1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * MUSB OTG peripheral driver ep0 handling
4  *
5  * Copyright 2005 Mentor Graphics Corporation
6  * Copyright (C) 2005-2006 by Texas Instruments
7  * Copyright (C) 2006-2007 Nokia Corporation
8  * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com>
9  */
10 
11 #ifndef __UBOOT__
12 #include <linux/kernel.h>
13 #include <linux/list.h>
14 #include <linux/timer.h>
15 #include <linux/spinlock.h>
16 #include <linux/device.h>
17 #include <linux/interrupt.h>
18 #else
19 #include <common.h>
20 #include "linux-compat.h"
21 #include <asm/processor.h>
22 #endif
23 
24 #include "musb_core.h"
25 
26 /* ep0 is always musb->endpoints[0].ep_in */
27 #define	next_ep0_request(musb)	next_in_request(&(musb)->endpoints[0])
28 
29 /*
30  * locking note:  we use only the controller lock, for simpler correctness.
31  * It's always held with IRQs blocked.
32  *
33  * It protects the ep0 request queue as well as ep0_state, not just the
34  * controller and indexed registers.  And that lock stays held unless it
35  * needs to be dropped to allow reentering this driver ... like upcalls to
36  * the gadget driver, or adjusting endpoint halt status.
37  */
38 
39 static char *decode_ep0stage(u8 stage)
40 {
41 	switch (stage) {
42 	case MUSB_EP0_STAGE_IDLE:	return "idle";
43 	case MUSB_EP0_STAGE_SETUP:	return "setup";
44 	case MUSB_EP0_STAGE_TX:		return "in";
45 	case MUSB_EP0_STAGE_RX:		return "out";
46 	case MUSB_EP0_STAGE_ACKWAIT:	return "wait";
47 	case MUSB_EP0_STAGE_STATUSIN:	return "in/status";
48 	case MUSB_EP0_STAGE_STATUSOUT:	return "out/status";
49 	default:			return "?";
50 	}
51 }
52 
53 /* handle a standard GET_STATUS request
54  * Context:  caller holds controller lock
55  */
56 static int service_tx_status_request(
57 	struct musb *musb,
58 	const struct usb_ctrlrequest *ctrlrequest)
59 {
60 	void __iomem	*mbase = musb->mregs;
61 	int handled = 1;
62 	u8 result[2], epnum = 0;
63 	const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
64 
65 	result[1] = 0;
66 
67 	switch (recip) {
68 	case USB_RECIP_DEVICE:
69 		result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED;
70 		result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP;
71 		if (musb->g.is_otg) {
72 			result[0] |= musb->g.b_hnp_enable
73 				<< USB_DEVICE_B_HNP_ENABLE;
74 			result[0] |= musb->g.a_alt_hnp_support
75 				<< USB_DEVICE_A_ALT_HNP_SUPPORT;
76 			result[0] |= musb->g.a_hnp_support
77 				<< USB_DEVICE_A_HNP_SUPPORT;
78 		}
79 		break;
80 
81 	case USB_RECIP_INTERFACE:
82 		result[0] = 0;
83 		break;
84 
85 	case USB_RECIP_ENDPOINT: {
86 		int		is_in;
87 		struct musb_ep	*ep;
88 		u16		tmp;
89 		void __iomem	*regs;
90 
91 		epnum = (u8) ctrlrequest->wIndex;
92 		if (!epnum) {
93 			result[0] = 0;
94 			break;
95 		}
96 
97 		is_in = epnum & USB_DIR_IN;
98 		if (is_in) {
99 			epnum &= 0x0f;
100 			ep = &musb->endpoints[epnum].ep_in;
101 		} else {
102 			ep = &musb->endpoints[epnum].ep_out;
103 		}
104 		regs = musb->endpoints[epnum].regs;
105 
106 		if (epnum >= MUSB_C_NUM_EPS || !ep->desc) {
107 			handled = -EINVAL;
108 			break;
109 		}
110 
111 		musb_ep_select(mbase, epnum);
112 		if (is_in)
113 			tmp = musb_readw(regs, MUSB_TXCSR)
114 						& MUSB_TXCSR_P_SENDSTALL;
115 		else
116 			tmp = musb_readw(regs, MUSB_RXCSR)
117 						& MUSB_RXCSR_P_SENDSTALL;
118 		musb_ep_select(mbase, 0);
119 
120 		result[0] = tmp ? 1 : 0;
121 		} break;
122 
123 	default:
124 		/* class, vendor, etc ... delegate */
125 		handled = 0;
126 		break;
127 	}
128 
129 	/* fill up the fifo; caller updates csr0 */
130 	if (handled > 0) {
131 		u16	len = le16_to_cpu(ctrlrequest->wLength);
132 
133 		if (len > 2)
134 			len = 2;
135 		musb_write_fifo(&musb->endpoints[0], len, result);
136 	}
137 
138 	return handled;
139 }
140 
141 /*
142  * handle a control-IN request, the end0 buffer contains the current request
143  * that is supposed to be a standard control request. Assumes the fifo to
144  * be at least 2 bytes long.
145  *
146  * @return 0 if the request was NOT HANDLED,
147  * < 0 when error
148  * > 0 when the request is processed
149  *
150  * Context:  caller holds controller lock
151  */
152 static int
153 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
154 {
155 	int handled = 0;	/* not handled */
156 
157 	if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
158 			== USB_TYPE_STANDARD) {
159 		switch (ctrlrequest->bRequest) {
160 		case USB_REQ_GET_STATUS:
161 			handled = service_tx_status_request(musb,
162 					ctrlrequest);
163 			break;
164 
165 		/* case USB_REQ_SYNC_FRAME: */
166 
167 		default:
168 			break;
169 		}
170 	}
171 	return handled;
172 }
173 
174 /*
175  * Context:  caller holds controller lock
176  */
177 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req)
178 {
179 	musb_g_giveback(&musb->endpoints[0].ep_in, req, 0);
180 }
181 
182 /*
183  * Tries to start B-device HNP negotiation if enabled via sysfs
184  */
185 static inline void musb_try_b_hnp_enable(struct musb *musb)
186 {
187 	void __iomem	*mbase = musb->mregs;
188 	u8		devctl;
189 
190 	dev_dbg(musb->controller, "HNP: Setting HR\n");
191 	devctl = musb_readb(mbase, MUSB_DEVCTL);
192 	musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR);
193 }
194 
195 /*
196  * Handle all control requests with no DATA stage, including standard
197  * requests such as:
198  * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized
199  *	always delegated to the gadget driver
200  * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE
201  *	always handled here, except for class/vendor/... features
202  *
203  * Context:  caller holds controller lock
204  */
205 static int
206 service_zero_data_request(struct musb *musb,
207 		struct usb_ctrlrequest *ctrlrequest)
208 __releases(musb->lock)
209 __acquires(musb->lock)
210 {
211 	int handled = -EINVAL;
212 	void __iomem *mbase = musb->mregs;
213 	const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
214 
215 	/* the gadget driver handles everything except what we MUST handle */
216 	if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
217 			== USB_TYPE_STANDARD) {
218 		switch (ctrlrequest->bRequest) {
219 		case USB_REQ_SET_ADDRESS:
220 			/* change it after the status stage */
221 			musb->set_address = true;
222 			musb->address = (u8) (ctrlrequest->wValue & 0x7f);
223 			handled = 1;
224 			break;
225 
226 		case USB_REQ_CLEAR_FEATURE:
227 			switch (recip) {
228 			case USB_RECIP_DEVICE:
229 				if (ctrlrequest->wValue
230 						!= USB_DEVICE_REMOTE_WAKEUP)
231 					break;
232 				musb->may_wakeup = 0;
233 				handled = 1;
234 				break;
235 			case USB_RECIP_INTERFACE:
236 				break;
237 			case USB_RECIP_ENDPOINT:{
238 				const u8		epnum =
239 					ctrlrequest->wIndex & 0x0f;
240 				struct musb_ep		*musb_ep;
241 				struct musb_hw_ep	*ep;
242 				struct musb_request	*request;
243 				void __iomem		*regs;
244 				int			is_in;
245 				u16			csr;
246 
247 				if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
248 				    ctrlrequest->wValue != USB_ENDPOINT_HALT)
249 					break;
250 
251 				ep = musb->endpoints + epnum;
252 				regs = ep->regs;
253 				is_in = ctrlrequest->wIndex & USB_DIR_IN;
254 				if (is_in)
255 					musb_ep = &ep->ep_in;
256 				else
257 					musb_ep = &ep->ep_out;
258 				if (!musb_ep->desc)
259 					break;
260 
261 				handled = 1;
262 				/* Ignore request if endpoint is wedged */
263 				if (musb_ep->wedged)
264 					break;
265 
266 				musb_ep_select(mbase, epnum);
267 				if (is_in) {
268 					csr  = musb_readw(regs, MUSB_TXCSR);
269 					csr |= MUSB_TXCSR_CLRDATATOG |
270 					       MUSB_TXCSR_P_WZC_BITS;
271 					csr &= ~(MUSB_TXCSR_P_SENDSTALL |
272 						 MUSB_TXCSR_P_SENTSTALL |
273 						 MUSB_TXCSR_TXPKTRDY);
274 					musb_writew(regs, MUSB_TXCSR, csr);
275 				} else {
276 					csr  = musb_readw(regs, MUSB_RXCSR);
277 					csr |= MUSB_RXCSR_CLRDATATOG |
278 					       MUSB_RXCSR_P_WZC_BITS;
279 					csr &= ~(MUSB_RXCSR_P_SENDSTALL |
280 						 MUSB_RXCSR_P_SENTSTALL);
281 					musb_writew(regs, MUSB_RXCSR, csr);
282 				}
283 
284 				/* Maybe start the first request in the queue */
285 				request = next_request(musb_ep);
286 				if (!musb_ep->busy && request) {
287 					dev_dbg(musb->controller, "restarting the request\n");
288 					musb_ep_restart(musb, request);
289 				}
290 
291 				/* select ep0 again */
292 				musb_ep_select(mbase, 0);
293 				} break;
294 			default:
295 				/* class, vendor, etc ... delegate */
296 				handled = 0;
297 				break;
298 			}
299 			break;
300 
301 		case USB_REQ_SET_FEATURE:
302 			switch (recip) {
303 			case USB_RECIP_DEVICE:
304 				handled = 1;
305 				switch (ctrlrequest->wValue) {
306 				case USB_DEVICE_REMOTE_WAKEUP:
307 					musb->may_wakeup = 1;
308 					break;
309 				case USB_DEVICE_TEST_MODE:
310 					if (musb->g.speed != USB_SPEED_HIGH)
311 						goto stall;
312 					if (ctrlrequest->wIndex & 0xff)
313 						goto stall;
314 
315 					switch (ctrlrequest->wIndex >> 8) {
316 					case 1:
317 						pr_debug("TEST_J\n");
318 						/* TEST_J */
319 						musb->test_mode_nr =
320 							MUSB_TEST_J;
321 						break;
322 					case 2:
323 						/* TEST_K */
324 						pr_debug("TEST_K\n");
325 						musb->test_mode_nr =
326 							MUSB_TEST_K;
327 						break;
328 					case 3:
329 						/* TEST_SE0_NAK */
330 						pr_debug("TEST_SE0_NAK\n");
331 						musb->test_mode_nr =
332 							MUSB_TEST_SE0_NAK;
333 						break;
334 					case 4:
335 						/* TEST_PACKET */
336 						pr_debug("TEST_PACKET\n");
337 						musb->test_mode_nr =
338 							MUSB_TEST_PACKET;
339 						break;
340 
341 					case 0xc0:
342 						/* TEST_FORCE_HS */
343 						pr_debug("TEST_FORCE_HS\n");
344 						musb->test_mode_nr =
345 							MUSB_TEST_FORCE_HS;
346 						break;
347 					case 0xc1:
348 						/* TEST_FORCE_FS */
349 						pr_debug("TEST_FORCE_FS\n");
350 						musb->test_mode_nr =
351 							MUSB_TEST_FORCE_FS;
352 						break;
353 					case 0xc2:
354 						/* TEST_FIFO_ACCESS */
355 						pr_debug("TEST_FIFO_ACCESS\n");
356 						musb->test_mode_nr =
357 							MUSB_TEST_FIFO_ACCESS;
358 						break;
359 					case 0xc3:
360 						/* TEST_FORCE_HOST */
361 						pr_debug("TEST_FORCE_HOST\n");
362 						musb->test_mode_nr =
363 							MUSB_TEST_FORCE_HOST;
364 						break;
365 					default:
366 						goto stall;
367 					}
368 
369 					/* enter test mode after irq */
370 					if (handled > 0)
371 						musb->test_mode = true;
372 					break;
373 				case USB_DEVICE_B_HNP_ENABLE:
374 					if (!musb->g.is_otg)
375 						goto stall;
376 					musb->g.b_hnp_enable = 1;
377 					musb_try_b_hnp_enable(musb);
378 					break;
379 				case USB_DEVICE_A_HNP_SUPPORT:
380 					if (!musb->g.is_otg)
381 						goto stall;
382 					musb->g.a_hnp_support = 1;
383 					break;
384 				case USB_DEVICE_A_ALT_HNP_SUPPORT:
385 					if (!musb->g.is_otg)
386 						goto stall;
387 					musb->g.a_alt_hnp_support = 1;
388 					break;
389 				case USB_DEVICE_DEBUG_MODE:
390 					handled = 0;
391 					break;
392 stall:
393 				default:
394 					handled = -EINVAL;
395 					break;
396 				}
397 				break;
398 
399 			case USB_RECIP_INTERFACE:
400 				break;
401 
402 			case USB_RECIP_ENDPOINT:{
403 				const u8		epnum =
404 					ctrlrequest->wIndex & 0x0f;
405 				struct musb_ep		*musb_ep;
406 				struct musb_hw_ep	*ep;
407 				void __iomem		*regs;
408 				int			is_in;
409 				u16			csr;
410 
411 				if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
412 				    ctrlrequest->wValue	!= USB_ENDPOINT_HALT)
413 					break;
414 
415 				ep = musb->endpoints + epnum;
416 				regs = ep->regs;
417 				is_in = ctrlrequest->wIndex & USB_DIR_IN;
418 				if (is_in)
419 					musb_ep = &ep->ep_in;
420 				else
421 					musb_ep = &ep->ep_out;
422 				if (!musb_ep->desc)
423 					break;
424 
425 				musb_ep_select(mbase, epnum);
426 				if (is_in) {
427 					csr = musb_readw(regs, MUSB_TXCSR);
428 					if (csr & MUSB_TXCSR_FIFONOTEMPTY)
429 						csr |= MUSB_TXCSR_FLUSHFIFO;
430 					csr |= MUSB_TXCSR_P_SENDSTALL
431 						| MUSB_TXCSR_CLRDATATOG
432 						| MUSB_TXCSR_P_WZC_BITS;
433 					musb_writew(regs, MUSB_TXCSR, csr);
434 				} else {
435 					csr = musb_readw(regs, MUSB_RXCSR);
436 					csr |= MUSB_RXCSR_P_SENDSTALL
437 						| MUSB_RXCSR_FLUSHFIFO
438 						| MUSB_RXCSR_CLRDATATOG
439 						| MUSB_RXCSR_P_WZC_BITS;
440 					musb_writew(regs, MUSB_RXCSR, csr);
441 				}
442 
443 				/* select ep0 again */
444 				musb_ep_select(mbase, 0);
445 				handled = 1;
446 				} break;
447 
448 			default:
449 				/* class, vendor, etc ... delegate */
450 				handled = 0;
451 				break;
452 			}
453 			break;
454 		default:
455 			/* delegate SET_CONFIGURATION, etc */
456 			handled = 0;
457 		}
458 	} else
459 		handled = 0;
460 	return handled;
461 }
462 
463 /* we have an ep0out data packet
464  * Context:  caller holds controller lock
465  */
466 static void ep0_rxstate(struct musb *musb)
467 {
468 	void __iomem		*regs = musb->control_ep->regs;
469 	struct musb_request	*request;
470 	struct usb_request	*req;
471 	u16			count, csr;
472 
473 	request = next_ep0_request(musb);
474 	req = &request->request;
475 
476 	/* read packet and ack; or stall because of gadget driver bug:
477 	 * should have provided the rx buffer before setup() returned.
478 	 */
479 	if (req) {
480 		void		*buf = req->buf + req->actual;
481 		unsigned	len = req->length - req->actual;
482 
483 		/* read the buffer */
484 		count = musb_readb(regs, MUSB_COUNT0);
485 		if (count > len) {
486 			req->status = -EOVERFLOW;
487 			count = len;
488 		}
489 		musb_read_fifo(&musb->endpoints[0], count, buf);
490 		req->actual += count;
491 		csr = MUSB_CSR0_P_SVDRXPKTRDY;
492 		if (count < 64 || req->actual == req->length) {
493 			musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
494 			csr |= MUSB_CSR0_P_DATAEND;
495 		} else
496 			req = NULL;
497 	} else
498 		csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL;
499 
500 
501 	/* Completion handler may choose to stall, e.g. because the
502 	 * message just received holds invalid data.
503 	 */
504 	if (req) {
505 		musb->ackpend = csr;
506 		musb_g_ep0_giveback(musb, req);
507 		if (!musb->ackpend)
508 			return;
509 		musb->ackpend = 0;
510 	}
511 	musb_ep_select(musb->mregs, 0);
512 	musb_writew(regs, MUSB_CSR0, csr);
513 }
514 
515 /*
516  * transmitting to the host (IN), this code might be called from IRQ
517  * and from kernel thread.
518  *
519  * Context:  caller holds controller lock
520  */
521 static void ep0_txstate(struct musb *musb)
522 {
523 	void __iomem		*regs = musb->control_ep->regs;
524 	struct musb_request	*req = next_ep0_request(musb);
525 	struct usb_request	*request;
526 	u16			csr = MUSB_CSR0_TXPKTRDY;
527 	u8			*fifo_src;
528 	u8			fifo_count;
529 
530 	if (!req) {
531 		/* WARN_ON(1); */
532 		dev_dbg(musb->controller, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0));
533 		return;
534 	}
535 
536 	request = &req->request;
537 
538 	/* load the data */
539 	fifo_src = (u8 *) request->buf + request->actual;
540 	fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE,
541 		request->length - request->actual);
542 	musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src);
543 	request->actual += fifo_count;
544 
545 	/* update the flags */
546 	if (fifo_count < MUSB_MAX_END0_PACKET
547 			|| (request->actual == request->length
548 				&& !request->zero)) {
549 		musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
550 		csr |= MUSB_CSR0_P_DATAEND;
551 	} else
552 		request = NULL;
553 
554 	/* send it out, triggering a "txpktrdy cleared" irq */
555 	musb_ep_select(musb->mregs, 0);
556 	musb_writew(regs, MUSB_CSR0, csr);
557 
558 	/* report completions as soon as the fifo's loaded; there's no
559 	 * win in waiting till this last packet gets acked.  (other than
560 	 * very precise fault reporting, needed by USB TMC; possible with
561 	 * this hardware, but not usable from portable gadget drivers.)
562 	 */
563 	if (request) {
564 		musb->ackpend = csr;
565 		musb_g_ep0_giveback(musb, request);
566 		if (!musb->ackpend)
567 			return;
568 		musb->ackpend = 0;
569 	}
570 }
571 
572 /*
573  * Read a SETUP packet (struct usb_ctrlrequest) from the hardware.
574  * Fields are left in USB byte-order.
575  *
576  * Context:  caller holds controller lock.
577  */
578 static void
579 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req)
580 {
581 	struct musb_request	*r;
582 	void __iomem		*regs = musb->control_ep->regs;
583 
584 	musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req);
585 
586 	/* NOTE:  earlier 2.6 versions changed setup packets to host
587 	 * order, but now USB packets always stay in USB byte order.
588 	 */
589 	dev_dbg(musb->controller, "SETUP req%02x.%02x v%04x i%04x l%d\n",
590 		req->bRequestType,
591 		req->bRequest,
592 		le16_to_cpu(req->wValue),
593 		le16_to_cpu(req->wIndex),
594 		le16_to_cpu(req->wLength));
595 
596 	/* clean up any leftover transfers */
597 	r = next_ep0_request(musb);
598 	if (r)
599 		musb_g_ep0_giveback(musb, &r->request);
600 
601 	/* For zero-data requests we want to delay the STATUS stage to
602 	 * avoid SETUPEND errors.  If we read data (OUT), delay accepting
603 	 * packets until there's a buffer to store them in.
604 	 *
605 	 * If we write data, the controller acts happier if we enable
606 	 * the TX FIFO right away, and give the controller a moment
607 	 * to switch modes...
608 	 */
609 	musb->set_address = false;
610 	musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY;
611 	if (req->wLength == 0) {
612 		if (req->bRequestType & USB_DIR_IN)
613 			musb->ackpend |= MUSB_CSR0_TXPKTRDY;
614 		musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT;
615 	} else if (req->bRequestType & USB_DIR_IN) {
616 		musb->ep0_state = MUSB_EP0_STAGE_TX;
617 		musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY);
618 		while ((musb_readw(regs, MUSB_CSR0)
619 				& MUSB_CSR0_RXPKTRDY) != 0)
620 			cpu_relax();
621 		musb->ackpend = 0;
622 	} else
623 		musb->ep0_state = MUSB_EP0_STAGE_RX;
624 }
625 
626 static int
627 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
628 __releases(musb->lock)
629 __acquires(musb->lock)
630 {
631 	int retval;
632 	if (!musb->gadget_driver)
633 		return -EOPNOTSUPP;
634 	spin_unlock(&musb->lock);
635 	retval = musb->gadget_driver->setup(&musb->g, ctrlrequest);
636 	spin_lock(&musb->lock);
637 	return retval;
638 }
639 
640 /*
641  * Handle peripheral ep0 interrupt
642  *
643  * Context: irq handler; we won't re-enter the driver that way.
644  */
645 irqreturn_t musb_g_ep0_irq(struct musb *musb)
646 {
647 	u16		csr;
648 	u16		len;
649 	void __iomem	*mbase = musb->mregs;
650 	void __iomem	*regs = musb->endpoints[0].regs;
651 	irqreturn_t	retval = IRQ_NONE;
652 
653 	musb_ep_select(mbase, 0);	/* select ep0 */
654 	csr = musb_readw(regs, MUSB_CSR0);
655 	len = musb_readb(regs, MUSB_COUNT0);
656 
657 	dev_dbg(musb->controller, "csr %04x, count %d, myaddr %d, ep0stage %s\n",
658 			csr, len,
659 			musb_readb(mbase, MUSB_FADDR),
660 			decode_ep0stage(musb->ep0_state));
661 
662 	if (csr & MUSB_CSR0_P_DATAEND) {
663 		/*
664 		 * If DATAEND is set we should not call the callback,
665 		 * hence the status stage is not complete.
666 		 */
667 		return IRQ_HANDLED;
668 	}
669 
670 	/* I sent a stall.. need to acknowledge it now.. */
671 	if (csr & MUSB_CSR0_P_SENTSTALL) {
672 		musb_writew(regs, MUSB_CSR0,
673 				csr & ~MUSB_CSR0_P_SENTSTALL);
674 		retval = IRQ_HANDLED;
675 		musb->ep0_state = MUSB_EP0_STAGE_IDLE;
676 		csr = musb_readw(regs, MUSB_CSR0);
677 	}
678 
679 	/* request ended "early" */
680 	if (csr & MUSB_CSR0_P_SETUPEND) {
681 		musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND);
682 		retval = IRQ_HANDLED;
683 		/* Transition into the early status phase */
684 		switch (musb->ep0_state) {
685 		case MUSB_EP0_STAGE_TX:
686 			musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
687 			break;
688 		case MUSB_EP0_STAGE_RX:
689 			musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
690 			break;
691 		default:
692 			ERR("SetupEnd came in a wrong ep0stage %s\n",
693 			    decode_ep0stage(musb->ep0_state));
694 		}
695 		csr = musb_readw(regs, MUSB_CSR0);
696 		/* NOTE:  request may need completion */
697 	}
698 
699 	/* docs from Mentor only describe tx, rx, and idle/setup states.
700 	 * we need to handle nuances around status stages, and also the
701 	 * case where status and setup stages come back-to-back ...
702 	 */
703 	switch (musb->ep0_state) {
704 
705 	case MUSB_EP0_STAGE_TX:
706 		/* irq on clearing txpktrdy */
707 		if ((csr & MUSB_CSR0_TXPKTRDY) == 0) {
708 			ep0_txstate(musb);
709 			retval = IRQ_HANDLED;
710 		}
711 		break;
712 
713 	case MUSB_EP0_STAGE_RX:
714 		/* irq on set rxpktrdy */
715 		if (csr & MUSB_CSR0_RXPKTRDY) {
716 			ep0_rxstate(musb);
717 			retval = IRQ_HANDLED;
718 		}
719 		break;
720 
721 	case MUSB_EP0_STAGE_STATUSIN:
722 		/* end of sequence #2 (OUT/RX state) or #3 (no data) */
723 
724 		/* update address (if needed) only @ the end of the
725 		 * status phase per usb spec, which also guarantees
726 		 * we get 10 msec to receive this irq... until this
727 		 * is done we won't see the next packet.
728 		 */
729 		if (musb->set_address) {
730 			musb->set_address = false;
731 			musb_writeb(mbase, MUSB_FADDR, musb->address);
732 		}
733 
734 		/* enter test mode if needed (exit by reset) */
735 		else if (musb->test_mode) {
736 			dev_dbg(musb->controller, "entering TESTMODE\n");
737 
738 			if (MUSB_TEST_PACKET == musb->test_mode_nr)
739 				musb_load_testpacket(musb);
740 
741 			musb_writeb(mbase, MUSB_TESTMODE,
742 					musb->test_mode_nr);
743 		}
744 		/* FALLTHROUGH */
745 
746 	case MUSB_EP0_STAGE_STATUSOUT:
747 		/* end of sequence #1: write to host (TX state) */
748 		{
749 			struct musb_request	*req;
750 
751 			req = next_ep0_request(musb);
752 			if (req)
753 				musb_g_ep0_giveback(musb, &req->request);
754 		}
755 
756 		/*
757 		 * In case when several interrupts can get coalesced,
758 		 * check to see if we've already received a SETUP packet...
759 		 */
760 		if (csr & MUSB_CSR0_RXPKTRDY)
761 			goto setup;
762 
763 		retval = IRQ_HANDLED;
764 		musb->ep0_state = MUSB_EP0_STAGE_IDLE;
765 		break;
766 
767 	case MUSB_EP0_STAGE_IDLE:
768 		/*
769 		 * This state is typically (but not always) indiscernible
770 		 * from the status states since the corresponding interrupts
771 		 * tend to happen within too little period of time (with only
772 		 * a zero-length packet in between) and so get coalesced...
773 		 */
774 		retval = IRQ_HANDLED;
775 		musb->ep0_state = MUSB_EP0_STAGE_SETUP;
776 		/* FALLTHROUGH */
777 
778 	case MUSB_EP0_STAGE_SETUP:
779 setup:
780 		if (csr & MUSB_CSR0_RXPKTRDY) {
781 			struct usb_ctrlrequest	setup;
782 			int			handled = 0;
783 
784 			if (len != 8) {
785 				ERR("SETUP packet len %d != 8 ?\n", len);
786 				break;
787 			}
788 			musb_read_setup(musb, &setup);
789 			retval = IRQ_HANDLED;
790 
791 			/* sometimes the RESET won't be reported */
792 			if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) {
793 				u8	power;
794 
795 				printk(KERN_NOTICE "%s: peripheral reset "
796 						"irq lost!\n",
797 						musb_driver_name);
798 				power = musb_readb(mbase, MUSB_POWER);
799 				musb->g.speed = (power & MUSB_POWER_HSMODE)
800 					? USB_SPEED_HIGH : USB_SPEED_FULL;
801 
802 			}
803 
804 			switch (musb->ep0_state) {
805 
806 			/* sequence #3 (no data stage), includes requests
807 			 * we can't forward (notably SET_ADDRESS and the
808 			 * device/endpoint feature set/clear operations)
809 			 * plus SET_CONFIGURATION and others we must
810 			 */
811 			case MUSB_EP0_STAGE_ACKWAIT:
812 				handled = service_zero_data_request(
813 						musb, &setup);
814 
815 				/*
816 				 * We're expecting no data in any case, so
817 				 * always set the DATAEND bit -- doing this
818 				 * here helps avoid SetupEnd interrupt coming
819 				 * in the idle stage when we're stalling...
820 				 */
821 				musb->ackpend |= MUSB_CSR0_P_DATAEND;
822 
823 				/* status stage might be immediate */
824 				if (handled > 0)
825 					musb->ep0_state =
826 						MUSB_EP0_STAGE_STATUSIN;
827 				break;
828 
829 			/* sequence #1 (IN to host), includes GET_STATUS
830 			 * requests that we can't forward, GET_DESCRIPTOR
831 			 * and others that we must
832 			 */
833 			case MUSB_EP0_STAGE_TX:
834 				handled = service_in_request(musb, &setup);
835 				if (handled > 0) {
836 					musb->ackpend = MUSB_CSR0_TXPKTRDY
837 						| MUSB_CSR0_P_DATAEND;
838 					musb->ep0_state =
839 						MUSB_EP0_STAGE_STATUSOUT;
840 				}
841 				break;
842 
843 			/* sequence #2 (OUT from host), always forward */
844 			default:		/* MUSB_EP0_STAGE_RX */
845 				break;
846 			}
847 
848 			dev_dbg(musb->controller, "handled %d, csr %04x, ep0stage %s\n",
849 				handled, csr,
850 				decode_ep0stage(musb->ep0_state));
851 
852 			/* unless we need to delegate this to the gadget
853 			 * driver, we know how to wrap this up:  csr0 has
854 			 * not yet been written.
855 			 */
856 			if (handled < 0)
857 				goto stall;
858 			else if (handled > 0)
859 				goto finish;
860 
861 			handled = forward_to_driver(musb, &setup);
862 			if (handled < 0) {
863 				musb_ep_select(mbase, 0);
864 stall:
865 				dev_dbg(musb->controller, "stall (%d)\n", handled);
866 				musb->ackpend |= MUSB_CSR0_P_SENDSTALL;
867 				musb->ep0_state = MUSB_EP0_STAGE_IDLE;
868 finish:
869 				musb_writew(regs, MUSB_CSR0,
870 						musb->ackpend);
871 				musb->ackpend = 0;
872 			}
873 		}
874 		break;
875 
876 	case MUSB_EP0_STAGE_ACKWAIT:
877 		/* This should not happen. But happens with tusb6010 with
878 		 * g_file_storage and high speed. Do nothing.
879 		 */
880 		retval = IRQ_HANDLED;
881 		break;
882 
883 	default:
884 		/* "can't happen" */
885 		WARN_ON(1);
886 		musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL);
887 		musb->ep0_state = MUSB_EP0_STAGE_IDLE;
888 		break;
889 	}
890 
891 	return retval;
892 }
893 
894 
895 static int
896 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc)
897 {
898 	/* always enabled */
899 	return -EINVAL;
900 }
901 
902 static int musb_g_ep0_disable(struct usb_ep *e)
903 {
904 	/* always enabled */
905 	return -EINVAL;
906 }
907 
908 static int
909 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags)
910 {
911 	struct musb_ep		*ep;
912 	struct musb_request	*req;
913 	struct musb		*musb;
914 	int			status;
915 	unsigned long		lockflags;
916 	void __iomem		*regs;
917 
918 	if (!e || !r)
919 		return -EINVAL;
920 
921 	ep = to_musb_ep(e);
922 	musb = ep->musb;
923 	regs = musb->control_ep->regs;
924 
925 	req = to_musb_request(r);
926 	req->musb = musb;
927 	req->request.actual = 0;
928 	req->request.status = -EINPROGRESS;
929 	req->tx = ep->is_in;
930 
931 	spin_lock_irqsave(&musb->lock, lockflags);
932 
933 	if (!list_empty(&ep->req_list)) {
934 		status = -EBUSY;
935 		goto cleanup;
936 	}
937 
938 	switch (musb->ep0_state) {
939 	case MUSB_EP0_STAGE_RX:		/* control-OUT data */
940 	case MUSB_EP0_STAGE_TX:		/* control-IN data */
941 	case MUSB_EP0_STAGE_ACKWAIT:	/* zero-length data */
942 		status = 0;
943 		break;
944 	default:
945 		dev_dbg(musb->controller, "ep0 request queued in state %d\n",
946 				musb->ep0_state);
947 		status = -EINVAL;
948 		goto cleanup;
949 	}
950 
951 	/* add request to the list */
952 	list_add_tail(&req->list, &ep->req_list);
953 
954 	dev_dbg(musb->controller, "queue to %s (%s), length=%d\n",
955 			ep->name, ep->is_in ? "IN/TX" : "OUT/RX",
956 			req->request.length);
957 
958 	musb_ep_select(musb->mregs, 0);
959 
960 	/* sequence #1, IN ... start writing the data */
961 	if (musb->ep0_state == MUSB_EP0_STAGE_TX)
962 		ep0_txstate(musb);
963 
964 	/* sequence #3, no-data ... issue IN status */
965 	else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) {
966 		if (req->request.length)
967 			status = -EINVAL;
968 		else {
969 			musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
970 			musb_writew(regs, MUSB_CSR0,
971 					musb->ackpend | MUSB_CSR0_P_DATAEND);
972 			musb->ackpend = 0;
973 			musb_g_ep0_giveback(ep->musb, r);
974 		}
975 
976 	/* else for sequence #2 (OUT), caller provides a buffer
977 	 * before the next packet arrives.  deferred responses
978 	 * (after SETUP is acked) are racey.
979 	 */
980 	} else if (musb->ackpend) {
981 		musb_writew(regs, MUSB_CSR0, musb->ackpend);
982 		musb->ackpend = 0;
983 	}
984 
985 cleanup:
986 	spin_unlock_irqrestore(&musb->lock, lockflags);
987 	return status;
988 }
989 
990 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req)
991 {
992 	/* we just won't support this */
993 	return -EINVAL;
994 }
995 
996 static int musb_g_ep0_halt(struct usb_ep *e, int value)
997 {
998 	struct musb_ep		*ep;
999 	struct musb		*musb;
1000 	void __iomem		*base, *regs;
1001 	unsigned long		flags;
1002 	int			status;
1003 	u16			csr;
1004 
1005 	if (!e || !value)
1006 		return -EINVAL;
1007 
1008 	ep = to_musb_ep(e);
1009 	musb = ep->musb;
1010 	base = musb->mregs;
1011 	regs = musb->control_ep->regs;
1012 	status = 0;
1013 
1014 	spin_lock_irqsave(&musb->lock, flags);
1015 
1016 	if (!list_empty(&ep->req_list)) {
1017 		status = -EBUSY;
1018 		goto cleanup;
1019 	}
1020 
1021 	musb_ep_select(base, 0);
1022 	csr = musb->ackpend;
1023 
1024 	switch (musb->ep0_state) {
1025 
1026 	/* Stalls are usually issued after parsing SETUP packet, either
1027 	 * directly in irq context from setup() or else later.
1028 	 */
1029 	case MUSB_EP0_STAGE_TX:		/* control-IN data */
1030 	case MUSB_EP0_STAGE_ACKWAIT:	/* STALL for zero-length data */
1031 	case MUSB_EP0_STAGE_RX:		/* control-OUT data */
1032 		csr = musb_readw(regs, MUSB_CSR0);
1033 		/* FALLTHROUGH */
1034 
1035 	/* It's also OK to issue stalls during callbacks when a non-empty
1036 	 * DATA stage buffer has been read (or even written).
1037 	 */
1038 	case MUSB_EP0_STAGE_STATUSIN:	/* control-OUT status */
1039 	case MUSB_EP0_STAGE_STATUSOUT:	/* control-IN status */
1040 
1041 		csr |= MUSB_CSR0_P_SENDSTALL;
1042 		musb_writew(regs, MUSB_CSR0, csr);
1043 		musb->ep0_state = MUSB_EP0_STAGE_IDLE;
1044 		musb->ackpend = 0;
1045 		break;
1046 	default:
1047 		dev_dbg(musb->controller, "ep0 can't halt in state %d\n", musb->ep0_state);
1048 		status = -EINVAL;
1049 	}
1050 
1051 cleanup:
1052 	spin_unlock_irqrestore(&musb->lock, flags);
1053 	return status;
1054 }
1055 
1056 const struct usb_ep_ops musb_g_ep0_ops = {
1057 	.enable		= musb_g_ep0_enable,
1058 	.disable	= musb_g_ep0_disable,
1059 	.alloc_request	= musb_alloc_request,
1060 	.free_request	= musb_free_request,
1061 	.queue		= musb_g_ep0_queue,
1062 	.dequeue	= musb_g_ep0_dequeue,
1063 	.set_halt	= musb_g_ep0_halt,
1064 };
1065