2 * f_dfu.c -- Device Firmware Update USB function
4 * Copyright (C) 2012 Samsung Electronics
5 * authors: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
6 * Lukasz Majewski <l.majewski@samsung.com>
8 * Based on OpenMoko u-boot: drivers/usb/usbdfu.c
9 * (C) 2007 by OpenMoko, Inc.
10 * Author: Harald Welte <laforge@openmoko.org>
12 * based on existing SAM7DFU code from OpenPCD:
13 * (C) Copyright 2006 by Harald Welte <hwelte at hmw-consulting.de>
15 * SPDX-License-Identifier: GPL-2.0+
22 #include <linux/usb/ch9.h>
23 #include <linux/usb/gadget.h>
24 #include <linux/usb/composite.h>
30 struct usb_function usb_function;
32 struct usb_descriptor_header **function;
33 struct usb_string *strings;
35 /* when configured, we have one config */
38 enum dfu_state dfu_state;
39 unsigned int dfu_status;
41 /* Send/received block number is handy for data integrity check */
45 typedef int (*dfu_state_fn) (struct f_dfu *,
46 const struct usb_ctrlrequest *,
48 struct usb_request *);
50 static inline struct f_dfu *func_to_dfu(struct usb_function *f)
52 return container_of(f, struct f_dfu, usb_function);
55 static const struct dfu_function_descriptor dfu_func = {
56 .bLength = sizeof dfu_func,
57 .bDescriptorType = DFU_DT_FUNC,
58 .bmAttributes = DFU_BIT_WILL_DETACH |
59 DFU_BIT_MANIFESTATION_TOLERANT |
63 .wTransferSize = DFU_USB_BUFSIZ,
64 .bcdDFUVersion = __constant_cpu_to_le16(0x0110),
67 static struct usb_interface_descriptor dfu_intf_runtime = {
68 .bLength = sizeof dfu_intf_runtime,
69 .bDescriptorType = USB_DT_INTERFACE,
71 .bInterfaceClass = USB_CLASS_APP_SPEC,
72 .bInterfaceSubClass = 1,
73 .bInterfaceProtocol = 1,
74 /* .iInterface = DYNAMIC */
77 static struct usb_descriptor_header *dfu_runtime_descs[] = {
78 (struct usb_descriptor_header *) &dfu_intf_runtime,
82 static const struct usb_qualifier_descriptor dev_qualifier = {
83 .bLength = sizeof dev_qualifier,
84 .bDescriptorType = USB_DT_DEVICE_QUALIFIER,
85 .bcdUSB = __constant_cpu_to_le16(0x0200),
86 .bDeviceClass = USB_CLASS_VENDOR_SPEC,
87 .bNumConfigurations = 1,
90 static const char dfu_name[] = "Device Firmware Upgrade";
93 * static strings, in UTF-8
95 * dfu_generic configuration
97 static struct usb_string strings_dfu_generic[] = {
102 static struct usb_gadget_strings stringtab_dfu_generic = {
103 .language = 0x0409, /* en-us */
104 .strings = strings_dfu_generic,
107 static struct usb_gadget_strings *dfu_generic_strings[] = {
108 &stringtab_dfu_generic,
113 * usb_function specific
115 static struct usb_gadget_strings stringtab_dfu = {
116 .language = 0x0409, /* en-us */
120 * assigned during initialization,
121 * depends on number of flash entities
126 static struct usb_gadget_strings *dfu_strings[] = {
131 /*-------------------------------------------------------------------------*/
133 static void dnload_request_complete(struct usb_ep *ep, struct usb_request *req)
135 struct f_dfu *f_dfu = req->context;
137 dfu_write(dfu_get_entity(f_dfu->altsetting), req->buf,
138 req->length, f_dfu->blk_seq_num);
140 if (req->length == 0)
141 puts("DOWNLOAD ... OK\nCtrl+C to exit ...\n");
144 static void handle_getstatus(struct usb_request *req)
146 struct dfu_status *dstat = (struct dfu_status *)req->buf;
147 struct f_dfu *f_dfu = req->context;
149 switch (f_dfu->dfu_state) {
150 case DFU_STATE_dfuDNLOAD_SYNC:
151 case DFU_STATE_dfuDNBUSY:
152 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_IDLE;
154 case DFU_STATE_dfuMANIFEST_SYNC:
160 /* send status response */
161 dstat->bStatus = f_dfu->dfu_status;
162 dstat->bwPollTimeout[0] = 0;
163 dstat->bwPollTimeout[1] = 0;
164 dstat->bwPollTimeout[2] = 0;
165 dstat->bState = f_dfu->dfu_state;
169 static void handle_getstate(struct usb_request *req)
171 struct f_dfu *f_dfu = req->context;
173 ((u8 *)req->buf)[0] = f_dfu->dfu_state;
174 req->actual = sizeof(u8);
177 static inline void to_dfu_mode(struct f_dfu *f_dfu)
179 f_dfu->usb_function.strings = dfu_strings;
180 f_dfu->usb_function.hs_descriptors = f_dfu->function;
181 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
184 static inline void to_runtime_mode(struct f_dfu *f_dfu)
186 f_dfu->usb_function.strings = NULL;
187 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
190 static int handle_upload(struct usb_request *req, u16 len)
192 struct f_dfu *f_dfu = req->context;
194 return dfu_read(dfu_get_entity(f_dfu->altsetting), req->buf,
195 req->length, f_dfu->blk_seq_num);
198 static int handle_dnload(struct usb_gadget *gadget, u16 len)
200 struct usb_composite_dev *cdev = get_gadget_data(gadget);
201 struct usb_request *req = cdev->req;
202 struct f_dfu *f_dfu = req->context;
205 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST_SYNC;
207 req->complete = dnload_request_complete;
212 /*-------------------------------------------------------------------------*/
213 /* DFU state machine */
214 static int state_app_idle(struct f_dfu *f_dfu,
215 const struct usb_ctrlrequest *ctrl,
216 struct usb_gadget *gadget,
217 struct usb_request *req)
221 switch (ctrl->bRequest) {
222 case USB_REQ_DFU_GETSTATUS:
223 handle_getstatus(req);
224 value = RET_STAT_LEN;
226 case USB_REQ_DFU_GETSTATE:
227 handle_getstate(req);
229 case USB_REQ_DFU_DETACH:
230 f_dfu->dfu_state = DFU_STATE_appDETACH;
242 static int state_app_detach(struct f_dfu *f_dfu,
243 const struct usb_ctrlrequest *ctrl,
244 struct usb_gadget *gadget,
245 struct usb_request *req)
249 switch (ctrl->bRequest) {
250 case USB_REQ_DFU_GETSTATUS:
251 handle_getstatus(req);
252 value = RET_STAT_LEN;
254 case USB_REQ_DFU_GETSTATE:
255 handle_getstate(req);
258 f_dfu->dfu_state = DFU_STATE_appIDLE;
266 static int state_dfu_idle(struct f_dfu *f_dfu,
267 const struct usb_ctrlrequest *ctrl,
268 struct usb_gadget *gadget,
269 struct usb_request *req)
271 u16 w_value = le16_to_cpu(ctrl->wValue);
272 u16 len = le16_to_cpu(ctrl->wLength);
275 switch (ctrl->bRequest) {
276 case USB_REQ_DFU_DNLOAD:
278 f_dfu->dfu_state = DFU_STATE_dfuERROR;
282 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
283 f_dfu->blk_seq_num = w_value;
284 value = handle_dnload(gadget, len);
286 case USB_REQ_DFU_UPLOAD:
287 f_dfu->dfu_state = DFU_STATE_dfuUPLOAD_IDLE;
288 f_dfu->blk_seq_num = 0;
289 value = handle_upload(req, len);
291 case USB_REQ_DFU_ABORT:
295 case USB_REQ_DFU_GETSTATUS:
296 handle_getstatus(req);
297 value = RET_STAT_LEN;
299 case USB_REQ_DFU_GETSTATE:
300 handle_getstate(req);
302 case USB_REQ_DFU_DETACH:
304 * Proprietary extension: 'detach' from idle mode and
305 * get back to runtime mode in case of USB Reset. As
306 * much as I dislike this, we just can't use every USB
307 * bus reset to switch back to runtime mode, since at
308 * least the Linux USB stack likes to send a number of
312 DFU_STATE_dfuMANIFEST_WAIT_RST;
313 to_runtime_mode(f_dfu);
314 f_dfu->dfu_state = DFU_STATE_appIDLE;
317 f_dfu->dfu_state = DFU_STATE_dfuERROR;
325 static int state_dfu_dnload_sync(struct f_dfu *f_dfu,
326 const struct usb_ctrlrequest *ctrl,
327 struct usb_gadget *gadget,
328 struct usb_request *req)
332 switch (ctrl->bRequest) {
333 case USB_REQ_DFU_GETSTATUS:
334 handle_getstatus(req);
335 value = RET_STAT_LEN;
337 case USB_REQ_DFU_GETSTATE:
338 handle_getstate(req);
341 f_dfu->dfu_state = DFU_STATE_dfuERROR;
349 static int state_dfu_dnbusy(struct f_dfu *f_dfu,
350 const struct usb_ctrlrequest *ctrl,
351 struct usb_gadget *gadget,
352 struct usb_request *req)
356 switch (ctrl->bRequest) {
357 case USB_REQ_DFU_GETSTATUS:
358 handle_getstatus(req);
359 value = RET_STAT_LEN;
362 f_dfu->dfu_state = DFU_STATE_dfuERROR;
370 static int state_dfu_dnload_idle(struct f_dfu *f_dfu,
371 const struct usb_ctrlrequest *ctrl,
372 struct usb_gadget *gadget,
373 struct usb_request *req)
375 u16 w_value = le16_to_cpu(ctrl->wValue);
376 u16 len = le16_to_cpu(ctrl->wLength);
379 switch (ctrl->bRequest) {
380 case USB_REQ_DFU_DNLOAD:
381 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
382 f_dfu->blk_seq_num = w_value;
383 value = handle_dnload(gadget, len);
385 case USB_REQ_DFU_ABORT:
386 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
389 case USB_REQ_DFU_GETSTATUS:
390 handle_getstatus(req);
391 value = RET_STAT_LEN;
393 case USB_REQ_DFU_GETSTATE:
394 handle_getstate(req);
397 f_dfu->dfu_state = DFU_STATE_dfuERROR;
405 static int state_dfu_manifest_sync(struct f_dfu *f_dfu,
406 const struct usb_ctrlrequest *ctrl,
407 struct usb_gadget *gadget,
408 struct usb_request *req)
412 switch (ctrl->bRequest) {
413 case USB_REQ_DFU_GETSTATUS:
414 /* We're MainfestationTolerant */
415 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
416 handle_getstatus(req);
417 f_dfu->blk_seq_num = 0;
418 value = RET_STAT_LEN;
420 case USB_REQ_DFU_GETSTATE:
421 handle_getstate(req);
424 f_dfu->dfu_state = DFU_STATE_dfuERROR;
432 static int state_dfu_upload_idle(struct f_dfu *f_dfu,
433 const struct usb_ctrlrequest *ctrl,
434 struct usb_gadget *gadget,
435 struct usb_request *req)
437 u16 w_value = le16_to_cpu(ctrl->wValue);
438 u16 len = le16_to_cpu(ctrl->wLength);
441 switch (ctrl->bRequest) {
442 case USB_REQ_DFU_UPLOAD:
443 /* state transition if less data then requested */
444 f_dfu->blk_seq_num = w_value;
445 value = handle_upload(req, len);
446 if (value >= 0 && value < len)
447 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
449 case USB_REQ_DFU_ABORT:
450 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
454 case USB_REQ_DFU_GETSTATUS:
455 handle_getstatus(req);
456 value = RET_STAT_LEN;
458 case USB_REQ_DFU_GETSTATE:
459 handle_getstate(req);
462 f_dfu->dfu_state = DFU_STATE_dfuERROR;
470 static int state_dfu_error(struct f_dfu *f_dfu,
471 const struct usb_ctrlrequest *ctrl,
472 struct usb_gadget *gadget,
473 struct usb_request *req)
477 switch (ctrl->bRequest) {
478 case USB_REQ_DFU_GETSTATUS:
479 handle_getstatus(req);
480 value = RET_STAT_LEN;
482 case USB_REQ_DFU_GETSTATE:
483 handle_getstate(req);
485 case USB_REQ_DFU_CLRSTATUS:
486 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
487 f_dfu->dfu_status = DFU_STATUS_OK;
492 f_dfu->dfu_state = DFU_STATE_dfuERROR;
500 static dfu_state_fn dfu_state[] = {
501 state_app_idle, /* DFU_STATE_appIDLE */
502 state_app_detach, /* DFU_STATE_appDETACH */
503 state_dfu_idle, /* DFU_STATE_dfuIDLE */
504 state_dfu_dnload_sync, /* DFU_STATE_dfuDNLOAD_SYNC */
505 state_dfu_dnbusy, /* DFU_STATE_dfuDNBUSY */
506 state_dfu_dnload_idle, /* DFU_STATE_dfuDNLOAD_IDLE */
507 state_dfu_manifest_sync, /* DFU_STATE_dfuMANIFEST_SYNC */
508 NULL, /* DFU_STATE_dfuMANIFEST */
509 NULL, /* DFU_STATE_dfuMANIFEST_WAIT_RST */
510 state_dfu_upload_idle, /* DFU_STATE_dfuUPLOAD_IDLE */
511 state_dfu_error /* DFU_STATE_dfuERROR */
515 dfu_handle(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
517 struct usb_gadget *gadget = f->config->cdev->gadget;
518 struct usb_request *req = f->config->cdev->req;
519 struct f_dfu *f_dfu = f->config->cdev->req->context;
520 u16 len = le16_to_cpu(ctrl->wLength);
521 u16 w_value = le16_to_cpu(ctrl->wValue);
523 u8 req_type = ctrl->bRequestType & USB_TYPE_MASK;
525 debug("w_value: 0x%x len: 0x%x\n", w_value, len);
526 debug("req_type: 0x%x ctrl->bRequest: 0x%x f_dfu->dfu_state: 0x%x\n",
527 req_type, ctrl->bRequest, f_dfu->dfu_state);
529 if (req_type == USB_TYPE_STANDARD) {
530 if (ctrl->bRequest == USB_REQ_GET_DESCRIPTOR &&
531 (w_value >> 8) == DFU_DT_FUNC) {
532 value = min(len, (u16) sizeof(dfu_func));
533 memcpy(req->buf, &dfu_func, value);
535 } else /* DFU specific request */
536 value = dfu_state[f_dfu->dfu_state] (f_dfu, ctrl, gadget, req);
540 req->zero = value < len;
541 value = usb_ep_queue(gadget->ep0, req, 0);
543 debug("ep_queue --> %d\n", value);
551 /*-------------------------------------------------------------------------*/
554 dfu_prepare_strings(struct f_dfu *f_dfu, int n)
556 struct dfu_entity *de = NULL;
559 f_dfu->strings = calloc(sizeof(struct usb_string), n + 1);
563 for (i = 0; i < n; ++i) {
564 de = dfu_get_entity(i);
565 f_dfu->strings[i].s = de->name;
568 f_dfu->strings[i].id = 0;
569 f_dfu->strings[i].s = NULL;
575 f_dfu->strings[--i].s = NULL;
577 free(f_dfu->strings);
582 static int dfu_prepare_function(struct f_dfu *f_dfu, int n)
584 struct usb_interface_descriptor *d;
587 f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n + 1);
588 if (!f_dfu->function)
591 for (i = 0; i < n; ++i) {
592 d = calloc(sizeof(*d), 1);
596 d->bLength = sizeof(*d);
597 d->bDescriptorType = USB_DT_INTERFACE;
598 d->bAlternateSetting = i;
599 d->bNumEndpoints = 0;
600 d->bInterfaceClass = USB_CLASS_APP_SPEC;
601 d->bInterfaceSubClass = 1;
602 d->bInterfaceProtocol = 2;
604 f_dfu->function[i] = (struct usb_descriptor_header *)d;
606 f_dfu->function[i] = NULL;
612 free(f_dfu->function[--i]);
613 f_dfu->function[i] = NULL;
615 free(f_dfu->function);
620 static int dfu_bind(struct usb_configuration *c, struct usb_function *f)
622 struct usb_composite_dev *cdev = c->cdev;
623 struct f_dfu *f_dfu = func_to_dfu(f);
624 int alt_num = dfu_get_alt_number();
627 id = usb_interface_id(c, f);
630 dfu_intf_runtime.bInterfaceNumber = id;
632 f_dfu->dfu_state = DFU_STATE_appIDLE;
633 f_dfu->dfu_status = DFU_STATUS_OK;
635 rv = dfu_prepare_function(f_dfu, alt_num);
639 rv = dfu_prepare_strings(f_dfu, alt_num);
642 for (i = 0; i < alt_num; i++) {
643 id = usb_string_id(cdev);
646 f_dfu->strings[i].id = id;
647 ((struct usb_interface_descriptor *)f_dfu->function[i])
653 stringtab_dfu.strings = f_dfu->strings;
655 cdev->req->context = f_dfu;
661 static void dfu_unbind(struct usb_configuration *c, struct usb_function *f)
663 struct f_dfu *f_dfu = func_to_dfu(f);
664 int alt_num = dfu_get_alt_number();
667 if (f_dfu->strings) {
670 f_dfu->strings[--i].s = NULL;
672 free(f_dfu->strings);
675 if (f_dfu->function) {
678 free(f_dfu->function[--i]);
679 f_dfu->function[i] = NULL;
681 free(f_dfu->function);
687 static int dfu_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
689 struct f_dfu *f_dfu = func_to_dfu(f);
691 debug("%s: intf:%d alt:%d\n", __func__, intf, alt);
693 f_dfu->altsetting = alt;
698 /* TODO: is this really what we need here? */
699 static void dfu_disable(struct usb_function *f)
701 struct f_dfu *f_dfu = func_to_dfu(f);
702 if (f_dfu->config == 0)
705 debug("%s: reset config\n", __func__);
710 static int dfu_bind_config(struct usb_configuration *c)
715 f_dfu = calloc(sizeof(*f_dfu), 1);
718 f_dfu->usb_function.name = "dfu";
719 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
720 f_dfu->usb_function.bind = dfu_bind;
721 f_dfu->usb_function.unbind = dfu_unbind;
722 f_dfu->usb_function.set_alt = dfu_set_alt;
723 f_dfu->usb_function.disable = dfu_disable;
724 f_dfu->usb_function.strings = dfu_generic_strings,
725 f_dfu->usb_function.setup = dfu_handle,
727 status = usb_add_function(c, &f_dfu->usb_function);
734 int dfu_add(struct usb_configuration *c)
738 id = usb_string_id(c->cdev);
741 strings_dfu_generic[0].id = id;
742 dfu_intf_runtime.iInterface = id;
744 debug("%s: cdev: 0x%p gadget:0x%p gadget->ep0: 0x%p\n", __func__,
745 c->cdev, c->cdev->gadget, c->cdev->gadget->ep0);
747 return dfu_bind_config(c);