bpf: Prevent memory disambiguation attack
[linux/fpc-iii.git] / drivers / usb / common / usb-otg-fsm.c
blob3740cf95560e9d4aa11ea1c26bd7c8fa84905b92
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * OTG Finite State Machine from OTG spec
5 * Copyright (C) 2007,2008 Freescale Semiconductor, Inc.
7 * Author: Li Yang <LeoLi@freescale.com>
8 * Jerry Huang <Chang-Ming.Huang@freescale.com>
9 */
11 #include <linux/module.h>
12 #include <linux/kernel.h>
13 #include <linux/types.h>
14 #include <linux/mutex.h>
15 #include <linux/delay.h>
16 #include <linux/usb.h>
17 #include <linux/usb/gadget.h>
18 #include <linux/usb/otg.h>
19 #include <linux/usb/otg-fsm.h>
21 #ifdef VERBOSE
22 #define VDBG(fmt, args...) pr_debug("[%s] " fmt, \
23 __func__, ## args)
24 #else
25 #define VDBG(stuff...) do {} while (0)
26 #endif
28 /* Change USB protocol when there is a protocol change */
29 static int otg_set_protocol(struct otg_fsm *fsm, int protocol)
31 int ret = 0;
33 if (fsm->protocol != protocol) {
34 VDBG("Changing role fsm->protocol= %d; new protocol= %d\n",
35 fsm->protocol, protocol);
36 /* stop old protocol */
37 if (fsm->protocol == PROTO_HOST)
38 ret = otg_start_host(fsm, 0);
39 else if (fsm->protocol == PROTO_GADGET)
40 ret = otg_start_gadget(fsm, 0);
41 if (ret)
42 return ret;
44 /* start new protocol */
45 if (protocol == PROTO_HOST)
46 ret = otg_start_host(fsm, 1);
47 else if (protocol == PROTO_GADGET)
48 ret = otg_start_gadget(fsm, 1);
49 if (ret)
50 return ret;
52 fsm->protocol = protocol;
53 return 0;
56 return 0;
59 /* Called when leaving a state. Do state clean up jobs here */
60 static void otg_leave_state(struct otg_fsm *fsm, enum usb_otg_state old_state)
62 switch (old_state) {
63 case OTG_STATE_B_IDLE:
64 otg_del_timer(fsm, B_SE0_SRP);
65 fsm->b_se0_srp = 0;
66 fsm->adp_sns = 0;
67 fsm->adp_prb = 0;
68 break;
69 case OTG_STATE_B_SRP_INIT:
70 fsm->data_pulse = 0;
71 fsm->b_srp_done = 0;
72 break;
73 case OTG_STATE_B_PERIPHERAL:
74 if (fsm->otg->gadget)
75 fsm->otg->gadget->host_request_flag = 0;
76 break;
77 case OTG_STATE_B_WAIT_ACON:
78 otg_del_timer(fsm, B_ASE0_BRST);
79 fsm->b_ase0_brst_tmout = 0;
80 break;
81 case OTG_STATE_B_HOST:
82 break;
83 case OTG_STATE_A_IDLE:
84 fsm->adp_prb = 0;
85 break;
86 case OTG_STATE_A_WAIT_VRISE:
87 otg_del_timer(fsm, A_WAIT_VRISE);
88 fsm->a_wait_vrise_tmout = 0;
89 break;
90 case OTG_STATE_A_WAIT_BCON:
91 otg_del_timer(fsm, A_WAIT_BCON);
92 fsm->a_wait_bcon_tmout = 0;
93 break;
94 case OTG_STATE_A_HOST:
95 otg_del_timer(fsm, A_WAIT_ENUM);
96 break;
97 case OTG_STATE_A_SUSPEND:
98 otg_del_timer(fsm, A_AIDL_BDIS);
99 fsm->a_aidl_bdis_tmout = 0;
100 fsm->a_suspend_req_inf = 0;
101 break;
102 case OTG_STATE_A_PERIPHERAL:
103 otg_del_timer(fsm, A_BIDL_ADIS);
104 fsm->a_bidl_adis_tmout = 0;
105 if (fsm->otg->gadget)
106 fsm->otg->gadget->host_request_flag = 0;
107 break;
108 case OTG_STATE_A_WAIT_VFALL:
109 otg_del_timer(fsm, A_WAIT_VFALL);
110 fsm->a_wait_vfall_tmout = 0;
111 otg_del_timer(fsm, A_WAIT_VRISE);
112 break;
113 case OTG_STATE_A_VBUS_ERR:
114 break;
115 default:
116 break;
120 static void otg_hnp_polling_work(struct work_struct *work)
122 struct otg_fsm *fsm = container_of(to_delayed_work(work),
123 struct otg_fsm, hnp_polling_work);
124 struct usb_device *udev;
125 enum usb_otg_state state = fsm->otg->state;
126 u8 flag;
127 int retval;
129 if (state != OTG_STATE_A_HOST && state != OTG_STATE_B_HOST)
130 return;
132 udev = usb_hub_find_child(fsm->otg->host->root_hub, 1);
133 if (!udev) {
134 dev_err(fsm->otg->host->controller,
135 "no usb dev connected, can't start HNP polling\n");
136 return;
139 *fsm->host_req_flag = 0;
140 /* Get host request flag from connected USB device */
141 retval = usb_control_msg(udev,
142 usb_rcvctrlpipe(udev, 0),
143 USB_REQ_GET_STATUS,
144 USB_DIR_IN | USB_RECIP_DEVICE,
146 OTG_STS_SELECTOR,
147 fsm->host_req_flag,
149 USB_CTRL_GET_TIMEOUT);
150 if (retval != 1) {
151 dev_err(&udev->dev, "Get one byte OTG status failed\n");
152 return;
155 flag = *fsm->host_req_flag;
156 if (flag == 0) {
157 /* Continue HNP polling */
158 schedule_delayed_work(&fsm->hnp_polling_work,
159 msecs_to_jiffies(T_HOST_REQ_POLL));
160 return;
161 } else if (flag != HOST_REQUEST_FLAG) {
162 dev_err(&udev->dev, "host request flag %d is invalid\n", flag);
163 return;
166 /* Host request flag is set */
167 if (state == OTG_STATE_A_HOST) {
168 /* Set b_hnp_enable */
169 if (!fsm->otg->host->b_hnp_enable) {
170 retval = usb_control_msg(udev,
171 usb_sndctrlpipe(udev, 0),
172 USB_REQ_SET_FEATURE, 0,
173 USB_DEVICE_B_HNP_ENABLE,
174 0, NULL, 0,
175 USB_CTRL_SET_TIMEOUT);
176 if (retval >= 0)
177 fsm->otg->host->b_hnp_enable = 1;
179 fsm->a_bus_req = 0;
180 } else if (state == OTG_STATE_B_HOST) {
181 fsm->b_bus_req = 0;
184 otg_statemachine(fsm);
187 static void otg_start_hnp_polling(struct otg_fsm *fsm)
190 * The memory of host_req_flag should be allocated by
191 * controller driver, otherwise, hnp polling is not started.
193 if (!fsm->host_req_flag)
194 return;
196 INIT_DELAYED_WORK(&fsm->hnp_polling_work, otg_hnp_polling_work);
197 schedule_delayed_work(&fsm->hnp_polling_work,
198 msecs_to_jiffies(T_HOST_REQ_POLL));
201 /* Called when entering a state */
202 static int otg_set_state(struct otg_fsm *fsm, enum usb_otg_state new_state)
204 if (fsm->otg->state == new_state)
205 return 0;
206 VDBG("Set state: %s\n", usb_otg_state_string(new_state));
207 otg_leave_state(fsm, fsm->otg->state);
208 switch (new_state) {
209 case OTG_STATE_B_IDLE:
210 otg_drv_vbus(fsm, 0);
211 otg_chrg_vbus(fsm, 0);
212 otg_loc_conn(fsm, 0);
213 otg_loc_sof(fsm, 0);
215 * Driver is responsible for starting ADP probing
216 * if ADP sensing times out.
218 otg_start_adp_sns(fsm);
219 otg_set_protocol(fsm, PROTO_UNDEF);
220 otg_add_timer(fsm, B_SE0_SRP);
221 break;
222 case OTG_STATE_B_SRP_INIT:
223 otg_start_pulse(fsm);
224 otg_loc_sof(fsm, 0);
225 otg_set_protocol(fsm, PROTO_UNDEF);
226 otg_add_timer(fsm, B_SRP_FAIL);
227 break;
228 case OTG_STATE_B_PERIPHERAL:
229 otg_chrg_vbus(fsm, 0);
230 otg_loc_sof(fsm, 0);
231 otg_set_protocol(fsm, PROTO_GADGET);
232 otg_loc_conn(fsm, 1);
233 break;
234 case OTG_STATE_B_WAIT_ACON:
235 otg_chrg_vbus(fsm, 0);
236 otg_loc_conn(fsm, 0);
237 otg_loc_sof(fsm, 0);
238 otg_set_protocol(fsm, PROTO_HOST);
239 otg_add_timer(fsm, B_ASE0_BRST);
240 fsm->a_bus_suspend = 0;
241 break;
242 case OTG_STATE_B_HOST:
243 otg_chrg_vbus(fsm, 0);
244 otg_loc_conn(fsm, 0);
245 otg_loc_sof(fsm, 1);
246 otg_set_protocol(fsm, PROTO_HOST);
247 usb_bus_start_enum(fsm->otg->host,
248 fsm->otg->host->otg_port);
249 otg_start_hnp_polling(fsm);
250 break;
251 case OTG_STATE_A_IDLE:
252 otg_drv_vbus(fsm, 0);
253 otg_chrg_vbus(fsm, 0);
254 otg_loc_conn(fsm, 0);
255 otg_loc_sof(fsm, 0);
256 otg_start_adp_prb(fsm);
257 otg_set_protocol(fsm, PROTO_HOST);
258 break;
259 case OTG_STATE_A_WAIT_VRISE:
260 otg_drv_vbus(fsm, 1);
261 otg_loc_conn(fsm, 0);
262 otg_loc_sof(fsm, 0);
263 otg_set_protocol(fsm, PROTO_HOST);
264 otg_add_timer(fsm, A_WAIT_VRISE);
265 break;
266 case OTG_STATE_A_WAIT_BCON:
267 otg_drv_vbus(fsm, 1);
268 otg_loc_conn(fsm, 0);
269 otg_loc_sof(fsm, 0);
270 otg_set_protocol(fsm, PROTO_HOST);
271 otg_add_timer(fsm, A_WAIT_BCON);
272 break;
273 case OTG_STATE_A_HOST:
274 otg_drv_vbus(fsm, 1);
275 otg_loc_conn(fsm, 0);
276 otg_loc_sof(fsm, 1);
277 otg_set_protocol(fsm, PROTO_HOST);
279 * When HNP is triggered while a_bus_req = 0, a_host will
280 * suspend too fast to complete a_set_b_hnp_en
282 if (!fsm->a_bus_req || fsm->a_suspend_req_inf)
283 otg_add_timer(fsm, A_WAIT_ENUM);
284 otg_start_hnp_polling(fsm);
285 break;
286 case OTG_STATE_A_SUSPEND:
287 otg_drv_vbus(fsm, 1);
288 otg_loc_conn(fsm, 0);
289 otg_loc_sof(fsm, 0);
290 otg_set_protocol(fsm, PROTO_HOST);
291 otg_add_timer(fsm, A_AIDL_BDIS);
293 break;
294 case OTG_STATE_A_PERIPHERAL:
295 otg_loc_sof(fsm, 0);
296 otg_set_protocol(fsm, PROTO_GADGET);
297 otg_drv_vbus(fsm, 1);
298 otg_loc_conn(fsm, 1);
299 otg_add_timer(fsm, A_BIDL_ADIS);
300 break;
301 case OTG_STATE_A_WAIT_VFALL:
302 otg_drv_vbus(fsm, 0);
303 otg_loc_conn(fsm, 0);
304 otg_loc_sof(fsm, 0);
305 otg_set_protocol(fsm, PROTO_HOST);
306 otg_add_timer(fsm, A_WAIT_VFALL);
307 break;
308 case OTG_STATE_A_VBUS_ERR:
309 otg_drv_vbus(fsm, 0);
310 otg_loc_conn(fsm, 0);
311 otg_loc_sof(fsm, 0);
312 otg_set_protocol(fsm, PROTO_UNDEF);
313 break;
314 default:
315 break;
318 fsm->otg->state = new_state;
319 fsm->state_changed = 1;
320 return 0;
323 /* State change judgement */
324 int otg_statemachine(struct otg_fsm *fsm)
326 enum usb_otg_state state;
328 mutex_lock(&fsm->lock);
330 state = fsm->otg->state;
331 fsm->state_changed = 0;
332 /* State machine state change judgement */
334 switch (state) {
335 case OTG_STATE_UNDEFINED:
336 VDBG("fsm->id = %d\n", fsm->id);
337 if (fsm->id)
338 otg_set_state(fsm, OTG_STATE_B_IDLE);
339 else
340 otg_set_state(fsm, OTG_STATE_A_IDLE);
341 break;
342 case OTG_STATE_B_IDLE:
343 if (!fsm->id)
344 otg_set_state(fsm, OTG_STATE_A_IDLE);
345 else if (fsm->b_sess_vld && fsm->otg->gadget)
346 otg_set_state(fsm, OTG_STATE_B_PERIPHERAL);
347 else if ((fsm->b_bus_req || fsm->adp_change || fsm->power_up) &&
348 fsm->b_ssend_srp && fsm->b_se0_srp)
349 otg_set_state(fsm, OTG_STATE_B_SRP_INIT);
350 break;
351 case OTG_STATE_B_SRP_INIT:
352 if (!fsm->id || fsm->b_srp_done)
353 otg_set_state(fsm, OTG_STATE_B_IDLE);
354 break;
355 case OTG_STATE_B_PERIPHERAL:
356 if (!fsm->id || !fsm->b_sess_vld)
357 otg_set_state(fsm, OTG_STATE_B_IDLE);
358 else if (fsm->b_bus_req && fsm->otg->
359 gadget->b_hnp_enable && fsm->a_bus_suspend)
360 otg_set_state(fsm, OTG_STATE_B_WAIT_ACON);
361 break;
362 case OTG_STATE_B_WAIT_ACON:
363 if (fsm->a_conn)
364 otg_set_state(fsm, OTG_STATE_B_HOST);
365 else if (!fsm->id || !fsm->b_sess_vld)
366 otg_set_state(fsm, OTG_STATE_B_IDLE);
367 else if (fsm->a_bus_resume || fsm->b_ase0_brst_tmout) {
368 fsm->b_ase0_brst_tmout = 0;
369 otg_set_state(fsm, OTG_STATE_B_PERIPHERAL);
371 break;
372 case OTG_STATE_B_HOST:
373 if (!fsm->id || !fsm->b_sess_vld)
374 otg_set_state(fsm, OTG_STATE_B_IDLE);
375 else if (!fsm->b_bus_req || !fsm->a_conn || fsm->test_device)
376 otg_set_state(fsm, OTG_STATE_B_PERIPHERAL);
377 break;
378 case OTG_STATE_A_IDLE:
379 if (fsm->id)
380 otg_set_state(fsm, OTG_STATE_B_IDLE);
381 else if (!fsm->a_bus_drop && (fsm->a_bus_req ||
382 fsm->a_srp_det || fsm->adp_change || fsm->power_up))
383 otg_set_state(fsm, OTG_STATE_A_WAIT_VRISE);
384 break;
385 case OTG_STATE_A_WAIT_VRISE:
386 if (fsm->a_vbus_vld)
387 otg_set_state(fsm, OTG_STATE_A_WAIT_BCON);
388 else if (fsm->id || fsm->a_bus_drop ||
389 fsm->a_wait_vrise_tmout)
390 otg_set_state(fsm, OTG_STATE_A_WAIT_VFALL);
391 break;
392 case OTG_STATE_A_WAIT_BCON:
393 if (!fsm->a_vbus_vld)
394 otg_set_state(fsm, OTG_STATE_A_VBUS_ERR);
395 else if (fsm->b_conn)
396 otg_set_state(fsm, OTG_STATE_A_HOST);
397 else if (fsm->id || fsm->a_bus_drop || fsm->a_wait_bcon_tmout)
398 otg_set_state(fsm, OTG_STATE_A_WAIT_VFALL);
399 break;
400 case OTG_STATE_A_HOST:
401 if (fsm->id || fsm->a_bus_drop)
402 otg_set_state(fsm, OTG_STATE_A_WAIT_VFALL);
403 else if ((!fsm->a_bus_req || fsm->a_suspend_req_inf) &&
404 fsm->otg->host->b_hnp_enable)
405 otg_set_state(fsm, OTG_STATE_A_SUSPEND);
406 else if (!fsm->b_conn)
407 otg_set_state(fsm, OTG_STATE_A_WAIT_BCON);
408 else if (!fsm->a_vbus_vld)
409 otg_set_state(fsm, OTG_STATE_A_VBUS_ERR);
410 break;
411 case OTG_STATE_A_SUSPEND:
412 if (!fsm->b_conn && fsm->otg->host->b_hnp_enable)
413 otg_set_state(fsm, OTG_STATE_A_PERIPHERAL);
414 else if (!fsm->b_conn && !fsm->otg->host->b_hnp_enable)
415 otg_set_state(fsm, OTG_STATE_A_WAIT_BCON);
416 else if (fsm->a_bus_req || fsm->b_bus_resume)
417 otg_set_state(fsm, OTG_STATE_A_HOST);
418 else if (fsm->id || fsm->a_bus_drop || fsm->a_aidl_bdis_tmout)
419 otg_set_state(fsm, OTG_STATE_A_WAIT_VFALL);
420 else if (!fsm->a_vbus_vld)
421 otg_set_state(fsm, OTG_STATE_A_VBUS_ERR);
422 break;
423 case OTG_STATE_A_PERIPHERAL:
424 if (fsm->id || fsm->a_bus_drop)
425 otg_set_state(fsm, OTG_STATE_A_WAIT_VFALL);
426 else if (fsm->a_bidl_adis_tmout || fsm->b_bus_suspend)
427 otg_set_state(fsm, OTG_STATE_A_WAIT_BCON);
428 else if (!fsm->a_vbus_vld)
429 otg_set_state(fsm, OTG_STATE_A_VBUS_ERR);
430 break;
431 case OTG_STATE_A_WAIT_VFALL:
432 if (fsm->a_wait_vfall_tmout)
433 otg_set_state(fsm, OTG_STATE_A_IDLE);
434 break;
435 case OTG_STATE_A_VBUS_ERR:
436 if (fsm->id || fsm->a_bus_drop || fsm->a_clr_err)
437 otg_set_state(fsm, OTG_STATE_A_WAIT_VFALL);
438 break;
439 default:
440 break;
442 mutex_unlock(&fsm->lock);
444 VDBG("quit statemachine, changed = %d\n", fsm->state_changed);
445 return fsm->state_changed;
447 EXPORT_SYMBOL_GPL(otg_statemachine);
448 MODULE_LICENSE("GPL");