2 * f_dfu.c -- Device Firmware Update USB function
4 * Copyright (C) 2012 Samsung Electronics
5 * authors: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
6 * Lukasz Majewski <l.majewski@samsung.com>
8 * Based on OpenMoko u-boot: drivers/usb/usbdfu.c
9 * (C) 2007 by OpenMoko, Inc.
10 * Author: Harald Welte <laforge@openmoko.org>
12 * based on existing SAM7DFU code from OpenPCD:
13 * (C) Copyright 2006 by Harald Welte <hwelte at hmw-consulting.de>
15 * SPDX-License-Identifier: GPL-2.0+
22 #include <linux/usb/ch9.h>
23 #include <linux/usb/gadget.h>
24 #include <linux/usb/composite.h>
31 struct usb_function usb_function;
33 struct usb_descriptor_header **function;
34 struct usb_string *strings;
36 /* when configured, we have one config */
39 enum dfu_state dfu_state;
40 unsigned int dfu_status;
42 /* Send/received block number is handy for data integrity check */
44 unsigned int poll_timeout;
47 typedef int (*dfu_state_fn) (struct f_dfu *,
48 const struct usb_ctrlrequest *,
50 struct usb_request *);
52 static inline struct f_dfu *func_to_dfu(struct usb_function *f)
54 return container_of(f, struct f_dfu, usb_function);
57 static const struct dfu_function_descriptor dfu_func = {
58 .bLength = sizeof dfu_func,
59 .bDescriptorType = DFU_DT_FUNC,
60 .bmAttributes = DFU_BIT_WILL_DETACH |
61 DFU_BIT_MANIFESTATION_TOLERANT |
65 .wTransferSize = DFU_USB_BUFSIZ,
66 .bcdDFUVersion = __constant_cpu_to_le16(0x0110),
69 static struct usb_interface_descriptor dfu_intf_runtime = {
70 .bLength = sizeof dfu_intf_runtime,
71 .bDescriptorType = USB_DT_INTERFACE,
73 .bInterfaceClass = USB_CLASS_APP_SPEC,
74 .bInterfaceSubClass = 1,
75 .bInterfaceProtocol = 1,
76 /* .iInterface = DYNAMIC */
79 static struct usb_descriptor_header *dfu_runtime_descs[] = {
80 (struct usb_descriptor_header *) &dfu_intf_runtime,
84 static const char dfu_name[] = "Device Firmware Upgrade";
87 * static strings, in UTF-8
89 * dfu_generic configuration
91 static struct usb_string strings_dfu_generic[] = {
96 static struct usb_gadget_strings stringtab_dfu_generic = {
97 .language = 0x0409, /* en-us */
98 .strings = strings_dfu_generic,
101 static struct usb_gadget_strings *dfu_generic_strings[] = {
102 &stringtab_dfu_generic,
107 * usb_function specific
109 static struct usb_gadget_strings stringtab_dfu = {
110 .language = 0x0409, /* en-us */
114 * assigned during initialization,
115 * depends on number of flash entities
120 static struct usb_gadget_strings *dfu_strings[] = {
125 static void dfu_set_poll_timeout(struct dfu_status *dstat, unsigned int ms)
128 * The bwPollTimeout DFU_GETSTATUS request payload provides information
129 * about minimum time, in milliseconds, that the host should wait before
130 * sending a subsequent DFU_GETSTATUS request
132 * This permits the device to vary the delay depending on its need to
133 * erase or program the memory
137 unsigned char *p = (unsigned char *)&ms;
139 if (!ms || (ms & ~DFU_POLL_TIMEOUT_MASK)) {
140 dstat->bwPollTimeout[0] = 0;
141 dstat->bwPollTimeout[1] = 0;
142 dstat->bwPollTimeout[2] = 0;
147 dstat->bwPollTimeout[0] = *p++;
148 dstat->bwPollTimeout[1] = *p++;
149 dstat->bwPollTimeout[2] = *p;
152 /*-------------------------------------------------------------------------*/
154 static void dnload_request_complete(struct usb_ep *ep, struct usb_request *req)
156 struct f_dfu *f_dfu = req->context;
159 ret = dfu_write(dfu_get_entity(f_dfu->altsetting), req->buf,
160 req->length, f_dfu->blk_seq_num);
162 f_dfu->dfu_status = DFU_STATUS_errUNKNOWN;
163 f_dfu->dfu_state = DFU_STATE_dfuERROR;
167 static void dnload_request_flush(struct usb_ep *ep, struct usb_request *req)
169 struct f_dfu *f_dfu = req->context;
172 ret = dfu_flush(dfu_get_entity(f_dfu->altsetting), req->buf,
173 req->length, f_dfu->blk_seq_num);
175 f_dfu->dfu_status = DFU_STATUS_errUNKNOWN;
176 f_dfu->dfu_state = DFU_STATE_dfuERROR;
180 static inline int dfu_get_manifest_timeout(struct dfu_entity *dfu)
182 return dfu->poll_timeout ? dfu->poll_timeout(dfu) :
183 DFU_MANIFEST_POLL_TIMEOUT;
186 static void handle_getstatus(struct usb_request *req)
188 struct dfu_status *dstat = (struct dfu_status *)req->buf;
189 struct f_dfu *f_dfu = req->context;
190 struct dfu_entity *dfu = dfu_get_entity(f_dfu->altsetting);
192 dfu_set_poll_timeout(dstat, 0);
194 switch (f_dfu->dfu_state) {
195 case DFU_STATE_dfuDNLOAD_SYNC:
196 case DFU_STATE_dfuDNBUSY:
197 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_IDLE;
199 case DFU_STATE_dfuMANIFEST_SYNC:
200 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST;
202 case DFU_STATE_dfuMANIFEST:
203 dfu_set_poll_timeout(dstat, dfu_get_manifest_timeout(dfu));
209 if (f_dfu->poll_timeout)
210 if (!(f_dfu->blk_seq_num %
211 (dfu_get_buf_size() / DFU_USB_BUFSIZ)))
212 dfu_set_poll_timeout(dstat, f_dfu->poll_timeout);
214 /* send status response */
215 dstat->bStatus = f_dfu->dfu_status;
216 dstat->bState = f_dfu->dfu_state;
220 static void handle_getstate(struct usb_request *req)
222 struct f_dfu *f_dfu = req->context;
224 ((u8 *)req->buf)[0] = f_dfu->dfu_state;
225 req->actual = sizeof(u8);
228 static inline void to_dfu_mode(struct f_dfu *f_dfu)
230 f_dfu->usb_function.strings = dfu_strings;
231 f_dfu->usb_function.hs_descriptors = f_dfu->function;
232 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
235 static inline void to_runtime_mode(struct f_dfu *f_dfu)
237 f_dfu->usb_function.strings = NULL;
238 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
241 static int handle_upload(struct usb_request *req, u16 len)
243 struct f_dfu *f_dfu = req->context;
245 return dfu_read(dfu_get_entity(f_dfu->altsetting), req->buf,
246 req->length, f_dfu->blk_seq_num);
249 static int handle_dnload(struct usb_gadget *gadget, u16 len)
251 struct usb_composite_dev *cdev = get_gadget_data(gadget);
252 struct usb_request *req = cdev->req;
253 struct f_dfu *f_dfu = req->context;
256 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST_SYNC;
258 req->complete = dnload_request_complete;
263 /*-------------------------------------------------------------------------*/
264 /* DFU state machine */
265 static int state_app_idle(struct f_dfu *f_dfu,
266 const struct usb_ctrlrequest *ctrl,
267 struct usb_gadget *gadget,
268 struct usb_request *req)
272 switch (ctrl->bRequest) {
273 case USB_REQ_DFU_GETSTATUS:
274 handle_getstatus(req);
275 value = RET_STAT_LEN;
277 case USB_REQ_DFU_GETSTATE:
278 handle_getstate(req);
280 case USB_REQ_DFU_DETACH:
281 f_dfu->dfu_state = DFU_STATE_appDETACH;
293 static int state_app_detach(struct f_dfu *f_dfu,
294 const struct usb_ctrlrequest *ctrl,
295 struct usb_gadget *gadget,
296 struct usb_request *req)
300 switch (ctrl->bRequest) {
301 case USB_REQ_DFU_GETSTATUS:
302 handle_getstatus(req);
303 value = RET_STAT_LEN;
305 case USB_REQ_DFU_GETSTATE:
306 handle_getstate(req);
309 f_dfu->dfu_state = DFU_STATE_appIDLE;
317 static int state_dfu_idle(struct f_dfu *f_dfu,
318 const struct usb_ctrlrequest *ctrl,
319 struct usb_gadget *gadget,
320 struct usb_request *req)
322 u16 w_value = le16_to_cpu(ctrl->wValue);
323 u16 len = le16_to_cpu(ctrl->wLength);
326 switch (ctrl->bRequest) {
327 case USB_REQ_DFU_DNLOAD:
329 f_dfu->dfu_state = DFU_STATE_dfuERROR;
333 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
334 f_dfu->blk_seq_num = w_value;
335 value = handle_dnload(gadget, len);
337 case USB_REQ_DFU_UPLOAD:
338 f_dfu->dfu_state = DFU_STATE_dfuUPLOAD_IDLE;
339 f_dfu->blk_seq_num = 0;
340 value = handle_upload(req, len);
342 case USB_REQ_DFU_ABORT:
346 case USB_REQ_DFU_GETSTATUS:
347 handle_getstatus(req);
348 value = RET_STAT_LEN;
350 case USB_REQ_DFU_GETSTATE:
351 handle_getstate(req);
353 case USB_REQ_DFU_DETACH:
355 * Proprietary extension: 'detach' from idle mode and
356 * get back to runtime mode in case of USB Reset. As
357 * much as I dislike this, we just can't use every USB
358 * bus reset to switch back to runtime mode, since at
359 * least the Linux USB stack likes to send a number of
363 DFU_STATE_dfuMANIFEST_WAIT_RST;
364 to_runtime_mode(f_dfu);
365 f_dfu->dfu_state = DFU_STATE_appIDLE;
367 dfu_trigger_detach();
370 f_dfu->dfu_state = DFU_STATE_dfuERROR;
378 static int state_dfu_dnload_sync(struct f_dfu *f_dfu,
379 const struct usb_ctrlrequest *ctrl,
380 struct usb_gadget *gadget,
381 struct usb_request *req)
385 switch (ctrl->bRequest) {
386 case USB_REQ_DFU_GETSTATUS:
387 handle_getstatus(req);
388 value = RET_STAT_LEN;
390 case USB_REQ_DFU_GETSTATE:
391 handle_getstate(req);
394 f_dfu->dfu_state = DFU_STATE_dfuERROR;
402 static int state_dfu_dnbusy(struct f_dfu *f_dfu,
403 const struct usb_ctrlrequest *ctrl,
404 struct usb_gadget *gadget,
405 struct usb_request *req)
409 switch (ctrl->bRequest) {
410 case USB_REQ_DFU_GETSTATUS:
411 handle_getstatus(req);
412 value = RET_STAT_LEN;
415 f_dfu->dfu_state = DFU_STATE_dfuERROR;
423 static int state_dfu_dnload_idle(struct f_dfu *f_dfu,
424 const struct usb_ctrlrequest *ctrl,
425 struct usb_gadget *gadget,
426 struct usb_request *req)
428 u16 w_value = le16_to_cpu(ctrl->wValue);
429 u16 len = le16_to_cpu(ctrl->wLength);
432 switch (ctrl->bRequest) {
433 case USB_REQ_DFU_DNLOAD:
434 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
435 f_dfu->blk_seq_num = w_value;
436 value = handle_dnload(gadget, len);
438 case USB_REQ_DFU_ABORT:
439 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
442 case USB_REQ_DFU_GETSTATUS:
443 handle_getstatus(req);
444 value = RET_STAT_LEN;
446 case USB_REQ_DFU_GETSTATE:
447 handle_getstate(req);
450 f_dfu->dfu_state = DFU_STATE_dfuERROR;
458 static int state_dfu_manifest_sync(struct f_dfu *f_dfu,
459 const struct usb_ctrlrequest *ctrl,
460 struct usb_gadget *gadget,
461 struct usb_request *req)
465 switch (ctrl->bRequest) {
466 case USB_REQ_DFU_GETSTATUS:
467 /* We're MainfestationTolerant */
468 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST;
469 handle_getstatus(req);
470 f_dfu->blk_seq_num = 0;
471 value = RET_STAT_LEN;
472 req->complete = dnload_request_flush;
474 case USB_REQ_DFU_GETSTATE:
475 handle_getstate(req);
478 f_dfu->dfu_state = DFU_STATE_dfuERROR;
486 static int state_dfu_manifest(struct f_dfu *f_dfu,
487 const struct usb_ctrlrequest *ctrl,
488 struct usb_gadget *gadget,
489 struct usb_request *req)
493 switch (ctrl->bRequest) {
494 case USB_REQ_DFU_GETSTATUS:
495 /* We're MainfestationTolerant */
496 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
497 handle_getstatus(req);
498 f_dfu->blk_seq_num = 0;
499 value = RET_STAT_LEN;
500 puts("DOWNLOAD ... OK\nCtrl+C to exit ...\n");
502 case USB_REQ_DFU_GETSTATE:
503 handle_getstate(req);
506 f_dfu->dfu_state = DFU_STATE_dfuERROR;
513 static int state_dfu_upload_idle(struct f_dfu *f_dfu,
514 const struct usb_ctrlrequest *ctrl,
515 struct usb_gadget *gadget,
516 struct usb_request *req)
518 u16 w_value = le16_to_cpu(ctrl->wValue);
519 u16 len = le16_to_cpu(ctrl->wLength);
522 switch (ctrl->bRequest) {
523 case USB_REQ_DFU_UPLOAD:
524 /* state transition if less data then requested */
525 f_dfu->blk_seq_num = w_value;
526 value = handle_upload(req, len);
527 if (value >= 0 && value < len)
528 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
530 case USB_REQ_DFU_ABORT:
531 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
535 case USB_REQ_DFU_GETSTATUS:
536 handle_getstatus(req);
537 value = RET_STAT_LEN;
539 case USB_REQ_DFU_GETSTATE:
540 handle_getstate(req);
543 f_dfu->dfu_state = DFU_STATE_dfuERROR;
551 static int state_dfu_error(struct f_dfu *f_dfu,
552 const struct usb_ctrlrequest *ctrl,
553 struct usb_gadget *gadget,
554 struct usb_request *req)
558 switch (ctrl->bRequest) {
559 case USB_REQ_DFU_GETSTATUS:
560 handle_getstatus(req);
561 value = RET_STAT_LEN;
563 case USB_REQ_DFU_GETSTATE:
564 handle_getstate(req);
566 case USB_REQ_DFU_CLRSTATUS:
567 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
568 f_dfu->dfu_status = DFU_STATUS_OK;
573 f_dfu->dfu_state = DFU_STATE_dfuERROR;
581 static dfu_state_fn dfu_state[] = {
582 state_app_idle, /* DFU_STATE_appIDLE */
583 state_app_detach, /* DFU_STATE_appDETACH */
584 state_dfu_idle, /* DFU_STATE_dfuIDLE */
585 state_dfu_dnload_sync, /* DFU_STATE_dfuDNLOAD_SYNC */
586 state_dfu_dnbusy, /* DFU_STATE_dfuDNBUSY */
587 state_dfu_dnload_idle, /* DFU_STATE_dfuDNLOAD_IDLE */
588 state_dfu_manifest_sync, /* DFU_STATE_dfuMANIFEST_SYNC */
589 state_dfu_manifest, /* DFU_STATE_dfuMANIFEST */
590 NULL, /* DFU_STATE_dfuMANIFEST_WAIT_RST */
591 state_dfu_upload_idle, /* DFU_STATE_dfuUPLOAD_IDLE */
592 state_dfu_error /* DFU_STATE_dfuERROR */
596 dfu_handle(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
598 struct usb_gadget *gadget = f->config->cdev->gadget;
599 struct usb_request *req = f->config->cdev->req;
600 struct f_dfu *f_dfu = f->config->cdev->req->context;
601 u16 len = le16_to_cpu(ctrl->wLength);
602 u16 w_value = le16_to_cpu(ctrl->wValue);
604 u8 req_type = ctrl->bRequestType & USB_TYPE_MASK;
606 debug("w_value: 0x%x len: 0x%x\n", w_value, len);
607 debug("req_type: 0x%x ctrl->bRequest: 0x%x f_dfu->dfu_state: 0x%x\n",
608 req_type, ctrl->bRequest, f_dfu->dfu_state);
610 if (req_type == USB_TYPE_STANDARD) {
611 if (ctrl->bRequest == USB_REQ_GET_DESCRIPTOR &&
612 (w_value >> 8) == DFU_DT_FUNC) {
613 value = min(len, (u16) sizeof(dfu_func));
614 memcpy(req->buf, &dfu_func, value);
616 } else /* DFU specific request */
617 value = dfu_state[f_dfu->dfu_state] (f_dfu, ctrl, gadget, req);
621 req->zero = value < len;
622 value = usb_ep_queue(gadget->ep0, req, 0);
624 debug("ep_queue --> %d\n", value);
632 /*-------------------------------------------------------------------------*/
635 dfu_prepare_strings(struct f_dfu *f_dfu, int n)
637 struct dfu_entity *de = NULL;
640 f_dfu->strings = calloc(sizeof(struct usb_string), n + 1);
644 for (i = 0; i < n; ++i) {
645 de = dfu_get_entity(i);
646 f_dfu->strings[i].s = de->name;
649 f_dfu->strings[i].id = 0;
650 f_dfu->strings[i].s = NULL;
656 f_dfu->strings[--i].s = NULL;
658 free(f_dfu->strings);
663 static int dfu_prepare_function(struct f_dfu *f_dfu, int n)
665 struct usb_interface_descriptor *d;
668 f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n + 1);
669 if (!f_dfu->function)
672 for (i = 0; i < n; ++i) {
673 d = calloc(sizeof(*d), 1);
677 d->bLength = sizeof(*d);
678 d->bDescriptorType = USB_DT_INTERFACE;
679 d->bAlternateSetting = i;
680 d->bNumEndpoints = 0;
681 d->bInterfaceClass = USB_CLASS_APP_SPEC;
682 d->bInterfaceSubClass = 1;
683 d->bInterfaceProtocol = 2;
685 f_dfu->function[i] = (struct usb_descriptor_header *)d;
687 f_dfu->function[i] = NULL;
693 free(f_dfu->function[--i]);
694 f_dfu->function[i] = NULL;
696 free(f_dfu->function);
701 static int dfu_bind(struct usb_configuration *c, struct usb_function *f)
703 struct usb_composite_dev *cdev = c->cdev;
704 struct f_dfu *f_dfu = func_to_dfu(f);
705 int alt_num = dfu_get_alt_number();
708 id = usb_interface_id(c, f);
711 dfu_intf_runtime.bInterfaceNumber = id;
713 f_dfu->dfu_state = DFU_STATE_appIDLE;
714 f_dfu->dfu_status = DFU_STATUS_OK;
716 rv = dfu_prepare_function(f_dfu, alt_num);
720 rv = dfu_prepare_strings(f_dfu, alt_num);
723 for (i = 0; i < alt_num; i++) {
724 id = usb_string_id(cdev);
727 f_dfu->strings[i].id = id;
728 ((struct usb_interface_descriptor *)f_dfu->function[i])
734 stringtab_dfu.strings = f_dfu->strings;
736 cdev->req->context = f_dfu;
742 static void dfu_unbind(struct usb_configuration *c, struct usb_function *f)
744 struct f_dfu *f_dfu = func_to_dfu(f);
745 int alt_num = dfu_get_alt_number();
748 if (f_dfu->strings) {
751 f_dfu->strings[--i].s = NULL;
753 free(f_dfu->strings);
756 if (f_dfu->function) {
759 free(f_dfu->function[--i]);
760 f_dfu->function[i] = NULL;
762 free(f_dfu->function);
768 static int dfu_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
770 struct f_dfu *f_dfu = func_to_dfu(f);
772 debug("%s: intf:%d alt:%d\n", __func__, intf, alt);
774 f_dfu->altsetting = alt;
775 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
776 f_dfu->dfu_status = DFU_STATUS_OK;
781 /* TODO: is this really what we need here? */
782 static void dfu_disable(struct usb_function *f)
784 struct f_dfu *f_dfu = func_to_dfu(f);
785 if (f_dfu->config == 0)
788 debug("%s: reset config\n", __func__);
793 static int dfu_bind_config(struct usb_configuration *c)
798 f_dfu = calloc(sizeof(*f_dfu), 1);
801 f_dfu->usb_function.name = "dfu";
802 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
803 f_dfu->usb_function.bind = dfu_bind;
804 f_dfu->usb_function.unbind = dfu_unbind;
805 f_dfu->usb_function.set_alt = dfu_set_alt;
806 f_dfu->usb_function.disable = dfu_disable;
807 f_dfu->usb_function.strings = dfu_generic_strings;
808 f_dfu->usb_function.setup = dfu_handle;
809 f_dfu->poll_timeout = DFU_DEFAULT_POLL_TIMEOUT;
811 status = usb_add_function(c, &f_dfu->usb_function);
818 int dfu_add(struct usb_configuration *c)
822 id = usb_string_id(c->cdev);
825 strings_dfu_generic[0].id = id;
826 dfu_intf_runtime.iInterface = id;
828 debug("%s: cdev: 0x%p gadget:0x%p gadget->ep0: 0x%p\n", __func__,
829 c->cdev, c->cdev->gadget, c->cdev->gadget->ep0);
831 return dfu_bind_config(c);
834 DECLARE_GADGET_BIND_CALLBACK(usb_dnl_dfu, dfu_add);
projects / karo-tx-uboot.git / blob