1 /* 2 * MUSB OTG peripheral driver ep0 handling 3 * 4 * Copyright 2005 Mentor Graphics Corporation 5 * Copyright (C) 2005-2006 by Texas Instruments 6 * Copyright (C) 2006-2007 Nokia Corporation 7 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * version 2 as published by the Free Software Foundation. 12 * 13 * This program is distributed in the hope that it will be useful, but 14 * WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 21 * 02110-1301 USA 22 * 23 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED 24 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN 26 * NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 29 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 30 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 * 34 */ 35 36 #ifndef __UBOOT__ 37 #include <linux/kernel.h> 38 #include <linux/list.h> 39 #include <linux/timer.h> 40 #include <linux/spinlock.h> 41 #include <linux/device.h> 42 #include <linux/interrupt.h> 43 #else 44 #include <common.h> 45 #include "linux-compat.h" 46 #endif 47 48 #include "musb_core.h" 49 50 /* ep0 is always musb->endpoints[0].ep_in */ 51 #define next_ep0_request(musb) next_in_request(&(musb)->endpoints[0]) 52 53 /* 54 * locking note: we use only the controller lock, for simpler correctness. 55 * It's always held with IRQs blocked. 56 * 57 * It protects the ep0 request queue as well as ep0_state, not just the 58 * controller and indexed registers. And that lock stays held unless it 59 * needs to be dropped to allow reentering this driver ... like upcalls to 60 * the gadget driver, or adjusting endpoint halt status. 61 */ 62 63 static char *decode_ep0stage(u8 stage) 64 { 65 switch (stage) { 66 case MUSB_EP0_STAGE_IDLE: return "idle"; 67 case MUSB_EP0_STAGE_SETUP: return "setup"; 68 case MUSB_EP0_STAGE_TX: return "in"; 69 case MUSB_EP0_STAGE_RX: return "out"; 70 case MUSB_EP0_STAGE_ACKWAIT: return "wait"; 71 case MUSB_EP0_STAGE_STATUSIN: return "in/status"; 72 case MUSB_EP0_STAGE_STATUSOUT: return "out/status"; 73 default: return "?"; 74 } 75 } 76 77 /* handle a standard GET_STATUS request 78 * Context: caller holds controller lock 79 */ 80 static int service_tx_status_request( 81 struct musb *musb, 82 const struct usb_ctrlrequest *ctrlrequest) 83 { 84 void __iomem *mbase = musb->mregs; 85 int handled = 1; 86 u8 result[2], epnum = 0; 87 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 88 89 result[1] = 0; 90 91 switch (recip) { 92 case USB_RECIP_DEVICE: 93 result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED; 94 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP; 95 if (musb->g.is_otg) { 96 result[0] |= musb->g.b_hnp_enable 97 << USB_DEVICE_B_HNP_ENABLE; 98 result[0] |= musb->g.a_alt_hnp_support 99 << USB_DEVICE_A_ALT_HNP_SUPPORT; 100 result[0] |= musb->g.a_hnp_support 101 << USB_DEVICE_A_HNP_SUPPORT; 102 } 103 break; 104 105 case USB_RECIP_INTERFACE: 106 result[0] = 0; 107 break; 108 109 case USB_RECIP_ENDPOINT: { 110 int is_in; 111 struct musb_ep *ep; 112 u16 tmp; 113 void __iomem *regs; 114 115 epnum = (u8) ctrlrequest->wIndex; 116 if (!epnum) { 117 result[0] = 0; 118 break; 119 } 120 121 is_in = epnum & USB_DIR_IN; 122 if (is_in) { 123 epnum &= 0x0f; 124 ep = &musb->endpoints[epnum].ep_in; 125 } else { 126 ep = &musb->endpoints[epnum].ep_out; 127 } 128 regs = musb->endpoints[epnum].regs; 129 130 if (epnum >= MUSB_C_NUM_EPS || !ep->desc) { 131 handled = -EINVAL; 132 break; 133 } 134 135 musb_ep_select(mbase, epnum); 136 if (is_in) 137 tmp = musb_readw(regs, MUSB_TXCSR) 138 & MUSB_TXCSR_P_SENDSTALL; 139 else 140 tmp = musb_readw(regs, MUSB_RXCSR) 141 & MUSB_RXCSR_P_SENDSTALL; 142 musb_ep_select(mbase, 0); 143 144 result[0] = tmp ? 1 : 0; 145 } break; 146 147 default: 148 /* class, vendor, etc ... delegate */ 149 handled = 0; 150 break; 151 } 152 153 /* fill up the fifo; caller updates csr0 */ 154 if (handled > 0) { 155 u16 len = le16_to_cpu(ctrlrequest->wLength); 156 157 if (len > 2) 158 len = 2; 159 musb_write_fifo(&musb->endpoints[0], len, result); 160 } 161 162 return handled; 163 } 164 165 /* 166 * handle a control-IN request, the end0 buffer contains the current request 167 * that is supposed to be a standard control request. Assumes the fifo to 168 * be at least 2 bytes long. 169 * 170 * @return 0 if the request was NOT HANDLED, 171 * < 0 when error 172 * > 0 when the request is processed 173 * 174 * Context: caller holds controller lock 175 */ 176 static int 177 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 178 { 179 int handled = 0; /* not handled */ 180 181 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 182 == USB_TYPE_STANDARD) { 183 switch (ctrlrequest->bRequest) { 184 case USB_REQ_GET_STATUS: 185 handled = service_tx_status_request(musb, 186 ctrlrequest); 187 break; 188 189 /* case USB_REQ_SYNC_FRAME: */ 190 191 default: 192 break; 193 } 194 } 195 return handled; 196 } 197 198 /* 199 * Context: caller holds controller lock 200 */ 201 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req) 202 { 203 musb_g_giveback(&musb->endpoints[0].ep_in, req, 0); 204 } 205 206 /* 207 * Tries to start B-device HNP negotiation if enabled via sysfs 208 */ 209 static inline void musb_try_b_hnp_enable(struct musb *musb) 210 { 211 void __iomem *mbase = musb->mregs; 212 u8 devctl; 213 214 dev_dbg(musb->controller, "HNP: Setting HR\n"); 215 devctl = musb_readb(mbase, MUSB_DEVCTL); 216 musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR); 217 } 218 219 /* 220 * Handle all control requests with no DATA stage, including standard 221 * requests such as: 222 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized 223 * always delegated to the gadget driver 224 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE 225 * always handled here, except for class/vendor/... features 226 * 227 * Context: caller holds controller lock 228 */ 229 static int 230 service_zero_data_request(struct musb *musb, 231 struct usb_ctrlrequest *ctrlrequest) 232 __releases(musb->lock) 233 __acquires(musb->lock) 234 { 235 int handled = -EINVAL; 236 void __iomem *mbase = musb->mregs; 237 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 238 239 /* the gadget driver handles everything except what we MUST handle */ 240 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 241 == USB_TYPE_STANDARD) { 242 switch (ctrlrequest->bRequest) { 243 case USB_REQ_SET_ADDRESS: 244 /* change it after the status stage */ 245 musb->set_address = true; 246 musb->address = (u8) (ctrlrequest->wValue & 0x7f); 247 handled = 1; 248 break; 249 250 case USB_REQ_CLEAR_FEATURE: 251 switch (recip) { 252 case USB_RECIP_DEVICE: 253 if (ctrlrequest->wValue 254 != USB_DEVICE_REMOTE_WAKEUP) 255 break; 256 musb->may_wakeup = 0; 257 handled = 1; 258 break; 259 case USB_RECIP_INTERFACE: 260 break; 261 case USB_RECIP_ENDPOINT:{ 262 const u8 epnum = 263 ctrlrequest->wIndex & 0x0f; 264 struct musb_ep *musb_ep; 265 struct musb_hw_ep *ep; 266 struct musb_request *request; 267 void __iomem *regs; 268 int is_in; 269 u16 csr; 270 271 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 272 ctrlrequest->wValue != USB_ENDPOINT_HALT) 273 break; 274 275 ep = musb->endpoints + epnum; 276 regs = ep->regs; 277 is_in = ctrlrequest->wIndex & USB_DIR_IN; 278 if (is_in) 279 musb_ep = &ep->ep_in; 280 else 281 musb_ep = &ep->ep_out; 282 if (!musb_ep->desc) 283 break; 284 285 handled = 1; 286 /* Ignore request if endpoint is wedged */ 287 if (musb_ep->wedged) 288 break; 289 290 musb_ep_select(mbase, epnum); 291 if (is_in) { 292 csr = musb_readw(regs, MUSB_TXCSR); 293 csr |= MUSB_TXCSR_CLRDATATOG | 294 MUSB_TXCSR_P_WZC_BITS; 295 csr &= ~(MUSB_TXCSR_P_SENDSTALL | 296 MUSB_TXCSR_P_SENTSTALL | 297 MUSB_TXCSR_TXPKTRDY); 298 musb_writew(regs, MUSB_TXCSR, csr); 299 } else { 300 csr = musb_readw(regs, MUSB_RXCSR); 301 csr |= MUSB_RXCSR_CLRDATATOG | 302 MUSB_RXCSR_P_WZC_BITS; 303 csr &= ~(MUSB_RXCSR_P_SENDSTALL | 304 MUSB_RXCSR_P_SENTSTALL); 305 musb_writew(regs, MUSB_RXCSR, csr); 306 } 307 308 /* Maybe start the first request in the queue */ 309 request = next_request(musb_ep); 310 if (!musb_ep->busy && request) { 311 dev_dbg(musb->controller, "restarting the request\n"); 312 musb_ep_restart(musb, request); 313 } 314 315 /* select ep0 again */ 316 musb_ep_select(mbase, 0); 317 } break; 318 default: 319 /* class, vendor, etc ... delegate */ 320 handled = 0; 321 break; 322 } 323 break; 324 325 case USB_REQ_SET_FEATURE: 326 switch (recip) { 327 case USB_RECIP_DEVICE: 328 handled = 1; 329 switch (ctrlrequest->wValue) { 330 case USB_DEVICE_REMOTE_WAKEUP: 331 musb->may_wakeup = 1; 332 break; 333 case USB_DEVICE_TEST_MODE: 334 if (musb->g.speed != USB_SPEED_HIGH) 335 goto stall; 336 if (ctrlrequest->wIndex & 0xff) 337 goto stall; 338 339 switch (ctrlrequest->wIndex >> 8) { 340 case 1: 341 pr_debug("TEST_J\n"); 342 /* TEST_J */ 343 musb->test_mode_nr = 344 MUSB_TEST_J; 345 break; 346 case 2: 347 /* TEST_K */ 348 pr_debug("TEST_K\n"); 349 musb->test_mode_nr = 350 MUSB_TEST_K; 351 break; 352 case 3: 353 /* TEST_SE0_NAK */ 354 pr_debug("TEST_SE0_NAK\n"); 355 musb->test_mode_nr = 356 MUSB_TEST_SE0_NAK; 357 break; 358 case 4: 359 /* TEST_PACKET */ 360 pr_debug("TEST_PACKET\n"); 361 musb->test_mode_nr = 362 MUSB_TEST_PACKET; 363 break; 364 365 case 0xc0: 366 /* TEST_FORCE_HS */ 367 pr_debug("TEST_FORCE_HS\n"); 368 musb->test_mode_nr = 369 MUSB_TEST_FORCE_HS; 370 break; 371 case 0xc1: 372 /* TEST_FORCE_FS */ 373 pr_debug("TEST_FORCE_FS\n"); 374 musb->test_mode_nr = 375 MUSB_TEST_FORCE_FS; 376 break; 377 case 0xc2: 378 /* TEST_FIFO_ACCESS */ 379 pr_debug("TEST_FIFO_ACCESS\n"); 380 musb->test_mode_nr = 381 MUSB_TEST_FIFO_ACCESS; 382 break; 383 case 0xc3: 384 /* TEST_FORCE_HOST */ 385 pr_debug("TEST_FORCE_HOST\n"); 386 musb->test_mode_nr = 387 MUSB_TEST_FORCE_HOST; 388 break; 389 default: 390 goto stall; 391 } 392 393 /* enter test mode after irq */ 394 if (handled > 0) 395 musb->test_mode = true; 396 break; 397 case USB_DEVICE_B_HNP_ENABLE: 398 if (!musb->g.is_otg) 399 goto stall; 400 musb->g.b_hnp_enable = 1; 401 musb_try_b_hnp_enable(musb); 402 break; 403 case USB_DEVICE_A_HNP_SUPPORT: 404 if (!musb->g.is_otg) 405 goto stall; 406 musb->g.a_hnp_support = 1; 407 break; 408 case USB_DEVICE_A_ALT_HNP_SUPPORT: 409 if (!musb->g.is_otg) 410 goto stall; 411 musb->g.a_alt_hnp_support = 1; 412 break; 413 case USB_DEVICE_DEBUG_MODE: 414 handled = 0; 415 break; 416 stall: 417 default: 418 handled = -EINVAL; 419 break; 420 } 421 break; 422 423 case USB_RECIP_INTERFACE: 424 break; 425 426 case USB_RECIP_ENDPOINT:{ 427 const u8 epnum = 428 ctrlrequest->wIndex & 0x0f; 429 struct musb_ep *musb_ep; 430 struct musb_hw_ep *ep; 431 void __iomem *regs; 432 int is_in; 433 u16 csr; 434 435 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 436 ctrlrequest->wValue != USB_ENDPOINT_HALT) 437 break; 438 439 ep = musb->endpoints + epnum; 440 regs = ep->regs; 441 is_in = ctrlrequest->wIndex & USB_DIR_IN; 442 if (is_in) 443 musb_ep = &ep->ep_in; 444 else 445 musb_ep = &ep->ep_out; 446 if (!musb_ep->desc) 447 break; 448 449 musb_ep_select(mbase, epnum); 450 if (is_in) { 451 csr = musb_readw(regs, MUSB_TXCSR); 452 if (csr & MUSB_TXCSR_FIFONOTEMPTY) 453 csr |= MUSB_TXCSR_FLUSHFIFO; 454 csr |= MUSB_TXCSR_P_SENDSTALL 455 | MUSB_TXCSR_CLRDATATOG 456 | MUSB_TXCSR_P_WZC_BITS; 457 musb_writew(regs, MUSB_TXCSR, csr); 458 } else { 459 csr = musb_readw(regs, MUSB_RXCSR); 460 csr |= MUSB_RXCSR_P_SENDSTALL 461 | MUSB_RXCSR_FLUSHFIFO 462 | MUSB_RXCSR_CLRDATATOG 463 | MUSB_RXCSR_P_WZC_BITS; 464 musb_writew(regs, MUSB_RXCSR, csr); 465 } 466 467 /* select ep0 again */ 468 musb_ep_select(mbase, 0); 469 handled = 1; 470 } break; 471 472 default: 473 /* class, vendor, etc ... delegate */ 474 handled = 0; 475 break; 476 } 477 break; 478 default: 479 /* delegate SET_CONFIGURATION, etc */ 480 handled = 0; 481 } 482 } else 483 handled = 0; 484 return handled; 485 } 486 487 /* we have an ep0out data packet 488 * Context: caller holds controller lock 489 */ 490 static void ep0_rxstate(struct musb *musb) 491 { 492 void __iomem *regs = musb->control_ep->regs; 493 struct musb_request *request; 494 struct usb_request *req; 495 u16 count, csr; 496 497 request = next_ep0_request(musb); 498 req = &request->request; 499 500 /* read packet and ack; or stall because of gadget driver bug: 501 * should have provided the rx buffer before setup() returned. 502 */ 503 if (req) { 504 void *buf = req->buf + req->actual; 505 unsigned len = req->length - req->actual; 506 507 /* read the buffer */ 508 count = musb_readb(regs, MUSB_COUNT0); 509 if (count > len) { 510 req->status = -EOVERFLOW; 511 count = len; 512 } 513 musb_read_fifo(&musb->endpoints[0], count, buf); 514 req->actual += count; 515 csr = MUSB_CSR0_P_SVDRXPKTRDY; 516 if (count < 64 || req->actual == req->length) { 517 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 518 csr |= MUSB_CSR0_P_DATAEND; 519 } else 520 req = NULL; 521 } else 522 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL; 523 524 525 /* Completion handler may choose to stall, e.g. because the 526 * message just received holds invalid data. 527 */ 528 if (req) { 529 musb->ackpend = csr; 530 musb_g_ep0_giveback(musb, req); 531 if (!musb->ackpend) 532 return; 533 musb->ackpend = 0; 534 } 535 musb_ep_select(musb->mregs, 0); 536 musb_writew(regs, MUSB_CSR0, csr); 537 } 538 539 /* 540 * transmitting to the host (IN), this code might be called from IRQ 541 * and from kernel thread. 542 * 543 * Context: caller holds controller lock 544 */ 545 static void ep0_txstate(struct musb *musb) 546 { 547 void __iomem *regs = musb->control_ep->regs; 548 struct musb_request *req = next_ep0_request(musb); 549 struct usb_request *request; 550 u16 csr = MUSB_CSR0_TXPKTRDY; 551 u8 *fifo_src; 552 u8 fifo_count; 553 554 if (!req) { 555 /* WARN_ON(1); */ 556 dev_dbg(musb->controller, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0)); 557 return; 558 } 559 560 request = &req->request; 561 562 /* load the data */ 563 fifo_src = (u8 *) request->buf + request->actual; 564 fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE, 565 request->length - request->actual); 566 musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src); 567 request->actual += fifo_count; 568 569 /* update the flags */ 570 if (fifo_count < MUSB_MAX_END0_PACKET 571 || (request->actual == request->length 572 && !request->zero)) { 573 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 574 csr |= MUSB_CSR0_P_DATAEND; 575 } else 576 request = NULL; 577 578 /* send it out, triggering a "txpktrdy cleared" irq */ 579 musb_ep_select(musb->mregs, 0); 580 musb_writew(regs, MUSB_CSR0, csr); 581 582 /* report completions as soon as the fifo's loaded; there's no 583 * win in waiting till this last packet gets acked. (other than 584 * very precise fault reporting, needed by USB TMC; possible with 585 * this hardware, but not usable from portable gadget drivers.) 586 */ 587 if (request) { 588 musb->ackpend = csr; 589 musb_g_ep0_giveback(musb, request); 590 if (!musb->ackpend) 591 return; 592 musb->ackpend = 0; 593 } 594 } 595 596 /* 597 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware. 598 * Fields are left in USB byte-order. 599 * 600 * Context: caller holds controller lock. 601 */ 602 static void 603 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req) 604 { 605 struct musb_request *r; 606 void __iomem *regs = musb->control_ep->regs; 607 608 musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req); 609 610 /* NOTE: earlier 2.6 versions changed setup packets to host 611 * order, but now USB packets always stay in USB byte order. 612 */ 613 dev_dbg(musb->controller, "SETUP req%02x.%02x v%04x i%04x l%d\n", 614 req->bRequestType, 615 req->bRequest, 616 le16_to_cpu(req->wValue), 617 le16_to_cpu(req->wIndex), 618 le16_to_cpu(req->wLength)); 619 620 /* clean up any leftover transfers */ 621 r = next_ep0_request(musb); 622 if (r) 623 musb_g_ep0_giveback(musb, &r->request); 624 625 /* For zero-data requests we want to delay the STATUS stage to 626 * avoid SETUPEND errors. If we read data (OUT), delay accepting 627 * packets until there's a buffer to store them in. 628 * 629 * If we write data, the controller acts happier if we enable 630 * the TX FIFO right away, and give the controller a moment 631 * to switch modes... 632 */ 633 musb->set_address = false; 634 musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY; 635 if (req->wLength == 0) { 636 if (req->bRequestType & USB_DIR_IN) 637 musb->ackpend |= MUSB_CSR0_TXPKTRDY; 638 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT; 639 } else if (req->bRequestType & USB_DIR_IN) { 640 musb->ep0_state = MUSB_EP0_STAGE_TX; 641 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY); 642 while ((musb_readw(regs, MUSB_CSR0) 643 & MUSB_CSR0_RXPKTRDY) != 0) 644 cpu_relax(); 645 musb->ackpend = 0; 646 } else 647 musb->ep0_state = MUSB_EP0_STAGE_RX; 648 } 649 650 static int 651 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 652 __releases(musb->lock) 653 __acquires(musb->lock) 654 { 655 int retval; 656 if (!musb->gadget_driver) 657 return -EOPNOTSUPP; 658 spin_unlock(&musb->lock); 659 retval = musb->gadget_driver->setup(&musb->g, ctrlrequest); 660 spin_lock(&musb->lock); 661 return retval; 662 } 663 664 /* 665 * Handle peripheral ep0 interrupt 666 * 667 * Context: irq handler; we won't re-enter the driver that way. 668 */ 669 irqreturn_t musb_g_ep0_irq(struct musb *musb) 670 { 671 u16 csr; 672 u16 len; 673 void __iomem *mbase = musb->mregs; 674 void __iomem *regs = musb->endpoints[0].regs; 675 irqreturn_t retval = IRQ_NONE; 676 677 musb_ep_select(mbase, 0); /* select ep0 */ 678 csr = musb_readw(regs, MUSB_CSR0); 679 len = musb_readb(regs, MUSB_COUNT0); 680 681 dev_dbg(musb->controller, "csr %04x, count %d, myaddr %d, ep0stage %s\n", 682 csr, len, 683 musb_readb(mbase, MUSB_FADDR), 684 decode_ep0stage(musb->ep0_state)); 685 686 if (csr & MUSB_CSR0_P_DATAEND) { 687 /* 688 * If DATAEND is set we should not call the callback, 689 * hence the status stage is not complete. 690 */ 691 return IRQ_HANDLED; 692 } 693 694 /* I sent a stall.. need to acknowledge it now.. */ 695 if (csr & MUSB_CSR0_P_SENTSTALL) { 696 musb_writew(regs, MUSB_CSR0, 697 csr & ~MUSB_CSR0_P_SENTSTALL); 698 retval = IRQ_HANDLED; 699 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 700 csr = musb_readw(regs, MUSB_CSR0); 701 } 702 703 /* request ended "early" */ 704 if (csr & MUSB_CSR0_P_SETUPEND) { 705 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND); 706 retval = IRQ_HANDLED; 707 /* Transition into the early status phase */ 708 switch (musb->ep0_state) { 709 case MUSB_EP0_STAGE_TX: 710 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 711 break; 712 case MUSB_EP0_STAGE_RX: 713 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 714 break; 715 default: 716 ERR("SetupEnd came in a wrong ep0stage %s\n", 717 decode_ep0stage(musb->ep0_state)); 718 } 719 csr = musb_readw(regs, MUSB_CSR0); 720 /* NOTE: request may need completion */ 721 } 722 723 /* docs from Mentor only describe tx, rx, and idle/setup states. 724 * we need to handle nuances around status stages, and also the 725 * case where status and setup stages come back-to-back ... 726 */ 727 switch (musb->ep0_state) { 728 729 case MUSB_EP0_STAGE_TX: 730 /* irq on clearing txpktrdy */ 731 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) { 732 ep0_txstate(musb); 733 retval = IRQ_HANDLED; 734 } 735 break; 736 737 case MUSB_EP0_STAGE_RX: 738 /* irq on set rxpktrdy */ 739 if (csr & MUSB_CSR0_RXPKTRDY) { 740 ep0_rxstate(musb); 741 retval = IRQ_HANDLED; 742 } 743 break; 744 745 case MUSB_EP0_STAGE_STATUSIN: 746 /* end of sequence #2 (OUT/RX state) or #3 (no data) */ 747 748 /* update address (if needed) only @ the end of the 749 * status phase per usb spec, which also guarantees 750 * we get 10 msec to receive this irq... until this 751 * is done we won't see the next packet. 752 */ 753 if (musb->set_address) { 754 musb->set_address = false; 755 musb_writeb(mbase, MUSB_FADDR, musb->address); 756 } 757 758 /* enter test mode if needed (exit by reset) */ 759 else if (musb->test_mode) { 760 dev_dbg(musb->controller, "entering TESTMODE\n"); 761 762 if (MUSB_TEST_PACKET == musb->test_mode_nr) 763 musb_load_testpacket(musb); 764 765 musb_writeb(mbase, MUSB_TESTMODE, 766 musb->test_mode_nr); 767 } 768 /* FALLTHROUGH */ 769 770 case MUSB_EP0_STAGE_STATUSOUT: 771 /* end of sequence #1: write to host (TX state) */ 772 { 773 struct musb_request *req; 774 775 req = next_ep0_request(musb); 776 if (req) 777 musb_g_ep0_giveback(musb, &req->request); 778 } 779 780 /* 781 * In case when several interrupts can get coalesced, 782 * check to see if we've already received a SETUP packet... 783 */ 784 if (csr & MUSB_CSR0_RXPKTRDY) 785 goto setup; 786 787 retval = IRQ_HANDLED; 788 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 789 break; 790 791 case MUSB_EP0_STAGE_IDLE: 792 /* 793 * This state is typically (but not always) indiscernible 794 * from the status states since the corresponding interrupts 795 * tend to happen within too little period of time (with only 796 * a zero-length packet in between) and so get coalesced... 797 */ 798 retval = IRQ_HANDLED; 799 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 800 /* FALLTHROUGH */ 801 802 case MUSB_EP0_STAGE_SETUP: 803 setup: 804 if (csr & MUSB_CSR0_RXPKTRDY) { 805 struct usb_ctrlrequest setup; 806 int handled = 0; 807 808 if (len != 8) { 809 ERR("SETUP packet len %d != 8 ?\n", len); 810 break; 811 } 812 musb_read_setup(musb, &setup); 813 retval = IRQ_HANDLED; 814 815 /* sometimes the RESET won't be reported */ 816 if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) { 817 u8 power; 818 819 printk(KERN_NOTICE "%s: peripheral reset " 820 "irq lost!\n", 821 musb_driver_name); 822 power = musb_readb(mbase, MUSB_POWER); 823 musb->g.speed = (power & MUSB_POWER_HSMODE) 824 ? USB_SPEED_HIGH : USB_SPEED_FULL; 825 826 } 827 828 switch (musb->ep0_state) { 829 830 /* sequence #3 (no data stage), includes requests 831 * we can't forward (notably SET_ADDRESS and the 832 * device/endpoint feature set/clear operations) 833 * plus SET_CONFIGURATION and others we must 834 */ 835 case MUSB_EP0_STAGE_ACKWAIT: 836 handled = service_zero_data_request( 837 musb, &setup); 838 839 /* 840 * We're expecting no data in any case, so 841 * always set the DATAEND bit -- doing this 842 * here helps avoid SetupEnd interrupt coming 843 * in the idle stage when we're stalling... 844 */ 845 musb->ackpend |= MUSB_CSR0_P_DATAEND; 846 847 /* status stage might be immediate */ 848 if (handled > 0) 849 musb->ep0_state = 850 MUSB_EP0_STAGE_STATUSIN; 851 break; 852 853 /* sequence #1 (IN to host), includes GET_STATUS 854 * requests that we can't forward, GET_DESCRIPTOR 855 * and others that we must 856 */ 857 case MUSB_EP0_STAGE_TX: 858 handled = service_in_request(musb, &setup); 859 if (handled > 0) { 860 musb->ackpend = MUSB_CSR0_TXPKTRDY 861 | MUSB_CSR0_P_DATAEND; 862 musb->ep0_state = 863 MUSB_EP0_STAGE_STATUSOUT; 864 } 865 break; 866 867 /* sequence #2 (OUT from host), always forward */ 868 default: /* MUSB_EP0_STAGE_RX */ 869 break; 870 } 871 872 dev_dbg(musb->controller, "handled %d, csr %04x, ep0stage %s\n", 873 handled, csr, 874 decode_ep0stage(musb->ep0_state)); 875 876 /* unless we need to delegate this to the gadget 877 * driver, we know how to wrap this up: csr0 has 878 * not yet been written. 879 */ 880 if (handled < 0) 881 goto stall; 882 else if (handled > 0) 883 goto finish; 884 885 handled = forward_to_driver(musb, &setup); 886 if (handled < 0) { 887 musb_ep_select(mbase, 0); 888 stall: 889 dev_dbg(musb->controller, "stall (%d)\n", handled); 890 musb->ackpend |= MUSB_CSR0_P_SENDSTALL; 891 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 892 finish: 893 musb_writew(regs, MUSB_CSR0, 894 musb->ackpend); 895 musb->ackpend = 0; 896 } 897 } 898 break; 899 900 case MUSB_EP0_STAGE_ACKWAIT: 901 /* This should not happen. But happens with tusb6010 with 902 * g_file_storage and high speed. Do nothing. 903 */ 904 retval = IRQ_HANDLED; 905 break; 906 907 default: 908 /* "can't happen" */ 909 WARN_ON(1); 910 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL); 911 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 912 break; 913 } 914 915 return retval; 916 } 917 918 919 static int 920 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc) 921 { 922 /* always enabled */ 923 return -EINVAL; 924 } 925 926 static int musb_g_ep0_disable(struct usb_ep *e) 927 { 928 /* always enabled */ 929 return -EINVAL; 930 } 931 932 static int 933 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags) 934 { 935 struct musb_ep *ep; 936 struct musb_request *req; 937 struct musb *musb; 938 int status; 939 unsigned long lockflags; 940 void __iomem *regs; 941 942 if (!e || !r) 943 return -EINVAL; 944 945 ep = to_musb_ep(e); 946 musb = ep->musb; 947 regs = musb->control_ep->regs; 948 949 req = to_musb_request(r); 950 req->musb = musb; 951 req->request.actual = 0; 952 req->request.status = -EINPROGRESS; 953 req->tx = ep->is_in; 954 955 spin_lock_irqsave(&musb->lock, lockflags); 956 957 if (!list_empty(&ep->req_list)) { 958 status = -EBUSY; 959 goto cleanup; 960 } 961 962 switch (musb->ep0_state) { 963 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 964 case MUSB_EP0_STAGE_TX: /* control-IN data */ 965 case MUSB_EP0_STAGE_ACKWAIT: /* zero-length data */ 966 status = 0; 967 break; 968 default: 969 dev_dbg(musb->controller, "ep0 request queued in state %d\n", 970 musb->ep0_state); 971 status = -EINVAL; 972 goto cleanup; 973 } 974 975 /* add request to the list */ 976 list_add_tail(&req->list, &ep->req_list); 977 978 dev_dbg(musb->controller, "queue to %s (%s), length=%d\n", 979 ep->name, ep->is_in ? "IN/TX" : "OUT/RX", 980 req->request.length); 981 982 musb_ep_select(musb->mregs, 0); 983 984 /* sequence #1, IN ... start writing the data */ 985 if (musb->ep0_state == MUSB_EP0_STAGE_TX) 986 ep0_txstate(musb); 987 988 /* sequence #3, no-data ... issue IN status */ 989 else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) { 990 if (req->request.length) 991 status = -EINVAL; 992 else { 993 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 994 musb_writew(regs, MUSB_CSR0, 995 musb->ackpend | MUSB_CSR0_P_DATAEND); 996 musb->ackpend = 0; 997 musb_g_ep0_giveback(ep->musb, r); 998 } 999 1000 /* else for sequence #2 (OUT), caller provides a buffer 1001 * before the next packet arrives. deferred responses 1002 * (after SETUP is acked) are racey. 1003 */ 1004 } else if (musb->ackpend) { 1005 musb_writew(regs, MUSB_CSR0, musb->ackpend); 1006 musb->ackpend = 0; 1007 } 1008 1009 cleanup: 1010 spin_unlock_irqrestore(&musb->lock, lockflags); 1011 return status; 1012 } 1013 1014 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req) 1015 { 1016 /* we just won't support this */ 1017 return -EINVAL; 1018 } 1019 1020 static int musb_g_ep0_halt(struct usb_ep *e, int value) 1021 { 1022 struct musb_ep *ep; 1023 struct musb *musb; 1024 void __iomem *base, *regs; 1025 unsigned long flags; 1026 int status; 1027 u16 csr; 1028 1029 if (!e || !value) 1030 return -EINVAL; 1031 1032 ep = to_musb_ep(e); 1033 musb = ep->musb; 1034 base = musb->mregs; 1035 regs = musb->control_ep->regs; 1036 status = 0; 1037 1038 spin_lock_irqsave(&musb->lock, flags); 1039 1040 if (!list_empty(&ep->req_list)) { 1041 status = -EBUSY; 1042 goto cleanup; 1043 } 1044 1045 musb_ep_select(base, 0); 1046 csr = musb->ackpend; 1047 1048 switch (musb->ep0_state) { 1049 1050 /* Stalls are usually issued after parsing SETUP packet, either 1051 * directly in irq context from setup() or else later. 1052 */ 1053 case MUSB_EP0_STAGE_TX: /* control-IN data */ 1054 case MUSB_EP0_STAGE_ACKWAIT: /* STALL for zero-length data */ 1055 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 1056 csr = musb_readw(regs, MUSB_CSR0); 1057 /* FALLTHROUGH */ 1058 1059 /* It's also OK to issue stalls during callbacks when a non-empty 1060 * DATA stage buffer has been read (or even written). 1061 */ 1062 case MUSB_EP0_STAGE_STATUSIN: /* control-OUT status */ 1063 case MUSB_EP0_STAGE_STATUSOUT: /* control-IN status */ 1064 1065 csr |= MUSB_CSR0_P_SENDSTALL; 1066 musb_writew(regs, MUSB_CSR0, csr); 1067 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 1068 musb->ackpend = 0; 1069 break; 1070 default: 1071 dev_dbg(musb->controller, "ep0 can't halt in state %d\n", musb->ep0_state); 1072 status = -EINVAL; 1073 } 1074 1075 cleanup: 1076 spin_unlock_irqrestore(&musb->lock, flags); 1077 return status; 1078 } 1079 1080 const struct usb_ep_ops musb_g_ep0_ops = { 1081 .enable = musb_g_ep0_enable, 1082 .disable = musb_g_ep0_disable, 1083 .alloc_request = musb_alloc_request, 1084 .free_request = musb_free_request, 1085 .queue = musb_g_ep0_queue, 1086 .dequeue = musb_g_ep0_dequeue, 1087 .set_halt = musb_g_ep0_halt, 1088 }; 1089