1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * MUSB OTG peripheral driver ep0 handling
4 *
5 * Copyright 2005 Mentor Graphics Corporation
6 * Copyright (C) 2005-2006 by Texas Instruments
7 * Copyright (C) 2006-2007 Nokia Corporation
8 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com>
9 */
10
11 #ifndef __UBOOT__
12 #include <linux/kernel.h>
13 #include <linux/list.h>
14 #include <linux/timer.h>
15 #include <linux/spinlock.h>
16 #include <linux/device.h>
17 #include <linux/interrupt.h>
18 #else
19 #include <common.h>
20 #include "linux-compat.h"
21 #include <asm/processor.h>
22 #endif
23
24 #include "musb_core.h"
25
26 /* ep0 is always musb->endpoints[0].ep_in */
27 #define next_ep0_request(musb) next_in_request(&(musb)->endpoints[0])
28
29 /*
30 * locking note: we use only the controller lock, for simpler correctness.
31 * It's always held with IRQs blocked.
32 *
33 * It protects the ep0 request queue as well as ep0_state, not just the
34 * controller and indexed registers. And that lock stays held unless it
35 * needs to be dropped to allow reentering this driver ... like upcalls to
36 * the gadget driver, or adjusting endpoint halt status.
37 */
38
decode_ep0stage(u8 stage)39 static char *decode_ep0stage(u8 stage)
40 {
41 switch (stage) {
42 case MUSB_EP0_STAGE_IDLE: return "idle";
43 case MUSB_EP0_STAGE_SETUP: return "setup";
44 case MUSB_EP0_STAGE_TX: return "in";
45 case MUSB_EP0_STAGE_RX: return "out";
46 case MUSB_EP0_STAGE_ACKWAIT: return "wait";
47 case MUSB_EP0_STAGE_STATUSIN: return "in/status";
48 case MUSB_EP0_STAGE_STATUSOUT: return "out/status";
49 default: return "?";
50 }
51 }
52
53 /* handle a standard GET_STATUS request
54 * Context: caller holds controller lock
55 */
service_tx_status_request(struct musb * musb,const struct usb_ctrlrequest * ctrlrequest)56 static int service_tx_status_request(
57 struct musb *musb,
58 const struct usb_ctrlrequest *ctrlrequest)
59 {
60 void __iomem *mbase = musb->mregs;
61 int handled = 1;
62 u8 result[2], epnum = 0;
63 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
64
65 result[1] = 0;
66
67 switch (recip) {
68 case USB_RECIP_DEVICE:
69 result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED;
70 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP;
71 if (musb->g.is_otg) {
72 result[0] |= musb->g.b_hnp_enable
73 << USB_DEVICE_B_HNP_ENABLE;
74 result[0] |= musb->g.a_alt_hnp_support
75 << USB_DEVICE_A_ALT_HNP_SUPPORT;
76 result[0] |= musb->g.a_hnp_support
77 << USB_DEVICE_A_HNP_SUPPORT;
78 }
79 break;
80
81 case USB_RECIP_INTERFACE:
82 result[0] = 0;
83 break;
84
85 case USB_RECIP_ENDPOINT: {
86 int is_in;
87 struct musb_ep *ep;
88 u16 tmp;
89 void __iomem *regs;
90
91 epnum = (u8) ctrlrequest->wIndex;
92 if (!epnum) {
93 result[0] = 0;
94 break;
95 }
96
97 is_in = epnum & USB_DIR_IN;
98 if (is_in) {
99 epnum &= 0x0f;
100 ep = &musb->endpoints[epnum].ep_in;
101 } else {
102 ep = &musb->endpoints[epnum].ep_out;
103 }
104 regs = musb->endpoints[epnum].regs;
105
106 if (epnum >= MUSB_C_NUM_EPS || !ep->desc) {
107 handled = -EINVAL;
108 break;
109 }
110
111 musb_ep_select(mbase, epnum);
112 if (is_in)
113 tmp = musb_readw(regs, MUSB_TXCSR)
114 & MUSB_TXCSR_P_SENDSTALL;
115 else
116 tmp = musb_readw(regs, MUSB_RXCSR)
117 & MUSB_RXCSR_P_SENDSTALL;
118 musb_ep_select(mbase, 0);
119
120 result[0] = tmp ? 1 : 0;
121 } break;
122
123 default:
124 /* class, vendor, etc ... delegate */
125 handled = 0;
126 break;
127 }
128
129 /* fill up the fifo; caller updates csr0 */
130 if (handled > 0) {
131 u16 len = le16_to_cpu(ctrlrequest->wLength);
132
133 if (len > 2)
134 len = 2;
135 musb_write_fifo(&musb->endpoints[0], len, result);
136 }
137
138 return handled;
139 }
140
141 /*
142 * handle a control-IN request, the end0 buffer contains the current request
143 * that is supposed to be a standard control request. Assumes the fifo to
144 * be at least 2 bytes long.
145 *
146 * @return 0 if the request was NOT HANDLED,
147 * < 0 when error
148 * > 0 when the request is processed
149 *
150 * Context: caller holds controller lock
151 */
152 static int
service_in_request(struct musb * musb,const struct usb_ctrlrequest * ctrlrequest)153 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
154 {
155 int handled = 0; /* not handled */
156
157 if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
158 == USB_TYPE_STANDARD) {
159 switch (ctrlrequest->bRequest) {
160 case USB_REQ_GET_STATUS:
161 handled = service_tx_status_request(musb,
162 ctrlrequest);
163 break;
164
165 /* case USB_REQ_SYNC_FRAME: */
166
167 default:
168 break;
169 }
170 }
171 return handled;
172 }
173
174 /*
175 * Context: caller holds controller lock
176 */
musb_g_ep0_giveback(struct musb * musb,struct usb_request * req)177 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req)
178 {
179 musb_g_giveback(&musb->endpoints[0].ep_in, req, 0);
180 }
181
182 /*
183 * Tries to start B-device HNP negotiation if enabled via sysfs
184 */
musb_try_b_hnp_enable(struct musb * musb)185 static inline void musb_try_b_hnp_enable(struct musb *musb)
186 {
187 void __iomem *mbase = musb->mregs;
188 u8 devctl;
189
190 dev_dbg(musb->controller, "HNP: Setting HR\n");
191 devctl = musb_readb(mbase, MUSB_DEVCTL);
192 musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR);
193 }
194
195 /*
196 * Handle all control requests with no DATA stage, including standard
197 * requests such as:
198 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized
199 * always delegated to the gadget driver
200 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE
201 * always handled here, except for class/vendor/... features
202 *
203 * Context: caller holds controller lock
204 */
205 static int
service_zero_data_request(struct musb * musb,struct usb_ctrlrequest * ctrlrequest)206 service_zero_data_request(struct musb *musb,
207 struct usb_ctrlrequest *ctrlrequest)
208 __releases(musb->lock)
209 __acquires(musb->lock)
210 {
211 int handled = -EINVAL;
212 void __iomem *mbase = musb->mregs;
213 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
214
215 /* the gadget driver handles everything except what we MUST handle */
216 if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
217 == USB_TYPE_STANDARD) {
218 switch (ctrlrequest->bRequest) {
219 case USB_REQ_SET_ADDRESS:
220 /* change it after the status stage */
221 musb->set_address = true;
222 musb->address = (u8) (ctrlrequest->wValue & 0x7f);
223 handled = 1;
224 break;
225
226 case USB_REQ_CLEAR_FEATURE:
227 switch (recip) {
228 case USB_RECIP_DEVICE:
229 if (ctrlrequest->wValue
230 != USB_DEVICE_REMOTE_WAKEUP)
231 break;
232 musb->may_wakeup = 0;
233 handled = 1;
234 break;
235 case USB_RECIP_INTERFACE:
236 break;
237 case USB_RECIP_ENDPOINT:{
238 const u8 epnum =
239 ctrlrequest->wIndex & 0x0f;
240 struct musb_ep *musb_ep;
241 struct musb_hw_ep *ep;
242 struct musb_request *request;
243 void __iomem *regs;
244 int is_in;
245 u16 csr;
246
247 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
248 ctrlrequest->wValue != USB_ENDPOINT_HALT)
249 break;
250
251 ep = musb->endpoints + epnum;
252 regs = ep->regs;
253 is_in = ctrlrequest->wIndex & USB_DIR_IN;
254 if (is_in)
255 musb_ep = &ep->ep_in;
256 else
257 musb_ep = &ep->ep_out;
258 if (!musb_ep->desc)
259 break;
260
261 handled = 1;
262 /* Ignore request if endpoint is wedged */
263 if (musb_ep->wedged)
264 break;
265
266 musb_ep_select(mbase, epnum);
267 if (is_in) {
268 csr = musb_readw(regs, MUSB_TXCSR);
269 csr |= MUSB_TXCSR_CLRDATATOG |
270 MUSB_TXCSR_P_WZC_BITS;
271 csr &= ~(MUSB_TXCSR_P_SENDSTALL |
272 MUSB_TXCSR_P_SENTSTALL |
273 MUSB_TXCSR_TXPKTRDY);
274 musb_writew(regs, MUSB_TXCSR, csr);
275 } else {
276 csr = musb_readw(regs, MUSB_RXCSR);
277 csr |= MUSB_RXCSR_CLRDATATOG |
278 MUSB_RXCSR_P_WZC_BITS;
279 csr &= ~(MUSB_RXCSR_P_SENDSTALL |
280 MUSB_RXCSR_P_SENTSTALL);
281 musb_writew(regs, MUSB_RXCSR, csr);
282 }
283
284 /* Maybe start the first request in the queue */
285 request = next_request(musb_ep);
286 if (!musb_ep->busy && request) {
287 dev_dbg(musb->controller, "restarting the request\n");
288 musb_ep_restart(musb, request);
289 }
290
291 /* select ep0 again */
292 musb_ep_select(mbase, 0);
293 } break;
294 default:
295 /* class, vendor, etc ... delegate */
296 handled = 0;
297 break;
298 }
299 break;
300
301 case USB_REQ_SET_FEATURE:
302 switch (recip) {
303 case USB_RECIP_DEVICE:
304 handled = 1;
305 switch (ctrlrequest->wValue) {
306 case USB_DEVICE_REMOTE_WAKEUP:
307 musb->may_wakeup = 1;
308 break;
309 case USB_DEVICE_TEST_MODE:
310 if (musb->g.speed != USB_SPEED_HIGH)
311 goto stall;
312 if (ctrlrequest->wIndex & 0xff)
313 goto stall;
314
315 switch (ctrlrequest->wIndex >> 8) {
316 case 1:
317 pr_debug("TEST_J\n");
318 /* TEST_J */
319 musb->test_mode_nr =
320 MUSB_TEST_J;
321 break;
322 case 2:
323 /* TEST_K */
324 pr_debug("TEST_K\n");
325 musb->test_mode_nr =
326 MUSB_TEST_K;
327 break;
328 case 3:
329 /* TEST_SE0_NAK */
330 pr_debug("TEST_SE0_NAK\n");
331 musb->test_mode_nr =
332 MUSB_TEST_SE0_NAK;
333 break;
334 case 4:
335 /* TEST_PACKET */
336 pr_debug("TEST_PACKET\n");
337 musb->test_mode_nr =
338 MUSB_TEST_PACKET;
339 break;
340
341 case 0xc0:
342 /* TEST_FORCE_HS */
343 pr_debug("TEST_FORCE_HS\n");
344 musb->test_mode_nr =
345 MUSB_TEST_FORCE_HS;
346 break;
347 case 0xc1:
348 /* TEST_FORCE_FS */
349 pr_debug("TEST_FORCE_FS\n");
350 musb->test_mode_nr =
351 MUSB_TEST_FORCE_FS;
352 break;
353 case 0xc2:
354 /* TEST_FIFO_ACCESS */
355 pr_debug("TEST_FIFO_ACCESS\n");
356 musb->test_mode_nr =
357 MUSB_TEST_FIFO_ACCESS;
358 break;
359 case 0xc3:
360 /* TEST_FORCE_HOST */
361 pr_debug("TEST_FORCE_HOST\n");
362 musb->test_mode_nr =
363 MUSB_TEST_FORCE_HOST;
364 break;
365 default:
366 goto stall;
367 }
368
369 /* enter test mode after irq */
370 if (handled > 0)
371 musb->test_mode = true;
372 break;
373 case USB_DEVICE_B_HNP_ENABLE:
374 if (!musb->g.is_otg)
375 goto stall;
376 musb->g.b_hnp_enable = 1;
377 musb_try_b_hnp_enable(musb);
378 break;
379 case USB_DEVICE_A_HNP_SUPPORT:
380 if (!musb->g.is_otg)
381 goto stall;
382 musb->g.a_hnp_support = 1;
383 break;
384 case USB_DEVICE_A_ALT_HNP_SUPPORT:
385 if (!musb->g.is_otg)
386 goto stall;
387 musb->g.a_alt_hnp_support = 1;
388 break;
389 case USB_DEVICE_DEBUG_MODE:
390 handled = 0;
391 break;
392 stall:
393 default:
394 handled = -EINVAL;
395 break;
396 }
397 break;
398
399 case USB_RECIP_INTERFACE:
400 break;
401
402 case USB_RECIP_ENDPOINT:{
403 const u8 epnum =
404 ctrlrequest->wIndex & 0x0f;
405 struct musb_ep *musb_ep;
406 struct musb_hw_ep *ep;
407 void __iomem *regs;
408 int is_in;
409 u16 csr;
410
411 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
412 ctrlrequest->wValue != USB_ENDPOINT_HALT)
413 break;
414
415 ep = musb->endpoints + epnum;
416 regs = ep->regs;
417 is_in = ctrlrequest->wIndex & USB_DIR_IN;
418 if (is_in)
419 musb_ep = &ep->ep_in;
420 else
421 musb_ep = &ep->ep_out;
422 if (!musb_ep->desc)
423 break;
424
425 musb_ep_select(mbase, epnum);
426 if (is_in) {
427 csr = musb_readw(regs, MUSB_TXCSR);
428 if (csr & MUSB_TXCSR_FIFONOTEMPTY)
429 csr |= MUSB_TXCSR_FLUSHFIFO;
430 csr |= MUSB_TXCSR_P_SENDSTALL
431 | MUSB_TXCSR_CLRDATATOG
432 | MUSB_TXCSR_P_WZC_BITS;
433 musb_writew(regs, MUSB_TXCSR, csr);
434 } else {
435 csr = musb_readw(regs, MUSB_RXCSR);
436 csr |= MUSB_RXCSR_P_SENDSTALL
437 | MUSB_RXCSR_FLUSHFIFO
438 | MUSB_RXCSR_CLRDATATOG
439 | MUSB_RXCSR_P_WZC_BITS;
440 musb_writew(regs, MUSB_RXCSR, csr);
441 }
442
443 /* select ep0 again */
444 musb_ep_select(mbase, 0);
445 handled = 1;
446 } break;
447
448 default:
449 /* class, vendor, etc ... delegate */
450 handled = 0;
451 break;
452 }
453 break;
454 default:
455 /* delegate SET_CONFIGURATION, etc */
456 handled = 0;
457 }
458 } else
459 handled = 0;
460 return handled;
461 }
462
463 /* we have an ep0out data packet
464 * Context: caller holds controller lock
465 */
ep0_rxstate(struct musb * musb)466 static void ep0_rxstate(struct musb *musb)
467 {
468 void __iomem *regs = musb->control_ep->regs;
469 struct musb_request *request;
470 struct usb_request *req;
471 u16 count, csr;
472
473 request = next_ep0_request(musb);
474 req = &request->request;
475
476 /* read packet and ack; or stall because of gadget driver bug:
477 * should have provided the rx buffer before setup() returned.
478 */
479 if (req) {
480 void *buf = req->buf + req->actual;
481 unsigned len = req->length - req->actual;
482
483 /* read the buffer */
484 count = musb_readb(regs, MUSB_COUNT0);
485 if (count > len) {
486 req->status = -EOVERFLOW;
487 count = len;
488 }
489 musb_read_fifo(&musb->endpoints[0], count, buf);
490 req->actual += count;
491 csr = MUSB_CSR0_P_SVDRXPKTRDY;
492 if (count < 64 || req->actual == req->length) {
493 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
494 csr |= MUSB_CSR0_P_DATAEND;
495 } else
496 req = NULL;
497 } else
498 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL;
499
500
501 /* Completion handler may choose to stall, e.g. because the
502 * message just received holds invalid data.
503 */
504 if (req) {
505 musb->ackpend = csr;
506 musb_g_ep0_giveback(musb, req);
507 if (!musb->ackpend)
508 return;
509 musb->ackpend = 0;
510 }
511 musb_ep_select(musb->mregs, 0);
512 musb_writew(regs, MUSB_CSR0, csr);
513 }
514
515 /*
516 * transmitting to the host (IN), this code might be called from IRQ
517 * and from kernel thread.
518 *
519 * Context: caller holds controller lock
520 */
ep0_txstate(struct musb * musb)521 static void ep0_txstate(struct musb *musb)
522 {
523 void __iomem *regs = musb->control_ep->regs;
524 struct musb_request *req = next_ep0_request(musb);
525 struct usb_request *request;
526 u16 csr = MUSB_CSR0_TXPKTRDY;
527 u8 *fifo_src;
528 u8 fifo_count;
529
530 if (!req) {
531 /* WARN_ON(1); */
532 dev_dbg(musb->controller, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0));
533 return;
534 }
535
536 request = &req->request;
537
538 /* load the data */
539 fifo_src = (u8 *) request->buf + request->actual;
540 fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE,
541 request->length - request->actual);
542 musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src);
543 request->actual += fifo_count;
544
545 /* update the flags */
546 if (fifo_count < MUSB_MAX_END0_PACKET
547 || (request->actual == request->length
548 && !request->zero)) {
549 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
550 csr |= MUSB_CSR0_P_DATAEND;
551 } else
552 request = NULL;
553
554 /* send it out, triggering a "txpktrdy cleared" irq */
555 musb_ep_select(musb->mregs, 0);
556 musb_writew(regs, MUSB_CSR0, csr);
557
558 /* report completions as soon as the fifo's loaded; there's no
559 * win in waiting till this last packet gets acked. (other than
560 * very precise fault reporting, needed by USB TMC; possible with
561 * this hardware, but not usable from portable gadget drivers.)
562 */
563 if (request) {
564 musb->ackpend = csr;
565 musb_g_ep0_giveback(musb, request);
566 if (!musb->ackpend)
567 return;
568 musb->ackpend = 0;
569 }
570 }
571
572 /*
573 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware.
574 * Fields are left in USB byte-order.
575 *
576 * Context: caller holds controller lock.
577 */
578 static void
musb_read_setup(struct musb * musb,struct usb_ctrlrequest * req)579 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req)
580 {
581 struct musb_request *r;
582 void __iomem *regs = musb->control_ep->regs;
583
584 musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req);
585
586 /* NOTE: earlier 2.6 versions changed setup packets to host
587 * order, but now USB packets always stay in USB byte order.
588 */
589 dev_dbg(musb->controller, "SETUP req%02x.%02x v%04x i%04x l%d\n",
590 req->bRequestType,
591 req->bRequest,
592 le16_to_cpu(req->wValue),
593 le16_to_cpu(req->wIndex),
594 le16_to_cpu(req->wLength));
595
596 /* clean up any leftover transfers */
597 r = next_ep0_request(musb);
598 if (r)
599 musb_g_ep0_giveback(musb, &r->request);
600
601 /* For zero-data requests we want to delay the STATUS stage to
602 * avoid SETUPEND errors. If we read data (OUT), delay accepting
603 * packets until there's a buffer to store them in.
604 *
605 * If we write data, the controller acts happier if we enable
606 * the TX FIFO right away, and give the controller a moment
607 * to switch modes...
608 */
609 musb->set_address = false;
610 musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY;
611 if (req->wLength == 0) {
612 if (req->bRequestType & USB_DIR_IN)
613 musb->ackpend |= MUSB_CSR0_TXPKTRDY;
614 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT;
615 } else if (req->bRequestType & USB_DIR_IN) {
616 musb->ep0_state = MUSB_EP0_STAGE_TX;
617 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY);
618 while ((musb_readw(regs, MUSB_CSR0)
619 & MUSB_CSR0_RXPKTRDY) != 0)
620 cpu_relax();
621 musb->ackpend = 0;
622 } else
623 musb->ep0_state = MUSB_EP0_STAGE_RX;
624 }
625
626 static int
forward_to_driver(struct musb * musb,const struct usb_ctrlrequest * ctrlrequest)627 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
628 __releases(musb->lock)
629 __acquires(musb->lock)
630 {
631 int retval;
632 if (!musb->gadget_driver)
633 return -EOPNOTSUPP;
634 spin_unlock(&musb->lock);
635 retval = musb->gadget_driver->setup(&musb->g, ctrlrequest);
636 spin_lock(&musb->lock);
637 return retval;
638 }
639
640 /*
641 * Handle peripheral ep0 interrupt
642 *
643 * Context: irq handler; we won't re-enter the driver that way.
644 */
musb_g_ep0_irq(struct musb * musb)645 irqreturn_t musb_g_ep0_irq(struct musb *musb)
646 {
647 u16 csr;
648 u16 len;
649 void __iomem *mbase = musb->mregs;
650 void __iomem *regs = musb->endpoints[0].regs;
651 irqreturn_t retval = IRQ_NONE;
652
653 musb_ep_select(mbase, 0); /* select ep0 */
654 csr = musb_readw(regs, MUSB_CSR0);
655 len = musb_readb(regs, MUSB_COUNT0);
656
657 dev_dbg(musb->controller, "csr %04x, count %d, myaddr %d, ep0stage %s\n",
658 csr, len,
659 musb_readb(mbase, MUSB_FADDR),
660 decode_ep0stage(musb->ep0_state));
661
662 if (csr & MUSB_CSR0_P_DATAEND) {
663 /*
664 * If DATAEND is set we should not call the callback,
665 * hence the status stage is not complete.
666 */
667 return IRQ_HANDLED;
668 }
669
670 /* I sent a stall.. need to acknowledge it now.. */
671 if (csr & MUSB_CSR0_P_SENTSTALL) {
672 musb_writew(regs, MUSB_CSR0,
673 csr & ~MUSB_CSR0_P_SENTSTALL);
674 retval = IRQ_HANDLED;
675 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
676 csr = musb_readw(regs, MUSB_CSR0);
677 }
678
679 /* request ended "early" */
680 if (csr & MUSB_CSR0_P_SETUPEND) {
681 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND);
682 retval = IRQ_HANDLED;
683 /* Transition into the early status phase */
684 switch (musb->ep0_state) {
685 case MUSB_EP0_STAGE_TX:
686 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
687 break;
688 case MUSB_EP0_STAGE_RX:
689 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
690 break;
691 default:
692 ERR("SetupEnd came in a wrong ep0stage %s\n",
693 decode_ep0stage(musb->ep0_state));
694 }
695 csr = musb_readw(regs, MUSB_CSR0);
696 /* NOTE: request may need completion */
697 }
698
699 /* docs from Mentor only describe tx, rx, and idle/setup states.
700 * we need to handle nuances around status stages, and also the
701 * case where status and setup stages come back-to-back ...
702 */
703 switch (musb->ep0_state) {
704
705 case MUSB_EP0_STAGE_TX:
706 /* irq on clearing txpktrdy */
707 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) {
708 ep0_txstate(musb);
709 retval = IRQ_HANDLED;
710 }
711 break;
712
713 case MUSB_EP0_STAGE_RX:
714 /* irq on set rxpktrdy */
715 if (csr & MUSB_CSR0_RXPKTRDY) {
716 ep0_rxstate(musb);
717 retval = IRQ_HANDLED;
718 }
719 break;
720
721 case MUSB_EP0_STAGE_STATUSIN:
722 /* end of sequence #2 (OUT/RX state) or #3 (no data) */
723
724 /* update address (if needed) only @ the end of the
725 * status phase per usb spec, which also guarantees
726 * we get 10 msec to receive this irq... until this
727 * is done we won't see the next packet.
728 */
729 if (musb->set_address) {
730 musb->set_address = false;
731 musb_writeb(mbase, MUSB_FADDR, musb->address);
732 }
733
734 /* enter test mode if needed (exit by reset) */
735 else if (musb->test_mode) {
736 dev_dbg(musb->controller, "entering TESTMODE\n");
737
738 if (MUSB_TEST_PACKET == musb->test_mode_nr)
739 musb_load_testpacket(musb);
740
741 musb_writeb(mbase, MUSB_TESTMODE,
742 musb->test_mode_nr);
743 }
744 /* FALLTHROUGH */
745
746 case MUSB_EP0_STAGE_STATUSOUT:
747 /* end of sequence #1: write to host (TX state) */
748 {
749 struct musb_request *req;
750
751 req = next_ep0_request(musb);
752 if (req)
753 musb_g_ep0_giveback(musb, &req->request);
754 }
755
756 /*
757 * In case when several interrupts can get coalesced,
758 * check to see if we've already received a SETUP packet...
759 */
760 if (csr & MUSB_CSR0_RXPKTRDY)
761 goto setup;
762
763 retval = IRQ_HANDLED;
764 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
765 break;
766
767 case MUSB_EP0_STAGE_IDLE:
768 /*
769 * This state is typically (but not always) indiscernible
770 * from the status states since the corresponding interrupts
771 * tend to happen within too little period of time (with only
772 * a zero-length packet in between) and so get coalesced...
773 */
774 retval = IRQ_HANDLED;
775 musb->ep0_state = MUSB_EP0_STAGE_SETUP;
776 /* FALLTHROUGH */
777
778 case MUSB_EP0_STAGE_SETUP:
779 setup:
780 if (csr & MUSB_CSR0_RXPKTRDY) {
781 struct usb_ctrlrequest setup;
782 int handled = 0;
783
784 if (len != 8) {
785 ERR("SETUP packet len %d != 8 ?\n", len);
786 break;
787 }
788 musb_read_setup(musb, &setup);
789 retval = IRQ_HANDLED;
790
791 /* sometimes the RESET won't be reported */
792 if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) {
793 u8 power;
794
795 printk(KERN_NOTICE "%s: peripheral reset "
796 "irq lost!\n",
797 musb_driver_name);
798 power = musb_readb(mbase, MUSB_POWER);
799 musb->g.speed = (power & MUSB_POWER_HSMODE)
800 ? USB_SPEED_HIGH : USB_SPEED_FULL;
801
802 }
803
804 switch (musb->ep0_state) {
805
806 /* sequence #3 (no data stage), includes requests
807 * we can't forward (notably SET_ADDRESS and the
808 * device/endpoint feature set/clear operations)
809 * plus SET_CONFIGURATION and others we must
810 */
811 case MUSB_EP0_STAGE_ACKWAIT:
812 handled = service_zero_data_request(
813 musb, &setup);
814
815 /*
816 * We're expecting no data in any case, so
817 * always set the DATAEND bit -- doing this
818 * here helps avoid SetupEnd interrupt coming
819 * in the idle stage when we're stalling...
820 */
821 musb->ackpend |= MUSB_CSR0_P_DATAEND;
822
823 /* status stage might be immediate */
824 if (handled > 0)
825 musb->ep0_state =
826 MUSB_EP0_STAGE_STATUSIN;
827 break;
828
829 /* sequence #1 (IN to host), includes GET_STATUS
830 * requests that we can't forward, GET_DESCRIPTOR
831 * and others that we must
832 */
833 case MUSB_EP0_STAGE_TX:
834 handled = service_in_request(musb, &setup);
835 if (handled > 0) {
836 musb->ackpend = MUSB_CSR0_TXPKTRDY
837 | MUSB_CSR0_P_DATAEND;
838 musb->ep0_state =
839 MUSB_EP0_STAGE_STATUSOUT;
840 }
841 break;
842
843 /* sequence #2 (OUT from host), always forward */
844 default: /* MUSB_EP0_STAGE_RX */
845 break;
846 }
847
848 dev_dbg(musb->controller, "handled %d, csr %04x, ep0stage %s\n",
849 handled, csr,
850 decode_ep0stage(musb->ep0_state));
851
852 /* unless we need to delegate this to the gadget
853 * driver, we know how to wrap this up: csr0 has
854 * not yet been written.
855 */
856 if (handled < 0)
857 goto stall;
858 else if (handled > 0)
859 goto finish;
860
861 handled = forward_to_driver(musb, &setup);
862 if (handled < 0) {
863 musb_ep_select(mbase, 0);
864 stall:
865 dev_dbg(musb->controller, "stall (%d)\n", handled);
866 musb->ackpend |= MUSB_CSR0_P_SENDSTALL;
867 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
868 finish:
869 musb_writew(regs, MUSB_CSR0,
870 musb->ackpend);
871 musb->ackpend = 0;
872 }
873 }
874 break;
875
876 case MUSB_EP0_STAGE_ACKWAIT:
877 /* This should not happen. But happens with tusb6010 with
878 * g_file_storage and high speed. Do nothing.
879 */
880 retval = IRQ_HANDLED;
881 break;
882
883 default:
884 /* "can't happen" */
885 WARN_ON(1);
886 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL);
887 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
888 break;
889 }
890
891 return retval;
892 }
893
894
895 static int
musb_g_ep0_enable(struct usb_ep * ep,const struct usb_endpoint_descriptor * desc)896 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc)
897 {
898 /* always enabled */
899 return -EINVAL;
900 }
901
musb_g_ep0_disable(struct usb_ep * e)902 static int musb_g_ep0_disable(struct usb_ep *e)
903 {
904 /* always enabled */
905 return -EINVAL;
906 }
907
908 static int
musb_g_ep0_queue(struct usb_ep * e,struct usb_request * r,gfp_t gfp_flags)909 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags)
910 {
911 struct musb_ep *ep;
912 struct musb_request *req;
913 struct musb *musb;
914 int status;
915 unsigned long lockflags;
916 void __iomem *regs;
917
918 if (!e || !r)
919 return -EINVAL;
920
921 ep = to_musb_ep(e);
922 musb = ep->musb;
923 regs = musb->control_ep->regs;
924
925 req = to_musb_request(r);
926 req->musb = musb;
927 req->request.actual = 0;
928 req->request.status = -EINPROGRESS;
929 req->tx = ep->is_in;
930
931 spin_lock_irqsave(&musb->lock, lockflags);
932
933 if (!list_empty(&ep->req_list)) {
934 status = -EBUSY;
935 goto cleanup;
936 }
937
938 switch (musb->ep0_state) {
939 case MUSB_EP0_STAGE_RX: /* control-OUT data */
940 case MUSB_EP0_STAGE_TX: /* control-IN data */
941 case MUSB_EP0_STAGE_ACKWAIT: /* zero-length data */
942 status = 0;
943 break;
944 default:
945 dev_dbg(musb->controller, "ep0 request queued in state %d\n",
946 musb->ep0_state);
947 status = -EINVAL;
948 goto cleanup;
949 }
950
951 /* add request to the list */
952 list_add_tail(&req->list, &ep->req_list);
953
954 dev_dbg(musb->controller, "queue to %s (%s), length=%d\n",
955 ep->name, ep->is_in ? "IN/TX" : "OUT/RX",
956 req->request.length);
957
958 musb_ep_select(musb->mregs, 0);
959
960 /* sequence #1, IN ... start writing the data */
961 if (musb->ep0_state == MUSB_EP0_STAGE_TX)
962 ep0_txstate(musb);
963
964 /* sequence #3, no-data ... issue IN status */
965 else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) {
966 if (req->request.length)
967 status = -EINVAL;
968 else {
969 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
970 musb_writew(regs, MUSB_CSR0,
971 musb->ackpend | MUSB_CSR0_P_DATAEND);
972 musb->ackpend = 0;
973 musb_g_ep0_giveback(ep->musb, r);
974 }
975
976 /* else for sequence #2 (OUT), caller provides a buffer
977 * before the next packet arrives. deferred responses
978 * (after SETUP is acked) are racey.
979 */
980 } else if (musb->ackpend) {
981 musb_writew(regs, MUSB_CSR0, musb->ackpend);
982 musb->ackpend = 0;
983 }
984
985 cleanup:
986 spin_unlock_irqrestore(&musb->lock, lockflags);
987 return status;
988 }
989
musb_g_ep0_dequeue(struct usb_ep * ep,struct usb_request * req)990 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req)
991 {
992 /* we just won't support this */
993 return -EINVAL;
994 }
995
musb_g_ep0_halt(struct usb_ep * e,int value)996 static int musb_g_ep0_halt(struct usb_ep *e, int value)
997 {
998 struct musb_ep *ep;
999 struct musb *musb;
1000 void __iomem *base, *regs;
1001 unsigned long flags;
1002 int status;
1003 u16 csr;
1004
1005 if (!e || !value)
1006 return -EINVAL;
1007
1008 ep = to_musb_ep(e);
1009 musb = ep->musb;
1010 base = musb->mregs;
1011 regs = musb->control_ep->regs;
1012 status = 0;
1013
1014 spin_lock_irqsave(&musb->lock, flags);
1015
1016 if (!list_empty(&ep->req_list)) {
1017 status = -EBUSY;
1018 goto cleanup;
1019 }
1020
1021 musb_ep_select(base, 0);
1022 csr = musb->ackpend;
1023
1024 switch (musb->ep0_state) {
1025
1026 /* Stalls are usually issued after parsing SETUP packet, either
1027 * directly in irq context from setup() or else later.
1028 */
1029 case MUSB_EP0_STAGE_TX: /* control-IN data */
1030 case MUSB_EP0_STAGE_ACKWAIT: /* STALL for zero-length data */
1031 case MUSB_EP0_STAGE_RX: /* control-OUT data */
1032 csr = musb_readw(regs, MUSB_CSR0);
1033 /* FALLTHROUGH */
1034
1035 /* It's also OK to issue stalls during callbacks when a non-empty
1036 * DATA stage buffer has been read (or even written).
1037 */
1038 case MUSB_EP0_STAGE_STATUSIN: /* control-OUT status */
1039 case MUSB_EP0_STAGE_STATUSOUT: /* control-IN status */
1040
1041 csr |= MUSB_CSR0_P_SENDSTALL;
1042 musb_writew(regs, MUSB_CSR0, csr);
1043 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
1044 musb->ackpend = 0;
1045 break;
1046 default:
1047 dev_dbg(musb->controller, "ep0 can't halt in state %d\n", musb->ep0_state);
1048 status = -EINVAL;
1049 }
1050
1051 cleanup:
1052 spin_unlock_irqrestore(&musb->lock, flags);
1053 return status;
1054 }
1055
1056 const struct usb_ep_ops musb_g_ep0_ops = {
1057 .enable = musb_g_ep0_enable,
1058 .disable = musb_g_ep0_disable,
1059 .alloc_request = musb_alloc_request,
1060 .free_request = musb_free_request,
1061 .queue = musb_g_ep0_queue,
1062 .dequeue = musb_g_ep0_dequeue,
1063 .set_halt = musb_g_ep0_halt,
1064 };
1065