1 /* 2 * MUSB OTG peripheral driver ep0 handling 3 * 4 * Copyright 2005 Mentor Graphics Corporation 5 * Copyright (C) 2005-2006 by Texas Instruments 6 * Copyright (C) 2006-2007 Nokia Corporation 7 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * version 2 as published by the Free Software Foundation. 12 * 13 * This program is distributed in the hope that it will be useful, but 14 * WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 21 * 02110-1301 USA 22 * 23 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED 24 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN 26 * NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 29 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 30 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 * 34 */ 35 36 #define __UBOOT__ 37 #ifndef __UBOOT__ 38 #include <linux/kernel.h> 39 #include <linux/list.h> 40 #include <linux/timer.h> 41 #include <linux/spinlock.h> 42 #include <linux/device.h> 43 #include <linux/interrupt.h> 44 #else 45 #include <common.h> 46 #include "linux-compat.h" 47 #endif 48 49 #include "musb_core.h" 50 51 /* ep0 is always musb->endpoints[0].ep_in */ 52 #define next_ep0_request(musb) next_in_request(&(musb)->endpoints[0]) 53 54 /* 55 * locking note: we use only the controller lock, for simpler correctness. 56 * It's always held with IRQs blocked. 57 * 58 * It protects the ep0 request queue as well as ep0_state, not just the 59 * controller and indexed registers. And that lock stays held unless it 60 * needs to be dropped to allow reentering this driver ... like upcalls to 61 * the gadget driver, or adjusting endpoint halt status. 62 */ 63 64 static char *decode_ep0stage(u8 stage) 65 { 66 switch (stage) { 67 case MUSB_EP0_STAGE_IDLE: return "idle"; 68 case MUSB_EP0_STAGE_SETUP: return "setup"; 69 case MUSB_EP0_STAGE_TX: return "in"; 70 case MUSB_EP0_STAGE_RX: return "out"; 71 case MUSB_EP0_STAGE_ACKWAIT: return "wait"; 72 case MUSB_EP0_STAGE_STATUSIN: return "in/status"; 73 case MUSB_EP0_STAGE_STATUSOUT: return "out/status"; 74 default: return "?"; 75 } 76 } 77 78 /* handle a standard GET_STATUS request 79 * Context: caller holds controller lock 80 */ 81 static int service_tx_status_request( 82 struct musb *musb, 83 const struct usb_ctrlrequest *ctrlrequest) 84 { 85 void __iomem *mbase = musb->mregs; 86 int handled = 1; 87 u8 result[2], epnum = 0; 88 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 89 90 result[1] = 0; 91 92 switch (recip) { 93 case USB_RECIP_DEVICE: 94 result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED; 95 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP; 96 if (musb->g.is_otg) { 97 result[0] |= musb->g.b_hnp_enable 98 << USB_DEVICE_B_HNP_ENABLE; 99 result[0] |= musb->g.a_alt_hnp_support 100 << USB_DEVICE_A_ALT_HNP_SUPPORT; 101 result[0] |= musb->g.a_hnp_support 102 << USB_DEVICE_A_HNP_SUPPORT; 103 } 104 break; 105 106 case USB_RECIP_INTERFACE: 107 result[0] = 0; 108 break; 109 110 case USB_RECIP_ENDPOINT: { 111 int is_in; 112 struct musb_ep *ep; 113 u16 tmp; 114 void __iomem *regs; 115 116 epnum = (u8) ctrlrequest->wIndex; 117 if (!epnum) { 118 result[0] = 0; 119 break; 120 } 121 122 is_in = epnum & USB_DIR_IN; 123 if (is_in) { 124 epnum &= 0x0f; 125 ep = &musb->endpoints[epnum].ep_in; 126 } else { 127 ep = &musb->endpoints[epnum].ep_out; 128 } 129 regs = musb->endpoints[epnum].regs; 130 131 if (epnum >= MUSB_C_NUM_EPS || !ep->desc) { 132 handled = -EINVAL; 133 break; 134 } 135 136 musb_ep_select(mbase, epnum); 137 if (is_in) 138 tmp = musb_readw(regs, MUSB_TXCSR) 139 & MUSB_TXCSR_P_SENDSTALL; 140 else 141 tmp = musb_readw(regs, MUSB_RXCSR) 142 & MUSB_RXCSR_P_SENDSTALL; 143 musb_ep_select(mbase, 0); 144 145 result[0] = tmp ? 1 : 0; 146 } break; 147 148 default: 149 /* class, vendor, etc ... delegate */ 150 handled = 0; 151 break; 152 } 153 154 /* fill up the fifo; caller updates csr0 */ 155 if (handled > 0) { 156 u16 len = le16_to_cpu(ctrlrequest->wLength); 157 158 if (len > 2) 159 len = 2; 160 musb_write_fifo(&musb->endpoints[0], len, result); 161 } 162 163 return handled; 164 } 165 166 /* 167 * handle a control-IN request, the end0 buffer contains the current request 168 * that is supposed to be a standard control request. Assumes the fifo to 169 * be at least 2 bytes long. 170 * 171 * @return 0 if the request was NOT HANDLED, 172 * < 0 when error 173 * > 0 when the request is processed 174 * 175 * Context: caller holds controller lock 176 */ 177 static int 178 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 179 { 180 int handled = 0; /* not handled */ 181 182 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 183 == USB_TYPE_STANDARD) { 184 switch (ctrlrequest->bRequest) { 185 case USB_REQ_GET_STATUS: 186 handled = service_tx_status_request(musb, 187 ctrlrequest); 188 break; 189 190 /* case USB_REQ_SYNC_FRAME: */ 191 192 default: 193 break; 194 } 195 } 196 return handled; 197 } 198 199 /* 200 * Context: caller holds controller lock 201 */ 202 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req) 203 { 204 musb_g_giveback(&musb->endpoints[0].ep_in, req, 0); 205 } 206 207 /* 208 * Tries to start B-device HNP negotiation if enabled via sysfs 209 */ 210 static inline void musb_try_b_hnp_enable(struct musb *musb) 211 { 212 void __iomem *mbase = musb->mregs; 213 u8 devctl; 214 215 dev_dbg(musb->controller, "HNP: Setting HR\n"); 216 devctl = musb_readb(mbase, MUSB_DEVCTL); 217 musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR); 218 } 219 220 /* 221 * Handle all control requests with no DATA stage, including standard 222 * requests such as: 223 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized 224 * always delegated to the gadget driver 225 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE 226 * always handled here, except for class/vendor/... features 227 * 228 * Context: caller holds controller lock 229 */ 230 static int 231 service_zero_data_request(struct musb *musb, 232 struct usb_ctrlrequest *ctrlrequest) 233 __releases(musb->lock) 234 __acquires(musb->lock) 235 { 236 int handled = -EINVAL; 237 void __iomem *mbase = musb->mregs; 238 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 239 240 /* the gadget driver handles everything except what we MUST handle */ 241 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 242 == USB_TYPE_STANDARD) { 243 switch (ctrlrequest->bRequest) { 244 case USB_REQ_SET_ADDRESS: 245 /* change it after the status stage */ 246 musb->set_address = true; 247 musb->address = (u8) (ctrlrequest->wValue & 0x7f); 248 handled = 1; 249 break; 250 251 case USB_REQ_CLEAR_FEATURE: 252 switch (recip) { 253 case USB_RECIP_DEVICE: 254 if (ctrlrequest->wValue 255 != USB_DEVICE_REMOTE_WAKEUP) 256 break; 257 musb->may_wakeup = 0; 258 handled = 1; 259 break; 260 case USB_RECIP_INTERFACE: 261 break; 262 case USB_RECIP_ENDPOINT:{ 263 const u8 epnum = 264 ctrlrequest->wIndex & 0x0f; 265 struct musb_ep *musb_ep; 266 struct musb_hw_ep *ep; 267 struct musb_request *request; 268 void __iomem *regs; 269 int is_in; 270 u16 csr; 271 272 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 273 ctrlrequest->wValue != USB_ENDPOINT_HALT) 274 break; 275 276 ep = musb->endpoints + epnum; 277 regs = ep->regs; 278 is_in = ctrlrequest->wIndex & USB_DIR_IN; 279 if (is_in) 280 musb_ep = &ep->ep_in; 281 else 282 musb_ep = &ep->ep_out; 283 if (!musb_ep->desc) 284 break; 285 286 handled = 1; 287 /* Ignore request if endpoint is wedged */ 288 if (musb_ep->wedged) 289 break; 290 291 musb_ep_select(mbase, epnum); 292 if (is_in) { 293 csr = musb_readw(regs, MUSB_TXCSR); 294 csr |= MUSB_TXCSR_CLRDATATOG | 295 MUSB_TXCSR_P_WZC_BITS; 296 csr &= ~(MUSB_TXCSR_P_SENDSTALL | 297 MUSB_TXCSR_P_SENTSTALL | 298 MUSB_TXCSR_TXPKTRDY); 299 musb_writew(regs, MUSB_TXCSR, csr); 300 } else { 301 csr = musb_readw(regs, MUSB_RXCSR); 302 csr |= MUSB_RXCSR_CLRDATATOG | 303 MUSB_RXCSR_P_WZC_BITS; 304 csr &= ~(MUSB_RXCSR_P_SENDSTALL | 305 MUSB_RXCSR_P_SENTSTALL); 306 musb_writew(regs, MUSB_RXCSR, csr); 307 } 308 309 /* Maybe start the first request in the queue */ 310 request = next_request(musb_ep); 311 if (!musb_ep->busy && request) { 312 dev_dbg(musb->controller, "restarting the request\n"); 313 musb_ep_restart(musb, request); 314 } 315 316 /* select ep0 again */ 317 musb_ep_select(mbase, 0); 318 } break; 319 default: 320 /* class, vendor, etc ... delegate */ 321 handled = 0; 322 break; 323 } 324 break; 325 326 case USB_REQ_SET_FEATURE: 327 switch (recip) { 328 case USB_RECIP_DEVICE: 329 handled = 1; 330 switch (ctrlrequest->wValue) { 331 case USB_DEVICE_REMOTE_WAKEUP: 332 musb->may_wakeup = 1; 333 break; 334 case USB_DEVICE_TEST_MODE: 335 if (musb->g.speed != USB_SPEED_HIGH) 336 goto stall; 337 if (ctrlrequest->wIndex & 0xff) 338 goto stall; 339 340 switch (ctrlrequest->wIndex >> 8) { 341 case 1: 342 pr_debug("TEST_J\n"); 343 /* TEST_J */ 344 musb->test_mode_nr = 345 MUSB_TEST_J; 346 break; 347 case 2: 348 /* TEST_K */ 349 pr_debug("TEST_K\n"); 350 musb->test_mode_nr = 351 MUSB_TEST_K; 352 break; 353 case 3: 354 /* TEST_SE0_NAK */ 355 pr_debug("TEST_SE0_NAK\n"); 356 musb->test_mode_nr = 357 MUSB_TEST_SE0_NAK; 358 break; 359 case 4: 360 /* TEST_PACKET */ 361 pr_debug("TEST_PACKET\n"); 362 musb->test_mode_nr = 363 MUSB_TEST_PACKET; 364 break; 365 366 case 0xc0: 367 /* TEST_FORCE_HS */ 368 pr_debug("TEST_FORCE_HS\n"); 369 musb->test_mode_nr = 370 MUSB_TEST_FORCE_HS; 371 break; 372 case 0xc1: 373 /* TEST_FORCE_FS */ 374 pr_debug("TEST_FORCE_FS\n"); 375 musb->test_mode_nr = 376 MUSB_TEST_FORCE_FS; 377 break; 378 case 0xc2: 379 /* TEST_FIFO_ACCESS */ 380 pr_debug("TEST_FIFO_ACCESS\n"); 381 musb->test_mode_nr = 382 MUSB_TEST_FIFO_ACCESS; 383 break; 384 case 0xc3: 385 /* TEST_FORCE_HOST */ 386 pr_debug("TEST_FORCE_HOST\n"); 387 musb->test_mode_nr = 388 MUSB_TEST_FORCE_HOST; 389 break; 390 default: 391 goto stall; 392 } 393 394 /* enter test mode after irq */ 395 if (handled > 0) 396 musb->test_mode = true; 397 break; 398 case USB_DEVICE_B_HNP_ENABLE: 399 if (!musb->g.is_otg) 400 goto stall; 401 musb->g.b_hnp_enable = 1; 402 musb_try_b_hnp_enable(musb); 403 break; 404 case USB_DEVICE_A_HNP_SUPPORT: 405 if (!musb->g.is_otg) 406 goto stall; 407 musb->g.a_hnp_support = 1; 408 break; 409 case USB_DEVICE_A_ALT_HNP_SUPPORT: 410 if (!musb->g.is_otg) 411 goto stall; 412 musb->g.a_alt_hnp_support = 1; 413 break; 414 case USB_DEVICE_DEBUG_MODE: 415 handled = 0; 416 break; 417 stall: 418 default: 419 handled = -EINVAL; 420 break; 421 } 422 break; 423 424 case USB_RECIP_INTERFACE: 425 break; 426 427 case USB_RECIP_ENDPOINT:{ 428 const u8 epnum = 429 ctrlrequest->wIndex & 0x0f; 430 struct musb_ep *musb_ep; 431 struct musb_hw_ep *ep; 432 void __iomem *regs; 433 int is_in; 434 u16 csr; 435 436 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 437 ctrlrequest->wValue != USB_ENDPOINT_HALT) 438 break; 439 440 ep = musb->endpoints + epnum; 441 regs = ep->regs; 442 is_in = ctrlrequest->wIndex & USB_DIR_IN; 443 if (is_in) 444 musb_ep = &ep->ep_in; 445 else 446 musb_ep = &ep->ep_out; 447 if (!musb_ep->desc) 448 break; 449 450 musb_ep_select(mbase, epnum); 451 if (is_in) { 452 csr = musb_readw(regs, MUSB_TXCSR); 453 if (csr & MUSB_TXCSR_FIFONOTEMPTY) 454 csr |= MUSB_TXCSR_FLUSHFIFO; 455 csr |= MUSB_TXCSR_P_SENDSTALL 456 | MUSB_TXCSR_CLRDATATOG 457 | MUSB_TXCSR_P_WZC_BITS; 458 musb_writew(regs, MUSB_TXCSR, csr); 459 } else { 460 csr = musb_readw(regs, MUSB_RXCSR); 461 csr |= MUSB_RXCSR_P_SENDSTALL 462 | MUSB_RXCSR_FLUSHFIFO 463 | MUSB_RXCSR_CLRDATATOG 464 | MUSB_RXCSR_P_WZC_BITS; 465 musb_writew(regs, MUSB_RXCSR, csr); 466 } 467 468 /* select ep0 again */ 469 musb_ep_select(mbase, 0); 470 handled = 1; 471 } break; 472 473 default: 474 /* class, vendor, etc ... delegate */ 475 handled = 0; 476 break; 477 } 478 break; 479 default: 480 /* delegate SET_CONFIGURATION, etc */ 481 handled = 0; 482 } 483 } else 484 handled = 0; 485 return handled; 486 } 487 488 /* we have an ep0out data packet 489 * Context: caller holds controller lock 490 */ 491 static void ep0_rxstate(struct musb *musb) 492 { 493 void __iomem *regs = musb->control_ep->regs; 494 struct musb_request *request; 495 struct usb_request *req; 496 u16 count, csr; 497 498 request = next_ep0_request(musb); 499 req = &request->request; 500 501 /* read packet and ack; or stall because of gadget driver bug: 502 * should have provided the rx buffer before setup() returned. 503 */ 504 if (req) { 505 void *buf = req->buf + req->actual; 506 unsigned len = req->length - req->actual; 507 508 /* read the buffer */ 509 count = musb_readb(regs, MUSB_COUNT0); 510 if (count > len) { 511 req->status = -EOVERFLOW; 512 count = len; 513 } 514 musb_read_fifo(&musb->endpoints[0], count, buf); 515 req->actual += count; 516 csr = MUSB_CSR0_P_SVDRXPKTRDY; 517 if (count < 64 || req->actual == req->length) { 518 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 519 csr |= MUSB_CSR0_P_DATAEND; 520 } else 521 req = NULL; 522 } else 523 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL; 524 525 526 /* Completion handler may choose to stall, e.g. because the 527 * message just received holds invalid data. 528 */ 529 if (req) { 530 musb->ackpend = csr; 531 musb_g_ep0_giveback(musb, req); 532 if (!musb->ackpend) 533 return; 534 musb->ackpend = 0; 535 } 536 musb_ep_select(musb->mregs, 0); 537 musb_writew(regs, MUSB_CSR0, csr); 538 } 539 540 /* 541 * transmitting to the host (IN), this code might be called from IRQ 542 * and from kernel thread. 543 * 544 * Context: caller holds controller lock 545 */ 546 static void ep0_txstate(struct musb *musb) 547 { 548 void __iomem *regs = musb->control_ep->regs; 549 struct musb_request *req = next_ep0_request(musb); 550 struct usb_request *request; 551 u16 csr = MUSB_CSR0_TXPKTRDY; 552 u8 *fifo_src; 553 u8 fifo_count; 554 555 if (!req) { 556 /* WARN_ON(1); */ 557 dev_dbg(musb->controller, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0)); 558 return; 559 } 560 561 request = &req->request; 562 563 /* load the data */ 564 fifo_src = (u8 *) request->buf + request->actual; 565 fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE, 566 request->length - request->actual); 567 musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src); 568 request->actual += fifo_count; 569 570 /* update the flags */ 571 if (fifo_count < MUSB_MAX_END0_PACKET 572 || (request->actual == request->length 573 && !request->zero)) { 574 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 575 csr |= MUSB_CSR0_P_DATAEND; 576 } else 577 request = NULL; 578 579 /* report completions as soon as the fifo's loaded; there's no 580 * win in waiting till this last packet gets acked. (other than 581 * very precise fault reporting, needed by USB TMC; possible with 582 * this hardware, but not usable from portable gadget drivers.) 583 */ 584 if (request) { 585 musb->ackpend = csr; 586 musb_g_ep0_giveback(musb, request); 587 if (!musb->ackpend) 588 return; 589 musb->ackpend = 0; 590 } 591 592 /* send it out, triggering a "txpktrdy cleared" irq */ 593 musb_ep_select(musb->mregs, 0); 594 musb_writew(regs, MUSB_CSR0, csr); 595 } 596 597 /* 598 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware. 599 * Fields are left in USB byte-order. 600 * 601 * Context: caller holds controller lock. 602 */ 603 static void 604 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req) 605 { 606 struct musb_request *r; 607 void __iomem *regs = musb->control_ep->regs; 608 609 musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req); 610 611 /* NOTE: earlier 2.6 versions changed setup packets to host 612 * order, but now USB packets always stay in USB byte order. 613 */ 614 dev_dbg(musb->controller, "SETUP req%02x.%02x v%04x i%04x l%d\n", 615 req->bRequestType, 616 req->bRequest, 617 le16_to_cpu(req->wValue), 618 le16_to_cpu(req->wIndex), 619 le16_to_cpu(req->wLength)); 620 621 /* clean up any leftover transfers */ 622 r = next_ep0_request(musb); 623 if (r) 624 musb_g_ep0_giveback(musb, &r->request); 625 626 /* For zero-data requests we want to delay the STATUS stage to 627 * avoid SETUPEND errors. If we read data (OUT), delay accepting 628 * packets until there's a buffer to store them in. 629 * 630 * If we write data, the controller acts happier if we enable 631 * the TX FIFO right away, and give the controller a moment 632 * to switch modes... 633 */ 634 musb->set_address = false; 635 musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY; 636 if (req->wLength == 0) { 637 if (req->bRequestType & USB_DIR_IN) 638 musb->ackpend |= MUSB_CSR0_TXPKTRDY; 639 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT; 640 } else if (req->bRequestType & USB_DIR_IN) { 641 musb->ep0_state = MUSB_EP0_STAGE_TX; 642 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY); 643 while ((musb_readw(regs, MUSB_CSR0) 644 & MUSB_CSR0_RXPKTRDY) != 0) 645 cpu_relax(); 646 musb->ackpend = 0; 647 } else 648 musb->ep0_state = MUSB_EP0_STAGE_RX; 649 } 650 651 static int 652 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 653 __releases(musb->lock) 654 __acquires(musb->lock) 655 { 656 int retval; 657 if (!musb->gadget_driver) 658 return -EOPNOTSUPP; 659 spin_unlock(&musb->lock); 660 retval = musb->gadget_driver->setup(&musb->g, ctrlrequest); 661 spin_lock(&musb->lock); 662 return retval; 663 } 664 665 /* 666 * Handle peripheral ep0 interrupt 667 * 668 * Context: irq handler; we won't re-enter the driver that way. 669 */ 670 irqreturn_t musb_g_ep0_irq(struct musb *musb) 671 { 672 u16 csr; 673 u16 len; 674 void __iomem *mbase = musb->mregs; 675 void __iomem *regs = musb->endpoints[0].regs; 676 irqreturn_t retval = IRQ_NONE; 677 678 musb_ep_select(mbase, 0); /* select ep0 */ 679 csr = musb_readw(regs, MUSB_CSR0); 680 len = musb_readb(regs, MUSB_COUNT0); 681 682 dev_dbg(musb->controller, "csr %04x, count %d, myaddr %d, ep0stage %s\n", 683 csr, len, 684 musb_readb(mbase, MUSB_FADDR), 685 decode_ep0stage(musb->ep0_state)); 686 687 if (csr & MUSB_CSR0_P_DATAEND) { 688 /* 689 * If DATAEND is set we should not call the callback, 690 * hence the status stage is not complete. 691 */ 692 return IRQ_HANDLED; 693 } 694 695 /* I sent a stall.. need to acknowledge it now.. */ 696 if (csr & MUSB_CSR0_P_SENTSTALL) { 697 musb_writew(regs, MUSB_CSR0, 698 csr & ~MUSB_CSR0_P_SENTSTALL); 699 retval = IRQ_HANDLED; 700 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 701 csr = musb_readw(regs, MUSB_CSR0); 702 } 703 704 /* request ended "early" */ 705 if (csr & MUSB_CSR0_P_SETUPEND) { 706 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND); 707 retval = IRQ_HANDLED; 708 /* Transition into the early status phase */ 709 switch (musb->ep0_state) { 710 case MUSB_EP0_STAGE_TX: 711 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 712 break; 713 case MUSB_EP0_STAGE_RX: 714 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 715 break; 716 default: 717 ERR("SetupEnd came in a wrong ep0stage %s\n", 718 decode_ep0stage(musb->ep0_state)); 719 } 720 csr = musb_readw(regs, MUSB_CSR0); 721 /* NOTE: request may need completion */ 722 } 723 724 /* docs from Mentor only describe tx, rx, and idle/setup states. 725 * we need to handle nuances around status stages, and also the 726 * case where status and setup stages come back-to-back ... 727 */ 728 switch (musb->ep0_state) { 729 730 case MUSB_EP0_STAGE_TX: 731 /* irq on clearing txpktrdy */ 732 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) { 733 ep0_txstate(musb); 734 retval = IRQ_HANDLED; 735 } 736 break; 737 738 case MUSB_EP0_STAGE_RX: 739 /* irq on set rxpktrdy */ 740 if (csr & MUSB_CSR0_RXPKTRDY) { 741 ep0_rxstate(musb); 742 retval = IRQ_HANDLED; 743 } 744 break; 745 746 case MUSB_EP0_STAGE_STATUSIN: 747 /* end of sequence #2 (OUT/RX state) or #3 (no data) */ 748 749 /* update address (if needed) only @ the end of the 750 * status phase per usb spec, which also guarantees 751 * we get 10 msec to receive this irq... until this 752 * is done we won't see the next packet. 753 */ 754 if (musb->set_address) { 755 musb->set_address = false; 756 musb_writeb(mbase, MUSB_FADDR, musb->address); 757 } 758 759 /* enter test mode if needed (exit by reset) */ 760 else if (musb->test_mode) { 761 dev_dbg(musb->controller, "entering TESTMODE\n"); 762 763 if (MUSB_TEST_PACKET == musb->test_mode_nr) 764 musb_load_testpacket(musb); 765 766 musb_writeb(mbase, MUSB_TESTMODE, 767 musb->test_mode_nr); 768 } 769 /* FALLTHROUGH */ 770 771 case MUSB_EP0_STAGE_STATUSOUT: 772 /* end of sequence #1: write to host (TX state) */ 773 { 774 struct musb_request *req; 775 776 req = next_ep0_request(musb); 777 if (req) 778 musb_g_ep0_giveback(musb, &req->request); 779 } 780 781 /* 782 * In case when several interrupts can get coalesced, 783 * check to see if we've already received a SETUP packet... 784 */ 785 if (csr & MUSB_CSR0_RXPKTRDY) 786 goto setup; 787 788 retval = IRQ_HANDLED; 789 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 790 break; 791 792 case MUSB_EP0_STAGE_IDLE: 793 /* 794 * This state is typically (but not always) indiscernible 795 * from the status states since the corresponding interrupts 796 * tend to happen within too little period of time (with only 797 * a zero-length packet in between) and so get coalesced... 798 */ 799 retval = IRQ_HANDLED; 800 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 801 /* FALLTHROUGH */ 802 803 case MUSB_EP0_STAGE_SETUP: 804 setup: 805 if (csr & MUSB_CSR0_RXPKTRDY) { 806 struct usb_ctrlrequest setup; 807 int handled = 0; 808 809 if (len != 8) { 810 ERR("SETUP packet len %d != 8 ?\n", len); 811 break; 812 } 813 musb_read_setup(musb, &setup); 814 retval = IRQ_HANDLED; 815 816 /* sometimes the RESET won't be reported */ 817 if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) { 818 u8 power; 819 820 printk(KERN_NOTICE "%s: peripheral reset " 821 "irq lost!\n", 822 musb_driver_name); 823 power = musb_readb(mbase, MUSB_POWER); 824 musb->g.speed = (power & MUSB_POWER_HSMODE) 825 ? USB_SPEED_HIGH : USB_SPEED_FULL; 826 827 } 828 829 switch (musb->ep0_state) { 830 831 /* sequence #3 (no data stage), includes requests 832 * we can't forward (notably SET_ADDRESS and the 833 * device/endpoint feature set/clear operations) 834 * plus SET_CONFIGURATION and others we must 835 */ 836 case MUSB_EP0_STAGE_ACKWAIT: 837 handled = service_zero_data_request( 838 musb, &setup); 839 840 /* 841 * We're expecting no data in any case, so 842 * always set the DATAEND bit -- doing this 843 * here helps avoid SetupEnd interrupt coming 844 * in the idle stage when we're stalling... 845 */ 846 musb->ackpend |= MUSB_CSR0_P_DATAEND; 847 848 /* status stage might be immediate */ 849 if (handled > 0) 850 musb->ep0_state = 851 MUSB_EP0_STAGE_STATUSIN; 852 break; 853 854 /* sequence #1 (IN to host), includes GET_STATUS 855 * requests that we can't forward, GET_DESCRIPTOR 856 * and others that we must 857 */ 858 case MUSB_EP0_STAGE_TX: 859 handled = service_in_request(musb, &setup); 860 if (handled > 0) { 861 musb->ackpend = MUSB_CSR0_TXPKTRDY 862 | MUSB_CSR0_P_DATAEND; 863 musb->ep0_state = 864 MUSB_EP0_STAGE_STATUSOUT; 865 } 866 break; 867 868 /* sequence #2 (OUT from host), always forward */ 869 default: /* MUSB_EP0_STAGE_RX */ 870 break; 871 } 872 873 dev_dbg(musb->controller, "handled %d, csr %04x, ep0stage %s\n", 874 handled, csr, 875 decode_ep0stage(musb->ep0_state)); 876 877 /* unless we need to delegate this to the gadget 878 * driver, we know how to wrap this up: csr0 has 879 * not yet been written. 880 */ 881 if (handled < 0) 882 goto stall; 883 else if (handled > 0) 884 goto finish; 885 886 handled = forward_to_driver(musb, &setup); 887 if (handled < 0) { 888 musb_ep_select(mbase, 0); 889 stall: 890 dev_dbg(musb->controller, "stall (%d)\n", handled); 891 musb->ackpend |= MUSB_CSR0_P_SENDSTALL; 892 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 893 finish: 894 musb_writew(regs, MUSB_CSR0, 895 musb->ackpend); 896 musb->ackpend = 0; 897 } 898 } 899 break; 900 901 case MUSB_EP0_STAGE_ACKWAIT: 902 /* This should not happen. But happens with tusb6010 with 903 * g_file_storage and high speed. Do nothing. 904 */ 905 retval = IRQ_HANDLED; 906 break; 907 908 default: 909 /* "can't happen" */ 910 WARN_ON(1); 911 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL); 912 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 913 break; 914 } 915 916 return retval; 917 } 918 919 920 static int 921 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc) 922 { 923 /* always enabled */ 924 return -EINVAL; 925 } 926 927 static int musb_g_ep0_disable(struct usb_ep *e) 928 { 929 /* always enabled */ 930 return -EINVAL; 931 } 932 933 static int 934 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags) 935 { 936 struct musb_ep *ep; 937 struct musb_request *req; 938 struct musb *musb; 939 int status; 940 unsigned long lockflags; 941 void __iomem *regs; 942 943 if (!e || !r) 944 return -EINVAL; 945 946 ep = to_musb_ep(e); 947 musb = ep->musb; 948 regs = musb->control_ep->regs; 949 950 req = to_musb_request(r); 951 req->musb = musb; 952 req->request.actual = 0; 953 req->request.status = -EINPROGRESS; 954 req->tx = ep->is_in; 955 956 spin_lock_irqsave(&musb->lock, lockflags); 957 958 if (!list_empty(&ep->req_list)) { 959 status = -EBUSY; 960 goto cleanup; 961 } 962 963 switch (musb->ep0_state) { 964 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 965 case MUSB_EP0_STAGE_TX: /* control-IN data */ 966 case MUSB_EP0_STAGE_ACKWAIT: /* zero-length data */ 967 status = 0; 968 break; 969 default: 970 dev_dbg(musb->controller, "ep0 request queued in state %d\n", 971 musb->ep0_state); 972 status = -EINVAL; 973 goto cleanup; 974 } 975 976 /* add request to the list */ 977 list_add_tail(&req->list, &ep->req_list); 978 979 dev_dbg(musb->controller, "queue to %s (%s), length=%d\n", 980 ep->name, ep->is_in ? "IN/TX" : "OUT/RX", 981 req->request.length); 982 983 musb_ep_select(musb->mregs, 0); 984 985 /* sequence #1, IN ... start writing the data */ 986 if (musb->ep0_state == MUSB_EP0_STAGE_TX) 987 ep0_txstate(musb); 988 989 /* sequence #3, no-data ... issue IN status */ 990 else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) { 991 if (req->request.length) 992 status = -EINVAL; 993 else { 994 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 995 musb_writew(regs, MUSB_CSR0, 996 musb->ackpend | MUSB_CSR0_P_DATAEND); 997 musb->ackpend = 0; 998 musb_g_ep0_giveback(ep->musb, r); 999 } 1000 1001 /* else for sequence #2 (OUT), caller provides a buffer 1002 * before the next packet arrives. deferred responses 1003 * (after SETUP is acked) are racey. 1004 */ 1005 } else if (musb->ackpend) { 1006 musb_writew(regs, MUSB_CSR0, musb->ackpend); 1007 musb->ackpend = 0; 1008 } 1009 1010 cleanup: 1011 spin_unlock_irqrestore(&musb->lock, lockflags); 1012 return status; 1013 } 1014 1015 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req) 1016 { 1017 /* we just won't support this */ 1018 return -EINVAL; 1019 } 1020 1021 static int musb_g_ep0_halt(struct usb_ep *e, int value) 1022 { 1023 struct musb_ep *ep; 1024 struct musb *musb; 1025 void __iomem *base, *regs; 1026 unsigned long flags; 1027 int status; 1028 u16 csr; 1029 1030 if (!e || !value) 1031 return -EINVAL; 1032 1033 ep = to_musb_ep(e); 1034 musb = ep->musb; 1035 base = musb->mregs; 1036 regs = musb->control_ep->regs; 1037 status = 0; 1038 1039 spin_lock_irqsave(&musb->lock, flags); 1040 1041 if (!list_empty(&ep->req_list)) { 1042 status = -EBUSY; 1043 goto cleanup; 1044 } 1045 1046 musb_ep_select(base, 0); 1047 csr = musb->ackpend; 1048 1049 switch (musb->ep0_state) { 1050 1051 /* Stalls are usually issued after parsing SETUP packet, either 1052 * directly in irq context from setup() or else later. 1053 */ 1054 case MUSB_EP0_STAGE_TX: /* control-IN data */ 1055 case MUSB_EP0_STAGE_ACKWAIT: /* STALL for zero-length data */ 1056 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 1057 csr = musb_readw(regs, MUSB_CSR0); 1058 /* FALLTHROUGH */ 1059 1060 /* It's also OK to issue stalls during callbacks when a non-empty 1061 * DATA stage buffer has been read (or even written). 1062 */ 1063 case MUSB_EP0_STAGE_STATUSIN: /* control-OUT status */ 1064 case MUSB_EP0_STAGE_STATUSOUT: /* control-IN status */ 1065 1066 csr |= MUSB_CSR0_P_SENDSTALL; 1067 musb_writew(regs, MUSB_CSR0, csr); 1068 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 1069 musb->ackpend = 0; 1070 break; 1071 default: 1072 dev_dbg(musb->controller, "ep0 can't halt in state %d\n", musb->ep0_state); 1073 status = -EINVAL; 1074 } 1075 1076 cleanup: 1077 spin_unlock_irqrestore(&musb->lock, flags); 1078 return status; 1079 } 1080 1081 const struct usb_ep_ops musb_g_ep0_ops = { 1082 .enable = musb_g_ep0_enable, 1083 .disable = musb_g_ep0_disable, 1084 .alloc_request = musb_alloc_request, 1085 .free_request = musb_free_request, 1086 .queue = musb_g_ep0_queue, 1087 .dequeue = musb_g_ep0_dequeue, 1088 .set_halt = musb_g_ep0_halt, 1089 }; 1090