xref: /linux/drivers/usb/fotg210/fotg210-hcd.c (revision eb01fe7abbe2d0b38824d2a93fdb4cc3eaf2ccc1)
1 // SPDX-License-Identifier: GPL-2.0+
2 /* Faraday FOTG210 EHCI-like driver
3  *
4  * Copyright (c) 2013 Faraday Technology Corporation
5  *
6  * Author: Yuan-Hsin Chen <yhchen@faraday-tech.com>
7  *	   Feng-Hsin Chiang <john453@faraday-tech.com>
8  *	   Po-Yu Chuang <ratbert.chuang@gmail.com>
9  *
10  * Most of code borrowed from the Linux-3.7 EHCI driver
11  */
12 #include <linux/module.h>
13 #include <linux/of.h>
14 #include <linux/device.h>
15 #include <linux/dmapool.h>
16 #include <linux/kernel.h>
17 #include <linux/delay.h>
18 #include <linux/ioport.h>
19 #include <linux/sched.h>
20 #include <linux/vmalloc.h>
21 #include <linux/errno.h>
22 #include <linux/init.h>
23 #include <linux/hrtimer.h>
24 #include <linux/list.h>
25 #include <linux/interrupt.h>
26 #include <linux/usb.h>
27 #include <linux/usb/hcd.h>
28 #include <linux/moduleparam.h>
29 #include <linux/dma-mapping.h>
30 #include <linux/debugfs.h>
31 #include <linux/slab.h>
32 #include <linux/uaccess.h>
33 #include <linux/platform_device.h>
34 #include <linux/io.h>
35 #include <linux/iopoll.h>
36 
37 #include <asm/byteorder.h>
38 #include <asm/irq.h>
39 #include <asm/unaligned.h>
40 
41 #include "fotg210.h"
42 
43 static const char hcd_name[] = "fotg210_hcd";
44 
45 #undef FOTG210_URB_TRACE
46 #define FOTG210_STATS
47 
48 /* magic numbers that can affect system performance */
49 #define FOTG210_TUNE_CERR	3 /* 0-3 qtd retries; 0 == don't stop */
50 #define FOTG210_TUNE_RL_HS	4 /* nak throttle; see 4.9 */
51 #define FOTG210_TUNE_RL_TT	0
52 #define FOTG210_TUNE_MULT_HS	1 /* 1-3 transactions/uframe; 4.10.3 */
53 #define FOTG210_TUNE_MULT_TT	1
54 
55 /* Some drivers think it's safe to schedule isochronous transfers more than 256
56  * ms into the future (partly as a result of an old bug in the scheduling
57  * code).  In an attempt to avoid trouble, we will use a minimum scheduling
58  * length of 512 frames instead of 256.
59  */
60 #define FOTG210_TUNE_FLS 1 /* (medium) 512-frame schedule */
61 
62 /* Initial IRQ latency:  faster than hw default */
63 static int log2_irq_thresh; /* 0 to 6 */
64 module_param(log2_irq_thresh, int, S_IRUGO);
65 MODULE_PARM_DESC(log2_irq_thresh, "log2 IRQ latency, 1-64 microframes");
66 
67 /* initial park setting:  slower than hw default */
68 static unsigned park;
69 module_param(park, uint, S_IRUGO);
70 MODULE_PARM_DESC(park, "park setting; 1-3 back-to-back async packets");
71 
72 /* for link power management(LPM) feature */
73 static unsigned int hird;
74 module_param(hird, int, S_IRUGO);
75 MODULE_PARM_DESC(hird, "host initiated resume duration, +1 for each 75us");
76 
77 #define INTR_MASK (STS_IAA | STS_FATAL | STS_PCD | STS_ERR | STS_INT)
78 
79 #include "fotg210-hcd.h"
80 
81 #define fotg210_dbg(fotg210, fmt, args...) \
82 	dev_dbg(fotg210_to_hcd(fotg210)->self.controller, fmt, ## args)
83 #define fotg210_err(fotg210, fmt, args...) \
84 	dev_err(fotg210_to_hcd(fotg210)->self.controller, fmt, ## args)
85 #define fotg210_info(fotg210, fmt, args...) \
86 	dev_info(fotg210_to_hcd(fotg210)->self.controller, fmt, ## args)
87 #define fotg210_warn(fotg210, fmt, args...) \
88 	dev_warn(fotg210_to_hcd(fotg210)->self.controller, fmt, ## args)
89 
90 /* check the values in the HCSPARAMS register (host controller _Structural_
91  * parameters) see EHCI spec, Table 2-4 for each value
92  */
93 static void dbg_hcs_params(struct fotg210_hcd *fotg210, char *label)
94 {
95 	u32 params = fotg210_readl(fotg210, &fotg210->caps->hcs_params);
96 
97 	fotg210_dbg(fotg210, "%s hcs_params 0x%x ports=%d\n", label, params,
98 			HCS_N_PORTS(params));
99 }
100 
101 /* check the values in the HCCPARAMS register (host controller _Capability_
102  * parameters) see EHCI Spec, Table 2-5 for each value
103  */
104 static void dbg_hcc_params(struct fotg210_hcd *fotg210, char *label)
105 {
106 	u32 params = fotg210_readl(fotg210, &fotg210->caps->hcc_params);
107 
108 	fotg210_dbg(fotg210, "%s hcc_params %04x uframes %s%s\n", label,
109 			params,
110 			HCC_PGM_FRAMELISTLEN(params) ? "256/512/1024" : "1024",
111 			HCC_CANPARK(params) ? " park" : "");
112 }
113 
114 static void __maybe_unused
115 dbg_qtd(const char *label, struct fotg210_hcd *fotg210, struct fotg210_qtd *qtd)
116 {
117 	fotg210_dbg(fotg210, "%s td %p n%08x %08x t%08x p0=%08x\n", label, qtd,
118 			hc32_to_cpup(fotg210, &qtd->hw_next),
119 			hc32_to_cpup(fotg210, &qtd->hw_alt_next),
120 			hc32_to_cpup(fotg210, &qtd->hw_token),
121 			hc32_to_cpup(fotg210, &qtd->hw_buf[0]));
122 	if (qtd->hw_buf[1])
123 		fotg210_dbg(fotg210, "  p1=%08x p2=%08x p3=%08x p4=%08x\n",
124 				hc32_to_cpup(fotg210, &qtd->hw_buf[1]),
125 				hc32_to_cpup(fotg210, &qtd->hw_buf[2]),
126 				hc32_to_cpup(fotg210, &qtd->hw_buf[3]),
127 				hc32_to_cpup(fotg210, &qtd->hw_buf[4]));
128 }
129 
130 static void __maybe_unused
131 dbg_qh(const char *label, struct fotg210_hcd *fotg210, struct fotg210_qh *qh)
132 {
133 	struct fotg210_qh_hw *hw = qh->hw;
134 
135 	fotg210_dbg(fotg210, "%s qh %p n%08x info %x %x qtd %x\n", label, qh,
136 			hw->hw_next, hw->hw_info1, hw->hw_info2,
137 			hw->hw_current);
138 
139 	dbg_qtd("overlay", fotg210, (struct fotg210_qtd *) &hw->hw_qtd_next);
140 }
141 
142 static void __maybe_unused
143 dbg_itd(const char *label, struct fotg210_hcd *fotg210, struct fotg210_itd *itd)
144 {
145 	fotg210_dbg(fotg210, "%s[%d] itd %p, next %08x, urb %p\n", label,
146 			itd->frame, itd, hc32_to_cpu(fotg210, itd->hw_next),
147 			itd->urb);
148 
149 	fotg210_dbg(fotg210,
150 			"  trans: %08x %08x %08x %08x %08x %08x %08x %08x\n",
151 			hc32_to_cpu(fotg210, itd->hw_transaction[0]),
152 			hc32_to_cpu(fotg210, itd->hw_transaction[1]),
153 			hc32_to_cpu(fotg210, itd->hw_transaction[2]),
154 			hc32_to_cpu(fotg210, itd->hw_transaction[3]),
155 			hc32_to_cpu(fotg210, itd->hw_transaction[4]),
156 			hc32_to_cpu(fotg210, itd->hw_transaction[5]),
157 			hc32_to_cpu(fotg210, itd->hw_transaction[6]),
158 			hc32_to_cpu(fotg210, itd->hw_transaction[7]));
159 
160 	fotg210_dbg(fotg210,
161 			"  buf:   %08x %08x %08x %08x %08x %08x %08x\n",
162 			hc32_to_cpu(fotg210, itd->hw_bufp[0]),
163 			hc32_to_cpu(fotg210, itd->hw_bufp[1]),
164 			hc32_to_cpu(fotg210, itd->hw_bufp[2]),
165 			hc32_to_cpu(fotg210, itd->hw_bufp[3]),
166 			hc32_to_cpu(fotg210, itd->hw_bufp[4]),
167 			hc32_to_cpu(fotg210, itd->hw_bufp[5]),
168 			hc32_to_cpu(fotg210, itd->hw_bufp[6]));
169 
170 	fotg210_dbg(fotg210, "  index: %d %d %d %d %d %d %d %d\n",
171 			itd->index[0], itd->index[1], itd->index[2],
172 			itd->index[3], itd->index[4], itd->index[5],
173 			itd->index[6], itd->index[7]);
174 }
175 
176 static int __maybe_unused
177 dbg_status_buf(char *buf, unsigned len, const char *label, u32 status)
178 {
179 	return scnprintf(buf, len, "%s%sstatus %04x%s%s%s%s%s%s%s%s%s%s",
180 			label, label[0] ? " " : "", status,
181 			(status & STS_ASS) ? " Async" : "",
182 			(status & STS_PSS) ? " Periodic" : "",
183 			(status & STS_RECL) ? " Recl" : "",
184 			(status & STS_HALT) ? " Halt" : "",
185 			(status & STS_IAA) ? " IAA" : "",
186 			(status & STS_FATAL) ? " FATAL" : "",
187 			(status & STS_FLR) ? " FLR" : "",
188 			(status & STS_PCD) ? " PCD" : "",
189 			(status & STS_ERR) ? " ERR" : "",
190 			(status & STS_INT) ? " INT" : "");
191 }
192 
193 static int __maybe_unused
194 dbg_intr_buf(char *buf, unsigned len, const char *label, u32 enable)
195 {
196 	return scnprintf(buf, len, "%s%sintrenable %02x%s%s%s%s%s%s",
197 			label, label[0] ? " " : "", enable,
198 			(enable & STS_IAA) ? " IAA" : "",
199 			(enable & STS_FATAL) ? " FATAL" : "",
200 			(enable & STS_FLR) ? " FLR" : "",
201 			(enable & STS_PCD) ? " PCD" : "",
202 			(enable & STS_ERR) ? " ERR" : "",
203 			(enable & STS_INT) ? " INT" : "");
204 }
205 
206 static const char *const fls_strings[] = { "1024", "512", "256", "??" };
207 
208 static int dbg_command_buf(char *buf, unsigned len, const char *label,
209 		u32 command)
210 {
211 	return scnprintf(buf, len,
212 			"%s%scommand %07x %s=%d ithresh=%d%s%s%s period=%s%s %s",
213 			label, label[0] ? " " : "", command,
214 			(command & CMD_PARK) ? " park" : "(park)",
215 			CMD_PARK_CNT(command),
216 			(command >> 16) & 0x3f,
217 			(command & CMD_IAAD) ? " IAAD" : "",
218 			(command & CMD_ASE) ? " Async" : "",
219 			(command & CMD_PSE) ? " Periodic" : "",
220 			fls_strings[(command >> 2) & 0x3],
221 			(command & CMD_RESET) ? " Reset" : "",
222 			(command & CMD_RUN) ? "RUN" : "HALT");
223 }
224 
225 static char *dbg_port_buf(char *buf, unsigned len, const char *label, int port,
226 		u32 status)
227 {
228 	char *sig;
229 
230 	/* signaling state */
231 	switch (status & (3 << 10)) {
232 	case 0 << 10:
233 		sig = "se0";
234 		break;
235 	case 1 << 10:
236 		sig = "k";
237 		break; /* low speed */
238 	case 2 << 10:
239 		sig = "j";
240 		break;
241 	default:
242 		sig = "?";
243 		break;
244 	}
245 
246 	scnprintf(buf, len, "%s%sport:%d status %06x %d sig=%s%s%s%s%s%s%s%s",
247 			label, label[0] ? " " : "", port, status,
248 			status >> 25, /*device address */
249 			sig,
250 			(status & PORT_RESET) ? " RESET" : "",
251 			(status & PORT_SUSPEND) ? " SUSPEND" : "",
252 			(status & PORT_RESUME) ? " RESUME" : "",
253 			(status & PORT_PEC) ? " PEC" : "",
254 			(status & PORT_PE) ? " PE" : "",
255 			(status & PORT_CSC) ? " CSC" : "",
256 			(status & PORT_CONNECT) ? " CONNECT" : "");
257 
258 	return buf;
259 }
260 
261 /* functions have the "wrong" filename when they're output... */
262 #define dbg_status(fotg210, label, status) {			\
263 	char _buf[80];						\
264 	dbg_status_buf(_buf, sizeof(_buf), label, status);	\
265 	fotg210_dbg(fotg210, "%s\n", _buf);			\
266 }
267 
268 #define dbg_cmd(fotg210, label, command) {			\
269 	char _buf[80];						\
270 	dbg_command_buf(_buf, sizeof(_buf), label, command);	\
271 	fotg210_dbg(fotg210, "%s\n", _buf);			\
272 }
273 
274 #define dbg_port(fotg210, label, port, status) {			       \
275 	char _buf[80];							       \
276 	fotg210_dbg(fotg210, "%s\n",					       \
277 			dbg_port_buf(_buf, sizeof(_buf), label, port, status));\
278 }
279 
280 /* troubleshooting help: expose state in debugfs */
281 static int debug_async_open(struct inode *, struct file *);
282 static int debug_periodic_open(struct inode *, struct file *);
283 static int debug_registers_open(struct inode *, struct file *);
284 static int debug_async_open(struct inode *, struct file *);
285 
286 static ssize_t debug_output(struct file*, char __user*, size_t, loff_t*);
287 static int debug_close(struct inode *, struct file *);
288 
289 static const struct file_operations debug_async_fops = {
290 	.owner		= THIS_MODULE,
291 	.open		= debug_async_open,
292 	.read		= debug_output,
293 	.release	= debug_close,
294 	.llseek		= default_llseek,
295 };
296 static const struct file_operations debug_periodic_fops = {
297 	.owner		= THIS_MODULE,
298 	.open		= debug_periodic_open,
299 	.read		= debug_output,
300 	.release	= debug_close,
301 	.llseek		= default_llseek,
302 };
303 static const struct file_operations debug_registers_fops = {
304 	.owner		= THIS_MODULE,
305 	.open		= debug_registers_open,
306 	.read		= debug_output,
307 	.release	= debug_close,
308 	.llseek		= default_llseek,
309 };
310 
311 static struct dentry *fotg210_debug_root;
312 
313 struct debug_buffer {
314 	ssize_t (*fill_func)(struct debug_buffer *);	/* fill method */
315 	struct usb_bus *bus;
316 	struct mutex mutex;	/* protect filling of buffer */
317 	size_t count;		/* number of characters filled into buffer */
318 	char *output_buf;
319 	size_t alloc_size;
320 };
321 
322 static inline char speed_char(u32 scratch)
323 {
324 	switch (scratch & (3 << 12)) {
325 	case QH_FULL_SPEED:
326 		return 'f';
327 
328 	case QH_LOW_SPEED:
329 		return 'l';
330 
331 	case QH_HIGH_SPEED:
332 		return 'h';
333 
334 	default:
335 		return '?';
336 	}
337 }
338 
339 static inline char token_mark(struct fotg210_hcd *fotg210, __hc32 token)
340 {
341 	__u32 v = hc32_to_cpu(fotg210, token);
342 
343 	if (v & QTD_STS_ACTIVE)
344 		return '*';
345 	if (v & QTD_STS_HALT)
346 		return '-';
347 	if (!IS_SHORT_READ(v))
348 		return ' ';
349 	/* tries to advance through hw_alt_next */
350 	return '/';
351 }
352 
353 static void qh_lines(struct fotg210_hcd *fotg210, struct fotg210_qh *qh,
354 		char **nextp, unsigned *sizep)
355 {
356 	u32 scratch;
357 	u32 hw_curr;
358 	struct fotg210_qtd *td;
359 	unsigned temp;
360 	unsigned size = *sizep;
361 	char *next = *nextp;
362 	char mark;
363 	__le32 list_end = FOTG210_LIST_END(fotg210);
364 	struct fotg210_qh_hw *hw = qh->hw;
365 
366 	if (hw->hw_qtd_next == list_end) /* NEC does this */
367 		mark = '@';
368 	else
369 		mark = token_mark(fotg210, hw->hw_token);
370 	if (mark == '/') { /* qh_alt_next controls qh advance? */
371 		if ((hw->hw_alt_next & QTD_MASK(fotg210)) ==
372 		    fotg210->async->hw->hw_alt_next)
373 			mark = '#'; /* blocked */
374 		else if (hw->hw_alt_next == list_end)
375 			mark = '.'; /* use hw_qtd_next */
376 		/* else alt_next points to some other qtd */
377 	}
378 	scratch = hc32_to_cpup(fotg210, &hw->hw_info1);
379 	hw_curr = (mark == '*') ? hc32_to_cpup(fotg210, &hw->hw_current) : 0;
380 	temp = scnprintf(next, size,
381 			"qh/%p dev%d %cs ep%d %08x %08x(%08x%c %s nak%d)",
382 			qh, scratch & 0x007f,
383 			speed_char(scratch),
384 			(scratch >> 8) & 0x000f,
385 			scratch, hc32_to_cpup(fotg210, &hw->hw_info2),
386 			hc32_to_cpup(fotg210, &hw->hw_token), mark,
387 			(cpu_to_hc32(fotg210, QTD_TOGGLE) & hw->hw_token)
388 				? "data1" : "data0",
389 			(hc32_to_cpup(fotg210, &hw->hw_alt_next) >> 1) & 0x0f);
390 	size -= temp;
391 	next += temp;
392 
393 	/* hc may be modifying the list as we read it ... */
394 	list_for_each_entry(td, &qh->qtd_list, qtd_list) {
395 		scratch = hc32_to_cpup(fotg210, &td->hw_token);
396 		mark = ' ';
397 		if (hw_curr == td->qtd_dma)
398 			mark = '*';
399 		else if (hw->hw_qtd_next == cpu_to_hc32(fotg210, td->qtd_dma))
400 			mark = '+';
401 		else if (QTD_LENGTH(scratch)) {
402 			if (td->hw_alt_next == fotg210->async->hw->hw_alt_next)
403 				mark = '#';
404 			else if (td->hw_alt_next != list_end)
405 				mark = '/';
406 		}
407 		temp = scnprintf(next, size,
408 				 "\n\t%p%c%s len=%d %08x urb %p",
409 				 td, mark, ({ char *tmp;
410 				switch ((scratch>>8)&0x03) {
411 				case 0:
412 					tmp = "out";
413 					break;
414 				case 1:
415 					tmp = "in";
416 					break;
417 				case 2:
418 					tmp = "setup";
419 					break;
420 				default:
421 					tmp = "?";
422 					break;
423 				 } tmp; }),
424 				(scratch >> 16) & 0x7fff,
425 				scratch,
426 				td->urb);
427 		size -= temp;
428 		next += temp;
429 	}
430 
431 	temp = scnprintf(next, size, "\n");
432 
433 	size -= temp;
434 	next += temp;
435 
436 	*sizep = size;
437 	*nextp = next;
438 }
439 
440 static ssize_t fill_async_buffer(struct debug_buffer *buf)
441 {
442 	struct usb_hcd *hcd;
443 	struct fotg210_hcd *fotg210;
444 	unsigned long flags;
445 	unsigned temp, size;
446 	char *next;
447 	struct fotg210_qh *qh;
448 
449 	hcd = bus_to_hcd(buf->bus);
450 	fotg210 = hcd_to_fotg210(hcd);
451 	next = buf->output_buf;
452 	size = buf->alloc_size;
453 
454 	*next = 0;
455 
456 	/* dumps a snapshot of the async schedule.
457 	 * usually empty except for long-term bulk reads, or head.
458 	 * one QH per line, and TDs we know about
459 	 */
460 	spin_lock_irqsave(&fotg210->lock, flags);
461 	for (qh = fotg210->async->qh_next.qh; size > 0 && qh;
462 			qh = qh->qh_next.qh)
463 		qh_lines(fotg210, qh, &next, &size);
464 	if (fotg210->async_unlink && size > 0) {
465 		temp = scnprintf(next, size, "\nunlink =\n");
466 		size -= temp;
467 		next += temp;
468 
469 		for (qh = fotg210->async_unlink; size > 0 && qh;
470 				qh = qh->unlink_next)
471 			qh_lines(fotg210, qh, &next, &size);
472 	}
473 	spin_unlock_irqrestore(&fotg210->lock, flags);
474 
475 	return strlen(buf->output_buf);
476 }
477 
478 /* count tds, get ep direction */
479 static unsigned output_buf_tds_dir(char *buf, struct fotg210_hcd *fotg210,
480 		struct fotg210_qh_hw *hw, struct fotg210_qh *qh, unsigned size)
481 {
482 	u32 scratch = hc32_to_cpup(fotg210, &hw->hw_info1);
483 	struct fotg210_qtd *qtd;
484 	char *type = "";
485 	unsigned temp = 0;
486 
487 	/* count tds, get ep direction */
488 	list_for_each_entry(qtd, &qh->qtd_list, qtd_list) {
489 		temp++;
490 		switch ((hc32_to_cpu(fotg210, qtd->hw_token) >> 8) & 0x03) {
491 		case 0:
492 			type = "out";
493 			continue;
494 		case 1:
495 			type = "in";
496 			continue;
497 		}
498 	}
499 
500 	return scnprintf(buf, size, "(%c%d ep%d%s [%d/%d] q%d p%d)",
501 			speed_char(scratch), scratch & 0x007f,
502 			(scratch >> 8) & 0x000f, type, qh->usecs,
503 			qh->c_usecs, temp, (scratch >> 16) & 0x7ff);
504 }
505 
506 #define DBG_SCHED_LIMIT 64
507 static ssize_t fill_periodic_buffer(struct debug_buffer *buf)
508 {
509 	struct usb_hcd *hcd;
510 	struct fotg210_hcd *fotg210;
511 	unsigned long flags;
512 	union fotg210_shadow p, *seen;
513 	unsigned temp, size, seen_count;
514 	char *next;
515 	unsigned i;
516 	__hc32 tag;
517 
518 	seen = kmalloc_array(DBG_SCHED_LIMIT, sizeof(*seen), GFP_ATOMIC);
519 	if (!seen)
520 		return 0;
521 
522 	seen_count = 0;
523 
524 	hcd = bus_to_hcd(buf->bus);
525 	fotg210 = hcd_to_fotg210(hcd);
526 	next = buf->output_buf;
527 	size = buf->alloc_size;
528 
529 	temp = scnprintf(next, size, "size = %d\n", fotg210->periodic_size);
530 	size -= temp;
531 	next += temp;
532 
533 	/* dump a snapshot of the periodic schedule.
534 	 * iso changes, interrupt usually doesn't.
535 	 */
536 	spin_lock_irqsave(&fotg210->lock, flags);
537 	for (i = 0; i < fotg210->periodic_size; i++) {
538 		p = fotg210->pshadow[i];
539 		if (likely(!p.ptr))
540 			continue;
541 
542 		tag = Q_NEXT_TYPE(fotg210, fotg210->periodic[i]);
543 
544 		temp = scnprintf(next, size, "%4d: ", i);
545 		size -= temp;
546 		next += temp;
547 
548 		do {
549 			struct fotg210_qh_hw *hw;
550 
551 			switch (hc32_to_cpu(fotg210, tag)) {
552 			case Q_TYPE_QH:
553 				hw = p.qh->hw;
554 				temp = scnprintf(next, size, " qh%d-%04x/%p",
555 						p.qh->period,
556 						hc32_to_cpup(fotg210,
557 							&hw->hw_info2)
558 							/* uframe masks */
559 							& (QH_CMASK | QH_SMASK),
560 						p.qh);
561 				size -= temp;
562 				next += temp;
563 				/* don't repeat what follows this qh */
564 				for (temp = 0; temp < seen_count; temp++) {
565 					if (seen[temp].ptr != p.ptr)
566 						continue;
567 					if (p.qh->qh_next.ptr) {
568 						temp = scnprintf(next, size,
569 								" ...");
570 						size -= temp;
571 						next += temp;
572 					}
573 					break;
574 				}
575 				/* show more info the first time around */
576 				if (temp == seen_count) {
577 					temp = output_buf_tds_dir(next,
578 							fotg210, hw,
579 							p.qh, size);
580 
581 					if (seen_count < DBG_SCHED_LIMIT)
582 						seen[seen_count++].qh = p.qh;
583 				} else
584 					temp = 0;
585 				tag = Q_NEXT_TYPE(fotg210, hw->hw_next);
586 				p = p.qh->qh_next;
587 				break;
588 			case Q_TYPE_FSTN:
589 				temp = scnprintf(next, size,
590 						" fstn-%8x/%p",
591 						p.fstn->hw_prev, p.fstn);
592 				tag = Q_NEXT_TYPE(fotg210, p.fstn->hw_next);
593 				p = p.fstn->fstn_next;
594 				break;
595 			case Q_TYPE_ITD:
596 				temp = scnprintf(next, size,
597 						" itd/%p", p.itd);
598 				tag = Q_NEXT_TYPE(fotg210, p.itd->hw_next);
599 				p = p.itd->itd_next;
600 				break;
601 			}
602 			size -= temp;
603 			next += temp;
604 		} while (p.ptr);
605 
606 		temp = scnprintf(next, size, "\n");
607 		size -= temp;
608 		next += temp;
609 	}
610 	spin_unlock_irqrestore(&fotg210->lock, flags);
611 	kfree(seen);
612 
613 	return buf->alloc_size - size;
614 }
615 #undef DBG_SCHED_LIMIT
616 
617 static const char *rh_state_string(struct fotg210_hcd *fotg210)
618 {
619 	switch (fotg210->rh_state) {
620 	case FOTG210_RH_HALTED:
621 		return "halted";
622 	case FOTG210_RH_SUSPENDED:
623 		return "suspended";
624 	case FOTG210_RH_RUNNING:
625 		return "running";
626 	case FOTG210_RH_STOPPING:
627 		return "stopping";
628 	}
629 	return "?";
630 }
631 
632 static ssize_t fill_registers_buffer(struct debug_buffer *buf)
633 {
634 	struct usb_hcd *hcd;
635 	struct fotg210_hcd *fotg210;
636 	unsigned long flags;
637 	unsigned temp, size, i;
638 	char *next, scratch[80];
639 	static const char fmt[] = "%*s\n";
640 	static const char label[] = "";
641 
642 	hcd = bus_to_hcd(buf->bus);
643 	fotg210 = hcd_to_fotg210(hcd);
644 	next = buf->output_buf;
645 	size = buf->alloc_size;
646 
647 	spin_lock_irqsave(&fotg210->lock, flags);
648 
649 	if (!HCD_HW_ACCESSIBLE(hcd)) {
650 		size = scnprintf(next, size,
651 				"bus %s, device %s\n"
652 				"%s\n"
653 				"SUSPENDED(no register access)\n",
654 				hcd->self.controller->bus->name,
655 				dev_name(hcd->self.controller),
656 				hcd->product_desc);
657 		goto done;
658 	}
659 
660 	/* Capability Registers */
661 	i = HC_VERSION(fotg210, fotg210_readl(fotg210,
662 			&fotg210->caps->hc_capbase));
663 	temp = scnprintf(next, size,
664 			"bus %s, device %s\n"
665 			"%s\n"
666 			"EHCI %x.%02x, rh state %s\n",
667 			hcd->self.controller->bus->name,
668 			dev_name(hcd->self.controller),
669 			hcd->product_desc,
670 			i >> 8, i & 0x0ff, rh_state_string(fotg210));
671 	size -= temp;
672 	next += temp;
673 
674 	/* FIXME interpret both types of params */
675 	i = fotg210_readl(fotg210, &fotg210->caps->hcs_params);
676 	temp = scnprintf(next, size, "structural params 0x%08x\n", i);
677 	size -= temp;
678 	next += temp;
679 
680 	i = fotg210_readl(fotg210, &fotg210->caps->hcc_params);
681 	temp = scnprintf(next, size, "capability params 0x%08x\n", i);
682 	size -= temp;
683 	next += temp;
684 
685 	/* Operational Registers */
686 	temp = dbg_status_buf(scratch, sizeof(scratch), label,
687 			fotg210_readl(fotg210, &fotg210->regs->status));
688 	temp = scnprintf(next, size, fmt, temp, scratch);
689 	size -= temp;
690 	next += temp;
691 
692 	temp = dbg_command_buf(scratch, sizeof(scratch), label,
693 			fotg210_readl(fotg210, &fotg210->regs->command));
694 	temp = scnprintf(next, size, fmt, temp, scratch);
695 	size -= temp;
696 	next += temp;
697 
698 	temp = dbg_intr_buf(scratch, sizeof(scratch), label,
699 			fotg210_readl(fotg210, &fotg210->regs->intr_enable));
700 	temp = scnprintf(next, size, fmt, temp, scratch);
701 	size -= temp;
702 	next += temp;
703 
704 	temp = scnprintf(next, size, "uframe %04x\n",
705 			fotg210_read_frame_index(fotg210));
706 	size -= temp;
707 	next += temp;
708 
709 	if (fotg210->async_unlink) {
710 		temp = scnprintf(next, size, "async unlink qh %p\n",
711 				fotg210->async_unlink);
712 		size -= temp;
713 		next += temp;
714 	}
715 
716 #ifdef FOTG210_STATS
717 	temp = scnprintf(next, size,
718 			"irq normal %ld err %ld iaa %ld(lost %ld)\n",
719 			fotg210->stats.normal, fotg210->stats.error,
720 			fotg210->stats.iaa, fotg210->stats.lost_iaa);
721 	size -= temp;
722 	next += temp;
723 
724 	temp = scnprintf(next, size, "complete %ld unlink %ld\n",
725 			fotg210->stats.complete, fotg210->stats.unlink);
726 	size -= temp;
727 	next += temp;
728 #endif
729 
730 done:
731 	spin_unlock_irqrestore(&fotg210->lock, flags);
732 
733 	return buf->alloc_size - size;
734 }
735 
736 static struct debug_buffer
737 *alloc_buffer(struct usb_bus *bus, ssize_t (*fill_func)(struct debug_buffer *))
738 {
739 	struct debug_buffer *buf;
740 
741 	buf = kzalloc(sizeof(struct debug_buffer), GFP_KERNEL);
742 
743 	if (buf) {
744 		buf->bus = bus;
745 		buf->fill_func = fill_func;
746 		mutex_init(&buf->mutex);
747 		buf->alloc_size = PAGE_SIZE;
748 	}
749 
750 	return buf;
751 }
752 
753 static int fill_buffer(struct debug_buffer *buf)
754 {
755 	int ret = 0;
756 
757 	if (!buf->output_buf)
758 		buf->output_buf = vmalloc(buf->alloc_size);
759 
760 	if (!buf->output_buf) {
761 		ret = -ENOMEM;
762 		goto out;
763 	}
764 
765 	ret = buf->fill_func(buf);
766 
767 	if (ret >= 0) {
768 		buf->count = ret;
769 		ret = 0;
770 	}
771 
772 out:
773 	return ret;
774 }
775 
776 static ssize_t debug_output(struct file *file, char __user *user_buf,
777 		size_t len, loff_t *offset)
778 {
779 	struct debug_buffer *buf = file->private_data;
780 	int ret = 0;
781 
782 	mutex_lock(&buf->mutex);
783 	if (buf->count == 0) {
784 		ret = fill_buffer(buf);
785 		if (ret != 0) {
786 			mutex_unlock(&buf->mutex);
787 			goto out;
788 		}
789 	}
790 	mutex_unlock(&buf->mutex);
791 
792 	ret = simple_read_from_buffer(user_buf, len, offset,
793 			buf->output_buf, buf->count);
794 
795 out:
796 	return ret;
797 
798 }
799 
800 static int debug_close(struct inode *inode, struct file *file)
801 {
802 	struct debug_buffer *buf = file->private_data;
803 
804 	if (buf) {
805 		vfree(buf->output_buf);
806 		kfree(buf);
807 	}
808 
809 	return 0;
810 }
811 static int debug_async_open(struct inode *inode, struct file *file)
812 {
813 	file->private_data = alloc_buffer(inode->i_private, fill_async_buffer);
814 
815 	return file->private_data ? 0 : -ENOMEM;
816 }
817 
818 static int debug_periodic_open(struct inode *inode, struct file *file)
819 {
820 	struct debug_buffer *buf;
821 
822 	buf = alloc_buffer(inode->i_private, fill_periodic_buffer);
823 	if (!buf)
824 		return -ENOMEM;
825 
826 	buf->alloc_size = (sizeof(void *) == 4 ? 6 : 8)*PAGE_SIZE;
827 	file->private_data = buf;
828 	return 0;
829 }
830 
831 static int debug_registers_open(struct inode *inode, struct file *file)
832 {
833 	file->private_data = alloc_buffer(inode->i_private,
834 			fill_registers_buffer);
835 
836 	return file->private_data ? 0 : -ENOMEM;
837 }
838 
839 static inline void create_debug_files(struct fotg210_hcd *fotg210)
840 {
841 	struct usb_bus *bus = &fotg210_to_hcd(fotg210)->self;
842 	struct dentry *root;
843 
844 	root = debugfs_create_dir(bus->bus_name, fotg210_debug_root);
845 
846 	debugfs_create_file("async", S_IRUGO, root, bus, &debug_async_fops);
847 	debugfs_create_file("periodic", S_IRUGO, root, bus,
848 			    &debug_periodic_fops);
849 	debugfs_create_file("registers", S_IRUGO, root, bus,
850 			    &debug_registers_fops);
851 }
852 
853 static inline void remove_debug_files(struct fotg210_hcd *fotg210)
854 {
855 	struct usb_bus *bus = &fotg210_to_hcd(fotg210)->self;
856 
857 	debugfs_lookup_and_remove(bus->bus_name, fotg210_debug_root);
858 }
859 
860 /* handshake - spin reading hc until handshake completes or fails
861  * @ptr: address of hc register to be read
862  * @mask: bits to look at in result of read
863  * @done: value of those bits when handshake succeeds
864  * @usec: timeout in microseconds
865  *
866  * Returns negative errno, or zero on success
867  *
868  * Success happens when the "mask" bits have the specified value (hardware
869  * handshake done).  There are two failure modes:  "usec" have passed (major
870  * hardware flakeout), or the register reads as all-ones (hardware removed).
871  *
872  * That last failure should_only happen in cases like physical cardbus eject
873  * before driver shutdown. But it also seems to be caused by bugs in cardbus
874  * bridge shutdown:  shutting down the bridge before the devices using it.
875  */
876 static int handshake(struct fotg210_hcd *fotg210, void __iomem *ptr,
877 		u32 mask, u32 done, int usec)
878 {
879 	u32 result;
880 	int ret;
881 
882 	ret = readl_poll_timeout_atomic(ptr, result,
883 					((result & mask) == done ||
884 					 result == U32_MAX), 1, usec);
885 	if (result == U32_MAX)		/* card removed */
886 		return -ENODEV;
887 
888 	return ret;
889 }
890 
891 /* Force HC to halt state from unknown (EHCI spec section 2.3).
892  * Must be called with interrupts enabled and the lock not held.
893  */
894 static int fotg210_halt(struct fotg210_hcd *fotg210)
895 {
896 	u32 temp;
897 
898 	spin_lock_irq(&fotg210->lock);
899 
900 	/* disable any irqs left enabled by previous code */
901 	fotg210_writel(fotg210, 0, &fotg210->regs->intr_enable);
902 
903 	/*
904 	 * This routine gets called during probe before fotg210->command
905 	 * has been initialized, so we can't rely on its value.
906 	 */
907 	fotg210->command &= ~CMD_RUN;
908 	temp = fotg210_readl(fotg210, &fotg210->regs->command);
909 	temp &= ~(CMD_RUN | CMD_IAAD);
910 	fotg210_writel(fotg210, temp, &fotg210->regs->command);
911 
912 	spin_unlock_irq(&fotg210->lock);
913 	synchronize_irq(fotg210_to_hcd(fotg210)->irq);
914 
915 	return handshake(fotg210, &fotg210->regs->status,
916 			STS_HALT, STS_HALT, 16 * 125);
917 }
918 
919 /* Reset a non-running (STS_HALT == 1) controller.
920  * Must be called with interrupts enabled and the lock not held.
921  */
922 static int fotg210_reset(struct fotg210_hcd *fotg210)
923 {
924 	int retval;
925 	u32 command = fotg210_readl(fotg210, &fotg210->regs->command);
926 
927 	/* If the EHCI debug controller is active, special care must be
928 	 * taken before and after a host controller reset
929 	 */
930 	if (fotg210->debug && !dbgp_reset_prep(fotg210_to_hcd(fotg210)))
931 		fotg210->debug = NULL;
932 
933 	command |= CMD_RESET;
934 	dbg_cmd(fotg210, "reset", command);
935 	fotg210_writel(fotg210, command, &fotg210->regs->command);
936 	fotg210->rh_state = FOTG210_RH_HALTED;
937 	fotg210->next_statechange = jiffies;
938 	retval = handshake(fotg210, &fotg210->regs->command,
939 			CMD_RESET, 0, 250 * 1000);
940 
941 	if (retval)
942 		return retval;
943 
944 	if (fotg210->debug)
945 		dbgp_external_startup(fotg210_to_hcd(fotg210));
946 
947 	fotg210->port_c_suspend = fotg210->suspended_ports =
948 			fotg210->resuming_ports = 0;
949 	return retval;
950 }
951 
952 /* Idle the controller (turn off the schedules).
953  * Must be called with interrupts enabled and the lock not held.
954  */
955 static void fotg210_quiesce(struct fotg210_hcd *fotg210)
956 {
957 	u32 temp;
958 
959 	if (fotg210->rh_state != FOTG210_RH_RUNNING)
960 		return;
961 
962 	/* wait for any schedule enables/disables to take effect */
963 	temp = (fotg210->command << 10) & (STS_ASS | STS_PSS);
964 	handshake(fotg210, &fotg210->regs->status, STS_ASS | STS_PSS, temp,
965 			16 * 125);
966 
967 	/* then disable anything that's still active */
968 	spin_lock_irq(&fotg210->lock);
969 	fotg210->command &= ~(CMD_ASE | CMD_PSE);
970 	fotg210_writel(fotg210, fotg210->command, &fotg210->regs->command);
971 	spin_unlock_irq(&fotg210->lock);
972 
973 	/* hardware can take 16 microframes to turn off ... */
974 	handshake(fotg210, &fotg210->regs->status, STS_ASS | STS_PSS, 0,
975 			16 * 125);
976 }
977 
978 static void end_unlink_async(struct fotg210_hcd *fotg210);
979 static void unlink_empty_async(struct fotg210_hcd *fotg210);
980 static void fotg210_work(struct fotg210_hcd *fotg210);
981 static void start_unlink_intr(struct fotg210_hcd *fotg210,
982 			      struct fotg210_qh *qh);
983 static void end_unlink_intr(struct fotg210_hcd *fotg210, struct fotg210_qh *qh);
984 
985 /* Set a bit in the USBCMD register */
986 static void fotg210_set_command_bit(struct fotg210_hcd *fotg210, u32 bit)
987 {
988 	fotg210->command |= bit;
989 	fotg210_writel(fotg210, fotg210->command, &fotg210->regs->command);
990 
991 	/* unblock posted write */
992 	fotg210_readl(fotg210, &fotg210->regs->command);
993 }
994 
995 /* Clear a bit in the USBCMD register */
996 static void fotg210_clear_command_bit(struct fotg210_hcd *fotg210, u32 bit)
997 {
998 	fotg210->command &= ~bit;
999 	fotg210_writel(fotg210, fotg210->command, &fotg210->regs->command);
1000 
1001 	/* unblock posted write */
1002 	fotg210_readl(fotg210, &fotg210->regs->command);
1003 }
1004 
1005 /* EHCI timer support...  Now using hrtimers.
1006  *
1007  * Lots of different events are triggered from fotg210->hrtimer.  Whenever
1008  * the timer routine runs, it checks each possible event; events that are
1009  * currently enabled and whose expiration time has passed get handled.
1010  * The set of enabled events is stored as a collection of bitflags in
1011  * fotg210->enabled_hrtimer_events, and they are numbered in order of
1012  * increasing delay values (ranging between 1 ms and 100 ms).
1013  *
1014  * Rather than implementing a sorted list or tree of all pending events,
1015  * we keep track only of the lowest-numbered pending event, in
1016  * fotg210->next_hrtimer_event.  Whenever fotg210->hrtimer gets restarted, its
1017  * expiration time is set to the timeout value for this event.
1018  *
1019  * As a result, events might not get handled right away; the actual delay
1020  * could be anywhere up to twice the requested delay.  This doesn't
1021  * matter, because none of the events are especially time-critical.  The
1022  * ones that matter most all have a delay of 1 ms, so they will be
1023  * handled after 2 ms at most, which is okay.  In addition to this, we
1024  * allow for an expiration range of 1 ms.
1025  */
1026 
1027 /* Delay lengths for the hrtimer event types.
1028  * Keep this list sorted by delay length, in the same order as
1029  * the event types indexed by enum fotg210_hrtimer_event in fotg210.h.
1030  */
1031 static unsigned event_delays_ns[] = {
1032 	1 * NSEC_PER_MSEC,	/* FOTG210_HRTIMER_POLL_ASS */
1033 	1 * NSEC_PER_MSEC,	/* FOTG210_HRTIMER_POLL_PSS */
1034 	1 * NSEC_PER_MSEC,	/* FOTG210_HRTIMER_POLL_DEAD */
1035 	1125 * NSEC_PER_USEC,	/* FOTG210_HRTIMER_UNLINK_INTR */
1036 	2 * NSEC_PER_MSEC,	/* FOTG210_HRTIMER_FREE_ITDS */
1037 	6 * NSEC_PER_MSEC,	/* FOTG210_HRTIMER_ASYNC_UNLINKS */
1038 	10 * NSEC_PER_MSEC,	/* FOTG210_HRTIMER_IAA_WATCHDOG */
1039 	10 * NSEC_PER_MSEC,	/* FOTG210_HRTIMER_DISABLE_PERIODIC */
1040 	15 * NSEC_PER_MSEC,	/* FOTG210_HRTIMER_DISABLE_ASYNC */
1041 	100 * NSEC_PER_MSEC,	/* FOTG210_HRTIMER_IO_WATCHDOG */
1042 };
1043 
1044 /* Enable a pending hrtimer event */
1045 static void fotg210_enable_event(struct fotg210_hcd *fotg210, unsigned event,
1046 		bool resched)
1047 {
1048 	ktime_t *timeout = &fotg210->hr_timeouts[event];
1049 
1050 	if (resched)
1051 		*timeout = ktime_add(ktime_get(), event_delays_ns[event]);
1052 	fotg210->enabled_hrtimer_events |= (1 << event);
1053 
1054 	/* Track only the lowest-numbered pending event */
1055 	if (event < fotg210->next_hrtimer_event) {
1056 		fotg210->next_hrtimer_event = event;
1057 		hrtimer_start_range_ns(&fotg210->hrtimer, *timeout,
1058 				NSEC_PER_MSEC, HRTIMER_MODE_ABS);
1059 	}
1060 }
1061 
1062 
1063 /* Poll the STS_ASS status bit; see when it agrees with CMD_ASE */
1064 static void fotg210_poll_ASS(struct fotg210_hcd *fotg210)
1065 {
1066 	unsigned actual, want;
1067 
1068 	/* Don't enable anything if the controller isn't running (e.g., died) */
1069 	if (fotg210->rh_state != FOTG210_RH_RUNNING)
1070 		return;
1071 
1072 	want = (fotg210->command & CMD_ASE) ? STS_ASS : 0;
1073 	actual = fotg210_readl(fotg210, &fotg210->regs->status) & STS_ASS;
1074 
1075 	if (want != actual) {
1076 
1077 		/* Poll again later, but give up after about 20 ms */
1078 		if (fotg210->ASS_poll_count++ < 20) {
1079 			fotg210_enable_event(fotg210, FOTG210_HRTIMER_POLL_ASS,
1080 					true);
1081 			return;
1082 		}
1083 		fotg210_dbg(fotg210, "Waited too long for the async schedule status (%x/%x), giving up\n",
1084 				want, actual);
1085 	}
1086 	fotg210->ASS_poll_count = 0;
1087 
1088 	/* The status is up-to-date; restart or stop the schedule as needed */
1089 	if (want == 0) {	/* Stopped */
1090 		if (fotg210->async_count > 0)
1091 			fotg210_set_command_bit(fotg210, CMD_ASE);
1092 
1093 	} else {		/* Running */
1094 		if (fotg210->async_count == 0) {
1095 
1096 			/* Turn off the schedule after a while */
1097 			fotg210_enable_event(fotg210,
1098 					FOTG210_HRTIMER_DISABLE_ASYNC,
1099 					true);
1100 		}
1101 	}
1102 }
1103 
1104 /* Turn off the async schedule after a brief delay */
1105 static void fotg210_disable_ASE(struct fotg210_hcd *fotg210)
1106 {
1107 	fotg210_clear_command_bit(fotg210, CMD_ASE);
1108 }
1109 
1110 
1111 /* Poll the STS_PSS status bit; see when it agrees with CMD_PSE */
1112 static void fotg210_poll_PSS(struct fotg210_hcd *fotg210)
1113 {
1114 	unsigned actual, want;
1115 
1116 	/* Don't do anything if the controller isn't running (e.g., died) */
1117 	if (fotg210->rh_state != FOTG210_RH_RUNNING)
1118 		return;
1119 
1120 	want = (fotg210->command & CMD_PSE) ? STS_PSS : 0;
1121 	actual = fotg210_readl(fotg210, &fotg210->regs->status) & STS_PSS;
1122 
1123 	if (want != actual) {
1124 
1125 		/* Poll again later, but give up after about 20 ms */
1126 		if (fotg210->PSS_poll_count++ < 20) {
1127 			fotg210_enable_event(fotg210, FOTG210_HRTIMER_POLL_PSS,
1128 					true);
1129 			return;
1130 		}
1131 		fotg210_dbg(fotg210, "Waited too long for the periodic schedule status (%x/%x), giving up\n",
1132 				want, actual);
1133 	}
1134 	fotg210->PSS_poll_count = 0;
1135 
1136 	/* The status is up-to-date; restart or stop the schedule as needed */
1137 	if (want == 0) {	/* Stopped */
1138 		if (fotg210->periodic_count > 0)
1139 			fotg210_set_command_bit(fotg210, CMD_PSE);
1140 
1141 	} else {		/* Running */
1142 		if (fotg210->periodic_count == 0) {
1143 
1144 			/* Turn off the schedule after a while */
1145 			fotg210_enable_event(fotg210,
1146 					FOTG210_HRTIMER_DISABLE_PERIODIC,
1147 					true);
1148 		}
1149 	}
1150 }
1151 
1152 /* Turn off the periodic schedule after a brief delay */
1153 static void fotg210_disable_PSE(struct fotg210_hcd *fotg210)
1154 {
1155 	fotg210_clear_command_bit(fotg210, CMD_PSE);
1156 }
1157 
1158 
1159 /* Poll the STS_HALT status bit; see when a dead controller stops */
1160 static void fotg210_handle_controller_death(struct fotg210_hcd *fotg210)
1161 {
1162 	if (!(fotg210_readl(fotg210, &fotg210->regs->status) & STS_HALT)) {
1163 
1164 		/* Give up after a few milliseconds */
1165 		if (fotg210->died_poll_count++ < 5) {
1166 			/* Try again later */
1167 			fotg210_enable_event(fotg210,
1168 					FOTG210_HRTIMER_POLL_DEAD, true);
1169 			return;
1170 		}
1171 		fotg210_warn(fotg210, "Waited too long for the controller to stop, giving up\n");
1172 	}
1173 
1174 	/* Clean up the mess */
1175 	fotg210->rh_state = FOTG210_RH_HALTED;
1176 	fotg210_writel(fotg210, 0, &fotg210->regs->intr_enable);
1177 	fotg210_work(fotg210);
1178 	end_unlink_async(fotg210);
1179 
1180 	/* Not in process context, so don't try to reset the controller */
1181 }
1182 
1183 
1184 /* Handle unlinked interrupt QHs once they are gone from the hardware */
1185 static void fotg210_handle_intr_unlinks(struct fotg210_hcd *fotg210)
1186 {
1187 	bool stopped = (fotg210->rh_state < FOTG210_RH_RUNNING);
1188 
1189 	/*
1190 	 * Process all the QHs on the intr_unlink list that were added
1191 	 * before the current unlink cycle began.  The list is in
1192 	 * temporal order, so stop when we reach the first entry in the
1193 	 * current cycle.  But if the root hub isn't running then
1194 	 * process all the QHs on the list.
1195 	 */
1196 	fotg210->intr_unlinking = true;
1197 	while (fotg210->intr_unlink) {
1198 		struct fotg210_qh *qh = fotg210->intr_unlink;
1199 
1200 		if (!stopped && qh->unlink_cycle == fotg210->intr_unlink_cycle)
1201 			break;
1202 		fotg210->intr_unlink = qh->unlink_next;
1203 		qh->unlink_next = NULL;
1204 		end_unlink_intr(fotg210, qh);
1205 	}
1206 
1207 	/* Handle remaining entries later */
1208 	if (fotg210->intr_unlink) {
1209 		fotg210_enable_event(fotg210, FOTG210_HRTIMER_UNLINK_INTR,
1210 				true);
1211 		++fotg210->intr_unlink_cycle;
1212 	}
1213 	fotg210->intr_unlinking = false;
1214 }
1215 
1216 
1217 /* Start another free-iTDs/siTDs cycle */
1218 static void start_free_itds(struct fotg210_hcd *fotg210)
1219 {
1220 	if (!(fotg210->enabled_hrtimer_events &
1221 			BIT(FOTG210_HRTIMER_FREE_ITDS))) {
1222 		fotg210->last_itd_to_free = list_entry(
1223 				fotg210->cached_itd_list.prev,
1224 				struct fotg210_itd, itd_list);
1225 		fotg210_enable_event(fotg210, FOTG210_HRTIMER_FREE_ITDS, true);
1226 	}
1227 }
1228 
1229 /* Wait for controller to stop using old iTDs and siTDs */
1230 static void end_free_itds(struct fotg210_hcd *fotg210)
1231 {
1232 	struct fotg210_itd *itd, *n;
1233 
1234 	if (fotg210->rh_state < FOTG210_RH_RUNNING)
1235 		fotg210->last_itd_to_free = NULL;
1236 
1237 	list_for_each_entry_safe(itd, n, &fotg210->cached_itd_list, itd_list) {
1238 		list_del(&itd->itd_list);
1239 		dma_pool_free(fotg210->itd_pool, itd, itd->itd_dma);
1240 		if (itd == fotg210->last_itd_to_free)
1241 			break;
1242 	}
1243 
1244 	if (!list_empty(&fotg210->cached_itd_list))
1245 		start_free_itds(fotg210);
1246 }
1247 
1248 
1249 /* Handle lost (or very late) IAA interrupts */
1250 static void fotg210_iaa_watchdog(struct fotg210_hcd *fotg210)
1251 {
1252 	if (fotg210->rh_state != FOTG210_RH_RUNNING)
1253 		return;
1254 
1255 	/*
1256 	 * Lost IAA irqs wedge things badly; seen first with a vt8235.
1257 	 * So we need this watchdog, but must protect it against both
1258 	 * (a) SMP races against real IAA firing and retriggering, and
1259 	 * (b) clean HC shutdown, when IAA watchdog was pending.
1260 	 */
1261 	if (fotg210->async_iaa) {
1262 		u32 cmd, status;
1263 
1264 		/* If we get here, IAA is *REALLY* late.  It's barely
1265 		 * conceivable that the system is so busy that CMD_IAAD
1266 		 * is still legitimately set, so let's be sure it's
1267 		 * clear before we read STS_IAA.  (The HC should clear
1268 		 * CMD_IAAD when it sets STS_IAA.)
1269 		 */
1270 		cmd = fotg210_readl(fotg210, &fotg210->regs->command);
1271 
1272 		/*
1273 		 * If IAA is set here it either legitimately triggered
1274 		 * after the watchdog timer expired (_way_ late, so we'll
1275 		 * still count it as lost) ... or a silicon erratum:
1276 		 * - VIA seems to set IAA without triggering the IRQ;
1277 		 * - IAAD potentially cleared without setting IAA.
1278 		 */
1279 		status = fotg210_readl(fotg210, &fotg210->regs->status);
1280 		if ((status & STS_IAA) || !(cmd & CMD_IAAD)) {
1281 			INCR(fotg210->stats.lost_iaa);
1282 			fotg210_writel(fotg210, STS_IAA,
1283 					&fotg210->regs->status);
1284 		}
1285 
1286 		fotg210_dbg(fotg210, "IAA watchdog: status %x cmd %x\n",
1287 				status, cmd);
1288 		end_unlink_async(fotg210);
1289 	}
1290 }
1291 
1292 
1293 /* Enable the I/O watchdog, if appropriate */
1294 static void turn_on_io_watchdog(struct fotg210_hcd *fotg210)
1295 {
1296 	/* Not needed if the controller isn't running or it's already enabled */
1297 	if (fotg210->rh_state != FOTG210_RH_RUNNING ||
1298 			(fotg210->enabled_hrtimer_events &
1299 			BIT(FOTG210_HRTIMER_IO_WATCHDOG)))
1300 		return;
1301 
1302 	/*
1303 	 * Isochronous transfers always need the watchdog.
1304 	 * For other sorts we use it only if the flag is set.
1305 	 */
1306 	if (fotg210->isoc_count > 0 || (fotg210->need_io_watchdog &&
1307 			fotg210->async_count + fotg210->intr_count > 0))
1308 		fotg210_enable_event(fotg210, FOTG210_HRTIMER_IO_WATCHDOG,
1309 				true);
1310 }
1311 
1312 
1313 /* Handler functions for the hrtimer event types.
1314  * Keep this array in the same order as the event types indexed by
1315  * enum fotg210_hrtimer_event in fotg210.h.
1316  */
1317 static void (*event_handlers[])(struct fotg210_hcd *) = {
1318 	fotg210_poll_ASS,			/* FOTG210_HRTIMER_POLL_ASS */
1319 	fotg210_poll_PSS,			/* FOTG210_HRTIMER_POLL_PSS */
1320 	fotg210_handle_controller_death,	/* FOTG210_HRTIMER_POLL_DEAD */
1321 	fotg210_handle_intr_unlinks,	/* FOTG210_HRTIMER_UNLINK_INTR */
1322 	end_free_itds,			/* FOTG210_HRTIMER_FREE_ITDS */
1323 	unlink_empty_async,		/* FOTG210_HRTIMER_ASYNC_UNLINKS */
1324 	fotg210_iaa_watchdog,		/* FOTG210_HRTIMER_IAA_WATCHDOG */
1325 	fotg210_disable_PSE,		/* FOTG210_HRTIMER_DISABLE_PERIODIC */
1326 	fotg210_disable_ASE,		/* FOTG210_HRTIMER_DISABLE_ASYNC */
1327 	fotg210_work,			/* FOTG210_HRTIMER_IO_WATCHDOG */
1328 };
1329 
1330 static enum hrtimer_restart fotg210_hrtimer_func(struct hrtimer *t)
1331 {
1332 	struct fotg210_hcd *fotg210 =
1333 			container_of(t, struct fotg210_hcd, hrtimer);
1334 	ktime_t now;
1335 	unsigned long events;
1336 	unsigned long flags;
1337 	unsigned e;
1338 
1339 	spin_lock_irqsave(&fotg210->lock, flags);
1340 
1341 	events = fotg210->enabled_hrtimer_events;
1342 	fotg210->enabled_hrtimer_events = 0;
1343 	fotg210->next_hrtimer_event = FOTG210_HRTIMER_NO_EVENT;
1344 
1345 	/*
1346 	 * Check each pending event.  If its time has expired, handle
1347 	 * the event; otherwise re-enable it.
1348 	 */
1349 	now = ktime_get();
1350 	for_each_set_bit(e, &events, FOTG210_HRTIMER_NUM_EVENTS) {
1351 		if (ktime_compare(now, fotg210->hr_timeouts[e]) >= 0)
1352 			event_handlers[e](fotg210);
1353 		else
1354 			fotg210_enable_event(fotg210, e, false);
1355 	}
1356 
1357 	spin_unlock_irqrestore(&fotg210->lock, flags);
1358 	return HRTIMER_NORESTART;
1359 }
1360 
1361 #define fotg210_bus_suspend NULL
1362 #define fotg210_bus_resume NULL
1363 
1364 static int check_reset_complete(struct fotg210_hcd *fotg210, int index,
1365 		u32 __iomem *status_reg, int port_status)
1366 {
1367 	if (!(port_status & PORT_CONNECT))
1368 		return port_status;
1369 
1370 	/* if reset finished and it's still not enabled -- handoff */
1371 	if (!(port_status & PORT_PE))
1372 		/* with integrated TT, there's nobody to hand it to! */
1373 		fotg210_dbg(fotg210, "Failed to enable port %d on root hub TT\n",
1374 				index + 1);
1375 	else
1376 		fotg210_dbg(fotg210, "port %d reset complete, port enabled\n",
1377 				index + 1);
1378 
1379 	return port_status;
1380 }
1381 
1382 
1383 /* build "status change" packet (one or two bytes) from HC registers */
1384 
1385 static int fotg210_hub_status_data(struct usb_hcd *hcd, char *buf)
1386 {
1387 	struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
1388 	u32 temp, status;
1389 	u32 mask;
1390 	int retval = 1;
1391 	unsigned long flags;
1392 
1393 	/* init status to no-changes */
1394 	buf[0] = 0;
1395 
1396 	/* Inform the core about resumes-in-progress by returning
1397 	 * a non-zero value even if there are no status changes.
1398 	 */
1399 	status = fotg210->resuming_ports;
1400 
1401 	mask = PORT_CSC | PORT_PEC;
1402 	/* PORT_RESUME from hardware ~= PORT_STAT_C_SUSPEND */
1403 
1404 	/* no hub change reports (bit 0) for now (power, ...) */
1405 
1406 	/* port N changes (bit N)? */
1407 	spin_lock_irqsave(&fotg210->lock, flags);
1408 
1409 	temp = fotg210_readl(fotg210, &fotg210->regs->port_status);
1410 
1411 	/*
1412 	 * Return status information even for ports with OWNER set.
1413 	 * Otherwise hub_wq wouldn't see the disconnect event when a
1414 	 * high-speed device is switched over to the companion
1415 	 * controller by the user.
1416 	 */
1417 
1418 	if ((temp & mask) != 0 || test_bit(0, &fotg210->port_c_suspend) ||
1419 			(fotg210->reset_done[0] &&
1420 			time_after_eq(jiffies, fotg210->reset_done[0]))) {
1421 		buf[0] |= 1 << 1;
1422 		status = STS_PCD;
1423 	}
1424 	/* FIXME autosuspend idle root hubs */
1425 	spin_unlock_irqrestore(&fotg210->lock, flags);
1426 	return status ? retval : 0;
1427 }
1428 
1429 static void fotg210_hub_descriptor(struct fotg210_hcd *fotg210,
1430 		struct usb_hub_descriptor *desc)
1431 {
1432 	int ports = HCS_N_PORTS(fotg210->hcs_params);
1433 	u16 temp;
1434 
1435 	desc->bDescriptorType = USB_DT_HUB;
1436 	desc->bPwrOn2PwrGood = 10;	/* fotg210 1.0, 2.3.9 says 20ms max */
1437 	desc->bHubContrCurrent = 0;
1438 
1439 	desc->bNbrPorts = ports;
1440 	temp = 1 + (ports / 8);
1441 	desc->bDescLength = 7 + 2 * temp;
1442 
1443 	/* two bitmaps:  ports removable, and usb 1.0 legacy PortPwrCtrlMask */
1444 	memset(&desc->u.hs.DeviceRemovable[0], 0, temp);
1445 	memset(&desc->u.hs.DeviceRemovable[temp], 0xff, temp);
1446 
1447 	temp = HUB_CHAR_INDV_PORT_OCPM;	/* per-port overcurrent reporting */
1448 	temp |= HUB_CHAR_NO_LPSM;	/* no power switching */
1449 	desc->wHubCharacteristics = cpu_to_le16(temp);
1450 }
1451 
1452 static int fotg210_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
1453 		u16 wIndex, char *buf, u16 wLength)
1454 {
1455 	struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
1456 	int ports = HCS_N_PORTS(fotg210->hcs_params);
1457 	u32 __iomem *status_reg = &fotg210->regs->port_status;
1458 	u32 temp, temp1, status;
1459 	unsigned long flags;
1460 	int retval = 0;
1461 	unsigned selector;
1462 
1463 	/*
1464 	 * FIXME:  support SetPortFeatures USB_PORT_FEAT_INDICATOR.
1465 	 * HCS_INDICATOR may say we can change LEDs to off/amber/green.
1466 	 * (track current state ourselves) ... blink for diagnostics,
1467 	 * power, "this is the one", etc.  EHCI spec supports this.
1468 	 */
1469 
1470 	spin_lock_irqsave(&fotg210->lock, flags);
1471 	switch (typeReq) {
1472 	case ClearHubFeature:
1473 		switch (wValue) {
1474 		case C_HUB_LOCAL_POWER:
1475 		case C_HUB_OVER_CURRENT:
1476 			/* no hub-wide feature/status flags */
1477 			break;
1478 		default:
1479 			goto error;
1480 		}
1481 		break;
1482 	case ClearPortFeature:
1483 		if (!wIndex || wIndex > ports)
1484 			goto error;
1485 		wIndex--;
1486 		temp = fotg210_readl(fotg210, status_reg);
1487 		temp &= ~PORT_RWC_BITS;
1488 
1489 		/*
1490 		 * Even if OWNER is set, so the port is owned by the
1491 		 * companion controller, hub_wq needs to be able to clear
1492 		 * the port-change status bits (especially
1493 		 * USB_PORT_STAT_C_CONNECTION).
1494 		 */
1495 
1496 		switch (wValue) {
1497 		case USB_PORT_FEAT_ENABLE:
1498 			fotg210_writel(fotg210, temp & ~PORT_PE, status_reg);
1499 			break;
1500 		case USB_PORT_FEAT_C_ENABLE:
1501 			fotg210_writel(fotg210, temp | PORT_PEC, status_reg);
1502 			break;
1503 		case USB_PORT_FEAT_SUSPEND:
1504 			if (temp & PORT_RESET)
1505 				goto error;
1506 			if (!(temp & PORT_SUSPEND))
1507 				break;
1508 			if ((temp & PORT_PE) == 0)
1509 				goto error;
1510 
1511 			/* resume signaling for 20 msec */
1512 			fotg210_writel(fotg210, temp | PORT_RESUME, status_reg);
1513 			fotg210->reset_done[wIndex] = jiffies
1514 					+ msecs_to_jiffies(USB_RESUME_TIMEOUT);
1515 			break;
1516 		case USB_PORT_FEAT_C_SUSPEND:
1517 			clear_bit(wIndex, &fotg210->port_c_suspend);
1518 			break;
1519 		case USB_PORT_FEAT_C_CONNECTION:
1520 			fotg210_writel(fotg210, temp | PORT_CSC, status_reg);
1521 			break;
1522 		case USB_PORT_FEAT_C_OVER_CURRENT:
1523 			fotg210_writel(fotg210, temp | OTGISR_OVC,
1524 					&fotg210->regs->otgisr);
1525 			break;
1526 		case USB_PORT_FEAT_C_RESET:
1527 			/* GetPortStatus clears reset */
1528 			break;
1529 		default:
1530 			goto error;
1531 		}
1532 		fotg210_readl(fotg210, &fotg210->regs->command);
1533 		break;
1534 	case GetHubDescriptor:
1535 		fotg210_hub_descriptor(fotg210, (struct usb_hub_descriptor *)
1536 				buf);
1537 		break;
1538 	case GetHubStatus:
1539 		/* no hub-wide feature/status flags */
1540 		memset(buf, 0, 4);
1541 		/*cpu_to_le32s ((u32 *) buf); */
1542 		break;
1543 	case GetPortStatus:
1544 		if (!wIndex || wIndex > ports)
1545 			goto error;
1546 		wIndex--;
1547 		status = 0;
1548 		temp = fotg210_readl(fotg210, status_reg);
1549 
1550 		/* wPortChange bits */
1551 		if (temp & PORT_CSC)
1552 			status |= USB_PORT_STAT_C_CONNECTION << 16;
1553 		if (temp & PORT_PEC)
1554 			status |= USB_PORT_STAT_C_ENABLE << 16;
1555 
1556 		temp1 = fotg210_readl(fotg210, &fotg210->regs->otgisr);
1557 		if (temp1 & OTGISR_OVC)
1558 			status |= USB_PORT_STAT_C_OVERCURRENT << 16;
1559 
1560 		/* whoever resumes must GetPortStatus to complete it!! */
1561 		if (temp & PORT_RESUME) {
1562 
1563 			/* Remote Wakeup received? */
1564 			if (!fotg210->reset_done[wIndex]) {
1565 				/* resume signaling for 20 msec */
1566 				fotg210->reset_done[wIndex] = jiffies
1567 						+ msecs_to_jiffies(20);
1568 				/* check the port again */
1569 				mod_timer(&fotg210_to_hcd(fotg210)->rh_timer,
1570 						fotg210->reset_done[wIndex]);
1571 			}
1572 
1573 			/* resume completed? */
1574 			else if (time_after_eq(jiffies,
1575 					fotg210->reset_done[wIndex])) {
1576 				clear_bit(wIndex, &fotg210->suspended_ports);
1577 				set_bit(wIndex, &fotg210->port_c_suspend);
1578 				fotg210->reset_done[wIndex] = 0;
1579 
1580 				/* stop resume signaling */
1581 				temp = fotg210_readl(fotg210, status_reg);
1582 				fotg210_writel(fotg210, temp &
1583 						~(PORT_RWC_BITS | PORT_RESUME),
1584 						status_reg);
1585 				clear_bit(wIndex, &fotg210->resuming_ports);
1586 				retval = handshake(fotg210, status_reg,
1587 						PORT_RESUME, 0, 2000);/* 2ms */
1588 				if (retval != 0) {
1589 					fotg210_err(fotg210,
1590 							"port %d resume error %d\n",
1591 							wIndex + 1, retval);
1592 					goto error;
1593 				}
1594 				temp &= ~(PORT_SUSPEND|PORT_RESUME|(3<<10));
1595 			}
1596 		}
1597 
1598 		/* whoever resets must GetPortStatus to complete it!! */
1599 		if ((temp & PORT_RESET) && time_after_eq(jiffies,
1600 				fotg210->reset_done[wIndex])) {
1601 			status |= USB_PORT_STAT_C_RESET << 16;
1602 			fotg210->reset_done[wIndex] = 0;
1603 			clear_bit(wIndex, &fotg210->resuming_ports);
1604 
1605 			/* force reset to complete */
1606 			fotg210_writel(fotg210,
1607 					temp & ~(PORT_RWC_BITS | PORT_RESET),
1608 					status_reg);
1609 			/* REVISIT:  some hardware needs 550+ usec to clear
1610 			 * this bit; seems too long to spin routinely...
1611 			 */
1612 			retval = handshake(fotg210, status_reg,
1613 					PORT_RESET, 0, 1000);
1614 			if (retval != 0) {
1615 				fotg210_err(fotg210, "port %d reset error %d\n",
1616 						wIndex + 1, retval);
1617 				goto error;
1618 			}
1619 
1620 			/* see what we found out */
1621 			temp = check_reset_complete(fotg210, wIndex, status_reg,
1622 					fotg210_readl(fotg210, status_reg));
1623 
1624 			/* restart schedule */
1625 			fotg210->command |= CMD_RUN;
1626 			fotg210_writel(fotg210, fotg210->command, &fotg210->regs->command);
1627 		}
1628 
1629 		if (!(temp & (PORT_RESUME|PORT_RESET))) {
1630 			fotg210->reset_done[wIndex] = 0;
1631 			clear_bit(wIndex, &fotg210->resuming_ports);
1632 		}
1633 
1634 		/* transfer dedicated ports to the companion hc */
1635 		if ((temp & PORT_CONNECT) &&
1636 				test_bit(wIndex, &fotg210->companion_ports)) {
1637 			temp &= ~PORT_RWC_BITS;
1638 			fotg210_writel(fotg210, temp, status_reg);
1639 			fotg210_dbg(fotg210, "port %d --> companion\n",
1640 					wIndex + 1);
1641 			temp = fotg210_readl(fotg210, status_reg);
1642 		}
1643 
1644 		/*
1645 		 * Even if OWNER is set, there's no harm letting hub_wq
1646 		 * see the wPortStatus values (they should all be 0 except
1647 		 * for PORT_POWER anyway).
1648 		 */
1649 
1650 		if (temp & PORT_CONNECT) {
1651 			status |= USB_PORT_STAT_CONNECTION;
1652 			status |= fotg210_port_speed(fotg210, temp);
1653 		}
1654 		if (temp & PORT_PE)
1655 			status |= USB_PORT_STAT_ENABLE;
1656 
1657 		/* maybe the port was unsuspended without our knowledge */
1658 		if (temp & (PORT_SUSPEND|PORT_RESUME)) {
1659 			status |= USB_PORT_STAT_SUSPEND;
1660 		} else if (test_bit(wIndex, &fotg210->suspended_ports)) {
1661 			clear_bit(wIndex, &fotg210->suspended_ports);
1662 			clear_bit(wIndex, &fotg210->resuming_ports);
1663 			fotg210->reset_done[wIndex] = 0;
1664 			if (temp & PORT_PE)
1665 				set_bit(wIndex, &fotg210->port_c_suspend);
1666 		}
1667 
1668 		temp1 = fotg210_readl(fotg210, &fotg210->regs->otgisr);
1669 		if (temp1 & OTGISR_OVC)
1670 			status |= USB_PORT_STAT_OVERCURRENT;
1671 		if (temp & PORT_RESET)
1672 			status |= USB_PORT_STAT_RESET;
1673 		if (test_bit(wIndex, &fotg210->port_c_suspend))
1674 			status |= USB_PORT_STAT_C_SUSPEND << 16;
1675 
1676 		if (status & ~0xffff)	/* only if wPortChange is interesting */
1677 			dbg_port(fotg210, "GetStatus", wIndex + 1, temp);
1678 		put_unaligned_le32(status, buf);
1679 		break;
1680 	case SetHubFeature:
1681 		switch (wValue) {
1682 		case C_HUB_LOCAL_POWER:
1683 		case C_HUB_OVER_CURRENT:
1684 			/* no hub-wide feature/status flags */
1685 			break;
1686 		default:
1687 			goto error;
1688 		}
1689 		break;
1690 	case SetPortFeature:
1691 		selector = wIndex >> 8;
1692 		wIndex &= 0xff;
1693 
1694 		if (!wIndex || wIndex > ports)
1695 			goto error;
1696 		wIndex--;
1697 		temp = fotg210_readl(fotg210, status_reg);
1698 		temp &= ~PORT_RWC_BITS;
1699 		switch (wValue) {
1700 		case USB_PORT_FEAT_SUSPEND:
1701 			if ((temp & PORT_PE) == 0
1702 					|| (temp & PORT_RESET) != 0)
1703 				goto error;
1704 
1705 			/* After above check the port must be connected.
1706 			 * Set appropriate bit thus could put phy into low power
1707 			 * mode if we have hostpc feature
1708 			 */
1709 			fotg210_writel(fotg210, temp | PORT_SUSPEND,
1710 					status_reg);
1711 			set_bit(wIndex, &fotg210->suspended_ports);
1712 			break;
1713 		case USB_PORT_FEAT_RESET:
1714 			if (temp & PORT_RESUME)
1715 				goto error;
1716 			/* line status bits may report this as low speed,
1717 			 * which can be fine if this root hub has a
1718 			 * transaction translator built in.
1719 			 */
1720 			fotg210_dbg(fotg210, "port %d reset\n", wIndex + 1);
1721 			temp |= PORT_RESET;
1722 			temp &= ~PORT_PE;
1723 
1724 			/*
1725 			 * caller must wait, then call GetPortStatus
1726 			 * usb 2.0 spec says 50 ms resets on root
1727 			 */
1728 			fotg210->reset_done[wIndex] = jiffies
1729 					+ msecs_to_jiffies(50);
1730 			fotg210_writel(fotg210, temp, status_reg);
1731 			break;
1732 
1733 		/* For downstream facing ports (these):  one hub port is put
1734 		 * into test mode according to USB2 11.24.2.13, then the hub
1735 		 * must be reset (which for root hub now means rmmod+modprobe,
1736 		 * or else system reboot).  See EHCI 2.3.9 and 4.14 for info
1737 		 * about the EHCI-specific stuff.
1738 		 */
1739 		case USB_PORT_FEAT_TEST:
1740 			if (!selector || selector > 5)
1741 				goto error;
1742 			spin_unlock_irqrestore(&fotg210->lock, flags);
1743 			fotg210_quiesce(fotg210);
1744 			spin_lock_irqsave(&fotg210->lock, flags);
1745 
1746 			/* Put all enabled ports into suspend */
1747 			temp = fotg210_readl(fotg210, status_reg) &
1748 				~PORT_RWC_BITS;
1749 			if (temp & PORT_PE)
1750 				fotg210_writel(fotg210, temp | PORT_SUSPEND,
1751 						status_reg);
1752 
1753 			spin_unlock_irqrestore(&fotg210->lock, flags);
1754 			fotg210_halt(fotg210);
1755 			spin_lock_irqsave(&fotg210->lock, flags);
1756 
1757 			temp = fotg210_readl(fotg210, status_reg);
1758 			temp |= selector << 16;
1759 			fotg210_writel(fotg210, temp, status_reg);
1760 			break;
1761 
1762 		default:
1763 			goto error;
1764 		}
1765 		fotg210_readl(fotg210, &fotg210->regs->command);
1766 		break;
1767 
1768 	default:
1769 error:
1770 		/* "stall" on error */
1771 		retval = -EPIPE;
1772 	}
1773 	spin_unlock_irqrestore(&fotg210->lock, flags);
1774 	return retval;
1775 }
1776 
1777 static void __maybe_unused fotg210_relinquish_port(struct usb_hcd *hcd,
1778 		int portnum)
1779 {
1780 	return;
1781 }
1782 
1783 static int __maybe_unused fotg210_port_handed_over(struct usb_hcd *hcd,
1784 		int portnum)
1785 {
1786 	return 0;
1787 }
1788 
1789 /* There's basically three types of memory:
1790  *	- data used only by the HCD ... kmalloc is fine
1791  *	- async and periodic schedules, shared by HC and HCD ... these
1792  *	  need to use dma_pool or dma_alloc_coherent
1793  *	- driver buffers, read/written by HC ... single shot DMA mapped
1794  *
1795  * There's also "register" data (e.g. PCI or SOC), which is memory mapped.
1796  * No memory seen by this driver is pageable.
1797  */
1798 
1799 /* Allocate the key transfer structures from the previously allocated pool */
1800 static inline void fotg210_qtd_init(struct fotg210_hcd *fotg210,
1801 		struct fotg210_qtd *qtd, dma_addr_t dma)
1802 {
1803 	memset(qtd, 0, sizeof(*qtd));
1804 	qtd->qtd_dma = dma;
1805 	qtd->hw_token = cpu_to_hc32(fotg210, QTD_STS_HALT);
1806 	qtd->hw_next = FOTG210_LIST_END(fotg210);
1807 	qtd->hw_alt_next = FOTG210_LIST_END(fotg210);
1808 	INIT_LIST_HEAD(&qtd->qtd_list);
1809 }
1810 
1811 static struct fotg210_qtd *fotg210_qtd_alloc(struct fotg210_hcd *fotg210,
1812 		gfp_t flags)
1813 {
1814 	struct fotg210_qtd *qtd;
1815 	dma_addr_t dma;
1816 
1817 	qtd = dma_pool_alloc(fotg210->qtd_pool, flags, &dma);
1818 	if (qtd != NULL)
1819 		fotg210_qtd_init(fotg210, qtd, dma);
1820 
1821 	return qtd;
1822 }
1823 
1824 static inline void fotg210_qtd_free(struct fotg210_hcd *fotg210,
1825 		struct fotg210_qtd *qtd)
1826 {
1827 	dma_pool_free(fotg210->qtd_pool, qtd, qtd->qtd_dma);
1828 }
1829 
1830 
1831 static void qh_destroy(struct fotg210_hcd *fotg210, struct fotg210_qh *qh)
1832 {
1833 	/* clean qtds first, and know this is not linked */
1834 	if (!list_empty(&qh->qtd_list) || qh->qh_next.ptr) {
1835 		fotg210_dbg(fotg210, "unused qh not empty!\n");
1836 		BUG();
1837 	}
1838 	if (qh->dummy)
1839 		fotg210_qtd_free(fotg210, qh->dummy);
1840 	dma_pool_free(fotg210->qh_pool, qh->hw, qh->qh_dma);
1841 	kfree(qh);
1842 }
1843 
1844 static struct fotg210_qh *fotg210_qh_alloc(struct fotg210_hcd *fotg210,
1845 		gfp_t flags)
1846 {
1847 	struct fotg210_qh *qh;
1848 	dma_addr_t dma;
1849 
1850 	qh = kzalloc(sizeof(*qh), GFP_ATOMIC);
1851 	if (!qh)
1852 		goto done;
1853 	qh->hw = (struct fotg210_qh_hw *)
1854 		dma_pool_zalloc(fotg210->qh_pool, flags, &dma);
1855 	if (!qh->hw)
1856 		goto fail;
1857 	qh->qh_dma = dma;
1858 	INIT_LIST_HEAD(&qh->qtd_list);
1859 
1860 	/* dummy td enables safe urb queuing */
1861 	qh->dummy = fotg210_qtd_alloc(fotg210, flags);
1862 	if (qh->dummy == NULL) {
1863 		fotg210_dbg(fotg210, "no dummy td\n");
1864 		goto fail1;
1865 	}
1866 done:
1867 	return qh;
1868 fail1:
1869 	dma_pool_free(fotg210->qh_pool, qh->hw, qh->qh_dma);
1870 fail:
1871 	kfree(qh);
1872 	return NULL;
1873 }
1874 
1875 /* The queue heads and transfer descriptors are managed from pools tied
1876  * to each of the "per device" structures.
1877  * This is the initialisation and cleanup code.
1878  */
1879 
1880 static void fotg210_mem_cleanup(struct fotg210_hcd *fotg210)
1881 {
1882 	if (fotg210->async)
1883 		qh_destroy(fotg210, fotg210->async);
1884 	fotg210->async = NULL;
1885 
1886 	if (fotg210->dummy)
1887 		qh_destroy(fotg210, fotg210->dummy);
1888 	fotg210->dummy = NULL;
1889 
1890 	/* DMA consistent memory and pools */
1891 	dma_pool_destroy(fotg210->qtd_pool);
1892 	fotg210->qtd_pool = NULL;
1893 
1894 	dma_pool_destroy(fotg210->qh_pool);
1895 	fotg210->qh_pool = NULL;
1896 
1897 	dma_pool_destroy(fotg210->itd_pool);
1898 	fotg210->itd_pool = NULL;
1899 
1900 	if (fotg210->periodic)
1901 		dma_free_coherent(fotg210_to_hcd(fotg210)->self.controller,
1902 				fotg210->periodic_size * sizeof(u32),
1903 				fotg210->periodic, fotg210->periodic_dma);
1904 	fotg210->periodic = NULL;
1905 
1906 	/* shadow periodic table */
1907 	kfree(fotg210->pshadow);
1908 	fotg210->pshadow = NULL;
1909 }
1910 
1911 /* remember to add cleanup code (above) if you add anything here */
1912 static int fotg210_mem_init(struct fotg210_hcd *fotg210, gfp_t flags)
1913 {
1914 	int i;
1915 
1916 	/* QTDs for control/bulk/intr transfers */
1917 	fotg210->qtd_pool = dma_pool_create("fotg210_qtd",
1918 			fotg210_to_hcd(fotg210)->self.controller,
1919 			sizeof(struct fotg210_qtd),
1920 			32 /* byte alignment (for hw parts) */,
1921 			4096 /* can't cross 4K */);
1922 	if (!fotg210->qtd_pool)
1923 		goto fail;
1924 
1925 	/* QHs for control/bulk/intr transfers */
1926 	fotg210->qh_pool = dma_pool_create("fotg210_qh",
1927 			fotg210_to_hcd(fotg210)->self.controller,
1928 			sizeof(struct fotg210_qh_hw),
1929 			32 /* byte alignment (for hw parts) */,
1930 			4096 /* can't cross 4K */);
1931 	if (!fotg210->qh_pool)
1932 		goto fail;
1933 
1934 	fotg210->async = fotg210_qh_alloc(fotg210, flags);
1935 	if (!fotg210->async)
1936 		goto fail;
1937 
1938 	/* ITD for high speed ISO transfers */
1939 	fotg210->itd_pool = dma_pool_create("fotg210_itd",
1940 			fotg210_to_hcd(fotg210)->self.controller,
1941 			sizeof(struct fotg210_itd),
1942 			64 /* byte alignment (for hw parts) */,
1943 			4096 /* can't cross 4K */);
1944 	if (!fotg210->itd_pool)
1945 		goto fail;
1946 
1947 	/* Hardware periodic table */
1948 	fotg210->periodic =
1949 		dma_alloc_coherent(fotg210_to_hcd(fotg210)->self.controller,
1950 				fotg210->periodic_size * sizeof(__le32),
1951 				&fotg210->periodic_dma, 0);
1952 	if (fotg210->periodic == NULL)
1953 		goto fail;
1954 
1955 	for (i = 0; i < fotg210->periodic_size; i++)
1956 		fotg210->periodic[i] = FOTG210_LIST_END(fotg210);
1957 
1958 	/* software shadow of hardware table */
1959 	fotg210->pshadow = kcalloc(fotg210->periodic_size, sizeof(void *),
1960 			flags);
1961 	if (fotg210->pshadow != NULL)
1962 		return 0;
1963 
1964 fail:
1965 	fotg210_dbg(fotg210, "couldn't init memory\n");
1966 	fotg210_mem_cleanup(fotg210);
1967 	return -ENOMEM;
1968 }
1969 /* EHCI hardware queue manipulation ... the core.  QH/QTD manipulation.
1970  *
1971  * Control, bulk, and interrupt traffic all use "qh" lists.  They list "qtd"
1972  * entries describing USB transactions, max 16-20kB/entry (with 4kB-aligned
1973  * buffers needed for the larger number).  We use one QH per endpoint, queue
1974  * multiple urbs (all three types) per endpoint.  URBs may need several qtds.
1975  *
1976  * ISO traffic uses "ISO TD" (itd) records, and (along with
1977  * interrupts) needs careful scheduling.  Performance improvements can be
1978  * an ongoing challenge.  That's in "ehci-sched.c".
1979  *
1980  * USB 1.1 devices are handled (a) by "companion" OHCI or UHCI root hubs,
1981  * or otherwise through transaction translators (TTs) in USB 2.0 hubs using
1982  * (b) special fields in qh entries or (c) split iso entries.  TTs will
1983  * buffer low/full speed data so the host collects it at high speed.
1984  */
1985 
1986 /* fill a qtd, returning how much of the buffer we were able to queue up */
1987 static int qtd_fill(struct fotg210_hcd *fotg210, struct fotg210_qtd *qtd,
1988 		dma_addr_t buf, size_t len, int token, int maxpacket)
1989 {
1990 	int i, count;
1991 	u64 addr = buf;
1992 
1993 	/* one buffer entry per 4K ... first might be short or unaligned */
1994 	qtd->hw_buf[0] = cpu_to_hc32(fotg210, (u32)addr);
1995 	qtd->hw_buf_hi[0] = cpu_to_hc32(fotg210, (u32)(addr >> 32));
1996 	count = 0x1000 - (buf & 0x0fff);	/* rest of that page */
1997 	if (likely(len < count))		/* ... iff needed */
1998 		count = len;
1999 	else {
2000 		buf +=  0x1000;
2001 		buf &= ~0x0fff;
2002 
2003 		/* per-qtd limit: from 16K to 20K (best alignment) */
2004 		for (i = 1; count < len && i < 5; i++) {
2005 			addr = buf;
2006 			qtd->hw_buf[i] = cpu_to_hc32(fotg210, (u32)addr);
2007 			qtd->hw_buf_hi[i] = cpu_to_hc32(fotg210,
2008 					(u32)(addr >> 32));
2009 			buf += 0x1000;
2010 			if ((count + 0x1000) < len)
2011 				count += 0x1000;
2012 			else
2013 				count = len;
2014 		}
2015 
2016 		/* short packets may only terminate transfers */
2017 		if (count != len)
2018 			count -= (count % maxpacket);
2019 	}
2020 	qtd->hw_token = cpu_to_hc32(fotg210, (count << 16) | token);
2021 	qtd->length = count;
2022 
2023 	return count;
2024 }
2025 
2026 static inline void qh_update(struct fotg210_hcd *fotg210,
2027 		struct fotg210_qh *qh, struct fotg210_qtd *qtd)
2028 {
2029 	struct fotg210_qh_hw *hw = qh->hw;
2030 
2031 	/* writes to an active overlay are unsafe */
2032 	BUG_ON(qh->qh_state != QH_STATE_IDLE);
2033 
2034 	hw->hw_qtd_next = QTD_NEXT(fotg210, qtd->qtd_dma);
2035 	hw->hw_alt_next = FOTG210_LIST_END(fotg210);
2036 
2037 	/* Except for control endpoints, we make hardware maintain data
2038 	 * toggle (like OHCI) ... here (re)initialize the toggle in the QH,
2039 	 * and set the pseudo-toggle in udev. Only usb_clear_halt() will
2040 	 * ever clear it.
2041 	 */
2042 	if (!(hw->hw_info1 & cpu_to_hc32(fotg210, QH_TOGGLE_CTL))) {
2043 		unsigned is_out, epnum;
2044 
2045 		is_out = qh->is_out;
2046 		epnum = (hc32_to_cpup(fotg210, &hw->hw_info1) >> 8) & 0x0f;
2047 		if (unlikely(!usb_gettoggle(qh->dev, epnum, is_out))) {
2048 			hw->hw_token &= ~cpu_to_hc32(fotg210, QTD_TOGGLE);
2049 			usb_settoggle(qh->dev, epnum, is_out, 1);
2050 		}
2051 	}
2052 
2053 	hw->hw_token &= cpu_to_hc32(fotg210, QTD_TOGGLE | QTD_STS_PING);
2054 }
2055 
2056 /* if it weren't for a common silicon quirk (writing the dummy into the qh
2057  * overlay, so qh->hw_token wrongly becomes inactive/halted), only fault
2058  * recovery (including urb dequeue) would need software changes to a QH...
2059  */
2060 static void qh_refresh(struct fotg210_hcd *fotg210, struct fotg210_qh *qh)
2061 {
2062 	struct fotg210_qtd *qtd;
2063 
2064 	if (list_empty(&qh->qtd_list))
2065 		qtd = qh->dummy;
2066 	else {
2067 		qtd = list_entry(qh->qtd_list.next,
2068 				struct fotg210_qtd, qtd_list);
2069 		/*
2070 		 * first qtd may already be partially processed.
2071 		 * If we come here during unlink, the QH overlay region
2072 		 * might have reference to the just unlinked qtd. The
2073 		 * qtd is updated in qh_completions(). Update the QH
2074 		 * overlay here.
2075 		 */
2076 		if (cpu_to_hc32(fotg210, qtd->qtd_dma) == qh->hw->hw_current) {
2077 			qh->hw->hw_qtd_next = qtd->hw_next;
2078 			qtd = NULL;
2079 		}
2080 	}
2081 
2082 	if (qtd)
2083 		qh_update(fotg210, qh, qtd);
2084 }
2085 
2086 static void qh_link_async(struct fotg210_hcd *fotg210, struct fotg210_qh *qh);
2087 
2088 static void fotg210_clear_tt_buffer_complete(struct usb_hcd *hcd,
2089 		struct usb_host_endpoint *ep)
2090 {
2091 	struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
2092 	struct fotg210_qh *qh = ep->hcpriv;
2093 	unsigned long flags;
2094 
2095 	spin_lock_irqsave(&fotg210->lock, flags);
2096 	qh->clearing_tt = 0;
2097 	if (qh->qh_state == QH_STATE_IDLE && !list_empty(&qh->qtd_list)
2098 			&& fotg210->rh_state == FOTG210_RH_RUNNING)
2099 		qh_link_async(fotg210, qh);
2100 	spin_unlock_irqrestore(&fotg210->lock, flags);
2101 }
2102 
2103 static void fotg210_clear_tt_buffer(struct fotg210_hcd *fotg210,
2104 		struct fotg210_qh *qh, struct urb *urb, u32 token)
2105 {
2106 
2107 	/* If an async split transaction gets an error or is unlinked,
2108 	 * the TT buffer may be left in an indeterminate state.  We
2109 	 * have to clear the TT buffer.
2110 	 *
2111 	 * Note: this routine is never called for Isochronous transfers.
2112 	 */
2113 	if (urb->dev->tt && !usb_pipeint(urb->pipe) && !qh->clearing_tt) {
2114 		struct usb_device *tt = urb->dev->tt->hub;
2115 
2116 		dev_dbg(&tt->dev,
2117 				"clear tt buffer port %d, a%d ep%d t%08x\n",
2118 				urb->dev->ttport, urb->dev->devnum,
2119 				usb_pipeendpoint(urb->pipe), token);
2120 
2121 		if (urb->dev->tt->hub !=
2122 				fotg210_to_hcd(fotg210)->self.root_hub) {
2123 			if (usb_hub_clear_tt_buffer(urb) == 0)
2124 				qh->clearing_tt = 1;
2125 		}
2126 	}
2127 }
2128 
2129 static int qtd_copy_status(struct fotg210_hcd *fotg210, struct urb *urb,
2130 		size_t length, u32 token)
2131 {
2132 	int status = -EINPROGRESS;
2133 
2134 	/* count IN/OUT bytes, not SETUP (even short packets) */
2135 	if (likely(QTD_PID(token) != 2))
2136 		urb->actual_length += length - QTD_LENGTH(token);
2137 
2138 	/* don't modify error codes */
2139 	if (unlikely(urb->unlinked))
2140 		return status;
2141 
2142 	/* force cleanup after short read; not always an error */
2143 	if (unlikely(IS_SHORT_READ(token)))
2144 		status = -EREMOTEIO;
2145 
2146 	/* serious "can't proceed" faults reported by the hardware */
2147 	if (token & QTD_STS_HALT) {
2148 		if (token & QTD_STS_BABBLE) {
2149 			/* FIXME "must" disable babbling device's port too */
2150 			status = -EOVERFLOW;
2151 		/* CERR nonzero + halt --> stall */
2152 		} else if (QTD_CERR(token)) {
2153 			status = -EPIPE;
2154 
2155 		/* In theory, more than one of the following bits can be set
2156 		 * since they are sticky and the transaction is retried.
2157 		 * Which to test first is rather arbitrary.
2158 		 */
2159 		} else if (token & QTD_STS_MMF) {
2160 			/* fs/ls interrupt xfer missed the complete-split */
2161 			status = -EPROTO;
2162 		} else if (token & QTD_STS_DBE) {
2163 			status = (QTD_PID(token) == 1) /* IN ? */
2164 				? -ENOSR  /* hc couldn't read data */
2165 				: -ECOMM; /* hc couldn't write data */
2166 		} else if (token & QTD_STS_XACT) {
2167 			/* timeout, bad CRC, wrong PID, etc */
2168 			fotg210_dbg(fotg210, "devpath %s ep%d%s 3strikes\n",
2169 					urb->dev->devpath,
2170 					usb_pipeendpoint(urb->pipe),
2171 					usb_pipein(urb->pipe) ? "in" : "out");
2172 			status = -EPROTO;
2173 		} else {	/* unknown */
2174 			status = -EPROTO;
2175 		}
2176 
2177 		fotg210_dbg(fotg210,
2178 				"dev%d ep%d%s qtd token %08x --> status %d\n",
2179 				usb_pipedevice(urb->pipe),
2180 				usb_pipeendpoint(urb->pipe),
2181 				usb_pipein(urb->pipe) ? "in" : "out",
2182 				token, status);
2183 	}
2184 
2185 	return status;
2186 }
2187 
2188 static void fotg210_urb_done(struct fotg210_hcd *fotg210, struct urb *urb,
2189 		int status)
2190 __releases(fotg210->lock)
2191 __acquires(fotg210->lock)
2192 {
2193 	if (likely(urb->hcpriv != NULL)) {
2194 		struct fotg210_qh *qh = (struct fotg210_qh *) urb->hcpriv;
2195 
2196 		/* S-mask in a QH means it's an interrupt urb */
2197 		if ((qh->hw->hw_info2 & cpu_to_hc32(fotg210, QH_SMASK)) != 0) {
2198 
2199 			/* ... update hc-wide periodic stats (for usbfs) */
2200 			fotg210_to_hcd(fotg210)->self.bandwidth_int_reqs--;
2201 		}
2202 	}
2203 
2204 	if (unlikely(urb->unlinked)) {
2205 		INCR(fotg210->stats.unlink);
2206 	} else {
2207 		/* report non-error and short read status as zero */
2208 		if (status == -EINPROGRESS || status == -EREMOTEIO)
2209 			status = 0;
2210 		INCR(fotg210->stats.complete);
2211 	}
2212 
2213 #ifdef FOTG210_URB_TRACE
2214 	fotg210_dbg(fotg210,
2215 			"%s %s urb %p ep%d%s status %d len %d/%d\n",
2216 			__func__, urb->dev->devpath, urb,
2217 			usb_pipeendpoint(urb->pipe),
2218 			usb_pipein(urb->pipe) ? "in" : "out",
2219 			status,
2220 			urb->actual_length, urb->transfer_buffer_length);
2221 #endif
2222 
2223 	/* complete() can reenter this HCD */
2224 	usb_hcd_unlink_urb_from_ep(fotg210_to_hcd(fotg210), urb);
2225 	spin_unlock(&fotg210->lock);
2226 	usb_hcd_giveback_urb(fotg210_to_hcd(fotg210), urb, status);
2227 	spin_lock(&fotg210->lock);
2228 }
2229 
2230 static int qh_schedule(struct fotg210_hcd *fotg210, struct fotg210_qh *qh);
2231 
2232 /* Process and free completed qtds for a qh, returning URBs to drivers.
2233  * Chases up to qh->hw_current.  Returns number of completions called,
2234  * indicating how much "real" work we did.
2235  */
2236 static unsigned qh_completions(struct fotg210_hcd *fotg210,
2237 		struct fotg210_qh *qh)
2238 {
2239 	struct fotg210_qtd *last, *end = qh->dummy;
2240 	struct fotg210_qtd *qtd, *tmp;
2241 	int last_status;
2242 	int stopped;
2243 	unsigned count = 0;
2244 	u8 state;
2245 	struct fotg210_qh_hw *hw = qh->hw;
2246 
2247 	if (unlikely(list_empty(&qh->qtd_list)))
2248 		return count;
2249 
2250 	/* completions (or tasks on other cpus) must never clobber HALT
2251 	 * till we've gone through and cleaned everything up, even when
2252 	 * they add urbs to this qh's queue or mark them for unlinking.
2253 	 *
2254 	 * NOTE:  unlinking expects to be done in queue order.
2255 	 *
2256 	 * It's a bug for qh->qh_state to be anything other than
2257 	 * QH_STATE_IDLE, unless our caller is scan_async() or
2258 	 * scan_intr().
2259 	 */
2260 	state = qh->qh_state;
2261 	qh->qh_state = QH_STATE_COMPLETING;
2262 	stopped = (state == QH_STATE_IDLE);
2263 
2264 rescan:
2265 	last = NULL;
2266 	last_status = -EINPROGRESS;
2267 	qh->needs_rescan = 0;
2268 
2269 	/* remove de-activated QTDs from front of queue.
2270 	 * after faults (including short reads), cleanup this urb
2271 	 * then let the queue advance.
2272 	 * if queue is stopped, handles unlinks.
2273 	 */
2274 	list_for_each_entry_safe(qtd, tmp, &qh->qtd_list, qtd_list) {
2275 		struct urb *urb;
2276 		u32 token = 0;
2277 
2278 		urb = qtd->urb;
2279 
2280 		/* clean up any state from previous QTD ...*/
2281 		if (last) {
2282 			if (likely(last->urb != urb)) {
2283 				fotg210_urb_done(fotg210, last->urb,
2284 						last_status);
2285 				count++;
2286 				last_status = -EINPROGRESS;
2287 			}
2288 			fotg210_qtd_free(fotg210, last);
2289 			last = NULL;
2290 		}
2291 
2292 		/* ignore urbs submitted during completions we reported */
2293 		if (qtd == end)
2294 			break;
2295 
2296 		/* hardware copies qtd out of qh overlay */
2297 		rmb();
2298 		token = hc32_to_cpu(fotg210, qtd->hw_token);
2299 
2300 		/* always clean up qtds the hc de-activated */
2301 retry_xacterr:
2302 		if ((token & QTD_STS_ACTIVE) == 0) {
2303 
2304 			/* Report Data Buffer Error: non-fatal but useful */
2305 			if (token & QTD_STS_DBE)
2306 				fotg210_dbg(fotg210,
2307 					"detected DataBufferErr for urb %p ep%d%s len %d, qtd %p [qh %p]\n",
2308 					urb, usb_endpoint_num(&urb->ep->desc),
2309 					usb_endpoint_dir_in(&urb->ep->desc)
2310 						? "in" : "out",
2311 					urb->transfer_buffer_length, qtd, qh);
2312 
2313 			/* on STALL, error, and short reads this urb must
2314 			 * complete and all its qtds must be recycled.
2315 			 */
2316 			if ((token & QTD_STS_HALT) != 0) {
2317 
2318 				/* retry transaction errors until we
2319 				 * reach the software xacterr limit
2320 				 */
2321 				if ((token & QTD_STS_XACT) &&
2322 						QTD_CERR(token) == 0 &&
2323 						++qh->xacterrs < QH_XACTERR_MAX &&
2324 						!urb->unlinked) {
2325 					fotg210_dbg(fotg210,
2326 						"detected XactErr len %zu/%zu retry %d\n",
2327 						qtd->length - QTD_LENGTH(token),
2328 						qtd->length,
2329 						qh->xacterrs);
2330 
2331 					/* reset the token in the qtd and the
2332 					 * qh overlay (which still contains
2333 					 * the qtd) so that we pick up from
2334 					 * where we left off
2335 					 */
2336 					token &= ~QTD_STS_HALT;
2337 					token |= QTD_STS_ACTIVE |
2338 						 (FOTG210_TUNE_CERR << 10);
2339 					qtd->hw_token = cpu_to_hc32(fotg210,
2340 							token);
2341 					wmb();
2342 					hw->hw_token = cpu_to_hc32(fotg210,
2343 							token);
2344 					goto retry_xacterr;
2345 				}
2346 				stopped = 1;
2347 
2348 			/* magic dummy for some short reads; qh won't advance.
2349 			 * that silicon quirk can kick in with this dummy too.
2350 			 *
2351 			 * other short reads won't stop the queue, including
2352 			 * control transfers (status stage handles that) or
2353 			 * most other single-qtd reads ... the queue stops if
2354 			 * URB_SHORT_NOT_OK was set so the driver submitting
2355 			 * the urbs could clean it up.
2356 			 */
2357 			} else if (IS_SHORT_READ(token) &&
2358 					!(qtd->hw_alt_next &
2359 					FOTG210_LIST_END(fotg210))) {
2360 				stopped = 1;
2361 			}
2362 
2363 		/* stop scanning when we reach qtds the hc is using */
2364 		} else if (likely(!stopped
2365 				&& fotg210->rh_state >= FOTG210_RH_RUNNING)) {
2366 			break;
2367 
2368 		/* scan the whole queue for unlinks whenever it stops */
2369 		} else {
2370 			stopped = 1;
2371 
2372 			/* cancel everything if we halt, suspend, etc */
2373 			if (fotg210->rh_state < FOTG210_RH_RUNNING)
2374 				last_status = -ESHUTDOWN;
2375 
2376 			/* this qtd is active; skip it unless a previous qtd
2377 			 * for its urb faulted, or its urb was canceled.
2378 			 */
2379 			else if (last_status == -EINPROGRESS && !urb->unlinked)
2380 				continue;
2381 
2382 			/* qh unlinked; token in overlay may be most current */
2383 			if (state == QH_STATE_IDLE &&
2384 					cpu_to_hc32(fotg210, qtd->qtd_dma)
2385 					== hw->hw_current) {
2386 				token = hc32_to_cpu(fotg210, hw->hw_token);
2387 
2388 				/* An unlink may leave an incomplete
2389 				 * async transaction in the TT buffer.
2390 				 * We have to clear it.
2391 				 */
2392 				fotg210_clear_tt_buffer(fotg210, qh, urb,
2393 						token);
2394 			}
2395 		}
2396 
2397 		/* unless we already know the urb's status, collect qtd status
2398 		 * and update count of bytes transferred.  in common short read
2399 		 * cases with only one data qtd (including control transfers),
2400 		 * queue processing won't halt.  but with two or more qtds (for
2401 		 * example, with a 32 KB transfer), when the first qtd gets a
2402 		 * short read the second must be removed by hand.
2403 		 */
2404 		if (last_status == -EINPROGRESS) {
2405 			last_status = qtd_copy_status(fotg210, urb,
2406 					qtd->length, token);
2407 			if (last_status == -EREMOTEIO &&
2408 					(qtd->hw_alt_next &
2409 					FOTG210_LIST_END(fotg210)))
2410 				last_status = -EINPROGRESS;
2411 
2412 			/* As part of low/full-speed endpoint-halt processing
2413 			 * we must clear the TT buffer (11.17.5).
2414 			 */
2415 			if (unlikely(last_status != -EINPROGRESS &&
2416 					last_status != -EREMOTEIO)) {
2417 				/* The TT's in some hubs malfunction when they
2418 				 * receive this request following a STALL (they
2419 				 * stop sending isochronous packets).  Since a
2420 				 * STALL can't leave the TT buffer in a busy
2421 				 * state (if you believe Figures 11-48 - 11-51
2422 				 * in the USB 2.0 spec), we won't clear the TT
2423 				 * buffer in this case.  Strictly speaking this
2424 				 * is a violation of the spec.
2425 				 */
2426 				if (last_status != -EPIPE)
2427 					fotg210_clear_tt_buffer(fotg210, qh,
2428 							urb, token);
2429 			}
2430 		}
2431 
2432 		/* if we're removing something not at the queue head,
2433 		 * patch the hardware queue pointer.
2434 		 */
2435 		if (stopped && qtd->qtd_list.prev != &qh->qtd_list) {
2436 			last = list_entry(qtd->qtd_list.prev,
2437 					struct fotg210_qtd, qtd_list);
2438 			last->hw_next = qtd->hw_next;
2439 		}
2440 
2441 		/* remove qtd; it's recycled after possible urb completion */
2442 		list_del(&qtd->qtd_list);
2443 		last = qtd;
2444 
2445 		/* reinit the xacterr counter for the next qtd */
2446 		qh->xacterrs = 0;
2447 	}
2448 
2449 	/* last urb's completion might still need calling */
2450 	if (likely(last != NULL)) {
2451 		fotg210_urb_done(fotg210, last->urb, last_status);
2452 		count++;
2453 		fotg210_qtd_free(fotg210, last);
2454 	}
2455 
2456 	/* Do we need to rescan for URBs dequeued during a giveback? */
2457 	if (unlikely(qh->needs_rescan)) {
2458 		/* If the QH is already unlinked, do the rescan now. */
2459 		if (state == QH_STATE_IDLE)
2460 			goto rescan;
2461 
2462 		/* Otherwise we have to wait until the QH is fully unlinked.
2463 		 * Our caller will start an unlink if qh->needs_rescan is
2464 		 * set.  But if an unlink has already started, nothing needs
2465 		 * to be done.
2466 		 */
2467 		if (state != QH_STATE_LINKED)
2468 			qh->needs_rescan = 0;
2469 	}
2470 
2471 	/* restore original state; caller must unlink or relink */
2472 	qh->qh_state = state;
2473 
2474 	/* be sure the hardware's done with the qh before refreshing
2475 	 * it after fault cleanup, or recovering from silicon wrongly
2476 	 * overlaying the dummy qtd (which reduces DMA chatter).
2477 	 */
2478 	if (stopped != 0 || hw->hw_qtd_next == FOTG210_LIST_END(fotg210)) {
2479 		switch (state) {
2480 		case QH_STATE_IDLE:
2481 			qh_refresh(fotg210, qh);
2482 			break;
2483 		case QH_STATE_LINKED:
2484 			/* We won't refresh a QH that's linked (after the HC
2485 			 * stopped the queue).  That avoids a race:
2486 			 *  - HC reads first part of QH;
2487 			 *  - CPU updates that first part and the token;
2488 			 *  - HC reads rest of that QH, including token
2489 			 * Result:  HC gets an inconsistent image, and then
2490 			 * DMAs to/from the wrong memory (corrupting it).
2491 			 *
2492 			 * That should be rare for interrupt transfers,
2493 			 * except maybe high bandwidth ...
2494 			 */
2495 
2496 			/* Tell the caller to start an unlink */
2497 			qh->needs_rescan = 1;
2498 			break;
2499 		/* otherwise, unlink already started */
2500 		}
2501 	}
2502 
2503 	return count;
2504 }
2505 
2506 /* reverse of qh_urb_transaction:  free a list of TDs.
2507  * used for cleanup after errors, before HC sees an URB's TDs.
2508  */
2509 static void qtd_list_free(struct fotg210_hcd *fotg210, struct urb *urb,
2510 		struct list_head *head)
2511 {
2512 	struct fotg210_qtd *qtd, *temp;
2513 
2514 	list_for_each_entry_safe(qtd, temp, head, qtd_list) {
2515 		list_del(&qtd->qtd_list);
2516 		fotg210_qtd_free(fotg210, qtd);
2517 	}
2518 }
2519 
2520 /* create a list of filled qtds for this URB; won't link into qh.
2521  */
2522 static struct list_head *qh_urb_transaction(struct fotg210_hcd *fotg210,
2523 		struct urb *urb, struct list_head *head, gfp_t flags)
2524 {
2525 	struct fotg210_qtd *qtd, *qtd_prev;
2526 	dma_addr_t buf;
2527 	int len, this_sg_len, maxpacket;
2528 	int is_input;
2529 	u32 token;
2530 	int i;
2531 	struct scatterlist *sg;
2532 
2533 	/*
2534 	 * URBs map to sequences of QTDs:  one logical transaction
2535 	 */
2536 	qtd = fotg210_qtd_alloc(fotg210, flags);
2537 	if (unlikely(!qtd))
2538 		return NULL;
2539 	list_add_tail(&qtd->qtd_list, head);
2540 	qtd->urb = urb;
2541 
2542 	token = QTD_STS_ACTIVE;
2543 	token |= (FOTG210_TUNE_CERR << 10);
2544 	/* for split transactions, SplitXState initialized to zero */
2545 
2546 	len = urb->transfer_buffer_length;
2547 	is_input = usb_pipein(urb->pipe);
2548 	if (usb_pipecontrol(urb->pipe)) {
2549 		/* SETUP pid */
2550 		qtd_fill(fotg210, qtd, urb->setup_dma,
2551 				sizeof(struct usb_ctrlrequest),
2552 				token | (2 /* "setup" */ << 8), 8);
2553 
2554 		/* ... and always at least one more pid */
2555 		token ^= QTD_TOGGLE;
2556 		qtd_prev = qtd;
2557 		qtd = fotg210_qtd_alloc(fotg210, flags);
2558 		if (unlikely(!qtd))
2559 			goto cleanup;
2560 		qtd->urb = urb;
2561 		qtd_prev->hw_next = QTD_NEXT(fotg210, qtd->qtd_dma);
2562 		list_add_tail(&qtd->qtd_list, head);
2563 
2564 		/* for zero length DATA stages, STATUS is always IN */
2565 		if (len == 0)
2566 			token |= (1 /* "in" */ << 8);
2567 	}
2568 
2569 	/*
2570 	 * data transfer stage:  buffer setup
2571 	 */
2572 	i = urb->num_mapped_sgs;
2573 	if (len > 0 && i > 0) {
2574 		sg = urb->sg;
2575 		buf = sg_dma_address(sg);
2576 
2577 		/* urb->transfer_buffer_length may be smaller than the
2578 		 * size of the scatterlist (or vice versa)
2579 		 */
2580 		this_sg_len = min_t(int, sg_dma_len(sg), len);
2581 	} else {
2582 		sg = NULL;
2583 		buf = urb->transfer_dma;
2584 		this_sg_len = len;
2585 	}
2586 
2587 	if (is_input)
2588 		token |= (1 /* "in" */ << 8);
2589 	/* else it's already initted to "out" pid (0 << 8) */
2590 
2591 	maxpacket = usb_maxpacket(urb->dev, urb->pipe);
2592 
2593 	/*
2594 	 * buffer gets wrapped in one or more qtds;
2595 	 * last one may be "short" (including zero len)
2596 	 * and may serve as a control status ack
2597 	 */
2598 	for (;;) {
2599 		int this_qtd_len;
2600 
2601 		this_qtd_len = qtd_fill(fotg210, qtd, buf, this_sg_len, token,
2602 				maxpacket);
2603 		this_sg_len -= this_qtd_len;
2604 		len -= this_qtd_len;
2605 		buf += this_qtd_len;
2606 
2607 		/*
2608 		 * short reads advance to a "magic" dummy instead of the next
2609 		 * qtd ... that forces the queue to stop, for manual cleanup.
2610 		 * (this will usually be overridden later.)
2611 		 */
2612 		if (is_input)
2613 			qtd->hw_alt_next = fotg210->async->hw->hw_alt_next;
2614 
2615 		/* qh makes control packets use qtd toggle; maybe switch it */
2616 		if ((maxpacket & (this_qtd_len + (maxpacket - 1))) == 0)
2617 			token ^= QTD_TOGGLE;
2618 
2619 		if (likely(this_sg_len <= 0)) {
2620 			if (--i <= 0 || len <= 0)
2621 				break;
2622 			sg = sg_next(sg);
2623 			buf = sg_dma_address(sg);
2624 			this_sg_len = min_t(int, sg_dma_len(sg), len);
2625 		}
2626 
2627 		qtd_prev = qtd;
2628 		qtd = fotg210_qtd_alloc(fotg210, flags);
2629 		if (unlikely(!qtd))
2630 			goto cleanup;
2631 		qtd->urb = urb;
2632 		qtd_prev->hw_next = QTD_NEXT(fotg210, qtd->qtd_dma);
2633 		list_add_tail(&qtd->qtd_list, head);
2634 	}
2635 
2636 	/*
2637 	 * unless the caller requires manual cleanup after short reads,
2638 	 * have the alt_next mechanism keep the queue running after the
2639 	 * last data qtd (the only one, for control and most other cases).
2640 	 */
2641 	if (likely((urb->transfer_flags & URB_SHORT_NOT_OK) == 0 ||
2642 			usb_pipecontrol(urb->pipe)))
2643 		qtd->hw_alt_next = FOTG210_LIST_END(fotg210);
2644 
2645 	/*
2646 	 * control requests may need a terminating data "status" ack;
2647 	 * other OUT ones may need a terminating short packet
2648 	 * (zero length).
2649 	 */
2650 	if (likely(urb->transfer_buffer_length != 0)) {
2651 		int one_more = 0;
2652 
2653 		if (usb_pipecontrol(urb->pipe)) {
2654 			one_more = 1;
2655 			token ^= 0x0100;	/* "in" <--> "out"  */
2656 			token |= QTD_TOGGLE;	/* force DATA1 */
2657 		} else if (usb_pipeout(urb->pipe)
2658 				&& (urb->transfer_flags & URB_ZERO_PACKET)
2659 				&& !(urb->transfer_buffer_length % maxpacket)) {
2660 			one_more = 1;
2661 		}
2662 		if (one_more) {
2663 			qtd_prev = qtd;
2664 			qtd = fotg210_qtd_alloc(fotg210, flags);
2665 			if (unlikely(!qtd))
2666 				goto cleanup;
2667 			qtd->urb = urb;
2668 			qtd_prev->hw_next = QTD_NEXT(fotg210, qtd->qtd_dma);
2669 			list_add_tail(&qtd->qtd_list, head);
2670 
2671 			/* never any data in such packets */
2672 			qtd_fill(fotg210, qtd, 0, 0, token, 0);
2673 		}
2674 	}
2675 
2676 	/* by default, enable interrupt on urb completion */
2677 	if (likely(!(urb->transfer_flags & URB_NO_INTERRUPT)))
2678 		qtd->hw_token |= cpu_to_hc32(fotg210, QTD_IOC);
2679 	return head;
2680 
2681 cleanup:
2682 	qtd_list_free(fotg210, urb, head);
2683 	return NULL;
2684 }
2685 
2686 /* Would be best to create all qh's from config descriptors,
2687  * when each interface/altsetting is established.  Unlink
2688  * any previous qh and cancel its urbs first; endpoints are
2689  * implicitly reset then (data toggle too).
2690  * That'd mean updating how usbcore talks to HCDs. (2.7?)
2691  */
2692 
2693 
2694 /* Each QH holds a qtd list; a QH is used for everything except iso.
2695  *
2696  * For interrupt urbs, the scheduler must set the microframe scheduling
2697  * mask(s) each time the QH gets scheduled.  For highspeed, that's
2698  * just one microframe in the s-mask.  For split interrupt transactions
2699  * there are additional complications: c-mask, maybe FSTNs.
2700  */
2701 static struct fotg210_qh *qh_make(struct fotg210_hcd *fotg210, struct urb *urb,
2702 		gfp_t flags)
2703 {
2704 	struct fotg210_qh *qh = fotg210_qh_alloc(fotg210, flags);
2705 	struct usb_host_endpoint *ep;
2706 	u32 info1 = 0, info2 = 0;
2707 	int is_input, type;
2708 	int maxp = 0;
2709 	int mult;
2710 	struct usb_tt *tt = urb->dev->tt;
2711 	struct fotg210_qh_hw *hw;
2712 
2713 	if (!qh)
2714 		return qh;
2715 
2716 	/*
2717 	 * init endpoint/device data for this QH
2718 	 */
2719 	info1 |= usb_pipeendpoint(urb->pipe) << 8;
2720 	info1 |= usb_pipedevice(urb->pipe) << 0;
2721 
2722 	is_input = usb_pipein(urb->pipe);
2723 	type = usb_pipetype(urb->pipe);
2724 	ep = usb_pipe_endpoint(urb->dev, urb->pipe);
2725 	maxp = usb_endpoint_maxp(&ep->desc);
2726 	mult = usb_endpoint_maxp_mult(&ep->desc);
2727 
2728 	/* 1024 byte maxpacket is a hardware ceiling.  High bandwidth
2729 	 * acts like up to 3KB, but is built from smaller packets.
2730 	 */
2731 	if (maxp > 1024) {
2732 		fotg210_dbg(fotg210, "bogus qh maxpacket %d\n", maxp);
2733 		goto done;
2734 	}
2735 
2736 	/* Compute interrupt scheduling parameters just once, and save.
2737 	 * - allowing for high bandwidth, how many nsec/uframe are used?
2738 	 * - split transactions need a second CSPLIT uframe; same question
2739 	 * - splits also need a schedule gap (for full/low speed I/O)
2740 	 * - qh has a polling interval
2741 	 *
2742 	 * For control/bulk requests, the HC or TT handles these.
2743 	 */
2744 	if (type == PIPE_INTERRUPT) {
2745 		qh->usecs = NS_TO_US(usb_calc_bus_time(USB_SPEED_HIGH,
2746 				is_input, 0, mult * maxp));
2747 		qh->start = NO_FRAME;
2748 
2749 		if (urb->dev->speed == USB_SPEED_HIGH) {
2750 			qh->c_usecs = 0;
2751 			qh->gap_uf = 0;
2752 
2753 			qh->period = urb->interval >> 3;
2754 			if (qh->period == 0 && urb->interval != 1) {
2755 				/* NOTE interval 2 or 4 uframes could work.
2756 				 * But interval 1 scheduling is simpler, and
2757 				 * includes high bandwidth.
2758 				 */
2759 				urb->interval = 1;
2760 			} else if (qh->period > fotg210->periodic_size) {
2761 				qh->period = fotg210->periodic_size;
2762 				urb->interval = qh->period << 3;
2763 			}
2764 		} else {
2765 			int think_time;
2766 
2767 			/* gap is f(FS/LS transfer times) */
2768 			qh->gap_uf = 1 + usb_calc_bus_time(urb->dev->speed,
2769 					is_input, 0, maxp) / (125 * 1000);
2770 
2771 			/* FIXME this just approximates SPLIT/CSPLIT times */
2772 			if (is_input) {		/* SPLIT, gap, CSPLIT+DATA */
2773 				qh->c_usecs = qh->usecs + HS_USECS(0);
2774 				qh->usecs = HS_USECS(1);
2775 			} else {		/* SPLIT+DATA, gap, CSPLIT */
2776 				qh->usecs += HS_USECS(1);
2777 				qh->c_usecs = HS_USECS(0);
2778 			}
2779 
2780 			think_time = tt ? tt->think_time : 0;
2781 			qh->tt_usecs = NS_TO_US(think_time +
2782 					usb_calc_bus_time(urb->dev->speed,
2783 					is_input, 0, maxp));
2784 			qh->period = urb->interval;
2785 			if (qh->period > fotg210->periodic_size) {
2786 				qh->period = fotg210->periodic_size;
2787 				urb->interval = qh->period;
2788 			}
2789 		}
2790 	}
2791 
2792 	/* support for tt scheduling, and access to toggles */
2793 	qh->dev = urb->dev;
2794 
2795 	/* using TT? */
2796 	switch (urb->dev->speed) {
2797 	case USB_SPEED_LOW:
2798 		info1 |= QH_LOW_SPEED;
2799 		fallthrough;
2800 
2801 	case USB_SPEED_FULL:
2802 		/* EPS 0 means "full" */
2803 		if (type != PIPE_INTERRUPT)
2804 			info1 |= (FOTG210_TUNE_RL_TT << 28);
2805 		if (type == PIPE_CONTROL) {
2806 			info1 |= QH_CONTROL_EP;		/* for TT */
2807 			info1 |= QH_TOGGLE_CTL;		/* toggle from qtd */
2808 		}
2809 		info1 |= maxp << 16;
2810 
2811 		info2 |= (FOTG210_TUNE_MULT_TT << 30);
2812 
2813 		/* Some Freescale processors have an erratum in which the
2814 		 * port number in the queue head was 0..N-1 instead of 1..N.
2815 		 */
2816 		if (fotg210_has_fsl_portno_bug(fotg210))
2817 			info2 |= (urb->dev->ttport-1) << 23;
2818 		else
2819 			info2 |= urb->dev->ttport << 23;
2820 
2821 		/* set the address of the TT; for TDI's integrated
2822 		 * root hub tt, leave it zeroed.
2823 		 */
2824 		if (tt && tt->hub != fotg210_to_hcd(fotg210)->self.root_hub)
2825 			info2 |= tt->hub->devnum << 16;
2826 
2827 		/* NOTE:  if (PIPE_INTERRUPT) { scheduler sets c-mask } */
2828 
2829 		break;
2830 
2831 	case USB_SPEED_HIGH:		/* no TT involved */
2832 		info1 |= QH_HIGH_SPEED;
2833 		if (type == PIPE_CONTROL) {
2834 			info1 |= (FOTG210_TUNE_RL_HS << 28);
2835 			info1 |= 64 << 16;	/* usb2 fixed maxpacket */
2836 			info1 |= QH_TOGGLE_CTL;	/* toggle from qtd */
2837 			info2 |= (FOTG210_TUNE_MULT_HS << 30);
2838 		} else if (type == PIPE_BULK) {
2839 			info1 |= (FOTG210_TUNE_RL_HS << 28);
2840 			/* The USB spec says that high speed bulk endpoints
2841 			 * always use 512 byte maxpacket.  But some device
2842 			 * vendors decided to ignore that, and MSFT is happy
2843 			 * to help them do so.  So now people expect to use
2844 			 * such nonconformant devices with Linux too; sigh.
2845 			 */
2846 			info1 |= maxp << 16;
2847 			info2 |= (FOTG210_TUNE_MULT_HS << 30);
2848 		} else {		/* PIPE_INTERRUPT */
2849 			info1 |= maxp << 16;
2850 			info2 |= mult << 30;
2851 		}
2852 		break;
2853 	default:
2854 		fotg210_dbg(fotg210, "bogus dev %p speed %d\n", urb->dev,
2855 				urb->dev->speed);
2856 done:
2857 		qh_destroy(fotg210, qh);
2858 		return NULL;
2859 	}
2860 
2861 	/* NOTE:  if (PIPE_INTERRUPT) { scheduler sets s-mask } */
2862 
2863 	/* init as live, toggle clear, advance to dummy */
2864 	qh->qh_state = QH_STATE_IDLE;
2865 	hw = qh->hw;
2866 	hw->hw_info1 = cpu_to_hc32(fotg210, info1);
2867 	hw->hw_info2 = cpu_to_hc32(fotg210, info2);
2868 	qh->is_out = !is_input;
2869 	usb_settoggle(urb->dev, usb_pipeendpoint(urb->pipe), !is_input, 1);
2870 	qh_refresh(fotg210, qh);
2871 	return qh;
2872 }
2873 
2874 static void enable_async(struct fotg210_hcd *fotg210)
2875 {
2876 	if (fotg210->async_count++)
2877 		return;
2878 
2879 	/* Stop waiting to turn off the async schedule */
2880 	fotg210->enabled_hrtimer_events &= ~BIT(FOTG210_HRTIMER_DISABLE_ASYNC);
2881 
2882 	/* Don't start the schedule until ASS is 0 */
2883 	fotg210_poll_ASS(fotg210);
2884 	turn_on_io_watchdog(fotg210);
2885 }
2886 
2887 static void disable_async(struct fotg210_hcd *fotg210)
2888 {
2889 	if (--fotg210->async_count)
2890 		return;
2891 
2892 	/* The async schedule and async_unlink list are supposed to be empty */
2893 	WARN_ON(fotg210->async->qh_next.qh || fotg210->async_unlink);
2894 
2895 	/* Don't turn off the schedule until ASS is 1 */
2896 	fotg210_poll_ASS(fotg210);
2897 }
2898 
2899 /* move qh (and its qtds) onto async queue; maybe enable queue.  */
2900 
2901 static void qh_link_async(struct fotg210_hcd *fotg210, struct fotg210_qh *qh)
2902 {
2903 	__hc32 dma = QH_NEXT(fotg210, qh->qh_dma);
2904 	struct fotg210_qh *head;
2905 
2906 	/* Don't link a QH if there's a Clear-TT-Buffer pending */
2907 	if (unlikely(qh->clearing_tt))
2908 		return;
2909 
2910 	WARN_ON(qh->qh_state != QH_STATE_IDLE);
2911 
2912 	/* clear halt and/or toggle; and maybe recover from silicon quirk */
2913 	qh_refresh(fotg210, qh);
2914 
2915 	/* splice right after start */
2916 	head = fotg210->async;
2917 	qh->qh_next = head->qh_next;
2918 	qh->hw->hw_next = head->hw->hw_next;
2919 	wmb();
2920 
2921 	head->qh_next.qh = qh;
2922 	head->hw->hw_next = dma;
2923 
2924 	qh->xacterrs = 0;
2925 	qh->qh_state = QH_STATE_LINKED;
2926 	/* qtd completions reported later by interrupt */
2927 
2928 	enable_async(fotg210);
2929 }
2930 
2931 /* For control/bulk/interrupt, return QH with these TDs appended.
2932  * Allocates and initializes the QH if necessary.
2933  * Returns null if it can't allocate a QH it needs to.
2934  * If the QH has TDs (urbs) already, that's great.
2935  */
2936 static struct fotg210_qh *qh_append_tds(struct fotg210_hcd *fotg210,
2937 		struct urb *urb, struct list_head *qtd_list,
2938 		int epnum, void **ptr)
2939 {
2940 	struct fotg210_qh *qh = NULL;
2941 	__hc32 qh_addr_mask = cpu_to_hc32(fotg210, 0x7f);
2942 
2943 	qh = (struct fotg210_qh *) *ptr;
2944 	if (unlikely(qh == NULL)) {
2945 		/* can't sleep here, we have fotg210->lock... */
2946 		qh = qh_make(fotg210, urb, GFP_ATOMIC);
2947 		*ptr = qh;
2948 	}
2949 	if (likely(qh != NULL)) {
2950 		struct fotg210_qtd *qtd;
2951 
2952 		if (unlikely(list_empty(qtd_list)))
2953 			qtd = NULL;
2954 		else
2955 			qtd = list_entry(qtd_list->next, struct fotg210_qtd,
2956 					qtd_list);
2957 
2958 		/* control qh may need patching ... */
2959 		if (unlikely(epnum == 0)) {
2960 			/* usb_reset_device() briefly reverts to address 0 */
2961 			if (usb_pipedevice(urb->pipe) == 0)
2962 				qh->hw->hw_info1 &= ~qh_addr_mask;
2963 		}
2964 
2965 		/* just one way to queue requests: swap with the dummy qtd.
2966 		 * only hc or qh_refresh() ever modify the overlay.
2967 		 */
2968 		if (likely(qtd != NULL)) {
2969 			struct fotg210_qtd *dummy;
2970 			dma_addr_t dma;
2971 			__hc32 token;
2972 
2973 			/* to avoid racing the HC, use the dummy td instead of
2974 			 * the first td of our list (becomes new dummy).  both
2975 			 * tds stay deactivated until we're done, when the
2976 			 * HC is allowed to fetch the old dummy (4.10.2).
2977 			 */
2978 			token = qtd->hw_token;
2979 			qtd->hw_token = HALT_BIT(fotg210);
2980 
2981 			dummy = qh->dummy;
2982 
2983 			dma = dummy->qtd_dma;
2984 			*dummy = *qtd;
2985 			dummy->qtd_dma = dma;
2986 
2987 			list_del(&qtd->qtd_list);
2988 			list_add(&dummy->qtd_list, qtd_list);
2989 			list_splice_tail(qtd_list, &qh->qtd_list);
2990 
2991 			fotg210_qtd_init(fotg210, qtd, qtd->qtd_dma);
2992 			qh->dummy = qtd;
2993 
2994 			/* hc must see the new dummy at list end */
2995 			dma = qtd->qtd_dma;
2996 			qtd = list_entry(qh->qtd_list.prev,
2997 					struct fotg210_qtd, qtd_list);
2998 			qtd->hw_next = QTD_NEXT(fotg210, dma);
2999 
3000 			/* let the hc process these next qtds */
3001 			wmb();
3002 			dummy->hw_token = token;
3003 
3004 			urb->hcpriv = qh;
3005 		}
3006 	}
3007 	return qh;
3008 }
3009 
3010 static int submit_async(struct fotg210_hcd *fotg210, struct urb *urb,
3011 		struct list_head *qtd_list, gfp_t mem_flags)
3012 {
3013 	int epnum;
3014 	unsigned long flags;
3015 	struct fotg210_qh *qh = NULL;
3016 	int rc;
3017 
3018 	epnum = urb->ep->desc.bEndpointAddress;
3019 
3020 #ifdef FOTG210_URB_TRACE
3021 	{
3022 		struct fotg210_qtd *qtd;
3023 
3024 		qtd = list_entry(qtd_list->next, struct fotg210_qtd, qtd_list);
3025 		fotg210_dbg(fotg210,
3026 				"%s %s urb %p ep%d%s len %d, qtd %p [qh %p]\n",
3027 				__func__, urb->dev->devpath, urb,
3028 				epnum & 0x0f, (epnum & USB_DIR_IN)
3029 					? "in" : "out",
3030 				urb->transfer_buffer_length,
3031 				qtd, urb->ep->hcpriv);
3032 	}
3033 #endif
3034 
3035 	spin_lock_irqsave(&fotg210->lock, flags);
3036 	if (unlikely(!HCD_HW_ACCESSIBLE(fotg210_to_hcd(fotg210)))) {
3037 		rc = -ESHUTDOWN;
3038 		goto done;
3039 	}
3040 	rc = usb_hcd_link_urb_to_ep(fotg210_to_hcd(fotg210), urb);
3041 	if (unlikely(rc))
3042 		goto done;
3043 
3044 	qh = qh_append_tds(fotg210, urb, qtd_list, epnum, &urb->ep->hcpriv);
3045 	if (unlikely(qh == NULL)) {
3046 		usb_hcd_unlink_urb_from_ep(fotg210_to_hcd(fotg210), urb);
3047 		rc = -ENOMEM;
3048 		goto done;
3049 	}
3050 
3051 	/* Control/bulk operations through TTs don't need scheduling,
3052 	 * the HC and TT handle it when the TT has a buffer ready.
3053 	 */
3054 	if (likely(qh->qh_state == QH_STATE_IDLE))
3055 		qh_link_async(fotg210, qh);
3056 done:
3057 	spin_unlock_irqrestore(&fotg210->lock, flags);
3058 	if (unlikely(qh == NULL))
3059 		qtd_list_free(fotg210, urb, qtd_list);
3060 	return rc;
3061 }
3062 
3063 static void single_unlink_async(struct fotg210_hcd *fotg210,
3064 		struct fotg210_qh *qh)
3065 {
3066 	struct fotg210_qh *prev;
3067 
3068 	/* Add to the end of the list of QHs waiting for the next IAAD */
3069 	qh->qh_state = QH_STATE_UNLINK;
3070 	if (fotg210->async_unlink)
3071 		fotg210->async_unlink_last->unlink_next = qh;
3072 	else
3073 		fotg210->async_unlink = qh;
3074 	fotg210->async_unlink_last = qh;
3075 
3076 	/* Unlink it from the schedule */
3077 	prev = fotg210->async;
3078 	while (prev->qh_next.qh != qh)
3079 		prev = prev->qh_next.qh;
3080 
3081 	prev->hw->hw_next = qh->hw->hw_next;
3082 	prev->qh_next = qh->qh_next;
3083 	if (fotg210->qh_scan_next == qh)
3084 		fotg210->qh_scan_next = qh->qh_next.qh;
3085 }
3086 
3087 static void start_iaa_cycle(struct fotg210_hcd *fotg210, bool nested)
3088 {
3089 	/*
3090 	 * Do nothing if an IAA cycle is already running or
3091 	 * if one will be started shortly.
3092 	 */
3093 	if (fotg210->async_iaa || fotg210->async_unlinking)
3094 		return;
3095 
3096 	/* Do all the waiting QHs at once */
3097 	fotg210->async_iaa = fotg210->async_unlink;
3098 	fotg210->async_unlink = NULL;
3099 
3100 	/* If the controller isn't running, we don't have to wait for it */
3101 	if (unlikely(fotg210->rh_state < FOTG210_RH_RUNNING)) {
3102 		if (!nested)		/* Avoid recursion */
3103 			end_unlink_async(fotg210);
3104 
3105 	/* Otherwise start a new IAA cycle */
3106 	} else if (likely(fotg210->rh_state == FOTG210_RH_RUNNING)) {
3107 		/* Make sure the unlinks are all visible to the hardware */
3108 		wmb();
3109 
3110 		fotg210_writel(fotg210, fotg210->command | CMD_IAAD,
3111 				&fotg210->regs->command);
3112 		fotg210_readl(fotg210, &fotg210->regs->command);
3113 		fotg210_enable_event(fotg210, FOTG210_HRTIMER_IAA_WATCHDOG,
3114 				true);
3115 	}
3116 }
3117 
3118 /* the async qh for the qtds being unlinked are now gone from the HC */
3119 
3120 static void end_unlink_async(struct fotg210_hcd *fotg210)
3121 {
3122 	struct fotg210_qh *qh;
3123 
3124 	/* Process the idle QHs */
3125 restart:
3126 	fotg210->async_unlinking = true;
3127 	while (fotg210->async_iaa) {
3128 		qh = fotg210->async_iaa;
3129 		fotg210->async_iaa = qh->unlink_next;
3130 		qh->unlink_next = NULL;
3131 
3132 		qh->qh_state = QH_STATE_IDLE;
3133 		qh->qh_next.qh = NULL;
3134 
3135 		qh_completions(fotg210, qh);
3136 		if (!list_empty(&qh->qtd_list) &&
3137 				fotg210->rh_state == FOTG210_RH_RUNNING)
3138 			qh_link_async(fotg210, qh);
3139 		disable_async(fotg210);
3140 	}
3141 	fotg210->async_unlinking = false;
3142 
3143 	/* Start a new IAA cycle if any QHs are waiting for it */
3144 	if (fotg210->async_unlink) {
3145 		start_iaa_cycle(fotg210, true);
3146 		if (unlikely(fotg210->rh_state < FOTG210_RH_RUNNING))
3147 			goto restart;
3148 	}
3149 }
3150 
3151 static void unlink_empty_async(struct fotg210_hcd *fotg210)
3152 {
3153 	struct fotg210_qh *qh, *next;
3154 	bool stopped = (fotg210->rh_state < FOTG210_RH_RUNNING);
3155 	bool check_unlinks_later = false;
3156 
3157 	/* Unlink all the async QHs that have been empty for a timer cycle */
3158 	next = fotg210->async->qh_next.qh;
3159 	while (next) {
3160 		qh = next;
3161 		next = qh->qh_next.qh;
3162 
3163 		if (list_empty(&qh->qtd_list) &&
3164 				qh->qh_state == QH_STATE_LINKED) {
3165 			if (!stopped && qh->unlink_cycle ==
3166 					fotg210->async_unlink_cycle)
3167 				check_unlinks_later = true;
3168 			else
3169 				single_unlink_async(fotg210, qh);
3170 		}
3171 	}
3172 
3173 	/* Start a new IAA cycle if any QHs are waiting for it */
3174 	if (fotg210->async_unlink)
3175 		start_iaa_cycle(fotg210, false);
3176 
3177 	/* QHs that haven't been empty for long enough will be handled later */
3178 	if (check_unlinks_later) {
3179 		fotg210_enable_event(fotg210, FOTG210_HRTIMER_ASYNC_UNLINKS,
3180 				true);
3181 		++fotg210->async_unlink_cycle;
3182 	}
3183 }
3184 
3185 /* makes sure the async qh will become idle */
3186 /* caller must own fotg210->lock */
3187 
3188 static void start_unlink_async(struct fotg210_hcd *fotg210,
3189 		struct fotg210_qh *qh)
3190 {
3191 	/*
3192 	 * If the QH isn't linked then there's nothing we can do
3193 	 * unless we were called during a giveback, in which case
3194 	 * qh_completions() has to deal with it.
3195 	 */
3196 	if (qh->qh_state != QH_STATE_LINKED) {
3197 		if (qh->qh_state == QH_STATE_COMPLETING)
3198 			qh->needs_rescan = 1;
3199 		return;
3200 	}
3201 
3202 	single_unlink_async(fotg210, qh);
3203 	start_iaa_cycle(fotg210, false);
3204 }
3205 
3206 static void scan_async(struct fotg210_hcd *fotg210)
3207 {
3208 	struct fotg210_qh *qh;
3209 	bool check_unlinks_later = false;
3210 
3211 	fotg210->qh_scan_next = fotg210->async->qh_next.qh;
3212 	while (fotg210->qh_scan_next) {
3213 		qh = fotg210->qh_scan_next;
3214 		fotg210->qh_scan_next = qh->qh_next.qh;
3215 rescan:
3216 		/* clean any finished work for this qh */
3217 		if (!list_empty(&qh->qtd_list)) {
3218 			int temp;
3219 
3220 			/*
3221 			 * Unlinks could happen here; completion reporting
3222 			 * drops the lock.  That's why fotg210->qh_scan_next
3223 			 * always holds the next qh to scan; if the next qh
3224 			 * gets unlinked then fotg210->qh_scan_next is adjusted
3225 			 * in single_unlink_async().
3226 			 */
3227 			temp = qh_completions(fotg210, qh);
3228 			if (qh->needs_rescan) {
3229 				start_unlink_async(fotg210, qh);
3230 			} else if (list_empty(&qh->qtd_list)
3231 					&& qh->qh_state == QH_STATE_LINKED) {
3232 				qh->unlink_cycle = fotg210->async_unlink_cycle;
3233 				check_unlinks_later = true;
3234 			} else if (temp != 0)
3235 				goto rescan;
3236 		}
3237 	}
3238 
3239 	/*
3240 	 * Unlink empty entries, reducing DMA usage as well
3241 	 * as HCD schedule-scanning costs.  Delay for any qh
3242 	 * we just scanned, there's a not-unusual case that it
3243 	 * doesn't stay idle for long.
3244 	 */
3245 	if (check_unlinks_later && fotg210->rh_state == FOTG210_RH_RUNNING &&
3246 			!(fotg210->enabled_hrtimer_events &
3247 			BIT(FOTG210_HRTIMER_ASYNC_UNLINKS))) {
3248 		fotg210_enable_event(fotg210,
3249 				FOTG210_HRTIMER_ASYNC_UNLINKS, true);
3250 		++fotg210->async_unlink_cycle;
3251 	}
3252 }
3253 /* EHCI scheduled transaction support:  interrupt, iso, split iso
3254  * These are called "periodic" transactions in the EHCI spec.
3255  *
3256  * Note that for interrupt transfers, the QH/QTD manipulation is shared
3257  * with the "asynchronous" transaction support (control/bulk transfers).
3258  * The only real difference is in how interrupt transfers are scheduled.
3259  *
3260  * For ISO, we make an "iso_stream" head to serve the same role as a QH.
3261  * It keeps track of every ITD (or SITD) that's linked, and holds enough
3262  * pre-calculated schedule data to make appending to the queue be quick.
3263  */
3264 static int fotg210_get_frame(struct usb_hcd *hcd);
3265 
3266 /* periodic_next_shadow - return "next" pointer on shadow list
3267  * @periodic: host pointer to qh/itd
3268  * @tag: hardware tag for type of this record
3269  */
3270 static union fotg210_shadow *periodic_next_shadow(struct fotg210_hcd *fotg210,
3271 		union fotg210_shadow *periodic, __hc32 tag)
3272 {
3273 	switch (hc32_to_cpu(fotg210, tag)) {
3274 	case Q_TYPE_QH:
3275 		return &periodic->qh->qh_next;
3276 	case Q_TYPE_FSTN:
3277 		return &periodic->fstn->fstn_next;
3278 	default:
3279 		return &periodic->itd->itd_next;
3280 	}
3281 }
3282 
3283 static __hc32 *shadow_next_periodic(struct fotg210_hcd *fotg210,
3284 		union fotg210_shadow *periodic, __hc32 tag)
3285 {
3286 	switch (hc32_to_cpu(fotg210, tag)) {
3287 	/* our fotg210_shadow.qh is actually software part */
3288 	case Q_TYPE_QH:
3289 		return &periodic->qh->hw->hw_next;
3290 	/* others are hw parts */
3291 	default:
3292 		return periodic->hw_next;
3293 	}
3294 }
3295 
3296 /* caller must hold fotg210->lock */
3297 static void periodic_unlink(struct fotg210_hcd *fotg210, unsigned frame,
3298 		void *ptr)
3299 {
3300 	union fotg210_shadow *prev_p = &fotg210->pshadow[frame];
3301 	__hc32 *hw_p = &fotg210->periodic[frame];
3302 	union fotg210_shadow here = *prev_p;
3303 
3304 	/* find predecessor of "ptr"; hw and shadow lists are in sync */
3305 	while (here.ptr && here.ptr != ptr) {
3306 		prev_p = periodic_next_shadow(fotg210, prev_p,
3307 				Q_NEXT_TYPE(fotg210, *hw_p));
3308 		hw_p = shadow_next_periodic(fotg210, &here,
3309 				Q_NEXT_TYPE(fotg210, *hw_p));
3310 		here = *prev_p;
3311 	}
3312 	/* an interrupt entry (at list end) could have been shared */
3313 	if (!here.ptr)
3314 		return;
3315 
3316 	/* update shadow and hardware lists ... the old "next" pointers
3317 	 * from ptr may still be in use, the caller updates them.
3318 	 */
3319 	*prev_p = *periodic_next_shadow(fotg210, &here,
3320 			Q_NEXT_TYPE(fotg210, *hw_p));
3321 
3322 	*hw_p = *shadow_next_periodic(fotg210, &here,
3323 			Q_NEXT_TYPE(fotg210, *hw_p));
3324 }
3325 
3326 /* how many of the uframe's 125 usecs are allocated? */
3327 static unsigned short periodic_usecs(struct fotg210_hcd *fotg210,
3328 		unsigned frame, unsigned uframe)
3329 {
3330 	__hc32 *hw_p = &fotg210->periodic[frame];
3331 	union fotg210_shadow *q = &fotg210->pshadow[frame];
3332 	unsigned usecs = 0;
3333 	struct fotg210_qh_hw *hw;
3334 
3335 	while (q->ptr) {
3336 		switch (hc32_to_cpu(fotg210, Q_NEXT_TYPE(fotg210, *hw_p))) {
3337 		case Q_TYPE_QH:
3338 			hw = q->qh->hw;
3339 			/* is it in the S-mask? */
3340 			if (hw->hw_info2 & cpu_to_hc32(fotg210, 1 << uframe))
3341 				usecs += q->qh->usecs;
3342 			/* ... or C-mask? */
3343 			if (hw->hw_info2 & cpu_to_hc32(fotg210,
3344 					1 << (8 + uframe)))
3345 				usecs += q->qh->c_usecs;
3346 			hw_p = &hw->hw_next;
3347 			q = &q->qh->qh_next;
3348 			break;
3349 		/* case Q_TYPE_FSTN: */
3350 		default:
3351 			/* for "save place" FSTNs, count the relevant INTR
3352 			 * bandwidth from the previous frame
3353 			 */
3354 			if (q->fstn->hw_prev != FOTG210_LIST_END(fotg210))
3355 				fotg210_dbg(fotg210, "ignoring FSTN cost ...\n");
3356 
3357 			hw_p = &q->fstn->hw_next;
3358 			q = &q->fstn->fstn_next;
3359 			break;
3360 		case Q_TYPE_ITD:
3361 			if (q->itd->hw_transaction[uframe])
3362 				usecs += q->itd->stream->usecs;
3363 			hw_p = &q->itd->hw_next;
3364 			q = &q->itd->itd_next;
3365 			break;
3366 		}
3367 	}
3368 	if (usecs > fotg210->uframe_periodic_max)
3369 		fotg210_err(fotg210, "uframe %d sched overrun: %d usecs\n",
3370 				frame * 8 + uframe, usecs);
3371 	return usecs;
3372 }
3373 
3374 static int same_tt(struct usb_device *dev1, struct usb_device *dev2)
3375 {
3376 	if (!dev1->tt || !dev2->tt)
3377 		return 0;
3378 	if (dev1->tt != dev2->tt)
3379 		return 0;
3380 	if (dev1->tt->multi)
3381 		return dev1->ttport == dev2->ttport;
3382 	else
3383 		return 1;
3384 }
3385 
3386 /* return true iff the device's transaction translator is available
3387  * for a periodic transfer starting at the specified frame, using
3388  * all the uframes in the mask.
3389  */
3390 static int tt_no_collision(struct fotg210_hcd *fotg210, unsigned period,
3391 		struct usb_device *dev, unsigned frame, u32 uf_mask)
3392 {
3393 	if (period == 0)	/* error */
3394 		return 0;
3395 
3396 	/* note bandwidth wastage:  split never follows csplit
3397 	 * (different dev or endpoint) until the next uframe.
3398 	 * calling convention doesn't make that distinction.
3399 	 */
3400 	for (; frame < fotg210->periodic_size; frame += period) {
3401 		union fotg210_shadow here;
3402 		__hc32 type;
3403 		struct fotg210_qh_hw *hw;
3404 
3405 		here = fotg210->pshadow[frame];
3406 		type = Q_NEXT_TYPE(fotg210, fotg210->periodic[frame]);
3407 		while (here.ptr) {
3408 			switch (hc32_to_cpu(fotg210, type)) {
3409 			case Q_TYPE_ITD:
3410 				type = Q_NEXT_TYPE(fotg210, here.itd->hw_next);
3411 				here = here.itd->itd_next;
3412 				continue;
3413 			case Q_TYPE_QH:
3414 				hw = here.qh->hw;
3415 				if (same_tt(dev, here.qh->dev)) {
3416 					u32 mask;
3417 
3418 					mask = hc32_to_cpu(fotg210,
3419 							hw->hw_info2);
3420 					/* "knows" no gap is needed */
3421 					mask |= mask >> 8;
3422 					if (mask & uf_mask)
3423 						break;
3424 				}
3425 				type = Q_NEXT_TYPE(fotg210, hw->hw_next);
3426 				here = here.qh->qh_next;
3427 				continue;
3428 			/* case Q_TYPE_FSTN: */
3429 			default:
3430 				fotg210_dbg(fotg210,
3431 						"periodic frame %d bogus type %d\n",
3432 						frame, type);
3433 			}
3434 
3435 			/* collision or error */
3436 			return 0;
3437 		}
3438 	}
3439 
3440 	/* no collision */
3441 	return 1;
3442 }
3443 
3444 static void enable_periodic(struct fotg210_hcd *fotg210)
3445 {
3446 	if (fotg210->periodic_count++)
3447 		return;
3448 
3449 	/* Stop waiting to turn off the periodic schedule */
3450 	fotg210->enabled_hrtimer_events &=
3451 		~BIT(FOTG210_HRTIMER_DISABLE_PERIODIC);
3452 
3453 	/* Don't start the schedule until PSS is 0 */
3454 	fotg210_poll_PSS(fotg210);
3455 	turn_on_io_watchdog(fotg210);
3456 }
3457 
3458 static void disable_periodic(struct fotg210_hcd *fotg210)
3459 {
3460 	if (--fotg210->periodic_count)
3461 		return;
3462 
3463 	/* Don't turn off the schedule until PSS is 1 */
3464 	fotg210_poll_PSS(fotg210);
3465 }
3466 
3467 /* periodic schedule slots have iso tds (normal or split) first, then a
3468  * sparse tree for active interrupt transfers.
3469  *
3470  * this just links in a qh; caller guarantees uframe masks are set right.
3471  * no FSTN support (yet; fotg210 0.96+)
3472  */
3473 static void qh_link_periodic(struct fotg210_hcd *fotg210, struct fotg210_qh *qh)
3474 {
3475 	unsigned i;
3476 	unsigned period = qh->period;
3477 
3478 	dev_dbg(&qh->dev->dev,
3479 			"link qh%d-%04x/%p start %d [%d/%d us]\n", period,
3480 			hc32_to_cpup(fotg210, &qh->hw->hw_info2) &
3481 			(QH_CMASK | QH_SMASK), qh, qh->start, qh->usecs,
3482 			qh->c_usecs);
3483 
3484 	/* high bandwidth, or otherwise every microframe */
3485 	if (period == 0)
3486 		period = 1;
3487 
3488 	for (i = qh->start; i < fotg210->periodic_size; i += period) {
3489 		union fotg210_shadow *prev = &fotg210->pshadow[i];
3490 		__hc32 *hw_p = &fotg210->periodic[i];
3491 		union fotg210_shadow here = *prev;
3492 		__hc32 type = 0;
3493 
3494 		/* skip the iso nodes at list head */
3495 		while (here.ptr) {
3496 			type = Q_NEXT_TYPE(fotg210, *hw_p);
3497 			if (type == cpu_to_hc32(fotg210, Q_TYPE_QH))
3498 				break;
3499 			prev = periodic_next_shadow(fotg210, prev, type);
3500 			hw_p = shadow_next_periodic(fotg210, &here, type);
3501 			here = *prev;
3502 		}
3503 
3504 		/* sorting each branch by period (slow-->fast)
3505 		 * enables sharing interior tree nodes
3506 		 */
3507 		while (here.ptr && qh != here.qh) {
3508 			if (qh->period > here.qh->period)
3509 				break;
3510 			prev = &here.qh->qh_next;
3511 			hw_p = &here.qh->hw->hw_next;
3512 			here = *prev;
3513 		}
3514 		/* link in this qh, unless some earlier pass did that */
3515 		if (qh != here.qh) {
3516 			qh->qh_next = here;
3517 			if (here.qh)
3518 				qh->hw->hw_next = *hw_p;
3519 			wmb();
3520 			prev->qh = qh;
3521 			*hw_p = QH_NEXT(fotg210, qh->qh_dma);
3522 		}
3523 	}
3524 	qh->qh_state = QH_STATE_LINKED;
3525 	qh->xacterrs = 0;
3526 
3527 	/* update per-qh bandwidth for usbfs */
3528 	fotg210_to_hcd(fotg210)->self.bandwidth_allocated += qh->period
3529 		? ((qh->usecs + qh->c_usecs) / qh->period)
3530 		: (qh->usecs * 8);
3531 
3532 	list_add(&qh->intr_node, &fotg210->intr_qh_list);
3533 
3534 	/* maybe enable periodic schedule processing */
3535 	++fotg210->intr_count;
3536 	enable_periodic(fotg210);
3537 }
3538 
3539 static void qh_unlink_periodic(struct fotg210_hcd *fotg210,
3540 		struct fotg210_qh *qh)
3541 {
3542 	unsigned i;
3543 	unsigned period;
3544 
3545 	/*
3546 	 * If qh is for a low/full-speed device, simply unlinking it
3547 	 * could interfere with an ongoing split transaction.  To unlink
3548 	 * it safely would require setting the QH_INACTIVATE bit and
3549 	 * waiting at least one frame, as described in EHCI 4.12.2.5.
3550 	 *
3551 	 * We won't bother with any of this.  Instead, we assume that the
3552 	 * only reason for unlinking an interrupt QH while the current URB
3553 	 * is still active is to dequeue all the URBs (flush the whole
3554 	 * endpoint queue).
3555 	 *
3556 	 * If rebalancing the periodic schedule is ever implemented, this
3557 	 * approach will no longer be valid.
3558 	 */
3559 
3560 	/* high bandwidth, or otherwise part of every microframe */
3561 	period = qh->period;
3562 	if (!period)
3563 		period = 1;
3564 
3565 	for (i = qh->start; i < fotg210->periodic_size; i += period)
3566 		periodic_unlink(fotg210, i, qh);
3567 
3568 	/* update per-qh bandwidth for usbfs */
3569 	fotg210_to_hcd(fotg210)->self.bandwidth_allocated -= qh->period
3570 		? ((qh->usecs + qh->c_usecs) / qh->period)
3571 		: (qh->usecs * 8);
3572 
3573 	dev_dbg(&qh->dev->dev,
3574 			"unlink qh%d-%04x/%p start %d [%d/%d us]\n",
3575 			qh->period, hc32_to_cpup(fotg210, &qh->hw->hw_info2) &
3576 			(QH_CMASK | QH_SMASK), qh, qh->start, qh->usecs,
3577 			qh->c_usecs);
3578 
3579 	/* qh->qh_next still "live" to HC */
3580 	qh->qh_state = QH_STATE_UNLINK;
3581 	qh->qh_next.ptr = NULL;
3582 
3583 	if (fotg210->qh_scan_next == qh)
3584 		fotg210->qh_scan_next = list_entry(qh->intr_node.next,
3585 				struct fotg210_qh, intr_node);
3586 	list_del(&qh->intr_node);
3587 }
3588 
3589 static void start_unlink_intr(struct fotg210_hcd *fotg210,
3590 		struct fotg210_qh *qh)
3591 {
3592 	/* If the QH isn't linked then there's nothing we can do
3593 	 * unless we were called during a giveback, in which case
3594 	 * qh_completions() has to deal with it.
3595 	 */
3596 	if (qh->qh_state != QH_STATE_LINKED) {
3597 		if (qh->qh_state == QH_STATE_COMPLETING)
3598 			qh->needs_rescan = 1;
3599 		return;
3600 	}
3601 
3602 	qh_unlink_periodic(fotg210, qh);
3603 
3604 	/* Make sure the unlinks are visible before starting the timer */
3605 	wmb();
3606 
3607 	/*
3608 	 * The EHCI spec doesn't say how long it takes the controller to
3609 	 * stop accessing an unlinked interrupt QH.  The timer delay is
3610 	 * 9 uframes; presumably that will be long enough.
3611 	 */
3612 	qh->unlink_cycle = fotg210->intr_unlink_cycle;
3613 
3614 	/* New entries go at the end of the intr_unlink list */
3615 	if (fotg210->intr_unlink)
3616 		fotg210->intr_unlink_last->unlink_next = qh;
3617 	else
3618 		fotg210->intr_unlink = qh;
3619 	fotg210->intr_unlink_last = qh;
3620 
3621 	if (fotg210->intr_unlinking)
3622 		;	/* Avoid recursive calls */
3623 	else if (fotg210->rh_state < FOTG210_RH_RUNNING)
3624 		fotg210_handle_intr_unlinks(fotg210);
3625 	else if (fotg210->intr_unlink == qh) {
3626 		fotg210_enable_event(fotg210, FOTG210_HRTIMER_UNLINK_INTR,
3627 				true);
3628 		++fotg210->intr_unlink_cycle;
3629 	}
3630 }
3631 
3632 static void end_unlink_intr(struct fotg210_hcd *fotg210, struct fotg210_qh *qh)
3633 {
3634 	struct fotg210_qh_hw *hw = qh->hw;
3635 	int rc;
3636 
3637 	qh->qh_state = QH_STATE_IDLE;
3638 	hw->hw_next = FOTG210_LIST_END(fotg210);
3639 
3640 	qh_completions(fotg210, qh);
3641 
3642 	/* reschedule QH iff another request is queued */
3643 	if (!list_empty(&qh->qtd_list) &&
3644 			fotg210->rh_state == FOTG210_RH_RUNNING) {
3645 		rc = qh_schedule(fotg210, qh);
3646 
3647 		/* An error here likely indicates handshake failure
3648 		 * or no space left in the schedule.  Neither fault
3649 		 * should happen often ...
3650 		 *
3651 		 * FIXME kill the now-dysfunctional queued urbs
3652 		 */
3653 		if (rc != 0)
3654 			fotg210_err(fotg210, "can't reschedule qh %p, err %d\n",
3655 					qh, rc);
3656 	}
3657 
3658 	/* maybe turn off periodic schedule */
3659 	--fotg210->intr_count;
3660 	disable_periodic(fotg210);
3661 }
3662 
3663 static int check_period(struct fotg210_hcd *fotg210, unsigned frame,
3664 		unsigned uframe, unsigned period, unsigned usecs)
3665 {
3666 	int claimed;
3667 
3668 	/* complete split running into next frame?
3669 	 * given FSTN support, we could sometimes check...
3670 	 */
3671 	if (uframe >= 8)
3672 		return 0;
3673 
3674 	/* convert "usecs we need" to "max already claimed" */
3675 	usecs = fotg210->uframe_periodic_max - usecs;
3676 
3677 	/* we "know" 2 and 4 uframe intervals were rejected; so
3678 	 * for period 0, check _every_ microframe in the schedule.
3679 	 */
3680 	if (unlikely(period == 0)) {
3681 		do {
3682 			for (uframe = 0; uframe < 7; uframe++) {
3683 				claimed = periodic_usecs(fotg210, frame,
3684 						uframe);
3685 				if (claimed > usecs)
3686 					return 0;
3687 			}
3688 		} while ((frame += 1) < fotg210->periodic_size);
3689 
3690 	/* just check the specified uframe, at that period */
3691 	} else {
3692 		do {
3693 			claimed = periodic_usecs(fotg210, frame, uframe);
3694 			if (claimed > usecs)
3695 				return 0;
3696 		} while ((frame += period) < fotg210->periodic_size);
3697 	}
3698 
3699 	/* success! */
3700 	return 1;
3701 }
3702 
3703 static int check_intr_schedule(struct fotg210_hcd *fotg210, unsigned frame,
3704 		unsigned uframe, const struct fotg210_qh *qh, __hc32 *c_maskp)
3705 {
3706 	int retval = -ENOSPC;
3707 	u8 mask = 0;
3708 
3709 	if (qh->c_usecs && uframe >= 6)		/* FSTN territory? */
3710 		goto done;
3711 
3712 	if (!check_period(fotg210, frame, uframe, qh->period, qh->usecs))
3713 		goto done;
3714 	if (!qh->c_usecs) {
3715 		retval = 0;
3716 		*c_maskp = 0;
3717 		goto done;
3718 	}
3719 
3720 	/* Make sure this tt's buffer is also available for CSPLITs.
3721 	 * We pessimize a bit; probably the typical full speed case
3722 	 * doesn't need the second CSPLIT.
3723 	 *
3724 	 * NOTE:  both SPLIT and CSPLIT could be checked in just
3725 	 * one smart pass...
3726 	 */
3727 	mask = 0x03 << (uframe + qh->gap_uf);
3728 	*c_maskp = cpu_to_hc32(fotg210, mask << 8);
3729 
3730 	mask |= 1 << uframe;
3731 	if (tt_no_collision(fotg210, qh->period, qh->dev, frame, mask)) {
3732 		if (!check_period(fotg210, frame, uframe + qh->gap_uf + 1,
3733 				qh->period, qh->c_usecs))
3734 			goto done;
3735 		if (!check_period(fotg210, frame, uframe + qh->gap_uf,
3736 				qh->period, qh->c_usecs))
3737 			goto done;
3738 		retval = 0;
3739 	}
3740 done:
3741 	return retval;
3742 }
3743 
3744 /* "first fit" scheduling policy used the first time through,
3745  * or when the previous schedule slot can't be re-used.
3746  */
3747 static int qh_schedule(struct fotg210_hcd *fotg210, struct fotg210_qh *qh)
3748 {
3749 	int status;
3750 	unsigned uframe;
3751 	__hc32 c_mask;
3752 	unsigned frame;	/* 0..(qh->period - 1), or NO_FRAME */
3753 	struct fotg210_qh_hw *hw = qh->hw;
3754 
3755 	qh_refresh(fotg210, qh);
3756 	hw->hw_next = FOTG210_LIST_END(fotg210);
3757 	frame = qh->start;
3758 
3759 	/* reuse the previous schedule slots, if we can */
3760 	if (frame < qh->period) {
3761 		uframe = ffs(hc32_to_cpup(fotg210, &hw->hw_info2) & QH_SMASK);
3762 		status = check_intr_schedule(fotg210, frame, --uframe,
3763 				qh, &c_mask);
3764 	} else {
3765 		uframe = 0;
3766 		c_mask = 0;
3767 		status = -ENOSPC;
3768 	}
3769 
3770 	/* else scan the schedule to find a group of slots such that all
3771 	 * uframes have enough periodic bandwidth available.
3772 	 */
3773 	if (status) {
3774 		/* "normal" case, uframing flexible except with splits */
3775 		if (qh->period) {
3776 			int i;
3777 
3778 			for (i = qh->period; status && i > 0; --i) {
3779 				frame = ++fotg210->random_frame % qh->period;
3780 				for (uframe = 0; uframe < 8; uframe++) {
3781 					status = check_intr_schedule(fotg210,
3782 							frame, uframe, qh,
3783 							&c_mask);
3784 					if (status == 0)
3785 						break;
3786 				}
3787 			}
3788 
3789 		/* qh->period == 0 means every uframe */
3790 		} else {
3791 			frame = 0;
3792 			status = check_intr_schedule(fotg210, 0, 0, qh,
3793 					&c_mask);
3794 		}
3795 		if (status)
3796 			goto done;
3797 		qh->start = frame;
3798 
3799 		/* reset S-frame and (maybe) C-frame masks */
3800 		hw->hw_info2 &= cpu_to_hc32(fotg210, ~(QH_CMASK | QH_SMASK));
3801 		hw->hw_info2 |= qh->period
3802 			? cpu_to_hc32(fotg210, 1 << uframe)
3803 			: cpu_to_hc32(fotg210, QH_SMASK);
3804 		hw->hw_info2 |= c_mask;
3805 	} else
3806 		fotg210_dbg(fotg210, "reused qh %p schedule\n", qh);
3807 
3808 	/* stuff into the periodic schedule */
3809 	qh_link_periodic(fotg210, qh);
3810 done:
3811 	return status;
3812 }
3813 
3814 static int intr_submit(struct fotg210_hcd *fotg210, struct urb *urb,
3815 		struct list_head *qtd_list, gfp_t mem_flags)
3816 {
3817 	unsigned epnum;
3818 	unsigned long flags;
3819 	struct fotg210_qh *qh;
3820 	int status;
3821 	struct list_head empty;
3822 
3823 	/* get endpoint and transfer/schedule data */
3824 	epnum = urb->ep->desc.bEndpointAddress;
3825 
3826 	spin_lock_irqsave(&fotg210->lock, flags);
3827 
3828 	if (unlikely(!HCD_HW_ACCESSIBLE(fotg210_to_hcd(fotg210)))) {
3829 		status = -ESHUTDOWN;
3830 		goto done_not_linked;
3831 	}
3832 	status = usb_hcd_link_urb_to_ep(fotg210_to_hcd(fotg210), urb);
3833 	if (unlikely(status))
3834 		goto done_not_linked;
3835 
3836 	/* get qh and force any scheduling errors */
3837 	INIT_LIST_HEAD(&empty);
3838 	qh = qh_append_tds(fotg210, urb, &empty, epnum, &urb->ep->hcpriv);
3839 	if (qh == NULL) {
3840 		status = -ENOMEM;
3841 		goto done;
3842 	}
3843 	if (qh->qh_state == QH_STATE_IDLE) {
3844 		status = qh_schedule(fotg210, qh);
3845 		if (status)
3846 			goto done;
3847 	}
3848 
3849 	/* then queue the urb's tds to the qh */
3850 	qh = qh_append_tds(fotg210, urb, qtd_list, epnum, &urb->ep->hcpriv);
3851 	BUG_ON(qh == NULL);
3852 
3853 	/* ... update usbfs periodic stats */
3854 	fotg210_to_hcd(fotg210)->self.bandwidth_int_reqs++;
3855 
3856 done:
3857 	if (unlikely(status))
3858 		usb_hcd_unlink_urb_from_ep(fotg210_to_hcd(fotg210), urb);
3859 done_not_linked:
3860 	spin_unlock_irqrestore(&fotg210->lock, flags);
3861 	if (status)
3862 		qtd_list_free(fotg210, urb, qtd_list);
3863 
3864 	return status;
3865 }
3866 
3867 static void scan_intr(struct fotg210_hcd *fotg210)
3868 {
3869 	struct fotg210_qh *qh;
3870 
3871 	list_for_each_entry_safe(qh, fotg210->qh_scan_next,
3872 			&fotg210->intr_qh_list, intr_node) {
3873 rescan:
3874 		/* clean any finished work for this qh */
3875 		if (!list_empty(&qh->qtd_list)) {
3876 			int temp;
3877 
3878 			/*
3879 			 * Unlinks could happen here; completion reporting
3880 			 * drops the lock.  That's why fotg210->qh_scan_next
3881 			 * always holds the next qh to scan; if the next qh
3882 			 * gets unlinked then fotg210->qh_scan_next is adjusted
3883 			 * in qh_unlink_periodic().
3884 			 */
3885 			temp = qh_completions(fotg210, qh);
3886 			if (unlikely(qh->needs_rescan ||
3887 					(list_empty(&qh->qtd_list) &&
3888 					qh->qh_state == QH_STATE_LINKED)))
3889 				start_unlink_intr(fotg210, qh);
3890 			else if (temp != 0)
3891 				goto rescan;
3892 		}
3893 	}
3894 }
3895 
3896 /* fotg210_iso_stream ops work with both ITD and SITD */
3897 
3898 static struct fotg210_iso_stream *iso_stream_alloc(gfp_t mem_flags)
3899 {
3900 	struct fotg210_iso_stream *stream;
3901 
3902 	stream = kzalloc(sizeof(*stream), mem_flags);
3903 	if (likely(stream != NULL)) {
3904 		INIT_LIST_HEAD(&stream->td_list);
3905 		INIT_LIST_HEAD(&stream->free_list);
3906 		stream->next_uframe = -1;
3907 	}
3908 	return stream;
3909 }
3910 
3911 static void iso_stream_init(struct fotg210_hcd *fotg210,
3912 		struct fotg210_iso_stream *stream, struct usb_device *dev,
3913 		int pipe, unsigned interval)
3914 {
3915 	u32 buf1;
3916 	unsigned epnum, maxp;
3917 	int is_input;
3918 	long bandwidth;
3919 	unsigned multi;
3920 	struct usb_host_endpoint *ep;
3921 
3922 	/*
3923 	 * this might be a "high bandwidth" highspeed endpoint,
3924 	 * as encoded in the ep descriptor's wMaxPacket field
3925 	 */
3926 	epnum = usb_pipeendpoint(pipe);
3927 	is_input = usb_pipein(pipe) ? USB_DIR_IN : 0;
3928 	ep = usb_pipe_endpoint(dev, pipe);
3929 	maxp = usb_endpoint_maxp(&ep->desc);
3930 	if (is_input)
3931 		buf1 = (1 << 11);
3932 	else
3933 		buf1 = 0;
3934 
3935 	multi = usb_endpoint_maxp_mult(&ep->desc);
3936 	buf1 |= maxp;
3937 	maxp *= multi;
3938 
3939 	stream->buf0 = cpu_to_hc32(fotg210, (epnum << 8) | dev->devnum);
3940 	stream->buf1 = cpu_to_hc32(fotg210, buf1);
3941 	stream->buf2 = cpu_to_hc32(fotg210, multi);
3942 
3943 	/* usbfs wants to report the average usecs per frame tied up
3944 	 * when transfers on this endpoint are scheduled ...
3945 	 */
3946 	if (dev->speed == USB_SPEED_FULL) {
3947 		interval <<= 3;
3948 		stream->usecs = NS_TO_US(usb_calc_bus_time(dev->speed,
3949 				is_input, 1, maxp));
3950 		stream->usecs /= 8;
3951 	} else {
3952 		stream->highspeed = 1;
3953 		stream->usecs = HS_USECS_ISO(maxp);
3954 	}
3955 	bandwidth = stream->usecs * 8;
3956 	bandwidth /= interval;
3957 
3958 	stream->bandwidth = bandwidth;
3959 	stream->udev = dev;
3960 	stream->bEndpointAddress = is_input | epnum;
3961 	stream->interval = interval;
3962 	stream->maxp = maxp;
3963 }
3964 
3965 static struct fotg210_iso_stream *iso_stream_find(struct fotg210_hcd *fotg210,
3966 		struct urb *urb)
3967 {
3968 	unsigned epnum;
3969 	struct fotg210_iso_stream *stream;
3970 	struct usb_host_endpoint *ep;
3971 	unsigned long flags;
3972 
3973 	epnum = usb_pipeendpoint(urb->pipe);
3974 	if (usb_pipein(urb->pipe))
3975 		ep = urb->dev->ep_in[epnum];
3976 	else
3977 		ep = urb->dev->ep_out[epnum];
3978 
3979 	spin_lock_irqsave(&fotg210->lock, flags);
3980 	stream = ep->hcpriv;
3981 
3982 	if (unlikely(stream == NULL)) {
3983 		stream = iso_stream_alloc(GFP_ATOMIC);
3984 		if (likely(stream != NULL)) {
3985 			ep->hcpriv = stream;
3986 			stream->ep = ep;
3987 			iso_stream_init(fotg210, stream, urb->dev, urb->pipe,
3988 					urb->interval);
3989 		}
3990 
3991 	/* if dev->ep[epnum] is a QH, hw is set */
3992 	} else if (unlikely(stream->hw != NULL)) {
3993 		fotg210_dbg(fotg210, "dev %s ep%d%s, not iso??\n",
3994 				urb->dev->devpath, epnum,
3995 				usb_pipein(urb->pipe) ? "in" : "out");
3996 		stream = NULL;
3997 	}
3998 
3999 	spin_unlock_irqrestore(&fotg210->lock, flags);
4000 	return stream;
4001 }
4002 
4003 /* fotg210_iso_sched ops can be ITD-only or SITD-only */
4004 
4005 static struct fotg210_iso_sched *iso_sched_alloc(unsigned packets,
4006 		gfp_t mem_flags)
4007 {
4008 	struct fotg210_iso_sched *iso_sched;
4009 
4010 	iso_sched = kzalloc(struct_size(iso_sched, packet, packets), mem_flags);
4011 	if (likely(iso_sched != NULL))
4012 		INIT_LIST_HEAD(&iso_sched->td_list);
4013 
4014 	return iso_sched;
4015 }
4016 
4017 static inline void itd_sched_init(struct fotg210_hcd *fotg210,
4018 		struct fotg210_iso_sched *iso_sched,
4019 		struct fotg210_iso_stream *stream, struct urb *urb)
4020 {
4021 	unsigned i;
4022 	dma_addr_t dma = urb->transfer_dma;
4023 
4024 	/* how many uframes are needed for these transfers */
4025 	iso_sched->span = urb->number_of_packets * stream->interval;
4026 
4027 	/* figure out per-uframe itd fields that we'll need later
4028 	 * when we fit new itds into the schedule.
4029 	 */
4030 	for (i = 0; i < urb->number_of_packets; i++) {
4031 		struct fotg210_iso_packet *uframe = &iso_sched->packet[i];
4032 		unsigned length;
4033 		dma_addr_t buf;
4034 		u32 trans;
4035 
4036 		length = urb->iso_frame_desc[i].length;
4037 		buf = dma + urb->iso_frame_desc[i].offset;
4038 
4039 		trans = FOTG210_ISOC_ACTIVE;
4040 		trans |= buf & 0x0fff;
4041 		if (unlikely(((i + 1) == urb->number_of_packets))
4042 				&& !(urb->transfer_flags & URB_NO_INTERRUPT))
4043 			trans |= FOTG210_ITD_IOC;
4044 		trans |= length << 16;
4045 		uframe->transaction = cpu_to_hc32(fotg210, trans);
4046 
4047 		/* might need to cross a buffer page within a uframe */
4048 		uframe->bufp = (buf & ~(u64)0x0fff);
4049 		buf += length;
4050 		if (unlikely((uframe->bufp != (buf & ~(u64)0x0fff))))
4051 			uframe->cross = 1;
4052 	}
4053 }
4054 
4055 static void iso_sched_free(struct fotg210_iso_stream *stream,
4056 		struct fotg210_iso_sched *iso_sched)
4057 {
4058 	if (!iso_sched)
4059 		return;
4060 	/* caller must hold fotg210->lock!*/
4061 	list_splice(&iso_sched->td_list, &stream->free_list);
4062 	kfree(iso_sched);
4063 }
4064 
4065 static int itd_urb_transaction(struct fotg210_iso_stream *stream,
4066 		struct fotg210_hcd *fotg210, struct urb *urb, gfp_t mem_flags)
4067 {
4068 	struct fotg210_itd *itd;
4069 	dma_addr_t itd_dma;
4070 	int i;
4071 	unsigned num_itds;
4072 	struct fotg210_iso_sched *sched;
4073 	unsigned long flags;
4074 
4075 	sched = iso_sched_alloc(urb->number_of_packets, mem_flags);
4076 	if (unlikely(sched == NULL))
4077 		return -ENOMEM;
4078 
4079 	itd_sched_init(fotg210, sched, stream, urb);
4080 
4081 	if (urb->interval < 8)
4082 		num_itds = 1 + (sched->span + 7) / 8;
4083 	else
4084 		num_itds = urb->number_of_packets;
4085 
4086 	/* allocate/init ITDs */
4087 	spin_lock_irqsave(&fotg210->lock, flags);
4088 	for (i = 0; i < num_itds; i++) {
4089 
4090 		/*
4091 		 * Use iTDs from the free list, but not iTDs that may
4092 		 * still be in use by the hardware.
4093 		 */
4094 		if (likely(!list_empty(&stream->free_list))) {
4095 			itd = list_first_entry(&stream->free_list,
4096 					struct fotg210_itd, itd_list);
4097 			if (itd->frame == fotg210->now_frame)
4098 				goto alloc_itd;
4099 			list_del(&itd->itd_list);
4100 			itd_dma = itd->itd_dma;
4101 		} else {
4102 alloc_itd:
4103 			spin_unlock_irqrestore(&fotg210->lock, flags);
4104 			itd = dma_pool_alloc(fotg210->itd_pool, mem_flags,
4105 					&itd_dma);
4106 			spin_lock_irqsave(&fotg210->lock, flags);
4107 			if (!itd) {
4108 				iso_sched_free(stream, sched);
4109 				spin_unlock_irqrestore(&fotg210->lock, flags);
4110 				return -ENOMEM;
4111 			}
4112 		}
4113 
4114 		memset(itd, 0, sizeof(*itd));
4115 		itd->itd_dma = itd_dma;
4116 		list_add(&itd->itd_list, &sched->td_list);
4117 	}
4118 	spin_unlock_irqrestore(&fotg210->lock, flags);
4119 
4120 	/* temporarily store schedule info in hcpriv */
4121 	urb->hcpriv = sched;
4122 	urb->error_count = 0;
4123 	return 0;
4124 }
4125 
4126 static inline int itd_slot_ok(struct fotg210_hcd *fotg210, u32 mod, u32 uframe,
4127 		u8 usecs, u32 period)
4128 {
4129 	uframe %= period;
4130 	do {
4131 		/* can't commit more than uframe_periodic_max usec */
4132 		if (periodic_usecs(fotg210, uframe >> 3, uframe & 0x7)
4133 				> (fotg210->uframe_periodic_max - usecs))
4134 			return 0;
4135 
4136 		/* we know urb->interval is 2^N uframes */
4137 		uframe += period;
4138 	} while (uframe < mod);
4139 	return 1;
4140 }
4141 
4142 /* This scheduler plans almost as far into the future as it has actual
4143  * periodic schedule slots.  (Affected by TUNE_FLS, which defaults to
4144  * "as small as possible" to be cache-friendlier.)  That limits the size
4145  * transfers you can stream reliably; avoid more than 64 msec per urb.
4146  * Also avoid queue depths of less than fotg210's worst irq latency (affected
4147  * by the per-urb URB_NO_INTERRUPT hint, the log2_irq_thresh module parameter,
4148  * and other factors); or more than about 230 msec total (for portability,
4149  * given FOTG210_TUNE_FLS and the slop).  Or, write a smarter scheduler!
4150  */
4151 
4152 #define SCHEDULE_SLOP 80 /* microframes */
4153 
4154 static int iso_stream_schedule(struct fotg210_hcd *fotg210, struct urb *urb,
4155 		struct fotg210_iso_stream *stream)
4156 {
4157 	u32 now, next, start, period, span;
4158 	int status;
4159 	unsigned mod = fotg210->periodic_size << 3;
4160 	struct fotg210_iso_sched *sched = urb->hcpriv;
4161 
4162 	period = urb->interval;
4163 	span = sched->span;
4164 
4165 	if (span > mod - SCHEDULE_SLOP) {
4166 		fotg210_dbg(fotg210, "iso request %p too long\n", urb);
4167 		status = -EFBIG;
4168 		goto fail;
4169 	}
4170 
4171 	now = fotg210_read_frame_index(fotg210) & (mod - 1);
4172 
4173 	/* Typical case: reuse current schedule, stream is still active.
4174 	 * Hopefully there are no gaps from the host falling behind
4175 	 * (irq delays etc), but if there are we'll take the next
4176 	 * slot in the schedule, implicitly assuming URB_ISO_ASAP.
4177 	 */
4178 	if (likely(!list_empty(&stream->td_list))) {
4179 		u32 excess;
4180 
4181 		/* For high speed devices, allow scheduling within the
4182 		 * isochronous scheduling threshold.  For full speed devices
4183 		 * and Intel PCI-based controllers, don't (work around for
4184 		 * Intel ICH9 bug).
4185 		 */
4186 		if (!stream->highspeed && fotg210->fs_i_thresh)
4187 			next = now + fotg210->i_thresh;
4188 		else
4189 			next = now;
4190 
4191 		/* Fell behind (by up to twice the slop amount)?
4192 		 * We decide based on the time of the last currently-scheduled
4193 		 * slot, not the time of the next available slot.
4194 		 */
4195 		excess = (stream->next_uframe - period - next) & (mod - 1);
4196 		if (excess >= mod - 2 * SCHEDULE_SLOP)
4197 			start = next + excess - mod + period *
4198 					DIV_ROUND_UP(mod - excess, period);
4199 		else
4200 			start = next + excess + period;
4201 		if (start - now >= mod) {
4202 			fotg210_dbg(fotg210, "request %p would overflow (%d+%d >= %d)\n",
4203 					urb, start - now - period, period,
4204 					mod);
4205 			status = -EFBIG;
4206 			goto fail;
4207 		}
4208 	}
4209 
4210 	/* need to schedule; when's the next (u)frame we could start?
4211 	 * this is bigger than fotg210->i_thresh allows; scheduling itself
4212 	 * isn't free, the slop should handle reasonably slow cpus.  it
4213 	 * can also help high bandwidth if the dma and irq loads don't
4214 	 * jump until after the queue is primed.
4215 	 */
4216 	else {
4217 		int done = 0;
4218 
4219 		start = SCHEDULE_SLOP + (now & ~0x07);
4220 
4221 		/* NOTE:  assumes URB_ISO_ASAP, to limit complexity/bugs */
4222 
4223 		/* find a uframe slot with enough bandwidth.
4224 		 * Early uframes are more precious because full-speed
4225 		 * iso IN transfers can't use late uframes,
4226 		 * and therefore they should be allocated last.
4227 		 */
4228 		next = start;
4229 		start += period;
4230 		do {
4231 			start--;
4232 			/* check schedule: enough space? */
4233 			if (itd_slot_ok(fotg210, mod, start,
4234 					stream->usecs, period))
4235 				done = 1;
4236 		} while (start > next && !done);
4237 
4238 		/* no room in the schedule */
4239 		if (!done) {
4240 			fotg210_dbg(fotg210, "iso resched full %p (now %d max %d)\n",
4241 					urb, now, now + mod);
4242 			status = -ENOSPC;
4243 			goto fail;
4244 		}
4245 	}
4246 
4247 	/* Tried to schedule too far into the future? */
4248 	if (unlikely(start - now + span - period >=
4249 			mod - 2 * SCHEDULE_SLOP)) {
4250 		fotg210_dbg(fotg210, "request %p would overflow (%d+%d >= %d)\n",
4251 				urb, start - now, span - period,
4252 				mod - 2 * SCHEDULE_SLOP);
4253 		status = -EFBIG;
4254 		goto fail;
4255 	}
4256 
4257 	stream->next_uframe = start & (mod - 1);
4258 
4259 	/* report high speed start in uframes; full speed, in frames */
4260 	urb->start_frame = stream->next_uframe;
4261 	if (!stream->highspeed)
4262 		urb->start_frame >>= 3;
4263 
4264 	/* Make sure scan_isoc() sees these */
4265 	if (fotg210->isoc_count == 0)
4266 		fotg210->next_frame = now >> 3;
4267 	return 0;
4268 
4269 fail:
4270 	iso_sched_free(stream, sched);
4271 	urb->hcpriv = NULL;
4272 	return status;
4273 }
4274 
4275 static inline void itd_init(struct fotg210_hcd *fotg210,
4276 		struct fotg210_iso_stream *stream, struct fotg210_itd *itd)
4277 {
4278 	int i;
4279 
4280 	/* it's been recently zeroed */
4281 	itd->hw_next = FOTG210_LIST_END(fotg210);
4282 	itd->hw_bufp[0] = stream->buf0;
4283 	itd->hw_bufp[1] = stream->buf1;
4284 	itd->hw_bufp[2] = stream->buf2;
4285 
4286 	for (i = 0; i < 8; i++)
4287 		itd->index[i] = -1;
4288 
4289 	/* All other fields are filled when scheduling */
4290 }
4291 
4292 static inline void itd_patch(struct fotg210_hcd *fotg210,
4293 		struct fotg210_itd *itd, struct fotg210_iso_sched *iso_sched,
4294 		unsigned index, u16 uframe)
4295 {
4296 	struct fotg210_iso_packet *uf = &iso_sched->packet[index];
4297 	unsigned pg = itd->pg;
4298 
4299 	uframe &= 0x07;
4300 	itd->index[uframe] = index;
4301 
4302 	itd->hw_transaction[uframe] = uf->transaction;
4303 	itd->hw_transaction[uframe] |= cpu_to_hc32(fotg210, pg << 12);
4304 	itd->hw_bufp[pg] |= cpu_to_hc32(fotg210, uf->bufp & ~(u32)0);
4305 	itd->hw_bufp_hi[pg] |= cpu_to_hc32(fotg210, (u32)(uf->bufp >> 32));
4306 
4307 	/* iso_frame_desc[].offset must be strictly increasing */
4308 	if (unlikely(uf->cross)) {
4309 		u64 bufp = uf->bufp + 4096;
4310 
4311 		itd->pg = ++pg;
4312 		itd->hw_bufp[pg] |= cpu_to_hc32(fotg210, bufp & ~(u32)0);
4313 		itd->hw_bufp_hi[pg] |= cpu_to_hc32(fotg210, (u32)(bufp >> 32));
4314 	}
4315 }
4316 
4317 static inline void itd_link(struct fotg210_hcd *fotg210, unsigned frame,
4318 		struct fotg210_itd *itd)
4319 {
4320 	union fotg210_shadow *prev = &fotg210->pshadow[frame];
4321 	__hc32 *hw_p = &fotg210->periodic[frame];
4322 	union fotg210_shadow here = *prev;
4323 	__hc32 type = 0;
4324 
4325 	/* skip any iso nodes which might belong to previous microframes */
4326 	while (here.ptr) {
4327 		type = Q_NEXT_TYPE(fotg210, *hw_p);
4328 		if (type == cpu_to_hc32(fotg210, Q_TYPE_QH))
4329 			break;
4330 		prev = periodic_next_shadow(fotg210, prev, type);
4331 		hw_p = shadow_next_periodic(fotg210, &here, type);
4332 		here = *prev;
4333 	}
4334 
4335 	itd->itd_next = here;
4336 	itd->hw_next = *hw_p;
4337 	prev->itd = itd;
4338 	itd->frame = frame;
4339 	wmb();
4340 	*hw_p = cpu_to_hc32(fotg210, itd->itd_dma | Q_TYPE_ITD);
4341 }
4342 
4343 /* fit urb's itds into the selected schedule slot; activate as needed */
4344 static void itd_link_urb(struct fotg210_hcd *fotg210, struct urb *urb,
4345 		unsigned mod, struct fotg210_iso_stream *stream)
4346 {
4347 	int packet;
4348 	unsigned next_uframe, uframe, frame;
4349 	struct fotg210_iso_sched *iso_sched = urb->hcpriv;
4350 	struct fotg210_itd *itd;
4351 
4352 	next_uframe = stream->next_uframe & (mod - 1);
4353 
4354 	if (unlikely(list_empty(&stream->td_list))) {
4355 		fotg210_to_hcd(fotg210)->self.bandwidth_allocated
4356 				+= stream->bandwidth;
4357 		fotg210_dbg(fotg210,
4358 			"schedule devp %s ep%d%s-iso period %d start %d.%d\n",
4359 			urb->dev->devpath, stream->bEndpointAddress & 0x0f,
4360 			(stream->bEndpointAddress & USB_DIR_IN) ? "in" : "out",
4361 			urb->interval,
4362 			next_uframe >> 3, next_uframe & 0x7);
4363 	}
4364 
4365 	/* fill iTDs uframe by uframe */
4366 	for (packet = 0, itd = NULL; packet < urb->number_of_packets;) {
4367 		if (itd == NULL) {
4368 			/* ASSERT:  we have all necessary itds */
4369 
4370 			/* ASSERT:  no itds for this endpoint in this uframe */
4371 
4372 			itd = list_entry(iso_sched->td_list.next,
4373 					struct fotg210_itd, itd_list);
4374 			list_move_tail(&itd->itd_list, &stream->td_list);
4375 			itd->stream = stream;
4376 			itd->urb = urb;
4377 			itd_init(fotg210, stream, itd);
4378 		}
4379 
4380 		uframe = next_uframe & 0x07;
4381 		frame = next_uframe >> 3;
4382 
4383 		itd_patch(fotg210, itd, iso_sched, packet, uframe);
4384 
4385 		next_uframe += stream->interval;
4386 		next_uframe &= mod - 1;
4387 		packet++;
4388 
4389 		/* link completed itds into the schedule */
4390 		if (((next_uframe >> 3) != frame)
4391 				|| packet == urb->number_of_packets) {
4392 			itd_link(fotg210, frame & (fotg210->periodic_size - 1),
4393 					itd);
4394 			itd = NULL;
4395 		}
4396 	}
4397 	stream->next_uframe = next_uframe;
4398 
4399 	/* don't need that schedule data any more */
4400 	iso_sched_free(stream, iso_sched);
4401 	urb->hcpriv = NULL;
4402 
4403 	++fotg210->isoc_count;
4404 	enable_periodic(fotg210);
4405 }
4406 
4407 #define ISO_ERRS (FOTG210_ISOC_BUF_ERR | FOTG210_ISOC_BABBLE |\
4408 		FOTG210_ISOC_XACTERR)
4409 
4410 /* Process and recycle a completed ITD.  Return true iff its urb completed,
4411  * and hence its completion callback probably added things to the hardware
4412  * schedule.
4413  *
4414  * Note that we carefully avoid recycling this descriptor until after any
4415  * completion callback runs, so that it won't be reused quickly.  That is,
4416  * assuming (a) no more than two urbs per frame on this endpoint, and also
4417  * (b) only this endpoint's completions submit URBs.  It seems some silicon
4418  * corrupts things if you reuse completed descriptors very quickly...
4419  */
4420 static bool itd_complete(struct fotg210_hcd *fotg210, struct fotg210_itd *itd)
4421 {
4422 	struct urb *urb = itd->urb;
4423 	struct usb_iso_packet_descriptor *desc;
4424 	u32 t;
4425 	unsigned uframe;
4426 	int urb_index = -1;
4427 	struct fotg210_iso_stream *stream = itd->stream;
4428 	struct usb_device *dev;
4429 	bool retval = false;
4430 
4431 	/* for each uframe with a packet */
4432 	for (uframe = 0; uframe < 8; uframe++) {
4433 		if (likely(itd->index[uframe] == -1))
4434 			continue;
4435 		urb_index = itd->index[uframe];
4436 		desc = &urb->iso_frame_desc[urb_index];
4437 
4438 		t = hc32_to_cpup(fotg210, &itd->hw_transaction[uframe]);
4439 		itd->hw_transaction[uframe] = 0;
4440 
4441 		/* report transfer status */
4442 		if (unlikely(t & ISO_ERRS)) {
4443 			urb->error_count++;
4444 			if (t & FOTG210_ISOC_BUF_ERR)
4445 				desc->status = usb_pipein(urb->pipe)
4446 					? -ENOSR  /* hc couldn't read */
4447 					: -ECOMM; /* hc couldn't write */
4448 			else if (t & FOTG210_ISOC_BABBLE)
4449 				desc->status = -EOVERFLOW;
4450 			else /* (t & FOTG210_ISOC_XACTERR) */
4451 				desc->status = -EPROTO;
4452 
4453 			/* HC need not update length with this error */
4454 			if (!(t & FOTG210_ISOC_BABBLE)) {
4455 				desc->actual_length = FOTG210_ITD_LENGTH(t);
4456 				urb->actual_length += desc->actual_length;
4457 			}
4458 		} else if (likely((t & FOTG210_ISOC_ACTIVE) == 0)) {
4459 			desc->status = 0;
4460 			desc->actual_length = FOTG210_ITD_LENGTH(t);
4461 			urb->actual_length += desc->actual_length;
4462 		} else {
4463 			/* URB was too late */
4464 			desc->status = -EXDEV;
4465 		}
4466 	}
4467 
4468 	/* handle completion now? */
4469 	if (likely((urb_index + 1) != urb->number_of_packets))
4470 		goto done;
4471 
4472 	/* ASSERT: it's really the last itd for this urb
4473 	 * list_for_each_entry (itd, &stream->td_list, itd_list)
4474 	 *	BUG_ON (itd->urb == urb);
4475 	 */
4476 
4477 	/* give urb back to the driver; completion often (re)submits */
4478 	dev = urb->dev;
4479 	fotg210_urb_done(fotg210, urb, 0);
4480 	retval = true;
4481 	urb = NULL;
4482 
4483 	--fotg210->isoc_count;
4484 	disable_periodic(fotg210);
4485 
4486 	if (unlikely(list_is_singular(&stream->td_list))) {
4487 		fotg210_to_hcd(fotg210)->self.bandwidth_allocated
4488 				-= stream->bandwidth;
4489 		fotg210_dbg(fotg210,
4490 			"deschedule devp %s ep%d%s-iso\n",
4491 			dev->devpath, stream->bEndpointAddress & 0x0f,
4492 			(stream->bEndpointAddress & USB_DIR_IN) ? "in" : "out");
4493 	}
4494 
4495 done:
4496 	itd->urb = NULL;
4497 
4498 	/* Add to the end of the free list for later reuse */
4499 	list_move_tail(&itd->itd_list, &stream->free_list);
4500 
4501 	/* Recycle the iTDs when the pipeline is empty (ep no longer in use) */
4502 	if (list_empty(&stream->td_list)) {
4503 		list_splice_tail_init(&stream->free_list,
4504 				&fotg210->cached_itd_list);
4505 		start_free_itds(fotg210);
4506 	}
4507 
4508 	return retval;
4509 }
4510 
4511 static int itd_submit(struct fotg210_hcd *fotg210, struct urb *urb,
4512 		gfp_t mem_flags)
4513 {
4514 	int status = -EINVAL;
4515 	unsigned long flags;
4516 	struct fotg210_iso_stream *stream;
4517 
4518 	/* Get iso_stream head */
4519 	stream = iso_stream_find(fotg210, urb);
4520 	if (unlikely(stream == NULL)) {
4521 		fotg210_dbg(fotg210, "can't get iso stream\n");
4522 		return -ENOMEM;
4523 	}
4524 	if (unlikely(urb->interval != stream->interval &&
4525 			fotg210_port_speed(fotg210, 0) ==
4526 			USB_PORT_STAT_HIGH_SPEED)) {
4527 		fotg210_dbg(fotg210, "can't change iso interval %d --> %d\n",
4528 				stream->interval, urb->interval);
4529 		goto done;
4530 	}
4531 
4532 #ifdef FOTG210_URB_TRACE
4533 	fotg210_dbg(fotg210,
4534 			"%s %s urb %p ep%d%s len %d, %d pkts %d uframes[%p]\n",
4535 			__func__, urb->dev->devpath, urb,
4536 			usb_pipeendpoint(urb->pipe),
4537 			usb_pipein(urb->pipe) ? "in" : "out",
4538 			urb->transfer_buffer_length,
4539 			urb->number_of_packets, urb->interval,
4540 			stream);
4541 #endif
4542 
4543 	/* allocate ITDs w/o locking anything */
4544 	status = itd_urb_transaction(stream, fotg210, urb, mem_flags);
4545 	if (unlikely(status < 0)) {
4546 		fotg210_dbg(fotg210, "can't init itds\n");
4547 		goto done;
4548 	}
4549 
4550 	/* schedule ... need to lock */
4551 	spin_lock_irqsave(&fotg210->lock, flags);
4552 	if (unlikely(!HCD_HW_ACCESSIBLE(fotg210_to_hcd(fotg210)))) {
4553 		status = -ESHUTDOWN;
4554 		goto done_not_linked;
4555 	}
4556 	status = usb_hcd_link_urb_to_ep(fotg210_to_hcd(fotg210), urb);
4557 	if (unlikely(status))
4558 		goto done_not_linked;
4559 	status = iso_stream_schedule(fotg210, urb, stream);
4560 	if (likely(status == 0))
4561 		itd_link_urb(fotg210, urb, fotg210->periodic_size << 3, stream);
4562 	else
4563 		usb_hcd_unlink_urb_from_ep(fotg210_to_hcd(fotg210), urb);
4564 done_not_linked:
4565 	spin_unlock_irqrestore(&fotg210->lock, flags);
4566 done:
4567 	return status;
4568 }
4569 
4570 static inline int scan_frame_queue(struct fotg210_hcd *fotg210, unsigned frame,
4571 		unsigned now_frame, bool live)
4572 {
4573 	unsigned uf;
4574 	bool modified;
4575 	union fotg210_shadow q, *q_p;
4576 	__hc32 type, *hw_p;
4577 
4578 	/* scan each element in frame's queue for completions */
4579 	q_p = &fotg210->pshadow[frame];
4580 	hw_p = &fotg210->periodic[frame];
4581 	q.ptr = q_p->ptr;
4582 	type = Q_NEXT_TYPE(fotg210, *hw_p);
4583 	modified = false;
4584 
4585 	while (q.ptr) {
4586 		switch (hc32_to_cpu(fotg210, type)) {
4587 		case Q_TYPE_ITD:
4588 			/* If this ITD is still active, leave it for
4589 			 * later processing ... check the next entry.
4590 			 * No need to check for activity unless the
4591 			 * frame is current.
4592 			 */
4593 			if (frame == now_frame && live) {
4594 				rmb();
4595 				for (uf = 0; uf < 8; uf++) {
4596 					if (q.itd->hw_transaction[uf] &
4597 							ITD_ACTIVE(fotg210))
4598 						break;
4599 				}
4600 				if (uf < 8) {
4601 					q_p = &q.itd->itd_next;
4602 					hw_p = &q.itd->hw_next;
4603 					type = Q_NEXT_TYPE(fotg210,
4604 							q.itd->hw_next);
4605 					q = *q_p;
4606 					break;
4607 				}
4608 			}
4609 
4610 			/* Take finished ITDs out of the schedule
4611 			 * and process them:  recycle, maybe report
4612 			 * URB completion.  HC won't cache the
4613 			 * pointer for much longer, if at all.
4614 			 */
4615 			*q_p = q.itd->itd_next;
4616 			*hw_p = q.itd->hw_next;
4617 			type = Q_NEXT_TYPE(fotg210, q.itd->hw_next);
4618 			wmb();
4619 			modified = itd_complete(fotg210, q.itd);
4620 			q = *q_p;
4621 			break;
4622 		default:
4623 			fotg210_dbg(fotg210, "corrupt type %d frame %d shadow %p\n",
4624 					type, frame, q.ptr);
4625 			fallthrough;
4626 		case Q_TYPE_QH:
4627 		case Q_TYPE_FSTN:
4628 			/* End of the iTDs and siTDs */
4629 			q.ptr = NULL;
4630 			break;
4631 		}
4632 
4633 		/* assume completion callbacks modify the queue */
4634 		if (unlikely(modified && fotg210->isoc_count > 0))
4635 			return -EINVAL;
4636 	}
4637 	return 0;
4638 }
4639 
4640 static void scan_isoc(struct fotg210_hcd *fotg210)
4641 {
4642 	unsigned uf, now_frame, frame, ret;
4643 	unsigned fmask = fotg210->periodic_size - 1;
4644 	bool live;
4645 
4646 	/*
4647 	 * When running, scan from last scan point up to "now"
4648 	 * else clean up by scanning everything that's left.
4649 	 * Touches as few pages as possible:  cache-friendly.
4650 	 */
4651 	if (fotg210->rh_state >= FOTG210_RH_RUNNING) {
4652 		uf = fotg210_read_frame_index(fotg210);
4653 		now_frame = (uf >> 3) & fmask;
4654 		live = true;
4655 	} else  {
4656 		now_frame = (fotg210->next_frame - 1) & fmask;
4657 		live = false;
4658 	}
4659 	fotg210->now_frame = now_frame;
4660 
4661 	frame = fotg210->next_frame;
4662 	for (;;) {
4663 		ret = 1;
4664 		while (ret != 0)
4665 			ret = scan_frame_queue(fotg210, frame,
4666 					now_frame, live);
4667 
4668 		/* Stop when we have reached the current frame */
4669 		if (frame == now_frame)
4670 			break;
4671 		frame = (frame + 1) & fmask;
4672 	}
4673 	fotg210->next_frame = now_frame;
4674 }
4675 
4676 /* Display / Set uframe_periodic_max
4677  */
4678 static ssize_t uframe_periodic_max_show(struct device *dev,
4679 		struct device_attribute *attr, char *buf)
4680 {
4681 	struct fotg210_hcd *fotg210;
4682 
4683 	fotg210 = hcd_to_fotg210(bus_to_hcd(dev_get_drvdata(dev)));
4684 	return sysfs_emit(buf, "%d\n", fotg210->uframe_periodic_max);
4685 }
4686 
4687 static ssize_t uframe_periodic_max_store(struct device *dev,
4688 		struct device_attribute *attr, const char *buf, size_t count)
4689 {
4690 	struct fotg210_hcd *fotg210;
4691 	unsigned uframe_periodic_max;
4692 	unsigned frame, uframe;
4693 	unsigned short allocated_max;
4694 	unsigned long flags;
4695 	ssize_t ret;
4696 
4697 	fotg210 = hcd_to_fotg210(bus_to_hcd(dev_get_drvdata(dev)));
4698 
4699 	ret = kstrtouint(buf, 0, &uframe_periodic_max);
4700 	if (ret)
4701 		return ret;
4702 
4703 	if (uframe_periodic_max < 100 || uframe_periodic_max >= 125) {
4704 		fotg210_info(fotg210, "rejecting invalid request for uframe_periodic_max=%u\n",
4705 				uframe_periodic_max);
4706 		return -EINVAL;
4707 	}
4708 
4709 	ret = -EINVAL;
4710 
4711 	/*
4712 	 * lock, so that our checking does not race with possible periodic
4713 	 * bandwidth allocation through submitting new urbs.
4714 	 */
4715 	spin_lock_irqsave(&fotg210->lock, flags);
4716 
4717 	/*
4718 	 * for request to decrease max periodic bandwidth, we have to check
4719 	 * every microframe in the schedule to see whether the decrease is
4720 	 * possible.
4721 	 */
4722 	if (uframe_periodic_max < fotg210->uframe_periodic_max) {
4723 		allocated_max = 0;
4724 
4725 		for (frame = 0; frame < fotg210->periodic_size; ++frame)
4726 			for (uframe = 0; uframe < 7; ++uframe)
4727 				allocated_max = max(allocated_max,
4728 						periodic_usecs(fotg210, frame,
4729 						uframe));
4730 
4731 		if (allocated_max > uframe_periodic_max) {
4732 			fotg210_info(fotg210,
4733 					"cannot decrease uframe_periodic_max because periodic bandwidth is already allocated (%u > %u)\n",
4734 					allocated_max, uframe_periodic_max);
4735 			goto out_unlock;
4736 		}
4737 	}
4738 
4739 	/* increasing is always ok */
4740 
4741 	fotg210_info(fotg210,
4742 			"setting max periodic bandwidth to %u%% (== %u usec/uframe)\n",
4743 			100 * uframe_periodic_max/125, uframe_periodic_max);
4744 
4745 	if (uframe_periodic_max != 100)
4746 		fotg210_warn(fotg210, "max periodic bandwidth set is non-standard\n");
4747 
4748 	fotg210->uframe_periodic_max = uframe_periodic_max;
4749 	ret = count;
4750 
4751 out_unlock:
4752 	spin_unlock_irqrestore(&fotg210->lock, flags);
4753 	return ret;
4754 }
4755 
4756 static DEVICE_ATTR_RW(uframe_periodic_max);
4757 
4758 static inline int create_sysfs_files(struct fotg210_hcd *fotg210)
4759 {
4760 	struct device *controller = fotg210_to_hcd(fotg210)->self.controller;
4761 
4762 	return device_create_file(controller, &dev_attr_uframe_periodic_max);
4763 }
4764 
4765 static inline void remove_sysfs_files(struct fotg210_hcd *fotg210)
4766 {
4767 	struct device *controller = fotg210_to_hcd(fotg210)->self.controller;
4768 
4769 	device_remove_file(controller, &dev_attr_uframe_periodic_max);
4770 }
4771 /* On some systems, leaving remote wakeup enabled prevents system shutdown.
4772  * The firmware seems to think that powering off is a wakeup event!
4773  * This routine turns off remote wakeup and everything else, on all ports.
4774  */
4775 static void fotg210_turn_off_all_ports(struct fotg210_hcd *fotg210)
4776 {
4777 	u32 __iomem *status_reg = &fotg210->regs->port_status;
4778 
4779 	fotg210_writel(fotg210, PORT_RWC_BITS, status_reg);
4780 }
4781 
4782 /* Halt HC, turn off all ports, and let the BIOS use the companion controllers.
4783  * Must be called with interrupts enabled and the lock not held.
4784  */
4785 static void fotg210_silence_controller(struct fotg210_hcd *fotg210)
4786 {
4787 	fotg210_halt(fotg210);
4788 
4789 	spin_lock_irq(&fotg210->lock);
4790 	fotg210->rh_state = FOTG210_RH_HALTED;
4791 	fotg210_turn_off_all_ports(fotg210);
4792 	spin_unlock_irq(&fotg210->lock);
4793 }
4794 
4795 /* fotg210_shutdown kick in for silicon on any bus (not just pci, etc).
4796  * This forcibly disables dma and IRQs, helping kexec and other cases
4797  * where the next system software may expect clean state.
4798  */
4799 static void fotg210_shutdown(struct usb_hcd *hcd)
4800 {
4801 	struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
4802 
4803 	spin_lock_irq(&fotg210->lock);
4804 	fotg210->shutdown = true;
4805 	fotg210->rh_state = FOTG210_RH_STOPPING;
4806 	fotg210->enabled_hrtimer_events = 0;
4807 	spin_unlock_irq(&fotg210->lock);
4808 
4809 	fotg210_silence_controller(fotg210);
4810 
4811 	hrtimer_cancel(&fotg210->hrtimer);
4812 }
4813 
4814 /* fotg210_work is called from some interrupts, timers, and so on.
4815  * it calls driver completion functions, after dropping fotg210->lock.
4816  */
4817 static void fotg210_work(struct fotg210_hcd *fotg210)
4818 {
4819 	/* another CPU may drop fotg210->lock during a schedule scan while
4820 	 * it reports urb completions.  this flag guards against bogus
4821 	 * attempts at re-entrant schedule scanning.
4822 	 */
4823 	if (fotg210->scanning) {
4824 		fotg210->need_rescan = true;
4825 		return;
4826 	}
4827 	fotg210->scanning = true;
4828 
4829 rescan:
4830 	fotg210->need_rescan = false;
4831 	if (fotg210->async_count)
4832 		scan_async(fotg210);
4833 	if (fotg210->intr_count > 0)
4834 		scan_intr(fotg210);
4835 	if (fotg210->isoc_count > 0)
4836 		scan_isoc(fotg210);
4837 	if (fotg210->need_rescan)
4838 		goto rescan;
4839 	fotg210->scanning = false;
4840 
4841 	/* the IO watchdog guards against hardware or driver bugs that
4842 	 * misplace IRQs, and should let us run completely without IRQs.
4843 	 * such lossage has been observed on both VT6202 and VT8235.
4844 	 */
4845 	turn_on_io_watchdog(fotg210);
4846 }
4847 
4848 /* Called when the fotg210_hcd module is removed.
4849  */
4850 static void fotg210_stop(struct usb_hcd *hcd)
4851 {
4852 	struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
4853 
4854 	fotg210_dbg(fotg210, "stop\n");
4855 
4856 	/* no more interrupts ... */
4857 
4858 	spin_lock_irq(&fotg210->lock);
4859 	fotg210->enabled_hrtimer_events = 0;
4860 	spin_unlock_irq(&fotg210->lock);
4861 
4862 	fotg210_quiesce(fotg210);
4863 	fotg210_silence_controller(fotg210);
4864 	fotg210_reset(fotg210);
4865 
4866 	hrtimer_cancel(&fotg210->hrtimer);
4867 	remove_sysfs_files(fotg210);
4868 	remove_debug_files(fotg210);
4869 
4870 	/* root hub is shut down separately (first, when possible) */
4871 	spin_lock_irq(&fotg210->lock);
4872 	end_free_itds(fotg210);
4873 	spin_unlock_irq(&fotg210->lock);
4874 	fotg210_mem_cleanup(fotg210);
4875 
4876 #ifdef FOTG210_STATS
4877 	fotg210_dbg(fotg210, "irq normal %ld err %ld iaa %ld (lost %ld)\n",
4878 			fotg210->stats.normal, fotg210->stats.error,
4879 			fotg210->stats.iaa, fotg210->stats.lost_iaa);
4880 	fotg210_dbg(fotg210, "complete %ld unlink %ld\n",
4881 			fotg210->stats.complete, fotg210->stats.unlink);
4882 #endif
4883 
4884 	dbg_status(fotg210, "fotg210_stop completed",
4885 			fotg210_readl(fotg210, &fotg210->regs->status));
4886 }
4887 
4888 /* one-time init, only for memory state */
4889 static int hcd_fotg210_init(struct usb_hcd *hcd)
4890 {
4891 	struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
4892 	u32 temp;
4893 	int retval;
4894 	u32 hcc_params;
4895 	struct fotg210_qh_hw *hw;
4896 
4897 	spin_lock_init(&fotg210->lock);
4898 
4899 	/*
4900 	 * keep io watchdog by default, those good HCDs could turn off it later
4901 	 */
4902 	fotg210->need_io_watchdog = 1;
4903 
4904 	hrtimer_init(&fotg210->hrtimer, CLOCK_MONOTONIC, HRTIMER_MODE_ABS);
4905 	fotg210->hrtimer.function = fotg210_hrtimer_func;
4906 	fotg210->next_hrtimer_event = FOTG210_HRTIMER_NO_EVENT;
4907 
4908 	hcc_params = fotg210_readl(fotg210, &fotg210->caps->hcc_params);
4909 
4910 	/*
4911 	 * by default set standard 80% (== 100 usec/uframe) max periodic
4912 	 * bandwidth as required by USB 2.0
4913 	 */
4914 	fotg210->uframe_periodic_max = 100;
4915 
4916 	/*
4917 	 * hw default: 1K periodic list heads, one per frame.
4918 	 * periodic_size can shrink by USBCMD update if hcc_params allows.
4919 	 */
4920 	fotg210->periodic_size = DEFAULT_I_TDPS;
4921 	INIT_LIST_HEAD(&fotg210->intr_qh_list);
4922 	INIT_LIST_HEAD(&fotg210->cached_itd_list);
4923 
4924 	if (HCC_PGM_FRAMELISTLEN(hcc_params)) {
4925 		/* periodic schedule size can be smaller than default */
4926 		switch (FOTG210_TUNE_FLS) {
4927 		case 0:
4928 			fotg210->periodic_size = 1024;
4929 			break;
4930 		case 1:
4931 			fotg210->periodic_size = 512;
4932 			break;
4933 		case 2:
4934 			fotg210->periodic_size = 256;
4935 			break;
4936 		default:
4937 			BUG();
4938 		}
4939 	}
4940 	retval = fotg210_mem_init(fotg210, GFP_KERNEL);
4941 	if (retval < 0)
4942 		return retval;
4943 
4944 	/* controllers may cache some of the periodic schedule ... */
4945 	fotg210->i_thresh = 2;
4946 
4947 	/*
4948 	 * dedicate a qh for the async ring head, since we couldn't unlink
4949 	 * a 'real' qh without stopping the async schedule [4.8].  use it
4950 	 * as the 'reclamation list head' too.
4951 	 * its dummy is used in hw_alt_next of many tds, to prevent the qh
4952 	 * from automatically advancing to the next td after short reads.
4953 	 */
4954 	fotg210->async->qh_next.qh = NULL;
4955 	hw = fotg210->async->hw;
4956 	hw->hw_next = QH_NEXT(fotg210, fotg210->async->qh_dma);
4957 	hw->hw_info1 = cpu_to_hc32(fotg210, QH_HEAD);
4958 	hw->hw_token = cpu_to_hc32(fotg210, QTD_STS_HALT);
4959 	hw->hw_qtd_next = FOTG210_LIST_END(fotg210);
4960 	fotg210->async->qh_state = QH_STATE_LINKED;
4961 	hw->hw_alt_next = QTD_NEXT(fotg210, fotg210->async->dummy->qtd_dma);
4962 
4963 	/* clear interrupt enables, set irq latency */
4964 	if (log2_irq_thresh < 0 || log2_irq_thresh > 6)
4965 		log2_irq_thresh = 0;
4966 	temp = 1 << (16 + log2_irq_thresh);
4967 	if (HCC_CANPARK(hcc_params)) {
4968 		/* HW default park == 3, on hardware that supports it (like
4969 		 * NVidia and ALI silicon), maximizes throughput on the async
4970 		 * schedule by avoiding QH fetches between transfers.
4971 		 *
4972 		 * With fast usb storage devices and NForce2, "park" seems to
4973 		 * make problems:  throughput reduction (!), data errors...
4974 		 */
4975 		if (park) {
4976 			park = min_t(unsigned, park, 3);
4977 			temp |= CMD_PARK;
4978 			temp |= park << 8;
4979 		}
4980 		fotg210_dbg(fotg210, "park %d\n", park);
4981 	}
4982 	if (HCC_PGM_FRAMELISTLEN(hcc_params)) {
4983 		/* periodic schedule size can be smaller than default */
4984 		temp &= ~(3 << 2);
4985 		temp |= (FOTG210_TUNE_FLS << 2);
4986 	}
4987 	fotg210->command = temp;
4988 
4989 	/* Accept arbitrarily long scatter-gather lists */
4990 	if (!hcd->localmem_pool)
4991 		hcd->self.sg_tablesize = ~0;
4992 	return 0;
4993 }
4994 
4995 /* start HC running; it's halted, hcd_fotg210_init() has been run (once) */
4996 static int fotg210_run(struct usb_hcd *hcd)
4997 {
4998 	struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
4999 	u32 temp;
5000 
5001 	hcd->uses_new_polling = 1;
5002 
5003 	/* EHCI spec section 4.1 */
5004 
5005 	fotg210_writel(fotg210, fotg210->periodic_dma,
5006 			&fotg210->regs->frame_list);
5007 	fotg210_writel(fotg210, (u32)fotg210->async->qh_dma,
5008 			&fotg210->regs->async_next);
5009 
5010 	/*
5011 	 * hcc_params controls whether fotg210->regs->segment must (!!!)
5012 	 * be used; it constrains QH/ITD/SITD and QTD locations.
5013 	 * dma_pool consistent memory always uses segment zero.
5014 	 * streaming mappings for I/O buffers, like dma_map_single(),
5015 	 * can return segments above 4GB, if the device allows.
5016 	 *
5017 	 * NOTE:  the dma mask is visible through dev->dma_mask, so
5018 	 * drivers can pass this info along ... like NETIF_F_HIGHDMA,
5019 	 * Scsi_Host.highmem_io, and so forth.  It's readonly to all
5020 	 * host side drivers though.
5021 	 */
5022 	fotg210_readl(fotg210, &fotg210->caps->hcc_params);
5023 
5024 	/*
5025 	 * Philips, Intel, and maybe others need CMD_RUN before the
5026 	 * root hub will detect new devices (why?); NEC doesn't
5027 	 */
5028 	fotg210->command &= ~(CMD_IAAD|CMD_PSE|CMD_ASE|CMD_RESET);
5029 	fotg210->command |= CMD_RUN;
5030 	fotg210_writel(fotg210, fotg210->command, &fotg210->regs->command);
5031 	dbg_cmd(fotg210, "init", fotg210->command);
5032 
5033 	/*
5034 	 * Start, enabling full USB 2.0 functionality ... usb 1.1 devices
5035 	 * are explicitly handed to companion controller(s), so no TT is
5036 	 * involved with the root hub.  (Except where one is integrated,
5037 	 * and there's no companion controller unless maybe for USB OTG.)
5038 	 *
5039 	 * Turning on the CF flag will transfer ownership of all ports
5040 	 * from the companions to the EHCI controller.  If any of the
5041 	 * companions are in the middle of a port reset at the time, it
5042 	 * could cause trouble.  Write-locking ehci_cf_port_reset_rwsem
5043 	 * guarantees that no resets are in progress.  After we set CF,
5044 	 * a short delay lets the hardware catch up; new resets shouldn't
5045 	 * be started before the port switching actions could complete.
5046 	 */
5047 	down_write(&ehci_cf_port_reset_rwsem);
5048 	fotg210->rh_state = FOTG210_RH_RUNNING;
5049 	/* unblock posted writes */
5050 	fotg210_readl(fotg210, &fotg210->regs->command);
5051 	usleep_range(5000, 10000);
5052 	up_write(&ehci_cf_port_reset_rwsem);
5053 	fotg210->last_periodic_enable = ktime_get_real();
5054 
5055 	temp = HC_VERSION(fotg210,
5056 			fotg210_readl(fotg210, &fotg210->caps->hc_capbase));
5057 	fotg210_info(fotg210,
5058 			"USB %x.%x started, EHCI %x.%02x\n",
5059 			((fotg210->sbrn & 0xf0) >> 4), (fotg210->sbrn & 0x0f),
5060 			temp >> 8, temp & 0xff);
5061 
5062 	fotg210_writel(fotg210, INTR_MASK,
5063 			&fotg210->regs->intr_enable); /* Turn On Interrupts */
5064 
5065 	/* GRR this is run-once init(), being done every time the HC starts.
5066 	 * So long as they're part of class devices, we can't do it init()
5067 	 * since the class device isn't created that early.
5068 	 */
5069 	create_debug_files(fotg210);
5070 	create_sysfs_files(fotg210);
5071 
5072 	return 0;
5073 }
5074 
5075 static int fotg210_setup(struct usb_hcd *hcd)
5076 {
5077 	struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
5078 	int retval;
5079 
5080 	fotg210->regs = (void __iomem *)fotg210->caps +
5081 			HC_LENGTH(fotg210,
5082 			fotg210_readl(fotg210, &fotg210->caps->hc_capbase));
5083 	dbg_hcs_params(fotg210, "reset");
5084 	dbg_hcc_params(fotg210, "reset");
5085 
5086 	/* cache this readonly data; minimize chip reads */
5087 	fotg210->hcs_params = fotg210_readl(fotg210,
5088 			&fotg210->caps->hcs_params);
5089 
5090 	fotg210->sbrn = HCD_USB2;
5091 
5092 	/* data structure init */
5093 	retval = hcd_fotg210_init(hcd);
5094 	if (retval)
5095 		return retval;
5096 
5097 	retval = fotg210_halt(fotg210);
5098 	if (retval)
5099 		return retval;
5100 
5101 	fotg210_reset(fotg210);
5102 
5103 	return 0;
5104 }
5105 
5106 static irqreturn_t fotg210_irq(struct usb_hcd *hcd)
5107 {
5108 	struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
5109 	u32 status, masked_status, pcd_status = 0, cmd;
5110 	int bh;
5111 
5112 	spin_lock(&fotg210->lock);
5113 
5114 	status = fotg210_readl(fotg210, &fotg210->regs->status);
5115 
5116 	/* e.g. cardbus physical eject */
5117 	if (status == ~(u32) 0) {
5118 		fotg210_dbg(fotg210, "device removed\n");
5119 		goto dead;
5120 	}
5121 
5122 	/*
5123 	 * We don't use STS_FLR, but some controllers don't like it to
5124 	 * remain on, so mask it out along with the other status bits.
5125 	 */
5126 	masked_status = status & (INTR_MASK | STS_FLR);
5127 
5128 	/* Shared IRQ? */
5129 	if (!masked_status ||
5130 			unlikely(fotg210->rh_state == FOTG210_RH_HALTED)) {
5131 		spin_unlock(&fotg210->lock);
5132 		return IRQ_NONE;
5133 	}
5134 
5135 	/* clear (just) interrupts */
5136 	fotg210_writel(fotg210, masked_status, &fotg210->regs->status);
5137 	cmd = fotg210_readl(fotg210, &fotg210->regs->command);
5138 	bh = 0;
5139 
5140 	/* unrequested/ignored: Frame List Rollover */
5141 	dbg_status(fotg210, "irq", status);
5142 
5143 	/* INT, ERR, and IAA interrupt rates can be throttled */
5144 
5145 	/* normal [4.15.1.2] or error [4.15.1.1] completion */
5146 	if (likely((status & (STS_INT|STS_ERR)) != 0)) {
5147 		if (likely((status & STS_ERR) == 0))
5148 			INCR(fotg210->stats.normal);
5149 		else
5150 			INCR(fotg210->stats.error);
5151 		bh = 1;
5152 	}
5153 
5154 	/* complete the unlinking of some qh [4.15.2.3] */
5155 	if (status & STS_IAA) {
5156 
5157 		/* Turn off the IAA watchdog */
5158 		fotg210->enabled_hrtimer_events &=
5159 			~BIT(FOTG210_HRTIMER_IAA_WATCHDOG);
5160 
5161 		/*
5162 		 * Mild optimization: Allow another IAAD to reset the
5163 		 * hrtimer, if one occurs before the next expiration.
5164 		 * In theory we could always cancel the hrtimer, but
5165 		 * tests show that about half the time it will be reset
5166 		 * for some other event anyway.
5167 		 */
5168 		if (fotg210->next_hrtimer_event == FOTG210_HRTIMER_IAA_WATCHDOG)
5169 			++fotg210->next_hrtimer_event;
5170 
5171 		/* guard against (alleged) silicon errata */
5172 		if (cmd & CMD_IAAD)
5173 			fotg210_dbg(fotg210, "IAA with IAAD still set?\n");
5174 		if (fotg210->async_iaa) {
5175 			INCR(fotg210->stats.iaa);
5176 			end_unlink_async(fotg210);
5177 		} else
5178 			fotg210_dbg(fotg210, "IAA with nothing unlinked?\n");
5179 	}
5180 
5181 	/* remote wakeup [4.3.1] */
5182 	if (status & STS_PCD) {
5183 		int pstatus;
5184 		u32 __iomem *status_reg = &fotg210->regs->port_status;
5185 
5186 		/* kick root hub later */
5187 		pcd_status = status;
5188 
5189 		/* resume root hub? */
5190 		if (fotg210->rh_state == FOTG210_RH_SUSPENDED)
5191 			usb_hcd_resume_root_hub(hcd);
5192 
5193 		pstatus = fotg210_readl(fotg210, status_reg);
5194 
5195 		if (test_bit(0, &fotg210->suspended_ports) &&
5196 				((pstatus & PORT_RESUME) ||
5197 				!(pstatus & PORT_SUSPEND)) &&
5198 				(pstatus & PORT_PE) &&
5199 				fotg210->reset_done[0] == 0) {
5200 
5201 			/* start 20 msec resume signaling from this port,
5202 			 * and make hub_wq collect PORT_STAT_C_SUSPEND to
5203 			 * stop that signaling.  Use 5 ms extra for safety,
5204 			 * like usb_port_resume() does.
5205 			 */
5206 			fotg210->reset_done[0] = jiffies + msecs_to_jiffies(25);
5207 			set_bit(0, &fotg210->resuming_ports);
5208 			fotg210_dbg(fotg210, "port 1 remote wakeup\n");
5209 			mod_timer(&hcd->rh_timer, fotg210->reset_done[0]);
5210 		}
5211 	}
5212 
5213 	/* PCI errors [4.15.2.4] */
5214 	if (unlikely((status & STS_FATAL) != 0)) {
5215 		fotg210_err(fotg210, "fatal error\n");
5216 		dbg_cmd(fotg210, "fatal", cmd);
5217 		dbg_status(fotg210, "fatal", status);
5218 dead:
5219 		usb_hc_died(hcd);
5220 
5221 		/* Don't let the controller do anything more */
5222 		fotg210->shutdown = true;
5223 		fotg210->rh_state = FOTG210_RH_STOPPING;
5224 		fotg210->command &= ~(CMD_RUN | CMD_ASE | CMD_PSE);
5225 		fotg210_writel(fotg210, fotg210->command,
5226 				&fotg210->regs->command);
5227 		fotg210_writel(fotg210, 0, &fotg210->regs->intr_enable);
5228 		fotg210_handle_controller_death(fotg210);
5229 
5230 		/* Handle completions when the controller stops */
5231 		bh = 0;
5232 	}
5233 
5234 	if (bh)
5235 		fotg210_work(fotg210);
5236 	spin_unlock(&fotg210->lock);
5237 	if (pcd_status)
5238 		usb_hcd_poll_rh_status(hcd);
5239 	return IRQ_HANDLED;
5240 }
5241 
5242 /* non-error returns are a promise to giveback() the urb later
5243  * we drop ownership so next owner (or urb unlink) can get it
5244  *
5245  * urb + dev is in hcd.self.controller.urb_list
5246  * we're queueing TDs onto software and hardware lists
5247  *
5248  * hcd-specific init for hcpriv hasn't been done yet
5249  *
5250  * NOTE:  control, bulk, and interrupt share the same code to append TDs
5251  * to a (possibly active) QH, and the same QH scanning code.
5252  */
5253 static int fotg210_urb_enqueue(struct usb_hcd *hcd, struct urb *urb,
5254 		gfp_t mem_flags)
5255 {
5256 	struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
5257 	struct list_head qtd_list;
5258 
5259 	INIT_LIST_HEAD(&qtd_list);
5260 
5261 	switch (usb_pipetype(urb->pipe)) {
5262 	case PIPE_CONTROL:
5263 		/* qh_completions() code doesn't handle all the fault cases
5264 		 * in multi-TD control transfers.  Even 1KB is rare anyway.
5265 		 */
5266 		if (urb->transfer_buffer_length > (16 * 1024))
5267 			return -EMSGSIZE;
5268 		fallthrough;
5269 	/* case PIPE_BULK: */
5270 	default:
5271 		if (!qh_urb_transaction(fotg210, urb, &qtd_list, mem_flags))
5272 			return -ENOMEM;
5273 		return submit_async(fotg210, urb, &qtd_list, mem_flags);
5274 
5275 	case PIPE_INTERRUPT:
5276 		if (!qh_urb_transaction(fotg210, urb, &qtd_list, mem_flags))
5277 			return -ENOMEM;
5278 		return intr_submit(fotg210, urb, &qtd_list, mem_flags);
5279 
5280 	case PIPE_ISOCHRONOUS:
5281 		return itd_submit(fotg210, urb, mem_flags);
5282 	}
5283 }
5284 
5285 /* remove from hardware lists
5286  * completions normally happen asynchronously
5287  */
5288 
5289 static int fotg210_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status)
5290 {
5291 	struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
5292 	struct fotg210_qh *qh;
5293 	unsigned long flags;
5294 	int rc;
5295 
5296 	spin_lock_irqsave(&fotg210->lock, flags);
5297 	rc = usb_hcd_check_unlink_urb(hcd, urb, status);
5298 	if (rc)
5299 		goto done;
5300 
5301 	switch (usb_pipetype(urb->pipe)) {
5302 	/* case PIPE_CONTROL: */
5303 	/* case PIPE_BULK:*/
5304 	default:
5305 		qh = (struct fotg210_qh *) urb->hcpriv;
5306 		if (!qh)
5307 			break;
5308 		switch (qh->qh_state) {
5309 		case QH_STATE_LINKED:
5310 		case QH_STATE_COMPLETING:
5311 			start_unlink_async(fotg210, qh);
5312 			break;
5313 		case QH_STATE_UNLINK:
5314 		case QH_STATE_UNLINK_WAIT:
5315 			/* already started */
5316 			break;
5317 		case QH_STATE_IDLE:
5318 			/* QH might be waiting for a Clear-TT-Buffer */
5319 			qh_completions(fotg210, qh);
5320 			break;
5321 		}
5322 		break;
5323 
5324 	case PIPE_INTERRUPT:
5325 		qh = (struct fotg210_qh *) urb->hcpriv;
5326 		if (!qh)
5327 			break;
5328 		switch (qh->qh_state) {
5329 		case QH_STATE_LINKED:
5330 		case QH_STATE_COMPLETING:
5331 			start_unlink_intr(fotg210, qh);
5332 			break;
5333 		case QH_STATE_IDLE:
5334 			qh_completions(fotg210, qh);
5335 			break;
5336 		default:
5337 			fotg210_dbg(fotg210, "bogus qh %p state %d\n",
5338 					qh, qh->qh_state);
5339 			goto done;
5340 		}
5341 		break;
5342 
5343 	case PIPE_ISOCHRONOUS:
5344 		/* itd... */
5345 
5346 		/* wait till next completion, do it then. */
5347 		/* completion irqs can wait up to 1024 msec, */
5348 		break;
5349 	}
5350 done:
5351 	spin_unlock_irqrestore(&fotg210->lock, flags);
5352 	return rc;
5353 }
5354 
5355 /* bulk qh holds the data toggle */
5356 
5357 static void fotg210_endpoint_disable(struct usb_hcd *hcd,
5358 		struct usb_host_endpoint *ep)
5359 {
5360 	struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
5361 	unsigned long flags;
5362 	struct fotg210_qh *qh, *tmp;
5363 
5364 	/* ASSERT:  any requests/urbs are being unlinked */
5365 	/* ASSERT:  nobody can be submitting urbs for this any more */
5366 
5367 rescan:
5368 	spin_lock_irqsave(&fotg210->lock, flags);
5369 	qh = ep->hcpriv;
5370 	if (!qh)
5371 		goto done;
5372 
5373 	/* endpoints can be iso streams.  for now, we don't
5374 	 * accelerate iso completions ... so spin a while.
5375 	 */
5376 	if (qh->hw == NULL) {
5377 		struct fotg210_iso_stream *stream = ep->hcpriv;
5378 
5379 		if (!list_empty(&stream->td_list))
5380 			goto idle_timeout;
5381 
5382 		/* BUG_ON(!list_empty(&stream->free_list)); */
5383 		kfree(stream);
5384 		goto done;
5385 	}
5386 
5387 	if (fotg210->rh_state < FOTG210_RH_RUNNING)
5388 		qh->qh_state = QH_STATE_IDLE;
5389 	switch (qh->qh_state) {
5390 	case QH_STATE_LINKED:
5391 	case QH_STATE_COMPLETING:
5392 		for (tmp = fotg210->async->qh_next.qh;
5393 				tmp && tmp != qh;
5394 				tmp = tmp->qh_next.qh)
5395 			continue;
5396 		/* periodic qh self-unlinks on empty, and a COMPLETING qh
5397 		 * may already be unlinked.
5398 		 */
5399 		if (tmp)
5400 			start_unlink_async(fotg210, qh);
5401 		fallthrough;
5402 	case QH_STATE_UNLINK:		/* wait for hw to finish? */
5403 	case QH_STATE_UNLINK_WAIT:
5404 idle_timeout:
5405 		spin_unlock_irqrestore(&fotg210->lock, flags);
5406 		schedule_timeout_uninterruptible(1);
5407 		goto rescan;
5408 	case QH_STATE_IDLE:		/* fully unlinked */
5409 		if (qh->clearing_tt)
5410 			goto idle_timeout;
5411 		if (list_empty(&qh->qtd_list)) {
5412 			qh_destroy(fotg210, qh);
5413 			break;
5414 		}
5415 		fallthrough;
5416 	default:
5417 		/* caller was supposed to have unlinked any requests;
5418 		 * that's not our job.  just leak this memory.
5419 		 */
5420 		fotg210_err(fotg210, "qh %p (#%02x) state %d%s\n",
5421 				qh, ep->desc.bEndpointAddress, qh->qh_state,
5422 				list_empty(&qh->qtd_list) ? "" : "(has tds)");
5423 		break;
5424 	}
5425 done:
5426 	ep->hcpriv = NULL;
5427 	spin_unlock_irqrestore(&fotg210->lock, flags);
5428 }
5429 
5430 static void fotg210_endpoint_reset(struct usb_hcd *hcd,
5431 		struct usb_host_endpoint *ep)
5432 {
5433 	struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
5434 	struct fotg210_qh *qh;
5435 	int eptype = usb_endpoint_type(&ep->desc);
5436 	int epnum = usb_endpoint_num(&ep->desc);
5437 	int is_out = usb_endpoint_dir_out(&ep->desc);
5438 	unsigned long flags;
5439 
5440 	if (eptype != USB_ENDPOINT_XFER_BULK && eptype != USB_ENDPOINT_XFER_INT)
5441 		return;
5442 
5443 	spin_lock_irqsave(&fotg210->lock, flags);
5444 	qh = ep->hcpriv;
5445 
5446 	/* For Bulk and Interrupt endpoints we maintain the toggle state
5447 	 * in the hardware; the toggle bits in udev aren't used at all.
5448 	 * When an endpoint is reset by usb_clear_halt() we must reset
5449 	 * the toggle bit in the QH.
5450 	 */
5451 	if (qh) {
5452 		usb_settoggle(qh->dev, epnum, is_out, 0);
5453 		if (!list_empty(&qh->qtd_list)) {
5454 			WARN_ONCE(1, "clear_halt for a busy endpoint\n");
5455 		} else if (qh->qh_state == QH_STATE_LINKED ||
5456 				qh->qh_state == QH_STATE_COMPLETING) {
5457 
5458 			/* The toggle value in the QH can't be updated
5459 			 * while the QH is active.  Unlink it now;
5460 			 * re-linking will call qh_refresh().
5461 			 */
5462 			if (eptype == USB_ENDPOINT_XFER_BULK)
5463 				start_unlink_async(fotg210, qh);
5464 			else
5465 				start_unlink_intr(fotg210, qh);
5466 		}
5467 	}
5468 	spin_unlock_irqrestore(&fotg210->lock, flags);
5469 }
5470 
5471 static int fotg210_get_frame(struct usb_hcd *hcd)
5472 {
5473 	struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
5474 
5475 	return (fotg210_read_frame_index(fotg210) >> 3) %
5476 		fotg210->periodic_size;
5477 }
5478 
5479 /* The EHCI in ChipIdea HDRC cannot be a separate module or device,
5480  * because its registers (and irq) are shared between host/gadget/otg
5481  * functions  and in order to facilitate role switching we cannot
5482  * give the fotg210 driver exclusive access to those.
5483  */
5484 
5485 static const struct hc_driver fotg210_fotg210_hc_driver = {
5486 	.description		= hcd_name,
5487 	.product_desc		= "Faraday USB2.0 Host Controller",
5488 	.hcd_priv_size		= sizeof(struct fotg210_hcd),
5489 
5490 	/*
5491 	 * generic hardware linkage
5492 	 */
5493 	.irq			= fotg210_irq,
5494 	.flags			= HCD_MEMORY | HCD_DMA | HCD_USB2,
5495 
5496 	/*
5497 	 * basic lifecycle operations
5498 	 */
5499 	.reset			= hcd_fotg210_init,
5500 	.start			= fotg210_run,
5501 	.stop			= fotg210_stop,
5502 	.shutdown		= fotg210_shutdown,
5503 
5504 	/*
5505 	 * managing i/o requests and associated device resources
5506 	 */
5507 	.urb_enqueue		= fotg210_urb_enqueue,
5508 	.urb_dequeue		= fotg210_urb_dequeue,
5509 	.endpoint_disable	= fotg210_endpoint_disable,
5510 	.endpoint_reset		= fotg210_endpoint_reset,
5511 
5512 	/*
5513 	 * scheduling support
5514 	 */
5515 	.get_frame_number	= fotg210_get_frame,
5516 
5517 	/*
5518 	 * root hub support
5519 	 */
5520 	.hub_status_data	= fotg210_hub_status_data,
5521 	.hub_control		= fotg210_hub_control,
5522 	.bus_suspend		= fotg210_bus_suspend,
5523 	.bus_resume		= fotg210_bus_resume,
5524 
5525 	.relinquish_port	= fotg210_relinquish_port,
5526 	.port_handed_over	= fotg210_port_handed_over,
5527 
5528 	.clear_tt_buffer_complete = fotg210_clear_tt_buffer_complete,
5529 };
5530 
5531 static void fotg210_init(struct fotg210_hcd *fotg210)
5532 {
5533 	u32 value;
5534 
5535 	iowrite32(GMIR_MDEV_INT | GMIR_MOTG_INT | GMIR_INT_POLARITY,
5536 			&fotg210->regs->gmir);
5537 
5538 	value = ioread32(&fotg210->regs->otgcsr);
5539 	value &= ~OTGCSR_A_BUS_DROP;
5540 	value |= OTGCSR_A_BUS_REQ;
5541 	iowrite32(value, &fotg210->regs->otgcsr);
5542 }
5543 
5544 /*
5545  * fotg210_hcd_probe - initialize faraday FOTG210 HCDs
5546  *
5547  * Allocates basic resources for this USB host controller, and
5548  * then invokes the start() method for the HCD associated with it
5549  * through the hotplug entry's driver_data.
5550  */
5551 int fotg210_hcd_probe(struct platform_device *pdev, struct fotg210 *fotg)
5552 {
5553 	struct device *dev = &pdev->dev;
5554 	struct usb_hcd *hcd;
5555 	int irq;
5556 	int retval;
5557 	struct fotg210_hcd *fotg210;
5558 
5559 	if (usb_disabled())
5560 		return -ENODEV;
5561 
5562 	pdev->dev.power.power_state = PMSG_ON;
5563 
5564 	irq = platform_get_irq(pdev, 0);
5565 	if (irq < 0)
5566 		return irq;
5567 
5568 	hcd = usb_create_hcd(&fotg210_fotg210_hc_driver, dev,
5569 			dev_name(dev));
5570 	if (!hcd) {
5571 		retval = dev_err_probe(dev, -ENOMEM, "failed to create hcd\n");
5572 		goto fail_create_hcd;
5573 	}
5574 
5575 	hcd->has_tt = 1;
5576 
5577 	hcd->regs = fotg->base;
5578 
5579 	hcd->rsrc_start = fotg->res->start;
5580 	hcd->rsrc_len = resource_size(fotg->res);
5581 
5582 	fotg210 = hcd_to_fotg210(hcd);
5583 
5584 	fotg210->fotg = fotg;
5585 	fotg210->caps = hcd->regs;
5586 
5587 	retval = fotg210_setup(hcd);
5588 	if (retval)
5589 		goto failed_put_hcd;
5590 
5591 	fotg210_init(fotg210);
5592 
5593 	retval = usb_add_hcd(hcd, irq, IRQF_SHARED);
5594 	if (retval) {
5595 		dev_err_probe(dev, retval, "failed to add hcd\n");
5596 		goto failed_put_hcd;
5597 	}
5598 	device_wakeup_enable(hcd->self.controller);
5599 	platform_set_drvdata(pdev, hcd);
5600 
5601 	return retval;
5602 
5603 failed_put_hcd:
5604 	usb_put_hcd(hcd);
5605 fail_create_hcd:
5606 	return dev_err_probe(dev, retval, "init %s fail\n", dev_name(dev));
5607 }
5608 
5609 /*
5610  * fotg210_hcd_remove - shutdown processing for EHCI HCDs
5611  * @dev: USB Host Controller being removed
5612  *
5613  */
5614 int fotg210_hcd_remove(struct platform_device *pdev)
5615 {
5616 	struct usb_hcd *hcd = platform_get_drvdata(pdev);
5617 
5618 	usb_remove_hcd(hcd);
5619 	usb_put_hcd(hcd);
5620 
5621 	return 0;
5622 }
5623 
5624 int __init fotg210_hcd_init(void)
5625 {
5626 	if (usb_disabled())
5627 		return -ENODEV;
5628 
5629 	set_bit(USB_EHCI_LOADED, &usb_hcds_loaded);
5630 	if (test_bit(USB_UHCI_LOADED, &usb_hcds_loaded) ||
5631 			test_bit(USB_OHCI_LOADED, &usb_hcds_loaded))
5632 		pr_warn("Warning! fotg210_hcd should always be loaded before uhci_hcd and ohci_hcd, not after\n");
5633 
5634 	pr_debug("%s: block sizes: qh %zd qtd %zd itd %zd\n",
5635 			hcd_name, sizeof(struct fotg210_qh),
5636 			sizeof(struct fotg210_qtd),
5637 			sizeof(struct fotg210_itd));
5638 
5639 	fotg210_debug_root = debugfs_create_dir("fotg210", usb_debug_root);
5640 
5641 	return 0;
5642 }
5643 
5644 void __exit fotg210_hcd_cleanup(void)
5645 {
5646 	debugfs_remove(fotg210_debug_root);
5647 	clear_bit(USB_EHCI_LOADED, &usb_hcds_loaded);
5648 }
5649