1 /* 2 * (C) Copyright 2015 Google, Inc 3 * Written by Simon Glass <sjg@chromium.org> 4 * 5 * SPDX-License-Identifier: GPL-2.0+ 6 */ 7 8 #include <common.h> 9 #include <dm.h> 10 #include <os.h> 11 #include <scsi.h> 12 #include <usb.h> 13 14 DECLARE_GLOBAL_DATA_PTR; 15 16 /* 17 * This driver emulates a flash stick using the UFI command specification and 18 * the BBB (bulk/bulk/bulk) protocol. It supports only a single logical unit 19 * number (LUN 0). 20 */ 21 22 enum { 23 SANDBOX_FLASH_EP_OUT = 1, /* endpoints */ 24 SANDBOX_FLASH_EP_IN = 2, 25 SANDBOX_FLASH_BLOCK_LEN = 512, 26 }; 27 28 enum cmd_phase { 29 PHASE_START, 30 PHASE_DATA, 31 PHASE_STATUS, 32 }; 33 34 enum { 35 STRINGID_MANUFACTURER = 1, 36 STRINGID_PRODUCT, 37 STRINGID_SERIAL, 38 39 STRINGID_COUNT, 40 }; 41 42 /** 43 * struct sandbox_flash_priv - private state for this driver 44 * 45 * @error: true if there is an error condition 46 * @alloc_len: Allocation length from the last incoming command 47 * @transfer_len: Transfer length from CBW header 48 * @read_len: Number of blocks of data left in the current read command 49 * @tag: Tag value from last command 50 * @fd: File descriptor of backing file 51 * @file_size: Size of file in bytes 52 * @status_buff: Data buffer for outgoing status 53 * @buff_used: Number of bytes ready to transfer back to host 54 * @buff: Data buffer for outgoing data 55 */ 56 struct sandbox_flash_priv { 57 bool error; 58 int alloc_len; 59 int transfer_len; 60 int read_len; 61 enum cmd_phase phase; 62 u32 tag; 63 int fd; 64 loff_t file_size; 65 struct umass_bbb_csw status; 66 int buff_used; 67 u8 buff[512]; 68 }; 69 70 struct sandbox_flash_plat { 71 const char *pathname; 72 struct usb_string flash_strings[STRINGID_COUNT]; 73 }; 74 75 struct scsi_inquiry_resp { 76 u8 type; 77 u8 flags; 78 u8 version; 79 u8 data_format; 80 u8 additional_len; 81 u8 spare[3]; 82 char vendor[8]; 83 char product[16]; 84 char revision[4]; 85 }; 86 87 struct scsi_read_capacity_resp { 88 u32 last_block_addr; 89 u32 block_len; 90 }; 91 92 struct __packed scsi_read10_req { 93 u8 cmd; 94 u8 lun_flags; 95 u32 lba; 96 u8 spare; 97 u16 transfer_len; 98 u8 spare2[3]; 99 }; 100 101 static struct usb_device_descriptor flash_device_desc = { 102 .bLength = sizeof(flash_device_desc), 103 .bDescriptorType = USB_DT_DEVICE, 104 105 .bcdUSB = __constant_cpu_to_le16(0x0200), 106 107 .bDeviceClass = 0, 108 .bDeviceSubClass = 0, 109 .bDeviceProtocol = 0, 110 111 .idVendor = __constant_cpu_to_le16(0x1234), 112 .idProduct = __constant_cpu_to_le16(0x5678), 113 .iManufacturer = STRINGID_MANUFACTURER, 114 .iProduct = STRINGID_PRODUCT, 115 .iSerialNumber = STRINGID_SERIAL, 116 .bNumConfigurations = 1, 117 }; 118 119 static struct usb_config_descriptor flash_config0 = { 120 .bLength = sizeof(flash_config0), 121 .bDescriptorType = USB_DT_CONFIG, 122 123 /* wTotalLength is set up by usb-emul-uclass */ 124 .bNumInterfaces = 1, 125 .bConfigurationValue = 0, 126 .iConfiguration = 0, 127 .bmAttributes = 1 << 7, 128 .bMaxPower = 50, 129 }; 130 131 static struct usb_interface_descriptor flash_interface0 = { 132 .bLength = sizeof(flash_interface0), 133 .bDescriptorType = USB_DT_INTERFACE, 134 135 .bInterfaceNumber = 0, 136 .bAlternateSetting = 0, 137 .bNumEndpoints = 2, 138 .bInterfaceClass = USB_CLASS_MASS_STORAGE, 139 .bInterfaceSubClass = US_SC_UFI, 140 .bInterfaceProtocol = US_PR_BULK, 141 .iInterface = 0, 142 }; 143 144 static struct usb_endpoint_descriptor flash_endpoint0_out = { 145 .bLength = USB_DT_ENDPOINT_SIZE, 146 .bDescriptorType = USB_DT_ENDPOINT, 147 148 .bEndpointAddress = SANDBOX_FLASH_EP_OUT, 149 .bmAttributes = USB_ENDPOINT_XFER_BULK, 150 .wMaxPacketSize = __constant_cpu_to_le16(1024), 151 .bInterval = 0, 152 }; 153 154 static struct usb_endpoint_descriptor flash_endpoint1_in = { 155 .bLength = USB_DT_ENDPOINT_SIZE, 156 .bDescriptorType = USB_DT_ENDPOINT, 157 158 .bEndpointAddress = SANDBOX_FLASH_EP_IN | USB_ENDPOINT_DIR_MASK, 159 .bmAttributes = USB_ENDPOINT_XFER_BULK, 160 .wMaxPacketSize = __constant_cpu_to_le16(1024), 161 .bInterval = 0, 162 }; 163 164 static void *flash_desc_list[] = { 165 &flash_device_desc, 166 &flash_config0, 167 &flash_interface0, 168 &flash_endpoint0_out, 169 &flash_endpoint1_in, 170 NULL, 171 }; 172 173 static int sandbox_flash_control(struct udevice *dev, struct usb_device *udev, 174 unsigned long pipe, void *buff, int len, 175 struct devrequest *setup) 176 { 177 struct sandbox_flash_priv *priv = dev_get_priv(dev); 178 179 if (pipe == usb_rcvctrlpipe(udev, 0)) { 180 switch (setup->request) { 181 case US_BBB_RESET: 182 priv->error = false; 183 return 0; 184 case US_BBB_GET_MAX_LUN: 185 *(char *)buff = '\0'; 186 return 1; 187 default: 188 debug("request=%x\n", setup->request); 189 break; 190 } 191 } 192 debug("pipe=%lx\n", pipe); 193 194 return -EIO; 195 } 196 197 static void setup_fail_response(struct sandbox_flash_priv *priv) 198 { 199 struct umass_bbb_csw *csw = &priv->status; 200 201 csw->dCSWSignature = CSWSIGNATURE; 202 csw->dCSWTag = priv->tag; 203 csw->dCSWDataResidue = 0; 204 csw->bCSWStatus = CSWSTATUS_FAILED; 205 priv->buff_used = 0; 206 } 207 208 /** 209 * setup_response() - set up a response to send back to the host 210 * 211 * @priv: Sandbox flash private data 212 * @resp: Response to send, or NULL if none 213 * @size: Size of response 214 */ 215 static void setup_response(struct sandbox_flash_priv *priv, void *resp, 216 int size) 217 { 218 struct umass_bbb_csw *csw = &priv->status; 219 220 csw->dCSWSignature = CSWSIGNATURE; 221 csw->dCSWTag = priv->tag; 222 csw->dCSWDataResidue = 0; 223 csw->bCSWStatus = CSWSTATUS_GOOD; 224 225 assert(!resp || resp == priv->buff); 226 priv->buff_used = size; 227 } 228 229 static void handle_read(struct sandbox_flash_priv *priv, ulong lba, 230 ulong transfer_len) 231 { 232 debug("%s: lba=%lx, transfer_len=%lx\n", __func__, lba, transfer_len); 233 if (priv->fd != -1) { 234 os_lseek(priv->fd, lba * SANDBOX_FLASH_BLOCK_LEN, OS_SEEK_SET); 235 priv->read_len = transfer_len; 236 setup_response(priv, priv->buff, 237 transfer_len * SANDBOX_FLASH_BLOCK_LEN); 238 } else { 239 setup_fail_response(priv); 240 } 241 } 242 243 static int handle_ufi_command(struct sandbox_flash_plat *plat, 244 struct sandbox_flash_priv *priv, const void *buff, 245 int len) 246 { 247 const struct scsi_cmd *req = buff; 248 249 switch (*req->cmd) { 250 case SCSI_INQUIRY: { 251 struct scsi_inquiry_resp *resp = (void *)priv->buff; 252 253 priv->alloc_len = req->cmd[4]; 254 memset(resp, '\0', sizeof(*resp)); 255 resp->data_format = 1; 256 resp->additional_len = 0x1f; 257 strncpy(resp->vendor, 258 plat->flash_strings[STRINGID_MANUFACTURER - 1].s, 259 sizeof(resp->vendor)); 260 strncpy(resp->product, 261 plat->flash_strings[STRINGID_PRODUCT - 1].s, 262 sizeof(resp->product)); 263 strncpy(resp->revision, "1.0", sizeof(resp->revision)); 264 setup_response(priv, resp, sizeof(*resp)); 265 break; 266 } 267 case SCSI_TST_U_RDY: 268 setup_response(priv, NULL, 0); 269 break; 270 case SCSI_RD_CAPAC: { 271 struct scsi_read_capacity_resp *resp = (void *)priv->buff; 272 uint blocks; 273 274 if (priv->file_size) 275 blocks = priv->file_size / SANDBOX_FLASH_BLOCK_LEN - 1; 276 else 277 blocks = 0; 278 resp->last_block_addr = cpu_to_be32(blocks); 279 resp->block_len = cpu_to_be32(SANDBOX_FLASH_BLOCK_LEN); 280 setup_response(priv, resp, sizeof(*resp)); 281 break; 282 } 283 case SCSI_READ10: { 284 struct scsi_read10_req *req = (void *)buff; 285 286 handle_read(priv, be32_to_cpu(req->lba), 287 be16_to_cpu(req->transfer_len)); 288 break; 289 } 290 default: 291 debug("Command not supported: %x\n", req->cmd[0]); 292 return -EPROTONOSUPPORT; 293 } 294 295 priv->phase = priv->transfer_len ? PHASE_DATA : PHASE_STATUS; 296 return 0; 297 } 298 299 static int sandbox_flash_bulk(struct udevice *dev, struct usb_device *udev, 300 unsigned long pipe, void *buff, int len) 301 { 302 struct sandbox_flash_plat *plat = dev_get_platdata(dev); 303 struct sandbox_flash_priv *priv = dev_get_priv(dev); 304 int ep = usb_pipeendpoint(pipe); 305 struct umass_bbb_cbw *cbw = buff; 306 307 debug("%s: dev=%s, pipe=%lx, ep=%x, len=%x, phase=%d\n", __func__, 308 dev->name, pipe, ep, len, priv->phase); 309 switch (ep) { 310 case SANDBOX_FLASH_EP_OUT: 311 switch (priv->phase) { 312 case PHASE_START: 313 priv->alloc_len = 0; 314 priv->read_len = 0; 315 if (priv->error || len != UMASS_BBB_CBW_SIZE || 316 cbw->dCBWSignature != CBWSIGNATURE) 317 goto err; 318 if ((cbw->bCBWFlags & CBWFLAGS_SBZ) || 319 cbw->bCBWLUN != 0) 320 goto err; 321 if (cbw->bCDBLength < 1 || cbw->bCDBLength >= 0x10) 322 goto err; 323 priv->transfer_len = cbw->dCBWDataTransferLength; 324 priv->tag = cbw->dCBWTag; 325 return handle_ufi_command(plat, priv, cbw->CBWCDB, 326 cbw->bCDBLength); 327 case PHASE_DATA: 328 debug("data out\n"); 329 break; 330 default: 331 break; 332 } 333 case SANDBOX_FLASH_EP_IN: 334 switch (priv->phase) { 335 case PHASE_DATA: 336 debug("data in, len=%x, alloc_len=%x, priv->read_len=%x\n", 337 len, priv->alloc_len, priv->read_len); 338 if (priv->read_len) { 339 ulong bytes_read; 340 341 bytes_read = os_read(priv->fd, buff, len); 342 if (bytes_read != len) 343 return -EIO; 344 priv->read_len -= len / SANDBOX_FLASH_BLOCK_LEN; 345 if (!priv->read_len) 346 priv->phase = PHASE_STATUS; 347 } else { 348 if (priv->alloc_len && len > priv->alloc_len) 349 len = priv->alloc_len; 350 memcpy(buff, priv->buff, len); 351 priv->phase = PHASE_STATUS; 352 } 353 return len; 354 case PHASE_STATUS: 355 debug("status in, len=%x\n", len); 356 if (len > sizeof(priv->status)) 357 len = sizeof(priv->status); 358 memcpy(buff, &priv->status, len); 359 priv->phase = PHASE_START; 360 return len; 361 default: 362 break; 363 } 364 } 365 err: 366 priv->error = true; 367 debug("%s: Detected transfer error\n", __func__); 368 return 0; 369 } 370 371 static int sandbox_flash_ofdata_to_platdata(struct udevice *dev) 372 { 373 struct sandbox_flash_plat *plat = dev_get_platdata(dev); 374 375 plat->pathname = dev_read_string(dev, "sandbox,filepath"); 376 377 return 0; 378 } 379 380 static int sandbox_flash_bind(struct udevice *dev) 381 { 382 struct sandbox_flash_plat *plat = dev_get_platdata(dev); 383 struct usb_string *fs; 384 385 fs = plat->flash_strings; 386 fs[0].id = STRINGID_MANUFACTURER; 387 fs[0].s = "sandbox"; 388 fs[1].id = STRINGID_PRODUCT; 389 fs[1].s = "flash"; 390 fs[2].id = STRINGID_SERIAL; 391 fs[2].s = dev->name; 392 393 return usb_emul_setup_device(dev, PACKET_SIZE_64, plat->flash_strings, 394 flash_desc_list); 395 } 396 397 static int sandbox_flash_probe(struct udevice *dev) 398 { 399 struct sandbox_flash_plat *plat = dev_get_platdata(dev); 400 struct sandbox_flash_priv *priv = dev_get_priv(dev); 401 402 priv->fd = os_open(plat->pathname, OS_O_RDONLY); 403 if (priv->fd != -1) 404 return os_get_filesize(plat->pathname, &priv->file_size); 405 406 return 0; 407 } 408 409 static const struct dm_usb_ops sandbox_usb_flash_ops = { 410 .control = sandbox_flash_control, 411 .bulk = sandbox_flash_bulk, 412 }; 413 414 static const struct udevice_id sandbox_usb_flash_ids[] = { 415 { .compatible = "sandbox,usb-flash" }, 416 { } 417 }; 418 419 U_BOOT_DRIVER(usb_sandbox_flash) = { 420 .name = "usb_sandbox_flash", 421 .id = UCLASS_USB_EMUL, 422 .of_match = sandbox_usb_flash_ids, 423 .bind = sandbox_flash_bind, 424 .probe = sandbox_flash_probe, 425 .ofdata_to_platdata = sandbox_flash_ofdata_to_platdata, 426 .ops = &sandbox_usb_flash_ops, 427 .priv_auto_alloc_size = sizeof(struct sandbox_flash_priv), 428 .platdata_auto_alloc_size = sizeof(struct sandbox_flash_plat), 429 }; 430