Merge commit 'v2.6.28-rc7'; branch 'x86/dumpstack' into tracing/ftrace
[linux-2.6] / drivers / usb / musb / musb_gadget_ep0.c
1 /*
2  * MUSB OTG peripheral driver ep0 handling
3  *
4  * Copyright 2005 Mentor Graphics Corporation
5  * Copyright (C) 2005-2006 by Texas Instruments
6  * Copyright (C) 2006-2007 Nokia Corporation
7  *
8  * This program is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU General Public License
10  * version 2 as published by the Free Software Foundation.
11  *
12  * This program is distributed in the hope that it will be useful, but
13  * WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15  * General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20  * 02110-1301 USA
21  *
22  * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
23  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
24  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN
25  * NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
28  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
29  * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  *
33  */
34
35 #include <linux/kernel.h>
36 #include <linux/list.h>
37 #include <linux/timer.h>
38 #include <linux/spinlock.h>
39 #include <linux/init.h>
40 #include <linux/device.h>
41 #include <linux/interrupt.h>
42
43 #include "musb_core.h"
44
45 /* ep0 is always musb->endpoints[0].ep_in */
46 #define next_ep0_request(musb)  next_in_request(&(musb)->endpoints[0])
47
48 /*
49  * locking note:  we use only the controller lock, for simpler correctness.
50  * It's always held with IRQs blocked.
51  *
52  * It protects the ep0 request queue as well as ep0_state, not just the
53  * controller and indexed registers.  And that lock stays held unless it
54  * needs to be dropped to allow reentering this driver ... like upcalls to
55  * the gadget driver, or adjusting endpoint halt status.
56  */
57
58 static char *decode_ep0stage(u8 stage)
59 {
60         switch (stage) {
61         case MUSB_EP0_STAGE_SETUP:      return "idle";
62         case MUSB_EP0_STAGE_TX:         return "in";
63         case MUSB_EP0_STAGE_RX:         return "out";
64         case MUSB_EP0_STAGE_ACKWAIT:    return "wait";
65         case MUSB_EP0_STAGE_STATUSIN:   return "in/status";
66         case MUSB_EP0_STAGE_STATUSOUT:  return "out/status";
67         default:                        return "?";
68         }
69 }
70
71 /* handle a standard GET_STATUS request
72  * Context:  caller holds controller lock
73  */
74 static int service_tx_status_request(
75         struct musb *musb,
76         const struct usb_ctrlrequest *ctrlrequest)
77 {
78         void __iomem    *mbase = musb->mregs;
79         int handled = 1;
80         u8 result[2], epnum = 0;
81         const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
82
83         result[1] = 0;
84
85         switch (recip) {
86         case USB_RECIP_DEVICE:
87                 result[0] = musb->is_self_powered << USB_DEVICE_SELF_POWERED;
88                 result[0] |= musb->may_wakeup << USB_DEVICE_REMOTE_WAKEUP;
89 #ifdef CONFIG_USB_MUSB_OTG
90                 if (musb->g.is_otg) {
91                         result[0] |= musb->g.b_hnp_enable
92                                 << USB_DEVICE_B_HNP_ENABLE;
93                         result[0] |= musb->g.a_alt_hnp_support
94                                 << USB_DEVICE_A_ALT_HNP_SUPPORT;
95                         result[0] |= musb->g.a_hnp_support
96                                 << USB_DEVICE_A_HNP_SUPPORT;
97                 }
98 #endif
99                 break;
100
101         case USB_RECIP_INTERFACE:
102                 result[0] = 0;
103                 break;
104
105         case USB_RECIP_ENDPOINT: {
106                 int             is_in;
107                 struct musb_ep  *ep;
108                 u16             tmp;
109                 void __iomem    *regs;
110
111                 epnum = (u8) ctrlrequest->wIndex;
112                 if (!epnum) {
113                         result[0] = 0;
114                         break;
115                 }
116
117                 is_in = epnum & USB_DIR_IN;
118                 if (is_in) {
119                         epnum &= 0x0f;
120                         ep = &musb->endpoints[epnum].ep_in;
121                 } else {
122                         ep = &musb->endpoints[epnum].ep_out;
123                 }
124                 regs = musb->endpoints[epnum].regs;
125
126                 if (epnum >= MUSB_C_NUM_EPS || !ep->desc) {
127                         handled = -EINVAL;
128                         break;
129                 }
130
131                 musb_ep_select(mbase, epnum);
132                 if (is_in)
133                         tmp = musb_readw(regs, MUSB_TXCSR)
134                                                 & MUSB_TXCSR_P_SENDSTALL;
135                 else
136                         tmp = musb_readw(regs, MUSB_RXCSR)
137                                                 & MUSB_RXCSR_P_SENDSTALL;
138                 musb_ep_select(mbase, 0);
139
140                 result[0] = tmp ? 1 : 0;
141                 } break;
142
143         default:
144                 /* class, vendor, etc ... delegate */
145                 handled = 0;
146                 break;
147         }
148
149         /* fill up the fifo; caller updates csr0 */
150         if (handled > 0) {
151                 u16     len = le16_to_cpu(ctrlrequest->wLength);
152
153                 if (len > 2)
154                         len = 2;
155                 musb_write_fifo(&musb->endpoints[0], len, result);
156         }
157
158         return handled;
159 }
160
161 /*
162  * handle a control-IN request, the end0 buffer contains the current request
163  * that is supposed to be a standard control request. Assumes the fifo to
164  * be at least 2 bytes long.
165  *
166  * @return 0 if the request was NOT HANDLED,
167  * < 0 when error
168  * > 0 when the request is processed
169  *
170  * Context:  caller holds controller lock
171  */
172 static int
173 service_in_request(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
174 {
175         int handled = 0;        /* not handled */
176
177         if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
178                         == USB_TYPE_STANDARD) {
179                 switch (ctrlrequest->bRequest) {
180                 case USB_REQ_GET_STATUS:
181                         handled = service_tx_status_request(musb,
182                                         ctrlrequest);
183                         break;
184
185                 /* case USB_REQ_SYNC_FRAME: */
186
187                 default:
188                         break;
189                 }
190         }
191         return handled;
192 }
193
194 /*
195  * Context:  caller holds controller lock
196  */
197 static void musb_g_ep0_giveback(struct musb *musb, struct usb_request *req)
198 {
199         musb_g_giveback(&musb->endpoints[0].ep_in, req, 0);
200         musb->ep0_state = MUSB_EP0_STAGE_SETUP;
201 }
202
203 /*
204  * Tries to start B-device HNP negotiation if enabled via sysfs
205  */
206 static inline void musb_try_b_hnp_enable(struct musb *musb)
207 {
208         void __iomem    *mbase = musb->mregs;
209         u8              devctl;
210
211         DBG(1, "HNP: Setting HR\n");
212         devctl = musb_readb(mbase, MUSB_DEVCTL);
213         musb_writeb(mbase, MUSB_DEVCTL, devctl | MUSB_DEVCTL_HR);
214 }
215
216 /*
217  * Handle all control requests with no DATA stage, including standard
218  * requests such as:
219  * USB_REQ_SET_CONFIGURATION, USB_REQ_SET_INTERFACE, unrecognized
220  *      always delegated to the gadget driver
221  * USB_REQ_SET_ADDRESS, USB_REQ_CLEAR_FEATURE, USB_REQ_SET_FEATURE
222  *      always handled here, except for class/vendor/... features
223  *
224  * Context:  caller holds controller lock
225  */
226 static int
227 service_zero_data_request(struct musb *musb,
228                 struct usb_ctrlrequest *ctrlrequest)
229 __releases(musb->lock)
230 __acquires(musb->lock)
231 {
232         int handled = -EINVAL;
233         void __iomem *mbase = musb->mregs;
234         const u8 recip = ctrlrequest->bRequestType & USB_RECIP_MASK;
235
236         /* the gadget driver handles everything except what we MUST handle */
237         if ((ctrlrequest->bRequestType & USB_TYPE_MASK)
238                         == USB_TYPE_STANDARD) {
239                 switch (ctrlrequest->bRequest) {
240                 case USB_REQ_SET_ADDRESS:
241                         /* change it after the status stage */
242                         musb->set_address = true;
243                         musb->address = (u8) (ctrlrequest->wValue & 0x7f);
244                         handled = 1;
245                         break;
246
247                 case USB_REQ_CLEAR_FEATURE:
248                         switch (recip) {
249                         case USB_RECIP_DEVICE:
250                                 if (ctrlrequest->wValue
251                                                 != USB_DEVICE_REMOTE_WAKEUP)
252                                         break;
253                                 musb->may_wakeup = 0;
254                                 handled = 1;
255                                 break;
256                         case USB_RECIP_INTERFACE:
257                                 break;
258                         case USB_RECIP_ENDPOINT:{
259                                 const u8 num = ctrlrequest->wIndex & 0x0f;
260                                 struct musb_ep *musb_ep;
261
262                                 if (num == 0
263                                                 || num >= MUSB_C_NUM_EPS
264                                                 || ctrlrequest->wValue
265                                                         != USB_ENDPOINT_HALT)
266                                         break;
267
268                                 if (ctrlrequest->wIndex & USB_DIR_IN)
269                                         musb_ep = &musb->endpoints[num].ep_in;
270                                 else
271                                         musb_ep = &musb->endpoints[num].ep_out;
272                                 if (!musb_ep->desc)
273                                         break;
274
275                                 /* REVISIT do it directly, no locking games */
276                                 spin_unlock(&musb->lock);
277                                 musb_gadget_set_halt(&musb_ep->end_point, 0);
278                                 spin_lock(&musb->lock);
279
280                                 /* select ep0 again */
281                                 musb_ep_select(mbase, 0);
282                                 handled = 1;
283                                 } break;
284                         default:
285                                 /* class, vendor, etc ... delegate */
286                                 handled = 0;
287                                 break;
288                         }
289                         break;
290
291                 case USB_REQ_SET_FEATURE:
292                         switch (recip) {
293                         case USB_RECIP_DEVICE:
294                                 handled = 1;
295                                 switch (ctrlrequest->wValue) {
296                                 case USB_DEVICE_REMOTE_WAKEUP:
297                                         musb->may_wakeup = 1;
298                                         break;
299                                 case USB_DEVICE_TEST_MODE:
300                                         if (musb->g.speed != USB_SPEED_HIGH)
301                                                 goto stall;
302                                         if (ctrlrequest->wIndex & 0xff)
303                                                 goto stall;
304
305                                         switch (ctrlrequest->wIndex >> 8) {
306                                         case 1:
307                                                 pr_debug("TEST_J\n");
308                                                 /* TEST_J */
309                                                 musb->test_mode_nr =
310                                                         MUSB_TEST_J;
311                                                 break;
312                                         case 2:
313                                                 /* TEST_K */
314                                                 pr_debug("TEST_K\n");
315                                                 musb->test_mode_nr =
316                                                         MUSB_TEST_K;
317                                                 break;
318                                         case 3:
319                                                 /* TEST_SE0_NAK */
320                                                 pr_debug("TEST_SE0_NAK\n");
321                                                 musb->test_mode_nr =
322                                                         MUSB_TEST_SE0_NAK;
323                                                 break;
324                                         case 4:
325                                                 /* TEST_PACKET */
326                                                 pr_debug("TEST_PACKET\n");
327                                                 musb->test_mode_nr =
328                                                         MUSB_TEST_PACKET;
329                                                 break;
330                                         default:
331                                                 goto stall;
332                                         }
333
334                                         /* enter test mode after irq */
335                                         if (handled > 0)
336                                                 musb->test_mode = true;
337                                         break;
338 #ifdef CONFIG_USB_MUSB_OTG
339                                 case USB_DEVICE_B_HNP_ENABLE:
340                                         if (!musb->g.is_otg)
341                                                 goto stall;
342                                         musb->g.b_hnp_enable = 1;
343                                         musb_try_b_hnp_enable(musb);
344                                         break;
345                                 case USB_DEVICE_A_HNP_SUPPORT:
346                                         if (!musb->g.is_otg)
347                                                 goto stall;
348                                         musb->g.a_hnp_support = 1;
349                                         break;
350                                 case USB_DEVICE_A_ALT_HNP_SUPPORT:
351                                         if (!musb->g.is_otg)
352                                                 goto stall;
353                                         musb->g.a_alt_hnp_support = 1;
354                                         break;
355 #endif
356 stall:
357                                 default:
358                                         handled = -EINVAL;
359                                         break;
360                                 }
361                                 break;
362
363                         case USB_RECIP_INTERFACE:
364                                 break;
365
366                         case USB_RECIP_ENDPOINT:{
367                                 const u8                epnum =
368                                         ctrlrequest->wIndex & 0x0f;
369                                 struct musb_ep          *musb_ep;
370                                 struct musb_hw_ep       *ep;
371                                 void __iomem            *regs;
372                                 int                     is_in;
373                                 u16                     csr;
374
375                                 if (epnum == 0
376                                                 || epnum >= MUSB_C_NUM_EPS
377                                                 || ctrlrequest->wValue
378                                                         != USB_ENDPOINT_HALT)
379                                         break;
380
381                                 ep = musb->endpoints + epnum;
382                                 regs = ep->regs;
383                                 is_in = ctrlrequest->wIndex & USB_DIR_IN;
384                                 if (is_in)
385                                         musb_ep = &ep->ep_in;
386                                 else
387                                         musb_ep = &ep->ep_out;
388                                 if (!musb_ep->desc)
389                                         break;
390
391                                 musb_ep_select(mbase, epnum);
392                                 if (is_in) {
393                                         csr = musb_readw(regs,
394                                                         MUSB_TXCSR);
395                                         if (csr & MUSB_TXCSR_FIFONOTEMPTY)
396                                                 csr |= MUSB_TXCSR_FLUSHFIFO;
397                                         csr |= MUSB_TXCSR_P_SENDSTALL
398                                                 | MUSB_TXCSR_CLRDATATOG
399                                                 | MUSB_TXCSR_P_WZC_BITS;
400                                         musb_writew(regs, MUSB_TXCSR,
401                                                         csr);
402                                 } else {
403                                         csr = musb_readw(regs,
404                                                         MUSB_RXCSR);
405                                         csr |= MUSB_RXCSR_P_SENDSTALL
406                                                 | MUSB_RXCSR_FLUSHFIFO
407                                                 | MUSB_RXCSR_CLRDATATOG
408                                                 | MUSB_TXCSR_P_WZC_BITS;
409                                         musb_writew(regs, MUSB_RXCSR,
410                                                         csr);
411                                 }
412
413                                 /* select ep0 again */
414                                 musb_ep_select(mbase, 0);
415                                 handled = 1;
416                                 } break;
417
418                         default:
419                                 /* class, vendor, etc ... delegate */
420                                 handled = 0;
421                                 break;
422                         }
423                         break;
424                 default:
425                         /* delegate SET_CONFIGURATION, etc */
426                         handled = 0;
427                 }
428         } else
429                 handled = 0;
430         return handled;
431 }
432
433 /* we have an ep0out data packet
434  * Context:  caller holds controller lock
435  */
436 static void ep0_rxstate(struct musb *musb)
437 {
438         void __iomem            *regs = musb->control_ep->regs;
439         struct usb_request      *req;
440         u16                     count, csr;
441
442         req = next_ep0_request(musb);
443
444         /* read packet and ack; or stall because of gadget driver bug:
445          * should have provided the rx buffer before setup() returned.
446          */
447         if (req) {
448                 void            *buf = req->buf + req->actual;
449                 unsigned        len = req->length - req->actual;
450
451                 /* read the buffer */
452                 count = musb_readb(regs, MUSB_COUNT0);
453                 if (count > len) {
454                         req->status = -EOVERFLOW;
455                         count = len;
456                 }
457                 musb_read_fifo(&musb->endpoints[0], count, buf);
458                 req->actual += count;
459                 csr = MUSB_CSR0_P_SVDRXPKTRDY;
460                 if (count < 64 || req->actual == req->length) {
461                         musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
462                         csr |= MUSB_CSR0_P_DATAEND;
463                 } else
464                         req = NULL;
465         } else
466                 csr = MUSB_CSR0_P_SVDRXPKTRDY | MUSB_CSR0_P_SENDSTALL;
467
468
469         /* Completion handler may choose to stall, e.g. because the
470          * message just received holds invalid data.
471          */
472         if (req) {
473                 musb->ackpend = csr;
474                 musb_g_ep0_giveback(musb, req);
475                 if (!musb->ackpend)
476                         return;
477                 musb->ackpend = 0;
478         }
479         musb_ep_select(musb->mregs, 0);
480         musb_writew(regs, MUSB_CSR0, csr);
481 }
482
483 /*
484  * transmitting to the host (IN), this code might be called from IRQ
485  * and from kernel thread.
486  *
487  * Context:  caller holds controller lock
488  */
489 static void ep0_txstate(struct musb *musb)
490 {
491         void __iomem            *regs = musb->control_ep->regs;
492         struct usb_request      *request = next_ep0_request(musb);
493         u16                     csr = MUSB_CSR0_TXPKTRDY;
494         u8                      *fifo_src;
495         u8                      fifo_count;
496
497         if (!request) {
498                 /* WARN_ON(1); */
499                 DBG(2, "odd; csr0 %04x\n", musb_readw(regs, MUSB_CSR0));
500                 return;
501         }
502
503         /* load the data */
504         fifo_src = (u8 *) request->buf + request->actual;
505         fifo_count = min((unsigned) MUSB_EP0_FIFOSIZE,
506                 request->length - request->actual);
507         musb_write_fifo(&musb->endpoints[0], fifo_count, fifo_src);
508         request->actual += fifo_count;
509
510         /* update the flags */
511         if (fifo_count < MUSB_MAX_END0_PACKET
512                         || request->actual == request->length) {
513                 musb->ep0_state = MUSB_EP0_STAGE_STATUSOUT;
514                 csr |= MUSB_CSR0_P_DATAEND;
515         } else
516                 request = NULL;
517
518         /* report completions as soon as the fifo's loaded; there's no
519          * win in waiting till this last packet gets acked.  (other than
520          * very precise fault reporting, needed by USB TMC; possible with
521          * this hardware, but not usable from portable gadget drivers.)
522          */
523         if (request) {
524                 musb->ackpend = csr;
525                 musb_g_ep0_giveback(musb, request);
526                 if (!musb->ackpend)
527                         return;
528                 musb->ackpend = 0;
529         }
530
531         /* send it out, triggering a "txpktrdy cleared" irq */
532         musb_ep_select(musb->mregs, 0);
533         musb_writew(regs, MUSB_CSR0, csr);
534 }
535
536 /*
537  * Read a SETUP packet (struct usb_ctrlrequest) from the hardware.
538  * Fields are left in USB byte-order.
539  *
540  * Context:  caller holds controller lock.
541  */
542 static void
543 musb_read_setup(struct musb *musb, struct usb_ctrlrequest *req)
544 {
545         struct usb_request      *r;
546         void __iomem            *regs = musb->control_ep->regs;
547
548         musb_read_fifo(&musb->endpoints[0], sizeof *req, (u8 *)req);
549
550         /* NOTE:  earlier 2.6 versions changed setup packets to host
551          * order, but now USB packets always stay in USB byte order.
552          */
553         DBG(3, "SETUP req%02x.%02x v%04x i%04x l%d\n",
554                 req->bRequestType,
555                 req->bRequest,
556                 le16_to_cpu(req->wValue),
557                 le16_to_cpu(req->wIndex),
558                 le16_to_cpu(req->wLength));
559
560         /* clean up any leftover transfers */
561         r = next_ep0_request(musb);
562         if (r)
563                 musb_g_ep0_giveback(musb, r);
564
565         /* For zero-data requests we want to delay the STATUS stage to
566          * avoid SETUPEND errors.  If we read data (OUT), delay accepting
567          * packets until there's a buffer to store them in.
568          *
569          * If we write data, the controller acts happier if we enable
570          * the TX FIFO right away, and give the controller a moment
571          * to switch modes...
572          */
573         musb->set_address = false;
574         musb->ackpend = MUSB_CSR0_P_SVDRXPKTRDY;
575         if (req->wLength == 0) {
576                 if (req->bRequestType & USB_DIR_IN)
577                         musb->ackpend |= MUSB_CSR0_TXPKTRDY;
578                 musb->ep0_state = MUSB_EP0_STAGE_ACKWAIT;
579         } else if (req->bRequestType & USB_DIR_IN) {
580                 musb->ep0_state = MUSB_EP0_STAGE_TX;
581                 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDRXPKTRDY);
582                 while ((musb_readw(regs, MUSB_CSR0)
583                                 & MUSB_CSR0_RXPKTRDY) != 0)
584                         cpu_relax();
585                 musb->ackpend = 0;
586         } else
587                 musb->ep0_state = MUSB_EP0_STAGE_RX;
588 }
589
590 static int
591 forward_to_driver(struct musb *musb, const struct usb_ctrlrequest *ctrlrequest)
592 __releases(musb->lock)
593 __acquires(musb->lock)
594 {
595         int retval;
596         if (!musb->gadget_driver)
597                 return -EOPNOTSUPP;
598         spin_unlock(&musb->lock);
599         retval = musb->gadget_driver->setup(&musb->g, ctrlrequest);
600         spin_lock(&musb->lock);
601         return retval;
602 }
603
604 /*
605  * Handle peripheral ep0 interrupt
606  *
607  * Context: irq handler; we won't re-enter the driver that way.
608  */
609 irqreturn_t musb_g_ep0_irq(struct musb *musb)
610 {
611         u16             csr;
612         u16             len;
613         void __iomem    *mbase = musb->mregs;
614         void __iomem    *regs = musb->endpoints[0].regs;
615         irqreturn_t     retval = IRQ_NONE;
616
617         musb_ep_select(mbase, 0);       /* select ep0 */
618         csr = musb_readw(regs, MUSB_CSR0);
619         len = musb_readb(regs, MUSB_COUNT0);
620
621         DBG(4, "csr %04x, count %d, myaddr %d, ep0stage %s\n",
622                         csr, len,
623                         musb_readb(mbase, MUSB_FADDR),
624                         decode_ep0stage(musb->ep0_state));
625
626         /* I sent a stall.. need to acknowledge it now.. */
627         if (csr & MUSB_CSR0_P_SENTSTALL) {
628                 musb_writew(regs, MUSB_CSR0,
629                                 csr & ~MUSB_CSR0_P_SENTSTALL);
630                 retval = IRQ_HANDLED;
631                 musb->ep0_state = MUSB_EP0_STAGE_SETUP;
632                 csr = musb_readw(regs, MUSB_CSR0);
633         }
634
635         /* request ended "early" */
636         if (csr & MUSB_CSR0_P_SETUPEND) {
637                 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SVDSETUPEND);
638                 retval = IRQ_HANDLED;
639                 musb->ep0_state = MUSB_EP0_STAGE_SETUP;
640                 csr = musb_readw(regs, MUSB_CSR0);
641                 /* NOTE:  request may need completion */
642         }
643
644         /* docs from Mentor only describe tx, rx, and idle/setup states.
645          * we need to handle nuances around status stages, and also the
646          * case where status and setup stages come back-to-back ...
647          */
648         switch (musb->ep0_state) {
649
650         case MUSB_EP0_STAGE_TX:
651                 /* irq on clearing txpktrdy */
652                 if ((csr & MUSB_CSR0_TXPKTRDY) == 0) {
653                         ep0_txstate(musb);
654                         retval = IRQ_HANDLED;
655                 }
656                 break;
657
658         case MUSB_EP0_STAGE_RX:
659                 /* irq on set rxpktrdy */
660                 if (csr & MUSB_CSR0_RXPKTRDY) {
661                         ep0_rxstate(musb);
662                         retval = IRQ_HANDLED;
663                 }
664                 break;
665
666         case MUSB_EP0_STAGE_STATUSIN:
667                 /* end of sequence #2 (OUT/RX state) or #3 (no data) */
668
669                 /* update address (if needed) only @ the end of the
670                  * status phase per usb spec, which also guarantees
671                  * we get 10 msec to receive this irq... until this
672                  * is done we won't see the next packet.
673                  */
674                 if (musb->set_address) {
675                         musb->set_address = false;
676                         musb_writeb(mbase, MUSB_FADDR, musb->address);
677                 }
678
679                 /* enter test mode if needed (exit by reset) */
680                 else if (musb->test_mode) {
681                         DBG(1, "entering TESTMODE\n");
682
683                         if (MUSB_TEST_PACKET == musb->test_mode_nr)
684                                 musb_load_testpacket(musb);
685
686                         musb_writeb(mbase, MUSB_TESTMODE,
687                                         musb->test_mode_nr);
688                 }
689                 /* FALLTHROUGH */
690
691         case MUSB_EP0_STAGE_STATUSOUT:
692                 /* end of sequence #1: write to host (TX state) */
693                 {
694                         struct usb_request      *req;
695
696                         req = next_ep0_request(musb);
697                         if (req)
698                                 musb_g_ep0_giveback(musb, req);
699                 }
700                 retval = IRQ_HANDLED;
701                 musb->ep0_state = MUSB_EP0_STAGE_SETUP;
702                 /* FALLTHROUGH */
703
704         case MUSB_EP0_STAGE_SETUP:
705                 if (csr & MUSB_CSR0_RXPKTRDY) {
706                         struct usb_ctrlrequest  setup;
707                         int                     handled = 0;
708
709                         if (len != 8) {
710                                 ERR("SETUP packet len %d != 8 ?\n", len);
711                                 break;
712                         }
713                         musb_read_setup(musb, &setup);
714                         retval = IRQ_HANDLED;
715
716                         /* sometimes the RESET won't be reported */
717                         if (unlikely(musb->g.speed == USB_SPEED_UNKNOWN)) {
718                                 u8      power;
719
720                                 printk(KERN_NOTICE "%s: peripheral reset "
721                                                 "irq lost!\n",
722                                                 musb_driver_name);
723                                 power = musb_readb(mbase, MUSB_POWER);
724                                 musb->g.speed = (power & MUSB_POWER_HSMODE)
725                                         ? USB_SPEED_HIGH : USB_SPEED_FULL;
726
727                         }
728
729                         switch (musb->ep0_state) {
730
731                         /* sequence #3 (no data stage), includes requests
732                          * we can't forward (notably SET_ADDRESS and the
733                          * device/endpoint feature set/clear operations)
734                          * plus SET_CONFIGURATION and others we must
735                          */
736                         case MUSB_EP0_STAGE_ACKWAIT:
737                                 handled = service_zero_data_request(
738                                                 musb, &setup);
739
740                                 /* status stage might be immediate */
741                                 if (handled > 0) {
742                                         musb->ackpend |= MUSB_CSR0_P_DATAEND;
743                                         musb->ep0_state =
744                                                 MUSB_EP0_STAGE_STATUSIN;
745                                 }
746                                 break;
747
748                         /* sequence #1 (IN to host), includes GET_STATUS
749                          * requests that we can't forward, GET_DESCRIPTOR
750                          * and others that we must
751                          */
752                         case MUSB_EP0_STAGE_TX:
753                                 handled = service_in_request(musb, &setup);
754                                 if (handled > 0) {
755                                         musb->ackpend = MUSB_CSR0_TXPKTRDY
756                                                 | MUSB_CSR0_P_DATAEND;
757                                         musb->ep0_state =
758                                                 MUSB_EP0_STAGE_STATUSOUT;
759                                 }
760                                 break;
761
762                         /* sequence #2 (OUT from host), always forward */
763                         default:                /* MUSB_EP0_STAGE_RX */
764                                 break;
765                         }
766
767                         DBG(3, "handled %d, csr %04x, ep0stage %s\n",
768                                 handled, csr,
769                                 decode_ep0stage(musb->ep0_state));
770
771                         /* unless we need to delegate this to the gadget
772                          * driver, we know how to wrap this up:  csr0 has
773                          * not yet been written.
774                          */
775                         if (handled < 0)
776                                 goto stall;
777                         else if (handled > 0)
778                                 goto finish;
779
780                         handled = forward_to_driver(musb, &setup);
781                         if (handled < 0) {
782                                 musb_ep_select(mbase, 0);
783 stall:
784                                 DBG(3, "stall (%d)\n", handled);
785                                 musb->ackpend |= MUSB_CSR0_P_SENDSTALL;
786                                 musb->ep0_state = MUSB_EP0_STAGE_SETUP;
787 finish:
788                                 musb_writew(regs, MUSB_CSR0,
789                                                 musb->ackpend);
790                                 musb->ackpend = 0;
791                         }
792                 }
793                 break;
794
795         case MUSB_EP0_STAGE_ACKWAIT:
796                 /* This should not happen. But happens with tusb6010 with
797                  * g_file_storage and high speed. Do nothing.
798                  */
799                 retval = IRQ_HANDLED;
800                 break;
801
802         default:
803                 /* "can't happen" */
804                 WARN_ON(1);
805                 musb_writew(regs, MUSB_CSR0, MUSB_CSR0_P_SENDSTALL);
806                 musb->ep0_state = MUSB_EP0_STAGE_SETUP;
807                 break;
808         }
809
810         return retval;
811 }
812
813
814 static int
815 musb_g_ep0_enable(struct usb_ep *ep, const struct usb_endpoint_descriptor *desc)
816 {
817         /* always enabled */
818         return -EINVAL;
819 }
820
821 static int musb_g_ep0_disable(struct usb_ep *e)
822 {
823         /* always enabled */
824         return -EINVAL;
825 }
826
827 static int
828 musb_g_ep0_queue(struct usb_ep *e, struct usb_request *r, gfp_t gfp_flags)
829 {
830         struct musb_ep          *ep;
831         struct musb_request     *req;
832         struct musb             *musb;
833         int                     status;
834         unsigned long           lockflags;
835         void __iomem            *regs;
836
837         if (!e || !r)
838                 return -EINVAL;
839
840         ep = to_musb_ep(e);
841         musb = ep->musb;
842         regs = musb->control_ep->regs;
843
844         req = to_musb_request(r);
845         req->musb = musb;
846         req->request.actual = 0;
847         req->request.status = -EINPROGRESS;
848         req->tx = ep->is_in;
849
850         spin_lock_irqsave(&musb->lock, lockflags);
851
852         if (!list_empty(&ep->req_list)) {
853                 status = -EBUSY;
854                 goto cleanup;
855         }
856
857         switch (musb->ep0_state) {
858         case MUSB_EP0_STAGE_RX:         /* control-OUT data */
859         case MUSB_EP0_STAGE_TX:         /* control-IN data */
860         case MUSB_EP0_STAGE_ACKWAIT:    /* zero-length data */
861                 status = 0;
862                 break;
863         default:
864                 DBG(1, "ep0 request queued in state %d\n",
865                                 musb->ep0_state);
866                 status = -EINVAL;
867                 goto cleanup;
868         }
869
870         /* add request to the list */
871         list_add_tail(&(req->request.list), &(ep->req_list));
872
873         DBG(3, "queue to %s (%s), length=%d\n",
874                         ep->name, ep->is_in ? "IN/TX" : "OUT/RX",
875                         req->request.length);
876
877         musb_ep_select(musb->mregs, 0);
878
879         /* sequence #1, IN ... start writing the data */
880         if (musb->ep0_state == MUSB_EP0_STAGE_TX)
881                 ep0_txstate(musb);
882
883         /* sequence #3, no-data ... issue IN status */
884         else if (musb->ep0_state == MUSB_EP0_STAGE_ACKWAIT) {
885                 if (req->request.length)
886                         status = -EINVAL;
887                 else {
888                         musb->ep0_state = MUSB_EP0_STAGE_STATUSIN;
889                         musb_writew(regs, MUSB_CSR0,
890                                         musb->ackpend | MUSB_CSR0_P_DATAEND);
891                         musb->ackpend = 0;
892                         musb_g_ep0_giveback(ep->musb, r);
893                 }
894
895         /* else for sequence #2 (OUT), caller provides a buffer
896          * before the next packet arrives.  deferred responses
897          * (after SETUP is acked) are racey.
898          */
899         } else if (musb->ackpend) {
900                 musb_writew(regs, MUSB_CSR0, musb->ackpend);
901                 musb->ackpend = 0;
902         }
903
904 cleanup:
905         spin_unlock_irqrestore(&musb->lock, lockflags);
906         return status;
907 }
908
909 static int musb_g_ep0_dequeue(struct usb_ep *ep, struct usb_request *req)
910 {
911         /* we just won't support this */
912         return -EINVAL;
913 }
914
915 static int musb_g_ep0_halt(struct usb_ep *e, int value)
916 {
917         struct musb_ep          *ep;
918         struct musb             *musb;
919         void __iomem            *base, *regs;
920         unsigned long           flags;
921         int                     status;
922         u16                     csr;
923
924         if (!e || !value)
925                 return -EINVAL;
926
927         ep = to_musb_ep(e);
928         musb = ep->musb;
929         base = musb->mregs;
930         regs = musb->control_ep->regs;
931         status = 0;
932
933         spin_lock_irqsave(&musb->lock, flags);
934
935         if (!list_empty(&ep->req_list)) {
936                 status = -EBUSY;
937                 goto cleanup;
938         }
939
940         musb_ep_select(base, 0);
941         csr = musb->ackpend;
942
943         switch (musb->ep0_state) {
944
945         /* Stalls are usually issued after parsing SETUP packet, either
946          * directly in irq context from setup() or else later.
947          */
948         case MUSB_EP0_STAGE_TX:         /* control-IN data */
949         case MUSB_EP0_STAGE_ACKWAIT:    /* STALL for zero-length data */
950         case MUSB_EP0_STAGE_RX:         /* control-OUT data */
951                 csr = musb_readw(regs, MUSB_CSR0);
952                 /* FALLTHROUGH */
953
954         /* It's also OK to issue stalls during callbacks when a non-empty
955          * DATA stage buffer has been read (or even written).
956          */
957         case MUSB_EP0_STAGE_STATUSIN:   /* control-OUT status */
958         case MUSB_EP0_STAGE_STATUSOUT:  /* control-IN status */
959
960                 csr |= MUSB_CSR0_P_SENDSTALL;
961                 musb_writew(regs, MUSB_CSR0, csr);
962                 musb->ep0_state = MUSB_EP0_STAGE_SETUP;
963                 musb->ackpend = 0;
964                 break;
965         default:
966                 DBG(1, "ep0 can't halt in state %d\n", musb->ep0_state);
967                 status = -EINVAL;
968         }
969
970 cleanup:
971         spin_unlock_irqrestore(&musb->lock, flags);
972         return status;
973 }
974
975 const struct usb_ep_ops musb_g_ep0_ops = {
976         .enable         = musb_g_ep0_enable,
977         .disable        = musb_g_ep0_disable,
978         .alloc_request  = musb_alloc_request,
979         .free_request   = musb_free_request,
980         .queue          = musb_g_ep0_queue,
981         .dequeue        = musb_g_ep0_dequeue,
982         .set_halt       = musb_g_ep0_halt,
983 };