EHCI supports 64-bit addressing when the 64-bit Addressing Capability bit in HCCPARAMS is set. In that mode, the CTRLDSSEGMENT register provides the upper 32 bits that are concatenated with 32-bit link pointer values to form 64-bit control data structure addresses (EHCI 1.0, section 2.3.5 and Appendix B).
qTD link pointers (current_qtd/next_qtd/altnext_qtd and qTD.next) are stored as 32-bit values in the data structures and must be expanded to full 64-bit descriptor addresses when 64-bit mode is enabled. Update the qTD traversal paths to use ehci_get_desc_addr() when following link pointers. Appendix B also defines high dword fields for qTD buffer pointers. Add bufptr_hi[5] to EHCIqtd and extend qTD fetch and QH overlay handling to load and propagate the high buffer pointer fields. Introduce ehci_get_buf_addr() to construct full 64-bit buffer addresses from bufptr[] and bufptr_hi[] fields. Use this helper when calculating transfer buffer addresses so that data buffers above 4GB are correctly handled. When 64-bit capability is disabled, descriptor and buffer addresses remain 32-bit and existing behaviour is unchanged. Signed-off-by: Jamin Lin <[email protected]> --- hw/usb/hcd-ehci.h | 1 + hw/usb/hcd-ehci.c | 32 +++++++++++++++++++++++++------- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/hw/usb/hcd-ehci.h b/hw/usb/hcd-ehci.h index f18150c352..df16426f76 100644 --- a/hw/usb/hcd-ehci.h +++ b/hw/usb/hcd-ehci.h @@ -149,6 +149,7 @@ typedef struct EHCIqtd { uint32_t bufptr[5]; /* Standard buffer pointer */ #define QTD_BUFPTR_MASK 0xfffff000 #define QTD_BUFPTR_SH 12 + uint32_t bufptr_hi[5]; } EHCIqtd; /* diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index 8fd3fd60c4..5964ede05b 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -158,6 +158,19 @@ static uint64_t ehci_get_desc_addr(EHCIState *s, uint32_t low) return addr; } +static uint64_t ehci_get_buf_addr(EHCIState *s, uint32_t hi, uint32_t low, + uint32_t mask) +{ + uint64_t addr; + + addr = (uint64_t)(low & mask); + if (s->caps_64bit_addr) { + addr |= (uint64_t)hi << 32; + } + + return addr; +} + static void ehci_trace_usbsts(uint32_t mask, int state) { /* interrupts */ @@ -467,7 +480,8 @@ static bool ehci_verify_qtd(EHCIPacket *p, EHCIqtd *qtd) (p->qtd.next != qtd->next)) || (!NLPTR_TBIT(p->qtd.altnext) && (p->qtd.altnext != qtd->altnext)) || p->qtd.token != qtd->token || - p->qtd.bufptr[0] != qtd->bufptr[0]) { + p->qtd.bufptr[0] != qtd->bufptr[0] || + p->qtd.bufptr_hi[0] != qtd->bufptr_hi[0]) { return false; } else { return true; @@ -1192,6 +1206,7 @@ static int ehci_qh_do_overlay(EHCIQueue *q) for (i = 0; i < 5; i++) { q->qh.bufptr[i] = p->qtd.bufptr[i]; + q->qh.bufptr_hi[i] = p->qtd.bufptr_hi[i]; } if (!(q->qh.epchar & QH_EPCHAR_DTC)) { @@ -1225,7 +1240,8 @@ static int ehci_init_transfer(EHCIPacket *p) return -1; } - page = p->qtd.bufptr[cpage] & QTD_BUFPTR_MASK; + page = ehci_get_buf_addr(p->queue->ehci, p->qtd.bufptr_hi[cpage], + p->qtd.bufptr[cpage], QTD_BUFPTR_MASK); page += offset; plen = bytes; if (plen > 4096 - offset) { @@ -1720,7 +1736,7 @@ static EHCIQueue *ehci_state_fetchqh(EHCIState *ehci, int async) } else if ((q->qh.token & QTD_TOKEN_ACTIVE) && (NLPTR_TBIT(q->qh.current_qtd) == 0) && (q->qh.current_qtd != 0)) { - q->qtdaddr = q->qh.current_qtd; + q->qtdaddr = ehci_get_desc_addr(ehci, q->qh.current_qtd); ehci_set_state(ehci, async, EST_FETCHQTD); } else { @@ -1804,14 +1820,14 @@ static int ehci_state_advqueue(EHCIQueue *q) */ if (((q->qh.token & QTD_TOKEN_TBYTES_MASK) != 0) && (NLPTR_TBIT(q->qh.altnext_qtd) == 0)) { - q->qtdaddr = q->qh.altnext_qtd; + q->qtdaddr = ehci_get_desc_addr(q->ehci, q->qh.altnext_qtd); ehci_set_state(q->ehci, q->async, EST_FETCHQTD); /* * next qTD is valid */ } else if (NLPTR_TBIT(q->qh.next_qtd) == 0) { - q->qtdaddr = q->qh.next_qtd; + q->qtdaddr = ehci_get_desc_addr(q->ehci, q->qh.next_qtd); ehci_set_state(q->ehci, q->async, EST_FETCHQTD); /* @@ -1840,7 +1856,9 @@ static int ehci_state_fetchqtd(EHCIQueue *q) if (get_dwords(q->ehci, addr + 0, &qtd.next, 1) < 0 || get_dwords(q->ehci, addr + 4, &qtd.altnext, 1) < 0 || get_dwords(q->ehci, addr + 12, qtd.bufptr, - ARRAY_SIZE(qtd.bufptr)) < 0) { + ARRAY_SIZE(qtd.bufptr)) < 0 || + get_dwords(q->ehci, addr + 32, qtd.bufptr_hi, + ARRAY_SIZE(qtd.bufptr_hi)) < 0) { return 0; } ehci_trace_qtd(q, NLPTR_GET(q->qtdaddr), &qtd); @@ -1921,7 +1939,7 @@ static int ehci_fill_queue(EHCIPacket *p) if (NLPTR_TBIT(qtd.next) != 0) { break; } - qtdaddr = qtd.next; + qtdaddr = ehci_get_desc_addr(q->ehci, qtd.next); /* * Detect circular td lists, Windows creates these, counting on the * active bit going low after execution to make the queue stop. -- 2.43.0
