1/*
2 * MUSB OTG peripheral driver ep0 handling
3 *
4 * Copyright 2005 Mentor Graphics Corporation
5 * Copyright (C) 2005-2006 by Texas Instruments
6 * Copyright (C) 2006-2007 Nokia Corporation
7 * Copyright (C) 2008-2009 MontaVista Software, Inc. <source@mvista.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * version 2 as published by the Free Software Foundation.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16 * General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
21 * 02110-1301 USA
22 *
23 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
24 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN
26 * NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
29 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
30 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 *
34 */
35
36#include <linux/kernel.h>
37#include <linux/list.h>
38#include <linux/timer.h>
39#include <linux/spinlock.h>
40#include <linux/device.h>
41#include <linux/interrupt.h>
42
43#include "musb_core.h"
44
45/* ep0 is always musb->endpoints[0].ep_in */
46#define	next_ep0_request(musb)	next_in_request(&(musb)->endpoints[0])
47
48/*
49 * locking note:  we use only the controller lock, for simpler correctness.
50 * It's always held with IRQs blocked.
51 *
52 * It protects the ep0 request queue as well as ep0_state, not just the
53 * controller and indexed registers.  And that lock stays held unless it
54 * needs to be dropped to allow reentering this driver ... like upcalls to
55 * the gadget driver, or adjusting endpoint halt status.
56 */
57
58static char *decode_ep0stage(u8 stage)
59{
60	switch (stage) {
61	case MUSB_EP0_STAGE_IDLE:	return "idle";
62	case MUSB_EP0_STAGE_SETUP:	return "setup";
63	case MUSB_EP0_STAGE_TX:		return "in";
64	case MUSB_EP0_STAGE_RX:		return "out";
65	case MUSB_EP0_STAGE_ACKWAIT:	return "wait";
66	case MUSB_EP0_STAGE_STATUSIN:	return "in/status";
67	case MUSB_EP0_STAGE_STATUSOUT:	return "out/status";
68	default:			return "?";
69	}
70}
71
72/* handle a standard GET_STATUS request
73 * Context:  caller holds controller lock
74 */
75static int service_tx_status_request(
76	struct musb *musb,
77	const struct usb_ctrlrequest *ctrlrequest)
78{
79	void __iomem	*mbase = musb->mregs;
80	int handled = 1;
81	u8 result[2], epnum = 0;
82	const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
83
84	result[1] = 0;
85
86	switch (recip) {
87	case USB_RECIP_DEVICE:
88		result[0] = musb->g.is_selfpowered << USB_DEVICE_SELF_POWERED;
89		result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP;
90		if (musb->g.is_otg) {
91			result[0] |= musb->g.b_hnp_enable
92				<< USB_DEVICE_B_HNP_ENABLE;
93			result[0] |= musb->g.a_alt_hnp_support
94				<< USB_DEVICE_A_ALT_HNP_SUPPORT;
95			result[0] |= musb->g.a_hnp_support
96				<< USB_DEVICE_A_HNP_SUPPORT;
97		}
98		break;
99
100	case USB_RECIP_INTERFACE:
101		result[0] = 0;
102		break;
103
104	case USB_RECIP_ENDPOINT: {
105		int		is_in;
106		struct musb_ep	*ep;
107		u16		tmp;
108		void __iomem	*regs;
109
110		epnum = (u8) ctrlrequest->wIndex;
111		if (!epnum) {
112			result[0] = 0;
113			break;
114		}
115
116		is_in = epnum & USB_DIR_IN;
117		if (is_in) {
118			epnum &= 0x0f;
119			ep = &musb->endpoints[epnum].ep_in;
120		} else {
121			ep = &musb->endpoints[epnum].ep_out;
122		}
123		regs = musb->endpoints[epnum].regs;
124
125		if (epnum >= MUSB_C_NUM_EPS || !ep->desc) {
126			handled = -EINVAL;
127			break;
128		}
129
130		musb_ep_select(mbase, epnum);
131		if (is_in)
132			tmp = musb_readw(regs, MUSB_TXCSR)
133						& MUSB_TXCSR_P_SENDSTALL;
134		else
135			tmp = musb_readw(regs, MUSB_RXCSR)
136						& MUSB_RXCSR_P_SENDSTALL;
137		musb_ep_select(mbase, 0);
138
139		result[0] = tmp ? 1 : 0;
140		} break;
141
142	default:
143		/* class, vendor, etc ... delegate */
144		handled = 0;
145		break;
146	}
147
148	/* fill up the fifo; caller updates csr0 */
149	if (handled > 0) {
150		u16	len = le16_to_cpu(ctrlrequest->wLength);
151
152		if (len > 2)
153			len = 2;
154		musb_write_fifo(&musb->endpoints[0], len, result);
155	}
156
157	return handled;
158}
159
160/*
161 * handle a control-IN request, the end0 buffer contains the current request
162 * that is supposed to be a standard control request. Assumes the fifo to
163 * be at least 2 bytes long.
164 *
165 * @return 0 if the request was NOT HANDLED,
166 * < 0 when error
167 * > 0 when the request is processed
168 *
169 * Context:  caller holds controller lock
170 */
171static int
172service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
173{
174	int handled = 0;	/* not handled */
175
176	if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
177			== USB_TYPE_STANDARD) {
178		switch (ctrlrequest->bRequest) {
179		case USB_REQ_GET_STATUS:
180			handled = service_tx_status_request(musb,
181					ctrlrequest);
182			break;
183
184		/* case USB_REQ_SYNC_FRAME: */
185
186		default:
187			break;
188		}
189	}
190	return handled;
191}
192
193/*
194 * Context:  caller holds controller lock
195 */
196static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req)
197{
198	musb_g_giveback(&musb->endpoints[0].ep_in, req, 0);
199}
200
201/*
202 * Tries to start B-device HNP negotiation if enabled via sysfs
203 */
204static inline void musb_try_b_hnp_enable(struct musb *musb)
205{
206	void __iomem	*mbase = musb->mregs;
207	u8		devctl;
208
209	dev_dbg(musb->controller, "HNP: Setting HR\n");
210	devctl = musb_readb(mbase, MUSB_DEVCTL);
211	musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR);
212}
213
214/*
215 * Handle all control requests with no DATA stage, including standard
216 * requests such as:
217 * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized
218 *	always delegated to the gadget driver
219 * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE
220 *	always handled here, except for class/vendor/... features
221 *
222 * Context:  caller holds controller lock
223 */
224static int
225service_zero_data_request(struct musb *musb,
226		struct usb_ctrlrequest *ctrlrequest)
227__releases(musb->lock)
228__acquires(musb->lock)
229{
230	int handled = -EINVAL;
231	void __iomem *mbase = musb->mregs;
232	const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
233
234	/* the gadget driver handles everything except what we MUST handle */
235	if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
236			== USB_TYPE_STANDARD) {
237		switch (ctrlrequest->bRequest) {
238		case USB_REQ_SET_ADDRESS:
239			/* change it after the status stage */
240			musb->set_address = true;
241			musb->address = (u8) (ctrlrequest->wValue & 0x7f);
242			handled = 1;
243			break;
244
245		case USB_REQ_CLEAR_FEATURE:
246			switch (recip) {
247			case USB_RECIP_DEVICE:
248				if (ctrlrequest->wValue
249						!= USB_DEVICE_REMOTE_WAKEUP)
250					break;
251				musb->may_wakeup = 0;
252				handled = 1;
253				break;
254			case USB_RECIP_INTERFACE:
255				break;
256			case USB_RECIP_ENDPOINT:{
257				const u8		epnum =
258					ctrlrequest->wIndex & 0x0f;
259				struct musb_ep		*musb_ep;
260				struct musb_hw_ep	*ep;
261				struct musb_request	*request;
262				void __iomem		*regs;
263				int			is_in;
264				u16			csr;
265
266				if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
267				    ctrlrequest->wValue != USB_ENDPOINT_HALT)
268					break;
269
270				ep = musb->endpoints + epnum;
271				regs = ep->regs;
272				is_in = ctrlrequest->wIndex & USB_DIR_IN;
273				if (is_in)
274					musb_ep = &ep->ep_in;
275				else
276					musb_ep = &ep->ep_out;
277				if (!musb_ep->desc)
278					break;
279
280				handled = 1;
281				/* Ignore request if endpoint is wedged */
282				if (musb_ep->wedged)
283					break;
284
285				musb_ep_select(mbase, epnum);
286				if (is_in) {
287					csr  = musb_readw(regs, MUSB_TXCSR);
288					csr |= MUSB_TXCSR_CLRDATATOG |
289					       MUSB_TXCSR_P_WZC_BITS;
290					csr &= ~(MUSB_TXCSR_P_SENDSTALL |
291						 MUSB_TXCSR_P_SENTSTALL |
292						 MUSB_TXCSR_TXPKTRDY);
293					musb_writew(regs, MUSB_TXCSR, csr);
294				} else {
295					csr  = musb_readw(regs, MUSB_RXCSR);
296					csr |= MUSB_RXCSR_CLRDATATOG |
297					       MUSB_RXCSR_P_WZC_BITS;
298					csr &= ~(MUSB_RXCSR_P_SENDSTALL |
299						 MUSB_RXCSR_P_SENTSTALL);
300					musb_writew(regs, MUSB_RXCSR, csr);
301				}
302
303				/* Maybe start the first request in the queue */
304				request = next_request(musb_ep);
305				if (!musb_ep->busy && request) {
306					dev_dbg(musb->controller, "restarting the request\n");
307					musb_ep_restart(musb, request);
308				}
309
310				/* select ep0 again */
311				musb_ep_select(mbase, 0);
312				} break;
313			default:
314				/* class, vendor, etc ... delegate */
315				handled = 0;
316				break;
317			}
318			break;
319
320		case USB_REQ_SET_FEATURE:
321			switch (recip) {
322			case USB_RECIP_DEVICE:
323				handled = 1;
324				switch (ctrlrequest->wValue) {
325				case USB_DEVICE_REMOTE_WAKEUP:
326					musb->may_wakeup = 1;
327					break;
328				case USB_DEVICE_TEST_MODE:
329					if (musb->g.speed != USB_SPEED_HIGH)
330						goto stall;
331					if (ctrlrequest->wIndex & 0xff)
332						goto stall;
333
334					switch (ctrlrequest->wIndex >> 8) {
335					case 1:
336						pr_debug("TEST_J\n");
337						/* TEST_J */
338						musb->test_mode_nr =
339							MUSB_TEST_J;
340						break;
341					case 2:
342						/* TEST_K */
343						pr_debug("TEST_K\n");
344						musb->test_mode_nr =
345							MUSB_TEST_K;
346						break;
347					case 3:
348						/* TEST_SE0_NAK */
349						pr_debug("TEST_SE0_NAK\n");
350						musb->test_mode_nr =
351							MUSB_TEST_SE0_NAK;
352						break;
353					case 4:
354						/* TEST_PACKET */
355						pr_debug("TEST_PACKET\n");
356						musb->test_mode_nr =
357							MUSB_TEST_PACKET;
358						break;
359
360					case 0xc0:
361						/* TEST_FORCE_HS */
362						pr_debug("TEST_FORCE_HS\n");
363						musb->test_mode_nr =
364							MUSB_TEST_FORCE_HS;
365						break;
366					case 0xc1:
367						/* TEST_FORCE_FS */
368						pr_debug("TEST_FORCE_FS\n");
369						musb->test_mode_nr =
370							MUSB_TEST_FORCE_FS;
371						break;
372					case 0xc2:
373						/* TEST_FIFO_ACCESS */
374						pr_debug("TEST_FIFO_ACCESS\n");
375						musb->test_mode_nr =
376							MUSB_TEST_FIFO_ACCESS;
377						break;
378					case 0xc3:
379						/* TEST_FORCE_HOST */
380						pr_debug("TEST_FORCE_HOST\n");
381						musb->test_mode_nr =
382							MUSB_TEST_FORCE_HOST;
383						break;
384					default:
385						goto stall;
386					}
387
388					/* enter test mode after irq */
389					if (handled > 0)
390						musb->test_mode = true;
391					break;
392				case USB_DEVICE_B_HNP_ENABLE:
393					if (!musb->g.is_otg)
394						goto stall;
395					musb->g.b_hnp_enable = 1;
396					musb_try_b_hnp_enable(musb);
397					break;
398				case USB_DEVICE_A_HNP_SUPPORT:
399					if (!musb->g.is_otg)
400						goto stall;
401					musb->g.a_hnp_support = 1;
402					break;
403				case USB_DEVICE_A_ALT_HNP_SUPPORT:
404					if (!musb->g.is_otg)
405						goto stall;
406					musb->g.a_alt_hnp_support = 1;
407					break;
408				case USB_DEVICE_DEBUG_MODE:
409					handled = 0;
410					break;
411stall:
412				default:
413					handled = -EINVAL;
414					break;
415				}
416				break;
417
418			case USB_RECIP_INTERFACE:
419				break;
420
421			case USB_RECIP_ENDPOINT:{
422				const u8		epnum =
423					ctrlrequest->wIndex & 0x0f;
424				struct musb_ep		*musb_ep;
425				struct musb_hw_ep	*ep;
426				void __iomem		*regs;
427				int			is_in;
428				u16			csr;
429
430				if (epnum == 0 || epnum >= MUSB_C_NUM_EPS ||
431				    ctrlrequest->wValue	!= USB_ENDPOINT_HALT)
432					break;
433
434				ep = musb->endpoints + epnum;
435				regs = ep->regs;
436				is_in = ctrlrequest->wIndex & USB_DIR_IN;
437				if (is_in)
438					musb_ep = &ep->ep_in;
439				else
440					musb_ep = &ep->ep_out;
441				if (!musb_ep->desc)
442					break;
443
444				musb_ep_select(mbase, epnum);
445				if (is_in) {
446					csr = musb_readw(regs, MUSB_TXCSR);
447					if (csr & MUSB_TXCSR_FIFONOTEMPTY)
448						csr |= MUSB_TXCSR_FLUSHFIFO;
449					csr |= MUSB_TXCSR_P_SENDSTALL
450						| MUSB_TXCSR_CLRDATATOG
451						| MUSB_TXCSR_P_WZC_BITS;
452					musb_writew(regs, MUSB_TXCSR, csr);
453				} else {
454					csr = musb_readw(regs, MUSB_RXCSR);
455					csr |= MUSB_RXCSR_P_SENDSTALL
456						| MUSB_RXCSR_FLUSHFIFO
457						| MUSB_RXCSR_CLRDATATOG
458						| MUSB_RXCSR_P_WZC_BITS;
459					musb_writew(regs, MUSB_RXCSR, csr);
460				}
461
462				/* select ep0 again */
463				musb_ep_select(mbase, 0);
464				handled = 1;
465				} break;
466
467			default:
468				/* class, vendor, etc ... delegate */
469				handled = 0;
470				break;
471			}
472			break;
473		default:
474			/* delegate SET_CONFIGURATION, etc */
475			handled = 0;
476		}
477	} else
478		handled = 0;
479	return handled;
480}
481
482/* we have an ep0out data packet
483 * Context:  caller holds controller lock
484 */
485static void ep0_rxstate(struct musb *musb)
486{
487	void __iomem		*regs = musb->control_ep->regs;
488	struct musb_request	*request;
489	struct usb_request	*req;
490	u16			count, csr;
491
492	request = next_ep0_request(musb);
493	req = &request->request;
494
495	/* read packet and ack; or stall because of gadget driver bug:
496	 * should have provided the rx buffer before setup() returned.
497	 */
498	if (req) {
499		void		*buf = req->buf + req->actual;
500		unsigned	len = req->length - req->actual;
501
502		/* read the buffer */
503		count = musb_readb(regs, MUSB_COUNT0);
504		if (count > len) {
505			req->status = -EOVERFLOW;
506			count = len;
507		}
508		if (count > 0) {
509			musb_read_fifo(&musb->endpoints[0], count, buf);
510			req->actual += count;
511		}
512		csr = MUSB_CSR0_P_SVDRXPKTRDY;
513		if (count < 64 || req->actual == req->length) {
514			musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
515			csr |= MUSB_CSR0_P_DATAEND;
516		} else
517			req = NULL;
518	} else
519		csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL;
520
521
522	/* Completion handler may choose to stall, e.g. because the
523	 * message just received holds invalid data.
524	 */
525	if (req) {
526		musb->ackpend = csr;
527		musb_g_ep0_giveback(musb, req);
528		if (!musb->ackpend)
529			return;
530		musb->ackpend = 0;
531	}
532	musb_ep_select(musb->mregs, 0);
533	musb_writew(regs, MUSB_CSR0, csr);
534}
535
536/*
537 * transmitting to the host (IN), this code might be called from IRQ
538 * and from kernel thread.
539 *
540 * Context:  caller holds controller lock
541 */
542static void ep0_txstate(struct musb *musb)
543{
544	void __iomem		*regs = musb->control_ep->regs;
545	struct musb_request	*req = next_ep0_request(musb);
546	struct usb_request	*request;
547	u16			csr = MUSB_CSR0_TXPKTRDY;
548	u8			*fifo_src;
549	u8			fifo_count;
550
551	if (!req) {
552		/* WARN_ON(1); */
553		dev_dbg(musb->controller, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0));
554		return;
555	}
556
557	request = &req->request;
558
559	/* load the data */
560	fifo_src = (u8 *) request->buf + request->actual;
561	fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE,
562		request->length - request->actual);
563	musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src);
564	request->actual += fifo_count;
565
566	/* update the flags */
567	if (fifo_count < MUSB_MAX_END0_PACKET
568			|| (request->actual == request->length
569				&& !request->zero)) {
570		musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
571		csr |= MUSB_CSR0_P_DATAEND;
572	} else
573		request = NULL;
574
575	/* report completions as soon as the fifo's loaded; there's no
576	 * win in waiting till this last packet gets acked.  (other than
577	 * very precise fault reporting, needed by USB TMC; possible with
578	 * this hardware, but not usable from portable gadget drivers.)
579	 */
580	if (request) {
581		musb->ackpend = csr;
582		musb_g_ep0_giveback(musb, request);
583		if (!musb->ackpend)
584			return;
585		musb->ackpend = 0;
586	}
587
588	/* send it out, triggering a "txpktrdy cleared" irq */
589	musb_ep_select(musb->mregs, 0);
590	musb_writew(regs, MUSB_CSR0, csr);
591}
592
593/*
594 * Read a SETUP packet (struct usb_ctrlrequest) from the hardware.
595 * Fields are left in USB byte-order.
596 *
597 * Context:  caller holds controller lock.
598 */
599static void
600musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req)
601{
602	struct musb_request	*r;
603	void __iomem		*regs = musb->control_ep->regs;
604
605	musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req);
606
607	/* NOTE:  earlier 2.6 versions changed setup packets to host
608	 * order, but now USB packets always stay in USB byte order.
609	 */
610	dev_dbg(musb->controller, "SETUP req%02x.%02x v%04x i%04x l%d\n",
611		req->bRequestType,
612		req->bRequest,
613		le16_to_cpu(req->wValue),
614		le16_to_cpu(req->wIndex),
615		le16_to_cpu(req->wLength));
616
617	/* clean up any leftover transfers */
618	r = next_ep0_request(musb);
619	if (r)
620		musb_g_ep0_giveback(musb, &r->request);
621
622	/* For zero-data requests we want to delay the STATUS stage to
623	 * avoid SETUPEND errors.  If we read data (OUT), delay accepting
624	 * packets until there's a buffer to store them in.
625	 *
626	 * If we write data, the controller acts happier if we enable
627	 * the TX FIFO right away, and give the controller a moment
628	 * to switch modes...
629	 */
630	musb->set_address = false;
631	musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY;
632	if (req->wLength == 0) {
633		if (req->bRequestType & USB_DIR_IN)
634			musb->ackpend |= MUSB_CSR0_TXPKTRDY;
635		musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT;
636	} else if (req->bRequestType & USB_DIR_IN) {
637		musb->ep0_state = MUSB_EP0_STAGE_TX;
638		musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY);
639		while ((musb_readw(regs, MUSB_CSR0)
640				& MUSB_CSR0_RXPKTRDY) != 0)
641			cpu_relax();
642		musb->ackpend = 0;
643	} else
644		musb->ep0_state = MUSB_EP0_STAGE_RX;
645}
646
647static int
648forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
649__releases(musb->lock)
650__acquires(musb->lock)
651{
652	int retval;
653	if (!musb->gadget_driver)
654		return -EOPNOTSUPP;
655	spin_unlock(&musb->lock);
656	retval = musb->gadget_driver->setup(&musb->g, ctrlrequest);
657	spin_lock(&musb->lock);
658	return retval;
659}
660
661/*
662 * Handle peripheral ep0 interrupt
663 *
664 * Context: irq handler; we won't re-enter the driver that way.
665 */
666irqreturn_t musb_g_ep0_irq(struct musb *musb)
667{
668	u16		csr;
669	u16		len;
670	void __iomem	*mbase = musb->mregs;
671	void __iomem	*regs = musb->endpoints[0].regs;
672	irqreturn_t	retval = IRQ_NONE;
673
674	musb_ep_select(mbase, 0);	/* select ep0 */
675	csr = musb_readw(regs, MUSB_CSR0);
676	len = musb_readb(regs, MUSB_COUNT0);
677
678	dev_dbg(musb->controller, "csr %04x, count %d, ep0stage %s\n",
679			csr, len, decode_ep0stage(musb->ep0_state));
680
681	if (csr & MUSB_CSR0_P_DATAEND) {
682		/*
683		 * If DATAEND is set we should not call the callback,
684		 * hence the status stage is not complete.
685		 */
686		return IRQ_HANDLED;
687	}
688
689	/* I sent a stall.. need to acknowledge it now.. */
690	if (csr & MUSB_CSR0_P_SENTSTALL) {
691		musb_writew(regs, MUSB_CSR0,
692				csr & ~MUSB_CSR0_P_SENTSTALL);
693		retval = IRQ_HANDLED;
694		musb->ep0_state = MUSB_EP0_STAGE_IDLE;
695		csr = musb_readw(regs, MUSB_CSR0);
696	}
697
698	/* request ended "early" */
699	if (csr & MUSB_CSR0_P_SETUPEND) {
700		musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND);
701		retval = IRQ_HANDLED;
702		/* Transition into the early status phase */
703		switch (musb->ep0_state) {
704		case MUSB_EP0_STAGE_TX:
705			musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
706			break;
707		case MUSB_EP0_STAGE_RX:
708			musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
709			break;
710		default:
711			ERR("SetupEnd came in a wrong ep0stage %s\n",
712			    decode_ep0stage(musb->ep0_state));
713		}
714		csr = musb_readw(regs, MUSB_CSR0);
715		/* NOTE:  request may need completion */
716	}
717
718	/* docs from Mentor only describe tx, rx, and idle/setup states.
719	 * we need to handle nuances around status stages, and also the
720	 * case where status and setup stages come back-to-back ...
721	 */
722	switch (musb->ep0_state) {
723
724	case MUSB_EP0_STAGE_TX:
725		/* irq on clearing txpktrdy */
726		if ((csr & MUSB_CSR0_TXPKTRDY) == 0) {
727			ep0_txstate(musb);
728			retval = IRQ_HANDLED;
729		}
730		break;
731
732	case MUSB_EP0_STAGE_RX:
733		/* irq on set rxpktrdy */
734		if (csr & MUSB_CSR0_RXPKTRDY) {
735			ep0_rxstate(musb);
736			retval = IRQ_HANDLED;
737		}
738		break;
739
740	case MUSB_EP0_STAGE_STATUSIN:
741		/* end of sequence #2 (OUT/RX state) or #3 (no data) */
742
743		/* update address (if needed) only @ the end of the
744		 * status phase per usb spec, which also guarantees
745		 * we get 10 msec to receive this irq... until this
746		 * is done we won't see the next packet.
747		 */
748		if (musb->set_address) {
749			musb->set_address = false;
750			musb_writeb(mbase, MUSB_FADDR, musb->address);
751		}
752
753		/* enter test mode if needed (exit by reset) */
754		else if (musb->test_mode) {
755			dev_dbg(musb->controller, "entering TESTMODE\n");
756
757			if (MUSB_TEST_PACKET == musb->test_mode_nr)
758				musb_load_testpacket(musb);
759
760			musb_writeb(mbase, MUSB_TESTMODE,
761					musb->test_mode_nr);
762		}
763		/* FALLTHROUGH */
764
765	case MUSB_EP0_STAGE_STATUSOUT:
766		/* end of sequence #1: write to host (TX state) */
767		{
768			struct musb_request	*req;
769
770			req = next_ep0_request(musb);
771			if (req)
772				musb_g_ep0_giveback(musb, &req->request);
773		}
774
775		/*
776		 * In case when several interrupts can get coalesced,
777		 * check to see if we've already received a SETUP packet...
778		 */
779		if (csr & MUSB_CSR0_RXPKTRDY)
780			goto setup;
781
782		retval = IRQ_HANDLED;
783		musb->ep0_state = MUSB_EP0_STAGE_IDLE;
784		break;
785
786	case MUSB_EP0_STAGE_IDLE:
787		/*
788		 * This state is typically (but not always) indiscernible
789		 * from the status states since the corresponding interrupts
790		 * tend to happen within too little period of time (with only
791		 * a zero-length packet in between) and so get coalesced...
792		 */
793		retval = IRQ_HANDLED;
794		musb->ep0_state = MUSB_EP0_STAGE_SETUP;
795		/* FALLTHROUGH */
796
797	case MUSB_EP0_STAGE_SETUP:
798setup:
799		if (csr & MUSB_CSR0_RXPKTRDY) {
800			struct usb_ctrlrequest	setup;
801			int			handled = 0;
802
803			if (len != 8) {
804				ERR("SETUP packet len %d != 8 ?\n", len);
805				break;
806			}
807			musb_read_setup(musb, &setup);
808			retval = IRQ_HANDLED;
809
810			/* sometimes the RESET won't be reported */
811			if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) {
812				u8	power;
813
814				printk(KERN_NOTICE "%s: peripheral reset "
815						"irq lost!\n",
816						musb_driver_name);
817				power = musb_readb(mbase, MUSB_POWER);
818				musb->g.speed = (power & MUSB_POWER_HSMODE)
819					? USB_SPEED_HIGH : USB_SPEED_FULL;
820
821			}
822
823			switch (musb->ep0_state) {
824
825			/* sequence #3 (no data stage), includes requests
826			 * we can't forward (notably SET_ADDRESS and the
827			 * device/endpoint feature set/clear operations)
828			 * plus SET_CONFIGURATION and others we must
829			 */
830			case MUSB_EP0_STAGE_ACKWAIT:
831				handled = service_zero_data_request(
832						musb, &setup);
833
834				/*
835				 * We're expecting no data in any case, so
836				 * always set the DATAEND bit -- doing this
837				 * here helps avoid SetupEnd interrupt coming
838				 * in the idle stage when we're stalling...
839				 */
840				musb->ackpend |= MUSB_CSR0_P_DATAEND;
841
842				/* status stage might be immediate */
843				if (handled > 0)
844					musb->ep0_state =
845						MUSB_EP0_STAGE_STATUSIN;
846				break;
847
848			/* sequence #1 (IN to host), includes GET_STATUS
849			 * requests that we can't forward, GET_DESCRIPTOR
850			 * and others that we must
851			 */
852			case MUSB_EP0_STAGE_TX:
853				handled = service_in_request(musb, &setup);
854				if (handled > 0) {
855					musb->ackpend = MUSB_CSR0_TXPKTRDY
856						| MUSB_CSR0_P_DATAEND;
857					musb->ep0_state =
858						MUSB_EP0_STAGE_STATUSOUT;
859				}
860				break;
861
862			/* sequence #2 (OUT from host), always forward */
863			default:		/* MUSB_EP0_STAGE_RX */
864				break;
865			}
866
867			dev_dbg(musb->controller, "handled %d, csr %04x, ep0stage %s\n",
868				handled, csr,
869				decode_ep0stage(musb->ep0_state));
870
871			/* unless we need to delegate this to the gadget
872			 * driver, we know how to wrap this up:  csr0 has
873			 * not yet been written.
874			 */
875			if (handled < 0)
876				goto stall;
877			else if (handled > 0)
878				goto finish;
879
880			handled = forward_to_driver(musb, &setup);
881			if (handled < 0) {
882				musb_ep_select(mbase, 0);
883stall:
884				dev_dbg(musb->controller, "stall (%d)\n", handled);
885				musb->ackpend |= MUSB_CSR0_P_SENDSTALL;
886				musb->ep0_state = MUSB_EP0_STAGE_IDLE;
887finish:
888				musb_writew(regs, MUSB_CSR0,
889						musb->ackpend);
890				musb->ackpend = 0;
891			}
892		}
893		break;
894
895	case MUSB_EP0_STAGE_ACKWAIT:
896		/* This should not happen. But happens with tusb6010 with
897		 * g_file_storage and high speed. Do nothing.
898		 */
899		retval = IRQ_HANDLED;
900		break;
901
902	default:
903		/* "can't happen" */
904		WARN_ON(1);
905		musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL);
906		musb->ep0_state = MUSB_EP0_STAGE_IDLE;
907		break;
908	}
909
910	return retval;
911}
912
913
914static int
915musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc)
916{
917	/* always enabled */
918	return -EINVAL;
919}
920
921static int musb_g_ep0_disable(struct usb_ep *e)
922{
923	/* always enabled */
924	return -EINVAL;
925}
926
927static int
928musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags)
929{
930	struct musb_ep		*ep;
931	struct musb_request	*req;
932	struct musb		*musb;
933	int			status;
934	unsigned long		lockflags;
935	void __iomem		*regs;
936
937	if (!e || !r)
938		return -EINVAL;
939
940	ep = to_musb_ep(e);
941	musb = ep->musb;
942	regs = musb->control_ep->regs;
943
944	req = to_musb_request(r);
945	req->musb = musb;
946	req->request.actual = 0;
947	req->request.status = -EINPROGRESS;
948	req->tx = ep->is_in;
949
950	spin_lock_irqsave(&musb->lock, lockflags);
951
952	if (!list_empty(&ep->req_list)) {
953		status = -EBUSY;
954		goto cleanup;
955	}
956
957	switch (musb->ep0_state) {
958	case MUSB_EP0_STAGE_RX:		/* control-OUT data */
959	case MUSB_EP0_STAGE_TX:		/* control-IN data */
960	case MUSB_EP0_STAGE_ACKWAIT:	/* zero-length data */
961		status = 0;
962		break;
963	default:
964		dev_dbg(musb->controller, "ep0 request queued in state %d\n",
965				musb->ep0_state);
966		status = -EINVAL;
967		goto cleanup;
968	}
969
970	/* add request to the list */
971	list_add_tail(&req->list, &ep->req_list);
972
973	dev_dbg(musb->controller, "queue to %s (%s), length=%d\n",
974			ep->name, ep->is_in ? "IN/TX" : "OUT/RX",
975			req->request.length);
976
977	musb_ep_select(musb->mregs, 0);
978
979	/* sequence #1, IN ... start writing the data */
980	if (musb->ep0_state == MUSB_EP0_STAGE_TX)
981		ep0_txstate(musb);
982
983	/* sequence #3, no-data ... issue IN status */
984	else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) {
985		if (req->request.length)
986			status = -EINVAL;
987		else {
988			musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
989			musb_writew(regs, MUSB_CSR0,
990					musb->ackpend | MUSB_CSR0_P_DATAEND);
991			musb->ackpend = 0;
992			musb_g_ep0_giveback(ep->musb, r);
993		}
994
995	/* else for sequence #2 (OUT), caller provides a buffer
996	 * before the next packet arrives.  deferred responses
997	 * (after SETUP is acked) are racey.
998	 */
999	} else if (musb->ackpend) {
1000		musb_writew(regs, MUSB_CSR0, musb->ackpend);
1001		musb->ackpend = 0;
1002	}
1003
1004cleanup:
1005	spin_unlock_irqrestore(&musb->lock, lockflags);
1006	return status;
1007}
1008
1009static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req)
1010{
1011	/* we just won't support this */
1012	return -EINVAL;
1013}
1014
1015static int musb_g_ep0_halt(struct usb_ep *e, int value)
1016{
1017	struct musb_ep		*ep;
1018	struct musb		*musb;
1019	void __iomem		*base, *regs;
1020	unsigned long		flags;
1021	int			status;
1022	u16			csr;
1023
1024	if (!e || !value)
1025		return -EINVAL;
1026
1027	ep = to_musb_ep(e);
1028	musb = ep->musb;
1029	base = musb->mregs;
1030	regs = musb->control_ep->regs;
1031	status = 0;
1032
1033	spin_lock_irqsave(&musb->lock, flags);
1034
1035	if (!list_empty(&ep->req_list)) {
1036		status = -EBUSY;
1037		goto cleanup;
1038	}
1039
1040	musb_ep_select(base, 0);
1041	csr = musb->ackpend;
1042
1043	switch (musb->ep0_state) {
1044
1045	/* Stalls are usually issued after parsing SETUP packet, either
1046	 * directly in irq context from setup() or else later.
1047	 */
1048	case MUSB_EP0_STAGE_TX:		/* control-IN data */
1049	case MUSB_EP0_STAGE_ACKWAIT:	/* STALL for zero-length data */
1050	case MUSB_EP0_STAGE_RX:		/* control-OUT data */
1051		csr = musb_readw(regs, MUSB_CSR0);
1052		/* FALLTHROUGH */
1053
1054	/* It's also OK to issue stalls during callbacks when a non-empty
1055	 * DATA stage buffer has been read (or even written).
1056	 */
1057	case MUSB_EP0_STAGE_STATUSIN:	/* control-OUT status */
1058	case MUSB_EP0_STAGE_STATUSOUT:	/* control-IN status */
1059
1060		csr |= MUSB_CSR0_P_SENDSTALL;
1061		musb_writew(regs, MUSB_CSR0, csr);
1062		musb->ep0_state = MUSB_EP0_STAGE_IDLE;
1063		musb->ackpend = 0;
1064		break;
1065	default:
1066		dev_dbg(musb->controller, "ep0 can't halt in state %d\n", musb->ep0_state);
1067		status = -EINVAL;
1068	}
1069
1070cleanup:
1071	spin_unlock_irqrestore(&musb->lock, flags);
1072	return status;
1073}
1074
1075const struct usb_ep_ops musb_g_ep0_ops = {
1076	.enable		= musb_g_ep0_enable,
1077	.disable	= musb_g_ep0_disable,
1078	.alloc_request	= musb_alloc_request,
1079	.free_request	= musb_free_request,
1080	.queue		= musb_g_ep0_queue,
1081	.dequeue	= musb_g_ep0_dequeue,
1082	.set_halt	= musb_g_ep0_halt,
1083};
1084