2 * f_dfu.c -- Device Firmware Update USB function
4 * Copyright (C) 2012 Samsung Electronics
5 * authors: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
6 * Lukasz Majewski <l.majewski@samsung.com>
8 * Based on OpenMoko u-boot: drivers/usb/usbdfu.c
9 * (C) 2007 by OpenMoko, Inc.
10 * Author: Harald Welte <laforge@openmoko.org>
12 * based on existing SAM7DFU code from OpenPCD:
13 * (C) Copyright 2006 by Harald Welte <hwelte at hmw-consulting.de>
15 * SPDX-License-Identifier: GPL-2.0+
22 #include <linux/usb/ch9.h>
23 #include <linux/usb/gadget.h>
24 #include <linux/usb/composite.h>
30 struct usb_function usb_function;
32 struct usb_descriptor_header **function;
33 struct usb_string *strings;
35 /* when configured, we have one config */
38 enum dfu_state dfu_state;
39 unsigned int dfu_status;
41 /* Send/received block number is handy for data integrity check */
43 unsigned int poll_timeout;
46 typedef int (*dfu_state_fn) (struct f_dfu *,
47 const struct usb_ctrlrequest *,
49 struct usb_request *);
51 static inline struct f_dfu *func_to_dfu(struct usb_function *f)
53 return container_of(f, struct f_dfu, usb_function);
56 static const struct dfu_function_descriptor dfu_func = {
57 .bLength = sizeof dfu_func,
58 .bDescriptorType = DFU_DT_FUNC,
59 .bmAttributes = DFU_BIT_WILL_DETACH |
60 DFU_BIT_MANIFESTATION_TOLERANT |
64 .wTransferSize = DFU_USB_BUFSIZ,
65 .bcdDFUVersion = __constant_cpu_to_le16(0x0110),
68 static struct usb_interface_descriptor dfu_intf_runtime = {
69 .bLength = sizeof dfu_intf_runtime,
70 .bDescriptorType = USB_DT_INTERFACE,
72 .bInterfaceClass = USB_CLASS_APP_SPEC,
73 .bInterfaceSubClass = 1,
74 .bInterfaceProtocol = 1,
75 /* .iInterface = DYNAMIC */
78 static struct usb_descriptor_header *dfu_runtime_descs[] = {
79 (struct usb_descriptor_header *) &dfu_intf_runtime,
83 static const struct usb_qualifier_descriptor dev_qualifier = {
84 .bLength = sizeof dev_qualifier,
85 .bDescriptorType = USB_DT_DEVICE_QUALIFIER,
86 .bcdUSB = __constant_cpu_to_le16(0x0200),
87 .bDeviceClass = USB_CLASS_VENDOR_SPEC,
88 .bNumConfigurations = 1,
91 static const char dfu_name[] = "Device Firmware Upgrade";
94 * static strings, in UTF-8
96 * dfu_generic configuration
98 static struct usb_string strings_dfu_generic[] = {
100 { } /* end of list */
103 static struct usb_gadget_strings stringtab_dfu_generic = {
104 .language = 0x0409, /* en-us */
105 .strings = strings_dfu_generic,
108 static struct usb_gadget_strings *dfu_generic_strings[] = {
109 &stringtab_dfu_generic,
114 * usb_function specific
116 static struct usb_gadget_strings stringtab_dfu = {
117 .language = 0x0409, /* en-us */
121 * assigned during initialization,
122 * depends on number of flash entities
127 static struct usb_gadget_strings *dfu_strings[] = {
132 static void dfu_set_poll_timeout(struct dfu_status *dstat, unsigned int ms)
135 * The bwPollTimeout DFU_GETSTATUS request payload provides information
136 * about minimum time, in milliseconds, that the host should wait before
137 * sending a subsequent DFU_GETSTATUS request
139 * This permits the device to vary the delay depending on its need to
140 * erase or program the memory
144 unsigned char *p = (unsigned char *)&ms;
146 if (!ms || (ms & ~DFU_POLL_TIMEOUT_MASK)) {
147 dstat->bwPollTimeout[0] = 0;
148 dstat->bwPollTimeout[1] = 0;
149 dstat->bwPollTimeout[2] = 0;
154 dstat->bwPollTimeout[0] = *p++;
155 dstat->bwPollTimeout[1] = *p++;
156 dstat->bwPollTimeout[2] = *p;
159 /*-------------------------------------------------------------------------*/
161 static void dnload_request_complete(struct usb_ep *ep, struct usb_request *req)
163 struct f_dfu *f_dfu = req->context;
165 dfu_write(dfu_get_entity(f_dfu->altsetting), req->buf,
166 req->length, f_dfu->blk_seq_num);
169 static void dnload_request_flush(struct usb_ep *ep, struct usb_request *req)
171 struct f_dfu *f_dfu = req->context;
173 dfu_flush(dfu_get_entity(f_dfu->altsetting), req->buf,
174 req->length, f_dfu->blk_seq_num);
177 static void handle_getstatus(struct usb_request *req)
179 struct dfu_status *dstat = (struct dfu_status *)req->buf;
180 struct f_dfu *f_dfu = req->context;
182 dfu_set_poll_timeout(dstat, 0);
184 switch (f_dfu->dfu_state) {
185 case DFU_STATE_dfuDNLOAD_SYNC:
186 case DFU_STATE_dfuDNBUSY:
187 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_IDLE;
189 case DFU_STATE_dfuMANIFEST_SYNC:
190 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST;
192 case DFU_STATE_dfuMANIFEST:
193 dfu_set_poll_timeout(dstat, DFU_MANIFEST_POLL_TIMEOUT);
198 if (f_dfu->poll_timeout)
199 if (!(f_dfu->blk_seq_num %
200 (dfu_get_buf_size() / DFU_USB_BUFSIZ)))
201 dfu_set_poll_timeout(dstat, f_dfu->poll_timeout);
203 /* send status response */
204 dstat->bStatus = f_dfu->dfu_status;
205 dstat->bState = f_dfu->dfu_state;
209 static void handle_getstate(struct usb_request *req)
211 struct f_dfu *f_dfu = req->context;
213 ((u8 *)req->buf)[0] = f_dfu->dfu_state;
214 req->actual = sizeof(u8);
217 static inline void to_dfu_mode(struct f_dfu *f_dfu)
219 f_dfu->usb_function.strings = dfu_strings;
220 f_dfu->usb_function.hs_descriptors = f_dfu->function;
221 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
224 static inline void to_runtime_mode(struct f_dfu *f_dfu)
226 f_dfu->usb_function.strings = NULL;
227 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
230 static int handle_upload(struct usb_request *req, u16 len)
232 struct f_dfu *f_dfu = req->context;
234 return dfu_read(dfu_get_entity(f_dfu->altsetting), req->buf,
235 req->length, f_dfu->blk_seq_num);
238 static int handle_dnload(struct usb_gadget *gadget, u16 len)
240 struct usb_composite_dev *cdev = get_gadget_data(gadget);
241 struct usb_request *req = cdev->req;
242 struct f_dfu *f_dfu = req->context;
245 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST_SYNC;
247 req->complete = dnload_request_complete;
252 /*-------------------------------------------------------------------------*/
253 /* DFU state machine */
254 static int state_app_idle(struct f_dfu *f_dfu,
255 const struct usb_ctrlrequest *ctrl,
256 struct usb_gadget *gadget,
257 struct usb_request *req)
261 switch (ctrl->bRequest) {
262 case USB_REQ_DFU_GETSTATUS:
263 handle_getstatus(req);
264 value = RET_STAT_LEN;
266 case USB_REQ_DFU_GETSTATE:
267 handle_getstate(req);
269 case USB_REQ_DFU_DETACH:
270 f_dfu->dfu_state = DFU_STATE_appDETACH;
282 static int state_app_detach(struct f_dfu *f_dfu,
283 const struct usb_ctrlrequest *ctrl,
284 struct usb_gadget *gadget,
285 struct usb_request *req)
289 switch (ctrl->bRequest) {
290 case USB_REQ_DFU_GETSTATUS:
291 handle_getstatus(req);
292 value = RET_STAT_LEN;
294 case USB_REQ_DFU_GETSTATE:
295 handle_getstate(req);
298 f_dfu->dfu_state = DFU_STATE_appIDLE;
306 static int state_dfu_idle(struct f_dfu *f_dfu,
307 const struct usb_ctrlrequest *ctrl,
308 struct usb_gadget *gadget,
309 struct usb_request *req)
311 u16 w_value = le16_to_cpu(ctrl->wValue);
312 u16 len = le16_to_cpu(ctrl->wLength);
315 switch (ctrl->bRequest) {
316 case USB_REQ_DFU_DNLOAD:
318 f_dfu->dfu_state = DFU_STATE_dfuERROR;
322 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
323 f_dfu->blk_seq_num = w_value;
324 value = handle_dnload(gadget, len);
326 case USB_REQ_DFU_UPLOAD:
327 f_dfu->dfu_state = DFU_STATE_dfuUPLOAD_IDLE;
328 f_dfu->blk_seq_num = 0;
329 value = handle_upload(req, len);
331 case USB_REQ_DFU_ABORT:
335 case USB_REQ_DFU_GETSTATUS:
336 handle_getstatus(req);
337 value = RET_STAT_LEN;
339 case USB_REQ_DFU_GETSTATE:
340 handle_getstate(req);
342 case USB_REQ_DFU_DETACH:
344 * Proprietary extension: 'detach' from idle mode and
345 * get back to runtime mode in case of USB Reset. As
346 * much as I dislike this, we just can't use every USB
347 * bus reset to switch back to runtime mode, since at
348 * least the Linux USB stack likes to send a number of
352 DFU_STATE_dfuMANIFEST_WAIT_RST;
353 to_runtime_mode(f_dfu);
354 f_dfu->dfu_state = DFU_STATE_appIDLE;
359 f_dfu->dfu_state = DFU_STATE_dfuERROR;
367 static int state_dfu_dnload_sync(struct f_dfu *f_dfu,
368 const struct usb_ctrlrequest *ctrl,
369 struct usb_gadget *gadget,
370 struct usb_request *req)
374 switch (ctrl->bRequest) {
375 case USB_REQ_DFU_GETSTATUS:
376 handle_getstatus(req);
377 value = RET_STAT_LEN;
379 case USB_REQ_DFU_GETSTATE:
380 handle_getstate(req);
383 f_dfu->dfu_state = DFU_STATE_dfuERROR;
391 static int state_dfu_dnbusy(struct f_dfu *f_dfu,
392 const struct usb_ctrlrequest *ctrl,
393 struct usb_gadget *gadget,
394 struct usb_request *req)
398 switch (ctrl->bRequest) {
399 case USB_REQ_DFU_GETSTATUS:
400 handle_getstatus(req);
401 value = RET_STAT_LEN;
404 f_dfu->dfu_state = DFU_STATE_dfuERROR;
412 static int state_dfu_dnload_idle(struct f_dfu *f_dfu,
413 const struct usb_ctrlrequest *ctrl,
414 struct usb_gadget *gadget,
415 struct usb_request *req)
417 u16 w_value = le16_to_cpu(ctrl->wValue);
418 u16 len = le16_to_cpu(ctrl->wLength);
421 switch (ctrl->bRequest) {
422 case USB_REQ_DFU_DNLOAD:
423 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
424 f_dfu->blk_seq_num = w_value;
425 value = handle_dnload(gadget, len);
427 case USB_REQ_DFU_ABORT:
428 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
431 case USB_REQ_DFU_GETSTATUS:
432 handle_getstatus(req);
433 value = RET_STAT_LEN;
435 case USB_REQ_DFU_GETSTATE:
436 handle_getstate(req);
439 f_dfu->dfu_state = DFU_STATE_dfuERROR;
447 static int state_dfu_manifest_sync(struct f_dfu *f_dfu,
448 const struct usb_ctrlrequest *ctrl,
449 struct usb_gadget *gadget,
450 struct usb_request *req)
454 switch (ctrl->bRequest) {
455 case USB_REQ_DFU_GETSTATUS:
456 /* We're MainfestationTolerant */
457 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST;
458 handle_getstatus(req);
459 f_dfu->blk_seq_num = 0;
460 value = RET_STAT_LEN;
461 req->complete = dnload_request_flush;
463 case USB_REQ_DFU_GETSTATE:
464 handle_getstate(req);
467 f_dfu->dfu_state = DFU_STATE_dfuERROR;
475 static int state_dfu_manifest(struct f_dfu *f_dfu,
476 const struct usb_ctrlrequest *ctrl,
477 struct usb_gadget *gadget,
478 struct usb_request *req)
482 switch (ctrl->bRequest) {
483 case USB_REQ_DFU_GETSTATUS:
484 /* We're MainfestationTolerant */
485 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
486 handle_getstatus(req);
487 f_dfu->blk_seq_num = 0;
488 value = RET_STAT_LEN;
489 puts("DOWNLOAD ... OK\nCtrl+C to exit ...\n");
491 case USB_REQ_DFU_GETSTATE:
492 handle_getstate(req);
495 f_dfu->dfu_state = DFU_STATE_dfuERROR;
502 static int state_dfu_upload_idle(struct f_dfu *f_dfu,
503 const struct usb_ctrlrequest *ctrl,
504 struct usb_gadget *gadget,
505 struct usb_request *req)
507 u16 w_value = le16_to_cpu(ctrl->wValue);
508 u16 len = le16_to_cpu(ctrl->wLength);
511 switch (ctrl->bRequest) {
512 case USB_REQ_DFU_UPLOAD:
513 /* state transition if less data then requested */
514 f_dfu->blk_seq_num = w_value;
515 value = handle_upload(req, len);
516 if (value >= 0 && value < len)
517 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
519 case USB_REQ_DFU_ABORT:
520 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
524 case USB_REQ_DFU_GETSTATUS:
525 handle_getstatus(req);
526 value = RET_STAT_LEN;
528 case USB_REQ_DFU_GETSTATE:
529 handle_getstate(req);
532 f_dfu->dfu_state = DFU_STATE_dfuERROR;
540 static int state_dfu_error(struct f_dfu *f_dfu,
541 const struct usb_ctrlrequest *ctrl,
542 struct usb_gadget *gadget,
543 struct usb_request *req)
547 switch (ctrl->bRequest) {
548 case USB_REQ_DFU_GETSTATUS:
549 handle_getstatus(req);
550 value = RET_STAT_LEN;
552 case USB_REQ_DFU_GETSTATE:
553 handle_getstate(req);
555 case USB_REQ_DFU_CLRSTATUS:
556 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
557 f_dfu->dfu_status = DFU_STATUS_OK;
562 f_dfu->dfu_state = DFU_STATE_dfuERROR;
570 static dfu_state_fn dfu_state[] = {
571 state_app_idle, /* DFU_STATE_appIDLE */
572 state_app_detach, /* DFU_STATE_appDETACH */
573 state_dfu_idle, /* DFU_STATE_dfuIDLE */
574 state_dfu_dnload_sync, /* DFU_STATE_dfuDNLOAD_SYNC */
575 state_dfu_dnbusy, /* DFU_STATE_dfuDNBUSY */
576 state_dfu_dnload_idle, /* DFU_STATE_dfuDNLOAD_IDLE */
577 state_dfu_manifest_sync, /* DFU_STATE_dfuMANIFEST_SYNC */
578 state_dfu_manifest, /* DFU_STATE_dfuMANIFEST */
579 NULL, /* DFU_STATE_dfuMANIFEST_WAIT_RST */
580 state_dfu_upload_idle, /* DFU_STATE_dfuUPLOAD_IDLE */
581 state_dfu_error /* DFU_STATE_dfuERROR */
585 dfu_handle(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
587 struct usb_gadget *gadget = f->config->cdev->gadget;
588 struct usb_request *req = f->config->cdev->req;
589 struct f_dfu *f_dfu = f->config->cdev->req->context;
590 u16 len = le16_to_cpu(ctrl->wLength);
591 u16 w_value = le16_to_cpu(ctrl->wValue);
593 u8 req_type = ctrl->bRequestType & USB_TYPE_MASK;
595 debug("w_value: 0x%x len: 0x%x\n", w_value, len);
596 debug("req_type: 0x%x ctrl->bRequest: 0x%x f_dfu->dfu_state: 0x%x\n",
597 req_type, ctrl->bRequest, f_dfu->dfu_state);
599 if (req_type == USB_TYPE_STANDARD) {
600 if (ctrl->bRequest == USB_REQ_GET_DESCRIPTOR &&
601 (w_value >> 8) == DFU_DT_FUNC) {
602 value = min(len, (u16) sizeof(dfu_func));
603 memcpy(req->buf, &dfu_func, value);
605 } else /* DFU specific request */
606 value = dfu_state[f_dfu->dfu_state] (f_dfu, ctrl, gadget, req);
610 req->zero = value < len;
611 value = usb_ep_queue(gadget->ep0, req, 0);
613 debug("ep_queue --> %d\n", value);
621 /*-------------------------------------------------------------------------*/
624 dfu_prepare_strings(struct f_dfu *f_dfu, int n)
626 struct dfu_entity *de = NULL;
629 f_dfu->strings = calloc(sizeof(struct usb_string), n + 1);
633 for (i = 0; i < n; ++i) {
634 de = dfu_get_entity(i);
635 f_dfu->strings[i].s = de->name;
638 f_dfu->strings[i].id = 0;
639 f_dfu->strings[i].s = NULL;
645 f_dfu->strings[--i].s = NULL;
647 free(f_dfu->strings);
652 static int dfu_prepare_function(struct f_dfu *f_dfu, int n)
654 struct usb_interface_descriptor *d;
657 f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n + 1);
658 if (!f_dfu->function)
661 for (i = 0; i < n; ++i) {
662 d = calloc(sizeof(*d), 1);
666 d->bLength = sizeof(*d);
667 d->bDescriptorType = USB_DT_INTERFACE;
668 d->bAlternateSetting = i;
669 d->bNumEndpoints = 0;
670 d->bInterfaceClass = USB_CLASS_APP_SPEC;
671 d->bInterfaceSubClass = 1;
672 d->bInterfaceProtocol = 2;
674 f_dfu->function[i] = (struct usb_descriptor_header *)d;
676 f_dfu->function[i] = NULL;
682 free(f_dfu->function[--i]);
683 f_dfu->function[i] = NULL;
685 free(f_dfu->function);
690 static int dfu_bind(struct usb_configuration *c, struct usb_function *f)
692 struct usb_composite_dev *cdev = c->cdev;
693 struct f_dfu *f_dfu = func_to_dfu(f);
694 int alt_num = dfu_get_alt_number();
697 id = usb_interface_id(c, f);
700 dfu_intf_runtime.bInterfaceNumber = id;
702 f_dfu->dfu_state = DFU_STATE_appIDLE;
703 f_dfu->dfu_status = DFU_STATUS_OK;
705 rv = dfu_prepare_function(f_dfu, alt_num);
709 rv = dfu_prepare_strings(f_dfu, alt_num);
712 for (i = 0; i < alt_num; i++) {
713 id = usb_string_id(cdev);
716 f_dfu->strings[i].id = id;
717 ((struct usb_interface_descriptor *)f_dfu->function[i])
723 stringtab_dfu.strings = f_dfu->strings;
725 cdev->req->context = f_dfu;
731 static void dfu_unbind(struct usb_configuration *c, struct usb_function *f)
733 struct f_dfu *f_dfu = func_to_dfu(f);
734 int alt_num = dfu_get_alt_number();
737 if (f_dfu->strings) {
740 f_dfu->strings[--i].s = NULL;
742 free(f_dfu->strings);
745 if (f_dfu->function) {
748 free(f_dfu->function[--i]);
749 f_dfu->function[i] = NULL;
751 free(f_dfu->function);
757 static int dfu_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
759 struct f_dfu *f_dfu = func_to_dfu(f);
761 debug("%s: intf:%d alt:%d\n", __func__, intf, alt);
763 f_dfu->altsetting = alt;
768 /* TODO: is this really what we need here? */
769 static void dfu_disable(struct usb_function *f)
771 struct f_dfu *f_dfu = func_to_dfu(f);
772 if (f_dfu->config == 0)
775 debug("%s: reset config\n", __func__);
780 static int dfu_bind_config(struct usb_configuration *c)
785 f_dfu = calloc(sizeof(*f_dfu), 1);
788 f_dfu->usb_function.name = "dfu";
789 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
790 f_dfu->usb_function.bind = dfu_bind;
791 f_dfu->usb_function.unbind = dfu_unbind;
792 f_dfu->usb_function.set_alt = dfu_set_alt;
793 f_dfu->usb_function.disable = dfu_disable;
794 f_dfu->usb_function.strings = dfu_generic_strings;
795 f_dfu->usb_function.setup = dfu_handle;
796 f_dfu->poll_timeout = DFU_DEFAULT_POLL_TIMEOUT;
798 status = usb_add_function(c, &f_dfu->usb_function);
805 int dfu_add(struct usb_configuration *c)
809 id = usb_string_id(c->cdev);
812 strings_dfu_generic[0].id = id;
813 dfu_intf_runtime.iInterface = id;
815 debug("%s: cdev: 0x%p gadget:0x%p gadget->ep0: 0x%p\n", __func__,
816 c->cdev, c->cdev->gadget, c->cdev->gadget->ep0);
818 return dfu_bind_config(c);