V4L/DVB (5400): Core: fix several locking related problems
[linux-2.6] / drivers / usb / host / uhci-q.c
1 /*
2  * Universal Host Controller Interface driver for USB.
3  *
4  * Maintainer: Alan Stern <stern@rowland.harvard.edu>
5  *
6  * (C) Copyright 1999 Linus Torvalds
7  * (C) Copyright 1999-2002 Johannes Erdfelt, johannes@erdfelt.com
8  * (C) Copyright 1999 Randy Dunlap
9  * (C) Copyright 1999 Georg Acher, acher@in.tum.de
10  * (C) Copyright 1999 Deti Fliegl, deti@fliegl.de
11  * (C) Copyright 1999 Thomas Sailer, sailer@ife.ee.ethz.ch
12  * (C) Copyright 1999 Roman Weissgaerber, weissg@vienna.at
13  * (C) Copyright 2000 Yggdrasil Computing, Inc. (port of new PCI interface
14  *               support from usb-ohci.c by Adam Richter, adam@yggdrasil.com).
15  * (C) Copyright 1999 Gregory P. Smith (from usb-ohci.c)
16  * (C) Copyright 2004-2007 Alan Stern, stern@rowland.harvard.edu
17  */
18
19
20 /*
21  * Technically, updating td->status here is a race, but it's not really a
22  * problem. The worst that can happen is that we set the IOC bit again
23  * generating a spurious interrupt. We could fix this by creating another
24  * QH and leaving the IOC bit always set, but then we would have to play
25  * games with the FSBR code to make sure we get the correct order in all
26  * the cases. I don't think it's worth the effort
27  */
28 static void uhci_set_next_interrupt(struct uhci_hcd *uhci)
29 {
30         if (uhci->is_stopped)
31                 mod_timer(&uhci_to_hcd(uhci)->rh_timer, jiffies);
32         uhci->term_td->status |= cpu_to_le32(TD_CTRL_IOC); 
33 }
34
35 static inline void uhci_clear_next_interrupt(struct uhci_hcd *uhci)
36 {
37         uhci->term_td->status &= ~cpu_to_le32(TD_CTRL_IOC);
38 }
39
40
41 /*
42  * Full-Speed Bandwidth Reclamation (FSBR).
43  * We turn on FSBR whenever a queue that wants it is advancing,
44  * and leave it on for a short time thereafter.
45  */
46 static void uhci_fsbr_on(struct uhci_hcd *uhci)
47 {
48         struct uhci_qh *lqh;
49
50         /* The terminating skeleton QH always points back to the first
51          * FSBR QH.  Make the last async QH point to the terminating
52          * skeleton QH. */
53         uhci->fsbr_is_on = 1;
54         lqh = list_entry(uhci->skel_async_qh->node.prev,
55                         struct uhci_qh, node);
56         lqh->link = LINK_TO_QH(uhci->skel_term_qh);
57 }
58
59 static void uhci_fsbr_off(struct uhci_hcd *uhci)
60 {
61         struct uhci_qh *lqh;
62
63         /* Remove the link from the last async QH to the terminating
64          * skeleton QH. */
65         uhci->fsbr_is_on = 0;
66         lqh = list_entry(uhci->skel_async_qh->node.prev,
67                         struct uhci_qh, node);
68         lqh->link = UHCI_PTR_TERM;
69 }
70
71 static void uhci_add_fsbr(struct uhci_hcd *uhci, struct urb *urb)
72 {
73         struct urb_priv *urbp = urb->hcpriv;
74
75         if (!(urb->transfer_flags & URB_NO_FSBR))
76                 urbp->fsbr = 1;
77 }
78
79 static void uhci_urbp_wants_fsbr(struct uhci_hcd *uhci, struct urb_priv *urbp)
80 {
81         if (urbp->fsbr) {
82                 uhci->fsbr_is_wanted = 1;
83                 if (!uhci->fsbr_is_on)
84                         uhci_fsbr_on(uhci);
85                 else if (uhci->fsbr_expiring) {
86                         uhci->fsbr_expiring = 0;
87                         del_timer(&uhci->fsbr_timer);
88                 }
89         }
90 }
91
92 static void uhci_fsbr_timeout(unsigned long _uhci)
93 {
94         struct uhci_hcd *uhci = (struct uhci_hcd *) _uhci;
95         unsigned long flags;
96
97         spin_lock_irqsave(&uhci->lock, flags);
98         if (uhci->fsbr_expiring) {
99                 uhci->fsbr_expiring = 0;
100                 uhci_fsbr_off(uhci);
101         }
102         spin_unlock_irqrestore(&uhci->lock, flags);
103 }
104
105
106 static struct uhci_td *uhci_alloc_td(struct uhci_hcd *uhci)
107 {
108         dma_addr_t dma_handle;
109         struct uhci_td *td;
110
111         td = dma_pool_alloc(uhci->td_pool, GFP_ATOMIC, &dma_handle);
112         if (!td)
113                 return NULL;
114
115         td->dma_handle = dma_handle;
116         td->frame = -1;
117
118         INIT_LIST_HEAD(&td->list);
119         INIT_LIST_HEAD(&td->fl_list);
120
121         return td;
122 }
123
124 static void uhci_free_td(struct uhci_hcd *uhci, struct uhci_td *td)
125 {
126         if (!list_empty(&td->list))
127                 dev_warn(uhci_dev(uhci), "td %p still in list!\n", td);
128         if (!list_empty(&td->fl_list))
129                 dev_warn(uhci_dev(uhci), "td %p still in fl_list!\n", td);
130
131         dma_pool_free(uhci->td_pool, td, td->dma_handle);
132 }
133
134 static inline void uhci_fill_td(struct uhci_td *td, u32 status,
135                 u32 token, u32 buffer)
136 {
137         td->status = cpu_to_le32(status);
138         td->token = cpu_to_le32(token);
139         td->buffer = cpu_to_le32(buffer);
140 }
141
142 static void uhci_add_td_to_urbp(struct uhci_td *td, struct urb_priv *urbp)
143 {
144         list_add_tail(&td->list, &urbp->td_list);
145 }
146
147 static void uhci_remove_td_from_urbp(struct uhci_td *td)
148 {
149         list_del_init(&td->list);
150 }
151
152 /*
153  * We insert Isochronous URBs directly into the frame list at the beginning
154  */
155 static inline void uhci_insert_td_in_frame_list(struct uhci_hcd *uhci,
156                 struct uhci_td *td, unsigned framenum)
157 {
158         framenum &= (UHCI_NUMFRAMES - 1);
159
160         td->frame = framenum;
161
162         /* Is there a TD already mapped there? */
163         if (uhci->frame_cpu[framenum]) {
164                 struct uhci_td *ftd, *ltd;
165
166                 ftd = uhci->frame_cpu[framenum];
167                 ltd = list_entry(ftd->fl_list.prev, struct uhci_td, fl_list);
168
169                 list_add_tail(&td->fl_list, &ftd->fl_list);
170
171                 td->link = ltd->link;
172                 wmb();
173                 ltd->link = LINK_TO_TD(td);
174         } else {
175                 td->link = uhci->frame[framenum];
176                 wmb();
177                 uhci->frame[framenum] = LINK_TO_TD(td);
178                 uhci->frame_cpu[framenum] = td;
179         }
180 }
181
182 static inline void uhci_remove_td_from_frame_list(struct uhci_hcd *uhci,
183                 struct uhci_td *td)
184 {
185         /* If it's not inserted, don't remove it */
186         if (td->frame == -1) {
187                 WARN_ON(!list_empty(&td->fl_list));
188                 return;
189         }
190
191         if (uhci->frame_cpu[td->frame] == td) {
192                 if (list_empty(&td->fl_list)) {
193                         uhci->frame[td->frame] = td->link;
194                         uhci->frame_cpu[td->frame] = NULL;
195                 } else {
196                         struct uhci_td *ntd;
197
198                         ntd = list_entry(td->fl_list.next, struct uhci_td, fl_list);
199                         uhci->frame[td->frame] = LINK_TO_TD(ntd);
200                         uhci->frame_cpu[td->frame] = ntd;
201                 }
202         } else {
203                 struct uhci_td *ptd;
204
205                 ptd = list_entry(td->fl_list.prev, struct uhci_td, fl_list);
206                 ptd->link = td->link;
207         }
208
209         list_del_init(&td->fl_list);
210         td->frame = -1;
211 }
212
213 static inline void uhci_remove_tds_from_frame(struct uhci_hcd *uhci,
214                 unsigned int framenum)
215 {
216         struct uhci_td *ftd, *ltd;
217
218         framenum &= (UHCI_NUMFRAMES - 1);
219
220         ftd = uhci->frame_cpu[framenum];
221         if (ftd) {
222                 ltd = list_entry(ftd->fl_list.prev, struct uhci_td, fl_list);
223                 uhci->frame[framenum] = ltd->link;
224                 uhci->frame_cpu[framenum] = NULL;
225
226                 while (!list_empty(&ftd->fl_list))
227                         list_del_init(ftd->fl_list.prev);
228         }
229 }
230
231 /*
232  * Remove all the TDs for an Isochronous URB from the frame list
233  */
234 static void uhci_unlink_isochronous_tds(struct uhci_hcd *uhci, struct urb *urb)
235 {
236         struct urb_priv *urbp = (struct urb_priv *) urb->hcpriv;
237         struct uhci_td *td;
238
239         list_for_each_entry(td, &urbp->td_list, list)
240                 uhci_remove_td_from_frame_list(uhci, td);
241 }
242
243 static struct uhci_qh *uhci_alloc_qh(struct uhci_hcd *uhci,
244                 struct usb_device *udev, struct usb_host_endpoint *hep)
245 {
246         dma_addr_t dma_handle;
247         struct uhci_qh *qh;
248
249         qh = dma_pool_alloc(uhci->qh_pool, GFP_ATOMIC, &dma_handle);
250         if (!qh)
251                 return NULL;
252
253         memset(qh, 0, sizeof(*qh));
254         qh->dma_handle = dma_handle;
255
256         qh->element = UHCI_PTR_TERM;
257         qh->link = UHCI_PTR_TERM;
258
259         INIT_LIST_HEAD(&qh->queue);
260         INIT_LIST_HEAD(&qh->node);
261
262         if (udev) {             /* Normal QH */
263                 qh->type = hep->desc.bmAttributes & USB_ENDPOINT_XFERTYPE_MASK;
264                 if (qh->type != USB_ENDPOINT_XFER_ISOC) {
265                         qh->dummy_td = uhci_alloc_td(uhci);
266                         if (!qh->dummy_td) {
267                                 dma_pool_free(uhci->qh_pool, qh, dma_handle);
268                                 return NULL;
269                         }
270                 }
271                 qh->state = QH_STATE_IDLE;
272                 qh->hep = hep;
273                 qh->udev = udev;
274                 hep->hcpriv = qh;
275
276                 if (qh->type == USB_ENDPOINT_XFER_INT ||
277                                 qh->type == USB_ENDPOINT_XFER_ISOC)
278                         qh->load = usb_calc_bus_time(udev->speed,
279                                         usb_endpoint_dir_in(&hep->desc),
280                                         qh->type == USB_ENDPOINT_XFER_ISOC,
281                                         le16_to_cpu(hep->desc.wMaxPacketSize))
282                                 / 1000 + 1;
283
284         } else {                /* Skeleton QH */
285                 qh->state = QH_STATE_ACTIVE;
286                 qh->type = -1;
287         }
288         return qh;
289 }
290
291 static void uhci_free_qh(struct uhci_hcd *uhci, struct uhci_qh *qh)
292 {
293         WARN_ON(qh->state != QH_STATE_IDLE && qh->udev);
294         if (!list_empty(&qh->queue))
295                 dev_warn(uhci_dev(uhci), "qh %p list not empty!\n", qh);
296
297         list_del(&qh->node);
298         if (qh->udev) {
299                 qh->hep->hcpriv = NULL;
300                 if (qh->dummy_td)
301                         uhci_free_td(uhci, qh->dummy_td);
302         }
303         dma_pool_free(uhci->qh_pool, qh, qh->dma_handle);
304 }
305
306 /*
307  * When a queue is stopped and a dequeued URB is given back, adjust
308  * the previous TD link (if the URB isn't first on the queue) or
309  * save its toggle value (if it is first and is currently executing).
310  *
311  * Returns 0 if the URB should not yet be given back, 1 otherwise.
312  */
313 static int uhci_cleanup_queue(struct uhci_hcd *uhci, struct uhci_qh *qh,
314                 struct urb *urb)
315 {
316         struct urb_priv *urbp = urb->hcpriv;
317         struct uhci_td *td;
318         int ret = 1;
319
320         /* Isochronous pipes don't use toggles and their TD link pointers
321          * get adjusted during uhci_urb_dequeue().  But since their queues
322          * cannot truly be stopped, we have to watch out for dequeues
323          * occurring after the nominal unlink frame. */
324         if (qh->type == USB_ENDPOINT_XFER_ISOC) {
325                 ret = (uhci->frame_number + uhci->is_stopped !=
326                                 qh->unlink_frame);
327                 goto done;
328         }
329
330         /* If the URB isn't first on its queue, adjust the link pointer
331          * of the last TD in the previous URB.  The toggle doesn't need
332          * to be saved since this URB can't be executing yet. */
333         if (qh->queue.next != &urbp->node) {
334                 struct urb_priv *purbp;
335                 struct uhci_td *ptd;
336
337                 purbp = list_entry(urbp->node.prev, struct urb_priv, node);
338                 WARN_ON(list_empty(&purbp->td_list));
339                 ptd = list_entry(purbp->td_list.prev, struct uhci_td,
340                                 list);
341                 td = list_entry(urbp->td_list.prev, struct uhci_td,
342                                 list);
343                 ptd->link = td->link;
344                 goto done;
345         }
346
347         /* If the QH element pointer is UHCI_PTR_TERM then then currently
348          * executing URB has already been unlinked, so this one isn't it. */
349         if (qh_element(qh) == UHCI_PTR_TERM)
350                 goto done;
351         qh->element = UHCI_PTR_TERM;
352
353         /* Control pipes don't have to worry about toggles */
354         if (qh->type == USB_ENDPOINT_XFER_CONTROL)
355                 goto done;
356
357         /* Save the next toggle value */
358         WARN_ON(list_empty(&urbp->td_list));
359         td = list_entry(urbp->td_list.next, struct uhci_td, list);
360         qh->needs_fixup = 1;
361         qh->initial_toggle = uhci_toggle(td_token(td));
362
363 done:
364         return ret;
365 }
366
367 /*
368  * Fix up the data toggles for URBs in a queue, when one of them
369  * terminates early (short transfer, error, or dequeued).
370  */
371 static void uhci_fixup_toggles(struct uhci_qh *qh, int skip_first)
372 {
373         struct urb_priv *urbp = NULL;
374         struct uhci_td *td;
375         unsigned int toggle = qh->initial_toggle;
376         unsigned int pipe;
377
378         /* Fixups for a short transfer start with the second URB in the
379          * queue (the short URB is the first). */
380         if (skip_first)
381                 urbp = list_entry(qh->queue.next, struct urb_priv, node);
382
383         /* When starting with the first URB, if the QH element pointer is
384          * still valid then we know the URB's toggles are okay. */
385         else if (qh_element(qh) != UHCI_PTR_TERM)
386                 toggle = 2;
387
388         /* Fix up the toggle for the URBs in the queue.  Normally this
389          * loop won't run more than once: When an error or short transfer
390          * occurs, the queue usually gets emptied. */
391         urbp = list_prepare_entry(urbp, &qh->queue, node);
392         list_for_each_entry_continue(urbp, &qh->queue, node) {
393
394                 /* If the first TD has the right toggle value, we don't
395                  * need to change any toggles in this URB */
396                 td = list_entry(urbp->td_list.next, struct uhci_td, list);
397                 if (toggle > 1 || uhci_toggle(td_token(td)) == toggle) {
398                         td = list_entry(urbp->td_list.prev, struct uhci_td,
399                                         list);
400                         toggle = uhci_toggle(td_token(td)) ^ 1;
401
402                 /* Otherwise all the toggles in the URB have to be switched */
403                 } else {
404                         list_for_each_entry(td, &urbp->td_list, list) {
405                                 td->token ^= __constant_cpu_to_le32(
406                                                         TD_TOKEN_TOGGLE);
407                                 toggle ^= 1;
408                         }
409                 }
410         }
411
412         wmb();
413         pipe = list_entry(qh->queue.next, struct urb_priv, node)->urb->pipe;
414         usb_settoggle(qh->udev, usb_pipeendpoint(pipe),
415                         usb_pipeout(pipe), toggle);
416         qh->needs_fixup = 0;
417 }
418
419 /*
420  * Link an Isochronous QH into its skeleton's list
421  */
422 static inline void link_iso(struct uhci_hcd *uhci, struct uhci_qh *qh)
423 {
424         list_add_tail(&qh->node, &uhci->skel_iso_qh->node);
425
426         /* Isochronous QHs aren't linked by the hardware */
427 }
428
429 /*
430  * Link a high-period interrupt QH into the schedule at the end of its
431  * skeleton's list
432  */
433 static void link_interrupt(struct uhci_hcd *uhci, struct uhci_qh *qh)
434 {
435         struct uhci_qh *pqh;
436
437         list_add_tail(&qh->node, &uhci->skelqh[qh->skel]->node);
438
439         pqh = list_entry(qh->node.prev, struct uhci_qh, node);
440         qh->link = pqh->link;
441         wmb();
442         pqh->link = LINK_TO_QH(qh);
443 }
444
445 /*
446  * Link a period-1 interrupt or async QH into the schedule at the
447  * correct spot in the async skeleton's list, and update the FSBR link
448  */
449 static void link_async(struct uhci_hcd *uhci, struct uhci_qh *qh)
450 {
451         struct uhci_qh *pqh;
452         __le32 link_to_new_qh;
453
454         /* Find the predecessor QH for our new one and insert it in the list.
455          * The list of QHs is expected to be short, so linear search won't
456          * take too long. */
457         list_for_each_entry_reverse(pqh, &uhci->skel_async_qh->node, node) {
458                 if (pqh->skel <= qh->skel)
459                         break;
460         }
461         list_add(&qh->node, &pqh->node);
462
463         /* Link it into the schedule */
464         qh->link = pqh->link;
465         wmb();
466         link_to_new_qh = LINK_TO_QH(qh);
467         pqh->link = link_to_new_qh;
468
469         /* If this is now the first FSBR QH, link the terminating skeleton
470          * QH to it. */
471         if (pqh->skel < SKEL_FSBR && qh->skel >= SKEL_FSBR)
472                 uhci->skel_term_qh->link = link_to_new_qh;
473 }
474
475 /*
476  * Put a QH on the schedule in both hardware and software
477  */
478 static void uhci_activate_qh(struct uhci_hcd *uhci, struct uhci_qh *qh)
479 {
480         WARN_ON(list_empty(&qh->queue));
481
482         /* Set the element pointer if it isn't set already.
483          * This isn't needed for Isochronous queues, but it doesn't hurt. */
484         if (qh_element(qh) == UHCI_PTR_TERM) {
485                 struct urb_priv *urbp = list_entry(qh->queue.next,
486                                 struct urb_priv, node);
487                 struct uhci_td *td = list_entry(urbp->td_list.next,
488                                 struct uhci_td, list);
489
490                 qh->element = LINK_TO_TD(td);
491         }
492
493         /* Treat the queue as if it has just advanced */
494         qh->wait_expired = 0;
495         qh->advance_jiffies = jiffies;
496
497         if (qh->state == QH_STATE_ACTIVE)
498                 return;
499         qh->state = QH_STATE_ACTIVE;
500
501         /* Move the QH from its old list to the correct spot in the appropriate
502          * skeleton's list */
503         if (qh == uhci->next_qh)
504                 uhci->next_qh = list_entry(qh->node.next, struct uhci_qh,
505                                 node);
506         list_del(&qh->node);
507
508         if (qh->skel == SKEL_ISO)
509                 link_iso(uhci, qh);
510         else if (qh->skel < SKEL_ASYNC)
511                 link_interrupt(uhci, qh);
512         else
513                 link_async(uhci, qh);
514 }
515
516 /*
517  * Unlink a high-period interrupt QH from the schedule
518  */
519 static void unlink_interrupt(struct uhci_hcd *uhci, struct uhci_qh *qh)
520 {
521         struct uhci_qh *pqh;
522
523         pqh = list_entry(qh->node.prev, struct uhci_qh, node);
524         pqh->link = qh->link;
525         mb();
526 }
527
528 /*
529  * Unlink a period-1 interrupt or async QH from the schedule
530  */
531 static void unlink_async(struct uhci_hcd *uhci, struct uhci_qh *qh)
532 {
533         struct uhci_qh *pqh;
534         __le32 link_to_next_qh = qh->link;
535
536         pqh = list_entry(qh->node.prev, struct uhci_qh, node);
537         pqh->link = link_to_next_qh;
538
539         /* If this was the old first FSBR QH, link the terminating skeleton
540          * QH to the next (new first FSBR) QH. */
541         if (pqh->skel < SKEL_FSBR && qh->skel >= SKEL_FSBR)
542                 uhci->skel_term_qh->link = link_to_next_qh;
543         mb();
544 }
545
546 /*
547  * Take a QH off the hardware schedule
548  */
549 static void uhci_unlink_qh(struct uhci_hcd *uhci, struct uhci_qh *qh)
550 {
551         if (qh->state == QH_STATE_UNLINKING)
552                 return;
553         WARN_ON(qh->state != QH_STATE_ACTIVE || !qh->udev);
554         qh->state = QH_STATE_UNLINKING;
555
556         /* Unlink the QH from the schedule and record when we did it */
557         if (qh->skel == SKEL_ISO)
558                 ;
559         else if (qh->skel < SKEL_ASYNC)
560                 unlink_interrupt(uhci, qh);
561         else
562                 unlink_async(uhci, qh);
563
564         uhci_get_current_frame_number(uhci);
565         qh->unlink_frame = uhci->frame_number;
566
567         /* Force an interrupt so we know when the QH is fully unlinked */
568         if (list_empty(&uhci->skel_unlink_qh->node))
569                 uhci_set_next_interrupt(uhci);
570
571         /* Move the QH from its old list to the end of the unlinking list */
572         if (qh == uhci->next_qh)
573                 uhci->next_qh = list_entry(qh->node.next, struct uhci_qh,
574                                 node);
575         list_move_tail(&qh->node, &uhci->skel_unlink_qh->node);
576 }
577
578 /*
579  * When we and the controller are through with a QH, it becomes IDLE.
580  * This happens when a QH has been off the schedule (on the unlinking
581  * list) for more than one frame, or when an error occurs while adding
582  * the first URB onto a new QH.
583  */
584 static void uhci_make_qh_idle(struct uhci_hcd *uhci, struct uhci_qh *qh)
585 {
586         WARN_ON(qh->state == QH_STATE_ACTIVE);
587
588         if (qh == uhci->next_qh)
589                 uhci->next_qh = list_entry(qh->node.next, struct uhci_qh,
590                                 node);
591         list_move(&qh->node, &uhci->idle_qh_list);
592         qh->state = QH_STATE_IDLE;
593
594         /* Now that the QH is idle, its post_td isn't being used */
595         if (qh->post_td) {
596                 uhci_free_td(uhci, qh->post_td);
597                 qh->post_td = NULL;
598         }
599
600         /* If anyone is waiting for a QH to become idle, wake them up */
601         if (uhci->num_waiting)
602                 wake_up_all(&uhci->waitqh);
603 }
604
605 /*
606  * Find the highest existing bandwidth load for a given phase and period.
607  */
608 static int uhci_highest_load(struct uhci_hcd *uhci, int phase, int period)
609 {
610         int highest_load = uhci->load[phase];
611
612         for (phase += period; phase < MAX_PHASE; phase += period)
613                 highest_load = max_t(int, highest_load, uhci->load[phase]);
614         return highest_load;
615 }
616
617 /*
618  * Set qh->phase to the optimal phase for a periodic transfer and
619  * check whether the bandwidth requirement is acceptable.
620  */
621 static int uhci_check_bandwidth(struct uhci_hcd *uhci, struct uhci_qh *qh)
622 {
623         int minimax_load;
624
625         /* Find the optimal phase (unless it is already set) and get
626          * its load value. */
627         if (qh->phase >= 0)
628                 minimax_load = uhci_highest_load(uhci, qh->phase, qh->period);
629         else {
630                 int phase, load;
631                 int max_phase = min_t(int, MAX_PHASE, qh->period);
632
633                 qh->phase = 0;
634                 minimax_load = uhci_highest_load(uhci, qh->phase, qh->period);
635                 for (phase = 1; phase < max_phase; ++phase) {
636                         load = uhci_highest_load(uhci, phase, qh->period);
637                         if (load < minimax_load) {
638                                 minimax_load = load;
639                                 qh->phase = phase;
640                         }
641                 }
642         }
643
644         /* Maximum allowable periodic bandwidth is 90%, or 900 us per frame */
645         if (minimax_load + qh->load > 900) {
646                 dev_dbg(uhci_dev(uhci), "bandwidth allocation failed: "
647                                 "period %d, phase %d, %d + %d us\n",
648                                 qh->period, qh->phase, minimax_load, qh->load);
649                 return -ENOSPC;
650         }
651         return 0;
652 }
653
654 /*
655  * Reserve a periodic QH's bandwidth in the schedule
656  */
657 static void uhci_reserve_bandwidth(struct uhci_hcd *uhci, struct uhci_qh *qh)
658 {
659         int i;
660         int load = qh->load;
661         char *p = "??";
662
663         for (i = qh->phase; i < MAX_PHASE; i += qh->period) {
664                 uhci->load[i] += load;
665                 uhci->total_load += load;
666         }
667         uhci_to_hcd(uhci)->self.bandwidth_allocated =
668                         uhci->total_load / MAX_PHASE;
669         switch (qh->type) {
670         case USB_ENDPOINT_XFER_INT:
671                 ++uhci_to_hcd(uhci)->self.bandwidth_int_reqs;
672                 p = "INT";
673                 break;
674         case USB_ENDPOINT_XFER_ISOC:
675                 ++uhci_to_hcd(uhci)->self.bandwidth_isoc_reqs;
676                 p = "ISO";
677                 break;
678         }
679         qh->bandwidth_reserved = 1;
680         dev_dbg(uhci_dev(uhci),
681                         "%s dev %d ep%02x-%s, period %d, phase %d, %d us\n",
682                         "reserve", qh->udev->devnum,
683                         qh->hep->desc.bEndpointAddress, p,
684                         qh->period, qh->phase, load);
685 }
686
687 /*
688  * Release a periodic QH's bandwidth reservation
689  */
690 static void uhci_release_bandwidth(struct uhci_hcd *uhci, struct uhci_qh *qh)
691 {
692         int i;
693         int load = qh->load;
694         char *p = "??";
695
696         for (i = qh->phase; i < MAX_PHASE; i += qh->period) {
697                 uhci->load[i] -= load;
698                 uhci->total_load -= load;
699         }
700         uhci_to_hcd(uhci)->self.bandwidth_allocated =
701                         uhci->total_load / MAX_PHASE;
702         switch (qh->type) {
703         case USB_ENDPOINT_XFER_INT:
704                 --uhci_to_hcd(uhci)->self.bandwidth_int_reqs;
705                 p = "INT";
706                 break;
707         case USB_ENDPOINT_XFER_ISOC:
708                 --uhci_to_hcd(uhci)->self.bandwidth_isoc_reqs;
709                 p = "ISO";
710                 break;
711         }
712         qh->bandwidth_reserved = 0;
713         dev_dbg(uhci_dev(uhci),
714                         "%s dev %d ep%02x-%s, period %d, phase %d, %d us\n",
715                         "release", qh->udev->devnum,
716                         qh->hep->desc.bEndpointAddress, p,
717                         qh->period, qh->phase, load);
718 }
719
720 static inline struct urb_priv *uhci_alloc_urb_priv(struct uhci_hcd *uhci,
721                 struct urb *urb)
722 {
723         struct urb_priv *urbp;
724
725         urbp = kmem_cache_zalloc(uhci_up_cachep, GFP_ATOMIC);
726         if (!urbp)
727                 return NULL;
728
729         urbp->urb = urb;
730         urb->hcpriv = urbp;
731         
732         INIT_LIST_HEAD(&urbp->node);
733         INIT_LIST_HEAD(&urbp->td_list);
734
735         return urbp;
736 }
737
738 static void uhci_free_urb_priv(struct uhci_hcd *uhci,
739                 struct urb_priv *urbp)
740 {
741         struct uhci_td *td, *tmp;
742
743         if (!list_empty(&urbp->node))
744                 dev_warn(uhci_dev(uhci), "urb %p still on QH's list!\n",
745                                 urbp->urb);
746
747         list_for_each_entry_safe(td, tmp, &urbp->td_list, list) {
748                 uhci_remove_td_from_urbp(td);
749                 uhci_free_td(uhci, td);
750         }
751
752         urbp->urb->hcpriv = NULL;
753         kmem_cache_free(uhci_up_cachep, urbp);
754 }
755
756 /*
757  * Map status to standard result codes
758  *
759  * <status> is (td_status(td) & 0xF60000), a.k.a.
760  * uhci_status_bits(td_status(td)).
761  * Note: <status> does not include the TD_CTRL_NAK bit.
762  * <dir_out> is True for output TDs and False for input TDs.
763  */
764 static int uhci_map_status(int status, int dir_out)
765 {
766         if (!status)
767                 return 0;
768         if (status & TD_CTRL_BITSTUFF)                  /* Bitstuff error */
769                 return -EPROTO;
770         if (status & TD_CTRL_CRCTIMEO) {                /* CRC/Timeout */
771                 if (dir_out)
772                         return -EPROTO;
773                 else
774                         return -EILSEQ;
775         }
776         if (status & TD_CTRL_BABBLE)                    /* Babble */
777                 return -EOVERFLOW;
778         if (status & TD_CTRL_DBUFERR)                   /* Buffer error */
779                 return -ENOSR;
780         if (status & TD_CTRL_STALLED)                   /* Stalled */
781                 return -EPIPE;
782         return 0;
783 }
784
785 /*
786  * Control transfers
787  */
788 static int uhci_submit_control(struct uhci_hcd *uhci, struct urb *urb,
789                 struct uhci_qh *qh)
790 {
791         struct uhci_td *td;
792         unsigned long destination, status;
793         int maxsze = le16_to_cpu(qh->hep->desc.wMaxPacketSize);
794         int len = urb->transfer_buffer_length;
795         dma_addr_t data = urb->transfer_dma;
796         __le32 *plink;
797         struct urb_priv *urbp = urb->hcpriv;
798         int skel;
799
800         /* The "pipe" thing contains the destination in bits 8--18 */
801         destination = (urb->pipe & PIPE_DEVEP_MASK) | USB_PID_SETUP;
802
803         /* 3 errors, dummy TD remains inactive */
804         status = uhci_maxerr(3);
805         if (urb->dev->speed == USB_SPEED_LOW)
806                 status |= TD_CTRL_LS;
807
808         /*
809          * Build the TD for the control request setup packet
810          */
811         td = qh->dummy_td;
812         uhci_add_td_to_urbp(td, urbp);
813         uhci_fill_td(td, status, destination | uhci_explen(8),
814                         urb->setup_dma);
815         plink = &td->link;
816         status |= TD_CTRL_ACTIVE;
817
818         /*
819          * If direction is "send", change the packet ID from SETUP (0x2D)
820          * to OUT (0xE1).  Else change it from SETUP to IN (0x69) and
821          * set Short Packet Detect (SPD) for all data packets.
822          */
823         if (usb_pipeout(urb->pipe))
824                 destination ^= (USB_PID_SETUP ^ USB_PID_OUT);
825         else {
826                 destination ^= (USB_PID_SETUP ^ USB_PID_IN);
827                 status |= TD_CTRL_SPD;
828         }
829
830         /*
831          * Build the DATA TDs
832          */
833         while (len > 0) {
834                 int pktsze = min(len, maxsze);
835
836                 td = uhci_alloc_td(uhci);
837                 if (!td)
838                         goto nomem;
839                 *plink = LINK_TO_TD(td);
840
841                 /* Alternate Data0/1 (start with Data1) */
842                 destination ^= TD_TOKEN_TOGGLE;
843         
844                 uhci_add_td_to_urbp(td, urbp);
845                 uhci_fill_td(td, status, destination | uhci_explen(pktsze),
846                                 data);
847                 plink = &td->link;
848
849                 data += pktsze;
850                 len -= pktsze;
851         }
852
853         /*
854          * Build the final TD for control status 
855          */
856         td = uhci_alloc_td(uhci);
857         if (!td)
858                 goto nomem;
859         *plink = LINK_TO_TD(td);
860
861         /*
862          * It's IN if the pipe is an output pipe or we're not expecting
863          * data back.
864          */
865         destination &= ~TD_TOKEN_PID_MASK;
866         if (usb_pipeout(urb->pipe) || !urb->transfer_buffer_length)
867                 destination |= USB_PID_IN;
868         else
869                 destination |= USB_PID_OUT;
870
871         destination |= TD_TOKEN_TOGGLE;         /* End in Data1 */
872
873         status &= ~TD_CTRL_SPD;
874
875         uhci_add_td_to_urbp(td, urbp);
876         uhci_fill_td(td, status | TD_CTRL_IOC,
877                         destination | uhci_explen(0), 0);
878         plink = &td->link;
879
880         /*
881          * Build the new dummy TD and activate the old one
882          */
883         td = uhci_alloc_td(uhci);
884         if (!td)
885                 goto nomem;
886         *plink = LINK_TO_TD(td);
887
888         uhci_fill_td(td, 0, USB_PID_OUT | uhci_explen(0), 0);
889         wmb();
890         qh->dummy_td->status |= __constant_cpu_to_le32(TD_CTRL_ACTIVE);
891         qh->dummy_td = td;
892
893         /* Low-speed transfers get a different queue, and won't hog the bus.
894          * Also, some devices enumerate better without FSBR; the easiest way
895          * to do that is to put URBs on the low-speed queue while the device
896          * isn't in the CONFIGURED state. */
897         if (urb->dev->speed == USB_SPEED_LOW ||
898                         urb->dev->state != USB_STATE_CONFIGURED)
899                 skel = SKEL_LS_CONTROL;
900         else {
901                 skel = SKEL_FS_CONTROL;
902                 uhci_add_fsbr(uhci, urb);
903         }
904         if (qh->state != QH_STATE_ACTIVE)
905                 qh->skel = skel;
906
907         urb->actual_length = -8;        /* Account for the SETUP packet */
908         return 0;
909
910 nomem:
911         /* Remove the dummy TD from the td_list so it doesn't get freed */
912         uhci_remove_td_from_urbp(qh->dummy_td);
913         return -ENOMEM;
914 }
915
916 /*
917  * Common submit for bulk and interrupt
918  */
919 static int uhci_submit_common(struct uhci_hcd *uhci, struct urb *urb,
920                 struct uhci_qh *qh)
921 {
922         struct uhci_td *td;
923         unsigned long destination, status;
924         int maxsze = le16_to_cpu(qh->hep->desc.wMaxPacketSize);
925         int len = urb->transfer_buffer_length;
926         dma_addr_t data = urb->transfer_dma;
927         __le32 *plink;
928         struct urb_priv *urbp = urb->hcpriv;
929         unsigned int toggle;
930
931         if (len < 0)
932                 return -EINVAL;
933
934         /* The "pipe" thing contains the destination in bits 8--18 */
935         destination = (urb->pipe & PIPE_DEVEP_MASK) | usb_packetid(urb->pipe);
936         toggle = usb_gettoggle(urb->dev, usb_pipeendpoint(urb->pipe),
937                          usb_pipeout(urb->pipe));
938
939         /* 3 errors, dummy TD remains inactive */
940         status = uhci_maxerr(3);
941         if (urb->dev->speed == USB_SPEED_LOW)
942                 status |= TD_CTRL_LS;
943         if (usb_pipein(urb->pipe))
944                 status |= TD_CTRL_SPD;
945
946         /*
947          * Build the DATA TDs
948          */
949         plink = NULL;
950         td = qh->dummy_td;
951         do {    /* Allow zero length packets */
952                 int pktsze = maxsze;
953
954                 if (len <= pktsze) {            /* The last packet */
955                         pktsze = len;
956                         if (!(urb->transfer_flags & URB_SHORT_NOT_OK))
957                                 status &= ~TD_CTRL_SPD;
958                 }
959
960                 if (plink) {
961                         td = uhci_alloc_td(uhci);
962                         if (!td)
963                                 goto nomem;
964                         *plink = LINK_TO_TD(td);
965                 }
966                 uhci_add_td_to_urbp(td, urbp);
967                 uhci_fill_td(td, status,
968                                 destination | uhci_explen(pktsze) |
969                                         (toggle << TD_TOKEN_TOGGLE_SHIFT),
970                                 data);
971                 plink = &td->link;
972                 status |= TD_CTRL_ACTIVE;
973
974                 data += pktsze;
975                 len -= maxsze;
976                 toggle ^= 1;
977         } while (len > 0);
978
979         /*
980          * URB_ZERO_PACKET means adding a 0-length packet, if direction
981          * is OUT and the transfer_length was an exact multiple of maxsze,
982          * hence (len = transfer_length - N * maxsze) == 0
983          * however, if transfer_length == 0, the zero packet was already
984          * prepared above.
985          */
986         if ((urb->transfer_flags & URB_ZERO_PACKET) &&
987                         usb_pipeout(urb->pipe) && len == 0 &&
988                         urb->transfer_buffer_length > 0) {
989                 td = uhci_alloc_td(uhci);
990                 if (!td)
991                         goto nomem;
992                 *plink = LINK_TO_TD(td);
993
994                 uhci_add_td_to_urbp(td, urbp);
995                 uhci_fill_td(td, status,
996                                 destination | uhci_explen(0) |
997                                         (toggle << TD_TOKEN_TOGGLE_SHIFT),
998                                 data);
999                 plink = &td->link;
1000
1001                 toggle ^= 1;
1002         }
1003
1004         /* Set the interrupt-on-completion flag on the last packet.
1005          * A more-or-less typical 4 KB URB (= size of one memory page)
1006          * will require about 3 ms to transfer; that's a little on the
1007          * fast side but not enough to justify delaying an interrupt
1008          * more than 2 or 3 URBs, so we will ignore the URB_NO_INTERRUPT
1009          * flag setting. */
1010         td->status |= __constant_cpu_to_le32(TD_CTRL_IOC);
1011
1012         /*
1013          * Build the new dummy TD and activate the old one
1014          */
1015         td = uhci_alloc_td(uhci);
1016         if (!td)
1017                 goto nomem;
1018         *plink = LINK_TO_TD(td);
1019
1020         uhci_fill_td(td, 0, USB_PID_OUT | uhci_explen(0), 0);
1021         wmb();
1022         qh->dummy_td->status |= __constant_cpu_to_le32(TD_CTRL_ACTIVE);
1023         qh->dummy_td = td;
1024
1025         usb_settoggle(urb->dev, usb_pipeendpoint(urb->pipe),
1026                         usb_pipeout(urb->pipe), toggle);
1027         return 0;
1028
1029 nomem:
1030         /* Remove the dummy TD from the td_list so it doesn't get freed */
1031         uhci_remove_td_from_urbp(qh->dummy_td);
1032         return -ENOMEM;
1033 }
1034
1035 static int uhci_submit_bulk(struct uhci_hcd *uhci, struct urb *urb,
1036                 struct uhci_qh *qh)
1037 {
1038         int ret;
1039
1040         /* Can't have low-speed bulk transfers */
1041         if (urb->dev->speed == USB_SPEED_LOW)
1042                 return -EINVAL;
1043
1044         if (qh->state != QH_STATE_ACTIVE)
1045                 qh->skel = SKEL_BULK;
1046         ret = uhci_submit_common(uhci, urb, qh);
1047         if (ret == 0)
1048                 uhci_add_fsbr(uhci, urb);
1049         return ret;
1050 }
1051
1052 static int uhci_submit_interrupt(struct uhci_hcd *uhci, struct urb *urb,
1053                 struct uhci_qh *qh)
1054 {
1055         int ret;
1056
1057         /* USB 1.1 interrupt transfers only involve one packet per interval.
1058          * Drivers can submit URBs of any length, but longer ones will need
1059          * multiple intervals to complete.
1060          */
1061
1062         if (!qh->bandwidth_reserved) {
1063                 int exponent;
1064
1065                 /* Figure out which power-of-two queue to use */
1066                 for (exponent = 7; exponent >= 0; --exponent) {
1067                         if ((1 << exponent) <= urb->interval)
1068                                 break;
1069                 }
1070                 if (exponent < 0)
1071                         return -EINVAL;
1072                 qh->period = 1 << exponent;
1073                 qh->skel = SKEL_INDEX(exponent);
1074
1075                 /* For now, interrupt phase is fixed by the layout
1076                  * of the QH lists. */
1077                 qh->phase = (qh->period / 2) & (MAX_PHASE - 1);
1078                 ret = uhci_check_bandwidth(uhci, qh);
1079                 if (ret)
1080                         return ret;
1081         } else if (qh->period > urb->interval)
1082                 return -EINVAL;         /* Can't decrease the period */
1083
1084         ret = uhci_submit_common(uhci, urb, qh);
1085         if (ret == 0) {
1086                 urb->interval = qh->period;
1087                 if (!qh->bandwidth_reserved)
1088                         uhci_reserve_bandwidth(uhci, qh);
1089         }
1090         return ret;
1091 }
1092
1093 /*
1094  * Fix up the data structures following a short transfer
1095  */
1096 static int uhci_fixup_short_transfer(struct uhci_hcd *uhci,
1097                 struct uhci_qh *qh, struct urb_priv *urbp)
1098 {
1099         struct uhci_td *td;
1100         struct list_head *tmp;
1101         int ret;
1102
1103         td = list_entry(urbp->td_list.prev, struct uhci_td, list);
1104         if (qh->type == USB_ENDPOINT_XFER_CONTROL) {
1105
1106                 /* When a control transfer is short, we have to restart
1107                  * the queue at the status stage transaction, which is
1108                  * the last TD. */
1109                 WARN_ON(list_empty(&urbp->td_list));
1110                 qh->element = LINK_TO_TD(td);
1111                 tmp = td->list.prev;
1112                 ret = -EINPROGRESS;
1113
1114         } else {
1115
1116                 /* When a bulk/interrupt transfer is short, we have to
1117                  * fix up the toggles of the following URBs on the queue
1118                  * before restarting the queue at the next URB. */
1119                 qh->initial_toggle = uhci_toggle(td_token(qh->post_td)) ^ 1;
1120                 uhci_fixup_toggles(qh, 1);
1121
1122                 if (list_empty(&urbp->td_list))
1123                         td = qh->post_td;
1124                 qh->element = td->link;
1125                 tmp = urbp->td_list.prev;
1126                 ret = 0;
1127         }
1128
1129         /* Remove all the TDs we skipped over, from tmp back to the start */
1130         while (tmp != &urbp->td_list) {
1131                 td = list_entry(tmp, struct uhci_td, list);
1132                 tmp = tmp->prev;
1133
1134                 uhci_remove_td_from_urbp(td);
1135                 uhci_free_td(uhci, td);
1136         }
1137         return ret;
1138 }
1139
1140 /*
1141  * Common result for control, bulk, and interrupt
1142  */
1143 static int uhci_result_common(struct uhci_hcd *uhci, struct urb *urb)
1144 {
1145         struct urb_priv *urbp = urb->hcpriv;
1146         struct uhci_qh *qh = urbp->qh;
1147         struct uhci_td *td, *tmp;
1148         unsigned status;
1149         int ret = 0;
1150
1151         list_for_each_entry_safe(td, tmp, &urbp->td_list, list) {
1152                 unsigned int ctrlstat;
1153                 int len;
1154
1155                 ctrlstat = td_status(td);
1156                 status = uhci_status_bits(ctrlstat);
1157                 if (status & TD_CTRL_ACTIVE)
1158                         return -EINPROGRESS;
1159
1160                 len = uhci_actual_length(ctrlstat);
1161                 urb->actual_length += len;
1162
1163                 if (status) {
1164                         ret = uhci_map_status(status,
1165                                         uhci_packetout(td_token(td)));
1166                         if ((debug == 1 && ret != -EPIPE) || debug > 1) {
1167                                 /* Some debugging code */
1168                                 dev_dbg(&urb->dev->dev,
1169                                                 "%s: failed with status %x\n",
1170                                                 __FUNCTION__, status);
1171
1172                                 if (debug > 1 && errbuf) {
1173                                         /* Print the chain for debugging */
1174                                         uhci_show_qh(uhci, urbp->qh, errbuf,
1175                                                         ERRBUF_LEN, 0);
1176                                         lprintk(errbuf);
1177                                 }
1178                         }
1179
1180                 } else if (len < uhci_expected_length(td_token(td))) {
1181
1182                         /* We received a short packet */
1183                         if (urb->transfer_flags & URB_SHORT_NOT_OK)
1184                                 ret = -EREMOTEIO;
1185
1186                         /* Fixup needed only if this isn't the URB's last TD */
1187                         else if (&td->list != urbp->td_list.prev)
1188                                 ret = 1;
1189                 }
1190
1191                 uhci_remove_td_from_urbp(td);
1192                 if (qh->post_td)
1193                         uhci_free_td(uhci, qh->post_td);
1194                 qh->post_td = td;
1195
1196                 if (ret != 0)
1197                         goto err;
1198         }
1199         return ret;
1200
1201 err:
1202         if (ret < 0) {
1203                 /* In case a control transfer gets an error
1204                  * during the setup stage */
1205                 urb->actual_length = max(urb->actual_length, 0);
1206
1207                 /* Note that the queue has stopped and save
1208                  * the next toggle value */
1209                 qh->element = UHCI_PTR_TERM;
1210                 qh->is_stopped = 1;
1211                 qh->needs_fixup = (qh->type != USB_ENDPOINT_XFER_CONTROL);
1212                 qh->initial_toggle = uhci_toggle(td_token(td)) ^
1213                                 (ret == -EREMOTEIO);
1214
1215         } else          /* Short packet received */
1216                 ret = uhci_fixup_short_transfer(uhci, qh, urbp);
1217         return ret;
1218 }
1219
1220 /*
1221  * Isochronous transfers
1222  */
1223 static int uhci_submit_isochronous(struct uhci_hcd *uhci, struct urb *urb,
1224                 struct uhci_qh *qh)
1225 {
1226         struct uhci_td *td = NULL;      /* Since urb->number_of_packets > 0 */
1227         int i, frame;
1228         unsigned long destination, status;
1229         struct urb_priv *urbp = (struct urb_priv *) urb->hcpriv;
1230
1231         /* Values must not be too big (could overflow below) */
1232         if (urb->interval >= UHCI_NUMFRAMES ||
1233                         urb->number_of_packets >= UHCI_NUMFRAMES)
1234                 return -EFBIG;
1235
1236         /* Check the period and figure out the starting frame number */
1237         if (!qh->bandwidth_reserved) {
1238                 qh->period = urb->interval;
1239                 if (urb->transfer_flags & URB_ISO_ASAP) {
1240                         qh->phase = -1;         /* Find the best phase */
1241                         i = uhci_check_bandwidth(uhci, qh);
1242                         if (i)
1243                                 return i;
1244
1245                         /* Allow a little time to allocate the TDs */
1246                         uhci_get_current_frame_number(uhci);
1247                         frame = uhci->frame_number + 10;
1248
1249                         /* Move forward to the first frame having the
1250                          * correct phase */
1251                         urb->start_frame = frame + ((qh->phase - frame) &
1252                                         (qh->period - 1));
1253                 } else {
1254                         i = urb->start_frame - uhci->last_iso_frame;
1255                         if (i <= 0 || i >= UHCI_NUMFRAMES)
1256                                 return -EINVAL;
1257                         qh->phase = urb->start_frame & (qh->period - 1);
1258                         i = uhci_check_bandwidth(uhci, qh);
1259                         if (i)
1260                                 return i;
1261                 }
1262
1263         } else if (qh->period != urb->interval) {
1264                 return -EINVAL;         /* Can't change the period */
1265
1266         } else {        /* Pick up where the last URB leaves off */
1267                 if (list_empty(&qh->queue)) {
1268                         frame = qh->iso_frame;
1269                 } else {
1270                         struct urb *lurb;
1271
1272                         lurb = list_entry(qh->queue.prev,
1273                                         struct urb_priv, node)->urb;
1274                         frame = lurb->start_frame +
1275                                         lurb->number_of_packets *
1276                                         lurb->interval;
1277                 }
1278                 if (urb->transfer_flags & URB_ISO_ASAP)
1279                         urb->start_frame = frame;
1280                 else if (urb->start_frame != frame)
1281                         return -EINVAL;
1282         }
1283
1284         /* Make sure we won't have to go too far into the future */
1285         if (uhci_frame_before_eq(uhci->last_iso_frame + UHCI_NUMFRAMES,
1286                         urb->start_frame + urb->number_of_packets *
1287                                 urb->interval))
1288                 return -EFBIG;
1289
1290         status = TD_CTRL_ACTIVE | TD_CTRL_IOS;
1291         destination = (urb->pipe & PIPE_DEVEP_MASK) | usb_packetid(urb->pipe);
1292
1293         for (i = 0; i < urb->number_of_packets; i++) {
1294                 td = uhci_alloc_td(uhci);
1295                 if (!td)
1296                         return -ENOMEM;
1297
1298                 uhci_add_td_to_urbp(td, urbp);
1299                 uhci_fill_td(td, status, destination |
1300                                 uhci_explen(urb->iso_frame_desc[i].length),
1301                                 urb->transfer_dma +
1302                                         urb->iso_frame_desc[i].offset);
1303         }
1304
1305         /* Set the interrupt-on-completion flag on the last packet. */
1306         td->status |= __constant_cpu_to_le32(TD_CTRL_IOC);
1307
1308         /* Add the TDs to the frame list */
1309         frame = urb->start_frame;
1310         list_for_each_entry(td, &urbp->td_list, list) {
1311                 uhci_insert_td_in_frame_list(uhci, td, frame);
1312                 frame += qh->period;
1313         }
1314
1315         if (list_empty(&qh->queue)) {
1316                 qh->iso_packet_desc = &urb->iso_frame_desc[0];
1317                 qh->iso_frame = urb->start_frame;
1318                 qh->iso_status = 0;
1319         }
1320
1321         qh->skel = SKEL_ISO;
1322         if (!qh->bandwidth_reserved)
1323                 uhci_reserve_bandwidth(uhci, qh);
1324         return 0;
1325 }
1326
1327 static int uhci_result_isochronous(struct uhci_hcd *uhci, struct urb *urb)
1328 {
1329         struct uhci_td *td, *tmp;
1330         struct urb_priv *urbp = urb->hcpriv;
1331         struct uhci_qh *qh = urbp->qh;
1332
1333         list_for_each_entry_safe(td, tmp, &urbp->td_list, list) {
1334                 unsigned int ctrlstat;
1335                 int status;
1336                 int actlength;
1337
1338                 if (uhci_frame_before_eq(uhci->cur_iso_frame, qh->iso_frame))
1339                         return -EINPROGRESS;
1340
1341                 uhci_remove_tds_from_frame(uhci, qh->iso_frame);
1342
1343                 ctrlstat = td_status(td);
1344                 if (ctrlstat & TD_CTRL_ACTIVE) {
1345                         status = -EXDEV;        /* TD was added too late? */
1346                 } else {
1347                         status = uhci_map_status(uhci_status_bits(ctrlstat),
1348                                         usb_pipeout(urb->pipe));
1349                         actlength = uhci_actual_length(ctrlstat);
1350
1351                         urb->actual_length += actlength;
1352                         qh->iso_packet_desc->actual_length = actlength;
1353                         qh->iso_packet_desc->status = status;
1354                 }
1355
1356                 if (status) {
1357                         urb->error_count++;
1358                         qh->iso_status = status;
1359                 }
1360
1361                 uhci_remove_td_from_urbp(td);
1362                 uhci_free_td(uhci, td);
1363                 qh->iso_frame += qh->period;
1364                 ++qh->iso_packet_desc;
1365         }
1366         return qh->iso_status;
1367 }
1368
1369 static int uhci_urb_enqueue(struct usb_hcd *hcd,
1370                 struct usb_host_endpoint *hep,
1371                 struct urb *urb, gfp_t mem_flags)
1372 {
1373         int ret;
1374         struct uhci_hcd *uhci = hcd_to_uhci(hcd);
1375         unsigned long flags;
1376         struct urb_priv *urbp;
1377         struct uhci_qh *qh;
1378
1379         spin_lock_irqsave(&uhci->lock, flags);
1380
1381         ret = urb->status;
1382         if (ret != -EINPROGRESS)                /* URB already unlinked! */
1383                 goto done;
1384
1385         ret = -ENOMEM;
1386         urbp = uhci_alloc_urb_priv(uhci, urb);
1387         if (!urbp)
1388                 goto done;
1389
1390         if (hep->hcpriv)
1391                 qh = (struct uhci_qh *) hep->hcpriv;
1392         else {
1393                 qh = uhci_alloc_qh(uhci, urb->dev, hep);
1394                 if (!qh)
1395                         goto err_no_qh;
1396         }
1397         urbp->qh = qh;
1398
1399         switch (qh->type) {
1400         case USB_ENDPOINT_XFER_CONTROL:
1401                 ret = uhci_submit_control(uhci, urb, qh);
1402                 break;
1403         case USB_ENDPOINT_XFER_BULK:
1404                 ret = uhci_submit_bulk(uhci, urb, qh);
1405                 break;
1406         case USB_ENDPOINT_XFER_INT:
1407                 ret = uhci_submit_interrupt(uhci, urb, qh);
1408                 break;
1409         case USB_ENDPOINT_XFER_ISOC:
1410                 urb->error_count = 0;
1411                 ret = uhci_submit_isochronous(uhci, urb, qh);
1412                 break;
1413         }
1414         if (ret != 0)
1415                 goto err_submit_failed;
1416
1417         /* Add this URB to the QH */
1418         urbp->qh = qh;
1419         list_add_tail(&urbp->node, &qh->queue);
1420
1421         /* If the new URB is the first and only one on this QH then either
1422          * the QH is new and idle or else it's unlinked and waiting to
1423          * become idle, so we can activate it right away.  But only if the
1424          * queue isn't stopped. */
1425         if (qh->queue.next == &urbp->node && !qh->is_stopped) {
1426                 uhci_activate_qh(uhci, qh);
1427                 uhci_urbp_wants_fsbr(uhci, urbp);
1428         }
1429         goto done;
1430
1431 err_submit_failed:
1432         if (qh->state == QH_STATE_IDLE)
1433                 uhci_make_qh_idle(uhci, qh);    /* Reclaim unused QH */
1434
1435 err_no_qh:
1436         uhci_free_urb_priv(uhci, urbp);
1437
1438 done:
1439         spin_unlock_irqrestore(&uhci->lock, flags);
1440         return ret;
1441 }
1442
1443 static int uhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb)
1444 {
1445         struct uhci_hcd *uhci = hcd_to_uhci(hcd);
1446         unsigned long flags;
1447         struct urb_priv *urbp;
1448         struct uhci_qh *qh;
1449
1450         spin_lock_irqsave(&uhci->lock, flags);
1451         urbp = urb->hcpriv;
1452         if (!urbp)                      /* URB was never linked! */
1453                 goto done;
1454         qh = urbp->qh;
1455
1456         /* Remove Isochronous TDs from the frame list ASAP */
1457         if (qh->type == USB_ENDPOINT_XFER_ISOC) {
1458                 uhci_unlink_isochronous_tds(uhci, urb);
1459                 mb();
1460
1461                 /* If the URB has already started, update the QH unlink time */
1462                 uhci_get_current_frame_number(uhci);
1463                 if (uhci_frame_before_eq(urb->start_frame, uhci->frame_number))
1464                         qh->unlink_frame = uhci->frame_number;
1465         }
1466
1467         uhci_unlink_qh(uhci, qh);
1468
1469 done:
1470         spin_unlock_irqrestore(&uhci->lock, flags);
1471         return 0;
1472 }
1473
1474 /*
1475  * Finish unlinking an URB and give it back
1476  */
1477 static void uhci_giveback_urb(struct uhci_hcd *uhci, struct uhci_qh *qh,
1478                 struct urb *urb)
1479 __releases(uhci->lock)
1480 __acquires(uhci->lock)
1481 {
1482         struct urb_priv *urbp = (struct urb_priv *) urb->hcpriv;
1483
1484         /* When giving back the first URB in an Isochronous queue,
1485          * reinitialize the QH's iso-related members for the next URB. */
1486         if (qh->type == USB_ENDPOINT_XFER_ISOC &&
1487                         urbp->node.prev == &qh->queue &&
1488                         urbp->node.next != &qh->queue) {
1489                 struct urb *nurb = list_entry(urbp->node.next,
1490                                 struct urb_priv, node)->urb;
1491
1492                 qh->iso_packet_desc = &nurb->iso_frame_desc[0];
1493                 qh->iso_frame = nurb->start_frame;
1494                 qh->iso_status = 0;
1495         }
1496
1497         /* Take the URB off the QH's queue.  If the queue is now empty,
1498          * this is a perfect time for a toggle fixup. */
1499         list_del_init(&urbp->node);
1500         if (list_empty(&qh->queue) && qh->needs_fixup) {
1501                 usb_settoggle(urb->dev, usb_pipeendpoint(urb->pipe),
1502                                 usb_pipeout(urb->pipe), qh->initial_toggle);
1503                 qh->needs_fixup = 0;
1504         }
1505
1506         uhci_free_urb_priv(uhci, urbp);
1507
1508         spin_unlock(&uhci->lock);
1509         usb_hcd_giveback_urb(uhci_to_hcd(uhci), urb);
1510         spin_lock(&uhci->lock);
1511
1512         /* If the queue is now empty, we can unlink the QH and give up its
1513          * reserved bandwidth. */
1514         if (list_empty(&qh->queue)) {
1515                 uhci_unlink_qh(uhci, qh);
1516                 if (qh->bandwidth_reserved)
1517                         uhci_release_bandwidth(uhci, qh);
1518         }
1519 }
1520
1521 /*
1522  * Scan the URBs in a QH's queue
1523  */
1524 #define QH_FINISHED_UNLINKING(qh)                       \
1525                 (qh->state == QH_STATE_UNLINKING &&     \
1526                 uhci->frame_number + uhci->is_stopped != qh->unlink_frame)
1527
1528 static void uhci_scan_qh(struct uhci_hcd *uhci, struct uhci_qh *qh)
1529 {
1530         struct urb_priv *urbp;
1531         struct urb *urb;
1532         int status;
1533
1534         while (!list_empty(&qh->queue)) {
1535                 urbp = list_entry(qh->queue.next, struct urb_priv, node);
1536                 urb = urbp->urb;
1537
1538                 if (qh->type == USB_ENDPOINT_XFER_ISOC)
1539                         status = uhci_result_isochronous(uhci, urb);
1540                 else
1541                         status = uhci_result_common(uhci, urb);
1542                 if (status == -EINPROGRESS)
1543                         break;
1544
1545                 spin_lock(&urb->lock);
1546                 if (urb->status == -EINPROGRESS)        /* Not dequeued */
1547                         urb->status = status;
1548                 else
1549                         status = ECONNRESET;            /* Not -ECONNRESET */
1550                 spin_unlock(&urb->lock);
1551
1552                 /* Dequeued but completed URBs can't be given back unless
1553                  * the QH is stopped or has finished unlinking. */
1554                 if (status == ECONNRESET) {
1555                         if (QH_FINISHED_UNLINKING(qh))
1556                                 qh->is_stopped = 1;
1557                         else if (!qh->is_stopped)
1558                                 return;
1559                 }
1560
1561                 uhci_giveback_urb(uhci, qh, urb);
1562                 if (status < 0 && qh->type != USB_ENDPOINT_XFER_ISOC)
1563                         break;
1564         }
1565
1566         /* If the QH is neither stopped nor finished unlinking (normal case),
1567          * our work here is done. */
1568         if (QH_FINISHED_UNLINKING(qh))
1569                 qh->is_stopped = 1;
1570         else if (!qh->is_stopped)
1571                 return;
1572
1573         /* Otherwise give back each of the dequeued URBs */
1574 restart:
1575         list_for_each_entry(urbp, &qh->queue, node) {
1576                 urb = urbp->urb;
1577                 if (urb->status != -EINPROGRESS) {
1578
1579                         /* Fix up the TD links and save the toggles for
1580                          * non-Isochronous queues.  For Isochronous queues,
1581                          * test for too-recent dequeues. */
1582                         if (!uhci_cleanup_queue(uhci, qh, urb)) {
1583                                 qh->is_stopped = 0;
1584                                 return;
1585                         }
1586                         uhci_giveback_urb(uhci, qh, urb);
1587                         goto restart;
1588                 }
1589         }
1590         qh->is_stopped = 0;
1591
1592         /* There are no more dequeued URBs.  If there are still URBs on the
1593          * queue, the QH can now be re-activated. */
1594         if (!list_empty(&qh->queue)) {
1595                 if (qh->needs_fixup)
1596                         uhci_fixup_toggles(qh, 0);
1597
1598                 /* If the first URB on the queue wants FSBR but its time
1599                  * limit has expired, set the next TD to interrupt on
1600                  * completion before reactivating the QH. */
1601                 urbp = list_entry(qh->queue.next, struct urb_priv, node);
1602                 if (urbp->fsbr && qh->wait_expired) {
1603                         struct uhci_td *td = list_entry(urbp->td_list.next,
1604                                         struct uhci_td, list);
1605
1606                         td->status |= __cpu_to_le32(TD_CTRL_IOC);
1607                 }
1608
1609                 uhci_activate_qh(uhci, qh);
1610         }
1611
1612         /* The queue is empty.  The QH can become idle if it is fully
1613          * unlinked. */
1614         else if (QH_FINISHED_UNLINKING(qh))
1615                 uhci_make_qh_idle(uhci, qh);
1616 }
1617
1618 /*
1619  * Check for queues that have made some forward progress.
1620  * Returns 0 if the queue is not Isochronous, is ACTIVE, and
1621  * has not advanced since last examined; 1 otherwise.
1622  *
1623  * Early Intel controllers have a bug which causes qh->element sometimes
1624  * not to advance when a TD completes successfully.  The queue remains
1625  * stuck on the inactive completed TD.  We detect such cases and advance
1626  * the element pointer by hand.
1627  */
1628 static int uhci_advance_check(struct uhci_hcd *uhci, struct uhci_qh *qh)
1629 {
1630         struct urb_priv *urbp = NULL;
1631         struct uhci_td *td;
1632         int ret = 1;
1633         unsigned status;
1634
1635         if (qh->type == USB_ENDPOINT_XFER_ISOC)
1636                 goto done;
1637
1638         /* Treat an UNLINKING queue as though it hasn't advanced.
1639          * This is okay because reactivation will treat it as though
1640          * it has advanced, and if it is going to become IDLE then
1641          * this doesn't matter anyway.  Furthermore it's possible
1642          * for an UNLINKING queue not to have any URBs at all, or
1643          * for its first URB not to have any TDs (if it was dequeued
1644          * just as it completed).  So it's not easy in any case to
1645          * test whether such queues have advanced. */
1646         if (qh->state != QH_STATE_ACTIVE) {
1647                 urbp = NULL;
1648                 status = 0;
1649
1650         } else {
1651                 urbp = list_entry(qh->queue.next, struct urb_priv, node);
1652                 td = list_entry(urbp->td_list.next, struct uhci_td, list);
1653                 status = td_status(td);
1654                 if (!(status & TD_CTRL_ACTIVE)) {
1655
1656                         /* We're okay, the queue has advanced */
1657                         qh->wait_expired = 0;
1658                         qh->advance_jiffies = jiffies;
1659                         goto done;
1660                 }
1661                 ret = 0;
1662         }
1663
1664         /* The queue hasn't advanced; check for timeout */
1665         if (qh->wait_expired)
1666                 goto done;
1667
1668         if (time_after(jiffies, qh->advance_jiffies + QH_WAIT_TIMEOUT)) {
1669
1670                 /* Detect the Intel bug and work around it */
1671                 if (qh->post_td && qh_element(qh) == LINK_TO_TD(qh->post_td)) {
1672                         qh->element = qh->post_td->link;
1673                         qh->advance_jiffies = jiffies;
1674                         ret = 1;
1675                         goto done;
1676                 }
1677
1678                 qh->wait_expired = 1;
1679
1680                 /* If the current URB wants FSBR, unlink it temporarily
1681                  * so that we can safely set the next TD to interrupt on
1682                  * completion.  That way we'll know as soon as the queue
1683                  * starts moving again. */
1684                 if (urbp && urbp->fsbr && !(status & TD_CTRL_IOC))
1685                         uhci_unlink_qh(uhci, qh);
1686
1687         } else {
1688                 /* Unmoving but not-yet-expired queues keep FSBR alive */
1689                 if (urbp)
1690                         uhci_urbp_wants_fsbr(uhci, urbp);
1691         }
1692
1693 done:
1694         return ret;
1695 }
1696
1697 /*
1698  * Process events in the schedule, but only in one thread at a time
1699  */
1700 static void uhci_scan_schedule(struct uhci_hcd *uhci)
1701 {
1702         int i;
1703         struct uhci_qh *qh;
1704
1705         /* Don't allow re-entrant calls */
1706         if (uhci->scan_in_progress) {
1707                 uhci->need_rescan = 1;
1708                 return;
1709         }
1710         uhci->scan_in_progress = 1;
1711 rescan:
1712         uhci->need_rescan = 0;
1713         uhci->fsbr_is_wanted = 0;
1714
1715         uhci_clear_next_interrupt(uhci);
1716         uhci_get_current_frame_number(uhci);
1717         uhci->cur_iso_frame = uhci->frame_number;
1718
1719         /* Go through all the QH queues and process the URBs in each one */
1720         for (i = 0; i < UHCI_NUM_SKELQH - 1; ++i) {
1721                 uhci->next_qh = list_entry(uhci->skelqh[i]->node.next,
1722                                 struct uhci_qh, node);
1723                 while ((qh = uhci->next_qh) != uhci->skelqh[i]) {
1724                         uhci->next_qh = list_entry(qh->node.next,
1725                                         struct uhci_qh, node);
1726
1727                         if (uhci_advance_check(uhci, qh)) {
1728                                 uhci_scan_qh(uhci, qh);
1729                                 if (qh->state == QH_STATE_ACTIVE) {
1730                                         uhci_urbp_wants_fsbr(uhci,
1731         list_entry(qh->queue.next, struct urb_priv, node));
1732                                 }
1733                         }
1734                 }
1735         }
1736
1737         uhci->last_iso_frame = uhci->cur_iso_frame;
1738         if (uhci->need_rescan)
1739                 goto rescan;
1740         uhci->scan_in_progress = 0;
1741
1742         if (uhci->fsbr_is_on && !uhci->fsbr_is_wanted &&
1743                         !uhci->fsbr_expiring) {
1744                 uhci->fsbr_expiring = 1;
1745                 mod_timer(&uhci->fsbr_timer, jiffies + FSBR_OFF_DELAY);
1746         }
1747
1748         if (list_empty(&uhci->skel_unlink_qh->node))
1749                 uhci_clear_next_interrupt(uhci);
1750         else
1751                 uhci_set_next_interrupt(uhci);
1752 }