Loading...
1/*
2 * MUSB OTG peripheral driver ep0 handling
3 *
4 * Copyright 2005 Mentor Graphics Corporation
5 * Copyright (C) 2005-2006 by Texas Instruments
6 * Copyright (C) 2006-2007 Nokia Corporation
7 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * version 2 as published by the Free Software Foundation.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
21 * 02110-1301 USA
22 *
23 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
24 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
26 * NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
29 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
30 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 *
34 */
35
36#include <linux/kernel.h>
37#include <linux/list.h>
38#include <linux/timer.h>
39#include <linux/spinlock.h>
40#include <linux/device.h>
41#include <linux/interrupt.h>
42
43#include "musb_core.h"
44
45/* ep0 is always musb->endpoints[0].ep_in */
46#define next_ep0_request(musb) next_in_request(&(musb)->endpoints[0])
47
48/*
49 * locking note: we use only the controller lock, for simpler correctness.
50 * It's always held with IRQs blocked.
51 *
52 * It protects the ep0 request queue as well as ep0_state, not just the
53 * controller and indexed registers. And that lock stays held unless it
54 * needs to be dropped to allow reentering this driver ... like upcalls to
55 * the gadget driver, or adjusting endpoint halt status.
56 */
57
58static char *decode_ep0stage(u8 stage)
59{
60 switch (stage) {
61 case MUSB_EP0_STAGE_IDLE: return "idle";
62 case MUSB_EP0_STAGE_SETUP: return "setup";
63 case MUSB_EP0_STAGE_TX: return "in";
64 case MUSB_EP0_STAGE_RX: return "out";
65 case MUSB_EP0_STAGE_ACKWAIT: return "wait";
66 case MUSB_EP0_STAGE_STATUSIN: return "in/status";
67 case MUSB_EP0_STAGE_STATUSOUT: return "out/status";
68 default: return "?";
69 }
70}
71
72/* handle a standard GET_STATUS request
73 * Context: caller holds controller lock
74 */
75static int service_tx_status_request(
76 struct musb *musb,
77 const struct usb_ctrlrequest *ctrlrequest)
78{
79 void __iomem *mbase = musb->mregs;
80 int handled = 1;
81 u8 result[2], epnum = 0;
82 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
83
84 result[1] = 0;
85
86 switch (recip) {
87 case USB_RECIP_DEVICE:
88 result[0] = musb->g.is_selfpowered << USB_DEVICE_SELF_POWERED;
89 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP;
90 if (musb->g.is_otg) {
91 result[0] |= musb->g.b_hnp_enable
92 << USB_DEVICE_B_HNP_ENABLE;
93 result[0] |= musb->g.a_alt_hnp_support
94 << USB_DEVICE_A_ALT_HNP_SUPPORT;
95 result[0] |= musb->g.a_hnp_support
96 << USB_DEVICE_A_HNP_SUPPORT;
97 }
98 break;
99
100 case USB_RECIP_INTERFACE:
101 result[0] = 0;
102 break;
103
104 case USB_RECIP_ENDPOINT: {
105 int is_in;
106 struct musb_ep *ep;
107 u16 tmp;
108 void __iomem *regs;
109
110 epnum = (u8) ctrlrequest->wIndex;
111 if (!epnum) {
112 result[0] = 0;
113 break;
114 }
115
116 is_in = epnum & USB_DIR_IN;
117 if (is_in) {
118 epnum &= 0x0f;
119 ep = &musb->endpoints[epnum].ep_in;
120 } else {
121 ep = &musb->endpoints[epnum].ep_out;
122 }
123 regs = musb->endpoints[epnum].regs;
124
125 if (epnum >= MUSB_C_NUM_EPS || !ep->desc) {
126 handled = -EINVAL;
127 break;
128 }
129
130 musb_ep_select(mbase, epnum);
131 if (is_in)
132 tmp = musb_readw(regs, MUSB_TXCSR)
133 & MUSB_TXCSR_P_SENDSTALL;
134 else
135 tmp = musb_readw(regs, MUSB_RXCSR)
136 & MUSB_RXCSR_P_SENDSTALL;
137 musb_ep_select(mbase, 0);
138
139 result[0] = tmp ? 1 : 0;
140 } break;
141
142 default:
143 /* class, vendor, etc ... delegate */
144 handled = 0;
145 break;
146 }
147
148 /* fill up the fifo; caller updates csr0 */
149 if (handled > 0) {
150 u16 len = le16_to_cpu(ctrlrequest->wLength);
151
152 if (len > 2)
153 len = 2;
154 musb_write_fifo(&musb->endpoints[0], len, result);
155 }
156
157 return handled;
158}
159
160/*
161 * handle a control-IN request, the end0 buffer contains the current request
162 * that is supposed to be a standard control request. Assumes the fifo to
163 * be at least 2 bytes long.
164 *
165 * @return 0 if the request was NOT HANDLED,
166 * < 0 when error
167 * > 0 when the request is processed
168 *
169 * Context: caller holds controller lock
170 */
171static int
172service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
173{
174 int handled = 0; /* not handled */
175
176 if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
177 == USB_TYPE_STANDARD) {
178 switch (ctrlrequest->bRequest) {
179 case USB_REQ_GET_STATUS:
180 handled = service_tx_status_request(musb,
181 ctrlrequest);
182 break;
183
184 /* case USB_REQ_SYNC_FRAME: */
185
186 default:
187 break;
188 }
189 }
190 return handled;
191}
192
193/*
194 * Context: caller holds controller lock
195 */
196static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req)
197{
198 musb_g_giveback(&musb->endpoints[0].ep_in, req, 0);
199}
200
201/*
202 * Tries to start B-device HNP negotiation if enabled via sysfs
203 */
204static inline void musb_try_b_hnp_enable(struct musb *musb)
205{
206 void __iomem *mbase = musb->mregs;
207 u8 devctl;
208
209 dev_dbg(musb->controller, "HNP: Setting HR\n");
210 devctl = musb_readb(mbase, MUSB_DEVCTL);
211 musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR);
212}
213
214/*
215 * Handle all control requests with no DATA stage, including standard
216 * requests such as:
217 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized
218 * always delegated to the gadget driver
219 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE
220 * always handled here, except for class/vendor/... features
221 *
222 * Context: caller holds controller lock
223 */
224static int
225service_zero_data_request(struct musb *musb,
226 struct usb_ctrlrequest *ctrlrequest)
227__releases(musb->lock)
228__acquires(musb->lock)
229{
230 int handled = -EINVAL;
231 void __iomem *mbase = musb->mregs;
232 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
233
234 /* the gadget driver handles everything except what we MUST handle */
235 if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
236 == USB_TYPE_STANDARD) {
237 switch (ctrlrequest->bRequest) {
238 case USB_REQ_SET_ADDRESS:
239 /* change it after the status stage */
240 musb->set_address = true;
241 musb->address = (u8) (ctrlrequest->wValue & 0x7f);
242 handled = 1;
243 break;
244
245 case USB_REQ_CLEAR_FEATURE:
246 switch (recip) {
247 case USB_RECIP_DEVICE:
248 if (ctrlrequest->wValue
249 != USB_DEVICE_REMOTE_WAKEUP)
250 break;
251 musb->may_wakeup = 0;
252 handled = 1;
253 break;
254 case USB_RECIP_INTERFACE:
255 break;
256 case USB_RECIP_ENDPOINT:{
257 const u8 epnum =
258 ctrlrequest->wIndex & 0x0f;
259 struct musb_ep *musb_ep;
260 struct musb_hw_ep *ep;
261 struct musb_request *request;
262 void __iomem *regs;
263 int is_in;
264 u16 csr;
265
266 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
267 ctrlrequest->wValue != USB_ENDPOINT_HALT)
268 break;
269
270 ep = musb->endpoints + epnum;
271 regs = ep->regs;
272 is_in = ctrlrequest->wIndex & USB_DIR_IN;
273 if (is_in)
274 musb_ep = &ep->ep_in;
275 else
276 musb_ep = &ep->ep_out;
277 if (!musb_ep->desc)
278 break;
279
280 handled = 1;
281 /* Ignore request if endpoint is wedged */
282 if (musb_ep->wedged)
283 break;
284
285 musb_ep_select(mbase, epnum);
286 if (is_in) {
287 csr = musb_readw(regs, MUSB_TXCSR);
288 csr |= MUSB_TXCSR_CLRDATATOG |
289 MUSB_TXCSR_P_WZC_BITS;
290 csr &= ~(MUSB_TXCSR_P_SENDSTALL |
291 MUSB_TXCSR_P_SENTSTALL |
292 MUSB_TXCSR_TXPKTRDY);
293 musb_writew(regs, MUSB_TXCSR, csr);
294 } else {
295 csr = musb_readw(regs, MUSB_RXCSR);
296 csr |= MUSB_RXCSR_CLRDATATOG |
297 MUSB_RXCSR_P_WZC_BITS;
298 csr &= ~(MUSB_RXCSR_P_SENDSTALL |
299 MUSB_RXCSR_P_SENTSTALL);
300 musb_writew(regs, MUSB_RXCSR, csr);
301 }
302
303 /* Maybe start the first request in the queue */
304 request = next_request(musb_ep);
305 if (!musb_ep->busy && request) {
306 dev_dbg(musb->controller, "restarting the request\n");
307 musb_ep_restart(musb, request);
308 }
309
310 /* select ep0 again */
311 musb_ep_select(mbase, 0);
312 } break;
313 default:
314 /* class, vendor, etc ... delegate */
315 handled = 0;
316 break;
317 }
318 break;
319
320 case USB_REQ_SET_FEATURE:
321 switch (recip) {
322 case USB_RECIP_DEVICE:
323 handled = 1;
324 switch (ctrlrequest->wValue) {
325 case USB_DEVICE_REMOTE_WAKEUP:
326 musb->may_wakeup = 1;
327 break;
328 case USB_DEVICE_TEST_MODE:
329 if (musb->g.speed != USB_SPEED_HIGH)
330 goto stall;
331 if (ctrlrequest->wIndex & 0xff)
332 goto stall;
333
334 switch (ctrlrequest->wIndex >> 8) {
335 case 1:
336 pr_debug("TEST_J\n");
337 /* TEST_J */
338 musb->test_mode_nr =
339 MUSB_TEST_J;
340 break;
341 case 2:
342 /* TEST_K */
343 pr_debug("TEST_K\n");
344 musb->test_mode_nr =
345 MUSB_TEST_K;
346 break;
347 case 3:
348 /* TEST_SE0_NAK */
349 pr_debug("TEST_SE0_NAK\n");
350 musb->test_mode_nr =
351 MUSB_TEST_SE0_NAK;
352 break;
353 case 4:
354 /* TEST_PACKET */
355 pr_debug("TEST_PACKET\n");
356 musb->test_mode_nr =
357 MUSB_TEST_PACKET;
358 break;
359
360 case 0xc0:
361 /* TEST_FORCE_HS */
362 pr_debug("TEST_FORCE_HS\n");
363 musb->test_mode_nr =
364 MUSB_TEST_FORCE_HS;
365 break;
366 case 0xc1:
367 /* TEST_FORCE_FS */
368 pr_debug("TEST_FORCE_FS\n");
369 musb->test_mode_nr =
370 MUSB_TEST_FORCE_FS;
371 break;
372 case 0xc2:
373 /* TEST_FIFO_ACCESS */
374 pr_debug("TEST_FIFO_ACCESS\n");
375 musb->test_mode_nr =
376 MUSB_TEST_FIFO_ACCESS;
377 break;
378 case 0xc3:
379 /* TEST_FORCE_HOST */
380 pr_debug("TEST_FORCE_HOST\n");
381 musb->test_mode_nr =
382 MUSB_TEST_FORCE_HOST;
383 break;
384 default:
385 goto stall;
386 }
387
388 /* enter test mode after irq */
389 if (handled > 0)
390 musb->test_mode = true;
391 break;
392 case USB_DEVICE_B_HNP_ENABLE:
393 if (!musb->g.is_otg)
394 goto stall;
395 musb->g.b_hnp_enable = 1;
396 musb_try_b_hnp_enable(musb);
397 break;
398 case USB_DEVICE_A_HNP_SUPPORT:
399 if (!musb->g.is_otg)
400 goto stall;
401 musb->g.a_hnp_support = 1;
402 break;
403 case USB_DEVICE_A_ALT_HNP_SUPPORT:
404 if (!musb->g.is_otg)
405 goto stall;
406 musb->g.a_alt_hnp_support = 1;
407 break;
408 case USB_DEVICE_DEBUG_MODE:
409 handled = 0;
410 break;
411stall:
412 default:
413 handled = -EINVAL;
414 break;
415 }
416 break;
417
418 case USB_RECIP_INTERFACE:
419 break;
420
421 case USB_RECIP_ENDPOINT:{
422 const u8 epnum =
423 ctrlrequest->wIndex & 0x0f;
424 struct musb_ep *musb_ep;
425 struct musb_hw_ep *ep;
426 void __iomem *regs;
427 int is_in;
428 u16 csr;
429
430 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
431 ctrlrequest->wValue != USB_ENDPOINT_HALT)
432 break;
433
434 ep = musb->endpoints + epnum;
435 regs = ep->regs;
436 is_in = ctrlrequest->wIndex & USB_DIR_IN;
437 if (is_in)
438 musb_ep = &ep->ep_in;
439 else
440 musb_ep = &ep->ep_out;
441 if (!musb_ep->desc)
442 break;
443
444 musb_ep_select(mbase, epnum);
445 if (is_in) {
446 csr = musb_readw(regs, MUSB_TXCSR);
447 if (csr & MUSB_TXCSR_FIFONOTEMPTY)
448 csr |= MUSB_TXCSR_FLUSHFIFO;
449 csr |= MUSB_TXCSR_P_SENDSTALL
450 | MUSB_TXCSR_CLRDATATOG
451 | MUSB_TXCSR_P_WZC_BITS;
452 musb_writew(regs, MUSB_TXCSR, csr);
453 } else {
454 csr = musb_readw(regs, MUSB_RXCSR);
455 csr |= MUSB_RXCSR_P_SENDSTALL
456 | MUSB_RXCSR_FLUSHFIFO
457 | MUSB_RXCSR_CLRDATATOG
458 | MUSB_RXCSR_P_WZC_BITS;
459 musb_writew(regs, MUSB_RXCSR, csr);
460 }
461
462 /* select ep0 again */
463 musb_ep_select(mbase, 0);
464 handled = 1;
465 } break;
466
467 default:
468 /* class, vendor, etc ... delegate */
469 handled = 0;
470 break;
471 }
472 break;
473 default:
474 /* delegate SET_CONFIGURATION, etc */
475 handled = 0;
476 }
477 } else
478 handled = 0;
479 return handled;
480}
481
482/* we have an ep0out data packet
483 * Context: caller holds controller lock
484 */
485static void ep0_rxstate(struct musb *musb)
486{
487 void __iomem *regs = musb->control_ep->regs;
488 struct musb_request *request;
489 struct usb_request *req;
490 u16 count, csr;
491
492 request = next_ep0_request(musb);
493 req = &request->request;
494
495 /* read packet and ack; or stall because of gadget driver bug:
496 * should have provided the rx buffer before setup() returned.
497 */
498 if (req) {
499 void *buf = req->buf + req->actual;
500 unsigned len = req->length - req->actual;
501
502 /* read the buffer */
503 count = musb_readb(regs, MUSB_COUNT0);
504 if (count > len) {
505 req->status = -EOVERFLOW;
506 count = len;
507 }
508 if (count > 0) {
509 musb_read_fifo(&musb->endpoints[0], count, buf);
510 req->actual += count;
511 }
512 csr = MUSB_CSR0_P_SVDRXPKTRDY;
513 if (count < 64 || req->actual == req->length) {
514 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
515 csr |= MUSB_CSR0_P_DATAEND;
516 } else
517 req = NULL;
518 } else
519 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL;
520
521
522 /* Completion handler may choose to stall, e.g. because the
523 * message just received holds invalid data.
524 */
525 if (req) {
526 musb->ackpend = csr;
527 musb_g_ep0_giveback(musb, req);
528 if (!musb->ackpend)
529 return;
530 musb->ackpend = 0;
531 }
532 musb_ep_select(musb->mregs, 0);
533 musb_writew(regs, MUSB_CSR0, csr);
534}
535
536/*
537 * transmitting to the host (IN), this code might be called from IRQ
538 * and from kernel thread.
539 *
540 * Context: caller holds controller lock
541 */
542static void ep0_txstate(struct musb *musb)
543{
544 void __iomem *regs = musb->control_ep->regs;
545 struct musb_request *req = next_ep0_request(musb);
546 struct usb_request *request;
547 u16 csr = MUSB_CSR0_TXPKTRDY;
548 u8 *fifo_src;
549 u8 fifo_count;
550
551 if (!req) {
552 /* WARN_ON(1); */
553 dev_dbg(musb->controller, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0));
554 return;
555 }
556
557 request = &req->request;
558
559 /* load the data */
560 fifo_src = (u8 *) request->buf + request->actual;
561 fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE,
562 request->length - request->actual);
563 musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src);
564 request->actual += fifo_count;
565
566 /* update the flags */
567 if (fifo_count < MUSB_MAX_END0_PACKET
568 || (request->actual == request->length
569 && !request->zero)) {
570 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
571 csr |= MUSB_CSR0_P_DATAEND;
572 } else
573 request = NULL;
574
575 /* report completions as soon as the fifo's loaded; there's no
576 * win in waiting till this last packet gets acked. (other than
577 * very precise fault reporting, needed by USB TMC; possible with
578 * this hardware, but not usable from portable gadget drivers.)
579 */
580 if (request) {
581 musb->ackpend = csr;
582 musb_g_ep0_giveback(musb, request);
583 if (!musb->ackpend)
584 return;
585 musb->ackpend = 0;
586 }
587
588 /* send it out, triggering a "txpktrdy cleared" irq */
589 musb_ep_select(musb->mregs, 0);
590 musb_writew(regs, MUSB_CSR0, csr);
591}
592
593/*
594 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware.
595 * Fields are left in USB byte-order.
596 *
597 * Context: caller holds controller lock.
598 */
599static void
600musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req)
601{
602 struct musb_request *r;
603 void __iomem *regs = musb->control_ep->regs;
604
605 musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req);
606
607 /* NOTE: earlier 2.6 versions changed setup packets to host
608 * order, but now USB packets always stay in USB byte order.
609 */
610 dev_dbg(musb->controller, "SETUP req%02x.%02x v%04x i%04x l%d\n",
611 req->bRequestType,
612 req->bRequest,
613 le16_to_cpu(req->wValue),
614 le16_to_cpu(req->wIndex),
615 le16_to_cpu(req->wLength));
616
617 /* clean up any leftover transfers */
618 r = next_ep0_request(musb);
619 if (r)
620 musb_g_ep0_giveback(musb, &r->request);
621
622 /* For zero-data requests we want to delay the STATUS stage to
623 * avoid SETUPEND errors. If we read data (OUT), delay accepting
624 * packets until there's a buffer to store them in.
625 *
626 * If we write data, the controller acts happier if we enable
627 * the TX FIFO right away, and give the controller a moment
628 * to switch modes...
629 */
630 musb->set_address = false;
631 musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY;
632 if (req->wLength == 0) {
633 if (req->bRequestType & USB_DIR_IN)
634 musb->ackpend |= MUSB_CSR0_TXPKTRDY;
635 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT;
636 } else if (req->bRequestType & USB_DIR_IN) {
637 musb->ep0_state = MUSB_EP0_STAGE_TX;
638 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY);
639 while ((musb_readw(regs, MUSB_CSR0)
640 & MUSB_CSR0_RXPKTRDY) != 0)
641 cpu_relax();
642 musb->ackpend = 0;
643 } else
644 musb->ep0_state = MUSB_EP0_STAGE_RX;
645}
646
647static int
648forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
649__releases(musb->lock)
650__acquires(musb->lock)
651{
652 int retval;
653 if (!musb->gadget_driver)
654 return -EOPNOTSUPP;
655 spin_unlock(&musb->lock);
656 retval = musb->gadget_driver->setup(&musb->g, ctrlrequest);
657 spin_lock(&musb->lock);
658 return retval;
659}
660
661/*
662 * Handle peripheral ep0 interrupt
663 *
664 * Context: irq handler; we won't re-enter the driver that way.
665 */
666irqreturn_t musb_g_ep0_irq(struct musb *musb)
667{
668 u16 csr;
669 u16 len;
670 void __iomem *mbase = musb->mregs;
671 void __iomem *regs = musb->endpoints[0].regs;
672 irqreturn_t retval = IRQ_NONE;
673
674 musb_ep_select(mbase, 0); /* select ep0 */
675 csr = musb_readw(regs, MUSB_CSR0);
676 len = musb_readb(regs, MUSB_COUNT0);
677
678 dev_dbg(musb->controller, "csr %04x, count %d, ep0stage %s\n",
679 csr, len, decode_ep0stage(musb->ep0_state));
680
681 if (csr & MUSB_CSR0_P_DATAEND) {
682 /*
683 * If DATAEND is set we should not call the callback,
684 * hence the status stage is not complete.
685 */
686 return IRQ_HANDLED;
687 }
688
689 /* I sent a stall.. need to acknowledge it now.. */
690 if (csr & MUSB_CSR0_P_SENTSTALL) {
691 musb_writew(regs, MUSB_CSR0,
692 csr & ~MUSB_CSR0_P_SENTSTALL);
693 retval = IRQ_HANDLED;
694 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
695 csr = musb_readw(regs, MUSB_CSR0);
696 }
697
698 /* request ended "early" */
699 if (csr & MUSB_CSR0_P_SETUPEND) {
700 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND);
701 retval = IRQ_HANDLED;
702 /* Transition into the early status phase */
703 switch (musb->ep0_state) {
704 case MUSB_EP0_STAGE_TX:
705 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
706 break;
707 case MUSB_EP0_STAGE_RX:
708 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
709 break;
710 default:
711 ERR("SetupEnd came in a wrong ep0stage %s\n",
712 decode_ep0stage(musb->ep0_state));
713 }
714 csr = musb_readw(regs, MUSB_CSR0);
715 /* NOTE: request may need completion */
716 }
717
718 /* docs from Mentor only describe tx, rx, and idle/setup states.
719 * we need to handle nuances around status stages, and also the
720 * case where status and setup stages come back-to-back ...
721 */
722 switch (musb->ep0_state) {
723
724 case MUSB_EP0_STAGE_TX:
725 /* irq on clearing txpktrdy */
726 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) {
727 ep0_txstate(musb);
728 retval = IRQ_HANDLED;
729 }
730 break;
731
732 case MUSB_EP0_STAGE_RX:
733 /* irq on set rxpktrdy */
734 if (csr & MUSB_CSR0_RXPKTRDY) {
735 ep0_rxstate(musb);
736 retval = IRQ_HANDLED;
737 }
738 break;
739
740 case MUSB_EP0_STAGE_STATUSIN:
741 /* end of sequence #2 (OUT/RX state) or #3 (no data) */
742
743 /* update address (if needed) only @ the end of the
744 * status phase per usb spec, which also guarantees
745 * we get 10 msec to receive this irq... until this
746 * is done we won't see the next packet.
747 */
748 if (musb->set_address) {
749 musb->set_address = false;
750 musb_writeb(mbase, MUSB_FADDR, musb->address);
751 }
752
753 /* enter test mode if needed (exit by reset) */
754 else if (musb->test_mode) {
755 dev_dbg(musb->controller, "entering TESTMODE\n");
756
757 if (MUSB_TEST_PACKET == musb->test_mode_nr)
758 musb_load_testpacket(musb);
759
760 musb_writeb(mbase, MUSB_TESTMODE,
761 musb->test_mode_nr);
762 }
763 /* FALLTHROUGH */
764
765 case MUSB_EP0_STAGE_STATUSOUT:
766 /* end of sequence #1: write to host (TX state) */
767 {
768 struct musb_request *req;
769
770 req = next_ep0_request(musb);
771 if (req)
772 musb_g_ep0_giveback(musb, &req->request);
773 }
774
775 /*
776 * In case when several interrupts can get coalesced,
777 * check to see if we've already received a SETUP packet...
778 */
779 if (csr & MUSB_CSR0_RXPKTRDY)
780 goto setup;
781
782 retval = IRQ_HANDLED;
783 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
784 break;
785
786 case MUSB_EP0_STAGE_IDLE:
787 /*
788 * This state is typically (but not always) indiscernible
789 * from the status states since the corresponding interrupts
790 * tend to happen within too little period of time (with only
791 * a zero-length packet in between) and so get coalesced...
792 */
793 retval = IRQ_HANDLED;
794 musb->ep0_state = MUSB_EP0_STAGE_SETUP;
795 /* FALLTHROUGH */
796
797 case MUSB_EP0_STAGE_SETUP:
798setup:
799 if (csr & MUSB_CSR0_RXPKTRDY) {
800 struct usb_ctrlrequest setup;
801 int handled = 0;
802
803 if (len != 8) {
804 ERR("SETUP packet len %d != 8 ?\n", len);
805 break;
806 }
807 musb_read_setup(musb, &setup);
808 retval = IRQ_HANDLED;
809
810 /* sometimes the RESET won't be reported */
811 if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) {
812 u8 power;
813
814 printk(KERN_NOTICE "%s: peripheral reset "
815 "irq lost!\n",
816 musb_driver_name);
817 power = musb_readb(mbase, MUSB_POWER);
818 musb->g.speed = (power & MUSB_POWER_HSMODE)
819 ? USB_SPEED_HIGH : USB_SPEED_FULL;
820
821 }
822
823 switch (musb->ep0_state) {
824
825 /* sequence #3 (no data stage), includes requests
826 * we can't forward (notably SET_ADDRESS and the
827 * device/endpoint feature set/clear operations)
828 * plus SET_CONFIGURATION and others we must
829 */
830 case MUSB_EP0_STAGE_ACKWAIT:
831 handled = service_zero_data_request(
832 musb, &setup);
833
834 /*
835 * We're expecting no data in any case, so
836 * always set the DATAEND bit -- doing this
837 * here helps avoid SetupEnd interrupt coming
838 * in the idle stage when we're stalling...
839 */
840 musb->ackpend |= MUSB_CSR0_P_DATAEND;
841
842 /* status stage might be immediate */
843 if (handled > 0)
844 musb->ep0_state =
845 MUSB_EP0_STAGE_STATUSIN;
846 break;
847
848 /* sequence #1 (IN to host), includes GET_STATUS
849 * requests that we can't forward, GET_DESCRIPTOR
850 * and others that we must
851 */
852 case MUSB_EP0_STAGE_TX:
853 handled = service_in_request(musb, &setup);
854 if (handled > 0) {
855 musb->ackpend = MUSB_CSR0_TXPKTRDY
856 | MUSB_CSR0_P_DATAEND;
857 musb->ep0_state =
858 MUSB_EP0_STAGE_STATUSOUT;
859 }
860 break;
861
862 /* sequence #2 (OUT from host), always forward */
863 default: /* MUSB_EP0_STAGE_RX */
864 break;
865 }
866
867 dev_dbg(musb->controller, "handled %d, csr %04x, ep0stage %s\n",
868 handled, csr,
869 decode_ep0stage(musb->ep0_state));
870
871 /* unless we need to delegate this to the gadget
872 * driver, we know how to wrap this up: csr0 has
873 * not yet been written.
874 */
875 if (handled < 0)
876 goto stall;
877 else if (handled > 0)
878 goto finish;
879
880 handled = forward_to_driver(musb, &setup);
881 if (handled < 0) {
882 musb_ep_select(mbase, 0);
883stall:
884 dev_dbg(musb->controller, "stall (%d)\n", handled);
885 musb->ackpend |= MUSB_CSR0_P_SENDSTALL;
886 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
887finish:
888 musb_writew(regs, MUSB_CSR0,
889 musb->ackpend);
890 musb->ackpend = 0;
891 }
892 }
893 break;
894
895 case MUSB_EP0_STAGE_ACKWAIT:
896 /* This should not happen. But happens with tusb6010 with
897 * g_file_storage and high speed. Do nothing.
898 */
899 retval = IRQ_HANDLED;
900 break;
901
902 default:
903 /* "can't happen" */
904 WARN_ON(1);
905 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL);
906 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
907 break;
908 }
909
910 return retval;
911}
912
913
914static int
915musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc)
916{
917 /* always enabled */
918 return -EINVAL;
919}
920
921static int musb_g_ep0_disable(struct usb_ep *e)
922{
923 /* always enabled */
924 return -EINVAL;
925}
926
927static int
928musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags)
929{
930 struct musb_ep *ep;
931 struct musb_request *req;
932 struct musb *musb;
933 int status;
934 unsigned long lockflags;
935 void __iomem *regs;
936
937 if (!e || !r)
938 return -EINVAL;
939
940 ep = to_musb_ep(e);
941 musb = ep->musb;
942 regs = musb->control_ep->regs;
943
944 req = to_musb_request(r);
945 req->musb = musb;
946 req->request.actual = 0;
947 req->request.status = -EINPROGRESS;
948 req->tx = ep->is_in;
949
950 spin_lock_irqsave(&musb->lock, lockflags);
951
952 if (!list_empty(&ep->req_list)) {
953 status = -EBUSY;
954 goto cleanup;
955 }
956
957 switch (musb->ep0_state) {
958 case MUSB_EP0_STAGE_RX: /* control-OUT data */
959 case MUSB_EP0_STAGE_TX: /* control-IN data */
960 case MUSB_EP0_STAGE_ACKWAIT: /* zero-length data */
961 status = 0;
962 break;
963 default:
964 dev_dbg(musb->controller, "ep0 request queued in state %d\n",
965 musb->ep0_state);
966 status = -EINVAL;
967 goto cleanup;
968 }
969
970 /* add request to the list */
971 list_add_tail(&req->list, &ep->req_list);
972
973 dev_dbg(musb->controller, "queue to %s (%s), length=%d\n",
974 ep->name, ep->is_in ? "IN/TX" : "OUT/RX",
975 req->request.length);
976
977 musb_ep_select(musb->mregs, 0);
978
979 /* sequence #1, IN ... start writing the data */
980 if (musb->ep0_state == MUSB_EP0_STAGE_TX)
981 ep0_txstate(musb);
982
983 /* sequence #3, no-data ... issue IN status */
984 else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) {
985 if (req->request.length)
986 status = -EINVAL;
987 else {
988 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
989 musb_writew(regs, MUSB_CSR0,
990 musb->ackpend | MUSB_CSR0_P_DATAEND);
991 musb->ackpend = 0;
992 musb_g_ep0_giveback(ep->musb, r);
993 }
994
995 /* else for sequence #2 (OUT), caller provides a buffer
996 * before the next packet arrives. deferred responses
997 * (after SETUP is acked) are racey.
998 */
999 } else if (musb->ackpend) {
1000 musb_writew(regs, MUSB_CSR0, musb->ackpend);
1001 musb->ackpend = 0;
1002 }
1003
1004cleanup:
1005 spin_unlock_irqrestore(&musb->lock, lockflags);
1006 return status;
1007}
1008
1009static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req)
1010{
1011 /* we just won't support this */
1012 return -EINVAL;
1013}
1014
1015static int musb_g_ep0_halt(struct usb_ep *e, int value)
1016{
1017 struct musb_ep *ep;
1018 struct musb *musb;
1019 void __iomem *base, *regs;
1020 unsigned long flags;
1021 int status;
1022 u16 csr;
1023
1024 if (!e || !value)
1025 return -EINVAL;
1026
1027 ep = to_musb_ep(e);
1028 musb = ep->musb;
1029 base = musb->mregs;
1030 regs = musb->control_ep->regs;
1031 status = 0;
1032
1033 spin_lock_irqsave(&musb->lock, flags);
1034
1035 if (!list_empty(&ep->req_list)) {
1036 status = -EBUSY;
1037 goto cleanup;
1038 }
1039
1040 musb_ep_select(base, 0);
1041 csr = musb->ackpend;
1042
1043 switch (musb->ep0_state) {
1044
1045 /* Stalls are usually issued after parsing SETUP packet, either
1046 * directly in irq context from setup() or else later.
1047 */
1048 case MUSB_EP0_STAGE_TX: /* control-IN data */
1049 case MUSB_EP0_STAGE_ACKWAIT: /* STALL for zero-length data */
1050 case MUSB_EP0_STAGE_RX: /* control-OUT data */
1051 csr = musb_readw(regs, MUSB_CSR0);
1052 /* FALLTHROUGH */
1053
1054 /* It's also OK to issue stalls during callbacks when a non-empty
1055 * DATA stage buffer has been read (or even written).
1056 */
1057 case MUSB_EP0_STAGE_STATUSIN: /* control-OUT status */
1058 case MUSB_EP0_STAGE_STATUSOUT: /* control-IN status */
1059
1060 csr |= MUSB_CSR0_P_SENDSTALL;
1061 musb_writew(regs, MUSB_CSR0, csr);
1062 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
1063 musb->ackpend = 0;
1064 break;
1065 default:
1066 dev_dbg(musb->controller, "ep0 can't halt in state %d\n", musb->ep0_state);
1067 status = -EINVAL;
1068 }
1069
1070cleanup:
1071 spin_unlock_irqrestore(&musb->lock, flags);
1072 return status;
1073}
1074
1075const struct usb_ep_ops musb_g_ep0_ops = {
1076 .enable = musb_g_ep0_enable,
1077 .disable = musb_g_ep0_disable,
1078 .alloc_request = musb_alloc_request,
1079 .free_request = musb_free_request,
1080 .queue = musb_g_ep0_queue,
1081 .dequeue = musb_g_ep0_dequeue,
1082 .set_halt = musb_g_ep0_halt,
1083};
1/*
2 * MUSB OTG peripheral driver ep0 handling
3 *
4 * Copyright 2005 Mentor Graphics Corporation
5 * Copyright (C) 2005-2006 by Texas Instruments
6 * Copyright (C) 2006-2007 Nokia Corporation
7 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * version 2 as published by the Free Software Foundation.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
21 * 02110-1301 USA
22 *
23 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
24 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
26 * NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
29 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
30 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 *
34 */
35
36#include <linux/kernel.h>
37#include <linux/list.h>
38#include <linux/timer.h>
39#include <linux/spinlock.h>
40#include <linux/device.h>
41#include <linux/interrupt.h>
42
43#include "musb_core.h"
44
45/* ep0 is always musb->endpoints[0].ep_in */
46#define next_ep0_request(musb) next_in_request(&(musb)->endpoints[0])
47
48/*
49 * locking note: we use only the controller lock, for simpler correctness.
50 * It's always held with IRQs blocked.
51 *
52 * It protects the ep0 request queue as well as ep0_state, not just the
53 * controller and indexed registers. And that lock stays held unless it
54 * needs to be dropped to allow reentering this driver ... like upcalls to
55 * the gadget driver, or adjusting endpoint halt status.
56 */
57
58static char *decode_ep0stage(u8 stage)
59{
60 switch (stage) {
61 case MUSB_EP0_STAGE_IDLE: return "idle";
62 case MUSB_EP0_STAGE_SETUP: return "setup";
63 case MUSB_EP0_STAGE_TX: return "in";
64 case MUSB_EP0_STAGE_RX: return "out";
65 case MUSB_EP0_STAGE_ACKWAIT: return "wait";
66 case MUSB_EP0_STAGE_STATUSIN: return "in/status";
67 case MUSB_EP0_STAGE_STATUSOUT: return "out/status";
68 default: return "?";
69 }
70}
71
72/* handle a standard GET_STATUS request
73 * Context: caller holds controller lock
74 */
75static int service_tx_status_request(
76 struct musb *musb,
77 const struct usb_ctrlrequest *ctrlrequest)
78{
79 void __iomem *mbase = musb->mregs;
80 int handled = 1;
81 u8 result[2], epnum = 0;
82 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
83
84 result[1] = 0;
85
86 switch (recip) {
87 case USB_RECIP_DEVICE:
88 result[0] = musb->g.is_selfpowered << USB_DEVICE_SELF_POWERED;
89 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP;
90 if (musb->g.is_otg) {
91 result[0] |= musb->g.b_hnp_enable
92 << USB_DEVICE_B_HNP_ENABLE;
93 result[0] |= musb->g.a_alt_hnp_support
94 << USB_DEVICE_A_ALT_HNP_SUPPORT;
95 result[0] |= musb->g.a_hnp_support
96 << USB_DEVICE_A_HNP_SUPPORT;
97 }
98 break;
99
100 case USB_RECIP_INTERFACE:
101 result[0] = 0;
102 break;
103
104 case USB_RECIP_ENDPOINT: {
105 int is_in;
106 struct musb_ep *ep;
107 u16 tmp;
108 void __iomem *regs;
109
110 epnum = (u8) ctrlrequest->wIndex;
111 if (!epnum) {
112 result[0] = 0;
113 break;
114 }
115
116 is_in = epnum & USB_DIR_IN;
117 if (is_in) {
118 epnum &= 0x0f;
119 ep = &musb->endpoints[epnum].ep_in;
120 } else {
121 ep = &musb->endpoints[epnum].ep_out;
122 }
123 regs = musb->endpoints[epnum].regs;
124
125 if (epnum >= MUSB_C_NUM_EPS || !ep->desc) {
126 handled = -EINVAL;
127 break;
128 }
129
130 musb_ep_select(mbase, epnum);
131 if (is_in)
132 tmp = musb_readw(regs, MUSB_TXCSR)
133 & MUSB_TXCSR_P_SENDSTALL;
134 else
135 tmp = musb_readw(regs, MUSB_RXCSR)
136 & MUSB_RXCSR_P_SENDSTALL;
137 musb_ep_select(mbase, 0);
138
139 result[0] = tmp ? 1 : 0;
140 } break;
141
142 default:
143 /* class, vendor, etc ... delegate */
144 handled = 0;
145 break;
146 }
147
148 /* fill up the fifo; caller updates csr0 */
149 if (handled > 0) {
150 u16 len = le16_to_cpu(ctrlrequest->wLength);
151
152 if (len > 2)
153 len = 2;
154 musb_write_fifo(&musb->endpoints[0], len, result);
155 }
156
157 return handled;
158}
159
160/*
161 * handle a control-IN request, the end0 buffer contains the current request
162 * that is supposed to be a standard control request. Assumes the fifo to
163 * be at least 2 bytes long.
164 *
165 * @return 0 if the request was NOT HANDLED,
166 * < 0 when error
167 * > 0 when the request is processed
168 *
169 * Context: caller holds controller lock
170 */
171static int
172service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
173{
174 int handled = 0; /* not handled */
175
176 if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
177 == USB_TYPE_STANDARD) {
178 switch (ctrlrequest->bRequest) {
179 case USB_REQ_GET_STATUS:
180 handled = service_tx_status_request(musb,
181 ctrlrequest);
182 break;
183
184 /* case USB_REQ_SYNC_FRAME: */
185
186 default:
187 break;
188 }
189 }
190 return handled;
191}
192
193/*
194 * Context: caller holds controller lock
195 */
196static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req)
197{
198 musb_g_giveback(&musb->endpoints[0].ep_in, req, 0);
199}
200
201/*
202 * Tries to start B-device HNP negotiation if enabled via sysfs
203 */
204static inline void musb_try_b_hnp_enable(struct musb *musb)
205{
206 void __iomem *mbase = musb->mregs;
207 u8 devctl;
208
209 musb_dbg(musb, "HNP: Setting HR");
210 devctl = musb_readb(mbase, MUSB_DEVCTL);
211 musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR);
212}
213
214/*
215 * Handle all control requests with no DATA stage, including standard
216 * requests such as:
217 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized
218 * always delegated to the gadget driver
219 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE
220 * always handled here, except for class/vendor/... features
221 *
222 * Context: caller holds controller lock
223 */
224static int
225service_zero_data_request(struct musb *musb,
226 struct usb_ctrlrequest *ctrlrequest)
227__releases(musb->lock)
228__acquires(musb->lock)
229{
230 int handled = -EINVAL;
231 void __iomem *mbase = musb->mregs;
232 const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
233
234 /* the gadget driver handles everything except what we MUST handle */
235 if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
236 == USB_TYPE_STANDARD) {
237 switch (ctrlrequest->bRequest) {
238 case USB_REQ_SET_ADDRESS:
239 /* change it after the status stage */
240 musb->set_address = true;
241 musb->address = (u8) (ctrlrequest->wValue & 0x7f);
242 handled = 1;
243 break;
244
245 case USB_REQ_CLEAR_FEATURE:
246 switch (recip) {
247 case USB_RECIP_DEVICE:
248 if (ctrlrequest->wValue
249 != USB_DEVICE_REMOTE_WAKEUP)
250 break;
251 musb->may_wakeup = 0;
252 handled = 1;
253 break;
254 case USB_RECIP_INTERFACE:
255 break;
256 case USB_RECIP_ENDPOINT:{
257 const u8 epnum =
258 ctrlrequest->wIndex & 0x0f;
259 struct musb_ep *musb_ep;
260 struct musb_hw_ep *ep;
261 struct musb_request *request;
262 void __iomem *regs;
263 int is_in;
264 u16 csr;
265
266 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
267 ctrlrequest->wValue != USB_ENDPOINT_HALT)
268 break;
269
270 ep = musb->endpoints + epnum;
271 regs = ep->regs;
272 is_in = ctrlrequest->wIndex & USB_DIR_IN;
273 if (is_in)
274 musb_ep = &ep->ep_in;
275 else
276 musb_ep = &ep->ep_out;
277 if (!musb_ep->desc)
278 break;
279
280 handled = 1;
281 /* Ignore request if endpoint is wedged */
282 if (musb_ep->wedged)
283 break;
284
285 musb_ep_select(mbase, epnum);
286 if (is_in) {
287 csr = musb_readw(regs, MUSB_TXCSR);
288 csr |= MUSB_TXCSR_CLRDATATOG |
289 MUSB_TXCSR_P_WZC_BITS;
290 csr &= ~(MUSB_TXCSR_P_SENDSTALL |
291 MUSB_TXCSR_P_SENTSTALL |
292 MUSB_TXCSR_TXPKTRDY);
293 musb_writew(regs, MUSB_TXCSR, csr);
294 } else {
295 csr = musb_readw(regs, MUSB_RXCSR);
296 csr |= MUSB_RXCSR_CLRDATATOG |
297 MUSB_RXCSR_P_WZC_BITS;
298 csr &= ~(MUSB_RXCSR_P_SENDSTALL |
299 MUSB_RXCSR_P_SENTSTALL);
300 musb_writew(regs, MUSB_RXCSR, csr);
301 }
302
303 /* Maybe start the first request in the queue */
304 request = next_request(musb_ep);
305 if (!musb_ep->busy && request) {
306 musb_dbg(musb, "restarting the request");
307 musb_ep_restart(musb, request);
308 }
309
310 /* select ep0 again */
311 musb_ep_select(mbase, 0);
312 } break;
313 default:
314 /* class, vendor, etc ... delegate */
315 handled = 0;
316 break;
317 }
318 break;
319
320 case USB_REQ_SET_FEATURE:
321 switch (recip) {
322 case USB_RECIP_DEVICE:
323 handled = 1;
324 switch (ctrlrequest->wValue) {
325 case USB_DEVICE_REMOTE_WAKEUP:
326 musb->may_wakeup = 1;
327 break;
328 case USB_DEVICE_TEST_MODE:
329 if (musb->g.speed != USB_SPEED_HIGH)
330 goto stall;
331 if (ctrlrequest->wIndex & 0xff)
332 goto stall;
333
334 switch (ctrlrequest->wIndex >> 8) {
335 case 1:
336 pr_debug("TEST_J\n");
337 /* TEST_J */
338 musb->test_mode_nr =
339 MUSB_TEST_J;
340 break;
341 case 2:
342 /* TEST_K */
343 pr_debug("TEST_K\n");
344 musb->test_mode_nr =
345 MUSB_TEST_K;
346 break;
347 case 3:
348 /* TEST_SE0_NAK */
349 pr_debug("TEST_SE0_NAK\n");
350 musb->test_mode_nr =
351 MUSB_TEST_SE0_NAK;
352 break;
353 case 4:
354 /* TEST_PACKET */
355 pr_debug("TEST_PACKET\n");
356 musb->test_mode_nr =
357 MUSB_TEST_PACKET;
358 break;
359
360 case 0xc0:
361 /* TEST_FORCE_HS */
362 pr_debug("TEST_FORCE_HS\n");
363 musb->test_mode_nr =
364 MUSB_TEST_FORCE_HS;
365 break;
366 case 0xc1:
367 /* TEST_FORCE_FS */
368 pr_debug("TEST_FORCE_FS\n");
369 musb->test_mode_nr =
370 MUSB_TEST_FORCE_FS;
371 break;
372 case 0xc2:
373 /* TEST_FIFO_ACCESS */
374 pr_debug("TEST_FIFO_ACCESS\n");
375 musb->test_mode_nr =
376 MUSB_TEST_FIFO_ACCESS;
377 break;
378 case 0xc3:
379 /* TEST_FORCE_HOST */
380 pr_debug("TEST_FORCE_HOST\n");
381 musb->test_mode_nr =
382 MUSB_TEST_FORCE_HOST;
383 break;
384 default:
385 goto stall;
386 }
387
388 /* enter test mode after irq */
389 if (handled > 0)
390 musb->test_mode = true;
391 break;
392 case USB_DEVICE_B_HNP_ENABLE:
393 if (!musb->g.is_otg)
394 goto stall;
395 musb->g.b_hnp_enable = 1;
396 musb_try_b_hnp_enable(musb);
397 break;
398 case USB_DEVICE_A_HNP_SUPPORT:
399 if (!musb->g.is_otg)
400 goto stall;
401 musb->g.a_hnp_support = 1;
402 break;
403 case USB_DEVICE_A_ALT_HNP_SUPPORT:
404 if (!musb->g.is_otg)
405 goto stall;
406 musb->g.a_alt_hnp_support = 1;
407 break;
408 case USB_DEVICE_DEBUG_MODE:
409 handled = 0;
410 break;
411stall:
412 default:
413 handled = -EINVAL;
414 break;
415 }
416 break;
417
418 case USB_RECIP_INTERFACE:
419 break;
420
421 case USB_RECIP_ENDPOINT:{
422 const u8 epnum =
423 ctrlrequest->wIndex & 0x0f;
424 struct musb_ep *musb_ep;
425 struct musb_hw_ep *ep;
426 void __iomem *regs;
427 int is_in;
428 u16 csr;
429
430 if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
431 ctrlrequest->wValue != USB_ENDPOINT_HALT)
432 break;
433
434 ep = musb->endpoints + epnum;
435 regs = ep->regs;
436 is_in = ctrlrequest->wIndex & USB_DIR_IN;
437 if (is_in)
438 musb_ep = &ep->ep_in;
439 else
440 musb_ep = &ep->ep_out;
441 if (!musb_ep->desc)
442 break;
443
444 musb_ep_select(mbase, epnum);
445 if (is_in) {
446 csr = musb_readw(regs, MUSB_TXCSR);
447 if (csr & MUSB_TXCSR_FIFONOTEMPTY)
448 csr |= MUSB_TXCSR_FLUSHFIFO;
449 csr |= MUSB_TXCSR_P_SENDSTALL
450 | MUSB_TXCSR_CLRDATATOG
451 | MUSB_TXCSR_P_WZC_BITS;
452 musb_writew(regs, MUSB_TXCSR, csr);
453 } else {
454 csr = musb_readw(regs, MUSB_RXCSR);
455 csr |= MUSB_RXCSR_P_SENDSTALL
456 | MUSB_RXCSR_FLUSHFIFO
457 | MUSB_RXCSR_CLRDATATOG
458 | MUSB_RXCSR_P_WZC_BITS;
459 musb_writew(regs, MUSB_RXCSR, csr);
460 }
461
462 /* select ep0 again */
463 musb_ep_select(mbase, 0);
464 handled = 1;
465 } break;
466
467 default:
468 /* class, vendor, etc ... delegate */
469 handled = 0;
470 break;
471 }
472 break;
473 default:
474 /* delegate SET_CONFIGURATION, etc */
475 handled = 0;
476 }
477 } else
478 handled = 0;
479 return handled;
480}
481
482/* we have an ep0out data packet
483 * Context: caller holds controller lock
484 */
485static void ep0_rxstate(struct musb *musb)
486{
487 void __iomem *regs = musb->control_ep->regs;
488 struct musb_request *request;
489 struct usb_request *req;
490 u16 count, csr;
491
492 request = next_ep0_request(musb);
493 req = &request->request;
494
495 /* read packet and ack; or stall because of gadget driver bug:
496 * should have provided the rx buffer before setup() returned.
497 */
498 if (req) {
499 void *buf = req->buf + req->actual;
500 unsigned len = req->length - req->actual;
501
502 /* read the buffer */
503 count = musb_readb(regs, MUSB_COUNT0);
504 if (count > len) {
505 req->status = -EOVERFLOW;
506 count = len;
507 }
508 if (count > 0) {
509 musb_read_fifo(&musb->endpoints[0], count, buf);
510 req->actual += count;
511 }
512 csr = MUSB_CSR0_P_SVDRXPKTRDY;
513 if (count < 64 || req->actual == req->length) {
514 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
515 csr |= MUSB_CSR0_P_DATAEND;
516 } else
517 req = NULL;
518 } else
519 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL;
520
521
522 /* Completion handler may choose to stall, e.g. because the
523 * message just received holds invalid data.
524 */
525 if (req) {
526 musb->ackpend = csr;
527 musb_g_ep0_giveback(musb, req);
528 if (!musb->ackpend)
529 return;
530 musb->ackpend = 0;
531 }
532 musb_ep_select(musb->mregs, 0);
533 musb_writew(regs, MUSB_CSR0, csr);
534}
535
536/*
537 * transmitting to the host (IN), this code might be called from IRQ
538 * and from kernel thread.
539 *
540 * Context: caller holds controller lock
541 */
542static void ep0_txstate(struct musb *musb)
543{
544 void __iomem *regs = musb->control_ep->regs;
545 struct musb_request *req = next_ep0_request(musb);
546 struct usb_request *request;
547 u16 csr = MUSB_CSR0_TXPKTRDY;
548 u8 *fifo_src;
549 u8 fifo_count;
550
551 if (!req) {
552 /* WARN_ON(1); */
553 musb_dbg(musb, "odd; csr0 %04x", musb_readw(regs, MUSB_CSR0));
554 return;
555 }
556
557 request = &req->request;
558
559 /* load the data */
560 fifo_src = (u8 *) request->buf + request->actual;
561 fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE,
562 request->length - request->actual);
563 musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src);
564 request->actual += fifo_count;
565
566 /* update the flags */
567 if (fifo_count < MUSB_MAX_END0_PACKET
568 || (request->actual == request->length
569 && !request->zero)) {
570 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
571 csr |= MUSB_CSR0_P_DATAEND;
572 } else
573 request = NULL;
574
575 /* report completions as soon as the fifo's loaded; there's no
576 * win in waiting till this last packet gets acked. (other than
577 * very precise fault reporting, needed by USB TMC; possible with
578 * this hardware, but not usable from portable gadget drivers.)
579 */
580 if (request) {
581 musb->ackpend = csr;
582 musb_g_ep0_giveback(musb, request);
583 if (!musb->ackpend)
584 return;
585 musb->ackpend = 0;
586 }
587
588 /* send it out, triggering a "txpktrdy cleared" irq */
589 musb_ep_select(musb->mregs, 0);
590 musb_writew(regs, MUSB_CSR0, csr);
591}
592
593/*
594 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware.
595 * Fields are left in USB byte-order.
596 *
597 * Context: caller holds controller lock.
598 */
599static void
600musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req)
601{
602 struct musb_request *r;
603 void __iomem *regs = musb->control_ep->regs;
604
605 musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req);
606
607 /* NOTE: earlier 2.6 versions changed setup packets to host
608 * order, but now USB packets always stay in USB byte order.
609 */
610 musb_dbg(musb, "SETUP req%02x.%02x v%04x i%04x l%d",
611 req->bRequestType,
612 req->bRequest,
613 le16_to_cpu(req->wValue),
614 le16_to_cpu(req->wIndex),
615 le16_to_cpu(req->wLength));
616
617 /* clean up any leftover transfers */
618 r = next_ep0_request(musb);
619 if (r)
620 musb_g_ep0_giveback(musb, &r->request);
621
622 /* For zero-data requests we want to delay the STATUS stage to
623 * avoid SETUPEND errors. If we read data (OUT), delay accepting
624 * packets until there's a buffer to store them in.
625 *
626 * If we write data, the controller acts happier if we enable
627 * the TX FIFO right away, and give the controller a moment
628 * to switch modes...
629 */
630 musb->set_address = false;
631 musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY;
632 if (req->wLength == 0) {
633 if (req->bRequestType & USB_DIR_IN)
634 musb->ackpend |= MUSB_CSR0_TXPKTRDY;
635 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT;
636 } else if (req->bRequestType & USB_DIR_IN) {
637 musb->ep0_state = MUSB_EP0_STAGE_TX;
638 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY);
639 while ((musb_readw(regs, MUSB_CSR0)
640 & MUSB_CSR0_RXPKTRDY) != 0)
641 cpu_relax();
642 musb->ackpend = 0;
643 } else
644 musb->ep0_state = MUSB_EP0_STAGE_RX;
645}
646
647static int
648forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
649__releases(musb->lock)
650__acquires(musb->lock)
651{
652 int retval;
653 if (!musb->gadget_driver)
654 return -EOPNOTSUPP;
655 spin_unlock(&musb->lock);
656 retval = musb->gadget_driver->setup(&musb->g, ctrlrequest);
657 spin_lock(&musb->lock);
658 return retval;
659}
660
661/*
662 * Handle peripheral ep0 interrupt
663 *
664 * Context: irq handler; we won't re-enter the driver that way.
665 */
666irqreturn_t musb_g_ep0_irq(struct musb *musb)
667{
668 u16 csr;
669 u16 len;
670 void __iomem *mbase = musb->mregs;
671 void __iomem *regs = musb->endpoints[0].regs;
672 irqreturn_t retval = IRQ_NONE;
673
674 musb_ep_select(mbase, 0); /* select ep0 */
675 csr = musb_readw(regs, MUSB_CSR0);
676 len = musb_readb(regs, MUSB_COUNT0);
677
678 musb_dbg(musb, "csr %04x, count %d, ep0stage %s",
679 csr, len, decode_ep0stage(musb->ep0_state));
680
681 if (csr & MUSB_CSR0_P_DATAEND) {
682 /*
683 * If DATAEND is set we should not call the callback,
684 * hence the status stage is not complete.
685 */
686 return IRQ_HANDLED;
687 }
688
689 /* I sent a stall.. need to acknowledge it now.. */
690 if (csr & MUSB_CSR0_P_SENTSTALL) {
691 musb_writew(regs, MUSB_CSR0,
692 csr & ~MUSB_CSR0_P_SENTSTALL);
693 retval = IRQ_HANDLED;
694 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
695 csr = musb_readw(regs, MUSB_CSR0);
696 }
697
698 /* request ended "early" */
699 if (csr & MUSB_CSR0_P_SETUPEND) {
700 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND);
701 retval = IRQ_HANDLED;
702 /* Transition into the early status phase */
703 switch (musb->ep0_state) {
704 case MUSB_EP0_STAGE_TX:
705 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
706 break;
707 case MUSB_EP0_STAGE_RX:
708 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
709 break;
710 default:
711 ERR("SetupEnd came in a wrong ep0stage %s\n",
712 decode_ep0stage(musb->ep0_state));
713 }
714 csr = musb_readw(regs, MUSB_CSR0);
715 /* NOTE: request may need completion */
716 }
717
718 /* docs from Mentor only describe tx, rx, and idle/setup states.
719 * we need to handle nuances around status stages, and also the
720 * case where status and setup stages come back-to-back ...
721 */
722 switch (musb->ep0_state) {
723
724 case MUSB_EP0_STAGE_TX:
725 /* irq on clearing txpktrdy */
726 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) {
727 ep0_txstate(musb);
728 retval = IRQ_HANDLED;
729 }
730 break;
731
732 case MUSB_EP0_STAGE_RX:
733 /* irq on set rxpktrdy */
734 if (csr & MUSB_CSR0_RXPKTRDY) {
735 ep0_rxstate(musb);
736 retval = IRQ_HANDLED;
737 }
738 break;
739
740 case MUSB_EP0_STAGE_STATUSIN:
741 /* end of sequence #2 (OUT/RX state) or #3 (no data) */
742
743 /* update address (if needed) only @ the end of the
744 * status phase per usb spec, which also guarantees
745 * we get 10 msec to receive this irq... until this
746 * is done we won't see the next packet.
747 */
748 if (musb->set_address) {
749 musb->set_address = false;
750 musb_writeb(mbase, MUSB_FADDR, musb->address);
751 }
752
753 /* enter test mode if needed (exit by reset) */
754 else if (musb->test_mode) {
755 musb_dbg(musb, "entering TESTMODE");
756
757 if (MUSB_TEST_PACKET == musb->test_mode_nr)
758 musb_load_testpacket(musb);
759
760 musb_writeb(mbase, MUSB_TESTMODE,
761 musb->test_mode_nr);
762 }
763 /* FALLTHROUGH */
764
765 case MUSB_EP0_STAGE_STATUSOUT:
766 /* end of sequence #1: write to host (TX state) */
767 {
768 struct musb_request *req;
769
770 req = next_ep0_request(musb);
771 if (req)
772 musb_g_ep0_giveback(musb, &req->request);
773 }
774
775 /*
776 * In case when several interrupts can get coalesced,
777 * check to see if we've already received a SETUP packet...
778 */
779 if (csr & MUSB_CSR0_RXPKTRDY)
780 goto setup;
781
782 retval = IRQ_HANDLED;
783 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
784 break;
785
786 case MUSB_EP0_STAGE_IDLE:
787 /*
788 * This state is typically (but not always) indiscernible
789 * from the status states since the corresponding interrupts
790 * tend to happen within too little period of time (with only
791 * a zero-length packet in between) and so get coalesced...
792 */
793 retval = IRQ_HANDLED;
794 musb->ep0_state = MUSB_EP0_STAGE_SETUP;
795 /* FALLTHROUGH */
796
797 case MUSB_EP0_STAGE_SETUP:
798setup:
799 if (csr & MUSB_CSR0_RXPKTRDY) {
800 struct usb_ctrlrequest setup;
801 int handled = 0;
802
803 if (len != 8) {
804 ERR("SETUP packet len %d != 8 ?\n", len);
805 break;
806 }
807 musb_read_setup(musb, &setup);
808 retval = IRQ_HANDLED;
809
810 /* sometimes the RESET won't be reported */
811 if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) {
812 u8 power;
813
814 printk(KERN_NOTICE "%s: peripheral reset "
815 "irq lost!\n",
816 musb_driver_name);
817 power = musb_readb(mbase, MUSB_POWER);
818 musb->g.speed = (power & MUSB_POWER_HSMODE)
819 ? USB_SPEED_HIGH : USB_SPEED_FULL;
820
821 }
822
823 switch (musb->ep0_state) {
824
825 /* sequence #3 (no data stage), includes requests
826 * we can't forward (notably SET_ADDRESS and the
827 * device/endpoint feature set/clear operations)
828 * plus SET_CONFIGURATION and others we must
829 */
830 case MUSB_EP0_STAGE_ACKWAIT:
831 handled = service_zero_data_request(
832 musb, &setup);
833
834 /*
835 * We're expecting no data in any case, so
836 * always set the DATAEND bit -- doing this
837 * here helps avoid SetupEnd interrupt coming
838 * in the idle stage when we're stalling...
839 */
840 musb->ackpend |= MUSB_CSR0_P_DATAEND;
841
842 /* status stage might be immediate */
843 if (handled > 0)
844 musb->ep0_state =
845 MUSB_EP0_STAGE_STATUSIN;
846 break;
847
848 /* sequence #1 (IN to host), includes GET_STATUS
849 * requests that we can't forward, GET_DESCRIPTOR
850 * and others that we must
851 */
852 case MUSB_EP0_STAGE_TX:
853 handled = service_in_request(musb, &setup);
854 if (handled > 0) {
855 musb->ackpend = MUSB_CSR0_TXPKTRDY
856 | MUSB_CSR0_P_DATAEND;
857 musb->ep0_state =
858 MUSB_EP0_STAGE_STATUSOUT;
859 }
860 break;
861
862 /* sequence #2 (OUT from host), always forward */
863 default: /* MUSB_EP0_STAGE_RX */
864 break;
865 }
866
867 musb_dbg(musb, "handled %d, csr %04x, ep0stage %s",
868 handled, csr,
869 decode_ep0stage(musb->ep0_state));
870
871 /* unless we need to delegate this to the gadget
872 * driver, we know how to wrap this up: csr0 has
873 * not yet been written.
874 */
875 if (handled < 0)
876 goto stall;
877 else if (handled > 0)
878 goto finish;
879
880 handled = forward_to_driver(musb, &setup);
881 if (handled < 0) {
882 musb_ep_select(mbase, 0);
883stall:
884 musb_dbg(musb, "stall (%d)", handled);
885 musb->ackpend |= MUSB_CSR0_P_SENDSTALL;
886 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
887finish:
888 musb_writew(regs, MUSB_CSR0,
889 musb->ackpend);
890 musb->ackpend = 0;
891 }
892 }
893 break;
894
895 case MUSB_EP0_STAGE_ACKWAIT:
896 /* This should not happen. But happens with tusb6010 with
897 * g_file_storage and high speed. Do nothing.
898 */
899 retval = IRQ_HANDLED;
900 break;
901
902 default:
903 /* "can't happen" */
904 WARN_ON(1);
905 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL);
906 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
907 break;
908 }
909
910 return retval;
911}
912
913
914static int
915musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc)
916{
917 /* always enabled */
918 return -EINVAL;
919}
920
921static int musb_g_ep0_disable(struct usb_ep *e)
922{
923 /* always enabled */
924 return -EINVAL;
925}
926
927static int
928musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags)
929{
930 struct musb_ep *ep;
931 struct musb_request *req;
932 struct musb *musb;
933 int status;
934 unsigned long lockflags;
935 void __iomem *regs;
936
937 if (!e || !r)
938 return -EINVAL;
939
940 ep = to_musb_ep(e);
941 musb = ep->musb;
942 regs = musb->control_ep->regs;
943
944 req = to_musb_request(r);
945 req->musb = musb;
946 req->request.actual = 0;
947 req->request.status = -EINPROGRESS;
948 req->tx = ep->is_in;
949
950 spin_lock_irqsave(&musb->lock, lockflags);
951
952 if (!list_empty(&ep->req_list)) {
953 status = -EBUSY;
954 goto cleanup;
955 }
956
957 switch (musb->ep0_state) {
958 case MUSB_EP0_STAGE_RX: /* control-OUT data */
959 case MUSB_EP0_STAGE_TX: /* control-IN data */
960 case MUSB_EP0_STAGE_ACKWAIT: /* zero-length data */
961 status = 0;
962 break;
963 default:
964 musb_dbg(musb, "ep0 request queued in state %d",
965 musb->ep0_state);
966 status = -EINVAL;
967 goto cleanup;
968 }
969
970 /* add request to the list */
971 list_add_tail(&req->list, &ep->req_list);
972
973 musb_dbg(musb, "queue to %s (%s), length=%d",
974 ep->name, ep->is_in ? "IN/TX" : "OUT/RX",
975 req->request.length);
976
977 musb_ep_select(musb->mregs, 0);
978
979 /* sequence #1, IN ... start writing the data */
980 if (musb->ep0_state == MUSB_EP0_STAGE_TX)
981 ep0_txstate(musb);
982
983 /* sequence #3, no-data ... issue IN status */
984 else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) {
985 if (req->request.length)
986 status = -EINVAL;
987 else {
988 musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
989 musb_writew(regs, MUSB_CSR0,
990 musb->ackpend | MUSB_CSR0_P_DATAEND);
991 musb->ackpend = 0;
992 musb_g_ep0_giveback(ep->musb, r);
993 }
994
995 /* else for sequence #2 (OUT), caller provides a buffer
996 * before the next packet arrives. deferred responses
997 * (after SETUP is acked) are racey.
998 */
999 } else if (musb->ackpend) {
1000 musb_writew(regs, MUSB_CSR0, musb->ackpend);
1001 musb->ackpend = 0;
1002 }
1003
1004cleanup:
1005 spin_unlock_irqrestore(&musb->lock, lockflags);
1006 return status;
1007}
1008
1009static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req)
1010{
1011 /* we just won't support this */
1012 return -EINVAL;
1013}
1014
1015static int musb_g_ep0_halt(struct usb_ep *e, int value)
1016{
1017 struct musb_ep *ep;
1018 struct musb *musb;
1019 void __iomem *base, *regs;
1020 unsigned long flags;
1021 int status;
1022 u16 csr;
1023
1024 if (!e || !value)
1025 return -EINVAL;
1026
1027 ep = to_musb_ep(e);
1028 musb = ep->musb;
1029 base = musb->mregs;
1030 regs = musb->control_ep->regs;
1031 status = 0;
1032
1033 spin_lock_irqsave(&musb->lock, flags);
1034
1035 if (!list_empty(&ep->req_list)) {
1036 status = -EBUSY;
1037 goto cleanup;
1038 }
1039
1040 musb_ep_select(base, 0);
1041 csr = musb->ackpend;
1042
1043 switch (musb->ep0_state) {
1044
1045 /* Stalls are usually issued after parsing SETUP packet, either
1046 * directly in irq context from setup() or else later.
1047 */
1048 case MUSB_EP0_STAGE_TX: /* control-IN data */
1049 case MUSB_EP0_STAGE_ACKWAIT: /* STALL for zero-length data */
1050 case MUSB_EP0_STAGE_RX: /* control-OUT data */
1051 csr = musb_readw(regs, MUSB_CSR0);
1052 /* FALLTHROUGH */
1053
1054 /* It's also OK to issue stalls during callbacks when a non-empty
1055 * DATA stage buffer has been read (or even written).
1056 */
1057 case MUSB_EP0_STAGE_STATUSIN: /* control-OUT status */
1058 case MUSB_EP0_STAGE_STATUSOUT: /* control-IN status */
1059
1060 csr |= MUSB_CSR0_P_SENDSTALL;
1061 musb_writew(regs, MUSB_CSR0, csr);
1062 musb->ep0_state = MUSB_EP0_STAGE_IDLE;
1063 musb->ackpend = 0;
1064 break;
1065 default:
1066 musb_dbg(musb, "ep0 can't halt in state %d", musb->ep0_state);
1067 status = -EINVAL;
1068 }
1069
1070cleanup:
1071 spin_unlock_irqrestore(&musb->lock, flags);
1072 return status;
1073}
1074
1075const struct usb_ep_ops musb_g_ep0_ops = {
1076 .enable = musb_g_ep0_enable,
1077 .disable = musb_g_ep0_disable,
1078 .alloc_request = musb_alloc_request,
1079 .free_request = musb_free_request,
1080 .queue = musb_g_ep0_queue,
1081 .dequeue = musb_g_ep0_dequeue,
1082 .set_halt = musb_g_ep0_halt,
1083};