VirtualBox

source: vbox/trunk/src/VBox/Devices/USB/DevEHCI.cpp@ 105100

Last change on this file since 105100 was 104838, checked in by vboxsync, 6 months ago

DevEHCI: Fixed bug loading really old saved states (5 - VBox v4.2.4). bugref:10687

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 187.3 KB
Line 
1/* $Id: DevEHCI.cpp 104838 2024-06-05 00:38:48Z vboxsync $ */
2/** @file
3 * DevEHCI - Enhanced Host Controller Interface for USB.
4 */
5
6/*
7 * Copyright (C) 2006-2023 Oracle and/or its affiliates.
8 *
9 * This file is part of VirtualBox base platform packages, as
10 * available from https://www.virtualbox.org.
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation, in version 3 of the
15 * License.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <https://www.gnu.org/licenses>.
24 *
25 * SPDX-License-Identifier: GPL-3.0-only
26 */
27
28/** @page pg_dev_ehci EHCI - Enhanced Host Controller Interface Emulation.
29 *
30 * This component implements an EHCI USB controller. It is split roughly
31 * into two main parts, the first part implements the register level
32 * specification of USB EHCI and the second part maintains the root hub (which
33 * is an integrated component of the device).
34 *
35 * The EHCI registers are used for the usual stuff like enabling and disabling
36 * interrupts. Since the USB time is divided in to 1ms frames and various
37 * interrupts may need to be triggered at frame boundary time, a timer-based
38 * approach was taken.
39 *
40 * Note that all processing is currently done on a frame boundary and
41 * no attempt is made to emulate events with micro-frame granularity.
42 *
43 * The actual USB transfers are stored in main memory (along with endpoint and
44 * transfer descriptors). The ED's for all the control and bulk endpoints are
45 * found by consulting the HcAsyncListAddr register (ASYNCLISTADDR).
46 * Interrupt and isochronous ED's are found by looking at the HcPeriodicListBase
47 * (PERIODICLISTBASE) register.
48 *
49 * At the start of every frame (in function ehciR3StartOfFrame) we traverse all
50 * enabled ED lists and queue up as many transfers as possible. No attention
51 * is paid to control/bulk service ratios or bandwidth requirements since our
52 * USB could conceivably contain a dozen high speed busses and this would
53 * artificially limit the performance.
54 *
55 * Once we have a transfer ready to go (in the appropriate ehciServiceXxx function)
56 * we allocate an URB on the stack, fill in all the relevant fields and submit
57 * it using the VUSBIRhSubmitUrb function. The roothub device and the virtual
58 * USB core code coordinates everything else from this point onwards.
59 *
60 * When the URB has been successfully handed to the lower level driver, our
61 * prepare callback gets called and we can remove the TD from the ED transfer
62 * list. This stops us queueing it twice while it completes.
63 * bird: no, we don't remove it because that confuses the guest! (=> crashes)
64 *
65 * Completed URBs are reaped at the end of every frame (in function
66 * ehciR3FrameBoundaryTimer). Our completion routine makes use of the ED and TD
67 * fields in the URB to store the physical addresses of the descriptors so
68 * that they may be modified in the roothub callbacks. Our completion
69 * routine (ehciRhXferCompleteXxx) carries out a number of tasks:
70 * -# Retires the TD associated with the transfer, setting the
71 * relevant error code etc.
72 * -# Updates done-queue interrupt timer and potentially causes
73 * a writeback of the done-queue.
74 * -# If the transfer was device-to-host, we copy the data into
75 * the host memory.
76 *
77 * As for error handling EHCI allows for 3 retries before failing a transfer,
78 * an error count is stored in each transfer descriptor. A halt flag is also
79 * stored in the transfer descriptor. That allows for ED's to be disabled
80 * without stopping the bus and de-queuing them.
81 *
82 * When the bus is started and stopped, we call VUSBIDevPowerOn/Off() on our
83 * roothub to indicate it's powering up and powering down. Whenever we power
84 * down, the USB core makes sure to synchronously complete all outstanding
85 * requests so that the EHCI is never seen in an inconsistent state by the
86 * guest OS (Transfers are not meant to be unlinked until they've actually
87 * completed, but we can't do that unless we work synchronously, so we just
88 * have to fake it).
89 * bird: we do work synchronously now, anything causes guest crashes.
90 *
91 * The number of ports is configurable. The architectural maximum is 15, but
92 * some guests (e.g. OS/2) crash if they see more than 12 or so ports. Saved
93 * states always include the data for all 15 ports but HCSPARAMS determines
94 * the actual number visible to the guest.
95 */
96
97
98/*********************************************************************************************************************************
99* Header Files *
100*********************************************************************************************************************************/
101#define LOG_GROUP LOG_GROUP_DEV_EHCI
102#include <VBox/pci.h>
103#include <VBox/vmm/pdm.h>
104#include <VBox/vmm/mm.h>
105#include <VBox/err.h>
106#include <VBox/log.h>
107#include <iprt/assert.h>
108#include <iprt/string.h>
109#include <iprt/asm.h>
110#include <iprt/param.h>
111#include <iprt/thread.h>
112#include <iprt/semaphore.h>
113#include <iprt/critsect.h>
114#ifdef IN_RING3
115# include <iprt/thread.h>
116# include <iprt/mem.h>
117# include <iprt/uuid.h>
118#endif
119#include <VBox/vusb.h>
120#ifdef VBOX_IN_EXTPACK_R3
121# include <VBox/version.h>
122#elif defined(VBOX_IN_EXTPACK)
123# include <VBox/sup.h>
124#endif
125#ifndef VBOX_IN_EXTPACK
126# include "VBoxDD.h"
127#endif
128
129
130/** The saved state version. */
131#define EHCI_SAVED_STATE_VERSION 7
132/** The saved state version before the EOF timers were removed. */
133#define EHCI_SAVED_STATE_VERSION_PRE_TIMER_REMOVAL 6 /* Introduced in 5.2. */
134/** The saved state with support of 8 ports. */
135#define EHCI_SAVED_STATE_VERSION_8PORTS 5 /* Introduced in 3.1 or so. */
136
137/** Number of Downstream Ports on the root hub; 15 is the maximum
138 * the EHCI specification provides for. */
139#define EHCI_NDP_MAX 15
140
141/** The default Number of Downstream Ports reported to guests. */
142#define EHCI_NDP_DEFAULT 12
143
144/* Macro to query the number of currently configured ports. */
145#define EHCI_NDP_CFG(pehci) ((pehci)->hcs_params & EHCI_HCS_PARAMS_NDP_MASK)
146/** Macro to convert a EHCI port index (zero based) to a VUSB roothub port ID (one based). */
147#define EHCI_PORT_2_VUSB_PORT(a_uPort) ((a_uPort) + 1)
148
149/** Size of the capability part of the MMIO page. */
150#define EHCI_CAPS_REG_SIZE 0x20
151
152
153#ifndef VBOX_DEVICE_STRUCT_TESTCASE
154/**
155 * Host controller Transfer Descriptor data.
156 */
157typedef struct VUSBURBHCITDINT
158{
159 /** Type of TD. */
160 uint32_t TdType;
161 /** The address of the TD. */
162 RTGCPHYS TdAddr;
163 /** A copy of the TD. */
164 uint32_t TdCopy[16];
165} VUSBURBHCITDINT;
166
167/**
168 * The host controller data associated with each URB.
169 */
170typedef struct VUSBURBHCIINT
171{
172 /** The endpoint descriptor address. */
173 RTGCPHYS EdAddr;
174 /** Number of Tds in the array. */
175 uint32_t cTds;
176 /** When this URB was created.
177 * (Used for isochronous frames and for logging.) */
178 uint32_t u32FrameNo;
179 /** Flag indicating that the TDs have been unlinked. */
180 bool fUnlinked;
181} VUSBURBHCIINT;
182#endif
183
184/**
185 * An EHCI root hub port, shared.
186 */
187typedef struct EHCIHUBPORT
188{
189 /** The port register. */
190 uint32_t fReg;
191} EHCIHUBPORT;
192/** Pointer to a shared EHCI root hub port. */
193typedef EHCIHUBPORT *PEHCIHUBPORT;
194
195/**
196 * An EHCI root hub port, ring-3.
197 */
198typedef struct EHCIHUBPORTR3
199{
200 /** Flag whether there is a device attached to the port. */
201 bool fAttached;
202} EHCIHUBPORTR3;
203/** Pointer to a ring-3 EHCI root hub port. */
204typedef EHCIHUBPORTR3 *PEHCIHUBPORTR3;
205
206
207/**
208 * The EHCI root hub, shared.
209 */
210typedef struct EHCIROOTHUB
211{
212 /** Per-port state. */
213 EHCIHUBPORT aPorts[EHCI_NDP_MAX];
214 /** Unused, only needed for saved state compatibility. */
215 uint32_t unused;
216} EHCIROOTHUB;
217/** Pointer to the EHCI root hub. */
218typedef EHCIROOTHUB *PEHCIROOTHUB;
219
220
221/**
222 * The EHCI root hub, ring-3 edition.
223 *
224 * @implements PDMIBASE
225 * @implements VUSBIROOTHUBPORT
226 * @implements PDMILEDPORTS
227 */
228typedef struct EHCIROOTHUBR3
229{
230 /** Pointer to the base interface of the VUSB RootHub. */
231 R3PTRTYPE(PPDMIBASE) pIBase;
232 /** Pointer to the connector interface of the VUSB RootHub. */
233 R3PTRTYPE(PVUSBIROOTHUBCONNECTOR) pIRhConn;
234 /** The base interface exposed to the roothub driver. */
235 PDMIBASE IBase;
236 /** The roothub port interface exposed to the roothub driver. */
237 VUSBIROOTHUBPORT IRhPort;
238
239 /** The LED. */
240 PDMLED Led;
241 /** The LED ports. */
242 PDMILEDPORTS ILeds;
243 /** Partner of ILeds. */
244 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
245
246 EHCIHUBPORTR3 aPorts[EHCI_NDP_MAX];
247} EHCIROOTHUBR3;
248/** Pointer to the ring-3 EHCI root hub state. */
249typedef EHCIROOTHUBR3 *PEHCIROOTHUBR3;
250
251
252/**
253 * EHCI device data, shared.
254 */
255typedef struct EHCI
256{
257 /** Async scheduler sleeping; triggered by empty list detection */
258 bool fAsyncTraversalTimerActive;
259
260 bool afAlignment0[7];
261
262 /** Start of current frame. */
263 uint64_t SofTime;
264 /** Root hub device */
265 EHCIROOTHUB RootHub;
266
267 /** @name Host Controller Capability Registers (R/O)
268 * @{ */
269 /** CAPLENGTH: base + cap_length = operational register start */
270 uint32_t cap_length;
271 /** HCIVERSION: host controller interface version */
272 uint32_t hci_version;
273 /** HCSPARAMS: Structural parameters */
274 uint32_t hcs_params;
275 /** HCCPARAMS: Capability parameters */
276 uint32_t hcc_params;
277 /** @} */
278
279 /** @name Host Controller Operational Registers (R/W)
280 * @{ */
281 /** USB command register */
282 uint32_t cmd;
283 /** USB status register */
284 uint32_t intr_status;
285 /** USB interrupt enable register */
286 uint32_t intr;
287 /** Frame index register; actually it's micro-frame number */
288 uint32_t frame_idx;
289 /** Control Data Structure Segment Register */
290 uint32_t ds_segment;
291 /** Periodic Frame List Base Address Register */
292 uint32_t periodic_list_base;
293 /** Current Asynchronous List Address Register */
294 uint32_t async_list_base;
295 /** Configure Flag Register */
296 uint32_t config;
297 /** @} */
298
299 /** @name Control partition (registers)
300 * @{ */
301 /** Interrupt interval; see interrupt threshold in the command register */
302 uint32_t uIrqInterval;
303 /** @} */
304
305 /** @name Frame counter partition (registers)
306 * @{ */
307 /** HcFmNumber.
308 * @remark The register size is 16-bit, but for debugging and performance
309 * reasons we maintain a 32-bit counter. */
310 uint32_t HcFmNumber;
311 /** Number of micro-frames per timer call */
312 uint32_t uFramesPerTimerCall;
313 /** @} */
314
315 /** Flag whether the framer thread should processing frames. */
316 volatile bool fBusStarted;
317
318 bool afAlignment1[3]; /**< Align CsIrq correctly. */
319
320 /* The following members are not part of saved state. */
321
322 /** Critical section synchronising interrupt handling. */
323 PDMCRITSECT CsIrq;
324
325 /** The MMIO region. */
326 IOMMMIOHANDLE hMmio;
327} EHCI;
328AssertCompileMemberAlignment(EHCI, CsIrq, 8);
329/** Pointer to shared EHCI device data. */
330typedef struct EHCI *PEHCI;
331
332
333/**
334 * EHCI device data, ring-3 edition.
335 */
336typedef struct EHCIR3
337{
338 /** Root hub device. */
339 EHCIROOTHUBR3 RootHub;
340
341 /** The number of virtual time ticks per frame. */
342 uint64_t cTicksPerFrame;
343 /** The number of virtual time ticks per USB bus tick. */
344 uint64_t cTicksPerUsbTick;
345
346 /** Pointer to the device instance. */
347 PPDMDEVINSR3 pDevIns;
348
349 /** Number of in-flight TDs. */
350 unsigned cInFlight;
351 unsigned Alignment2; /**< Align aInFlight on a 8 byte boundary. */
352 /** Array of in-flight TDs. */
353 struct ehci_td_in_flight
354 {
355 /** Address of the transport descriptor. */
356 RTGCPHYS GCPhysTD;
357 /** Pointer to the URB. */
358 R3PTRTYPE(PVUSBURB) pUrb;
359 } aInFlight[257];
360
361 /** Detected canceled isochronous URBs. */
362 STAMCOUNTER StatCanceledIsocUrbs;
363 /** Detected canceled general URBs. */
364 STAMCOUNTER StatCanceledGenUrbs;
365 /** Dropped URBs (endpoint halted, or URB canceled). */
366 STAMCOUNTER StatDroppedUrbs;
367
368 /* The following members are not part of saved state. */
369
370 /** VM timer frequency used for frame timer calculations. */
371 uint64_t u64TimerHz;
372 /** Number of USB work cycles with no transfers. */
373 uint32_t cIdleCycles;
374 /** Current frame timer rate (default 1000). */
375 uint32_t uFrameRate;
376 /** Idle detection flag; must be cleared at start of frame */
377 bool fIdle;
378 bool afAlignment4[3];
379
380 /** Default frequency of the frame timer. */
381 uint32_t uFrameRateDefault;
382 /** How long to wait until the next frame. */
383 uint64_t nsWait;
384 /** The framer thread. */
385 R3PTRTYPE(PPDMTHREAD) hThreadFrame;
386 /** Event semaphore to interact with the framer thread. */
387 R3PTRTYPE(RTSEMEVENTMULTI) hSemEventFrame;
388 /** Event semaphore to release the thread waiting for the framer thread to stop. */
389 R3PTRTYPE(RTSEMEVENTMULTI) hSemEventFrameStopped;
390 /** Critical section to synchronize the framer and URB completion handler. */
391 RTCRITSECT CritSect;
392} EHCIR3;
393/** Pointer to ring-3 EHCI device data. */
394typedef struct EHCIR3 *PEHCIR3;
395
396
397/**
398 * EHCI device data, ring-0 edition.
399 */
400typedef struct EHCIR0
401{
402 uint32_t uUnused;
403} EHCIR0;
404/** Pointer to ring-0 EHCI device data. */
405typedef struct EHCIR0 *PEHCIR0;
406
407
408/**
409 * EHCI device data, raw-mode edition.
410 */
411typedef struct EHCIRC
412{
413 uint32_t uUnused;
414} EHCIRC;
415/** Pointer to raw-mode EHCI device data. */
416typedef struct EHCIRC *PEHCIRC;
417
418
419/** @typedef EHCICC
420 * The EHCI device data for the current context. */
421typedef CTX_SUFF(EHCI) EHCICC;
422/** @typedef PEHCICC
423 * Pointer to the EHCI device for the current context. */
424typedef CTX_SUFF(PEHCI) PEHCICC;
425
426
427/** @@name EHCI Transfer Descriptor Types
428 * @{ */
429/** Isochronous Transfer Descriptor */
430#define EHCI_DESCRIPTOR_ITD 0
431/** Queue Head */
432#define EHCI_DESCRIPTOR_QH 1
433/** Split Transaction Isochronous Transfer Descriptor */
434#define EHCI_DESCRIPTOR_SITD 2
435/** Frame Span Traversal Node */
436#define EHCI_DESCRIPTOR_FSTN 3
437/** @} */
438
439/** @@name EHCI Transfer service type
440 * @{ */
441typedef enum
442{
443 EHCI_SERVICE_PERIODIC = 0,
444 EHCI_SERVICE_ASYNC = 1
445} EHCI_SERVICE_TYPE;
446/** @} */
447
448/** @@name EHCI Frame List Element Pointer
449 * @{ */
450#define EHCI_FRAME_LIST_NEXTPTR_SHIFT 5
451
452typedef struct
453{
454 uint32_t Terminate : 1;
455 uint32_t Type : 2;
456 uint32_t Reserved : 2;
457 uint32_t FrameAddr : 27;
458} EHCI_FRAME_LIST_PTR;
459AssertCompileSize(EHCI_FRAME_LIST_PTR, 4);
460/** @} */
461
462/** @@name EHCI Isochronous Transfer Descriptor (iTD)
463 * @{ */
464#define EHCI_TD_PTR_SHIFT 5
465
466typedef struct
467{
468 uint32_t Terminate : 1;
469 uint32_t Type : 2;
470 uint32_t Reserved : 2;
471 uint32_t Pointer : 27;
472} EHCI_TD_PTR;
473AssertCompileSize(EHCI_TD_PTR, 4);
474
475typedef struct
476{
477 uint32_t Offset : 12;
478 uint32_t PG : 3;
479 uint32_t IOC : 1;
480 uint32_t Length : 12;
481 uint32_t TransactError : 1;
482 uint32_t Babble : 1;
483 uint32_t DataBufError : 1;
484 uint32_t Active : 1;
485} EHCI_ITD_TRANSACTION;
486AssertCompileSize(EHCI_ITD_TRANSACTION, 4);
487
488typedef struct
489{
490 uint32_t DeviceAddress : 7;
491 uint32_t Reserved1 : 1;
492 uint32_t EndPt : 4;
493 uint32_t Ignore1 : 20;
494 uint32_t MaxPacket : 11;
495 uint32_t DirectionIn : 1;
496 uint32_t Ignore2 : 20;
497 uint32_t Multi : 2;
498 uint32_t Reserved10 : 10;
499 uint32_t Ignore3 : 20;
500} EHCI_ITD_MISC;
501AssertCompileSize(EHCI_ITD_MISC, 12);
502
503#define EHCI_BUFFER_PTR_SHIFT 12
504
505typedef struct
506{
507 uint32_t Reserved : 12;
508 uint32_t Pointer : 20; /* 4k aligned */
509} EHCI_BUFFER_PTR;
510AssertCompileSize(EHCI_BUFFER_PTR, 4);
511
512#define EHCI_NUM_ITD_TRANSACTIONS 8
513#define EHCI_NUM_ITD_PAGES 7
514
515typedef struct
516{
517 EHCI_TD_PTR Next;
518 EHCI_ITD_TRANSACTION Transaction[EHCI_NUM_ITD_TRANSACTIONS];
519 union
520 {
521 EHCI_ITD_MISC Misc;
522 EHCI_BUFFER_PTR Buffer[EHCI_NUM_ITD_PAGES];
523 } Buffer;
524} EHCI_ITD, *PEHCI_ITD;
525typedef const EHCI_ITD *PEHCI_CITD;
526AssertCompileSize(EHCI_ITD, 0x40);
527/** @} */
528
529/* ITD with extra padding to add 8th 'Buffer' entry. The PG member of
530 * EHCI_ITD_TRANSACTION can contain values in the 0-7 range, but only values
531 * 0-6 are valid. The extra padding is added to avoid cluttering the code
532 * with range checks; ehciR3ReadItd() initializes the pad with a safe value.
533 * The EHCI 1.0 specification explicitly says using PG value of 7 yields
534 * undefined behavior.
535 */
536typedef struct
537{
538 EHCI_ITD itd;
539 EHCI_BUFFER_PTR pad;
540} EHCI_ITD_PAD, *PEHCI_ITD_PAD;
541AssertCompileSize(EHCI_ITD_PAD, 0x44);
542
543/** @name Split Transaction Isochronous Transfer Descriptor (siTD)
544 * @{ */
545typedef struct
546{
547 uint32_t DeviceAddress : 7;
548 uint32_t Reserved : 1;
549 uint32_t EndPt : 4;
550 uint32_t Reserved2 : 4;
551 uint32_t HubAddress : 7;
552 uint32_t Reserved3 : 1;
553 uint32_t Port : 7;
554 uint32_t DirectionIn : 1;
555} EHCI_SITD_ADDR;
556AssertCompileSize(EHCI_SITD_ADDR, 4);
557
558typedef struct
559{
560 uint32_t SMask : 8;
561 uint32_t CMask : 8;
562 uint32_t Reserved : 16;
563} EHCI_SITD_SCHEDCTRL;
564AssertCompileSize(EHCI_SITD_SCHEDCTRL, 4);
565
566typedef struct
567{
568 /* 8 Status flags */
569 uint32_t Reserved : 1;
570 uint32_t SplitXState : 1;
571 uint32_t MisseduFrame : 1;
572 uint32_t TransactError : 1;
573 uint32_t Babble : 1;
574 uint32_t DataBufError : 1;
575 uint32_t Error : 1;
576 uint32_t Active : 1;
577 uint32_t CPMask : 8;
578 uint32_t Length : 10;
579 uint32_t Reserved4 : 4;
580 uint32_t PageSelect : 1;
581 uint32_t IOC : 1;
582} EHCI_SITD_TRANSFER;
583AssertCompileSize(EHCI_SITD_TRANSFER, 4);
584
585typedef struct
586{
587 uint32_t Offset : 12;
588 uint32_t Pointer : 20; /**< 4k aligned */
589} EHCI_SITD_BUFFER0;
590AssertCompileSize(EHCI_SITD_BUFFER0, 4);
591
592typedef struct
593{
594 uint32_t TCount : 3;
595 uint32_t TPosition : 2;
596 uint32_t Reserved : 7;
597 uint32_t Pointer : 20; /**< 4k aligned */
598} EHCI_SITD_BUFFER1;
599AssertCompileSize(EHCI_SITD_BUFFER1, 4);
600
601typedef struct
602{
603 uint32_t Terminate : 1;
604 uint32_t Reserved : 4;
605 uint32_t Pointer : 27;
606} EHCI_SITD_BACKPTR;
607AssertCompileSize(EHCI_SITD_BACKPTR, 4);
608
609typedef struct
610{
611 EHCI_TD_PTR NextSITD;
612 EHCI_SITD_ADDR Address;
613 EHCI_SITD_SCHEDCTRL ScheduleCtrl;
614 EHCI_SITD_TRANSFER Transfer;
615 EHCI_SITD_BUFFER0 Buffer0;
616 EHCI_SITD_BUFFER1 Buffer1;
617 EHCI_SITD_BACKPTR BackPtr;
618} EHCI_SITD, *PEHCI_SITD;
619typedef const EHCI_SITD *PEHCI_CSITD;
620AssertCompileSize(EHCI_SITD, 0x1C);
621/** @} */
622
623
624/** @name Queue Element Transfer Descriptor (qTD)
625 * @{ */
626typedef struct
627{
628 uint32_t Terminate : 1;
629 uint32_t Reserved : 4;
630 uint32_t Pointer : 27;
631} EHCI_QTD_NEXTPTR;
632AssertCompileSize(EHCI_QTD_NEXTPTR, 4);
633
634typedef struct
635{
636 uint32_t Terminate : 1;
637 uint32_t Reserved : 4;
638 uint32_t Pointer : 27;
639} EHCI_QTD_ALTNEXTPTR;
640AssertCompileSize(EHCI_QTD_ALTNEXTPTR, 4);
641
642#define EHCI_QTD_PID_OUT 0
643#define EHCI_QTD_PID_IN 1
644#define EHCI_QTD_PID_SETUP 2
645
646typedef struct
647{
648 /* 8 Status flags */
649 uint32_t PingState : 1;
650 uint32_t SplitXState : 1;
651 uint32_t MisseduFrame : 1;
652 uint32_t TransactError : 1;
653 uint32_t Babble : 1;
654 uint32_t DataBufError : 1;
655 uint32_t Halted : 1;
656 uint32_t Active : 1;
657 uint32_t PID : 2;
658 uint32_t ErrorCount : 2;
659 uint32_t CurrentPage : 3;
660 uint32_t IOC : 1;
661 uint32_t Length : 15;
662 uint32_t DataToggle : 1;
663} EHCI_QTD_TOKEN;
664AssertCompileSize(EHCI_QTD_TOKEN, 4);
665
666#define EHCI_QTD_HAS_ERROR(pQtdToken) (*((uint32_t *)pQtdToken) & 0x7F)
667
668typedef struct
669{
670 uint32_t Offset : 12;
671 uint32_t Reserved : 20;
672 uint32_t Ignore[4];
673} EHCI_QTD_OFFSET;
674AssertCompileSize(EHCI_QTD_OFFSET, 20);
675
676typedef struct
677{
678 EHCI_QTD_NEXTPTR Next;
679 EHCI_QTD_ALTNEXTPTR AltNext;
680 union
681 {
682 EHCI_QTD_TOKEN Bits;
683 uint32_t u32;
684 } Token;
685 union
686 {
687 EHCI_QTD_OFFSET Offset;
688 EHCI_BUFFER_PTR Buffer[5];
689 } Buffer;
690} EHCI_QTD, *PEHCI_QTD;
691typedef const EHCI_QTD *PEHCI_CQTD;
692AssertCompileSize(EHCI_QTD, 0x20);
693/** @} */
694
695
696/** @name Queue Head Descriptor (QHD)
697 * @{ */
698
699#define EHCI_QHD_EPT_SPEED_FULL 0 /**< 12 Mbps */
700#define EHCI_QHD_EPT_SPEED_LOW 1 /**< 1.5 Mbps */
701#define EHCI_QHD_EPT_SPEED_HIGH 2 /**< 480 Mbps */
702#define EHCI_QHD_EPT_SPEED_RESERVED 3
703
704typedef struct
705{
706 uint32_t DeviceAddress : 7;
707 uint32_t InActiveNext : 1;
708 uint32_t EndPt : 4;
709 uint32_t EndPtSpeed : 2;
710 uint32_t DataToggle : 1;
711 uint32_t HeadReclamation : 1;
712 uint32_t MaxLength : 11;
713 uint32_t ControlEPFlag : 1;
714 uint32_t NakCountReload : 4;
715} EHCI_QHD_EPCHARS;
716AssertCompileSize(EHCI_QHD_EPCHARS, 4);
717
718typedef struct
719{
720 uint32_t SMask : 8;
721 uint32_t CMask : 8;
722 uint32_t HubAddress : 7;
723 uint32_t Port : 7;
724 uint32_t Mult : 2;
725} EHCI_QHD_EPCAPS;
726AssertCompileSize(EHCI_QHD_EPCAPS, 4);
727
728typedef struct
729{
730 uint32_t Reserved : 5;
731 uint32_t Pointer : 27;
732} EHCI_QHD_CURRPTR;
733AssertCompileSize(EHCI_QHD_CURRPTR, 4);
734
735typedef struct
736{
737 uint32_t Terminate : 1;
738 uint32_t NakCnt : 4;
739 uint32_t Pointer : 27;
740} EHCI_QHD_ALTNEXT;
741AssertCompileSize(EHCI_QHD_ALTNEXT, 4);
742
743typedef struct
744{
745 uint32_t CProgMask : 8;
746 uint32_t Reserved : 4;
747 uint32_t Pointer : 20; /**< 4k aligned */
748} EHCI_QHD_BUFFER1;
749AssertCompileSize(EHCI_QHD_BUFFER1, 4);
750
751typedef struct
752{
753 uint32_t FrameTag : 5;
754 uint32_t SBytes : 7;
755 uint32_t Pointer : 20; /**< 4k aligned */
756} EHCI_QHD_BUFFER2;
757AssertCompileSize(EHCI_QHD_BUFFER2, 4);
758
759typedef struct
760{
761 EHCI_TD_PTR Next;
762 EHCI_QHD_EPCHARS Characteristics;
763 EHCI_QHD_EPCAPS Caps;
764 EHCI_QHD_CURRPTR CurrQTD;
765 union
766 {
767 EHCI_QTD OrgQTD;
768 struct
769 {
770 uint32_t Identical1[2];
771 EHCI_QHD_ALTNEXT AltNextQTD;
772 uint32_t Identical2;
773 EHCI_QHD_BUFFER1 Buffer1;
774 EHCI_QHD_BUFFER2 Buffer2;
775 uint32_t Identical3[2];
776 } Status;
777 } Overlay;
778} EHCI_QHD, *PEHCI_QHD;
779typedef const EHCI_QHD *PEHCI_CQHD;
780AssertCompileSize(EHCI_QHD, 0x30);
781/** @} */
782
783/** @name Periodic Frame Span Traversal Node (FSTN)
784 * @{ */
785
786typedef struct
787{
788 uint32_t Terminate : 1;
789 uint32_t Type : 2;
790 uint32_t Reserved : 2;
791 uint32_t Ptr : 27;
792} EHCI_FSTN_PTR;
793AssertCompileSize(EHCI_FSTN_PTR, 4);
794
795typedef struct
796{
797 EHCI_FSTN_PTR NormalPtr;
798 EHCI_FSTN_PTR BackPtr;
799} EHCI_FSTN, *PEHCI_FSTN;
800typedef const EHCI_FSTN *PEHCI_CFSTN;
801AssertCompileSize(EHCI_FSTN, 8);
802
803/** @} */
804
805
806/**
807 * EHCI register operator.
808 */
809typedef struct EHCIOPREG
810{
811 const char *pszName;
812 VBOXSTRICTRC (*pfnRead )(PPDMDEVINS pDevIns, PEHCI ehci, uint32_t iReg, uint32_t *pu32Value);
813 VBOXSTRICTRC (*pfnWrite)(PPDMDEVINS pDevIns, PEHCI ehci, uint32_t iReg, uint32_t u32Value);
814} EHCIOPREG;
815
816
817/* EHCI Local stuff */
818#define EHCI_HCS_PARAMS_PORT_ROUTING_RULES RT_BIT(7)
819#define EHCI_HCS_PARAMS_PORT_POWER_CONTROL RT_BIT(4)
820#define EHCI_HCS_PARAMS_NDP_MASK (RT_BIT(0) | RT_BIT(1) | RT_BIT(2) | RT_BIT(3))
821
822/* controller may cache an isochronous data structure for an entire frame */
823#define EHCI_HCC_PARAMS_ISOCHRONOUS_CACHING RT_BIT(7)
824#define EHCI_HCC_PARAMS_ASYNC_SCHEDULE_PARKING RT_BIT(2)
825#define EHCI_HCC_PARAMS_PROGRAMMABLE_FRAME_LIST RT_BIT(1)
826#define EHCI_HCC_PARAMS_64BITS_ADDRESSING RT_BIT(0)
827
828/** @name Interrupt Enable Register bits (USBINTR)
829 * @{ */
830#define EHCI_INTR_ENABLE_THRESHOLD RT_BIT(0)
831#define EHCI_INTR_ENABLE_ERROR RT_BIT(1)
832#define EHCI_INTR_ENABLE_PORT_CHANGE RT_BIT(2)
833#define EHCI_INTR_ENABLE_FRAME_LIST_ROLLOVER RT_BIT(3)
834#define EHCI_INTR_ENABLE_HOST_SYSTEM_ERROR RT_BIT(4)
835#define EHCI_INTR_ENABLE_ASYNC_ADVANCE RT_BIT(5)
836#define EHCI_INTR_ENABLE_MASK (EHCI_INTR_ENABLE_ASYNC_ADVANCE|EHCI_INTR_ENABLE_HOST_SYSTEM_ERROR|EHCI_INTR_ENABLE_FRAME_LIST_ROLLOVER|EHCI_INTR_ENABLE_PORT_CHANGE|EHCI_INTR_ENABLE_ERROR|EHCI_INTR_ENABLE_THRESHOLD)
837/** @} */
838
839/** @name Configure Flag Register (CONFIGFLAG)
840 * @{ */
841#define EHCI_CONFIGFLAG_ROUTING RT_BIT(0)
842#define EHCI_CONFIGFLAG_MASK EHCI_CONFIGFLAG_ROUTING
843/** @} */
844
845/** @name Status Register (USBSTS)
846 * @{ */
847#define EHCI_STATUS_ASYNC_SCHED RT_BIT(15) /* RO */
848#define EHCI_STATUS_PERIOD_SCHED RT_BIT(14) /* RO */
849#define EHCI_STATUS_RECLAMATION RT_BIT(13) /* RO */
850#define EHCI_STATUS_HCHALTED RT_BIT(12) /* RO */
851#define EHCI_STATUS_INT_ON_ASYNC_ADV RT_BIT(5)
852#define EHCI_STATUS_HOST_SYSTEM_ERROR RT_BIT(4)
853#define EHCI_STATUS_FRAME_LIST_ROLLOVER RT_BIT(3)
854#define EHCI_STATUS_PORT_CHANGE_DETECT RT_BIT(2)
855#define EHCI_STATUS_ERROR_INT RT_BIT(1)
856#define EHCI_STATUS_THRESHOLD_INT RT_BIT(0)
857#define EHCI_STATUS_INTERRUPT_MASK (EHCI_STATUS_THRESHOLD_INT|EHCI_STATUS_ERROR_INT|EHCI_STATUS_PORT_CHANGE_DETECT|EHCI_STATUS_FRAME_LIST_ROLLOVER|EHCI_STATUS_HOST_SYSTEM_ERROR|EHCI_STATUS_INT_ON_ASYNC_ADV)
858/** @} */
859
860#define EHCI_PERIODIC_LIST_MASK UINT32_C(0xFFFFF000) /**< 4kb aligned */
861#define EHCI_ASYNC_LIST_MASK UINT32_C(0xFFFFFFE0) /**< 32-byte aligned */
862
863
864/** @name Port Status and Control Register bits (PORTSC)
865 * @{ */
866#define EHCI_PORT_CURRENT_CONNECT RT_BIT(0) /**< RO */
867#define EHCI_PORT_CONNECT_CHANGE RT_BIT(1)
868#define EHCI_PORT_PORT_ENABLED RT_BIT(2)
869#define EHCI_PORT_PORT_CHANGE RT_BIT(3)
870#define EHCI_PORT_OVER_CURRENT_ACTIVE RT_BIT(4) /**< RO */
871#define EHCI_PORT_OVER_CURRENT_CHANGE RT_BIT(5)
872#define EHCI_PORT_FORCE_PORT_RESUME RT_BIT(6)
873#define EHCI_PORT_SUSPEND RT_BIT(7)
874#define EHCI_PORT_RESET RT_BIT(8)
875#define EHCI_PORT_LINE_STATUS_MASK (RT_BIT(10) | RT_BIT(11)) /**< RO */
876#define EHCI_PORT_LINE_STATUS_SHIFT 10
877#define EHCI_PORT_POWER RT_BIT(12)
878#define EHCI_PORT_OWNER RT_BIT(13)
879#define EHCI_PORT_INDICATOR (RT_BIT(14) | RT_BIT(15))
880#define EHCI_PORT_TEST_CONTROL_MASK (RT_BIT(16) | RT_BIT(17) | RT_BIT(18) | RT_BIT(19))
881#define EHCI_PORT_TEST_CONTROL_SHIFT 16
882#define EHCI_PORT_WAKE_ON_CONNECT_ENABLE RT_BIT(20)
883#define EHCI_PORT_WAKE_ON_DISCONNECT_ENABLE RT_BIT(21)
884#define EHCI_PORT_WAKE_OVER_CURRENT_ENABLE RT_BIT(22)
885#define EHCI_PORT_RESERVED (RT_BIT(9)|RT_BIT(23)|RT_BIT(24)|RT_BIT(25)|RT_BIT(26)|RT_BIT(27)|RT_BIT(28)|RT_BIT(29)|RT_BIT(30)|RT_BIT(31))
886
887#define EHCI_PORT_WAKE_MASK (EHCI_PORT_WAKE_ON_CONNECT_ENABLE|EHCI_PORT_WAKE_ON_DISCONNECT_ENABLE|EHCI_PORT_WAKE_OVER_CURRENT_ENABLE)
888#define EHCI_PORT_CHANGE_MASK (EHCI_PORT_CONNECT_CHANGE|EHCI_PORT_PORT_CHANGE|EHCI_PORT_OVER_CURRENT_CHANGE)
889/** @} */
890
891/** @name Command Register bits (USBCMD)
892 * @{ */
893#define EHCI_CMD_RUN RT_BIT(0)
894#define EHCI_CMD_RESET RT_BIT(1)
895#define EHCI_CMD_FRAME_LIST_SIZE_MASK (RT_BIT(2) | RT_BIT(3))
896#define EHCI_CMD_FRAME_LIST_SIZE_SHIFT 2
897#define EHCI_CMD_PERIODIC_SCHED_ENABLE RT_BIT(4)
898#define EHCI_CMD_ASYNC_SCHED_ENABLE RT_BIT(5)
899#define EHCI_CMD_INT_ON_ADVANCE_DOORBELL RT_BIT(6)
900#define EHCI_CMD_SOFT_RESET RT_BIT(7) /**< optional */
901#define EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_MASK (RT_BIT(8) | RT_BIT(9)) /**< optional */
902#define EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_SHIFT 8
903#define EHCI_CMD_RESERVED RT_BIT(10)
904#define EHCI_CMD_ASYNC_SCHED_PARK_ENABLE RT_BIT(11) /**< optional */
905#define EHCI_CMD_RESERVED2 (RT_BIT(12) | RT_BIT(13) | RT_BIT(14) | RT_BIT(15))
906#define EHCI_CMD_INTERRUPT_THRESHOLD_MASK (RT_BIT(16) | RT_BIT(17) | RT_BIT(18) | RT_BIT(19) | RT_BIT(20) | RT_BIT(21) | RT_BIT(22) | RT_BIT(23))
907#define EHCI_CMD_INTERRUPT_THRESHOLD_SHIFT 16
908#define EHCI_CMD_MASK (EHCI_CMD_INTERRUPT_THRESHOLD_MASK|EHCI_CMD_ASYNC_SCHED_PARK_ENABLE|EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_MASK|EHCI_CMD_SOFT_RESET|EHCI_CMD_INT_ON_ADVANCE_DOORBELL|EHCI_CMD_ASYNC_SCHED_ENABLE|EHCI_CMD_PERIODIC_SCHED_ENABLE|EHCI_CMD_FRAME_LIST_SIZE_MASK|EHCI_CMD_RESET|EHCI_CMD_RUN)
909
910#define EHCI_DEFAULT_PERIODIC_LIST_SIZE 1024
911#define EHCI_DEFAULT_PERIODIC_LIST_MASK 0x3ff
912
913#define EHCI_FRINDEX_UFRAME_COUNT_MASK 0x7
914#define EHCI_FRINDEX_FRAME_INDEX_MASK EHCI_DEFAULT_PERIODIC_LIST_MASK
915#define EHCI_FRINDEX_FRAME_INDEX_SHIFT 3
916
917/** @} */
918
919/* Local EHCI definitions */
920#define EHCI_USB_RESET 0x00
921#define EHCI_USB_RESUME 0x40
922#define EHCI_USB_OPERATIONAL 0x80
923#define EHCI_USB_SUSPEND 0xc0
924
925#define EHCI_HARDWARE_TIMER_FREQ 8000 /**< 8000 hz = every 125 usec */
926#define EHCI_DEFAULT_TIMER_FREQ 1000
927#define EHCI_UFRAMES_PER_FRAME 8
928
929#ifndef VBOX_DEVICE_STRUCT_TESTCASE
930
931
932/*********************************************************************************************************************************
933* Global Variables *
934*********************************************************************************************************************************/
935#if defined(VBOX_IN_EXTPACK_R0) && defined(RT_OS_SOLARIS)
936/* Dependency information for the native solaris loader. */
937extern "C" { char _depends_on[] = "vboxdrv VMMR0.r0"; }
938#endif
939
940#if defined(LOG_ENABLED) && defined(IN_RING3)
941static bool g_fLogControlEPs = false;
942static bool g_fLogInterruptEPs = false;
943#endif
944
945#ifdef IN_RING3
946/**
947 * SSM descriptor table for the EHCI structure.
948 */
949static SSMFIELD const g_aEhciFields[] =
950{
951 SSMFIELD_ENTRY( EHCI, fAsyncTraversalTimerActive),
952 SSMFIELD_ENTRY( EHCI, SofTime),
953 SSMFIELD_ENTRY( EHCI, RootHub.unused),
954 SSMFIELD_ENTRY( EHCI, RootHub.unused),
955 SSMFIELD_ENTRY( EHCI, RootHub.unused),
956 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[0].fReg),
957 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[1].fReg),
958 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[2].fReg),
959 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[3].fReg),
960 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[4].fReg),
961 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[5].fReg),
962 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[6].fReg),
963 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[7].fReg),
964 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[8].fReg),
965 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[9].fReg),
966 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[10].fReg),
967 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[11].fReg),
968 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[12].fReg),
969 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[13].fReg),
970 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[14].fReg),
971 SSMFIELD_ENTRY( EHCI, cap_length),
972 SSMFIELD_ENTRY( EHCI, hci_version),
973 SSMFIELD_ENTRY( EHCI, hcs_params),
974 SSMFIELD_ENTRY( EHCI, hcc_params),
975 SSMFIELD_ENTRY( EHCI, cmd),
976 SSMFIELD_ENTRY( EHCI, intr_status),
977 SSMFIELD_ENTRY( EHCI, intr),
978 SSMFIELD_ENTRY( EHCI, frame_idx),
979 SSMFIELD_ENTRY( EHCI, ds_segment),
980 SSMFIELD_ENTRY( EHCI, periodic_list_base),
981 SSMFIELD_ENTRY( EHCI, async_list_base),
982 SSMFIELD_ENTRY( EHCI, config),
983 SSMFIELD_ENTRY( EHCI, uIrqInterval),
984 SSMFIELD_ENTRY( EHCI, HcFmNumber),
985 SSMFIELD_ENTRY( EHCI, uFramesPerTimerCall),
986 SSMFIELD_ENTRY( EHCI, fBusStarted),
987 SSMFIELD_ENTRY_TERM()
988};
989#endif
990
991
992/*********************************************************************************************************************************
993* Internal Functions *
994*********************************************************************************************************************************/
995RT_C_DECLS_BEGIN
996#ifdef IN_RING3
997/* Update host controller state to reflect a device attach */
998static void ehciR3PortPower(PEHCI pThis, PEHCICC pThisCC, unsigned iPort, bool fPowerUp);
999
1000static void ehciR3QHUpdateOverlay(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC,
1001 PEHCI_QHD pQhd, RTGCPHYS GCPhysQHD, PEHCI_QTD pQtd);
1002static void ehciR3CalcTimerIntervals(PEHCI pThis, PEHCICC pThisCC, uint32_t u32FrameRate);
1003#endif /* IN_RING3 */
1004RT_C_DECLS_END
1005
1006/**
1007 * Update PCI IRQ levels
1008 */
1009static void ehciUpdateInterruptLocked(PPDMDEVINS pDevIns, PEHCI pThis, const char *msg)
1010{
1011 int level = 0;
1012
1013 if (pThis->intr_status & pThis->intr)
1014 level = 1;
1015
1016 PDMDevHlpPCISetIrq(pDevIns, 0, level);
1017 if (level)
1018 {
1019 uint32_t val = pThis->intr_status & pThis->intr;
1020
1021 Log2Func(("Fired off interrupt %#010x - INT=%d ERR=%d PCD=%d FLR=%d HSE=%d IAA=%d - %s\n",
1022 val,
1023 !!(val & EHCI_STATUS_THRESHOLD_INT),
1024 !!(val & EHCI_STATUS_ERROR_INT),
1025 !!(val & EHCI_STATUS_PORT_CHANGE_DETECT),
1026 !!(val & EHCI_STATUS_FRAME_LIST_ROLLOVER),
1027 !!(val & EHCI_STATUS_HOST_SYSTEM_ERROR),
1028 !!(val & EHCI_STATUS_INT_ON_ASYNC_ADV),
1029 msg));
1030 RT_NOREF(val, msg);
1031
1032 /* host controller must clear the EHCI_CMD_INT_ON_ADVANCE_DOORBELL bit after setting it in the status register */
1033 if (pThis->intr_status & EHCI_STATUS_INT_ON_ASYNC_ADV)
1034 ASMAtomicAndU32(&pThis->cmd, ~EHCI_CMD_INT_ON_ADVANCE_DOORBELL);
1035
1036 }
1037 else
1038 Log2Func(("cleared interrupt\n"));
1039}
1040
1041/**
1042 * Set an interrupt, use the wrapper ehciSetInterrupt.
1043 */
1044DECLINLINE(int) ehciSetInterruptInt(PPDMDEVINS pDevIns, PEHCI pThis, int rcBusy, uint32_t intr, const char *msg)
1045{
1046 int rc = PDMDevHlpCritSectEnter(pDevIns, &pThis->CsIrq, rcBusy);
1047 if (rc != VINF_SUCCESS)
1048 return rc;
1049
1050 if ( (pThis->intr_status & intr) != intr )
1051 {
1052 ASMAtomicOrU32(&pThis->intr_status, intr);
1053 ehciUpdateInterruptLocked(pDevIns, pThis, msg);
1054 }
1055
1056 PDMDevHlpCritSectLeave(pDevIns, &pThis->CsIrq);
1057 return rc;
1058}
1059
1060/**
1061 * Set an interrupt wrapper macro for logging purposes.
1062 */
1063#define ehciSetInterrupt(a_pDevIns, a_pEhci, a_rcBusy, a_fIntr) \
1064 ehciSetInterruptInt(a_pDevIns, a_pEhci, a_rcBusy, a_fIntr, #a_fIntr)
1065#define ehciR3SetInterrupt(a_pDevIns, a_pEhci, a_fIntr) \
1066 ehciSetInterruptInt(a_pDevIns, a_pEhci, VERR_IGNORED, a_fIntr, #a_fIntr)
1067
1068#ifdef IN_RING3
1069
1070/**
1071 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
1072 */
1073static DECLCALLBACK(void *) ehciR3RhQueryInterface(PPDMIBASE pInterface, const char *pszIID)
1074{
1075 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.IBase);
1076 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThisCC->RootHub.IBase);
1077 PDMIBASE_RETURN_INTERFACE(pszIID, VUSBIROOTHUBPORT, &pThisCC->RootHub.IRhPort);
1078 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThisCC->RootHub.ILeds);
1079 return NULL;
1080}
1081
1082/**
1083 * Gets the pointer to the status LED of a unit.
1084 *
1085 * @returns VBox status code.
1086 * @param pInterface Pointer to the interface structure containing the called function pointer.
1087 * @param iLUN The unit which status LED we desire.
1088 * @param ppLed Where to store the LED pointer.
1089 */
1090static DECLCALLBACK(int) ehciR3RhQueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
1091{
1092 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.ILeds);
1093 if (iLUN == 0)
1094 {
1095 *ppLed = &pThisCC->RootHub.Led;
1096 return VINF_SUCCESS;
1097 }
1098 return VERR_PDM_LUN_NOT_FOUND;
1099}
1100
1101
1102/**
1103 * Get the number of avialable ports in the hub.
1104 *
1105 * @returns The number of ports available.
1106 * @param pInterface Pointer to this structure.
1107 * @param pAvailable Bitmap indicating the available ports. Set bit == available port.
1108 */
1109static DECLCALLBACK(unsigned) ehciR3RhGetAvailablePorts(PVUSBIROOTHUBPORT pInterface, PVUSBPORTBITMAP pAvailable)
1110{
1111 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.IRhPort);
1112 PPDMDEVINS pDevIns = pThisCC->pDevIns;
1113 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
1114
1115 memset(pAvailable, 0, sizeof(*pAvailable));
1116
1117 int const rcLock = PDMDevHlpCritSectEnter(pDevIns, pDevIns->pCritSectRoR3, VERR_IGNORED);
1118 PDM_CRITSECT_RELEASE_ASSERT_RC_DEV(pDevIns, pDevIns->pCritSectRoR3, rcLock);
1119
1120 unsigned cPorts = 0;
1121 for (unsigned iPort = 0; iPort < EHCI_NDP_CFG(pThis); iPort++)
1122 {
1123 if (!pThisCC->RootHub.aPorts[iPort].fAttached)
1124 {
1125 cPorts++;
1126 ASMBitSet(pAvailable, iPort + 1);
1127 }
1128 }
1129
1130 PDMDevHlpCritSectLeave(pDevIns, pDevIns->pCritSectRoR3);
1131 return cPorts;
1132}
1133
1134
1135/**
1136 * Gets the supported USB versions.
1137 *
1138 * @returns The mask of supported USB versions.
1139 * @param pInterface Pointer to this structure.
1140 */
1141static DECLCALLBACK(uint32_t) ehciR3RhGetUSBVersions(PVUSBIROOTHUBPORT pInterface)
1142{
1143 RT_NOREF(pInterface);
1144 return VUSB_STDVER_20;
1145}
1146
1147
1148/** @interface_method_impl{VUSBIROOTHUBPORT,pfnAttach} */
1149static DECLCALLBACK(int) ehciR3RhAttach(PVUSBIROOTHUBPORT pInterface, uint32_t uPort, VUSBSPEED enmSpeed)
1150{
1151 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.IRhPort);
1152 PPDMDEVINS pDevIns = pThisCC->pDevIns;
1153 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
1154 LogFlowFunc(("uPort=%u\n", uPort));
1155 int const rcLock = PDMDevHlpCritSectEnter(pDevIns, pDevIns->pCritSectRoR3, VERR_IGNORED);
1156 PDM_CRITSECT_RELEASE_ASSERT_RC_DEV(pDevIns, pDevIns->pCritSectRoR3, rcLock);
1157
1158 /*
1159 * Validate and adjust input.
1160 */
1161 Assert(uPort >= 1 && uPort <= EHCI_NDP_CFG(pThis));
1162 uPort--;
1163 Assert(!pThisCC->RootHub.aPorts[uPort].fAttached);
1164 Assert(enmSpeed == VUSB_SPEED_HIGH); RT_NOREF(enmSpeed); /* Only HS devices should end up here! */
1165
1166 /*
1167 * Attach it.
1168 */
1169 ASMAtomicAndU32(&pThis->RootHub.aPorts[uPort].fReg, ~EHCI_PORT_OWNER); /* not attached to a companion controller */
1170 ASMAtomicOrU32(&pThis->RootHub.aPorts[uPort].fReg, EHCI_PORT_CURRENT_CONNECT | EHCI_PORT_CONNECT_CHANGE);
1171 pThisCC->RootHub.aPorts[uPort].fAttached = true;
1172 ehciR3PortPower(pThis, pThisCC, uPort, 1 /* power on */);
1173
1174 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_PORT_CHANGE_DETECT);
1175
1176 PDMDevHlpCritSectLeave(pDevIns, pDevIns->pCritSectRoR3);
1177 return VINF_SUCCESS;
1178}
1179
1180
1181/**
1182 * A device is being detached from a port in the roothub.
1183 *
1184 * @param pInterface Pointer to this structure.
1185 * @param uPort The port number assigned to the device.
1186 */
1187static DECLCALLBACK(void) ehciR3RhDetach(PVUSBIROOTHUBPORT pInterface, uint32_t uPort)
1188{
1189 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.IRhPort);
1190 PPDMDEVINS pDevIns = pThisCC->pDevIns;
1191 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
1192 LogFlowFunc(("uPort=%u\n", uPort));
1193 int const rcLock = PDMDevHlpCritSectEnter(pDevIns, pDevIns->pCritSectRoR3, VERR_IGNORED);
1194 PDM_CRITSECT_RELEASE_ASSERT_RC_DEV(pDevIns, pDevIns->pCritSectRoR3, rcLock);
1195
1196 /*
1197 * Validate and adjust input.
1198 */
1199 Assert(uPort >= 1 && uPort <= EHCI_NDP_CFG(pThis));
1200 uPort--;
1201 Assert(pThisCC->RootHub.aPorts[uPort].fAttached);
1202
1203 /*
1204 * Detach it.
1205 */
1206 pThisCC->RootHub.aPorts[uPort].fAttached = false;
1207 ASMAtomicAndU32(&pThis->RootHub.aPorts[uPort].fReg, ~EHCI_PORT_CURRENT_CONNECT);
1208 if (pThis->RootHub.aPorts[uPort].fReg & EHCI_PORT_PORT_ENABLED)
1209 {
1210 ASMAtomicAndU32(&pThis->RootHub.aPorts[uPort].fReg, ~EHCI_PORT_PORT_ENABLED);
1211 ASMAtomicOrU32(&pThis->RootHub.aPorts[uPort].fReg, EHCI_PORT_CONNECT_CHANGE | EHCI_PORT_PORT_CHANGE);
1212 }
1213 else
1214 ASMAtomicOrU32(&pThis->RootHub.aPorts[uPort].fReg, EHCI_PORT_CONNECT_CHANGE);
1215
1216 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_PORT_CHANGE_DETECT);
1217
1218 PDMDevHlpCritSectLeave(pDevIns, pDevIns->pCritSectRoR3);
1219}
1220
1221
1222/**
1223 * One of the roothub devices has completed its reset operation.
1224 *
1225 * Currently, we don't think anything is required to be done here
1226 * so it's just a stub for forcing async resetting of the devices
1227 * during a root hub reset.
1228 *
1229 * @param pDev The root hub device.
1230 * @param uPort The port number of the device on the roothub being resetted.
1231 * @param rc The result of the operation.
1232 * @param pvUser Pointer to the controller.
1233 */
1234static DECLCALLBACK(void) ehciR3RhResetDoneOneDev(PVUSBIDEVICE pDev, uint32_t uPort, int rc, void *pvUser)
1235{
1236 LogRel(("EHCI: root hub reset completed with %Rrc\n", rc));
1237 RT_NOREF(pDev, uPort, rc, pvUser);
1238}
1239
1240
1241/**
1242 * Does a software or hardware reset of the controller.
1243 *
1244 * This is called in response to setting HcCommandStatus.HCR, hardware reset,
1245 * and device construction.
1246 *
1247 * @param pDevIns The device instance.
1248 * @param pThis The shared EHCI instance data.
1249 * @param pThisCC The ring-3 EHCI instance data.
1250 * @param fNewMode The new mode of operation. This is UsbSuspend if it's a
1251 * software reset, and UsbReset if it's a hardware reset / cold boot.
1252 * @param fResetOnLinux Set if we can do a real reset of the devices attached to the root hub.
1253 * This is really a just a hack for the non-working linux device reset.
1254 * Linux has this feature called 'logical disconnect' if device reset fails
1255 * which prevents us from doing resets when the guest asks for it - the guest
1256 * will get confused when the device seems to be reconnected everytime it tries
1257 * to reset it. But if we're at hardware reset time, we can allow a device to
1258 * be 'reconnected' without upsetting the guest.
1259 *
1260 * @remark This hasn't got anything to do with software setting the mode to UsbReset.
1261 */
1262static void ehciR3DoReset(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC, uint32_t fNewMode, bool fResetOnLinux)
1263{
1264 LogFunc(("%s reset%s\n", fNewMode == EHCI_USB_RESET ? "hardware" : "software",
1265 fResetOnLinux ? " (reset on linux)" : ""));
1266
1267 /*
1268 * Cancel all outstanding URBs.
1269 *
1270 * We can't, and won't, deal with URBs until we're moved out of the
1271 * suspend/reset state. Also, a real HC isn't going to send anything
1272 * any more when a reset has been signaled.
1273 *
1274 * This must be done on the framer thread to avoid race conditions.
1275 */
1276 pThisCC->RootHub.pIRhConn->pfnCancelAllUrbs(pThisCC->RootHub.pIRhConn);
1277
1278 /*
1279 * Reset the hardware registers.
1280 */
1281 /** @todo other differences between hardware reset and VM reset? */
1282
1283 if (pThis->hcc_params & EHCI_HCC_PARAMS_ASYNC_SCHEDULE_PARKING)
1284 pThis->cmd = 0x80000 | EHCI_CMD_ASYNC_SCHED_PARK_ENABLE | (3 << EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_SHIFT);
1285 else
1286 pThis->cmd = 0x80000;
1287
1288 pThis->intr_status = EHCI_STATUS_HCHALTED;
1289 pThis->intr = 0;
1290 pThis->frame_idx = 0;
1291 pThis->ds_segment = 0;
1292 pThis->periodic_list_base = 0; /* undefined */
1293 pThis->async_list_base = 0; /* undefined */
1294 pThis->config = 0;
1295 pThis->uIrqInterval = (pThis->intr_status & EHCI_CMD_INTERRUPT_THRESHOLD_MASK) >> EHCI_CMD_INTERRUPT_THRESHOLD_SHIFT;
1296
1297 /* We have to update interrupts as the IRQ may need to be cleared. */
1298 int const rcLock = PDMDevHlpCritSectEnter(pDevIns, &pThis->CsIrq, VERR_IGNORED);
1299 PDM_CRITSECT_RELEASE_ASSERT_RC_DEV(pDevIns, &pThis->CsIrq, rcLock);
1300
1301 ehciUpdateInterruptLocked(pDevIns, pThis, "ehciR3DoReset");
1302
1303 PDMDevHlpCritSectLeave(pDevIns, &pThis->CsIrq);
1304
1305 ehciR3CalcTimerIntervals(pThis, pThisCC, pThisCC->uFrameRateDefault);
1306
1307 if (fNewMode == EHCI_USB_RESET)
1308 {
1309 /* Only a hardware reset reinits the port registers */
1310 for (unsigned i = 0; i < EHCI_NDP_CFG(pThis); i++)
1311 {
1312 if (pThis->hcs_params & EHCI_HCS_PARAMS_PORT_POWER_CONTROL)
1313 pThis->RootHub.aPorts[i].fReg = EHCI_PORT_OWNER;
1314 else
1315 pThis->RootHub.aPorts[i].fReg = EHCI_PORT_POWER | EHCI_PORT_OWNER;
1316 }
1317 }
1318/** @todo Shouldn't we stop the SOF timer at this point? */
1319
1320 /*
1321 * If this is a hardware reset, we will initialize the root hub too.
1322 * Software resets doesn't do this according to the specs.
1323 * (It's not possible to have device connected at the time of the
1324 * device construction, so nothing to worry about there.)
1325 */
1326 if (fNewMode == EHCI_USB_RESET)
1327 {
1328 pThisCC->RootHub.pIRhConn->pfnReset(pThisCC->RootHub.pIRhConn, fResetOnLinux);
1329
1330 /*
1331 * Reattach the devices.
1332 */
1333 for (unsigned i = 0; i < EHCI_NDP_CFG(pThis); i++)
1334 {
1335 bool fAttached = pThisCC->RootHub.aPorts[i].fAttached;
1336 pThisCC->RootHub.aPorts[i].fAttached = false;
1337
1338 if (fAttached)
1339 ehciR3RhAttach(&pThisCC->RootHub.IRhPort, i+1, VUSB_SPEED_HIGH);
1340 }
1341 }
1342}
1343
1344/**
1345 * Reset the root hub.
1346 *
1347 * @returns VBox status code.
1348 * @param pInterface Pointer to this structure.
1349 * @param fResetOnLinux This is used to indicate whether we're at VM reset time and
1350 * can do real resets or if we're at any other time where that
1351 * isn't such a good idea.
1352 * @remark Do NOT call VUSBIDevReset on the root hub in an async fashion!
1353 * @thread EMT
1354 */
1355static DECLCALLBACK(int) ehciR3RhReset(PVUSBIROOTHUBPORT pInterface, bool fResetOnLinux)
1356{
1357 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.IRhPort);
1358 PPDMDEVINS pDevIns = pThisCC->pDevIns;
1359 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
1360 LogFunc(("fResetOnLinux=%d\n", fResetOnLinux));
1361
1362 /* Soft reset first */
1363 ehciR3DoReset(pDevIns, pThis, pThisCC, EHCI_USB_SUSPEND, false /* N/A */);
1364
1365 /*
1366 * We're pretending to _reattach_ the devices without resetting them.
1367 * Except, during VM reset where we use the opportunity to do a proper
1368 * reset before the guest comes along and expects things.
1369 *
1370 * However, it's very very likely that we're not doing the right thing
1371 * here when end up here on request from the guest (USB Reset state).
1372 * The docs talks about root hub resetting, however what exact behaviour
1373 * in terms of root hub status and changed bits, and HC interrupts aren't
1374 * stated clearly. IF we get trouble and see the guest doing "USB Resets"
1375 * we will have to look into this. For the time being we stick with simple.
1376 */
1377 for (unsigned iPort = 0; iPort < EHCI_NDP_CFG(pThis); iPort++)
1378 {
1379 if (pThisCC->RootHub.aPorts[iPort].fAttached)
1380 {
1381 ASMAtomicOrU32(&pThis->RootHub.aPorts[iPort].fReg, EHCI_PORT_CURRENT_CONNECT | EHCI_PORT_CONNECT_CHANGE);
1382 if (fResetOnLinux)
1383 {
1384 PVM pVM = PDMDevHlpGetVM(pDevIns);
1385 VUSBIRhDevReset(pThisCC->RootHub.pIRhConn, EHCI_PORT_2_VUSB_PORT(iPort), fResetOnLinux,
1386 ehciR3RhResetDoneOneDev, pThis, pVM);
1387 }
1388 }
1389 }
1390
1391 return VINF_SUCCESS;
1392}
1393
1394
1395/**
1396 * Reads physical memory.
1397 */
1398DECLINLINE(void) ehciPhysRead(PPDMDEVINS pDevIns, RTGCPHYS Addr, void *pvBuf, size_t cbBuf)
1399{
1400 PDMDevHlpPCIPhysReadUser(pDevIns, Addr, pvBuf, cbBuf);
1401}
1402
1403
1404/**
1405 * Reads physical memory - metadata.
1406 */
1407DECLINLINE(void) ehciPhysReadMeta(PPDMDEVINS pDevIns, RTGCPHYS Addr, void *pvBuf, size_t cbBuf)
1408{
1409 PDMDevHlpPCIPhysReadMeta(pDevIns, Addr, pvBuf, cbBuf);
1410}
1411
1412
1413/**
1414 * Writes physical memory.
1415 */
1416DECLINLINE(void) ehciPhysWrite(PPDMDEVINS pDevIns, RTGCPHYS Addr, const void *pvBuf, size_t cbBuf)
1417{
1418 PDMDevHlpPCIPhysWriteUser(pDevIns, Addr, pvBuf, cbBuf);
1419}
1420
1421
1422/**
1423 * Writes physical memory.
1424 */
1425DECLINLINE(void) ehciPhysWriteMeta(PPDMDEVINS pDevIns, RTGCPHYS Addr, const void *pvBuf, size_t cbBuf)
1426{
1427 PDMDevHlpPCIPhysWriteMeta(pDevIns, Addr, pvBuf, cbBuf);
1428}
1429
1430
1431/**
1432 * Read an array of dwords from physical memory and correct endianness.
1433 */
1434DECLINLINE(void) ehciGetDWords(PPDMDEVINS pDevIns, RTGCPHYS Addr, uint32_t *pau32s, int c32s)
1435{
1436 ehciPhysReadMeta(pDevIns, Addr, pau32s, c32s * sizeof(uint32_t));
1437# ifndef RT_LITTLE_ENDIAN
1438 for(int i = 0; i < c32s; i++)
1439 pau32s[i] = RT_H2LE_U32(pau32s[i]);
1440# endif
1441}
1442
1443
1444/**
1445 * Write an array of dwords from physical memory and correct endianness.
1446 */
1447DECLINLINE(void) ehciPutDWords(PPDMDEVINS pDevIns, RTGCPHYS Addr, const uint32_t *pau32s, int cu32s)
1448{
1449# ifdef RT_LITTLE_ENDIAN
1450 ehciPhysWriteMeta(pDevIns, Addr, pau32s, cu32s << 2);
1451# else
1452 for (int i = 0; i < c32s; i++, pau32s++, Addr += sizeof(*pau32s))
1453 {
1454 uint32_t u32Tmp = RT_H2LE_U32(*pau32s);
1455 ehciPhysWriteMeta(pDevIns, Addr, (uint8_t *)&u32Tmp, sizeof(u32Tmp));
1456 }
1457# endif
1458}
1459
1460
1461DECLINLINE(void) ehciR3ReadFrameListPtr(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, EHCI_FRAME_LIST_PTR *pFrameList)
1462{
1463 ehciGetDWords(pDevIns, GCPhys, (uint32_t *)pFrameList, sizeof(*pFrameList) >> 2);
1464}
1465
1466DECLINLINE(void) ehciR3ReadTDPtr(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, EHCI_TD_PTR *pTD)
1467{
1468 ehciGetDWords(pDevIns, GCPhys, (uint32_t *)pTD, sizeof(*pTD) >> 2);
1469}
1470
1471DECLINLINE(void) ehciR3ReadItd(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_ITD_PAD pPItd)
1472{
1473 ehciGetDWords(pDevIns, GCPhys, (uint32_t *)pPItd, sizeof(EHCI_ITD) >> 2);
1474 pPItd->pad.Pointer = 0xFFFFF; /* Direct accesses at the last page under 4GB (ROM). */
1475}
1476
1477DECLINLINE(void) ehciR3ReadSitd(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_SITD pSitd)
1478{
1479 ehciGetDWords(pDevIns, GCPhys, (uint32_t *)pSitd, sizeof(*pSitd) >> 2);
1480}
1481
1482DECLINLINE(void) ehciR3WriteItd(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_ITD pItd)
1483{
1484 /** @todo might need to be careful about write order in async io thread */
1485 /*
1486 * Only write to the fields the controller is allowed to write to,
1487 * namely the eight double words coming after the next link pointer.
1488 */
1489 uint32_t offWrite = RT_OFFSETOF(EHCI_ITD, Transaction[0]);
1490 uint32_t offDWordsWrite = offWrite / sizeof(uint32_t);
1491 Assert(!(offWrite % sizeof(uint32_t)));
1492
1493 ehciPutDWords(pDevIns, GCPhys + offWrite, (uint32_t *)pItd + offDWordsWrite, (sizeof(*pItd) >> 2) - offDWordsWrite);
1494}
1495
1496DECLINLINE(void) ehciR3ReadQHD(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_QHD pQHD)
1497{
1498 ehciGetDWords(pDevIns, GCPhys, (uint32_t *)pQHD, sizeof(*pQHD) >> 2);
1499}
1500
1501DECLINLINE(void) ehciR3ReadQTD(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_QTD pQTD)
1502{
1503 ehciGetDWords(pDevIns, GCPhys, (uint32_t *)pQTD, sizeof(*pQTD) >> 2);
1504}
1505
1506DECLINLINE(void) ehciR3WriteQTD(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_QTD pQTD)
1507{
1508 /** @todo might need to be careful about write order in async io thread */
1509 /*
1510 * Only write to the fields the controller is allowed to write to,
1511 * namely the two double words coming after the alternate next QTD pointer.
1512 */
1513 uint32_t offWrite = RT_OFFSETOF(EHCI_QTD, Token.u32);
1514 uint32_t offDWordsWrite = offWrite / sizeof(uint32_t);
1515 Assert(!(offWrite % sizeof(uint32_t)));
1516
1517 ehciPutDWords(pDevIns, GCPhys + offWrite, (uint32_t *)pQTD + offDWordsWrite, (sizeof(*pQTD) >> 2) - offDWordsWrite);
1518}
1519
1520
1521/**
1522 * Updates the QHD in guest memory only updating portions of the QHD the controller
1523 * is allowed to write to.
1524 *
1525 * @param pDevIns The device instance.
1526 * @param GCPhys Physical guest address of the QHD.
1527 * @param pQHD The QHD to update the guest memory with.
1528 */
1529DECLINLINE(void) ehciR3UpdateQHD(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_QHD pQHD)
1530{
1531 /*
1532 * Only update members starting from the current QTD pointer, everything
1533 * before is readonly for the controller and the guest might have updated it
1534 * behind our backs already.
1535 */
1536 uint32_t offWrite = RT_OFFSETOF(EHCI_QHD, CurrQTD);
1537 ehciPhysWriteMeta(pDevIns, GCPhys + offWrite, (uint8_t *)pQHD + offWrite, sizeof(EHCI_QHD) - offWrite);
1538}
1539
1540#ifdef LOG_ENABLED
1541
1542# if 0 /* unused */
1543/**
1544 * Dumps a TD queue. LOG_ENABLED builds only.
1545 */
1546DECLINLINE(void) ehciR3DumpTdQueue(PEHCI pThis, RTGCPHYS GCPhysHead, const char *pszMsg)
1547{
1548 RT_NOREF(pThis, GCPhysHead, pszMsg);
1549 AssertFailed();
1550}
1551# endif /* unused */
1552
1553/**
1554 * Dumps an SITD list. LOG_ENABLED builds only.
1555 */
1556DECLINLINE(void) ehciR3DumpSITD(PPDMDEVINS pDevIns, RTGCPHYS GCPhysHead, bool fList)
1557{
1558 RT_NOREF(pDevIns, GCPhysHead, fList);
1559 AssertFailed();
1560}
1561
1562/**
1563 * Dumps an FSTN list. LOG_ENABLED builds only.
1564 */
1565DECLINLINE(void) ehciR3DumpFSTN(PPDMDEVINS pDevIns, RTGCPHYS GCPhysHead, bool fList)
1566{
1567 RT_NOREF(pDevIns, GCPhysHead, fList);
1568 AssertFailed();
1569}
1570
1571#ifdef LOG_ENABLED
1572static const char *ehciPID2Str(uint32_t PID)
1573{
1574 switch(PID)
1575 {
1576 case EHCI_QTD_PID_OUT:
1577 return "OUT";
1578 case EHCI_QTD_PID_IN:
1579 return "IN";
1580 case EHCI_QTD_PID_SETUP:
1581 return "SETUP";
1582 default:
1583 return "Invalid PID!";
1584 }
1585}
1586#endif
1587
1588DECLINLINE(void) ehciR3DumpSingleQTD(RTGCPHYS GCPhys, PEHCI_QTD pQtd, const char *pszPrefix)
1589{
1590 if (pQtd->Token.Bits.Active)
1591 {
1592 Log2((" QTD%s: %RGp={", pszPrefix, GCPhys));
1593 Log2((" Length=%x IOC=%d DT=%d CErr=%d C_Page=%d Status=%x PID=%s}\n", pQtd->Token.Bits.Length, pQtd->Token.Bits.IOC, pQtd->Token.Bits.DataToggle, pQtd->Token.Bits.ErrorCount, pQtd->Token.Bits.CurrentPage, pQtd->Token.u32 & 0xff, ehciPID2Str(pQtd->Token.Bits.PID)));
1594 Log2((" QTD: %RGp={", GCPhys));
1595 Log2((" Buf0=%x Offset=%x Buf1=%x Buf2=%x Buf3=%x Buf4=%x}\n", pQtd->Buffer.Buffer[0].Pointer, pQtd->Buffer.Offset.Offset, pQtd->Buffer.Buffer[1].Pointer, pQtd->Buffer.Buffer[2].Pointer, pQtd->Buffer.Buffer[3].Pointer, pQtd->Buffer.Buffer[4].Pointer));
1596 Log2((" QTD: %RGp={", GCPhys));
1597 Log2((" Next=%RGp T=%d AltNext=%RGp AltT=%d\n", (RTGCPHYS)pQtd->Next.Pointer << EHCI_TD_PTR_SHIFT, pQtd->Next.Terminate, (RTGCPHYS)pQtd->AltNext.Pointer << EHCI_TD_PTR_SHIFT, pQtd->AltNext.Terminate));
1598 }
1599 else
1600 Log2((" QTD%s: %RGp={Not Active}\n", pszPrefix, GCPhys));
1601}
1602
1603/**
1604 * Dumps a QTD list. LOG_ENABLED builds only.
1605 */
1606DECLINLINE(void) ehciR3DumpQTD(PPDMDEVINS pDevIns, RTGCPHYS GCPhysHead, bool fList)
1607{
1608 RTGCPHYS GCPhys = GCPhysHead;
1609 unsigned iterations = 0;
1610
1611 for (;;)
1612 {
1613 EHCI_QTD qtd;
1614
1615 /* Read the whole QHD */
1616 ehciR3ReadQTD(pDevIns, GCPhys, &qtd);
1617 ehciR3DumpSingleQTD(GCPhys, &qtd, "");
1618
1619 if (!fList || qtd.Next.Terminate || !qtd.Next.Pointer || qtd.Token.Bits.Halted || !qtd.Token.Bits.Active)
1620 break;
1621
1622 /* next */
1623 if (GCPhys == ((RTGCPHYS)qtd.Next.Pointer << EHCI_TD_PTR_SHIFT))
1624 break; /* detect if list item is self-cycled. */
1625
1626 GCPhys = (RTGCPHYS)qtd.Next.Pointer << EHCI_TD_PTR_SHIFT;
1627
1628 if (GCPhys == GCPhysHead)
1629 break;
1630
1631 /* If we ran too many iterations, the list must be looping in on itself.
1632 * On a real controller loops wouldn't be fatal, as it will eventually
1633 * run out of time in the micro-frame.
1634 */
1635 if (++iterations == 128)
1636 {
1637 LogFunc(("Too many iterations, exiting!\n"));
1638 break;
1639 }
1640 }
1641
1642 /* alternative pointers */
1643 GCPhys = GCPhysHead;
1644 iterations = 0;
1645
1646 for (;;)
1647 {
1648 EHCI_QTD qtd;
1649
1650 /* Read the whole QHD */
1651 ehciR3ReadQTD(pDevIns, GCPhys, &qtd);
1652 if (GCPhys != GCPhysHead)
1653 ehciR3DumpSingleQTD(GCPhys, &qtd, "-A");
1654
1655 if (!fList || qtd.AltNext.Terminate || !qtd.AltNext.Pointer || qtd.Token.Bits.Halted || !qtd.Token.Bits.Active)
1656 break;
1657
1658 /* next */
1659 if (GCPhys == ((RTGCPHYS)qtd.AltNext.Pointer << EHCI_TD_PTR_SHIFT))
1660 break; /* detect if list item is self-cycled. */
1661
1662 GCPhys = (RTGCPHYS)qtd.AltNext.Pointer << EHCI_TD_PTR_SHIFT;
1663
1664 if (GCPhys == GCPhysHead)
1665 break;
1666
1667 /* If we ran too many iterations, the list must be looping in on itself.
1668 * On a real controller loops wouldn't be fatal, as it will eventually
1669 * run out of time in the micro-frame.
1670 */
1671 if (++iterations == 128)
1672 {
1673 LogFunc(("Too many iterations, exiting!\n"));
1674 break;
1675 }
1676 }
1677}
1678
1679/**
1680 * Dumps a QHD list. LOG_ENABLED builds only.
1681 */
1682DECLINLINE(void) ehciR3DumpQH(PPDMDEVINS pDevIns, RTGCPHYS GCPhysHead, bool fList)
1683{
1684 EHCI_QHD qhd;
1685 RTGCPHYS GCPhys = GCPhysHead;
1686 unsigned iterations = 0;
1687
1688 Log2((" QH: %RGp={", GCPhys));
1689
1690 /* Read the whole QHD */
1691 ehciR3ReadQHD(pDevIns, GCPhys, &qhd);
1692
1693 Log2(("HorzLnk=%RGp Typ=%u T=%u Addr=%x EndPt=%x Speed=%x MaxSize=%x NAK=%d C=%d RH=%d I=%d}\n",
1694 ((RTGCPHYS)qhd.Next.Pointer << EHCI_TD_PTR_SHIFT), qhd.Next.Type, qhd.Next.Terminate,
1695 qhd.Characteristics.DeviceAddress, qhd.Characteristics.EndPt, qhd.Characteristics.EndPtSpeed,
1696 qhd.Characteristics.MaxLength, qhd.Characteristics.NakCountReload, qhd.Characteristics.ControlEPFlag,
1697 qhd.Characteristics.HeadReclamation, qhd.Characteristics.InActiveNext));
1698 Log2((" Caps: Port=%x Hub=%x Multi=%x CMask=%x SMask=%x\n", qhd.Caps.Port, qhd.Caps.HubAddress,
1699 qhd.Caps.Mult, qhd.Caps.CMask, qhd.Caps.SMask));
1700 Log2((" CurrPtr=%RGp Next=%RGp T=%d AltNext=%RGp T=%d\n",
1701 ((RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT),
1702 ((RTGCPHYS)qhd.Overlay.OrgQTD.Next.Pointer << EHCI_TD_PTR_SHIFT), qhd.Overlay.OrgQTD.Next.Terminate,
1703 ((RTGCPHYS)qhd.Overlay.OrgQTD.AltNext.Pointer << EHCI_TD_PTR_SHIFT), qhd.Overlay.OrgQTD.AltNext.Terminate));
1704 ehciR3DumpSingleQTD((RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT, &qhd.Overlay.OrgQTD, "");
1705 ehciR3DumpQTD(pDevIns, (RTGCPHYS)qhd.Overlay.OrgQTD.Next.Pointer << EHCI_TD_PTR_SHIFT, true);
1706
1707 Assert(qhd.Next.Pointer || qhd.Next.Terminate);
1708 if ( !fList
1709 || qhd.Next.Terminate
1710 || !qhd.Next.Pointer)
1711 return;
1712
1713 for (;;)
1714 {
1715 /* Read the next pointer */
1716 EHCI_TD_PTR ptr;
1717 ehciR3ReadTDPtr(pDevIns, GCPhys, &ptr);
1718
1719 AssertMsg(ptr.Type == EHCI_DESCRIPTOR_QH, ("Unexpected pointer to type %d\n", ptr.Type));
1720 Assert(ptr.Pointer || ptr.Terminate);
1721 if ( ptr.Terminate
1722 || !ptr.Pointer
1723 || ptr.Type != EHCI_DESCRIPTOR_QH)
1724 break;
1725
1726 /* next */
1727 if (GCPhys == ((RTGCPHYS)ptr.Pointer << EHCI_TD_PTR_SHIFT))
1728 break; /* Looping on itself. Bad guest! */
1729
1730 GCPhys = (RTGCPHYS)ptr.Pointer << EHCI_TD_PTR_SHIFT;
1731 if (GCPhys == GCPhysHead)
1732 break; /* break the loop */
1733
1734 ehciR3DumpQH(pDevIns, GCPhys, false);
1735
1736 /* And again, if we ran too many iterations, the list must be looping on itself.
1737 * Just quit.
1738 */
1739 if (++iterations == 64)
1740 {
1741 LogFunc(("Too many iterations, exiting!\n"));
1742 break;
1743 }
1744 }
1745}
1746
1747/**
1748 * Dumps an ITD list. LOG_ENABLED builds only.
1749 */
1750DECLINLINE(void) ehciR3DumpITD(PPDMDEVINS pDevIns, RTGCPHYS GCPhysHead, bool fList)
1751{
1752 RTGCPHYS GCPhys = GCPhysHead;
1753 unsigned iterations = 0;
1754
1755 for (;;)
1756 {
1757 Log2((" ITD: %RGp={", GCPhys));
1758
1759 /* Read the whole ITD */
1760 EHCI_ITD_PAD PaddedItd;
1761 PEHCI_ITD pItd = &PaddedItd.itd;
1762 ehciR3ReadItd(pDevIns, GCPhys, &PaddedItd);
1763
1764 Log2(("Addr=%x EndPt=%x Dir=%s MaxSize=%x Mult=%d}\n", pItd->Buffer.Misc.DeviceAddress, pItd->Buffer.Misc.EndPt, (pItd->Buffer.Misc.DirectionIn) ? "in" : "out", pItd->Buffer.Misc.MaxPacket, pItd->Buffer.Misc.Multi));
1765 for (unsigned i=0;i<RT_ELEMENTS(pItd->Transaction);i++)
1766 {
1767 if (pItd->Transaction[i].Active)
1768 {
1769 Log2(("T%d Len=%x Offset=%x PG=%d IOC=%d Buffer=%x\n", i, pItd->Transaction[i].Length, pItd->Transaction[i].Offset, pItd->Transaction[i].PG, pItd->Transaction[i].IOC,
1770 (RTGCPHYS)pItd->Buffer.Buffer[pItd->Transaction[i].PG].Pointer << EHCI_BUFFER_PTR_SHIFT));
1771 }
1772 }
1773 Assert(pItd->Next.Pointer || pItd->Next.Terminate);
1774 if (!fList || pItd->Next.Terminate || !pItd->Next.Pointer)
1775 break;
1776
1777 /* And again, if we ran too many iterations, the list must be looping on itself.
1778 * Just quit.
1779 */
1780 if (++iterations == 128)
1781 {
1782 LogFunc(("Too many iterations, exiting!\n"));
1783 break;
1784 }
1785
1786 /* next */
1787 GCPhys = (RTGCPHYS)pItd->Next.Pointer << EHCI_TD_PTR_SHIFT;
1788 }
1789}
1790
1791/**
1792 * Dumps a periodic list. LOG_ENABLED builds only.
1793 */
1794DECLINLINE(void) ehciR3DumpPeriodicList(PPDMDEVINS pDevIns, RTGCPHYS GCPhysHead, const char *pszMsg, bool fTDs)
1795{
1796 RT_NOREF(fTDs);
1797 RTGCPHYS GCPhys = GCPhysHead;
1798 unsigned iterations = 0;
1799
1800 if (pszMsg)
1801 Log2(("%s:", pszMsg));
1802
1803 for (;;)
1804 {
1805 EHCI_FRAME_LIST_PTR FramePtr;
1806
1807 /* ED */
1808 Log2((" %RGp={", GCPhys));
1809 if (!GCPhys)
1810 {
1811 Log2(("END}\n"));
1812 return;
1813 }
1814
1815 /* Frame list pointer */
1816 ehciR3ReadFrameListPtr(pDevIns, GCPhys, &FramePtr);
1817 if (FramePtr.Terminate)
1818 {
1819 Log2(("[Terminate]}\n"));
1820 }
1821 else
1822 {
1823 RTGCPHYS GCPhys1 = (RTGCPHYS)FramePtr.FrameAddr << EHCI_FRAME_LIST_NEXTPTR_SHIFT;
1824 switch (FramePtr.Type)
1825 {
1826 case EHCI_DESCRIPTOR_ITD:
1827 Log2(("[ITD]}\n"));
1828 ehciR3DumpITD(pDevIns, GCPhys1, false);
1829 break;
1830 case EHCI_DESCRIPTOR_SITD:
1831 Log2(("[SITD]}\n"));
1832 ehciR3DumpSITD(pDevIns, GCPhys1, false);
1833 break;
1834 case EHCI_DESCRIPTOR_QH:
1835 Log2(("[QH]}\n"));
1836 ehciR3DumpQH(pDevIns, GCPhys1, false);
1837 break;
1838 case EHCI_DESCRIPTOR_FSTN:
1839 Log2(("[FSTN]}\n"));
1840 ehciR3DumpFSTN(pDevIns, GCPhys1, false);
1841 break;
1842 }
1843 }
1844
1845 /* Same old. If we ran too many iterations, the list must be looping on itself.
1846 * Just quit.
1847 */
1848 if (++iterations == 128)
1849 {
1850 LogFunc(("Too many iterations, exiting!\n"));
1851 break;
1852 }
1853
1854 /* next */
1855 GCPhys = GCPhys + sizeof(FramePtr);
1856 }
1857}
1858
1859#endif /* LOG_ENABLED */
1860
1861
1862DECLINLINE(int) ehciR3InFlightFindFree(PEHCICC pThisCC, const int iStart)
1863{
1864 unsigned i = iStart;
1865 while (i < RT_ELEMENTS(pThisCC->aInFlight)) {
1866 if (pThisCC->aInFlight[i].pUrb == NULL)
1867 return i;
1868 i++;
1869 }
1870 i = iStart;
1871 while (i-- > 0) {
1872 if (pThisCC->aInFlight[i].pUrb == NULL)
1873 return i;
1874 }
1875 return -1;
1876}
1877
1878
1879/**
1880 * Record an in-flight TD.
1881 *
1882 * @param pThis EHCI instance data, shared edition.
1883 * @param pThisCC EHCI instance data, ring-3 edition.
1884 * @param GCPhysTD Physical address of the TD.
1885 * @param pUrb The URB.
1886 */
1887static void ehciR3InFlightAdd(PEHCI pThis, PEHCICC pThisCC, RTGCPHYS GCPhysTD, PVUSBURB pUrb)
1888{
1889 int i = ehciR3InFlightFindFree(pThisCC, (GCPhysTD >> 4) % RT_ELEMENTS(pThisCC->aInFlight));
1890 if (i >= 0)
1891 {
1892#ifdef LOG_ENABLED
1893 pUrb->pHci->u32FrameNo = pThis->HcFmNumber;
1894#endif
1895 pThisCC->aInFlight[i].GCPhysTD = GCPhysTD;
1896 pThisCC->aInFlight[i].pUrb = pUrb;
1897 pThisCC->cInFlight++;
1898 return;
1899 }
1900 AssertMsgFailed(("Out of space cInFlight=%d!\n", pThisCC->cInFlight));
1901 RT_NOREF(pThis);
1902}
1903
1904
1905/**
1906 * Record in-flight TDs for an URB.
1907 *
1908 * @param pThis EHCI instance data, shared edition.
1909 * @param pThisCC EHCI instance data, ring-3 edition.
1910 * @param pUrb The URB.
1911 */
1912static void ehciR3InFlightAddUrb(PEHCI pThis, PEHCICC pThisCC, PVUSBURB pUrb)
1913{
1914 for (unsigned iTd = 0; iTd < pUrb->pHci->cTds; iTd++)
1915 ehciR3InFlightAdd(pThis, pThisCC, pUrb->paTds[iTd].TdAddr, pUrb);
1916}
1917
1918
1919/**
1920 * Finds a in-flight TD.
1921 *
1922 * @returns Index of the record.
1923 * @returns -1 if not found.
1924 * @param pThisCC EHCI instance data, ring-3 edition.
1925 * @param GCPhysTD Physical address of the TD.
1926 * @remark This has to be fast.
1927 */
1928static int ehciR3InFlightFind(PEHCICC pThisCC, RTGCPHYS GCPhysTD)
1929{
1930 unsigned cLeft = pThisCC->cInFlight;
1931 unsigned i = (GCPhysTD >> 4) % RT_ELEMENTS(pThisCC->aInFlight);
1932 const int iLast = i;
1933 while (i < RT_ELEMENTS(pThisCC->aInFlight)) {
1934 if (pThisCC->aInFlight[i].GCPhysTD == GCPhysTD && pThisCC->aInFlight[i].pUrb)
1935 return i;
1936 if (pThisCC->aInFlight[i].pUrb)
1937 if (cLeft-- <= 1)
1938 return -1;
1939 i++;
1940 }
1941 i = iLast;
1942 while (i-- > 0) {
1943 if (pThisCC->aInFlight[i].GCPhysTD == GCPhysTD && pThisCC->aInFlight[i].pUrb)
1944 return i;
1945 if (pThisCC->aInFlight[i].pUrb)
1946 if (cLeft-- <= 1)
1947 return -1;
1948 }
1949 return -1;
1950}
1951
1952
1953/**
1954 * Checks if a TD is in-flight.
1955 *
1956 * @returns true if in flight, false if not.
1957 * @param pThisCC EHCI instance data, ring-3 edition.
1958 * @param GCPhysTD Physical address of the TD.
1959 */
1960static bool ehciR3IsTdInFlight(PEHCICC pThisCC, RTGCPHYS GCPhysTD)
1961{
1962 return ehciR3InFlightFind(pThisCC, GCPhysTD) >= 0;
1963}
1964
1965
1966/**
1967 * Removes a in-flight TD.
1968 *
1969 * @returns 0 if found. For logged builds this is the number of frames the TD has been in-flight.
1970 * @returns -1 if not found.
1971 * @param pThis EHCI instance data, shared edition.
1972 * @param pThisCC EHCI instance data, ring-3 edition.
1973 * @param GCPhysTD Physical address of the TD.
1974 */
1975static int ehciR3InFlightRemove(PEHCI pThis, PEHCICC pThisCC, RTGCPHYS GCPhysTD)
1976{
1977 int i = ehciR3InFlightFind(pThisCC, GCPhysTD);
1978 if (i >= 0)
1979 {
1980#ifdef LOG_ENABLED
1981 const int cFramesInFlight = pThis->HcFmNumber - pThisCC->aInFlight[i].pUrb->pHci->u32FrameNo;
1982#else
1983 const int cFramesInFlight = 0;
1984#endif
1985 Log2Func(("reaping TD=%RGp %d frames (%#010x-%#010x)\n",
1986 GCPhysTD, cFramesInFlight, pThisCC->aInFlight[i].pUrb->pHci->u32FrameNo, pThis->HcFmNumber));
1987 pThisCC->aInFlight[i].GCPhysTD = 0;
1988 pThisCC->aInFlight[i].pUrb = NULL;
1989 pThisCC->cInFlight--;
1990 return cFramesInFlight;
1991 }
1992 AssertMsgFailed(("TD %RGp is not in flight\n", GCPhysTD));
1993 RT_NOREF(pThis);
1994 return -1;
1995}
1996
1997
1998/**
1999 * Removes all TDs associated with a URB from the in-flight tracking.
2000 *
2001 * @returns 0 if found. For logged builds this is the number of frames the TD has been in-flight.
2002 * @returns -1 if not found.
2003 * @param pThis EHCI instance data, shared edition.
2004 * @param pThisCC EHCI instance data, ring-3 edition.
2005 * @param pUrb The URB.
2006 */
2007static int ehciR3InFlightRemoveUrb(PEHCI pThis, PEHCICC pThisCC, PVUSBURB pUrb)
2008{
2009 int cFramesInFlight = ehciR3InFlightRemove(pThis, pThisCC, pUrb->paTds[0].TdAddr);
2010 if (pUrb->pHci->cTds > 1)
2011 {
2012 for (unsigned iTd = 1; iTd < pUrb->pHci->cTds; iTd++)
2013 if (ehciR3InFlightRemove(pThis, pThisCC, pUrb->paTds[iTd].TdAddr) < 0)
2014 cFramesInFlight = -1;
2015 }
2016 return cFramesInFlight;
2017}
2018
2019
2020/**
2021 * Checks that the transport descriptors associated with the URB
2022 * hasn't been changed in any way indicating that they may have been canceled.
2023 *
2024 * This rountine also updates the TD copies contained within the URB.
2025 *
2026 * @returns true if the URB has been canceled, otherwise false.
2027 * @param pThisCC EHCI instance data, ring-3 edition. (For stats.)
2028 * @param pUrb The URB in question.
2029 * @param pItd The ITD pointer.
2030 */
2031static bool ehciR3ItdHasUrbBeenCanceled(PEHCICC pThisCC, PVUSBURB pUrb, PEHCI_ITD pItd)
2032{
2033 RT_NOREF(pThisCC);
2034 Assert(pItd);
2035 if (!pUrb)
2036 return true;
2037
2038 PEHCI_ITD pItdCopy = (PEHCI_ITD)pUrb->paTds[0].TdCopy;
2039
2040 /* Check transactions */
2041 for (unsigned i = 0; i < RT_ELEMENTS(pItd->Transaction); i++)
2042 {
2043 if ( pItd->Transaction[i].Length != pItdCopy->Transaction[i].Length
2044 || pItd->Transaction[i].Offset != pItdCopy->Transaction[i].Offset
2045 || pItd->Transaction[i].PG != pItdCopy->Transaction[i].PG
2046 || pItd->Transaction[i].Active != pItdCopy->Transaction[i].Active)
2047 {
2048 Log(("%s: ehciR3ItdHasUrbBeenCanceled: TdAddr=%RGp canceled! [iso]\n",
2049 pUrb->pszDesc, pUrb->paTds[0].TdAddr));
2050 Log2((" %.*Rhxs (cur)\n"
2051 "!= %.*Rhxs (copy)\n",
2052 sizeof(*pItd), pItd, sizeof(*pItd), &pUrb->paTds[0].TdCopy[0]));
2053 STAM_COUNTER_INC(&pThisCC->StatCanceledIsocUrbs);
2054 return true;
2055 }
2056 }
2057
2058 /* Check misc characteristics */
2059 if ( pItd->Buffer.Misc.DeviceAddress != pItdCopy->Buffer.Misc.DeviceAddress
2060 || pItd->Buffer.Misc.DirectionIn != pItdCopy->Buffer.Misc.DirectionIn
2061 || pItd->Buffer.Misc.EndPt != pItdCopy->Buffer.Misc.EndPt)
2062 {
2063 Log(("%s: ehciR3ItdHasUrbBeenCanceled (misc): TdAddr=%RGp canceled! [iso]\n",
2064 pUrb->pszDesc, pUrb->paTds[0].TdAddr));
2065 Log2((" %.*Rhxs (cur)\n"
2066 "!= %.*Rhxs (copy)\n",
2067 sizeof(*pItd), pItd, sizeof(*pItd), &pUrb->paTds[0].TdCopy[0]));
2068 STAM_COUNTER_INC(&pThisCC->StatCanceledIsocUrbs);
2069 return true;
2070 }
2071
2072 /* Check buffer pointers */
2073 for (unsigned i = 0; i < RT_ELEMENTS(pItd->Buffer.Buffer); i++)
2074 {
2075 if (pItd->Buffer.Buffer[i].Pointer != pItdCopy->Buffer.Buffer[i].Pointer)
2076 {
2077 Log(("%s: ehciR3ItdHasUrbBeenCanceled (buf): TdAddr=%RGp canceled! [iso]\n",
2078 pUrb->pszDesc, pUrb->paTds[0].TdAddr));
2079 Log2((" %.*Rhxs (cur)\n"
2080 "!= %.*Rhxs (copy)\n",
2081 sizeof(*pItd), pItd, sizeof(*pItd), &pUrb->paTds[0].TdCopy[0]));
2082 STAM_COUNTER_INC(&pThisCC->StatCanceledIsocUrbs);
2083 return true;
2084 }
2085 }
2086 return false;
2087}
2088
2089/**
2090 * Checks that the transport descriptors associated with the URB
2091 * hasn't been changed in any way indicating that they may have been canceled.
2092 *
2093 * This rountine also updates the TD copies contained within the URB.
2094 *
2095 * @returns true if the URB has been canceled, otherwise false.
2096 * @param pThisCC EHCI instance data, ring-3 edition. (For stats.)
2097 * @param pUrb The URB in question.
2098 * @param pQhd The QHD pointer
2099 * @param pQtd The QTD pointer
2100 */
2101static bool ehciR3QhdHasUrbBeenCanceled(PEHCICC pThisCC, PVUSBURB pUrb, PEHCI_QHD pQhd, PEHCI_QTD pQtd)
2102{
2103 RT_NOREF(pQhd, pThisCC);
2104 Assert(pQhd && pQtd);
2105 if ( !pUrb
2106 || !ehciR3IsTdInFlight(pThisCC, pUrb->paTds[0].TdAddr))
2107 return true;
2108
2109 PEHCI_QTD pQtdCopy = (PEHCI_QTD)pUrb->paTds[0].TdCopy;
2110
2111 if ( pQtd->Token.Bits.Length != pQtdCopy->Token.Bits.Length
2112 || pQtd->Token.Bits.Active != pQtdCopy->Token.Bits.Active
2113 || pQtd->Token.Bits.DataToggle != pQtdCopy->Token.Bits.DataToggle
2114 || pQtd->Token.Bits.CurrentPage != pQtdCopy->Token.Bits.CurrentPage
2115 || pQtd->Token.Bits.PID != pQtdCopy->Token.Bits.PID
2116 || pQtd->Buffer.Offset.Offset != pQtdCopy->Buffer.Offset.Offset)
2117 {
2118 Log(("%s: ehciQtdHasUrbBeenCanceled: TdAddr=%RGp canceled! [iso]\n",
2119 pUrb->pszDesc, pUrb->paTds[0].TdAddr));
2120 Log2((" %.*Rhxs (cur)\n"
2121 "!= %.*Rhxs (copy)\n",
2122 sizeof(*pQtd), pQtd, sizeof(*pQtd), &pUrb->paTds[0].TdCopy[0]));
2123 STAM_COUNTER_INC(&pThisCC->StatCanceledGenUrbs);
2124 return true;
2125 }
2126
2127
2128 /* Check buffer pointers */
2129 for (unsigned i = 0; i < RT_ELEMENTS(pQtd->Buffer.Buffer); i++)
2130 {
2131 if (pQtd->Buffer.Buffer[i].Pointer != pQtdCopy->Buffer.Buffer[i].Pointer)
2132 {
2133 Log(("%s: ehciQtdHasUrbBeenCanceled (buf): TdAddr=%RGp canceled! [iso]\n",
2134 pUrb->pszDesc, pUrb->paTds[0].TdAddr));
2135 Log2((" %.*Rhxs (cur)\n"
2136 "!= %.*Rhxs (copy)\n",
2137 sizeof(*pQtd), pQtd, sizeof(*pQtd), &pUrb->paTds[0].TdCopy[0]));
2138 STAM_COUNTER_INC(&pThisCC->StatCanceledGenUrbs);
2139 return true;
2140 }
2141 }
2142
2143 return false;
2144}
2145
2146/**
2147 * Set the ITD status bits acorresponding to the VUSB status code.
2148 *
2149 * @param enmStatus The VUSB status code.
2150 * @param pItdStatus ITD status pointer
2151 */
2152static void ehciR3VUsbStatus2ItdStatus(VUSBSTATUS enmStatus, EHCI_ITD_TRANSACTION *pItdStatus)
2153{
2154 switch (enmStatus)
2155 {
2156 case VUSBSTATUS_OK:
2157 pItdStatus->TransactError = 0;
2158 pItdStatus->DataBufError = 0;
2159 break; /* make sure error bits are cleared */
2160 case VUSBSTATUS_STALL:
2161 case VUSBSTATUS_DNR:
2162 case VUSBSTATUS_CRC:
2163 pItdStatus->TransactError = 1;
2164 break;
2165 case VUSBSTATUS_DATA_UNDERRUN:
2166 case VUSBSTATUS_DATA_OVERRUN:
2167 pItdStatus->DataBufError = 1;
2168 break;
2169 case VUSBSTATUS_NOT_ACCESSED:
2170 Log(("pUrb->enmStatus=VUSBSTATUS_NOT_ACCESSED!!!\n"));
2171 break; /* can't signal this other than setting the length to 0 */
2172 default:
2173 Log(("pUrb->enmStatus=%#x!!!\n", enmStatus));
2174 break;;
2175 }
2176}
2177
2178/**
2179 * Set the QTD status bits acorresponding to the VUSB status code.
2180 *
2181 * @param enmStatus The VUSB status code.
2182 * @param pQtdStatus QTD status pointer
2183 */
2184static void ehciR3VUsbStatus2QtdStatus(VUSBSTATUS enmStatus, EHCI_QTD_TOKEN *pQtdStatus)
2185{
2186 /** @todo CERR */
2187 switch (enmStatus)
2188 {
2189 case VUSBSTATUS_OK:
2190 break; /* nothing to do */
2191 case VUSBSTATUS_STALL:
2192 pQtdStatus->Halted = 1;
2193 pQtdStatus->Active = 0;
2194 break; /* not an error! */
2195 case VUSBSTATUS_DNR:
2196 case VUSBSTATUS_CRC:
2197 pQtdStatus->TransactError = 1;
2198 break;
2199 case VUSBSTATUS_DATA_UNDERRUN:
2200 case VUSBSTATUS_DATA_OVERRUN:
2201 pQtdStatus->DataBufError = 1;
2202 break;
2203 case VUSBSTATUS_NOT_ACCESSED:
2204 Log(("pUrb->enmStatus=VUSBSTATUS_NOT_ACCESSED!!!\n"));
2205 break; /* can't signal this */
2206 default:
2207 Log(("pUrb->enmStatus=%#x!!!\n", enmStatus));
2208 break;;
2209 }
2210}
2211
2212
2213/**
2214 * Heuristic to determine the transfer type
2215 *
2216 * @returns transfer type
2217 * @param pQhd Queue head pointer
2218 */
2219static VUSBXFERTYPE ehciR3QueryTransferType(PEHCI_QHD pQhd)
2220{
2221 /* If it's EP0, we know what it is. */
2222 if (!pQhd->Characteristics.EndPt)
2223 return VUSBXFERTYPE_CTRL;
2224
2225 /* Non-zero SMask implies interrupt transfer. */
2226 if (pQhd->Caps.SMask)
2227 return VUSBXFERTYPE_INTR;
2228
2229 /* For non-HS EPs, control endpoints are clearly marked. */
2230 if ( pQhd->Characteristics.ControlEPFlag
2231 && pQhd->Characteristics.EndPtSpeed != EHCI_QHD_EPT_SPEED_HIGH)
2232 return VUSBXFERTYPE_CTRL;
2233
2234 /* If we still don't know, it's guesswork from now on. */
2235
2236 /* 64 likely indicates an interrupt transfer (see @bugref{8314})*/
2237 if (pQhd->Characteristics.MaxLength == 64)
2238 return VUSBXFERTYPE_INTR;
2239
2240 /* At this point we hope it's a bulk transfer with max packet size of 512. */
2241 Assert(pQhd->Characteristics.MaxLength == 512);
2242 return VUSBXFERTYPE_BULK;
2243}
2244
2245/**
2246 * Worker for ehciR3RhXferCompletion that handles the completion of
2247 * a URB made up of isochronous TDs.
2248 *
2249 * In general, all URBs should have status OK.
2250 */
2251static void ehciR3RhXferCompleteITD(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC, PVUSBURB pUrb)
2252{
2253 /* Read the whole ITD */
2254 EHCI_ITD_PAD PaddedItd;
2255 PEHCI_ITD pItd = &PaddedItd.itd;
2256 ehciR3ReadItd(pDevIns, pUrb->paTds[0].TdAddr, &PaddedItd);
2257
2258 /*
2259 * Check that the URB hasn't been canceled and then try unlink the TDs.
2260 *
2261 * We drop the URB if the ED is marked halted/skip ASSUMING that this
2262 * means the HCD has canceled the URB.
2263 *
2264 * If we succeed here (i.e. not dropping the URB), the TdCopy members will
2265 * be updated but not yet written. We will delay the writing till we're done
2266 * with the data copying, buffer pointer advancing and error handling.
2267 */
2268 bool fHasBeenCanceled = false;
2269 int cFmAge = ehciR3InFlightRemoveUrb(pThis, pThisCC, pUrb);
2270 if ( cFmAge < 0
2271 || (fHasBeenCanceled = ehciR3ItdHasUrbBeenCanceled(pThisCC, pUrb, pItd))
2272 )
2273 {
2274 Log(("%s: ehciR3RhXferCompleteITD: DROPPED {ITD=%RGp cTds=%d TD0=%RGp age %d} because:%s%s!!!\n",
2275 pUrb->pszDesc, pUrb->pHci->EdAddr, pUrb->pHci->cTds, pUrb->paTds[0].TdAddr, cFmAge,
2276 cFmAge < 0 ? " td not-in-flight" : "",
2277 fHasBeenCanceled ? " td canceled" : ""));
2278 NOREF(fHasBeenCanceled);
2279 STAM_COUNTER_INC(&pThisCC->StatDroppedUrbs);
2280 return;
2281 }
2282
2283 bool fIOC = false, fError = false;
2284
2285 /*
2286 * Copy the data back (if IN operation) and update the TDs.
2287 */
2288 if (pUrb->enmStatus == VUSBSTATUS_OK)
2289 {
2290 for (unsigned i = 0; i < pUrb->cIsocPkts; i++)
2291 {
2292 ehciR3VUsbStatus2ItdStatus(pUrb->aIsocPkts[i].enmStatus, &pItd->Transaction[i]);
2293 if (pItd->Transaction[i].IOC)
2294 fIOC = true;
2295
2296 if ( pUrb->enmDir == VUSBDIRECTION_IN
2297 && ( pUrb->aIsocPkts[i].enmStatus == VUSBSTATUS_OK
2298 || pUrb->aIsocPkts[i].enmStatus == VUSBSTATUS_DATA_UNDERRUN
2299 || pUrb->aIsocPkts[i].enmStatus == VUSBSTATUS_DATA_OVERRUN))
2300 {
2301 Assert(pItd->Transaction[i].Active);
2302
2303 if (pItd->Transaction[i].Active)
2304 {
2305 const unsigned pg = pItd->Transaction[i].PG;
2306 const unsigned cb = pUrb->aIsocPkts[i].cb;
2307 pItd->Transaction[i].Length = cb; /* Set the actual size. */
2308 /* Copy data. */
2309 if (cb)
2310 {
2311 uint8_t *pb = &pUrb->abData[pUrb->aIsocPkts[i].off];
2312
2313 RTGCPHYS GCPhysBuf = (RTGCPHYS)pItd->Buffer.Buffer[pg].Pointer << EHCI_BUFFER_PTR_SHIFT;
2314 GCPhysBuf += pItd->Transaction[i].Offset;
2315
2316 /* If the transfer would cross page boundary, use the next sequential PG pointer
2317 * for the second part (section 4.7.1).
2318 */
2319 if (pItd->Transaction[i].Offset + pItd->Transaction[i].Length > GUEST_PAGE_SIZE)
2320 {
2321 unsigned cb1 = GUEST_PAGE_SIZE - pItd->Transaction[i].Offset;
2322 unsigned cb2 = cb - cb1;
2323
2324 ehciPhysWrite(pDevIns, GCPhysBuf, pb, cb1);
2325 if ((pg + 1) >= EHCI_NUM_ITD_PAGES)
2326 LogRelMax(10, ("EHCI: Crossing to undefined page %d in iTD at %RGp on completion.\n", pg + 1, pUrb->paTds[0].TdAddr));
2327
2328 GCPhysBuf = (RTGCPHYS)pItd->Buffer.Buffer[pg + 1].Pointer << EHCI_BUFFER_PTR_SHIFT;
2329 ehciPhysWrite(pDevIns, GCPhysBuf, pb + cb1, cb2);
2330 }
2331 else
2332 ehciPhysWrite(pDevIns, GCPhysBuf, pb, cb);
2333
2334 Log5(("packet %d: off=%#x cb=%#x pb=%p (%#x)\n"
2335 "%.*Rhxd\n",
2336 i, pUrb->aIsocPkts[i].off, cb, pb, pb - &pUrb->abData[0], cb, pb));
2337 }
2338 }
2339 }
2340 pItd->Transaction[i].Active = 0; /* transfer is now officially finished */
2341 } /* for */
2342 }
2343 else
2344 {
2345 LogFunc(("Taking untested code path at line %d...\n", __LINE__));
2346 /*
2347 * Most status codes only apply to the individual packets.
2348 *
2349 * If we get a URB level error code of this kind, we'll distribute
2350 * it to all the packages unless some other status is available for
2351 * a package. This is a bit fuzzy, and we will get rid of this code
2352 * before long!
2353 */
2354 for (unsigned i = 0; i < pUrb->cIsocPkts; i++)
2355 {
2356 if (pItd->Transaction[i].Active)
2357 {
2358 ehciR3VUsbStatus2ItdStatus(pUrb->aIsocPkts[i].enmStatus, &pItd->Transaction[i]);
2359 if (pItd->Transaction[i].IOC)
2360 fIOC = true;
2361
2362 pItd->Transaction[i].Active = 0; /* transfer is now officially finished */
2363 }
2364 }
2365 fError = true;
2366 }
2367
2368 /*
2369 * Write back the modified TD.
2370 */
2371
2372 Log(("%s: ehciR3RhXferCompleteITD: pUrb->paTds[0].TdAddr=%RGp EdAddr=%RGp "
2373 "psw0=%x:%x psw1=%x:%x psw2=%x:%x psw3=%x:%x psw4=%x:%x psw5=%x:%x psw6=%x:%x psw7=%x:%x\n",
2374 pUrb->pszDesc, pUrb->paTds[0].TdAddr,
2375 pUrb->pHci->EdAddr,
2376 pItd->Buffer.Buffer[pItd->Transaction[0].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[0].Length,
2377 pItd->Buffer.Buffer[pItd->Transaction[1].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[1].Length,
2378 pItd->Buffer.Buffer[pItd->Transaction[2].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[2].Length,
2379 pItd->Buffer.Buffer[pItd->Transaction[3].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[3].Length,
2380 pItd->Buffer.Buffer[pItd->Transaction[4].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[4].Length,
2381 pItd->Buffer.Buffer[pItd->Transaction[5].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[5].Length,
2382 pItd->Buffer.Buffer[pItd->Transaction[6].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[6].Length,
2383 pItd->Buffer.Buffer[pItd->Transaction[7].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[7].Length
2384 ));
2385 ehciR3WriteItd(pDevIns, pUrb->paTds[0].TdAddr, pItd);
2386
2387 /*
2388 * Signal an interrupt on the next interrupt threshold when IOC was set for any transaction.
2389 * Both error and completion interrupts may be signaled at the same time (see Table 2.10).
2390 */
2391 if (fError)
2392 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_ERROR_INT);
2393 if (fIOC)
2394 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_THRESHOLD_INT);
2395}
2396
2397
2398/**
2399 * Worker for ehciR3RhXferCompletion that handles the completion of
2400 * a URB made up of queue heads/descriptors
2401 */
2402static void ehciR3RhXferCompleteQH(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC, PVUSBURB pUrb)
2403{
2404 EHCI_QHD qhd;
2405 EHCI_QTD qtd;
2406
2407 /* Read the whole QHD & QTD */
2408 ehciR3ReadQHD(pDevIns, pUrb->pHci->EdAddr, &qhd);
2409 AssertMsg(pUrb->paTds[0].TdAddr == ((RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT),
2410 ("Out of order completion %RGp != %RGp Endpoint=%#x\n", pUrb->paTds[0].TdAddr,
2411 ((RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT), pUrb->EndPt));
2412 ehciR3ReadQTD(pDevIns, (RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT, &qtd);
2413
2414 /*
2415 * Check that the URB hasn't been canceled and then try unlink the TDs.
2416 *
2417 * We drop the URB if the ED is marked halted/skip ASSUMING that this
2418 * means the HCD has canceled the URB.
2419 *
2420 * If we succeed here (i.e. not dropping the URB), the TdCopy members will
2421 * be updated but not yet written. We will delay the writing till we're done
2422 * with the data copying, buffer pointer advancing and error handling.
2423 */
2424 bool fHasBeenCanceled = false;
2425 if ((fHasBeenCanceled = ehciR3QhdHasUrbBeenCanceled(pThisCC, pUrb, &qhd, &qtd)))
2426 {
2427 Log(("%s: ehciRhXferCompletionQH: DROPPED {qTD=%RGp cTds=%d TD0=%RGp} because:%s%s!!!\n",
2428 pUrb->pszDesc, pUrb->pHci->EdAddr, pUrb->pHci->cTds, pUrb->paTds[0].TdAddr,
2429 (pUrb->paTds[0].TdAddr != ((RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT)) ? " curptr changed" : "",
2430 fHasBeenCanceled ? " td canceled" : ""));
2431 NOREF(fHasBeenCanceled);
2432 STAM_COUNTER_INC(&pThisCC->StatDroppedUrbs);
2433
2434 ehciR3InFlightRemoveUrb(pThis, pThisCC, pUrb);
2435 qtd.Token.Bits.Active = 0;
2436 ehciR3QHUpdateOverlay(pDevIns, pThis, pThisCC, &qhd, pUrb->pHci->EdAddr, &qtd);
2437 return;
2438 }
2439 ehciR3InFlightRemoveUrb(pThis, pThisCC, pUrb);
2440
2441 /* Update the status/error bits */
2442 ehciR3VUsbStatus2QtdStatus(pUrb->enmStatus, &qtd.Token.Bits);
2443
2444 /*
2445 * Write back IN buffers.
2446 */
2447 if ( pUrb->enmDir == VUSBDIRECTION_IN
2448 && pUrb->cbData
2449 && ( pUrb->enmStatus == VUSBSTATUS_OK
2450 || pUrb->enmStatus == VUSBSTATUS_DATA_OVERRUN
2451 || pUrb->enmStatus == VUSBSTATUS_DATA_UNDERRUN
2452 )
2453 )
2454 {
2455 unsigned curOffset = 0;
2456 unsigned cbLeft = pUrb->cbData;
2457
2458 for (unsigned i=qtd.Token.Bits.CurrentPage;i<RT_ELEMENTS(qtd.Buffer.Buffer);i++)
2459 {
2460 RTGCPHYS GCPhysBuf;
2461 unsigned cbCurTransfer;
2462
2463 GCPhysBuf = (RTGCPHYS)qtd.Buffer.Buffer[i].Pointer << EHCI_BUFFER_PTR_SHIFT;
2464 if (i == 0)
2465 GCPhysBuf += qtd.Buffer.Offset.Offset;
2466
2467 cbCurTransfer = GUEST_PAGE_SIZE - (GCPhysBuf & GUEST_PAGE_OFFSET_MASK);
2468 cbCurTransfer = RT_MIN(cbCurTransfer, cbLeft);
2469
2470 Log3Func(("packet data for page %d:\n"
2471 "%.*Rhxd\n",
2472 i,
2473 cbCurTransfer, &pUrb->abData[curOffset]));
2474
2475 ehciPhysWrite(pDevIns, GCPhysBuf, &pUrb->abData[curOffset], cbCurTransfer);
2476 curOffset += cbCurTransfer;
2477 cbLeft -= cbCurTransfer;
2478
2479 if (cbLeft == 0)
2480 break;
2481 Assert(cbLeft < qtd.Token.Bits.Length);
2482 }
2483 }
2484
2485 if ( pUrb->cbData
2486 && ( pUrb->enmStatus == VUSBSTATUS_OK
2487 || pUrb->enmStatus == VUSBSTATUS_DATA_OVERRUN
2488 || pUrb->enmStatus == VUSBSTATUS_DATA_UNDERRUN
2489 )
2490 )
2491 {
2492 /* 3.5.3:
2493 * This field specifies the total number of bytes to be moved
2494 * with this transfer descriptor. This field is decremented by the number of bytes actually
2495 * moved during the transaction, only on the successful completion of the transaction
2496 */
2497 Assert(qtd.Token.Bits.Length >= pUrb->cbData);
2498 qtd.Token.Bits.Length -= pUrb->cbData;
2499
2500 /* Data was moved; toggle data toggle bit */
2501 qtd.Token.Bits.DataToggle ^= 1;
2502 }
2503
2504#ifdef LOG_ENABLED
2505 ehciR3DumpSingleQTD(pUrb->paTds[0].TdAddr, &qtd, "");
2506#endif
2507 qtd.Token.Bits.Active = 0; /* transfer is now officially finished */
2508
2509 /*
2510 * Write back the modified TD.
2511 */
2512 Log(("%s: ehciR3RhXferCompleteQH: pUrb->paTds[0].TdAddr=%RGp EdAddr=%RGp\n",
2513 pUrb->pszDesc, pUrb->paTds[0].TdAddr,
2514 pUrb->pHci->EdAddr));
2515
2516 ehciR3WriteQTD(pDevIns, pUrb->paTds[0].TdAddr, &qtd);
2517
2518 ehciR3QHUpdateOverlay(pDevIns, pThis, pThisCC, &qhd, pUrb->pHci->EdAddr, &qtd);
2519
2520 /*
2521 * Signal an interrupt on the next interrupt threshold when IOC was set for any transaction.
2522 * Both error and completion interrupts may be signaled at the same time (see Table 2.10).
2523 */
2524 if (EHCI_QTD_HAS_ERROR(&qtd.Token.Bits))
2525 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_ERROR_INT);
2526
2527 bool fIOC = false;
2528 if (qtd.Token.Bits.IOC) {
2529 fIOC = true;
2530 Log2Func(("Interrupting, IOC set\n"));
2531 } else if (qtd.Token.Bits.Length && (qtd.Token.Bits.PID == EHCI_QTD_PID_IN)) {
2532 fIOC = true; /* See 4.10.8 */
2533 Log2Func(("Interrupting, short IN packet\n"));
2534 }
2535 if (fIOC)
2536 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_THRESHOLD_INT);
2537}
2538
2539
2540/**
2541 * Transfer completion callback routine.
2542 *
2543 * VUSB will call this when a transfer have been completed
2544 * in a one or another way.
2545 *
2546 * @param pInterface Pointer to EHCI::ROOTHUB::IRhPort.
2547 * @param pUrb Pointer to the URB in question.
2548 */
2549static DECLCALLBACK(void) ehciR3RhXferCompletion(PVUSBIROOTHUBPORT pInterface, PVUSBURB pUrb)
2550{
2551 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.IRhPort);
2552 PPDMDEVINS pDevIns = pThisCC->pDevIns;
2553 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
2554
2555 LogFlow(("%s: ehciR3RhXferCompletion: EdAddr=%RGp cTds=%d TdAddr0=%RGp\n",
2556 pUrb->pszDesc, pUrb->pHci->EdAddr, pUrb->pHci->cTds, pUrb->paTds[0].TdAddr));
2557 LogFlow(("%s: ehciR3RhXferCompletion: cbData=%x status=%x\n", pUrb->pszDesc, pUrb->cbData, pUrb->enmStatus));
2558
2559 Assert(pUrb->pHci->cTds == 1);
2560
2561 RTCritSectEnter(&pThisCC->CritSect);
2562 pThisCC->fIdle = false; /* Mark as active */
2563
2564 switch (pUrb->paTds[0].TdType)
2565 {
2566 case EHCI_DESCRIPTOR_QH:
2567 ehciR3RhXferCompleteQH(pDevIns, pThis, pThisCC, pUrb);
2568 break;
2569
2570 case EHCI_DESCRIPTOR_ITD:
2571 ehciR3RhXferCompleteITD(pDevIns, pThis, pThisCC, pUrb);
2572 break;
2573
2574 case EHCI_DESCRIPTOR_SITD:
2575 case EHCI_DESCRIPTOR_FSTN:
2576 AssertFailed();
2577 break;
2578 }
2579
2580 ehciR3CalcTimerIntervals(pThis, pThisCC, pThisCC->uFrameRateDefault);
2581 RTCritSectLeave(&pThisCC->CritSect);
2582 RTSemEventMultiSignal(pThisCC->hSemEventFrame);
2583}
2584
2585/**
2586 * Worker for ehciR3RhXferError that handles the error case of
2587 * a URB made up of queue heads/descriptors
2588 *
2589 * @returns true if the URB should be retired.
2590 * @returns false if the URB should be retried.
2591 * @param pDevIns The device instance.
2592 * @param pThisCC EHCI instance data, ring-3 edition. (For stats.)
2593 * @param pUrb Pointer to the URB in question.
2594 */
2595static bool ehciR3RhXferErrorQH(PPDMDEVINS pDevIns, PEHCICC pThisCC, PVUSBURB pUrb)
2596{
2597 EHCI_QHD qhd;
2598 EHCI_QTD qtd;
2599
2600 /* Read the whole QHD & QTD */
2601 ehciR3ReadQHD(pDevIns, pUrb->pHci->EdAddr, &qhd);
2602 Assert(pUrb->paTds[0].TdAddr == ((RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT));
2603 ehciR3ReadQTD(pDevIns, (RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT, &qtd);
2604
2605 /*
2606 * Check if the TDs still are valid.
2607 * This will make sure the TdCopy is up to date.
2608 */
2609 /** @todo IMPORTANT! we must check if the ED is still valid at this point!!! */
2610 if (ehciR3QhdHasUrbBeenCanceled(pThisCC, pUrb, &qhd, &qtd))
2611 {
2612 Log(("%s: ehciR3RhXferError: TdAddr0=%RGp canceled!\n", pUrb->pszDesc, pUrb->paTds[0].TdAddr));
2613 return true;
2614 }
2615 return true;
2616}
2617
2618/**
2619 * Handle transfer errors.
2620 *
2621 * VUSB calls this when a transfer attempt failed. This function will respond
2622 * indicating whether to retry or complete the URB with failure.
2623 *
2624 * @returns true if the URB should be retired.
2625 * @returns false if the URB should be retried.
2626 * @param pInterface Pointer to EHCI::ROOTHUB::IRhPort.
2627 * @param pUrb Pointer to the URB in question.
2628 */
2629static DECLCALLBACK(bool) ehciR3RhXferError(PVUSBIROOTHUBPORT pInterface, PVUSBURB pUrb)
2630{
2631 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.IRhPort);
2632 PPDMDEVINS pDevIns = pThisCC->pDevIns;
2633 bool fRetire = false;
2634
2635 RTCritSectEnter(&pThisCC->CritSect);
2636 /*
2637 * Don't retry on stall.
2638 */
2639 if (pUrb->enmStatus == VUSBSTATUS_STALL)
2640 {
2641 Log2(("%s: ehciR3RhXferError: STALL, giving up.\n", pUrb->pszDesc));
2642 fRetire = true;
2643 }
2644 else
2645 {
2646 switch (pUrb->paTds[0].TdType)
2647 {
2648 case EHCI_DESCRIPTOR_QH:
2649 {
2650 fRetire = ehciR3RhXferErrorQH(pDevIns, pThisCC, pUrb);
2651 break;
2652 }
2653
2654 /*
2655 * Isochronous URBs can't be retried.
2656 */
2657 case EHCI_DESCRIPTOR_ITD:
2658 case EHCI_DESCRIPTOR_SITD:
2659 case EHCI_DESCRIPTOR_FSTN:
2660 default:
2661 fRetire = true;
2662 break;
2663 }
2664 }
2665
2666 RTCritSectLeave(&pThisCC->CritSect);
2667 return fRetire;
2668}
2669
2670/**
2671 * A worker for ehciR3ServiceQTD which submits the specified TD.
2672 *
2673 * @returns true on success.
2674 * @returns false on failure to submit.
2675 */
2676static bool ehciR3SubmitQTD(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC, RTGCPHYS GCPhysQHD,
2677 PEHCI_QHD pQhd, RTGCPHYS GCPhysQTD, PEHCI_QTD pQtd, const unsigned iFrame)
2678{
2679 /*
2680 * Determine the endpoint direction.
2681 */
2682 VUSBDIRECTION enmDir;
2683 switch(pQtd->Token.Bits.PID)
2684 {
2685 case EHCI_QTD_PID_OUT:
2686 enmDir = VUSBDIRECTION_OUT;
2687 break;
2688 case EHCI_QTD_PID_IN:
2689 enmDir = VUSBDIRECTION_IN;
2690 break;
2691 case EHCI_QTD_PID_SETUP:
2692 enmDir = VUSBDIRECTION_SETUP;
2693 break;
2694 default:
2695 return false;
2696 }
2697
2698 VUSBXFERTYPE enmType;
2699
2700 enmType = ehciR3QueryTransferType(pQhd);
2701
2702 pThisCC->fIdle = false; /* Mark as active */
2703
2704 /*
2705 * Allocate and initialize the URB.
2706 */
2707 PVUSBURB pUrb = VUSBIRhNewUrb(pThisCC->RootHub.pIRhConn, pQhd->Characteristics.DeviceAddress, VUSB_DEVICE_PORT_INVALID,
2708 enmType, enmDir, pQtd->Token.Bits.Length, 1, NULL);
2709 if (!pUrb)
2710 /* retry later... */
2711 return false;
2712
2713 pUrb->EndPt = pQhd->Characteristics.EndPt;
2714 pUrb->fShortNotOk = (enmDir != VUSBDIRECTION_IN); /** @todo ??? */
2715 pUrb->enmStatus = VUSBSTATUS_OK;
2716 pUrb->pHci->cTds = 1;
2717 pUrb->pHci->EdAddr = GCPhysQHD;
2718 pUrb->pHci->fUnlinked = false;
2719 pUrb->pHci->u32FrameNo = iFrame;
2720 pUrb->paTds[0].TdAddr = GCPhysQTD;
2721 pUrb->paTds[0].TdType = EHCI_DESCRIPTOR_QH;
2722 AssertCompile(sizeof(pUrb->paTds[0].TdCopy) >= sizeof(*pQtd));
2723 memcpy(pUrb->paTds[0].TdCopy, pQtd, sizeof(*pQtd));
2724#if 0 /* color the data */
2725 memset(pUrb->abData, 0xfe, cbTotal);
2726#endif
2727
2728 /* copy the data */
2729 if ( pQtd->Token.Bits.Length
2730 && enmDir != VUSBDIRECTION_IN)
2731 {
2732 unsigned curOffset = 0;
2733 unsigned cbTransfer = pQtd->Token.Bits.Length;
2734
2735 for (unsigned i=pQtd->Token.Bits.CurrentPage;i<RT_ELEMENTS(pQtd->Buffer.Buffer);i++)
2736 {
2737 RTGCPHYS GCPhysBuf;
2738 unsigned cbCurTransfer;
2739
2740 GCPhysBuf = (RTGCPHYS)pQtd->Buffer.Buffer[i].Pointer << EHCI_BUFFER_PTR_SHIFT;
2741 if (i == 0)
2742 GCPhysBuf += pQtd->Buffer.Offset.Offset;
2743
2744 cbCurTransfer = GUEST_PAGE_SIZE - (GCPhysBuf & GUEST_PAGE_OFFSET_MASK);
2745 cbCurTransfer = RT_MIN(cbCurTransfer, cbTransfer);
2746
2747 ehciPhysRead(pDevIns, GCPhysBuf, &pUrb->abData[curOffset], cbCurTransfer);
2748
2749 Log3Func(("packet data:\n"
2750 "%.*Rhxd\n",
2751 cbCurTransfer, &pUrb->abData[curOffset]));
2752
2753 curOffset += cbCurTransfer;
2754 cbTransfer -= cbCurTransfer;
2755
2756 if (cbTransfer == 0)
2757 break;
2758 Assert(cbTransfer < pQtd->Token.Bits.Length);
2759 }
2760 }
2761
2762 /*
2763 * Submit the URB.
2764 */
2765 ehciR3InFlightAddUrb(pThis, pThisCC, pUrb);
2766 Log(("%s: ehciSubmitQtd: QtdAddr=%RGp GCPhysQHD=%RGp cbData=%#x\n",
2767 pUrb->pszDesc, GCPhysQTD, GCPhysQHD, pUrb->cbData));
2768 RTCritSectLeave(&pThisCC->CritSect);
2769 int rc = VUSBIRhSubmitUrb(pThisCC->RootHub.pIRhConn, pUrb, &pThisCC->RootHub.Led);
2770 RTCritSectEnter(&pThisCC->CritSect);
2771 if (RT_SUCCESS(rc))
2772 return true;
2773
2774 /* Failure cleanup. Can happen if we're still resetting the device or out of resources. */
2775 LogFunc(("failed GCPhysQtd=%RGp GCPhysQHD=%RGp pUrb=%p!!\n",
2776 GCPhysQTD, GCPhysQHD, pUrb));
2777 ehciR3InFlightRemove(pThis, pThisCC, GCPhysQTD);
2778
2779 /* Also mark the QH as halted and inactive and write back the changes. */
2780 pQhd->Overlay.OrgQTD.Token.Bits.Active = 0;
2781 pQhd->Overlay.OrgQTD.Token.Bits.Halted = 1;
2782 ehciR3UpdateQHD(pDevIns, GCPhysQHD, pQhd);
2783 return false;
2784}
2785
2786/**
2787 * A worker for ehciR3ServiceITD which submits the specified TD.
2788 *
2789 * @returns true on success.
2790 * @returns false on failure to submit.
2791 */
2792static bool ehciR3SubmitITD(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC,
2793 PEHCI_ITD pItd, RTGCPHYS ITdAddr, const unsigned iFrame)
2794{
2795 /*
2796 * Determine the endpoint direction.
2797 */
2798 VUSBDIRECTION enmDir;
2799 if(pItd->Buffer.Misc.DirectionIn)
2800 enmDir = VUSBDIRECTION_IN;
2801 else
2802 enmDir = VUSBDIRECTION_OUT;
2803
2804 /*
2805 * Extract the packet sizes and calc the total URB size.
2806 */
2807 struct
2808 {
2809 uint16_t cb;
2810 } aPkts[EHCI_NUM_ITD_TRANSACTIONS];
2811
2812 unsigned cPackets = 0;
2813 uint32_t cbTotal = 0;
2814 for (unsigned i=0;i<RT_ELEMENTS(pItd->Transaction);i++)
2815 {
2816 if (pItd->Transaction[i].Active)
2817 {
2818 aPkts[cPackets].cb = pItd->Transaction[i].Length;
2819 cbTotal += pItd->Transaction[i].Length;
2820 cPackets++;
2821 }
2822 }
2823 Assert(cbTotal <= 24576);
2824
2825 pThisCC->fIdle = false; /* Mark as active */
2826
2827 /*
2828 * Allocate and initialize the URB.
2829 */
2830 PVUSBURB pUrb = VUSBIRhNewUrb(pThisCC->RootHub.pIRhConn, pItd->Buffer.Misc.DeviceAddress, VUSB_DEVICE_PORT_INVALID,
2831 VUSBXFERTYPE_ISOC, enmDir, cbTotal, 1, NULL);
2832 if (!pUrb)
2833 /* retry later... */
2834 return false;
2835
2836 pUrb->EndPt = pItd->Buffer.Misc.EndPt;
2837 pUrb->fShortNotOk = false;
2838 pUrb->enmStatus = VUSBSTATUS_OK;
2839 pUrb->pHci->cTds = 1;
2840 pUrb->pHci->EdAddr = ITdAddr;
2841 pUrb->pHci->fUnlinked = false;
2842 pUrb->pHci->u32FrameNo = iFrame;
2843 pUrb->paTds[0].TdAddr = ITdAddr;
2844 pUrb->paTds[0].TdType = EHCI_DESCRIPTOR_ITD;
2845 AssertCompile(sizeof(pUrb->paTds[0].TdCopy) >= sizeof(*pItd));
2846 memcpy(pUrb->paTds[0].TdCopy, pItd, sizeof(*pItd));
2847#if 0 /* color the data */
2848 memset(pUrb->abData, 0xfe, cbTotal);
2849#endif
2850
2851 /* copy the data */
2852 if ( cbTotal
2853 && enmDir != VUSBDIRECTION_IN)
2854 {
2855 unsigned curOffset = 0;
2856
2857 for (unsigned i=0;i<RT_ELEMENTS(pItd->Transaction);i++)
2858 {
2859 RTGCPHYS GCPhysBuf;
2860
2861 if (pItd->Transaction[i].Active)
2862 {
2863 const unsigned pg = pItd->Transaction[i].PG;
2864
2865 GCPhysBuf = (RTGCPHYS)pItd->Buffer.Buffer[pg].Pointer << EHCI_BUFFER_PTR_SHIFT;
2866 GCPhysBuf += pItd->Transaction[i].Offset;
2867
2868 /* If the transfer would cross page boundary, use the next sequential PG pointer
2869 * for the second part (section 4.7.1).
2870 */
2871 if (pItd->Transaction[i].Offset + pItd->Transaction[i].Length > GUEST_PAGE_SIZE)
2872 {
2873 unsigned cb1 = GUEST_PAGE_SIZE - pItd->Transaction[i].Offset;
2874 unsigned cb2 = pItd->Transaction[i].Length - cb1;
2875
2876 ehciPhysRead(pDevIns, GCPhysBuf, &pUrb->abData[curOffset], cb1);
2877 if ((pg + 1) >= EHCI_NUM_ITD_PAGES)
2878 LogRelMax(10, ("EHCI: Crossing to undefined page %d in iTD at %RGp on submit.\n", pg + 1, pUrb->paTds[0].TdAddr));
2879
2880 GCPhysBuf = (RTGCPHYS)pItd->Buffer.Buffer[pg + 1].Pointer << EHCI_BUFFER_PTR_SHIFT;
2881 ehciPhysRead(pDevIns, GCPhysBuf, &pUrb->abData[curOffset + cb1], cb2);
2882 }
2883 else
2884 ehciPhysRead(pDevIns, GCPhysBuf, &pUrb->abData[curOffset], pItd->Transaction[i].Length);
2885
2886 curOffset += pItd->Transaction[i].Length;
2887 }
2888 }
2889 }
2890
2891 /* setup the packets */
2892 pUrb->cIsocPkts = cPackets;
2893 unsigned off = 0;
2894 for (unsigned i = 0; i < pUrb->cIsocPkts; i++)
2895 {
2896 pUrb->aIsocPkts[i].enmStatus = VUSBSTATUS_NOT_ACCESSED;
2897 pUrb->aIsocPkts[i].off = off;
2898 off += pUrb->aIsocPkts[i].cb = aPkts[i].cb;
2899 }
2900 Assert(off == cbTotal);
2901
2902 /*
2903 * Submit the URB.
2904 */
2905 ehciR3InFlightAddUrb(pThis, pThisCC, pUrb);
2906 Log(("%s: ehciR3SubmitITD: cbData=%#x cIsocPkts=%d TdAddr=%RGp (%#x)\n",
2907 pUrb->pszDesc, pUrb->cbData, pUrb->cIsocPkts, ITdAddr, iFrame));
2908 RTCritSectLeave(&pThisCC->CritSect);
2909 int rc = VUSBIRhSubmitUrb(pThisCC->RootHub.pIRhConn, pUrb, &pThisCC->RootHub.Led);
2910 RTCritSectEnter(&pThisCC->CritSect);
2911 if (RT_SUCCESS(rc))
2912 return true;
2913
2914 /* Failure cleanup. Can happen if we're still resetting the device or out of resources. */
2915 LogFunc(("failed pUrb=%p cbData=%#x cTds=%d ITdAddr0=%RGp - rc=%Rrc\n",
2916 pUrb, cbTotal, 1, ITdAddr, rc));
2917 ehciR3InFlightRemove(pThis, pThisCC, ITdAddr);
2918 return false;
2919}
2920
2921
2922/**
2923 * Services an ITD list (only for high-speed isochronous endpoints; all others use queues)
2924 *
2925 * An ITD can contain up to 8 transactions, which are all processed within a single frame.
2926 * Note that FRINDEX includes the micro-frame number, but only bits [12:3] are used as an
2927 * index into the periodic frame list (see 4.7.1).
2928 */
2929static void ehciR3ServiceITD(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC,
2930 RTGCPHYS GCPhys, EHCI_SERVICE_TYPE enmServiceType, const unsigned iFrame)
2931{
2932 RT_NOREF(enmServiceType);
2933 bool fAnyActive = false;
2934 EHCI_ITD_PAD PaddedItd;
2935 PEHCI_ITD pItd = &PaddedItd.itd;
2936
2937 if (ehciR3IsTdInFlight(pThisCC, GCPhys))
2938 return;
2939
2940 /* Read the whole ITD */
2941 ehciR3ReadItd(pDevIns, GCPhys, &PaddedItd);
2942
2943 Log2((" ITD: %RGp={Addr=%x EndPt=%x Dir=%s MaxSize=%x Mult=%d}\n", GCPhys, pItd->Buffer.Misc.DeviceAddress, pItd->Buffer.Misc.EndPt, (pItd->Buffer.Misc.DirectionIn) ? "in" : "out", pItd->Buffer.Misc.MaxPacket, pItd->Buffer.Misc.Multi));
2944
2945 /* Some basic checks */
2946 for (unsigned i = 0; i < RT_ELEMENTS(pItd->Transaction); i++)
2947 {
2948 if (pItd->Transaction[i].Active)
2949 {
2950 fAnyActive = true;
2951 if (pItd->Transaction[i].PG >= EHCI_NUM_ITD_PAGES)
2952 {
2953 /* Using out of range PG value (7) yields undefined behavior. We will attempt
2954 * the last page below 4GB (which is ROM, not writable).
2955 */
2956 LogRelMax(10, ("EHCI: Illegal page value %d in iTD at %RGp.\n", pItd->Transaction[i].PG, (RTGCPHYS)GCPhys));
2957 }
2958
2959 Log2((" T%d Len=%x Offset=%x PG=%d IOC=%d Buffer=%x\n", i, pItd->Transaction[i].Length, pItd->Transaction[i].Offset, pItd->Transaction[i].PG, pItd->Transaction[i].IOC,
2960 pItd->Buffer.Buffer[pItd->Transaction[i].PG].Pointer));
2961 }
2962 }
2963 /* We can't service one transaction every 125 usec, so we'll handle all 8 of them at once. */
2964 if (fAnyActive)
2965 ehciR3SubmitITD(pDevIns, pThis, pThisCC, pItd, GCPhys, iFrame);
2966 else
2967 Log2((" ITD not active, skipping.\n"));
2968}
2969
2970/**
2971 * Services an SITD list
2972 */
2973static void ehciR3ServiceSITD(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC,
2974 RTGCPHYS GCPhys, EHCI_SERVICE_TYPE enmServiceType, const unsigned iFrame)
2975{
2976 RT_NOREF(pThis, pThisCC, enmServiceType, iFrame);
2977
2978 /* Read the whole SITD */
2979 EHCI_SITD sitd;
2980 ehciR3ReadSitd(pDevIns, GCPhys, &sitd);
2981
2982 Log2((" SITD: %RGp={Addr=%x EndPt=%x Dir=%s MaxSize=%x}\n", GCPhys, sitd.Address.DeviceAddress, sitd.Address.EndPt, (sitd.Address.DirectionIn) ? "in" : "out", sitd.Transfer.Length));
2983
2984 if (sitd.Transfer.Active)
2985 AssertMsgFailed(("SITD lists not implemented; active SITD should never occur!\n"));
2986 else
2987 Log2((" SITD not active, skipping.\n"));
2988}
2989
2990/**
2991 * Copies the currently active QTD to the QH overlay area
2992 */
2993static void ehciR3QHSetupOverlay(PPDMDEVINS pDevIns, PEHCI_QHD pQhd, RTGCPHYS GCPhysQHD, PEHCI_QTD pQtd, RTGCPHYS GCPhysQTD)
2994{
2995 bool fDataToggle = pQhd->Overlay.OrgQTD.Token.Bits.DataToggle;
2996
2997 Assert(pQtd->Token.Bits.Active);
2998
2999 Log2Func(("current pointer %RGp old %RGp\n", GCPhysQTD, ((RTGCPHYS)pQhd->CurrQTD.Pointer << EHCI_TD_PTR_SHIFT)));
3000 pQhd->CurrQTD.Pointer = GCPhysQTD >> EHCI_TD_PTR_SHIFT;
3001 pQhd->CurrQTD.Reserved = 0;
3002 pQhd->Overlay.OrgQTD = *pQtd;
3003 /* All fields except those below are copied from the QTD; see 4.10.2 */
3004 if (pQhd->Characteristics.DataToggle)
3005 pQhd->Overlay.OrgQTD.Token.Bits.DataToggle = fDataToggle; /* Preserve data toggle bit in the queue head */
3006
3007 pQhd->Overlay.Status.Buffer1.CProgMask = 0;
3008 pQhd->Overlay.Status.Buffer2.FrameTag = 0;
3009 pQhd->Overlay.Status.AltNextQTD.NakCnt = pQhd->Characteristics.NakCountReload;
3010 /* Note: ping state not changed if it's a high-speed device */
3011
3012 /* Save the current QTD to the overlay area */
3013 ehciR3UpdateQHD(pDevIns, GCPhysQHD, pQhd);
3014}
3015
3016/**
3017 * Updates the currently active QTD to the QH overlay area
3018 */
3019static void ehciR3QHUpdateOverlay(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC,
3020 PEHCI_QHD pQhd, RTGCPHYS GCPhysQHD, PEHCI_QTD pQtd)
3021{
3022 Assert(!pQtd->Token.Bits.Active);
3023 pQhd->Overlay.OrgQTD = *pQtd;
3024 if (!pQhd->Overlay.OrgQTD.Next.Terminate)
3025 {
3026 EHCI_QTD qtdNext;
3027 RTGCPHYS GCPhysNextQTD = (RTGCPHYS)pQhd->Overlay.OrgQTD.Next.Pointer << EHCI_TD_PTR_SHIFT;
3028
3029 if (ehciR3IsTdInFlight(pThisCC, GCPhysNextQTD))
3030 {
3031 /* Read the whole QTD */
3032 ehciR3ReadQTD(pDevIns, GCPhysNextQTD, &qtdNext);
3033 if (qtdNext.Token.Bits.Active)
3034 {
3035 ehciR3QHSetupOverlay(pDevIns, pQhd, GCPhysQHD, &qtdNext, GCPhysNextQTD);
3036 return;
3037 }
3038 else
3039 {
3040 /* Td has been cancelled! */
3041 LogFunc(("in-flight qTD %RGp has been cancelled! (active=%d T=%d)\n", GCPhysNextQTD, qtdNext.Token.Bits.Active, pQhd->Overlay.OrgQTD.Next.Terminate));
3042 /** @todo we don't properly cancel the URB; it will remain active on the host.... */
3043 ehciR3InFlightRemove(pThis, pThisCC, GCPhysNextQTD);
3044 }
3045 }
3046 }
3047 /* Save the current QTD to the overlay area. */
3048 ehciR3UpdateQHD(pDevIns, GCPhysQHD, pQhd);
3049}
3050
3051/**
3052 * Services a QTD list
3053 */
3054static RTGCPHYS ehciR3ServiceQTD(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC, PEHCI_QHD pQhd, RTGCPHYS GCPhysQHD,
3055 RTGCPHYS GCPhysQTD, EHCI_SERVICE_TYPE enmServiceType, const unsigned iFrame)
3056{
3057 EHCI_QTD qtd;
3058
3059 /* Read the whole QTD */
3060 ehciR3ReadQTD(pDevIns, GCPhysQTD, &qtd);
3061
3062 if (qtd.Token.Bits.Active)
3063 {
3064 if (!ehciR3IsTdInFlight(pThisCC, GCPhysQTD))
3065 {
3066 /* Don't queue more than one non-bulk transfer at a time */
3067 if ( ehciR3QueryTransferType(pQhd) != VUSBXFERTYPE_BULK
3068 && pQhd->Overlay.OrgQTD.Token.Bits.Active)
3069 return 0;
3070
3071 Log2((" Length=%x IOC=%d DT=%d PID=%s}\n", qtd.Token.Bits.Length, qtd.Token.Bits.IOC, qtd.Token.Bits.DataToggle, ehciPID2Str(qtd.Token.Bits.PID)));
3072 if ( !pQhd->Overlay.OrgQTD.Token.Bits.Active
3073 || GCPhysQTD == (RTGCPHYS)pQhd->CurrQTD.Pointer << EHCI_TD_PTR_SHIFT)
3074 ehciR3QHSetupOverlay(pDevIns, pQhd, GCPhysQHD, &qtd, GCPhysQTD);
3075 else
3076 Log2Func(("transfer %RGp in progress -> don't update the overlay\n", (RTGCPHYS)pQhd->CurrQTD.Pointer << EHCI_TD_PTR_SHIFT));
3077
3078 ehciR3SubmitQTD(pDevIns, pThis, pThisCC, GCPhysQHD, pQhd, GCPhysQTD, &qtd, iFrame);
3079
3080 /* Set the Reclamation bit in USBSTS (4.10.3) */
3081 if (enmServiceType == EHCI_SERVICE_ASYNC)
3082 {
3083 Log2Func(("activity detected, set EHCI_STATUS_RECLAMATION\n"));
3084 ASMAtomicOrU32(&pThis->intr_status, EHCI_STATUS_RECLAMATION);
3085 }
3086
3087 /* Reread the whole QTD; it might have been completed already and therefore changed */
3088 ehciR3ReadQTD(pDevIns, GCPhysQTD, &qtd);
3089 }
3090 /* Table 4-10: any transfer with zero size: queue only one */
3091 if (qtd.Token.Bits.Length == 0)
3092 {
3093 LogFunc(("queue only one: transfer with zero size\n"));
3094 return 0;
3095 }
3096
3097 /* We can't queue more than one TD if we can't decide here and now which TD we should take next */
3098 if ( qtd.Token.Bits.Active /* only check if this urb is in-flight */
3099 && qtd.Token.Bits.PID == EHCI_QTD_PID_IN
3100 && !qtd.AltNext.Terminate
3101 && !qtd.Next.Terminate
3102 && qtd.Next.Pointer != qtd.AltNext.Pointer)
3103 {
3104 Log2Func(("Can't decide which pointer to take next; don't queue more than one!\n"));
3105 return 0;
3106 }
3107 }
3108 else
3109 {
3110 Log2((" Not active}\n"));
3111 return 0;
3112 }
3113
3114 /* If the 'Bytes to Transfer' field is not zero and the T-bit in the AltNext pointer is zero, then use this pointer. (4.10.2) */
3115 if ( !qtd.Token.Bits.Active /* only check if no urbs are in-flight */
3116 && qtd.Token.Bits.PID == EHCI_QTD_PID_IN /* short packets only apply to incoming tds */
3117 && !qtd.AltNext.Terminate
3118 && qtd.Token.Bits.Length)
3119 {
3120 Assert(qtd.AltNext.Pointer);
3121 Log2(("Taking alternate pointer %RGp\n", (RTGCPHYS)(qtd.AltNext.Pointer << EHCI_TD_PTR_SHIFT)));
3122 return (RTGCPHYS)qtd.AltNext.Pointer << EHCI_TD_PTR_SHIFT;
3123 }
3124 else
3125 {
3126 Assert(qtd.Next.Pointer || qtd.Next.Terminate);
3127 if (qtd.Next.Terminate || !qtd.Next.Pointer)
3128 return 0;
3129 return (RTGCPHYS)qtd.Next.Pointer << EHCI_TD_PTR_SHIFT;
3130 }
3131}
3132
3133/**
3134 * Services a QHD list
3135 */
3136static bool ehciR3ServiceQHD(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC,
3137 RTGCPHYS GCPhys, EHCI_SERVICE_TYPE enmServiceType, const unsigned iFrame)
3138{
3139 EHCI_QHD qhd;
3140
3141 Log2Func(("%RGp={", GCPhys));
3142
3143 /* Read the whole QHD */ /** @todo reading too much */
3144 ehciR3ReadQHD(pDevIns, GCPhys, &qhd);
3145
3146 /* Only interrupt qHDs should be linked from the periodic list; the S-mask field description
3147 * in table 3-20 clearly says a zero S-mask on the periodic list yields undefined results. In reality,
3148 * the Windows HCD links dummy qHDs at the start of the interrupt queue and these have an empty S-mask.
3149 * If we're servicing the periodic list, check the S-mask first; that takes care of the dummy qHDs.
3150 */
3151 if (enmServiceType == EHCI_SERVICE_PERIODIC)
3152 {
3153 // If iFrame was a micro-frame number, we should check the S-mask against it. But
3154 // we're processing all micro-frames at once, so we'll look at any qHD with non-zero S-mask
3155 if (qhd.Caps.SMask == 0) {
3156 Log2Func(("periodic qHD not scheduled for current frame -> next\n"));
3157 return true;
3158 }
3159 else
3160 Log2Func(("periodic qHD scheduled for current frame, processing\n"));
3161 }
3162 else
3163 {
3164 Assert(enmServiceType == EHCI_SERVICE_ASYNC);
3165 /* Empty schedule detection (4.10.1), for async schedule only */
3166 if (qhd.Characteristics.HeadReclamation) /* H-bit set but not an interrupt qHD */
3167 {
3168 if (pThis->intr_status & EHCI_STATUS_RECLAMATION)
3169 {
3170 Log2Func(("clear EHCI_STATUS_RECLAMATION\n"));
3171 ASMAtomicAndU32(&pThis->intr_status, ~EHCI_STATUS_RECLAMATION);
3172 }
3173 else
3174 {
3175 Log2Func(("empty schedule -> bail out\n"));
3176 pThis->fAsyncTraversalTimerActive = true;
3177 return false; /** stop traversing the list */
3178 }
3179 }
3180 }
3181
3182 /* no active qTD here or in the next queue element -> skip to next horizontal pointer (Figure 4.14 & 4.10.2) */
3183 if ( !qhd.Overlay.OrgQTD.Token.Bits.Active
3184 && qhd.Characteristics.InActiveNext)
3185 {
3186 Log2Func(("skip to next pointer (active)\n"));
3187 return true;
3188 }
3189 /* we are ignoring the Inactivate on Next Transaction bit; only applies to periodic lists & low or full speed devices (table 3.9) */
3190
3191 /** We are not allowed to handle multiple TDs unless async park is enabled (and only for high-speed devices), but we can cheat a bit. */
3192 unsigned PMCount = 1;
3193 if ( (pThis->cmd & EHCI_CMD_ASYNC_SCHED_PARK_ENABLE)
3194 && qhd.Characteristics.EndPtSpeed == EHCI_QHD_EPT_SPEED_HIGH
3195 && enmServiceType == EHCI_SERVICE_ASYNC)
3196 {
3197 PMCount = (pThis->cmd & EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_MASK) >> EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_SHIFT;
3198 Log2Func(("PM Count=%d\n", PMCount));
3199
3200 /* We will attempt to queue a bit more if we're allowed to queue more than one TD. */
3201 if (PMCount != 1)
3202 PMCount = 16;
3203 }
3204
3205 /* Queue as many transfer descriptors as possible */
3206 RTGCPHYS GCPhysQTD;
3207 if (qhd.Overlay.OrgQTD.Token.Bits.Active)
3208 {
3209 Assert(ehciR3IsTdInFlight(pThisCC, (RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT));
3210 GCPhysQTD = (RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT;
3211 }
3212 else
3213 {
3214 /* If the 'Bytes to Transfer' field is not zero and the T-bit in the AltNext pointer is zero, then use this pointer. (4.10.2) */
3215 if ( !qhd.Overlay.OrgQTD.AltNext.Terminate
3216 && qhd.Overlay.OrgQTD.Token.Bits.Length)
3217 {
3218 Assert(qhd.Overlay.OrgQTD.AltNext.Pointer);
3219 Log2(("Taking alternate pointer %RGp\n", (RTGCPHYS)qhd.Overlay.OrgQTD.AltNext.Pointer << EHCI_TD_PTR_SHIFT));
3220 GCPhysQTD = (RTGCPHYS)qhd.Overlay.OrgQTD.AltNext.Pointer << EHCI_TD_PTR_SHIFT;
3221 }
3222 else
3223 {
3224 Assert(qhd.Overlay.OrgQTD.Next.Pointer || qhd.Overlay.OrgQTD.Next.Terminate || qhd.Overlay.OrgQTD.Token.Bits.Halted);
3225 if (qhd.Overlay.OrgQTD.Next.Terminate || !qhd.Overlay.OrgQTD.Next.Pointer || qhd.Overlay.OrgQTD.Token.Bits.Halted)
3226 GCPhysQTD = 0;
3227 else
3228 GCPhysQTD = (RTGCPHYS)qhd.Overlay.OrgQTD.Next.Pointer << EHCI_TD_PTR_SHIFT;
3229 }
3230 }
3231
3232 while (GCPhysQTD && PMCount--)
3233 {
3234 GCPhysQTD = ehciR3ServiceQTD(pDevIns, pThis, pThisCC, &qhd, GCPhys, GCPhysQTD, enmServiceType, iFrame);
3235
3236 /* Reread the whole QHD; urb submit can call us right back which causes QH changes */ /** @todo reading too much */
3237 ehciR3ReadQHD(pDevIns, GCPhys, &qhd);
3238 }
3239 return true;
3240}
3241
3242/**
3243 * Services a FSTN list
3244 */
3245static void ehciR3ServiceFSTN(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC,
3246 RTGCPHYS GCPhys, EHCI_SERVICE_TYPE enmServiceType, const unsigned iFrame)
3247{
3248 RT_NOREF(pDevIns, pThis, pThisCC, GCPhys, enmServiceType, iFrame);
3249 AssertMsgFailed(("FSTN lists not implemented; should never occur!\n"));
3250}
3251
3252/**
3253 * Services the async list.
3254 *
3255 * The async list has complex URB assembling, but that's taken
3256 * care of at VUSB level (unlike the other transfer types).
3257 */
3258static void ehciR3ServiceAsyncList(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC, const unsigned iFrame)
3259{
3260 RTGCPHYS GCPhysHead = pThis->async_list_base;
3261 RTGCPHYS GCPhys = GCPhysHead;
3262 EHCI_TD_PTR ptr;
3263 unsigned cIterations = 0;
3264
3265 Assert(!(pThis->async_list_base & 0x1f));
3266 Assert(pThis->cmd & EHCI_CMD_ASYNC_SCHED_ENABLE);
3267 Assert(pThis->cmd & EHCI_CMD_RUN);
3268
3269 Log2Func(("%RGp\n", GCPhysHead));
3270#ifdef LOG_ENABLED
3271 ehciR3DumpQH(pDevIns, GCPhysHead, true);
3272#endif
3273
3274 /* Signal the async advance doorbell interrupt (if required) */
3275 if ( (pThis->cmd & EHCI_CMD_INT_ON_ADVANCE_DOORBELL))
3276// && !pThis->cInFlight)
3277 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_INT_ON_ASYNC_ADV);
3278
3279 /* Process the list of qHDs */
3280 for (;;)
3281 {
3282 /* Process the qHD */
3283 if (!ehciR3ServiceQHD(pDevIns, pThis, pThisCC, GCPhys, EHCI_SERVICE_ASYNC, iFrame))
3284 break;
3285
3286 /* Read the next pointer */
3287 RTGCPHYS GCPhysLast = GCPhys;
3288 ehciR3ReadTDPtr(pDevIns, GCPhys, &ptr);
3289
3290 /* Detect obvious loops. */
3291 if (GCPhys == ((RTGCPHYS)ptr.Pointer << EHCI_TD_PTR_SHIFT))
3292 break;
3293
3294 /* Technically a zero address could be valid, but that's extremely unlikely! */
3295 Assert(ptr.Pointer || ptr.Terminate);
3296 if (ptr.Terminate || !ptr.Pointer)
3297 break;
3298
3299 /* Not clear what we should do if this *is* something other than a qHD. */
3300 AssertMsg(ptr.Type == EHCI_DESCRIPTOR_QH, ("Unexpected pointer to type %d\n", ptr.Type));
3301 if (ptr.Type != EHCI_DESCRIPTOR_QH)
3302 break;
3303
3304 /* If we ran too many iterations, the list must be looping in on itself.
3305 * On a real controller loops wouldn't be fatal, as it will eventually
3306 * run out of time in the micro-frame.
3307 */
3308 AssertMsgBreak(++cIterations < 128, ("Too many iterations, exiting\n"));
3309
3310 /* next */
3311 GCPhys = (RTGCPHYS)ptr.Pointer << EHCI_TD_PTR_SHIFT;
3312 Assert(!(GCPhys & 0x1f));
3313 if ( GCPhys == GCPhysHead
3314 || GCPhys == GCPhysLast)
3315 break; /* break the loop */
3316 }
3317
3318#ifdef LOG_ENABLED
3319 if (g_fLogControlEPs)
3320 ehciR3DumpQH(pDevIns, GCPhysHead, true);
3321#endif
3322}
3323
3324
3325/**
3326 * Services the periodic list.
3327 *
3328 * On the interrupt portion of the periodic list we must reassemble URBs from multiple
3329 * TDs using heuristics derived from USB tracing done in the guests and guest source
3330 * code (when available).
3331 */
3332static void ehciR3ServicePeriodicList(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC, const unsigned iFrame)
3333{
3334 Assert(pThis->cmd & EHCI_CMD_PERIODIC_SCHED_ENABLE);
3335
3336#ifdef LOG_ENABLED
3337 RTGCPHYS pFramePtrHead = 0;
3338 if (g_fLogInterruptEPs)
3339 {
3340 RTGCPHYS pFramePtr = pThis->periodic_list_base + iFrame * sizeof(EHCI_FRAME_LIST_PTR);
3341
3342 pFramePtrHead = pFramePtr;
3343
3344 char sz[48];
3345 RTStrPrintf(sz, sizeof(sz), "Int%02x before", iFrame);
3346 ehciR3DumpPeriodicList(pDevIns, pFramePtrHead, sz, true);
3347 }
3348#endif
3349
3350 /*
3351 * Iterate the periodic list.
3352 */
3353 EHCI_FRAME_LIST_PTR FramePtr;
3354 RTGCPHYS GCPhys = pThis->periodic_list_base + iFrame * sizeof(FramePtr);
3355 unsigned iterations = 0;
3356
3357 ehciR3ReadFrameListPtr(pDevIns, GCPhys, &FramePtr);
3358 while (!FramePtr.Terminate && (pThis->cmd & EHCI_CMD_RUN))
3359 {
3360 GCPhys = (RTGCPHYS)FramePtr.FrameAddr << EHCI_FRAME_LIST_NEXTPTR_SHIFT;
3361 /* Process the descriptor based on its type. Note that on the periodic
3362 * list, HCDs may (and do) mix iTDs and qHDs more or less freely.
3363 */
3364 switch(FramePtr.Type)
3365 {
3366 case EHCI_DESCRIPTOR_ITD:
3367 ehciR3ServiceITD(pDevIns, pThis, pThisCC, GCPhys, EHCI_SERVICE_PERIODIC, iFrame);
3368 break;
3369 case EHCI_DESCRIPTOR_SITD:
3370 ehciR3ServiceSITD(pDevIns, pThis, pThisCC, GCPhys, EHCI_SERVICE_PERIODIC, iFrame);
3371 break;
3372 case EHCI_DESCRIPTOR_QH:
3373 ehciR3ServiceQHD(pDevIns, pThis, pThisCC, GCPhys, EHCI_SERVICE_PERIODIC, iFrame);
3374 break;
3375 case EHCI_DESCRIPTOR_FSTN:
3376 ehciR3ServiceFSTN(pDevIns, pThis, pThisCC, GCPhys, EHCI_SERVICE_PERIODIC, iFrame);
3377 break;
3378 }
3379
3380 /* If we ran too many iterations, the list must be looping in on itself.
3381 * On a real controller loops wouldn't be fatal, as it will eventually
3382 * run out of time in the micro-frame.
3383 */
3384 if (++iterations == 2048)
3385 {
3386 AssertMsgFailed(("ehciR3ServicePeriodicList: Too many iterations, exiting\n"));
3387 break;
3388 }
3389 /* Read the next link */
3390 ehciR3ReadFrameListPtr(pDevIns, GCPhys, &FramePtr);
3391
3392 /* Detect obvious loops. */
3393 if (GCPhys == ((RTGCPHYS)FramePtr.FrameAddr << EHCI_FRAME_LIST_NEXTPTR_SHIFT))
3394 break;
3395 }
3396
3397#ifdef LOG_ENABLED
3398 if (g_fLogInterruptEPs)
3399 {
3400 char sz[48];
3401 RTStrPrintf(sz, sizeof(sz), "Int%02x after ", iFrame);
3402 ehciR3DumpPeriodicList(pDevIns, pFramePtrHead, sz, true);
3403 }
3404#endif
3405}
3406
3407
3408/**
3409 * Calculate frame timer variables given a frame rate (1,000 Hz is the full speed).
3410 */
3411static void ehciR3CalcTimerIntervals(PEHCI pThis, PEHCICC pThisCC, uint32_t u32FrameRate)
3412{
3413 Assert(u32FrameRate <= EHCI_HARDWARE_TIMER_FREQ);
3414
3415 pThis->uFramesPerTimerCall = EHCI_HARDWARE_TIMER_FREQ / u32FrameRate;
3416 pThisCC->nsWait = RT_NS_1SEC / u32FrameRate;
3417 pThisCC->cTicksPerFrame = pThisCC->u64TimerHz / u32FrameRate;
3418 if (!pThisCC->cTicksPerFrame)
3419 pThisCC->cTicksPerFrame = 1;
3420 pThisCC->uFrameRate = u32FrameRate;
3421}
3422
3423/**
3424 * Generate a Start-Of-Frame event, and set a timer for End-Of-Frame.
3425 */
3426static void ehciR3StartOfFrame(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC)
3427{
3428 uint32_t uNewFrameRate = pThisCC->uFrameRate;
3429#ifdef LOG_ENABLED
3430 const uint32_t status_old = pThis->intr_status;
3431#endif
3432
3433 pThis->SofTime += pThisCC->cTicksPerFrame;
3434 unsigned iFrame = (pThis->frame_idx >> EHCI_FRINDEX_FRAME_INDEX_SHIFT) & EHCI_FRINDEX_FRAME_INDEX_MASK;
3435
3436 if (pThis->uIrqInterval < pThis->uFramesPerTimerCall)
3437 pThis->uIrqInterval = 0;
3438 else
3439 pThis->uIrqInterval -= pThis->uFramesPerTimerCall;
3440
3441 /* Empty async list detection halted the async schedule */
3442 if (pThis->fAsyncTraversalTimerActive)
3443 {
3444 /* Table 4.7 in 4.8.4.1 */
3445 Log2Func(("setting STATUS_RECLAMATION after empty list detection\n"));
3446 ASMAtomicOrU32(&pThis->intr_status, EHCI_STATUS_RECLAMATION);
3447 pThis->fAsyncTraversalTimerActive = false;
3448 }
3449
3450 /*
3451 * Periodic EPs (Isochronous & Interrupt)
3452 */
3453 if (pThis->cmd & EHCI_CMD_PERIODIC_SCHED_ENABLE)
3454 {
3455 int num_frames = RT_MAX(1, pThis->uFramesPerTimerCall >> EHCI_FRINDEX_FRAME_INDEX_SHIFT);
3456 Assert(num_frames > 0 && num_frames < 1024);
3457
3458 ASMAtomicOrU32(&pThis->intr_status, EHCI_STATUS_PERIOD_SCHED);
3459
3460 if (pThis->cmd & EHCI_CMD_RUN)
3461 {
3462 /* If we're running the frame timer at a reduced rate, we still need to process
3463 * all frames. Otherwise we risk completely missing newly scheduled periodic transfers.
3464 */
3465 for (int i = 0; i < num_frames; ++i)
3466 ehciR3ServicePeriodicList(pDevIns, pThis, pThisCC, (iFrame + i) & EHCI_FRINDEX_FRAME_INDEX_MASK);
3467 }
3468 }
3469 else
3470 ASMAtomicAndU32(&pThis->intr_status, ~EHCI_STATUS_PERIOD_SCHED);
3471
3472 /*
3473 * Async EPs (Control and Bulk)
3474 */
3475 if (pThis->cmd & EHCI_CMD_ASYNC_SCHED_ENABLE)
3476 {
3477 ASMAtomicOrU32(&pThis->intr_status, EHCI_STATUS_ASYNC_SCHED);
3478 if (pThis->cmd & EHCI_CMD_RUN)
3479 ehciR3ServiceAsyncList(pDevIns, pThis, pThisCC, iFrame);
3480 }
3481 else
3482 ASMAtomicAndU32(&pThis->intr_status, ~EHCI_STATUS_ASYNC_SCHED);
3483
3484 /*
3485 * ASSUME the guest won't be very upset if a TD is completed, retired and handed
3486 * back immediately. The idea is to be able to retire the data and/or status stages
3487 * of a control transfer together with the setup stage, thus saving a frame. This
3488 * behaviour is should be perfectly ok, since the setup (and maybe data) stages
3489 * have already taken at least one frame to complete.
3490 *
3491 * But, when implementing the first synchronous virtual USB devices, we'll have to
3492 * verify that the guest doesn't choke when having a TD returned in the same frame
3493 * as it was submitted.
3494 */
3495
3496#ifdef LOG_ENABLED
3497 if (pThis->intr_status ^ status_old)
3498 {
3499 uint32_t val = pThis->intr_status;
3500 uint32_t chg = val ^ status_old; NOREF(chg);
3501 Log2Func(("HcCommandStatus=%#010x: %sHCR=%d %sCLF=%d %sBLF=%d %sOCR=%d %sSOC=%d\n",
3502 val,
3503 chg & RT_BIT(0) ? "*" : "", val & 1,
3504 chg & RT_BIT(1) ? "*" : "", (val >> 1) & 1,
3505 chg & RT_BIT(2) ? "*" : "", (val >> 2) & 1,
3506 chg & RT_BIT(3) ? "*" : "", (val >> 3) & 1,
3507 chg & (3<<16)? "*" : "", (val >> 16) & 3));
3508 }
3509#endif
3510
3511 /*
3512 * Adjust the frame timer interval based on idle detection.
3513 */
3514 if (pThisCC->fIdle)
3515 {
3516 pThisCC->cIdleCycles++;
3517
3518 /*
3519 * Set the new frame rate based on how long we've been idle.
3520 * Don't remain more than 2 seconds in each frame rate (except for lowest one).
3521 */
3522 /** @todo Experiment with these values. */
3523 if (pThisCC->cIdleCycles == 2 * pThisCC->uFrameRate)
3524 {
3525 if (pThisCC->uFrameRate > 500)
3526 uNewFrameRate = pThisCC->uFrameRate - 500;
3527 else
3528 uNewFrameRate = 50; /* Absolute minimum is 50 Hertz, i.e 20ms interval. */
3529
3530 pThisCC->cIdleCycles = 1;
3531 }
3532 }
3533 else
3534 {
3535 if (pThisCC->cIdleCycles)
3536 {
3537 pThisCC->cIdleCycles = 0;
3538 uNewFrameRate = pThisCC->uFrameRateDefault;
3539 }
3540 }
3541 if (uNewFrameRate != pThisCC->uFrameRate)
3542 ehciR3CalcTimerIntervals(pThis, pThisCC, uNewFrameRate);
3543}
3544
3545/**
3546 * Updates the HcFmNumber and frame_index values. HcFmNumber contains the current USB
3547 * frame number, frame_idx is the current micro-frame. In other words,
3548 *
3549 * HcFmNumber == frame_idx << EHCI_FRAME_INDEX_SHIFT
3550 */
3551static void ehciR3BumpFrameNumber(PPDMDEVINS pDevIns, PEHCI pThis)
3552{
3553 pThis->HcFmNumber = pThis->frame_idx;
3554
3555 const uint32_t u32OldFmNumber = pThis->HcFmNumber;
3556
3557 pThis->HcFmNumber += pThis->uFramesPerTimerCall;
3558
3559 if ((u32OldFmNumber ^ pThis->HcFmNumber) & ~EHCI_FRINDEX_FRAME_INDEX_MASK)
3560 {
3561 Log2Func(("rollover!\n"));
3562 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_FRAME_LIST_ROLLOVER);
3563 }
3564
3565 pThis->frame_idx = pThis->HcFmNumber;
3566
3567}
3568
3569/**
3570 * @callback_method_impl{PFNPDMTHREADDEV, EHCI Frame Thread}
3571 */
3572static DECLCALLBACK(int) ehciR3ThreadFrame(PPDMDEVINS pDevIns, PPDMTHREAD pThread)
3573{
3574 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
3575 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
3576
3577 if (pThread->enmState == PDMTHREADSTATE_INITIALIZING)
3578 return VINF_SUCCESS;
3579
3580 while (pThread->enmState == PDMTHREADSTATE_RUNNING)
3581 {
3582 int rc = VINF_SUCCESS;
3583 while ( !ASMAtomicReadBool(&pThis->fBusStarted)
3584 && pThread->enmState == PDMTHREADSTATE_RUNNING)
3585 {
3586 /* Make sure the SCHED status bits are clear. */
3587 ASMAtomicAndU32(&pThis->intr_status, ~EHCI_STATUS_PERIOD_SCHED);
3588 ASMAtomicAndU32(&pThis->intr_status, ~EHCI_STATUS_ASYNC_SCHED);
3589
3590 /* Signal the waiter that we are stopped now. */
3591 rc = RTSemEventMultiSignal(pThisCC->hSemEventFrameStopped);
3592 AssertRC(rc);
3593
3594 rc = RTSemEventMultiWait(pThisCC->hSemEventFrame, RT_INDEFINITE_WAIT);
3595 RTSemEventMultiReset(pThisCC->hSemEventFrame);
3596 }
3597
3598 AssertLogRelMsgReturn(RT_SUCCESS(rc) || rc == VERR_TIMEOUT, ("%Rrc\n", rc), rc);
3599 if (RT_UNLIKELY(pThread->enmState != PDMTHREADSTATE_RUNNING))
3600 break;
3601
3602 uint64_t const tsNanoStart = RTTimeNanoTS();
3603
3604 RTCritSectEnter(&pThisCC->CritSect);
3605
3606 /* Reset idle detection flag */
3607 pThisCC->fIdle = true;
3608
3609 /* Frame boundary, so do EOF stuff here */
3610 ehciR3StartOfFrame(pDevIns, pThis, pThisCC);
3611
3612 /* Start the next frame */
3613 ehciR3BumpFrameNumber(pDevIns, pThis);
3614
3615 RTCritSectLeave(&pThisCC->CritSect);
3616
3617 /* Wait for the next round. */
3618 uint64_t nsWait = (RTTimeNanoTS() + pThisCC->nsWait) - tsNanoStart;
3619
3620 rc = RTSemEventMultiWaitEx(pThisCC->hSemEventFrame, RTSEMWAIT_FLAGS_RELATIVE | RTSEMWAIT_FLAGS_NANOSECS | RTSEMWAIT_FLAGS_UNINTERRUPTIBLE,
3621 nsWait);
3622 AssertLogRelMsg(RT_SUCCESS(rc) || rc == VERR_TIMEOUT, ("%Rrc\n", rc));
3623 RTSemEventMultiReset(pThisCC->hSemEventFrame);
3624 }
3625
3626 return VINF_SUCCESS;
3627}
3628
3629/**
3630 * Unblock the framer thread so it can respond to a state change.
3631 *
3632 * @returns VBox status code.
3633 * @param pDevIns The device instance.
3634 * @param pThread The send thread.
3635 */
3636static DECLCALLBACK(int) ehciR3ThreadFrameWakeup(PPDMDEVINS pDevIns, PPDMTHREAD pThread)
3637{
3638 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
3639 RT_NOREF(pThread);
3640 return RTSemEventMultiSignal(pThisCC->hSemEventFrame);
3641}
3642
3643/**
3644 * Start sending SOF tokens across the USB bus, lists are processed in next frame.
3645 */
3646static void ehciR3BusStart(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC)
3647{
3648 pThisCC->RootHub.pIRhConn->pfnPowerOn(pThisCC->RootHub.pIRhConn);
3649 ehciR3BumpFrameNumber(pDevIns, pThis);
3650
3651 LogFunc(("Bus started\n"));
3652
3653 ASMAtomicAndU32(&pThis->intr_status, ~EHCI_STATUS_HCHALTED);
3654 pThis->SofTime = PDMDevHlpTMTimeVirtGet(pDevIns) - pThisCC->cTicksPerFrame;
3655 bool fBusActive = ASMAtomicXchgBool(&pThis->fBusStarted, true);
3656 if (!fBusActive)
3657 RTSemEventMultiSignal(pThisCC->hSemEventFrame);
3658}
3659
3660/**
3661 * Stop sending SOF tokens on the bus
3662 */
3663static void ehciR3BusStop(PEHCI pThis, PEHCICC pThisCC)
3664{
3665 LogFunc(("\n"));
3666 bool fBusActive = ASMAtomicXchgBool(&pThis->fBusStarted, false);
3667 if (fBusActive)
3668 {
3669 int rc = RTSemEventMultiReset(pThisCC->hSemEventFrameStopped);
3670 AssertRC(rc);
3671
3672 /* Signal the frame thread to stop. */
3673 RTSemEventMultiSignal(pThisCC->hSemEventFrame);
3674
3675 /* Wait for signal from the thread that it stopped. */
3676 rc = RTSemEventMultiWait(pThisCC->hSemEventFrameStopped, RT_INDEFINITE_WAIT);
3677 AssertRC(rc);
3678 }
3679 pThisCC->RootHub.pIRhConn->pfnPowerOff(pThisCC->RootHub.pIRhConn);
3680 ASMAtomicOrU32(&pThis->intr_status, EHCI_STATUS_HCHALTED);
3681}
3682
3683/**
3684 * Power a port up or down
3685 */
3686static void ehciR3PortPower(PEHCI pThis, PEHCICC pThisCC, unsigned iPort, bool fPowerUp)
3687{
3688 bool fOldPPS = !!(pThis->RootHub.aPorts[iPort].fReg & EHCI_PORT_POWER);
3689 if (fPowerUp)
3690 {
3691 Log2Func(("port %d UP\n", iPort));
3692 /* power up */
3693 if (pThisCC->RootHub.aPorts[iPort].fAttached)
3694 ASMAtomicOrU32(&pThis->RootHub.aPorts[iPort].fReg, EHCI_PORT_CURRENT_CONNECT);
3695 if (pThis->RootHub.aPorts[iPort].fReg & EHCI_PORT_CURRENT_CONNECT)
3696 ASMAtomicOrU32(&pThis->RootHub.aPorts[iPort].fReg, EHCI_PORT_POWER);
3697 if (pThisCC->RootHub.aPorts[iPort].fAttached && !fOldPPS)
3698 VUSBIRhDevPowerOn(pThisCC->RootHub.pIRhConn, EHCI_PORT_2_VUSB_PORT(iPort));
3699 }
3700 else
3701 {
3702 Log2(("Func port %d DOWN\n", iPort));
3703 /* power down */
3704 ASMAtomicAndU32(&pThis->RootHub.aPorts[iPort].fReg, ~(EHCI_PORT_POWER|EHCI_PORT_CURRENT_CONNECT));
3705 if (pThisCC->RootHub.aPorts[iPort].fAttached && fOldPPS)
3706 VUSBIRhDevPowerOff(pThisCC->RootHub.pIRhConn, EHCI_PORT_2_VUSB_PORT(iPort));
3707 }
3708}
3709
3710/**
3711 * Completion callback for the VUSBIDevReset() operation.
3712 * @thread EMT.
3713 */
3714static void ehciR3PortResetDone(PEHCI pThis, PEHCICC pThisCC, uint32_t uPort, int rc)
3715{
3716 Log2Func(("rc=%Rrc\n", rc));
3717 Assert(uPort >= 1);
3718 unsigned iPort = uPort - 1;
3719
3720 if (RT_SUCCESS(rc))
3721 {
3722 /*
3723 * Successful reset.
3724 */
3725 Log2Func(("Reset completed.\n"));
3726 /* Note: XP relies on us clearing EHCI_PORT_CONNECT_CHANGE */
3727 ASMAtomicAndU32(&pThis->RootHub.aPorts[iPort].fReg, ~(EHCI_PORT_RESET | EHCI_PORT_SUSPEND | EHCI_PORT_CONNECT_CHANGE));
3728 ASMAtomicOrU32(&pThis->RootHub.aPorts[iPort].fReg, EHCI_PORT_PORT_ENABLED);
3729 }
3730 else
3731 {
3732 /* desperate measures. */
3733 if ( pThisCC->RootHub.aPorts[iPort].fAttached
3734 && VUSBIRhDevGetState(pThisCC->RootHub.pIRhConn, uPort) == VUSB_DEVICE_STATE_ATTACHED)
3735 {
3736 /*
3737 * Damn, something weird happend during reset. We'll pretend the user did an
3738 * incredible fast reconnect or something. (prolly not gonna work)
3739 */
3740 Log2Func(("The reset failed (rc=%Rrc)!!! Pretending reconnect at the speed of light.\n", rc));
3741 ASMAtomicOrU32(&pThis->RootHub.aPorts[iPort].fReg, EHCI_PORT_CURRENT_CONNECT | EHCI_PORT_CONNECT_CHANGE);
3742 }
3743 else
3744 {
3745 /*
3746 * The device has / will be disconnected.
3747 */
3748 Log2Func(("Disconnected (rc=%Rrc)!!!\n", rc));
3749 ASMAtomicAndU32(&pThis->RootHub.aPorts[iPort].fReg, ~(EHCI_PORT_RESET | EHCI_PORT_SUSPEND));
3750 ASMAtomicOrU32(&pThis->RootHub.aPorts[iPort].fReg, EHCI_PORT_CONNECT_CHANGE);
3751 }
3752 }
3753}
3754
3755/**
3756 * Sets a flag in a port status register but only set it if a device is
3757 * connected, if not set ConnectStatusChange flag to force HCD to reevaluate
3758 * connect status.
3759 *
3760 * @returns true if device was connected and the flag was cleared.
3761 */
3762static bool ehciR3RhPortSetIfConnected(PEHCIROOTHUB pRh, int iPort, uint32_t fValue)
3763{
3764 /*
3765 * Writing a 0 has no effect
3766 */
3767 if (fValue == 0)
3768 return false;
3769
3770 /*
3771 * The port might be still/already disconnected.
3772 */
3773 if (!(pRh->aPorts[iPort].fReg & EHCI_PORT_CURRENT_CONNECT))
3774 return false;
3775
3776 bool fRc = !(pRh->aPorts[iPort].fReg & fValue);
3777
3778 /* set the bit */
3779 ASMAtomicOrU32(&pRh->aPorts[iPort].fReg, fValue);
3780
3781 return fRc;
3782}
3783
3784#endif /* IN_RING3 */
3785
3786
3787/**
3788 * Read the USBCMD register of the host controller.
3789 */
3790static VBOXSTRICTRC HcCommand_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
3791{
3792 /* Signal the async advance doorbell interrupt (if required)
3793 * XP polls the command register to see when it can queue up more TDs.
3794 */
3795 if ( (pThis->cmd & EHCI_CMD_INT_ON_ADVANCE_DOORBELL))
3796// && !pThis->cInFlight)
3797 {
3798 int rc = ehciSetInterrupt(pDevIns, pThis, VINF_IOM_R3_MMIO_READ, EHCI_STATUS_INT_ON_ASYNC_ADV);
3799 if (rc != VINF_SUCCESS)
3800 return rc;
3801 }
3802
3803 *pu32Value = pThis->cmd;
3804 RT_NOREF(iReg);
3805 return VINF_SUCCESS;
3806}
3807
3808/**
3809 * Write to the USBCMD register of the host controller.
3810 */
3811static VBOXSTRICTRC HcCommand_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
3812{
3813#ifdef IN_RING3
3814 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
3815#endif
3816 RT_NOREF(pDevIns, iReg);
3817
3818#ifdef LOG_ENABLED
3819 Log(("HcCommand_w old=%x new=%x\n", pThis->cmd, val));
3820 if (val & EHCI_CMD_RUN)
3821 Log((" CMD_RUN\n"));
3822 if (val & EHCI_CMD_RESET)
3823 Log((" CMD_RESET\n"));
3824 if (val & EHCI_CMD_PERIODIC_SCHED_ENABLE)
3825 Log((" CMD_PERIODIC_SCHED_ENABLE\n"));
3826 if (val & EHCI_CMD_ASYNC_SCHED_ENABLE)
3827 Log((" CMD_ASYNC_SCHED_ENABLE\n"));
3828 if (val & EHCI_CMD_INT_ON_ADVANCE_DOORBELL)
3829 Log((" CMD_INT_ON_ADVANCE_DOORBELL\n"));
3830 if (val & EHCI_CMD_SOFT_RESET)
3831 Log((" CMD_SOFT_RESET\n"));
3832 if (val & EHCI_CMD_ASYNC_SCHED_PARK_ENABLE)
3833 Log((" CMD_ASYNC_SCHED_PARK_ENABLE\n"));
3834
3835 Log((" CMD_FRAME_LIST_SIZE %d\n", (val & EHCI_CMD_FRAME_LIST_SIZE_MASK) >> EHCI_CMD_FRAME_LIST_SIZE_SHIFT));
3836 Log((" CMD_ASYNC_SCHED_PARK_MODE_COUNT %d\n", (val & EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_MASK) >> EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_SHIFT));
3837 Log((" CMD_INTERRUPT_THRESHOLD %d\n", (val & EHCI_CMD_INTERRUPT_THRESHOLD_MASK) >> EHCI_CMD_INTERRUPT_THRESHOLD_SHIFT));
3838#endif
3839
3840 Assert(!(pThis->hcc_params & EHCI_HCC_PARAMS_PROGRAMMABLE_FRAME_LIST)); /* hardcoded assumptions about list size */
3841 if (!(pThis->hcc_params & EHCI_HCC_PARAMS_PROGRAMMABLE_FRAME_LIST))
3842 {
3843 if (val & EHCI_CMD_FRAME_LIST_SIZE_MASK)
3844 Log(("Trying to change the frame list size to %d even though it's hardcoded at 1024 elements!!\n", (val & EHCI_CMD_FRAME_LIST_SIZE_MASK) >> EHCI_CMD_FRAME_LIST_SIZE_SHIFT));
3845
3846 val &= ~EHCI_CMD_FRAME_LIST_SIZE_MASK; /* 00 = 1024 */
3847 }
3848 if (val & ~EHCI_CMD_MASK)
3849 Log(("Unknown bits %#x are set!!!\n", val & ~0x0003000f));
3850
3851 uint32_t old_cmd = pThis->cmd;
3852#ifdef IN_RING3
3853 pThis->cmd = val;
3854#endif
3855
3856 if (val & EHCI_CMD_RESET)
3857 {
3858#ifdef IN_RING3
3859 LogRel(("EHCI: Hardware reset\n"));
3860 ehciR3DoReset(pDevIns, pThis, pThisCC, EHCI_USB_RESET, true /* reset devices */);
3861#else
3862 return VINF_IOM_R3_MMIO_WRITE;
3863#endif
3864 }
3865 else if (val & EHCI_CMD_SOFT_RESET)
3866 {
3867#ifdef IN_RING3
3868 LogRel(("EHCI: Software reset\n"));
3869 ehciR3DoReset(pDevIns, pThis, pThisCC, EHCI_USB_SUSPEND, false /* N/A */);
3870#else
3871 return VINF_IOM_R3_MMIO_WRITE;
3872#endif
3873 }
3874 else
3875 {
3876 /* see what changed and take action on that. */
3877 uint32_t old_state = old_cmd & EHCI_CMD_RUN;
3878 uint32_t new_state = val & EHCI_CMD_RUN;
3879
3880 if (old_state != new_state)
3881 {
3882#ifdef IN_RING3
3883 switch (new_state)
3884 {
3885 case EHCI_CMD_RUN:
3886 LogRel(("EHCI: USB Operational\n"));
3887 ehciR3BusStart(pDevIns, pThis, pThisCC);
3888 break;
3889 case 0:
3890 ehciR3BusStop(pThis, pThisCC);
3891 LogRel(("EHCI: USB Suspended\n"));
3892 break;
3893 }
3894#else
3895 return VINF_IOM_R3_MMIO_WRITE;
3896#endif
3897 }
3898 }
3899#ifndef IN_RING3
3900 pThis->cmd = val;
3901#endif
3902 return VINF_SUCCESS;
3903}
3904
3905/**
3906 * Read the USBSTS register of the host controller.
3907 */
3908static VBOXSTRICTRC HcStatus_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
3909{
3910 RT_NOREF(pDevIns, iReg);
3911#ifdef LOG_ENABLED
3912 Log(("HcStatus_r current value %x\n", pThis->intr_status));
3913 if (pThis->intr_status & EHCI_STATUS_ASYNC_SCHED)
3914 Log((" STATUS_ASYNC_SCHED\n"));
3915 if (pThis->intr_status & EHCI_STATUS_PERIOD_SCHED)
3916 Log((" STATUS_PERIOD_SCHED\n"));
3917 if (pThis->intr_status & EHCI_STATUS_RECLAMATION)
3918 Log((" STATUS_RECLAMATION\n"));
3919 if (pThis->intr_status & EHCI_STATUS_HCHALTED)
3920 Log((" STATUS_HCHALTED\n"));
3921 if (pThis->intr_status & EHCI_STATUS_INT_ON_ASYNC_ADV)
3922 Log((" STATUS_INT_ON_ASYNC_ADV\n"));
3923 if (pThis->intr_status & EHCI_STATUS_HOST_SYSTEM_ERROR)
3924 Log((" STATUS_HOST_SYSTEM_ERROR\n"));
3925 if (pThis->intr_status & EHCI_STATUS_FRAME_LIST_ROLLOVER)
3926 Log((" STATUS_FRAME_LIST_ROLLOVER\n"));
3927 if (pThis->intr_status & EHCI_STATUS_PORT_CHANGE_DETECT)
3928 Log((" STATUS_PORT_CHANGE_DETECT\n"));
3929 if (pThis->intr_status & EHCI_STATUS_ERROR_INT)
3930 Log((" STATUS_ERROR_INT\n"));
3931 if (pThis->intr_status & EHCI_STATUS_THRESHOLD_INT)
3932 Log((" STATUS_THRESHOLD_INT\n"));
3933#endif
3934 *pu32Value = pThis->intr_status;
3935 return VINF_SUCCESS;
3936}
3937
3938/**
3939 * Write to the USBSTS register of the host controller.
3940 */
3941static VBOXSTRICTRC HcStatus_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
3942{
3943 RT_NOREF(iReg);
3944 VBOXSTRICTRC rc = PDMDevHlpCritSectEnter(pDevIns, &pThis->CsIrq, VINF_IOM_R3_MMIO_WRITE);
3945 if (rc != VINF_SUCCESS)
3946 return rc;
3947
3948#ifdef LOG_ENABLED
3949 Log(("HcStatus_w current value %x; new %x\n", pThis->intr_status, val));
3950 if (val & EHCI_STATUS_ASYNC_SCHED)
3951 Log((" STATUS_ASYNC_SCHED\n"));
3952 if (val & EHCI_STATUS_PERIOD_SCHED)
3953 Log((" STATUS_PERIOD_SCHED\n"));
3954 if (val & EHCI_STATUS_RECLAMATION)
3955 Log((" STATUS_RECLAMATION\n"));
3956 if (val & EHCI_STATUS_HCHALTED)
3957 Log((" STATUS_HCHALTED\n"));
3958 if (val & EHCI_STATUS_INT_ON_ASYNC_ADV)
3959 Log((" STATUS_INT_ON_ASYNC_ADV\n"));
3960 if (val & EHCI_STATUS_HOST_SYSTEM_ERROR)
3961 Log((" STATUS_HOST_SYSTEM_ERROR\n"));
3962 if (val & EHCI_STATUS_FRAME_LIST_ROLLOVER)
3963 Log((" STATUS_FRAME_LIST_ROLLOVER\n"));
3964 if (val & EHCI_STATUS_PORT_CHANGE_DETECT)
3965 Log((" STATUS_PORT_CHANGE_DETECT\n"));
3966 if (val & EHCI_STATUS_ERROR_INT)
3967 Log((" STATUS_ERROR_INT\n"));
3968 if (val & EHCI_STATUS_THRESHOLD_INT)
3969 Log((" STATUS_THRESHOLD_INT\n"));
3970#endif
3971 if ( (val & ~EHCI_STATUS_INTERRUPT_MASK)
3972 && val != 0xffffffff /* ignore clear-all-like requests from xp. */)
3973 Log(("Unknown bits %#x are set!!!\n", val & ~EHCI_STATUS_INTERRUPT_MASK));
3974
3975 /* Some bits are read-only */
3976 val &= EHCI_STATUS_INTERRUPT_MASK;
3977
3978 /* "The Host Controller Driver may clear specific bits in this
3979 * register by writing '1' to bit positions to be cleared"
3980 */
3981 ASMAtomicAndU32(&pThis->intr_status, ~val);
3982 ehciUpdateInterruptLocked(pDevIns, pThis, "HcStatus_w");
3983
3984 PDMDevHlpCritSectLeave(pDevIns, &pThis->CsIrq);
3985 return VINF_SUCCESS;
3986}
3987
3988/**
3989 * Read the USBINTR register of the host controller.
3990 */
3991static VBOXSTRICTRC HcInterruptEnable_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
3992{
3993 RT_NOREF(pDevIns, iReg);
3994 *pu32Value = pThis->intr;
3995 return VINF_SUCCESS;
3996}
3997
3998/**
3999 * Write to the USBINTR register of the host controller.
4000 */
4001static VBOXSTRICTRC HcInterruptEnable_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
4002{
4003 RT_NOREF(iReg);
4004#ifdef LOG_ENABLED
4005 Log(("HcInterruptEnable_w -> new value %x\n", val));
4006 if (val & EHCI_INTR_ENABLE_THRESHOLD)
4007 Log((" INTR_ENABLE_THRESHOLD\n"));
4008 if (val & EHCI_INTR_ENABLE_ERROR)
4009 Log((" INTR_ENABLE_ERROR\n"));
4010 if (val & EHCI_INTR_ENABLE_PORT_CHANGE)
4011 Log((" INTR_ENABLE_PORT_CHANGE\n"));
4012 if (val & EHCI_INTR_ENABLE_FRAME_LIST_ROLLOVER)
4013 Log((" INTR_ENABLE_FRAME_LIST_ROLLOVER\n"));
4014 if (val & EHCI_INTR_ENABLE_HOST_SYSTEM_ERROR)
4015 Log((" INTR_ENABLE_HOST_SYSTEM_ERROR\n"));
4016 if (val & EHCI_INTR_ENABLE_ASYNC_ADVANCE)
4017 Log((" INTR_ENABLE_ASYNC_ADVANCE\n"));
4018 if (val & ~EHCI_INTR_ENABLE_MASK)
4019 Log((" Illegal bits set %x!!\n", val & ~EHCI_INTR_ENABLE_MASK));
4020#endif
4021 VBOXSTRICTRC rc = PDMDevHlpCritSectEnter(pDevIns, &pThis->CsIrq, VINF_IOM_R3_MMIO_WRITE);
4022 if (rc == VINF_SUCCESS)
4023 {
4024 pThis->intr = val & EHCI_INTR_ENABLE_MASK;
4025 ehciUpdateInterruptLocked(pDevIns, pThis, "HcInterruptEnable_w");
4026 PDMDevHlpCritSectLeave(pDevIns, &pThis->CsIrq);
4027 }
4028 return rc;
4029}
4030
4031/**
4032 * Read the FRINDEX register of the host controller.
4033 */
4034static VBOXSTRICTRC HcFrameIndex_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
4035{
4036 RT_NOREF(pDevIns, iReg);
4037 Log2Func(("current frame %x\n", pThis->frame_idx));
4038 *pu32Value = pThis->frame_idx;
4039 return VINF_SUCCESS;
4040}
4041
4042/**
4043 * Write to the FRINDEX register of the host controller.
4044 */
4045static VBOXSTRICTRC HcFrameIndex_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
4046{
4047 RT_NOREF(pDevIns, iReg);
4048 LogFunc(("pThis->frame_idx new index=%x\n", val));
4049 if (!(pThis->intr_status & EHCI_STATUS_HCHALTED))
4050 Log(("->>Updating the frame index while the controller is running!!!\n"));
4051
4052 ASMAtomicXchgU32(&pThis->frame_idx, val);
4053 return VINF_SUCCESS;
4054}
4055
4056/**
4057 * Read the CTRLDSSEGMENT register of the host controller.
4058 */
4059static VBOXSTRICTRC HcControlDSSeg_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
4060{
4061 RT_NOREF(pDevIns, iReg);
4062 if (pThis->hcc_params & EHCI_HCC_PARAMS_64BITS_ADDRESSING)
4063 *pu32Value = pThis->ds_segment;
4064 else
4065 *pu32Value = 0;
4066
4067 return VINF_SUCCESS;
4068}
4069
4070/**
4071 * Write to the CTRLDSSEGMENT register of the host controller.
4072 */
4073static VBOXSTRICTRC HcControlDSSeg_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
4074{
4075 RT_NOREF(pDevIns, iReg);
4076 LogFunc(("new base %x\n", val));
4077 if (pThis->hcc_params & EHCI_HCC_PARAMS_64BITS_ADDRESSING)
4078 ASMAtomicXchgU32(&pThis->ds_segment, val);
4079
4080 return VINF_SUCCESS;
4081}
4082
4083/**
4084 * Read the PERIODICLISTBASE register of the host controller.
4085 */
4086static VBOXSTRICTRC HcPeriodicListBase_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
4087{
4088 RT_NOREF(pDevIns, iReg);
4089 Log2Func(("current base %x\n", pThis->periodic_list_base));
4090 *pu32Value = pThis->periodic_list_base;
4091 return VINF_SUCCESS;
4092}
4093
4094/**
4095 * Write to the PERIODICLISTBASE register of the host controller.
4096 */
4097static VBOXSTRICTRC HcPeriodicListBase_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
4098{
4099 RT_NOREF(pDevIns, iReg);
4100 LogFunc(("new base %x\n", val));
4101 if (val & ~EHCI_PERIODIC_LIST_MASK)
4102 Log(("->> Base not aligned on a 4kb boundary!!!!\n"));
4103 if ( !(pThis->intr_status & EHCI_STATUS_HCHALTED)
4104 && (pThis->cmd & EHCI_CMD_PERIODIC_SCHED_ENABLE))
4105 Log(("->>Updating the periodic list base while the controller is running!!!\n"));
4106
4107 ASMAtomicXchgU32(&pThis->periodic_list_base, val & EHCI_PERIODIC_LIST_MASK);
4108 return VINF_SUCCESS;
4109}
4110
4111/**
4112 * Read the ASYNCLISTADDR register of the host controller.
4113 */
4114static VBOXSTRICTRC HcAsyncListAddr_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
4115{
4116 RT_NOREF(pDevIns, iReg);
4117 Log2Func(("current base %x\n", pThis->async_list_base));
4118 *pu32Value = pThis->async_list_base;
4119 return VINF_SUCCESS;
4120}
4121
4122/**
4123 * Write to the ASYNCLISTADDR register of the host controller.
4124 */
4125static VBOXSTRICTRC HcAsyncListAddr_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
4126{
4127 RT_NOREF(pDevIns, iReg);
4128 LogFunc(("new address %x\n", val));
4129 if (val & ~EHCI_ASYNC_LIST_MASK)
4130 Log(("->> Base not aligned on a 32-byte boundary!!!!\n"));
4131 if ( !(pThis->intr_status & EHCI_STATUS_HCHALTED)
4132 && (pThis->cmd & EHCI_CMD_ASYNC_SCHED_ENABLE))
4133 Log(("->>Updating the asynchronous list address while the controller is running!!!\n"));
4134
4135 ASMAtomicXchgU32(&pThis->async_list_base, val & EHCI_ASYNC_LIST_MASK);
4136 return VINF_SUCCESS;
4137}
4138
4139/**
4140 * Read the CONFIGFLAG register of the host controller.
4141 */
4142static VBOXSTRICTRC HcConfigFlag_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
4143{
4144 RT_NOREF(pDevIns, iReg);
4145 Log2Func(("current config=%x\n", pThis->config));
4146 *pu32Value = pThis->config;
4147 return VINF_SUCCESS;
4148}
4149
4150/**
4151 * Write to the CONFIGFLAG register of the host controller.
4152 */
4153static VBOXSTRICTRC HcConfigFlag_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
4154{
4155 RT_NOREF(pDevIns, iReg);
4156 LogFunc(("new configuration routing %x\n", val & EHCI_CONFIGFLAG_ROUTING));
4157 pThis->config = val & EHCI_CONFIGFLAG_MASK;
4158 return VINF_SUCCESS;
4159}
4160
4161/**
4162 * Read the PORTSC register of a port
4163 */
4164static VBOXSTRICTRC HcPortStatusCtrl_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
4165{
4166 const unsigned i = iReg - 1;
4167 PEHCIHUBPORT p = &pThis->RootHub.aPorts[i];
4168 RT_NOREF(pDevIns);
4169
4170 Assert(!(pThis->hcs_params & EHCI_HCS_PARAMS_PORT_POWER_CONTROL));
4171
4172 if (p->fReg & EHCI_PORT_RESET)
4173 {
4174#ifdef IN_RING3
4175 Log2Func(("port %u: Impatient guest!\n", i));
4176 RTThreadYield();
4177#else
4178 Log2Func(("yield -> VINF_IOM_R3_MMIO_READ\n"));
4179 return VINF_IOM_R3_MMIO_READ;
4180#endif
4181 }
4182
4183 *pu32Value = p->fReg;
4184 return VINF_SUCCESS;
4185}
4186
4187/**
4188 * Write to the PORTSC register of a port
4189 */
4190static VBOXSTRICTRC HcPortStatusCtrl_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
4191{
4192 const unsigned i = iReg - 1;
4193 PEHCIHUBPORT pPort = &pThis->RootHub.aPorts[i];
4194
4195 if ( pPort->fReg == val
4196 && !(val & EHCI_PORT_CHANGE_MASK))
4197 return VINF_SUCCESS;
4198
4199#ifdef IN_RING3
4200 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
4201
4202 LogFunc(("port %d: old=%x new=%x\n", i, pPort->fReg, val));
4203 Assert(!(pThis->hcs_params & EHCI_HCS_PARAMS_PORT_POWER_CONTROL));
4204 Assert(pPort->fReg & EHCI_PORT_POWER);
4205
4206 if (val & EHCI_PORT_RESERVED)
4207 Log(("Invalid bits set %x!!!\n", val & EHCI_PORT_RESERVED));
4208
4209 /* Write to clear any of the change bits: EHCI_PORT_CONNECT_CHANGE, EHCI_PORT_PORT_CHANGE and EHCI_PORT_OVER_CURRENT_CHANGE */
4210 if (val & EHCI_PORT_CHANGE_MASK)
4211 {
4212 ASMAtomicAndU32(&pPort->fReg, ~(val & EHCI_PORT_CHANGE_MASK));
4213 /* XP seems to need this after device detach */
4214 if (!(pPort->fReg & EHCI_PORT_CURRENT_CONNECT))
4215 ASMAtomicAndU32(&pPort->fReg, ~EHCI_PORT_CONNECT_CHANGE);
4216 }
4217
4218 /* Writing the Port Enable/Disable bit as 1 has no effect; software cannot enable
4219 * the port that way. Writing the bit as zero does disable the port, but does not
4220 * set the corresponding 'changed' bit or trigger an interrupt.
4221 */
4222 if (!(val & EHCI_PORT_PORT_ENABLED) && (pPort->fReg & EHCI_PORT_PORT_ENABLED))
4223 {
4224 ASMAtomicAndU32(&pPort->fReg, ~EHCI_PORT_PORT_ENABLED);
4225 LogFunc(("port %u: DISABLE\n", i));
4226 }
4227
4228 if (val & EHCI_PORT_SUSPEND)
4229 LogFunc(("port %u: SUSPEND - not implemented correctly!!!\n", i));
4230
4231 if (val & EHCI_PORT_RESET)
4232 {
4233 Log2Func(("Reset port\n"));
4234 if ( ehciR3RhPortSetIfConnected(&pThis->RootHub, i, val & EHCI_PORT_RESET) )
4235 {
4236 PVM pVM = PDMDevHlpGetVM(pDevIns);
4237 VUSBIRhDevReset(pThisCC->RootHub.pIRhConn, EHCI_PORT_2_VUSB_PORT(i), false /* don't reset on linux */, NULL /* sync */, pThis, pVM);
4238 ehciR3PortResetDone(pThis, pThisCC, EHCI_PORT_2_VUSB_PORT(i), VINF_SUCCESS);
4239 }
4240 else if (pPort->fReg & EHCI_PORT_RESET)
4241 {
4242 /* the guest is getting impatient. */
4243 Log2Func(("port %u: Impatient guest!\n", i));
4244 RTThreadYield();
4245 }
4246 }
4247
4248 /* EHCI_PORT_POWER ignored as we don't support this in HCS_PARAMS */
4249 /* EHCI_PORT_INDICATOR ignored as we don't support this in HCS_PARAMS */
4250 /* EHCI_PORT_TEST_CONTROL_MASK ignored */
4251 ASMAtomicAndU32(&pPort->fReg, ~EHCI_PORT_WAKE_MASK);
4252 ASMAtomicOrU32(&pPort->fReg, (val & EHCI_PORT_WAKE_MASK));
4253 return VINF_SUCCESS;
4254
4255#else /* !IN_RING3 */
4256 RT_NOREF(pDevIns);
4257 return VINF_IOM_R3_MMIO_WRITE;
4258#endif /* !IN_RING3 */
4259}
4260
4261/**
4262 * Register descriptor table
4263 */
4264static const EHCIOPREG g_aOpRegs[] =
4265{
4266 {"HcCommand" , HcCommand_r, HcCommand_w},
4267 {"HcStatus", HcStatus_r, HcStatus_w},
4268 {"HcInterruptEnable", HcInterruptEnable_r, HcInterruptEnable_w},
4269 {"HcFrameIndex", HcFrameIndex_r, HcFrameIndex_w},
4270 {"HcControlDSSeg", HcControlDSSeg_r, HcControlDSSeg_w},
4271 {"HcPeriodicListBase", HcPeriodicListBase_r, HcPeriodicListBase_w},
4272 {"HcAsyncListAddr", HcAsyncListAddr_r, HcAsyncListAddr_w}
4273};
4274
4275/**
4276 * Register descriptor table 2
4277 * (Starting at offset 0x40)
4278 */
4279static const EHCIOPREG g_aOpRegs2[] =
4280{
4281 {"HcConfigFlag", HcConfigFlag_r, HcConfigFlag_w},
4282
4283 /* The number of port status register depends on the definition
4284 * of EHCI_NDP_MAX macro
4285 */
4286 {"HcPortStatusCtrl[0]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4287 {"HcPortStatusCtrl[1]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4288 {"HcPortStatusCtrl[2]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4289 {"HcPortStatusCtrl[3]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4290 {"HcPortStatusCtrl[4]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4291 {"HcPortStatusCtrl[5]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4292 {"HcPortStatusCtrl[6]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4293 {"HcPortStatusCtrl[7]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4294 {"HcPortStatusCtrl[8]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4295 {"HcPortStatusCtrl[9]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4296 {"HcPortStatusCtrl[10]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4297 {"HcPortStatusCtrl[11]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4298 {"HcPortStatusCtrl[12]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4299 {"HcPortStatusCtrl[13]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4300 {"HcPortStatusCtrl[14]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4301};
4302
4303/* Quick way to determine how many op regs are valid. Since at least one port must
4304 * be configured (and no more than 15), there will be between 2 and 16 registers.
4305 */
4306#define NUM_OP_REGS2(pehci) (1 + EHCI_NDP_CFG(pehci))
4307
4308AssertCompile(RT_ELEMENTS(g_aOpRegs2) > 1);
4309AssertCompile(RT_ELEMENTS(g_aOpRegs2) <= 16);
4310
4311
4312/**
4313 * @callback_method_impl{FNIOMMMIONEWWRITE, Write to a MMIO register. }
4314 *
4315 * @note We only accept 32-bit reads that are 32-bit aligned.
4316 */
4317static DECLCALLBACK(VBOXSTRICTRC) ehciMmioRead(PPDMDEVINS pDevIns, void *pvUser, RTGCPHYS off, void *pv, unsigned cb)
4318{
4319 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4320 RT_NOREF(pvUser);
4321
4322 Log2Func(("%RGp size=%d\n", off, cb));
4323
4324 if (off < EHCI_CAPS_REG_SIZE)
4325 {
4326 switch (off)
4327 {
4328 case 0x0: /* CAPLENGTH */
4329 /* read CAPLENGTH + HCIVERSION in one go */
4330 if (cb == 4)
4331 {
4332 *(uint32_t *)pv = (pThis->hci_version << 16) | pThis->cap_length;
4333 return VINF_SUCCESS;
4334 }
4335
4336 AssertReturn(cb == 1, VINF_IOM_MMIO_UNUSED_FF);
4337 *(uint8_t *)pv = pThis->cap_length;
4338 break;
4339
4340 case 0x2: /* HCIVERSION */
4341 AssertReturn(cb == 2, VINF_IOM_MMIO_UNUSED_FF);
4342 *(uint16_t *)pv = pThis->hci_version;
4343 break;
4344
4345 case 0x4: /* HCSPARAMS (structural) */
4346 AssertReturn(cb == 4, VINF_IOM_MMIO_UNUSED_FF);
4347 *(uint32_t *)pv = pThis->hcs_params;
4348 break;
4349
4350 case 0x8: /* HCCPARAMS (caps) */
4351 AssertReturn(cb == 4, VINF_IOM_MMIO_UNUSED_FF);
4352 *(uint32_t *)pv = pThis->hcc_params;
4353 break;
4354
4355 case 0x9: /* one byte HCIPARAMS read (XP; EHCI extended capability offset) */
4356 AssertReturn(cb == 1, VINF_IOM_MMIO_UNUSED_FF);
4357 *(uint8_t *)pv = (uint8_t)(pThis->hcc_params >> 8);
4358 break;
4359
4360 case 0xC: /* HCSP-PORTROUTE (60 bits) */
4361 case 0x10:
4362 AssertReturn(cb == 4, VINF_IOM_MMIO_UNUSED_FF);
4363 *(uint32_t *)pv = 0;
4364 break;
4365
4366 default:
4367 LogFunc(("Trying to read register %#x!!!\n", off));
4368 return VINF_IOM_MMIO_UNUSED_FF;
4369 }
4370 Log2Func(("%RGp size=%d -> val=%x\n", off, cb, *(uint32_t *)pv));
4371 return VINF_SUCCESS;
4372 }
4373
4374 /*
4375 * Validate the access.
4376 */
4377 if (cb != sizeof(uint32_t))
4378 {
4379 Log2Func(("Bad read size!!! off=%RGp cb=%d\n", off, cb));
4380 return VINF_IOM_MMIO_UNUSED_FF; /* No idea what really would happen... */
4381 }
4382 if (off & 0x3)
4383 {
4384 Log2Func(("Unaligned read!!! off=%RGp cb=%d\n", off, cb));
4385 return VINF_IOM_MMIO_UNUSED_FF;
4386 }
4387
4388 /*
4389 * Validate the register and call the read operator.
4390 */
4391 VBOXSTRICTRC rc;
4392 uint32_t iReg = (off - pThis->cap_length) >> 2;
4393 if (iReg < RT_ELEMENTS(g_aOpRegs))
4394 {
4395 const EHCIOPREG *pReg = &g_aOpRegs[iReg];
4396 rc = pReg->pfnRead(pDevIns, pThis, iReg, (uint32_t *)pv);
4397 Log2Func(("%RGp size=%d -> val=%x (rc=%d)\n", off, cb, *(uint32_t *)pv, VBOXSTRICTRC_VAL(rc)));
4398 }
4399 else if (iReg >= 0x10) /* 0x40 */
4400 {
4401 iReg -= 0x10;
4402 if (iReg < NUM_OP_REGS2(pThis))
4403 {
4404 const EHCIOPREG *pReg = &g_aOpRegs2[iReg];
4405 rc = pReg->pfnRead(pDevIns, pThis, iReg, (uint32_t *)pv);
4406 Log2Func(("%RGp size=%d -> val=%x (rc=%d)*\n", off, cb, *(uint32_t *)pv, VBOXSTRICTRC_VAL(rc)));
4407 }
4408 else
4409 {
4410 LogFunc(("Trying to read register %u/%u!!!\n", iReg, NUM_OP_REGS2(pThis)));
4411 rc = VINF_IOM_MMIO_UNUSED_FF;
4412 }
4413 }
4414 else
4415 {
4416 LogFunc(("Trying to read register %u/%u (2)!!!\n", iReg, RT_ELEMENTS(g_aOpRegs)));
4417 rc = VINF_IOM_MMIO_UNUSED_FF;
4418 }
4419 return rc;
4420}
4421
4422
4423/**
4424 * @callback_method_impl{FNIOMMMIONEWWRITE, Write to a MMIO register. }
4425 *
4426 * @note We only accept 32-bit writes that are 32-bit aligned.
4427 */
4428static DECLCALLBACK(VBOXSTRICTRC) ehciMmioWrite(PPDMDEVINS pDevIns, void *pvUser, RTGCPHYS off, void const *pv, unsigned cb)
4429{
4430 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4431 RT_NOREF(pvUser);
4432
4433 Log2Func(("%RGp %x size=%d\n", off, *(uint32_t *)pv, cb));
4434
4435 if (off < EHCI_CAPS_REG_SIZE)
4436 {
4437 /* These are read-only */
4438 LogFunc(("Trying to write to register %#x!!!\n", off));
4439 return VINF_SUCCESS;
4440 }
4441
4442 /*
4443 * Validate the access.
4444 */
4445 if (cb != sizeof(uint32_t))
4446 {
4447 Log2Func(("Bad write size!!! off=%RGp cb=%d\n", off, cb));
4448 return VINF_SUCCESS;
4449 }
4450 if (off & 0x3)
4451 {
4452 Log2Func(("Unaligned write!!! off=%RGp cb=%d\n", off, cb));
4453 return VINF_SUCCESS;
4454 }
4455
4456 /*
4457 * Validate the register and call the read operator.
4458 */
4459 VBOXSTRICTRC rc;
4460 uint32_t iReg = (off - pThis->cap_length) >> 2;
4461 if (iReg < RT_ELEMENTS(g_aOpRegs))
4462 {
4463 const EHCIOPREG *pReg = &g_aOpRegs[iReg];
4464 rc = pReg->pfnWrite(pDevIns, pThis, iReg, *(uint32_t *)pv);
4465 }
4466 else if (iReg >= 0x10) /* 0x40 */
4467 {
4468 iReg -= 0x10;
4469 if (iReg < NUM_OP_REGS2(pThis))
4470 {
4471 const EHCIOPREG *pReg = &g_aOpRegs2[iReg];
4472 rc = pReg->pfnWrite(pDevIns, pThis, iReg, *(uint32_t *)pv);
4473 }
4474 else
4475 {
4476 LogFunc(("Trying to write to register %u/%u!!!\n", iReg, NUM_OP_REGS2(pThis)));
4477 rc = VINF_SUCCESS; /* ignore the invalid write */
4478 }
4479 }
4480 else
4481 {
4482 LogFunc(("Trying to write to register %u/%u!!! (2)\n", iReg, RT_ELEMENTS(g_aOpRegs)));
4483 rc = VINF_SUCCESS; /* ignore the invalid write */
4484 }
4485 return rc;
4486}
4487
4488#ifdef IN_RING3
4489
4490/**
4491 * @callback_method_impl{FNSSMDEVSAVEEXEC}
4492 */
4493static DECLCALLBACK(int) ehciR3SaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
4494{
4495 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4496 LogFlowFunc(("\n"));
4497 return pDevIns->pHlpR3->pfnSSMPutStructEx(pSSM, pThis, sizeof(*pThis), 0 /*fFlags*/, &g_aEhciFields[0], NULL);
4498}
4499
4500
4501/**
4502 * @callback_method_impl{FNSSMDEVLOADEXEC}
4503 */
4504static DECLCALLBACK(int) ehciLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
4505{
4506 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4507 PCPDMDEVHLPR3 pHlp = pDevIns->pHlpR3;
4508 int rc;
4509 LogFlowFunc(("\n"));
4510 Assert(uPass == SSM_PASS_FINAL); NOREF(uPass);
4511
4512 if (uVersion == EHCI_SAVED_STATE_VERSION)
4513 {
4514 rc = pHlp->pfnSSMGetStructEx(pSSM, pThis, sizeof(*pThis), 0 /*fFlags*/, &g_aEhciFields[0], NULL);
4515 if (RT_FAILURE(rc))
4516 return rc;
4517 }
4518 else if (uVersion == EHCI_SAVED_STATE_VERSION_PRE_TIMER_REMOVAL)
4519 {
4520 static SSMFIELD const g_aEhciFieldsPreTimerRemoval[] =
4521 {
4522 SSMFIELD_ENTRY( EHCI, fAsyncTraversalTimerActive),
4523 SSMFIELD_ENTRY( EHCI, SofTime),
4524 SSMFIELD_ENTRY( EHCI, RootHub.unused),
4525 SSMFIELD_ENTRY( EHCI, RootHub.unused),
4526 SSMFIELD_ENTRY( EHCI, RootHub.unused),
4527 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[0].fReg),
4528 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[1].fReg),
4529 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[2].fReg),
4530 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[3].fReg),
4531 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[4].fReg),
4532 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[5].fReg),
4533 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[6].fReg),
4534 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[7].fReg),
4535 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[8].fReg),
4536 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[9].fReg),
4537 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[10].fReg),
4538 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[11].fReg),
4539 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[12].fReg),
4540 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[13].fReg),
4541 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[14].fReg),
4542 SSMFIELD_ENTRY( EHCI, cap_length),
4543 SSMFIELD_ENTRY( EHCI, hci_version),
4544 SSMFIELD_ENTRY( EHCI, hcs_params),
4545 SSMFIELD_ENTRY( EHCI, hcc_params),
4546 SSMFIELD_ENTRY( EHCI, cmd),
4547 SSMFIELD_ENTRY( EHCI, intr_status),
4548 SSMFIELD_ENTRY( EHCI, intr),
4549 SSMFIELD_ENTRY( EHCI, frame_idx),
4550 SSMFIELD_ENTRY( EHCI, ds_segment),
4551 SSMFIELD_ENTRY( EHCI, periodic_list_base),
4552 SSMFIELD_ENTRY( EHCI, async_list_base),
4553 SSMFIELD_ENTRY( EHCI, config),
4554 SSMFIELD_ENTRY( EHCI, uIrqInterval),
4555 SSMFIELD_ENTRY( EHCI, HcFmNumber),
4556 SSMFIELD_ENTRY( EHCI, uFramesPerTimerCall),
4557 SSMFIELD_ENTRY_TERM()
4558 };
4559
4560 rc = pHlp->pfnSSMGetStructEx(pSSM, pThis, sizeof(*pThis), 0 /*fFlags*/, &g_aEhciFieldsPreTimerRemoval[0], NULL);
4561 if (RT_FAILURE(rc))
4562 return rc;
4563 AssertReturn(EHCI_NDP_CFG(pThis) <= EHCI_NDP_MAX, VERR_SSM_DATA_UNIT_FORMAT_CHANGED);
4564 }
4565 else if (uVersion == EHCI_SAVED_STATE_VERSION_8PORTS)
4566 {
4567 static SSMFIELD const s_aEhciFields8Ports[] =
4568 {
4569 SSMFIELD_ENTRY( EHCI, fAsyncTraversalTimerActive),
4570 SSMFIELD_ENTRY( EHCI, SofTime),
4571 SSMFIELD_ENTRY( EHCI, RootHub.unused),
4572 SSMFIELD_ENTRY( EHCI, RootHub.unused),
4573 SSMFIELD_ENTRY( EHCI, RootHub.unused),
4574 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[0].fReg),
4575 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[1].fReg),
4576 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[2].fReg),
4577 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[3].fReg),
4578 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[4].fReg),
4579 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[5].fReg),
4580 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[6].fReg),
4581 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[7].fReg),
4582 SSMFIELD_ENTRY( EHCI, cap_length),
4583 SSMFIELD_ENTRY( EHCI, hci_version),
4584 SSMFIELD_ENTRY( EHCI, hcs_params),
4585 SSMFIELD_ENTRY( EHCI, hcc_params),
4586 SSMFIELD_ENTRY( EHCI, cmd),
4587 SSMFIELD_ENTRY( EHCI, intr_status),
4588 SSMFIELD_ENTRY( EHCI, intr),
4589 SSMFIELD_ENTRY( EHCI, frame_idx),
4590 SSMFIELD_ENTRY( EHCI, ds_segment),
4591 SSMFIELD_ENTRY( EHCI, periodic_list_base),
4592 SSMFIELD_ENTRY( EHCI, async_list_base),
4593 SSMFIELD_ENTRY( EHCI, config),
4594 SSMFIELD_ENTRY( EHCI, uIrqInterval),
4595 SSMFIELD_ENTRY( EHCI, HcFmNumber),
4596 SSMFIELD_ENTRY( EHCI, uFramesPerTimerCall),
4597 SSMFIELD_ENTRY_TERM()
4598 };
4599
4600 rc = pHlp->pfnSSMGetStructEx(pSSM, pThis, sizeof(*pThis), 0 /*fFlags*/, &s_aEhciFields8Ports[0], NULL);
4601 if (RT_FAILURE(rc))
4602 return rc;
4603 AssertReturn(EHCI_NDP_CFG(pThis) == 8, VERR_SSM_DATA_UNIT_FORMAT_CHANGED);
4604 }
4605 else
4606 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
4607
4608 /*
4609 * The EOF timer changed from one to two in version 4 of the saved state,
4610 * then was dropped entirely in version 7.
4611 *
4612 * Note! Looks like someone remove the code that dealt with versions 1 thru 4,
4613 * without adjust the above comment.
4614 */
4615 if (uVersion <= EHCI_SAVED_STATE_VERSION_PRE_TIMER_REMOVAL)
4616 {
4617 bool fActive1 = false;
4618 pHlp->pfnTimerSkipLoad(pSSM, &fActive1);
4619 bool fActive2 = false;
4620 pHlp->pfnTimerSkipLoad(pSSM, &fActive2);
4621 bool fNoSync = false;
4622 rc = pHlp->pfnSSMGetBool(pSSM, &fNoSync);
4623 if ( RT_SUCCESS(rc)
4624 && (fActive1 || fActive2))
4625 pThis->fBusStarted = true;
4626 else
4627 pThis->fBusStarted = false;
4628 }
4629 return rc;
4630}
4631
4632
4633/**
4634 * @callback_method_impl{FNDBGFHANDLERDEV, Dumps EHCI control registers.}
4635 */
4636static DECLCALLBACK(void) ehciR3InfoRegs(PPDMDEVINS pDevIns, PCDBGFINFOHLP pHlp, const char *pszArgs)
4637{
4638 RT_NOREF(pszArgs);
4639 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4640 unsigned uPort;
4641
4642 /* Command register */
4643 pHlp->pfnPrintf(pHlp, "USBCMD: %x\n", pThis->cmd);
4644 if (pThis->cmd & EHCI_CMD_RUN)
4645 pHlp->pfnPrintf(pHlp, " CMD_RUN\n");
4646 if (pThis->cmd & EHCI_CMD_RESET)
4647 pHlp->pfnPrintf(pHlp, " CMD_RESET\n");
4648 if (pThis->cmd & EHCI_CMD_PERIODIC_SCHED_ENABLE)
4649 pHlp->pfnPrintf(pHlp, " CMD_PERIODIC_SCHED_ENABLE\n");
4650 if (pThis->cmd & EHCI_CMD_ASYNC_SCHED_ENABLE)
4651 pHlp->pfnPrintf(pHlp, " CMD_ASYNC_SCHED_ENABLE\n");
4652 if (pThis->cmd & EHCI_CMD_INT_ON_ADVANCE_DOORBELL)
4653 pHlp->pfnPrintf(pHlp, " CMD_INT_ON_ADVANCE_DOORBELL\n");
4654 if (pThis->cmd & EHCI_CMD_SOFT_RESET)
4655 pHlp->pfnPrintf(pHlp, " CMD_SOFT_RESET\n");
4656 if (pThis->cmd & EHCI_CMD_ASYNC_SCHED_PARK_ENABLE)
4657 pHlp->pfnPrintf(pHlp, " CMD_ASYNC_SCHED_PARK_ENABLE\n");
4658
4659 pHlp->pfnPrintf(pHlp, " CMD_FRAME_LIST_SIZE %d\n", (pThis->cmd & EHCI_CMD_FRAME_LIST_SIZE_MASK) >> EHCI_CMD_FRAME_LIST_SIZE_SHIFT);
4660 pHlp->pfnPrintf(pHlp, " CMD_ASYNC_SCHED_PARK_MODE_COUNT %d\n", (pThis->cmd & EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_MASK) >> EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_SHIFT);
4661 pHlp->pfnPrintf(pHlp, " CMD_INTERRUPT_THRESHOLD %d\n", (pThis->cmd & EHCI_CMD_INTERRUPT_THRESHOLD_MASK) >> EHCI_CMD_INTERRUPT_THRESHOLD_SHIFT);
4662
4663 /* Status register */
4664 pHlp->pfnPrintf(pHlp, "USBSTS: %x\n", pThis->intr_status);
4665 if (pThis->intr_status & EHCI_STATUS_ASYNC_SCHED)
4666 pHlp->pfnPrintf(pHlp, " STATUS_ASYNC_SCHED\n");
4667 if (pThis->intr_status & EHCI_STATUS_PERIOD_SCHED)
4668 pHlp->pfnPrintf(pHlp, " STATUS_PERIOD_SCHED\n");
4669 if (pThis->intr_status & EHCI_STATUS_RECLAMATION)
4670 pHlp->pfnPrintf(pHlp, " STATUS_RECLAMATION\n");
4671 if (pThis->intr_status & EHCI_STATUS_HCHALTED)
4672 pHlp->pfnPrintf(pHlp, " STATUS_HCHALTED\n");
4673 if (pThis->intr_status & EHCI_STATUS_INT_ON_ASYNC_ADV)
4674 pHlp->pfnPrintf(pHlp, " STATUS_INT_ON_ASYNC_ADV\n");
4675 if (pThis->intr_status & EHCI_STATUS_HOST_SYSTEM_ERROR)
4676 pHlp->pfnPrintf(pHlp, " STATUS_HOST_SYSTEM_ERROR\n");
4677 if (pThis->intr_status & EHCI_STATUS_FRAME_LIST_ROLLOVER)
4678 pHlp->pfnPrintf(pHlp, " STATUS_FRAME_LIST_ROLLOVER\n");
4679 if (pThis->intr_status & EHCI_STATUS_PORT_CHANGE_DETECT)
4680 pHlp->pfnPrintf(pHlp, " STATUS_PORT_CHANGE_DETECT\n");
4681 if (pThis->intr_status & EHCI_STATUS_ERROR_INT)
4682 pHlp->pfnPrintf(pHlp, " STATUS_ERROR_INT\n");
4683 if (pThis->intr_status & EHCI_STATUS_THRESHOLD_INT)
4684 pHlp->pfnPrintf(pHlp, " STATUS_THRESHOLD_INT\n");
4685
4686 /* Interrupt enable register */
4687 pHlp->pfnPrintf(pHlp, "USBINTR: %x\n", pThis->intr);
4688 if (pThis->intr & EHCI_INTR_ENABLE_THRESHOLD)
4689 pHlp->pfnPrintf(pHlp, " INTR_ENABLE_THRESHOLD\n");
4690 if (pThis->intr & EHCI_INTR_ENABLE_ERROR)
4691 pHlp->pfnPrintf(pHlp, " INTR_ENABLE_ERROR\n");
4692 if (pThis->intr & EHCI_INTR_ENABLE_PORT_CHANGE)
4693 pHlp->pfnPrintf(pHlp, " INTR_ENABLE_PORT_CHANGE\n");
4694 if (pThis->intr & EHCI_INTR_ENABLE_FRAME_LIST_ROLLOVER)
4695 pHlp->pfnPrintf(pHlp, " INTR_ENABLE_FRAME_LIST_ROLLOVER\n");
4696 if (pThis->intr & EHCI_INTR_ENABLE_HOST_SYSTEM_ERROR)
4697 pHlp->pfnPrintf(pHlp, " INTR_ENABLE_HOST_SYSTEM_ERROR\n");
4698 if (pThis->intr & EHCI_INTR_ENABLE_ASYNC_ADVANCE)
4699 pHlp->pfnPrintf(pHlp, " INTR_ENABLE_ASYNC_ADVANCE\n");
4700 if (pThis->intr & ~EHCI_INTR_ENABLE_MASK)
4701 pHlp->pfnPrintf(pHlp, " Illegal bits set %x!!\n", pThis->intr & ~EHCI_INTR_ENABLE_MASK);
4702
4703 /* Frame index register */
4704 pHlp->pfnPrintf(pHlp, "FRINDEX: %x\n", pThis->frame_idx);
4705
4706 /* Control data structure segment */
4707 pHlp->pfnPrintf(pHlp, "CTRLDSSEGMENT: %RX32\n", pThis->ds_segment);
4708
4709 /* Periodic frame list base address register */
4710 pHlp->pfnPrintf(pHlp, "PERIODICLISTBASE: %RX32\n", pThis->periodic_list_base);
4711
4712 /* Current asynchronous list address register */
4713 pHlp->pfnPrintf(pHlp, "ASYNCLISTADDR: %RX32\n", pThis->async_list_base);
4714
4715 pHlp->pfnPrintf(pHlp, "\n");
4716
4717 for (uPort = 0; uPort < EHCI_NDP_CFG(pThis); ++uPort)
4718 {
4719 PEHCIHUBPORT pPort = &pThis->RootHub.aPorts[uPort];
4720 pHlp->pfnPrintf(pHlp, "PORTSC for port %u:\n", uPort);
4721 if (pPort->fReg & EHCI_PORT_CURRENT_CONNECT)
4722 pHlp->pfnPrintf(pHlp, " PORT_CURRENT_CONNECT\n");
4723 if (pPort->fReg & EHCI_PORT_CONNECT_CHANGE)
4724 pHlp->pfnPrintf(pHlp, " PORT_CONNECT_CHANGE\n");
4725 if (pPort->fReg & EHCI_PORT_PORT_ENABLED)
4726 pHlp->pfnPrintf(pHlp, " PORT_PORT_ENABLED\n");
4727 if (pPort->fReg & EHCI_PORT_PORT_CHANGE)
4728 pHlp->pfnPrintf(pHlp, " PORT_PORT_CHANGE\n");
4729 if (pPort->fReg & EHCI_PORT_OVER_CURRENT_ACTIVE)
4730 pHlp->pfnPrintf(pHlp, " PORT_OVER_CURRENT_ACTIVE\n");
4731 if (pPort->fReg & EHCI_PORT_OVER_CURRENT_CHANGE)
4732 pHlp->pfnPrintf(pHlp, " PORT_OVER_CURRENT_CHANGE\n");
4733 if (pPort->fReg & EHCI_PORT_FORCE_PORT_RESUME)
4734 pHlp->pfnPrintf(pHlp, " PORT_FORCE_PORT_RESUME\n");
4735 if (pPort->fReg & EHCI_PORT_SUSPEND)
4736 pHlp->pfnPrintf(pHlp, " PORT_SUSPEND\n");
4737 if (pPort->fReg & EHCI_PORT_RESET)
4738 pHlp->pfnPrintf(pHlp, " PORT_RESET\n");
4739 pHlp->pfnPrintf(pHlp, " LINE_STATUS: ");
4740 switch ((pPort->fReg & EHCI_PORT_LINE_STATUS_MASK) >> EHCI_PORT_LINE_STATUS_SHIFT)
4741 {
4742 case 0:
4743 pHlp->pfnPrintf(pHlp, " SE0 (0), not low-speed\n");
4744 break;
4745 case 1:
4746 pHlp->pfnPrintf(pHlp, " K-state (1), low-speed device\n");
4747 break;
4748 case 2:
4749 pHlp->pfnPrintf(pHlp, " J-state (2), not low-speed\n");
4750 break;
4751 default:
4752 case 3:
4753 pHlp->pfnPrintf(pHlp, " Undefined (3)\n");
4754 break;
4755 }
4756 if (pPort->fReg & EHCI_PORT_POWER)
4757 pHlp->pfnPrintf(pHlp, " PORT_POWER\n");
4758 if (pPort->fReg & EHCI_PORT_OWNER)
4759 pHlp->pfnPrintf(pHlp, " PORT_OWNER (1 = owned by companion HC)\n");
4760 if (pPort->fReg & EHCI_PORT_WAKE_ON_CONNECT_ENABLE)
4761 pHlp->pfnPrintf(pHlp, " PORT_WAKE_ON_CONNECT_ENABLE\n");
4762 if (pPort->fReg & EHCI_PORT_WAKE_ON_DISCONNECT_ENABLE)
4763 pHlp->pfnPrintf(pHlp, " PORT_WAKE_ON_DISCONNECT_ENABLE\n");
4764 if (pPort->fReg & EHCI_PORT_WAKE_OVER_CURRENT_ENABLE)
4765 pHlp->pfnPrintf(pHlp, " PORT_WAKE_OVER_CURRENT_ENABLE\n");
4766 }
4767}
4768
4769
4770/**
4771 * @interface_method_impl{PDMDEVREG,pfnReset}
4772 */
4773static DECLCALLBACK(void) ehciR3Reset(PPDMDEVINS pDevIns)
4774{
4775 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4776 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
4777 LogFlowFunc(("\n"));
4778
4779 /*
4780 * There is no distinction between cold boot, warm reboot and software reboots,
4781 * all of these are treated as cold boots. We are also doing the initialization
4782 * job of a BIOS or SMM driver.
4783 *
4784 * Important: Don't confuse UsbReset with hardware reset. Hardware reset is
4785 * just one way of getting into the UsbReset state.
4786 */
4787 ehciR3BusStop(pThis, pThisCC);
4788 ehciR3DoReset(pDevIns, pThis, pThisCC, EHCI_USB_RESET, true /* reset devices */);
4789}
4790
4791
4792/**
4793 * Reset notification.
4794 *
4795 * @param pDevIns The device instance data.
4796 */
4797static DECLCALLBACK(void) ehciR3Resume(PPDMDEVINS pDevIns)
4798{
4799 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4800 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
4801 LogFlowFunc(("\n"));
4802
4803 /* Restart the frame thread if the timer is active. */
4804 if (pThis->fBusStarted)
4805 {
4806 LogFlowFunc(("Bus was active, restart frame thread\n"));
4807 RTSemEventMultiSignal(pThisCC->hSemEventFrame);
4808 }
4809}
4810
4811
4812/**
4813 * @interface_method_impl{PDMDEVREG,pfnDestruct}
4814 */
4815static DECLCALLBACK(int) ehciR3Destruct(PPDMDEVINS pDevIns)
4816{
4817 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
4818 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4819 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
4820 LogFlowFunc(("\n"));
4821
4822 if (pThisCC->hSemEventFrame != NIL_RTSEMEVENTMULTI)
4823 {
4824 RTSemEventMultiDestroy(pThisCC->hSemEventFrame);
4825 pThisCC->hSemEventFrame = NIL_RTSEMEVENTMULTI;
4826 }
4827
4828 if (pThisCC->hSemEventFrameStopped != NIL_RTSEMEVENTMULTI)
4829 {
4830 RTSemEventMultiDestroy(pThisCC->hSemEventFrameStopped);
4831 pThisCC->hSemEventFrameStopped = NIL_RTSEMEVENTMULTI;
4832 }
4833
4834 if (RTCritSectIsInitialized(&pThisCC->CritSect))
4835 RTCritSectDelete(&pThisCC->CritSect);
4836 PDMDevHlpCritSectDelete(pDevIns, &pThis->CsIrq);
4837
4838 /*
4839 * Tear down the per endpoint in-flight tracking...
4840 */
4841
4842 return VINF_SUCCESS;
4843}
4844
4845
4846/**
4847 * @interface_method_impl{PDMDEVREG,pfnConstruct,EHCI constructor}
4848 */
4849static DECLCALLBACK(int) ehciR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
4850{
4851 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
4852 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4853 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
4854 PCPDMDEVHLPR3 pHlp = pDevIns->pHlpR3;
4855 LogFlowFunc(("\n"));
4856
4857 /*
4858 * Read configuration.
4859 */
4860 PDMDEV_VALIDATE_CONFIG_RETURN(pDevIns, "DefaultFrameRateKHz|Ports", "");
4861
4862 /* Frame rate option. */
4863 int rc = pHlp->pfnCFGMQueryU32Def(pCfg, "DefaultFrameRateKHz", &pThisCC->uFrameRateDefault, EHCI_DEFAULT_TIMER_FREQ / 1000);
4864 if (RT_FAILURE(rc))
4865 return PDMDEV_SET_ERROR(pDevIns, rc,
4866 N_("EHCI configuration error: failed to read DefaultFrameRateKHz as integer"));
4867
4868 if ( pThisCC->uFrameRateDefault > EHCI_HARDWARE_TIMER_FREQ / 1000
4869 || pThisCC->uFrameRateDefault == 0)
4870 return PDMDevHlpVMSetError(pDevIns, VERR_INVALID_PARAMETER, RT_SRC_POS,
4871 N_("EHCI configuration error: DefaultFrameRateKHz must be in range [%u,%u]"),
4872 1, EHCI_HARDWARE_TIMER_FREQ / 1000);
4873
4874 /* Convert to Hertz. */
4875 pThisCC->uFrameRateDefault *= 1000;
4876
4877 /* Number of ports option. */
4878 uint32_t cPorts;
4879 rc = pHlp->pfnCFGMQueryU32Def(pCfg, "Ports", &cPorts, EHCI_NDP_DEFAULT);
4880 if (RT_FAILURE(rc))
4881 return PDMDEV_SET_ERROR(pDevIns, rc, N_("EHCI configuration error: failed to read Ports as integer"));
4882
4883 if (cPorts == 0 || cPorts > EHCI_NDP_MAX)
4884 return PDMDevHlpVMSetError(pDevIns, VERR_INVALID_PARAMETER, RT_SRC_POS,
4885 N_("EHCI configuration error: Ports must be in range [%u,%u]"),
4886 1, EHCI_NDP_MAX);
4887
4888 /*
4889 * Init instance data.
4890 */
4891 pThisCC->pDevIns = pDevIns;
4892
4893 /* Intel 82801FB/FBM USB2 controller */
4894 PPDMPCIDEV pPciDev = pDevIns->apPciDevs[0];
4895 PDMPCIDEV_ASSERT_VALID(pDevIns, pPciDev);
4896
4897 PDMPciDevSetVendorId(pPciDev, 0x8086);
4898 PDMPciDevSetDeviceId(pPciDev, 0x265C);
4899 PDMPciDevSetClassProg(pPciDev, 0x20); /* EHCI */
4900 PDMPciDevSetClassSub(pPciDev, 0x03);
4901 PDMPciDevSetClassBase(pPciDev, 0x0c);
4902 PDMPciDevSetInterruptPin(pPciDev, 0x01);
4903#ifdef VBOX_WITH_MSI_DEVICES
4904 PDMPciDevSetStatus(pPciDev, VBOX_PCI_STATUS_CAP_LIST);
4905 PDMPciDevSetCapabilityList(pPciDev, 0x80);
4906#endif
4907 PDMPciDevSetByte(pPciDev, 0x60, 0x20); /* serial bus release number register; 0x20 = USB 2.0 */
4908 /** @todo USBLEGSUP & USBLEGCTLSTS? Legacy interface for the BIOS (0xEECP+0 & 0xEECP+4) */
4909
4910 pThisCC->RootHub.IBase.pfnQueryInterface = ehciR3RhQueryInterface;
4911 pThisCC->RootHub.IRhPort.pfnGetAvailablePorts = ehciR3RhGetAvailablePorts;
4912 pThisCC->RootHub.IRhPort.pfnGetUSBVersions = ehciR3RhGetUSBVersions;
4913 pThisCC->RootHub.IRhPort.pfnAttach = ehciR3RhAttach;
4914 pThisCC->RootHub.IRhPort.pfnDetach = ehciR3RhDetach;
4915 pThisCC->RootHub.IRhPort.pfnReset = ehciR3RhReset;
4916 pThisCC->RootHub.IRhPort.pfnXferCompletion = ehciR3RhXferCompletion;
4917 pThisCC->RootHub.IRhPort.pfnXferError = ehciR3RhXferError;
4918
4919 /* USB LED */
4920 pThisCC->RootHub.Led.u32Magic = PDMLED_MAGIC;
4921 pThisCC->RootHub.ILeds.pfnQueryStatusLed = ehciR3RhQueryStatusLed;
4922
4923 /*
4924 * Register PCI device and I/O region.
4925 */
4926 rc = PDMDevHlpPCIRegister(pDevIns, pPciDev);
4927 if (RT_FAILURE(rc))
4928 return rc;
4929
4930#ifdef VBOX_WITH_MSI_DEVICES
4931 PDMMSIREG MsiReg;
4932 RT_ZERO(MsiReg);
4933 MsiReg.cMsiVectors = 1;
4934 MsiReg.iMsiCapOffset = 0x80;
4935 MsiReg.iMsiNextOffset = 0x00;
4936 rc = PDMDevHlpPCIRegisterMsi(pDevIns, &MsiReg);
4937 if (RT_FAILURE(rc))
4938 {
4939 PDMPciDevSetCapabilityList(pPciDev, 0x0);
4940 /* That's OK, we can work without MSI */
4941 }
4942#endif
4943
4944 rc = PDMDevHlpPCIIORegionCreateMmio(pDevIns, 0 /*iPciRegion*/, 4096 /*cbRegion*/, PCI_ADDRESS_SPACE_MEM,
4945 ehciMmioWrite, ehciMmioRead, NULL /*pvUser*/,
4946 IOMMMIO_FLAGS_READ_DWORD | IOMMMIO_FLAGS_WRITE_DWORD_ZEROED
4947 | IOMMMIO_FLAGS_DBGSTOP_ON_COMPLICATED_WRITE,
4948 "USB EHCI", &pThis->hMmio);
4949 AssertRCReturn(rc, rc);
4950
4951 /* Initialize capability registers */
4952 pThis->cap_length = EHCI_CAPS_REG_SIZE;
4953 pThis->hci_version = 0x100;
4954 /* 31:24 Reserved
4955 * 23:20 Debug Port Number
4956 * 19:17 Reserved
4957 * 16 Port indicators (P_INDICATOR) enabled/disabled
4958 * 15:12 Number of companion controllers (N_CC)
4959 * 11:8 Number of ports per companion controller (N_PCC)
4960 * 7 Port routing controls enabled/disabled
4961 * 6:5 Reserved
4962 * 4 Port power control enabled/disabled -> disabled to simplify matters!
4963 * 3:0 N_PORTS; number of ports
4964 */
4965 /* Currently only number of ports specified */
4966 pThis->hcs_params = cPorts;
4967
4968 /* 31:16 Reserved
4969 * 15:8 EHCI extended capabilities pointer (EECP) (0x40 or greater)
4970 * 7:4 Isochronous scheduling threshold
4971 * 3 Reserved
4972 * 2 Asynchronous schedule park capability (allow several TDs to be handled per async queue head)
4973 * 1 Programmable frame list flag (0=1024 frames fixed)
4974 * 0 64 bits addressability
4975 */
4976 pThis->hcc_params = EHCI_HCC_PARAMS_ISOCHRONOUS_CACHING | EHCI_HCC_PARAMS_ASYNC_SCHEDULE_PARKING;
4977
4978 /*
4979 * Register the saved state data unit.
4980 */
4981 rc = PDMDevHlpSSMRegisterEx(pDevIns, EHCI_SAVED_STATE_VERSION, sizeof(*pThis), NULL,
4982 NULL, NULL, NULL,
4983 NULL, ehciR3SaveExec, NULL,
4984 NULL, ehciLoadExec, NULL);
4985 if (RT_FAILURE(rc))
4986 return rc;
4987
4988 /*
4989 * Attach to the VBox USB RootHub Driver on LUN #0.
4990 */
4991 rc = PDMDevHlpDriverAttach(pDevIns, 0, &pThisCC->RootHub.IBase, &pThisCC->RootHub.pIBase, "RootHub");
4992 if (RT_FAILURE(rc))
4993 {
4994 AssertMsgFailed(("Configuration error: No roothub driver attached to LUN #0!\n"));
4995 return rc;
4996 }
4997 pThisCC->RootHub.pIRhConn = PDMIBASE_QUERY_INTERFACE(pThisCC->RootHub.pIBase, VUSBIROOTHUBCONNECTOR);
4998 AssertMsgReturn(pThisCC->RootHub.pIRhConn,
4999 ("Configuration error: The driver doesn't provide the VUSBIROOTHUBCONNECTOR interface!\n"),
5000 VERR_PDM_MISSING_INTERFACE);
5001
5002 /*
5003 * Attach status driver (optional).
5004 */
5005 PPDMIBASE pBase;
5006 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThisCC->RootHub.IBase, &pBase, "Status Port");
5007 if (RT_SUCCESS(rc))
5008 pThisCC->RootHub.pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
5009 else
5010 AssertLogRelMsgReturn(rc == VERR_PDM_NO_ATTACHED_DRIVER, ("Failed to attach to status driver. rc=%Rrc\n", rc), rc);
5011
5012 /* Set URB parameters. */
5013 rc = VUSBIRhSetUrbParams(pThisCC->RootHub.pIRhConn, sizeof(VUSBURBHCIINT), sizeof(VUSBURBHCITDINT));
5014 if (RT_FAILURE(rc))
5015 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS, N_("EHCI: Failed to set URB parameters"));
5016
5017 /*
5018 * Calculate the timer intervals.
5019 * This ASSUMES that the VM timer doesn't change frequency during the run.
5020 */
5021 pThisCC->u64TimerHz = PDMDevHlpTMTimeVirtGetFreq(pDevIns);
5022 ehciR3CalcTimerIntervals(pThis, pThisCC, pThisCC->uFrameRateDefault);
5023 LogFunc(("cTicksPerFrame=%RU64 cTicksPerUsbTick=%RU64\n", pThisCC->cTicksPerFrame, pThisCC->cTicksPerUsbTick));
5024
5025 pThis->fBusStarted = false;
5026
5027 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->CsIrq, RT_SRC_POS, "EHCI#%uIrq", iInstance);
5028 if (RT_FAILURE(rc))
5029 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
5030 N_("EHCI: Failed to create critical section"));
5031
5032 rc = RTSemEventMultiCreate(&pThisCC->hSemEventFrame);
5033 AssertRCReturn(rc, rc);
5034
5035 rc = RTSemEventMultiCreate(&pThisCC->hSemEventFrameStopped);
5036 AssertRCReturn(rc, rc);
5037
5038 rc = RTCritSectInit(&pThisCC->CritSect);
5039 if (RT_FAILURE(rc))
5040 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS, N_("EHCI: Failed to create critical section"));
5041
5042 rc = PDMDevHlpThreadCreate(pDevIns, &pThisCC->hThreadFrame, pThisCC, ehciR3ThreadFrame,
5043 ehciR3ThreadFrameWakeup, 0, RTTHREADTYPE_IO, "EhciFramer");
5044 if (RT_FAILURE(rc))
5045 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS, N_("EHCI: Failed to create worker thread"));
5046
5047 /*
5048 * Do a hardware reset.
5049 */
5050 ehciR3DoReset(pDevIns, pThis, pThisCC, EHCI_USB_RESET, false /* don't reset devices */);
5051
5052#ifdef VBOX_WITH_STATISTICS
5053 /*
5054 * Register statistics.
5055 */
5056 PDMDevHlpSTAMRegister(pDevIns, &pThisCC->StatCanceledIsocUrbs, STAMTYPE_COUNTER, "CanceledIsocUrbs", STAMUNIT_OCCURENCES, "Detected canceled isochronous URBs.");
5057 PDMDevHlpSTAMRegister(pDevIns, &pThisCC->StatCanceledGenUrbs, STAMTYPE_COUNTER, "CanceledGenUrbs", STAMUNIT_OCCURENCES, "Detected canceled general URBs.");
5058 PDMDevHlpSTAMRegister(pDevIns, &pThisCC->StatDroppedUrbs, STAMTYPE_COUNTER, "DroppedUrbs", STAMUNIT_OCCURENCES, "Dropped URBs (endpoint halted, or URB canceled).");
5059#endif
5060
5061 /*
5062 * Register debugger info callbacks.
5063 */
5064 PDMDevHlpDBGFInfoRegister(pDevIns, "ehci", "EHCI control registers.", ehciR3InfoRegs);
5065
5066#ifdef DEBUG_sandervl
5067// g_fLogInterruptEPs = true;
5068 g_fLogControlEPs = true;
5069#endif
5070
5071 return VINF_SUCCESS;
5072}
5073
5074#else /* !IN_RING3 */
5075
5076/**
5077 * @callback_method_impl{PDMDEVREGR0,pfnConstruct}
5078 */
5079static DECLCALLBACK(int) ehciRZConstruct(PPDMDEVINS pDevIns)
5080{
5081 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
5082 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
5083
5084 int rc = PDMDevHlpMmioSetUpContext(pDevIns, pThis->hMmio, ehciMmioWrite, ehciMmioRead, NULL /*pvUser*/);
5085 AssertRCReturn(rc, rc);
5086
5087 return VINF_SUCCESS;
5088}
5089
5090#endif /* !IN_RING3 */
5091
5092const PDMDEVREG g_DeviceEHCI =
5093{
5094 /* .u32version = */ PDM_DEVREG_VERSION,
5095 /* .uReserved0 = */ 0,
5096 /* .szName = */ "usb-ehci",
5097 /* .fFlags = */ PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RZ | PDM_DEVREG_FLAGS_NEW_STYLE,
5098 /* .fClass = */ PDM_DEVREG_CLASS_BUS_USB,
5099 /* .cMaxInstances = */ ~0U,
5100 /* .uSharedVersion = */ 42,
5101 /* .cbInstanceShared = */ sizeof(EHCI),
5102 /* .cbInstanceCC = */ sizeof(EHCICC),
5103 /* .cbInstanceRC = */ sizeof(EHCIRC),
5104 /* .cMaxPciDevices = */ 1,
5105 /* .cMaxMsixVectors = */ 0,
5106 /* .pszDescription = */ "EHCI USB controller.\n",
5107#if defined(IN_RING3)
5108# ifdef VBOX_IN_EXTPACK
5109 /* .pszRCMod = */ "VBoxEhciRC.rc",
5110 /* .pszR0Mod = */ "VBoxEhciR0.r0",
5111# else
5112 /* .pszRCMod = */ "VBoxDDRC.rc",
5113 /* .pszR0Mod = */ "VBoxDDR0.r0",
5114# endif
5115 /* .pfnConstruct = */ ehciR3Construct,
5116 /* .pfnDestruct = */ ehciR3Destruct,
5117 /* .pfnRelocate = */ NULL,
5118 /* .pfnMemSetup = */ NULL,
5119 /* .pfnPowerOn = */ NULL,
5120 /* .pfnReset = */ ehciR3Reset,
5121 /* .pfnSuspend = */ NULL,
5122 /* .pfnResume = */ ehciR3Resume,
5123 /* .pfnAttach = */ NULL,
5124 /* .pfnDetach = */ NULL,
5125 /* .pfnQueryInterface = */ NULL,
5126 /* .pfnInitComplete = */ NULL,
5127 /* .pfnPowerOff = */ NULL,
5128 /* .pfnSoftReset = */ NULL,
5129 /* .pfnReserved0 = */ NULL,
5130 /* .pfnReserved1 = */ NULL,
5131 /* .pfnReserved2 = */ NULL,
5132 /* .pfnReserved3 = */ NULL,
5133 /* .pfnReserved4 = */ NULL,
5134 /* .pfnReserved5 = */ NULL,
5135 /* .pfnReserved6 = */ NULL,
5136 /* .pfnReserved7 = */ NULL,
5137#elif defined(IN_RING0)
5138 /* .pfnEarlyConstruct = */ NULL,
5139 /* .pfnConstruct = */ ehciRZConstruct,
5140 /* .pfnDestruct = */ NULL,
5141 /* .pfnFinalDestruct = */ NULL,
5142 /* .pfnRequest = */ NULL,
5143 /* .pfnReserved0 = */ NULL,
5144 /* .pfnReserved1 = */ NULL,
5145 /* .pfnReserved2 = */ NULL,
5146 /* .pfnReserved3 = */ NULL,
5147 /* .pfnReserved4 = */ NULL,
5148 /* .pfnReserved5 = */ NULL,
5149 /* .pfnReserved6 = */ NULL,
5150 /* .pfnReserved7 = */ NULL,
5151#elif defined(IN_RC)
5152 /* .pfnConstruct = */ ehciRZConstruct,
5153 /* .pfnReserved0 = */ NULL,
5154 /* .pfnReserved1 = */ NULL,
5155 /* .pfnReserved2 = */ NULL,
5156 /* .pfnReserved3 = */ NULL,
5157 /* .pfnReserved4 = */ NULL,
5158 /* .pfnReserved5 = */ NULL,
5159 /* .pfnReserved6 = */ NULL,
5160 /* .pfnReserved7 = */ NULL,
5161#else
5162# error "Not in IN_RING3, IN_RING0 or IN_RC!"
5163#endif
5164 /* .u32VersionEnd = */ PDM_DEVREG_VERSION
5165};
5166
5167#ifdef VBOX_IN_EXTPACK
5168extern "C" const PDMDEVREG g_DeviceXHCI;
5169
5170# ifdef VBOX_IN_EXTPACK_R3
5171
5172/**
5173 * @callback_method_impl{FNPDMVBOXDEVICESREGISTER}
5174 */
5175extern "C" DECLEXPORT(int) VBoxDevicesRegister(PPDMDEVREGCB pCallbacks, uint32_t u32Version)
5176{
5177 AssertLogRelMsgReturn(u32Version >= VBOX_VERSION,
5178 ("u32Version=%#x VBOX_VERSION=%#x\n", u32Version, VBOX_VERSION),
5179 VERR_EXTPACK_VBOX_VERSION_MISMATCH);
5180 AssertLogRelMsgReturn(pCallbacks->u32Version == PDM_DEVREG_CB_VERSION,
5181 ("pCallbacks->u32Version=%#x PDM_DEVREG_CB_VERSION=%#x\n", pCallbacks->u32Version, PDM_DEVREG_CB_VERSION),
5182 VERR_VERSION_MISMATCH);
5183
5184 int rc = pCallbacks->pfnRegister(pCallbacks, &g_DeviceEHCI);
5185
5186 /* EHCI and xHCI devices live in the same module. */
5187 extern const PDMDEVREG g_DeviceXHCI;
5188 if (RT_SUCCESS(rc))
5189 rc = pCallbacks->pfnRegister(pCallbacks, &g_DeviceXHCI);
5190
5191 return rc;
5192}
5193
5194# else
5195
5196/** Pointer to the ring-0 device registrations for VBoxEhciR0/RC. */
5197static PCPDMDEVREGR0 g_apDevRegs[] =
5198{
5199 &g_DeviceEHCI,
5200 &g_DeviceXHCI,
5201};
5202
5203/** Module device registration record for VBoxEhciR0/RC. */
5204static PDMDEVMODREGR0 g_ModDevReg =
5205{
5206 /* .u32Version = */ PDM_DEVMODREGR0_VERSION,
5207 /* .cDevRegs = */ RT_ELEMENTS(g_apDevRegs),
5208 /* .papDevRegs = */ &g_apDevRegs[0],
5209 /* .hMod = */ NULL,
5210 /* .ListEntry = */ { NULL, NULL },
5211};
5212
5213
5214DECLEXPORT(int) ModuleInit(void *hMod)
5215{
5216 LogFlow(("VBoxEhciRZ/ModuleInit: %p\n", hMod));
5217 return PDMR0DeviceRegisterModule(hMod, &g_ModDevReg);
5218}
5219
5220
5221DECLEXPORT(void) ModuleTerm(void *hMod)
5222{
5223 LogFlow(("VBoxEhciRZ/ModuleTerm: %p\n", hMod));
5224 PDMR0DeviceDeregisterModule(hMod, &g_ModDevReg);
5225}
5226
5227# endif
5228#endif /* VBOX_IN_EXTPACK */
5229
5230#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
5231
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette