1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18#include <errno.h>
19#include <common.h>
20#include <malloc.h>
21
22#include <linux/usb/ch9.h>
23#include <linux/usb/gadget.h>
24#include <linux/usb/composite.h>
25
26#include <dfu.h>
27#include "f_dfu.h"
28
29struct f_dfu {
30 struct usb_function usb_function;
31
32 struct usb_descriptor_header **function;
33 struct usb_string *strings;
34
35
36 u8 config;
37 u8 altsetting;
38 enum dfu_state dfu_state;
39 unsigned int dfu_status;
40
41
42 int blk_seq_num;
43};
44
45typedef int (*dfu_state_fn) (struct f_dfu *,
46 const struct usb_ctrlrequest *,
47 struct usb_gadget *,
48 struct usb_request *);
49
50static inline struct f_dfu *func_to_dfu(struct usb_function *f)
51{
52 return container_of(f, struct f_dfu, usb_function);
53}
54
55static const struct dfu_function_descriptor dfu_func = {
56 .bLength = sizeof dfu_func,
57 .bDescriptorType = DFU_DT_FUNC,
58 .bmAttributes = DFU_BIT_WILL_DETACH |
59 DFU_BIT_MANIFESTATION_TOLERANT |
60 DFU_BIT_CAN_UPLOAD |
61 DFU_BIT_CAN_DNLOAD,
62 .wDetachTimeOut = 0,
63 .wTransferSize = DFU_USB_BUFSIZ,
64 .bcdDFUVersion = __constant_cpu_to_le16(0x0110),
65};
66
67static struct usb_interface_descriptor dfu_intf_runtime = {
68 .bLength = sizeof dfu_intf_runtime,
69 .bDescriptorType = USB_DT_INTERFACE,
70 .bNumEndpoints = 0,
71 .bInterfaceClass = USB_CLASS_APP_SPEC,
72 .bInterfaceSubClass = 1,
73 .bInterfaceProtocol = 1,
74
75};
76
77static struct usb_descriptor_header *dfu_runtime_descs[] = {
78 (struct usb_descriptor_header *) &dfu_intf_runtime,
79 NULL,
80};
81
82static const struct usb_qualifier_descriptor dev_qualifier = {
83 .bLength = sizeof dev_qualifier,
84 .bDescriptorType = USB_DT_DEVICE_QUALIFIER,
85 .bcdUSB = __constant_cpu_to_le16(0x0200),
86 .bDeviceClass = USB_CLASS_VENDOR_SPEC,
87 .bNumConfigurations = 1,
88};
89
90static const char dfu_name[] = "Device Firmware Upgrade";
91
92
93
94
95
96
97static struct usb_string strings_dfu_generic[] = {
98 [0].s = dfu_name,
99 { }
100};
101
102static struct usb_gadget_strings stringtab_dfu_generic = {
103 .language = 0x0409,
104 .strings = strings_dfu_generic,
105};
106
107static struct usb_gadget_strings *dfu_generic_strings[] = {
108 &stringtab_dfu_generic,
109 NULL,
110};
111
112
113
114
115static struct usb_gadget_strings stringtab_dfu = {
116 .language = 0x0409,
117
118
119
120
121
122
123
124};
125
126static struct usb_gadget_strings *dfu_strings[] = {
127 &stringtab_dfu,
128 NULL,
129};
130
131
132
133static void dnload_request_complete(struct usb_ep *ep, struct usb_request *req)
134{
135 struct f_dfu *f_dfu = req->context;
136
137 dfu_write(dfu_get_entity(f_dfu->altsetting), req->buf,
138 req->length, f_dfu->blk_seq_num);
139
140 if (req->length == 0)
141 puts("DOWNLOAD ... OK\nCtrl+C to exit ...\n");
142}
143
144static void handle_getstatus(struct usb_request *req)
145{
146 struct dfu_status *dstat = (struct dfu_status *)req->buf;
147 struct f_dfu *f_dfu = req->context;
148
149 switch (f_dfu->dfu_state) {
150 case DFU_STATE_dfuDNLOAD_SYNC:
151 case DFU_STATE_dfuDNBUSY:
152 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_IDLE;
153 break;
154 case DFU_STATE_dfuMANIFEST_SYNC:
155 break;
156 default:
157 break;
158 }
159
160
161 dstat->bStatus = f_dfu->dfu_status;
162 dstat->bwPollTimeout[0] = 0;
163 dstat->bwPollTimeout[1] = 0;
164 dstat->bwPollTimeout[2] = 0;
165 dstat->bState = f_dfu->dfu_state;
166 dstat->iString = 0;
167}
168
169static void handle_getstate(struct usb_request *req)
170{
171 struct f_dfu *f_dfu = req->context;
172
173 ((u8 *)req->buf)[0] = f_dfu->dfu_state;
174 req->actual = sizeof(u8);
175}
176
177static inline void to_dfu_mode(struct f_dfu *f_dfu)
178{
179 f_dfu->usb_function.strings = dfu_strings;
180 f_dfu->usb_function.hs_descriptors = f_dfu->function;
181 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
182}
183
184static inline void to_runtime_mode(struct f_dfu *f_dfu)
185{
186 f_dfu->usb_function.strings = NULL;
187 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
188}
189
190static int handle_upload(struct usb_request *req, u16 len)
191{
192 struct f_dfu *f_dfu = req->context;
193
194 return dfu_read(dfu_get_entity(f_dfu->altsetting), req->buf,
195 req->length, f_dfu->blk_seq_num);
196}
197
198static int handle_dnload(struct usb_gadget *gadget, u16 len)
199{
200 struct usb_composite_dev *cdev = get_gadget_data(gadget);
201 struct usb_request *req = cdev->req;
202 struct f_dfu *f_dfu = req->context;
203
204 if (len == 0)
205 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST_SYNC;
206
207 req->complete = dnload_request_complete;
208
209 return len;
210}
211
212
213
214static int state_app_idle(struct f_dfu *f_dfu,
215 const struct usb_ctrlrequest *ctrl,
216 struct usb_gadget *gadget,
217 struct usb_request *req)
218{
219 int value = 0;
220
221 switch (ctrl->bRequest) {
222 case USB_REQ_DFU_GETSTATUS:
223 handle_getstatus(req);
224 value = RET_STAT_LEN;
225 break;
226 case USB_REQ_DFU_GETSTATE:
227 handle_getstate(req);
228 break;
229 case USB_REQ_DFU_DETACH:
230 f_dfu->dfu_state = DFU_STATE_appDETACH;
231 to_dfu_mode(f_dfu);
232 value = RET_ZLP;
233 break;
234 default:
235 value = RET_STALL;
236 break;
237 }
238
239 return value;
240}
241
242static int state_app_detach(struct f_dfu *f_dfu,
243 const struct usb_ctrlrequest *ctrl,
244 struct usb_gadget *gadget,
245 struct usb_request *req)
246{
247 int value = 0;
248
249 switch (ctrl->bRequest) {
250 case USB_REQ_DFU_GETSTATUS:
251 handle_getstatus(req);
252 value = RET_STAT_LEN;
253 break;
254 case USB_REQ_DFU_GETSTATE:
255 handle_getstate(req);
256 break;
257 default:
258 f_dfu->dfu_state = DFU_STATE_appIDLE;
259 value = RET_STALL;
260 break;
261 }
262
263 return value;
264}
265
266static int state_dfu_idle(struct f_dfu *f_dfu,
267 const struct usb_ctrlrequest *ctrl,
268 struct usb_gadget *gadget,
269 struct usb_request *req)
270{
271 u16 w_value = le16_to_cpu(ctrl->wValue);
272 u16 len = le16_to_cpu(ctrl->wLength);
273 int value = 0;
274
275 switch (ctrl->bRequest) {
276 case USB_REQ_DFU_DNLOAD:
277 if (len == 0) {
278 f_dfu->dfu_state = DFU_STATE_dfuERROR;
279 value = RET_STALL;
280 break;
281 }
282 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
283 f_dfu->blk_seq_num = w_value;
284 value = handle_dnload(gadget, len);
285 break;
286 case USB_REQ_DFU_UPLOAD:
287 f_dfu->dfu_state = DFU_STATE_dfuUPLOAD_IDLE;
288 f_dfu->blk_seq_num = 0;
289 value = handle_upload(req, len);
290 break;
291 case USB_REQ_DFU_ABORT:
292
293 value = RET_ZLP;
294 break;
295 case USB_REQ_DFU_GETSTATUS:
296 handle_getstatus(req);
297 value = RET_STAT_LEN;
298 break;
299 case USB_REQ_DFU_GETSTATE:
300 handle_getstate(req);
301 break;
302 case USB_REQ_DFU_DETACH:
303
304
305
306
307
308
309
310
311 f_dfu->dfu_state =
312 DFU_STATE_dfuMANIFEST_WAIT_RST;
313 to_runtime_mode(f_dfu);
314 f_dfu->dfu_state = DFU_STATE_appIDLE;
315
316 dfu_trigger_reset();
317 break;
318 default:
319 f_dfu->dfu_state = DFU_STATE_dfuERROR;
320 value = RET_STALL;
321 break;
322 }
323
324 return value;
325}
326
327static int state_dfu_dnload_sync(struct f_dfu *f_dfu,
328 const struct usb_ctrlrequest *ctrl,
329 struct usb_gadget *gadget,
330 struct usb_request *req)
331{
332 int value = 0;
333
334 switch (ctrl->bRequest) {
335 case USB_REQ_DFU_GETSTATUS:
336 handle_getstatus(req);
337 value = RET_STAT_LEN;
338 break;
339 case USB_REQ_DFU_GETSTATE:
340 handle_getstate(req);
341 break;
342 default:
343 f_dfu->dfu_state = DFU_STATE_dfuERROR;
344 value = RET_STALL;
345 break;
346 }
347
348 return value;
349}
350
351static int state_dfu_dnbusy(struct f_dfu *f_dfu,
352 const struct usb_ctrlrequest *ctrl,
353 struct usb_gadget *gadget,
354 struct usb_request *req)
355{
356 int value = 0;
357
358 switch (ctrl->bRequest) {
359 case USB_REQ_DFU_GETSTATUS:
360 handle_getstatus(req);
361 value = RET_STAT_LEN;
362 break;
363 default:
364 f_dfu->dfu_state = DFU_STATE_dfuERROR;
365 value = RET_STALL;
366 break;
367 }
368
369 return value;
370}
371
372static int state_dfu_dnload_idle(struct f_dfu *f_dfu,
373 const struct usb_ctrlrequest *ctrl,
374 struct usb_gadget *gadget,
375 struct usb_request *req)
376{
377 u16 w_value = le16_to_cpu(ctrl->wValue);
378 u16 len = le16_to_cpu(ctrl->wLength);
379 int value = 0;
380
381 switch (ctrl->bRequest) {
382 case USB_REQ_DFU_DNLOAD:
383 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC;
384 f_dfu->blk_seq_num = w_value;
385 value = handle_dnload(gadget, len);
386 break;
387 case USB_REQ_DFU_ABORT:
388 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
389 value = RET_ZLP;
390 break;
391 case USB_REQ_DFU_GETSTATUS:
392 handle_getstatus(req);
393 value = RET_STAT_LEN;
394 break;
395 case USB_REQ_DFU_GETSTATE:
396 handle_getstate(req);
397 break;
398 default:
399 f_dfu->dfu_state = DFU_STATE_dfuERROR;
400 value = RET_STALL;
401 break;
402 }
403
404 return value;
405}
406
407static int state_dfu_manifest_sync(struct f_dfu *f_dfu,
408 const struct usb_ctrlrequest *ctrl,
409 struct usb_gadget *gadget,
410 struct usb_request *req)
411{
412 int value = 0;
413
414 switch (ctrl->bRequest) {
415 case USB_REQ_DFU_GETSTATUS:
416
417 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
418 handle_getstatus(req);
419 f_dfu->blk_seq_num = 0;
420 value = RET_STAT_LEN;
421 break;
422 case USB_REQ_DFU_GETSTATE:
423 handle_getstate(req);
424 break;
425 default:
426 f_dfu->dfu_state = DFU_STATE_dfuERROR;
427 value = RET_STALL;
428 break;
429 }
430
431 return value;
432}
433
434static int state_dfu_upload_idle(struct f_dfu *f_dfu,
435 const struct usb_ctrlrequest *ctrl,
436 struct usb_gadget *gadget,
437 struct usb_request *req)
438{
439 u16 w_value = le16_to_cpu(ctrl->wValue);
440 u16 len = le16_to_cpu(ctrl->wLength);
441 int value = 0;
442
443 switch (ctrl->bRequest) {
444 case USB_REQ_DFU_UPLOAD:
445
446 f_dfu->blk_seq_num = w_value;
447 value = handle_upload(req, len);
448 if (value >= 0 && value < len)
449 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
450 break;
451 case USB_REQ_DFU_ABORT:
452 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
453
454 value = RET_ZLP;
455 break;
456 case USB_REQ_DFU_GETSTATUS:
457 handle_getstatus(req);
458 value = RET_STAT_LEN;
459 break;
460 case USB_REQ_DFU_GETSTATE:
461 handle_getstate(req);
462 break;
463 default:
464 f_dfu->dfu_state = DFU_STATE_dfuERROR;
465 value = RET_STALL;
466 break;
467 }
468
469 return value;
470}
471
472static int state_dfu_error(struct f_dfu *f_dfu,
473 const struct usb_ctrlrequest *ctrl,
474 struct usb_gadget *gadget,
475 struct usb_request *req)
476{
477 int value = 0;
478
479 switch (ctrl->bRequest) {
480 case USB_REQ_DFU_GETSTATUS:
481 handle_getstatus(req);
482 value = RET_STAT_LEN;
483 break;
484 case USB_REQ_DFU_GETSTATE:
485 handle_getstate(req);
486 break;
487 case USB_REQ_DFU_CLRSTATUS:
488 f_dfu->dfu_state = DFU_STATE_dfuIDLE;
489 f_dfu->dfu_status = DFU_STATUS_OK;
490
491 value = RET_ZLP;
492 break;
493 default:
494 f_dfu->dfu_state = DFU_STATE_dfuERROR;
495 value = RET_STALL;
496 break;
497 }
498
499 return value;
500}
501
502static dfu_state_fn dfu_state[] = {
503 state_app_idle,
504 state_app_detach,
505 state_dfu_idle,
506 state_dfu_dnload_sync,
507 state_dfu_dnbusy,
508 state_dfu_dnload_idle,
509 state_dfu_manifest_sync,
510 NULL,
511 NULL,
512 state_dfu_upload_idle,
513 state_dfu_error
514};
515
516static int
517dfu_handle(struct usb_function *f, const struct usb_ctrlrequest *ctrl)
518{
519 struct usb_gadget *gadget = f->config->cdev->gadget;
520 struct usb_request *req = f->config->cdev->req;
521 struct f_dfu *f_dfu = f->config->cdev->req->context;
522 u16 len = le16_to_cpu(ctrl->wLength);
523 u16 w_value = le16_to_cpu(ctrl->wValue);
524 int value = 0;
525 u8 req_type = ctrl->bRequestType & USB_TYPE_MASK;
526
527 debug("w_value: 0x%x len: 0x%x\n", w_value, len);
528 debug("req_type: 0x%x ctrl->bRequest: 0x%x f_dfu->dfu_state: 0x%x\n",
529 req_type, ctrl->bRequest, f_dfu->dfu_state);
530
531 if (req_type == USB_TYPE_STANDARD) {
532 if (ctrl->bRequest == USB_REQ_GET_DESCRIPTOR &&
533 (w_value >> 8) == DFU_DT_FUNC) {
534 value = min(len, (u16) sizeof(dfu_func));
535 memcpy(req->buf, &dfu_func, value);
536 }
537 } else
538 value = dfu_state[f_dfu->dfu_state] (f_dfu, ctrl, gadget, req);
539
540 if (value >= 0) {
541 req->length = value;
542 req->zero = value < len;
543 value = usb_ep_queue(gadget->ep0, req, 0);
544 if (value < 0) {
545 debug("ep_queue --> %d\n", value);
546 req->status = 0;
547 }
548 }
549
550 return value;
551}
552
553
554
555static int
556dfu_prepare_strings(struct f_dfu *f_dfu, int n)
557{
558 struct dfu_entity *de = NULL;
559 int i = 0;
560
561 f_dfu->strings = calloc(sizeof(struct usb_string), n + 1);
562 if (!f_dfu->strings)
563 goto enomem;
564
565 for (i = 0; i < n; ++i) {
566 de = dfu_get_entity(i);
567 f_dfu->strings[i].s = de->name;
568 }
569
570 f_dfu->strings[i].id = 0;
571 f_dfu->strings[i].s = NULL;
572
573 return 0;
574
575enomem:
576 while (i)
577 f_dfu->strings[--i].s = NULL;
578
579 free(f_dfu->strings);
580
581 return -ENOMEM;
582}
583
584static int dfu_prepare_function(struct f_dfu *f_dfu, int n)
585{
586 struct usb_interface_descriptor *d;
587 int i = 0;
588
589 f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n + 1);
590 if (!f_dfu->function)
591 goto enomem;
592
593 for (i = 0; i < n; ++i) {
594 d = calloc(sizeof(*d), 1);
595 if (!d)
596 goto enomem;
597
598 d->bLength = sizeof(*d);
599 d->bDescriptorType = USB_DT_INTERFACE;
600 d->bAlternateSetting = i;
601 d->bNumEndpoints = 0;
602 d->bInterfaceClass = USB_CLASS_APP_SPEC;
603 d->bInterfaceSubClass = 1;
604 d->bInterfaceProtocol = 2;
605
606 f_dfu->function[i] = (struct usb_descriptor_header *)d;
607 }
608 f_dfu->function[i] = NULL;
609
610 return 0;
611
612enomem:
613 while (i) {
614 free(f_dfu->function[--i]);
615 f_dfu->function[i] = NULL;
616 }
617 free(f_dfu->function);
618
619 return -ENOMEM;
620}
621
622static int dfu_bind(struct usb_configuration *c, struct usb_function *f)
623{
624 struct usb_composite_dev *cdev = c->cdev;
625 struct f_dfu *f_dfu = func_to_dfu(f);
626 int alt_num = dfu_get_alt_number();
627 int rv, id, i;
628
629 id = usb_interface_id(c, f);
630 if (id < 0)
631 return id;
632 dfu_intf_runtime.bInterfaceNumber = id;
633
634 f_dfu->dfu_state = DFU_STATE_appIDLE;
635 f_dfu->dfu_status = DFU_STATUS_OK;
636
637 rv = dfu_prepare_function(f_dfu, alt_num);
638 if (rv)
639 goto error;
640
641 rv = dfu_prepare_strings(f_dfu, alt_num);
642 if (rv)
643 goto error;
644 for (i = 0; i < alt_num; i++) {
645 id = usb_string_id(cdev);
646 if (id < 0)
647 return id;
648 f_dfu->strings[i].id = id;
649 ((struct usb_interface_descriptor *)f_dfu->function[i])
650 ->iInterface = id;
651 }
652
653 to_dfu_mode(f_dfu);
654
655 stringtab_dfu.strings = f_dfu->strings;
656
657 cdev->req->context = f_dfu;
658
659error:
660 return rv;
661}
662
663static void dfu_unbind(struct usb_configuration *c, struct usb_function *f)
664{
665 struct f_dfu *f_dfu = func_to_dfu(f);
666 int alt_num = dfu_get_alt_number();
667 int i;
668
669 if (f_dfu->strings) {
670 i = alt_num;
671 while (i)
672 f_dfu->strings[--i].s = NULL;
673
674 free(f_dfu->strings);
675 }
676
677 if (f_dfu->function) {
678 i = alt_num;
679 while (i) {
680 free(f_dfu->function[--i]);
681 f_dfu->function[i] = NULL;
682 }
683 free(f_dfu->function);
684 }
685
686 free(f_dfu);
687}
688
689static int dfu_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
690{
691 struct f_dfu *f_dfu = func_to_dfu(f);
692
693 debug("%s: intf:%d alt:%d\n", __func__, intf, alt);
694
695 f_dfu->altsetting = alt;
696
697 return 0;
698}
699
700
701static void dfu_disable(struct usb_function *f)
702{
703 struct f_dfu *f_dfu = func_to_dfu(f);
704 if (f_dfu->config == 0)
705 return;
706
707 debug("%s: reset config\n", __func__);
708
709 f_dfu->config = 0;
710}
711
712static int dfu_bind_config(struct usb_configuration *c)
713{
714 struct f_dfu *f_dfu;
715 int status;
716
717 f_dfu = calloc(sizeof(*f_dfu), 1);
718 if (!f_dfu)
719 return -ENOMEM;
720 f_dfu->usb_function.name = "dfu";
721 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs;
722 f_dfu->usb_function.bind = dfu_bind;
723 f_dfu->usb_function.unbind = dfu_unbind;
724 f_dfu->usb_function.set_alt = dfu_set_alt;
725 f_dfu->usb_function.disable = dfu_disable;
726 f_dfu->usb_function.strings = dfu_generic_strings,
727 f_dfu->usb_function.setup = dfu_handle,
728
729 status = usb_add_function(c, &f_dfu->usb_function);
730 if (status)
731 free(f_dfu);
732
733 return status;
734}
735
736int dfu_add(struct usb_configuration *c)
737{
738 int id;
739
740 id = usb_string_id(c->cdev);
741 if (id < 0)
742 return id;
743 strings_dfu_generic[0].id = id;
744 dfu_intf_runtime.iInterface = id;
745
746 debug("%s: cdev: 0x%p gadget:0x%p gadget->ep0: 0x%p\n", __func__,
747 c->cdev, c->cdev->gadget, c->cdev->gadget->ep0);
748
749 return dfu_bind_config(c);
750}
751
