2 * f_dfu.c -- Device Firmware Update USB function
4 * Copyright (C) 2012 Samsung Electronics
5 * authors: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
6 * Lukasz Majewski <l.majewski@samsung.com>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27 #include <linux/usb/ch9.h>
28 #include <linux/usb/gadget.h>
29 #include <linux/usb/composite.h>
35 struct usb_function usb_function;
37 struct usb_descriptor_header **function;
38 struct usb_string *strings;
40 /* when configured, we have one config */
43 enum dfu_state dfu_state;
44 unsigned int dfu_status;
46 /* Send/received block number is handy for data integrity check */
50 typedef int (*dfu_state_fn) (struct f_dfu *,
51 const struct usb_ctrlrequest *,
53 struct usb_request *);
55 static inline struct f_dfu *func_to_dfu(struct usb_function *f)
57 return container_of(f, struct f_dfu, usb_function);
60 static const struct dfu_function_descriptor dfu_func = {
61 .bLength = sizeof dfu_func,
62 .bDescriptorType = DFU_DT_FUNC,
63 .bmAttributes = DFU_BIT_WILL_DETACH |
64 DFU_BIT_MANIFESTATION_TOLERANT |
68 .wTransferSize = DFU_USB_BUFSIZ,
69 .bcdDFUVersion = __constant_cpu_to_le16(0x0110),
72 static struct usb_interface_descriptor dfu_intf_runtime = {
73 .bLength = sizeof dfu_intf_runtime,
74 .bDescriptorType = USB_DT_INTERFACE,
76 .bInterfaceClass = USB_CLASS_APP_SPEC,
77 .bInterfaceSubClass = 1,
78 .bInterfaceProtocol = 1,
79 /* .iInterface = DYNAMIC */
82 static struct usb_descriptor_header *dfu_runtime_descs[] = {
83 (struct usb_descriptor_header *) &dfu_intf_runtime,
87 static const struct usb_qualifier_descriptor dev_qualifier = {
88 .bLength = sizeof dev_qualifier,
89 .bDescriptorType = USB_DT_DEVICE_QUALIFIER,
90 .bcdUSB = __constant_cpu_to_le16(0x0200),
91 .bDeviceClass = USB_CLASS_VENDOR_SPEC,
92 .bNumConfigurations = 1,
95 static const char dfu_name[] = "Device Firmware Upgrade";
98 * static strings, in UTF-8
100 * dfu_generic configuration
102 static struct usb_string strings_dfu_generic[] = {
104 { } /* end of list */
107 static struct usb_gadget_strings stringtab_dfu_generic = {
108 .language = 0x0409, /* en-us */
109 .strings = strings_dfu_generic,
112 static struct usb_gadget_strings *dfu_generic_strings[] = {
113 &stringtab_dfu_generic,
118 * usb_function specific
120 static struct usb_gadget_strings stringtab_dfu = {
121 .language = 0x0409, /* en-us */
125 * assigned during initialization,
126 * depends on number of flash entities
131 static struct usb_gadget_strings *dfu_strings[] = {
136 /*-------------------------------------------------------------------------*/
138 static void dnload_request_complete(struct usb_ep *ep, struct usb_request *req)
140 struct f_dfu *f_dfu = req->context;
142 dfu_write(dfu_get_entity(f_dfu->altsetting), req->buf,
143 req->length, f_dfu->blk_seq_num);
145 if (req->length == 0)
146 puts("DOWNLOAD ... OK\nCtrl+C to exit ...\n");
149 static void handle_getstatus(struct usb_request *req)
151 struct dfu_status *dstat = (struct dfu_status *)req->buf;
152 struct f_dfu *f_dfu = req->context;
154 switch (f_dfu->dfu_state) {
155 case DFU_STATE_dfuDNLOAD_SYNC:
156 case DFU_STATE_dfuDNBUSY:
157 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_IDLE;
159 case DFU_STATE_dfuMANIFEST_SYNC:
165 /* send status response */
166 dstat->bStatus = f_dfu->dfu_status;
167 dstat->bwPollTimeout[0] = 0;
168 dstat->bwPollTimeout[1] = 0;
169 dstat->bwPollTimeout[2] = 0;
170 dstat->bState = f_dfu->dfu_state;
174 static void handle_getstate(struct usb_request *req)
176 struct f_dfu *f_dfu = req->context;
178 ((u8 *)req->buf)[0] = f_dfu->dfu_state;
179 req->actual = sizeof(u8);
182 static inline void to_dfu_mode(struct f_dfu *f_dfu)
184 f_dfu->usb_function.strings = dfu_strings;
185 f_dfu->usb_function.hs_descriptors = f_dfu->function;
186 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
189 static inline void to_runtime_mode(struct f_dfu *f_dfu)
191 f_dfu->usb_function.strings = NULL;
192 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
195 static int handle_upload(struct usb_request *req, u16 len)
197 struct f_dfu *f_dfu = req->context;
199 return dfu_read(dfu_get_entity(f_dfu->altsetting), req->buf,
200 req->length, f_dfu->blk_seq_num);
203 static int handle_dnload(struct usb_gadget *gadget, u16 len)
205 struct usb_composite_dev *cdev = get_gadget_data(gadget);
206 struct usb_request *req = cdev->req;
207 struct f_dfu *f_dfu = req->context;
210 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST_SYNC;
212 req->complete = dnload_request_complete;
217 /*-------------------------------------------------------------------------*/
218 /* DFU state machine */
219 static int state_app_idle(struct f_dfu *f_dfu,
220 const struct usb_ctrlrequest *ctrl,
221 struct usb_gadget *gadget,
222 struct usb_request *req)
226 switch (ctrl->bRequest) {
227 case USB_REQ_DFU_GETSTATUS:
228 handle_getstatus(req);
229 value = RET_STAT_LEN;
231 case USB_REQ_DFU_GETSTATE:
232 handle_getstate(req);
234 case USB_REQ_DFU_DETACH:
235 f_dfu->dfu_state = DFU_STATE_appDETACH;
247 static int state_app_detach(struct f_dfu *f_dfu,
248 const struct usb_ctrlrequest *ctrl,
249 struct usb_gadget *gadget,
250 struct usb_request *req)
254 switch (ctrl->bRequest) {
255 case USB_REQ_DFU_GETSTATUS:
256 handle_getstatus(req);
257 value = RET_STAT_LEN;
259 case USB_REQ_DFU_GETSTATE:
260 handle_getstate(req);
263 f_dfu->dfu_state = DFU_STATE_appIDLE;
271 static int state_dfu_idle(struct f_dfu *f_dfu,
272 const struct usb_ctrlrequest *ctrl,
273 struct usb_gadget *gadget,
274 struct usb_request *req)
276 u16 w_value = le16_to_cpu(ctrl->wValue);
277 u16 len = le16_to_cpu(ctrl->wLength);
280 switch (ctrl->bRequest) {
281 case USB_REQ_DFU_DNLOAD:
283 f_dfu->dfu_state = DFU_STATE_dfuERROR;
287 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
288 f_dfu->blk_seq_num = w_value;
289 value = handle_dnload(gadget, len);
291 case USB_REQ_DFU_UPLOAD:
292 f_dfu->dfu_state = DFU_STATE_dfuUPLOAD_IDLE;
293 f_dfu->blk_seq_num = 0;
294 value = handle_upload(req, len);
296 case USB_REQ_DFU_ABORT:
300 case USB_REQ_DFU_GETSTATUS:
301 handle_getstatus(req);
302 value = RET_STAT_LEN;
304 case USB_REQ_DFU_GETSTATE:
305 handle_getstate(req);
307 case USB_REQ_DFU_DETACH:
309 * Proprietary extension: 'detach' from idle mode and
310 * get back to runtime mode in case of USB Reset. As
311 * much as I dislike this, we just can't use every USB
312 * bus reset to switch back to runtime mode, since at
313 * least the Linux USB stack likes to send a number of
317 DFU_STATE_dfuMANIFEST_WAIT_RST;
318 to_runtime_mode(f_dfu);
319 f_dfu->dfu_state = DFU_STATE_appIDLE;
322 f_dfu->dfu_state = DFU_STATE_dfuERROR;
330 static int state_dfu_dnload_sync(struct f_dfu *f_dfu,
331 const struct usb_ctrlrequest *ctrl,
332 struct usb_gadget *gadget,
333 struct usb_request *req)
337 switch (ctrl->bRequest) {
338 case USB_REQ_DFU_GETSTATUS:
339 handle_getstatus(req);
340 value = RET_STAT_LEN;
342 case USB_REQ_DFU_GETSTATE:
343 handle_getstate(req);
346 f_dfu->dfu_state = DFU_STATE_dfuERROR;
354 static int state_dfu_dnbusy(struct f_dfu *f_dfu,
355 const struct usb_ctrlrequest *ctrl,
356 struct usb_gadget *gadget,
357 struct usb_request *req)
361 switch (ctrl->bRequest) {
362 case USB_REQ_DFU_GETSTATUS:
363 handle_getstatus(req);
364 value = RET_STAT_LEN;
367 f_dfu->dfu_state = DFU_STATE_dfuERROR;
375 static int state_dfu_dnload_idle(struct f_dfu *f_dfu,
376 const struct usb_ctrlrequest *ctrl,
377 struct usb_gadget *gadget,
378 struct usb_request *req)
380 u16 w_value = le16_to_cpu(ctrl->wValue);
381 u16 len = le16_to_cpu(ctrl->wLength);
384 switch (ctrl->bRequest) {
385 case USB_REQ_DFU_DNLOAD:
386 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
387 f_dfu->blk_seq_num = w_value;
388 value = handle_dnload(gadget, len);
390 case USB_REQ_DFU_ABORT:
391 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
394 case USB_REQ_DFU_GETSTATUS:
395 handle_getstatus(req);
396 value = RET_STAT_LEN;
398 case USB_REQ_DFU_GETSTATE:
399 handle_getstate(req);
402 f_dfu->dfu_state = DFU_STATE_dfuERROR;
410 static int state_dfu_manifest_sync(struct f_dfu *f_dfu,
411 const struct usb_ctrlrequest *ctrl,
412 struct usb_gadget *gadget,
413 struct usb_request *req)
417 switch (ctrl->bRequest) {
418 case USB_REQ_DFU_GETSTATUS:
419 /* We're MainfestationTolerant */
420 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
421 handle_getstatus(req);
422 f_dfu->blk_seq_num = 0;
423 value = RET_STAT_LEN;
425 case USB_REQ_DFU_GETSTATE:
426 handle_getstate(req);
429 f_dfu->dfu_state = DFU_STATE_dfuERROR;
437 static int state_dfu_upload_idle(struct f_dfu *f_dfu,
438 const struct usb_ctrlrequest *ctrl,
439 struct usb_gadget *gadget,
440 struct usb_request *req)
442 u16 w_value = le16_to_cpu(ctrl->wValue);
443 u16 len = le16_to_cpu(ctrl->wLength);
446 switch (ctrl->bRequest) {
447 case USB_REQ_DFU_UPLOAD:
448 /* state transition if less data then requested */
449 f_dfu->blk_seq_num = w_value;
450 value = handle_upload(req, len);
451 if (value >= 0 && value < len)
452 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
454 case USB_REQ_DFU_ABORT:
455 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
459 case USB_REQ_DFU_GETSTATUS:
460 handle_getstatus(req);
461 value = RET_STAT_LEN;
463 case USB_REQ_DFU_GETSTATE:
464 handle_getstate(req);
467 f_dfu->dfu_state = DFU_STATE_dfuERROR;
475 static int state_dfu_error(struct f_dfu *f_dfu,
476 const struct usb_ctrlrequest *ctrl,
477 struct usb_gadget *gadget,
478 struct usb_request *req)
482 switch (ctrl->bRequest) {
483 case USB_REQ_DFU_GETSTATUS:
484 handle_getstatus(req);
485 value = RET_STAT_LEN;
487 case USB_REQ_DFU_GETSTATE:
488 handle_getstate(req);
490 case USB_REQ_DFU_CLRSTATUS:
491 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
492 f_dfu->dfu_status = DFU_STATUS_OK;
497 f_dfu->dfu_state = DFU_STATE_dfuERROR;
505 static dfu_state_fn dfu_state[] = {
506 state_app_idle, /* DFU_STATE_appIDLE */
507 state_app_detach, /* DFU_STATE_appDETACH */
508 state_dfu_idle, /* DFU_STATE_dfuIDLE */
509 state_dfu_dnload_sync, /* DFU_STATE_dfuDNLOAD_SYNC */
510 state_dfu_dnbusy, /* DFU_STATE_dfuDNBUSY */
511 state_dfu_dnload_idle, /* DFU_STATE_dfuDNLOAD_IDLE */
512 state_dfu_manifest_sync, /* DFU_STATE_dfuMANIFEST_SYNC */
513 NULL, /* DFU_STATE_dfuMANIFEST */
514 NULL, /* DFU_STATE_dfuMANIFEST_WAIT_RST */
515 state_dfu_upload_idle, /* DFU_STATE_dfuUPLOAD_IDLE */
516 state_dfu_error /* DFU_STATE_dfuERROR */
520 dfu_handle(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
522 struct usb_gadget *gadget = f->config->cdev->gadget;
523 struct usb_request *req = f->config->cdev->req;
524 struct f_dfu *f_dfu = f->config->cdev->req->context;
525 u16 len = le16_to_cpu(ctrl->wLength);
526 u16 w_value = le16_to_cpu(ctrl->wValue);
528 u8 req_type = ctrl->bRequestType & USB_TYPE_MASK;
530 debug("w_value: 0x%x len: 0x%x\n", w_value, len);
531 debug("req_type: 0x%x ctrl->bRequest: 0x%x f_dfu->dfu_state: 0x%x\n",
532 req_type, ctrl->bRequest, f_dfu->dfu_state);
534 if (req_type == USB_TYPE_STANDARD) {
535 if (ctrl->bRequest == USB_REQ_GET_DESCRIPTOR &&
536 (w_value >> 8) == DFU_DT_FUNC) {
537 value = min(len, (u16) sizeof(dfu_func));
538 memcpy(req->buf, &dfu_func, value);
540 } else /* DFU specific request */
541 value = dfu_state[f_dfu->dfu_state] (f_dfu, ctrl, gadget, req);
545 req->zero = value < len;
546 value = usb_ep_queue(gadget->ep0, req, 0);
548 debug("ep_queue --> %d\n", value);
556 /*-------------------------------------------------------------------------*/
559 dfu_prepare_strings(struct f_dfu *f_dfu, int n)
561 struct dfu_entity *de = NULL;
564 f_dfu->strings = calloc(sizeof(struct usb_string), n + 1);
568 for (i = 0; i < n; ++i) {
569 de = dfu_get_entity(i);
570 f_dfu->strings[i].s = de->name;
573 f_dfu->strings[i].id = 0;
574 f_dfu->strings[i].s = NULL;
580 f_dfu->strings[--i].s = NULL;
582 free(f_dfu->strings);
587 static int dfu_prepare_function(struct f_dfu *f_dfu, int n)
589 struct usb_interface_descriptor *d;
592 f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n + 1);
593 if (!f_dfu->function)
596 for (i = 0; i < n; ++i) {
597 d = calloc(sizeof(*d), 1);
601 d->bLength = sizeof(*d);
602 d->bDescriptorType = USB_DT_INTERFACE;
603 d->bAlternateSetting = i;
604 d->bNumEndpoints = 0;
605 d->bInterfaceClass = USB_CLASS_APP_SPEC;
606 d->bInterfaceSubClass = 1;
607 d->bInterfaceProtocol = 2;
609 f_dfu->function[i] = (struct usb_descriptor_header *)d;
611 f_dfu->function[i] = NULL;
617 free(f_dfu->function[--i]);
618 f_dfu->function[i] = NULL;
620 free(f_dfu->function);
625 static int dfu_bind(struct usb_configuration *c, struct usb_function *f)
627 struct usb_composite_dev *cdev = c->cdev;
628 struct f_dfu *f_dfu = func_to_dfu(f);
629 int alt_num = dfu_get_alt_number();
632 id = usb_interface_id(c, f);
635 dfu_intf_runtime.bInterfaceNumber = id;
637 f_dfu->dfu_state = DFU_STATE_appIDLE;
638 f_dfu->dfu_status = DFU_STATUS_OK;
640 rv = dfu_prepare_function(f_dfu, alt_num);
644 rv = dfu_prepare_strings(f_dfu, alt_num);
647 for (i = 0; i < alt_num; i++) {
648 id = usb_string_id(cdev);
651 f_dfu->strings[i].id = id;
652 ((struct usb_interface_descriptor *)f_dfu->function[i])
658 stringtab_dfu.strings = f_dfu->strings;
660 cdev->req->context = f_dfu;
666 static void dfu_unbind(struct usb_configuration *c, struct usb_function *f)
668 struct f_dfu *f_dfu = func_to_dfu(f);
669 int alt_num = dfu_get_alt_number();
672 if (f_dfu->strings) {
675 f_dfu->strings[--i].s = NULL;
677 free(f_dfu->strings);
680 if (f_dfu->function) {
683 free(f_dfu->function[--i]);
684 f_dfu->function[i] = NULL;
686 free(f_dfu->function);
692 static int dfu_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
694 struct f_dfu *f_dfu = func_to_dfu(f);
696 debug("%s: intf:%d alt:%d\n", __func__, intf, alt);
698 f_dfu->altsetting = alt;
703 /* TODO: is this really what we need here? */
704 static void dfu_disable(struct usb_function *f)
706 struct f_dfu *f_dfu = func_to_dfu(f);
707 if (f_dfu->config == 0)
710 debug("%s: reset config\n", __func__);
715 static int dfu_bind_config(struct usb_configuration *c)
720 f_dfu = calloc(sizeof(*f_dfu), 1);
723 f_dfu->usb_function.name = "dfu";
724 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
725 f_dfu->usb_function.bind = dfu_bind;
726 f_dfu->usb_function.unbind = dfu_unbind;
727 f_dfu->usb_function.set_alt = dfu_set_alt;
728 f_dfu->usb_function.disable = dfu_disable;
729 f_dfu->usb_function.strings = dfu_generic_strings,
730 f_dfu->usb_function.setup = dfu_handle,
732 status = usb_add_function(c, &f_dfu->usb_function);
739 int dfu_add(struct usb_configuration *c)
743 id = usb_string_id(c->cdev);
746 strings_dfu_generic[0].id = id;
747 dfu_intf_runtime.iInterface = id;
749 debug("%s: cdev: 0x%p gadget:0x%p gadget->ep0: 0x%p\n", __func__,
750 c->cdev, c->cdev->gadget, c->cdev->gadget->ep0);
752 return dfu_bind_config(c);