1 // SPDX-License-Identifier: GPL-2.0+
3 * f_dfu.c -- Device Firmware Update USB function
5 * Copyright (C) 2012 Samsung Electronics
6 * authors: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
7 * Lukasz Majewski <l.majewski@samsung.com>
9 * Based on OpenMoko u-boot: drivers/usb/usbdfu.c
10 * (C) 2007 by OpenMoko, Inc.
11 * Author: Harald Welte <laforge@openmoko.org>
13 * based on existing SAM7DFU code from OpenPCD:
14 * (C) Copyright 2006 by Harald Welte <hwelte at hmw-consulting.de>
23 #include <linux/usb/ch9.h>
24 #include <linux/usb/gadget.h>
25 #include <linux/usb/composite.h>
32 struct usb_function usb_function;
34 struct usb_descriptor_header **function;
35 struct usb_string *strings;
37 /* when configured, we have one config */
40 enum dfu_state dfu_state;
41 unsigned int dfu_status;
43 /* Send/received block number is handy for data integrity check */
45 unsigned int poll_timeout;
48 struct dfu_entity *dfu_defer_flush;
50 typedef int (*dfu_state_fn) (struct f_dfu *,
51 const struct usb_ctrlrequest *,
53 struct usb_request *);
55 static inline struct f_dfu *func_to_dfu(struct usb_function *f)
57 return container_of(f, struct f_dfu, usb_function);
60 static const struct dfu_function_descriptor dfu_func = {
61 .bLength = sizeof dfu_func,
62 .bDescriptorType = DFU_DT_FUNC,
63 .bmAttributes = DFU_BIT_WILL_DETACH |
64 DFU_BIT_MANIFESTATION_TOLERANT |
68 .wTransferSize = DFU_USB_BUFSIZ,
69 .bcdDFUVersion = __constant_cpu_to_le16(0x0110),
72 static struct usb_interface_descriptor dfu_intf_runtime = {
73 .bLength = sizeof dfu_intf_runtime,
74 .bDescriptorType = USB_DT_INTERFACE,
76 .bInterfaceClass = USB_CLASS_APP_SPEC,
77 .bInterfaceSubClass = 1,
78 .bInterfaceProtocol = 1,
79 /* .iInterface = DYNAMIC */
82 static struct usb_descriptor_header *dfu_runtime_descs[] = {
83 (struct usb_descriptor_header *) &dfu_intf_runtime,
87 static const char dfu_name[] = "Device Firmware Upgrade";
90 * static strings, in UTF-8
92 * dfu_generic configuration
94 static struct usb_string strings_dfu_generic[] = {
99 static struct usb_gadget_strings stringtab_dfu_generic = {
100 .language = 0x0409, /* en-us */
101 .strings = strings_dfu_generic,
104 static struct usb_gadget_strings *dfu_generic_strings[] = {
105 &stringtab_dfu_generic,
110 * usb_function specific
112 static struct usb_gadget_strings stringtab_dfu = {
113 .language = 0x0409, /* en-us */
117 * assigned during initialization,
118 * depends on number of flash entities
123 static struct usb_gadget_strings *dfu_strings[] = {
128 static void dfu_set_poll_timeout(struct dfu_status *dstat, unsigned int ms)
131 * The bwPollTimeout DFU_GETSTATUS request payload provides information
132 * about minimum time, in milliseconds, that the host should wait before
133 * sending a subsequent DFU_GETSTATUS request
135 * This permits the device to vary the delay depending on its need to
136 * erase or program the memory
140 unsigned char *p = (unsigned char *)&ms;
142 if (!ms || (ms & ~DFU_POLL_TIMEOUT_MASK)) {
143 dstat->bwPollTimeout[0] = 0;
144 dstat->bwPollTimeout[1] = 0;
145 dstat->bwPollTimeout[2] = 0;
150 dstat->bwPollTimeout[0] = *p++;
151 dstat->bwPollTimeout[1] = *p++;
152 dstat->bwPollTimeout[2] = *p;
155 /*-------------------------------------------------------------------------*/
157 static void dnload_request_complete(struct usb_ep *ep, struct usb_request *req)
159 struct f_dfu *f_dfu = req->context;
162 ret = dfu_write(dfu_get_entity(f_dfu->altsetting), req->buf,
163 req->actual, f_dfu->blk_seq_num);
165 f_dfu->dfu_status = DFU_STATUS_errUNKNOWN;
166 f_dfu->dfu_state = DFU_STATE_dfuERROR;
170 static void dnload_request_flush(struct usb_ep *ep, struct usb_request *req)
172 struct f_dfu *f_dfu = req->context;
173 dfu_set_defer_flush(dfu_get_entity(f_dfu->altsetting));
176 static inline int dfu_get_manifest_timeout(struct dfu_entity *dfu)
178 return dfu->poll_timeout ? dfu->poll_timeout(dfu) :
179 DFU_MANIFEST_POLL_TIMEOUT;
182 static int handle_getstatus(struct usb_request *req)
184 struct dfu_status *dstat = (struct dfu_status *)req->buf;
185 struct f_dfu *f_dfu = req->context;
186 struct dfu_entity *dfu = dfu_get_entity(f_dfu->altsetting);
188 dfu_set_poll_timeout(dstat, 0);
190 switch (f_dfu->dfu_state) {
191 case DFU_STATE_dfuDNLOAD_SYNC:
192 case DFU_STATE_dfuDNBUSY:
193 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_IDLE;
195 case DFU_STATE_dfuMANIFEST_SYNC:
196 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST;
198 case DFU_STATE_dfuMANIFEST:
199 dfu_set_poll_timeout(dstat, dfu_get_manifest_timeout(dfu));
205 if (f_dfu->poll_timeout)
206 if (!(f_dfu->blk_seq_num %
207 (dfu_get_buf_size() / DFU_USB_BUFSIZ)))
208 dfu_set_poll_timeout(dstat, f_dfu->poll_timeout);
210 /* send status response */
211 dstat->bStatus = f_dfu->dfu_status;
212 dstat->bState = f_dfu->dfu_state;
215 return sizeof(struct dfu_status);
218 static int handle_getstate(struct usb_request *req)
220 struct f_dfu *f_dfu = req->context;
222 ((u8 *)req->buf)[0] = f_dfu->dfu_state;
226 static inline void to_dfu_mode(struct f_dfu *f_dfu)
228 f_dfu->usb_function.strings = dfu_strings;
229 f_dfu->usb_function.hs_descriptors = f_dfu->function;
230 f_dfu->usb_function.descriptors = f_dfu->function;
231 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
234 static inline void to_runtime_mode(struct f_dfu *f_dfu)
236 f_dfu->usb_function.strings = NULL;
237 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
238 f_dfu->usb_function.descriptors = dfu_runtime_descs;
241 static int handle_upload(struct usb_request *req, u16 len)
243 struct f_dfu *f_dfu = req->context;
245 return dfu_read(dfu_get_entity(f_dfu->altsetting), req->buf,
246 req->length, f_dfu->blk_seq_num);
249 static int handle_dnload(struct usb_gadget *gadget, u16 len)
251 struct usb_composite_dev *cdev = get_gadget_data(gadget);
252 struct usb_request *req = cdev->req;
253 struct f_dfu *f_dfu = req->context;
256 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST_SYNC;
258 req->complete = dnload_request_complete;
263 /*-------------------------------------------------------------------------*/
264 /* DFU state machine */
265 static int state_app_idle(struct f_dfu *f_dfu,
266 const struct usb_ctrlrequest *ctrl,
267 struct usb_gadget *gadget,
268 struct usb_request *req)
272 switch (ctrl->bRequest) {
273 case USB_REQ_DFU_GETSTATUS:
274 value = handle_getstatus(req);
276 case USB_REQ_DFU_GETSTATE:
277 value = handle_getstate(req);
279 case USB_REQ_DFU_DETACH:
280 f_dfu->dfu_state = DFU_STATE_appDETACH;
292 static int state_app_detach(struct f_dfu *f_dfu,
293 const struct usb_ctrlrequest *ctrl,
294 struct usb_gadget *gadget,
295 struct usb_request *req)
299 switch (ctrl->bRequest) {
300 case USB_REQ_DFU_GETSTATUS:
301 value = handle_getstatus(req);
303 case USB_REQ_DFU_GETSTATE:
304 value = handle_getstate(req);
307 f_dfu->dfu_state = DFU_STATE_appIDLE;
315 static int state_dfu_idle(struct f_dfu *f_dfu,
316 const struct usb_ctrlrequest *ctrl,
317 struct usb_gadget *gadget,
318 struct usb_request *req)
320 u16 w_value = le16_to_cpu(ctrl->wValue);
321 u16 len = le16_to_cpu(ctrl->wLength);
324 len = len > DFU_USB_BUFSIZ ? DFU_USB_BUFSIZ : len;
326 switch (ctrl->bRequest) {
327 case USB_REQ_DFU_DNLOAD:
328 if (!(ctrl->bRequestType & USB_DIR_IN)) {
330 f_dfu->dfu_state = DFU_STATE_dfuERROR;
334 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
335 f_dfu->blk_seq_num = w_value;
336 value = handle_dnload(gadget, len);
339 case USB_REQ_DFU_UPLOAD:
340 if (ctrl->bRequestType & USB_DIR_IN) {
341 f_dfu->dfu_state = DFU_STATE_dfuUPLOAD_IDLE;
342 f_dfu->blk_seq_num = 0;
343 value = handle_upload(req, len);
344 if (value >= 0 && value < len)
345 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
348 case USB_REQ_DFU_ABORT:
352 case USB_REQ_DFU_GETSTATUS:
353 value = handle_getstatus(req);
355 case USB_REQ_DFU_GETSTATE:
356 value = handle_getstate(req);
358 case USB_REQ_DFU_DETACH:
360 * Proprietary extension: 'detach' from idle mode and
361 * get back to runtime mode in case of USB Reset. As
362 * much as I dislike this, we just can't use every USB
363 * bus reset to switch back to runtime mode, since at
364 * least the Linux USB stack likes to send a number of
368 DFU_STATE_dfuMANIFEST_WAIT_RST;
369 to_runtime_mode(f_dfu);
370 f_dfu->dfu_state = DFU_STATE_appIDLE;
372 g_dnl_trigger_detach();
375 f_dfu->dfu_state = DFU_STATE_dfuERROR;
383 static int state_dfu_dnload_sync(struct f_dfu *f_dfu,
384 const struct usb_ctrlrequest *ctrl,
385 struct usb_gadget *gadget,
386 struct usb_request *req)
390 switch (ctrl->bRequest) {
391 case USB_REQ_DFU_GETSTATUS:
392 value = handle_getstatus(req);
394 case USB_REQ_DFU_GETSTATE:
395 value = handle_getstate(req);
398 f_dfu->dfu_state = DFU_STATE_dfuERROR;
406 static int state_dfu_dnbusy(struct f_dfu *f_dfu,
407 const struct usb_ctrlrequest *ctrl,
408 struct usb_gadget *gadget,
409 struct usb_request *req)
413 switch (ctrl->bRequest) {
414 case USB_REQ_DFU_GETSTATUS:
415 value = handle_getstatus(req);
418 f_dfu->dfu_state = DFU_STATE_dfuERROR;
426 static int state_dfu_dnload_idle(struct f_dfu *f_dfu,
427 const struct usb_ctrlrequest *ctrl,
428 struct usb_gadget *gadget,
429 struct usb_request *req)
431 u16 w_value = le16_to_cpu(ctrl->wValue);
432 u16 len = le16_to_cpu(ctrl->wLength);
435 len = len > DFU_USB_BUFSIZ ? DFU_USB_BUFSIZ : len;
437 switch (ctrl->bRequest) {
438 case USB_REQ_DFU_DNLOAD:
439 if (!(ctrl->bRequestType & USB_DIR_IN)) {
440 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
441 f_dfu->blk_seq_num = w_value;
442 value = handle_dnload(gadget, len);
445 case USB_REQ_DFU_ABORT:
446 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
449 case USB_REQ_DFU_GETSTATUS:
450 value = handle_getstatus(req);
452 case USB_REQ_DFU_GETSTATE:
453 value = handle_getstate(req);
456 f_dfu->dfu_state = DFU_STATE_dfuERROR;
464 static int state_dfu_manifest_sync(struct f_dfu *f_dfu,
465 const struct usb_ctrlrequest *ctrl,
466 struct usb_gadget *gadget,
467 struct usb_request *req)
471 switch (ctrl->bRequest) {
472 case USB_REQ_DFU_GETSTATUS:
473 /* We're MainfestationTolerant */
474 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST;
475 value = handle_getstatus(req);
476 f_dfu->blk_seq_num = 0;
477 req->complete = dnload_request_flush;
479 case USB_REQ_DFU_GETSTATE:
480 value = handle_getstate(req);
483 f_dfu->dfu_state = DFU_STATE_dfuERROR;
491 static int state_dfu_manifest(struct f_dfu *f_dfu,
492 const struct usb_ctrlrequest *ctrl,
493 struct usb_gadget *gadget,
494 struct usb_request *req)
498 switch (ctrl->bRequest) {
499 case USB_REQ_DFU_GETSTATUS:
500 /* We're MainfestationTolerant */
501 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
502 value = handle_getstatus(req);
503 f_dfu->blk_seq_num = 0;
504 puts("DOWNLOAD ... OK\nCtrl+C to exit ...\n");
506 case USB_REQ_DFU_GETSTATE:
507 value = handle_getstate(req);
510 f_dfu->dfu_state = DFU_STATE_dfuERROR;
517 static int state_dfu_upload_idle(struct f_dfu *f_dfu,
518 const struct usb_ctrlrequest *ctrl,
519 struct usb_gadget *gadget,
520 struct usb_request *req)
522 u16 w_value = le16_to_cpu(ctrl->wValue);
523 u16 len = le16_to_cpu(ctrl->wLength);
526 len = len > DFU_USB_BUFSIZ ? DFU_USB_BUFSIZ : len;
528 switch (ctrl->bRequest) {
529 case USB_REQ_DFU_UPLOAD:
530 if (ctrl->bRequestType & USB_DIR_IN) {
531 /* state transition if less data then requested */
532 f_dfu->blk_seq_num = w_value;
533 value = handle_upload(req, len);
534 if (value >= 0 && value < len)
535 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
538 case USB_REQ_DFU_ABORT:
539 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
543 case USB_REQ_DFU_GETSTATUS:
544 value = handle_getstatus(req);
546 case USB_REQ_DFU_GETSTATE:
547 value = handle_getstate(req);
550 f_dfu->dfu_state = DFU_STATE_dfuERROR;
558 static int state_dfu_error(struct f_dfu *f_dfu,
559 const struct usb_ctrlrequest *ctrl,
560 struct usb_gadget *gadget,
561 struct usb_request *req)
565 switch (ctrl->bRequest) {
566 case USB_REQ_DFU_GETSTATUS:
567 value = handle_getstatus(req);
569 case USB_REQ_DFU_GETSTATE:
570 value = handle_getstate(req);
572 case USB_REQ_DFU_CLRSTATUS:
573 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
574 f_dfu->dfu_status = DFU_STATUS_OK;
579 f_dfu->dfu_state = DFU_STATE_dfuERROR;
587 static dfu_state_fn dfu_state[] = {
588 state_app_idle, /* DFU_STATE_appIDLE */
589 state_app_detach, /* DFU_STATE_appDETACH */
590 state_dfu_idle, /* DFU_STATE_dfuIDLE */
591 state_dfu_dnload_sync, /* DFU_STATE_dfuDNLOAD_SYNC */
592 state_dfu_dnbusy, /* DFU_STATE_dfuDNBUSY */
593 state_dfu_dnload_idle, /* DFU_STATE_dfuDNLOAD_IDLE */
594 state_dfu_manifest_sync, /* DFU_STATE_dfuMANIFEST_SYNC */
595 state_dfu_manifest, /* DFU_STATE_dfuMANIFEST */
596 NULL, /* DFU_STATE_dfuMANIFEST_WAIT_RST */
597 state_dfu_upload_idle, /* DFU_STATE_dfuUPLOAD_IDLE */
598 state_dfu_error /* DFU_STATE_dfuERROR */
602 dfu_handle(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
604 struct usb_gadget *gadget = f->config->cdev->gadget;
605 struct usb_request *req = f->config->cdev->req;
606 struct f_dfu *f_dfu = f->config->cdev->req->context;
607 u16 len = le16_to_cpu(ctrl->wLength);
608 u16 w_value = le16_to_cpu(ctrl->wValue);
610 u8 req_type = ctrl->bRequestType & USB_TYPE_MASK;
612 len = len > DFU_USB_BUFSIZ ? DFU_USB_BUFSIZ : len;
614 debug("w_value: 0x%x len: 0x%x\n", w_value, len);
615 debug("req_type: 0x%x ctrl->bRequest: 0x%x f_dfu->dfu_state: 0x%x\n",
616 req_type, ctrl->bRequest, f_dfu->dfu_state);
618 #ifdef CONFIG_DFU_TIMEOUT
619 /* Forbid aborting by timeout. Next dfu command may update this */
623 if (req_type == USB_TYPE_STANDARD) {
624 if (ctrl->bRequest == USB_REQ_GET_DESCRIPTOR &&
625 (w_value >> 8) == DFU_DT_FUNC) {
626 value = min(len, (u16) sizeof(dfu_func));
627 memcpy(req->buf, &dfu_func, value);
629 } else /* DFU specific request */
630 value = dfu_state[f_dfu->dfu_state] (f_dfu, ctrl, gadget, req);
633 req->length = value > DFU_USB_BUFSIZ ? DFU_USB_BUFSIZ : value;
634 req->zero = value < len;
635 value = usb_ep_queue(gadget->ep0, req, 0);
637 debug("ep_queue --> %d\n", value);
645 /*-------------------------------------------------------------------------*/
648 dfu_prepare_strings(struct f_dfu *f_dfu, int n)
650 struct dfu_entity *de = NULL;
653 f_dfu->strings = calloc(sizeof(struct usb_string), n + 1);
657 for (i = 0; i < n; ++i) {
658 de = dfu_get_entity(i);
659 f_dfu->strings[i].s = de->name;
662 f_dfu->strings[i].id = 0;
663 f_dfu->strings[i].s = NULL;
668 static int dfu_prepare_function(struct f_dfu *f_dfu, int n)
670 struct usb_interface_descriptor *d;
673 f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n + 2);
674 if (!f_dfu->function)
677 for (i = 0; i < n; ++i) {
678 d = calloc(sizeof(*d), 1);
682 d->bLength = sizeof(*d);
683 d->bDescriptorType = USB_DT_INTERFACE;
684 d->bAlternateSetting = i;
685 d->bNumEndpoints = 0;
686 d->bInterfaceClass = USB_CLASS_APP_SPEC;
687 d->bInterfaceSubClass = 1;
688 d->bInterfaceProtocol = 2;
690 f_dfu->function[i] = (struct usb_descriptor_header *)d;
693 /* add DFU Functional Descriptor */
694 f_dfu->function[i] = calloc(sizeof(dfu_func), 1);
695 if (!f_dfu->function[i])
697 memcpy(f_dfu->function[i], &dfu_func, sizeof(dfu_func));
700 f_dfu->function[i] = NULL;
706 free(f_dfu->function[--i]);
707 f_dfu->function[i] = NULL;
709 free(f_dfu->function);
714 static int dfu_bind(struct usb_configuration *c, struct usb_function *f)
716 struct usb_composite_dev *cdev = c->cdev;
717 struct f_dfu *f_dfu = func_to_dfu(f);
719 int alt_num = dfu_get_alt_number();
722 id = usb_interface_id(c, f);
725 dfu_intf_runtime.bInterfaceNumber = id;
727 f_dfu->dfu_state = DFU_STATE_appIDLE;
728 f_dfu->dfu_status = DFU_STATUS_OK;
730 rv = dfu_prepare_function(f_dfu, alt_num);
734 rv = dfu_prepare_strings(f_dfu, alt_num);
737 for (i = 0; i < alt_num; i++) {
738 id = usb_string_id(cdev);
741 f_dfu->strings[i].id = id;
742 ((struct usb_interface_descriptor *)f_dfu->function[i])
748 stringtab_dfu.strings = f_dfu->strings;
750 cdev->req->context = f_dfu;
752 s = env_get("serial#");
754 g_dnl_set_serialnumber((char *)s);
760 static void dfu_unbind(struct usb_configuration *c, struct usb_function *f)
762 struct f_dfu *f_dfu = func_to_dfu(f);
763 int alt_num = dfu_get_alt_number();
766 if (f_dfu->strings) {
769 f_dfu->strings[--i].s = NULL;
771 free(f_dfu->strings);
774 if (f_dfu->function) {
776 i++; /* free DFU Functional Descriptor */
778 free(f_dfu->function[--i]);
779 f_dfu->function[i] = NULL;
781 free(f_dfu->function);
787 static int dfu_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
789 struct f_dfu *f_dfu = func_to_dfu(f);
791 debug("%s: intf:%d alt:%d\n", __func__, intf, alt);
793 f_dfu->altsetting = alt;
794 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
795 f_dfu->dfu_status = DFU_STATUS_OK;
800 static int __dfu_get_alt(struct usb_function *f, unsigned intf)
802 struct f_dfu *f_dfu = func_to_dfu(f);
804 return f_dfu->altsetting;
807 /* TODO: is this really what we need here? */
808 static void dfu_disable(struct usb_function *f)
810 struct f_dfu *f_dfu = func_to_dfu(f);
811 if (f_dfu->config == 0)
814 debug("%s: reset config\n", __func__);
819 static int dfu_bind_config(struct usb_configuration *c)
824 f_dfu = calloc(sizeof(*f_dfu), 1);
827 f_dfu->usb_function.name = "dfu";
828 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
829 f_dfu->usb_function.descriptors = dfu_runtime_descs;
830 f_dfu->usb_function.bind = dfu_bind;
831 f_dfu->usb_function.unbind = dfu_unbind;
832 f_dfu->usb_function.set_alt = dfu_set_alt;
833 f_dfu->usb_function.get_alt = __dfu_get_alt;
834 f_dfu->usb_function.disable = dfu_disable;
835 f_dfu->usb_function.strings = dfu_generic_strings;
836 f_dfu->usb_function.setup = dfu_handle;
837 f_dfu->poll_timeout = DFU_DEFAULT_POLL_TIMEOUT;
839 status = usb_add_function(c, &f_dfu->usb_function);
846 int dfu_add(struct usb_configuration *c)
850 id = usb_string_id(c->cdev);
853 strings_dfu_generic[0].id = id;
854 dfu_intf_runtime.iInterface = id;
856 debug("%s: cdev: 0x%p gadget:0x%p gadget->ep0: 0x%p\n", __func__,
857 c->cdev, c->cdev->gadget, c->cdev->gadget->ep0);
859 return dfu_bind_config(c);
862 DECLARE_GADGET_BIND_CALLBACK(usb_dnl_dfu, dfu_add);
projects / platform / kernel / u-boot.git / blob