1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright (C) 2001-2004 by David Brownell 4 */ 5 6 /* this file is part of ehci-hcd.c */ 7 8 /*-------------------------------------------------------------------------*/ 9 10 /* 11 * EHCI hardware queue manipulation ... the core. QH/QTD manipulation. 12 * 13 * Control, bulk, and interrupt traffic all use "qh" lists. They list "qtd" 14 * entries describing USB transactions, max 16-20kB/entry (with 4kB-aligned 15 * buffers needed for the larger number). We use one QH per endpoint, queue 16 * multiple urbs (all three types) per endpoint. URBs may need several qtds. 17 * 18 * ISO traffic uses "ISO TD" (itd, and sitd) records, and (along with 19 * interrupts) needs careful scheduling. Performance improvements can be 20 * an ongoing challenge. That's in "ehci-sched.c". 21 * 22 * USB 1.1 devices are handled (a) by "companion" OHCI or UHCI root hubs, 23 * or otherwise through transaction translators (TTs) in USB 2.0 hubs using 24 * (b) special fields in qh entries or (c) split iso entries. TTs will 25 * buffer low/full speed data so the host collects it at high speed. 26 */ 27 28 /*-------------------------------------------------------------------------*/ 29 30 /* PID Codes that are used here, from EHCI specification, Table 3-16. */ 31 #define PID_CODE_IN 1 32 #define PID_CODE_SETUP 2 33 34 /* fill a qtd, returning how much of the buffer we were able to queue up */ 35 36 static unsigned int 37 qtd_fill(struct ehci_hcd *ehci, struct ehci_qtd *qtd, dma_addr_t buf, 38 size_t len, int token, int maxpacket) 39 { 40 unsigned int count; 41 u64 addr = buf; 42 int i; 43 44 /* one buffer entry per 4K ... first might be short or unaligned */ 45 qtd->hw_buf[0] = cpu_to_hc32(ehci, (u32)addr); 46 qtd->hw_buf_hi[0] = cpu_to_hc32(ehci, (u32)(addr >> 32)); 47 count = 0x1000 - (buf & 0x0fff); /* rest of that page */ 48 if (likely (len < count)) /* ... iff needed */ 49 count = len; 50 else { 51 buf += 0x1000; 52 buf &= ~0x0fff; 53 54 /* per-qtd limit: from 16K to 20K (best alignment) */ 55 for (i = 1; count < len && i < 5; i++) { 56 addr = buf; 57 qtd->hw_buf[i] = cpu_to_hc32(ehci, (u32)addr); 58 qtd->hw_buf_hi[i] = cpu_to_hc32(ehci, 59 (u32)(addr >> 32)); 60 buf += 0x1000; 61 if ((count + 0x1000) < len) 62 count += 0x1000; 63 else 64 count = len; 65 } 66 67 /* short packets may only terminate transfers */ 68 if (count != len) 69 count -= (count % maxpacket); 70 } 71 qtd->hw_token = cpu_to_hc32(ehci, (count << 16) | token); 72 qtd->length = count; 73 74 return count; 75 } 76 77 /*-------------------------------------------------------------------------*/ 78 79 static inline void 80 qh_update (struct ehci_hcd *ehci, struct ehci_qh *qh, struct ehci_qtd *qtd) 81 { 82 struct ehci_qh_hw *hw = qh->hw; 83 84 /* writes to an active overlay are unsafe */ 85 WARN_ON(qh->qh_state != QH_STATE_IDLE); 86 87 hw->hw_qtd_next = QTD_NEXT(ehci, qtd->qtd_dma); 88 hw->hw_alt_next = EHCI_LIST_END(ehci); 89 90 /* Except for control endpoints, we make hardware maintain data 91 * toggle (like OHCI) ... here (re)initialize the toggle in the QH, 92 * and set the pseudo-toggle in udev. Only usb_clear_halt() will 93 * ever clear it. 94 */ 95 if (!(hw->hw_info1 & cpu_to_hc32(ehci, QH_TOGGLE_CTL))) { 96 unsigned is_out, epnum; 97 98 is_out = qh->is_out; 99 epnum = (hc32_to_cpup(ehci, &hw->hw_info1) >> 8) & 0x0f; 100 if (unlikely(!usb_gettoggle(qh->ps.udev, epnum, is_out))) { 101 hw->hw_token &= ~cpu_to_hc32(ehci, QTD_TOGGLE); 102 usb_settoggle(qh->ps.udev, epnum, is_out, 1); 103 } 104 } 105 106 hw->hw_token &= cpu_to_hc32(ehci, QTD_TOGGLE | QTD_STS_PING); 107 } 108 109 /* if it weren't for a common silicon quirk (writing the dummy into the qh 110 * overlay, so qh->hw_token wrongly becomes inactive/halted), only fault 111 * recovery (including urb dequeue) would need software changes to a QH... 112 */ 113 static void 114 qh_refresh (struct ehci_hcd *ehci, struct ehci_qh *qh) 115 { 116 struct ehci_qtd *qtd; 117 118 qtd = list_entry(qh->qtd_list.next, struct ehci_qtd, qtd_list); 119 120 /* 121 * first qtd may already be partially processed. 122 * If we come here during unlink, the QH overlay region 123 * might have reference to the just unlinked qtd. The 124 * qtd is updated in qh_completions(). Update the QH 125 * overlay here. 126 */ 127 if (qh->hw->hw_token & ACTIVE_BIT(ehci)) { 128 qh->hw->hw_qtd_next = qtd->hw_next; 129 if (qh->should_be_inactive) 130 ehci_warn(ehci, "qh %p should be inactive!\n", qh); 131 } else { 132 qh_update(ehci, qh, qtd); 133 } 134 qh->should_be_inactive = 0; 135 } 136 137 /*-------------------------------------------------------------------------*/ 138 139 static void qh_link_async(struct ehci_hcd *ehci, struct ehci_qh *qh); 140 141 static void ehci_clear_tt_buffer_complete(struct usb_hcd *hcd, 142 struct usb_host_endpoint *ep) 143 { 144 struct ehci_hcd *ehci = hcd_to_ehci(hcd); 145 struct ehci_qh *qh = ep->hcpriv; 146 unsigned long flags; 147 148 spin_lock_irqsave(&ehci->lock, flags); 149 qh->clearing_tt = 0; 150 if (qh->qh_state == QH_STATE_IDLE && !list_empty(&qh->qtd_list) 151 && ehci->rh_state == EHCI_RH_RUNNING) 152 qh_link_async(ehci, qh); 153 spin_unlock_irqrestore(&ehci->lock, flags); 154 } 155 156 static void ehci_clear_tt_buffer(struct ehci_hcd *ehci, struct ehci_qh *qh, 157 struct urb *urb, u32 token) 158 { 159 160 /* If an async split transaction gets an error or is unlinked, 161 * the TT buffer may be left in an indeterminate state. We 162 * have to clear the TT buffer. 163 * 164 * Note: this routine is never called for Isochronous transfers. 165 */ 166 if (urb->dev->tt && !usb_pipeint(urb->pipe) && !qh->clearing_tt) { 167 #ifdef CONFIG_DYNAMIC_DEBUG 168 struct usb_device *tt = urb->dev->tt->hub; 169 dev_dbg(&tt->dev, 170 "clear tt buffer port %d, a%d ep%d t%08x\n", 171 urb->dev->ttport, urb->dev->devnum, 172 usb_pipeendpoint(urb->pipe), token); 173 #endif /* CONFIG_DYNAMIC_DEBUG */ 174 if (!ehci_is_TDI(ehci) 175 || urb->dev->tt->hub != 176 ehci_to_hcd(ehci)->self.root_hub) { 177 if (usb_hub_clear_tt_buffer(urb) == 0) 178 qh->clearing_tt = 1; 179 } else { 180 181 /* REVISIT ARC-derived cores don't clear the root 182 * hub TT buffer in this way... 183 */ 184 } 185 } 186 } 187 188 static int qtd_copy_status ( 189 struct ehci_hcd *ehci, 190 struct urb *urb, 191 size_t length, 192 u32 token 193 ) 194 { 195 int status = -EINPROGRESS; 196 197 /* count IN/OUT bytes, not SETUP (even short packets) */ 198 if (likely(QTD_PID(token) != PID_CODE_SETUP)) 199 urb->actual_length += length - QTD_LENGTH (token); 200 201 /* don't modify error codes */ 202 if (unlikely(urb->unlinked)) 203 return status; 204 205 /* force cleanup after short read; not always an error */ 206 if (unlikely (IS_SHORT_READ (token))) 207 status = -EREMOTEIO; 208 209 /* serious "can't proceed" faults reported by the hardware */ 210 if (token & QTD_STS_HALT) { 211 if (token & QTD_STS_BABBLE) { 212 /* FIXME "must" disable babbling device's port too */ 213 status = -EOVERFLOW; 214 /* 215 * When MMF is active and PID Code is IN, queue is halted. 216 * EHCI Specification, Table 4-13. 217 */ 218 } else if ((token & QTD_STS_MMF) && 219 (QTD_PID(token) == PID_CODE_IN)) { 220 status = -EPROTO; 221 /* CERR nonzero + halt --> stall */ 222 } else if (QTD_CERR(token)) { 223 status = -EPIPE; 224 225 /* In theory, more than one of the following bits can be set 226 * since they are sticky and the transaction is retried. 227 * Which to test first is rather arbitrary. 228 */ 229 } else if (token & QTD_STS_MMF) { 230 /* fs/ls interrupt xfer missed the complete-split */ 231 status = -EPROTO; 232 } else if (token & QTD_STS_DBE) { 233 status = (QTD_PID (token) == 1) /* IN ? */ 234 ? -ENOSR /* hc couldn't read data */ 235 : -ECOMM; /* hc couldn't write data */ 236 } else if (token & QTD_STS_XACT) { 237 /* timeout, bad CRC, wrong PID, etc */ 238 ehci_dbg(ehci, "devpath %s ep%d%s 3strikes\n", 239 urb->dev->devpath, 240 usb_pipeendpoint(urb->pipe), 241 usb_pipein(urb->pipe) ? "in" : "out"); 242 status = -EPROTO; 243 } else { /* unknown */ 244 status = -EPROTO; 245 } 246 } 247 248 return status; 249 } 250 251 static void 252 ehci_urb_done(struct ehci_hcd *ehci, struct urb *urb, int status) 253 { 254 if (usb_pipetype(urb->pipe) == PIPE_INTERRUPT) { 255 /* ... update hc-wide periodic stats */ 256 ehci_to_hcd(ehci)->self.bandwidth_int_reqs--; 257 } 258 259 if (unlikely(urb->unlinked)) { 260 INCR(ehci->stats.unlink); 261 } else { 262 /* report non-error and short read status as zero */ 263 if (status == -EINPROGRESS || status == -EREMOTEIO) 264 status = 0; 265 INCR(ehci->stats.complete); 266 } 267 268 #ifdef EHCI_URB_TRACE 269 ehci_dbg (ehci, 270 "%s %s urb %p ep%d%s status %d len %d/%d\n", 271 __func__, urb->dev->devpath, urb, 272 usb_pipeendpoint (urb->pipe), 273 usb_pipein (urb->pipe) ? "in" : "out", 274 status, 275 urb->actual_length, urb->transfer_buffer_length); 276 #endif 277 278 usb_hcd_unlink_urb_from_ep(ehci_to_hcd(ehci), urb); 279 usb_hcd_giveback_urb(ehci_to_hcd(ehci), urb, status); 280 } 281 282 static int qh_schedule (struct ehci_hcd *ehci, struct ehci_qh *qh); 283 284 /* 285 * Process and free completed qtds for a qh, returning URBs to drivers. 286 * Chases up to qh->hw_current. Returns nonzero if the caller should 287 * unlink qh. 288 */ 289 static unsigned 290 qh_completions (struct ehci_hcd *ehci, struct ehci_qh *qh) 291 { 292 struct ehci_qtd *last, *end = qh->dummy; 293 struct list_head *entry, *tmp; 294 int last_status; 295 int stopped; 296 u8 state; 297 struct ehci_qh_hw *hw = qh->hw; 298 299 /* completions (or tasks on other cpus) must never clobber HALT 300 * till we've gone through and cleaned everything up, even when 301 * they add urbs to this qh's queue or mark them for unlinking. 302 * 303 * NOTE: unlinking expects to be done in queue order. 304 * 305 * It's a bug for qh->qh_state to be anything other than 306 * QH_STATE_IDLE, unless our caller is scan_async() or 307 * scan_intr(). 308 */ 309 state = qh->qh_state; 310 qh->qh_state = QH_STATE_COMPLETING; 311 stopped = (state == QH_STATE_IDLE); 312 313 rescan: 314 last = NULL; 315 last_status = -EINPROGRESS; 316 qh->dequeue_during_giveback = 0; 317 318 /* remove de-activated QTDs from front of queue. 319 * after faults (including short reads), cleanup this urb 320 * then let the queue advance. 321 * if queue is stopped, handles unlinks. 322 */ 323 list_for_each_safe (entry, tmp, &qh->qtd_list) { 324 struct ehci_qtd *qtd; 325 struct urb *urb; 326 u32 token = 0; 327 328 qtd = list_entry (entry, struct ehci_qtd, qtd_list); 329 urb = qtd->urb; 330 331 /* clean up any state from previous QTD ...*/ 332 if (last) { 333 if (likely (last->urb != urb)) { 334 ehci_urb_done(ehci, last->urb, last_status); 335 last_status = -EINPROGRESS; 336 } 337 ehci_qtd_free (ehci, last); 338 last = NULL; 339 } 340 341 /* ignore urbs submitted during completions we reported */ 342 if (qtd == end) 343 break; 344 345 /* hardware copies qtd out of qh overlay */ 346 rmb (); 347 token = hc32_to_cpu(ehci, qtd->hw_token); 348 349 /* always clean up qtds the hc de-activated */ 350 retry_xacterr: 351 if ((token & QTD_STS_ACTIVE) == 0) { 352 353 /* Report Data Buffer Error: non-fatal but useful */ 354 if (token & QTD_STS_DBE) 355 ehci_dbg(ehci, 356 "detected DataBufferErr for urb %p ep%d%s len %d, qtd %p [qh %p]\n", 357 urb, 358 usb_endpoint_num(&urb->ep->desc), 359 usb_endpoint_dir_in(&urb->ep->desc) ? "in" : "out", 360 urb->transfer_buffer_length, 361 qtd, 362 qh); 363 364 /* on STALL, error, and short reads this urb must 365 * complete and all its qtds must be recycled. 366 */ 367 if ((token & QTD_STS_HALT) != 0) { 368 369 /* retry transaction errors until we 370 * reach the software xacterr limit 371 */ 372 if ((token & QTD_STS_XACT) && 373 QTD_CERR(token) == 0 && 374 ++qh->xacterrs < QH_XACTERR_MAX && 375 !urb->unlinked) { 376 ehci_dbg(ehci, 377 "detected XactErr len %zu/%zu retry %d\n", 378 qtd->length - QTD_LENGTH(token), qtd->length, qh->xacterrs); 379 380 /* reset the token in the qtd and the 381 * qh overlay (which still contains 382 * the qtd) so that we pick up from 383 * where we left off 384 */ 385 token &= ~QTD_STS_HALT; 386 token |= QTD_STS_ACTIVE | 387 (EHCI_TUNE_CERR << 10); 388 qtd->hw_token = cpu_to_hc32(ehci, 389 token); 390 wmb(); 391 hw->hw_token = cpu_to_hc32(ehci, 392 token); 393 goto retry_xacterr; 394 } 395 stopped = 1; 396 qh->unlink_reason |= QH_UNLINK_HALTED; 397 398 /* magic dummy for some short reads; qh won't advance. 399 * that silicon quirk can kick in with this dummy too. 400 * 401 * other short reads won't stop the queue, including 402 * control transfers (status stage handles that) or 403 * most other single-qtd reads ... the queue stops if 404 * URB_SHORT_NOT_OK was set so the driver submitting 405 * the urbs could clean it up. 406 */ 407 } else if (IS_SHORT_READ (token) 408 && !(qtd->hw_alt_next 409 & EHCI_LIST_END(ehci))) { 410 stopped = 1; 411 qh->unlink_reason |= QH_UNLINK_SHORT_READ; 412 } 413 414 /* stop scanning when we reach qtds the hc is using */ 415 } else if (likely (!stopped 416 && ehci->rh_state >= EHCI_RH_RUNNING)) { 417 break; 418 419 /* scan the whole queue for unlinks whenever it stops */ 420 } else { 421 stopped = 1; 422 423 /* cancel everything if we halt, suspend, etc */ 424 if (ehci->rh_state < EHCI_RH_RUNNING) { 425 last_status = -ESHUTDOWN; 426 qh->unlink_reason |= QH_UNLINK_SHUTDOWN; 427 } 428 429 /* this qtd is active; skip it unless a previous qtd 430 * for its urb faulted, or its urb was canceled. 431 */ 432 else if (last_status == -EINPROGRESS && !urb->unlinked) 433 continue; 434 435 /* 436 * If this was the active qtd when the qh was unlinked 437 * and the overlay's token is active, then the overlay 438 * hasn't been written back to the qtd yet so use its 439 * token instead of the qtd's. After the qtd is 440 * processed and removed, the overlay won't be valid 441 * any more. 442 */ 443 if (state == QH_STATE_IDLE && 444 qh->qtd_list.next == &qtd->qtd_list && 445 (hw->hw_token & ACTIVE_BIT(ehci))) { 446 token = hc32_to_cpu(ehci, hw->hw_token); 447 hw->hw_token &= ~ACTIVE_BIT(ehci); 448 qh->should_be_inactive = 1; 449 450 /* An unlink may leave an incomplete 451 * async transaction in the TT buffer. 452 * We have to clear it. 453 */ 454 ehci_clear_tt_buffer(ehci, qh, urb, token); 455 } 456 } 457 458 /* unless we already know the urb's status, collect qtd status 459 * and update count of bytes transferred. in common short read 460 * cases with only one data qtd (including control transfers), 461 * queue processing won't halt. but with two or more qtds (for 462 * example, with a 32 KB transfer), when the first qtd gets a 463 * short read the second must be removed by hand. 464 */ 465 if (last_status == -EINPROGRESS) { 466 last_status = qtd_copy_status(ehci, urb, 467 qtd->length, token); 468 if (last_status == -EREMOTEIO 469 && (qtd->hw_alt_next 470 & EHCI_LIST_END(ehci))) 471 last_status = -EINPROGRESS; 472 473 /* As part of low/full-speed endpoint-halt processing 474 * we must clear the TT buffer (11.17.5). 475 */ 476 if (unlikely(last_status != -EINPROGRESS && 477 last_status != -EREMOTEIO)) { 478 /* The TT's in some hubs malfunction when they 479 * receive this request following a STALL (they 480 * stop sending isochronous packets). Since a 481 * STALL can't leave the TT buffer in a busy 482 * state (if you believe Figures 11-48 - 11-51 483 * in the USB 2.0 spec), we won't clear the TT 484 * buffer in this case. Strictly speaking this 485 * is a violation of the spec. 486 */ 487 if (last_status != -EPIPE) 488 ehci_clear_tt_buffer(ehci, qh, urb, 489 token); 490 } 491 } 492 493 /* if we're removing something not at the queue head, 494 * patch the hardware queue pointer. 495 */ 496 if (stopped && qtd->qtd_list.prev != &qh->qtd_list) { 497 last = list_entry (qtd->qtd_list.prev, 498 struct ehci_qtd, qtd_list); 499 last->hw_next = qtd->hw_next; 500 } 501 502 /* remove qtd; it's recycled after possible urb completion */ 503 list_del (&qtd->qtd_list); 504 last = qtd; 505 506 /* reinit the xacterr counter for the next qtd */ 507 qh->xacterrs = 0; 508 } 509 510 /* last urb's completion might still need calling */ 511 if (likely (last != NULL)) { 512 ehci_urb_done(ehci, last->urb, last_status); 513 ehci_qtd_free (ehci, last); 514 } 515 516 /* Do we need to rescan for URBs dequeued during a giveback? */ 517 if (unlikely(qh->dequeue_during_giveback)) { 518 /* If the QH is already unlinked, do the rescan now. */ 519 if (state == QH_STATE_IDLE) 520 goto rescan; 521 522 /* Otherwise the caller must unlink the QH. */ 523 } 524 525 /* restore original state; caller must unlink or relink */ 526 qh->qh_state = state; 527 528 /* be sure the hardware's done with the qh before refreshing 529 * it after fault cleanup, or recovering from silicon wrongly 530 * overlaying the dummy qtd (which reduces DMA chatter). 531 * 532 * We won't refresh a QH that's linked (after the HC 533 * stopped the queue). That avoids a race: 534 * - HC reads first part of QH; 535 * - CPU updates that first part and the token; 536 * - HC reads rest of that QH, including token 537 * Result: HC gets an inconsistent image, and then 538 * DMAs to/from the wrong memory (corrupting it). 539 * 540 * That should be rare for interrupt transfers, 541 * except maybe high bandwidth ... 542 */ 543 if (stopped != 0 || hw->hw_qtd_next == EHCI_LIST_END(ehci)) 544 qh->unlink_reason |= QH_UNLINK_DUMMY_OVERLAY; 545 546 /* Let the caller know if the QH needs to be unlinked. */ 547 return qh->unlink_reason; 548 } 549 550 /*-------------------------------------------------------------------------*/ 551 552 /* 553 * reverse of qh_urb_transaction: free a list of TDs. 554 * used for cleanup after errors, before HC sees an URB's TDs. 555 */ 556 static void qtd_list_free ( 557 struct ehci_hcd *ehci, 558 struct urb *urb, 559 struct list_head *qtd_list 560 ) { 561 struct list_head *entry, *temp; 562 563 list_for_each_safe (entry, temp, qtd_list) { 564 struct ehci_qtd *qtd; 565 566 qtd = list_entry (entry, struct ehci_qtd, qtd_list); 567 list_del (&qtd->qtd_list); 568 ehci_qtd_free (ehci, qtd); 569 } 570 } 571 572 /* 573 * create a list of filled qtds for this URB; won't link into qh. 574 */ 575 static struct list_head * 576 qh_urb_transaction ( 577 struct ehci_hcd *ehci, 578 struct urb *urb, 579 struct list_head *head, 580 gfp_t flags 581 ) { 582 struct ehci_qtd *qtd, *qtd_prev; 583 dma_addr_t buf; 584 int len, this_sg_len, maxpacket; 585 int is_input; 586 u32 token; 587 int i; 588 struct scatterlist *sg; 589 590 /* 591 * URBs map to sequences of QTDs: one logical transaction 592 */ 593 qtd = ehci_qtd_alloc (ehci, flags); 594 if (unlikely (!qtd)) 595 return NULL; 596 list_add_tail (&qtd->qtd_list, head); 597 qtd->urb = urb; 598 599 token = QTD_STS_ACTIVE; 600 token |= (EHCI_TUNE_CERR << 10); 601 /* for split transactions, SplitXState initialized to zero */ 602 603 len = urb->transfer_buffer_length; 604 is_input = usb_pipein (urb->pipe); 605 if (usb_pipecontrol (urb->pipe)) { 606 /* SETUP pid */ 607 qtd_fill(ehci, qtd, urb->setup_dma, 608 sizeof (struct usb_ctrlrequest), 609 token | (2 /* "setup" */ << 8), 8); 610 611 /* ... and always at least one more pid */ 612 token ^= QTD_TOGGLE; 613 qtd_prev = qtd; 614 qtd = ehci_qtd_alloc (ehci, flags); 615 if (unlikely (!qtd)) 616 goto cleanup; 617 qtd->urb = urb; 618 qtd_prev->hw_next = QTD_NEXT(ehci, qtd->qtd_dma); 619 list_add_tail (&qtd->qtd_list, head); 620 621 /* for zero length DATA stages, STATUS is always IN */ 622 if (len == 0) 623 token |= (1 /* "in" */ << 8); 624 } 625 626 /* 627 * data transfer stage: buffer setup 628 */ 629 i = urb->num_mapped_sgs; 630 if (len > 0 && i > 0) { 631 sg = urb->sg; 632 buf = sg_dma_address(sg); 633 634 /* urb->transfer_buffer_length may be smaller than the 635 * size of the scatterlist (or vice versa) 636 */ 637 this_sg_len = min_t(int, sg_dma_len(sg), len); 638 } else { 639 sg = NULL; 640 buf = urb->transfer_dma; 641 this_sg_len = len; 642 } 643 644 if (is_input) 645 token |= (1 /* "in" */ << 8); 646 /* else it's already initted to "out" pid (0 << 8) */ 647 648 maxpacket = usb_endpoint_maxp(&urb->ep->desc); 649 650 /* 651 * buffer gets wrapped in one or more qtds; 652 * last one may be "short" (including zero len) 653 * and may serve as a control status ack 654 */ 655 for (;;) { 656 unsigned int this_qtd_len; 657 658 this_qtd_len = qtd_fill(ehci, qtd, buf, this_sg_len, token, 659 maxpacket); 660 this_sg_len -= this_qtd_len; 661 len -= this_qtd_len; 662 buf += this_qtd_len; 663 664 /* 665 * short reads advance to a "magic" dummy instead of the next 666 * qtd ... that forces the queue to stop, for manual cleanup. 667 * (this will usually be overridden later.) 668 */ 669 if (is_input) 670 qtd->hw_alt_next = ehci->async->hw->hw_alt_next; 671 672 /* qh makes control packets use qtd toggle; maybe switch it */ 673 if ((maxpacket & (this_qtd_len + (maxpacket - 1))) == 0) 674 token ^= QTD_TOGGLE; 675 676 if (likely(this_sg_len <= 0)) { 677 if (--i <= 0 || len <= 0) 678 break; 679 sg = sg_next(sg); 680 buf = sg_dma_address(sg); 681 this_sg_len = min_t(int, sg_dma_len(sg), len); 682 } 683 684 qtd_prev = qtd; 685 qtd = ehci_qtd_alloc (ehci, flags); 686 if (unlikely (!qtd)) 687 goto cleanup; 688 qtd->urb = urb; 689 qtd_prev->hw_next = QTD_NEXT(ehci, qtd->qtd_dma); 690 list_add_tail (&qtd->qtd_list, head); 691 } 692 693 /* 694 * unless the caller requires manual cleanup after short reads, 695 * have the alt_next mechanism keep the queue running after the 696 * last data qtd (the only one, for control and most other cases). 697 */ 698 if (likely ((urb->transfer_flags & URB_SHORT_NOT_OK) == 0 699 || usb_pipecontrol (urb->pipe))) 700 qtd->hw_alt_next = EHCI_LIST_END(ehci); 701 702 /* 703 * control requests may need a terminating data "status" ack; 704 * other OUT ones may need a terminating short packet 705 * (zero length). 706 */ 707 if (likely (urb->transfer_buffer_length != 0)) { 708 int one_more = 0; 709 710 if (usb_pipecontrol (urb->pipe)) { 711 one_more = 1; 712 token ^= 0x0100; /* "in" <--> "out" */ 713 token |= QTD_TOGGLE; /* force DATA1 */ 714 } else if (usb_pipeout(urb->pipe) 715 && (urb->transfer_flags & URB_ZERO_PACKET) 716 && !(urb->transfer_buffer_length % maxpacket)) { 717 one_more = 1; 718 } 719 if (one_more) { 720 qtd_prev = qtd; 721 qtd = ehci_qtd_alloc (ehci, flags); 722 if (unlikely (!qtd)) 723 goto cleanup; 724 qtd->urb = urb; 725 qtd_prev->hw_next = QTD_NEXT(ehci, qtd->qtd_dma); 726 list_add_tail (&qtd->qtd_list, head); 727 728 /* never any data in such packets */ 729 qtd_fill(ehci, qtd, 0, 0, token, 0); 730 } 731 } 732 733 /* by default, enable interrupt on urb completion */ 734 if (likely (!(urb->transfer_flags & URB_NO_INTERRUPT))) 735 qtd->hw_token |= cpu_to_hc32(ehci, QTD_IOC); 736 return head; 737 738 cleanup: 739 qtd_list_free (ehci, urb, head); 740 return NULL; 741 } 742 743 /*-------------------------------------------------------------------------*/ 744 745 // Would be best to create all qh's from config descriptors, 746 // when each interface/altsetting is established. Unlink 747 // any previous qh and cancel its urbs first; endpoints are 748 // implicitly reset then (data toggle too). 749 // That'd mean updating how usbcore talks to HCDs. (2.7?) 750 751 752 /* 753 * Each QH holds a qtd list; a QH is used for everything except iso. 754 * 755 * For interrupt urbs, the scheduler must set the microframe scheduling 756 * mask(s) each time the QH gets scheduled. For highspeed, that's 757 * just one microframe in the s-mask. For split interrupt transactions 758 * there are additional complications: c-mask, maybe FSTNs. 759 */ 760 static struct ehci_qh * 761 qh_make ( 762 struct ehci_hcd *ehci, 763 struct urb *urb, 764 gfp_t flags 765 ) { 766 struct ehci_qh *qh = ehci_qh_alloc (ehci, flags); 767 struct usb_host_endpoint *ep; 768 u32 info1 = 0, info2 = 0; 769 int is_input, type; 770 int maxp = 0; 771 int mult; 772 struct usb_tt *tt = urb->dev->tt; 773 struct ehci_qh_hw *hw; 774 775 if (!qh) 776 return qh; 777 778 /* 779 * init endpoint/device data for this QH 780 */ 781 info1 |= usb_pipeendpoint (urb->pipe) << 8; 782 info1 |= usb_pipedevice (urb->pipe) << 0; 783 784 is_input = usb_pipein (urb->pipe); 785 type = usb_pipetype (urb->pipe); 786 ep = usb_pipe_endpoint (urb->dev, urb->pipe); 787 maxp = usb_endpoint_maxp (&ep->desc); 788 mult = usb_endpoint_maxp_mult (&ep->desc); 789 790 /* 1024 byte maxpacket is a hardware ceiling. High bandwidth 791 * acts like up to 3KB, but is built from smaller packets. 792 */ 793 if (maxp > 1024) { 794 ehci_dbg(ehci, "bogus qh maxpacket %d\n", maxp); 795 goto done; 796 } 797 798 /* Compute interrupt scheduling parameters just once, and save. 799 * - allowing for high bandwidth, how many nsec/uframe are used? 800 * - split transactions need a second CSPLIT uframe; same question 801 * - splits also need a schedule gap (for full/low speed I/O) 802 * - qh has a polling interval 803 * 804 * For control/bulk requests, the HC or TT handles these. 805 */ 806 if (type == PIPE_INTERRUPT) { 807 unsigned tmp; 808 809 qh->ps.usecs = NS_TO_US(usb_calc_bus_time(USB_SPEED_HIGH, 810 is_input, 0, mult * maxp)); 811 qh->ps.phase = NO_FRAME; 812 813 if (urb->dev->speed == USB_SPEED_HIGH) { 814 qh->ps.c_usecs = 0; 815 qh->gap_uf = 0; 816 817 if (urb->interval > 1 && urb->interval < 8) { 818 /* NOTE interval 2 or 4 uframes could work. 819 * But interval 1 scheduling is simpler, and 820 * includes high bandwidth. 821 */ 822 urb->interval = 1; 823 } else if (urb->interval > ehci->periodic_size << 3) { 824 urb->interval = ehci->periodic_size << 3; 825 } 826 qh->ps.period = urb->interval >> 3; 827 828 /* period for bandwidth allocation */ 829 tmp = min_t(unsigned, EHCI_BANDWIDTH_SIZE, 830 1 << (urb->ep->desc.bInterval - 1)); 831 832 /* Allow urb->interval to override */ 833 qh->ps.bw_uperiod = min_t(unsigned, tmp, urb->interval); 834 qh->ps.bw_period = qh->ps.bw_uperiod >> 3; 835 } else { 836 int think_time; 837 838 /* gap is f(FS/LS transfer times) */ 839 qh->gap_uf = 1 + usb_calc_bus_time (urb->dev->speed, 840 is_input, 0, maxp) / (125 * 1000); 841 842 /* FIXME this just approximates SPLIT/CSPLIT times */ 843 if (is_input) { // SPLIT, gap, CSPLIT+DATA 844 qh->ps.c_usecs = qh->ps.usecs + HS_USECS(0); 845 qh->ps.usecs = HS_USECS(1); 846 } else { // SPLIT+DATA, gap, CSPLIT 847 qh->ps.usecs += HS_USECS(1); 848 qh->ps.c_usecs = HS_USECS(0); 849 } 850 851 think_time = tt ? tt->think_time : 0; 852 qh->ps.tt_usecs = NS_TO_US(think_time + 853 usb_calc_bus_time (urb->dev->speed, 854 is_input, 0, maxp)); 855 if (urb->interval > ehci->periodic_size) 856 urb->interval = ehci->periodic_size; 857 qh->ps.period = urb->interval; 858 859 /* period for bandwidth allocation */ 860 tmp = min_t(unsigned, EHCI_BANDWIDTH_FRAMES, 861 urb->ep->desc.bInterval); 862 tmp = rounddown_pow_of_two(tmp); 863 864 /* Allow urb->interval to override */ 865 qh->ps.bw_period = min_t(unsigned, tmp, urb->interval); 866 qh->ps.bw_uperiod = qh->ps.bw_period << 3; 867 } 868 } 869 870 /* support for tt scheduling, and access to toggles */ 871 qh->ps.udev = urb->dev; 872 qh->ps.ep = urb->ep; 873 874 /* using TT? */ 875 switch (urb->dev->speed) { 876 case USB_SPEED_LOW: 877 info1 |= QH_LOW_SPEED; 878 fallthrough; 879 880 case USB_SPEED_FULL: 881 /* EPS 0 means "full" */ 882 if (type != PIPE_INTERRUPT) 883 info1 |= (EHCI_TUNE_RL_TT << 28); 884 if (type == PIPE_CONTROL) { 885 info1 |= QH_CONTROL_EP; /* for TT */ 886 info1 |= QH_TOGGLE_CTL; /* toggle from qtd */ 887 } 888 info1 |= maxp << 16; 889 890 info2 |= (EHCI_TUNE_MULT_TT << 30); 891 892 /* Some Freescale processors have an erratum in which the 893 * port number in the queue head was 0..N-1 instead of 1..N. 894 */ 895 if (ehci_has_fsl_portno_bug(ehci)) 896 info2 |= (urb->dev->ttport-1) << 23; 897 else 898 info2 |= urb->dev->ttport << 23; 899 900 /* set the address of the TT; for TDI's integrated 901 * root hub tt, leave it zeroed. 902 */ 903 if (tt && tt->hub != ehci_to_hcd(ehci)->self.root_hub) 904 info2 |= tt->hub->devnum << 16; 905 906 /* NOTE: if (PIPE_INTERRUPT) { scheduler sets c-mask } */ 907 908 break; 909 910 case USB_SPEED_HIGH: /* no TT involved */ 911 info1 |= QH_HIGH_SPEED; 912 if (type == PIPE_CONTROL) { 913 info1 |= (EHCI_TUNE_RL_HS << 28); 914 info1 |= 64 << 16; /* usb2 fixed maxpacket */ 915 info1 |= QH_TOGGLE_CTL; /* toggle from qtd */ 916 info2 |= (EHCI_TUNE_MULT_HS << 30); 917 } else if (type == PIPE_BULK) { 918 info1 |= (EHCI_TUNE_RL_HS << 28); 919 /* The USB spec says that high speed bulk endpoints 920 * always use 512 byte maxpacket. But some device 921 * vendors decided to ignore that, and MSFT is happy 922 * to help them do so. So now people expect to use 923 * such nonconformant devices with Linux too; sigh. 924 */ 925 info1 |= maxp << 16; 926 info2 |= (EHCI_TUNE_MULT_HS << 30); 927 } else { /* PIPE_INTERRUPT */ 928 info1 |= maxp << 16; 929 info2 |= mult << 30; 930 } 931 break; 932 default: 933 ehci_dbg(ehci, "bogus dev %p speed %d\n", urb->dev, 934 urb->dev->speed); 935 done: 936 qh_destroy(ehci, qh); 937 return NULL; 938 } 939 940 /* NOTE: if (PIPE_INTERRUPT) { scheduler sets s-mask } */ 941 942 /* init as live, toggle clear */ 943 qh->qh_state = QH_STATE_IDLE; 944 hw = qh->hw; 945 hw->hw_info1 = cpu_to_hc32(ehci, info1); 946 hw->hw_info2 = cpu_to_hc32(ehci, info2); 947 qh->is_out = !is_input; 948 usb_settoggle (urb->dev, usb_pipeendpoint (urb->pipe), !is_input, 1); 949 return qh; 950 } 951 952 /*-------------------------------------------------------------------------*/ 953 954 static void enable_async(struct ehci_hcd *ehci) 955 { 956 if (ehci->async_count++) 957 return; 958 959 /* Stop waiting to turn off the async schedule */ 960 ehci->enabled_hrtimer_events &= ~BIT(EHCI_HRTIMER_DISABLE_ASYNC); 961 962 /* Don't start the schedule until ASS is 0 */ 963 ehci_poll_ASS(ehci); 964 turn_on_io_watchdog(ehci); 965 } 966 967 static void disable_async(struct ehci_hcd *ehci) 968 { 969 if (--ehci->async_count) 970 return; 971 972 /* The async schedule and unlink lists are supposed to be empty */ 973 WARN_ON(ehci->async->qh_next.qh || !list_empty(&ehci->async_unlink) || 974 !list_empty(&ehci->async_idle)); 975 976 /* Don't turn off the schedule until ASS is 1 */ 977 ehci_poll_ASS(ehci); 978 } 979 980 /* move qh (and its qtds) onto async queue; maybe enable queue. */ 981 982 static void qh_link_async (struct ehci_hcd *ehci, struct ehci_qh *qh) 983 { 984 __hc32 dma = QH_NEXT(ehci, qh->qh_dma); 985 struct ehci_qh *head; 986 987 /* Don't link a QH if there's a Clear-TT-Buffer pending */ 988 if (unlikely(qh->clearing_tt)) 989 return; 990 991 WARN_ON(qh->qh_state != QH_STATE_IDLE); 992 993 /* clear halt and/or toggle; and maybe recover from silicon quirk */ 994 qh_refresh(ehci, qh); 995 996 /* splice right after start */ 997 head = ehci->async; 998 qh->qh_next = head->qh_next; 999 qh->hw->hw_next = head->hw->hw_next; 1000 wmb (); 1001 1002 head->qh_next.qh = qh; 1003 head->hw->hw_next = dma; 1004 1005 qh->qh_state = QH_STATE_LINKED; 1006 qh->xacterrs = 0; 1007 qh->unlink_reason = 0; 1008 /* qtd completions reported later by interrupt */ 1009 1010 enable_async(ehci); 1011 } 1012 1013 /*-------------------------------------------------------------------------*/ 1014 1015 /* 1016 * For control/bulk/interrupt, return QH with these TDs appended. 1017 * Allocates and initializes the QH if necessary. 1018 * Returns null if it can't allocate a QH it needs to. 1019 * If the QH has TDs (urbs) already, that's great. 1020 */ 1021 static struct ehci_qh *qh_append_tds ( 1022 struct ehci_hcd *ehci, 1023 struct urb *urb, 1024 struct list_head *qtd_list, 1025 int epnum, 1026 void **ptr 1027 ) 1028 { 1029 struct ehci_qh *qh = NULL; 1030 __hc32 qh_addr_mask = cpu_to_hc32(ehci, 0x7f); 1031 1032 qh = (struct ehci_qh *) *ptr; 1033 if (unlikely (qh == NULL)) { 1034 /* can't sleep here, we have ehci->lock... */ 1035 qh = qh_make (ehci, urb, GFP_ATOMIC); 1036 *ptr = qh; 1037 } 1038 if (likely (qh != NULL)) { 1039 struct ehci_qtd *qtd; 1040 1041 if (unlikely (list_empty (qtd_list))) 1042 qtd = NULL; 1043 else 1044 qtd = list_entry (qtd_list->next, struct ehci_qtd, 1045 qtd_list); 1046 1047 /* control qh may need patching ... */ 1048 if (unlikely (epnum == 0)) { 1049 1050 /* usb_reset_device() briefly reverts to address 0 */ 1051 if (usb_pipedevice (urb->pipe) == 0) 1052 qh->hw->hw_info1 &= ~qh_addr_mask; 1053 } 1054 1055 /* just one way to queue requests: swap with the dummy qtd. 1056 * only hc or qh_refresh() ever modify the overlay. 1057 */ 1058 if (likely (qtd != NULL)) { 1059 struct ehci_qtd *dummy; 1060 dma_addr_t dma; 1061 __hc32 token; 1062 1063 /* to avoid racing the HC, use the dummy td instead of 1064 * the first td of our list (becomes new dummy). both 1065 * tds stay deactivated until we're done, when the 1066 * HC is allowed to fetch the old dummy (4.10.2). 1067 */ 1068 token = qtd->hw_token; 1069 qtd->hw_token = HALT_BIT(ehci); 1070 1071 dummy = qh->dummy; 1072 1073 dma = dummy->qtd_dma; 1074 *dummy = *qtd; 1075 dummy->qtd_dma = dma; 1076 1077 list_del (&qtd->qtd_list); 1078 list_add (&dummy->qtd_list, qtd_list); 1079 list_splice_tail(qtd_list, &qh->qtd_list); 1080 1081 ehci_qtd_init(ehci, qtd, qtd->qtd_dma); 1082 qh->dummy = qtd; 1083 1084 /* hc must see the new dummy at list end */ 1085 dma = qtd->qtd_dma; 1086 qtd = list_entry (qh->qtd_list.prev, 1087 struct ehci_qtd, qtd_list); 1088 qtd->hw_next = QTD_NEXT(ehci, dma); 1089 1090 /* let the hc process these next qtds */ 1091 wmb (); 1092 dummy->hw_token = token; 1093 1094 urb->hcpriv = qh; 1095 } 1096 } 1097 return qh; 1098 } 1099 1100 /*-------------------------------------------------------------------------*/ 1101 1102 static int 1103 submit_async ( 1104 struct ehci_hcd *ehci, 1105 struct urb *urb, 1106 struct list_head *qtd_list, 1107 gfp_t mem_flags 1108 ) { 1109 int epnum; 1110 unsigned long flags; 1111 struct ehci_qh *qh = NULL; 1112 int rc; 1113 1114 epnum = urb->ep->desc.bEndpointAddress; 1115 1116 #ifdef EHCI_URB_TRACE 1117 { 1118 struct ehci_qtd *qtd; 1119 qtd = list_entry(qtd_list->next, struct ehci_qtd, qtd_list); 1120 ehci_dbg(ehci, 1121 "%s %s urb %p ep%d%s len %d, qtd %p [qh %p]\n", 1122 __func__, urb->dev->devpath, urb, 1123 epnum & 0x0f, (epnum & USB_DIR_IN) ? "in" : "out", 1124 urb->transfer_buffer_length, 1125 qtd, urb->ep->hcpriv); 1126 } 1127 #endif 1128 1129 spin_lock_irqsave (&ehci->lock, flags); 1130 if (unlikely(!HCD_HW_ACCESSIBLE(ehci_to_hcd(ehci)))) { 1131 rc = -ESHUTDOWN; 1132 goto done; 1133 } 1134 rc = usb_hcd_link_urb_to_ep(ehci_to_hcd(ehci), urb); 1135 if (unlikely(rc)) 1136 goto done; 1137 1138 qh = qh_append_tds(ehci, urb, qtd_list, epnum, &urb->ep->hcpriv); 1139 if (unlikely(qh == NULL)) { 1140 usb_hcd_unlink_urb_from_ep(ehci_to_hcd(ehci), urb); 1141 rc = -ENOMEM; 1142 goto done; 1143 } 1144 1145 /* Control/bulk operations through TTs don't need scheduling, 1146 * the HC and TT handle it when the TT has a buffer ready. 1147 */ 1148 if (likely (qh->qh_state == QH_STATE_IDLE)) 1149 qh_link_async(ehci, qh); 1150 done: 1151 spin_unlock_irqrestore (&ehci->lock, flags); 1152 if (unlikely (qh == NULL)) 1153 qtd_list_free (ehci, urb, qtd_list); 1154 return rc; 1155 } 1156 1157 /*-------------------------------------------------------------------------*/ 1158 #ifdef CONFIG_USB_HCD_TEST_MODE 1159 /* 1160 * This function creates the qtds and submits them for the 1161 * SINGLE_STEP_SET_FEATURE Test. 1162 * This is done in two parts: first SETUP req for GetDesc is sent then 1163 * 15 seconds later, the IN stage for GetDesc starts to req data from dev 1164 * 1165 * is_setup : i/p argument decides which of the two stage needs to be 1166 * performed; TRUE - SETUP and FALSE - IN+STATUS 1167 * Returns 0 if success 1168 */ 1169 static int ehci_submit_single_step_set_feature( 1170 struct usb_hcd *hcd, 1171 struct urb *urb, 1172 int is_setup 1173 ) { 1174 struct ehci_hcd *ehci = hcd_to_ehci(hcd); 1175 struct list_head qtd_list; 1176 struct list_head *head; 1177 1178 struct ehci_qtd *qtd, *qtd_prev; 1179 dma_addr_t buf; 1180 int len, maxpacket; 1181 u32 token; 1182 1183 INIT_LIST_HEAD(&qtd_list); 1184 head = &qtd_list; 1185 1186 /* URBs map to sequences of QTDs: one logical transaction */ 1187 qtd = ehci_qtd_alloc(ehci, GFP_KERNEL); 1188 if (unlikely(!qtd)) 1189 return -1; 1190 list_add_tail(&qtd->qtd_list, head); 1191 qtd->urb = urb; 1192 1193 token = QTD_STS_ACTIVE; 1194 token |= (EHCI_TUNE_CERR << 10); 1195 1196 len = urb->transfer_buffer_length; 1197 /* 1198 * Check if the request is to perform just the SETUP stage (getDesc) 1199 * as in SINGLE_STEP_SET_FEATURE test, DATA stage (IN) happens 1200 * 15 secs after the setup 1201 */ 1202 if (is_setup) { 1203 /* SETUP pid, and interrupt after SETUP completion */ 1204 qtd_fill(ehci, qtd, urb->setup_dma, 1205 sizeof(struct usb_ctrlrequest), 1206 QTD_IOC | token | (2 /* "setup" */ << 8), 8); 1207 1208 submit_async(ehci, urb, &qtd_list, GFP_ATOMIC); 1209 return 0; /*Return now; we shall come back after 15 seconds*/ 1210 } 1211 1212 /* 1213 * IN: data transfer stage: buffer setup : start the IN txn phase for 1214 * the get_Desc SETUP which was sent 15seconds back 1215 */ 1216 token ^= QTD_TOGGLE; /*We need to start IN with DATA-1 Pid-sequence*/ 1217 buf = urb->transfer_dma; 1218 1219 token |= (1 /* "in" */ << 8); /*This is IN stage*/ 1220 1221 maxpacket = usb_endpoint_maxp(&urb->ep->desc); 1222 1223 qtd_fill(ehci, qtd, buf, len, token, maxpacket); 1224 1225 /* 1226 * Our IN phase shall always be a short read; so keep the queue running 1227 * and let it advance to the next qtd which zero length OUT status 1228 */ 1229 qtd->hw_alt_next = EHCI_LIST_END(ehci); 1230 1231 /* STATUS stage for GetDesc control request */ 1232 token ^= 0x0100; /* "in" <--> "out" */ 1233 token |= QTD_TOGGLE; /* force DATA1 */ 1234 1235 qtd_prev = qtd; 1236 qtd = ehci_qtd_alloc(ehci, GFP_ATOMIC); 1237 if (unlikely(!qtd)) 1238 goto cleanup; 1239 qtd->urb = urb; 1240 qtd_prev->hw_next = QTD_NEXT(ehci, qtd->qtd_dma); 1241 list_add_tail(&qtd->qtd_list, head); 1242 1243 /* Interrupt after STATUS completion */ 1244 qtd_fill(ehci, qtd, 0, 0, token | QTD_IOC, 0); 1245 1246 submit_async(ehci, urb, &qtd_list, GFP_KERNEL); 1247 1248 return 0; 1249 1250 cleanup: 1251 qtd_list_free(ehci, urb, head); 1252 return -1; 1253 } 1254 #endif /* CONFIG_USB_HCD_TEST_MODE */ 1255 1256 /*-------------------------------------------------------------------------*/ 1257 1258 static void single_unlink_async(struct ehci_hcd *ehci, struct ehci_qh *qh) 1259 { 1260 struct ehci_qh *prev; 1261 1262 /* Add to the end of the list of QHs waiting for the next IAAD */ 1263 qh->qh_state = QH_STATE_UNLINK_WAIT; 1264 list_add_tail(&qh->unlink_node, &ehci->async_unlink); 1265 1266 /* Unlink it from the schedule */ 1267 prev = ehci->async; 1268 while (prev->qh_next.qh != qh) 1269 prev = prev->qh_next.qh; 1270 1271 prev->hw->hw_next = qh->hw->hw_next; 1272 prev->qh_next = qh->qh_next; 1273 if (ehci->qh_scan_next == qh) 1274 ehci->qh_scan_next = qh->qh_next.qh; 1275 } 1276 1277 static void start_iaa_cycle(struct ehci_hcd *ehci) 1278 { 1279 /* If the controller isn't running, we don't have to wait for it */ 1280 if (unlikely(ehci->rh_state < EHCI_RH_RUNNING)) { 1281 end_unlink_async(ehci); 1282 1283 /* Otherwise start a new IAA cycle if one isn't already running */ 1284 } else if (ehci->rh_state == EHCI_RH_RUNNING && 1285 !ehci->iaa_in_progress) { 1286 1287 /* Make sure the unlinks are all visible to the hardware */ 1288 wmb(); 1289 1290 ehci_writel(ehci, ehci->command | CMD_IAAD, 1291 &ehci->regs->command); 1292 ehci_readl(ehci, &ehci->regs->command); 1293 ehci->iaa_in_progress = true; 1294 ehci_enable_event(ehci, EHCI_HRTIMER_IAA_WATCHDOG, true); 1295 } 1296 } 1297 1298 static void end_iaa_cycle(struct ehci_hcd *ehci) 1299 { 1300 if (ehci->has_synopsys_hc_bug) 1301 ehci_writel(ehci, (u32) ehci->async->qh_dma, 1302 &ehci->regs->async_next); 1303 1304 /* The current IAA cycle has ended */ 1305 ehci->iaa_in_progress = false; 1306 1307 end_unlink_async(ehci); 1308 } 1309 1310 /* See if the async qh for the qtds being unlinked are now gone from the HC */ 1311 1312 static void end_unlink_async(struct ehci_hcd *ehci) 1313 { 1314 struct ehci_qh *qh; 1315 bool early_exit; 1316 1317 if (list_empty(&ehci->async_unlink)) 1318 return; 1319 qh = list_first_entry(&ehci->async_unlink, struct ehci_qh, 1320 unlink_node); /* QH whose IAA cycle just ended */ 1321 1322 /* 1323 * If async_unlinking is set then this routine is already running, 1324 * either on the stack or on another CPU. 1325 */ 1326 early_exit = ehci->async_unlinking; 1327 1328 /* If the controller isn't running, process all the waiting QHs */ 1329 if (ehci->rh_state < EHCI_RH_RUNNING) 1330 list_splice_tail_init(&ehci->async_unlink, &ehci->async_idle); 1331 1332 /* 1333 * Intel (?) bug: The HC can write back the overlay region even 1334 * after the IAA interrupt occurs. In self-defense, always go 1335 * through two IAA cycles for each QH. 1336 */ 1337 else if (qh->qh_state == QH_STATE_UNLINK) { 1338 /* 1339 * Second IAA cycle has finished. Process only the first 1340 * waiting QH (NVIDIA (?) bug). 1341 */ 1342 list_move_tail(&qh->unlink_node, &ehci->async_idle); 1343 } 1344 1345 /* 1346 * AMD/ATI (?) bug: The HC can continue to use an active QH long 1347 * after the IAA interrupt occurs. To prevent problems, QHs that 1348 * may still be active will wait until 2 ms have passed with no 1349 * change to the hw_current and hw_token fields (this delay occurs 1350 * between the two IAA cycles). 1351 * 1352 * The EHCI spec (4.8.2) says that active QHs must not be removed 1353 * from the async schedule and recommends waiting until the QH 1354 * goes inactive. This is ridiculous because the QH will _never_ 1355 * become inactive if the endpoint NAKs indefinitely. 1356 */ 1357 1358 /* Some reasons for unlinking guarantee the QH can't be active */ 1359 else if (qh->unlink_reason & (QH_UNLINK_HALTED | 1360 QH_UNLINK_SHORT_READ | QH_UNLINK_DUMMY_OVERLAY)) 1361 goto DelayDone; 1362 1363 /* The QH can't be active if the queue was and still is empty... */ 1364 else if ((qh->unlink_reason & QH_UNLINK_QUEUE_EMPTY) && 1365 list_empty(&qh->qtd_list)) 1366 goto DelayDone; 1367 1368 /* ... or if the QH has halted */ 1369 else if (qh->hw->hw_token & cpu_to_hc32(ehci, QTD_STS_HALT)) 1370 goto DelayDone; 1371 1372 /* Otherwise we have to wait until the QH stops changing */ 1373 else { 1374 __hc32 qh_current, qh_token; 1375 1376 qh_current = qh->hw->hw_current; 1377 qh_token = qh->hw->hw_token; 1378 if (qh_current != ehci->old_current || 1379 qh_token != ehci->old_token) { 1380 ehci->old_current = qh_current; 1381 ehci->old_token = qh_token; 1382 ehci_enable_event(ehci, 1383 EHCI_HRTIMER_ACTIVE_UNLINK, true); 1384 return; 1385 } 1386 DelayDone: 1387 qh->qh_state = QH_STATE_UNLINK; 1388 early_exit = true; 1389 } 1390 ehci->old_current = ~0; /* Prepare for next QH */ 1391 1392 /* Start a new IAA cycle if any QHs are waiting for it */ 1393 if (!list_empty(&ehci->async_unlink)) 1394 start_iaa_cycle(ehci); 1395 1396 /* 1397 * Don't allow nesting or concurrent calls, 1398 * or wait for the second IAA cycle for the next QH. 1399 */ 1400 if (early_exit) 1401 return; 1402 1403 /* Process the idle QHs */ 1404 ehci->async_unlinking = true; 1405 while (!list_empty(&ehci->async_idle)) { 1406 qh = list_first_entry(&ehci->async_idle, struct ehci_qh, 1407 unlink_node); 1408 list_del(&qh->unlink_node); 1409 1410 qh->qh_state = QH_STATE_IDLE; 1411 qh->qh_next.qh = NULL; 1412 1413 if (!list_empty(&qh->qtd_list)) 1414 qh_completions(ehci, qh); 1415 if (!list_empty(&qh->qtd_list) && 1416 ehci->rh_state == EHCI_RH_RUNNING) 1417 qh_link_async(ehci, qh); 1418 disable_async(ehci); 1419 } 1420 ehci->async_unlinking = false; 1421 } 1422 1423 static void start_unlink_async(struct ehci_hcd *ehci, struct ehci_qh *qh); 1424 1425 static void unlink_empty_async(struct ehci_hcd *ehci) 1426 { 1427 struct ehci_qh *qh; 1428 struct ehci_qh *qh_to_unlink = NULL; 1429 int count = 0; 1430 1431 /* Find the last async QH which has been empty for a timer cycle */ 1432 for (qh = ehci->async->qh_next.qh; qh; qh = qh->qh_next.qh) { 1433 if (list_empty(&qh->qtd_list) && 1434 qh->qh_state == QH_STATE_LINKED) { 1435 ++count; 1436 if (qh->unlink_cycle != ehci->async_unlink_cycle) 1437 qh_to_unlink = qh; 1438 } 1439 } 1440 1441 /* If nothing else is being unlinked, unlink the last empty QH */ 1442 if (list_empty(&ehci->async_unlink) && qh_to_unlink) { 1443 qh_to_unlink->unlink_reason |= QH_UNLINK_QUEUE_EMPTY; 1444 start_unlink_async(ehci, qh_to_unlink); 1445 --count; 1446 } 1447 1448 /* Other QHs will be handled later */ 1449 if (count > 0) { 1450 ehci_enable_event(ehci, EHCI_HRTIMER_ASYNC_UNLINKS, true); 1451 ++ehci->async_unlink_cycle; 1452 } 1453 } 1454 1455 #ifdef CONFIG_PM 1456 1457 /* The root hub is suspended; unlink all the async QHs */ 1458 static void unlink_empty_async_suspended(struct ehci_hcd *ehci) 1459 { 1460 struct ehci_qh *qh; 1461 1462 while (ehci->async->qh_next.qh) { 1463 qh = ehci->async->qh_next.qh; 1464 WARN_ON(!list_empty(&qh->qtd_list)); 1465 single_unlink_async(ehci, qh); 1466 } 1467 } 1468 1469 #endif 1470 1471 /* makes sure the async qh will become idle */ 1472 /* caller must own ehci->lock */ 1473 1474 static void start_unlink_async(struct ehci_hcd *ehci, struct ehci_qh *qh) 1475 { 1476 /* If the QH isn't linked then there's nothing we can do. */ 1477 if (qh->qh_state != QH_STATE_LINKED) 1478 return; 1479 1480 single_unlink_async(ehci, qh); 1481 start_iaa_cycle(ehci); 1482 } 1483 1484 /*-------------------------------------------------------------------------*/ 1485 1486 static void scan_async (struct ehci_hcd *ehci) 1487 { 1488 struct ehci_qh *qh; 1489 bool check_unlinks_later = false; 1490 1491 ehci->qh_scan_next = ehci->async->qh_next.qh; 1492 while (ehci->qh_scan_next) { 1493 qh = ehci->qh_scan_next; 1494 ehci->qh_scan_next = qh->qh_next.qh; 1495 1496 /* clean any finished work for this qh */ 1497 if (!list_empty(&qh->qtd_list)) { 1498 int temp; 1499 1500 /* 1501 * Unlinks could happen here; completion reporting 1502 * drops the lock. That's why ehci->qh_scan_next 1503 * always holds the next qh to scan; if the next qh 1504 * gets unlinked then ehci->qh_scan_next is adjusted 1505 * in single_unlink_async(). 1506 */ 1507 temp = qh_completions(ehci, qh); 1508 if (unlikely(temp)) { 1509 start_unlink_async(ehci, qh); 1510 } else if (list_empty(&qh->qtd_list) 1511 && qh->qh_state == QH_STATE_LINKED) { 1512 qh->unlink_cycle = ehci->async_unlink_cycle; 1513 check_unlinks_later = true; 1514 } 1515 } 1516 } 1517 1518 /* 1519 * Unlink empty entries, reducing DMA usage as well 1520 * as HCD schedule-scanning costs. Delay for any qh 1521 * we just scanned, there's a not-unusual case that it 1522 * doesn't stay idle for long. 1523 */ 1524 if (check_unlinks_later && ehci->rh_state == EHCI_RH_RUNNING && 1525 !(ehci->enabled_hrtimer_events & 1526 BIT(EHCI_HRTIMER_ASYNC_UNLINKS))) { 1527 ehci_enable_event(ehci, EHCI_HRTIMER_ASYNC_UNLINKS, true); 1528 ++ehci->async_unlink_cycle; 1529 } 1530 } 1531