1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * MUSB OTG peripheral driver ep0 handling
4 *
5 * Copyright 2005 Mentor Graphics Corporation
6 * Copyright (C) 2005-2006 by Texas Instruments
7 * Copyright (C) 2006-2007 Nokia Corporation
8 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com>
9 */
10
11 #ifndef __UBOOT__
12 #include <log.h>
13 #include <dm/device_compat.h>
14 #include <linux/kernel.h>
15 #include <linux/list.h>
16 #include <linux/timer.h>
17 #include <linux/spinlock.h>
18 #include <linux/device.h>
19 #include <linux/interrupt.h>
20 #else
21 #include <common.h>
22 #include <dm.h>
23 #include <dm/device_compat.h>
24 #include <asm/processor.h>
25 #include "linux-compat.h"
26 #endif
27
28 #include "musb_core.h"
29
30 /* ep0 is always musb->endpoints[0].ep_in */
31 #define next_ep0_request(musb) next_in_request(&(musb)->endpoints[0])
32
33 /*
34 * locking note: we use only the controller lock, for simpler correctness.
35 * It's always held with IRQs blocked.
36 *
37 * It protects the ep0 request queue as well as ep0_state, not just the
38 * controller and indexed registers. And that lock stays held unless it
39 * needs to be dropped to allow reentering this driver ... like upcalls to
40 * the gadget driver, or adjusting endpoint halt status.
41 */
42
decode_ep0stage(u8 stage)43 static char *decode_ep0stage(u8 stage)
44 {
45 switch (stage) {
46 case MUSB_EP0_STAGE_IDLE: return "idle";
47 case MUSB_EP0_STAGE_SETUP: return "setup";
48 case MUSB_EP0_STAGE_TX: return "in";
49 case MUSB_EP0_STAGE_RX: return "out";
50 case MUSB_EP0_STAGE_ACKWAIT: return "wait";
51 case MUSB_EP0_STAGE_STATUSIN: return "in/status";
52 case MUSB_EP0_STAGE_STATUSOUT: return "out/status";
53 default: return "?";
54 }
55 }
56
57 /* handle a standard GET_STATUS request
58 * Context: caller holds controller lock
59 */
service_tx_status_request(struct musb * musb,const struct usb_ctrlrequest * ctrlrequest)60 static int service_tx_status_request(
61 struct musb *musb,
62 const struct usb_ctrlrequest *ctrlrequest)
63 {
64 void __iomem *mbase = musb->mregs;
65 int handled = 1;
66 u8 result[2], epnum = 0;
67 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
68
69 result[1] = 0;
70
71 switch (recip) {
72 case USB_RECIP_DEVICE:
73 result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED;
74 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP;
75 if (musb->g.is_otg) {
76 result[0] |= musb->g.b_hnp_enable
77 << USB_DEVICE_B_HNP_ENABLE;
78 result[0] |= musb->g.a_alt_hnp_support
79 << USB_DEVICE_A_ALT_HNP_SUPPORT;
80 result[0] |= musb->g.a_hnp_support
81 << USB_DEVICE_A_HNP_SUPPORT;
82 }
83 break;
84
85 case USB_RECIP_INTERFACE:
86 result[0] = 0;
87 break;
88
89 case USB_RECIP_ENDPOINT: {
90 int is_in;
91 struct musb_ep *ep;
92 u16 tmp;
93 void __iomem *regs;
94
95 epnum = (u8) ctrlrequest->wIndex;
96 if (!epnum) {
97 result[0] = 0;
98 break;
99 }
100
101 is_in = epnum & USB_DIR_IN;
102 if (is_in) {
103 epnum &= 0x0f;
104 ep = &musb->endpoints[epnum].ep_in;
105 } else {
106 ep = &musb->endpoints[epnum].ep_out;
107 }
108 regs = musb->endpoints[epnum].regs;
109
110 if (epnum >= MUSB_C_NUM_EPS || !ep->desc) {
111 handled = -EINVAL;
112 break;
113 }
114
115 musb_ep_select(mbase, epnum);
116 if (is_in)
117 tmp = musb_readw(regs, MUSB_TXCSR)
118 & MUSB_TXCSR_P_SENDSTALL;
119 else
120 tmp = musb_readw(regs, MUSB_RXCSR)
121 & MUSB_RXCSR_P_SENDSTALL;
122 musb_ep_select(mbase, 0);
123
124 result[0] = tmp ? 1 : 0;
125 } break;
126
127 default:
128 /* class, vendor, etc ... delegate */
129 handled = 0;
130 break;
131 }
132
133 /* fill up the fifo; caller updates csr0 */
134 if (handled > 0) {
135 u16 len = le16_to_cpu(ctrlrequest->wLength);
136
137 if (len > 2)
138 len = 2;
139 musb_write_fifo(&musb->endpoints[0], len, result);
140 }
141
142 return handled;
143 }
144
145 /*
146 * handle a control-IN request, the end0 buffer contains the current request
147 * that is supposed to be a standard control request. Assumes the fifo to
148 * be at least 2 bytes long.
149 *
150 * @return 0 if the request was NOT HANDLED,
151 * < 0 when error
152 * > 0 when the request is processed
153 *
154 * Context: caller holds controller lock
155 */
156 static int
service_in_request(struct musb * musb,const struct usb_ctrlrequest * ctrlrequest)157 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
158 {
159 int handled = 0; /* not handled */
160
161 if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
162 == USB_TYPE_STANDARD) {
163 switch (ctrlrequest->bRequest) {
164 case USB_REQ_GET_STATUS:
165 handled = service_tx_status_request(musb,
166 ctrlrequest);
167 break;
168
169 /* case USB_REQ_SYNC_FRAME: */
170
171 default:
172 break;
173 }
174 }
175 return handled;
176 }
177
178 /*
179 * Context: caller holds controller lock
180 */
musb_g_ep0_giveback(struct musb * musb,struct usb_request * req)181 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req)
182 {
183 musb_g_giveback(&musb->endpoints[0].ep_in, req, 0);
184 }
185
186 /*
187 * Tries to start B-device HNP negotiation if enabled via sysfs
188 */
musb_try_b_hnp_enable(struct musb * musb)189 static inline void musb_try_b_hnp_enable(struct musb *musb)
190 {
191 void __iomem *mbase = musb->mregs;
192 u8 devctl;
193
194 dev_dbg(musb->controller, "HNP: Setting HR\n");
195 devctl = musb_readb(mbase, MUSB_DEVCTL);
196 musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR);
197 }
198
199 /*
200 * Handle all control requests with no DATA stage, including standard
201 * requests such as:
202 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized
203 * always delegated to the gadget driver
204 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE
205 * always handled here, except for class/vendor/... features
206 *
207 * Context: caller holds controller lock
208 */
209 static int
service_zero_data_request(struct musb * musb,struct usb_ctrlrequest * ctrlrequest)210 service_zero_data_request(struct musb *musb,
211 struct usb_ctrlrequest *ctrlrequest)
212 __releases(musb->lock)
213 __acquires(musb->lock)
214 {
215 int handled = -EINVAL;
216 void __iomem *mbase = musb->mregs;
217 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
218
219 /* the gadget driver handles everything except what we MUST handle */
220 if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
221 == USB_TYPE_STANDARD) {
222 switch (ctrlrequest->bRequest) {
223 case USB_REQ_SET_ADDRESS:
224 /* change it after the status stage */
225 musb->set_address = true;
226 musb->address = (u8) (ctrlrequest->wValue & 0x7f);
227 handled = 1;
228 break;
229
230 case USB_REQ_CLEAR_FEATURE:
231 switch (recip) {
232 case USB_RECIP_DEVICE:
233 if (ctrlrequest->wValue
234 != USB_DEVICE_REMOTE_WAKEUP)
235 break;
236 musb->may_wakeup = 0;
237 handled = 1;
238 break;
239 case USB_RECIP_INTERFACE:
240 break;
241 case USB_RECIP_ENDPOINT:{
242 const u8 epnum =
243 ctrlrequest->wIndex & 0x0f;
244 struct musb_ep *musb_ep;
245 struct musb_hw_ep *ep;
246 struct musb_request *request;
247 void __iomem *regs;
248 int is_in;
249 u16 csr;
250
251 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
252 ctrlrequest->wValue != USB_ENDPOINT_HALT)
253 break;
254
255 ep = musb->endpoints + epnum;
256 regs = ep->regs;
257 is_in = ctrlrequest->wIndex & USB_DIR_IN;
258 if (is_in)
259 musb_ep = &ep->ep_in;
260 else
261 musb_ep = &ep->ep_out;
262 if (!musb_ep->desc)
263 break;
264
265 handled = 1;
266 /* Ignore request if endpoint is wedged */
267 if (musb_ep->wedged)
268 break;
269
270 musb_ep_select(mbase, epnum);
271 if (is_in) {
272 csr = musb_readw(regs, MUSB_TXCSR);
273 csr |= MUSB_TXCSR_CLRDATATOG |
274 MUSB_TXCSR_P_WZC_BITS;
275 csr &= ~(MUSB_TXCSR_P_SENDSTALL |
276 MUSB_TXCSR_P_SENTSTALL |
277 MUSB_TXCSR_TXPKTRDY);
278 musb_writew(regs, MUSB_TXCSR, csr);
279 } else {
280 csr = musb_readw(regs, MUSB_RXCSR);
281 csr |= MUSB_RXCSR_CLRDATATOG |
282 MUSB_RXCSR_P_WZC_BITS;
283 csr &= ~(MUSB_RXCSR_P_SENDSTALL |
284 MUSB_RXCSR_P_SENTSTALL);
285 musb_writew(regs, MUSB_RXCSR, csr);
286 }
287
288 /* Maybe start the first request in the queue */
289 request = next_request(musb_ep);
290 if (!musb_ep->busy && request) {
291 dev_dbg(musb->controller, "restarting the request\n");
292 musb_ep_restart(musb, request);
293 }
294
295 /* select ep0 again */
296 musb_ep_select(mbase, 0);
297 } break;
298 default:
299 /* class, vendor, etc ... delegate */
300 handled = 0;
301 break;
302 }
303 break;
304
305 case USB_REQ_SET_FEATURE:
306 switch (recip) {
307 case USB_RECIP_DEVICE:
308 handled = 1;
309 switch (ctrlrequest->wValue) {
310 case USB_DEVICE_REMOTE_WAKEUP:
311 musb->may_wakeup = 1;
312 break;
313 case USB_DEVICE_TEST_MODE:
314 if (musb->g.speed != USB_SPEED_HIGH)
315 goto stall;
316 if (ctrlrequest->wIndex & 0xff)
317 goto stall;
318
319 switch (ctrlrequest->wIndex >> 8) {
320 case 1:
321 pr_debug("TEST_J\n");
322 /* TEST_J */
323 musb->test_mode_nr =
324 MUSB_TEST_J;
325 break;
326 case 2:
327 /* TEST_K */
328 pr_debug("TEST_K\n");
329 musb->test_mode_nr =
330 MUSB_TEST_K;
331 break;
332 case 3:
333 /* TEST_SE0_NAK */
334 pr_debug("TEST_SE0_NAK\n");
335 musb->test_mode_nr =
336 MUSB_TEST_SE0_NAK;
337 break;
338 case 4:
339 /* TEST_PACKET */
340 pr_debug("TEST_PACKET\n");
341 musb->test_mode_nr =
342 MUSB_TEST_PACKET;
343 break;
344
345 case 0xc0:
346 /* TEST_FORCE_HS */
347 pr_debug("TEST_FORCE_HS\n");
348 musb->test_mode_nr =
349 MUSB_TEST_FORCE_HS;
350 break;
351 case 0xc1:
352 /* TEST_FORCE_FS */
353 pr_debug("TEST_FORCE_FS\n");
354 musb->test_mode_nr =
355 MUSB_TEST_FORCE_FS;
356 break;
357 case 0xc2:
358 /* TEST_FIFO_ACCESS */
359 pr_debug("TEST_FIFO_ACCESS\n");
360 musb->test_mode_nr =
361 MUSB_TEST_FIFO_ACCESS;
362 break;
363 case 0xc3:
364 /* TEST_FORCE_HOST */
365 pr_debug("TEST_FORCE_HOST\n");
366 musb->test_mode_nr =
367 MUSB_TEST_FORCE_HOST;
368 break;
369 default:
370 goto stall;
371 }
372
373 /* enter test mode after irq */
374 if (handled > 0)
375 musb->test_mode = true;
376 break;
377 case USB_DEVICE_B_HNP_ENABLE:
378 if (!musb->g.is_otg)
379 goto stall;
380 musb->g.b_hnp_enable = 1;
381 musb_try_b_hnp_enable(musb);
382 break;
383 case USB_DEVICE_A_HNP_SUPPORT:
384 if (!musb->g.is_otg)
385 goto stall;
386 musb->g.a_hnp_support = 1;
387 break;
388 case USB_DEVICE_A_ALT_HNP_SUPPORT:
389 if (!musb->g.is_otg)
390 goto stall;
391 musb->g.a_alt_hnp_support = 1;
392 break;
393 case USB_DEVICE_DEBUG_MODE:
394 handled = 0;
395 break;
396 stall:
397 default:
398 handled = -EINVAL;
399 break;
400 }
401 break;
402
403 case USB_RECIP_INTERFACE:
404 break;
405
406 case USB_RECIP_ENDPOINT:{
407 const u8 epnum =
408 ctrlrequest->wIndex & 0x0f;
409 struct musb_ep *musb_ep;
410 struct musb_hw_ep *ep;
411 void __iomem *regs;
412 int is_in;
413 u16 csr;
414
415 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
416 ctrlrequest->wValue != USB_ENDPOINT_HALT)
417 break;
418
419 ep = musb->endpoints + epnum;
420 regs = ep->regs;
421 is_in = ctrlrequest->wIndex & USB_DIR_IN;
422 if (is_in)
423 musb_ep = &ep->ep_in;
424 else
425 musb_ep = &ep->ep_out;
426 if (!musb_ep->desc)
427 break;
428
429 musb_ep_select(mbase, epnum);
430 if (is_in) {
431 csr = musb_readw(regs, MUSB_TXCSR);
432 if (csr & MUSB_TXCSR_FIFONOTEMPTY)
433 csr |= MUSB_TXCSR_FLUSHFIFO;
434 csr |= MUSB_TXCSR_P_SENDSTALL
435 | MUSB_TXCSR_CLRDATATOG
436 | MUSB_TXCSR_P_WZC_BITS;
437 musb_writew(regs, MUSB_TXCSR, csr);
438 } else {
439 csr = musb_readw(regs, MUSB_RXCSR);
440 csr |= MUSB_RXCSR_P_SENDSTALL
441 | MUSB_RXCSR_FLUSHFIFO
442 | MUSB_RXCSR_CLRDATATOG
443 | MUSB_RXCSR_P_WZC_BITS;
444 musb_writew(regs, MUSB_RXCSR, csr);
445 }
446
447 /* select ep0 again */
448 musb_ep_select(mbase, 0);
449 handled = 1;
450 } break;
451
452 default:
453 /* class, vendor, etc ... delegate */
454 handled = 0;
455 break;
456 }
457 break;
458 default:
459 /* delegate SET_CONFIGURATION, etc */
460 handled = 0;
461 }
462 } else
463 handled = 0;
464 return handled;
465 }
466
467 /* we have an ep0out data packet
468 * Context: caller holds controller lock
469 */
ep0_rxstate(struct musb * musb)470 static void ep0_rxstate(struct musb *musb)
471 {
472 void __iomem *regs = musb->control_ep->regs;
473 struct musb_request *request;
474 struct usb_request *req;
475 u16 count, csr;
476
477 request = next_ep0_request(musb);
478 req = &request->request;
479
480 /* read packet and ack; or stall because of gadget driver bug:
481 * should have provided the rx buffer before setup() returned.
482 */
483 if (req) {
484 void *buf = req->buf + req->actual;
485 unsigned len = req->length - req->actual;
486
487 /* read the buffer */
488 count = musb_readb(regs, MUSB_COUNT0);
489 if (count > len) {
490 req->status = -EOVERFLOW;
491 count = len;
492 }
493 musb_read_fifo(&musb->endpoints[0], count, buf);
494 req->actual += count;
495 csr = MUSB_CSR0_P_SVDRXPKTRDY;
496 if (count < 64 || req->actual == req->length) {
497 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
498 csr |= MUSB_CSR0_P_DATAEND;
499 } else
500 req = NULL;
501 } else
502 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL;
503
504
505 /* Completion handler may choose to stall, e.g. because the
506 * message just received holds invalid data.
507 */
508 if (req) {
509 musb->ackpend = csr;
510 musb_g_ep0_giveback(musb, req);
511 if (!musb->ackpend)
512 return;
513 musb->ackpend = 0;
514 }
515 musb_ep_select(musb->mregs, 0);
516 musb_writew(regs, MUSB_CSR0, csr);
517 }
518
519 /*
520 * transmitting to the host (IN), this code might be called from IRQ
521 * and from kernel thread.
522 *
523 * Context: caller holds controller lock
524 */
ep0_txstate(struct musb * musb)525 static void ep0_txstate(struct musb *musb)
526 {
527 void __iomem *regs = musb->control_ep->regs;
528 struct musb_request *req = next_ep0_request(musb);
529 struct usb_request *request;
530 u16 csr = MUSB_CSR0_TXPKTRDY;
531 u8 *fifo_src;
532 u8 fifo_count;
533
534 if (!req) {
535 /* WARN_ON(1); */
536 dev_dbg(musb->controller, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0));
537 return;
538 }
539
540 request = &req->request;
541
542 /* load the data */
543 fifo_src = (u8 *) request->buf + request->actual;
544 fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE,
545 request->length - request->actual);
546 musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src);
547 request->actual += fifo_count;
548
549 /* update the flags */
550 if (fifo_count < MUSB_MAX_END0_PACKET
551 || (request->actual == request->length
552 && !request->zero)) {
553 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
554 csr |= MUSB_CSR0_P_DATAEND;
555 } else
556 request = NULL;
557
558 /* send it out, triggering a "txpktrdy cleared" irq */
559 musb_ep_select(musb->mregs, 0);
560 musb_writew(regs, MUSB_CSR0, csr);
561
562 /* report completions as soon as the fifo's loaded; there's no
563 * win in waiting till this last packet gets acked. (other than
564 * very precise fault reporting, needed by USB TMC; possible with
565 * this hardware, but not usable from portable gadget drivers.)
566 */
567 if (request) {
568 musb->ackpend = csr;
569 musb_g_ep0_giveback(musb, request);
570 if (!musb->ackpend)
571 return;
572 musb->ackpend = 0;
573 }
574 }
575
576 /*
577 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware.
578 * Fields are left in USB byte-order.
579 *
580 * Context: caller holds controller lock.
581 */
582 static void
musb_read_setup(struct musb * musb,struct usb_ctrlrequest * req)583 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req)
584 {
585 struct musb_request *r;
586 void __iomem *regs = musb->control_ep->regs;
587
588 musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req);
589
590 /* NOTE: earlier 2.6 versions changed setup packets to host
591 * order, but now USB packets always stay in USB byte order.
592 */
593 dev_dbg(musb->controller, "SETUP req%02x.%02x v%04x i%04x l%d\n",
594 req->bRequestType,
595 req->bRequest,
596 le16_to_cpu(req->wValue),
597 le16_to_cpu(req->wIndex),
598 le16_to_cpu(req->wLength));
599
600 /* clean up any leftover transfers */
601 r = next_ep0_request(musb);
602 if (r)
603 musb_g_ep0_giveback(musb, &r->request);
604
605 /* For zero-data requests we want to delay the STATUS stage to
606 * avoid SETUPEND errors. If we read data (OUT), delay accepting
607 * packets until there's a buffer to store them in.
608 *
609 * If we write data, the controller acts happier if we enable
610 * the TX FIFO right away, and give the controller a moment
611 * to switch modes...
612 */
613 musb->set_address = false;
614 musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY;
615 if (req->wLength == 0) {
616 if (req->bRequestType & USB_DIR_IN)
617 musb->ackpend |= MUSB_CSR0_TXPKTRDY;
618 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT;
619 } else if (req->bRequestType & USB_DIR_IN) {
620 musb->ep0_state = MUSB_EP0_STAGE_TX;
621 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY);
622 while ((musb_readw(regs, MUSB_CSR0)
623 & MUSB_CSR0_RXPKTRDY) != 0)
624 cpu_relax();
625 musb->ackpend = 0;
626 } else
627 musb->ep0_state = MUSB_EP0_STAGE_RX;
628 }
629
630 static int
forward_to_driver(struct musb * musb,const struct usb_ctrlrequest * ctrlrequest)631 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
632 __releases(musb->lock)
633 __acquires(musb->lock)
634 {
635 int retval;
636 if (!musb->gadget_driver)
637 return -EOPNOTSUPP;
638 spin_unlock(&musb->lock);
639 retval = musb->gadget_driver->setup(&musb->g, ctrlrequest);
640 spin_lock(&musb->lock);
641 return retval;
642 }
643
644 /*
645 * Handle peripheral ep0 interrupt
646 *
647 * Context: irq handler; we won't re-enter the driver that way.
648 */
musb_g_ep0_irq(struct musb * musb)649 irqreturn_t musb_g_ep0_irq(struct musb *musb)
650 {
651 u16 csr;
652 u16 len;
653 void __iomem *mbase = musb->mregs;
654 void __iomem *regs = musb->endpoints[0].regs;
655 irqreturn_t retval = IRQ_NONE;
656
657 musb_ep_select(mbase, 0); /* select ep0 */
658 csr = musb_readw(regs, MUSB_CSR0);
659 len = musb_readb(regs, MUSB_COUNT0);
660
661 dev_dbg(musb->controller, "csr %04x, count %d, myaddr %d, ep0stage %s\n",
662 csr, len,
663 musb_readb(mbase, MUSB_FADDR),
664 decode_ep0stage(musb->ep0_state));
665
666 if (csr & MUSB_CSR0_P_DATAEND) {
667 /*
668 * If DATAEND is set we should not call the callback,
669 * hence the status stage is not complete.
670 */
671 return IRQ_HANDLED;
672 }
673
674 /* I sent a stall.. need to acknowledge it now.. */
675 if (csr & MUSB_CSR0_P_SENTSTALL) {
676 musb_writew(regs, MUSB_CSR0,
677 csr & ~MUSB_CSR0_P_SENTSTALL);
678 retval = IRQ_HANDLED;
679 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
680 csr = musb_readw(regs, MUSB_CSR0);
681 }
682
683 /* request ended "early" */
684 if (csr & MUSB_CSR0_P_SETUPEND) {
685 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND);
686 retval = IRQ_HANDLED;
687 /* Transition into the early status phase */
688 switch (musb->ep0_state) {
689 case MUSB_EP0_STAGE_TX:
690 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
691 break;
692 case MUSB_EP0_STAGE_RX:
693 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
694 break;
695 default:
696 ERR("SetupEnd came in a wrong ep0stage %s\n",
697 decode_ep0stage(musb->ep0_state));
698 }
699 csr = musb_readw(regs, MUSB_CSR0);
700 /* NOTE: request may need completion */
701 }
702
703 /* docs from Mentor only describe tx, rx, and idle/setup states.
704 * we need to handle nuances around status stages, and also the
705 * case where status and setup stages come back-to-back ...
706 */
707 switch (musb->ep0_state) {
708
709 case MUSB_EP0_STAGE_TX:
710 /* irq on clearing txpktrdy */
711 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) {
712 ep0_txstate(musb);
713 retval = IRQ_HANDLED;
714 }
715 break;
716
717 case MUSB_EP0_STAGE_RX:
718 /* irq on set rxpktrdy */
719 if (csr & MUSB_CSR0_RXPKTRDY) {
720 ep0_rxstate(musb);
721 retval = IRQ_HANDLED;
722 }
723 break;
724
725 case MUSB_EP0_STAGE_STATUSIN:
726 /* end of sequence #2 (OUT/RX state) or #3 (no data) */
727
728 /* update address (if needed) only @ the end of the
729 * status phase per usb spec, which also guarantees
730 * we get 10 msec to receive this irq... until this
731 * is done we won't see the next packet.
732 */
733 if (musb->set_address) {
734 musb->set_address = false;
735 musb_writeb(mbase, MUSB_FADDR, musb->address);
736 }
737
738 /* enter test mode if needed (exit by reset) */
739 else if (musb->test_mode) {
740 dev_dbg(musb->controller, "entering TESTMODE\n");
741
742 if (MUSB_TEST_PACKET == musb->test_mode_nr)
743 musb_load_testpacket(musb);
744
745 musb_writeb(mbase, MUSB_TESTMODE,
746 musb->test_mode_nr);
747 }
748 /* FALLTHROUGH */
749
750 case MUSB_EP0_STAGE_STATUSOUT:
751 /* end of sequence #1: write to host (TX state) */
752 {
753 struct musb_request *req;
754
755 req = next_ep0_request(musb);
756 if (req)
757 musb_g_ep0_giveback(musb, &req->request);
758 }
759
760 /*
761 * In case when several interrupts can get coalesced,
762 * check to see if we've already received a SETUP packet...
763 */
764 if (csr & MUSB_CSR0_RXPKTRDY)
765 goto setup;
766
767 retval = IRQ_HANDLED;
768 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
769 break;
770
771 case MUSB_EP0_STAGE_IDLE:
772 /*
773 * This state is typically (but not always) indiscernible
774 * from the status states since the corresponding interrupts
775 * tend to happen within too little period of time (with only
776 * a zero-length packet in between) and so get coalesced...
777 */
778 retval = IRQ_HANDLED;
779 musb->ep0_state = MUSB_EP0_STAGE_SETUP;
780 /* FALLTHROUGH */
781
782 case MUSB_EP0_STAGE_SETUP:
783 setup:
784 if (csr & MUSB_CSR0_RXPKTRDY) {
785 struct usb_ctrlrequest setup;
786 int handled = 0;
787
788 if (len != 8) {
789 ERR("SETUP packet len %d != 8 ?\n", len);
790 break;
791 }
792 musb_read_setup(musb, &setup);
793 retval = IRQ_HANDLED;
794
795 /* sometimes the RESET won't be reported */
796 if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) {
797 u8 power;
798
799 printk(KERN_NOTICE "%s: peripheral reset "
800 "irq lost!\n",
801 musb_driver_name);
802 power = musb_readb(mbase, MUSB_POWER);
803 musb->g.speed = (power & MUSB_POWER_HSMODE)
804 ? USB_SPEED_HIGH : USB_SPEED_FULL;
805
806 }
807
808 switch (musb->ep0_state) {
809
810 /* sequence #3 (no data stage), includes requests
811 * we can't forward (notably SET_ADDRESS and the
812 * device/endpoint feature set/clear operations)
813 * plus SET_CONFIGURATION and others we must
814 */
815 case MUSB_EP0_STAGE_ACKWAIT:
816 handled = service_zero_data_request(
817 musb, &setup);
818
819 /*
820 * We're expecting no data in any case, so
821 * always set the DATAEND bit -- doing this
822 * here helps avoid SetupEnd interrupt coming
823 * in the idle stage when we're stalling...
824 */
825 musb->ackpend |= MUSB_CSR0_P_DATAEND;
826
827 /* status stage might be immediate */
828 if (handled > 0)
829 musb->ep0_state =
830 MUSB_EP0_STAGE_STATUSIN;
831 break;
832
833 /* sequence #1 (IN to host), includes GET_STATUS
834 * requests that we can't forward, GET_DESCRIPTOR
835 * and others that we must
836 */
837 case MUSB_EP0_STAGE_TX:
838 handled = service_in_request(musb, &setup);
839 if (handled > 0) {
840 musb->ackpend = MUSB_CSR0_TXPKTRDY
841 | MUSB_CSR0_P_DATAEND;
842 musb->ep0_state =
843 MUSB_EP0_STAGE_STATUSOUT;
844 }
845 break;
846
847 /* sequence #2 (OUT from host), always forward */
848 default: /* MUSB_EP0_STAGE_RX */
849 break;
850 }
851
852 dev_dbg(musb->controller, "handled %d, csr %04x, ep0stage %s\n",
853 handled, csr,
854 decode_ep0stage(musb->ep0_state));
855
856 /* unless we need to delegate this to the gadget
857 * driver, we know how to wrap this up: csr0 has
858 * not yet been written.
859 */
860 if (handled < 0)
861 goto stall;
862 else if (handled > 0)
863 goto finish;
864
865 handled = forward_to_driver(musb, &setup);
866 if (handled < 0) {
867 musb_ep_select(mbase, 0);
868 stall:
869 dev_dbg(musb->controller, "stall (%d)\n", handled);
870 musb->ackpend |= MUSB_CSR0_P_SENDSTALL;
871 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
872 finish:
873 musb_writew(regs, MUSB_CSR0,
874 musb->ackpend);
875 musb->ackpend = 0;
876 }
877 }
878 break;
879
880 case MUSB_EP0_STAGE_ACKWAIT:
881 /* This should not happen. But happens with tusb6010 with
882 * g_file_storage and high speed. Do nothing.
883 */
884 retval = IRQ_HANDLED;
885 break;
886
887 default:
888 /* "can't happen" */
889 assert_noisy(false);
890 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL);
891 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
892 break;
893 }
894
895 return retval;
896 }
897
898
899 static int
musb_g_ep0_enable(struct usb_ep * ep,const struct usb_endpoint_descriptor * desc)900 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc)
901 {
902 /* always enabled */
903 return -EINVAL;
904 }
905
musb_g_ep0_disable(struct usb_ep * e)906 static int musb_g_ep0_disable(struct usb_ep *e)
907 {
908 /* always enabled */
909 return -EINVAL;
910 }
911
912 static int
musb_g_ep0_queue(struct usb_ep * e,struct usb_request * r,gfp_t gfp_flags)913 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags)
914 {
915 struct musb_ep *ep;
916 struct musb_request *req;
917 struct musb *musb;
918 int status;
919 unsigned long lockflags;
920 void __iomem *regs;
921
922 if (!e || !r)
923 return -EINVAL;
924
925 ep = to_musb_ep(e);
926 musb = ep->musb;
927 regs = musb->control_ep->regs;
928
929 req = to_musb_request(r);
930 req->musb = musb;
931 req->request.actual = 0;
932 req->request.status = -EINPROGRESS;
933 req->tx = ep->is_in;
934
935 spin_lock_irqsave(&musb->lock, lockflags);
936
937 if (!list_empty(&ep->req_list)) {
938 status = -EBUSY;
939 goto cleanup;
940 }
941
942 switch (musb->ep0_state) {
943 case MUSB_EP0_STAGE_RX: /* control-OUT data */
944 case MUSB_EP0_STAGE_TX: /* control-IN data */
945 case MUSB_EP0_STAGE_ACKWAIT: /* zero-length data */
946 status = 0;
947 break;
948 default:
949 dev_dbg(musb->controller, "ep0 request queued in state %d\n",
950 musb->ep0_state);
951 status = -EINVAL;
952 goto cleanup;
953 }
954
955 /* add request to the list */
956 list_add_tail(&req->list, &ep->req_list);
957
958 dev_dbg(musb->controller, "queue to %s (%s), length=%d\n",
959 ep->name, ep->is_in ? "IN/TX" : "OUT/RX",
960 req->request.length);
961
962 musb_ep_select(musb->mregs, 0);
963
964 /* sequence #1, IN ... start writing the data */
965 if (musb->ep0_state == MUSB_EP0_STAGE_TX)
966 ep0_txstate(musb);
967
968 /* sequence #3, no-data ... issue IN status */
969 else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) {
970 if (req->request.length)
971 status = -EINVAL;
972 else {
973 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
974 musb_writew(regs, MUSB_CSR0,
975 musb->ackpend | MUSB_CSR0_P_DATAEND);
976 musb->ackpend = 0;
977 musb_g_ep0_giveback(ep->musb, r);
978 }
979
980 /* else for sequence #2 (OUT), caller provides a buffer
981 * before the next packet arrives. deferred responses
982 * (after SETUP is acked) are racey.
983 */
984 } else if (musb->ackpend) {
985 musb_writew(regs, MUSB_CSR0, musb->ackpend);
986 musb->ackpend = 0;
987 }
988
989 cleanup:
990 spin_unlock_irqrestore(&musb->lock, lockflags);
991 return status;
992 }
993
musb_g_ep0_dequeue(struct usb_ep * ep,struct usb_request * req)994 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req)
995 {
996 /* we just won't support this */
997 return -EINVAL;
998 }
999
musb_g_ep0_halt(struct usb_ep * e,int value)1000 static int musb_g_ep0_halt(struct usb_ep *e, int value)
1001 {
1002 struct musb_ep *ep;
1003 struct musb *musb;
1004 void __iomem *base, *regs;
1005 unsigned long flags;
1006 int status;
1007 u16 csr;
1008
1009 if (!e || !value)
1010 return -EINVAL;
1011
1012 ep = to_musb_ep(e);
1013 musb = ep->musb;
1014 base = musb->mregs;
1015 regs = musb->control_ep->regs;
1016 status = 0;
1017
1018 spin_lock_irqsave(&musb->lock, flags);
1019
1020 if (!list_empty(&ep->req_list)) {
1021 status = -EBUSY;
1022 goto cleanup;
1023 }
1024
1025 musb_ep_select(base, 0);
1026 csr = musb->ackpend;
1027
1028 switch (musb->ep0_state) {
1029
1030 /* Stalls are usually issued after parsing SETUP packet, either
1031 * directly in irq context from setup() or else later.
1032 */
1033 case MUSB_EP0_STAGE_TX: /* control-IN data */
1034 case MUSB_EP0_STAGE_ACKWAIT: /* STALL for zero-length data */
1035 case MUSB_EP0_STAGE_RX: /* control-OUT data */
1036 csr = musb_readw(regs, MUSB_CSR0);
1037 /* FALLTHROUGH */
1038
1039 /* It's also OK to issue stalls during callbacks when a non-empty
1040 * DATA stage buffer has been read (or even written).
1041 */
1042 case MUSB_EP0_STAGE_STATUSIN: /* control-OUT status */
1043 case MUSB_EP0_STAGE_STATUSOUT: /* control-IN status */
1044
1045 csr |= MUSB_CSR0_P_SENDSTALL;
1046 musb_writew(regs, MUSB_CSR0, csr);
1047 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
1048 musb->ackpend = 0;
1049 break;
1050 default:
1051 dev_dbg(musb->controller, "ep0 can't halt in state %d\n", musb->ep0_state);
1052 status = -EINVAL;
1053 }
1054
1055 cleanup:
1056 spin_unlock_irqrestore(&musb->lock, flags);
1057 return status;
1058 }
1059
1060 const struct usb_ep_ops musb_g_ep0_ops = {
1061 .enable = musb_g_ep0_enable,
1062 .disable = musb_g_ep0_disable,
1063 .alloc_request = musb_alloc_request,
1064 .free_request = musb_free_request,
1065 .queue = musb_g_ep0_queue,
1066 .dequeue = musb_g_ep0_dequeue,
1067 .set_halt = musb_g_ep0_halt,
1068 };
1069