LXR linux/drivers/usb/musb/musb_gadget

   1/*
   2 * MUSB OTG peripheral driver ep0 handling
   3 *
   4 * Copyright 2005 Mentor Graphics Corporation
   5 * Copyright (C) 2005-2006 by Texas Instruments
   6 * Copyright (C) 2006-2007 Nokia Corporation
   7 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com>
   8 *
   9 * This program is free software; you can redistribute it and/or
  10 * modify it under the terms of the GNU General Public License
  11 * version 2 as published by the Free Software Foundation.
  12 *
  13 * This program is distributed in the hope that it will be useful, but
  14 * WITHOUT ANY WARRANTY; without even the implied warranty of
  15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16 * General Public License for more details.
  17 *
  18 * You should have received a copy of the GNU General Public License
  19 * along with this program; if not, write to the Free Software
  20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  21 * 02110-1301 USA
  22 *
  23 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
  24 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN
  26 * NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
  27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
  29 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
  30 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  33 *
  34 */
  35
  36#include <linux/kernel.h>
  37#include <linux/list.h>
  38#include <linux/timer.h>
  39#include <linux/spinlock.h>
  40#include <linux/init.h>
  41#include <linux/device.h>
  42#include <linux/interrupt.h>
  43
  44#include "musb_core.h"
  45
  46/* ep0 is always musb->endpoints[0].ep_in */
  47#define next_ep0_request(musb)  next_in_request(&(musb)->endpoints[0])
  48
  49/*
  50 * locking note:  we use only the controller lock, for simpler correctness.
  51 * It's always held with IRQs blocked.
  52 *
  53 * It protects the ep0 request queue as well as ep0_state, not just the
  54 * controller and indexed registers.  And that lock stays held unless it
  55 * needs to be dropped to allow reentering this driver ... like upcalls to
  56 * the gadget driver, or adjusting endpoint halt status.
  57 */
  58
  59static char *decode_ep0stage(u8 stage)
  60{
  61        switch (stage) {
  62        case MUSB_EP0_STAGE_IDLE:       return "idle";
  63        case MUSB_EP0_STAGE_SETUP:      return "setup";
  64        case MUSB_EP0_STAGE_TX:         return "in";
  65        case MUSB_EP0_STAGE_RX:         return "out";
  66        case MUSB_EP0_STAGE_ACKWAIT:    return "wait";
  67        case MUSB_EP0_STAGE_STATUSIN:   return "in/status";
  68        case MUSB_EP0_STAGE_STATUSOUT:  return "out/status";
  69        default:                        return "?";
  70        }
  71}
  72
  73/* handle a standard GET_STATUS request
  74 * Context:  caller holds controller lock
  75 */
  76static int service_tx_status_request(
  77        struct musb *musb,
  78        const struct usb_ctrlrequest *ctrlrequest)
  79{
  80        void __iomem    *mbase = musb->mregs;
  81        int handled = 1;
  82        u8 result[2], epnum = 0;
  83        const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
  84
  85        result[1] = 0;
  86
  87        switch (recip) {
  88        case USB_RECIP_DEVICE:
  89                result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED;
  90                result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP;
  91#ifdef CONFIG_USB_MUSB_OTG
  92                if (musb->g.is_otg) {
  93                        result[0] |= musb->g.b_hnp_enable
  94                                << USB_DEVICE_B_HNP_ENABLE;
  95                        result[0] |= musb->g.a_alt_hnp_support
  96                                << USB_DEVICE_A_ALT_HNP_SUPPORT;
  97                        result[0] |= musb->g.a_hnp_support
  98                                << USB_DEVICE_A_HNP_SUPPORT;
  99                }
 100#endif
 101                break;
 102
 103        case USB_RECIP_INTERFACE:
 104                result[0] = 0;
 105                break;
 106
 107        case USB_RECIP_ENDPOINT: {
 108                int             is_in;
 109                struct musb_ep  *ep;
 110                u16             tmp;
 111                void __iomem    *regs;
 112
 113                epnum = (u8) ctrlrequest->wIndex;
 114                if (!epnum) {
 115                        result[0] = 0;
 116                        break;
 117                }
 118
 119                is_in = epnum & USB_DIR_IN;
 120                if (is_in) {
 121                        epnum &= 0x0f;
 122                        ep = &musb->endpoints[epnum].ep_in;
 123                } else {
 124                        ep = &musb->endpoints[epnum].ep_out;
 125                }
 126                regs = musb->endpoints[epnum].regs;
 127
 128                if (epnum >= MUSB_C_NUM_EPS || !ep->desc) {
 129                        handled = -EINVAL;
 130                        break;
 131                }
 132
 133                musb_ep_select(mbase, epnum);
 134                if (is_in)
 135                        tmp = musb_readw(regs, MUSB_TXCSR)
 136                                                & MUSB_TXCSR_P_SENDSTALL;
 137                else
 138                        tmp = musb_readw(regs, MUSB_RXCSR)
 139                                                & MUSB_RXCSR_P_SENDSTALL;
 140                musb_ep_select(mbase, 0);
 141
 142                result[0] = tmp ? 1 : 0;
 143                } break;
 144
 145        default:
 146                /* class, vendor, etc ... delegate */
 147                handled = 0;
 148                break;
 149        }
 150
 151        /* fill up the fifo; caller updates csr0 */
 152        if (handled > 0) {
 153                u16     len = le16_to_cpu(ctrlrequest->wLength);
 154
 155                if (len > 2)
 156                        len = 2;
 157                musb_write_fifo(&musb->endpoints[0], len, result);
 158        }
 159
 160        return handled;
 161}
 162
 163/*
 164 * handle a control-IN request, the end0 buffer contains the current request
 165 * that is supposed to be a standard control request. Assumes the fifo to
 166 * be at least 2 bytes long.
 167 *
 168 * @return 0 if the request was NOT HANDLED,
 169 * < 0 when error
 170 * > 0 when the request is processed
 171 *
 172 * Context:  caller holds controller lock
 173 */
 174static int
 175service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
 176{
 177        int handled = 0;        /* not handled */
 178
 179        if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
 180                        == USB_TYPE_STANDARD) {
 181                switch (ctrlrequest->bRequest) {
 182                case USB_REQ_GET_STATUS:
 183                        handled = service_tx_status_request(musb,
 184                                        ctrlrequest);
 185                        break;
 186
 187                /* case USB_REQ_SYNC_FRAME: */
 188
 189                default:
 190                        break;
 191                }
 192        }
 193        return handled;
 194}
 195
 196/*
 197 * Context:  caller holds controller lock
 198 */
 199static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req)
 200{
 201        musb_g_giveback(&musb->endpoints[0].ep_in, req, 0);
 202        musb->ep0_state = MUSB_EP0_STAGE_SETUP;
 203}
 204
 205/*
 206 * Tries to start B-device HNP negotiation if enabled via sysfs
 207 */
 208static inline void musb_try_b_hnp_enable(struct musb *musb)
 209{
 210        void __iomem    *mbase = musb->mregs;
 211        u8              devctl;
 212
 213        DBG(1, "HNP: Setting HR\n");
 214        devctl = musb_readb(mbase, MUSB_DEVCTL);
 215        musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR);
 216}
 217
 218/*
 219 * Handle all control requests with no DATA stage, including standard
 220 * requests such as:
 221 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized
 222 *      always delegated to the gadget driver
 223 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE
 224 *      always handled here, except for class/vendor/... features
 225 *
 226 * Context:  caller holds controller lock
 227 */
 228static int
 229service_zero_data_request(struct musb *musb,
 230                struct usb_ctrlrequest *ctrlrequest)
 231__releases(musb->lock)
 232__acquires(musb->lock)
 233{
 234        int handled = -EINVAL;
 235        void __iomem *mbase = musb->mregs;
 236        const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
 237
 238        /* the gadget driver handles everything except what we MUST handle */
 239        if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
 240                        == USB_TYPE_STANDARD) {
 241                switch (ctrlrequest->bRequest) {
 242                case USB_REQ_SET_ADDRESS:
 243                        /* change it after the status stage */
 244                        musb->set_address = true;
 245                        musb->address = (u8) (ctrlrequest->wValue & 0x7f);
 246                        handled = 1;
 247                        break;
 248
 249                case USB_REQ_CLEAR_FEATURE:
 250                        switch (recip) {
 251                        case USB_RECIP_DEVICE:
 252                                if (ctrlrequest->wValue
 253                                                != USB_DEVICE_REMOTE_WAKEUP)
 254                                        break;
 255                                musb->may_wakeup = 0;
 256                                handled = 1;
 257                                break;
 258                        case USB_RECIP_INTERFACE:
 259                                break;
 260                        case USB_RECIP_ENDPOINT:{
 261                                const u8 num = ctrlrequest->wIndex & 0x0f;
 262                                struct musb_ep *musb_ep;
 263
 264                                if (num == 0
 265                                                || num >= MUSB_C_NUM_EPS
 266                                                || ctrlrequest->wValue
 267                                                        != USB_ENDPOINT_HALT)
 268                                        break;
 269
 270                                if (ctrlrequest->wIndex & USB_DIR_IN)
 271                                        musb_ep = &musb->endpoints[num].ep_in;
 272                                else
 273                                        musb_ep = &musb->endpoints[num].ep_out;
 274                                if (!musb_ep->desc)
 275                                        break;
 276
 277                                /* REVISIT do it directly, no locking games */
 278                                spin_unlock(&musb->lock);
 279                                musb_gadget_set_halt(&musb_ep->end_point, 0);
 280                                spin_lock(&musb->lock);
 281
 282                                /* select ep0 again */
 283                                musb_ep_select(mbase, 0);
 284                                handled = 1;
 285                                } break;
 286                        default:
 287                                /* class, vendor, etc ... delegate */
 288                                handled = 0;
 289                                break;
 290                        }
 291                        break;
 292
 293                case USB_REQ_SET_FEATURE:
 294                        switch (recip) {
 295                        case USB_RECIP_DEVICE:
 296                                handled = 1;
 297                                switch (ctrlrequest->wValue) {
 298                                case USB_DEVICE_REMOTE_WAKEUP:
 299                                        musb->may_wakeup = 1;
 300                                        break;
 301                                case USB_DEVICE_TEST_MODE:
 302                                        if (musb->g.speed != USB_SPEED_HIGH)
 303                                                goto stall;
 304                                        if (ctrlrequest->wIndex & 0xff)
 305                                                goto stall;
 306
 307                                        switch (ctrlrequest->wIndex >> 8) {
 308                                        case 1:
 309                                                pr_debug("TEST_J\n");
 310                                                /* TEST_J */
 311                                                musb->test_mode_nr =
 312                                                        MUSB_TEST_J;
 313                                                break;
 314                                        case 2:
 315                                                /* TEST_K */
 316                                                pr_debug("TEST_K\n");
 317                                                musb->test_mode_nr =
 318                                                        MUSB_TEST_K;
 319                                                break;
 320                                        case 3:
 321                                                /* TEST_SE0_NAK */
 322                                                pr_debug("TEST_SE0_NAK\n");
 323                                                musb->test_mode_nr =
 324                                                        MUSB_TEST_SE0_NAK;
 325                                                break;
 326                                        case 4:
 327                                                /* TEST_PACKET */
 328                                                pr_debug("TEST_PACKET\n");
 329                                                musb->test_mode_nr =
 330                                                        MUSB_TEST_PACKET;
 331                                                break;
 332                                        default:
 333                                                goto stall;
 334                                        }
 335
 336                                        /* enter test mode after irq */
 337                                        if (handled > 0)
 338                                                musb->test_mode = true;
 339                                        break;
 340#ifdef CONFIG_USB_MUSB_OTG
 341                                case USB_DEVICE_B_HNP_ENABLE:
 342                                        if (!musb->g.is_otg)
 343                                                goto stall;
 344                                        musb->g.b_hnp_enable = 1;
 345                                        musb_try_b_hnp_enable(musb);
 346                                        break;
 347                                case USB_DEVICE_A_HNP_SUPPORT:
 348                                        if (!musb->g.is_otg)
 349                                                goto stall;
 350                                        musb->g.a_hnp_support = 1;
 351                                        break;
 352                                case USB_DEVICE_A_ALT_HNP_SUPPORT:
 353                                        if (!musb->g.is_otg)
 354                                                goto stall;
 355                                        musb->g.a_alt_hnp_support = 1;
 356                                        break;
 357#endif
 358stall:
 359                                default:
 360                                        handled = -EINVAL;
 361                                        break;
 362                                }
 363                                break;
 364
 365                        case USB_RECIP_INTERFACE:
 366                                break;
 367
 368                        case USB_RECIP_ENDPOINT:{
 369                                const u8                epnum =
 370                                        ctrlrequest->wIndex & 0x0f;
 371                                struct musb_ep          *musb_ep;
 372                                struct musb_hw_ep       *ep;
 373                                void __iomem            *regs;
 374                                int                     is_in;
 375                                u16                     csr;
 376
 377                                if (epnum == 0
 378                                                || epnum >= MUSB_C_NUM_EPS
 379                                                || ctrlrequest->wValue
 380                                                        != USB_ENDPOINT_HALT)
 381                                        break;
 382
 383                                ep = musb->endpoints + epnum;
 384                                regs = ep->regs;
 385                                is_in = ctrlrequest->wIndex & USB_DIR_IN;
 386                                if (is_in)
 387                                        musb_ep = &ep->ep_in;
 388                                else
 389                                        musb_ep = &ep->ep_out;
 390                                if (!musb_ep->desc)
 391                                        break;
 392
 393                                musb_ep_select(mbase, epnum);
 394                                if (is_in) {
 395                                        csr = musb_readw(regs,
 396                                                        MUSB_TXCSR);
 397                                        if (csr & MUSB_TXCSR_FIFONOTEMPTY)
 398                                                csr |= MUSB_TXCSR_FLUSHFIFO;
 399                                        csr |= MUSB_TXCSR_P_SENDSTALL
 400                                                | MUSB_TXCSR_CLRDATATOG
 401                                                | MUSB_TXCSR_P_WZC_BITS;
 402                                        musb_writew(regs, MUSB_TXCSR,
 403                                                        csr);
 404                                } else {
 405                                        csr = musb_readw(regs,
 406                                                        MUSB_RXCSR);
 407                                        csr |= MUSB_RXCSR_P_SENDSTALL
 408                                                | MUSB_RXCSR_FLUSHFIFO
 409                                                | MUSB_RXCSR_CLRDATATOG
 410                                                | MUSB_RXCSR_P_WZC_BITS;
 411                                        musb_writew(regs, MUSB_RXCSR,
 412                                                        csr);
 413                                }
 414
 415                                /* select ep0 again */
 416                                musb_ep_select(mbase, 0);
 417                                handled = 1;
 418                                } break;
 419
 420                        default:
 421                                /* class, vendor, etc ... delegate */
 422                                handled = 0;
 423                                break;
 424                        }
 425                        break;
 426                default:
 427                        /* delegate SET_CONFIGURATION, etc */
 428                        handled = 0;
 429                }
 430        } else
 431                handled = 0;
 432        return handled;
 433}
 434
 435/* we have an ep0out data packet
 436 * Context:  caller holds controller lock
 437 */
 438static void ep0_rxstate(struct musb *musb)
 439{
 440        void __iomem            *regs = musb->control_ep->regs;
 441        struct usb_request      *req;
 442        u16                     count, csr;
 443
 444        req = next_ep0_request(musb);
 445
 446        /* read packet and ack; or stall because of gadget driver bug:
 447         * should have provided the rx buffer before setup() returned.
 448         */
 449        if (req) {
 450                void            *buf = req->buf + req->actual;
 451                unsigned        len = req->length - req->actual;
 452
 453                /* read the buffer */
 454                count = musb_readb(regs, MUSB_COUNT0);
 455                if (count > len) {
 456                        req->status = -EOVERFLOW;
 457                        count = len;
 458                }
 459                musb_read_fifo(&musb->endpoints[0], count, buf);
 460                req->actual += count;
 461                csr = MUSB_CSR0_P_SVDRXPKTRDY;
 462                if (count < 64 || req->actual == req->length) {
 463                        musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
 464                        csr |= MUSB_CSR0_P_DATAEND;
 465                } else
 466                        req = NULL;
 467        } else
 468                csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL;
 469
 470
 471        /* Completion handler may choose to stall, e.g. because the
 472         * message just received holds invalid data.
 473         */
 474        if (req) {
 475                musb->ackpend = csr;
 476                musb_g_ep0_giveback(musb, req);
 477                if (!musb->ackpend)
 478                        return;
 479                musb->ackpend = 0;
 480        }
 481        musb_ep_select(musb->mregs, 0);
 482        musb_writew(regs, MUSB_CSR0, csr);
 483}
 484
 485/*
 486 * transmitting to the host (IN), this code might be called from IRQ
 487 * and from kernel thread.
 488 *
 489 * Context:  caller holds controller lock
 490 */
 491static void ep0_txstate(struct musb *musb)
 492{
 493        void __iomem            *regs = musb->control_ep->regs;
 494        struct usb_request      *request = next_ep0_request(musb);
 495        u16                     csr = MUSB_CSR0_TXPKTRDY;
 496        u8                      *fifo_src;
 497        u8                      fifo_count;
 498
 499        if (!request) {
 500                /* WARN_ON(1); */
 501                DBG(2, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0));
 502                return;
 503        }
 504
 505        /* load the data */
 506        fifo_src = (u8 *) request->buf + request->actual;
 507        fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE,
 508                request->length - request->actual);
 509        musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src);
 510        request->actual += fifo_count;
 511
 512        /* update the flags */
 513        if (fifo_count < MUSB_MAX_END0_PACKET
 514                        || (request->actual == request->length
 515                                && !request->zero)) {
 516                musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
 517                csr |= MUSB_CSR0_P_DATAEND;
 518        } else
 519                request = NULL;
 520
 521        /* report completions as soon as the fifo's loaded; there's no
 522         * win in waiting till this last packet gets acked.  (other than
 523         * very precise fault reporting, needed by USB TMC; possible with
 524         * this hardware, but not usable from portable gadget drivers.)
 525         */
 526        if (request) {
 527                musb->ackpend = csr;
 528                musb_g_ep0_giveback(musb, request);
 529                if (!musb->ackpend)
 530                        return;
 531                musb->ackpend = 0;
 532        }
 533
 534        /* send it out, triggering a "txpktrdy cleared" irq */
 535        musb_ep_select(musb->mregs, 0);
 536        musb_writew(regs, MUSB_CSR0, csr);
 537}
 538
 539/*
 540 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware.
 541 * Fields are left in USB byte-order.
 542 *
 543 * Context:  caller holds controller lock.
 544 */
 545static void
 546musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req)
 547{
 548        struct usb_request      *r;
 549        void __iomem            *regs = musb->control_ep->regs;
 550
 551        musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req);
 552
 553        /* NOTE:  earlier 2.6 versions changed setup packets to host
 554         * order, but now USB packets always stay in USB byte order.
 555         */
 556        DBG(3, "SETUP req%02x.%02x v%04x i%04x l%d\n",
 557                req->bRequestType,
 558                req->bRequest,
 559                le16_to_cpu(req->wValue),
 560                le16_to_cpu(req->wIndex),
 561                le16_to_cpu(req->wLength));
 562
 563        /* clean up any leftover transfers */
 564        r = next_ep0_request(musb);
 565        if (r)
 566                musb_g_ep0_giveback(musb, r);
 567
 568        /* For zero-data requests we want to delay the STATUS stage to
 569         * avoid SETUPEND errors.  If we read data (OUT), delay accepting
 570         * packets until there's a buffer to store them in.
 571         *
 572         * If we write data, the controller acts happier if we enable
 573         * the TX FIFO right away, and give the controller a moment
 574         * to switch modes...
 575         */
 576        musb->set_address = false;
 577        musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY;
 578        if (req->wLength == 0) {
 579                if (req->bRequestType & USB_DIR_IN)
 580                        musb->ackpend |= MUSB_CSR0_TXPKTRDY;
 581                musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT;
 582        } else if (req->bRequestType & USB_DIR_IN) {
 583                musb->ep0_state = MUSB_EP0_STAGE_TX;
 584                musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY);
 585                while ((musb_readw(regs, MUSB_CSR0)
 586                                & MUSB_CSR0_RXPKTRDY) != 0)
 587                        cpu_relax();
 588                musb->ackpend = 0;
 589        } else
 590                musb->ep0_state = MUSB_EP0_STAGE_RX;
 591}
 592
 593static int
 594forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
 595__releases(musb->lock)
 596__acquires(musb->lock)
 597{
 598        int retval;
 599        if (!musb->gadget_driver)
 600                return -EOPNOTSUPP;
 601        spin_unlock(&musb->lock);
 602        retval = musb->gadget_driver->setup(&musb->g, ctrlrequest);
 603        spin_lock(&musb->lock);
 604        return retval;
 605}
 606
 607/*
 608 * Handle peripheral ep0 interrupt
 609 *
 610 * Context: irq handler; we won't re-enter the driver that way.
 611 */
 612irqreturn_t musb_g_ep0_irq(struct musb *musb)
 613{
 614        u16             csr;
 615        u16             len;
 616        void __iomem    *mbase = musb->mregs;
 617        void __iomem    *regs = musb->endpoints[0].regs;
 618        irqreturn_t     retval = IRQ_NONE;
 619
 620        musb_ep_select(mbase, 0);       /* select ep0 */
 621        csr = musb_readw(regs, MUSB_CSR0);
 622        len = musb_readb(regs, MUSB_COUNT0);
 623
 624        DBG(4, "csr %04x, count %d, myaddr %d, ep0stage %s\n",
 625                        csr, len,
 626                        musb_readb(mbase, MUSB_FADDR),
 627                        decode_ep0stage(musb->ep0_state));
 628
 629        /* I sent a stall.. need to acknowledge it now.. */
 630        if (csr & MUSB_CSR0_P_SENTSTALL) {
 631                musb_writew(regs, MUSB_CSR0,
 632                                csr & ~MUSB_CSR0_P_SENTSTALL);
 633                retval = IRQ_HANDLED;
 634                musb->ep0_state = MUSB_EP0_STAGE_IDLE;
 635                csr = musb_readw(regs, MUSB_CSR0);
 636        }
 637
 638        /* request ended "early" */
 639        if (csr & MUSB_CSR0_P_SETUPEND) {
 640                musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND);
 641                retval = IRQ_HANDLED;
 642                /* Transition into the early status phase */
 643                switch (musb->ep0_state) {
 644                case MUSB_EP0_STAGE_TX:
 645                        musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
 646                        break;
 647                case MUSB_EP0_STAGE_RX:
 648                        musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
 649                        break;
 650                default:
 651                        ERR("SetupEnd came in a wrong ep0stage %s",
 652                            decode_ep0stage(musb->ep0_state));
 653                }
 654                csr = musb_readw(regs, MUSB_CSR0);
 655                /* NOTE:  request may need completion */
 656        }
 657
 658        /* docs from Mentor only describe tx, rx, and idle/setup states.
 659         * we need to handle nuances around status stages, and also the
 660         * case where status and setup stages come back-to-back ...
 661         */
 662        switch (musb->ep0_state) {
 663
 664        case MUSB_EP0_STAGE_TX:
 665                /* irq on clearing txpktrdy */
 666                if ((csr & MUSB_CSR0_TXPKTRDY) == 0) {
 667                        ep0_txstate(musb);
 668                        retval = IRQ_HANDLED;
 669                }
 670                break;
 671
 672        case MUSB_EP0_STAGE_RX:
 673                /* irq on set rxpktrdy */
 674                if (csr & MUSB_CSR0_RXPKTRDY) {
 675                        ep0_rxstate(musb);
 676                        retval = IRQ_HANDLED;
 677                }
 678                break;
 679
 680        case MUSB_EP0_STAGE_STATUSIN:
 681                /* end of sequence #2 (OUT/RX state) or #3 (no data) */
 682
 683                /* update address (if needed) only @ the end of the
 684                 * status phase per usb spec, which also guarantees
 685                 * we get 10 msec to receive this irq... until this
 686                 * is done we won't see the next packet.
 687                 */
 688                if (musb->set_address) {
 689                        musb->set_address = false;
 690                        musb_writeb(mbase, MUSB_FADDR, musb->address);
 691                }
 692
 693                /* enter test mode if needed (exit by reset) */
 694                else if (musb->test_mode) {
 695                        DBG(1, "entering TESTMODE\n");
 696
 697                        if (MUSB_TEST_PACKET == musb->test_mode_nr)
 698                                musb_load_testpacket(musb);
 699
 700                        musb_writeb(mbase, MUSB_TESTMODE,
 701                                        musb->test_mode_nr);
 702                }
 703                /* FALLTHROUGH */
 704
 705        case MUSB_EP0_STAGE_STATUSOUT:
 706                /* end of sequence #1: write to host (TX state) */
 707                {
 708                        struct usb_request      *req;
 709
 710                        req = next_ep0_request(musb);
 711                        if (req)
 712                                musb_g_ep0_giveback(musb, req);
 713                }
 714
 715                /*
 716                 * In case when several interrupts can get coalesced,
 717                 * check to see if we've already received a SETUP packet...
 718                 */
 719                if (csr & MUSB_CSR0_RXPKTRDY)
 720                        goto setup;
 721
 722                retval = IRQ_HANDLED;
 723                musb->ep0_state = MUSB_EP0_STAGE_IDLE;
 724                break;
 725
 726        case MUSB_EP0_STAGE_IDLE:
 727                /*
 728                 * This state is typically (but not always) indiscernible
 729                 * from the status states since the corresponding interrupts
 730                 * tend to happen within too little period of time (with only
 731                 * a zero-length packet in between) and so get coalesced...
 732                 */
 733                retval = IRQ_HANDLED;
 734                musb->ep0_state = MUSB_EP0_STAGE_SETUP;
 735                /* FALLTHROUGH */
 736
 737        case MUSB_EP0_STAGE_SETUP:
 738setup:
 739                if (csr & MUSB_CSR0_RXPKTRDY) {
 740                        struct usb_ctrlrequest  setup;
 741                        int                     handled = 0;
 742
 743                        if (len != 8) {
 744                                ERR("SETUP packet len %d != 8 ?\n", len);
 745                                break;
 746                        }
 747                        musb_read_setup(musb, &setup);
 748                        retval = IRQ_HANDLED;
 749
 750                        /* sometimes the RESET won't be reported */
 751                        if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) {
 752                                u8      power;
 753
 754                                printk(KERN_NOTICE "%s: peripheral reset "
 755                                                "irq lost!\n",
 756                                                musb_driver_name);
 757                                power = musb_readb(mbase, MUSB_POWER);
 758                                musb->g.speed = (power & MUSB_POWER_HSMODE)
 759                                        ? USB_SPEED_HIGH : USB_SPEED_FULL;
 760
 761                        }
 762
 763                        switch (musb->ep0_state) {
 764
 765                        /* sequence #3 (no data stage), includes requests
 766                         * we can't forward (notably SET_ADDRESS and the
 767                         * device/endpoint feature set/clear operations)
 768                         * plus SET_CONFIGURATION and others we must
 769                         */
 770                        case MUSB_EP0_STAGE_ACKWAIT:
 771                                handled = service_zero_data_request(
 772                                                musb, &setup);
 773
 774                                /* status stage might be immediate */
 775                                if (handled > 0) {
 776                                        musb->ackpend |= MUSB_CSR0_P_DATAEND;
 777                                        musb->ep0_state =
 778                                                MUSB_EP0_STAGE_STATUSIN;
 779                                }
 780                                break;
 781
 782                        /* sequence #1 (IN to host), includes GET_STATUS
 783                         * requests that we can't forward, GET_DESCRIPTOR
 784                         * and others that we must
 785                         */
 786                        case MUSB_EP0_STAGE_TX:
 787                                handled = service_in_request(musb, &setup);
 788                                if (handled > 0) {
 789                                        musb->ackpend = MUSB_CSR0_TXPKTRDY
 790                                                | MUSB_CSR0_P_DATAEND;
 791                                        musb->ep0_state =
 792                                                MUSB_EP0_STAGE_STATUSOUT;
 793                                }
 794                                break;
 795
 796                        /* sequence #2 (OUT from host), always forward */
 797                        default:                /* MUSB_EP0_STAGE_RX */
 798                                break;
 799                        }
 800
 801                        DBG(3, "handled %d, csr %04x, ep0stage %s\n",
 802                                handled, csr,
 803                                decode_ep0stage(musb->ep0_state));
 804
 805                        /* unless we need to delegate this to the gadget
 806                         * driver, we know how to wrap this up:  csr0 has
 807                         * not yet been written.
 808                         */
 809                        if (handled < 0)
 810                                goto stall;
 811                        else if (handled > 0)
 812                                goto finish;
 813
 814                        handled = forward_to_driver(musb, &setup);
 815                        if (handled < 0) {
 816                                musb_ep_select(mbase, 0);
 817stall:
 818                                DBG(3, "stall (%d)\n", handled);
 819                                musb->ackpend |= MUSB_CSR0_P_SENDSTALL;
 820                                musb->ep0_state = MUSB_EP0_STAGE_IDLE;
 821finish:
 822                                musb_writew(regs, MUSB_CSR0,
 823                                                musb->ackpend);
 824                                musb->ackpend = 0;
 825                        }
 826                }
 827                break;
 828
 829        case MUSB_EP0_STAGE_ACKWAIT:
 830                /* This should not happen. But happens with tusb6010 with
 831                 * g_file_storage and high speed. Do nothing.
 832                 */
 833                retval = IRQ_HANDLED;
 834                break;
 835
 836        default:
 837                /* "can't happen" */
 838                WARN_ON(1);
 839                musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL);
 840                musb->ep0_state = MUSB_EP0_STAGE_IDLE;
 841                break;
 842        }
 843
 844        return retval;
 845}
 846
 847
 848static int
 849musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc)
 850{
 851        /* always enabled */
 852        return -EINVAL;
 853}
 854
 855static int musb_g_ep0_disable(struct usb_ep *e)
 856{
 857        /* always enabled */
 858        return -EINVAL;
 859}
 860
 861static int
 862musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags)
 863{
 864        struct musb_ep          *ep;
 865        struct musb_request     *req;
 866        struct musb             *musb;
 867        int                     status;
 868        unsigned long           lockflags;
 869        void __iomem            *regs;
 870
 871        if (!e || !r)
 872                return -EINVAL;
 873
 874        ep = to_musb_ep(e);
 875        musb = ep->musb;
 876        regs = musb->control_ep->regs;
 877
 878        req = to_musb_request(r);
 879        req->musb = musb;
 880        req->request.actual = 0;
 881        req->request.status = -EINPROGRESS;
 882        req->tx = ep->is_in;
 883
 884        spin_lock_irqsave(&musb->lock, lockflags);
 885
 886        if (!list_empty(&ep->req_list)) {
 887                status = -EBUSY;
 888                goto cleanup;
 889        }
 890
 891        switch (musb->ep0_state) {
 892        case MUSB_EP0_STAGE_RX:         /* control-OUT data */
 893        case MUSB_EP0_STAGE_TX:         /* control-IN data */
 894        case MUSB_EP0_STAGE_ACKWAIT:    /* zero-length data */
 895                status = 0;
 896                break;
 897        default:
 898                DBG(1, "ep0 request queued in state %d\n",
 899                                musb->ep0_state);
 900                status = -EINVAL;
 901                goto cleanup;
 902        }
 903
 904        /* add request to the list */
 905        list_add_tail(&(req->request.list), &(ep->req_list));
 906
 907        DBG(3, "queue to %s (%s), length=%d\n",
 908                        ep->name, ep->is_in ? "IN/TX" : "OUT/RX",
 909                        req->request.length);
 910
 911        musb_ep_select(musb->mregs, 0);
 912
 913        /* sequence #1, IN ... start writing the data */
 914        if (musb->ep0_state == MUSB_EP0_STAGE_TX)
 915                ep0_txstate(musb);
 916
 917        /* sequence #3, no-data ... issue IN status */
 918        else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) {
 919                if (req->request.length)
 920                        status = -EINVAL;
 921                else {
 922                        musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
 923                        musb_writew(regs, MUSB_CSR0,
 924                                        musb->ackpend | MUSB_CSR0_P_DATAEND);
 925                        musb->ackpend = 0;
 926                        musb_g_ep0_giveback(ep->musb, r);
 927                }
 928
 929        /* else for sequence #2 (OUT), caller provides a buffer
 930         * before the next packet arrives.  deferred responses
 931         * (after SETUP is acked) are racey.
 932         */
 933        } else if (musb->ackpend) {
 934                musb_writew(regs, MUSB_CSR0, musb->ackpend);
 935                musb->ackpend = 0;
 936        }
 937
 938cleanup:
 939        spin_unlock_irqrestore(&musb->lock, lockflags);
 940        return status;
 941}
 942
 943static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req)
 944{
 945        /* we just won't support this */
 946        return -EINVAL;
 947}
 948
 949static int musb_g_ep0_halt(struct usb_ep *e, int value)
 950{
 951        struct musb_ep          *ep;
 952        struct musb             *musb;
 953        void __iomem            *base, *regs;
 954        unsigned long           flags;
 955        int                     status;
 956        u16                     csr;
 957
 958        if (!e || !value)
 959                return -EINVAL;
 960
 961        ep = to_musb_ep(e);
 962        musb = ep->musb;
 963        base = musb->mregs;
 964        regs = musb->control_ep->regs;
 965        status = 0;
 966
 967        spin_lock_irqsave(&musb->lock, flags);
 968
 969        if (!list_empty(&ep->req_list)) {
 970                status = -EBUSY;
 971                goto cleanup;
 972        }
 973
 974        musb_ep_select(base, 0);
 975        csr = musb->ackpend;
 976
 977        switch (musb->ep0_state) {
 978
 979        /* Stalls are usually issued after parsing SETUP packet, either
 980         * directly in irq context from setup() or else later.
 981         */
 982        case MUSB_EP0_STAGE_TX:         /* control-IN data */
 983        case MUSB_EP0_STAGE_ACKWAIT:    /* STALL for zero-length data */
 984        case MUSB_EP0_STAGE_RX:         /* control-OUT data */
 985                csr = musb_readw(regs, MUSB_CSR0);
 986                /* FALLTHROUGH */
 987
 988        /* It's also OK to issue stalls during callbacks when a non-empty
 989         * DATA stage buffer has been read (or even written).
 990         */
 991        case MUSB_EP0_STAGE_STATUSIN:   /* control-OUT status */
 992        case MUSB_EP0_STAGE_STATUSOUT:  /* control-IN status */
 993
 994                csr |= MUSB_CSR0_P_SENDSTALL;
 995                musb_writew(regs, MUSB_CSR0, csr);
 996                musb->ep0_state = MUSB_EP0_STAGE_IDLE;
 997                musb->ackpend = 0;
 998                break;
 999        default:
1000                DBG(1, "ep0 can't halt in state %d\n", musb->ep0_state);

1001                status = -EINVAL;
1002        }
1003
1004cleanup:
1005        spin_unlock_irqrestore(&musb->lock, flags);
1006        return status;
1007}
1008
1009const struct usb_ep_ops musb_g_ep0_ops = {
1010        .enable         = musb_g_ep0_enable,
1011        .disable        = musb_g_ep0_disable,
1012        .alloc_request  = musb_alloc_request,
1013        .free_request   = musb_free_request,
1014        .queue          = musb_g_ep0_queue,
1015        .dequeue        = musb_g_ep0_dequeue,
1016        .set_halt       = musb_g_ep0_halt,
1017};
1018