VirtualBox

source: vbox/trunk/src/VBox/Devices/USB/DevEHCI.cpp@ 98193

Last change on this file since 98193 was 98103, checked in by vboxsync, 2 years ago

Copyright year updates by scm.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 187.1 KB
Line 
1/* $Id: DevEHCI.cpp 98103 2023-01-17 14:15:46Z vboxsync $ */
2/** @file
3 * DevEHCI - Enhanced Host Controller Interface for USB.
4 */
5
6/*
7 * Copyright (C) 2006-2023 Oracle and/or its affiliates.
8 *
9 * This file is part of VirtualBox base platform packages, as
10 * available from https://www.virtualbox.org.
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation, in version 3 of the
15 * License.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <https://www.gnu.org/licenses>.
24 *
25 * SPDX-License-Identifier: GPL-3.0-only
26 */
27
28/** @page pg_dev_ehci EHCI - Enhanced Host Controller Interface Emulation.
29 *
30 * This component implements an EHCI USB controller. It is split roughly
31 * into two main parts, the first part implements the register level
32 * specification of USB EHCI and the second part maintains the root hub (which
33 * is an integrated component of the device).
34 *
35 * The EHCI registers are used for the usual stuff like enabling and disabling
36 * interrupts. Since the USB time is divided in to 1ms frames and various
37 * interrupts may need to be triggered at frame boundary time, a timer-based
38 * approach was taken.
39 *
40 * Note that all processing is currently done on a frame boundary and
41 * no attempt is made to emulate events with micro-frame granularity.
42 *
43 * The actual USB transfers are stored in main memory (along with endpoint and
44 * transfer descriptors). The ED's for all the control and bulk endpoints are
45 * found by consulting the HcAsyncListAddr register (ASYNCLISTADDR).
46 * Interrupt and isochronous ED's are found by looking at the HcPeriodicListBase
47 * (PERIODICLISTBASE) register.
48 *
49 * At the start of every frame (in function ehciR3StartOfFrame) we traverse all
50 * enabled ED lists and queue up as many transfers as possible. No attention
51 * is paid to control/bulk service ratios or bandwidth requirements since our
52 * USB could conceivably contain a dozen high speed busses and this would
53 * artificially limit the performance.
54 *
55 * Once we have a transfer ready to go (in the appropriate ehciServiceXxx function)
56 * we allocate an URB on the stack, fill in all the relevant fields and submit
57 * it using the VUSBIRhSubmitUrb function. The roothub device and the virtual
58 * USB core code coordinates everything else from this point onwards.
59 *
60 * When the URB has been successfully handed to the lower level driver, our
61 * prepare callback gets called and we can remove the TD from the ED transfer
62 * list. This stops us queueing it twice while it completes.
63 * bird: no, we don't remove it because that confuses the guest! (=> crashes)
64 *
65 * Completed URBs are reaped at the end of every frame (in function
66 * ehciR3FrameBoundaryTimer). Our completion routine makes use of the ED and TD
67 * fields in the URB to store the physical addresses of the descriptors so
68 * that they may be modified in the roothub callbacks. Our completion
69 * routine (ehciRhXferCompleteXxx) carries out a number of tasks:
70 * -# Retires the TD associated with the transfer, setting the
71 * relevant error code etc.
72 * -# Updates done-queue interrupt timer and potentially causes
73 * a writeback of the done-queue.
74 * -# If the transfer was device-to-host, we copy the data into
75 * the host memory.
76 *
77 * As for error handling EHCI allows for 3 retries before failing a transfer,
78 * an error count is stored in each transfer descriptor. A halt flag is also
79 * stored in the transfer descriptor. That allows for ED's to be disabled
80 * without stopping the bus and de-queuing them.
81 *
82 * When the bus is started and stopped, we call VUSBIDevPowerOn/Off() on our
83 * roothub to indicate it's powering up and powering down. Whenever we power
84 * down, the USB core makes sure to synchronously complete all outstanding
85 * requests so that the EHCI is never seen in an inconsistent state by the
86 * guest OS (Transfers are not meant to be unlinked until they've actually
87 * completed, but we can't do that unless we work synchronously, so we just
88 * have to fake it).
89 * bird: we do work synchronously now, anything causes guest crashes.
90 *
91 * The number of ports is configurable. The architectural maximum is 15, but
92 * some guests (e.g. OS/2) crash if they see more than 12 or so ports. Saved
93 * states always include the data for all 15 ports but HCSPARAMS determines
94 * the actual number visible to the guest.
95 */
96
97
98/*********************************************************************************************************************************
99* Header Files *
100*********************************************************************************************************************************/
101#define LOG_GROUP LOG_GROUP_DEV_EHCI
102#include <VBox/pci.h>
103#include <VBox/vmm/pdm.h>
104#include <VBox/vmm/mm.h>
105#include <VBox/err.h>
106#include <VBox/log.h>
107#include <iprt/assert.h>
108#include <iprt/string.h>
109#include <iprt/asm.h>
110#include <iprt/param.h>
111#include <iprt/thread.h>
112#include <iprt/semaphore.h>
113#include <iprt/critsect.h>
114#ifdef IN_RING3
115# include <iprt/thread.h>
116# include <iprt/mem.h>
117# include <iprt/uuid.h>
118#endif
119#include <VBox/vusb.h>
120#ifdef VBOX_IN_EXTPACK_R3
121# include <VBox/version.h>
122#elif defined(VBOX_IN_EXTPACK)
123# include <VBox/sup.h>
124#endif
125#ifndef VBOX_IN_EXTPACK
126# include "VBoxDD.h"
127#endif
128
129
130/** The saved state version. */
131#define EHCI_SAVED_STATE_VERSION 7
132/** The saved state version before the EOF timers were removed. */
133#define EHCI_SAVED_STATE_VERSION_PRE_TIMER_REMOVAL 6 /* Introduced in 5.2. */
134/** The saved state with support of 8 ports. */
135#define EHCI_SAVED_STATE_VERSION_8PORTS 5 /* Introduced in 3.1 or so. */
136
137/** Number of Downstream Ports on the root hub; 15 is the maximum
138 * the EHCI specification provides for. */
139#define EHCI_NDP_MAX 15
140
141/** The default Number of Downstream Ports reported to guests. */
142#define EHCI_NDP_DEFAULT 12
143
144/* Macro to query the number of currently configured ports. */
145#define EHCI_NDP_CFG(pehci) ((pehci)->hcs_params & EHCI_HCS_PARAMS_NDP_MASK)
146/** Macro to convert a EHCI port index (zero based) to a VUSB roothub port ID (one based). */
147#define EHCI_PORT_2_VUSB_PORT(a_uPort) ((a_uPort) + 1)
148
149/** Size of the capability part of the MMIO page. */
150#define EHCI_CAPS_REG_SIZE 0x20
151
152
153#ifndef VBOX_DEVICE_STRUCT_TESTCASE
154/**
155 * Host controller Transfer Descriptor data.
156 */
157typedef struct VUSBURBHCITDINT
158{
159 /** Type of TD. */
160 uint32_t TdType;
161 /** The address of the TD. */
162 RTGCPHYS TdAddr;
163 /** A copy of the TD. */
164 uint32_t TdCopy[16];
165} VUSBURBHCITDINT;
166
167/**
168 * The host controller data associated with each URB.
169 */
170typedef struct VUSBURBHCIINT
171{
172 /** The endpoint descriptor address. */
173 RTGCPHYS EdAddr;
174 /** Number of Tds in the array. */
175 uint32_t cTds;
176 /** When this URB was created.
177 * (Used for isochronous frames and for logging.) */
178 uint32_t u32FrameNo;
179 /** Flag indicating that the TDs have been unlinked. */
180 bool fUnlinked;
181} VUSBURBHCIINT;
182#endif
183
184/**
185 * An EHCI root hub port, shared.
186 */
187typedef struct EHCIHUBPORT
188{
189 /** The port register. */
190 uint32_t fReg;
191} EHCIHUBPORT;
192/** Pointer to a shared EHCI root hub port. */
193typedef EHCIHUBPORT *PEHCIHUBPORT;
194
195/**
196 * An EHCI root hub port, ring-3.
197 */
198typedef struct EHCIHUBPORTR3
199{
200 /** Flag whether there is a device attached to the port. */
201 bool fAttached;
202} EHCIHUBPORTR3;
203/** Pointer to a ring-3 EHCI root hub port. */
204typedef EHCIHUBPORTR3 *PEHCIHUBPORTR3;
205
206
207/**
208 * The EHCI root hub, shared.
209 */
210typedef struct EHCIROOTHUB
211{
212 /** Per-port state. */
213 EHCIHUBPORT aPorts[EHCI_NDP_MAX];
214 /** Unused, only needed for saved state compatibility. */
215 uint32_t unused;
216} EHCIROOTHUB;
217/** Pointer to the EHCI root hub. */
218typedef EHCIROOTHUB *PEHCIROOTHUB;
219
220
221/**
222 * The EHCI root hub, ring-3 edition.
223 *
224 * @implements PDMIBASE
225 * @implements VUSBIROOTHUBPORT
226 * @implements PDMILEDPORTS
227 */
228typedef struct EHCIROOTHUBR3
229{
230 /** Pointer to the base interface of the VUSB RootHub. */
231 R3PTRTYPE(PPDMIBASE) pIBase;
232 /** Pointer to the connector interface of the VUSB RootHub. */
233 R3PTRTYPE(PVUSBIROOTHUBCONNECTOR) pIRhConn;
234 /** The base interface exposed to the roothub driver. */
235 PDMIBASE IBase;
236 /** The roothub port interface exposed to the roothub driver. */
237 VUSBIROOTHUBPORT IRhPort;
238
239 /** The LED. */
240 PDMLED Led;
241 /** The LED ports. */
242 PDMILEDPORTS ILeds;
243 /** Partner of ILeds. */
244 R3PTRTYPE(PPDMILEDCONNECTORS) pLedsConnector;
245
246 EHCIHUBPORTR3 aPorts[EHCI_NDP_MAX];
247} EHCIROOTHUBR3;
248/** Pointer to the ring-3 EHCI root hub state. */
249typedef EHCIROOTHUBR3 *PEHCIROOTHUBR3;
250
251
252/**
253 * EHCI device data, shared.
254 */
255typedef struct EHCI
256{
257 /** Async scheduler sleeping; triggered by empty list detection */
258 bool fAsyncTraversalTimerActive;
259
260 bool afAlignment0[7];
261
262 /** Start of current frame. */
263 uint64_t SofTime;
264 /** Root hub device */
265 EHCIROOTHUB RootHub;
266
267 /** @name Host Controller Capability Registers (R/O)
268 * @{ */
269 /** CAPLENGTH: base + cap_length = operational register start */
270 uint32_t cap_length;
271 /** HCIVERSION: host controller interface version */
272 uint32_t hci_version;
273 /** HCSPARAMS: Structural parameters */
274 uint32_t hcs_params;
275 /** HCCPARAMS: Capability parameters */
276 uint32_t hcc_params;
277 /** @} */
278
279 /** @name Host Controller Operational Registers (R/W)
280 * @{ */
281 /** USB command register */
282 uint32_t cmd;
283 /** USB status register */
284 uint32_t intr_status;
285 /** USB interrupt enable register */
286 uint32_t intr;
287 /** Frame index register; actually it's micro-frame number */
288 uint32_t frame_idx;
289 /** Control Data Structure Segment Register */
290 uint32_t ds_segment;
291 /** Periodic Frame List Base Address Register */
292 uint32_t periodic_list_base;
293 /** Current Asynchronous List Address Register */
294 uint32_t async_list_base;
295 /** Configure Flag Register */
296 uint32_t config;
297 /** @} */
298
299 /** @name Control partition (registers)
300 * @{ */
301 /** Interrupt interval; see interrupt threshold in the command register */
302 uint32_t uIrqInterval;
303 /** @} */
304
305 /** @name Frame counter partition (registers)
306 * @{ */
307 /** HcFmNumber.
308 * @remark The register size is 16-bit, but for debugging and performance
309 * reasons we maintain a 32-bit counter. */
310 uint32_t HcFmNumber;
311 /** Number of micro-frames per timer call */
312 uint32_t uFramesPerTimerCall;
313 /** @} */
314
315 /** Flag whether the framer thread should processing frames. */
316 volatile bool fBusStarted;
317
318 bool afAlignment1[3]; /**< Align CsIrq correctly. */
319
320 /* The following members are not part of saved state. */
321
322 /** Critical section synchronising interrupt handling. */
323 PDMCRITSECT CsIrq;
324
325 /** The MMIO region. */
326 IOMMMIOHANDLE hMmio;
327} EHCI;
328AssertCompileMemberAlignment(EHCI, CsIrq, 8);
329/** Pointer to shared EHCI device data. */
330typedef struct EHCI *PEHCI;
331
332
333/**
334 * EHCI device data, ring-3 edition.
335 */
336typedef struct EHCIR3
337{
338 /** Root hub device. */
339 EHCIROOTHUBR3 RootHub;
340
341 /** The number of virtual time ticks per frame. */
342 uint64_t cTicksPerFrame;
343 /** The number of virtual time ticks per USB bus tick. */
344 uint64_t cTicksPerUsbTick;
345
346 /** Pointer to the device instance. */
347 PPDMDEVINSR3 pDevIns;
348
349 /** Number of in-flight TDs. */
350 unsigned cInFlight;
351 unsigned Alignment2; /**< Align aInFlight on a 8 byte boundary. */
352 /** Array of in-flight TDs. */
353 struct ehci_td_in_flight
354 {
355 /** Address of the transport descriptor. */
356 RTGCPHYS GCPhysTD;
357 /** Pointer to the URB. */
358 R3PTRTYPE(PVUSBURB) pUrb;
359 } aInFlight[257];
360
361 /** Detected canceled isochronous URBs. */
362 STAMCOUNTER StatCanceledIsocUrbs;
363 /** Detected canceled general URBs. */
364 STAMCOUNTER StatCanceledGenUrbs;
365 /** Dropped URBs (endpoint halted, or URB canceled). */
366 STAMCOUNTER StatDroppedUrbs;
367
368 /* The following members are not part of saved state. */
369
370 /** VM timer frequency used for frame timer calculations. */
371 uint64_t u64TimerHz;
372 /** Number of USB work cycles with no transfers. */
373 uint32_t cIdleCycles;
374 /** Current frame timer rate (default 1000). */
375 uint32_t uFrameRate;
376 /** Idle detection flag; must be cleared at start of frame */
377 bool fIdle;
378 bool afAlignment4[3];
379
380 /** Default frequency of the frame timer. */
381 uint32_t uFrameRateDefault;
382 /** How long to wait until the next frame. */
383 uint64_t nsWait;
384 /** The framer thread. */
385 R3PTRTYPE(PPDMTHREAD) hThreadFrame;
386 /** Event semaphore to interact with the framer thread. */
387 R3PTRTYPE(RTSEMEVENTMULTI) hSemEventFrame;
388 /** Event semaphore to release the thread waiting for the framer thread to stop. */
389 R3PTRTYPE(RTSEMEVENTMULTI) hSemEventFrameStopped;
390 /** Critical section to synchronize the framer and URB completion handler. */
391 RTCRITSECT CritSect;
392} EHCIR3;
393/** Pointer to ring-3 EHCI device data. */
394typedef struct EHCIR3 *PEHCIR3;
395
396
397/**
398 * EHCI device data, ring-0 edition.
399 */
400typedef struct EHCIR0
401{
402 uint32_t uUnused;
403} EHCIR0;
404/** Pointer to ring-0 EHCI device data. */
405typedef struct EHCIR0 *PEHCIR0;
406
407
408/**
409 * EHCI device data, raw-mode edition.
410 */
411typedef struct EHCIRC
412{
413 uint32_t uUnused;
414} EHCIRC;
415/** Pointer to raw-mode EHCI device data. */
416typedef struct EHCIRC *PEHCIRC;
417
418
419/** @typedef EHCICC
420 * The EHCI device data for the current context. */
421typedef CTX_SUFF(EHCI) EHCICC;
422/** @typedef PEHCICC
423 * Pointer to the EHCI device for the current context. */
424typedef CTX_SUFF(PEHCI) PEHCICC;
425
426
427/** @@name EHCI Transfer Descriptor Types
428 * @{ */
429/** Isochronous Transfer Descriptor */
430#define EHCI_DESCRIPTOR_ITD 0
431/** Queue Head */
432#define EHCI_DESCRIPTOR_QH 1
433/** Split Transaction Isochronous Transfer Descriptor */
434#define EHCI_DESCRIPTOR_SITD 2
435/** Frame Span Traversal Node */
436#define EHCI_DESCRIPTOR_FSTN 3
437/** @} */
438
439/** @@name EHCI Transfer service type
440 * @{ */
441typedef enum
442{
443 EHCI_SERVICE_PERIODIC = 0,
444 EHCI_SERVICE_ASYNC = 1
445} EHCI_SERVICE_TYPE;
446/** @} */
447
448/** @@name EHCI Frame List Element Pointer
449 * @{ */
450#define EHCI_FRAME_LIST_NEXTPTR_SHIFT 5
451
452typedef struct
453{
454 uint32_t Terminate : 1;
455 uint32_t Type : 2;
456 uint32_t Reserved : 2;
457 uint32_t FrameAddr : 27;
458} EHCI_FRAME_LIST_PTR;
459AssertCompileSize(EHCI_FRAME_LIST_PTR, 4);
460/** @} */
461
462/** @@name EHCI Isochronous Transfer Descriptor (iTD)
463 * @{ */
464#define EHCI_TD_PTR_SHIFT 5
465
466typedef struct
467{
468 uint32_t Terminate : 1;
469 uint32_t Type : 2;
470 uint32_t Reserved : 2;
471 uint32_t Pointer : 27;
472} EHCI_TD_PTR;
473AssertCompileSize(EHCI_TD_PTR, 4);
474
475typedef struct
476{
477 uint32_t Offset : 12;
478 uint32_t PG : 3;
479 uint32_t IOC : 1;
480 uint32_t Length : 12;
481 uint32_t TransactError : 1;
482 uint32_t Babble : 1;
483 uint32_t DataBufError : 1;
484 uint32_t Active : 1;
485} EHCI_ITD_TRANSACTION;
486AssertCompileSize(EHCI_ITD_TRANSACTION, 4);
487
488typedef struct
489{
490 uint32_t DeviceAddress : 7;
491 uint32_t Reserved1 : 1;
492 uint32_t EndPt : 4;
493 uint32_t Ignore1 : 20;
494 uint32_t MaxPacket : 11;
495 uint32_t DirectionIn : 1;
496 uint32_t Ignore2 : 20;
497 uint32_t Multi : 2;
498 uint32_t Reserved10 : 10;
499 uint32_t Ignore3 : 20;
500} EHCI_ITD_MISC;
501AssertCompileSize(EHCI_ITD_MISC, 12);
502
503#define EHCI_BUFFER_PTR_SHIFT 12
504
505typedef struct
506{
507 uint32_t Reserved : 12;
508 uint32_t Pointer : 20; /* 4k aligned */
509} EHCI_BUFFER_PTR;
510AssertCompileSize(EHCI_BUFFER_PTR, 4);
511
512#define EHCI_NUM_ITD_TRANSACTIONS 8
513#define EHCI_NUM_ITD_PAGES 7
514
515typedef struct
516{
517 EHCI_TD_PTR Next;
518 EHCI_ITD_TRANSACTION Transaction[EHCI_NUM_ITD_TRANSACTIONS];
519 union
520 {
521 EHCI_ITD_MISC Misc;
522 EHCI_BUFFER_PTR Buffer[EHCI_NUM_ITD_PAGES];
523 } Buffer;
524} EHCI_ITD, *PEHCI_ITD;
525typedef const EHCI_ITD *PEHCI_CITD;
526AssertCompileSize(EHCI_ITD, 0x40);
527/** @} */
528
529/* ITD with extra padding to add 8th 'Buffer' entry. The PG member of
530 * EHCI_ITD_TRANSACTION can contain values in the 0-7 range, but only values
531 * 0-6 are valid. The extra padding is added to avoid cluttering the code
532 * with range checks; ehciR3ReadItd() initializes the pad with a safe value.
533 * The EHCI 1.0 specification explicitly says using PG value of 7 yields
534 * undefined behavior.
535 */
536typedef struct
537{
538 EHCI_ITD itd;
539 EHCI_BUFFER_PTR pad;
540} EHCI_ITD_PAD, *PEHCI_ITD_PAD;
541AssertCompileSize(EHCI_ITD_PAD, 0x44);
542
543/** @name Split Transaction Isochronous Transfer Descriptor (siTD)
544 * @{ */
545typedef struct
546{
547 uint32_t DeviceAddress : 7;
548 uint32_t Reserved : 1;
549 uint32_t EndPt : 4;
550 uint32_t Reserved2 : 4;
551 uint32_t HubAddress : 7;
552 uint32_t Reserved3 : 1;
553 uint32_t Port : 7;
554 uint32_t DirectionIn : 1;
555} EHCI_SITD_ADDR;
556AssertCompileSize(EHCI_SITD_ADDR, 4);
557
558typedef struct
559{
560 uint32_t SMask : 8;
561 uint32_t CMask : 8;
562 uint32_t Reserved : 16;
563} EHCI_SITD_SCHEDCTRL;
564AssertCompileSize(EHCI_SITD_SCHEDCTRL, 4);
565
566typedef struct
567{
568 /* 8 Status flags */
569 uint32_t Reserved : 1;
570 uint32_t SplitXState : 1;
571 uint32_t MisseduFrame : 1;
572 uint32_t TransactError : 1;
573 uint32_t Babble : 1;
574 uint32_t DataBufError : 1;
575 uint32_t Error : 1;
576 uint32_t Active : 1;
577 uint32_t CPMask : 8;
578 uint32_t Length : 10;
579 uint32_t Reserved4 : 4;
580 uint32_t PageSelect : 1;
581 uint32_t IOC : 1;
582} EHCI_SITD_TRANSFER;
583AssertCompileSize(EHCI_SITD_TRANSFER, 4);
584
585typedef struct
586{
587 uint32_t Offset : 12;
588 uint32_t Pointer : 20; /**< 4k aligned */
589} EHCI_SITD_BUFFER0;
590AssertCompileSize(EHCI_SITD_BUFFER0, 4);
591
592typedef struct
593{
594 uint32_t TCount : 3;
595 uint32_t TPosition : 2;
596 uint32_t Reserved : 7;
597 uint32_t Pointer : 20; /**< 4k aligned */
598} EHCI_SITD_BUFFER1;
599AssertCompileSize(EHCI_SITD_BUFFER1, 4);
600
601typedef struct
602{
603 uint32_t Terminate : 1;
604 uint32_t Reserved : 4;
605 uint32_t Pointer : 27;
606} EHCI_SITD_BACKPTR;
607AssertCompileSize(EHCI_SITD_BACKPTR, 4);
608
609typedef struct
610{
611 EHCI_TD_PTR NextSITD;
612 EHCI_SITD_ADDR Address;
613 EHCI_SITD_SCHEDCTRL ScheduleCtrl;
614 EHCI_SITD_TRANSFER Transfer;
615 EHCI_SITD_BUFFER0 Buffer0;
616 EHCI_SITD_BUFFER1 Buffer1;
617 EHCI_SITD_BACKPTR BackPtr;
618} EHCI_SITD, *PEHCI_SITD;
619typedef const EHCI_SITD *PEHCI_CSITD;
620AssertCompileSize(EHCI_SITD, 0x1C);
621/** @} */
622
623
624/** @name Queue Element Transfer Descriptor (qTD)
625 * @{ */
626typedef struct
627{
628 uint32_t Terminate : 1;
629 uint32_t Reserved : 4;
630 uint32_t Pointer : 27;
631} EHCI_QTD_NEXTPTR;
632AssertCompileSize(EHCI_QTD_NEXTPTR, 4);
633
634typedef struct
635{
636 uint32_t Terminate : 1;
637 uint32_t Reserved : 4;
638 uint32_t Pointer : 27;
639} EHCI_QTD_ALTNEXTPTR;
640AssertCompileSize(EHCI_QTD_ALTNEXTPTR, 4);
641
642#define EHCI_QTD_PID_OUT 0
643#define EHCI_QTD_PID_IN 1
644#define EHCI_QTD_PID_SETUP 2
645
646typedef struct
647{
648 /* 8 Status flags */
649 uint32_t PingState : 1;
650 uint32_t SplitXState : 1;
651 uint32_t MisseduFrame : 1;
652 uint32_t TransactError : 1;
653 uint32_t Babble : 1;
654 uint32_t DataBufError : 1;
655 uint32_t Halted : 1;
656 uint32_t Active : 1;
657 uint32_t PID : 2;
658 uint32_t ErrorCount : 2;
659 uint32_t CurrentPage : 3;
660 uint32_t IOC : 1;
661 uint32_t Length : 15;
662 uint32_t DataToggle : 1;
663} EHCI_QTD_TOKEN;
664AssertCompileSize(EHCI_QTD_TOKEN, 4);
665
666#define EHCI_QTD_HAS_ERROR(pQtdToken) (*((uint32_t *)pQtdToken) & 0x7F)
667
668typedef struct
669{
670 uint32_t Offset : 12;
671 uint32_t Reserved : 20;
672 uint32_t Ignore[4];
673} EHCI_QTD_OFFSET;
674AssertCompileSize(EHCI_QTD_OFFSET, 20);
675
676typedef struct
677{
678 EHCI_QTD_NEXTPTR Next;
679 EHCI_QTD_ALTNEXTPTR AltNext;
680 union
681 {
682 EHCI_QTD_TOKEN Bits;
683 uint32_t u32;
684 } Token;
685 union
686 {
687 EHCI_QTD_OFFSET Offset;
688 EHCI_BUFFER_PTR Buffer[5];
689 } Buffer;
690} EHCI_QTD, *PEHCI_QTD;
691typedef const EHCI_QTD *PEHCI_CQTD;
692AssertCompileSize(EHCI_QTD, 0x20);
693/** @} */
694
695
696/** @name Queue Head Descriptor (QHD)
697 * @{ */
698
699#define EHCI_QHD_EPT_SPEED_FULL 0 /**< 12 Mbps */
700#define EHCI_QHD_EPT_SPEED_LOW 1 /**< 1.5 Mbps */
701#define EHCI_QHD_EPT_SPEED_HIGH 2 /**< 480 Mbps */
702#define EHCI_QHD_EPT_SPEED_RESERVED 3
703
704typedef struct
705{
706 uint32_t DeviceAddress : 7;
707 uint32_t InActiveNext : 1;
708 uint32_t EndPt : 4;
709 uint32_t EndPtSpeed : 2;
710 uint32_t DataToggle : 1;
711 uint32_t HeadReclamation : 1;
712 uint32_t MaxLength : 11;
713 uint32_t ControlEPFlag : 1;
714 uint32_t NakCountReload : 4;
715} EHCI_QHD_EPCHARS;
716AssertCompileSize(EHCI_QHD_EPCHARS, 4);
717
718typedef struct
719{
720 uint32_t SMask : 8;
721 uint32_t CMask : 8;
722 uint32_t HubAddress : 7;
723 uint32_t Port : 7;
724 uint32_t Mult : 2;
725} EHCI_QHD_EPCAPS;
726AssertCompileSize(EHCI_QHD_EPCAPS, 4);
727
728typedef struct
729{
730 uint32_t Reserved : 5;
731 uint32_t Pointer : 27;
732} EHCI_QHD_CURRPTR;
733AssertCompileSize(EHCI_QHD_CURRPTR, 4);
734
735typedef struct
736{
737 uint32_t Terminate : 1;
738 uint32_t NakCnt : 4;
739 uint32_t Pointer : 27;
740} EHCI_QHD_ALTNEXT;
741AssertCompileSize(EHCI_QHD_ALTNEXT, 4);
742
743typedef struct
744{
745 uint32_t CProgMask : 8;
746 uint32_t Reserved : 4;
747 uint32_t Pointer : 20; /**< 4k aligned */
748} EHCI_QHD_BUFFER1;
749AssertCompileSize(EHCI_QHD_BUFFER1, 4);
750
751typedef struct
752{
753 uint32_t FrameTag : 5;
754 uint32_t SBytes : 7;
755 uint32_t Pointer : 20; /**< 4k aligned */
756} EHCI_QHD_BUFFER2;
757AssertCompileSize(EHCI_QHD_BUFFER2, 4);
758
759typedef struct
760{
761 EHCI_TD_PTR Next;
762 EHCI_QHD_EPCHARS Characteristics;
763 EHCI_QHD_EPCAPS Caps;
764 EHCI_QHD_CURRPTR CurrQTD;
765 union
766 {
767 EHCI_QTD OrgQTD;
768 struct
769 {
770 uint32_t Identical1[2];
771 EHCI_QHD_ALTNEXT AltNextQTD;
772 uint32_t Identical2;
773 EHCI_QHD_BUFFER1 Buffer1;
774 EHCI_QHD_BUFFER2 Buffer2;
775 uint32_t Identical3[2];
776 } Status;
777 } Overlay;
778} EHCI_QHD, *PEHCI_QHD;
779typedef const EHCI_QHD *PEHCI_CQHD;
780AssertCompileSize(EHCI_QHD, 0x30);
781/** @} */
782
783/** @name Periodic Frame Span Traversal Node (FSTN)
784 * @{ */
785
786typedef struct
787{
788 uint32_t Terminate : 1;
789 uint32_t Type : 2;
790 uint32_t Reserved : 2;
791 uint32_t Ptr : 27;
792} EHCI_FSTN_PTR;
793AssertCompileSize(EHCI_FSTN_PTR, 4);
794
795typedef struct
796{
797 EHCI_FSTN_PTR NormalPtr;
798 EHCI_FSTN_PTR BackPtr;
799} EHCI_FSTN, *PEHCI_FSTN;
800typedef const EHCI_FSTN *PEHCI_CFSTN;
801AssertCompileSize(EHCI_FSTN, 8);
802
803/** @} */
804
805
806/**
807 * EHCI register operator.
808 */
809typedef struct EHCIOPREG
810{
811 const char *pszName;
812 VBOXSTRICTRC (*pfnRead )(PPDMDEVINS pDevIns, PEHCI ehci, uint32_t iReg, uint32_t *pu32Value);
813 VBOXSTRICTRC (*pfnWrite)(PPDMDEVINS pDevIns, PEHCI ehci, uint32_t iReg, uint32_t u32Value);
814} EHCIOPREG;
815
816
817/* EHCI Local stuff */
818#define EHCI_HCS_PARAMS_PORT_ROUTING_RULES RT_BIT(7)
819#define EHCI_HCS_PARAMS_PORT_POWER_CONTROL RT_BIT(4)
820#define EHCI_HCS_PARAMS_NDP_MASK (RT_BIT(0) | RT_BIT(1) | RT_BIT(2) | RT_BIT(3))
821
822/* controller may cache an isochronous data structure for an entire frame */
823#define EHCI_HCC_PARAMS_ISOCHRONOUS_CACHING RT_BIT(7)
824#define EHCI_HCC_PARAMS_ASYNC_SCHEDULE_PARKING RT_BIT(2)
825#define EHCI_HCC_PARAMS_PROGRAMMABLE_FRAME_LIST RT_BIT(1)
826#define EHCI_HCC_PARAMS_64BITS_ADDRESSING RT_BIT(0)
827
828/** @name Interrupt Enable Register bits (USBINTR)
829 * @{ */
830#define EHCI_INTR_ENABLE_THRESHOLD RT_BIT(0)
831#define EHCI_INTR_ENABLE_ERROR RT_BIT(1)
832#define EHCI_INTR_ENABLE_PORT_CHANGE RT_BIT(2)
833#define EHCI_INTR_ENABLE_FRAME_LIST_ROLLOVER RT_BIT(3)
834#define EHCI_INTR_ENABLE_HOST_SYSTEM_ERROR RT_BIT(4)
835#define EHCI_INTR_ENABLE_ASYNC_ADVANCE RT_BIT(5)
836#define EHCI_INTR_ENABLE_MASK (EHCI_INTR_ENABLE_ASYNC_ADVANCE|EHCI_INTR_ENABLE_HOST_SYSTEM_ERROR|EHCI_INTR_ENABLE_FRAME_LIST_ROLLOVER|EHCI_INTR_ENABLE_PORT_CHANGE|EHCI_INTR_ENABLE_ERROR|EHCI_INTR_ENABLE_THRESHOLD)
837/** @} */
838
839/** @name Configure Flag Register (CONFIGFLAG)
840 * @{ */
841#define EHCI_CONFIGFLAG_ROUTING RT_BIT(0)
842#define EHCI_CONFIGFLAG_MASK EHCI_CONFIGFLAG_ROUTING
843/** @} */
844
845/** @name Status Register (USBSTS)
846 * @{ */
847#define EHCI_STATUS_ASYNC_SCHED RT_BIT(15) /* RO */
848#define EHCI_STATUS_PERIOD_SCHED RT_BIT(14) /* RO */
849#define EHCI_STATUS_RECLAMATION RT_BIT(13) /* RO */
850#define EHCI_STATUS_HCHALTED RT_BIT(12) /* RO */
851#define EHCI_STATUS_INT_ON_ASYNC_ADV RT_BIT(5)
852#define EHCI_STATUS_HOST_SYSTEM_ERROR RT_BIT(4)
853#define EHCI_STATUS_FRAME_LIST_ROLLOVER RT_BIT(3)
854#define EHCI_STATUS_PORT_CHANGE_DETECT RT_BIT(2)
855#define EHCI_STATUS_ERROR_INT RT_BIT(1)
856#define EHCI_STATUS_THRESHOLD_INT RT_BIT(0)
857#define EHCI_STATUS_INTERRUPT_MASK (EHCI_STATUS_THRESHOLD_INT|EHCI_STATUS_ERROR_INT|EHCI_STATUS_PORT_CHANGE_DETECT|EHCI_STATUS_FRAME_LIST_ROLLOVER|EHCI_STATUS_HOST_SYSTEM_ERROR|EHCI_STATUS_INT_ON_ASYNC_ADV)
858/** @} */
859
860#define EHCI_PERIODIC_LIST_MASK UINT32_C(0xFFFFF000) /**< 4kb aligned */
861#define EHCI_ASYNC_LIST_MASK UINT32_C(0xFFFFFFE0) /**< 32-byte aligned */
862
863
864/** @name Port Status and Control Register bits (PORTSC)
865 * @{ */
866#define EHCI_PORT_CURRENT_CONNECT RT_BIT(0) /**< RO */
867#define EHCI_PORT_CONNECT_CHANGE RT_BIT(1)
868#define EHCI_PORT_PORT_ENABLED RT_BIT(2)
869#define EHCI_PORT_PORT_CHANGE RT_BIT(3)
870#define EHCI_PORT_OVER_CURRENT_ACTIVE RT_BIT(4) /**< RO */
871#define EHCI_PORT_OVER_CURRENT_CHANGE RT_BIT(5)
872#define EHCI_PORT_FORCE_PORT_RESUME RT_BIT(6)
873#define EHCI_PORT_SUSPEND RT_BIT(7)
874#define EHCI_PORT_RESET RT_BIT(8)
875#define EHCI_PORT_LINE_STATUS_MASK (RT_BIT(10) | RT_BIT(11)) /**< RO */
876#define EHCI_PORT_LINE_STATUS_SHIFT 10
877#define EHCI_PORT_POWER RT_BIT(12)
878#define EHCI_PORT_OWNER RT_BIT(13)
879#define EHCI_PORT_INDICATOR (RT_BIT(14) | RT_BIT(15))
880#define EHCI_PORT_TEST_CONTROL_MASK (RT_BIT(16) | RT_BIT(17) | RT_BIT(18) | RT_BIT(19))
881#define EHCI_PORT_TEST_CONTROL_SHIFT 16
882#define EHCI_PORT_WAKE_ON_CONNECT_ENABLE RT_BIT(20)
883#define EHCI_PORT_WAKE_ON_DISCONNECT_ENABLE RT_BIT(21)
884#define EHCI_PORT_WAKE_OVER_CURRENT_ENABLE RT_BIT(22)
885#define EHCI_PORT_RESERVED (RT_BIT(9)|RT_BIT(23)|RT_BIT(24)|RT_BIT(25)|RT_BIT(26)|RT_BIT(27)|RT_BIT(28)|RT_BIT(29)|RT_BIT(30)|RT_BIT(31))
886
887#define EHCI_PORT_WAKE_MASK (EHCI_PORT_WAKE_ON_CONNECT_ENABLE|EHCI_PORT_WAKE_ON_DISCONNECT_ENABLE|EHCI_PORT_WAKE_OVER_CURRENT_ENABLE)
888#define EHCI_PORT_CHANGE_MASK (EHCI_PORT_CONNECT_CHANGE|EHCI_PORT_PORT_CHANGE|EHCI_PORT_OVER_CURRENT_CHANGE)
889/** @} */
890
891/** @name Command Register bits (USBCMD)
892 * @{ */
893#define EHCI_CMD_RUN RT_BIT(0)
894#define EHCI_CMD_RESET RT_BIT(1)
895#define EHCI_CMD_FRAME_LIST_SIZE_MASK (RT_BIT(2) | RT_BIT(3))
896#define EHCI_CMD_FRAME_LIST_SIZE_SHIFT 2
897#define EHCI_CMD_PERIODIC_SCHED_ENABLE RT_BIT(4)
898#define EHCI_CMD_ASYNC_SCHED_ENABLE RT_BIT(5)
899#define EHCI_CMD_INT_ON_ADVANCE_DOORBELL RT_BIT(6)
900#define EHCI_CMD_SOFT_RESET RT_BIT(7) /**< optional */
901#define EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_MASK (RT_BIT(8) | RT_BIT(9)) /**< optional */
902#define EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_SHIFT 8
903#define EHCI_CMD_RESERVED RT_BIT(10)
904#define EHCI_CMD_ASYNC_SCHED_PARK_ENABLE RT_BIT(11) /**< optional */
905#define EHCI_CMD_RESERVED2 (RT_BIT(12) | RT_BIT(13) | RT_BIT(14) | RT_BIT(15))
906#define EHCI_CMD_INTERRUPT_THRESHOLD_MASK (RT_BIT(16) | RT_BIT(17) | RT_BIT(18) | RT_BIT(19) | RT_BIT(20) | RT_BIT(21) | RT_BIT(22) | RT_BIT(23))
907#define EHCI_CMD_INTERRUPT_THRESHOLD_SHIFT 16
908#define EHCI_CMD_MASK (EHCI_CMD_INTERRUPT_THRESHOLD_MASK|EHCI_CMD_ASYNC_SCHED_PARK_ENABLE|EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_MASK|EHCI_CMD_SOFT_RESET|EHCI_CMD_INT_ON_ADVANCE_DOORBELL|EHCI_CMD_ASYNC_SCHED_ENABLE|EHCI_CMD_PERIODIC_SCHED_ENABLE|EHCI_CMD_FRAME_LIST_SIZE_MASK|EHCI_CMD_RESET|EHCI_CMD_RUN)
909
910#define EHCI_DEFAULT_PERIODIC_LIST_SIZE 1024
911#define EHCI_DEFAULT_PERIODIC_LIST_MASK 0x3ff
912
913#define EHCI_FRINDEX_UFRAME_COUNT_MASK 0x7
914#define EHCI_FRINDEX_FRAME_INDEX_MASK EHCI_DEFAULT_PERIODIC_LIST_MASK
915#define EHCI_FRINDEX_FRAME_INDEX_SHIFT 3
916
917/** @} */
918
919/* Local EHCI definitions */
920#define EHCI_USB_RESET 0x00
921#define EHCI_USB_RESUME 0x40
922#define EHCI_USB_OPERATIONAL 0x80
923#define EHCI_USB_SUSPEND 0xc0
924
925#define EHCI_HARDWARE_TIMER_FREQ 8000 /**< 8000 hz = every 125 usec */
926#define EHCI_DEFAULT_TIMER_FREQ 1000
927#define EHCI_UFRAMES_PER_FRAME 8
928
929#ifndef VBOX_DEVICE_STRUCT_TESTCASE
930
931
932/*********************************************************************************************************************************
933* Global Variables *
934*********************************************************************************************************************************/
935#if defined(VBOX_IN_EXTPACK_R0) && defined(RT_OS_SOLARIS)
936/* Dependency information for the native solaris loader. */
937extern "C" { char _depends_on[] = "vboxdrv VMMR0.r0"; }
938#endif
939
940#if defined(LOG_ENABLED) && defined(IN_RING3)
941static bool g_fLogControlEPs = false;
942static bool g_fLogInterruptEPs = false;
943#endif
944
945#ifdef IN_RING3
946/**
947 * SSM descriptor table for the EHCI structure.
948 */
949static SSMFIELD const g_aEhciFields[] =
950{
951 SSMFIELD_ENTRY( EHCI, fAsyncTraversalTimerActive),
952 SSMFIELD_ENTRY( EHCI, SofTime),
953 SSMFIELD_ENTRY( EHCI, RootHub.unused),
954 SSMFIELD_ENTRY( EHCI, RootHub.unused),
955 SSMFIELD_ENTRY( EHCI, RootHub.unused),
956 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[0].fReg),
957 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[1].fReg),
958 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[2].fReg),
959 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[3].fReg),
960 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[4].fReg),
961 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[5].fReg),
962 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[6].fReg),
963 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[7].fReg),
964 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[8].fReg),
965 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[9].fReg),
966 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[10].fReg),
967 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[11].fReg),
968 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[12].fReg),
969 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[13].fReg),
970 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[14].fReg),
971 SSMFIELD_ENTRY( EHCI, cap_length),
972 SSMFIELD_ENTRY( EHCI, hci_version),
973 SSMFIELD_ENTRY( EHCI, hcs_params),
974 SSMFIELD_ENTRY( EHCI, hcc_params),
975 SSMFIELD_ENTRY( EHCI, cmd),
976 SSMFIELD_ENTRY( EHCI, intr_status),
977 SSMFIELD_ENTRY( EHCI, intr),
978 SSMFIELD_ENTRY( EHCI, frame_idx),
979 SSMFIELD_ENTRY( EHCI, ds_segment),
980 SSMFIELD_ENTRY( EHCI, periodic_list_base),
981 SSMFIELD_ENTRY( EHCI, async_list_base),
982 SSMFIELD_ENTRY( EHCI, config),
983 SSMFIELD_ENTRY( EHCI, uIrqInterval),
984 SSMFIELD_ENTRY( EHCI, HcFmNumber),
985 SSMFIELD_ENTRY( EHCI, uFramesPerTimerCall),
986 SSMFIELD_ENTRY( EHCI, fBusStarted),
987 SSMFIELD_ENTRY_TERM()
988};
989#endif
990
991
992/*********************************************************************************************************************************
993* Internal Functions *
994*********************************************************************************************************************************/
995RT_C_DECLS_BEGIN
996#ifdef IN_RING3
997/* Update host controller state to reflect a device attach */
998static void ehciR3PortPower(PEHCI pThis, PEHCICC pThisCC, unsigned iPort, bool fPowerUp);
999
1000static void ehciR3QHUpdateOverlay(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC,
1001 PEHCI_QHD pQhd, RTGCPHYS GCPhysQHD, PEHCI_QTD pQtd);
1002static void ehciR3CalcTimerIntervals(PEHCI pThis, PEHCICC pThisCC, uint32_t u32FrameRate);
1003#endif /* IN_RING3 */
1004RT_C_DECLS_END
1005
1006/**
1007 * Update PCI IRQ levels
1008 */
1009static void ehciUpdateInterruptLocked(PPDMDEVINS pDevIns, PEHCI pThis, const char *msg)
1010{
1011 int level = 0;
1012
1013 if (pThis->intr_status & pThis->intr)
1014 level = 1;
1015
1016 PDMDevHlpPCISetIrq(pDevIns, 0, level);
1017 if (level)
1018 {
1019 uint32_t val = pThis->intr_status & pThis->intr;
1020
1021 Log2Func(("Fired off interrupt %#010x - INT=%d ERR=%d PCD=%d FLR=%d HSE=%d IAA=%d - %s\n",
1022 val,
1023 !!(val & EHCI_STATUS_THRESHOLD_INT),
1024 !!(val & EHCI_STATUS_ERROR_INT),
1025 !!(val & EHCI_STATUS_PORT_CHANGE_DETECT),
1026 !!(val & EHCI_STATUS_FRAME_LIST_ROLLOVER),
1027 !!(val & EHCI_STATUS_HOST_SYSTEM_ERROR),
1028 !!(val & EHCI_STATUS_INT_ON_ASYNC_ADV),
1029 msg));
1030 RT_NOREF(val, msg);
1031
1032 /* host controller must clear the EHCI_CMD_INT_ON_ADVANCE_DOORBELL bit after setting it in the status register */
1033 if (pThis->intr_status & EHCI_STATUS_INT_ON_ASYNC_ADV)
1034 ASMAtomicAndU32(&pThis->cmd, ~EHCI_CMD_INT_ON_ADVANCE_DOORBELL);
1035
1036 }
1037 else
1038 Log2Func(("cleared interrupt\n"));
1039}
1040
1041/**
1042 * Set an interrupt, use the wrapper ehciSetInterrupt.
1043 */
1044DECLINLINE(int) ehciSetInterruptInt(PPDMDEVINS pDevIns, PEHCI pThis, int rcBusy, uint32_t intr, const char *msg)
1045{
1046 int rc = PDMDevHlpCritSectEnter(pDevIns, &pThis->CsIrq, rcBusy);
1047 if (rc != VINF_SUCCESS)
1048 return rc;
1049
1050 if ( (pThis->intr_status & intr) != intr )
1051 {
1052 ASMAtomicOrU32(&pThis->intr_status, intr);
1053 ehciUpdateInterruptLocked(pDevIns, pThis, msg);
1054 }
1055
1056 PDMDevHlpCritSectLeave(pDevIns, &pThis->CsIrq);
1057 return rc;
1058}
1059
1060/**
1061 * Set an interrupt wrapper macro for logging purposes.
1062 */
1063#define ehciSetInterrupt(a_pDevIns, a_pEhci, a_rcBusy, a_fIntr) \
1064 ehciSetInterruptInt(a_pDevIns, a_pEhci, a_rcBusy, a_fIntr, #a_fIntr)
1065#define ehciR3SetInterrupt(a_pDevIns, a_pEhci, a_fIntr) \
1066 ehciSetInterruptInt(a_pDevIns, a_pEhci, VERR_IGNORED, a_fIntr, #a_fIntr)
1067
1068#ifdef IN_RING3
1069
1070/**
1071 * @interface_method_impl{PDMIBASE,pfnQueryInterface}
1072 */
1073static DECLCALLBACK(void *) ehciR3RhQueryInterface(PPDMIBASE pInterface, const char *pszIID)
1074{
1075 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.IBase);
1076 PDMIBASE_RETURN_INTERFACE(pszIID, PDMIBASE, &pThisCC->RootHub.IBase);
1077 PDMIBASE_RETURN_INTERFACE(pszIID, VUSBIROOTHUBPORT, &pThisCC->RootHub.IRhPort);
1078 PDMIBASE_RETURN_INTERFACE(pszIID, PDMILEDPORTS, &pThisCC->RootHub.ILeds);
1079 return NULL;
1080}
1081
1082/**
1083 * Gets the pointer to the status LED of a unit.
1084 *
1085 * @returns VBox status code.
1086 * @param pInterface Pointer to the interface structure containing the called function pointer.
1087 * @param iLUN The unit which status LED we desire.
1088 * @param ppLed Where to store the LED pointer.
1089 */
1090static DECLCALLBACK(int) ehciR3RhQueryStatusLed(PPDMILEDPORTS pInterface, unsigned iLUN, PPDMLED *ppLed)
1091{
1092 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.ILeds);
1093 if (iLUN == 0)
1094 {
1095 *ppLed = &pThisCC->RootHub.Led;
1096 return VINF_SUCCESS;
1097 }
1098 return VERR_PDM_LUN_NOT_FOUND;
1099}
1100
1101
1102/**
1103 * Get the number of avialable ports in the hub.
1104 *
1105 * @returns The number of ports available.
1106 * @param pInterface Pointer to this structure.
1107 * @param pAvailable Bitmap indicating the available ports. Set bit == available port.
1108 */
1109static DECLCALLBACK(unsigned) ehciR3RhGetAvailablePorts(PVUSBIROOTHUBPORT pInterface, PVUSBPORTBITMAP pAvailable)
1110{
1111 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.IRhPort);
1112 PPDMDEVINS pDevIns = pThisCC->pDevIns;
1113 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
1114
1115 memset(pAvailable, 0, sizeof(*pAvailable));
1116
1117 int const rcLock = PDMDevHlpCritSectEnter(pDevIns, pDevIns->pCritSectRoR3, VERR_IGNORED);
1118 PDM_CRITSECT_RELEASE_ASSERT_RC_DEV(pDevIns, pDevIns->pCritSectRoR3, rcLock);
1119
1120 unsigned cPorts = 0;
1121 for (unsigned iPort = 0; iPort < EHCI_NDP_CFG(pThis); iPort++)
1122 {
1123 if (!pThisCC->RootHub.aPorts[iPort].fAttached)
1124 {
1125 cPorts++;
1126 ASMBitSet(pAvailable, iPort + 1);
1127 }
1128 }
1129
1130 PDMDevHlpCritSectLeave(pDevIns, pDevIns->pCritSectRoR3);
1131 return cPorts;
1132}
1133
1134
1135/**
1136 * Gets the supported USB versions.
1137 *
1138 * @returns The mask of supported USB versions.
1139 * @param pInterface Pointer to this structure.
1140 */
1141static DECLCALLBACK(uint32_t) ehciR3RhGetUSBVersions(PVUSBIROOTHUBPORT pInterface)
1142{
1143 RT_NOREF(pInterface);
1144 return VUSB_STDVER_20;
1145}
1146
1147
1148/** @interface_method_impl{VUSBIROOTHUBPORT,pfnAttach} */
1149static DECLCALLBACK(int) ehciR3RhAttach(PVUSBIROOTHUBPORT pInterface, uint32_t uPort, VUSBSPEED enmSpeed)
1150{
1151 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.IRhPort);
1152 PPDMDEVINS pDevIns = pThisCC->pDevIns;
1153 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
1154 LogFlowFunc(("uPort=%u\n", uPort));
1155 int const rcLock = PDMDevHlpCritSectEnter(pDevIns, pDevIns->pCritSectRoR3, VERR_IGNORED);
1156 PDM_CRITSECT_RELEASE_ASSERT_RC_DEV(pDevIns, pDevIns->pCritSectRoR3, rcLock);
1157
1158 /*
1159 * Validate and adjust input.
1160 */
1161 Assert(uPort >= 1 && uPort <= EHCI_NDP_CFG(pThis));
1162 uPort--;
1163 Assert(!pThisCC->RootHub.aPorts[uPort].fAttached);
1164 Assert(enmSpeed == VUSB_SPEED_HIGH); RT_NOREF(enmSpeed); /* Only HS devices should end up here! */
1165
1166 /*
1167 * Attach it.
1168 */
1169 ASMAtomicAndU32(&pThis->RootHub.aPorts[uPort].fReg, ~EHCI_PORT_OWNER); /* not attached to a companion controller */
1170 ASMAtomicOrU32(&pThis->RootHub.aPorts[uPort].fReg, EHCI_PORT_CURRENT_CONNECT | EHCI_PORT_CONNECT_CHANGE);
1171 pThisCC->RootHub.aPorts[uPort].fAttached = true;
1172 ehciR3PortPower(pThis, pThisCC, uPort, 1 /* power on */);
1173
1174 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_PORT_CHANGE_DETECT);
1175
1176 PDMDevHlpCritSectLeave(pDevIns, pDevIns->pCritSectRoR3);
1177 return VINF_SUCCESS;
1178}
1179
1180
1181/**
1182 * A device is being detached from a port in the roothub.
1183 *
1184 * @param pInterface Pointer to this structure.
1185 * @param uPort The port number assigned to the device.
1186 */
1187static DECLCALLBACK(void) ehciR3RhDetach(PVUSBIROOTHUBPORT pInterface, uint32_t uPort)
1188{
1189 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.IRhPort);
1190 PPDMDEVINS pDevIns = pThisCC->pDevIns;
1191 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
1192 LogFlowFunc(("uPort=%u\n", uPort));
1193 int const rcLock = PDMDevHlpCritSectEnter(pDevIns, pDevIns->pCritSectRoR3, VERR_IGNORED);
1194 PDM_CRITSECT_RELEASE_ASSERT_RC_DEV(pDevIns, pDevIns->pCritSectRoR3, rcLock);
1195
1196 /*
1197 * Validate and adjust input.
1198 */
1199 Assert(uPort >= 1 && uPort <= EHCI_NDP_CFG(pThis));
1200 uPort--;
1201 Assert(pThisCC->RootHub.aPorts[uPort].fAttached);
1202
1203 /*
1204 * Detach it.
1205 */
1206 pThisCC->RootHub.aPorts[uPort].fAttached = false;
1207 ASMAtomicAndU32(&pThis->RootHub.aPorts[uPort].fReg, ~EHCI_PORT_CURRENT_CONNECT);
1208 if (pThis->RootHub.aPorts[uPort].fReg & EHCI_PORT_PORT_ENABLED)
1209 {
1210 ASMAtomicAndU32(&pThis->RootHub.aPorts[uPort].fReg, ~EHCI_PORT_PORT_ENABLED);
1211 ASMAtomicOrU32(&pThis->RootHub.aPorts[uPort].fReg, EHCI_PORT_CONNECT_CHANGE | EHCI_PORT_PORT_CHANGE);
1212 }
1213 else
1214 ASMAtomicOrU32(&pThis->RootHub.aPorts[uPort].fReg, EHCI_PORT_CONNECT_CHANGE);
1215
1216 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_PORT_CHANGE_DETECT);
1217
1218 PDMDevHlpCritSectLeave(pDevIns, pDevIns->pCritSectRoR3);
1219}
1220
1221
1222/**
1223 * One of the roothub devices has completed its reset operation.
1224 *
1225 * Currently, we don't think anything is required to be done here
1226 * so it's just a stub for forcing async resetting of the devices
1227 * during a root hub reset.
1228 *
1229 * @param pDev The root hub device.
1230 * @param uPort The port number of the device on the roothub being resetted.
1231 * @param rc The result of the operation.
1232 * @param pvUser Pointer to the controller.
1233 */
1234static DECLCALLBACK(void) ehciR3RhResetDoneOneDev(PVUSBIDEVICE pDev, uint32_t uPort, int rc, void *pvUser)
1235{
1236 LogRel(("EHCI: root hub reset completed with %Rrc\n", rc));
1237 RT_NOREF(pDev, uPort, rc, pvUser);
1238}
1239
1240
1241/**
1242 * Does a software or hardware reset of the controller.
1243 *
1244 * This is called in response to setting HcCommandStatus.HCR, hardware reset,
1245 * and device construction.
1246 *
1247 * @param pDevIns The device instance.
1248 * @param pThis The shared EHCI instance data.
1249 * @param pThisCC The ring-3 EHCI instance data.
1250 * @param fNewMode The new mode of operation. This is UsbSuspend if it's a
1251 * software reset, and UsbReset if it's a hardware reset / cold boot.
1252 * @param fResetOnLinux Set if we can do a real reset of the devices attached to the root hub.
1253 * This is really a just a hack for the non-working linux device reset.
1254 * Linux has this feature called 'logical disconnect' if device reset fails
1255 * which prevents us from doing resets when the guest asks for it - the guest
1256 * will get confused when the device seems to be reconnected everytime it tries
1257 * to reset it. But if we're at hardware reset time, we can allow a device to
1258 * be 'reconnected' without upsetting the guest.
1259 *
1260 * @remark This hasn't got anything to do with software setting the mode to UsbReset.
1261 */
1262static void ehciR3DoReset(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC, uint32_t fNewMode, bool fResetOnLinux)
1263{
1264 LogFunc(("%s reset%s\n", fNewMode == EHCI_USB_RESET ? "hardware" : "software",
1265 fResetOnLinux ? " (reset on linux)" : ""));
1266
1267 /*
1268 * Cancel all outstanding URBs.
1269 *
1270 * We can't, and won't, deal with URBs until we're moved out of the
1271 * suspend/reset state. Also, a real HC isn't going to send anything
1272 * any more when a reset has been signaled.
1273 *
1274 * This must be done on the framer thread to avoid race conditions.
1275 */
1276 pThisCC->RootHub.pIRhConn->pfnCancelAllUrbs(pThisCC->RootHub.pIRhConn);
1277
1278 /*
1279 * Reset the hardware registers.
1280 */
1281 /** @todo other differences between hardware reset and VM reset? */
1282
1283 if (pThis->hcc_params & EHCI_HCC_PARAMS_ASYNC_SCHEDULE_PARKING)
1284 pThis->cmd = 0x80000 | EHCI_CMD_ASYNC_SCHED_PARK_ENABLE | (3 << EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_SHIFT);
1285 else
1286 pThis->cmd = 0x80000;
1287
1288 pThis->intr_status = EHCI_STATUS_HCHALTED;
1289 pThis->intr = 0;
1290 pThis->frame_idx = 0;
1291 pThis->ds_segment = 0;
1292 pThis->periodic_list_base = 0; /* undefined */
1293 pThis->async_list_base = 0; /* undefined */
1294 pThis->config = 0;
1295 pThis->uIrqInterval = (pThis->intr_status & EHCI_CMD_INTERRUPT_THRESHOLD_MASK) >> EHCI_CMD_INTERRUPT_THRESHOLD_SHIFT;
1296
1297 /* We have to update interrupts as the IRQ may need to be cleared. */
1298 int const rcLock = PDMDevHlpCritSectEnter(pDevIns, &pThis->CsIrq, VERR_IGNORED);
1299 PDM_CRITSECT_RELEASE_ASSERT_RC_DEV(pDevIns, &pThis->CsIrq, rcLock);
1300
1301 ehciUpdateInterruptLocked(pDevIns, pThis, "ehciR3DoReset");
1302
1303 PDMDevHlpCritSectLeave(pDevIns, &pThis->CsIrq);
1304
1305 ehciR3CalcTimerIntervals(pThis, pThisCC, pThisCC->uFrameRateDefault);
1306
1307 if (fNewMode == EHCI_USB_RESET)
1308 {
1309 /* Only a hardware reset reinits the port registers */
1310 for (unsigned i = 0; i < EHCI_NDP_CFG(pThis); i++)
1311 {
1312 if (pThis->hcs_params & EHCI_HCS_PARAMS_PORT_POWER_CONTROL)
1313 pThis->RootHub.aPorts[i].fReg = EHCI_PORT_OWNER;
1314 else
1315 pThis->RootHub.aPorts[i].fReg = EHCI_PORT_POWER | EHCI_PORT_OWNER;
1316 }
1317 }
1318/** @todo Shouldn't we stop the SOF timer at this point? */
1319
1320 /*
1321 * If this is a hardware reset, we will initialize the root hub too.
1322 * Software resets doesn't do this according to the specs.
1323 * (It's not possible to have device connected at the time of the
1324 * device construction, so nothing to worry about there.)
1325 */
1326 if (fNewMode == EHCI_USB_RESET)
1327 {
1328 pThisCC->RootHub.pIRhConn->pfnReset(pThisCC->RootHub.pIRhConn, fResetOnLinux);
1329
1330 /*
1331 * Reattach the devices.
1332 */
1333 for (unsigned i = 0; i < EHCI_NDP_CFG(pThis); i++)
1334 {
1335 bool fAttached = pThisCC->RootHub.aPorts[i].fAttached;
1336 pThisCC->RootHub.aPorts[i].fAttached = false;
1337
1338 if (fAttached)
1339 ehciR3RhAttach(&pThisCC->RootHub.IRhPort, i+1, VUSB_SPEED_HIGH);
1340 }
1341 }
1342}
1343
1344/**
1345 * Reset the root hub.
1346 *
1347 * @returns VBox status code.
1348 * @param pInterface Pointer to this structure.
1349 * @param fResetOnLinux This is used to indicate whether we're at VM reset time and
1350 * can do real resets or if we're at any other time where that
1351 * isn't such a good idea.
1352 * @remark Do NOT call VUSBIDevReset on the root hub in an async fashion!
1353 * @thread EMT
1354 */
1355static DECLCALLBACK(int) ehciR3RhReset(PVUSBIROOTHUBPORT pInterface, bool fResetOnLinux)
1356{
1357 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.IRhPort);
1358 PPDMDEVINS pDevIns = pThisCC->pDevIns;
1359 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
1360 LogFunc(("fResetOnLinux=%d\n", fResetOnLinux));
1361
1362 /* Soft reset first */
1363 ehciR3DoReset(pDevIns, pThis, pThisCC, EHCI_USB_SUSPEND, false /* N/A */);
1364
1365 /*
1366 * We're pretending to _reattach_ the devices without resetting them.
1367 * Except, during VM reset where we use the opportunity to do a proper
1368 * reset before the guest comes along and expects things.
1369 *
1370 * However, it's very very likely that we're not doing the right thing
1371 * here when end up here on request from the guest (USB Reset state).
1372 * The docs talks about root hub resetting, however what exact behaviour
1373 * in terms of root hub status and changed bits, and HC interrupts aren't
1374 * stated clearly. IF we get trouble and see the guest doing "USB Resets"
1375 * we will have to look into this. For the time being we stick with simple.
1376 */
1377 for (unsigned iPort = 0; iPort < EHCI_NDP_CFG(pThis); iPort++)
1378 {
1379 if (pThisCC->RootHub.aPorts[iPort].fAttached)
1380 {
1381 ASMAtomicOrU32(&pThis->RootHub.aPorts[iPort].fReg, EHCI_PORT_CURRENT_CONNECT | EHCI_PORT_CONNECT_CHANGE);
1382 if (fResetOnLinux)
1383 {
1384 PVM pVM = PDMDevHlpGetVM(pDevIns);
1385 VUSBIRhDevReset(pThisCC->RootHub.pIRhConn, EHCI_PORT_2_VUSB_PORT(iPort), fResetOnLinux,
1386 ehciR3RhResetDoneOneDev, pThis, pVM);
1387 }
1388 }
1389 }
1390
1391 return VINF_SUCCESS;
1392}
1393
1394
1395/**
1396 * Reads physical memory.
1397 */
1398DECLINLINE(void) ehciPhysRead(PPDMDEVINS pDevIns, RTGCPHYS Addr, void *pvBuf, size_t cbBuf)
1399{
1400 PDMDevHlpPCIPhysReadUser(pDevIns, Addr, pvBuf, cbBuf);
1401}
1402
1403
1404/**
1405 * Reads physical memory - metadata.
1406 */
1407DECLINLINE(void) ehciPhysReadMeta(PPDMDEVINS pDevIns, RTGCPHYS Addr, void *pvBuf, size_t cbBuf)
1408{
1409 PDMDevHlpPCIPhysReadMeta(pDevIns, Addr, pvBuf, cbBuf);
1410}
1411
1412
1413/**
1414 * Writes physical memory.
1415 */
1416DECLINLINE(void) ehciPhysWrite(PPDMDEVINS pDevIns, RTGCPHYS Addr, const void *pvBuf, size_t cbBuf)
1417{
1418 PDMDevHlpPCIPhysWriteUser(pDevIns, Addr, pvBuf, cbBuf);
1419}
1420
1421
1422/**
1423 * Writes physical memory.
1424 */
1425DECLINLINE(void) ehciPhysWriteMeta(PPDMDEVINS pDevIns, RTGCPHYS Addr, const void *pvBuf, size_t cbBuf)
1426{
1427 PDMDevHlpPCIPhysWriteMeta(pDevIns, Addr, pvBuf, cbBuf);
1428}
1429
1430
1431/**
1432 * Read an array of dwords from physical memory and correct endianness.
1433 */
1434DECLINLINE(void) ehciGetDWords(PPDMDEVINS pDevIns, RTGCPHYS Addr, uint32_t *pau32s, int c32s)
1435{
1436 ehciPhysReadMeta(pDevIns, Addr, pau32s, c32s * sizeof(uint32_t));
1437# ifndef RT_LITTLE_ENDIAN
1438 for(int i = 0; i < c32s; i++)
1439 pau32s[i] = RT_H2LE_U32(pau32s[i]);
1440# endif
1441}
1442
1443
1444/**
1445 * Write an array of dwords from physical memory and correct endianness.
1446 */
1447DECLINLINE(void) ehciPutDWords(PPDMDEVINS pDevIns, RTGCPHYS Addr, const uint32_t *pau32s, int cu32s)
1448{
1449# ifdef RT_LITTLE_ENDIAN
1450 ehciPhysWriteMeta(pDevIns, Addr, pau32s, cu32s << 2);
1451# else
1452 for (int i = 0; i < c32s; i++, pau32s++, Addr += sizeof(*pau32s))
1453 {
1454 uint32_t u32Tmp = RT_H2LE_U32(*pau32s);
1455 ehciPhysWriteMeta(pDevIns, Addr, (uint8_t *)&u32Tmp, sizeof(u32Tmp));
1456 }
1457# endif
1458}
1459
1460
1461DECLINLINE(void) ehciR3ReadFrameListPtr(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, EHCI_FRAME_LIST_PTR *pFrameList)
1462{
1463 ehciGetDWords(pDevIns, GCPhys, (uint32_t *)pFrameList, sizeof(*pFrameList) >> 2);
1464}
1465
1466DECLINLINE(void) ehciR3ReadTDPtr(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, EHCI_TD_PTR *pTD)
1467{
1468 ehciGetDWords(pDevIns, GCPhys, (uint32_t *)pTD, sizeof(*pTD) >> 2);
1469}
1470
1471DECLINLINE(void) ehciR3ReadItd(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_ITD_PAD pPItd)
1472{
1473 ehciGetDWords(pDevIns, GCPhys, (uint32_t *)pPItd, sizeof(EHCI_ITD) >> 2);
1474 pPItd->pad.Pointer = 0xFFFFF; /* Direct accesses at the last page under 4GB (ROM). */
1475}
1476
1477DECLINLINE(void) ehciR3ReadSitd(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_SITD pSitd)
1478{
1479 ehciGetDWords(pDevIns, GCPhys, (uint32_t *)pSitd, sizeof(*pSitd) >> 2);
1480}
1481
1482DECLINLINE(void) ehciR3WriteItd(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_ITD pItd)
1483{
1484 /** @todo might need to be careful about write order in async io thread */
1485 /*
1486 * Only write to the fields the controller is allowed to write to,
1487 * namely the eight double words coming after the next link pointer.
1488 */
1489 uint32_t offWrite = RT_OFFSETOF(EHCI_ITD, Transaction[0]);
1490 uint32_t offDWordsWrite = offWrite / sizeof(uint32_t);
1491 Assert(!(offWrite % sizeof(uint32_t)));
1492
1493 ehciPutDWords(pDevIns, GCPhys + offWrite, (uint32_t *)pItd + offDWordsWrite, (sizeof(*pItd) >> 2) - offDWordsWrite);
1494}
1495
1496DECLINLINE(void) ehciR3ReadQHD(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_QHD pQHD)
1497{
1498 ehciGetDWords(pDevIns, GCPhys, (uint32_t *)pQHD, sizeof(*pQHD) >> 2);
1499}
1500
1501DECLINLINE(void) ehciR3ReadQTD(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_QTD pQTD)
1502{
1503 ehciGetDWords(pDevIns, GCPhys, (uint32_t *)pQTD, sizeof(*pQTD) >> 2);
1504}
1505
1506DECLINLINE(void) ehciR3WriteQTD(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_QTD pQTD)
1507{
1508 /** @todo might need to be careful about write order in async io thread */
1509 /*
1510 * Only write to the fields the controller is allowed to write to,
1511 * namely the two double words coming after the alternate next QTD pointer.
1512 */
1513 uint32_t offWrite = RT_OFFSETOF(EHCI_QTD, Token.u32);
1514 uint32_t offDWordsWrite = offWrite / sizeof(uint32_t);
1515 Assert(!(offWrite % sizeof(uint32_t)));
1516
1517 ehciPutDWords(pDevIns, GCPhys + offWrite, (uint32_t *)pQTD + offDWordsWrite, (sizeof(*pQTD) >> 2) - offDWordsWrite);
1518}
1519
1520
1521/**
1522 * Updates the QHD in guest memory only updating portions of the QHD the controller
1523 * is allowed to write to.
1524 *
1525 * @returns nothing.
1526 * @param pDevIns The device instance.
1527 * @param GCPhys Physical guest address of the QHD.
1528 * @param pQHD The QHD to update the guest memory with.
1529 */
1530DECLINLINE(void) ehciR3UpdateQHD(PPDMDEVINS pDevIns, RTGCPHYS GCPhys, PEHCI_QHD pQHD)
1531{
1532 /*
1533 * Only update members starting from the current QTD pointer, everything
1534 * before is readonly for the controller and the guest might have updated it
1535 * behind our backs already.
1536 */
1537 uint32_t offWrite = RT_OFFSETOF(EHCI_QHD, CurrQTD);
1538 ehciPhysWriteMeta(pDevIns, GCPhys + offWrite, (uint8_t *)pQHD + offWrite, sizeof(EHCI_QHD) - offWrite);
1539}
1540
1541#ifdef LOG_ENABLED
1542
1543# if 0 /* unused */
1544/**
1545 * Dumps a TD queue. LOG_ENABLED builds only.
1546 */
1547DECLINLINE(void) ehciR3DumpTdQueue(PEHCI pThis, RTGCPHYS GCPhysHead, const char *pszMsg)
1548{
1549 RT_NOREF(pThis, GCPhysHead, pszMsg);
1550 AssertFailed();
1551}
1552# endif /* unused */
1553
1554/**
1555 * Dumps an SITD list. LOG_ENABLED builds only.
1556 */
1557DECLINLINE(void) ehciR3DumpSITD(PPDMDEVINS pDevIns, RTGCPHYS GCPhysHead, bool fList)
1558{
1559 RT_NOREF(pDevIns, GCPhysHead, fList);
1560 AssertFailed();
1561}
1562
1563/**
1564 * Dumps an FSTN list. LOG_ENABLED builds only.
1565 */
1566DECLINLINE(void) ehciR3DumpFSTN(PPDMDEVINS pDevIns, RTGCPHYS GCPhysHead, bool fList)
1567{
1568 RT_NOREF(pDevIns, GCPhysHead, fList);
1569 AssertFailed();
1570}
1571
1572#ifdef LOG_ENABLED
1573static const char *ehciPID2Str(uint32_t PID)
1574{
1575 switch(PID)
1576 {
1577 case EHCI_QTD_PID_OUT:
1578 return "OUT";
1579 case EHCI_QTD_PID_IN:
1580 return "IN";
1581 case EHCI_QTD_PID_SETUP:
1582 return "SETUP";
1583 default:
1584 return "Invalid PID!";
1585 }
1586}
1587#endif
1588
1589DECLINLINE(void) ehciR3DumpSingleQTD(RTGCPHYS GCPhys, PEHCI_QTD pQtd, const char *pszPrefix)
1590{
1591 if (pQtd->Token.Bits.Active)
1592 {
1593 Log2((" QTD%s: %RGp={", pszPrefix, GCPhys));
1594 Log2((" Length=%x IOC=%d DT=%d CErr=%d C_Page=%d Status=%x PID=%s}\n", pQtd->Token.Bits.Length, pQtd->Token.Bits.IOC, pQtd->Token.Bits.DataToggle, pQtd->Token.Bits.ErrorCount, pQtd->Token.Bits.CurrentPage, pQtd->Token.u32 & 0xff, ehciPID2Str(pQtd->Token.Bits.PID)));
1595 Log2((" QTD: %RGp={", GCPhys));
1596 Log2((" Buf0=%x Offset=%x Buf1=%x Buf2=%x Buf3=%x Buf4=%x}\n", pQtd->Buffer.Buffer[0].Pointer, pQtd->Buffer.Offset.Offset, pQtd->Buffer.Buffer[1].Pointer, pQtd->Buffer.Buffer[2].Pointer, pQtd->Buffer.Buffer[3].Pointer, pQtd->Buffer.Buffer[4].Pointer));
1597 Log2((" QTD: %RGp={", GCPhys));
1598 Log2((" Next=%RGp T=%d AltNext=%RGp AltT=%d\n", (RTGCPHYS)pQtd->Next.Pointer << EHCI_TD_PTR_SHIFT, pQtd->Next.Terminate, (RTGCPHYS)pQtd->AltNext.Pointer << EHCI_TD_PTR_SHIFT, pQtd->AltNext.Terminate));
1599 }
1600 else
1601 Log2((" QTD%s: %RGp={Not Active}\n", pszPrefix, GCPhys));
1602}
1603
1604/**
1605 * Dumps a QTD list. LOG_ENABLED builds only.
1606 */
1607DECLINLINE(void) ehciR3DumpQTD(PPDMDEVINS pDevIns, RTGCPHYS GCPhysHead, bool fList)
1608{
1609 RTGCPHYS GCPhys = GCPhysHead;
1610 unsigned iterations = 0;
1611
1612 for (;;)
1613 {
1614 EHCI_QTD qtd;
1615
1616 /* Read the whole QHD */
1617 ehciR3ReadQTD(pDevIns, GCPhys, &qtd);
1618 ehciR3DumpSingleQTD(GCPhys, &qtd, "");
1619
1620 if (!fList || qtd.Next.Terminate || !qtd.Next.Pointer || qtd.Token.Bits.Halted || !qtd.Token.Bits.Active)
1621 break;
1622
1623 /* next */
1624 if (GCPhys == ((RTGCPHYS)qtd.Next.Pointer << EHCI_TD_PTR_SHIFT))
1625 break; /* detect if list item is self-cycled. */
1626
1627 GCPhys = qtd.Next.Pointer << EHCI_TD_PTR_SHIFT;
1628
1629 if (GCPhys == GCPhysHead)
1630 break;
1631
1632 /* If we ran too many iterations, the list must be looping in on itself.
1633 * On a real controller loops wouldn't be fatal, as it will eventually
1634 * run out of time in the micro-frame.
1635 */
1636 if (++iterations == 128)
1637 {
1638 LogFunc(("Too many iterations, exiting!\n"));
1639 break;
1640 }
1641 }
1642
1643 /* alternative pointers */
1644 GCPhys = GCPhysHead;
1645 iterations = 0;
1646
1647 for (;;)
1648 {
1649 EHCI_QTD qtd;
1650
1651 /* Read the whole QHD */
1652 ehciR3ReadQTD(pDevIns, GCPhys, &qtd);
1653 if (GCPhys != GCPhysHead)
1654 ehciR3DumpSingleQTD(GCPhys, &qtd, "-A");
1655
1656 if (!fList || qtd.AltNext.Terminate || !qtd.AltNext.Pointer || qtd.Token.Bits.Halted || !qtd.Token.Bits.Active)
1657 break;
1658
1659 /* next */
1660 if (GCPhys == ((RTGCPHYS)qtd.AltNext.Pointer << EHCI_TD_PTR_SHIFT))
1661 break; /* detect if list item is self-cycled. */
1662
1663 GCPhys = qtd.AltNext.Pointer << EHCI_TD_PTR_SHIFT;
1664
1665 if (GCPhys == GCPhysHead)
1666 break;
1667
1668 /* If we ran too many iterations, the list must be looping in on itself.
1669 * On a real controller loops wouldn't be fatal, as it will eventually
1670 * run out of time in the micro-frame.
1671 */
1672 if (++iterations == 128)
1673 {
1674 LogFunc(("Too many iterations, exiting!\n"));
1675 break;
1676 }
1677 }
1678}
1679
1680/**
1681 * Dumps a QHD list. LOG_ENABLED builds only.
1682 */
1683DECLINLINE(void) ehciR3DumpQH(PPDMDEVINS pDevIns, RTGCPHYS GCPhysHead, bool fList)
1684{
1685 EHCI_QHD qhd;
1686 RTGCPHYS GCPhys = GCPhysHead;
1687 unsigned iterations = 0;
1688
1689 Log2((" QH: %RGp={", GCPhys));
1690
1691 /* Read the whole QHD */
1692 ehciR3ReadQHD(pDevIns, GCPhys, &qhd);
1693
1694 Log2(("HorzLnk=%RGp Typ=%u T=%u Addr=%x EndPt=%x Speed=%x MaxSize=%x NAK=%d C=%d RH=%d I=%d}\n",
1695 ((RTGCPHYS)qhd.Next.Pointer << EHCI_TD_PTR_SHIFT), qhd.Next.Type, qhd.Next.Terminate,
1696 qhd.Characteristics.DeviceAddress, qhd.Characteristics.EndPt, qhd.Characteristics.EndPtSpeed,
1697 qhd.Characteristics.MaxLength, qhd.Characteristics.NakCountReload, qhd.Characteristics.ControlEPFlag,
1698 qhd.Characteristics.HeadReclamation, qhd.Characteristics.InActiveNext));
1699 Log2((" Caps: Port=%x Hub=%x Multi=%x CMask=%x SMask=%x\n", qhd.Caps.Port, qhd.Caps.HubAddress,
1700 qhd.Caps.Mult, qhd.Caps.CMask, qhd.Caps.SMask));
1701 Log2((" CurrPtr=%RGp Next=%RGp T=%d AltNext=%RGp T=%d\n",
1702 ((RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT),
1703 ((RTGCPHYS)qhd.Overlay.OrgQTD.Next.Pointer << EHCI_TD_PTR_SHIFT), qhd.Overlay.OrgQTD.Next.Terminate,
1704 ((RTGCPHYS)qhd.Overlay.OrgQTD.AltNext.Pointer << EHCI_TD_PTR_SHIFT), qhd.Overlay.OrgQTD.AltNext.Terminate));
1705 ehciR3DumpSingleQTD(qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT, &qhd.Overlay.OrgQTD, "");
1706 ehciR3DumpQTD(pDevIns, qhd.Overlay.OrgQTD.Next.Pointer << EHCI_TD_PTR_SHIFT, true);
1707
1708 Assert(qhd.Next.Pointer || qhd.Next.Terminate);
1709 if ( !fList
1710 || qhd.Next.Terminate
1711 || !qhd.Next.Pointer)
1712 return;
1713
1714 for (;;)
1715 {
1716 /* Read the next pointer */
1717 EHCI_TD_PTR ptr;
1718 ehciR3ReadTDPtr(pDevIns, GCPhys, &ptr);
1719
1720 AssertMsg(ptr.Type == EHCI_DESCRIPTOR_QH, ("Unexpected pointer to type %d\n", ptr.Type));
1721 Assert(ptr.Pointer || ptr.Terminate);
1722 if ( ptr.Terminate
1723 || !ptr.Pointer
1724 || ptr.Type != EHCI_DESCRIPTOR_QH)
1725 break;
1726
1727 /* next */
1728 if (GCPhys == ((RTGCPHYS)ptr.Pointer << EHCI_TD_PTR_SHIFT))
1729 break; /* Looping on itself. Bad guest! */
1730
1731 GCPhys = ptr.Pointer << EHCI_TD_PTR_SHIFT;
1732 if (GCPhys == GCPhysHead)
1733 break; /* break the loop */
1734
1735 ehciR3DumpQH(pDevIns, GCPhys, false);
1736
1737 /* And again, if we ran too many iterations, the list must be looping on itself.
1738 * Just quit.
1739 */
1740 if (++iterations == 64)
1741 {
1742 LogFunc(("Too many iterations, exiting!\n"));
1743 break;
1744 }
1745 }
1746}
1747
1748/**
1749 * Dumps an ITD list. LOG_ENABLED builds only.
1750 */
1751DECLINLINE(void) ehciR3DumpITD(PPDMDEVINS pDevIns, RTGCPHYS GCPhysHead, bool fList)
1752{
1753 RTGCPHYS GCPhys = GCPhysHead;
1754 unsigned iterations = 0;
1755
1756 for (;;)
1757 {
1758 Log2((" ITD: %RGp={", GCPhys));
1759
1760 /* Read the whole ITD */
1761 EHCI_ITD_PAD PaddedItd;
1762 PEHCI_ITD pItd = &PaddedItd.itd;
1763 ehciR3ReadItd(pDevIns, GCPhys, &PaddedItd);
1764
1765 Log2(("Addr=%x EndPt=%x Dir=%s MaxSize=%x Mult=%d}\n", pItd->Buffer.Misc.DeviceAddress, pItd->Buffer.Misc.EndPt, (pItd->Buffer.Misc.DirectionIn) ? "in" : "out", pItd->Buffer.Misc.MaxPacket, pItd->Buffer.Misc.Multi));
1766 for (unsigned i=0;i<RT_ELEMENTS(pItd->Transaction);i++)
1767 {
1768 if (pItd->Transaction[i].Active)
1769 {
1770 Log2(("T%d Len=%x Offset=%x PG=%d IOC=%d Buffer=%x\n", i, pItd->Transaction[i].Length, pItd->Transaction[i].Offset, pItd->Transaction[i].PG, pItd->Transaction[i].IOC,
1771 pItd->Buffer.Buffer[pItd->Transaction[i].PG].Pointer << EHCI_BUFFER_PTR_SHIFT));
1772 }
1773 }
1774 Assert(pItd->Next.Pointer || pItd->Next.Terminate);
1775 if (!fList || pItd->Next.Terminate || !pItd->Next.Pointer)
1776 break;
1777
1778 /* And again, if we ran too many iterations, the list must be looping on itself.
1779 * Just quit.
1780 */
1781 if (++iterations == 128)
1782 {
1783 LogFunc(("Too many iterations, exiting!\n"));
1784 break;
1785 }
1786
1787 /* next */
1788 GCPhys = pItd->Next.Pointer << EHCI_TD_PTR_SHIFT;
1789 }
1790}
1791
1792/**
1793 * Dumps a periodic list. LOG_ENABLED builds only.
1794 */
1795DECLINLINE(void) ehciR3DumpPeriodicList(PPDMDEVINS pDevIns, RTGCPHYS GCPhysHead, const char *pszMsg, bool fTDs)
1796{
1797 RT_NOREF(fTDs);
1798 RTGCPHYS GCPhys = GCPhysHead;
1799 unsigned iterations = 0;
1800
1801 if (pszMsg)
1802 Log2(("%s:", pszMsg));
1803
1804 for (;;)
1805 {
1806 EHCI_FRAME_LIST_PTR FramePtr;
1807
1808 /* ED */
1809 Log2((" %RGp={", GCPhys));
1810 if (!GCPhys)
1811 {
1812 Log2(("END}\n"));
1813 return;
1814 }
1815
1816 /* Frame list pointer */
1817 ehciR3ReadFrameListPtr(pDevIns, GCPhys, &FramePtr);
1818 if (FramePtr.Terminate)
1819 {
1820 Log2(("[Terminate]}\n"));
1821 }
1822 else
1823 {
1824 RTGCPHYS GCPhys1 = (RTGCPHYS)FramePtr.FrameAddr << EHCI_FRAME_LIST_NEXTPTR_SHIFT;
1825 switch (FramePtr.Type)
1826 {
1827 case EHCI_DESCRIPTOR_ITD:
1828 Log2(("[ITD]}\n"));
1829 ehciR3DumpITD(pDevIns, GCPhys1, false);
1830 break;
1831 case EHCI_DESCRIPTOR_SITD:
1832 Log2(("[SITD]}\n"));
1833 ehciR3DumpSITD(pDevIns, GCPhys1, false);
1834 break;
1835 case EHCI_DESCRIPTOR_QH:
1836 Log2(("[QH]}\n"));
1837 ehciR3DumpQH(pDevIns, GCPhys1, false);
1838 break;
1839 case EHCI_DESCRIPTOR_FSTN:
1840 Log2(("[FSTN]}\n"));
1841 ehciR3DumpFSTN(pDevIns, GCPhys1, false);
1842 break;
1843 }
1844 }
1845
1846 /* Same old. If we ran too many iterations, the list must be looping on itself.
1847 * Just quit.
1848 */
1849 if (++iterations == 128)
1850 {
1851 LogFunc(("Too many iterations, exiting!\n"));
1852 break;
1853 }
1854
1855 /* next */
1856 GCPhys = GCPhys + sizeof(FramePtr);
1857 }
1858}
1859
1860#endif /* LOG_ENABLED */
1861
1862
1863DECLINLINE(int) ehciR3InFlightFindFree(PEHCICC pThisCC, const int iStart)
1864{
1865 unsigned i = iStart;
1866 while (i < RT_ELEMENTS(pThisCC->aInFlight)) {
1867 if (pThisCC->aInFlight[i].pUrb == NULL)
1868 return i;
1869 i++;
1870 }
1871 i = iStart;
1872 while (i-- > 0) {
1873 if (pThisCC->aInFlight[i].pUrb == NULL)
1874 return i;
1875 }
1876 return -1;
1877}
1878
1879
1880/**
1881 * Record an in-flight TD.
1882 *
1883 * @param pThis EHCI instance data, shared edition.
1884 * @param pThisCC EHCI instance data, ring-3 edition.
1885 * @param GCPhysTD Physical address of the TD.
1886 * @param pUrb The URB.
1887 */
1888static void ehciR3InFlightAdd(PEHCI pThis, PEHCICC pThisCC, RTGCPHYS GCPhysTD, PVUSBURB pUrb)
1889{
1890 int i = ehciR3InFlightFindFree(pThisCC, (GCPhysTD >> 4) % RT_ELEMENTS(pThisCC->aInFlight));
1891 if (i >= 0)
1892 {
1893#ifdef LOG_ENABLED
1894 pUrb->pHci->u32FrameNo = pThis->HcFmNumber;
1895#endif
1896 pThisCC->aInFlight[i].GCPhysTD = GCPhysTD;
1897 pThisCC->aInFlight[i].pUrb = pUrb;
1898 pThisCC->cInFlight++;
1899 return;
1900 }
1901 AssertMsgFailed(("Out of space cInFlight=%d!\n", pThisCC->cInFlight));
1902 RT_NOREF(pThis);
1903}
1904
1905
1906/**
1907 * Record in-flight TDs for an URB.
1908 *
1909 * @param pThis EHCI instance data, shared edition.
1910 * @param pThisCC EHCI instance data, ring-3 edition.
1911 * @param pUrb The URB.
1912 */
1913static void ehciR3InFlightAddUrb(PEHCI pThis, PEHCICC pThisCC, PVUSBURB pUrb)
1914{
1915 for (unsigned iTd = 0; iTd < pUrb->pHci->cTds; iTd++)
1916 ehciR3InFlightAdd(pThis, pThisCC, pUrb->paTds[iTd].TdAddr, pUrb);
1917}
1918
1919
1920/**
1921 * Finds a in-flight TD.
1922 *
1923 * @returns Index of the record.
1924 * @returns -1 if not found.
1925 * @param pThisCC EHCI instance data, ring-3 edition.
1926 * @param GCPhysTD Physical address of the TD.
1927 * @remark This has to be fast.
1928 */
1929static int ehciR3InFlightFind(PEHCICC pThisCC, RTGCPHYS GCPhysTD)
1930{
1931 unsigned cLeft = pThisCC->cInFlight;
1932 unsigned i = (GCPhysTD >> 4) % RT_ELEMENTS(pThisCC->aInFlight);
1933 const int iLast = i;
1934 while (i < RT_ELEMENTS(pThisCC->aInFlight)) {
1935 if (pThisCC->aInFlight[i].GCPhysTD == GCPhysTD && pThisCC->aInFlight[i].pUrb)
1936 return i;
1937 if (pThisCC->aInFlight[i].pUrb)
1938 if (cLeft-- <= 1)
1939 return -1;
1940 i++;
1941 }
1942 i = iLast;
1943 while (i-- > 0) {
1944 if (pThisCC->aInFlight[i].GCPhysTD == GCPhysTD && pThisCC->aInFlight[i].pUrb)
1945 return i;
1946 if (pThisCC->aInFlight[i].pUrb)
1947 if (cLeft-- <= 1)
1948 return -1;
1949 }
1950 return -1;
1951}
1952
1953
1954/**
1955 * Checks if a TD is in-flight.
1956 *
1957 * @returns true if in flight, false if not.
1958 * @param pThisCC EHCI instance data, ring-3 edition.
1959 * @param GCPhysTD Physical address of the TD.
1960 */
1961static bool ehciR3IsTdInFlight(PEHCICC pThisCC, RTGCPHYS GCPhysTD)
1962{
1963 return ehciR3InFlightFind(pThisCC, GCPhysTD) >= 0;
1964}
1965
1966
1967/**
1968 * Removes a in-flight TD.
1969 *
1970 * @returns 0 if found. For logged builds this is the number of frames the TD has been in-flight.
1971 * @returns -1 if not found.
1972 * @param pThis EHCI instance data, shared edition.
1973 * @param pThisCC EHCI instance data, ring-3 edition.
1974 * @param GCPhysTD Physical address of the TD.
1975 */
1976static int ehciR3InFlightRemove(PEHCI pThis, PEHCICC pThisCC, RTGCPHYS GCPhysTD)
1977{
1978 int i = ehciR3InFlightFind(pThisCC, GCPhysTD);
1979 if (i >= 0)
1980 {
1981#ifdef LOG_ENABLED
1982 const int cFramesInFlight = pThis->HcFmNumber - pThisCC->aInFlight[i].pUrb->pHci->u32FrameNo;
1983#else
1984 const int cFramesInFlight = 0;
1985#endif
1986 Log2Func(("reaping TD=%RGp %d frames (%#010x-%#010x)\n",
1987 GCPhysTD, cFramesInFlight, pThisCC->aInFlight[i].pUrb->pHci->u32FrameNo, pThis->HcFmNumber));
1988 pThisCC->aInFlight[i].GCPhysTD = 0;
1989 pThisCC->aInFlight[i].pUrb = NULL;
1990 pThisCC->cInFlight--;
1991 return cFramesInFlight;
1992 }
1993 AssertMsgFailed(("TD %RGp is not in flight\n", GCPhysTD));
1994 RT_NOREF(pThis);
1995 return -1;
1996}
1997
1998
1999/**
2000 * Removes all TDs associated with a URB from the in-flight tracking.
2001 *
2002 * @returns 0 if found. For logged builds this is the number of frames the TD has been in-flight.
2003 * @returns -1 if not found.
2004 * @param pThis EHCI instance data, shared edition.
2005 * @param pThisCC EHCI instance data, ring-3 edition.
2006 * @param pUrb The URB.
2007 */
2008static int ehciR3InFlightRemoveUrb(PEHCI pThis, PEHCICC pThisCC, PVUSBURB pUrb)
2009{
2010 int cFramesInFlight = ehciR3InFlightRemove(pThis, pThisCC, pUrb->paTds[0].TdAddr);
2011 if (pUrb->pHci->cTds > 1)
2012 {
2013 for (unsigned iTd = 1; iTd < pUrb->pHci->cTds; iTd++)
2014 if (ehciR3InFlightRemove(pThis, pThisCC, pUrb->paTds[iTd].TdAddr) < 0)
2015 cFramesInFlight = -1;
2016 }
2017 return cFramesInFlight;
2018}
2019
2020
2021/**
2022 * Checks that the transport descriptors associated with the URB
2023 * hasn't been changed in any way indicating that they may have been canceled.
2024 *
2025 * This rountine also updates the TD copies contained within the URB.
2026 *
2027 * @returns true if the URB has been canceled, otherwise false.
2028 * @param pThisCC EHCI instance data, ring-3 edition. (For stats.)
2029 * @param pUrb The URB in question.
2030 * @param pItd The ITD pointer.
2031 */
2032static bool ehciR3ItdHasUrbBeenCanceled(PEHCICC pThisCC, PVUSBURB pUrb, PEHCI_ITD pItd)
2033{
2034 RT_NOREF(pThisCC);
2035 Assert(pItd);
2036 if (!pUrb)
2037 return true;
2038
2039 PEHCI_ITD pItdCopy = (PEHCI_ITD)pUrb->paTds[0].TdCopy;
2040
2041 /* Check transactions */
2042 for (unsigned i = 0; i < RT_ELEMENTS(pItd->Transaction); i++)
2043 {
2044 if ( pItd->Transaction[i].Length != pItdCopy->Transaction[i].Length
2045 || pItd->Transaction[i].Offset != pItdCopy->Transaction[i].Offset
2046 || pItd->Transaction[i].PG != pItdCopy->Transaction[i].PG
2047 || pItd->Transaction[i].Active != pItdCopy->Transaction[i].Active)
2048 {
2049 Log(("%s: ehciR3ItdHasUrbBeenCanceled: TdAddr=%RGp canceled! [iso]\n",
2050 pUrb->pszDesc, pUrb->paTds[0].TdAddr));
2051 Log2((" %.*Rhxs (cur)\n"
2052 "!= %.*Rhxs (copy)\n",
2053 sizeof(*pItd), pItd, sizeof(*pItd), &pUrb->paTds[0].TdCopy[0]));
2054 STAM_COUNTER_INC(&pThisCC->StatCanceledIsocUrbs);
2055 return true;
2056 }
2057 }
2058
2059 /* Check misc characteristics */
2060 if ( pItd->Buffer.Misc.DeviceAddress != pItdCopy->Buffer.Misc.DeviceAddress
2061 || pItd->Buffer.Misc.DirectionIn != pItdCopy->Buffer.Misc.DirectionIn
2062 || pItd->Buffer.Misc.EndPt != pItdCopy->Buffer.Misc.EndPt)
2063 {
2064 Log(("%s: ehciR3ItdHasUrbBeenCanceled (misc): TdAddr=%RGp canceled! [iso]\n",
2065 pUrb->pszDesc, pUrb->paTds[0].TdAddr));
2066 Log2((" %.*Rhxs (cur)\n"
2067 "!= %.*Rhxs (copy)\n",
2068 sizeof(*pItd), pItd, sizeof(*pItd), &pUrb->paTds[0].TdCopy[0]));
2069 STAM_COUNTER_INC(&pThisCC->StatCanceledIsocUrbs);
2070 return true;
2071 }
2072
2073 /* Check buffer pointers */
2074 for (unsigned i = 0; i < RT_ELEMENTS(pItd->Buffer.Buffer); i++)
2075 {
2076 if (pItd->Buffer.Buffer[i].Pointer != pItdCopy->Buffer.Buffer[i].Pointer)
2077 {
2078 Log(("%s: ehciR3ItdHasUrbBeenCanceled (buf): TdAddr=%RGp canceled! [iso]\n",
2079 pUrb->pszDesc, pUrb->paTds[0].TdAddr));
2080 Log2((" %.*Rhxs (cur)\n"
2081 "!= %.*Rhxs (copy)\n",
2082 sizeof(*pItd), pItd, sizeof(*pItd), &pUrb->paTds[0].TdCopy[0]));
2083 STAM_COUNTER_INC(&pThisCC->StatCanceledIsocUrbs);
2084 return true;
2085 }
2086 }
2087 return false;
2088}
2089
2090/**
2091 * Checks that the transport descriptors associated with the URB
2092 * hasn't been changed in any way indicating that they may have been canceled.
2093 *
2094 * This rountine also updates the TD copies contained within the URB.
2095 *
2096 * @returns true if the URB has been canceled, otherwise false.
2097 * @param pThisCC EHCI instance data, ring-3 edition. (For stats.)
2098 * @param pUrb The URB in question.
2099 * @param pQhd The QHD pointer
2100 * @param pQtd The QTD pointer
2101 */
2102static bool ehciR3QhdHasUrbBeenCanceled(PEHCICC pThisCC, PVUSBURB pUrb, PEHCI_QHD pQhd, PEHCI_QTD pQtd)
2103{
2104 RT_NOREF(pQhd, pThisCC);
2105 Assert(pQhd && pQtd);
2106 if ( !pUrb
2107 || !ehciR3IsTdInFlight(pThisCC, pUrb->paTds[0].TdAddr))
2108 return true;
2109
2110 PEHCI_QTD pQtdCopy = (PEHCI_QTD)pUrb->paTds[0].TdCopy;
2111
2112 if ( pQtd->Token.Bits.Length != pQtdCopy->Token.Bits.Length
2113 || pQtd->Token.Bits.Active != pQtdCopy->Token.Bits.Active
2114 || pQtd->Token.Bits.DataToggle != pQtdCopy->Token.Bits.DataToggle
2115 || pQtd->Token.Bits.CurrentPage != pQtdCopy->Token.Bits.CurrentPage
2116 || pQtd->Token.Bits.PID != pQtdCopy->Token.Bits.PID
2117 || pQtd->Buffer.Offset.Offset != pQtdCopy->Buffer.Offset.Offset)
2118 {
2119 Log(("%s: ehciQtdHasUrbBeenCanceled: TdAddr=%RGp canceled! [iso]\n",
2120 pUrb->pszDesc, pUrb->paTds[0].TdAddr));
2121 Log2((" %.*Rhxs (cur)\n"
2122 "!= %.*Rhxs (copy)\n",
2123 sizeof(*pQtd), pQtd, sizeof(*pQtd), &pUrb->paTds[0].TdCopy[0]));
2124 STAM_COUNTER_INC(&pThisCC->StatCanceledGenUrbs);
2125 return true;
2126 }
2127
2128
2129 /* Check buffer pointers */
2130 for (unsigned i = 0; i < RT_ELEMENTS(pQtd->Buffer.Buffer); i++)
2131 {
2132 if (pQtd->Buffer.Buffer[i].Pointer != pQtdCopy->Buffer.Buffer[i].Pointer)
2133 {
2134 Log(("%s: ehciQtdHasUrbBeenCanceled (buf): TdAddr=%RGp canceled! [iso]\n",
2135 pUrb->pszDesc, pUrb->paTds[0].TdAddr));
2136 Log2((" %.*Rhxs (cur)\n"
2137 "!= %.*Rhxs (copy)\n",
2138 sizeof(*pQtd), pQtd, sizeof(*pQtd), &pUrb->paTds[0].TdCopy[0]));
2139 STAM_COUNTER_INC(&pThisCC->StatCanceledGenUrbs);
2140 return true;
2141 }
2142 }
2143
2144 return false;
2145}
2146
2147/**
2148 * Set the ITD status bits acorresponding to the VUSB status code.
2149 *
2150 * @param enmStatus The VUSB status code.
2151 * @param pItdStatus ITD status pointer
2152 */
2153static void ehciR3VUsbStatus2ItdStatus(VUSBSTATUS enmStatus, EHCI_ITD_TRANSACTION *pItdStatus)
2154{
2155 switch (enmStatus)
2156 {
2157 case VUSBSTATUS_OK:
2158 pItdStatus->TransactError = 0;
2159 pItdStatus->DataBufError = 0;
2160 break; /* make sure error bits are cleared */
2161 case VUSBSTATUS_STALL:
2162 case VUSBSTATUS_DNR:
2163 case VUSBSTATUS_CRC:
2164 pItdStatus->TransactError = 1;
2165 break;
2166 case VUSBSTATUS_DATA_UNDERRUN:
2167 case VUSBSTATUS_DATA_OVERRUN:
2168 pItdStatus->DataBufError = 1;
2169 break;
2170 case VUSBSTATUS_NOT_ACCESSED:
2171 Log(("pUrb->enmStatus=VUSBSTATUS_NOT_ACCESSED!!!\n"));
2172 break; /* can't signal this other than setting the length to 0 */
2173 default:
2174 Log(("pUrb->enmStatus=%#x!!!\n", enmStatus));
2175 break;;
2176 }
2177}
2178
2179/**
2180 * Set the QTD status bits acorresponding to the VUSB status code.
2181 *
2182 * @param enmStatus The VUSB status code.
2183 * @param pQtdStatus QTD status pointer
2184 */
2185static void ehciR3VUsbStatus2QtdStatus(VUSBSTATUS enmStatus, EHCI_QTD_TOKEN *pQtdStatus)
2186{
2187 /** @todo CERR */
2188 switch (enmStatus)
2189 {
2190 case VUSBSTATUS_OK:
2191 break; /* nothing to do */
2192 case VUSBSTATUS_STALL:
2193 pQtdStatus->Halted = 1;
2194 pQtdStatus->Active = 0;
2195 break; /* not an error! */
2196 case VUSBSTATUS_DNR:
2197 case VUSBSTATUS_CRC:
2198 pQtdStatus->TransactError = 1;
2199 break;
2200 case VUSBSTATUS_DATA_UNDERRUN:
2201 case VUSBSTATUS_DATA_OVERRUN:
2202 pQtdStatus->DataBufError = 1;
2203 break;
2204 case VUSBSTATUS_NOT_ACCESSED:
2205 Log(("pUrb->enmStatus=VUSBSTATUS_NOT_ACCESSED!!!\n"));
2206 break; /* can't signal this */
2207 default:
2208 Log(("pUrb->enmStatus=%#x!!!\n", enmStatus));
2209 break;;
2210 }
2211}
2212
2213
2214/**
2215 * Heuristic to determine the transfer type
2216 *
2217 * @returns transfer type
2218 * @param pQhd Queue head pointer
2219 */
2220static VUSBXFERTYPE ehciR3QueryTransferType(PEHCI_QHD pQhd)
2221{
2222 /* If it's EP0, we know what it is. */
2223 if (!pQhd->Characteristics.EndPt)
2224 return VUSBXFERTYPE_CTRL;
2225
2226 /* Non-zero SMask implies interrupt transfer. */
2227 if (pQhd->Caps.SMask)
2228 return VUSBXFERTYPE_INTR;
2229
2230 /* For non-HS EPs, control endpoints are clearly marked. */
2231 if ( pQhd->Characteristics.ControlEPFlag
2232 && pQhd->Characteristics.EndPtSpeed != EHCI_QHD_EPT_SPEED_HIGH)
2233 return VUSBXFERTYPE_CTRL;
2234
2235 /* If we still don't know, it's guesswork from now on. */
2236
2237 /* 64 likely indicates an interrupt transfer (see @bugref{8314})*/
2238 if (pQhd->Characteristics.MaxLength == 64)
2239 return VUSBXFERTYPE_INTR;
2240
2241 /* At this point we hope it's a bulk transfer with max packet size of 512. */
2242 Assert(pQhd->Characteristics.MaxLength == 512);
2243 return VUSBXFERTYPE_BULK;
2244}
2245
2246/**
2247 * Worker for ehciR3RhXferCompletion that handles the completion of
2248 * a URB made up of isochronous TDs.
2249 *
2250 * In general, all URBs should have status OK.
2251 */
2252static void ehciR3RhXferCompleteITD(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC, PVUSBURB pUrb)
2253{
2254 /* Read the whole ITD */
2255 EHCI_ITD_PAD PaddedItd;
2256 PEHCI_ITD pItd = &PaddedItd.itd;
2257 ehciR3ReadItd(pDevIns, pUrb->paTds[0].TdAddr, &PaddedItd);
2258
2259 /*
2260 * Check that the URB hasn't been canceled and then try unlink the TDs.
2261 *
2262 * We drop the URB if the ED is marked halted/skip ASSUMING that this
2263 * means the HCD has canceled the URB.
2264 *
2265 * If we succeed here (i.e. not dropping the URB), the TdCopy members will
2266 * be updated but not yet written. We will delay the writing till we're done
2267 * with the data copying, buffer pointer advancing and error handling.
2268 */
2269 bool fHasBeenCanceled = false;
2270 int cFmAge = ehciR3InFlightRemoveUrb(pThis, pThisCC, pUrb);
2271 if ( cFmAge < 0
2272 || (fHasBeenCanceled = ehciR3ItdHasUrbBeenCanceled(pThisCC, pUrb, pItd))
2273 )
2274 {
2275 Log(("%s: ehciR3RhXferCompleteITD: DROPPED {ITD=%RGp cTds=%d TD0=%RGp age %d} because:%s%s!!!\n",
2276 pUrb->pszDesc, pUrb->pHci->EdAddr, pUrb->pHci->cTds, pUrb->paTds[0].TdAddr, cFmAge,
2277 cFmAge < 0 ? " td not-in-flight" : "",
2278 fHasBeenCanceled ? " td canceled" : ""));
2279 NOREF(fHasBeenCanceled);
2280 STAM_COUNTER_INC(&pThisCC->StatDroppedUrbs);
2281 return;
2282 }
2283
2284 bool fIOC = false, fError = false;
2285
2286 /*
2287 * Copy the data back (if IN operation) and update the TDs.
2288 */
2289 if (pUrb->enmStatus == VUSBSTATUS_OK)
2290 {
2291 for (unsigned i = 0; i < pUrb->cIsocPkts; i++)
2292 {
2293 ehciR3VUsbStatus2ItdStatus(pUrb->aIsocPkts[i].enmStatus, &pItd->Transaction[i]);
2294 if (pItd->Transaction[i].IOC)
2295 fIOC = true;
2296
2297 if ( pUrb->enmDir == VUSBDIRECTION_IN
2298 && ( pUrb->aIsocPkts[i].enmStatus == VUSBSTATUS_OK
2299 || pUrb->aIsocPkts[i].enmStatus == VUSBSTATUS_DATA_UNDERRUN
2300 || pUrb->aIsocPkts[i].enmStatus == VUSBSTATUS_DATA_OVERRUN))
2301 {
2302 Assert(pItd->Transaction[i].Active);
2303
2304 if (pItd->Transaction[i].Active)
2305 {
2306 const unsigned pg = pItd->Transaction[i].PG;
2307 const unsigned cb = pUrb->aIsocPkts[i].cb;
2308 pItd->Transaction[i].Length = cb; /* Set the actual size. */
2309 /* Copy data. */
2310 if (cb)
2311 {
2312 uint8_t *pb = &pUrb->abData[pUrb->aIsocPkts[i].off];
2313
2314 RTGCPHYS GCPhysBuf = (RTGCPHYS)pItd->Buffer.Buffer[pg].Pointer << EHCI_BUFFER_PTR_SHIFT;
2315 GCPhysBuf += pItd->Transaction[i].Offset;
2316
2317 /* If the transfer would cross page boundary, use the next sequential PG pointer
2318 * for the second part (section 4.7.1).
2319 */
2320 if (pItd->Transaction[i].Offset + pItd->Transaction[i].Length > GUEST_PAGE_SIZE)
2321 {
2322 unsigned cb1 = GUEST_PAGE_SIZE - pItd->Transaction[i].Offset;
2323 unsigned cb2 = cb - cb1;
2324
2325 ehciPhysWrite(pDevIns, GCPhysBuf, pb, cb1);
2326 if ((pg + 1) >= EHCI_NUM_ITD_PAGES)
2327 LogRelMax(10, ("EHCI: Crossing to undefined page %d in iTD at %RGp on completion.\n", pg + 1, pUrb->paTds[0].TdAddr));
2328
2329 GCPhysBuf = pItd->Buffer.Buffer[pg + 1].Pointer << EHCI_BUFFER_PTR_SHIFT;
2330 ehciPhysWrite(pDevIns, GCPhysBuf, pb + cb1, cb2);
2331 }
2332 else
2333 ehciPhysWrite(pDevIns, GCPhysBuf, pb, cb);
2334
2335 Log5(("packet %d: off=%#x cb=%#x pb=%p (%#x)\n"
2336 "%.*Rhxd\n",
2337 i, pUrb->aIsocPkts[i].off, cb, pb, pb - &pUrb->abData[0], cb, pb));
2338 }
2339 }
2340 }
2341 pItd->Transaction[i].Active = 0; /* transfer is now officially finished */
2342 } /* for */
2343 }
2344 else
2345 {
2346 LogFunc(("Taking untested code path at line %d...\n", __LINE__));
2347 /*
2348 * Most status codes only apply to the individual packets.
2349 *
2350 * If we get a URB level error code of this kind, we'll distribute
2351 * it to all the packages unless some other status is available for
2352 * a package. This is a bit fuzzy, and we will get rid of this code
2353 * before long!
2354 */
2355 for (unsigned i = 0; i < pUrb->cIsocPkts; i++)
2356 {
2357 if (pItd->Transaction[i].Active)
2358 {
2359 ehciR3VUsbStatus2ItdStatus(pUrb->aIsocPkts[i].enmStatus, &pItd->Transaction[i]);
2360 if (pItd->Transaction[i].IOC)
2361 fIOC = true;
2362
2363 pItd->Transaction[i].Active = 0; /* transfer is now officially finished */
2364 }
2365 }
2366 fError = true;
2367 }
2368
2369 /*
2370 * Write back the modified TD.
2371 */
2372
2373 Log(("%s: ehciR3RhXferCompleteITD: pUrb->paTds[0].TdAddr=%RGp EdAddr=%RGp "
2374 "psw0=%x:%x psw1=%x:%x psw2=%x:%x psw3=%x:%x psw4=%x:%x psw5=%x:%x psw6=%x:%x psw7=%x:%x\n",
2375 pUrb->pszDesc, pUrb->paTds[0].TdAddr,
2376 pUrb->pHci->EdAddr,
2377 pItd->Buffer.Buffer[pItd->Transaction[0].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[0].Length,
2378 pItd->Buffer.Buffer[pItd->Transaction[1].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[1].Length,
2379 pItd->Buffer.Buffer[pItd->Transaction[2].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[2].Length,
2380 pItd->Buffer.Buffer[pItd->Transaction[3].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[3].Length,
2381 pItd->Buffer.Buffer[pItd->Transaction[4].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[4].Length,
2382 pItd->Buffer.Buffer[pItd->Transaction[5].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[5].Length,
2383 pItd->Buffer.Buffer[pItd->Transaction[6].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[6].Length,
2384 pItd->Buffer.Buffer[pItd->Transaction[7].PG].Pointer << EHCI_BUFFER_PTR_SHIFT, pItd->Transaction[7].Length
2385 ));
2386 ehciR3WriteItd(pDevIns, pUrb->paTds[0].TdAddr, pItd);
2387
2388 /*
2389 * Signal an interrupt on the next interrupt threshold when IOC was set for any transaction.
2390 * Both error and completion interrupts may be signaled at the same time (see Table 2.10).
2391 */
2392 if (fError)
2393 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_ERROR_INT);
2394 if (fIOC)
2395 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_THRESHOLD_INT);
2396}
2397
2398
2399/**
2400 * Worker for ehciR3RhXferCompletion that handles the completion of
2401 * a URB made up of queue heads/descriptors
2402 */
2403static void ehciR3RhXferCompleteQH(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC, PVUSBURB pUrb)
2404{
2405 EHCI_QHD qhd;
2406 EHCI_QTD qtd;
2407
2408 /* Read the whole QHD & QTD */
2409 ehciR3ReadQHD(pDevIns, pUrb->pHci->EdAddr, &qhd);
2410 AssertMsg(pUrb->paTds[0].TdAddr == ((RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT),
2411 ("Out of order completion %RGp != %RGp Endpoint=%#x\n", pUrb->paTds[0].TdAddr,
2412 ((RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT), pUrb->EndPt));
2413 ehciR3ReadQTD(pDevIns, qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT, &qtd);
2414
2415 /*
2416 * Check that the URB hasn't been canceled and then try unlink the TDs.
2417 *
2418 * We drop the URB if the ED is marked halted/skip ASSUMING that this
2419 * means the HCD has canceled the URB.
2420 *
2421 * If we succeed here (i.e. not dropping the URB), the TdCopy members will
2422 * be updated but not yet written. We will delay the writing till we're done
2423 * with the data copying, buffer pointer advancing and error handling.
2424 */
2425 bool fHasBeenCanceled = false;
2426 if ((fHasBeenCanceled = ehciR3QhdHasUrbBeenCanceled(pThisCC, pUrb, &qhd, &qtd)))
2427 {
2428 Log(("%s: ehciRhXferCompletionQH: DROPPED {qTD=%RGp cTds=%d TD0=%RGp} because:%s%s!!!\n",
2429 pUrb->pszDesc, pUrb->pHci->EdAddr, pUrb->pHci->cTds, pUrb->paTds[0].TdAddr,
2430 (pUrb->paTds[0].TdAddr != ((RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT)) ? " curptr changed" : "",
2431 fHasBeenCanceled ? " td canceled" : ""));
2432 NOREF(fHasBeenCanceled);
2433 STAM_COUNTER_INC(&pThisCC->StatDroppedUrbs);
2434
2435 ehciR3InFlightRemoveUrb(pThis, pThisCC, pUrb);
2436 qtd.Token.Bits.Active = 0;
2437 ehciR3QHUpdateOverlay(pDevIns, pThis, pThisCC, &qhd, pUrb->pHci->EdAddr, &qtd);
2438 return;
2439 }
2440 ehciR3InFlightRemoveUrb(pThis, pThisCC, pUrb);
2441
2442 /* Update the status/error bits */
2443 ehciR3VUsbStatus2QtdStatus(pUrb->enmStatus, &qtd.Token.Bits);
2444
2445 /*
2446 * Write back IN buffers.
2447 */
2448 if ( pUrb->enmDir == VUSBDIRECTION_IN
2449 && pUrb->cbData
2450 && ( pUrb->enmStatus == VUSBSTATUS_OK
2451 || pUrb->enmStatus == VUSBSTATUS_DATA_OVERRUN
2452 || pUrb->enmStatus == VUSBSTATUS_DATA_UNDERRUN
2453 )
2454 )
2455 {
2456 unsigned curOffset = 0;
2457 unsigned cbLeft = pUrb->cbData;
2458
2459 for (unsigned i=qtd.Token.Bits.CurrentPage;i<RT_ELEMENTS(qtd.Buffer.Buffer);i++)
2460 {
2461 RTGCPHYS GCPhysBuf;
2462 unsigned cbCurTransfer;
2463
2464 GCPhysBuf = qtd.Buffer.Buffer[i].Pointer << EHCI_BUFFER_PTR_SHIFT;
2465 if (i == 0)
2466 GCPhysBuf += qtd.Buffer.Offset.Offset;
2467
2468 cbCurTransfer = GUEST_PAGE_SIZE - (GCPhysBuf & GUEST_PAGE_OFFSET_MASK);
2469 cbCurTransfer = RT_MIN(cbCurTransfer, cbLeft);
2470
2471 Log3Func(("packet data for page %d:\n"
2472 "%.*Rhxd\n",
2473 i,
2474 cbCurTransfer, &pUrb->abData[curOffset]));
2475
2476 ehciPhysWrite(pDevIns, GCPhysBuf, &pUrb->abData[curOffset], cbCurTransfer);
2477 curOffset += cbCurTransfer;
2478 cbLeft -= cbCurTransfer;
2479
2480 if (cbLeft == 0)
2481 break;
2482 Assert(cbLeft < qtd.Token.Bits.Length);
2483 }
2484 }
2485
2486 if ( pUrb->cbData
2487 && ( pUrb->enmStatus == VUSBSTATUS_OK
2488 || pUrb->enmStatus == VUSBSTATUS_DATA_OVERRUN
2489 || pUrb->enmStatus == VUSBSTATUS_DATA_UNDERRUN
2490 )
2491 )
2492 {
2493 /* 3.5.3:
2494 * This field specifies the total number of bytes to be moved
2495 * with this transfer descriptor. This field is decremented by the number of bytes actually
2496 * moved during the transaction, only on the successful completion of the transaction
2497 */
2498 Assert(qtd.Token.Bits.Length >= pUrb->cbData);
2499 qtd.Token.Bits.Length -= pUrb->cbData;
2500
2501 /* Data was moved; toggle data toggle bit */
2502 qtd.Token.Bits.DataToggle ^= 1;
2503 }
2504
2505#ifdef LOG_ENABLED
2506 ehciR3DumpSingleQTD(pUrb->paTds[0].TdAddr, &qtd, "");
2507#endif
2508 qtd.Token.Bits.Active = 0; /* transfer is now officially finished */
2509
2510 /*
2511 * Write back the modified TD.
2512 */
2513 Log(("%s: ehciR3RhXferCompleteQH: pUrb->paTds[0].TdAddr=%RGp EdAddr=%RGp\n",
2514 pUrb->pszDesc, pUrb->paTds[0].TdAddr,
2515 pUrb->pHci->EdAddr));
2516
2517 ehciR3WriteQTD(pDevIns, pUrb->paTds[0].TdAddr, &qtd);
2518
2519 ehciR3QHUpdateOverlay(pDevIns, pThis, pThisCC, &qhd, pUrb->pHci->EdAddr, &qtd);
2520
2521 /*
2522 * Signal an interrupt on the next interrupt threshold when IOC was set for any transaction.
2523 * Both error and completion interrupts may be signaled at the same time (see Table 2.10).
2524 */
2525 if (EHCI_QTD_HAS_ERROR(&qtd.Token.Bits))
2526 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_ERROR_INT);
2527
2528 bool fIOC = false;
2529 if (qtd.Token.Bits.IOC) {
2530 fIOC = true;
2531 Log2Func(("Interrupting, IOC set\n"));
2532 } else if (qtd.Token.Bits.Length && (qtd.Token.Bits.PID == EHCI_QTD_PID_IN)) {
2533 fIOC = true; /* See 4.10.8 */
2534 Log2Func(("Interrupting, short IN packet\n"));
2535 }
2536 if (fIOC)
2537 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_THRESHOLD_INT);
2538}
2539
2540
2541/**
2542 * Transfer completion callback routine.
2543 *
2544 * VUSB will call this when a transfer have been completed
2545 * in a one or another way.
2546 *
2547 * @param pInterface Pointer to EHCI::ROOTHUB::IRhPort.
2548 * @param pUrb Pointer to the URB in question.
2549 */
2550static DECLCALLBACK(void) ehciR3RhXferCompletion(PVUSBIROOTHUBPORT pInterface, PVUSBURB pUrb)
2551{
2552 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.IRhPort);
2553 PPDMDEVINS pDevIns = pThisCC->pDevIns;
2554 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
2555
2556 LogFlow(("%s: ehciR3RhXferCompletion: EdAddr=%RGp cTds=%d TdAddr0=%RGp\n",
2557 pUrb->pszDesc, pUrb->pHci->EdAddr, pUrb->pHci->cTds, pUrb->paTds[0].TdAddr));
2558 LogFlow(("%s: ehciR3RhXferCompletion: cbData=%x status=%x\n", pUrb->pszDesc, pUrb->cbData, pUrb->enmStatus));
2559
2560 Assert(pUrb->pHci->cTds == 1);
2561
2562 RTCritSectEnter(&pThisCC->CritSect);
2563 pThisCC->fIdle = false; /* Mark as active */
2564
2565 switch (pUrb->paTds[0].TdType)
2566 {
2567 case EHCI_DESCRIPTOR_QH:
2568 ehciR3RhXferCompleteQH(pDevIns, pThis, pThisCC, pUrb);
2569 break;
2570
2571 case EHCI_DESCRIPTOR_ITD:
2572 ehciR3RhXferCompleteITD(pDevIns, pThis, pThisCC, pUrb);
2573 break;
2574
2575 case EHCI_DESCRIPTOR_SITD:
2576 case EHCI_DESCRIPTOR_FSTN:
2577 AssertFailed();
2578 break;
2579 }
2580
2581 ehciR3CalcTimerIntervals(pThis, pThisCC, pThisCC->uFrameRateDefault);
2582 RTCritSectLeave(&pThisCC->CritSect);
2583 RTSemEventMultiSignal(pThisCC->hSemEventFrame);
2584}
2585
2586/**
2587 * Worker for ehciR3RhXferError that handles the error case of
2588 * a URB made up of queue heads/descriptors
2589 *
2590 * @returns true if the URB should be retired.
2591 * @returns false if the URB should be retried.
2592 * @param pDevIns The device instance.
2593 * @param pThisCC EHCI instance data, ring-3 edition. (For stats.)
2594 * @param pUrb Pointer to the URB in question.
2595 */
2596static bool ehciR3RhXferErrorQH(PPDMDEVINS pDevIns, PEHCICC pThisCC, PVUSBURB pUrb)
2597{
2598 EHCI_QHD qhd;
2599 EHCI_QTD qtd;
2600
2601 /* Read the whole QHD & QTD */
2602 ehciR3ReadQHD(pDevIns, pUrb->pHci->EdAddr, &qhd);
2603 Assert(pUrb->paTds[0].TdAddr == ((RTGCPHYS)qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT));
2604 ehciR3ReadQTD(pDevIns, qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT, &qtd);
2605
2606 /*
2607 * Check if the TDs still are valid.
2608 * This will make sure the TdCopy is up to date.
2609 */
2610 /** @todo IMPORTANT! we must check if the ED is still valid at this point!!! */
2611 if (ehciR3QhdHasUrbBeenCanceled(pThisCC, pUrb, &qhd, &qtd))
2612 {
2613 Log(("%s: ehciR3RhXferError: TdAddr0=%RGp canceled!\n", pUrb->pszDesc, pUrb->paTds[0].TdAddr));
2614 return true;
2615 }
2616 return true;
2617}
2618
2619/**
2620 * Handle transfer errors.
2621 *
2622 * VUSB calls this when a transfer attempt failed. This function will respond
2623 * indicating whether to retry or complete the URB with failure.
2624 *
2625 * @returns true if the URB should be retired.
2626 * @returns false if the URB should be retried.
2627 * @param pInterface Pointer to EHCI::ROOTHUB::IRhPort.
2628 * @param pUrb Pointer to the URB in question.
2629 */
2630static DECLCALLBACK(bool) ehciR3RhXferError(PVUSBIROOTHUBPORT pInterface, PVUSBURB pUrb)
2631{
2632 PEHCICC pThisCC = RT_FROM_MEMBER(pInterface, EHCICC, RootHub.IRhPort);
2633 PPDMDEVINS pDevIns = pThisCC->pDevIns;
2634 bool fRetire = false;
2635
2636 RTCritSectEnter(&pThisCC->CritSect);
2637 /*
2638 * Don't retry on stall.
2639 */
2640 if (pUrb->enmStatus == VUSBSTATUS_STALL)
2641 {
2642 Log2(("%s: ehciR3RhXferError: STALL, giving up.\n", pUrb->pszDesc));
2643 fRetire = true;
2644 }
2645 else
2646 {
2647 switch (pUrb->paTds[0].TdType)
2648 {
2649 case EHCI_DESCRIPTOR_QH:
2650 {
2651 fRetire = ehciR3RhXferErrorQH(pDevIns, pThisCC, pUrb);
2652 break;
2653 }
2654
2655 /*
2656 * Isochronous URBs can't be retried.
2657 */
2658 case EHCI_DESCRIPTOR_ITD:
2659 case EHCI_DESCRIPTOR_SITD:
2660 case EHCI_DESCRIPTOR_FSTN:
2661 default:
2662 fRetire = true;
2663 break;
2664 }
2665 }
2666
2667 RTCritSectLeave(&pThisCC->CritSect);
2668 return fRetire;
2669}
2670
2671/**
2672 * A worker for ehciR3ServiceQTD which submits the specified TD.
2673 *
2674 * @returns true on success.
2675 * @returns false on failure to submit.
2676 */
2677static bool ehciR3SubmitQTD(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC, RTGCPHYS GCPhysQHD,
2678 PEHCI_QHD pQhd, RTGCPHYS GCPhysQTD, PEHCI_QTD pQtd, const unsigned iFrame)
2679{
2680 /*
2681 * Determine the endpoint direction.
2682 */
2683 VUSBDIRECTION enmDir;
2684 switch(pQtd->Token.Bits.PID)
2685 {
2686 case EHCI_QTD_PID_OUT:
2687 enmDir = VUSBDIRECTION_OUT;
2688 break;
2689 case EHCI_QTD_PID_IN:
2690 enmDir = VUSBDIRECTION_IN;
2691 break;
2692 case EHCI_QTD_PID_SETUP:
2693 enmDir = VUSBDIRECTION_SETUP;
2694 break;
2695 default:
2696 return false;
2697 }
2698
2699 VUSBXFERTYPE enmType;
2700
2701 enmType = ehciR3QueryTransferType(pQhd);
2702
2703 pThisCC->fIdle = false; /* Mark as active */
2704
2705 /*
2706 * Allocate and initialize the URB.
2707 */
2708 PVUSBURB pUrb = VUSBIRhNewUrb(pThisCC->RootHub.pIRhConn, pQhd->Characteristics.DeviceAddress, VUSB_DEVICE_PORT_INVALID,
2709 enmType, enmDir, pQtd->Token.Bits.Length, 1, NULL);
2710 if (!pUrb)
2711 /* retry later... */
2712 return false;
2713
2714 pUrb->EndPt = pQhd->Characteristics.EndPt;
2715 pUrb->fShortNotOk = (enmDir != VUSBDIRECTION_IN); /** @todo ??? */
2716 pUrb->enmStatus = VUSBSTATUS_OK;
2717 pUrb->pHci->cTds = 1;
2718 pUrb->pHci->EdAddr = GCPhysQHD;
2719 pUrb->pHci->fUnlinked = false;
2720 pUrb->pHci->u32FrameNo = iFrame;
2721 pUrb->paTds[0].TdAddr = GCPhysQTD;
2722 pUrb->paTds[0].TdType = EHCI_DESCRIPTOR_QH;
2723 AssertCompile(sizeof(pUrb->paTds[0].TdCopy) >= sizeof(*pQtd));
2724 memcpy(pUrb->paTds[0].TdCopy, pQtd, sizeof(*pQtd));
2725#if 0 /* color the data */
2726 memset(pUrb->abData, 0xfe, cbTotal);
2727#endif
2728
2729 /* copy the data */
2730 if ( pQtd->Token.Bits.Length
2731 && enmDir != VUSBDIRECTION_IN)
2732 {
2733 unsigned curOffset = 0;
2734 unsigned cbTransfer = pQtd->Token.Bits.Length;
2735
2736 for (unsigned i=pQtd->Token.Bits.CurrentPage;i<RT_ELEMENTS(pQtd->Buffer.Buffer);i++)
2737 {
2738 RTGCPHYS GCPhysBuf;
2739 unsigned cbCurTransfer;
2740
2741 GCPhysBuf = pQtd->Buffer.Buffer[i].Pointer << EHCI_BUFFER_PTR_SHIFT;
2742 if (i == 0)
2743 GCPhysBuf += pQtd->Buffer.Offset.Offset;
2744
2745 cbCurTransfer = GUEST_PAGE_SIZE - (GCPhysBuf & GUEST_PAGE_OFFSET_MASK);
2746 cbCurTransfer = RT_MIN(cbCurTransfer, cbTransfer);
2747
2748 ehciPhysRead(pDevIns, GCPhysBuf, &pUrb->abData[curOffset], cbCurTransfer);
2749
2750 Log3Func(("packet data:\n"
2751 "%.*Rhxd\n",
2752 cbCurTransfer, &pUrb->abData[curOffset]));
2753
2754 curOffset += cbCurTransfer;
2755 cbTransfer -= cbCurTransfer;
2756
2757 if (cbTransfer == 0)
2758 break;
2759 Assert(cbTransfer < pQtd->Token.Bits.Length);
2760 }
2761 }
2762
2763 /*
2764 * Submit the URB.
2765 */
2766 ehciR3InFlightAddUrb(pThis, pThisCC, pUrb);
2767 Log(("%s: ehciSubmitQtd: QtdAddr=%RGp GCPhysQHD=%RGp cbData=%#x\n",
2768 pUrb->pszDesc, GCPhysQTD, GCPhysQHD, pUrb->cbData));
2769 RTCritSectLeave(&pThisCC->CritSect);
2770 int rc = VUSBIRhSubmitUrb(pThisCC->RootHub.pIRhConn, pUrb, &pThisCC->RootHub.Led);
2771 RTCritSectEnter(&pThisCC->CritSect);
2772 if (RT_SUCCESS(rc))
2773 return true;
2774
2775 /* Failure cleanup. Can happen if we're still resetting the device or out of resources. */
2776 LogFunc(("failed GCPhysQtd=%RGp GCPhysQHD=%RGp pUrb=%p!!\n",
2777 GCPhysQTD, GCPhysQHD, pUrb));
2778 ehciR3InFlightRemove(pThis, pThisCC, GCPhysQTD);
2779
2780 /* Also mark the QH as halted and inactive and write back the changes. */
2781 pQhd->Overlay.OrgQTD.Token.Bits.Active = 0;
2782 pQhd->Overlay.OrgQTD.Token.Bits.Halted = 1;
2783 ehciR3UpdateQHD(pDevIns, GCPhysQHD, pQhd);
2784 return false;
2785}
2786
2787/**
2788 * A worker for ehciR3ServiceITD which submits the specified TD.
2789 *
2790 * @returns true on success.
2791 * @returns false on failure to submit.
2792 */
2793static bool ehciR3SubmitITD(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC,
2794 PEHCI_ITD pItd, RTGCPHYS ITdAddr, const unsigned iFrame)
2795{
2796 /*
2797 * Determine the endpoint direction.
2798 */
2799 VUSBDIRECTION enmDir;
2800 if(pItd->Buffer.Misc.DirectionIn)
2801 enmDir = VUSBDIRECTION_IN;
2802 else
2803 enmDir = VUSBDIRECTION_OUT;
2804
2805 /*
2806 * Extract the packet sizes and calc the total URB size.
2807 */
2808 struct
2809 {
2810 uint16_t cb;
2811 } aPkts[EHCI_NUM_ITD_TRANSACTIONS];
2812
2813 unsigned cPackets = 0;
2814 uint32_t cbTotal = 0;
2815 for (unsigned i=0;i<RT_ELEMENTS(pItd->Transaction);i++)
2816 {
2817 if (pItd->Transaction[i].Active)
2818 {
2819 aPkts[cPackets].cb = pItd->Transaction[i].Length;
2820 cbTotal += pItd->Transaction[i].Length;
2821 cPackets++;
2822 }
2823 }
2824 Assert(cbTotal <= 24576);
2825
2826 pThisCC->fIdle = false; /* Mark as active */
2827
2828 /*
2829 * Allocate and initialize the URB.
2830 */
2831 PVUSBURB pUrb = VUSBIRhNewUrb(pThisCC->RootHub.pIRhConn, pItd->Buffer.Misc.DeviceAddress, VUSB_DEVICE_PORT_INVALID,
2832 VUSBXFERTYPE_ISOC, enmDir, cbTotal, 1, NULL);
2833 if (!pUrb)
2834 /* retry later... */
2835 return false;
2836
2837 pUrb->EndPt = pItd->Buffer.Misc.EndPt;
2838 pUrb->fShortNotOk = false;
2839 pUrb->enmStatus = VUSBSTATUS_OK;
2840 pUrb->pHci->cTds = 1;
2841 pUrb->pHci->EdAddr = ITdAddr;
2842 pUrb->pHci->fUnlinked = false;
2843 pUrb->pHci->u32FrameNo = iFrame;
2844 pUrb->paTds[0].TdAddr = ITdAddr;
2845 pUrb->paTds[0].TdType = EHCI_DESCRIPTOR_ITD;
2846 AssertCompile(sizeof(pUrb->paTds[0].TdCopy) >= sizeof(*pItd));
2847 memcpy(pUrb->paTds[0].TdCopy, pItd, sizeof(*pItd));
2848#if 0 /* color the data */
2849 memset(pUrb->abData, 0xfe, cbTotal);
2850#endif
2851
2852 /* copy the data */
2853 if ( cbTotal
2854 && enmDir != VUSBDIRECTION_IN)
2855 {
2856 unsigned curOffset = 0;
2857
2858 for (unsigned i=0;i<RT_ELEMENTS(pItd->Transaction);i++)
2859 {
2860 RTGCPHYS GCPhysBuf;
2861
2862 if (pItd->Transaction[i].Active)
2863 {
2864 const unsigned pg = pItd->Transaction[i].PG;
2865
2866 GCPhysBuf = pItd->Buffer.Buffer[pg].Pointer << EHCI_BUFFER_PTR_SHIFT;
2867 GCPhysBuf += pItd->Transaction[i].Offset;
2868
2869 /* If the transfer would cross page boundary, use the next sequential PG pointer
2870 * for the second part (section 4.7.1).
2871 */
2872 if (pItd->Transaction[i].Offset + pItd->Transaction[i].Length > GUEST_PAGE_SIZE)
2873 {
2874 unsigned cb1 = GUEST_PAGE_SIZE - pItd->Transaction[i].Offset;
2875 unsigned cb2 = pItd->Transaction[i].Length - cb1;
2876
2877 ehciPhysRead(pDevIns, GCPhysBuf, &pUrb->abData[curOffset], cb1);
2878 if ((pg + 1) >= EHCI_NUM_ITD_PAGES)
2879 LogRelMax(10, ("EHCI: Crossing to undefined page %d in iTD at %RGp on submit.\n", pg + 1, pUrb->paTds[0].TdAddr));
2880
2881 GCPhysBuf = pItd->Buffer.Buffer[pg + 1].Pointer << EHCI_BUFFER_PTR_SHIFT;
2882 ehciPhysRead(pDevIns, GCPhysBuf, &pUrb->abData[curOffset + cb1], cb2);
2883 }
2884 else
2885 ehciPhysRead(pDevIns, GCPhysBuf, &pUrb->abData[curOffset], pItd->Transaction[i].Length);
2886
2887 curOffset += pItd->Transaction[i].Length;
2888 }
2889 }
2890 }
2891
2892 /* setup the packets */
2893 pUrb->cIsocPkts = cPackets;
2894 unsigned off = 0;
2895 for (unsigned i = 0; i < pUrb->cIsocPkts; i++)
2896 {
2897 pUrb->aIsocPkts[i].enmStatus = VUSBSTATUS_NOT_ACCESSED;
2898 pUrb->aIsocPkts[i].off = off;
2899 off += pUrb->aIsocPkts[i].cb = aPkts[i].cb;
2900 }
2901 Assert(off == cbTotal);
2902
2903 /*
2904 * Submit the URB.
2905 */
2906 ehciR3InFlightAddUrb(pThis, pThisCC, pUrb);
2907 Log(("%s: ehciR3SubmitITD: cbData=%#x cIsocPkts=%d TdAddr=%RGp (%#x)\n",
2908 pUrb->pszDesc, pUrb->cbData, pUrb->cIsocPkts, ITdAddr, iFrame));
2909 RTCritSectLeave(&pThisCC->CritSect);
2910 int rc = VUSBIRhSubmitUrb(pThisCC->RootHub.pIRhConn, pUrb, &pThisCC->RootHub.Led);
2911 RTCritSectEnter(&pThisCC->CritSect);
2912 if (RT_SUCCESS(rc))
2913 return true;
2914
2915 /* Failure cleanup. Can happen if we're still resetting the device or out of resources. */
2916 LogFunc(("failed pUrb=%p cbData=%#x cTds=%d ITdAddr0=%RGp - rc=%Rrc\n",
2917 pUrb, cbTotal, 1, ITdAddr, rc));
2918 ehciR3InFlightRemove(pThis, pThisCC, ITdAddr);
2919 return false;
2920}
2921
2922
2923/**
2924 * Services an ITD list (only for high-speed isochronous endpoints; all others use queues)
2925 *
2926 * An ITD can contain up to 8 transactions, which are all processed within a single frame.
2927 * Note that FRINDEX includes the micro-frame number, but only bits [12:3] are used as an
2928 * index into the periodic frame list (see 4.7.1).
2929 */
2930static void ehciR3ServiceITD(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC,
2931 RTGCPHYS GCPhys, EHCI_SERVICE_TYPE enmServiceType, const unsigned iFrame)
2932{
2933 RT_NOREF(enmServiceType);
2934 bool fAnyActive = false;
2935 EHCI_ITD_PAD PaddedItd;
2936 PEHCI_ITD pItd = &PaddedItd.itd;
2937
2938 if (ehciR3IsTdInFlight(pThisCC, GCPhys))
2939 return;
2940
2941 /* Read the whole ITD */
2942 ehciR3ReadItd(pDevIns, GCPhys, &PaddedItd);
2943
2944 Log2((" ITD: %RGp={Addr=%x EndPt=%x Dir=%s MaxSize=%x Mult=%d}\n", GCPhys, pItd->Buffer.Misc.DeviceAddress, pItd->Buffer.Misc.EndPt, (pItd->Buffer.Misc.DirectionIn) ? "in" : "out", pItd->Buffer.Misc.MaxPacket, pItd->Buffer.Misc.Multi));
2945
2946 /* Some basic checks */
2947 for (unsigned i = 0; i < RT_ELEMENTS(pItd->Transaction); i++)
2948 {
2949 if (pItd->Transaction[i].Active)
2950 {
2951 fAnyActive = true;
2952 if (pItd->Transaction[i].PG >= EHCI_NUM_ITD_PAGES)
2953 {
2954 /* Using out of range PG value (7) yields undefined behavior. We will attempt
2955 * the last page below 4GB (which is ROM, not writable).
2956 */
2957 LogRelMax(10, ("EHCI: Illegal page value %d in iTD at %RGp.\n", pItd->Transaction[i].PG, (RTGCPHYS)GCPhys));
2958 }
2959
2960 Log2((" T%d Len=%x Offset=%x PG=%d IOC=%d Buffer=%x\n", i, pItd->Transaction[i].Length, pItd->Transaction[i].Offset, pItd->Transaction[i].PG, pItd->Transaction[i].IOC,
2961 pItd->Buffer.Buffer[pItd->Transaction[i].PG].Pointer));
2962 }
2963 }
2964 /* We can't service one transaction every 125 usec, so we'll handle all 8 of them at once. */
2965 if (fAnyActive)
2966 ehciR3SubmitITD(pDevIns, pThis, pThisCC, pItd, GCPhys, iFrame);
2967 else
2968 Log2((" ITD not active, skipping.\n"));
2969}
2970
2971/**
2972 * Services an SITD list
2973 */
2974static void ehciR3ServiceSITD(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC,
2975 RTGCPHYS GCPhys, EHCI_SERVICE_TYPE enmServiceType, const unsigned iFrame)
2976{
2977 RT_NOREF(pThis, pThisCC, enmServiceType, iFrame);
2978
2979 /* Read the whole SITD */
2980 EHCI_SITD sitd;
2981 ehciR3ReadSitd(pDevIns, GCPhys, &sitd);
2982
2983 Log2((" SITD: %RGp={Addr=%x EndPt=%x Dir=%s MaxSize=%x}\n", GCPhys, sitd.Address.DeviceAddress, sitd.Address.EndPt, (sitd.Address.DirectionIn) ? "in" : "out", sitd.Transfer.Length));
2984
2985 if (sitd.Transfer.Active)
2986 AssertMsgFailed(("SITD lists not implemented; active SITD should never occur!\n"));
2987 else
2988 Log2((" SITD not active, skipping.\n"));
2989}
2990
2991/**
2992 * Copies the currently active QTD to the QH overlay area
2993 */
2994static void ehciR3QHSetupOverlay(PPDMDEVINS pDevIns, PEHCI_QHD pQhd, RTGCPHYS GCPhysQHD, PEHCI_QTD pQtd, RTGCPHYS GCPhysQTD)
2995{
2996 bool fDataToggle = pQhd->Overlay.OrgQTD.Token.Bits.DataToggle;
2997
2998 Assert(pQtd->Token.Bits.Active);
2999
3000 Log2Func(("current pointer %RGp old %RGp\n", GCPhysQTD, ((RTGCPHYS)pQhd->CurrQTD.Pointer << EHCI_TD_PTR_SHIFT)));
3001 pQhd->CurrQTD.Pointer = GCPhysQTD >> EHCI_TD_PTR_SHIFT;
3002 pQhd->CurrQTD.Reserved = 0;
3003 pQhd->Overlay.OrgQTD = *pQtd;
3004 /* All fields except those below are copied from the QTD; see 4.10.2 */
3005 if (pQhd->Characteristics.DataToggle)
3006 pQhd->Overlay.OrgQTD.Token.Bits.DataToggle = fDataToggle; /* Preserve data toggle bit in the queue head */
3007
3008 pQhd->Overlay.Status.Buffer1.CProgMask = 0;
3009 pQhd->Overlay.Status.Buffer2.FrameTag = 0;
3010 pQhd->Overlay.Status.AltNextQTD.NakCnt = pQhd->Characteristics.NakCountReload;
3011 /* Note: ping state not changed if it's a high-speed device */
3012
3013 /* Save the current QTD to the overlay area */
3014 ehciR3UpdateQHD(pDevIns, GCPhysQHD, pQhd);
3015}
3016
3017/**
3018 * Updates the currently active QTD to the QH overlay area
3019 */
3020static void ehciR3QHUpdateOverlay(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC,
3021 PEHCI_QHD pQhd, RTGCPHYS GCPhysQHD, PEHCI_QTD pQtd)
3022{
3023 Assert(!pQtd->Token.Bits.Active);
3024 pQhd->Overlay.OrgQTD = *pQtd;
3025 if (!pQhd->Overlay.OrgQTD.Next.Terminate)
3026 {
3027 EHCI_QTD qtdNext;
3028 RTGCPHYS GCPhysNextQTD = pQhd->Overlay.OrgQTD.Next.Pointer << EHCI_TD_PTR_SHIFT;
3029
3030 if (ehciR3IsTdInFlight(pThisCC, GCPhysNextQTD))
3031 {
3032 /* Read the whole QTD */
3033 ehciR3ReadQTD(pDevIns, GCPhysNextQTD, &qtdNext);
3034 if (qtdNext.Token.Bits.Active)
3035 {
3036 ehciR3QHSetupOverlay(pDevIns, pQhd, GCPhysQHD, &qtdNext, GCPhysNextQTD);
3037 return;
3038 }
3039 else
3040 {
3041 /* Td has been cancelled! */
3042 LogFunc(("in-flight qTD %RGp has been cancelled! (active=%d T=%d)\n", GCPhysNextQTD, qtdNext.Token.Bits.Active, pQhd->Overlay.OrgQTD.Next.Terminate));
3043 /** @todo we don't properly cancel the URB; it will remain active on the host.... */
3044 ehciR3InFlightRemove(pThis, pThisCC, GCPhysNextQTD);
3045 }
3046 }
3047 }
3048 /* Save the current QTD to the overlay area. */
3049 ehciR3UpdateQHD(pDevIns, GCPhysQHD, pQhd);
3050}
3051
3052/**
3053 * Services a QTD list
3054 */
3055static RTGCPHYS ehciR3ServiceQTD(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC, PEHCI_QHD pQhd, RTGCPHYS GCPhysQHD,
3056 RTGCPHYS GCPhysQTD, EHCI_SERVICE_TYPE enmServiceType, const unsigned iFrame)
3057{
3058 EHCI_QTD qtd;
3059
3060 /* Read the whole QTD */
3061 ehciR3ReadQTD(pDevIns, GCPhysQTD, &qtd);
3062
3063 if (qtd.Token.Bits.Active)
3064 {
3065 if (!ehciR3IsTdInFlight(pThisCC, GCPhysQTD))
3066 {
3067 /* Don't queue more than one non-bulk transfer at a time */
3068 if ( ehciR3QueryTransferType(pQhd) != VUSBXFERTYPE_BULK
3069 && pQhd->Overlay.OrgQTD.Token.Bits.Active)
3070 return 0;
3071
3072 Log2((" Length=%x IOC=%d DT=%d PID=%s}\n", qtd.Token.Bits.Length, qtd.Token.Bits.IOC, qtd.Token.Bits.DataToggle, ehciPID2Str(qtd.Token.Bits.PID)));
3073 if ( !pQhd->Overlay.OrgQTD.Token.Bits.Active
3074 || GCPhysQTD == (RTGCPHYS)pQhd->CurrQTD.Pointer << EHCI_TD_PTR_SHIFT)
3075 ehciR3QHSetupOverlay(pDevIns, pQhd, GCPhysQHD, &qtd, GCPhysQTD);
3076 else
3077 Log2Func(("transfer %RGp in progress -> don't update the overlay\n", (RTGCPHYS)(pQhd->CurrQTD.Pointer << EHCI_TD_PTR_SHIFT)));
3078
3079 ehciR3SubmitQTD(pDevIns, pThis, pThisCC, GCPhysQHD, pQhd, GCPhysQTD, &qtd, iFrame);
3080
3081 /* Set the Reclamation bit in USBSTS (4.10.3) */
3082 if (enmServiceType == EHCI_SERVICE_ASYNC)
3083 {
3084 Log2Func(("activity detected, set EHCI_STATUS_RECLAMATION\n"));
3085 ASMAtomicOrU32(&pThis->intr_status, EHCI_STATUS_RECLAMATION);
3086 }
3087
3088 /* Reread the whole QTD; it might have been completed already and therefore changed */
3089 ehciR3ReadQTD(pDevIns, GCPhysQTD, &qtd);
3090 }
3091 /* Table 4-10: any transfer with zero size: queue only one */
3092 if (qtd.Token.Bits.Length == 0)
3093 {
3094 LogFunc(("queue only one: transfer with zero size\n"));
3095 return 0;
3096 }
3097
3098 /* We can't queue more than one TD if we can't decide here and now which TD we should take next */
3099 if ( qtd.Token.Bits.Active /* only check if this urb is in-flight */
3100 && qtd.Token.Bits.PID == EHCI_QTD_PID_IN
3101 && !qtd.AltNext.Terminate
3102 && !qtd.Next.Terminate
3103 && qtd.Next.Pointer != qtd.AltNext.Pointer)
3104 {
3105 Log2Func(("Can't decide which pointer to take next; don't queue more than one!\n"));
3106 return 0;
3107 }
3108 }
3109 else
3110 {
3111 Log2((" Not active}\n"));
3112 return 0;
3113 }
3114
3115 /* If the 'Bytes to Transfer' field is not zero and the T-bit in the AltNext pointer is zero, then use this pointer. (4.10.2) */
3116 if ( !qtd.Token.Bits.Active /* only check if no urbs are in-flight */
3117 && qtd.Token.Bits.PID == EHCI_QTD_PID_IN /* short packets only apply to incoming tds */
3118 && !qtd.AltNext.Terminate
3119 && qtd.Token.Bits.Length)
3120 {
3121 Assert(qtd.AltNext.Pointer);
3122 Log2(("Taking alternate pointer %RGp\n", (RTGCPHYS)(qtd.AltNext.Pointer << EHCI_TD_PTR_SHIFT)));
3123 return qtd.AltNext.Pointer << EHCI_TD_PTR_SHIFT;
3124 }
3125 else
3126 {
3127 Assert(qtd.Next.Pointer || qtd.Next.Terminate);
3128 if (qtd.Next.Terminate || !qtd.Next.Pointer)
3129 return 0;
3130 return qtd.Next.Pointer << EHCI_TD_PTR_SHIFT;
3131 }
3132}
3133
3134/**
3135 * Services a QHD list
3136 */
3137static bool ehciR3ServiceQHD(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC,
3138 RTGCPHYS GCPhys, EHCI_SERVICE_TYPE enmServiceType, const unsigned iFrame)
3139{
3140 EHCI_QHD qhd;
3141
3142 Log2Func(("%RGp={", GCPhys));
3143
3144 /* Read the whole QHD */ /** @todo reading too much */
3145 ehciR3ReadQHD(pDevIns, GCPhys, &qhd);
3146
3147 /* Only interrupt qHDs should be linked from the periodic list; the S-mask field description
3148 * in table 3-20 clearly says a zero S-mask on the periodic list yields undefined results. In reality,
3149 * the Windows HCD links dummy qHDs at the start of the interrupt queue and these have an empty S-mask.
3150 * If we're servicing the periodic list, check the S-mask first; that takes care of the dummy qHDs.
3151 */
3152 if (enmServiceType == EHCI_SERVICE_PERIODIC)
3153 {
3154 // If iFrame was a micro-frame number, we should check the S-mask against it. But
3155 // we're processing all micro-frames at once, so we'll look at any qHD with non-zero S-mask
3156 if (qhd.Caps.SMask == 0) {
3157 Log2Func(("periodic qHD not scheduled for current frame -> next\n"));
3158 return true;
3159 }
3160 else
3161 Log2Func(("periodic qHD scheduled for current frame, processing\n"));
3162 }
3163 else
3164 {
3165 Assert(enmServiceType == EHCI_SERVICE_ASYNC);
3166 /* Empty schedule detection (4.10.1), for async schedule only */
3167 if (qhd.Characteristics.HeadReclamation) /* H-bit set but not an interrupt qHD */
3168 {
3169 if (pThis->intr_status & EHCI_STATUS_RECLAMATION)
3170 {
3171 Log2Func(("clear EHCI_STATUS_RECLAMATION\n"));
3172 ASMAtomicAndU32(&pThis->intr_status, ~EHCI_STATUS_RECLAMATION);
3173 }
3174 else
3175 {
3176 Log2Func(("empty schedule -> bail out\n"));
3177 pThis->fAsyncTraversalTimerActive = true;
3178 return false; /** stop traversing the list */
3179 }
3180 }
3181 }
3182
3183 /* no active qTD here or in the next queue element -> skip to next horizontal pointer (Figure 4.14 & 4.10.2) */
3184 if ( !qhd.Overlay.OrgQTD.Token.Bits.Active
3185 && qhd.Characteristics.InActiveNext)
3186 {
3187 Log2Func(("skip to next pointer (active)\n"));
3188 return true;
3189 }
3190 /* we are ignoring the Inactivate on Next Transaction bit; only applies to periodic lists & low or full speed devices (table 3.9) */
3191
3192 /** We are not allowed to handle multiple TDs unless async park is enabled (and only for high-speed devices), but we can cheat a bit. */
3193 unsigned PMCount = 1;
3194 if ( (pThis->cmd & EHCI_CMD_ASYNC_SCHED_PARK_ENABLE)
3195 && qhd.Characteristics.EndPtSpeed == EHCI_QHD_EPT_SPEED_HIGH
3196 && enmServiceType == EHCI_SERVICE_ASYNC)
3197 {
3198 PMCount = (pThis->cmd & EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_MASK) >> EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_SHIFT;
3199 Log2Func(("PM Count=%d\n", PMCount));
3200
3201 /* We will attempt to queue a bit more if we're allowed to queue more than one TD. */
3202 if (PMCount != 1)
3203 PMCount = 16;
3204 }
3205
3206 /* Queue as many transfer descriptors as possible */
3207 RTGCPHYS GCPhysQTD;
3208 if (qhd.Overlay.OrgQTD.Token.Bits.Active)
3209 {
3210 Assert(ehciR3IsTdInFlight(pThisCC, qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT));
3211 GCPhysQTD = qhd.CurrQTD.Pointer << EHCI_TD_PTR_SHIFT;
3212 }
3213 else
3214 {
3215 /* If the 'Bytes to Transfer' field is not zero and the T-bit in the AltNext pointer is zero, then use this pointer. (4.10.2) */
3216 if ( !qhd.Overlay.OrgQTD.AltNext.Terminate
3217 && qhd.Overlay.OrgQTD.Token.Bits.Length)
3218 {
3219 Assert(qhd.Overlay.OrgQTD.AltNext.Pointer);
3220 Log2(("Taking alternate pointer %RGp\n", (RTGCPHYS)(qhd.Overlay.OrgQTD.AltNext.Pointer << EHCI_TD_PTR_SHIFT)));
3221 GCPhysQTD = qhd.Overlay.OrgQTD.AltNext.Pointer << EHCI_TD_PTR_SHIFT;
3222 }
3223 else
3224 {
3225 Assert(qhd.Overlay.OrgQTD.Next.Pointer || qhd.Overlay.OrgQTD.Next.Terminate || qhd.Overlay.OrgQTD.Token.Bits.Halted);
3226 if (qhd.Overlay.OrgQTD.Next.Terminate || !qhd.Overlay.OrgQTD.Next.Pointer || qhd.Overlay.OrgQTD.Token.Bits.Halted)
3227 GCPhysQTD = 0;
3228 else
3229 GCPhysQTD = qhd.Overlay.OrgQTD.Next.Pointer << EHCI_TD_PTR_SHIFT;
3230 }
3231 }
3232
3233 while (GCPhysQTD && PMCount--)
3234 {
3235 GCPhysQTD = ehciR3ServiceQTD(pDevIns, pThis, pThisCC, &qhd, GCPhys, GCPhysQTD, enmServiceType, iFrame);
3236
3237 /* Reread the whole QHD; urb submit can call us right back which causes QH changes */ /** @todo reading too much */
3238 ehciR3ReadQHD(pDevIns, GCPhys, &qhd);
3239 }
3240 return true;
3241}
3242
3243/**
3244 * Services a FSTN list
3245 */
3246static void ehciR3ServiceFSTN(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC,
3247 RTGCPHYS GCPhys, EHCI_SERVICE_TYPE enmServiceType, const unsigned iFrame)
3248{
3249 RT_NOREF(pDevIns, pThis, pThisCC, GCPhys, enmServiceType, iFrame);
3250 AssertMsgFailed(("FSTN lists not implemented; should never occur!\n"));
3251}
3252
3253/**
3254 * Services the async list.
3255 *
3256 * The async list has complex URB assembling, but that's taken
3257 * care of at VUSB level (unlike the other transfer types).
3258 */
3259static void ehciR3ServiceAsyncList(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC, const unsigned iFrame)
3260{
3261 RTGCPHYS GCPhysHead = pThis->async_list_base;
3262 RTGCPHYS GCPhys = GCPhysHead;
3263 EHCI_TD_PTR ptr;
3264 unsigned cIterations = 0;
3265
3266 Assert(!(pThis->async_list_base & 0x1f));
3267 Assert(pThis->cmd & EHCI_CMD_ASYNC_SCHED_ENABLE);
3268 Assert(pThis->cmd & EHCI_CMD_RUN);
3269
3270 Log2Func(("%RGp\n", GCPhysHead));
3271#ifdef LOG_ENABLED
3272 ehciR3DumpQH(pDevIns, GCPhysHead, true);
3273#endif
3274
3275 /* Signal the async advance doorbell interrupt (if required) */
3276 if ( (pThis->cmd & EHCI_CMD_INT_ON_ADVANCE_DOORBELL))
3277// && !pThis->cInFlight)
3278 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_INT_ON_ASYNC_ADV);
3279
3280 /* Process the list of qHDs */
3281 for (;;)
3282 {
3283 /* Process the qHD */
3284 if (!ehciR3ServiceQHD(pDevIns, pThis, pThisCC, GCPhys, EHCI_SERVICE_ASYNC, iFrame))
3285 break;
3286
3287 /* Read the next pointer */
3288 RTGCPHYS GCPhysLast = GCPhys;
3289 ehciR3ReadTDPtr(pDevIns, GCPhys, &ptr);
3290
3291 /* Detect obvious loops. */
3292 if (GCPhys == ((RTGCPHYS)ptr.Pointer << EHCI_TD_PTR_SHIFT))
3293 break;
3294
3295 /* Technically a zero address could be valid, but that's extremely unlikely! */
3296 Assert(ptr.Pointer || ptr.Terminate);
3297 if (ptr.Terminate || !ptr.Pointer)
3298 break;
3299
3300 /* Not clear what we should do if this *is* something other than a qHD. */
3301 AssertMsg(ptr.Type == EHCI_DESCRIPTOR_QH, ("Unexpected pointer to type %d\n", ptr.Type));
3302 if (ptr.Type != EHCI_DESCRIPTOR_QH)
3303 break;
3304
3305 /* If we ran too many iterations, the list must be looping in on itself.
3306 * On a real controller loops wouldn't be fatal, as it will eventually
3307 * run out of time in the micro-frame.
3308 */
3309 AssertMsgBreak(++cIterations < 128, ("Too many iterations, exiting\n"));
3310
3311 /* next */
3312 GCPhys = ptr.Pointer << EHCI_TD_PTR_SHIFT;
3313 Assert(!(GCPhys & 0x1f));
3314 if ( GCPhys == GCPhysHead
3315 || GCPhys == GCPhysLast)
3316 break; /* break the loop */
3317 }
3318
3319#ifdef LOG_ENABLED
3320 if (g_fLogControlEPs)
3321 ehciR3DumpQH(pDevIns, GCPhysHead, true);
3322#endif
3323}
3324
3325
3326/**
3327 * Services the periodic list.
3328 *
3329 * On the interrupt portion of the periodic list we must reassemble URBs from multiple
3330 * TDs using heuristics derived from USB tracing done in the guests and guest source
3331 * code (when available).
3332 */
3333static void ehciR3ServicePeriodicList(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC, const unsigned iFrame)
3334{
3335 Assert(pThis->cmd & EHCI_CMD_PERIODIC_SCHED_ENABLE);
3336
3337#ifdef LOG_ENABLED
3338 RTGCPHYS pFramePtrHead = 0;
3339 if (g_fLogInterruptEPs)
3340 {
3341 RTGCPHYS pFramePtr = pThis->periodic_list_base + iFrame * sizeof(EHCI_FRAME_LIST_PTR);
3342
3343 pFramePtrHead = pFramePtr;
3344
3345 char sz[48];
3346 RTStrPrintf(sz, sizeof(sz), "Int%02x before", iFrame);
3347 ehciR3DumpPeriodicList(pDevIns, pFramePtrHead, sz, true);
3348 }
3349#endif
3350
3351 /*
3352 * Iterate the periodic list.
3353 */
3354 EHCI_FRAME_LIST_PTR FramePtr;
3355 RTGCPHYS GCPhys = pThis->periodic_list_base + iFrame * sizeof(FramePtr);
3356 unsigned iterations = 0;
3357
3358 ehciR3ReadFrameListPtr(pDevIns, GCPhys, &FramePtr);
3359 while (!FramePtr.Terminate && (pThis->cmd & EHCI_CMD_RUN))
3360 {
3361 GCPhys = FramePtr.FrameAddr << EHCI_FRAME_LIST_NEXTPTR_SHIFT;
3362 /* Process the descriptor based on its type. Note that on the periodic
3363 * list, HCDs may (and do) mix iTDs and qHDs more or less freely.
3364 */
3365 switch(FramePtr.Type)
3366 {
3367 case EHCI_DESCRIPTOR_ITD:
3368 ehciR3ServiceITD(pDevIns, pThis, pThisCC, GCPhys, EHCI_SERVICE_PERIODIC, iFrame);
3369 break;
3370 case EHCI_DESCRIPTOR_SITD:
3371 ehciR3ServiceSITD(pDevIns, pThis, pThisCC, GCPhys, EHCI_SERVICE_PERIODIC, iFrame);
3372 break;
3373 case EHCI_DESCRIPTOR_QH:
3374 ehciR3ServiceQHD(pDevIns, pThis, pThisCC, GCPhys, EHCI_SERVICE_PERIODIC, iFrame);
3375 break;
3376 case EHCI_DESCRIPTOR_FSTN:
3377 ehciR3ServiceFSTN(pDevIns, pThis, pThisCC, GCPhys, EHCI_SERVICE_PERIODIC, iFrame);
3378 break;
3379 }
3380
3381 /* If we ran too many iterations, the list must be looping in on itself.
3382 * On a real controller loops wouldn't be fatal, as it will eventually
3383 * run out of time in the micro-frame.
3384 */
3385 if (++iterations == 2048)
3386 {
3387 AssertMsgFailed(("ehciR3ServicePeriodicList: Too many iterations, exiting\n"));
3388 break;
3389 }
3390 /* Read the next link */
3391 ehciR3ReadFrameListPtr(pDevIns, GCPhys, &FramePtr);
3392
3393 /* Detect obvious loops. */
3394 if (GCPhys == ((RTGCPHYS)FramePtr.FrameAddr << EHCI_FRAME_LIST_NEXTPTR_SHIFT))
3395 break;
3396 }
3397
3398#ifdef LOG_ENABLED
3399 if (g_fLogInterruptEPs)
3400 {
3401 char sz[48];
3402 RTStrPrintf(sz, sizeof(sz), "Int%02x after ", iFrame);
3403 ehciR3DumpPeriodicList(pDevIns, pFramePtrHead, sz, true);
3404 }
3405#endif
3406}
3407
3408
3409/**
3410 * Calculate frame timer variables given a frame rate (1,000 Hz is the full speed).
3411 */
3412static void ehciR3CalcTimerIntervals(PEHCI pThis, PEHCICC pThisCC, uint32_t u32FrameRate)
3413{
3414 Assert(u32FrameRate <= EHCI_HARDWARE_TIMER_FREQ);
3415
3416 pThis->uFramesPerTimerCall = EHCI_HARDWARE_TIMER_FREQ / u32FrameRate;
3417 pThisCC->nsWait = RT_NS_1SEC / u32FrameRate;
3418 pThisCC->cTicksPerFrame = pThisCC->u64TimerHz / u32FrameRate;
3419 if (!pThisCC->cTicksPerFrame)
3420 pThisCC->cTicksPerFrame = 1;
3421 pThisCC->uFrameRate = u32FrameRate;
3422}
3423
3424/**
3425 * Generate a Start-Of-Frame event, and set a timer for End-Of-Frame.
3426 */
3427static void ehciR3StartOfFrame(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC)
3428{
3429 uint32_t uNewFrameRate = pThisCC->uFrameRate;
3430#ifdef LOG_ENABLED
3431 const uint32_t status_old = pThis->intr_status;
3432#endif
3433
3434 pThis->SofTime += pThisCC->cTicksPerFrame;
3435 unsigned iFrame = (pThis->frame_idx >> EHCI_FRINDEX_FRAME_INDEX_SHIFT) & EHCI_FRINDEX_FRAME_INDEX_MASK;
3436
3437 if (pThis->uIrqInterval < pThis->uFramesPerTimerCall)
3438 pThis->uIrqInterval = 0;
3439 else
3440 pThis->uIrqInterval -= pThis->uFramesPerTimerCall;
3441
3442 /* Empty async list detection halted the async schedule */
3443 if (pThis->fAsyncTraversalTimerActive)
3444 {
3445 /* Table 4.7 in 4.8.4.1 */
3446 Log2Func(("setting STATUS_RECLAMATION after empty list detection\n"));
3447 ASMAtomicOrU32(&pThis->intr_status, EHCI_STATUS_RECLAMATION);
3448 pThis->fAsyncTraversalTimerActive = false;
3449 }
3450
3451 /*
3452 * Periodic EPs (Isochronous & Interrupt)
3453 */
3454 if (pThis->cmd & EHCI_CMD_PERIODIC_SCHED_ENABLE)
3455 {
3456 int num_frames = RT_MAX(1, pThis->uFramesPerTimerCall >> EHCI_FRINDEX_FRAME_INDEX_SHIFT);
3457 Assert(num_frames > 0 && num_frames < 1024);
3458
3459 ASMAtomicOrU32(&pThis->intr_status, EHCI_STATUS_PERIOD_SCHED);
3460
3461 if (pThis->cmd & EHCI_CMD_RUN)
3462 {
3463 /* If we're running the frame timer at a reduced rate, we still need to process
3464 * all frames. Otherwise we risk completely missing newly scheduled periodic transfers.
3465 */
3466 for (int i = 0; i < num_frames; ++i)
3467 ehciR3ServicePeriodicList(pDevIns, pThis, pThisCC, (iFrame + i) & EHCI_FRINDEX_FRAME_INDEX_MASK);
3468 }
3469 }
3470 else
3471 ASMAtomicAndU32(&pThis->intr_status, ~EHCI_STATUS_PERIOD_SCHED);
3472
3473 /*
3474 * Async EPs (Control and Bulk)
3475 */
3476 if (pThis->cmd & EHCI_CMD_ASYNC_SCHED_ENABLE)
3477 {
3478 ASMAtomicOrU32(&pThis->intr_status, EHCI_STATUS_ASYNC_SCHED);
3479 if (pThis->cmd & EHCI_CMD_RUN)
3480 ehciR3ServiceAsyncList(pDevIns, pThis, pThisCC, iFrame);
3481 }
3482 else
3483 ASMAtomicAndU32(&pThis->intr_status, ~EHCI_STATUS_ASYNC_SCHED);
3484
3485 /*
3486 * ASSUME the guest won't be very upset if a TD is completed, retired and handed
3487 * back immediately. The idea is to be able to retire the data and/or status stages
3488 * of a control transfer together with the setup stage, thus saving a frame. This
3489 * behaviour is should be perfectly ok, since the setup (and maybe data) stages
3490 * have already taken at least one frame to complete.
3491 *
3492 * But, when implementing the first synchronous virtual USB devices, we'll have to
3493 * verify that the guest doesn't choke when having a TD returned in the same frame
3494 * as it was submitted.
3495 */
3496
3497#ifdef LOG_ENABLED
3498 if (pThis->intr_status ^ status_old)
3499 {
3500 uint32_t val = pThis->intr_status;
3501 uint32_t chg = val ^ status_old; NOREF(chg);
3502 Log2Func(("HcCommandStatus=%#010x: %sHCR=%d %sCLF=%d %sBLF=%d %sOCR=%d %sSOC=%d\n",
3503 val,
3504 chg & RT_BIT(0) ? "*" : "", val & 1,
3505 chg & RT_BIT(1) ? "*" : "", (val >> 1) & 1,
3506 chg & RT_BIT(2) ? "*" : "", (val >> 2) & 1,
3507 chg & RT_BIT(3) ? "*" : "", (val >> 3) & 1,
3508 chg & (3<<16)? "*" : "", (val >> 16) & 3));
3509 }
3510#endif
3511
3512 /*
3513 * Adjust the frame timer interval based on idle detection.
3514 */
3515 if (pThisCC->fIdle)
3516 {
3517 pThisCC->cIdleCycles++;
3518
3519 /*
3520 * Set the new frame rate based on how long we've been idle.
3521 * Don't remain more than 2 seconds in each frame rate (except for lowest one).
3522 */
3523 /** @todo Experiment with these values. */
3524 if (pThisCC->cIdleCycles == 2 * pThisCC->uFrameRate)
3525 {
3526 if (pThisCC->uFrameRate > 500)
3527 uNewFrameRate = pThisCC->uFrameRate - 500;
3528 else
3529 uNewFrameRate = 50; /* Absolute minimum is 50 Hertz, i.e 20ms interval. */
3530
3531 pThisCC->cIdleCycles = 1;
3532 }
3533 }
3534 else
3535 {
3536 if (pThisCC->cIdleCycles)
3537 {
3538 pThisCC->cIdleCycles = 0;
3539 uNewFrameRate = pThisCC->uFrameRateDefault;
3540 }
3541 }
3542 if (uNewFrameRate != pThisCC->uFrameRate)
3543 ehciR3CalcTimerIntervals(pThis, pThisCC, uNewFrameRate);
3544}
3545
3546/**
3547 * Updates the HcFmNumber and frame_index values. HcFmNumber contains the current USB
3548 * frame number, frame_idx is the current micro-frame. In other words,
3549 *
3550 * HcFmNumber == frame_idx << EHCI_FRAME_INDEX_SHIFT
3551 */
3552static void ehciR3BumpFrameNumber(PPDMDEVINS pDevIns, PEHCI pThis)
3553{
3554 pThis->HcFmNumber = pThis->frame_idx;
3555
3556 const uint32_t u32OldFmNumber = pThis->HcFmNumber;
3557
3558 pThis->HcFmNumber += pThis->uFramesPerTimerCall;
3559
3560 if ((u32OldFmNumber ^ pThis->HcFmNumber) & ~EHCI_FRINDEX_FRAME_INDEX_MASK)
3561 {
3562 Log2Func(("rollover!\n"));
3563 ehciR3SetInterrupt(pDevIns, pThis, EHCI_STATUS_FRAME_LIST_ROLLOVER);
3564 }
3565
3566 pThis->frame_idx = pThis->HcFmNumber;
3567
3568}
3569
3570/**
3571 * @callback_method_impl{PFNPDMTHREADDEV, EHCI Frame Thread}
3572 */
3573static DECLCALLBACK(int) ehciR3ThreadFrame(PPDMDEVINS pDevIns, PPDMTHREAD pThread)
3574{
3575 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
3576 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
3577
3578 if (pThread->enmState == PDMTHREADSTATE_INITIALIZING)
3579 return VINF_SUCCESS;
3580
3581 while (pThread->enmState == PDMTHREADSTATE_RUNNING)
3582 {
3583 int rc = VINF_SUCCESS;
3584 while ( !ASMAtomicReadBool(&pThis->fBusStarted)
3585 && pThread->enmState == PDMTHREADSTATE_RUNNING)
3586 {
3587 /* Make sure the SCHED status bits are clear. */
3588 ASMAtomicAndU32(&pThis->intr_status, ~EHCI_STATUS_PERIOD_SCHED);
3589 ASMAtomicAndU32(&pThis->intr_status, ~EHCI_STATUS_ASYNC_SCHED);
3590
3591 /* Signal the waiter that we are stopped now. */
3592 rc = RTSemEventMultiSignal(pThisCC->hSemEventFrameStopped);
3593 AssertRC(rc);
3594
3595 rc = RTSemEventMultiWait(pThisCC->hSemEventFrame, RT_INDEFINITE_WAIT);
3596 RTSemEventMultiReset(pThisCC->hSemEventFrame);
3597 }
3598
3599 AssertLogRelMsgReturn(RT_SUCCESS(rc) || rc == VERR_TIMEOUT, ("%Rrc\n", rc), rc);
3600 if (RT_UNLIKELY(pThread->enmState != PDMTHREADSTATE_RUNNING))
3601 break;
3602
3603 uint64_t const tsNanoStart = RTTimeNanoTS();
3604
3605 RTCritSectEnter(&pThisCC->CritSect);
3606
3607 /* Reset idle detection flag */
3608 pThisCC->fIdle = true;
3609
3610 /* Frame boundary, so do EOF stuff here */
3611 ehciR3StartOfFrame(pDevIns, pThis, pThisCC);
3612
3613 /* Start the next frame */
3614 ehciR3BumpFrameNumber(pDevIns, pThis);
3615
3616 RTCritSectLeave(&pThisCC->CritSect);
3617
3618 /* Wait for the next round. */
3619 uint64_t nsWait = (RTTimeNanoTS() + pThisCC->nsWait) - tsNanoStart;
3620
3621 rc = RTSemEventMultiWaitEx(pThisCC->hSemEventFrame, RTSEMWAIT_FLAGS_RELATIVE | RTSEMWAIT_FLAGS_NANOSECS | RTSEMWAIT_FLAGS_UNINTERRUPTIBLE,
3622 nsWait);
3623 AssertLogRelMsg(RT_SUCCESS(rc) || rc == VERR_TIMEOUT, ("%Rrc\n", rc));
3624 RTSemEventMultiReset(pThisCC->hSemEventFrame);
3625 }
3626
3627 return VINF_SUCCESS;
3628}
3629
3630/**
3631 * Unblock the framer thread so it can respond to a state change.
3632 *
3633 * @returns VBox status code.
3634 * @param pDevIns The device instance.
3635 * @param pThread The send thread.
3636 */
3637static DECLCALLBACK(int) ehciR3ThreadFrameWakeup(PPDMDEVINS pDevIns, PPDMTHREAD pThread)
3638{
3639 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
3640 RT_NOREF(pThread);
3641 return RTSemEventMultiSignal(pThisCC->hSemEventFrame);
3642}
3643
3644/**
3645 * Start sending SOF tokens across the USB bus, lists are processed in next frame.
3646 */
3647static void ehciR3BusStart(PPDMDEVINS pDevIns, PEHCI pThis, PEHCICC pThisCC)
3648{
3649 pThisCC->RootHub.pIRhConn->pfnPowerOn(pThisCC->RootHub.pIRhConn);
3650 ehciR3BumpFrameNumber(pDevIns, pThis);
3651
3652 LogFunc(("Bus started\n"));
3653
3654 ASMAtomicAndU32(&pThis->intr_status, ~EHCI_STATUS_HCHALTED);
3655 pThis->SofTime = PDMDevHlpTMTimeVirtGet(pDevIns) - pThisCC->cTicksPerFrame;
3656 bool fBusActive = ASMAtomicXchgBool(&pThis->fBusStarted, true);
3657 if (!fBusActive)
3658 RTSemEventMultiSignal(pThisCC->hSemEventFrame);
3659}
3660
3661/**
3662 * Stop sending SOF tokens on the bus
3663 */
3664static void ehciR3BusStop(PEHCI pThis, PEHCICC pThisCC)
3665{
3666 LogFunc(("\n"));
3667 bool fBusActive = ASMAtomicXchgBool(&pThis->fBusStarted, false);
3668 if (fBusActive)
3669 {
3670 int rc = RTSemEventMultiReset(pThisCC->hSemEventFrameStopped);
3671 AssertRC(rc);
3672
3673 /* Signal the frame thread to stop. */
3674 RTSemEventMultiSignal(pThisCC->hSemEventFrame);
3675
3676 /* Wait for signal from the thread that it stopped. */
3677 rc = RTSemEventMultiWait(pThisCC->hSemEventFrameStopped, RT_INDEFINITE_WAIT);
3678 AssertRC(rc);
3679 }
3680 pThisCC->RootHub.pIRhConn->pfnPowerOff(pThisCC->RootHub.pIRhConn);
3681 ASMAtomicOrU32(&pThis->intr_status, EHCI_STATUS_HCHALTED);
3682}
3683
3684/**
3685 * Power a port up or down
3686 */
3687static void ehciR3PortPower(PEHCI pThis, PEHCICC pThisCC, unsigned iPort, bool fPowerUp)
3688{
3689 bool fOldPPS = !!(pThis->RootHub.aPorts[iPort].fReg & EHCI_PORT_POWER);
3690 if (fPowerUp)
3691 {
3692 Log2Func(("port %d UP\n", iPort));
3693 /* power up */
3694 if (pThisCC->RootHub.aPorts[iPort].fAttached)
3695 ASMAtomicOrU32(&pThis->RootHub.aPorts[iPort].fReg, EHCI_PORT_CURRENT_CONNECT);
3696 if (pThis->RootHub.aPorts[iPort].fReg & EHCI_PORT_CURRENT_CONNECT)
3697 ASMAtomicOrU32(&pThis->RootHub.aPorts[iPort].fReg, EHCI_PORT_POWER);
3698 if (pThisCC->RootHub.aPorts[iPort].fAttached && !fOldPPS)
3699 VUSBIRhDevPowerOn(pThisCC->RootHub.pIRhConn, EHCI_PORT_2_VUSB_PORT(iPort));
3700 }
3701 else
3702 {
3703 Log2(("Func port %d DOWN\n", iPort));
3704 /* power down */
3705 ASMAtomicAndU32(&pThis->RootHub.aPorts[iPort].fReg, ~(EHCI_PORT_POWER|EHCI_PORT_CURRENT_CONNECT));
3706 if (pThisCC->RootHub.aPorts[iPort].fAttached && fOldPPS)
3707 VUSBIRhDevPowerOff(pThisCC->RootHub.pIRhConn, EHCI_PORT_2_VUSB_PORT(iPort));
3708 }
3709}
3710
3711/**
3712 * Completion callback for the VUSBIDevReset() operation.
3713 * @thread EMT.
3714 */
3715static void ehciR3PortResetDone(PEHCI pThis, PEHCICC pThisCC, uint32_t uPort, int rc)
3716{
3717 Log2Func(("rc=%Rrc\n", rc));
3718 Assert(uPort >= 1);
3719 unsigned iPort = uPort - 1;
3720
3721 if (RT_SUCCESS(rc))
3722 {
3723 /*
3724 * Successful reset.
3725 */
3726 Log2Func(("Reset completed.\n"));
3727 /* Note: XP relies on us clearing EHCI_PORT_CONNECT_CHANGE */
3728 ASMAtomicAndU32(&pThis->RootHub.aPorts[iPort].fReg, ~(EHCI_PORT_RESET | EHCI_PORT_SUSPEND | EHCI_PORT_CONNECT_CHANGE));
3729 ASMAtomicOrU32(&pThis->RootHub.aPorts[iPort].fReg, EHCI_PORT_PORT_ENABLED);
3730 }
3731 else
3732 {
3733 /* desperate measures. */
3734 if ( pThisCC->RootHub.aPorts[iPort].fAttached
3735 && VUSBIRhDevGetState(pThisCC->RootHub.pIRhConn, uPort) == VUSB_DEVICE_STATE_ATTACHED)
3736 {
3737 /*
3738 * Damn, something weird happend during reset. We'll pretend the user did an
3739 * incredible fast reconnect or something. (prolly not gonna work)
3740 */
3741 Log2Func(("The reset failed (rc=%Rrc)!!! Pretending reconnect at the speed of light.\n", rc));
3742 ASMAtomicOrU32(&pThis->RootHub.aPorts[iPort].fReg, EHCI_PORT_CURRENT_CONNECT | EHCI_PORT_CONNECT_CHANGE);
3743 }
3744 else
3745 {
3746 /*
3747 * The device has / will be disconnected.
3748 */
3749 Log2Func(("Disconnected (rc=%Rrc)!!!\n", rc));
3750 ASMAtomicAndU32(&pThis->RootHub.aPorts[iPort].fReg, ~(EHCI_PORT_RESET | EHCI_PORT_SUSPEND));
3751 ASMAtomicOrU32(&pThis->RootHub.aPorts[iPort].fReg, EHCI_PORT_CONNECT_CHANGE);
3752 }
3753 }
3754}
3755
3756/**
3757 * Sets a flag in a port status register but only set it if a device is
3758 * connected, if not set ConnectStatusChange flag to force HCD to reevaluate
3759 * connect status.
3760 *
3761 * @returns true if device was connected and the flag was cleared.
3762 */
3763static bool ehciR3RhPortSetIfConnected(PEHCIROOTHUB pRh, int iPort, uint32_t fValue)
3764{
3765 /*
3766 * Writing a 0 has no effect
3767 */
3768 if (fValue == 0)
3769 return false;
3770
3771 /*
3772 * The port might be still/already disconnected.
3773 */
3774 if (!(pRh->aPorts[iPort].fReg & EHCI_PORT_CURRENT_CONNECT))
3775 return false;
3776
3777 bool fRc = !(pRh->aPorts[iPort].fReg & fValue);
3778
3779 /* set the bit */
3780 ASMAtomicOrU32(&pRh->aPorts[iPort].fReg, fValue);
3781
3782 return fRc;
3783}
3784
3785#endif /* IN_RING3 */
3786
3787
3788/**
3789 * Read the USBCMD register of the host controller.
3790 */
3791static VBOXSTRICTRC HcCommand_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
3792{
3793 /* Signal the async advance doorbell interrupt (if required)
3794 * XP polls the command register to see when it can queue up more TDs.
3795 */
3796 if ( (pThis->cmd & EHCI_CMD_INT_ON_ADVANCE_DOORBELL))
3797// && !pThis->cInFlight)
3798 {
3799 int rc = ehciSetInterrupt(pDevIns, pThis, VINF_IOM_R3_MMIO_READ, EHCI_STATUS_INT_ON_ASYNC_ADV);
3800 if (rc != VINF_SUCCESS)
3801 return rc;
3802 }
3803
3804 *pu32Value = pThis->cmd;
3805 RT_NOREF(iReg);
3806 return VINF_SUCCESS;
3807}
3808
3809/**
3810 * Write to the USBCMD register of the host controller.
3811 */
3812static VBOXSTRICTRC HcCommand_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
3813{
3814#ifdef IN_RING3
3815 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
3816#endif
3817 RT_NOREF(pDevIns, iReg);
3818
3819#ifdef LOG_ENABLED
3820 Log(("HcCommand_w old=%x new=%x\n", pThis->cmd, val));
3821 if (val & EHCI_CMD_RUN)
3822 Log((" CMD_RUN\n"));
3823 if (val & EHCI_CMD_RESET)
3824 Log((" CMD_RESET\n"));
3825 if (val & EHCI_CMD_PERIODIC_SCHED_ENABLE)
3826 Log((" CMD_PERIODIC_SCHED_ENABLE\n"));
3827 if (val & EHCI_CMD_ASYNC_SCHED_ENABLE)
3828 Log((" CMD_ASYNC_SCHED_ENABLE\n"));
3829 if (val & EHCI_CMD_INT_ON_ADVANCE_DOORBELL)
3830 Log((" CMD_INT_ON_ADVANCE_DOORBELL\n"));
3831 if (val & EHCI_CMD_SOFT_RESET)
3832 Log((" CMD_SOFT_RESET\n"));
3833 if (val & EHCI_CMD_ASYNC_SCHED_PARK_ENABLE)
3834 Log((" CMD_ASYNC_SCHED_PARK_ENABLE\n"));
3835
3836 Log((" CMD_FRAME_LIST_SIZE %d\n", (val & EHCI_CMD_FRAME_LIST_SIZE_MASK) >> EHCI_CMD_FRAME_LIST_SIZE_SHIFT));
3837 Log((" CMD_ASYNC_SCHED_PARK_MODE_COUNT %d\n", (val & EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_MASK) >> EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_SHIFT));
3838 Log((" CMD_INTERRUPT_THRESHOLD %d\n", (val & EHCI_CMD_INTERRUPT_THRESHOLD_MASK) >> EHCI_CMD_INTERRUPT_THRESHOLD_SHIFT));
3839#endif
3840
3841 Assert(!(pThis->hcc_params & EHCI_HCC_PARAMS_PROGRAMMABLE_FRAME_LIST)); /* hardcoded assumptions about list size */
3842 if (!(pThis->hcc_params & EHCI_HCC_PARAMS_PROGRAMMABLE_FRAME_LIST))
3843 {
3844 if (val & EHCI_CMD_FRAME_LIST_SIZE_MASK)
3845 Log(("Trying to change the frame list size to %d even though it's hardcoded at 1024 elements!!\n", (val & EHCI_CMD_FRAME_LIST_SIZE_MASK) >> EHCI_CMD_FRAME_LIST_SIZE_SHIFT));
3846
3847 val &= ~EHCI_CMD_FRAME_LIST_SIZE_MASK; /* 00 = 1024 */
3848 }
3849 if (val & ~EHCI_CMD_MASK)
3850 Log(("Unknown bits %#x are set!!!\n", val & ~0x0003000f));
3851
3852 uint32_t old_cmd = pThis->cmd;
3853#ifdef IN_RING3
3854 pThis->cmd = val;
3855#endif
3856
3857 if (val & EHCI_CMD_RESET)
3858 {
3859#ifdef IN_RING3
3860 LogRel(("EHCI: Hardware reset\n"));
3861 ehciR3DoReset(pDevIns, pThis, pThisCC, EHCI_USB_RESET, true /* reset devices */);
3862#else
3863 return VINF_IOM_R3_MMIO_WRITE;
3864#endif
3865 }
3866 else if (val & EHCI_CMD_SOFT_RESET)
3867 {
3868#ifdef IN_RING3
3869 LogRel(("EHCI: Software reset\n"));
3870 ehciR3DoReset(pDevIns, pThis, pThisCC, EHCI_USB_SUSPEND, false /* N/A */);
3871#else
3872 return VINF_IOM_R3_MMIO_WRITE;
3873#endif
3874 }
3875 else
3876 {
3877 /* see what changed and take action on that. */
3878 uint32_t old_state = old_cmd & EHCI_CMD_RUN;
3879 uint32_t new_state = val & EHCI_CMD_RUN;
3880
3881 if (old_state != new_state)
3882 {
3883#ifdef IN_RING3
3884 switch (new_state)
3885 {
3886 case EHCI_CMD_RUN:
3887 LogRel(("EHCI: USB Operational\n"));
3888 ehciR3BusStart(pDevIns, pThis, pThisCC);
3889 break;
3890 case 0:
3891 ehciR3BusStop(pThis, pThisCC);
3892 LogRel(("EHCI: USB Suspended\n"));
3893 break;
3894 }
3895#else
3896 return VINF_IOM_R3_MMIO_WRITE;
3897#endif
3898 }
3899 }
3900#ifndef IN_RING3
3901 pThis->cmd = val;
3902#endif
3903 return VINF_SUCCESS;
3904}
3905
3906/**
3907 * Read the USBSTS register of the host controller.
3908 */
3909static VBOXSTRICTRC HcStatus_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
3910{
3911 RT_NOREF(pDevIns, iReg);
3912#ifdef LOG_ENABLED
3913 Log(("HcStatus_r current value %x\n", pThis->intr_status));
3914 if (pThis->intr_status & EHCI_STATUS_ASYNC_SCHED)
3915 Log((" STATUS_ASYNC_SCHED\n"));
3916 if (pThis->intr_status & EHCI_STATUS_PERIOD_SCHED)
3917 Log((" STATUS_PERIOD_SCHED\n"));
3918 if (pThis->intr_status & EHCI_STATUS_RECLAMATION)
3919 Log((" STATUS_RECLAMATION\n"));
3920 if (pThis->intr_status & EHCI_STATUS_HCHALTED)
3921 Log((" STATUS_HCHALTED\n"));
3922 if (pThis->intr_status & EHCI_STATUS_INT_ON_ASYNC_ADV)
3923 Log((" STATUS_INT_ON_ASYNC_ADV\n"));
3924 if (pThis->intr_status & EHCI_STATUS_HOST_SYSTEM_ERROR)
3925 Log((" STATUS_HOST_SYSTEM_ERROR\n"));
3926 if (pThis->intr_status & EHCI_STATUS_FRAME_LIST_ROLLOVER)
3927 Log((" STATUS_FRAME_LIST_ROLLOVER\n"));
3928 if (pThis->intr_status & EHCI_STATUS_PORT_CHANGE_DETECT)
3929 Log((" STATUS_PORT_CHANGE_DETECT\n"));
3930 if (pThis->intr_status & EHCI_STATUS_ERROR_INT)
3931 Log((" STATUS_ERROR_INT\n"));
3932 if (pThis->intr_status & EHCI_STATUS_THRESHOLD_INT)
3933 Log((" STATUS_THRESHOLD_INT\n"));
3934#endif
3935 *pu32Value = pThis->intr_status;
3936 return VINF_SUCCESS;
3937}
3938
3939/**
3940 * Write to the USBSTS register of the host controller.
3941 */
3942static VBOXSTRICTRC HcStatus_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
3943{
3944 RT_NOREF(iReg);
3945 VBOXSTRICTRC rc = PDMDevHlpCritSectEnter(pDevIns, &pThis->CsIrq, VINF_IOM_R3_MMIO_WRITE);
3946 if (rc != VINF_SUCCESS)
3947 return rc;
3948
3949#ifdef LOG_ENABLED
3950 Log(("HcStatus_w current value %x; new %x\n", pThis->intr_status, val));
3951 if (val & EHCI_STATUS_ASYNC_SCHED)
3952 Log((" STATUS_ASYNC_SCHED\n"));
3953 if (val & EHCI_STATUS_PERIOD_SCHED)
3954 Log((" STATUS_PERIOD_SCHED\n"));
3955 if (val & EHCI_STATUS_RECLAMATION)
3956 Log((" STATUS_RECLAMATION\n"));
3957 if (val & EHCI_STATUS_HCHALTED)
3958 Log((" STATUS_HCHALTED\n"));
3959 if (val & EHCI_STATUS_INT_ON_ASYNC_ADV)
3960 Log((" STATUS_INT_ON_ASYNC_ADV\n"));
3961 if (val & EHCI_STATUS_HOST_SYSTEM_ERROR)
3962 Log((" STATUS_HOST_SYSTEM_ERROR\n"));
3963 if (val & EHCI_STATUS_FRAME_LIST_ROLLOVER)
3964 Log((" STATUS_FRAME_LIST_ROLLOVER\n"));
3965 if (val & EHCI_STATUS_PORT_CHANGE_DETECT)
3966 Log((" STATUS_PORT_CHANGE_DETECT\n"));
3967 if (val & EHCI_STATUS_ERROR_INT)
3968 Log((" STATUS_ERROR_INT\n"));
3969 if (val & EHCI_STATUS_THRESHOLD_INT)
3970 Log((" STATUS_THRESHOLD_INT\n"));
3971#endif
3972 if ( (val & ~EHCI_STATUS_INTERRUPT_MASK)
3973 && val != 0xffffffff /* ignore clear-all-like requests from xp. */)
3974 Log(("Unknown bits %#x are set!!!\n", val & ~EHCI_STATUS_INTERRUPT_MASK));
3975
3976 /* Some bits are read-only */
3977 val &= EHCI_STATUS_INTERRUPT_MASK;
3978
3979 /* "The Host Controller Driver may clear specific bits in this
3980 * register by writing '1' to bit positions to be cleared"
3981 */
3982 ASMAtomicAndU32(&pThis->intr_status, ~val);
3983 ehciUpdateInterruptLocked(pDevIns, pThis, "HcStatus_w");
3984
3985 PDMDevHlpCritSectLeave(pDevIns, &pThis->CsIrq);
3986 return VINF_SUCCESS;
3987}
3988
3989/**
3990 * Read the USBINTR register of the host controller.
3991 */
3992static VBOXSTRICTRC HcInterruptEnable_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
3993{
3994 RT_NOREF(pDevIns, iReg);
3995 *pu32Value = pThis->intr;
3996 return VINF_SUCCESS;
3997}
3998
3999/**
4000 * Write to the USBINTR register of the host controller.
4001 */
4002static VBOXSTRICTRC HcInterruptEnable_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
4003{
4004 RT_NOREF(iReg);
4005#ifdef LOG_ENABLED
4006 Log(("HcInterruptEnable_w -> new value %x\n", val));
4007 if (val & EHCI_INTR_ENABLE_THRESHOLD)
4008 Log((" INTR_ENABLE_THRESHOLD\n"));
4009 if (val & EHCI_INTR_ENABLE_ERROR)
4010 Log((" INTR_ENABLE_ERROR\n"));
4011 if (val & EHCI_INTR_ENABLE_PORT_CHANGE)
4012 Log((" INTR_ENABLE_PORT_CHANGE\n"));
4013 if (val & EHCI_INTR_ENABLE_FRAME_LIST_ROLLOVER)
4014 Log((" INTR_ENABLE_FRAME_LIST_ROLLOVER\n"));
4015 if (val & EHCI_INTR_ENABLE_HOST_SYSTEM_ERROR)
4016 Log((" INTR_ENABLE_HOST_SYSTEM_ERROR\n"));
4017 if (val & EHCI_INTR_ENABLE_ASYNC_ADVANCE)
4018 Log((" INTR_ENABLE_ASYNC_ADVANCE\n"));
4019 if (val & ~EHCI_INTR_ENABLE_MASK)
4020 Log((" Illegal bits set %x!!\n", val & ~EHCI_INTR_ENABLE_MASK));
4021#endif
4022 VBOXSTRICTRC rc = PDMDevHlpCritSectEnter(pDevIns, &pThis->CsIrq, VINF_IOM_R3_MMIO_WRITE);
4023 if (rc == VINF_SUCCESS)
4024 {
4025 pThis->intr = val & EHCI_INTR_ENABLE_MASK;
4026 ehciUpdateInterruptLocked(pDevIns, pThis, "HcInterruptEnable_w");
4027 PDMDevHlpCritSectLeave(pDevIns, &pThis->CsIrq);
4028 }
4029 return rc;
4030}
4031
4032/**
4033 * Read the FRINDEX register of the host controller.
4034 */
4035static VBOXSTRICTRC HcFrameIndex_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
4036{
4037 RT_NOREF(pDevIns, iReg);
4038 Log2Func(("current frame %x\n", pThis->frame_idx));
4039 *pu32Value = pThis->frame_idx;
4040 return VINF_SUCCESS;
4041}
4042
4043/**
4044 * Write to the FRINDEX register of the host controller.
4045 */
4046static VBOXSTRICTRC HcFrameIndex_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
4047{
4048 RT_NOREF(pDevIns, iReg);
4049 LogFunc(("pThis->frame_idx new index=%x\n", val));
4050 if (!(pThis->intr_status & EHCI_STATUS_HCHALTED))
4051 Log(("->>Updating the frame index while the controller is running!!!\n"));
4052
4053 ASMAtomicXchgU32(&pThis->frame_idx, val);
4054 return VINF_SUCCESS;
4055}
4056
4057/**
4058 * Read the CTRLDSSEGMENT register of the host controller.
4059 */
4060static VBOXSTRICTRC HcControlDSSeg_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
4061{
4062 RT_NOREF(pDevIns, iReg);
4063 if (pThis->hcc_params & EHCI_HCC_PARAMS_64BITS_ADDRESSING)
4064 *pu32Value = pThis->ds_segment;
4065 else
4066 *pu32Value = 0;
4067
4068 return VINF_SUCCESS;
4069}
4070
4071/**
4072 * Write to the CTRLDSSEGMENT register of the host controller.
4073 */
4074static VBOXSTRICTRC HcControlDSSeg_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
4075{
4076 RT_NOREF(pDevIns, iReg);
4077 LogFunc(("new base %x\n", val));
4078 if (pThis->hcc_params & EHCI_HCC_PARAMS_64BITS_ADDRESSING)
4079 ASMAtomicXchgU32(&pThis->ds_segment, val);
4080
4081 return VINF_SUCCESS;
4082}
4083
4084/**
4085 * Read the PERIODICLISTBASE register of the host controller.
4086 */
4087static VBOXSTRICTRC HcPeriodicListBase_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
4088{
4089 RT_NOREF(pDevIns, iReg);
4090 Log2Func(("current base %x\n", pThis->periodic_list_base));
4091 *pu32Value = pThis->periodic_list_base;
4092 return VINF_SUCCESS;
4093}
4094
4095/**
4096 * Write to the PERIODICLISTBASE register of the host controller.
4097 */
4098static VBOXSTRICTRC HcPeriodicListBase_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
4099{
4100 RT_NOREF(pDevIns, iReg);
4101 LogFunc(("new base %x\n", val));
4102 if (val & ~EHCI_PERIODIC_LIST_MASK)
4103 Log(("->> Base not aligned on a 4kb boundary!!!!\n"));
4104 if ( !(pThis->intr_status & EHCI_STATUS_HCHALTED)
4105 && (pThis->cmd & EHCI_CMD_PERIODIC_SCHED_ENABLE))
4106 Log(("->>Updating the periodic list base while the controller is running!!!\n"));
4107
4108 ASMAtomicXchgU32(&pThis->periodic_list_base, val & EHCI_PERIODIC_LIST_MASK);
4109 return VINF_SUCCESS;
4110}
4111
4112/**
4113 * Read the ASYNCLISTADDR register of the host controller.
4114 */
4115static VBOXSTRICTRC HcAsyncListAddr_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
4116{
4117 RT_NOREF(pDevIns, iReg);
4118 Log2Func(("current base %x\n", pThis->async_list_base));
4119 *pu32Value = pThis->async_list_base;
4120 return VINF_SUCCESS;
4121}
4122
4123/**
4124 * Write to the ASYNCLISTADDR register of the host controller.
4125 */
4126static VBOXSTRICTRC HcAsyncListAddr_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
4127{
4128 RT_NOREF(pDevIns, iReg);
4129 LogFunc(("new address %x\n", val));
4130 if (val & ~EHCI_ASYNC_LIST_MASK)
4131 Log(("->> Base not aligned on a 32-byte boundary!!!!\n"));
4132 if ( !(pThis->intr_status & EHCI_STATUS_HCHALTED)
4133 && (pThis->cmd & EHCI_CMD_ASYNC_SCHED_ENABLE))
4134 Log(("->>Updating the asynchronous list address while the controller is running!!!\n"));
4135
4136 ASMAtomicXchgU32(&pThis->async_list_base, val & EHCI_ASYNC_LIST_MASK);
4137 return VINF_SUCCESS;
4138}
4139
4140/**
4141 * Read the CONFIGFLAG register of the host controller.
4142 */
4143static VBOXSTRICTRC HcConfigFlag_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
4144{
4145 RT_NOREF(pDevIns, iReg);
4146 Log2Func(("current config=%x\n", pThis->config));
4147 *pu32Value = pThis->config;
4148 return VINF_SUCCESS;
4149}
4150
4151/**
4152 * Write to the CONFIGFLAG register of the host controller.
4153 */
4154static VBOXSTRICTRC HcConfigFlag_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
4155{
4156 RT_NOREF(pDevIns, iReg);
4157 LogFunc(("new configuration routing %x\n", val & EHCI_CONFIGFLAG_ROUTING));
4158 pThis->config = val & EHCI_CONFIGFLAG_MASK;
4159 return VINF_SUCCESS;
4160}
4161
4162/**
4163 * Read the PORTSC register of a port
4164 */
4165static VBOXSTRICTRC HcPortStatusCtrl_r(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t *pu32Value)
4166{
4167 const unsigned i = iReg - 1;
4168 PEHCIHUBPORT p = &pThis->RootHub.aPorts[i];
4169 RT_NOREF(pDevIns);
4170
4171 Assert(!(pThis->hcs_params & EHCI_HCS_PARAMS_PORT_POWER_CONTROL));
4172
4173 if (p->fReg & EHCI_PORT_RESET)
4174 {
4175#ifdef IN_RING3
4176 Log2Func(("port %u: Impatient guest!\n", i));
4177 RTThreadYield();
4178#else
4179 Log2Func(("yield -> VINF_IOM_R3_MMIO_READ\n"));
4180 return VINF_IOM_R3_MMIO_READ;
4181#endif
4182 }
4183
4184 *pu32Value = p->fReg;
4185 return VINF_SUCCESS;
4186}
4187
4188/**
4189 * Write to the PORTSC register of a port
4190 */
4191static VBOXSTRICTRC HcPortStatusCtrl_w(PPDMDEVINS pDevIns, PEHCI pThis, uint32_t iReg, uint32_t val)
4192{
4193 const unsigned i = iReg - 1;
4194 PEHCIHUBPORT pPort = &pThis->RootHub.aPorts[i];
4195
4196 if ( pPort->fReg == val
4197 && !(val & EHCI_PORT_CHANGE_MASK))
4198 return VINF_SUCCESS;
4199
4200#ifdef IN_RING3
4201 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
4202
4203 LogFunc(("port %d: old=%x new=%x\n", i, pPort->fReg, val));
4204 Assert(!(pThis->hcs_params & EHCI_HCS_PARAMS_PORT_POWER_CONTROL));
4205 Assert(pPort->fReg & EHCI_PORT_POWER);
4206
4207 if (val & EHCI_PORT_RESERVED)
4208 Log(("Invalid bits set %x!!!\n", val & EHCI_PORT_RESERVED));
4209
4210 /* Write to clear any of the change bits: EHCI_PORT_CONNECT_CHANGE, EHCI_PORT_PORT_CHANGE and EHCI_PORT_OVER_CURRENT_CHANGE */
4211 if (val & EHCI_PORT_CHANGE_MASK)
4212 {
4213 ASMAtomicAndU32(&pPort->fReg, ~(val & EHCI_PORT_CHANGE_MASK));
4214 /* XP seems to need this after device detach */
4215 if (!(pPort->fReg & EHCI_PORT_CURRENT_CONNECT))
4216 ASMAtomicAndU32(&pPort->fReg, ~EHCI_PORT_CONNECT_CHANGE);
4217 }
4218
4219 /* Writing the Port Enable/Disable bit as 1 has no effect; software cannot enable
4220 * the port that way. Writing the bit as zero does disable the port, but does not
4221 * set the corresponding 'changed' bit or trigger an interrupt.
4222 */
4223 if (!(val & EHCI_PORT_PORT_ENABLED) && (pPort->fReg & EHCI_PORT_PORT_ENABLED))
4224 {
4225 ASMAtomicAndU32(&pPort->fReg, ~EHCI_PORT_PORT_ENABLED);
4226 LogFunc(("port %u: DISABLE\n", i));
4227 }
4228
4229 if (val & EHCI_PORT_SUSPEND)
4230 LogFunc(("port %u: SUSPEND - not implemented correctly!!!\n", i));
4231
4232 if (val & EHCI_PORT_RESET)
4233 {
4234 Log2Func(("Reset port\n"));
4235 if ( ehciR3RhPortSetIfConnected(&pThis->RootHub, i, val & EHCI_PORT_RESET) )
4236 {
4237 PVM pVM = PDMDevHlpGetVM(pDevIns);
4238 VUSBIRhDevReset(pThisCC->RootHub.pIRhConn, EHCI_PORT_2_VUSB_PORT(i), false /* don't reset on linux */, NULL /* sync */, pThis, pVM);
4239 ehciR3PortResetDone(pThis, pThisCC, EHCI_PORT_2_VUSB_PORT(i), VINF_SUCCESS);
4240 }
4241 else if (pPort->fReg & EHCI_PORT_RESET)
4242 {
4243 /* the guest is getting impatient. */
4244 Log2Func(("port %u: Impatient guest!\n", i));
4245 RTThreadYield();
4246 }
4247 }
4248
4249 /* EHCI_PORT_POWER ignored as we don't support this in HCS_PARAMS */
4250 /* EHCI_PORT_INDICATOR ignored as we don't support this in HCS_PARAMS */
4251 /* EHCI_PORT_TEST_CONTROL_MASK ignored */
4252 ASMAtomicAndU32(&pPort->fReg, ~EHCI_PORT_WAKE_MASK);
4253 ASMAtomicOrU32(&pPort->fReg, (val & EHCI_PORT_WAKE_MASK));
4254 return VINF_SUCCESS;
4255
4256#else /* !IN_RING3 */
4257 RT_NOREF(pDevIns);
4258 return VINF_IOM_R3_MMIO_WRITE;
4259#endif /* !IN_RING3 */
4260}
4261
4262/**
4263 * Register descriptor table
4264 */
4265static const EHCIOPREG g_aOpRegs[] =
4266{
4267 {"HcCommand" , HcCommand_r, HcCommand_w},
4268 {"HcStatus", HcStatus_r, HcStatus_w},
4269 {"HcInterruptEnable", HcInterruptEnable_r, HcInterruptEnable_w},
4270 {"HcFrameIndex", HcFrameIndex_r, HcFrameIndex_w},
4271 {"HcControlDSSeg", HcControlDSSeg_r, HcControlDSSeg_w},
4272 {"HcPeriodicListBase", HcPeriodicListBase_r, HcPeriodicListBase_w},
4273 {"HcAsyncListAddr", HcAsyncListAddr_r, HcAsyncListAddr_w}
4274};
4275
4276/**
4277 * Register descriptor table 2
4278 * (Starting at offset 0x40)
4279 */
4280static const EHCIOPREG g_aOpRegs2[] =
4281{
4282 {"HcConfigFlag", HcConfigFlag_r, HcConfigFlag_w},
4283
4284 /* The number of port status register depends on the definition
4285 * of EHCI_NDP_MAX macro
4286 */
4287 {"HcPortStatusCtrl[0]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4288 {"HcPortStatusCtrl[1]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4289 {"HcPortStatusCtrl[2]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4290 {"HcPortStatusCtrl[3]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4291 {"HcPortStatusCtrl[4]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4292 {"HcPortStatusCtrl[5]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4293 {"HcPortStatusCtrl[6]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4294 {"HcPortStatusCtrl[7]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4295 {"HcPortStatusCtrl[8]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4296 {"HcPortStatusCtrl[9]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4297 {"HcPortStatusCtrl[10]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4298 {"HcPortStatusCtrl[11]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4299 {"HcPortStatusCtrl[12]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4300 {"HcPortStatusCtrl[13]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4301 {"HcPortStatusCtrl[14]", HcPortStatusCtrl_r, HcPortStatusCtrl_w},
4302};
4303
4304/* Quick way to determine how many op regs are valid. Since at least one port must
4305 * be configured (and no more than 15), there will be between 2 and 16 registers.
4306 */
4307#define NUM_OP_REGS2(pehci) (1 + EHCI_NDP_CFG(pehci))
4308
4309AssertCompile(RT_ELEMENTS(g_aOpRegs2) > 1);
4310AssertCompile(RT_ELEMENTS(g_aOpRegs2) <= 16);
4311
4312
4313/**
4314 * @callback_method_impl{FNIOMMMIONEWWRITE, Write to a MMIO register. }
4315 *
4316 * @note We only accept 32-bit reads that are 32-bit aligned.
4317 */
4318static DECLCALLBACK(VBOXSTRICTRC) ehciMmioRead(PPDMDEVINS pDevIns, void *pvUser, RTGCPHYS off, void *pv, unsigned cb)
4319{
4320 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4321 RT_NOREF(pvUser);
4322
4323 Log2Func(("%RGp size=%d\n", off, cb));
4324
4325 if (off < EHCI_CAPS_REG_SIZE)
4326 {
4327 switch (off)
4328 {
4329 case 0x0: /* CAPLENGTH */
4330 /* read CAPLENGTH + HCIVERSION in one go */
4331 if (cb == 4)
4332 {
4333 *(uint32_t *)pv = (pThis->hci_version << 16) | pThis->cap_length;
4334 return VINF_SUCCESS;
4335 }
4336
4337 AssertReturn(cb == 1, VINF_IOM_MMIO_UNUSED_FF);
4338 *(uint8_t *)pv = pThis->cap_length;
4339 break;
4340
4341 case 0x2: /* HCIVERSION */
4342 AssertReturn(cb == 2, VINF_IOM_MMIO_UNUSED_FF);
4343 *(uint16_t *)pv = pThis->hci_version;
4344 break;
4345
4346 case 0x4: /* HCSPARAMS (structural) */
4347 AssertReturn(cb == 4, VINF_IOM_MMIO_UNUSED_FF);
4348 *(uint32_t *)pv = pThis->hcs_params;
4349 break;
4350
4351 case 0x8: /* HCCPARAMS (caps) */
4352 AssertReturn(cb == 4, VINF_IOM_MMIO_UNUSED_FF);
4353 *(uint32_t *)pv = pThis->hcc_params;
4354 break;
4355
4356 case 0x9: /* one byte HCIPARAMS read (XP; EHCI extended capability offset) */
4357 AssertReturn(cb == 1, VINF_IOM_MMIO_UNUSED_FF);
4358 *(uint8_t *)pv = (uint8_t)(pThis->hcc_params >> 8);
4359 break;
4360
4361 case 0xC: /* HCSP-PORTROUTE (60 bits) */
4362 case 0x10:
4363 AssertReturn(cb == 4, VINF_IOM_MMIO_UNUSED_FF);
4364 *(uint32_t *)pv = 0;
4365 break;
4366
4367 default:
4368 LogFunc(("Trying to read register %#x!!!\n", off));
4369 return VINF_IOM_MMIO_UNUSED_FF;
4370 }
4371 Log2Func(("%RGp size=%d -> val=%x\n", off, cb, *(uint32_t *)pv));
4372 return VINF_SUCCESS;
4373 }
4374
4375 /*
4376 * Validate the access.
4377 */
4378 if (cb != sizeof(uint32_t))
4379 {
4380 Log2Func(("Bad read size!!! off=%RGp cb=%d\n", off, cb));
4381 return VINF_IOM_MMIO_UNUSED_FF; /* No idea what really would happen... */
4382 }
4383 if (off & 0x3)
4384 {
4385 Log2Func(("Unaligned read!!! off=%RGp cb=%d\n", off, cb));
4386 return VINF_IOM_MMIO_UNUSED_FF;
4387 }
4388
4389 /*
4390 * Validate the register and call the read operator.
4391 */
4392 VBOXSTRICTRC rc;
4393 uint32_t iReg = (off - pThis->cap_length) >> 2;
4394 if (iReg < RT_ELEMENTS(g_aOpRegs))
4395 {
4396 const EHCIOPREG *pReg = &g_aOpRegs[iReg];
4397 rc = pReg->pfnRead(pDevIns, pThis, iReg, (uint32_t *)pv);
4398 Log2Func(("%RGp size=%d -> val=%x (rc=%d)\n", off, cb, *(uint32_t *)pv, VBOXSTRICTRC_VAL(rc)));
4399 }
4400 else if (iReg >= 0x10) /* 0x40 */
4401 {
4402 iReg -= 0x10;
4403 if (iReg < NUM_OP_REGS2(pThis))
4404 {
4405 const EHCIOPREG *pReg = &g_aOpRegs2[iReg];
4406 rc = pReg->pfnRead(pDevIns, pThis, iReg, (uint32_t *)pv);
4407 Log2Func(("%RGp size=%d -> val=%x (rc=%d)*\n", off, cb, *(uint32_t *)pv, VBOXSTRICTRC_VAL(rc)));
4408 }
4409 else
4410 {
4411 LogFunc(("Trying to read register %u/%u!!!\n", iReg, NUM_OP_REGS2(pThis)));
4412 rc = VINF_IOM_MMIO_UNUSED_FF;
4413 }
4414 }
4415 else
4416 {
4417 LogFunc(("Trying to read register %u/%u (2)!!!\n", iReg, RT_ELEMENTS(g_aOpRegs)));
4418 rc = VINF_IOM_MMIO_UNUSED_FF;
4419 }
4420 return rc;
4421}
4422
4423
4424/**
4425 * @callback_method_impl{FNIOMMMIONEWWRITE, Write to a MMIO register. }
4426 *
4427 * @note We only accept 32-bit writes that are 32-bit aligned.
4428 */
4429static DECLCALLBACK(VBOXSTRICTRC) ehciMmioWrite(PPDMDEVINS pDevIns, void *pvUser, RTGCPHYS off, void const *pv, unsigned cb)
4430{
4431 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4432 RT_NOREF(pvUser);
4433
4434 Log2Func(("%RGp %x size=%d\n", off, *(uint32_t *)pv, cb));
4435
4436 if (off < EHCI_CAPS_REG_SIZE)
4437 {
4438 /* These are read-only */
4439 LogFunc(("Trying to write to register %#x!!!\n", off));
4440 return VINF_SUCCESS;
4441 }
4442
4443 /*
4444 * Validate the access.
4445 */
4446 if (cb != sizeof(uint32_t))
4447 {
4448 Log2Func(("Bad write size!!! off=%RGp cb=%d\n", off, cb));
4449 return VINF_SUCCESS;
4450 }
4451 if (off & 0x3)
4452 {
4453 Log2Func(("Unaligned write!!! off=%RGp cb=%d\n", off, cb));
4454 return VINF_SUCCESS;
4455 }
4456
4457 /*
4458 * Validate the register and call the read operator.
4459 */
4460 VBOXSTRICTRC rc;
4461 uint32_t iReg = (off - pThis->cap_length) >> 2;
4462 if (iReg < RT_ELEMENTS(g_aOpRegs))
4463 {
4464 const EHCIOPREG *pReg = &g_aOpRegs[iReg];
4465 rc = pReg->pfnWrite(pDevIns, pThis, iReg, *(uint32_t *)pv);
4466 }
4467 else if (iReg >= 0x10) /* 0x40 */
4468 {
4469 iReg -= 0x10;
4470 if (iReg < NUM_OP_REGS2(pThis))
4471 {
4472 const EHCIOPREG *pReg = &g_aOpRegs2[iReg];
4473 rc = pReg->pfnWrite(pDevIns, pThis, iReg, *(uint32_t *)pv);
4474 }
4475 else
4476 {
4477 LogFunc(("Trying to write to register %u/%u!!!\n", iReg, NUM_OP_REGS2(pThis)));
4478 rc = VINF_SUCCESS; /* ignore the invalid write */
4479 }
4480 }
4481 else
4482 {
4483 LogFunc(("Trying to write to register %u/%u!!! (2)\n", iReg, RT_ELEMENTS(g_aOpRegs)));
4484 rc = VINF_SUCCESS; /* ignore the invalid write */
4485 }
4486 return rc;
4487}
4488
4489#ifdef IN_RING3
4490
4491/**
4492 * @callback_method_impl{FNSSMDEVSAVEEXEC}
4493 */
4494static DECLCALLBACK(int) ehciR3SaveExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM)
4495{
4496 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4497 LogFlowFunc(("\n"));
4498 return pDevIns->pHlpR3->pfnSSMPutStructEx(pSSM, pThis, sizeof(*pThis), 0 /*fFlags*/, &g_aEhciFields[0], NULL);
4499}
4500
4501
4502/**
4503 * @callback_method_impl{FNSSMDEVLOADEXEC}
4504 */
4505static DECLCALLBACK(int) ehciLoadExec(PPDMDEVINS pDevIns, PSSMHANDLE pSSM, uint32_t uVersion, uint32_t uPass)
4506{
4507 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4508 PCPDMDEVHLPR3 pHlp = pDevIns->pHlpR3;
4509 int rc;
4510 LogFlowFunc(("\n"));
4511 Assert(uPass == SSM_PASS_FINAL); NOREF(uPass);
4512
4513 if (uVersion == EHCI_SAVED_STATE_VERSION)
4514 {
4515 rc = pHlp->pfnSSMGetStructEx(pSSM, pThis, sizeof(*pThis), 0 /*fFlags*/, &g_aEhciFields[0], NULL);
4516 if (RT_FAILURE(rc))
4517 return rc;
4518 }
4519 else if (uVersion == EHCI_SAVED_STATE_VERSION_PRE_TIMER_REMOVAL)
4520 {
4521 static SSMFIELD const g_aEhciFieldsPreTimerRemoval[] =
4522 {
4523 SSMFIELD_ENTRY( EHCI, fAsyncTraversalTimerActive),
4524 SSMFIELD_ENTRY( EHCI, SofTime),
4525 SSMFIELD_ENTRY( EHCI, RootHub.unused),
4526 SSMFIELD_ENTRY( EHCI, RootHub.unused),
4527 SSMFIELD_ENTRY( EHCI, RootHub.unused),
4528 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[0].fReg),
4529 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[1].fReg),
4530 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[2].fReg),
4531 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[3].fReg),
4532 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[4].fReg),
4533 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[5].fReg),
4534 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[6].fReg),
4535 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[7].fReg),
4536 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[8].fReg),
4537 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[9].fReg),
4538 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[10].fReg),
4539 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[11].fReg),
4540 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[12].fReg),
4541 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[13].fReg),
4542 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[14].fReg),
4543 SSMFIELD_ENTRY( EHCI, cap_length),
4544 SSMFIELD_ENTRY( EHCI, hci_version),
4545 SSMFIELD_ENTRY( EHCI, hcs_params),
4546 SSMFIELD_ENTRY( EHCI, hcc_params),
4547 SSMFIELD_ENTRY( EHCI, cmd),
4548 SSMFIELD_ENTRY( EHCI, intr_status),
4549 SSMFIELD_ENTRY( EHCI, intr),
4550 SSMFIELD_ENTRY( EHCI, frame_idx),
4551 SSMFIELD_ENTRY( EHCI, ds_segment),
4552 SSMFIELD_ENTRY( EHCI, periodic_list_base),
4553 SSMFIELD_ENTRY( EHCI, async_list_base),
4554 SSMFIELD_ENTRY( EHCI, config),
4555 SSMFIELD_ENTRY( EHCI, uIrqInterval),
4556 SSMFIELD_ENTRY( EHCI, HcFmNumber),
4557 SSMFIELD_ENTRY( EHCI, uFramesPerTimerCall),
4558 SSMFIELD_ENTRY_TERM()
4559 };
4560
4561 rc = pHlp->pfnSSMGetStructEx(pSSM, pThis, sizeof(*pThis), 0 /*fFlags*/, &g_aEhciFieldsPreTimerRemoval[0], NULL);
4562 if (RT_FAILURE(rc))
4563 return rc;
4564 AssertReturn(EHCI_NDP_CFG(pThis) <= EHCI_NDP_MAX, VERR_SSM_DATA_UNIT_FORMAT_CHANGED);
4565 }
4566 else if (uVersion == EHCI_SAVED_STATE_VERSION_8PORTS)
4567 {
4568 static SSMFIELD const s_aEhciFields8Ports[] =
4569 {
4570 SSMFIELD_ENTRY( EHCI, fAsyncTraversalTimerActive),
4571 SSMFIELD_ENTRY( EHCI, SofTime),
4572 SSMFIELD_ENTRY( EHCI, RootHub.unused),
4573 SSMFIELD_ENTRY( EHCI, RootHub.unused),
4574 SSMFIELD_ENTRY( EHCI, RootHub.unused),
4575 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[0].fReg),
4576 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[1].fReg),
4577 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[2].fReg),
4578 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[3].fReg),
4579 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[4].fReg),
4580 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[5].fReg),
4581 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[6].fReg),
4582 SSMFIELD_ENTRY( EHCI, RootHub.aPorts[7].fReg),
4583 SSMFIELD_ENTRY( EHCI, cap_length),
4584 SSMFIELD_ENTRY( EHCI, hci_version),
4585 SSMFIELD_ENTRY( EHCI, hcs_params),
4586 SSMFIELD_ENTRY( EHCI, hcc_params),
4587 SSMFIELD_ENTRY( EHCI, cmd),
4588 SSMFIELD_ENTRY( EHCI, intr_status),
4589 SSMFIELD_ENTRY( EHCI, intr),
4590 SSMFIELD_ENTRY( EHCI, frame_idx),
4591 SSMFIELD_ENTRY( EHCI, ds_segment),
4592 SSMFIELD_ENTRY( EHCI, periodic_list_base),
4593 SSMFIELD_ENTRY( EHCI, async_list_base),
4594 SSMFIELD_ENTRY( EHCI, config),
4595 SSMFIELD_ENTRY( EHCI, uIrqInterval),
4596 SSMFIELD_ENTRY( EHCI, HcFmNumber),
4597 SSMFIELD_ENTRY( EHCI, uFramesPerTimerCall),
4598 SSMFIELD_ENTRY_TERM()
4599 };
4600
4601 rc = pHlp->pfnSSMGetStructEx(pSSM, pThis, sizeof(*pThis), 0 /*fFlags*/, &s_aEhciFields8Ports[0], NULL);
4602 if (RT_FAILURE(rc))
4603 return rc;
4604 AssertReturn(EHCI_NDP_CFG(pThis) == 8, VERR_SSM_DATA_UNIT_FORMAT_CHANGED);
4605 }
4606 else
4607 return VERR_SSM_UNSUPPORTED_DATA_UNIT_VERSION;
4608
4609 /*
4610 * The EOF timer changed from one to two in version 4 of the saved state,
4611 * then was dropped entirely in version 7.
4612 *
4613 * Note! Looks like someone remove the code that dealt with versions 1 thru 4,
4614 * without adjust the above comment.
4615 */
4616 if (uVersion == EHCI_SAVED_STATE_VERSION_PRE_TIMER_REMOVAL)
4617 {
4618 bool fActive1 = false;
4619 pHlp->pfnTimerSkipLoad(pSSM, &fActive1);
4620 bool fActive2 = false;
4621 pHlp->pfnTimerSkipLoad(pSSM, &fActive2);
4622 bool fNoSync = false;
4623 rc = pHlp->pfnSSMGetBool(pSSM, &fNoSync);
4624 if ( RT_SUCCESS(rc)
4625 && (fActive1 || fActive2))
4626 pThis->fBusStarted = true;
4627 else
4628 pThis->fBusStarted = false;
4629 }
4630 return rc;
4631}
4632
4633
4634/**
4635 * @callback_method_impl{FNDBGFHANDLERDEV, Dumps EHCI control registers.}
4636 */
4637static DECLCALLBACK(void) ehciR3InfoRegs(PPDMDEVINS pDevIns, PCDBGFINFOHLP pHlp, const char *pszArgs)
4638{
4639 RT_NOREF(pszArgs);
4640 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4641 unsigned uPort;
4642
4643 /* Command register */
4644 pHlp->pfnPrintf(pHlp, "USBCMD: %x\n", pThis->cmd);
4645 if (pThis->cmd & EHCI_CMD_RUN)
4646 pHlp->pfnPrintf(pHlp, " CMD_RUN\n");
4647 if (pThis->cmd & EHCI_CMD_RESET)
4648 pHlp->pfnPrintf(pHlp, " CMD_RESET\n");
4649 if (pThis->cmd & EHCI_CMD_PERIODIC_SCHED_ENABLE)
4650 pHlp->pfnPrintf(pHlp, " CMD_PERIODIC_SCHED_ENABLE\n");
4651 if (pThis->cmd & EHCI_CMD_ASYNC_SCHED_ENABLE)
4652 pHlp->pfnPrintf(pHlp, " CMD_ASYNC_SCHED_ENABLE\n");
4653 if (pThis->cmd & EHCI_CMD_INT_ON_ADVANCE_DOORBELL)
4654 pHlp->pfnPrintf(pHlp, " CMD_INT_ON_ADVANCE_DOORBELL\n");
4655 if (pThis->cmd & EHCI_CMD_SOFT_RESET)
4656 pHlp->pfnPrintf(pHlp, " CMD_SOFT_RESET\n");
4657 if (pThis->cmd & EHCI_CMD_ASYNC_SCHED_PARK_ENABLE)
4658 pHlp->pfnPrintf(pHlp, " CMD_ASYNC_SCHED_PARK_ENABLE\n");
4659
4660 pHlp->pfnPrintf(pHlp, " CMD_FRAME_LIST_SIZE %d\n", (pThis->cmd & EHCI_CMD_FRAME_LIST_SIZE_MASK) >> EHCI_CMD_FRAME_LIST_SIZE_SHIFT);
4661 pHlp->pfnPrintf(pHlp, " CMD_ASYNC_SCHED_PARK_MODE_COUNT %d\n", (pThis->cmd & EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_MASK) >> EHCI_CMD_ASYNC_SCHED_PARK_MODE_COUNT_SHIFT);
4662 pHlp->pfnPrintf(pHlp, " CMD_INTERRUPT_THRESHOLD %d\n", (pThis->cmd & EHCI_CMD_INTERRUPT_THRESHOLD_MASK) >> EHCI_CMD_INTERRUPT_THRESHOLD_SHIFT);
4663
4664 /* Status register */
4665 pHlp->pfnPrintf(pHlp, "USBSTS: %x\n", pThis->intr_status);
4666 if (pThis->intr_status & EHCI_STATUS_ASYNC_SCHED)
4667 pHlp->pfnPrintf(pHlp, " STATUS_ASYNC_SCHED\n");
4668 if (pThis->intr_status & EHCI_STATUS_PERIOD_SCHED)
4669 pHlp->pfnPrintf(pHlp, " STATUS_PERIOD_SCHED\n");
4670 if (pThis->intr_status & EHCI_STATUS_RECLAMATION)
4671 pHlp->pfnPrintf(pHlp, " STATUS_RECLAMATION\n");
4672 if (pThis->intr_status & EHCI_STATUS_HCHALTED)
4673 pHlp->pfnPrintf(pHlp, " STATUS_HCHALTED\n");
4674 if (pThis->intr_status & EHCI_STATUS_INT_ON_ASYNC_ADV)
4675 pHlp->pfnPrintf(pHlp, " STATUS_INT_ON_ASYNC_ADV\n");
4676 if (pThis->intr_status & EHCI_STATUS_HOST_SYSTEM_ERROR)
4677 pHlp->pfnPrintf(pHlp, " STATUS_HOST_SYSTEM_ERROR\n");
4678 if (pThis->intr_status & EHCI_STATUS_FRAME_LIST_ROLLOVER)
4679 pHlp->pfnPrintf(pHlp, " STATUS_FRAME_LIST_ROLLOVER\n");
4680 if (pThis->intr_status & EHCI_STATUS_PORT_CHANGE_DETECT)
4681 pHlp->pfnPrintf(pHlp, " STATUS_PORT_CHANGE_DETECT\n");
4682 if (pThis->intr_status & EHCI_STATUS_ERROR_INT)
4683 pHlp->pfnPrintf(pHlp, " STATUS_ERROR_INT\n");
4684 if (pThis->intr_status & EHCI_STATUS_THRESHOLD_INT)
4685 pHlp->pfnPrintf(pHlp, " STATUS_THRESHOLD_INT\n");
4686
4687 /* Interrupt enable register */
4688 pHlp->pfnPrintf(pHlp, "USBINTR: %x\n", pThis->intr);
4689 if (pThis->intr & EHCI_INTR_ENABLE_THRESHOLD)
4690 pHlp->pfnPrintf(pHlp, " INTR_ENABLE_THRESHOLD\n");
4691 if (pThis->intr & EHCI_INTR_ENABLE_ERROR)
4692 pHlp->pfnPrintf(pHlp, " INTR_ENABLE_ERROR\n");
4693 if (pThis->intr & EHCI_INTR_ENABLE_PORT_CHANGE)
4694 pHlp->pfnPrintf(pHlp, " INTR_ENABLE_PORT_CHANGE\n");
4695 if (pThis->intr & EHCI_INTR_ENABLE_FRAME_LIST_ROLLOVER)
4696 pHlp->pfnPrintf(pHlp, " INTR_ENABLE_FRAME_LIST_ROLLOVER\n");
4697 if (pThis->intr & EHCI_INTR_ENABLE_HOST_SYSTEM_ERROR)
4698 pHlp->pfnPrintf(pHlp, " INTR_ENABLE_HOST_SYSTEM_ERROR\n");
4699 if (pThis->intr & EHCI_INTR_ENABLE_ASYNC_ADVANCE)
4700 pHlp->pfnPrintf(pHlp, " INTR_ENABLE_ASYNC_ADVANCE\n");
4701 if (pThis->intr & ~EHCI_INTR_ENABLE_MASK)
4702 pHlp->pfnPrintf(pHlp, " Illegal bits set %x!!\n", pThis->intr & ~EHCI_INTR_ENABLE_MASK);
4703
4704 /* Frame index register */
4705 pHlp->pfnPrintf(pHlp, "FRINDEX: %x\n", pThis->frame_idx);
4706
4707 /* Control data structure segment */
4708 pHlp->pfnPrintf(pHlp, "CTRLDSSEGMENT: %RX32\n", pThis->ds_segment);
4709
4710 /* Periodic frame list base address register */
4711 pHlp->pfnPrintf(pHlp, "PERIODICLISTBASE: %RX32\n", pThis->periodic_list_base);
4712
4713 /* Current asynchronous list address register */
4714 pHlp->pfnPrintf(pHlp, "ASYNCLISTADDR: %RX32\n", pThis->async_list_base);
4715
4716 pHlp->pfnPrintf(pHlp, "\n");
4717
4718 for (uPort = 0; uPort < EHCI_NDP_CFG(pThis); ++uPort)
4719 {
4720 PEHCIHUBPORT pPort = &pThis->RootHub.aPorts[uPort];
4721 pHlp->pfnPrintf(pHlp, "PORTSC for port %u:\n", uPort);
4722 if (pPort->fReg & EHCI_PORT_CURRENT_CONNECT)
4723 pHlp->pfnPrintf(pHlp, " PORT_CURRENT_CONNECT\n");
4724 if (pPort->fReg & EHCI_PORT_CONNECT_CHANGE)
4725 pHlp->pfnPrintf(pHlp, " PORT_CONNECT_CHANGE\n");
4726 if (pPort->fReg & EHCI_PORT_PORT_ENABLED)
4727 pHlp->pfnPrintf(pHlp, " PORT_PORT_ENABLED\n");
4728 if (pPort->fReg & EHCI_PORT_PORT_CHANGE)
4729 pHlp->pfnPrintf(pHlp, " PORT_PORT_CHANGE\n");
4730 if (pPort->fReg & EHCI_PORT_OVER_CURRENT_ACTIVE)
4731 pHlp->pfnPrintf(pHlp, " PORT_OVER_CURRENT_ACTIVE\n");
4732 if (pPort->fReg & EHCI_PORT_OVER_CURRENT_CHANGE)
4733 pHlp->pfnPrintf(pHlp, " PORT_OVER_CURRENT_CHANGE\n");
4734 if (pPort->fReg & EHCI_PORT_FORCE_PORT_RESUME)
4735 pHlp->pfnPrintf(pHlp, " PORT_FORCE_PORT_RESUME\n");
4736 if (pPort->fReg & EHCI_PORT_SUSPEND)
4737 pHlp->pfnPrintf(pHlp, " PORT_SUSPEND\n");
4738 if (pPort->fReg & EHCI_PORT_RESET)
4739 pHlp->pfnPrintf(pHlp, " PORT_RESET\n");
4740 pHlp->pfnPrintf(pHlp, " LINE_STATUS: ");
4741 switch ((pPort->fReg & EHCI_PORT_LINE_STATUS_MASK) >> EHCI_PORT_LINE_STATUS_SHIFT)
4742 {
4743 case 0:
4744 pHlp->pfnPrintf(pHlp, " SE0 (0), not low-speed\n");
4745 break;
4746 case 1:
4747 pHlp->pfnPrintf(pHlp, " K-state (1), low-speed device\n");
4748 break;
4749 case 2:
4750 pHlp->pfnPrintf(pHlp, " J-state (2), not low-speed\n");
4751 break;
4752 default:
4753 case 3:
4754 pHlp->pfnPrintf(pHlp, " Undefined (3)\n");
4755 break;
4756 }
4757 if (pPort->fReg & EHCI_PORT_POWER)
4758 pHlp->pfnPrintf(pHlp, " PORT_POWER\n");
4759 if (pPort->fReg & EHCI_PORT_OWNER)
4760 pHlp->pfnPrintf(pHlp, " PORT_OWNER (1 = owned by companion HC)\n");
4761 if (pPort->fReg & EHCI_PORT_WAKE_ON_CONNECT_ENABLE)
4762 pHlp->pfnPrintf(pHlp, " PORT_WAKE_ON_CONNECT_ENABLE\n");
4763 if (pPort->fReg & EHCI_PORT_WAKE_ON_DISCONNECT_ENABLE)
4764 pHlp->pfnPrintf(pHlp, " PORT_WAKE_ON_DISCONNECT_ENABLE\n");
4765 if (pPort->fReg & EHCI_PORT_WAKE_OVER_CURRENT_ENABLE)
4766 pHlp->pfnPrintf(pHlp, " PORT_WAKE_OVER_CURRENT_ENABLE\n");
4767 }
4768}
4769
4770
4771/**
4772 * @interface_method_impl{PDMDEVREG,pfnReset}
4773 */
4774static DECLCALLBACK(void) ehciR3Reset(PPDMDEVINS pDevIns)
4775{
4776 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4777 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
4778 LogFlowFunc(("\n"));
4779
4780 /*
4781 * There is no distinction between cold boot, warm reboot and software reboots,
4782 * all of these are treated as cold boots. We are also doing the initialization
4783 * job of a BIOS or SMM driver.
4784 *
4785 * Important: Don't confuse UsbReset with hardware reset. Hardware reset is
4786 * just one way of getting into the UsbReset state.
4787 */
4788 ehciR3BusStop(pThis, pThisCC);
4789 ehciR3DoReset(pDevIns, pThis, pThisCC, EHCI_USB_RESET, true /* reset devices */);
4790}
4791
4792
4793/**
4794 * Reset notification.
4795 *
4796 * @returns VBox status code.
4797 * @param pDevIns The device instance data.
4798 */
4799static DECLCALLBACK(void) ehciR3Resume(PPDMDEVINS pDevIns)
4800{
4801 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4802 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
4803 LogFlowFunc(("\n"));
4804
4805 /* Restart the frame thread if the timer is active. */
4806 if (pThis->fBusStarted)
4807 {
4808 LogFlowFunc(("Bus was active, restart frame thread\n"));
4809 RTSemEventMultiSignal(pThisCC->hSemEventFrame);
4810 }
4811}
4812
4813
4814/**
4815 * @interface_method_impl{PDMDEVREG,pfnDestruct}
4816 */
4817static DECLCALLBACK(int) ehciR3Destruct(PPDMDEVINS pDevIns)
4818{
4819 PDMDEV_CHECK_VERSIONS_RETURN_QUIET(pDevIns);
4820 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4821 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
4822 LogFlowFunc(("\n"));
4823
4824 if (pThisCC->hSemEventFrame != NIL_RTSEMEVENTMULTI)
4825 {
4826 RTSemEventMultiDestroy(pThisCC->hSemEventFrame);
4827 pThisCC->hSemEventFrame = NIL_RTSEMEVENTMULTI;
4828 }
4829
4830 if (pThisCC->hSemEventFrameStopped != NIL_RTSEMEVENTMULTI)
4831 {
4832 RTSemEventMultiDestroy(pThisCC->hSemEventFrameStopped);
4833 pThisCC->hSemEventFrameStopped = NIL_RTSEMEVENTMULTI;
4834 }
4835
4836 if (RTCritSectIsInitialized(&pThisCC->CritSect))
4837 RTCritSectDelete(&pThisCC->CritSect);
4838 PDMDevHlpCritSectDelete(pDevIns, &pThis->CsIrq);
4839
4840 /*
4841 * Tear down the per endpoint in-flight tracking...
4842 */
4843
4844 return VINF_SUCCESS;
4845}
4846
4847
4848/**
4849 * @interface_method_impl{PDMDEVREG,pfnConstruct,EHCI constructor}
4850 */
4851static DECLCALLBACK(int) ehciR3Construct(PPDMDEVINS pDevIns, int iInstance, PCFGMNODE pCfg)
4852{
4853 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
4854 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
4855 PEHCICC pThisCC = PDMDEVINS_2_DATA_CC(pDevIns, PEHCICC);
4856 PCPDMDEVHLPR3 pHlp = pDevIns->pHlpR3;
4857 LogFlowFunc(("\n"));
4858
4859 /*
4860 * Read configuration.
4861 */
4862 PDMDEV_VALIDATE_CONFIG_RETURN(pDevIns, "DefaultFrameRateKHz|Ports", "");
4863
4864 /* Frame rate option. */
4865 int rc = pHlp->pfnCFGMQueryU32Def(pCfg, "DefaultFrameRateKHz", &pThisCC->uFrameRateDefault, EHCI_DEFAULT_TIMER_FREQ / 1000);
4866 if (RT_FAILURE(rc))
4867 return PDMDEV_SET_ERROR(pDevIns, rc,
4868 N_("EHCI configuration error: failed to read DefaultFrameRateKHz as integer"));
4869
4870 if ( pThisCC->uFrameRateDefault > EHCI_HARDWARE_TIMER_FREQ / 1000
4871 || pThisCC->uFrameRateDefault == 0)
4872 return PDMDevHlpVMSetError(pDevIns, VERR_INVALID_PARAMETER, RT_SRC_POS,
4873 N_("EHCI configuration error: DefaultFrameRateKHz must be in range [%u,%u]"),
4874 1, EHCI_HARDWARE_TIMER_FREQ / 1000);
4875
4876 /* Convert to Hertz. */
4877 pThisCC->uFrameRateDefault *= 1000;
4878
4879 /* Number of ports option. */
4880 uint32_t cPorts;
4881 rc = pHlp->pfnCFGMQueryU32Def(pCfg, "Ports", &cPorts, EHCI_NDP_DEFAULT);
4882 if (RT_FAILURE(rc))
4883 return PDMDEV_SET_ERROR(pDevIns, rc, N_("EHCI configuration error: failed to read Ports as integer"));
4884
4885 if (cPorts == 0 || cPorts > EHCI_NDP_MAX)
4886 return PDMDevHlpVMSetError(pDevIns, VERR_INVALID_PARAMETER, RT_SRC_POS,
4887 N_("EHCI configuration error: Ports must be in range [%u,%u]"),
4888 1, EHCI_NDP_MAX);
4889
4890 /*
4891 * Init instance data.
4892 */
4893 pThisCC->pDevIns = pDevIns;
4894
4895 /* Intel 82801FB/FBM USB2 controller */
4896 PPDMPCIDEV pPciDev = pDevIns->apPciDevs[0];
4897 PDMPCIDEV_ASSERT_VALID(pDevIns, pPciDev);
4898
4899 PDMPciDevSetVendorId(pPciDev, 0x8086);
4900 PDMPciDevSetDeviceId(pPciDev, 0x265C);
4901 PDMPciDevSetClassProg(pPciDev, 0x20); /* EHCI */
4902 PDMPciDevSetClassSub(pPciDev, 0x03);
4903 PDMPciDevSetClassBase(pPciDev, 0x0c);
4904 PDMPciDevSetInterruptPin(pPciDev, 0x01);
4905#ifdef VBOX_WITH_MSI_DEVICES
4906 PDMPciDevSetStatus(pPciDev, VBOX_PCI_STATUS_CAP_LIST);
4907 PDMPciDevSetCapabilityList(pPciDev, 0x80);
4908#endif
4909 PDMPciDevSetByte(pPciDev, 0x60, 0x20); /* serial bus release number register; 0x20 = USB 2.0 */
4910 /** @todo USBLEGSUP & USBLEGCTLSTS? Legacy interface for the BIOS (0xEECP+0 & 0xEECP+4) */
4911
4912 pThisCC->RootHub.IBase.pfnQueryInterface = ehciR3RhQueryInterface;
4913 pThisCC->RootHub.IRhPort.pfnGetAvailablePorts = ehciR3RhGetAvailablePorts;
4914 pThisCC->RootHub.IRhPort.pfnGetUSBVersions = ehciR3RhGetUSBVersions;
4915 pThisCC->RootHub.IRhPort.pfnAttach = ehciR3RhAttach;
4916 pThisCC->RootHub.IRhPort.pfnDetach = ehciR3RhDetach;
4917 pThisCC->RootHub.IRhPort.pfnReset = ehciR3RhReset;
4918 pThisCC->RootHub.IRhPort.pfnXferCompletion = ehciR3RhXferCompletion;
4919 pThisCC->RootHub.IRhPort.pfnXferError = ehciR3RhXferError;
4920
4921 /* USB LED */
4922 pThisCC->RootHub.Led.u32Magic = PDMLED_MAGIC;
4923 pThisCC->RootHub.ILeds.pfnQueryStatusLed = ehciR3RhQueryStatusLed;
4924
4925 /*
4926 * Register PCI device and I/O region.
4927 */
4928 rc = PDMDevHlpPCIRegister(pDevIns, pPciDev);
4929 if (RT_FAILURE(rc))
4930 return rc;
4931
4932#ifdef VBOX_WITH_MSI_DEVICES
4933 PDMMSIREG MsiReg;
4934 RT_ZERO(MsiReg);
4935 MsiReg.cMsiVectors = 1;
4936 MsiReg.iMsiCapOffset = 0x80;
4937 MsiReg.iMsiNextOffset = 0x00;
4938 rc = PDMDevHlpPCIRegisterMsi(pDevIns, &MsiReg);
4939 if (RT_FAILURE(rc))
4940 {
4941 PDMPciDevSetCapabilityList(pPciDev, 0x0);
4942 /* That's OK, we can work without MSI */
4943 }
4944#endif
4945
4946 rc = PDMDevHlpPCIIORegionCreateMmio(pDevIns, 0 /*iPciRegion*/, 4096 /*cbRegion*/, PCI_ADDRESS_SPACE_MEM,
4947 ehciMmioWrite, ehciMmioRead, NULL /*pvUser*/,
4948 IOMMMIO_FLAGS_READ_DWORD | IOMMMIO_FLAGS_WRITE_DWORD_ZEROED
4949 | IOMMMIO_FLAGS_DBGSTOP_ON_COMPLICATED_WRITE,
4950 "USB EHCI", &pThis->hMmio);
4951 AssertRCReturn(rc, rc);
4952
4953 /* Initialize capability registers */
4954 pThis->cap_length = EHCI_CAPS_REG_SIZE;
4955 pThis->hci_version = 0x100;
4956 /* 31:24 Reserved
4957 * 23:20 Debug Port Number
4958 * 19:17 Reserved
4959 * 16 Port indicators (P_INDICATOR) enabled/disabled
4960 * 15:12 Number of companion controllers (N_CC)
4961 * 11:8 Number of ports per companion controller (N_PCC)
4962 * 7 Port routing controls enabled/disabled
4963 * 6:5 Reserved
4964 * 4 Port power control enabled/disabled -> disabled to simplify matters!
4965 * 3:0 N_PORTS; number of ports
4966 */
4967 /* Currently only number of ports specified */
4968 pThis->hcs_params = cPorts;
4969
4970 /* 31:16 Reserved
4971 * 15:8 EHCI extended capabilities pointer (EECP) (0x40 or greater)
4972 * 7:4 Isochronous scheduling threshold
4973 * 3 Reserved
4974 * 2 Asynchronous schedule park capability (allow several TDs to be handled per async queue head)
4975 * 1 Programmable frame list flag (0=1024 frames fixed)
4976 * 0 64 bits addressability
4977 */
4978 pThis->hcc_params = EHCI_HCC_PARAMS_ISOCHRONOUS_CACHING | EHCI_HCC_PARAMS_ASYNC_SCHEDULE_PARKING;
4979
4980 /*
4981 * Register the saved state data unit.
4982 */
4983 rc = PDMDevHlpSSMRegisterEx(pDevIns, EHCI_SAVED_STATE_VERSION, sizeof(*pThis), NULL,
4984 NULL, NULL, NULL,
4985 NULL, ehciR3SaveExec, NULL,
4986 NULL, ehciLoadExec, NULL);
4987 if (RT_FAILURE(rc))
4988 return rc;
4989
4990 /*
4991 * Attach to the VBox USB RootHub Driver on LUN #0.
4992 */
4993 rc = PDMDevHlpDriverAttach(pDevIns, 0, &pThisCC->RootHub.IBase, &pThisCC->RootHub.pIBase, "RootHub");
4994 if (RT_FAILURE(rc))
4995 {
4996 AssertMsgFailed(("Configuration error: No roothub driver attached to LUN #0!\n"));
4997 return rc;
4998 }
4999 pThisCC->RootHub.pIRhConn = PDMIBASE_QUERY_INTERFACE(pThisCC->RootHub.pIBase, VUSBIROOTHUBCONNECTOR);
5000 AssertMsgReturn(pThisCC->RootHub.pIRhConn,
5001 ("Configuration error: The driver doesn't provide the VUSBIROOTHUBCONNECTOR interface!\n"),
5002 VERR_PDM_MISSING_INTERFACE);
5003
5004 /*
5005 * Attach status driver (optional).
5006 */
5007 PPDMIBASE pBase;
5008 rc = PDMDevHlpDriverAttach(pDevIns, PDM_STATUS_LUN, &pThisCC->RootHub.IBase, &pBase, "Status Port");
5009 if (RT_SUCCESS(rc))
5010 pThisCC->RootHub.pLedsConnector = PDMIBASE_QUERY_INTERFACE(pBase, PDMILEDCONNECTORS);
5011 else
5012 AssertLogRelMsgReturn(rc == VERR_PDM_NO_ATTACHED_DRIVER, ("Failed to attach to status driver. rc=%Rrc\n", rc), rc);
5013
5014 /* Set URB parameters. */
5015 rc = VUSBIRhSetUrbParams(pThisCC->RootHub.pIRhConn, sizeof(VUSBURBHCIINT), sizeof(VUSBURBHCITDINT));
5016 if (RT_FAILURE(rc))
5017 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS, N_("EHCI: Failed to set URB parameters"));
5018
5019 /*
5020 * Calculate the timer intervals.
5021 * This ASSUMES that the VM timer doesn't change frequency during the run.
5022 */
5023 pThisCC->u64TimerHz = PDMDevHlpTMTimeVirtGetFreq(pDevIns);
5024 ehciR3CalcTimerIntervals(pThis, pThisCC, pThisCC->uFrameRateDefault);
5025 LogFunc(("cTicksPerFrame=%RU64 cTicksPerUsbTick=%RU64\n", pThisCC->cTicksPerFrame, pThisCC->cTicksPerUsbTick));
5026
5027 pThis->fBusStarted = false;
5028
5029 rc = PDMDevHlpCritSectInit(pDevIns, &pThis->CsIrq, RT_SRC_POS, "EHCI#%uIrq", iInstance);
5030 if (RT_FAILURE(rc))
5031 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS,
5032 N_("EHCI: Failed to create critical section"));
5033
5034 rc = RTSemEventMultiCreate(&pThisCC->hSemEventFrame);
5035 AssertRCReturn(rc, rc);
5036
5037 rc = RTSemEventMultiCreate(&pThisCC->hSemEventFrameStopped);
5038 AssertRCReturn(rc, rc);
5039
5040 rc = RTCritSectInit(&pThisCC->CritSect);
5041 if (RT_FAILURE(rc))
5042 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS, N_("EHCI: Failed to create critical section"));
5043
5044 rc = PDMDevHlpThreadCreate(pDevIns, &pThisCC->hThreadFrame, pThisCC, ehciR3ThreadFrame,
5045 ehciR3ThreadFrameWakeup, 0, RTTHREADTYPE_IO, "EhciFramer");
5046 if (RT_FAILURE(rc))
5047 return PDMDevHlpVMSetError(pDevIns, rc, RT_SRC_POS, N_("EHCI: Failed to create worker thread"));
5048
5049 /*
5050 * Do a hardware reset.
5051 */
5052 ehciR3DoReset(pDevIns, pThis, pThisCC, EHCI_USB_RESET, false /* don't reset devices */);
5053
5054#ifdef VBOX_WITH_STATISTICS
5055 /*
5056 * Register statistics.
5057 */
5058 PDMDevHlpSTAMRegister(pDevIns, &pThisCC->StatCanceledIsocUrbs, STAMTYPE_COUNTER, "CanceledIsocUrbs", STAMUNIT_OCCURENCES, "Detected canceled isochronous URBs.");
5059 PDMDevHlpSTAMRegister(pDevIns, &pThisCC->StatCanceledGenUrbs, STAMTYPE_COUNTER, "CanceledGenUrbs", STAMUNIT_OCCURENCES, "Detected canceled general URBs.");
5060 PDMDevHlpSTAMRegister(pDevIns, &pThisCC->StatDroppedUrbs, STAMTYPE_COUNTER, "DroppedUrbs", STAMUNIT_OCCURENCES, "Dropped URBs (endpoint halted, or URB canceled).");
5061#endif
5062
5063 /*
5064 * Register debugger info callbacks.
5065 */
5066 PDMDevHlpDBGFInfoRegister(pDevIns, "ehci", "EHCI control registers.", ehciR3InfoRegs);
5067
5068#ifdef DEBUG_sandervl
5069// g_fLogInterruptEPs = true;
5070 g_fLogControlEPs = true;
5071#endif
5072
5073 return VINF_SUCCESS;
5074}
5075
5076#else /* !IN_RING3 */
5077
5078/**
5079 * @callback_method_impl{PDMDEVREGR0,pfnConstruct}
5080 */
5081static DECLCALLBACK(int) ehciRZConstruct(PPDMDEVINS pDevIns)
5082{
5083 PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
5084 PEHCI pThis = PDMDEVINS_2_DATA(pDevIns, PEHCI);
5085
5086 int rc = PDMDevHlpMmioSetUpContext(pDevIns, pThis->hMmio, ehciMmioWrite, ehciMmioRead, NULL /*pvUser*/);
5087 AssertRCReturn(rc, rc);
5088
5089 return VINF_SUCCESS;
5090}
5091
5092#endif /* !IN_RING3 */
5093
5094const PDMDEVREG g_DeviceEHCI =
5095{
5096 /* .u32version = */ PDM_DEVREG_VERSION,
5097 /* .uReserved0 = */ 0,
5098 /* .szName = */ "usb-ehci",
5099 /* .fFlags = */ PDM_DEVREG_FLAGS_DEFAULT_BITS | PDM_DEVREG_FLAGS_RZ | PDM_DEVREG_FLAGS_NEW_STYLE,
5100 /* .fClass = */ PDM_DEVREG_CLASS_BUS_USB,
5101 /* .cMaxInstances = */ ~0U,
5102 /* .uSharedVersion = */ 42,
5103 /* .cbInstanceShared = */ sizeof(EHCI),
5104 /* .cbInstanceCC = */ sizeof(EHCICC),
5105 /* .cbInstanceRC = */ sizeof(EHCIRC),
5106 /* .cMaxPciDevices = */ 1,
5107 /* .cMaxMsixVectors = */ 0,
5108 /* .pszDescription = */ "EHCI USB controller.\n",
5109#if defined(IN_RING3)
5110# ifdef VBOX_IN_EXTPACK
5111 /* .pszRCMod = */ "VBoxEhciRC.rc",
5112 /* .pszR0Mod = */ "VBoxEhciR0.r0",
5113# else
5114 /* .pszRCMod = */ "VBoxDDRC.rc",
5115 /* .pszR0Mod = */ "VBoxDDR0.r0",
5116# endif
5117 /* .pfnConstruct = */ ehciR3Construct,
5118 /* .pfnDestruct = */ ehciR3Destruct,
5119 /* .pfnRelocate = */ NULL,
5120 /* .pfnMemSetup = */ NULL,
5121 /* .pfnPowerOn = */ NULL,
5122 /* .pfnReset = */ ehciR3Reset,
5123 /* .pfnSuspend = */ NULL,
5124 /* .pfnResume = */ ehciR3Resume,
5125 /* .pfnAttach = */ NULL,
5126 /* .pfnDetach = */ NULL,
5127 /* .pfnQueryInterface = */ NULL,
5128 /* .pfnInitComplete = */ NULL,
5129 /* .pfnPowerOff = */ NULL,
5130 /* .pfnSoftReset = */ NULL,
5131 /* .pfnReserved0 = */ NULL,
5132 /* .pfnReserved1 = */ NULL,
5133 /* .pfnReserved2 = */ NULL,
5134 /* .pfnReserved3 = */ NULL,
5135 /* .pfnReserved4 = */ NULL,
5136 /* .pfnReserved5 = */ NULL,
5137 /* .pfnReserved6 = */ NULL,
5138 /* .pfnReserved7 = */ NULL,
5139#elif defined(IN_RING0)
5140 /* .pfnEarlyConstruct = */ NULL,
5141 /* .pfnConstruct = */ ehciRZConstruct,
5142 /* .pfnDestruct = */ NULL,
5143 /* .pfnFinalDestruct = */ NULL,
5144 /* .pfnRequest = */ NULL,
5145 /* .pfnReserved0 = */ NULL,
5146 /* .pfnReserved1 = */ NULL,
5147 /* .pfnReserved2 = */ NULL,
5148 /* .pfnReserved3 = */ NULL,
5149 /* .pfnReserved4 = */ NULL,
5150 /* .pfnReserved5 = */ NULL,
5151 /* .pfnReserved6 = */ NULL,
5152 /* .pfnReserved7 = */ NULL,
5153#elif defined(IN_RC)
5154 /* .pfnConstruct = */ ehciRZConstruct,
5155 /* .pfnReserved0 = */ NULL,
5156 /* .pfnReserved1 = */ NULL,
5157 /* .pfnReserved2 = */ NULL,
5158 /* .pfnReserved3 = */ NULL,
5159 /* .pfnReserved4 = */ NULL,
5160 /* .pfnReserved5 = */ NULL,
5161 /* .pfnReserved6 = */ NULL,
5162 /* .pfnReserved7 = */ NULL,
5163#else
5164# error "Not in IN_RING3, IN_RING0 or IN_RC!"
5165#endif
5166 /* .u32VersionEnd = */ PDM_DEVREG_VERSION
5167};
5168
5169#ifdef VBOX_IN_EXTPACK
5170extern "C" const PDMDEVREG g_DeviceXHCI;
5171
5172# ifdef VBOX_IN_EXTPACK_R3
5173
5174/**
5175 * @callback_method_impl{FNPDMVBOXDEVICESREGISTER}
5176 */
5177extern "C" DECLEXPORT(int) VBoxDevicesRegister(PPDMDEVREGCB pCallbacks, uint32_t u32Version)
5178{
5179 AssertLogRelMsgReturn(u32Version >= VBOX_VERSION,
5180 ("u32Version=%#x VBOX_VERSION=%#x\n", u32Version, VBOX_VERSION),
5181 VERR_EXTPACK_VBOX_VERSION_MISMATCH);
5182 AssertLogRelMsgReturn(pCallbacks->u32Version == PDM_DEVREG_CB_VERSION,
5183 ("pCallbacks->u32Version=%#x PDM_DEVREG_CB_VERSION=%#x\n", pCallbacks->u32Version, PDM_DEVREG_CB_VERSION),
5184 VERR_VERSION_MISMATCH);
5185
5186 int rc = pCallbacks->pfnRegister(pCallbacks, &g_DeviceEHCI);
5187
5188 /* EHCI and xHCI devices live in the same module. */
5189 extern const PDMDEVREG g_DeviceXHCI;
5190 if (RT_SUCCESS(rc))
5191 rc = pCallbacks->pfnRegister(pCallbacks, &g_DeviceXHCI);
5192
5193 return rc;
5194}
5195
5196# else
5197
5198/** Pointer to the ring-0 device registrations for VBoxEhciR0/RC. */
5199static PCPDMDEVREGR0 g_apDevRegs[] =
5200{
5201 &g_DeviceEHCI,
5202 &g_DeviceXHCI,
5203};
5204
5205/** Module device registration record for VBoxEhciR0/RC. */
5206static PDMDEVMODREGR0 g_ModDevReg =
5207{
5208 /* .u32Version = */ PDM_DEVMODREGR0_VERSION,
5209 /* .cDevRegs = */ RT_ELEMENTS(g_apDevRegs),
5210 /* .papDevRegs = */ &g_apDevRegs[0],
5211 /* .hMod = */ NULL,
5212 /* .ListEntry = */ { NULL, NULL },
5213};
5214
5215
5216DECLEXPORT(int) ModuleInit(void *hMod)
5217{
5218 LogFlow(("VBoxEhciRZ/ModuleInit: %p\n", hMod));
5219 return PDMR0DeviceRegisterModule(hMod, &g_ModDevReg);
5220}
5221
5222
5223DECLEXPORT(void) ModuleTerm(void *hMod)
5224{
5225 LogFlow(("VBoxEhciRZ/ModuleTerm: %p\n", hMod));
5226 PDMR0DeviceDeregisterModule(hMod, &g_ModDevReg);
5227}
5228
5229# endif
5230#endif /* VBOX_IN_EXTPACK */
5231
5232#endif /* !VBOX_DEVICE_STRUCT_TESTCASE */
5233
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette