1 /* 2 * MUSB OTG peripheral driver ep0 handling 3 * 4 * Copyright 2005 Mentor Graphics Corporation 5 * Copyright (C) 2005-2006 by Texas Instruments 6 * Copyright (C) 2006-2007 Nokia Corporation 7 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * version 2 as published by the Free Software Foundation. 12 * 13 * This program is distributed in the hope that it will be useful, but 14 * WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 21 * 02110-1301 USA 22 * 23 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED 24 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN 26 * NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 29 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 30 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 * 34 */ 35 36 #include <linux/kernel.h> 37 #include <linux/list.h> 38 #include <linux/timer.h> 39 #include <linux/spinlock.h> 40 #include <linux/init.h> 41 #include <linux/device.h> 42 #include <linux/interrupt.h> 43 44 #include "musb_core.h" 45 46 /* ep0 is always musb->endpoints[0].ep_in */ 47 #define next_ep0_request(musb) next_in_request(&(musb)->endpoints[0]) 48 49 /* 50 * locking note: we use only the controller lock, for simpler correctness. 51 * It's always held with IRQs blocked. 52 * 53 * It protects the ep0 request queue as well as ep0_state, not just the 54 * controller and indexed registers. And that lock stays held unless it 55 * needs to be dropped to allow reentering this driver ... like upcalls to 56 * the gadget driver, or adjusting endpoint halt status. 57 */ 58 59 static char *decode_ep0stage(u8 stage) 60 { 61 switch (stage) { 62 case MUSB_EP0_STAGE_IDLE: return "idle"; 63 case MUSB_EP0_STAGE_SETUP: return "setup"; 64 case MUSB_EP0_STAGE_TX: return "in"; 65 case MUSB_EP0_STAGE_RX: return "out"; 66 case MUSB_EP0_STAGE_ACKWAIT: return "wait"; 67 case MUSB_EP0_STAGE_STATUSIN: return "in/status"; 68 case MUSB_EP0_STAGE_STATUSOUT: return "out/status"; 69 default: return "?"; 70 } 71 } 72 73 /* handle a standard GET_STATUS request 74 * Context: caller holds controller lock 75 */ 76 static int service_tx_status_request( 77 struct musb *musb, 78 const struct usb_ctrlrequest *ctrlrequest) 79 { 80 void __iomem *mbase = musb->mregs; 81 int handled = 1; 82 u8 result[2], epnum = 0; 83 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 84 85 result[1] = 0; 86 87 switch (recip) { 88 case USB_RECIP_DEVICE: 89 result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED; 90 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP; 91 if (musb->g.is_otg) { 92 result[0] |= musb->g.b_hnp_enable 93 << USB_DEVICE_B_HNP_ENABLE; 94 result[0] |= musb->g.a_alt_hnp_support 95 << USB_DEVICE_A_ALT_HNP_SUPPORT; 96 result[0] |= musb->g.a_hnp_support 97 << USB_DEVICE_A_HNP_SUPPORT; 98 } 99 break; 100 101 case USB_RECIP_INTERFACE: 102 result[0] = 0; 103 break; 104 105 case USB_RECIP_ENDPOINT: { 106 int is_in; 107 struct musb_ep *ep; 108 u16 tmp; 109 void __iomem *regs; 110 111 epnum = (u8) ctrlrequest->wIndex; 112 if (!epnum) { 113 result[0] = 0; 114 break; 115 } 116 117 is_in = epnum & USB_DIR_IN; 118 if (is_in) { 119 epnum &= 0x0f; 120 ep = &musb->endpoints[epnum].ep_in; 121 } else { 122 ep = &musb->endpoints[epnum].ep_out; 123 } 124 regs = musb->endpoints[epnum].regs; 125 126 if (epnum >= MUSB_C_NUM_EPS || !ep->desc) { 127 handled = -EINVAL; 128 break; 129 } 130 131 musb_ep_select(mbase, epnum); 132 if (is_in) 133 tmp = musb_readw(regs, MUSB_TXCSR) 134 & MUSB_TXCSR_P_SENDSTALL; 135 else 136 tmp = musb_readw(regs, MUSB_RXCSR) 137 & MUSB_RXCSR_P_SENDSTALL; 138 musb_ep_select(mbase, 0); 139 140 result[0] = tmp ? 1 : 0; 141 } break; 142 143 default: 144 /* class, vendor, etc ... delegate */ 145 handled = 0; 146 break; 147 } 148 149 /* fill up the fifo; caller updates csr0 */ 150 if (handled > 0) { 151 u16 len = le16_to_cpu(ctrlrequest->wLength); 152 153 if (len > 2) 154 len = 2; 155 musb_write_fifo(&musb->endpoints[0], len, result); 156 } 157 158 return handled; 159 } 160 161 /* 162 * handle a control-IN request, the end0 buffer contains the current request 163 * that is supposed to be a standard control request. Assumes the fifo to 164 * be at least 2 bytes long. 165 * 166 * @return 0 if the request was NOT HANDLED, 167 * < 0 when error 168 * > 0 when the request is processed 169 * 170 * Context: caller holds controller lock 171 */ 172 static int 173 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 174 { 175 int handled = 0; /* not handled */ 176 177 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 178 == USB_TYPE_STANDARD) { 179 switch (ctrlrequest->bRequest) { 180 case USB_REQ_GET_STATUS: 181 handled = service_tx_status_request(musb, 182 ctrlrequest); 183 break; 184 185 /* case USB_REQ_SYNC_FRAME: */ 186 187 default: 188 break; 189 } 190 } 191 return handled; 192 } 193 194 /* 195 * Context: caller holds controller lock 196 */ 197 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req) 198 { 199 musb_g_giveback(&musb->endpoints[0].ep_in, req, 0); 200 } 201 202 /* 203 * Tries to start B-device HNP negotiation if enabled via sysfs 204 */ 205 static inline void musb_try_b_hnp_enable(struct musb *musb) 206 { 207 void __iomem *mbase = musb->mregs; 208 u8 devctl; 209 210 dev_dbg(musb->controller, "HNP: Setting HR\n"); 211 devctl = musb_readb(mbase, MUSB_DEVCTL); 212 musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR); 213 } 214 215 /* 216 * Handle all control requests with no DATA stage, including standard 217 * requests such as: 218 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized 219 * always delegated to the gadget driver 220 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE 221 * always handled here, except for class/vendor/... features 222 * 223 * Context: caller holds controller lock 224 */ 225 static int 226 service_zero_data_request(struct musb *musb, 227 struct usb_ctrlrequest *ctrlrequest) 228 __releases(musb->lock) 229 __acquires(musb->lock) 230 { 231 int handled = -EINVAL; 232 void __iomem *mbase = musb->mregs; 233 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK; 234 235 /* the gadget driver handles everything except what we MUST handle */ 236 if ((ctrlrequest->bRequestType & USB_TYPE_MASK) 237 == USB_TYPE_STANDARD) { 238 switch (ctrlrequest->bRequest) { 239 case USB_REQ_SET_ADDRESS: 240 /* change it after the status stage */ 241 musb->set_address = true; 242 musb->address = (u8) (ctrlrequest->wValue & 0x7f); 243 handled = 1; 244 break; 245 246 case USB_REQ_CLEAR_FEATURE: 247 switch (recip) { 248 case USB_RECIP_DEVICE: 249 if (ctrlrequest->wValue 250 != USB_DEVICE_REMOTE_WAKEUP) 251 break; 252 musb->may_wakeup = 0; 253 handled = 1; 254 break; 255 case USB_RECIP_INTERFACE: 256 break; 257 case USB_RECIP_ENDPOINT:{ 258 const u8 epnum = 259 ctrlrequest->wIndex & 0x0f; 260 struct musb_ep *musb_ep; 261 struct musb_hw_ep *ep; 262 struct musb_request *request; 263 void __iomem *regs; 264 int is_in; 265 u16 csr; 266 267 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 268 ctrlrequest->wValue != USB_ENDPOINT_HALT) 269 break; 270 271 ep = musb->endpoints + epnum; 272 regs = ep->regs; 273 is_in = ctrlrequest->wIndex & USB_DIR_IN; 274 if (is_in) 275 musb_ep = &ep->ep_in; 276 else 277 musb_ep = &ep->ep_out; 278 if (!musb_ep->desc) 279 break; 280 281 handled = 1; 282 /* Ignore request if endpoint is wedged */ 283 if (musb_ep->wedged) 284 break; 285 286 musb_ep_select(mbase, epnum); 287 if (is_in) { 288 csr = musb_readw(regs, MUSB_TXCSR); 289 csr |= MUSB_TXCSR_CLRDATATOG | 290 MUSB_TXCSR_P_WZC_BITS; 291 csr &= ~(MUSB_TXCSR_P_SENDSTALL | 292 MUSB_TXCSR_P_SENTSTALL | 293 MUSB_TXCSR_TXPKTRDY); 294 musb_writew(regs, MUSB_TXCSR, csr); 295 } else { 296 csr = musb_readw(regs, MUSB_RXCSR); 297 csr |= MUSB_RXCSR_CLRDATATOG | 298 MUSB_RXCSR_P_WZC_BITS; 299 csr &= ~(MUSB_RXCSR_P_SENDSTALL | 300 MUSB_RXCSR_P_SENTSTALL); 301 musb_writew(regs, MUSB_RXCSR, csr); 302 } 303 304 /* Maybe start the first request in the queue */ 305 request = next_request(musb_ep); 306 if (!musb_ep->busy && request) { 307 dev_dbg(musb->controller, "restarting the request\n"); 308 musb_ep_restart(musb, request); 309 } 310 311 /* select ep0 again */ 312 musb_ep_select(mbase, 0); 313 } break; 314 default: 315 /* class, vendor, etc ... delegate */ 316 handled = 0; 317 break; 318 } 319 break; 320 321 case USB_REQ_SET_FEATURE: 322 switch (recip) { 323 case USB_RECIP_DEVICE: 324 handled = 1; 325 switch (ctrlrequest->wValue) { 326 case USB_DEVICE_REMOTE_WAKEUP: 327 musb->may_wakeup = 1; 328 break; 329 case USB_DEVICE_TEST_MODE: 330 if (musb->g.speed != USB_SPEED_HIGH) 331 goto stall; 332 if (ctrlrequest->wIndex & 0xff) 333 goto stall; 334 335 switch (ctrlrequest->wIndex >> 8) { 336 case 1: 337 pr_debug("TEST_J\n"); 338 /* TEST_J */ 339 musb->test_mode_nr = 340 MUSB_TEST_J; 341 break; 342 case 2: 343 /* TEST_K */ 344 pr_debug("TEST_K\n"); 345 musb->test_mode_nr = 346 MUSB_TEST_K; 347 break; 348 case 3: 349 /* TEST_SE0_NAK */ 350 pr_debug("TEST_SE0_NAK\n"); 351 musb->test_mode_nr = 352 MUSB_TEST_SE0_NAK; 353 break; 354 case 4: 355 /* TEST_PACKET */ 356 pr_debug("TEST_PACKET\n"); 357 musb->test_mode_nr = 358 MUSB_TEST_PACKET; 359 break; 360 361 case 0xc0: 362 /* TEST_FORCE_HS */ 363 pr_debug("TEST_FORCE_HS\n"); 364 musb->test_mode_nr = 365 MUSB_TEST_FORCE_HS; 366 break; 367 case 0xc1: 368 /* TEST_FORCE_FS */ 369 pr_debug("TEST_FORCE_FS\n"); 370 musb->test_mode_nr = 371 MUSB_TEST_FORCE_FS; 372 break; 373 case 0xc2: 374 /* TEST_FIFO_ACCESS */ 375 pr_debug("TEST_FIFO_ACCESS\n"); 376 musb->test_mode_nr = 377 MUSB_TEST_FIFO_ACCESS; 378 break; 379 case 0xc3: 380 /* TEST_FORCE_HOST */ 381 pr_debug("TEST_FORCE_HOST\n"); 382 musb->test_mode_nr = 383 MUSB_TEST_FORCE_HOST; 384 break; 385 default: 386 goto stall; 387 } 388 389 /* enter test mode after irq */ 390 if (handled > 0) 391 musb->test_mode = true; 392 break; 393 case USB_DEVICE_B_HNP_ENABLE: 394 if (!musb->g.is_otg) 395 goto stall; 396 musb->g.b_hnp_enable = 1; 397 musb_try_b_hnp_enable(musb); 398 break; 399 case USB_DEVICE_A_HNP_SUPPORT: 400 if (!musb->g.is_otg) 401 goto stall; 402 musb->g.a_hnp_support = 1; 403 break; 404 case USB_DEVICE_A_ALT_HNP_SUPPORT: 405 if (!musb->g.is_otg) 406 goto stall; 407 musb->g.a_alt_hnp_support = 1; 408 break; 409 case USB_DEVICE_DEBUG_MODE: 410 handled = 0; 411 break; 412 stall: 413 default: 414 handled = -EINVAL; 415 break; 416 } 417 break; 418 419 case USB_RECIP_INTERFACE: 420 break; 421 422 case USB_RECIP_ENDPOINT:{ 423 const u8 epnum = 424 ctrlrequest->wIndex & 0x0f; 425 struct musb_ep *musb_ep; 426 struct musb_hw_ep *ep; 427 void __iomem *regs; 428 int is_in; 429 u16 csr; 430 431 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS || 432 ctrlrequest->wValue != USB_ENDPOINT_HALT) 433 break; 434 435 ep = musb->endpoints + epnum; 436 regs = ep->regs; 437 is_in = ctrlrequest->wIndex & USB_DIR_IN; 438 if (is_in) 439 musb_ep = &ep->ep_in; 440 else 441 musb_ep = &ep->ep_out; 442 if (!musb_ep->desc) 443 break; 444 445 musb_ep_select(mbase, epnum); 446 if (is_in) { 447 csr = musb_readw(regs, MUSB_TXCSR); 448 if (csr & MUSB_TXCSR_FIFONOTEMPTY) 449 csr |= MUSB_TXCSR_FLUSHFIFO; 450 csr |= MUSB_TXCSR_P_SENDSTALL 451 | MUSB_TXCSR_CLRDATATOG 452 | MUSB_TXCSR_P_WZC_BITS; 453 musb_writew(regs, MUSB_TXCSR, csr); 454 } else { 455 csr = musb_readw(regs, MUSB_RXCSR); 456 csr |= MUSB_RXCSR_P_SENDSTALL 457 | MUSB_RXCSR_FLUSHFIFO 458 | MUSB_RXCSR_CLRDATATOG 459 | MUSB_RXCSR_P_WZC_BITS; 460 musb_writew(regs, MUSB_RXCSR, csr); 461 } 462 463 /* select ep0 again */ 464 musb_ep_select(mbase, 0); 465 handled = 1; 466 } break; 467 468 default: 469 /* class, vendor, etc ... delegate */ 470 handled = 0; 471 break; 472 } 473 break; 474 default: 475 /* delegate SET_CONFIGURATION, etc */ 476 handled = 0; 477 } 478 } else 479 handled = 0; 480 return handled; 481 } 482 483 /* we have an ep0out data packet 484 * Context: caller holds controller lock 485 */ 486 static void ep0_rxstate(struct musb *musb) 487 { 488 void __iomem *regs = musb->control_ep->regs; 489 struct musb_request *request; 490 struct usb_request *req; 491 u16 count, csr; 492 493 request = next_ep0_request(musb); 494 req = &request->request; 495 496 /* read packet and ack; or stall because of gadget driver bug: 497 * should have provided the rx buffer before setup() returned. 498 */ 499 if (req) { 500 void *buf = req->buf + req->actual; 501 unsigned len = req->length - req->actual; 502 503 /* read the buffer */ 504 count = musb_readb(regs, MUSB_COUNT0); 505 if (count > len) { 506 req->status = -EOVERFLOW; 507 count = len; 508 } 509 musb_read_fifo(&musb->endpoints[0], count, buf); 510 req->actual += count; 511 csr = MUSB_CSR0_P_SVDRXPKTRDY; 512 if (count < 64 || req->actual == req->length) { 513 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 514 csr |= MUSB_CSR0_P_DATAEND; 515 } else 516 req = NULL; 517 } else 518 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL; 519 520 521 /* Completion handler may choose to stall, e.g. because the 522 * message just received holds invalid data. 523 */ 524 if (req) { 525 musb->ackpend = csr; 526 musb_g_ep0_giveback(musb, req); 527 if (!musb->ackpend) 528 return; 529 musb->ackpend = 0; 530 } 531 musb_ep_select(musb->mregs, 0); 532 musb_writew(regs, MUSB_CSR0, csr); 533 } 534 535 /* 536 * transmitting to the host (IN), this code might be called from IRQ 537 * and from kernel thread. 538 * 539 * Context: caller holds controller lock 540 */ 541 static void ep0_txstate(struct musb *musb) 542 { 543 void __iomem *regs = musb->control_ep->regs; 544 struct musb_request *req = next_ep0_request(musb); 545 struct usb_request *request; 546 u16 csr = MUSB_CSR0_TXPKTRDY; 547 u8 *fifo_src; 548 u8 fifo_count; 549 550 if (!req) { 551 /* WARN_ON(1); */ 552 dev_dbg(musb->controller, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0)); 553 return; 554 } 555 556 request = &req->request; 557 558 /* load the data */ 559 fifo_src = (u8 *) request->buf + request->actual; 560 fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE, 561 request->length - request->actual); 562 musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src); 563 request->actual += fifo_count; 564 565 /* update the flags */ 566 if (fifo_count < MUSB_MAX_END0_PACKET 567 || (request->actual == request->length 568 && !request->zero)) { 569 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 570 csr |= MUSB_CSR0_P_DATAEND; 571 } else 572 request = NULL; 573 574 /* report completions as soon as the fifo's loaded; there's no 575 * win in waiting till this last packet gets acked. (other than 576 * very precise fault reporting, needed by USB TMC; possible with 577 * this hardware, but not usable from portable gadget drivers.) 578 */ 579 if (request) { 580 musb->ackpend = csr; 581 musb_g_ep0_giveback(musb, request); 582 if (!musb->ackpend) 583 return; 584 musb->ackpend = 0; 585 } 586 587 /* send it out, triggering a "txpktrdy cleared" irq */ 588 musb_ep_select(musb->mregs, 0); 589 musb_writew(regs, MUSB_CSR0, csr); 590 } 591 592 /* 593 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware. 594 * Fields are left in USB byte-order. 595 * 596 * Context: caller holds controller lock. 597 */ 598 static void 599 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req) 600 { 601 struct musb_request *r; 602 void __iomem *regs = musb->control_ep->regs; 603 604 musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req); 605 606 /* NOTE: earlier 2.6 versions changed setup packets to host 607 * order, but now USB packets always stay in USB byte order. 608 */ 609 dev_dbg(musb->controller, "SETUP req%02x.%02x v%04x i%04x l%d\n", 610 req->bRequestType, 611 req->bRequest, 612 le16_to_cpu(req->wValue), 613 le16_to_cpu(req->wIndex), 614 le16_to_cpu(req->wLength)); 615 616 /* clean up any leftover transfers */ 617 r = next_ep0_request(musb); 618 if (r) 619 musb_g_ep0_giveback(musb, &r->request); 620 621 /* For zero-data requests we want to delay the STATUS stage to 622 * avoid SETUPEND errors. If we read data (OUT), delay accepting 623 * packets until there's a buffer to store them in. 624 * 625 * If we write data, the controller acts happier if we enable 626 * the TX FIFO right away, and give the controller a moment 627 * to switch modes... 628 */ 629 musb->set_address = false; 630 musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY; 631 if (req->wLength == 0) { 632 if (req->bRequestType & USB_DIR_IN) 633 musb->ackpend |= MUSB_CSR0_TXPKTRDY; 634 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT; 635 } else if (req->bRequestType & USB_DIR_IN) { 636 musb->ep0_state = MUSB_EP0_STAGE_TX; 637 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY); 638 while ((musb_readw(regs, MUSB_CSR0) 639 & MUSB_CSR0_RXPKTRDY) != 0) 640 cpu_relax(); 641 musb->ackpend = 0; 642 } else 643 musb->ep0_state = MUSB_EP0_STAGE_RX; 644 } 645 646 static int 647 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest) 648 __releases(musb->lock) 649 __acquires(musb->lock) 650 { 651 int retval; 652 if (!musb->gadget_driver) 653 return -EOPNOTSUPP; 654 spin_unlock(&musb->lock); 655 retval = musb->gadget_driver->setup(&musb->g, ctrlrequest); 656 spin_lock(&musb->lock); 657 return retval; 658 } 659 660 /* 661 * Handle peripheral ep0 interrupt 662 * 663 * Context: irq handler; we won't re-enter the driver that way. 664 */ 665 irqreturn_t musb_g_ep0_irq(struct musb *musb) 666 { 667 u16 csr; 668 u16 len; 669 void __iomem *mbase = musb->mregs; 670 void __iomem *regs = musb->endpoints[0].regs; 671 irqreturn_t retval = IRQ_NONE; 672 673 musb_ep_select(mbase, 0); /* select ep0 */ 674 csr = musb_readw(regs, MUSB_CSR0); 675 len = musb_readb(regs, MUSB_COUNT0); 676 677 dev_dbg(musb->controller, "csr %04x, count %d, myaddr %d, ep0stage %s\n", 678 csr, len, 679 musb_readb(mbase, MUSB_FADDR), 680 decode_ep0stage(musb->ep0_state)); 681 682 if (csr & MUSB_CSR0_P_DATAEND) { 683 /* 684 * If DATAEND is set we should not call the callback, 685 * hence the status stage is not complete. 686 */ 687 return IRQ_HANDLED; 688 } 689 690 /* I sent a stall.. need to acknowledge it now.. */ 691 if (csr & MUSB_CSR0_P_SENTSTALL) { 692 musb_writew(regs, MUSB_CSR0, 693 csr & ~MUSB_CSR0_P_SENTSTALL); 694 retval = IRQ_HANDLED; 695 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 696 csr = musb_readw(regs, MUSB_CSR0); 697 } 698 699 /* request ended "early" */ 700 if (csr & MUSB_CSR0_P_SETUPEND) { 701 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND); 702 retval = IRQ_HANDLED; 703 /* Transition into the early status phase */ 704 switch (musb->ep0_state) { 705 case MUSB_EP0_STAGE_TX: 706 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT; 707 break; 708 case MUSB_EP0_STAGE_RX: 709 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 710 break; 711 default: 712 ERR("SetupEnd came in a wrong ep0stage %s\n", 713 decode_ep0stage(musb->ep0_state)); 714 } 715 csr = musb_readw(regs, MUSB_CSR0); 716 /* NOTE: request may need completion */ 717 } 718 719 /* docs from Mentor only describe tx, rx, and idle/setup states. 720 * we need to handle nuances around status stages, and also the 721 * case where status and setup stages come back-to-back ... 722 */ 723 switch (musb->ep0_state) { 724 725 case MUSB_EP0_STAGE_TX: 726 /* irq on clearing txpktrdy */ 727 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) { 728 ep0_txstate(musb); 729 retval = IRQ_HANDLED; 730 } 731 break; 732 733 case MUSB_EP0_STAGE_RX: 734 /* irq on set rxpktrdy */ 735 if (csr & MUSB_CSR0_RXPKTRDY) { 736 ep0_rxstate(musb); 737 retval = IRQ_HANDLED; 738 } 739 break; 740 741 case MUSB_EP0_STAGE_STATUSIN: 742 /* end of sequence #2 (OUT/RX state) or #3 (no data) */ 743 744 /* update address (if needed) only @ the end of the 745 * status phase per usb spec, which also guarantees 746 * we get 10 msec to receive this irq... until this 747 * is done we won't see the next packet. 748 */ 749 if (musb->set_address) { 750 musb->set_address = false; 751 musb_writeb(mbase, MUSB_FADDR, musb->address); 752 } 753 754 /* enter test mode if needed (exit by reset) */ 755 else if (musb->test_mode) { 756 dev_dbg(musb->controller, "entering TESTMODE\n"); 757 758 if (MUSB_TEST_PACKET == musb->test_mode_nr) 759 musb_load_testpacket(musb); 760 761 musb_writeb(mbase, MUSB_TESTMODE, 762 musb->test_mode_nr); 763 } 764 /* FALLTHROUGH */ 765 766 case MUSB_EP0_STAGE_STATUSOUT: 767 /* end of sequence #1: write to host (TX state) */ 768 { 769 struct musb_request *req; 770 771 req = next_ep0_request(musb); 772 if (req) 773 musb_g_ep0_giveback(musb, &req->request); 774 } 775 776 /* 777 * In case when several interrupts can get coalesced, 778 * check to see if we've already received a SETUP packet... 779 */ 780 if (csr & MUSB_CSR0_RXPKTRDY) 781 goto setup; 782 783 retval = IRQ_HANDLED; 784 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 785 break; 786 787 case MUSB_EP0_STAGE_IDLE: 788 /* 789 * This state is typically (but not always) indiscernible 790 * from the status states since the corresponding interrupts 791 * tend to happen within too little period of time (with only 792 * a zero-length packet in between) and so get coalesced... 793 */ 794 retval = IRQ_HANDLED; 795 musb->ep0_state = MUSB_EP0_STAGE_SETUP; 796 /* FALLTHROUGH */ 797 798 case MUSB_EP0_STAGE_SETUP: 799 setup: 800 if (csr & MUSB_CSR0_RXPKTRDY) { 801 struct usb_ctrlrequest setup; 802 int handled = 0; 803 804 if (len != 8) { 805 ERR("SETUP packet len %d != 8 ?\n", len); 806 break; 807 } 808 musb_read_setup(musb, &setup); 809 retval = IRQ_HANDLED; 810 811 /* sometimes the RESET won't be reported */ 812 if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) { 813 u8 power; 814 815 printk(KERN_NOTICE "%s: peripheral reset " 816 "irq lost!\n", 817 musb_driver_name); 818 power = musb_readb(mbase, MUSB_POWER); 819 musb->g.speed = (power & MUSB_POWER_HSMODE) 820 ? USB_SPEED_HIGH : USB_SPEED_FULL; 821 822 } 823 824 switch (musb->ep0_state) { 825 826 /* sequence #3 (no data stage), includes requests 827 * we can't forward (notably SET_ADDRESS and the 828 * device/endpoint feature set/clear operations) 829 * plus SET_CONFIGURATION and others we must 830 */ 831 case MUSB_EP0_STAGE_ACKWAIT: 832 handled = service_zero_data_request( 833 musb, &setup); 834 835 /* 836 * We're expecting no data in any case, so 837 * always set the DATAEND bit -- doing this 838 * here helps avoid SetupEnd interrupt coming 839 * in the idle stage when we're stalling... 840 */ 841 musb->ackpend |= MUSB_CSR0_P_DATAEND; 842 843 /* status stage might be immediate */ 844 if (handled > 0) 845 musb->ep0_state = 846 MUSB_EP0_STAGE_STATUSIN; 847 break; 848 849 /* sequence #1 (IN to host), includes GET_STATUS 850 * requests that we can't forward, GET_DESCRIPTOR 851 * and others that we must 852 */ 853 case MUSB_EP0_STAGE_TX: 854 handled = service_in_request(musb, &setup); 855 if (handled > 0) { 856 musb->ackpend = MUSB_CSR0_TXPKTRDY 857 | MUSB_CSR0_P_DATAEND; 858 musb->ep0_state = 859 MUSB_EP0_STAGE_STATUSOUT; 860 } 861 break; 862 863 /* sequence #2 (OUT from host), always forward */ 864 default: /* MUSB_EP0_STAGE_RX */ 865 break; 866 } 867 868 dev_dbg(musb->controller, "handled %d, csr %04x, ep0stage %s\n", 869 handled, csr, 870 decode_ep0stage(musb->ep0_state)); 871 872 /* unless we need to delegate this to the gadget 873 * driver, we know how to wrap this up: csr0 has 874 * not yet been written. 875 */ 876 if (handled < 0) 877 goto stall; 878 else if (handled > 0) 879 goto finish; 880 881 handled = forward_to_driver(musb, &setup); 882 if (handled < 0) { 883 musb_ep_select(mbase, 0); 884 stall: 885 dev_dbg(musb->controller, "stall (%d)\n", handled); 886 musb->ackpend |= MUSB_CSR0_P_SENDSTALL; 887 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 888 finish: 889 musb_writew(regs, MUSB_CSR0, 890 musb->ackpend); 891 musb->ackpend = 0; 892 } 893 } 894 break; 895 896 case MUSB_EP0_STAGE_ACKWAIT: 897 /* This should not happen. But happens with tusb6010 with 898 * g_file_storage and high speed. Do nothing. 899 */ 900 retval = IRQ_HANDLED; 901 break; 902 903 default: 904 /* "can't happen" */ 905 WARN_ON(1); 906 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL); 907 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 908 break; 909 } 910 911 return retval; 912 } 913 914 915 static int 916 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc) 917 { 918 /* always enabled */ 919 return -EINVAL; 920 } 921 922 static int musb_g_ep0_disable(struct usb_ep *e) 923 { 924 /* always enabled */ 925 return -EINVAL; 926 } 927 928 static int 929 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags) 930 { 931 struct musb_ep *ep; 932 struct musb_request *req; 933 struct musb *musb; 934 int status; 935 unsigned long lockflags; 936 void __iomem *regs; 937 938 if (!e || !r) 939 return -EINVAL; 940 941 ep = to_musb_ep(e); 942 musb = ep->musb; 943 regs = musb->control_ep->regs; 944 945 req = to_musb_request(r); 946 req->musb = musb; 947 req->request.actual = 0; 948 req->request.status = -EINPROGRESS; 949 req->tx = ep->is_in; 950 951 spin_lock_irqsave(&musb->lock, lockflags); 952 953 if (!list_empty(&ep->req_list)) { 954 status = -EBUSY; 955 goto cleanup; 956 } 957 958 switch (musb->ep0_state) { 959 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 960 case MUSB_EP0_STAGE_TX: /* control-IN data */ 961 case MUSB_EP0_STAGE_ACKWAIT: /* zero-length data */ 962 status = 0; 963 break; 964 default: 965 dev_dbg(musb->controller, "ep0 request queued in state %d\n", 966 musb->ep0_state); 967 status = -EINVAL; 968 goto cleanup; 969 } 970 971 /* add request to the list */ 972 list_add_tail(&req->list, &ep->req_list); 973 974 dev_dbg(musb->controller, "queue to %s (%s), length=%d\n", 975 ep->name, ep->is_in ? "IN/TX" : "OUT/RX", 976 req->request.length); 977 978 musb_ep_select(musb->mregs, 0); 979 980 /* sequence #1, IN ... start writing the data */ 981 if (musb->ep0_state == MUSB_EP0_STAGE_TX) 982 ep0_txstate(musb); 983 984 /* sequence #3, no-data ... issue IN status */ 985 else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) { 986 if (req->request.length) 987 status = -EINVAL; 988 else { 989 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN; 990 musb_writew(regs, MUSB_CSR0, 991 musb->ackpend | MUSB_CSR0_P_DATAEND); 992 musb->ackpend = 0; 993 musb_g_ep0_giveback(ep->musb, r); 994 } 995 996 /* else for sequence #2 (OUT), caller provides a buffer 997 * before the next packet arrives. deferred responses 998 * (after SETUP is acked) are racey. 999 */ 1000 } else if (musb->ackpend) { 1001 musb_writew(regs, MUSB_CSR0, musb->ackpend); 1002 musb->ackpend = 0; 1003 } 1004 1005 cleanup: 1006 spin_unlock_irqrestore(&musb->lock, lockflags); 1007 return status; 1008 } 1009 1010 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req) 1011 { 1012 /* we just won't support this */ 1013 return -EINVAL; 1014 } 1015 1016 static int musb_g_ep0_halt(struct usb_ep *e, int value) 1017 { 1018 struct musb_ep *ep; 1019 struct musb *musb; 1020 void __iomem *base, *regs; 1021 unsigned long flags; 1022 int status; 1023 u16 csr; 1024 1025 if (!e || !value) 1026 return -EINVAL; 1027 1028 ep = to_musb_ep(e); 1029 musb = ep->musb; 1030 base = musb->mregs; 1031 regs = musb->control_ep->regs; 1032 status = 0; 1033 1034 spin_lock_irqsave(&musb->lock, flags); 1035 1036 if (!list_empty(&ep->req_list)) { 1037 status = -EBUSY; 1038 goto cleanup; 1039 } 1040 1041 musb_ep_select(base, 0); 1042 csr = musb->ackpend; 1043 1044 switch (musb->ep0_state) { 1045 1046 /* Stalls are usually issued after parsing SETUP packet, either 1047 * directly in irq context from setup() or else later. 1048 */ 1049 case MUSB_EP0_STAGE_TX: /* control-IN data */ 1050 case MUSB_EP0_STAGE_ACKWAIT: /* STALL for zero-length data */ 1051 case MUSB_EP0_STAGE_RX: /* control-OUT data */ 1052 csr = musb_readw(regs, MUSB_CSR0); 1053 /* FALLTHROUGH */ 1054 1055 /* It's also OK to issue stalls during callbacks when a non-empty 1056 * DATA stage buffer has been read (or even written). 1057 */ 1058 case MUSB_EP0_STAGE_STATUSIN: /* control-OUT status */ 1059 case MUSB_EP0_STAGE_STATUSOUT: /* control-IN status */ 1060 1061 csr |= MUSB_CSR0_P_SENDSTALL; 1062 musb_writew(regs, MUSB_CSR0, csr); 1063 musb->ep0_state = MUSB_EP0_STAGE_IDLE; 1064 musb->ackpend = 0; 1065 break; 1066 default: 1067 dev_dbg(musb->controller, "ep0 can't halt in state %d\n", musb->ep0_state); 1068 status = -EINVAL; 1069 } 1070 1071 cleanup: 1072 spin_unlock_irqrestore(&musb->lock, flags); 1073 return status; 1074 } 1075 1076 const struct usb_ep_ops musb_g_ep0_ops = { 1077 .enable = musb_g_ep0_enable, 1078 .disable = musb_g_ep0_disable, 1079 .alloc_request = musb_alloc_request, 1080 .free_request = musb_free_request, 1081 .queue = musb_g_ep0_queue, 1082 .dequeue = musb_g_ep0_dequeue, 1083 .set_halt = musb_g_ep0_halt, 1084 }; 1085