1// Copyright 2018 The Fuchsia Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include <ddk/debug.h> 6#include <xdc-server-utils/msg.h> 7#include <zircon/device/debug.h> 8#include <zircon/hw/usb.h> 9#include <assert.h> 10#include <string.h> 11#include <threads.h> 12#include <unistd.h> 13 14#include "xdc.h" 15#include "xdc-transfer.h" 16#include "xhci-hw.h" 17#include "xhci-util.h" 18 19#ifndef MIN 20#define MIN(a, b) ((a) < (b) ? (a) : (b)) 21#endif 22 23// String descriptors use UNICODE UTF-16LE encodings. 24#define XDC_MANUFACTURER u"Google Inc." 25#define XDC_PRODUCT u"Fuchsia XDC Target" 26#define XDC_SERIAL_NUMBER u"" 27#define XDC_VENDOR_ID 0x18D1 28#define XDC_PRODUCT_ID 0xA0DC 29#define XDC_REVISION 0x1000 30 31// Multi-segment event rings are not currently supported. 32#define ERST_ARRAY_SIZE 1 33#define EVENT_RING_SIZE (PAGE_SIZE / sizeof(xhci_trb_t)) 34 35// The maximum duration to transition from connected to configured state. 36#define TRANSITION_CONFIGURED_THRESHOLD ZX_SEC(5) 37 38#define OUT_EP_ADDR 0x01 39#define IN_EP_ADDR 0x81 40 41#define MAX_REQS 30 42#define MAX_REQ_SIZE (16 * 1024) 43 44typedef struct xdc_instance { 45 zx_device_t* zxdev; 46 xdc_t* parent; 47 48 // Whether the instance has registered a stream ID. 49 bool has_stream_id; 50 // ID of stream that this instance is reading and writing from. 51 // Only valid if has_stream_id is true. 52 uint32_t stream_id; 53 // Whether the host has registered a stream of the same id. 54 bool connected; 55 bool dead; 56 xdc_packet_state_t cur_read_packet; 57 // Where we've read up to, in the first request of the completed reads list. 58 size_t cur_req_read_offset; 59 list_node_t completed_reads; 60 // Needs to be acquired before accessing the stream_id, dead or read members. 61 mtx_t lock; 62 63 // For storing this instance in the parent's instance_list. 64 list_node_t node; 65} xdc_instance_t; 66 67// For tracking streams registered on the host side. 68typedef struct { 69 uint32_t stream_id; 70 // For storing this in xdc's host_streams list. 71 list_node_t node; 72} xdc_host_stream_t; 73 74static zx_status_t xdc_write(xdc_t* xdc, uint32_t stream_id, const void* buf, size_t count, 75 size_t* actual, bool is_ctrl_msg); 76 77static void xdc_wait_bits(volatile uint32_t* ptr, uint32_t bits, uint32_t expected) { 78 uint32_t value = XHCI_READ32(ptr); 79 while ((value & bits) != expected) { 80 usleep(1000); 81 value = XHCI_READ32(ptr); 82 } 83} 84 85// Populates the pointer to the debug capability in the xdc struct. 86static zx_status_t xdc_get_debug_cap(xdc_t* xdc) { 87 uint32_t cap_id = EXT_CAP_USB_DEBUG_CAPABILITY; 88 xdc->debug_cap_regs = (xdc_debug_cap_regs_t*)xhci_get_next_ext_cap(xdc->mmio, NULL, &cap_id); 89 return xdc->debug_cap_regs ? ZX_OK : ZX_ERR_NOT_FOUND; 90} 91 92// Populates the string descriptors and info context (DbCIC) string descriptor metadata. 93static void xdc_str_descs_init(xdc_t* xdc, zx_paddr_t strs_base) { 94 xdc_str_descs_t* strs = xdc->str_descs; 95 96 // String Descriptor 0 contains the supported languages as a list of numbers (LANGIDs). 97 // 0x0409: English (United States) 98 strs->str_0_desc.string[0] = 0x09; 99 strs->str_0_desc.string[1] = 0x04; 100 strs->str_0_desc.len = STR_DESC_METADATA_LEN + 2; 101 strs->str_0_desc.type = USB_DT_STRING; 102 103 memcpy(&strs->manufacturer_desc.string, XDC_MANUFACTURER, sizeof(XDC_MANUFACTURER)); 104 strs->manufacturer_desc.len = STR_DESC_METADATA_LEN + sizeof(XDC_MANUFACTURER); 105 strs->manufacturer_desc.type = USB_DT_STRING; 106 107 memcpy(&strs->product_desc.string, XDC_PRODUCT, sizeof(XDC_PRODUCT)); 108 strs->product_desc.len = STR_DESC_METADATA_LEN + sizeof(XDC_PRODUCT); 109 strs->product_desc.type = USB_DT_STRING; 110 111 memcpy(&strs->serial_num_desc.string, XDC_SERIAL_NUMBER, sizeof(XDC_SERIAL_NUMBER)); 112 strs->serial_num_desc.len = STR_DESC_METADATA_LEN + sizeof(XDC_SERIAL_NUMBER); 113 strs->serial_num_desc.type = USB_DT_STRING; 114 115 // Populate the addresses and lengths of the string descriptors in the info context (DbCIC). 116 xdc_dbcic_t* dbcic = &xdc->context_data->dbcic; 117 118 dbcic->str_0_desc_addr = strs_base + offsetof(xdc_str_descs_t, str_0_desc); 119 dbcic->manufacturer_desc_addr = strs_base + offsetof(xdc_str_descs_t, manufacturer_desc); 120 dbcic->product_desc_addr = strs_base + offsetof(xdc_str_descs_t, product_desc); 121 dbcic->serial_num_desc_addr = strs_base + offsetof(xdc_str_descs_t, serial_num_desc); 122 123 dbcic->str_0_desc_len = strs->str_0_desc.len; 124 dbcic->manufacturer_desc_len = strs->manufacturer_desc.len; 125 dbcic->product_desc_len = strs->product_desc.len; 126 dbcic->serial_num_desc_len = strs->serial_num_desc.len; 127} 128 129static zx_status_t xdc_endpoint_ctx_init(xdc_t* xdc, uint32_t ep_idx) { 130 if (ep_idx >= NUM_EPS) { 131 return ZX_ERR_INVALID_ARGS; 132 } 133 // Initialize the endpoint. 134 xdc_endpoint_t* ep = &xdc->eps[ep_idx]; 135 list_initialize(&ep->queued_reqs); 136 list_initialize(&ep->pending_reqs); 137 ep->direction = ep_idx == IN_EP_IDX ? USB_DIR_IN : USB_DIR_OUT; 138 snprintf(ep->name, MAX_EP_DEBUG_NAME_LEN, ep_idx == IN_EP_IDX ? "IN" : "OUT"); 139 ep->state = XDC_EP_STATE_RUNNING; 140 141 zx_status_t status = xhci_transfer_ring_init(&ep->transfer_ring, xdc->bti_handle, 142 TRANSFER_RING_SIZE); 143 if (status != ZX_OK) { 144 return status; 145 } 146 zx_paddr_t tr_dequeue = xhci_transfer_ring_start_phys(&ep->transfer_ring); 147 148 uint32_t max_burst = XHCI_GET_BITS32(&xdc->debug_cap_regs->dcctrl, 149 DCCTRL_MAX_BURST_START, DCCTRL_MAX_BURST_BITS); 150 int avg_trb_length = EP_CTX_MAX_PACKET_SIZE * (max_burst + 1); 151 152 153 xhci_endpoint_context_t* epc = 154 ep_idx == IN_EP_IDX ? &xdc->context_data->in_epc : &xdc->context_data->out_epc; 155 156 XHCI_WRITE32(&epc->epc0, 0); 157 158 XHCI_SET_BITS32(&epc->epc1, EP_CTX_EP_TYPE_START, EP_CTX_EP_TYPE_BITS, 159 ep_idx == IN_EP_IDX ? EP_CTX_EP_TYPE_BULK_IN : EP_CTX_EP_TYPE_BULK_OUT); 160 XHCI_SET_BITS32(&epc->epc1, EP_CTX_MAX_BURST_SIZE_START, EP_CTX_MAX_BURST_SIZE_BITS, 161 max_burst); 162 XHCI_SET_BITS32(&epc->epc1, EP_CTX_MAX_PACKET_SIZE_START, EP_CTX_MAX_PACKET_SIZE_BITS, 163 EP_CTX_MAX_PACKET_SIZE); 164 165 XHCI_WRITE32(&epc->epc2, ((uint32_t)tr_dequeue & EP_CTX_TR_DEQUEUE_LO_MASK) | EP_CTX_DCS); 166 XHCI_WRITE32(&epc->tr_dequeue_hi, (uint32_t)(tr_dequeue >> 32)); 167 168 XHCI_SET_BITS32(&epc->epc4, EP_CTX_AVG_TRB_LENGTH_START, EP_CTX_AVG_TRB_LENGTH_BITS, 169 avg_trb_length); 170 // The Endpoint Context Interval, LSA, MaxPStreams, Mult, HID, Cerr, FE and 171 // Max Esit Payload fields do not apply to the DbC. See section 7.6.3.2 of XHCI Spec. 172 return ZX_OK; 173} 174 175static zx_status_t xdc_context_data_init(xdc_t* xdc) { 176 // Allocate a buffer to store the context data and string descriptors. 177 zx_status_t status = io_buffer_init(&xdc->context_str_descs_buffer, 178 xdc->bti_handle, PAGE_SIZE, 179 IO_BUFFER_RW | IO_BUFFER_CONTIG | IO_BUFFER_UNCACHED); 180 if (status != ZX_OK) { 181 zxlogf(ERROR, "failed to alloc xdc context and strings buffer, err: %d\n", status); 182 return status; 183 } 184 xdc->context_data = (xdc_context_data_t *)io_buffer_virt(&xdc->context_str_descs_buffer); 185 zx_paddr_t context_data_phys = io_buffer_phys(&xdc->context_str_descs_buffer); 186 187 // The context data only takes 192 bytes, so we can store the string descriptors after it. 188 xdc->str_descs = (void *)xdc->context_data + sizeof(xdc_context_data_t); 189 zx_paddr_t str_descs_phys = context_data_phys + sizeof(xdc_context_data_t); 190 191 // Populate the string descriptors, and string descriptor metadata in the context data. 192 xdc_str_descs_init(xdc, str_descs_phys); 193 194 // Initialize the endpoint contexts in the context data. 195 for (uint32_t i = 0; i < NUM_EPS; i++) { 196 status = xdc_endpoint_ctx_init(xdc, i); 197 if (status != ZX_OK) { 198 return status; 199 } 200 } 201 XHCI_WRITE64(&xdc->debug_cap_regs->dccp, context_data_phys); 202 return ZX_OK; 203} 204 205// Updates the event ring dequeue pointer register to the current event ring position. 206static void xdc_update_erdp(xdc_t* xdc) { 207 uint64_t erdp = xhci_event_ring_current_phys(&xdc->event_ring); 208 XHCI_WRITE64(&xdc->debug_cap_regs->dcerdp, erdp); 209} 210 211// Sets up the event ring segment table and buffers. 212static zx_status_t xdc_event_ring_init(xdc_t* xdc) { 213 // Event Ring Segment Table and Event Ring Segments 214 zx_status_t status = io_buffer_init(&xdc->erst_buffer, xdc->bti_handle, PAGE_SIZE, 215 IO_BUFFER_RW | IO_BUFFER_CONTIG | IO_BUFFER_UNCACHED); 216 if (status != ZX_OK) { 217 zxlogf(ERROR, "failed to alloc xdc erst_buffer, err: %d\n", status); 218 return status; 219 } 220 221 xdc->erst_array = (erst_entry_t *)io_buffer_virt(&xdc->erst_buffer); 222 zx_paddr_t erst_array_phys = io_buffer_phys(&xdc->erst_buffer); 223 224 status = xhci_event_ring_init(&xdc->event_ring, xdc->bti_handle, 225 xdc->erst_array, EVENT_RING_SIZE); 226 if (status != ZX_OK) { 227 zxlogf(ERROR, "xhci_event_ring_init failed, err: %d\n", status); 228 return status; 229 } 230 231 // Update the event ring dequeue pointer. 232 xdc_update_erdp(xdc); 233 234 XHCI_SET32(&xdc->debug_cap_regs->dcerstsz, ERSTSZ_MASK, ERST_ARRAY_SIZE); 235 XHCI_WRITE64(&xdc->debug_cap_regs->dcerstba, erst_array_phys); 236 237 return ZX_OK; 238} 239 240// Initializes the debug capability registers and required data structures. 241// This needs to be called everytime the host controller is reset. 242static zx_status_t xdc_init_debug_cap(xdc_t* xdc) { 243 // Initialize the Device Descriptor Info Registers. 244 XHCI_WRITE32(&xdc->debug_cap_regs->dcddi1, XDC_VENDOR_ID << DCDDI1_VENDOR_ID_START); 245 XHCI_WRITE32(&xdc->debug_cap_regs->dcddi2, 246 (XDC_REVISION << DCDDI2_DEVICE_REVISION_START) | XDC_PRODUCT_ID); 247 248 zx_status_t status = xdc_event_ring_init(xdc); 249 if (status != ZX_OK) { 250 return status; 251 } 252 status = xdc_context_data_init(xdc); 253 if (status != ZX_OK) { 254 return status; 255 } 256 return ZX_OK; 257} 258 259static zx_status_t xdc_write_instance(void* ctx, const void* buf, size_t count, 260 zx_off_t off, size_t* actual) { 261 xdc_instance_t* inst = ctx; 262 263 mtx_lock(&inst->lock); 264 265 if (inst->dead) { 266 mtx_unlock(&inst->lock); 267 return ZX_ERR_PEER_CLOSED; 268 } 269 if (!inst->has_stream_id) { 270 zxlogf(ERROR, "write failed, instance %p did not register for a stream id\n", inst); 271 mtx_unlock(&inst->lock); 272 return ZX_ERR_BAD_STATE; 273 } 274 if (!inst->connected) { 275 mtx_unlock(&inst->lock); 276 return ZX_ERR_SHOULD_WAIT; 277 } 278 uint32_t stream_id = inst->stream_id; 279 280 mtx_unlock(&inst->lock); 281 282 return xdc_write(inst->parent, stream_id, buf, count, actual, false /* is_ctrl_msg */); 283} 284 285static void xdc_update_instance_write_signal(xdc_instance_t* inst, bool writable) { 286 mtx_lock(&inst->lock); 287 288 if (inst->dead || !inst->has_stream_id) { 289 mtx_unlock(&inst->lock); 290 return; 291 } 292 293 // For an instance to be writable, we need the xdc device to be ready for writing, 294 // and the corresponding stream to be registered on the host. 295 if (writable && inst->connected) { 296 device_state_set(inst->zxdev, DEV_STATE_WRITABLE); 297 } else { 298 device_state_clr(inst->zxdev, DEV_STATE_WRITABLE); 299 } 300 301 mtx_unlock(&inst->lock); 302} 303 304static xdc_host_stream_t* xdc_get_host_stream(xdc_t* xdc, uint32_t stream_id) 305 __TA_REQUIRES(xdc->instance_list_lock) { 306 xdc_host_stream_t* host_stream; 307 list_for_every_entry(&xdc->host_streams, host_stream, xdc_host_stream_t, node) { 308 if (host_stream->stream_id == stream_id) { 309 return host_stream; 310 } 311 } 312 return NULL; 313} 314 315// Sends a message to the host to notify when a xdc device stream becomes online or offline. 316// If the message cannot be currently sent, it will be queued for later. 317static void xdc_notify_stream_state(xdc_t* xdc, uint32_t stream_id, bool online) { 318 xdc_msg_t msg = { 319 .opcode = XDC_NOTIFY_STREAM_STATE, 320 .notify_stream_state = { .stream_id = stream_id, .online = online } 321 }; 322 323 size_t actual; 324 zx_status_t status = xdc_write(xdc, XDC_MSG_STREAM, &msg, sizeof(msg), &actual, 325 true /* is_ctrl_msg */); 326 if (status == ZX_OK) { 327 // The write size is much less than the max packet size, so it should complete entirely. 328 ZX_DEBUG_ASSERT(actual == sizeof(xdc_msg_t)); 329 } else { 330 // xdc_write should always queue ctrl msgs, unless some fatal error occurs e.g. OOM. 331 zxlogf(ERROR, "xdc_write_internal returned err: %d, dropping ctrl msg for stream id %u\n", 332 status, stream_id); 333 } 334} 335 336// Sets the stream id for the device instance. 337// Returns ZX_OK if successful, or ZX_ERR_INVALID_ARGS if the stream id is unavailable. 338static zx_status_t xdc_register_stream(xdc_instance_t* inst, uint32_t stream_id) { 339 xdc_t* xdc = inst->parent; 340 341 if (stream_id == DEBUG_STREAM_ID_RESERVED) { 342 return ZX_ERR_INVALID_ARGS; 343 } 344 345 mtx_lock(&xdc->instance_list_lock); 346 347 xdc_instance_t* test_inst; 348 list_for_every_entry(&xdc->instance_list, test_inst, xdc_instance_t, node) { 349 mtx_lock(&test_inst->lock); 350 // We can only register the stream id if no one else already has. 351 if (test_inst->stream_id == stream_id) { 352 zxlogf(ERROR, "stream id %u was already registered\n", stream_id); 353 mtx_unlock(&test_inst->lock); 354 mtx_unlock(&xdc->instance_list_lock); 355 return ZX_ERR_INVALID_ARGS; 356 } 357 mtx_unlock(&test_inst->lock); 358 } 359 360 mtx_lock(&inst->lock); 361 inst->stream_id = stream_id; 362 inst->has_stream_id = true; 363 inst->connected = xdc_get_host_stream(xdc, stream_id) != NULL; 364 mtx_unlock(&inst->lock); 365 366 mtx_unlock(&xdc->instance_list_lock); 367 368 // Notify the host that this stream id is available on the debug device. 369 xdc_notify_stream_state(xdc, stream_id, true /* online */); 370 371 mtx_lock(&xdc->write_lock); 372 xdc_update_instance_write_signal(inst, xdc->writable); 373 mtx_unlock(&xdc->write_lock); 374 375 zxlogf(TRACE, "registered stream id %u\n", stream_id); 376 return ZX_OK; 377} 378 379// Attempts to requeue the request on the IN endpoint. 380// If not successful, the request is returned to the free_read_reqs list. 381static void xdc_queue_read_locked(xdc_t* xdc, usb_request_t* req) __TA_REQUIRES(xdc->read_lock) { 382 zx_status_t status = xdc_queue_transfer(xdc, req, true /** in **/, false /* is_ctrl_msg */); 383 if (status != ZX_OK) { 384 zxlogf(ERROR, "xdc_read failed to re-queue request %d\n", status); 385 list_add_tail(&xdc->free_read_reqs, &req->node); 386 } 387} 388 389static void xdc_update_instance_read_signal_locked(xdc_instance_t* inst) 390 __TA_REQUIRES(inst->lock) { 391 if (list_length(&inst->completed_reads) > 0) { 392 device_state_set(inst->zxdev, DEV_STATE_READABLE); 393 } else { 394 device_state_clr(inst->zxdev, DEV_STATE_READABLE); 395 } 396} 397 398static zx_status_t xdc_read_instance(void* ctx, void* buf, size_t count, 399 zx_off_t off, size_t* actual) { 400 xdc_instance_t* inst = ctx; 401 402 mtx_lock(&inst->lock); 403 404 if (inst->dead) { 405 mtx_unlock(&inst->lock); 406 return ZX_ERR_PEER_CLOSED; 407 } 408 409 if (!inst->has_stream_id) { 410 zxlogf(ERROR, "read failed, instance %p did not have a valid stream id\n", inst); 411 mtx_unlock(&inst->lock); 412 return ZX_ERR_BAD_STATE; 413 } 414 415 if (list_is_empty(&inst->completed_reads)) { 416 mtx_unlock(&inst->lock); 417 return ZX_ERR_SHOULD_WAIT; 418 } 419 420 list_node_t done_reqs = LIST_INITIAL_VALUE(done_reqs); 421 422 size_t copied = 0; 423 usb_request_t* req; 424 // Copy up to the requested amount, or until we have no completed read buffers left. 425 while ((copied < count) && 426 (req = list_peek_head_type(&inst->completed_reads, usb_request_t, node)) != NULL) { 427 if (inst->cur_req_read_offset == 0) { 428 bool is_new_packet; 429 void* data; 430 zx_status_t status = usb_request_mmap(req, &data); 431 if (status != ZX_OK) { 432 zxlogf(ERROR, "usb_request_mmap failed, err: %d\n", status); 433 mtx_unlock(&inst->lock); 434 return ZX_ERR_BAD_STATE; 435 } 436 437 status = xdc_update_packet_state(&inst->cur_read_packet, 438 data, req->response.actual, &is_new_packet); 439 if (status != ZX_OK) { 440 mtx_unlock(&inst->lock); 441 return ZX_ERR_BAD_STATE; 442 } 443 if (is_new_packet) { 444 // Skip over the header, which contains internal metadata like stream id. 445 inst->cur_req_read_offset += sizeof(xdc_packet_header_t); 446 } 447 } 448 size_t req_bytes_left = req->response.actual - inst->cur_req_read_offset; 449 size_t to_copy = MIN(count - copied, req_bytes_left); 450 size_t bytes_copied = usb_request_copyfrom(req, buf + copied, 451 to_copy, inst->cur_req_read_offset); 452 453 copied += bytes_copied; 454 inst->cur_req_read_offset += bytes_copied; 455 456 // Finished copying all the available bytes from this usb request buffer. 457 if (inst->cur_req_read_offset >= req->response.actual) { 458 list_remove_head(&inst->completed_reads); 459 list_add_tail(&done_reqs, &req->node); 460 461 inst->cur_req_read_offset = 0; 462 } 463 } 464 465 xdc_update_instance_read_signal_locked(inst); 466 mtx_unlock(&inst->lock); 467 468 xdc_t* xdc = inst->parent; 469 mtx_lock(&xdc->read_lock); 470 while ((req = list_remove_tail_type(&done_reqs, usb_request_t, node)) != NULL) { 471 xdc_queue_read_locked(xdc, req); 472 } 473 mtx_unlock(&xdc->read_lock); 474 475 *actual = copied; 476 return ZX_OK; 477} 478 479static zx_status_t xdc_ioctl_instance(void* ctx, uint32_t op, const void* in_buf, size_t in_len, 480 void* out_buf, size_t out_len, size_t* out_actual) { 481 xdc_instance_t* inst = ctx; 482 483 switch (op) { 484 case IOCTL_DEBUG_SET_STREAM: 485 if (in_len != sizeof(uint32_t)) { 486 return ZX_ERR_INVALID_ARGS; 487 } 488 uint32_t stream_id = *((int *)in_buf); 489 return xdc_register_stream(inst, stream_id); 490 default: 491 return ZX_ERR_NOT_SUPPORTED; 492 } 493} 494 495static zx_status_t xdc_close_instance(void* ctx, uint32_t flags) { 496 xdc_instance_t* inst = ctx; 497 498 list_node_t free_reqs = LIST_INITIAL_VALUE(free_reqs); 499 500 mtx_lock(&inst->lock); 501 inst->dead = true; 502 list_move(&inst->completed_reads, &free_reqs); 503 mtx_unlock(&inst->lock); 504 505 mtx_lock(&inst->parent->instance_list_lock); 506 list_delete(&inst->node); 507 mtx_unlock(&inst->parent->instance_list_lock); 508 509 xdc_t* xdc = inst->parent; 510 // Return any unprocessed requests back to the read queue to be reused. 511 mtx_lock(&xdc->read_lock); 512 usb_request_t* req; 513 while ((req = list_remove_tail_type(&free_reqs, usb_request_t, node)) != NULL) { 514 xdc_queue_read_locked(xdc, req); 515 } 516 mtx_unlock(&xdc->read_lock); 517 518 if (inst->has_stream_id) { 519 // Notify the host that this stream id is now unavailable on the debug device. 520 xdc_notify_stream_state(xdc, inst->stream_id, false /* online */); 521 } 522 523 atomic_fetch_add(&xdc->num_instances, -1); 524 525 return ZX_OK; 526} 527 528static void xdc_release_instance(void* ctx) { 529 xdc_instance_t* inst = ctx; 530 free(inst); 531} 532 533zx_protocol_device_t xdc_instance_proto = { 534 .version = DEVICE_OPS_VERSION, 535 .write = xdc_write_instance, 536 .read = xdc_read_instance, 537 .ioctl = xdc_ioctl_instance, 538 .close = xdc_close_instance, 539 .release = xdc_release_instance, 540}; 541 542static zx_status_t xdc_open(void* ctx, zx_device_t** dev_out, uint32_t flags) { 543 xdc_t* xdc = ctx; 544 545 xdc_instance_t* inst = calloc(1, sizeof(xdc_instance_t)); 546 if (inst == NULL) { 547 return ZX_ERR_NO_MEMORY; 548 } 549 550 device_add_args_t args = { 551 .version = DEVICE_ADD_ARGS_VERSION, 552 .name = "xdc", 553 .ctx = inst, 554 .ops = &xdc_instance_proto, 555 .proto_id = ZX_PROTOCOL_USB_DBC, 556 .flags = DEVICE_ADD_INSTANCE, 557 }; 558 559 zx_status_t status = status = device_add(xdc->zxdev, &args, &inst->zxdev); 560 if (status != ZX_OK) { 561 zxlogf(ERROR, "xdc: error creating instance %d\n", status); 562 free(inst); 563 return status; 564 } 565 566 inst->parent = xdc; 567 list_initialize(&inst->completed_reads); 568 569 mtx_lock(&xdc->instance_list_lock); 570 list_add_tail(&xdc->instance_list, &inst->node); 571 mtx_unlock(&xdc->instance_list_lock); 572 573 *dev_out = inst->zxdev; 574 575 atomic_fetch_add(&xdc->num_instances, 1); 576 sync_completion_signal(&xdc->has_instance_completion); 577 return ZX_OK; 578 579} 580 581static void xdc_shutdown(xdc_t* xdc) { 582 zxlogf(TRACE, "xdc_shutdown\n"); 583 584 atomic_store(&xdc->suspended, true); 585 // The poll thread will be waiting on this completion if no instances are open. 586 sync_completion_signal(&xdc->has_instance_completion); 587 588 int res; 589 thrd_join(xdc->start_thread, &res); 590 if (res != 0) { 591 zxlogf(ERROR, "failed to join with xdc start_thread\n"); 592 } 593 594 XHCI_WRITE32(&xdc->debug_cap_regs->dcctrl, 0); 595 xdc_wait_bits(&xdc->debug_cap_regs->dcctrl, DCCTRL_DCR, 0); 596 597 mtx_lock(&xdc->lock); 598 xdc->configured = false; 599 600 for (uint32_t i = 0; i < NUM_EPS; ++i) { 601 xdc_endpoint_t* ep = &xdc->eps[i]; 602 ep->state = XDC_EP_STATE_DEAD; 603 604 usb_request_t* req; 605 while ((req = list_remove_tail_type(&ep->pending_reqs, usb_request_t, node)) != NULL) { 606 usb_request_complete(req, ZX_ERR_IO_NOT_PRESENT, 0); 607 } 608 while ((req = list_remove_tail_type(&ep->queued_reqs, usb_request_t, node)) != NULL) { 609 usb_request_complete(req, ZX_ERR_IO_NOT_PRESENT, 0); 610 } 611 } 612 613 mtx_unlock(&xdc->lock); 614 615 zxlogf(TRACE, "xdc_shutdown succeeded\n"); 616} 617 618static void xdc_free(xdc_t* xdc) { 619 zxlogf(INFO, "xdc_free\n"); 620 621 io_buffer_release(&xdc->erst_buffer); 622 io_buffer_release(&xdc->context_str_descs_buffer); 623 624 xhci_event_ring_free(&xdc->event_ring); 625 626 for (uint32_t i = 0; i < NUM_EPS; ++i) { 627 xdc_endpoint_t* ep = &xdc->eps[i]; 628 xhci_transfer_ring_free(&ep->transfer_ring); 629 } 630 631 usb_request_pool_release(&xdc->free_write_reqs); 632 633 usb_request_t* req; 634 while ((req = list_remove_tail_type(&xdc->free_read_reqs, usb_request_t, node)) != NULL) { 635 usb_request_release(req); 636 } 637 free(xdc); 638} 639 640static zx_status_t xdc_suspend(void* ctx, uint32_t flags) { 641 zxlogf(TRACE, "xdc_suspend %u\n", flags); 642 xdc_t* xdc = ctx; 643 644 // TODO(jocelyndang) do different things based on the flags. 645 // For now we shutdown the driver in preparation for mexec. 646 xdc_shutdown(xdc); 647 648 return ZX_OK; 649} 650 651static void xdc_unbind(void* ctx) { 652 zxlogf(INFO, "xdc_unbind\n"); 653 xdc_t* xdc = ctx; 654 xdc_shutdown(xdc); 655 656 mtx_lock(&xdc->instance_list_lock); 657 xdc_instance_t* inst; 658 list_for_every_entry(&xdc->instance_list, inst, xdc_instance_t, node) { 659 mtx_lock(&inst->lock); 660 661 inst->dead = true; 662 // Signal any waiting instances to wake up, so they will close the instance. 663 device_state_set(inst->zxdev, DEV_STATE_WRITABLE | DEV_STATE_READABLE); 664 665 mtx_unlock(&inst->lock); 666 } 667 mtx_unlock(&xdc->instance_list_lock); 668 669 device_remove(xdc->zxdev); 670} 671 672static void xdc_release(void* ctx) { 673 zxlogf(INFO, "xdc_release\n"); 674 xdc_t* xdc = ctx; 675 xdc_free(xdc); 676} 677 678static void xdc_update_write_signal_locked(xdc_t* xdc, bool online) 679 __TA_REQUIRES(xdc->write_lock) { 680 bool was_writable = xdc->writable; 681 xdc->writable = online && xdc_has_free_trbs(xdc, false /* in */); 682 if (was_writable == xdc->writable) { 683 return; 684 } 685 686 mtx_lock(&xdc->instance_list_lock); 687 xdc_instance_t* inst; 688 list_for_every_entry(&xdc->instance_list, inst, xdc_instance_t, node) { 689 xdc_update_instance_write_signal(inst, xdc->writable); 690 } 691 mtx_unlock(&xdc->instance_list_lock); 692} 693 694static void xdc_write_complete(usb_request_t* req, void* cookie) { 695 xdc_t* xdc = cookie; 696 697 zx_status_t status = req->response.status; 698 if (status != ZX_OK) { 699 zxlogf(ERROR, "xdc_write_complete got unexpected error: %d\n", req->response.status); 700 } 701 702 mtx_lock(&xdc->write_lock); 703 usb_request_pool_add(&xdc->free_write_reqs, req); 704 xdc_update_write_signal_locked(xdc, status != ZX_ERR_IO_NOT_PRESENT /* online */); 705 mtx_unlock(&xdc->write_lock); 706} 707 708static zx_status_t xdc_write(xdc_t* xdc, uint32_t stream_id, const void* buf, size_t count, 709 size_t* actual, bool is_ctrl_msg) { 710 // TODO(jocelyndang): we should check for requests that are too big to fit on the transfer ring. 711 712 zx_status_t status = ZX_OK; 713 714 mtx_lock(&xdc->write_lock); 715 716 // We should always queue control messages unless there is an unrecoverable error. 717 if (!is_ctrl_msg && !xdc->writable) { 718 // Need to wait for some requests to complete. 719 mtx_unlock(&xdc->write_lock); 720 return ZX_ERR_SHOULD_WAIT; 721 } 722 723 size_t header_len = sizeof(xdc_packet_header_t); 724 xdc_packet_header_t header = { 725 .stream_id = stream_id, 726 .total_length = header_len + count 727 }; 728 usb_request_t* req = usb_request_pool_get(&xdc->free_write_reqs, header.total_length); 729 if (!req) { 730 zx_status_t status = usb_request_alloc(&req, header.total_length, OUT_EP_ADDR); 731 if (status != ZX_OK) { 732 goto out; 733 } 734 req->complete_cb = xdc_write_complete; 735 req->cookie = xdc; 736 } 737 738 usb_request_copyto(req, &header, header_len, 0); 739 usb_request_copyto(req, buf, count, header_len /* offset */); 740 req->header.length = header.total_length; 741 742 status = xdc_queue_transfer(xdc, req, false /* in */, is_ctrl_msg); 743 if (status != ZX_OK) { 744 zxlogf(ERROR, "xdc_write failed %d\n", status); 745 usb_request_pool_add(&xdc->free_write_reqs, req); 746 goto out; 747 } 748 749 *actual = count; 750 751out: 752 xdc_update_write_signal_locked(xdc, status != ZX_ERR_IO_NOT_PRESENT /* online */); 753 mtx_unlock(&xdc->write_lock); 754 return status; 755} 756 757static void xdc_handle_msg(xdc_t* xdc, xdc_msg_t* msg) { 758 switch (msg->opcode) { 759 case XDC_NOTIFY_STREAM_STATE: { 760 xdc_notify_stream_state_t* state = &msg->notify_stream_state; 761 762 mtx_lock(&xdc->instance_list_lock); 763 764 // Find the saved host stream if it exists. 765 xdc_host_stream_t* host_stream = xdc_get_host_stream(xdc, state->stream_id); 766 if (state->online == (host_stream != NULL)) { 767 zxlogf(ERROR, "cannot set host stream state for id %u as it was already %s\n", 768 state->stream_id, state->online ? "online" : "offline"); 769 mtx_unlock(&xdc->instance_list_lock); 770 return; 771 } 772 if (state->online) { 773 xdc_host_stream_t* host_stream = malloc(sizeof(xdc_host_stream_t)); 774 if (!host_stream) { 775 zxlogf(ERROR, "can't create host stream, out of memory!\n"); 776 mtx_unlock(&xdc->instance_list_lock); 777 return; 778 } 779 zxlogf(TRACE, "setting host stream id %u as online\n", state->stream_id); 780 host_stream->stream_id = state->stream_id; 781 list_add_tail(&xdc->host_streams, &host_stream->node); 782 } else { 783 zxlogf(TRACE, "setting host stream id %u as offline\n", state->stream_id); 784 list_delete(&host_stream->node); 785 } 786 787 // Check if any instance is registered to this stream id and update its connected status. 788 xdc_instance_t* test; 789 xdc_instance_t* match = NULL; 790 list_for_every_entry(&xdc->instance_list, test, xdc_instance_t, node) { 791 mtx_lock(&test->lock); 792 if (test->has_stream_id && test->stream_id == state->stream_id) { 793 zxlogf(TRACE, "stream id %u is now %s to the host\n", 794 state->stream_id, state->online ? "connected" : "disconnected"); 795 test->connected = state->online; 796 match = test; 797 mtx_unlock(&test->lock); 798 break; 799 } 800 mtx_unlock(&test->lock); 801 } 802 mtx_unlock(&xdc->instance_list_lock); 803 804 if (match) { 805 // Notify the instance whether they can now write. 806 mtx_lock(&xdc->write_lock); 807 xdc_update_instance_write_signal(match, xdc->writable); 808 mtx_unlock(&xdc->write_lock); 809 } 810 return; 811 } 812 default: 813 zxlogf(ERROR, "unrecognized command: %d\n", msg->opcode); 814 } 815} 816 817static void xdc_read_complete(usb_request_t* req, void* cookie) { 818 xdc_t* xdc = cookie; 819 820 mtx_lock(&xdc->read_lock); 821 822 if (req->response.status == ZX_ERR_IO_NOT_PRESENT) { 823 list_add_tail(&xdc->free_read_reqs, &req->node); 824 goto out; 825 } 826 827 if (req->response.status != ZX_OK) { 828 zxlogf(ERROR, "xdc_read_complete: req completion status = %d", req->response.status); 829 xdc_queue_read_locked(xdc, req); 830 goto out; 831 } 832 833 void* data; 834 zx_status_t status = usb_request_mmap(req, &data); 835 if (status != ZX_OK) { 836 zxlogf(ERROR, "usb_request_mmap failed, err: %d\n", status); 837 xdc_queue_read_locked(xdc, req); 838 goto out; 839 } 840 bool new_header; 841 status = xdc_update_packet_state(&xdc->cur_read_packet, data, req->response.actual, 842 &new_header); 843 if (status != ZX_OK) { 844 xdc_queue_read_locked(xdc, req); 845 goto out; 846 } 847 848 if (new_header && xdc->cur_read_packet.header.stream_id == XDC_MSG_STREAM) { 849 size_t offset = sizeof(xdc_packet_header_t); 850 if (req->response.actual - offset < sizeof(xdc_msg_t)) { 851 zxlogf(ERROR, "malformed xdc ctrl msg, len was %lu want %lu\n", 852 req->response.actual - offset, sizeof(xdc_msg_t)); 853 xdc_queue_read_locked(xdc, req); 854 goto out; 855 } 856 xdc_msg_t msg; 857 usb_request_copyfrom(req, &msg, sizeof(xdc_msg_t), offset); 858 859 // We should process the control message outside of the lock, so requeue the request now. 860 xdc_queue_read_locked(xdc, req); 861 mtx_unlock(&xdc->read_lock); 862 863 xdc_handle_msg(xdc, &msg); 864 return; 865 } 866 867 // Find the instance that is registered for the stream id of the message. 868 mtx_lock(&xdc->instance_list_lock); 869 870 bool found = false; 871 xdc_instance_t* inst; 872 list_for_every_entry(&xdc->instance_list, inst, xdc_instance_t, node) { 873 mtx_lock(&inst->lock); 874 if (inst->has_stream_id && !inst->dead && 875 (inst->stream_id == xdc->cur_read_packet.header.stream_id)) { 876 list_add_tail(&inst->completed_reads, &req->node); 877 xdc_update_instance_read_signal_locked(inst); 878 found = true; 879 mtx_unlock(&inst->lock); 880 break; 881 } 882 mtx_unlock(&inst->lock); 883 } 884 885 mtx_unlock(&xdc->instance_list_lock); 886 887 if (!found) { 888 zxlogf(ERROR, "read packet for stream id %u, but it is not currently registered\n", 889 xdc->cur_read_packet.header.stream_id); 890 xdc_queue_read_locked(xdc, req); 891 } 892 893out: 894 mtx_unlock(&xdc->read_lock); 895} 896 897static zx_protocol_device_t xdc_proto = { 898 .version = DEVICE_OPS_VERSION, 899 .open = xdc_open, 900 .suspend = xdc_suspend, 901 .unbind = xdc_unbind, 902 .release = xdc_release, 903}; 904 905static void xdc_handle_port_status_change(xdc_t* xdc, xdc_poll_state_t* poll_state) { 906 uint32_t dcportsc = XHCI_READ32(&xdc->debug_cap_regs->dcportsc); 907 908 if (dcportsc & DCPORTSC_CSC) { 909 poll_state->connected = dcportsc & DCPORTSC_CCS; 910 if (poll_state->connected) { 911 poll_state->last_conn = zx_clock_get_monotonic(); 912 } 913 zxlogf(TRACE, "Port: Connect Status Change, connected: %d\n", poll_state->connected != 0); 914 } 915 if (dcportsc & DCPORTSC_PRC) { 916 zxlogf(TRACE, "Port: Port Reset complete\n"); 917 } 918 if (dcportsc & DCPORTSC_PLC) { 919 zxlogf(TRACE, "Port: Port Link Status Change\n"); 920 } 921 if (dcportsc & DCPORTSC_CEC) { 922 zxlogf(TRACE, "Port: Port Config Error detected\n"); 923 } 924 925 // Ack change events. 926 XHCI_WRITE32(&xdc->debug_cap_regs->dcportsc, dcportsc); 927} 928 929static void xdc_handle_events(xdc_t* xdc, xdc_poll_state_t* poll_state) { 930 xhci_event_ring_t* er = &xdc->event_ring; 931 932 // process all TRBs with cycle bit matching our CCS 933 while ((XHCI_READ32(&er->current->control) & TRB_C) == er->ccs) { 934 uint32_t type = trb_get_type(er->current); 935 switch (type) { 936 case TRB_EVENT_PORT_STATUS_CHANGE: 937 xdc_handle_port_status_change(xdc, poll_state); 938 break; 939 case TRB_EVENT_TRANSFER: 940 mtx_lock(&xdc->lock); 941 xdc_handle_transfer_event_locked(xdc, poll_state, er->current); 942 mtx_unlock(&xdc->lock); 943 break; 944 default: 945 zxlogf(ERROR, "xdc_handle_events: unhandled event type %d\n", type); 946 break; 947 } 948 949 er->current++; 950 if (er->current == er->end) { 951 er->current = er->start; 952 er->ccs ^= TRB_C; 953 } 954 } 955 xdc_update_erdp(xdc); 956} 957 958// Returns whether we just entered the Configured state. 959bool xdc_update_state(xdc_t* xdc, xdc_poll_state_t* poll_state) { 960 uint32_t dcst = XHCI_GET_BITS32(&xdc->debug_cap_regs->dcst, DCST_ER_NOT_EMPTY_START, 961 DCST_ER_NOT_EMPTY_BITS); 962 if (dcst) { 963 xdc_handle_events(xdc, poll_state); 964 } 965 966 uint32_t dcctrl = XHCI_READ32(&xdc->debug_cap_regs->dcctrl); 967 968 if (dcctrl & DCCTRL_DRC) { 969 zxlogf(TRACE, "xdc configured exit\n"); 970 // Need to clear the bit to re-enable the DCDB. 971 // TODO(jocelyndang): check if we need to update the transfer ring as per 7.6.4.4. 972 XHCI_WRITE32(&xdc->debug_cap_regs->dcctrl, dcctrl); 973 poll_state->configured = false; 974 975 mtx_lock(&xdc->lock); 976 xdc->configured = false; 977 mtx_unlock(&xdc->lock); 978 } 979 980 bool entered_configured = false; 981 // Just entered the Configured state. 982 if (!poll_state->configured && (dcctrl & DCCTRL_DCR)) { 983 uint32_t port = XHCI_GET_BITS32(&xdc->debug_cap_regs->dcst, DCST_PORT_NUM_START, 984 DCST_PORT_NUM_BITS); 985 if (port == 0) { 986 zxlogf(ERROR, "xdc could not get port number\n"); 987 } else { 988 entered_configured = true; 989 poll_state->configured = true; 990 991 mtx_lock(&xdc->lock); 992 993 xdc->configured = true; 994 zxlogf(INFO, "xdc configured on port: %u\n", port); 995 996 // We just entered configured mode, so endpoints are ready. Queue any waiting messages. 997 for (int i = 0; i < NUM_EPS; i++) { 998 xdc_process_transactions_locked(xdc, &xdc->eps[i]); 999 } 1000 1001 mtx_unlock(&xdc->lock); 1002 } 1003 } 1004 1005 // If it takes too long to enter the configured state, we should toggle the 1006 // DCE bit to retry the Debug Device enumeration process. See last paragraph of 1007 // 7.6.4.1 of XHCI spec. 1008 if (poll_state->connected && !poll_state->configured) { 1009 zx_duration_t waited_ns = zx_clock_get_monotonic() - poll_state->last_conn; 1010 1011 if (waited_ns > TRANSITION_CONFIGURED_THRESHOLD) { 1012 zxlogf(ERROR, "xdc failed to enter configured state, toggling DCE\n"); 1013 XHCI_WRITE32(&xdc->debug_cap_regs->dcctrl, 0); 1014 XHCI_WRITE32(&xdc->debug_cap_regs->dcctrl, DCCTRL_LSE | DCCTRL_DCE); 1015 1016 // We won't get the disconnect event from disabling DCE, so update it now. 1017 poll_state->connected = false; 1018 } 1019 } 1020 return entered_configured; 1021} 1022 1023void xdc_endpoint_set_halt_locked(xdc_t* xdc, xdc_poll_state_t* poll_state, xdc_endpoint_t* ep) 1024 __TA_REQUIRES(xdc->lock) { 1025 bool* halt_state = ep->direction == USB_DIR_OUT ? &poll_state->halt_out : &poll_state->halt_in; 1026 *halt_state = true; 1027 1028 switch (ep->state) { 1029 case XDC_EP_STATE_DEAD: 1030 return; 1031 case XDC_EP_STATE_RUNNING: 1032 zxlogf(TRACE, "%s ep transitioned from running to halted\n", ep->name); 1033 ep->state = XDC_EP_STATE_HALTED; 1034 return; 1035 case XDC_EP_STATE_STOPPED: 1036 // This shouldn't happen as we don't schedule new TRBs when stopped. 1037 zxlogf(ERROR, "%s ep transitioned from stopped to halted\n", ep->name); 1038 ep->state = XDC_EP_STATE_HALTED; 1039 return; 1040 case XDC_EP_STATE_HALTED: 1041 return; // No change in state. 1042 default: 1043 zxlogf(ERROR, "unknown ep state: %d\n", ep->state); 1044 return; 1045 } 1046} 1047 1048static void xdc_endpoint_clear_halt_locked(xdc_t* xdc, xdc_poll_state_t* poll_state, 1049 xdc_endpoint_t* ep) __TA_REQUIRES(xdc->lock) { 1050 bool* halt_state = ep->direction == USB_DIR_OUT ? &poll_state->halt_out : &poll_state->halt_in; 1051 *halt_state = false; 1052 1053 switch (ep->state) { 1054 case XDC_EP_STATE_DEAD: 1055 case XDC_EP_STATE_RUNNING: 1056 return; // No change in state. 1057 case XDC_EP_STATE_STOPPED: 1058 break; // Already cleared the halt. 1059 case XDC_EP_STATE_HALTED: 1060 // The DbC has received the ClearFeature(ENDPOINT_HALT) request from the host. 1061 zxlogf(TRACE, "%s ep transitioned from halted to stopped\n", ep->name); 1062 ep->state = XDC_EP_STATE_STOPPED; 1063 break; 1064 default: 1065 zxlogf(ERROR, "unknown ep state: %d\n", ep->state); 1066 return; 1067 } 1068 1069 // If we get here, we are now in the STOPPED state and the halt has been cleared. 1070 // We should have processed the error events on the event ring once the halt flag was set, 1071 // but double-check this is the case. 1072 if (ep->got_err_event) { 1073 zx_status_t status = xdc_restart_transfer_ring_locked(xdc, ep); 1074 if (status != ZX_OK) { 1075 // This should never fail. If it does, disable the debug capability. 1076 // TODO(jocelyndang): the polling thread should re-initialize everything 1077 // if DCE is cleared. 1078 zxlogf(ERROR, "xdc_restart_transfer_ring got err %d, clearing DCE\n", status); 1079 XHCI_WRITE32(&xdc->debug_cap_regs->dcctrl, 0); 1080 } 1081 ep->got_err_event = false; 1082 } 1083} 1084 1085void xdc_update_endpoint_state(xdc_t* xdc, xdc_poll_state_t* poll_state, xdc_endpoint_t* ep) { 1086 uint32_t dcctrl = XHCI_READ32(&xdc->debug_cap_regs->dcctrl); 1087 if (!(dcctrl & DCCTRL_DCR)) { 1088 // Halt bits are irrelevant when the debug capability isn't in Run Mode. 1089 return; 1090 } 1091 bool halt_state = ep->direction == USB_DIR_OUT ? poll_state->halt_out : poll_state->halt_in; 1092 1093 uint32_t bit = ep->direction == USB_DIR_OUT ? DCCTRL_HOT : DCCTRL_HIT; 1094 if (halt_state == !!(dcctrl & bit)) { 1095 // Nothing has changed. 1096 return; 1097 } 1098 1099 mtx_lock(&xdc->lock); 1100 if (dcctrl & bit) { 1101 xdc_endpoint_set_halt_locked(xdc, poll_state, ep); 1102 } else { 1103 xdc_endpoint_clear_halt_locked(xdc, poll_state, ep); 1104 } 1105 mtx_unlock(&xdc->lock); 1106} 1107 1108zx_status_t xdc_poll(xdc_t* xdc) { 1109 xdc_poll_state_t poll_state; 1110 list_initialize(&poll_state.completed_reqs); 1111 1112 for (;;) { 1113 zxlogf(TRACE, "xdc_poll: waiting for a new instance\n"); 1114 // Wait for at least one active instance before polling. 1115 sync_completion_wait(&xdc->has_instance_completion, ZX_TIME_INFINITE); 1116 zxlogf(TRACE, "xdc_poll: instance completion signaled, about to enter poll loop\n"); 1117 sync_completion_reset(&xdc->has_instance_completion); 1118 1119 for (;;) { 1120 if (atomic_load(&xdc->suspended)) { 1121 zxlogf(INFO, "xdc_poll: suspending xdc, shutting down poll thread\n"); 1122 return ZX_OK; 1123 } 1124 if (atomic_load(&xdc->num_instances) == 0) { 1125 // If all pending writes have completed, exit the poll loop. 1126 mtx_lock(&xdc->lock); 1127 if (list_is_empty(&xdc->eps[OUT_EP_IDX].pending_reqs)) { 1128 zxlogf(TRACE, "xdc_poll: no active instances, exiting inner poll loop\n"); 1129 mtx_unlock(&xdc->lock); 1130 // Wait for a new instance to be active. 1131 break; 1132 } 1133 mtx_unlock(&xdc->lock); 1134 } 1135 bool entered_configured = xdc_update_state(xdc, &poll_state); 1136 1137 // Check if any EP has halted or recovered. 1138 for (int i = 0; i < NUM_EPS; i++) { 1139 xdc_endpoint_t* ep = &xdc->eps[i]; 1140 xdc_update_endpoint_state(xdc, &poll_state, ep); 1141 } 1142 1143 // If we just entered the configured state, we should schedule the read requests. 1144 if (entered_configured) { 1145 mtx_lock(&xdc->read_lock); 1146 usb_request_t* req; 1147 while ((req = list_remove_tail_type(&xdc->free_read_reqs, 1148 usb_request_t, node)) != NULL) { 1149 xdc_queue_read_locked(xdc, req); 1150 } 1151 mtx_unlock(&xdc->read_lock); 1152 1153 mtx_lock(&xdc->write_lock); 1154 xdc_update_write_signal_locked(xdc, true /* online */); 1155 mtx_unlock(&xdc->write_lock); 1156 } 1157 1158 // Call complete callbacks out of the lock. 1159 // TODO(jocelyndang): might want a separate thread for this. 1160 usb_request_t* req; 1161 while ((req = list_remove_head_type(&poll_state.completed_reqs, 1162 usb_request_t, node)) != NULL) { 1163 usb_request_complete(req, req->response.status, req->response.actual); 1164 } 1165 } 1166 } 1167 return ZX_OK; 1168} 1169 1170static int xdc_start_thread(void* arg) { 1171 xdc_t* xdc = arg; 1172 1173 zxlogf(TRACE, "about to enable XHCI DBC\n"); 1174 XHCI_WRITE32(&xdc->debug_cap_regs->dcctrl, DCCTRL_LSE | DCCTRL_DCE); 1175 1176 return xdc_poll(xdc); 1177} 1178 1179// This should only be called once in xdc_bind. 1180static zx_status_t xdc_init_internal(xdc_t* xdc) { 1181 mtx_init(&xdc->lock, mtx_plain); 1182 1183 list_initialize(&xdc->instance_list); 1184 mtx_init(&xdc->instance_list_lock, mtx_plain); 1185 1186 atomic_init(&xdc->suspended, false); 1187 1188 list_initialize(&xdc->host_streams); 1189 1190 sync_completion_reset(&xdc->has_instance_completion); 1191 atomic_init(&xdc->num_instances, 0); 1192 1193 usb_request_pool_init(&xdc->free_write_reqs); 1194 mtx_init(&xdc->write_lock, mtx_plain); 1195 1196 list_initialize(&xdc->free_read_reqs); 1197 mtx_init(&xdc->read_lock, mtx_plain); 1198 1199 // Allocate the usb requests for write / read. 1200 for (int i = 0; i < MAX_REQS; i++) { 1201 usb_request_t* req; 1202 zx_status_t status = usb_request_alloc(&req, MAX_REQ_SIZE, OUT_EP_ADDR); 1203 if (status != ZX_OK) { 1204 zxlogf(ERROR, "xdc failed to alloc write usb requests, err: %d\n", status); 1205 return status; 1206 } 1207 req->complete_cb = xdc_write_complete; 1208 req->cookie = xdc; 1209 usb_request_pool_add(&xdc->free_write_reqs, req); 1210 } 1211 for (int i = 0; i < MAX_REQS; i++) { 1212 usb_request_t* req; 1213 zx_status_t status = usb_request_alloc(&req, MAX_REQ_SIZE, IN_EP_ADDR); 1214 if (status != ZX_OK) { 1215 zxlogf(ERROR, "xdc failed to alloc read usb requests, err: %d\n", status); 1216 return status; 1217 } 1218 req->complete_cb = xdc_read_complete; 1219 req->cookie = xdc; 1220 list_add_head(&xdc->free_read_reqs, &req->node); 1221 } 1222 return ZX_OK; 1223} 1224 1225zx_status_t xdc_bind(zx_device_t* parent, zx_handle_t bti_handle, void* mmio) { 1226 xdc_t* xdc = calloc(1, sizeof(xdc_t)); 1227 if (!xdc) { 1228 return ZX_ERR_NO_MEMORY; 1229 } 1230 xdc->bti_handle = bti_handle; 1231 xdc->mmio = mmio; 1232 1233 zx_status_t status = xdc_init_internal(xdc); 1234 if (status != ZX_OK) { 1235 goto error_return; 1236 } 1237 status = xdc_get_debug_cap(xdc); 1238 if (status != ZX_OK) { 1239 zxlogf(ERROR, "xdc_get_debug_cap, err: %d\n", status); 1240 goto error_return; 1241 } 1242 status = xdc_init_debug_cap(xdc); 1243 if (status != ZX_OK) { 1244 zxlogf(ERROR, "xdc_init failed, err: %d\n", status); 1245 goto error_return; 1246 } 1247 1248 device_add_args_t args = { 1249 .version = DEVICE_ADD_ARGS_VERSION, 1250 .name = "xdc", 1251 .ctx = xdc, 1252 .ops = &xdc_proto, 1253 .proto_id = ZX_PROTOCOL_USB_DBC, 1254 .flags = DEVICE_ADD_NON_BINDABLE, 1255 }; 1256 1257 status = device_add(parent, &args, &xdc->zxdev); 1258 if (status != ZX_OK) { 1259 goto error_return; 1260 } 1261 1262 int ret = thrd_create_with_name(&xdc->start_thread, xdc_start_thread, xdc, "xdc_start_thread"); 1263 if (ret != thrd_success) { 1264 device_remove(xdc->zxdev); 1265 return ZX_ERR_BAD_STATE; 1266 } 1267 return ZX_OK; 1268 1269error_return: 1270 zxlogf(ERROR, "xdc_bind failed: %d\n", status); 1271 xdc_free(xdc); 1272 return status; 1273} 1274