1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * MUSB OTG peripheral driver ep0 handling 4 * 5 * Copyright 2005 Mentor Graphics Corporation 6 * Copyright (C) 2005-2006 by Texas Instruments 7 * Copyright (C) 2006-2007 Nokia Corporation 8 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com> 9 */ 10 11 #include <linux/kernel.h> 12 #include <linux/list.h> 13 #include <linux/timer.h> 14 #include <linux/spinlock.h> 15 #include <linux/device.h> 16 #include <linux/interrupt.h> 17 18 #include "musb_core.h" 19 20 /* ep0 is always musb->endpoints[0].ep_in */ 21 #define next_ep0_request(musb) next_in_request(&(musb)->endpoints[0]) 22 23 /* 24 * locking note: we use only the controller lock, for simpler correctness. 25 * It's always held with IRQs blocked. 26 * 27 * It protects the ep0 request queue as well as ep0_state, not just the 28 * controller and indexed registers. And that lock stays held unless it 29 * needs to be dropped to allow reentering this driver ... like upcalls to 30 * the gadget driver, or adjusting endpoint halt status. 31 */ 32 33 static char *decode_ep0stage(u8 stage) 34 { 35 switch (stage) { 36 case MUSB_EP0_STAGE_IDLE: return "idle"; 37 case MUSB_EP0_STAGE_SETUP: return "setup"; 38 case MUSB_EP0_STAGE_TX: return "in"; 39 case MUSB_EP0_STAGE_RX: return "out"; 40 case MUSB_EP0_STAGE_ACKWAIT: return "wait"; 41 case MUSB_EP0_STAGE_STATUSIN: return "in/status"; 42 case MUSB_EP0_STAGE_STATUSOUT: return "out/status"; 43 default: return "?"; 44 } 45 } 46 47 /* handle a standard GET_STATUS request 48 * Context: caller holds controller lock 49 */ 50 static int service_tx_status_request( 51 struct musb *musb, 52 const struct usb_ctrlrequest *ctrlrequest) 53 { 54 void __iomem *mbase = musb->mregs; 55 int handled = 1; 56 u8 result[2], epnum = 0; 57 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 58 59 result[1] = 0; 60 61 switch (recip) { 62 case USB_RECIP_DEVICE: 63 result[0] = musb->g.is_selfpowered << USB_DEVICE_SELF_POWERED; 64 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP; 65 if (musb->g.is_otg) { 66 result[0] |= musb->g.b_hnp_enable 67 << USB_DEVICE_B_HNP_ENABLE; 68 result[0] |= musb->g.a_alt_hnp_support 69 << USB_DEVICE_A_ALT_HNP_SUPPORT; 70 result[0] |= musb->g.a_hnp_support 71 << USB_DEVICE_A_HNP_SUPPORT; 72 } 73 break; 74 75 case USB_RECIP_INTERFACE: 76 result[0] = 0; 77 break; 78 79 case USB_RECIP_ENDPOINT: { 80 int is_in; 81 struct musb_ep *ep; 82 u16 tmp; 83 void __iomem *regs; 84 85 epnum = (u8) ctrlrequest->wIndex; 86 if (!epnum) { 87 result[0] = 0; 88 break; 89 } 90 91 is_in = epnum & USB_DIR_IN; 92 epnum &= 0x0f; 93 if (epnum >= MUSB_C_NUM_EPS) { 94 handled = -EINVAL; 95 break; 96 } 97 98 if (is_in) 99 ep = &musb->endpoints[epnum].ep_in; 100 else 101 ep = &musb->endpoints[epnum].ep_out; 102 regs = musb->endpoints[epnum].regs; 103 104 if (!ep->desc) { 105 handled = -EINVAL; 106 break; 107 } 108 109 musb_ep_select(mbase, epnum); 110 if (is_in) 111 tmp = musb_readw(regs, MUSB_TXCSR) 112 & MUSB_TXCSR_P_SENDSTALL; 113 else 114 tmp = musb_readw(regs, MUSB_RXCSR) 115 & MUSB_RXCSR_P_SENDSTALL; 116 musb_ep_select(mbase, 0); 117 118 result[0] = tmp ? 1 : 0; 119 } break; 120 121 default: 122 /* class, vendor, etc ... delegate */ 123 handled = 0; 124 break; 125 } 126 127 /* fill up the fifo; caller updates csr0 */ 128 if (handled > 0) { 129 u16 len = le16_to_cpu(ctrlrequest->wLength); 130 131 if (len > 2) 132 len = 2; 133 musb_write_fifo(&musb->endpoints[0], len, result); 134 } 135 136 return handled; 137 } 138 139 /* 140 * handle a control-IN request, the end0 buffer contains the current request 141 * that is supposed to be a standard control request. Assumes the fifo to 142 * be at least 2 bytes long. 143 * 144 * @return 0 if the request was NOT HANDLED, 145 * < 0 when error 146 * > 0 when the request is processed 147 * 148 * Context: caller holds controller lock 149 */ 150 static int 151 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 152 { 153 int handled = 0; /* not handled */ 154 155 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 156 == USB_TYPE_STANDARD) { 157 switch (ctrlrequest->bRequest) { 158 case USB_REQ_GET_STATUS: 159 handled = service_tx_status_request(musb, 160 ctrlrequest); 161 break; 162 163 /* case USB_REQ_SYNC_FRAME: */ 164 165 default: 166 break; 167 } 168 } 169 return handled; 170 } 171 172 /* 173 * Context: caller holds controller lock 174 */ 175 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req) 176 { 177 musb_g_giveback(&musb->endpoints[0].ep_in, req, 0); 178 } 179 180 /* 181 * Tries to start B-device HNP negotiation if enabled via sysfs 182 */ 183 static inline void musb_try_b_hnp_enable(struct musb *musb) 184 { 185 void __iomem *mbase = musb->mregs; 186 u8 devctl; 187 188 musb_dbg(musb, "HNP: Setting HR"); 189 devctl = musb_readb(mbase, MUSB_DEVCTL); 190 musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR); 191 } 192 193 /* 194 * Handle all control requests with no DATA stage, including standard 195 * requests such as: 196 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized 197 * always delegated to the gadget driver 198 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE 199 * always handled here, except for class/vendor/... features 200 * 201 * Context: caller holds controller lock 202 */ 203 static int 204 service_zero_data_request(struct musb *musb, 205 struct usb_ctrlrequest *ctrlrequest) 206 __releases(musb->lock) 207 __acquires(musb->lock) 208 { 209 int handled = -EINVAL; 210 void __iomem *mbase = musb->mregs; 211 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 212 213 /* the gadget driver handles everything except what we MUST handle */ 214 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 215 == USB_TYPE_STANDARD) { 216 switch (ctrlrequest->bRequest) { 217 case USB_REQ_SET_ADDRESS: 218 /* change it after the status stage */ 219 musb->set_address = true; 220 musb->address = (u8) (ctrlrequest->wValue & 0x7f); 221 handled = 1; 222 break; 223 224 case USB_REQ_CLEAR_FEATURE: 225 switch (recip) { 226 case USB_RECIP_DEVICE: 227 if (ctrlrequest->wValue 228 != USB_DEVICE_REMOTE_WAKEUP) 229 break; 230 musb->may_wakeup = 0; 231 handled = 1; 232 break; 233 case USB_RECIP_INTERFACE: 234 break; 235 case USB_RECIP_ENDPOINT:{ 236 const u8 epnum = 237 ctrlrequest->wIndex & 0x0f; 238 struct musb_ep *musb_ep; 239 struct musb_hw_ep *ep; 240 struct musb_request *request; 241 void __iomem *regs; 242 int is_in; 243 u16 csr; 244 245 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 246 ctrlrequest->wValue != USB_ENDPOINT_HALT) 247 break; 248 249 ep = musb->endpoints + epnum; 250 regs = ep->regs; 251 is_in = ctrlrequest->wIndex & USB_DIR_IN; 252 if (is_in) 253 musb_ep = &ep->ep_in; 254 else 255 musb_ep = &ep->ep_out; 256 if (!musb_ep->desc) 257 break; 258 259 handled = 1; 260 /* Ignore request if endpoint is wedged */ 261 if (musb_ep->wedged) 262 break; 263 264 musb_ep_select(mbase, epnum); 265 if (is_in) { 266 csr = musb_readw(regs, MUSB_TXCSR); 267 csr |= MUSB_TXCSR_CLRDATATOG | 268 MUSB_TXCSR_P_WZC_BITS; 269 csr &= ~(MUSB_TXCSR_P_SENDSTALL | 270 MUSB_TXCSR_P_SENTSTALL | 271 MUSB_TXCSR_TXPKTRDY); 272 musb_writew(regs, MUSB_TXCSR, csr); 273 } else { 274 csr = musb_readw(regs, MUSB_RXCSR); 275 csr |= MUSB_RXCSR_CLRDATATOG | 276 MUSB_RXCSR_P_WZC_BITS; 277 csr &= ~(MUSB_RXCSR_P_SENDSTALL | 278 MUSB_RXCSR_P_SENTSTALL); 279 musb_writew(regs, MUSB_RXCSR, csr); 280 } 281 282 /* Maybe start the first request in the queue */ 283 request = next_request(musb_ep); 284 if (!musb_ep->busy && request) { 285 musb_dbg(musb, "restarting the request"); 286 musb_ep_restart(musb, request); 287 } 288 289 /* select ep0 again */ 290 musb_ep_select(mbase, 0); 291 } break; 292 default: 293 /* class, vendor, etc ... delegate */ 294 handled = 0; 295 break; 296 } 297 break; 298 299 case USB_REQ_SET_FEATURE: 300 switch (recip) { 301 case USB_RECIP_DEVICE: 302 handled = 1; 303 switch (ctrlrequest->wValue) { 304 case USB_DEVICE_REMOTE_WAKEUP: 305 musb->may_wakeup = 1; 306 break; 307 case USB_DEVICE_TEST_MODE: 308 if (musb->g.speed != USB_SPEED_HIGH) 309 goto stall; 310 if (ctrlrequest->wIndex & 0xff) 311 goto stall; 312 313 switch (ctrlrequest->wIndex >> 8) { 314 case 1: 315 pr_debug("TEST_J\n"); 316 /* TEST_J */ 317 musb->test_mode_nr = 318 MUSB_TEST_J; 319 break; 320 case 2: 321 /* TEST_K */ 322 pr_debug("TEST_K\n"); 323 musb->test_mode_nr = 324 MUSB_TEST_K; 325 break; 326 case 3: 327 /* TEST_SE0_NAK */ 328 pr_debug("TEST_SE0_NAK\n"); 329 musb->test_mode_nr = 330 MUSB_TEST_SE0_NAK; 331 break; 332 case 4: 333 /* TEST_PACKET */ 334 pr_debug("TEST_PACKET\n"); 335 musb->test_mode_nr = 336 MUSB_TEST_PACKET; 337 break; 338 339 case 0xc0: 340 /* TEST_FORCE_HS */ 341 pr_debug("TEST_FORCE_HS\n"); 342 musb->test_mode_nr = 343 MUSB_TEST_FORCE_HS; 344 break; 345 case 0xc1: 346 /* TEST_FORCE_FS */ 347 pr_debug("TEST_FORCE_FS\n"); 348 musb->test_mode_nr = 349 MUSB_TEST_FORCE_FS; 350 break; 351 case 0xc2: 352 /* TEST_FIFO_ACCESS */ 353 pr_debug("TEST_FIFO_ACCESS\n"); 354 musb->test_mode_nr = 355 MUSB_TEST_FIFO_ACCESS; 356 break; 357 case 0xc3: 358 /* TEST_FORCE_HOST */ 359 pr_debug("TEST_FORCE_HOST\n"); 360 musb->test_mode_nr = 361 MUSB_TEST_FORCE_HOST; 362 break; 363 default: 364 goto stall; 365 } 366 367 /* enter test mode after irq */ 368 if (handled > 0) 369 musb->test_mode = true; 370 break; 371 case USB_DEVICE_B_HNP_ENABLE: 372 if (!musb->g.is_otg) 373 goto stall; 374 musb->g.b_hnp_enable = 1; 375 musb_try_b_hnp_enable(musb); 376 break; 377 case USB_DEVICE_A_HNP_SUPPORT: 378 if (!musb->g.is_otg) 379 goto stall; 380 musb->g.a_hnp_support = 1; 381 break; 382 case USB_DEVICE_A_ALT_HNP_SUPPORT: 383 if (!musb->g.is_otg) 384 goto stall; 385 musb->g.a_alt_hnp_support = 1; 386 break; 387 case USB_DEVICE_DEBUG_MODE: 388 handled = 0; 389 break; 390 stall: 391 default: 392 handled = -EINVAL; 393 break; 394 } 395 break; 396 397 case USB_RECIP_INTERFACE: 398 break; 399 400 case USB_RECIP_ENDPOINT:{ 401 const u8 epnum = 402 ctrlrequest->wIndex & 0x0f; 403 struct musb_ep *musb_ep; 404 struct musb_hw_ep *ep; 405 void __iomem *regs; 406 int is_in; 407 u16 csr; 408 409 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 410 ctrlrequest->wValue != USB_ENDPOINT_HALT) 411 break; 412 413 ep = musb->endpoints + epnum; 414 regs = ep->regs; 415 is_in = ctrlrequest->wIndex & USB_DIR_IN; 416 if (is_in) 417 musb_ep = &ep->ep_in; 418 else 419 musb_ep = &ep->ep_out; 420 if (!musb_ep->desc) 421 break; 422 423 musb_ep_select(mbase, epnum); 424 if (is_in) { 425 csr = musb_readw(regs, MUSB_TXCSR); 426 if (csr & MUSB_TXCSR_FIFONOTEMPTY) 427 csr |= MUSB_TXCSR_FLUSHFIFO; 428 csr |= MUSB_TXCSR_P_SENDSTALL 429 | MUSB_TXCSR_CLRDATATOG 430 | MUSB_TXCSR_P_WZC_BITS; 431 musb_writew(regs, MUSB_TXCSR, csr); 432 } else { 433 csr = musb_readw(regs, MUSB_RXCSR); 434 csr |= MUSB_RXCSR_P_SENDSTALL 435 | MUSB_RXCSR_FLUSHFIFO 436 | MUSB_RXCSR_CLRDATATOG 437 | MUSB_RXCSR_P_WZC_BITS; 438 musb_writew(regs, MUSB_RXCSR, csr); 439 } 440 441 /* select ep0 again */ 442 musb_ep_select(mbase, 0); 443 handled = 1; 444 } break; 445 446 default: 447 /* class, vendor, etc ... delegate */ 448 handled = 0; 449 break; 450 } 451 break; 452 default: 453 /* delegate SET_CONFIGURATION, etc */ 454 handled = 0; 455 } 456 } else 457 handled = 0; 458 return handled; 459 } 460 461 /* we have an ep0out data packet 462 * Context: caller holds controller lock 463 */ 464 static void ep0_rxstate(struct musb *musb) 465 { 466 void __iomem *regs = musb->control_ep->regs; 467 struct musb_request *request; 468 struct usb_request *req; 469 u16 count, csr; 470 471 request = next_ep0_request(musb); 472 req = &request->request; 473 474 /* read packet and ack; or stall because of gadget driver bug: 475 * should have provided the rx buffer before setup() returned. 476 */ 477 if (req) { 478 void *buf = req->buf + req->actual; 479 unsigned len = req->length - req->actual; 480 481 /* read the buffer */ 482 count = musb_readb(regs, MUSB_COUNT0); 483 if (count > len) { 484 req->status = -EOVERFLOW; 485 count = len; 486 } 487 if (count > 0) { 488 musb_read_fifo(&musb->endpoints[0], count, buf); 489 req->actual += count; 490 } 491 csr = MUSB_CSR0_P_SVDRXPKTRDY; 492 if (count < 64 || req->actual == req->length) { 493 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 494 csr |= MUSB_CSR0_P_DATAEND; 495 } else 496 req = NULL; 497 } else 498 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL; 499 500 501 /* Completion handler may choose to stall, e.g. because the 502 * message just received holds invalid data. 503 */ 504 if (req) { 505 musb->ackpend = csr; 506 musb_g_ep0_giveback(musb, req); 507 if (!musb->ackpend) 508 return; 509 musb->ackpend = 0; 510 } 511 musb_ep_select(musb->mregs, 0); 512 musb_writew(regs, MUSB_CSR0, csr); 513 } 514 515 /* 516 * transmitting to the host (IN), this code might be called from IRQ 517 * and from kernel thread. 518 * 519 * Context: caller holds controller lock 520 */ 521 static void ep0_txstate(struct musb *musb) 522 { 523 void __iomem *regs = musb->control_ep->regs; 524 struct musb_request *req = next_ep0_request(musb); 525 struct usb_request *request; 526 u16 csr = MUSB_CSR0_TXPKTRDY; 527 u8 *fifo_src; 528 u8 fifo_count; 529 530 if (!req) { 531 /* WARN_ON(1); */ 532 musb_dbg(musb, "odd; csr0 %04x", musb_readw(regs, MUSB_CSR0)); 533 return; 534 } 535 536 request = &req->request; 537 538 /* load the data */ 539 fifo_src = (u8 *) request->buf + request->actual; 540 fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE, 541 request->length - request->actual); 542 musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src); 543 request->actual += fifo_count; 544 545 /* update the flags */ 546 if (fifo_count < MUSB_MAX_END0_PACKET 547 || (request->actual == request->length 548 && !request->zero)) { 549 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 550 csr |= MUSB_CSR0_P_DATAEND; 551 } else 552 request = NULL; 553 554 /* report completions as soon as the fifo's loaded; there's no 555 * win in waiting till this last packet gets acked. (other than 556 * very precise fault reporting, needed by USB TMC; possible with 557 * this hardware, but not usable from portable gadget drivers.) 558 */ 559 if (request) { 560 musb->ackpend = csr; 561 musb_g_ep0_giveback(musb, request); 562 if (!musb->ackpend) 563 return; 564 musb->ackpend = 0; 565 } 566 567 /* send it out, triggering a "txpktrdy cleared" irq */ 568 musb_ep_select(musb->mregs, 0); 569 musb_writew(regs, MUSB_CSR0, csr); 570 } 571 572 /* 573 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware. 574 * Fields are left in USB byte-order. 575 * 576 * Context: caller holds controller lock. 577 */ 578 static void 579 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req) 580 { 581 struct musb_request *r; 582 void __iomem *regs = musb->control_ep->regs; 583 584 musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req); 585 586 /* NOTE: earlier 2.6 versions changed setup packets to host 587 * order, but now USB packets always stay in USB byte order. 588 */ 589 musb_dbg(musb, "SETUP req%02x.%02x v%04x i%04x l%d", 590 req->bRequestType, 591 req->bRequest, 592 le16_to_cpu(req->wValue), 593 le16_to_cpu(req->wIndex), 594 le16_to_cpu(req->wLength)); 595 596 /* clean up any leftover transfers */ 597 r = next_ep0_request(musb); 598 if (r) 599 musb_g_ep0_giveback(musb, &r->request); 600 601 /* For zero-data requests we want to delay the STATUS stage to 602 * avoid SETUPEND errors. If we read data (OUT), delay accepting 603 * packets until there's a buffer to store them in. 604 * 605 * If we write data, the controller acts happier if we enable 606 * the TX FIFO right away, and give the controller a moment 607 * to switch modes... 608 */ 609 musb->set_address = false; 610 musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY; 611 if (req->wLength == 0) { 612 if (req->bRequestType & USB_DIR_IN) 613 musb->ackpend |= MUSB_CSR0_TXPKTRDY; 614 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT; 615 } else if (req->bRequestType & USB_DIR_IN) { 616 musb->ep0_state = MUSB_EP0_STAGE_TX; 617 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY); 618 while ((musb_readw(regs, MUSB_CSR0) 619 & MUSB_CSR0_RXPKTRDY) != 0) 620 cpu_relax(); 621 musb->ackpend = 0; 622 } else 623 musb->ep0_state = MUSB_EP0_STAGE_RX; 624 } 625 626 static int 627 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 628 __releases(musb->lock) 629 __acquires(musb->lock) 630 { 631 int retval; 632 if (!musb->gadget_driver) 633 return -EOPNOTSUPP; 634 spin_unlock(&musb->lock); 635 retval = musb->gadget_driver->setup(&musb->g, ctrlrequest); 636 spin_lock(&musb->lock); 637 return retval; 638 } 639 640 /* 641 * Handle peripheral ep0 interrupt 642 * 643 * Context: irq handler; we won't re-enter the driver that way. 644 */ 645 irqreturn_t musb_g_ep0_irq(struct musb *musb) 646 { 647 u16 csr; 648 u16 len; 649 void __iomem *mbase = musb->mregs; 650 void __iomem *regs = musb->endpoints[0].regs; 651 irqreturn_t retval = IRQ_NONE; 652 653 musb_ep_select(mbase, 0); /* select ep0 */ 654 csr = musb_readw(regs, MUSB_CSR0); 655 len = musb_readb(regs, MUSB_COUNT0); 656 657 musb_dbg(musb, "csr %04x, count %d, ep0stage %s", 658 csr, len, decode_ep0stage(musb->ep0_state)); 659 660 if (csr & MUSB_CSR0_P_DATAEND) { 661 /* 662 * If DATAEND is set we should not call the callback, 663 * hence the status stage is not complete. 664 */ 665 return IRQ_HANDLED; 666 } 667 668 /* I sent a stall.. need to acknowledge it now.. */ 669 if (csr & MUSB_CSR0_P_SENTSTALL) { 670 musb_writew(regs, MUSB_CSR0, 671 csr & ~MUSB_CSR0_P_SENTSTALL); 672 retval = IRQ_HANDLED; 673 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 674 csr = musb_readw(regs, MUSB_CSR0); 675 } 676 677 /* request ended "early" */ 678 if (csr & MUSB_CSR0_P_SETUPEND) { 679 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND); 680 retval = IRQ_HANDLED; 681 /* Transition into the early status phase */ 682 switch (musb->ep0_state) { 683 case MUSB_EP0_STAGE_TX: 684 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 685 break; 686 case MUSB_EP0_STAGE_RX: 687 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 688 break; 689 default: 690 ERR("SetupEnd came in a wrong ep0stage %s\n", 691 decode_ep0stage(musb->ep0_state)); 692 } 693 csr = musb_readw(regs, MUSB_CSR0); 694 /* NOTE: request may need completion */ 695 } 696 697 /* docs from Mentor only describe tx, rx, and idle/setup states. 698 * we need to handle nuances around status stages, and also the 699 * case where status and setup stages come back-to-back ... 700 */ 701 switch (musb->ep0_state) { 702 703 case MUSB_EP0_STAGE_TX: 704 /* irq on clearing txpktrdy */ 705 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) { 706 ep0_txstate(musb); 707 retval = IRQ_HANDLED; 708 } 709 break; 710 711 case MUSB_EP0_STAGE_RX: 712 /* irq on set rxpktrdy */ 713 if (csr & MUSB_CSR0_RXPKTRDY) { 714 ep0_rxstate(musb); 715 retval = IRQ_HANDLED; 716 } 717 break; 718 719 case MUSB_EP0_STAGE_STATUSIN: 720 /* end of sequence #2 (OUT/RX state) or #3 (no data) */ 721 722 /* update address (if needed) only @ the end of the 723 * status phase per usb spec, which also guarantees 724 * we get 10 msec to receive this irq... until this 725 * is done we won't see the next packet. 726 */ 727 if (musb->set_address) { 728 musb->set_address = false; 729 musb_writeb(mbase, MUSB_FADDR, musb->address); 730 } 731 732 /* enter test mode if needed (exit by reset) */ 733 else if (musb->test_mode) { 734 musb_dbg(musb, "entering TESTMODE"); 735 736 if (MUSB_TEST_PACKET == musb->test_mode_nr) 737 musb_load_testpacket(musb); 738 739 musb_writeb(mbase, MUSB_TESTMODE, 740 musb->test_mode_nr); 741 } 742 /* FALLTHROUGH */ 743 744 case MUSB_EP0_STAGE_STATUSOUT: 745 /* end of sequence #1: write to host (TX state) */ 746 { 747 struct musb_request *req; 748 749 req = next_ep0_request(musb); 750 if (req) 751 musb_g_ep0_giveback(musb, &req->request); 752 } 753 754 /* 755 * In case when several interrupts can get coalesced, 756 * check to see if we've already received a SETUP packet... 757 */ 758 if (csr & MUSB_CSR0_RXPKTRDY) 759 goto setup; 760 761 retval = IRQ_HANDLED; 762 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 763 break; 764 765 case MUSB_EP0_STAGE_IDLE: 766 /* 767 * This state is typically (but not always) indiscernible 768 * from the status states since the corresponding interrupts 769 * tend to happen within too little period of time (with only 770 * a zero-length packet in between) and so get coalesced... 771 */ 772 retval = IRQ_HANDLED; 773 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 774 /* FALLTHROUGH */ 775 776 case MUSB_EP0_STAGE_SETUP: 777 setup: 778 if (csr & MUSB_CSR0_RXPKTRDY) { 779 struct usb_ctrlrequest setup; 780 int handled = 0; 781 782 if (len != 8) { 783 ERR("SETUP packet len %d != 8 ?\n", len); 784 break; 785 } 786 musb_read_setup(musb, &setup); 787 retval = IRQ_HANDLED; 788 789 /* sometimes the RESET won't be reported */ 790 if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) { 791 u8 power; 792 793 printk(KERN_NOTICE "%s: peripheral reset " 794 "irq lost!\n", 795 musb_driver_name); 796 power = musb_readb(mbase, MUSB_POWER); 797 musb->g.speed = (power & MUSB_POWER_HSMODE) 798 ? USB_SPEED_HIGH : USB_SPEED_FULL; 799 800 } 801 802 switch (musb->ep0_state) { 803 804 /* sequence #3 (no data stage), includes requests 805 * we can't forward (notably SET_ADDRESS and the 806 * device/endpoint feature set/clear operations) 807 * plus SET_CONFIGURATION and others we must 808 */ 809 case MUSB_EP0_STAGE_ACKWAIT: 810 handled = service_zero_data_request( 811 musb, &setup); 812 813 /* 814 * We're expecting no data in any case, so 815 * always set the DATAEND bit -- doing this 816 * here helps avoid SetupEnd interrupt coming 817 * in the idle stage when we're stalling... 818 */ 819 musb->ackpend |= MUSB_CSR0_P_DATAEND; 820 821 /* status stage might be immediate */ 822 if (handled > 0) 823 musb->ep0_state = 824 MUSB_EP0_STAGE_STATUSIN; 825 break; 826 827 /* sequence #1 (IN to host), includes GET_STATUS 828 * requests that we can't forward, GET_DESCRIPTOR 829 * and others that we must 830 */ 831 case MUSB_EP0_STAGE_TX: 832 handled = service_in_request(musb, &setup); 833 if (handled > 0) { 834 musb->ackpend = MUSB_CSR0_TXPKTRDY 835 | MUSB_CSR0_P_DATAEND; 836 musb->ep0_state = 837 MUSB_EP0_STAGE_STATUSOUT; 838 } 839 break; 840 841 /* sequence #2 (OUT from host), always forward */ 842 default: /* MUSB_EP0_STAGE_RX */ 843 break; 844 } 845 846 musb_dbg(musb, "handled %d, csr %04x, ep0stage %s", 847 handled, csr, 848 decode_ep0stage(musb->ep0_state)); 849 850 /* unless we need to delegate this to the gadget 851 * driver, we know how to wrap this up: csr0 has 852 * not yet been written. 853 */ 854 if (handled < 0) 855 goto stall; 856 else if (handled > 0) 857 goto finish; 858 859 handled = forward_to_driver(musb, &setup); 860 if (handled < 0) { 861 musb_ep_select(mbase, 0); 862 stall: 863 musb_dbg(musb, "stall (%d)", handled); 864 musb->ackpend |= MUSB_CSR0_P_SENDSTALL; 865 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 866 finish: 867 musb_writew(regs, MUSB_CSR0, 868 musb->ackpend); 869 musb->ackpend = 0; 870 } 871 } 872 break; 873 874 case MUSB_EP0_STAGE_ACKWAIT: 875 /* This should not happen. But happens with tusb6010 with 876 * g_file_storage and high speed. Do nothing. 877 */ 878 retval = IRQ_HANDLED; 879 break; 880 881 default: 882 /* "can't happen" */ 883 WARN_ON(1); 884 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL); 885 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 886 break; 887 } 888 889 return retval; 890 } 891 892 893 static int 894 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc) 895 { 896 /* always enabled */ 897 return -EINVAL; 898 } 899 900 static int musb_g_ep0_disable(struct usb_ep *e) 901 { 902 /* always enabled */ 903 return -EINVAL; 904 } 905 906 static int 907 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags) 908 { 909 struct musb_ep *ep; 910 struct musb_request *req; 911 struct musb *musb; 912 int status; 913 unsigned long lockflags; 914 void __iomem *regs; 915 916 if (!e || !r) 917 return -EINVAL; 918 919 ep = to_musb_ep(e); 920 musb = ep->musb; 921 regs = musb->control_ep->regs; 922 923 req = to_musb_request(r); 924 req->musb = musb; 925 req->request.actual = 0; 926 req->request.status = -EINPROGRESS; 927 req->tx = ep->is_in; 928 929 spin_lock_irqsave(&musb->lock, lockflags); 930 931 if (!list_empty(&ep->req_list)) { 932 status = -EBUSY; 933 goto cleanup; 934 } 935 936 switch (musb->ep0_state) { 937 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 938 case MUSB_EP0_STAGE_TX: /* control-IN data */ 939 case MUSB_EP0_STAGE_ACKWAIT: /* zero-length data */ 940 status = 0; 941 break; 942 default: 943 musb_dbg(musb, "ep0 request queued in state %d", 944 musb->ep0_state); 945 status = -EINVAL; 946 goto cleanup; 947 } 948 949 /* add request to the list */ 950 list_add_tail(&req->list, &ep->req_list); 951 952 musb_dbg(musb, "queue to %s (%s), length=%d", 953 ep->name, ep->is_in ? "IN/TX" : "OUT/RX", 954 req->request.length); 955 956 musb_ep_select(musb->mregs, 0); 957 958 /* sequence #1, IN ... start writing the data */ 959 if (musb->ep0_state == MUSB_EP0_STAGE_TX) 960 ep0_txstate(musb); 961 962 /* sequence #3, no-data ... issue IN status */ 963 else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) { 964 if (req->request.length) 965 status = -EINVAL; 966 else { 967 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 968 musb_writew(regs, MUSB_CSR0, 969 musb->ackpend | MUSB_CSR0_P_DATAEND); 970 musb->ackpend = 0; 971 musb_g_ep0_giveback(ep->musb, r); 972 } 973 974 /* else for sequence #2 (OUT), caller provides a buffer 975 * before the next packet arrives. deferred responses 976 * (after SETUP is acked) are racey. 977 */ 978 } else if (musb->ackpend) { 979 musb_writew(regs, MUSB_CSR0, musb->ackpend); 980 musb->ackpend = 0; 981 } 982 983 cleanup: 984 spin_unlock_irqrestore(&musb->lock, lockflags); 985 return status; 986 } 987 988 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req) 989 { 990 /* we just won't support this */ 991 return -EINVAL; 992 } 993 994 static int musb_g_ep0_halt(struct usb_ep *e, int value) 995 { 996 struct musb_ep *ep; 997 struct musb *musb; 998 void __iomem *base, *regs; 999 unsigned long flags; 1000 int status; 1001 u16 csr; 1002 1003 if (!e || !value) 1004 return -EINVAL; 1005 1006 ep = to_musb_ep(e); 1007 musb = ep->musb; 1008 base = musb->mregs; 1009 regs = musb->control_ep->regs; 1010 status = 0; 1011 1012 spin_lock_irqsave(&musb->lock, flags); 1013 1014 if (!list_empty(&ep->req_list)) { 1015 status = -EBUSY; 1016 goto cleanup; 1017 } 1018 1019 musb_ep_select(base, 0); 1020 csr = musb->ackpend; 1021 1022 switch (musb->ep0_state) { 1023 1024 /* Stalls are usually issued after parsing SETUP packet, either 1025 * directly in irq context from setup() or else later. 1026 */ 1027 case MUSB_EP0_STAGE_TX: /* control-IN data */ 1028 case MUSB_EP0_STAGE_ACKWAIT: /* STALL for zero-length data */ 1029 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 1030 csr = musb_readw(regs, MUSB_CSR0); 1031 /* FALLTHROUGH */ 1032 1033 /* It's also OK to issue stalls during callbacks when a non-empty 1034 * DATA stage buffer has been read (or even written). 1035 */ 1036 case MUSB_EP0_STAGE_STATUSIN: /* control-OUT status */ 1037 case MUSB_EP0_STAGE_STATUSOUT: /* control-IN status */ 1038 1039 csr |= MUSB_CSR0_P_SENDSTALL; 1040 musb_writew(regs, MUSB_CSR0, csr); 1041 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 1042 musb->ackpend = 0; 1043 break; 1044 default: 1045 musb_dbg(musb, "ep0 can't halt in state %d", musb->ep0_state); 1046 status = -EINVAL; 1047 } 1048 1049 cleanup: 1050 spin_unlock_irqrestore(&musb->lock, flags); 1051 return status; 1052 } 1053 1054 const struct usb_ep_ops musb_g_ep0_ops = { 1055 .enable = musb_g_ep0_enable, 1056 .disable = musb_g_ep0_disable, 1057 .alloc_request = musb_alloc_request, 1058 .free_request = musb_free_request, 1059 .queue = musb_g_ep0_queue, 1060 .dequeue = musb_g_ep0_dequeue, 1061 .set_halt = musb_g_ep0_halt, 1062 }; 1063