From: Stephen Warren swarren@nvidia.com

ci_udc currently points ep->desc at separate descriptors for IN and OUT. These descriptors only differ in the ep address IN/OUT field. Modify the code to use a single descriptor, and change that descriptor's ep address to indicate IN/OUT as required. This removes some data duplication.

Signed-off-by: Stephen Warren swarren@nvidia.com --- drivers/usb/gadget/ci_udc.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/drivers/usb/gadget/ci_udc.c b/drivers/usb/gadget/ci_udc.c index a68a85f84e70..77f8c9ef7f0f 100644 --- a/drivers/usb/gadget/ci_udc.c +++ b/drivers/usb/gadget/ci_udc.c @@ -56,14 +56,7 @@ static const char *reqname(unsigned r) } #endif

-static struct usb_endpoint_descriptor ep0_out_desc = { - .bLength = sizeof(struct usb_endpoint_descriptor), - .bDescriptorType = USB_DT_ENDPOINT, - .bEndpointAddress = 0, - .bmAttributes = USB_ENDPOINT_XFER_CONTROL, -}; - -static struct usb_endpoint_descriptor ep0_in_desc = { +static struct usb_endpoint_descriptor ep0_desc = { .bLength = sizeof(struct usb_endpoint_descriptor), .bDescriptorType = USB_DT_ENDPOINT, .bEndpointAddress = USB_DIR_IN, @@ -435,7 +428,7 @@ static void handle_ep_complete(struct ci_ep *ep) num = ep->desc->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK; in = (ep->desc->bEndpointAddress & USB_DIR_IN) != 0; if (num == 0) - ep->desc = &ep0_out_desc; + ep0_desc.bEndpointAddress = 0; item = ci_get_qtd(num, in); ci_invalidate_qtd(num);

@@ -460,7 +453,7 @@ static void handle_ep_complete(struct ci_ep *ep) if (num == 0) { ci_req->req.length = 0; usb_ep_queue(&ep->ep, &ci_req->req, 0); - ep->desc = &ep0_in_desc; + ep0_desc.bEndpointAddress = USB_DIR_IN; } }

@@ -771,7 +764,7 @@ static int ci_udc_probe(void)

/* Init EP 0 */ memcpy(&controller.ep[0].ep, &ci_ep_init[0], sizeof(*ci_ep_init)); - controller.ep[0].desc = &ep0_in_desc; + controller.ep[0].desc = &ep0_desc; INIT_LIST_HEAD(&controller.ep[0].queue); controller.ep[0].req_primed = false; controller.gadget.ep0 = &controller.ep[0].ep;

From: Stephen Warren swarren@nvidia.com

handle_setup() currently assumes that the response to a Setup transaction will be an OUT transaction, and any subsequent packet (if any) will be an IN transaction. This appears to be valid in many cases; both USB enumeration and Mass Storage work OK with this restriction. However, DFU uses ep0 to transfer data in both directions. This renders the assumption invalid; when sending data from device to host, the Data Stage is an IN transaction, and the Status Stage is an OUT transaction. Enhance handle_setup() to deduce the correct direction for the USB transactions based on Setup transaction data.

ep0's request object only needs to be automatically re-queued when the Data Stage completes, in order to implement the Status Stage. Once the Status Stage transaction is complete, there is no need to re-queue the USB request, so don't do that.

Don't sent USB request completion callbacks for Status Stage transactions. These were queued by ci_udc itself, and only serve to confuse the USB function code. For example, f_dfu attempts to interpret the 0-length data buffers for Status Stage transactions as DFU packets. These buffers contain stale data from the previous transaction. This causes f_dfu to complain about a sequence number mismatch.

Signed-off-by: Stephen Warren swarren@nvidia.com --- drivers/usb/gadget/ci_udc.c | 48 ++++++++++++++++++++++++++++++++++++++------- drivers/usb/gadget/ci_udc.h | 1 + 2 files changed, 42 insertions(+), 7 deletions(-)

diff --git a/drivers/usb/gadget/ci_udc.c b/drivers/usb/gadget/ci_udc.c index 03ad23164fe1..6dc20c6c954c 100644 --- a/drivers/usb/gadget/ci_udc.c +++ b/drivers/usb/gadget/ci_udc.c @@ -428,6 +428,17 @@ static int ci_ep_queue(struct usb_ep *ep, return 0; }

+static void flip_ep0_direction(void) +{ + if (ep0_desc.bEndpointAddress == USB_DIR_IN) { + DBG("%s: Flipping ep0 ot OUT\n", __func__); + ep0_desc.bEndpointAddress = 0; + } else { + DBG("%s: Flipping ep0 ot IN\n", __func__); + ep0_desc.bEndpointAddress = USB_DIR_IN; + } +} + static void handle_ep_complete(struct ci_ep *ep) { struct ept_queue_item *item; @@ -436,8 +447,6 @@ static void handle_ep_complete(struct ci_ep *ep)

num = ep->desc->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK; in = (ep->desc->bEndpointAddress & USB_DIR_IN) != 0; - if (num == 0) - ep0_desc.bEndpointAddress = 0; item = ci_get_qtd(num, in); ci_invalidate_qtd(num);

@@ -458,11 +467,18 @@ static void handle_ep_complete(struct ci_ep *ep)

DBG("ept%d %s req %p, complete %x\n", num, in ? "in" : "out", ci_req, len); - ci_req->req.complete(&ep->ep, &ci_req->req); - if (num == 0) { + if (num != 0 || controller.ep0_data_phase) + ci_req->req.complete(&ep->ep, &ci_req->req); + if (num == 0 && controller.ep0_data_phase) { + /* + * Data Stage is complete, so flip ep0 dir for Status Stage, + * which always transfers a packet in the opposite direction. + */ + DBG("%s: flip ep0 dir for Status Stage\n", __func__); + flip_ep0_direction(); + controller.ep0_data_phase = false; ci_req->req.length = 0; usb_ep_queue(&ep->ep, &ci_req->req, 0); - ep0_desc.bEndpointAddress = USB_DIR_IN; } }

@@ -491,8 +507,26 @@ static void handle_setup(void) #else writel(EPT_RX(0), &udc->epstat); #endif - DBG("handle setup %s, %x, %x index %x value %x\n", reqname(r.bRequest), - r.bRequestType, r.bRequest, r.wIndex, r.wValue); + DBG("handle setup %s, %x, %x index %x value %x length %x\n", + reqname(r.bRequest), r.bRequestType, r.bRequest, r.wIndex, + r.wValue, r.wLength); + + /* Set EP0 dir for Data Stage based on Setup Stage data */ + if (r.bRequestType & USB_DIR_IN) { + DBG("%s: Set ep0 to IN for Data Stage\n", __func__); + ep0_desc.bEndpointAddress = USB_DIR_IN; + } else { + DBG("%s: Set ep0 to OUT for Data Stage\n", __func__); + ep0_desc.bEndpointAddress = 0; + } + if (r.wLength) { + controller.ep0_data_phase = true; + } else { + /* 0 length -> no Data Stage. Flip dir for Status Stage */ + DBG("%s: 0 length: flip ep0 dir for Status Stage\n", __func__); + flip_ep0_direction(); + controller.ep0_data_phase = false; + }

list_del_init(&ci_req->queue); ci_ep->req_primed = false; diff --git a/drivers/usb/gadget/ci_udc.h b/drivers/usb/gadget/ci_udc.h index 7d76af84f037..c2144021e675 100644 --- a/drivers/usb/gadget/ci_udc.h +++ b/drivers/usb/gadget/ci_udc.h @@ -98,6 +98,7 @@ struct ci_ep { struct ci_drv { struct usb_gadget gadget; struct ci_req *ep0_req; + bool ep0_data_phase; struct usb_gadget_driver *driver; struct ehci_ctrl *ctrl; struct ept_queue_head *epts;