diff --git a/hw/esp.c b/hw/esp.c index cdd062f7894d77339888e5b771813ba00b8507b9..17e70dd03be6cacd269bdf4a850ff55c29ea0114 100644 --- a/hw/esp.c +++ b/hw/esp.c @@ -62,6 +62,11 @@ struct ESPState { uint8_t cmdbuf[TI_BUFSZ]; int cmdlen; int do_cmd; + + uint32_t dma_left; + uint8_t async_buf[TARGET_PAGE_SIZE]; + uint32_t async_ptr; + uint32_t async_len; }; #define STAT_DO 0x00 @@ -72,6 +77,8 @@ struct ESPState { #define STAT_MO 0x07 #define STAT_TC 0x10 +#define STAT_PE 0x20 +#define STAT_GE 0x40 #define STAT_IN 0x80 #define INTR_FC 0x08 @@ -195,26 +202,85 @@ static void write_response(ESPState *s) } -static void esp_command_complete(void *opaque, uint32_t tag, int sense) +static void esp_do_dma(ESPState *s) +{ + uint32_t dmaptr, minlen, len, from, to; + int to_device; + dmaptr = iommu_translate(s->espdmaregs[1]); + to_device = (s->espdmaregs[0] & DMA_WRITE_MEM) == 0; + from = s->espdmaregs[1]; + minlen = s->dma_left; + to = from + minlen; + dmaptr = iommu_translate(s->espdmaregs[1]); + if ((from & TARGET_PAGE_MASK) != (to & TARGET_PAGE_MASK)) { + len = TARGET_PAGE_SIZE - (from & ~TARGET_PAGE_MASK); + } else { + len = to - from; + } + DPRINTF("DMA address p %08x v %08x len %08x, from %08x, to %08x\n", dmaptr, s->espdmaregs[1], len, from, to); + s->espdmaregs[1] += len; + if (s->do_cmd) { + s->ti_size -= len; + DPRINTF("command len %d + %d\n", s->cmdlen, len); + cpu_physical_memory_read(dmaptr, &s->cmdbuf[s->cmdlen], len); + s->ti_size = 0; + s->cmdlen = 0; + s->do_cmd = 0; + do_cmd(s, s->cmdbuf); + return; + } else { + s->async_len = len; + s->dma_left -= len; + if (to_device) { + s->async_ptr = -1; + cpu_physical_memory_read(dmaptr, s->async_buf, len); + scsi_write_data(s->current_dev, s->async_buf, len); + } else { + s->async_ptr = dmaptr; + scsi_read_data(s->current_dev, s->async_buf, len); + } + } +} + +static void esp_command_complete(void *opaque, uint32_t reason, int sense) { ESPState *s = (ESPState *)opaque; - DPRINTF("SCSI Command complete\n"); - if (s->ti_size != 0) - DPRINTF("SCSI command completed unexpectedly\n"); - s->ti_size = 0; - if (sense) - DPRINTF("Command failed\n"); - s->sense = sense; - s->rregs[4] = STAT_IN | STAT_TC | STAT_ST; + s->ti_size -= s->async_len; + s->espdmaregs[1] += s->async_len; + if (s->async_ptr != (uint32_t)-1) { + cpu_physical_memory_write(s->async_ptr, s->async_buf, s->async_len); + } + if (reason == SCSI_REASON_DONE) { + DPRINTF("SCSI Command complete\n"); + if (s->ti_size != 0) + DPRINTF("SCSI command completed unexpectedly\n"); + s->ti_size = 0; + if (sense) + DPRINTF("Command failed\n"); + s->sense = sense; + } else { + DPRINTF("transfer %d/%d\n", s->dma_left, s->ti_size); + } + if (s->dma_left) { + esp_do_dma(s); + } else { + if (s->ti_size) { + s->rregs[4] |= STAT_IN | STAT_TC; + } else { + s->rregs[4] = STAT_IN | STAT_TC | STAT_ST; + } + s->rregs[5] = INTR_BS; + s->rregs[6] = 0; + s->rregs[7] = 0; + s->espdmaregs[0] |= DMA_INTR; + pic_set_irq(s->irq, 1); + } } static void handle_ti(ESPState *s) { - uint32_t dmaptr, dmalen, minlen, len, from, to; - unsigned int i; - int to_device; - uint8_t buf[TARGET_PAGE_SIZE]; + uint32_t dmalen, minlen; dmalen = s->wregs[0] | (s->wregs[1] << 8); if (dmalen==0) { @@ -227,47 +293,9 @@ static void handle_ti(ESPState *s) minlen = (dmalen < s->ti_size) ? dmalen : s->ti_size; DPRINTF("Transfer Information len %d\n", minlen); if (s->dma) { - dmaptr = iommu_translate(s->espdmaregs[1]); - /* Check if the transfer writes to to reads from the device. */ - to_device = (s->espdmaregs[0] & DMA_WRITE_MEM) == 0; - DPRINTF("DMA Direction: %c, addr 0x%8.8x %08x\n", - to_device ? 'r': 'w', dmaptr, s->ti_size); - from = s->espdmaregs[1]; - to = from + minlen; - for (i = 0; i < minlen; i += len, from += len) { - dmaptr = iommu_translate(s->espdmaregs[1] + i); - if ((from & TARGET_PAGE_MASK) != (to & TARGET_PAGE_MASK)) { - len = TARGET_PAGE_SIZE - (from & ~TARGET_PAGE_MASK); - } else { - len = to - from; - } - DPRINTF("DMA address p %08x v %08x len %08x, from %08x, to %08x\n", dmaptr, s->espdmaregs[1] + i, len, from, to); - s->ti_size -= len; - if (s->do_cmd) { - DPRINTF("command len %d + %d\n", s->cmdlen, len); - cpu_physical_memory_read(dmaptr, &s->cmdbuf[s->cmdlen], len); - s->ti_size = 0; - s->cmdlen = 0; - s->do_cmd = 0; - do_cmd(s, s->cmdbuf); - return; - } else { - if (to_device) { - cpu_physical_memory_read(dmaptr, buf, len); - scsi_write_data(s->current_dev, buf, len); - } else { - scsi_read_data(s->current_dev, buf, len); - cpu_physical_memory_write(dmaptr, buf, len); - } - } - } - if (s->ti_size) { - s->rregs[4] = STAT_IN | STAT_TC | (to_device ? STAT_DO : STAT_DI); - } - s->rregs[5] = INTR_BS; - s->rregs[6] = 0; - s->rregs[7] = 0; - s->espdmaregs[0] |= DMA_INTR; + s->dma_left = minlen; + s->rregs[4] &= ~STAT_TC; + esp_do_dma(s); } else if (s->do_cmd) { DPRINTF("command len %d\n", s->cmdlen); s->ti_size = 0; @@ -276,7 +304,6 @@ static void handle_ti(ESPState *s) do_cmd(s, s->cmdbuf); return; } - pic_set_irq(s->irq, 1); } static void esp_reset(void *opaque) @@ -320,8 +347,8 @@ static uint32_t esp_mem_readb(void *opaque, target_phys_addr_t addr) break; case 5: // interrupt - // Clear status bits except TC - s->rregs[4] &= STAT_TC; + // Clear interrupt/error status bits + s->rregs[4] &= ~(STAT_IN | STAT_GE | STAT_PE); pic_set_irq(s->irq, 0); s->espdmaregs[0] &= ~DMA_INTR; break; @@ -342,6 +369,7 @@ static void esp_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val) case 0: case 1: s->rregs[saddr] = val; + s->rregs[4] &= ~STAT_TC; break; case 2: // FIFO diff --git a/hw/lsi53c895a.c b/hw/lsi53c895a.c index 24dff0eff5062f0858f8d02053b1c7e20fb2bfb8..8f56725348736088d07b1687ce18a119af62965f 100644 --- a/hw/lsi53c895a.c +++ b/hw/lsi53c895a.c @@ -152,6 +152,9 @@ do { fprintf(stderr, "lsi_scsi: " fmt , ##args); } while (0) /* The HBA is ID 7, so for simplicitly limit to 7 devices. */ #define LSI_MAX_DEVS 7 +/* Size of internal DMA buffer for async IO requests. */ +#define LSI_DMA_BLOCK_SIZE 0x10000 + typedef struct { PCIDevice pci_dev; int mmio_io_addr; @@ -162,7 +165,9 @@ typedef struct { int carry; /* ??? Should this be an a visible register somewhere? */ int sense; uint8_t msg; - /* Nonzero if a Wait Reselect instruction has been issued. */ + /* 0 if SCRIPTS are running or stopped. + * 1 if a Wait Reselect instruction has been issued. + * 2 if a DMA operation is in progress. */ int waiting; SCSIDevice *scsi_dev[LSI_MAX_DEVS]; SCSIDevice *current_dev; @@ -226,6 +231,7 @@ typedef struct { uint32_t csbc; uint32_t scratch[13]; /* SCRATCHA-SCRATCHR */ + uint8_t dma_buf[LSI_DMA_BLOCK_SIZE]; /* Script ram is stored as 32-bit words in host byteorder. */ uint32_t script_ram[2048]; } LSIState; @@ -295,6 +301,7 @@ static void lsi_soft_reset(LSIState *s) static uint8_t lsi_reg_readb(LSIState *s, int offset); static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val); +static void lsi_execute_script(LSIState *s); static inline uint32_t read_dword(LSIState *s, uint32_t addr) { @@ -402,21 +409,20 @@ static void lsi_bad_phase(LSIState *s, int out, int new_phase) lsi_set_phase(s, new_phase); } +/* Initiate a SCSI layer data transfer. */ static void lsi_do_dma(LSIState *s, int out) { - uint8_t buf[TARGET_PAGE_SIZE]; - uint32_t addr; uint32_t count; - int n; count = s->dbc; - addr = s->dnad; - DPRINTF("DMA %s addr=0x%08x len=%d avail=%d\n", out ? "out" : "in", + if (count > LSI_DMA_BLOCK_SIZE) + count = LSI_DMA_BLOCK_SIZE; + DPRINTF("DMA addr=0x%08x len=%d avail=%d\n", addr, count, s->data_len); /* ??? Too long transfers are truncated. Don't know if this is the correct behavior. */ if (count > s->data_len) { - /* If the DMA length is greater then the device data length then + /* If the DMA length is greater than the device data length then a phase mismatch will occur. */ count = s->data_len; s->dbc = count; @@ -426,20 +432,47 @@ static void lsi_do_dma(LSIState *s, int out) s->csbc += count; /* ??? Set SFBR to first data byte. */ - while (count) { - n = (count > TARGET_PAGE_SIZE) ? TARGET_PAGE_SIZE : count; - if (out) { - cpu_physical_memory_read(addr, buf, n); - scsi_write_data(s->current_dev, buf, n); - } else { - scsi_read_data(s->current_dev, buf, n); - cpu_physical_memory_write(addr, buf, n); - } - addr += n; - count -= n; + if ((s->sstat1 & PHASE_MASK) == PHASE_DO) { + cpu_physical_memory_read(s->dnad, s->dma_buf, count); + scsi_write_data(s->current_dev, s->dma_buf, count); + } else { + scsi_read_data(s->current_dev, s->dma_buf, count); } + /* If the DMA did not complete then suspend execution. */ + if (s->dbc) + s->waiting = 2; } +/* Callback to indicate that the SCSI layer has completed a transfer. */ +static void lsi_command_complete(void *opaque, uint32_t reason, int sense) +{ + LSIState *s = (LSIState *)opaque; + uint32_t count; + int out; + + out = ((s->sstat1 & PHASE_MASK) == PHASE_DO); + count = s->dbc; + if (count > LSI_DMA_BLOCK_SIZE) + count = LSI_DMA_BLOCK_SIZE; + if (!out) + cpu_physical_memory_write(s->dnad, s->dma_buf, count); + s->dnad += count; + s->dbc -= count; + + if (reason == SCSI_REASON_DONE) { + DPRINTF("Command complete sense=%d\n", sense); + s->sense = sense; + lsi_set_phase(s, PHASE_ST); + } + + if (s->dbc) { + lsi_do_dma(s, out); + } else if (s->waiting == 2) { + /* Restart SCRIPTS execution. */ + s->waiting = 0; + lsi_execute_script(s); + } +} static void lsi_do_command(LSIState *s) { @@ -461,15 +494,6 @@ static void lsi_do_command(LSIState *s) } } -static void lsi_command_complete(void *opaque, uint32_t tag, int sense) -{ - LSIState *s = (LSIState *)opaque; - - DPRINTF("Command complete sense=%d\n", sense); - s->sense = sense; - lsi_set_phase(s, PHASE_ST); -} - static void lsi_do_status(LSIState *s) { DPRINTF("Get status len=%d sense=%d\n", s->dbc, s->sense); @@ -1134,7 +1158,7 @@ static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val) s->istat0 &= ~LSI_ISTAT0_INTF; lsi_update_irq(s); } - if (s->waiting && val & LSI_ISTAT0_SIGP) { + if (s->waiting == 1 && val & LSI_ISTAT0_SIGP) { DPRINTF("Woken by SIGP\n"); s->waiting = 0; s->dsp = s->dnad; diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c index 3419c8e2d28c323d9999473b2b2a819497d52a10..a2f299e951c35ea9482487cd0d99b8e24a5188cb 100644 --- a/hw/scsi-disk.c +++ b/hw/scsi-disk.c @@ -25,6 +25,7 @@ do { fprintf(stderr, "scsi-disk: " fmt , ##args); } while (0) #define SENSE_NO_SENSE 0 #define SENSE_NOT_READY 2 +#define SENSE_HARDWARE_ERROR 4 #define SENSE_ILLEGAL_REQUEST 5 struct SCSIDevice @@ -46,7 +47,13 @@ struct SCSIDevice int buf_pos; int buf_len; int sense; + BlockDriverAIOCB *aiocb; + /* Data still to be transfered after this request completes. */ + uint8_t *aiodata; + uint32_t aiolen; char buf[512]; + /* Completion functions may be called from either scsi_{read,write}_data + or from the AIO completion routines. */ scsi_completionfn completion; void *opaque; }; @@ -54,10 +61,49 @@ struct SCSIDevice static void scsi_command_complete(SCSIDevice *s, int sense) { s->sense = sense; - s->completion(s->opaque, s->tag, sense); + s->completion(s->opaque, SCSI_REASON_DONE, sense); } -/* Read data from a scsi device. Returns nonzero on failure. */ +static void scsi_transfer_complete(SCSIDevice *s) +{ + s->completion(s->opaque, SCSI_REASON_DATA, 0); + s->aiocb = NULL; +} + +static void scsi_read_complete(void * opaque, int ret) +{ + SCSIDevice *s = (SCSIDevice *)opaque; + + if (ret) { + DPRINTF("IO error\n"); + scsi_command_complete(s, SENSE_HARDWARE_ERROR); + } + + if (s->aiolen) { + /* Read the remaining data. Full and partial sectors are transferred + separately. */ + scsi_read_data(s, s->aiodata, s->aiolen); + } else { + if (s->buf_len == 0 && s->sector_count == 0) + scsi_command_complete(s, SENSE_NO_SENSE); + else + scsi_transfer_complete(s); + } +} + +/* Cancel a pending data transfer. */ +void scsi_cancel_io(SCSIDevice *s) +{ + if (!s->aiocb) { + BADF("Cancel with no pending IO\n"); + return; + } + bdrv_aio_cancel(s->aiocb); + s->aiocb = NULL; +} + +/* Read data from a scsi device. Returns nonzero on failure. + The transfer may complete asynchronously. */ int scsi_read_data(SCSIDevice *s, uint8_t *data, uint32_t len) { uint32_t n; @@ -84,14 +130,19 @@ int scsi_read_data(SCSIDevice *s, uint8_t *data, uint32_t len) n = s->sector_count; if (n != 0) { - bdrv_read(s->bdrv, s->sector, data, n); - data += n * 512; - len -= n * 512; + s->aiolen = len - n * 512; + s->aiodata = data + n * 512; + s->aiocb = bdrv_aio_read(s->bdrv, s->sector, data, n, + scsi_read_complete, s); + if (s->aiocb == NULL) + scsi_command_complete(s, SENSE_HARDWARE_ERROR); s->sector += n; s->sector_count -= n; + return 0; } if (len && s->sector_count) { + /* TODO: Make this use AIO. */ bdrv_read(s->bdrv, s->sector, s->buf, 1); s->sector++; s->sector_count--; @@ -106,11 +157,53 @@ int scsi_read_data(SCSIDevice *s, uint8_t *data, uint32_t len) if (s->buf_len == 0 && s->sector_count == 0) scsi_command_complete(s, SENSE_NO_SENSE); + else + scsi_transfer_complete(s); return 0; } -/* Read data to a scsi device. Returns nonzero on failure. */ +static void scsi_write_complete(void * opaque, int ret) +{ + SCSIDevice *s = (SCSIDevice *)opaque; + + if (ret) { + fprintf(stderr, "scsi-disc: IO write error\n"); + exit(1); + } + + if (s->sector_count == 0) + scsi_command_complete(s, SENSE_NO_SENSE); + else + scsi_transfer_complete(s); +} + +static uint32_t scsi_write_partial_sector(SCSIDevice *s, uint8_t *data, + uint32_t len) +{ + int n; + + n = 512 - s->buf_len; + if (n > len) + n = len; + + memcpy(s->buf + s->buf_len, data, n); + data += n; + s->buf_len += n; + len -= n; + if (s->buf_len == 512) { + /* A full sector has been accumulated. Write it to disk. */ + /* TODO: Make this use async IO. */ + bdrv_write(s->bdrv, s->sector, s->buf, 1); + s->buf_len = 0; + s->sector++; + s->sector_count--; + } + return n; +} + +/* Write data to a scsi device. Returns nonzero on failure. + The transfer may complete asynchronously. */ int scsi_write_data(SCSIDevice *s, uint8_t *data, uint32_t len) { uint32_t n; @@ -125,48 +218,39 @@ int scsi_write_data(SCSIDevice *s, uint8_t *data, uint32_t len) return 1; if (s->buf_len != 0 || len < 512) { - n = 512 - s->buf_len; - if (n > len) - n = len; - - memcpy(s->buf + s->buf_len, data, n); - data += n; - s->buf_len += n; + n = scsi_write_partial_sector(s, data, len); len -= n; - if (s->buf_len == 512) { - /* A full sector has been accumulated. Write it to disk. */ - bdrv_write(s->bdrv, s->sector, s->buf, 1); - s->buf_len = 0; - s->sector++; - s->sector_count--; - } + data += n; } n = len / 512; if (n > s->sector_count) - n = s->sector_count; + return 1; if (n != 0) { - bdrv_write(s->bdrv, s->sector, data, n); + s->aiocb = bdrv_aio_write(s->bdrv, s->sector, data, n, + scsi_write_complete, s); + if (s->aiocb == NULL) + scsi_command_complete(s, SENSE_HARDWARE_ERROR); data += n * 512; len -= n * 512; s->sector += n; s->sector_count -= n; } - if (len >= 512) - return 1; - - if (len && s->sector_count) { - /* Recurse to complete the partial write. */ - return scsi_write_data(s, data, len); + if (len) { + if (s->sector_count == 0) + return 1; + /* Complete a partial write. */ + scsi_write_partial_sector(s, data, len); + } + if (n == 0) { + /* Transfer completes immediately. */ + if (s->sector_count == 0) + scsi_command_complete(s, SENSE_NO_SENSE); + else + scsi_transfer_complete(s); } - - if (len != 0) - return 1; - - if (s->sector_count == 0) - scsi_command_complete(s, SENSE_NO_SENSE); return 0; } diff --git a/hw/usb-hid.c b/hw/usb-hid.c index 8fc0b744b7fa21ad94c479a2c2fd66fc96396f69..095fcb3e6c590b8fa96f5ccec5ae6a06064d7516 100644 --- a/hw/usb-hid.c +++ b/hw/usb-hid.c @@ -474,19 +474,18 @@ static int usb_mouse_handle_control(USBDevice *dev, int request, int value, return ret; } -static int usb_mouse_handle_data(USBDevice *dev, int pid, - uint8_t devep, uint8_t *data, int len) +static int usb_mouse_handle_data(USBDevice *dev, USBPacket *p) { USBMouseState *s = (USBMouseState *)dev; int ret = 0; - switch(pid) { + switch(p->pid) { case USB_TOKEN_IN: - if (devep == 1) { + if (p->devep == 1) { if (s->kind == USB_MOUSE) - ret = usb_mouse_poll(s, data, len); + ret = usb_mouse_poll(s, p->data, p->len); else if (s->kind == USB_TABLET) - ret = usb_tablet_poll(s, data, len); + ret = usb_tablet_poll(s, p->data, p->len); } else { goto fail; } diff --git a/hw/usb-hub.c b/hw/usb-hub.c index 8350931be639406bb322ec8346c95c929e4a1a4c..651dac21091feaddd6c37798a5168d3431cf66e2 100644 --- a/hw/usb-hub.c +++ b/hw/usb-hub.c @@ -180,8 +180,7 @@ static void usb_hub_attach(USBPort *port1, USBDevice *dev) port->wPortStatus &= ~PORT_STAT_LOW_SPEED; port->port.dev = dev; /* send the attach message */ - dev->handle_packet(dev, - USB_MSG_ATTACH, 0, 0, NULL, 0); + usb_send_msg(dev, USB_MSG_ATTACH); } else { dev = port->port.dev; if (dev) { @@ -192,8 +191,7 @@ static void usb_hub_attach(USBPort *port1, USBDevice *dev) port->wPortChange |= PORT_STAT_C_ENABLE; } /* send the detach message */ - dev->handle_packet(dev, - USB_MSG_DETACH, 0, 0, NULL, 0); + usb_send_msg(dev, USB_MSG_DETACH); port->port.dev = NULL; } } @@ -349,8 +347,7 @@ static int usb_hub_handle_control(USBDevice *dev, int request, int value, break; case PORT_RESET: if (dev) { - dev->handle_packet(dev, - USB_MSG_RESET, 0, 0, NULL, 0); + usb_send_msg(dev, USB_MSG_RESET); port->wPortChange |= PORT_STAT_C_RESET; /* set enable bit */ port->wPortStatus |= PORT_STAT_ENABLE; @@ -434,22 +431,21 @@ static int usb_hub_handle_control(USBDevice *dev, int request, int value, return ret; } -static int usb_hub_handle_data(USBDevice *dev, int pid, - uint8_t devep, uint8_t *data, int len) +static int usb_hub_handle_data(USBDevice *dev, USBPacket *p) { USBHubState *s = (USBHubState *)dev; int ret; - switch(pid) { + switch(p->pid) { case USB_TOKEN_IN: - if (devep == 1) { + if (p->devep == 1) { USBHubPort *port; unsigned int status; int i, n; n = (s->nb_ports + 1 + 7) / 8; - if (len == 1) { /* FreeBSD workaround */ + if (p->len == 1) { /* FreeBSD workaround */ n = 1; - } else if (n > len) { + } else if (n > p->len) { return USB_RET_BABBLE; } status = 0; @@ -460,7 +456,7 @@ static int usb_hub_handle_data(USBDevice *dev, int pid, } if (status != 0) { for(i = 0; i < n; i++) { - data[i] = status >> (8 * i); + p->data[i] = status >> (8 * i); } ret = n; } else { @@ -479,9 +475,7 @@ static int usb_hub_handle_data(USBDevice *dev, int pid, return ret; } -static int usb_hub_broadcast_packet(USBHubState *s, int pid, - uint8_t devaddr, uint8_t devep, - uint8_t *data, int len) +static int usb_hub_broadcast_packet(USBHubState *s, USBPacket *p) { USBHubPort *port; USBDevice *dev; @@ -491,9 +485,7 @@ static int usb_hub_broadcast_packet(USBHubState *s, int pid, port = &s->ports[i]; dev = port->port.dev; if (dev && (port->wPortStatus & PORT_STAT_ENABLE)) { - ret = dev->handle_packet(dev, pid, - devaddr, devep, - data, len); + ret = dev->handle_packet(dev, p); if (ret != USB_RET_NODEV) { return ret; } @@ -502,9 +494,7 @@ static int usb_hub_broadcast_packet(USBHubState *s, int pid, return USB_RET_NODEV; } -static int usb_hub_handle_packet(USBDevice *dev, int pid, - uint8_t devaddr, uint8_t devep, - uint8_t *data, int len) +static int usb_hub_handle_packet(USBDevice *dev, USBPacket *p) { USBHubState *s = (USBHubState *)dev; @@ -513,14 +503,14 @@ static int usb_hub_handle_packet(USBDevice *dev, int pid, #endif if (dev->state == USB_STATE_DEFAULT && dev->addr != 0 && - devaddr != dev->addr && - (pid == USB_TOKEN_SETUP || - pid == USB_TOKEN_OUT || - pid == USB_TOKEN_IN)) { + p->devaddr != dev->addr && + (p->pid == USB_TOKEN_SETUP || + p->pid == USB_TOKEN_OUT || + p->pid == USB_TOKEN_IN)) { /* broadcast the packet to the devices */ - return usb_hub_broadcast_packet(s, pid, devaddr, devep, data, len); + return usb_hub_broadcast_packet(s, p); } - return usb_generic_handle_packet(dev, pid, devaddr, devep, data, len); + return usb_generic_handle_packet(dev, p); } static void usb_hub_handle_destroy(USBDevice *dev) diff --git a/hw/usb-msd.c b/hw/usb-msd.c index ff2047d4b2b9518ef1f1f2876197cc9769a5b668..7d1f35d0640761801c3415a95b278d2394c1da69 100644 --- a/hw/usb-msd.c +++ b/hw/usb-msd.c @@ -33,9 +33,12 @@ typedef struct { USBDevice dev; enum USBMSDMode mode; uint32_t data_len; + uint32_t transfer_len; uint32_t tag; SCSIDevice *scsi_dev; int result; + /* For async completion. */ + USBPacket *packet; } MSDState; static const uint8_t qemu_msd_dev_descriptor[] = { @@ -103,13 +106,27 @@ static const uint8_t qemu_msd_config_descriptor[] = { 0x00 /* u8 ep_bInterval; */ }; -static void usb_msd_command_complete(void *opaque, uint32_t tag, int fail) +static void usb_msd_command_complete(void *opaque, uint32_t reason, int fail) { MSDState *s = (MSDState *)opaque; - - DPRINTF("Command complete\n"); - s->result = fail; - s->mode = USB_MSDM_CSW; + USBPacket *p; + + s->data_len -= s->transfer_len; + s->transfer_len = 0; + if (reason == SCSI_REASON_DONE) { + DPRINTF("Command complete %d\n", fail); + s->result = fail; + s->mode = USB_MSDM_CSW; + } + if (s->packet) { + /* Set s->packet to NULL before calling usb_packet_complete because + annother request may be issues before usb_packet_complete returns. + */ + DPRINTF("Packet complete %p\n", p); + p = s->packet; + s->packet = NULL; + usb_packet_complete(p); + } } static void usb_msd_handle_reset(USBDevice *dev) @@ -250,15 +267,24 @@ struct usb_msd_csw { uint8_t status; }; -static int usb_msd_handle_data(USBDevice *dev, int pid, uint8_t devep, - uint8_t *data, int len) +static void usb_msd_cancel_io(USBPacket *p, void *opaque) +{ + MSDState *s = opaque; + scsi_cancel_io(s->scsi_dev); + s->packet = NULL; +} + +static int usb_msd_handle_data(USBDevice *dev, USBPacket *p) { MSDState *s = (MSDState *)dev; int ret = 0; struct usb_msd_cbw cbw; struct usb_msd_csw csw; + uint8_t devep = p->devep; + uint8_t *data = p->data; + int len = p->len; - switch (pid) { + switch (p->pid) { case USB_TOKEN_OUT: if (devep != 2) goto fail; @@ -300,13 +326,18 @@ static int usb_msd_handle_data(USBDevice *dev, int pid, uint8_t devep, if (len > s->data_len) goto fail; + s->transfer_len = len; if (scsi_write_data(s->scsi_dev, data, len)) goto fail; - s->data_len -= len; - if (s->data_len == 0) - s->mode = USB_MSDM_CSW; - ret = len; + if (s->transfer_len == 0) { + ret = len; + } else { + DPRINTF("Deferring packet %p\n", p); + usb_defer_packet(p, usb_msd_cancel_io, s); + s->packet = p; + ret = USB_RET_ASYNC; + } break; default: @@ -340,13 +371,18 @@ static int usb_msd_handle_data(USBDevice *dev, int pid, uint8_t devep, if (len > s->data_len) len = s->data_len; + s->transfer_len = len; if (scsi_read_data(s->scsi_dev, data, len)) goto fail; - s->data_len -= len; - if (s->data_len == 0) - s->mode = USB_MSDM_CSW; - ret = len; + if (s->transfer_len == 0) { + ret = len; + } else { + DPRINTF("Deferring packet %p\n", p); + usb_defer_packet(p, usb_msd_cancel_io, s); + s->packet = p; + ret = USB_RET_ASYNC; + } break; default: diff --git a/hw/usb-ohci.c b/hw/usb-ohci.c index e87d9da70a04bfdadfbf454b676ed83d944554fd..de113e9a308cf89908018bd9ea5a10c2a445def2 100644 --- a/hw/usb-ohci.c +++ b/hw/usb-ohci.c @@ -89,6 +89,14 @@ typedef struct { uint32_t rhdesc_a, rhdesc_b; uint32_t rhstatus; OHCIPort rhport[OHCI_MAX_PORTS]; + + /* Active packets. */ + uint32_t old_ctl; + USBPacket usb_packet; + uint8_t usb_buf[8192]; + uint32_t async_td; + int async_complete; + } OHCIState; /* Host Controller Communications Area */ @@ -288,8 +296,7 @@ static void ohci_attach(USBPort *port1, USBDevice *dev) port->ctrl &= ~OHCI_PORT_LSDA; port->port.dev = dev; /* send the attach message */ - dev->handle_packet(dev, - USB_MSG_ATTACH, 0, 0, NULL, 0); + usb_send_msg(dev, USB_MSG_ATTACH); dprintf("usb-ohci: Attached port %d\n", port1->index); } else { /* set connect status */ @@ -305,8 +312,7 @@ static void ohci_attach(USBPort *port1, USBDevice *dev) dev = port->port.dev; if (dev) { /* send the detach message */ - dev->handle_packet(dev, - USB_MSG_DETACH, 0, 0, NULL, 0); + usb_send_msg(dev, USB_MSG_DETACH); } port->port.dev = NULL; dprintf("usb-ohci: Detached port %d\n", port1->index); @@ -323,6 +329,7 @@ static void ohci_reset(OHCIState *ohci) int i; ohci->ctl = 0; + ohci->old_ctl = 0; ohci->status = 0; ohci->intr_status = 0; ohci->intr = OHCI_INTR_MIE; @@ -356,6 +363,10 @@ static void ohci_reset(OHCIState *ohci) if (port->port.dev) ohci_attach(&port->port, port->port.dev); } + if (ohci->async_td) { + usb_cancel_packet(&ohci->usb_packet); + ohci->async_td = 0; + } dprintf("usb-ohci: Reset %s\n", ohci->pci_dev.name); } @@ -423,6 +434,18 @@ static void ohci_copy_td(struct ohci_td *td, uint8_t *buf, int len, int write) cpu_physical_memory_rw(ptr, buf, len - n, write); } +static void ohci_process_lists(OHCIState *ohci); + +static void ohci_async_complete_packet(USBPacket * packet, void *opaque) +{ + OHCIState *ohci = opaque; +#ifdef DEBUG_PACKET + dprintf("Async packet complete\n"); +#endif + ohci->async_complete = 1; + ohci_process_lists(ohci); +} + /* Service a transport descriptor. Returns nonzero to terminate processing of this endpoint. */ @@ -430,7 +453,6 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed) { int dir; size_t len = 0; - uint8_t buf[8192]; char *str = NULL; int pid; int ret; @@ -439,8 +461,17 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed) struct ohci_td td; uint32_t addr; int flag_r; + int completion; addr = ed->head & OHCI_DPTR_MASK; + /* See if this TD has already been submitted to the device. */ + completion = (addr == ohci->async_td); + if (completion && !ohci->async_complete) { +#ifdef DEBUG_PACKET + dprintf("Skipping async TD\n"); +#endif + return 1; + } if (!ohci_read_td(addr, &td)) { fprintf(stderr, "usb-ohci: TD read error at %x\n", addr); return 0; @@ -481,8 +512,8 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed) len = (td.be - td.cbp) + 1; } - if (len && dir != OHCI_TD_DIR_IN) { - ohci_copy_td(&td, buf, len, 0); + if (len && dir != OHCI_TD_DIR_IN && !completion) { + ohci_copy_td(&td, ohci->usb_buf, len, 0); } } @@ -494,31 +525,58 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed) if (len >= 0 && dir != OHCI_TD_DIR_IN) { dprintf(" data:"); for (i = 0; i < len; i++) - printf(" %.2x", buf[i]); + printf(" %.2x", ohci->usb_buf[i]); dprintf("\n"); } #endif - ret = USB_RET_NODEV; - for (i = 0; i < ohci->num_ports; i++) { - dev = ohci->rhport[i].port.dev; - if ((ohci->rhport[i].ctrl & OHCI_PORT_PES) == 0) - continue; - - ret = dev->handle_packet(dev, pid, OHCI_BM(ed->flags, ED_FA), - OHCI_BM(ed->flags, ED_EN), buf, len); - if (ret != USB_RET_NODEV) - break; - } + if (completion) { + ret = ohci->usb_packet.len; + ohci->async_td = 0; + ohci->async_complete = 0; + } else { + ret = USB_RET_NODEV; + for (i = 0; i < ohci->num_ports; i++) { + dev = ohci->rhport[i].port.dev; + if ((ohci->rhport[i].ctrl & OHCI_PORT_PES) == 0) + continue; + + if (ohci->async_td) { + /* ??? The hardware should allow one active packet per + endpoint. We only allow one active packet per controller. + This should be sufficient as long as devices respond in a + timely manner. + */ #ifdef DEBUG_PACKET - dprintf("ret=%d\n", ret); + dprintf("Too many pending packets\n"); #endif + return 1; + } + ohci->usb_packet.pid = pid; + ohci->usb_packet.devaddr = OHCI_BM(ed->flags, ED_FA); + ohci->usb_packet.devep = OHCI_BM(ed->flags, ED_EN); + ohci->usb_packet.data = ohci->usb_buf; + ohci->usb_packet.len = len; + ohci->usb_packet.complete_cb = ohci_async_complete_packet; + ohci->usb_packet.complete_opaque = ohci; + ret = dev->handle_packet(dev, &ohci->usb_packet); + if (ret != USB_RET_NODEV) + break; + } +#ifdef DEBUG_PACKET + dprintf("ret=%d\n", ret); +#endif + if (ret == USB_RET_ASYNC) { + ohci->async_td = addr; + return 1; + } + } if (ret >= 0) { if (dir == OHCI_TD_DIR_IN) { - ohci_copy_td(&td, buf, ret, 1); + ohci_copy_td(&td, ohci->usb_buf, ret, 1); #ifdef DEBUG_PACKET dprintf(" data:"); for (i = 0; i < ret; i++) - printf(" %.2x", buf[i]); + printf(" %.2x", ohci->usb_buf[i]); dprintf("\n"); #endif } else { @@ -608,8 +666,16 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head) next_ed = ed.next & OHCI_DPTR_MASK; - if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) + if ((ed.head & OHCI_ED_H) || (ed.flags & OHCI_ED_K)) { + uint32_t addr; + /* Cancel pending packets for ED that have been paused. */ + addr = ed.head & OHCI_DPTR_MASK; + if (ohci->async_td && addr == ohci->async_td) { + usb_cancel_packet(&ohci->usb_packet); + ohci->async_td = 0; + } continue; + } /* Skip isochronous endpoints. */ if (ed.flags & OHCI_ED_F) @@ -646,6 +712,26 @@ static void ohci_sof(OHCIState *ohci) ohci_set_interrupt(ohci, OHCI_INTR_SF); } +/* Process Control and Bulk lists. */ +static void ohci_process_lists(OHCIState *ohci) +{ + if ((ohci->ctl & OHCI_CTL_CLE) && (ohci->status & OHCI_STATUS_CLF)) { + if (ohci->ctrl_cur && ohci->ctrl_cur != ohci->ctrl_head) + dprintf("usb-ohci: head %x, cur %x\n", ohci->ctrl_head, ohci->ctrl_cur); + if (!ohci_service_ed_list(ohci, ohci->ctrl_head)) { + ohci->ctrl_cur = 0; + ohci->status &= ~OHCI_STATUS_CLF; + } + } + + if ((ohci->ctl & OHCI_CTL_BLE) && (ohci->status & OHCI_STATUS_BLF)) { + if (!ohci_service_ed_list(ohci, ohci->bulk_head)) { + ohci->bulk_cur = 0; + ohci->status &= ~OHCI_STATUS_BLF; + } + } +} + /* Do frame processing on frame boundary */ static void ohci_frame_boundary(void *opaque) { @@ -661,21 +747,15 @@ static void ohci_frame_boundary(void *opaque) n = ohci->frame_number & 0x1f; ohci_service_ed_list(ohci, le32_to_cpu(hcca.intr[n])); } - if ((ohci->ctl & OHCI_CTL_CLE) && (ohci->status & OHCI_STATUS_CLF)) { - if (ohci->ctrl_cur && ohci->ctrl_cur != ohci->ctrl_head) - dprintf("usb-ohci: head %x, cur %x\n", ohci->ctrl_head, ohci->ctrl_cur); - if (!ohci_service_ed_list(ohci, ohci->ctrl_head)) { - ohci->ctrl_cur = 0; - ohci->status &= ~OHCI_STATUS_CLF; - } - } - if ((ohci->ctl & OHCI_CTL_BLE) && (ohci->status & OHCI_STATUS_BLF)) { - if (!ohci_service_ed_list(ohci, ohci->bulk_head)) { - ohci->bulk_cur = 0; - ohci->status &= ~OHCI_STATUS_BLF; - } + /* Cancel all pending packets if either of the lists has been disabled. */ + if (ohci->async_td && + ohci->old_ctl & (~ohci->ctl) & (OHCI_CTL_BLE | OHCI_CTL_CLE)) { + usb_cancel_packet(&ohci->usb_packet); + ohci->async_td = 0; } + ohci->old_ctl = ohci->ctl; + ohci_process_lists(ohci); /* Frame boundary, so do EOF stuf here */ ohci->frt = ohci->fit; @@ -907,8 +987,7 @@ static void ohci_port_set_status(OHCIState *ohci, int portnum, uint32_t val) if (ohci_port_set_if_connected(ohci, portnum, val & OHCI_PORT_PRS)) { dprintf("usb-ohci: port %d: RESET\n", portnum); - port->port.dev->handle_packet(port->port.dev, USB_MSG_RESET, - 0, 0, NULL, 0); + usb_send_msg(port->port.dev, USB_MSG_RESET); port->ctrl &= ~OHCI_PORT_PRS; /* ??? Should this also set OHCI_PORT_PESC. */ port->ctrl |= OHCI_PORT_PES | OHCI_PORT_PRSC; @@ -1186,5 +1265,6 @@ void usb_ohci_init(struct PCIBus *bus, int num_ports, int devfn) qemu_register_usb_port(&ohci->rhport[i].port, ohci, i, ohci_attach); } + ohci->async_td = 0; ohci_reset(ohci); } diff --git a/hw/usb-uhci.c b/hw/usb-uhci.c index 1a6e0130f9753979f6c41c42937d42b7caa289f3..29809f96bfe93163506ee4178ca799ccd96cec53 100644 --- a/hw/usb-uhci.c +++ b/hw/usb-uhci.c @@ -76,6 +76,18 @@ typedef struct UHCIState { uint8_t status2; /* bit 0 and 1 are used to generate UHCI_STS_USBINT */ QEMUTimer *frame_timer; UHCIPort ports[NB_PORTS]; + + /* Interrupts that should be raised at the end of the current frame. */ + uint32_t pending_int_mask; + /* For simplicity of implementation we only allow a single pending USB + request. This means all usb traffic on this controller is effectively + suspended until that transfer completes. When the transfer completes + the next transfer from that queue will be processed. However + other queues will not be processed until the next frame. The solution + is to allow multiple pending requests. */ + uint32_t async_qh; + USBPacket usb_packet; + uint8_t usb_buf[1280]; } UHCIState; typedef struct UHCI_TD { @@ -188,8 +200,7 @@ static void uhci_ioport_writew(void *opaque, uint32_t addr, uint32_t val) port = &s->ports[i]; dev = port->port.dev; if (dev) { - dev->handle_packet(dev, - USB_MSG_RESET, 0, 0, NULL, 0); + usb_send_msg(dev, USB_MSG_RESET); } } uhci_reset(s); @@ -232,8 +243,7 @@ static void uhci_ioport_writew(void *opaque, uint32_t addr, uint32_t val) /* port reset */ if ( (val & UHCI_PORT_RESET) && !(port->ctrl & UHCI_PORT_RESET) ) { - dev->handle_packet(dev, - USB_MSG_RESET, 0, 0, NULL, 0); + usb_send_msg(dev, USB_MSG_RESET); } } port->ctrl = (port->ctrl & 0x01fb) | (val & ~0x01fb); @@ -336,8 +346,7 @@ static void uhci_attach(USBPort *port1, USBDevice *dev) port->ctrl &= ~UHCI_PORT_LSDA; port->port.dev = dev; /* send the attach message */ - dev->handle_packet(dev, - USB_MSG_ATTACH, 0, 0, NULL, 0); + usb_send_msg(dev, USB_MSG_ATTACH); } else { /* set connect status */ if (port->ctrl & UHCI_PORT_CCS) { @@ -352,16 +361,13 @@ static void uhci_attach(USBPort *port1, USBDevice *dev) dev = port->port.dev; if (dev) { /* send the detach message */ - dev->handle_packet(dev, - USB_MSG_DETACH, 0, 0, NULL, 0); + usb_send_msg(dev, USB_MSG_DETACH); } port->port.dev = NULL; } } -static int uhci_broadcast_packet(UHCIState *s, uint8_t pid, - uint8_t devaddr, uint8_t devep, - uint8_t *data, int len) +static int uhci_broadcast_packet(UHCIState *s, USBPacket *p) { UHCIPort *port; USBDevice *dev; @@ -370,18 +376,18 @@ static int uhci_broadcast_packet(UHCIState *s, uint8_t pid, #ifdef DEBUG_PACKET { const char *pidstr; - switch(pid) { + switch(p->pid) { case USB_TOKEN_SETUP: pidstr = "SETUP"; break; case USB_TOKEN_IN: pidstr = "IN"; break; case USB_TOKEN_OUT: pidstr = "OUT"; break; default: pidstr = "?"; break; } printf("frame %d: pid=%s addr=0x%02x ep=%d len=%d\n", - s->frnum, pidstr, devaddr, devep, len); - if (pid != USB_TOKEN_IN) { + s->frnum, pidstr, p->devaddr, p->devep, p->len); + if (p->pid != USB_TOKEN_IN) { printf(" data_out="); - for(i = 0; i < len; i++) { - printf(" %02x", data[i]); + for(i = 0; i < p->len; i++) { + printf(" %02x", p->data[i]); } printf("\n"); } @@ -391,17 +397,17 @@ static int uhci_broadcast_packet(UHCIState *s, uint8_t pid, port = &s->ports[i]; dev = port->port.dev; if (dev && (port->ctrl & UHCI_PORT_EN)) { - ret = dev->handle_packet(dev, pid, - devaddr, devep, - data, len); + ret = dev->handle_packet(dev, p); if (ret != USB_RET_NODEV) { #ifdef DEBUG_PACKET - { + if (ret == USB_RET_ASYNC) { + printf("usb-uhci: Async packet\n"); + } else { printf(" ret=%d ", ret); - if (pid == USB_TOKEN_IN && ret > 0) { + if (p->pid == USB_TOKEN_IN && ret > 0) { printf("data_in="); for(i = 0; i < ret; i++) { - printf(" %02x", data[i]); + printf(" %02x", p->data[i]); } } printf("\n"); @@ -414,6 +420,8 @@ static int uhci_broadcast_packet(UHCIState *s, uint8_t pid, return USB_RET_NODEV; } +static void uhci_async_complete_packet(USBPacket * packet, void *opaque); + /* return -1 if fatal error (frame must be stopped) 0 if TD successful 1 if TD unsuccessful or inactive @@ -421,9 +429,9 @@ static int uhci_broadcast_packet(UHCIState *s, uint8_t pid, static int uhci_handle_td(UHCIState *s, UHCI_TD *td, int *int_mask) { uint8_t pid; - uint8_t buf[1280]; int len, max_len, err, ret; + /* ??? This is wrong for async completion. */ if (td->ctrl & TD_CTRL_IOC) { *int_mask |= 0x01; } @@ -434,21 +442,8 @@ static int uhci_handle_td(UHCIState *s, UHCI_TD *td, int *int_mask) /* TD is active */ max_len = ((td->token >> 21) + 1) & 0x7ff; pid = td->token & 0xff; - switch(pid) { - case USB_TOKEN_OUT: - case USB_TOKEN_SETUP: - cpu_physical_memory_read(td->buffer, buf, max_len); - ret = uhci_broadcast_packet(s, pid, - (td->token >> 8) & 0x7f, - (td->token >> 15) & 0xf, - buf, max_len); - len = max_len; - break; - case USB_TOKEN_IN: - ret = uhci_broadcast_packet(s, pid, - (td->token >> 8) & 0x7f, - (td->token >> 15) & 0xf, - buf, max_len); + if (s->async_qh) { + ret = s->usb_packet.len; if (ret >= 0) { len = ret; if (len > max_len) { @@ -457,17 +452,52 @@ static int uhci_handle_td(UHCIState *s, UHCI_TD *td, int *int_mask) } if (len > 0) { /* write the data back */ - cpu_physical_memory_write(td->buffer, buf, len); + cpu_physical_memory_write(td->buffer, s->usb_buf, len); } } else { len = 0; } - break; - default: - /* invalid pid : frame interrupted */ - s->status |= UHCI_STS_HCPERR; - uhci_update_irq(s); - return -1; + s->async_qh = 0; + } else { + s->usb_packet.pid = pid; + s->usb_packet.devaddr = (td->token >> 8) & 0x7f; + s->usb_packet.devep = (td->token >> 15) & 0xf; + s->usb_packet.data = s->usb_buf; + s->usb_packet.len = max_len; + s->usb_packet.complete_cb = uhci_async_complete_packet; + s->usb_packet.complete_opaque = s; + switch(pid) { + case USB_TOKEN_OUT: + case USB_TOKEN_SETUP: + cpu_physical_memory_read(td->buffer, s->usb_buf, max_len); + ret = uhci_broadcast_packet(s, &s->usb_packet); + len = max_len; + break; + case USB_TOKEN_IN: + ret = uhci_broadcast_packet(s, &s->usb_packet); + if (ret >= 0) { + len = ret; + if (len > max_len) { + len = max_len; + ret = USB_RET_BABBLE; + } + if (len > 0) { + /* write the data back */ + cpu_physical_memory_write(td->buffer, s->usb_buf, len); + } + } else { + len = 0; + } + break; + default: + /* invalid pid : frame interrupted */ + s->status |= UHCI_STS_HCPERR; + uhci_update_irq(s); + return -1; + } + } + if (ret == USB_RET_ASYNC) { + return 2; } if (td->ctrl & TD_CTRL_IOS) td->ctrl &= ~TD_CTRL_ACTIVE; @@ -520,6 +550,61 @@ static int uhci_handle_td(UHCIState *s, UHCI_TD *td, int *int_mask) } } +static void uhci_async_complete_packet(USBPacket * packet, void *opaque) +{ + UHCIState *s = opaque; + UHCI_QH qh; + UHCI_TD td; + uint32_t link; + uint32_t old_td_ctrl; + uint32_t val; + int ret; + + link = s->async_qh; + if (!link) { + /* This should never happen. It means a TD somehow got removed + without cancelling the associated async IO request. */ + return; + } + cpu_physical_memory_read(link & ~0xf, (uint8_t *)&qh, sizeof(qh)); + le32_to_cpus(&qh.link); + le32_to_cpus(&qh.el_link); + /* Re-process the queue containing the async packet. */ + while (1) { + cpu_physical_memory_read(qh.el_link & ~0xf, + (uint8_t *)&td, sizeof(td)); + le32_to_cpus(&td.link); + le32_to_cpus(&td.ctrl); + le32_to_cpus(&td.token); + le32_to_cpus(&td.buffer); + old_td_ctrl = td.ctrl; + ret = uhci_handle_td(s, &td, &s->pending_int_mask); + /* update the status bits of the TD */ + if (old_td_ctrl != td.ctrl) { + val = cpu_to_le32(td.ctrl); + cpu_physical_memory_write((qh.el_link & ~0xf) + 4, + (const uint8_t *)&val, + sizeof(val)); + } + if (ret < 0) + break; /* interrupted frame */ + if (ret == 2) { + s->async_qh = link; + break; + } else if (ret == 0) { + /* update qh element link */ + qh.el_link = td.link; + val = cpu_to_le32(qh.el_link); + cpu_physical_memory_write((link & ~0xf) + 4, + (const uint8_t *)&val, + sizeof(val)); + if (!(qh.el_link & 4)) + break; + } + break; + } +} + static void uhci_frame_timer(void *opaque) { UHCIState *s = opaque; @@ -528,6 +613,7 @@ static void uhci_frame_timer(void *opaque) int int_mask, cnt, ret; UHCI_TD td; UHCI_QH qh; + uint32_t old_async_qh; if (!(s->cmd & UHCI_CMD_RS)) { qemu_del_timer(s->frame_timer); @@ -535,6 +621,14 @@ static void uhci_frame_timer(void *opaque) s->status |= UHCI_STS_HCHALTED; return; } + /* Complete the previous frame. */ + s->frnum = (s->frnum + 1) & 0x7ff; + if (s->pending_int_mask) { + s->status2 |= s->pending_int_mask; + s->status |= UHCI_STS_USBINT; + uhci_update_irq(s); + } + old_async_qh = s->async_qh; frame_addr = s->fl_base_addr + ((s->frnum & 0x3ff) << 2); cpu_physical_memory_read(frame_addr, (uint8_t *)&link, 4); le32_to_cpus(&link); @@ -546,6 +640,12 @@ static void uhci_frame_timer(void *opaque) /* valid frame */ if (link & 2) { /* QH */ + if (link == s->async_qh) { + /* We've found a previously issues packet. + Nothing else to do. */ + old_async_qh = 0; + break; + } cpu_physical_memory_read(link & ~0xf, (uint8_t *)&qh, sizeof(qh)); le32_to_cpus(&qh.link); le32_to_cpus(&qh.el_link); @@ -556,6 +656,10 @@ static void uhci_frame_timer(void *opaque) } else if (qh.el_link & 2) { /* QH */ link = qh.el_link; + } else if (s->async_qh) { + /* We can only cope with one pending packet. Keep looking + for the previously issued packet. */ + link = qh.link; } else { /* TD */ if (--cnt == 0) @@ -577,7 +681,9 @@ static void uhci_frame_timer(void *opaque) } if (ret < 0) break; /* interrupted frame */ - if (ret == 0) { + if (ret == 2) { + s->async_qh = link; + } else if (ret == 0) { /* update qh element link */ qh.el_link = td.link; val = cpu_to_le32(qh.el_link); @@ -599,25 +705,41 @@ static void uhci_frame_timer(void *opaque) le32_to_cpus(&td.ctrl); le32_to_cpus(&td.token); le32_to_cpus(&td.buffer); - old_td_ctrl = td.ctrl; - ret = uhci_handle_td(s, &td, &int_mask); - /* update the status bits of the TD */ - if (old_td_ctrl != td.ctrl) { - val = cpu_to_le32(td.ctrl); - cpu_physical_memory_write((link & ~0xf) + 4, - (const uint8_t *)&val, - sizeof(val)); + /* Ignore isochonous transfers while there is an async packet + pending. This is wrong, but we don't implement isochronous + transfers anyway. */ + if (s->async_qh == 0) { + old_td_ctrl = td.ctrl; + ret = uhci_handle_td(s, &td, &int_mask); + /* update the status bits of the TD */ + if (old_td_ctrl != td.ctrl) { + val = cpu_to_le32(td.ctrl); + cpu_physical_memory_write((link & ~0xf) + 4, + (const uint8_t *)&val, + sizeof(val)); + } + if (ret < 0) + break; /* interrupted frame */ + if (ret == 2) { + /* We can't handle async isochronous transfers. + Cancel The packet. */ + fprintf(stderr, "usb-uhci: Unimplemented async packet\n"); + usb_cancel_packet(&s->usb_packet); + } } - if (ret < 0) - break; /* interrupted frame */ link = td.link; } } - s->frnum = (s->frnum + 1) & 0x7ff; - if (int_mask) { - s->status2 |= int_mask; - s->status |= UHCI_STS_USBINT; - uhci_update_irq(s); + s->pending_int_mask = int_mask; + if (old_async_qh) { + /* A previously started transfer has disappeared from the transfer + list. There's nothing useful we can do with it now, so just + discard the packet and hope it wasn't too important. */ +#ifdef DEBUG + printf("Discarding USB packet\n"); +#endif + usb_cancel_packet(&s->usb_packet); + s->async_qh = 0; } /* prepare the timer for the next frame */ expire_time = qemu_get_clock(vm_clock) + diff --git a/hw/usb.c b/hw/usb.c index 34aac5fa9b6f85f27e13adf2ff9fe0112a3eb2e5..efbc6dbe9864c2c376e6a49c0d72917648c9beac 100644 --- a/hw/usb.c +++ b/hw/usb.c @@ -38,13 +38,13 @@ void usb_attach(USBPort *port, USBDevice *dev) #define SETUP_STATE_DATA 1 #define SETUP_STATE_ACK 2 -int usb_generic_handle_packet(USBDevice *s, int pid, - uint8_t devaddr, uint8_t devep, - uint8_t *data, int len) +int usb_generic_handle_packet(USBDevice *s, USBPacket *p) { int l, ret = 0; + int len = p->len; + uint8_t *data = p->data; - switch(pid) { + switch(p->pid) { case USB_MSG_ATTACH: s->state = USB_STATE_ATTACHED; break; @@ -58,7 +58,7 @@ int usb_generic_handle_packet(USBDevice *s, int pid, s->handle_reset(s); break; case USB_TOKEN_SETUP: - if (s->state < USB_STATE_DEFAULT || devaddr != s->addr) + if (s->state < USB_STATE_DEFAULT || p->devaddr != s->addr) return USB_RET_NODEV; if (len != 8) goto fail; @@ -85,9 +85,9 @@ int usb_generic_handle_packet(USBDevice *s, int pid, } break; case USB_TOKEN_IN: - if (s->state < USB_STATE_DEFAULT || devaddr != s->addr) + if (s->state < USB_STATE_DEFAULT || p->devaddr != s->addr) return USB_RET_NODEV; - switch(devep) { + switch(p->devep) { case 0: switch(s->setup_state) { case SETUP_STATE_ACK: @@ -125,14 +125,14 @@ int usb_generic_handle_packet(USBDevice *s, int pid, } break; default: - ret = s->handle_data(s, pid, devep, data, len); + ret = s->handle_data(s, p); break; } break; case USB_TOKEN_OUT: - if (s->state < USB_STATE_DEFAULT || devaddr != s->addr) + if (s->state < USB_STATE_DEFAULT || p->devaddr != s->addr) return USB_RET_NODEV; - switch(devep) { + switch(p->devep) { case 0: switch(s->setup_state) { case SETUP_STATE_ACK: @@ -163,7 +163,7 @@ int usb_generic_handle_packet(USBDevice *s, int pid, } break; default: - ret = s->handle_data(s, pid, devep, data, len); + ret = s->handle_data(s, p); break; } break; @@ -191,3 +191,13 @@ int set_usb_string(uint8_t *buf, const char *str) } return q - buf; } + +/* Send an internal message to a USB device. */ +void usb_send_msg(USBDevice *dev, int msg) +{ + USBPacket p; + memset(&p, 0, sizeof(p)); + p.pid = msg; + dev->handle_packet(dev, &p); +} + diff --git a/hw/usb.h b/hw/usb.h index 98fde065697f52e282c9df38c20750a0fe79db7f..ed8890e39ad13c250991bc6d4c59f5415b09da58 100644 --- a/hw/usb.h +++ b/hw/usb.h @@ -34,6 +34,7 @@ #define USB_RET_NAK (-2) #define USB_RET_STALL (-3) #define USB_RET_BABBLE (-4) +#define USB_RET_ASYNC (-5) #define USB_SPEED_LOW 0 #define USB_SPEED_FULL 1 @@ -109,13 +110,12 @@ typedef struct USBPort USBPort; typedef struct USBDevice USBDevice; +typedef struct USBPacket USBPacket; /* definition of a USB device */ struct USBDevice { void *opaque; - int (*handle_packet)(USBDevice *dev, int pid, - uint8_t devaddr, uint8_t devep, - uint8_t *data, int len); + int (*handle_packet)(USBDevice *dev, USBPacket *p); void (*handle_destroy)(USBDevice *dev); int speed; @@ -126,8 +126,7 @@ struct USBDevice { void (*handle_reset)(USBDevice *dev); int (*handle_control)(USBDevice *dev, int request, int value, int index, int length, uint8_t *data); - int (*handle_data)(USBDevice *dev, int pid, uint8_t devep, - uint8_t *data, int len); + int (*handle_data)(USBDevice *dev, USBPacket *p); uint8_t addr; char devname[32]; @@ -151,11 +150,54 @@ struct USBPort { struct USBPort *next; /* Used internally by qemu. */ }; +typedef void USBCallback(USBPacket * packet, void *opaque); + +/* Structure used to hold information about an active USB packet. */ +struct USBPacket { + /* Data fields for use by the driver. */ + int pid; + uint8_t devaddr; + uint8_t devep; + uint8_t *data; + int len; + /* Internal use by the USB layer. */ + USBCallback *complete_cb; + void *complete_opaque; + USBCallback *cancel_cb; + void * *cancel_opaque; +}; + +/* Defer completion of a USB packet. The hadle_packet routine should then + return USB_RET_ASYNC. Packets that complete immediately (before + handle_packet returns) should not call this method. */ +static inline void usb_defer_packet(USBPacket *p, USBCallback *cancel, + void * opaque) +{ + p->cancel_cb = cancel; + p->cancel_opaque = opaque; +} + +/* Notify the controller that an async packet is complete. This should only + be called for packets previously deferred with usb_defer_packet, and + should never be called from within handle_packet. */ +static inline void usb_packet_complete(USBPacket *p) +{ + p->complete_cb(p, p->complete_opaque); +} + +/* Cancel an active packet. The packed must have been deferred with + usb_defer_packet, and not yet completed. */ +static inline void usb_cancel_packet(USBPacket * p) +{ + p->cancel_cb(p, p->cancel_opaque); +} + void usb_attach(USBPort *port, USBDevice *dev); -int usb_generic_handle_packet(USBDevice *s, int pid, - uint8_t devaddr, uint8_t devep, - uint8_t *data, int len); +int usb_generic_handle_packet(USBDevice *s, USBPacket *p); int set_usb_string(uint8_t *buf, const char *str); +void usb_send_msg(USBDevice *dev, int msg); + +void usb_packet_complete(USBPacket *p); /* usb hub */ USBDevice *usb_hub_init(int nb_ports); diff --git a/pc-bios/openbios-esp.diff b/pc-bios/openbios-esp.diff new file mode 100644 index 0000000000000000000000000000000000000000..5d4f836f1229109aa332e4532b492966b77dfe86 --- /dev/null +++ b/pc-bios/openbios-esp.diff @@ -0,0 +1,30 @@ +The ESP SCSI driver currently doesn't check whether a DMA requests has +completed before checking its status. On older qemu versions this works ok +because DMA happens instantly. On never qemu DMA can take an indeterminate +amount of time ooto complete, just like on real hardware. + +The patch below waits for the controller to raise the DMA interrupt after +initiating a DMA request. + +Index: drivers/esp.c +=================================================================== +--- drivers/esp.c (revision 61) ++++ drivers/esp.c (working copy) +@@ -113,6 +113,8 @@ do_command(esp_private_t *esp, sd_privat + esp->espdma.regs->cond_reg = 0; + // Set ATN, issue command + esp->ll->regs[ESP_CMD] = ESP_CMD_SELA | ESP_CMD_DMA; ++ // Wait for DMA to complete ++ while ((esp->espdma.regs->cond_reg & DMA_HNDL_INTR) == 0) /* no-op */; + // Check status + status = esp->ll->regs[ESP_STATUS]; + +@@ -129,6 +131,8 @@ do_command(esp_private_t *esp, sd_privat + esp->espdma.regs->cond_reg = DMA_ST_WRITE; + // Transfer + esp->ll->regs[ESP_CMD] = ESP_CMD_TI | ESP_CMD_DMA; ++ // Wait for DMA to complete ++ while ((esp->espdma.regs->cond_reg & DMA_HNDL_INTR) == 0) /* no-op */; + // Check status + status = esp->ll->regs[ESP_STATUS]; + diff --git a/pc-bios/openbios-sparc32 b/pc-bios/openbios-sparc32 index 7a729aa81ba39b3ed037ac7fad1db4616818738b..04b60776df5cb83e617cab5e714a87210dbff365 100644 Binary files a/pc-bios/openbios-sparc32 and b/pc-bios/openbios-sparc32 differ diff --git a/usb-linux.c b/usb-linux.c index 0a13753d4806ddae083bb11e51432dec38eb41ac..77436927cd84f85cb1ee164cdc8a28d89b0958a6 100644 --- a/usb-linux.c +++ b/usb-linux.c @@ -114,22 +114,21 @@ static int usb_host_handle_control(USBDevice *dev, } } -static int usb_host_handle_data(USBDevice *dev, int pid, - uint8_t devep, - uint8_t *data, int len) +static int usb_host_handle_data(USBDevice *dev, USBPacket *p) { USBHostDevice *s = (USBHostDevice *)dev; struct usbdevfs_bulktransfer bt; int ret; + uint8_t devep = p->devep; /* XXX: optimize and handle all data types by looking at the config descriptor */ - if (pid == USB_TOKEN_IN) + if (p->pid == USB_TOKEN_IN) devep |= 0x80; bt.ep = devep; - bt.len = len; + bt.len = p->len; bt.timeout = 50; - bt.data = data; + bt.data = p->data; ret = ioctl(s->fd, USBDEVFS_BULK, &bt); if (ret < 0) { switch(errno) { diff --git a/vl.h b/vl.h index 1632e3571162b3fa366b2f99eb4cfb9f12569e3b..5a1032681d366c91a04efbed02fa3e674a5c5939 100644 --- a/vl.h +++ b/vl.h @@ -1146,6 +1146,11 @@ void do_usb_del(const char *devname); void usb_info(void); /* scsi-disk.c */ +enum scsi_reason { + SCSI_REASON_DONE, /* Command complete. */ + SCSI_REASON_DATA /* Transfer complete, more data required. */ +}; + typedef struct SCSIDevice SCSIDevice; typedef void (*scsi_completionfn)(void *, uint32_t, int); @@ -1155,8 +1160,12 @@ SCSIDevice *scsi_disk_init(BlockDriverState *bdrv, void scsi_disk_destroy(SCSIDevice *s); int32_t scsi_send_command(SCSIDevice *s, uint32_t tag, uint8_t *buf, int lun); +/* SCSI data transfers are asynchrnonous. However, unlike the block IO + layer the completion routine may be called directly by + scsi_{read,write}_data. */ int scsi_read_data(SCSIDevice *s, uint8_t *data, uint32_t len); int scsi_write_data(SCSIDevice *s, uint8_t *data, uint32_t len); +void scsi_cancel_io(SCSIDevice *s); /* lsi53c895a.c */ void lsi_scsi_attach(void *opaque, BlockDriverState *bd, int id);