2 * f_dfu.c -- Device Firmware Update USB function
4 * Copyright (C) 2012 Samsung Electronics
5 * authors: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
6 * Lukasz Majewski <l.majewski@samsung.com>
8 * Based on OpenMoko u-boot: drivers/usb/usbdfu.c
9 * (C) 2007 by OpenMoko, Inc.
10 * Author: Harald Welte <laforge@openmoko.org>
12 * based on existing SAM7DFU code from OpenPCD:
13 * (C) Copyright 2006 by Harald Welte <hwelte at hmw-consulting.de>
15 * SPDX-License-Identifier: GPL-2.0+
22 #include <linux/usb/ch9.h>
23 #include <linux/usb/gadget.h>
24 #include <linux/usb/composite.h>
31 struct usb_function usb_function;
33 struct usb_descriptor_header **function;
34 struct usb_string *strings;
36 /* when configured, we have one config */
39 enum dfu_state dfu_state;
40 unsigned int dfu_status;
42 /* Send/received block number is handy for data integrity check */
44 unsigned int poll_timeout;
47 typedef int (*dfu_state_fn) (struct f_dfu *,
48 const struct usb_ctrlrequest *,
50 struct usb_request *);
52 static inline struct f_dfu *func_to_dfu(struct usb_function *f)
54 return container_of(f, struct f_dfu, usb_function);
57 static const struct dfu_function_descriptor dfu_func = {
58 .bLength = sizeof dfu_func,
59 .bDescriptorType = DFU_DT_FUNC,
60 .bmAttributes = DFU_BIT_WILL_DETACH |
61 DFU_BIT_MANIFESTATION_TOLERANT |
65 .wTransferSize = DFU_USB_BUFSIZ,
66 .bcdDFUVersion = __constant_cpu_to_le16(0x0110),
69 static struct usb_interface_descriptor dfu_intf_runtime = {
70 .bLength = sizeof dfu_intf_runtime,
71 .bDescriptorType = USB_DT_INTERFACE,
73 .bInterfaceClass = USB_CLASS_APP_SPEC,
74 .bInterfaceSubClass = 1,
75 .bInterfaceProtocol = 1,
76 /* .iInterface = DYNAMIC */
79 static struct usb_descriptor_header *dfu_runtime_descs[] = {
80 (struct usb_descriptor_header *) &dfu_intf_runtime,
84 static const struct usb_qualifier_descriptor dev_qualifier = {
85 .bLength = sizeof dev_qualifier,
86 .bDescriptorType = USB_DT_DEVICE_QUALIFIER,
87 .bcdUSB = __constant_cpu_to_le16(0x0200),
88 .bDeviceClass = USB_CLASS_VENDOR_SPEC,
89 .bNumConfigurations = 1,
92 static const char dfu_name[] = "Device Firmware Upgrade";
95 * static strings, in UTF-8
97 * dfu_generic configuration
99 static struct usb_string strings_dfu_generic[] = {
101 { } /* end of list */
104 static struct usb_gadget_strings stringtab_dfu_generic = {
105 .language = 0x0409, /* en-us */
106 .strings = strings_dfu_generic,
109 static struct usb_gadget_strings *dfu_generic_strings[] = {
110 &stringtab_dfu_generic,
115 * usb_function specific
117 static struct usb_gadget_strings stringtab_dfu = {
118 .language = 0x0409, /* en-us */
122 * assigned during initialization,
123 * depends on number of flash entities
128 static struct usb_gadget_strings *dfu_strings[] = {
133 static void dfu_set_poll_timeout(struct dfu_status *dstat, unsigned int ms)
136 * The bwPollTimeout DFU_GETSTATUS request payload provides information
137 * about minimum time, in milliseconds, that the host should wait before
138 * sending a subsequent DFU_GETSTATUS request
140 * This permits the device to vary the delay depending on its need to
141 * erase or program the memory
145 unsigned char *p = (unsigned char *)&ms;
147 if (!ms || (ms & ~DFU_POLL_TIMEOUT_MASK)) {
148 dstat->bwPollTimeout[0] = 0;
149 dstat->bwPollTimeout[1] = 0;
150 dstat->bwPollTimeout[2] = 0;
155 dstat->bwPollTimeout[0] = *p++;
156 dstat->bwPollTimeout[1] = *p++;
157 dstat->bwPollTimeout[2] = *p;
160 /*-------------------------------------------------------------------------*/
162 static void dnload_request_complete(struct usb_ep *ep, struct usb_request *req)
164 struct f_dfu *f_dfu = req->context;
167 ret = dfu_write(dfu_get_entity(f_dfu->altsetting), req->buf,
168 req->length, f_dfu->blk_seq_num);
170 f_dfu->dfu_status = DFU_STATUS_errUNKNOWN;
171 f_dfu->dfu_state = DFU_STATE_dfuERROR;
175 static void dnload_request_flush(struct usb_ep *ep, struct usb_request *req)
177 struct f_dfu *f_dfu = req->context;
180 ret = dfu_flush(dfu_get_entity(f_dfu->altsetting), req->buf,
181 req->length, f_dfu->blk_seq_num);
183 f_dfu->dfu_status = DFU_STATUS_errUNKNOWN;
184 f_dfu->dfu_state = DFU_STATE_dfuERROR;
188 static inline int dfu_get_manifest_timeout(struct dfu_entity *dfu)
190 return dfu->poll_timeout ? dfu->poll_timeout(dfu) :
191 DFU_MANIFEST_POLL_TIMEOUT;
194 static void handle_getstatus(struct usb_request *req)
196 struct dfu_status *dstat = (struct dfu_status *)req->buf;
197 struct f_dfu *f_dfu = req->context;
198 struct dfu_entity *dfu = dfu_get_entity(f_dfu->altsetting);
200 dfu_set_poll_timeout(dstat, 0);
202 switch (f_dfu->dfu_state) {
203 case DFU_STATE_dfuDNLOAD_SYNC:
204 case DFU_STATE_dfuDNBUSY:
205 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_IDLE;
207 case DFU_STATE_dfuMANIFEST_SYNC:
208 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST;
210 case DFU_STATE_dfuMANIFEST:
211 dfu_set_poll_timeout(dstat, dfu_get_manifest_timeout(dfu));
217 if (f_dfu->poll_timeout)
218 if (!(f_dfu->blk_seq_num %
219 (dfu_get_buf_size() / DFU_USB_BUFSIZ)))
220 dfu_set_poll_timeout(dstat, f_dfu->poll_timeout);
222 /* send status response */
223 dstat->bStatus = f_dfu->dfu_status;
224 dstat->bState = f_dfu->dfu_state;
228 static void handle_getstate(struct usb_request *req)
230 struct f_dfu *f_dfu = req->context;
232 ((u8 *)req->buf)[0] = f_dfu->dfu_state;
233 req->actual = sizeof(u8);
236 static inline void to_dfu_mode(struct f_dfu *f_dfu)
238 f_dfu->usb_function.strings = dfu_strings;
239 f_dfu->usb_function.hs_descriptors = f_dfu->function;
240 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
243 static inline void to_runtime_mode(struct f_dfu *f_dfu)
245 f_dfu->usb_function.strings = NULL;
246 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
249 static int handle_upload(struct usb_request *req, u16 len)
251 struct f_dfu *f_dfu = req->context;
253 return dfu_read(dfu_get_entity(f_dfu->altsetting), req->buf,
254 req->length, f_dfu->blk_seq_num);
257 static int handle_dnload(struct usb_gadget *gadget, u16 len)
259 struct usb_composite_dev *cdev = get_gadget_data(gadget);
260 struct usb_request *req = cdev->req;
261 struct f_dfu *f_dfu = req->context;
264 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST_SYNC;
266 req->complete = dnload_request_complete;
271 /*-------------------------------------------------------------------------*/
272 /* DFU state machine */
273 static int state_app_idle(struct f_dfu *f_dfu,
274 const struct usb_ctrlrequest *ctrl,
275 struct usb_gadget *gadget,
276 struct usb_request *req)
280 switch (ctrl->bRequest) {
281 case USB_REQ_DFU_GETSTATUS:
282 handle_getstatus(req);
283 value = RET_STAT_LEN;
285 case USB_REQ_DFU_GETSTATE:
286 handle_getstate(req);
288 case USB_REQ_DFU_DETACH:
289 f_dfu->dfu_state = DFU_STATE_appDETACH;
301 static int state_app_detach(struct f_dfu *f_dfu,
302 const struct usb_ctrlrequest *ctrl,
303 struct usb_gadget *gadget,
304 struct usb_request *req)
308 switch (ctrl->bRequest) {
309 case USB_REQ_DFU_GETSTATUS:
310 handle_getstatus(req);
311 value = RET_STAT_LEN;
313 case USB_REQ_DFU_GETSTATE:
314 handle_getstate(req);
317 f_dfu->dfu_state = DFU_STATE_appIDLE;
325 static int state_dfu_idle(struct f_dfu *f_dfu,
326 const struct usb_ctrlrequest *ctrl,
327 struct usb_gadget *gadget,
328 struct usb_request *req)
330 u16 w_value = le16_to_cpu(ctrl->wValue);
331 u16 len = le16_to_cpu(ctrl->wLength);
334 switch (ctrl->bRequest) {
335 case USB_REQ_DFU_DNLOAD:
337 f_dfu->dfu_state = DFU_STATE_dfuERROR;
341 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
342 f_dfu->blk_seq_num = w_value;
343 value = handle_dnload(gadget, len);
345 case USB_REQ_DFU_UPLOAD:
346 f_dfu->dfu_state = DFU_STATE_dfuUPLOAD_IDLE;
347 f_dfu->blk_seq_num = 0;
348 value = handle_upload(req, len);
350 case USB_REQ_DFU_ABORT:
354 case USB_REQ_DFU_GETSTATUS:
355 handle_getstatus(req);
356 value = RET_STAT_LEN;
358 case USB_REQ_DFU_GETSTATE:
359 handle_getstate(req);
361 case USB_REQ_DFU_DETACH:
363 * Proprietary extension: 'detach' from idle mode and
364 * get back to runtime mode in case of USB Reset. As
365 * much as I dislike this, we just can't use every USB
366 * bus reset to switch back to runtime mode, since at
367 * least the Linux USB stack likes to send a number of
371 DFU_STATE_dfuMANIFEST_WAIT_RST;
372 to_runtime_mode(f_dfu);
373 f_dfu->dfu_state = DFU_STATE_appIDLE;
378 f_dfu->dfu_state = DFU_STATE_dfuERROR;
386 static int state_dfu_dnload_sync(struct f_dfu *f_dfu,
387 const struct usb_ctrlrequest *ctrl,
388 struct usb_gadget *gadget,
389 struct usb_request *req)
393 switch (ctrl->bRequest) {
394 case USB_REQ_DFU_GETSTATUS:
395 handle_getstatus(req);
396 value = RET_STAT_LEN;
398 case USB_REQ_DFU_GETSTATE:
399 handle_getstate(req);
402 f_dfu->dfu_state = DFU_STATE_dfuERROR;
410 static int state_dfu_dnbusy(struct f_dfu *f_dfu,
411 const struct usb_ctrlrequest *ctrl,
412 struct usb_gadget *gadget,
413 struct usb_request *req)
417 switch (ctrl->bRequest) {
418 case USB_REQ_DFU_GETSTATUS:
419 handle_getstatus(req);
420 value = RET_STAT_LEN;
423 f_dfu->dfu_state = DFU_STATE_dfuERROR;
431 static int state_dfu_dnload_idle(struct f_dfu *f_dfu,
432 const struct usb_ctrlrequest *ctrl,
433 struct usb_gadget *gadget,
434 struct usb_request *req)
436 u16 w_value = le16_to_cpu(ctrl->wValue);
437 u16 len = le16_to_cpu(ctrl->wLength);
440 switch (ctrl->bRequest) {
441 case USB_REQ_DFU_DNLOAD:
442 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
443 f_dfu->blk_seq_num = w_value;
444 value = handle_dnload(gadget, len);
446 case USB_REQ_DFU_ABORT:
447 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
450 case USB_REQ_DFU_GETSTATUS:
451 handle_getstatus(req);
452 value = RET_STAT_LEN;
454 case USB_REQ_DFU_GETSTATE:
455 handle_getstate(req);
458 f_dfu->dfu_state = DFU_STATE_dfuERROR;
466 static int state_dfu_manifest_sync(struct f_dfu *f_dfu,
467 const struct usb_ctrlrequest *ctrl,
468 struct usb_gadget *gadget,
469 struct usb_request *req)
473 switch (ctrl->bRequest) {
474 case USB_REQ_DFU_GETSTATUS:
475 /* We're MainfestationTolerant */
476 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST;
477 handle_getstatus(req);
478 f_dfu->blk_seq_num = 0;
479 value = RET_STAT_LEN;
480 req->complete = dnload_request_flush;
482 case USB_REQ_DFU_GETSTATE:
483 handle_getstate(req);
486 f_dfu->dfu_state = DFU_STATE_dfuERROR;
494 static int state_dfu_manifest(struct f_dfu *f_dfu,
495 const struct usb_ctrlrequest *ctrl,
496 struct usb_gadget *gadget,
497 struct usb_request *req)
501 switch (ctrl->bRequest) {
502 case USB_REQ_DFU_GETSTATUS:
503 /* We're MainfestationTolerant */
504 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
505 handle_getstatus(req);
506 f_dfu->blk_seq_num = 0;
507 value = RET_STAT_LEN;
508 puts("DOWNLOAD ... OK\nCtrl+C to exit ...\n");
510 case USB_REQ_DFU_GETSTATE:
511 handle_getstate(req);
514 f_dfu->dfu_state = DFU_STATE_dfuERROR;
521 static int state_dfu_upload_idle(struct f_dfu *f_dfu,
522 const struct usb_ctrlrequest *ctrl,
523 struct usb_gadget *gadget,
524 struct usb_request *req)
526 u16 w_value = le16_to_cpu(ctrl->wValue);
527 u16 len = le16_to_cpu(ctrl->wLength);
530 switch (ctrl->bRequest) {
531 case USB_REQ_DFU_UPLOAD:
532 /* state transition if less data then requested */
533 f_dfu->blk_seq_num = w_value;
534 value = handle_upload(req, len);
535 if (value >= 0 && value < len)
536 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
538 case USB_REQ_DFU_ABORT:
539 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
543 case USB_REQ_DFU_GETSTATUS:
544 handle_getstatus(req);
545 value = RET_STAT_LEN;
547 case USB_REQ_DFU_GETSTATE:
548 handle_getstate(req);
551 f_dfu->dfu_state = DFU_STATE_dfuERROR;
559 static int state_dfu_error(struct f_dfu *f_dfu,
560 const struct usb_ctrlrequest *ctrl,
561 struct usb_gadget *gadget,
562 struct usb_request *req)
566 switch (ctrl->bRequest) {
567 case USB_REQ_DFU_GETSTATUS:
568 handle_getstatus(req);
569 value = RET_STAT_LEN;
571 case USB_REQ_DFU_GETSTATE:
572 handle_getstate(req);
574 case USB_REQ_DFU_CLRSTATUS:
575 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
576 f_dfu->dfu_status = DFU_STATUS_OK;
581 f_dfu->dfu_state = DFU_STATE_dfuERROR;
589 static dfu_state_fn dfu_state[] = {
590 state_app_idle, /* DFU_STATE_appIDLE */
591 state_app_detach, /* DFU_STATE_appDETACH */
592 state_dfu_idle, /* DFU_STATE_dfuIDLE */
593 state_dfu_dnload_sync, /* DFU_STATE_dfuDNLOAD_SYNC */
594 state_dfu_dnbusy, /* DFU_STATE_dfuDNBUSY */
595 state_dfu_dnload_idle, /* DFU_STATE_dfuDNLOAD_IDLE */
596 state_dfu_manifest_sync, /* DFU_STATE_dfuMANIFEST_SYNC */
597 state_dfu_manifest, /* DFU_STATE_dfuMANIFEST */
598 NULL, /* DFU_STATE_dfuMANIFEST_WAIT_RST */
599 state_dfu_upload_idle, /* DFU_STATE_dfuUPLOAD_IDLE */
600 state_dfu_error /* DFU_STATE_dfuERROR */
604 dfu_handle(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
606 struct usb_gadget *gadget = f->config->cdev->gadget;
607 struct usb_request *req = f->config->cdev->req;
608 struct f_dfu *f_dfu = f->config->cdev->req->context;
609 u16 len = le16_to_cpu(ctrl->wLength);
610 u16 w_value = le16_to_cpu(ctrl->wValue);
612 u8 req_type = ctrl->bRequestType & USB_TYPE_MASK;
614 debug("w_value: 0x%x len: 0x%x\n", w_value, len);
615 debug("req_type: 0x%x ctrl->bRequest: 0x%x f_dfu->dfu_state: 0x%x\n",
616 req_type, ctrl->bRequest, f_dfu->dfu_state);
618 if (req_type == USB_TYPE_STANDARD) {
619 if (ctrl->bRequest == USB_REQ_GET_DESCRIPTOR &&
620 (w_value >> 8) == DFU_DT_FUNC) {
621 value = min(len, (u16) sizeof(dfu_func));
622 memcpy(req->buf, &dfu_func, value);
624 } else /* DFU specific request */
625 value = dfu_state[f_dfu->dfu_state] (f_dfu, ctrl, gadget, req);
629 req->zero = value < len;
630 value = usb_ep_queue(gadget->ep0, req, 0);
632 debug("ep_queue --> %d\n", value);
640 /*-------------------------------------------------------------------------*/
643 dfu_prepare_strings(struct f_dfu *f_dfu, int n)
645 struct dfu_entity *de = NULL;
648 f_dfu->strings = calloc(sizeof(struct usb_string), n + 1);
652 for (i = 0; i < n; ++i) {
653 de = dfu_get_entity(i);
654 f_dfu->strings[i].s = de->name;
657 f_dfu->strings[i].id = 0;
658 f_dfu->strings[i].s = NULL;
664 f_dfu->strings[--i].s = NULL;
666 free(f_dfu->strings);
671 static int dfu_prepare_function(struct f_dfu *f_dfu, int n)
673 struct usb_interface_descriptor *d;
676 f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n + 1);
677 if (!f_dfu->function)
680 for (i = 0; i < n; ++i) {
681 d = calloc(sizeof(*d), 1);
685 d->bLength = sizeof(*d);
686 d->bDescriptorType = USB_DT_INTERFACE;
687 d->bAlternateSetting = i;
688 d->bNumEndpoints = 0;
689 d->bInterfaceClass = USB_CLASS_APP_SPEC;
690 d->bInterfaceSubClass = 1;
691 d->bInterfaceProtocol = 2;
693 f_dfu->function[i] = (struct usb_descriptor_header *)d;
695 f_dfu->function[i] = NULL;
701 free(f_dfu->function[--i]);
702 f_dfu->function[i] = NULL;
704 free(f_dfu->function);
709 static int dfu_bind(struct usb_configuration *c, struct usb_function *f)
711 struct usb_composite_dev *cdev = c->cdev;
712 struct f_dfu *f_dfu = func_to_dfu(f);
713 int alt_num = dfu_get_alt_number();
716 id = usb_interface_id(c, f);
719 dfu_intf_runtime.bInterfaceNumber = id;
721 f_dfu->dfu_state = DFU_STATE_appIDLE;
722 f_dfu->dfu_status = DFU_STATUS_OK;
724 rv = dfu_prepare_function(f_dfu, alt_num);
728 rv = dfu_prepare_strings(f_dfu, alt_num);
731 for (i = 0; i < alt_num; i++) {
732 id = usb_string_id(cdev);
735 f_dfu->strings[i].id = id;
736 ((struct usb_interface_descriptor *)f_dfu->function[i])
742 stringtab_dfu.strings = f_dfu->strings;
744 cdev->req->context = f_dfu;
750 static void dfu_unbind(struct usb_configuration *c, struct usb_function *f)
752 struct f_dfu *f_dfu = func_to_dfu(f);
753 int alt_num = dfu_get_alt_number();
756 if (f_dfu->strings) {
759 f_dfu->strings[--i].s = NULL;
761 free(f_dfu->strings);
764 if (f_dfu->function) {
767 free(f_dfu->function[--i]);
768 f_dfu->function[i] = NULL;
770 free(f_dfu->function);
776 static int dfu_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
778 struct f_dfu *f_dfu = func_to_dfu(f);
780 debug("%s: intf:%d alt:%d\n", __func__, intf, alt);
782 f_dfu->altsetting = alt;
783 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
784 f_dfu->dfu_status = DFU_STATUS_OK;
789 /* TODO: is this really what we need here? */
790 static void dfu_disable(struct usb_function *f)
792 struct f_dfu *f_dfu = func_to_dfu(f);
793 if (f_dfu->config == 0)
796 debug("%s: reset config\n", __func__);
801 static int dfu_bind_config(struct usb_configuration *c)
806 f_dfu = calloc(sizeof(*f_dfu), 1);
809 f_dfu->usb_function.name = "dfu";
810 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
811 f_dfu->usb_function.bind = dfu_bind;
812 f_dfu->usb_function.unbind = dfu_unbind;
813 f_dfu->usb_function.set_alt = dfu_set_alt;
814 f_dfu->usb_function.disable = dfu_disable;
815 f_dfu->usb_function.strings = dfu_generic_strings;
816 f_dfu->usb_function.setup = dfu_handle;
817 f_dfu->poll_timeout = DFU_DEFAULT_POLL_TIMEOUT;
819 status = usb_add_function(c, &f_dfu->usb_function);
826 int dfu_add(struct usb_configuration *c)
830 id = usb_string_id(c->cdev);
833 strings_dfu_generic[0].id = id;
834 dfu_intf_runtime.iInterface = id;
836 debug("%s: cdev: 0x%p gadget:0x%p gadget->ep0: 0x%p\n", __func__,
837 c->cdev, c->cdev->gadget, c->cdev->gadget->ep0);
839 return dfu_bind_config(c);
842 DECLARE_GADGET_BIND_CALLBACK(usb_dnl_dfu, dfu_add);