1 /* 2 * MUSB OTG peripheral driver ep0 handling 3 * 4 * Copyright 2005 Mentor Graphics Corporation 5 * Copyright (C) 2005-2006 by Texas Instruments 6 * Copyright (C) 2006-2007 Nokia Corporation 7 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * version 2 as published by the Free Software Foundation. 12 * 13 * This program is distributed in the hope that it will be useful, but 14 * WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 21 * 02110-1301 USA 22 * 23 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED 24 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN 26 * NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 29 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 30 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 * 34 */ 35 36 #include <linux/kernel.h> 37 #include <linux/list.h> 38 #include <linux/timer.h> 39 #include <linux/spinlock.h> 40 #include <linux/device.h> 41 #include <linux/interrupt.h> 42 43 #include "musb_core.h" 44 45 /* ep0 is always musb->endpoints[0].ep_in */ 46 #define next_ep0_request(musb) next_in_request(&(musb)->endpoints[0]) 47 48 /* 49 * locking note: we use only the controller lock, for simpler correctness. 50 * It's always held with IRQs blocked. 51 * 52 * It protects the ep0 request queue as well as ep0_state, not just the 53 * controller and indexed registers. And that lock stays held unless it 54 * needs to be dropped to allow reentering this driver ... like upcalls to 55 * the gadget driver, or adjusting endpoint halt status. 56 */ 57 58 static char *decode_ep0stage(u8 stage) 59 { 60 switch (stage) { 61 case MUSB_EP0_STAGE_IDLE: return "idle"; 62 case MUSB_EP0_STAGE_SETUP: return "setup"; 63 case MUSB_EP0_STAGE_TX: return "in"; 64 case MUSB_EP0_STAGE_RX: return "out"; 65 case MUSB_EP0_STAGE_ACKWAIT: return "wait"; 66 case MUSB_EP0_STAGE_STATUSIN: return "in/status"; 67 case MUSB_EP0_STAGE_STATUSOUT: return "out/status"; 68 default: return "?"; 69 } 70 } 71 72 /* handle a standard GET_STATUS request 73 * Context: caller holds controller lock 74 */ 75 static int service_tx_status_request( 76 struct musb *musb, 77 const struct usb_ctrlrequest *ctrlrequest) 78 { 79 void __iomem *mbase = musb->mregs; 80 int handled = 1; 81 u8 result[2], epnum = 0; 82 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 83 84 result[1] = 0; 85 86 switch (recip) { 87 case USB_RECIP_DEVICE: 88 result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED; 89 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP; 90 if (musb->g.is_otg) { 91 result[0] |= musb->g.b_hnp_enable 92 << USB_DEVICE_B_HNP_ENABLE; 93 result[0] |= musb->g.a_alt_hnp_support 94 << USB_DEVICE_A_ALT_HNP_SUPPORT; 95 result[0] |= musb->g.a_hnp_support 96 << USB_DEVICE_A_HNP_SUPPORT; 97 } 98 break; 99 100 case USB_RECIP_INTERFACE: 101 result[0] = 0; 102 break; 103 104 case USB_RECIP_ENDPOINT: { 105 int is_in; 106 struct musb_ep *ep; 107 u16 tmp; 108 void __iomem *regs; 109 110 epnum = (u8) ctrlrequest->wIndex; 111 if (!epnum) { 112 result[0] = 0; 113 break; 114 } 115 116 is_in = epnum & USB_DIR_IN; 117 if (is_in) { 118 epnum &= 0x0f; 119 ep = &musb->endpoints[epnum].ep_in; 120 } else { 121 ep = &musb->endpoints[epnum].ep_out; 122 } 123 regs = musb->endpoints[epnum].regs; 124 125 if (epnum >= MUSB_C_NUM_EPS || !ep->desc) { 126 handled = -EINVAL; 127 break; 128 } 129 130 musb_ep_select(mbase, epnum); 131 if (is_in) 132 tmp = musb_readw(regs, MUSB_TXCSR) 133 & MUSB_TXCSR_P_SENDSTALL; 134 else 135 tmp = musb_readw(regs, MUSB_RXCSR) 136 & MUSB_RXCSR_P_SENDSTALL; 137 musb_ep_select(mbase, 0); 138 139 result[0] = tmp ? 1 : 0; 140 } break; 141 142 default: 143 /* class, vendor, etc ... delegate */ 144 handled = 0; 145 break; 146 } 147 148 /* fill up the fifo; caller updates csr0 */ 149 if (handled > 0) { 150 u16 len = le16_to_cpu(ctrlrequest->wLength); 151 152 if (len > 2) 153 len = 2; 154 musb_write_fifo(&musb->endpoints[0], len, result); 155 } 156 157 return handled; 158 } 159 160 /* 161 * handle a control-IN request, the end0 buffer contains the current request 162 * that is supposed to be a standard control request. Assumes the fifo to 163 * be at least 2 bytes long. 164 * 165 * @return 0 if the request was NOT HANDLED, 166 * < 0 when error 167 * > 0 when the request is processed 168 * 169 * Context: caller holds controller lock 170 */ 171 static int 172 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 173 { 174 int handled = 0; /* not handled */ 175 176 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 177 == USB_TYPE_STANDARD) { 178 switch (ctrlrequest->bRequest) { 179 case USB_REQ_GET_STATUS: 180 handled = service_tx_status_request(musb, 181 ctrlrequest); 182 break; 183 184 /* case USB_REQ_SYNC_FRAME: */ 185 186 default: 187 break; 188 } 189 } 190 return handled; 191 } 192 193 /* 194 * Context: caller holds controller lock 195 */ 196 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req) 197 { 198 musb_g_giveback(&musb->endpoints[0].ep_in, req, 0); 199 } 200 201 /* 202 * Tries to start B-device HNP negotiation if enabled via sysfs 203 */ 204 static inline void musb_try_b_hnp_enable(struct musb *musb) 205 { 206 void __iomem *mbase = musb->mregs; 207 u8 devctl; 208 209 dev_dbg(musb->controller, "HNP: Setting HR\n"); 210 devctl = musb_readb(mbase, MUSB_DEVCTL); 211 musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR); 212 } 213 214 /* 215 * Handle all control requests with no DATA stage, including standard 216 * requests such as: 217 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized 218 * always delegated to the gadget driver 219 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE 220 * always handled here, except for class/vendor/... features 221 * 222 * Context: caller holds controller lock 223 */ 224 static int 225 service_zero_data_request(struct musb *musb, 226 struct usb_ctrlrequest *ctrlrequest) 227 __releases(musb->lock) 228 __acquires(musb->lock) 229 { 230 int handled = -EINVAL; 231 void __iomem *mbase = musb->mregs; 232 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 233 234 /* the gadget driver handles everything except what we MUST handle */ 235 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 236 == USB_TYPE_STANDARD) { 237 switch (ctrlrequest->bRequest) { 238 case USB_REQ_SET_ADDRESS: 239 /* change it after the status stage */ 240 musb->set_address = true; 241 musb->address = (u8) (ctrlrequest->wValue & 0x7f); 242 handled = 1; 243 break; 244 245 case USB_REQ_CLEAR_FEATURE: 246 switch (recip) { 247 case USB_RECIP_DEVICE: 248 if (ctrlrequest->wValue 249 != USB_DEVICE_REMOTE_WAKEUP) 250 break; 251 musb->may_wakeup = 0; 252 handled = 1; 253 break; 254 case USB_RECIP_INTERFACE: 255 break; 256 case USB_RECIP_ENDPOINT:{ 257 const u8 epnum = 258 ctrlrequest->wIndex & 0x0f; 259 struct musb_ep *musb_ep; 260 struct musb_hw_ep *ep; 261 struct musb_request *request; 262 void __iomem *regs; 263 int is_in; 264 u16 csr; 265 266 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 267 ctrlrequest->wValue != USB_ENDPOINT_HALT) 268 break; 269 270 ep = musb->endpoints + epnum; 271 regs = ep->regs; 272 is_in = ctrlrequest->wIndex & USB_DIR_IN; 273 if (is_in) 274 musb_ep = &ep->ep_in; 275 else 276 musb_ep = &ep->ep_out; 277 if (!musb_ep->desc) 278 break; 279 280 handled = 1; 281 /* Ignore request if endpoint is wedged */ 282 if (musb_ep->wedged) 283 break; 284 285 musb_ep_select(mbase, epnum); 286 if (is_in) { 287 csr = musb_readw(regs, MUSB_TXCSR); 288 csr |= MUSB_TXCSR_CLRDATATOG | 289 MUSB_TXCSR_P_WZC_BITS; 290 csr &= ~(MUSB_TXCSR_P_SENDSTALL | 291 MUSB_TXCSR_P_SENTSTALL | 292 MUSB_TXCSR_TXPKTRDY); 293 musb_writew(regs, MUSB_TXCSR, csr); 294 } else { 295 csr = musb_readw(regs, MUSB_RXCSR); 296 csr |= MUSB_RXCSR_CLRDATATOG | 297 MUSB_RXCSR_P_WZC_BITS; 298 csr &= ~(MUSB_RXCSR_P_SENDSTALL | 299 MUSB_RXCSR_P_SENTSTALL); 300 musb_writew(regs, MUSB_RXCSR, csr); 301 } 302 303 /* Maybe start the first request in the queue */ 304 request = next_request(musb_ep); 305 if (!musb_ep->busy && request) { 306 dev_dbg(musb->controller, "restarting the request\n"); 307 musb_ep_restart(musb, request); 308 } 309 310 /* select ep0 again */ 311 musb_ep_select(mbase, 0); 312 } break; 313 default: 314 /* class, vendor, etc ... delegate */ 315 handled = 0; 316 break; 317 } 318 break; 319 320 case USB_REQ_SET_FEATURE: 321 switch (recip) { 322 case USB_RECIP_DEVICE: 323 handled = 1; 324 switch (ctrlrequest->wValue) { 325 case USB_DEVICE_REMOTE_WAKEUP: 326 musb->may_wakeup = 1; 327 break; 328 case USB_DEVICE_TEST_MODE: 329 if (musb->g.speed != USB_SPEED_HIGH) 330 goto stall; 331 if (ctrlrequest->wIndex & 0xff) 332 goto stall; 333 334 switch (ctrlrequest->wIndex >> 8) { 335 case 1: 336 pr_debug("TEST_J\n"); 337 /* TEST_J */ 338 musb->test_mode_nr = 339 MUSB_TEST_J; 340 break; 341 case 2: 342 /* TEST_K */ 343 pr_debug("TEST_K\n"); 344 musb->test_mode_nr = 345 MUSB_TEST_K; 346 break; 347 case 3: 348 /* TEST_SE0_NAK */ 349 pr_debug("TEST_SE0_NAK\n"); 350 musb->test_mode_nr = 351 MUSB_TEST_SE0_NAK; 352 break; 353 case 4: 354 /* TEST_PACKET */ 355 pr_debug("TEST_PACKET\n"); 356 musb->test_mode_nr = 357 MUSB_TEST_PACKET; 358 break; 359 360 case 0xc0: 361 /* TEST_FORCE_HS */ 362 pr_debug("TEST_FORCE_HS\n"); 363 musb->test_mode_nr = 364 MUSB_TEST_FORCE_HS; 365 break; 366 case 0xc1: 367 /* TEST_FORCE_FS */ 368 pr_debug("TEST_FORCE_FS\n"); 369 musb->test_mode_nr = 370 MUSB_TEST_FORCE_FS; 371 break; 372 case 0xc2: 373 /* TEST_FIFO_ACCESS */ 374 pr_debug("TEST_FIFO_ACCESS\n"); 375 musb->test_mode_nr = 376 MUSB_TEST_FIFO_ACCESS; 377 break; 378 case 0xc3: 379 /* TEST_FORCE_HOST */ 380 pr_debug("TEST_FORCE_HOST\n"); 381 musb->test_mode_nr = 382 MUSB_TEST_FORCE_HOST; 383 break; 384 default: 385 goto stall; 386 } 387 388 /* enter test mode after irq */ 389 if (handled > 0) 390 musb->test_mode = true; 391 break; 392 case USB_DEVICE_B_HNP_ENABLE: 393 if (!musb->g.is_otg) 394 goto stall; 395 musb->g.b_hnp_enable = 1; 396 musb_try_b_hnp_enable(musb); 397 break; 398 case USB_DEVICE_A_HNP_SUPPORT: 399 if (!musb->g.is_otg) 400 goto stall; 401 musb->g.a_hnp_support = 1; 402 break; 403 case USB_DEVICE_A_ALT_HNP_SUPPORT: 404 if (!musb->g.is_otg) 405 goto stall; 406 musb->g.a_alt_hnp_support = 1; 407 break; 408 case USB_DEVICE_DEBUG_MODE: 409 handled = 0; 410 break; 411 stall: 412 default: 413 handled = -EINVAL; 414 break; 415 } 416 break; 417 418 case USB_RECIP_INTERFACE: 419 break; 420 421 case USB_RECIP_ENDPOINT:{ 422 const u8 epnum = 423 ctrlrequest->wIndex & 0x0f; 424 struct musb_ep *musb_ep; 425 struct musb_hw_ep *ep; 426 void __iomem *regs; 427 int is_in; 428 u16 csr; 429 430 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 431 ctrlrequest->wValue != USB_ENDPOINT_HALT) 432 break; 433 434 ep = musb->endpoints + epnum; 435 regs = ep->regs; 436 is_in = ctrlrequest->wIndex & USB_DIR_IN; 437 if (is_in) 438 musb_ep = &ep->ep_in; 439 else 440 musb_ep = &ep->ep_out; 441 if (!musb_ep->desc) 442 break; 443 444 musb_ep_select(mbase, epnum); 445 if (is_in) { 446 csr = musb_readw(regs, MUSB_TXCSR); 447 if (csr & MUSB_TXCSR_FIFONOTEMPTY) 448 csr |= MUSB_TXCSR_FLUSHFIFO; 449 csr |= MUSB_TXCSR_P_SENDSTALL 450 | MUSB_TXCSR_CLRDATATOG 451 | MUSB_TXCSR_P_WZC_BITS; 452 musb_writew(regs, MUSB_TXCSR, csr); 453 } else { 454 csr = musb_readw(regs, MUSB_RXCSR); 455 csr |= MUSB_RXCSR_P_SENDSTALL 456 | MUSB_RXCSR_FLUSHFIFO 457 | MUSB_RXCSR_CLRDATATOG 458 | MUSB_RXCSR_P_WZC_BITS; 459 musb_writew(regs, MUSB_RXCSR, csr); 460 } 461 462 /* select ep0 again */ 463 musb_ep_select(mbase, 0); 464 handled = 1; 465 } break; 466 467 default: 468 /* class, vendor, etc ... delegate */ 469 handled = 0; 470 break; 471 } 472 break; 473 default: 474 /* delegate SET_CONFIGURATION, etc */ 475 handled = 0; 476 } 477 } else 478 handled = 0; 479 return handled; 480 } 481 482 /* we have an ep0out data packet 483 * Context: caller holds controller lock 484 */ 485 static void ep0_rxstate(struct musb *musb) 486 { 487 void __iomem *regs = musb->control_ep->regs; 488 struct musb_request *request; 489 struct usb_request *req; 490 u16 count, csr; 491 492 request = next_ep0_request(musb); 493 req = &request->request; 494 495 /* read packet and ack; or stall because of gadget driver bug: 496 * should have provided the rx buffer before setup() returned. 497 */ 498 if (req) { 499 void *buf = req->buf + req->actual; 500 unsigned len = req->length - req->actual; 501 502 /* read the buffer */ 503 count = musb_readb(regs, MUSB_COUNT0); 504 if (count > len) { 505 req->status = -EOVERFLOW; 506 count = len; 507 } 508 musb_read_fifo(&musb->endpoints[0], count, buf); 509 req->actual += count; 510 csr = MUSB_CSR0_P_SVDRXPKTRDY; 511 if (count < 64 || req->actual == req->length) { 512 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 513 csr |= MUSB_CSR0_P_DATAEND; 514 } else 515 req = NULL; 516 } else 517 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL; 518 519 520 /* Completion handler may choose to stall, e.g. because the 521 * message just received holds invalid data. 522 */ 523 if (req) { 524 musb->ackpend = csr; 525 musb_g_ep0_giveback(musb, req); 526 if (!musb->ackpend) 527 return; 528 musb->ackpend = 0; 529 } 530 musb_ep_select(musb->mregs, 0); 531 musb_writew(regs, MUSB_CSR0, csr); 532 } 533 534 /* 535 * transmitting to the host (IN), this code might be called from IRQ 536 * and from kernel thread. 537 * 538 * Context: caller holds controller lock 539 */ 540 static void ep0_txstate(struct musb *musb) 541 { 542 void __iomem *regs = musb->control_ep->regs; 543 struct musb_request *req = next_ep0_request(musb); 544 struct usb_request *request; 545 u16 csr = MUSB_CSR0_TXPKTRDY; 546 u8 *fifo_src; 547 u8 fifo_count; 548 549 if (!req) { 550 /* WARN_ON(1); */ 551 dev_dbg(musb->controller, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0)); 552 return; 553 } 554 555 request = &req->request; 556 557 /* load the data */ 558 fifo_src = (u8 *) request->buf + request->actual; 559 fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE, 560 request->length - request->actual); 561 musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src); 562 request->actual += fifo_count; 563 564 /* update the flags */ 565 if (fifo_count < MUSB_MAX_END0_PACKET 566 || (request->actual == request->length 567 && !request->zero)) { 568 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 569 csr |= MUSB_CSR0_P_DATAEND; 570 } else 571 request = NULL; 572 573 /* report completions as soon as the fifo's loaded; there's no 574 * win in waiting till this last packet gets acked. (other than 575 * very precise fault reporting, needed by USB TMC; possible with 576 * this hardware, but not usable from portable gadget drivers.) 577 */ 578 if (request) { 579 musb->ackpend = csr; 580 musb_g_ep0_giveback(musb, request); 581 if (!musb->ackpend) 582 return; 583 musb->ackpend = 0; 584 } 585 586 /* send it out, triggering a "txpktrdy cleared" irq */ 587 musb_ep_select(musb->mregs, 0); 588 musb_writew(regs, MUSB_CSR0, csr); 589 } 590 591 /* 592 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware. 593 * Fields are left in USB byte-order. 594 * 595 * Context: caller holds controller lock. 596 */ 597 static void 598 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req) 599 { 600 struct musb_request *r; 601 void __iomem *regs = musb->control_ep->regs; 602 603 musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req); 604 605 /* NOTE: earlier 2.6 versions changed setup packets to host 606 * order, but now USB packets always stay in USB byte order. 607 */ 608 dev_dbg(musb->controller, "SETUP req%02x.%02x v%04x i%04x l%d\n", 609 req->bRequestType, 610 req->bRequest, 611 le16_to_cpu(req->wValue), 612 le16_to_cpu(req->wIndex), 613 le16_to_cpu(req->wLength)); 614 615 /* clean up any leftover transfers */ 616 r = next_ep0_request(musb); 617 if (r) 618 musb_g_ep0_giveback(musb, &r->request); 619 620 /* For zero-data requests we want to delay the STATUS stage to 621 * avoid SETUPEND errors. If we read data (OUT), delay accepting 622 * packets until there's a buffer to store them in. 623 * 624 * If we write data, the controller acts happier if we enable 625 * the TX FIFO right away, and give the controller a moment 626 * to switch modes... 627 */ 628 musb->set_address = false; 629 musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY; 630 if (req->wLength == 0) { 631 if (req->bRequestType & USB_DIR_IN) 632 musb->ackpend |= MUSB_CSR0_TXPKTRDY; 633 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT; 634 } else if (req->bRequestType & USB_DIR_IN) { 635 musb->ep0_state = MUSB_EP0_STAGE_TX; 636 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY); 637 while ((musb_readw(regs, MUSB_CSR0) 638 & MUSB_CSR0_RXPKTRDY) != 0) 639 cpu_relax(); 640 musb->ackpend = 0; 641 } else 642 musb->ep0_state = MUSB_EP0_STAGE_RX; 643 } 644 645 static int 646 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 647 __releases(musb->lock) 648 __acquires(musb->lock) 649 { 650 int retval; 651 if (!musb->gadget_driver) 652 return -EOPNOTSUPP; 653 spin_unlock(&musb->lock); 654 retval = musb->gadget_driver->setup(&musb->g, ctrlrequest); 655 spin_lock(&musb->lock); 656 return retval; 657 } 658 659 /* 660 * Handle peripheral ep0 interrupt 661 * 662 * Context: irq handler; we won't re-enter the driver that way. 663 */ 664 irqreturn_t musb_g_ep0_irq(struct musb *musb) 665 { 666 u16 csr; 667 u16 len; 668 void __iomem *mbase = musb->mregs; 669 void __iomem *regs = musb->endpoints[0].regs; 670 irqreturn_t retval = IRQ_NONE; 671 672 musb_ep_select(mbase, 0); /* select ep0 */ 673 csr = musb_readw(regs, MUSB_CSR0); 674 len = musb_readb(regs, MUSB_COUNT0); 675 676 dev_dbg(musb->controller, "csr %04x, count %d, ep0stage %s\n", 677 csr, len, decode_ep0stage(musb->ep0_state)); 678 679 if (csr & MUSB_CSR0_P_DATAEND) { 680 /* 681 * If DATAEND is set we should not call the callback, 682 * hence the status stage is not complete. 683 */ 684 return IRQ_HANDLED; 685 } 686 687 /* I sent a stall.. need to acknowledge it now.. */ 688 if (csr & MUSB_CSR0_P_SENTSTALL) { 689 musb_writew(regs, MUSB_CSR0, 690 csr & ~MUSB_CSR0_P_SENTSTALL); 691 retval = IRQ_HANDLED; 692 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 693 csr = musb_readw(regs, MUSB_CSR0); 694 } 695 696 /* request ended "early" */ 697 if (csr & MUSB_CSR0_P_SETUPEND) { 698 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND); 699 retval = IRQ_HANDLED; 700 /* Transition into the early status phase */ 701 switch (musb->ep0_state) { 702 case MUSB_EP0_STAGE_TX: 703 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 704 break; 705 case MUSB_EP0_STAGE_RX: 706 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 707 break; 708 default: 709 ERR("SetupEnd came in a wrong ep0stage %s\n", 710 decode_ep0stage(musb->ep0_state)); 711 } 712 csr = musb_readw(regs, MUSB_CSR0); 713 /* NOTE: request may need completion */ 714 } 715 716 /* docs from Mentor only describe tx, rx, and idle/setup states. 717 * we need to handle nuances around status stages, and also the 718 * case where status and setup stages come back-to-back ... 719 */ 720 switch (musb->ep0_state) { 721 722 case MUSB_EP0_STAGE_TX: 723 /* irq on clearing txpktrdy */ 724 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) { 725 ep0_txstate(musb); 726 retval = IRQ_HANDLED; 727 } 728 break; 729 730 case MUSB_EP0_STAGE_RX: 731 /* irq on set rxpktrdy */ 732 if (csr & MUSB_CSR0_RXPKTRDY) { 733 ep0_rxstate(musb); 734 retval = IRQ_HANDLED; 735 } 736 break; 737 738 case MUSB_EP0_STAGE_STATUSIN: 739 /* end of sequence #2 (OUT/RX state) or #3 (no data) */ 740 741 /* update address (if needed) only @ the end of the 742 * status phase per usb spec, which also guarantees 743 * we get 10 msec to receive this irq... until this 744 * is done we won't see the next packet. 745 */ 746 if (musb->set_address) { 747 musb->set_address = false; 748 musb_writeb(mbase, MUSB_FADDR, musb->address); 749 } 750 751 /* enter test mode if needed (exit by reset) */ 752 else if (musb->test_mode) { 753 dev_dbg(musb->controller, "entering TESTMODE\n"); 754 755 if (MUSB_TEST_PACKET == musb->test_mode_nr) 756 musb_load_testpacket(musb); 757 758 musb_writeb(mbase, MUSB_TESTMODE, 759 musb->test_mode_nr); 760 } 761 /* FALLTHROUGH */ 762 763 case MUSB_EP0_STAGE_STATUSOUT: 764 /* end of sequence #1: write to host (TX state) */ 765 { 766 struct musb_request *req; 767 768 req = next_ep0_request(musb); 769 if (req) 770 musb_g_ep0_giveback(musb, &req->request); 771 } 772 773 /* 774 * In case when several interrupts can get coalesced, 775 * check to see if we've already received a SETUP packet... 776 */ 777 if (csr & MUSB_CSR0_RXPKTRDY) 778 goto setup; 779 780 retval = IRQ_HANDLED; 781 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 782 break; 783 784 case MUSB_EP0_STAGE_IDLE: 785 /* 786 * This state is typically (but not always) indiscernible 787 * from the status states since the corresponding interrupts 788 * tend to happen within too little period of time (with only 789 * a zero-length packet in between) and so get coalesced... 790 */ 791 retval = IRQ_HANDLED; 792 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 793 /* FALLTHROUGH */ 794 795 case MUSB_EP0_STAGE_SETUP: 796 setup: 797 if (csr & MUSB_CSR0_RXPKTRDY) { 798 struct usb_ctrlrequest setup; 799 int handled = 0; 800 801 if (len != 8) { 802 ERR("SETUP packet len %d != 8 ?\n", len); 803 break; 804 } 805 musb_read_setup(musb, &setup); 806 retval = IRQ_HANDLED; 807 808 /* sometimes the RESET won't be reported */ 809 if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) { 810 u8 power; 811 812 printk(KERN_NOTICE "%s: peripheral reset " 813 "irq lost!\n", 814 musb_driver_name); 815 power = musb_readb(mbase, MUSB_POWER); 816 musb->g.speed = (power & MUSB_POWER_HSMODE) 817 ? USB_SPEED_HIGH : USB_SPEED_FULL; 818 819 } 820 821 switch (musb->ep0_state) { 822 823 /* sequence #3 (no data stage), includes requests 824 * we can't forward (notably SET_ADDRESS and the 825 * device/endpoint feature set/clear operations) 826 * plus SET_CONFIGURATION and others we must 827 */ 828 case MUSB_EP0_STAGE_ACKWAIT: 829 handled = service_zero_data_request( 830 musb, &setup); 831 832 /* 833 * We're expecting no data in any case, so 834 * always set the DATAEND bit -- doing this 835 * here helps avoid SetupEnd interrupt coming 836 * in the idle stage when we're stalling... 837 */ 838 musb->ackpend |= MUSB_CSR0_P_DATAEND; 839 840 /* status stage might be immediate */ 841 if (handled > 0) 842 musb->ep0_state = 843 MUSB_EP0_STAGE_STATUSIN; 844 break; 845 846 /* sequence #1 (IN to host), includes GET_STATUS 847 * requests that we can't forward, GET_DESCRIPTOR 848 * and others that we must 849 */ 850 case MUSB_EP0_STAGE_TX: 851 handled = service_in_request(musb, &setup); 852 if (handled > 0) { 853 musb->ackpend = MUSB_CSR0_TXPKTRDY 854 | MUSB_CSR0_P_DATAEND; 855 musb->ep0_state = 856 MUSB_EP0_STAGE_STATUSOUT; 857 } 858 break; 859 860 /* sequence #2 (OUT from host), always forward */ 861 default: /* MUSB_EP0_STAGE_RX */ 862 break; 863 } 864 865 dev_dbg(musb->controller, "handled %d, csr %04x, ep0stage %s\n", 866 handled, csr, 867 decode_ep0stage(musb->ep0_state)); 868 869 /* unless we need to delegate this to the gadget 870 * driver, we know how to wrap this up: csr0 has 871 * not yet been written. 872 */ 873 if (handled < 0) 874 goto stall; 875 else if (handled > 0) 876 goto finish; 877 878 handled = forward_to_driver(musb, &setup); 879 if (handled < 0) { 880 musb_ep_select(mbase, 0); 881 stall: 882 dev_dbg(musb->controller, "stall (%d)\n", handled); 883 musb->ackpend |= MUSB_CSR0_P_SENDSTALL; 884 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 885 finish: 886 musb_writew(regs, MUSB_CSR0, 887 musb->ackpend); 888 musb->ackpend = 0; 889 } 890 } 891 break; 892 893 case MUSB_EP0_STAGE_ACKWAIT: 894 /* This should not happen. But happens with tusb6010 with 895 * g_file_storage and high speed. Do nothing. 896 */ 897 retval = IRQ_HANDLED; 898 break; 899 900 default: 901 /* "can't happen" */ 902 WARN_ON(1); 903 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL); 904 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 905 break; 906 } 907 908 return retval; 909 } 910 911 912 static int 913 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc) 914 { 915 /* always enabled */ 916 return -EINVAL; 917 } 918 919 static int musb_g_ep0_disable(struct usb_ep *e) 920 { 921 /* always enabled */ 922 return -EINVAL; 923 } 924 925 static int 926 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags) 927 { 928 struct musb_ep *ep; 929 struct musb_request *req; 930 struct musb *musb; 931 int status; 932 unsigned long lockflags; 933 void __iomem *regs; 934 935 if (!e || !r) 936 return -EINVAL; 937 938 ep = to_musb_ep(e); 939 musb = ep->musb; 940 regs = musb->control_ep->regs; 941 942 req = to_musb_request(r); 943 req->musb = musb; 944 req->request.actual = 0; 945 req->request.status = -EINPROGRESS; 946 req->tx = ep->is_in; 947 948 spin_lock_irqsave(&musb->lock, lockflags); 949 950 if (!list_empty(&ep->req_list)) { 951 status = -EBUSY; 952 goto cleanup; 953 } 954 955 switch (musb->ep0_state) { 956 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 957 case MUSB_EP0_STAGE_TX: /* control-IN data */ 958 case MUSB_EP0_STAGE_ACKWAIT: /* zero-length data */ 959 status = 0; 960 break; 961 default: 962 dev_dbg(musb->controller, "ep0 request queued in state %d\n", 963 musb->ep0_state); 964 status = -EINVAL; 965 goto cleanup; 966 } 967 968 /* add request to the list */ 969 list_add_tail(&req->list, &ep->req_list); 970 971 dev_dbg(musb->controller, "queue to %s (%s), length=%d\n", 972 ep->name, ep->is_in ? "IN/TX" : "OUT/RX", 973 req->request.length); 974 975 musb_ep_select(musb->mregs, 0); 976 977 /* sequence #1, IN ... start writing the data */ 978 if (musb->ep0_state == MUSB_EP0_STAGE_TX) 979 ep0_txstate(musb); 980 981 /* sequence #3, no-data ... issue IN status */ 982 else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) { 983 if (req->request.length) 984 status = -EINVAL; 985 else { 986 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 987 musb_writew(regs, MUSB_CSR0, 988 musb->ackpend | MUSB_CSR0_P_DATAEND); 989 musb->ackpend = 0; 990 musb_g_ep0_giveback(ep->musb, r); 991 } 992 993 /* else for sequence #2 (OUT), caller provides a buffer 994 * before the next packet arrives. deferred responses 995 * (after SETUP is acked) are racey. 996 */ 997 } else if (musb->ackpend) { 998 musb_writew(regs, MUSB_CSR0, musb->ackpend); 999 musb->ackpend = 0; 1000 } 1001 1002 cleanup: 1003 spin_unlock_irqrestore(&musb->lock, lockflags); 1004 return status; 1005 } 1006 1007 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req) 1008 { 1009 /* we just won't support this */ 1010 return -EINVAL; 1011 } 1012 1013 static int musb_g_ep0_halt(struct usb_ep *e, int value) 1014 { 1015 struct musb_ep *ep; 1016 struct musb *musb; 1017 void __iomem *base, *regs; 1018 unsigned long flags; 1019 int status; 1020 u16 csr; 1021 1022 if (!e || !value) 1023 return -EINVAL; 1024 1025 ep = to_musb_ep(e); 1026 musb = ep->musb; 1027 base = musb->mregs; 1028 regs = musb->control_ep->regs; 1029 status = 0; 1030 1031 spin_lock_irqsave(&musb->lock, flags); 1032 1033 if (!list_empty(&ep->req_list)) { 1034 status = -EBUSY; 1035 goto cleanup; 1036 } 1037 1038 musb_ep_select(base, 0); 1039 csr = musb->ackpend; 1040 1041 switch (musb->ep0_state) { 1042 1043 /* Stalls are usually issued after parsing SETUP packet, either 1044 * directly in irq context from setup() or else later. 1045 */ 1046 case MUSB_EP0_STAGE_TX: /* control-IN data */ 1047 case MUSB_EP0_STAGE_ACKWAIT: /* STALL for zero-length data */ 1048 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 1049 csr = musb_readw(regs, MUSB_CSR0); 1050 /* FALLTHROUGH */ 1051 1052 /* It's also OK to issue stalls during callbacks when a non-empty 1053 * DATA stage buffer has been read (or even written). 1054 */ 1055 case MUSB_EP0_STAGE_STATUSIN: /* control-OUT status */ 1056 case MUSB_EP0_STAGE_STATUSOUT: /* control-IN status */ 1057 1058 csr |= MUSB_CSR0_P_SENDSTALL; 1059 musb_writew(regs, MUSB_CSR0, csr); 1060 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 1061 musb->ackpend = 0; 1062 break; 1063 default: 1064 dev_dbg(musb->controller, "ep0 can't halt in state %d\n", musb->ep0_state); 1065 status = -EINVAL; 1066 } 1067 1068 cleanup: 1069 spin_unlock_irqrestore(&musb->lock, flags); 1070 return status; 1071 } 1072 1073 const struct usb_ep_ops musb_g_ep0_ops = { 1074 .enable = musb_g_ep0_enable, 1075 .disable = musb_g_ep0_disable, 1076 .alloc_request = musb_alloc_request, 1077 .free_request = musb_free_request, 1078 .queue = musb_g_ep0_queue, 1079 .dequeue = musb_g_ep0_dequeue, 1080 .set_halt = musb_g_ep0_halt, 1081 }; 1082