2 * xHCI host controller driver
4 * Copyright (C) 2008 Intel Corp.
7 * Some code borrowed from the Linux EHCI driver.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software Foundation,
20 * Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 * Ring initialization rules:
25 * 1. Each segment is initialized to zero, except for link TRBs.
26 * 2. Ring cycle state = 0. This represents Producer Cycle State (PCS) or
27 * Consumer Cycle State (CCS), depending on ring function.
28 * 3. Enqueue pointer = dequeue pointer = address of first TRB in the segment.
30 * Ring behavior rules:
31 * 1. A ring is empty if enqueue == dequeue. This means there will always be at
32 * least one free TRB in the ring. This is useful if you want to turn that
33 * into a link TRB and expand the ring.
34 * 2. When incrementing an enqueue or dequeue pointer, if the next TRB is a
35 * link TRB, then load the pointer with the address in the link TRB. If the
36 * link TRB had its toggle bit set, you may need to update the ring cycle
37 * state (see cycle bit rules). You may have to do this multiple times
38 * until you reach a non-link TRB.
39 * 3. A ring is full if enqueue++ (for the definition of increment above)
40 * equals the dequeue pointer.
43 * 1. When a consumer increments a dequeue pointer and encounters a toggle bit
44 * in a link TRB, it must toggle the ring cycle state.
45 * 2. When a producer increments an enqueue pointer and encounters a toggle bit
46 * in a link TRB, it must toggle the ring cycle state.
49 * 1. Check if ring is full before you enqueue.
50 * 2. Write the ring cycle state to the cycle bit in the TRB you're enqueuing.
51 * Update enqueue pointer between each write (which may update the ring
53 * 3. Notify consumer. If SW is producer, it rings the doorbell for command
54 * and endpoint rings. If HC is the producer for the event ring,
55 * and it generates an interrupt according to interrupt modulation rules.
58 * 1. Check if TRB belongs to you. If the cycle bit == your ring cycle state,
59 * the TRB is owned by the consumer.
60 * 2. Update dequeue pointer (which may update the ring cycle state) and
61 * continue processing TRBs until you reach a TRB which is not owned by you.
62 * 3. Notify the producer. SW is the consumer for the event ring, and it
63 * updates event ring dequeue pointer. HC is the consumer for the command and
64 * endpoint rings; it generates events on the event ring for these.
67 #include <linux/scatterlist.h>
71 * Returns zero if the TRB isn't in this segment, otherwise it returns the DMA
74 dma_addr_t trb_virt_to_dma(struct xhci_segment *seg,
79 if (!seg || !trb || (void *) trb < (void *) seg->trbs)
81 /* offset in bytes, since these are byte-addressable */
82 offset = (unsigned int) trb - (unsigned int) seg->trbs;
83 /* SEGMENT_SIZE in bytes, trbs are 16-byte aligned */
84 if (offset > SEGMENT_SIZE || (offset % sizeof(*trb)) != 0)
86 return seg->dma + offset;
89 /* Does this link TRB point to the first segment in a ring,
90 * or was the previous TRB the last TRB on the last segment in the ERST?
92 static inline bool last_trb_on_last_seg(struct xhci_hcd *xhci, struct xhci_ring *ring,
93 struct xhci_segment *seg, union xhci_trb *trb)
95 if (ring == xhci->event_ring)
96 return (trb == &seg->trbs[TRBS_PER_SEGMENT]) &&
97 (seg->next == xhci->event_ring->first_seg);
99 return trb->link.control & LINK_TOGGLE;
102 /* Is this TRB a link TRB or was the last TRB the last TRB in this event ring
103 * segment? I.e. would the updated event TRB pointer step off the end of the
106 static inline int last_trb(struct xhci_hcd *xhci, struct xhci_ring *ring,
107 struct xhci_segment *seg, union xhci_trb *trb)
109 if (ring == xhci->event_ring)
110 return trb == &seg->trbs[TRBS_PER_SEGMENT];
112 return (trb->link.control & TRB_TYPE_BITMASK) == TRB_TYPE(TRB_LINK);
116 * See Cycle bit rules. SW is the consumer for the event ring only.
117 * Don't make a ring full of link TRBs. That would be dumb and this would loop.
119 static void inc_deq(struct xhci_hcd *xhci, struct xhci_ring *ring, bool consumer)
121 union xhci_trb *next = ++(ring->dequeue);
124 /* Update the dequeue pointer further if that was a link TRB or we're at
125 * the end of an event ring segment (which doesn't have link TRBS)
127 while (last_trb(xhci, ring, ring->deq_seg, next)) {
128 if (consumer && last_trb_on_last_seg(xhci, ring, ring->deq_seg, next)) {
129 ring->cycle_state = (ring->cycle_state ? 0 : 1);
131 xhci_dbg(xhci, "Toggle cycle state for ring 0x%x = %i\n",
133 (unsigned int) ring->cycle_state);
135 ring->deq_seg = ring->deq_seg->next;
136 ring->dequeue = ring->deq_seg->trbs;
137 next = ring->dequeue;
142 * See Cycle bit rules. SW is the consumer for the event ring only.
143 * Don't make a ring full of link TRBs. That would be dumb and this would loop.
145 * If we've just enqueued a TRB that is in the middle of a TD (meaning the
146 * chain bit is set), then set the chain bit in all the following link TRBs.
147 * If we've enqueued the last TRB in a TD, make sure the following link TRBs
148 * have their chain bit cleared (so that each Link TRB is a separate TD).
150 * Section 6.4.4.1 of the 0.95 spec says link TRBs cannot have the chain bit
151 * set, but other sections talk about dealing with the chain bit set.
152 * Assume section 6.4.4.1 is wrong, and the chain bit can be set in a Link TRB.
154 static void inc_enq(struct xhci_hcd *xhci, struct xhci_ring *ring, bool consumer)
157 union xhci_trb *next;
159 chain = ring->enqueue->generic.field[3] & TRB_CHAIN;
160 next = ++(ring->enqueue);
163 /* Update the dequeue pointer further if that was a link TRB or we're at
164 * the end of an event ring segment (which doesn't have link TRBS)
166 while (last_trb(xhci, ring, ring->enq_seg, next)) {
168 if (ring != xhci->event_ring) {
169 /* Give this link TRB to the hardware */
170 if (next->link.control & TRB_CYCLE)
171 next->link.control &= (u32) ~TRB_CYCLE;
173 next->link.control |= (u32) TRB_CYCLE;
174 next->link.control &= TRB_CHAIN;
175 next->link.control |= chain;
177 /* Toggle the cycle bit after the last ring segment. */
178 if (last_trb_on_last_seg(xhci, ring, ring->enq_seg, next)) {
179 ring->cycle_state = (ring->cycle_state ? 0 : 1);
181 xhci_dbg(xhci, "Toggle cycle state for ring 0x%x = %i\n",
183 (unsigned int) ring->cycle_state);
186 ring->enq_seg = ring->enq_seg->next;
187 ring->enqueue = ring->enq_seg->trbs;
188 next = ring->enqueue;
193 * Check to see if there's room to enqueue num_trbs on the ring. See rules
195 * FIXME: this would be simpler and faster if we just kept track of the number
196 * of free TRBs in a ring.
198 static int room_on_ring(struct xhci_hcd *xhci, struct xhci_ring *ring,
199 unsigned int num_trbs)
202 union xhci_trb *enq = ring->enqueue;
203 struct xhci_segment *enq_seg = ring->enq_seg;
205 /* Check if ring is empty */
206 if (enq == ring->dequeue)
208 /* Make sure there's an extra empty TRB available */
209 for (i = 0; i <= num_trbs; ++i) {
210 if (enq == ring->dequeue)
213 while (last_trb(xhci, ring, enq_seg, enq)) {
214 enq_seg = enq_seg->next;
221 void set_hc_event_deq(struct xhci_hcd *xhci)
226 deq = trb_virt_to_dma(xhci->event_ring->deq_seg,
227 xhci->event_ring->dequeue);
228 if (deq == 0 && !in_interrupt())
229 xhci_warn(xhci, "WARN something wrong with SW event ring "
231 /* Update HC event ring dequeue pointer */
232 temp = xhci_readl(xhci, &xhci->ir_set->erst_dequeue[0]);
233 temp &= ERST_PTR_MASK;
235 xhci_dbg(xhci, "// Write event ring dequeue pointer\n");
236 xhci_writel(xhci, 0, &xhci->ir_set->erst_dequeue[1]);
237 xhci_writel(xhci, (deq & ~ERST_PTR_MASK) | temp,
238 &xhci->ir_set->erst_dequeue[0]);
241 /* Ring the host controller doorbell after placing a command on the ring */
242 void ring_cmd_db(struct xhci_hcd *xhci)
246 xhci_dbg(xhci, "// Ding dong!\n");
247 temp = xhci_readl(xhci, &xhci->dba->doorbell[0]) & DB_MASK;
248 xhci_writel(xhci, temp | DB_TARGET_HOST, &xhci->dba->doorbell[0]);
249 /* Flush PCI posted writes */
250 xhci_readl(xhci, &xhci->dba->doorbell[0]);
253 static void handle_cmd_completion(struct xhci_hcd *xhci,
254 struct xhci_event_cmd *event)
256 int slot_id = TRB_TO_SLOT_ID(event->flags);
258 dma_addr_t cmd_dequeue_dma;
260 cmd_dma = (((u64) event->cmd_trb[1]) << 32) + event->cmd_trb[0];
261 cmd_dequeue_dma = trb_virt_to_dma(xhci->cmd_ring->deq_seg,
262 xhci->cmd_ring->dequeue);
263 /* Is the command ring deq ptr out of sync with the deq seg ptr? */
264 if (cmd_dequeue_dma == 0) {
265 xhci->error_bitmask |= 1 << 4;
268 /* Does the DMA address match our internal dequeue pointer address? */
269 if (cmd_dma != (u64) cmd_dequeue_dma) {
270 xhci->error_bitmask |= 1 << 5;
273 switch (xhci->cmd_ring->dequeue->generic.field[3] & TRB_TYPE_BITMASK) {
274 case TRB_TYPE(TRB_ENABLE_SLOT):
275 if (GET_COMP_CODE(event->status) == COMP_SUCCESS)
276 xhci->slot_id = slot_id;
279 complete(&xhci->addr_dev);
281 case TRB_TYPE(TRB_DISABLE_SLOT):
282 if (xhci->devs[slot_id])
283 xhci_free_virt_device(xhci, slot_id);
285 case TRB_TYPE(TRB_CONFIG_EP):
286 xhci->devs[slot_id]->cmd_status = GET_COMP_CODE(event->status);
287 complete(&xhci->devs[slot_id]->cmd_completion);
289 case TRB_TYPE(TRB_ADDR_DEV):
290 xhci->devs[slot_id]->cmd_status = GET_COMP_CODE(event->status);
291 complete(&xhci->addr_dev);
293 case TRB_TYPE(TRB_CMD_NOOP):
294 ++xhci->noops_handled;
297 /* Skip over unknown commands on the event ring */
298 xhci->error_bitmask |= 1 << 6;
301 inc_deq(xhci, xhci->cmd_ring, false);
304 static void handle_port_status(struct xhci_hcd *xhci,
305 union xhci_trb *event)
309 /* Port status change events always have a successful completion code */
310 if (GET_COMP_CODE(event->generic.field[2]) != COMP_SUCCESS) {
311 xhci_warn(xhci, "WARN: xHC returned failed port status event\n");
312 xhci->error_bitmask |= 1 << 8;
314 /* FIXME: core doesn't care about all port link state changes yet */
315 port_id = GET_PORT_ID(event->generic.field[0]);
316 xhci_dbg(xhci, "Port Status Change Event for port %d\n", port_id);
318 /* Update event ring dequeue pointer before dropping the lock */
319 inc_deq(xhci, xhci->event_ring, true);
320 set_hc_event_deq(xhci);
322 spin_unlock(&xhci->lock);
323 /* Pass this up to the core */
324 usb_hcd_poll_rh_status(xhci_to_hcd(xhci));
325 spin_lock(&xhci->lock);
329 * This TD is defined by the TRBs starting at start_trb in start_seg and ending
330 * at end_trb, which may be in another segment. If the suspect DMA address is a
331 * TRB in this TD, this function returns that TRB's segment. Otherwise it
334 static struct xhci_segment *trb_in_td(
335 struct xhci_segment *start_seg,
336 union xhci_trb *start_trb,
337 union xhci_trb *end_trb,
338 dma_addr_t suspect_dma)
340 dma_addr_t start_dma;
341 dma_addr_t end_seg_dma;
342 dma_addr_t end_trb_dma;
343 struct xhci_segment *cur_seg;
345 start_dma = trb_virt_to_dma(start_seg, start_trb);
350 * Last TRB is a link TRB (unless we start inserting links in
351 * the middle, FIXME if you do)
353 end_seg_dma = trb_virt_to_dma(cur_seg, &start_seg->trbs[TRBS_PER_SEGMENT - 2]);
354 /* If the end TRB isn't in this segment, this is set to 0 */
355 end_trb_dma = trb_virt_to_dma(cur_seg, end_trb);
357 if (end_trb_dma > 0) {
358 /* The end TRB is in this segment, so suspect should be here */
359 if (start_dma <= end_trb_dma) {
360 if (suspect_dma >= start_dma && suspect_dma <= end_trb_dma)
363 /* Case for one segment with
364 * a TD wrapped around to the top
366 if ((suspect_dma >= start_dma &&
367 suspect_dma <= end_seg_dma) ||
368 (suspect_dma >= cur_seg->dma &&
369 suspect_dma <= end_trb_dma))
374 /* Might still be somewhere in this segment */
375 if (suspect_dma >= start_dma && suspect_dma <= end_seg_dma)
378 cur_seg = cur_seg->next;
379 start_dma = trb_virt_to_dma(cur_seg, &cur_seg->trbs[0]);
385 * If this function returns an error condition, it means it got a Transfer
386 * event with a corrupted Slot ID, Endpoint ID, or TRB DMA address.
387 * At this point, the host controller is probably hosed and should be reset.
389 static int handle_tx_event(struct xhci_hcd *xhci,
390 struct xhci_transfer_event *event)
392 struct xhci_virt_device *xdev;
393 struct xhci_ring *ep_ring;
395 struct xhci_td *td = 0;
396 dma_addr_t event_dma;
397 struct xhci_segment *event_seg;
398 union xhci_trb *event_trb;
400 int status = -EINPROGRESS;
402 xdev = xhci->devs[TRB_TO_SLOT_ID(event->flags)];
404 xhci_err(xhci, "ERROR Transfer event pointed to bad slot\n");
408 /* Endpoint ID is 1 based, our index is zero based */
409 ep_index = TRB_TO_EP_ID(event->flags) - 1;
410 ep_ring = xdev->ep_rings[ep_index];
411 if (!ep_ring || (xdev->out_ctx->ep[ep_index].ep_info & EP_STATE_MASK) == EP_STATE_DISABLED) {
412 xhci_err(xhci, "ERROR Transfer event pointed to disabled endpoint\n");
416 event_dma = event->buffer[0];
417 if (event->buffer[1] != 0)
418 xhci_warn(xhci, "WARN ignoring upper 32-bits of 64-bit TRB dma address\n");
420 /* This TRB should be in the TD at the head of this ring's TD list */
421 if (list_empty(&ep_ring->td_list)) {
422 xhci_warn(xhci, "WARN Event TRB for slot %d ep %d with no TDs queued?\n",
423 TRB_TO_SLOT_ID(event->flags), ep_index);
424 xhci_dbg(xhci, "Event TRB with TRB type ID %u\n",
425 (unsigned int) (event->flags & TRB_TYPE_BITMASK)>>10);
426 xhci_print_trb_offsets(xhci, (union xhci_trb *) event);
430 td = list_entry(ep_ring->td_list.next, struct xhci_td, td_list);
432 /* Is this a TRB in the currently executing TD? */
433 event_seg = trb_in_td(ep_ring->deq_seg, ep_ring->dequeue,
434 td->last_trb, event_dma);
436 /* HC is busted, give up! */
437 xhci_err(xhci, "ERROR Transfer event TRB DMA ptr not part of current TD\n");
440 event_trb = &event_seg->trbs[(event_dma - event_seg->dma) / sizeof(*event_trb)];
441 xhci_dbg(xhci, "Event TRB with TRB type ID %u\n",
442 (unsigned int) (event->flags & TRB_TYPE_BITMASK)>>10);
443 xhci_dbg(xhci, "Offset 0x00 (buffer[0]) = 0x%x\n",
444 (unsigned int) event->buffer[0]);
445 xhci_dbg(xhci, "Offset 0x04 (buffer[0]) = 0x%x\n",
446 (unsigned int) event->buffer[1]);
447 xhci_dbg(xhci, "Offset 0x08 (transfer length) = 0x%x\n",
448 (unsigned int) event->transfer_len);
449 xhci_dbg(xhci, "Offset 0x0C (flags) = 0x%x\n",
450 (unsigned int) event->flags);
452 /* Look for common error cases */
453 switch (GET_COMP_CODE(event->transfer_len)) {
454 /* Skip codes that require special handling depending on
461 xhci_warn(xhci, "WARN: Stalled endpoint\n");
465 xhci_warn(xhci, "WARN: TRB error on endpoint\n");
469 xhci_warn(xhci, "WARN: transfer error on endpoint\n");
473 xhci_warn(xhci, "WARN: HC couldn't access mem fast enough\n");
477 xhci_warn(xhci, "ERROR Unknown event condition, HC probably busted\n");
481 /* Now update the urb's actual_length and give back to the core */
482 /* Was this a control transfer? */
483 if (usb_endpoint_xfer_control(&td->urb->ep->desc)) {
484 xhci_debug_trb(xhci, xhci->event_ring->dequeue);
485 switch (GET_COMP_CODE(event->transfer_len)) {
487 if (event_trb == ep_ring->dequeue) {
488 xhci_warn(xhci, "WARN: Success on ctrl setup TRB without IOC set??\n");
490 } else if (event_trb != td->last_trb) {
491 xhci_warn(xhci, "WARN: Success on ctrl data TRB without IOC set??\n");
494 xhci_dbg(xhci, "Successful control transfer!\n");
499 xhci_warn(xhci, "WARN: short transfer on control ep\n");
503 /* Others already handled above */
507 * Did we transfer any data, despite the errors that might have
508 * happened? I.e. did we get past the setup stage?
510 if (event_trb != ep_ring->dequeue) {
511 /* The event was for the status stage */
512 if (event_trb == td->last_trb) {
513 td->urb->actual_length = td->urb->transfer_buffer_length;
515 /* The event was for the data stage */
516 td->urb->actual_length = td->urb->transfer_buffer_length -
517 TRB_LEN(event->transfer_len);
521 switch (GET_COMP_CODE(event->transfer_len)) {
523 /* Double check that the HW transferred everything. */
524 if (event_trb != td->last_trb) {
525 xhci_warn(xhci, "WARN Successful completion "
527 if (td->urb->transfer_flags & URB_SHORT_NOT_OK)
532 xhci_dbg(xhci, "Successful bulk transfer!\n");
537 if (td->urb->transfer_flags & URB_SHORT_NOT_OK)
543 /* Others already handled above */
546 dev_dbg(&td->urb->dev->dev,
547 "ep %#x - asked for %d bytes, "
548 "%d bytes untransferred\n",
549 td->urb->ep->desc.bEndpointAddress,
550 td->urb->transfer_buffer_length,
551 TRB_LEN(event->transfer_len));
552 /* Fast path - was this the last TRB in the TD for this URB? */
553 if (event_trb == td->last_trb) {
554 if (TRB_LEN(event->transfer_len) != 0) {
555 td->urb->actual_length =
556 td->urb->transfer_buffer_length -
557 TRB_LEN(event->transfer_len);
558 if (td->urb->actual_length < 0) {
559 xhci_warn(xhci, "HC gave bad length "
560 "of %d bytes left\n",
561 TRB_LEN(event->transfer_len));
562 td->urb->actual_length = 0;
564 if (td->urb->transfer_flags & URB_SHORT_NOT_OK)
569 td->urb->actual_length = td->urb->transfer_buffer_length;
570 /* Ignore a short packet completion if the
571 * untransferred length was zero.
576 /* Slow path - walk the list, starting from the first
577 * TRB to get the actual length transferred
579 td->urb->actual_length = 0;
580 while (ep_ring->dequeue != event_trb) {
581 td->urb->actual_length += TRB_LEN(ep_ring->dequeue->generic.field[2]);
582 inc_deq(xhci, ep_ring, false);
584 td->urb->actual_length += TRB_LEN(ep_ring->dequeue->generic.field[2]) -
585 TRB_LEN(event->transfer_len);
589 /* Update ring dequeue pointer */
590 while (ep_ring->dequeue != td->last_trb)
591 inc_deq(xhci, ep_ring, false);
592 inc_deq(xhci, ep_ring, false);
594 /* Clean up the endpoint's TD list */
596 list_del(&td->td_list);
600 inc_deq(xhci, xhci->event_ring, true);
601 set_hc_event_deq(xhci);
603 /* FIXME for multi-TD URBs (who have buffers bigger than 64MB) */
605 usb_hcd_unlink_urb_from_ep(xhci_to_hcd(xhci), urb);
606 spin_unlock(&xhci->lock);
607 usb_hcd_giveback_urb(xhci_to_hcd(xhci), urb, status);
608 spin_lock(&xhci->lock);
614 * This function handles all OS-owned events on the event ring. It may drop
615 * xhci->lock between event processing (e.g. to pass up port status changes).
617 void handle_event(struct xhci_hcd *xhci)
619 union xhci_trb *event;
623 if (!xhci->event_ring || !xhci->event_ring->dequeue) {
624 xhci->error_bitmask |= 1 << 1;
628 event = xhci->event_ring->dequeue;
629 /* Does the HC or OS own the TRB? */
630 if ((event->event_cmd.flags & TRB_CYCLE) !=
631 xhci->event_ring->cycle_state) {
632 xhci->error_bitmask |= 1 << 2;
636 /* FIXME: Handle more event types. */
637 switch ((event->event_cmd.flags & TRB_TYPE_BITMASK)) {
638 case TRB_TYPE(TRB_COMPLETION):
639 handle_cmd_completion(xhci, &event->event_cmd);
641 case TRB_TYPE(TRB_PORT_STATUS):
642 handle_port_status(xhci, event);
645 case TRB_TYPE(TRB_TRANSFER):
646 ret = handle_tx_event(xhci, &event->trans_event);
648 xhci->error_bitmask |= 1 << 9;
653 xhci->error_bitmask |= 1 << 3;
657 /* Update SW and HC event ring dequeue pointer */
658 inc_deq(xhci, xhci->event_ring, true);
659 set_hc_event_deq(xhci);
661 /* Are there more items on the event ring? */
665 /**** Endpoint Ring Operations ****/
668 * Generic function for queueing a TRB on a ring.
669 * The caller must have checked to make sure there's room on the ring.
671 static void queue_trb(struct xhci_hcd *xhci, struct xhci_ring *ring,
673 u32 field1, u32 field2, u32 field3, u32 field4)
675 struct xhci_generic_trb *trb;
677 trb = &ring->enqueue->generic;
678 trb->field[0] = field1;
679 trb->field[1] = field2;
680 trb->field[2] = field3;
681 trb->field[3] = field4;
682 inc_enq(xhci, ring, consumer);
686 * Does various checks on the endpoint ring, and makes it ready to queue num_trbs.
687 * FIXME allocate segments if the ring is full.
689 static int prepare_ring(struct xhci_hcd *xhci, struct xhci_ring *ep_ring,
690 u32 ep_state, unsigned int num_trbs, gfp_t mem_flags)
692 /* Make sure the endpoint has been added to xHC schedule */
693 xhci_dbg(xhci, "Endpoint state = 0x%x\n", ep_state);
695 case EP_STATE_DISABLED:
697 * USB core changed config/interfaces without notifying us,
698 * or hardware is reporting the wrong state.
700 xhci_warn(xhci, "WARN urb submitted to disabled ep\n");
702 case EP_STATE_HALTED:
704 xhci_warn(xhci, "WARN waiting for halt or error on ep "
706 /* FIXME event handling code for error needs to clear it */
707 /* XXX not sure if this should be -ENOENT or not */
709 case EP_STATE_STOPPED:
710 case EP_STATE_RUNNING:
713 xhci_err(xhci, "ERROR unknown endpoint state for ep\n");
715 * FIXME issue Configure Endpoint command to try to get the HC
716 * back into a known state.
720 if (!room_on_ring(xhci, ep_ring, num_trbs)) {
721 /* FIXME allocate more room */
722 xhci_err(xhci, "ERROR no room on ep ring\n");
728 int xhci_prepare_transfer(struct xhci_hcd *xhci,
729 struct xhci_virt_device *xdev,
730 unsigned int ep_index,
731 unsigned int num_trbs,
738 ret = prepare_ring(xhci, xdev->ep_rings[ep_index],
739 xdev->out_ctx->ep[ep_index].ep_info & EP_STATE_MASK,
740 num_trbs, mem_flags);
743 *td = kzalloc(sizeof(struct xhci_td), mem_flags);
746 INIT_LIST_HEAD(&(*td)->td_list);
748 ret = usb_hcd_link_urb_to_ep(xhci_to_hcd(xhci), urb);
755 urb->hcpriv = (void *) (*td);
756 /* Add this TD to the tail of the endpoint ring's TD list */
757 list_add_tail(&(*td)->td_list, &xdev->ep_rings[ep_index]->td_list);
762 unsigned int count_sg_trbs_needed(struct xhci_hcd *xhci, struct urb *urb)
764 int num_sgs, num_trbs, running_total, temp, i;
765 struct scatterlist *sg;
768 num_sgs = urb->num_sgs;
769 temp = urb->transfer_buffer_length;
771 xhci_dbg(xhci, "count sg list trbs: \n");
773 for_each_sg(urb->sg->sg, sg, num_sgs, i) {
774 unsigned int previous_total_trbs = num_trbs;
775 unsigned int len = sg_dma_len(sg);
777 /* Scatter gather list entries may cross 64KB boundaries */
778 running_total = TRB_MAX_BUFF_SIZE -
779 (sg_dma_address(sg) & ((1 << TRB_MAX_BUFF_SHIFT) - 1));
780 if (running_total != 0)
783 /* How many more 64KB chunks to transfer, how many more TRBs? */
784 while (running_total < sg_dma_len(sg)) {
786 running_total += TRB_MAX_BUFF_SIZE;
788 xhci_dbg(xhci, " sg #%d: dma = %#x, len = %#x (%d), num_trbs = %d\n",
789 i, sg_dma_address(sg), len, len,
790 num_trbs - previous_total_trbs);
792 len = min_t(int, len, temp);
797 xhci_dbg(xhci, "\n");
799 dev_dbg(&urb->dev->dev, "ep %#x - urb len = %d, sglist used, num_trbs = %d\n",
800 urb->ep->desc.bEndpointAddress,
801 urb->transfer_buffer_length,
806 void check_trb_math(struct urb *urb, int num_trbs, int running_total)
809 dev_dbg(&urb->dev->dev, "%s - ep %#x - Miscalculated number of "
810 "TRBs, %d left\n", __func__,
811 urb->ep->desc.bEndpointAddress, num_trbs);
812 if (running_total != urb->transfer_buffer_length)
813 dev_dbg(&urb->dev->dev, "%s - ep %#x - Miscalculated tx length, "
814 "queued %#x (%d), asked for %#x (%d)\n",
816 urb->ep->desc.bEndpointAddress,
817 running_total, running_total,
818 urb->transfer_buffer_length,
819 urb->transfer_buffer_length);
822 void giveback_first_trb(struct xhci_hcd *xhci, int slot_id,
823 unsigned int ep_index, int start_cycle,
824 struct xhci_generic_trb *start_trb, struct xhci_td *td)
829 * Pass all the TRBs to the hardware at once and make sure this write
833 start_trb->field[3] |= start_cycle;
834 field = xhci_readl(xhci, &xhci->dba->doorbell[slot_id]) & DB_MASK;
835 xhci_writel(xhci, field | EPI_TO_DB(ep_index),
836 &xhci->dba->doorbell[slot_id]);
837 /* Flush PCI posted writes */
838 xhci_readl(xhci, &xhci->dba->doorbell[slot_id]);
841 int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
842 struct urb *urb, int slot_id, unsigned int ep_index)
844 struct xhci_ring *ep_ring;
845 unsigned int num_trbs;
847 struct scatterlist *sg;
849 int trb_buff_len, this_sg_len, running_total;
853 struct xhci_generic_trb *start_trb;
856 ep_ring = xhci->devs[slot_id]->ep_rings[ep_index];
857 num_trbs = count_sg_trbs_needed(xhci, urb);
858 num_sgs = urb->num_sgs;
860 trb_buff_len = xhci_prepare_transfer(xhci, xhci->devs[slot_id],
861 ep_index, num_trbs, urb, &td, mem_flags);
862 if (trb_buff_len < 0)
865 * Don't give the first TRB to the hardware (by toggling the cycle bit)
866 * until we've finished creating all the other TRBs. The ring's cycle
867 * state may change as we enqueue the other TRBs, so save it too.
869 start_trb = &ep_ring->enqueue->generic;
870 start_cycle = ep_ring->cycle_state;
874 * How much data is in the first TRB?
876 * There are three forces at work for TRB buffer pointers and lengths:
877 * 1. We don't want to walk off the end of this sg-list entry buffer.
878 * 2. The transfer length that the driver requested may be smaller than
879 * the amount of memory allocated for this scatter-gather list.
880 * 3. TRBs buffers can't cross 64KB boundaries.
883 addr = (u64) sg_dma_address(sg);
884 this_sg_len = sg_dma_len(sg);
885 trb_buff_len = TRB_MAX_BUFF_SIZE -
886 (addr & ((1 << TRB_MAX_BUFF_SHIFT) - 1));
887 trb_buff_len = min_t(int, trb_buff_len, this_sg_len);
888 if (trb_buff_len > urb->transfer_buffer_length)
889 trb_buff_len = urb->transfer_buffer_length;
890 xhci_dbg(xhci, "First length to xfer from 1st sglist entry = %u\n",
894 /* Queue the first TRB, even if it's zero-length */
898 /* Don't change the cycle bit of the first TRB until later */
902 field |= ep_ring->cycle_state;
904 /* Chain all the TRBs together; clear the chain bit in the last
905 * TRB to indicate it's the last TRB in the chain.
910 /* FIXME - add check for ZERO_PACKET flag before this */
911 td->last_trb = ep_ring->enqueue;
914 xhci_dbg(xhci, " sg entry: dma = %#x, len = %#x (%d), "
915 "64KB boundary at %#x, end dma = %#x\n",
916 (unsigned int) addr, trb_buff_len, trb_buff_len,
917 (unsigned int) (addr + TRB_MAX_BUFF_SIZE) & ~(TRB_MAX_BUFF_SIZE - 1),
918 (unsigned int) addr + trb_buff_len);
919 if (TRB_MAX_BUFF_SIZE -
920 (addr & ((1 << TRB_MAX_BUFF_SHIFT) - 1)) < trb_buff_len) {
921 xhci_warn(xhci, "WARN: sg dma xfer crosses 64KB boundaries!\n");
922 xhci_dbg(xhci, "Next boundary at %#x, end dma = %#x\n",
923 (unsigned int) (addr + TRB_MAX_BUFF_SIZE) & ~(TRB_MAX_BUFF_SIZE - 1),
924 (unsigned int) addr + trb_buff_len);
926 queue_trb(xhci, ep_ring, false,
928 (u32) ((u64) addr >> 32),
929 TRB_LEN(trb_buff_len) | TRB_INTR_TARGET(0),
930 /* We always want to know if the TRB was short,
931 * or we won't get an event when it completes.
932 * (Unless we use event data TRBs, which are a
933 * waste of space and HC resources.)
935 field | TRB_ISP | TRB_TYPE(TRB_NORMAL));
937 running_total += trb_buff_len;
939 /* Calculate length for next transfer --
940 * Are we done queueing all the TRBs for this sg entry?
942 this_sg_len -= trb_buff_len;
943 if (this_sg_len == 0) {
948 addr = (u64) sg_dma_address(sg);
949 this_sg_len = sg_dma_len(sg);
951 addr += trb_buff_len;
954 trb_buff_len = TRB_MAX_BUFF_SIZE -
955 (addr & ((1 << TRB_MAX_BUFF_SHIFT) - 1));
956 trb_buff_len = min_t(int, trb_buff_len, this_sg_len);
957 if (running_total + trb_buff_len > urb->transfer_buffer_length)
959 urb->transfer_buffer_length - running_total;
960 } while (running_total < urb->transfer_buffer_length);
962 check_trb_math(urb, num_trbs, running_total);
963 giveback_first_trb(xhci, slot_id, ep_index, start_cycle, start_trb, td);
967 /* This is very similar to what ehci-q.c qtd_fill() does */
968 int queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
969 struct urb *urb, int slot_id, unsigned int ep_index)
971 struct xhci_ring *ep_ring;
974 struct xhci_generic_trb *start_trb;
979 int running_total, trb_buff_len, ret;
983 return queue_bulk_sg_tx(xhci, mem_flags, urb, slot_id, ep_index);
985 ep_ring = xhci->devs[slot_id]->ep_rings[ep_index];
988 /* How much data is (potentially) left before the 64KB boundary? */
989 running_total = TRB_MAX_BUFF_SIZE -
990 (urb->transfer_dma & ((1 << TRB_MAX_BUFF_SHIFT) - 1));
992 /* If there's some data on this 64KB chunk, or we have to send a
993 * zero-length transfer, we need at least one TRB
995 if (running_total != 0 || urb->transfer_buffer_length == 0)
997 /* How many more 64KB chunks to transfer, how many more TRBs? */
998 while (running_total < urb->transfer_buffer_length) {
1000 running_total += TRB_MAX_BUFF_SIZE;
1002 /* FIXME: this doesn't deal with URB_ZERO_PACKET - need one more */
1004 if (!in_interrupt())
1005 dev_dbg(&urb->dev->dev, "ep %#x - urb len = %#x (%d), addr = %#x, num_trbs = %d\n",
1006 urb->ep->desc.bEndpointAddress,
1007 urb->transfer_buffer_length,
1008 urb->transfer_buffer_length,
1012 ret = xhci_prepare_transfer(xhci, xhci->devs[slot_id], ep_index,
1013 num_trbs, urb, &td, mem_flags);
1018 * Don't give the first TRB to the hardware (by toggling the cycle bit)
1019 * until we've finished creating all the other TRBs. The ring's cycle
1020 * state may change as we enqueue the other TRBs, so save it too.
1022 start_trb = &ep_ring->enqueue->generic;
1023 start_cycle = ep_ring->cycle_state;
1026 /* How much data is in the first TRB? */
1027 addr = (u64) urb->transfer_dma;
1028 trb_buff_len = TRB_MAX_BUFF_SIZE -
1029 (urb->transfer_dma & ((1 << TRB_MAX_BUFF_SHIFT) - 1));
1030 if (urb->transfer_buffer_length < trb_buff_len)
1031 trb_buff_len = urb->transfer_buffer_length;
1035 /* Queue the first TRB, even if it's zero-length */
1039 /* Don't change the cycle bit of the first TRB until later */
1043 field |= ep_ring->cycle_state;
1045 /* Chain all the TRBs together; clear the chain bit in the last
1046 * TRB to indicate it's the last TRB in the chain.
1051 /* FIXME - add check for ZERO_PACKET flag before this */
1052 td->last_trb = ep_ring->enqueue;
1055 queue_trb(xhci, ep_ring, false,
1057 (u32) ((u64) addr >> 32),
1058 TRB_LEN(trb_buff_len) | TRB_INTR_TARGET(0),
1059 /* We always want to know if the TRB was short,
1060 * or we won't get an event when it completes.
1061 * (Unless we use event data TRBs, which are a
1062 * waste of space and HC resources.)
1064 field | TRB_ISP | TRB_TYPE(TRB_NORMAL));
1066 running_total += trb_buff_len;
1068 /* Calculate length for next transfer */
1069 addr += trb_buff_len;
1070 trb_buff_len = urb->transfer_buffer_length - running_total;
1071 if (trb_buff_len > TRB_MAX_BUFF_SIZE)
1072 trb_buff_len = TRB_MAX_BUFF_SIZE;
1073 } while (running_total < urb->transfer_buffer_length);
1075 check_trb_math(urb, num_trbs, running_total);
1076 giveback_first_trb(xhci, slot_id, ep_index, start_cycle, start_trb, td);
1080 /* Caller must have locked xhci->lock */
1081 int queue_ctrl_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
1082 struct urb *urb, int slot_id, unsigned int ep_index)
1084 struct xhci_ring *ep_ring;
1087 struct usb_ctrlrequest *setup;
1088 struct xhci_generic_trb *start_trb;
1093 ep_ring = xhci->devs[slot_id]->ep_rings[ep_index];
1096 * Need to copy setup packet into setup TRB, so we can't use the setup
1099 if (!urb->setup_packet)
1102 if (!in_interrupt())
1103 xhci_dbg(xhci, "Queueing ctrl tx for slot id %d, ep %d\n",
1105 /* 1 TRB for setup, 1 for status */
1108 * Don't need to check if we need additional event data and normal TRBs,
1109 * since data in control transfers will never get bigger than 16MB
1110 * XXX: can we get a buffer that crosses 64KB boundaries?
1112 if (urb->transfer_buffer_length > 0)
1114 ret = xhci_prepare_transfer(xhci, xhci->devs[slot_id], ep_index, num_trbs,
1115 urb, &td, mem_flags);
1120 * Don't give the first TRB to the hardware (by toggling the cycle bit)
1121 * until we've finished creating all the other TRBs. The ring's cycle
1122 * state may change as we enqueue the other TRBs, so save it too.
1124 start_trb = &ep_ring->enqueue->generic;
1125 start_cycle = ep_ring->cycle_state;
1127 /* Queue setup TRB - see section 6.4.1.2.1 */
1128 /* FIXME better way to translate setup_packet into two u32 fields? */
1129 setup = (struct usb_ctrlrequest *) urb->setup_packet;
1130 queue_trb(xhci, ep_ring, false,
1131 /* FIXME endianness is probably going to bite my ass here. */
1132 setup->bRequestType | setup->bRequest << 8 | setup->wValue << 16,
1133 setup->wIndex | setup->wLength << 16,
1134 TRB_LEN(8) | TRB_INTR_TARGET(0),
1135 /* Immediate data in pointer */
1136 TRB_IDT | TRB_TYPE(TRB_SETUP));
1138 /* If there's data, queue data TRBs */
1140 if (urb->transfer_buffer_length > 0) {
1141 if (setup->bRequestType & USB_DIR_IN)
1142 field |= TRB_DIR_IN;
1143 queue_trb(xhci, ep_ring, false,
1144 lower_32_bits(urb->transfer_dma),
1145 upper_32_bits(urb->transfer_dma),
1146 TRB_LEN(urb->transfer_buffer_length) | TRB_INTR_TARGET(0),
1147 /* Event on short tx */
1148 field | TRB_ISP | TRB_TYPE(TRB_DATA) | ep_ring->cycle_state);
1151 /* Save the DMA address of the last TRB in the TD */
1152 td->last_trb = ep_ring->enqueue;
1154 /* Queue status TRB - see Table 7 and sections 4.11.2.2 and 6.4.1.2.3 */
1155 /* If the device sent data, the status stage is an OUT transfer */
1156 if (urb->transfer_buffer_length > 0 && setup->bRequestType & USB_DIR_IN)
1160 queue_trb(xhci, ep_ring, false,
1164 /* Event on completion */
1165 field | TRB_IOC | TRB_TYPE(TRB_STATUS) | ep_ring->cycle_state);
1167 giveback_first_trb(xhci, slot_id, ep_index, start_cycle, start_trb, td);
1171 /**** Command Ring Operations ****/
1173 /* Generic function for queueing a command TRB on the command ring */
1174 static int queue_command(struct xhci_hcd *xhci, u32 field1, u32 field2, u32 field3, u32 field4)
1176 if (!room_on_ring(xhci, xhci->cmd_ring, 1)) {
1177 if (!in_interrupt())
1178 xhci_err(xhci, "ERR: No room for command on command ring\n");
1181 queue_trb(xhci, xhci->cmd_ring, false, field1, field2, field3,
1182 field4 | xhci->cmd_ring->cycle_state);
1186 /* Queue a no-op command on the command ring */
1187 static int queue_cmd_noop(struct xhci_hcd *xhci)
1189 return queue_command(xhci, 0, 0, 0, TRB_TYPE(TRB_CMD_NOOP));
1193 * Place a no-op command on the command ring to test the command and
1196 void *setup_one_noop(struct xhci_hcd *xhci)
1198 if (queue_cmd_noop(xhci) < 0)
1200 xhci->noops_submitted++;
1204 /* Queue a slot enable or disable request on the command ring */
1205 int queue_slot_control(struct xhci_hcd *xhci, u32 trb_type, u32 slot_id)
1207 return queue_command(xhci, 0, 0, 0,
1208 TRB_TYPE(trb_type) | SLOT_ID_FOR_TRB(slot_id));
1211 /* Queue an address device command TRB */
1212 int queue_address_device(struct xhci_hcd *xhci, dma_addr_t in_ctx_ptr, u32 slot_id)
1214 return queue_command(xhci, in_ctx_ptr, 0, 0,
1215 TRB_TYPE(TRB_ADDR_DEV) | SLOT_ID_FOR_TRB(slot_id));
1218 /* Queue a configure endpoint command TRB */
1219 int queue_configure_endpoint(struct xhci_hcd *xhci, dma_addr_t in_ctx_ptr, u32 slot_id)
1221 return queue_command(xhci, in_ctx_ptr, 0, 0,
1222 TRB_TYPE(TRB_CONFIG_EP) | SLOT_ID_FOR_TRB(slot_id));
projects / linux-flexiantxendom0.git / blob