1 /* 2 * MUSB OTG peripheral driver ep0 handling 3 * 4 * Copyright 2005 Mentor Graphics Corporation 5 * Copyright (C) 2005-2006 by Texas Instruments 6 * Copyright (C) 2006-2007 Nokia Corporation 7 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com> 8 * 9 * SPDX-License-Identifier: GPL-2.0 10 */ 11 12 #ifndef __UBOOT__ 13 #include <linux/kernel.h> 14 #include <linux/list.h> 15 #include <linux/timer.h> 16 #include <linux/spinlock.h> 17 #include <linux/device.h> 18 #include <linux/interrupt.h> 19 #else 20 #include <common.h> 21 #include "linux-compat.h" 22 #include <asm/processor.h> 23 #endif 24 25 #include "musb_core.h" 26 27 /* ep0 is always musb->endpoints[0].ep_in */ 28 #define next_ep0_request(musb) next_in_request(&(musb)->endpoints[0]) 29 30 /* 31 * locking note: we use only the controller lock, for simpler correctness. 32 * It's always held with IRQs blocked. 33 * 34 * It protects the ep0 request queue as well as ep0_state, not just the 35 * controller and indexed registers. And that lock stays held unless it 36 * needs to be dropped to allow reentering this driver ... like upcalls to 37 * the gadget driver, or adjusting endpoint halt status. 38 */ 39 40 static char *decode_ep0stage(u8 stage) 41 { 42 switch (stage) { 43 case MUSB_EP0_STAGE_IDLE: return "idle"; 44 case MUSB_EP0_STAGE_SETUP: return "setup"; 45 case MUSB_EP0_STAGE_TX: return "in"; 46 case MUSB_EP0_STAGE_RX: return "out"; 47 case MUSB_EP0_STAGE_ACKWAIT: return "wait"; 48 case MUSB_EP0_STAGE_STATUSIN: return "in/status"; 49 case MUSB_EP0_STAGE_STATUSOUT: return "out/status"; 50 default: return "?"; 51 } 52 } 53 54 /* handle a standard GET_STATUS request 55 * Context: caller holds controller lock 56 */ 57 static int service_tx_status_request( 58 struct musb *musb, 59 const struct usb_ctrlrequest *ctrlrequest) 60 { 61 void __iomem *mbase = musb->mregs; 62 int handled = 1; 63 u8 result[2], epnum = 0; 64 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 65 66 result[1] = 0; 67 68 switch (recip) { 69 case USB_RECIP_DEVICE: 70 result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED; 71 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP; 72 if (musb->g.is_otg) { 73 result[0] |= musb->g.b_hnp_enable 74 << USB_DEVICE_B_HNP_ENABLE; 75 result[0] |= musb->g.a_alt_hnp_support 76 << USB_DEVICE_A_ALT_HNP_SUPPORT; 77 result[0] |= musb->g.a_hnp_support 78 << USB_DEVICE_A_HNP_SUPPORT; 79 } 80 break; 81 82 case USB_RECIP_INTERFACE: 83 result[0] = 0; 84 break; 85 86 case USB_RECIP_ENDPOINT: { 87 int is_in; 88 struct musb_ep *ep; 89 u16 tmp; 90 void __iomem *regs; 91 92 epnum = (u8) ctrlrequest->wIndex; 93 if (!epnum) { 94 result[0] = 0; 95 break; 96 } 97 98 is_in = epnum & USB_DIR_IN; 99 if (is_in) { 100 epnum &= 0x0f; 101 ep = &musb->endpoints[epnum].ep_in; 102 } else { 103 ep = &musb->endpoints[epnum].ep_out; 104 } 105 regs = musb->endpoints[epnum].regs; 106 107 if (epnum >= MUSB_C_NUM_EPS || !ep->desc) { 108 handled = -EINVAL; 109 break; 110 } 111 112 musb_ep_select(mbase, epnum); 113 if (is_in) 114 tmp = musb_readw(regs, MUSB_TXCSR) 115 & MUSB_TXCSR_P_SENDSTALL; 116 else 117 tmp = musb_readw(regs, MUSB_RXCSR) 118 & MUSB_RXCSR_P_SENDSTALL; 119 musb_ep_select(mbase, 0); 120 121 result[0] = tmp ? 1 : 0; 122 } break; 123 124 default: 125 /* class, vendor, etc ... delegate */ 126 handled = 0; 127 break; 128 } 129 130 /* fill up the fifo; caller updates csr0 */ 131 if (handled > 0) { 132 u16 len = le16_to_cpu(ctrlrequest->wLength); 133 134 if (len > 2) 135 len = 2; 136 musb_write_fifo(&musb->endpoints[0], len, result); 137 } 138 139 return handled; 140 } 141 142 /* 143 * handle a control-IN request, the end0 buffer contains the current request 144 * that is supposed to be a standard control request. Assumes the fifo to 145 * be at least 2 bytes long. 146 * 147 * @return 0 if the request was NOT HANDLED, 148 * < 0 when error 149 * > 0 when the request is processed 150 * 151 * Context: caller holds controller lock 152 */ 153 static int 154 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 155 { 156 int handled = 0; /* not handled */ 157 158 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 159 == USB_TYPE_STANDARD) { 160 switch (ctrlrequest->bRequest) { 161 case USB_REQ_GET_STATUS: 162 handled = service_tx_status_request(musb, 163 ctrlrequest); 164 break; 165 166 /* case USB_REQ_SYNC_FRAME: */ 167 168 default: 169 break; 170 } 171 } 172 return handled; 173 } 174 175 /* 176 * Context: caller holds controller lock 177 */ 178 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req) 179 { 180 musb_g_giveback(&musb->endpoints[0].ep_in, req, 0); 181 } 182 183 /* 184 * Tries to start B-device HNP negotiation if enabled via sysfs 185 */ 186 static inline void musb_try_b_hnp_enable(struct musb *musb) 187 { 188 void __iomem *mbase = musb->mregs; 189 u8 devctl; 190 191 dev_dbg(musb->controller, "HNP: Setting HR\n"); 192 devctl = musb_readb(mbase, MUSB_DEVCTL); 193 musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR); 194 } 195 196 /* 197 * Handle all control requests with no DATA stage, including standard 198 * requests such as: 199 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized 200 * always delegated to the gadget driver 201 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE 202 * always handled here, except for class/vendor/... features 203 * 204 * Context: caller holds controller lock 205 */ 206 static int 207 service_zero_data_request(struct musb *musb, 208 struct usb_ctrlrequest *ctrlrequest) 209 __releases(musb->lock) 210 __acquires(musb->lock) 211 { 212 int handled = -EINVAL; 213 void __iomem *mbase = musb->mregs; 214 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 215 216 /* the gadget driver handles everything except what we MUST handle */ 217 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 218 == USB_TYPE_STANDARD) { 219 switch (ctrlrequest->bRequest) { 220 case USB_REQ_SET_ADDRESS: 221 /* change it after the status stage */ 222 musb->set_address = true; 223 musb->address = (u8) (ctrlrequest->wValue & 0x7f); 224 handled = 1; 225 break; 226 227 case USB_REQ_CLEAR_FEATURE: 228 switch (recip) { 229 case USB_RECIP_DEVICE: 230 if (ctrlrequest->wValue 231 != USB_DEVICE_REMOTE_WAKEUP) 232 break; 233 musb->may_wakeup = 0; 234 handled = 1; 235 break; 236 case USB_RECIP_INTERFACE: 237 break; 238 case USB_RECIP_ENDPOINT:{ 239 const u8 epnum = 240 ctrlrequest->wIndex & 0x0f; 241 struct musb_ep *musb_ep; 242 struct musb_hw_ep *ep; 243 struct musb_request *request; 244 void __iomem *regs; 245 int is_in; 246 u16 csr; 247 248 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 249 ctrlrequest->wValue != USB_ENDPOINT_HALT) 250 break; 251 252 ep = musb->endpoints + epnum; 253 regs = ep->regs; 254 is_in = ctrlrequest->wIndex & USB_DIR_IN; 255 if (is_in) 256 musb_ep = &ep->ep_in; 257 else 258 musb_ep = &ep->ep_out; 259 if (!musb_ep->desc) 260 break; 261 262 handled = 1; 263 /* Ignore request if endpoint is wedged */ 264 if (musb_ep->wedged) 265 break; 266 267 musb_ep_select(mbase, epnum); 268 if (is_in) { 269 csr = musb_readw(regs, MUSB_TXCSR); 270 csr |= MUSB_TXCSR_CLRDATATOG | 271 MUSB_TXCSR_P_WZC_BITS; 272 csr &= ~(MUSB_TXCSR_P_SENDSTALL | 273 MUSB_TXCSR_P_SENTSTALL | 274 MUSB_TXCSR_TXPKTRDY); 275 musb_writew(regs, MUSB_TXCSR, csr); 276 } else { 277 csr = musb_readw(regs, MUSB_RXCSR); 278 csr |= MUSB_RXCSR_CLRDATATOG | 279 MUSB_RXCSR_P_WZC_BITS; 280 csr &= ~(MUSB_RXCSR_P_SENDSTALL | 281 MUSB_RXCSR_P_SENTSTALL); 282 musb_writew(regs, MUSB_RXCSR, csr); 283 } 284 285 /* Maybe start the first request in the queue */ 286 request = next_request(musb_ep); 287 if (!musb_ep->busy && request) { 288 dev_dbg(musb->controller, "restarting the request\n"); 289 musb_ep_restart(musb, request); 290 } 291 292 /* select ep0 again */ 293 musb_ep_select(mbase, 0); 294 } break; 295 default: 296 /* class, vendor, etc ... delegate */ 297 handled = 0; 298 break; 299 } 300 break; 301 302 case USB_REQ_SET_FEATURE: 303 switch (recip) { 304 case USB_RECIP_DEVICE: 305 handled = 1; 306 switch (ctrlrequest->wValue) { 307 case USB_DEVICE_REMOTE_WAKEUP: 308 musb->may_wakeup = 1; 309 break; 310 case USB_DEVICE_TEST_MODE: 311 if (musb->g.speed != USB_SPEED_HIGH) 312 goto stall; 313 if (ctrlrequest->wIndex & 0xff) 314 goto stall; 315 316 switch (ctrlrequest->wIndex >> 8) { 317 case 1: 318 pr_debug("TEST_J\n"); 319 /* TEST_J */ 320 musb->test_mode_nr = 321 MUSB_TEST_J; 322 break; 323 case 2: 324 /* TEST_K */ 325 pr_debug("TEST_K\n"); 326 musb->test_mode_nr = 327 MUSB_TEST_K; 328 break; 329 case 3: 330 /* TEST_SE0_NAK */ 331 pr_debug("TEST_SE0_NAK\n"); 332 musb->test_mode_nr = 333 MUSB_TEST_SE0_NAK; 334 break; 335 case 4: 336 /* TEST_PACKET */ 337 pr_debug("TEST_PACKET\n"); 338 musb->test_mode_nr = 339 MUSB_TEST_PACKET; 340 break; 341 342 case 0xc0: 343 /* TEST_FORCE_HS */ 344 pr_debug("TEST_FORCE_HS\n"); 345 musb->test_mode_nr = 346 MUSB_TEST_FORCE_HS; 347 break; 348 case 0xc1: 349 /* TEST_FORCE_FS */ 350 pr_debug("TEST_FORCE_FS\n"); 351 musb->test_mode_nr = 352 MUSB_TEST_FORCE_FS; 353 break; 354 case 0xc2: 355 /* TEST_FIFO_ACCESS */ 356 pr_debug("TEST_FIFO_ACCESS\n"); 357 musb->test_mode_nr = 358 MUSB_TEST_FIFO_ACCESS; 359 break; 360 case 0xc3: 361 /* TEST_FORCE_HOST */ 362 pr_debug("TEST_FORCE_HOST\n"); 363 musb->test_mode_nr = 364 MUSB_TEST_FORCE_HOST; 365 break; 366 default: 367 goto stall; 368 } 369 370 /* enter test mode after irq */ 371 if (handled > 0) 372 musb->test_mode = true; 373 break; 374 case USB_DEVICE_B_HNP_ENABLE: 375 if (!musb->g.is_otg) 376 goto stall; 377 musb->g.b_hnp_enable = 1; 378 musb_try_b_hnp_enable(musb); 379 break; 380 case USB_DEVICE_A_HNP_SUPPORT: 381 if (!musb->g.is_otg) 382 goto stall; 383 musb->g.a_hnp_support = 1; 384 break; 385 case USB_DEVICE_A_ALT_HNP_SUPPORT: 386 if (!musb->g.is_otg) 387 goto stall; 388 musb->g.a_alt_hnp_support = 1; 389 break; 390 case USB_DEVICE_DEBUG_MODE: 391 handled = 0; 392 break; 393 stall: 394 default: 395 handled = -EINVAL; 396 break; 397 } 398 break; 399 400 case USB_RECIP_INTERFACE: 401 break; 402 403 case USB_RECIP_ENDPOINT:{ 404 const u8 epnum = 405 ctrlrequest->wIndex & 0x0f; 406 struct musb_ep *musb_ep; 407 struct musb_hw_ep *ep; 408 void __iomem *regs; 409 int is_in; 410 u16 csr; 411 412 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 413 ctrlrequest->wValue != USB_ENDPOINT_HALT) 414 break; 415 416 ep = musb->endpoints + epnum; 417 regs = ep->regs; 418 is_in = ctrlrequest->wIndex & USB_DIR_IN; 419 if (is_in) 420 musb_ep = &ep->ep_in; 421 else 422 musb_ep = &ep->ep_out; 423 if (!musb_ep->desc) 424 break; 425 426 musb_ep_select(mbase, epnum); 427 if (is_in) { 428 csr = musb_readw(regs, MUSB_TXCSR); 429 if (csr & MUSB_TXCSR_FIFONOTEMPTY) 430 csr |= MUSB_TXCSR_FLUSHFIFO; 431 csr |= MUSB_TXCSR_P_SENDSTALL 432 | MUSB_TXCSR_CLRDATATOG 433 | MUSB_TXCSR_P_WZC_BITS; 434 musb_writew(regs, MUSB_TXCSR, csr); 435 } else { 436 csr = musb_readw(regs, MUSB_RXCSR); 437 csr |= MUSB_RXCSR_P_SENDSTALL 438 | MUSB_RXCSR_FLUSHFIFO 439 | MUSB_RXCSR_CLRDATATOG 440 | MUSB_RXCSR_P_WZC_BITS; 441 musb_writew(regs, MUSB_RXCSR, csr); 442 } 443 444 /* select ep0 again */ 445 musb_ep_select(mbase, 0); 446 handled = 1; 447 } break; 448 449 default: 450 /* class, vendor, etc ... delegate */ 451 handled = 0; 452 break; 453 } 454 break; 455 default: 456 /* delegate SET_CONFIGURATION, etc */ 457 handled = 0; 458 } 459 } else 460 handled = 0; 461 return handled; 462 } 463 464 /* we have an ep0out data packet 465 * Context: caller holds controller lock 466 */ 467 static void ep0_rxstate(struct musb *musb) 468 { 469 void __iomem *regs = musb->control_ep->regs; 470 struct musb_request *request; 471 struct usb_request *req; 472 u16 count, csr; 473 474 request = next_ep0_request(musb); 475 req = &request->request; 476 477 /* read packet and ack; or stall because of gadget driver bug: 478 * should have provided the rx buffer before setup() returned. 479 */ 480 if (req) { 481 void *buf = req->buf + req->actual; 482 unsigned len = req->length - req->actual; 483 484 /* read the buffer */ 485 count = musb_readb(regs, MUSB_COUNT0); 486 if (count > len) { 487 req->status = -EOVERFLOW; 488 count = len; 489 } 490 musb_read_fifo(&musb->endpoints[0], count, buf); 491 req->actual += count; 492 csr = MUSB_CSR0_P_SVDRXPKTRDY; 493 if (count < 64 || req->actual == req->length) { 494 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 495 csr |= MUSB_CSR0_P_DATAEND; 496 } else 497 req = NULL; 498 } else 499 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL; 500 501 502 /* Completion handler may choose to stall, e.g. because the 503 * message just received holds invalid data. 504 */ 505 if (req) { 506 musb->ackpend = csr; 507 musb_g_ep0_giveback(musb, req); 508 if (!musb->ackpend) 509 return; 510 musb->ackpend = 0; 511 } 512 musb_ep_select(musb->mregs, 0); 513 musb_writew(regs, MUSB_CSR0, csr); 514 } 515 516 /* 517 * transmitting to the host (IN), this code might be called from IRQ 518 * and from kernel thread. 519 * 520 * Context: caller holds controller lock 521 */ 522 static void ep0_txstate(struct musb *musb) 523 { 524 void __iomem *regs = musb->control_ep->regs; 525 struct musb_request *req = next_ep0_request(musb); 526 struct usb_request *request; 527 u16 csr = MUSB_CSR0_TXPKTRDY; 528 u8 *fifo_src; 529 u8 fifo_count; 530 531 if (!req) { 532 /* WARN_ON(1); */ 533 dev_dbg(musb->controller, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0)); 534 return; 535 } 536 537 request = &req->request; 538 539 /* load the data */ 540 fifo_src = (u8 *) request->buf + request->actual; 541 fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE, 542 request->length - request->actual); 543 musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src); 544 request->actual += fifo_count; 545 546 /* update the flags */ 547 if (fifo_count < MUSB_MAX_END0_PACKET 548 || (request->actual == request->length 549 && !request->zero)) { 550 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 551 csr |= MUSB_CSR0_P_DATAEND; 552 } else 553 request = NULL; 554 555 /* send it out, triggering a "txpktrdy cleared" irq */ 556 musb_ep_select(musb->mregs, 0); 557 musb_writew(regs, MUSB_CSR0, csr); 558 559 /* report completions as soon as the fifo's loaded; there's no 560 * win in waiting till this last packet gets acked. (other than 561 * very precise fault reporting, needed by USB TMC; possible with 562 * this hardware, but not usable from portable gadget drivers.) 563 */ 564 if (request) { 565 musb->ackpend = csr; 566 musb_g_ep0_giveback(musb, request); 567 if (!musb->ackpend) 568 return; 569 musb->ackpend = 0; 570 } 571 } 572 573 /* 574 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware. 575 * Fields are left in USB byte-order. 576 * 577 * Context: caller holds controller lock. 578 */ 579 static void 580 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req) 581 { 582 struct musb_request *r; 583 void __iomem *regs = musb->control_ep->regs; 584 585 musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req); 586 587 /* NOTE: earlier 2.6 versions changed setup packets to host 588 * order, but now USB packets always stay in USB byte order. 589 */ 590 dev_dbg(musb->controller, "SETUP req%02x.%02x v%04x i%04x l%d\n", 591 req->bRequestType, 592 req->bRequest, 593 le16_to_cpu(req->wValue), 594 le16_to_cpu(req->wIndex), 595 le16_to_cpu(req->wLength)); 596 597 /* clean up any leftover transfers */ 598 r = next_ep0_request(musb); 599 if (r) 600 musb_g_ep0_giveback(musb, &r->request); 601 602 /* For zero-data requests we want to delay the STATUS stage to 603 * avoid SETUPEND errors. If we read data (OUT), delay accepting 604 * packets until there's a buffer to store them in. 605 * 606 * If we write data, the controller acts happier if we enable 607 * the TX FIFO right away, and give the controller a moment 608 * to switch modes... 609 */ 610 musb->set_address = false; 611 musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY; 612 if (req->wLength == 0) { 613 if (req->bRequestType & USB_DIR_IN) 614 musb->ackpend |= MUSB_CSR0_TXPKTRDY; 615 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT; 616 } else if (req->bRequestType & USB_DIR_IN) { 617 musb->ep0_state = MUSB_EP0_STAGE_TX; 618 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY); 619 while ((musb_readw(regs, MUSB_CSR0) 620 & MUSB_CSR0_RXPKTRDY) != 0) 621 cpu_relax(); 622 musb->ackpend = 0; 623 } else 624 musb->ep0_state = MUSB_EP0_STAGE_RX; 625 } 626 627 static int 628 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 629 __releases(musb->lock) 630 __acquires(musb->lock) 631 { 632 int retval; 633 if (!musb->gadget_driver) 634 return -EOPNOTSUPP; 635 spin_unlock(&musb->lock); 636 retval = musb->gadget_driver->setup(&musb->g, ctrlrequest); 637 spin_lock(&musb->lock); 638 return retval; 639 } 640 641 /* 642 * Handle peripheral ep0 interrupt 643 * 644 * Context: irq handler; we won't re-enter the driver that way. 645 */ 646 irqreturn_t musb_g_ep0_irq(struct musb *musb) 647 { 648 u16 csr; 649 u16 len; 650 void __iomem *mbase = musb->mregs; 651 void __iomem *regs = musb->endpoints[0].regs; 652 irqreturn_t retval = IRQ_NONE; 653 654 musb_ep_select(mbase, 0); /* select ep0 */ 655 csr = musb_readw(regs, MUSB_CSR0); 656 len = musb_readb(regs, MUSB_COUNT0); 657 658 dev_dbg(musb->controller, "csr %04x, count %d, myaddr %d, ep0stage %s\n", 659 csr, len, 660 musb_readb(mbase, MUSB_FADDR), 661 decode_ep0stage(musb->ep0_state)); 662 663 if (csr & MUSB_CSR0_P_DATAEND) { 664 /* 665 * If DATAEND is set we should not call the callback, 666 * hence the status stage is not complete. 667 */ 668 return IRQ_HANDLED; 669 } 670 671 /* I sent a stall.. need to acknowledge it now.. */ 672 if (csr & MUSB_CSR0_P_SENTSTALL) { 673 musb_writew(regs, MUSB_CSR0, 674 csr & ~MUSB_CSR0_P_SENTSTALL); 675 retval = IRQ_HANDLED; 676 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 677 csr = musb_readw(regs, MUSB_CSR0); 678 } 679 680 /* request ended "early" */ 681 if (csr & MUSB_CSR0_P_SETUPEND) { 682 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND); 683 retval = IRQ_HANDLED; 684 /* Transition into the early status phase */ 685 switch (musb->ep0_state) { 686 case MUSB_EP0_STAGE_TX: 687 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 688 break; 689 case MUSB_EP0_STAGE_RX: 690 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 691 break; 692 default: 693 ERR("SetupEnd came in a wrong ep0stage %s\n", 694 decode_ep0stage(musb->ep0_state)); 695 } 696 csr = musb_readw(regs, MUSB_CSR0); 697 /* NOTE: request may need completion */ 698 } 699 700 /* docs from Mentor only describe tx, rx, and idle/setup states. 701 * we need to handle nuances around status stages, and also the 702 * case where status and setup stages come back-to-back ... 703 */ 704 switch (musb->ep0_state) { 705 706 case MUSB_EP0_STAGE_TX: 707 /* irq on clearing txpktrdy */ 708 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) { 709 ep0_txstate(musb); 710 retval = IRQ_HANDLED; 711 } 712 break; 713 714 case MUSB_EP0_STAGE_RX: 715 /* irq on set rxpktrdy */ 716 if (csr & MUSB_CSR0_RXPKTRDY) { 717 ep0_rxstate(musb); 718 retval = IRQ_HANDLED; 719 } 720 break; 721 722 case MUSB_EP0_STAGE_STATUSIN: 723 /* end of sequence #2 (OUT/RX state) or #3 (no data) */ 724 725 /* update address (if needed) only @ the end of the 726 * status phase per usb spec, which also guarantees 727 * we get 10 msec to receive this irq... until this 728 * is done we won't see the next packet. 729 */ 730 if (musb->set_address) { 731 musb->set_address = false; 732 musb_writeb(mbase, MUSB_FADDR, musb->address); 733 } 734 735 /* enter test mode if needed (exit by reset) */ 736 else if (musb->test_mode) { 737 dev_dbg(musb->controller, "entering TESTMODE\n"); 738 739 if (MUSB_TEST_PACKET == musb->test_mode_nr) 740 musb_load_testpacket(musb); 741 742 musb_writeb(mbase, MUSB_TESTMODE, 743 musb->test_mode_nr); 744 } 745 /* FALLTHROUGH */ 746 747 case MUSB_EP0_STAGE_STATUSOUT: 748 /* end of sequence #1: write to host (TX state) */ 749 { 750 struct musb_request *req; 751 752 req = next_ep0_request(musb); 753 if (req) 754 musb_g_ep0_giveback(musb, &req->request); 755 } 756 757 /* 758 * In case when several interrupts can get coalesced, 759 * check to see if we've already received a SETUP packet... 760 */ 761 if (csr & MUSB_CSR0_RXPKTRDY) 762 goto setup; 763 764 retval = IRQ_HANDLED; 765 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 766 break; 767 768 case MUSB_EP0_STAGE_IDLE: 769 /* 770 * This state is typically (but not always) indiscernible 771 * from the status states since the corresponding interrupts 772 * tend to happen within too little period of time (with only 773 * a zero-length packet in between) and so get coalesced... 774 */ 775 retval = IRQ_HANDLED; 776 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 777 /* FALLTHROUGH */ 778 779 case MUSB_EP0_STAGE_SETUP: 780 setup: 781 if (csr & MUSB_CSR0_RXPKTRDY) { 782 struct usb_ctrlrequest setup; 783 int handled = 0; 784 785 if (len != 8) { 786 ERR("SETUP packet len %d != 8 ?\n", len); 787 break; 788 } 789 musb_read_setup(musb, &setup); 790 retval = IRQ_HANDLED; 791 792 /* sometimes the RESET won't be reported */ 793 if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) { 794 u8 power; 795 796 printk(KERN_NOTICE "%s: peripheral reset " 797 "irq lost!\n", 798 musb_driver_name); 799 power = musb_readb(mbase, MUSB_POWER); 800 musb->g.speed = (power & MUSB_POWER_HSMODE) 801 ? USB_SPEED_HIGH : USB_SPEED_FULL; 802 803 } 804 805 switch (musb->ep0_state) { 806 807 /* sequence #3 (no data stage), includes requests 808 * we can't forward (notably SET_ADDRESS and the 809 * device/endpoint feature set/clear operations) 810 * plus SET_CONFIGURATION and others we must 811 */ 812 case MUSB_EP0_STAGE_ACKWAIT: 813 handled = service_zero_data_request( 814 musb, &setup); 815 816 /* 817 * We're expecting no data in any case, so 818 * always set the DATAEND bit -- doing this 819 * here helps avoid SetupEnd interrupt coming 820 * in the idle stage when we're stalling... 821 */ 822 musb->ackpend |= MUSB_CSR0_P_DATAEND; 823 824 /* status stage might be immediate */ 825 if (handled > 0) 826 musb->ep0_state = 827 MUSB_EP0_STAGE_STATUSIN; 828 break; 829 830 /* sequence #1 (IN to host), includes GET_STATUS 831 * requests that we can't forward, GET_DESCRIPTOR 832 * and others that we must 833 */ 834 case MUSB_EP0_STAGE_TX: 835 handled = service_in_request(musb, &setup); 836 if (handled > 0) { 837 musb->ackpend = MUSB_CSR0_TXPKTRDY 838 | MUSB_CSR0_P_DATAEND; 839 musb->ep0_state = 840 MUSB_EP0_STAGE_STATUSOUT; 841 } 842 break; 843 844 /* sequence #2 (OUT from host), always forward */ 845 default: /* MUSB_EP0_STAGE_RX */ 846 break; 847 } 848 849 dev_dbg(musb->controller, "handled %d, csr %04x, ep0stage %s\n", 850 handled, csr, 851 decode_ep0stage(musb->ep0_state)); 852 853 /* unless we need to delegate this to the gadget 854 * driver, we know how to wrap this up: csr0 has 855 * not yet been written. 856 */ 857 if (handled < 0) 858 goto stall; 859 else if (handled > 0) 860 goto finish; 861 862 handled = forward_to_driver(musb, &setup); 863 if (handled < 0) { 864 musb_ep_select(mbase, 0); 865 stall: 866 dev_dbg(musb->controller, "stall (%d)\n", handled); 867 musb->ackpend |= MUSB_CSR0_P_SENDSTALL; 868 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 869 finish: 870 musb_writew(regs, MUSB_CSR0, 871 musb->ackpend); 872 musb->ackpend = 0; 873 } 874 } 875 break; 876 877 case MUSB_EP0_STAGE_ACKWAIT: 878 /* This should not happen. But happens with tusb6010 with 879 * g_file_storage and high speed. Do nothing. 880 */ 881 retval = IRQ_HANDLED; 882 break; 883 884 default: 885 /* "can't happen" */ 886 WARN_ON(1); 887 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL); 888 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 889 break; 890 } 891 892 return retval; 893 } 894 895 896 static int 897 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc) 898 { 899 /* always enabled */ 900 return -EINVAL; 901 } 902 903 static int musb_g_ep0_disable(struct usb_ep *e) 904 { 905 /* always enabled */ 906 return -EINVAL; 907 } 908 909 static int 910 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags) 911 { 912 struct musb_ep *ep; 913 struct musb_request *req; 914 struct musb *musb; 915 int status; 916 unsigned long lockflags; 917 void __iomem *regs; 918 919 if (!e || !r) 920 return -EINVAL; 921 922 ep = to_musb_ep(e); 923 musb = ep->musb; 924 regs = musb->control_ep->regs; 925 926 req = to_musb_request(r); 927 req->musb = musb; 928 req->request.actual = 0; 929 req->request.status = -EINPROGRESS; 930 req->tx = ep->is_in; 931 932 spin_lock_irqsave(&musb->lock, lockflags); 933 934 if (!list_empty(&ep->req_list)) { 935 status = -EBUSY; 936 goto cleanup; 937 } 938 939 switch (musb->ep0_state) { 940 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 941 case MUSB_EP0_STAGE_TX: /* control-IN data */ 942 case MUSB_EP0_STAGE_ACKWAIT: /* zero-length data */ 943 status = 0; 944 break; 945 default: 946 dev_dbg(musb->controller, "ep0 request queued in state %d\n", 947 musb->ep0_state); 948 status = -EINVAL; 949 goto cleanup; 950 } 951 952 /* add request to the list */ 953 list_add_tail(&req->list, &ep->req_list); 954 955 dev_dbg(musb->controller, "queue to %s (%s), length=%d\n", 956 ep->name, ep->is_in ? "IN/TX" : "OUT/RX", 957 req->request.length); 958 959 musb_ep_select(musb->mregs, 0); 960 961 /* sequence #1, IN ... start writing the data */ 962 if (musb->ep0_state == MUSB_EP0_STAGE_TX) 963 ep0_txstate(musb); 964 965 /* sequence #3, no-data ... issue IN status */ 966 else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) { 967 if (req->request.length) 968 status = -EINVAL; 969 else { 970 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 971 musb_writew(regs, MUSB_CSR0, 972 musb->ackpend | MUSB_CSR0_P_DATAEND); 973 musb->ackpend = 0; 974 musb_g_ep0_giveback(ep->musb, r); 975 } 976 977 /* else for sequence #2 (OUT), caller provides a buffer 978 * before the next packet arrives. deferred responses 979 * (after SETUP is acked) are racey. 980 */ 981 } else if (musb->ackpend) { 982 musb_writew(regs, MUSB_CSR0, musb->ackpend); 983 musb->ackpend = 0; 984 } 985 986 cleanup: 987 spin_unlock_irqrestore(&musb->lock, lockflags); 988 return status; 989 } 990 991 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req) 992 { 993 /* we just won't support this */ 994 return -EINVAL; 995 } 996 997 static int musb_g_ep0_halt(struct usb_ep *e, int value) 998 { 999 struct musb_ep *ep; 1000 struct musb *musb; 1001 void __iomem *base, *regs; 1002 unsigned long flags; 1003 int status; 1004 u16 csr; 1005 1006 if (!e || !value) 1007 return -EINVAL; 1008 1009 ep = to_musb_ep(e); 1010 musb = ep->musb; 1011 base = musb->mregs; 1012 regs = musb->control_ep->regs; 1013 status = 0; 1014 1015 spin_lock_irqsave(&musb->lock, flags); 1016 1017 if (!list_empty(&ep->req_list)) { 1018 status = -EBUSY; 1019 goto cleanup; 1020 } 1021 1022 musb_ep_select(base, 0); 1023 csr = musb->ackpend; 1024 1025 switch (musb->ep0_state) { 1026 1027 /* Stalls are usually issued after parsing SETUP packet, either 1028 * directly in irq context from setup() or else later. 1029 */ 1030 case MUSB_EP0_STAGE_TX: /* control-IN data */ 1031 case MUSB_EP0_STAGE_ACKWAIT: /* STALL for zero-length data */ 1032 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 1033 csr = musb_readw(regs, MUSB_CSR0); 1034 /* FALLTHROUGH */ 1035 1036 /* It's also OK to issue stalls during callbacks when a non-empty 1037 * DATA stage buffer has been read (or even written). 1038 */ 1039 case MUSB_EP0_STAGE_STATUSIN: /* control-OUT status */ 1040 case MUSB_EP0_STAGE_STATUSOUT: /* control-IN status */ 1041 1042 csr |= MUSB_CSR0_P_SENDSTALL; 1043 musb_writew(regs, MUSB_CSR0, csr); 1044 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 1045 musb->ackpend = 0; 1046 break; 1047 default: 1048 dev_dbg(musb->controller, "ep0 can't halt in state %d\n", musb->ep0_state); 1049 status = -EINVAL; 1050 } 1051 1052 cleanup: 1053 spin_unlock_irqrestore(&musb->lock, flags); 1054 return status; 1055 } 1056 1057 const struct usb_ep_ops musb_g_ep0_ops = { 1058 .enable = musb_g_ep0_enable, 1059 .disable = musb_g_ep0_disable, 1060 .alloc_request = musb_alloc_request, 1061 .free_request = musb_free_request, 1062 .queue = musb_g_ep0_queue, 1063 .dequeue = musb_g_ep0_dequeue, 1064 .set_halt = musb_g_ep0_halt, 1065 }; 1066