1 /* 2 * MUSB OTG peripheral driver ep0 handling 3 * 4 * Copyright 2005 Mentor Graphics Corporation 5 * Copyright (C) 2005-2006 by Texas Instruments 6 * Copyright (C) 2006-2007 Nokia Corporation 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License 10 * version 2 as published by the Free Software Foundation. 11 * 12 * This program is distributed in the hope that it will be useful, but 13 * WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 20 * 02110-1301 USA 21 * 22 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED 23 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 24 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN 25 * NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 28 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 29 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 * 33 */ 34 35 #include <linux/kernel.h> 36 #include <linux/list.h> 37 #include <linux/timer.h> 38 #include <linux/spinlock.h> 39 #include <linux/init.h> 40 #include <linux/device.h> 41 #include <linux/interrupt.h> 42 43 #include "musb_core.h" 44 45 /* ep0 is always musb->endpoints[0].ep_in */ 46 #define next_ep0_request(musb) next_in_request(&(musb)->endpoints[0]) 47 48 /* 49 * locking note: we use only the controller lock, for simpler correctness. 50 * It's always held with IRQs blocked. 51 * 52 * It protects the ep0 request queue as well as ep0_state, not just the 53 * controller and indexed registers. And that lock stays held unless it 54 * needs to be dropped to allow reentering this driver ... like upcalls to 55 * the gadget driver, or adjusting endpoint halt status. 56 */ 57 58 static char *decode_ep0stage(u8 stage) 59 { 60 switch (stage) { 61 case MUSB_EP0_STAGE_SETUP: return "idle"; 62 case MUSB_EP0_STAGE_TX: return "in"; 63 case MUSB_EP0_STAGE_RX: return "out"; 64 case MUSB_EP0_STAGE_ACKWAIT: return "wait"; 65 case MUSB_EP0_STAGE_STATUSIN: return "in/status"; 66 case MUSB_EP0_STAGE_STATUSOUT: return "out/status"; 67 default: return "?"; 68 } 69 } 70 71 /* handle a standard GET_STATUS request 72 * Context: caller holds controller lock 73 */ 74 static int service_tx_status_request( 75 struct musb *musb, 76 const struct usb_ctrlrequest *ctrlrequest) 77 { 78 void __iomem *mbase = musb->mregs; 79 int handled = 1; 80 u8 result[2], epnum = 0; 81 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 82 83 result[1] = 0; 84 85 switch (recip) { 86 case USB_RECIP_DEVICE: 87 result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED; 88 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP; 89 #ifdef CONFIG_USB_MUSB_OTG 90 if (musb->g.is_otg) { 91 result[0] |= musb->g.b_hnp_enable 92 << USB_DEVICE_B_HNP_ENABLE; 93 result[0] |= musb->g.a_alt_hnp_support 94 << USB_DEVICE_A_ALT_HNP_SUPPORT; 95 result[0] |= musb->g.a_hnp_support 96 << USB_DEVICE_A_HNP_SUPPORT; 97 } 98 #endif 99 break; 100 101 case USB_RECIP_INTERFACE: 102 result[0] = 0; 103 break; 104 105 case USB_RECIP_ENDPOINT: { 106 int is_in; 107 struct musb_ep *ep; 108 u16 tmp; 109 void __iomem *regs; 110 111 epnum = (u8) ctrlrequest->wIndex; 112 if (!epnum) { 113 result[0] = 0; 114 break; 115 } 116 117 is_in = epnum & USB_DIR_IN; 118 if (is_in) { 119 epnum &= 0x0f; 120 ep = &musb->endpoints[epnum].ep_in; 121 } else { 122 ep = &musb->endpoints[epnum].ep_out; 123 } 124 regs = musb->endpoints[epnum].regs; 125 126 if (epnum >= MUSB_C_NUM_EPS || !ep->desc) { 127 handled = -EINVAL; 128 break; 129 } 130 131 musb_ep_select(mbase, epnum); 132 if (is_in) 133 tmp = musb_readw(regs, MUSB_TXCSR) 134 & MUSB_TXCSR_P_SENDSTALL; 135 else 136 tmp = musb_readw(regs, MUSB_RXCSR) 137 & MUSB_RXCSR_P_SENDSTALL; 138 musb_ep_select(mbase, 0); 139 140 result[0] = tmp ? 1 : 0; 141 } break; 142 143 default: 144 /* class, vendor, etc ... delegate */ 145 handled = 0; 146 break; 147 } 148 149 /* fill up the fifo; caller updates csr0 */ 150 if (handled > 0) { 151 u16 len = le16_to_cpu(ctrlrequest->wLength); 152 153 if (len > 2) 154 len = 2; 155 musb_write_fifo(&musb->endpoints[0], len, result); 156 } 157 158 return handled; 159 } 160 161 /* 162 * handle a control-IN request, the end0 buffer contains the current request 163 * that is supposed to be a standard control request. Assumes the fifo to 164 * be at least 2 bytes long. 165 * 166 * @return 0 if the request was NOT HANDLED, 167 * < 0 when error 168 * > 0 when the request is processed 169 * 170 * Context: caller holds controller lock 171 */ 172 static int 173 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 174 { 175 int handled = 0; /* not handled */ 176 177 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 178 == USB_TYPE_STANDARD) { 179 switch (ctrlrequest->bRequest) { 180 case USB_REQ_GET_STATUS: 181 handled = service_tx_status_request(musb, 182 ctrlrequest); 183 break; 184 185 /* case USB_REQ_SYNC_FRAME: */ 186 187 default: 188 break; 189 } 190 } 191 return handled; 192 } 193 194 /* 195 * Context: caller holds controller lock 196 */ 197 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req) 198 { 199 musb_g_giveback(&musb->endpoints[0].ep_in, req, 0); 200 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 201 } 202 203 /* 204 * Tries to start B-device HNP negotiation if enabled via sysfs 205 */ 206 static inline void musb_try_b_hnp_enable(struct musb *musb) 207 { 208 void __iomem *mbase = musb->mregs; 209 u8 devctl; 210 211 DBG(1, "HNP: Setting HR\n"); 212 devctl = musb_readb(mbase, MUSB_DEVCTL); 213 musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR); 214 } 215 216 /* 217 * Handle all control requests with no DATA stage, including standard 218 * requests such as: 219 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized 220 * always delegated to the gadget driver 221 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE 222 * always handled here, except for class/vendor/... features 223 * 224 * Context: caller holds controller lock 225 */ 226 static int 227 service_zero_data_request(struct musb *musb, 228 struct usb_ctrlrequest *ctrlrequest) 229 __releases(musb->lock) 230 __acquires(musb->lock) 231 { 232 int handled = -EINVAL; 233 void __iomem *mbase = musb->mregs; 234 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 235 236 /* the gadget driver handles everything except what we MUST handle */ 237 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 238 == USB_TYPE_STANDARD) { 239 switch (ctrlrequest->bRequest) { 240 case USB_REQ_SET_ADDRESS: 241 /* change it after the status stage */ 242 musb->set_address = true; 243 musb->address = (u8) (ctrlrequest->wValue & 0x7f); 244 handled = 1; 245 break; 246 247 case USB_REQ_CLEAR_FEATURE: 248 switch (recip) { 249 case USB_RECIP_DEVICE: 250 if (ctrlrequest->wValue 251 != USB_DEVICE_REMOTE_WAKEUP) 252 break; 253 musb->may_wakeup = 0; 254 handled = 1; 255 break; 256 case USB_RECIP_INTERFACE: 257 break; 258 case USB_RECIP_ENDPOINT:{ 259 const u8 num = ctrlrequest->wIndex & 0x0f; 260 struct musb_ep *musb_ep; 261 262 if (num == 0 263 || num >= MUSB_C_NUM_EPS 264 || ctrlrequest->wValue 265 != USB_ENDPOINT_HALT) 266 break; 267 268 if (ctrlrequest->wIndex & USB_DIR_IN) 269 musb_ep = &musb->endpoints[num].ep_in; 270 else 271 musb_ep = &musb->endpoints[num].ep_out; 272 if (!musb_ep->desc) 273 break; 274 275 /* REVISIT do it directly, no locking games */ 276 spin_unlock(&musb->lock); 277 musb_gadget_set_halt(&musb_ep->end_point, 0); 278 spin_lock(&musb->lock); 279 280 /* select ep0 again */ 281 musb_ep_select(mbase, 0); 282 handled = 1; 283 } break; 284 default: 285 /* class, vendor, etc ... delegate */ 286 handled = 0; 287 break; 288 } 289 break; 290 291 case USB_REQ_SET_FEATURE: 292 switch (recip) { 293 case USB_RECIP_DEVICE: 294 handled = 1; 295 switch (ctrlrequest->wValue) { 296 case USB_DEVICE_REMOTE_WAKEUP: 297 musb->may_wakeup = 1; 298 break; 299 case USB_DEVICE_TEST_MODE: 300 if (musb->g.speed != USB_SPEED_HIGH) 301 goto stall; 302 if (ctrlrequest->wIndex & 0xff) 303 goto stall; 304 305 switch (ctrlrequest->wIndex >> 8) { 306 case 1: 307 pr_debug("TEST_J\n"); 308 /* TEST_J */ 309 musb->test_mode_nr = 310 MUSB_TEST_J; 311 break; 312 case 2: 313 /* TEST_K */ 314 pr_debug("TEST_K\n"); 315 musb->test_mode_nr = 316 MUSB_TEST_K; 317 break; 318 case 3: 319 /* TEST_SE0_NAK */ 320 pr_debug("TEST_SE0_NAK\n"); 321 musb->test_mode_nr = 322 MUSB_TEST_SE0_NAK; 323 break; 324 case 4: 325 /* TEST_PACKET */ 326 pr_debug("TEST_PACKET\n"); 327 musb->test_mode_nr = 328 MUSB_TEST_PACKET; 329 break; 330 default: 331 goto stall; 332 } 333 334 /* enter test mode after irq */ 335 if (handled > 0) 336 musb->test_mode = true; 337 break; 338 #ifdef CONFIG_USB_MUSB_OTG 339 case USB_DEVICE_B_HNP_ENABLE: 340 if (!musb->g.is_otg) 341 goto stall; 342 musb->g.b_hnp_enable = 1; 343 musb_try_b_hnp_enable(musb); 344 break; 345 case USB_DEVICE_A_HNP_SUPPORT: 346 if (!musb->g.is_otg) 347 goto stall; 348 musb->g.a_hnp_support = 1; 349 break; 350 case USB_DEVICE_A_ALT_HNP_SUPPORT: 351 if (!musb->g.is_otg) 352 goto stall; 353 musb->g.a_alt_hnp_support = 1; 354 break; 355 #endif 356 stall: 357 default: 358 handled = -EINVAL; 359 break; 360 } 361 break; 362 363 case USB_RECIP_INTERFACE: 364 break; 365 366 case USB_RECIP_ENDPOINT:{ 367 const u8 epnum = 368 ctrlrequest->wIndex & 0x0f; 369 struct musb_ep *musb_ep; 370 struct musb_hw_ep *ep; 371 void __iomem *regs; 372 int is_in; 373 u16 csr; 374 375 if (epnum == 0 376 || epnum >= MUSB_C_NUM_EPS 377 || ctrlrequest->wValue 378 != USB_ENDPOINT_HALT) 379 break; 380 381 ep = musb->endpoints + epnum; 382 regs = ep->regs; 383 is_in = ctrlrequest->wIndex & USB_DIR_IN; 384 if (is_in) 385 musb_ep = &ep->ep_in; 386 else 387 musb_ep = &ep->ep_out; 388 if (!musb_ep->desc) 389 break; 390 391 musb_ep_select(mbase, epnum); 392 if (is_in) { 393 csr = musb_readw(regs, 394 MUSB_TXCSR); 395 if (csr & MUSB_TXCSR_FIFONOTEMPTY) 396 csr |= MUSB_TXCSR_FLUSHFIFO; 397 csr |= MUSB_TXCSR_P_SENDSTALL 398 | MUSB_TXCSR_CLRDATATOG 399 | MUSB_TXCSR_P_WZC_BITS; 400 musb_writew(regs, MUSB_TXCSR, 401 csr); 402 } else { 403 csr = musb_readw(regs, 404 MUSB_RXCSR); 405 csr |= MUSB_RXCSR_P_SENDSTALL 406 | MUSB_RXCSR_FLUSHFIFO 407 | MUSB_RXCSR_CLRDATATOG 408 | MUSB_TXCSR_P_WZC_BITS; 409 musb_writew(regs, MUSB_RXCSR, 410 csr); 411 } 412 413 /* select ep0 again */ 414 musb_ep_select(mbase, 0); 415 handled = 1; 416 } break; 417 418 default: 419 /* class, vendor, etc ... delegate */ 420 handled = 0; 421 break; 422 } 423 break; 424 default: 425 /* delegate SET_CONFIGURATION, etc */ 426 handled = 0; 427 } 428 } else 429 handled = 0; 430 return handled; 431 } 432 433 /* we have an ep0out data packet 434 * Context: caller holds controller lock 435 */ 436 static void ep0_rxstate(struct musb *musb) 437 { 438 void __iomem *regs = musb->control_ep->regs; 439 struct usb_request *req; 440 u16 count, csr; 441 442 req = next_ep0_request(musb); 443 444 /* read packet and ack; or stall because of gadget driver bug: 445 * should have provided the rx buffer before setup() returned. 446 */ 447 if (req) { 448 void *buf = req->buf + req->actual; 449 unsigned len = req->length - req->actual; 450 451 /* read the buffer */ 452 count = musb_readb(regs, MUSB_COUNT0); 453 if (count > len) { 454 req->status = -EOVERFLOW; 455 count = len; 456 } 457 musb_read_fifo(&musb->endpoints[0], count, buf); 458 req->actual += count; 459 csr = MUSB_CSR0_P_SVDRXPKTRDY; 460 if (count < 64 || req->actual == req->length) { 461 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 462 csr |= MUSB_CSR0_P_DATAEND; 463 } else 464 req = NULL; 465 } else 466 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL; 467 468 469 /* Completion handler may choose to stall, e.g. because the 470 * message just received holds invalid data. 471 */ 472 if (req) { 473 musb->ackpend = csr; 474 musb_g_ep0_giveback(musb, req); 475 if (!musb->ackpend) 476 return; 477 musb->ackpend = 0; 478 } 479 musb_ep_select(musb->mregs, 0); 480 musb_writew(regs, MUSB_CSR0, csr); 481 } 482 483 /* 484 * transmitting to the host (IN), this code might be called from IRQ 485 * and from kernel thread. 486 * 487 * Context: caller holds controller lock 488 */ 489 static void ep0_txstate(struct musb *musb) 490 { 491 void __iomem *regs = musb->control_ep->regs; 492 struct usb_request *request = next_ep0_request(musb); 493 u16 csr = MUSB_CSR0_TXPKTRDY; 494 u8 *fifo_src; 495 u8 fifo_count; 496 497 if (!request) { 498 /* WARN_ON(1); */ 499 DBG(2, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0)); 500 return; 501 } 502 503 /* load the data */ 504 fifo_src = (u8 *) request->buf + request->actual; 505 fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE, 506 request->length - request->actual); 507 musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src); 508 request->actual += fifo_count; 509 510 /* update the flags */ 511 if (fifo_count < MUSB_MAX_END0_PACKET 512 || request->actual == request->length) { 513 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 514 csr |= MUSB_CSR0_P_DATAEND; 515 } else 516 request = NULL; 517 518 /* report completions as soon as the fifo's loaded; there's no 519 * win in waiting till this last packet gets acked. (other than 520 * very precise fault reporting, needed by USB TMC; possible with 521 * this hardware, but not usable from portable gadget drivers.) 522 */ 523 if (request) { 524 musb->ackpend = csr; 525 musb_g_ep0_giveback(musb, request); 526 if (!musb->ackpend) 527 return; 528 musb->ackpend = 0; 529 } 530 531 /* send it out, triggering a "txpktrdy cleared" irq */ 532 musb_ep_select(musb->mregs, 0); 533 musb_writew(regs, MUSB_CSR0, csr); 534 } 535 536 /* 537 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware. 538 * Fields are left in USB byte-order. 539 * 540 * Context: caller holds controller lock. 541 */ 542 static void 543 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req) 544 { 545 struct usb_request *r; 546 void __iomem *regs = musb->control_ep->regs; 547 548 musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req); 549 550 /* NOTE: earlier 2.6 versions changed setup packets to host 551 * order, but now USB packets always stay in USB byte order. 552 */ 553 DBG(3, "SETUP req%02x.%02x v%04x i%04x l%d\n", 554 req->bRequestType, 555 req->bRequest, 556 le16_to_cpu(req->wValue), 557 le16_to_cpu(req->wIndex), 558 le16_to_cpu(req->wLength)); 559 560 /* clean up any leftover transfers */ 561 r = next_ep0_request(musb); 562 if (r) 563 musb_g_ep0_giveback(musb, r); 564 565 /* For zero-data requests we want to delay the STATUS stage to 566 * avoid SETUPEND errors. If we read data (OUT), delay accepting 567 * packets until there's a buffer to store them in. 568 * 569 * If we write data, the controller acts happier if we enable 570 * the TX FIFO right away, and give the controller a moment 571 * to switch modes... 572 */ 573 musb->set_address = false; 574 musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY; 575 if (req->wLength == 0) { 576 if (req->bRequestType & USB_DIR_IN) 577 musb->ackpend |= MUSB_CSR0_TXPKTRDY; 578 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT; 579 } else if (req->bRequestType & USB_DIR_IN) { 580 musb->ep0_state = MUSB_EP0_STAGE_TX; 581 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY); 582 while ((musb_readw(regs, MUSB_CSR0) 583 & MUSB_CSR0_RXPKTRDY) != 0) 584 cpu_relax(); 585 musb->ackpend = 0; 586 } else 587 musb->ep0_state = MUSB_EP0_STAGE_RX; 588 } 589 590 static int 591 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 592 __releases(musb->lock) 593 __acquires(musb->lock) 594 { 595 int retval; 596 if (!musb->gadget_driver) 597 return -EOPNOTSUPP; 598 spin_unlock(&musb->lock); 599 retval = musb->gadget_driver->setup(&musb->g, ctrlrequest); 600 spin_lock(&musb->lock); 601 return retval; 602 } 603 604 /* 605 * Handle peripheral ep0 interrupt 606 * 607 * Context: irq handler; we won't re-enter the driver that way. 608 */ 609 irqreturn_t musb_g_ep0_irq(struct musb *musb) 610 { 611 u16 csr; 612 u16 len; 613 void __iomem *mbase = musb->mregs; 614 void __iomem *regs = musb->endpoints[0].regs; 615 irqreturn_t retval = IRQ_NONE; 616 617 musb_ep_select(mbase, 0); /* select ep0 */ 618 csr = musb_readw(regs, MUSB_CSR0); 619 len = musb_readb(regs, MUSB_COUNT0); 620 621 DBG(4, "csr %04x, count %d, myaddr %d, ep0stage %s\n", 622 csr, len, 623 musb_readb(mbase, MUSB_FADDR), 624 decode_ep0stage(musb->ep0_state)); 625 626 /* I sent a stall.. need to acknowledge it now.. */ 627 if (csr & MUSB_CSR0_P_SENTSTALL) { 628 musb_writew(regs, MUSB_CSR0, 629 csr & ~MUSB_CSR0_P_SENTSTALL); 630 retval = IRQ_HANDLED; 631 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 632 csr = musb_readw(regs, MUSB_CSR0); 633 } 634 635 /* request ended "early" */ 636 if (csr & MUSB_CSR0_P_SETUPEND) { 637 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND); 638 retval = IRQ_HANDLED; 639 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 640 csr = musb_readw(regs, MUSB_CSR0); 641 /* NOTE: request may need completion */ 642 } 643 644 /* docs from Mentor only describe tx, rx, and idle/setup states. 645 * we need to handle nuances around status stages, and also the 646 * case where status and setup stages come back-to-back ... 647 */ 648 switch (musb->ep0_state) { 649 650 case MUSB_EP0_STAGE_TX: 651 /* irq on clearing txpktrdy */ 652 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) { 653 ep0_txstate(musb); 654 retval = IRQ_HANDLED; 655 } 656 break; 657 658 case MUSB_EP0_STAGE_RX: 659 /* irq on set rxpktrdy */ 660 if (csr & MUSB_CSR0_RXPKTRDY) { 661 ep0_rxstate(musb); 662 retval = IRQ_HANDLED; 663 } 664 break; 665 666 case MUSB_EP0_STAGE_STATUSIN: 667 /* end of sequence #2 (OUT/RX state) or #3 (no data) */ 668 669 /* update address (if needed) only @ the end of the 670 * status phase per usb spec, which also guarantees 671 * we get 10 msec to receive this irq... until this 672 * is done we won't see the next packet. 673 */ 674 if (musb->set_address) { 675 musb->set_address = false; 676 musb_writeb(mbase, MUSB_FADDR, musb->address); 677 } 678 679 /* enter test mode if needed (exit by reset) */ 680 else if (musb->test_mode) { 681 DBG(1, "entering TESTMODE\n"); 682 683 if (MUSB_TEST_PACKET == musb->test_mode_nr) 684 musb_load_testpacket(musb); 685 686 musb_writeb(mbase, MUSB_TESTMODE, 687 musb->test_mode_nr); 688 } 689 /* FALLTHROUGH */ 690 691 case MUSB_EP0_STAGE_STATUSOUT: 692 /* end of sequence #1: write to host (TX state) */ 693 { 694 struct usb_request *req; 695 696 req = next_ep0_request(musb); 697 if (req) 698 musb_g_ep0_giveback(musb, req); 699 } 700 retval = IRQ_HANDLED; 701 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 702 /* FALLTHROUGH */ 703 704 case MUSB_EP0_STAGE_SETUP: 705 if (csr & MUSB_CSR0_RXPKTRDY) { 706 struct usb_ctrlrequest setup; 707 int handled = 0; 708 709 if (len != 8) { 710 ERR("SETUP packet len %d != 8 ?\n", len); 711 break; 712 } 713 musb_read_setup(musb, &setup); 714 retval = IRQ_HANDLED; 715 716 /* sometimes the RESET won't be reported */ 717 if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) { 718 u8 power; 719 720 printk(KERN_NOTICE "%s: peripheral reset " 721 "irq lost!\n", 722 musb_driver_name); 723 power = musb_readb(mbase, MUSB_POWER); 724 musb->g.speed = (power & MUSB_POWER_HSMODE) 725 ? USB_SPEED_HIGH : USB_SPEED_FULL; 726 727 } 728 729 switch (musb->ep0_state) { 730 731 /* sequence #3 (no data stage), includes requests 732 * we can't forward (notably SET_ADDRESS and the 733 * device/endpoint feature set/clear operations) 734 * plus SET_CONFIGURATION and others we must 735 */ 736 case MUSB_EP0_STAGE_ACKWAIT: 737 handled = service_zero_data_request( 738 musb, &setup); 739 740 /* status stage might be immediate */ 741 if (handled > 0) { 742 musb->ackpend |= MUSB_CSR0_P_DATAEND; 743 musb->ep0_state = 744 MUSB_EP0_STAGE_STATUSIN; 745 } 746 break; 747 748 /* sequence #1 (IN to host), includes GET_STATUS 749 * requests that we can't forward, GET_DESCRIPTOR 750 * and others that we must 751 */ 752 case MUSB_EP0_STAGE_TX: 753 handled = service_in_request(musb, &setup); 754 if (handled > 0) { 755 musb->ackpend = MUSB_CSR0_TXPKTRDY 756 | MUSB_CSR0_P_DATAEND; 757 musb->ep0_state = 758 MUSB_EP0_STAGE_STATUSOUT; 759 } 760 break; 761 762 /* sequence #2 (OUT from host), always forward */ 763 default: /* MUSB_EP0_STAGE_RX */ 764 break; 765 } 766 767 DBG(3, "handled %d, csr %04x, ep0stage %s\n", 768 handled, csr, 769 decode_ep0stage(musb->ep0_state)); 770 771 /* unless we need to delegate this to the gadget 772 * driver, we know how to wrap this up: csr0 has 773 * not yet been written. 774 */ 775 if (handled < 0) 776 goto stall; 777 else if (handled > 0) 778 goto finish; 779 780 handled = forward_to_driver(musb, &setup); 781 if (handled < 0) { 782 musb_ep_select(mbase, 0); 783 stall: 784 DBG(3, "stall (%d)\n", handled); 785 musb->ackpend |= MUSB_CSR0_P_SENDSTALL; 786 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 787 finish: 788 musb_writew(regs, MUSB_CSR0, 789 musb->ackpend); 790 musb->ackpend = 0; 791 } 792 } 793 break; 794 795 case MUSB_EP0_STAGE_ACKWAIT: 796 /* This should not happen. But happens with tusb6010 with 797 * g_file_storage and high speed. Do nothing. 798 */ 799 retval = IRQ_HANDLED; 800 break; 801 802 default: 803 /* "can't happen" */ 804 WARN_ON(1); 805 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL); 806 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 807 break; 808 } 809 810 return retval; 811 } 812 813 814 static int 815 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc) 816 { 817 /* always enabled */ 818 return -EINVAL; 819 } 820 821 static int musb_g_ep0_disable(struct usb_ep *e) 822 { 823 /* always enabled */ 824 return -EINVAL; 825 } 826 827 static int 828 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags) 829 { 830 struct musb_ep *ep; 831 struct musb_request *req; 832 struct musb *musb; 833 int status; 834 unsigned long lockflags; 835 void __iomem *regs; 836 837 if (!e || !r) 838 return -EINVAL; 839 840 ep = to_musb_ep(e); 841 musb = ep->musb; 842 regs = musb->control_ep->regs; 843 844 req = to_musb_request(r); 845 req->musb = musb; 846 req->request.actual = 0; 847 req->request.status = -EINPROGRESS; 848 req->tx = ep->is_in; 849 850 spin_lock_irqsave(&musb->lock, lockflags); 851 852 if (!list_empty(&ep->req_list)) { 853 status = -EBUSY; 854 goto cleanup; 855 } 856 857 switch (musb->ep0_state) { 858 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 859 case MUSB_EP0_STAGE_TX: /* control-IN data */ 860 case MUSB_EP0_STAGE_ACKWAIT: /* zero-length data */ 861 status = 0; 862 break; 863 default: 864 DBG(1, "ep0 request queued in state %d\n", 865 musb->ep0_state); 866 status = -EINVAL; 867 goto cleanup; 868 } 869 870 /* add request to the list */ 871 list_add_tail(&(req->request.list), &(ep->req_list)); 872 873 DBG(3, "queue to %s (%s), length=%d\n", 874 ep->name, ep->is_in ? "IN/TX" : "OUT/RX", 875 req->request.length); 876 877 musb_ep_select(musb->mregs, 0); 878 879 /* sequence #1, IN ... start writing the data */ 880 if (musb->ep0_state == MUSB_EP0_STAGE_TX) 881 ep0_txstate(musb); 882 883 /* sequence #3, no-data ... issue IN status */ 884 else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) { 885 if (req->request.length) 886 status = -EINVAL; 887 else { 888 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 889 musb_writew(regs, MUSB_CSR0, 890 musb->ackpend | MUSB_CSR0_P_DATAEND); 891 musb->ackpend = 0; 892 musb_g_ep0_giveback(ep->musb, r); 893 } 894 895 /* else for sequence #2 (OUT), caller provides a buffer 896 * before the next packet arrives. deferred responses 897 * (after SETUP is acked) are racey. 898 */ 899 } else if (musb->ackpend) { 900 musb_writew(regs, MUSB_CSR0, musb->ackpend); 901 musb->ackpend = 0; 902 } 903 904 cleanup: 905 spin_unlock_irqrestore(&musb->lock, lockflags); 906 return status; 907 } 908 909 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req) 910 { 911 /* we just won't support this */ 912 return -EINVAL; 913 } 914 915 static int musb_g_ep0_halt(struct usb_ep *e, int value) 916 { 917 struct musb_ep *ep; 918 struct musb *musb; 919 void __iomem *base, *regs; 920 unsigned long flags; 921 int status; 922 u16 csr; 923 924 if (!e || !value) 925 return -EINVAL; 926 927 ep = to_musb_ep(e); 928 musb = ep->musb; 929 base = musb->mregs; 930 regs = musb->control_ep->regs; 931 status = 0; 932 933 spin_lock_irqsave(&musb->lock, flags); 934 935 if (!list_empty(&ep->req_list)) { 936 status = -EBUSY; 937 goto cleanup; 938 } 939 940 musb_ep_select(base, 0); 941 csr = musb->ackpend; 942 943 switch (musb->ep0_state) { 944 945 /* Stalls are usually issued after parsing SETUP packet, either 946 * directly in irq context from setup() or else later. 947 */ 948 case MUSB_EP0_STAGE_TX: /* control-IN data */ 949 case MUSB_EP0_STAGE_ACKWAIT: /* STALL for zero-length data */ 950 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 951 csr = musb_readw(regs, MUSB_CSR0); 952 /* FALLTHROUGH */ 953 954 /* It's also OK to issue stalls during callbacks when a non-empty 955 * DATA stage buffer has been read (or even written). 956 */ 957 case MUSB_EP0_STAGE_STATUSIN: /* control-OUT status */ 958 case MUSB_EP0_STAGE_STATUSOUT: /* control-IN status */ 959 960 csr |= MUSB_CSR0_P_SENDSTALL; 961 musb_writew(regs, MUSB_CSR0, csr); 962 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 963 musb->ackpend = 0; 964 break; 965 default: 966 DBG(1, "ep0 can't halt in state %d\n", musb->ep0_state); 967 status = -EINVAL; 968 } 969 970 cleanup: 971 spin_unlock_irqrestore(&musb->lock, flags); 972 return status; 973 } 974 975 const struct usb_ep_ops musb_g_ep0_ops = { 976 .enable = musb_g_ep0_enable, 977 .disable = musb_g_ep0_disable, 978 .alloc_request = musb_alloc_request, 979 .free_request = musb_free_request, 980 .queue = musb_g_ep0_queue, 981 .dequeue = musb_g_ep0_dequeue, 982 .set_halt = musb_g_ep0_halt, 983 }; 984