xref: /linux/drivers/usb/gadget/udc/bdc/bdc_ep.c (revision ca55b2fef3a9373fcfc30f82fd26bc7fccbda732)
1 /*
2  * bdc_ep.c - BRCM BDC USB3.0 device controller endpoint related functions
3  *
4  * Copyright (C) 2014 Broadcom Corporation
5  *
6  * Author: Ashwini Pahuja
7  *
8  * Based on drivers under drivers/usb/
9  *
10  * This program is free software; you can redistribute it and/or modify it
11  * under the terms of the GNU General Public License as published by the
12  * Free Software Foundation; either version 2 of the License, or (at your
13  * option) any later version.
14  *
15  */
16 #include <linux/module.h>
17 #include <linux/pci.h>
18 #include <linux/dma-mapping.h>
19 #include <linux/kernel.h>
20 #include <linux/delay.h>
21 #include <linux/dmapool.h>
22 #include <linux/ioport.h>
23 #include <linux/sched.h>
24 #include <linux/slab.h>
25 #include <linux/errno.h>
26 #include <linux/init.h>
27 #include <linux/timer.h>
28 #include <linux/list.h>
29 #include <linux/interrupt.h>
30 #include <linux/moduleparam.h>
31 #include <linux/device.h>
32 #include <linux/usb/ch9.h>
33 #include <linux/usb/gadget.h>
34 #include <linux/usb/otg.h>
35 #include <linux/pm.h>
36 #include <linux/io.h>
37 #include <linux/irq.h>
38 #include <asm/unaligned.h>
39 #include <linux/platform_device.h>
40 #include <linux/usb/composite.h>
41 
42 #include "bdc.h"
43 #include "bdc_ep.h"
44 #include "bdc_cmd.h"
45 #include "bdc_dbg.h"
46 
47 static const char * const ep0_state_string[] =  {
48 	"WAIT_FOR_SETUP",
49 	"WAIT_FOR_DATA_START",
50 	"WAIT_FOR_DATA_XMIT",
51 	"WAIT_FOR_STATUS_START",
52 	"WAIT_FOR_STATUS_XMIT",
53 	"STATUS_PENDING"
54 };
55 
56 /* Free the bdl during ep disable */
57 static void ep_bd_list_free(struct bdc_ep *ep, u32 num_tabs)
58 {
59 	struct bd_list *bd_list = &ep->bd_list;
60 	struct bdc *bdc = ep->bdc;
61 	struct bd_table *bd_table;
62 	int index;
63 
64 	dev_dbg(bdc->dev, "%s ep:%s num_tabs:%d\n",
65 				 __func__, ep->name, num_tabs);
66 
67 	if (!bd_list->bd_table_array) {
68 		dev_dbg(bdc->dev, "%s already freed\n", ep->name);
69 		return;
70 	}
71 	for (index = 0; index < num_tabs; index++) {
72 		/*
73 		 * check if the bd_table struct is allocated ?
74 		 * if yes, then check if bd memory has been allocated, then
75 		 * free the dma_pool and also the bd_table struct memory
76 		*/
77 		bd_table = bd_list->bd_table_array[index];
78 		dev_dbg(bdc->dev, "bd_table:%p index:%d\n", bd_table, index);
79 		if (!bd_table) {
80 			dev_dbg(bdc->dev, "bd_table not allocated\n");
81 			continue;
82 		}
83 		if (!bd_table->start_bd) {
84 			dev_dbg(bdc->dev, "bd dma pool not allocted\n");
85 			continue;
86 		}
87 
88 		dev_dbg(bdc->dev,
89 				"Free dma pool start_bd:%p dma:%llx\n",
90 				bd_table->start_bd,
91 				(unsigned long long)bd_table->dma);
92 
93 		dma_pool_free(bdc->bd_table_pool,
94 				bd_table->start_bd,
95 				bd_table->dma);
96 		/* Free the bd_table structure */
97 		kfree(bd_table);
98 	}
99 	/* Free the bd table array */
100 	kfree(ep->bd_list.bd_table_array);
101 }
102 
103 /*
104  * chain the tables, by insteting a chain bd at the end of prev_table, pointing
105  * to next_table
106  */
107 static inline void chain_table(struct bd_table *prev_table,
108 					struct bd_table *next_table,
109 					u32 bd_p_tab)
110 {
111 	/* Chain the prev table to next table */
112 	prev_table->start_bd[bd_p_tab-1].offset[0] =
113 				cpu_to_le32(lower_32_bits(next_table->dma));
114 
115 	prev_table->start_bd[bd_p_tab-1].offset[1] =
116 				cpu_to_le32(upper_32_bits(next_table->dma));
117 
118 	prev_table->start_bd[bd_p_tab-1].offset[2] =
119 				0x0;
120 
121 	prev_table->start_bd[bd_p_tab-1].offset[3] =
122 				cpu_to_le32(MARK_CHAIN_BD);
123 }
124 
125 /* Allocate the bdl for ep, during config ep */
126 static int ep_bd_list_alloc(struct bdc_ep *ep)
127 {
128 	struct bd_table *prev_table = NULL;
129 	int index, num_tabs, bd_p_tab;
130 	struct bdc *bdc = ep->bdc;
131 	struct bd_table *bd_table;
132 	dma_addr_t dma;
133 
134 	if (usb_endpoint_xfer_isoc(ep->desc))
135 		num_tabs = NUM_TABLES_ISOCH;
136 	else
137 		num_tabs = NUM_TABLES;
138 
139 	bd_p_tab = NUM_BDS_PER_TABLE;
140 	/* if there is only 1 table in bd list then loop chain to self */
141 	dev_dbg(bdc->dev,
142 		"%s ep:%p num_tabs:%d\n",
143 		__func__, ep, num_tabs);
144 
145 	/* Allocate memory for table array */
146 	ep->bd_list.bd_table_array = kzalloc(
147 					num_tabs * sizeof(struct bd_table *),
148 					GFP_ATOMIC);
149 	if (!ep->bd_list.bd_table_array)
150 		return -ENOMEM;
151 
152 	/* Allocate memory for each table */
153 	for (index = 0; index < num_tabs; index++) {
154 		/* Allocate memory for bd_table structure */
155 		bd_table = kzalloc(sizeof(struct bd_table), GFP_ATOMIC);
156 		if (!bd_table)
157 			goto fail;
158 
159 		bd_table->start_bd = dma_pool_alloc(bdc->bd_table_pool,
160 							GFP_ATOMIC,
161 							&dma);
162 		if (!bd_table->start_bd) {
163 			kfree(bd_table);
164 			goto fail;
165 		}
166 
167 		bd_table->dma = dma;
168 
169 		dev_dbg(bdc->dev,
170 			"index:%d start_bd:%p dma=%08llx prev_table:%p\n",
171 			index, bd_table->start_bd,
172 			(unsigned long long)bd_table->dma, prev_table);
173 
174 		ep->bd_list.bd_table_array[index] = bd_table;
175 		memset(bd_table->start_bd, 0, bd_p_tab * sizeof(struct bdc_bd));
176 		if (prev_table)
177 			chain_table(prev_table, bd_table, bd_p_tab);
178 
179 		prev_table = bd_table;
180 	}
181 	chain_table(prev_table, ep->bd_list.bd_table_array[0], bd_p_tab);
182 	/* Memory allocation is successful, now init the internal fields */
183 	ep->bd_list.num_tabs = num_tabs;
184 	ep->bd_list.max_bdi  = (num_tabs * bd_p_tab) - 1;
185 	ep->bd_list.num_tabs = num_tabs;
186 	ep->bd_list.num_bds_table = bd_p_tab;
187 	ep->bd_list.eqp_bdi = 0;
188 	ep->bd_list.hwd_bdi = 0;
189 
190 	return 0;
191 fail:
192 	/* Free the bd_table_array, bd_table struct, bd's */
193 	ep_bd_list_free(ep, num_tabs);
194 
195 	return -ENOMEM;
196 }
197 
198 /* returns how many bd's are need for this transfer */
199 static inline int bd_needed_req(struct bdc_req *req)
200 {
201 	int bd_needed = 0;
202 	int remaining;
203 
204 	/* 1 bd needed for 0 byte transfer */
205 	if (req->usb_req.length == 0)
206 		return 1;
207 
208 	/* remaining bytes after tranfering all max BD size BD's */
209 	remaining = req->usb_req.length % BD_MAX_BUFF_SIZE;
210 	if (remaining)
211 		bd_needed++;
212 
213 	/* How many maximum BUFF size BD's ? */
214 	remaining = req->usb_req.length / BD_MAX_BUFF_SIZE;
215 	bd_needed += remaining;
216 
217 	return bd_needed;
218 }
219 
220 /* returns the bd index(bdi) corresponding to bd dma address */
221 static int bd_add_to_bdi(struct bdc_ep *ep, dma_addr_t bd_dma_addr)
222 {
223 	struct bd_list *bd_list = &ep->bd_list;
224 	dma_addr_t dma_first_bd, dma_last_bd;
225 	struct bdc *bdc = ep->bdc;
226 	struct bd_table *bd_table;
227 	bool found = false;
228 	int tbi, bdi;
229 
230 	dma_first_bd = dma_last_bd = 0;
231 	dev_dbg(bdc->dev, "%s  %llx\n",
232 			__func__, (unsigned long long)bd_dma_addr);
233 	/*
234 	 * Find in which table this bd_dma_addr belongs?, go through the table
235 	 * array and compare addresses of first and last address of bd of each
236 	 * table
237 	 */
238 	for (tbi = 0; tbi < bd_list->num_tabs; tbi++) {
239 		bd_table = bd_list->bd_table_array[tbi];
240 		dma_first_bd = bd_table->dma;
241 		dma_last_bd = bd_table->dma +
242 					(sizeof(struct bdc_bd) *
243 					(bd_list->num_bds_table - 1));
244 		dev_dbg(bdc->dev, "dma_first_bd:%llx dma_last_bd:%llx\n",
245 					(unsigned long long)dma_first_bd,
246 					(unsigned long long)dma_last_bd);
247 		if (bd_dma_addr >= dma_first_bd && bd_dma_addr <= dma_last_bd) {
248 			found = true;
249 			break;
250 		}
251 	}
252 	if (unlikely(!found)) {
253 		dev_err(bdc->dev, "%s FATAL err, bd not found\n", __func__);
254 		return -EINVAL;
255 	}
256 	/* Now we know the table, find the bdi */
257 	bdi = (bd_dma_addr - dma_first_bd) / sizeof(struct bdc_bd);
258 
259 	/* return the global bdi, to compare with ep eqp_bdi */
260 	return (bdi + (tbi * bd_list->num_bds_table));
261 }
262 
263 /* returns the table index(tbi) of the given bdi */
264 static int bdi_to_tbi(struct bdc_ep *ep, int bdi)
265 {
266 	int tbi;
267 
268 	tbi = bdi / ep->bd_list.num_bds_table;
269 	dev_vdbg(ep->bdc->dev,
270 		"bdi:%d num_bds_table:%d tbi:%d\n",
271 		bdi, ep->bd_list.num_bds_table, tbi);
272 
273 	return tbi;
274 }
275 
276 /* Find the bdi last bd in the transfer */
277 static inline int find_end_bdi(struct bdc_ep *ep, int next_hwd_bdi)
278 {
279 	int end_bdi;
280 
281 	end_bdi = next_hwd_bdi - 1;
282 	if (end_bdi < 0)
283 		end_bdi = ep->bd_list.max_bdi - 1;
284 	 else if ((end_bdi % (ep->bd_list.num_bds_table-1)) == 0)
285 		end_bdi--;
286 
287 	return end_bdi;
288 }
289 
290 /*
291  * How many transfer bd's are available on this ep bdl, chain bds are not
292  * counted in available bds
293  */
294 static int bd_available_ep(struct bdc_ep *ep)
295 {
296 	struct bd_list *bd_list = &ep->bd_list;
297 	int available1, available2;
298 	struct bdc *bdc = ep->bdc;
299 	int chain_bd1, chain_bd2;
300 	int available_bd = 0;
301 
302 	available1 = available2 = chain_bd1 = chain_bd2 = 0;
303 	/* if empty then we have all bd's available - number of chain bd's */
304 	if (bd_list->eqp_bdi == bd_list->hwd_bdi)
305 		return bd_list->max_bdi - bd_list->num_tabs;
306 
307 	/*
308 	 * Depending upon where eqp and dqp pointers are, caculate number
309 	 * of avaialble bd's
310 	 */
311 	if (bd_list->hwd_bdi < bd_list->eqp_bdi) {
312 		/* available bd's are from eqp..max_bds + 0..dqp - chain_bds */
313 		available1 = bd_list->max_bdi - bd_list->eqp_bdi;
314 		available2 = bd_list->hwd_bdi;
315 		chain_bd1 = available1 / bd_list->num_bds_table;
316 		chain_bd2 = available2 / bd_list->num_bds_table;
317 		dev_vdbg(bdc->dev, "chain_bd1:%d chain_bd2:%d\n",
318 						chain_bd1, chain_bd2);
319 		available_bd = available1 + available2 - chain_bd1 - chain_bd2;
320 	} else {
321 		/* available bd's are from eqp..dqp - number of chain bd's */
322 		available1 = bd_list->hwd_bdi -  bd_list->eqp_bdi;
323 		/* if gap between eqp and dqp is less than NUM_BDS_PER_TABLE */
324 		if ((bd_list->hwd_bdi - bd_list->eqp_bdi)
325 					<= bd_list->num_bds_table) {
326 			/* If there any chain bd in between */
327 			if (!(bdi_to_tbi(ep, bd_list->hwd_bdi)
328 					== bdi_to_tbi(ep, bd_list->eqp_bdi))) {
329 				available_bd = available1 - 1;
330 			}
331 		} else {
332 			chain_bd1 = available1 / bd_list->num_bds_table;
333 			available_bd = available1 - chain_bd1;
334 		}
335 	}
336 	/*
337 	 * we need to keep one extra bd to check if ring is full or empty so
338 	 * reduce by 1
339 	 */
340 	available_bd--;
341 	dev_vdbg(bdc->dev, "available_bd:%d\n", available_bd);
342 
343 	return available_bd;
344 }
345 
346 /* Notify the hardware after queueing the bd to bdl */
347 void bdc_notify_xfr(struct bdc *bdc, u32 epnum)
348 {
349 	struct bdc_ep *ep = bdc->bdc_ep_array[epnum];
350 
351 	dev_vdbg(bdc->dev, "%s epnum:%d\n", __func__, epnum);
352 	/*
353 	 * We don't have anyway to check if ep state is running,
354 	 * except the software flags.
355 	 */
356 	if (unlikely(ep->flags & BDC_EP_STOP))
357 		ep->flags &= ~BDC_EP_STOP;
358 
359 	bdc_writel(bdc->regs, BDC_XSFNTF, epnum);
360 }
361 
362 /* returns the bd corresponding to bdi */
363 static struct bdc_bd *bdi_to_bd(struct bdc_ep *ep, int bdi)
364 {
365 	int tbi = bdi_to_tbi(ep, bdi);
366 	int local_bdi = 0;
367 
368 	local_bdi = bdi - (tbi * ep->bd_list.num_bds_table);
369 	dev_vdbg(ep->bdc->dev,
370 		"%s bdi:%d local_bdi:%d\n",
371 		 __func__, bdi, local_bdi);
372 
373 	return (ep->bd_list.bd_table_array[tbi]->start_bd + local_bdi);
374 }
375 
376 /* Advance the enqueue pointer */
377 static void ep_bdlist_eqp_adv(struct bdc_ep *ep)
378 {
379 	ep->bd_list.eqp_bdi++;
380 	/* if it's chain bd, then move to next */
381 	if (((ep->bd_list.eqp_bdi + 1) % ep->bd_list.num_bds_table) == 0)
382 		ep->bd_list.eqp_bdi++;
383 
384 	/* if the eqp is pointing to last + 1 then move back to 0 */
385 	if (ep->bd_list.eqp_bdi == (ep->bd_list.max_bdi + 1))
386 		ep->bd_list.eqp_bdi = 0;
387 }
388 
389 /* Setup the first bd for ep0 transfer */
390 static int setup_first_bd_ep0(struct bdc *bdc, struct bdc_req *req, u32 *dword3)
391 {
392 	u16 wValue;
393 	u32 req_len;
394 
395 	req->ep->dir = 0;
396 	req_len = req->usb_req.length;
397 	switch (bdc->ep0_state) {
398 	case WAIT_FOR_DATA_START:
399 		*dword3 |= BD_TYPE_DS;
400 		if (bdc->setup_pkt.bRequestType & USB_DIR_IN)
401 			*dword3 |= BD_DIR_IN;
402 
403 		/* check if zlp will be needed */
404 		wValue = le16_to_cpu(bdc->setup_pkt.wValue);
405 		if ((wValue > req_len) &&
406 				(req_len % bdc->gadget.ep0->maxpacket == 0)) {
407 			dev_dbg(bdc->dev, "ZLP needed wVal:%d len:%d MaxP:%d\n",
408 					wValue, req_len,
409 					bdc->gadget.ep0->maxpacket);
410 			bdc->zlp_needed = true;
411 		}
412 		break;
413 
414 	case WAIT_FOR_STATUS_START:
415 		*dword3 |= BD_TYPE_SS;
416 		if (!le16_to_cpu(bdc->setup_pkt.wLength) ||
417 				!(bdc->setup_pkt.bRequestType & USB_DIR_IN))
418 			*dword3 |= BD_DIR_IN;
419 		break;
420 	default:
421 		dev_err(bdc->dev,
422 			"Unknown ep0 state for queueing bd ep0_state:%s\n",
423 			ep0_state_string[bdc->ep0_state]);
424 		return -EINVAL;
425 	}
426 
427 	return 0;
428 }
429 
430 /* Setup the bd dma descriptor for a given request */
431 static int setup_bd_list_xfr(struct bdc *bdc, struct bdc_req *req, int num_bds)
432 {
433 	dma_addr_t buf_add = req->usb_req.dma;
434 	u32 maxp, tfs, dword2, dword3;
435 	struct bd_transfer *bd_xfr;
436 	struct bd_list *bd_list;
437 	struct bdc_ep *ep;
438 	struct bdc_bd *bd;
439 	int ret, bdnum;
440 	u32 req_len;
441 
442 	ep = req->ep;
443 	bd_list = &ep->bd_list;
444 	bd_xfr = &req->bd_xfr;
445 	bd_xfr->req = req;
446 	bd_xfr->start_bdi = bd_list->eqp_bdi;
447 	bd = bdi_to_bd(ep, bd_list->eqp_bdi);
448 	req_len = req->usb_req.length;
449 	maxp = usb_endpoint_maxp(ep->desc) & 0x7ff;
450 	tfs = roundup(req->usb_req.length, maxp);
451 	tfs = tfs/maxp;
452 	dev_vdbg(bdc->dev, "%s ep:%s num_bds:%d tfs:%d r_len:%d bd:%p\n",
453 				__func__, ep->name, num_bds, tfs, req_len, bd);
454 
455 	for (bdnum = 0; bdnum < num_bds; bdnum++) {
456 		dword2 = dword3 = 0;
457 		/* First bd */
458 		if (!bdnum) {
459 			dword3 |= BD_SOT|BD_SBF|(tfs<<BD_TFS_SHIFT);
460 			dword2 |= BD_LTF;
461 			/* format of first bd for ep0 is different than other */
462 			if (ep->ep_num == 1) {
463 				ret = setup_first_bd_ep0(bdc, req, &dword3);
464 				if (ret)
465 					return ret;
466 			}
467 		}
468 		if (!req->ep->dir)
469 			dword3 |= BD_ISP;
470 
471 		if (req_len > BD_MAX_BUFF_SIZE) {
472 			dword2 |= BD_MAX_BUFF_SIZE;
473 			req_len -= BD_MAX_BUFF_SIZE;
474 		} else {
475 			/* this should be the last bd */
476 			dword2 |= req_len;
477 			dword3 |= BD_IOC;
478 			dword3 |= BD_EOT;
479 		}
480 		/* Currently only 1 INT target is supported */
481 		dword2 |= BD_INTR_TARGET(0);
482 		bd = bdi_to_bd(ep, ep->bd_list.eqp_bdi);
483 		if (unlikely(!bd)) {
484 			dev_err(bdc->dev, "Err bd pointing to wrong addr\n");
485 			return -EINVAL;
486 		}
487 		/* write bd */
488 		bd->offset[0] = cpu_to_le32(lower_32_bits(buf_add));
489 		bd->offset[1] = cpu_to_le32(upper_32_bits(buf_add));
490 		bd->offset[2] = cpu_to_le32(dword2);
491 		bd->offset[3] = cpu_to_le32(dword3);
492 		/* advance eqp pointer */
493 		ep_bdlist_eqp_adv(ep);
494 		/* advance the buff pointer */
495 		buf_add += BD_MAX_BUFF_SIZE;
496 		dev_vdbg(bdc->dev, "buf_add:%08llx req_len:%d bd:%p eqp:%d\n",
497 				(unsigned long long)buf_add, req_len, bd,
498 							ep->bd_list.eqp_bdi);
499 		bd = bdi_to_bd(ep, ep->bd_list.eqp_bdi);
500 		bd->offset[3] = cpu_to_le32(BD_SBF);
501 	}
502 	/* clear the STOP BD fetch bit from the first bd of this xfr */
503 	bd = bdi_to_bd(ep, bd_xfr->start_bdi);
504 	bd->offset[3] &= cpu_to_le32(~BD_SBF);
505 	/* the new eqp will be next hw dqp */
506 	bd_xfr->num_bds  = num_bds;
507 	bd_xfr->next_hwd_bdi = ep->bd_list.eqp_bdi;
508 	/* everything is written correctly before notifying the HW */
509 	wmb();
510 
511 	return 0;
512 }
513 
514 /* Queue the xfr */
515 static int bdc_queue_xfr(struct bdc *bdc, struct bdc_req *req)
516 {
517 	int num_bds, bd_available;
518 	struct bdc_ep *ep;
519 	int ret;
520 
521 	ep = req->ep;
522 	dev_dbg(bdc->dev, "%s req:%p\n", __func__, req);
523 	dev_dbg(bdc->dev, "eqp_bdi:%d hwd_bdi:%d\n",
524 			ep->bd_list.eqp_bdi, ep->bd_list.hwd_bdi);
525 
526 	num_bds =  bd_needed_req(req);
527 	bd_available = bd_available_ep(ep);
528 
529 	/* how many bd's are avaialble on ep */
530 	if (num_bds > bd_available)
531 		return -ENOMEM;
532 
533 	ret = setup_bd_list_xfr(bdc, req, num_bds);
534 	if (ret)
535 		return ret;
536 	list_add_tail(&req->queue, &ep->queue);
537 	bdc_dbg_bd_list(bdc, ep);
538 	bdc_notify_xfr(bdc, ep->ep_num);
539 
540 	return 0;
541 }
542 
543 /* callback to gadget layer when xfr completes */
544 static void bdc_req_complete(struct bdc_ep *ep, struct bdc_req *req,
545 						int status)
546 {
547 	struct bdc *bdc = ep->bdc;
548 
549 	if (req == NULL  || &req->queue == NULL || &req->usb_req == NULL)
550 		return;
551 
552 	dev_dbg(bdc->dev, "%s ep:%s status:%d\n", __func__, ep->name, status);
553 	list_del(&req->queue);
554 	req->usb_req.status = status;
555 	usb_gadget_unmap_request(&bdc->gadget, &req->usb_req, ep->dir);
556 	if (req->usb_req.complete) {
557 		spin_unlock(&bdc->lock);
558 		usb_gadget_giveback_request(&ep->usb_ep, &req->usb_req);
559 		spin_lock(&bdc->lock);
560 	}
561 }
562 
563 /* Disable the endpoint */
564 int bdc_ep_disable(struct bdc_ep *ep)
565 {
566 	struct bdc_req *req;
567 	struct bdc *bdc;
568 	int ret;
569 
570 	ret = 0;
571 	bdc = ep->bdc;
572 	dev_dbg(bdc->dev, "%s() ep->ep_num=%d\n", __func__, ep->ep_num);
573 	/* Stop the endpoint */
574 	ret = bdc_stop_ep(bdc, ep->ep_num);
575 
576 	/*
577 	 * Intentionally don't check the ret value of stop, it can fail in
578 	 * disconnect scenarios, continue with dconfig
579 	 */
580 	/* de-queue any pending requests */
581 	while (!list_empty(&ep->queue)) {
582 		req = list_entry(ep->queue.next, struct bdc_req,
583 				queue);
584 		bdc_req_complete(ep, req, -ESHUTDOWN);
585 	}
586 	/* deconfigure the endpoint */
587 	ret = bdc_dconfig_ep(bdc, ep);
588 	if (ret)
589 		dev_warn(bdc->dev,
590 			"dconfig fail but continue with memory free");
591 
592 	ep->flags = 0;
593 	/* ep0 memory is not freed, but reused on next connect sr */
594 	if (ep->ep_num == 1)
595 		return 0;
596 
597 	/* Free the bdl memory */
598 	ep_bd_list_free(ep, ep->bd_list.num_tabs);
599 	ep->desc = NULL;
600 	ep->comp_desc = NULL;
601 	ep->usb_ep.desc = NULL;
602 	ep->ep_type = 0;
603 
604 	return ret;
605 }
606 
607 /* Enable the ep */
608 int bdc_ep_enable(struct bdc_ep *ep)
609 {
610 	struct bdc *bdc;
611 	int ret = 0;
612 
613 	bdc = ep->bdc;
614 	dev_dbg(bdc->dev, "%s NUM_TABLES:%d %d\n",
615 					__func__, NUM_TABLES, NUM_TABLES_ISOCH);
616 
617 	ret = ep_bd_list_alloc(ep);
618 	if (ret) {
619 		dev_err(bdc->dev, "ep bd list allocation failed:%d\n", ret);
620 		return -ENOMEM;
621 	}
622 	bdc_dbg_bd_list(bdc, ep);
623 	/* only for ep0: config ep is called for ep0 from connect event */
624 	ep->flags |= BDC_EP_ENABLED;
625 	if (ep->ep_num == 1)
626 		return ret;
627 
628 	/* Issue a configure endpoint command */
629 	ret = bdc_config_ep(bdc, ep);
630 	if (ret)
631 		return ret;
632 
633 	ep->usb_ep.maxpacket = usb_endpoint_maxp(ep->desc);
634 	ep->usb_ep.desc = ep->desc;
635 	ep->usb_ep.comp_desc = ep->comp_desc;
636 	ep->ep_type = usb_endpoint_type(ep->desc);
637 	ep->flags |= BDC_EP_ENABLED;
638 
639 	return 0;
640 }
641 
642 /* EP0 related code */
643 
644 /* Queue a status stage BD */
645 static int ep0_queue_status_stage(struct bdc *bdc)
646 {
647 	struct bdc_req *status_req;
648 	struct bdc_ep *ep;
649 
650 	status_req = &bdc->status_req;
651 	ep = bdc->bdc_ep_array[1];
652 	status_req->ep = ep;
653 	status_req->usb_req.length = 0;
654 	status_req->usb_req.status = -EINPROGRESS;
655 	status_req->usb_req.actual = 0;
656 	status_req->usb_req.complete = NULL;
657 	bdc_queue_xfr(bdc, status_req);
658 
659 	return 0;
660 }
661 
662 /* Queue xfr on ep0 */
663 static int ep0_queue(struct bdc_ep *ep, struct bdc_req *req)
664 {
665 	struct bdc *bdc;
666 	int ret;
667 
668 	bdc = ep->bdc;
669 	dev_dbg(bdc->dev, "%s()\n", __func__);
670 	req->usb_req.actual = 0;
671 	req->usb_req.status = -EINPROGRESS;
672 	req->epnum = ep->ep_num;
673 
674 	if (bdc->delayed_status) {
675 		bdc->delayed_status = false;
676 		/* if status stage was delayed? */
677 		if (bdc->ep0_state == WAIT_FOR_STATUS_START) {
678 			/* Queue a status stage BD */
679 			ep0_queue_status_stage(bdc);
680 			bdc->ep0_state = WAIT_FOR_STATUS_XMIT;
681 			return 0;
682 		}
683 	} else {
684 		/*
685 		 * if delayed status is false and 0 length transfer is requested
686 		 * i.e. for status stage of some setup request, then just
687 		 * return from here the status stage is queued independently
688 		 */
689 		if (req->usb_req.length == 0)
690 			return 0;
691 
692 	}
693 	ret = usb_gadget_map_request(&bdc->gadget, &req->usb_req, ep->dir);
694 	if (ret) {
695 		dev_err(bdc->dev, "dma mapping failed %s\n", ep->name);
696 		return ret;
697 	}
698 
699 	return bdc_queue_xfr(bdc, req);
700 }
701 
702 /* Queue data stage */
703 static int ep0_queue_data_stage(struct bdc *bdc)
704 {
705 	struct usb_request *ep0_usb_req;
706 	struct bdc_ep *ep;
707 
708 	dev_dbg(bdc->dev, "%s\n", __func__);
709 	ep0_usb_req = &bdc->ep0_req.usb_req;
710 	ep = bdc->bdc_ep_array[1];
711 	bdc->ep0_req.ep = ep;
712 	bdc->ep0_req.usb_req.complete = NULL;
713 
714 	return ep0_queue(ep, &bdc->ep0_req);
715 }
716 
717 /* Queue req on ep */
718 static int ep_queue(struct bdc_ep *ep, struct bdc_req *req)
719 {
720 	struct bdc *bdc;
721 	int ret = 0;
722 
723 	if (!req || !ep->usb_ep.desc)
724 		return -EINVAL;
725 
726 	bdc = ep->bdc;
727 
728 	req->usb_req.actual = 0;
729 	req->usb_req.status = -EINPROGRESS;
730 	req->epnum = ep->ep_num;
731 
732 	ret = usb_gadget_map_request(&bdc->gadget, &req->usb_req, ep->dir);
733 	if (ret) {
734 		dev_err(bdc->dev, "dma mapping failed\n");
735 		return ret;
736 	}
737 
738 	return bdc_queue_xfr(bdc, req);
739 }
740 
741 /* Dequeue a request from ep */
742 static int ep_dequeue(struct bdc_ep *ep, struct bdc_req *req)
743 {
744 	int start_bdi, end_bdi, tbi, eqp_bdi, curr_hw_dqpi;
745 	bool start_pending, end_pending;
746 	bool first_remove = false;
747 	struct bdc_req *first_req;
748 	struct bdc_bd *bd_start;
749 	struct bd_table *table;
750 	dma_addr_t next_bd_dma;
751 	u64   deq_ptr_64 = 0;
752 	struct bdc  *bdc;
753 	u32    tmp_32;
754 	int ret;
755 
756 	bdc = ep->bdc;
757 	start_pending = end_pending = false;
758 	eqp_bdi = ep->bd_list.eqp_bdi - 1;
759 
760 	if (eqp_bdi < 0)
761 		eqp_bdi = ep->bd_list.max_bdi;
762 
763 	start_bdi = req->bd_xfr.start_bdi;
764 	end_bdi = find_end_bdi(ep, req->bd_xfr.next_hwd_bdi);
765 
766 	dev_dbg(bdc->dev, "%s ep:%s start:%d end:%d\n",
767 					__func__, ep->name, start_bdi, end_bdi);
768 	dev_dbg(bdc->dev, "ep_dequeue ep=%p ep->desc=%p\n",
769 						ep, (void *)ep->usb_ep.desc);
770 	/* Stop the ep to see where the HW is ? */
771 	ret = bdc_stop_ep(bdc, ep->ep_num);
772 	/* if there is an issue with stopping ep, then no need to go further */
773 	if (ret)
774 		return 0;
775 
776 	/*
777 	 * After endpoint is stopped, there can be 3 cases, the request
778 	 * is processed, pending or in the middle of processing
779 	 */
780 
781 	/* The current hw dequeue pointer */
782 	tmp_32 = bdc_readl(bdc->regs, BDC_EPSTS0(0));
783 	deq_ptr_64 = tmp_32;
784 	tmp_32 = bdc_readl(bdc->regs, BDC_EPSTS1(0));
785 	deq_ptr_64 |= ((u64)tmp_32 << 32);
786 
787 	/* we have the dma addr of next bd that will be fetched by hardware */
788 	curr_hw_dqpi = bd_add_to_bdi(ep, deq_ptr_64);
789 	if (curr_hw_dqpi < 0)
790 		return curr_hw_dqpi;
791 
792 	/*
793 	 * curr_hw_dqpi points to actual dqp of HW and HW owns bd's from
794 	 * curr_hw_dqbdi..eqp_bdi.
795 	 */
796 
797 	/* Check if start_bdi and end_bdi are in range of HW owned BD's */
798 	if (curr_hw_dqpi > eqp_bdi) {
799 		/* there is a wrap from last to 0 */
800 		if (start_bdi >= curr_hw_dqpi || start_bdi <= eqp_bdi) {
801 			start_pending = true;
802 			end_pending = true;
803 		} else if (end_bdi >= curr_hw_dqpi || end_bdi <= eqp_bdi) {
804 				end_pending = true;
805 		}
806 	} else {
807 		if (start_bdi >= curr_hw_dqpi) {
808 			start_pending = true;
809 			end_pending = true;
810 		} else if (end_bdi >= curr_hw_dqpi) {
811 			end_pending = true;
812 		}
813 	}
814 	dev_dbg(bdc->dev,
815 		"start_pending:%d end_pending:%d speed:%d\n",
816 		start_pending, end_pending, bdc->gadget.speed);
817 
818 	/* If both start till end are processes, we cannot deq req */
819 	if (!start_pending && !end_pending)
820 		return -EINVAL;
821 
822 	/*
823 	 * if ep_dequeue is called after disconnect then just return
824 	 * success from here
825 	 */
826 	if (bdc->gadget.speed == USB_SPEED_UNKNOWN)
827 		return 0;
828 	tbi = bdi_to_tbi(ep, req->bd_xfr.next_hwd_bdi);
829 	table = ep->bd_list.bd_table_array[tbi];
830 	next_bd_dma =  table->dma +
831 			sizeof(struct bdc_bd)*(req->bd_xfr.next_hwd_bdi -
832 					tbi * ep->bd_list.num_bds_table);
833 
834 	first_req = list_first_entry(&ep->queue, struct bdc_req,
835 			queue);
836 
837 	if (req == first_req)
838 		first_remove = true;
839 
840 	/*
841 	 * Due to HW limitation we need to bypadd chain bd's and issue ep_bla,
842 	 * incase if start is pending this is the first request in the list
843 	 * then issue ep_bla instead of marking as chain bd
844 	 */
845 	if (start_pending && !first_remove) {
846 		/*
847 		 * Mark the start bd as Chain bd, and point the chain
848 		 * bd to next_bd_dma
849 		 */
850 		bd_start = bdi_to_bd(ep, start_bdi);
851 		bd_start->offset[0] = cpu_to_le32(lower_32_bits(next_bd_dma));
852 		bd_start->offset[1] = cpu_to_le32(upper_32_bits(next_bd_dma));
853 		bd_start->offset[2] = 0x0;
854 		bd_start->offset[3] = cpu_to_le32(MARK_CHAIN_BD);
855 		bdc_dbg_bd_list(bdc, ep);
856 	} else if (end_pending) {
857 		/*
858 		 * The transfer is stopped in the middle, move the
859 		 * HW deq pointer to next_bd_dma
860 		 */
861 		ret = bdc_ep_bla(bdc, ep, next_bd_dma);
862 		if (ret) {
863 			dev_err(bdc->dev, "error in ep_bla:%d\n", ret);
864 			return ret;
865 		}
866 	}
867 
868 	return 0;
869 }
870 
871 /* Halt/Clear the ep based on value */
872 static int ep_set_halt(struct bdc_ep *ep, u32 value)
873 {
874 	struct bdc *bdc;
875 	int ret;
876 
877 	bdc = ep->bdc;
878 	dev_dbg(bdc->dev, "%s ep:%s value=%d\n", __func__, ep->name, value);
879 
880 	if (value) {
881 		dev_dbg(bdc->dev, "Halt\n");
882 		if (ep->ep_num == 1)
883 			bdc->ep0_state = WAIT_FOR_SETUP;
884 
885 		ret = bdc_ep_set_stall(bdc, ep->ep_num);
886 		if (ret)
887 			dev_err(bdc->dev, "failed to set STALL on %s\n",
888 				ep->name);
889 		else
890 			ep->flags |= BDC_EP_STALL;
891 	} else {
892 		/* Clear */
893 		dev_dbg(bdc->dev, "Before Clear\n");
894 		ret = bdc_ep_clear_stall(bdc, ep->ep_num);
895 		if (ret)
896 			dev_err(bdc->dev, "failed to clear STALL on %s\n",
897 				ep->name);
898 		else
899 			ep->flags &= ~BDC_EP_STALL;
900 		dev_dbg(bdc->dev, "After  Clear\n");
901 	}
902 
903 	return ret;
904 }
905 
906 /* Free all the ep */
907 void bdc_free_ep(struct bdc *bdc)
908 {
909 	struct bdc_ep *ep;
910 	u8	epnum;
911 
912 	dev_dbg(bdc->dev, "%s\n", __func__);
913 	for (epnum = 1; epnum < bdc->num_eps; epnum++) {
914 		ep = bdc->bdc_ep_array[epnum];
915 		if (!ep)
916 			continue;
917 
918 		if (ep->flags & BDC_EP_ENABLED)
919 			ep_bd_list_free(ep, ep->bd_list.num_tabs);
920 
921 		/* ep0 is not in this gadget list */
922 		if (epnum != 1)
923 			list_del(&ep->usb_ep.ep_list);
924 
925 		kfree(ep);
926 	}
927 }
928 
929 /* USB2 spec, section 7.1.20 */
930 static int bdc_set_test_mode(struct bdc *bdc)
931 {
932 	u32 usb2_pm;
933 
934 	usb2_pm = bdc_readl(bdc->regs, BDC_USPPM2);
935 	usb2_pm &= ~BDC_PTC_MASK;
936 	dev_dbg(bdc->dev, "%s\n", __func__);
937 	switch (bdc->test_mode) {
938 	case TEST_J:
939 	case TEST_K:
940 	case TEST_SE0_NAK:
941 	case TEST_PACKET:
942 	case TEST_FORCE_EN:
943 		usb2_pm |= bdc->test_mode << 28;
944 		break;
945 	default:
946 		return -EINVAL;
947 	}
948 	dev_dbg(bdc->dev, "usb2_pm=%08x", usb2_pm);
949 	bdc_writel(bdc->regs, BDC_USPPM2, usb2_pm);
950 
951 	return 0;
952 }
953 
954 /*
955  * Helper function to handle Transfer status report with status as either
956  * success or short
957  */
958 static void handle_xsr_succ_status(struct bdc *bdc, struct bdc_ep *ep,
959 							struct bdc_sr *sreport)
960 {
961 	int short_bdi, start_bdi, end_bdi, max_len_bds, chain_bds;
962 	struct bd_list *bd_list = &ep->bd_list;
963 	int actual_length, length_short;
964 	struct bd_transfer *bd_xfr;
965 	struct bdc_bd *short_bd;
966 	struct bdc_req *req;
967 	u64   deq_ptr_64 = 0;
968 	int status = 0;
969 	int sr_status;
970 	u32    tmp_32;
971 
972 	dev_dbg(bdc->dev, "%s  ep:%p\n", __func__, ep);
973 	bdc_dbg_srr(bdc, 0);
974 	/* do not process thie sr if ignore flag is set */
975 	if (ep->ignore_next_sr) {
976 		ep->ignore_next_sr = false;
977 		return;
978 	}
979 
980 	if (unlikely(list_empty(&ep->queue))) {
981 		dev_warn(bdc->dev, "xfr srr with no BD's queued\n");
982 		return;
983 	}
984 	req = list_entry(ep->queue.next, struct bdc_req,
985 			queue);
986 
987 	bd_xfr = &req->bd_xfr;
988 	sr_status = XSF_STS(le32_to_cpu(sreport->offset[3]));
989 
990 	/*
991 	 * sr_status is short and this transfer has more than 1 bd then it needs
992 	 * special handling,  this is only applicable for bulk and ctrl
993 	 */
994 	if (sr_status == XSF_SHORT &&  bd_xfr->num_bds > 1) {
995 		/*
996 		 * This is multi bd xfr, lets see which bd
997 		 * caused short transfer and how many bytes have been
998 		 * transferred so far.
999 		 */
1000 		tmp_32 = le32_to_cpu(sreport->offset[0]);
1001 		deq_ptr_64 = tmp_32;
1002 		tmp_32 = le32_to_cpu(sreport->offset[1]);
1003 		deq_ptr_64 |= ((u64)tmp_32 << 32);
1004 		short_bdi = bd_add_to_bdi(ep, deq_ptr_64);
1005 		if (unlikely(short_bdi < 0))
1006 			dev_warn(bdc->dev, "bd doesn't exist?\n");
1007 
1008 		start_bdi =  bd_xfr->start_bdi;
1009 		/*
1010 		 * We know the start_bdi and short_bdi, how many xfr
1011 		 * bds in between
1012 		 */
1013 		if (start_bdi <= short_bdi) {
1014 			max_len_bds = short_bdi - start_bdi;
1015 			if (max_len_bds <= bd_list->num_bds_table) {
1016 				if (!(bdi_to_tbi(ep, start_bdi) ==
1017 						bdi_to_tbi(ep, short_bdi)))
1018 					max_len_bds--;
1019 			} else {
1020 				chain_bds = max_len_bds/bd_list->num_bds_table;
1021 				max_len_bds -= chain_bds;
1022 			}
1023 		} else {
1024 			/* there is a wrap in the ring within a xfr */
1025 			chain_bds = (bd_list->max_bdi - start_bdi)/
1026 							bd_list->num_bds_table;
1027 			chain_bds += short_bdi/bd_list->num_bds_table;
1028 			max_len_bds = bd_list->max_bdi - start_bdi;
1029 			max_len_bds += short_bdi;
1030 			max_len_bds -= chain_bds;
1031 		}
1032 		/* max_len_bds is the number of full length bds */
1033 		end_bdi = find_end_bdi(ep, bd_xfr->next_hwd_bdi);
1034 		if (!(end_bdi == short_bdi))
1035 			ep->ignore_next_sr = true;
1036 
1037 		actual_length = max_len_bds * BD_MAX_BUFF_SIZE;
1038 		short_bd = bdi_to_bd(ep, short_bdi);
1039 		/* length queued */
1040 		length_short = le32_to_cpu(short_bd->offset[2]) & 0x1FFFFF;
1041 		/* actual length trensfered */
1042 		length_short -= SR_BD_LEN(le32_to_cpu(sreport->offset[2]));
1043 		actual_length += length_short;
1044 		req->usb_req.actual = actual_length;
1045 	} else {
1046 		req->usb_req.actual = req->usb_req.length -
1047 			SR_BD_LEN(le32_to_cpu(sreport->offset[2]));
1048 		dev_dbg(bdc->dev,
1049 			"len=%d actual=%d bd_xfr->next_hwd_bdi:%d\n",
1050 			req->usb_req.length, req->usb_req.actual,
1051 			bd_xfr->next_hwd_bdi);
1052 	}
1053 
1054 	/* Update the dequeue pointer */
1055 	ep->bd_list.hwd_bdi = bd_xfr->next_hwd_bdi;
1056 	if (req->usb_req.actual < req->usb_req.length) {
1057 		dev_dbg(bdc->dev, "short xfr on %d\n", ep->ep_num);
1058 		if (req->usb_req.short_not_ok)
1059 			status = -EREMOTEIO;
1060 	}
1061 	bdc_req_complete(ep, bd_xfr->req, status);
1062 }
1063 
1064 /* EP0 setup related packet handlers */
1065 
1066 /*
1067  * Setup packet received, just store the packet and process on next DS or SS
1068  * started SR
1069  */
1070 void bdc_xsf_ep0_setup_recv(struct bdc *bdc, struct bdc_sr *sreport)
1071 {
1072 	struct usb_ctrlrequest *setup_pkt;
1073 	u32 len;
1074 
1075 	dev_dbg(bdc->dev,
1076 		"%s ep0_state:%s\n",
1077 		__func__, ep0_state_string[bdc->ep0_state]);
1078 	/* Store received setup packet */
1079 	setup_pkt = &bdc->setup_pkt;
1080 	memcpy(setup_pkt, &sreport->offset[0], sizeof(*setup_pkt));
1081 	len = le16_to_cpu(setup_pkt->wLength);
1082 	if (!len)
1083 		bdc->ep0_state = WAIT_FOR_STATUS_START;
1084 	else
1085 		bdc->ep0_state = WAIT_FOR_DATA_START;
1086 
1087 
1088 	dev_dbg(bdc->dev,
1089 		"%s exit ep0_state:%s\n",
1090 		__func__, ep0_state_string[bdc->ep0_state]);
1091 }
1092 
1093 /* Stall ep0 */
1094 static void ep0_stall(struct bdc *bdc)
1095 {
1096 	struct bdc_ep	*ep = bdc->bdc_ep_array[1];
1097 	struct bdc_req *req;
1098 
1099 	dev_dbg(bdc->dev, "%s\n", __func__);
1100 	bdc->delayed_status = false;
1101 	ep_set_halt(ep, 1);
1102 
1103 	/* de-queue any pendig requests */
1104 	while (!list_empty(&ep->queue)) {
1105 		req = list_entry(ep->queue.next, struct bdc_req,
1106 				queue);
1107 		bdc_req_complete(ep, req, -ESHUTDOWN);
1108 	}
1109 }
1110 
1111 /* SET_ADD handlers */
1112 static int ep0_set_address(struct bdc *bdc, struct usb_ctrlrequest *ctrl)
1113 {
1114 	enum usb_device_state state = bdc->gadget.state;
1115 	int ret = 0;
1116 	u32 addr;
1117 
1118 	addr = le16_to_cpu(ctrl->wValue);
1119 	dev_dbg(bdc->dev,
1120 		"%s addr:%d dev state:%d\n",
1121 		__func__, addr, state);
1122 
1123 	if (addr > 127)
1124 		return -EINVAL;
1125 
1126 	switch (state) {
1127 	case USB_STATE_DEFAULT:
1128 	case USB_STATE_ADDRESS:
1129 		/* Issue Address device command */
1130 		ret = bdc_address_device(bdc, addr);
1131 		if (ret)
1132 			return ret;
1133 
1134 		if (addr)
1135 			usb_gadget_set_state(&bdc->gadget, USB_STATE_ADDRESS);
1136 		else
1137 			usb_gadget_set_state(&bdc->gadget, USB_STATE_DEFAULT);
1138 
1139 		bdc->dev_addr = addr;
1140 		break;
1141 	default:
1142 		dev_warn(bdc->dev,
1143 			"SET Address in wrong device state %d\n",
1144 			state);
1145 		ret = -EINVAL;
1146 	}
1147 
1148 	return ret;
1149 }
1150 
1151 /* Handler for SET/CLEAR FEATURE requests for device */
1152 static int ep0_handle_feature_dev(struct bdc *bdc, u16 wValue,
1153 							u16 wIndex, bool set)
1154 {
1155 	enum usb_device_state state = bdc->gadget.state;
1156 	u32	usppms = 0;
1157 
1158 	dev_dbg(bdc->dev, "%s set:%d dev state:%d\n",
1159 					__func__, set, state);
1160 	switch (wValue) {
1161 	case USB_DEVICE_REMOTE_WAKEUP:
1162 		dev_dbg(bdc->dev, "USB_DEVICE_REMOTE_WAKEUP\n");
1163 		if (set)
1164 			bdc->devstatus |= REMOTE_WAKE_ENABLE;
1165 		else
1166 			bdc->devstatus &= ~REMOTE_WAKE_ENABLE;
1167 		break;
1168 
1169 	case USB_DEVICE_TEST_MODE:
1170 		dev_dbg(bdc->dev, "USB_DEVICE_TEST_MODE\n");
1171 		if ((wIndex & 0xFF) ||
1172 				(bdc->gadget.speed != USB_SPEED_HIGH) || !set)
1173 			return -EINVAL;
1174 
1175 		bdc->test_mode = wIndex >> 8;
1176 		break;
1177 
1178 	case USB_DEVICE_U1_ENABLE:
1179 		dev_dbg(bdc->dev, "USB_DEVICE_U1_ENABLE\n");
1180 
1181 		if (bdc->gadget.speed != USB_SPEED_SUPER ||
1182 						state != USB_STATE_CONFIGURED)
1183 			return -EINVAL;
1184 
1185 		usppms =  bdc_readl(bdc->regs, BDC_USPPMS);
1186 		if (set) {
1187 			/* clear previous u1t */
1188 			usppms &= ~BDC_U1T(BDC_U1T_MASK);
1189 			usppms |= BDC_U1T(U1_TIMEOUT);
1190 			usppms |= BDC_U1E | BDC_PORT_W1S;
1191 			bdc->devstatus |= (1 << USB_DEV_STAT_U1_ENABLED);
1192 		} else {
1193 			usppms &= ~BDC_U1E;
1194 			usppms |= BDC_PORT_W1S;
1195 			bdc->devstatus &= ~(1 << USB_DEV_STAT_U1_ENABLED);
1196 		}
1197 		bdc_writel(bdc->regs, BDC_USPPMS, usppms);
1198 		break;
1199 
1200 	case USB_DEVICE_U2_ENABLE:
1201 		dev_dbg(bdc->dev, "USB_DEVICE_U2_ENABLE\n");
1202 
1203 		if (bdc->gadget.speed != USB_SPEED_SUPER ||
1204 						state != USB_STATE_CONFIGURED)
1205 			return -EINVAL;
1206 
1207 		usppms = bdc_readl(bdc->regs, BDC_USPPMS);
1208 		if (set) {
1209 			usppms |= BDC_U2E;
1210 			usppms |= BDC_U2A;
1211 			bdc->devstatus |= (1 << USB_DEV_STAT_U2_ENABLED);
1212 		} else {
1213 			usppms &= ~BDC_U2E;
1214 			usppms &= ~BDC_U2A;
1215 			bdc->devstatus &= ~(1 << USB_DEV_STAT_U2_ENABLED);
1216 		}
1217 		bdc_writel(bdc->regs, BDC_USPPMS, usppms);
1218 		break;
1219 
1220 	case USB_DEVICE_LTM_ENABLE:
1221 		dev_dbg(bdc->dev, "USB_DEVICE_LTM_ENABLE?\n");
1222 		if (bdc->gadget.speed != USB_SPEED_SUPER ||
1223 						state != USB_STATE_CONFIGURED)
1224 			return -EINVAL;
1225 		break;
1226 	default:
1227 		dev_err(bdc->dev, "Unknown wValue:%d\n", wValue);
1228 		return -EOPNOTSUPP;
1229 	} /* USB_RECIP_DEVICE end */
1230 
1231 	return 0;
1232 }
1233 
1234 /* SET/CLEAR FEATURE handler */
1235 static int ep0_handle_feature(struct bdc *bdc,
1236 			      struct usb_ctrlrequest *setup_pkt, bool set)
1237 {
1238 	enum usb_device_state state = bdc->gadget.state;
1239 	struct bdc_ep *ep;
1240 	u16 wValue;
1241 	u16 wIndex;
1242 	int epnum;
1243 
1244 	wValue = le16_to_cpu(setup_pkt->wValue);
1245 	wIndex = le16_to_cpu(setup_pkt->wIndex);
1246 
1247 	dev_dbg(bdc->dev,
1248 		"%s wValue=%d wIndex=%d	devstate=%08x speed=%d set=%d",
1249 		__func__, wValue, wIndex, state,
1250 		bdc->gadget.speed, set);
1251 
1252 	switch (setup_pkt->bRequestType & USB_RECIP_MASK) {
1253 	case USB_RECIP_DEVICE:
1254 		return ep0_handle_feature_dev(bdc, wValue, wIndex, set);
1255 	case USB_RECIP_INTERFACE:
1256 		dev_dbg(bdc->dev, "USB_RECIP_INTERFACE\n");
1257 		/* USB3 spec, sec 9.4.9 */
1258 		if (wValue != USB_INTRF_FUNC_SUSPEND)
1259 			return -EINVAL;
1260 		/* USB3 spec, Table 9-8 */
1261 		if (set) {
1262 			if (wIndex & USB_INTRF_FUNC_SUSPEND_RW) {
1263 				dev_dbg(bdc->dev, "SET REMOTE_WAKEUP\n");
1264 				bdc->devstatus |= REMOTE_WAKE_ENABLE;
1265 			} else {
1266 				dev_dbg(bdc->dev, "CLEAR REMOTE_WAKEUP\n");
1267 				bdc->devstatus &= ~REMOTE_WAKE_ENABLE;
1268 			}
1269 		}
1270 		break;
1271 
1272 	case USB_RECIP_ENDPOINT:
1273 		dev_dbg(bdc->dev, "USB_RECIP_ENDPOINT\n");
1274 		if (wValue != USB_ENDPOINT_HALT)
1275 			return -EINVAL;
1276 
1277 		epnum = wIndex & USB_ENDPOINT_NUMBER_MASK;
1278 		if (epnum) {
1279 			if ((wIndex & USB_ENDPOINT_DIR_MASK) == USB_DIR_IN)
1280 				epnum = epnum * 2 + 1;
1281 			else
1282 				epnum *= 2;
1283 		} else {
1284 			epnum = 1; /*EP0*/
1285 		}
1286 		/*
1287 		 * If CLEAR_FEATURE on ep0 then don't do anything as the stall
1288 		 * condition on ep0 has already been cleared when SETUP packet
1289 		 * was received.
1290 		 */
1291 		if (epnum == 1 && !set) {
1292 			dev_dbg(bdc->dev, "ep0 stall already cleared\n");
1293 			return 0;
1294 		}
1295 		dev_dbg(bdc->dev, "epnum=%d\n", epnum);
1296 		ep = bdc->bdc_ep_array[epnum];
1297 		if (!ep)
1298 			return -EINVAL;
1299 
1300 		return ep_set_halt(ep, set);
1301 	default:
1302 		dev_err(bdc->dev, "Unknown recipient\n");
1303 		return -EINVAL;
1304 	}
1305 
1306 	return 0;
1307 }
1308 
1309 /* GET_STATUS request handler */
1310 static int ep0_handle_status(struct bdc *bdc,
1311 			     struct usb_ctrlrequest *setup_pkt)
1312 {
1313 	enum usb_device_state state = bdc->gadget.state;
1314 	struct bdc_ep *ep;
1315 	u16 usb_status = 0;
1316 	u32 epnum;
1317 	u16 wIndex;
1318 
1319 	/* USB2.0 spec sec 9.4.5 */
1320 	if (state == USB_STATE_DEFAULT)
1321 		return -EINVAL;
1322 	wIndex = le16_to_cpu(setup_pkt->wIndex);
1323 	dev_dbg(bdc->dev, "%s\n", __func__);
1324 	usb_status = bdc->devstatus;
1325 	switch (setup_pkt->bRequestType & USB_RECIP_MASK) {
1326 	case USB_RECIP_DEVICE:
1327 		dev_dbg(bdc->dev,
1328 			"USB_RECIP_DEVICE devstatus:%08x\n",
1329 			bdc->devstatus);
1330 		/* USB3 spec, sec 9.4.5 */
1331 		if (bdc->gadget.speed == USB_SPEED_SUPER)
1332 			usb_status &= ~REMOTE_WAKE_ENABLE;
1333 		break;
1334 
1335 	case USB_RECIP_INTERFACE:
1336 		dev_dbg(bdc->dev, "USB_RECIP_INTERFACE\n");
1337 		if (bdc->gadget.speed == USB_SPEED_SUPER) {
1338 			/*
1339 			 * This should come from func for Func remote wkup
1340 			 * usb_status |=1;
1341 			 */
1342 			if (bdc->devstatus & REMOTE_WAKE_ENABLE)
1343 				usb_status |= REMOTE_WAKE_ENABLE;
1344 		} else {
1345 			usb_status = 0;
1346 		}
1347 
1348 		break;
1349 
1350 	case USB_RECIP_ENDPOINT:
1351 		dev_dbg(bdc->dev, "USB_RECIP_ENDPOINT\n");
1352 		epnum = wIndex & USB_ENDPOINT_NUMBER_MASK;
1353 		if (epnum) {
1354 			if ((wIndex & USB_ENDPOINT_DIR_MASK) == USB_DIR_IN)
1355 				epnum = epnum*2 + 1;
1356 			else
1357 				epnum *= 2;
1358 		} else {
1359 			epnum = 1; /* EP0 */
1360 		}
1361 
1362 		ep = bdc->bdc_ep_array[epnum];
1363 		if (!ep) {
1364 			dev_err(bdc->dev, "ISSUE, GET_STATUS for invalid EP ?");
1365 			return -EINVAL;
1366 		}
1367 		if (ep->flags & BDC_EP_STALL)
1368 			usb_status |= 1 << USB_ENDPOINT_HALT;
1369 
1370 		break;
1371 	default:
1372 		dev_err(bdc->dev, "Unknown recipient for get_status\n");
1373 		return -EINVAL;
1374 	}
1375 	/* prepare a data stage for GET_STATUS */
1376 	dev_dbg(bdc->dev, "usb_status=%08x\n", usb_status);
1377 	*(__le16 *)bdc->ep0_response_buff = cpu_to_le16(usb_status);
1378 	bdc->ep0_req.usb_req.length = 2;
1379 	bdc->ep0_req.usb_req.buf = &bdc->ep0_response_buff;
1380 	ep0_queue_data_stage(bdc);
1381 
1382 	return 0;
1383 }
1384 
1385 static void ep0_set_sel_cmpl(struct usb_ep *_ep, struct usb_request *_req)
1386 {
1387 	/* ep0_set_sel_cmpl */
1388 }
1389 
1390 /* Queue data stage to handle 6 byte SET_SEL request */
1391 static int ep0_set_sel(struct bdc *bdc,
1392 			     struct usb_ctrlrequest *setup_pkt)
1393 {
1394 	struct bdc_ep	*ep;
1395 	u16	wLength;
1396 	u16	wValue;
1397 
1398 	dev_dbg(bdc->dev, "%s\n", __func__);
1399 	wValue = le16_to_cpu(setup_pkt->wValue);
1400 	wLength = le16_to_cpu(setup_pkt->wLength);
1401 	if (unlikely(wLength != 6)) {
1402 		dev_err(bdc->dev, "%s Wrong wLength:%d\n", __func__, wLength);
1403 		return -EINVAL;
1404 	}
1405 	ep = bdc->bdc_ep_array[1];
1406 	bdc->ep0_req.ep = ep;
1407 	bdc->ep0_req.usb_req.length = 6;
1408 	bdc->ep0_req.usb_req.buf = bdc->ep0_response_buff;
1409 	bdc->ep0_req.usb_req.complete = ep0_set_sel_cmpl;
1410 	ep0_queue_data_stage(bdc);
1411 
1412 	return 0;
1413 }
1414 
1415 /*
1416  * Queue a 0 byte bd only if wLength is more than the length and and length is
1417  * a multiple of MaxPacket then queue 0 byte BD
1418  */
1419 static int ep0_queue_zlp(struct bdc *bdc)
1420 {
1421 	int ret;
1422 
1423 	dev_dbg(bdc->dev, "%s\n", __func__);
1424 	bdc->ep0_req.ep = bdc->bdc_ep_array[1];
1425 	bdc->ep0_req.usb_req.length = 0;
1426 	bdc->ep0_req.usb_req.complete = NULL;
1427 	bdc->ep0_state = WAIT_FOR_DATA_START;
1428 	ret = bdc_queue_xfr(bdc, &bdc->ep0_req);
1429 	if (ret) {
1430 		dev_err(bdc->dev, "err queueing zlp :%d\n", ret);
1431 		return ret;
1432 	}
1433 	bdc->ep0_state = WAIT_FOR_DATA_XMIT;
1434 
1435 	return 0;
1436 }
1437 
1438 /* Control request handler */
1439 static int handle_control_request(struct bdc *bdc)
1440 {
1441 	enum usb_device_state state = bdc->gadget.state;
1442 	struct usb_ctrlrequest *setup_pkt;
1443 	int delegate_setup = 0;
1444 	int ret = 0;
1445 	int config = 0;
1446 
1447 	setup_pkt = &bdc->setup_pkt;
1448 	dev_dbg(bdc->dev, "%s\n", __func__);
1449 	if ((setup_pkt->bRequestType & USB_TYPE_MASK) == USB_TYPE_STANDARD) {
1450 		switch (setup_pkt->bRequest) {
1451 		case USB_REQ_SET_ADDRESS:
1452 			dev_dbg(bdc->dev, "USB_REQ_SET_ADDRESS\n");
1453 			ret = ep0_set_address(bdc, setup_pkt);
1454 			bdc->devstatus &= DEVSTATUS_CLEAR;
1455 			break;
1456 
1457 		case USB_REQ_SET_CONFIGURATION:
1458 			dev_dbg(bdc->dev, "USB_REQ_SET_CONFIGURATION\n");
1459 			if (state == USB_STATE_ADDRESS) {
1460 				usb_gadget_set_state(&bdc->gadget,
1461 							USB_STATE_CONFIGURED);
1462 			} else if (state == USB_STATE_CONFIGURED) {
1463 				/*
1464 				 * USB2 spec sec 9.4.7, if wValue is 0 then dev
1465 				 * is moved to addressed state
1466 				 */
1467 				config = le16_to_cpu(setup_pkt->wValue);
1468 				if (!config)
1469 					usb_gadget_set_state(
1470 							&bdc->gadget,
1471 							USB_STATE_ADDRESS);
1472 			}
1473 			delegate_setup = 1;
1474 			break;
1475 
1476 		case USB_REQ_SET_FEATURE:
1477 			dev_dbg(bdc->dev, "USB_REQ_SET_FEATURE\n");
1478 			ret = ep0_handle_feature(bdc, setup_pkt, 1);
1479 			break;
1480 
1481 		case USB_REQ_CLEAR_FEATURE:
1482 			dev_dbg(bdc->dev, "USB_REQ_CLEAR_FEATURE\n");
1483 			ret = ep0_handle_feature(bdc, setup_pkt, 0);
1484 			break;
1485 
1486 		case USB_REQ_GET_STATUS:
1487 			dev_dbg(bdc->dev, "USB_REQ_GET_STATUS\n");
1488 			ret = ep0_handle_status(bdc, setup_pkt);
1489 			break;
1490 
1491 		case USB_REQ_SET_SEL:
1492 			dev_dbg(bdc->dev, "USB_REQ_SET_SEL\n");
1493 			ret = ep0_set_sel(bdc, setup_pkt);
1494 			break;
1495 
1496 		case USB_REQ_SET_ISOCH_DELAY:
1497 			dev_warn(bdc->dev,
1498 			"USB_REQ_SET_ISOCH_DELAY not handled\n");
1499 			ret = 0;
1500 			break;
1501 		default:
1502 			delegate_setup = 1;
1503 		}
1504 	} else {
1505 		delegate_setup = 1;
1506 	}
1507 
1508 	if (delegate_setup) {
1509 		spin_unlock(&bdc->lock);
1510 		ret = bdc->gadget_driver->setup(&bdc->gadget, setup_pkt);
1511 		spin_lock(&bdc->lock);
1512 	}
1513 
1514 	return ret;
1515 }
1516 
1517 /* EP0: Data stage started */
1518 void bdc_xsf_ep0_data_start(struct bdc *bdc, struct bdc_sr *sreport)
1519 {
1520 	struct bdc_ep *ep;
1521 	int ret = 0;
1522 
1523 	dev_dbg(bdc->dev, "%s\n", __func__);
1524 	ep = bdc->bdc_ep_array[1];
1525 	/* If ep0 was stalled, the clear it first */
1526 	if (ep->flags & BDC_EP_STALL) {
1527 		ret = ep_set_halt(ep, 0);
1528 		if (ret)
1529 			goto err;
1530 	}
1531 	if (bdc->ep0_state != WAIT_FOR_DATA_START)
1532 		dev_warn(bdc->dev,
1533 			"Data stage not expected ep0_state:%s\n",
1534 			ep0_state_string[bdc->ep0_state]);
1535 
1536 	ret = handle_control_request(bdc);
1537 	if (ret == USB_GADGET_DELAYED_STATUS) {
1538 		/*
1539 		 * The ep0 state will remain WAIT_FOR_DATA_START till
1540 		 * we received ep_queue on ep0
1541 		 */
1542 		bdc->delayed_status = true;
1543 		return;
1544 	}
1545 	if (!ret) {
1546 		bdc->ep0_state = WAIT_FOR_DATA_XMIT;
1547 		dev_dbg(bdc->dev,
1548 			"ep0_state:%s", ep0_state_string[bdc->ep0_state]);
1549 		return;
1550 	}
1551 err:
1552 	ep0_stall(bdc);
1553 }
1554 
1555 /* EP0: status stage started */
1556 void bdc_xsf_ep0_status_start(struct bdc *bdc, struct bdc_sr *sreport)
1557 {
1558 	struct usb_ctrlrequest *setup_pkt;
1559 	struct bdc_ep *ep;
1560 	int ret = 0;
1561 
1562 	dev_dbg(bdc->dev,
1563 		"%s ep0_state:%s",
1564 		__func__, ep0_state_string[bdc->ep0_state]);
1565 	ep = bdc->bdc_ep_array[1];
1566 
1567 	/* check if ZLP was queued? */
1568 	if (bdc->zlp_needed)
1569 		bdc->zlp_needed = false;
1570 
1571 	if (ep->flags & BDC_EP_STALL) {
1572 		ret = ep_set_halt(ep, 0);
1573 		if (ret)
1574 			goto err;
1575 	}
1576 
1577 	if ((bdc->ep0_state != WAIT_FOR_STATUS_START) &&
1578 				(bdc->ep0_state != WAIT_FOR_DATA_XMIT))
1579 		dev_err(bdc->dev,
1580 			"Status stage recv but ep0_state:%s\n",
1581 			ep0_state_string[bdc->ep0_state]);
1582 
1583 	/* check if data stage is in progress ? */
1584 	if (bdc->ep0_state == WAIT_FOR_DATA_XMIT) {
1585 		bdc->ep0_state = STATUS_PENDING;
1586 		/* Status stage will be queued upon Data stage transmit event */
1587 		dev_dbg(bdc->dev,
1588 			"status started but data  not transmitted yet\n");
1589 		return;
1590 	}
1591 	setup_pkt = &bdc->setup_pkt;
1592 
1593 	/*
1594 	 * 2 stage setup then only process the setup, for 3 stage setup the date
1595 	 * stage is already handled
1596 	 */
1597 	if (!le16_to_cpu(setup_pkt->wLength)) {
1598 		ret = handle_control_request(bdc);
1599 		if (ret == USB_GADGET_DELAYED_STATUS) {
1600 			bdc->delayed_status = true;
1601 			/* ep0_state will remain WAIT_FOR_STATUS_START */
1602 			return;
1603 		}
1604 	}
1605 	if (!ret) {
1606 		/* Queue a status stage BD */
1607 		ep0_queue_status_stage(bdc);
1608 		bdc->ep0_state = WAIT_FOR_STATUS_XMIT;
1609 		dev_dbg(bdc->dev,
1610 			"ep0_state:%s", ep0_state_string[bdc->ep0_state]);
1611 		return;
1612 	}
1613 err:
1614 	ep0_stall(bdc);
1615 }
1616 
1617 /* Helper function to update ep0 upon SR with xsf_succ or xsf_short */
1618 static void ep0_xsf_complete(struct bdc *bdc, struct bdc_sr *sreport)
1619 {
1620 	dev_dbg(bdc->dev, "%s\n", __func__);
1621 	switch (bdc->ep0_state) {
1622 	case WAIT_FOR_DATA_XMIT:
1623 		bdc->ep0_state = WAIT_FOR_STATUS_START;
1624 		break;
1625 	case WAIT_FOR_STATUS_XMIT:
1626 		bdc->ep0_state = WAIT_FOR_SETUP;
1627 		if (bdc->test_mode) {
1628 			int ret;
1629 
1630 			dev_dbg(bdc->dev, "test_mode:%d\n", bdc->test_mode);
1631 			ret = bdc_set_test_mode(bdc);
1632 			if (ret < 0) {
1633 				dev_err(bdc->dev, "Err in setting Test mode\n");
1634 				return;
1635 			}
1636 			bdc->test_mode = 0;
1637 		}
1638 		break;
1639 	case STATUS_PENDING:
1640 		bdc_xsf_ep0_status_start(bdc, sreport);
1641 		break;
1642 
1643 	default:
1644 		dev_err(bdc->dev,
1645 			"Unknown ep0_state:%s\n",
1646 			ep0_state_string[bdc->ep0_state]);
1647 
1648 	}
1649 }
1650 
1651 /* xfr completion status report handler */
1652 void bdc_sr_xsf(struct bdc *bdc, struct bdc_sr *sreport)
1653 {
1654 	struct bdc_ep *ep;
1655 	u32 sr_status;
1656 	u8 ep_num;
1657 
1658 	ep_num = (le32_to_cpu(sreport->offset[3])>>4) & 0x1f;
1659 	ep = bdc->bdc_ep_array[ep_num];
1660 	if (!ep || !(ep->flags & BDC_EP_ENABLED)) {
1661 		dev_err(bdc->dev, "xsf for ep not enabled\n");
1662 		return;
1663 	}
1664 	/*
1665 	 * check if this transfer is after link went from U3->U0 due
1666 	 * to remote wakeup
1667 	 */
1668 	if (bdc->devstatus & FUNC_WAKE_ISSUED) {
1669 		bdc->devstatus &= ~(FUNC_WAKE_ISSUED);
1670 		dev_dbg(bdc->dev, "%s clearing FUNC_WAKE_ISSUED flag\n",
1671 								__func__);
1672 	}
1673 	sr_status = XSF_STS(le32_to_cpu(sreport->offset[3]));
1674 	dev_dbg_ratelimited(bdc->dev, "%s sr_status=%d ep:%s\n",
1675 					__func__, sr_status, ep->name);
1676 
1677 	switch (sr_status) {
1678 	case XSF_SUCC:
1679 	case XSF_SHORT:
1680 		handle_xsr_succ_status(bdc, ep, sreport);
1681 		if (ep_num == 1)
1682 			ep0_xsf_complete(bdc, sreport);
1683 		break;
1684 
1685 	case XSF_SETUP_RECV:
1686 	case XSF_DATA_START:
1687 	case XSF_STATUS_START:
1688 		if (ep_num != 1) {
1689 			dev_err(bdc->dev,
1690 				"ep0 related packets on non ep0 endpoint");
1691 			return;
1692 		}
1693 		bdc->sr_xsf_ep0[sr_status - XSF_SETUP_RECV](bdc, sreport);
1694 		break;
1695 
1696 	case XSF_BABB:
1697 		if (ep_num == 1) {
1698 			dev_dbg(bdc->dev, "Babble on ep0 zlp_need:%d\n",
1699 							bdc->zlp_needed);
1700 			/*
1701 			 * If the last completed transfer had wLength >Data Len,
1702 			 * and Len is multiple of MaxPacket,then queue ZLP
1703 			 */
1704 			if (bdc->zlp_needed) {
1705 				/* queue 0 length bd */
1706 				ep0_queue_zlp(bdc);
1707 				return;
1708 			}
1709 		}
1710 		dev_warn(bdc->dev, "Babble on ep not handled\n");
1711 		break;
1712 	default:
1713 		dev_warn(bdc->dev, "sr status not handled:%x\n", sr_status);
1714 		break;
1715 	}
1716 }
1717 
1718 static int bdc_gadget_ep_queue(struct usb_ep *_ep,
1719 				struct usb_request *_req, gfp_t gfp_flags)
1720 {
1721 	struct bdc_req *req;
1722 	unsigned long flags;
1723 	struct bdc_ep *ep;
1724 	struct bdc *bdc;
1725 	int ret;
1726 
1727 	if (!_ep || !_ep->desc)
1728 		return -ESHUTDOWN;
1729 
1730 	if (!_req || !_req->complete || !_req->buf)
1731 		return -EINVAL;
1732 
1733 	ep = to_bdc_ep(_ep);
1734 	req = to_bdc_req(_req);
1735 	bdc = ep->bdc;
1736 	dev_dbg(bdc->dev, "%s ep:%p req:%p\n", __func__, ep, req);
1737 	dev_dbg(bdc->dev, "queuing request %p to %s length %d zero:%d\n",
1738 				_req, ep->name, _req->length, _req->zero);
1739 
1740 	if (!ep->usb_ep.desc) {
1741 		dev_warn(bdc->dev,
1742 			"trying to queue req %p to disabled %s\n",
1743 			_req, ep->name);
1744 		return -ESHUTDOWN;
1745 	}
1746 
1747 	if (_req->length > MAX_XFR_LEN) {
1748 		dev_warn(bdc->dev,
1749 			"req length > supported MAX:%d requested:%d\n",
1750 			MAX_XFR_LEN, _req->length);
1751 		return -EOPNOTSUPP;
1752 	}
1753 	spin_lock_irqsave(&bdc->lock, flags);
1754 	if (ep == bdc->bdc_ep_array[1])
1755 		ret = ep0_queue(ep, req);
1756 	else
1757 		ret = ep_queue(ep, req);
1758 
1759 	spin_unlock_irqrestore(&bdc->lock, flags);
1760 
1761 	return ret;
1762 }
1763 
1764 static int bdc_gadget_ep_dequeue(struct usb_ep *_ep,
1765 				  struct usb_request *_req)
1766 {
1767 	struct bdc_req *req;
1768 	unsigned long flags;
1769 	struct bdc_ep *ep;
1770 	struct bdc *bdc;
1771 	int ret;
1772 
1773 	if (!_ep || !_req)
1774 		return -EINVAL;
1775 
1776 	ep = to_bdc_ep(_ep);
1777 	req = to_bdc_req(_req);
1778 	bdc = ep->bdc;
1779 	dev_dbg(bdc->dev, "%s ep:%s req:%p\n", __func__, ep->name, req);
1780 	bdc_dbg_bd_list(bdc, ep);
1781 	spin_lock_irqsave(&bdc->lock, flags);
1782 	/* make sure it's still queued on this endpoint */
1783 	list_for_each_entry(req, &ep->queue, queue) {
1784 		if (&req->usb_req == _req)
1785 			break;
1786 	}
1787 	if (&req->usb_req != _req) {
1788 		spin_unlock_irqrestore(&bdc->lock, flags);
1789 		dev_err(bdc->dev, "usb_req !=req n");
1790 		return -EINVAL;
1791 	}
1792 	ret = ep_dequeue(ep, req);
1793 	if (ret) {
1794 		ret = -EOPNOTSUPP;
1795 		goto err;
1796 	}
1797 	bdc_req_complete(ep, req, -ECONNRESET);
1798 
1799 err:
1800 	bdc_dbg_bd_list(bdc, ep);
1801 	spin_unlock_irqrestore(&bdc->lock, flags);
1802 
1803 	return ret;
1804 }
1805 
1806 static int bdc_gadget_ep_set_halt(struct usb_ep *_ep, int value)
1807 {
1808 	unsigned long flags;
1809 	struct bdc_ep *ep;
1810 	struct bdc *bdc;
1811 	int ret;
1812 
1813 	ep = to_bdc_ep(_ep);
1814 	bdc = ep->bdc;
1815 	dev_dbg(bdc->dev, "%s ep:%s value=%d\n", __func__, ep->name, value);
1816 	spin_lock_irqsave(&bdc->lock, flags);
1817 	if (usb_endpoint_xfer_isoc(ep->usb_ep.desc))
1818 		ret = -EINVAL;
1819 	else if (!list_empty(&ep->queue))
1820 		ret = -EAGAIN;
1821 	else
1822 		ret = ep_set_halt(ep, value);
1823 
1824 	spin_unlock_irqrestore(&bdc->lock, flags);
1825 
1826 	return ret;
1827 }
1828 
1829 static struct usb_request *bdc_gadget_alloc_request(struct usb_ep *_ep,
1830 						     gfp_t gfp_flags)
1831 {
1832 	struct bdc_req *req;
1833 	struct bdc_ep *ep;
1834 
1835 	req = kzalloc(sizeof(*req), gfp_flags);
1836 	if (!req)
1837 		return NULL;
1838 
1839 	ep = to_bdc_ep(_ep);
1840 	req->ep = ep;
1841 	req->epnum = ep->ep_num;
1842 	req->usb_req.dma = DMA_ADDR_INVALID;
1843 	dev_dbg(ep->bdc->dev, "%s ep:%s req:%p\n", __func__, ep->name, req);
1844 
1845 	return &req->usb_req;
1846 }
1847 
1848 static void bdc_gadget_free_request(struct usb_ep *_ep,
1849 				     struct usb_request *_req)
1850 {
1851 	struct bdc_req *req;
1852 
1853 	req = to_bdc_req(_req);
1854 	kfree(req);
1855 }
1856 
1857 /* endpoint operations */
1858 
1859 /* configure endpoint and also allocate resources */
1860 static int bdc_gadget_ep_enable(struct usb_ep *_ep,
1861 				 const struct usb_endpoint_descriptor *desc)
1862 {
1863 	unsigned long flags;
1864 	struct bdc_ep *ep;
1865 	struct bdc *bdc;
1866 	int ret;
1867 
1868 	if (!_ep || !desc || desc->bDescriptorType != USB_DT_ENDPOINT) {
1869 		pr_debug("bdc_gadget_ep_enable invalid parameters\n");
1870 		return -EINVAL;
1871 	}
1872 
1873 	if (!desc->wMaxPacketSize) {
1874 		pr_debug("bdc_gadget_ep_enable missing wMaxPacketSize\n");
1875 		return -EINVAL;
1876 	}
1877 
1878 	ep = to_bdc_ep(_ep);
1879 	bdc = ep->bdc;
1880 
1881 	/* Sanity check, upper layer will not send enable for ep0 */
1882 	if (ep == bdc->bdc_ep_array[1])
1883 		return -EINVAL;
1884 
1885 	if (!bdc->gadget_driver
1886 	    || bdc->gadget.speed == USB_SPEED_UNKNOWN) {
1887 		return -ESHUTDOWN;
1888 	}
1889 
1890 	dev_dbg(bdc->dev, "%s Enabling %s\n", __func__, ep->name);
1891 	spin_lock_irqsave(&bdc->lock, flags);
1892 	ep->desc = desc;
1893 	ep->comp_desc = _ep->comp_desc;
1894 	ret = bdc_ep_enable(ep);
1895 	spin_unlock_irqrestore(&bdc->lock, flags);
1896 
1897 	return ret;
1898 }
1899 
1900 static int bdc_gadget_ep_disable(struct usb_ep *_ep)
1901 {
1902 	unsigned long flags;
1903 	struct bdc_ep *ep;
1904 	struct bdc *bdc;
1905 	int ret;
1906 
1907 	if (!_ep) {
1908 		pr_debug("bdc: invalid parameters\n");
1909 		return -EINVAL;
1910 	}
1911 	ep = to_bdc_ep(_ep);
1912 	bdc = ep->bdc;
1913 
1914 	/* Upper layer will not call this for ep0, but do a sanity check */
1915 	if (ep == bdc->bdc_ep_array[1]) {
1916 		dev_warn(bdc->dev, "%s called for ep0\n", __func__);
1917 		return -EINVAL;
1918 	}
1919 	dev_dbg(bdc->dev,
1920 		"%s() ep:%s ep->flags:%08x\n",
1921 		__func__, ep->name, ep->flags);
1922 
1923 	if (!(ep->flags & BDC_EP_ENABLED)) {
1924 		dev_warn(bdc->dev, "%s is already disabled\n", ep->name);
1925 		return 0;
1926 	}
1927 	spin_lock_irqsave(&bdc->lock, flags);
1928 	ret = bdc_ep_disable(ep);
1929 	spin_unlock_irqrestore(&bdc->lock, flags);
1930 
1931 	return ret;
1932 }
1933 
1934 static const struct usb_ep_ops bdc_gadget_ep_ops = {
1935 	.enable = bdc_gadget_ep_enable,
1936 	.disable = bdc_gadget_ep_disable,
1937 	.alloc_request = bdc_gadget_alloc_request,
1938 	.free_request = bdc_gadget_free_request,
1939 	.queue = bdc_gadget_ep_queue,
1940 	.dequeue = bdc_gadget_ep_dequeue,
1941 	.set_halt = bdc_gadget_ep_set_halt
1942 };
1943 
1944 /* dir = 1 is IN */
1945 static int init_ep(struct bdc *bdc, u32 epnum, u32 dir)
1946 {
1947 	struct bdc_ep *ep;
1948 
1949 	dev_dbg(bdc->dev, "%s epnum=%d dir=%d\n", __func__, epnum, dir);
1950 	ep = kzalloc(sizeof(*ep), GFP_KERNEL);
1951 	if (!ep)
1952 		return -ENOMEM;
1953 
1954 	ep->bdc = bdc;
1955 	ep->dir = dir;
1956 
1957 	if (dir)
1958 		ep->usb_ep.caps.dir_in = true;
1959 	else
1960 		ep->usb_ep.caps.dir_out = true;
1961 
1962 	/* ep->ep_num is the index inside bdc_ep */
1963 	if (epnum == 1) {
1964 		ep->ep_num = 1;
1965 		bdc->bdc_ep_array[ep->ep_num] = ep;
1966 		snprintf(ep->name, sizeof(ep->name), "ep%d", epnum - 1);
1967 		usb_ep_set_maxpacket_limit(&ep->usb_ep, EP0_MAX_PKT_SIZE);
1968 		ep->usb_ep.caps.type_control = true;
1969 		ep->comp_desc = NULL;
1970 		bdc->gadget.ep0 = &ep->usb_ep;
1971 	} else {
1972 		if (dir)
1973 			ep->ep_num = epnum * 2 - 1;
1974 		else
1975 			ep->ep_num = epnum * 2 - 2;
1976 
1977 		bdc->bdc_ep_array[ep->ep_num] = ep;
1978 		snprintf(ep->name, sizeof(ep->name), "ep%d%s", epnum - 1,
1979 			 dir & 1 ? "in" : "out");
1980 
1981 		usb_ep_set_maxpacket_limit(&ep->usb_ep, 1024);
1982 		ep->usb_ep.caps.type_iso = true;
1983 		ep->usb_ep.caps.type_bulk = true;
1984 		ep->usb_ep.caps.type_int = true;
1985 		ep->usb_ep.max_streams = 0;
1986 		list_add_tail(&ep->usb_ep.ep_list, &bdc->gadget.ep_list);
1987 	}
1988 	ep->usb_ep.ops = &bdc_gadget_ep_ops;
1989 	ep->usb_ep.name = ep->name;
1990 	ep->flags = 0;
1991 	ep->ignore_next_sr = false;
1992 	dev_dbg(bdc->dev, "ep=%p ep->usb_ep.name=%s epnum=%d ep->epnum=%d\n",
1993 				ep, ep->usb_ep.name, epnum, ep->ep_num);
1994 
1995 	INIT_LIST_HEAD(&ep->queue);
1996 
1997 	return 0;
1998 }
1999 
2000 /* Init all ep */
2001 int bdc_init_ep(struct bdc *bdc)
2002 {
2003 	u8 epnum;
2004 	int ret;
2005 
2006 	dev_dbg(bdc->dev, "%s()\n", __func__);
2007 	INIT_LIST_HEAD(&bdc->gadget.ep_list);
2008 	/* init ep0 */
2009 	ret = init_ep(bdc, 1, 0);
2010 	if (ret) {
2011 		dev_err(bdc->dev, "init ep ep0 fail %d\n", ret);
2012 		return ret;
2013 	}
2014 
2015 	for (epnum = 2; epnum <= bdc->num_eps / 2; epnum++) {
2016 		/* OUT */
2017 		ret = init_ep(bdc, epnum, 0);
2018 		if (ret) {
2019 			dev_err(bdc->dev,
2020 				"init ep failed for:%d error: %d\n",
2021 				epnum, ret);
2022 			return ret;
2023 		}
2024 
2025 		/* IN */
2026 		ret = init_ep(bdc, epnum, 1);
2027 		if (ret) {
2028 			dev_err(bdc->dev,
2029 				"init ep failed for:%d error: %d\n",
2030 				epnum, ret);
2031 			return ret;
2032 		}
2033 	}
2034 
2035 	return 0;
2036 }
2037