2 * f_dfu.c -- Device Firmware Update USB function
4 * Copyright (C) 2012 Samsung Electronics
5 * authors: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
6 * Lukasz Majewski <l.majewski@samsung.com>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27 #include <linux/usb/ch9.h>
28 #include <usbdescriptors.h>
29 #include <linux/usb/gadget.h>
30 #include <linux/usb/composite.h>
36 struct usb_function usb_function;
38 struct usb_descriptor_header **function;
39 struct usb_string *strings;
41 /* when configured, we have one config */
44 enum dfu_state dfu_state;
45 unsigned int dfu_status;
47 /* Send/received block number is handy for data integrity check */
51 typedef int (*dfu_state_fn) (struct f_dfu *,
52 const struct usb_ctrlrequest *,
54 struct usb_request *);
56 static inline struct f_dfu *func_to_dfu(struct usb_function *f)
58 return container_of(f, struct f_dfu, usb_function);
61 static const struct dfu_function_descriptor dfu_func = {
62 .bLength = sizeof dfu_func,
63 .bDescriptorType = DFU_DT_FUNC,
64 .bmAttributes = DFU_BIT_WILL_DETACH |
65 DFU_BIT_MANIFESTATION_TOLERANT |
69 .wTransferSize = DFU_USB_BUFSIZ,
70 .bcdDFUVersion = __constant_cpu_to_le16(0x0110),
73 static struct usb_interface_descriptor dfu_intf_runtime = {
74 .bLength = sizeof dfu_intf_runtime,
75 .bDescriptorType = USB_DT_INTERFACE,
77 .bInterfaceClass = USB_CLASS_APP_SPEC,
78 .bInterfaceSubClass = 1,
79 .bInterfaceProtocol = 1,
80 /* .iInterface = DYNAMIC */
83 static struct usb_descriptor_header *dfu_runtime_descs[] = {
84 (struct usb_descriptor_header *) &dfu_intf_runtime,
88 static const struct usb_qualifier_descriptor dev_qualifier = {
89 .bLength = sizeof dev_qualifier,
90 .bDescriptorType = USB_DT_DEVICE_QUALIFIER,
91 .bcdUSB = __constant_cpu_to_le16(0x0200),
92 .bDeviceClass = USB_CLASS_VENDOR_SPEC,
93 .bNumConfigurations = 1,
96 static const char dfu_name[] = "Device Firmware Upgrade";
99 * static strings, in UTF-8
101 * dfu_generic configuration
103 static struct usb_string strings_dfu_generic[] = {
105 { } /* end of list */
108 static struct usb_gadget_strings stringtab_dfu_generic = {
109 .language = 0x0409, /* en-us */
110 .strings = strings_dfu_generic,
113 static struct usb_gadget_strings *dfu_generic_strings[] = {
114 &stringtab_dfu_generic,
119 * usb_function specific
121 static struct usb_gadget_strings stringtab_dfu = {
122 .language = 0x0409, /* en-us */
126 * assigned during initialization,
127 * depends on number of flash entities
132 static struct usb_gadget_strings *dfu_strings[] = {
137 /*-------------------------------------------------------------------------*/
139 static void dnload_request_complete(struct usb_ep *ep, struct usb_request *req)
141 struct f_dfu *f_dfu = req->context;
143 dfu_write(dfu_get_entity(f_dfu->altsetting), req->buf,
144 req->length, f_dfu->blk_seq_num);
146 if (req->length == 0)
147 puts("DOWNLOAD ... OK\nCtrl+C to exit ...\n");
150 static void handle_getstatus(struct usb_request *req)
152 struct dfu_status *dstat = (struct dfu_status *)req->buf;
153 struct f_dfu *f_dfu = req->context;
155 switch (f_dfu->dfu_state) {
156 case DFU_STATE_dfuDNLOAD_SYNC:
157 case DFU_STATE_dfuDNBUSY:
158 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_IDLE;
160 case DFU_STATE_dfuMANIFEST_SYNC:
166 /* send status response */
167 dstat->bStatus = f_dfu->dfu_status;
168 dstat->bState = f_dfu->dfu_state;
172 static void handle_getstate(struct usb_request *req)
174 struct f_dfu *f_dfu = req->context;
176 ((u8 *)req->buf)[0] = f_dfu->dfu_state;
177 req->actual = sizeof(u8);
180 static inline void to_dfu_mode(struct f_dfu *f_dfu)
182 f_dfu->usb_function.strings = dfu_strings;
183 f_dfu->usb_function.hs_descriptors = f_dfu->function;
186 static inline void to_runtime_mode(struct f_dfu *f_dfu)
188 f_dfu->usb_function.strings = NULL;
189 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
192 static int handle_upload(struct usb_request *req, u16 len)
194 struct f_dfu *f_dfu = req->context;
196 return dfu_read(dfu_get_entity(f_dfu->altsetting), req->buf,
197 req->length, f_dfu->blk_seq_num);
200 static int handle_dnload(struct usb_gadget *gadget, u16 len)
202 struct usb_composite_dev *cdev = get_gadget_data(gadget);
203 struct usb_request *req = cdev->req;
204 struct f_dfu *f_dfu = req->context;
207 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST_SYNC;
209 req->complete = dnload_request_complete;
214 /*-------------------------------------------------------------------------*/
215 /* DFU state machine */
216 static int state_app_idle(struct f_dfu *f_dfu,
217 const struct usb_ctrlrequest *ctrl,
218 struct usb_gadget *gadget,
219 struct usb_request *req)
223 switch (ctrl->bRequest) {
224 case USB_REQ_DFU_GETSTATUS:
225 handle_getstatus(req);
226 value = RET_STAT_LEN;
228 case USB_REQ_DFU_GETSTATE:
229 handle_getstate(req);
231 case USB_REQ_DFU_DETACH:
232 f_dfu->dfu_state = DFU_STATE_appDETACH;
234 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
245 static int state_app_detach(struct f_dfu *f_dfu,
246 const struct usb_ctrlrequest *ctrl,
247 struct usb_gadget *gadget,
248 struct usb_request *req)
252 switch (ctrl->bRequest) {
253 case USB_REQ_DFU_GETSTATUS:
254 handle_getstatus(req);
255 value = RET_STAT_LEN;
257 case USB_REQ_DFU_GETSTATE:
258 handle_getstate(req);
261 f_dfu->dfu_state = DFU_STATE_appIDLE;
269 static int state_dfu_idle(struct f_dfu *f_dfu,
270 const struct usb_ctrlrequest *ctrl,
271 struct usb_gadget *gadget,
272 struct usb_request *req)
274 u16 w_value = le16_to_cpu(ctrl->wValue);
275 u16 len = le16_to_cpu(ctrl->wLength);
278 switch (ctrl->bRequest) {
279 case USB_REQ_DFU_DNLOAD:
281 f_dfu->dfu_state = DFU_STATE_dfuERROR;
285 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
286 f_dfu->blk_seq_num = w_value;
287 value = handle_dnload(gadget, len);
289 case USB_REQ_DFU_UPLOAD:
290 f_dfu->dfu_state = DFU_STATE_dfuUPLOAD_IDLE;
291 f_dfu->blk_seq_num = 0;
292 value = handle_upload(req, len);
294 case USB_REQ_DFU_ABORT:
298 case USB_REQ_DFU_GETSTATUS:
299 handle_getstatus(req);
300 value = RET_STAT_LEN;
302 case USB_REQ_DFU_GETSTATE:
303 handle_getstate(req);
305 case USB_REQ_DFU_DETACH:
307 * Proprietary extension: 'detach' from idle mode and
308 * get back to runtime mode in case of USB Reset. As
309 * much as I dislike this, we just can't use every USB
310 * bus reset to switch back to runtime mode, since at
311 * least the Linux USB stack likes to send a number of
315 DFU_STATE_dfuMANIFEST_WAIT_RST;
316 to_runtime_mode(f_dfu);
317 f_dfu->dfu_state = DFU_STATE_appIDLE;
320 f_dfu->dfu_state = DFU_STATE_dfuERROR;
328 static int state_dfu_dnload_sync(struct f_dfu *f_dfu,
329 const struct usb_ctrlrequest *ctrl,
330 struct usb_gadget *gadget,
331 struct usb_request *req)
335 switch (ctrl->bRequest) {
336 case USB_REQ_DFU_GETSTATUS:
337 handle_getstatus(req);
338 value = RET_STAT_LEN;
340 case USB_REQ_DFU_GETSTATE:
341 handle_getstate(req);
344 f_dfu->dfu_state = DFU_STATE_dfuERROR;
352 static int state_dfu_dnbusy(struct f_dfu *f_dfu,
353 const struct usb_ctrlrequest *ctrl,
354 struct usb_gadget *gadget,
355 struct usb_request *req)
359 switch (ctrl->bRequest) {
360 case USB_REQ_DFU_GETSTATUS:
361 handle_getstatus(req);
362 value = RET_STAT_LEN;
365 f_dfu->dfu_state = DFU_STATE_dfuERROR;
373 static int state_dfu_dnload_idle(struct f_dfu *f_dfu,
374 const struct usb_ctrlrequest *ctrl,
375 struct usb_gadget *gadget,
376 struct usb_request *req)
378 u16 w_value = le16_to_cpu(ctrl->wValue);
379 u16 len = le16_to_cpu(ctrl->wLength);
382 switch (ctrl->bRequest) {
383 case USB_REQ_DFU_DNLOAD:
384 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
385 f_dfu->blk_seq_num = w_value;
386 value = handle_dnload(gadget, len);
388 case USB_REQ_DFU_ABORT:
389 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
392 case USB_REQ_DFU_GETSTATUS:
393 handle_getstatus(req);
394 value = RET_STAT_LEN;
396 case USB_REQ_DFU_GETSTATE:
397 handle_getstate(req);
400 f_dfu->dfu_state = DFU_STATE_dfuERROR;
408 static int state_dfu_manifest_sync(struct f_dfu *f_dfu,
409 const struct usb_ctrlrequest *ctrl,
410 struct usb_gadget *gadget,
411 struct usb_request *req)
415 switch (ctrl->bRequest) {
416 case USB_REQ_DFU_GETSTATUS:
417 /* We're MainfestationTolerant */
418 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
419 handle_getstatus(req);
420 f_dfu->blk_seq_num = 0;
421 value = RET_STAT_LEN;
423 case USB_REQ_DFU_GETSTATE:
424 handle_getstate(req);
427 f_dfu->dfu_state = DFU_STATE_dfuERROR;
435 static int state_dfu_upload_idle(struct f_dfu *f_dfu,
436 const struct usb_ctrlrequest *ctrl,
437 struct usb_gadget *gadget,
438 struct usb_request *req)
440 u16 w_value = le16_to_cpu(ctrl->wValue);
441 u16 len = le16_to_cpu(ctrl->wLength);
444 switch (ctrl->bRequest) {
445 case USB_REQ_DFU_UPLOAD:
446 /* state transition if less data then requested */
447 f_dfu->blk_seq_num = w_value;
448 value = handle_upload(req, len);
449 if (value >= 0 && value < len)
450 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
452 case USB_REQ_DFU_ABORT:
453 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
457 case USB_REQ_DFU_GETSTATUS:
458 handle_getstatus(req);
459 value = RET_STAT_LEN;
461 case USB_REQ_DFU_GETSTATE:
462 handle_getstate(req);
465 f_dfu->dfu_state = DFU_STATE_dfuERROR;
473 static int state_dfu_error(struct f_dfu *f_dfu,
474 const struct usb_ctrlrequest *ctrl,
475 struct usb_gadget *gadget,
476 struct usb_request *req)
480 switch (ctrl->bRequest) {
481 case USB_REQ_DFU_GETSTATUS:
482 handle_getstatus(req);
483 value = RET_STAT_LEN;
485 case USB_REQ_DFU_GETSTATE:
486 handle_getstate(req);
488 case USB_REQ_DFU_CLRSTATUS:
489 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
490 f_dfu->dfu_status = DFU_STATUS_OK;
495 f_dfu->dfu_state = DFU_STATE_dfuERROR;
503 static dfu_state_fn dfu_state[] = {
504 state_app_idle, /* DFU_STATE_appIDLE */
505 state_app_detach, /* DFU_STATE_appDETACH */
506 state_dfu_idle, /* DFU_STATE_dfuIDLE */
507 state_dfu_dnload_sync, /* DFU_STATE_dfuDNLOAD_SYNC */
508 state_dfu_dnbusy, /* DFU_STATE_dfuDNBUSY */
509 state_dfu_dnload_idle, /* DFU_STATE_dfuDNLOAD_IDLE */
510 state_dfu_manifest_sync, /* DFU_STATE_dfuMANIFEST_SYNC */
511 NULL, /* DFU_STATE_dfuMANIFEST */
512 NULL, /* DFU_STATE_dfuMANIFEST_WAIT_RST */
513 state_dfu_upload_idle, /* DFU_STATE_dfuUPLOAD_IDLE */
514 state_dfu_error /* DFU_STATE_dfuERROR */
518 dfu_handle(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
520 struct usb_gadget *gadget = f->config->cdev->gadget;
521 struct usb_request *req = f->config->cdev->req;
522 struct f_dfu *f_dfu = f->config->cdev->req->context;
523 u16 len = le16_to_cpu(ctrl->wLength);
524 u16 w_value = le16_to_cpu(ctrl->wValue);
526 u8 req_type = ctrl->bRequestType & USB_TYPE_MASK;
528 debug("w_value: 0x%x len: 0x%x\n", w_value, len);
529 debug("req_type: 0x%x ctrl->bRequest: 0x%x f_dfu->dfu_state: 0x%x\n",
530 req_type, ctrl->bRequest, f_dfu->dfu_state);
532 if (req_type == USB_TYPE_STANDARD) {
533 if (ctrl->bRequest == USB_REQ_GET_DESCRIPTOR &&
534 (w_value >> 8) == DFU_DT_FUNC) {
535 value = min(len, (u16) sizeof(dfu_func));
536 memcpy(req->buf, &dfu_func, value);
538 } else /* DFU specific request */
539 value = dfu_state[f_dfu->dfu_state] (f_dfu, ctrl, gadget, req);
543 req->zero = value < len;
544 value = usb_ep_queue(gadget->ep0, req, 0);
546 debug("ep_queue --> %d\n", value);
554 /*-------------------------------------------------------------------------*/
557 dfu_prepare_strings(struct f_dfu *f_dfu, int n)
559 struct dfu_entity *de = NULL;
562 f_dfu->strings = calloc(sizeof(struct usb_string), n + 1);
566 for (i = 0; i < n; ++i) {
567 de = dfu_get_entity(i);
568 f_dfu->strings[i].s = de->name;
571 f_dfu->strings[i].id = 0;
572 f_dfu->strings[i].s = NULL;
578 f_dfu->strings[--i].s = NULL;
580 free(f_dfu->strings);
585 static int dfu_prepare_function(struct f_dfu *f_dfu, int n)
587 struct usb_interface_descriptor *d;
590 f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n);
591 if (!f_dfu->function)
594 for (i = 0; i < n; ++i) {
595 d = calloc(sizeof(*d), 1);
599 d->bLength = sizeof(*d);
600 d->bDescriptorType = USB_DT_INTERFACE;
601 d->bAlternateSetting = i;
602 d->bNumEndpoints = 0;
603 d->bInterfaceClass = USB_CLASS_APP_SPEC;
604 d->bInterfaceSubClass = 1;
605 d->bInterfaceProtocol = 2;
607 f_dfu->function[i] = (struct usb_descriptor_header *)d;
609 f_dfu->function[i] = NULL;
615 free(f_dfu->function[--i]);
616 f_dfu->function[i] = NULL;
618 free(f_dfu->function);
623 static int dfu_bind(struct usb_configuration *c, struct usb_function *f)
625 struct usb_composite_dev *cdev = c->cdev;
626 struct f_dfu *f_dfu = func_to_dfu(f);
627 int alt_num = dfu_get_alt_number();
630 id = usb_interface_id(c, f);
633 dfu_intf_runtime.bInterfaceNumber = id;
635 f_dfu->dfu_state = DFU_STATE_appIDLE;
636 f_dfu->dfu_status = DFU_STATUS_OK;
638 rv = dfu_prepare_function(f_dfu, alt_num);
642 rv = dfu_prepare_strings(f_dfu, alt_num);
645 for (i = 0; i < alt_num; i++) {
646 id = usb_string_id(cdev);
649 f_dfu->strings[i].id = id;
650 ((struct usb_interface_descriptor *)f_dfu->function[i])
654 stringtab_dfu.strings = f_dfu->strings;
656 cdev->req->context = f_dfu;
662 static void dfu_unbind(struct usb_configuration *c, struct usb_function *f)
664 struct f_dfu *f_dfu = func_to_dfu(f);
665 int alt_num = dfu_get_alt_number();
668 if (f_dfu->strings) {
671 f_dfu->strings[--i].s = NULL;
673 free(f_dfu->strings);
676 if (f_dfu->function) {
679 free(f_dfu->function[--i]);
680 f_dfu->function[i] = NULL;
682 free(f_dfu->function);
688 static int dfu_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
690 struct f_dfu *f_dfu = func_to_dfu(f);
692 debug("%s: intf:%d alt:%d\n", __func__, intf, alt);
694 f_dfu->altsetting = alt;
699 /* TODO: is this really what we need here? */
700 static void dfu_disable(struct usb_function *f)
702 struct f_dfu *f_dfu = func_to_dfu(f);
703 if (f_dfu->config == 0)
706 debug("%s: reset config\n", __func__);
711 static int dfu_bind_config(struct usb_configuration *c)
716 f_dfu = calloc(sizeof(*f_dfu), 1);
719 f_dfu->usb_function.name = "dfu";
720 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
721 f_dfu->usb_function.bind = dfu_bind;
722 f_dfu->usb_function.unbind = dfu_unbind;
723 f_dfu->usb_function.set_alt = dfu_set_alt;
724 f_dfu->usb_function.disable = dfu_disable;
725 f_dfu->usb_function.strings = dfu_generic_strings,
726 f_dfu->usb_function.setup = dfu_handle,
728 status = usb_add_function(c, &f_dfu->usb_function);
735 int dfu_add(struct usb_configuration *c)
739 id = usb_string_id(c->cdev);
742 strings_dfu_generic[0].id = id;
743 dfu_intf_runtime.iInterface = id;
745 debug("%s: cdev: 0x%p gadget:0x%p gadget->ep0: 0x%p\n", __func__,
746 c->cdev, c->cdev->gadget, c->cdev->gadget->ep0);
748 return dfu_bind_config(c);