xref: /linux/drivers/usb/chipidea/udc.c (revision 3932b9ca55b0be314a36d3e84faff3e823c081f5)
1 /*
2  * udc.c - ChipIdea UDC driver
3  *
4  * Copyright (C) 2008 Chipidea - MIPS Technologies, Inc. All rights reserved.
5  *
6  * Author: David Lopo
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License version 2 as
10  * published by the Free Software Foundation.
11  */
12 
13 #include <linux/delay.h>
14 #include <linux/device.h>
15 #include <linux/dmapool.h>
16 #include <linux/err.h>
17 #include <linux/irqreturn.h>
18 #include <linux/kernel.h>
19 #include <linux/slab.h>
20 #include <linux/pm_runtime.h>
21 #include <linux/usb/ch9.h>
22 #include <linux/usb/gadget.h>
23 #include <linux/usb/otg-fsm.h>
24 #include <linux/usb/chipidea.h>
25 
26 #include "ci.h"
27 #include "udc.h"
28 #include "bits.h"
29 #include "debug.h"
30 #include "otg.h"
31 #include "otg_fsm.h"
32 
33 /* control endpoint description */
34 static const struct usb_endpoint_descriptor
35 ctrl_endpt_out_desc = {
36 	.bLength         = USB_DT_ENDPOINT_SIZE,
37 	.bDescriptorType = USB_DT_ENDPOINT,
38 
39 	.bEndpointAddress = USB_DIR_OUT,
40 	.bmAttributes    = USB_ENDPOINT_XFER_CONTROL,
41 	.wMaxPacketSize  = cpu_to_le16(CTRL_PAYLOAD_MAX),
42 };
43 
44 static const struct usb_endpoint_descriptor
45 ctrl_endpt_in_desc = {
46 	.bLength         = USB_DT_ENDPOINT_SIZE,
47 	.bDescriptorType = USB_DT_ENDPOINT,
48 
49 	.bEndpointAddress = USB_DIR_IN,
50 	.bmAttributes    = USB_ENDPOINT_XFER_CONTROL,
51 	.wMaxPacketSize  = cpu_to_le16(CTRL_PAYLOAD_MAX),
52 };
53 
54 /**
55  * hw_ep_bit: calculates the bit number
56  * @num: endpoint number
57  * @dir: endpoint direction
58  *
59  * This function returns bit number
60  */
61 static inline int hw_ep_bit(int num, int dir)
62 {
63 	return num + (dir ? 16 : 0);
64 }
65 
66 static inline int ep_to_bit(struct ci_hdrc *ci, int n)
67 {
68 	int fill = 16 - ci->hw_ep_max / 2;
69 
70 	if (n >= ci->hw_ep_max / 2)
71 		n += fill;
72 
73 	return n;
74 }
75 
76 /**
77  * hw_device_state: enables/disables interrupts (execute without interruption)
78  * @dma: 0 => disable, !0 => enable and set dma engine
79  *
80  * This function returns an error code
81  */
82 static int hw_device_state(struct ci_hdrc *ci, u32 dma)
83 {
84 	if (dma) {
85 		hw_write(ci, OP_ENDPTLISTADDR, ~0, dma);
86 		/* interrupt, error, port change, reset, sleep/suspend */
87 		hw_write(ci, OP_USBINTR, ~0,
88 			     USBi_UI|USBi_UEI|USBi_PCI|USBi_URI|USBi_SLI);
89 		hw_write(ci, OP_USBCMD, USBCMD_RS, USBCMD_RS);
90 	} else {
91 		hw_write(ci, OP_USBINTR, ~0, 0);
92 		hw_write(ci, OP_USBCMD, USBCMD_RS, 0);
93 	}
94 	return 0;
95 }
96 
97 /**
98  * hw_ep_flush: flush endpoint fifo (execute without interruption)
99  * @num: endpoint number
100  * @dir: endpoint direction
101  *
102  * This function returns an error code
103  */
104 static int hw_ep_flush(struct ci_hdrc *ci, int num, int dir)
105 {
106 	int n = hw_ep_bit(num, dir);
107 
108 	do {
109 		/* flush any pending transfer */
110 		hw_write(ci, OP_ENDPTFLUSH, ~0, BIT(n));
111 		while (hw_read(ci, OP_ENDPTFLUSH, BIT(n)))
112 			cpu_relax();
113 	} while (hw_read(ci, OP_ENDPTSTAT, BIT(n)));
114 
115 	return 0;
116 }
117 
118 /**
119  * hw_ep_disable: disables endpoint (execute without interruption)
120  * @num: endpoint number
121  * @dir: endpoint direction
122  *
123  * This function returns an error code
124  */
125 static int hw_ep_disable(struct ci_hdrc *ci, int num, int dir)
126 {
127 	hw_ep_flush(ci, num, dir);
128 	hw_write(ci, OP_ENDPTCTRL + num,
129 		 dir ? ENDPTCTRL_TXE : ENDPTCTRL_RXE, 0);
130 	return 0;
131 }
132 
133 /**
134  * hw_ep_enable: enables endpoint (execute without interruption)
135  * @num:  endpoint number
136  * @dir:  endpoint direction
137  * @type: endpoint type
138  *
139  * This function returns an error code
140  */
141 static int hw_ep_enable(struct ci_hdrc *ci, int num, int dir, int type)
142 {
143 	u32 mask, data;
144 
145 	if (dir) {
146 		mask  = ENDPTCTRL_TXT;  /* type    */
147 		data  = type << __ffs(mask);
148 
149 		mask |= ENDPTCTRL_TXS;  /* unstall */
150 		mask |= ENDPTCTRL_TXR;  /* reset data toggle */
151 		data |= ENDPTCTRL_TXR;
152 		mask |= ENDPTCTRL_TXE;  /* enable  */
153 		data |= ENDPTCTRL_TXE;
154 	} else {
155 		mask  = ENDPTCTRL_RXT;  /* type    */
156 		data  = type << __ffs(mask);
157 
158 		mask |= ENDPTCTRL_RXS;  /* unstall */
159 		mask |= ENDPTCTRL_RXR;  /* reset data toggle */
160 		data |= ENDPTCTRL_RXR;
161 		mask |= ENDPTCTRL_RXE;  /* enable  */
162 		data |= ENDPTCTRL_RXE;
163 	}
164 	hw_write(ci, OP_ENDPTCTRL + num, mask, data);
165 	return 0;
166 }
167 
168 /**
169  * hw_ep_get_halt: return endpoint halt status
170  * @num: endpoint number
171  * @dir: endpoint direction
172  *
173  * This function returns 1 if endpoint halted
174  */
175 static int hw_ep_get_halt(struct ci_hdrc *ci, int num, int dir)
176 {
177 	u32 mask = dir ? ENDPTCTRL_TXS : ENDPTCTRL_RXS;
178 
179 	return hw_read(ci, OP_ENDPTCTRL + num, mask) ? 1 : 0;
180 }
181 
182 /**
183  * hw_ep_prime: primes endpoint (execute without interruption)
184  * @num:     endpoint number
185  * @dir:     endpoint direction
186  * @is_ctrl: true if control endpoint
187  *
188  * This function returns an error code
189  */
190 static int hw_ep_prime(struct ci_hdrc *ci, int num, int dir, int is_ctrl)
191 {
192 	int n = hw_ep_bit(num, dir);
193 
194 	if (is_ctrl && dir == RX && hw_read(ci, OP_ENDPTSETUPSTAT, BIT(num)))
195 		return -EAGAIN;
196 
197 	hw_write(ci, OP_ENDPTPRIME, ~0, BIT(n));
198 
199 	while (hw_read(ci, OP_ENDPTPRIME, BIT(n)))
200 		cpu_relax();
201 	if (is_ctrl && dir == RX && hw_read(ci, OP_ENDPTSETUPSTAT, BIT(num)))
202 		return -EAGAIN;
203 
204 	/* status shoult be tested according with manual but it doesn't work */
205 	return 0;
206 }
207 
208 /**
209  * hw_ep_set_halt: configures ep halt & resets data toggle after clear (execute
210  *                 without interruption)
211  * @num:   endpoint number
212  * @dir:   endpoint direction
213  * @value: true => stall, false => unstall
214  *
215  * This function returns an error code
216  */
217 static int hw_ep_set_halt(struct ci_hdrc *ci, int num, int dir, int value)
218 {
219 	if (value != 0 && value != 1)
220 		return -EINVAL;
221 
222 	do {
223 		enum ci_hw_regs reg = OP_ENDPTCTRL + num;
224 		u32 mask_xs = dir ? ENDPTCTRL_TXS : ENDPTCTRL_RXS;
225 		u32 mask_xr = dir ? ENDPTCTRL_TXR : ENDPTCTRL_RXR;
226 
227 		/* data toggle - reserved for EP0 but it's in ESS */
228 		hw_write(ci, reg, mask_xs|mask_xr,
229 			  value ? mask_xs : mask_xr);
230 	} while (value != hw_ep_get_halt(ci, num, dir));
231 
232 	return 0;
233 }
234 
235 /**
236  * hw_is_port_high_speed: test if port is high speed
237  *
238  * This function returns true if high speed port
239  */
240 static int hw_port_is_high_speed(struct ci_hdrc *ci)
241 {
242 	return ci->hw_bank.lpm ? hw_read(ci, OP_DEVLC, DEVLC_PSPD) :
243 		hw_read(ci, OP_PORTSC, PORTSC_HSP);
244 }
245 
246 /**
247  * hw_test_and_clear_complete: test & clear complete status (execute without
248  *                             interruption)
249  * @n: endpoint number
250  *
251  * This function returns complete status
252  */
253 static int hw_test_and_clear_complete(struct ci_hdrc *ci, int n)
254 {
255 	n = ep_to_bit(ci, n);
256 	return hw_test_and_clear(ci, OP_ENDPTCOMPLETE, BIT(n));
257 }
258 
259 /**
260  * hw_test_and_clear_intr_active: test & clear active interrupts (execute
261  *                                without interruption)
262  *
263  * This function returns active interrutps
264  */
265 static u32 hw_test_and_clear_intr_active(struct ci_hdrc *ci)
266 {
267 	u32 reg = hw_read_intr_status(ci) & hw_read_intr_enable(ci);
268 
269 	hw_write(ci, OP_USBSTS, ~0, reg);
270 	return reg;
271 }
272 
273 /**
274  * hw_test_and_clear_setup_guard: test & clear setup guard (execute without
275  *                                interruption)
276  *
277  * This function returns guard value
278  */
279 static int hw_test_and_clear_setup_guard(struct ci_hdrc *ci)
280 {
281 	return hw_test_and_write(ci, OP_USBCMD, USBCMD_SUTW, 0);
282 }
283 
284 /**
285  * hw_test_and_set_setup_guard: test & set setup guard (execute without
286  *                              interruption)
287  *
288  * This function returns guard value
289  */
290 static int hw_test_and_set_setup_guard(struct ci_hdrc *ci)
291 {
292 	return hw_test_and_write(ci, OP_USBCMD, USBCMD_SUTW, USBCMD_SUTW);
293 }
294 
295 /**
296  * hw_usb_set_address: configures USB address (execute without interruption)
297  * @value: new USB address
298  *
299  * This function explicitly sets the address, without the "USBADRA" (advance)
300  * feature, which is not supported by older versions of the controller.
301  */
302 static void hw_usb_set_address(struct ci_hdrc *ci, u8 value)
303 {
304 	hw_write(ci, OP_DEVICEADDR, DEVICEADDR_USBADR,
305 		 value << __ffs(DEVICEADDR_USBADR));
306 }
307 
308 /**
309  * hw_usb_reset: restart device after a bus reset (execute without
310  *               interruption)
311  *
312  * This function returns an error code
313  */
314 static int hw_usb_reset(struct ci_hdrc *ci)
315 {
316 	hw_usb_set_address(ci, 0);
317 
318 	/* ESS flushes only at end?!? */
319 	hw_write(ci, OP_ENDPTFLUSH,    ~0, ~0);
320 
321 	/* clear setup token semaphores */
322 	hw_write(ci, OP_ENDPTSETUPSTAT, 0,  0);
323 
324 	/* clear complete status */
325 	hw_write(ci, OP_ENDPTCOMPLETE,  0,  0);
326 
327 	/* wait until all bits cleared */
328 	while (hw_read(ci, OP_ENDPTPRIME, ~0))
329 		udelay(10);             /* not RTOS friendly */
330 
331 	/* reset all endpoints ? */
332 
333 	/* reset internal status and wait for further instructions
334 	   no need to verify the port reset status (ESS does it) */
335 
336 	return 0;
337 }
338 
339 /******************************************************************************
340  * UTIL block
341  *****************************************************************************/
342 
343 static int add_td_to_list(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq,
344 			  unsigned length)
345 {
346 	int i;
347 	u32 temp;
348 	struct td_node *lastnode, *node = kzalloc(sizeof(struct td_node),
349 						  GFP_ATOMIC);
350 
351 	if (node == NULL)
352 		return -ENOMEM;
353 
354 	node->ptr = dma_pool_alloc(hwep->td_pool, GFP_ATOMIC,
355 				   &node->dma);
356 	if (node->ptr == NULL) {
357 		kfree(node);
358 		return -ENOMEM;
359 	}
360 
361 	memset(node->ptr, 0, sizeof(struct ci_hw_td));
362 	node->ptr->token = cpu_to_le32(length << __ffs(TD_TOTAL_BYTES));
363 	node->ptr->token &= cpu_to_le32(TD_TOTAL_BYTES);
364 	node->ptr->token |= cpu_to_le32(TD_STATUS_ACTIVE);
365 	if (hwep->type == USB_ENDPOINT_XFER_ISOC && hwep->dir == TX) {
366 		u32 mul = hwreq->req.length / hwep->ep.maxpacket;
367 
368 		if (hwreq->req.length == 0
369 				|| hwreq->req.length % hwep->ep.maxpacket)
370 			mul++;
371 		node->ptr->token |= mul << __ffs(TD_MULTO);
372 	}
373 
374 	temp = (u32) (hwreq->req.dma + hwreq->req.actual);
375 	if (length) {
376 		node->ptr->page[0] = cpu_to_le32(temp);
377 		for (i = 1; i < TD_PAGE_COUNT; i++) {
378 			u32 page = temp + i * CI_HDRC_PAGE_SIZE;
379 			page &= ~TD_RESERVED_MASK;
380 			node->ptr->page[i] = cpu_to_le32(page);
381 		}
382 	}
383 
384 	hwreq->req.actual += length;
385 
386 	if (!list_empty(&hwreq->tds)) {
387 		/* get the last entry */
388 		lastnode = list_entry(hwreq->tds.prev,
389 				struct td_node, td);
390 		lastnode->ptr->next = cpu_to_le32(node->dma);
391 	}
392 
393 	INIT_LIST_HEAD(&node->td);
394 	list_add_tail(&node->td, &hwreq->tds);
395 
396 	return 0;
397 }
398 
399 /**
400  * _usb_addr: calculates endpoint address from direction & number
401  * @ep:  endpoint
402  */
403 static inline u8 _usb_addr(struct ci_hw_ep *ep)
404 {
405 	return ((ep->dir == TX) ? USB_ENDPOINT_DIR_MASK : 0) | ep->num;
406 }
407 
408 /**
409  * _hardware_queue: configures a request at hardware level
410  * @gadget: gadget
411  * @hwep:   endpoint
412  *
413  * This function returns an error code
414  */
415 static int _hardware_enqueue(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq)
416 {
417 	struct ci_hdrc *ci = hwep->ci;
418 	int ret = 0;
419 	unsigned rest = hwreq->req.length;
420 	int pages = TD_PAGE_COUNT;
421 	struct td_node *firstnode, *lastnode;
422 
423 	/* don't queue twice */
424 	if (hwreq->req.status == -EALREADY)
425 		return -EALREADY;
426 
427 	hwreq->req.status = -EALREADY;
428 
429 	ret = usb_gadget_map_request(&ci->gadget, &hwreq->req, hwep->dir);
430 	if (ret)
431 		return ret;
432 
433 	/*
434 	 * The first buffer could be not page aligned.
435 	 * In that case we have to span into one extra td.
436 	 */
437 	if (hwreq->req.dma % PAGE_SIZE)
438 		pages--;
439 
440 	if (rest == 0)
441 		add_td_to_list(hwep, hwreq, 0);
442 
443 	while (rest > 0) {
444 		unsigned count = min(hwreq->req.length - hwreq->req.actual,
445 					(unsigned)(pages * CI_HDRC_PAGE_SIZE));
446 		add_td_to_list(hwep, hwreq, count);
447 		rest -= count;
448 	}
449 
450 	if (hwreq->req.zero && hwreq->req.length
451 	    && (hwreq->req.length % hwep->ep.maxpacket == 0))
452 		add_td_to_list(hwep, hwreq, 0);
453 
454 	firstnode = list_first_entry(&hwreq->tds, struct td_node, td);
455 
456 	lastnode = list_entry(hwreq->tds.prev,
457 		struct td_node, td);
458 
459 	lastnode->ptr->next = cpu_to_le32(TD_TERMINATE);
460 	if (!hwreq->req.no_interrupt)
461 		lastnode->ptr->token |= cpu_to_le32(TD_IOC);
462 	wmb();
463 
464 	hwreq->req.actual = 0;
465 	if (!list_empty(&hwep->qh.queue)) {
466 		struct ci_hw_req *hwreqprev;
467 		int n = hw_ep_bit(hwep->num, hwep->dir);
468 		int tmp_stat;
469 		struct td_node *prevlastnode;
470 		u32 next = firstnode->dma & TD_ADDR_MASK;
471 
472 		hwreqprev = list_entry(hwep->qh.queue.prev,
473 				struct ci_hw_req, queue);
474 		prevlastnode = list_entry(hwreqprev->tds.prev,
475 				struct td_node, td);
476 
477 		prevlastnode->ptr->next = cpu_to_le32(next);
478 		wmb();
479 		if (hw_read(ci, OP_ENDPTPRIME, BIT(n)))
480 			goto done;
481 		do {
482 			hw_write(ci, OP_USBCMD, USBCMD_ATDTW, USBCMD_ATDTW);
483 			tmp_stat = hw_read(ci, OP_ENDPTSTAT, BIT(n));
484 		} while (!hw_read(ci, OP_USBCMD, USBCMD_ATDTW));
485 		hw_write(ci, OP_USBCMD, USBCMD_ATDTW, 0);
486 		if (tmp_stat)
487 			goto done;
488 	}
489 
490 	/*  QH configuration */
491 	hwep->qh.ptr->td.next = cpu_to_le32(firstnode->dma);
492 	hwep->qh.ptr->td.token &=
493 		cpu_to_le32(~(TD_STATUS_HALTED|TD_STATUS_ACTIVE));
494 
495 	if (hwep->type == USB_ENDPOINT_XFER_ISOC && hwep->dir == RX) {
496 		u32 mul = hwreq->req.length / hwep->ep.maxpacket;
497 
498 		if (hwreq->req.length == 0
499 				|| hwreq->req.length % hwep->ep.maxpacket)
500 			mul++;
501 		hwep->qh.ptr->cap |= mul << __ffs(QH_MULT);
502 	}
503 
504 	wmb();   /* synchronize before ep prime */
505 
506 	ret = hw_ep_prime(ci, hwep->num, hwep->dir,
507 			   hwep->type == USB_ENDPOINT_XFER_CONTROL);
508 done:
509 	return ret;
510 }
511 
512 /*
513  * free_pending_td: remove a pending request for the endpoint
514  * @hwep: endpoint
515  */
516 static void free_pending_td(struct ci_hw_ep *hwep)
517 {
518 	struct td_node *pending = hwep->pending_td;
519 
520 	dma_pool_free(hwep->td_pool, pending->ptr, pending->dma);
521 	hwep->pending_td = NULL;
522 	kfree(pending);
523 }
524 
525 /**
526  * _hardware_dequeue: handles a request at hardware level
527  * @gadget: gadget
528  * @hwep:   endpoint
529  *
530  * This function returns an error code
531  */
532 static int _hardware_dequeue(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq)
533 {
534 	u32 tmptoken;
535 	struct td_node *node, *tmpnode;
536 	unsigned remaining_length;
537 	unsigned actual = hwreq->req.length;
538 
539 	if (hwreq->req.status != -EALREADY)
540 		return -EINVAL;
541 
542 	hwreq->req.status = 0;
543 
544 	list_for_each_entry_safe(node, tmpnode, &hwreq->tds, td) {
545 		tmptoken = le32_to_cpu(node->ptr->token);
546 		if ((TD_STATUS_ACTIVE & tmptoken) != 0) {
547 			hwreq->req.status = -EALREADY;
548 			return -EBUSY;
549 		}
550 
551 		remaining_length = (tmptoken & TD_TOTAL_BYTES);
552 		remaining_length >>= __ffs(TD_TOTAL_BYTES);
553 		actual -= remaining_length;
554 
555 		hwreq->req.status = tmptoken & TD_STATUS;
556 		if ((TD_STATUS_HALTED & hwreq->req.status)) {
557 			hwreq->req.status = -EPIPE;
558 			break;
559 		} else if ((TD_STATUS_DT_ERR & hwreq->req.status)) {
560 			hwreq->req.status = -EPROTO;
561 			break;
562 		} else if ((TD_STATUS_TR_ERR & hwreq->req.status)) {
563 			hwreq->req.status = -EILSEQ;
564 			break;
565 		}
566 
567 		if (remaining_length) {
568 			if (hwep->dir) {
569 				hwreq->req.status = -EPROTO;
570 				break;
571 			}
572 		}
573 		/*
574 		 * As the hardware could still address the freed td
575 		 * which will run the udc unusable, the cleanup of the
576 		 * td has to be delayed by one.
577 		 */
578 		if (hwep->pending_td)
579 			free_pending_td(hwep);
580 
581 		hwep->pending_td = node;
582 		list_del_init(&node->td);
583 	}
584 
585 	usb_gadget_unmap_request(&hwep->ci->gadget, &hwreq->req, hwep->dir);
586 
587 	hwreq->req.actual += actual;
588 
589 	if (hwreq->req.status)
590 		return hwreq->req.status;
591 
592 	return hwreq->req.actual;
593 }
594 
595 /**
596  * _ep_nuke: dequeues all endpoint requests
597  * @hwep: endpoint
598  *
599  * This function returns an error code
600  * Caller must hold lock
601  */
602 static int _ep_nuke(struct ci_hw_ep *hwep)
603 __releases(hwep->lock)
604 __acquires(hwep->lock)
605 {
606 	struct td_node *node, *tmpnode;
607 	if (hwep == NULL)
608 		return -EINVAL;
609 
610 	hw_ep_flush(hwep->ci, hwep->num, hwep->dir);
611 
612 	while (!list_empty(&hwep->qh.queue)) {
613 
614 		/* pop oldest request */
615 		struct ci_hw_req *hwreq = list_entry(hwep->qh.queue.next,
616 						     struct ci_hw_req, queue);
617 
618 		list_for_each_entry_safe(node, tmpnode, &hwreq->tds, td) {
619 			dma_pool_free(hwep->td_pool, node->ptr, node->dma);
620 			list_del_init(&node->td);
621 			node->ptr = NULL;
622 			kfree(node);
623 		}
624 
625 		list_del_init(&hwreq->queue);
626 		hwreq->req.status = -ESHUTDOWN;
627 
628 		if (hwreq->req.complete != NULL) {
629 			spin_unlock(hwep->lock);
630 			hwreq->req.complete(&hwep->ep, &hwreq->req);
631 			spin_lock(hwep->lock);
632 		}
633 	}
634 
635 	if (hwep->pending_td)
636 		free_pending_td(hwep);
637 
638 	return 0;
639 }
640 
641 /**
642  * _gadget_stop_activity: stops all USB activity, flushes & disables all endpts
643  * @gadget: gadget
644  *
645  * This function returns an error code
646  */
647 static int _gadget_stop_activity(struct usb_gadget *gadget)
648 {
649 	struct usb_ep *ep;
650 	struct ci_hdrc    *ci = container_of(gadget, struct ci_hdrc, gadget);
651 	unsigned long flags;
652 
653 	spin_lock_irqsave(&ci->lock, flags);
654 	ci->gadget.speed = USB_SPEED_UNKNOWN;
655 	ci->remote_wakeup = 0;
656 	ci->suspended = 0;
657 	spin_unlock_irqrestore(&ci->lock, flags);
658 
659 	/* flush all endpoints */
660 	gadget_for_each_ep(ep, gadget) {
661 		usb_ep_fifo_flush(ep);
662 	}
663 	usb_ep_fifo_flush(&ci->ep0out->ep);
664 	usb_ep_fifo_flush(&ci->ep0in->ep);
665 
666 	/* make sure to disable all endpoints */
667 	gadget_for_each_ep(ep, gadget) {
668 		usb_ep_disable(ep);
669 	}
670 
671 	if (ci->status != NULL) {
672 		usb_ep_free_request(&ci->ep0in->ep, ci->status);
673 		ci->status = NULL;
674 	}
675 
676 	return 0;
677 }
678 
679 /******************************************************************************
680  * ISR block
681  *****************************************************************************/
682 /**
683  * isr_reset_handler: USB reset interrupt handler
684  * @ci: UDC device
685  *
686  * This function resets USB engine after a bus reset occurred
687  */
688 static void isr_reset_handler(struct ci_hdrc *ci)
689 __releases(ci->lock)
690 __acquires(ci->lock)
691 {
692 	int retval;
693 
694 	spin_unlock(&ci->lock);
695 	if (ci->gadget.speed != USB_SPEED_UNKNOWN) {
696 		if (ci->driver)
697 			ci->driver->disconnect(&ci->gadget);
698 	}
699 
700 	retval = _gadget_stop_activity(&ci->gadget);
701 	if (retval)
702 		goto done;
703 
704 	retval = hw_usb_reset(ci);
705 	if (retval)
706 		goto done;
707 
708 	ci->status = usb_ep_alloc_request(&ci->ep0in->ep, GFP_ATOMIC);
709 	if (ci->status == NULL)
710 		retval = -ENOMEM;
711 
712 	usb_gadget_set_state(&ci->gadget, USB_STATE_DEFAULT);
713 
714 done:
715 	spin_lock(&ci->lock);
716 
717 	if (retval)
718 		dev_err(ci->dev, "error: %i\n", retval);
719 }
720 
721 /**
722  * isr_get_status_complete: get_status request complete function
723  * @ep:  endpoint
724  * @req: request handled
725  *
726  * Caller must release lock
727  */
728 static void isr_get_status_complete(struct usb_ep *ep, struct usb_request *req)
729 {
730 	if (ep == NULL || req == NULL)
731 		return;
732 
733 	kfree(req->buf);
734 	usb_ep_free_request(ep, req);
735 }
736 
737 /**
738  * _ep_queue: queues (submits) an I/O request to an endpoint
739  *
740  * Caller must hold lock
741  */
742 static int _ep_queue(struct usb_ep *ep, struct usb_request *req,
743 		    gfp_t __maybe_unused gfp_flags)
744 {
745 	struct ci_hw_ep  *hwep  = container_of(ep,  struct ci_hw_ep, ep);
746 	struct ci_hw_req *hwreq = container_of(req, struct ci_hw_req, req);
747 	struct ci_hdrc *ci = hwep->ci;
748 	int retval = 0;
749 
750 	if (ep == NULL || req == NULL || hwep->ep.desc == NULL)
751 		return -EINVAL;
752 
753 	if (hwep->type == USB_ENDPOINT_XFER_CONTROL) {
754 		if (req->length)
755 			hwep = (ci->ep0_dir == RX) ?
756 			       ci->ep0out : ci->ep0in;
757 		if (!list_empty(&hwep->qh.queue)) {
758 			_ep_nuke(hwep);
759 			retval = -EOVERFLOW;
760 			dev_warn(hwep->ci->dev, "endpoint ctrl %X nuked\n",
761 				 _usb_addr(hwep));
762 		}
763 	}
764 
765 	if (usb_endpoint_xfer_isoc(hwep->ep.desc) &&
766 	    hwreq->req.length > (1 + hwep->ep.mult) * hwep->ep.maxpacket) {
767 		dev_err(hwep->ci->dev, "request length too big for isochronous\n");
768 		return -EMSGSIZE;
769 	}
770 
771 	/* first nuke then test link, e.g. previous status has not sent */
772 	if (!list_empty(&hwreq->queue)) {
773 		dev_err(hwep->ci->dev, "request already in queue\n");
774 		return -EBUSY;
775 	}
776 
777 	/* push request */
778 	hwreq->req.status = -EINPROGRESS;
779 	hwreq->req.actual = 0;
780 
781 	retval = _hardware_enqueue(hwep, hwreq);
782 
783 	if (retval == -EALREADY)
784 		retval = 0;
785 	if (!retval)
786 		list_add_tail(&hwreq->queue, &hwep->qh.queue);
787 
788 	return retval;
789 }
790 
791 /**
792  * isr_get_status_response: get_status request response
793  * @ci: ci struct
794  * @setup: setup request packet
795  *
796  * This function returns an error code
797  */
798 static int isr_get_status_response(struct ci_hdrc *ci,
799 				   struct usb_ctrlrequest *setup)
800 __releases(hwep->lock)
801 __acquires(hwep->lock)
802 {
803 	struct ci_hw_ep *hwep = ci->ep0in;
804 	struct usb_request *req = NULL;
805 	gfp_t gfp_flags = GFP_ATOMIC;
806 	int dir, num, retval;
807 
808 	if (hwep == NULL || setup == NULL)
809 		return -EINVAL;
810 
811 	spin_unlock(hwep->lock);
812 	req = usb_ep_alloc_request(&hwep->ep, gfp_flags);
813 	spin_lock(hwep->lock);
814 	if (req == NULL)
815 		return -ENOMEM;
816 
817 	req->complete = isr_get_status_complete;
818 	req->length   = 2;
819 	req->buf      = kzalloc(req->length, gfp_flags);
820 	if (req->buf == NULL) {
821 		retval = -ENOMEM;
822 		goto err_free_req;
823 	}
824 
825 	if ((setup->bRequestType & USB_RECIP_MASK) == USB_RECIP_DEVICE) {
826 		/* Assume that device is bus powered for now. */
827 		*(u16 *)req->buf = ci->remote_wakeup << 1;
828 	} else if ((setup->bRequestType & USB_RECIP_MASK) \
829 		   == USB_RECIP_ENDPOINT) {
830 		dir = (le16_to_cpu(setup->wIndex) & USB_ENDPOINT_DIR_MASK) ?
831 			TX : RX;
832 		num =  le16_to_cpu(setup->wIndex) & USB_ENDPOINT_NUMBER_MASK;
833 		*(u16 *)req->buf = hw_ep_get_halt(ci, num, dir);
834 	}
835 	/* else do nothing; reserved for future use */
836 
837 	retval = _ep_queue(&hwep->ep, req, gfp_flags);
838 	if (retval)
839 		goto err_free_buf;
840 
841 	return 0;
842 
843  err_free_buf:
844 	kfree(req->buf);
845  err_free_req:
846 	spin_unlock(hwep->lock);
847 	usb_ep_free_request(&hwep->ep, req);
848 	spin_lock(hwep->lock);
849 	return retval;
850 }
851 
852 /**
853  * isr_setup_status_complete: setup_status request complete function
854  * @ep:  endpoint
855  * @req: request handled
856  *
857  * Caller must release lock. Put the port in test mode if test mode
858  * feature is selected.
859  */
860 static void
861 isr_setup_status_complete(struct usb_ep *ep, struct usb_request *req)
862 {
863 	struct ci_hdrc *ci = req->context;
864 	unsigned long flags;
865 
866 	if (ci->setaddr) {
867 		hw_usb_set_address(ci, ci->address);
868 		ci->setaddr = false;
869 		if (ci->address)
870 			usb_gadget_set_state(&ci->gadget, USB_STATE_ADDRESS);
871 	}
872 
873 	spin_lock_irqsave(&ci->lock, flags);
874 	if (ci->test_mode)
875 		hw_port_test_set(ci, ci->test_mode);
876 	spin_unlock_irqrestore(&ci->lock, flags);
877 }
878 
879 /**
880  * isr_setup_status_phase: queues the status phase of a setup transation
881  * @ci: ci struct
882  *
883  * This function returns an error code
884  */
885 static int isr_setup_status_phase(struct ci_hdrc *ci)
886 {
887 	int retval;
888 	struct ci_hw_ep *hwep;
889 
890 	hwep = (ci->ep0_dir == TX) ? ci->ep0out : ci->ep0in;
891 	ci->status->context = ci;
892 	ci->status->complete = isr_setup_status_complete;
893 
894 	retval = _ep_queue(&hwep->ep, ci->status, GFP_ATOMIC);
895 
896 	return retval;
897 }
898 
899 /**
900  * isr_tr_complete_low: transaction complete low level handler
901  * @hwep: endpoint
902  *
903  * This function returns an error code
904  * Caller must hold lock
905  */
906 static int isr_tr_complete_low(struct ci_hw_ep *hwep)
907 __releases(hwep->lock)
908 __acquires(hwep->lock)
909 {
910 	struct ci_hw_req *hwreq, *hwreqtemp;
911 	struct ci_hw_ep *hweptemp = hwep;
912 	int retval = 0;
913 
914 	list_for_each_entry_safe(hwreq, hwreqtemp, &hwep->qh.queue,
915 			queue) {
916 		retval = _hardware_dequeue(hwep, hwreq);
917 		if (retval < 0)
918 			break;
919 		list_del_init(&hwreq->queue);
920 		if (hwreq->req.complete != NULL) {
921 			spin_unlock(hwep->lock);
922 			if ((hwep->type == USB_ENDPOINT_XFER_CONTROL) &&
923 					hwreq->req.length)
924 				hweptemp = hwep->ci->ep0in;
925 			hwreq->req.complete(&hweptemp->ep, &hwreq->req);
926 			spin_lock(hwep->lock);
927 		}
928 	}
929 
930 	if (retval == -EBUSY)
931 		retval = 0;
932 
933 	return retval;
934 }
935 
936 /**
937  * isr_setup_packet_handler: setup packet handler
938  * @ci: UDC descriptor
939  *
940  * This function handles setup packet
941  */
942 static void isr_setup_packet_handler(struct ci_hdrc *ci)
943 __releases(ci->lock)
944 __acquires(ci->lock)
945 {
946 	struct ci_hw_ep *hwep = &ci->ci_hw_ep[0];
947 	struct usb_ctrlrequest req;
948 	int type, num, dir, err = -EINVAL;
949 	u8 tmode = 0;
950 
951 	/*
952 	 * Flush data and handshake transactions of previous
953 	 * setup packet.
954 	 */
955 	_ep_nuke(ci->ep0out);
956 	_ep_nuke(ci->ep0in);
957 
958 	/* read_setup_packet */
959 	do {
960 		hw_test_and_set_setup_guard(ci);
961 		memcpy(&req, &hwep->qh.ptr->setup, sizeof(req));
962 	} while (!hw_test_and_clear_setup_guard(ci));
963 
964 	type = req.bRequestType;
965 
966 	ci->ep0_dir = (type & USB_DIR_IN) ? TX : RX;
967 
968 	switch (req.bRequest) {
969 	case USB_REQ_CLEAR_FEATURE:
970 		if (type == (USB_DIR_OUT|USB_RECIP_ENDPOINT) &&
971 				le16_to_cpu(req.wValue) ==
972 				USB_ENDPOINT_HALT) {
973 			if (req.wLength != 0)
974 				break;
975 			num  = le16_to_cpu(req.wIndex);
976 			dir = num & USB_ENDPOINT_DIR_MASK;
977 			num &= USB_ENDPOINT_NUMBER_MASK;
978 			if (dir) /* TX */
979 				num += ci->hw_ep_max / 2;
980 			if (!ci->ci_hw_ep[num].wedge) {
981 				spin_unlock(&ci->lock);
982 				err = usb_ep_clear_halt(
983 					&ci->ci_hw_ep[num].ep);
984 				spin_lock(&ci->lock);
985 				if (err)
986 					break;
987 			}
988 			err = isr_setup_status_phase(ci);
989 		} else if (type == (USB_DIR_OUT|USB_RECIP_DEVICE) &&
990 				le16_to_cpu(req.wValue) ==
991 				USB_DEVICE_REMOTE_WAKEUP) {
992 			if (req.wLength != 0)
993 				break;
994 			ci->remote_wakeup = 0;
995 			err = isr_setup_status_phase(ci);
996 		} else {
997 			goto delegate;
998 		}
999 		break;
1000 	case USB_REQ_GET_STATUS:
1001 		if (type != (USB_DIR_IN|USB_RECIP_DEVICE)   &&
1002 		    type != (USB_DIR_IN|USB_RECIP_ENDPOINT) &&
1003 		    type != (USB_DIR_IN|USB_RECIP_INTERFACE))
1004 			goto delegate;
1005 		if (le16_to_cpu(req.wLength) != 2 ||
1006 		    le16_to_cpu(req.wValue)  != 0)
1007 			break;
1008 		err = isr_get_status_response(ci, &req);
1009 		break;
1010 	case USB_REQ_SET_ADDRESS:
1011 		if (type != (USB_DIR_OUT|USB_RECIP_DEVICE))
1012 			goto delegate;
1013 		if (le16_to_cpu(req.wLength) != 0 ||
1014 		    le16_to_cpu(req.wIndex)  != 0)
1015 			break;
1016 		ci->address = (u8)le16_to_cpu(req.wValue);
1017 		ci->setaddr = true;
1018 		err = isr_setup_status_phase(ci);
1019 		break;
1020 	case USB_REQ_SET_FEATURE:
1021 		if (type == (USB_DIR_OUT|USB_RECIP_ENDPOINT) &&
1022 				le16_to_cpu(req.wValue) ==
1023 				USB_ENDPOINT_HALT) {
1024 			if (req.wLength != 0)
1025 				break;
1026 			num  = le16_to_cpu(req.wIndex);
1027 			dir = num & USB_ENDPOINT_DIR_MASK;
1028 			num &= USB_ENDPOINT_NUMBER_MASK;
1029 			if (dir) /* TX */
1030 				num += ci->hw_ep_max / 2;
1031 
1032 			spin_unlock(&ci->lock);
1033 			err = usb_ep_set_halt(&ci->ci_hw_ep[num].ep);
1034 			spin_lock(&ci->lock);
1035 			if (!err)
1036 				isr_setup_status_phase(ci);
1037 		} else if (type == (USB_DIR_OUT|USB_RECIP_DEVICE)) {
1038 			if (req.wLength != 0)
1039 				break;
1040 			switch (le16_to_cpu(req.wValue)) {
1041 			case USB_DEVICE_REMOTE_WAKEUP:
1042 				ci->remote_wakeup = 1;
1043 				err = isr_setup_status_phase(ci);
1044 				break;
1045 			case USB_DEVICE_TEST_MODE:
1046 				tmode = le16_to_cpu(req.wIndex) >> 8;
1047 				switch (tmode) {
1048 				case TEST_J:
1049 				case TEST_K:
1050 				case TEST_SE0_NAK:
1051 				case TEST_PACKET:
1052 				case TEST_FORCE_EN:
1053 					ci->test_mode = tmode;
1054 					err = isr_setup_status_phase(
1055 							ci);
1056 					break;
1057 				default:
1058 					break;
1059 				}
1060 				break;
1061 			case USB_DEVICE_B_HNP_ENABLE:
1062 				if (ci_otg_is_fsm_mode(ci)) {
1063 					ci->gadget.b_hnp_enable = 1;
1064 					err = isr_setup_status_phase(
1065 							ci);
1066 				}
1067 				break;
1068 			default:
1069 				goto delegate;
1070 			}
1071 		} else {
1072 			goto delegate;
1073 		}
1074 		break;
1075 	default:
1076 delegate:
1077 		if (req.wLength == 0)   /* no data phase */
1078 			ci->ep0_dir = TX;
1079 
1080 		spin_unlock(&ci->lock);
1081 		err = ci->driver->setup(&ci->gadget, &req);
1082 		spin_lock(&ci->lock);
1083 		break;
1084 	}
1085 
1086 	if (err < 0) {
1087 		spin_unlock(&ci->lock);
1088 		if (usb_ep_set_halt(&hwep->ep))
1089 			dev_err(ci->dev, "error: ep_set_halt\n");
1090 		spin_lock(&ci->lock);
1091 	}
1092 }
1093 
1094 /**
1095  * isr_tr_complete_handler: transaction complete interrupt handler
1096  * @ci: UDC descriptor
1097  *
1098  * This function handles traffic events
1099  */
1100 static void isr_tr_complete_handler(struct ci_hdrc *ci)
1101 __releases(ci->lock)
1102 __acquires(ci->lock)
1103 {
1104 	unsigned i;
1105 	int err;
1106 
1107 	for (i = 0; i < ci->hw_ep_max; i++) {
1108 		struct ci_hw_ep *hwep  = &ci->ci_hw_ep[i];
1109 
1110 		if (hwep->ep.desc == NULL)
1111 			continue;   /* not configured */
1112 
1113 		if (hw_test_and_clear_complete(ci, i)) {
1114 			err = isr_tr_complete_low(hwep);
1115 			if (hwep->type == USB_ENDPOINT_XFER_CONTROL) {
1116 				if (err > 0)   /* needs status phase */
1117 					err = isr_setup_status_phase(ci);
1118 				if (err < 0) {
1119 					spin_unlock(&ci->lock);
1120 					if (usb_ep_set_halt(&hwep->ep))
1121 						dev_err(ci->dev,
1122 							"error: ep_set_halt\n");
1123 					spin_lock(&ci->lock);
1124 				}
1125 			}
1126 		}
1127 
1128 		/* Only handle setup packet below */
1129 		if (i == 0 &&
1130 			hw_test_and_clear(ci, OP_ENDPTSETUPSTAT, BIT(0)))
1131 			isr_setup_packet_handler(ci);
1132 	}
1133 }
1134 
1135 /******************************************************************************
1136  * ENDPT block
1137  *****************************************************************************/
1138 /**
1139  * ep_enable: configure endpoint, making it usable
1140  *
1141  * Check usb_ep_enable() at "usb_gadget.h" for details
1142  */
1143 static int ep_enable(struct usb_ep *ep,
1144 		     const struct usb_endpoint_descriptor *desc)
1145 {
1146 	struct ci_hw_ep *hwep = container_of(ep, struct ci_hw_ep, ep);
1147 	int retval = 0;
1148 	unsigned long flags;
1149 	u32 cap = 0;
1150 
1151 	if (ep == NULL || desc == NULL)
1152 		return -EINVAL;
1153 
1154 	spin_lock_irqsave(hwep->lock, flags);
1155 
1156 	/* only internal SW should enable ctrl endpts */
1157 
1158 	hwep->ep.desc = desc;
1159 
1160 	if (!list_empty(&hwep->qh.queue))
1161 		dev_warn(hwep->ci->dev, "enabling a non-empty endpoint!\n");
1162 
1163 	hwep->dir  = usb_endpoint_dir_in(desc) ? TX : RX;
1164 	hwep->num  = usb_endpoint_num(desc);
1165 	hwep->type = usb_endpoint_type(desc);
1166 
1167 	hwep->ep.maxpacket = usb_endpoint_maxp(desc) & 0x07ff;
1168 	hwep->ep.mult = QH_ISO_MULT(usb_endpoint_maxp(desc));
1169 
1170 	if (hwep->type == USB_ENDPOINT_XFER_CONTROL)
1171 		cap |= QH_IOS;
1172 
1173 	cap |= QH_ZLT;
1174 	cap |= (hwep->ep.maxpacket << __ffs(QH_MAX_PKT)) & QH_MAX_PKT;
1175 	/*
1176 	 * For ISO-TX, we set mult at QH as the largest value, and use
1177 	 * MultO at TD as real mult value.
1178 	 */
1179 	if (hwep->type == USB_ENDPOINT_XFER_ISOC && hwep->dir == TX)
1180 		cap |= 3 << __ffs(QH_MULT);
1181 
1182 	hwep->qh.ptr->cap = cpu_to_le32(cap);
1183 
1184 	hwep->qh.ptr->td.next |= cpu_to_le32(TD_TERMINATE);   /* needed? */
1185 
1186 	if (hwep->num != 0 && hwep->type == USB_ENDPOINT_XFER_CONTROL) {
1187 		dev_err(hwep->ci->dev, "Set control xfer at non-ep0\n");
1188 		retval = -EINVAL;
1189 	}
1190 
1191 	/*
1192 	 * Enable endpoints in the HW other than ep0 as ep0
1193 	 * is always enabled
1194 	 */
1195 	if (hwep->num)
1196 		retval |= hw_ep_enable(hwep->ci, hwep->num, hwep->dir,
1197 				       hwep->type);
1198 
1199 	spin_unlock_irqrestore(hwep->lock, flags);
1200 	return retval;
1201 }
1202 
1203 /**
1204  * ep_disable: endpoint is no longer usable
1205  *
1206  * Check usb_ep_disable() at "usb_gadget.h" for details
1207  */
1208 static int ep_disable(struct usb_ep *ep)
1209 {
1210 	struct ci_hw_ep *hwep = container_of(ep, struct ci_hw_ep, ep);
1211 	int direction, retval = 0;
1212 	unsigned long flags;
1213 
1214 	if (ep == NULL)
1215 		return -EINVAL;
1216 	else if (hwep->ep.desc == NULL)
1217 		return -EBUSY;
1218 
1219 	spin_lock_irqsave(hwep->lock, flags);
1220 
1221 	/* only internal SW should disable ctrl endpts */
1222 
1223 	direction = hwep->dir;
1224 	do {
1225 		retval |= _ep_nuke(hwep);
1226 		retval |= hw_ep_disable(hwep->ci, hwep->num, hwep->dir);
1227 
1228 		if (hwep->type == USB_ENDPOINT_XFER_CONTROL)
1229 			hwep->dir = (hwep->dir == TX) ? RX : TX;
1230 
1231 	} while (hwep->dir != direction);
1232 
1233 	hwep->ep.desc = NULL;
1234 
1235 	spin_unlock_irqrestore(hwep->lock, flags);
1236 	return retval;
1237 }
1238 
1239 /**
1240  * ep_alloc_request: allocate a request object to use with this endpoint
1241  *
1242  * Check usb_ep_alloc_request() at "usb_gadget.h" for details
1243  */
1244 static struct usb_request *ep_alloc_request(struct usb_ep *ep, gfp_t gfp_flags)
1245 {
1246 	struct ci_hw_req *hwreq = NULL;
1247 
1248 	if (ep == NULL)
1249 		return NULL;
1250 
1251 	hwreq = kzalloc(sizeof(struct ci_hw_req), gfp_flags);
1252 	if (hwreq != NULL) {
1253 		INIT_LIST_HEAD(&hwreq->queue);
1254 		INIT_LIST_HEAD(&hwreq->tds);
1255 	}
1256 
1257 	return (hwreq == NULL) ? NULL : &hwreq->req;
1258 }
1259 
1260 /**
1261  * ep_free_request: frees a request object
1262  *
1263  * Check usb_ep_free_request() at "usb_gadget.h" for details
1264  */
1265 static void ep_free_request(struct usb_ep *ep, struct usb_request *req)
1266 {
1267 	struct ci_hw_ep  *hwep  = container_of(ep,  struct ci_hw_ep, ep);
1268 	struct ci_hw_req *hwreq = container_of(req, struct ci_hw_req, req);
1269 	struct td_node *node, *tmpnode;
1270 	unsigned long flags;
1271 
1272 	if (ep == NULL || req == NULL) {
1273 		return;
1274 	} else if (!list_empty(&hwreq->queue)) {
1275 		dev_err(hwep->ci->dev, "freeing queued request\n");
1276 		return;
1277 	}
1278 
1279 	spin_lock_irqsave(hwep->lock, flags);
1280 
1281 	list_for_each_entry_safe(node, tmpnode, &hwreq->tds, td) {
1282 		dma_pool_free(hwep->td_pool, node->ptr, node->dma);
1283 		list_del_init(&node->td);
1284 		node->ptr = NULL;
1285 		kfree(node);
1286 	}
1287 
1288 	kfree(hwreq);
1289 
1290 	spin_unlock_irqrestore(hwep->lock, flags);
1291 }
1292 
1293 /**
1294  * ep_queue: queues (submits) an I/O request to an endpoint
1295  *
1296  * Check usb_ep_queue()* at usb_gadget.h" for details
1297  */
1298 static int ep_queue(struct usb_ep *ep, struct usb_request *req,
1299 		    gfp_t __maybe_unused gfp_flags)
1300 {
1301 	struct ci_hw_ep  *hwep  = container_of(ep,  struct ci_hw_ep, ep);
1302 	int retval = 0;
1303 	unsigned long flags;
1304 
1305 	if (ep == NULL || req == NULL || hwep->ep.desc == NULL)
1306 		return -EINVAL;
1307 
1308 	spin_lock_irqsave(hwep->lock, flags);
1309 	retval = _ep_queue(ep, req, gfp_flags);
1310 	spin_unlock_irqrestore(hwep->lock, flags);
1311 	return retval;
1312 }
1313 
1314 /**
1315  * ep_dequeue: dequeues (cancels, unlinks) an I/O request from an endpoint
1316  *
1317  * Check usb_ep_dequeue() at "usb_gadget.h" for details
1318  */
1319 static int ep_dequeue(struct usb_ep *ep, struct usb_request *req)
1320 {
1321 	struct ci_hw_ep  *hwep  = container_of(ep,  struct ci_hw_ep, ep);
1322 	struct ci_hw_req *hwreq = container_of(req, struct ci_hw_req, req);
1323 	unsigned long flags;
1324 	struct td_node *node, *tmpnode;
1325 
1326 	if (ep == NULL || req == NULL || hwreq->req.status != -EALREADY ||
1327 		hwep->ep.desc == NULL || list_empty(&hwreq->queue) ||
1328 		list_empty(&hwep->qh.queue))
1329 		return -EINVAL;
1330 
1331 	spin_lock_irqsave(hwep->lock, flags);
1332 
1333 	hw_ep_flush(hwep->ci, hwep->num, hwep->dir);
1334 
1335 	list_for_each_entry_safe(node, tmpnode, &hwreq->tds, td) {
1336 		dma_pool_free(hwep->td_pool, node->ptr, node->dma);
1337 		list_del(&node->td);
1338 		kfree(node);
1339 	}
1340 
1341 	/* pop request */
1342 	list_del_init(&hwreq->queue);
1343 
1344 	usb_gadget_unmap_request(&hwep->ci->gadget, req, hwep->dir);
1345 
1346 	req->status = -ECONNRESET;
1347 
1348 	if (hwreq->req.complete != NULL) {
1349 		spin_unlock(hwep->lock);
1350 		hwreq->req.complete(&hwep->ep, &hwreq->req);
1351 		spin_lock(hwep->lock);
1352 	}
1353 
1354 	spin_unlock_irqrestore(hwep->lock, flags);
1355 	return 0;
1356 }
1357 
1358 /**
1359  * ep_set_halt: sets the endpoint halt feature
1360  *
1361  * Check usb_ep_set_halt() at "usb_gadget.h" for details
1362  */
1363 static int ep_set_halt(struct usb_ep *ep, int value)
1364 {
1365 	struct ci_hw_ep *hwep = container_of(ep, struct ci_hw_ep, ep);
1366 	int direction, retval = 0;
1367 	unsigned long flags;
1368 
1369 	if (ep == NULL || hwep->ep.desc == NULL)
1370 		return -EINVAL;
1371 
1372 	if (usb_endpoint_xfer_isoc(hwep->ep.desc))
1373 		return -EOPNOTSUPP;
1374 
1375 	spin_lock_irqsave(hwep->lock, flags);
1376 
1377 #ifndef STALL_IN
1378 	/* g_file_storage MS compliant but g_zero fails chapter 9 compliance */
1379 	if (value && hwep->type == USB_ENDPOINT_XFER_BULK && hwep->dir == TX &&
1380 	    !list_empty(&hwep->qh.queue)) {
1381 		spin_unlock_irqrestore(hwep->lock, flags);
1382 		return -EAGAIN;
1383 	}
1384 #endif
1385 
1386 	direction = hwep->dir;
1387 	do {
1388 		retval |= hw_ep_set_halt(hwep->ci, hwep->num, hwep->dir, value);
1389 
1390 		if (!value)
1391 			hwep->wedge = 0;
1392 
1393 		if (hwep->type == USB_ENDPOINT_XFER_CONTROL)
1394 			hwep->dir = (hwep->dir == TX) ? RX : TX;
1395 
1396 	} while (hwep->dir != direction);
1397 
1398 	spin_unlock_irqrestore(hwep->lock, flags);
1399 	return retval;
1400 }
1401 
1402 /**
1403  * ep_set_wedge: sets the halt feature and ignores clear requests
1404  *
1405  * Check usb_ep_set_wedge() at "usb_gadget.h" for details
1406  */
1407 static int ep_set_wedge(struct usb_ep *ep)
1408 {
1409 	struct ci_hw_ep *hwep = container_of(ep, struct ci_hw_ep, ep);
1410 	unsigned long flags;
1411 
1412 	if (ep == NULL || hwep->ep.desc == NULL)
1413 		return -EINVAL;
1414 
1415 	spin_lock_irqsave(hwep->lock, flags);
1416 	hwep->wedge = 1;
1417 	spin_unlock_irqrestore(hwep->lock, flags);
1418 
1419 	return usb_ep_set_halt(ep);
1420 }
1421 
1422 /**
1423  * ep_fifo_flush: flushes contents of a fifo
1424  *
1425  * Check usb_ep_fifo_flush() at "usb_gadget.h" for details
1426  */
1427 static void ep_fifo_flush(struct usb_ep *ep)
1428 {
1429 	struct ci_hw_ep *hwep = container_of(ep, struct ci_hw_ep, ep);
1430 	unsigned long flags;
1431 
1432 	if (ep == NULL) {
1433 		dev_err(hwep->ci->dev, "%02X: -EINVAL\n", _usb_addr(hwep));
1434 		return;
1435 	}
1436 
1437 	spin_lock_irqsave(hwep->lock, flags);
1438 
1439 	hw_ep_flush(hwep->ci, hwep->num, hwep->dir);
1440 
1441 	spin_unlock_irqrestore(hwep->lock, flags);
1442 }
1443 
1444 /**
1445  * Endpoint-specific part of the API to the USB controller hardware
1446  * Check "usb_gadget.h" for details
1447  */
1448 static const struct usb_ep_ops usb_ep_ops = {
1449 	.enable	       = ep_enable,
1450 	.disable       = ep_disable,
1451 	.alloc_request = ep_alloc_request,
1452 	.free_request  = ep_free_request,
1453 	.queue	       = ep_queue,
1454 	.dequeue       = ep_dequeue,
1455 	.set_halt      = ep_set_halt,
1456 	.set_wedge     = ep_set_wedge,
1457 	.fifo_flush    = ep_fifo_flush,
1458 };
1459 
1460 /******************************************************************************
1461  * GADGET block
1462  *****************************************************************************/
1463 static int ci_udc_vbus_session(struct usb_gadget *_gadget, int is_active)
1464 {
1465 	struct ci_hdrc *ci = container_of(_gadget, struct ci_hdrc, gadget);
1466 	unsigned long flags;
1467 	int gadget_ready = 0;
1468 
1469 	spin_lock_irqsave(&ci->lock, flags);
1470 	ci->vbus_active = is_active;
1471 	if (ci->driver)
1472 		gadget_ready = 1;
1473 	spin_unlock_irqrestore(&ci->lock, flags);
1474 
1475 	if (gadget_ready) {
1476 		if (is_active) {
1477 			pm_runtime_get_sync(&_gadget->dev);
1478 			hw_device_reset(ci, USBMODE_CM_DC);
1479 			hw_device_state(ci, ci->ep0out->qh.dma);
1480 			usb_gadget_set_state(_gadget, USB_STATE_POWERED);
1481 		} else {
1482 			if (ci->driver)
1483 				ci->driver->disconnect(&ci->gadget);
1484 			hw_device_state(ci, 0);
1485 			if (ci->platdata->notify_event)
1486 				ci->platdata->notify_event(ci,
1487 				CI_HDRC_CONTROLLER_STOPPED_EVENT);
1488 			_gadget_stop_activity(&ci->gadget);
1489 			pm_runtime_put_sync(&_gadget->dev);
1490 			usb_gadget_set_state(_gadget, USB_STATE_NOTATTACHED);
1491 		}
1492 	}
1493 
1494 	return 0;
1495 }
1496 
1497 static int ci_udc_wakeup(struct usb_gadget *_gadget)
1498 {
1499 	struct ci_hdrc *ci = container_of(_gadget, struct ci_hdrc, gadget);
1500 	unsigned long flags;
1501 	int ret = 0;
1502 
1503 	spin_lock_irqsave(&ci->lock, flags);
1504 	if (!ci->remote_wakeup) {
1505 		ret = -EOPNOTSUPP;
1506 		goto out;
1507 	}
1508 	if (!hw_read(ci, OP_PORTSC, PORTSC_SUSP)) {
1509 		ret = -EINVAL;
1510 		goto out;
1511 	}
1512 	hw_write(ci, OP_PORTSC, PORTSC_FPR, PORTSC_FPR);
1513 out:
1514 	spin_unlock_irqrestore(&ci->lock, flags);
1515 	return ret;
1516 }
1517 
1518 static int ci_udc_vbus_draw(struct usb_gadget *_gadget, unsigned ma)
1519 {
1520 	struct ci_hdrc *ci = container_of(_gadget, struct ci_hdrc, gadget);
1521 
1522 	if (ci->transceiver)
1523 		return usb_phy_set_power(ci->transceiver, ma);
1524 	return -ENOTSUPP;
1525 }
1526 
1527 /* Change Data+ pullup status
1528  * this func is used by usb_gadget_connect/disconnet
1529  */
1530 static int ci_udc_pullup(struct usb_gadget *_gadget, int is_on)
1531 {
1532 	struct ci_hdrc *ci = container_of(_gadget, struct ci_hdrc, gadget);
1533 
1534 	if (!ci->vbus_active)
1535 		return -EOPNOTSUPP;
1536 
1537 	if (is_on)
1538 		hw_write(ci, OP_USBCMD, USBCMD_RS, USBCMD_RS);
1539 	else
1540 		hw_write(ci, OP_USBCMD, USBCMD_RS, 0);
1541 
1542 	return 0;
1543 }
1544 
1545 static int ci_udc_start(struct usb_gadget *gadget,
1546 			 struct usb_gadget_driver *driver);
1547 static int ci_udc_stop(struct usb_gadget *gadget,
1548 			struct usb_gadget_driver *driver);
1549 /**
1550  * Device operations part of the API to the USB controller hardware,
1551  * which don't involve endpoints (or i/o)
1552  * Check  "usb_gadget.h" for details
1553  */
1554 static const struct usb_gadget_ops usb_gadget_ops = {
1555 	.vbus_session	= ci_udc_vbus_session,
1556 	.wakeup		= ci_udc_wakeup,
1557 	.pullup		= ci_udc_pullup,
1558 	.vbus_draw	= ci_udc_vbus_draw,
1559 	.udc_start	= ci_udc_start,
1560 	.udc_stop	= ci_udc_stop,
1561 };
1562 
1563 static int init_eps(struct ci_hdrc *ci)
1564 {
1565 	int retval = 0, i, j;
1566 
1567 	for (i = 0; i < ci->hw_ep_max/2; i++)
1568 		for (j = RX; j <= TX; j++) {
1569 			int k = i + j * ci->hw_ep_max/2;
1570 			struct ci_hw_ep *hwep = &ci->ci_hw_ep[k];
1571 
1572 			scnprintf(hwep->name, sizeof(hwep->name), "ep%i%s", i,
1573 					(j == TX)  ? "in" : "out");
1574 
1575 			hwep->ci          = ci;
1576 			hwep->lock         = &ci->lock;
1577 			hwep->td_pool      = ci->td_pool;
1578 
1579 			hwep->ep.name      = hwep->name;
1580 			hwep->ep.ops       = &usb_ep_ops;
1581 			/*
1582 			 * for ep0: maxP defined in desc, for other
1583 			 * eps, maxP is set by epautoconfig() called
1584 			 * by gadget layer
1585 			 */
1586 			usb_ep_set_maxpacket_limit(&hwep->ep, (unsigned short)~0);
1587 
1588 			INIT_LIST_HEAD(&hwep->qh.queue);
1589 			hwep->qh.ptr = dma_pool_alloc(ci->qh_pool, GFP_KERNEL,
1590 						     &hwep->qh.dma);
1591 			if (hwep->qh.ptr == NULL)
1592 				retval = -ENOMEM;
1593 			else
1594 				memset(hwep->qh.ptr, 0, sizeof(*hwep->qh.ptr));
1595 
1596 			/*
1597 			 * set up shorthands for ep0 out and in endpoints,
1598 			 * don't add to gadget's ep_list
1599 			 */
1600 			if (i == 0) {
1601 				if (j == RX)
1602 					ci->ep0out = hwep;
1603 				else
1604 					ci->ep0in = hwep;
1605 
1606 				usb_ep_set_maxpacket_limit(&hwep->ep, CTRL_PAYLOAD_MAX);
1607 				continue;
1608 			}
1609 
1610 			list_add_tail(&hwep->ep.ep_list, &ci->gadget.ep_list);
1611 		}
1612 
1613 	return retval;
1614 }
1615 
1616 static void destroy_eps(struct ci_hdrc *ci)
1617 {
1618 	int i;
1619 
1620 	for (i = 0; i < ci->hw_ep_max; i++) {
1621 		struct ci_hw_ep *hwep = &ci->ci_hw_ep[i];
1622 
1623 		if (hwep->pending_td)
1624 			free_pending_td(hwep);
1625 		dma_pool_free(ci->qh_pool, hwep->qh.ptr, hwep->qh.dma);
1626 	}
1627 }
1628 
1629 /**
1630  * ci_udc_start: register a gadget driver
1631  * @gadget: our gadget
1632  * @driver: the driver being registered
1633  *
1634  * Interrupts are enabled here.
1635  */
1636 static int ci_udc_start(struct usb_gadget *gadget,
1637 			 struct usb_gadget_driver *driver)
1638 {
1639 	struct ci_hdrc *ci = container_of(gadget, struct ci_hdrc, gadget);
1640 	unsigned long flags;
1641 	int retval = -ENOMEM;
1642 
1643 	if (driver->disconnect == NULL)
1644 		return -EINVAL;
1645 
1646 
1647 	ci->ep0out->ep.desc = &ctrl_endpt_out_desc;
1648 	retval = usb_ep_enable(&ci->ep0out->ep);
1649 	if (retval)
1650 		return retval;
1651 
1652 	ci->ep0in->ep.desc = &ctrl_endpt_in_desc;
1653 	retval = usb_ep_enable(&ci->ep0in->ep);
1654 	if (retval)
1655 		return retval;
1656 
1657 	ci->driver = driver;
1658 
1659 	/* Start otg fsm for B-device */
1660 	if (ci_otg_is_fsm_mode(ci) && ci->fsm.id) {
1661 		ci_hdrc_otg_fsm_start(ci);
1662 		return retval;
1663 	}
1664 
1665 	pm_runtime_get_sync(&ci->gadget.dev);
1666 	if (ci->vbus_active) {
1667 		spin_lock_irqsave(&ci->lock, flags);
1668 		hw_device_reset(ci, USBMODE_CM_DC);
1669 	} else {
1670 		pm_runtime_put_sync(&ci->gadget.dev);
1671 		return retval;
1672 	}
1673 
1674 	retval = hw_device_state(ci, ci->ep0out->qh.dma);
1675 	spin_unlock_irqrestore(&ci->lock, flags);
1676 	if (retval)
1677 		pm_runtime_put_sync(&ci->gadget.dev);
1678 
1679 	return retval;
1680 }
1681 
1682 /**
1683  * ci_udc_stop: unregister a gadget driver
1684  */
1685 static int ci_udc_stop(struct usb_gadget *gadget,
1686 			struct usb_gadget_driver *driver)
1687 {
1688 	struct ci_hdrc *ci = container_of(gadget, struct ci_hdrc, gadget);
1689 	unsigned long flags;
1690 
1691 	spin_lock_irqsave(&ci->lock, flags);
1692 
1693 	if (ci->vbus_active) {
1694 		hw_device_state(ci, 0);
1695 		if (ci->platdata->notify_event)
1696 			ci->platdata->notify_event(ci,
1697 			CI_HDRC_CONTROLLER_STOPPED_EVENT);
1698 		spin_unlock_irqrestore(&ci->lock, flags);
1699 		_gadget_stop_activity(&ci->gadget);
1700 		spin_lock_irqsave(&ci->lock, flags);
1701 		pm_runtime_put(&ci->gadget.dev);
1702 	}
1703 
1704 	ci->driver = NULL;
1705 	spin_unlock_irqrestore(&ci->lock, flags);
1706 
1707 	return 0;
1708 }
1709 
1710 /******************************************************************************
1711  * BUS block
1712  *****************************************************************************/
1713 /**
1714  * udc_irq: ci interrupt handler
1715  *
1716  * This function returns IRQ_HANDLED if the IRQ has been handled
1717  * It locks access to registers
1718  */
1719 static irqreturn_t udc_irq(struct ci_hdrc *ci)
1720 {
1721 	irqreturn_t retval;
1722 	u32 intr;
1723 
1724 	if (ci == NULL)
1725 		return IRQ_HANDLED;
1726 
1727 	spin_lock(&ci->lock);
1728 
1729 	if (ci->platdata->flags & CI_HDRC_REGS_SHARED) {
1730 		if (hw_read(ci, OP_USBMODE, USBMODE_CM) !=
1731 				USBMODE_CM_DC) {
1732 			spin_unlock(&ci->lock);
1733 			return IRQ_NONE;
1734 		}
1735 	}
1736 	intr = hw_test_and_clear_intr_active(ci);
1737 
1738 	if (intr) {
1739 		/* order defines priority - do NOT change it */
1740 		if (USBi_URI & intr)
1741 			isr_reset_handler(ci);
1742 
1743 		if (USBi_PCI & intr) {
1744 			ci->gadget.speed = hw_port_is_high_speed(ci) ?
1745 				USB_SPEED_HIGH : USB_SPEED_FULL;
1746 			if (ci->suspended && ci->driver->resume) {
1747 				spin_unlock(&ci->lock);
1748 				ci->driver->resume(&ci->gadget);
1749 				spin_lock(&ci->lock);
1750 				ci->suspended = 0;
1751 			}
1752 		}
1753 
1754 		if (USBi_UI  & intr)
1755 			isr_tr_complete_handler(ci);
1756 
1757 		if (USBi_SLI & intr) {
1758 			if (ci->gadget.speed != USB_SPEED_UNKNOWN &&
1759 			    ci->driver->suspend) {
1760 				ci->suspended = 1;
1761 				spin_unlock(&ci->lock);
1762 				ci->driver->suspend(&ci->gadget);
1763 				usb_gadget_set_state(&ci->gadget,
1764 						USB_STATE_SUSPENDED);
1765 				spin_lock(&ci->lock);
1766 			}
1767 		}
1768 		retval = IRQ_HANDLED;
1769 	} else {
1770 		retval = IRQ_NONE;
1771 	}
1772 	spin_unlock(&ci->lock);
1773 
1774 	return retval;
1775 }
1776 
1777 /**
1778  * udc_start: initialize gadget role
1779  * @ci: chipidea controller
1780  */
1781 static int udc_start(struct ci_hdrc *ci)
1782 {
1783 	struct device *dev = ci->dev;
1784 	int retval = 0;
1785 
1786 	spin_lock_init(&ci->lock);
1787 
1788 	ci->gadget.ops          = &usb_gadget_ops;
1789 	ci->gadget.speed        = USB_SPEED_UNKNOWN;
1790 	ci->gadget.max_speed    = USB_SPEED_HIGH;
1791 	ci->gadget.is_otg       = ci->is_otg ? 1 : 0;
1792 	ci->gadget.name         = ci->platdata->name;
1793 
1794 	INIT_LIST_HEAD(&ci->gadget.ep_list);
1795 
1796 	/* alloc resources */
1797 	ci->qh_pool = dma_pool_create("ci_hw_qh", dev,
1798 				       sizeof(struct ci_hw_qh),
1799 				       64, CI_HDRC_PAGE_SIZE);
1800 	if (ci->qh_pool == NULL)
1801 		return -ENOMEM;
1802 
1803 	ci->td_pool = dma_pool_create("ci_hw_td", dev,
1804 				       sizeof(struct ci_hw_td),
1805 				       64, CI_HDRC_PAGE_SIZE);
1806 	if (ci->td_pool == NULL) {
1807 		retval = -ENOMEM;
1808 		goto free_qh_pool;
1809 	}
1810 
1811 	retval = init_eps(ci);
1812 	if (retval)
1813 		goto free_pools;
1814 
1815 	ci->gadget.ep0 = &ci->ep0in->ep;
1816 
1817 	retval = usb_add_gadget_udc(dev, &ci->gadget);
1818 	if (retval)
1819 		goto destroy_eps;
1820 
1821 	pm_runtime_no_callbacks(&ci->gadget.dev);
1822 	pm_runtime_enable(&ci->gadget.dev);
1823 
1824 	return retval;
1825 
1826 destroy_eps:
1827 	destroy_eps(ci);
1828 free_pools:
1829 	dma_pool_destroy(ci->td_pool);
1830 free_qh_pool:
1831 	dma_pool_destroy(ci->qh_pool);
1832 	return retval;
1833 }
1834 
1835 /**
1836  * ci_hdrc_gadget_destroy: parent remove must call this to remove UDC
1837  *
1838  * No interrupts active, the IRQ has been released
1839  */
1840 void ci_hdrc_gadget_destroy(struct ci_hdrc *ci)
1841 {
1842 	if (!ci->roles[CI_ROLE_GADGET])
1843 		return;
1844 
1845 	usb_del_gadget_udc(&ci->gadget);
1846 
1847 	destroy_eps(ci);
1848 
1849 	dma_pool_destroy(ci->td_pool);
1850 	dma_pool_destroy(ci->qh_pool);
1851 }
1852 
1853 static int udc_id_switch_for_device(struct ci_hdrc *ci)
1854 {
1855 	if (ci->is_otg)
1856 		/* Clear and enable BSV irq */
1857 		hw_write_otgsc(ci, OTGSC_BSVIS | OTGSC_BSVIE,
1858 					OTGSC_BSVIS | OTGSC_BSVIE);
1859 
1860 	return 0;
1861 }
1862 
1863 static void udc_id_switch_for_host(struct ci_hdrc *ci)
1864 {
1865 	/*
1866 	 * host doesn't care B_SESSION_VALID event
1867 	 * so clear and disbale BSV irq
1868 	 */
1869 	if (ci->is_otg)
1870 		hw_write_otgsc(ci, OTGSC_BSVIE | OTGSC_BSVIS, OTGSC_BSVIS);
1871 }
1872 
1873 /**
1874  * ci_hdrc_gadget_init - initialize device related bits
1875  * ci: the controller
1876  *
1877  * This function initializes the gadget, if the device is "device capable".
1878  */
1879 int ci_hdrc_gadget_init(struct ci_hdrc *ci)
1880 {
1881 	struct ci_role_driver *rdrv;
1882 
1883 	if (!hw_read(ci, CAP_DCCPARAMS, DCCPARAMS_DC))
1884 		return -ENXIO;
1885 
1886 	rdrv = devm_kzalloc(ci->dev, sizeof(struct ci_role_driver), GFP_KERNEL);
1887 	if (!rdrv)
1888 		return -ENOMEM;
1889 
1890 	rdrv->start	= udc_id_switch_for_device;
1891 	rdrv->stop	= udc_id_switch_for_host;
1892 	rdrv->irq	= udc_irq;
1893 	rdrv->name	= "gadget";
1894 	ci->roles[CI_ROLE_GADGET] = rdrv;
1895 
1896 	return udc_start(ci);
1897 }
1898