1 /* 2 * MUSB OTG peripheral driver ep0 handling 3 * 4 * Copyright 2005 Mentor Graphics Corporation 5 * Copyright (C) 2005-2006 by Texas Instruments 6 * Copyright (C) 2006-2007 Nokia Corporation 7 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * version 2 as published by the Free Software Foundation. 12 * 13 * This program is distributed in the hope that it will be useful, but 14 * WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 21 * 02110-1301 USA 22 * 23 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED 24 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN 26 * NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 29 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 30 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 * 34 */ 35 36 #include <linux/kernel.h> 37 #include <linux/list.h> 38 #include <linux/timer.h> 39 #include <linux/spinlock.h> 40 #include <linux/init.h> 41 #include <linux/device.h> 42 #include <linux/interrupt.h> 43 44 #include "musb_core.h" 45 46 /* ep0 is always musb->endpoints[0].ep_in */ 47 #define next_ep0_request(musb) next_in_request(&(musb)->endpoints[0]) 48 49 /* 50 * locking note: we use only the controller lock, for simpler correctness. 51 * It's always held with IRQs blocked. 52 * 53 * It protects the ep0 request queue as well as ep0_state, not just the 54 * controller and indexed registers. And that lock stays held unless it 55 * needs to be dropped to allow reentering this driver ... like upcalls to 56 * the gadget driver, or adjusting endpoint halt status. 57 */ 58 59 static char *decode_ep0stage(u8 stage) 60 { 61 switch (stage) { 62 case MUSB_EP0_STAGE_IDLE: return "idle"; 63 case MUSB_EP0_STAGE_SETUP: return "setup"; 64 case MUSB_EP0_STAGE_TX: return "in"; 65 case MUSB_EP0_STAGE_RX: return "out"; 66 case MUSB_EP0_STAGE_ACKWAIT: return "wait"; 67 case MUSB_EP0_STAGE_STATUSIN: return "in/status"; 68 case MUSB_EP0_STAGE_STATUSOUT: return "out/status"; 69 default: return "?"; 70 } 71 } 72 73 /* handle a standard GET_STATUS request 74 * Context: caller holds controller lock 75 */ 76 static int service_tx_status_request( 77 struct musb *musb, 78 const struct usb_ctrlrequest *ctrlrequest) 79 { 80 void __iomem *mbase = musb->mregs; 81 int handled = 1; 82 u8 result[2], epnum = 0; 83 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 84 85 result[1] = 0; 86 87 switch (recip) { 88 case USB_RECIP_DEVICE: 89 result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED; 90 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP; 91 #ifdef CONFIG_USB_MUSB_OTG 92 if (musb->g.is_otg) { 93 result[0] |= musb->g.b_hnp_enable 94 << USB_DEVICE_B_HNP_ENABLE; 95 result[0] |= musb->g.a_alt_hnp_support 96 << USB_DEVICE_A_ALT_HNP_SUPPORT; 97 result[0] |= musb->g.a_hnp_support 98 << USB_DEVICE_A_HNP_SUPPORT; 99 } 100 #endif 101 break; 102 103 case USB_RECIP_INTERFACE: 104 result[0] = 0; 105 break; 106 107 case USB_RECIP_ENDPOINT: { 108 int is_in; 109 struct musb_ep *ep; 110 u16 tmp; 111 void __iomem *regs; 112 113 epnum = (u8) ctrlrequest->wIndex; 114 if (!epnum) { 115 result[0] = 0; 116 break; 117 } 118 119 is_in = epnum & USB_DIR_IN; 120 if (is_in) { 121 epnum &= 0x0f; 122 ep = &musb->endpoints[epnum].ep_in; 123 } else { 124 ep = &musb->endpoints[epnum].ep_out; 125 } 126 regs = musb->endpoints[epnum].regs; 127 128 if (epnum >= MUSB_C_NUM_EPS || !ep->desc) { 129 handled = -EINVAL; 130 break; 131 } 132 133 musb_ep_select(mbase, epnum); 134 if (is_in) 135 tmp = musb_readw(regs, MUSB_TXCSR) 136 & MUSB_TXCSR_P_SENDSTALL; 137 else 138 tmp = musb_readw(regs, MUSB_RXCSR) 139 & MUSB_RXCSR_P_SENDSTALL; 140 musb_ep_select(mbase, 0); 141 142 result[0] = tmp ? 1 : 0; 143 } break; 144 145 default: 146 /* class, vendor, etc ... delegate */ 147 handled = 0; 148 break; 149 } 150 151 /* fill up the fifo; caller updates csr0 */ 152 if (handled > 0) { 153 u16 len = le16_to_cpu(ctrlrequest->wLength); 154 155 if (len > 2) 156 len = 2; 157 musb_write_fifo(&musb->endpoints[0], len, result); 158 } 159 160 return handled; 161 } 162 163 /* 164 * handle a control-IN request, the end0 buffer contains the current request 165 * that is supposed to be a standard control request. Assumes the fifo to 166 * be at least 2 bytes long. 167 * 168 * @return 0 if the request was NOT HANDLED, 169 * < 0 when error 170 * > 0 when the request is processed 171 * 172 * Context: caller holds controller lock 173 */ 174 static int 175 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 176 { 177 int handled = 0; /* not handled */ 178 179 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 180 == USB_TYPE_STANDARD) { 181 switch (ctrlrequest->bRequest) { 182 case USB_REQ_GET_STATUS: 183 handled = service_tx_status_request(musb, 184 ctrlrequest); 185 break; 186 187 /* case USB_REQ_SYNC_FRAME: */ 188 189 default: 190 break; 191 } 192 } 193 return handled; 194 } 195 196 /* 197 * Context: caller holds controller lock 198 */ 199 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req) 200 { 201 musb_g_giveback(&musb->endpoints[0].ep_in, req, 0); 202 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 203 } 204 205 /* 206 * Tries to start B-device HNP negotiation if enabled via sysfs 207 */ 208 static inline void musb_try_b_hnp_enable(struct musb *musb) 209 { 210 void __iomem *mbase = musb->mregs; 211 u8 devctl; 212 213 DBG(1, "HNP: Setting HR\n"); 214 devctl = musb_readb(mbase, MUSB_DEVCTL); 215 musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR); 216 } 217 218 /* 219 * Handle all control requests with no DATA stage, including standard 220 * requests such as: 221 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized 222 * always delegated to the gadget driver 223 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE 224 * always handled here, except for class/vendor/... features 225 * 226 * Context: caller holds controller lock 227 */ 228 static int 229 service_zero_data_request(struct musb *musb, 230 struct usb_ctrlrequest *ctrlrequest) 231 __releases(musb->lock) 232 __acquires(musb->lock) 233 { 234 int handled = -EINVAL; 235 void __iomem *mbase = musb->mregs; 236 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 237 238 /* the gadget driver handles everything except what we MUST handle */ 239 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 240 == USB_TYPE_STANDARD) { 241 switch (ctrlrequest->bRequest) { 242 case USB_REQ_SET_ADDRESS: 243 /* change it after the status stage */ 244 musb->set_address = true; 245 musb->address = (u8) (ctrlrequest->wValue & 0x7f); 246 handled = 1; 247 break; 248 249 case USB_REQ_CLEAR_FEATURE: 250 switch (recip) { 251 case USB_RECIP_DEVICE: 252 if (ctrlrequest->wValue 253 != USB_DEVICE_REMOTE_WAKEUP) 254 break; 255 musb->may_wakeup = 0; 256 handled = 1; 257 break; 258 case USB_RECIP_INTERFACE: 259 break; 260 case USB_RECIP_ENDPOINT:{ 261 const u8 num = ctrlrequest->wIndex & 0x0f; 262 struct musb_ep *musb_ep; 263 264 if (num == 0 265 || num >= MUSB_C_NUM_EPS 266 || ctrlrequest->wValue 267 != USB_ENDPOINT_HALT) 268 break; 269 270 if (ctrlrequest->wIndex & USB_DIR_IN) 271 musb_ep = &musb->endpoints[num].ep_in; 272 else 273 musb_ep = &musb->endpoints[num].ep_out; 274 if (!musb_ep->desc) 275 break; 276 277 /* REVISIT do it directly, no locking games */ 278 spin_unlock(&musb->lock); 279 musb_gadget_set_halt(&musb_ep->end_point, 0); 280 spin_lock(&musb->lock); 281 282 /* select ep0 again */ 283 musb_ep_select(mbase, 0); 284 handled = 1; 285 } break; 286 default: 287 /* class, vendor, etc ... delegate */ 288 handled = 0; 289 break; 290 } 291 break; 292 293 case USB_REQ_SET_FEATURE: 294 switch (recip) { 295 case USB_RECIP_DEVICE: 296 handled = 1; 297 switch (ctrlrequest->wValue) { 298 case USB_DEVICE_REMOTE_WAKEUP: 299 musb->may_wakeup = 1; 300 break; 301 case USB_DEVICE_TEST_MODE: 302 if (musb->g.speed != USB_SPEED_HIGH) 303 goto stall; 304 if (ctrlrequest->wIndex & 0xff) 305 goto stall; 306 307 switch (ctrlrequest->wIndex >> 8) { 308 case 1: 309 pr_debug("TEST_J\n"); 310 /* TEST_J */ 311 musb->test_mode_nr = 312 MUSB_TEST_J; 313 break; 314 case 2: 315 /* TEST_K */ 316 pr_debug("TEST_K\n"); 317 musb->test_mode_nr = 318 MUSB_TEST_K; 319 break; 320 case 3: 321 /* TEST_SE0_NAK */ 322 pr_debug("TEST_SE0_NAK\n"); 323 musb->test_mode_nr = 324 MUSB_TEST_SE0_NAK; 325 break; 326 case 4: 327 /* TEST_PACKET */ 328 pr_debug("TEST_PACKET\n"); 329 musb->test_mode_nr = 330 MUSB_TEST_PACKET; 331 break; 332 default: 333 goto stall; 334 } 335 336 /* enter test mode after irq */ 337 if (handled > 0) 338 musb->test_mode = true; 339 break; 340 #ifdef CONFIG_USB_MUSB_OTG 341 case USB_DEVICE_B_HNP_ENABLE: 342 if (!musb->g.is_otg) 343 goto stall; 344 musb->g.b_hnp_enable = 1; 345 musb_try_b_hnp_enable(musb); 346 break; 347 case USB_DEVICE_A_HNP_SUPPORT: 348 if (!musb->g.is_otg) 349 goto stall; 350 musb->g.a_hnp_support = 1; 351 break; 352 case USB_DEVICE_A_ALT_HNP_SUPPORT: 353 if (!musb->g.is_otg) 354 goto stall; 355 musb->g.a_alt_hnp_support = 1; 356 break; 357 #endif 358 stall: 359 default: 360 handled = -EINVAL; 361 break; 362 } 363 break; 364 365 case USB_RECIP_INTERFACE: 366 break; 367 368 case USB_RECIP_ENDPOINT:{ 369 const u8 epnum = 370 ctrlrequest->wIndex & 0x0f; 371 struct musb_ep *musb_ep; 372 struct musb_hw_ep *ep; 373 void __iomem *regs; 374 int is_in; 375 u16 csr; 376 377 if (epnum == 0 378 || epnum >= MUSB_C_NUM_EPS 379 || ctrlrequest->wValue 380 != USB_ENDPOINT_HALT) 381 break; 382 383 ep = musb->endpoints + epnum; 384 regs = ep->regs; 385 is_in = ctrlrequest->wIndex & USB_DIR_IN; 386 if (is_in) 387 musb_ep = &ep->ep_in; 388 else 389 musb_ep = &ep->ep_out; 390 if (!musb_ep->desc) 391 break; 392 393 musb_ep_select(mbase, epnum); 394 if (is_in) { 395 csr = musb_readw(regs, 396 MUSB_TXCSR); 397 if (csr & MUSB_TXCSR_FIFONOTEMPTY) 398 csr |= MUSB_TXCSR_FLUSHFIFO; 399 csr |= MUSB_TXCSR_P_SENDSTALL 400 | MUSB_TXCSR_CLRDATATOG 401 | MUSB_TXCSR_P_WZC_BITS; 402 musb_writew(regs, MUSB_TXCSR, 403 csr); 404 } else { 405 csr = musb_readw(regs, 406 MUSB_RXCSR); 407 csr |= MUSB_RXCSR_P_SENDSTALL 408 | MUSB_RXCSR_FLUSHFIFO 409 | MUSB_RXCSR_CLRDATATOG 410 | MUSB_RXCSR_P_WZC_BITS; 411 musb_writew(regs, MUSB_RXCSR, 412 csr); 413 } 414 415 /* select ep0 again */ 416 musb_ep_select(mbase, 0); 417 handled = 1; 418 } break; 419 420 default: 421 /* class, vendor, etc ... delegate */ 422 handled = 0; 423 break; 424 } 425 break; 426 default: 427 /* delegate SET_CONFIGURATION, etc */ 428 handled = 0; 429 } 430 } else 431 handled = 0; 432 return handled; 433 } 434 435 /* we have an ep0out data packet 436 * Context: caller holds controller lock 437 */ 438 static void ep0_rxstate(struct musb *musb) 439 { 440 void __iomem *regs = musb->control_ep->regs; 441 struct usb_request *req; 442 u16 count, csr; 443 444 req = next_ep0_request(musb); 445 446 /* read packet and ack; or stall because of gadget driver bug: 447 * should have provided the rx buffer before setup() returned. 448 */ 449 if (req) { 450 void *buf = req->buf + req->actual; 451 unsigned len = req->length - req->actual; 452 453 /* read the buffer */ 454 count = musb_readb(regs, MUSB_COUNT0); 455 if (count > len) { 456 req->status = -EOVERFLOW; 457 count = len; 458 } 459 musb_read_fifo(&musb->endpoints[0], count, buf); 460 req->actual += count; 461 csr = MUSB_CSR0_P_SVDRXPKTRDY; 462 if (count < 64 || req->actual == req->length) { 463 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 464 csr |= MUSB_CSR0_P_DATAEND; 465 } else 466 req = NULL; 467 } else 468 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL; 469 470 471 /* Completion handler may choose to stall, e.g. because the 472 * message just received holds invalid data. 473 */ 474 if (req) { 475 musb->ackpend = csr; 476 musb_g_ep0_giveback(musb, req); 477 if (!musb->ackpend) 478 return; 479 musb->ackpend = 0; 480 } 481 musb_ep_select(musb->mregs, 0); 482 musb_writew(regs, MUSB_CSR0, csr); 483 } 484 485 /* 486 * transmitting to the host (IN), this code might be called from IRQ 487 * and from kernel thread. 488 * 489 * Context: caller holds controller lock 490 */ 491 static void ep0_txstate(struct musb *musb) 492 { 493 void __iomem *regs = musb->control_ep->regs; 494 struct usb_request *request = next_ep0_request(musb); 495 u16 csr = MUSB_CSR0_TXPKTRDY; 496 u8 *fifo_src; 497 u8 fifo_count; 498 499 if (!request) { 500 /* WARN_ON(1); */ 501 DBG(2, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0)); 502 return; 503 } 504 505 /* load the data */ 506 fifo_src = (u8 *) request->buf + request->actual; 507 fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE, 508 request->length - request->actual); 509 musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src); 510 request->actual += fifo_count; 511 512 /* update the flags */ 513 if (fifo_count < MUSB_MAX_END0_PACKET 514 || request->actual == request->length) { 515 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 516 csr |= MUSB_CSR0_P_DATAEND; 517 } else 518 request = NULL; 519 520 /* report completions as soon as the fifo's loaded; there's no 521 * win in waiting till this last packet gets acked. (other than 522 * very precise fault reporting, needed by USB TMC; possible with 523 * this hardware, but not usable from portable gadget drivers.) 524 */ 525 if (request) { 526 musb->ackpend = csr; 527 musb_g_ep0_giveback(musb, request); 528 if (!musb->ackpend) 529 return; 530 musb->ackpend = 0; 531 } 532 533 /* send it out, triggering a "txpktrdy cleared" irq */ 534 musb_ep_select(musb->mregs, 0); 535 musb_writew(regs, MUSB_CSR0, csr); 536 } 537 538 /* 539 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware. 540 * Fields are left in USB byte-order. 541 * 542 * Context: caller holds controller lock. 543 */ 544 static void 545 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req) 546 { 547 struct usb_request *r; 548 void __iomem *regs = musb->control_ep->regs; 549 550 musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req); 551 552 /* NOTE: earlier 2.6 versions changed setup packets to host 553 * order, but now USB packets always stay in USB byte order. 554 */ 555 DBG(3, "SETUP req%02x.%02x v%04x i%04x l%d\n", 556 req->bRequestType, 557 req->bRequest, 558 le16_to_cpu(req->wValue), 559 le16_to_cpu(req->wIndex), 560 le16_to_cpu(req->wLength)); 561 562 /* clean up any leftover transfers */ 563 r = next_ep0_request(musb); 564 if (r) 565 musb_g_ep0_giveback(musb, r); 566 567 /* For zero-data requests we want to delay the STATUS stage to 568 * avoid SETUPEND errors. If we read data (OUT), delay accepting 569 * packets until there's a buffer to store them in. 570 * 571 * If we write data, the controller acts happier if we enable 572 * the TX FIFO right away, and give the controller a moment 573 * to switch modes... 574 */ 575 musb->set_address = false; 576 musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY; 577 if (req->wLength == 0) { 578 if (req->bRequestType & USB_DIR_IN) 579 musb->ackpend |= MUSB_CSR0_TXPKTRDY; 580 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT; 581 } else if (req->bRequestType & USB_DIR_IN) { 582 musb->ep0_state = MUSB_EP0_STAGE_TX; 583 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY); 584 while ((musb_readw(regs, MUSB_CSR0) 585 & MUSB_CSR0_RXPKTRDY) != 0) 586 cpu_relax(); 587 musb->ackpend = 0; 588 } else 589 musb->ep0_state = MUSB_EP0_STAGE_RX; 590 } 591 592 static int 593 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 594 __releases(musb->lock) 595 __acquires(musb->lock) 596 { 597 int retval; 598 if (!musb->gadget_driver) 599 return -EOPNOTSUPP; 600 spin_unlock(&musb->lock); 601 retval = musb->gadget_driver->setup(&musb->g, ctrlrequest); 602 spin_lock(&musb->lock); 603 return retval; 604 } 605 606 /* 607 * Handle peripheral ep0 interrupt 608 * 609 * Context: irq handler; we won't re-enter the driver that way. 610 */ 611 irqreturn_t musb_g_ep0_irq(struct musb *musb) 612 { 613 u16 csr; 614 u16 len; 615 void __iomem *mbase = musb->mregs; 616 void __iomem *regs = musb->endpoints[0].regs; 617 irqreturn_t retval = IRQ_NONE; 618 619 musb_ep_select(mbase, 0); /* select ep0 */ 620 csr = musb_readw(regs, MUSB_CSR0); 621 len = musb_readb(regs, MUSB_COUNT0); 622 623 DBG(4, "csr %04x, count %d, myaddr %d, ep0stage %s\n", 624 csr, len, 625 musb_readb(mbase, MUSB_FADDR), 626 decode_ep0stage(musb->ep0_state)); 627 628 /* I sent a stall.. need to acknowledge it now.. */ 629 if (csr & MUSB_CSR0_P_SENTSTALL) { 630 musb_writew(regs, MUSB_CSR0, 631 csr & ~MUSB_CSR0_P_SENTSTALL); 632 retval = IRQ_HANDLED; 633 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 634 csr = musb_readw(regs, MUSB_CSR0); 635 } 636 637 /* request ended "early" */ 638 if (csr & MUSB_CSR0_P_SETUPEND) { 639 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND); 640 retval = IRQ_HANDLED; 641 /* Transition into the early status phase */ 642 switch (musb->ep0_state) { 643 case MUSB_EP0_STAGE_TX: 644 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 645 break; 646 case MUSB_EP0_STAGE_RX: 647 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 648 break; 649 default: 650 ERR("SetupEnd came in a wrong ep0stage %s", 651 decode_ep0stage(musb->ep0_state)); 652 } 653 csr = musb_readw(regs, MUSB_CSR0); 654 /* NOTE: request may need completion */ 655 } 656 657 /* docs from Mentor only describe tx, rx, and idle/setup states. 658 * we need to handle nuances around status stages, and also the 659 * case where status and setup stages come back-to-back ... 660 */ 661 switch (musb->ep0_state) { 662 663 case MUSB_EP0_STAGE_TX: 664 /* irq on clearing txpktrdy */ 665 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) { 666 ep0_txstate(musb); 667 retval = IRQ_HANDLED; 668 } 669 break; 670 671 case MUSB_EP0_STAGE_RX: 672 /* irq on set rxpktrdy */ 673 if (csr & MUSB_CSR0_RXPKTRDY) { 674 ep0_rxstate(musb); 675 retval = IRQ_HANDLED; 676 } 677 break; 678 679 case MUSB_EP0_STAGE_STATUSIN: 680 /* end of sequence #2 (OUT/RX state) or #3 (no data) */ 681 682 /* update address (if needed) only @ the end of the 683 * status phase per usb spec, which also guarantees 684 * we get 10 msec to receive this irq... until this 685 * is done we won't see the next packet. 686 */ 687 if (musb->set_address) { 688 musb->set_address = false; 689 musb_writeb(mbase, MUSB_FADDR, musb->address); 690 } 691 692 /* enter test mode if needed (exit by reset) */ 693 else if (musb->test_mode) { 694 DBG(1, "entering TESTMODE\n"); 695 696 if (MUSB_TEST_PACKET == musb->test_mode_nr) 697 musb_load_testpacket(musb); 698 699 musb_writeb(mbase, MUSB_TESTMODE, 700 musb->test_mode_nr); 701 } 702 /* FALLTHROUGH */ 703 704 case MUSB_EP0_STAGE_STATUSOUT: 705 /* end of sequence #1: write to host (TX state) */ 706 { 707 struct usb_request *req; 708 709 req = next_ep0_request(musb); 710 if (req) 711 musb_g_ep0_giveback(musb, req); 712 } 713 714 /* 715 * In case when several interrupts can get coalesced, 716 * check to see if we've already received a SETUP packet... 717 */ 718 if (csr & MUSB_CSR0_RXPKTRDY) 719 goto setup; 720 721 retval = IRQ_HANDLED; 722 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 723 break; 724 725 case MUSB_EP0_STAGE_IDLE: 726 /* 727 * This state is typically (but not always) indiscernible 728 * from the status states since the corresponding interrupts 729 * tend to happen within too little period of time (with only 730 * a zero-length packet in between) and so get coalesced... 731 */ 732 retval = IRQ_HANDLED; 733 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 734 /* FALLTHROUGH */ 735 736 case MUSB_EP0_STAGE_SETUP: 737 setup: 738 if (csr & MUSB_CSR0_RXPKTRDY) { 739 struct usb_ctrlrequest setup; 740 int handled = 0; 741 742 if (len != 8) { 743 ERR("SETUP packet len %d != 8 ?\n", len); 744 break; 745 } 746 musb_read_setup(musb, &setup); 747 retval = IRQ_HANDLED; 748 749 /* sometimes the RESET won't be reported */ 750 if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) { 751 u8 power; 752 753 printk(KERN_NOTICE "%s: peripheral reset " 754 "irq lost!\n", 755 musb_driver_name); 756 power = musb_readb(mbase, MUSB_POWER); 757 musb->g.speed = (power & MUSB_POWER_HSMODE) 758 ? USB_SPEED_HIGH : USB_SPEED_FULL; 759 760 } 761 762 switch (musb->ep0_state) { 763 764 /* sequence #3 (no data stage), includes requests 765 * we can't forward (notably SET_ADDRESS and the 766 * device/endpoint feature set/clear operations) 767 * plus SET_CONFIGURATION and others we must 768 */ 769 case MUSB_EP0_STAGE_ACKWAIT: 770 handled = service_zero_data_request( 771 musb, &setup); 772 773 /* status stage might be immediate */ 774 if (handled > 0) { 775 musb->ackpend |= MUSB_CSR0_P_DATAEND; 776 musb->ep0_state = 777 MUSB_EP0_STAGE_STATUSIN; 778 } 779 break; 780 781 /* sequence #1 (IN to host), includes GET_STATUS 782 * requests that we can't forward, GET_DESCRIPTOR 783 * and others that we must 784 */ 785 case MUSB_EP0_STAGE_TX: 786 handled = service_in_request(musb, &setup); 787 if (handled > 0) { 788 musb->ackpend = MUSB_CSR0_TXPKTRDY 789 | MUSB_CSR0_P_DATAEND; 790 musb->ep0_state = 791 MUSB_EP0_STAGE_STATUSOUT; 792 } 793 break; 794 795 /* sequence #2 (OUT from host), always forward */ 796 default: /* MUSB_EP0_STAGE_RX */ 797 break; 798 } 799 800 DBG(3, "handled %d, csr %04x, ep0stage %s\n", 801 handled, csr, 802 decode_ep0stage(musb->ep0_state)); 803 804 /* unless we need to delegate this to the gadget 805 * driver, we know how to wrap this up: csr0 has 806 * not yet been written. 807 */ 808 if (handled < 0) 809 goto stall; 810 else if (handled > 0) 811 goto finish; 812 813 handled = forward_to_driver(musb, &setup); 814 if (handled < 0) { 815 musb_ep_select(mbase, 0); 816 stall: 817 DBG(3, "stall (%d)\n", handled); 818 musb->ackpend |= MUSB_CSR0_P_SENDSTALL; 819 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 820 finish: 821 musb_writew(regs, MUSB_CSR0, 822 musb->ackpend); 823 musb->ackpend = 0; 824 } 825 } 826 break; 827 828 case MUSB_EP0_STAGE_ACKWAIT: 829 /* This should not happen. But happens with tusb6010 with 830 * g_file_storage and high speed. Do nothing. 831 */ 832 retval = IRQ_HANDLED; 833 break; 834 835 default: 836 /* "can't happen" */ 837 WARN_ON(1); 838 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL); 839 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 840 break; 841 } 842 843 return retval; 844 } 845 846 847 static int 848 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc) 849 { 850 /* always enabled */ 851 return -EINVAL; 852 } 853 854 static int musb_g_ep0_disable(struct usb_ep *e) 855 { 856 /* always enabled */ 857 return -EINVAL; 858 } 859 860 static int 861 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags) 862 { 863 struct musb_ep *ep; 864 struct musb_request *req; 865 struct musb *musb; 866 int status; 867 unsigned long lockflags; 868 void __iomem *regs; 869 870 if (!e || !r) 871 return -EINVAL; 872 873 ep = to_musb_ep(e); 874 musb = ep->musb; 875 regs = musb->control_ep->regs; 876 877 req = to_musb_request(r); 878 req->musb = musb; 879 req->request.actual = 0; 880 req->request.status = -EINPROGRESS; 881 req->tx = ep->is_in; 882 883 spin_lock_irqsave(&musb->lock, lockflags); 884 885 if (!list_empty(&ep->req_list)) { 886 status = -EBUSY; 887 goto cleanup; 888 } 889 890 switch (musb->ep0_state) { 891 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 892 case MUSB_EP0_STAGE_TX: /* control-IN data */ 893 case MUSB_EP0_STAGE_ACKWAIT: /* zero-length data */ 894 status = 0; 895 break; 896 default: 897 DBG(1, "ep0 request queued in state %d\n", 898 musb->ep0_state); 899 status = -EINVAL; 900 goto cleanup; 901 } 902 903 /* add request to the list */ 904 list_add_tail(&(req->request.list), &(ep->req_list)); 905 906 DBG(3, "queue to %s (%s), length=%d\n", 907 ep->name, ep->is_in ? "IN/TX" : "OUT/RX", 908 req->request.length); 909 910 musb_ep_select(musb->mregs, 0); 911 912 /* sequence #1, IN ... start writing the data */ 913 if (musb->ep0_state == MUSB_EP0_STAGE_TX) 914 ep0_txstate(musb); 915 916 /* sequence #3, no-data ... issue IN status */ 917 else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) { 918 if (req->request.length) 919 status = -EINVAL; 920 else { 921 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 922 musb_writew(regs, MUSB_CSR0, 923 musb->ackpend | MUSB_CSR0_P_DATAEND); 924 musb->ackpend = 0; 925 musb_g_ep0_giveback(ep->musb, r); 926 } 927 928 /* else for sequence #2 (OUT), caller provides a buffer 929 * before the next packet arrives. deferred responses 930 * (after SETUP is acked) are racey. 931 */ 932 } else if (musb->ackpend) { 933 musb_writew(regs, MUSB_CSR0, musb->ackpend); 934 musb->ackpend = 0; 935 } 936 937 cleanup: 938 spin_unlock_irqrestore(&musb->lock, lockflags); 939 return status; 940 } 941 942 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req) 943 { 944 /* we just won't support this */ 945 return -EINVAL; 946 } 947 948 static int musb_g_ep0_halt(struct usb_ep *e, int value) 949 { 950 struct musb_ep *ep; 951 struct musb *musb; 952 void __iomem *base, *regs; 953 unsigned long flags; 954 int status; 955 u16 csr; 956 957 if (!e || !value) 958 return -EINVAL; 959 960 ep = to_musb_ep(e); 961 musb = ep->musb; 962 base = musb->mregs; 963 regs = musb->control_ep->regs; 964 status = 0; 965 966 spin_lock_irqsave(&musb->lock, flags); 967 968 if (!list_empty(&ep->req_list)) { 969 status = -EBUSY; 970 goto cleanup; 971 } 972 973 musb_ep_select(base, 0); 974 csr = musb->ackpend; 975 976 switch (musb->ep0_state) { 977 978 /* Stalls are usually issued after parsing SETUP packet, either 979 * directly in irq context from setup() or else later. 980 */ 981 case MUSB_EP0_STAGE_TX: /* control-IN data */ 982 case MUSB_EP0_STAGE_ACKWAIT: /* STALL for zero-length data */ 983 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 984 csr = musb_readw(regs, MUSB_CSR0); 985 /* FALLTHROUGH */ 986 987 /* It's also OK to issue stalls during callbacks when a non-empty 988 * DATA stage buffer has been read (or even written). 989 */ 990 case MUSB_EP0_STAGE_STATUSIN: /* control-OUT status */ 991 case MUSB_EP0_STAGE_STATUSOUT: /* control-IN status */ 992 993 csr |= MUSB_CSR0_P_SENDSTALL; 994 musb_writew(regs, MUSB_CSR0, csr); 995 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 996 musb->ackpend = 0; 997 break; 998 default: 999 DBG(1, "ep0 can't halt in state %d\n", musb->ep0_state); 1000 status = -EINVAL; 1001 } 1002 1003 cleanup: 1004 spin_unlock_irqrestore(&musb->lock, flags); 1005 return status; 1006 } 1007 1008 const struct usb_ep_ops musb_g_ep0_ops = { 1009 .enable = musb_g_ep0_enable, 1010 .disable = musb_g_ep0_disable, 1011 .alloc_request = musb_alloc_request, 1012 .free_request = musb_free_request, 1013 .queue = musb_g_ep0_queue, 1014 .dequeue = musb_g_ep0_dequeue, 1015 .set_halt = musb_g_ep0_halt, 1016 }; 1017