xref: /openbmc/linux/drivers/usb/musb/musb_host.c (revision 68198dca)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * MUSB OTG driver host support
4  *
5  * Copyright 2005 Mentor Graphics Corporation
6  * Copyright (C) 2005-2006 by Texas Instruments
7  * Copyright (C) 2006-2007 Nokia Corporation
8  * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com>
9  */
10 
11 #include <linux/module.h>
12 #include <linux/kernel.h>
13 #include <linux/delay.h>
14 #include <linux/sched.h>
15 #include <linux/slab.h>
16 #include <linux/errno.h>
17 #include <linux/list.h>
18 #include <linux/dma-mapping.h>
19 
20 #include "musb_core.h"
21 #include "musb_host.h"
22 #include "musb_trace.h"
23 
24 /* MUSB HOST status 22-mar-2006
25  *
26  * - There's still lots of partial code duplication for fault paths, so
27  *   they aren't handled as consistently as they need to be.
28  *
29  * - PIO mostly behaved when last tested.
30  *     + including ep0, with all usbtest cases 9, 10
31  *     + usbtest 14 (ep0out) doesn't seem to run at all
32  *     + double buffered OUT/TX endpoints saw stalls(!) with certain usbtest
33  *       configurations, but otherwise double buffering passes basic tests.
34  *     + for 2.6.N, for N > ~10, needs API changes for hcd framework.
35  *
36  * - DMA (CPPI) ... partially behaves, not currently recommended
37  *     + about 1/15 the speed of typical EHCI implementations (PCI)
38  *     + RX, all too often reqpkt seems to misbehave after tx
39  *     + TX, no known issues (other than evident silicon issue)
40  *
41  * - DMA (Mentor/OMAP) ...has at least toggle update problems
42  *
43  * - [23-feb-2009] minimal traffic scheduling to avoid bulk RX packet
44  *   starvation ... nothing yet for TX, interrupt, or bulk.
45  *
46  * - Not tested with HNP, but some SRP paths seem to behave.
47  *
48  * NOTE 24-August-2006:
49  *
50  * - Bulk traffic finally uses both sides of hardware ep1, freeing up an
51  *   extra endpoint for periodic use enabling hub + keybd + mouse.  That
52  *   mostly works, except that with "usbnet" it's easy to trigger cases
53  *   with "ping" where RX loses.  (a) ping to davinci, even "ping -f",
54  *   fine; but (b) ping _from_ davinci, even "ping -c 1", ICMP RX loses
55  *   although ARP RX wins.  (That test was done with a full speed link.)
56  */
57 
58 
59 /*
60  * NOTE on endpoint usage:
61  *
62  * CONTROL transfers all go through ep0.  BULK ones go through dedicated IN
63  * and OUT endpoints ... hardware is dedicated for those "async" queue(s).
64  * (Yes, bulk _could_ use more of the endpoints than that, and would even
65  * benefit from it.)
66  *
67  * INTERUPPT and ISOCHRONOUS transfers are scheduled to the other endpoints.
68  * So far that scheduling is both dumb and optimistic:  the endpoint will be
69  * "claimed" until its software queue is no longer refilled.  No multiplexing
70  * of transfers between endpoints, or anything clever.
71  */
72 
73 struct musb *hcd_to_musb(struct usb_hcd *hcd)
74 {
75 	return *(struct musb **) hcd->hcd_priv;
76 }
77 
78 
79 static void musb_ep_program(struct musb *musb, u8 epnum,
80 			struct urb *urb, int is_out,
81 			u8 *buf, u32 offset, u32 len);
82 
83 /*
84  * Clear TX fifo. Needed to avoid BABBLE errors.
85  */
86 static void musb_h_tx_flush_fifo(struct musb_hw_ep *ep)
87 {
88 	struct musb	*musb = ep->musb;
89 	void __iomem	*epio = ep->regs;
90 	u16		csr;
91 	int		retries = 1000;
92 
93 	csr = musb_readw(epio, MUSB_TXCSR);
94 	while (csr & MUSB_TXCSR_FIFONOTEMPTY) {
95 		csr |= MUSB_TXCSR_FLUSHFIFO | MUSB_TXCSR_TXPKTRDY;
96 		musb_writew(epio, MUSB_TXCSR, csr);
97 		csr = musb_readw(epio, MUSB_TXCSR);
98 
99 		/*
100 		 * FIXME: sometimes the tx fifo flush failed, it has been
101 		 * observed during device disconnect on AM335x.
102 		 *
103 		 * To reproduce the issue, ensure tx urb(s) are queued when
104 		 * unplug the usb device which is connected to AM335x usb
105 		 * host port.
106 		 *
107 		 * I found using a usb-ethernet device and running iperf
108 		 * (client on AM335x) has very high chance to trigger it.
109 		 *
110 		 * Better to turn on musb_dbg() in musb_cleanup_urb() with
111 		 * CPPI enabled to see the issue when aborting the tx channel.
112 		 */
113 		if (dev_WARN_ONCE(musb->controller, retries-- < 1,
114 				"Could not flush host TX%d fifo: csr: %04x\n",
115 				ep->epnum, csr))
116 			return;
117 		mdelay(1);
118 	}
119 }
120 
121 static void musb_h_ep0_flush_fifo(struct musb_hw_ep *ep)
122 {
123 	void __iomem	*epio = ep->regs;
124 	u16		csr;
125 	int		retries = 5;
126 
127 	/* scrub any data left in the fifo */
128 	do {
129 		csr = musb_readw(epio, MUSB_TXCSR);
130 		if (!(csr & (MUSB_CSR0_TXPKTRDY | MUSB_CSR0_RXPKTRDY)))
131 			break;
132 		musb_writew(epio, MUSB_TXCSR, MUSB_CSR0_FLUSHFIFO);
133 		csr = musb_readw(epio, MUSB_TXCSR);
134 		udelay(10);
135 	} while (--retries);
136 
137 	WARN(!retries, "Could not flush host TX%d fifo: csr: %04x\n",
138 			ep->epnum, csr);
139 
140 	/* and reset for the next transfer */
141 	musb_writew(epio, MUSB_TXCSR, 0);
142 }
143 
144 /*
145  * Start transmit. Caller is responsible for locking shared resources.
146  * musb must be locked.
147  */
148 static inline void musb_h_tx_start(struct musb_hw_ep *ep)
149 {
150 	u16	txcsr;
151 
152 	/* NOTE: no locks here; caller should lock and select EP */
153 	if (ep->epnum) {
154 		txcsr = musb_readw(ep->regs, MUSB_TXCSR);
155 		txcsr |= MUSB_TXCSR_TXPKTRDY | MUSB_TXCSR_H_WZC_BITS;
156 		musb_writew(ep->regs, MUSB_TXCSR, txcsr);
157 	} else {
158 		txcsr = MUSB_CSR0_H_SETUPPKT | MUSB_CSR0_TXPKTRDY;
159 		musb_writew(ep->regs, MUSB_CSR0, txcsr);
160 	}
161 
162 }
163 
164 static inline void musb_h_tx_dma_start(struct musb_hw_ep *ep)
165 {
166 	u16	txcsr;
167 
168 	/* NOTE: no locks here; caller should lock and select EP */
169 	txcsr = musb_readw(ep->regs, MUSB_TXCSR);
170 	txcsr |= MUSB_TXCSR_DMAENAB | MUSB_TXCSR_H_WZC_BITS;
171 	if (is_cppi_enabled(ep->musb))
172 		txcsr |= MUSB_TXCSR_DMAMODE;
173 	musb_writew(ep->regs, MUSB_TXCSR, txcsr);
174 }
175 
176 static void musb_ep_set_qh(struct musb_hw_ep *ep, int is_in, struct musb_qh *qh)
177 {
178 	if (is_in != 0 || ep->is_shared_fifo)
179 		ep->in_qh  = qh;
180 	if (is_in == 0 || ep->is_shared_fifo)
181 		ep->out_qh = qh;
182 }
183 
184 static struct musb_qh *musb_ep_get_qh(struct musb_hw_ep *ep, int is_in)
185 {
186 	return is_in ? ep->in_qh : ep->out_qh;
187 }
188 
189 /*
190  * Start the URB at the front of an endpoint's queue
191  * end must be claimed from the caller.
192  *
193  * Context: controller locked, irqs blocked
194  */
195 static void
196 musb_start_urb(struct musb *musb, int is_in, struct musb_qh *qh)
197 {
198 	u16			frame;
199 	u32			len;
200 	void __iomem		*mbase =  musb->mregs;
201 	struct urb		*urb = next_urb(qh);
202 	void			*buf = urb->transfer_buffer;
203 	u32			offset = 0;
204 	struct musb_hw_ep	*hw_ep = qh->hw_ep;
205 	int			epnum = hw_ep->epnum;
206 
207 	/* initialize software qh state */
208 	qh->offset = 0;
209 	qh->segsize = 0;
210 
211 	/* gather right source of data */
212 	switch (qh->type) {
213 	case USB_ENDPOINT_XFER_CONTROL:
214 		/* control transfers always start with SETUP */
215 		is_in = 0;
216 		musb->ep0_stage = MUSB_EP0_START;
217 		buf = urb->setup_packet;
218 		len = 8;
219 		break;
220 	case USB_ENDPOINT_XFER_ISOC:
221 		qh->iso_idx = 0;
222 		qh->frame = 0;
223 		offset = urb->iso_frame_desc[0].offset;
224 		len = urb->iso_frame_desc[0].length;
225 		break;
226 	default:		/* bulk, interrupt */
227 		/* actual_length may be nonzero on retry paths */
228 		buf = urb->transfer_buffer + urb->actual_length;
229 		len = urb->transfer_buffer_length - urb->actual_length;
230 	}
231 
232 	trace_musb_urb_start(musb, urb);
233 
234 	/* Configure endpoint */
235 	musb_ep_set_qh(hw_ep, is_in, qh);
236 	musb_ep_program(musb, epnum, urb, !is_in, buf, offset, len);
237 
238 	/* transmit may have more work: start it when it is time */
239 	if (is_in)
240 		return;
241 
242 	/* determine if the time is right for a periodic transfer */
243 	switch (qh->type) {
244 	case USB_ENDPOINT_XFER_ISOC:
245 	case USB_ENDPOINT_XFER_INT:
246 		musb_dbg(musb, "check whether there's still time for periodic Tx");
247 		frame = musb_readw(mbase, MUSB_FRAME);
248 		/* FIXME this doesn't implement that scheduling policy ...
249 		 * or handle framecounter wrapping
250 		 */
251 		if (1) {	/* Always assume URB_ISO_ASAP */
252 			/* REVISIT the SOF irq handler shouldn't duplicate
253 			 * this code; and we don't init urb->start_frame...
254 			 */
255 			qh->frame = 0;
256 			goto start;
257 		} else {
258 			qh->frame = urb->start_frame;
259 			/* enable SOF interrupt so we can count down */
260 			musb_dbg(musb, "SOF for %d", epnum);
261 #if 1 /* ifndef	CONFIG_ARCH_DAVINCI */
262 			musb_writeb(mbase, MUSB_INTRUSBE, 0xff);
263 #endif
264 		}
265 		break;
266 	default:
267 start:
268 		musb_dbg(musb, "Start TX%d %s", epnum,
269 			hw_ep->tx_channel ? "dma" : "pio");
270 
271 		if (!hw_ep->tx_channel)
272 			musb_h_tx_start(hw_ep);
273 		else if (is_cppi_enabled(musb) || tusb_dma_omap(musb))
274 			musb_h_tx_dma_start(hw_ep);
275 	}
276 }
277 
278 /* Context: caller owns controller lock, IRQs are blocked */
279 static void musb_giveback(struct musb *musb, struct urb *urb, int status)
280 __releases(musb->lock)
281 __acquires(musb->lock)
282 {
283 	trace_musb_urb_gb(musb, urb);
284 
285 	usb_hcd_unlink_urb_from_ep(musb->hcd, urb);
286 	spin_unlock(&musb->lock);
287 	usb_hcd_giveback_urb(musb->hcd, urb, status);
288 	spin_lock(&musb->lock);
289 }
290 
291 /* For bulk/interrupt endpoints only */
292 static inline void musb_save_toggle(struct musb_qh *qh, int is_in,
293 				    struct urb *urb)
294 {
295 	void __iomem		*epio = qh->hw_ep->regs;
296 	u16			csr;
297 
298 	/*
299 	 * FIXME: the current Mentor DMA code seems to have
300 	 * problems getting toggle correct.
301 	 */
302 
303 	if (is_in)
304 		csr = musb_readw(epio, MUSB_RXCSR) & MUSB_RXCSR_H_DATATOGGLE;
305 	else
306 		csr = musb_readw(epio, MUSB_TXCSR) & MUSB_TXCSR_H_DATATOGGLE;
307 
308 	usb_settoggle(urb->dev, qh->epnum, !is_in, csr ? 1 : 0);
309 }
310 
311 /*
312  * Advance this hardware endpoint's queue, completing the specified URB and
313  * advancing to either the next URB queued to that qh, or else invalidating
314  * that qh and advancing to the next qh scheduled after the current one.
315  *
316  * Context: caller owns controller lock, IRQs are blocked
317  */
318 static void musb_advance_schedule(struct musb *musb, struct urb *urb,
319 				  struct musb_hw_ep *hw_ep, int is_in)
320 {
321 	struct musb_qh		*qh = musb_ep_get_qh(hw_ep, is_in);
322 	struct musb_hw_ep	*ep = qh->hw_ep;
323 	int			ready = qh->is_ready;
324 	int			status;
325 
326 	status = (urb->status == -EINPROGRESS) ? 0 : urb->status;
327 
328 	/* save toggle eagerly, for paranoia */
329 	switch (qh->type) {
330 	case USB_ENDPOINT_XFER_BULK:
331 	case USB_ENDPOINT_XFER_INT:
332 		musb_save_toggle(qh, is_in, urb);
333 		break;
334 	case USB_ENDPOINT_XFER_ISOC:
335 		if (status == 0 && urb->error_count)
336 			status = -EXDEV;
337 		break;
338 	}
339 
340 	qh->is_ready = 0;
341 	musb_giveback(musb, urb, status);
342 	qh->is_ready = ready;
343 
344 	/* reclaim resources (and bandwidth) ASAP; deschedule it, and
345 	 * invalidate qh as soon as list_empty(&hep->urb_list)
346 	 */
347 	if (list_empty(&qh->hep->urb_list)) {
348 		struct list_head	*head;
349 		struct dma_controller	*dma = musb->dma_controller;
350 
351 		if (is_in) {
352 			ep->rx_reinit = 1;
353 			if (ep->rx_channel) {
354 				dma->channel_release(ep->rx_channel);
355 				ep->rx_channel = NULL;
356 			}
357 		} else {
358 			ep->tx_reinit = 1;
359 			if (ep->tx_channel) {
360 				dma->channel_release(ep->tx_channel);
361 				ep->tx_channel = NULL;
362 			}
363 		}
364 
365 		/* Clobber old pointers to this qh */
366 		musb_ep_set_qh(ep, is_in, NULL);
367 		qh->hep->hcpriv = NULL;
368 
369 		switch (qh->type) {
370 
371 		case USB_ENDPOINT_XFER_CONTROL:
372 		case USB_ENDPOINT_XFER_BULK:
373 			/* fifo policy for these lists, except that NAKing
374 			 * should rotate a qh to the end (for fairness).
375 			 */
376 			if (qh->mux == 1) {
377 				head = qh->ring.prev;
378 				list_del(&qh->ring);
379 				kfree(qh);
380 				qh = first_qh(head);
381 				break;
382 			}
383 
384 		case USB_ENDPOINT_XFER_ISOC:
385 		case USB_ENDPOINT_XFER_INT:
386 			/* this is where periodic bandwidth should be
387 			 * de-allocated if it's tracked and allocated;
388 			 * and where we'd update the schedule tree...
389 			 */
390 			kfree(qh);
391 			qh = NULL;
392 			break;
393 		}
394 	}
395 
396 	/*
397 	 * The pipe must be broken if current urb->status is set, so don't
398 	 * start next urb.
399 	 * TODO: to minimize the risk of regression, only check urb->status
400 	 * for RX, until we have a test case to understand the behavior of TX.
401 	 */
402 	if ((!status || !is_in) && qh && qh->is_ready) {
403 		musb_dbg(musb, "... next ep%d %cX urb %p",
404 		    hw_ep->epnum, is_in ? 'R' : 'T', next_urb(qh));
405 		musb_start_urb(musb, is_in, qh);
406 	}
407 }
408 
409 static u16 musb_h_flush_rxfifo(struct musb_hw_ep *hw_ep, u16 csr)
410 {
411 	/* we don't want fifo to fill itself again;
412 	 * ignore dma (various models),
413 	 * leave toggle alone (may not have been saved yet)
414 	 */
415 	csr |= MUSB_RXCSR_FLUSHFIFO | MUSB_RXCSR_RXPKTRDY;
416 	csr &= ~(MUSB_RXCSR_H_REQPKT
417 		| MUSB_RXCSR_H_AUTOREQ
418 		| MUSB_RXCSR_AUTOCLEAR);
419 
420 	/* write 2x to allow double buffering */
421 	musb_writew(hw_ep->regs, MUSB_RXCSR, csr);
422 	musb_writew(hw_ep->regs, MUSB_RXCSR, csr);
423 
424 	/* flush writebuffer */
425 	return musb_readw(hw_ep->regs, MUSB_RXCSR);
426 }
427 
428 /*
429  * PIO RX for a packet (or part of it).
430  */
431 static bool
432 musb_host_packet_rx(struct musb *musb, struct urb *urb, u8 epnum, u8 iso_err)
433 {
434 	u16			rx_count;
435 	u8			*buf;
436 	u16			csr;
437 	bool			done = false;
438 	u32			length;
439 	int			do_flush = 0;
440 	struct musb_hw_ep	*hw_ep = musb->endpoints + epnum;
441 	void __iomem		*epio = hw_ep->regs;
442 	struct musb_qh		*qh = hw_ep->in_qh;
443 	int			pipe = urb->pipe;
444 	void			*buffer = urb->transfer_buffer;
445 
446 	/* musb_ep_select(mbase, epnum); */
447 	rx_count = musb_readw(epio, MUSB_RXCOUNT);
448 	musb_dbg(musb, "RX%d count %d, buffer %p len %d/%d", epnum, rx_count,
449 			urb->transfer_buffer, qh->offset,
450 			urb->transfer_buffer_length);
451 
452 	/* unload FIFO */
453 	if (usb_pipeisoc(pipe)) {
454 		int					status = 0;
455 		struct usb_iso_packet_descriptor	*d;
456 
457 		if (iso_err) {
458 			status = -EILSEQ;
459 			urb->error_count++;
460 		}
461 
462 		d = urb->iso_frame_desc + qh->iso_idx;
463 		buf = buffer + d->offset;
464 		length = d->length;
465 		if (rx_count > length) {
466 			if (status == 0) {
467 				status = -EOVERFLOW;
468 				urb->error_count++;
469 			}
470 			musb_dbg(musb, "OVERFLOW %d into %d", rx_count, length);
471 			do_flush = 1;
472 		} else
473 			length = rx_count;
474 		urb->actual_length += length;
475 		d->actual_length = length;
476 
477 		d->status = status;
478 
479 		/* see if we are done */
480 		done = (++qh->iso_idx >= urb->number_of_packets);
481 	} else {
482 		/* non-isoch */
483 		buf = buffer + qh->offset;
484 		length = urb->transfer_buffer_length - qh->offset;
485 		if (rx_count > length) {
486 			if (urb->status == -EINPROGRESS)
487 				urb->status = -EOVERFLOW;
488 			musb_dbg(musb, "OVERFLOW %d into %d", rx_count, length);
489 			do_flush = 1;
490 		} else
491 			length = rx_count;
492 		urb->actual_length += length;
493 		qh->offset += length;
494 
495 		/* see if we are done */
496 		done = (urb->actual_length == urb->transfer_buffer_length)
497 			|| (rx_count < qh->maxpacket)
498 			|| (urb->status != -EINPROGRESS);
499 		if (done
500 				&& (urb->status == -EINPROGRESS)
501 				&& (urb->transfer_flags & URB_SHORT_NOT_OK)
502 				&& (urb->actual_length
503 					< urb->transfer_buffer_length))
504 			urb->status = -EREMOTEIO;
505 	}
506 
507 	musb_read_fifo(hw_ep, length, buf);
508 
509 	csr = musb_readw(epio, MUSB_RXCSR);
510 	csr |= MUSB_RXCSR_H_WZC_BITS;
511 	if (unlikely(do_flush))
512 		musb_h_flush_rxfifo(hw_ep, csr);
513 	else {
514 		/* REVISIT this assumes AUTOCLEAR is never set */
515 		csr &= ~(MUSB_RXCSR_RXPKTRDY | MUSB_RXCSR_H_REQPKT);
516 		if (!done)
517 			csr |= MUSB_RXCSR_H_REQPKT;
518 		musb_writew(epio, MUSB_RXCSR, csr);
519 	}
520 
521 	return done;
522 }
523 
524 /* we don't always need to reinit a given side of an endpoint...
525  * when we do, use tx/rx reinit routine and then construct a new CSR
526  * to address data toggle, NYET, and DMA or PIO.
527  *
528  * it's possible that driver bugs (especially for DMA) or aborting a
529  * transfer might have left the endpoint busier than it should be.
530  * the busy/not-empty tests are basically paranoia.
531  */
532 static void
533 musb_rx_reinit(struct musb *musb, struct musb_qh *qh, u8 epnum)
534 {
535 	struct musb_hw_ep *ep = musb->endpoints + epnum;
536 	u16	csr;
537 
538 	/* NOTE:  we know the "rx" fifo reinit never triggers for ep0.
539 	 * That always uses tx_reinit since ep0 repurposes TX register
540 	 * offsets; the initial SETUP packet is also a kind of OUT.
541 	 */
542 
543 	/* if programmed for Tx, put it in RX mode */
544 	if (ep->is_shared_fifo) {
545 		csr = musb_readw(ep->regs, MUSB_TXCSR);
546 		if (csr & MUSB_TXCSR_MODE) {
547 			musb_h_tx_flush_fifo(ep);
548 			csr = musb_readw(ep->regs, MUSB_TXCSR);
549 			musb_writew(ep->regs, MUSB_TXCSR,
550 				    csr | MUSB_TXCSR_FRCDATATOG);
551 		}
552 
553 		/*
554 		 * Clear the MODE bit (and everything else) to enable Rx.
555 		 * NOTE: we mustn't clear the DMAMODE bit before DMAENAB.
556 		 */
557 		if (csr & MUSB_TXCSR_DMAMODE)
558 			musb_writew(ep->regs, MUSB_TXCSR, MUSB_TXCSR_DMAMODE);
559 		musb_writew(ep->regs, MUSB_TXCSR, 0);
560 
561 	/* scrub all previous state, clearing toggle */
562 	}
563 	csr = musb_readw(ep->regs, MUSB_RXCSR);
564 	if (csr & MUSB_RXCSR_RXPKTRDY)
565 		WARNING("rx%d, packet/%d ready?\n", ep->epnum,
566 			musb_readw(ep->regs, MUSB_RXCOUNT));
567 
568 	musb_h_flush_rxfifo(ep, MUSB_RXCSR_CLRDATATOG);
569 
570 	/* target addr and (for multipoint) hub addr/port */
571 	if (musb->is_multipoint) {
572 		musb_write_rxfunaddr(musb, epnum, qh->addr_reg);
573 		musb_write_rxhubaddr(musb, epnum, qh->h_addr_reg);
574 		musb_write_rxhubport(musb, epnum, qh->h_port_reg);
575 	} else
576 		musb_writeb(musb->mregs, MUSB_FADDR, qh->addr_reg);
577 
578 	/* protocol/endpoint, interval/NAKlimit, i/o size */
579 	musb_writeb(ep->regs, MUSB_RXTYPE, qh->type_reg);
580 	musb_writeb(ep->regs, MUSB_RXINTERVAL, qh->intv_reg);
581 	/* NOTE: bulk combining rewrites high bits of maxpacket */
582 	/* Set RXMAXP with the FIFO size of the endpoint
583 	 * to disable double buffer mode.
584 	 */
585 	if (musb->double_buffer_not_ok)
586 		musb_writew(ep->regs, MUSB_RXMAXP, ep->max_packet_sz_rx);
587 	else
588 		musb_writew(ep->regs, MUSB_RXMAXP,
589 				qh->maxpacket | ((qh->hb_mult - 1) << 11));
590 
591 	ep->rx_reinit = 0;
592 }
593 
594 static void musb_tx_dma_set_mode_mentor(struct dma_controller *dma,
595 		struct musb_hw_ep *hw_ep, struct musb_qh *qh,
596 		struct urb *urb, u32 offset,
597 		u32 *length, u8 *mode)
598 {
599 	struct dma_channel	*channel = hw_ep->tx_channel;
600 	void __iomem		*epio = hw_ep->regs;
601 	u16			pkt_size = qh->maxpacket;
602 	u16			csr;
603 
604 	if (*length > channel->max_len)
605 		*length = channel->max_len;
606 
607 	csr = musb_readw(epio, MUSB_TXCSR);
608 	if (*length > pkt_size) {
609 		*mode = 1;
610 		csr |= MUSB_TXCSR_DMAMODE | MUSB_TXCSR_DMAENAB;
611 		/* autoset shouldn't be set in high bandwidth */
612 		/*
613 		 * Enable Autoset according to table
614 		 * below
615 		 * bulk_split hb_mult	Autoset_Enable
616 		 *	0	1	Yes(Normal)
617 		 *	0	>1	No(High BW ISO)
618 		 *	1	1	Yes(HS bulk)
619 		 *	1	>1	Yes(FS bulk)
620 		 */
621 		if (qh->hb_mult == 1 || (qh->hb_mult > 1 &&
622 					can_bulk_split(hw_ep->musb, qh->type)))
623 			csr |= MUSB_TXCSR_AUTOSET;
624 	} else {
625 		*mode = 0;
626 		csr &= ~(MUSB_TXCSR_AUTOSET | MUSB_TXCSR_DMAMODE);
627 		csr |= MUSB_TXCSR_DMAENAB; /* against programmer's guide */
628 	}
629 	channel->desired_mode = *mode;
630 	musb_writew(epio, MUSB_TXCSR, csr);
631 }
632 
633 static void musb_tx_dma_set_mode_cppi_tusb(struct dma_controller *dma,
634 					   struct musb_hw_ep *hw_ep,
635 					   struct musb_qh *qh,
636 					   struct urb *urb,
637 					   u32 offset,
638 					   u32 *length,
639 					   u8 *mode)
640 {
641 	struct dma_channel *channel = hw_ep->tx_channel;
642 
643 	channel->actual_len = 0;
644 
645 	/*
646 	 * TX uses "RNDIS" mode automatically but needs help
647 	 * to identify the zero-length-final-packet case.
648 	 */
649 	*mode = (urb->transfer_flags & URB_ZERO_PACKET) ? 1 : 0;
650 }
651 
652 static bool musb_tx_dma_program(struct dma_controller *dma,
653 		struct musb_hw_ep *hw_ep, struct musb_qh *qh,
654 		struct urb *urb, u32 offset, u32 length)
655 {
656 	struct dma_channel	*channel = hw_ep->tx_channel;
657 	u16			pkt_size = qh->maxpacket;
658 	u8			mode;
659 
660 	if (musb_dma_inventra(hw_ep->musb) || musb_dma_ux500(hw_ep->musb))
661 		musb_tx_dma_set_mode_mentor(dma, hw_ep, qh, urb, offset,
662 					    &length, &mode);
663 	else if (is_cppi_enabled(hw_ep->musb) || tusb_dma_omap(hw_ep->musb))
664 		musb_tx_dma_set_mode_cppi_tusb(dma, hw_ep, qh, urb, offset,
665 					       &length, &mode);
666 	else
667 		return false;
668 
669 	qh->segsize = length;
670 
671 	/*
672 	 * Ensure the data reaches to main memory before starting
673 	 * DMA transfer
674 	 */
675 	wmb();
676 
677 	if (!dma->channel_program(channel, pkt_size, mode,
678 			urb->transfer_dma + offset, length)) {
679 		void __iomem *epio = hw_ep->regs;
680 		u16 csr;
681 
682 		dma->channel_release(channel);
683 		hw_ep->tx_channel = NULL;
684 
685 		csr = musb_readw(epio, MUSB_TXCSR);
686 		csr &= ~(MUSB_TXCSR_AUTOSET | MUSB_TXCSR_DMAENAB);
687 		musb_writew(epio, MUSB_TXCSR, csr | MUSB_TXCSR_H_WZC_BITS);
688 		return false;
689 	}
690 	return true;
691 }
692 
693 /*
694  * Program an HDRC endpoint as per the given URB
695  * Context: irqs blocked, controller lock held
696  */
697 static void musb_ep_program(struct musb *musb, u8 epnum,
698 			struct urb *urb, int is_out,
699 			u8 *buf, u32 offset, u32 len)
700 {
701 	struct dma_controller	*dma_controller;
702 	struct dma_channel	*dma_channel;
703 	u8			dma_ok;
704 	void __iomem		*mbase = musb->mregs;
705 	struct musb_hw_ep	*hw_ep = musb->endpoints + epnum;
706 	void __iomem		*epio = hw_ep->regs;
707 	struct musb_qh		*qh = musb_ep_get_qh(hw_ep, !is_out);
708 	u16			packet_sz = qh->maxpacket;
709 	u8			use_dma = 1;
710 	u16			csr;
711 
712 	musb_dbg(musb, "%s hw%d urb %p spd%d dev%d ep%d%s "
713 				"h_addr%02x h_port%02x bytes %d",
714 			is_out ? "-->" : "<--",
715 			epnum, urb, urb->dev->speed,
716 			qh->addr_reg, qh->epnum, is_out ? "out" : "in",
717 			qh->h_addr_reg, qh->h_port_reg,
718 			len);
719 
720 	musb_ep_select(mbase, epnum);
721 
722 	if (is_out && !len) {
723 		use_dma = 0;
724 		csr = musb_readw(epio, MUSB_TXCSR);
725 		csr &= ~MUSB_TXCSR_DMAENAB;
726 		musb_writew(epio, MUSB_TXCSR, csr);
727 		hw_ep->tx_channel = NULL;
728 	}
729 
730 	/* candidate for DMA? */
731 	dma_controller = musb->dma_controller;
732 	if (use_dma && is_dma_capable() && epnum && dma_controller) {
733 		dma_channel = is_out ? hw_ep->tx_channel : hw_ep->rx_channel;
734 		if (!dma_channel) {
735 			dma_channel = dma_controller->channel_alloc(
736 					dma_controller, hw_ep, is_out);
737 			if (is_out)
738 				hw_ep->tx_channel = dma_channel;
739 			else
740 				hw_ep->rx_channel = dma_channel;
741 		}
742 	} else
743 		dma_channel = NULL;
744 
745 	/* make sure we clear DMAEnab, autoSet bits from previous run */
746 
747 	/* OUT/transmit/EP0 or IN/receive? */
748 	if (is_out) {
749 		u16	csr;
750 		u16	int_txe;
751 		u16	load_count;
752 
753 		csr = musb_readw(epio, MUSB_TXCSR);
754 
755 		/* disable interrupt in case we flush */
756 		int_txe = musb->intrtxe;
757 		musb_writew(mbase, MUSB_INTRTXE, int_txe & ~(1 << epnum));
758 
759 		/* general endpoint setup */
760 		if (epnum) {
761 			/* flush all old state, set default */
762 			/*
763 			 * We could be flushing valid
764 			 * packets in double buffering
765 			 * case
766 			 */
767 			if (!hw_ep->tx_double_buffered)
768 				musb_h_tx_flush_fifo(hw_ep);
769 
770 			/*
771 			 * We must not clear the DMAMODE bit before or in
772 			 * the same cycle with the DMAENAB bit, so we clear
773 			 * the latter first...
774 			 */
775 			csr &= ~(MUSB_TXCSR_H_NAKTIMEOUT
776 					| MUSB_TXCSR_AUTOSET
777 					| MUSB_TXCSR_DMAENAB
778 					| MUSB_TXCSR_FRCDATATOG
779 					| MUSB_TXCSR_H_RXSTALL
780 					| MUSB_TXCSR_H_ERROR
781 					| MUSB_TXCSR_TXPKTRDY
782 					);
783 			csr |= MUSB_TXCSR_MODE;
784 
785 			if (!hw_ep->tx_double_buffered) {
786 				if (usb_gettoggle(urb->dev, qh->epnum, 1))
787 					csr |= MUSB_TXCSR_H_WR_DATATOGGLE
788 						| MUSB_TXCSR_H_DATATOGGLE;
789 				else
790 					csr |= MUSB_TXCSR_CLRDATATOG;
791 			}
792 
793 			musb_writew(epio, MUSB_TXCSR, csr);
794 			/* REVISIT may need to clear FLUSHFIFO ... */
795 			csr &= ~MUSB_TXCSR_DMAMODE;
796 			musb_writew(epio, MUSB_TXCSR, csr);
797 			csr = musb_readw(epio, MUSB_TXCSR);
798 		} else {
799 			/* endpoint 0: just flush */
800 			musb_h_ep0_flush_fifo(hw_ep);
801 		}
802 
803 		/* target addr and (for multipoint) hub addr/port */
804 		if (musb->is_multipoint) {
805 			musb_write_txfunaddr(musb, epnum, qh->addr_reg);
806 			musb_write_txhubaddr(musb, epnum, qh->h_addr_reg);
807 			musb_write_txhubport(musb, epnum, qh->h_port_reg);
808 /* FIXME if !epnum, do the same for RX ... */
809 		} else
810 			musb_writeb(mbase, MUSB_FADDR, qh->addr_reg);
811 
812 		/* protocol/endpoint/interval/NAKlimit */
813 		if (epnum) {
814 			musb_writeb(epio, MUSB_TXTYPE, qh->type_reg);
815 			if (musb->double_buffer_not_ok) {
816 				musb_writew(epio, MUSB_TXMAXP,
817 						hw_ep->max_packet_sz_tx);
818 			} else if (can_bulk_split(musb, qh->type)) {
819 				qh->hb_mult = hw_ep->max_packet_sz_tx
820 						/ packet_sz;
821 				musb_writew(epio, MUSB_TXMAXP, packet_sz
822 					| ((qh->hb_mult) - 1) << 11);
823 			} else {
824 				musb_writew(epio, MUSB_TXMAXP,
825 						qh->maxpacket |
826 						((qh->hb_mult - 1) << 11));
827 			}
828 			musb_writeb(epio, MUSB_TXINTERVAL, qh->intv_reg);
829 		} else {
830 			musb_writeb(epio, MUSB_NAKLIMIT0, qh->intv_reg);
831 			if (musb->is_multipoint)
832 				musb_writeb(epio, MUSB_TYPE0,
833 						qh->type_reg);
834 		}
835 
836 		if (can_bulk_split(musb, qh->type))
837 			load_count = min((u32) hw_ep->max_packet_sz_tx,
838 						len);
839 		else
840 			load_count = min((u32) packet_sz, len);
841 
842 		if (dma_channel && musb_tx_dma_program(dma_controller,
843 					hw_ep, qh, urb, offset, len))
844 			load_count = 0;
845 
846 		if (load_count) {
847 			/* PIO to load FIFO */
848 			qh->segsize = load_count;
849 			if (!buf) {
850 				sg_miter_start(&qh->sg_miter, urb->sg, 1,
851 						SG_MITER_ATOMIC
852 						| SG_MITER_FROM_SG);
853 				if (!sg_miter_next(&qh->sg_miter)) {
854 					dev_err(musb->controller,
855 							"error: sg"
856 							"list empty\n");
857 					sg_miter_stop(&qh->sg_miter);
858 					goto finish;
859 				}
860 				buf = qh->sg_miter.addr + urb->sg->offset +
861 					urb->actual_length;
862 				load_count = min_t(u32, load_count,
863 						qh->sg_miter.length);
864 				musb_write_fifo(hw_ep, load_count, buf);
865 				qh->sg_miter.consumed = load_count;
866 				sg_miter_stop(&qh->sg_miter);
867 			} else
868 				musb_write_fifo(hw_ep, load_count, buf);
869 		}
870 finish:
871 		/* re-enable interrupt */
872 		musb_writew(mbase, MUSB_INTRTXE, int_txe);
873 
874 	/* IN/receive */
875 	} else {
876 		u16	csr;
877 
878 		if (hw_ep->rx_reinit) {
879 			musb_rx_reinit(musb, qh, epnum);
880 
881 			/* init new state: toggle and NYET, maybe DMA later */
882 			if (usb_gettoggle(urb->dev, qh->epnum, 0))
883 				csr = MUSB_RXCSR_H_WR_DATATOGGLE
884 					| MUSB_RXCSR_H_DATATOGGLE;
885 			else
886 				csr = 0;
887 			if (qh->type == USB_ENDPOINT_XFER_INT)
888 				csr |= MUSB_RXCSR_DISNYET;
889 
890 		} else {
891 			csr = musb_readw(hw_ep->regs, MUSB_RXCSR);
892 
893 			if (csr & (MUSB_RXCSR_RXPKTRDY
894 					| MUSB_RXCSR_DMAENAB
895 					| MUSB_RXCSR_H_REQPKT))
896 				ERR("broken !rx_reinit, ep%d csr %04x\n",
897 						hw_ep->epnum, csr);
898 
899 			/* scrub any stale state, leaving toggle alone */
900 			csr &= MUSB_RXCSR_DISNYET;
901 		}
902 
903 		/* kick things off */
904 
905 		if ((is_cppi_enabled(musb) || tusb_dma_omap(musb)) && dma_channel) {
906 			/* Candidate for DMA */
907 			dma_channel->actual_len = 0L;
908 			qh->segsize = len;
909 
910 			/* AUTOREQ is in a DMA register */
911 			musb_writew(hw_ep->regs, MUSB_RXCSR, csr);
912 			csr = musb_readw(hw_ep->regs, MUSB_RXCSR);
913 
914 			/*
915 			 * Unless caller treats short RX transfers as
916 			 * errors, we dare not queue multiple transfers.
917 			 */
918 			dma_ok = dma_controller->channel_program(dma_channel,
919 					packet_sz, !(urb->transfer_flags &
920 						     URB_SHORT_NOT_OK),
921 					urb->transfer_dma + offset,
922 					qh->segsize);
923 			if (!dma_ok) {
924 				dma_controller->channel_release(dma_channel);
925 				hw_ep->rx_channel = dma_channel = NULL;
926 			} else
927 				csr |= MUSB_RXCSR_DMAENAB;
928 		}
929 
930 		csr |= MUSB_RXCSR_H_REQPKT;
931 		musb_dbg(musb, "RXCSR%d := %04x", epnum, csr);
932 		musb_writew(hw_ep->regs, MUSB_RXCSR, csr);
933 		csr = musb_readw(hw_ep->regs, MUSB_RXCSR);
934 	}
935 }
936 
937 /* Schedule next QH from musb->in_bulk/out_bulk and move the current qh to
938  * the end; avoids starvation for other endpoints.
939  */
940 static void musb_bulk_nak_timeout(struct musb *musb, struct musb_hw_ep *ep,
941 	int is_in)
942 {
943 	struct dma_channel	*dma;
944 	struct urb		*urb;
945 	void __iomem		*mbase = musb->mregs;
946 	void __iomem		*epio = ep->regs;
947 	struct musb_qh		*cur_qh, *next_qh;
948 	u16			rx_csr, tx_csr;
949 
950 	musb_ep_select(mbase, ep->epnum);
951 	if (is_in) {
952 		dma = is_dma_capable() ? ep->rx_channel : NULL;
953 
954 		/*
955 		 * Need to stop the transaction by clearing REQPKT first
956 		 * then the NAK Timeout bit ref MUSBMHDRC USB 2.0 HIGH-SPEED
957 		 * DUAL-ROLE CONTROLLER Programmer's Guide, section 9.2.2
958 		 */
959 		rx_csr = musb_readw(epio, MUSB_RXCSR);
960 		rx_csr |= MUSB_RXCSR_H_WZC_BITS;
961 		rx_csr &= ~MUSB_RXCSR_H_REQPKT;
962 		musb_writew(epio, MUSB_RXCSR, rx_csr);
963 		rx_csr &= ~MUSB_RXCSR_DATAERROR;
964 		musb_writew(epio, MUSB_RXCSR, rx_csr);
965 
966 		cur_qh = first_qh(&musb->in_bulk);
967 	} else {
968 		dma = is_dma_capable() ? ep->tx_channel : NULL;
969 
970 		/* clear nak timeout bit */
971 		tx_csr = musb_readw(epio, MUSB_TXCSR);
972 		tx_csr |= MUSB_TXCSR_H_WZC_BITS;
973 		tx_csr &= ~MUSB_TXCSR_H_NAKTIMEOUT;
974 		musb_writew(epio, MUSB_TXCSR, tx_csr);
975 
976 		cur_qh = first_qh(&musb->out_bulk);
977 	}
978 	if (cur_qh) {
979 		urb = next_urb(cur_qh);
980 		if (dma_channel_status(dma) == MUSB_DMA_STATUS_BUSY) {
981 			dma->status = MUSB_DMA_STATUS_CORE_ABORT;
982 			musb->dma_controller->channel_abort(dma);
983 			urb->actual_length += dma->actual_len;
984 			dma->actual_len = 0L;
985 		}
986 		musb_save_toggle(cur_qh, is_in, urb);
987 
988 		if (is_in) {
989 			/* move cur_qh to end of queue */
990 			list_move_tail(&cur_qh->ring, &musb->in_bulk);
991 
992 			/* get the next qh from musb->in_bulk */
993 			next_qh = first_qh(&musb->in_bulk);
994 
995 			/* set rx_reinit and schedule the next qh */
996 			ep->rx_reinit = 1;
997 		} else {
998 			/* move cur_qh to end of queue */
999 			list_move_tail(&cur_qh->ring, &musb->out_bulk);
1000 
1001 			/* get the next qh from musb->out_bulk */
1002 			next_qh = first_qh(&musb->out_bulk);
1003 
1004 			/* set tx_reinit and schedule the next qh */
1005 			ep->tx_reinit = 1;
1006 		}
1007 		musb_start_urb(musb, is_in, next_qh);
1008 	}
1009 }
1010 
1011 /*
1012  * Service the default endpoint (ep0) as host.
1013  * Return true until it's time to start the status stage.
1014  */
1015 static bool musb_h_ep0_continue(struct musb *musb, u16 len, struct urb *urb)
1016 {
1017 	bool			 more = false;
1018 	u8			*fifo_dest = NULL;
1019 	u16			fifo_count = 0;
1020 	struct musb_hw_ep	*hw_ep = musb->control_ep;
1021 	struct musb_qh		*qh = hw_ep->in_qh;
1022 	struct usb_ctrlrequest	*request;
1023 
1024 	switch (musb->ep0_stage) {
1025 	case MUSB_EP0_IN:
1026 		fifo_dest = urb->transfer_buffer + urb->actual_length;
1027 		fifo_count = min_t(size_t, len, urb->transfer_buffer_length -
1028 				   urb->actual_length);
1029 		if (fifo_count < len)
1030 			urb->status = -EOVERFLOW;
1031 
1032 		musb_read_fifo(hw_ep, fifo_count, fifo_dest);
1033 
1034 		urb->actual_length += fifo_count;
1035 		if (len < qh->maxpacket) {
1036 			/* always terminate on short read; it's
1037 			 * rarely reported as an error.
1038 			 */
1039 		} else if (urb->actual_length <
1040 				urb->transfer_buffer_length)
1041 			more = true;
1042 		break;
1043 	case MUSB_EP0_START:
1044 		request = (struct usb_ctrlrequest *) urb->setup_packet;
1045 
1046 		if (!request->wLength) {
1047 			musb_dbg(musb, "start no-DATA");
1048 			break;
1049 		} else if (request->bRequestType & USB_DIR_IN) {
1050 			musb_dbg(musb, "start IN-DATA");
1051 			musb->ep0_stage = MUSB_EP0_IN;
1052 			more = true;
1053 			break;
1054 		} else {
1055 			musb_dbg(musb, "start OUT-DATA");
1056 			musb->ep0_stage = MUSB_EP0_OUT;
1057 			more = true;
1058 		}
1059 		/* FALLTHROUGH */
1060 	case MUSB_EP0_OUT:
1061 		fifo_count = min_t(size_t, qh->maxpacket,
1062 				   urb->transfer_buffer_length -
1063 				   urb->actual_length);
1064 		if (fifo_count) {
1065 			fifo_dest = (u8 *) (urb->transfer_buffer
1066 					+ urb->actual_length);
1067 			musb_dbg(musb, "Sending %d byte%s to ep0 fifo %p",
1068 					fifo_count,
1069 					(fifo_count == 1) ? "" : "s",
1070 					fifo_dest);
1071 			musb_write_fifo(hw_ep, fifo_count, fifo_dest);
1072 
1073 			urb->actual_length += fifo_count;
1074 			more = true;
1075 		}
1076 		break;
1077 	default:
1078 		ERR("bogus ep0 stage %d\n", musb->ep0_stage);
1079 		break;
1080 	}
1081 
1082 	return more;
1083 }
1084 
1085 /*
1086  * Handle default endpoint interrupt as host. Only called in IRQ time
1087  * from musb_interrupt().
1088  *
1089  * called with controller irqlocked
1090  */
1091 irqreturn_t musb_h_ep0_irq(struct musb *musb)
1092 {
1093 	struct urb		*urb;
1094 	u16			csr, len;
1095 	int			status = 0;
1096 	void __iomem		*mbase = musb->mregs;
1097 	struct musb_hw_ep	*hw_ep = musb->control_ep;
1098 	void __iomem		*epio = hw_ep->regs;
1099 	struct musb_qh		*qh = hw_ep->in_qh;
1100 	bool			complete = false;
1101 	irqreturn_t		retval = IRQ_NONE;
1102 
1103 	/* ep0 only has one queue, "in" */
1104 	urb = next_urb(qh);
1105 
1106 	musb_ep_select(mbase, 0);
1107 	csr = musb_readw(epio, MUSB_CSR0);
1108 	len = (csr & MUSB_CSR0_RXPKTRDY)
1109 			? musb_readb(epio, MUSB_COUNT0)
1110 			: 0;
1111 
1112 	musb_dbg(musb, "<== csr0 %04x, qh %p, count %d, urb %p, stage %d",
1113 		csr, qh, len, urb, musb->ep0_stage);
1114 
1115 	/* if we just did status stage, we are done */
1116 	if (MUSB_EP0_STATUS == musb->ep0_stage) {
1117 		retval = IRQ_HANDLED;
1118 		complete = true;
1119 	}
1120 
1121 	/* prepare status */
1122 	if (csr & MUSB_CSR0_H_RXSTALL) {
1123 		musb_dbg(musb, "STALLING ENDPOINT");
1124 		status = -EPIPE;
1125 
1126 	} else if (csr & MUSB_CSR0_H_ERROR) {
1127 		musb_dbg(musb, "no response, csr0 %04x", csr);
1128 		status = -EPROTO;
1129 
1130 	} else if (csr & MUSB_CSR0_H_NAKTIMEOUT) {
1131 		musb_dbg(musb, "control NAK timeout");
1132 
1133 		/* NOTE:  this code path would be a good place to PAUSE a
1134 		 * control transfer, if another one is queued, so that
1135 		 * ep0 is more likely to stay busy.  That's already done
1136 		 * for bulk RX transfers.
1137 		 *
1138 		 * if (qh->ring.next != &musb->control), then
1139 		 * we have a candidate... NAKing is *NOT* an error
1140 		 */
1141 		musb_writew(epio, MUSB_CSR0, 0);
1142 		retval = IRQ_HANDLED;
1143 	}
1144 
1145 	if (status) {
1146 		musb_dbg(musb, "aborting");
1147 		retval = IRQ_HANDLED;
1148 		if (urb)
1149 			urb->status = status;
1150 		complete = true;
1151 
1152 		/* use the proper sequence to abort the transfer */
1153 		if (csr & MUSB_CSR0_H_REQPKT) {
1154 			csr &= ~MUSB_CSR0_H_REQPKT;
1155 			musb_writew(epio, MUSB_CSR0, csr);
1156 			csr &= ~MUSB_CSR0_H_NAKTIMEOUT;
1157 			musb_writew(epio, MUSB_CSR0, csr);
1158 		} else {
1159 			musb_h_ep0_flush_fifo(hw_ep);
1160 		}
1161 
1162 		musb_writeb(epio, MUSB_NAKLIMIT0, 0);
1163 
1164 		/* clear it */
1165 		musb_writew(epio, MUSB_CSR0, 0);
1166 	}
1167 
1168 	if (unlikely(!urb)) {
1169 		/* stop endpoint since we have no place for its data, this
1170 		 * SHOULD NEVER HAPPEN! */
1171 		ERR("no URB for end 0\n");
1172 
1173 		musb_h_ep0_flush_fifo(hw_ep);
1174 		goto done;
1175 	}
1176 
1177 	if (!complete) {
1178 		/* call common logic and prepare response */
1179 		if (musb_h_ep0_continue(musb, len, urb)) {
1180 			/* more packets required */
1181 			csr = (MUSB_EP0_IN == musb->ep0_stage)
1182 				?  MUSB_CSR0_H_REQPKT : MUSB_CSR0_TXPKTRDY;
1183 		} else {
1184 			/* data transfer complete; perform status phase */
1185 			if (usb_pipeout(urb->pipe)
1186 					|| !urb->transfer_buffer_length)
1187 				csr = MUSB_CSR0_H_STATUSPKT
1188 					| MUSB_CSR0_H_REQPKT;
1189 			else
1190 				csr = MUSB_CSR0_H_STATUSPKT
1191 					| MUSB_CSR0_TXPKTRDY;
1192 
1193 			/* disable ping token in status phase */
1194 			csr |= MUSB_CSR0_H_DIS_PING;
1195 
1196 			/* flag status stage */
1197 			musb->ep0_stage = MUSB_EP0_STATUS;
1198 
1199 			musb_dbg(musb, "ep0 STATUS, csr %04x", csr);
1200 
1201 		}
1202 		musb_writew(epio, MUSB_CSR0, csr);
1203 		retval = IRQ_HANDLED;
1204 	} else
1205 		musb->ep0_stage = MUSB_EP0_IDLE;
1206 
1207 	/* call completion handler if done */
1208 	if (complete)
1209 		musb_advance_schedule(musb, urb, hw_ep, 1);
1210 done:
1211 	return retval;
1212 }
1213 
1214 
1215 #ifdef CONFIG_USB_INVENTRA_DMA
1216 
1217 /* Host side TX (OUT) using Mentor DMA works as follows:
1218 	submit_urb ->
1219 		- if queue was empty, Program Endpoint
1220 		- ... which starts DMA to fifo in mode 1 or 0
1221 
1222 	DMA Isr (transfer complete) -> TxAvail()
1223 		- Stop DMA (~DmaEnab)	(<--- Alert ... currently happens
1224 					only in musb_cleanup_urb)
1225 		- TxPktRdy has to be set in mode 0 or for
1226 			short packets in mode 1.
1227 */
1228 
1229 #endif
1230 
1231 /* Service a Tx-Available or dma completion irq for the endpoint */
1232 void musb_host_tx(struct musb *musb, u8 epnum)
1233 {
1234 	int			pipe;
1235 	bool			done = false;
1236 	u16			tx_csr;
1237 	size_t			length = 0;
1238 	size_t			offset = 0;
1239 	struct musb_hw_ep	*hw_ep = musb->endpoints + epnum;
1240 	void __iomem		*epio = hw_ep->regs;
1241 	struct musb_qh		*qh = hw_ep->out_qh;
1242 	struct urb		*urb = next_urb(qh);
1243 	u32			status = 0;
1244 	void __iomem		*mbase = musb->mregs;
1245 	struct dma_channel	*dma;
1246 	bool			transfer_pending = false;
1247 
1248 	musb_ep_select(mbase, epnum);
1249 	tx_csr = musb_readw(epio, MUSB_TXCSR);
1250 
1251 	/* with CPPI, DMA sometimes triggers "extra" irqs */
1252 	if (!urb) {
1253 		musb_dbg(musb, "extra TX%d ready, csr %04x", epnum, tx_csr);
1254 		return;
1255 	}
1256 
1257 	pipe = urb->pipe;
1258 	dma = is_dma_capable() ? hw_ep->tx_channel : NULL;
1259 	trace_musb_urb_tx(musb, urb);
1260 	musb_dbg(musb, "OUT/TX%d end, csr %04x%s", epnum, tx_csr,
1261 			dma ? ", dma" : "");
1262 
1263 	/* check for errors */
1264 	if (tx_csr & MUSB_TXCSR_H_RXSTALL) {
1265 		/* dma was disabled, fifo flushed */
1266 		musb_dbg(musb, "TX end %d stall", epnum);
1267 
1268 		/* stall; record URB status */
1269 		status = -EPIPE;
1270 
1271 	} else if (tx_csr & MUSB_TXCSR_H_ERROR) {
1272 		/* (NON-ISO) dma was disabled, fifo flushed */
1273 		musb_dbg(musb, "TX 3strikes on ep=%d", epnum);
1274 
1275 		status = -ETIMEDOUT;
1276 
1277 	} else if (tx_csr & MUSB_TXCSR_H_NAKTIMEOUT) {
1278 		if (USB_ENDPOINT_XFER_BULK == qh->type && qh->mux == 1
1279 				&& !list_is_singular(&musb->out_bulk)) {
1280 			musb_dbg(musb, "NAK timeout on TX%d ep", epnum);
1281 			musb_bulk_nak_timeout(musb, hw_ep, 0);
1282 		} else {
1283 			musb_dbg(musb, "TX ep%d device not responding", epnum);
1284 			/* NOTE:  this code path would be a good place to PAUSE a
1285 			 * transfer, if there's some other (nonperiodic) tx urb
1286 			 * that could use this fifo.  (dma complicates it...)
1287 			 * That's already done for bulk RX transfers.
1288 			 *
1289 			 * if (bulk && qh->ring.next != &musb->out_bulk), then
1290 			 * we have a candidate... NAKing is *NOT* an error
1291 			 */
1292 			musb_ep_select(mbase, epnum);
1293 			musb_writew(epio, MUSB_TXCSR,
1294 					MUSB_TXCSR_H_WZC_BITS
1295 					| MUSB_TXCSR_TXPKTRDY);
1296 		}
1297 			return;
1298 	}
1299 
1300 done:
1301 	if (status) {
1302 		if (dma_channel_status(dma) == MUSB_DMA_STATUS_BUSY) {
1303 			dma->status = MUSB_DMA_STATUS_CORE_ABORT;
1304 			musb->dma_controller->channel_abort(dma);
1305 		}
1306 
1307 		/* do the proper sequence to abort the transfer in the
1308 		 * usb core; the dma engine should already be stopped.
1309 		 */
1310 		musb_h_tx_flush_fifo(hw_ep);
1311 		tx_csr &= ~(MUSB_TXCSR_AUTOSET
1312 				| MUSB_TXCSR_DMAENAB
1313 				| MUSB_TXCSR_H_ERROR
1314 				| MUSB_TXCSR_H_RXSTALL
1315 				| MUSB_TXCSR_H_NAKTIMEOUT
1316 				);
1317 
1318 		musb_ep_select(mbase, epnum);
1319 		musb_writew(epio, MUSB_TXCSR, tx_csr);
1320 		/* REVISIT may need to clear FLUSHFIFO ... */
1321 		musb_writew(epio, MUSB_TXCSR, tx_csr);
1322 		musb_writeb(epio, MUSB_TXINTERVAL, 0);
1323 
1324 		done = true;
1325 	}
1326 
1327 	/* second cppi case */
1328 	if (dma_channel_status(dma) == MUSB_DMA_STATUS_BUSY) {
1329 		musb_dbg(musb, "extra TX%d ready, csr %04x", epnum, tx_csr);
1330 		return;
1331 	}
1332 
1333 	if (is_dma_capable() && dma && !status) {
1334 		/*
1335 		 * DMA has completed.  But if we're using DMA mode 1 (multi
1336 		 * packet DMA), we need a terminal TXPKTRDY interrupt before
1337 		 * we can consider this transfer completed, lest we trash
1338 		 * its last packet when writing the next URB's data.  So we
1339 		 * switch back to mode 0 to get that interrupt; we'll come
1340 		 * back here once it happens.
1341 		 */
1342 		if (tx_csr & MUSB_TXCSR_DMAMODE) {
1343 			/*
1344 			 * We shouldn't clear DMAMODE with DMAENAB set; so
1345 			 * clear them in a safe order.  That should be OK
1346 			 * once TXPKTRDY has been set (and I've never seen
1347 			 * it being 0 at this moment -- DMA interrupt latency
1348 			 * is significant) but if it hasn't been then we have
1349 			 * no choice but to stop being polite and ignore the
1350 			 * programmer's guide... :-)
1351 			 *
1352 			 * Note that we must write TXCSR with TXPKTRDY cleared
1353 			 * in order not to re-trigger the packet send (this bit
1354 			 * can't be cleared by CPU), and there's another caveat:
1355 			 * TXPKTRDY may be set shortly and then cleared in the
1356 			 * double-buffered FIFO mode, so we do an extra TXCSR
1357 			 * read for debouncing...
1358 			 */
1359 			tx_csr &= musb_readw(epio, MUSB_TXCSR);
1360 			if (tx_csr & MUSB_TXCSR_TXPKTRDY) {
1361 				tx_csr &= ~(MUSB_TXCSR_DMAENAB |
1362 					    MUSB_TXCSR_TXPKTRDY);
1363 				musb_writew(epio, MUSB_TXCSR,
1364 					    tx_csr | MUSB_TXCSR_H_WZC_BITS);
1365 			}
1366 			tx_csr &= ~(MUSB_TXCSR_DMAMODE |
1367 				    MUSB_TXCSR_TXPKTRDY);
1368 			musb_writew(epio, MUSB_TXCSR,
1369 				    tx_csr | MUSB_TXCSR_H_WZC_BITS);
1370 
1371 			/*
1372 			 * There is no guarantee that we'll get an interrupt
1373 			 * after clearing DMAMODE as we might have done this
1374 			 * too late (after TXPKTRDY was cleared by controller).
1375 			 * Re-read TXCSR as we have spoiled its previous value.
1376 			 */
1377 			tx_csr = musb_readw(epio, MUSB_TXCSR);
1378 		}
1379 
1380 		/*
1381 		 * We may get here from a DMA completion or TXPKTRDY interrupt.
1382 		 * In any case, we must check the FIFO status here and bail out
1383 		 * only if the FIFO still has data -- that should prevent the
1384 		 * "missed" TXPKTRDY interrupts and deal with double-buffered
1385 		 * FIFO mode too...
1386 		 */
1387 		if (tx_csr & (MUSB_TXCSR_FIFONOTEMPTY | MUSB_TXCSR_TXPKTRDY)) {
1388 			musb_dbg(musb,
1389 				"DMA complete but FIFO not empty, CSR %04x",
1390 				tx_csr);
1391 			return;
1392 		}
1393 	}
1394 
1395 	if (!status || dma || usb_pipeisoc(pipe)) {
1396 		if (dma)
1397 			length = dma->actual_len;
1398 		else
1399 			length = qh->segsize;
1400 		qh->offset += length;
1401 
1402 		if (usb_pipeisoc(pipe)) {
1403 			struct usb_iso_packet_descriptor	*d;
1404 
1405 			d = urb->iso_frame_desc + qh->iso_idx;
1406 			d->actual_length = length;
1407 			d->status = status;
1408 			if (++qh->iso_idx >= urb->number_of_packets) {
1409 				done = true;
1410 			} else {
1411 				d++;
1412 				offset = d->offset;
1413 				length = d->length;
1414 			}
1415 		} else if (dma && urb->transfer_buffer_length == qh->offset) {
1416 			done = true;
1417 		} else {
1418 			/* see if we need to send more data, or ZLP */
1419 			if (qh->segsize < qh->maxpacket)
1420 				done = true;
1421 			else if (qh->offset == urb->transfer_buffer_length
1422 					&& !(urb->transfer_flags
1423 						& URB_ZERO_PACKET))
1424 				done = true;
1425 			if (!done) {
1426 				offset = qh->offset;
1427 				length = urb->transfer_buffer_length - offset;
1428 				transfer_pending = true;
1429 			}
1430 		}
1431 	}
1432 
1433 	/* urb->status != -EINPROGRESS means request has been faulted,
1434 	 * so we must abort this transfer after cleanup
1435 	 */
1436 	if (urb->status != -EINPROGRESS) {
1437 		done = true;
1438 		if (status == 0)
1439 			status = urb->status;
1440 	}
1441 
1442 	if (done) {
1443 		/* set status */
1444 		urb->status = status;
1445 		urb->actual_length = qh->offset;
1446 		musb_advance_schedule(musb, urb, hw_ep, USB_DIR_OUT);
1447 		return;
1448 	} else if ((usb_pipeisoc(pipe) || transfer_pending) && dma) {
1449 		if (musb_tx_dma_program(musb->dma_controller, hw_ep, qh, urb,
1450 				offset, length)) {
1451 			if (is_cppi_enabled(musb) || tusb_dma_omap(musb))
1452 				musb_h_tx_dma_start(hw_ep);
1453 			return;
1454 		}
1455 	} else	if (tx_csr & MUSB_TXCSR_DMAENAB) {
1456 		musb_dbg(musb, "not complete, but DMA enabled?");
1457 		return;
1458 	}
1459 
1460 	/*
1461 	 * PIO: start next packet in this URB.
1462 	 *
1463 	 * REVISIT: some docs say that when hw_ep->tx_double_buffered,
1464 	 * (and presumably, FIFO is not half-full) we should write *two*
1465 	 * packets before updating TXCSR; other docs disagree...
1466 	 */
1467 	if (length > qh->maxpacket)
1468 		length = qh->maxpacket;
1469 	/* Unmap the buffer so that CPU can use it */
1470 	usb_hcd_unmap_urb_for_dma(musb->hcd, urb);
1471 
1472 	/*
1473 	 * We need to map sg if the transfer_buffer is
1474 	 * NULL.
1475 	 */
1476 	if (!urb->transfer_buffer)
1477 		qh->use_sg = true;
1478 
1479 	if (qh->use_sg) {
1480 		/* sg_miter_start is already done in musb_ep_program */
1481 		if (!sg_miter_next(&qh->sg_miter)) {
1482 			dev_err(musb->controller, "error: sg list empty\n");
1483 			sg_miter_stop(&qh->sg_miter);
1484 			status = -EINVAL;
1485 			goto done;
1486 		}
1487 		urb->transfer_buffer = qh->sg_miter.addr;
1488 		length = min_t(u32, length, qh->sg_miter.length);
1489 		musb_write_fifo(hw_ep, length, urb->transfer_buffer);
1490 		qh->sg_miter.consumed = length;
1491 		sg_miter_stop(&qh->sg_miter);
1492 	} else {
1493 		musb_write_fifo(hw_ep, length, urb->transfer_buffer + offset);
1494 	}
1495 
1496 	qh->segsize = length;
1497 
1498 	if (qh->use_sg) {
1499 		if (offset + length >= urb->transfer_buffer_length)
1500 			qh->use_sg = false;
1501 	}
1502 
1503 	musb_ep_select(mbase, epnum);
1504 	musb_writew(epio, MUSB_TXCSR,
1505 			MUSB_TXCSR_H_WZC_BITS | MUSB_TXCSR_TXPKTRDY);
1506 }
1507 
1508 #ifdef CONFIG_USB_TI_CPPI41_DMA
1509 /* Seems to set up ISO for cppi41 and not advance len. See commit c57c41d */
1510 static int musb_rx_dma_iso_cppi41(struct dma_controller *dma,
1511 				  struct musb_hw_ep *hw_ep,
1512 				  struct musb_qh *qh,
1513 				  struct urb *urb,
1514 				  size_t len)
1515 {
1516 	struct dma_channel *channel = hw_ep->rx_channel;
1517 	void __iomem *epio = hw_ep->regs;
1518 	dma_addr_t *buf;
1519 	u32 length;
1520 	u16 val;
1521 
1522 	buf = (void *)urb->iso_frame_desc[qh->iso_idx].offset +
1523 		(u32)urb->transfer_dma;
1524 
1525 	length = urb->iso_frame_desc[qh->iso_idx].length;
1526 
1527 	val = musb_readw(epio, MUSB_RXCSR);
1528 	val |= MUSB_RXCSR_DMAENAB;
1529 	musb_writew(hw_ep->regs, MUSB_RXCSR, val);
1530 
1531 	return dma->channel_program(channel, qh->maxpacket, 0,
1532 				   (u32)buf, length);
1533 }
1534 #else
1535 static inline int musb_rx_dma_iso_cppi41(struct dma_controller *dma,
1536 					 struct musb_hw_ep *hw_ep,
1537 					 struct musb_qh *qh,
1538 					 struct urb *urb,
1539 					 size_t len)
1540 {
1541 	return false;
1542 }
1543 #endif
1544 
1545 #if defined(CONFIG_USB_INVENTRA_DMA) || defined(CONFIG_USB_UX500_DMA) || \
1546 	defined(CONFIG_USB_TI_CPPI41_DMA)
1547 /* Host side RX (IN) using Mentor DMA works as follows:
1548 	submit_urb ->
1549 		- if queue was empty, ProgramEndpoint
1550 		- first IN token is sent out (by setting ReqPkt)
1551 	LinuxIsr -> RxReady()
1552 	/\	=> first packet is received
1553 	|	- Set in mode 0 (DmaEnab, ~ReqPkt)
1554 	|		-> DMA Isr (transfer complete) -> RxReady()
1555 	|		    - Ack receive (~RxPktRdy), turn off DMA (~DmaEnab)
1556 	|		    - if urb not complete, send next IN token (ReqPkt)
1557 	|			   |		else complete urb.
1558 	|			   |
1559 	---------------------------
1560  *
1561  * Nuances of mode 1:
1562  *	For short packets, no ack (+RxPktRdy) is sent automatically
1563  *	(even if AutoClear is ON)
1564  *	For full packets, ack (~RxPktRdy) and next IN token (+ReqPkt) is sent
1565  *	automatically => major problem, as collecting the next packet becomes
1566  *	difficult. Hence mode 1 is not used.
1567  *
1568  * REVISIT
1569  *	All we care about at this driver level is that
1570  *       (a) all URBs terminate with REQPKT cleared and fifo(s) empty;
1571  *       (b) termination conditions are: short RX, or buffer full;
1572  *       (c) fault modes include
1573  *           - iff URB_SHORT_NOT_OK, short RX status is -EREMOTEIO.
1574  *             (and that endpoint's dma queue stops immediately)
1575  *           - overflow (full, PLUS more bytes in the terminal packet)
1576  *
1577  *	So for example, usb-storage sets URB_SHORT_NOT_OK, and would
1578  *	thus be a great candidate for using mode 1 ... for all but the
1579  *	last packet of one URB's transfer.
1580  */
1581 static int musb_rx_dma_inventra_cppi41(struct dma_controller *dma,
1582 				       struct musb_hw_ep *hw_ep,
1583 				       struct musb_qh *qh,
1584 				       struct urb *urb,
1585 				       size_t len)
1586 {
1587 	struct dma_channel *channel = hw_ep->rx_channel;
1588 	void __iomem *epio = hw_ep->regs;
1589 	u16 val;
1590 	int pipe;
1591 	bool done;
1592 
1593 	pipe = urb->pipe;
1594 
1595 	if (usb_pipeisoc(pipe)) {
1596 		struct usb_iso_packet_descriptor *d;
1597 
1598 		d = urb->iso_frame_desc + qh->iso_idx;
1599 		d->actual_length = len;
1600 
1601 		/* even if there was an error, we did the dma
1602 		 * for iso_frame_desc->length
1603 		 */
1604 		if (d->status != -EILSEQ && d->status != -EOVERFLOW)
1605 			d->status = 0;
1606 
1607 		if (++qh->iso_idx >= urb->number_of_packets) {
1608 			done = true;
1609 		} else {
1610 			/* REVISIT: Why ignore return value here? */
1611 			if (musb_dma_cppi41(hw_ep->musb))
1612 				done = musb_rx_dma_iso_cppi41(dma, hw_ep, qh,
1613 							      urb, len);
1614 			done = false;
1615 		}
1616 
1617 	} else  {
1618 		/* done if urb buffer is full or short packet is recd */
1619 		done = (urb->actual_length + len >=
1620 			urb->transfer_buffer_length
1621 			|| channel->actual_len < qh->maxpacket
1622 			|| channel->rx_packet_done);
1623 	}
1624 
1625 	/* send IN token for next packet, without AUTOREQ */
1626 	if (!done) {
1627 		val = musb_readw(epio, MUSB_RXCSR);
1628 		val |= MUSB_RXCSR_H_REQPKT;
1629 		musb_writew(epio, MUSB_RXCSR, MUSB_RXCSR_H_WZC_BITS | val);
1630 	}
1631 
1632 	return done;
1633 }
1634 
1635 /* Disadvantage of using mode 1:
1636  *	It's basically usable only for mass storage class; essentially all
1637  *	other protocols also terminate transfers on short packets.
1638  *
1639  * Details:
1640  *	An extra IN token is sent at the end of the transfer (due to AUTOREQ)
1641  *	If you try to use mode 1 for (transfer_buffer_length - 512), and try
1642  *	to use the extra IN token to grab the last packet using mode 0, then
1643  *	the problem is that you cannot be sure when the device will send the
1644  *	last packet and RxPktRdy set. Sometimes the packet is recd too soon
1645  *	such that it gets lost when RxCSR is re-set at the end of the mode 1
1646  *	transfer, while sometimes it is recd just a little late so that if you
1647  *	try to configure for mode 0 soon after the mode 1 transfer is
1648  *	completed, you will find rxcount 0. Okay, so you might think why not
1649  *	wait for an interrupt when the pkt is recd. Well, you won't get any!
1650  */
1651 static int musb_rx_dma_in_inventra_cppi41(struct dma_controller *dma,
1652 					  struct musb_hw_ep *hw_ep,
1653 					  struct musb_qh *qh,
1654 					  struct urb *urb,
1655 					  size_t len,
1656 					  u8 iso_err)
1657 {
1658 	struct musb *musb = hw_ep->musb;
1659 	void __iomem *epio = hw_ep->regs;
1660 	struct dma_channel *channel = hw_ep->rx_channel;
1661 	u16 rx_count, val;
1662 	int length, pipe, done;
1663 	dma_addr_t buf;
1664 
1665 	rx_count = musb_readw(epio, MUSB_RXCOUNT);
1666 	pipe = urb->pipe;
1667 
1668 	if (usb_pipeisoc(pipe)) {
1669 		int d_status = 0;
1670 		struct usb_iso_packet_descriptor *d;
1671 
1672 		d = urb->iso_frame_desc + qh->iso_idx;
1673 
1674 		if (iso_err) {
1675 			d_status = -EILSEQ;
1676 			urb->error_count++;
1677 		}
1678 		if (rx_count > d->length) {
1679 			if (d_status == 0) {
1680 				d_status = -EOVERFLOW;
1681 				urb->error_count++;
1682 			}
1683 			musb_dbg(musb, "** OVERFLOW %d into %d",
1684 				rx_count, d->length);
1685 
1686 			length = d->length;
1687 		} else
1688 			length = rx_count;
1689 		d->status = d_status;
1690 		buf = urb->transfer_dma + d->offset;
1691 	} else {
1692 		length = rx_count;
1693 		buf = urb->transfer_dma + urb->actual_length;
1694 	}
1695 
1696 	channel->desired_mode = 0;
1697 #ifdef USE_MODE1
1698 	/* because of the issue below, mode 1 will
1699 	 * only rarely behave with correct semantics.
1700 	 */
1701 	if ((urb->transfer_flags & URB_SHORT_NOT_OK)
1702 	    && (urb->transfer_buffer_length - urb->actual_length)
1703 	    > qh->maxpacket)
1704 		channel->desired_mode = 1;
1705 	if (rx_count < hw_ep->max_packet_sz_rx) {
1706 		length = rx_count;
1707 		channel->desired_mode = 0;
1708 	} else {
1709 		length = urb->transfer_buffer_length;
1710 	}
1711 #endif
1712 
1713 	/* See comments above on disadvantages of using mode 1 */
1714 	val = musb_readw(epio, MUSB_RXCSR);
1715 	val &= ~MUSB_RXCSR_H_REQPKT;
1716 
1717 	if (channel->desired_mode == 0)
1718 		val &= ~MUSB_RXCSR_H_AUTOREQ;
1719 	else
1720 		val |= MUSB_RXCSR_H_AUTOREQ;
1721 	val |= MUSB_RXCSR_DMAENAB;
1722 
1723 	/* autoclear shouldn't be set in high bandwidth */
1724 	if (qh->hb_mult == 1)
1725 		val |= MUSB_RXCSR_AUTOCLEAR;
1726 
1727 	musb_writew(epio, MUSB_RXCSR, MUSB_RXCSR_H_WZC_BITS | val);
1728 
1729 	/* REVISIT if when actual_length != 0,
1730 	 * transfer_buffer_length needs to be
1731 	 * adjusted first...
1732 	 */
1733 	done = dma->channel_program(channel, qh->maxpacket,
1734 				   channel->desired_mode,
1735 				   buf, length);
1736 
1737 	if (!done) {
1738 		dma->channel_release(channel);
1739 		hw_ep->rx_channel = NULL;
1740 		channel = NULL;
1741 		val = musb_readw(epio, MUSB_RXCSR);
1742 		val &= ~(MUSB_RXCSR_DMAENAB
1743 			 | MUSB_RXCSR_H_AUTOREQ
1744 			 | MUSB_RXCSR_AUTOCLEAR);
1745 		musb_writew(epio, MUSB_RXCSR, val);
1746 	}
1747 
1748 	return done;
1749 }
1750 #else
1751 static inline int musb_rx_dma_inventra_cppi41(struct dma_controller *dma,
1752 					      struct musb_hw_ep *hw_ep,
1753 					      struct musb_qh *qh,
1754 					      struct urb *urb,
1755 					      size_t len)
1756 {
1757 	return false;
1758 }
1759 
1760 static inline int musb_rx_dma_in_inventra_cppi41(struct dma_controller *dma,
1761 						 struct musb_hw_ep *hw_ep,
1762 						 struct musb_qh *qh,
1763 						 struct urb *urb,
1764 						 size_t len,
1765 						 u8 iso_err)
1766 {
1767 	return false;
1768 }
1769 #endif
1770 
1771 /*
1772  * Service an RX interrupt for the given IN endpoint; docs cover bulk, iso,
1773  * and high-bandwidth IN transfer cases.
1774  */
1775 void musb_host_rx(struct musb *musb, u8 epnum)
1776 {
1777 	struct urb		*urb;
1778 	struct musb_hw_ep	*hw_ep = musb->endpoints + epnum;
1779 	struct dma_controller	*c = musb->dma_controller;
1780 	void __iomem		*epio = hw_ep->regs;
1781 	struct musb_qh		*qh = hw_ep->in_qh;
1782 	size_t			xfer_len;
1783 	void __iomem		*mbase = musb->mregs;
1784 	int			pipe;
1785 	u16			rx_csr, val;
1786 	bool			iso_err = false;
1787 	bool			done = false;
1788 	u32			status;
1789 	struct dma_channel	*dma;
1790 	unsigned int sg_flags = SG_MITER_ATOMIC | SG_MITER_TO_SG;
1791 
1792 	musb_ep_select(mbase, epnum);
1793 
1794 	urb = next_urb(qh);
1795 	dma = is_dma_capable() ? hw_ep->rx_channel : NULL;
1796 	status = 0;
1797 	xfer_len = 0;
1798 
1799 	rx_csr = musb_readw(epio, MUSB_RXCSR);
1800 	val = rx_csr;
1801 
1802 	if (unlikely(!urb)) {
1803 		/* REVISIT -- THIS SHOULD NEVER HAPPEN ... but, at least
1804 		 * usbtest #11 (unlinks) triggers it regularly, sometimes
1805 		 * with fifo full.  (Only with DMA??)
1806 		 */
1807 		musb_dbg(musb, "BOGUS RX%d ready, csr %04x, count %d",
1808 			epnum, val, musb_readw(epio, MUSB_RXCOUNT));
1809 		musb_h_flush_rxfifo(hw_ep, MUSB_RXCSR_CLRDATATOG);
1810 		return;
1811 	}
1812 
1813 	pipe = urb->pipe;
1814 
1815 	trace_musb_urb_rx(musb, urb);
1816 
1817 	/* check for errors, concurrent stall & unlink is not really
1818 	 * handled yet! */
1819 	if (rx_csr & MUSB_RXCSR_H_RXSTALL) {
1820 		musb_dbg(musb, "RX end %d STALL", epnum);
1821 
1822 		/* stall; record URB status */
1823 		status = -EPIPE;
1824 
1825 	} else if (rx_csr & MUSB_RXCSR_H_ERROR) {
1826 		musb_dbg(musb, "end %d RX proto error", epnum);
1827 
1828 		status = -EPROTO;
1829 		musb_writeb(epio, MUSB_RXINTERVAL, 0);
1830 
1831 		rx_csr &= ~MUSB_RXCSR_H_ERROR;
1832 		musb_writew(epio, MUSB_RXCSR, rx_csr);
1833 
1834 	} else if (rx_csr & MUSB_RXCSR_DATAERROR) {
1835 
1836 		if (USB_ENDPOINT_XFER_ISOC != qh->type) {
1837 			musb_dbg(musb, "RX end %d NAK timeout", epnum);
1838 
1839 			/* NOTE: NAKing is *NOT* an error, so we want to
1840 			 * continue.  Except ... if there's a request for
1841 			 * another QH, use that instead of starving it.
1842 			 *
1843 			 * Devices like Ethernet and serial adapters keep
1844 			 * reads posted at all times, which will starve
1845 			 * other devices without this logic.
1846 			 */
1847 			if (usb_pipebulk(urb->pipe)
1848 					&& qh->mux == 1
1849 					&& !list_is_singular(&musb->in_bulk)) {
1850 				musb_bulk_nak_timeout(musb, hw_ep, 1);
1851 				return;
1852 			}
1853 			musb_ep_select(mbase, epnum);
1854 			rx_csr |= MUSB_RXCSR_H_WZC_BITS;
1855 			rx_csr &= ~MUSB_RXCSR_DATAERROR;
1856 			musb_writew(epio, MUSB_RXCSR, rx_csr);
1857 
1858 			goto finish;
1859 		} else {
1860 			musb_dbg(musb, "RX end %d ISO data error", epnum);
1861 			/* packet error reported later */
1862 			iso_err = true;
1863 		}
1864 	} else if (rx_csr & MUSB_RXCSR_INCOMPRX) {
1865 		musb_dbg(musb, "end %d high bandwidth incomplete ISO packet RX",
1866 				epnum);
1867 		status = -EPROTO;
1868 	}
1869 
1870 	/* faults abort the transfer */
1871 	if (status) {
1872 		/* clean up dma and collect transfer count */
1873 		if (dma_channel_status(dma) == MUSB_DMA_STATUS_BUSY) {
1874 			dma->status = MUSB_DMA_STATUS_CORE_ABORT;
1875 			musb->dma_controller->channel_abort(dma);
1876 			xfer_len = dma->actual_len;
1877 		}
1878 		musb_h_flush_rxfifo(hw_ep, MUSB_RXCSR_CLRDATATOG);
1879 		musb_writeb(epio, MUSB_RXINTERVAL, 0);
1880 		done = true;
1881 		goto finish;
1882 	}
1883 
1884 	if (unlikely(dma_channel_status(dma) == MUSB_DMA_STATUS_BUSY)) {
1885 		/* SHOULD NEVER HAPPEN ... but at least DaVinci has done it */
1886 		ERR("RX%d dma busy, csr %04x\n", epnum, rx_csr);
1887 		goto finish;
1888 	}
1889 
1890 	/* thorough shutdown for now ... given more precise fault handling
1891 	 * and better queueing support, we might keep a DMA pipeline going
1892 	 * while processing this irq for earlier completions.
1893 	 */
1894 
1895 	/* FIXME this is _way_ too much in-line logic for Mentor DMA */
1896 	if (!musb_dma_inventra(musb) && !musb_dma_ux500(musb) &&
1897 	    (rx_csr & MUSB_RXCSR_H_REQPKT)) {
1898 		/* REVISIT this happened for a while on some short reads...
1899 		 * the cleanup still needs investigation... looks bad...
1900 		 * and also duplicates dma cleanup code above ... plus,
1901 		 * shouldn't this be the "half full" double buffer case?
1902 		 */
1903 		if (dma_channel_status(dma) == MUSB_DMA_STATUS_BUSY) {
1904 			dma->status = MUSB_DMA_STATUS_CORE_ABORT;
1905 			musb->dma_controller->channel_abort(dma);
1906 			xfer_len = dma->actual_len;
1907 			done = true;
1908 		}
1909 
1910 		musb_dbg(musb, "RXCSR%d %04x, reqpkt, len %zu%s", epnum, rx_csr,
1911 				xfer_len, dma ? ", dma" : "");
1912 		rx_csr &= ~MUSB_RXCSR_H_REQPKT;
1913 
1914 		musb_ep_select(mbase, epnum);
1915 		musb_writew(epio, MUSB_RXCSR,
1916 				MUSB_RXCSR_H_WZC_BITS | rx_csr);
1917 	}
1918 
1919 	if (dma && (rx_csr & MUSB_RXCSR_DMAENAB)) {
1920 		xfer_len = dma->actual_len;
1921 
1922 		val &= ~(MUSB_RXCSR_DMAENAB
1923 			| MUSB_RXCSR_H_AUTOREQ
1924 			| MUSB_RXCSR_AUTOCLEAR
1925 			| MUSB_RXCSR_RXPKTRDY);
1926 		musb_writew(hw_ep->regs, MUSB_RXCSR, val);
1927 
1928 		if (musb_dma_inventra(musb) || musb_dma_ux500(musb) ||
1929 		    musb_dma_cppi41(musb)) {
1930 			    done = musb_rx_dma_inventra_cppi41(c, hw_ep, qh, urb, xfer_len);
1931 			    musb_dbg(hw_ep->musb,
1932 				    "ep %d dma %s, rxcsr %04x, rxcount %d",
1933 				    epnum, done ? "off" : "reset",
1934 				    musb_readw(epio, MUSB_RXCSR),
1935 				    musb_readw(epio, MUSB_RXCOUNT));
1936 		} else {
1937 			done = true;
1938 		}
1939 
1940 	} else if (urb->status == -EINPROGRESS) {
1941 		/* if no errors, be sure a packet is ready for unloading */
1942 		if (unlikely(!(rx_csr & MUSB_RXCSR_RXPKTRDY))) {
1943 			status = -EPROTO;
1944 			ERR("Rx interrupt with no errors or packet!\n");
1945 
1946 			/* FIXME this is another "SHOULD NEVER HAPPEN" */
1947 
1948 /* SCRUB (RX) */
1949 			/* do the proper sequence to abort the transfer */
1950 			musb_ep_select(mbase, epnum);
1951 			val &= ~MUSB_RXCSR_H_REQPKT;
1952 			musb_writew(epio, MUSB_RXCSR, val);
1953 			goto finish;
1954 		}
1955 
1956 		/* we are expecting IN packets */
1957 		if ((musb_dma_inventra(musb) || musb_dma_ux500(musb) ||
1958 		    musb_dma_cppi41(musb)) && dma) {
1959 			musb_dbg(hw_ep->musb,
1960 				"RX%d count %d, buffer 0x%llx len %d/%d",
1961 				epnum, musb_readw(epio, MUSB_RXCOUNT),
1962 				(unsigned long long) urb->transfer_dma
1963 				+ urb->actual_length,
1964 				qh->offset,
1965 				urb->transfer_buffer_length);
1966 
1967 			if (musb_rx_dma_in_inventra_cppi41(c, hw_ep, qh, urb,
1968 							   xfer_len, iso_err))
1969 				goto finish;
1970 			else
1971 				dev_err(musb->controller, "error: rx_dma failed\n");
1972 		}
1973 
1974 		if (!dma) {
1975 			unsigned int received_len;
1976 
1977 			/* Unmap the buffer so that CPU can use it */
1978 			usb_hcd_unmap_urb_for_dma(musb->hcd, urb);
1979 
1980 			/*
1981 			 * We need to map sg if the transfer_buffer is
1982 			 * NULL.
1983 			 */
1984 			if (!urb->transfer_buffer) {
1985 				qh->use_sg = true;
1986 				sg_miter_start(&qh->sg_miter, urb->sg, 1,
1987 						sg_flags);
1988 			}
1989 
1990 			if (qh->use_sg) {
1991 				if (!sg_miter_next(&qh->sg_miter)) {
1992 					dev_err(musb->controller, "error: sg list empty\n");
1993 					sg_miter_stop(&qh->sg_miter);
1994 					status = -EINVAL;
1995 					done = true;
1996 					goto finish;
1997 				}
1998 				urb->transfer_buffer = qh->sg_miter.addr;
1999 				received_len = urb->actual_length;
2000 				qh->offset = 0x0;
2001 				done = musb_host_packet_rx(musb, urb, epnum,
2002 						iso_err);
2003 				/* Calculate the number of bytes received */
2004 				received_len = urb->actual_length -
2005 					received_len;
2006 				qh->sg_miter.consumed = received_len;
2007 				sg_miter_stop(&qh->sg_miter);
2008 			} else {
2009 				done = musb_host_packet_rx(musb, urb,
2010 						epnum, iso_err);
2011 			}
2012 			musb_dbg(musb, "read %spacket", done ? "last " : "");
2013 		}
2014 	}
2015 
2016 finish:
2017 	urb->actual_length += xfer_len;
2018 	qh->offset += xfer_len;
2019 	if (done) {
2020 		if (qh->use_sg)
2021 			qh->use_sg = false;
2022 
2023 		if (urb->status == -EINPROGRESS)
2024 			urb->status = status;
2025 		musb_advance_schedule(musb, urb, hw_ep, USB_DIR_IN);
2026 	}
2027 }
2028 
2029 /* schedule nodes correspond to peripheral endpoints, like an OHCI QH.
2030  * the software schedule associates multiple such nodes with a given
2031  * host side hardware endpoint + direction; scheduling may activate
2032  * that hardware endpoint.
2033  */
2034 static int musb_schedule(
2035 	struct musb		*musb,
2036 	struct musb_qh		*qh,
2037 	int			is_in)
2038 {
2039 	int			idle = 0;
2040 	int			best_diff;
2041 	int			best_end, epnum;
2042 	struct musb_hw_ep	*hw_ep = NULL;
2043 	struct list_head	*head = NULL;
2044 	u8			toggle;
2045 	u8			txtype;
2046 	struct urb		*urb = next_urb(qh);
2047 
2048 	/* use fixed hardware for control and bulk */
2049 	if (qh->type == USB_ENDPOINT_XFER_CONTROL) {
2050 		head = &musb->control;
2051 		hw_ep = musb->control_ep;
2052 		goto success;
2053 	}
2054 
2055 	/* else, periodic transfers get muxed to other endpoints */
2056 
2057 	/*
2058 	 * We know this qh hasn't been scheduled, so all we need to do
2059 	 * is choose which hardware endpoint to put it on ...
2060 	 *
2061 	 * REVISIT what we really want here is a regular schedule tree
2062 	 * like e.g. OHCI uses.
2063 	 */
2064 	best_diff = 4096;
2065 	best_end = -1;
2066 
2067 	for (epnum = 1, hw_ep = musb->endpoints + 1;
2068 			epnum < musb->nr_endpoints;
2069 			epnum++, hw_ep++) {
2070 		int	diff;
2071 
2072 		if (musb_ep_get_qh(hw_ep, is_in) != NULL)
2073 			continue;
2074 
2075 		if (hw_ep == musb->bulk_ep)
2076 			continue;
2077 
2078 		if (is_in)
2079 			diff = hw_ep->max_packet_sz_rx;
2080 		else
2081 			diff = hw_ep->max_packet_sz_tx;
2082 		diff -= (qh->maxpacket * qh->hb_mult);
2083 
2084 		if (diff >= 0 && best_diff > diff) {
2085 
2086 			/*
2087 			 * Mentor controller has a bug in that if we schedule
2088 			 * a BULK Tx transfer on an endpoint that had earlier
2089 			 * handled ISOC then the BULK transfer has to start on
2090 			 * a zero toggle.  If the BULK transfer starts on a 1
2091 			 * toggle then this transfer will fail as the mentor
2092 			 * controller starts the Bulk transfer on a 0 toggle
2093 			 * irrespective of the programming of the toggle bits
2094 			 * in the TXCSR register.  Check for this condition
2095 			 * while allocating the EP for a Tx Bulk transfer.  If
2096 			 * so skip this EP.
2097 			 */
2098 			hw_ep = musb->endpoints + epnum;
2099 			toggle = usb_gettoggle(urb->dev, qh->epnum, !is_in);
2100 			txtype = (musb_readb(hw_ep->regs, MUSB_TXTYPE)
2101 					>> 4) & 0x3;
2102 			if (!is_in && (qh->type == USB_ENDPOINT_XFER_BULK) &&
2103 				toggle && (txtype == USB_ENDPOINT_XFER_ISOC))
2104 				continue;
2105 
2106 			best_diff = diff;
2107 			best_end = epnum;
2108 		}
2109 	}
2110 	/* use bulk reserved ep1 if no other ep is free */
2111 	if (best_end < 0 && qh->type == USB_ENDPOINT_XFER_BULK) {
2112 		hw_ep = musb->bulk_ep;
2113 		if (is_in)
2114 			head = &musb->in_bulk;
2115 		else
2116 			head = &musb->out_bulk;
2117 
2118 		/* Enable bulk RX/TX NAK timeout scheme when bulk requests are
2119 		 * multiplexed. This scheme does not work in high speed to full
2120 		 * speed scenario as NAK interrupts are not coming from a
2121 		 * full speed device connected to a high speed device.
2122 		 * NAK timeout interval is 8 (128 uframe or 16ms) for HS and
2123 		 * 4 (8 frame or 8ms) for FS device.
2124 		 */
2125 		if (qh->dev)
2126 			qh->intv_reg =
2127 				(USB_SPEED_HIGH == qh->dev->speed) ? 8 : 4;
2128 		goto success;
2129 	} else if (best_end < 0) {
2130 		dev_err(musb->controller,
2131 				"%s hwep alloc failed for %dx%d\n",
2132 				musb_ep_xfertype_string(qh->type),
2133 				qh->hb_mult, qh->maxpacket);
2134 		return -ENOSPC;
2135 	}
2136 
2137 	idle = 1;
2138 	qh->mux = 0;
2139 	hw_ep = musb->endpoints + best_end;
2140 	musb_dbg(musb, "qh %p periodic slot %d", qh, best_end);
2141 success:
2142 	if (head) {
2143 		idle = list_empty(head);
2144 		list_add_tail(&qh->ring, head);
2145 		qh->mux = 1;
2146 	}
2147 	qh->hw_ep = hw_ep;
2148 	qh->hep->hcpriv = qh;
2149 	if (idle)
2150 		musb_start_urb(musb, is_in, qh);
2151 	return 0;
2152 }
2153 
2154 static int musb_urb_enqueue(
2155 	struct usb_hcd			*hcd,
2156 	struct urb			*urb,
2157 	gfp_t				mem_flags)
2158 {
2159 	unsigned long			flags;
2160 	struct musb			*musb = hcd_to_musb(hcd);
2161 	struct usb_host_endpoint	*hep = urb->ep;
2162 	struct musb_qh			*qh;
2163 	struct usb_endpoint_descriptor	*epd = &hep->desc;
2164 	int				ret;
2165 	unsigned			type_reg;
2166 	unsigned			interval;
2167 
2168 	/* host role must be active */
2169 	if (!is_host_active(musb) || !musb->is_active)
2170 		return -ENODEV;
2171 
2172 	trace_musb_urb_enq(musb, urb);
2173 
2174 	spin_lock_irqsave(&musb->lock, flags);
2175 	ret = usb_hcd_link_urb_to_ep(hcd, urb);
2176 	qh = ret ? NULL : hep->hcpriv;
2177 	if (qh)
2178 		urb->hcpriv = qh;
2179 	spin_unlock_irqrestore(&musb->lock, flags);
2180 
2181 	/* DMA mapping was already done, if needed, and this urb is on
2182 	 * hep->urb_list now ... so we're done, unless hep wasn't yet
2183 	 * scheduled onto a live qh.
2184 	 *
2185 	 * REVISIT best to keep hep->hcpriv valid until the endpoint gets
2186 	 * disabled, testing for empty qh->ring and avoiding qh setup costs
2187 	 * except for the first urb queued after a config change.
2188 	 */
2189 	if (qh || ret)
2190 		return ret;
2191 
2192 	/* Allocate and initialize qh, minimizing the work done each time
2193 	 * hw_ep gets reprogrammed, or with irqs blocked.  Then schedule it.
2194 	 *
2195 	 * REVISIT consider a dedicated qh kmem_cache, so it's harder
2196 	 * for bugs in other kernel code to break this driver...
2197 	 */
2198 	qh = kzalloc(sizeof *qh, mem_flags);
2199 	if (!qh) {
2200 		spin_lock_irqsave(&musb->lock, flags);
2201 		usb_hcd_unlink_urb_from_ep(hcd, urb);
2202 		spin_unlock_irqrestore(&musb->lock, flags);
2203 		return -ENOMEM;
2204 	}
2205 
2206 	qh->hep = hep;
2207 	qh->dev = urb->dev;
2208 	INIT_LIST_HEAD(&qh->ring);
2209 	qh->is_ready = 1;
2210 
2211 	qh->maxpacket = usb_endpoint_maxp(epd);
2212 	qh->type = usb_endpoint_type(epd);
2213 
2214 	/* Bits 11 & 12 of wMaxPacketSize encode high bandwidth multiplier.
2215 	 * Some musb cores don't support high bandwidth ISO transfers; and
2216 	 * we don't (yet!) support high bandwidth interrupt transfers.
2217 	 */
2218 	qh->hb_mult = usb_endpoint_maxp_mult(epd);
2219 	if (qh->hb_mult > 1) {
2220 		int ok = (qh->type == USB_ENDPOINT_XFER_ISOC);
2221 
2222 		if (ok)
2223 			ok = (usb_pipein(urb->pipe) && musb->hb_iso_rx)
2224 				|| (usb_pipeout(urb->pipe) && musb->hb_iso_tx);
2225 		if (!ok) {
2226 			dev_err(musb->controller,
2227 				"high bandwidth %s (%dx%d) not supported\n",
2228 				musb_ep_xfertype_string(qh->type),
2229 				qh->hb_mult, qh->maxpacket & 0x7ff);
2230 			ret = -EMSGSIZE;
2231 			goto done;
2232 		}
2233 		qh->maxpacket &= 0x7ff;
2234 	}
2235 
2236 	qh->epnum = usb_endpoint_num(epd);
2237 
2238 	/* NOTE: urb->dev->devnum is wrong during SET_ADDRESS */
2239 	qh->addr_reg = (u8) usb_pipedevice(urb->pipe);
2240 
2241 	/* precompute rxtype/txtype/type0 register */
2242 	type_reg = (qh->type << 4) | qh->epnum;
2243 	switch (urb->dev->speed) {
2244 	case USB_SPEED_LOW:
2245 		type_reg |= 0xc0;
2246 		break;
2247 	case USB_SPEED_FULL:
2248 		type_reg |= 0x80;
2249 		break;
2250 	default:
2251 		type_reg |= 0x40;
2252 	}
2253 	qh->type_reg = type_reg;
2254 
2255 	/* Precompute RXINTERVAL/TXINTERVAL register */
2256 	switch (qh->type) {
2257 	case USB_ENDPOINT_XFER_INT:
2258 		/*
2259 		 * Full/low speeds use the  linear encoding,
2260 		 * high speed uses the logarithmic encoding.
2261 		 */
2262 		if (urb->dev->speed <= USB_SPEED_FULL) {
2263 			interval = max_t(u8, epd->bInterval, 1);
2264 			break;
2265 		}
2266 		/* FALLTHROUGH */
2267 	case USB_ENDPOINT_XFER_ISOC:
2268 		/* ISO always uses logarithmic encoding */
2269 		interval = min_t(u8, epd->bInterval, 16);
2270 		break;
2271 	default:
2272 		/* REVISIT we actually want to use NAK limits, hinting to the
2273 		 * transfer scheduling logic to try some other qh, e.g. try
2274 		 * for 2 msec first:
2275 		 *
2276 		 * interval = (USB_SPEED_HIGH == urb->dev->speed) ? 16 : 2;
2277 		 *
2278 		 * The downside of disabling this is that transfer scheduling
2279 		 * gets VERY unfair for nonperiodic transfers; a misbehaving
2280 		 * peripheral could make that hurt.  That's perfectly normal
2281 		 * for reads from network or serial adapters ... so we have
2282 		 * partial NAKlimit support for bulk RX.
2283 		 *
2284 		 * The upside of disabling it is simpler transfer scheduling.
2285 		 */
2286 		interval = 0;
2287 	}
2288 	qh->intv_reg = interval;
2289 
2290 	/* precompute addressing for external hub/tt ports */
2291 	if (musb->is_multipoint) {
2292 		struct usb_device	*parent = urb->dev->parent;
2293 
2294 		if (parent != hcd->self.root_hub) {
2295 			qh->h_addr_reg = (u8) parent->devnum;
2296 
2297 			/* set up tt info if needed */
2298 			if (urb->dev->tt) {
2299 				qh->h_port_reg = (u8) urb->dev->ttport;
2300 				if (urb->dev->tt->hub)
2301 					qh->h_addr_reg =
2302 						(u8) urb->dev->tt->hub->devnum;
2303 				if (urb->dev->tt->multi)
2304 					qh->h_addr_reg |= 0x80;
2305 			}
2306 		}
2307 	}
2308 
2309 	/* invariant: hep->hcpriv is null OR the qh that's already scheduled.
2310 	 * until we get real dma queues (with an entry for each urb/buffer),
2311 	 * we only have work to do in the former case.
2312 	 */
2313 	spin_lock_irqsave(&musb->lock, flags);
2314 	if (hep->hcpriv || !next_urb(qh)) {
2315 		/* some concurrent activity submitted another urb to hep...
2316 		 * odd, rare, error prone, but legal.
2317 		 */
2318 		kfree(qh);
2319 		qh = NULL;
2320 		ret = 0;
2321 	} else
2322 		ret = musb_schedule(musb, qh,
2323 				epd->bEndpointAddress & USB_ENDPOINT_DIR_MASK);
2324 
2325 	if (ret == 0) {
2326 		urb->hcpriv = qh;
2327 		/* FIXME set urb->start_frame for iso/intr, it's tested in
2328 		 * musb_start_urb(), but otherwise only konicawc cares ...
2329 		 */
2330 	}
2331 	spin_unlock_irqrestore(&musb->lock, flags);
2332 
2333 done:
2334 	if (ret != 0) {
2335 		spin_lock_irqsave(&musb->lock, flags);
2336 		usb_hcd_unlink_urb_from_ep(hcd, urb);
2337 		spin_unlock_irqrestore(&musb->lock, flags);
2338 		kfree(qh);
2339 	}
2340 	return ret;
2341 }
2342 
2343 
2344 /*
2345  * abort a transfer that's at the head of a hardware queue.
2346  * called with controller locked, irqs blocked
2347  * that hardware queue advances to the next transfer, unless prevented
2348  */
2349 static int musb_cleanup_urb(struct urb *urb, struct musb_qh *qh)
2350 {
2351 	struct musb_hw_ep	*ep = qh->hw_ep;
2352 	struct musb		*musb = ep->musb;
2353 	void __iomem		*epio = ep->regs;
2354 	unsigned		hw_end = ep->epnum;
2355 	void __iomem		*regs = ep->musb->mregs;
2356 	int			is_in = usb_pipein(urb->pipe);
2357 	int			status = 0;
2358 	u16			csr;
2359 	struct dma_channel	*dma = NULL;
2360 
2361 	musb_ep_select(regs, hw_end);
2362 
2363 	if (is_dma_capable()) {
2364 		dma = is_in ? ep->rx_channel : ep->tx_channel;
2365 		if (dma) {
2366 			status = ep->musb->dma_controller->channel_abort(dma);
2367 			musb_dbg(musb, "abort %cX%d DMA for urb %p --> %d",
2368 				is_in ? 'R' : 'T', ep->epnum,
2369 				urb, status);
2370 			urb->actual_length += dma->actual_len;
2371 		}
2372 	}
2373 
2374 	/* turn off DMA requests, discard state, stop polling ... */
2375 	if (ep->epnum && is_in) {
2376 		/* giveback saves bulk toggle */
2377 		csr = musb_h_flush_rxfifo(ep, 0);
2378 
2379 		/* clear the endpoint's irq status here to avoid bogus irqs */
2380 		if (is_dma_capable() && dma)
2381 			musb_platform_clear_ep_rxintr(musb, ep->epnum);
2382 	} else if (ep->epnum) {
2383 		musb_h_tx_flush_fifo(ep);
2384 		csr = musb_readw(epio, MUSB_TXCSR);
2385 		csr &= ~(MUSB_TXCSR_AUTOSET
2386 			| MUSB_TXCSR_DMAENAB
2387 			| MUSB_TXCSR_H_RXSTALL
2388 			| MUSB_TXCSR_H_NAKTIMEOUT
2389 			| MUSB_TXCSR_H_ERROR
2390 			| MUSB_TXCSR_TXPKTRDY);
2391 		musb_writew(epio, MUSB_TXCSR, csr);
2392 		/* REVISIT may need to clear FLUSHFIFO ... */
2393 		musb_writew(epio, MUSB_TXCSR, csr);
2394 		/* flush cpu writebuffer */
2395 		csr = musb_readw(epio, MUSB_TXCSR);
2396 	} else  {
2397 		musb_h_ep0_flush_fifo(ep);
2398 	}
2399 	if (status == 0)
2400 		musb_advance_schedule(ep->musb, urb, ep, is_in);
2401 	return status;
2402 }
2403 
2404 static int musb_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status)
2405 {
2406 	struct musb		*musb = hcd_to_musb(hcd);
2407 	struct musb_qh		*qh;
2408 	unsigned long		flags;
2409 	int			is_in  = usb_pipein(urb->pipe);
2410 	int			ret;
2411 
2412 	trace_musb_urb_deq(musb, urb);
2413 
2414 	spin_lock_irqsave(&musb->lock, flags);
2415 	ret = usb_hcd_check_unlink_urb(hcd, urb, status);
2416 	if (ret)
2417 		goto done;
2418 
2419 	qh = urb->hcpriv;
2420 	if (!qh)
2421 		goto done;
2422 
2423 	/*
2424 	 * Any URB not actively programmed into endpoint hardware can be
2425 	 * immediately given back; that's any URB not at the head of an
2426 	 * endpoint queue, unless someday we get real DMA queues.  And even
2427 	 * if it's at the head, it might not be known to the hardware...
2428 	 *
2429 	 * Otherwise abort current transfer, pending DMA, etc.; urb->status
2430 	 * has already been updated.  This is a synchronous abort; it'd be
2431 	 * OK to hold off until after some IRQ, though.
2432 	 *
2433 	 * NOTE: qh is invalid unless !list_empty(&hep->urb_list)
2434 	 */
2435 	if (!qh->is_ready
2436 			|| urb->urb_list.prev != &qh->hep->urb_list
2437 			|| musb_ep_get_qh(qh->hw_ep, is_in) != qh) {
2438 		int	ready = qh->is_ready;
2439 
2440 		qh->is_ready = 0;
2441 		musb_giveback(musb, urb, 0);
2442 		qh->is_ready = ready;
2443 
2444 		/* If nothing else (usually musb_giveback) is using it
2445 		 * and its URB list has emptied, recycle this qh.
2446 		 */
2447 		if (ready && list_empty(&qh->hep->urb_list)) {
2448 			qh->hep->hcpriv = NULL;
2449 			list_del(&qh->ring);
2450 			kfree(qh);
2451 		}
2452 	} else
2453 		ret = musb_cleanup_urb(urb, qh);
2454 done:
2455 	spin_unlock_irqrestore(&musb->lock, flags);
2456 	return ret;
2457 }
2458 
2459 /* disable an endpoint */
2460 static void
2461 musb_h_disable(struct usb_hcd *hcd, struct usb_host_endpoint *hep)
2462 {
2463 	u8			is_in = hep->desc.bEndpointAddress & USB_DIR_IN;
2464 	unsigned long		flags;
2465 	struct musb		*musb = hcd_to_musb(hcd);
2466 	struct musb_qh		*qh;
2467 	struct urb		*urb;
2468 
2469 	spin_lock_irqsave(&musb->lock, flags);
2470 
2471 	qh = hep->hcpriv;
2472 	if (qh == NULL)
2473 		goto exit;
2474 
2475 	/* NOTE: qh is invalid unless !list_empty(&hep->urb_list) */
2476 
2477 	/* Kick the first URB off the hardware, if needed */
2478 	qh->is_ready = 0;
2479 	if (musb_ep_get_qh(qh->hw_ep, is_in) == qh) {
2480 		urb = next_urb(qh);
2481 
2482 		/* make software (then hardware) stop ASAP */
2483 		if (!urb->unlinked)
2484 			urb->status = -ESHUTDOWN;
2485 
2486 		/* cleanup */
2487 		musb_cleanup_urb(urb, qh);
2488 
2489 		/* Then nuke all the others ... and advance the
2490 		 * queue on hw_ep (e.g. bulk ring) when we're done.
2491 		 */
2492 		while (!list_empty(&hep->urb_list)) {
2493 			urb = next_urb(qh);
2494 			urb->status = -ESHUTDOWN;
2495 			musb_advance_schedule(musb, urb, qh->hw_ep, is_in);
2496 		}
2497 	} else {
2498 		/* Just empty the queue; the hardware is busy with
2499 		 * other transfers, and since !qh->is_ready nothing
2500 		 * will activate any of these as it advances.
2501 		 */
2502 		while (!list_empty(&hep->urb_list))
2503 			musb_giveback(musb, next_urb(qh), -ESHUTDOWN);
2504 
2505 		hep->hcpriv = NULL;
2506 		list_del(&qh->ring);
2507 		kfree(qh);
2508 	}
2509 exit:
2510 	spin_unlock_irqrestore(&musb->lock, flags);
2511 }
2512 
2513 static int musb_h_get_frame_number(struct usb_hcd *hcd)
2514 {
2515 	struct musb	*musb = hcd_to_musb(hcd);
2516 
2517 	return musb_readw(musb->mregs, MUSB_FRAME);
2518 }
2519 
2520 static int musb_h_start(struct usb_hcd *hcd)
2521 {
2522 	struct musb	*musb = hcd_to_musb(hcd);
2523 
2524 	/* NOTE: musb_start() is called when the hub driver turns
2525 	 * on port power, or when (OTG) peripheral starts.
2526 	 */
2527 	hcd->state = HC_STATE_RUNNING;
2528 	musb->port1_status = 0;
2529 	return 0;
2530 }
2531 
2532 static void musb_h_stop(struct usb_hcd *hcd)
2533 {
2534 	musb_stop(hcd_to_musb(hcd));
2535 	hcd->state = HC_STATE_HALT;
2536 }
2537 
2538 static int musb_bus_suspend(struct usb_hcd *hcd)
2539 {
2540 	struct musb	*musb = hcd_to_musb(hcd);
2541 	u8		devctl;
2542 
2543 	musb_port_suspend(musb, true);
2544 
2545 	if (!is_host_active(musb))
2546 		return 0;
2547 
2548 	switch (musb->xceiv->otg->state) {
2549 	case OTG_STATE_A_SUSPEND:
2550 		return 0;
2551 	case OTG_STATE_A_WAIT_VRISE:
2552 		/* ID could be grounded even if there's no device
2553 		 * on the other end of the cable.  NOTE that the
2554 		 * A_WAIT_VRISE timers are messy with MUSB...
2555 		 */
2556 		devctl = musb_readb(musb->mregs, MUSB_DEVCTL);
2557 		if ((devctl & MUSB_DEVCTL_VBUS) == MUSB_DEVCTL_VBUS)
2558 			musb->xceiv->otg->state = OTG_STATE_A_WAIT_BCON;
2559 		break;
2560 	default:
2561 		break;
2562 	}
2563 
2564 	if (musb->is_active) {
2565 		WARNING("trying to suspend as %s while active\n",
2566 				usb_otg_state_string(musb->xceiv->otg->state));
2567 		return -EBUSY;
2568 	} else
2569 		return 0;
2570 }
2571 
2572 static int musb_bus_resume(struct usb_hcd *hcd)
2573 {
2574 	struct musb *musb = hcd_to_musb(hcd);
2575 
2576 	if (musb->config &&
2577 	    musb->config->host_port_deassert_reset_at_resume)
2578 		musb_port_reset(musb, false);
2579 
2580 	return 0;
2581 }
2582 
2583 #ifndef CONFIG_MUSB_PIO_ONLY
2584 
2585 #define MUSB_USB_DMA_ALIGN 4
2586 
2587 struct musb_temp_buffer {
2588 	void *kmalloc_ptr;
2589 	void *old_xfer_buffer;
2590 	u8 data[0];
2591 };
2592 
2593 static void musb_free_temp_buffer(struct urb *urb)
2594 {
2595 	enum dma_data_direction dir;
2596 	struct musb_temp_buffer *temp;
2597 	size_t length;
2598 
2599 	if (!(urb->transfer_flags & URB_ALIGNED_TEMP_BUFFER))
2600 		return;
2601 
2602 	dir = usb_urb_dir_in(urb) ? DMA_FROM_DEVICE : DMA_TO_DEVICE;
2603 
2604 	temp = container_of(urb->transfer_buffer, struct musb_temp_buffer,
2605 			    data);
2606 
2607 	if (dir == DMA_FROM_DEVICE) {
2608 		if (usb_pipeisoc(urb->pipe))
2609 			length = urb->transfer_buffer_length;
2610 		else
2611 			length = urb->actual_length;
2612 
2613 		memcpy(temp->old_xfer_buffer, temp->data, length);
2614 	}
2615 	urb->transfer_buffer = temp->old_xfer_buffer;
2616 	kfree(temp->kmalloc_ptr);
2617 
2618 	urb->transfer_flags &= ~URB_ALIGNED_TEMP_BUFFER;
2619 }
2620 
2621 static int musb_alloc_temp_buffer(struct urb *urb, gfp_t mem_flags)
2622 {
2623 	enum dma_data_direction dir;
2624 	struct musb_temp_buffer *temp;
2625 	void *kmalloc_ptr;
2626 	size_t kmalloc_size;
2627 
2628 	if (urb->num_sgs || urb->sg ||
2629 	    urb->transfer_buffer_length == 0 ||
2630 	    !((uintptr_t)urb->transfer_buffer & (MUSB_USB_DMA_ALIGN - 1)))
2631 		return 0;
2632 
2633 	dir = usb_urb_dir_in(urb) ? DMA_FROM_DEVICE : DMA_TO_DEVICE;
2634 
2635 	/* Allocate a buffer with enough padding for alignment */
2636 	kmalloc_size = urb->transfer_buffer_length +
2637 		sizeof(struct musb_temp_buffer) + MUSB_USB_DMA_ALIGN - 1;
2638 
2639 	kmalloc_ptr = kmalloc(kmalloc_size, mem_flags);
2640 	if (!kmalloc_ptr)
2641 		return -ENOMEM;
2642 
2643 	/* Position our struct temp_buffer such that data is aligned */
2644 	temp = PTR_ALIGN(kmalloc_ptr, MUSB_USB_DMA_ALIGN);
2645 
2646 
2647 	temp->kmalloc_ptr = kmalloc_ptr;
2648 	temp->old_xfer_buffer = urb->transfer_buffer;
2649 	if (dir == DMA_TO_DEVICE)
2650 		memcpy(temp->data, urb->transfer_buffer,
2651 		       urb->transfer_buffer_length);
2652 	urb->transfer_buffer = temp->data;
2653 
2654 	urb->transfer_flags |= URB_ALIGNED_TEMP_BUFFER;
2655 
2656 	return 0;
2657 }
2658 
2659 static int musb_map_urb_for_dma(struct usb_hcd *hcd, struct urb *urb,
2660 				      gfp_t mem_flags)
2661 {
2662 	struct musb	*musb = hcd_to_musb(hcd);
2663 	int ret;
2664 
2665 	/*
2666 	 * The DMA engine in RTL1.8 and above cannot handle
2667 	 * DMA addresses that are not aligned to a 4 byte boundary.
2668 	 * For such engine implemented (un)map_urb_for_dma hooks.
2669 	 * Do not use these hooks for RTL<1.8
2670 	 */
2671 	if (musb->hwvers < MUSB_HWVERS_1800)
2672 		return usb_hcd_map_urb_for_dma(hcd, urb, mem_flags);
2673 
2674 	ret = musb_alloc_temp_buffer(urb, mem_flags);
2675 	if (ret)
2676 		return ret;
2677 
2678 	ret = usb_hcd_map_urb_for_dma(hcd, urb, mem_flags);
2679 	if (ret)
2680 		musb_free_temp_buffer(urb);
2681 
2682 	return ret;
2683 }
2684 
2685 static void musb_unmap_urb_for_dma(struct usb_hcd *hcd, struct urb *urb)
2686 {
2687 	struct musb	*musb = hcd_to_musb(hcd);
2688 
2689 	usb_hcd_unmap_urb_for_dma(hcd, urb);
2690 
2691 	/* Do not use this hook for RTL<1.8 (see description above) */
2692 	if (musb->hwvers < MUSB_HWVERS_1800)
2693 		return;
2694 
2695 	musb_free_temp_buffer(urb);
2696 }
2697 #endif /* !CONFIG_MUSB_PIO_ONLY */
2698 
2699 static const struct hc_driver musb_hc_driver = {
2700 	.description		= "musb-hcd",
2701 	.product_desc		= "MUSB HDRC host driver",
2702 	.hcd_priv_size		= sizeof(struct musb *),
2703 	.flags			= HCD_USB2 | HCD_MEMORY,
2704 
2705 	/* not using irq handler or reset hooks from usbcore, since
2706 	 * those must be shared with peripheral code for OTG configs
2707 	 */
2708 
2709 	.start			= musb_h_start,
2710 	.stop			= musb_h_stop,
2711 
2712 	.get_frame_number	= musb_h_get_frame_number,
2713 
2714 	.urb_enqueue		= musb_urb_enqueue,
2715 	.urb_dequeue		= musb_urb_dequeue,
2716 	.endpoint_disable	= musb_h_disable,
2717 
2718 #ifndef CONFIG_MUSB_PIO_ONLY
2719 	.map_urb_for_dma	= musb_map_urb_for_dma,
2720 	.unmap_urb_for_dma	= musb_unmap_urb_for_dma,
2721 #endif
2722 
2723 	.hub_status_data	= musb_hub_status_data,
2724 	.hub_control		= musb_hub_control,
2725 	.bus_suspend		= musb_bus_suspend,
2726 	.bus_resume		= musb_bus_resume,
2727 	/* .start_port_reset	= NULL, */
2728 	/* .hub_irq_enable	= NULL, */
2729 };
2730 
2731 int musb_host_alloc(struct musb *musb)
2732 {
2733 	struct device	*dev = musb->controller;
2734 
2735 	/* usbcore sets dev->driver_data to hcd, and sometimes uses that... */
2736 	musb->hcd = usb_create_hcd(&musb_hc_driver, dev, dev_name(dev));
2737 	if (!musb->hcd)
2738 		return -EINVAL;
2739 
2740 	*musb->hcd->hcd_priv = (unsigned long) musb;
2741 	musb->hcd->self.uses_pio_for_control = 1;
2742 	musb->hcd->uses_new_polling = 1;
2743 	musb->hcd->has_tt = 1;
2744 
2745 	return 0;
2746 }
2747 
2748 void musb_host_cleanup(struct musb *musb)
2749 {
2750 	if (musb->port_mode == MUSB_PORT_MODE_GADGET)
2751 		return;
2752 	usb_remove_hcd(musb->hcd);
2753 }
2754 
2755 void musb_host_free(struct musb *musb)
2756 {
2757 	usb_put_hcd(musb->hcd);
2758 }
2759 
2760 int musb_host_setup(struct musb *musb, int power_budget)
2761 {
2762 	int ret;
2763 	struct usb_hcd *hcd = musb->hcd;
2764 
2765 	if (musb->port_mode == MUSB_PORT_MODE_HOST) {
2766 		MUSB_HST_MODE(musb);
2767 		musb->xceiv->otg->default_a = 1;
2768 		musb->xceiv->otg->state = OTG_STATE_A_IDLE;
2769 	}
2770 	otg_set_host(musb->xceiv->otg, &hcd->self);
2771 	hcd->self.otg_port = 1;
2772 	musb->xceiv->otg->host = &hcd->self;
2773 	hcd->power_budget = 2 * (power_budget ? : 250);
2774 
2775 	ret = usb_add_hcd(hcd, 0, 0);
2776 	if (ret < 0)
2777 		return ret;
2778 
2779 	device_wakeup_enable(hcd->self.controller);
2780 	return 0;
2781 }
2782 
2783 void musb_host_resume_root_hub(struct musb *musb)
2784 {
2785 	usb_hcd_resume_root_hub(musb->hcd);
2786 }
2787 
2788 void musb_host_poke_root_hub(struct musb *musb)
2789 {
2790 	MUSB_HST_MODE(musb);
2791 	if (musb->hcd->status_urb)
2792 		usb_hcd_poll_rh_status(musb->hcd);
2793 	else
2794 		usb_hcd_resume_root_hub(musb->hcd);
2795 }
2796