2 ppcskel - a Free Software replacement for the Nintendo/BroadOn bootloader.
5 Copyright (C) 2009 Bernhard Urban <lewurm@gmx.net>
6 Copyright (C) 2009 Sebastian Falbesoner <sebastian.falbesoner@gmail.com>
8 # This code is licensed to you under the terms of the GNU GPL, version 2;
9 # see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
12 #include "../../bootmii_ppc.h"
13 #include "../../hollywood.h"
14 #include "../../irq.h"
15 #include "../../string.h"
16 #include "../../malloc.h"
19 #include "../usbspec/usb11spec.h"
21 // macro for accessing u32 variables that need to be in little endian byte order;
22 // whenever you read or write from an u32 field that the ohci host controller
23 // will read or write from too, use this macro for access!
24 #define ACCESS_LE(dword) (u32)( (((dword) & 0xFF000000) >> 24) | \
25 (((dword) & 0x00FF0000) >> 8) | \
26 (((dword) & 0x0000FF00) << 8) | \
27 (((dword) & 0x000000FF) << 24) )
29 static struct endpoint_descriptor *allocate_endpoint();
30 static struct general_td *allocate_general_td(size_t);
31 static void control_quirk();
32 static void dbg_op_state();
33 static void dbg_td_flag(u32 flag);
34 static void configure_ports(u8 from_init);
35 static void setup_port(u32 reg, u8 from_init);
37 static struct ohci_hcca hcca_oh0;
40 static struct endpoint_descriptor *allocate_endpoint()
42 struct endpoint_descriptor *ep;
43 ep = (struct endpoint_descriptor *)memalign(16, sizeof(struct endpoint_descriptor));
44 ep->flags = ACCESS_LE(OHCI_ENDPOINT_GENERAL_FORMAT);
45 ep->headp = ep->tailp = ep->nexted = ACCESS_LE(0);
49 static struct general_td *allocate_general_td(size_t bsize)
51 struct general_td *td;
52 td = (struct general_td *)memalign(16, sizeof(struct general_td));
53 td->flags = ACCESS_LE(0);
55 td->nexttd = ACCESS_LE(virt_to_phys(td));
56 //td->nexttd = ACCESS_LE(0);
58 td->cbp = td->be = ACCESS_LE(0);
61 //td->cbp = ACCESS_LE(virt_to_phys(memalign(4096, bsize))); //memailgn required here?
62 td->cbp = ACCESS_LE(virt_to_phys(malloc(bsize)));
63 memset(phys_to_virt(ACCESS_LE(td->cbp)), 0, bsize);
64 td->be = ACCESS_LE(ACCESS_LE(td->cbp) + bsize - 1);
69 static void control_quirk()
71 static struct endpoint_descriptor *ed = 0; /* empty ED */
72 static struct general_td *td = 0; /* dummy TD */
79 * Allocate and keep a special empty ED with just a dummy TD.
82 ed = allocate_endpoint();
86 td = allocate_general_td(0);
93 #define ED_MASK ((u32)~0x0f)
94 ed->tailp = ed->headp = ACCESS_LE(virt_to_phys((void*) ((u32)td & ED_MASK)));
95 ed->flags |= ACCESS_LE(OHCI_ENDPOINT_DIRECTION_OUT);
99 * The OHCI USB host controllers on the Nintendo Wii
100 * video game console stop working when new TDs are
101 * added to a scheduled control ED after a transfer has
102 * has taken place on it.
104 * Before scheduling any new control TD, we make the
105 * controller happy by always loading a special control ED
106 * with a single dummy TD and letting the controller attempt
108 * The controller won't do anything with it, as the special
109 * ED has no TDs, but it will keep the controller from failing
110 * on the next transfer.
112 head = read32(OHCI0_HC_CTRL_HEAD_ED);
114 printf("head: 0x%08X\n", head);
116 * Load the special empty ED and tell the controller to
117 * process the control list.
119 sync_after_write(ed, 16);
120 sync_after_write(td, 16);
121 write32(OHCI0_HC_CTRL_HEAD_ED, virt_to_phys(ed));
123 status = read32(OHCI0_HC_CONTROL);
124 set32(OHCI0_HC_CONTROL, OHCI_CTRL_CLE);
125 write32(OHCI0_HC_COMMAND_STATUS, OHCI_CLF);
127 /* spin until the controller is done with the control list */
128 current = read32(OHCI0_HC_CTRL_CURRENT_ED);
131 current = read32(OHCI0_HC_CTRL_CURRENT_ED);
134 printf("current: 0x%08X\n", current);
136 /* restore the old control head and control settings */
137 write32(OHCI0_HC_CONTROL, status);
138 write32(OHCI0_HC_CTRL_HEAD_ED, head);
145 static void dbg_op_state()
147 switch (read32(OHCI0_HC_CONTROL) & OHCI_CTRL_HCFS) {
148 case OHCI_USB_SUSPEND:
149 printf("ohci-- OHCI_USB_SUSPEND\n");
152 printf("ohci-- OHCI_USB_RESET\n");
155 printf("ohci-- OHCI_USB_OPER\n");
157 case OHCI_USB_RESUME:
158 printf("ohci-- OHCI_USB_RESUME\n");
163 static void dbg_td_flag(u32 flag)
165 printf("**************** dbg_td_flag: 0x%08X ***************\n", flag);
166 printf("CC: %X\tshould be 0, see page 32 (ohci spec)\n", (flag>>28)&0xf);
167 printf("EC: %X\tsee page 20 (ohci spec)\n", (flag>>26)&3);
168 printf(" T: %X\n", (flag>>24)&3);
169 printf("DI: %X\n", (flag>>21)&7);
170 printf("DP: %X\n", (flag>>19)&3);
171 printf(" R: %X\n", (flag>>18)&1);
172 printf("********************************************************\n");
175 static void general_td_fill(struct general_td *dest, usb_transfer_descriptor *src)
177 (void) memcpy((void*) (phys_to_virt(ACCESS_LE(dest->cbp))), src->buffer, src->actlen);
178 dest->flags &= ACCESS_LE(~OHCI_TD_DIRECTION_PID_MASK);
181 printf("pid_setup\n");
182 dest->flags |= ACCESS_LE(OHCI_TD_DIRECTION_PID_SETUP);
183 dest->flags |= ACCESS_LE(OHCI_TD_TOGGLE_0);
184 dest->flags |= ACCESS_LE(OHCI_TD_BUFFER_ROUNDING);
188 dest->flags |= ACCESS_LE(OHCI_TD_DIRECTION_PID_OUT);
189 dest->flags |= ACCESS_LE(OHCI_TD_BUFFER_ROUNDING);
192 * TODO: just temporary solution!
193 * there can be also regular PID_OUT pakets
195 dest->flags |= ACCESS_LE(OHCI_TD_TOGGLE_1);
199 dest->flags |= ACCESS_LE(OHCI_TD_DIRECTION_PID_IN);
200 dest->flags |= ACCESS_LE(OHCI_TD_BUFFER_ROUNDING);
202 * let the endpoint do the togglestuff!
203 * TODO: just temporary solution!
204 * there can be also inregular PID_IN pakets (@Status Stage)
206 dest->flags |= ACCESS_LE(OHCI_TD_TOGGLE_CARRY);
208 /* should be done by HC!
209 * first pid_in start with DATA0 */
211 dummyconfig.headp = ACCESS_LE( src->togl ?
212 ACCESS_LE(dummyconfig.headp) | OHCI_ENDPOINT_TOGGLE_CARRY :
213 ACCESS_LE(dummyconfig.headp) & ~OHCI_ENDPOINT_TOGGLE_CARRY);
217 dest->flags |= ACCESS_LE(OHCI_TD_SET_DELAY_INTERRUPT(7));
218 sync_after_write(dest, sizeof(struct general_td));
219 sync_after_write((void*) phys_to_virt(ACCESS_LE(dest->cbp)), src->actlen);
222 static void dump_address(void *addr, u32 size, const char* str)
224 sync_before_read(addr, size);
225 printf("%s hexdump @ 0x%08X:\n", str, addr);
230 * Enqueue a transfer descriptor.
233 u8 hcdi_enqueue(usb_transfer_descriptor *td) {
234 static struct general_td *tSetup,*tData;
235 static u32 tSetupbuffer, tDatabuffer, tStatusbuffer;
236 static u32 tSetupblen, tDatablen, tStatusblen;
240 tSetup = allocate_general_td(td->actlen);
241 general_td_fill(tSetup, td);
242 tSetupbuffer = (u32) phys_to_virt(ACCESS_LE(tSetup->cbp));
243 tSetupblen = td->actlen;
249 tData = allocate_general_td(td->actlen);
250 general_td_fill(tData, td);
251 tDatabuffer = (u32) phys_to_virt(ACCESS_LE(tData->cbp));
252 tDatablen = td->actlen;
256 struct general_td *tStatus = allocate_general_td(td->actlen);
257 general_td_fill(tStatus, td);
258 tStatusbuffer = (u32) phys_to_virt(ACCESS_LE(tStatus->cbp));
259 tStatusblen = td->actlen;
261 printf( "===========================\n"
262 "===========================\n");
263 control_quirk(); //required? YES! :O ... erm... or no? :/ ... in fact I have no idea
265 static struct endpoint_descriptor dummyconfig;
268 memset(&dummyconfig, 0, 16);
269 dummyconfig.flags = ACCESS_LE(OHCI_ENDPOINT_GENERAL_FORMAT);
270 dummyconfig.headp = dummyconfig.tailp = dummyconfig.nexted = ACCESS_LE(0);
271 dummyconfig.flags |= ACCESS_LE(OHCI_ENDPOINT_LOW_SPEED |
272 OHCI_ENDPOINT_SET_DEVICE_ADDRESS(td->devaddress) |
273 OHCI_ENDPOINT_SET_ENDPOINT_NUMBER(td->endpoint) |
274 OHCI_ENDPOINT_SET_MAX_PACKET_SIZE(td->maxp));
275 write32(OHCI0_HC_CTRL_HEAD_ED, virt_to_phys(&dummyconfig));
277 sync_before_read(&dummyconfig, 16);
278 printf("HALTED set?: %d\n", ACCESS_LE(dummyconfig.headp)&OHCI_ENDPOINT_HALTED);
279 dummyconfig.headp = ACCESS_LE(0);
280 sync_after_write(&dummyconfig, 16);
283 #define ED_MASK ((u32)~0x0f)
284 dummyconfig.headp |= ACCESS_LE(virt_to_phys((void*) ((u32)tSetup & ED_MASK)));
285 tSetup->nexttd = ACCESS_LE(virt_to_phys((void*) ((u32)tData & ED_MASK)));
286 tData->nexttd = ACCESS_LE(virt_to_phys((void*) ((u32)tStatus & ED_MASK)));
288 dump_address(tSetup, sizeof(struct general_td), "tSetup(before)");
289 dump_address((void*) phys_to_virt(ACCESS_LE(tSetup->cbp)), tSetupblen, "tSetup->cbp(before)");
291 dump_address(tData, sizeof(struct general_td), "tData(before)");
292 dump_address((void*) phys_to_virt(ACCESS_LE(tData->cbp)), tDatablen, "tData->cbp(before)");
294 dump_address(tStatus, sizeof(struct general_td), "tStatus(before)");
295 dump_address((void*) phys_to_virt(ACCESS_LE(tStatus->cbp)), tStatusblen, "tStatus->cbp(before)");
297 dump_address(&dummyconfig, sizeof(struct endpoint_descriptor), "dummyconfig(before)");
299 sync_after_write(&dummyconfig, 16);
300 sync_after_write(tSetup, sizeof(struct general_td));
301 sync_after_write(tData, sizeof(struct general_td));
302 sync_after_write(tStatus, sizeof(struct general_td));
304 /* trigger control list */
305 set32(OHCI0_HC_CONTROL, OHCI_CTRL_CLE);
306 write32(OHCI0_HC_COMMAND_STATUS, OHCI_CLF);
308 //don't use this quirk stuff here!
310 while(!read32(OHCI0_HC_CTRL_CURRENT_ED)) {
315 u32 current = read32(OHCI0_HC_CTRL_CURRENT_ED);
316 printf("current: 0x%08X\n", current);
317 printf("+++++++++++++++++++++++++++++\n");
320 dump_address(tSetup, sizeof(struct general_td), "tSetup(after)");
321 dump_address((void*) phys_to_virt(ACCESS_LE(tSetup->cbp)), tSetupblen, "tSetup->cbp(after)");
322 dump_address((void*) tSetupbuffer, tSetupblen, "tSetupbuffer");
323 dbg_td_flag(ACCESS_LE(tSetup->flags));
325 dump_address(tData, sizeof(struct general_td), "tData(after)");
326 dump_address((void*) phys_to_virt(ACCESS_LE(tData->cbp)), tDatablen, "tData->cbp(after)");
327 dump_address((void*) tDatabuffer, tDatablen, "tDatabuffer");
328 dbg_td_flag(ACCESS_LE(tData->flags));
330 dump_address(tStatus, sizeof(struct general_td), "tStatus(after)");
331 //dump_address((void*) phys_to_virt(ACCESS_LE(tStatus->cbp)), tStatusblen, "tStatus->cbp(after)");
332 //dump_address((void*) tStatusbuffer, tStatusblen, "tStatusbuffer");
333 dbg_td_flag(ACCESS_LE(tStatus->flags));
335 dump_address(&dummyconfig, sizeof(struct endpoint_descriptor), "dummyconfig(after)");
337 /* disable control list */
338 write32(OHCI0_HC_CONTROL, read32(OHCI0_HC_CONTROL)&~OHCI_CTRL_CLE);
341 * TD should be free'd after taking it from the done queue.
342 * but we are very very dirty and do it anyway :p
345 /* only when a buffer is allocated */
348 free((void*)tStatusbuffer);
355 * Remove an transfer descriptor from transfer queue.
357 u8 hcdi_dequeue(usb_transfer_descriptor *td) {
363 printf("ohci-- init\n");
366 /* disable hc interrupts */
367 set32(OHCI0_HC_INT_DISABLE, OHCI_INTR_MIE);
369 /* save fmInterval and calculate FSMPS */
370 #define FSMP(fi) (0x7fff & ((6 * ((fi) - 210)) / 7))
371 #define FI 0x2edf /* 12000 bits per frame (-1) */
372 u32 fmint = read32(OHCI0_HC_FM_INTERVAL) & 0x3fff;
374 printf("ohci-- fminterval delta: %d\n", fmint - FI);
375 fmint |= FSMP (fmint) << 16;
377 /* enable interrupts of both usb host controllers */
378 set32(EHCI_CTL, EHCI_CTL_OH0INTE | EHCI_CTL_OH1INTE | 0xe0000);
381 write32(OHCI0_HC_COMMAND_STATUS, OHCI_HCR);
385 while ((read32(OHCI0_HC_COMMAND_STATUS) & OHCI_HCR) != 0) {
387 printf("ohci-- FAILED");
393 /* disable interrupts; 2ms timelimit here!
394 now we're in the SUSPEND state ... must go OPERATIONAL
395 within 2msec else HC enters RESUME */
397 u32 cookie = irq_kill();
399 /* Tell the controller where the control and bulk lists are
400 * The lists are empty now. */
401 write32(OHCI0_HC_CTRL_HEAD_ED, 0);
402 write32(OHCI0_HC_BULK_HEAD_ED, 0);
404 /* set hcca adress */
405 sync_after_write(&hcca_oh0, 256);
406 write32(OHCI0_HC_HCCA, virt_to_phys(&hcca_oh0));
408 /* set periodicstart */
410 u32 fmInterval = read32(OHCI0_HC_FM_INTERVAL) &0x3fff;
411 u32 fit = read32(OHCI0_HC_FM_INTERVAL) & FIT;
413 write32(OHCI0_HC_FM_INTERVAL, fmint | (fit ^ FIT));
414 write32(OHCI0_HC_PERIODIC_START, ((9*fmInterval)/10)&0x3fff);
417 if ((read32(OHCI0_HC_FM_INTERVAL) & 0x3fff0000) == 0 || !read32(OHCI0_HC_PERIODIC_START)) {
418 printf("ohci-- w00t, fail!! see ohci-hcd.c:669\n");
421 /* start HC operations */
422 write32(OHCI0_HC_CONTROL, OHCI_CONTROL_INIT | OHCI_USB_OPER);
424 /* wake on ConnectStatusChange, matching external hubs */
425 write32(OHCI0_HC_RH_STATUS, /*RH_HS_DRWE |*/ RH_HS_LPSC);
427 /* Choose the interrupts we care about now, others later on demand */
428 write32(OHCI0_HC_INT_STATUS, ~0);
429 write32(OHCI0_HC_INT_ENABLE, OHCI_INTR_INIT);
432 wait_ms ((read32(OHCI0_HC_RH_DESCRIPTOR_A) >> 23) & 0x1fe);
434 configure_ports((u8)1);
440 static void configure_ports(u8 from_init)
442 printf("OHCI0_HC_RH_DESCRIPTOR_A:\t0x%08X\n", read32(OHCI0_HC_RH_DESCRIPTOR_A));
443 printf("OHCI0_HC_RH_DESCRIPTOR_B:\t0x%08X\n", read32(OHCI0_HC_RH_DESCRIPTOR_B));
444 printf("OHCI0_HC_RH_STATUS:\t\t0x%08X\n", read32(OHCI0_HC_RH_STATUS));
445 printf("OHCI0_HC_RH_PORT_STATUS_1:\t0x%08X\n", read32(OHCI0_HC_RH_PORT_STATUS_1));
446 printf("OHCI0_HC_RH_PORT_STATUS_2:\t0x%08X\n", read32(OHCI0_HC_RH_PORT_STATUS_2));
448 setup_port(OHCI0_HC_RH_PORT_STATUS_1, from_init);
449 setup_port(OHCI0_HC_RH_PORT_STATUS_2, from_init);
450 printf("configure_ports done\n");
453 static void setup_port(u32 reg, u8 from_init)
455 u32 port = read32(reg);
456 if((port & RH_PS_CCS) && ((port & RH_PS_CSC) || from_init)) {
457 write32(reg, RH_PS_CSC);
461 /* clear CSC flag, set PES and start port reset (PRS) */
462 write32(reg, RH_PS_PES);
463 while(!(read32(reg) & RH_PS_PES)) {
468 write32(reg, RH_PS_PRS);
470 /* spin until port reset is complete */
471 while(!(read32(reg) & RH_PS_PRSC)); // hint: it may stuck here
472 printf("loop done\n");
476 (void) usb_add_device();
482 /* read interrupt status */
483 u32 flags = read32(OHCI0_HC_INT_STATUS);
485 /* when all bits are set to 1 some problem occured */
486 if (flags == 0xffffffff) {
487 printf("ohci-- Houston, we have a serious problem! :(\n");
491 /* only care about interrupts that are enabled */
492 flags &= read32(OHCI0_HC_INT_ENABLE);
496 printf("OHCI Interrupt occured: but not for you! WTF?!\n");
500 printf("OHCI Interrupt occured: ");
501 /* UnrecoverableError */
502 if (flags & OHCI_INTR_UE) {
503 printf("UnrecoverableError\n");
504 /* TODO: well, I don't know... nothing,
505 * because it won't happen anyway? ;-) */
508 /* RootHubStatusChange */
509 if (flags & OHCI_INTR_RHSC) {
510 printf("RootHubStatusChange\n");
511 /* TODO: set some next_statechange variable... */
513 write32(OHCI0_HC_INT_STATUS, OHCI_INTR_RD | OHCI_INTR_RHSC);
516 else if (flags & OHCI_INTR_RD) {
517 printf("ResumeDetected\n");
518 write32(OHCI0_HC_INT_STATUS, OHCI_INTR_RD);
519 /* TODO: figure out what the linux kernel does here... */
522 /* WritebackDoneHead */
523 if (flags & OHCI_INTR_WDH) {
524 printf("WritebackDoneHead\n");
525 /* basically the linux irq handler reverse TDs to their urbs
526 * and set done_head to null.
527 * since we are polling atm, just should do the latter task.
528 * however, this won't work for now (i don't know why...)
532 sync_before_read(&hcca_oh0, 256);
533 hcca_oh0.done_head = 0;
534 sync_after_write(&hcca_oh0, 256);
538 /* TODO: handle any pending URB/ED unlinks... */
540 #define HC_IS_RUNNING() 1 /* dirty, i know... just a temporary solution */
541 if (HC_IS_RUNNING()) {
542 write32(OHCI0_HC_INT_STATUS, flags);
543 write32(OHCI0_HC_INT_ENABLE, OHCI_INTR_MIE);
549 sync_before_read(&hcca_oh0, 256);
550 printf("***** frame_no: %d *****\n", ACCESS_LE(hcca_oh0.frame_no));
projects / ppcskel.git / blob