1 /*
2  * mtu3_gadget_ep0.c - MediaTek USB3 DRD peripheral driver ep0 handling
3  *
4  * Copyright (c) 2016 MediaTek Inc.
5  *
6  * Author:  Chunfeng.Yun <chunfeng.yun@mediatek.com>
7  *
8  * This software is licensed under the terms of the GNU General Public
9  * License version 2, as published by the Free Software Foundation, and
10  * may be copied, distributed, and modified under those terms.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  */
18 
19 #include "mtu3.h"
20 
21 /* ep0 is always mtu3->in_eps[0] */
22 #define	next_ep0_request(mtu)	next_request((mtu)->ep0)
23 
24 /* for high speed test mode; see USB 2.0 spec 7.1.20 */
25 static const u8 mtu3_test_packet[53] = {
26 	/* implicit SYNC then DATA0 to start */
27 
28 	/* JKJKJKJK x9 */
29 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
30 	/* JJKKJJKK x8 */
31 	0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
32 	/* JJJJKKKK x8 */
33 	0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee, 0xee,
34 	/* JJJJJJJKKKKKKK x8 */
35 	0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
36 	/* JJJJJJJK x8 */
37 	0x7f, 0xbf, 0xdf, 0xef, 0xf7, 0xfb, 0xfd,
38 	/* JKKKKKKK x10, JK */
39 	0xfc, 0x7e, 0xbf, 0xdf, 0xef, 0xf7, 0xfb, 0xfd, 0x7e,
40 	/* implicit CRC16 then EOP to end */
41 };
42 
43 static char *decode_ep0_state(struct mtu3 *mtu)
44 {
45 	switch (mtu->ep0_state) {
46 	case MU3D_EP0_STATE_SETUP:
47 		return "SETUP";
48 	case MU3D_EP0_STATE_TX:
49 		return "IN";
50 	case MU3D_EP0_STATE_RX:
51 		return "OUT";
52 	case MU3D_EP0_STATE_TX_END:
53 		return "TX-END";
54 	case MU3D_EP0_STATE_STALL:
55 		return "STALL";
56 	default:
57 		return "??";
58 	}
59 }
60 
61 static void ep0_req_giveback(struct mtu3 *mtu, struct usb_request *req)
62 {
63 	mtu3_req_complete(mtu->ep0, req, 0);
64 }
65 
66 static int
67 forward_to_driver(struct mtu3 *mtu, const struct usb_ctrlrequest *setup)
68 __releases(mtu->lock)
69 __acquires(mtu->lock)
70 {
71 	int ret;
72 
73 	if (!mtu->gadget_driver)
74 		return -EOPNOTSUPP;
75 
76 	spin_unlock(&mtu->lock);
77 	ret = mtu->gadget_driver->setup(&mtu->g, setup);
78 	spin_lock(&mtu->lock);
79 
80 	dev_dbg(mtu->dev, "%s ret %d\n", __func__, ret);
81 	return ret;
82 }
83 
84 static void ep0_write_fifo(struct mtu3_ep *mep, const u8 *src, u16 len)
85 {
86 	void __iomem *fifo = mep->mtu->mac_base + U3D_FIFO0;
87 	u16 index = 0;
88 
89 	dev_dbg(mep->mtu->dev, "%s: ep%din, len=%d, buf=%p\n",
90 		__func__, mep->epnum, len, src);
91 
92 	if (len >= 4) {
93 		iowrite32_rep(fifo, src, len >> 2);
94 		index = len & ~0x03;
95 	}
96 	if (len & 0x02) {
97 		writew(*(u16 *)&src[index], fifo);
98 		index += 2;
99 	}
100 	if (len & 0x01)
101 		writeb(src[index], fifo);
102 }
103 
104 static void ep0_read_fifo(struct mtu3_ep *mep, u8 *dst, u16 len)
105 {
106 	void __iomem *fifo = mep->mtu->mac_base + U3D_FIFO0;
107 	u32 value;
108 	u16 index = 0;
109 
110 	dev_dbg(mep->mtu->dev, "%s: ep%dout len=%d buf=%p\n",
111 		 __func__, mep->epnum, len, dst);
112 
113 	if (len >= 4) {
114 		ioread32_rep(fifo, dst, len >> 2);
115 		index = len & ~0x03;
116 	}
117 	if (len & 0x3) {
118 		value = readl(fifo);
119 		memcpy(&dst[index], &value, len & 0x3);
120 	}
121 
122 }
123 
124 static void ep0_load_test_packet(struct mtu3 *mtu)
125 {
126 	/*
127 	 * because the length of test packet is less than max packet of HS ep0,
128 	 * write it into fifo directly.
129 	 */
130 	ep0_write_fifo(mtu->ep0, mtu3_test_packet, sizeof(mtu3_test_packet));
131 }
132 
133 /*
134  * A. send STALL for setup transfer without data stage:
135  *		set SENDSTALL and SETUPPKTRDY at the same time;
136  * B. send STALL for other cases:
137  *		set SENDSTALL only.
138  */
139 static void ep0_stall_set(struct mtu3_ep *mep0, bool set, u32 pktrdy)
140 {
141 	struct mtu3 *mtu = mep0->mtu;
142 	void __iomem *mbase = mtu->mac_base;
143 	u32 csr;
144 
145 	/* EP0_SENTSTALL is W1C */
146 	csr = mtu3_readl(mbase, U3D_EP0CSR) & EP0_W1C_BITS;
147 	if (set)
148 		csr |= EP0_SENDSTALL | pktrdy;
149 	else
150 		csr = (csr & ~EP0_SENDSTALL) | EP0_SENTSTALL;
151 	mtu3_writel(mtu->mac_base, U3D_EP0CSR, csr);
152 
153 	mtu->ep0_state = MU3D_EP0_STATE_SETUP;
154 
155 	dev_dbg(mtu->dev, "ep0: %s STALL, ep0_state: %s\n",
156 		set ? "SEND" : "CLEAR", decode_ep0_state(mtu));
157 }
158 
159 static int ep0_queue(struct mtu3_ep *mep0, struct mtu3_request *mreq);
160 
161 static void ep0_dummy_complete(struct usb_ep *ep, struct usb_request *req)
162 {}
163 
164 static void ep0_set_sel_complete(struct usb_ep *ep, struct usb_request *req)
165 {
166 	struct mtu3_request *mreq;
167 	struct mtu3 *mtu;
168 	struct usb_set_sel_req sel;
169 
170 	memcpy(&sel, req->buf, sizeof(sel));
171 
172 	mreq = to_mtu3_request(req);
173 	mtu = mreq->mtu;
174 	dev_dbg(mtu->dev, "u1sel:%d, u1pel:%d, u2sel:%d, u2pel:%d\n",
175 		sel.u1_sel, sel.u1_pel, sel.u2_sel, sel.u2_pel);
176 }
177 
178 /* queue data stage to handle 6 byte SET_SEL request */
179 static int ep0_set_sel(struct mtu3 *mtu, struct usb_ctrlrequest *setup)
180 {
181 	int ret;
182 	u16 length = le16_to_cpu(setup->wLength);
183 
184 	if (unlikely(length != 6)) {
185 		dev_err(mtu->dev, "%s wrong wLength:%d\n",
186 			__func__, length);
187 		return -EINVAL;
188 	}
189 
190 	mtu->ep0_req.mep = mtu->ep0;
191 	mtu->ep0_req.request.length = 6;
192 	mtu->ep0_req.request.buf = mtu->setup_buf;
193 	mtu->ep0_req.request.complete = ep0_set_sel_complete;
194 	ret = ep0_queue(mtu->ep0, &mtu->ep0_req);
195 
196 	return ret < 0 ? ret : 1;
197 }
198 
199 static int
200 ep0_get_status(struct mtu3 *mtu, const struct usb_ctrlrequest *setup)
201 {
202 	struct mtu3_ep *mep = NULL;
203 	int handled = 1;
204 	u8 result[2] = {0, 0};
205 	u8 epnum = 0;
206 	int is_in;
207 
208 	switch (setup->bRequestType & USB_RECIP_MASK) {
209 	case USB_RECIP_DEVICE:
210 		result[0] = mtu->is_self_powered << USB_DEVICE_SELF_POWERED;
211 		result[0] |= mtu->may_wakeup << USB_DEVICE_REMOTE_WAKEUP;
212 		/* superspeed only */
213 		if (mtu->g.speed == USB_SPEED_SUPER) {
214 			result[0] |= mtu->u1_enable << USB_DEV_STAT_U1_ENABLED;
215 			result[0] |= mtu->u2_enable << USB_DEV_STAT_U2_ENABLED;
216 		}
217 
218 		dev_dbg(mtu->dev, "%s result=%x, U1=%x, U2=%x\n", __func__,
219 			result[0], mtu->u1_enable, mtu->u2_enable);
220 
221 		break;
222 	case USB_RECIP_INTERFACE:
223 		break;
224 	case USB_RECIP_ENDPOINT:
225 		epnum = (u8) le16_to_cpu(setup->wIndex);
226 		is_in = epnum & USB_DIR_IN;
227 		epnum &= USB_ENDPOINT_NUMBER_MASK;
228 
229 		if (epnum >= mtu->num_eps) {
230 			handled = -EINVAL;
231 			break;
232 		}
233 		if (!epnum)
234 			break;
235 
236 		mep = (is_in ? mtu->in_eps : mtu->out_eps) + epnum;
237 		if (!mep->desc) {
238 			handled = -EINVAL;
239 			break;
240 		}
241 		if (mep->flags & MTU3_EP_STALL)
242 			result[0] |= 1 << USB_ENDPOINT_HALT;
243 
244 		break;
245 	default:
246 		/* class, vendor, etc ... delegate */
247 		handled = 0;
248 		break;
249 	}
250 
251 	if (handled > 0) {
252 		int ret;
253 
254 		/* prepare a data stage for GET_STATUS */
255 		dev_dbg(mtu->dev, "get_status=%x\n", *(u16 *)result);
256 		memcpy(mtu->setup_buf, result, sizeof(result));
257 		mtu->ep0_req.mep = mtu->ep0;
258 		mtu->ep0_req.request.length = 2;
259 		mtu->ep0_req.request.buf = &mtu->setup_buf;
260 		mtu->ep0_req.request.complete = ep0_dummy_complete;
261 		ret = ep0_queue(mtu->ep0, &mtu->ep0_req);
262 		if (ret < 0)
263 			handled = ret;
264 	}
265 	return handled;
266 }
267 
268 static int handle_test_mode(struct mtu3 *mtu, struct usb_ctrlrequest *setup)
269 {
270 	void __iomem *mbase = mtu->mac_base;
271 	int handled = 1;
272 
273 	switch (le16_to_cpu(setup->wIndex) >> 8) {
274 	case TEST_J:
275 		dev_dbg(mtu->dev, "TEST_J\n");
276 		mtu->test_mode_nr = TEST_J_MODE;
277 		break;
278 	case TEST_K:
279 		dev_dbg(mtu->dev, "TEST_K\n");
280 		mtu->test_mode_nr = TEST_K_MODE;
281 		break;
282 	case TEST_SE0_NAK:
283 		dev_dbg(mtu->dev, "TEST_SE0_NAK\n");
284 		mtu->test_mode_nr = TEST_SE0_NAK_MODE;
285 		break;
286 	case TEST_PACKET:
287 		dev_dbg(mtu->dev, "TEST_PACKET\n");
288 		mtu->test_mode_nr = TEST_PACKET_MODE;
289 		break;
290 	default:
291 		handled = -EINVAL;
292 		goto out;
293 	}
294 
295 	mtu->test_mode = true;
296 
297 	/* no TX completion interrupt, and need restart platform after test */
298 	if (mtu->test_mode_nr == TEST_PACKET_MODE)
299 		ep0_load_test_packet(mtu);
300 
301 	mtu3_writel(mbase, U3D_USB2_TEST_MODE, mtu->test_mode_nr);
302 
303 	mtu->ep0_state = MU3D_EP0_STATE_SETUP;
304 
305 out:
306 	return handled;
307 }
308 
309 static int ep0_handle_feature_dev(struct mtu3 *mtu,
310 		struct usb_ctrlrequest *setup, bool set)
311 {
312 	void __iomem *mbase = mtu->mac_base;
313 	int handled = -EINVAL;
314 	u32 lpc;
315 
316 	switch (le16_to_cpu(setup->wValue)) {
317 	case USB_DEVICE_REMOTE_WAKEUP:
318 		mtu->may_wakeup = !!set;
319 		handled = 1;
320 		break;
321 	case USB_DEVICE_TEST_MODE:
322 		if (!set || (mtu->g.speed != USB_SPEED_HIGH) ||
323 			(le16_to_cpu(setup->wIndex) & 0xff))
324 			break;
325 
326 		handled = handle_test_mode(mtu, setup);
327 		break;
328 	case USB_DEVICE_U1_ENABLE:
329 		if (mtu->g.speed != USB_SPEED_SUPER ||
330 			mtu->g.state != USB_STATE_CONFIGURED)
331 			break;
332 
333 		lpc = mtu3_readl(mbase, U3D_LINK_POWER_CONTROL);
334 		if (set)
335 			lpc |= SW_U1_ACCEPT_ENABLE;
336 		else
337 			lpc &= ~SW_U1_ACCEPT_ENABLE;
338 		mtu3_writel(mbase, U3D_LINK_POWER_CONTROL, lpc);
339 
340 		mtu->u1_enable = !!set;
341 		handled = 1;
342 		break;
343 	case USB_DEVICE_U2_ENABLE:
344 		if (mtu->g.speed != USB_SPEED_SUPER ||
345 			mtu->g.state != USB_STATE_CONFIGURED)
346 			break;
347 
348 		lpc = mtu3_readl(mbase, U3D_LINK_POWER_CONTROL);
349 		if (set)
350 			lpc |= SW_U2_ACCEPT_ENABLE;
351 		else
352 			lpc &= ~SW_U2_ACCEPT_ENABLE;
353 		mtu3_writel(mbase, U3D_LINK_POWER_CONTROL, lpc);
354 
355 		mtu->u2_enable = !!set;
356 		handled = 1;
357 		break;
358 	default:
359 		handled = -EINVAL;
360 		break;
361 	}
362 	return handled;
363 }
364 
365 static int ep0_handle_feature(struct mtu3 *mtu,
366 		struct usb_ctrlrequest *setup, bool set)
367 {
368 	struct mtu3_ep *mep;
369 	int handled = -EINVAL;
370 	int is_in;
371 	u16 value;
372 	u16 index;
373 	u8 epnum;
374 
375 	value = le16_to_cpu(setup->wValue);
376 	index = le16_to_cpu(setup->wIndex);
377 
378 	switch (setup->bRequestType & USB_RECIP_MASK) {
379 	case USB_RECIP_DEVICE:
380 		handled = ep0_handle_feature_dev(mtu, setup, set);
381 		break;
382 	case USB_RECIP_INTERFACE:
383 		/* superspeed only */
384 		if ((value == USB_INTRF_FUNC_SUSPEND)
385 			&& (mtu->g.speed == USB_SPEED_SUPER)) {
386 			/*
387 			 * forward the request because function drivers
388 			 * should handle it
389 			 */
390 			handled = 0;
391 		}
392 		break;
393 	case USB_RECIP_ENDPOINT:
394 		epnum = index & USB_ENDPOINT_NUMBER_MASK;
395 		if (epnum == 0 || epnum >= mtu->num_eps ||
396 			value != USB_ENDPOINT_HALT)
397 			break;
398 
399 		is_in = index & USB_DIR_IN;
400 		mep = (is_in ? mtu->in_eps : mtu->out_eps) + epnum;
401 		if (!mep->desc)
402 			break;
403 
404 		handled = 1;
405 		/* ignore request if endpoint is wedged */
406 		if (mep->wedged)
407 			break;
408 
409 		mtu3_ep_stall_set(mep, set);
410 		break;
411 	default:
412 		/* class, vendor, etc ... delegate */
413 		handled = 0;
414 		break;
415 	}
416 	return handled;
417 }
418 
419 /*
420  * handle all control requests can be handled
421  * returns:
422  *	negative errno - error happened
423  *	zero - need delegate SETUP to gadget driver
424  *	positive - already handled
425  */
426 static int handle_standard_request(struct mtu3 *mtu,
427 			  struct usb_ctrlrequest *setup)
428 {
429 	void __iomem *mbase = mtu->mac_base;
430 	enum usb_device_state state = mtu->g.state;
431 	int handled = -EINVAL;
432 	u32 dev_conf;
433 	u16 value;
434 
435 	value = le16_to_cpu(setup->wValue);
436 
437 	/* the gadget driver handles everything except what we must handle */
438 	switch (setup->bRequest) {
439 	case USB_REQ_SET_ADDRESS:
440 		/* change it after the status stage */
441 		mtu->address = (u8) (value & 0x7f);
442 		dev_dbg(mtu->dev, "set address to 0x%x\n", mtu->address);
443 
444 		dev_conf = mtu3_readl(mbase, U3D_DEVICE_CONF);
445 		dev_conf &= ~DEV_ADDR_MSK;
446 		dev_conf |= DEV_ADDR(mtu->address);
447 		mtu3_writel(mbase, U3D_DEVICE_CONF, dev_conf);
448 
449 		if (mtu->address)
450 			usb_gadget_set_state(&mtu->g, USB_STATE_ADDRESS);
451 		else
452 			usb_gadget_set_state(&mtu->g, USB_STATE_DEFAULT);
453 
454 		handled = 1;
455 		break;
456 	case USB_REQ_SET_CONFIGURATION:
457 		if (state == USB_STATE_ADDRESS) {
458 			usb_gadget_set_state(&mtu->g,
459 					USB_STATE_CONFIGURED);
460 		} else if (state == USB_STATE_CONFIGURED) {
461 			/*
462 			 * USB2 spec sec 9.4.7, if wValue is 0 then dev
463 			 * is moved to addressed state
464 			 */
465 			if (!value)
466 				usb_gadget_set_state(&mtu->g,
467 						USB_STATE_ADDRESS);
468 		}
469 		handled = 0;
470 		break;
471 	case USB_REQ_CLEAR_FEATURE:
472 		handled = ep0_handle_feature(mtu, setup, 0);
473 		break;
474 	case USB_REQ_SET_FEATURE:
475 		handled = ep0_handle_feature(mtu, setup, 1);
476 		break;
477 	case USB_REQ_GET_STATUS:
478 		handled = ep0_get_status(mtu, setup);
479 		break;
480 	case USB_REQ_SET_SEL:
481 		handled = ep0_set_sel(mtu, setup);
482 		break;
483 	case USB_REQ_SET_ISOCH_DELAY:
484 		handled = 1;
485 		break;
486 	default:
487 		/* delegate SET_CONFIGURATION, etc */
488 		handled = 0;
489 	}
490 
491 	return handled;
492 }
493 
494 /* receive an data packet (OUT) */
495 static void ep0_rx_state(struct mtu3 *mtu)
496 {
497 	struct mtu3_request *mreq;
498 	struct usb_request *req;
499 	void __iomem *mbase = mtu->mac_base;
500 	u32 maxp;
501 	u32 csr;
502 	u16 count = 0;
503 
504 	dev_dbg(mtu->dev, "%s\n", __func__);
505 
506 	csr = mtu3_readl(mbase, U3D_EP0CSR) & EP0_W1C_BITS;
507 	mreq = next_ep0_request(mtu);
508 	req = &mreq->request;
509 
510 	/* read packet and ack; or stall because of gadget driver bug */
511 	if (req) {
512 		void *buf = req->buf + req->actual;
513 		unsigned int len = req->length - req->actual;
514 
515 		/* read the buffer */
516 		count = mtu3_readl(mbase, U3D_RXCOUNT0);
517 		if (count > len) {
518 			req->status = -EOVERFLOW;
519 			count = len;
520 		}
521 		ep0_read_fifo(mtu->ep0, buf, count);
522 		req->actual += count;
523 		csr |= EP0_RXPKTRDY;
524 
525 		maxp = mtu->g.ep0->maxpacket;
526 		if (count < maxp || req->actual == req->length) {
527 			mtu->ep0_state = MU3D_EP0_STATE_SETUP;
528 			dev_dbg(mtu->dev, "ep0 state: %s\n",
529 				decode_ep0_state(mtu));
530 
531 			csr |= EP0_DATAEND;
532 		} else {
533 			req = NULL;
534 		}
535 	} else {
536 		csr |= EP0_RXPKTRDY | EP0_SENDSTALL;
537 		dev_dbg(mtu->dev, "%s: SENDSTALL\n", __func__);
538 	}
539 
540 	mtu3_writel(mbase, U3D_EP0CSR, csr);
541 
542 	/* give back the request if have received all data */
543 	if (req)
544 		ep0_req_giveback(mtu, req);
545 
546 }
547 
548 /* transmitting to the host (IN) */
549 static void ep0_tx_state(struct mtu3 *mtu)
550 {
551 	struct mtu3_request *mreq = next_ep0_request(mtu);
552 	struct usb_request *req;
553 	u32 csr;
554 	u8 *src;
555 	u8 count;
556 	u32 maxp;
557 
558 	dev_dbg(mtu->dev, "%s\n", __func__);
559 
560 	if (!mreq)
561 		return;
562 
563 	maxp = mtu->g.ep0->maxpacket;
564 	req = &mreq->request;
565 
566 	/* load the data */
567 	src = (u8 *)req->buf + req->actual;
568 	count = min(maxp, req->length - req->actual);
569 	if (count)
570 		ep0_write_fifo(mtu->ep0, src, count);
571 
572 	dev_dbg(mtu->dev, "%s act=%d, len=%d, cnt=%d, maxp=%d zero=%d\n",
573 		 __func__, req->actual, req->length, count, maxp, req->zero);
574 
575 	req->actual += count;
576 
577 	if ((count < maxp)
578 		|| ((req->actual == req->length) && !req->zero))
579 		mtu->ep0_state = MU3D_EP0_STATE_TX_END;
580 
581 	/* send it out, triggering a "txpktrdy cleared" irq */
582 	csr = mtu3_readl(mtu->mac_base, U3D_EP0CSR) & EP0_W1C_BITS;
583 	mtu3_writel(mtu->mac_base, U3D_EP0CSR, csr | EP0_TXPKTRDY);
584 
585 	dev_dbg(mtu->dev, "%s ep0csr=0x%x\n", __func__,
586 		mtu3_readl(mtu->mac_base, U3D_EP0CSR));
587 }
588 
589 static void ep0_read_setup(struct mtu3 *mtu, struct usb_ctrlrequest *setup)
590 {
591 	struct mtu3_request *mreq;
592 	u32 count;
593 	u32 csr;
594 
595 	csr = mtu3_readl(mtu->mac_base, U3D_EP0CSR) & EP0_W1C_BITS;
596 	count = mtu3_readl(mtu->mac_base, U3D_RXCOUNT0);
597 
598 	ep0_read_fifo(mtu->ep0, (u8 *)setup, count);
599 
600 	dev_dbg(mtu->dev, "SETUP req%02x.%02x v%04x i%04x l%04x\n",
601 		 setup->bRequestType, setup->bRequest,
602 		 le16_to_cpu(setup->wValue), le16_to_cpu(setup->wIndex),
603 		 le16_to_cpu(setup->wLength));
604 
605 	/* clean up any leftover transfers */
606 	mreq = next_ep0_request(mtu);
607 	if (mreq)
608 		ep0_req_giveback(mtu, &mreq->request);
609 
610 	if (le16_to_cpu(setup->wLength) == 0) {
611 		;	/* no data stage, nothing to do */
612 	} else if (setup->bRequestType & USB_DIR_IN) {
613 		mtu3_writel(mtu->mac_base, U3D_EP0CSR,
614 			csr | EP0_SETUPPKTRDY | EP0_DPHTX);
615 		mtu->ep0_state = MU3D_EP0_STATE_TX;
616 	} else {
617 		mtu3_writel(mtu->mac_base, U3D_EP0CSR,
618 			(csr | EP0_SETUPPKTRDY) & (~EP0_DPHTX));
619 		mtu->ep0_state = MU3D_EP0_STATE_RX;
620 	}
621 }
622 
623 static int ep0_handle_setup(struct mtu3 *mtu)
624 __releases(mtu->lock)
625 __acquires(mtu->lock)
626 {
627 	struct usb_ctrlrequest setup;
628 	struct mtu3_request *mreq;
629 	void __iomem *mbase = mtu->mac_base;
630 	int handled = 0;
631 
632 	ep0_read_setup(mtu, &setup);
633 
634 	if ((setup.bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD)
635 		handled = handle_standard_request(mtu, &setup);
636 
637 	dev_dbg(mtu->dev, "handled %d, ep0_state: %s\n",
638 		 handled, decode_ep0_state(mtu));
639 
640 	if (handled < 0)
641 		goto stall;
642 	else if (handled > 0)
643 		goto finish;
644 
645 	handled = forward_to_driver(mtu, &setup);
646 	if (handled < 0) {
647 stall:
648 		dev_dbg(mtu->dev, "%s stall (%d)\n", __func__, handled);
649 
650 		ep0_stall_set(mtu->ep0, true,
651 			le16_to_cpu(setup.wLength) ? 0 : EP0_SETUPPKTRDY);
652 
653 		return 0;
654 	}
655 
656 finish:
657 	if (mtu->test_mode) {
658 		;	/* nothing to do */
659 	} else if (le16_to_cpu(setup.wLength) == 0) { /* no data stage */
660 
661 		mtu3_writel(mbase, U3D_EP0CSR,
662 			(mtu3_readl(mbase, U3D_EP0CSR) & EP0_W1C_BITS)
663 			| EP0_SETUPPKTRDY | EP0_DATAEND);
664 
665 		/* complete zlp request directly */
666 		mreq = next_ep0_request(mtu);
667 		if (mreq && !mreq->request.length)
668 			ep0_req_giveback(mtu, &mreq->request);
669 	}
670 
671 	return 0;
672 }
673 
674 irqreturn_t mtu3_ep0_isr(struct mtu3 *mtu)
675 {
676 	void __iomem *mbase = mtu->mac_base;
677 	struct mtu3_request *mreq;
678 	u32 int_status;
679 	irqreturn_t ret = IRQ_NONE;
680 	u32 csr;
681 	u32 len;
682 
683 	int_status = mtu3_readl(mbase, U3D_EPISR);
684 	int_status &= mtu3_readl(mbase, U3D_EPIER);
685 	mtu3_writel(mbase, U3D_EPISR, int_status); /* W1C */
686 
687 	/* only handle ep0's */
688 	if (!(int_status & EP0ISR))
689 		return IRQ_NONE;
690 
691 	csr = mtu3_readl(mbase, U3D_EP0CSR);
692 
693 	dev_dbg(mtu->dev, "%s csr=0x%x\n", __func__, csr);
694 
695 	/* we sent a stall.. need to clear it now.. */
696 	if (csr & EP0_SENTSTALL) {
697 		ep0_stall_set(mtu->ep0, false, 0);
698 		csr = mtu3_readl(mbase, U3D_EP0CSR);
699 		ret = IRQ_HANDLED;
700 	}
701 	dev_dbg(mtu->dev, "ep0_state: %s\n", decode_ep0_state(mtu));
702 
703 	switch (mtu->ep0_state) {
704 	case MU3D_EP0_STATE_TX:
705 		/* irq on clearing txpktrdy */
706 		if ((csr & EP0_FIFOFULL) == 0) {
707 			ep0_tx_state(mtu);
708 			ret = IRQ_HANDLED;
709 		}
710 		break;
711 	case MU3D_EP0_STATE_RX:
712 		/* irq on set rxpktrdy */
713 		if (csr & EP0_RXPKTRDY) {
714 			ep0_rx_state(mtu);
715 			ret = IRQ_HANDLED;
716 		}
717 		break;
718 	case MU3D_EP0_STATE_TX_END:
719 		mtu3_writel(mbase, U3D_EP0CSR,
720 			(csr & EP0_W1C_BITS) | EP0_DATAEND);
721 
722 		mreq = next_ep0_request(mtu);
723 		if (mreq)
724 			ep0_req_giveback(mtu, &mreq->request);
725 
726 		mtu->ep0_state = MU3D_EP0_STATE_SETUP;
727 		ret = IRQ_HANDLED;
728 		dev_dbg(mtu->dev, "ep0_state: %s\n", decode_ep0_state(mtu));
729 		break;
730 	case MU3D_EP0_STATE_SETUP:
731 		if (!(csr & EP0_SETUPPKTRDY))
732 			break;
733 
734 		len = mtu3_readl(mbase, U3D_RXCOUNT0);
735 		if (len != 8) {
736 			dev_err(mtu->dev, "SETUP packet len %d != 8 ?\n", len);
737 			break;
738 		}
739 
740 		ep0_handle_setup(mtu);
741 		ret = IRQ_HANDLED;
742 		break;
743 	default:
744 		/* can't happen */
745 		ep0_stall_set(mtu->ep0, true, 0);
746 		WARN_ON(1);
747 		break;
748 	}
749 
750 	return ret;
751 }
752 
753 
754 static int mtu3_ep0_enable(struct usb_ep *ep,
755 	const struct usb_endpoint_descriptor *desc)
756 {
757 	/* always enabled */
758 	return -EINVAL;
759 }
760 
761 static int mtu3_ep0_disable(struct usb_ep *ep)
762 {
763 	/* always enabled */
764 	return -EINVAL;
765 }
766 
767 static int ep0_queue(struct mtu3_ep *mep, struct mtu3_request *mreq)
768 {
769 	struct mtu3 *mtu = mep->mtu;
770 
771 	mreq->mtu = mtu;
772 	mreq->request.actual = 0;
773 	mreq->request.status = -EINPROGRESS;
774 
775 	dev_dbg(mtu->dev, "%s %s (ep0_state: %s), len#%d\n", __func__,
776 		mep->name, decode_ep0_state(mtu), mreq->request.length);
777 
778 	if (!list_empty(&mep->req_list))
779 		return -EBUSY;
780 
781 	switch (mtu->ep0_state) {
782 	case MU3D_EP0_STATE_SETUP:
783 	case MU3D_EP0_STATE_RX:	/* control-OUT data */
784 	case MU3D_EP0_STATE_TX:	/* control-IN data */
785 		break;
786 	default:
787 		dev_err(mtu->dev, "%s, error in ep0 state %s\n", __func__,
788 			decode_ep0_state(mtu));
789 		return -EINVAL;
790 	}
791 
792 	list_add_tail(&mreq->list, &mep->req_list);
793 
794 	/* sequence #1, IN ... start writing the data */
795 	if (mtu->ep0_state == MU3D_EP0_STATE_TX)
796 		ep0_tx_state(mtu);
797 
798 	return 0;
799 }
800 
801 static int mtu3_ep0_queue(struct usb_ep *ep,
802 	struct usb_request *req, gfp_t gfp)
803 {
804 	struct mtu3_ep *mep;
805 	struct mtu3_request *mreq;
806 	struct mtu3 *mtu;
807 	unsigned long flags;
808 	int ret = 0;
809 
810 	if (!ep || !req)
811 		return -EINVAL;
812 
813 	mep = to_mtu3_ep(ep);
814 	mtu = mep->mtu;
815 	mreq = to_mtu3_request(req);
816 
817 	spin_lock_irqsave(&mtu->lock, flags);
818 	ret = ep0_queue(mep, mreq);
819 	spin_unlock_irqrestore(&mtu->lock, flags);
820 	return ret;
821 }
822 
823 static int mtu3_ep0_dequeue(struct usb_ep *ep, struct usb_request *req)
824 {
825 	/* we just won't support this */
826 	return -EINVAL;
827 }
828 
829 static int mtu3_ep0_halt(struct usb_ep *ep, int value)
830 {
831 	struct mtu3_ep *mep;
832 	struct mtu3 *mtu;
833 	unsigned long flags;
834 	int ret = 0;
835 
836 	if (!ep || !value)
837 		return -EINVAL;
838 
839 	mep = to_mtu3_ep(ep);
840 	mtu = mep->mtu;
841 
842 	dev_dbg(mtu->dev, "%s\n", __func__);
843 
844 	spin_lock_irqsave(&mtu->lock, flags);
845 
846 	if (!list_empty(&mep->req_list)) {
847 		ret = -EBUSY;
848 		goto cleanup;
849 	}
850 
851 	switch (mtu->ep0_state) {
852 	/*
853 	 * stalls are usually issued after parsing SETUP packet, either
854 	 * directly in irq context from setup() or else later.
855 	 */
856 	case MU3D_EP0_STATE_TX:
857 	case MU3D_EP0_STATE_TX_END:
858 	case MU3D_EP0_STATE_RX:
859 	case MU3D_EP0_STATE_SETUP:
860 		ep0_stall_set(mtu->ep0, true, 0);
861 		break;
862 	default:
863 		dev_dbg(mtu->dev, "ep0 can't halt in state %s\n",
864 			decode_ep0_state(mtu));
865 		ret = -EINVAL;
866 	}
867 
868 cleanup:
869 	spin_unlock_irqrestore(&mtu->lock, flags);
870 	return ret;
871 }
872 
873 const struct usb_ep_ops mtu3_ep0_ops = {
874 	.enable = mtu3_ep0_enable,
875 	.disable = mtu3_ep0_disable,
876 	.alloc_request = mtu3_alloc_request,
877 	.free_request = mtu3_free_request,
878 	.queue = mtu3_ep0_queue,
879 	.dequeue = mtu3_ep0_dequeue,
880 	.set_halt = mtu3_ep0_halt,
881 };
882