LXR linux/drivers/usb/musb/musb_gadget

   1/*
   2 * MUSB OTG peripheral driver ep0 handling
   3 *
   4 * Copyright 2005 Mentor Graphics Corporation
   5 * Copyright (C) 2005-2006 by Texas Instruments
   6 * Copyright (C) 2006-2007 Nokia Corporation
   7 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com>
   8 *
   9 * This program is free software; you can redistribute it and/or
  10 * modify it under the terms of the GNU General Public License
  11 * version 2 as published by the Free Software Foundation.
  12 *
  13 * This program is distributed in the hope that it will be useful, but
  14 * WITHOUT ANY WARRANTY; without even the implied warranty of
  15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16 * General Public License for more details.
  17 *
  18 * You should have received a copy of the GNU General Public License
  19 * along with this program; if not, write to the Free Software
  20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  21 * 02110-1301 USA
  22 *
  23 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
  24 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN
  26 * NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
  27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
  29 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
  30 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  33 *
  34 */
  35
  36#include <linux/kernel.h>
  37#include <linux/list.h>
  38#include <linux/timer.h>
  39#include <linux/spinlock.h>
  40#include <linux/init.h>
  41#include <linux/device.h>
  42#include <linux/interrupt.h>
  43
  44#include "musb_core.h"
  45
  46/* ep0 is always musb->endpoints[0].ep_in */
  47#define next_ep0_request(musb)  next_in_request(&(musb)->endpoints[0])
  48
  49/*
  50 * locking note:  we use only the controller lock, for simpler correctness.
  51 * It's always held with IRQs blocked.
  52 *
  53 * It protects the ep0 request queue as well as ep0_state, not just the
  54 * controller and indexed registers.  And that lock stays held unless it
  55 * needs to be dropped to allow reentering this driver ... like upcalls to
  56 * the gadget driver, or adjusting endpoint halt status.
  57 */
  58
  59static char *decode_ep0stage(u8 stage)
  60{
  61        switch (stage) {
  62        case MUSB_EP0_STAGE_IDLE:       return "idle";
  63        case MUSB_EP0_STAGE_SETUP:      return "setup";
  64        case MUSB_EP0_STAGE_TX:         return "in";
  65        case MUSB_EP0_STAGE_RX:         return "out";
  66        case MUSB_EP0_STAGE_ACKWAIT:    return "wait";
  67        case MUSB_EP0_STAGE_STATUSIN:   return "in/status";
  68        case MUSB_EP0_STAGE_STATUSOUT:  return "out/status";
  69        default:                        return "?";
  70        }
  71}
  72
  73/* handle a standard GET_STATUS request
  74 * Context:  caller holds controller lock
  75 */
  76static int service_tx_status_request(
  77        struct musb *musb,
  78        const struct usb_ctrlrequest *ctrlrequest)
  79{
  80        void __iomem    *mbase = musb->mregs;
  81        int handled = 1;
  82        u8 result[2], epnum = 0;
  83        const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
  84
  85        result[1] = 0;
  86
  87        switch (recip) {
  88        case USB_RECIP_DEVICE:
  89                result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED;
  90                result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP;
  91#ifdef CONFIG_USB_MUSB_OTG
  92                if (musb->g.is_otg) {
  93                        result[0] |= musb->g.b_hnp_enable
  94                                << USB_DEVICE_B_HNP_ENABLE;
  95                        result[0] |= musb->g.a_alt_hnp_support
  96                                << USB_DEVICE_A_ALT_HNP_SUPPORT;
  97                        result[0] |= musb->g.a_hnp_support
  98                                << USB_DEVICE_A_HNP_SUPPORT;
  99                }
 100#endif
 101                break;
 102
 103        case USB_RECIP_INTERFACE:
 104                result[0] = 0;
 105                break;
 106
 107        case USB_RECIP_ENDPOINT: {
 108                int             is_in;
 109                struct musb_ep  *ep;
 110                u16             tmp;
 111                void __iomem    *regs;
 112
 113                epnum = (u8) ctrlrequest->wIndex;
 114                if (!epnum) {
 115                        result[0] = 0;
 116                        break;
 117                }
 118
 119                is_in = epnum & USB_DIR_IN;
 120                if (is_in) {
 121                        epnum &= 0x0f;
 122                        ep = &musb->endpoints[epnum].ep_in;
 123                } else {
 124                        ep = &musb->endpoints[epnum].ep_out;
 125                }
 126                regs = musb->endpoints[epnum].regs;
 127
 128                if (epnum >= MUSB_C_NUM_EPS || !ep->desc) {
 129                        handled = -EINVAL;
 130                        break;
 131                }
 132
 133                musb_ep_select(mbase, epnum);
 134                if (is_in)
 135                        tmp = musb_readw(regs, MUSB_TXCSR)
 136                                                & MUSB_TXCSR_P_SENDSTALL;
 137                else
 138                        tmp = musb_readw(regs, MUSB_RXCSR)
 139                                                & MUSB_RXCSR_P_SENDSTALL;
 140                musb_ep_select(mbase, 0);
 141
 142                result[0] = tmp ? 1 : 0;
 143                } break;
 144
 145        default:
 146                /* class, vendor, etc ... delegate */
 147                handled = 0;
 148                break;
 149        }
 150
 151        /* fill up the fifo; caller updates csr0 */
 152        if (handled > 0) {
 153                u16     len = le16_to_cpu(ctrlrequest->wLength);
 154
 155                if (len > 2)
 156                        len = 2;
 157                musb_write_fifo(&musb->endpoints[0], len, result);
 158        }
 159
 160        return handled;
 161}
 162
 163/*
 164 * handle a control-IN request, the end0 buffer contains the current request
 165 * that is supposed to be a standard control request. Assumes the fifo to
 166 * be at least 2 bytes long.
 167 *
 168 * @return 0 if the request was NOT HANDLED,
 169 * < 0 when error
 170 * > 0 when the request is processed
 171 *
 172 * Context:  caller holds controller lock
 173 */
 174static int
 175service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
 176{
 177        int handled = 0;        /* not handled */
 178
 179        if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
 180                        == USB_TYPE_STANDARD) {
 181                switch (ctrlrequest->bRequest) {
 182                case USB_REQ_GET_STATUS:
 183                        handled = service_tx_status_request(musb,
 184                                        ctrlrequest);
 185                        break;
 186
 187                /* case USB_REQ_SYNC_FRAME: */
 188
 189                default:
 190                        break;
 191                }
 192        }
 193        return handled;
 194}
 195
 196/*
 197 * Context:  caller holds controller lock
 198 */
 199static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req)
 200{
 201        musb_g_giveback(&musb->endpoints[0].ep_in, req, 0);
 202}
 203
 204/*
 205 * Tries to start B-device HNP negotiation if enabled via sysfs
 206 */
 207static inline void musb_try_b_hnp_enable(struct musb *musb)
 208{
 209        void __iomem    *mbase = musb->mregs;
 210        u8              devctl;
 211
 212        DBG(1, "HNP: Setting HR\n");
 213        devctl = musb_readb(mbase, MUSB_DEVCTL);
 214        musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR);
 215}
 216
 217/*
 218 * Handle all control requests with no DATA stage, including standard
 219 * requests such as:
 220 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized
 221 *      always delegated to the gadget driver
 222 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE
 223 *      always handled here, except for class/vendor/... features
 224 *
 225 * Context:  caller holds controller lock
 226 */
 227static int
 228service_zero_data_request(struct musb *musb,
 229                struct usb_ctrlrequest *ctrlrequest)
 230__releases(musb->lock)
 231__acquires(musb->lock)
 232{
 233        int handled = -EINVAL;
 234        void __iomem *mbase = musb->mregs;
 235        const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
 236
 237        /* the gadget driver handles everything except what we MUST handle */
 238        if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
 239                        == USB_TYPE_STANDARD) {
 240                switch (ctrlrequest->bRequest) {
 241                case USB_REQ_SET_ADDRESS:
 242                        /* change it after the status stage */
 243                        musb->set_address = true;
 244                        musb->address = (u8) (ctrlrequest->wValue & 0x7f);
 245                        handled = 1;
 246                        break;
 247
 248                case USB_REQ_CLEAR_FEATURE:
 249                        switch (recip) {
 250                        case USB_RECIP_DEVICE:
 251                                if (ctrlrequest->wValue
 252                                                != USB_DEVICE_REMOTE_WAKEUP)
 253                                        break;
 254                                musb->may_wakeup = 0;
 255                                handled = 1;
 256                                break;
 257                        case USB_RECIP_INTERFACE:
 258                                break;
 259                        case USB_RECIP_ENDPOINT:{
 260                                const u8                epnum =
 261                                        ctrlrequest->wIndex & 0x0f;
 262                                struct musb_ep          *musb_ep;
 263                                struct musb_hw_ep       *ep;
 264                                struct musb_request     *request;
 265                                void __iomem            *regs;
 266                                int                     is_in;
 267                                u16                     csr;
 268
 269                                if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
 270                                    ctrlrequest->wValue != USB_ENDPOINT_HALT)
 271                                        break;
 272
 273                                ep = musb->endpoints + epnum;
 274                                regs = ep->regs;
 275                                is_in = ctrlrequest->wIndex & USB_DIR_IN;
 276                                if (is_in)
 277                                        musb_ep = &ep->ep_in;
 278                                else
 279                                        musb_ep = &ep->ep_out;
 280                                if (!musb_ep->desc)
 281                                        break;
 282
 283                                handled = 1;
 284                                /* Ignore request if endpoint is wedged */
 285                                if (musb_ep->wedged)
 286                                        break;
 287
 288                                musb_ep_select(mbase, epnum);
 289                                if (is_in) {
 290                                        csr  = musb_readw(regs, MUSB_TXCSR);
 291                                        csr |= MUSB_TXCSR_CLRDATATOG |
 292                                               MUSB_TXCSR_P_WZC_BITS;
 293                                        csr &= ~(MUSB_TXCSR_P_SENDSTALL |
 294                                                 MUSB_TXCSR_P_SENTSTALL |
 295                                                 MUSB_TXCSR_TXPKTRDY);
 296                                        musb_writew(regs, MUSB_TXCSR, csr);
 297                                } else {
 298                                        csr  = musb_readw(regs, MUSB_RXCSR);
 299                                        csr |= MUSB_RXCSR_CLRDATATOG |
 300                                               MUSB_RXCSR_P_WZC_BITS;
 301                                        csr &= ~(MUSB_RXCSR_P_SENDSTALL |
 302                                                 MUSB_RXCSR_P_SENTSTALL);
 303                                        musb_writew(regs, MUSB_RXCSR, csr);
 304                                }
 305
 306                                /* Maybe start the first request in the queue */
 307                                request = to_musb_request(
 308                                                next_request(musb_ep));
 309                                if (!musb_ep->busy && request) {
 310                                        DBG(3, "restarting the request\n");
 311                                        musb_ep_restart(musb, request);
 312                                }
 313
 314                                /* select ep0 again */
 315                                musb_ep_select(mbase, 0);
 316                                } break;
 317                        default:
 318                                /* class, vendor, etc ... delegate */
 319                                handled = 0;
 320                                break;
 321                        }
 322                        break;
 323
 324                case USB_REQ_SET_FEATURE:
 325                        switch (recip) {
 326                        case USB_RECIP_DEVICE:
 327                                handled = 1;
 328                                switch (ctrlrequest->wValue) {
 329                                case USB_DEVICE_REMOTE_WAKEUP:
 330                                        musb->may_wakeup = 1;
 331                                        break;
 332                                case USB_DEVICE_TEST_MODE:
 333                                        if (musb->g.speed != USB_SPEED_HIGH)
 334                                                goto stall;
 335                                        if (ctrlrequest->wIndex & 0xff)
 336                                                goto stall;
 337
 338                                        switch (ctrlrequest->wIndex >> 8) {
 339                                        case 1:
 340                                                pr_debug("TEST_J\n");
 341                                                /* TEST_J */
 342                                                musb->test_mode_nr =
 343                                                        MUSB_TEST_J;
 344                                                break;
 345                                        case 2:
 346                                                /* TEST_K */
 347                                                pr_debug("TEST_K\n");
 348                                                musb->test_mode_nr =
 349                                                        MUSB_TEST_K;
 350                                                break;
 351                                        case 3:
 352                                                /* TEST_SE0_NAK */
 353                                                pr_debug("TEST_SE0_NAK\n");
 354                                                musb->test_mode_nr =
 355                                                        MUSB_TEST_SE0_NAK;
 356                                                break;
 357                                        case 4:
 358                                                /* TEST_PACKET */
 359                                                pr_debug("TEST_PACKET\n");
 360                                                musb->test_mode_nr =
 361                                                        MUSB_TEST_PACKET;
 362                                                break;
 363
 364                                        case 0xc0:
 365                                                /* TEST_FORCE_HS */
 366                                                pr_debug("TEST_FORCE_HS\n");
 367                                                musb->test_mode_nr =
 368                                                        MUSB_TEST_FORCE_HS;
 369                                                break;
 370                                        case 0xc1:
 371                                                /* TEST_FORCE_FS */
 372                                                pr_debug("TEST_FORCE_FS\n");
 373                                                musb->test_mode_nr =
 374                                                        MUSB_TEST_FORCE_FS;
 375                                                break;
 376                                        case 0xc2:
 377                                                /* TEST_FIFO_ACCESS */
 378                                                pr_debug("TEST_FIFO_ACCESS\n");
 379                                                musb->test_mode_nr =
 380                                                        MUSB_TEST_FIFO_ACCESS;
 381                                                break;
 382                                        case 0xc3:
 383                                                /* TEST_FORCE_HOST */
 384                                                pr_debug("TEST_FORCE_HOST\n");
 385                                                musb->test_mode_nr =
 386                                                        MUSB_TEST_FORCE_HOST;
 387                                                break;
 388                                        default:
 389                                                goto stall;
 390                                        }
 391
 392                                        /* enter test mode after irq */
 393                                        if (handled > 0)
 394                                                musb->test_mode = true;
 395                                        break;
 396#ifdef CONFIG_USB_MUSB_OTG
 397                                case USB_DEVICE_B_HNP_ENABLE:
 398                                        if (!musb->g.is_otg)
 399                                                goto stall;
 400                                        musb->g.b_hnp_enable = 1;
 401                                        musb_try_b_hnp_enable(musb);
 402                                        break;
 403                                case USB_DEVICE_A_HNP_SUPPORT:
 404                                        if (!musb->g.is_otg)
 405                                                goto stall;
 406                                        musb->g.a_hnp_support = 1;
 407                                        break;
 408                                case USB_DEVICE_A_ALT_HNP_SUPPORT:
 409                                        if (!musb->g.is_otg)
 410                                                goto stall;
 411                                        musb->g.a_alt_hnp_support = 1;
 412                                        break;
 413#endif
 414                                case USB_DEVICE_DEBUG_MODE:
 415                                        handled = 0;
 416                                        break;
 417stall:
 418                                default:
 419                                        handled = -EINVAL;
 420                                        break;
 421                                }
 422                                break;
 423
 424                        case USB_RECIP_INTERFACE:
 425                                break;
 426
 427                        case USB_RECIP_ENDPOINT:{
 428                                const u8                epnum =
 429                                        ctrlrequest->wIndex & 0x0f;
 430                                struct musb_ep          *musb_ep;
 431                                struct musb_hw_ep       *ep;
 432                                void __iomem            *regs;
 433                                int                     is_in;
 434                                u16                     csr;
 435
 436                                if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
 437                                    ctrlrequest->wValue != USB_ENDPOINT_HALT)
 438                                        break;
 439
 440                                ep = musb->endpoints + epnum;
 441                                regs = ep->regs;
 442                                is_in = ctrlrequest->wIndex & USB_DIR_IN;
 443                                if (is_in)
 444                                        musb_ep = &ep->ep_in;
 445                                else
 446                                        musb_ep = &ep->ep_out;
 447                                if (!musb_ep->desc)
 448                                        break;
 449
 450                                musb_ep_select(mbase, epnum);
 451                                if (is_in) {
 452                                        csr = musb_readw(regs, MUSB_TXCSR);
 453                                        if (csr & MUSB_TXCSR_FIFONOTEMPTY)
 454                                                csr |= MUSB_TXCSR_FLUSHFIFO;
 455                                        csr |= MUSB_TXCSR_P_SENDSTALL
 456                                                | MUSB_TXCSR_CLRDATATOG
 457                                                | MUSB_TXCSR_P_WZC_BITS;
 458                                        musb_writew(regs, MUSB_TXCSR, csr);
 459                                } else {
 460                                        csr = musb_readw(regs, MUSB_RXCSR);
 461                                        csr |= MUSB_RXCSR_P_SENDSTALL
 462                                                | MUSB_RXCSR_FLUSHFIFO
 463                                                | MUSB_RXCSR_CLRDATATOG
 464                                                | MUSB_RXCSR_P_WZC_BITS;
 465                                        musb_writew(regs, MUSB_RXCSR, csr);
 466                                }
 467
 468                                /* select ep0 again */
 469                                musb_ep_select(mbase, 0);
 470                                handled = 1;
 471                                } break;
 472
 473                        default:
 474                                /* class, vendor, etc ... delegate */
 475                                handled = 0;
 476                                break;
 477                        }
 478                        break;
 479                default:
 480                        /* delegate SET_CONFIGURATION, etc */
 481                        handled = 0;
 482                }
 483        } else
 484                handled = 0;
 485        return handled;
 486}
 487
 488/* we have an ep0out data packet
 489 * Context:  caller holds controller lock
 490 */
 491static void ep0_rxstate(struct musb *musb)
 492{
 493        void __iomem            *regs = musb->control_ep->regs;
 494        struct usb_request      *req;
 495        u16                     count, csr;
 496
 497        req = next_ep0_request(musb);
 498
 499        /* read packet and ack; or stall because of gadget driver bug:
 500         * should have provided the rx buffer before setup() returned.
 501         */
 502        if (req) {
 503                void            *buf = req->buf + req->actual;
 504                unsigned        len = req->length - req->actual;
 505
 506                /* read the buffer */
 507                count = musb_readb(regs, MUSB_COUNT0);
 508                if (count > len) {
 509                        req->status = -EOVERFLOW;
 510                        count = len;
 511                }
 512                musb_read_fifo(&musb->endpoints[0], count, buf);
 513                req->actual += count;
 514                csr = MUSB_CSR0_P_SVDRXPKTRDY;
 515                if (count < 64 || req->actual == req->length) {
 516                        musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
 517                        csr |= MUSB_CSR0_P_DATAEND;
 518                } else
 519                        req = NULL;
 520        } else
 521                csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL;
 522
 523
 524        /* Completion handler may choose to stall, e.g. because the
 525         * message just received holds invalid data.
 526         */
 527        if (req) {
 528                musb->ackpend = csr;
 529                musb_g_ep0_giveback(musb, req);
 530                if (!musb->ackpend)
 531                        return;
 532                musb->ackpend = 0;
 533        }
 534        musb_ep_select(musb->mregs, 0);
 535        musb_writew(regs, MUSB_CSR0, csr);
 536}
 537
 538/*
 539 * transmitting to the host (IN), this code might be called from IRQ
 540 * and from kernel thread.
 541 *
 542 * Context:  caller holds controller lock
 543 */
 544static void ep0_txstate(struct musb *musb)
 545{
 546        void __iomem            *regs = musb->control_ep->regs;
 547        struct usb_request      *request = next_ep0_request(musb);
 548        u16                     csr = MUSB_CSR0_TXPKTRDY;
 549        u8                      *fifo_src;
 550        u8                      fifo_count;
 551
 552        if (!request) {
 553                /* WARN_ON(1); */
 554                DBG(2, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0));
 555                return;
 556        }
 557
 558        /* load the data */
 559        fifo_src = (u8 *) request->buf + request->actual;
 560        fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE,
 561                request->length - request->actual);
 562        musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src);
 563        request->actual += fifo_count;
 564
 565        /* update the flags */
 566        if (fifo_count < MUSB_MAX_END0_PACKET
 567                        || (request->actual == request->length
 568                                && !request->zero)) {
 569                musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
 570                csr |= MUSB_CSR0_P_DATAEND;
 571        } else
 572                request = NULL;
 573
 574        /* report completions as soon as the fifo's loaded; there's no
 575         * win in waiting till this last packet gets acked.  (other than
 576         * very precise fault reporting, needed by USB TMC; possible with
 577         * this hardware, but not usable from portable gadget drivers.)
 578         */
 579        if (request) {
 580                musb->ackpend = csr;
 581                musb_g_ep0_giveback(musb, request);
 582                if (!musb->ackpend)
 583                        return;
 584                musb->ackpend = 0;
 585        }
 586
 587        /* send it out, triggering a "txpktrdy cleared" irq */
 588        musb_ep_select(musb->mregs, 0);
 589        musb_writew(regs, MUSB_CSR0, csr);
 590}
 591
 592/*
 593 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware.
 594 * Fields are left in USB byte-order.
 595 *
 596 * Context:  caller holds controller lock.
 597 */
 598static void
 599musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req)
 600{
 601        struct usb_request      *r;
 602        void __iomem            *regs = musb->control_ep->regs;
 603
 604        musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req);
 605
 606        /* NOTE:  earlier 2.6 versions changed setup packets to host
 607         * order, but now USB packets always stay in USB byte order.
 608         */
 609        DBG(3, "SETUP req%02x.%02x v%04x i%04x l%d\n",
 610                req->bRequestType,
 611                req->bRequest,
 612                le16_to_cpu(req->wValue),
 613                le16_to_cpu(req->wIndex),
 614                le16_to_cpu(req->wLength));
 615
 616        /* clean up any leftover transfers */
 617        r = next_ep0_request(musb);
 618        if (r)
 619                musb_g_ep0_giveback(musb, r);
 620
 621        /* For zero-data requests we want to delay the STATUS stage to
 622         * avoid SETUPEND errors.  If we read data (OUT), delay accepting
 623         * packets until there's a buffer to store them in.
 624         *
 625         * If we write data, the controller acts happier if we enable
 626         * the TX FIFO right away, and give the controller a moment
 627         * to switch modes...
 628         */
 629        musb->set_address = false;
 630        musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY;
 631        if (req->wLength == 0) {
 632                if (req->bRequestType & USB_DIR_IN)
 633                        musb->ackpend |= MUSB_CSR0_TXPKTRDY;
 634                musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT;
 635        } else if (req->bRequestType & USB_DIR_IN) {
 636                musb->ep0_state = MUSB_EP0_STAGE_TX;
 637                musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY);
 638                while ((musb_readw(regs, MUSB_CSR0)
 639                                & MUSB_CSR0_RXPKTRDY) != 0)
 640                        cpu_relax();
 641                musb->ackpend = 0;
 642        } else
 643                musb->ep0_state = MUSB_EP0_STAGE_RX;
 644}
 645
 646static int
 647forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
 648__releases(musb->lock)
 649__acquires(musb->lock)
 650{
 651        int retval;
 652        if (!musb->gadget_driver)
 653                return -EOPNOTSUPP;
 654        spin_unlock(&musb->lock);
 655        retval = musb->gadget_driver->setup(&musb->g, ctrlrequest);
 656        spin_lock(&musb->lock);
 657        return retval;
 658}
 659
 660/*
 661 * Handle peripheral ep0 interrupt
 662 *
 663 * Context: irq handler; we won't re-enter the driver that way.
 664 */
 665irqreturn_t musb_g_ep0_irq(struct musb *musb)
 666{
 667        u16             csr;
 668        u16             len;
 669        void __iomem    *mbase = musb->mregs;
 670        void __iomem    *regs = musb->endpoints[0].regs;
 671        irqreturn_t     retval = IRQ_NONE;
 672
 673        musb_ep_select(mbase, 0);       /* select ep0 */
 674        csr = musb_readw(regs, MUSB_CSR0);
 675        len = musb_readb(regs, MUSB_COUNT0);
 676
 677        DBG(4, "csr %04x, count %d, myaddr %d, ep0stage %s\n",
 678                        csr, len,
 679                        musb_readb(mbase, MUSB_FADDR),
 680                        decode_ep0stage(musb->ep0_state));
 681
 682        /* I sent a stall.. need to acknowledge it now.. */
 683        if (csr & MUSB_CSR0_P_SENTSTALL) {
 684                musb_writew(regs, MUSB_CSR0,
 685                                csr & ~MUSB_CSR0_P_SENTSTALL);
 686                retval = IRQ_HANDLED;
 687                musb->ep0_state = MUSB_EP0_STAGE_IDLE;
 688                csr = musb_readw(regs, MUSB_CSR0);
 689        }
 690
 691        /* request ended "early" */
 692        if (csr & MUSB_CSR0_P_SETUPEND) {
 693                musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND);
 694                retval = IRQ_HANDLED;
 695                /* Transition into the early status phase */
 696                switch (musb->ep0_state) {
 697                case MUSB_EP0_STAGE_TX:
 698                        musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
 699                        break;
 700                case MUSB_EP0_STAGE_RX:
 701                        musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
 702                        break;
 703                default:
 704                        ERR("SetupEnd came in a wrong ep0stage %s\n",
 705                            decode_ep0stage(musb->ep0_state));
 706                }
 707                csr = musb_readw(regs, MUSB_CSR0);
 708                /* NOTE:  request may need completion */
 709        }
 710
 711        /* docs from Mentor only describe tx, rx, and idle/setup states.
 712         * we need to handle nuances around status stages, and also the
 713         * case where status and setup stages come back-to-back ...
 714         */
 715        switch (musb->ep0_state) {
 716
 717        case MUSB_EP0_STAGE_TX:
 718                /* irq on clearing txpktrdy */
 719                if ((csr & MUSB_CSR0_TXPKTRDY) == 0) {
 720                        ep0_txstate(musb);
 721                        retval = IRQ_HANDLED;
 722                }
 723                break;
 724
 725        case MUSB_EP0_STAGE_RX:
 726                /* irq on set rxpktrdy */
 727                if (csr & MUSB_CSR0_RXPKTRDY) {
 728                        ep0_rxstate(musb);
 729                        retval = IRQ_HANDLED;
 730                }
 731                break;
 732
 733        case MUSB_EP0_STAGE_STATUSIN:
 734                /* end of sequence #2 (OUT/RX state) or #3 (no data) */
 735
 736                /* update address (if needed) only @ the end of the
 737                 * status phase per usb spec, which also guarantees
 738                 * we get 10 msec to receive this irq... until this
 739                 * is done we won't see the next packet.
 740                 */
 741                if (musb->set_address) {
 742                        musb->set_address = false;
 743                        musb_writeb(mbase, MUSB_FADDR, musb->address);
 744                }
 745
 746                /* enter test mode if needed (exit by reset) */
 747                else if (musb->test_mode) {
 748                        DBG(1, "entering TESTMODE\n");
 749
 750                        if (MUSB_TEST_PACKET == musb->test_mode_nr)
 751                                musb_load_testpacket(musb);
 752
 753                        musb_writeb(mbase, MUSB_TESTMODE,
 754                                        musb->test_mode_nr);
 755                }
 756                /* FALLTHROUGH */
 757
 758        case MUSB_EP0_STAGE_STATUSOUT:
 759                /* end of sequence #1: write to host (TX state) */
 760                {
 761                        struct usb_request      *req;
 762
 763                        req = next_ep0_request(musb);
 764                        if (req)
 765                                musb_g_ep0_giveback(musb, req);
 766                }
 767
 768                /*
 769                 * In case when several interrupts can get coalesced,
 770                 * check to see if we've already received a SETUP packet...
 771                 */
 772                if (csr & MUSB_CSR0_RXPKTRDY)
 773                        goto setup;
 774
 775                retval = IRQ_HANDLED;
 776                musb->ep0_state = MUSB_EP0_STAGE_IDLE;
 777                break;
 778
 779        case MUSB_EP0_STAGE_IDLE:
 780                /*
 781                 * This state is typically (but not always) indiscernible
 782                 * from the status states since the corresponding interrupts
 783                 * tend to happen within too little period of time (with only
 784                 * a zero-length packet in between) and so get coalesced...
 785                 */
 786                retval = IRQ_HANDLED;
 787                musb->ep0_state = MUSB_EP0_STAGE_SETUP;
 788                /* FALLTHROUGH */
 789
 790        case MUSB_EP0_STAGE_SETUP:
 791setup:
 792                if (csr & MUSB_CSR0_RXPKTRDY) {
 793                        struct usb_ctrlrequest  setup;
 794                        int                     handled = 0;
 795
 796                        if (len != 8) {
 797                                ERR("SETUP packet len %d != 8 ?\n", len);
 798                                break;
 799                        }
 800                        musb_read_setup(musb, &setup);
 801                        retval = IRQ_HANDLED;
 802
 803                        /* sometimes the RESET won't be reported */
 804                        if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) {
 805                                u8      power;
 806
 807                                printk(KERN_NOTICE "%s: peripheral reset "
 808                                                "irq lost!\n",
 809                                                musb_driver_name);
 810                                power = musb_readb(mbase, MUSB_POWER);
 811                                musb->g.speed = (power & MUSB_POWER_HSMODE)
 812                                        ? USB_SPEED_HIGH : USB_SPEED_FULL;
 813
 814                        }
 815
 816                        switch (musb->ep0_state) {
 817
 818                        /* sequence #3 (no data stage), includes requests
 819                         * we can't forward (notably SET_ADDRESS and the
 820                         * device/endpoint feature set/clear operations)
 821                         * plus SET_CONFIGURATION and others we must
 822                         */
 823                        case MUSB_EP0_STAGE_ACKWAIT:
 824                                handled = service_zero_data_request(
 825                                                musb, &setup);
 826
 827                                /*
 828                                 * We're expecting no data in any case, so
 829                                 * always set the DATAEND bit -- doing this
 830                                 * here helps avoid SetupEnd interrupt coming
 831                                 * in the idle stage when we're stalling...
 832                                 */
 833                                musb->ackpend |= MUSB_CSR0_P_DATAEND;
 834
 835                                /* status stage might be immediate */
 836                                if (handled > 0)
 837                                        musb->ep0_state =
 838                                                MUSB_EP0_STAGE_STATUSIN;
 839                                break;
 840
 841                        /* sequence #1 (IN to host), includes GET_STATUS
 842                         * requests that we can't forward, GET_DESCRIPTOR
 843                         * and others that we must
 844                         */
 845                        case MUSB_EP0_STAGE_TX:
 846                                handled = service_in_request(musb, &setup);
 847                                if (handled > 0) {
 848                                        musb->ackpend = MUSB_CSR0_TXPKTRDY
 849                                                | MUSB_CSR0_P_DATAEND;
 850                                        musb->ep0_state =
 851                                                MUSB_EP0_STAGE_STATUSOUT;
 852                                }
 853                                break;
 854
 855                        /* sequence #2 (OUT from host), always forward */
 856                        default:                /* MUSB_EP0_STAGE_RX */
 857                                break;
 858                        }
 859
 860                        DBG(3, "handled %d, csr %04x, ep0stage %s\n",
 861                                handled, csr,
 862                                decode_ep0stage(musb->ep0_state));
 863
 864                        /* unless we need to delegate this to the gadget
 865                         * driver, we know how to wrap this up:  csr0 has
 866                         * not yet been written.
 867                         */
 868                        if (handled < 0)
 869                                goto stall;
 870                        else if (handled > 0)
 871                                goto finish;
 872
 873                        handled = forward_to_driver(musb, &setup);
 874                        if (handled < 0) {
 875                                musb_ep_select(mbase, 0);
 876stall:
 877                                DBG(3, "stall (%d)\n", handled);
 878                                musb->ackpend |= MUSB_CSR0_P_SENDSTALL;
 879                                musb->ep0_state = MUSB_EP0_STAGE_IDLE;
 880finish:
 881                                musb_writew(regs, MUSB_CSR0,
 882                                                musb->ackpend);
 883                                musb->ackpend = 0;
 884                        }
 885                }
 886                break;
 887
 888        case MUSB_EP0_STAGE_ACKWAIT:
 889                /* This should not happen. But happens with tusb6010 with
 890                 * g_file_storage and high speed. Do nothing.
 891                 */
 892                retval = IRQ_HANDLED;
 893                break;
 894
 895        default:
 896                /* "can't happen" */
 897                WARN_ON(1);
 898                musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL);
 899                musb->ep0_state = MUSB_EP0_STAGE_IDLE;
 900                break;
 901        }
 902
 903        return retval;
 904}
 905
 906
 907static int
 908musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc)
 909{
 910        /* always enabled */
 911        return -EINVAL;
 912}
 913
 914static int musb_g_ep0_disable(struct usb_ep *e)
 915{
 916        /* always enabled */
 917        return -EINVAL;
 918}
 919
 920static int
 921musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags)
 922{
 923        struct musb_ep          *ep;
 924        struct musb_request     *req;
 925        struct musb             *musb;
 926        int                     status;
 927        unsigned long           lockflags;
 928        void __iomem            *regs;
 929
 930        if (!e || !r)
 931                return -EINVAL;
 932
 933        ep = to_musb_ep(e);
 934        musb = ep->musb;
 935        regs = musb->control_ep->regs;
 936
 937        req = to_musb_request(r);
 938        req->musb = musb;
 939        req->request.actual = 0;
 940        req->request.status = -EINPROGRESS;
 941        req->tx = ep->is_in;
 942
 943        spin_lock_irqsave(&musb->lock, lockflags);
 944
 945        if (!list_empty(&ep->req_list)) {
 946                status = -EBUSY;
 947                goto cleanup;
 948        }
 949
 950        switch (musb->ep0_state) {
 951        case MUSB_EP0_STAGE_RX:         /* control-OUT data */
 952        case MUSB_EP0_STAGE_TX:         /* control-IN data */
 953        case MUSB_EP0_STAGE_ACKWAIT:    /* zero-length data */
 954                status = 0;
 955                break;
 956        default:
 957                DBG(1, "ep0 request queued in state %d\n",
 958                                musb->ep0_state);
 959                status = -EINVAL;
 960                goto cleanup;
 961        }
 962
 963        /* add request to the list */
 964        list_add_tail(&(req->request.list), &(ep->req_list));
 965
 966        DBG(3, "queue to %s (%s), length=%d\n",
 967                        ep->name, ep->is_in ? "IN/TX" : "OUT/RX",
 968                        req->request.length);
 969
 970        musb_ep_select(musb->mregs, 0);
 971
 972        /* sequence #1, IN ... start writing the data */
 973        if (musb->ep0_state == MUSB_EP0_STAGE_TX)
 974                ep0_txstate(musb);
 975
 976        /* sequence #3, no-data ... issue IN status */
 977        else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) {
 978                if (req->request.length)
 979                        status = -EINVAL;
 980                else {
 981                        musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
 982                        musb_writew(regs, MUSB_CSR0,
 983                                        musb->ackpend | MUSB_CSR0_P_DATAEND);
 984                        musb->ackpend = 0;
 985                        musb_g_ep0_giveback(ep->musb, r);
 986                }
 987
 988        /* else for sequence #2 (OUT), caller provides a buffer
 989         * before the next packet arrives.  deferred responses
 990         * (after SETUP is acked) are racey.
 991         */
 992        } else if (musb->ackpend) {
 993                musb_writew(regs, MUSB_CSR0, musb->ackpend);
 994                musb->ackpend = 0;
 995        }
 996
 997cleanup:
 998        spin_unlock_irqrestore(&musb->lock, lockflags);
 999        return status;
1000}

1001
1002static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req)
1003{
1004        /* we just won't support this */
1005        return -EINVAL;
1006}
1007
1008static int musb_g_ep0_halt(struct usb_ep *e, int value)
1009{
1010        struct musb_ep          *ep;
1011        struct musb             *musb;
1012        void __iomem            *base, *regs;
1013        unsigned long           flags;
1014        int                     status;
1015        u16                     csr;
1016
1017        if (!e || !value)
1018                return -EINVAL;
1019
1020        ep = to_musb_ep(e);
1021        musb = ep->musb;
1022        base = musb->mregs;
1023        regs = musb->control_ep->regs;
1024        status = 0;
1025
1026        spin_lock_irqsave(&musb->lock, flags);
1027
1028        if (!list_empty(&ep->req_list)) {
1029                status = -EBUSY;
1030                goto cleanup;
1031        }
1032
1033        musb_ep_select(base, 0);
1034        csr = musb->ackpend;
1035
1036        switch (musb->ep0_state) {
1037
1038        /* Stalls are usually issued after parsing SETUP packet, either
1039         * directly in irq context from setup() or else later.
1040         */
1041        case MUSB_EP0_STAGE_TX:         /* control-IN data */
1042        case MUSB_EP0_STAGE_ACKWAIT:    /* STALL for zero-length data */
1043        case MUSB_EP0_STAGE_RX:         /* control-OUT data */
1044                csr = musb_readw(regs, MUSB_CSR0);
1045                /* FALLTHROUGH */
1046
1047        /* It's also OK to issue stalls during callbacks when a non-empty
1048         * DATA stage buffer has been read (or even written).
1049         */
1050        case MUSB_EP0_STAGE_STATUSIN:   /* control-OUT status */
1051        case MUSB_EP0_STAGE_STATUSOUT:  /* control-IN status */
1052
1053                csr |= MUSB_CSR0_P_SENDSTALL;
1054                musb_writew(regs, MUSB_CSR0, csr);
1055                musb->ep0_state = MUSB_EP0_STAGE_IDLE;
1056                musb->ackpend = 0;
1057                break;
1058        default:
1059                DBG(1, "ep0 can't halt in state %d\n", musb->ep0_state);
1060                status = -EINVAL;
1061        }
1062
1063cleanup:
1064        spin_unlock_irqrestore(&musb->lock, flags);
1065        return status;
1066}
1067
1068const struct usb_ep_ops musb_g_ep0_ops = {
1069        .enable         = musb_g_ep0_enable,
1070        .disable        = musb_g_ep0_disable,
1071        .alloc_request  = musb_alloc_request,
1072        .free_request   = musb_free_request,
1073        .queue          = musb_g_ep0_queue,
1074        .dequeue        = musb_g_ep0_dequeue,
1075        .set_halt       = musb_g_ep0_halt,
1076};
1077