diff options
Diffstat (limited to 'hw')
-rw-r--r-- | hw/arm/cubieboard.c | 13 | ||||
-rw-r--r-- | hw/block/xen_disk.c | 7 | ||||
-rw-r--r-- | hw/i2c/smbus_eeprom.c | 2 | ||||
-rw-r--r-- | hw/ide/ahci.c | 4 | ||||
-rw-r--r-- | hw/intc/allwinner-a10-pic.c | 22 | ||||
-rw-r--r-- | hw/misc/zynq_slcr.c | 697 | ||||
-rw-r--r-- | hw/net/allwinner_emac.c | 6 | ||||
-rw-r--r-- | hw/net/cadence_gem.c | 4 | ||||
-rw-r--r-- | hw/timer/allwinner-a10-pit.c | 66 | ||||
-rw-r--r-- | hw/timer/cadence_ttc.c | 2 | ||||
-rw-r--r-- | hw/usb/Makefile.objs | 4 | ||||
-rw-r--r-- | hw/usb/desc-msos.c | 6 | ||||
-rw-r--r-- | hw/usb/desc.h | 1 | ||||
-rw-r--r-- | hw/usb/dev-mtp.c | 1103 |
14 files changed, 1519 insertions, 418 deletions
diff --git a/hw/arm/cubieboard.c b/hw/arm/cubieboard.c index d95a7f35eb..9d158c7248 100644 --- a/hw/arm/cubieboard.c +++ b/hw/arm/cubieboard.c @@ -43,6 +43,19 @@ static void cubieboard_init(QEMUMachineInitArgs *args) exit(1); } + object_property_set_int(OBJECT(&s->a10->timer), 32768, "clk0-freq", &err); + if (err != NULL) { + error_report("Couldn't set clk0 frequency: %s", error_get_pretty(err)); + exit(1); + } + + object_property_set_int(OBJECT(&s->a10->timer), 24000000, "clk1-freq", + &err); + if (err != NULL) { + error_report("Couldn't set clk1 frequency: %s", error_get_pretty(err)); + exit(1); + } + object_property_set_bool(OBJECT(s->a10), true, "realized", &err); if (err != NULL) { error_report("Couldn't realize Allwinner A10: %s", diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c index bc061e6403..a8fea72edf 100644 --- a/hw/block/xen_disk.c +++ b/hw/block/xen_disk.c @@ -817,11 +817,14 @@ static int blk_connect(struct XenDevice *xendev) index = (blkdev->xendev.dev - 202 * 256) / 16; blkdev->dinfo = drive_get(IF_XEN, 0, index); if (!blkdev->dinfo) { + Error *local_err = NULL; /* setup via xenbus -> create new block driver instance */ xen_be_printf(&blkdev->xendev, 2, "create new bdrv (xenbus setup)\n"); - blkdev->bs = bdrv_new(blkdev->dev); + blkdev->bs = bdrv_new(blkdev->dev, &local_err); + if (local_err) { + blkdev->bs = NULL; + } if (blkdev->bs) { - Error *local_err = NULL; BlockDriver *drv = bdrv_find_whitelisted_format(blkdev->fileproto, readonly); if (bdrv_open(&blkdev->bs, blkdev->filename, NULL, NULL, qflags, diff --git a/hw/i2c/smbus_eeprom.c b/hw/i2c/smbus_eeprom.c index 86f35c11de..72c09cba6b 100644 --- a/hw/i2c/smbus_eeprom.c +++ b/hw/i2c/smbus_eeprom.c @@ -71,7 +71,7 @@ static void eeprom_write_data(SMBusDevice *dev, uint8_t cmd, uint8_t *buf, int l printf("eeprom_write_byte: addr=0x%02x cmd=0x%02x val=0x%02x\n", dev->i2c.address, cmd, buf[0]); #endif - /* An page write operation is not a valid SMBus command. + /* A page write operation is not a valid SMBus command. It is a block write without a length byte. Fortunately we get the full block anyway. */ /* TODO: Should this set the current location? */ diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index bfe633f3a5..50327ffdf1 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -438,9 +438,9 @@ static void check_cmd(AHCIState *s, int port) if ((pr->cmd & PORT_CMD_START) && pr->cmd_issue) { for (slot = 0; (slot < 32) && pr->cmd_issue; slot++) { - if ((pr->cmd_issue & (1 << slot)) && + if ((pr->cmd_issue & (1U << slot)) && !handle_cmd(s, port, slot)) { - pr->cmd_issue &= ~(1 << slot); + pr->cmd_issue &= ~(1U << slot); } } } diff --git a/hw/intc/allwinner-a10-pic.c b/hw/intc/allwinner-a10-pic.c index 407d563514..0924d9855c 100644 --- a/hw/intc/allwinner-a10-pic.c +++ b/hw/intc/allwinner-a10-pic.c @@ -23,11 +23,20 @@ static void aw_a10_pic_update(AwA10PICState *s) { uint8_t i; - int irq = 0, fiq = 0; + int irq = 0, fiq = 0, pending; + + s->vector = 0; for (i = 0; i < AW_A10_PIC_REG_NUM; i++) { irq |= s->irq_pending[i] & ~s->mask[i]; fiq |= s->select[i] & s->irq_pending[i] & ~s->mask[i]; + + if (!s->vector) { + pending = ffs(s->irq_pending[i] & ~s->mask[i]); + if (pending) { + s->vector = (i * 32 + pending - 1) * 4; + } + } } qemu_set_irq(s->parent_irq, !!irq); @@ -40,6 +49,8 @@ static void aw_a10_pic_set_irq(void *opaque, int irq, int level) if (level) { set_bit(irq % 32, (void *)&s->irq_pending[irq / 32]); + } else { + clear_bit(irq % 32, (void *)&s->irq_pending[irq / 32]); } aw_a10_pic_update(s); } @@ -84,9 +95,6 @@ static void aw_a10_pic_write(void *opaque, hwaddr offset, uint64_t value, uint8_t index = (offset & 0xc) / 4; switch (offset) { - case AW_A10_PIC_VECTOR: - s->vector = value & ~0x3; - break; case AW_A10_PIC_BASE_ADDR: s->base_addr = value & ~0x3; case AW_A10_PIC_PROTECT: @@ -96,7 +104,11 @@ static void aw_a10_pic_write(void *opaque, hwaddr offset, uint64_t value, s->nmi = value; break; case AW_A10_PIC_IRQ_PENDING ... AW_A10_PIC_IRQ_PENDING + 8: - s->irq_pending[index] &= ~value; + /* + * The register is read-only; nevertheless, Linux (including + * the version originally shipped by Allwinner) pretends to + * write to the register. Just ignore it. + */ break; case AW_A10_PIC_FIQ_PENDING ... AW_A10_PIC_FIQ_PENDING + 8: s->fiq_pending[index] &= ~value; diff --git a/hw/misc/zynq_slcr.c b/hw/misc/zynq_slcr.c index d1cc23303a..2e53a2e21f 100644 --- a/hw/misc/zynq_slcr.c +++ b/hw/misc/zynq_slcr.c @@ -19,102 +19,155 @@ #include "hw/sysbus.h" #include "sysemu/sysemu.h" -#ifdef ZYNQ_ARM_SLCR_ERR_DEBUG +#ifndef ZYNQ_SLCR_ERR_DEBUG +#define ZYNQ_SLCR_ERR_DEBUG 0 +#endif + #define DB_PRINT(...) do { \ - fprintf(stderr, ": %s: ", __func__); \ - fprintf(stderr, ## __VA_ARGS__); \ + if (ZYNQ_SLCR_ERR_DEBUG) { \ + fprintf(stderr, ": %s: ", __func__); \ + fprintf(stderr, ## __VA_ARGS__); \ + } \ } while (0); -#else - #define DB_PRINT(...) -#endif #define XILINX_LOCK_KEY 0x767b #define XILINX_UNLOCK_KEY 0xdf0d #define R_PSS_RST_CTRL_SOFT_RST 0x1 -typedef enum { - ARM_PLL_CTRL, - DDR_PLL_CTRL, - IO_PLL_CTRL, - PLL_STATUS, - ARM_PPL_CFG, - DDR_PLL_CFG, - IO_PLL_CFG, - PLL_BG_CTRL, - PLL_MAX -} PLLValues; - -typedef enum { - ARM_CLK_CTRL, - DDR_CLK_CTRL, - DCI_CLK_CTRL, - APER_CLK_CTRL, - USB0_CLK_CTRL, - USB1_CLK_CTRL, - GEM0_RCLK_CTRL, - GEM1_RCLK_CTRL, - GEM0_CLK_CTRL, - GEM1_CLK_CTRL, - SMC_CLK_CTRL, - LQSPI_CLK_CTRL, - SDIO_CLK_CTRL, - UART_CLK_CTRL, - SPI_CLK_CTRL, - CAN_CLK_CTRL, - CAN_MIOCLK_CTRL, - DBG_CLK_CTRL, - PCAP_CLK_CTRL, - TOPSW_CLK_CTRL, - CLK_MAX -} ClkValues; - -typedef enum { - CLK_CTRL, - THR_CTRL, - THR_CNT, - THR_STA, - FPGA_MAX -} FPGAValues; - -typedef enum { - SYNC_CTRL, - SYNC_STATUS, - BANDGAP_TRIP, - CC_TEST, - PLL_PREDIVISOR, - CLK_621_TRUE, - PICTURE_DBG, - PICTURE_DBG_UCNT, - PICTURE_DBG_LCNT, - MISC_MAX -} MiscValues; - -typedef enum { - PSS, - DDDR, - DMAC = 3, - USB, - GEM, - SDIO, - SPI, - CAN, - I2C, - UART, - GPIO, - LQSPI, - SMC, - OCM, - DEVCI, - FPGA, - A9_CPU, - RS_AWDT, - RST_REASON, - RST_REASON_CLR, - REBOOT_STATUS, - BOOT_MODE, - RESET_MAX -} ResetValues; +enum { + SCL = 0x000 / 4, + LOCK, + UNLOCK, + LOCKSTA, + + ARM_PLL_CTRL = 0x100 / 4, + DDR_PLL_CTRL, + IO_PLL_CTRL, + PLL_STATUS, + ARM_PLL_CFG, + DDR_PLL_CFG, + IO_PLL_CFG, + + ARM_CLK_CTRL = 0x120 / 4, + DDR_CLK_CTRL, + DCI_CLK_CTRL, + APER_CLK_CTRL, + USB0_CLK_CTRL, + USB1_CLK_CTRL, + GEM0_RCLK_CTRL, + GEM1_RCLK_CTRL, + GEM0_CLK_CTRL, + GEM1_CLK_CTRL, + SMC_CLK_CTRL, + LQSPI_CLK_CTRL, + SDIO_CLK_CTRL, + UART_CLK_CTRL, + SPI_CLK_CTRL, + CAN_CLK_CTRL, + CAN_MIOCLK_CTRL, + DBG_CLK_CTRL, + PCAP_CLK_CTRL, + TOPSW_CLK_CTRL, + +#define FPGA_CTRL_REGS(n, start) \ + FPGA ## n ## _CLK_CTRL = (start) / 4, \ + FPGA ## n ## _THR_CTRL, \ + FPGA ## n ## _THR_CNT, \ + FPGA ## n ## _THR_STA, + FPGA_CTRL_REGS(0, 0x170) + FPGA_CTRL_REGS(1, 0x180) + FPGA_CTRL_REGS(2, 0x190) + FPGA_CTRL_REGS(3, 0x1a0) + + BANDGAP_TRIP = 0x1b8 / 4, + PLL_PREDIVISOR = 0x1c0 / 4, + CLK_621_TRUE, + + PSS_RST_CTRL = 0x200 / 4, + DDR_RST_CTRL, + TOPSW_RESET_CTRL, + DMAC_RST_CTRL, + USB_RST_CTRL, + GEM_RST_CTRL, + SDIO_RST_CTRL, + SPI_RST_CTRL, + CAN_RST_CTRL, + I2C_RST_CTRL, + UART_RST_CTRL, + GPIO_RST_CTRL, + LQSPI_RST_CTRL, + SMC_RST_CTRL, + OCM_RST_CTRL, + FPGA_RST_CTRL = 0x240 / 4, + A9_CPU_RST_CTRL, + + RS_AWDT_CTRL = 0x24c / 4, + RST_REASON, + + REBOOT_STATUS = 0x258 / 4, + BOOT_MODE, + + APU_CTRL = 0x300 / 4, + WDT_CLK_SEL, + + TZ_DMA_NS = 0x440 / 4, + TZ_DMA_IRQ_NS, + TZ_DMA_PERIPH_NS, + + PSS_IDCODE = 0x530 / 4, + + DDR_URGENT = 0x600 / 4, + DDR_CAL_START = 0x60c / 4, + DDR_REF_START = 0x614 / 4, + DDR_CMD_STA, + DDR_URGENT_SEL, + DDR_DFI_STATUS, + + MIO = 0x700 / 4, +#define MIO_LENGTH 54 + + MIO_LOOPBACK = 0x804 / 4, + MIO_MST_TRI0, + MIO_MST_TRI1, + + SD0_WP_CD_SEL = 0x830 / 4, + SD1_WP_CD_SEL, + + LVL_SHFTR_EN = 0x900 / 4, + OCM_CFG = 0x910 / 4, + + CPU_RAM = 0xa00 / 4, + + IOU = 0xa30 / 4, + + DMAC_RAM = 0xa50 / 4, + + AFI0 = 0xa60 / 4, + AFI1 = AFI0 + 3, + AFI2 = AFI1 + 3, + AFI3 = AFI2 + 3, +#define AFI_LENGTH 3 + + OCM = 0xa90 / 4, + + DEVCI_RAM = 0xaa0 / 4, + + CSG_RAM = 0xab0 / 4, + + GPIOB_CTRL = 0xb00 / 4, + GPIOB_CFG_CMOS18, + GPIOB_CFG_CMOS25, + GPIOB_CFG_CMOS33, + GPIOB_CFG_HSTL = 0xb14 / 4, + GPIOB_DRVR_BIAS_CTRL, + + DDRIOB = 0xb40 / 4, +#define DDRIOB_LENGTH 14 +}; + +#define ZYNQ_SLCR_MMIO_SIZE 0x1000 +#define ZYNQ_SLCR_NUM_REGS (ZYNQ_SLCR_MMIO_SIZE / 4) #define TYPE_ZYNQ_SLCR "xilinx,zynq_slcr" #define ZYNQ_SLCR(obj) OBJECT_CHECK(ZynqSLCRState, (obj), TYPE_ZYNQ_SLCR) @@ -124,42 +177,7 @@ typedef struct ZynqSLCRState { MemoryRegion iomem; - union { - struct { - uint16_t scl; - uint16_t lockval; - uint32_t pll[PLL_MAX]; /* 0x100 - 0x11C */ - uint32_t clk[CLK_MAX]; /* 0x120 - 0x16C */ - uint32_t fpga[4][FPGA_MAX]; /* 0x170 - 0x1AC */ - uint32_t misc[MISC_MAX]; /* 0x1B0 - 0x1D8 */ - uint32_t reset[RESET_MAX]; /* 0x200 - 0x25C */ - uint32_t apu_ctrl; /* 0x300 */ - uint32_t wdt_clk_sel; /* 0x304 */ - uint32_t tz_ocm[3]; /* 0x400 - 0x408 */ - uint32_t tz_ddr; /* 0x430 */ - uint32_t tz_dma[3]; /* 0x440 - 0x448 */ - uint32_t tz_misc[3]; /* 0x450 - 0x458 */ - uint32_t tz_fpga[2]; /* 0x484 - 0x488 */ - uint32_t dbg_ctrl; /* 0x500 */ - uint32_t pss_idcode; /* 0x530 */ - uint32_t ddr[8]; /* 0x600 - 0x620 - 0x604-missing */ - uint32_t mio[54]; /* 0x700 - 0x7D4 */ - uint32_t mio_func[4]; /* 0x800 - 0x810 */ - uint32_t sd[2]; /* 0x830 - 0x834 */ - uint32_t lvl_shftr_en; /* 0x900 */ - uint32_t ocm_cfg; /* 0x910 */ - uint32_t cpu_ram[8]; /* 0xA00 - 0xA1C */ - uint32_t iou[7]; /* 0xA30 - 0xA48 */ - uint32_t dmac_ram; /* 0xA50 */ - uint32_t afi[4][3]; /* 0xA60 - 0xA8C */ - uint32_t ocm[3]; /* 0xA90 - 0xA98 */ - uint32_t devci_ram; /* 0xAA0 */ - uint32_t csg_ram; /* 0xAB0 */ - uint32_t gpiob[12]; /* 0xB00 - 0xB2C */ - uint32_t ddriob[14]; /* 0xB40 - 0xB74 */ - }; - uint8_t data[0x1000]; - }; + uint32_t regs[ZYNQ_SLCR_NUM_REGS]; } ZynqSLCRState; static void zynq_slcr_reset(DeviceState *d) @@ -169,177 +187,169 @@ static void zynq_slcr_reset(DeviceState *d) DB_PRINT("RESET\n"); - s->lockval = 1; + s->regs[LOCKSTA] = 1; /* 0x100 - 0x11C */ - s->pll[ARM_PLL_CTRL] = 0x0001A008; - s->pll[DDR_PLL_CTRL] = 0x0001A008; - s->pll[IO_PLL_CTRL] = 0x0001A008; - s->pll[PLL_STATUS] = 0x0000003F; - s->pll[ARM_PPL_CFG] = 0x00014000; - s->pll[DDR_PLL_CFG] = 0x00014000; - s->pll[IO_PLL_CFG] = 0x00014000; + s->regs[ARM_PLL_CTRL] = 0x0001A008; + s->regs[DDR_PLL_CTRL] = 0x0001A008; + s->regs[IO_PLL_CTRL] = 0x0001A008; + s->regs[PLL_STATUS] = 0x0000003F; + s->regs[ARM_PLL_CFG] = 0x00014000; + s->regs[DDR_PLL_CFG] = 0x00014000; + s->regs[IO_PLL_CFG] = 0x00014000; /* 0x120 - 0x16C */ - s->clk[ARM_CLK_CTRL] = 0x1F000400; - s->clk[DDR_CLK_CTRL] = 0x18400003; - s->clk[DCI_CLK_CTRL] = 0x01E03201; - s->clk[APER_CLK_CTRL] = 0x01FFCCCD; - s->clk[USB0_CLK_CTRL] = s->clk[USB1_CLK_CTRL] = 0x00101941; - s->clk[GEM0_RCLK_CTRL] = s->clk[GEM1_RCLK_CTRL] = 0x00000001; - s->clk[GEM0_CLK_CTRL] = s->clk[GEM1_CLK_CTRL] = 0x00003C01; - s->clk[SMC_CLK_CTRL] = 0x00003C01; - s->clk[LQSPI_CLK_CTRL] = 0x00002821; - s->clk[SDIO_CLK_CTRL] = 0x00001E03; - s->clk[UART_CLK_CTRL] = 0x00003F03; - s->clk[SPI_CLK_CTRL] = 0x00003F03; - s->clk[CAN_CLK_CTRL] = 0x00501903; - s->clk[DBG_CLK_CTRL] = 0x00000F03; - s->clk[PCAP_CLK_CTRL] = 0x00000F01; + s->regs[ARM_CLK_CTRL] = 0x1F000400; + s->regs[DDR_CLK_CTRL] = 0x18400003; + s->regs[DCI_CLK_CTRL] = 0x01E03201; + s->regs[APER_CLK_CTRL] = 0x01FFCCCD; + s->regs[USB0_CLK_CTRL] = s->regs[USB1_CLK_CTRL] = 0x00101941; + s->regs[GEM0_RCLK_CTRL] = s->regs[GEM1_RCLK_CTRL] = 0x00000001; + s->regs[GEM0_CLK_CTRL] = s->regs[GEM1_CLK_CTRL] = 0x00003C01; + s->regs[SMC_CLK_CTRL] = 0x00003C01; + s->regs[LQSPI_CLK_CTRL] = 0x00002821; + s->regs[SDIO_CLK_CTRL] = 0x00001E03; + s->regs[UART_CLK_CTRL] = 0x00003F03; + s->regs[SPI_CLK_CTRL] = 0x00003F03; + s->regs[CAN_CLK_CTRL] = 0x00501903; + s->regs[DBG_CLK_CTRL] = 0x00000F03; + s->regs[PCAP_CLK_CTRL] = 0x00000F01; /* 0x170 - 0x1AC */ - s->fpga[0][CLK_CTRL] = s->fpga[1][CLK_CTRL] = s->fpga[2][CLK_CTRL] = - s->fpga[3][CLK_CTRL] = 0x00101800; - s->fpga[0][THR_STA] = s->fpga[1][THR_STA] = s->fpga[2][THR_STA] = - s->fpga[3][THR_STA] = 0x00010000; + s->regs[FPGA0_CLK_CTRL] = s->regs[FPGA1_CLK_CTRL] = s->regs[FPGA2_CLK_CTRL] + = s->regs[FPGA3_CLK_CTRL] = 0x00101800; + s->regs[FPGA0_THR_STA] = s->regs[FPGA1_THR_STA] = s->regs[FPGA2_THR_STA] + = s->regs[FPGA3_THR_STA] = 0x00010000; /* 0x1B0 - 0x1D8 */ - s->misc[BANDGAP_TRIP] = 0x0000001F; - s->misc[PLL_PREDIVISOR] = 0x00000001; - s->misc[CLK_621_TRUE] = 0x00000001; + s->regs[BANDGAP_TRIP] = 0x0000001F; + s->regs[PLL_PREDIVISOR] = 0x00000001; + s->regs[CLK_621_TRUE] = 0x00000001; /* 0x200 - 0x25C */ - s->reset[FPGA] = 0x01F33F0F; - s->reset[RST_REASON] = 0x00000040; + s->regs[FPGA_RST_CTRL] = 0x01F33F0F; + s->regs[RST_REASON] = 0x00000040; + + s->regs[BOOT_MODE] = 0x00000001; /* 0x700 - 0x7D4 */ for (i = 0; i < 54; i++) { - s->mio[i] = 0x00001601; + s->regs[MIO + i] = 0x00001601; } for (i = 2; i <= 8; i++) { - s->mio[i] = 0x00000601; + s->regs[MIO + i] = 0x00000601; } - /* MIO_MST_TRI0, MIO_MST_TRI1 */ - s->mio_func[2] = s->mio_func[3] = 0xFFFFFFFF; + s->regs[MIO_MST_TRI0] = s->regs[MIO_MST_TRI1] = 0xFFFFFFFF; - s->cpu_ram[0] = s->cpu_ram[1] = s->cpu_ram[3] = - s->cpu_ram[4] = s->cpu_ram[7] = 0x00010101; - s->cpu_ram[2] = s->cpu_ram[5] = 0x01010101; - s->cpu_ram[6] = 0x00000001; + s->regs[CPU_RAM + 0] = s->regs[CPU_RAM + 1] = s->regs[CPU_RAM + 3] + = s->regs[CPU_RAM + 4] = s->regs[CPU_RAM + 7] + = 0x00010101; + s->regs[CPU_RAM + 2] = s->regs[CPU_RAM + 5] = 0x01010101; + s->regs[CPU_RAM + 6] = 0x00000001; - s->iou[0] = s->iou[1] = s->iou[2] = s->iou[3] = 0x09090909; - s->iou[4] = s->iou[5] = 0x00090909; - s->iou[6] = 0x00000909; + s->regs[IOU + 0] = s->regs[IOU + 1] = s->regs[IOU + 2] = s->regs[IOU + 3] + = 0x09090909; + s->regs[IOU + 4] = s->regs[IOU + 5] = 0x00090909; + s->regs[IOU + 6] = 0x00000909; - s->dmac_ram = 0x00000009; + s->regs[DMAC_RAM] = 0x00000009; - s->afi[0][0] = s->afi[0][1] = 0x09090909; - s->afi[1][0] = s->afi[1][1] = 0x09090909; - s->afi[2][0] = s->afi[2][1] = 0x09090909; - s->afi[3][0] = s->afi[3][1] = 0x09090909; - s->afi[0][2] = s->afi[1][2] = s->afi[2][2] = s->afi[3][2] = 0x00000909; + s->regs[AFI0 + 0] = s->regs[AFI0 + 1] = 0x09090909; + s->regs[AFI1 + 0] = s->regs[AFI1 + 1] = 0x09090909; + s->regs[AFI2 + 0] = s->regs[AFI2 + 1] = 0x09090909; + s->regs[AFI3 + 0] = s->regs[AFI3 + 1] = 0x09090909; + s->regs[AFI0 + 2] = s->regs[AFI1 + 2] = s->regs[AFI2 + 2] + = s->regs[AFI3 + 2] = 0x00000909; - s->ocm[0] = 0x01010101; - s->ocm[1] = s->ocm[2] = 0x09090909; + s->regs[OCM + 0] = 0x01010101; + s->regs[OCM + 1] = s->regs[OCM + 2] = 0x09090909; - s->devci_ram = 0x00000909; - s->csg_ram = 0x00000001; + s->regs[DEVCI_RAM] = 0x00000909; + s->regs[CSG_RAM] = 0x00000001; - s->ddriob[0] = s->ddriob[1] = s->ddriob[2] = s->ddriob[3] = 0x00000e00; - s->ddriob[4] = s->ddriob[5] = s->ddriob[6] = 0x00000e00; - s->ddriob[12] = 0x00000021; + s->regs[DDRIOB + 0] = s->regs[DDRIOB + 1] = s->regs[DDRIOB + 2] + = s->regs[DDRIOB + 3] = 0x00000e00; + s->regs[DDRIOB + 4] = s->regs[DDRIOB + 5] = s->regs[DDRIOB + 6] + = 0x00000e00; + s->regs[DDRIOB + 12] = 0x00000021; } -static inline uint32_t zynq_slcr_read_imp(void *opaque, - hwaddr offset) -{ - ZynqSLCRState *s = (ZynqSLCRState *)opaque; +static bool zynq_slcr_check_offset(hwaddr offset, bool rnw) +{ switch (offset) { - case 0x0: /* SCL */ - return s->scl; - case 0x4: /* LOCK */ - case 0x8: /* UNLOCK */ - DB_PRINT("Reading SCLR_LOCK/UNLOCK is not enabled\n"); - return 0; - case 0x0C: /* LOCKSTA */ - return s->lockval; - case 0x100 ... 0x11C: - return s->pll[(offset - 0x100) / 4]; - case 0x120 ... 0x16C: - return s->clk[(offset - 0x120) / 4]; - case 0x170 ... 0x1AC: - return s->fpga[0][(offset - 0x170) / 4]; - case 0x1B0 ... 0x1D8: - return s->misc[(offset - 0x1B0) / 4]; - case 0x200 ... 0x258: - return s->reset[(offset - 0x200) / 4]; - case 0x25c: - return 1; - case 0x300: - return s->apu_ctrl; - case 0x304: - return s->wdt_clk_sel; - case 0x400 ... 0x408: - return s->tz_ocm[(offset - 0x400) / 4]; - case 0x430: - return s->tz_ddr; - case 0x440 ... 0x448: - return s->tz_dma[(offset - 0x440) / 4]; - case 0x450 ... 0x458: - return s->tz_misc[(offset - 0x450) / 4]; - case 0x484 ... 0x488: - return s->tz_fpga[(offset - 0x484) / 4]; - case 0x500: - return s->dbg_ctrl; - case 0x530: - return s->pss_idcode; - case 0x600 ... 0x620: - if (offset == 0x604) { - goto bad_reg; - } - return s->ddr[(offset - 0x600) / 4]; - case 0x700 ... 0x7D4: - return s->mio[(offset - 0x700) / 4]; - case 0x800 ... 0x810: - return s->mio_func[(offset - 0x800) / 4]; - case 0x830 ... 0x834: - return s->sd[(offset - 0x830) / 4]; - case 0x900: - return s->lvl_shftr_en; - case 0x910: - return s->ocm_cfg; - case 0xA00 ... 0xA1C: - return s->cpu_ram[(offset - 0xA00) / 4]; - case 0xA30 ... 0xA48: - return s->iou[(offset - 0xA30) / 4]; - case 0xA50: - return s->dmac_ram; - case 0xA60 ... 0xA8C: - return s->afi[0][(offset - 0xA60) / 4]; - case 0xA90 ... 0xA98: - return s->ocm[(offset - 0xA90) / 4]; - case 0xAA0: - return s->devci_ram; - case 0xAB0: - return s->csg_ram; - case 0xB00 ... 0xB2C: - return s->gpiob[(offset - 0xB00) / 4]; - case 0xB40 ... 0xB74: - return s->ddriob[(offset - 0xB40) / 4]; + case LOCK: + case UNLOCK: + case DDR_CAL_START: + case DDR_REF_START: + return !rnw; /* Write only */ + case LOCKSTA: + case FPGA0_THR_STA: + case FPGA1_THR_STA: + case FPGA2_THR_STA: + case FPGA3_THR_STA: + case BOOT_MODE: + case PSS_IDCODE: + case DDR_CMD_STA: + case DDR_DFI_STATUS: + case PLL_STATUS: + return rnw;/* read only */ + case SCL: + case ARM_PLL_CTRL ... IO_PLL_CTRL: + case ARM_PLL_CFG ... IO_PLL_CFG: + case ARM_CLK_CTRL ... TOPSW_CLK_CTRL: + case FPGA0_CLK_CTRL ... FPGA0_THR_CNT: + case FPGA1_CLK_CTRL ... FPGA1_THR_CNT: + case FPGA2_CLK_CTRL ... FPGA2_THR_CNT: + case FPGA3_CLK_CTRL ... FPGA3_THR_CNT: + case BANDGAP_TRIP: + case PLL_PREDIVISOR: + case CLK_621_TRUE: + case PSS_RST_CTRL ... A9_CPU_RST_CTRL: + case RS_AWDT_CTRL: + case RST_REASON: + case REBOOT_STATUS: + case APU_CTRL: + case WDT_CLK_SEL: + case TZ_DMA_NS ... TZ_DMA_PERIPH_NS: + case DDR_URGENT: + case DDR_URGENT_SEL: + case MIO ... MIO + MIO_LENGTH - 1: + case MIO_LOOPBACK ... MIO_MST_TRI1: + case SD0_WP_CD_SEL: + case SD1_WP_CD_SEL: + case LVL_SHFTR_EN: + case OCM_CFG: + case CPU_RAM: + case IOU: + case DMAC_RAM: + case AFI0 ... AFI3 + AFI_LENGTH - 1: + case OCM: + case DEVCI_RAM: + case CSG_RAM: + case GPIOB_CTRL ... GPIOB_CFG_CMOS33: + case GPIOB_CFG_HSTL: + case GPIOB_DRVR_BIAS_CTRL: + case DDRIOB ... DDRIOB + DDRIOB_LENGTH - 1: + return true; default: - bad_reg: - DB_PRINT("Bad register offset 0x%x\n", (int)offset); - return 0; + return false; } } static uint64_t zynq_slcr_read(void *opaque, hwaddr offset, unsigned size) { - uint32_t ret = zynq_slcr_read_imp(opaque, offset); + ZynqSLCRState *s = opaque; + offset /= 4; + uint32_t ret = s->regs[offset]; + + if (!zynq_slcr_check_offset(offset, true)) { + qemu_log_mask(LOG_GUEST_ERROR, "zynq_slcr: Invalid read access to " + " addr %" HWADDR_PRIx "\n", offset * 4); + } - DB_PRINT("addr: %08x data: %08x\n", (unsigned)offset, (unsigned)ret); + DB_PRINT("addr: %08" HWADDR_PRIx " data: %08" PRIx32 "\n", offset * 4, ret); return ret; } @@ -347,148 +357,55 @@ static void zynq_slcr_write(void *opaque, hwaddr offset, uint64_t val, unsigned size) { ZynqSLCRState *s = (ZynqSLCRState *)opaque; + offset /= 4; - DB_PRINT("offset: %08x data: %08x\n", (unsigned)offset, (unsigned)val); + DB_PRINT("addr: %08" HWADDR_PRIx " data: %08" PRIx64 "\n", offset * 4, val); + + if (!zynq_slcr_check_offset(offset, false)) { + qemu_log_mask(LOG_GUEST_ERROR, "zynq_slcr: Invalid write access to " + "addr %" HWADDR_PRIx "\n", offset * 4); + return; + } switch (offset) { - case 0x00: /* SCL */ - s->scl = val & 0x1; - return; - case 0x4: /* SLCR_LOCK */ + case SCL: + s->regs[SCL] = val & 0x1; + return; + case LOCK: if ((val & 0xFFFF) == XILINX_LOCK_KEY) { DB_PRINT("XILINX LOCK 0xF8000000 + 0x%x <= 0x%x\n", (int)offset, (unsigned)val & 0xFFFF); - s->lockval = 1; + s->regs[LOCKSTA] = 1; } else { DB_PRINT("WRONG XILINX LOCK KEY 0xF8000000 + 0x%x <= 0x%x\n", (int)offset, (unsigned)val & 0xFFFF); } return; - case 0x8: /* SLCR_UNLOCK */ + case UNLOCK: if ((val & 0xFFFF) == XILINX_UNLOCK_KEY) { DB_PRINT("XILINX UNLOCK 0xF8000000 + 0x%x <= 0x%x\n", (int)offset, (unsigned)val & 0xFFFF); - s->lockval = 0; + s->regs[LOCKSTA] = 0; } else { DB_PRINT("WRONG XILINX UNLOCK KEY 0xF8000000 + 0x%x <= 0x%x\n", (int)offset, (unsigned)val & 0xFFFF); } return; - case 0xc: /* LOCKSTA */ - DB_PRINT("Writing SCLR_LOCKSTA is not enabled\n"); - return; } - if (!s->lockval) { - switch (offset) { - case 0x100 ... 0x11C: - if (offset == 0x10C) { - goto bad_reg; - } - s->pll[(offset - 0x100) / 4] = val; - break; - case 0x120 ... 0x16C: - s->clk[(offset - 0x120) / 4] = val; - break; - case 0x170 ... 0x1AC: - s->fpga[0][(offset - 0x170) / 4] = val; - break; - case 0x1B0 ... 0x1D8: - s->misc[(offset - 0x1B0) / 4] = val; - break; - case 0x200 ... 0x25C: - if (offset == 0x250) { - goto bad_reg; - } - s->reset[(offset - 0x200) / 4] = val; - if (offset == 0x200 && (val & R_PSS_RST_CTRL_SOFT_RST)) { - qemu_system_reset_request(); - } - break; - case 0x300: - s->apu_ctrl = val; - break; - case 0x304: - s->wdt_clk_sel = val; - break; - case 0x400 ... 0x408: - s->tz_ocm[(offset - 0x400) / 4] = val; - break; - case 0x430: - s->tz_ddr = val; - break; - case 0x440 ... 0x448: - s->tz_dma[(offset - 0x440) / 4] = val; - break; - case 0x450 ... 0x458: - s->tz_misc[(offset - 0x450) / 4] = val; - break; - case 0x484 ... 0x488: - s->tz_fpga[(offset - 0x484) / 4] = val; - break; - case 0x500: - s->dbg_ctrl = val; - break; - case 0x530: - s->pss_idcode = val; - break; - case 0x600 ... 0x620: - if (offset == 0x604) { - goto bad_reg; - } - s->ddr[(offset - 0x600) / 4] = val; - break; - case 0x700 ... 0x7D4: - s->mio[(offset - 0x700) / 4] = val; - break; - case 0x800 ... 0x810: - s->mio_func[(offset - 0x800) / 4] = val; - break; - case 0x830 ... 0x834: - s->sd[(offset - 0x830) / 4] = val; - break; - case 0x900: - s->lvl_shftr_en = val; - break; - case 0x910: - break; - case 0xA00 ... 0xA1C: - s->cpu_ram[(offset - 0xA00) / 4] = val; - break; - case 0xA30 ... 0xA48: - s->iou[(offset - 0xA30) / 4] = val; - break; - case 0xA50: - s->dmac_ram = val; - break; - case 0xA60 ... 0xA8C: - s->afi[0][(offset - 0xA60) / 4] = val; - break; - case 0xA90: - s->ocm[0] = val; - break; - case 0xAA0: - s->devci_ram = val; - break; - case 0xAB0: - s->csg_ram = val; - break; - case 0xB00 ... 0xB2C: - if (offset == 0xB20 || offset == 0xB2C) { - goto bad_reg; - } - s->gpiob[(offset - 0xB00) / 4] = val; - break; - case 0xB40 ... 0xB74: - s->ddriob[(offset - 0xB40) / 4] = val; - break; - default: - bad_reg: - DB_PRINT("Bad register write %x <= %08x\n", (int)offset, - (unsigned)val); - } + if (!s->regs[LOCKSTA]) { + s->regs[offset / 4] = val; } else { DB_PRINT("SCLR registers are locked. Unlock them first\n"); + return; + } + + switch (offset) { + case PSS_RST_CTRL: + if (val & R_PSS_RST_CTRL_SOFT_RST) { + qemu_system_reset_request(); + } + break; } } @@ -498,23 +415,22 @@ static const MemoryRegionOps slcr_ops = { .endianness = DEVICE_NATIVE_ENDIAN, }; -static int zynq_slcr_init(SysBusDevice *dev) +static void zynq_slcr_init(Object *obj) { - ZynqSLCRState *s = ZYNQ_SLCR(dev); - - memory_region_init_io(&s->iomem, OBJECT(s), &slcr_ops, s, "slcr", 0x1000); - sysbus_init_mmio(dev, &s->iomem); + ZynqSLCRState *s = ZYNQ_SLCR(obj); - return 0; + memory_region_init_io(&s->iomem, obj, &slcr_ops, s, "slcr", + ZYNQ_SLCR_MMIO_SIZE); + sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->iomem); } static const VMStateDescription vmstate_zynq_slcr = { .name = "zynq_slcr", - .version_id = 1, - .minimum_version_id = 1, - .minimum_version_id_old = 1, + .version_id = 2, + .minimum_version_id = 2, + .minimum_version_id_old = 2, .fields = (VMStateField[]) { - VMSTATE_UINT8_ARRAY(data, ZynqSLCRState, 0x1000), + VMSTATE_UINT32_ARRAY(regs, ZynqSLCRState, ZYNQ_SLCR_NUM_REGS), VMSTATE_END_OF_LIST() } }; @@ -522,9 +438,7 @@ static const VMStateDescription vmstate_zynq_slcr = { static void zynq_slcr_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); - SysBusDeviceClass *sdc = SYS_BUS_DEVICE_CLASS(klass); - sdc->init = zynq_slcr_init; dc->vmsd = &vmstate_zynq_slcr; dc->reset = zynq_slcr_reset; } @@ -534,6 +448,7 @@ static const TypeInfo zynq_slcr_info = { .name = TYPE_ZYNQ_SLCR, .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(ZynqSLCRState), + .instance_init = zynq_slcr_init, }; static void zynq_slcr_register_types(void) diff --git a/hw/net/allwinner_emac.c b/hw/net/allwinner_emac.c index 469f2f0ede..d780ba0fcb 100644 --- a/hw/net/allwinner_emac.c +++ b/hw/net/allwinner_emac.c @@ -27,11 +27,11 @@ static uint8_t padding[60]; static void mii_set_link(RTL8201CPState *mii, bool link_ok) { if (link_ok) { - mii->bmsr |= MII_BMSR_LINK_ST; + mii->bmsr |= MII_BMSR_LINK_ST | MII_BMSR_AN_COMP; mii->anlpar |= MII_ANAR_TXFD | MII_ANAR_10FD | MII_ANAR_10 | MII_ANAR_CSMACD; } else { - mii->bmsr &= ~MII_BMSR_LINK_ST; + mii->bmsr &= ~(MII_BMSR_LINK_ST | MII_BMSR_AN_COMP); mii->anlpar = MII_ANAR_TX; } } @@ -391,9 +391,11 @@ static void aw_emac_write(void *opaque, hwaddr offset, uint64_t value, break; case EMAC_INT_CTL_REG: s->int_ctl = value; + aw_emac_update_irq(s); break; case EMAC_INT_STA_REG: s->int_sta &= ~value; + aw_emac_update_irq(s); break; case EMAC_MAC_MADR_REG: s->phy_target = value; diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c index 92dc2f21fa..e34b25e734 100644 --- a/hw/net/cadence_gem.c +++ b/hw/net/cadence_gem.c @@ -1093,7 +1093,7 @@ static uint64_t gem_read(void *opaque, hwaddr offset, unsigned size) uint32_t phy_addr, reg_num; phy_addr = (retval & GEM_PHYMNTNC_ADDR) >> GEM_PHYMNTNC_ADDR_SHFT; - if (phy_addr == BOARD_PHY_ADDRESS) { + if (phy_addr == BOARD_PHY_ADDRESS || phy_addr == 0) { reg_num = (retval & GEM_PHYMNTNC_REG) >> GEM_PHYMNTNC_REG_SHIFT; retval &= 0xFFFF0000; retval |= gem_phy_read(s, reg_num); @@ -1193,7 +1193,7 @@ static void gem_write(void *opaque, hwaddr offset, uint64_t val, uint32_t phy_addr, reg_num; phy_addr = (val & GEM_PHYMNTNC_ADDR) >> GEM_PHYMNTNC_ADDR_SHFT; - if (phy_addr == BOARD_PHY_ADDRESS) { + if (phy_addr == BOARD_PHY_ADDRESS || phy_addr == 0) { reg_num = (val & GEM_PHYMNTNC_REG) >> GEM_PHYMNTNC_REG_SHIFT; gem_phy_write(s, reg_num, val); } diff --git a/hw/timer/allwinner-a10-pit.c b/hw/timer/allwinner-a10-pit.c index b27fce8cd2..d3c02ea18f 100644 --- a/hw/timer/allwinner-a10-pit.c +++ b/hw/timer/allwinner-a10-pit.c @@ -19,6 +19,15 @@ #include "sysemu/sysemu.h" #include "hw/timer/allwinner-a10-pit.h" +static void a10_pit_update_irq(AwA10PITState *s) +{ + int i; + + for (i = 0; i < AW_A10_PIT_TIMER_NR; i++) { + qemu_set_irq(s->irq[i], !!(s->irq_status & s->irq_enable & (1 << i))); + } +} + static uint64_t a10_pit_read(void *opaque, hwaddr offset, unsigned size) { AwA10PITState *s = AW_A10_PIT(opaque); @@ -65,6 +74,22 @@ static uint64_t a10_pit_read(void *opaque, hwaddr offset, unsigned size) return 0; } +static void a10_pit_set_freq(AwA10PITState *s, int index) +{ + uint32_t prescaler, source, source_freq; + + prescaler = 1 << extract32(s->control[index], 4, 3); + source = extract32(s->control[index], 2, 2); + source_freq = s->clk_freq[source]; + + if (source_freq) { + ptimer_set_freq(s->timer[index], source_freq / prescaler); + } else { + qemu_log_mask(LOG_GUEST_ERROR, "%s: Invalid clock source %u\n", + __func__, source); + } +} + static void a10_pit_write(void *opaque, hwaddr offset, uint64_t value, unsigned size) { @@ -74,9 +99,11 @@ static void a10_pit_write(void *opaque, hwaddr offset, uint64_t value, switch (offset) { case AW_A10_PIT_TIMER_IRQ_EN: s->irq_enable = value; + a10_pit_update_irq(s); break; case AW_A10_PIT_TIMER_IRQ_ST: s->irq_status &= ~value; + a10_pit_update_irq(s); break; case AW_A10_PIT_TIMER_BASE ... AW_A10_PIT_TIMER_BASE_END: index = offset & 0xf0; @@ -85,6 +112,7 @@ static void a10_pit_write(void *opaque, hwaddr offset, uint64_t value, switch (offset & 0x0f) { case AW_A10_PIT_TIMER_CONTROL: s->control[index] = value; + a10_pit_set_freq(s, index); if (s->control[index] & AW_A10_PIT_TIMER_RELOAD) { ptimer_set_count(s->timer[index], s->interval[index]); } @@ -150,6 +178,14 @@ static const MemoryRegionOps a10_pit_ops = { .endianness = DEVICE_NATIVE_ENDIAN, }; +static Property a10_pit_properties[] = { + DEFINE_PROP_UINT32("clk0-freq", AwA10PITState, clk_freq[0], 0), + DEFINE_PROP_UINT32("clk1-freq", AwA10PITState, clk_freq[1], 0), + DEFINE_PROP_UINT32("clk2-freq", AwA10PITState, clk_freq[2], 0), + DEFINE_PROP_UINT32("clk3-freq", AwA10PITState, clk_freq[3], 0), + DEFINE_PROP_END_OF_LIST(), +}; + static const VMStateDescription vmstate_a10_pit = { .name = "a10.pit", .version_id = 1, @@ -178,11 +214,14 @@ static void a10_pit_reset(DeviceState *dev) s->irq_enable = 0; s->irq_status = 0; + a10_pit_update_irq(s); + for (i = 0; i < 6; i++) { s->control[i] = AW_A10_PIT_DEFAULT_CLOCK; s->interval[i] = 0; s->count[i] = 0; ptimer_stop(s->timer[i]); + a10_pit_set_freq(s, i); } s->watch_dog_mode = 0; s->watch_dog_control = 0; @@ -193,18 +232,17 @@ static void a10_pit_reset(DeviceState *dev) static void a10_pit_timer_cb(void *opaque) { - AwA10PITState *s = AW_A10_PIT(opaque); - uint8_t i; + AwA10TimerContext *tc = opaque; + AwA10PITState *s = tc->container; + uint8_t i = tc->index; - for (i = 0; i < AW_A10_PIT_TIMER_NR; i++) { - if (s->control[i] & AW_A10_PIT_TIMER_EN) { - s->irq_status |= 1 << i; - if (s->control[i] & AW_A10_PIT_TIMER_MODE) { - ptimer_stop(s->timer[i]); - s->control[i] &= ~AW_A10_PIT_TIMER_EN; - } - qemu_irq_pulse(s->irq[i]); + if (s->control[i] & AW_A10_PIT_TIMER_EN) { + s->irq_status |= 1 << i; + if (s->control[i] & AW_A10_PIT_TIMER_MODE) { + ptimer_stop(s->timer[i]); + s->control[i] &= ~AW_A10_PIT_TIMER_EN; } + a10_pit_update_irq(s); } } @@ -223,9 +261,12 @@ static void a10_pit_init(Object *obj) sysbus_init_mmio(sbd, &s->iomem); for (i = 0; i < AW_A10_PIT_TIMER_NR; i++) { - bh[i] = qemu_bh_new(a10_pit_timer_cb, s); + AwA10TimerContext *tc = &s->timer_context[i]; + + tc->container = s; + tc->index = i; + bh[i] = qemu_bh_new(a10_pit_timer_cb, tc); s->timer[i] = ptimer_init(bh[i]); - ptimer_set_freq(s->timer[i], 240000); } } @@ -234,6 +275,7 @@ static void a10_pit_class_init(ObjectClass *klass, void *data) DeviceClass *dc = DEVICE_CLASS(klass); dc->reset = a10_pit_reset; + dc->props = a10_pit_properties; dc->desc = "allwinner a10 timer"; dc->vmsd = &vmstate_a10_pit; } diff --git a/hw/timer/cadence_ttc.c b/hw/timer/cadence_ttc.c index a279bced78..28cb328f9b 100644 --- a/hw/timer/cadence_ttc.c +++ b/hw/timer/cadence_ttc.c @@ -346,11 +346,13 @@ static void cadence_ttc_write(void *opaque, hwaddr offset, case 0x34: case 0x38: s->reg_match[0] = value & 0xffff; + break; case 0x3c: /* match register */ case 0x40: case 0x44: s->reg_match[1] = value & 0xffff; + break; case 0x48: /* match register */ case 0x4c: diff --git a/hw/usb/Makefile.objs b/hw/usb/Makefile.objs index 97b457541f..17d460cb04 100644 --- a/hw/usb/Makefile.objs +++ b/hw/usb/Makefile.objs @@ -26,6 +26,10 @@ common-obj-y += ccid-card-passthru.o common-obj-$(CONFIG_SMARTCARD_NSS) += ccid-card-emulated.o endif +ifeq ($(CONFIG_POSIX),y) +common-obj-$(CONFIG_USB_STORAGE_MTP) += dev-mtp.o +endif + # usb redirection common-obj-$(CONFIG_USB_REDIR) += redirect.o quirks.o diff --git a/hw/usb/desc-msos.c b/hw/usb/desc-msos.c index ed8d62cab8..334d1aea8d 100644 --- a/hw/usb/desc-msos.c +++ b/hw/usb/desc-msos.c @@ -44,7 +44,7 @@ typedef struct msos_compat_hdr { typedef struct msos_compat_func { uint8_t bFirstInterfaceNumber; uint8_t reserved_1; - uint8_t compatibleId[8]; + char compatibleId[8]; uint8_t subCompatibleId[8]; uint8_t reserved_2[6]; } QEMU_PACKED msos_compat_func; @@ -59,6 +59,10 @@ static int usb_desc_msos_compat(const USBDesc *desc, uint8_t *dest) func = (void *)(dest + length); func->bFirstInterfaceNumber = 0; func->reserved_1 = 0x01; + if (desc->msos->CompatibleID) { + snprintf(func->compatibleId, sizeof(func->compatibleId), + "%s", desc->msos->CompatibleID); + } length += sizeof(*func); count++; diff --git a/hw/usb/desc.h b/hw/usb/desc.h index 2b4fcdae76..8e8db03a0c 100644 --- a/hw/usb/desc.h +++ b/hw/usb/desc.h @@ -184,6 +184,7 @@ struct USBDescOther { }; struct USBDescMSOS { + const char *CompatibleID; const wchar_t *Label; bool SelectiveSuspendEnabled; }; diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c new file mode 100644 index 0000000000..8b44032900 --- /dev/null +++ b/hw/usb/dev-mtp.c @@ -0,0 +1,1103 @@ +/* + * Media Transfer Protocol implementation, backed by host filesystem. + * + * Copyright Red Hat, Inc 2014 + * + * Author: + * Gerd Hoffmann <kraxel@redhat.com> + * + * This code is licensed under the GPL v2 or later. + */ + +#include <wchar.h> +#include <dirent.h> +#include <unistd.h> + +#include <sys/stat.h> +#include <sys/statvfs.h> + +#include "qemu-common.h" +#include "qemu/iov.h" +#include "trace.h" +#include "hw/usb.h" +#include "hw/usb/desc.h" + +/* ----------------------------------------------------------------------- */ + +enum mtp_container_type { + TYPE_COMMAND = 1, + TYPE_DATA = 2, + TYPE_RESPONSE = 3, + TYPE_EVENT = 4, +}; + +enum mtp_code { + /* command codes */ + CMD_GET_DEVICE_INFO = 0x1001, + CMD_OPEN_SESSION = 0x1002, + CMD_CLOSE_SESSION = 0x1003, + CMD_GET_STORAGE_IDS = 0x1004, + CMD_GET_STORAGE_INFO = 0x1005, + CMD_GET_NUM_OBJECTS = 0x1006, + CMD_GET_OBJECT_HANDLES = 0x1007, + CMD_GET_OBJECT_INFO = 0x1008, + CMD_GET_OBJECT = 0x1009, + CMD_GET_PARTIAL_OBJECT = 0x101b, + + /* response codes */ + RES_OK = 0x2001, + RES_SESSION_NOT_OPEN = 0x2003, + RES_INVALID_TRANSACTION_ID = 0x2004, + RES_OPERATION_NOT_SUPPORTED = 0x2005, + RES_PARAMETER_NOT_SUPPORTED = 0x2006, + RES_INVALID_STORAGE_ID = 0x2008, + RES_INVALID_OBJECT_HANDLE = 0x2009, + RES_SPEC_BY_FORMAT_UNSUPPORTED = 0x2014, + RES_INVALID_PARENT_OBJECT = 0x201a, + RES_INVALID_PARAMETER = 0x201d, + RES_SESSION_ALREADY_OPEN = 0x201e, + + /* format codes */ + FMT_UNDEFINED_OBJECT = 0x3000, + FMT_ASSOCIATION = 0x3001, +}; + +typedef struct { + uint32_t length; + uint16_t type; + uint16_t code; + uint32_t trans; +} QEMU_PACKED mtp_container; + +/* ----------------------------------------------------------------------- */ + +typedef struct MTPState MTPState; +typedef struct MTPControl MTPControl; +typedef struct MTPData MTPData; +typedef struct MTPObject MTPObject; + +enum { + EP_DATA_IN = 1, + EP_DATA_OUT, + EP_EVENT, +}; + +struct MTPControl { + uint16_t code; + uint32_t trans; + int argc; + uint32_t argv[5]; +}; + +struct MTPData { + uint16_t code; + uint32_t trans; + uint32_t offset; + uint32_t length; + uint32_t alloc; + uint8_t *data; + bool first; + int fd; +}; + +struct MTPObject { + uint32_t handle; + uint16_t format; + char *name; + char *path; + struct stat stat; + MTPObject *parent; + MTPObject **children; + int32_t nchildren; + QTAILQ_ENTRY(MTPObject) next; +}; + +struct MTPState { + USBDevice dev; + char *root; + char *desc; + uint32_t flags; + + MTPData *data_in; + MTPData *data_out; + MTPControl *result; + uint32_t session; + uint32_t next_handle; + + QTAILQ_HEAD(, MTPObject) objects; +}; + +#define QEMU_STORAGE_ID 0x00010001 + +#define MTP_FLAG_WRITABLE 0 + +#define FLAG_SET(_mtp, _flag) ((_mtp)->flags & (1 << (_flag))) + +/* ----------------------------------------------------------------------- */ + +#define MTP_MANUFACTURER "QEMU" +#define MTP_PRODUCT "QEMU filesharing" + +enum { + STR_MANUFACTURER = 1, + STR_PRODUCT, + STR_SERIALNUMBER, + STR_CONFIG_FULL, + STR_CONFIG_HIGH, + STR_CONFIG_SUPER, +}; + +static const USBDescStrings desc_strings = { + [STR_MANUFACTURER] = MTP_MANUFACTURER, + [STR_PRODUCT] = MTP_PRODUCT, + [STR_SERIALNUMBER] = "34617", + [STR_CONFIG_FULL] = "Full speed config (usb 1.1)", + [STR_CONFIG_HIGH] = "High speed config (usb 2.0)", + [STR_CONFIG_SUPER] = "Super speed config (usb 3.0)", +}; + +static const USBDescIface desc_iface_full = { + .bInterfaceNumber = 0, + .bNumEndpoints = 3, + .bInterfaceClass = USB_CLASS_STILL_IMAGE, + .bInterfaceSubClass = 0x01, + .bInterfaceProtocol = 0x01, + .eps = (USBDescEndpoint[]) { + { + .bEndpointAddress = USB_DIR_IN | EP_DATA_IN, + .bmAttributes = USB_ENDPOINT_XFER_BULK, + .wMaxPacketSize = 64, + },{ + .bEndpointAddress = USB_DIR_OUT | EP_DATA_OUT, + .bmAttributes = USB_ENDPOINT_XFER_BULK, + .wMaxPacketSize = 64, + },{ + .bEndpointAddress = USB_DIR_IN | EP_EVENT, + .bmAttributes = USB_ENDPOINT_XFER_INT, + .wMaxPacketSize = 8, + .bInterval = 0x0a, + }, + } +}; + +static const USBDescDevice desc_device_full = { + .bcdUSB = 0x0200, + .bMaxPacketSize0 = 8, + .bNumConfigurations = 1, + .confs = (USBDescConfig[]) { + { + .bNumInterfaces = 1, + .bConfigurationValue = 1, + .iConfiguration = STR_CONFIG_FULL, + .bmAttributes = USB_CFG_ATT_ONE | USB_CFG_ATT_WAKEUP, + .bMaxPower = 2, + .nif = 1, + .ifs = &desc_iface_full, + }, + }, +}; + +static const USBDescIface desc_iface_high = { + .bInterfaceNumber = 0, + .bNumEndpoints = 3, + .bInterfaceClass = USB_CLASS_STILL_IMAGE, + .bInterfaceSubClass = 0x01, + .bInterfaceProtocol = 0x01, + .eps = (USBDescEndpoint[]) { + { + .bEndpointAddress = USB_DIR_IN | EP_DATA_IN, + .bmAttributes = USB_ENDPOINT_XFER_BULK, + .wMaxPacketSize = 512, + },{ + .bEndpointAddress = USB_DIR_OUT | EP_DATA_OUT, + .bmAttributes = USB_ENDPOINT_XFER_BULK, + .wMaxPacketSize = 512, + },{ + .bEndpointAddress = USB_DIR_IN | EP_EVENT, + .bmAttributes = USB_ENDPOINT_XFER_INT, + .wMaxPacketSize = 8, + .bInterval = 0x0a, + }, + } +}; + +static const USBDescDevice desc_device_high = { + .bcdUSB = 0x0200, + .bMaxPacketSize0 = 64, + .bNumConfigurations = 1, + .confs = (USBDescConfig[]) { + { + .bNumInterfaces = 1, + .bConfigurationValue = 1, + .iConfiguration = STR_CONFIG_HIGH, + .bmAttributes = USB_CFG_ATT_ONE | USB_CFG_ATT_WAKEUP, + .bMaxPower = 2, + .nif = 1, + .ifs = &desc_iface_high, + }, + }, +}; + +static const USBDescMSOS desc_msos = { + .CompatibleID = "MTP", + .SelectiveSuspendEnabled = true, +}; + +static const USBDesc desc = { + .id = { + .idVendor = 0x46f4, /* CRC16() of "QEMU" */ + .idProduct = 0x0004, + .bcdDevice = 0, + .iManufacturer = STR_MANUFACTURER, + .iProduct = STR_PRODUCT, + .iSerialNumber = STR_SERIALNUMBER, + }, + .full = &desc_device_full, + .high = &desc_device_high, + .str = desc_strings, + .msos = &desc_msos, +}; + +/* ----------------------------------------------------------------------- */ + +static MTPObject *usb_mtp_object_alloc(MTPState *s, uint32_t handle, + MTPObject *parent, char *name) +{ + MTPObject *o = g_new0(MTPObject, 1); + + if (name[0] == '.') { + goto ignore; + } + + o->handle = handle; + o->parent = parent; + o->name = g_strdup(name); + o->nchildren = -1; + if (parent == NULL) { + o->path = g_strdup(name); + } else { + o->path = g_strdup_printf("%s/%s", parent->path, name); + } + + if (lstat(o->path, &o->stat) != 0) { + goto ignore; + } + if (S_ISREG(o->stat.st_mode)) { + o->format = FMT_UNDEFINED_OBJECT; + } else if (S_ISDIR(o->stat.st_mode)) { + o->format = FMT_ASSOCIATION; + } else { + goto ignore; + } + + if (access(o->path, R_OK) != 0) { + goto ignore; + } + + fprintf(stderr, "%s: 0x%x %s\n", __func__, o->handle, o->path); + + QTAILQ_INSERT_TAIL(&s->objects, o, next); + return o; + +ignore: + g_free(o->name); + g_free(o->path); + g_free(o); + return NULL; +} + +static void usb_mtp_object_free(MTPState *s, MTPObject *o) +{ + int i; + + fprintf(stderr, "%s: 0x%x %s\n", __func__, o->handle, o->path); + + QTAILQ_REMOVE(&s->objects, o, next); + for (i = 0; i < o->nchildren; i++) { + usb_mtp_object_free(s, o->children[i]); + } + g_free(o->children); + g_free(o->name); + g_free(o->path); + g_free(o); +} + +static MTPObject *usb_mtp_object_lookup(MTPState *s, uint32_t handle) +{ + MTPObject *o; + + QTAILQ_FOREACH(o, &s->objects, next) { + if (o->handle == handle) { + return o; + } + } + return NULL; +} + +static void usb_mtp_object_readdir(MTPState *s, MTPObject *o) +{ + struct dirent *entry; + DIR *dir; + + o->nchildren = 0; + dir = opendir(o->path); + if (!dir) { + return; + } + while ((entry = readdir(dir)) != NULL) { + if ((o->nchildren % 32) == 0) { + o->children = g_realloc(o->children, + (o->nchildren + 32) * sizeof(MTPObject *)); + } + o->children[o->nchildren] = + usb_mtp_object_alloc(s, s->next_handle++, o, entry->d_name); + if (o->children[o->nchildren] != NULL) { + o->nchildren++; + } + } + closedir(dir); +} + +/* ----------------------------------------------------------------------- */ + +static MTPData *usb_mtp_data_alloc(MTPControl *c) +{ + MTPData *data = g_new0(MTPData, 1); + + data->code = c->code; + data->trans = c->trans; + data->fd = -1; + data->first = true; + return data; +} + +static void usb_mtp_data_free(MTPData *data) +{ + if (data == NULL) { + return; + } + if (data->fd != -1) { + close(data->fd); + } + g_free(data->data); + g_free(data); +} + +static void usb_mtp_realloc(MTPData *data, uint32_t bytes) +{ + if (data->length + bytes <= data->alloc) { + return; + } + data->alloc = (data->length + bytes + 0xff) & ~0xff; + data->data = g_realloc(data->data, data->alloc); +} + +static void usb_mtp_add_u8(MTPData *data, uint8_t val) +{ + usb_mtp_realloc(data, 1); + data->data[data->length++] = val; +} + +static void usb_mtp_add_u16(MTPData *data, uint16_t val) +{ + usb_mtp_realloc(data, 2); + data->data[data->length++] = (val >> 0) & 0xff; + data->data[data->length++] = (val >> 8) & 0xff; +} + +static void usb_mtp_add_u32(MTPData *data, uint32_t val) +{ + usb_mtp_realloc(data, 4); + data->data[data->length++] = (val >> 0) & 0xff; + data->data[data->length++] = (val >> 8) & 0xff; + data->data[data->length++] = (val >> 16) & 0xff; + data->data[data->length++] = (val >> 24) & 0xff; +} + +static void usb_mtp_add_u64(MTPData *data, uint64_t val) +{ + usb_mtp_realloc(data, 4); + data->data[data->length++] = (val >> 0) & 0xff; + data->data[data->length++] = (val >> 8) & 0xff; + data->data[data->length++] = (val >> 16) & 0xff; + data->data[data->length++] = (val >> 24) & 0xff; + data->data[data->length++] = (val >> 32) & 0xff; + data->data[data->length++] = (val >> 40) & 0xff; + data->data[data->length++] = (val >> 48) & 0xff; + data->data[data->length++] = (val >> 54) & 0xff; +} + +static void usb_mtp_add_u16_array(MTPData *data, uint32_t len, + const uint16_t *vals) +{ + int i; + + usb_mtp_add_u32(data, len); + for (i = 0; i < len; i++) { + usb_mtp_add_u16(data, vals[i]); + } +} + +static void usb_mtp_add_u32_array(MTPData *data, uint32_t len, + const uint32_t *vals) +{ + int i; + + usb_mtp_add_u32(data, len); + for (i = 0; i < len; i++) { + usb_mtp_add_u32(data, vals[i]); + } +} + +static void usb_mtp_add_wstr(MTPData *data, const wchar_t *str) +{ + uint32_t len = wcslen(str); + int i; + + if (len > 0) { + len++; /* include terminating L'\0' */ + } + + usb_mtp_add_u8(data, len); + for (i = 0; i < len; i++) { + usb_mtp_add_u16(data, str[i]); + } +} + +static void usb_mtp_add_str(MTPData *data, const char *str) +{ + uint32_t len = strlen(str)+1; + wchar_t wstr[len]; + size_t ret; + + ret = mbstowcs(wstr, str, len); + if (ret == -1) { + usb_mtp_add_wstr(data, L"Oops"); + } else { + usb_mtp_add_wstr(data, wstr); + } +} + +static void usb_mtp_add_time(MTPData *data, time_t time) +{ + char buf[16]; + struct tm tm; + + gmtime_r(&time, &tm); + strftime(buf, sizeof(buf), "%Y%m%dT%H%M%S", &tm); + usb_mtp_add_str(data, buf); +} + +/* ----------------------------------------------------------------------- */ + +static void usb_mtp_queue_result(MTPState *s, uint16_t code, uint32_t trans, + int argc, uint32_t arg0, uint32_t arg1) +{ + MTPControl *c = g_new0(MTPControl, 1); + + c->code = code; + c->trans = trans; + c->argc = argc; + if (argc > 0) { + c->argv[0] = arg0; + } + if (argc > 1) { + c->argv[1] = arg1; + } + + assert(s->result == NULL); + s->result = c; +} + +/* ----------------------------------------------------------------------- */ + +static MTPData *usb_mtp_get_device_info(MTPState *s, MTPControl *c) +{ + static const uint16_t ops[] = { + CMD_GET_DEVICE_INFO, + CMD_OPEN_SESSION, + CMD_CLOSE_SESSION, + CMD_GET_STORAGE_IDS, + CMD_GET_STORAGE_INFO, + CMD_GET_NUM_OBJECTS, + CMD_GET_OBJECT_HANDLES, + CMD_GET_OBJECT_INFO, + CMD_GET_OBJECT, + CMD_GET_PARTIAL_OBJECT, + }; + static const uint16_t fmt[] = { + FMT_UNDEFINED_OBJECT, + FMT_ASSOCIATION, + }; + MTPData *d = usb_mtp_data_alloc(c); + + trace_usb_mtp_op_get_device_info(s->dev.addr); + + usb_mtp_add_u16(d, 0x0100); + usb_mtp_add_u32(d, 0xffffffff); + usb_mtp_add_u16(d, 0x0101); + usb_mtp_add_wstr(d, L""); + usb_mtp_add_u16(d, 0x0000); + + usb_mtp_add_u16_array(d, ARRAY_SIZE(ops), ops); + usb_mtp_add_u16_array(d, 0, NULL); + usb_mtp_add_u16_array(d, 0, NULL); + usb_mtp_add_u16_array(d, 0, NULL); + usb_mtp_add_u16_array(d, ARRAY_SIZE(fmt), fmt); + + usb_mtp_add_wstr(d, L"" MTP_MANUFACTURER); + usb_mtp_add_wstr(d, L"" MTP_PRODUCT); + usb_mtp_add_wstr(d, L"0.1"); + usb_mtp_add_wstr(d, L"123456789abcdef123456789abcdef"); + + return d; +} + +static MTPData *usb_mtp_get_storage_ids(MTPState *s, MTPControl *c) +{ + static const uint32_t ids[] = { + QEMU_STORAGE_ID, + }; + MTPData *d = usb_mtp_data_alloc(c); + + trace_usb_mtp_op_get_storage_ids(s->dev.addr); + + usb_mtp_add_u32_array(d, ARRAY_SIZE(ids), ids); + + return d; +} + +static MTPData *usb_mtp_get_storage_info(MTPState *s, MTPControl *c) +{ + MTPData *d = usb_mtp_data_alloc(c); + struct statvfs buf; + int rc; + + trace_usb_mtp_op_get_storage_info(s->dev.addr); + + if (FLAG_SET(s, MTP_FLAG_WRITABLE)) { + usb_mtp_add_u16(d, 0x0003); + usb_mtp_add_u16(d, 0x0002); + usb_mtp_add_u16(d, 0x0000); + } else { + usb_mtp_add_u16(d, 0x0001); + usb_mtp_add_u16(d, 0x0002); + usb_mtp_add_u16(d, 0x0001); + } + + rc = statvfs(s->root, &buf); + if (rc == 0) { + usb_mtp_add_u64(d, (uint64_t)buf.f_frsize * buf.f_blocks); + usb_mtp_add_u64(d, (uint64_t)buf.f_bavail * buf.f_blocks); + usb_mtp_add_u32(d, buf.f_ffree); + } else { + usb_mtp_add_u64(d, 0xffffffff); + usb_mtp_add_u64(d, 0xffffffff); + usb_mtp_add_u32(d, 0xffffffff); + } + + usb_mtp_add_str(d, s->desc); + usb_mtp_add_wstr(d, L"123456789abcdef"); + return d; +} + +static MTPData *usb_mtp_get_object_handles(MTPState *s, MTPControl *c, + MTPObject *o) +{ + MTPData *d = usb_mtp_data_alloc(c); + uint32_t i, handles[o->nchildren]; + + trace_usb_mtp_op_get_object_handles(s->dev.addr, o->handle, o->path); + + for (i = 0; i < o->nchildren; i++) { + handles[i] = o->children[i]->handle; + } + usb_mtp_add_u32_array(d, o->nchildren, handles); + + return d; +} + +static MTPData *usb_mtp_get_object_info(MTPState *s, MTPControl *c, + MTPObject *o) +{ + MTPData *d = usb_mtp_data_alloc(c); + + trace_usb_mtp_op_get_object_info(s->dev.addr, o->handle, o->path); + + usb_mtp_add_u32(d, QEMU_STORAGE_ID); + usb_mtp_add_u16(d, o->format); + usb_mtp_add_u16(d, 0); + usb_mtp_add_u32(d, o->stat.st_size); + + usb_mtp_add_u16(d, 0); + usb_mtp_add_u32(d, 0); + usb_mtp_add_u32(d, 0); + usb_mtp_add_u32(d, 0); + usb_mtp_add_u32(d, 0); + usb_mtp_add_u32(d, 0); + usb_mtp_add_u32(d, 0); + + if (o->parent) { + usb_mtp_add_u32(d, o->parent->handle); + } else { + usb_mtp_add_u32(d, 0); + } + if (o->format == FMT_ASSOCIATION) { + usb_mtp_add_u16(d, 0x0001); + usb_mtp_add_u32(d, 0x00000001); + usb_mtp_add_u32(d, 0); + } else { + usb_mtp_add_u16(d, 0); + usb_mtp_add_u32(d, 0); + usb_mtp_add_u32(d, 0); + } + + usb_mtp_add_str(d, o->name); + usb_mtp_add_time(d, o->stat.st_ctime); + usb_mtp_add_time(d, o->stat.st_mtime); + usb_mtp_add_wstr(d, L""); + + return d; +} + +static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c, + MTPObject *o) +{ + MTPData *d = usb_mtp_data_alloc(c); + + trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path); + + d->fd = open(o->path, O_RDONLY); + if (d->fd == -1) { + return NULL; + } + d->length = o->stat.st_size; + d->alloc = 512; + d->data = g_malloc(d->alloc); + return d; +} + +static MTPData *usb_mtp_get_partial_object(MTPState *s, MTPControl *c, + MTPObject *o) +{ + MTPData *d = usb_mtp_data_alloc(c); + off_t offset; + + trace_usb_mtp_op_get_partial_object(s->dev.addr, o->handle, o->path, + c->argv[1], c->argv[2]); + + d->fd = open(o->path, O_RDONLY); + if (d->fd == -1) { + return NULL; + } + + offset = c->argv[1]; + if (offset > o->stat.st_size) { + offset = o->stat.st_size; + } + lseek(d->fd, offset, SEEK_SET); + + d->length = c->argv[2]; + if (d->length > o->stat.st_size - offset) { + d->length = o->stat.st_size - offset; + } + + return d; +} + +static void usb_mtp_command(MTPState *s, MTPControl *c) +{ + MTPData *data_in = NULL; + MTPObject *o; + uint32_t nres = 0, res0 = 0; + + /* sanity checks */ + if (c->code >= CMD_CLOSE_SESSION && s->session == 0) { + usb_mtp_queue_result(s, RES_SESSION_NOT_OPEN, + c->trans, 0, 0, 0); + return; + } + + /* process commands */ + switch (c->code) { + case CMD_GET_DEVICE_INFO: + data_in = usb_mtp_get_device_info(s, c); + break; + case CMD_OPEN_SESSION: + if (s->session) { + usb_mtp_queue_result(s, RES_SESSION_ALREADY_OPEN, + c->trans, 1, s->session, 0); + return; + } + if (c->argv[0] == 0) { + usb_mtp_queue_result(s, RES_INVALID_PARAMETER, + c->trans, 0, 0, 0); + return; + } + trace_usb_mtp_op_open_session(s->dev.addr); + s->session = c->argv[0]; + usb_mtp_object_alloc(s, s->next_handle++, NULL, s->root); + break; + case CMD_CLOSE_SESSION: + trace_usb_mtp_op_close_session(s->dev.addr); + s->session = 0; + s->next_handle = 0; + usb_mtp_object_free(s, QTAILQ_FIRST(&s->objects)); + assert(QTAILQ_EMPTY(&s->objects)); + break; + case CMD_GET_STORAGE_IDS: + data_in = usb_mtp_get_storage_ids(s, c); + break; + case CMD_GET_STORAGE_INFO: + if (c->argv[0] != QEMU_STORAGE_ID && + c->argv[0] != 0xffffffff) { + usb_mtp_queue_result(s, RES_INVALID_STORAGE_ID, + c->trans, 0, 0, 0); + return; + } + data_in = usb_mtp_get_storage_info(s, c); + break; + case CMD_GET_NUM_OBJECTS: + case CMD_GET_OBJECT_HANDLES: + if (c->argv[0] != QEMU_STORAGE_ID && + c->argv[0] != 0xffffffff) { + usb_mtp_queue_result(s, RES_INVALID_STORAGE_ID, + c->trans, 0, 0, 0); + return; + } + if (c->argv[1] != 0x00000000) { + usb_mtp_queue_result(s, RES_SPEC_BY_FORMAT_UNSUPPORTED, + c->trans, 0, 0, 0); + return; + } + if (c->argv[2] == 0x00000000 || + c->argv[2] == 0xffffffff) { + o = QTAILQ_FIRST(&s->objects); + } else { + o = usb_mtp_object_lookup(s, c->argv[2]); + } + if (o == NULL) { + usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, + c->trans, 0, 0, 0); + return; + } + if (o->format != FMT_ASSOCIATION) { + usb_mtp_queue_result(s, RES_INVALID_PARENT_OBJECT, + c->trans, 0, 0, 0); + return; + } + if (o->nchildren == -1) { + usb_mtp_object_readdir(s, o); + } + if (c->code == CMD_GET_NUM_OBJECTS) { + trace_usb_mtp_op_get_num_objects(s->dev.addr, o->handle, o->path); + nres = 1; + res0 = o->nchildren; + } else { + data_in = usb_mtp_get_object_handles(s, c, o); + } + break; + case CMD_GET_OBJECT_INFO: + o = usb_mtp_object_lookup(s, c->argv[0]); + if (o == NULL) { + usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, + c->trans, 0, 0, 0); + return; + } + data_in = usb_mtp_get_object_info(s, c, o); + break; + case CMD_GET_OBJECT: + o = usb_mtp_object_lookup(s, c->argv[0]); + if (o == NULL) { + usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, + c->trans, 0, 0, 0); + return; + } + if (o->format == FMT_ASSOCIATION) { + usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, + c->trans, 0, 0, 0); + return; + } + data_in = usb_mtp_get_object(s, c, o); + if (NULL == data_in) { + fprintf(stderr, "%s: TODO: handle error\n", __func__); + } + break; + case CMD_GET_PARTIAL_OBJECT: + o = usb_mtp_object_lookup(s, c->argv[0]); + if (o == NULL) { + usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, + c->trans, 0, 0, 0); + return; + } + if (o->format == FMT_ASSOCIATION) { + usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, + c->trans, 0, 0, 0); + return; + } + data_in = usb_mtp_get_partial_object(s, c, o); + if (NULL == data_in) { + fprintf(stderr, "%s: TODO: handle error\n", __func__); + } + nres = 1; + res0 = data_in->length; + break; + default: + fprintf(stderr, "%s: unknown command code 0x%04x\n", + __func__, c->code); + usb_mtp_queue_result(s, RES_OPERATION_NOT_SUPPORTED, + c->trans, 0, 0, 0); + return; + } + + /* return results on success */ + if (data_in) { + assert(s->data_in == NULL); + s->data_in = data_in; + } + usb_mtp_queue_result(s, RES_OK, c->trans, nres, res0, 0); +} + +/* ----------------------------------------------------------------------- */ + +static void usb_mtp_handle_reset(USBDevice *dev) +{ + MTPState *s = DO_UPCAST(MTPState, dev, dev); + + trace_usb_mtp_reset(s->dev.addr); + + s->session = 0; + usb_mtp_data_free(s->data_in); + s->data_in = NULL; + usb_mtp_data_free(s->data_out); + s->data_out = NULL; + g_free(s->result); + s->result = NULL; +} + +static void usb_mtp_handle_control(USBDevice *dev, USBPacket *p, + int request, int value, int index, + int length, uint8_t *data) +{ + int ret; + + ret = usb_desc_handle_control(dev, p, request, value, index, length, data); + if (ret >= 0) { + return; + } + + trace_usb_mtp_stall(dev->addr, "unknown control request"); + p->status = USB_RET_STALL; +} + +static void usb_mtp_cancel_packet(USBDevice *dev, USBPacket *p) +{ + fprintf(stderr, "%s\n", __func__); +} + +static void usb_mtp_handle_data(USBDevice *dev, USBPacket *p) +{ + MTPState *s = DO_UPCAST(MTPState, dev, dev); + MTPControl cmd; + mtp_container container; + uint32_t params[5]; + int i, rc; + + switch (p->ep->nr) { + case EP_DATA_IN: + if (s->data_out != NULL) { + /* guest bug */ + trace_usb_mtp_stall(s->dev.addr, "awaiting data-out"); + p->status = USB_RET_STALL; + return; + } + if (p->iov.size < sizeof(container)) { + trace_usb_mtp_stall(s->dev.addr, "packet too small"); + p->status = USB_RET_STALL; + return; + } + if (s->data_in != NULL) { + MTPData *d = s->data_in; + int dlen = d->length - d->offset; + if (d->first) { + trace_usb_mtp_data_in(s->dev.addr, d->trans, d->length); + container.length = cpu_to_le32(d->length + sizeof(container)); + container.type = cpu_to_le16(TYPE_DATA); + container.code = cpu_to_le16(d->code); + container.trans = cpu_to_le32(d->trans); + usb_packet_copy(p, &container, sizeof(container)); + d->first = false; + if (dlen > p->iov.size - sizeof(container)) { + dlen = p->iov.size - sizeof(container); + } + } else { + if (dlen > p->iov.size) { + dlen = p->iov.size; + } + } + if (d->fd == -1) { + usb_packet_copy(p, d->data + d->offset, dlen); + } else { + if (d->alloc < p->iov.size) { + d->alloc = p->iov.size; + d->data = g_realloc(d->data, d->alloc); + } + rc = read(d->fd, d->data, dlen); + if (rc != dlen) { + fprintf(stderr, "%s: TODO: handle read error\n", __func__); + } + usb_packet_copy(p, d->data, dlen); + } + d->offset += dlen; + if (d->offset == d->length) { + usb_mtp_data_free(s->data_in); + s->data_in = NULL; + } + } else if (s->result != NULL) { + MTPControl *r = s->result; + int length = sizeof(container) + r->argc * sizeof(uint32_t); + if (r->code == RES_OK) { + trace_usb_mtp_success(s->dev.addr, r->trans, + (r->argc > 0) ? r->argv[0] : 0, + (r->argc > 1) ? r->argv[1] : 0); + } else { + trace_usb_mtp_error(s->dev.addr, r->code, r->trans, + (r->argc > 0) ? r->argv[0] : 0, + (r->argc > 1) ? r->argv[1] : 0); + } + container.length = cpu_to_le32(length); + container.type = cpu_to_le16(TYPE_RESPONSE); + container.code = cpu_to_le16(r->code); + container.trans = cpu_to_le32(r->trans); + for (i = 0; i < r->argc; i++) { + params[i] = cpu_to_le32(r->argv[i]); + } + usb_packet_copy(p, &container, sizeof(container)); + usb_packet_copy(p, ¶ms, length - sizeof(container)); + g_free(s->result); + s->result = NULL; + } + break; + case EP_DATA_OUT: + if (p->iov.size < sizeof(container)) { + trace_usb_mtp_stall(s->dev.addr, "packet too small"); + p->status = USB_RET_STALL; + return; + } + usb_packet_copy(p, &container, sizeof(container)); + switch (le16_to_cpu(container.type)) { + case TYPE_COMMAND: + if (s->data_in || s->data_out || s->result) { + trace_usb_mtp_stall(s->dev.addr, "transaction inflight"); + p->status = USB_RET_STALL; + return; + } + cmd.code = le16_to_cpu(container.code); + cmd.argc = (le32_to_cpu(container.length) - sizeof(container)) + / sizeof(uint32_t); + cmd.trans = le32_to_cpu(container.trans); + usb_packet_copy(p, ¶ms, cmd.argc * sizeof(uint32_t)); + for (i = 0; i < cmd.argc; i++) { + cmd.argv[i] = le32_to_cpu(params[i]); + } + trace_usb_mtp_command(s->dev.addr, cmd.code, cmd.trans, + (cmd.argc > 0) ? cmd.argv[0] : 0, + (cmd.argc > 1) ? cmd.argv[1] : 0, + (cmd.argc > 2) ? cmd.argv[2] : 0, + (cmd.argc > 3) ? cmd.argv[3] : 0, + (cmd.argc > 4) ? cmd.argv[4] : 0); + usb_mtp_command(s, &cmd); + break; + default: + iov_hexdump(p->iov.iov, p->iov.niov, stderr, "mtp-out", 32); + trace_usb_mtp_stall(s->dev.addr, "TODO: implement data-out"); + p->status = USB_RET_STALL; + return; + } + break; + case EP_EVENT: + p->status = USB_RET_NAK; + return; + default: + trace_usb_mtp_stall(s->dev.addr, "invalid endpoint"); + p->status = USB_RET_STALL; + return; + } + + if (p->actual_length == 0) { + trace_usb_mtp_nak(s->dev.addr, p->ep->nr); + p->status = USB_RET_NAK; + return; + } else { + trace_usb_mtp_xfer(s->dev.addr, p->ep->nr, p->actual_length, + p->iov.size); + return; + } +} + +static int usb_mtp_initfn(USBDevice *dev) +{ + MTPState *s = DO_UPCAST(MTPState, dev, dev); + + usb_desc_create_serial(dev); + usb_desc_init(dev); + QTAILQ_INIT(&s->objects); + if (s->desc == NULL) { + s->desc = strrchr(s->root, '/'); + if (s->desc) { + s->desc = g_strdup(s->desc + 1); + } else { + s->desc = g_strdup("none"); + } + } + return 0; +} + +static const VMStateDescription vmstate_usb_mtp = { + .name = "usb-mtp", + .unmigratable = 1, + .version_id = 1, + .minimum_version_id = 1, + .fields = (VMStateField[]) { + VMSTATE_USB_DEVICE(dev, MTPState), + VMSTATE_END_OF_LIST() + } +}; + +static Property mtp_properties[] = { + DEFINE_PROP_STRING("root", MTPState, root), + DEFINE_PROP_STRING("desc", MTPState, desc), + DEFINE_PROP_END_OF_LIST(), +}; + +static void usb_mtp_class_initfn(ObjectClass *klass, void *data) +{ + DeviceClass *dc = DEVICE_CLASS(klass); + USBDeviceClass *uc = USB_DEVICE_CLASS(klass); + + uc->init = usb_mtp_initfn; + uc->product_desc = "QEMU USB MTP"; + uc->usb_desc = &desc; + uc->cancel_packet = usb_mtp_cancel_packet; + uc->handle_attach = usb_desc_attach; + uc->handle_reset = usb_mtp_handle_reset; + uc->handle_control = usb_mtp_handle_control; + uc->handle_data = usb_mtp_handle_data; + dc->fw_name = "mtp"; + dc->vmsd = &vmstate_usb_mtp; + dc->props = mtp_properties; +} + +static TypeInfo mtp_info = { + .name = "usb-mtp", + .parent = TYPE_USB_DEVICE, + .instance_size = sizeof(MTPState), + .class_init = usb_mtp_class_initfn, +}; + +static void usb_mtp_register_types(void) +{ + type_register_static(&mtp_info); +} + +type_init(usb_mtp_register_types) |