1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * MUSB OTG peripheral driver ep0 handling 4 * 5 * Copyright 2005 Mentor Graphics Corporation 6 * Copyright (C) 2005-2006 by Texas Instruments 7 * Copyright (C) 2006-2007 Nokia Corporation 8 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com> 9 */ 10 11 #include <linux/kernel.h> 12 #include <linux/list.h> 13 #include <linux/timer.h> 14 #include <linux/spinlock.h> 15 #include <linux/device.h> 16 #include <linux/interrupt.h> 17 18 #include "musb_core.h" 19 20 /* ep0 is always musb->endpoints[0].ep_in */ 21 #define next_ep0_request(musb) next_in_request(&(musb)->endpoints[0]) 22 23 /* 24 * locking note: we use only the controller lock, for simpler correctness. 25 * It's always held with IRQs blocked. 26 * 27 * It protects the ep0 request queue as well as ep0_state, not just the 28 * controller and indexed registers. And that lock stays held unless it 29 * needs to be dropped to allow reentering this driver ... like upcalls to 30 * the gadget driver, or adjusting endpoint halt status. 31 */ 32 33 static char *decode_ep0stage(u8 stage) 34 { 35 switch (stage) { 36 case MUSB_EP0_STAGE_IDLE: return "idle"; 37 case MUSB_EP0_STAGE_SETUP: return "setup"; 38 case MUSB_EP0_STAGE_TX: return "in"; 39 case MUSB_EP0_STAGE_RX: return "out"; 40 case MUSB_EP0_STAGE_ACKWAIT: return "wait"; 41 case MUSB_EP0_STAGE_STATUSIN: return "in/status"; 42 case MUSB_EP0_STAGE_STATUSOUT: return "out/status"; 43 default: return "?"; 44 } 45 } 46 47 /* handle a standard GET_STATUS request 48 * Context: caller holds controller lock 49 */ 50 static int service_tx_status_request( 51 struct musb *musb, 52 const struct usb_ctrlrequest *ctrlrequest) 53 { 54 void __iomem *mbase = musb->mregs; 55 int handled = 1; 56 u8 result[2], epnum = 0; 57 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 58 59 result[1] = 0; 60 61 switch (recip) { 62 case USB_RECIP_DEVICE: 63 result[0] = musb->g.is_selfpowered << USB_DEVICE_SELF_POWERED; 64 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP; 65 if (musb->g.is_otg) { 66 result[0] |= musb->g.b_hnp_enable 67 << USB_DEVICE_B_HNP_ENABLE; 68 result[0] |= musb->g.a_alt_hnp_support 69 << USB_DEVICE_A_ALT_HNP_SUPPORT; 70 result[0] |= musb->g.a_hnp_support 71 << USB_DEVICE_A_HNP_SUPPORT; 72 } 73 break; 74 75 case USB_RECIP_INTERFACE: 76 result[0] = 0; 77 break; 78 79 case USB_RECIP_ENDPOINT: { 80 int is_in; 81 struct musb_ep *ep; 82 u16 tmp; 83 void __iomem *regs; 84 85 epnum = (u8) ctrlrequest->wIndex; 86 if (!epnum) { 87 result[0] = 0; 88 break; 89 } 90 91 is_in = epnum & USB_DIR_IN; 92 if (is_in) { 93 epnum &= 0x0f; 94 ep = &musb->endpoints[epnum].ep_in; 95 } else { 96 ep = &musb->endpoints[epnum].ep_out; 97 } 98 regs = musb->endpoints[epnum].regs; 99 100 if (epnum >= MUSB_C_NUM_EPS || !ep->desc) { 101 handled = -EINVAL; 102 break; 103 } 104 105 musb_ep_select(mbase, epnum); 106 if (is_in) 107 tmp = musb_readw(regs, MUSB_TXCSR) 108 & MUSB_TXCSR_P_SENDSTALL; 109 else 110 tmp = musb_readw(regs, MUSB_RXCSR) 111 & MUSB_RXCSR_P_SENDSTALL; 112 musb_ep_select(mbase, 0); 113 114 result[0] = tmp ? 1 : 0; 115 } break; 116 117 default: 118 /* class, vendor, etc ... delegate */ 119 handled = 0; 120 break; 121 } 122 123 /* fill up the fifo; caller updates csr0 */ 124 if (handled > 0) { 125 u16 len = le16_to_cpu(ctrlrequest->wLength); 126 127 if (len > 2) 128 len = 2; 129 musb_write_fifo(&musb->endpoints[0], len, result); 130 } 131 132 return handled; 133 } 134 135 /* 136 * handle a control-IN request, the end0 buffer contains the current request 137 * that is supposed to be a standard control request. Assumes the fifo to 138 * be at least 2 bytes long. 139 * 140 * @return 0 if the request was NOT HANDLED, 141 * < 0 when error 142 * > 0 when the request is processed 143 * 144 * Context: caller holds controller lock 145 */ 146 static int 147 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 148 { 149 int handled = 0; /* not handled */ 150 151 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 152 == USB_TYPE_STANDARD) { 153 switch (ctrlrequest->bRequest) { 154 case USB_REQ_GET_STATUS: 155 handled = service_tx_status_request(musb, 156 ctrlrequest); 157 break; 158 159 /* case USB_REQ_SYNC_FRAME: */ 160 161 default: 162 break; 163 } 164 } 165 return handled; 166 } 167 168 /* 169 * Context: caller holds controller lock 170 */ 171 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req) 172 { 173 musb_g_giveback(&musb->endpoints[0].ep_in, req, 0); 174 } 175 176 /* 177 * Tries to start B-device HNP negotiation if enabled via sysfs 178 */ 179 static inline void musb_try_b_hnp_enable(struct musb *musb) 180 { 181 void __iomem *mbase = musb->mregs; 182 u8 devctl; 183 184 musb_dbg(musb, "HNP: Setting HR"); 185 devctl = musb_readb(mbase, MUSB_DEVCTL); 186 musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR); 187 } 188 189 /* 190 * Handle all control requests with no DATA stage, including standard 191 * requests such as: 192 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized 193 * always delegated to the gadget driver 194 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE 195 * always handled here, except for class/vendor/... features 196 * 197 * Context: caller holds controller lock 198 */ 199 static int 200 service_zero_data_request(struct musb *musb, 201 struct usb_ctrlrequest *ctrlrequest) 202 __releases(musb->lock) 203 __acquires(musb->lock) 204 { 205 int handled = -EINVAL; 206 void __iomem *mbase = musb->mregs; 207 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 208 209 /* the gadget driver handles everything except what we MUST handle */ 210 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 211 == USB_TYPE_STANDARD) { 212 switch (ctrlrequest->bRequest) { 213 case USB_REQ_SET_ADDRESS: 214 /* change it after the status stage */ 215 musb->set_address = true; 216 musb->address = (u8) (ctrlrequest->wValue & 0x7f); 217 handled = 1; 218 break; 219 220 case USB_REQ_CLEAR_FEATURE: 221 switch (recip) { 222 case USB_RECIP_DEVICE: 223 if (ctrlrequest->wValue 224 != USB_DEVICE_REMOTE_WAKEUP) 225 break; 226 musb->may_wakeup = 0; 227 handled = 1; 228 break; 229 case USB_RECIP_INTERFACE: 230 break; 231 case USB_RECIP_ENDPOINT:{ 232 const u8 epnum = 233 ctrlrequest->wIndex & 0x0f; 234 struct musb_ep *musb_ep; 235 struct musb_hw_ep *ep; 236 struct musb_request *request; 237 void __iomem *regs; 238 int is_in; 239 u16 csr; 240 241 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 242 ctrlrequest->wValue != USB_ENDPOINT_HALT) 243 break; 244 245 ep = musb->endpoints + epnum; 246 regs = ep->regs; 247 is_in = ctrlrequest->wIndex & USB_DIR_IN; 248 if (is_in) 249 musb_ep = &ep->ep_in; 250 else 251 musb_ep = &ep->ep_out; 252 if (!musb_ep->desc) 253 break; 254 255 handled = 1; 256 /* Ignore request if endpoint is wedged */ 257 if (musb_ep->wedged) 258 break; 259 260 musb_ep_select(mbase, epnum); 261 if (is_in) { 262 csr = musb_readw(regs, MUSB_TXCSR); 263 csr |= MUSB_TXCSR_CLRDATATOG | 264 MUSB_TXCSR_P_WZC_BITS; 265 csr &= ~(MUSB_TXCSR_P_SENDSTALL | 266 MUSB_TXCSR_P_SENTSTALL | 267 MUSB_TXCSR_TXPKTRDY); 268 musb_writew(regs, MUSB_TXCSR, csr); 269 } else { 270 csr = musb_readw(regs, MUSB_RXCSR); 271 csr |= MUSB_RXCSR_CLRDATATOG | 272 MUSB_RXCSR_P_WZC_BITS; 273 csr &= ~(MUSB_RXCSR_P_SENDSTALL | 274 MUSB_RXCSR_P_SENTSTALL); 275 musb_writew(regs, MUSB_RXCSR, csr); 276 } 277 278 /* Maybe start the first request in the queue */ 279 request = next_request(musb_ep); 280 if (!musb_ep->busy && request) { 281 musb_dbg(musb, "restarting the request"); 282 musb_ep_restart(musb, request); 283 } 284 285 /* select ep0 again */ 286 musb_ep_select(mbase, 0); 287 } break; 288 default: 289 /* class, vendor, etc ... delegate */ 290 handled = 0; 291 break; 292 } 293 break; 294 295 case USB_REQ_SET_FEATURE: 296 switch (recip) { 297 case USB_RECIP_DEVICE: 298 handled = 1; 299 switch (ctrlrequest->wValue) { 300 case USB_DEVICE_REMOTE_WAKEUP: 301 musb->may_wakeup = 1; 302 break; 303 case USB_DEVICE_TEST_MODE: 304 if (musb->g.speed != USB_SPEED_HIGH) 305 goto stall; 306 if (ctrlrequest->wIndex & 0xff) 307 goto stall; 308 309 switch (ctrlrequest->wIndex >> 8) { 310 case 1: 311 pr_debug("TEST_J\n"); 312 /* TEST_J */ 313 musb->test_mode_nr = 314 MUSB_TEST_J; 315 break; 316 case 2: 317 /* TEST_K */ 318 pr_debug("TEST_K\n"); 319 musb->test_mode_nr = 320 MUSB_TEST_K; 321 break; 322 case 3: 323 /* TEST_SE0_NAK */ 324 pr_debug("TEST_SE0_NAK\n"); 325 musb->test_mode_nr = 326 MUSB_TEST_SE0_NAK; 327 break; 328 case 4: 329 /* TEST_PACKET */ 330 pr_debug("TEST_PACKET\n"); 331 musb->test_mode_nr = 332 MUSB_TEST_PACKET; 333 break; 334 335 case 0xc0: 336 /* TEST_FORCE_HS */ 337 pr_debug("TEST_FORCE_HS\n"); 338 musb->test_mode_nr = 339 MUSB_TEST_FORCE_HS; 340 break; 341 case 0xc1: 342 /* TEST_FORCE_FS */ 343 pr_debug("TEST_FORCE_FS\n"); 344 musb->test_mode_nr = 345 MUSB_TEST_FORCE_FS; 346 break; 347 case 0xc2: 348 /* TEST_FIFO_ACCESS */ 349 pr_debug("TEST_FIFO_ACCESS\n"); 350 musb->test_mode_nr = 351 MUSB_TEST_FIFO_ACCESS; 352 break; 353 case 0xc3: 354 /* TEST_FORCE_HOST */ 355 pr_debug("TEST_FORCE_HOST\n"); 356 musb->test_mode_nr = 357 MUSB_TEST_FORCE_HOST; 358 break; 359 default: 360 goto stall; 361 } 362 363 /* enter test mode after irq */ 364 if (handled > 0) 365 musb->test_mode = true; 366 break; 367 case USB_DEVICE_B_HNP_ENABLE: 368 if (!musb->g.is_otg) 369 goto stall; 370 musb->g.b_hnp_enable = 1; 371 musb_try_b_hnp_enable(musb); 372 break; 373 case USB_DEVICE_A_HNP_SUPPORT: 374 if (!musb->g.is_otg) 375 goto stall; 376 musb->g.a_hnp_support = 1; 377 break; 378 case USB_DEVICE_A_ALT_HNP_SUPPORT: 379 if (!musb->g.is_otg) 380 goto stall; 381 musb->g.a_alt_hnp_support = 1; 382 break; 383 case USB_DEVICE_DEBUG_MODE: 384 handled = 0; 385 break; 386 stall: 387 default: 388 handled = -EINVAL; 389 break; 390 } 391 break; 392 393 case USB_RECIP_INTERFACE: 394 break; 395 396 case USB_RECIP_ENDPOINT:{ 397 const u8 epnum = 398 ctrlrequest->wIndex & 0x0f; 399 struct musb_ep *musb_ep; 400 struct musb_hw_ep *ep; 401 void __iomem *regs; 402 int is_in; 403 u16 csr; 404 405 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 406 ctrlrequest->wValue != USB_ENDPOINT_HALT) 407 break; 408 409 ep = musb->endpoints + epnum; 410 regs = ep->regs; 411 is_in = ctrlrequest->wIndex & USB_DIR_IN; 412 if (is_in) 413 musb_ep = &ep->ep_in; 414 else 415 musb_ep = &ep->ep_out; 416 if (!musb_ep->desc) 417 break; 418 419 musb_ep_select(mbase, epnum); 420 if (is_in) { 421 csr = musb_readw(regs, MUSB_TXCSR); 422 if (csr & MUSB_TXCSR_FIFONOTEMPTY) 423 csr |= MUSB_TXCSR_FLUSHFIFO; 424 csr |= MUSB_TXCSR_P_SENDSTALL 425 | MUSB_TXCSR_CLRDATATOG 426 | MUSB_TXCSR_P_WZC_BITS; 427 musb_writew(regs, MUSB_TXCSR, csr); 428 } else { 429 csr = musb_readw(regs, MUSB_RXCSR); 430 csr |= MUSB_RXCSR_P_SENDSTALL 431 | MUSB_RXCSR_FLUSHFIFO 432 | MUSB_RXCSR_CLRDATATOG 433 | MUSB_RXCSR_P_WZC_BITS; 434 musb_writew(regs, MUSB_RXCSR, csr); 435 } 436 437 /* select ep0 again */ 438 musb_ep_select(mbase, 0); 439 handled = 1; 440 } break; 441 442 default: 443 /* class, vendor, etc ... delegate */ 444 handled = 0; 445 break; 446 } 447 break; 448 default: 449 /* delegate SET_CONFIGURATION, etc */ 450 handled = 0; 451 } 452 } else 453 handled = 0; 454 return handled; 455 } 456 457 /* we have an ep0out data packet 458 * Context: caller holds controller lock 459 */ 460 static void ep0_rxstate(struct musb *musb) 461 { 462 void __iomem *regs = musb->control_ep->regs; 463 struct musb_request *request; 464 struct usb_request *req; 465 u16 count, csr; 466 467 request = next_ep0_request(musb); 468 req = &request->request; 469 470 /* read packet and ack; or stall because of gadget driver bug: 471 * should have provided the rx buffer before setup() returned. 472 */ 473 if (req) { 474 void *buf = req->buf + req->actual; 475 unsigned len = req->length - req->actual; 476 477 /* read the buffer */ 478 count = musb_readb(regs, MUSB_COUNT0); 479 if (count > len) { 480 req->status = -EOVERFLOW; 481 count = len; 482 } 483 if (count > 0) { 484 musb_read_fifo(&musb->endpoints[0], count, buf); 485 req->actual += count; 486 } 487 csr = MUSB_CSR0_P_SVDRXPKTRDY; 488 if (count < 64 || req->actual == req->length) { 489 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 490 csr |= MUSB_CSR0_P_DATAEND; 491 } else 492 req = NULL; 493 } else 494 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL; 495 496 497 /* Completion handler may choose to stall, e.g. because the 498 * message just received holds invalid data. 499 */ 500 if (req) { 501 musb->ackpend = csr; 502 musb_g_ep0_giveback(musb, req); 503 if (!musb->ackpend) 504 return; 505 musb->ackpend = 0; 506 } 507 musb_ep_select(musb->mregs, 0); 508 musb_writew(regs, MUSB_CSR0, csr); 509 } 510 511 /* 512 * transmitting to the host (IN), this code might be called from IRQ 513 * and from kernel thread. 514 * 515 * Context: caller holds controller lock 516 */ 517 static void ep0_txstate(struct musb *musb) 518 { 519 void __iomem *regs = musb->control_ep->regs; 520 struct musb_request *req = next_ep0_request(musb); 521 struct usb_request *request; 522 u16 csr = MUSB_CSR0_TXPKTRDY; 523 u8 *fifo_src; 524 u8 fifo_count; 525 526 if (!req) { 527 /* WARN_ON(1); */ 528 musb_dbg(musb, "odd; csr0 %04x", musb_readw(regs, MUSB_CSR0)); 529 return; 530 } 531 532 request = &req->request; 533 534 /* load the data */ 535 fifo_src = (u8 *) request->buf + request->actual; 536 fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE, 537 request->length - request->actual); 538 musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src); 539 request->actual += fifo_count; 540 541 /* update the flags */ 542 if (fifo_count < MUSB_MAX_END0_PACKET 543 || (request->actual == request->length 544 && !request->zero)) { 545 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 546 csr |= MUSB_CSR0_P_DATAEND; 547 } else 548 request = NULL; 549 550 /* report completions as soon as the fifo's loaded; there's no 551 * win in waiting till this last packet gets acked. (other than 552 * very precise fault reporting, needed by USB TMC; possible with 553 * this hardware, but not usable from portable gadget drivers.) 554 */ 555 if (request) { 556 musb->ackpend = csr; 557 musb_g_ep0_giveback(musb, request); 558 if (!musb->ackpend) 559 return; 560 musb->ackpend = 0; 561 } 562 563 /* send it out, triggering a "txpktrdy cleared" irq */ 564 musb_ep_select(musb->mregs, 0); 565 musb_writew(regs, MUSB_CSR0, csr); 566 } 567 568 /* 569 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware. 570 * Fields are left in USB byte-order. 571 * 572 * Context: caller holds controller lock. 573 */ 574 static void 575 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req) 576 { 577 struct musb_request *r; 578 void __iomem *regs = musb->control_ep->regs; 579 580 musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req); 581 582 /* NOTE: earlier 2.6 versions changed setup packets to host 583 * order, but now USB packets always stay in USB byte order. 584 */ 585 musb_dbg(musb, "SETUP req%02x.%02x v%04x i%04x l%d", 586 req->bRequestType, 587 req->bRequest, 588 le16_to_cpu(req->wValue), 589 le16_to_cpu(req->wIndex), 590 le16_to_cpu(req->wLength)); 591 592 /* clean up any leftover transfers */ 593 r = next_ep0_request(musb); 594 if (r) 595 musb_g_ep0_giveback(musb, &r->request); 596 597 /* For zero-data requests we want to delay the STATUS stage to 598 * avoid SETUPEND errors. If we read data (OUT), delay accepting 599 * packets until there's a buffer to store them in. 600 * 601 * If we write data, the controller acts happier if we enable 602 * the TX FIFO right away, and give the controller a moment 603 * to switch modes... 604 */ 605 musb->set_address = false; 606 musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY; 607 if (req->wLength == 0) { 608 if (req->bRequestType & USB_DIR_IN) 609 musb->ackpend |= MUSB_CSR0_TXPKTRDY; 610 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT; 611 } else if (req->bRequestType & USB_DIR_IN) { 612 musb->ep0_state = MUSB_EP0_STAGE_TX; 613 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY); 614 while ((musb_readw(regs, MUSB_CSR0) 615 & MUSB_CSR0_RXPKTRDY) != 0) 616 cpu_relax(); 617 musb->ackpend = 0; 618 } else 619 musb->ep0_state = MUSB_EP0_STAGE_RX; 620 } 621 622 static int 623 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 624 __releases(musb->lock) 625 __acquires(musb->lock) 626 { 627 int retval; 628 if (!musb->gadget_driver) 629 return -EOPNOTSUPP; 630 spin_unlock(&musb->lock); 631 retval = musb->gadget_driver->setup(&musb->g, ctrlrequest); 632 spin_lock(&musb->lock); 633 return retval; 634 } 635 636 /* 637 * Handle peripheral ep0 interrupt 638 * 639 * Context: irq handler; we won't re-enter the driver that way. 640 */ 641 irqreturn_t musb_g_ep0_irq(struct musb *musb) 642 { 643 u16 csr; 644 u16 len; 645 void __iomem *mbase = musb->mregs; 646 void __iomem *regs = musb->endpoints[0].regs; 647 irqreturn_t retval = IRQ_NONE; 648 649 musb_ep_select(mbase, 0); /* select ep0 */ 650 csr = musb_readw(regs, MUSB_CSR0); 651 len = musb_readb(regs, MUSB_COUNT0); 652 653 musb_dbg(musb, "csr %04x, count %d, ep0stage %s", 654 csr, len, decode_ep0stage(musb->ep0_state)); 655 656 if (csr & MUSB_CSR0_P_DATAEND) { 657 /* 658 * If DATAEND is set we should not call the callback, 659 * hence the status stage is not complete. 660 */ 661 return IRQ_HANDLED; 662 } 663 664 /* I sent a stall.. need to acknowledge it now.. */ 665 if (csr & MUSB_CSR0_P_SENTSTALL) { 666 musb_writew(regs, MUSB_CSR0, 667 csr & ~MUSB_CSR0_P_SENTSTALL); 668 retval = IRQ_HANDLED; 669 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 670 csr = musb_readw(regs, MUSB_CSR0); 671 } 672 673 /* request ended "early" */ 674 if (csr & MUSB_CSR0_P_SETUPEND) { 675 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND); 676 retval = IRQ_HANDLED; 677 /* Transition into the early status phase */ 678 switch (musb->ep0_state) { 679 case MUSB_EP0_STAGE_TX: 680 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 681 break; 682 case MUSB_EP0_STAGE_RX: 683 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 684 break; 685 default: 686 ERR("SetupEnd came in a wrong ep0stage %s\n", 687 decode_ep0stage(musb->ep0_state)); 688 } 689 csr = musb_readw(regs, MUSB_CSR0); 690 /* NOTE: request may need completion */ 691 } 692 693 /* docs from Mentor only describe tx, rx, and idle/setup states. 694 * we need to handle nuances around status stages, and also the 695 * case where status and setup stages come back-to-back ... 696 */ 697 switch (musb->ep0_state) { 698 699 case MUSB_EP0_STAGE_TX: 700 /* irq on clearing txpktrdy */ 701 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) { 702 ep0_txstate(musb); 703 retval = IRQ_HANDLED; 704 } 705 break; 706 707 case MUSB_EP0_STAGE_RX: 708 /* irq on set rxpktrdy */ 709 if (csr & MUSB_CSR0_RXPKTRDY) { 710 ep0_rxstate(musb); 711 retval = IRQ_HANDLED; 712 } 713 break; 714 715 case MUSB_EP0_STAGE_STATUSIN: 716 /* end of sequence #2 (OUT/RX state) or #3 (no data) */ 717 718 /* update address (if needed) only @ the end of the 719 * status phase per usb spec, which also guarantees 720 * we get 10 msec to receive this irq... until this 721 * is done we won't see the next packet. 722 */ 723 if (musb->set_address) { 724 musb->set_address = false; 725 musb_writeb(mbase, MUSB_FADDR, musb->address); 726 } 727 728 /* enter test mode if needed (exit by reset) */ 729 else if (musb->test_mode) { 730 musb_dbg(musb, "entering TESTMODE"); 731 732 if (MUSB_TEST_PACKET == musb->test_mode_nr) 733 musb_load_testpacket(musb); 734 735 musb_writeb(mbase, MUSB_TESTMODE, 736 musb->test_mode_nr); 737 } 738 /* FALLTHROUGH */ 739 740 case MUSB_EP0_STAGE_STATUSOUT: 741 /* end of sequence #1: write to host (TX state) */ 742 { 743 struct musb_request *req; 744 745 req = next_ep0_request(musb); 746 if (req) 747 musb_g_ep0_giveback(musb, &req->request); 748 } 749 750 /* 751 * In case when several interrupts can get coalesced, 752 * check to see if we've already received a SETUP packet... 753 */ 754 if (csr & MUSB_CSR0_RXPKTRDY) 755 goto setup; 756 757 retval = IRQ_HANDLED; 758 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 759 break; 760 761 case MUSB_EP0_STAGE_IDLE: 762 /* 763 * This state is typically (but not always) indiscernible 764 * from the status states since the corresponding interrupts 765 * tend to happen within too little period of time (with only 766 * a zero-length packet in between) and so get coalesced... 767 */ 768 retval = IRQ_HANDLED; 769 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 770 /* FALLTHROUGH */ 771 772 case MUSB_EP0_STAGE_SETUP: 773 setup: 774 if (csr & MUSB_CSR0_RXPKTRDY) { 775 struct usb_ctrlrequest setup; 776 int handled = 0; 777 778 if (len != 8) { 779 ERR("SETUP packet len %d != 8 ?\n", len); 780 break; 781 } 782 musb_read_setup(musb, &setup); 783 retval = IRQ_HANDLED; 784 785 /* sometimes the RESET won't be reported */ 786 if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) { 787 u8 power; 788 789 printk(KERN_NOTICE "%s: peripheral reset " 790 "irq lost!\n", 791 musb_driver_name); 792 power = musb_readb(mbase, MUSB_POWER); 793 musb->g.speed = (power & MUSB_POWER_HSMODE) 794 ? USB_SPEED_HIGH : USB_SPEED_FULL; 795 796 } 797 798 switch (musb->ep0_state) { 799 800 /* sequence #3 (no data stage), includes requests 801 * we can't forward (notably SET_ADDRESS and the 802 * device/endpoint feature set/clear operations) 803 * plus SET_CONFIGURATION and others we must 804 */ 805 case MUSB_EP0_STAGE_ACKWAIT: 806 handled = service_zero_data_request( 807 musb, &setup); 808 809 /* 810 * We're expecting no data in any case, so 811 * always set the DATAEND bit -- doing this 812 * here helps avoid SetupEnd interrupt coming 813 * in the idle stage when we're stalling... 814 */ 815 musb->ackpend |= MUSB_CSR0_P_DATAEND; 816 817 /* status stage might be immediate */ 818 if (handled > 0) 819 musb->ep0_state = 820 MUSB_EP0_STAGE_STATUSIN; 821 break; 822 823 /* sequence #1 (IN to host), includes GET_STATUS 824 * requests that we can't forward, GET_DESCRIPTOR 825 * and others that we must 826 */ 827 case MUSB_EP0_STAGE_TX: 828 handled = service_in_request(musb, &setup); 829 if (handled > 0) { 830 musb->ackpend = MUSB_CSR0_TXPKTRDY 831 | MUSB_CSR0_P_DATAEND; 832 musb->ep0_state = 833 MUSB_EP0_STAGE_STATUSOUT; 834 } 835 break; 836 837 /* sequence #2 (OUT from host), always forward */ 838 default: /* MUSB_EP0_STAGE_RX */ 839 break; 840 } 841 842 musb_dbg(musb, "handled %d, csr %04x, ep0stage %s", 843 handled, csr, 844 decode_ep0stage(musb->ep0_state)); 845 846 /* unless we need to delegate this to the gadget 847 * driver, we know how to wrap this up: csr0 has 848 * not yet been written. 849 */ 850 if (handled < 0) 851 goto stall; 852 else if (handled > 0) 853 goto finish; 854 855 handled = forward_to_driver(musb, &setup); 856 if (handled < 0) { 857 musb_ep_select(mbase, 0); 858 stall: 859 musb_dbg(musb, "stall (%d)", handled); 860 musb->ackpend |= MUSB_CSR0_P_SENDSTALL; 861 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 862 finish: 863 musb_writew(regs, MUSB_CSR0, 864 musb->ackpend); 865 musb->ackpend = 0; 866 } 867 } 868 break; 869 870 case MUSB_EP0_STAGE_ACKWAIT: 871 /* This should not happen. But happens with tusb6010 with 872 * g_file_storage and high speed. Do nothing. 873 */ 874 retval = IRQ_HANDLED; 875 break; 876 877 default: 878 /* "can't happen" */ 879 WARN_ON(1); 880 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL); 881 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 882 break; 883 } 884 885 return retval; 886 } 887 888 889 static int 890 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc) 891 { 892 /* always enabled */ 893 return -EINVAL; 894 } 895 896 static int musb_g_ep0_disable(struct usb_ep *e) 897 { 898 /* always enabled */ 899 return -EINVAL; 900 } 901 902 static int 903 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags) 904 { 905 struct musb_ep *ep; 906 struct musb_request *req; 907 struct musb *musb; 908 int status; 909 unsigned long lockflags; 910 void __iomem *regs; 911 912 if (!e || !r) 913 return -EINVAL; 914 915 ep = to_musb_ep(e); 916 musb = ep->musb; 917 regs = musb->control_ep->regs; 918 919 req = to_musb_request(r); 920 req->musb = musb; 921 req->request.actual = 0; 922 req->request.status = -EINPROGRESS; 923 req->tx = ep->is_in; 924 925 spin_lock_irqsave(&musb->lock, lockflags); 926 927 if (!list_empty(&ep->req_list)) { 928 status = -EBUSY; 929 goto cleanup; 930 } 931 932 switch (musb->ep0_state) { 933 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 934 case MUSB_EP0_STAGE_TX: /* control-IN data */ 935 case MUSB_EP0_STAGE_ACKWAIT: /* zero-length data */ 936 status = 0; 937 break; 938 default: 939 musb_dbg(musb, "ep0 request queued in state %d", 940 musb->ep0_state); 941 status = -EINVAL; 942 goto cleanup; 943 } 944 945 /* add request to the list */ 946 list_add_tail(&req->list, &ep->req_list); 947 948 musb_dbg(musb, "queue to %s (%s), length=%d", 949 ep->name, ep->is_in ? "IN/TX" : "OUT/RX", 950 req->request.length); 951 952 musb_ep_select(musb->mregs, 0); 953 954 /* sequence #1, IN ... start writing the data */ 955 if (musb->ep0_state == MUSB_EP0_STAGE_TX) 956 ep0_txstate(musb); 957 958 /* sequence #3, no-data ... issue IN status */ 959 else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) { 960 if (req->request.length) 961 status = -EINVAL; 962 else { 963 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 964 musb_writew(regs, MUSB_CSR0, 965 musb->ackpend | MUSB_CSR0_P_DATAEND); 966 musb->ackpend = 0; 967 musb_g_ep0_giveback(ep->musb, r); 968 } 969 970 /* else for sequence #2 (OUT), caller provides a buffer 971 * before the next packet arrives. deferred responses 972 * (after SETUP is acked) are racey. 973 */ 974 } else if (musb->ackpend) { 975 musb_writew(regs, MUSB_CSR0, musb->ackpend); 976 musb->ackpend = 0; 977 } 978 979 cleanup: 980 spin_unlock_irqrestore(&musb->lock, lockflags); 981 return status; 982 } 983 984 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req) 985 { 986 /* we just won't support this */ 987 return -EINVAL; 988 } 989 990 static int musb_g_ep0_halt(struct usb_ep *e, int value) 991 { 992 struct musb_ep *ep; 993 struct musb *musb; 994 void __iomem *base, *regs; 995 unsigned long flags; 996 int status; 997 u16 csr; 998 999 if (!e || !value) 1000 return -EINVAL; 1001 1002 ep = to_musb_ep(e); 1003 musb = ep->musb; 1004 base = musb->mregs; 1005 regs = musb->control_ep->regs; 1006 status = 0; 1007 1008 spin_lock_irqsave(&musb->lock, flags); 1009 1010 if (!list_empty(&ep->req_list)) { 1011 status = -EBUSY; 1012 goto cleanup; 1013 } 1014 1015 musb_ep_select(base, 0); 1016 csr = musb->ackpend; 1017 1018 switch (musb->ep0_state) { 1019 1020 /* Stalls are usually issued after parsing SETUP packet, either 1021 * directly in irq context from setup() or else later. 1022 */ 1023 case MUSB_EP0_STAGE_TX: /* control-IN data */ 1024 case MUSB_EP0_STAGE_ACKWAIT: /* STALL for zero-length data */ 1025 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 1026 csr = musb_readw(regs, MUSB_CSR0); 1027 /* FALLTHROUGH */ 1028 1029 /* It's also OK to issue stalls during callbacks when a non-empty 1030 * DATA stage buffer has been read (or even written). 1031 */ 1032 case MUSB_EP0_STAGE_STATUSIN: /* control-OUT status */ 1033 case MUSB_EP0_STAGE_STATUSOUT: /* control-IN status */ 1034 1035 csr |= MUSB_CSR0_P_SENDSTALL; 1036 musb_writew(regs, MUSB_CSR0, csr); 1037 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 1038 musb->ackpend = 0; 1039 break; 1040 default: 1041 musb_dbg(musb, "ep0 can't halt in state %d", musb->ep0_state); 1042 status = -EINVAL; 1043 } 1044 1045 cleanup: 1046 spin_unlock_irqrestore(&musb->lock, flags); 1047 return status; 1048 } 1049 1050 const struct usb_ep_ops musb_g_ep0_ops = { 1051 .enable = musb_g_ep0_enable, 1052 .disable = musb_g_ep0_disable, 1053 .alloc_request = musb_alloc_request, 1054 .free_request = musb_free_request, 1055 .queue = musb_g_ep0_queue, 1056 .dequeue = musb_g_ep0_dequeue, 1057 .set_halt = musb_g_ep0_halt, 1058 }; 1059