1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright (C) 2015 Karol Kosik <karo9@interia.eu> 4 * Copyright (C) 2015-2016 Samsung Electronics 5 * Igor Kotrasinski <i.kotrasinsk@samsung.com> 6 * 7 * Based on dummy_hcd.c, which is: 8 * Copyright (C) 2003 David Brownell 9 * Copyright (C) 2003-2005 Alan Stern 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License as published by 13 * the Free Software Foundation; either version 2 of the License, or 14 * (at your option) any later version. 15 * 16 * This program is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 * GNU General Public License for more details. 20 * 21 * You should have received a copy of the GNU General Public License 22 * along with this program. If not, see <http://www.gnu.org/licenses/>. 23 */ 24 25 #include <linux/usb.h> 26 #include <linux/timer.h> 27 #include <linux/usb/ch9.h> 28 29 #include "vudc.h" 30 31 #define DEV_REQUEST (USB_TYPE_STANDARD | USB_RECIP_DEVICE) 32 #define DEV_INREQUEST (DEV_REQUEST | USB_DIR_IN) 33 #define INTF_REQUEST (USB_TYPE_STANDARD | USB_RECIP_INTERFACE) 34 #define INTF_INREQUEST (INTF_REQUEST | USB_DIR_IN) 35 #define EP_REQUEST (USB_TYPE_STANDARD | USB_RECIP_ENDPOINT) 36 #define EP_INREQUEST (EP_REQUEST | USB_DIR_IN) 37 38 static int get_frame_limit(enum usb_device_speed speed) 39 { 40 switch (speed) { 41 case USB_SPEED_LOW: 42 return 8 /*bytes*/ * 12 /*packets*/; 43 case USB_SPEED_FULL: 44 return 64 /*bytes*/ * 19 /*packets*/; 45 case USB_SPEED_HIGH: 46 return 512 /*bytes*/ * 13 /*packets*/ * 8 /*uframes*/; 47 case USB_SPEED_SUPER: 48 /* Bus speed is 500000 bytes/ms, so use a little less */ 49 return 490000; 50 default: 51 /* error */ 52 return -1; 53 } 54 55 } 56 57 /* 58 * handle_control_request() - handles all control transfers 59 * @udc: pointer to vudc 60 * @urb: the urb request to handle 61 * @setup: pointer to the setup data for a USB device control 62 * request 63 * @status: pointer to request handling status 64 * 65 * Return 0 - if the request was handled 66 * 1 - if the request wasn't handles 67 * error code on error 68 * 69 * Adapted from drivers/usb/gadget/udc/dummy_hcd.c 70 */ 71 static int handle_control_request(struct vudc *udc, struct urb *urb, 72 struct usb_ctrlrequest *setup, 73 int *status) 74 { 75 struct vep *ep2; 76 int ret_val = 1; 77 unsigned int w_index; 78 unsigned int w_value; 79 80 w_index = le16_to_cpu(setup->wIndex); 81 w_value = le16_to_cpu(setup->wValue); 82 switch (setup->bRequest) { 83 case USB_REQ_SET_ADDRESS: 84 if (setup->bRequestType != DEV_REQUEST) 85 break; 86 udc->address = w_value; 87 ret_val = 0; 88 *status = 0; 89 break; 90 case USB_REQ_SET_FEATURE: 91 if (setup->bRequestType == DEV_REQUEST) { 92 ret_val = 0; 93 switch (w_value) { 94 case USB_DEVICE_REMOTE_WAKEUP: 95 break; 96 case USB_DEVICE_B_HNP_ENABLE: 97 udc->gadget.b_hnp_enable = 1; 98 break; 99 case USB_DEVICE_A_HNP_SUPPORT: 100 udc->gadget.a_hnp_support = 1; 101 break; 102 case USB_DEVICE_A_ALT_HNP_SUPPORT: 103 udc->gadget.a_alt_hnp_support = 1; 104 break; 105 default: 106 ret_val = -EOPNOTSUPP; 107 } 108 if (ret_val == 0) { 109 udc->devstatus |= (1 << w_value); 110 *status = 0; 111 } 112 } else if (setup->bRequestType == EP_REQUEST) { 113 /* endpoint halt */ 114 ep2 = vudc_find_endpoint(udc, w_index); 115 if (!ep2 || ep2->ep.name == udc->ep[0].ep.name) { 116 ret_val = -EOPNOTSUPP; 117 break; 118 } 119 ep2->halted = 1; 120 ret_val = 0; 121 *status = 0; 122 } 123 break; 124 case USB_REQ_CLEAR_FEATURE: 125 if (setup->bRequestType == DEV_REQUEST) { 126 ret_val = 0; 127 switch (w_value) { 128 case USB_DEVICE_REMOTE_WAKEUP: 129 w_value = USB_DEVICE_REMOTE_WAKEUP; 130 break; 131 132 case USB_DEVICE_U1_ENABLE: 133 case USB_DEVICE_U2_ENABLE: 134 case USB_DEVICE_LTM_ENABLE: 135 ret_val = -EOPNOTSUPP; 136 break; 137 default: 138 ret_val = -EOPNOTSUPP; 139 break; 140 } 141 if (ret_val == 0) { 142 udc->devstatus &= ~(1 << w_value); 143 *status = 0; 144 } 145 } else if (setup->bRequestType == EP_REQUEST) { 146 /* endpoint halt */ 147 ep2 = vudc_find_endpoint(udc, w_index); 148 if (!ep2) { 149 ret_val = -EOPNOTSUPP; 150 break; 151 } 152 if (!ep2->wedged) 153 ep2->halted = 0; 154 ret_val = 0; 155 *status = 0; 156 } 157 break; 158 case USB_REQ_GET_STATUS: 159 if (setup->bRequestType == DEV_INREQUEST 160 || setup->bRequestType == INTF_INREQUEST 161 || setup->bRequestType == EP_INREQUEST) { 162 char *buf; 163 /* 164 * device: remote wakeup, selfpowered 165 * interface: nothing 166 * endpoint: halt 167 */ 168 buf = (char *)urb->transfer_buffer; 169 if (urb->transfer_buffer_length > 0) { 170 if (setup->bRequestType == EP_INREQUEST) { 171 ep2 = vudc_find_endpoint(udc, w_index); 172 if (!ep2) { 173 ret_val = -EOPNOTSUPP; 174 break; 175 } 176 buf[0] = ep2->halted; 177 } else if (setup->bRequestType == 178 DEV_INREQUEST) { 179 buf[0] = (u8)udc->devstatus; 180 } else 181 buf[0] = 0; 182 } 183 if (urb->transfer_buffer_length > 1) 184 buf[1] = 0; 185 urb->actual_length = min_t(u32, 2, 186 urb->transfer_buffer_length); 187 ret_val = 0; 188 *status = 0; 189 } 190 break; 191 } 192 return ret_val; 193 } 194 195 /* Adapted from dummy_hcd.c ; caller must hold lock */ 196 static int transfer(struct vudc *udc, 197 struct urb *urb, struct vep *ep, int limit) 198 { 199 struct vrequest *req; 200 int sent = 0; 201 top: 202 /* if there's no request queued, the device is NAKing; return */ 203 list_for_each_entry(req, &ep->req_queue, req_entry) { 204 unsigned int host_len, dev_len, len; 205 void *ubuf_pos, *rbuf_pos; 206 int is_short, to_host; 207 int rescan = 0; 208 209 /* 210 * 1..N packets of ep->ep.maxpacket each ... the last one 211 * may be short (including zero length). 212 * 213 * writer can send a zlp explicitly (length 0) or implicitly 214 * (length mod maxpacket zero, and 'zero' flag); they always 215 * terminate reads. 216 */ 217 host_len = urb->transfer_buffer_length - urb->actual_length; 218 dev_len = req->req.length - req->req.actual; 219 len = min(host_len, dev_len); 220 221 to_host = usb_pipein(urb->pipe); 222 if (unlikely(len == 0)) 223 is_short = 1; 224 else { 225 /* send multiple of maxpacket first, then remainder */ 226 if (len >= ep->ep.maxpacket) { 227 is_short = 0; 228 if (len % ep->ep.maxpacket > 0) 229 rescan = 1; 230 len -= len % ep->ep.maxpacket; 231 } else { 232 is_short = 1; 233 } 234 235 ubuf_pos = urb->transfer_buffer + urb->actual_length; 236 rbuf_pos = req->req.buf + req->req.actual; 237 238 if (urb->pipe & USB_DIR_IN) 239 memcpy(ubuf_pos, rbuf_pos, len); 240 else 241 memcpy(rbuf_pos, ubuf_pos, len); 242 243 urb->actual_length += len; 244 req->req.actual += len; 245 sent += len; 246 } 247 248 /* 249 * short packets terminate, maybe with overflow/underflow. 250 * it's only really an error to write too much. 251 * 252 * partially filling a buffer optionally blocks queue advances 253 * (so completion handlers can clean up the queue) but we don't 254 * need to emulate such data-in-flight. 255 */ 256 if (is_short) { 257 if (host_len == dev_len) { 258 req->req.status = 0; 259 urb->status = 0; 260 } else if (to_host) { 261 req->req.status = 0; 262 if (dev_len > host_len) 263 urb->status = -EOVERFLOW; 264 else 265 urb->status = 0; 266 } else { 267 urb->status = 0; 268 if (host_len > dev_len) 269 req->req.status = -EOVERFLOW; 270 else 271 req->req.status = 0; 272 } 273 274 /* many requests terminate without a short packet */ 275 /* also check if we need to send zlp */ 276 } else { 277 if (req->req.length == req->req.actual) { 278 if (req->req.zero && to_host) 279 rescan = 1; 280 else 281 req->req.status = 0; 282 } 283 if (urb->transfer_buffer_length == urb->actual_length) { 284 if (urb->transfer_flags & URB_ZERO_PACKET && 285 !to_host) 286 rescan = 1; 287 else 288 urb->status = 0; 289 } 290 } 291 292 /* device side completion --> continuable */ 293 if (req->req.status != -EINPROGRESS) { 294 295 list_del_init(&req->req_entry); 296 spin_unlock(&udc->lock); 297 usb_gadget_giveback_request(&ep->ep, &req->req); 298 spin_lock(&udc->lock); 299 300 /* requests might have been unlinked... */ 301 rescan = 1; 302 } 303 304 /* host side completion --> terminate */ 305 if (urb->status != -EINPROGRESS) 306 break; 307 308 /* rescan to continue with any other queued i/o */ 309 if (rescan) 310 goto top; 311 } 312 return sent; 313 } 314 315 static void v_timer(struct timer_list *t) 316 { 317 struct vudc *udc = from_timer(udc, t, tr_timer.timer); 318 struct transfer_timer *timer = &udc->tr_timer; 319 struct urbp *urb_p, *tmp; 320 unsigned long flags; 321 struct usb_ep *_ep; 322 struct vep *ep; 323 int ret = 0; 324 int total, limit; 325 326 spin_lock_irqsave(&udc->lock, flags); 327 328 total = get_frame_limit(udc->gadget.speed); 329 if (total < 0) { /* unknown speed, or not set yet */ 330 timer->state = VUDC_TR_IDLE; 331 spin_unlock_irqrestore(&udc->lock, flags); 332 return; 333 } 334 /* is it next frame now? */ 335 if (time_after(jiffies, timer->frame_start + msecs_to_jiffies(1))) { 336 timer->frame_limit = total; 337 /* FIXME: how to make it accurate? */ 338 timer->frame_start = jiffies; 339 } else { 340 total = timer->frame_limit; 341 } 342 343 /* We have to clear ep0 flags separately as it's not on the list */ 344 udc->ep[0].already_seen = 0; 345 list_for_each_entry(_ep, &udc->gadget.ep_list, ep_list) { 346 ep = to_vep(_ep); 347 ep->already_seen = 0; 348 } 349 350 restart: 351 list_for_each_entry_safe(urb_p, tmp, &udc->urb_queue, urb_entry) { 352 struct urb *urb = urb_p->urb; 353 354 ep = urb_p->ep; 355 if (urb->unlinked) 356 goto return_urb; 357 if (timer->state != VUDC_TR_RUNNING) 358 continue; 359 360 if (!ep) { 361 urb->status = -EPROTO; 362 goto return_urb; 363 } 364 365 /* Used up bandwidth? */ 366 if (total <= 0 && ep->type == USB_ENDPOINT_XFER_BULK) 367 continue; 368 369 if (ep->already_seen) 370 continue; 371 ep->already_seen = 1; 372 if (ep == &udc->ep[0] && urb_p->new) { 373 ep->setup_stage = 1; 374 urb_p->new = 0; 375 } 376 if (ep->halted && !ep->setup_stage) { 377 urb->status = -EPIPE; 378 goto return_urb; 379 } 380 381 if (ep == &udc->ep[0] && ep->setup_stage) { 382 /* TODO - flush any stale requests */ 383 ep->setup_stage = 0; 384 ep->halted = 0; 385 386 ret = handle_control_request(udc, urb, 387 (struct usb_ctrlrequest *) urb->setup_packet, 388 (&urb->status)); 389 if (ret > 0) { 390 spin_unlock(&udc->lock); 391 ret = udc->driver->setup(&udc->gadget, 392 (struct usb_ctrlrequest *) 393 urb->setup_packet); 394 spin_lock(&udc->lock); 395 } 396 if (ret >= 0) { 397 /* no delays (max 64kb data stage) */ 398 limit = 64 * 1024; 399 goto treat_control_like_bulk; 400 } else { 401 urb->status = -EPIPE; 402 urb->actual_length = 0; 403 goto return_urb; 404 } 405 } 406 407 limit = total; 408 switch (ep->type) { 409 case USB_ENDPOINT_XFER_ISOC: 410 /* TODO: support */ 411 urb->status = -EXDEV; 412 break; 413 414 case USB_ENDPOINT_XFER_INT: 415 /* 416 * TODO: figure out bandwidth guarantees 417 * for now, give unlimited bandwidth 418 */ 419 limit += urb->transfer_buffer_length; 420 /* fallthrough */ 421 default: 422 treat_control_like_bulk: 423 total -= transfer(udc, urb, ep, limit); 424 } 425 if (urb->status == -EINPROGRESS) 426 continue; 427 428 return_urb: 429 if (ep) 430 ep->already_seen = ep->setup_stage = 0; 431 432 spin_lock(&udc->lock_tx); 433 list_del(&urb_p->urb_entry); 434 if (!urb->unlinked) { 435 v_enqueue_ret_submit(udc, urb_p); 436 } else { 437 v_enqueue_ret_unlink(udc, urb_p->seqnum, 438 urb->unlinked); 439 free_urbp_and_urb(urb_p); 440 } 441 wake_up(&udc->tx_waitq); 442 spin_unlock(&udc->lock_tx); 443 444 goto restart; 445 } 446 447 /* TODO - also wait on empty usb_request queues? */ 448 if (list_empty(&udc->urb_queue)) 449 timer->state = VUDC_TR_IDLE; 450 else 451 mod_timer(&timer->timer, 452 timer->frame_start + msecs_to_jiffies(1)); 453 454 spin_unlock_irqrestore(&udc->lock, flags); 455 } 456 457 /* All timer functions are run with udc->lock held */ 458 459 void v_init_timer(struct vudc *udc) 460 { 461 struct transfer_timer *t = &udc->tr_timer; 462 463 timer_setup(&t->timer, v_timer, 0); 464 t->state = VUDC_TR_STOPPED; 465 } 466 467 void v_start_timer(struct vudc *udc) 468 { 469 struct transfer_timer *t = &udc->tr_timer; 470 471 dev_dbg(&udc->pdev->dev, "timer start"); 472 switch (t->state) { 473 case VUDC_TR_RUNNING: 474 return; 475 case VUDC_TR_IDLE: 476 return v_kick_timer(udc, jiffies); 477 case VUDC_TR_STOPPED: 478 t->state = VUDC_TR_IDLE; 479 t->frame_start = jiffies; 480 t->frame_limit = get_frame_limit(udc->gadget.speed); 481 return v_kick_timer(udc, jiffies); 482 } 483 } 484 485 void v_kick_timer(struct vudc *udc, unsigned long time) 486 { 487 struct transfer_timer *t = &udc->tr_timer; 488 489 dev_dbg(&udc->pdev->dev, "timer kick"); 490 switch (t->state) { 491 case VUDC_TR_RUNNING: 492 return; 493 case VUDC_TR_IDLE: 494 t->state = VUDC_TR_RUNNING; 495 /* fallthrough */ 496 case VUDC_TR_STOPPED: 497 /* we may want to kick timer to unqueue urbs */ 498 mod_timer(&t->timer, time); 499 } 500 } 501 502 void v_stop_timer(struct vudc *udc) 503 { 504 struct transfer_timer *t = &udc->tr_timer; 505 506 /* timer itself will take care of stopping */ 507 dev_dbg(&udc->pdev->dev, "timer stop"); 508 t->state = VUDC_TR_STOPPED; 509 } 510