2 * (C) Copyright 2008 - 2009
3 * Windriver, <www.windriver.com>
4 * Tom Rix <Tom.Rix@windriver.com>
6 * Copyright 2011 Sebastian Andrzej Siewior <bigeasy@linutronix.de>
8 * Copyright 2014 Linaro, Ltd.
9 * Rob Herring <robh@kernel.org>
11 * SPDX-License-Identifier: GPL-2.0+
18 #include <linux/usb/ch9.h>
19 #include <linux/usb/gadget.h>
20 #include <linux/usb/composite.h>
21 #include <linux/compiler.h>
24 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV
27 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV
31 #define FASTBOOT_VERSION "0.4"
33 #define FASTBOOT_INTERFACE_CLASS 0xff
34 #define FASTBOOT_INTERFACE_SUB_CLASS 0x42
35 #define FASTBOOT_INTERFACE_PROTOCOL 0x03
37 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_2_0 (0x0200)
38 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_1_1 (0x0040)
39 #define TX_ENDPOINT_MAXIMUM_PACKET_SIZE (0x0040)
41 #define EP_BUFFER_SIZE 4096
44 struct usb_function usb_function
;
46 /* IN/OUT EP's and corresponding requests */
47 struct usb_ep
*in_ep
, *out_ep
;
48 struct usb_request
*in_req
, *out_req
;
51 static inline struct f_fastboot
*func_to_fastboot(struct usb_function
*f
)
53 return container_of(f
, struct f_fastboot
, usb_function
);
56 static struct f_fastboot
*fastboot_func
;
57 static unsigned int fastboot_flash_session_id
;
58 static unsigned int download_size
;
59 static unsigned int download_bytes
;
60 static bool is_high_speed
;
62 static struct usb_endpoint_descriptor fs_ep_in
= {
63 .bLength
= USB_DT_ENDPOINT_SIZE
,
64 .bDescriptorType
= USB_DT_ENDPOINT
,
65 .bEndpointAddress
= USB_DIR_IN
,
66 .bmAttributes
= USB_ENDPOINT_XFER_BULK
,
67 .wMaxPacketSize
= TX_ENDPOINT_MAXIMUM_PACKET_SIZE
,
71 static struct usb_endpoint_descriptor fs_ep_out
= {
72 .bLength
= USB_DT_ENDPOINT_SIZE
,
73 .bDescriptorType
= USB_DT_ENDPOINT
,
74 .bEndpointAddress
= USB_DIR_OUT
,
75 .bmAttributes
= USB_ENDPOINT_XFER_BULK
,
76 .wMaxPacketSize
= RX_ENDPOINT_MAXIMUM_PACKET_SIZE_1_1
,
80 static struct usb_endpoint_descriptor hs_ep_out
= {
81 .bLength
= USB_DT_ENDPOINT_SIZE
,
82 .bDescriptorType
= USB_DT_ENDPOINT
,
83 .bEndpointAddress
= USB_DIR_OUT
,
84 .bmAttributes
= USB_ENDPOINT_XFER_BULK
,
85 .wMaxPacketSize
= RX_ENDPOINT_MAXIMUM_PACKET_SIZE_2_0
,
89 static struct usb_interface_descriptor interface_desc
= {
90 .bLength
= USB_DT_INTERFACE_SIZE
,
91 .bDescriptorType
= USB_DT_INTERFACE
,
92 .bInterfaceNumber
= 0x00,
93 .bAlternateSetting
= 0x00,
94 .bNumEndpoints
= 0x02,
95 .bInterfaceClass
= FASTBOOT_INTERFACE_CLASS
,
96 .bInterfaceSubClass
= FASTBOOT_INTERFACE_SUB_CLASS
,
97 .bInterfaceProtocol
= FASTBOOT_INTERFACE_PROTOCOL
,
100 static struct usb_descriptor_header
*fb_runtime_descs
[] = {
101 (struct usb_descriptor_header
*)&interface_desc
,
102 (struct usb_descriptor_header
*)&fs_ep_in
,
103 (struct usb_descriptor_header
*)&hs_ep_out
,
108 * static strings, in UTF-8
110 static const char fastboot_name
[] = "Android Fastboot";
112 static struct usb_string fastboot_string_defs
[] = {
113 [0].s
= fastboot_name
,
114 { } /* end of list */
117 static struct usb_gadget_strings stringtab_fastboot
= {
118 .language
= 0x0409, /* en-us */
119 .strings
= fastboot_string_defs
,
122 static struct usb_gadget_strings
*fastboot_strings
[] = {
127 static void rx_handler_command(struct usb_ep
*ep
, struct usb_request
*req
);
128 static int strcmp_l1(const char *s1
, const char *s2
);
131 void fastboot_fail(char *response
, const char *reason
)
133 strncpy(response
, "FAIL\0", 5);
134 strncat(response
, reason
, FASTBOOT_RESPONSE_LEN
- 4 - 1);
137 void fastboot_okay(char *response
, const char *reason
)
139 strncpy(response
, "OKAY\0", 5);
140 strncat(response
, reason
, FASTBOOT_RESPONSE_LEN
- 4 - 1);
143 static void fastboot_complete(struct usb_ep
*ep
, struct usb_request
*req
)
145 int status
= req
->status
;
148 printf("status: %d ep '%s' trans: %d\n", status
, ep
->name
, req
->actual
);
151 static int fastboot_bind(struct usb_configuration
*c
, struct usb_function
*f
)
154 struct usb_gadget
*gadget
= c
->cdev
->gadget
;
155 struct f_fastboot
*f_fb
= func_to_fastboot(f
);
158 /* DYNAMIC interface numbers assignments */
159 id
= usb_interface_id(c
, f
);
162 interface_desc
.bInterfaceNumber
= id
;
164 id
= usb_string_id(c
->cdev
);
167 fastboot_string_defs
[0].id
= id
;
168 interface_desc
.iInterface
= id
;
170 f_fb
->in_ep
= usb_ep_autoconfig(gadget
, &fs_ep_in
);
173 f_fb
->in_ep
->driver_data
= c
->cdev
;
175 f_fb
->out_ep
= usb_ep_autoconfig(gadget
, &fs_ep_out
);
178 f_fb
->out_ep
->driver_data
= c
->cdev
;
180 hs_ep_out
.bEndpointAddress
= fs_ep_out
.bEndpointAddress
;
182 s
= getenv("serial#");
184 g_dnl_set_serialnumber((char *)s
);
189 static void fastboot_unbind(struct usb_configuration
*c
, struct usb_function
*f
)
191 memset(fastboot_func
, 0, sizeof(*fastboot_func
));
194 static void fastboot_disable(struct usb_function
*f
)
196 struct f_fastboot
*f_fb
= func_to_fastboot(f
);
198 usb_ep_disable(f_fb
->out_ep
);
199 usb_ep_disable(f_fb
->in_ep
);
202 free(f_fb
->out_req
->buf
);
203 usb_ep_free_request(f_fb
->out_ep
, f_fb
->out_req
);
204 f_fb
->out_req
= NULL
;
207 free(f_fb
->in_req
->buf
);
208 usb_ep_free_request(f_fb
->in_ep
, f_fb
->in_req
);
213 static struct usb_request
*fastboot_start_ep(struct usb_ep
*ep
)
215 struct usb_request
*req
;
217 req
= usb_ep_alloc_request(ep
, 0);
221 req
->length
= EP_BUFFER_SIZE
;
222 req
->buf
= memalign(CONFIG_SYS_CACHELINE_SIZE
, EP_BUFFER_SIZE
);
224 usb_ep_free_request(ep
, req
);
228 memset(req
->buf
, 0, req
->length
);
232 static int fastboot_set_alt(struct usb_function
*f
,
233 unsigned interface
, unsigned alt
)
236 struct usb_composite_dev
*cdev
= f
->config
->cdev
;
237 struct usb_gadget
*gadget
= cdev
->gadget
;
238 struct f_fastboot
*f_fb
= func_to_fastboot(f
);
240 debug("%s: func: %s intf: %d alt: %d\n",
241 __func__
, f
->name
, interface
, alt
);
243 /* make sure we don't enable the ep twice */
244 if (gadget
->speed
== USB_SPEED_HIGH
) {
245 ret
= usb_ep_enable(f_fb
->out_ep
, &hs_ep_out
);
246 is_high_speed
= true;
248 ret
= usb_ep_enable(f_fb
->out_ep
, &fs_ep_out
);
249 is_high_speed
= false;
252 puts("failed to enable out ep\n");
256 f_fb
->out_req
= fastboot_start_ep(f_fb
->out_ep
);
257 if (!f_fb
->out_req
) {
258 puts("failed to alloc out req\n");
262 f_fb
->out_req
->complete
= rx_handler_command
;
264 ret
= usb_ep_enable(f_fb
->in_ep
, &fs_ep_in
);
266 puts("failed to enable in ep\n");
270 f_fb
->in_req
= fastboot_start_ep(f_fb
->in_ep
);
272 puts("failed alloc req in\n");
276 f_fb
->in_req
->complete
= fastboot_complete
;
278 ret
= usb_ep_queue(f_fb
->out_ep
, f_fb
->out_req
, 0);
288 static int fastboot_add(struct usb_configuration
*c
)
290 struct f_fastboot
*f_fb
= fastboot_func
;
293 debug("%s: cdev: 0x%p\n", __func__
, c
->cdev
);
296 f_fb
= memalign(CONFIG_SYS_CACHELINE_SIZE
, sizeof(*f_fb
));
300 fastboot_func
= f_fb
;
301 memset(f_fb
, 0, sizeof(*f_fb
));
304 f_fb
->usb_function
.name
= "f_fastboot";
305 f_fb
->usb_function
.hs_descriptors
= fb_runtime_descs
;
306 f_fb
->usb_function
.bind
= fastboot_bind
;
307 f_fb
->usb_function
.unbind
= fastboot_unbind
;
308 f_fb
->usb_function
.set_alt
= fastboot_set_alt
;
309 f_fb
->usb_function
.disable
= fastboot_disable
;
310 f_fb
->usb_function
.strings
= fastboot_strings
;
312 status
= usb_add_function(c
, &f_fb
->usb_function
);
315 fastboot_func
= f_fb
;
320 DECLARE_GADGET_BIND_CALLBACK(usb_dnl_fastboot
, fastboot_add
);
322 static int fastboot_tx_write(const char *buffer
, unsigned int buffer_size
)
324 struct usb_request
*in_req
= fastboot_func
->in_req
;
327 memcpy(in_req
->buf
, buffer
, buffer_size
);
328 in_req
->length
= buffer_size
;
330 usb_ep_dequeue(fastboot_func
->in_ep
, in_req
);
332 ret
= usb_ep_queue(fastboot_func
->in_ep
, in_req
, 0);
334 printf("Error %d on queue\n", ret
);
338 static int fastboot_tx_write_str(const char *buffer
)
340 return fastboot_tx_write(buffer
, strlen(buffer
));
343 static void compl_do_reset(struct usb_ep
*ep
, struct usb_request
*req
)
345 do_reset(NULL
, 0, 0, NULL
);
348 int __weak
fb_set_reboot_flag(void)
353 static void cb_reboot(struct usb_ep
*ep
, struct usb_request
*req
)
355 char *cmd
= req
->buf
;
356 if (!strcmp_l1("reboot-bootloader", cmd
)) {
357 if (fb_set_reboot_flag()) {
358 fastboot_tx_write_str("FAILCannot set reboot flag");
362 fastboot_func
->in_req
->complete
= compl_do_reset
;
363 fastboot_tx_write_str("OKAY");
366 static int strcmp_l1(const char *s1
, const char *s2
)
370 return strncmp(s1
, s2
, strlen(s1
));
373 static void cb_getvar(struct usb_ep
*ep
, struct usb_request
*req
)
375 char *cmd
= req
->buf
;
376 char response
[FASTBOOT_RESPONSE_LEN
];
380 strcpy(response
, "OKAY");
381 chars_left
= sizeof(response
) - strlen(response
) - 1;
385 error("missing variable");
386 fastboot_tx_write_str("FAILmissing var");
390 if (!strcmp_l1("version", cmd
)) {
391 strncat(response
, FASTBOOT_VERSION
, chars_left
);
392 } else if (!strcmp_l1("bootloader-version", cmd
)) {
393 strncat(response
, U_BOOT_VERSION
, chars_left
);
394 } else if (!strcmp_l1("downloadsize", cmd
) ||
395 !strcmp_l1("max-download-size", cmd
)) {
398 sprintf(str_num
, "0x%08x", CONFIG_FASTBOOT_BUF_SIZE
);
399 strncat(response
, str_num
, chars_left
);
402 * This also indicates the start of a new flashing
403 * "session", in which we could have 1-N buffers to
404 * write to a partition.
406 * Reset our session counter.
408 fastboot_flash_session_id
= 0;
409 } else if (!strcmp_l1("serialno", cmd
)) {
410 s
= getenv("serial#");
412 strncat(response
, s
, chars_left
);
414 strcpy(response
, "FAILValue not set");
416 printf("WARNING: unknown variable: %s\n", cmd
);
417 strcpy(response
, "FAILVariable not implemented");
419 fastboot_tx_write_str(response
);
422 static unsigned int rx_bytes_expected(unsigned int maxpacket
)
424 int rx_remain
= download_size
- download_bytes
;
428 if (rx_remain
> EP_BUFFER_SIZE
)
429 return EP_BUFFER_SIZE
;
430 if (rx_remain
< maxpacket
) {
431 rx_remain
= maxpacket
;
432 } else if (rx_remain
% maxpacket
!= 0) {
433 rem
= rx_remain
% maxpacket
;
434 rx_remain
= rx_remain
+ (maxpacket
- rem
);
439 #define BYTES_PER_DOT 0x20000
440 static void rx_handler_dl_image(struct usb_ep
*ep
, struct usb_request
*req
)
442 char response
[FASTBOOT_RESPONSE_LEN
];
443 unsigned int transfer_size
= download_size
- download_bytes
;
444 const unsigned char *buffer
= req
->buf
;
445 unsigned int buffer_size
= req
->actual
;
446 unsigned int pre_dot_num
, now_dot_num
;
449 if (req
->status
!= 0) {
450 printf("Bad status: %d\n", req
->status
);
454 if (buffer_size
< transfer_size
)
455 transfer_size
= buffer_size
;
457 memcpy((void *)CONFIG_FASTBOOT_BUF_ADDR
+ download_bytes
,
458 buffer
, transfer_size
);
460 pre_dot_num
= download_bytes
/ BYTES_PER_DOT
;
461 download_bytes
+= transfer_size
;
462 now_dot_num
= download_bytes
/ BYTES_PER_DOT
;
464 if (pre_dot_num
!= now_dot_num
) {
466 if (!(now_dot_num
% 74))
470 /* Check if transfer is done */
471 if (download_bytes
>= download_size
) {
473 * Reset global transfer variable, keep download_bytes because
474 * it will be used in the next possible flashing command
477 req
->complete
= rx_handler_command
;
478 req
->length
= EP_BUFFER_SIZE
;
480 strcpy(response
, "OKAY");
481 fastboot_tx_write_str(response
);
483 printf("\ndownloading of %d bytes finished\n", download_bytes
);
485 max
= is_high_speed
? hs_ep_out
.wMaxPacketSize
:
486 fs_ep_out
.wMaxPacketSize
;
487 req
->length
= rx_bytes_expected(max
);
488 if (req
->length
< ep
->maxpacket
)
489 req
->length
= ep
->maxpacket
;
493 usb_ep_queue(ep
, req
, 0);
496 static void cb_download(struct usb_ep
*ep
, struct usb_request
*req
)
498 char *cmd
= req
->buf
;
499 char response
[FASTBOOT_RESPONSE_LEN
];
503 download_size
= simple_strtoul(cmd
, NULL
, 16);
506 printf("Starting download of %d bytes\n", download_size
);
508 if (0 == download_size
) {
509 strcpy(response
, "FAILdata invalid size");
510 } else if (download_size
> CONFIG_FASTBOOT_BUF_SIZE
) {
512 strcpy(response
, "FAILdata too large");
514 sprintf(response
, "DATA%08x", download_size
);
515 req
->complete
= rx_handler_dl_image
;
516 max
= is_high_speed
? hs_ep_out
.wMaxPacketSize
:
517 fs_ep_out
.wMaxPacketSize
;
518 req
->length
= rx_bytes_expected(max
);
519 if (req
->length
< ep
->maxpacket
)
520 req
->length
= ep
->maxpacket
;
522 fastboot_tx_write_str(response
);
525 static void do_bootm_on_complete(struct usb_ep
*ep
, struct usb_request
*req
)
527 char boot_addr_start
[12];
528 char *bootm_args
[] = { "bootm", boot_addr_start
, NULL
};
530 puts("Booting kernel..\n");
532 sprintf(boot_addr_start
, "0x%lx", load_addr
);
533 do_bootm(NULL
, 0, 2, bootm_args
);
535 /* This only happens if image is somehow faulty so we start over */
536 do_reset(NULL
, 0, 0, NULL
);
539 static void cb_boot(struct usb_ep
*ep
, struct usb_request
*req
)
541 fastboot_func
->in_req
->complete
= do_bootm_on_complete
;
542 fastboot_tx_write_str("OKAY");
545 static void do_exit_on_complete(struct usb_ep
*ep
, struct usb_request
*req
)
547 g_dnl_trigger_detach();
550 static void cb_continue(struct usb_ep
*ep
, struct usb_request
*req
)
552 fastboot_func
->in_req
->complete
= do_exit_on_complete
;
553 fastboot_tx_write_str("OKAY");
556 #ifdef CONFIG_FASTBOOT_FLASH
557 static void cb_flash(struct usb_ep
*ep
, struct usb_request
*req
)
559 char *cmd
= req
->buf
;
560 char response
[FASTBOOT_RESPONSE_LEN
];
564 error("missing partition name");
565 fastboot_tx_write_str("FAILmissing partition name");
569 strcpy(response
, "FAILno flash device defined");
570 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV
571 fb_mmc_flash_write(cmd
, fastboot_flash_session_id
,
572 (void *)CONFIG_FASTBOOT_BUF_ADDR
,
573 download_bytes
, response
);
575 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV
576 fb_nand_flash_write(cmd
, fastboot_flash_session_id
,
577 (void *)CONFIG_FASTBOOT_BUF_ADDR
,
578 download_bytes
, response
);
580 fastboot_flash_session_id
++;
581 fastboot_tx_write_str(response
);
585 static void cb_oem(struct usb_ep
*ep
, struct usb_request
*req
)
587 char *cmd
= req
->buf
;
588 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV
589 if (strncmp("format", cmd
+ 4, 6) == 0) {
591 sprintf(cmdbuf
, "gpt write mmc %x $partitions",
592 CONFIG_FASTBOOT_FLASH_MMC_DEV
);
593 if (run_command(cmdbuf
, 0))
594 fastboot_tx_write_str("FAIL");
596 fastboot_tx_write_str("OKAY");
599 if (strncmp("unlock", cmd
+ 4, 8) == 0) {
600 fastboot_tx_write_str("FAILnot implemented");
603 fastboot_tx_write_str("FAILunknown oem command");
607 #ifdef CONFIG_FASTBOOT_FLASH
608 static void cb_erase(struct usb_ep
*ep
, struct usb_request
*req
)
610 char *cmd
= req
->buf
;
611 char response
[FASTBOOT_RESPONSE_LEN
];
615 error("missing partition name");
616 fastboot_tx_write_str("FAILmissing partition name");
620 strcpy(response
, "FAILno flash device defined");
622 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV
623 fb_mmc_erase(cmd
, response
);
625 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV
626 fb_nand_erase(cmd
, response
);
628 fastboot_tx_write_str(response
);
632 struct cmd_dispatch_info
{
634 void (*cb
)(struct usb_ep
*ep
, struct usb_request
*req
);
637 static const struct cmd_dispatch_info cmd_dispatch_info
[] = {
654 #ifdef CONFIG_FASTBOOT_FLASH
669 static void rx_handler_command(struct usb_ep
*ep
, struct usb_request
*req
)
671 char *cmdbuf
= req
->buf
;
672 void (*func_cb
)(struct usb_ep
*ep
, struct usb_request
*req
) = NULL
;
675 if (req
->status
!= 0 || req
->length
== 0)
678 for (i
= 0; i
< ARRAY_SIZE(cmd_dispatch_info
); i
++) {
679 if (!strcmp_l1(cmd_dispatch_info
[i
].cmd
, cmdbuf
)) {
680 func_cb
= cmd_dispatch_info
[i
].cb
;
686 error("unknown command: %s", cmdbuf
);
687 fastboot_tx_write_str("FAILunknown command");
689 if (req
->actual
< req
->length
) {
690 u8
*buf
= (u8
*)req
->buf
;
691 buf
[req
->actual
] = 0;
694 error("buffer overflow");
695 fastboot_tx_write_str("FAILbuffer overflow");
701 usb_ep_queue(ep
, req
, 0);