2 ppcskel - a Free Software replacement for the Nintendo/BroadOn bootloader.
5 Copyright (C) 2009 Bernhard Urban <lewurm@gmx.net>
6 Copyright (C) 2009 Sebastian Falbesoner <sebastian.falbesoner@gmail.com>
8 # This code is licensed to you under the terms of the GNU GPL, version 2;
9 # see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
12 #include "../../bootmii_ppc.h"
13 #include "../../hollywood.h"
14 #include "../../irq.h"
15 #include "../../string.h"
16 #include "../../malloc.h"
19 #include "../usbspec/usb11spec.h"
21 // macro for accessing u32 variables that need to be in little endian byte order;
22 // whenever you read or write from an u32 field that the ohci host controller
23 // will read or write from too, use this macro for access!
24 #define ACCESS_LE(dword) (u32)( (((dword) & 0xFF000000) >> 24) | \
25 (((dword) & 0x00FF0000) >> 8) | \
26 (((dword) & 0x0000FF00) << 8) | \
27 (((dword) & 0x000000FF) << 24) )
29 static struct endpoint_descriptor *allocate_endpoint();
30 static struct general_td *allocate_general_td(size_t);
31 static void control_quirk();
32 static void dbg_op_state();
33 static void dbg_td_flag(u32 flag);
34 static void configure_ports(u8 from_init);
35 static void setup_port(u32 reg, u8 from_init);
37 static struct ohci_hcca hcca_oh0;
40 static struct endpoint_descriptor *allocate_endpoint()
42 struct endpoint_descriptor *ep;
43 ep = (struct endpoint_descriptor *)memalign(16, sizeof(struct endpoint_descriptor));
44 ep->flags = ACCESS_LE(OHCI_ENDPOINT_GENERAL_FORMAT);
45 ep->headp = ep->tailp = ep->nexted = ACCESS_LE(0);
49 static struct general_td *allocate_general_td(size_t bsize)
51 struct general_td *td;
52 td = (struct general_td *)memalign(16, sizeof(struct general_td));
53 td->flags = ACCESS_LE(0);
55 //td->nexttd = ACCESS_LE(virt_to_phys(td));
56 td->nexttd = ACCESS_LE(0);
58 td->cbp = td->be = ACCESS_LE(0);
61 //td->cbp = ACCESS_LE(virt_to_phys(memalign(4096, bsize))); //memailgn required here?
62 td->cbp = ACCESS_LE(virt_to_phys(malloc(bsize)));
63 memset(phys_to_virt(ACCESS_LE(td->cbp)), 0, bsize);
64 td->be = ACCESS_LE(ACCESS_LE(td->cbp) + bsize - 1);
69 static void control_quirk()
71 static struct endpoint_descriptor *ed = 0; /* empty ED */
72 static struct general_td *td = 0; /* dummy TD */
79 * Allocate and keep a special empty ED with just a dummy TD.
82 ed = allocate_endpoint();
86 td = allocate_general_td(0);
93 #define ED_MASK ((u32)~0x0f)
94 ed->tailp = ed->headp = ACCESS_LE(virt_to_phys((void*) ((u32)td & ED_MASK)));
95 ed->flags |= ACCESS_LE(OHCI_ENDPOINT_DIRECTION_OUT);
99 * The OHCI USB host controllers on the Nintendo Wii
100 * video game console stop working when new TDs are
101 * added to a scheduled control ED after a transfer has
102 * has taken place on it.
104 * Before scheduling any new control TD, we make the
105 * controller happy by always loading a special control ED
106 * with a single dummy TD and letting the controller attempt
108 * The controller won't do anything with it, as the special
109 * ED has no TDs, but it will keep the controller from failing
110 * on the next transfer.
112 head = read32(OHCI0_HC_CTRL_HEAD_ED);
114 printf("head: 0x%08X\n", head);
116 * Load the special empty ED and tell the controller to
117 * process the control list.
119 sync_after_write(ed, 16);
120 sync_after_write(td, 16);
121 write32(OHCI0_HC_CTRL_HEAD_ED, virt_to_phys(ed));
123 status = read32(OHCI0_HC_CONTROL);
124 set32(OHCI0_HC_CONTROL, OHCI_CTRL_CLE);
125 write32(OHCI0_HC_COMMAND_STATUS, OHCI_CLF);
127 /* spin until the controller is done with the control list */
128 current = read32(OHCI0_HC_CTRL_CURRENT_ED);
131 current = read32(OHCI0_HC_CTRL_CURRENT_ED);
134 printf("current: 0x%08X\n", current);
136 /* restore the old control head and control settings */
137 write32(OHCI0_HC_CONTROL, status);
138 write32(OHCI0_HC_CTRL_HEAD_ED, head);
145 static void dbg_op_state()
147 switch (read32(OHCI0_HC_CONTROL) & OHCI_CTRL_HCFS) {
148 case OHCI_USB_SUSPEND:
149 printf("ohci-- OHCI_USB_SUSPEND\n");
152 printf("ohci-- OHCI_USB_RESET\n");
155 printf("ohci-- OHCI_USB_OPER\n");
157 case OHCI_USB_RESUME:
158 printf("ohci-- OHCI_USB_RESUME\n");
163 static void dbg_td_flag(u32 flag)
165 printf("**************** dbg_td_flag: 0x%08X ***************\n", flag);
166 printf("CC: %X\tshould be 0, see page 32 (ohci spec)\n", (flag>>28)&0xf);
167 printf("EC: %X\tsee page 20 (ohci spec)\n", (flag>>26)&3);
168 printf(" T: %X\n", (flag>>24)&3);
169 printf("DI: %X\n", (flag>>21)&7);
170 printf("DP: %X\n", (flag>>19)&3);
171 printf(" R: %X\n", (flag>>18)&1);
172 printf("********************************************************\n");
175 static void general_td_fill(struct general_td *dest, usb_transfer_descriptor *src)
177 (void) memcpy((void*) (phys_to_virt(ACCESS_LE(dest->cbp))), src->buffer, src->actlen);
178 dest->flags &= ACCESS_LE(~OHCI_TD_DIRECTION_PID_MASK);
181 printf("pid_setup\n");
182 dest->flags |= ACCESS_LE(OHCI_TD_DIRECTION_PID_SETUP);
183 dest->flags |= ACCESS_LE(OHCI_TD_TOGGLE_0);
184 dest->flags |= ACCESS_LE(OHCI_TD_BUFFER_ROUNDING);
188 dest->flags |= ACCESS_LE(OHCI_TD_DIRECTION_PID_OUT);
189 dest->flags |= ACCESS_LE(OHCI_TD_BUFFER_ROUNDING);
192 * TODO: just temporary solution!
193 * there can be also regular PID_OUT pakets
195 dest->flags |= ACCESS_LE(OHCI_TD_TOGGLE_1);
199 dest->flags |= ACCESS_LE(OHCI_TD_DIRECTION_PID_IN);
200 dest->flags |= ACCESS_LE(OHCI_TD_BUFFER_ROUNDING);
202 * let the endpoint do the togglestuff!
203 * TODO: just temporary solution!
204 * there can be also inregular PID_IN pakets (@Status Stage)
206 dest->flags |= ACCESS_LE(OHCI_TD_TOGGLE_CARRY);
208 /* should be done by HC!
209 * first pid_in start with DATA0 */
211 dummyconfig.headp = ACCESS_LE( src->togl ?
212 ACCESS_LE(dummyconfig.headp) | OHCI_ENDPOINT_TOGGLE_CARRY :
213 ACCESS_LE(dummyconfig.headp) & ~OHCI_ENDPOINT_TOGGLE_CARRY);
217 dest->flags |= ACCESS_LE(OHCI_TD_SET_DELAY_INTERRUPT(7));
218 sync_after_write(dest, sizeof(struct general_td));
219 sync_after_write((void*) phys_to_virt(ACCESS_LE(dest->cbp)), src->actlen);
222 static void dump_address(void *addr, u32 size, const char* str)
224 sync_before_read(addr, size);
225 printf("%s hexdump @ 0x%08X:\n", str, addr);
230 * Enqueue a transfer descriptor.
233 u8 hcdi_enqueue(usb_transfer_descriptor *td) {
234 static struct general_td *tSetup,*tData;
235 static u32 tSetupbuffer, tDatabuffer, tStatusbuffer;
236 static u32 tSetupblen, tDatablen, tStatusblen;
240 tSetup = allocate_general_td(td->actlen);
241 general_td_fill(tSetup, td);
242 tSetupbuffer = (u32) phys_to_virt(ACCESS_LE(tSetup->cbp));
243 tSetupblen = td->actlen;
249 tData = allocate_general_td(td->actlen);
250 general_td_fill(tData, td);
251 tDatabuffer = (u32) phys_to_virt(ACCESS_LE(tData->cbp));
252 tDatablen = td->actlen;
257 struct general_td *tStatus = allocate_general_td(td->actlen);
258 general_td_fill(tStatus, td);
259 tStatusbuffer = (u32) phys_to_virt(ACCESS_LE(tStatus->cbp));
260 tStatusblen = td->actlen;
262 printf( "===========================\n"
263 "===========================\n");
264 control_quirk(); //required? YES! :O ... erm... or no? :/ ... in fact I have no idea
266 struct endpoint_descriptor *dummyconfig = allocate_endpoint();
267 dummyconfig->flags = ACCESS_LE(OHCI_ENDPOINT_GENERAL_FORMAT);
268 dummyconfig->headp = dummyconfig->tailp = dummyconfig->nexted = ACCESS_LE(0);
269 dummyconfig->flags |= ACCESS_LE(OHCI_ENDPOINT_LOW_SPEED |
270 OHCI_ENDPOINT_SET_DEVICE_ADDRESS(td->devaddress) |
271 OHCI_ENDPOINT_SET_ENDPOINT_NUMBER(td->endpoint) |
272 OHCI_ENDPOINT_SET_MAX_PACKET_SIZE(td->maxp));
273 write32(OHCI0_HC_CTRL_HEAD_ED, virt_to_phys(dummyconfig));
275 #define ED_MASK ((u32)~0x0f)
276 dummyconfig->headp |= ACCESS_LE(virt_to_phys((void*) ((u32)tSetup & ED_MASK)));
277 tSetup->nexttd = ACCESS_LE(virt_to_phys((void*) ((u32)tData & ED_MASK)));
278 tData->nexttd = ACCESS_LE(virt_to_phys((void*) ((u32)tStatus & ED_MASK)));
280 sync_after_write(dummyconfig, 16);
281 sync_after_write(tSetup, sizeof(struct general_td));
282 sync_after_write(tData, sizeof(struct general_td));
283 sync_after_write(tStatus, sizeof(struct general_td));
285 dump_address(tSetup, sizeof(struct general_td), "tSetup(before)");
286 dump_address((void*) phys_to_virt(ACCESS_LE(tSetup->cbp)), tSetupblen, "tSetup->cbp(before)");
288 dump_address(tData, sizeof(struct general_td), "tData(before)");
289 dump_address((void*) phys_to_virt(ACCESS_LE(tData->cbp)), tDatablen, "tData->cbp(before)");
291 dump_address(tStatus, sizeof(struct general_td), "tStatus(before)");
292 dump_address((void*) phys_to_virt(ACCESS_LE(tStatus->cbp)), tStatusblen, "tStatus->cbp(before)");
294 dump_address(dummyconfig, sizeof(struct endpoint_descriptor), "dummyconfig(before)");
296 printf("ctrl head: 0x%08X\n", read32(OHCI0_HC_CTRL_HEAD_ED));
297 /* trigger control list */
298 set32(OHCI0_HC_CONTROL, OHCI_CTRL_CLE);
299 write32(OHCI0_HC_COMMAND_STATUS, OHCI_CLF);
301 //don't use this quirk stuff here!
303 while(!read32(OHCI0_HC_CTRL_CURRENT_ED)) {
308 u32 current = read32(OHCI0_HC_CTRL_CURRENT_ED);
309 printf("current: 0x%08X\n", current);
310 printf("+++++++++++++++++++++++++++++\n");
313 dump_address(tSetup, sizeof(struct general_td), "tSetup(after)");
314 dump_address((void*) phys_to_virt(ACCESS_LE(tSetup->cbp)), tSetupblen, "tSetup->cbp(after)");
315 dump_address((void*) tSetupbuffer, tSetupblen, "tSetupbuffer");
316 dbg_td_flag(ACCESS_LE(tSetup->flags));
318 dump_address(tData, sizeof(struct general_td), "tData(after)");
319 dump_address((void*) phys_to_virt(ACCESS_LE(tData->cbp)), tDatablen, "tData->cbp(after)");
320 dump_address((void*) tDatabuffer, tDatablen, "tDatabuffer");
321 dbg_td_flag(ACCESS_LE(tData->flags));
323 dump_address(tStatus, sizeof(struct general_td), "tStatus(after)");
324 //dump_address((void*) phys_to_virt(ACCESS_LE(tStatus->cbp)), tStatusblen, "tStatus->cbp(after)");
325 //dump_address((void*) tStatusbuffer, tStatusblen, "tStatusbuffer");
326 dbg_td_flag(ACCESS_LE(tStatus->flags));
328 dump_address(dummyconfig, sizeof(struct endpoint_descriptor), "dummyconfig(after)");
330 /* disable control list */
331 write32(OHCI0_HC_CONTROL, read32(OHCI0_HC_CONTROL)&~OHCI_CTRL_CLE);
334 * TD should be free'd after taking it from the done queue.
335 * but we are very very dirty and do it anyway :p
338 /* only when a buffer is allocated */
341 free((void*)tStatusbuffer);
344 printf("hcdi_enqueue, done!\n");
349 * Remove an transfer descriptor from transfer queue.
351 u8 hcdi_dequeue(usb_transfer_descriptor *td) {
357 printf("ohci-- init\n");
360 /* disable hc interrupts */
361 set32(OHCI0_HC_INT_DISABLE, OHCI_INTR_MIE);
363 /* save fmInterval and calculate FSMPS */
364 #define FSMP(fi) (0x7fff & ((6 * ((fi) - 210)) / 7))
365 #define FI 0x2edf /* 12000 bits per frame (-1) */
366 u32 fmint = read32(OHCI0_HC_FM_INTERVAL) & 0x3fff;
368 printf("ohci-- fminterval delta: %d\n", fmint - FI);
369 fmint |= FSMP (fmint) << 16;
371 /* enable interrupts of both usb host controllers */
372 set32(EHCI_CTL, EHCI_CTL_OH0INTE | EHCI_CTL_OH1INTE | 0xe0000);
375 write32(OHCI0_HC_COMMAND_STATUS, OHCI_HCR);
379 while ((read32(OHCI0_HC_COMMAND_STATUS) & OHCI_HCR) != 0) {
381 printf("ohci-- FAILED");
387 /* disable interrupts; 2ms timelimit here!
388 now we're in the SUSPEND state ... must go OPERATIONAL
389 within 2msec else HC enters RESUME */
391 u32 cookie = irq_kill();
393 /* Tell the controller where the control and bulk lists are
394 * The lists are empty now. */
395 write32(OHCI0_HC_CTRL_HEAD_ED, 0);
396 write32(OHCI0_HC_BULK_HEAD_ED, 0);
398 /* set hcca adress */
399 sync_after_write(&hcca_oh0, 256);
400 write32(OHCI0_HC_HCCA, virt_to_phys(&hcca_oh0));
402 /* set periodicstart */
404 u32 fmInterval = read32(OHCI0_HC_FM_INTERVAL) &0x3fff;
405 u32 fit = read32(OHCI0_HC_FM_INTERVAL) & FIT;
407 write32(OHCI0_HC_FM_INTERVAL, fmint | (fit ^ FIT));
408 write32(OHCI0_HC_PERIODIC_START, ((9*fmInterval)/10)&0x3fff);
411 if ((read32(OHCI0_HC_FM_INTERVAL) & 0x3fff0000) == 0 || !read32(OHCI0_HC_PERIODIC_START)) {
412 printf("ohci-- w00t, fail!! see ohci-hcd.c:669\n");
415 /* start HC operations */
416 write32(OHCI0_HC_CONTROL, OHCI_CONTROL_INIT | OHCI_USB_OPER);
418 /* wake on ConnectStatusChange, matching external hubs */
419 write32(OHCI0_HC_RH_STATUS, /*RH_HS_DRWE |*/ RH_HS_LPSC);
421 /* Choose the interrupts we care about now, others later on demand */
422 write32(OHCI0_HC_INT_STATUS, ~0);
423 write32(OHCI0_HC_INT_ENABLE, OHCI_INTR_INIT);
426 wait_ms ((read32(OHCI0_HC_RH_DESCRIPTOR_A) >> 23) & 0x1fe);
428 configure_ports((u8)1);
434 static void configure_ports(u8 from_init)
436 printf("OHCI0_HC_RH_DESCRIPTOR_A:\t0x%08X\n", read32(OHCI0_HC_RH_DESCRIPTOR_A));
437 printf("OHCI0_HC_RH_DESCRIPTOR_B:\t0x%08X\n", read32(OHCI0_HC_RH_DESCRIPTOR_B));
438 printf("OHCI0_HC_RH_STATUS:\t\t0x%08X\n", read32(OHCI0_HC_RH_STATUS));
439 printf("OHCI0_HC_RH_PORT_STATUS_1:\t0x%08X\n", read32(OHCI0_HC_RH_PORT_STATUS_1));
440 printf("OHCI0_HC_RH_PORT_STATUS_2:\t0x%08X\n", read32(OHCI0_HC_RH_PORT_STATUS_2));
442 setup_port(OHCI0_HC_RH_PORT_STATUS_1, from_init);
443 setup_port(OHCI0_HC_RH_PORT_STATUS_2, from_init);
444 printf("configure_ports done\n");
447 static void setup_port(u32 reg, u8 from_init)
449 u32 port = read32(reg);
450 if((port & RH_PS_CCS) && ((port & RH_PS_CSC) || from_init)) {
451 write32(reg, RH_PS_CSC);
455 /* clear CSC flag, set PES and start port reset (PRS) */
456 write32(reg, RH_PS_PES);
457 while(!(read32(reg) & RH_PS_PES)) {
462 write32(reg, RH_PS_PRS);
464 /* spin until port reset is complete */
465 while(!(read32(reg) & RH_PS_PRSC)); // hint: it may stuck here
466 printf("loop done\n");
470 (void) usb_add_device();
476 /* read interrupt status */
477 u32 flags = read32(OHCI0_HC_INT_STATUS);
479 /* when all bits are set to 1 some problem occured */
480 if (flags == 0xffffffff) {
481 printf("ohci-- Houston, we have a serious problem! :(\n");
485 /* only care about interrupts that are enabled */
486 flags &= read32(OHCI0_HC_INT_ENABLE);
490 printf("OHCI Interrupt occured: but not for you! WTF?!\n");
494 printf("OHCI Interrupt occured: ");
495 /* UnrecoverableError */
496 if (flags & OHCI_INTR_UE) {
497 printf("UnrecoverableError\n");
498 /* TODO: well, I don't know... nothing,
499 * because it won't happen anyway? ;-) */
502 /* RootHubStatusChange */
503 if (flags & OHCI_INTR_RHSC) {
504 printf("RootHubStatusChange\n");
505 /* TODO: set some next_statechange variable... */
507 write32(OHCI0_HC_INT_STATUS, OHCI_INTR_RD | OHCI_INTR_RHSC);
510 else if (flags & OHCI_INTR_RD) {
511 printf("ResumeDetected\n");
512 write32(OHCI0_HC_INT_STATUS, OHCI_INTR_RD);
513 /* TODO: figure out what the linux kernel does here... */
516 /* WritebackDoneHead */
517 if (flags & OHCI_INTR_WDH) {
518 printf("WritebackDoneHead\n");
519 /* basically the linux irq handler reverse TDs to their urbs
520 * and set done_head to null.
521 * since we are polling atm, just should do the latter task.
522 * however, this won't work for now (i don't know why...)
526 sync_before_read(&hcca_oh0, 256);
527 hcca_oh0.done_head = 0;
528 sync_after_write(&hcca_oh0, 256);
532 /* TODO: handle any pending URB/ED unlinks... */
534 #define HC_IS_RUNNING() 1 /* dirty, i know... just a temporary solution */
535 if (HC_IS_RUNNING()) {
536 write32(OHCI0_HC_INT_STATUS, flags);
537 write32(OHCI0_HC_INT_ENABLE, OHCI_INTR_MIE);
543 sync_before_read(&hcca_oh0, 256);
544 printf("***** frame_no: %d *****\n", ACCESS_LE(hcca_oh0.frame_no));
projects / ppcskel.git / blob