2 * f_dfu.c -- Device Firmware Update USB function
4 * Copyright (C) 2012 Samsung Electronics
5 * authors: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
6 * Lukasz Majewski <l.majewski@samsung.com>
8 * Based on OpenMoko u-boot: drivers/usb/usbdfu.c
9 * (C) 2007 by OpenMoko, Inc.
10 * Author: Harald Welte <laforge@openmoko.org>
12 * based on existing SAM7DFU code from OpenPCD:
13 * (C) Copyright 2006 by Harald Welte <hwelte at hmw-consulting.de>
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
34 #include <linux/usb/ch9.h>
35 #include <linux/usb/gadget.h>
36 #include <linux/usb/composite.h>
42 struct usb_function usb_function;
44 struct usb_descriptor_header **function;
45 struct usb_string *strings;
47 /* when configured, we have one config */
50 enum dfu_state dfu_state;
51 unsigned int dfu_status;
53 /* Send/received block number is handy for data integrity check */
57 typedef int (*dfu_state_fn) (struct f_dfu *,
58 const struct usb_ctrlrequest *,
60 struct usb_request *);
62 static inline struct f_dfu *func_to_dfu(struct usb_function *f)
64 return container_of(f, struct f_dfu, usb_function);
67 static const struct dfu_function_descriptor dfu_func = {
68 .bLength = sizeof dfu_func,
69 .bDescriptorType = DFU_DT_FUNC,
70 .bmAttributes = DFU_BIT_WILL_DETACH |
71 DFU_BIT_MANIFESTATION_TOLERANT |
75 .wTransferSize = DFU_USB_BUFSIZ,
76 .bcdDFUVersion = __constant_cpu_to_le16(0x0110),
79 static struct usb_interface_descriptor dfu_intf_runtime = {
80 .bLength = sizeof dfu_intf_runtime,
81 .bDescriptorType = USB_DT_INTERFACE,
83 .bInterfaceClass = USB_CLASS_APP_SPEC,
84 .bInterfaceSubClass = 1,
85 .bInterfaceProtocol = 1,
86 /* .iInterface = DYNAMIC */
89 static struct usb_descriptor_header *dfu_runtime_descs[] = {
90 (struct usb_descriptor_header *) &dfu_intf_runtime,
94 static const struct usb_qualifier_descriptor dev_qualifier = {
95 .bLength = sizeof dev_qualifier,
96 .bDescriptorType = USB_DT_DEVICE_QUALIFIER,
97 .bcdUSB = __constant_cpu_to_le16(0x0200),
98 .bDeviceClass = USB_CLASS_VENDOR_SPEC,
99 .bNumConfigurations = 1,
102 static const char dfu_name[] = "Device Firmware Upgrade";
105 * static strings, in UTF-8
107 * dfu_generic configuration
109 static struct usb_string strings_dfu_generic[] = {
111 { } /* end of list */
114 static struct usb_gadget_strings stringtab_dfu_generic = {
115 .language = 0x0409, /* en-us */
116 .strings = strings_dfu_generic,
119 static struct usb_gadget_strings *dfu_generic_strings[] = {
120 &stringtab_dfu_generic,
125 * usb_function specific
127 static struct usb_gadget_strings stringtab_dfu = {
128 .language = 0x0409, /* en-us */
132 * assigned during initialization,
133 * depends on number of flash entities
138 static struct usb_gadget_strings *dfu_strings[] = {
143 /*-------------------------------------------------------------------------*/
145 static void dnload_request_complete(struct usb_ep *ep, struct usb_request *req)
147 struct f_dfu *f_dfu = req->context;
149 dfu_write(dfu_get_entity(f_dfu->altsetting), req->buf,
150 req->length, f_dfu->blk_seq_num);
152 if (req->length == 0)
153 puts("DOWNLOAD ... OK\nCtrl+C to exit ...\n");
156 static void handle_getstatus(struct usb_request *req)
158 struct dfu_status *dstat = (struct dfu_status *)req->buf;
159 struct f_dfu *f_dfu = req->context;
161 switch (f_dfu->dfu_state) {
162 case DFU_STATE_dfuDNLOAD_SYNC:
163 case DFU_STATE_dfuDNBUSY:
164 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_IDLE;
166 case DFU_STATE_dfuMANIFEST_SYNC:
172 /* send status response */
173 dstat->bStatus = f_dfu->dfu_status;
174 dstat->bwPollTimeout[0] = 0;
175 dstat->bwPollTimeout[1] = 0;
176 dstat->bwPollTimeout[2] = 0;
177 dstat->bState = f_dfu->dfu_state;
181 static void handle_getstate(struct usb_request *req)
183 struct f_dfu *f_dfu = req->context;
185 ((u8 *)req->buf)[0] = f_dfu->dfu_state;
186 req->actual = sizeof(u8);
189 static inline void to_dfu_mode(struct f_dfu *f_dfu)
191 f_dfu->usb_function.strings = dfu_strings;
192 f_dfu->usb_function.hs_descriptors = f_dfu->function;
193 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
196 static inline void to_runtime_mode(struct f_dfu *f_dfu)
198 f_dfu->usb_function.strings = NULL;
199 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
202 static int handle_upload(struct usb_request *req, u16 len)
204 struct f_dfu *f_dfu = req->context;
206 return dfu_read(dfu_get_entity(f_dfu->altsetting), req->buf,
207 req->length, f_dfu->blk_seq_num);
210 static int handle_dnload(struct usb_gadget *gadget, u16 len)
212 struct usb_composite_dev *cdev = get_gadget_data(gadget);
213 struct usb_request *req = cdev->req;
214 struct f_dfu *f_dfu = req->context;
217 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST_SYNC;
219 req->complete = dnload_request_complete;
224 /*-------------------------------------------------------------------------*/
225 /* DFU state machine */
226 static int state_app_idle(struct f_dfu *f_dfu,
227 const struct usb_ctrlrequest *ctrl,
228 struct usb_gadget *gadget,
229 struct usb_request *req)
233 switch (ctrl->bRequest) {
234 case USB_REQ_DFU_GETSTATUS:
235 handle_getstatus(req);
236 value = RET_STAT_LEN;
238 case USB_REQ_DFU_GETSTATE:
239 handle_getstate(req);
241 case USB_REQ_DFU_DETACH:
242 f_dfu->dfu_state = DFU_STATE_appDETACH;
254 static int state_app_detach(struct f_dfu *f_dfu,
255 const struct usb_ctrlrequest *ctrl,
256 struct usb_gadget *gadget,
257 struct usb_request *req)
261 switch (ctrl->bRequest) {
262 case USB_REQ_DFU_GETSTATUS:
263 handle_getstatus(req);
264 value = RET_STAT_LEN;
266 case USB_REQ_DFU_GETSTATE:
267 handle_getstate(req);
270 f_dfu->dfu_state = DFU_STATE_appIDLE;
278 static int state_dfu_idle(struct f_dfu *f_dfu,
279 const struct usb_ctrlrequest *ctrl,
280 struct usb_gadget *gadget,
281 struct usb_request *req)
283 u16 w_value = le16_to_cpu(ctrl->wValue);
284 u16 len = le16_to_cpu(ctrl->wLength);
287 switch (ctrl->bRequest) {
288 case USB_REQ_DFU_DNLOAD:
290 f_dfu->dfu_state = DFU_STATE_dfuERROR;
294 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
295 f_dfu->blk_seq_num = w_value;
296 value = handle_dnload(gadget, len);
298 case USB_REQ_DFU_UPLOAD:
299 f_dfu->dfu_state = DFU_STATE_dfuUPLOAD_IDLE;
300 f_dfu->blk_seq_num = 0;
301 value = handle_upload(req, len);
303 case USB_REQ_DFU_ABORT:
307 case USB_REQ_DFU_GETSTATUS:
308 handle_getstatus(req);
309 value = RET_STAT_LEN;
311 case USB_REQ_DFU_GETSTATE:
312 handle_getstate(req);
314 case USB_REQ_DFU_DETACH:
316 * Proprietary extension: 'detach' from idle mode and
317 * get back to runtime mode in case of USB Reset. As
318 * much as I dislike this, we just can't use every USB
319 * bus reset to switch back to runtime mode, since at
320 * least the Linux USB stack likes to send a number of
324 DFU_STATE_dfuMANIFEST_WAIT_RST;
325 to_runtime_mode(f_dfu);
326 f_dfu->dfu_state = DFU_STATE_appIDLE;
329 f_dfu->dfu_state = DFU_STATE_dfuERROR;
337 static int state_dfu_dnload_sync(struct f_dfu *f_dfu,
338 const struct usb_ctrlrequest *ctrl,
339 struct usb_gadget *gadget,
340 struct usb_request *req)
344 switch (ctrl->bRequest) {
345 case USB_REQ_DFU_GETSTATUS:
346 handle_getstatus(req);
347 value = RET_STAT_LEN;
349 case USB_REQ_DFU_GETSTATE:
350 handle_getstate(req);
353 f_dfu->dfu_state = DFU_STATE_dfuERROR;
361 static int state_dfu_dnbusy(struct f_dfu *f_dfu,
362 const struct usb_ctrlrequest *ctrl,
363 struct usb_gadget *gadget,
364 struct usb_request *req)
368 switch (ctrl->bRequest) {
369 case USB_REQ_DFU_GETSTATUS:
370 handle_getstatus(req);
371 value = RET_STAT_LEN;
374 f_dfu->dfu_state = DFU_STATE_dfuERROR;
382 static int state_dfu_dnload_idle(struct f_dfu *f_dfu,
383 const struct usb_ctrlrequest *ctrl,
384 struct usb_gadget *gadget,
385 struct usb_request *req)
387 u16 w_value = le16_to_cpu(ctrl->wValue);
388 u16 len = le16_to_cpu(ctrl->wLength);
391 switch (ctrl->bRequest) {
392 case USB_REQ_DFU_DNLOAD:
393 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
394 f_dfu->blk_seq_num = w_value;
395 value = handle_dnload(gadget, len);
397 case USB_REQ_DFU_ABORT:
398 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
401 case USB_REQ_DFU_GETSTATUS:
402 handle_getstatus(req);
403 value = RET_STAT_LEN;
405 case USB_REQ_DFU_GETSTATE:
406 handle_getstate(req);
409 f_dfu->dfu_state = DFU_STATE_dfuERROR;
417 static int state_dfu_manifest_sync(struct f_dfu *f_dfu,
418 const struct usb_ctrlrequest *ctrl,
419 struct usb_gadget *gadget,
420 struct usb_request *req)
424 switch (ctrl->bRequest) {
425 case USB_REQ_DFU_GETSTATUS:
426 /* We're MainfestationTolerant */
427 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
428 handle_getstatus(req);
429 f_dfu->blk_seq_num = 0;
430 value = RET_STAT_LEN;
432 case USB_REQ_DFU_GETSTATE:
433 handle_getstate(req);
436 f_dfu->dfu_state = DFU_STATE_dfuERROR;
444 static int state_dfu_upload_idle(struct f_dfu *f_dfu,
445 const struct usb_ctrlrequest *ctrl,
446 struct usb_gadget *gadget,
447 struct usb_request *req)
449 u16 w_value = le16_to_cpu(ctrl->wValue);
450 u16 len = le16_to_cpu(ctrl->wLength);
453 switch (ctrl->bRequest) {
454 case USB_REQ_DFU_UPLOAD:
455 /* state transition if less data then requested */
456 f_dfu->blk_seq_num = w_value;
457 value = handle_upload(req, len);
458 if (value >= 0 && value < len)
459 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
461 case USB_REQ_DFU_ABORT:
462 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
466 case USB_REQ_DFU_GETSTATUS:
467 handle_getstatus(req);
468 value = RET_STAT_LEN;
470 case USB_REQ_DFU_GETSTATE:
471 handle_getstate(req);
474 f_dfu->dfu_state = DFU_STATE_dfuERROR;
482 static int state_dfu_error(struct f_dfu *f_dfu,
483 const struct usb_ctrlrequest *ctrl,
484 struct usb_gadget *gadget,
485 struct usb_request *req)
489 switch (ctrl->bRequest) {
490 case USB_REQ_DFU_GETSTATUS:
491 handle_getstatus(req);
492 value = RET_STAT_LEN;
494 case USB_REQ_DFU_GETSTATE:
495 handle_getstate(req);
497 case USB_REQ_DFU_CLRSTATUS:
498 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
499 f_dfu->dfu_status = DFU_STATUS_OK;
504 f_dfu->dfu_state = DFU_STATE_dfuERROR;
512 static dfu_state_fn dfu_state[] = {
513 state_app_idle, /* DFU_STATE_appIDLE */
514 state_app_detach, /* DFU_STATE_appDETACH */
515 state_dfu_idle, /* DFU_STATE_dfuIDLE */
516 state_dfu_dnload_sync, /* DFU_STATE_dfuDNLOAD_SYNC */
517 state_dfu_dnbusy, /* DFU_STATE_dfuDNBUSY */
518 state_dfu_dnload_idle, /* DFU_STATE_dfuDNLOAD_IDLE */
519 state_dfu_manifest_sync, /* DFU_STATE_dfuMANIFEST_SYNC */
520 NULL, /* DFU_STATE_dfuMANIFEST */
521 NULL, /* DFU_STATE_dfuMANIFEST_WAIT_RST */
522 state_dfu_upload_idle, /* DFU_STATE_dfuUPLOAD_IDLE */
523 state_dfu_error /* DFU_STATE_dfuERROR */
527 dfu_handle(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
529 struct usb_gadget *gadget = f->config->cdev->gadget;
530 struct usb_request *req = f->config->cdev->req;
531 struct f_dfu *f_dfu = f->config->cdev->req->context;
532 u16 len = le16_to_cpu(ctrl->wLength);
533 u16 w_value = le16_to_cpu(ctrl->wValue);
535 u8 req_type = ctrl->bRequestType & USB_TYPE_MASK;
537 debug("w_value: 0x%x len: 0x%x\n", w_value, len);
538 debug("req_type: 0x%x ctrl->bRequest: 0x%x f_dfu->dfu_state: 0x%x\n",
539 req_type, ctrl->bRequest, f_dfu->dfu_state);
541 if (req_type == USB_TYPE_STANDARD) {
542 if (ctrl->bRequest == USB_REQ_GET_DESCRIPTOR &&
543 (w_value >> 8) == DFU_DT_FUNC) {
544 value = min(len, (u16) sizeof(dfu_func));
545 memcpy(req->buf, &dfu_func, value);
547 } else /* DFU specific request */
548 value = dfu_state[f_dfu->dfu_state] (f_dfu, ctrl, gadget, req);
552 req->zero = value < len;
553 value = usb_ep_queue(gadget->ep0, req, 0);
555 debug("ep_queue --> %d\n", value);
563 /*-------------------------------------------------------------------------*/
566 dfu_prepare_strings(struct f_dfu *f_dfu, int n)
568 struct dfu_entity *de = NULL;
571 f_dfu->strings = calloc(sizeof(struct usb_string), n + 1);
575 for (i = 0; i < n; ++i) {
576 de = dfu_get_entity(i);
577 f_dfu->strings[i].s = de->name;
580 f_dfu->strings[i].id = 0;
581 f_dfu->strings[i].s = NULL;
587 f_dfu->strings[--i].s = NULL;
589 free(f_dfu->strings);
594 static int dfu_prepare_function(struct f_dfu *f_dfu, int n)
596 struct usb_interface_descriptor *d;
599 f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n + 1);
600 if (!f_dfu->function)
603 for (i = 0; i < n; ++i) {
604 d = calloc(sizeof(*d), 1);
608 d->bLength = sizeof(*d);
609 d->bDescriptorType = USB_DT_INTERFACE;
610 d->bAlternateSetting = i;
611 d->bNumEndpoints = 0;
612 d->bInterfaceClass = USB_CLASS_APP_SPEC;
613 d->bInterfaceSubClass = 1;
614 d->bInterfaceProtocol = 2;
616 f_dfu->function[i] = (struct usb_descriptor_header *)d;
618 f_dfu->function[i] = NULL;
624 free(f_dfu->function[--i]);
625 f_dfu->function[i] = NULL;
627 free(f_dfu->function);
632 static int dfu_bind(struct usb_configuration *c, struct usb_function *f)
634 struct usb_composite_dev *cdev = c->cdev;
635 struct f_dfu *f_dfu = func_to_dfu(f);
636 int alt_num = dfu_get_alt_number();
639 id = usb_interface_id(c, f);
642 dfu_intf_runtime.bInterfaceNumber = id;
644 f_dfu->dfu_state = DFU_STATE_appIDLE;
645 f_dfu->dfu_status = DFU_STATUS_OK;
647 rv = dfu_prepare_function(f_dfu, alt_num);
651 rv = dfu_prepare_strings(f_dfu, alt_num);
654 for (i = 0; i < alt_num; i++) {
655 id = usb_string_id(cdev);
658 f_dfu->strings[i].id = id;
659 ((struct usb_interface_descriptor *)f_dfu->function[i])
665 stringtab_dfu.strings = f_dfu->strings;
667 cdev->req->context = f_dfu;
673 static void dfu_unbind(struct usb_configuration *c, struct usb_function *f)
675 struct f_dfu *f_dfu = func_to_dfu(f);
676 int alt_num = dfu_get_alt_number();
679 if (f_dfu->strings) {
682 f_dfu->strings[--i].s = NULL;
684 free(f_dfu->strings);
687 if (f_dfu->function) {
690 free(f_dfu->function[--i]);
691 f_dfu->function[i] = NULL;
693 free(f_dfu->function);
699 static int dfu_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
701 struct f_dfu *f_dfu = func_to_dfu(f);
703 debug("%s: intf:%d alt:%d\n", __func__, intf, alt);
705 f_dfu->altsetting = alt;
710 /* TODO: is this really what we need here? */
711 static void dfu_disable(struct usb_function *f)
713 struct f_dfu *f_dfu = func_to_dfu(f);
714 if (f_dfu->config == 0)
717 debug("%s: reset config\n", __func__);
722 static int dfu_bind_config(struct usb_configuration *c)
727 f_dfu = calloc(sizeof(*f_dfu), 1);
730 f_dfu->usb_function.name = "dfu";
731 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
732 f_dfu->usb_function.bind = dfu_bind;
733 f_dfu->usb_function.unbind = dfu_unbind;
734 f_dfu->usb_function.set_alt = dfu_set_alt;
735 f_dfu->usb_function.disable = dfu_disable;
736 f_dfu->usb_function.strings = dfu_generic_strings,
737 f_dfu->usb_function.setup = dfu_handle,
739 status = usb_add_function(c, &f_dfu->usb_function);
746 int dfu_add(struct usb_configuration *c)
750 id = usb_string_id(c->cdev);
753 strings_dfu_generic[0].id = id;
754 dfu_intf_runtime.iInterface = id;
756 debug("%s: cdev: 0x%p gadget:0x%p gadget->ep0: 0x%p\n", __func__,
757 c->cdev, c->cdev->gadget, c->cdev->gadget->ep0);
759 return dfu_bind_config(c);