usb/musb/musb_gadget_ep0.c

0001 // SPDX-License-Identifier: GPL-2.0
0002 /*
0003  * MUSB OTG peripheral driver ep0 handling
0004  *
0005  * Copyright 2005 Mentor Graphics Corporation
0006  * Copyright (C) 2005-2006 by Texas Instruments
0007  * Copyright (C) 2006-2007 Nokia Corporation
0008  * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com>
0009  */
0010
0011 #include <linux/kernel.h>
0012 #include <linux/list.h>
0013 #include <linux/timer.h>
0014 #include <linux/spinlock.h>
0015 #include <linux/device.h>
0016 #include <linux/interrupt.h>
0017
0018 #include "musb_core.h"
0019
0020 /* ep0 is always musb->endpoints[0].ep_in */
0021 #define next_ep0_request(musb)  next_in_request(&(musb)->endpoints[0])
0022
0023 /*
0024  * locking note:  we use only the controller lock, for simpler correctness.
0025  * It's always held with IRQs blocked.
0026  *
0027  * It protects the ep0 request queue as well as ep0_state, not just the
0028  * controller and indexed registers.  And that lock stays held unless it
0029  * needs to be dropped to allow reentering this driver ... like upcalls to
0030  * the gadget driver, or adjusting endpoint halt status.
0031  */
0032
0033 static char *decode_ep0stage(u8 stage)
0034 {
0035     switch (stage) {
0036     case MUSB_EP0_STAGE_IDLE:   return "idle";
0037     case MUSB_EP0_STAGE_SETUP:  return "setup";
0038     case MUSB_EP0_STAGE_TX:     return "in";
0039     case MUSB_EP0_STAGE_RX:     return "out";
0040     case MUSB_EP0_STAGE_ACKWAIT:    return "wait";
0041     case MUSB_EP0_STAGE_STATUSIN:   return "in/status";
0042     case MUSB_EP0_STAGE_STATUSOUT:  return "out/status";
0043     default:            return "?";
0044     }
0045 }
0046
0047 /* handle a standard GET_STATUS request
0048  * Context:  caller holds controller lock
0049  */
0050 static int service_tx_status_request(
0051     struct musb *musb,
0052     const struct usb_ctrlrequest *ctrlrequest)
0053 {
0054     void __iomem    *mbase = musb->mregs;
0055     int handled = 1;
0056     u8 result[2], epnum = 0;
0057     const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
0058
0059     result[1] = 0;
0060
0061     switch (recip) {
0062     case USB_RECIP_DEVICE:
0063         result[0] = musb->g.is_selfpowered << USB_DEVICE_SELF_POWERED;
0064         result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP;
0065         if (musb->g.is_otg) {
0066             result[0] |= musb->g.b_hnp_enable
0067                 << USB_DEVICE_B_HNP_ENABLE;
0068             result[0] |= musb->g.a_alt_hnp_support
0069                 << USB_DEVICE_A_ALT_HNP_SUPPORT;
0070             result[0] |= musb->g.a_hnp_support
0071                 << USB_DEVICE_A_HNP_SUPPORT;
0072         }
0073         break;
0074
0075     case USB_RECIP_INTERFACE:
0076         result[0] = 0;
0077         break;
0078
0079     case USB_RECIP_ENDPOINT: {
0080         int     is_in;
0081         struct musb_ep  *ep;
0082         u16     tmp;
0083         void __iomem    *regs;
0084
0085         epnum = (u8) ctrlrequest->wIndex;
0086         if (!epnum) {
0087             result[0] = 0;
0088             break;
0089         }
0090
0091         is_in = epnum & USB_DIR_IN;
0092         epnum &= 0x0f;
0093         if (epnum >= MUSB_C_NUM_EPS) {
0094             handled = -EINVAL;
0095             break;
0096         }
0097
0098         if (is_in)
0099             ep = &musb->endpoints[epnum].ep_in;
0100         else
0101             ep = &musb->endpoints[epnum].ep_out;
0102         regs = musb->endpoints[epnum].regs;
0103
0104         if (!ep->desc) {
0105             handled = -EINVAL;
0106             break;
0107         }
0108
0109         musb_ep_select(mbase, epnum);
0110         if (is_in)
0111             tmp = musb_readw(regs, MUSB_TXCSR)
0112                         & MUSB_TXCSR_P_SENDSTALL;
0113         else
0114             tmp = musb_readw(regs, MUSB_RXCSR)
0115                         & MUSB_RXCSR_P_SENDSTALL;
0116         musb_ep_select(mbase, 0);
0117
0118         result[0] = tmp ? 1 : 0;
0119         } break;
0120
0121     default:
0122         /* class, vendor, etc ... delegate */
0123         handled = 0;
0124         break;
0125     }
0126
0127     /* fill up the fifo; caller updates csr0 */
0128     if (handled > 0) {
0129         u16 len = le16_to_cpu(ctrlrequest->wLength);
0130
0131         if (len > 2)
0132             len = 2;
0133         musb_write_fifo(&musb->endpoints[0], len, result);
0134     }
0135
0136     return handled;
0137 }
0138
0139 /*
0140  * handle a control-IN request, the end0 buffer contains the current request
0141  * that is supposed to be a standard control request. Assumes the fifo to
0142  * be at least 2 bytes long.
0143  *
0144  * @return 0 if the request was NOT HANDLED,
0145  * < 0 when error
0146  * > 0 when the request is processed
0147  *
0148  * Context:  caller holds controller lock
0149  */
0150 static int
0151 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
0152 {
0153     int handled = 0;    /* not handled */
0154
0155     if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
0156             == USB_TYPE_STANDARD) {
0157         switch (ctrlrequest->bRequest) {
0158         case USB_REQ_GET_STATUS:
0159             handled = service_tx_status_request(musb,
0160                     ctrlrequest);
0161             break;
0162
0163         /* case USB_REQ_SYNC_FRAME: */
0164
0165         default:
0166             break;
0167         }
0168     }
0169     return handled;
0170 }
0171
0172 /*
0173  * Context:  caller holds controller lock
0174  */
0175 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req)
0176 {
0177     musb_g_giveback(&musb->endpoints[0].ep_in, req, 0);
0178 }
0179
0180 /*
0181  * Tries to start B-device HNP negotiation if enabled via sysfs
0182  */
0183 static inline void musb_try_b_hnp_enable(struct musb *musb)
0184 {
0185     void __iomem    *mbase = musb->mregs;
0186     u8      devctl;
0187
0188     musb_dbg(musb, "HNP: Setting HR");
0189     devctl = musb_readb(mbase, MUSB_DEVCTL);
0190     musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR);
0191 }
0192
0193 /*
0194  * Handle all control requests with no DATA stage, including standard
0195  * requests such as:
0196  * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized
0197  *  always delegated to the gadget driver
0198  * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE
0199  *  always handled here, except for class/vendor/... features
0200  *
0201  * Context:  caller holds controller lock
0202  */
0203 static int
0204 service_zero_data_request(struct musb *musb,
0205         struct usb_ctrlrequest *ctrlrequest)
0206 __releases(musb->lock)
0207 __acquires(musb->lock)
0208 {
0209     int handled = -EINVAL;
0210     void __iomem *mbase = musb->mregs;
0211     const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
0212
0213     /* the gadget driver handles everything except what we MUST handle */
0214     if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
0215             == USB_TYPE_STANDARD) {
0216         switch (ctrlrequest->bRequest) {
0217         case USB_REQ_SET_ADDRESS:
0218             /* change it after the status stage */
0219             musb->set_address = true;
0220             musb->address = (u8) (ctrlrequest->wValue & 0x7f);
0221             handled = 1;
0222             break;
0223
0224         case USB_REQ_CLEAR_FEATURE:
0225             switch (recip) {
0226             case USB_RECIP_DEVICE:
0227                 if (ctrlrequest->wValue
0228                         != USB_DEVICE_REMOTE_WAKEUP)
0229                     break;
0230                 musb->may_wakeup = 0;
0231                 handled = 1;
0232                 break;
0233             case USB_RECIP_INTERFACE:
0234                 break;
0235             case USB_RECIP_ENDPOINT:{
0236                 const u8        epnum =
0237                     ctrlrequest->wIndex & 0x0f;
0238                 struct musb_ep      *musb_ep;
0239                 struct musb_hw_ep   *ep;
0240                 struct musb_request *request;
0241                 void __iomem        *regs;
0242                 int         is_in;
0243                 u16         csr;
0244
0245                 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
0246                     ctrlrequest->wValue != USB_ENDPOINT_HALT)
0247                     break;
0248
0249                 ep = musb->endpoints + epnum;
0250                 regs = ep->regs;
0251                 is_in = ctrlrequest->wIndex & USB_DIR_IN;
0252                 if (is_in)
0253                     musb_ep = &ep->ep_in;
0254                 else
0255                     musb_ep = &ep->ep_out;
0256                 if (!musb_ep->desc)
0257                     break;
0258
0259                 handled = 1;
0260                 /* Ignore request if endpoint is wedged */
0261                 if (musb_ep->wedged)
0262                     break;
0263
0264                 musb_ep_select(mbase, epnum);
0265                 if (is_in) {
0266                     csr  = musb_readw(regs, MUSB_TXCSR);
0267                     csr |= MUSB_TXCSR_CLRDATATOG |
0268                            MUSB_TXCSR_P_WZC_BITS;
0269                     csr &= ~(MUSB_TXCSR_P_SENDSTALL |
0270                          MUSB_TXCSR_P_SENTSTALL |
0271                          MUSB_TXCSR_TXPKTRDY);
0272                     musb_writew(regs, MUSB_TXCSR, csr);
0273                 } else {
0274                     csr  = musb_readw(regs, MUSB_RXCSR);
0275                     csr |= MUSB_RXCSR_CLRDATATOG |
0276                            MUSB_RXCSR_P_WZC_BITS;
0277                     csr &= ~(MUSB_RXCSR_P_SENDSTALL |
0278                          MUSB_RXCSR_P_SENTSTALL);
0279                     musb_writew(regs, MUSB_RXCSR, csr);
0280                 }
0281
0282                 /* Maybe start the first request in the queue */
0283                 request = next_request(musb_ep);
0284                 if (!musb_ep->busy && request) {
0285                     musb_dbg(musb, "restarting the request");
0286                     musb_ep_restart(musb, request);
0287                 }
0288
0289                 /* select ep0 again */
0290                 musb_ep_select(mbase, 0);
0291                 } break;
0292             default:
0293                 /* class, vendor, etc ... delegate */
0294                 handled = 0;
0295                 break;
0296             }
0297             break;
0298
0299         case USB_REQ_SET_FEATURE:
0300             switch (recip) {
0301             case USB_RECIP_DEVICE:
0302                 handled = 1;
0303                 switch (ctrlrequest->wValue) {
0304                 case USB_DEVICE_REMOTE_WAKEUP:
0305                     musb->may_wakeup = 1;
0306                     break;
0307                 case USB_DEVICE_TEST_MODE:
0308                     if (musb->g.speed != USB_SPEED_HIGH)
0309                         goto stall;
0310                     if (ctrlrequest->wIndex & 0xff)
0311                         goto stall;
0312
0313                     switch (ctrlrequest->wIndex >> 8) {
0314                     case USB_TEST_J:
0315                         pr_debug("USB_TEST_J\n");
0316                         musb->test_mode_nr =
0317                             MUSB_TEST_J;
0318                         break;
0319                     case USB_TEST_K:
0320                         pr_debug("USB_TEST_K\n");
0321                         musb->test_mode_nr =
0322                             MUSB_TEST_K;
0323                         break;
0324                     case USB_TEST_SE0_NAK:
0325                         pr_debug("USB_TEST_SE0_NAK\n");
0326                         musb->test_mode_nr =
0327                             MUSB_TEST_SE0_NAK;
0328                         break;
0329                     case USB_TEST_PACKET:
0330                         pr_debug("USB_TEST_PACKET\n");
0331                         musb->test_mode_nr =
0332                             MUSB_TEST_PACKET;
0333                         break;
0334
0335                     case 0xc0:
0336                         /* TEST_FORCE_HS */
0337                         pr_debug("TEST_FORCE_HS\n");
0338                         musb->test_mode_nr =
0339                             MUSB_TEST_FORCE_HS;
0340                         break;
0341                     case 0xc1:
0342                         /* TEST_FORCE_FS */
0343                         pr_debug("TEST_FORCE_FS\n");
0344                         musb->test_mode_nr =
0345                             MUSB_TEST_FORCE_FS;
0346                         break;
0347                     case 0xc2:
0348                         /* TEST_FIFO_ACCESS */
0349                         pr_debug("TEST_FIFO_ACCESS\n");
0350                         musb->test_mode_nr =
0351                             MUSB_TEST_FIFO_ACCESS;
0352                         break;
0353                     case 0xc3:
0354                         /* TEST_FORCE_HOST */
0355                         pr_debug("TEST_FORCE_HOST\n");
0356                         musb->test_mode_nr =
0357                             MUSB_TEST_FORCE_HOST;
0358                         break;
0359                     default:
0360                         goto stall;
0361                     }
0362
0363                     /* enter test mode after irq */
0364                     if (handled > 0)
0365                         musb->test_mode = true;
0366                     break;
0367                 case USB_DEVICE_B_HNP_ENABLE:
0368                     if (!musb->g.is_otg)
0369                         goto stall;
0370                     musb->g.b_hnp_enable = 1;
0371                     musb_try_b_hnp_enable(musb);
0372                     break;
0373                 case USB_DEVICE_A_HNP_SUPPORT:
0374                     if (!musb->g.is_otg)
0375                         goto stall;
0376                     musb->g.a_hnp_support = 1;
0377                     break;
0378                 case USB_DEVICE_A_ALT_HNP_SUPPORT:
0379                     if (!musb->g.is_otg)
0380                         goto stall;
0381                     musb->g.a_alt_hnp_support = 1;
0382                     break;
0383                 case USB_DEVICE_DEBUG_MODE:
0384                     handled = 0;
0385                     break;
0386 stall:
0387                 default:
0388                     handled = -EINVAL;
0389                     break;
0390                 }
0391                 break;
0392
0393             case USB_RECIP_INTERFACE:
0394                 break;
0395
0396             case USB_RECIP_ENDPOINT:{
0397                 const u8        epnum =
0398                     ctrlrequest->wIndex & 0x0f;
0399                 struct musb_ep      *musb_ep;
0400                 struct musb_hw_ep   *ep;
0401                 void __iomem        *regs;
0402                 int         is_in;
0403                 u16         csr;
0404
0405                 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
0406                     ctrlrequest->wValue != USB_ENDPOINT_HALT)
0407                     break;
0408
0409                 ep = musb->endpoints + epnum;
0410                 regs = ep->regs;
0411                 is_in = ctrlrequest->wIndex & USB_DIR_IN;
0412                 if (is_in)
0413                     musb_ep = &ep->ep_in;
0414                 else
0415                     musb_ep = &ep->ep_out;
0416                 if (!musb_ep->desc)
0417                     break;
0418
0419                 musb_ep_select(mbase, epnum);
0420                 if (is_in) {
0421                     csr = musb_readw(regs, MUSB_TXCSR);
0422                     if (csr & MUSB_TXCSR_FIFONOTEMPTY)
0423                         csr |= MUSB_TXCSR_FLUSHFIFO;
0424                     csr |= MUSB_TXCSR_P_SENDSTALL
0425                         | MUSB_TXCSR_CLRDATATOG
0426                         | MUSB_TXCSR_P_WZC_BITS;
0427                     musb_writew(regs, MUSB_TXCSR, csr);
0428                 } else {
0429                     csr = musb_readw(regs, MUSB_RXCSR);
0430                     csr |= MUSB_RXCSR_P_SENDSTALL
0431                         | MUSB_RXCSR_FLUSHFIFO
0432                         | MUSB_RXCSR_CLRDATATOG
0433                         | MUSB_RXCSR_P_WZC_BITS;
0434                     musb_writew(regs, MUSB_RXCSR, csr);
0435                 }
0436
0437                 /* select ep0 again */
0438                 musb_ep_select(mbase, 0);
0439                 handled = 1;
0440                 } break;
0441
0442             default:
0443                 /* class, vendor, etc ... delegate */
0444                 handled = 0;
0445                 break;
0446             }
0447             break;
0448         default:
0449             /* delegate SET_CONFIGURATION, etc */
0450             handled = 0;
0451         }
0452     } else
0453         handled = 0;
0454     return handled;
0455 }
0456
0457 /* we have an ep0out data packet
0458  * Context:  caller holds controller lock
0459  */
0460 static void ep0_rxstate(struct musb *musb)
0461 {
0462     void __iomem        *regs = musb->control_ep->regs;
0463     struct musb_request *request;
0464     struct usb_request  *req;
0465     u16         count, csr;
0466
0467     request = next_ep0_request(musb);
0468     req = &request->request;
0469
0470     /* read packet and ack; or stall because of gadget driver bug:
0471      * should have provided the rx buffer before setup() returned.
0472      */
0473     if (req) {
0474         void        *buf = req->buf + req->actual;
0475         unsigned    len = req->length - req->actual;
0476
0477         /* read the buffer */
0478         count = musb_readb(regs, MUSB_COUNT0);
0479         if (count > len) {
0480             req->status = -EOVERFLOW;
0481             count = len;
0482         }
0483         if (count > 0) {
0484             musb_read_fifo(&musb->endpoints[0], count, buf);
0485             req->actual += count;
0486         }
0487         csr = MUSB_CSR0_P_SVDRXPKTRDY;
0488         if (count < 64 || req->actual == req->length) {
0489             musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
0490             csr |= MUSB_CSR0_P_DATAEND;
0491         } else
0492             req = NULL;
0493     } else
0494         csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL;
0495
0496
0497     /* Completion handler may choose to stall, e.g. because the
0498      * message just received holds invalid data.
0499      */
0500     if (req) {
0501         musb->ackpend = csr;
0502         musb_g_ep0_giveback(musb, req);
0503         if (!musb->ackpend)
0504             return;
0505         musb->ackpend = 0;
0506     }
0507     musb_ep_select(musb->mregs, 0);
0508     musb_writew(regs, MUSB_CSR0, csr);
0509 }
0510
0511 /*
0512  * transmitting to the host (IN), this code might be called from IRQ
0513  * and from kernel thread.
0514  *
0515  * Context:  caller holds controller lock
0516  */
0517 static void ep0_txstate(struct musb *musb)
0518 {
0519     void __iomem        *regs = musb->control_ep->regs;
0520     struct musb_request *req = next_ep0_request(musb);
0521     struct usb_request  *request;
0522     u16         csr = MUSB_CSR0_TXPKTRDY;
0523     u8          *fifo_src;
0524     u8          fifo_count;
0525
0526     if (!req) {
0527         /* WARN_ON(1); */
0528         musb_dbg(musb, "odd; csr0 %04x", musb_readw(regs, MUSB_CSR0));
0529         return;
0530     }
0531
0532     request = &req->request;
0533
0534     /* load the data */
0535     fifo_src = (u8 *) request->buf + request->actual;
0536     fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE,
0537         request->length - request->actual);
0538     musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src);
0539     request->actual += fifo_count;
0540
0541     /* update the flags */
0542     if (fifo_count < MUSB_MAX_END0_PACKET
0543             || (request->actual == request->length
0544                 && !request->zero)) {
0545         musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
0546         csr |= MUSB_CSR0_P_DATAEND;
0547     } else
0548         request = NULL;
0549
0550     /* report completions as soon as the fifo's loaded; there's no
0551      * win in waiting till this last packet gets acked.  (other than
0552      * very precise fault reporting, needed by USB TMC; possible with
0553      * this hardware, but not usable from portable gadget drivers.)
0554      */
0555     if (request) {
0556         musb->ackpend = csr;
0557         musb_g_ep0_giveback(musb, request);
0558         if (!musb->ackpend)
0559             return;
0560         musb->ackpend = 0;
0561     }
0562
0563     /* send it out, triggering a "txpktrdy cleared" irq */
0564     musb_ep_select(musb->mregs, 0);
0565     musb_writew(regs, MUSB_CSR0, csr);
0566 }
0567
0568 /*
0569  * Read a SETUP packet (struct usb_ctrlrequest) from the hardware.
0570  * Fields are left in USB byte-order.
0571  *
0572  * Context:  caller holds controller lock.
0573  */
0574 static void
0575 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req)
0576 {
0577     struct musb_request *r;
0578     void __iomem        *regs = musb->control_ep->regs;
0579
0580     musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req);
0581
0582     /* NOTE:  earlier 2.6 versions changed setup packets to host
0583      * order, but now USB packets always stay in USB byte order.
0584      */
0585     musb_dbg(musb, "SETUP req%02x.%02x v%04x i%04x l%d",
0586         req->bRequestType,
0587         req->bRequest,
0588         le16_to_cpu(req->wValue),
0589         le16_to_cpu(req->wIndex),
0590         le16_to_cpu(req->wLength));
0591
0592     /* clean up any leftover transfers */
0593     r = next_ep0_request(musb);
0594     if (r)
0595         musb_g_ep0_giveback(musb, &r->request);
0596
0597     /* For zero-data requests we want to delay the STATUS stage to
0598      * avoid SETUPEND errors.  If we read data (OUT), delay accepting
0599      * packets until there's a buffer to store them in.
0600      *
0601      * If we write data, the controller acts happier if we enable
0602      * the TX FIFO right away, and give the controller a moment
0603      * to switch modes...
0604      */
0605     musb->set_address = false;
0606     musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY;
0607     if (req->wLength == 0) {
0608         if (req->bRequestType & USB_DIR_IN)
0609             musb->ackpend |= MUSB_CSR0_TXPKTRDY;
0610         musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT;
0611     } else if (req->bRequestType & USB_DIR_IN) {
0612         musb->ep0_state = MUSB_EP0_STAGE_TX;
0613         musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY);
0614         while ((musb_readw(regs, MUSB_CSR0)
0615                 & MUSB_CSR0_RXPKTRDY) != 0)
0616             cpu_relax();
0617         musb->ackpend = 0;
0618     } else
0619         musb->ep0_state = MUSB_EP0_STAGE_RX;
0620 }
0621
0622 static int
0623 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
0624 __releases(musb->lock)
0625 __acquires(musb->lock)
0626 {
0627     int retval;
0628     if (!musb->gadget_driver)
0629         return -EOPNOTSUPP;
0630     spin_unlock(&musb->lock);
0631     retval = musb->gadget_driver->setup(&musb->g, ctrlrequest);
0632     spin_lock(&musb->lock);
0633     return retval;
0634 }
0635
0636 /*
0637  * Handle peripheral ep0 interrupt
0638  *
0639  * Context: irq handler; we won't re-enter the driver that way.
0640  */
0641 irqreturn_t musb_g_ep0_irq(struct musb *musb)
0642 {
0643     u16     csr;
0644     u16     len;
0645     void __iomem    *mbase = musb->mregs;
0646     void __iomem    *regs = musb->endpoints[0].regs;
0647     irqreturn_t retval = IRQ_NONE;
0648
0649     musb_ep_select(mbase, 0);   /* select ep0 */
0650     csr = musb_readw(regs, MUSB_CSR0);
0651     len = musb_readb(regs, MUSB_COUNT0);
0652
0653     musb_dbg(musb, "csr %04x, count %d, ep0stage %s",
0654             csr, len, decode_ep0stage(musb->ep0_state));
0655
0656     if (csr & MUSB_CSR0_P_DATAEND) {
0657         /*
0658          * If DATAEND is set we should not call the callback,
0659          * hence the status stage is not complete.
0660          */
0661         return IRQ_HANDLED;
0662     }
0663
0664     /* I sent a stall.. need to acknowledge it now.. */
0665     if (csr & MUSB_CSR0_P_SENTSTALL) {
0666         musb_writew(regs, MUSB_CSR0,
0667                 csr & ~MUSB_CSR0_P_SENTSTALL);
0668         retval = IRQ_HANDLED;
0669         musb->ep0_state = MUSB_EP0_STAGE_IDLE;
0670         csr = musb_readw(regs, MUSB_CSR0);
0671     }
0672
0673     /* request ended "early" */
0674     if (csr & MUSB_CSR0_P_SETUPEND) {
0675         musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND);
0676         retval = IRQ_HANDLED;
0677         /* Transition into the early status phase */
0678         switch (musb->ep0_state) {
0679         case MUSB_EP0_STAGE_TX:
0680             musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
0681             break;
0682         case MUSB_EP0_STAGE_RX:
0683             musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
0684             break;
0685         default:
0686             ERR("SetupEnd came in a wrong ep0stage %s\n",
0687                 decode_ep0stage(musb->ep0_state));
0688         }
0689         csr = musb_readw(regs, MUSB_CSR0);
0690         /* NOTE:  request may need completion */
0691     }
0692
0693     /* docs from Mentor only describe tx, rx, and idle/setup states.
0694      * we need to handle nuances around status stages, and also the
0695      * case where status and setup stages come back-to-back ...
0696      */
0697     switch (musb->ep0_state) {
0698
0699     case MUSB_EP0_STAGE_TX:
0700         /* irq on clearing txpktrdy */
0701         if ((csr & MUSB_CSR0_TXPKTRDY) == 0) {
0702             ep0_txstate(musb);
0703             retval = IRQ_HANDLED;
0704         }
0705         break;
0706
0707     case MUSB_EP0_STAGE_RX:
0708         /* irq on set rxpktrdy */
0709         if (csr & MUSB_CSR0_RXPKTRDY) {
0710             ep0_rxstate(musb);
0711             retval = IRQ_HANDLED;
0712         }
0713         break;
0714
0715     case MUSB_EP0_STAGE_STATUSIN:
0716         /* end of sequence #2 (OUT/RX state) or #3 (no data) */
0717
0718         /* update address (if needed) only @ the end of the
0719          * status phase per usb spec, which also guarantees
0720          * we get 10 msec to receive this irq... until this
0721          * is done we won't see the next packet.
0722          */
0723         if (musb->set_address) {
0724             musb->set_address = false;
0725             musb_writeb(mbase, MUSB_FADDR, musb->address);
0726         }
0727
0728         /* enter test mode if needed (exit by reset) */
0729         else if (musb->test_mode) {
0730             musb_dbg(musb, "entering TESTMODE");
0731
0732             if (MUSB_TEST_PACKET == musb->test_mode_nr)
0733                 musb_load_testpacket(musb);
0734
0735             musb_writeb(mbase, MUSB_TESTMODE,
0736                     musb->test_mode_nr);
0737         }
0738         fallthrough;
0739
0740     case MUSB_EP0_STAGE_STATUSOUT:
0741         /* end of sequence #1: write to host (TX state) */
0742         {
0743             struct musb_request *req;
0744
0745             req = next_ep0_request(musb);
0746             if (req)
0747                 musb_g_ep0_giveback(musb, &req->request);
0748         }
0749
0750         /*
0751          * In case when several interrupts can get coalesced,
0752          * check to see if we've already received a SETUP packet...
0753          */
0754         if (csr & MUSB_CSR0_RXPKTRDY)
0755             goto setup;
0756
0757         retval = IRQ_HANDLED;
0758         musb->ep0_state = MUSB_EP0_STAGE_IDLE;
0759         break;
0760
0761     case MUSB_EP0_STAGE_IDLE:
0762         /*
0763          * This state is typically (but not always) indiscernible
0764          * from the status states since the corresponding interrupts
0765          * tend to happen within too little period of time (with only
0766          * a zero-length packet in between) and so get coalesced...
0767          */
0768         retval = IRQ_HANDLED;
0769         musb->ep0_state = MUSB_EP0_STAGE_SETUP;
0770         fallthrough;
0771
0772     case MUSB_EP0_STAGE_SETUP:
0773 setup:
0774         if (csr & MUSB_CSR0_RXPKTRDY) {
0775             struct usb_ctrlrequest  setup;
0776             int         handled = 0;
0777
0778             if (len != 8) {
0779                 ERR("SETUP packet len %d != 8 ?\n", len);
0780                 break;
0781             }
0782             musb_read_setup(musb, &setup);
0783             retval = IRQ_HANDLED;
0784
0785             /* sometimes the RESET won't be reported */
0786             if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) {
0787                 u8  power;
0788
0789                 printk(KERN_NOTICE "%s: peripheral reset "
0790                         "irq lost!\n",
0791                         musb_driver_name);
0792                 power = musb_readb(mbase, MUSB_POWER);
0793                 musb->g.speed = (power & MUSB_POWER_HSMODE)
0794                     ? USB_SPEED_HIGH : USB_SPEED_FULL;
0795
0796             }
0797
0798             switch (musb->ep0_state) {
0799
0800             /* sequence #3 (no data stage), includes requests
0801              * we can't forward (notably SET_ADDRESS and the
0802              * device/endpoint feature set/clear operations)
0803              * plus SET_CONFIGURATION and others we must
0804              */
0805             case MUSB_EP0_STAGE_ACKWAIT:
0806                 handled = service_zero_data_request(
0807                         musb, &setup);
0808
0809                 /*
0810                  * We're expecting no data in any case, so
0811                  * always set the DATAEND bit -- doing this
0812                  * here helps avoid SetupEnd interrupt coming
0813                  * in the idle stage when we're stalling...
0814                  */
0815                 musb->ackpend |= MUSB_CSR0_P_DATAEND;
0816
0817                 /* status stage might be immediate */
0818                 if (handled > 0)
0819                     musb->ep0_state =
0820                         MUSB_EP0_STAGE_STATUSIN;
0821                 break;
0822
0823             /* sequence #1 (IN to host), includes GET_STATUS
0824              * requests that we can't forward, GET_DESCRIPTOR
0825              * and others that we must
0826              */
0827             case MUSB_EP0_STAGE_TX:
0828                 handled = service_in_request(musb, &setup);
0829                 if (handled > 0) {
0830                     musb->ackpend = MUSB_CSR0_TXPKTRDY
0831                         | MUSB_CSR0_P_DATAEND;
0832                     musb->ep0_state =
0833                         MUSB_EP0_STAGE_STATUSOUT;
0834                 }
0835                 break;
0836
0837             /* sequence #2 (OUT from host), always forward */
0838             default:        /* MUSB_EP0_STAGE_RX */
0839                 break;
0840             }
0841
0842             musb_dbg(musb, "handled %d, csr %04x, ep0stage %s",
0843                 handled, csr,
0844                 decode_ep0stage(musb->ep0_state));
0845
0846             /* unless we need to delegate this to the gadget
0847              * driver, we know how to wrap this up:  csr0 has
0848              * not yet been written.
0849              */
0850             if (handled < 0)
0851                 goto stall;
0852             else if (handled > 0)
0853                 goto finish;
0854
0855             handled = forward_to_driver(musb, &setup);
0856             if (handled < 0) {
0857                 musb_ep_select(mbase, 0);
0858 stall:
0859                 musb_dbg(musb, "stall (%d)", handled);
0860                 musb->ackpend |= MUSB_CSR0_P_SENDSTALL;
0861                 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
0862 finish:
0863                 musb_writew(regs, MUSB_CSR0,
0864                         musb->ackpend);
0865                 musb->ackpend = 0;
0866             }
0867         }
0868         break;
0869
0870     case MUSB_EP0_STAGE_ACKWAIT:
0871         /* This should not happen. But happens with tusb6010 with
0872          * g_file_storage and high speed. Do nothing.
0873          */
0874         retval = IRQ_HANDLED;
0875         break;
0876
0877     default:
0878         /* "can't happen" */
0879         WARN_ON(1);
0880         musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL);
0881         musb->ep0_state = MUSB_EP0_STAGE_IDLE;
0882         break;
0883     }
0884
0885     return retval;
0886 }
0887
0888
0889 static int
0890 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc)
0891 {
0892     /* always enabled */
0893     return -EINVAL;
0894 }
0895
0896 static int musb_g_ep0_disable(struct usb_ep *e)
0897 {
0898     /* always enabled */
0899     return -EINVAL;
0900 }
0901
0902 static int
0903 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags)
0904 {
0905     struct musb_ep      *ep;
0906     struct musb_request *req;
0907     struct musb     *musb;
0908     int         status;
0909     unsigned long       lockflags;
0910     void __iomem        *regs;
0911
0912     if (!e || !r)
0913         return -EINVAL;
0914
0915     ep = to_musb_ep(e);
0916     musb = ep->musb;
0917     regs = musb->control_ep->regs;
0918
0919     req = to_musb_request(r);
0920     req->musb = musb;
0921     req->request.actual = 0;
0922     req->request.status = -EINPROGRESS;
0923     req->tx = ep->is_in;
0924
0925     spin_lock_irqsave(&musb->lock, lockflags);
0926
0927     if (!list_empty(&ep->req_list)) {
0928         status = -EBUSY;
0929         goto cleanup;
0930     }
0931
0932     switch (musb->ep0_state) {
0933     case MUSB_EP0_STAGE_RX:     /* control-OUT data */
0934     case MUSB_EP0_STAGE_TX:     /* control-IN data */
0935     case MUSB_EP0_STAGE_ACKWAIT:    /* zero-length data */
0936         status = 0;
0937         break;
0938     default:
0939         musb_dbg(musb, "ep0 request queued in state %d",
0940                 musb->ep0_state);
0941         status = -EINVAL;
0942         goto cleanup;
0943     }
0944
0945     /* add request to the list */
0946     list_add_tail(&req->list, &ep->req_list);
0947
0948     musb_dbg(musb, "queue to %s (%s), length=%d",
0949             ep->name, ep->is_in ? "IN/TX" : "OUT/RX",
0950             req->request.length);
0951
0952     musb_ep_select(musb->mregs, 0);
0953
0954     /* sequence #1, IN ... start writing the data */
0955     if (musb->ep0_state == MUSB_EP0_STAGE_TX)
0956         ep0_txstate(musb);
0957
0958     /* sequence #3, no-data ... issue IN status */
0959     else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) {
0960         if (req->request.length)
0961             status = -EINVAL;
0962         else {
0963             musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
0964             musb_writew(regs, MUSB_CSR0,
0965                     musb->ackpend | MUSB_CSR0_P_DATAEND);
0966             musb->ackpend = 0;
0967             musb_g_ep0_giveback(ep->musb, r);
0968         }
0969
0970     /* else for sequence #2 (OUT), caller provides a buffer
0971      * before the next packet arrives.  deferred responses
0972      * (after SETUP is acked) are racey.
0973      */
0974     } else if (musb->ackpend) {
0975         musb_writew(regs, MUSB_CSR0, musb->ackpend);
0976         musb->ackpend = 0;
0977     }
0978
0979 cleanup:
0980     spin_unlock_irqrestore(&musb->lock, lockflags);
0981     return status;
0982 }
0983
0984 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req)
0985 {
0986     /* we just won't support this */
0987     return -EINVAL;
0988 }
0989
0990 static int musb_g_ep0_halt(struct usb_ep *e, int value)
0991 {
0992     struct musb_ep      *ep;
0993     struct musb     *musb;
0994     void __iomem        *base, *regs;
0995     unsigned long       flags;
0996     int         status;
0997     u16         csr;
0998
0999     if (!e || !value)
1000         return -EINVAL;
1001
1002     ep = to_musb_ep(e);
1003     musb = ep->musb;
1004     base = musb->mregs;
1005     regs = musb->control_ep->regs;
1006     status = 0;
1007
1008     spin_lock_irqsave(&musb->lock, flags);
1009
1010     if (!list_empty(&ep->req_list)) {
1011         status = -EBUSY;
1012         goto cleanup;
1013     }
1014
1015     musb_ep_select(base, 0);
1016     csr = musb->ackpend;
1017
1018     switch (musb->ep0_state) {
1019
1020     /* Stalls are usually issued after parsing SETUP packet, either
1021      * directly in irq context from setup() or else later.
1022      */
1023     case MUSB_EP0_STAGE_TX:     /* control-IN data */
1024     case MUSB_EP0_STAGE_ACKWAIT:    /* STALL for zero-length data */
1025     case MUSB_EP0_STAGE_RX:     /* control-OUT data */
1026         csr = musb_readw(regs, MUSB_CSR0);
1027         fallthrough;
1028
1029     /* It's also OK to issue stalls during callbacks when a non-empty
1030      * DATA stage buffer has been read (or even written).
1031      */
1032     case MUSB_EP0_STAGE_STATUSIN:   /* control-OUT status */
1033     case MUSB_EP0_STAGE_STATUSOUT:  /* control-IN status */
1034
1035         csr |= MUSB_CSR0_P_SENDSTALL;
1036         musb_writew(regs, MUSB_CSR0, csr);
1037         musb->ep0_state = MUSB_EP0_STAGE_IDLE;
1038         musb->ackpend = 0;
1039         break;
1040     default:
1041         musb_dbg(musb, "ep0 can't halt in state %d", musb->ep0_state);
1042         status = -EINVAL;
1043     }
1044
1045 cleanup:
1046     spin_unlock_irqrestore(&musb->lock, flags);
1047     return status;
1048 }
1049
1050 const struct usb_ep_ops musb_g_ep0_ops = {
1051     .enable     = musb_g_ep0_enable,
1052     .disable    = musb_g_ep0_disable,
1053     .alloc_request  = musb_alloc_request,
1054     .free_request   = musb_free_request,
1055     .queue      = musb_g_ep0_queue,
1056     .dequeue    = musb_g_ep0_dequeue,
1057     .set_halt   = musb_g_ep0_halt,
1058 };