2 * Copyright (C) 2001-2004 by David Brownell
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software Foundation,
16 * Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 /* this file is part of ehci-hcd.c */
21 /*-------------------------------------------------------------------------*/
24 * EHCI hardware queue manipulation ... the core. QH/QTD manipulation.
26 * Control, bulk, and interrupt traffic all use "qh" lists. They list "qtd"
27 * entries describing USB transactions, max 16-20kB/entry (with 4kB-aligned
28 * buffers needed for the larger number). We use one QH per endpoint, queue
29 * multiple urbs (all three types) per endpoint. URBs may need several qtds.
31 * ISO traffic uses "ISO TD" (itd, and sitd) records, and (along with
32 * interrupts) needs careful scheduling. Performance improvements can be
33 * an ongoing challenge. That's in "ehci-sched.c".
35 * USB 1.1 devices are handled (a) by "companion" OHCI or UHCI root hubs,
36 * or otherwise through transaction translators (TTs) in USB 2.0 hubs using
37 * (b) special fields in qh entries or (c) split iso entries. TTs will
38 * buffer low/full speed data so the host collects it at high speed.
41 /*-------------------------------------------------------------------------*/
43 /* fill a qtd, returning how much of the buffer we were able to queue up */
46 qtd_fill(struct ehci_hcd
*ehci
, struct ehci_qtd
*qtd
, dma_addr_t buf
,
47 size_t len
, int token
, int maxpacket
)
52 /* one buffer entry per 4K ... first might be short or unaligned */
53 qtd
->hw_buf
[0] = cpu_to_hc32(ehci
, (u32
)addr
);
54 qtd
->hw_buf_hi
[0] = cpu_to_hc32(ehci
, (u32
)(addr
>> 32));
55 count
= 0x1000 - (buf
& 0x0fff); /* rest of that page */
56 if (likely (len
< count
)) /* ... iff needed */
62 /* per-qtd limit: from 16K to 20K (best alignment) */
63 for (i
= 1; count
< len
&& i
< 5; i
++) {
65 qtd
->hw_buf
[i
] = cpu_to_hc32(ehci
, (u32
)addr
);
66 qtd
->hw_buf_hi
[i
] = cpu_to_hc32(ehci
,
69 if ((count
+ 0x1000) < len
)
75 /* short packets may only terminate transfers */
77 count
-= (count
% maxpacket
);
79 qtd
->hw_token
= cpu_to_hc32(ehci
, (count
<< 16) | token
);
85 /*-------------------------------------------------------------------------*/
88 qh_update (struct ehci_hcd
*ehci
, struct ehci_qh
*qh
, struct ehci_qtd
*qtd
)
90 struct ehci_qh_hw
*hw
= qh
->hw
;
92 /* writes to an active overlay are unsafe */
93 WARN_ON(qh
->qh_state
!= QH_STATE_IDLE
);
95 hw
->hw_qtd_next
= QTD_NEXT(ehci
, qtd
->qtd_dma
);
96 hw
->hw_alt_next
= EHCI_LIST_END(ehci
);
98 /* Except for control endpoints, we make hardware maintain data
99 * toggle (like OHCI) ... here (re)initialize the toggle in the QH,
100 * and set the pseudo-toggle in udev. Only usb_clear_halt() will
103 if (!(hw
->hw_info1
& cpu_to_hc32(ehci
, QH_TOGGLE_CTL
))) {
104 unsigned is_out
, epnum
;
107 epnum
= (hc32_to_cpup(ehci
, &hw
->hw_info1
) >> 8) & 0x0f;
108 if (unlikely (!usb_gettoggle (qh
->dev
, epnum
, is_out
))) {
109 hw
->hw_token
&= ~cpu_to_hc32(ehci
, QTD_TOGGLE
);
110 usb_settoggle (qh
->dev
, epnum
, is_out
, 1);
114 hw
->hw_token
&= cpu_to_hc32(ehci
, QTD_TOGGLE
| QTD_STS_PING
);
117 /* if it weren't for a common silicon quirk (writing the dummy into the qh
118 * overlay, so qh->hw_token wrongly becomes inactive/halted), only fault
119 * recovery (including urb dequeue) would need software changes to a QH...
122 qh_refresh (struct ehci_hcd
*ehci
, struct ehci_qh
*qh
)
124 struct ehci_qtd
*qtd
;
126 qtd
= list_entry(qh
->qtd_list
.next
, struct ehci_qtd
, qtd_list
);
129 * first qtd may already be partially processed.
130 * If we come here during unlink, the QH overlay region
131 * might have reference to the just unlinked qtd. The
132 * qtd is updated in qh_completions(). Update the QH
135 if (qh
->hw
->hw_token
& ACTIVE_BIT(ehci
))
136 qh
->hw
->hw_qtd_next
= qtd
->hw_next
;
138 qh_update(ehci
, qh
, qtd
);
141 /*-------------------------------------------------------------------------*/
143 static void qh_link_async(struct ehci_hcd
*ehci
, struct ehci_qh
*qh
);
145 static void ehci_clear_tt_buffer_complete(struct usb_hcd
*hcd
,
146 struct usb_host_endpoint
*ep
)
148 struct ehci_hcd
*ehci
= hcd_to_ehci(hcd
);
149 struct ehci_qh
*qh
= ep
->hcpriv
;
152 spin_lock_irqsave(&ehci
->lock
, flags
);
154 if (qh
->qh_state
== QH_STATE_IDLE
&& !list_empty(&qh
->qtd_list
)
155 && ehci
->rh_state
== EHCI_RH_RUNNING
)
156 qh_link_async(ehci
, qh
);
157 spin_unlock_irqrestore(&ehci
->lock
, flags
);
160 static void ehci_clear_tt_buffer(struct ehci_hcd
*ehci
, struct ehci_qh
*qh
,
161 struct urb
*urb
, u32 token
)
164 /* If an async split transaction gets an error or is unlinked,
165 * the TT buffer may be left in an indeterminate state. We
166 * have to clear the TT buffer.
168 * Note: this routine is never called for Isochronous transfers.
170 if (urb
->dev
->tt
&& !usb_pipeint(urb
->pipe
) && !qh
->clearing_tt
) {
172 struct usb_device
*tt
= urb
->dev
->tt
->hub
;
174 "clear tt buffer port %d, a%d ep%d t%08x\n",
175 urb
->dev
->ttport
, urb
->dev
->devnum
,
176 usb_pipeendpoint(urb
->pipe
), token
);
178 if (!ehci_is_TDI(ehci
)
179 || urb
->dev
->tt
->hub
!=
180 ehci_to_hcd(ehci
)->self
.root_hub
) {
181 if (usb_hub_clear_tt_buffer(urb
) == 0)
185 /* REVISIT ARC-derived cores don't clear the root
186 * hub TT buffer in this way...
192 static int qtd_copy_status (
193 struct ehci_hcd
*ehci
,
199 int status
= -EINPROGRESS
;
201 /* count IN/OUT bytes, not SETUP (even short packets) */
202 if (likely (QTD_PID (token
) != 2))
203 urb
->actual_length
+= length
- QTD_LENGTH (token
);
205 /* don't modify error codes */
206 if (unlikely(urb
->unlinked
))
209 /* force cleanup after short read; not always an error */
210 if (unlikely (IS_SHORT_READ (token
)))
213 /* serious "can't proceed" faults reported by the hardware */
214 if (token
& QTD_STS_HALT
) {
215 if (token
& QTD_STS_BABBLE
) {
216 /* FIXME "must" disable babbling device's port too */
218 /* CERR nonzero + halt --> stall */
219 } else if (QTD_CERR(token
)) {
222 /* In theory, more than one of the following bits can be set
223 * since they are sticky and the transaction is retried.
224 * Which to test first is rather arbitrary.
226 } else if (token
& QTD_STS_MMF
) {
227 /* fs/ls interrupt xfer missed the complete-split */
229 } else if (token
& QTD_STS_DBE
) {
230 status
= (QTD_PID (token
) == 1) /* IN ? */
231 ? -ENOSR
/* hc couldn't read data */
232 : -ECOMM
; /* hc couldn't write data */
233 } else if (token
& QTD_STS_XACT
) {
234 /* timeout, bad CRC, wrong PID, etc */
235 ehci_dbg(ehci
, "devpath %s ep%d%s 3strikes\n",
237 usb_pipeendpoint(urb
->pipe
),
238 usb_pipein(urb
->pipe
) ? "in" : "out");
240 } else { /* unknown */
245 "dev%d ep%d%s qtd token %08x --> status %d\n",
246 usb_pipedevice (urb
->pipe
),
247 usb_pipeendpoint (urb
->pipe
),
248 usb_pipein (urb
->pipe
) ? "in" : "out",
256 ehci_urb_done(struct ehci_hcd
*ehci
, struct urb
*urb
, int status
)
257 __releases(ehci
->lock
)
258 __acquires(ehci
->lock
)
260 if (usb_pipetype(urb
->pipe
) == PIPE_INTERRUPT
) {
261 /* ... update hc-wide periodic stats */
262 ehci_to_hcd(ehci
)->self
.bandwidth_int_reqs
--;
265 if (unlikely(urb
->unlinked
)) {
266 COUNT(ehci
->stats
.unlink
);
268 /* report non-error and short read status as zero */
269 if (status
== -EINPROGRESS
|| status
== -EREMOTEIO
)
271 COUNT(ehci
->stats
.complete
);
274 #ifdef EHCI_URB_TRACE
276 "%s %s urb %p ep%d%s status %d len %d/%d\n",
277 __func__
, urb
->dev
->devpath
, urb
,
278 usb_pipeendpoint (urb
->pipe
),
279 usb_pipein (urb
->pipe
) ? "in" : "out",
281 urb
->actual_length
, urb
->transfer_buffer_length
);
284 /* complete() can reenter this HCD */
285 usb_hcd_unlink_urb_from_ep(ehci_to_hcd(ehci
), urb
);
286 spin_unlock (&ehci
->lock
);
287 usb_hcd_giveback_urb(ehci_to_hcd(ehci
), urb
, status
);
288 spin_lock (&ehci
->lock
);
291 static int qh_schedule (struct ehci_hcd
*ehci
, struct ehci_qh
*qh
);
294 * Process and free completed qtds for a qh, returning URBs to drivers.
295 * Chases up to qh->hw_current. Returns nonzero if the caller should
299 qh_completions (struct ehci_hcd
*ehci
, struct ehci_qh
*qh
)
301 struct ehci_qtd
*last
, *end
= qh
->dummy
;
302 struct list_head
*entry
, *tmp
;
306 struct ehci_qh_hw
*hw
= qh
->hw
;
308 /* completions (or tasks on other cpus) must never clobber HALT
309 * till we've gone through and cleaned everything up, even when
310 * they add urbs to this qh's queue or mark them for unlinking.
312 * NOTE: unlinking expects to be done in queue order.
314 * It's a bug for qh->qh_state to be anything other than
315 * QH_STATE_IDLE, unless our caller is scan_async() or
318 state
= qh
->qh_state
;
319 qh
->qh_state
= QH_STATE_COMPLETING
;
320 stopped
= (state
== QH_STATE_IDLE
);
324 last_status
= -EINPROGRESS
;
325 qh
->dequeue_during_giveback
= 0;
327 /* remove de-activated QTDs from front of queue.
328 * after faults (including short reads), cleanup this urb
329 * then let the queue advance.
330 * if queue is stopped, handles unlinks.
332 list_for_each_safe (entry
, tmp
, &qh
->qtd_list
) {
333 struct ehci_qtd
*qtd
;
337 qtd
= list_entry (entry
, struct ehci_qtd
, qtd_list
);
340 /* clean up any state from previous QTD ...*/
342 if (likely (last
->urb
!= urb
)) {
343 ehci_urb_done(ehci
, last
->urb
, last_status
);
344 last_status
= -EINPROGRESS
;
346 ehci_qtd_free (ehci
, last
);
350 /* ignore urbs submitted during completions we reported */
354 /* hardware copies qtd out of qh overlay */
356 token
= hc32_to_cpu(ehci
, qtd
->hw_token
);
358 /* always clean up qtds the hc de-activated */
360 if ((token
& QTD_STS_ACTIVE
) == 0) {
362 /* Report Data Buffer Error: non-fatal but useful */
363 if (token
& QTD_STS_DBE
)
365 "detected DataBufferErr for urb %p ep%d%s len %d, qtd %p [qh %p]\n",
367 usb_endpoint_num(&urb
->ep
->desc
),
368 usb_endpoint_dir_in(&urb
->ep
->desc
) ? "in" : "out",
369 urb
->transfer_buffer_length
,
373 /* on STALL, error, and short reads this urb must
374 * complete and all its qtds must be recycled.
376 if ((token
& QTD_STS_HALT
) != 0) {
378 /* retry transaction errors until we
379 * reach the software xacterr limit
381 if ((token
& QTD_STS_XACT
) &&
382 QTD_CERR(token
) == 0 &&
383 ++qh
->xacterrs
< QH_XACTERR_MAX
&&
386 "detected XactErr len %zu/%zu retry %d\n",
387 qtd
->length
- QTD_LENGTH(token
), qtd
->length
, qh
->xacterrs
);
389 /* reset the token in the qtd and the
390 * qh overlay (which still contains
391 * the qtd) so that we pick up from
394 token
&= ~QTD_STS_HALT
;
395 token
|= QTD_STS_ACTIVE
|
396 (EHCI_TUNE_CERR
<< 10);
397 qtd
->hw_token
= cpu_to_hc32(ehci
,
400 hw
->hw_token
= cpu_to_hc32(ehci
,
406 /* magic dummy for some short reads; qh won't advance.
407 * that silicon quirk can kick in with this dummy too.
409 * other short reads won't stop the queue, including
410 * control transfers (status stage handles that) or
411 * most other single-qtd reads ... the queue stops if
412 * URB_SHORT_NOT_OK was set so the driver submitting
413 * the urbs could clean it up.
415 } else if (IS_SHORT_READ (token
)
416 && !(qtd
->hw_alt_next
417 & EHCI_LIST_END(ehci
))) {
421 /* stop scanning when we reach qtds the hc is using */
422 } else if (likely (!stopped
423 && ehci
->rh_state
>= EHCI_RH_RUNNING
)) {
426 /* scan the whole queue for unlinks whenever it stops */
430 /* cancel everything if we halt, suspend, etc */
431 if (ehci
->rh_state
< EHCI_RH_RUNNING
)
432 last_status
= -ESHUTDOWN
;
434 /* this qtd is active; skip it unless a previous qtd
435 * for its urb faulted, or its urb was canceled.
437 else if (last_status
== -EINPROGRESS
&& !urb
->unlinked
)
441 * If this was the active qtd when the qh was unlinked
442 * and the overlay's token is active, then the overlay
443 * hasn't been written back to the qtd yet so use its
444 * token instead of the qtd's. After the qtd is
445 * processed and removed, the overlay won't be valid
448 if (state
== QH_STATE_IDLE
&&
449 qh
->qtd_list
.next
== &qtd
->qtd_list
&&
450 (hw
->hw_token
& ACTIVE_BIT(ehci
))) {
451 token
= hc32_to_cpu(ehci
, hw
->hw_token
);
452 hw
->hw_token
&= ~ACTIVE_BIT(ehci
);
454 /* An unlink may leave an incomplete
455 * async transaction in the TT buffer.
456 * We have to clear it.
458 ehci_clear_tt_buffer(ehci
, qh
, urb
, token
);
462 /* unless we already know the urb's status, collect qtd status
463 * and update count of bytes transferred. in common short read
464 * cases with only one data qtd (including control transfers),
465 * queue processing won't halt. but with two or more qtds (for
466 * example, with a 32 KB transfer), when the first qtd gets a
467 * short read the second must be removed by hand.
469 if (last_status
== -EINPROGRESS
) {
470 last_status
= qtd_copy_status(ehci
, urb
,
472 if (last_status
== -EREMOTEIO
474 & EHCI_LIST_END(ehci
)))
475 last_status
= -EINPROGRESS
;
477 /* As part of low/full-speed endpoint-halt processing
478 * we must clear the TT buffer (11.17.5).
480 if (unlikely(last_status
!= -EINPROGRESS
&&
481 last_status
!= -EREMOTEIO
)) {
482 /* The TT's in some hubs malfunction when they
483 * receive this request following a STALL (they
484 * stop sending isochronous packets). Since a
485 * STALL can't leave the TT buffer in a busy
486 * state (if you believe Figures 11-48 - 11-51
487 * in the USB 2.0 spec), we won't clear the TT
488 * buffer in this case. Strictly speaking this
489 * is a violation of the spec.
491 if (last_status
!= -EPIPE
)
492 ehci_clear_tt_buffer(ehci
, qh
, urb
,
497 /* if we're removing something not at the queue head,
498 * patch the hardware queue pointer.
500 if (stopped
&& qtd
->qtd_list
.prev
!= &qh
->qtd_list
) {
501 last
= list_entry (qtd
->qtd_list
.prev
,
502 struct ehci_qtd
, qtd_list
);
503 last
->hw_next
= qtd
->hw_next
;
506 /* remove qtd; it's recycled after possible urb completion */
507 list_del (&qtd
->qtd_list
);
510 /* reinit the xacterr counter for the next qtd */
514 /* last urb's completion might still need calling */
515 if (likely (last
!= NULL
)) {
516 ehci_urb_done(ehci
, last
->urb
, last_status
);
517 ehci_qtd_free (ehci
, last
);
520 /* Do we need to rescan for URBs dequeued during a giveback? */
521 if (unlikely(qh
->dequeue_during_giveback
)) {
522 /* If the QH is already unlinked, do the rescan now. */
523 if (state
== QH_STATE_IDLE
)
526 /* Otherwise the caller must unlink the QH. */
529 /* restore original state; caller must unlink or relink */
530 qh
->qh_state
= state
;
532 /* be sure the hardware's done with the qh before refreshing
533 * it after fault cleanup, or recovering from silicon wrongly
534 * overlaying the dummy qtd (which reduces DMA chatter).
536 * We won't refresh a QH that's linked (after the HC
537 * stopped the queue). That avoids a race:
538 * - HC reads first part of QH;
539 * - CPU updates that first part and the token;
540 * - HC reads rest of that QH, including token
541 * Result: HC gets an inconsistent image, and then
542 * DMAs to/from the wrong memory (corrupting it).
544 * That should be rare for interrupt transfers,
545 * except maybe high bandwidth ...
547 if (stopped
!= 0 || hw
->hw_qtd_next
== EHCI_LIST_END(ehci
))
550 /* Let the caller know if the QH needs to be unlinked. */
551 return qh
->exception
;
554 /*-------------------------------------------------------------------------*/
556 // high bandwidth multiplier, as encoded in highspeed endpoint descriptors
557 #define hb_mult(wMaxPacketSize) (1 + (((wMaxPacketSize) >> 11) & 0x03))
558 // ... and packet size, for any kind of endpoint descriptor
559 #define max_packet(wMaxPacketSize) ((wMaxPacketSize) & 0x07ff)
562 * reverse of qh_urb_transaction: free a list of TDs.
563 * used for cleanup after errors, before HC sees an URB's TDs.
565 static void qtd_list_free (
566 struct ehci_hcd
*ehci
,
568 struct list_head
*qtd_list
570 struct list_head
*entry
, *temp
;
572 list_for_each_safe (entry
, temp
, qtd_list
) {
573 struct ehci_qtd
*qtd
;
575 qtd
= list_entry (entry
, struct ehci_qtd
, qtd_list
);
576 list_del (&qtd
->qtd_list
);
577 ehci_qtd_free (ehci
, qtd
);
582 * create a list of filled qtds for this URB; won't link into qh.
584 static struct list_head
*
586 struct ehci_hcd
*ehci
,
588 struct list_head
*head
,
591 struct ehci_qtd
*qtd
, *qtd_prev
;
593 int len
, this_sg_len
, maxpacket
;
597 struct scatterlist
*sg
;
600 * URBs map to sequences of QTDs: one logical transaction
602 qtd
= ehci_qtd_alloc (ehci
, flags
);
605 list_add_tail (&qtd
->qtd_list
, head
);
608 token
= QTD_STS_ACTIVE
;
609 token
|= (EHCI_TUNE_CERR
<< 10);
610 /* for split transactions, SplitXState initialized to zero */
612 len
= urb
->transfer_buffer_length
;
613 is_input
= usb_pipein (urb
->pipe
);
614 if (usb_pipecontrol (urb
->pipe
)) {
616 qtd_fill(ehci
, qtd
, urb
->setup_dma
,
617 sizeof (struct usb_ctrlrequest
),
618 token
| (2 /* "setup" */ << 8), 8);
620 /* ... and always at least one more pid */
623 qtd
= ehci_qtd_alloc (ehci
, flags
);
627 qtd_prev
->hw_next
= QTD_NEXT(ehci
, qtd
->qtd_dma
);
628 list_add_tail (&qtd
->qtd_list
, head
);
630 /* for zero length DATA stages, STATUS is always IN */
632 token
|= (1 /* "in" */ << 8);
636 * data transfer stage: buffer setup
638 i
= urb
->num_mapped_sgs
;
639 if (len
> 0 && i
> 0) {
641 buf
= sg_dma_address(sg
);
643 /* urb->transfer_buffer_length may be smaller than the
644 * size of the scatterlist (or vice versa)
646 this_sg_len
= min_t(int, sg_dma_len(sg
), len
);
649 buf
= urb
->transfer_dma
;
654 token
|= (1 /* "in" */ << 8);
655 /* else it's already initted to "out" pid (0 << 8) */
657 maxpacket
= max_packet(usb_maxpacket(urb
->dev
, urb
->pipe
, !is_input
));
660 * buffer gets wrapped in one or more qtds;
661 * last one may be "short" (including zero len)
662 * and may serve as a control status ack
667 this_qtd_len
= qtd_fill(ehci
, qtd
, buf
, this_sg_len
, token
,
669 this_sg_len
-= this_qtd_len
;
674 * short reads advance to a "magic" dummy instead of the next
675 * qtd ... that forces the queue to stop, for manual cleanup.
676 * (this will usually be overridden later.)
679 qtd
->hw_alt_next
= ehci
->async
->hw
->hw_alt_next
;
681 /* qh makes control packets use qtd toggle; maybe switch it */
682 if ((maxpacket
& (this_qtd_len
+ (maxpacket
- 1))) == 0)
685 if (likely(this_sg_len
<= 0)) {
686 if (--i
<= 0 || len
<= 0)
689 buf
= sg_dma_address(sg
);
690 this_sg_len
= min_t(int, sg_dma_len(sg
), len
);
694 qtd
= ehci_qtd_alloc (ehci
, flags
);
698 qtd_prev
->hw_next
= QTD_NEXT(ehci
, qtd
->qtd_dma
);
699 list_add_tail (&qtd
->qtd_list
, head
);
703 * unless the caller requires manual cleanup after short reads,
704 * have the alt_next mechanism keep the queue running after the
705 * last data qtd (the only one, for control and most other cases).
707 if (likely ((urb
->transfer_flags
& URB_SHORT_NOT_OK
) == 0
708 || usb_pipecontrol (urb
->pipe
)))
709 qtd
->hw_alt_next
= EHCI_LIST_END(ehci
);
712 * control requests may need a terminating data "status" ack;
713 * other OUT ones may need a terminating short packet
716 if (likely (urb
->transfer_buffer_length
!= 0)) {
719 if (usb_pipecontrol (urb
->pipe
)) {
721 token
^= 0x0100; /* "in" <--> "out" */
722 token
|= QTD_TOGGLE
; /* force DATA1 */
723 } else if (usb_pipeout(urb
->pipe
)
724 && (urb
->transfer_flags
& URB_ZERO_PACKET
)
725 && !(urb
->transfer_buffer_length
% maxpacket
)) {
730 qtd
= ehci_qtd_alloc (ehci
, flags
);
734 qtd_prev
->hw_next
= QTD_NEXT(ehci
, qtd
->qtd_dma
);
735 list_add_tail (&qtd
->qtd_list
, head
);
737 /* never any data in such packets */
738 qtd_fill(ehci
, qtd
, 0, 0, token
, 0);
742 /* by default, enable interrupt on urb completion */
743 if (likely (!(urb
->transfer_flags
& URB_NO_INTERRUPT
)))
744 qtd
->hw_token
|= cpu_to_hc32(ehci
, QTD_IOC
);
748 qtd_list_free (ehci
, urb
, head
);
752 /*-------------------------------------------------------------------------*/
754 // Would be best to create all qh's from config descriptors,
755 // when each interface/altsetting is established. Unlink
756 // any previous qh and cancel its urbs first; endpoints are
757 // implicitly reset then (data toggle too).
758 // That'd mean updating how usbcore talks to HCDs. (2.7?)
762 * Each QH holds a qtd list; a QH is used for everything except iso.
764 * For interrupt urbs, the scheduler must set the microframe scheduling
765 * mask(s) each time the QH gets scheduled. For highspeed, that's
766 * just one microframe in the s-mask. For split interrupt transactions
767 * there are additional complications: c-mask, maybe FSTNs.
769 static struct ehci_qh
*
771 struct ehci_hcd
*ehci
,
775 struct ehci_qh
*qh
= ehci_qh_alloc (ehci
, flags
);
776 u32 info1
= 0, info2
= 0;
779 struct usb_tt
*tt
= urb
->dev
->tt
;
780 struct ehci_qh_hw
*hw
;
786 * init endpoint/device data for this QH
788 info1
|= usb_pipeendpoint (urb
->pipe
) << 8;
789 info1
|= usb_pipedevice (urb
->pipe
) << 0;
791 is_input
= usb_pipein (urb
->pipe
);
792 type
= usb_pipetype (urb
->pipe
);
793 maxp
= usb_maxpacket (urb
->dev
, urb
->pipe
, !is_input
);
795 /* 1024 byte maxpacket is a hardware ceiling. High bandwidth
796 * acts like up to 3KB, but is built from smaller packets.
798 if (max_packet(maxp
) > 1024) {
799 ehci_dbg(ehci
, "bogus qh maxpacket %d\n", max_packet(maxp
));
803 /* Compute interrupt scheduling parameters just once, and save.
804 * - allowing for high bandwidth, how many nsec/uframe are used?
805 * - split transactions need a second CSPLIT uframe; same question
806 * - splits also need a schedule gap (for full/low speed I/O)
807 * - qh has a polling interval
809 * For control/bulk requests, the HC or TT handles these.
811 if (type
== PIPE_INTERRUPT
) {
812 qh
->usecs
= NS_TO_US(usb_calc_bus_time(USB_SPEED_HIGH
,
814 hb_mult(maxp
) * max_packet(maxp
)));
815 qh
->start
= NO_FRAME
;
817 if (urb
->dev
->speed
== USB_SPEED_HIGH
) {
821 qh
->period
= urb
->interval
>> 3;
822 if (qh
->period
== 0 && urb
->interval
!= 1) {
823 /* NOTE interval 2 or 4 uframes could work.
824 * But interval 1 scheduling is simpler, and
825 * includes high bandwidth.
828 } else if (qh
->period
> ehci
->periodic_size
) {
829 qh
->period
= ehci
->periodic_size
;
830 urb
->interval
= qh
->period
<< 3;
835 /* gap is f(FS/LS transfer times) */
836 qh
->gap_uf
= 1 + usb_calc_bus_time (urb
->dev
->speed
,
837 is_input
, 0, maxp
) / (125 * 1000);
839 /* FIXME this just approximates SPLIT/CSPLIT times */
840 if (is_input
) { // SPLIT, gap, CSPLIT+DATA
841 qh
->c_usecs
= qh
->usecs
+ HS_USECS (0);
842 qh
->usecs
= HS_USECS (1);
843 } else { // SPLIT+DATA, gap, CSPLIT
844 qh
->usecs
+= HS_USECS (1);
845 qh
->c_usecs
= HS_USECS (0);
848 think_time
= tt
? tt
->think_time
: 0;
849 qh
->tt_usecs
= NS_TO_US (think_time
+
850 usb_calc_bus_time (urb
->dev
->speed
,
851 is_input
, 0, max_packet (maxp
)));
852 qh
->period
= urb
->interval
;
853 if (qh
->period
> ehci
->periodic_size
) {
854 qh
->period
= ehci
->periodic_size
;
855 urb
->interval
= qh
->period
;
860 /* support for tt scheduling, and access to toggles */
864 switch (urb
->dev
->speed
) {
866 info1
|= QH_LOW_SPEED
;
870 /* EPS 0 means "full" */
871 if (type
!= PIPE_INTERRUPT
)
872 info1
|= (EHCI_TUNE_RL_TT
<< 28);
873 if (type
== PIPE_CONTROL
) {
874 info1
|= QH_CONTROL_EP
; /* for TT */
875 info1
|= QH_TOGGLE_CTL
; /* toggle from qtd */
879 info2
|= (EHCI_TUNE_MULT_TT
<< 30);
881 /* Some Freescale processors have an erratum in which the
882 * port number in the queue head was 0..N-1 instead of 1..N.
884 if (ehci_has_fsl_portno_bug(ehci
))
885 info2
|= (urb
->dev
->ttport
-1) << 23;
887 info2
|= urb
->dev
->ttport
<< 23;
889 /* set the address of the TT; for TDI's integrated
890 * root hub tt, leave it zeroed.
892 if (tt
&& tt
->hub
!= ehci_to_hcd(ehci
)->self
.root_hub
)
893 info2
|= tt
->hub
->devnum
<< 16;
895 /* NOTE: if (PIPE_INTERRUPT) { scheduler sets c-mask } */
899 case USB_SPEED_HIGH
: /* no TT involved */
900 info1
|= QH_HIGH_SPEED
;
901 if (type
== PIPE_CONTROL
) {
902 info1
|= (EHCI_TUNE_RL_HS
<< 28);
903 info1
|= 64 << 16; /* usb2 fixed maxpacket */
904 info1
|= QH_TOGGLE_CTL
; /* toggle from qtd */
905 info2
|= (EHCI_TUNE_MULT_HS
<< 30);
906 } else if (type
== PIPE_BULK
) {
907 info1
|= (EHCI_TUNE_RL_HS
<< 28);
908 /* The USB spec says that high speed bulk endpoints
909 * always use 512 byte maxpacket. But some device
910 * vendors decided to ignore that, and MSFT is happy
911 * to help them do so. So now people expect to use
912 * such nonconformant devices with Linux too; sigh.
914 info1
|= max_packet(maxp
) << 16;
915 info2
|= (EHCI_TUNE_MULT_HS
<< 30);
916 } else { /* PIPE_INTERRUPT */
917 info1
|= max_packet (maxp
) << 16;
918 info2
|= hb_mult (maxp
) << 30;
922 ehci_dbg(ehci
, "bogus dev %p speed %d\n", urb
->dev
,
925 qh_destroy(ehci
, qh
);
929 /* NOTE: if (PIPE_INTERRUPT) { scheduler sets s-mask } */
931 /* init as live, toggle clear */
932 qh
->qh_state
= QH_STATE_IDLE
;
934 hw
->hw_info1
= cpu_to_hc32(ehci
, info1
);
935 hw
->hw_info2
= cpu_to_hc32(ehci
, info2
);
936 qh
->is_out
= !is_input
;
937 usb_settoggle (urb
->dev
, usb_pipeendpoint (urb
->pipe
), !is_input
, 1);
941 /*-------------------------------------------------------------------------*/
943 static void enable_async(struct ehci_hcd
*ehci
)
945 if (ehci
->async_count
++)
948 /* Stop waiting to turn off the async schedule */
949 ehci
->enabled_hrtimer_events
&= ~BIT(EHCI_HRTIMER_DISABLE_ASYNC
);
951 /* Don't start the schedule until ASS is 0 */
953 turn_on_io_watchdog(ehci
);
956 static void disable_async(struct ehci_hcd
*ehci
)
958 if (--ehci
->async_count
)
961 /* The async schedule and unlink lists are supposed to be empty */
962 WARN_ON(ehci
->async
->qh_next
.qh
|| !list_empty(&ehci
->async_unlink
) ||
963 !list_empty(&ehci
->async_idle
));
965 /* Don't turn off the schedule until ASS is 1 */
969 /* move qh (and its qtds) onto async queue; maybe enable queue. */
971 static void qh_link_async (struct ehci_hcd
*ehci
, struct ehci_qh
*qh
)
973 __hc32 dma
= QH_NEXT(ehci
, qh
->qh_dma
);
974 struct ehci_qh
*head
;
976 /* Don't link a QH if there's a Clear-TT-Buffer pending */
977 if (unlikely(qh
->clearing_tt
))
980 WARN_ON(qh
->qh_state
!= QH_STATE_IDLE
);
982 /* clear halt and/or toggle; and maybe recover from silicon quirk */
983 qh_refresh(ehci
, qh
);
985 /* splice right after start */
987 qh
->qh_next
= head
->qh_next
;
988 qh
->hw
->hw_next
= head
->hw
->hw_next
;
991 head
->qh_next
.qh
= qh
;
992 head
->hw
->hw_next
= dma
;
994 qh
->qh_state
= QH_STATE_LINKED
;
997 /* qtd completions reported later by interrupt */
1002 /*-------------------------------------------------------------------------*/
1005 * For control/bulk/interrupt, return QH with these TDs appended.
1006 * Allocates and initializes the QH if necessary.
1007 * Returns null if it can't allocate a QH it needs to.
1008 * If the QH has TDs (urbs) already, that's great.
1010 static struct ehci_qh
*qh_append_tds (
1011 struct ehci_hcd
*ehci
,
1013 struct list_head
*qtd_list
,
1018 struct ehci_qh
*qh
= NULL
;
1019 __hc32 qh_addr_mask
= cpu_to_hc32(ehci
, 0x7f);
1021 qh
= (struct ehci_qh
*) *ptr
;
1022 if (unlikely (qh
== NULL
)) {
1023 /* can't sleep here, we have ehci->lock... */
1024 qh
= qh_make (ehci
, urb
, GFP_ATOMIC
);
1027 if (likely (qh
!= NULL
)) {
1028 struct ehci_qtd
*qtd
;
1030 if (unlikely (list_empty (qtd_list
)))
1033 qtd
= list_entry (qtd_list
->next
, struct ehci_qtd
,
1036 /* control qh may need patching ... */
1037 if (unlikely (epnum
== 0)) {
1039 /* usb_reset_device() briefly reverts to address 0 */
1040 if (usb_pipedevice (urb
->pipe
) == 0)
1041 qh
->hw
->hw_info1
&= ~qh_addr_mask
;
1044 /* just one way to queue requests: swap with the dummy qtd.
1045 * only hc or qh_refresh() ever modify the overlay.
1047 if (likely (qtd
!= NULL
)) {
1048 struct ehci_qtd
*dummy
;
1052 /* to avoid racing the HC, use the dummy td instead of
1053 * the first td of our list (becomes new dummy). both
1054 * tds stay deactivated until we're done, when the
1055 * HC is allowed to fetch the old dummy (4.10.2).
1057 token
= qtd
->hw_token
;
1058 qtd
->hw_token
= HALT_BIT(ehci
);
1062 dma
= dummy
->qtd_dma
;
1064 dummy
->qtd_dma
= dma
;
1066 list_del (&qtd
->qtd_list
);
1067 list_add (&dummy
->qtd_list
, qtd_list
);
1068 list_splice_tail(qtd_list
, &qh
->qtd_list
);
1070 ehci_qtd_init(ehci
, qtd
, qtd
->qtd_dma
);
1073 /* hc must see the new dummy at list end */
1075 qtd
= list_entry (qh
->qtd_list
.prev
,
1076 struct ehci_qtd
, qtd_list
);
1077 qtd
->hw_next
= QTD_NEXT(ehci
, dma
);
1079 /* let the hc process these next qtds */
1081 dummy
->hw_token
= token
;
1089 /*-------------------------------------------------------------------------*/
1093 struct ehci_hcd
*ehci
,
1095 struct list_head
*qtd_list
,
1099 unsigned long flags
;
1100 struct ehci_qh
*qh
= NULL
;
1103 epnum
= urb
->ep
->desc
.bEndpointAddress
;
1105 #ifdef EHCI_URB_TRACE
1107 struct ehci_qtd
*qtd
;
1108 qtd
= list_entry(qtd_list
->next
, struct ehci_qtd
, qtd_list
);
1110 "%s %s urb %p ep%d%s len %d, qtd %p [qh %p]\n",
1111 __func__
, urb
->dev
->devpath
, urb
,
1112 epnum
& 0x0f, (epnum
& USB_DIR_IN
) ? "in" : "out",
1113 urb
->transfer_buffer_length
,
1114 qtd
, urb
->ep
->hcpriv
);
1118 spin_lock_irqsave (&ehci
->lock
, flags
);
1119 if (unlikely(!HCD_HW_ACCESSIBLE(ehci_to_hcd(ehci
)))) {
1123 rc
= usb_hcd_link_urb_to_ep(ehci_to_hcd(ehci
), urb
);
1127 qh
= qh_append_tds(ehci
, urb
, qtd_list
, epnum
, &urb
->ep
->hcpriv
);
1128 if (unlikely(qh
== NULL
)) {
1129 usb_hcd_unlink_urb_from_ep(ehci_to_hcd(ehci
), urb
);
1134 /* Control/bulk operations through TTs don't need scheduling,
1135 * the HC and TT handle it when the TT has a buffer ready.
1137 if (likely (qh
->qh_state
== QH_STATE_IDLE
))
1138 qh_link_async(ehci
, qh
);
1140 spin_unlock_irqrestore (&ehci
->lock
, flags
);
1141 if (unlikely (qh
== NULL
))
1142 qtd_list_free (ehci
, urb
, qtd_list
);
1146 /*-------------------------------------------------------------------------*/
1148 static void single_unlink_async(struct ehci_hcd
*ehci
, struct ehci_qh
*qh
)
1150 struct ehci_qh
*prev
;
1152 /* Add to the end of the list of QHs waiting for the next IAAD */
1153 qh
->qh_state
= QH_STATE_UNLINK_WAIT
;
1154 list_add_tail(&qh
->unlink_node
, &ehci
->async_unlink
);
1156 /* Unlink it from the schedule */
1158 while (prev
->qh_next
.qh
!= qh
)
1159 prev
= prev
->qh_next
.qh
;
1161 prev
->hw
->hw_next
= qh
->hw
->hw_next
;
1162 prev
->qh_next
= qh
->qh_next
;
1163 if (ehci
->qh_scan_next
== qh
)
1164 ehci
->qh_scan_next
= qh
->qh_next
.qh
;
1167 static void start_iaa_cycle(struct ehci_hcd
*ehci
)
1169 /* Do nothing if an IAA cycle is already running */
1170 if (ehci
->iaa_in_progress
)
1172 ehci
->iaa_in_progress
= true;
1174 /* If the controller isn't running, we don't have to wait for it */
1175 if (unlikely(ehci
->rh_state
< EHCI_RH_RUNNING
)) {
1176 end_unlink_async(ehci
);
1178 /* Otherwise start a new IAA cycle */
1179 } else if (likely(ehci
->rh_state
== EHCI_RH_RUNNING
)) {
1181 /* Make sure the unlinks are all visible to the hardware */
1184 ehci_writel(ehci
, ehci
->command
| CMD_IAAD
,
1185 &ehci
->regs
->command
);
1186 ehci_readl(ehci
, &ehci
->regs
->command
);
1187 ehci_enable_event(ehci
, EHCI_HRTIMER_IAA_WATCHDOG
, true);
1191 /* the async qh for the qtds being unlinked are now gone from the HC */
1193 static void end_unlink_async(struct ehci_hcd
*ehci
)
1198 if (ehci
->has_synopsys_hc_bug
)
1199 ehci_writel(ehci
, (u32
) ehci
->async
->qh_dma
,
1200 &ehci
->regs
->async_next
);
1202 /* The current IAA cycle has ended */
1203 ehci
->iaa_in_progress
= false;
1205 if (list_empty(&ehci
->async_unlink
))
1207 qh
= list_first_entry(&ehci
->async_unlink
, struct ehci_qh
,
1208 unlink_node
); /* QH whose IAA cycle just ended */
1211 * If async_unlinking is set then this routine is already running,
1212 * either on the stack or on another CPU.
1214 early_exit
= ehci
->async_unlinking
;
1216 /* If the controller isn't running, process all the waiting QHs */
1217 if (ehci
->rh_state
< EHCI_RH_RUNNING
)
1218 list_splice_tail_init(&ehci
->async_unlink
, &ehci
->async_idle
);
1221 * Intel (?) bug: The HC can write back the overlay region even
1222 * after the IAA interrupt occurs. In self-defense, always go
1223 * through two IAA cycles for each QH.
1225 else if (qh
->qh_state
== QH_STATE_UNLINK_WAIT
) {
1226 qh
->qh_state
= QH_STATE_UNLINK
;
1230 /* Otherwise process only the first waiting QH (NVIDIA bug?) */
1232 list_move_tail(&qh
->unlink_node
, &ehci
->async_idle
);
1234 /* Start a new IAA cycle if any QHs are waiting for it */
1235 if (!list_empty(&ehci
->async_unlink
))
1236 start_iaa_cycle(ehci
);
1239 * Don't allow nesting or concurrent calls,
1240 * or wait for the second IAA cycle for the next QH.
1245 /* Process the idle QHs */
1246 ehci
->async_unlinking
= true;
1247 while (!list_empty(&ehci
->async_idle
)) {
1248 qh
= list_first_entry(&ehci
->async_idle
, struct ehci_qh
,
1250 list_del(&qh
->unlink_node
);
1252 qh
->qh_state
= QH_STATE_IDLE
;
1253 qh
->qh_next
.qh
= NULL
;
1255 if (!list_empty(&qh
->qtd_list
))
1256 qh_completions(ehci
, qh
);
1257 if (!list_empty(&qh
->qtd_list
) &&
1258 ehci
->rh_state
== EHCI_RH_RUNNING
)
1259 qh_link_async(ehci
, qh
);
1260 disable_async(ehci
);
1262 ehci
->async_unlinking
= false;
1265 static void start_unlink_async(struct ehci_hcd
*ehci
, struct ehci_qh
*qh
);
1267 static void unlink_empty_async(struct ehci_hcd
*ehci
)
1270 struct ehci_qh
*qh_to_unlink
= NULL
;
1273 /* Find the last async QH which has been empty for a timer cycle */
1274 for (qh
= ehci
->async
->qh_next
.qh
; qh
; qh
= qh
->qh_next
.qh
) {
1275 if (list_empty(&qh
->qtd_list
) &&
1276 qh
->qh_state
== QH_STATE_LINKED
) {
1278 if (qh
->unlink_cycle
!= ehci
->async_unlink_cycle
)
1283 /* If nothing else is being unlinked, unlink the last empty QH */
1284 if (list_empty(&ehci
->async_unlink
) && qh_to_unlink
) {
1285 start_unlink_async(ehci
, qh_to_unlink
);
1289 /* Other QHs will be handled later */
1291 ehci_enable_event(ehci
, EHCI_HRTIMER_ASYNC_UNLINKS
, true);
1292 ++ehci
->async_unlink_cycle
;
1296 /* The root hub is suspended; unlink all the async QHs */
1297 static void __maybe_unused
unlink_empty_async_suspended(struct ehci_hcd
*ehci
)
1301 while (ehci
->async
->qh_next
.qh
) {
1302 qh
= ehci
->async
->qh_next
.qh
;
1303 WARN_ON(!list_empty(&qh
->qtd_list
));
1304 single_unlink_async(ehci
, qh
);
1306 start_iaa_cycle(ehci
);
1309 /* makes sure the async qh will become idle */
1310 /* caller must own ehci->lock */
1312 static void start_unlink_async(struct ehci_hcd
*ehci
, struct ehci_qh
*qh
)
1314 /* If the QH isn't linked then there's nothing we can do. */
1315 if (qh
->qh_state
!= QH_STATE_LINKED
)
1318 single_unlink_async(ehci
, qh
);
1319 start_iaa_cycle(ehci
);
1322 /*-------------------------------------------------------------------------*/
1324 static void scan_async (struct ehci_hcd
*ehci
)
1327 bool check_unlinks_later
= false;
1329 ehci
->qh_scan_next
= ehci
->async
->qh_next
.qh
;
1330 while (ehci
->qh_scan_next
) {
1331 qh
= ehci
->qh_scan_next
;
1332 ehci
->qh_scan_next
= qh
->qh_next
.qh
;
1334 /* clean any finished work for this qh */
1335 if (!list_empty(&qh
->qtd_list
)) {
1339 * Unlinks could happen here; completion reporting
1340 * drops the lock. That's why ehci->qh_scan_next
1341 * always holds the next qh to scan; if the next qh
1342 * gets unlinked then ehci->qh_scan_next is adjusted
1343 * in single_unlink_async().
1345 temp
= qh_completions(ehci
, qh
);
1346 if (unlikely(temp
)) {
1347 start_unlink_async(ehci
, qh
);
1348 } else if (list_empty(&qh
->qtd_list
)
1349 && qh
->qh_state
== QH_STATE_LINKED
) {
1350 qh
->unlink_cycle
= ehci
->async_unlink_cycle
;
1351 check_unlinks_later
= true;
1357 * Unlink empty entries, reducing DMA usage as well
1358 * as HCD schedule-scanning costs. Delay for any qh
1359 * we just scanned, there's a not-unusual case that it
1360 * doesn't stay idle for long.
1362 if (check_unlinks_later
&& ehci
->rh_state
== EHCI_RH_RUNNING
&&
1363 !(ehci
->enabled_hrtimer_events
&
1364 BIT(EHCI_HRTIMER_ASYNC_UNLINKS
))) {
1365 ehci_enable_event(ehci
, EHCI_HRTIMER_ASYNC_UNLINKS
, true);
1366 ++ehci
->async_unlink_cycle
;