linux/drivers/usb/host/fotg210-hcd.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0+
   2/* Faraday FOTG210 EHCI-like driver
   3 *
   4 * Copyright (c) 2013 Faraday Technology Corporation
   5 *
   6 * Author: Yuan-Hsin Chen <yhchen@faraday-tech.com>
   7 *         Feng-Hsin Chiang <john453@faraday-tech.com>
   8 *         Po-Yu Chuang <ratbert.chuang@gmail.com>
   9 *
  10 * Most of code borrowed from the Linux-3.7 EHCI driver
  11 */
  12#include <linux/module.h>
  13#include <linux/of.h>
  14#include <linux/device.h>
  15#include <linux/dmapool.h>
  16#include <linux/kernel.h>
  17#include <linux/delay.h>
  18#include <linux/ioport.h>
  19#include <linux/sched.h>
  20#include <linux/vmalloc.h>
  21#include <linux/errno.h>
  22#include <linux/init.h>
  23#include <linux/hrtimer.h>
  24#include <linux/list.h>
  25#include <linux/interrupt.h>
  26#include <linux/usb.h>
  27#include <linux/usb/hcd.h>
  28#include <linux/moduleparam.h>
  29#include <linux/dma-mapping.h>
  30#include <linux/debugfs.h>
  31#include <linux/slab.h>
  32#include <linux/uaccess.h>
  33#include <linux/platform_device.h>
  34#include <linux/io.h>
  35#include <linux/iopoll.h>
  36#include <linux/clk.h>
  37
  38#include <asm/byteorder.h>
  39#include <asm/irq.h>
  40#include <asm/unaligned.h>
  41
  42#define DRIVER_AUTHOR "Yuan-Hsin Chen"
  43#define DRIVER_DESC "FOTG210 Host Controller (EHCI) Driver"
  44static const char hcd_name[] = "fotg210_hcd";
  45
  46#undef FOTG210_URB_TRACE
  47#define FOTG210_STATS
  48
  49/* magic numbers that can affect system performance */
  50#define FOTG210_TUNE_CERR       3 /* 0-3 qtd retries; 0 == don't stop */
  51#define FOTG210_TUNE_RL_HS      4 /* nak throttle; see 4.9 */
  52#define FOTG210_TUNE_RL_TT      0
  53#define FOTG210_TUNE_MULT_HS    1 /* 1-3 transactions/uframe; 4.10.3 */
  54#define FOTG210_TUNE_MULT_TT    1
  55
  56/* Some drivers think it's safe to schedule isochronous transfers more than 256
  57 * ms into the future (partly as a result of an old bug in the scheduling
  58 * code).  In an attempt to avoid trouble, we will use a minimum scheduling
  59 * length of 512 frames instead of 256.
  60 */
  61#define FOTG210_TUNE_FLS 1 /* (medium) 512-frame schedule */
  62
  63/* Initial IRQ latency:  faster than hw default */
  64static int log2_irq_thresh; /* 0 to 6 */
  65module_param(log2_irq_thresh, int, S_IRUGO);
  66MODULE_PARM_DESC(log2_irq_thresh, "log2 IRQ latency, 1-64 microframes");
  67
  68/* initial park setting:  slower than hw default */
  69static unsigned park;
  70module_param(park, uint, S_IRUGO);
  71MODULE_PARM_DESC(park, "park setting; 1-3 back-to-back async packets");
  72
  73/* for link power management(LPM) feature */
  74static unsigned int hird;
  75module_param(hird, int, S_IRUGO);
  76MODULE_PARM_DESC(hird, "host initiated resume duration, +1 for each 75us");
  77
  78#define INTR_MASK (STS_IAA | STS_FATAL | STS_PCD | STS_ERR | STS_INT)
  79
  80#include "fotg210.h"
  81
  82#define fotg210_dbg(fotg210, fmt, args...) \
  83        dev_dbg(fotg210_to_hcd(fotg210)->self.controller, fmt, ## args)
  84#define fotg210_err(fotg210, fmt, args...) \
  85        dev_err(fotg210_to_hcd(fotg210)->self.controller, fmt, ## args)
  86#define fotg210_info(fotg210, fmt, args...) \
  87        dev_info(fotg210_to_hcd(fotg210)->self.controller, fmt, ## args)
  88#define fotg210_warn(fotg210, fmt, args...) \
  89        dev_warn(fotg210_to_hcd(fotg210)->self.controller, fmt, ## args)
  90
  91/* check the values in the HCSPARAMS register (host controller _Structural_
  92 * parameters) see EHCI spec, Table 2-4 for each value
  93 */
  94static void dbg_hcs_params(struct fotg210_hcd *fotg210, char *label)
  95{
  96        u32 params = fotg210_readl(fotg210, &fotg210->caps->hcs_params);
  97
  98        fotg210_dbg(fotg210, "%s hcs_params 0x%x ports=%d\n", label, params,
  99                        HCS_N_PORTS(params));
 100}
 101
 102/* check the values in the HCCPARAMS register (host controller _Capability_
 103 * parameters) see EHCI Spec, Table 2-5 for each value
 104 */
 105static void dbg_hcc_params(struct fotg210_hcd *fotg210, char *label)
 106{
 107        u32 params = fotg210_readl(fotg210, &fotg210->caps->hcc_params);
 108
 109        fotg210_dbg(fotg210, "%s hcc_params %04x uframes %s%s\n", label,
 110                        params,
 111                        HCC_PGM_FRAMELISTLEN(params) ? "256/512/1024" : "1024",
 112                        HCC_CANPARK(params) ? " park" : "");
 113}
 114
 115static void __maybe_unused
 116dbg_qtd(const char *label, struct fotg210_hcd *fotg210, struct fotg210_qtd *qtd)
 117{
 118        fotg210_dbg(fotg210, "%s td %p n%08x %08x t%08x p0=%08x\n", label, qtd,
 119                        hc32_to_cpup(fotg210, &qtd->hw_next),
 120                        hc32_to_cpup(fotg210, &qtd->hw_alt_next),
 121                        hc32_to_cpup(fotg210, &qtd->hw_token),
 122                        hc32_to_cpup(fotg210, &qtd->hw_buf[0]));
 123        if (qtd->hw_buf[1])
 124                fotg210_dbg(fotg210, "  p1=%08x p2=%08x p3=%08x p4=%08x\n",
 125                                hc32_to_cpup(fotg210, &qtd->hw_buf[1]),
 126                                hc32_to_cpup(fotg210, &qtd->hw_buf[2]),
 127                                hc32_to_cpup(fotg210, &qtd->hw_buf[3]),
 128                                hc32_to_cpup(fotg210, &qtd->hw_buf[4]));
 129}
 130
 131static void __maybe_unused
 132dbg_qh(const char *label, struct fotg210_hcd *fotg210, struct fotg210_qh *qh)
 133{
 134        struct fotg210_qh_hw *hw = qh->hw;
 135
 136        fotg210_dbg(fotg210, "%s qh %p n%08x info %x %x qtd %x\n", label, qh,
 137                        hw->hw_next, hw->hw_info1, hw->hw_info2,
 138                        hw->hw_current);
 139
 140        dbg_qtd("overlay", fotg210, (struct fotg210_qtd *) &hw->hw_qtd_next);
 141}
 142
 143static void __maybe_unused
 144dbg_itd(const char *label, struct fotg210_hcd *fotg210, struct fotg210_itd *itd)
 145{
 146        fotg210_dbg(fotg210, "%s[%d] itd %p, next %08x, urb %p\n", label,
 147                        itd->frame, itd, hc32_to_cpu(fotg210, itd->hw_next),
 148                        itd->urb);
 149
 150        fotg210_dbg(fotg210,
 151                        "  trans: %08x %08x %08x %08x %08x %08x %08x %08x\n",
 152                        hc32_to_cpu(fotg210, itd->hw_transaction[0]),
 153                        hc32_to_cpu(fotg210, itd->hw_transaction[1]),
 154                        hc32_to_cpu(fotg210, itd->hw_transaction[2]),
 155                        hc32_to_cpu(fotg210, itd->hw_transaction[3]),
 156                        hc32_to_cpu(fotg210, itd->hw_transaction[4]),
 157                        hc32_to_cpu(fotg210, itd->hw_transaction[5]),
 158                        hc32_to_cpu(fotg210, itd->hw_transaction[6]),
 159                        hc32_to_cpu(fotg210, itd->hw_transaction[7]));
 160
 161        fotg210_dbg(fotg210,
 162                        "  buf:   %08x %08x %08x %08x %08x %08x %08x\n",
 163                        hc32_to_cpu(fotg210, itd->hw_bufp[0]),
 164                        hc32_to_cpu(fotg210, itd->hw_bufp[1]),
 165                        hc32_to_cpu(fotg210, itd->hw_bufp[2]),
 166                        hc32_to_cpu(fotg210, itd->hw_bufp[3]),
 167                        hc32_to_cpu(fotg210, itd->hw_bufp[4]),
 168                        hc32_to_cpu(fotg210, itd->hw_bufp[5]),
 169                        hc32_to_cpu(fotg210, itd->hw_bufp[6]));
 170
 171        fotg210_dbg(fotg210, "  index: %d %d %d %d %d %d %d %d\n",
 172                        itd->index[0], itd->index[1], itd->index[2],
 173                        itd->index[3], itd->index[4], itd->index[5],
 174                        itd->index[6], itd->index[7]);
 175}
 176
 177static int __maybe_unused
 178dbg_status_buf(char *buf, unsigned len, const char *label, u32 status)
 179{
 180        return scnprintf(buf, len, "%s%sstatus %04x%s%s%s%s%s%s%s%s%s%s",
 181                        label, label[0] ? " " : "", status,
 182                        (status & STS_ASS) ? " Async" : "",
 183                        (status & STS_PSS) ? " Periodic" : "",
 184                        (status & STS_RECL) ? " Recl" : "",
 185                        (status & STS_HALT) ? " Halt" : "",
 186                        (status & STS_IAA) ? " IAA" : "",
 187                        (status & STS_FATAL) ? " FATAL" : "",
 188                        (status & STS_FLR) ? " FLR" : "",
 189                        (status & STS_PCD) ? " PCD" : "",
 190                        (status & STS_ERR) ? " ERR" : "",
 191                        (status & STS_INT) ? " INT" : "");
 192}
 193
 194static int __maybe_unused
 195dbg_intr_buf(char *buf, unsigned len, const char *label, u32 enable)
 196{
 197        return scnprintf(buf, len, "%s%sintrenable %02x%s%s%s%s%s%s",
 198                        label, label[0] ? " " : "", enable,
 199                        (enable & STS_IAA) ? " IAA" : "",
 200                        (enable & STS_FATAL) ? " FATAL" : "",
 201                        (enable & STS_FLR) ? " FLR" : "",
 202                        (enable & STS_PCD) ? " PCD" : "",
 203                        (enable & STS_ERR) ? " ERR" : "",
 204                        (enable & STS_INT) ? " INT" : "");
 205}
 206
 207static const char *const fls_strings[] = { "1024", "512", "256", "??" };
 208
 209static int dbg_command_buf(char *buf, unsigned len, const char *label,
 210                u32 command)
 211{
 212        return scnprintf(buf, len,
 213                        "%s%scommand %07x %s=%d ithresh=%d%s%s%s period=%s%s %s",
 214                        label, label[0] ? " " : "", command,
 215                        (command & CMD_PARK) ? " park" : "(park)",
 216                        CMD_PARK_CNT(command),
 217                        (command >> 16) & 0x3f,
 218                        (command & CMD_IAAD) ? " IAAD" : "",
 219                        (command & CMD_ASE) ? " Async" : "",
 220                        (command & CMD_PSE) ? " Periodic" : "",
 221                        fls_strings[(command >> 2) & 0x3],
 222                        (command & CMD_RESET) ? " Reset" : "",
 223                        (command & CMD_RUN) ? "RUN" : "HALT");
 224}
 225
 226static char *dbg_port_buf(char *buf, unsigned len, const char *label, int port,
 227                u32 status)
 228{
 229        char *sig;
 230
 231        /* signaling state */
 232        switch (status & (3 << 10)) {
 233        case 0 << 10:
 234                sig = "se0";
 235                break;
 236        case 1 << 10:
 237                sig = "k";
 238                break; /* low speed */
 239        case 2 << 10:
 240                sig = "j";
 241                break;
 242        default:
 243                sig = "?";
 244                break;
 245        }
 246
 247        scnprintf(buf, len, "%s%sport:%d status %06x %d sig=%s%s%s%s%s%s%s%s",
 248                        label, label[0] ? " " : "", port, status,
 249                        status >> 25, /*device address */
 250                        sig,
 251                        (status & PORT_RESET) ? " RESET" : "",
 252                        (status & PORT_SUSPEND) ? " SUSPEND" : "",
 253                        (status & PORT_RESUME) ? " RESUME" : "",
 254                        (status & PORT_PEC) ? " PEC" : "",
 255                        (status & PORT_PE) ? " PE" : "",
 256                        (status & PORT_CSC) ? " CSC" : "",
 257                        (status & PORT_CONNECT) ? " CONNECT" : "");
 258
 259        return buf;
 260}
 261
 262/* functions have the "wrong" filename when they're output... */
 263#define dbg_status(fotg210, label, status) {                    \
 264        char _buf[80];                                          \
 265        dbg_status_buf(_buf, sizeof(_buf), label, status);      \
 266        fotg210_dbg(fotg210, "%s\n", _buf);                     \
 267}
 268
 269#define dbg_cmd(fotg210, label, command) {                      \
 270        char _buf[80];                                          \
 271        dbg_command_buf(_buf, sizeof(_buf), label, command);    \
 272        fotg210_dbg(fotg210, "%s\n", _buf);                     \
 273}
 274
 275#define dbg_port(fotg210, label, port, status) {                               \
 276        char _buf[80];                                                         \
 277        fotg210_dbg(fotg210, "%s\n",                                           \
 278                        dbg_port_buf(_buf, sizeof(_buf), label, port, status));\
 279}
 280
 281/* troubleshooting help: expose state in debugfs */
 282static int debug_async_open(struct inode *, struct file *);
 283static int debug_periodic_open(struct inode *, struct file *);
 284static int debug_registers_open(struct inode *, struct file *);
 285static int debug_async_open(struct inode *, struct file *);
 286
 287static ssize_t debug_output(struct file*, char __user*, size_t, loff_t*);
 288static int debug_close(struct inode *, struct file *);
 289
 290static const struct file_operations debug_async_fops = {
 291        .owner          = THIS_MODULE,
 292        .open           = debug_async_open,
 293        .read           = debug_output,
 294        .release        = debug_close,
 295        .llseek         = default_llseek,
 296};
 297static const struct file_operations debug_periodic_fops = {
 298        .owner          = THIS_MODULE,
 299        .open           = debug_periodic_open,
 300        .read           = debug_output,
 301        .release        = debug_close,
 302        .llseek         = default_llseek,
 303};
 304static const struct file_operations debug_registers_fops = {
 305        .owner          = THIS_MODULE,
 306        .open           = debug_registers_open,
 307        .read           = debug_output,
 308        .release        = debug_close,
 309        .llseek         = default_llseek,
 310};
 311
 312static struct dentry *fotg210_debug_root;
 313
 314struct debug_buffer {
 315        ssize_t (*fill_func)(struct debug_buffer *);    /* fill method */
 316        struct usb_bus *bus;
 317        struct mutex mutex;     /* protect filling of buffer */
 318        size_t count;           /* number of characters filled into buffer */
 319        char *output_buf;
 320        size_t alloc_size;
 321};
 322
 323static inline char speed_char(u32 scratch)
 324{
 325        switch (scratch & (3 << 12)) {
 326        case QH_FULL_SPEED:
 327                return 'f';
 328
 329        case QH_LOW_SPEED:
 330                return 'l';
 331
 332        case QH_HIGH_SPEED:
 333                return 'h';
 334
 335        default:
 336                return '?';
 337        }
 338}
 339
 340static inline char token_mark(struct fotg210_hcd *fotg210, __hc32 token)
 341{
 342        __u32 v = hc32_to_cpu(fotg210, token);
 343
 344        if (v & QTD_STS_ACTIVE)
 345                return '*';
 346        if (v & QTD_STS_HALT)
 347                return '-';
 348        if (!IS_SHORT_READ(v))
 349                return ' ';
 350        /* tries to advance through hw_alt_next */
 351        return '/';
 352}
 353
 354static void qh_lines(struct fotg210_hcd *fotg210, struct fotg210_qh *qh,
 355                char **nextp, unsigned *sizep)
 356{
 357        u32 scratch;
 358        u32 hw_curr;
 359        struct fotg210_qtd *td;
 360        unsigned temp;
 361        unsigned size = *sizep;
 362        char *next = *nextp;
 363        char mark;
 364        __le32 list_end = FOTG210_LIST_END(fotg210);
 365        struct fotg210_qh_hw *hw = qh->hw;
 366
 367        if (hw->hw_qtd_next == list_end) /* NEC does this */
 368                mark = '@';
 369        else
 370                mark = token_mark(fotg210, hw->hw_token);
 371        if (mark == '/') { /* qh_alt_next controls qh advance? */
 372                if ((hw->hw_alt_next & QTD_MASK(fotg210)) ==
 373                    fotg210->async->hw->hw_alt_next)
 374                        mark = '#'; /* blocked */
 375                else if (hw->hw_alt_next == list_end)
 376                        mark = '.'; /* use hw_qtd_next */
 377                /* else alt_next points to some other qtd */
 378        }
 379        scratch = hc32_to_cpup(fotg210, &hw->hw_info1);
 380        hw_curr = (mark == '*') ? hc32_to_cpup(fotg210, &hw->hw_current) : 0;
 381        temp = scnprintf(next, size,
 382                        "qh/%p dev%d %cs ep%d %08x %08x(%08x%c %s nak%d)",
 383                        qh, scratch & 0x007f,
 384                        speed_char(scratch),
 385                        (scratch >> 8) & 0x000f,
 386                        scratch, hc32_to_cpup(fotg210, &hw->hw_info2),
 387                        hc32_to_cpup(fotg210, &hw->hw_token), mark,
 388                        (cpu_to_hc32(fotg210, QTD_TOGGLE) & hw->hw_token)
 389                                ? "data1" : "data0",
 390                        (hc32_to_cpup(fotg210, &hw->hw_alt_next) >> 1) & 0x0f);
 391        size -= temp;
 392        next += temp;
 393
 394        /* hc may be modifying the list as we read it ... */
 395        list_for_each_entry(td, &qh->qtd_list, qtd_list) {
 396                scratch = hc32_to_cpup(fotg210, &td->hw_token);
 397                mark = ' ';
 398                if (hw_curr == td->qtd_dma)
 399                        mark = '*';
 400                else if (hw->hw_qtd_next == cpu_to_hc32(fotg210, td->qtd_dma))
 401                        mark = '+';
 402                else if (QTD_LENGTH(scratch)) {
 403                        if (td->hw_alt_next == fotg210->async->hw->hw_alt_next)
 404                                mark = '#';
 405                        else if (td->hw_alt_next != list_end)
 406                                mark = '/';
 407                }
 408                temp = snprintf(next, size,
 409                                "\n\t%p%c%s len=%d %08x urb %p",
 410                                td, mark, ({ char *tmp;
 411                                switch ((scratch>>8)&0x03) {
 412                                case 0:
 413                                        tmp = "out";
 414                                        break;
 415                                case 1:
 416                                        tmp = "in";
 417                                        break;
 418                                case 2:
 419                                        tmp = "setup";
 420                                        break;
 421                                default:
 422                                        tmp = "?";
 423                                        break;
 424                                 } tmp; }),
 425                                (scratch >> 16) & 0x7fff,
 426                                scratch,
 427                                td->urb);
 428                if (size < temp)
 429                        temp = size;
 430                size -= temp;
 431                next += temp;
 432                if (temp == size)
 433                        goto done;
 434        }
 435
 436        temp = snprintf(next, size, "\n");
 437        if (size < temp)
 438                temp = size;
 439
 440        size -= temp;
 441        next += temp;
 442
 443done:
 444        *sizep = size;
 445        *nextp = next;
 446}
 447
 448static ssize_t fill_async_buffer(struct debug_buffer *buf)
 449{
 450        struct usb_hcd *hcd;
 451        struct fotg210_hcd *fotg210;
 452        unsigned long flags;
 453        unsigned temp, size;
 454        char *next;
 455        struct fotg210_qh *qh;
 456
 457        hcd = bus_to_hcd(buf->bus);
 458        fotg210 = hcd_to_fotg210(hcd);
 459        next = buf->output_buf;
 460        size = buf->alloc_size;
 461
 462        *next = 0;
 463
 464        /* dumps a snapshot of the async schedule.
 465         * usually empty except for long-term bulk reads, or head.
 466         * one QH per line, and TDs we know about
 467         */
 468        spin_lock_irqsave(&fotg210->lock, flags);
 469        for (qh = fotg210->async->qh_next.qh; size > 0 && qh;
 470                        qh = qh->qh_next.qh)
 471                qh_lines(fotg210, qh, &next, &size);
 472        if (fotg210->async_unlink && size > 0) {
 473                temp = scnprintf(next, size, "\nunlink =\n");
 474                size -= temp;
 475                next += temp;
 476
 477                for (qh = fotg210->async_unlink; size > 0 && qh;
 478                                qh = qh->unlink_next)
 479                        qh_lines(fotg210, qh, &next, &size);
 480        }
 481        spin_unlock_irqrestore(&fotg210->lock, flags);
 482
 483        return strlen(buf->output_buf);
 484}
 485
 486/* count tds, get ep direction */
 487static unsigned output_buf_tds_dir(char *buf, struct fotg210_hcd *fotg210,
 488                struct fotg210_qh_hw *hw, struct fotg210_qh *qh, unsigned size)
 489{
 490        u32 scratch = hc32_to_cpup(fotg210, &hw->hw_info1);
 491        struct fotg210_qtd *qtd;
 492        char *type = "";
 493        unsigned temp = 0;
 494
 495        /* count tds, get ep direction */
 496        list_for_each_entry(qtd, &qh->qtd_list, qtd_list) {
 497                temp++;
 498                switch ((hc32_to_cpu(fotg210, qtd->hw_token) >> 8) & 0x03) {
 499                case 0:
 500                        type = "out";
 501                        continue;
 502                case 1:
 503                        type = "in";
 504                        continue;
 505                }
 506        }
 507
 508        return scnprintf(buf, size, "(%c%d ep%d%s [%d/%d] q%d p%d)",
 509                        speed_char(scratch), scratch & 0x007f,
 510                        (scratch >> 8) & 0x000f, type, qh->usecs,
 511                        qh->c_usecs, temp, (scratch >> 16) & 0x7ff);
 512}
 513
 514#define DBG_SCHED_LIMIT 64
 515static ssize_t fill_periodic_buffer(struct debug_buffer *buf)
 516{
 517        struct usb_hcd *hcd;
 518        struct fotg210_hcd *fotg210;
 519        unsigned long flags;
 520        union fotg210_shadow p, *seen;
 521        unsigned temp, size, seen_count;
 522        char *next;
 523        unsigned i;
 524        __hc32 tag;
 525
 526        seen = kmalloc_array(DBG_SCHED_LIMIT, sizeof(*seen), GFP_ATOMIC);
 527        if (!seen)
 528                return 0;
 529
 530        seen_count = 0;
 531
 532        hcd = bus_to_hcd(buf->bus);
 533        fotg210 = hcd_to_fotg210(hcd);
 534        next = buf->output_buf;
 535        size = buf->alloc_size;
 536
 537        temp = scnprintf(next, size, "size = %d\n", fotg210->periodic_size);
 538        size -= temp;
 539        next += temp;
 540
 541        /* dump a snapshot of the periodic schedule.
 542         * iso changes, interrupt usually doesn't.
 543         */
 544        spin_lock_irqsave(&fotg210->lock, flags);
 545        for (i = 0; i < fotg210->periodic_size; i++) {
 546                p = fotg210->pshadow[i];
 547                if (likely(!p.ptr))
 548                        continue;
 549
 550                tag = Q_NEXT_TYPE(fotg210, fotg210->periodic[i]);
 551
 552                temp = scnprintf(next, size, "%4d: ", i);
 553                size -= temp;
 554                next += temp;
 555
 556                do {
 557                        struct fotg210_qh_hw *hw;
 558
 559                        switch (hc32_to_cpu(fotg210, tag)) {
 560                        case Q_TYPE_QH:
 561                                hw = p.qh->hw;
 562                                temp = scnprintf(next, size, " qh%d-%04x/%p",
 563                                                p.qh->period,
 564                                                hc32_to_cpup(fotg210,
 565                                                        &hw->hw_info2)
 566                                                        /* uframe masks */
 567                                                        & (QH_CMASK | QH_SMASK),
 568                                                p.qh);
 569                                size -= temp;
 570                                next += temp;
 571                                /* don't repeat what follows this qh */
 572                                for (temp = 0; temp < seen_count; temp++) {
 573                                        if (seen[temp].ptr != p.ptr)
 574                                                continue;
 575                                        if (p.qh->qh_next.ptr) {
 576                                                temp = scnprintf(next, size,
 577                                                                " ...");
 578                                                size -= temp;
 579                                                next += temp;
 580                                        }
 581                                        break;
 582                                }
 583                                /* show more info the first time around */
 584                                if (temp == seen_count) {
 585                                        temp = output_buf_tds_dir(next,
 586                                                        fotg210, hw,
 587                                                        p.qh, size);
 588
 589                                        if (seen_count < DBG_SCHED_LIMIT)
 590                                                seen[seen_count++].qh = p.qh;
 591                                } else
 592                                        temp = 0;
 593                                tag = Q_NEXT_TYPE(fotg210, hw->hw_next);
 594                                p = p.qh->qh_next;
 595                                break;
 596                        case Q_TYPE_FSTN:
 597                                temp = scnprintf(next, size,
 598                                                " fstn-%8x/%p",
 599                                                p.fstn->hw_prev, p.fstn);
 600                                tag = Q_NEXT_TYPE(fotg210, p.fstn->hw_next);
 601                                p = p.fstn->fstn_next;
 602                                break;
 603                        case Q_TYPE_ITD:
 604                                temp = scnprintf(next, size,
 605                                                " itd/%p", p.itd);
 606                                tag = Q_NEXT_TYPE(fotg210, p.itd->hw_next);
 607                                p = p.itd->itd_next;
 608                                break;
 609                        }
 610                        size -= temp;
 611                        next += temp;
 612                } while (p.ptr);
 613
 614                temp = scnprintf(next, size, "\n");
 615                size -= temp;
 616                next += temp;
 617        }
 618        spin_unlock_irqrestore(&fotg210->lock, flags);
 619        kfree(seen);
 620
 621        return buf->alloc_size - size;
 622}
 623#undef DBG_SCHED_LIMIT
 624
 625static const char *rh_state_string(struct fotg210_hcd *fotg210)
 626{
 627        switch (fotg210->rh_state) {
 628        case FOTG210_RH_HALTED:
 629                return "halted";
 630        case FOTG210_RH_SUSPENDED:
 631                return "suspended";
 632        case FOTG210_RH_RUNNING:
 633                return "running";
 634        case FOTG210_RH_STOPPING:
 635                return "stopping";
 636        }
 637        return "?";
 638}
 639
 640static ssize_t fill_registers_buffer(struct debug_buffer *buf)
 641{
 642        struct usb_hcd *hcd;
 643        struct fotg210_hcd *fotg210;
 644        unsigned long flags;
 645        unsigned temp, size, i;
 646        char *next, scratch[80];
 647        static const char fmt[] = "%*s\n";
 648        static const char label[] = "";
 649
 650        hcd = bus_to_hcd(buf->bus);
 651        fotg210 = hcd_to_fotg210(hcd);
 652        next = buf->output_buf;
 653        size = buf->alloc_size;
 654
 655        spin_lock_irqsave(&fotg210->lock, flags);
 656
 657        if (!HCD_HW_ACCESSIBLE(hcd)) {
 658                size = scnprintf(next, size,
 659                                "bus %s, device %s\n"
 660                                "%s\n"
 661                                "SUSPENDED(no register access)\n",
 662                                hcd->self.controller->bus->name,
 663                                dev_name(hcd->self.controller),
 664                                hcd->product_desc);
 665                goto done;
 666        }
 667
 668        /* Capability Registers */
 669        i = HC_VERSION(fotg210, fotg210_readl(fotg210,
 670                        &fotg210->caps->hc_capbase));
 671        temp = scnprintf(next, size,
 672                        "bus %s, device %s\n"
 673                        "%s\n"
 674                        "EHCI %x.%02x, rh state %s\n",
 675                        hcd->self.controller->bus->name,
 676                        dev_name(hcd->self.controller),
 677                        hcd->product_desc,
 678                        i >> 8, i & 0x0ff, rh_state_string(fotg210));
 679        size -= temp;
 680        next += temp;
 681
 682        /* FIXME interpret both types of params */
 683        i = fotg210_readl(fotg210, &fotg210->caps->hcs_params);
 684        temp = scnprintf(next, size, "structural params 0x%08x\n", i);
 685        size -= temp;
 686        next += temp;
 687
 688        i = fotg210_readl(fotg210, &fotg210->caps->hcc_params);
 689        temp = scnprintf(next, size, "capability params 0x%08x\n", i);
 690        size -= temp;
 691        next += temp;
 692
 693        /* Operational Registers */
 694        temp = dbg_status_buf(scratch, sizeof(scratch), label,
 695                        fotg210_readl(fotg210, &fotg210->regs->status));
 696        temp = scnprintf(next, size, fmt, temp, scratch);
 697        size -= temp;
 698        next += temp;
 699
 700        temp = dbg_command_buf(scratch, sizeof(scratch), label,
 701                        fotg210_readl(fotg210, &fotg210->regs->command));
 702        temp = scnprintf(next, size, fmt, temp, scratch);
 703        size -= temp;
 704        next += temp;
 705
 706        temp = dbg_intr_buf(scratch, sizeof(scratch), label,
 707                        fotg210_readl(fotg210, &fotg210->regs->intr_enable));
 708        temp = scnprintf(next, size, fmt, temp, scratch);
 709        size -= temp;
 710        next += temp;
 711
 712        temp = scnprintf(next, size, "uframe %04x\n",
 713                        fotg210_read_frame_index(fotg210));
 714        size -= temp;
 715        next += temp;
 716
 717        if (fotg210->async_unlink) {
 718                temp = scnprintf(next, size, "async unlink qh %p\n",
 719                                fotg210->async_unlink);
 720                size -= temp;
 721                next += temp;
 722        }
 723
 724#ifdef FOTG210_STATS
 725        temp = scnprintf(next, size,
 726                        "irq normal %ld err %ld iaa %ld(lost %ld)\n",
 727                        fotg210->stats.normal, fotg210->stats.error,
 728                        fotg210->stats.iaa, fotg210->stats.lost_iaa);
 729        size -= temp;
 730        next += temp;
 731
 732        temp = scnprintf(next, size, "complete %ld unlink %ld\n",
 733                        fotg210->stats.complete, fotg210->stats.unlink);
 734        size -= temp;
 735        next += temp;
 736#endif
 737
 738done:
 739        spin_unlock_irqrestore(&fotg210->lock, flags);
 740
 741        return buf->alloc_size - size;
 742}
 743
 744static struct debug_buffer
 745*alloc_buffer(struct usb_bus *bus, ssize_t (*fill_func)(struct debug_buffer *))
 746{
 747        struct debug_buffer *buf;
 748
 749        buf = kzalloc(sizeof(struct debug_buffer), GFP_KERNEL);
 750
 751        if (buf) {
 752                buf->bus = bus;
 753                buf->fill_func = fill_func;
 754                mutex_init(&buf->mutex);
 755                buf->alloc_size = PAGE_SIZE;
 756        }
 757
 758        return buf;
 759}
 760
 761static int fill_buffer(struct debug_buffer *buf)
 762{
 763        int ret = 0;
 764
 765        if (!buf->output_buf)
 766                buf->output_buf = vmalloc(buf->alloc_size);
 767
 768        if (!buf->output_buf) {
 769                ret = -ENOMEM;
 770                goto out;
 771        }
 772
 773        ret = buf->fill_func(buf);
 774
 775        if (ret >= 0) {
 776                buf->count = ret;
 777                ret = 0;
 778        }
 779
 780out:
 781        return ret;
 782}
 783
 784static ssize_t debug_output(struct file *file, char __user *user_buf,
 785                size_t len, loff_t *offset)
 786{
 787        struct debug_buffer *buf = file->private_data;
 788        int ret = 0;
 789
 790        mutex_lock(&buf->mutex);
 791        if (buf->count == 0) {
 792                ret = fill_buffer(buf);
 793                if (ret != 0) {
 794                        mutex_unlock(&buf->mutex);
 795                        goto out;
 796                }
 797        }
 798        mutex_unlock(&buf->mutex);
 799
 800        ret = simple_read_from_buffer(user_buf, len, offset,
 801                        buf->output_buf, buf->count);
 802
 803out:
 804        return ret;
 805
 806}
 807
 808static int debug_close(struct inode *inode, struct file *file)
 809{
 810        struct debug_buffer *buf = file->private_data;
 811
 812        if (buf) {
 813                vfree(buf->output_buf);
 814                kfree(buf);
 815        }
 816
 817        return 0;
 818}
 819static int debug_async_open(struct inode *inode, struct file *file)
 820{
 821        file->private_data = alloc_buffer(inode->i_private, fill_async_buffer);
 822
 823        return file->private_data ? 0 : -ENOMEM;
 824}
 825
 826static int debug_periodic_open(struct inode *inode, struct file *file)
 827{
 828        struct debug_buffer *buf;
 829
 830        buf = alloc_buffer(inode->i_private, fill_periodic_buffer);
 831        if (!buf)
 832                return -ENOMEM;
 833
 834        buf->alloc_size = (sizeof(void *) == 4 ? 6 : 8)*PAGE_SIZE;
 835        file->private_data = buf;
 836        return 0;
 837}
 838
 839static int debug_registers_open(struct inode *inode, struct file *file)
 840{
 841        file->private_data = alloc_buffer(inode->i_private,
 842                        fill_registers_buffer);
 843
 844        return file->private_data ? 0 : -ENOMEM;
 845}
 846
 847static inline void create_debug_files(struct fotg210_hcd *fotg210)
 848{
 849        struct usb_bus *bus = &fotg210_to_hcd(fotg210)->self;
 850        struct dentry *root;
 851
 852        root = debugfs_create_dir(bus->bus_name, fotg210_debug_root);
 853
 854        debugfs_create_file("async", S_IRUGO, root, bus, &debug_async_fops);
 855        debugfs_create_file("periodic", S_IRUGO, root, bus,
 856                            &debug_periodic_fops);
 857        debugfs_create_file("registers", S_IRUGO, root, bus,
 858                            &debug_registers_fops);
 859}
 860
 861static inline void remove_debug_files(struct fotg210_hcd *fotg210)
 862{
 863        struct usb_bus *bus = &fotg210_to_hcd(fotg210)->self;
 864
 865        debugfs_remove(debugfs_lookup(bus->bus_name, fotg210_debug_root));
 866}
 867
 868/* handshake - spin reading hc until handshake completes or fails
 869 * @ptr: address of hc register to be read
 870 * @mask: bits to look at in result of read
 871 * @done: value of those bits when handshake succeeds
 872 * @usec: timeout in microseconds
 873 *
 874 * Returns negative errno, or zero on success
 875 *
 876 * Success happens when the "mask" bits have the specified value (hardware
 877 * handshake done).  There are two failure modes:  "usec" have passed (major
 878 * hardware flakeout), or the register reads as all-ones (hardware removed).
 879 *
 880 * That last failure should_only happen in cases like physical cardbus eject
 881 * before driver shutdown. But it also seems to be caused by bugs in cardbus
 882 * bridge shutdown:  shutting down the bridge before the devices using it.
 883 */
 884static int handshake(struct fotg210_hcd *fotg210, void __iomem *ptr,
 885                u32 mask, u32 done, int usec)
 886{
 887        u32 result;
 888        int ret;
 889
 890        ret = readl_poll_timeout_atomic(ptr, result,
 891                                        ((result & mask) == done ||
 892                                         result == U32_MAX), 1, usec);
 893        if (result == U32_MAX)          /* card removed */
 894                return -ENODEV;
 895
 896        return ret;
 897}
 898
 899/* Force HC to halt state from unknown (EHCI spec section 2.3).
 900 * Must be called with interrupts enabled and the lock not held.
 901 */
 902static int fotg210_halt(struct fotg210_hcd *fotg210)
 903{
 904        u32 temp;
 905
 906        spin_lock_irq(&fotg210->lock);
 907
 908        /* disable any irqs left enabled by previous code */
 909        fotg210_writel(fotg210, 0, &fotg210->regs->intr_enable);
 910
 911        /*
 912         * This routine gets called during probe before fotg210->command
 913         * has been initialized, so we can't rely on its value.
 914         */
 915        fotg210->command &= ~CMD_RUN;
 916        temp = fotg210_readl(fotg210, &fotg210->regs->command);
 917        temp &= ~(CMD_RUN | CMD_IAAD);
 918        fotg210_writel(fotg210, temp, &fotg210->regs->command);
 919
 920        spin_unlock_irq(&fotg210->lock);
 921        synchronize_irq(fotg210_to_hcd(fotg210)->irq);
 922
 923        return handshake(fotg210, &fotg210->regs->status,
 924                        STS_HALT, STS_HALT, 16 * 125);
 925}
 926
 927/* Reset a non-running (STS_HALT == 1) controller.
 928 * Must be called with interrupts enabled and the lock not held.
 929 */
 930static int fotg210_reset(struct fotg210_hcd *fotg210)
 931{
 932        int retval;
 933        u32 command = fotg210_readl(fotg210, &fotg210->regs->command);
 934
 935        /* If the EHCI debug controller is active, special care must be
 936         * taken before and after a host controller reset
 937         */
 938        if (fotg210->debug && !dbgp_reset_prep(fotg210_to_hcd(fotg210)))
 939                fotg210->debug = NULL;
 940
 941        command |= CMD_RESET;
 942        dbg_cmd(fotg210, "reset", command);
 943        fotg210_writel(fotg210, command, &fotg210->regs->command);
 944        fotg210->rh_state = FOTG210_RH_HALTED;
 945        fotg210->next_statechange = jiffies;
 946        retval = handshake(fotg210, &fotg210->regs->command,
 947                        CMD_RESET, 0, 250 * 1000);
 948
 949        if (retval)
 950                return retval;
 951
 952        if (fotg210->debug)
 953                dbgp_external_startup(fotg210_to_hcd(fotg210));
 954
 955        fotg210->port_c_suspend = fotg210->suspended_ports =
 956                        fotg210->resuming_ports = 0;
 957        return retval;
 958}
 959
 960/* Idle the controller (turn off the schedules).
 961 * Must be called with interrupts enabled and the lock not held.
 962 */
 963static void fotg210_quiesce(struct fotg210_hcd *fotg210)
 964{
 965        u32 temp;
 966
 967        if (fotg210->rh_state != FOTG210_RH_RUNNING)
 968                return;
 969
 970        /* wait for any schedule enables/disables to take effect */
 971        temp = (fotg210->command << 10) & (STS_ASS | STS_PSS);
 972        handshake(fotg210, &fotg210->regs->status, STS_ASS | STS_PSS, temp,
 973                        16 * 125);
 974
 975        /* then disable anything that's still active */
 976        spin_lock_irq(&fotg210->lock);
 977        fotg210->command &= ~(CMD_ASE | CMD_PSE);
 978        fotg210_writel(fotg210, fotg210->command, &fotg210->regs->command);
 979        spin_unlock_irq(&fotg210->lock);
 980
 981        /* hardware can take 16 microframes to turn off ... */
 982        handshake(fotg210, &fotg210->regs->status, STS_ASS | STS_PSS, 0,
 983                        16 * 125);
 984}
 985
 986static void end_unlink_async(struct fotg210_hcd *fotg210);
 987static void unlink_empty_async(struct fotg210_hcd *fotg210);
 988static void fotg210_work(struct fotg210_hcd *fotg210);
 989static void start_unlink_intr(struct fotg210_hcd *fotg210,
 990                              struct fotg210_qh *qh);
 991static void end_unlink_intr(struct fotg210_hcd *fotg210, struct fotg210_qh *qh);
 992
 993/* Set a bit in the USBCMD register */
 994static void fotg210_set_command_bit(struct fotg210_hcd *fotg210, u32 bit)
 995{
 996        fotg210->command |= bit;
 997        fotg210_writel(fotg210, fotg210->command, &fotg210->regs->command);
 998
 999        /* unblock posted write */
1000        fotg210_readl(fotg210, &fotg210->regs->command);
1001}
1002
1003/* Clear a bit in the USBCMD register */
1004static void fotg210_clear_command_bit(struct fotg210_hcd *fotg210, u32 bit)
1005{
1006        fotg210->command &= ~bit;
1007        fotg210_writel(fotg210, fotg210->command, &fotg210->regs->command);
1008
1009        /* unblock posted write */
1010        fotg210_readl(fotg210, &fotg210->regs->command);
1011}
1012
1013/* EHCI timer support...  Now using hrtimers.
1014 *
1015 * Lots of different events are triggered from fotg210->hrtimer.  Whenever
1016 * the timer routine runs, it checks each possible event; events that are
1017 * currently enabled and whose expiration time has passed get handled.
1018 * The set of enabled events is stored as a collection of bitflags in
1019 * fotg210->enabled_hrtimer_events, and they are numbered in order of
1020 * increasing delay values (ranging between 1 ms and 100 ms).
1021 *
1022 * Rather than implementing a sorted list or tree of all pending events,
1023 * we keep track only of the lowest-numbered pending event, in
1024 * fotg210->next_hrtimer_event.  Whenever fotg210->hrtimer gets restarted, its
1025 * expiration time is set to the timeout value for this event.
1026 *
1027 * As a result, events might not get handled right away; the actual delay
1028 * could be anywhere up to twice the requested delay.  This doesn't
1029 * matter, because none of the events are especially time-critical.  The
1030 * ones that matter most all have a delay of 1 ms, so they will be
1031 * handled after 2 ms at most, which is okay.  In addition to this, we
1032 * allow for an expiration range of 1 ms.
1033 */
1034
1035/* Delay lengths for the hrtimer event types.
1036 * Keep this list sorted by delay length, in the same order as
1037 * the event types indexed by enum fotg210_hrtimer_event in fotg210.h.
1038 */
1039static unsigned event_delays_ns[] = {
1040        1 * NSEC_PER_MSEC,      /* FOTG210_HRTIMER_POLL_ASS */
1041        1 * NSEC_PER_MSEC,      /* FOTG210_HRTIMER_POLL_PSS */
1042        1 * NSEC_PER_MSEC,      /* FOTG210_HRTIMER_POLL_DEAD */
1043        1125 * NSEC_PER_USEC,   /* FOTG210_HRTIMER_UNLINK_INTR */
1044        2 * NSEC_PER_MSEC,      /* FOTG210_HRTIMER_FREE_ITDS */
1045        6 * NSEC_PER_MSEC,      /* FOTG210_HRTIMER_ASYNC_UNLINKS */
1046        10 * NSEC_PER_MSEC,     /* FOTG210_HRTIMER_IAA_WATCHDOG */
1047        10 * NSEC_PER_MSEC,     /* FOTG210_HRTIMER_DISABLE_PERIODIC */
1048        15 * NSEC_PER_MSEC,     /* FOTG210_HRTIMER_DISABLE_ASYNC */
1049        100 * NSEC_PER_MSEC,    /* FOTG210_HRTIMER_IO_WATCHDOG */
1050};
1051
1052/* Enable a pending hrtimer event */
1053static void fotg210_enable_event(struct fotg210_hcd *fotg210, unsigned event,
1054                bool resched)
1055{
1056        ktime_t *timeout = &fotg210->hr_timeouts[event];
1057
1058        if (resched)
1059                *timeout = ktime_add(ktime_get(), event_delays_ns[event]);
1060        fotg210->enabled_hrtimer_events |= (1 << event);
1061
1062        /* Track only the lowest-numbered pending event */
1063        if (event < fotg210->next_hrtimer_event) {
1064                fotg210->next_hrtimer_event = event;
1065                hrtimer_start_range_ns(&fotg210->hrtimer, *timeout,
1066                                NSEC_PER_MSEC, HRTIMER_MODE_ABS);
1067        }
1068}
1069
1070
1071/* Poll the STS_ASS status bit; see when it agrees with CMD_ASE */
1072static void fotg210_poll_ASS(struct fotg210_hcd *fotg210)
1073{
1074        unsigned actual, want;
1075
1076        /* Don't enable anything if the controller isn't running (e.g., died) */
1077        if (fotg210->rh_state != FOTG210_RH_RUNNING)
1078                return;
1079
1080        want = (fotg210->command & CMD_ASE) ? STS_ASS : 0;
1081        actual = fotg210_readl(fotg210, &fotg210->regs->status) & STS_ASS;
1082
1083        if (want != actual) {
1084
1085                /* Poll again later, but give up after about 20 ms */
1086                if (fotg210->ASS_poll_count++ < 20) {
1087                        fotg210_enable_event(fotg210, FOTG210_HRTIMER_POLL_ASS,
1088                                        true);
1089                        return;
1090                }
1091                fotg210_dbg(fotg210, "Waited too long for the async schedule status (%x/%x), giving up\n",
1092                                want, actual);
1093        }
1094        fotg210->ASS_poll_count = 0;
1095
1096        /* The status is up-to-date; restart or stop the schedule as needed */
1097        if (want == 0) {        /* Stopped */
1098                if (fotg210->async_count > 0)
1099                        fotg210_set_command_bit(fotg210, CMD_ASE);
1100
1101        } else {                /* Running */
1102                if (fotg210->async_count == 0) {
1103
1104                        /* Turn off the schedule after a while */
1105                        fotg210_enable_event(fotg210,
1106                                        FOTG210_HRTIMER_DISABLE_ASYNC,
1107                                        true);
1108                }
1109        }
1110}
1111
1112/* Turn off the async schedule after a brief delay */
1113static void fotg210_disable_ASE(struct fotg210_hcd *fotg210)
1114{
1115        fotg210_clear_command_bit(fotg210, CMD_ASE);
1116}
1117
1118
1119/* Poll the STS_PSS status bit; see when it agrees with CMD_PSE */
1120static void fotg210_poll_PSS(struct fotg210_hcd *fotg210)
1121{
1122        unsigned actual, want;
1123
1124        /* Don't do anything if the controller isn't running (e.g., died) */
1125        if (fotg210->rh_state != FOTG210_RH_RUNNING)
1126                return;
1127
1128        want = (fotg210->command & CMD_PSE) ? STS_PSS : 0;
1129        actual = fotg210_readl(fotg210, &fotg210->regs->status) & STS_PSS;
1130
1131        if (want != actual) {
1132
1133                /* Poll again later, but give up after about 20 ms */
1134                if (fotg210->PSS_poll_count++ < 20) {
1135                        fotg210_enable_event(fotg210, FOTG210_HRTIMER_POLL_PSS,
1136                                        true);
1137                        return;
1138                }
1139                fotg210_dbg(fotg210, "Waited too long for the periodic schedule status (%x/%x), giving up\n",
1140                                want, actual);
1141        }
1142        fotg210->PSS_poll_count = 0;
1143
1144        /* The status is up-to-date; restart or stop the schedule as needed */
1145        if (want == 0) {        /* Stopped */
1146                if (fotg210->periodic_count > 0)
1147                        fotg210_set_command_bit(fotg210, CMD_PSE);
1148
1149        } else {                /* Running */
1150                if (fotg210->periodic_count == 0) {
1151
1152                        /* Turn off the schedule after a while */
1153                        fotg210_enable_event(fotg210,
1154                                        FOTG210_HRTIMER_DISABLE_PERIODIC,
1155                                        true);
1156                }
1157        }
1158}
1159
1160/* Turn off the periodic schedule after a brief delay */
1161static void fotg210_disable_PSE(struct fotg210_hcd *fotg210)
1162{
1163        fotg210_clear_command_bit(fotg210, CMD_PSE);
1164}
1165
1166
1167/* Poll the STS_HALT status bit; see when a dead controller stops */
1168static void fotg210_handle_controller_death(struct fotg210_hcd *fotg210)
1169{
1170        if (!(fotg210_readl(fotg210, &fotg210->regs->status) & STS_HALT)) {
1171
1172                /* Give up after a few milliseconds */
1173                if (fotg210->died_poll_count++ < 5) {
1174                        /* Try again later */
1175                        fotg210_enable_event(fotg210,
1176                                        FOTG210_HRTIMER_POLL_DEAD, true);
1177                        return;
1178                }
1179                fotg210_warn(fotg210, "Waited too long for the controller to stop, giving up\n");
1180        }
1181
1182        /* Clean up the mess */
1183        fotg210->rh_state = FOTG210_RH_HALTED;
1184        fotg210_writel(fotg210, 0, &fotg210->regs->intr_enable);
1185        fotg210_work(fotg210);
1186        end_unlink_async(fotg210);
1187
1188        /* Not in process context, so don't try to reset the controller */
1189}
1190
1191
1192/* Handle unlinked interrupt QHs once they are gone from the hardware */
1193static void fotg210_handle_intr_unlinks(struct fotg210_hcd *fotg210)
1194{
1195        bool stopped = (fotg210->rh_state < FOTG210_RH_RUNNING);
1196
1197        /*
1198         * Process all the QHs on the intr_unlink list that were added
1199         * before the current unlink cycle began.  The list is in
1200         * temporal order, so stop when we reach the first entry in the
1201         * current cycle.  But if the root hub isn't running then
1202         * process all the QHs on the list.
1203         */
1204        fotg210->intr_unlinking = true;
1205        while (fotg210->intr_unlink) {
1206                struct fotg210_qh *qh = fotg210->intr_unlink;
1207
1208                if (!stopped && qh->unlink_cycle == fotg210->intr_unlink_cycle)
1209                        break;
1210                fotg210->intr_unlink = qh->unlink_next;
1211                qh->unlink_next = NULL;
1212                end_unlink_intr(fotg210, qh);
1213        }
1214
1215        /* Handle remaining entries later */
1216        if (fotg210->intr_unlink) {
1217                fotg210_enable_event(fotg210, FOTG210_HRTIMER_UNLINK_INTR,
1218                                true);
1219                ++fotg210->intr_unlink_cycle;
1220        }
1221        fotg210->intr_unlinking = false;
1222}
1223
1224
1225/* Start another free-iTDs/siTDs cycle */
1226static void start_free_itds(struct fotg210_hcd *fotg210)
1227{
1228        if (!(fotg210->enabled_hrtimer_events &
1229                        BIT(FOTG210_HRTIMER_FREE_ITDS))) {
1230                fotg210->last_itd_to_free = list_entry(
1231                                fotg210->cached_itd_list.prev,
1232                                struct fotg210_itd, itd_list);
1233                fotg210_enable_event(fotg210, FOTG210_HRTIMER_FREE_ITDS, true);
1234        }
1235}
1236
1237/* Wait for controller to stop using old iTDs and siTDs */
1238static void end_free_itds(struct fotg210_hcd *fotg210)
1239{
1240        struct fotg210_itd *itd, *n;
1241
1242        if (fotg210->rh_state < FOTG210_RH_RUNNING)
1243                fotg210->last_itd_to_free = NULL;
1244
1245        list_for_each_entry_safe(itd, n, &fotg210->cached_itd_list, itd_list) {
1246                list_del(&itd->itd_list);
1247                dma_pool_free(fotg210->itd_pool, itd, itd->itd_dma);
1248                if (itd == fotg210->last_itd_to_free)
1249                        break;
1250        }
1251
1252        if (!list_empty(&fotg210->cached_itd_list))
1253                start_free_itds(fotg210);
1254}
1255
1256
1257/* Handle lost (or very late) IAA interrupts */
1258static void fotg210_iaa_watchdog(struct fotg210_hcd *fotg210)
1259{
1260        if (fotg210->rh_state != FOTG210_RH_RUNNING)
1261                return;
1262
1263        /*
1264         * Lost IAA irqs wedge things badly; seen first with a vt8235.
1265         * So we need this watchdog, but must protect it against both
1266         * (a) SMP races against real IAA firing and retriggering, and
1267         * (b) clean HC shutdown, when IAA watchdog was pending.
1268         */
1269        if (fotg210->async_iaa) {
1270                u32 cmd, status;
1271
1272                /* If we get here, IAA is *REALLY* late.  It's barely
1273                 * conceivable that the system is so busy that CMD_IAAD
1274                 * is still legitimately set, so let's be sure it's
1275                 * clear before we read STS_IAA.  (The HC should clear
1276                 * CMD_IAAD when it sets STS_IAA.)
1277                 */
1278                cmd = fotg210_readl(fotg210, &fotg210->regs->command);
1279
1280                /*
1281                 * If IAA is set here it either legitimately triggered
1282                 * after the watchdog timer expired (_way_ late, so we'll
1283                 * still count it as lost) ... or a silicon erratum:
1284                 * - VIA seems to set IAA without triggering the IRQ;
1285                 * - IAAD potentially cleared without setting IAA.
1286                 */
1287                status = fotg210_readl(fotg210, &fotg210->regs->status);
1288                if ((status & STS_IAA) || !(cmd & CMD_IAAD)) {
1289                        INCR(fotg210->stats.lost_iaa);
1290                        fotg210_writel(fotg210, STS_IAA,
1291                                        &fotg210->regs->status);
1292                }
1293
1294                fotg210_dbg(fotg210, "IAA watchdog: status %x cmd %x\n",
1295                                status, cmd);
1296                end_unlink_async(fotg210);
1297        }
1298}
1299
1300
1301/* Enable the I/O watchdog, if appropriate */
1302static void turn_on_io_watchdog(struct fotg210_hcd *fotg210)
1303{
1304        /* Not needed if the controller isn't running or it's already enabled */
1305        if (fotg210->rh_state != FOTG210_RH_RUNNING ||
1306                        (fotg210->enabled_hrtimer_events &
1307                        BIT(FOTG210_HRTIMER_IO_WATCHDOG)))
1308                return;
1309
1310        /*
1311         * Isochronous transfers always need the watchdog.
1312         * For other sorts we use it only if the flag is set.
1313         */
1314        if (fotg210->isoc_count > 0 || (fotg210->need_io_watchdog &&
1315                        fotg210->async_count + fotg210->intr_count > 0))
1316                fotg210_enable_event(fotg210, FOTG210_HRTIMER_IO_WATCHDOG,
1317                                true);
1318}
1319
1320
1321/* Handler functions for the hrtimer event types.
1322 * Keep this array in the same order as the event types indexed by
1323 * enum fotg210_hrtimer_event in fotg210.h.
1324 */
1325static void (*event_handlers[])(struct fotg210_hcd *) = {
1326        fotg210_poll_ASS,                       /* FOTG210_HRTIMER_POLL_ASS */
1327        fotg210_poll_PSS,                       /* FOTG210_HRTIMER_POLL_PSS */
1328        fotg210_handle_controller_death,        /* FOTG210_HRTIMER_POLL_DEAD */
1329        fotg210_handle_intr_unlinks,    /* FOTG210_HRTIMER_UNLINK_INTR */
1330        end_free_itds,                  /* FOTG210_HRTIMER_FREE_ITDS */
1331        unlink_empty_async,             /* FOTG210_HRTIMER_ASYNC_UNLINKS */
1332        fotg210_iaa_watchdog,           /* FOTG210_HRTIMER_IAA_WATCHDOG */
1333        fotg210_disable_PSE,            /* FOTG210_HRTIMER_DISABLE_PERIODIC */
1334        fotg210_disable_ASE,            /* FOTG210_HRTIMER_DISABLE_ASYNC */
1335        fotg210_work,                   /* FOTG210_HRTIMER_IO_WATCHDOG */
1336};
1337
1338static enum hrtimer_restart fotg210_hrtimer_func(struct hrtimer *t)
1339{
1340        struct fotg210_hcd *fotg210 =
1341                        container_of(t, struct fotg210_hcd, hrtimer);
1342        ktime_t now;
1343        unsigned long events;
1344        unsigned long flags;
1345        unsigned e;
1346
1347        spin_lock_irqsave(&fotg210->lock, flags);
1348
1349        events = fotg210->enabled_hrtimer_events;
1350        fotg210->enabled_hrtimer_events = 0;
1351        fotg210->next_hrtimer_event = FOTG210_HRTIMER_NO_EVENT;
1352
1353        /*
1354         * Check each pending event.  If its time has expired, handle
1355         * the event; otherwise re-enable it.
1356         */
1357        now = ktime_get();
1358        for_each_set_bit(e, &events, FOTG210_HRTIMER_NUM_EVENTS) {
1359                if (ktime_compare(now, fotg210->hr_timeouts[e]) >= 0)
1360                        event_handlers[e](fotg210);
1361                else
1362                        fotg210_enable_event(fotg210, e, false);
1363        }
1364
1365        spin_unlock_irqrestore(&fotg210->lock, flags);
1366        return HRTIMER_NORESTART;
1367}
1368
1369#define fotg210_bus_suspend NULL
1370#define fotg210_bus_resume NULL
1371
1372static int check_reset_complete(struct fotg210_hcd *fotg210, int index,
1373                u32 __iomem *status_reg, int port_status)
1374{
1375        if (!(port_status & PORT_CONNECT))
1376                return port_status;
1377
1378        /* if reset finished and it's still not enabled -- handoff */
1379        if (!(port_status & PORT_PE))
1380                /* with integrated TT, there's nobody to hand it to! */
1381                fotg210_dbg(fotg210, "Failed to enable port %d on root hub TT\n",
1382                                index + 1);
1383        else
1384                fotg210_dbg(fotg210, "port %d reset complete, port enabled\n",
1385                                index + 1);
1386
1387        return port_status;
1388}
1389
1390
1391/* build "status change" packet (one or two bytes) from HC registers */
1392
1393static int fotg210_hub_status_data(struct usb_hcd *hcd, char *buf)
1394{
1395        struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
1396        u32 temp, status;
1397        u32 mask;
1398        int retval = 1;
1399        unsigned long flags;
1400
1401        /* init status to no-changes */
1402        buf[0] = 0;
1403
1404        /* Inform the core about resumes-in-progress by returning
1405         * a non-zero value even if there are no status changes.
1406         */
1407        status = fotg210->resuming_ports;
1408
1409        mask = PORT_CSC | PORT_PEC;
1410        /* PORT_RESUME from hardware ~= PORT_STAT_C_SUSPEND */
1411
1412        /* no hub change reports (bit 0) for now (power, ...) */
1413
1414        /* port N changes (bit N)? */
1415        spin_lock_irqsave(&fotg210->lock, flags);
1416
1417        temp = fotg210_readl(fotg210, &fotg210->regs->port_status);
1418
1419        /*
1420         * Return status information even for ports with OWNER set.
1421         * Otherwise hub_wq wouldn't see the disconnect event when a
1422         * high-speed device is switched over to the companion
1423         * controller by the user.
1424         */
1425
1426        if ((temp & mask) != 0 || test_bit(0, &fotg210->port_c_suspend) ||
1427                        (fotg210->reset_done[0] &&
1428                        time_after_eq(jiffies, fotg210->reset_done[0]))) {
1429                buf[0] |= 1 << 1;
1430                status = STS_PCD;
1431        }
1432        /* FIXME autosuspend idle root hubs */
1433        spin_unlock_irqrestore(&fotg210->lock, flags);
1434        return status ? retval : 0;
1435}
1436
1437static void fotg210_hub_descriptor(struct fotg210_hcd *fotg210,
1438                struct usb_hub_descriptor *desc)
1439{
1440        int ports = HCS_N_PORTS(fotg210->hcs_params);
1441        u16 temp;
1442
1443        desc->bDescriptorType = USB_DT_HUB;
1444        desc->bPwrOn2PwrGood = 10;      /* fotg210 1.0, 2.3.9 says 20ms max */
1445        desc->bHubContrCurrent = 0;
1446
1447        desc->bNbrPorts = ports;
1448        temp = 1 + (ports / 8);
1449        desc->bDescLength = 7 + 2 * temp;
1450
1451        /* two bitmaps:  ports removable, and usb 1.0 legacy PortPwrCtrlMask */
1452        memset(&desc->u.hs.DeviceRemovable[0], 0, temp);
1453        memset(&desc->u.hs.DeviceRemovable[temp], 0xff, temp);
1454
1455        temp = HUB_CHAR_INDV_PORT_OCPM; /* per-port overcurrent reporting */
1456        temp |= HUB_CHAR_NO_LPSM;       /* no power switching */
1457        desc->wHubCharacteristics = cpu_to_le16(temp);
1458}
1459
1460static int fotg210_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue,
1461                u16 wIndex, char *buf, u16 wLength)
1462{
1463        struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
1464        int ports = HCS_N_PORTS(fotg210->hcs_params);
1465        u32 __iomem *status_reg = &fotg210->regs->port_status;
1466        u32 temp, temp1, status;
1467        unsigned long flags;
1468        int retval = 0;
1469        unsigned selector;
1470
1471        /*
1472         * FIXME:  support SetPortFeatures USB_PORT_FEAT_INDICATOR.
1473         * HCS_INDICATOR may say we can change LEDs to off/amber/green.
1474         * (track current state ourselves) ... blink for diagnostics,
1475         * power, "this is the one", etc.  EHCI spec supports this.
1476         */
1477
1478        spin_lock_irqsave(&fotg210->lock, flags);
1479        switch (typeReq) {
1480        case ClearHubFeature:
1481                switch (wValue) {
1482                case C_HUB_LOCAL_POWER:
1483                case C_HUB_OVER_CURRENT:
1484                        /* no hub-wide feature/status flags */
1485                        break;
1486                default:
1487                        goto error;
1488                }
1489                break;
1490        case ClearPortFeature:
1491                if (!wIndex || wIndex > ports)
1492                        goto error;
1493                wIndex--;
1494                temp = fotg210_readl(fotg210, status_reg);
1495                temp &= ~PORT_RWC_BITS;
1496
1497                /*
1498                 * Even if OWNER is set, so the port is owned by the
1499                 * companion controller, hub_wq needs to be able to clear
1500                 * the port-change status bits (especially
1501                 * USB_PORT_STAT_C_CONNECTION).
1502                 */
1503
1504                switch (wValue) {
1505                case USB_PORT_FEAT_ENABLE:
1506                        fotg210_writel(fotg210, temp & ~PORT_PE, status_reg);
1507                        break;
1508                case USB_PORT_FEAT_C_ENABLE:
1509                        fotg210_writel(fotg210, temp | PORT_PEC, status_reg);
1510                        break;
1511                case USB_PORT_FEAT_SUSPEND:
1512                        if (temp & PORT_RESET)
1513                                goto error;
1514                        if (!(temp & PORT_SUSPEND))
1515                                break;
1516                        if ((temp & PORT_PE) == 0)
1517                                goto error;
1518
1519                        /* resume signaling for 20 msec */
1520                        fotg210_writel(fotg210, temp | PORT_RESUME, status_reg);
1521                        fotg210->reset_done[wIndex] = jiffies
1522                                        + msecs_to_jiffies(USB_RESUME_TIMEOUT);
1523                        break;
1524                case USB_PORT_FEAT_C_SUSPEND:
1525                        clear_bit(wIndex, &fotg210->port_c_suspend);
1526                        break;
1527                case USB_PORT_FEAT_C_CONNECTION:
1528                        fotg210_writel(fotg210, temp | PORT_CSC, status_reg);
1529                        break;
1530                case USB_PORT_FEAT_C_OVER_CURRENT:
1531                        fotg210_writel(fotg210, temp | OTGISR_OVC,
1532                                        &fotg210->regs->otgisr);
1533                        break;
1534                case USB_PORT_FEAT_C_RESET:
1535                        /* GetPortStatus clears reset */
1536                        break;
1537                default:
1538                        goto error;
1539                }
1540                fotg210_readl(fotg210, &fotg210->regs->command);
1541                break;
1542        case GetHubDescriptor:
1543                fotg210_hub_descriptor(fotg210, (struct usb_hub_descriptor *)
1544                                buf);
1545                break;
1546        case GetHubStatus:
1547                /* no hub-wide feature/status flags */
1548                memset(buf, 0, 4);
1549                /*cpu_to_le32s ((u32 *) buf); */
1550                break;
1551        case GetPortStatus:
1552                if (!wIndex || wIndex > ports)
1553                        goto error;
1554                wIndex--;
1555                status = 0;
1556                temp = fotg210_readl(fotg210, status_reg);
1557
1558                /* wPortChange bits */
1559                if (temp & PORT_CSC)
1560                        status |= USB_PORT_STAT_C_CONNECTION << 16;
1561                if (temp & PORT_PEC)
1562                        status |= USB_PORT_STAT_C_ENABLE << 16;
1563
1564                temp1 = fotg210_readl(fotg210, &fotg210->regs->otgisr);
1565                if (temp1 & OTGISR_OVC)
1566                        status |= USB_PORT_STAT_C_OVERCURRENT << 16;
1567
1568                /* whoever resumes must GetPortStatus to complete it!! */
1569                if (temp & PORT_RESUME) {
1570
1571                        /* Remote Wakeup received? */
1572                        if (!fotg210->reset_done[wIndex]) {
1573                                /* resume signaling for 20 msec */
1574                                fotg210->reset_done[wIndex] = jiffies
1575                                                + msecs_to_jiffies(20);
1576                                /* check the port again */
1577                                mod_timer(&fotg210_to_hcd(fotg210)->rh_timer,
1578                                                fotg210->reset_done[wIndex]);
1579                        }
1580
1581                        /* resume completed? */
1582                        else if (time_after_eq(jiffies,
1583                                        fotg210->reset_done[wIndex])) {
1584                                clear_bit(wIndex, &fotg210->suspended_ports);
1585                                set_bit(wIndex, &fotg210->port_c_suspend);
1586                                fotg210->reset_done[wIndex] = 0;
1587
1588                                /* stop resume signaling */
1589                                temp = fotg210_readl(fotg210, status_reg);
1590                                fotg210_writel(fotg210, temp &
1591                                                ~(PORT_RWC_BITS | PORT_RESUME),
1592                                                status_reg);
1593                                clear_bit(wIndex, &fotg210->resuming_ports);
1594                                retval = handshake(fotg210, status_reg,
1595                                                PORT_RESUME, 0, 2000);/* 2ms */
1596                                if (retval != 0) {
1597                                        fotg210_err(fotg210,
1598                                                        "port %d resume error %d\n",
1599                                                        wIndex + 1, retval);
1600                                        goto error;
1601                                }
1602                                temp &= ~(PORT_SUSPEND|PORT_RESUME|(3<<10));
1603                        }
1604                }
1605
1606                /* whoever resets must GetPortStatus to complete it!! */
1607                if ((temp & PORT_RESET) && time_after_eq(jiffies,
1608                                fotg210->reset_done[wIndex])) {
1609                        status |= USB_PORT_STAT_C_RESET << 16;
1610                        fotg210->reset_done[wIndex] = 0;
1611                        clear_bit(wIndex, &fotg210->resuming_ports);
1612
1613                        /* force reset to complete */
1614                        fotg210_writel(fotg210,
1615                                        temp & ~(PORT_RWC_BITS | PORT_RESET),
1616                                        status_reg);
1617                        /* REVISIT:  some hardware needs 550+ usec to clear
1618                         * this bit; seems too long to spin routinely...
1619                         */
1620                        retval = handshake(fotg210, status_reg,
1621                                        PORT_RESET, 0, 1000);
1622                        if (retval != 0) {
1623                                fotg210_err(fotg210, "port %d reset error %d\n",
1624                                                wIndex + 1, retval);
1625                                goto error;
1626                        }
1627
1628                        /* see what we found out */
1629                        temp = check_reset_complete(fotg210, wIndex, status_reg,
1630                                        fotg210_readl(fotg210, status_reg));
1631
1632                        /* restart schedule */
1633                        fotg210->command |= CMD_RUN;
1634                        fotg210_writel(fotg210, fotg210->command, &fotg210->regs->command);
1635                }
1636
1637                if (!(temp & (PORT_RESUME|PORT_RESET))) {
1638                        fotg210->reset_done[wIndex] = 0;
1639                        clear_bit(wIndex, &fotg210->resuming_ports);
1640                }
1641
1642                /* transfer dedicated ports to the companion hc */
1643                if ((temp & PORT_CONNECT) &&
1644                                test_bit(wIndex, &fotg210->companion_ports)) {
1645                        temp &= ~PORT_RWC_BITS;
1646                        fotg210_writel(fotg210, temp, status_reg);
1647                        fotg210_dbg(fotg210, "port %d --> companion\n",
1648                                        wIndex + 1);
1649                        temp = fotg210_readl(fotg210, status_reg);
1650                }
1651
1652                /*
1653                 * Even if OWNER is set, there's no harm letting hub_wq
1654                 * see the wPortStatus values (they should all be 0 except
1655                 * for PORT_POWER anyway).
1656                 */
1657
1658                if (temp & PORT_CONNECT) {
1659                        status |= USB_PORT_STAT_CONNECTION;
1660                        status |= fotg210_port_speed(fotg210, temp);
1661                }
1662                if (temp & PORT_PE)
1663                        status |= USB_PORT_STAT_ENABLE;
1664
1665                /* maybe the port was unsuspended without our knowledge */
1666                if (temp & (PORT_SUSPEND|PORT_RESUME)) {
1667                        status |= USB_PORT_STAT_SUSPEND;
1668                } else if (test_bit(wIndex, &fotg210->suspended_ports)) {
1669                        clear_bit(wIndex, &fotg210->suspended_ports);
1670                        clear_bit(wIndex, &fotg210->resuming_ports);
1671                        fotg210->reset_done[wIndex] = 0;
1672                        if (temp & PORT_PE)
1673                                set_bit(wIndex, &fotg210->port_c_suspend);
1674                }
1675
1676                temp1 = fotg210_readl(fotg210, &fotg210->regs->otgisr);
1677                if (temp1 & OTGISR_OVC)
1678                        status |= USB_PORT_STAT_OVERCURRENT;
1679                if (temp & PORT_RESET)
1680                        status |= USB_PORT_STAT_RESET;
1681                if (test_bit(wIndex, &fotg210->port_c_suspend))
1682                        status |= USB_PORT_STAT_C_SUSPEND << 16;
1683
1684                if (status & ~0xffff)   /* only if wPortChange is interesting */
1685                        dbg_port(fotg210, "GetStatus", wIndex + 1, temp);
1686                put_unaligned_le32(status, buf);
1687                break;
1688        case SetHubFeature:
1689                switch (wValue) {
1690                case C_HUB_LOCAL_POWER:
1691                case C_HUB_OVER_CURRENT:
1692                        /* no hub-wide feature/status flags */
1693                        break;
1694                default:
1695                        goto error;
1696                }
1697                break;
1698        case SetPortFeature:
1699                selector = wIndex >> 8;
1700                wIndex &= 0xff;
1701
1702                if (!wIndex || wIndex > ports)
1703                        goto error;
1704                wIndex--;
1705                temp = fotg210_readl(fotg210, status_reg);
1706                temp &= ~PORT_RWC_BITS;
1707                switch (wValue) {
1708                case USB_PORT_FEAT_SUSPEND:
1709                        if ((temp & PORT_PE) == 0
1710                                        || (temp & PORT_RESET) != 0)
1711                                goto error;
1712
1713                        /* After above check the port must be connected.
1714                         * Set appropriate bit thus could put phy into low power
1715                         * mode if we have hostpc feature
1716                         */
1717                        fotg210_writel(fotg210, temp | PORT_SUSPEND,
1718                                        status_reg);
1719                        set_bit(wIndex, &fotg210->suspended_ports);
1720                        break;
1721                case USB_PORT_FEAT_RESET:
1722                        if (temp & PORT_RESUME)
1723                                goto error;
1724                        /* line status bits may report this as low speed,
1725                         * which can be fine if this root hub has a
1726                         * transaction translator built in.
1727                         */
1728                        fotg210_dbg(fotg210, "port %d reset\n", wIndex + 1);
1729                        temp |= PORT_RESET;
1730                        temp &= ~PORT_PE;
1731
1732                        /*
1733                         * caller must wait, then call GetPortStatus
1734                         * usb 2.0 spec says 50 ms resets on root
1735                         */
1736                        fotg210->reset_done[wIndex] = jiffies
1737                                        + msecs_to_jiffies(50);
1738                        fotg210_writel(fotg210, temp, status_reg);
1739                        break;
1740
1741                /* For downstream facing ports (these):  one hub port is put
1742                 * into test mode according to USB2 11.24.2.13, then the hub
1743                 * must be reset (which for root hub now means rmmod+modprobe,
1744                 * or else system reboot).  See EHCI 2.3.9 and 4.14 for info
1745                 * about the EHCI-specific stuff.
1746                 */
1747                case USB_PORT_FEAT_TEST:
1748                        if (!selector || selector > 5)
1749                                goto error;
1750                        spin_unlock_irqrestore(&fotg210->lock, flags);
1751                        fotg210_quiesce(fotg210);
1752                        spin_lock_irqsave(&fotg210->lock, flags);
1753
1754                        /* Put all enabled ports into suspend */
1755                        temp = fotg210_readl(fotg210, status_reg) &
1756                                ~PORT_RWC_BITS;
1757                        if (temp & PORT_PE)
1758                                fotg210_writel(fotg210, temp | PORT_SUSPEND,
1759                                                status_reg);
1760
1761                        spin_unlock_irqrestore(&fotg210->lock, flags);
1762                        fotg210_halt(fotg210);
1763                        spin_lock_irqsave(&fotg210->lock, flags);
1764
1765                        temp = fotg210_readl(fotg210, status_reg);
1766                        temp |= selector << 16;
1767                        fotg210_writel(fotg210, temp, status_reg);
1768                        break;
1769
1770                default:
1771                        goto error;
1772                }
1773                fotg210_readl(fotg210, &fotg210->regs->command);
1774                break;
1775
1776        default:
1777error:
1778                /* "stall" on error */
1779                retval = -EPIPE;
1780        }
1781        spin_unlock_irqrestore(&fotg210->lock, flags);
1782        return retval;
1783}
1784
1785static void __maybe_unused fotg210_relinquish_port(struct usb_hcd *hcd,
1786                int portnum)
1787{
1788        return;
1789}
1790
1791static int __maybe_unused fotg210_port_handed_over(struct usb_hcd *hcd,
1792                int portnum)
1793{
1794        return 0;
1795}
1796
1797/* There's basically three types of memory:
1798 *      - data used only by the HCD ... kmalloc is fine
1799 *      - async and periodic schedules, shared by HC and HCD ... these
1800 *        need to use dma_pool or dma_alloc_coherent
1801 *      - driver buffers, read/written by HC ... single shot DMA mapped
1802 *
1803 * There's also "register" data (e.g. PCI or SOC), which is memory mapped.
1804 * No memory seen by this driver is pageable.
1805 */
1806
1807/* Allocate the key transfer structures from the previously allocated pool */
1808static inline void fotg210_qtd_init(struct fotg210_hcd *fotg210,
1809                struct fotg210_qtd *qtd, dma_addr_t dma)
1810{
1811        memset(qtd, 0, sizeof(*qtd));
1812        qtd->qtd_dma = dma;
1813        qtd->hw_token = cpu_to_hc32(fotg210, QTD_STS_HALT);
1814        qtd->hw_next = FOTG210_LIST_END(fotg210);
1815        qtd->hw_alt_next = FOTG210_LIST_END(fotg210);
1816        INIT_LIST_HEAD(&qtd->qtd_list);
1817}
1818
1819static struct fotg210_qtd *fotg210_qtd_alloc(struct fotg210_hcd *fotg210,
1820                gfp_t flags)
1821{
1822        struct fotg210_qtd *qtd;
1823        dma_addr_t dma;
1824
1825        qtd = dma_pool_alloc(fotg210->qtd_pool, flags, &dma);
1826        if (qtd != NULL)
1827                fotg210_qtd_init(fotg210, qtd, dma);
1828
1829        return qtd;
1830}
1831
1832static inline void fotg210_qtd_free(struct fotg210_hcd *fotg210,
1833                struct fotg210_qtd *qtd)
1834{
1835        dma_pool_free(fotg210->qtd_pool, qtd, qtd->qtd_dma);
1836}
1837
1838
1839static void qh_destroy(struct fotg210_hcd *fotg210, struct fotg210_qh *qh)
1840{
1841        /* clean qtds first, and know this is not linked */
1842        if (!list_empty(&qh->qtd_list) || qh->qh_next.ptr) {
1843                fotg210_dbg(fotg210, "unused qh not empty!\n");
1844                BUG();
1845        }
1846        if (qh->dummy)
1847                fotg210_qtd_free(fotg210, qh->dummy);
1848        dma_pool_free(fotg210->qh_pool, qh->hw, qh->qh_dma);
1849        kfree(qh);
1850}
1851
1852static struct fotg210_qh *fotg210_qh_alloc(struct fotg210_hcd *fotg210,
1853                gfp_t flags)
1854{
1855        struct fotg210_qh *qh;
1856        dma_addr_t dma;
1857
1858        qh = kzalloc(sizeof(*qh), GFP_ATOMIC);
1859        if (!qh)
1860                goto done;
1861        qh->hw = dma_pool_zalloc(fotg210->qh_pool, flags, &dma);
1862        if (!qh->hw)
1863                goto fail;
1864        qh->qh_dma = dma;
1865        INIT_LIST_HEAD(&qh->qtd_list);
1866
1867        /* dummy td enables safe urb queuing */
1868        qh->dummy = fotg210_qtd_alloc(fotg210, flags);
1869        if (qh->dummy == NULL) {
1870                fotg210_dbg(fotg210, "no dummy td\n");
1871                goto fail1;
1872        }
1873done:
1874        return qh;
1875fail1:
1876        dma_pool_free(fotg210->qh_pool, qh->hw, qh->qh_dma);
1877fail:
1878        kfree(qh);
1879        return NULL;
1880}
1881
1882/* The queue heads and transfer descriptors are managed from pools tied
1883 * to each of the "per device" structures.
1884 * This is the initialisation and cleanup code.
1885 */
1886
1887static void fotg210_mem_cleanup(struct fotg210_hcd *fotg210)
1888{
1889        if (fotg210->async)
1890                qh_destroy(fotg210, fotg210->async);
1891        fotg210->async = NULL;
1892
1893        if (fotg210->dummy)
1894                qh_destroy(fotg210, fotg210->dummy);
1895        fotg210->dummy = NULL;
1896
1897        /* DMA consistent memory and pools */
1898        dma_pool_destroy(fotg210->qtd_pool);
1899        fotg210->qtd_pool = NULL;
1900
1901        dma_pool_destroy(fotg210->qh_pool);
1902        fotg210->qh_pool = NULL;
1903
1904        dma_pool_destroy(fotg210->itd_pool);
1905        fotg210->itd_pool = NULL;
1906
1907        if (fotg210->periodic)
1908                dma_free_coherent(fotg210_to_hcd(fotg210)->self.controller,
1909                                fotg210->periodic_size * sizeof(u32),
1910                                fotg210->periodic, fotg210->periodic_dma);
1911        fotg210->periodic = NULL;
1912
1913        /* shadow periodic table */
1914        kfree(fotg210->pshadow);
1915        fotg210->pshadow = NULL;
1916}
1917
1918/* remember to add cleanup code (above) if you add anything here */
1919static int fotg210_mem_init(struct fotg210_hcd *fotg210, gfp_t flags)
1920{
1921        int i;
1922
1923        /* QTDs for control/bulk/intr transfers */
1924        fotg210->qtd_pool = dma_pool_create("fotg210_qtd",
1925                        fotg210_to_hcd(fotg210)->self.controller,
1926                        sizeof(struct fotg210_qtd),
1927                        32 /* byte alignment (for hw parts) */,
1928                        4096 /* can't cross 4K */);
1929        if (!fotg210->qtd_pool)
1930                goto fail;
1931
1932        /* QHs for control/bulk/intr transfers */
1933        fotg210->qh_pool = dma_pool_create("fotg210_qh",
1934                        fotg210_to_hcd(fotg210)->self.controller,
1935                        sizeof(struct fotg210_qh_hw),
1936                        32 /* byte alignment (for hw parts) */,
1937                        4096 /* can't cross 4K */);
1938        if (!fotg210->qh_pool)
1939                goto fail;
1940
1941        fotg210->async = fotg210_qh_alloc(fotg210, flags);
1942        if (!fotg210->async)
1943                goto fail;
1944
1945        /* ITD for high speed ISO transfers */
1946        fotg210->itd_pool = dma_pool_create("fotg210_itd",
1947                        fotg210_to_hcd(fotg210)->self.controller,
1948                        sizeof(struct fotg210_itd),
1949                        64 /* byte alignment (for hw parts) */,
1950                        4096 /* can't cross 4K */);
1951        if (!fotg210->itd_pool)
1952                goto fail;
1953
1954        /* Hardware periodic table */
1955        fotg210->periodic =
1956                dma_alloc_coherent(fotg210_to_hcd(fotg210)->self.controller,
1957                                fotg210->periodic_size * sizeof(__le32),
1958                                &fotg210->periodic_dma, 0);
1959        if (fotg210->periodic == NULL)
1960                goto fail;
1961
1962        for (i = 0; i < fotg210->periodic_size; i++)
1963                fotg210->periodic[i] = FOTG210_LIST_END(fotg210);
1964
1965        /* software shadow of hardware table */
1966        fotg210->pshadow = kcalloc(fotg210->periodic_size, sizeof(void *),
1967                        flags);
1968        if (fotg210->pshadow != NULL)
1969                return 0;
1970
1971fail:
1972        fotg210_dbg(fotg210, "couldn't init memory\n");
1973        fotg210_mem_cleanup(fotg210);
1974        return -ENOMEM;
1975}
1976/* EHCI hardware queue manipulation ... the core.  QH/QTD manipulation.
1977 *
1978 * Control, bulk, and interrupt traffic all use "qh" lists.  They list "qtd"
1979 * entries describing USB transactions, max 16-20kB/entry (with 4kB-aligned
1980 * buffers needed for the larger number).  We use one QH per endpoint, queue
1981 * multiple urbs (all three types) per endpoint.  URBs may need several qtds.
1982 *
1983 * ISO traffic uses "ISO TD" (itd) records, and (along with
1984 * interrupts) needs careful scheduling.  Performance improvements can be
1985 * an ongoing challenge.  That's in "ehci-sched.c".
1986 *
1987 * USB 1.1 devices are handled (a) by "companion" OHCI or UHCI root hubs,
1988 * or otherwise through transaction translators (TTs) in USB 2.0 hubs using
1989 * (b) special fields in qh entries or (c) split iso entries.  TTs will
1990 * buffer low/full speed data so the host collects it at high speed.
1991 */
1992
1993/* fill a qtd, returning how much of the buffer we were able to queue up */
1994static int qtd_fill(struct fotg210_hcd *fotg210, struct fotg210_qtd *qtd,
1995                dma_addr_t buf, size_t len, int token, int maxpacket)
1996{
1997        int i, count;
1998        u64 addr = buf;
1999
2000        /* one buffer entry per 4K ... first might be short or unaligned */
2001        qtd->hw_buf[0] = cpu_to_hc32(fotg210, (u32)addr);
2002        qtd->hw_buf_hi[0] = cpu_to_hc32(fotg210, (u32)(addr >> 32));
2003        count = 0x1000 - (buf & 0x0fff);        /* rest of that page */
2004        if (likely(len < count))                /* ... iff needed */
2005                count = len;
2006        else {
2007                buf +=  0x1000;
2008                buf &= ~0x0fff;
2009
2010                /* per-qtd limit: from 16K to 20K (best alignment) */
2011                for (i = 1; count < len && i < 5; i++) {
2012                        addr = buf;
2013                        qtd->hw_buf[i] = cpu_to_hc32(fotg210, (u32)addr);
2014                        qtd->hw_buf_hi[i] = cpu_to_hc32(fotg210,
2015                                        (u32)(addr >> 32));
2016                        buf += 0x1000;
2017                        if ((count + 0x1000) < len)
2018                                count += 0x1000;
2019                        else
2020                                count = len;
2021                }
2022
2023                /* short packets may only terminate transfers */
2024                if (count != len)
2025                        count -= (count % maxpacket);
2026        }
2027        qtd->hw_token = cpu_to_hc32(fotg210, (count << 16) | token);
2028        qtd->length = count;
2029
2030        return count;
2031}
2032
2033static inline void qh_update(struct fotg210_hcd *fotg210,
2034                struct fotg210_qh *qh, struct fotg210_qtd *qtd)
2035{
2036        struct fotg210_qh_hw *hw = qh->hw;
2037
2038        /* writes to an active overlay are unsafe */
2039        BUG_ON(qh->qh_state != QH_STATE_IDLE);
2040
2041        hw->hw_qtd_next = QTD_NEXT(fotg210, qtd->qtd_dma);
2042        hw->hw_alt_next = FOTG210_LIST_END(fotg210);
2043
2044        /* Except for control endpoints, we make hardware maintain data
2045         * toggle (like OHCI) ... here (re)initialize the toggle in the QH,
2046         * and set the pseudo-toggle in udev. Only usb_clear_halt() will
2047         * ever clear it.
2048         */
2049        if (!(hw->hw_info1 & cpu_to_hc32(fotg210, QH_TOGGLE_CTL))) {
2050                unsigned is_out, epnum;
2051
2052                is_out = qh->is_out;
2053                epnum = (hc32_to_cpup(fotg210, &hw->hw_info1) >> 8) & 0x0f;
2054                if (unlikely(!usb_gettoggle(qh->dev, epnum, is_out))) {
2055                        hw->hw_token &= ~cpu_to_hc32(fotg210, QTD_TOGGLE);
2056                        usb_settoggle(qh->dev, epnum, is_out, 1);
2057                }
2058        }
2059
2060        hw->hw_token &= cpu_to_hc32(fotg210, QTD_TOGGLE | QTD_STS_PING);
2061}
2062
2063/* if it weren't for a common silicon quirk (writing the dummy into the qh
2064 * overlay, so qh->hw_token wrongly becomes inactive/halted), only fault
2065 * recovery (including urb dequeue) would need software changes to a QH...
2066 */
2067static void qh_refresh(struct fotg210_hcd *fotg210, struct fotg210_qh *qh)
2068{
2069        struct fotg210_qtd *qtd;
2070
2071        if (list_empty(&qh->qtd_list))
2072                qtd = qh->dummy;
2073        else {
2074                qtd = list_entry(qh->qtd_list.next,
2075                                struct fotg210_qtd, qtd_list);
2076                /*
2077                 * first qtd may already be partially processed.
2078                 * If we come here during unlink, the QH overlay region
2079                 * might have reference to the just unlinked qtd. The
2080                 * qtd is updated in qh_completions(). Update the QH
2081                 * overlay here.
2082                 */
2083                if (cpu_to_hc32(fotg210, qtd->qtd_dma) == qh->hw->hw_current) {
2084                        qh->hw->hw_qtd_next = qtd->hw_next;
2085                        qtd = NULL;
2086                }
2087        }
2088
2089        if (qtd)
2090                qh_update(fotg210, qh, qtd);
2091}
2092
2093static void qh_link_async(struct fotg210_hcd *fotg210, struct fotg210_qh *qh);
2094
2095static void fotg210_clear_tt_buffer_complete(struct usb_hcd *hcd,
2096                struct usb_host_endpoint *ep)
2097{
2098        struct fotg210_hcd *fotg210 = hcd_to_fotg210(hcd);
2099        struct fotg210_qh *qh = ep->hcpriv;
2100        unsigned long flags;
2101
2102        spin_lock_irqsave(&fotg210->lock, flags);
2103        qh->clearing_tt = 0;
2104        if (qh->qh_state == QH_STATE_IDLE && !list_empty(&qh->qtd_list)
2105                        && fotg210->rh_state == FOTG210_RH_RUNNING)
2106                qh_link_async(fotg210, qh);
2107        spin_unlock_irqrestore(&fotg210->lock, flags);
2108}
2109
2110static void fotg210_clear_tt_buffer(struct fotg210_hcd *fotg210,
2111                struct fotg210_qh *qh, struct urb *urb, u32 token)
2112{
2113
2114        /* If an async split transaction gets an error or is unlinked,
2115         * the TT buffer may be left in an indeterminate state.  We
2116         * have to clear the TT buffer.
2117         *
2118         * Note: this routine is never called for Isochronous transfers.
2119         */
2120        if (urb->dev->tt && !usb_pipeint(urb->pipe) && !qh->clearing_tt) {
2121                struct usb_device *tt = urb->dev->tt->hub;
2122
2123                dev_dbg(&tt->dev,
2124                                "clear tt buffer port %d, a%d ep%d t%08x\n",
2125                                urb->dev->ttport, urb->dev->devnum,
2126                                usb_pipeendpoint(urb->pipe), token);
2127
2128                if (urb->dev->tt->hub !=
2129                                fotg210_to_hcd(fotg210)->self.root_hub) {
2130                        if (usb_hub_clear_tt_buffer(urb) == 0)
2131                                qh->clearing_tt = 1;
2132                }
2133        }
2134}
2135
2136static int qtd_copy_status(struct fotg210_hcd *fotg210, struct urb *urb,
2137                size_t length, u32 token)
2138{
2139        int status = -EINPROGRESS;
2140
2141        /* count IN/OUT bytes, not SETUP (even short packets) */
2142        if (likely(QTD_PID(token) != 2))
2143                urb->actual_length += length - QTD_LENGTH(token);
2144
2145        /* don't modify error codes */
2146        if (unlikely(urb->unlinked))
2147                return status;
2148
2149        /* force cleanup after short read; not always an error */
2150        if (unlikely(IS_SHORT_READ(token)))
2151                status = -EREMOTEIO;
2152
2153        /* serious "can't proceed" faults reported by the hardware */
2154        if (token & QTD_STS_HALT) {
2155                if (token & QTD_STS_BABBLE) {
2156                        /* FIXME "must" disable babbling device's port too */
2157                        status = -EOVERFLOW;
2158                /* CERR nonzero + halt --> stall */
2159                } else if (QTD_CERR(token)) {
2160                        status = -EPIPE;
2161
2162                /* In theory, more than one of the following bits can be set
2163                 * since they are sticky and the transaction is retried.
2164                 * Which to test first is rather arbitrary.
2165                 */
2166                } else if (token & QTD_STS_MMF) {
2167                        /* fs/ls interrupt xfer missed the complete-split */
2168                        status = -EPROTO;
2169                } else if (token & QTD_STS_DBE) {
2170                        status = (QTD_PID(token) == 1) /* IN ? */
2171                                ? -ENOSR  /* hc couldn't read data */
2172                                : -ECOMM; /* hc couldn't write data */
2173                } else if (token & QTD_STS_XACT) {
2174                        /* timeout, bad CRC, wrong PID, etc */
2175                        fotg210_dbg(fotg210, "devpath %s ep%d%s 3strikes\n",
2176                                        urb->dev->devpath,
2177                                        usb_pipeendpoint(urb->pipe),
2178                                        usb_pipein(urb->pipe) ? "in" : "out");
2179                        status = -EPROTO;
2180                } else {        /* unknown */
2181                        status = -EPROTO;
2182                }
2183
2184                fotg210_dbg(fotg210,
2185                                "dev%d ep%d%s qtd token %08x --> status %d\n",
2186                                usb_pipedevice(urb->pipe),
2187                                usb_pipeendpoint(urb->pipe),
2188                                usb_pipein(urb->pipe) ? "in" : "out",
2189                                token, status);
2190        }
2191
2192        return status;
2193}
2194
2195static void fotg210_urb_done(struct fotg210_hcd *fotg210, struct urb *urb,
2196                int status)
2197__releases(fotg210->lock)
2198__acquires(fotg210->lock)
2199{
2200        if (likely(urb->hcpriv != NULL)) {
2201                struct fotg210_qh *qh = (struct fotg210_qh *) urb->hcpriv;
2202
2203                /* S-mask in a QH means it's an interrupt urb */
2204                if ((qh->hw->hw_info2 & cpu_to_hc32(fotg210, QH_SMASK)) != 0) {
2205
2206                        /* ... update hc-wide periodic stats (for usbfs) */
2207                        fotg210_to_hcd(fotg210)->self.bandwidth_int_reqs--;
2208                }
2209        }
2210
2211        if (unlikely(urb->unlinked)) {
2212                INCR(fotg210->stats.unlink);
2213        } else {
2214                /* report non-error and short read status as zero */
2215                if (status == -EINPROGRESS || status == -EREMOTEIO)
2216                        status = 0;
2217                INCR(fotg210->stats.complete);
2218        }
2219
2220#ifdef FOTG210_URB_TRACE
2221        fotg210_dbg(fotg210,
2222                        "%s %s urb %p ep%d%s status %d len %d/%d\n",
2223                        __func__, urb->dev->devpath, urb,
2224                        usb_pipeendpoint(urb->pipe),
2225                        usb_pipein(urb->pipe) ? "in" : "out",
2226                        status,
2227                        urb->actual_length, urb->transfer_buffer_length);
2228#endif
2229
2230        /* complete() can reenter this HCD */
2231        usb_hcd_unlink_urb_from_ep(fotg210_to_hcd(fotg210), urb);
2232        spin_unlock(&fotg210->lock);
2233        usb_hcd_giveback_urb(fotg210_to_hcd(fotg210), urb, status);
2234        spin_lock(&fotg210->lock);
2235}
2236
2237static int qh_schedule(struct fotg210_hcd *fotg210, struct fotg210_qh *qh);
2238
2239/* Process and free completed qtds for a qh, returning URBs to drivers.
2240 * Chases up to qh->hw_current.  Returns number of completions called,
2241 * indicating how much "real" work we did.
2242 */
2243static unsigned qh_completions(struct fotg210_hcd *fotg210,
2244                struct fotg210_qh *qh)
2245{
2246        struct fotg210_qtd *last, *end = qh->dummy;
2247        struct fotg210_qtd *qtd, *tmp;
2248        int last_status;
2249        int stopped;
2250        unsigned count = 0;
2251        u8 state;
2252        struct fotg210_qh_hw *hw = qh->hw;
2253
2254        if (unlikely(list_empty(&qh->qtd_list)))
2255                return count;
2256
2257        /* completions (or tasks on other cpus) must never clobber HALT
2258         * till we've gone through and cleaned everything up, even when
2259         * they add urbs to this qh's queue or mark them for unlinking.
2260         *
2261         * NOTE:  unlinking expects to be done in queue order.
2262         *
2263         * It's a bug for qh->qh_state to be anything other than
2264         * QH_STATE_IDLE, unless our caller is scan_async() or
2265         * scan_intr().
2266         */
2267        state = qh->qh_state;
2268        qh->qh_state = QH_STATE_COMPLETING;
2269        stopped = (state == QH_STATE_IDLE);
2270
2271rescan:
2272        last = NULL;
2273        last_status = -EINPROGRESS;
2274        qh->needs_rescan = 0;
2275
2276        /* remove de-activated QTDs from front of queue.
2277         * after faults (including short reads), cleanup this urb
2278         * then let the queue advance.
2279         * if queue is stopped, handles unlinks.
2280         */
2281        list_for_each_entry_safe(qtd, tmp, &qh->qtd_list, qtd_list) {
2282                struct urb *urb;
2283                u32 token = 0;
2284
2285                urb = qtd->urb;
2286
2287                /* clean up any state from previous QTD ...*/
2288                if (last) {
2289                        if (likely(last->urb != urb)) {
2290                                fotg210_urb_done(fotg210, last->urb,
2291                                                last_status);
2292                                count++;
2293                                last_status = -EINPROGRESS;
2294                        }
2295                        fotg210_qtd_free(fotg210, last);
2296                        last = NULL;
2297                }
2298
2299                /* ignore urbs submitted during completions we reported */
2300                if (qtd == end)
2301                        break;
2302
2303                /* hardware copies qtd out of qh overlay */
2304                rmb();
2305                token = hc32_to_cpu(fotg210, qtd->hw_token);
2306
2307                /* always clean up qtds the hc de-activated */
2308retry_xacterr:
2309                if ((token & QTD_STS_ACTIVE) == 0) {
2310
2311                        /* Report Data Buffer Error: non-fatal but useful */
2312                        if (token & QTD_STS_DBE)
2313                                fotg210_dbg(fotg210,
2314                                        "detected DataBufferErr for urb %p ep%d%s len %d, qtd %p [qh %p]\n",
2315                                        urb, usb_endpoint_num(&urb->ep->desc),
2316                                        usb_endpoint_dir_in(&urb->ep->desc)
2317                                                ? "in" : "out",
2318                                        urb->transfer_buffer_length, qtd, qh);
2319
2320                        /* on STALL, error, and short reads this urb must
2321                         * complete and all its qtds must be recycled.
2322                         */
2323                        if ((token & QTD_STS_HALT) != 0) {
2324
2325                                /* retry transaction errors until we
2326                                 * reach the software xacterr limit
2327                                 */
2328                                if ((token & QTD_STS_XACT) &&
2329                                                QTD_CERR(token) == 0 &&
2330                                                ++qh->xacterrs < QH_XACTERR_MAX &&
2331                                                !urb->unlinked) {
2332                                        fotg210_dbg(fotg210,
2333                                                "detected XactErr len %zu/%zu retry %d\n",
2334                                                qtd->length - QTD_LENGTH(token),
2335                                                qtd->length,
2336                                                qh->xacterrs);
2337
2338                                        /* reset the token in the qtd and the
2339                                         * qh overlay (which still contains
2340                                         * the qtd) so that we pick up from
2341                                         * where we left off
2342                                         */
2343                                        token &= ~QTD_STS_HALT;
2344                                        token |= QTD_STS_ACTIVE |
2345                                                 (FOTG210_TUNE_CERR << 10);
2346                                        qtd->hw_token = cpu_to_hc32(fotg210,
2347                                                        token);
2348                                        wmb();
2349                                        hw->hw_token = cpu_to_hc32(fotg210,
2350                                                        token);
2351                                        goto retry_xacterr;
2352                                }
2353                                stopped = 1;
2354
2355                        /* magic dummy for some short reads; qh won't advance.
2356                         * that silicon quirk can kick in with this dummy too.
2357                         *
2358                         * other short reads won't stop the queue, including
2359                         * control transfers (status stage handles that) or
2360                         * most other single-qtd reads ... the queue stops if
2361                         * URB_SHORT_NOT_OK was set so the driver submitting
2362                         * the urbs could clean it up.
2363                         */
2364                        } else if (IS_SHORT_READ(token) &&
2365                                        !(qtd->hw_alt_next &
2366                                        FOTG210_LIST_END(fotg210))) {
2367                                stopped = 1;
2368                        }
2369
2370                /* stop scanning when we reach qtds the hc is using */
2371                } else if (likely(!stopped
2372                                && fotg210->rh_state >= FOTG210_RH_RUNNING)) {
2373                        break;
2374
2375                /* scan the whole queue for unlinks whenever it stops */
2376                } else {
2377                        stopped = 1;
2378
2379                        /* cancel everything if we halt, suspend, etc */
2380                        if (fotg210->rh_state < FOTG210_RH_RUNNING)
2381                                last_status = -ESHUTDOWN;
2382
2383                        /* this qtd is active; skip it unless a previous qtd
2384                         * for its urb faulted, or its urb was canceled.
2385                         */
2386                        else if (last_status == -EINPROGRESS && !urb->unlinked)
2387                                continue;
2388
2389                        /* qh unlinked; token in overlay may be most current */
2390                        if (state == QH_STATE_IDLE &&
2391                                        cpu_to_hc32(fotg210, qtd->qtd_dma)
2392                                        == hw->hw_current) {
2393                                token = hc32_to_cpu(fotg210, hw->hw_token);
2394
2395                                /* An unlink may leave an incomplete
2396                                 * async transaction in the TT buffer.
2397                                 * We have to clear it.
2398                                 */
2399                                fotg210_clear_tt_buffer(fotg210, qh, urb,
2400                                                token);
2401                        }
2402                }
2403
2404                /* unless we already know the urb's status, collect qtd status
2405                 * and update count of bytes transferred.  in common short read
2406                 * cases with only one data qtd (including control transfers),
2407                 * queue processing won't halt.  but with two or more qtds (for
2408                 * example, with a 32 KB transfer), when the first qtd gets a
2409                 * short read the second must be removed by hand.
2410                 */
2411                if (last_status == -EINPROGRESS) {
2412                        last_status = qtd_copy_status(fotg210, urb,
2413                                        qtd->length, token);
2414                        if (last_status == -EREMOTEIO &&
2415                                        (qtd->hw_alt_next &
2416                                        FOTG210_LIST_END(fotg210)))
2417                                last_status = -EINPROGRESS;
2418
2419                        /* As part of low/full-speed endpoint-halt processing
2420                         * we must clear the TT buffer (11.17.5).
2421                         */
2422                        if (unlikely(last_status != -EINPROGRESS &&
2423                                        last_status != -EREMOTEIO)) {
2424                                /* The TT's in some hubs malfunction when they
2425                                 * receive this request following a STALL (they
2426                                 * stop sending isochronous packets).  Since a
2427                                 * STALL can't leave the TT buffer in a busy
2428                                 * state (if you believe Figures 11-48 - 11-51
2429                                 * in the USB 2.0 spec), we won't clear the TT
2430                                 * buffer in this case.  Strictly speaking this
2431                                 * is a violation of the spec.
2432                                 */
2433                                if (last_status != -EPIPE)
2434                                        fotg210_clear_tt_buffer(fotg210, qh,
2435                                                        urb, token);
2436                        }
2437                }
2438
2439                /* if we're removing something not at the queue head,
2440                 * patch the hardware queue pointer.
2441                 */
2442                if (stopped && qtd->qtd_list.prev != &qh->qtd_list) {
2443                        last = list_entry(qtd->qtd_list.prev,
2444                                        struct fotg210_qtd, qtd_list);
2445                        last->hw_next = qtd->hw_next;
2446                }
2447
2448                /* remove qtd; it's recycled after possible urb completion */
2449                list_del(&qtd->qtd_list);
2450                last = qtd;
2451
2452                /* reinit the xacterr counter for the next qtd */
2453                qh->xacterrs = 0;
2454        }
2455
2456        /* last urb's completion might still need calling */
2457        if (likely(last != NULL)) {
2458                fotg210_urb_done(fotg210, last->urb, last_status);
2459                count++;
2460                fotg210_qtd_free(fotg210, last);
2461        }
2462
2463        /* Do we need to rescan for URBs dequeued during a giveback? */
2464        if (unlikely(qh->needs_rescan)) {
2465                /* If the QH is already unlinked, do the rescan now. */
2466                if (state == QH_STATE_IDLE)
2467                        goto rescan;
2468
2469                /* Otherwise we have to wait until the QH is fully unlinked.
2470                 * Our caller will start an unlink if qh->needs_rescan is
2471                 * set.  But if an unlink has already started, nothing needs
2472                 * to be done.
2473                 */
2474                if (state != QH_STATE_LINKED)
2475                        qh->needs_rescan = 0;
2476        }
2477
2478        /* restore original state; caller must unlink or relink */
2479        qh->qh_state = state;
2480
2481        /* be sure the hardware's done with the qh before refreshing
2482         * it after fault cleanup, or recovering from silicon wrongly
2483         * overlaying the dummy qtd (which reduces DMA chatter).
2484         */
2485        if (stopped != 0 || hw->hw_qtd_next == FOTG210_LIST_END(fotg210)) {
2486                switch (state) {
2487                case QH_STATE_IDLE:
2488                        qh_refresh(fotg210, qh);
2489                        break;
2490                case QH_STATE_LINKED:
2491                        /* We won't refresh a QH that's linked (after the HC
2492                         * stopped the queue).  That avoids a race:
2493                         *  - HC reads first part of QH;
2494                         *  - CPU updates that first part and the token;
2495                         *  - HC reads rest of that QH, including token
2496                         * Result:  HC gets an inconsistent image, and then
2497                         * DMAs to/from the wrong memory (corrupting it).
2498                         *
2499                         * That should be rare for interrupt transfers,
2500                         * except maybe high bandwidth ...
2501                         */
2502
2503                        /* Tell the caller to start an unlink */
2504                        qh->needs_rescan = 1;
2505                        break;
2506                /* otherwise, unlink already started */
2507                }
2508        }
2509
2510        return count;
2511}
2512
2513/* high bandwidth multiplier, as encoded in highspeed endpoint descriptors */
2514#define hb_mult(wMaxPacketSize) (1 + (((wMaxPacketSize) >> 11) & 0x03))
2515/* ... and packet size, for any kind of endpoint descriptor */
2516#define max_packet(wMaxPacketSize) ((wMaxPacketSize) & 0x07ff)
2517
2518/* reverse of qh_urb_transaction:  free a list of TDs.
2519 * used for cleanup after errors, before HC sees an URB's TDs.
2520 */
2521static void qtd_list_free(struct fotg210_hcd *fotg210, struct urb *urb,
2522                struct list_head *head)
2523{
2524        struct fotg210_qtd *qtd, *temp;
2525
2526        list_for_each_entry_safe(qtd, temp, head, qtd_list) {
2527                list_del(&qtd->qtd_list);
2528                fotg210_qtd_free(fotg210, qtd);
2529        }
2530}
2531
2532/* create a list of filled qtds for this URB; won't link into qh.
2533 */
2534static struct list_head *qh_urb_transaction(struct fotg210_hcd *fotg210,
2535                struct urb *urb, struct list_head *head, gfp_t flags)
2536{
2537        struct fotg210_qtd *qtd, *qtd_prev;
2538        dma_addr_t buf;
2539        int len, this_sg_len, maxpacket;
2540        int is_input;
2541        u32 token;
2542        int i;
2543        struct scatterlist *sg;
2544
2545        /*
2546         * URBs map to sequences of QTDs:  one logical transaction
2547         */
2548        qtd = fotg210_qtd_alloc(fotg210, flags);
2549        if (unlikely(!qtd))
2550                return NULL;
2551        list_add_tail(&qtd->qtd_list, head);
2552        qtd->urb = urb;
2553
2554        token = QTD_STS_ACTIVE;
2555        token |= (FOTG210_TUNE_CERR << 10);
2556        /* for split transactions, SplitXState initialized to zero */
2557
2558        len = urb->transfer_buffer_length;
2559        is_input = usb_pipein(urb->pipe);
2560        if (usb_pipecontrol(urb->pipe)) {
2561                /* SETUP pid */
2562                qtd_fill(fotg210, qtd, urb->setup_dma,
2563                                sizeof(struct usb_ctrlrequest),
2564                                token | (2 /* "setup" */ << 8), 8);
2565
2566                /* ... and always at least one more pid */
2567                token ^= QTD_TOGGLE;
2568                qtd_prev = qtd;
2569                qtd = fotg210_qtd_alloc(fotg210, flags);
2570                if (unlikely(!qtd))
2571                        goto cleanup;
2572                qtd->urb = urb;
2573                qtd_prev->hw_next = QTD_NEXT(fotg210, qtd->qtd_dma);
2574                list_add_tail(&qtd->qtd_list, head);
2575
2576                /* for zero length DATA stages, STATUS is always IN */
2577                if (len == 0)
2578                        token |= (1 /* "in" */ << 8);
2579        }
2580
2581        /*
2582         * data transfer stage:  buffer setup
2583         */
2584        i = urb->num_mapped_sgs;
2585        if (len > 0 && i > 0) {
2586                sg = urb->sg;
2587                buf = sg_dma_address(sg);
2588
2589                /* urb->transfer_buffer_length may be smaller than the
2590                 * size of the scatterlist (or vice versa)
2591                 */
2592                this_sg_len = min_t(int, sg_dma_len(sg), len);
2593        } else {
2594                sg = NULL;
2595                buf = urb->transfer_dma;
2596                this_sg_len = len;
2597        }
2598
2599        if (is_input)
2600                token |= (1 /* "in" */ << 8);
2601        /* else it's already initted to "out" pid (0 << 8) */
2602
2603        maxpacket = max_packet(usb_maxpacket(urb->dev, urb->pipe, !is_input));
2604
2605        /*
2606         * buffer gets wrapped in one or more qtds;
2607         * last one may be "short" (including zero len)
2608         * and may serve as a control status ack
2609         */
2610        for (;;) {
2611                int this_qtd_len;
2612
2613                this_qtd_len = qtd_fill(fotg210, qtd, buf, this_sg_len, token,
2614                                maxpacket);
2615                this_sg_len -= this_qtd_len;
2616                len -= this_qtd_len;
2617                buf += this_qtd_len;
2618
2619                /*
2620                 * short reads advance to a "magic" dummy instead of the next
2621                 * qtd ... that forces the queue to stop, for manual cleanup.
2622                 * (this will usually be overridden later.)
2623                 */
2624                if (is_input)
2625                        qtd->hw_alt_next = fotg210->async->hw->hw_alt_next;
2626
2627                /* qh makes control packets use qtd toggle; maybe switch it */
2628                if ((maxpacket & (this_qtd_len + (maxpacket - 1))) == 0)
2629                        token ^= QTD_TOGGLE;
2630
2631                if (likely(this_sg_len <= 0)) {
2632                        if (--i <= 0 || len <= 0)
2633                                break;
2634                        sg = sg_next(sg);
2635                        buf = sg_dma_address(sg);
2636                        this_sg_len = min_t(int, sg_dma_len(sg), len);
2637                }
2638
2639                qtd_prev = qtd;
2640                qtd = fotg210_qtd_alloc(fotg210, flags);
2641                if (unlikely(!qtd))
2642                        goto cleanup;
2643                qtd->urb = urb;
2644                qtd_prev->hw_next = QTD_NEXT(fotg210, qtd->qtd_dma);
2645                list_add_tail(&qtd->qtd_list, head);
2646        }
2647
2648        /*
2649         * unless the caller requires manual cleanup after short reads,
2650         * have the alt_next mechanism keep the queue running after the
2651         * last data qtd (the only one, for control and most other cases).
2652         */
2653        if (likely((urb->transfer_flags & URB_SHORT_NOT_OK) == 0 ||
2654                        usb_pipecontrol(urb->pipe)))
2655                qtd->hw_alt_next = FOTG210_LIST_END(fotg210);
2656
2657        /*
2658         * control requests may need a terminating data "status" ack;
2659         * other OUT ones may need a terminating short packet
2660         * (zero length).
2661         */
2662        if (likely(urb->transfer_buffer_length != 0)) {
2663                int one_more = 0;
2664
2665                if (usb_pipecontrol(urb->pipe)) {
2666                        one_more = 1;
2667                        token ^= 0x0100;        /* "in" <--> "out"  */
2668                        token |= QTD_TOGGLE;    /* force DATA1 */
2669                } else if (usb_pipeout(urb->pipe)
2670                                && (urb->transfer_flags & URB_ZERO_PACKET)
2671                                && !(urb->transfer_buffer_length % maxpacket)) {
2672                        one_more = 1;
2673                }
2674                if (one_more) {
2675                        qtd_prev = qtd;
2676                        qtd = fotg210_qtd_alloc(fotg210, flags);
2677                        if (unlikely(!qtd))
2678                                goto cleanup;
2679                        qtd->urb = urb;
2680                        qtd_prev->hw_next = QTD_NEXT(fotg210, qtd->qtd_dma);
2681                        list_add_tail(&qtd->qtd_list, head);
2682
2683                        /* never any data in such packets */
2684                        qtd_fill(fotg210, qtd, 0, 0, token, 0);
2685                }
2686        }
2687
2688        /* by default, enable interrupt on urb completion */
2689        if (likely(!(urb->transfer_flags & URB_NO_INTERRUPT)))
2690                qtd->hw_token |= cpu_to_hc32(fotg210, QTD_IOC);
2691        return head;
2692
2693cleanup:
2694        qtd_list_free(fotg210, urb, head);
2695        return NULL;
2696}
2697
2698/* Would be best to create all qh's from config descriptors,
2699 * when each interface/altsetting is established.  Unlink
2700 * any previous qh and cancel its urbs first; endpoints are
2701 * implicitly reset then (data toggle too).
2702 * That'd mean updating how usbcore talks to HCDs. (2.7?)
2703 */
2704
2705
2706/* Each QH holds a qtd list; a QH is used for everything except iso.
2707 *
2708 * For interrupt urbs, the scheduler must set the microframe scheduling
2709 * mask(s) each time the QH gets scheduled.  For highspeed, that's
2710 * just one microframe in the s-mask.  For split interrupt transactions
2711 * there are additional complications: c-mask, maybe FSTNs.
2712 */
2713static struct fotg210_qh *qh_make(struct fotg210_hcd *fotg210, struct urb *urb,
2714                gfp_t flags)
2715{
2716        struct fotg210_qh *qh = fotg210_qh_alloc(fotg210, flags);
2717        u32 info1 = 0, info2 = 0;
2718        int is_input, type;
2719        int maxp = 0;
2720        struct usb_tt *tt = urb->dev->tt;
2721        struct fotg210_qh_hw *hw;
2722
2723        if (!qh)
2724                return qh;
2725
2726        /*
2727         * init endpoint/device data for this QH
2728         */
2729        info1 |= usb_pipeendpoint(urb->pipe) << 8;
2730        info1 |= usb_pipedevice(urb->pipe) << 0;
2731
2732        is_input = usb_pipein(urb->pipe);
2733        type = usb_pipetype(urb->pipe);
2734        maxp = usb_maxpacket(urb->dev, urb->pipe, !is_input);
2735
2736        /* 1024 byte maxpacket is a hardware ceiling.  High bandwidth
2737         * acts like up to 3KB, but is built from smaller packets.
2738         */
2739        if (max_packet(maxp) > 1024) {
2740                fotg210_dbg(fotg210, "bogus qh maxpacket %d\n",
2741                                max_packet(maxp));
2742                goto done;
2743        }
2744
2745        /* Compute interrupt scheduling parameters just once, and save.
2746         * - allowing for high bandwidth, how many nsec/uframe are used?
2747         * - split transactions need a second CSPLIT uframe; same question
2748         * - splits also need a schedule gap (for full/low speed I/O)
2749         * - qh has a polling interval
2750         *
2751         * For control/bulk requests, the HC or TT handles these.
2752         */
2753        if (type == PIPE_INTERRUPT) {
2754                qh->usecs = NS_TO_US(usb_calc_bus_time(USB_SPEED_HIGH,
2755                                is_input, 0,
2756                                hb_mult(maxp) * max_packet(maxp)));
2757                qh->start = NO_FRAME;
2758
2759                if (urb->dev->speed == USB_SPEED_HIGH) {
2760                        qh->c_usecs = 0;
2761                        qh->gap_uf = 0;
2762
2763                        qh->period = urb->interval >> 3;
2764                        if (qh->period == 0 && urb->interval != 1) {
2765                                /* NOTE interval 2 or 4 uframes could work.
2766                                 * But interval 1 scheduling is simpler, and
2767                                 * includes high bandwidth.
2768                                 */
2769                                urb->interval = 1;
2770                        } else if (qh->period > fotg210->periodic_size) {
2771                                qh->period = fotg210->periodic_size;
2772                                urb->interval = qh->period << 3;
2773                        }
2774                } else {
2775                        int think_time;
2776
2777                        /* gap is f(FS/LS transfer times) */
2778                        qh->gap_uf = 1 + usb_calc_bus_time(urb->dev->speed,
2779                                        is_input, 0, maxp) / (125 * 1000);
2780
2781                        /* FIXME this just approximates SPLIT/CSPLIT times */
2782                        if (is_input) {         /* SPLIT, gap, CSPLIT+DATA */
2783                                qh->c_usecs = qh->usecs + HS_USECS(0);
2784                                qh->usecs = HS_USECS(1);
2785                        } else {                /* SPLIT+DATA, gap, CSPLIT */
2786                                qh->usecs += HS_USECS(1);
2787                                qh->c_usecs = HS_USECS(0);
2788                        }
2789
2790                        think_time = tt ? tt->think_time : 0;
2791                        qh->tt_usecs = NS_TO_US(think_time +
2792                                        usb_calc_bus_time(urb->dev->speed,
2793                                        is_input, 0, max_packet(maxp)));
2794                        qh->period = urb->interval;
2795                        if (qh->period > fotg210->periodic_size) {
2796                                qh->period = fotg210->periodic_size;
2797                                urb->interval = qh->period;
2798                        }
2799                }
2800        }
2801
2802        /* support for tt scheduling, and access to toggles */
2803        qh->dev = urb->dev;
2804
2805        /* using TT? */
2806        switch (urb->dev->speed) {
2807        case USB_SPEED_LOW:
2808                info1 |= QH_LOW_SPEED;
2809                fallthrough;
2810
2811        case USB_SPEED_FULL:
2812                /* EPS 0 means "full" */
2813                if (type != PIPE_INTERRUPT)
2814                        info1 |= (FOTG210_TUNE_RL_TT << 28);
2815                if (type == PIPE_CONTROL) {
2816                        info1 |= QH_CONTROL_EP;         /* for TT */
2817                        info1 |= QH_TOGGLE_CTL;         /* toggle from qtd */
2818                }
2819                info1 |= maxp << 16;
2820
2821                info2 |= (FOTG210_TUNE_MULT_TT << 30);
2822
2823                /* Some Freescale processors have an erratum in which the
2824                 * port number in the queue head was 0..N-1 instead of 1..N.
2825                 */
2826                if (fotg210_has_fsl_portno_bug(fotg210))
2827                        info2 |= (urb->dev->ttport-1) << 23;
2828                else
2829                        info2 |= urb->dev->ttport << 23;
2830
2831                /* set the address of the TT; for TDI's integrated
2832                 * root hub tt, leave it zeroed.
2833                 */
2834                if (tt && tt->hub != fotg210_to_hcd(fotg210)->self.root_hub)
2835                        info2 |= tt->hub->devnum << 16;
2836
2837                /* NOTE:  if (PIPE_INTERRUPT) { scheduler sets c-mask } */
2838
2839                break;
2840
2841        case USB_SPEED_HIGH:            /* no TT involved */
2842                info1 |= QH_HIGH_SPEED;
2843                if (type == PIPE_CONTROL) {
2844                        info1 |= (FOTG210_TUNE_RL_HS << 28);
2845                        info1 |= 64 << 16;      /* usb2 fixed maxpacket */
2846                        info1 |= QH_TOGGLE_CTL; /* toggle from qtd */
2847                        info2 |= (FOTG210_TUNE_MULT_HS << 30);
2848                } else if (type == PIPE_BULK) {
2849                        info1 |= (FOTG210_TUNE_RL_HS << 28);
2850                        /* The USB spec says that high speed bulk endpoints
2851                         * always use 512 byte maxpacket.  But some device
2852                         * vendors decided to ignore that, and MSFT is happy
2853                         * to help them do so.  So now people expect to use
2854                         * such nonconformant devices with Linux too; sigh.
2855                         */
2856                        info1 |= max_packet(maxp) << 16;
2857                        info2 |= (FOTG210_TUNE_MULT_HS << 30);
2858                } else {                /* PIPE_INTERRUPT */
2859                        info1 |= max_packet(maxp) << 16;
2860                        info2 |= hb_mult(maxp) << 30;
2861                }
2862                break;
2863        default:
2864                fotg210_dbg(fotg210, "bogus dev %p speed %d\n", urb->dev,
2865                                urb->dev->speed);
2866done:
2867                qh_destroy(fotg210, qh);
2868                return NULL;
2869        }
2870
2871        /* NOTE:  if (PIPE_INTERRUPT) { scheduler sets s-mask } */
2872
2873        /* init as live, toggle clear, advance to dummy */
2874        qh->qh_state = QH_STATE_IDLE;
2875        hw = qh->hw;
2876        hw->hw_info1 = cpu_to_hc32(fotg210, info1);
2877        hw->hw_info2 = cpu_to_hc32(fotg210, info2);
2878        qh->is_out = !is_input;
2879        usb_settoggle(urb->dev, usb_pipeendpoint(urb->pipe), !is_input, 1);
2880        qh_refresh(fotg210, qh);
2881        return qh;
2882}
2883
2884static void enable_async(struct fotg210_hcd *fotg210)
2885{
2886        if (fotg210->async_count++)
2887                return;
2888
2889        /* Stop waiting to turn off the async schedule */
2890        fotg210->enabled_hrtimer_events &= ~BIT(FOTG210_HRTIMER_DISABLE_ASYNC);
2891
2892        /* Don't start the schedule until ASS is 0 */
2893        fotg210_poll_ASS(fotg210);
2894        turn_on_io_watchdog(fotg210);
2895}
2896
2897static void disable_async(struct fotg210_hcd *fotg210)
2898{
2899        if (--fotg210->async_count)
2900                return;
2901
2902        /* The async schedule and async_unlink list are supposed to be empty */
2903        WARN_ON(fotg210->async->qh_next.qh || fotg210->async_unlink);
2904
2905        /* Don't turn off the schedule until ASS is 1 */
2906        fotg210_poll_ASS(fotg210);
2907}
2908
2909/* move qh (and its qtds) onto async queue; maybe enable queue.  */
2910
2911static void qh_link_async(struct fotg210_hcd *fotg210, struct fotg210_qh *qh)
2912{
2913        __hc32 dma = QH_NEXT(fotg210, qh->qh_dma);
2914        struct fotg210_qh *head;
2915
2916        /* Don't link a QH if there's a Clear-TT-Buffer pending */
2917        if (unlikely(qh->clearing_tt))
2918                return;
2919
2920        WARN_ON(qh->qh_state != QH_STATE_IDLE);
2921
2922        /* clear halt and/or toggle; and maybe recover from silicon quirk */
2923        qh_refresh(fotg210, qh);
2924
2925        /* splice right after start */
2926        head = fotg210->async;
2927        qh->qh_next = head->qh_next;
2928        qh->hw->hw_next = head->hw->hw_next;
2929        wmb();
2930
2931        head->qh_next.qh = qh;
2932        head->hw->hw_next = dma;
2933
2934        qh->xacterrs = 0;
2935        qh->qh_state = QH_STATE_LINKED;
2936        /* qtd completions reported later by interrupt */
2937
2938        enable_async(fotg210);
2939}
2940
2941/* For control/bulk/interrupt, return QH with these TDs appended.
2942 * Allocates and initializes the QH if necessary.
2943 * Returns null if it can't allocate a QH it needs to.
2944 * If the QH has TDs (urbs) already, that's great.
2945 */
2946static struct fotg210_qh *qh_append_tds(struct fotg210_hcd *fotg210,
2947                struct urb *urb, struct list_head *qtd_list,
2948                int epnum, void **ptr)
2949{
2950        struct fotg210_qh *qh = NULL;
2951        __hc32 qh_addr_mask = cpu_to_hc32(fotg210, 0x7f);
2952
2953        qh = (struct fotg210_qh *) *ptr;
2954        if (unlikely(qh == NULL)) {
2955                /* can't sleep here, we have fotg210->lock... */
2956                qh = qh_make(fotg210, urb, GFP_ATOMIC);
2957                *ptr = qh;
2958        }
2959        if (likely(qh != NULL)) {
2960                struct fotg210_qtd *qtd;
2961
2962                if (unlikely(list_empty(qtd_list)))
2963                        qtd = NULL;
2964                else
2965                        qtd = list_entry(qtd_list->next, struct fotg210_qtd,
2966                                        qtd_list);
2967
2968                /* control qh may need patching ... */
2969                if (unlikely(epnum == 0)) {
2970                        /* usb_reset_device() briefly reverts to address 0 */
2971                        if (usb_pipedevice(urb->pipe) == 0)
2972                                qh->hw->hw_info1 &= ~qh_addr_mask;
2973                }
2974
2975                /* just one way to queue requests: swap with the dummy qtd.
2976                 * only hc or qh_refresh() ever modify the overlay.
2977                 */
2978                if (likely(qtd != NULL)) {
2979                        struct fotg210_qtd *dummy;
2980                        dma_addr_t dma;
2981                        __hc32 token;
2982
2983                        /* to avoid racing the HC, use the dummy td instead of
2984                         * the first td of our list (becomes new dummy).  both
2985                         * tds stay deactivated until we're done, when the
2986                         * HC is allowed to fetch the old dummy (4.10.2).
2987                         */
2988                        token = qtd->hw_token;
2989                        qtd->hw_token = HALT_BIT(fotg210);
2990
2991                        dummy = qh->dummy;
2992
2993                        dma = dummy->qtd_dma;
2994                        *dummy = *qtd;
2995                        dummy->qtd_dma = dma;
2996
2997                        list_del(&qtd->qtd_list);
2998                        list_add(&dummy->qtd_list, qtd_list);
2999                        list_splice_tail(qtd_list, &qh->qtd_list);
3000
3001                        fotg210_qtd_init(fotg210, qtd, qtd->qtd_dma);
3002                        qh->dummy = qtd;
3003
3004                        /* hc must see the new dummy at list end */
3005                        dma = qtd->qtd_dma;
3006                        qtd = list_entry(qh->qtd_list.prev,
3007                                        struct fotg210_qtd, qtd_list);
3008                        qtd->hw_next = QTD_NEXT(fotg210, dma);
3009
3010                        /* let the hc process these next qtds */
3011                        wmb();
3012                        dummy->hw_token = token;
3013
3014                        urb->hcpriv = qh;
3015                }
3016        }
3017        return qh;
3018}
3019
3020static int submit_async(struct fotg210_hcd *fotg210, struct urb *urb,
3021                struct list_head *qtd_list, gfp_t mem_flags)
3022{
3023        int epnum;
3024        unsigned long flags;
3025        struct fotg210_qh *qh = NULL;
3026        int rc;
3027
3028        epnum = urb->ep->desc.bEndpointAddress;
3029
3030#ifdef FOTG210_URB_TRACE
3031        {
3032                struct fotg210_qtd *qtd;
3033
3034                qtd = list_entry(qtd_list->next, struct fotg210_qtd, qtd_list);
3035                fotg210_dbg(fotg210,
3036                                "%s %s urb %p ep%d%s len %d, qtd %p [qh %p]\n",
3037                                __func__, urb->dev->devpath, urb,
3038                                epnum & 0x0f, (epnum & USB_DIR_IN)
3039                                        ? "in" : "out",
3040                                urb->transfer_buffer_length,
3041                                qtd, urb->ep->hcpriv);
3042        }
3043#endif
3044
3045        spin_lock_irqsave(&fotg210->lock, flags);
3046        if (unlikely(!HCD_HW_ACCESSIBLE(fotg210_to_hcd(fotg210)))) {
3047                rc = -ESHUTDOWN;
3048                goto done;
3049        }
3050        rc = usb_hcd_link_urb_to_ep(fotg210_to_hcd(fotg210), urb);
3051        if (unlikely(rc))
3052                goto done;
3053
3054        qh = qh_append_tds(fotg210, urb, qtd_list, epnum, &urb->ep->hcpriv);
3055        if (unlikely(qh == NULL)) {
3056                usb_hcd_unlink_urb_from_ep(fotg210_to_hcd(fotg210), urb);
3057                rc = -ENOMEM;
3058                goto done;
3059        }
3060
3061        /* Control/bulk operations through TTs don't need scheduling,
3062         * the HC and TT handle it when the TT has a buffer ready.
3063         */
3064        if (likely(qh->qh_state == QH_STATE_IDLE))
3065                qh_link_async(fotg210, qh);
3066done:
3067        spin_unlock_irqrestore(&fotg210->lock, flags);
3068        if (unlikely(qh == NULL))
3069                qtd_list_free(fotg210, urb, qtd_list);
3070        return rc;
3071}
3072
3073static void single_unlink_async(struct fotg210_hcd *fotg210,
3074                struct fotg210_qh *qh)
3075{
3076        struct fotg210_qh *prev;
3077
3078        /* Add to the end of the list of QHs waiting for the next IAAD */
3079        qh->qh_state = QH_STATE_UNLINK;
3080        if (fotg210->async_unlink)
3081                fotg210->async_unlink_last->unlink_next = qh;
3082        else
3083                fotg210->async_unlink = qh;
3084        fotg210->async_unlink_last = qh;
3085
3086        /* Unlink it from the schedule */
3087        prev = fotg210->async;
3088        while (prev->qh_next.qh != qh)
3089                prev = prev->qh_next.qh;
3090
3091        prev->hw->hw_next = qh->hw->hw_next;
3092        prev->qh_next = qh->qh_next;
3093        if (fotg210->qh_scan_next == qh)
3094                fotg210->qh_scan_next = qh->qh_next.qh;
3095}
3096
3097static void start_iaa_cycle(struct fotg210_hcd *fotg210, bool nested)
3098{
3099        /*
3100         * Do nothing if an IAA cycle is already running or
3101         * if one will be started shortly.
3102         */
3103        if (fotg210->async_iaa || fotg210->async_unlinking)
3104                return;
3105
3106        /* Do all the waiting QHs at once */
3107        fotg210->async_iaa = fotg210->async_unlink;
3108        fotg210->async_unlink = NULL;
3109
3110        /* If the controller isn't running, we don't have to wait for it */
3111        if (unlikely(fotg210->rh_state < FOTG210_RH_RUNNING)) {
3112                if (!nested)            /* Avoid recursion */
3113                        end_unlink_async(fotg210);
3114
3115        /* Otherwise start a new IAA cycle */
3116        } else if (likely(fotg210->rh_state == FOTG210_RH_RUNNING)) {
3117                /* Make sure the unlinks are all visible to the hardware */
3118                wmb();
3119
3120                fotg210_writel(fotg210, fotg210->command | CMD_IAAD,
3121                                &fotg210->regs->command);
3122                fotg210_readl(fotg210, &fotg210->regs->command);
3123                fotg210_enable_event(fotg210, FOTG210_HRTIMER_IAA_WATCHDOG,
3124                                true);
3125        }
3126}
3127
3128/* the async qh for the qtds being unlinked are now gone from the HC */
3129
3130static void end_unlink_async(struct fotg210_hcd *fotg210)
3131{
3132        struct fotg210_qh *qh;
3133
3134        /* Process the idle QHs */
3135restart:
3136        fotg210->async_unlinking = true;
3137        while (fotg210->async_iaa) {
3138                qh = fotg210->async_iaa;
3139                fotg210->async_iaa = qh->unlink_next;
3140                qh->unlink_next = NULL;
3141
3142                qh->qh_state = QH_STATE_IDLE;
3143                qh->qh_next.qh = NULL;
3144
3145                qh_completions(fotg210, qh);
3146                if (!list_empty(&qh->qtd_list) &&
3147                                fotg210->rh_state == FOTG210_RH_RUNNING)
3148                        qh_link_async(fotg210, qh);
3149                disable_async(fotg210);
3150        }
3151        fotg210->async_unlinking = false;
3152
3153        /* Start a new IAA cycle if any QHs are waiting for it */
3154        if (fotg210->async_unlink) {
3155                start_iaa_cycle(fotg210, true);
3156                if (unlikely(fotg210->rh_state < FOTG210_RH_RUNNING))
3157                        goto restart;
3158        }
3159}
3160
3161static void unlink_empty_async(struct fotg210_hcd *fotg210)
3162{
3163        struct fotg210_qh *qh, *next;
3164        bool stopped = (fotg210->rh_state < FOTG210_RH_RUNNING);
3165        bool check_unlinks_later = false;
3166
3167        /* Unlink all the async QHs that have been empty for a timer cycle */
3168        next = fotg210->async->qh_next.qh;
3169        while (next) {
3170                qh = next;
3171                next = qh->qh_next.qh;
3172
3173                if (list_empty(&qh->qtd_list) &&
3174                                qh->qh_state == QH_STATE_LINKED) {
3175                        if (!stopped && qh->unlink_cycle ==
3176                                        fotg210->async_unlink_cycle)
3177                                check_unlinks_later = true;
3178                        else
3179                                single_unlink_async(fotg210, qh);
3180                }
3181        }
3182
3183        /* Start a new IAA cycle if any QHs are waiting for it */
3184        if (fotg210->async_unlink)
3185                start_iaa_cycle(fotg210, false);
3186
3187        /* QHs that haven't been empty for long enough will be handled later */
3188        if (check_unlinks_later) {
3189                fotg210_enable_event(fotg210, FOTG210_HRTIMER_ASYNC_UNLINKS,
3190                                true);
3191                ++fotg210->async_unlink_cycle;
3192        }
3193}
3194
3195/* makes sure the async qh will become idle */
3196/* caller must own fotg210->lock */
3197
3198static void start_unlink_async(struct fotg210_hcd *fotg210,
3199                struct fotg210_qh *qh)
3200{
3201        /*
3202         * If the QH isn't linked then there's nothing we can do
3203         * unless we were called during a giveback, in which case
3204         * qh_completions() has to deal with it.
3205         */
3206        if (qh->qh_state != QH_STATE_LINKED) {
3207                if (qh->qh_state == QH_STATE_COMPLETING)
3208                        qh->needs_rescan = 1;
3209                return;
3210        }
3211
3212        single_unlink_async(fotg210, qh);
3213        start_iaa_cycle(fotg210, false);
3214}
3215
3216static void scan_async(struct fotg210_hcd *fotg210)
3217{
3218        struct fotg210_qh *qh;
3219        bool check_unlinks_later = false;
3220
3221        fotg210->qh_scan_next = fotg210->async->qh_next.qh;
3222        while (fotg210->qh_scan_next) {
3223                qh = fotg210->qh_scan_next;
3224                fotg210->qh_scan_next = qh->qh_next.qh;
3225rescan:
3226                /* clean any finished work for this qh */
3227                if (!list_empty(&qh->qtd_list)) {
3228                        int temp;
3229
3230                        /*
3231                         * Unlinks could happen here; completion reporting
3232                         * drops the lock.  That's why fotg210->qh_scan_next
3233                         * always holds the next qh to scan; if the next qh
3234                         * gets unlinked then fotg210->qh_scan_next is adjusted
3235                         * in single_unlink_async().
3236                         */
3237                        temp = qh_completions(fotg210, qh);
3238                        if (qh->needs_rescan) {
3239                                start_unlink_async(fotg210, qh);
3240                        } else if (list_empty(&qh->qtd_list)
3241                                        && qh->qh_state == QH_STATE_LINKED) {
3242                                qh->unlink_cycle = fotg210->async_unlink_cycle;
3243                                check_unlinks_later = true;
3244                        } else if (temp != 0)
3245                                goto rescan;
3246                }
3247        }
3248
3249        /*
3250         * Unlink empty entries, reducing DMA usage as well
3251         * as HCD schedule-scanning costs.  Delay for any qh
3252         * we just scanned, there's a not-unusual case that it
3253         * doesn't stay idle for long.
3254         */
3255        if (check_unlinks_later && fotg210->rh_state == FOTG210_RH_RUNNING &&
3256                        !(fotg210->enabled_hrtimer_events &
3257                        BIT(FOTG210_HRTIMER_ASYNC_UNLINKS))) {
3258                fotg210_enable_event(fotg210,
3259                                FOTG210_HRTIMER_ASYNC_UNLINKS, true);
3260                ++fotg210->async_unlink_cycle;
3261        }
3262}
3263/* EHCI scheduled transaction support:  interrupt, iso, split iso
3264 * These are called "periodic" transactions in the EHCI spec.
3265 *
3266 * Note that for interrupt transfers, the QH/QTD manipulation is shared
3267 * with the "asynchronous" transaction support (control/bulk transfers).
3268 * The only real difference is in how interrupt transfers are scheduled.
3269 *
3270 * For ISO, we make an "iso_stream" head to serve the same role as a QH.
3271 * It keeps track of every ITD (or SITD) that's linked, and holds enough
3272 * pre-calculated schedule data to make appending to the queue be quick.
3273 */
3274static int fotg210_get_frame(struct usb_hcd *hcd);
3275
3276/* periodic_next_shadow - return "next" pointer on shadow list
3277 * @periodic: host pointer to qh/itd
3278 * @tag: hardware tag for type of this record
3279 */
3280static union fotg210_shadow *periodic_next_shadow(struct fotg210_hcd *fotg210,
3281                union fotg210_shadow *periodic, __hc32 tag)
3282{
3283        switch (hc32_to_cpu(fotg210, tag)) {
3284        case Q_TYPE_QH:
3285                return &periodic->qh->qh_next;
3286        case Q_TYPE_FSTN:
3287                return &periodic->fstn->fstn_next;
3288        default:
3289                return &periodic->itd->itd_next;
3290        }
3291}
3292
3293static __hc32 *shadow_next_periodic(struct fotg210_hcd *fotg210,
3294                union fotg210_shadow *periodic, __hc32 tag)
3295{
3296        switch (hc32_to_cpu(fotg210, tag)) {
3297        /* our fotg210_shadow.qh is actually software part */
3298        case Q_TYPE_QH:
3299                return &periodic->qh->hw->hw_next;
3300        /* others are hw parts */
3301        default:
3302                return periodic->hw_next;
3303        }
3304}
3305
3306/* caller must hold fotg210->lock */
3307static void periodic_unlink(struct fotg210_hcd *fotg210, unsigned frame,
3308                void *ptr)
3309{
3310        union fotg210_shadow *prev_p = &fotg210->pshadow[frame];
3311        __hc32 *hw_p = &fotg210->periodic[frame];
3312        union fotg210_shadow here = *prev_p;
3313
3314        /* find predecessor of "ptr"; hw and shadow lists are in sync */
3315        while (here.ptr && here.ptr != ptr) {
3316                prev_p = periodic_next_shadow(fotg210, prev_p,
3317                                Q_NEXT_TYPE(fotg210, *hw_p));
3318                hw_p = shadow_next_periodic(fotg210, &here,
3319                                Q_NEXT_TYPE(fotg210, *hw_p));
3320                here = *prev_p;
3321        }
3322        /* an interrupt entry (at list end) could have been shared */
3323        if (!here.ptr)
3324                return;
3325
3326        /* update shadow and hardware lists ... the old "next" pointers
3327         * from ptr may still be in use, the caller updates them.
3328         */
3329        *prev_p = *periodic_next_shadow(fotg210, &here,
3330                        Q_NEXT_TYPE(fotg210, *hw_p));
3331
3332        *hw_p = *shadow_next_periodic(fotg210, &here,
3333                        Q_NEXT_TYPE(fotg210, *hw_p));
3334}
3335
3336/* how many of the uframe's 125 usecs are allocated? */
3337static unsigned short periodic_usecs(struct fotg210_hcd *fotg210,
3338                unsigned frame, unsigned uframe)
3339{
3340        __hc32 *hw_p = &fotg210->periodic[frame];
3341        union fotg210_shadow *q = &fotg210->pshadow[frame];
3342        unsigned usecs = 0;
3343        struct fotg210_qh_hw *hw;
3344
3345        while (q->ptr) {
3346                switch (hc32_to_cpu(fotg210, Q_NEXT_TYPE(fotg210, *hw_p))) {
3347                case Q_TYPE_QH:
3348                        hw = q->qh->hw;
3349                        /* is it in the S-mask? */
3350                        if (hw->hw_info2 & cpu_to_hc32(fotg210, 1 << uframe))
3351                                usecs += q->qh->usecs;
3352                        /* ... or C-mask? */
3353                        if (hw->hw_info2 & cpu_to_hc32(fotg210,
3354                                        1 << (8 + uframe)))
3355                                usecs += q->qh->c_usecs;
3356                        hw_p = &hw->hw_next;
3357                        q = &q->qh->qh_next;
3358                        break;
3359                /* case Q_TYPE_FSTN: */
3360                default:
3361                        /* for "save place" FSTNs, count the relevant INTR
3362                         * bandwidth from the previous frame
3363                         */
3364                        if (q->fstn->hw_prev != FOTG210_LIST_END(fotg210))
3365                                fotg210_dbg(fotg210, "ignoring FSTN cost ...\n");
3366
3367                        hw_p = &q->fstn->hw_next;
3368                        q = &q->fstn->fstn_next;
3369                        break;
3370                case Q_TYPE_ITD:
3371                        if (q->itd->hw_transaction[uframe])
3372                                usecs += q->itd->stream->usecs;
3373                        hw_p = &q->itd->hw_next;
3374                        q = &q->itd->itd_next;
3375                        break;
3376                }
3377        }
3378        if (usecs > fotg210->uframe_periodic_max)
3379                fotg210_err(fotg210, "uframe %d sched overrun: %d usecs\n",
3380                                frame * 8 + uframe, usecs);
3381        return usecs;
3382}
3383
3384static int same_tt(struct usb_device *dev1, struct usb_device *dev2)
3385{
3386        if (!dev1->tt || !dev2->tt)
3387                return 0;
3388        if (dev1->tt != dev2->tt)
3389                return 0;
3390        if (dev1->tt->multi)
3391                return dev1->ttport == dev2->ttport;
3392        else
3393                return 1;
3394}
3395
3396/* return true iff the device's transaction translator is available
3397 * for a periodic transfer starting at the specified frame, using
3398 * all the uframes in the mask.
3399 */
3400static int tt_no_collision(struct fotg210_hcd *fotg210, unsigned period,
3401                struct usb_device *dev, unsigned frame, u32 uf_mask)
3402{
3403        if (period == 0)        /* error */
3404                return 0;
3405
3406        /* note bandwidth wastage:  split never follows csplit
3407         * (different dev or endpoint) until the next uframe.
3408         * calling convention doesn't make that distinction.
3409         */
3410        for (; frame < fotg210->periodic_size; frame += period) {
3411                union fotg210_shadow here;
3412                __hc32 type;
3413                struct fotg210_qh_hw *hw;
3414
3415                here = fotg210->pshadow[frame];
3416                type = Q_NEXT_TYPE(fotg210, fotg210->periodic[frame]);
3417                while (here.ptr) {
3418                        switch (hc32_to_cpu(fotg210, type)) {
3419                        case Q_TYPE_ITD:
3420                                type = Q_NEXT_TYPE(fotg210, here.itd->hw_next);
3421                                here = here.itd->itd_next;
3422                                continue;
3423                        case Q_TYPE_QH:
3424                                hw = here.qh->hw;
3425                                if (same_tt(dev, here.qh->dev)) {
3426                                        u32 mask;
3427
3428                                        mask = hc32_to_cpu(fotg210,
3429                                                        hw->hw_info2);
3430                                        /* "knows" no gap is needed */
3431                                        mask |= mask >> 8;
3432                                        if (mask & uf_mask)
3433                                                break;
3434                                }
3435                                type = Q_NEXT_TYPE(fotg210, hw->hw_next);
3436                                here = here.qh->qh_next;
3437                                continue;
3438                        /* case Q_TYPE_FSTN: */
3439                        default:
3440                                fotg210_dbg(fotg210,
3441                                                "periodic frame %d bogus type %d\n",
3442                                                frame, type);
3443                        }
3444
3445                        /* collision or error */
3446                        return 0;
3447                }
3448        }
3449
3450        /* no collision */
3451        return 1;
3452}
3453
3454static void enable_periodic(struct fotg210_hcd *fotg210)
3455{
3456        if (fotg210->periodic_count++)
3457                return;
3458
3459        /* Stop waiting to turn off the periodic schedule */
3460        fotg210->enabled_hrtimer_events &=
3461                ~BIT(FOTG210_HRTIMER_DISABLE_PERIODIC);
3462
3463        /* Don't start the schedule until PSS is 0 */
3464        fotg210_poll_PSS(fotg210);
3465        turn_on_io_watchdog(fotg210);
3466}
3467
3468static void disable_periodic(struct fotg210_hcd *fotg210)
3469{
3470        if (--fotg210->periodic_count)
3471                return;
3472
3473        /* Don't turn off the schedule until PSS is 1 */
3474        fotg210_poll_PSS(fotg210);
3475}
3476
3477/* periodic schedule slots have iso tds (normal or split) first, then a
3478 * sparse tree for active interrupt transfers.
3479 *
3480 * this just links in a qh; caller guarantees uframe masks are set right.
3481 * no FSTN support (yet; fotg210 0.96+)
3482 */
3483static void qh_link_periodic(struct fotg210_hcd *fotg210, struct fotg210_qh *qh)
3484{
3485        unsigned i;
3486        unsigned period = qh->period;
3487
3488        dev_dbg(&qh->dev->dev,
3489                        "link qh%d-%04x/%p start %d [%d/%d us]\n", period,
3490                        hc32_to_cpup(fotg210, &qh->hw->hw_info2) &
3491                        (QH_CMASK | QH_SMASK), qh, qh->start, qh->usecs,
3492                        qh->c_usecs);
3493
3494        /* high bandwidth, or otherwise every microframe */
3495        if (period == 0)
3496                period = 1;
3497
3498        for (i = qh->start; i < fotg210->periodic_size; i += period) {
3499                union fotg210_shadow *prev = &fotg210->pshadow[i];
3500                __hc32 *hw_p = &fotg210->periodic[i];
3501                union fotg210_shadow here = *prev;
3502                __hc32 type = 0;
3503
3504                /* skip the iso nodes at list head */
3505                while (here.ptr) {
3506                        type = Q_NEXT_TYPE(fotg210, *hw_p);
3507                        if (type == cpu_to_hc32(fotg210, Q_TYPE_QH))
3508                                break;
3509                        prev = periodic_next_shadow(fotg210, prev, type);
3510                        hw_p = shadow_next_periodic(fotg210, &here, type);
3511                        here = *prev;
3512                }
3513
3514                /* sorting each branch by period (slow-->fast)
3515                 * enables sharing interior tree nodes
3516                 */
3517                while (here.ptr && qh != here.qh) {
3518                        if (qh->period > here.qh->period)
3519                                break;
3520                        prev = &here.qh->qh_next;
3521                        hw_p = &here.qh->hw->hw_next;
3522                        here = *prev;
3523                }
3524                /* link in this qh, unless some earlier pass did that */
3525                if (qh != here.qh) {
3526                        qh->qh_next = here;
3527                        if (here.qh)
3528                                qh->hw->hw_next = *hw_p;
3529                        wmb();
3530                        prev->qh = qh;
3531                        *hw_p = QH_NEXT(fotg210, qh->qh_dma);
3532                }
3533        }
3534        qh->qh_state = QH_STATE_LINKED;
3535        qh->xacterrs = 0;
3536
3537        /* update per-qh bandwidth for usbfs */
3538        fotg210_to_hcd(fotg210)->self.bandwidth_allocated += qh->period
3539                ? ((qh->usecs + qh->c_usecs) / qh->period)
3540                : (qh->usecs * 8);
3541
3542        list_add(&qh->intr_node, &fotg210->intr_qh_list);
3543
3544        /* maybe enable periodic schedule processing */
3545        ++fotg210->intr_count;
3546        enable_periodic(fotg210);
3547}
3548
3549static void qh_unlink_periodic(struct fotg210_hcd *fotg210,
3550                struct fotg210_qh *qh)
3551{
3552        unsigned i;
3553        unsigned period;
3554
3555        /*
3556         * If qh is for a low/full-speed device, simply unlinking it
3557         * could interfere with an ongoing split transaction.  To unlink
3558         * it safely would require setting the QH_INACTIVATE bit and
3559         * waiting at least one frame, as described in EHCI 4.12.2.5.
3560         *
3561         * We won't bother with any of this.  Instead, we assume that the
3562         * only reason for unlinking an interrupt QH while the current URB
3563         * is still active is to dequeue all the URBs (flush the whole
3564         * endpoint queue).
3565         *
3566         * If rebalancing the periodic schedule is ever implemented, this
3567         * approach will no longer be valid.
3568         */
3569
3570        /* high bandwidth, or otherwise part of every microframe */
3571        period = qh->period;
3572        if (!period)
3573                period = 1;
3574
3575        for (i = qh->start; i < fotg210->periodic_size; i += period)
3576                periodic_unlink(fotg210, i, qh);
3577
3578        /* update per-qh bandwidth for usbfs */
3579        fotg210_to_hcd(fotg210)->self.bandwidth_allocated -= qh->period
3580                ? ((qh->usecs + qh->c_usecs) / qh->period)
3581                : (qh->usecs * 8);
3582
3583        dev_dbg(&qh->dev->dev,
3584                        "unlink qh%d-%04x/%p start %d [%d/%d us]\n",
3585                        qh->period, hc32_to_cpup(fotg210, &qh->hw->hw_info2) &
3586                        (QH_CMASK | QH_SMASK), qh, qh->start, qh->usecs,
3587                        qh->c_usecs);
3588
3589        /* qh->qh_next still "live" to HC */
3590        qh->qh_state = QH_STATE_UNLINK;
3591        qh->qh_next.ptr = NULL;
3592
3593        if (fotg210->qh_scan_next == qh)
3594                fotg210->qh_scan_next = list_entry(qh->intr_node.next,
3595                                struct fotg210_qh, intr_node);
3596        list_del(&qh->intr_node);
3597}
3598
3599static void start_unlink_intr(struct fotg210_hcd *fotg210,
3600                struct fotg210_qh *qh)
3601{
3602        /* If the QH isn't linked then there's nothing we can do
3603         * unless we were called during a giveback, in which case
3604         * qh_completions() has to deal with it.
3605         */
3606        if (qh->qh_state != QH_STATE_LINKED) {
3607                if (qh->qh_state == QH_STATE_COMPLETING)
3608                        qh->needs_rescan = 1;
3609                return;
3610        }
3611
3612        qh_unlink_periodic(fotg210, qh);
3613
3614        /* Make sure the unlinks are visible before starting the timer */
3615        wmb();
3616
3617        /*
3618         * The EHCI spec doesn't say how long it takes the controller to
3619         * stop accessing an unlinked interrupt QH.  The timer delay is
3620         * 9 uframes; presumably that will be long enough.
3621         */
3622        qh->unlink_cycle = fotg210->intr_unlink_cycle;
3623
3624        /* New entries go at the end of the intr_unlink list */
3625        if (fotg210->intr_unlink)
3626                fotg210->intr_unlink_last->unlink_next = qh;
3627        else
3628                fotg210->intr_unlink = qh;
3629        fotg210->intr_unlink_last = qh;
3630
3631        if (fotg210->intr_unlinking)
3632                ;       /* Avoid recursive calls */
3633        else if (fotg210->rh_state < FOTG210_RH_RUNNING)
3634                fotg210_handle_intr_unlinks(fotg210);
3635        else if (fotg210->intr_unlink == qh) {
3636                fotg210_enable_event(fotg210, FOTG210_HRTIMER_UNLINK_INTR,
3637                                true);
3638                ++fotg210->intr_unlink_cycle;
3639        }
3640}
3641
3642static void end_unlink_intr(struct fotg210_hcd *fotg210, struct fotg210_qh *qh)
3643{
3644        struct fotg210_qh_hw *hw = qh->hw;
3645        int rc;
3646
3647        qh->qh_state = QH_STATE_IDLE;
3648        hw->hw_next = FOTG210_LIST_END(fotg210);
3649
3650        qh_completions(fotg210, qh);
3651
3652        /* reschedule QH iff another request is queued */
3653        if (!list_empty(&qh->qtd_list) &&
3654                        fotg210->rh_state == FOTG210_RH_RUNNING) {
3655                rc = qh_schedule(fotg210, qh);
3656
3657                /* An error here likely indicates handshake failure
3658                 * or no space left in the schedule.  Neither fault
3659                 * should happen often ...
3660                 *
3661                 * FIXME kill the now-dysfunctional queued urbs
3662                 */
3663                if (rc != 0)
3664                        fotg210_err(fotg210, "can't reschedule qh %p, err %d\n",
3665                                        qh, rc);
3666        }
3667
3668        /* maybe turn off periodic schedule */
3669        --fotg210->intr_count;
3670        disable_periodic(fotg210);
3671}
3672
3673static int check_period(struct fotg210_hcd *fotg210, unsigned frame,
3674                unsigned uframe, unsigned period, unsigned usecs)
3675{
3676        int claimed;
3677
3678        /* complete split running into next frame?
3679         * given FSTN support, we could sometimes check...
3680         */
3681        if (uframe >= 8)
3682                return 0;
3683
3684        /* convert "usecs we need" to "max already claimed" */
3685        usecs = fotg210->uframe_periodic_max - usecs;
3686
3687        /* we "know" 2 and 4 uframe intervals were rejected; so
3688         * for period 0, check _every_ microframe in the schedule.
3689         */
3690        if (unlikely(period == 0)) {
3691                do {
3692                        for (uframe = 0; uframe < 7; uframe++) {
3693                                claimed = periodic_usecs(fotg210, frame,
3694                                                uframe);
3695                                if (claimed > usecs)
3696                                        return 0;
3697                        }
3698                } while ((frame += 1) < fotg210->periodic_size);
3699
3700        /* just check the specified uframe, at that period */
3701        } else {
3702                do {
3703                        claimed = periodic_usecs(fotg210, frame, uframe);
3704                        if (claimed > usecs)
3705                                return 0;
3706                } while ((frame += period) < fotg210->periodic_size);
3707        }
3708
3709        /* success! */
3710        return 1;
3711}
3712
3713static int check_intr_schedule(struct fotg210_hcd *fotg210, unsigned frame,
3714                unsigned uframe, const struct fotg210_qh *qh, __hc32 *c_maskp)
3715{
3716        int retval = -ENOSPC;
3717        u8 mask = 0;
3718
3719        if (qh->c_usecs && uframe >= 6)         /* FSTN territory? */
3720                goto done;
3721
3722        if (!check_period(fotg210, frame, uframe, qh->period, qh->usecs))
3723                goto done;
3724        if (!qh->c_usecs) {
3725                retval = 0;
3726                *c_maskp = 0;
3727                goto done;
3728        }
3729
3730        /* Make sure this tt's buffer is also available for CSPLITs.
3731         * We pessimize a bit; probably the typical full speed case
3732         * doesn't need the second CSPLIT.
3733         *
3734         * NOTE:  both SPLIT and CSPLIT could be checked in just
3735         * one smart pass...
3736         */
3737        mask = 0x03 << (uframe + qh->gap_uf);
3738        *c_maskp = cpu_to_hc32(fotg210, mask << 8);
3739
3740        mask |= 1 << uframe;
3741        if (tt_no_collision(fotg210, qh->period, qh->dev, frame, mask)) {
3742                if (!check_period(fotg210, frame, uframe + qh->gap_uf + 1,
3743                                qh->period, qh->c_usecs))
3744                        goto done;
3745                if (!check_period(fotg210, frame, uframe + qh->gap_uf,
3746                                qh->period, qh->c_usecs))
3747                        goto done;
3748                retval = 0;
3749        }
3750done:
3751        return retval;
3752}
3753
3754/* "first fit" scheduling policy used the first time through,
3755 * or when the previous schedule slot can't be re-used.
3756 */
3757static int qh_schedule(struct fotg210_hcd *fotg210, struct fotg210_qh *qh)
3758{
3759        int status;
3760        unsigned uframe;
3761        __hc32 c_mask;
3762        unsigned frame; /* 0..(qh->period - 1), or NO_FRAME */
3763        struct fotg210_qh_hw *hw = qh->hw;
3764
3765        qh_refresh(fotg210, qh);
3766        hw->hw_next = FOTG210_LIST_END(fotg210);
3767        frame = qh->start;
3768
3769        /* reuse the previous schedule slots, if we can */
3770        if (frame < qh->period) {
3771                uframe = ffs(hc32_to_cpup(fotg210, &hw->hw_info2) & QH_SMASK);
3772                status = check_intr_schedule(fotg210, frame, --uframe,
3773                                qh, &c_mask);
3774        } else {
3775                uframe = 0;
3776                c_mask = 0;
3777                status = -ENOSPC;
3778        }
3779
3780        /* else scan the schedule to find a group of slots such that all
3781         * uframes have enough periodic bandwidth available.
3782         */
3783        if (status) {
3784                /* "normal" case, uframing flexible except with splits */
3785                if (qh->period) {
3786                        int i;
3787
3788                        for (i = qh->period; status && i > 0; --i) {
3789                                frame = ++fotg210->random_frame % qh->period;
3790                                for (uframe = 0; uframe < 8; uframe++) {
3791                                        status = check_intr_schedule(fotg210,
3792                                                        frame, uframe, qh,
3793                                                        &c_mask);
3794                                        if (status == 0)
3795                                                break;
3796                                }
3797                        }
3798
3799                /* qh->period == 0 means every uframe */
3800                } else {
3801                        frame = 0;
3802                        status = check_intr_schedule(fotg210, 0, 0, qh,
3803                                        &c_mask);
3804                }
3805                if (status)
3806                        goto done;
3807                qh->start = frame;
3808
3809                /* reset S-frame and (maybe) C-frame masks */
3810                hw->hw_info2 &= cpu_to_hc32(fotg210, ~(QH_CMASK | QH_SMASK));
3811                hw->hw_info2 |= qh->period
3812                        ? cpu_to_hc32(fotg210, 1 << uframe)
3813                        : cpu_to_hc32(fotg210, QH_SMASK);
3814                hw->hw_info2 |= c_mask;
3815        } else
3816                fotg210_dbg(fotg210, "reused qh %p schedule\n", qh);
3817
3818        /* stuff into the periodic schedule */
3819        qh_link_periodic(fotg210, qh);
3820done:
3821        return status;
3822}
3823
3824static int intr_submit(struct fotg210_hcd *fotg210, struct urb *urb,
3825                struct list_head *qtd_list, gfp_t mem_flags)
3826{
3827        unsigned epnum;
3828        unsigned long flags;
3829        struct fotg210_qh *qh;
3830        int status;
3831        struct list_head empty;
3832
3833        /* get endpoint and transfer/schedule data */
3834        epnum = urb->ep->desc.bEndpointAddress;
3835
3836        spin_lock_irqsave(&fotg210->lock, flags);
3837
3838        if (unlikely(!HCD_HW_ACCESSIBLE(fotg210_to_hcd(fotg210)))) {
3839                status = -ESHUTDOWN;
3840                goto done_not_linked;
3841        }
3842        status = usb_hcd_link_urb_to_ep(fotg210_to_hcd(fotg210), urb);
3843        if (unlikely(status))
3844                goto done_not_linked;
3845
3846        /* get qh and force any scheduling errors */
3847        INIT_LIST_HEAD(&empty);
3848        qh = qh_append_tds(fotg210, urb, &empty, epnum, &urb->ep->hcpriv);
3849        if (qh == NULL) {
3850                status = -ENOMEM;
3851                goto done;
3852        }
3853        if (qh->qh_state == QH_STATE_IDLE) {
3854                status = qh_schedule(fotg210, qh);
3855                if (status)
3856                        goto done;
3857        }
3858
3859        /* then queue the urb's tds to the qh */
3860        qh = qh_append_tds(fotg210, urb, qtd_list, epnum, &urb->ep->hcpriv);
3861        BUG_ON(qh == NULL);
3862
3863        /* ... update usbfs periodic stats */
3864        fotg210_to_hcd(fotg210)->self.bandwidth_int_reqs++;
3865
3866done:
3867        if (unlikely(status))
3868                usb_hcd_unlink_urb_from_ep(fotg210_to_hcd(fotg210), urb);
3869done_not_linked:
3870        spin_unlock_irqrestore(&fotg210->lock, flags);
3871        if (status)
3872                qtd_list_free(fotg210, urb, qtd_list);
3873
3874        return status;
3875}
3876
3877static void scan_intr(struct fotg210_hcd *fotg210)
3878{
3879        struct fotg210_qh *qh;
3880
3881        list_for_each_entry_safe(qh, fotg210->qh_scan_next,
3882                        &fotg210->intr_qh_list, intr_node) {
3883rescan:
3884                /* clean any finished work for this qh */
3885                if (!list_empty(&qh->qtd_list)) {
3886                        int temp;
3887
3888                        /*
3889                         * Unlinks could happen here; completion reporting
3890                         * drops the lock.  That's why fotg210->qh_scan_next
3891                         * always holds the next qh to scan; if the next qh
3892                         * gets unlinked then fotg210->qh_scan_next is adjusted
3893                         * in qh_unlink_periodic().
3894                         */
3895                        temp = qh_completions(fotg210, qh);
3896                        if (unlikely(qh->needs_rescan ||
3897                                        (list_empty(&qh->qtd_list) &&
3898                                        qh->qh_state == QH_STATE_LINKED)))
3899                                start_unlink_intr(fotg210, qh);
3900                        else if (temp != 0)
3901                                goto rescan;
3902                }
3903        }
3904}
3905
3906/* fotg210_iso_stream ops work with both ITD and SITD */
3907
3908static struct fotg210_iso_stream *iso_stream_alloc(gfp_t mem_flags)
3909{
3910        struct fotg210_iso_stream *stream;
3911
3912        stream = kzalloc(sizeof(*stream), mem_flags);
3913        if (likely(stream != NULL)) {
3914                INIT_LIST_HEAD(&stream->td_list);
3915                INIT_LIST_HEAD(&stream->free_list);
3916                stream->next_uframe = -1;
3917        }
3918        return stream;
3919}
3920
3921static void iso_stream_init(struct fotg210_hcd *fotg210,
3922                struct fotg210_iso_stream *stream, struct usb_device *dev,
3923                int pipe, unsigned interval)
3924{
3925        u32 buf1;
3926        unsigned epnum, maxp;
3927        int is_input;
3928        long bandwidth;
3929        unsigned multi;
3930
3931        /*
3932         * this might be a "high bandwidth" highspeed endpoint,
3933         * as encoded in the ep descriptor's wMaxPacket field
3934         */
3935        epnum = usb_pipeendpoint(pipe);
3936        is_input = usb_pipein(pipe) ? USB_DIR_IN : 0;
3937        maxp = usb_maxpacket(dev, pipe, !is_input);
3938        if (is_input)
3939                buf1 = (1 << 11);
3940        else
3941                buf1 = 0;
3942
3943        maxp = max_packet(maxp);
3944        multi = hb_mult(maxp);
3945        buf1 |= maxp;
3946        maxp *= multi;
3947
3948        stream->buf0 = cpu_to_hc32(fotg210, (epnum << 8) | dev->devnum);
3949        stream->buf1 = cpu_to_hc32(fotg210, buf1);
3950        stream->buf2 = cpu_to_hc32(fotg210, multi);
3951
3952        /* usbfs wants to report the average usecs per frame tied up
3953         * when transfers on this endpoint are scheduled ...
3954         */
3955        if (dev->speed == USB_SPEED_FULL) {
3956                interval <<= 3;
3957                stream->usecs = NS_TO_US(usb_calc_bus_time(dev->speed,
3958                                is_input, 1, maxp));
3959                stream->usecs /= 8;
3960        } else {
3961                stream->highspeed = 1;
3962                stream->usecs = HS_USECS_ISO(maxp);
3963        }
3964        bandwidth = stream->usecs * 8;
3965        bandwidth /= interval;
3966
3967        stream->bandwidth = bandwidth;
3968        stream->udev = dev;
3969        stream->bEndpointAddress = is_input | epnum;
3970        stream->interval = interval;
3971        stream->maxp = maxp;
3972}
3973
3974static struct fotg210_iso_stream *iso_stream_find(struct fotg210_hcd *fotg210,
3975                struct urb *urb)
3976{
3977        unsigned epnum;
3978        struct fotg210_iso_stream *stream;
3979        struct usb_host_endpoint *ep;
3980        unsigned long flags;
3981
3982        epnum = usb_pipeendpoint(urb->pipe);
3983        if (usb_pipein(urb->pipe))
3984                ep = urb->dev->ep_in[epnum];
3985        else
3986                ep = urb->dev->ep_out[epnum];
3987
3988        spin_lock_irqsave(&fotg210->lock, flags);
3989        stream = ep->hcpriv;
3990
3991        if (unlikely(stream == NULL)) {
3992                stream = iso_stream_alloc(GFP_ATOMIC);
3993                if (likely(stream != NULL)) {
3994                        ep->hcpriv = stream;
3995                        stream->ep = ep;
3996                        iso_stream_init(fotg210, stream, urb->dev, urb->pipe,
3997                                        urb->interval);
3998                }
3999
4000        /* if dev->ep[epnum] is a QH, hw is set */
4001        } else if (unlikely(stream->hw != NULL)) {
4002                fotg210_dbg(fotg210, "dev %s ep%d%s, not iso??\n",
4003                                urb->dev->devpath, epnum,
4004                                usb_pipein(urb->pipe) ? "in" : "out");
4005                stream = NULL;
4006        }
4007
4008        spin_unlock_irqrestore(&fotg210->lock, flags);
4009        return stream;
4010}
4011
4012/* fotg210_iso_sched ops can be ITD-only or SITD-only */
4013
4014static struct fotg210_iso_sched *iso_sched_alloc(unsigned packets,
4015                gfp_t mem_flags)
4016{
4017        struct fotg210_iso_sched *iso_sched;
4018        int size = sizeof(*iso_sched);
4019
4020        size += packets * sizeof(struct fotg210_iso_packet);
4021        iso_sched = kzalloc(size, mem_flags);
4022        if (likely(iso_sched != NULL))
4023                INIT_LIST_HEAD(&iso_sched->td_list);
4024
4025        return iso_sched;
4026}
4027
4028static inline void itd_sched_init(struct fotg210_hcd *fotg210,
4029                struct fotg210_iso_sched *iso_sched,
4030                struct fotg210_iso_stream *stream, struct urb *urb)
4031{
4032        unsigned i;
4033        dma_addr_t dma = urb->transfer_dma;
4034
4035        /* how many uframes are needed for these transfers */
4036        iso_sched->span = urb->number_of_packets * stream->interval;
4037
4038        /* figure out per-uframe itd fields that we'll need later
4039         * when we fit new itds into the schedule.
4040         */
4041        for (i = 0; i < urb->number_of_packets; i++) {
4042                struct fotg210_iso_packet *uframe = &iso_sched->packet[i];
4043                unsigned length;
4044                dma_addr_t buf;
4045                u32 trans;
4046
4047                length = urb->iso_frame_desc[i].length;
4048                buf = dma + urb->iso_frame_desc[i].offset;
4049
4050                trans = FOTG210_ISOC_ACTIVE;
4051                trans |= buf & 0x0fff;
4052                if (unlikely(((i + 1) == urb->number_of_packets))
4053                                && !(urb->transfer_flags & URB_NO_INTERRUPT))
4054                        trans |= FOTG210_ITD_IOC;
4055                trans |= length << 16;
4056                uframe->transaction = cpu_to_hc32(fotg210, trans);
4057
4058                /* might need to cross a buffer page within a uframe */
4059                uframe->bufp = (buf & ~(u64)0x0fff);
4060                buf += length;
4061                if (unlikely((uframe->bufp != (buf & ~(u64)0x0fff))))
4062                        uframe->cross = 1;
4063        }
4064}
4065
4066static void iso_sched_free(struct fotg210_iso_stream *stream,
4067                struct fotg210_iso_sched *iso_sched)
4068{
4069        if (!iso_sched)
4070                return;
4071        /* caller must hold fotg210->lock!*/
4072        list_splice(&iso_sched->td_list, &stream->free_list);
4073        kfree(iso_sched);
4074}
4075
4076static int itd_urb_transaction(struct fotg210_iso_stream *stream,
4077                struct fotg210_hcd *fotg210, struct urb *urb, gfp_t mem_flags)
4078{
4079        struct fotg210_itd *itd;
4080        dma_addr_t itd_dma;
4081        int i;
4082        unsigned num_itds;
4083        struct fotg210_iso_sched *sched;
4084        unsigned long flags;
4085
4086        sched = iso_sched_alloc(urb->number_of_packets, mem_flags);
4087        if (unlikely(sched == NULL))
4088                return -ENOMEM;
4089
4090        itd_sched_init(fotg210, sched, stream, urb);
4091
4092        if (urb->interval < 8)
4093                num_itds = 1 + (sched->span + 7) / 8;
4094        else
4095                num_itds = urb->number_of_packets;
4096
4097        /* allocate/init ITDs */
4098        spin_lock_irqsave(&fotg210->lock, flags);
4099        for (i = 0; i < num_itds; i++) {
4100
4101                /*
4102                 * Use iTDs from the free list, but not iTDs that may
4103                 * still be in use by the hardware.
4104                 */
4105                if (likely(!list_empty(&stream->free_list))) {
4106                        itd = list_first_entry(&stream->free_list,
4107                                        struct fotg210_itd, itd_list);
4108                        if (itd->frame == fotg210->now_frame)
4109                                goto alloc_itd;
4110                        list_del(&itd->itd_list);
4111                        itd_dma = itd->itd_dma;
4112                } else {
4113alloc_itd:
4114                        spin_unlock_irqrestore(&fotg210->lock, flags);
4115                        itd = dma_pool_zalloc(fotg210->itd_pool, mem_flags,
4116                                        &itd_dma);
4117                        spin_lock_irqsave(&fotg210->lock, flags);
4118                        if (!itd) {
4119                                iso_sched_free(stream, sched);
4120                                spin_unlock_irqrestore(&fotg210->lock, flags);
4121                                return -ENOMEM;
4122                        }
4123                }
4124
4125                itd->itd_dma = itd_dma;
4126                list_add(&itd->itd_list, &sched->td_list);
4127        }
4128        spin_unlock_irqrestore(&fotg210->lock, flags);
4129
4130        /* temporarily store schedule info in hcpriv */
4131        urb->hcpriv = sched;
4132        urb->error_count = 0;
4133        return 0;
4134}
4135
4136static inline int itd_slot_ok(struct fotg210_hcd *fotg210, u32 mod, u32 uframe,
4137                u8 usecs, u32 period)
4138{
4139        uframe %= period;
4140        do {
4141                /* can't commit more than uframe_periodic_max usec */
4142                if (periodic_usecs(fotg210, uframe >> 3, uframe & 0x7)
4143                                > (fotg210->uframe_periodic_max - usecs))
4144                        return 0;
4145
4146                /* we know urb->interval is 2^N uframes */
4147                uframe += period;
4148        } while (uframe < mod);
4149        return 1;
4150}
4151
4152/* This scheduler plans almost as far into the future as it has actual
4153 * periodic schedule slots.  (Affected by TUNE_FLS, which defaults to
4154 * "as small as possible" to be cache-friendlier.)  That limits the size
4155 * transfers you can stream reliably; avoid more than 64 msec per urb.
4156 * Also avoid queue depths of less than fotg210's worst irq latency (affected
4157 * by the per-urb URB_NO_INTERRUPT hint, the log2_irq_thresh module parameter,
4158 * and other factors); or more than about 230 msec total (for portability,
4159 * given FOTG210_TUNE_FLS and the slop).  Or, write a smarter scheduler!
4160 */
4161
4162#define SCHEDULE_SLOP 80 /* microframes */
4163
4164static int iso_stream_schedule(struct fotg210_hcd *fotg210, struct urb *urb,
4165                struct fotg210_iso_stream *stream)
4166{
4167        u32 now, next, start, period, span;
4168        int status;
4169        unsigned mod = fotg210->periodic_size << 3;
4170        struct fotg210_iso_sched *sched = urb->hcpriv;
4171
4172        period = urb->interval;
4173        span = sched->span;
4174
4175        if (span > mod - SCHEDULE_SLOP) {
4176                fotg210_dbg(fotg210,