288 slot_ctx[0] |= islot_ctx[0] & (SLOT_CONTEXT_ENTRIES_MASK << 2289 SLOT_CONTEXT_ENTRIES_SHIFT); 2290 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n", 2291 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]); 2292 2293 xhci_dma_write_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2294 2295 return CC_SUCCESS; 2296 } 2297 2298 2299 static TRBCCode xhci_evaluate_slot(XHCIState *xhci, unsigned int slotid, 2300 uint64_t pictx) 2301 { 2302 dma_addr_t ictx, octx; 2303 uint32_t ictl_ctx[2]; 2304 uint32_t iep0_ctx[5]; 2305 uint32_t ep0_ctx[5]; 2306 uint32_t islot_ctx[4]; 2307 uint32_t slot_ctx[4]; 2308 2309 trace_usb_xhci_slot_evaluate(slotid); 2310 assert(slotid >= 1 && slotid <= xhci->numslots); 2311 2312 ictx = xhci_mask64(pictx); 2313 octx = xhci->slots[slotid-1].ctx; 2314 2315 DPRINTF("xhci: input context at "DMA_ADDR_FMT"\n", ictx); 2316 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx); 2317 2318 xhci_dma_read_u32s(xhci, ictx, ictl_ctx, sizeof(ictl_ctx)); 2319 2320 if (ictl_ctx[0] != 0x0 || ictl_ctx[1] & ~0x3) { 2321 DPRINTF("xhci: invalid input context control %08x %08x\n", 2322 ictl_ctx[0], ictl_ctx[1]); 2323 return CC_TRB_ERROR; 2324 } 2325 2326 if (ictl_ctx[1] & 0x1) { 2327 xhci_dma_read_u32s(xhci, ictx+32, islot_ctx, sizeof(islot_ctx)); 2328 2329 DPRINTF("xhci: input slot context: %08x %08x %08x %08x\n", 2330 islot_ctx[0], islot_ctx[1], islot_ctx[2], islot_ctx[3]); 2331 2332 xhci_dma_read_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2333 2334 slot_ctx[1] &= ~0xFFFF; /* max exit latency */ 2335 slot_ctx[1] |= islot_ctx[1] & 0xFFFF; 2336 /* update interrupter target field */ 2337 xhci->slots[slotid-1].intr = get_field(islot_ctx[2], TRB_INTR); 2338 set_field(&slot_ctx[2], xhci->slots[slotid-1].intr, TRB_INTR); 2339 2340 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n", 2341 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]); 2342 2343 xhci_dma_write_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2344 } 2345 2346 if (ictl_ctx[1] & 0x2) { 2347 xhci_dma_read_u32s(xhci, ictx+64, iep0_ctx, sizeof(iep0_ctx)); 2348 2349 DPRINTF("xhci: input ep0 context: %08x %08x %08x %08x %08x\n", 2350 iep0_ctx[0], iep0_ctx[1], iep0_ctx[2], 2351 iep0_ctx[3], iep0_ctx[4]); 2352 2353 xhci_dma_read_u32s(xhci, octx+32, ep0_ctx, sizeof(ep0_ctx)); 2354 2355 ep0_ctx[1] &= ~0xFFFF0000; /* max packet size*/ 2356 ep0_ctx[1] |= iep0_ctx[1] & 0xFFFF0000; 2357 2358 DPRINTF("xhci: output ep0 context: %08x %08x %08x %08x %08x\n", 2359 ep0_ctx[0], ep0_ctx[1], ep0_ctx[2], ep0_ctx[3], ep0_ctx[4]); 2360 2361 xhci_dma_write_u32s(xhci, octx+32, ep0_ctx, sizeof(ep0_ctx)); 2362 } 2363 2364 return CC_SUCCESS; 2365 } 2366 2367 static TRBCCode xhci_reset_slot(XHCIState *xhci, unsigned int slotid) 2368 { 2369 uint32_t slot_ctx[4]; 2370 dma_addr_t octx; 2371 int i; 2372 2373 trace_usb_xhci_slot_reset(slotid); 2374 assert(slotid >= 1 && slotid <= xhci->numslots); 2375 2376 octx = xhci->slots[slotid-1].ctx; 2377 2378 DPRINTF("xhci: output context at "DMA_ADDR_FMT"\n", octx); 2379 2380 for (i = 2; i <= 31; i++) { 2381 if (xhci->slots[slotid-1].eps[i-1]) { 2382 xhci_disable_ep(xhci, slotid, i); 2383 } 2384 } 2385 2386 xhci_dma_read_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2387 slot_ctx[3] &= ~(SLOT_STATE_MASK << SLOT_STATE_SHIFT); 2388 slot_ctx[3] |= SLOT_DEFAULT << SLOT_STATE_SHIFT; 2389 DPRINTF("xhci: output slot context: %08x %08x %08x %08x\n", 2390 slot_ctx[0], slot_ctx[1], slot_ctx[2], slot_ctx[3]); 2391 xhci_dma_write_u32s(xhci, octx, slot_ctx, sizeof(slot_ctx)); 2392 2393 return CC_SUCCESS; 2394 } 2395 2396 static unsigned int xhci_get_slot(XHCIState *xhci, XHCIEvent *event, XHCITRB *trb) 2397 { 2398 unsigned int slotid; 2399 slotid = (trb->control >> TRB_CR_SLOTID_SHIFT) & TRB_CR_SLOTID_MASK; 2400 if (slotid < 1 || slotid > xhci->numslots) { 2401 DPRINTF("xhci: bad slot id %d\n", slotid); 2402 event->ccode = CC_TRB_ERROR; 2403 return 0; 2404 } else if (!xhci->slots[slotid-1].enabled) { 2405 DPRINTF("xhci: slot id %d not enabled\n", slotid); 2406 event->ccode = CC_SLOT_NOT_ENABLED_ERROR; 2407 return 0; 2408 } 2409 return slotid; 2410 } 2411 2412 /* cleanup slot state on usb device detach */ 2413 static void xhci_detach_slot(XHCIState *xhci, USBPort *uport) 2414 { 2415 int slot, ep; 2416 2417 for (slot = 0; slot < xhci->numslots; slot++) { 2418 if (xhci->slots[slot].uport == uport) { 2419 break; 2420 } 2421 } 2422 if (slot == xhci->numslots) { 2423 return; 2424 } 2425 2426 for (ep = 0; ep < 31; ep++) { 2427 if (xhci->slots[slot].eps[ep]) { 2428 xhci_ep_nuke_xfers(xhci, slot + 1, ep + 1, 0); 2429 } 2430 } 2431 xhci->slots[slot].uport = NULL; 2432 } 2433 2434 static TRBCCode xhci_get_port_bandwidth(XHCIState *xhci, uint64_t pctx) 2435 { 2436 dma_addr_t ctx; 2437 uint8_t bw_ctx[xhci->numports+1]; 2438 2439 DPRINTF("xhci_get_port_bandwidth()\n"); 2440 2441 ctx = xhci_mask64(pctx); 2442 2443 DPRINTF("xhci: bandwidth context at "DMA_ADDR_FMT"\n", ctx); 2444 2445 /* TODO: actually implement real values here */ 2446 bw_ctx[0] = 0; 2447 memset(&bw_ctx[1], 80, xhci->numports); /* 80% */ 2448 if (dma_memory_write(xhci->as, ctx, bw_ctx, sizeof(bw_ctx), 2449 MEMTXATTRS_UNSPECIFIED) != MEMTX_OK) { 2450 qemu_log_mask(LOG_GUEST_ERROR, "%s: DMA memory write failed!\n", 2451 __func__); 2452 return CC_TRB_ERROR; 2453 } 2454 2455 return CC_SUCCESS; 2456 } 2457 2458 static uint32_t rotl(uint32_t v, unsigned count) 2459 { 2460 count &= 31; 2461 return (v << count) | (v >> (32 - count)); 2462 } 2463 2464 2465 static uint32_t xhci_nec_challenge(uint32_t hi, uint32_t lo) 2466 { 2467 uint32_t val; 2468 val = rotl(lo - 0x49434878, 32 - ((hi>>8) & 0x1F)); 2469 val += rotl(lo + 0x49434878, hi & 0x1F); 2470 val -= rotl(hi ^ 0x49434878, (lo >> 16) & 0x1F); 2471 return ~val; 2472 } 2473 2474 static void xhci_process_commands(XHCIState *xhci) 2475 { 2476 XHCITRB trb; 2477 TRBType type; 2478 XHCIEvent event = {ER_COMMAND_COMPLETE, CC_SUCCESS}; 2479 dma_addr_t addr; 2480 unsigned int i, slotid = 0, count = 0; 2481 2482 DPRINTF("xhci_process_commands()\n"); 2483 if (!xhci_running(xhci)) { 2484 DPRINTF("xhci_process_commands() called while xHC stopped or paused\n"); 2485 return; 2486 } 2487 2488 xhci->crcr_low |= CRCR_CRR; 2489 2490 while ((type = xhci_ring_fetch(xhci, &xhci->cmd_ring, &trb, &addr))) { 2491 event.ptr = addr; 2492 switch (type) { 2493 case CR_ENABLE_SLOT: 2494 for (i = 0; i < xhci->numslots; i++) { 2495 if (!xhci->slots[i].enabled) { 2496 break; 2497 } 2498 } 2499 if (i >= xhci->numslots) { 2500 DPRINTF("xhci: no device slots available\n"); 2501 event.ccode = CC_NO_SLOTS_ERROR; 2502 } else { 2503 slotid = i+1; 2504 event.ccode = xhci_enable_slot(xhci, slotid); 2505 } 2506 break; 2507 case CR_DISABLE_SLOT: 2508 slotid = xhci_get_slot(xhci, &event, &trb); 2509 if (slotid) { 2510 event.ccode = xhci_disable_slot(xhci, slotid); 2511 } 2512 break; 2513 case CR_ADDRESS_DEVICE: 2514 slotid = xhci_get_slot(xhci, &event, &trb); 2515 if (slotid) { 2516 event.ccode = xhci_address_slot(xhci, slotid, trb.parameter, 2517 trb.control & TRB_CR_BSR); 2518 } 2519 break; 2520 case CR_CONFIGURE_ENDPOINT: 2521 slotid = xhci_get_slot(xhci, &event, &trb); 2522 if (slotid) { 2523 event.ccode = xhci_configure_slot(xhci, slotid, trb.parameter, 2524 trb.control & TRB_CR_DC); 2525 } 2526 break; 2527 case CR_EVALUATE_CONTEXT: 2528 slotid = xhci_get_slot(xhci, &event, &trb); 2529 if (slotid) { 2530 event.ccode = xhci_evaluate_slot(xhci, slotid, trb.parameter); 2531 } 2532 break; 2533 case CR_STOP_ENDPOINT: 2534 slotid = xhci_get_slot(xhci, &event, &trb); 2535 if (slotid) { 2536 unsigned int epid = (trb.control >> TRB_CR_EPID_SHIFT) 2537 & TRB_CR_EPID_MASK; 2538 event.ccode = xhci_stop_ep(xhci, slotid, epid); 2539 } 2540 break; 2541 case CR_RESET_ENDPOINT: 2542 slotid = xhci_get_slot(xhci, &event, &trb); 2543 if (slotid) { 2544 unsigned int epid = (trb.control >> TRB_CR_EPID_SHIFT) 2545 & TRB_CR_EPID_MASK; 2546 event.ccode = xhci_reset_ep(xhci, slotid, epid); 2547 } 2548 break; 2549 case CR_SET_TR_DEQUEUE: 2550 slotid = xhci_get_slot(xhci, &event, &trb); 2551 if (slotid) { 2552 unsigned int epid = (trb.control >> TRB_CR_EPID_SHIFT) 2553 & TRB_CR_EPID_MASK; 2554 unsigned int streamid = (trb.status >> 16) & 0xffff; 2555 event.ccode = xhci_set_ep_dequeue(xhci, slotid, 2556 epid, streamid, 2557 trb.parameter); 2558 } 2559 break; 2560 case CR_RESET_DEVICE: 2561 slotid = xhci_get_slot(xhci, &event, &trb); 2562 if (slotid) { 2563 event.ccode = xhci_reset_slot(xhci, slotid); 2564 } 2565 break; 2566 case CR_GET_PORT_BANDWIDTH: 2567 event.ccode = xhci_get_port_bandwidth(xhci, trb.parameter); 2568 break; 2569 case CR_NOOP: 2570 event.ccode = CC_SUCCESS; 2571 break; 2572 case CR_VENDOR_NEC_FIRMWARE_REVISION: 2573 if (xhci->nec_quirks) { 2574 event.type = 48; /* NEC reply */ 2575 event.length = 0x3034; 2576 } else { 2577 event.ccode = CC_TRB_ERROR; 2578 } 2579 break; 2580 case CR_VENDOR_NEC_CHALLENGE_RESPONSE: 2581 if (xhci->nec_quirks) { 2582 uint32_t chi = trb.parameter >> 32; 2583 uint32_t clo = trb.parameter; 2584 uint32_t val = xhci_nec_challenge(chi, clo); 2585 event.length = val & 0xFFFF; 2586 event.epid = val >> 16; 2587 slotid = val >> 24; 2588 event.type = 48; /* NEC reply */ 2589 } else { 2590 event.ccode = CC_TRB_ERROR; 2591 } 2592 break; 2593 default: 2594 trace_usb_xhci_unimplemented("command", type); 2595 event.ccode = CC_TRB_ERROR; 2596 break; 2597 } 2598 event.slotid = slotid; 2599 xhci_event(xhci, &event, 0); 2600 2601 if (count++ > COMMAND_LIMIT) { 2602 trace_usb_xhci_enforced_limit("commands"); 2603 return; 2604 } 2605 } 2606 } 2607 2608 static bool xhci_port_have_device(XHCIPort *port) 2609 { 2610 if (!port->uport->dev || !port->uport->dev->attached) { 2611 return false; /* no device present */ 2612 } 2613 if (!((1 << port->uport->dev->speed) & port->speedmask)) { 2614 return false; /* speed mismatch */ 2615 } 2616 return true; 2617 } 2618 2619 static void xhci_port_notify(XHCIPort *port, uint32_t bits) 2620 { 2621 XHCIEvent ev = { ER_PORT_STATUS_CHANGE, CC_SUCCESS, 2622 port->portnr << 24 }; 2623 2624 if ((port->portsc & bits) == bits) { 2625 return; 2626 } 2627 trace_usb_xhci_port_notify(port->portnr, bits); 2628 port->portsc |= bits; 2629 if (!xhci_running(port->xhci)) { 2630 return; 2631 } 2632 xhci_event(port->xhci, &ev, 0); 2633 } 2634 2635 static void xhci_port_update(XHCIPort *port, int is_detach) 2636 { 2637 uint32_t pls = PLS_RX_DETECT; 2638 2639 assert(port); 2640 port->portsc = PORTSC_PP; 2641 if (!is_detach && xhci_port_have_device(port)) { 2642 port->portsc |= PORTSC_CCS; 2643 switch (port->uport->dev->speed) { 2644 case USB_SPEED_LOW: 2645 port->portsc |= PORTSC_SPEED_LOW; 2646 pls = PLS_POLLING; 2647 break; 2648 case USB_SPEED_FULL: 2649 port->portsc |= PORTSC_SPEED_FULL; 2650 pls = PLS_POLLING; 2651 break; 2652 case USB_SPEED_HIGH: 2653 port->portsc |= PORTSC_SPEED_HIGH; 2654 pls = PLS_POLLING; 2655 break; 2656 case USB_SPEED_SUPER: 2657 port->portsc |= PORTSC_SPEED_SUPER; 2658 port->portsc |= PORTSC_PED; 2659 pls = PLS_U0; 2660 break; 2661 } 2662 } 2663 set_field(&port->portsc, pls, PORTSC_PLS); 2664 trace_usb_xhci_port_link(port->portnr, pls); 2665 xhci_port_notify(port, PORTSC_CSC); 2666 } 2667 2668 static void xhci_port_reset(XHCIPort *port, bool warm_reset) 2669 { 2670 trace_usb_xhci_port_reset(port->portnr, warm_reset); 2671 2672 if (!xhci_port_have_device(port)) { 2673 return; 2674 } 2675 2676 usb_device_reset(port->uport->dev); 2677 2678 switch (port->uport->dev->speed) { 2679 case USB_SPEED_SUPER: 2680 if (warm_reset) { 2681 port->portsc |= PORTSC_WRC; 2682 } 2683 /* fall through */ 2684 case USB_SPEED_LOW: 2685 case USB_SPEED_FULL: 2686 case USB_SPEED_HIGH: 2687 set_field(&port->portsc, PLS_U0, PORTSC_PLS); 2688 trace_usb_xhci_port_link(port->portnr, PLS_U0); 2689 port->portsc |= PORTSC_PED; 2690 break; 2691 } 2692 2693 port->portsc &= ~PORTSC_PR; 2694 xhci_port_notify(port, PORTSC_PRC); 2695 } 2696 2697 static void xhci_reset(DeviceState *dev) 2698 { 2699 XHCIState *xhci = XHCI(dev); 2700 int i; 2701 2702 trace_usb_xhci_reset(); 2703 if (!(xhci->usbsts & USBSTS_HCH)) { 2704 DPRINTF("xhci: reset while running!\n"); 2705 } 2706 2707 xhci->usbcmd = 0; 2708 xhci->usbsts = USBSTS_HCH; 2709 xhci->dnctrl = 0; 2710 xhci->crcr_low = 0; 2711 xhci->crcr_high = 0; 2712 xhci->dcbaap_low = 0; 2713 xhci->dcbaap_high = 0; 2714 xhci->config = 0; 2715 2716 for (i = 0; i < xhci->numslots; i++) { 2717 xhci_disable_slot(xhci, i+1); 2718 } 2719 2720 for (i = 0; i < xhci->numports; i++) { 2721 xhci_port_update(xhci->ports + i, 0); 2722 } 2723 2724 for (i = 0; i < xhci->numintrs; i++) { 2725 xhci->intr[i].iman = 0; 2726 xhci->intr[i].imod = 0; 2727 xhci->intr[i].erstsz = 0; 2728 xhci->intr[i].erstba_low = 0; 2729 xhci->intr[i].erstba_high = 0; 2730 xhci->intr[i].erdp_low = 0; 2731 xhci->intr[i].erdp_high = 0; 2732 2733 xhci->intr[i].er_ep_idx = 0; 2734 xhci->intr[i].er_pcs = 1; 2735 xhci->intr[i].ev_buffer_put = 0; 2736 xhci->intr[i].ev_buffer_get = 0; 2737 } 2738 2739 xhci->mfindex_start = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); 2740 xhci_mfwrap_update(xhci); 2741 } 2742 2743 static uint64_t xhci_cap_read(void *ptr, hwaddr reg, unsigned size) 2744 { 2745 XHCIState *xhci = ptr; 2746 uint32_t ret; 2747 2748 switch (reg) { 2749 case 0x00: /* HCIVERSION, CAPLENGTH */ 2750 ret = 0x01000000 | LEN_CAP; 2751 break; 2752 case 0x04: /* HCSPARAMS 1 */ 2753 ret = ((xhci->numports_2+xhci->numports_3)<<24) 2754 | (xhci->numintrs<<8) | xhci->numslots; 2755 break; 2756 case 0x08: /* HCSPARAMS 2 */ 2757 ret = 0x0000000f; 2758 break; 2759 case 0x0c: /* HCSPARAMS 3 */ 2760 ret = 0x00000000; 2761 break; 2762 case 0x10: /* HCCPARAMS */ 2763 if (sizeof(dma_addr_t) == 4) { 2764 ret = 0x00080000 | (xhci->max_pstreams_mask << 12); 2765 } else { 2766 ret = 0x00080001 | (xhci->max_pstreams_mask << 12); 2767 } 2768 break; 2769 case 0x14: /* DBOFF */ 2770 ret = OFF_DOORBELL; 2771 break; 2772 case 0x18: /* RTSOFF */ 2773 ret = OFF_RUNTIME; 2774 break; 2775 2776 /* extended capabilities */ 2777 case 0x20: /* Supported Protocol:00 */ 2778 ret = 0x02000402; /* USB 2.0 */ 2779 break; 2780 case 0x24: /* Supported Protocol:04 */ 2781 ret = 0x20425355; /* "USB " */ 2782 break; 2783 case 0x28: /* Supported Protocol:08 */ 2784 if (xhci_get_flag(xhci, XHCI_FLAG_SS_FIRST)) { 2785 ret = (xhci->numports_2<<8) | (xhci->numports_3+1); 2786 } else { 2787 ret = (xhci->numports_2<<8) | 1; 2788 } 2789 break; 2790 case 0x2c: /* Supported Protocol:0c */ 2791 ret = 0x00000000; /* reserved */ 2792 break; 2793 case 0x30: /* Supported Protocol:00 */ 2794 ret = 0x03000002; /* USB 3.0 */ 2795 break; 2796 case 0x34: /* Supported Protocol:04 */ 2797 ret = 0x20425355; /* "USB " */ 2798 break; 2799 case 0x38: /* Supported Protocol:08 */ 2800 if (xhci_get_flag(xhci, XHCI_FLAG_SS_FIRST)) { 2801 ret = (xhci->numports_3<<8) | 1; 2802 } else { 2803 ret = (xhci->numports_3<<8) | (xhci->numports_2+1); 2804 } 2805 break; 2806 case 0x3c: /* Supported Protocol:0c */ 2807 ret = 0x00000000; /* reserved */ 2808 break; 2809 default: 2810 trace_usb_xhci_unimplemented("cap read", reg); 2811 ret = 0; 2812 } 2813 2814 trace_usb_xhci_cap_read(reg, ret); 2815 return ret; 2816 } 2817 2818 static uint64_t xhci_port_read(void *ptr, hwaddr reg, unsigned size) 2819 { 2820 XHCIPort *port = ptr; 2821 uint32_t ret; 2822 2823 switch (reg) { 2824 case 0x00: /* PORTSC */ 2825 ret = port->portsc; 2826 break; 2827 case 0x04: /* PORTPMSC */ 2828 case 0x08: /* PORTLI */ 2829 ret = 0; 2830 break; 2831 case 0x0c: /* reserved */ 2832 default: 2833 trace_usb_xhci_unimplemented("port read", reg); 2834 ret = 0; 2835 } 2836 2837 trace_usb_xhci_port_read(port->portnr, reg, ret); 2838 return ret; 2839 } 2840 2841 static void xhci_port_write(void *ptr, hwaddr reg, 2842 uint64_t val, unsigned size) 2843 { 2844 XHCIPort *port = ptr; 2845 uint32_t portsc, notify; 2846 2847 trace_usb_xhci_port_write(port->portnr, reg, val); 2848 2849 switch (reg) { 2850 case 0x00: /* PORTSC */ 2851 /* write-1-to-start bits */ 2852 if (val & PORTSC_WPR) { 2853 xhci_port_reset(port, true); 2854 break; 2855 } 2856 if (val & PORTSC_PR) { 2857 xhci_port_reset(port, false); 2858 break; 2859 } 2860 2861 portsc = port->portsc; 2862 notify = 0; 2863 /* write-1-to-clear bits*/ 2864 portsc &= ~(val & (PORTSC_CSC|PORTSC_PEC|PORTSC_WRC|PORTSC_OCC| 2865 PORTSC_PRC|PORTSC_PLC|PORTSC_CEC)); 2866 if (val & PORTSC_LWS) { 2867 /* overwrite PLS only when LWS=1 */ 2868 uint32_t old_pls = get_field(port->portsc, PORTSC_PLS); 2869 uint32_t new_pls = get_field(val, PORTSC_PLS); 2870 switch (new_pls) { 2871 case PLS_U0: 2872 if (old_pls != PLS_U0) { 2873 set_field(&portsc, new_pls, PORTSC_PLS); 2874 trace_usb_xhci_port_link(port->portnr, new_pls); 2875 notify = PORTSC_PLC; 2876 } 2877 break; 2878 case PLS_U3: 2879 if (old_pls < PLS_U3) { 2880 set_field(&portsc, new_pls, PORTSC_PLS); 2881 trace_usb_xhci_port_link(port->portnr, new_pls); 2882 } 2883 break; 2884 case PLS_RESUME: 2885 /* windows does this for some reason, don't spam stderr */ 2886 break; 2887 default: 2888 DPRINTF("%s: ignore pls write (old %d, new %d)\n", 2889 __func__, old_pls, new_pls); 2890 break; 2891 } 2892 } 2893 /* read/write bits */ 2894 portsc &= ~(PORTSC_PP|PORTSC_WCE|PORTSC_WDE|PORTSC_WOE); 2895 portsc |= (val & (PORTSC_PP|PORTSC_WCE|PORTSC_WDE|PORTSC_WOE)); 2896 port->portsc = portsc; 2897 if (notify) { 2898 xhci_port_notify(port, notify); 2899 } 2900 break; 2901 case 0x04: /* PORTPMSC */ 2902 case 0x08: /* PORTLI */ 2903 default: 2904 trace_usb_xhci_unimplemented("port write", reg); 2905 } 2906 } 2907 2908 static uint64_t xhci_oper_read(void *ptr, hwaddr reg, unsigned size) 2909 { 2910 XHCIState *xhci = ptr; 2911 uint32_t ret; 2912 2913 switch (reg) { 2914 case 0x00: /* USBCMD */ 2915 ret = xhci->usbcmd; 2916 break; 2917 case 0x04: /* USBSTS */ 2918 ret = xhci->usbsts; 2919 break; 2920 case 0x08: /* PAGESIZE */ 2921 ret = 1; /* 4KiB */ 2922 break; 2923 case 0x14: /* DNCTRL */ 2924 ret = xhci->dnctrl; 2925 break; 2926 case 0x18: /* CRCR low */ 2927 ret = xhci->crcr_low & ~0xe; 2928 break; 2929 case 0x1c: /* CRCR high */ 2930 ret = xhci->crcr_high; 2931 break; 2932 case 0x30: /* DCBAAP low */ 2933 ret = xhci->dcbaap_low; 2934 break; 2935 case 0x34: /* DCBAAP high */ 2936 ret = xhci->dcbaap_high; 2937 break; 2938 case 0x38: /* CONFIG */ 2939 ret = xhci->config; 2940 break; 2941 default: 2942 trace_usb_xhci_unimplemented("oper read", reg); 2943 ret = 0; 2944 } 2945 2946 trace_usb_xhci_oper_read(reg, ret); 2947 return ret; 2948 } 2949 2950 static void xhci_oper_write(void *ptr, hwaddr reg, 2951 uint64_t val, unsigned size) 2952 { 2953 XHCIState *xhci = XHCI(ptr); 2954 2955 trace_usb_xhci_oper_write(reg, val); 2956 2957 switch (reg) { 2958 case 0x00: /* USBCMD */ 2959 if ((val & USBCMD_RS) && !(xhci->usbcmd & USBCMD_RS)) { 2960 xhci_run(xhci); 2961 } else if (!(val & USBCMD_RS) && (xhci->usbcmd & USBCMD_RS)) { 2962 xhci_stop(xhci); 2963 } 2964 if (val & USBCMD_CSS) { 2965 /* save state */ 2966 xhci->usbsts &= ~USBSTS_SRE; 2967 } 2968 if (val & USBCMD_CRS) { 2969 /* restore state */ 2970 xhci->usbsts |= USBSTS_SRE; 2971 } 2972 xhci->usbcmd = val & 0xc0f; 2973 xhci_mfwrap_update(xhci); 2974 if (val & USBCMD_HCRST) { 2975 xhci_reset(DEVICE(xhci)); 2976 } 2977 xhci_intr_update(xhci, 0); 2978 break; 2979 2980 case 0x04: /* USBSTS */ 2981 /* these bits are write-1-to-clear */ 2982 xhci->usbsts &= ~(val & (USBSTS_HSE|USBSTS_EINT|USBSTS_PCD|USBSTS_SRE)); 2983 xhci_intr_update(xhci, 0); 2984 break; 2985 2986 case 0x14: /* DNCTRL */ 2987 xhci->dnctrl = val & 0xffff; 2988 break; 2989 case 0x18: /* CRCR low */ 2990 xhci->crcr_low = (val & 0xffffffcf) | (xhci->crcr_low & CRCR_CRR); 2991 break; 2992 case 0x1c: /* CRCR high */ 2993 xhci->crcr_high = val; 2994 if (xhci->crcr_low & (CRCR_CA|CRCR_CS) && (xhci->crcr_low & CRCR_CRR)) { 2995 XHCIEvent event = {ER_COMMAND_COMPLETE, CC_COMMAND_RING_STOPPED}; 2996 xhci->crcr_low &= ~CRCR_CRR; 2997 xhci_event(xhci, &event, 0); 2998 DPRINTF("xhci: command ring stopped (CRCR=%08x)\n", xhci->crcr_low); 2999 } else { 3000 dma_addr_t base = xhci_addr64(xhci->crcr_low & ~0x3f, val); 3001 xhci_ring_init(xhci, &xhci->cmd_ring, base); 3002 } 3003 xhci->crcr_low &= ~(CRCR_CA | CRCR_CS); 3004 break; 3005 case 0x30: /* DCBAAP low */ 3006 xhci->dcbaap_low = val & 0xffffffc0; 3007 break; 3008 case 0x34: /* DCBAAP high */ 3009 xhci->dcbaap_high = val; 3010 break; 3011 case 0x38: /* CONFIG */ 3012 xhci->config = val & 0xff; 3013 break; 3014 default: 3015 trace_usb_xhci_unimplemented("oper write", reg); 3016 } 3017 } 3018 3019 static uint64_t xhci_runtime_read(void *ptr, hwaddr reg, 3020 unsigned size) 3021 { 3022 XHCIState *xhci = ptr; 3023 uint32_t ret = 0; 3024 3025 if (reg < 0x20) { 3026 switch (reg) { 3027 case 0x00: /* MFINDEX */ 3028 ret = xhci_mfindex_get(xhci) & 0x3fff; 3029 break; 3030 default: 3031 trace_usb_xhci_unimplemented("runtime read", reg); 3032 break; 3033 } 3034 } else { 3035 int v = (reg - 0x20) / 0x20; 3036 XHCIInterrupter *intr = &xhci->intr[v]; 3037 switch (reg & 0x1f) { 3038 case 0x00: /* IMAN */ 3039 ret = intr->iman; 3040 break; 3041 case 0x04: /* IMOD */ 3042 ret = intr->imod; 3043 break; 3044 case 0x08: /* ERSTSZ */ 3045 ret = intr->erstsz; 3046 break; 3047 case 0x10: /* ERSTBA low */ 3048 ret = intr->erstba_low; 3049 break; 3050 case 0x14: /* ERSTBA high */ 3051 ret = intr->erstba_high; 3052 break; 3053 case 0x18: /* ERDP low */ 3054 ret = intr->erdp_low; 3055 break; 3056 case 0x1c: /* ERDP high */ 3057 ret = intr->erdp_high; 3058 break; 3059 } 3060 } 3061 3062 trace_usb_xhci_runtime_read(reg, ret); 3063 return ret; 3064 } 3065 3066 static void xhci_runtime_write(void *ptr, hwaddr reg, 3067 uint64_t val, unsigned size) 3068 { 3069 XHCIState *xhci = ptr; 3070 XHCIInterrupter *intr; 3071 int v; 3072 3073 trace_usb_xhci_runtime_write(reg, val); 3074 3075 if (reg < 0x20) { 3076 trace_usb_xhci_unimplemented("runtime write", reg); 3077 return; 3078 } 3079 v = (reg - 0x20) / 0x20; 3080 intr = &xhci->intr[v]; 3081 3082 switch (reg & 0x1f) { 3083 case 0x00: /* IMAN */ 3084 if (val & IMAN_IP) { 3085 intr->iman &= ~IMAN_IP; 3086 } 3087 intr->iman &= ~IMAN_IE; 3088 intr->iman |= val & IMAN_IE; 3089 xhci_intr_update(xhci, v); 3090 break; 3091 case 0x04: /* IMOD */ 3092 intr->imod = val; 3093 break; 3094 case 0x08: /* ERSTSZ */ 3095 intr->erstsz = val & 0xffff; 3096 break; 3097 case 0x10: /* ERSTBA low */ 3098 if (xhci->nec_quirks) { 3099 /* NEC driver bug: it doesn't align this to 64 bytes */ 3100 intr->erstba_low = val & 0xfffffff0; 3101 } else { 3102 intr->erstba_low = val & 0xffffffc0; 3103 } 3104 break; 3105 case 0x14: /* ERSTBA high */ 3106 intr->erstba_high = val; 3107 xhci_er_reset(xhci, v); 3108 break; 3109 case 0x18: /* ERDP low */ 3110 if (val & ERDP_EHB) { 3111 intr->erdp_low &= ~ERDP_EHB; 3112 } 3113 intr->erdp_low = (val & ~ERDP_EHB) | (intr->erdp_low & ERDP_EHB); 3114 if (val & ERDP_EHB) { 3115 dma_addr_t erdp = xhci_addr64(intr->erdp_low, intr->erdp_high); 3116 unsigned int dp_idx = (erdp - intr->er_start) / TRB_SIZE; 3117 if (erdp >= intr->er_start && 3118 erdp < (intr->er_start + TRB_SIZE * intr->er_size) && 3119 dp_idx != intr->er_ep_idx) { 3120 xhci_intr_raise(xhci, v); 3121 } 3122 } 3123 break; 3124 case 0x1c: /* ERDP high */ 3125 intr->erdp_high = val; 3126 break; 3127 default: 3128 trace_usb_xhci_unimplemented("oper write", reg); 3129 } 3130 } 3131 3132 static uint64_t xhci_doorbell_read(void *ptr, hwaddr reg, 3133 unsigned size) 3134 { 3135 /* doorbells always read as 0 */ 3136 trace_usb_xhci_doorbell_read(reg, 0); 3137 return 0; 3138 } 3139 3140 static void xhci_doorbell_write(void *ptr, hwaddr reg, 3141 uint64_t val, unsigned size) 3142 { 3143 XHCIState *xhci = ptr; 3144 unsigned int epid, streamid; 3145 3146 trace_usb_xhci_doorbell_write(reg, val); 3147 3148 if (!xhci_running(xhci)) { 3149 DPRINTF("xhci: wrote doorbell while xHC stopped or paused\n"); 3150 return; 3151 } 3152 3153 reg >>= 2; 3154 3155 if (reg == 0) { 3156 if (val == 0) { 3157 xhci_process_commands(xhci); 3158 } else { 3159 DPRINTF("xhci: bad doorbell 0 write: 0x%x\n", 3160 (uint32_t)val); 3161 } 3162 } else { 3163 epid = val & 0xff; 3164 streamid = (val >> 16) & 0xffff; 3165 if (reg > xhci->numslots) { 3166 DPRINTF("xhci: bad doorbell %d\n", (int)reg); 3167 } else if (epid == 0 || epid > 31) { 3168 DPRINTF("xhci: bad doorbell %d write: 0x%x\n", 3169 (int)reg, (uint32_t)val); 3170 } else { 3171 xhci_kick_ep(xhci, reg, epid, streamid); 3172 } 3173 } 3174 } 3175 3176 static void xhci_cap_write(void *opaque, hwaddr addr, uint64_t val, 3177 unsigned width) 3178 { 3179 /* nothing */ 3180 } 3181 3182 static const MemoryRegionOps xhci_cap_ops = { 3183 .read = xhci_cap_read, 3184 .write = xhci_cap_write, 3185 .valid.min_access_size = 1, 3186 .valid.max_access_size = 4, 3187 .impl.min_access_size = 4, 3188 .impl.max_access_size = 4, 3189 .endianness = DEVICE_LITTLE_ENDIAN, 3190 }; 3191 3192 static const MemoryRegionOps xhci_oper_ops = { 3193 .read = xhci_oper_read, 3194 .write = xhci_oper_write, 3195 .valid.min_access_size = 4, 3196 .valid.max_access_size = sizeof(dma_addr_t), 3197 .endianness = DEVICE_LITTLE_ENDIAN, 3198 }; 3199 3200 static const MemoryRegionOps xhci_port_ops = { 3201 .read = xhci_port_read, 3202 .write = xhci_port_write, 3203 .valid.min_access_size = 4, 3204 .valid.max_access_size = 4, 3205 .endianness = DEVICE_LITTLE_ENDIAN, 3206 }; 3207 3208 static const MemoryRegionOps xhci_runtime_ops = { 3209 .read = xhci_runtime_read, 3210 .write = xhci_runtime_write, 3211 .valid.min_access_size = 4, 3212 .valid.max_access_size = sizeof(dma_addr_t), 3213 .endianness = DEVICE_LITTLE_ENDIAN, 3214 }; 3215 3216 static const MemoryRegionOps xhci_doorbell_ops = { 3217 .read = xhci_doorbell_read, 3218 .write = xhci_doorbell_write, 3219 .valid.min_access_size = 4, 3220 .valid.max_access_size = 4, 3221 .endianness = DEVICE_LITTLE_ENDIAN, 3222 }; 3223 3224 static void xhci_attach(USBPort *usbport) 3225 { 3226 XHCIState *xhci = usbport->opaque; 3227 XHCIPort *port = xhci_lookup_port(xhci, usbport); 3228 3229 xhci_port_update(port, 0); 3230 } 3231 3232 static void xhci_detach(USBPort *usbport) 3233 { 3234 XHCIState *xhci = usbport->opaque; 3235 XHCIPort *port = xhci_lookup_port(xhci, usbport); 3236 3237 xhci_detach_slot(xhci, usbport); 3238 xhci_port_update(port, 1); 3239 } 3240 3241 static void xhci_wakeup(USBPort *usbport) 3242 { 3243 XHCIState *xhci = usbport->opaque; 3244 XHCIPort *port = xhci_lookup_port(xhci, usbport); 3245 3246 assert(port); 3247 if (get_field(port->portsc, PORTSC_PLS) != PLS_U3) { 3248 return; 3249 } 3250 set_field(&port->portsc, PLS_RESUME, PORTSC_PLS); 3251 xhci_port_notify(port, PORTSC_PLC); 3252 } 3253 3254 static void xhci_complete(USBPort *port, USBPacket *packet) 3255 { 3256 XHCITransfer *xfer = container_of(packet, XHCITransfer, packet); 3257 3258 if (packet->status == USB_RET_REMOVE_FROM_QUEUE) { 3259 xhci_ep_nuke_one_xfer(xfer, 0); 3260 return; 3261 } 3262 xhci_try_complete_packet(xfer); 3263 xhci_kick_epctx(xfer->epctx, xfer->streamid); 3264 if (xfer->complete) { 3265 xhci_ep_free_xfer(xfer); 3266 } 3267 } 3268 3269 static void xhci_child_detach(USBPort *uport, USBDevice *child) 3270 { 3271 USBBus *bus = usb_bus_from_device(child); 3272 XHCIState *xhci = container_of(bus, XHCIState, bus); 3273 3274 xhci_detach_slot(xhci, child->port); 3275 } 3276 3277 static USBPortOps xhci_uport_ops = { 3278 .attach = xhci_attach, 3279 .detach = xhci_detach, 3280 .wakeup = xhci_wakeup, 3281 .complete = xhci_complete, 3282 .child_detach = xhci_child_detach, 3283 }; 3284 3285 static int xhci_find_epid(USBEndpoint *ep) 3286 { 3287 if (ep->nr == 0) { 3288 return 1; 3289 } 3290 if (ep->pid == USB_TOKEN_IN) { 3291 return ep->nr * 2 + 1; 3292 } else { 3293 return ep->nr * 2; 3294 } 3295 } 3296 3297 static USBEndpoint *xhci_epid_to_usbep(XHCIEPContext *epctx) 3298 { 3299 USBPort *uport; 3300 uint32_t token; 3301 3302 if (!epctx) { 3303 return NULL; 3304 } 3305 uport = epctx->xhci->slots[epctx->slotid - 1].uport; 3306 if (!uport || !uport->dev) { 3307 return NULL; 3308 } 3309 token = (epctx->epid & 1) ? USB_TOKEN_IN : USB_TOKEN_OUT; 3310 return usb_ep_get(uport->dev, token, epctx->epid >> 1); 3311 } 3312 3313 static void xhci_wakeup_endpoint(USBBus *bus, USBEndpoint *ep, 3314 unsigned int stream) 3315 { 3316 XHCIState *xhci = container_of(bus, XHCIState, bus); 3317 int slotid; 3318 3319 DPRINTF("%s\n", __func__); 3320 slotid = ep->dev->addr; 3321 if (slotid == 0 || slotid > xhci->numslots || 3322 !xhci->slots[slotid - 1].enabled) { 3323 DPRINTF("%s: oops, no slot for dev %d\n", __func__, ep->dev->addr); 3324 return; 3325 } 3326 xhci_kick_ep(xhci, slotid, xhci_find_epid(ep), stream); 3327 } 3328 3329 static USBBusOps xhci_bus_ops = { 3330 .wakeup_endpoint = xhci_wakeup_endpoint, 3331 }; 3332 3333 static void usb_xhci_init(XHCIState *xhci) 3334 { 3335 XHCIPort *port; 3336 unsigned int i, usbports, speedmask; 3337 3338 xhci->usbsts = USBSTS_HCH; 3339 3340 if (xhci->numports_2 > XHCI_MAXPORTS_2) { 3341 xhci->numports_2 = XHCI_MAXPORTS_2; 3342 } 3343 if (xhci->numports_3 > XHCI_MAXPORTS_3) { 3344 xhci->numports_3 = XHCI_MAXPORTS_3; 3345 } 3346 usbports = MAX(xhci->numports_2, xhci->numports_3); 3347 xhci->numports = xhci->numports_2 + xhci->numports_3; 3348 3349 usb_bus_new(&xhci->bus, sizeof(xhci->bus), &xhci_bus_ops, xhci->hostOpaque); 3350 3351 for (i = 0; i < usbports; i++) { 3352 speedmask = 0; 3353 if (i < xhci->numports_2) { 3354 if (xhci_get_flag(xhci, XHCI_FLAG_SS_FIRST)) { 3355 port = &xhci->ports[i + xhci->numports_3]; 3356 port->portnr = i + 1 + xhci->numports_3; 3357 } else { 3358 port = &xhci->ports[i]; 3359 port->portnr = i + 1; 3360 } 3361 port->uport = &xhci->uports[i]; 3362 port->speedmask = 3363 USB_SPEED_MASK_LOW | 3364 USB_SPEED_MASK_FULL | 3365 USB_SPEED_MASK_HIGH; 3366 assert(i < XHCI_MAXPORTS); 3367 snprintf(port->name, sizeof(port->name), "usb2 port #%d", i+1); 3368 speedmask |= port->speedmask; 3369 } 3370 if (i < xhci->numports_3) { 3371 if (xhci_get_flag(xhci, XHCI_FLAG_SS_FIRST)) { 3372 port = &xhci->ports[i]; 3373 port->portnr = i + 1; 3374 } else { 3375 port = &xhci->ports[i + xhci->numports_2]; 3376 port->portnr = i + 1 + xhci->numports_2; 3377 } 3378 port->uport = &xhci->uports[i]; 3379 port->speedmask = USB_SPEED_MASK_SUPER; 3380 assert(i < XHCI_MAXPORTS); 3381 snprintf(port->name, sizeof(port->name), "usb3 port #%d", i+1); 3382 speedmask |= port->speedmask; 3383 } 3384 usb_register_port(&xhci->bus, &xhci->uports[i], xhci, i, 3385 &xhci_uport_ops, speedmask); 3386 } 3387 } 3388 3389 static void usb_xhci_realize(DeviceState *dev, Error **errp) 3390 { 3391 int i; 3392 3393 XHCIState *xhci = XHCI(dev); 3394 3395 if (xhci->numintrs > XHCI_MAXINTRS) { 3396 xhci->numintrs = XHCI_MAXINTRS; 3397 } 3398 while (xhci->numintrs & (xhci->numintrs - 1)) { /* ! power of 2 */ 3399 xhci->numintrs++; 3400 } 3401 if (xhci->numintrs < 1) { 3402 xhci->numintrs = 1; 3403 } 3404 if (xhci->numslots > XHCI_MAXSLOTS) { 3405 xhci->numslots = XHCI_MAXSLOTS; 3406 } 3407 if (xhci->numslots < 1) { 3408 xhci->numslots = 1; 3409 } 3410 if (xhci_get_flag(xhci, XHCI_FLAG_ENABLE_STREAMS)) { 3411 xhci->max_pstreams_mask = 7; /* == 256 primary streams */ 3412 } else { 3413 xhci->max_pstreams_mask = 0; 3414 } 3415 3416 usb_xhci_init(xhci); 3417 xhci->mfwrap_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, xhci_mfwrap_timer, xhci); 3418 3419 memory_region_init(&xhci->mem, OBJECT(dev), "xhci", XHCI_LEN_REGS); 3420 memory_region_init_io(&xhci->mem_cap, OBJECT(dev), &xhci_cap_ops, xhci, 3421 "capabilities", LEN_CAP); 3422 memory_region_init_io(&xhci->mem_oper, OBJECT(dev), &xhci_oper_ops, xhci, 3423 "operational", 0x400); 3424 memory_region_init_io(&xhci->mem_runtime, OBJECT(dev), &xhci_runtime_ops, 3425 xhci, "runtime", LEN_RUNTIME); 3426 memory_region_init_io(&xhci->mem_doorbell, OBJECT(dev), &xhci_doorbell_ops, 3427 xhci, "doorbell", LEN_DOORBELL); 3428 3429 memory_region_add_subregion(&xhci->mem, 0, &xhci->mem_cap); 3430 memory_region_add_subregion(&xhci->mem, OFF_OPER, &xhci->mem_oper); 3431 memory_region_add_subregion(&xhci->mem, OFF_RUNTIME, &xhci->mem_runtime); 3432 memory_region_add_subregion(&xhci->mem, OFF_DOORBELL, &xhci->mem_doorbell); 3433 3434 for (i = 0; i < xhci->numports; i++) { 3435 XHCIPort *port = &xhci->ports[i]; 3436 uint32_t offset = OFF_OPER + 0x400 + 0x10 * i; 3437 port->xhci = xhci; 3438 memory_region_init_io(&port->mem, OBJECT(dev), &xhci_port_ops, port, 3439 port->name, 0x10); 3440 memory_region_add_subregion(&xhci->mem, offset, &port->mem); 3441 } 3442 } 3443 3444 static void usb_xhci_unrealize(DeviceState *dev) 3445 { 3446 int i; 3447 XHCIState *xhci = XHCI(dev); 3448 3449 trace_usb_xhci_exit(); 3450 3451 for (i = 0; i < xhci->numslots; i++) { 3452 xhci_disable_slot(xhci, i + 1); 3453 } 3454 3455 if (xhci->mfwrap_timer) { 3456 timer_free(xhci->mfwrap_timer); 3457 xhci->mfwrap_timer = NULL; 3458 } 3459 3460 memory_region_del_subregion(&xhci->mem, &xhci->mem_cap); 3461 memory_region_del_subregion(&xhci->mem, &xhci->mem_oper); 3462 memory_region_del_subregion(&xhci->mem, &xhci->mem_runtime); 3463 memory_region_del_subregion(&xhci->mem, &xhci->mem_doorbell); 3464 3465 for (i = 0; i < xhci->numports; i++) { 3466 XHCIPort *port = &xhci->ports[i]; 3467 memory_region_del_subregion(&xhci->mem, &port->mem); 3468 } 3469 3470 usb_bus_release(&xhci->bus); 3471 } 3472 3473 static int usb_xhci_post_load(void *opaque, int version_id) 3474 { 3475 XHCIState *xhci = opaque; 3476 XHCISlot *slot; 3477 XHCIEPContext *epctx; 3478 dma_addr_t dcbaap, pctx; 3479 uint32_t slot_ctx[4]; 3480 uint32_t ep_ctx[5]; 3481 int slotid, epid, state; 3482 uint64_t addr; 3483 3484 dcbaap = xhci_addr64(xhci->dcbaap_low, xhci->dcbaap_high); 3485 3486 for (slotid = 1; slotid <= xhci->numslots; slotid++) { 3487 slot = &xhci->slots[slotid-1]; 3488 if (!slot->addressed) { 3489 continue; 3490 } 3491 ldq_le_dma(xhci->as, dcbaap + 8 * slotid, &addr, MEMTXATTRS_UNSPECIFIED); 3492 slot->ctx = xhci_mask64(addr); 3493 3494 xhci_dma_read_u32s(xhci, slot->ctx, slot_ctx, sizeof(slot_ctx)); 3495 slot->uport = xhci_lookup_uport(xhci, slot_ctx); 3496 if (!slot->uport) { 3497 /* should not happen, but may trigger on guest bugs */ 3498 slot->enabled = 0; 3499 slot->addressed = 0; 3500 continue; 3501 } 3502 assert(slot->uport && slot->uport->dev); 3503 3504 for (epid = 1; epid <= 31; epid++) { 3505 pctx = slot->ctx + 32 * epid; 3506 xhci_dma_read_u32s(xhci, pctx, ep_ctx, sizeof(ep_ctx)); 3507 state = ep_ctx[0] & EP_STATE_MASK; 3508 if (state == EP_DISABLED) { 3509 continue; 3510 } 3511 epctx = xhci_alloc_epctx(xhci, slotid, epid); 3512 slot->eps[epid-1] = epctx; 3513 xhci_init_epctx(epctx, pctx, ep_ctx); 3514 epctx->state = state; 3515 if (state == EP_RUNNING) { 3516 /* kick endpoint after vmload is finished */ 3517 timer_mod(epctx->kick_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)); 3518 } 3519 } 3520 } 3521 return 0; 3522 } 3523 3524 static const VMStateDescription vmstate_xhci_ring = { 3525 .name = "xhci-ring", 3526 .version_id = 1, 3527 .fields = (VMStateField[]) { 3528 VMSTATE_UINT64(dequeue, XHCIRing), 3529 VMSTATE_BOOL(ccs, XHCIRing), 3530 VMSTATE_END_OF_LIST() 3531 } 3532 }; 3533 3534 static const VMStateDescription vmstate_xhci_port = { 3535 .name = "xhci-port", 3536 .version_id = 1, 3537 .fields = (VMStateField[]) { 3538 VMSTATE_UINT32(portsc, XHCIPort), 3539 VMSTATE_END_OF_LIST() 3540 } 3541 }; 3542 3543 static const VMStateDescription vmstate_xhci_slot = { 3544 .name = "xhci-slot", 3545 .version_id = 1, 3546 .fields = (VMStateField[]) { 3547 VMSTATE_BOOL(enabled, XHCISlot), 3548 VMSTATE_BOOL(addressed, XHCISlot), 3549 VMSTATE_END_OF_LIST() 3550 } 3551 }; 3552 3553 static const VMStateDescription vmstate_xhci_event = { 3554 .name = "xhci-event", 3555 .version_id = 1, 3556 .fields = (VMStateField[]) { 3557 VMSTATE_UINT32(type, XHCIEvent), 3558 VMSTATE_UINT32(ccode, XHCIEvent), 3559 VMSTATE_UINT64(ptr, XHCIEvent), 3560 VMSTATE_UINT32(length, XHCIEvent), 3561 VMSTATE_UINT32(flags, XHCIEvent), 3562 VMSTATE_UINT8(slotid, XHCIEvent), 3563 VMSTATE_UINT8(epid, XHCIEvent), 3564 VMSTATE_END_OF_LIST() 3565 } 3566 }; 3567 3568 static bool xhci_er_full(void *opaque, int version_id) 3569 { 3570 return false; 3571 } 3572 3573 static const VMStateDescription vmstate_xhci_intr = { 3574 .name = "xhci-intr", 3575 .version_id = 1, 3576 .fields = (VMStateField[]) { 3577 /* registers */ 3578 VMSTATE_UINT32(iman, XHCIInterrupter), 3579 VMSTATE_UINT32(imod, XHCIInterrupter), 3580 VMSTATE_UINT32(erstsz, XHCIInterrupter), 3581 VMSTATE_UINT32(erstba_low, XHCIInterrupter), 3582 VMSTATE_UINT32(erstba_high, XHCIInterrupter), 3583 VMSTATE_UINT32(erdp_low, XHCIInterrupter), 3584 VMSTATE_UINT32(erdp_high, XHCIInterrupter), 3585 3586 /* state */ 3587 VMSTATE_BOOL(msix_used, XHCIInterrupter), 3588 VMSTATE_BOOL(er_pcs, XHCIInterrupter), 3589 VMSTATE_UINT64(er_start, XHCIInterrupter), 3590 VMSTATE_UINT32(er_size, XHCIInterrupter), 3591 VMSTATE_UINT32(er_ep_idx, XHCIInterrupter), 3592 3593 /* event queue (used if ring is full) */ 3594 VMSTATE_BOOL(er_full_unused, XHCIInterrupter), 3595 VMSTATE_UINT32_TEST(ev_buffer_put, XHCIInterrupter, xhci_er_full), 3596 VMSTATE_UINT32_TEST(ev_buffer_get, XHCIInterrupter, xhci_er_full), 3597 VMSTATE_STRUCT_ARRAY_TEST(ev_buffer, XHCIInterrupter, EV_QUEUE, 3598 xhci_er_full, 1, 3599 vmstate_xhci_event, XHCIEvent), 3600 3601 VMSTATE_END_OF_LIST() 3602 } 3603 }; 3604 3605 const VMStateDescription vmstate_xhci = { 3606 .name = "xhci-core", 3607 .version_id = 1, 3608 .post_load = usb_xhci_post_load, 3609 .fields = (VMStateField[]) { 3610 VMSTATE_STRUCT_VARRAY_UINT32(ports, XHCIState, numports, 1, 3611 vmstate_xhci_port, XHCIPort), 3612 VMSTATE_STRUCT_VARRAY_UINT32(slots, XHCIState, numslots, 1, 3613 vmstate_xhci_slot, XHCISlot), 3614 VMSTATE_STRUCT_VARRAY_UINT32(intr, XHCIState, numintrs, 1, 3615 vmstate_xhci_intr, XHCIInterrupter), 3616 3617 /* Operational Registers */ 3618 VMSTATE_UINT32(usbcmd, XHCIState), 3619 VMSTATE_UINT32(usbsts, XHCIState), 3620 VMSTATE_UINT32(dnctrl, XHCIState), 3621 VMSTATE_UINT32(crcr_low, XHCIState), 3622 VMSTATE_UINT32(crcr_high, XHCIState), 3623 VMSTATE_UINT32(dcbaap_low, XHCIState), 3624 VMSTATE_UINT32(dcbaap_high, XHCIState), 3625 VMSTATE_UINT32(config, XHCIState), 3626 3627 /* Runtime Registers & state */ 3628 VMSTATE_INT64(mfindex_start, XHCIState), 3629 VMSTATE_TIMER_PTR(mfwrap_timer, XHCIState), 3630 VMSTATE_STRUCT(cmd_ring, XHCIState, 1, vmstate_xhci_ring, XHCIRing), 3631 3632 VMSTATE_END_OF_LIST() 3633 } 3634 }; 3635 3636 static Property xhci_properties[] = { 3637 DEFINE_PROP_BIT("streams", XHCIState, flags, 3638 XHCI_FLAG_ENABLE_STREAMS, true), 3639 DEFINE_PROP_UINT32("p2", XHCIState, numports_2, 4), 3640 DEFINE_PROP_UINT32("p3", XHCIState, numports_3, 4), 3641 DEFINE_PROP_LINK("host", XHCIState, hostOpaque, TYPE_DEVICE, 3642 DeviceState *), 3643 DEFINE_PROP_END_OF_LIST(), 3644 }; 3645 3646 static void xhci_class_init(ObjectClass *klass, void *data) 3647 { 3648 DeviceClass *dc = DEVICE_CLASS(klass); 3649 3650 dc->realize = usb_xhci_realize; 3651 dc->unrealize = usb_xhci_unrealize; 3652 dc->reset = xhci_reset; 3653 device_class_set_props(dc, xhci_properties); 3654 dc->user_creatable = false; 3655 } 3656 3657 static const TypeInfo xhci_info = { 3658 .name = TYPE_XHCI, 3659 .parent = TYPE_DEVICE, 3660 .instance_size = sizeof(XHCIState), 3661 .class_init = xhci_class_init, 3662 }; 3663 3664 static void xhci_register_types(void) 3665 { 3666 type_register_static(&xhci_info); 3667 } 3668 3669 type_init(xhci_register_types)