1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * MUSB OTG peripheral driver ep0 handling 4 * 5 * Copyright 2005 Mentor Graphics Corporation 6 * Copyright (C) 2005-2006 by Texas Instruments 7 * Copyright (C) 2006-2007 Nokia Corporation 8 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com> 9 */ 10 11 #ifndef __UBOOT__ 12 #include <linux/kernel.h> 13 #include <linux/list.h> 14 #include <linux/timer.h> 15 #include <linux/spinlock.h> 16 #include <linux/device.h> 17 #include <linux/interrupt.h> 18 #else 19 #include <common.h> 20 #include "linux-compat.h" 21 #include <asm/processor.h> 22 #endif 23 24 #include "musb_core.h" 25 26 /* ep0 is always musb->endpoints[0].ep_in */ 27 #define next_ep0_request(musb) next_in_request(&(musb)->endpoints[0]) 28 29 /* 30 * locking note: we use only the controller lock, for simpler correctness. 31 * It's always held with IRQs blocked. 32 * 33 * It protects the ep0 request queue as well as ep0_state, not just the 34 * controller and indexed registers. And that lock stays held unless it 35 * needs to be dropped to allow reentering this driver ... like upcalls to 36 * the gadget driver, or adjusting endpoint halt status. 37 */ 38 39 static char *decode_ep0stage(u8 stage) 40 { 41 switch (stage) { 42 case MUSB_EP0_STAGE_IDLE: return "idle"; 43 case MUSB_EP0_STAGE_SETUP: return "setup"; 44 case MUSB_EP0_STAGE_TX: return "in"; 45 case MUSB_EP0_STAGE_RX: return "out"; 46 case MUSB_EP0_STAGE_ACKWAIT: return "wait"; 47 case MUSB_EP0_STAGE_STATUSIN: return "in/status"; 48 case MUSB_EP0_STAGE_STATUSOUT: return "out/status"; 49 default: return "?"; 50 } 51 } 52 53 /* handle a standard GET_STATUS request 54 * Context: caller holds controller lock 55 */ 56 static int service_tx_status_request( 57 struct musb *musb, 58 const struct usb_ctrlrequest *ctrlrequest) 59 { 60 void __iomem *mbase = musb->mregs; 61 int handled = 1; 62 u8 result[2], epnum = 0; 63 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 64 65 result[1] = 0; 66 67 switch (recip) { 68 case USB_RECIP_DEVICE: 69 result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED; 70 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP; 71 if (musb->g.is_otg) { 72 result[0] |= musb->g.b_hnp_enable 73 << USB_DEVICE_B_HNP_ENABLE; 74 result[0] |= musb->g.a_alt_hnp_support 75 << USB_DEVICE_A_ALT_HNP_SUPPORT; 76 result[0] |= musb->g.a_hnp_support 77 << USB_DEVICE_A_HNP_SUPPORT; 78 } 79 break; 80 81 case USB_RECIP_INTERFACE: 82 result[0] = 0; 83 break; 84 85 case USB_RECIP_ENDPOINT: { 86 int is_in; 87 struct musb_ep *ep; 88 u16 tmp; 89 void __iomem *regs; 90 91 epnum = (u8) ctrlrequest->wIndex; 92 if (!epnum) { 93 result[0] = 0; 94 break; 95 } 96 97 is_in = epnum & USB_DIR_IN; 98 if (is_in) { 99 epnum &= 0x0f; 100 ep = &musb->endpoints[epnum].ep_in; 101 } else { 102 ep = &musb->endpoints[epnum].ep_out; 103 } 104 regs = musb->endpoints[epnum].regs; 105 106 if (epnum >= MUSB_C_NUM_EPS || !ep->desc) { 107 handled = -EINVAL; 108 break; 109 } 110 111 musb_ep_select(mbase, epnum); 112 if (is_in) 113 tmp = musb_readw(regs, MUSB_TXCSR) 114 & MUSB_TXCSR_P_SENDSTALL; 115 else 116 tmp = musb_readw(regs, MUSB_RXCSR) 117 & MUSB_RXCSR_P_SENDSTALL; 118 musb_ep_select(mbase, 0); 119 120 result[0] = tmp ? 1 : 0; 121 } break; 122 123 default: 124 /* class, vendor, etc ... delegate */ 125 handled = 0; 126 break; 127 } 128 129 /* fill up the fifo; caller updates csr0 */ 130 if (handled > 0) { 131 u16 len = le16_to_cpu(ctrlrequest->wLength); 132 133 if (len > 2) 134 len = 2; 135 musb_write_fifo(&musb->endpoints[0], len, result); 136 } 137 138 return handled; 139 } 140 141 /* 142 * handle a control-IN request, the end0 buffer contains the current request 143 * that is supposed to be a standard control request. Assumes the fifo to 144 * be at least 2 bytes long. 145 * 146 * @return 0 if the request was NOT HANDLED, 147 * < 0 when error 148 * > 0 when the request is processed 149 * 150 * Context: caller holds controller lock 151 */ 152 static int 153 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 154 { 155 int handled = 0; /* not handled */ 156 157 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 158 == USB_TYPE_STANDARD) { 159 switch (ctrlrequest->bRequest) { 160 case USB_REQ_GET_STATUS: 161 handled = service_tx_status_request(musb, 162 ctrlrequest); 163 break; 164 165 /* case USB_REQ_SYNC_FRAME: */ 166 167 default: 168 break; 169 } 170 } 171 return handled; 172 } 173 174 /* 175 * Context: caller holds controller lock 176 */ 177 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req) 178 { 179 musb_g_giveback(&musb->endpoints[0].ep_in, req, 0); 180 } 181 182 /* 183 * Tries to start B-device HNP negotiation if enabled via sysfs 184 */ 185 static inline void musb_try_b_hnp_enable(struct musb *musb) 186 { 187 void __iomem *mbase = musb->mregs; 188 u8 devctl; 189 190 dev_dbg(musb->controller, "HNP: Setting HR\n"); 191 devctl = musb_readb(mbase, MUSB_DEVCTL); 192 musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR); 193 } 194 195 /* 196 * Handle all control requests with no DATA stage, including standard 197 * requests such as: 198 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized 199 * always delegated to the gadget driver 200 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE 201 * always handled here, except for class/vendor/... features 202 * 203 * Context: caller holds controller lock 204 */ 205 static int 206 service_zero_data_request(struct musb *musb, 207 struct usb_ctrlrequest *ctrlrequest) 208 __releases(musb->lock) 209 __acquires(musb->lock) 210 { 211 int handled = -EINVAL; 212 void __iomem *mbase = musb->mregs; 213 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 214 215 /* the gadget driver handles everything except what we MUST handle */ 216 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 217 == USB_TYPE_STANDARD) { 218 switch (ctrlrequest->bRequest) { 219 case USB_REQ_SET_ADDRESS: 220 /* change it after the status stage */ 221 musb->set_address = true; 222 musb->address = (u8) (ctrlrequest->wValue & 0x7f); 223 handled = 1; 224 break; 225 226 case USB_REQ_CLEAR_FEATURE: 227 switch (recip) { 228 case USB_RECIP_DEVICE: 229 if (ctrlrequest->wValue 230 != USB_DEVICE_REMOTE_WAKEUP) 231 break; 232 musb->may_wakeup = 0; 233 handled = 1; 234 break; 235 case USB_RECIP_INTERFACE: 236 break; 237 case USB_RECIP_ENDPOINT:{ 238 const u8 epnum = 239 ctrlrequest->wIndex & 0x0f; 240 struct musb_ep *musb_ep; 241 struct musb_hw_ep *ep; 242 struct musb_request *request; 243 void __iomem *regs; 244 int is_in; 245 u16 csr; 246 247 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 248 ctrlrequest->wValue != USB_ENDPOINT_HALT) 249 break; 250 251 ep = musb->endpoints + epnum; 252 regs = ep->regs; 253 is_in = ctrlrequest->wIndex & USB_DIR_IN; 254 if (is_in) 255 musb_ep = &ep->ep_in; 256 else 257 musb_ep = &ep->ep_out; 258 if (!musb_ep->desc) 259 break; 260 261 handled = 1; 262 /* Ignore request if endpoint is wedged */ 263 if (musb_ep->wedged) 264 break; 265 266 musb_ep_select(mbase, epnum); 267 if (is_in) { 268 csr = musb_readw(regs, MUSB_TXCSR); 269 csr |= MUSB_TXCSR_CLRDATATOG | 270 MUSB_TXCSR_P_WZC_BITS; 271 csr &= ~(MUSB_TXCSR_P_SENDSTALL | 272 MUSB_TXCSR_P_SENTSTALL | 273 MUSB_TXCSR_TXPKTRDY); 274 musb_writew(regs, MUSB_TXCSR, csr); 275 } else { 276 csr = musb_readw(regs, MUSB_RXCSR); 277 csr |= MUSB_RXCSR_CLRDATATOG | 278 MUSB_RXCSR_P_WZC_BITS; 279 csr &= ~(MUSB_RXCSR_P_SENDSTALL | 280 MUSB_RXCSR_P_SENTSTALL); 281 musb_writew(regs, MUSB_RXCSR, csr); 282 } 283 284 /* Maybe start the first request in the queue */ 285 request = next_request(musb_ep); 286 if (!musb_ep->busy && request) { 287 dev_dbg(musb->controller, "restarting the request\n"); 288 musb_ep_restart(musb, request); 289 } 290 291 /* select ep0 again */ 292 musb_ep_select(mbase, 0); 293 } break; 294 default: 295 /* class, vendor, etc ... delegate */ 296 handled = 0; 297 break; 298 } 299 break; 300 301 case USB_REQ_SET_FEATURE: 302 switch (recip) { 303 case USB_RECIP_DEVICE: 304 handled = 1; 305 switch (ctrlrequest->wValue) { 306 case USB_DEVICE_REMOTE_WAKEUP: 307 musb->may_wakeup = 1; 308 break; 309 case USB_DEVICE_TEST_MODE: 310 if (musb->g.speed != USB_SPEED_HIGH) 311 goto stall; 312 if (ctrlrequest->wIndex & 0xff) 313 goto stall; 314 315 switch (ctrlrequest->wIndex >> 8) { 316 case 1: 317 pr_debug("TEST_J\n"); 318 /* TEST_J */ 319 musb->test_mode_nr = 320 MUSB_TEST_J; 321 break; 322 case 2: 323 /* TEST_K */ 324 pr_debug("TEST_K\n"); 325 musb->test_mode_nr = 326 MUSB_TEST_K; 327 break; 328 case 3: 329 /* TEST_SE0_NAK */ 330 pr_debug("TEST_SE0_NAK\n"); 331 musb->test_mode_nr = 332 MUSB_TEST_SE0_NAK; 333 break; 334 case 4: 335 /* TEST_PACKET */ 336 pr_debug("TEST_PACKET\n"); 337 musb->test_mode_nr = 338 MUSB_TEST_PACKET; 339 break; 340 341 case 0xc0: 342 /* TEST_FORCE_HS */ 343 pr_debug("TEST_FORCE_HS\n"); 344 musb->test_mode_nr = 345 MUSB_TEST_FORCE_HS; 346 break; 347 case 0xc1: 348 /* TEST_FORCE_FS */ 349 pr_debug("TEST_FORCE_FS\n"); 350 musb->test_mode_nr = 351 MUSB_TEST_FORCE_FS; 352 break; 353 case 0xc2: 354 /* TEST_FIFO_ACCESS */ 355 pr_debug("TEST_FIFO_ACCESS\n"); 356 musb->test_mode_nr = 357 MUSB_TEST_FIFO_ACCESS; 358 break; 359 case 0xc3: 360 /* TEST_FORCE_HOST */ 361 pr_debug("TEST_FORCE_HOST\n"); 362 musb->test_mode_nr = 363 MUSB_TEST_FORCE_HOST; 364 break; 365 default: 366 goto stall; 367 } 368 369 /* enter test mode after irq */ 370 if (handled > 0) 371 musb->test_mode = true; 372 break; 373 case USB_DEVICE_B_HNP_ENABLE: 374 if (!musb->g.is_otg) 375 goto stall; 376 musb->g.b_hnp_enable = 1; 377 musb_try_b_hnp_enable(musb); 378 break; 379 case USB_DEVICE_A_HNP_SUPPORT: 380 if (!musb->g.is_otg) 381 goto stall; 382 musb->g.a_hnp_support = 1; 383 break; 384 case USB_DEVICE_A_ALT_HNP_SUPPORT: 385 if (!musb->g.is_otg) 386 goto stall; 387 musb->g.a_alt_hnp_support = 1; 388 break; 389 case USB_DEVICE_DEBUG_MODE: 390 handled = 0; 391 break; 392 stall: 393 default: 394 handled = -EINVAL; 395 break; 396 } 397 break; 398 399 case USB_RECIP_INTERFACE: 400 break; 401 402 case USB_RECIP_ENDPOINT:{ 403 const u8 epnum = 404 ctrlrequest->wIndex & 0x0f; 405 struct musb_ep *musb_ep; 406 struct musb_hw_ep *ep; 407 void __iomem *regs; 408 int is_in; 409 u16 csr; 410 411 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 412 ctrlrequest->wValue != USB_ENDPOINT_HALT) 413 break; 414 415 ep = musb->endpoints + epnum; 416 regs = ep->regs; 417 is_in = ctrlrequest->wIndex & USB_DIR_IN; 418 if (is_in) 419 musb_ep = &ep->ep_in; 420 else 421 musb_ep = &ep->ep_out; 422 if (!musb_ep->desc) 423 break; 424 425 musb_ep_select(mbase, epnum); 426 if (is_in) { 427 csr = musb_readw(regs, MUSB_TXCSR); 428 if (csr & MUSB_TXCSR_FIFONOTEMPTY) 429 csr |= MUSB_TXCSR_FLUSHFIFO; 430 csr |= MUSB_TXCSR_P_SENDSTALL 431 | MUSB_TXCSR_CLRDATATOG 432 | MUSB_TXCSR_P_WZC_BITS; 433 musb_writew(regs, MUSB_TXCSR, csr); 434 } else { 435 csr = musb_readw(regs, MUSB_RXCSR); 436 csr |= MUSB_RXCSR_P_SENDSTALL 437 | MUSB_RXCSR_FLUSHFIFO 438 | MUSB_RXCSR_CLRDATATOG 439 | MUSB_RXCSR_P_WZC_BITS; 440 musb_writew(regs, MUSB_RXCSR, csr); 441 } 442 443 /* select ep0 again */ 444 musb_ep_select(mbase, 0); 445 handled = 1; 446 } break; 447 448 default: 449 /* class, vendor, etc ... delegate */ 450 handled = 0; 451 break; 452 } 453 break; 454 default: 455 /* delegate SET_CONFIGURATION, etc */ 456 handled = 0; 457 } 458 } else 459 handled = 0; 460 return handled; 461 } 462 463 /* we have an ep0out data packet 464 * Context: caller holds controller lock 465 */ 466 static void ep0_rxstate(struct musb *musb) 467 { 468 void __iomem *regs = musb->control_ep->regs; 469 struct musb_request *request; 470 struct usb_request *req; 471 u16 count, csr; 472 473 request = next_ep0_request(musb); 474 req = &request->request; 475 476 /* read packet and ack; or stall because of gadget driver bug: 477 * should have provided the rx buffer before setup() returned. 478 */ 479 if (req) { 480 void *buf = req->buf + req->actual; 481 unsigned len = req->length - req->actual; 482 483 /* read the buffer */ 484 count = musb_readb(regs, MUSB_COUNT0); 485 if (count > len) { 486 req->status = -EOVERFLOW; 487 count = len; 488 } 489 musb_read_fifo(&musb->endpoints[0], count, buf); 490 req->actual += count; 491 csr = MUSB_CSR0_P_SVDRXPKTRDY; 492 if (count < 64 || req->actual == req->length) { 493 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 494 csr |= MUSB_CSR0_P_DATAEND; 495 } else 496 req = NULL; 497 } else 498 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL; 499 500 501 /* Completion handler may choose to stall, e.g. because the 502 * message just received holds invalid data. 503 */ 504 if (req) { 505 musb->ackpend = csr; 506 musb_g_ep0_giveback(musb, req); 507 if (!musb->ackpend) 508 return; 509 musb->ackpend = 0; 510 } 511 musb_ep_select(musb->mregs, 0); 512 musb_writew(regs, MUSB_CSR0, csr); 513 } 514 515 /* 516 * transmitting to the host (IN), this code might be called from IRQ 517 * and from kernel thread. 518 * 519 * Context: caller holds controller lock 520 */ 521 static void ep0_txstate(struct musb *musb) 522 { 523 void __iomem *regs = musb->control_ep->regs; 524 struct musb_request *req = next_ep0_request(musb); 525 struct usb_request *request; 526 u16 csr = MUSB_CSR0_TXPKTRDY; 527 u8 *fifo_src; 528 u8 fifo_count; 529 530 if (!req) { 531 /* WARN_ON(1); */ 532 dev_dbg(musb->controller, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0)); 533 return; 534 } 535 536 request = &req->request; 537 538 /* load the data */ 539 fifo_src = (u8 *) request->buf + request->actual; 540 fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE, 541 request->length - request->actual); 542 musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src); 543 request->actual += fifo_count; 544 545 /* update the flags */ 546 if (fifo_count < MUSB_MAX_END0_PACKET 547 || (request->actual == request->length 548 && !request->zero)) { 549 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 550 csr |= MUSB_CSR0_P_DATAEND; 551 } else 552 request = NULL; 553 554 /* send it out, triggering a "txpktrdy cleared" irq */ 555 musb_ep_select(musb->mregs, 0); 556 musb_writew(regs, MUSB_CSR0, csr); 557 558 /* report completions as soon as the fifo's loaded; there's no 559 * win in waiting till this last packet gets acked. (other than 560 * very precise fault reporting, needed by USB TMC; possible with 561 * this hardware, but not usable from portable gadget drivers.) 562 */ 563 if (request) { 564 musb->ackpend = csr; 565 musb_g_ep0_giveback(musb, request); 566 if (!musb->ackpend) 567 return; 568 musb->ackpend = 0; 569 } 570 } 571 572 /* 573 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware. 574 * Fields are left in USB byte-order. 575 * 576 * Context: caller holds controller lock. 577 */ 578 static void 579 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req) 580 { 581 struct musb_request *r; 582 void __iomem *regs = musb->control_ep->regs; 583 584 musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req); 585 586 /* NOTE: earlier 2.6 versions changed setup packets to host 587 * order, but now USB packets always stay in USB byte order. 588 */ 589 dev_dbg(musb->controller, "SETUP req%02x.%02x v%04x i%04x l%d\n", 590 req->bRequestType, 591 req->bRequest, 592 le16_to_cpu(req->wValue), 593 le16_to_cpu(req->wIndex), 594 le16_to_cpu(req->wLength)); 595 596 /* clean up any leftover transfers */ 597 r = next_ep0_request(musb); 598 if (r) 599 musb_g_ep0_giveback(musb, &r->request); 600 601 /* For zero-data requests we want to delay the STATUS stage to 602 * avoid SETUPEND errors. If we read data (OUT), delay accepting 603 * packets until there's a buffer to store them in. 604 * 605 * If we write data, the controller acts happier if we enable 606 * the TX FIFO right away, and give the controller a moment 607 * to switch modes... 608 */ 609 musb->set_address = false; 610 musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY; 611 if (req->wLength == 0) { 612 if (req->bRequestType & USB_DIR_IN) 613 musb->ackpend |= MUSB_CSR0_TXPKTRDY; 614 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT; 615 } else if (req->bRequestType & USB_DIR_IN) { 616 musb->ep0_state = MUSB_EP0_STAGE_TX; 617 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY); 618 while ((musb_readw(regs, MUSB_CSR0) 619 & MUSB_CSR0_RXPKTRDY) != 0) 620 cpu_relax(); 621 musb->ackpend = 0; 622 } else 623 musb->ep0_state = MUSB_EP0_STAGE_RX; 624 } 625 626 static int 627 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 628 __releases(musb->lock) 629 __acquires(musb->lock) 630 { 631 int retval; 632 if (!musb->gadget_driver) 633 return -EOPNOTSUPP; 634 spin_unlock(&musb->lock); 635 retval = musb->gadget_driver->setup(&musb->g, ctrlrequest); 636 spin_lock(&musb->lock); 637 return retval; 638 } 639 640 /* 641 * Handle peripheral ep0 interrupt 642 * 643 * Context: irq handler; we won't re-enter the driver that way. 644 */ 645 irqreturn_t musb_g_ep0_irq(struct musb *musb) 646 { 647 u16 csr; 648 u16 len; 649 void __iomem *mbase = musb->mregs; 650 void __iomem *regs = musb->endpoints[0].regs; 651 irqreturn_t retval = IRQ_NONE; 652 653 musb_ep_select(mbase, 0); /* select ep0 */ 654 csr = musb_readw(regs, MUSB_CSR0); 655 len = musb_readb(regs, MUSB_COUNT0); 656 657 dev_dbg(musb->controller, "csr %04x, count %d, myaddr %d, ep0stage %s\n", 658 csr, len, 659 musb_readb(mbase, MUSB_FADDR), 660 decode_ep0stage(musb->ep0_state)); 661 662 if (csr & MUSB_CSR0_P_DATAEND) { 663 /* 664 * If DATAEND is set we should not call the callback, 665 * hence the status stage is not complete. 666 */ 667 return IRQ_HANDLED; 668 } 669 670 /* I sent a stall.. need to acknowledge it now.. */ 671 if (csr & MUSB_CSR0_P_SENTSTALL) { 672 musb_writew(regs, MUSB_CSR0, 673 csr & ~MUSB_CSR0_P_SENTSTALL); 674 retval = IRQ_HANDLED; 675 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 676 csr = musb_readw(regs, MUSB_CSR0); 677 } 678 679 /* request ended "early" */ 680 if (csr & MUSB_CSR0_P_SETUPEND) { 681 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND); 682 retval = IRQ_HANDLED; 683 /* Transition into the early status phase */ 684 switch (musb->ep0_state) { 685 case MUSB_EP0_STAGE_TX: 686 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 687 break; 688 case MUSB_EP0_STAGE_RX: 689 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 690 break; 691 default: 692 ERR("SetupEnd came in a wrong ep0stage %s\n", 693 decode_ep0stage(musb->ep0_state)); 694 } 695 csr = musb_readw(regs, MUSB_CSR0); 696 /* NOTE: request may need completion */ 697 } 698 699 /* docs from Mentor only describe tx, rx, and idle/setup states. 700 * we need to handle nuances around status stages, and also the 701 * case where status and setup stages come back-to-back ... 702 */ 703 switch (musb->ep0_state) { 704 705 case MUSB_EP0_STAGE_TX: 706 /* irq on clearing txpktrdy */ 707 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) { 708 ep0_txstate(musb); 709 retval = IRQ_HANDLED; 710 } 711 break; 712 713 case MUSB_EP0_STAGE_RX: 714 /* irq on set rxpktrdy */ 715 if (csr & MUSB_CSR0_RXPKTRDY) { 716 ep0_rxstate(musb); 717 retval = IRQ_HANDLED; 718 } 719 break; 720 721 case MUSB_EP0_STAGE_STATUSIN: 722 /* end of sequence #2 (OUT/RX state) or #3 (no data) */ 723 724 /* update address (if needed) only @ the end of the 725 * status phase per usb spec, which also guarantees 726 * we get 10 msec to receive this irq... until this 727 * is done we won't see the next packet. 728 */ 729 if (musb->set_address) { 730 musb->set_address = false; 731 musb_writeb(mbase, MUSB_FADDR, musb->address); 732 } 733 734 /* enter test mode if needed (exit by reset) */ 735 else if (musb->test_mode) { 736 dev_dbg(musb->controller, "entering TESTMODE\n"); 737 738 if (MUSB_TEST_PACKET == musb->test_mode_nr) 739 musb_load_testpacket(musb); 740 741 musb_writeb(mbase, MUSB_TESTMODE, 742 musb->test_mode_nr); 743 } 744 /* FALLTHROUGH */ 745 746 case MUSB_EP0_STAGE_STATUSOUT: 747 /* end of sequence #1: write to host (TX state) */ 748 { 749 struct musb_request *req; 750 751 req = next_ep0_request(musb); 752 if (req) 753 musb_g_ep0_giveback(musb, &req->request); 754 } 755 756 /* 757 * In case when several interrupts can get coalesced, 758 * check to see if we've already received a SETUP packet... 759 */ 760 if (csr & MUSB_CSR0_RXPKTRDY) 761 goto setup; 762 763 retval = IRQ_HANDLED; 764 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 765 break; 766 767 case MUSB_EP0_STAGE_IDLE: 768 /* 769 * This state is typically (but not always) indiscernible 770 * from the status states since the corresponding interrupts 771 * tend to happen within too little period of time (with only 772 * a zero-length packet in between) and so get coalesced... 773 */ 774 retval = IRQ_HANDLED; 775 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 776 /* FALLTHROUGH */ 777 778 case MUSB_EP0_STAGE_SETUP: 779 setup: 780 if (csr & MUSB_CSR0_RXPKTRDY) { 781 struct usb_ctrlrequest setup; 782 int handled = 0; 783 784 if (len != 8) { 785 ERR("SETUP packet len %d != 8 ?\n", len); 786 break; 787 } 788 musb_read_setup(musb, &setup); 789 retval = IRQ_HANDLED; 790 791 /* sometimes the RESET won't be reported */ 792 if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) { 793 u8 power; 794 795 printk(KERN_NOTICE "%s: peripheral reset " 796 "irq lost!\n", 797 musb_driver_name); 798 power = musb_readb(mbase, MUSB_POWER); 799 musb->g.speed = (power & MUSB_POWER_HSMODE) 800 ? USB_SPEED_HIGH : USB_SPEED_FULL; 801 802 } 803 804 switch (musb->ep0_state) { 805 806 /* sequence #3 (no data stage), includes requests 807 * we can't forward (notably SET_ADDRESS and the 808 * device/endpoint feature set/clear operations) 809 * plus SET_CONFIGURATION and others we must 810 */ 811 case MUSB_EP0_STAGE_ACKWAIT: 812 handled = service_zero_data_request( 813 musb, &setup); 814 815 /* 816 * We're expecting no data in any case, so 817 * always set the DATAEND bit -- doing this 818 * here helps avoid SetupEnd interrupt coming 819 * in the idle stage when we're stalling... 820 */ 821 musb->ackpend |= MUSB_CSR0_P_DATAEND; 822 823 /* status stage might be immediate */ 824 if (handled > 0) 825 musb->ep0_state = 826 MUSB_EP0_STAGE_STATUSIN; 827 break; 828 829 /* sequence #1 (IN to host), includes GET_STATUS 830 * requests that we can't forward, GET_DESCRIPTOR 831 * and others that we must 832 */ 833 case MUSB_EP0_STAGE_TX: 834 handled = service_in_request(musb, &setup); 835 if (handled > 0) { 836 musb->ackpend = MUSB_CSR0_TXPKTRDY 837 | MUSB_CSR0_P_DATAEND; 838 musb->ep0_state = 839 MUSB_EP0_STAGE_STATUSOUT; 840 } 841 break; 842 843 /* sequence #2 (OUT from host), always forward */ 844 default: /* MUSB_EP0_STAGE_RX */ 845 break; 846 } 847 848 dev_dbg(musb->controller, "handled %d, csr %04x, ep0stage %s\n", 849 handled, csr, 850 decode_ep0stage(musb->ep0_state)); 851 852 /* unless we need to delegate this to the gadget 853 * driver, we know how to wrap this up: csr0 has 854 * not yet been written. 855 */ 856 if (handled < 0) 857 goto stall; 858 else if (handled > 0) 859 goto finish; 860 861 handled = forward_to_driver(musb, &setup); 862 if (handled < 0) { 863 musb_ep_select(mbase, 0); 864 stall: 865 dev_dbg(musb->controller, "stall (%d)\n", handled); 866 musb->ackpend |= MUSB_CSR0_P_SENDSTALL; 867 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 868 finish: 869 musb_writew(regs, MUSB_CSR0, 870 musb->ackpend); 871 musb->ackpend = 0; 872 } 873 } 874 break; 875 876 case MUSB_EP0_STAGE_ACKWAIT: 877 /* This should not happen. But happens with tusb6010 with 878 * g_file_storage and high speed. Do nothing. 879 */ 880 retval = IRQ_HANDLED; 881 break; 882 883 default: 884 /* "can't happen" */ 885 WARN_ON(1); 886 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL); 887 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 888 break; 889 } 890 891 return retval; 892 } 893 894 895 static int 896 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc) 897 { 898 /* always enabled */ 899 return -EINVAL; 900 } 901 902 static int musb_g_ep0_disable(struct usb_ep *e) 903 { 904 /* always enabled */ 905 return -EINVAL; 906 } 907 908 static int 909 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags) 910 { 911 struct musb_ep *ep; 912 struct musb_request *req; 913 struct musb *musb; 914 int status; 915 unsigned long lockflags; 916 void __iomem *regs; 917 918 if (!e || !r) 919 return -EINVAL; 920 921 ep = to_musb_ep(e); 922 musb = ep->musb; 923 regs = musb->control_ep->regs; 924 925 req = to_musb_request(r); 926 req->musb = musb; 927 req->request.actual = 0; 928 req->request.status = -EINPROGRESS; 929 req->tx = ep->is_in; 930 931 spin_lock_irqsave(&musb->lock, lockflags); 932 933 if (!list_empty(&ep->req_list)) { 934 status = -EBUSY; 935 goto cleanup; 936 } 937 938 switch (musb->ep0_state) { 939 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 940 case MUSB_EP0_STAGE_TX: /* control-IN data */ 941 case MUSB_EP0_STAGE_ACKWAIT: /* zero-length data */ 942 status = 0; 943 break; 944 default: 945 dev_dbg(musb->controller, "ep0 request queued in state %d\n", 946 musb->ep0_state); 947 status = -EINVAL; 948 goto cleanup; 949 } 950 951 /* add request to the list */ 952 list_add_tail(&req->list, &ep->req_list); 953 954 dev_dbg(musb->controller, "queue to %s (%s), length=%d\n", 955 ep->name, ep->is_in ? "IN/TX" : "OUT/RX", 956 req->request.length); 957 958 musb_ep_select(musb->mregs, 0); 959 960 /* sequence #1, IN ... start writing the data */ 961 if (musb->ep0_state == MUSB_EP0_STAGE_TX) 962 ep0_txstate(musb); 963 964 /* sequence #3, no-data ... issue IN status */ 965 else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) { 966 if (req->request.length) 967 status = -EINVAL; 968 else { 969 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 970 musb_writew(regs, MUSB_CSR0, 971 musb->ackpend | MUSB_CSR0_P_DATAEND); 972 musb->ackpend = 0; 973 musb_g_ep0_giveback(ep->musb, r); 974 } 975 976 /* else for sequence #2 (OUT), caller provides a buffer 977 * before the next packet arrives. deferred responses 978 * (after SETUP is acked) are racey. 979 */ 980 } else if (musb->ackpend) { 981 musb_writew(regs, MUSB_CSR0, musb->ackpend); 982 musb->ackpend = 0; 983 } 984 985 cleanup: 986 spin_unlock_irqrestore(&musb->lock, lockflags); 987 return status; 988 } 989 990 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req) 991 { 992 /* we just won't support this */ 993 return -EINVAL; 994 } 995 996 static int musb_g_ep0_halt(struct usb_ep *e, int value) 997 { 998 struct musb_ep *ep; 999 struct musb *musb; 1000 void __iomem *base, *regs; 1001 unsigned long flags; 1002 int status; 1003 u16 csr; 1004 1005 if (!e || !value) 1006 return -EINVAL; 1007 1008 ep = to_musb_ep(e); 1009 musb = ep->musb; 1010 base = musb->mregs; 1011 regs = musb->control_ep->regs; 1012 status = 0; 1013 1014 spin_lock_irqsave(&musb->lock, flags); 1015 1016 if (!list_empty(&ep->req_list)) { 1017 status = -EBUSY; 1018 goto cleanup; 1019 } 1020 1021 musb_ep_select(base, 0); 1022 csr = musb->ackpend; 1023 1024 switch (musb->ep0_state) { 1025 1026 /* Stalls are usually issued after parsing SETUP packet, either 1027 * directly in irq context from setup() or else later. 1028 */ 1029 case MUSB_EP0_STAGE_TX: /* control-IN data */ 1030 case MUSB_EP0_STAGE_ACKWAIT: /* STALL for zero-length data */ 1031 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 1032 csr = musb_readw(regs, MUSB_CSR0); 1033 /* FALLTHROUGH */ 1034 1035 /* It's also OK to issue stalls during callbacks when a non-empty 1036 * DATA stage buffer has been read (or even written). 1037 */ 1038 case MUSB_EP0_STAGE_STATUSIN: /* control-OUT status */ 1039 case MUSB_EP0_STAGE_STATUSOUT: /* control-IN status */ 1040 1041 csr |= MUSB_CSR0_P_SENDSTALL; 1042 musb_writew(regs, MUSB_CSR0, csr); 1043 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 1044 musb->ackpend = 0; 1045 break; 1046 default: 1047 dev_dbg(musb->controller, "ep0 can't halt in state %d\n", musb->ep0_state); 1048 status = -EINVAL; 1049 } 1050 1051 cleanup: 1052 spin_unlock_irqrestore(&musb->lock, flags); 1053 return status; 1054 } 1055 1056 const struct usb_ep_ops musb_g_ep0_ops = { 1057 .enable = musb_g_ep0_enable, 1058 .disable = musb_g_ep0_disable, 1059 .alloc_request = musb_alloc_request, 1060 .free_request = musb_free_request, 1061 .queue = musb_g_ep0_queue, 1062 .dequeue = musb_g_ep0_dequeue, 1063 .set_halt = musb_g_ep0_halt, 1064 }; 1065