1 /*
2  * MUSB OTG peripheral driver ep0 handling
3  *
4  * Copyright 2005 Mentor Graphics Corporation
5  * Copyright (C) 2005-2006 by Texas Instruments
6  * Copyright (C) 2006-2007 Nokia Corporation
7  * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com>
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License
11  * version 2 as published by the Free Software Foundation.
12  *
13  * This program is distributed in the hope that it will be useful, but
14  * WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, write to the Free Software
20  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
21  * 02110-1301 USA
22  *
23  * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
24  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN
26  * NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
27  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
29  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
30  * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33  *
34  */
35 
36 #include <linux/kernel.h>
37 #include <linux/list.h>
38 #include <linux/timer.h>
39 #include <linux/spinlock.h>
40 #include <linux/device.h>
41 #include <linux/interrupt.h>
42 
43 #include "musb_core.h"
44 
45 /* ep0 is always musb->endpoints[0].ep_in */
46 #define	next_ep0_request(musb)	next_in_request(&(musb)->endpoints[0])
47 
48 /*
49  * locking note:  we use only the controller lock, for simpler correctness.
50  * It's always held with IRQs blocked.
51  *
52  * It protects the ep0 request queue as well as ep0_state, not just the
53  * controller and indexed registers.  And that lock stays held unless it
54  * needs to be dropped to allow reentering this driver ... like upcalls to
55  * the gadget driver, or adjusting endpoint halt status.
56  */
57 
58 static char *decode_ep0stage(u8 stage)
59 {
60 	switch (stage) {
61 	case MUSB_EP0_STAGE_IDLE:	return "idle";
62 	case MUSB_EP0_STAGE_SETUP:	return "setup";
63 	case MUSB_EP0_STAGE_TX:		return "in";
64 	case MUSB_EP0_STAGE_RX:		return "out";
65 	case MUSB_EP0_STAGE_ACKWAIT:	return "wait";
66 	case MUSB_EP0_STAGE_STATUSIN:	return "in/status";
67 	case MUSB_EP0_STAGE_STATUSOUT:	return "out/status";
68 	default:			return "?";
69 	}
70 }
71 
72 /* handle a standard GET_STATUS request
73  * Context:  caller holds controller lock
74  */
75 static int service_tx_status_request(
76 	struct musb *musb,
77 	const struct usb_ctrlrequest *ctrlrequest)
78 {
79 	void __iomem	*mbase = musb->mregs;
80 	int handled = 1;
81 	u8 result[2], epnum = 0;
82 	const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
83 
84 	result[1] = 0;
85 
86 	switch (recip) {
87 	case USB_RECIP_DEVICE:
88 		result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED;
89 		result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP;
90 		if (musb->g.is_otg) {
91 			result[0] |= musb->g.b_hnp_enable
92 				<< USB_DEVICE_B_HNP_ENABLE;
93 			result[0] |= musb->g.a_alt_hnp_support
94 				<< USB_DEVICE_A_ALT_HNP_SUPPORT;
95 			result[0] |= musb->g.a_hnp_support
96 				<< USB_DEVICE_A_HNP_SUPPORT;
97 		}
98 		break;
99 
100 	case USB_RECIP_INTERFACE:
101 		result[0] = 0;
102 		break;
103 
104 	case USB_RECIP_ENDPOINT: {
105 		int		is_in;
106 		struct musb_ep	*ep;
107 		u16		tmp;
108 		void __iomem	*regs;
109 
110 		epnum = (u8) ctrlrequest->wIndex;
111 		if (!epnum) {
112 			result[0] = 0;
113 			break;
114 		}
115 
116 		is_in = epnum & USB_DIR_IN;
117 		if (is_in) {
118 			epnum &= 0x0f;
119 			ep = &musb->endpoints[epnum].ep_in;
120 		} else {
121 			ep = &musb->endpoints[epnum].ep_out;
122 		}
123 		regs = musb->endpoints[epnum].regs;
124 
125 		if (epnum >= MUSB_C_NUM_EPS || !ep->desc) {
126 			handled = -EINVAL;
127 			break;
128 		}
129 
130 		musb_ep_select(mbase, epnum);
131 		if (is_in)
132 			tmp = musb_readw(regs, MUSB_TXCSR)
133 						& MUSB_TXCSR_P_SENDSTALL;
134 		else
135 			tmp = musb_readw(regs, MUSB_RXCSR)
136 						& MUSB_RXCSR_P_SENDSTALL;
137 		musb_ep_select(mbase, 0);
138 
139 		result[0] = tmp ? 1 : 0;
140 		} break;
141 
142 	default:
143 		/* class, vendor, etc ... delegate */
144 		handled = 0;
145 		break;
146 	}
147 
148 	/* fill up the fifo; caller updates csr0 */
149 	if (handled > 0) {
150 		u16	len = le16_to_cpu(ctrlrequest->wLength);
151 
152 		if (len > 2)
153 			len = 2;
154 		musb_write_fifo(&musb->endpoints[0], len, result);
155 	}
156 
157 	return handled;
158 }
159 
160 /*
161  * handle a control-IN request, the end0 buffer contains the current request
162  * that is supposed to be a standard control request. Assumes the fifo to
163  * be at least 2 bytes long.
164  *
165  * @return 0 if the request was NOT HANDLED,
166  * < 0 when error
167  * > 0 when the request is processed
168  *
169  * Context:  caller holds controller lock
170  */
171 static int
172 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
173 {
174 	int handled = 0;	/* not handled */
175 
176 	if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
177 			== USB_TYPE_STANDARD) {
178 		switch (ctrlrequest->bRequest) {
179 		case USB_REQ_GET_STATUS:
180 			handled = service_tx_status_request(musb,
181 					ctrlrequest);
182 			break;
183 
184 		/* case USB_REQ_SYNC_FRAME: */
185 
186 		default:
187 			break;
188 		}
189 	}
190 	return handled;
191 }
192 
193 /*
194  * Context:  caller holds controller lock
195  */
196 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req)
197 {
198 	musb_g_giveback(&musb->endpoints[0].ep_in, req, 0);
199 }
200 
201 /*
202  * Tries to start B-device HNP negotiation if enabled via sysfs
203  */
204 static inline void musb_try_b_hnp_enable(struct musb *musb)
205 {
206 	void __iomem	*mbase = musb->mregs;
207 	u8		devctl;
208 
209 	dev_dbg(musb->controller, "HNP: Setting HR\n");
210 	devctl = musb_readb(mbase, MUSB_DEVCTL);
211 	musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR);
212 }
213 
214 /*
215  * Handle all control requests with no DATA stage, including standard
216  * requests such as:
217  * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized
218  *	always delegated to the gadget driver
219  * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE
220  *	always handled here, except for class/vendor/... features
221  *
222  * Context:  caller holds controller lock
223  */
224 static int
225 service_zero_data_request(struct musb *musb,
226 		struct usb_ctrlrequest *ctrlrequest)
227 __releases(musb->lock)
228 __acquires(musb->lock)
229 {
230 	int handled = -EINVAL;
231 	void __iomem *mbase = musb->mregs;
232 	const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
233 
234 	/* the gadget driver handles everything except what we MUST handle */
235 	if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
236 			== USB_TYPE_STANDARD) {
237 		switch (ctrlrequest->bRequest) {
238 		case USB_REQ_SET_ADDRESS:
239 			/* change it after the status stage */
240 			musb->set_address = true;
241 			musb->address = (u8) (ctrlrequest->wValue & 0x7f);
242 			handled = 1;
243 			break;
244 
245 		case USB_REQ_CLEAR_FEATURE:
246 			switch (recip) {
247 			case USB_RECIP_DEVICE:
248 				if (ctrlrequest->wValue
249 						!= USB_DEVICE_REMOTE_WAKEUP)
250 					break;
251 				musb->may_wakeup = 0;
252 				handled = 1;
253 				break;
254 			case USB_RECIP_INTERFACE:
255 				break;
256 			case USB_RECIP_ENDPOINT:{
257 				const u8		epnum =
258 					ctrlrequest->wIndex & 0x0f;
259 				struct musb_ep		*musb_ep;
260 				struct musb_hw_ep	*ep;
261 				struct musb_request	*request;
262 				void __iomem		*regs;
263 				int			is_in;
264 				u16			csr;
265 
266 				if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
267 				    ctrlrequest->wValue != USB_ENDPOINT_HALT)
268 					break;
269 
270 				ep = musb->endpoints + epnum;
271 				regs = ep->regs;
272 				is_in = ctrlrequest->wIndex & USB_DIR_IN;
273 				if (is_in)
274 					musb_ep = &ep->ep_in;
275 				else
276 					musb_ep = &ep->ep_out;
277 				if (!musb_ep->desc)
278 					break;
279 
280 				handled = 1;
281 				/* Ignore request if endpoint is wedged */
282 				if (musb_ep->wedged)
283 					break;
284 
285 				musb_ep_select(mbase, epnum);
286 				if (is_in) {
287 					csr  = musb_readw(regs, MUSB_TXCSR);
288 					csr |= MUSB_TXCSR_CLRDATATOG |
289 					       MUSB_TXCSR_P_WZC_BITS;
290 					csr &= ~(MUSB_TXCSR_P_SENDSTALL |
291 						 MUSB_TXCSR_P_SENTSTALL |
292 						 MUSB_TXCSR_TXPKTRDY);
293 					musb_writew(regs, MUSB_TXCSR, csr);
294 				} else {
295 					csr  = musb_readw(regs, MUSB_RXCSR);
296 					csr |= MUSB_RXCSR_CLRDATATOG |
297 					       MUSB_RXCSR_P_WZC_BITS;
298 					csr &= ~(MUSB_RXCSR_P_SENDSTALL |
299 						 MUSB_RXCSR_P_SENTSTALL);
300 					musb_writew(regs, MUSB_RXCSR, csr);
301 				}
302 
303 				/* Maybe start the first request in the queue */
304 				request = next_request(musb_ep);
305 				if (!musb_ep->busy && request) {
306 					dev_dbg(musb->controller, "restarting the request\n");
307 					musb_ep_restart(musb, request);
308 				}
309 
310 				/* select ep0 again */
311 				musb_ep_select(mbase, 0);
312 				} break;
313 			default:
314 				/* class, vendor, etc ... delegate */
315 				handled = 0;
316 				break;
317 			}
318 			break;
319 
320 		case USB_REQ_SET_FEATURE:
321 			switch (recip) {
322 			case USB_RECIP_DEVICE:
323 				handled = 1;
324 				switch (ctrlrequest->wValue) {
325 				case USB_DEVICE_REMOTE_WAKEUP:
326 					musb->may_wakeup = 1;
327 					break;
328 				case USB_DEVICE_TEST_MODE:
329 					if (musb->g.speed != USB_SPEED_HIGH)
330 						goto stall;
331 					if (ctrlrequest->wIndex & 0xff)
332 						goto stall;
333 
334 					switch (ctrlrequest->wIndex >> 8) {
335 					case 1:
336 						pr_debug("TEST_J\n");
337 						/* TEST_J */
338 						musb->test_mode_nr =
339 							MUSB_TEST_J;
340 						break;
341 					case 2:
342 						/* TEST_K */
343 						pr_debug("TEST_K\n");
344 						musb->test_mode_nr =
345 							MUSB_TEST_K;
346 						break;
347 					case 3:
348 						/* TEST_SE0_NAK */
349 						pr_debug("TEST_SE0_NAK\n");
350 						musb->test_mode_nr =
351 							MUSB_TEST_SE0_NAK;
352 						break;
353 					case 4:
354 						/* TEST_PACKET */
355 						pr_debug("TEST_PACKET\n");
356 						musb->test_mode_nr =
357 							MUSB_TEST_PACKET;
358 						break;
359 
360 					case 0xc0:
361 						/* TEST_FORCE_HS */
362 						pr_debug("TEST_FORCE_HS\n");
363 						musb->test_mode_nr =
364 							MUSB_TEST_FORCE_HS;
365 						break;
366 					case 0xc1:
367 						/* TEST_FORCE_FS */
368 						pr_debug("TEST_FORCE_FS\n");
369 						musb->test_mode_nr =
370 							MUSB_TEST_FORCE_FS;
371 						break;
372 					case 0xc2:
373 						/* TEST_FIFO_ACCESS */
374 						pr_debug("TEST_FIFO_ACCESS\n");
375 						musb->test_mode_nr =
376 							MUSB_TEST_FIFO_ACCESS;
377 						break;
378 					case 0xc3:
379 						/* TEST_FORCE_HOST */
380 						pr_debug("TEST_FORCE_HOST\n");
381 						musb->test_mode_nr =
382 							MUSB_TEST_FORCE_HOST;
383 						break;
384 					default:
385 						goto stall;
386 					}
387 
388 					/* enter test mode after irq */
389 					if (handled > 0)
390 						musb->test_mode = true;
391 					break;
392 				case USB_DEVICE_B_HNP_ENABLE:
393 					if (!musb->g.is_otg)
394 						goto stall;
395 					musb->g.b_hnp_enable = 1;
396 					musb_try_b_hnp_enable(musb);
397 					break;
398 				case USB_DEVICE_A_HNP_SUPPORT:
399 					if (!musb->g.is_otg)
400 						goto stall;
401 					musb->g.a_hnp_support = 1;
402 					break;
403 				case USB_DEVICE_A_ALT_HNP_SUPPORT:
404 					if (!musb->g.is_otg)
405 						goto stall;
406 					musb->g.a_alt_hnp_support = 1;
407 					break;
408 				case USB_DEVICE_DEBUG_MODE:
409 					handled = 0;
410 					break;
411 stall:
412 				default:
413 					handled = -EINVAL;
414 					break;
415 				}
416 				break;
417 
418 			case USB_RECIP_INTERFACE:
419 				break;
420 
421 			case USB_RECIP_ENDPOINT:{
422 				const u8		epnum =
423 					ctrlrequest->wIndex & 0x0f;
424 				struct musb_ep		*musb_ep;
425 				struct musb_hw_ep	*ep;
426 				void __iomem		*regs;
427 				int			is_in;
428 				u16			csr;
429 
430 				if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
431 				    ctrlrequest->wValue	!= USB_ENDPOINT_HALT)
432 					break;
433 
434 				ep = musb->endpoints + epnum;
435 				regs = ep->regs;
436 				is_in = ctrlrequest->wIndex & USB_DIR_IN;
437 				if (is_in)
438 					musb_ep = &ep->ep_in;
439 				else
440 					musb_ep = &ep->ep_out;
441 				if (!musb_ep->desc)
442 					break;
443 
444 				musb_ep_select(mbase, epnum);
445 				if (is_in) {
446 					csr = musb_readw(regs, MUSB_TXCSR);
447 					if (csr & MUSB_TXCSR_FIFONOTEMPTY)
448 						csr |= MUSB_TXCSR_FLUSHFIFO;
449 					csr |= MUSB_TXCSR_P_SENDSTALL
450 						| MUSB_TXCSR_CLRDATATOG
451 						| MUSB_TXCSR_P_WZC_BITS;
452 					musb_writew(regs, MUSB_TXCSR, csr);
453 				} else {
454 					csr = musb_readw(regs, MUSB_RXCSR);
455 					csr |= MUSB_RXCSR_P_SENDSTALL
456 						| MUSB_RXCSR_FLUSHFIFO
457 						| MUSB_RXCSR_CLRDATATOG
458 						| MUSB_RXCSR_P_WZC_BITS;
459 					musb_writew(regs, MUSB_RXCSR, csr);
460 				}
461 
462 				/* select ep0 again */
463 				musb_ep_select(mbase, 0);
464 				handled = 1;
465 				} break;
466 
467 			default:
468 				/* class, vendor, etc ... delegate */
469 				handled = 0;
470 				break;
471 			}
472 			break;
473 		default:
474 			/* delegate SET_CONFIGURATION, etc */
475 			handled = 0;
476 		}
477 	} else
478 		handled = 0;
479 	return handled;
480 }
481 
482 /* we have an ep0out data packet
483  * Context:  caller holds controller lock
484  */
485 static void ep0_rxstate(struct musb *musb)
486 {
487 	void __iomem		*regs = musb->control_ep->regs;
488 	struct musb_request	*request;
489 	struct usb_request	*req;
490 	u16			count, csr;
491 
492 	request = next_ep0_request(musb);
493 	req = &request->request;
494 
495 	/* read packet and ack; or stall because of gadget driver bug:
496 	 * should have provided the rx buffer before setup() returned.
497 	 */
498 	if (req) {
499 		void		*buf = req->buf + req->actual;
500 		unsigned	len = req->length - req->actual;
501 
502 		/* read the buffer */
503 		count = musb_readb(regs, MUSB_COUNT0);
504 		if (count > len) {
505 			req->status = -EOVERFLOW;
506 			count = len;
507 		}
508 		if (count > 0) {
509 			musb_read_fifo(&musb->endpoints[0], count, buf);
510 			req->actual += count;
511 		}
512 		csr = MUSB_CSR0_P_SVDRXPKTRDY;
513 		if (count < 64 || req->actual == req->length) {
514 			musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
515 			csr |= MUSB_CSR0_P_DATAEND;
516 		} else
517 			req = NULL;
518 	} else
519 		csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL;
520 
521 
522 	/* Completion handler may choose to stall, e.g. because the
523 	 * message just received holds invalid data.
524 	 */
525 	if (req) {
526 		musb->ackpend = csr;
527 		musb_g_ep0_giveback(musb, req);
528 		if (!musb->ackpend)
529 			return;
530 		musb->ackpend = 0;
531 	}
532 	musb_ep_select(musb->mregs, 0);
533 	musb_writew(regs, MUSB_CSR0, csr);
534 }
535 
536 /*
537  * transmitting to the host (IN), this code might be called from IRQ
538  * and from kernel thread.
539  *
540  * Context:  caller holds controller lock
541  */
542 static void ep0_txstate(struct musb *musb)
543 {
544 	void __iomem		*regs = musb->control_ep->regs;
545 	struct musb_request	*req = next_ep0_request(musb);
546 	struct usb_request	*request;
547 	u16			csr = MUSB_CSR0_TXPKTRDY;
548 	u8			*fifo_src;
549 	u8			fifo_count;
550 
551 	if (!req) {
552 		/* WARN_ON(1); */
553 		dev_dbg(musb->controller, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0));
554 		return;
555 	}
556 
557 	request = &req->request;
558 
559 	/* load the data */
560 	fifo_src = (u8 *) request->buf + request->actual;
561 	fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE,
562 		request->length - request->actual);
563 	musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src);
564 	request->actual += fifo_count;
565 
566 	/* update the flags */
567 	if (fifo_count < MUSB_MAX_END0_PACKET
568 			|| (request->actual == request->length
569 				&& !request->zero)) {
570 		musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
571 		csr |= MUSB_CSR0_P_DATAEND;
572 	} else
573 		request = NULL;
574 
575 	/* report completions as soon as the fifo's loaded; there's no
576 	 * win in waiting till this last packet gets acked.  (other than
577 	 * very precise fault reporting, needed by USB TMC; possible with
578 	 * this hardware, but not usable from portable gadget drivers.)
579 	 */
580 	if (request) {
581 		musb->ackpend = csr;
582 		musb_g_ep0_giveback(musb, request);
583 		if (!musb->ackpend)
584 			return;
585 		musb->ackpend = 0;
586 	}
587 
588 	/* send it out, triggering a "txpktrdy cleared" irq */
589 	musb_ep_select(musb->mregs, 0);
590 	musb_writew(regs, MUSB_CSR0, csr);
591 }
592 
593 /*
594  * Read a SETUP packet (struct usb_ctrlrequest) from the hardware.
595  * Fields are left in USB byte-order.
596  *
597  * Context:  caller holds controller lock.
598  */
599 static void
600 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req)
601 {
602 	struct musb_request	*r;
603 	void __iomem		*regs = musb->control_ep->regs;
604 
605 	musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req);
606 
607 	/* NOTE:  earlier 2.6 versions changed setup packets to host
608 	 * order, but now USB packets always stay in USB byte order.
609 	 */
610 	dev_dbg(musb->controller, "SETUP req%02x.%02x v%04x i%04x l%d\n",
611 		req->bRequestType,
612 		req->bRequest,
613 		le16_to_cpu(req->wValue),
614 		le16_to_cpu(req->wIndex),
615 		le16_to_cpu(req->wLength));
616 
617 	/* clean up any leftover transfers */
618 	r = next_ep0_request(musb);
619 	if (r)
620 		musb_g_ep0_giveback(musb, &r->request);
621 
622 	/* For zero-data requests we want to delay the STATUS stage to
623 	 * avoid SETUPEND errors.  If we read data (OUT), delay accepting
624 	 * packets until there's a buffer to store them in.
625 	 *
626 	 * If we write data, the controller acts happier if we enable
627 	 * the TX FIFO right away, and give the controller a moment
628 	 * to switch modes...
629 	 */
630 	musb->set_address = false;
631 	musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY;
632 	if (req->wLength == 0) {
633 		if (req->bRequestType & USB_DIR_IN)
634 			musb->ackpend |= MUSB_CSR0_TXPKTRDY;
635 		musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT;
636 	} else if (req->bRequestType & USB_DIR_IN) {
637 		musb->ep0_state = MUSB_EP0_STAGE_TX;
638 		musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY);
639 		while ((musb_readw(regs, MUSB_CSR0)
640 				& MUSB_CSR0_RXPKTRDY) != 0)
641 			cpu_relax();
642 		musb->ackpend = 0;
643 	} else
644 		musb->ep0_state = MUSB_EP0_STAGE_RX;
645 }
646 
647 static int
648 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
649 __releases(musb->lock)
650 __acquires(musb->lock)
651 {
652 	int retval;
653 	if (!musb->gadget_driver)
654 		return -EOPNOTSUPP;
655 	spin_unlock(&musb->lock);
656 	retval = musb->gadget_driver->setup(&musb->g, ctrlrequest);
657 	spin_lock(&musb->lock);
658 	return retval;
659 }
660 
661 /*
662  * Handle peripheral ep0 interrupt
663  *
664  * Context: irq handler; we won't re-enter the driver that way.
665  */
666 irqreturn_t musb_g_ep0_irq(struct musb *musb)
667 {
668 	u16		csr;
669 	u16		len;
670 	void __iomem	*mbase = musb->mregs;
671 	void __iomem	*regs = musb->endpoints[0].regs;
672 	irqreturn_t	retval = IRQ_NONE;
673 
674 	musb_ep_select(mbase, 0);	/* select ep0 */
675 	csr = musb_readw(regs, MUSB_CSR0);
676 	len = musb_readb(regs, MUSB_COUNT0);
677 
678 	dev_dbg(musb->controller, "csr %04x, count %d, ep0stage %s\n",
679 			csr, len, decode_ep0stage(musb->ep0_state));
680 
681 	if (csr & MUSB_CSR0_P_DATAEND) {
682 		/*
683 		 * If DATAEND is set we should not call the callback,
684 		 * hence the status stage is not complete.
685 		 */
686 		return IRQ_HANDLED;
687 	}
688 
689 	/* I sent a stall.. need to acknowledge it now.. */
690 	if (csr & MUSB_CSR0_P_SENTSTALL) {
691 		musb_writew(regs, MUSB_CSR0,
692 				csr & ~MUSB_CSR0_P_SENTSTALL);
693 		retval = IRQ_HANDLED;
694 		musb->ep0_state = MUSB_EP0_STAGE_IDLE;
695 		csr = musb_readw(regs, MUSB_CSR0);
696 	}
697 
698 	/* request ended "early" */
699 	if (csr & MUSB_CSR0_P_SETUPEND) {
700 		musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND);
701 		retval = IRQ_HANDLED;
702 		/* Transition into the early status phase */
703 		switch (musb->ep0_state) {
704 		case MUSB_EP0_STAGE_TX:
705 			musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
706 			break;
707 		case MUSB_EP0_STAGE_RX:
708 			musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
709 			break;
710 		default:
711 			ERR("SetupEnd came in a wrong ep0stage %s\n",
712 			    decode_ep0stage(musb->ep0_state));
713 		}
714 		csr = musb_readw(regs, MUSB_CSR0);
715 		/* NOTE:  request may need completion */
716 	}
717 
718 	/* docs from Mentor only describe tx, rx, and idle/setup states.
719 	 * we need to handle nuances around status stages, and also the
720 	 * case where status and setup stages come back-to-back ...
721 	 */
722 	switch (musb->ep0_state) {
723 
724 	case MUSB_EP0_STAGE_TX:
725 		/* irq on clearing txpktrdy */
726 		if ((csr & MUSB_CSR0_TXPKTRDY) == 0) {
727 			ep0_txstate(musb);
728 			retval = IRQ_HANDLED;
729 		}
730 		break;
731 
732 	case MUSB_EP0_STAGE_RX:
733 		/* irq on set rxpktrdy */
734 		if (csr & MUSB_CSR0_RXPKTRDY) {
735 			ep0_rxstate(musb);
736 			retval = IRQ_HANDLED;
737 		}
738 		break;
739 
740 	case MUSB_EP0_STAGE_STATUSIN:
741 		/* end of sequence #2 (OUT/RX state) or #3 (no data) */
742 
743 		/* update address (if needed) only @ the end of the
744 		 * status phase per usb spec, which also guarantees
745 		 * we get 10 msec to receive this irq... until this
746 		 * is done we won't see the next packet.
747 		 */
748 		if (musb->set_address) {
749 			musb->set_address = false;
750 			musb_writeb(mbase, MUSB_FADDR, musb->address);
751 		}
752 
753 		/* enter test mode if needed (exit by reset) */
754 		else if (musb->test_mode) {
755 			dev_dbg(musb->controller, "entering TESTMODE\n");
756 
757 			if (MUSB_TEST_PACKET == musb->test_mode_nr)
758 				musb_load_testpacket(musb);
759 
760 			musb_writeb(mbase, MUSB_TESTMODE,
761 					musb->test_mode_nr);
762 		}
763 		/* FALLTHROUGH */
764 
765 	case MUSB_EP0_STAGE_STATUSOUT:
766 		/* end of sequence #1: write to host (TX state) */
767 		{
768 			struct musb_request	*req;
769 
770 			req = next_ep0_request(musb);
771 			if (req)
772 				musb_g_ep0_giveback(musb, &req->request);
773 		}
774 
775 		/*
776 		 * In case when several interrupts can get coalesced,
777 		 * check to see if we've already received a SETUP packet...
778 		 */
779 		if (csr & MUSB_CSR0_RXPKTRDY)
780 			goto setup;
781 
782 		retval = IRQ_HANDLED;
783 		musb->ep0_state = MUSB_EP0_STAGE_IDLE;
784 		break;
785 
786 	case MUSB_EP0_STAGE_IDLE:
787 		/*
788 		 * This state is typically (but not always) indiscernible
789 		 * from the status states since the corresponding interrupts
790 		 * tend to happen within too little period of time (with only
791 		 * a zero-length packet in between) and so get coalesced...
792 		 */
793 		retval = IRQ_HANDLED;
794 		musb->ep0_state = MUSB_EP0_STAGE_SETUP;
795 		/* FALLTHROUGH */
796 
797 	case MUSB_EP0_STAGE_SETUP:
798 setup:
799 		if (csr & MUSB_CSR0_RXPKTRDY) {
800 			struct usb_ctrlrequest	setup;
801 			int			handled = 0;
802 
803 			if (len != 8) {
804 				ERR("SETUP packet len %d != 8 ?\n", len);
805 				break;
806 			}
807 			musb_read_setup(musb, &setup);
808 			retval = IRQ_HANDLED;
809 
810 			/* sometimes the RESET won't be reported */
811 			if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) {
812 				u8	power;
813 
814 				printk(KERN_NOTICE "%s: peripheral reset "
815 						"irq lost!\n",
816 						musb_driver_name);
817 				power = musb_readb(mbase, MUSB_POWER);
818 				musb->g.speed = (power & MUSB_POWER_HSMODE)
819 					? USB_SPEED_HIGH : USB_SPEED_FULL;
820 
821 			}
822 
823 			switch (musb->ep0_state) {
824 
825 			/* sequence #3 (no data stage), includes requests
826 			 * we can't forward (notably SET_ADDRESS and the
827 			 * device/endpoint feature set/clear operations)
828 			 * plus SET_CONFIGURATION and others we must
829 			 */
830 			case MUSB_EP0_STAGE_ACKWAIT:
831 				handled = service_zero_data_request(
832 						musb, &setup);
833 
834 				/*
835 				 * We're expecting no data in any case, so
836 				 * always set the DATAEND bit -- doing this
837 				 * here helps avoid SetupEnd interrupt coming
838 				 * in the idle stage when we're stalling...
839 				 */
840 				musb->ackpend |= MUSB_CSR0_P_DATAEND;
841 
842 				/* status stage might be immediate */
843 				if (handled > 0)
844 					musb->ep0_state =
845 						MUSB_EP0_STAGE_STATUSIN;
846 				break;
847 
848 			/* sequence #1 (IN to host), includes GET_STATUS
849 			 * requests that we can't forward, GET_DESCRIPTOR
850 			 * and others that we must
851 			 */
852 			case MUSB_EP0_STAGE_TX:
853 				handled = service_in_request(musb, &setup);
854 				if (handled > 0) {
855 					musb->ackpend = MUSB_CSR0_TXPKTRDY
856 						| MUSB_CSR0_P_DATAEND;
857 					musb->ep0_state =
858 						MUSB_EP0_STAGE_STATUSOUT;
859 				}
860 				break;
861 
862 			/* sequence #2 (OUT from host), always forward */
863 			default:		/* MUSB_EP0_STAGE_RX */
864 				break;
865 			}
866 
867 			dev_dbg(musb->controller, "handled %d, csr %04x, ep0stage %s\n",
868 				handled, csr,
869 				decode_ep0stage(musb->ep0_state));
870 
871 			/* unless we need to delegate this to the gadget
872 			 * driver, we know how to wrap this up:  csr0 has
873 			 * not yet been written.
874 			 */
875 			if (handled < 0)
876 				goto stall;
877 			else if (handled > 0)
878 				goto finish;
879 
880 			handled = forward_to_driver(musb, &setup);
881 			if (handled < 0) {
882 				musb_ep_select(mbase, 0);
883 stall:
884 				dev_dbg(musb->controller, "stall (%d)\n", handled);
885 				musb->ackpend |= MUSB_CSR0_P_SENDSTALL;
886 				musb->ep0_state = MUSB_EP0_STAGE_IDLE;
887 finish:
888 				musb_writew(regs, MUSB_CSR0,
889 						musb->ackpend);
890 				musb->ackpend = 0;
891 			}
892 		}
893 		break;
894 
895 	case MUSB_EP0_STAGE_ACKWAIT:
896 		/* This should not happen. But happens with tusb6010 with
897 		 * g_file_storage and high speed. Do nothing.
898 		 */
899 		retval = IRQ_HANDLED;
900 		break;
901 
902 	default:
903 		/* "can't happen" */
904 		WARN_ON(1);
905 		musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL);
906 		musb->ep0_state = MUSB_EP0_STAGE_IDLE;
907 		break;
908 	}
909 
910 	return retval;
911 }
912 
913 
914 static int
915 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc)
916 {
917 	/* always enabled */
918 	return -EINVAL;
919 }
920 
921 static int musb_g_ep0_disable(struct usb_ep *e)
922 {
923 	/* always enabled */
924 	return -EINVAL;
925 }
926 
927 static int
928 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags)
929 {
930 	struct musb_ep		*ep;
931 	struct musb_request	*req;
932 	struct musb		*musb;
933 	int			status;
934 	unsigned long		lockflags;
935 	void __iomem		*regs;
936 
937 	if (!e || !r)
938 		return -EINVAL;
939 
940 	ep = to_musb_ep(e);
941 	musb = ep->musb;
942 	regs = musb->control_ep->regs;
943 
944 	req = to_musb_request(r);
945 	req->musb = musb;
946 	req->request.actual = 0;
947 	req->request.status = -EINPROGRESS;
948 	req->tx = ep->is_in;
949 
950 	spin_lock_irqsave(&musb->lock, lockflags);
951 
952 	if (!list_empty(&ep->req_list)) {
953 		status = -EBUSY;
954 		goto cleanup;
955 	}
956 
957 	switch (musb->ep0_state) {
958 	case MUSB_EP0_STAGE_RX:		/* control-OUT data */
959 	case MUSB_EP0_STAGE_TX:		/* control-IN data */
960 	case MUSB_EP0_STAGE_ACKWAIT:	/* zero-length data */
961 		status = 0;
962 		break;
963 	default:
964 		dev_dbg(musb->controller, "ep0 request queued in state %d\n",
965 				musb->ep0_state);
966 		status = -EINVAL;
967 		goto cleanup;
968 	}
969 
970 	/* add request to the list */
971 	list_add_tail(&req->list, &ep->req_list);
972 
973 	dev_dbg(musb->controller, "queue to %s (%s), length=%d\n",
974 			ep->name, ep->is_in ? "IN/TX" : "OUT/RX",
975 			req->request.length);
976 
977 	musb_ep_select(musb->mregs, 0);
978 
979 	/* sequence #1, IN ... start writing the data */
980 	if (musb->ep0_state == MUSB_EP0_STAGE_TX)
981 		ep0_txstate(musb);
982 
983 	/* sequence #3, no-data ... issue IN status */
984 	else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) {
985 		if (req->request.length)
986 			status = -EINVAL;
987 		else {
988 			musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
989 			musb_writew(regs, MUSB_CSR0,
990 					musb->ackpend | MUSB_CSR0_P_DATAEND);
991 			musb->ackpend = 0;
992 			musb_g_ep0_giveback(ep->musb, r);
993 		}
994 
995 	/* else for sequence #2 (OUT), caller provides a buffer
996 	 * before the next packet arrives.  deferred responses
997 	 * (after SETUP is acked) are racey.
998 	 */
999 	} else if (musb->ackpend) {
1000 		musb_writew(regs, MUSB_CSR0, musb->ackpend);
1001 		musb->ackpend = 0;
1002 	}
1003 
1004 cleanup:
1005 	spin_unlock_irqrestore(&musb->lock, lockflags);
1006 	return status;
1007 }
1008 
1009 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req)
1010 {
1011 	/* we just won't support this */
1012 	return -EINVAL;
1013 }
1014 
1015 static int musb_g_ep0_halt(struct usb_ep *e, int value)
1016 {
1017 	struct musb_ep		*ep;
1018 	struct musb		*musb;
1019 	void __iomem		*base, *regs;
1020 	unsigned long		flags;
1021 	int			status;
1022 	u16			csr;
1023 
1024 	if (!e || !value)
1025 		return -EINVAL;
1026 
1027 	ep = to_musb_ep(e);
1028 	musb = ep->musb;
1029 	base = musb->mregs;
1030 	regs = musb->control_ep->regs;
1031 	status = 0;
1032 
1033 	spin_lock_irqsave(&musb->lock, flags);
1034 
1035 	if (!list_empty(&ep->req_list)) {
1036 		status = -EBUSY;
1037 		goto cleanup;
1038 	}
1039 
1040 	musb_ep_select(base, 0);
1041 	csr = musb->ackpend;
1042 
1043 	switch (musb->ep0_state) {
1044 
1045 	/* Stalls are usually issued after parsing SETUP packet, either
1046 	 * directly in irq context from setup() or else later.
1047 	 */
1048 	case MUSB_EP0_STAGE_TX:		/* control-IN data */
1049 	case MUSB_EP0_STAGE_ACKWAIT:	/* STALL for zero-length data */
1050 	case MUSB_EP0_STAGE_RX:		/* control-OUT data */
1051 		csr = musb_readw(regs, MUSB_CSR0);
1052 		/* FALLTHROUGH */
1053 
1054 	/* It's also OK to issue stalls during callbacks when a non-empty
1055 	 * DATA stage buffer has been read (or even written).
1056 	 */
1057 	case MUSB_EP0_STAGE_STATUSIN:	/* control-OUT status */
1058 	case MUSB_EP0_STAGE_STATUSOUT:	/* control-IN status */
1059 
1060 		csr |= MUSB_CSR0_P_SENDSTALL;
1061 		musb_writew(regs, MUSB_CSR0, csr);
1062 		musb->ep0_state = MUSB_EP0_STAGE_IDLE;
1063 		musb->ackpend = 0;
1064 		break;
1065 	default:
1066 		dev_dbg(musb->controller, "ep0 can't halt in state %d\n", musb->ep0_state);
1067 		status = -EINVAL;
1068 	}
1069 
1070 cleanup:
1071 	spin_unlock_irqrestore(&musb->lock, flags);
1072 	return status;
1073 }
1074 
1075 const struct usb_ep_ops musb_g_ep0_ops = {
1076 	.enable		= musb_g_ep0_enable,
1077 	.disable	= musb_g_ep0_disable,
1078 	.alloc_request	= musb_alloc_request,
1079 	.free_request	= musb_free_request,
1080 	.queue		= musb_g_ep0_queue,
1081 	.dequeue	= musb_g_ep0_dequeue,
1082 	.set_halt	= musb_g_ep0_halt,
1083 };
1084