1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright (C) 2001-2004 by David Brownell 4 */ 5 6 /* this file is part of ehci-hcd.c */ 7 8 /*-------------------------------------------------------------------------*/ 9 10 /* 11 * EHCI hardware queue manipulation ... the core. QH/QTD manipulation. 12 * 13 * Control, bulk, and interrupt traffic all use "qh" lists. They list "qtd" 14 * entries describing USB transactions, max 16-20kB/entry (with 4kB-aligned 15 * buffers needed for the larger number). We use one QH per endpoint, queue 16 * multiple urbs (all three types) per endpoint. URBs may need several qtds. 17 * 18 * ISO traffic uses "ISO TD" (itd, and sitd) records, and (along with 19 * interrupts) needs careful scheduling. Performance improvements can be 20 * an ongoing challenge. That's in "ehci-sched.c". 21 * 22 * USB 1.1 devices are handled (a) by "companion" OHCI or UHCI root hubs, 23 * or otherwise through transaction translators (TTs) in USB 2.0 hubs using 24 * (b) special fields in qh entries or (c) split iso entries. TTs will 25 * buffer low/full speed data so the host collects it at high speed. 26 */ 27 28 /*-------------------------------------------------------------------------*/ 29 30 /* fill a qtd, returning how much of the buffer we were able to queue up */ 31 32 static int 33 qtd_fill(struct ehci_hcd *ehci, struct ehci_qtd *qtd, dma_addr_t buf, 34 size_t len, int token, int maxpacket) 35 { 36 int i, count; 37 u64 addr = buf; 38 39 /* one buffer entry per 4K ... first might be short or unaligned */ 40 qtd->hw_buf[0] = cpu_to_hc32(ehci, (u32)addr); 41 qtd->hw_buf_hi[0] = cpu_to_hc32(ehci, (u32)(addr >> 32)); 42 count = 0x1000 - (buf & 0x0fff); /* rest of that page */ 43 if (likely (len < count)) /* ... iff needed */ 44 count = len; 45 else { 46 buf += 0x1000; 47 buf &= ~0x0fff; 48 49 /* per-qtd limit: from 16K to 20K (best alignment) */ 50 for (i = 1; count < len && i < 5; i++) { 51 addr = buf; 52 qtd->hw_buf[i] = cpu_to_hc32(ehci, (u32)addr); 53 qtd->hw_buf_hi[i] = cpu_to_hc32(ehci, 54 (u32)(addr >> 32)); 55 buf += 0x1000; 56 if ((count + 0x1000) < len) 57 count += 0x1000; 58 else 59 count = len; 60 } 61 62 /* short packets may only terminate transfers */ 63 if (count != len) 64 count -= (count % maxpacket); 65 } 66 qtd->hw_token = cpu_to_hc32(ehci, (count << 16) | token); 67 qtd->length = count; 68 69 return count; 70 } 71 72 /*-------------------------------------------------------------------------*/ 73 74 static inline void 75 qh_update (struct ehci_hcd *ehci, struct ehci_qh *qh, struct ehci_qtd *qtd) 76 { 77 struct ehci_qh_hw *hw = qh->hw; 78 79 /* writes to an active overlay are unsafe */ 80 WARN_ON(qh->qh_state != QH_STATE_IDLE); 81 82 hw->hw_qtd_next = QTD_NEXT(ehci, qtd->qtd_dma); 83 hw->hw_alt_next = EHCI_LIST_END(ehci); 84 85 /* Except for control endpoints, we make hardware maintain data 86 * toggle (like OHCI) ... here (re)initialize the toggle in the QH, 87 * and set the pseudo-toggle in udev. Only usb_clear_halt() will 88 * ever clear it. 89 */ 90 if (!(hw->hw_info1 & cpu_to_hc32(ehci, QH_TOGGLE_CTL))) { 91 unsigned is_out, epnum; 92 93 is_out = qh->is_out; 94 epnum = (hc32_to_cpup(ehci, &hw->hw_info1) >> 8) & 0x0f; 95 if (unlikely(!usb_gettoggle(qh->ps.udev, epnum, is_out))) { 96 hw->hw_token &= ~cpu_to_hc32(ehci, QTD_TOGGLE); 97 usb_settoggle(qh->ps.udev, epnum, is_out, 1); 98 } 99 } 100 101 hw->hw_token &= cpu_to_hc32(ehci, QTD_TOGGLE | QTD_STS_PING); 102 } 103 104 /* if it weren't for a common silicon quirk (writing the dummy into the qh 105 * overlay, so qh->hw_token wrongly becomes inactive/halted), only fault 106 * recovery (including urb dequeue) would need software changes to a QH... 107 */ 108 static void 109 qh_refresh (struct ehci_hcd *ehci, struct ehci_qh *qh) 110 { 111 struct ehci_qtd *qtd; 112 113 qtd = list_entry(qh->qtd_list.next, struct ehci_qtd, qtd_list); 114 115 /* 116 * first qtd may already be partially processed. 117 * If we come here during unlink, the QH overlay region 118 * might have reference to the just unlinked qtd. The 119 * qtd is updated in qh_completions(). Update the QH 120 * overlay here. 121 */ 122 if (qh->hw->hw_token & ACTIVE_BIT(ehci)) { 123 qh->hw->hw_qtd_next = qtd->hw_next; 124 if (qh->should_be_inactive) 125 ehci_warn(ehci, "qh %p should be inactive!\n", qh); 126 } else { 127 qh_update(ehci, qh, qtd); 128 } 129 qh->should_be_inactive = 0; 130 } 131 132 /*-------------------------------------------------------------------------*/ 133 134 static void qh_link_async(struct ehci_hcd *ehci, struct ehci_qh *qh); 135 136 static void ehci_clear_tt_buffer_complete(struct usb_hcd *hcd, 137 struct usb_host_endpoint *ep) 138 { 139 struct ehci_hcd *ehci = hcd_to_ehci(hcd); 140 struct ehci_qh *qh = ep->hcpriv; 141 unsigned long flags; 142 143 spin_lock_irqsave(&ehci->lock, flags); 144 qh->clearing_tt = 0; 145 if (qh->qh_state == QH_STATE_IDLE && !list_empty(&qh->qtd_list) 146 && ehci->rh_state == EHCI_RH_RUNNING) 147 qh_link_async(ehci, qh); 148 spin_unlock_irqrestore(&ehci->lock, flags); 149 } 150 151 static void ehci_clear_tt_buffer(struct ehci_hcd *ehci, struct ehci_qh *qh, 152 struct urb *urb, u32 token) 153 { 154 155 /* If an async split transaction gets an error or is unlinked, 156 * the TT buffer may be left in an indeterminate state. We 157 * have to clear the TT buffer. 158 * 159 * Note: this routine is never called for Isochronous transfers. 160 */ 161 if (urb->dev->tt && !usb_pipeint(urb->pipe) && !qh->clearing_tt) { 162 #ifdef CONFIG_DYNAMIC_DEBUG 163 struct usb_device *tt = urb->dev->tt->hub; 164 dev_dbg(&tt->dev, 165 "clear tt buffer port %d, a%d ep%d t%08x\n", 166 urb->dev->ttport, urb->dev->devnum, 167 usb_pipeendpoint(urb->pipe), token); 168 #endif /* CONFIG_DYNAMIC_DEBUG */ 169 if (!ehci_is_TDI(ehci) 170 || urb->dev->tt->hub != 171 ehci_to_hcd(ehci)->self.root_hub) { 172 if (usb_hub_clear_tt_buffer(urb) == 0) 173 qh->clearing_tt = 1; 174 } else { 175 176 /* REVISIT ARC-derived cores don't clear the root 177 * hub TT buffer in this way... 178 */ 179 } 180 } 181 } 182 183 static int qtd_copy_status ( 184 struct ehci_hcd *ehci, 185 struct urb *urb, 186 size_t length, 187 u32 token 188 ) 189 { 190 int status = -EINPROGRESS; 191 192 /* count IN/OUT bytes, not SETUP (even short packets) */ 193 if (likely (QTD_PID (token) != 2)) 194 urb->actual_length += length - QTD_LENGTH (token); 195 196 /* don't modify error codes */ 197 if (unlikely(urb->unlinked)) 198 return status; 199 200 /* force cleanup after short read; not always an error */ 201 if (unlikely (IS_SHORT_READ (token))) 202 status = -EREMOTEIO; 203 204 /* serious "can't proceed" faults reported by the hardware */ 205 if (token & QTD_STS_HALT) { 206 if (token & QTD_STS_BABBLE) { 207 /* FIXME "must" disable babbling device's port too */ 208 status = -EOVERFLOW; 209 /* CERR nonzero + halt --> stall */ 210 } else if (QTD_CERR(token)) { 211 status = -EPIPE; 212 213 /* In theory, more than one of the following bits can be set 214 * since they are sticky and the transaction is retried. 215 * Which to test first is rather arbitrary. 216 */ 217 } else if (token & QTD_STS_MMF) { 218 /* fs/ls interrupt xfer missed the complete-split */ 219 status = -EPROTO; 220 } else if (token & QTD_STS_DBE) { 221 status = (QTD_PID (token) == 1) /* IN ? */ 222 ? -ENOSR /* hc couldn't read data */ 223 : -ECOMM; /* hc couldn't write data */ 224 } else if (token & QTD_STS_XACT) { 225 /* timeout, bad CRC, wrong PID, etc */ 226 ehci_dbg(ehci, "devpath %s ep%d%s 3strikes\n", 227 urb->dev->devpath, 228 usb_pipeendpoint(urb->pipe), 229 usb_pipein(urb->pipe) ? "in" : "out"); 230 status = -EPROTO; 231 } else { /* unknown */ 232 status = -EPROTO; 233 } 234 } 235 236 return status; 237 } 238 239 static void 240 ehci_urb_done(struct ehci_hcd *ehci, struct urb *urb, int status) 241 { 242 if (usb_pipetype(urb->pipe) == PIPE_INTERRUPT) { 243 /* ... update hc-wide periodic stats */ 244 ehci_to_hcd(ehci)->self.bandwidth_int_reqs--; 245 } 246 247 if (unlikely(urb->unlinked)) { 248 INCR(ehci->stats.unlink); 249 } else { 250 /* report non-error and short read status as zero */ 251 if (status == -EINPROGRESS || status == -EREMOTEIO) 252 status = 0; 253 INCR(ehci->stats.complete); 254 } 255 256 #ifdef EHCI_URB_TRACE 257 ehci_dbg (ehci, 258 "%s %s urb %p ep%d%s status %d len %d/%d\n", 259 __func__, urb->dev->devpath, urb, 260 usb_pipeendpoint (urb->pipe), 261 usb_pipein (urb->pipe) ? "in" : "out", 262 status, 263 urb->actual_length, urb->transfer_buffer_length); 264 #endif 265 266 usb_hcd_unlink_urb_from_ep(ehci_to_hcd(ehci), urb); 267 usb_hcd_giveback_urb(ehci_to_hcd(ehci), urb, status); 268 } 269 270 static int qh_schedule (struct ehci_hcd *ehci, struct ehci_qh *qh); 271 272 /* 273 * Process and free completed qtds for a qh, returning URBs to drivers. 274 * Chases up to qh->hw_current. Returns nonzero if the caller should 275 * unlink qh. 276 */ 277 static unsigned 278 qh_completions (struct ehci_hcd *ehci, struct ehci_qh *qh) 279 { 280 struct ehci_qtd *last, *end = qh->dummy; 281 struct list_head *entry, *tmp; 282 int last_status; 283 int stopped; 284 u8 state; 285 struct ehci_qh_hw *hw = qh->hw; 286 287 /* completions (or tasks on other cpus) must never clobber HALT 288 * till we've gone through and cleaned everything up, even when 289 * they add urbs to this qh's queue or mark them for unlinking. 290 * 291 * NOTE: unlinking expects to be done in queue order. 292 * 293 * It's a bug for qh->qh_state to be anything other than 294 * QH_STATE_IDLE, unless our caller is scan_async() or 295 * scan_intr(). 296 */ 297 state = qh->qh_state; 298 qh->qh_state = QH_STATE_COMPLETING; 299 stopped = (state == QH_STATE_IDLE); 300 301 rescan: 302 last = NULL; 303 last_status = -EINPROGRESS; 304 qh->dequeue_during_giveback = 0; 305 306 /* remove de-activated QTDs from front of queue. 307 * after faults (including short reads), cleanup this urb 308 * then let the queue advance. 309 * if queue is stopped, handles unlinks. 310 */ 311 list_for_each_safe (entry, tmp, &qh->qtd_list) { 312 struct ehci_qtd *qtd; 313 struct urb *urb; 314 u32 token = 0; 315 316 qtd = list_entry (entry, struct ehci_qtd, qtd_list); 317 urb = qtd->urb; 318 319 /* clean up any state from previous QTD ...*/ 320 if (last) { 321 if (likely (last->urb != urb)) { 322 ehci_urb_done(ehci, last->urb, last_status); 323 last_status = -EINPROGRESS; 324 } 325 ehci_qtd_free (ehci, last); 326 last = NULL; 327 } 328 329 /* ignore urbs submitted during completions we reported */ 330 if (qtd == end) 331 break; 332 333 /* hardware copies qtd out of qh overlay */ 334 rmb (); 335 token = hc32_to_cpu(ehci, qtd->hw_token); 336 337 /* always clean up qtds the hc de-activated */ 338 retry_xacterr: 339 if ((token & QTD_STS_ACTIVE) == 0) { 340 341 /* Report Data Buffer Error: non-fatal but useful */ 342 if (token & QTD_STS_DBE) 343 ehci_dbg(ehci, 344 "detected DataBufferErr for urb %p ep%d%s len %d, qtd %p [qh %p]\n", 345 urb, 346 usb_endpoint_num(&urb->ep->desc), 347 usb_endpoint_dir_in(&urb->ep->desc) ? "in" : "out", 348 urb->transfer_buffer_length, 349 qtd, 350 qh); 351 352 /* on STALL, error, and short reads this urb must 353 * complete and all its qtds must be recycled. 354 */ 355 if ((token & QTD_STS_HALT) != 0) { 356 357 /* retry transaction errors until we 358 * reach the software xacterr limit 359 */ 360 if ((token & QTD_STS_XACT) && 361 QTD_CERR(token) == 0 && 362 ++qh->xacterrs < QH_XACTERR_MAX && 363 !urb->unlinked) { 364 ehci_dbg(ehci, 365 "detected XactErr len %zu/%zu retry %d\n", 366 qtd->length - QTD_LENGTH(token), qtd->length, qh->xacterrs); 367 368 /* reset the token in the qtd and the 369 * qh overlay (which still contains 370 * the qtd) so that we pick up from 371 * where we left off 372 */ 373 token &= ~QTD_STS_HALT; 374 token |= QTD_STS_ACTIVE | 375 (EHCI_TUNE_CERR << 10); 376 qtd->hw_token = cpu_to_hc32(ehci, 377 token); 378 wmb(); 379 hw->hw_token = cpu_to_hc32(ehci, 380 token); 381 goto retry_xacterr; 382 } 383 stopped = 1; 384 qh->unlink_reason |= QH_UNLINK_HALTED; 385 386 /* magic dummy for some short reads; qh won't advance. 387 * that silicon quirk can kick in with this dummy too. 388 * 389 * other short reads won't stop the queue, including 390 * control transfers (status stage handles that) or 391 * most other single-qtd reads ... the queue stops if 392 * URB_SHORT_NOT_OK was set so the driver submitting 393 * the urbs could clean it up. 394 */ 395 } else if (IS_SHORT_READ (token) 396 && !(qtd->hw_alt_next 397 & EHCI_LIST_END(ehci))) { 398 stopped = 1; 399 qh->unlink_reason |= QH_UNLINK_SHORT_READ; 400 } 401 402 /* stop scanning when we reach qtds the hc is using */ 403 } else if (likely (!stopped 404 && ehci->rh_state >= EHCI_RH_RUNNING)) { 405 break; 406 407 /* scan the whole queue for unlinks whenever it stops */ 408 } else { 409 stopped = 1; 410 411 /* cancel everything if we halt, suspend, etc */ 412 if (ehci->rh_state < EHCI_RH_RUNNING) { 413 last_status = -ESHUTDOWN; 414 qh->unlink_reason |= QH_UNLINK_SHUTDOWN; 415 } 416 417 /* this qtd is active; skip it unless a previous qtd 418 * for its urb faulted, or its urb was canceled. 419 */ 420 else if (last_status == -EINPROGRESS && !urb->unlinked) 421 continue; 422 423 /* 424 * If this was the active qtd when the qh was unlinked 425 * and the overlay's token is active, then the overlay 426 * hasn't been written back to the qtd yet so use its 427 * token instead of the qtd's. After the qtd is 428 * processed and removed, the overlay won't be valid 429 * any more. 430 */ 431 if (state == QH_STATE_IDLE && 432 qh->qtd_list.next == &qtd->qtd_list && 433 (hw->hw_token & ACTIVE_BIT(ehci))) { 434 token = hc32_to_cpu(ehci, hw->hw_token); 435 hw->hw_token &= ~ACTIVE_BIT(ehci); 436 qh->should_be_inactive = 1; 437 438 /* An unlink may leave an incomplete 439 * async transaction in the TT buffer. 440 * We have to clear it. 441 */ 442 ehci_clear_tt_buffer(ehci, qh, urb, token); 443 } 444 } 445 446 /* unless we already know the urb's status, collect qtd status 447 * and update count of bytes transferred. in common short read 448 * cases with only one data qtd (including control transfers), 449 * queue processing won't halt. but with two or more qtds (for 450 * example, with a 32 KB transfer), when the first qtd gets a 451 * short read the second must be removed by hand. 452 */ 453 if (last_status == -EINPROGRESS) { 454 last_status = qtd_copy_status(ehci, urb, 455 qtd->length, token); 456 if (last_status == -EREMOTEIO 457 && (qtd->hw_alt_next 458 & EHCI_LIST_END(ehci))) 459 last_status = -EINPROGRESS; 460 461 /* As part of low/full-speed endpoint-halt processing 462 * we must clear the TT buffer (11.17.5). 463 */ 464 if (unlikely(last_status != -EINPROGRESS && 465 last_status != -EREMOTEIO)) { 466 /* The TT's in some hubs malfunction when they 467 * receive this request following a STALL (they 468 * stop sending isochronous packets). Since a 469 * STALL can't leave the TT buffer in a busy 470 * state (if you believe Figures 11-48 - 11-51 471 * in the USB 2.0 spec), we won't clear the TT 472 * buffer in this case. Strictly speaking this 473 * is a violation of the spec. 474 */ 475 if (last_status != -EPIPE) 476 ehci_clear_tt_buffer(ehci, qh, urb, 477 token); 478 } 479 } 480 481 /* if we're removing something not at the queue head, 482 * patch the hardware queue pointer. 483 */ 484 if (stopped && qtd->qtd_list.prev != &qh->qtd_list) { 485 last = list_entry (qtd->qtd_list.prev, 486 struct ehci_qtd, qtd_list); 487 last->hw_next = qtd->hw_next; 488 } 489 490 /* remove qtd; it's recycled after possible urb completion */ 491 list_del (&qtd->qtd_list); 492 last = qtd; 493 494 /* reinit the xacterr counter for the next qtd */ 495 qh->xacterrs = 0; 496 } 497 498 /* last urb's completion might still need calling */ 499 if (likely (last != NULL)) { 500 ehci_urb_done(ehci, last->urb, last_status); 501 ehci_qtd_free (ehci, last); 502 } 503 504 /* Do we need to rescan for URBs dequeued during a giveback? */ 505 if (unlikely(qh->dequeue_during_giveback)) { 506 /* If the QH is already unlinked, do the rescan now. */ 507 if (state == QH_STATE_IDLE) 508 goto rescan; 509 510 /* Otherwise the caller must unlink the QH. */ 511 } 512 513 /* restore original state; caller must unlink or relink */ 514 qh->qh_state = state; 515 516 /* be sure the hardware's done with the qh before refreshing 517 * it after fault cleanup, or recovering from silicon wrongly 518 * overlaying the dummy qtd (which reduces DMA chatter). 519 * 520 * We won't refresh a QH that's linked (after the HC 521 * stopped the queue). That avoids a race: 522 * - HC reads first part of QH; 523 * - CPU updates that first part and the token; 524 * - HC reads rest of that QH, including token 525 * Result: HC gets an inconsistent image, and then 526 * DMAs to/from the wrong memory (corrupting it). 527 * 528 * That should be rare for interrupt transfers, 529 * except maybe high bandwidth ... 530 */ 531 if (stopped != 0 || hw->hw_qtd_next == EHCI_LIST_END(ehci)) 532 qh->unlink_reason |= QH_UNLINK_DUMMY_OVERLAY; 533 534 /* Let the caller know if the QH needs to be unlinked. */ 535 return qh->unlink_reason; 536 } 537 538 /*-------------------------------------------------------------------------*/ 539 540 /* 541 * reverse of qh_urb_transaction: free a list of TDs. 542 * used for cleanup after errors, before HC sees an URB's TDs. 543 */ 544 static void qtd_list_free ( 545 struct ehci_hcd *ehci, 546 struct urb *urb, 547 struct list_head *qtd_list 548 ) { 549 struct list_head *entry, *temp; 550 551 list_for_each_safe (entry, temp, qtd_list) { 552 struct ehci_qtd *qtd; 553 554 qtd = list_entry (entry, struct ehci_qtd, qtd_list); 555 list_del (&qtd->qtd_list); 556 ehci_qtd_free (ehci, qtd); 557 } 558 } 559 560 /* 561 * create a list of filled qtds for this URB; won't link into qh. 562 */ 563 static struct list_head * 564 qh_urb_transaction ( 565 struct ehci_hcd *ehci, 566 struct urb *urb, 567 struct list_head *head, 568 gfp_t flags 569 ) { 570 struct ehci_qtd *qtd, *qtd_prev; 571 dma_addr_t buf; 572 int len, this_sg_len, maxpacket; 573 int is_input; 574 u32 token; 575 int i; 576 struct scatterlist *sg; 577 578 /* 579 * URBs map to sequences of QTDs: one logical transaction 580 */ 581 qtd = ehci_qtd_alloc (ehci, flags); 582 if (unlikely (!qtd)) 583 return NULL; 584 list_add_tail (&qtd->qtd_list, head); 585 qtd->urb = urb; 586 587 token = QTD_STS_ACTIVE; 588 token |= (EHCI_TUNE_CERR << 10); 589 /* for split transactions, SplitXState initialized to zero */ 590 591 len = urb->transfer_buffer_length; 592 is_input = usb_pipein (urb->pipe); 593 if (usb_pipecontrol (urb->pipe)) { 594 /* SETUP pid */ 595 qtd_fill(ehci, qtd, urb->setup_dma, 596 sizeof (struct usb_ctrlrequest), 597 token | (2 /* "setup" */ << 8), 8); 598 599 /* ... and always at least one more pid */ 600 token ^= QTD_TOGGLE; 601 qtd_prev = qtd; 602 qtd = ehci_qtd_alloc (ehci, flags); 603 if (unlikely (!qtd)) 604 goto cleanup; 605 qtd->urb = urb; 606 qtd_prev->hw_next = QTD_NEXT(ehci, qtd->qtd_dma); 607 list_add_tail (&qtd->qtd_list, head); 608 609 /* for zero length DATA stages, STATUS is always IN */ 610 if (len == 0) 611 token |= (1 /* "in" */ << 8); 612 } 613 614 /* 615 * data transfer stage: buffer setup 616 */ 617 i = urb->num_mapped_sgs; 618 if (len > 0 && i > 0) { 619 sg = urb->sg; 620 buf = sg_dma_address(sg); 621 622 /* urb->transfer_buffer_length may be smaller than the 623 * size of the scatterlist (or vice versa) 624 */ 625 this_sg_len = min_t(int, sg_dma_len(sg), len); 626 } else { 627 sg = NULL; 628 buf = urb->transfer_dma; 629 this_sg_len = len; 630 } 631 632 if (is_input) 633 token |= (1 /* "in" */ << 8); 634 /* else it's already initted to "out" pid (0 << 8) */ 635 636 maxpacket = usb_maxpacket(urb->dev, urb->pipe, !is_input); 637 638 /* 639 * buffer gets wrapped in one or more qtds; 640 * last one may be "short" (including zero len) 641 * and may serve as a control status ack 642 */ 643 for (;;) { 644 int this_qtd_len; 645 646 this_qtd_len = qtd_fill(ehci, qtd, buf, this_sg_len, token, 647 maxpacket); 648 this_sg_len -= this_qtd_len; 649 len -= this_qtd_len; 650 buf += this_qtd_len; 651 652 /* 653 * short reads advance to a "magic" dummy instead of the next 654 * qtd ... that forces the queue to stop, for manual cleanup. 655 * (this will usually be overridden later.) 656 */ 657 if (is_input) 658 qtd->hw_alt_next = ehci->async->hw->hw_alt_next; 659 660 /* qh makes control packets use qtd toggle; maybe switch it */ 661 if ((maxpacket & (this_qtd_len + (maxpacket - 1))) == 0) 662 token ^= QTD_TOGGLE; 663 664 if (likely(this_sg_len <= 0)) { 665 if (--i <= 0 || len <= 0) 666 break; 667 sg = sg_next(sg); 668 buf = sg_dma_address(sg); 669 this_sg_len = min_t(int, sg_dma_len(sg), len); 670 } 671 672 qtd_prev = qtd; 673 qtd = ehci_qtd_alloc (ehci, flags); 674 if (unlikely (!qtd)) 675 goto cleanup; 676 qtd->urb = urb; 677 qtd_prev->hw_next = QTD_NEXT(ehci, qtd->qtd_dma); 678 list_add_tail (&qtd->qtd_list, head); 679 } 680 681 /* 682 * unless the caller requires manual cleanup after short reads, 683 * have the alt_next mechanism keep the queue running after the 684 * last data qtd (the only one, for control and most other cases). 685 */ 686 if (likely ((urb->transfer_flags & URB_SHORT_NOT_OK) == 0 687 || usb_pipecontrol (urb->pipe))) 688 qtd->hw_alt_next = EHCI_LIST_END(ehci); 689 690 /* 691 * control requests may need a terminating data "status" ack; 692 * other OUT ones may need a terminating short packet 693 * (zero length). 694 */ 695 if (likely (urb->transfer_buffer_length != 0)) { 696 int one_more = 0; 697 698 if (usb_pipecontrol (urb->pipe)) { 699 one_more = 1; 700 token ^= 0x0100; /* "in" <--> "out" */ 701 token |= QTD_TOGGLE; /* force DATA1 */ 702 } else if (usb_pipeout(urb->pipe) 703 && (urb->transfer_flags & URB_ZERO_PACKET) 704 && !(urb->transfer_buffer_length % maxpacket)) { 705 one_more = 1; 706 } 707 if (one_more) { 708 qtd_prev = qtd; 709 qtd = ehci_qtd_alloc (ehci, flags); 710 if (unlikely (!qtd)) 711 goto cleanup; 712 qtd->urb = urb; 713 qtd_prev->hw_next = QTD_NEXT(ehci, qtd->qtd_dma); 714 list_add_tail (&qtd->qtd_list, head); 715 716 /* never any data in such packets */ 717 qtd_fill(ehci, qtd, 0, 0, token, 0); 718 } 719 } 720 721 /* by default, enable interrupt on urb completion */ 722 if (likely (!(urb->transfer_flags & URB_NO_INTERRUPT))) 723 qtd->hw_token |= cpu_to_hc32(ehci, QTD_IOC); 724 return head; 725 726 cleanup: 727 qtd_list_free (ehci, urb, head); 728 return NULL; 729 } 730 731 /*-------------------------------------------------------------------------*/ 732 733 // Would be best to create all qh's from config descriptors, 734 // when each interface/altsetting is established. Unlink 735 // any previous qh and cancel its urbs first; endpoints are 736 // implicitly reset then (data toggle too). 737 // That'd mean updating how usbcore talks to HCDs. (2.7?) 738 739 740 /* 741 * Each QH holds a qtd list; a QH is used for everything except iso. 742 * 743 * For interrupt urbs, the scheduler must set the microframe scheduling 744 * mask(s) each time the QH gets scheduled. For highspeed, that's 745 * just one microframe in the s-mask. For split interrupt transactions 746 * there are additional complications: c-mask, maybe FSTNs. 747 */ 748 static struct ehci_qh * 749 qh_make ( 750 struct ehci_hcd *ehci, 751 struct urb *urb, 752 gfp_t flags 753 ) { 754 struct ehci_qh *qh = ehci_qh_alloc (ehci, flags); 755 struct usb_host_endpoint *ep; 756 u32 info1 = 0, info2 = 0; 757 int is_input, type; 758 int maxp = 0; 759 int mult; 760 struct usb_tt *tt = urb->dev->tt; 761 struct ehci_qh_hw *hw; 762 763 if (!qh) 764 return qh; 765 766 /* 767 * init endpoint/device data for this QH 768 */ 769 info1 |= usb_pipeendpoint (urb->pipe) << 8; 770 info1 |= usb_pipedevice (urb->pipe) << 0; 771 772 is_input = usb_pipein (urb->pipe); 773 type = usb_pipetype (urb->pipe); 774 ep = usb_pipe_endpoint (urb->dev, urb->pipe); 775 maxp = usb_endpoint_maxp (&ep->desc); 776 mult = usb_endpoint_maxp_mult (&ep->desc); 777 778 /* 1024 byte maxpacket is a hardware ceiling. High bandwidth 779 * acts like up to 3KB, but is built from smaller packets. 780 */ 781 if (maxp > 1024) { 782 ehci_dbg(ehci, "bogus qh maxpacket %d\n", maxp); 783 goto done; 784 } 785 786 /* Compute interrupt scheduling parameters just once, and save. 787 * - allowing for high bandwidth, how many nsec/uframe are used? 788 * - split transactions need a second CSPLIT uframe; same question 789 * - splits also need a schedule gap (for full/low speed I/O) 790 * - qh has a polling interval 791 * 792 * For control/bulk requests, the HC or TT handles these. 793 */ 794 if (type == PIPE_INTERRUPT) { 795 unsigned tmp; 796 797 qh->ps.usecs = NS_TO_US(usb_calc_bus_time(USB_SPEED_HIGH, 798 is_input, 0, mult * maxp)); 799 qh->ps.phase = NO_FRAME; 800 801 if (urb->dev->speed == USB_SPEED_HIGH) { 802 qh->ps.c_usecs = 0; 803 qh->gap_uf = 0; 804 805 if (urb->interval > 1 && urb->interval < 8) { 806 /* NOTE interval 2 or 4 uframes could work. 807 * But interval 1 scheduling is simpler, and 808 * includes high bandwidth. 809 */ 810 urb->interval = 1; 811 } else if (urb->interval > ehci->periodic_size << 3) { 812 urb->interval = ehci->periodic_size << 3; 813 } 814 qh->ps.period = urb->interval >> 3; 815 816 /* period for bandwidth allocation */ 817 tmp = min_t(unsigned, EHCI_BANDWIDTH_SIZE, 818 1 << (urb->ep->desc.bInterval - 1)); 819 820 /* Allow urb->interval to override */ 821 qh->ps.bw_uperiod = min_t(unsigned, tmp, urb->interval); 822 qh->ps.bw_period = qh->ps.bw_uperiod >> 3; 823 } else { 824 int think_time; 825 826 /* gap is f(FS/LS transfer times) */ 827 qh->gap_uf = 1 + usb_calc_bus_time (urb->dev->speed, 828 is_input, 0, maxp) / (125 * 1000); 829 830 /* FIXME this just approximates SPLIT/CSPLIT times */ 831 if (is_input) { // SPLIT, gap, CSPLIT+DATA 832 qh->ps.c_usecs = qh->ps.usecs + HS_USECS(0); 833 qh->ps.usecs = HS_USECS(1); 834 } else { // SPLIT+DATA, gap, CSPLIT 835 qh->ps.usecs += HS_USECS(1); 836 qh->ps.c_usecs = HS_USECS(0); 837 } 838 839 think_time = tt ? tt->think_time : 0; 840 qh->ps.tt_usecs = NS_TO_US(think_time + 841 usb_calc_bus_time (urb->dev->speed, 842 is_input, 0, maxp)); 843 if (urb->interval > ehci->periodic_size) 844 urb->interval = ehci->periodic_size; 845 qh->ps.period = urb->interval; 846 847 /* period for bandwidth allocation */ 848 tmp = min_t(unsigned, EHCI_BANDWIDTH_FRAMES, 849 urb->ep->desc.bInterval); 850 tmp = rounddown_pow_of_two(tmp); 851 852 /* Allow urb->interval to override */ 853 qh->ps.bw_period = min_t(unsigned, tmp, urb->interval); 854 qh->ps.bw_uperiod = qh->ps.bw_period << 3; 855 } 856 } 857 858 /* support for tt scheduling, and access to toggles */ 859 qh->ps.udev = urb->dev; 860 qh->ps.ep = urb->ep; 861 862 /* using TT? */ 863 switch (urb->dev->speed) { 864 case USB_SPEED_LOW: 865 info1 |= QH_LOW_SPEED; 866 /* FALL THROUGH */ 867 868 case USB_SPEED_FULL: 869 /* EPS 0 means "full" */ 870 if (type != PIPE_INTERRUPT) 871 info1 |= (EHCI_TUNE_RL_TT << 28); 872 if (type == PIPE_CONTROL) { 873 info1 |= QH_CONTROL_EP; /* for TT */ 874 info1 |= QH_TOGGLE_CTL; /* toggle from qtd */ 875 } 876 info1 |= maxp << 16; 877 878 info2 |= (EHCI_TUNE_MULT_TT << 30); 879 880 /* Some Freescale processors have an erratum in which the 881 * port number in the queue head was 0..N-1 instead of 1..N. 882 */ 883 if (ehci_has_fsl_portno_bug(ehci)) 884 info2 |= (urb->dev->ttport-1) << 23; 885 else 886 info2 |= urb->dev->ttport << 23; 887 888 /* set the address of the TT; for TDI's integrated 889 * root hub tt, leave it zeroed. 890 */ 891 if (tt && tt->hub != ehci_to_hcd(ehci)->self.root_hub) 892 info2 |= tt->hub->devnum << 16; 893 894 /* NOTE: if (PIPE_INTERRUPT) { scheduler sets c-mask } */ 895 896 break; 897 898 case USB_SPEED_HIGH: /* no TT involved */ 899 info1 |= QH_HIGH_SPEED; 900 if (type == PIPE_CONTROL) { 901 info1 |= (EHCI_TUNE_RL_HS << 28); 902 info1 |= 64 << 16; /* usb2 fixed maxpacket */ 903 info1 |= QH_TOGGLE_CTL; /* toggle from qtd */ 904 info2 |= (EHCI_TUNE_MULT_HS << 30); 905 } else if (type == PIPE_BULK) { 906 info1 |= (EHCI_TUNE_RL_HS << 28); 907 /* The USB spec says that high speed bulk endpoints 908 * always use 512 byte maxpacket. But some device 909 * vendors decided to ignore that, and MSFT is happy 910 * to help them do so. So now people expect to use 911 * such nonconformant devices with Linux too; sigh. 912 */ 913 info1 |= maxp << 16; 914 info2 |= (EHCI_TUNE_MULT_HS << 30); 915 } else { /* PIPE_INTERRUPT */ 916 info1 |= maxp << 16; 917 info2 |= mult << 30; 918 } 919 break; 920 default: 921 ehci_dbg(ehci, "bogus dev %p speed %d\n", urb->dev, 922 urb->dev->speed); 923 done: 924 qh_destroy(ehci, qh); 925 return NULL; 926 } 927 928 /* NOTE: if (PIPE_INTERRUPT) { scheduler sets s-mask } */ 929 930 /* init as live, toggle clear */ 931 qh->qh_state = QH_STATE_IDLE; 932 hw = qh->hw; 933 hw->hw_info1 = cpu_to_hc32(ehci, info1); 934 hw->hw_info2 = cpu_to_hc32(ehci, info2); 935 qh->is_out = !is_input; 936 usb_settoggle (urb->dev, usb_pipeendpoint (urb->pipe), !is_input, 1); 937 return qh; 938 } 939 940 /*-------------------------------------------------------------------------*/ 941 942 static void enable_async(struct ehci_hcd *ehci) 943 { 944 if (ehci->async_count++) 945 return; 946 947 /* Stop waiting to turn off the async schedule */ 948 ehci->enabled_hrtimer_events &= ~BIT(EHCI_HRTIMER_DISABLE_ASYNC); 949 950 /* Don't start the schedule until ASS is 0 */ 951 ehci_poll_ASS(ehci); 952 turn_on_io_watchdog(ehci); 953 } 954 955 static void disable_async(struct ehci_hcd *ehci) 956 { 957 if (--ehci->async_count) 958 return; 959 960 /* The async schedule and unlink lists are supposed to be empty */ 961 WARN_ON(ehci->async->qh_next.qh || !list_empty(&ehci->async_unlink) || 962 !list_empty(&ehci->async_idle)); 963 964 /* Don't turn off the schedule until ASS is 1 */ 965 ehci_poll_ASS(ehci); 966 } 967 968 /* move qh (and its qtds) onto async queue; maybe enable queue. */ 969 970 static void qh_link_async (struct ehci_hcd *ehci, struct ehci_qh *qh) 971 { 972 __hc32 dma = QH_NEXT(ehci, qh->qh_dma); 973 struct ehci_qh *head; 974 975 /* Don't link a QH if there's a Clear-TT-Buffer pending */ 976 if (unlikely(qh->clearing_tt)) 977 return; 978 979 WARN_ON(qh->qh_state != QH_STATE_IDLE); 980 981 /* clear halt and/or toggle; and maybe recover from silicon quirk */ 982 qh_refresh(ehci, qh); 983 984 /* splice right after start */ 985 head = ehci->async; 986 qh->qh_next = head->qh_next; 987 qh->hw->hw_next = head->hw->hw_next; 988 wmb (); 989 990 head->qh_next.qh = qh; 991 head->hw->hw_next = dma; 992 993 qh->qh_state = QH_STATE_LINKED; 994 qh->xacterrs = 0; 995 qh->unlink_reason = 0; 996 /* qtd completions reported later by interrupt */ 997 998 enable_async(ehci); 999 } 1000 1001 /*-------------------------------------------------------------------------*/ 1002 1003 /* 1004 * For control/bulk/interrupt, return QH with these TDs appended. 1005 * Allocates and initializes the QH if necessary. 1006 * Returns null if it can't allocate a QH it needs to. 1007 * If the QH has TDs (urbs) already, that's great. 1008 */ 1009 static struct ehci_qh *qh_append_tds ( 1010 struct ehci_hcd *ehci, 1011 struct urb *urb, 1012 struct list_head *qtd_list, 1013 int epnum, 1014 void **ptr 1015 ) 1016 { 1017 struct ehci_qh *qh = NULL; 1018 __hc32 qh_addr_mask = cpu_to_hc32(ehci, 0x7f); 1019 1020 qh = (struct ehci_qh *) *ptr; 1021 if (unlikely (qh == NULL)) { 1022 /* can't sleep here, we have ehci->lock... */ 1023 qh = qh_make (ehci, urb, GFP_ATOMIC); 1024 *ptr = qh; 1025 } 1026 if (likely (qh != NULL)) { 1027 struct ehci_qtd *qtd; 1028 1029 if (unlikely (list_empty (qtd_list))) 1030 qtd = NULL; 1031 else 1032 qtd = list_entry (qtd_list->next, struct ehci_qtd, 1033 qtd_list); 1034 1035 /* control qh may need patching ... */ 1036 if (unlikely (epnum == 0)) { 1037 1038 /* usb_reset_device() briefly reverts to address 0 */ 1039 if (usb_pipedevice (urb->pipe) == 0) 1040 qh->hw->hw_info1 &= ~qh_addr_mask; 1041 } 1042 1043 /* just one way to queue requests: swap with the dummy qtd. 1044 * only hc or qh_refresh() ever modify the overlay. 1045 */ 1046 if (likely (qtd != NULL)) { 1047 struct ehci_qtd *dummy; 1048 dma_addr_t dma; 1049 __hc32 token; 1050 1051 /* to avoid racing the HC, use the dummy td instead of 1052 * the first td of our list (becomes new dummy). both 1053 * tds stay deactivated until we're done, when the 1054 * HC is allowed to fetch the old dummy (4.10.2). 1055 */ 1056 token = qtd->hw_token; 1057 qtd->hw_token = HALT_BIT(ehci); 1058 1059 dummy = qh->dummy; 1060 1061 dma = dummy->qtd_dma; 1062 *dummy = *qtd; 1063 dummy->qtd_dma = dma; 1064 1065 list_del (&qtd->qtd_list); 1066 list_add (&dummy->qtd_list, qtd_list); 1067 list_splice_tail(qtd_list, &qh->qtd_list); 1068 1069 ehci_qtd_init(ehci, qtd, qtd->qtd_dma); 1070 qh->dummy = qtd; 1071 1072 /* hc must see the new dummy at list end */ 1073 dma = qtd->qtd_dma; 1074 qtd = list_entry (qh->qtd_list.prev, 1075 struct ehci_qtd, qtd_list); 1076 qtd->hw_next = QTD_NEXT(ehci, dma); 1077 1078 /* let the hc process these next qtds */ 1079 wmb (); 1080 dummy->hw_token = token; 1081 1082 urb->hcpriv = qh; 1083 } 1084 } 1085 return qh; 1086 } 1087 1088 /*-------------------------------------------------------------------------*/ 1089 1090 static int 1091 submit_async ( 1092 struct ehci_hcd *ehci, 1093 struct urb *urb, 1094 struct list_head *qtd_list, 1095 gfp_t mem_flags 1096 ) { 1097 int epnum; 1098 unsigned long flags; 1099 struct ehci_qh *qh = NULL; 1100 int rc; 1101 1102 epnum = urb->ep->desc.bEndpointAddress; 1103 1104 #ifdef EHCI_URB_TRACE 1105 { 1106 struct ehci_qtd *qtd; 1107 qtd = list_entry(qtd_list->next, struct ehci_qtd, qtd_list); 1108 ehci_dbg(ehci, 1109 "%s %s urb %p ep%d%s len %d, qtd %p [qh %p]\n", 1110 __func__, urb->dev->devpath, urb, 1111 epnum & 0x0f, (epnum & USB_DIR_IN) ? "in" : "out", 1112 urb->transfer_buffer_length, 1113 qtd, urb->ep->hcpriv); 1114 } 1115 #endif 1116 1117 spin_lock_irqsave (&ehci->lock, flags); 1118 if (unlikely(!HCD_HW_ACCESSIBLE(ehci_to_hcd(ehci)))) { 1119 rc = -ESHUTDOWN; 1120 goto done; 1121 } 1122 rc = usb_hcd_link_urb_to_ep(ehci_to_hcd(ehci), urb); 1123 if (unlikely(rc)) 1124 goto done; 1125 1126 qh = qh_append_tds(ehci, urb, qtd_list, epnum, &urb->ep->hcpriv); 1127 if (unlikely(qh == NULL)) { 1128 usb_hcd_unlink_urb_from_ep(ehci_to_hcd(ehci), urb); 1129 rc = -ENOMEM; 1130 goto done; 1131 } 1132 1133 /* Control/bulk operations through TTs don't need scheduling, 1134 * the HC and TT handle it when the TT has a buffer ready. 1135 */ 1136 if (likely (qh->qh_state == QH_STATE_IDLE)) 1137 qh_link_async(ehci, qh); 1138 done: 1139 spin_unlock_irqrestore (&ehci->lock, flags); 1140 if (unlikely (qh == NULL)) 1141 qtd_list_free (ehci, urb, qtd_list); 1142 return rc; 1143 } 1144 1145 /*-------------------------------------------------------------------------*/ 1146 #ifdef CONFIG_USB_HCD_TEST_MODE 1147 /* 1148 * This function creates the qtds and submits them for the 1149 * SINGLE_STEP_SET_FEATURE Test. 1150 * This is done in two parts: first SETUP req for GetDesc is sent then 1151 * 15 seconds later, the IN stage for GetDesc starts to req data from dev 1152 * 1153 * is_setup : i/p arguement decides which of the two stage needs to be 1154 * performed; TRUE - SETUP and FALSE - IN+STATUS 1155 * Returns 0 if success 1156 */ 1157 static int submit_single_step_set_feature( 1158 struct usb_hcd *hcd, 1159 struct urb *urb, 1160 int is_setup 1161 ) { 1162 struct ehci_hcd *ehci = hcd_to_ehci(hcd); 1163 struct list_head qtd_list; 1164 struct list_head *head; 1165 1166 struct ehci_qtd *qtd, *qtd_prev; 1167 dma_addr_t buf; 1168 int len, maxpacket; 1169 u32 token; 1170 1171 INIT_LIST_HEAD(&qtd_list); 1172 head = &qtd_list; 1173 1174 /* URBs map to sequences of QTDs: one logical transaction */ 1175 qtd = ehci_qtd_alloc(ehci, GFP_KERNEL); 1176 if (unlikely(!qtd)) 1177 return -1; 1178 list_add_tail(&qtd->qtd_list, head); 1179 qtd->urb = urb; 1180 1181 token = QTD_STS_ACTIVE; 1182 token |= (EHCI_TUNE_CERR << 10); 1183 1184 len = urb->transfer_buffer_length; 1185 /* 1186 * Check if the request is to perform just the SETUP stage (getDesc) 1187 * as in SINGLE_STEP_SET_FEATURE test, DATA stage (IN) happens 1188 * 15 secs after the setup 1189 */ 1190 if (is_setup) { 1191 /* SETUP pid, and interrupt after SETUP completion */ 1192 qtd_fill(ehci, qtd, urb->setup_dma, 1193 sizeof(struct usb_ctrlrequest), 1194 QTD_IOC | token | (2 /* "setup" */ << 8), 8); 1195 1196 submit_async(ehci, urb, &qtd_list, GFP_ATOMIC); 1197 return 0; /*Return now; we shall come back after 15 seconds*/ 1198 } 1199 1200 /* 1201 * IN: data transfer stage: buffer setup : start the IN txn phase for 1202 * the get_Desc SETUP which was sent 15seconds back 1203 */ 1204 token ^= QTD_TOGGLE; /*We need to start IN with DATA-1 Pid-sequence*/ 1205 buf = urb->transfer_dma; 1206 1207 token |= (1 /* "in" */ << 8); /*This is IN stage*/ 1208 1209 maxpacket = usb_maxpacket(urb->dev, urb->pipe, 0); 1210 1211 qtd_fill(ehci, qtd, buf, len, token, maxpacket); 1212 1213 /* 1214 * Our IN phase shall always be a short read; so keep the queue running 1215 * and let it advance to the next qtd which zero length OUT status 1216 */ 1217 qtd->hw_alt_next = EHCI_LIST_END(ehci); 1218 1219 /* STATUS stage for GetDesc control request */ 1220 token ^= 0x0100; /* "in" <--> "out" */ 1221 token |= QTD_TOGGLE; /* force DATA1 */ 1222 1223 qtd_prev = qtd; 1224 qtd = ehci_qtd_alloc(ehci, GFP_ATOMIC); 1225 if (unlikely(!qtd)) 1226 goto cleanup; 1227 qtd->urb = urb; 1228 qtd_prev->hw_next = QTD_NEXT(ehci, qtd->qtd_dma); 1229 list_add_tail(&qtd->qtd_list, head); 1230 1231 /* Interrupt after STATUS completion */ 1232 qtd_fill(ehci, qtd, 0, 0, token | QTD_IOC, 0); 1233 1234 submit_async(ehci, urb, &qtd_list, GFP_KERNEL); 1235 1236 return 0; 1237 1238 cleanup: 1239 qtd_list_free(ehci, urb, head); 1240 return -1; 1241 } 1242 #endif /* CONFIG_USB_HCD_TEST_MODE */ 1243 1244 /*-------------------------------------------------------------------------*/ 1245 1246 static void single_unlink_async(struct ehci_hcd *ehci, struct ehci_qh *qh) 1247 { 1248 struct ehci_qh *prev; 1249 1250 /* Add to the end of the list of QHs waiting for the next IAAD */ 1251 qh->qh_state = QH_STATE_UNLINK_WAIT; 1252 list_add_tail(&qh->unlink_node, &ehci->async_unlink); 1253 1254 /* Unlink it from the schedule */ 1255 prev = ehci->async; 1256 while (prev->qh_next.qh != qh) 1257 prev = prev->qh_next.qh; 1258 1259 prev->hw->hw_next = qh->hw->hw_next; 1260 prev->qh_next = qh->qh_next; 1261 if (ehci->qh_scan_next == qh) 1262 ehci->qh_scan_next = qh->qh_next.qh; 1263 } 1264 1265 static void start_iaa_cycle(struct ehci_hcd *ehci) 1266 { 1267 /* If the controller isn't running, we don't have to wait for it */ 1268 if (unlikely(ehci->rh_state < EHCI_RH_RUNNING)) { 1269 end_unlink_async(ehci); 1270 1271 /* Otherwise start a new IAA cycle if one isn't already running */ 1272 } else if (ehci->rh_state == EHCI_RH_RUNNING && 1273 !ehci->iaa_in_progress) { 1274 1275 /* Make sure the unlinks are all visible to the hardware */ 1276 wmb(); 1277 1278 ehci_writel(ehci, ehci->command | CMD_IAAD, 1279 &ehci->regs->command); 1280 ehci_readl(ehci, &ehci->regs->command); 1281 ehci->iaa_in_progress = true; 1282 ehci_enable_event(ehci, EHCI_HRTIMER_IAA_WATCHDOG, true); 1283 } 1284 } 1285 1286 static void end_iaa_cycle(struct ehci_hcd *ehci) 1287 { 1288 if (ehci->has_synopsys_hc_bug) 1289 ehci_writel(ehci, (u32) ehci->async->qh_dma, 1290 &ehci->regs->async_next); 1291 1292 /* The current IAA cycle has ended */ 1293 ehci->iaa_in_progress = false; 1294 1295 end_unlink_async(ehci); 1296 } 1297 1298 /* See if the async qh for the qtds being unlinked are now gone from the HC */ 1299 1300 static void end_unlink_async(struct ehci_hcd *ehci) 1301 { 1302 struct ehci_qh *qh; 1303 bool early_exit; 1304 1305 if (list_empty(&ehci->async_unlink)) 1306 return; 1307 qh = list_first_entry(&ehci->async_unlink, struct ehci_qh, 1308 unlink_node); /* QH whose IAA cycle just ended */ 1309 1310 /* 1311 * If async_unlinking is set then this routine is already running, 1312 * either on the stack or on another CPU. 1313 */ 1314 early_exit = ehci->async_unlinking; 1315 1316 /* If the controller isn't running, process all the waiting QHs */ 1317 if (ehci->rh_state < EHCI_RH_RUNNING) 1318 list_splice_tail_init(&ehci->async_unlink, &ehci->async_idle); 1319 1320 /* 1321 * Intel (?) bug: The HC can write back the overlay region even 1322 * after the IAA interrupt occurs. In self-defense, always go 1323 * through two IAA cycles for each QH. 1324 */ 1325 else if (qh->qh_state == QH_STATE_UNLINK) { 1326 /* 1327 * Second IAA cycle has finished. Process only the first 1328 * waiting QH (NVIDIA (?) bug). 1329 */ 1330 list_move_tail(&qh->unlink_node, &ehci->async_idle); 1331 } 1332 1333 /* 1334 * AMD/ATI (?) bug: The HC can continue to use an active QH long 1335 * after the IAA interrupt occurs. To prevent problems, QHs that 1336 * may still be active will wait until 2 ms have passed with no 1337 * change to the hw_current and hw_token fields (this delay occurs 1338 * between the two IAA cycles). 1339 * 1340 * The EHCI spec (4.8.2) says that active QHs must not be removed 1341 * from the async schedule and recommends waiting until the QH 1342 * goes inactive. This is ridiculous because the QH will _never_ 1343 * become inactive if the endpoint NAKs indefinitely. 1344 */ 1345 1346 /* Some reasons for unlinking guarantee the QH can't be active */ 1347 else if (qh->unlink_reason & (QH_UNLINK_HALTED | 1348 QH_UNLINK_SHORT_READ | QH_UNLINK_DUMMY_OVERLAY)) 1349 goto DelayDone; 1350 1351 /* The QH can't be active if the queue was and still is empty... */ 1352 else if ((qh->unlink_reason & QH_UNLINK_QUEUE_EMPTY) && 1353 list_empty(&qh->qtd_list)) 1354 goto DelayDone; 1355 1356 /* ... or if the QH has halted */ 1357 else if (qh->hw->hw_token & cpu_to_hc32(ehci, QTD_STS_HALT)) 1358 goto DelayDone; 1359 1360 /* Otherwise we have to wait until the QH stops changing */ 1361 else { 1362 __hc32 qh_current, qh_token; 1363 1364 qh_current = qh->hw->hw_current; 1365 qh_token = qh->hw->hw_token; 1366 if (qh_current != ehci->old_current || 1367 qh_token != ehci->old_token) { 1368 ehci->old_current = qh_current; 1369 ehci->old_token = qh_token; 1370 ehci_enable_event(ehci, 1371 EHCI_HRTIMER_ACTIVE_UNLINK, true); 1372 return; 1373 } 1374 DelayDone: 1375 qh->qh_state = QH_STATE_UNLINK; 1376 early_exit = true; 1377 } 1378 ehci->old_current = ~0; /* Prepare for next QH */ 1379 1380 /* Start a new IAA cycle if any QHs are waiting for it */ 1381 if (!list_empty(&ehci->async_unlink)) 1382 start_iaa_cycle(ehci); 1383 1384 /* 1385 * Don't allow nesting or concurrent calls, 1386 * or wait for the second IAA cycle for the next QH. 1387 */ 1388 if (early_exit) 1389 return; 1390 1391 /* Process the idle QHs */ 1392 ehci->async_unlinking = true; 1393 while (!list_empty(&ehci->async_idle)) { 1394 qh = list_first_entry(&ehci->async_idle, struct ehci_qh, 1395 unlink_node); 1396 list_del(&qh->unlink_node); 1397 1398 qh->qh_state = QH_STATE_IDLE; 1399 qh->qh_next.qh = NULL; 1400 1401 if (!list_empty(&qh->qtd_list)) 1402 qh_completions(ehci, qh); 1403 if (!list_empty(&qh->qtd_list) && 1404 ehci->rh_state == EHCI_RH_RUNNING) 1405 qh_link_async(ehci, qh); 1406 disable_async(ehci); 1407 } 1408 ehci->async_unlinking = false; 1409 } 1410 1411 static void start_unlink_async(struct ehci_hcd *ehci, struct ehci_qh *qh); 1412 1413 static void unlink_empty_async(struct ehci_hcd *ehci) 1414 { 1415 struct ehci_qh *qh; 1416 struct ehci_qh *qh_to_unlink = NULL; 1417 int count = 0; 1418 1419 /* Find the last async QH which has been empty for a timer cycle */ 1420 for (qh = ehci->async->qh_next.qh; qh; qh = qh->qh_next.qh) { 1421 if (list_empty(&qh->qtd_list) && 1422 qh->qh_state == QH_STATE_LINKED) { 1423 ++count; 1424 if (qh->unlink_cycle != ehci->async_unlink_cycle) 1425 qh_to_unlink = qh; 1426 } 1427 } 1428 1429 /* If nothing else is being unlinked, unlink the last empty QH */ 1430 if (list_empty(&ehci->async_unlink) && qh_to_unlink) { 1431 qh_to_unlink->unlink_reason |= QH_UNLINK_QUEUE_EMPTY; 1432 start_unlink_async(ehci, qh_to_unlink); 1433 --count; 1434 } 1435 1436 /* Other QHs will be handled later */ 1437 if (count > 0) { 1438 ehci_enable_event(ehci, EHCI_HRTIMER_ASYNC_UNLINKS, true); 1439 ++ehci->async_unlink_cycle; 1440 } 1441 } 1442 1443 #ifdef CONFIG_PM 1444 1445 /* The root hub is suspended; unlink all the async QHs */ 1446 static void unlink_empty_async_suspended(struct ehci_hcd *ehci) 1447 { 1448 struct ehci_qh *qh; 1449 1450 while (ehci->async->qh_next.qh) { 1451 qh = ehci->async->qh_next.qh; 1452 WARN_ON(!list_empty(&qh->qtd_list)); 1453 single_unlink_async(ehci, qh); 1454 } 1455 } 1456 1457 #endif 1458 1459 /* makes sure the async qh will become idle */ 1460 /* caller must own ehci->lock */ 1461 1462 static void start_unlink_async(struct ehci_hcd *ehci, struct ehci_qh *qh) 1463 { 1464 /* If the QH isn't linked then there's nothing we can do. */ 1465 if (qh->qh_state != QH_STATE_LINKED) 1466 return; 1467 1468 single_unlink_async(ehci, qh); 1469 start_iaa_cycle(ehci); 1470 } 1471 1472 /*-------------------------------------------------------------------------*/ 1473 1474 static void scan_async (struct ehci_hcd *ehci) 1475 { 1476 struct ehci_qh *qh; 1477 bool check_unlinks_later = false; 1478 1479 ehci->qh_scan_next = ehci->async->qh_next.qh; 1480 while (ehci->qh_scan_next) { 1481 qh = ehci->qh_scan_next; 1482 ehci->qh_scan_next = qh->qh_next.qh; 1483 1484 /* clean any finished work for this qh */ 1485 if (!list_empty(&qh->qtd_list)) { 1486 int temp; 1487 1488 /* 1489 * Unlinks could happen here; completion reporting 1490 * drops the lock. That's why ehci->qh_scan_next 1491 * always holds the next qh to scan; if the next qh 1492 * gets unlinked then ehci->qh_scan_next is adjusted 1493 * in single_unlink_async(). 1494 */ 1495 temp = qh_completions(ehci, qh); 1496 if (unlikely(temp)) { 1497 start_unlink_async(ehci, qh); 1498 } else if (list_empty(&qh->qtd_list) 1499 && qh->qh_state == QH_STATE_LINKED) { 1500 qh->unlink_cycle = ehci->async_unlink_cycle; 1501 check_unlinks_later = true; 1502 } 1503 } 1504 } 1505 1506 /* 1507 * Unlink empty entries, reducing DMA usage as well 1508 * as HCD schedule-scanning costs. Delay for any qh 1509 * we just scanned, there's a not-unusual case that it 1510 * doesn't stay idle for long. 1511 */ 1512 if (check_unlinks_later && ehci->rh_state == EHCI_RH_RUNNING && 1513 !(ehci->enabled_hrtimer_events & 1514 BIT(EHCI_HRTIMER_ASYNC_UNLINKS))) { 1515 ehci_enable_event(ehci, EHCI_HRTIMER_ASYNC_UNLINKS, true); 1516 ++ehci->async_unlink_cycle; 1517 } 1518 } 1519