2 * Xen Virtual USB Frontend Driver
4 * This file contains the first version of the Xen virtual USB hub
5 * that I've managed not to delete by mistake (3rd time lucky!).
7 * Based on Linux's uhci.c, original copyright notices are displayed
8 * below. Portions also (c) 2004 Intel Research Cambridge
9 * and (c) 2004, 2005 Mark Williamson
11 * Contact <mark.williamson@cl.cam.ac.uk> or
12 * <xen-devel@lists.sourceforge.net> regarding this code.
14 * Still to be (maybe) implemented:
15 * - migration / backend restart support?
16 * - support for building / using as a module
20 * Universal Host Controller Interface driver for USB.
22 * Maintainer: Johannes Erdfelt <johannes@erdfelt.com>
24 * (C) Copyright 1999 Linus Torvalds
25 * (C) Copyright 1999-2002 Johannes Erdfelt, johannes@erdfelt.com
26 * (C) Copyright 1999 Randy Dunlap
27 * (C) Copyright 1999 Georg Acher, acher@in.tum.de
28 * (C) Copyright 1999 Deti Fliegl, deti@fliegl.de
29 * (C) Copyright 1999 Thomas Sailer, sailer@ife.ee.ethz.ch
30 * (C) Copyright 1999 Roman Weissgaerber, weissg@vienna.at
31 * (C) Copyright 2000 Yggdrasil Computing, Inc. (port of new PCI interface
32 * support from usb-ohci.c by Adam Richter, adam@yggdrasil.com).
33 * (C) Copyright 1999 Gregory P. Smith (from usb-ohci.c)
35 * Intel documents this fairly well, and as far as I know there
36 * are no royalties or anything like that, but even so there are
37 * people who decided that they want to do the same thing in a
38 * completely different way.
40 * WARNING! The USB documentation is downright evil. Most of it
41 * is just crap, written by a committee. You're better off ignoring
42 * most of it, the important stuff is:
43 * - the low-level protocol (fairly simple but lots of small details)
44 * - working around the horridness of the rest
47 #include <linux/config.h>
48 #include <linux/module.h>
49 #include <linux/kernel.h>
50 #include <linux/init.h>
51 #include <linux/sched.h>
52 #include <linux/delay.h>
53 #include <linux/slab.h>
54 #include <linux/smp_lock.h>
55 #include <linux/errno.h>
56 #include <linux/interrupt.h>
57 #include <linux/spinlock.h>
58 #ifdef CONFIG_USB_DEBUG
63 #include <linux/usb.h>
66 #include <asm/system.h>
70 #include "../../../../../drivers/usb/hcd.h"
72 #include <asm-xen/xen-public/io/usbif.h>
73 #include <asm/ctrl_if.h>
74 #include <asm/xen-public/io/domain_controller.h>
79 #define DRIVER_VERSION "v1.0"
80 #define DRIVER_AUTHOR "Linus 'Frodo Rabbit' Torvalds, Johannes Erdfelt, " \
81 "Randy Dunlap, Georg Acher, Deti Fliegl, " \
82 "Thomas Sailer, Roman Weissgaerber, Mark Williamson"
83 #define DRIVER_DESC "Xen Virtual USB Host Controller Interface"
86 * debug = 0, no debugging messages
87 * debug = 1, dump failed URB's except for stalls
88 * debug = 2, dump all failed URB's (including stalls)
95 MODULE_PARM(debug, "i");
96 MODULE_PARM_DESC(debug, "Debug level");
98 #define ERRBUF_LEN (PAGE_SIZE * 8)
100 static int rh_submit_urb(struct urb *urb);
101 static int rh_unlink_urb(struct urb *urb);
102 static int xhci_unlink_urb(struct urb *urb);
103 static void xhci_call_completion(struct urb *urb);
104 static void xhci_drain_ring(void);
105 static void xhci_transfer_result(struct xhci *xhci, struct urb *urb);
106 static void xhci_finish_completion(void);
108 #define MAX_URB_LOOP 2048 /* Maximum number of linked URB's */
110 static kmem_cache_t *xhci_up_cachep; /* urb_priv cache */
111 static struct xhci *xhci; /* XHCI structure for the interface */
113 /******************************************************************************
119 static void dump_urb(struct urb *urb)
121 printk(KERN_DEBUG "dumping urb @ %p\n"
127 " transfer_flags = 0x%lx\n"
128 " transfer_buffer = %p\n"
129 " transfer_buffer_length = %d\n"
130 " actual_length = %d\n"
132 " setup_packet = %p\n",
133 urb, urb->hcpriv, urb->next, urb->dev, urb->pipe, urb->status,
134 urb->transfer_flags, urb->transfer_buffer,
135 urb->transfer_buffer_length, urb->actual_length, urb->bandwidth,
137 if ( urb->setup_packet != NULL )
139 "setup = { 0x%x, 0x%x, 0x%x, 0x%x, 0x%x, 0x%x, 0x%x, 0x%x }\n",
140 urb->setup_packet[0], urb->setup_packet[1],
141 urb->setup_packet[2], urb->setup_packet[3],
142 urb->setup_packet[4], urb->setup_packet[5],
143 urb->setup_packet[6], urb->setup_packet[7]);
144 printk(KERN_DEBUG "complete = %p\n"
145 "interval = %d\n", urb->complete, urb->interval);
149 static void xhci_show_resp(usbif_response_t *r)
151 printk(KERN_DEBUG "dumping response @ %p\n"
157 r->id, r->operation, r->data, r->status, r->length);
160 #define DPRINK(...) printk(KERN_DEBUG __VA_ARGS__)
164 #define dump_urb(blah) ((void)0)
165 #define xhci_show_resp(blah) ((void)0)
166 #define DPRINTK(blah,...) ((void)0)
170 /******************************************************************************
171 * RING REQUEST HANDLING
174 #define RING_PLUGGED(_hc) ( RING_FULL(&_hc->usb_ring) || _hc->recovery )
177 * xhci_construct_isoc - add isochronous information to a request
179 static int xhci_construct_isoc(usbif_request_t *req, struct urb *urb)
181 usbif_iso_t *schedule;
183 struct urb_priv *urb_priv = urb->hcpriv;
185 req->num_iso = urb->number_of_packets;
186 schedule = (usbif_iso_t *)__get_free_page(GFP_KERNEL);
188 if ( schedule == NULL )
191 for ( i = 0; i < req->num_iso; i++ )
193 schedule[i].buffer_offset = urb->iso_frame_desc[i].offset;
194 schedule[i].length = urb->iso_frame_desc[i].length;
197 urb_priv->schedule = schedule;
198 req->iso_schedule = virt_to_machine(schedule);
204 * xhci_queue_req - construct and queue request for an URB
206 static int xhci_queue_req(struct urb *urb)
209 usbif_request_t *req;
210 usbif_front_ring_t *usb_ring = &xhci->usb_ring;
214 "usbif = %p, req_prod = %d (@ 0x%lx), resp_prod = %d, resp_cons = %d\n",
215 usbif, usbif->req_prod, virt_to_machine(&usbif->req_prod),
216 usbif->resp_prod, xhci->usb_resp_cons);
219 spin_lock_irqsave(&xhci->ring_lock, flags);
221 if ( RING_PLUGGED(xhci) )
224 "xhci_queue_req(): USB ring plugged, not queuing request\n");
225 spin_unlock_irqrestore(&xhci->ring_lock, flags);
229 /* Stick something in the shared communications ring. */
230 req = RING_GET_REQUEST(usb_ring, usb_ring->req_prod_pvt);
232 req->operation = USBIF_OP_IO;
233 req->port = 0; /* We don't care what the port is. */
234 req->id = (unsigned long) urb->hcpriv;
235 req->transfer_buffer = virt_to_machine(urb->transfer_buffer);
236 req->devnum = usb_pipedevice(urb->pipe);
237 req->direction = usb_pipein(urb->pipe);
238 req->speed = usb_pipeslow(urb->pipe);
239 req->pipe_type = usb_pipetype(urb->pipe);
240 req->length = urb->transfer_buffer_length;
241 req->transfer_flags = urb->transfer_flags;
242 req->endpoint = usb_pipeendpoint(urb->pipe);
243 req->speed = usb_pipeslow(urb->pipe);
244 req->timeout = urb->timeout * (1000 / HZ);
246 if ( usb_pipetype(urb->pipe) == 0 ) /* ISO */
248 int ret = xhci_construct_isoc(req, urb);
253 if(urb->setup_packet != NULL)
254 memcpy(req->setup, urb->setup_packet, 8);
256 memset(req->setup, 0, 8);
258 usb_ring->req_prod_pvt++;
259 RING_PUSH_REQUESTS(usb_ring);
261 spin_unlock_irqrestore(&xhci->ring_lock, flags);
263 notify_via_evtchn(xhci->evtchn);
265 DPRINTK("Queued request for an URB.\n");
272 * xhci_queue_probe - queue a probe request for a particular port
274 static inline usbif_request_t *xhci_queue_probe(usbif_vdev_t port)
276 usbif_request_t *req;
277 usbif_front_ring_t *usb_ring = &xhci->usb_ring;
281 "queuing probe: req_prod = %d (@ 0x%lx), resp_prod = %d, "
282 "resp_cons = %d\n", usbif->req_prod,
283 virt_to_machine(&usbif->req_prod),
284 usbif->resp_prod, xhci->usb_resp_cons);
287 /* This is always called from the timer interrupt. */
288 spin_lock(&xhci->ring_lock);
290 if ( RING_PLUGGED(xhci) )
293 "xhci_queue_probe(): ring full, not queuing request\n");
294 spin_unlock(&xhci->ring_lock);
298 /* Stick something in the shared communications ring. */
299 req = RING_GET_REQUEST(usb_ring, usb_ring->req_prod_pvt);
301 memset(req, 0, sizeof(*req));
303 req->operation = USBIF_OP_PROBE;
306 usb_ring->req_prod_pvt++;
307 RING_PUSH_REQUESTS(usb_ring);
309 spin_unlock(&xhci->ring_lock);
311 notify_via_evtchn(xhci->evtchn);
317 * xhci_port_reset - queue a reset request for a particular port
319 static int xhci_port_reset(usbif_vdev_t port)
321 usbif_request_t *req;
322 usbif_front_ring_t *usb_ring = &xhci->usb_ring;
324 /* Only ever happens from process context (hub thread). */
325 spin_lock_irq(&xhci->ring_lock);
327 if ( RING_PLUGGED(xhci) )
330 "xhci_port_reset(): ring plugged, not queuing request\n");
331 spin_unlock_irq(&xhci->ring_lock);
335 /* We only reset one port at a time, so we only need one variable per
337 xhci->awaiting_reset = 1;
339 /* Stick something in the shared communications ring. */
340 req = RING_GET_REQUEST(usb_ring, usb_ring->req_prod_pvt);
342 memset(req, 0, sizeof(*req));
344 req->operation = USBIF_OP_RESET;
347 usb_ring->req_prod_pvt++;
348 RING_PUSH_REQUESTS(usb_ring);
350 spin_unlock_irq(&xhci->ring_lock);
352 notify_via_evtchn(xhci->evtchn);
354 while ( xhci->awaiting_reset > 0 )
360 xhci->rh.ports[port].pe = 1;
361 xhci->rh.ports[port].pe_chg = 1;
363 return xhci->awaiting_reset;
367 /******************************************************************************
368 * RING RESPONSE HANDLING
371 static void receive_usb_reset(usbif_response_t *resp)
373 xhci->awaiting_reset = resp->status;
378 static void receive_usb_probe(usbif_response_t *resp)
380 spin_lock(&xhci->rh.port_state_lock);
382 if ( resp->status >= 0 )
384 if ( resp->status == 1 )
386 /* If theres a device there and there wasn't one before there must
387 * have been a connection status change. */
388 if( xhci->rh.ports[resp->data].cs == 0 )
390 xhci->rh.ports[resp->data].cs = 1;
391 xhci->rh.ports[resp->data].cs_chg = 1;
394 else if ( resp->status == 0 )
396 if(xhci->rh.ports[resp->data].cs == 1 )
398 xhci->rh.ports[resp->data].cs = 0;
399 xhci->rh.ports[resp->data].cs_chg = 1;
400 xhci->rh.ports[resp->data].pe = 0;
401 /* According to USB Spec v2.0, 11.24.2.7.2.2, we don't need
402 * to set pe_chg since an error has not occurred. */
406 printk(KERN_WARNING "receive_usb_probe(): unexpected status %d "
407 "for port %d\n", resp->status, resp->data);
409 else if ( resp->status < 0)
410 printk(KERN_WARNING "receive_usb_probe(): got error status %d\n",
413 spin_unlock(&xhci->rh.port_state_lock);
416 static void receive_usb_io(usbif_response_t *resp)
418 struct urb_priv *urbp = (struct urb_priv *)resp->id;
419 struct urb *urb = urbp->urb;
421 urb->actual_length = resp->length;
422 urbp->in_progress = 0;
424 if( usb_pipetype(urb->pipe) == 0 ) /* ISO */
428 /* Copy ISO schedule results back in. */
429 for ( i = 0; i < urb->number_of_packets; i++ )
431 urb->iso_frame_desc[i].status
432 = urbp->schedule[i].status;
433 urb->iso_frame_desc[i].actual_length
434 = urbp->schedule[i].length;
436 free_page((unsigned long)urbp->schedule);
439 /* Only set status if it's not been changed since submission. It might
440 * have been changed if the URB has been unlinked asynchronously, for
442 if ( urb->status == -EINPROGRESS )
443 urbp->status = urb->status = resp->status;
447 * xhci_drain_ring - drain responses from the ring, calling handlers
449 * This may be called from interrupt context when an event is received from the
450 * backend domain, or sometimes in process context whilst waiting for a port
451 * reset or URB completion.
453 static void xhci_drain_ring(void)
455 struct list_head *tmp, *head;
456 usbif_front_ring_t *usb_ring = &xhci->usb_ring;
457 usbif_response_t *resp;
460 /* Walk the ring here to get responses, updating URBs to show what
463 rp = usb_ring->sring->rsp_prod;
464 rmb(); /* Ensure we see queued requests up to 'rp'. */
466 /* Take items off the comms ring, taking care not to overflow. */
467 for ( i = usb_ring->rsp_cons; i != rp; i++ )
469 resp = RING_GET_RESPONSE(usb_ring, i);
471 /* May need to deal with batching and with putting a ceiling on
472 the number dispatched for performance and anti-dos reasons */
474 xhci_show_resp(resp);
476 switch ( resp->operation )
479 receive_usb_probe(resp);
483 receive_usb_io(resp);
487 receive_usb_reset(resp);
492 "error: unknown USB io operation response [%d]\n",
498 usb_ring->rsp_cons = i;
500 /* Walk the list of pending URB's to see which ones completed and do
502 spin_lock(&xhci->urb_list_lock);
503 head = &xhci->urb_list;
505 while (tmp != head) {
506 struct urb *urb = list_entry(tmp, struct urb, urb_list);
510 /* Checks the status and does all of the magic necessary */
511 xhci_transfer_result(xhci, urb);
513 spin_unlock(&xhci->urb_list_lock);
515 xhci_finish_completion();
519 static void xhci_interrupt(int irq, void *__xhci, struct pt_regs *regs)
524 /******************************************************************************
525 * HOST CONTROLLER FUNCTIONALITY
529 * no-op implementation of private device alloc / free routines
531 static int xhci_do_nothing_dev(struct usb_device *dev)
536 static inline void xhci_add_complete(struct urb *urb)
538 struct urb_priv *urbp = (struct urb_priv *)urb->hcpriv;
541 spin_lock_irqsave(&xhci->complete_list_lock, flags);
542 list_add_tail(&urbp->complete_list, &xhci->complete_list);
543 spin_unlock_irqrestore(&xhci->complete_list_lock, flags);
546 /* When this returns, the owner of the URB may free its
549 * We spin and wait for the URB to complete before returning.
551 * Call with urb->lock acquired.
553 static void xhci_delete_urb(struct urb *urb)
555 struct urb_priv *urbp;
559 /* If there's no urb_priv structure for this URB then it can't have
560 * been submitted at all. */
564 /* For now we just spin until the URB completes. It shouldn't take too
565 * long and we don't expect to have to do this very often. */
566 while ( urb->status == -EINPROGRESS )
572 /* Now we know that further transfers to the buffer won't
573 * occur, so we can safely return. */
576 static struct urb_priv *xhci_alloc_urb_priv(struct urb *urb)
578 struct urb_priv *urbp;
580 urbp = kmem_cache_alloc(xhci_up_cachep, SLAB_ATOMIC);
582 err("xhci_alloc_urb_priv: couldn't allocate memory for urb_priv\n");
586 memset((void *)urbp, 0, sizeof(*urbp));
588 urbp->inserttime = jiffies;
590 urbp->dev = urb->dev;
592 INIT_LIST_HEAD(&urbp->complete_list);
600 * MUST be called with urb->lock acquired
602 /* When is this called? Do we need to stop the transfer (as we
604 static void xhci_destroy_urb_priv(struct urb *urb)
606 struct urb_priv *urbp;
608 urbp = (struct urb_priv *)urb->hcpriv;
612 if (!list_empty(&urb->urb_list))
613 warn("xhci_destroy_urb_priv: urb %p still on xhci->urb_list", urb);
615 if (!list_empty(&urbp->complete_list))
616 warn("xhci_destroy_urb_priv: urb %p still on xhci->complete_list", urb);
618 kmem_cache_free(xhci_up_cachep, urb->hcpriv);
624 * Try to find URBs in progress on the same pipe to the same device.
626 * MUST be called with xhci->urb_list_lock acquired
628 static struct urb *xhci_find_urb_ep(struct xhci *xhci, struct urb *urb)
630 struct list_head *tmp, *head;
632 /* We don't match Isoc transfers since they are special */
633 if (usb_pipeisoc(urb->pipe))
636 head = &xhci->urb_list;
638 while (tmp != head) {
639 struct urb *u = list_entry(tmp, struct urb, urb_list);
643 if (u->dev == urb->dev && u->pipe == urb->pipe &&
644 u->status == -EINPROGRESS)
651 static int xhci_submit_urb(struct urb *urb)
658 DPRINTK("URB submitted to XHCI driver.\n");
664 if (!urb->dev || !urb->dev->bus || !urb->dev->bus->hcpriv) {
665 warn("xhci_submit_urb: urb %p belongs to disconnected device or bus?", urb);
669 if ( urb->dev->devpath == NULL )
672 usb_inc_dev_use(urb->dev);
674 spin_lock_irqsave(&xhci->urb_list_lock, flags);
675 spin_lock(&urb->lock);
677 if (urb->status == -EINPROGRESS || urb->status == -ECONNRESET ||
678 urb->status == -ECONNABORTED) {
679 dbg("xhci_submit_urb: urb not available to submit (status = %d)", urb->status);
680 /* Since we can have problems on the out path */
681 spin_unlock(&urb->lock);
682 spin_unlock_irqrestore(&xhci->urb_list_lock, flags);
683 usb_dec_dev_use(urb->dev);
688 INIT_LIST_HEAD(&urb->urb_list);
689 if (!xhci_alloc_urb_priv(urb)) {
695 ( (struct urb_priv *)urb->hcpriv )->in_progress = 1;
697 eurb = xhci_find_urb_ep(xhci, urb);
698 if (eurb && !(urb->transfer_flags & USB_QUEUE_BULK)) {
704 /* Short circuit the virtual root hub */
705 if (urb->dev == xhci->rh.dev) {
706 ret = rh_submit_urb(urb);
711 switch (usb_pipetype(urb->pipe)) {
714 ret = xhci_queue_req(urb);
718 if (urb->bandwidth == 0) { /* not yet checked/allocated */
719 bustime = usb_check_bandwidth(urb->dev, urb);
723 ret = xhci_queue_req(urb);
724 if (ret == -EINPROGRESS)
725 usb_claim_bandwidth(urb->dev, urb,
728 } else /* bandwidth is already set */
729 ret = xhci_queue_req(urb);
732 case PIPE_ISOCHRONOUS:
733 if (urb->bandwidth == 0) { /* not yet checked/allocated */
734 if (urb->number_of_packets <= 0) {
738 bustime = usb_check_bandwidth(urb->dev, urb);
744 ret = xhci_queue_req(urb);
745 if (ret == -EINPROGRESS)
746 usb_claim_bandwidth(urb->dev, urb, bustime, 1);
747 } else /* bandwidth is already set */
748 ret = xhci_queue_req(urb);
754 if (ret == -EINPROGRESS) {
755 /* We use _tail to make find_urb_ep more efficient */
756 list_add_tail(&urb->urb_list, &xhci->urb_list);
758 spin_unlock(&urb->lock);
759 spin_unlock_irqrestore(&xhci->urb_list_lock, flags);
764 xhci_delete_urb(urb);
766 spin_unlock(&urb->lock);
767 spin_unlock_irqrestore(&xhci->urb_list_lock, flags);
769 /* Only call completion if it was successful */
771 xhci_call_completion(urb);
777 * Return the result of a transfer
779 * MUST be called with urb_list_lock acquired
781 static void xhci_transfer_result(struct xhci *xhci, struct urb *urb)
785 struct urb_priv *urbp;
787 /* The root hub is special */
788 if (urb->dev == xhci->rh.dev)
791 spin_lock_irqsave(&urb->lock, flags);
793 urbp = (struct urb_priv *)urb->hcpriv;
795 if ( ( (struct urb_priv *)urb->hcpriv )->in_progress )
798 if (urb->actual_length < urb->transfer_buffer_length) {
799 if (urb->transfer_flags & USB_DISABLE_SPD) {
804 if (urb->status == -EPIPE)
807 /* endpoint has stalled - mark it halted */
808 usb_endpoint_halt(urb->dev, usb_pipeendpoint(urb->pipe),
809 usb_pipeout(urb->pipe));
812 if ((debug == 1 && ret != 0 && ret != -EPIPE) ||
813 (ret != 0 && debug > 1)) {
814 /* Some debugging code */
815 dbg("xhci_result_interrupt/bulk() failed with status %x",
819 if (ret == -EINPROGRESS)
822 switch (usb_pipetype(urb->pipe)) {
825 case PIPE_ISOCHRONOUS:
826 /* Release bandwidth for Interrupt or Isoc. transfers */
827 /* Spinlock needed ? */
829 usb_release_bandwidth(urb->dev, urb, 1);
830 xhci_delete_urb(urb);
833 /* Interrupts are an exception */
837 /* Release bandwidth for Interrupt or Isoc. transfers */
838 /* Spinlock needed ? */
840 usb_release_bandwidth(urb->dev, urb, 0);
841 xhci_delete_urb(urb);
844 info("xhci_transfer_result: unknown pipe type %d for urb %p\n",
845 usb_pipetype(urb->pipe), urb);
848 /* Remove it from xhci->urb_list */
849 list_del_init(&urb->urb_list);
852 xhci_add_complete(urb);
855 spin_unlock_irqrestore(&urb->lock, flags);
858 static int xhci_unlink_urb(struct urb *urb)
861 struct urb_priv *urbp = urb->hcpriv;
866 if (!urb->dev || !urb->dev->bus || !urb->dev->bus->hcpriv)
869 spin_lock_irqsave(&xhci->urb_list_lock, flags);
870 spin_lock(&urb->lock);
872 /* Release bandwidth for Interrupt or Isoc. transfers */
873 /* Spinlock needed ? */
874 if (urb->bandwidth) {
875 switch (usb_pipetype(urb->pipe)) {
877 usb_release_bandwidth(urb->dev, urb, 0);
879 case PIPE_ISOCHRONOUS:
880 usb_release_bandwidth(urb->dev, urb, 1);
887 if (urb->status != -EINPROGRESS) {
888 spin_unlock(&urb->lock);
889 spin_unlock_irqrestore(&xhci->urb_list_lock, flags);
893 list_del_init(&urb->urb_list);
895 /* Short circuit the virtual root hub */
896 if (urb->dev == xhci->rh.dev) {
899 spin_unlock(&urb->lock);
900 spin_unlock_irqrestore(&xhci->urb_list_lock, flags);
902 xhci_call_completion(urb);
904 if (urb->transfer_flags & USB_ASYNC_UNLINK) {
905 /* We currently don't currently attempt to cancel URBs
906 * that have been queued in the ring. We handle async
907 * unlinked URBs when they complete. */
908 urbp->status = urb->status = -ECONNABORTED;
909 spin_unlock(&urb->lock);
910 spin_unlock_irqrestore(&xhci->urb_list_lock, flags);
912 urb->status = -ENOENT;
914 spin_unlock(&urb->lock);
915 spin_unlock_irqrestore(&xhci->urb_list_lock, flags);
917 if (in_interrupt()) { /* wait at least 1 frame */
918 static int errorcount = 10;
921 dbg("xhci_unlink_urb called from interrupt for urb %p", urb);
924 schedule_timeout(1+1*HZ/1000);
926 xhci_delete_urb(urb);
928 xhci_call_completion(urb);
935 static void xhci_call_completion(struct urb *urb)
937 struct urb_priv *urbp;
938 struct usb_device *dev = urb->dev;
939 int is_ring = 0, killed, resubmit_interrupt, status;
943 spin_lock_irqsave(&urb->lock, flags);
945 urbp = (struct urb_priv *)urb->hcpriv;
946 if (!urbp || !urb->dev) {
947 spin_unlock_irqrestore(&urb->lock, flags);
951 killed = (urb->status == -ENOENT || urb->status == -ECONNABORTED ||
952 urb->status == -ECONNRESET);
953 resubmit_interrupt = (usb_pipetype(urb->pipe) == PIPE_INTERRUPT &&
957 if (nurb && !killed) {
960 while (nurb && nurb != urb && count < MAX_URB_LOOP) {
961 if (nurb->status == -ENOENT ||
962 nurb->status == -ECONNABORTED ||
963 nurb->status == -ECONNRESET) {
972 if (count == MAX_URB_LOOP)
973 err("xhci_call_completion: too many linked URB's, loop? (first loop)");
975 /* Check to see if chain is a ring */
976 is_ring = (nurb == urb);
979 status = urbp->status;
980 if (!resubmit_interrupt || killed)
981 /* We don't need urb_priv anymore */
982 xhci_destroy_urb_priv(urb);
985 urb->status = status;
987 spin_unlock_irqrestore(&urb->lock, flags);
992 if (resubmit_interrupt)
993 /* Recheck the status. The completion handler may have */
994 /* unlinked the resubmitting interrupt URB */
995 killed = (urb->status == -ENOENT ||
996 urb->status == -ECONNABORTED ||
997 urb->status == -ECONNRESET);
999 if (resubmit_interrupt && !killed) {
1000 if ( urb->dev != xhci->rh.dev )
1001 xhci_queue_req(urb); /* XXX What if this fails? */
1002 /* Don't need to resubmit URBs for the virtual root dev. */
1004 if (is_ring && !killed) {
1006 xhci_submit_urb(urb);
1008 /* We decrement the usage count after we're done */
1009 /* with everything */
1010 usb_dec_dev_use(dev);
1015 static void xhci_finish_completion(void)
1017 struct list_head *tmp, *head;
1018 unsigned long flags;
1020 spin_lock_irqsave(&xhci->complete_list_lock, flags);
1021 head = &xhci->complete_list;
1023 while (tmp != head) {
1024 struct urb_priv *urbp = list_entry(tmp, struct urb_priv,
1026 struct urb *urb = urbp->urb;
1028 list_del_init(&urbp->complete_list);
1029 spin_unlock_irqrestore(&xhci->complete_list_lock, flags);
1031 xhci_call_completion(urb);
1033 spin_lock_irqsave(&xhci->complete_list_lock, flags);
1034 head = &xhci->complete_list;
1037 spin_unlock_irqrestore(&xhci->complete_list_lock, flags);
1040 static struct usb_operations xhci_device_operations = {
1041 .allocate = xhci_do_nothing_dev,
1042 .deallocate = xhci_do_nothing_dev,
1043 /* It doesn't look like any drivers actually care what the frame number
1044 * is at the moment! If necessary, we could approximate the current
1045 * frame nubmer by passing it from the backend in response messages. */
1046 .get_frame_number = NULL,
1047 .submit_urb = xhci_submit_urb,
1048 .unlink_urb = xhci_unlink_urb
1051 /******************************************************************************
1052 * VIRTUAL ROOT HUB EMULATION
1055 static __u8 root_hub_dev_des[] =
1057 0x12, /* __u8 bLength; */
1058 0x01, /* __u8 bDescriptorType; Device */
1059 0x00, /* __u16 bcdUSB; v1.0 */
1061 0x09, /* __u8 bDeviceClass; HUB_CLASSCODE */
1062 0x00, /* __u8 bDeviceSubClass; */
1063 0x00, /* __u8 bDeviceProtocol; */
1064 0x08, /* __u8 bMaxPacketSize0; 8 Bytes */
1065 0x00, /* __u16 idVendor; */
1067 0x00, /* __u16 idProduct; */
1069 0x00, /* __u16 bcdDevice; */
1071 0x00, /* __u8 iManufacturer; */
1072 0x02, /* __u8 iProduct; */
1073 0x01, /* __u8 iSerialNumber; */
1074 0x01 /* __u8 bNumConfigurations; */
1078 /* Configuration descriptor */
1079 static __u8 root_hub_config_des[] =
1081 0x09, /* __u8 bLength; */
1082 0x02, /* __u8 bDescriptorType; Configuration */
1083 0x19, /* __u16 wTotalLength; */
1085 0x01, /* __u8 bNumInterfaces; */
1086 0x01, /* __u8 bConfigurationValue; */
1087 0x00, /* __u8 iConfiguration; */
1088 0x40, /* __u8 bmAttributes;
1089 Bit 7: Bus-powered, 6: Self-powered,
1090 Bit 5 Remote-wakeup, 4..0: resvd */
1091 0x00, /* __u8 MaxPower; */
1094 0x09, /* __u8 if_bLength; */
1095 0x04, /* __u8 if_bDescriptorType; Interface */
1096 0x00, /* __u8 if_bInterfaceNumber; */
1097 0x00, /* __u8 if_bAlternateSetting; */
1098 0x01, /* __u8 if_bNumEndpoints; */
1099 0x09, /* __u8 if_bInterfaceClass; HUB_CLASSCODE */
1100 0x00, /* __u8 if_bInterfaceSubClass; */
1101 0x00, /* __u8 if_bInterfaceProtocol; */
1102 0x00, /* __u8 if_iInterface; */
1105 0x07, /* __u8 ep_bLength; */
1106 0x05, /* __u8 ep_bDescriptorType; Endpoint */
1107 0x81, /* __u8 ep_bEndpointAddress; IN Endpoint 1 */
1108 0x03, /* __u8 ep_bmAttributes; Interrupt */
1109 0x08, /* __u16 ep_wMaxPacketSize; 8 Bytes */
1111 0xff /* __u8 ep_bInterval; 255 ms */
1114 static __u8 root_hub_hub_des[] =
1116 0x09, /* __u8 bLength; */
1117 0x29, /* __u8 bDescriptorType; Hub-descriptor */
1118 0x02, /* __u8 bNbrPorts; */
1119 0x00, /* __u16 wHubCharacteristics; */
1121 0x01, /* __u8 bPwrOn2pwrGood; 2ms */
1122 0x00, /* __u8 bHubContrCurrent; 0 mA */
1123 0x00, /* __u8 DeviceRemovable; *** 7 Ports max *** */
1124 0xff /* __u8 PortPwrCtrlMask; *** 7 ports max *** */
1127 /* prepare Interrupt pipe transaction data; HUB INTERRUPT ENDPOINT */
1128 static int rh_send_irq(struct urb *urb)
1130 struct urb_priv *urbp = (struct urb_priv *)urb->hcpriv;
1131 xhci_port_t *ports = xhci->rh.ports;
1132 unsigned long flags;
1136 spin_lock_irqsave(&urb->lock, flags);
1137 for (i = 0; i < xhci->rh.numports; i++) {
1138 /* Set a bit if anything at all has changed on the port, as per
1140 data |= (ports[i].cs_chg || ports[i].pe_chg )
1144 len = (i + 1) / 8 + 1;
1147 *(__u16 *) urb->transfer_buffer = cpu_to_le16(data);
1148 urb->actual_length = len;
1151 spin_unlock_irqrestore(&urb->lock, flags);
1153 if ((data > 0) && (xhci->rh.send != 0)) {
1154 dbg("root-hub INT complete: data: %x", data);
1155 xhci_call_completion(urb);
1161 /* Virtual Root Hub INTs are polled by this timer every "interval" ms */
1162 static int rh_init_int_timer(struct urb *urb);
1164 static void rh_int_timer_do(unsigned long ptr)
1166 struct urb *urb = (struct urb *)ptr;
1167 struct list_head list, *tmp, *head;
1168 unsigned long flags;
1171 for ( i = 0; i < xhci->rh.numports; i++)
1172 xhci_queue_probe(i);
1177 INIT_LIST_HEAD(&list);
1179 spin_lock_irqsave(&xhci->urb_list_lock, flags);
1180 head = &xhci->urb_list;
1182 while (tmp != head) {
1183 struct urb *u = list_entry(tmp, struct urb, urb_list);
1184 struct urb_priv *up = (struct urb_priv *)u->hcpriv;
1188 spin_lock(&u->lock);
1190 /* Check if the URB timed out */
1191 if (u->timeout && time_after_eq(jiffies,
1192 up->inserttime + u->timeout)) {
1193 list_del(&u->urb_list);
1194 list_add_tail(&u->urb_list, &list);
1197 spin_unlock(&u->lock);
1199 spin_unlock_irqrestore(&xhci->urb_list_lock, flags);
1203 while (tmp != head) {
1204 struct urb *u = list_entry(tmp, struct urb, urb_list);
1208 u->transfer_flags |= USB_ASYNC_UNLINK | USB_TIMEOUT_KILLED;
1212 rh_init_int_timer(urb);
1215 /* Root Hub INTs are polled by this timer */
1216 static int rh_init_int_timer(struct urb *urb)
1218 xhci->rh.interval = urb->interval;
1219 init_timer(&xhci->rh.rh_int_timer);
1220 xhci->rh.rh_int_timer.function = rh_int_timer_do;
1221 xhci->rh.rh_int_timer.data = (unsigned long)urb;
1222 xhci->rh.rh_int_timer.expires = jiffies
1223 + (HZ * (urb->interval < 30 ? 30 : urb->interval)) / 1000;
1224 add_timer(&xhci->rh.rh_int_timer);
1229 #define OK(x) len = (x); break
1231 /* Root Hub Control Pipe */
1232 static int rh_submit_urb(struct urb *urb)
1234 unsigned int pipe = urb->pipe;
1235 struct usb_ctrlrequest *cmd =
1236 (struct usb_ctrlrequest *)urb->setup_packet;
1237 void *data = urb->transfer_buffer;
1238 int leni = urb->transfer_buffer_length;
1240 xhci_port_t *status;
1244 unsigned long flags;
1252 if (usb_pipetype(pipe) == PIPE_INTERRUPT) {
1255 xhci->rh.interval = urb->interval;
1256 rh_init_int_timer(urb);
1258 return -EINPROGRESS;
1261 bmRType_bReq = cmd->bRequestType | cmd->bRequest << 8;
1262 wValue = le16_to_cpu(cmd->wValue);
1263 wIndex = le16_to_cpu(cmd->wIndex);
1264 wLength = le16_to_cpu(cmd->wLength);
1266 for (i = 0; i < 8; i++)
1267 xhci->rh.c_p_r[i] = 0;
1269 status = &xhci->rh.ports[wIndex - 1];
1271 spin_lock_irqsave(&xhci->rh.port_state_lock, flags);
1273 switch (bmRType_bReq) {
1274 /* Request Destination:
1275 without flags: Device,
1276 RH_INTERFACE: interface,
1277 RH_ENDPOINT: endpoint,
1278 RH_CLASS means HUB here,
1279 RH_OTHER | RH_CLASS almost ever means HUB_PORT here
1283 *(__u16 *)data = cpu_to_le16(1);
1285 case RH_GET_STATUS | RH_INTERFACE:
1286 *(__u16 *)data = cpu_to_le16(0);
1288 case RH_GET_STATUS | RH_ENDPOINT:
1289 *(__u16 *)data = cpu_to_le16(0);
1291 case RH_GET_STATUS | RH_CLASS:
1292 *(__u32 *)data = cpu_to_le32(0);
1293 OK(4); /* hub power */
1294 case RH_GET_STATUS | RH_OTHER | RH_CLASS:
1295 cstatus = (status->cs_chg) |
1296 (status->pe_chg << 1) |
1297 (xhci->rh.c_p_r[wIndex - 1] << 4);
1298 retstatus = (status->cs) |
1300 (status->susp << 2) |
1301 (1 << 8) | /* power on */
1302 (status->lsda << 9);
1303 *(__u16 *)data = cpu_to_le16(retstatus);
1304 *(__u16 *)(data + 2) = cpu_to_le16(cstatus);
1306 case RH_CLEAR_FEATURE | RH_ENDPOINT:
1308 case RH_ENDPOINT_STALL:
1312 case RH_CLEAR_FEATURE | RH_CLASS:
1314 case RH_C_HUB_OVER_CURRENT:
1315 OK(0); /* hub power over current */
1318 case RH_CLEAR_FEATURE | RH_OTHER | RH_CLASS:
1320 case RH_PORT_ENABLE:
1323 case RH_PORT_SUSPEND:
1327 OK(0); /* port power */
1328 case RH_C_PORT_CONNECTION:
1331 case RH_C_PORT_ENABLE:
1334 case RH_C_PORT_SUSPEND:
1335 /*** WR_RH_PORTSTAT(RH_PS_PSSC); */
1337 case RH_C_PORT_OVER_CURRENT:
1338 OK(0); /* port power over current */
1339 case RH_C_PORT_RESET:
1340 xhci->rh.c_p_r[wIndex - 1] = 0;
1344 case RH_SET_FEATURE | RH_OTHER | RH_CLASS:
1346 case RH_PORT_SUSPEND:
1352 xhci->rh.c_p_r[wIndex - 1] = 1;
1355 ret = xhci_port_reset(wIndex - 1);
1356 /* XXX MAW: should probably cancel queued transfers during reset... *\/ */
1357 if ( ret == 0 ) { OK(0); }
1358 else { return ret; }
1362 OK(0); /* port power ** */
1363 case RH_PORT_ENABLE:
1368 case RH_SET_ADDRESS:
1369 xhci->rh.devnum = wValue;
1371 case RH_GET_DESCRIPTOR:
1372 switch ((wValue & 0xff00) >> 8) {
1373 case 0x01: /* device descriptor */
1374 len = min_t(unsigned int, leni,
1376 sizeof(root_hub_dev_des), wLength));
1377 memcpy(data, root_hub_dev_des, len);
1379 case 0x02: /* configuration descriptor */
1380 len = min_t(unsigned int, leni,
1382 sizeof(root_hub_config_des), wLength));
1383 memcpy (data, root_hub_config_des, len);
1385 case 0x03: /* string descriptors */
1386 len = usb_root_hub_string (wValue & 0xff,
1390 OK(min_t(int, leni, len));
1395 case RH_GET_DESCRIPTOR | RH_CLASS:
1396 root_hub_hub_des[2] = xhci->rh.numports;
1397 len = min_t(unsigned int, leni,
1398 min_t(unsigned int, sizeof(root_hub_hub_des), wLength));
1399 memcpy(data, root_hub_hub_des, len);
1401 case RH_GET_CONFIGURATION:
1402 *(__u8 *)data = 0x01;
1404 case RH_SET_CONFIGURATION:
1406 case RH_GET_INTERFACE | RH_INTERFACE:
1407 *(__u8 *)data = 0x00;
1409 case RH_SET_INTERFACE | RH_INTERFACE:
1415 spin_unlock_irqrestore(&xhci->rh.port_state_lock, flags);
1417 urb->actual_length = len;
1423 * MUST be called with urb->lock acquired
1425 static int rh_unlink_urb(struct urb *urb)
1427 if (xhci->rh.urb == urb) {
1428 urb->status = -ENOENT;
1430 xhci->rh.urb = NULL;
1431 del_timer(&xhci->rh.rh_int_timer);
1436 /******************************************************************************
1437 * CONTROL PLANE FUNCTIONALITY
1441 * alloc_xhci - initialise a new virtual root hub for a new USB device channel
1443 static int alloc_xhci(void)
1446 struct usb_bus *bus;
1450 xhci = kmalloc(sizeof(*xhci), GFP_KERNEL);
1452 err("couldn't allocate xhci structure");
1454 goto err_alloc_xhci;
1457 xhci->state = USBIF_STATE_CLOSED;
1459 spin_lock_init(&xhci->urb_list_lock);
1460 INIT_LIST_HEAD(&xhci->urb_list);
1462 spin_lock_init(&xhci->complete_list_lock);
1463 INIT_LIST_HEAD(&xhci->complete_list);
1465 spin_lock_init(&xhci->frame_list_lock);
1467 bus = usb_alloc_bus(&xhci_device_operations);
1470 err("unable to allocate bus");
1475 bus->bus_name = "XHCI";
1478 usb_register_bus(xhci->bus);
1480 /* Initialize the root hub */
1482 xhci->rh.numports = 0;
1484 xhci->bus->root_hub = xhci->rh.dev = usb_alloc_dev(NULL, xhci->bus);
1485 if (!xhci->rh.dev) {
1486 err("unable to allocate root hub");
1487 goto err_alloc_root_hub;
1498 usb_deregister_bus(xhci->bus);
1499 usb_free_bus(xhci->bus);
1510 * usbif_status_change - deal with an incoming USB_INTERFACE_STATUS_ message
1512 static void usbif_status_change(usbif_fe_interface_status_changed_t *status)
1515 usbif_fe_interface_connect_t up;
1517 usbif_sring_t *sring;
1519 switch ( status->status )
1521 case USBIF_INTERFACE_STATUS_DESTROYED:
1522 printk(KERN_WARNING "Unexpected usbif-DESTROYED message in state %d\n",
1526 case USBIF_INTERFACE_STATUS_DISCONNECTED:
1527 if ( xhci->state != USBIF_STATE_CLOSED )
1529 printk(KERN_WARNING "Unexpected usbif-DISCONNECTED message"
1530 " in state %d\n", xhci->state);
1532 /* Not bothering to do recovery here for now. Keep things
1535 spin_lock_irq(&xhci->ring_lock);
1537 /* Clean up resources. */
1538 free_page((unsigned long)xhci->usb_ring.sring);
1539 free_irq(xhci->irq, xhci);
1540 unbind_evtchn_from_irq(xhci->evtchn);
1542 /* Plug the ring. */
1546 spin_unlock_irq(&xhci->ring_lock);
1549 /* Move from CLOSED to DISCONNECTED state. */
1550 sring = (usbif_sring_t *)__get_free_page(GFP_KERNEL);
1551 SHARED_RING_INIT(sring);
1552 FRONT_RING_INIT(&xhci->usb_ring, sring, PAGE_SIZE);
1553 xhci->state = USBIF_STATE_DISCONNECTED;
1555 /* Construct an interface-CONNECT message for the domain controller. */
1556 cmsg.type = CMSG_USBIF_FE;
1557 cmsg.subtype = CMSG_USBIF_FE_INTERFACE_CONNECT;
1558 cmsg.length = sizeof(usbif_fe_interface_connect_t);
1559 up.shmem_frame = virt_to_machine(sring) >> PAGE_SHIFT;
1560 memcpy(cmsg.msg, &up, sizeof(up));
1562 /* Tell the controller to bring up the interface. */
1563 ctrl_if_send_message_block(&cmsg, NULL, 0, TASK_UNINTERRUPTIBLE);
1566 case USBIF_INTERFACE_STATUS_CONNECTED:
1567 if ( xhci->state == USBIF_STATE_CLOSED )
1569 printk(KERN_WARNING "Unexpected usbif-CONNECTED message"
1570 " in state %d\n", xhci->state);
1574 xhci->evtchn = status->evtchn;
1575 xhci->irq = bind_evtchn_to_irq(xhci->evtchn);
1576 xhci->bandwidth = status->bandwidth;
1577 xhci->rh.numports = status->num_ports;
1579 xhci->rh.ports = kmalloc (sizeof(xhci_port_t) * xhci->rh.numports, GFP_KERNEL);
1581 if ( xhci->rh.ports == NULL )
1582 goto alloc_ports_nomem;
1584 memset(xhci->rh.ports, 0, sizeof(xhci_port_t) * xhci->rh.numports);
1586 usb_connect(xhci->rh.dev);
1588 if (usb_new_device(xhci->rh.dev) != 0) {
1589 err("unable to start root hub");
1592 /* Allocate the appropriate USB bandwidth here... Need to
1593 * somehow know what the total available is thought to be so we
1594 * can calculate the reservation correctly. */
1595 usb_claim_bandwidth(xhci->rh.dev, xhci->rh.urb,
1596 1000 - xhci->bandwidth, 0);
1598 if ( (rc = request_irq(xhci->irq, xhci_interrupt,
1599 SA_SAMPLE_RANDOM, "usbif", xhci)) )
1600 printk(KERN_ALERT"usbfront request_irq failed (%ld)\n",rc);
1602 DPRINTK(KERN_INFO __FILE__
1603 ": USB XHCI: SHM at %p (0x%lx), EVTCHN %d IRQ %d\n",
1604 xhci->usb_ring.sring, virt_to_machine(xhci->usbif),
1605 xhci->evtchn, xhci->irq);
1607 xhci->state = USBIF_STATE_CONNECTED;
1612 printk(KERN_WARNING "Status change to unknown value %d\n",
1620 printk(KERN_WARNING "Failed to allocate port memory, XHCI failed to connect.\n");
1625 * usbif_ctrlif_rx - demux control messages by subtype
1627 static void usbif_ctrlif_rx(ctrl_msg_t *msg, unsigned long id)
1629 switch ( msg->subtype )
1631 case CMSG_USBIF_FE_INTERFACE_STATUS_CHANGED:
1632 usbif_status_change((usbif_fe_interface_status_changed_t *)
1636 /* New interface...? */
1642 ctrl_if_send_response(msg);
1645 static void send_driver_up(void)
1648 usbif_fe_interface_status_changed_t st;
1650 /* Send a driver-UP notification to the domain controller. */
1651 cmsg.type = CMSG_USBIF_FE;
1652 cmsg.subtype = CMSG_USBIF_FE_DRIVER_STATUS_CHANGED;
1653 cmsg.length = sizeof(usbif_fe_driver_status_changed_t);
1654 st.status = USBIF_DRIVER_STATUS_UP;
1655 memcpy(cmsg.msg, &st, sizeof(st));
1656 ctrl_if_send_message_block(&cmsg, NULL, 0, TASK_UNINTERRUPTIBLE);
1659 void usbif_resume(void)
1663 /* Fake disconnection on all virtual USB ports (suspending / migrating
1664 * will destroy hard state associated will the USB devices anyhow). */
1665 /* No need to lock here. */
1666 for ( i = 0; i < xhci->rh.numports; i++ )
1668 xhci->rh.ports[i].cs = 0;
1669 xhci->rh.ports[i].cs_chg = 1;
1670 xhci->rh.ports[i].pe = 0;
1676 static int __init xhci_hcd_init(void)
1678 int retval = -ENOMEM, i;
1680 if ( (xen_start_info.flags & SIF_INITDOMAIN)
1681 || (xen_start_info.flags & SIF_USB_BE_DOMAIN) )
1684 info(DRIVER_DESC " " DRIVER_VERSION);
1687 errbuf = kmalloc(ERRBUF_LEN, GFP_KERNEL);
1692 xhci_up_cachep = kmem_cache_create("xhci_urb_priv",
1693 sizeof(struct urb_priv), 0, 0, NULL, NULL);
1694 if (!xhci_up_cachep)
1697 /* Let the domain controller know we're here. For now we wait until
1698 * connection, as for the block and net drivers. This is only strictly
1699 * necessary if we're going to boot off a USB device. */
1700 printk(KERN_INFO "Initialising Xen virtual USB hub\n");
1702 (void)ctrl_if_register_receiver(CMSG_USBIF_FE, usbif_ctrlif_rx,
1703 CALLBACK_IN_BLOCKING_CONTEXT);
1710 * We should read 'nr_interfaces' from response message and wait
1711 * for notifications before proceeding. For now we assume that we
1712 * will be notified of exactly one interface.
1714 for ( i=0; (xhci->state != USBIF_STATE_CONNECTED) && (i < 10*HZ); i++ )
1716 set_current_state(TASK_INTERRUPTIBLE);
1717 schedule_timeout(1);
1720 if (xhci->state != USBIF_STATE_CONNECTED)
1721 printk(KERN_WARNING "Timeout connecting USB frontend driver!\n");
1733 module_init(xhci_hcd_init);
1735 MODULE_AUTHOR(DRIVER_AUTHOR);
1736 MODULE_DESCRIPTION(DRIVER_DESC);
1737 MODULE_LICENSE("GPL");