drivers/usb/musb-new/musb_gadget_ep0.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  * MUSB OTG peripheral driver ep0 handling
   4  *
   5  * Copyright 2005 Mentor Graphics Corporation
   6  * Copyright (C) 2005-2006 by Texas Instruments
   7  * Copyright (C) 2006-2007 Nokia Corporation
   8  * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com>
   9  */
  10
  11 #ifndef __UBOOT__
  12 #include <log.h>
  13 #include <dm/device_compat.h>
  14 #include <linux/kernel.h>
  15 #include <linux/list.h>
  16 #include <linux/timer.h>
  17 #include <linux/spinlock.h>
  18 #include <linux/device.h>
  19 #include <linux/interrupt.h>
  20 #else
  21 #include <common.h>
  22 #include "linux-compat.h"
  23 #include <asm/processor.h>
  24 #endif
  25
  26 #include "musb_core.h"
  27
  28 /* ep0 is always musb->endpoints[0].ep_in */
  29 #define next_ep0_request(musb)  next_in_request(&(musb)->endpoints[0])
  30
  31 /*
  32  * locking note:  we use only the controller lock, for simpler correctness.
  33  * It's always held with IRQs blocked.
  34  *
  35  * It protects the ep0 request queue as well as ep0_state, not just the
  36  * controller and indexed registers.  And that lock stays held unless it
  37  * needs to be dropped to allow reentering this driver ... like upcalls to
  38  * the gadget driver, or adjusting endpoint halt status.
  39  */
  40
  41 static char *decode_ep0stage(u8 stage)
  42 {
  43         switch (stage) {
  44         case MUSB_EP0_STAGE_IDLE:       return "idle";
  45         case MUSB_EP0_STAGE_SETUP:      return "setup";
  46         case MUSB_EP0_STAGE_TX:         return "in";
  47         case MUSB_EP0_STAGE_RX:         return "out";
  48         case MUSB_EP0_STAGE_ACKWAIT:    return "wait";
  49         case MUSB_EP0_STAGE_STATUSIN:   return "in/status";
  50         case MUSB_EP0_STAGE_STATUSOUT:  return "out/status";
  51         default:                        return "?";
  52         }
  53 }
  54
  55 /* handle a standard GET_STATUS request
  56  * Context:  caller holds controller lock
  57  */
  58 static int service_tx_status_request(
  59         struct musb *musb,
  60         const struct usb_ctrlrequest *ctrlrequest)
  61 {
  62         void __iomem    *mbase = musb->mregs;
  63         int handled = 1;
  64         u8 result[2], epnum = 0;
  65         const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
  66
  67         result[1] = 0;
  68
  69         switch (recip) {
  70         case USB_RECIP_DEVICE:
  71                 result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED;
  72                 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP;
  73                 if (musb->g.is_otg) {
  74                         result[0] |= musb->g.b_hnp_enable
  75                                 << USB_DEVICE_B_HNP_ENABLE;
  76                         result[0] |= musb->g.a_alt_hnp_support
  77                                 << USB_DEVICE_A_ALT_HNP_SUPPORT;
  78                         result[0] |= musb->g.a_hnp_support
  79                                 << USB_DEVICE_A_HNP_SUPPORT;
  80                 }
  81                 break;
  82
  83         case USB_RECIP_INTERFACE:
  84                 result[0] = 0;
  85                 break;
  86
  87         case USB_RECIP_ENDPOINT: {
  88                 int             is_in;
  89                 struct musb_ep  *ep;
  90                 u16             tmp;
  91                 void __iomem    *regs;
  92
  93                 epnum = (u8) ctrlrequest->wIndex;
  94                 if (!epnum) {
  95                         result[0] = 0;
  96                         break;
  97                 }
  98
  99                 is_in = epnum & USB_DIR_IN;
 100                 if (is_in) {
 101                         epnum &= 0x0f;
 102                         ep = &musb->endpoints[epnum].ep_in;
 103                 } else {
 104                         ep = &musb->endpoints[epnum].ep_out;
 105                 }
 106                 regs = musb->endpoints[epnum].regs;
 107
 108                 if (epnum >= MUSB_C_NUM_EPS || !ep->desc) {
 109                         handled = -EINVAL;
 110                         break;
 111                 }
 112
 113                 musb_ep_select(mbase, epnum);
 114                 if (is_in)
 115                         tmp = musb_readw(regs, MUSB_TXCSR)
 116                                                 & MUSB_TXCSR_P_SENDSTALL;
 117                 else
 118                         tmp = musb_readw(regs, MUSB_RXCSR)
 119                                                 & MUSB_RXCSR_P_SENDSTALL;
 120                 musb_ep_select(mbase, 0);
 121
 122                 result[0] = tmp ? 1 : 0;
 123                 } break;
 124
 125         default:
 126                 /* class, vendor, etc ... delegate */
 127                 handled = 0;
 128                 break;
 129         }
 130
 131         /* fill up the fifo; caller updates csr0 */
 132         if (handled > 0) {
 133                 u16     len = le16_to_cpu(ctrlrequest->wLength);
 134
 135                 if (len > 2)
 136                         len = 2;
 137                 musb_write_fifo(&musb->endpoints[0], len, result);
 138         }
 139
 140         return handled;
 141 }
 142
 143 /*
 144  * handle a control-IN request, the end0 buffer contains the current request
 145  * that is supposed to be a standard control request. Assumes the fifo to
 146  * be at least 2 bytes long.
 147  *
 148  * @return 0 if the request was NOT HANDLED,
 149  * < 0 when error
 150  * > 0 when the request is processed
 151  *
 152  * Context:  caller holds controller lock
 153  */
 154 static int
 155 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
 156 {
 157         int handled = 0;        /* not handled */
 158
 159         if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
 160                         == USB_TYPE_STANDARD) {
 161                 switch (ctrlrequest->bRequest) {
 162                 case USB_REQ_GET_STATUS:
 163                         handled = service_tx_status_request(musb,
 164                                         ctrlrequest);
 165                         break;
 166
 167                 /* case USB_REQ_SYNC_FRAME: */
 168
 169                 default:
 170                         break;
 171                 }
 172         }
 173         return handled;
 174 }
 175
 176 /*
 177  * Context:  caller holds controller lock
 178  */
 179 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req)
 180 {
 181         musb_g_giveback(&musb->endpoints[0].ep_in, req, 0);
 182 }
 183
 184 /*
 185  * Tries to start B-device HNP negotiation if enabled via sysfs
 186  */
 187 static inline void musb_try_b_hnp_enable(struct musb *musb)
 188 {
 189         void __iomem    *mbase = musb->mregs;
 190         u8              devctl;
 191
 192         dev_dbg(musb->controller, "HNP: Setting HR\n");
 193         devctl = musb_readb(mbase, MUSB_DEVCTL);
 194         musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR);
 195 }
 196
 197 /*
 198  * Handle all control requests with no DATA stage, including standard
 199  * requests such as:
 200  * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized
 201  *      always delegated to the gadget driver
 202  * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE
 203  *      always handled here, except for class/vendor/... features
 204  *
 205  * Context:  caller holds controller lock
 206  */
 207 static int
 208 service_zero_data_request(struct musb *musb,
 209                 struct usb_ctrlrequest *ctrlrequest)
 210 __releases(musb->lock)
 211 __acquires(musb->lock)
 212 {
 213         int handled = -EINVAL;
 214         void __iomem *mbase = musb->mregs;
 215         const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
 216
 217         /* the gadget driver handles everything except what we MUST handle */
 218         if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
 219                         == USB_TYPE_STANDARD) {
 220                 switch (ctrlrequest->bRequest) {
 221                 case USB_REQ_SET_ADDRESS:
 222                         /* change it after the status stage */
 223                         musb->set_address = true;
 224                         musb->address = (u8) (ctrlrequest->wValue & 0x7f);
 225                         handled = 1;
 226                         break;
 227
 228                 case USB_REQ_CLEAR_FEATURE:
 229                         switch (recip) {
 230                         case USB_RECIP_DEVICE:
 231                                 if (ctrlrequest->wValue
 232                                                 != USB_DEVICE_REMOTE_WAKEUP)
 233                                         break;
 234                                 musb->may_wakeup = 0;
 235                                 handled = 1;
 236                                 break;
 237                         case USB_RECIP_INTERFACE:
 238                                 break;
 239                         case USB_RECIP_ENDPOINT:{
 240                                 const u8                epnum =
 241                                         ctrlrequest->wIndex & 0x0f;
 242                                 struct musb_ep          *musb_ep;
 243                                 struct musb_hw_ep       *ep;
 244                                 struct musb_request     *request;
 245                                 void __iomem            *regs;
 246                                 int                     is_in;
 247                                 u16                     csr;
 248
 249                                 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
 250                                     ctrlrequest->wValue != USB_ENDPOINT_HALT)
 251                                         break;
 252
 253                                 ep = musb->endpoints + epnum;
 254                                 regs = ep->regs;
 255                                 is_in = ctrlrequest->wIndex & USB_DIR_IN;
 256                                 if (is_in)
 257                                         musb_ep = &ep->ep_in;
 258                                 else
 259                                         musb_ep = &ep->ep_out;
 260                                 if (!musb_ep->desc)
 261                                         break;
 262
 263                                 handled = 1;
 264                                 /* Ignore request if endpoint is wedged */
 265                                 if (musb_ep->wedged)
 266                                         break;
 267
 268                                 musb_ep_select(mbase, epnum);
 269                                 if (is_in) {
 270                                         csr  = musb_readw(regs, MUSB_TXCSR);
 271                                         csr |= MUSB_TXCSR_CLRDATATOG |
 272                                                MUSB_TXCSR_P_WZC_BITS;
 273                                         csr &= ~(MUSB_TXCSR_P_SENDSTALL |
 274                                                  MUSB_TXCSR_P_SENTSTALL |
 275                                                  MUSB_TXCSR_TXPKTRDY);
 276                                         musb_writew(regs, MUSB_TXCSR, csr);
 277                                 } else {
 278                                         csr  = musb_readw(regs, MUSB_RXCSR);
 279                                         csr |= MUSB_RXCSR_CLRDATATOG |
 280                                                MUSB_RXCSR_P_WZC_BITS;
 281                                         csr &= ~(MUSB_RXCSR_P_SENDSTALL |
 282                                                  MUSB_RXCSR_P_SENTSTALL);
 283                                         musb_writew(regs, MUSB_RXCSR, csr);
 284                                 }
 285
 286                                 /* Maybe start the first request in the queue */
 287                                 request = next_request(musb_ep);
 288                                 if (!musb_ep->busy && request) {
 289                                         dev_dbg(musb->controller, "restarting the request\n");
 290                                         musb_ep_restart(musb, request);
 291                                 }
 292
 293                                 /* select ep0 again */
 294                                 musb_ep_select(mbase, 0);
 295                                 } break;
 296                         default:
 297                                 /* class, vendor, etc ... delegate */
 298                                 handled = 0;
 299                                 break;
 300                         }
 301                         break;
 302
 303                 case USB_REQ_SET_FEATURE:
 304                         switch (recip) {
 305                         case USB_RECIP_DEVICE:
 306                                 handled = 1;
 307                                 switch (ctrlrequest->wValue) {
 308                                 case USB_DEVICE_REMOTE_WAKEUP:
 309                                         musb->may_wakeup = 1;
 310                                         break;
 311                                 case USB_DEVICE_TEST_MODE:
 312                                         if (musb->g.speed != USB_SPEED_HIGH)
 313                                                 goto stall;
 314                                         if (ctrlrequest->wIndex & 0xff)
 315                                                 goto stall;
 316
 317                                         switch (ctrlrequest->wIndex >> 8) {
 318                                         case 1:
 319                                                 pr_debug("TEST_J\n");
 320                                                 /* TEST_J */
 321                                                 musb->test_mode_nr =
 322                                                         MUSB_TEST_J;
 323                                                 break;
 324                                         case 2:
 325                                                 /* TEST_K */
 326                                                 pr_debug("TEST_K\n");
 327                                                 musb->test_mode_nr =
 328                                                         MUSB_TEST_K;
 329                                                 break;
 330                                         case 3:
 331                                                 /* TEST_SE0_NAK */
 332                                                 pr_debug("TEST_SE0_NAK\n");
 333                                                 musb->test_mode_nr =
 334                                                         MUSB_TEST_SE0_NAK;
 335                                                 break;
 336                                         case 4:
 337                                                 /* TEST_PACKET */
 338                                                 pr_debug("TEST_PACKET\n");
 339                                                 musb->test_mode_nr =
 340                                                         MUSB_TEST_PACKET;
 341                                                 break;
 342
 343                                         case 0xc0:
 344                                                 /* TEST_FORCE_HS */
 345                                                 pr_debug("TEST_FORCE_HS\n");
 346                                                 musb->test_mode_nr =
 347                                                         MUSB_TEST_FORCE_HS;
 348                                                 break;
 349                                         case 0xc1:
 350                                                 /* TEST_FORCE_FS */
 351                                                 pr_debug("TEST_FORCE_FS\n");
 352                                                 musb->test_mode_nr =
 353                                                         MUSB_TEST_FORCE_FS;
 354                                                 break;
 355                                         case 0xc2:
 356                                                 /* TEST_FIFO_ACCESS */
 357                                                 pr_debug("TEST_FIFO_ACCESS\n");
 358                                                 musb->test_mode_nr =
 359                                                         MUSB_TEST_FIFO_ACCESS;
 360                                                 break;
 361                                         case 0xc3:
 362                                                 /* TEST_FORCE_HOST */
 363                                                 pr_debug("TEST_FORCE_HOST\n");
 364                                                 musb->test_mode_nr =
 365                                                         MUSB_TEST_FORCE_HOST;
 366                                                 break;
 367                                         default:
 368                                                 goto stall;
 369                                         }
 370
 371                                         /* enter test mode after irq */
 372                                         if (handled > 0)
 373                                                 musb->test_mode = true;
 374                                         break;
 375                                 case USB_DEVICE_B_HNP_ENABLE:
 376                                         if (!musb->g.is_otg)
 377                                                 goto stall;
 378                                         musb->g.b_hnp_enable = 1;
 379                                         musb_try_b_hnp_enable(musb);
 380                                         break;
 381                                 case USB_DEVICE_A_HNP_SUPPORT:
 382                                         if (!musb->g.is_otg)
 383                                                 goto stall;
 384                                         musb->g.a_hnp_support = 1;
 385                                         break;
 386                                 case USB_DEVICE_A_ALT_HNP_SUPPORT:
 387                                         if (!musb->g.is_otg)
 388                                                 goto stall;
 389                                         musb->g.a_alt_hnp_support = 1;
 390                                         break;
 391                                 case USB_DEVICE_DEBUG_MODE:
 392                                         handled = 0;
 393                                         break;
 394 stall:
 395                                 default:
 396                                         handled = -EINVAL;
 397                                         break;
 398                                 }
 399                                 break;
 400
 401                         case USB_RECIP_INTERFACE:
 402                                 break;
 403
 404                         case USB_RECIP_ENDPOINT:{
 405                                 const u8                epnum =
 406                                         ctrlrequest->wIndex & 0x0f;
 407                                 struct musb_ep          *musb_ep;
 408                                 struct musb_hw_ep       *ep;
 409                                 void __iomem            *regs;
 410                                 int                     is_in;
 411                                 u16                     csr;
 412
 413                                 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
 414                                     ctrlrequest->wValue != USB_ENDPOINT_HALT)
 415                                         break;
 416
 417                                 ep = musb->endpoints + epnum;
 418                                 regs = ep->regs;
 419                                 is_in = ctrlrequest->wIndex & USB_DIR_IN;
 420                                 if (is_in)
 421                                         musb_ep = &ep->ep_in;
 422                                 else
 423                                         musb_ep = &ep->ep_out;
 424                                 if (!musb_ep->desc)
 425                                         break;
 426
 427                                 musb_ep_select(mbase, epnum);
 428                                 if (is_in) {
 429                                         csr = musb_readw(regs, MUSB_TXCSR);
 430                                         if (csr & MUSB_TXCSR_FIFONOTEMPTY)
 431                                                 csr |= MUSB_TXCSR_FLUSHFIFO;
 432                                         csr |= MUSB_TXCSR_P_SENDSTALL
 433                                                 | MUSB_TXCSR_CLRDATATOG
 434                                                 | MUSB_TXCSR_P_WZC_BITS;
 435                                         musb_writew(regs, MUSB_TXCSR, csr);
 436                                 } else {
 437                                         csr = musb_readw(regs, MUSB_RXCSR);
 438                                         csr |= MUSB_RXCSR_P_SENDSTALL
 439                                                 | MUSB_RXCSR_FLUSHFIFO
 440                                                 | MUSB_RXCSR_CLRDATATOG
 441                                                 | MUSB_RXCSR_P_WZC_BITS;
 442                                         musb_writew(regs, MUSB_RXCSR, csr);
 443                                 }
 444
 445                                 /* select ep0 again */
 446                                 musb_ep_select(mbase, 0);
 447                                 handled = 1;
 448                                 } break;
 449
 450                         default:
 451                                 /* class, vendor, etc ... delegate */
 452                                 handled = 0;
 453                                 break;
 454                         }
 455                         break;
 456                 default:
 457                         /* delegate SET_CONFIGURATION, etc */
 458                         handled = 0;
 459                 }
 460         } else
 461                 handled = 0;
 462         return handled;
 463 }
 464
 465 /* we have an ep0out data packet
 466  * Context:  caller holds controller lock
 467  */
 468 static void ep0_rxstate(struct musb *musb)
 469 {
 470         void __iomem            *regs = musb->control_ep->regs;
 471         struct musb_request     *request;
 472         struct usb_request      *req;
 473         u16                     count, csr;
 474
 475         request = next_ep0_request(musb);
 476         req = &request->request;
 477
 478         /* read packet and ack; or stall because of gadget driver bug:
 479          * should have provided the rx buffer before setup() returned.
 480          */
 481         if (req) {
 482                 void            *buf = req->buf + req->actual;
 483                 unsigned        len = req->length - req->actual;
 484
 485                 /* read the buffer */
 486                 count = musb_readb(regs, MUSB_COUNT0);
 487                 if (count > len) {
 488                         req->status = -EOVERFLOW;
 489                         count = len;
 490                 }
 491                 musb_read_fifo(&musb->endpoints[0], count, buf);
 492                 req->actual += count;
 493                 csr = MUSB_CSR0_P_SVDRXPKTRDY;
 494                 if (count < 64 || req->actual == req->length) {
 495                         musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
 496                         csr |= MUSB_CSR0_P_DATAEND;
 497                 } else
 498                         req = NULL;
 499         } else
 500                 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL;
 501
 502
 503         /* Completion handler may choose to stall, e.g. because the
 504          * message just received holds invalid data.
 505          */
 506         if (req) {
 507                 musb->ackpend = csr;
 508                 musb_g_ep0_giveback(musb, req);
 509                 if (!musb->ackpend)
 510                         return;
 511                 musb->ackpend = 0;
 512         }
 513         musb_ep_select(musb->mregs, 0);
 514         musb_writew(regs, MUSB_CSR0, csr);
 515 }
 516
 517 /*
 518  * transmitting to the host (IN), this code might be called from IRQ
 519  * and from kernel thread.
 520  *
 521  * Context:  caller holds controller lock
 522  */
 523 static void ep0_txstate(struct musb *musb)
 524 {
 525         void __iomem            *regs = musb->control_ep->regs;
 526         struct musb_request     *req = next_ep0_request(musb);
 527         struct usb_request      *request;
 528         u16                     csr = MUSB_CSR0_TXPKTRDY;
 529         u8                      *fifo_src;
 530         u8                      fifo_count;
 531
 532         if (!req) {
 533                 /* WARN_ON(1); */
 534                 dev_dbg(musb->controller, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0));
 535                 return;
 536         }
 537
 538         request = &req->request;
 539
 540         /* load the data */
 541         fifo_src = (u8 *) request->buf + request->actual;
 542         fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE,
 543                 request->length - request->actual);
 544         musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src);
 545         request->actual += fifo_count;
 546
 547         /* update the flags */
 548         if (fifo_count < MUSB_MAX_END0_PACKET
 549                         || (request->actual == request->length
 550                                 && !request->zero)) {
 551                 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
 552                 csr |= MUSB_CSR0_P_DATAEND;
 553         } else
 554                 request = NULL;
 555
 556         /* send it out, triggering a "txpktrdy cleared" irq */
 557         musb_ep_select(musb->mregs, 0);
 558         musb_writew(regs, MUSB_CSR0, csr);
 559
 560         /* report completions as soon as the fifo's loaded; there's no
 561          * win in waiting till this last packet gets acked.  (other than
 562          * very precise fault reporting, needed by USB TMC; possible with
 563          * this hardware, but not usable from portable gadget drivers.)
 564          */
 565         if (request) {
 566                 musb->ackpend = csr;
 567                 musb_g_ep0_giveback(musb, request);
 568                 if (!musb->ackpend)
 569                         return;
 570                 musb->ackpend = 0;
 571         }
 572 }
 573
 574 /*
 575  * Read a SETUP packet (struct usb_ctrlrequest) from the hardware.
 576  * Fields are left in USB byte-order.
 577  *
 578  * Context:  caller holds controller lock.
 579  */
 580 static void
 581 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req)
 582 {
 583         struct musb_request     *r;
 584         void __iomem            *regs = musb->control_ep->regs;
 585
 586         musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req);
 587
 588         /* NOTE:  earlier 2.6 versions changed setup packets to host
 589          * order, but now USB packets always stay in USB byte order.
 590          */
 591         dev_dbg(musb->controller, "SETUP req%02x.%02x v%04x i%04x l%d\n",
 592                 req->bRequestType,
 593                 req->bRequest,
 594                 le16_to_cpu(req->wValue),
 595                 le16_to_cpu(req->wIndex),
 596                 le16_to_cpu(req->wLength));
 597
 598         /* clean up any leftover transfers */
 599         r = next_ep0_request(musb);
 600         if (r)
 601                 musb_g_ep0_giveback(musb, &r->request);
 602
 603         /* For zero-data requests we want to delay the STATUS stage to
 604          * avoid SETUPEND errors.  If we read data (OUT), delay accepting
 605          * packets until there's a buffer to store them in.
 606          *
 607          * If we write data, the controller acts happier if we enable
 608          * the TX FIFO right away, and give the controller a moment
 609          * to switch modes...
 610          */
 611         musb->set_address = false;
 612         musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY;
 613         if (req->wLength == 0) {
 614                 if (req->bRequestType & USB_DIR_IN)
 615                         musb->ackpend |= MUSB_CSR0_TXPKTRDY;
 616                 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT;
 617         } else if (req->bRequestType & USB_DIR_IN) {
 618                 musb->ep0_state = MUSB_EP0_STAGE_TX;
 619                 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY);
 620                 while ((musb_readw(regs, MUSB_CSR0)
 621                                 & MUSB_CSR0_RXPKTRDY) != 0)
 622                         cpu_relax();
 623                 musb->ackpend = 0;
 624         } else
 625                 musb->ep0_state = MUSB_EP0_STAGE_RX;
 626 }
 627
 628 static int
 629 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
 630 __releases(musb->lock)
 631 __acquires(musb->lock)
 632 {
 633         int retval;
 634         if (!musb->gadget_driver)
 635                 return -EOPNOTSUPP;
 636         spin_unlock(&musb->lock);
 637         retval = musb->gadget_driver->setup(&musb->g, ctrlrequest);
 638         spin_lock(&musb->lock);
 639         return retval;
 640 }
 641
 642 /*
 643  * Handle peripheral ep0 interrupt
 644  *
 645  * Context: irq handler; we won't re-enter the driver that way.
 646  */
 647 irqreturn_t musb_g_ep0_irq(struct musb *musb)
 648 {
 649         u16             csr;
 650         u16             len;
 651         void __iomem    *mbase = musb->mregs;
 652         void __iomem    *regs = musb->endpoints[0].regs;
 653         irqreturn_t     retval = IRQ_NONE;
 654
 655         musb_ep_select(mbase, 0);       /* select ep0 */
 656         csr = musb_readw(regs, MUSB_CSR0);
 657         len = musb_readb(regs, MUSB_COUNT0);
 658
 659         dev_dbg(musb->controller, "csr %04x, count %d, myaddr %d, ep0stage %s\n",
 660                         csr, len,
 661                         musb_readb(mbase, MUSB_FADDR),
 662                         decode_ep0stage(musb->ep0_state));
 663
 664         if (csr & MUSB_CSR0_P_DATAEND) {
 665                 /*
 666                  * If DATAEND is set we should not call the callback,
 667                  * hence the status stage is not complete.
 668                  */
 669                 return IRQ_HANDLED;
 670         }
 671
 672         /* I sent a stall.. need to acknowledge it now.. */
 673         if (csr & MUSB_CSR0_P_SENTSTALL) {
 674                 musb_writew(regs, MUSB_CSR0,
 675                                 csr & ~MUSB_CSR0_P_SENTSTALL);
 676                 retval = IRQ_HANDLED;
 677                 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
 678                 csr = musb_readw(regs, MUSB_CSR0);
 679         }
 680
 681         /* request ended "early" */
 682         if (csr & MUSB_CSR0_P_SETUPEND) {
 683                 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND);
 684                 retval = IRQ_HANDLED;
 685                 /* Transition into the early status phase */
 686                 switch (musb->ep0_state) {
 687                 case MUSB_EP0_STAGE_TX:
 688                         musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
 689                         break;
 690                 case MUSB_EP0_STAGE_RX:
 691                         musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
 692                         break;
 693                 default:
 694                         ERR("SetupEnd came in a wrong ep0stage %s\n",
 695                             decode_ep0stage(musb->ep0_state));
 696                 }
 697                 csr = musb_readw(regs, MUSB_CSR0);
 698                 /* NOTE:  request may need completion */
 699         }
 700
 701         /* docs from Mentor only describe tx, rx, and idle/setup states.
 702          * we need to handle nuances around status stages, and also the
 703          * case where status and setup stages come back-to-back ...
 704          */
 705         switch (musb->ep0_state) {
 706
 707         case MUSB_EP0_STAGE_TX:
 708                 /* irq on clearing txpktrdy */
 709                 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) {
 710                         ep0_txstate(musb);
 711                         retval = IRQ_HANDLED;
 712                 }
 713                 break;
 714
 715         case MUSB_EP0_STAGE_RX:
 716                 /* irq on set rxpktrdy */
 717                 if (csr & MUSB_CSR0_RXPKTRDY) {
 718                         ep0_rxstate(musb);
 719                         retval = IRQ_HANDLED;
 720                 }
 721                 break;
 722
 723         case MUSB_EP0_STAGE_STATUSIN:
 724                 /* end of sequence #2 (OUT/RX state) or #3 (no data) */
 725
 726                 /* update address (if needed) only @ the end of the
 727                  * status phase per usb spec, which also guarantees
 728                  * we get 10 msec to receive this irq... until this
 729                  * is done we won't see the next packet.
 730                  */
 731                 if (musb->set_address) {
 732                         musb->set_address = false;
 733                         musb_writeb(mbase, MUSB_FADDR, musb->address);
 734                 }
 735
 736                 /* enter test mode if needed (exit by reset) */
 737                 else if (musb->test_mode) {
 738                         dev_dbg(musb->controller, "entering TESTMODE\n");
 739
 740                         if (MUSB_TEST_PACKET == musb->test_mode_nr)
 741                                 musb_load_testpacket(musb);
 742
 743                         musb_writeb(mbase, MUSB_TESTMODE,
 744                                         musb->test_mode_nr);
 745                 }
 746                 /* FALLTHROUGH */
 747
 748         case MUSB_EP0_STAGE_STATUSOUT:
 749                 /* end of sequence #1: write to host (TX state) */
 750                 {
 751                         struct musb_request     *req;
 752
 753                         req = next_ep0_request(musb);
 754                         if (req)
 755                                 musb_g_ep0_giveback(musb, &req->request);
 756                 }
 757
 758                 /*
 759                  * In case when several interrupts can get coalesced,
 760                  * check to see if we've already received a SETUP packet...
 761                  */
 762                 if (csr & MUSB_CSR0_RXPKTRDY)
 763                         goto setup;
 764
 765                 retval = IRQ_HANDLED;
 766                 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
 767                 break;
 768
 769         case MUSB_EP0_STAGE_IDLE:
 770                 /*
 771                  * This state is typically (but not always) indiscernible
 772                  * from the status states since the corresponding interrupts
 773                  * tend to happen within too little period of time (with only
 774                  * a zero-length packet in between) and so get coalesced...
 775                  */
 776                 retval = IRQ_HANDLED;
 777                 musb->ep0_state = MUSB_EP0_STAGE_SETUP;
 778                 /* FALLTHROUGH */
 779
 780         case MUSB_EP0_STAGE_SETUP:
 781 setup:
 782                 if (csr & MUSB_CSR0_RXPKTRDY) {
 783                         struct usb_ctrlrequest  setup;
 784                         int                     handled = 0;
 785
 786                         if (len != 8) {
 787                                 ERR("SETUP packet len %d != 8 ?\n", len);
 788                                 break;
 789                         }
 790                         musb_read_setup(musb, &setup);
 791                         retval = IRQ_HANDLED;
 792
 793                         /* sometimes the RESET won't be reported */
 794                         if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) {
 795                                 u8      power;
 796
 797                                 printk(KERN_NOTICE "%s: peripheral reset "
 798                                                 "irq lost!\n",
 799                                                 musb_driver_name);
 800                                 power = musb_readb(mbase, MUSB_POWER);
 801                                 musb->g.speed = (power & MUSB_POWER_HSMODE)
 802                                         ? USB_SPEED_HIGH : USB_SPEED_FULL;
 803
 804                         }
 805
 806                         switch (musb->ep0_state) {
 807
 808                         /* sequence #3 (no data stage), includes requests
 809                          * we can't forward (notably SET_ADDRESS and the
 810                          * device/endpoint feature set/clear operations)
 811                          * plus SET_CONFIGURATION and others we must
 812                          */
 813                         case MUSB_EP0_STAGE_ACKWAIT:
 814                                 handled = service_zero_data_request(
 815                                                 musb, &setup);
 816
 817                                 /*
 818                                  * We're expecting no data in any case, so
 819                                  * always set the DATAEND bit -- doing this
 820                                  * here helps avoid SetupEnd interrupt coming
 821                                  * in the idle stage when we're stalling...
 822                                  */
 823                                 musb->ackpend |= MUSB_CSR0_P_DATAEND;
 824
 825                                 /* status stage might be immediate */
 826                                 if (handled > 0)
 827                                         musb->ep0_state =
 828                                                 MUSB_EP0_STAGE_STATUSIN;
 829                                 break;
 830
 831                         /* sequence #1 (IN to host), includes GET_STATUS
 832                          * requests that we can't forward, GET_DESCRIPTOR
 833                          * and others that we must
 834                          */
 835                         case MUSB_EP0_STAGE_TX:
 836                                 handled = service_in_request(musb, &setup);
 837                                 if (handled > 0) {
 838                                         musb->ackpend = MUSB_CSR0_TXPKTRDY
 839                                                 | MUSB_CSR0_P_DATAEND;
 840                                         musb->ep0_state =
 841                                                 MUSB_EP0_STAGE_STATUSOUT;
 842                                 }
 843                                 break;
 844
 845                         /* sequence #2 (OUT from host), always forward */
 846                         default:                /* MUSB_EP0_STAGE_RX */
 847                                 break;
 848                         }
 849
 850                         dev_dbg(musb->controller, "handled %d, csr %04x, ep0stage %s\n",
 851                                 handled, csr,
 852                                 decode_ep0stage(musb->ep0_state));
 853
 854                         /* unless we need to delegate this to the gadget
 855                          * driver, we know how to wrap this up:  csr0 has
 856                          * not yet been written.
 857                          */
 858                         if (handled < 0)
 859                                 goto stall;
 860                         else if (handled > 0)
 861                                 goto finish;
 862
 863                         handled = forward_to_driver(musb, &setup);
 864                         if (handled < 0) {
 865                                 musb_ep_select(mbase, 0);
 866 stall:
 867                                 dev_dbg(musb->controller, "stall (%d)\n", handled);
 868                                 musb->ackpend |= MUSB_CSR0_P_SENDSTALL;
 869                                 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
 870 finish:
 871                                 musb_writew(regs, MUSB_CSR0,
 872                                                 musb->ackpend);
 873                                 musb->ackpend = 0;
 874                         }
 875                 }
 876                 break;
 877
 878         case MUSB_EP0_STAGE_ACKWAIT:
 879                 /* This should not happen. But happens with tusb6010 with
 880                  * g_file_storage and high speed. Do nothing.
 881                  */
 882                 retval = IRQ_HANDLED;
 883                 break;
 884
 885         default:
 886                 /* "can't happen" */
 887                 assert_noisy(false);
 888                 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL);
 889                 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
 890                 break;
 891         }
 892
 893         return retval;
 894 }
 895
 896
 897 static int
 898 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc)
 899 {
 900         /* always enabled */
 901         return -EINVAL;
 902 }
 903
 904 static int musb_g_ep0_disable(struct usb_ep *e)
 905 {
 906         /* always enabled */
 907         return -EINVAL;
 908 }
 909
 910 static int
 911 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags)
 912 {
 913         struct musb_ep          *ep;
 914         struct musb_request     *req;
 915         struct musb             *musb;
 916         int                     status;
 917         unsigned long           lockflags;
 918         void __iomem            *regs;
 919
 920         if (!e || !r)
 921                 return -EINVAL;
 922
 923         ep = to_musb_ep(e);
 924         musb = ep->musb;
 925         regs = musb->control_ep->regs;
 926
 927         req = to_musb_request(r);
 928         req->musb = musb;
 929         req->request.actual = 0;
 930         req->request.status = -EINPROGRESS;
 931         req->tx = ep->is_in;
 932
 933         spin_lock_irqsave(&musb->lock, lockflags);
 934
 935         if (!list_empty(&ep->req_list)) {
 936                 status = -EBUSY;
 937                 goto cleanup;
 938         }
 939
 940         switch (musb->ep0_state) {
 941         case MUSB_EP0_STAGE_RX:         /* control-OUT data */
 942         case MUSB_EP0_STAGE_TX:         /* control-IN data */
 943         case MUSB_EP0_STAGE_ACKWAIT:    /* zero-length data */
 944                 status = 0;
 945                 break;
 946         default:
 947                 dev_dbg(musb->controller, "ep0 request queued in state %d\n",
 948                                 musb->ep0_state);
 949                 status = -EINVAL;
 950                 goto cleanup;
 951         }
 952
 953         /* add request to the list */
 954         list_add_tail(&req->list, &ep->req_list);
 955
 956         dev_dbg(musb->controller, "queue to %s (%s), length=%d\n",
 957                         ep->name, ep->is_in ? "IN/TX" : "OUT/RX",
 958                         req->request.length);
 959
 960         musb_ep_select(musb->mregs, 0);
 961
 962         /* sequence #1, IN ... start writing the data */
 963         if (musb->ep0_state == MUSB_EP0_STAGE_TX)
 964                 ep0_txstate(musb);
 965
 966         /* sequence #3, no-data ... issue IN status */
 967         else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) {
 968                 if (req->request.length)
 969                         status = -EINVAL;
 970                 else {
 971                         musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
 972                         musb_writew(regs, MUSB_CSR0,
 973                                         musb->ackpend | MUSB_CSR0_P_DATAEND);
 974                         musb->ackpend = 0;
 975                         musb_g_ep0_giveback(ep->musb, r);
 976                 }
 977
 978         /* else for sequence #2 (OUT), caller provides a buffer
 979          * before the next packet arrives.  deferred responses
 980          * (after SETUP is acked) are racey.
 981          */
 982         } else if (musb->ackpend) {
 983                 musb_writew(regs, MUSB_CSR0, musb->ackpend);
 984                 musb->ackpend = 0;
 985         }
 986
 987 cleanup:
 988         spin_unlock_irqrestore(&musb->lock, lockflags);
 989         return status;
 990 }
 991
 992 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req)
 993 {
 994         /* we just won't support this */
 995         return -EINVAL;
 996 }
 997
 998 static int musb_g_ep0_halt(struct usb_ep *e, int value)
 999 {
1000         struct musb_ep          *ep;
1001         struct musb             *musb;
1002         void __iomem            *base, *regs;
1003         unsigned long           flags;
1004         int                     status;
1005         u16                     csr;
1006
1007         if (!e || !value)
1008                 return -EINVAL;
1009
1010         ep = to_musb_ep(e);
1011         musb = ep->musb;
1012         base = musb->mregs;
1013         regs = musb->control_ep->regs;
1014         status = 0;
1015
1016         spin_lock_irqsave(&musb->lock, flags);
1017
1018         if (!list_empty(&ep->req_list)) {
1019                 status = -EBUSY;
1020                 goto cleanup;
1021         }
1022
1023         musb_ep_select(base, 0);
1024         csr = musb->ackpend;
1025
1026         switch (musb->ep0_state) {
1027
1028         /* Stalls are usually issued after parsing SETUP packet, either
1029          * directly in irq context from setup() or else later.
1030          */
1031         case MUSB_EP0_STAGE_TX:         /* control-IN data */
1032         case MUSB_EP0_STAGE_ACKWAIT:    /* STALL for zero-length data */
1033         case MUSB_EP0_STAGE_RX:         /* control-OUT data */
1034                 csr = musb_readw(regs, MUSB_CSR0);
1035                 /* FALLTHROUGH */
1036
1037         /* It's also OK to issue stalls during callbacks when a non-empty
1038          * DATA stage buffer has been read (or even written).
1039          */
1040         case MUSB_EP0_STAGE_STATUSIN:   /* control-OUT status */
1041         case MUSB_EP0_STAGE_STATUSOUT:  /* control-IN status */
1042
1043                 csr |= MUSB_CSR0_P_SENDSTALL;
1044                 musb_writew(regs, MUSB_CSR0, csr);
1045                 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
1046                 musb->ackpend = 0;
1047                 break;
1048         default:
1049                 dev_dbg(musb->controller, "ep0 can't halt in state %d\n", musb->ep0_state);
1050                 status = -EINVAL;
1051         }
1052
1053 cleanup:
1054         spin_unlock_irqrestore(&musb->lock, flags);
1055         return status;
1056 }
1057
1058 const struct usb_ep_ops musb_g_ep0_ops = {
1059         .enable         = musb_g_ep0_enable,
1060         .disable        = musb_g_ep0_disable,
1061         .alloc_request  = musb_alloc_request,
1062         .free_request   = musb_free_request,
1063         .queue          = musb_g_ep0_queue,
1064         .dequeue        = musb_g_ep0_dequeue,
1065         .set_halt       = musb_g_ep0_halt,
1066 };