1 /* 2 * f_dfu.c -- Device Firmware Update USB function 3 * 4 * Copyright (C) 2012 Samsung Electronics 5 * authors: Andrzej Pietrasiewicz <andrzej.p@samsung.com> 6 * Lukasz Majewski <l.majewski@samsung.com> 7 * 8 * Based on OpenMoko u-boot: drivers/usb/usbdfu.c 9 * (C) 2007 by OpenMoko, Inc. 10 * Author: Harald Welte <laforge@openmoko.org> 11 * 12 * based on existing SAM7DFU code from OpenPCD: 13 * (C) Copyright 2006 by Harald Welte <hwelte at hmw-consulting.de> 14 * 15 * SPDX-License-Identifier: GPL-2.0+ 16 */ 17 18 #include <errno.h> 19 #include <common.h> 20 #include <malloc.h> 21 22 #include <linux/usb/ch9.h> 23 #include <linux/usb/gadget.h> 24 #include <linux/usb/composite.h> 25 26 #include <dfu.h> 27 #include <g_dnl.h> 28 #include "f_dfu.h" 29 30 struct f_dfu { 31 struct usb_function usb_function; 32 33 struct usb_descriptor_header **function; 34 struct usb_string *strings; 35 36 /* when configured, we have one config */ 37 u8 config; 38 u8 altsetting; 39 enum dfu_state dfu_state; 40 unsigned int dfu_status; 41 42 /* Send/received block number is handy for data integrity check */ 43 int blk_seq_num; 44 unsigned int poll_timeout; 45 }; 46 47 typedef int (*dfu_state_fn) (struct f_dfu *, 48 const struct usb_ctrlrequest *, 49 struct usb_gadget *, 50 struct usb_request *); 51 52 static inline struct f_dfu *func_to_dfu(struct usb_function *f) 53 { 54 return container_of(f, struct f_dfu, usb_function); 55 } 56 57 static const struct dfu_function_descriptor dfu_func = { 58 .bLength = sizeof dfu_func, 59 .bDescriptorType = DFU_DT_FUNC, 60 .bmAttributes = DFU_BIT_WILL_DETACH | 61 DFU_BIT_MANIFESTATION_TOLERANT | 62 DFU_BIT_CAN_UPLOAD | 63 DFU_BIT_CAN_DNLOAD, 64 .wDetachTimeOut = 0, 65 .wTransferSize = DFU_USB_BUFSIZ, 66 .bcdDFUVersion = __constant_cpu_to_le16(0x0110), 67 }; 68 69 static struct usb_interface_descriptor dfu_intf_runtime = { 70 .bLength = sizeof dfu_intf_runtime, 71 .bDescriptorType = USB_DT_INTERFACE, 72 .bNumEndpoints = 0, 73 .bInterfaceClass = USB_CLASS_APP_SPEC, 74 .bInterfaceSubClass = 1, 75 .bInterfaceProtocol = 1, 76 /* .iInterface = DYNAMIC */ 77 }; 78 79 static struct usb_descriptor_header *dfu_runtime_descs[] = { 80 (struct usb_descriptor_header *) &dfu_intf_runtime, 81 NULL, 82 }; 83 84 static const struct usb_qualifier_descriptor dev_qualifier = { 85 .bLength = sizeof dev_qualifier, 86 .bDescriptorType = USB_DT_DEVICE_QUALIFIER, 87 .bcdUSB = __constant_cpu_to_le16(0x0200), 88 .bDeviceClass = USB_CLASS_VENDOR_SPEC, 89 .bNumConfigurations = 1, 90 }; 91 92 static const char dfu_name[] = "Device Firmware Upgrade"; 93 94 /* 95 * static strings, in UTF-8 96 * 97 * dfu_generic configuration 98 */ 99 static struct usb_string strings_dfu_generic[] = { 100 [0].s = dfu_name, 101 { } /* end of list */ 102 }; 103 104 static struct usb_gadget_strings stringtab_dfu_generic = { 105 .language = 0x0409, /* en-us */ 106 .strings = strings_dfu_generic, 107 }; 108 109 static struct usb_gadget_strings *dfu_generic_strings[] = { 110 &stringtab_dfu_generic, 111 NULL, 112 }; 113 114 /* 115 * usb_function specific 116 */ 117 static struct usb_gadget_strings stringtab_dfu = { 118 .language = 0x0409, /* en-us */ 119 /* 120 * .strings 121 * 122 * assigned during initialization, 123 * depends on number of flash entities 124 * 125 */ 126 }; 127 128 static struct usb_gadget_strings *dfu_strings[] = { 129 &stringtab_dfu, 130 NULL, 131 }; 132 133 static void dfu_set_poll_timeout(struct dfu_status *dstat, unsigned int ms) 134 { 135 /* 136 * The bwPollTimeout DFU_GETSTATUS request payload provides information 137 * about minimum time, in milliseconds, that the host should wait before 138 * sending a subsequent DFU_GETSTATUS request 139 * 140 * This permits the device to vary the delay depending on its need to 141 * erase or program the memory 142 * 143 */ 144 145 unsigned char *p = (unsigned char *)&ms; 146 147 if (!ms || (ms & ~DFU_POLL_TIMEOUT_MASK)) { 148 dstat->bwPollTimeout[0] = 0; 149 dstat->bwPollTimeout[1] = 0; 150 dstat->bwPollTimeout[2] = 0; 151 152 return; 153 } 154 155 dstat->bwPollTimeout[0] = *p++; 156 dstat->bwPollTimeout[1] = *p++; 157 dstat->bwPollTimeout[2] = *p; 158 } 159 160 /*-------------------------------------------------------------------------*/ 161 162 static void dnload_request_complete(struct usb_ep *ep, struct usb_request *req) 163 { 164 struct f_dfu *f_dfu = req->context; 165 int ret; 166 167 ret = dfu_write(dfu_get_entity(f_dfu->altsetting), req->buf, 168 req->length, f_dfu->blk_seq_num); 169 if (ret) { 170 f_dfu->dfu_status = DFU_STATUS_errUNKNOWN; 171 f_dfu->dfu_state = DFU_STATE_dfuERROR; 172 } 173 } 174 175 static void dnload_request_flush(struct usb_ep *ep, struct usb_request *req) 176 { 177 struct f_dfu *f_dfu = req->context; 178 int ret; 179 180 ret = dfu_flush(dfu_get_entity(f_dfu->altsetting), req->buf, 181 req->length, f_dfu->blk_seq_num); 182 if (ret) { 183 f_dfu->dfu_status = DFU_STATUS_errUNKNOWN; 184 f_dfu->dfu_state = DFU_STATE_dfuERROR; 185 } 186 } 187 188 static inline int dfu_get_manifest_timeout(struct dfu_entity *dfu) 189 { 190 return dfu->poll_timeout ? dfu->poll_timeout(dfu) : 191 DFU_MANIFEST_POLL_TIMEOUT; 192 } 193 194 static void handle_getstatus(struct usb_request *req) 195 { 196 struct dfu_status *dstat = (struct dfu_status *)req->buf; 197 struct f_dfu *f_dfu = req->context; 198 struct dfu_entity *dfu = dfu_get_entity(f_dfu->altsetting); 199 200 dfu_set_poll_timeout(dstat, 0); 201 202 switch (f_dfu->dfu_state) { 203 case DFU_STATE_dfuDNLOAD_SYNC: 204 case DFU_STATE_dfuDNBUSY: 205 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_IDLE; 206 break; 207 case DFU_STATE_dfuMANIFEST_SYNC: 208 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST; 209 break; 210 case DFU_STATE_dfuMANIFEST: 211 dfu_set_poll_timeout(dstat, dfu_get_manifest_timeout(dfu)); 212 break; 213 default: 214 break; 215 } 216 217 if (f_dfu->poll_timeout) 218 if (!(f_dfu->blk_seq_num % 219 (dfu_get_buf_size() / DFU_USB_BUFSIZ))) 220 dfu_set_poll_timeout(dstat, f_dfu->poll_timeout); 221 222 /* send status response */ 223 dstat->bStatus = f_dfu->dfu_status; 224 dstat->bState = f_dfu->dfu_state; 225 dstat->iString = 0; 226 } 227 228 static void handle_getstate(struct usb_request *req) 229 { 230 struct f_dfu *f_dfu = req->context; 231 232 ((u8 *)req->buf)[0] = f_dfu->dfu_state; 233 req->actual = sizeof(u8); 234 } 235 236 static inline void to_dfu_mode(struct f_dfu *f_dfu) 237 { 238 f_dfu->usb_function.strings = dfu_strings; 239 f_dfu->usb_function.hs_descriptors = f_dfu->function; 240 f_dfu->dfu_state = DFU_STATE_dfuIDLE; 241 } 242 243 static inline void to_runtime_mode(struct f_dfu *f_dfu) 244 { 245 f_dfu->usb_function.strings = NULL; 246 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs; 247 } 248 249 static int handle_upload(struct usb_request *req, u16 len) 250 { 251 struct f_dfu *f_dfu = req->context; 252 253 return dfu_read(dfu_get_entity(f_dfu->altsetting), req->buf, 254 req->length, f_dfu->blk_seq_num); 255 } 256 257 static int handle_dnload(struct usb_gadget *gadget, u16 len) 258 { 259 struct usb_composite_dev *cdev = get_gadget_data(gadget); 260 struct usb_request *req = cdev->req; 261 struct f_dfu *f_dfu = req->context; 262 263 if (len == 0) 264 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST_SYNC; 265 266 req->complete = dnload_request_complete; 267 268 return len; 269 } 270 271 /*-------------------------------------------------------------------------*/ 272 /* DFU state machine */ 273 static int state_app_idle(struct f_dfu *f_dfu, 274 const struct usb_ctrlrequest *ctrl, 275 struct usb_gadget *gadget, 276 struct usb_request *req) 277 { 278 int value = 0; 279 280 switch (ctrl->bRequest) { 281 case USB_REQ_DFU_GETSTATUS: 282 handle_getstatus(req); 283 value = RET_STAT_LEN; 284 break; 285 case USB_REQ_DFU_GETSTATE: 286 handle_getstate(req); 287 break; 288 case USB_REQ_DFU_DETACH: 289 f_dfu->dfu_state = DFU_STATE_appDETACH; 290 to_dfu_mode(f_dfu); 291 value = RET_ZLP; 292 break; 293 default: 294 value = RET_STALL; 295 break; 296 } 297 298 return value; 299 } 300 301 static int state_app_detach(struct f_dfu *f_dfu, 302 const struct usb_ctrlrequest *ctrl, 303 struct usb_gadget *gadget, 304 struct usb_request *req) 305 { 306 int value = 0; 307 308 switch (ctrl->bRequest) { 309 case USB_REQ_DFU_GETSTATUS: 310 handle_getstatus(req); 311 value = RET_STAT_LEN; 312 break; 313 case USB_REQ_DFU_GETSTATE: 314 handle_getstate(req); 315 break; 316 default: 317 f_dfu->dfu_state = DFU_STATE_appIDLE; 318 value = RET_STALL; 319 break; 320 } 321 322 return value; 323 } 324 325 static int state_dfu_idle(struct f_dfu *f_dfu, 326 const struct usb_ctrlrequest *ctrl, 327 struct usb_gadget *gadget, 328 struct usb_request *req) 329 { 330 u16 w_value = le16_to_cpu(ctrl->wValue); 331 u16 len = le16_to_cpu(ctrl->wLength); 332 int value = 0; 333 334 switch (ctrl->bRequest) { 335 case USB_REQ_DFU_DNLOAD: 336 if (len == 0) { 337 f_dfu->dfu_state = DFU_STATE_dfuERROR; 338 value = RET_STALL; 339 break; 340 } 341 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC; 342 f_dfu->blk_seq_num = w_value; 343 value = handle_dnload(gadget, len); 344 break; 345 case USB_REQ_DFU_UPLOAD: 346 f_dfu->dfu_state = DFU_STATE_dfuUPLOAD_IDLE; 347 f_dfu->blk_seq_num = 0; 348 value = handle_upload(req, len); 349 break; 350 case USB_REQ_DFU_ABORT: 351 /* no zlp? */ 352 value = RET_ZLP; 353 break; 354 case USB_REQ_DFU_GETSTATUS: 355 handle_getstatus(req); 356 value = RET_STAT_LEN; 357 break; 358 case USB_REQ_DFU_GETSTATE: 359 handle_getstate(req); 360 break; 361 case USB_REQ_DFU_DETACH: 362 /* 363 * Proprietary extension: 'detach' from idle mode and 364 * get back to runtime mode in case of USB Reset. As 365 * much as I dislike this, we just can't use every USB 366 * bus reset to switch back to runtime mode, since at 367 * least the Linux USB stack likes to send a number of 368 * resets in a row :( 369 */ 370 f_dfu->dfu_state = 371 DFU_STATE_dfuMANIFEST_WAIT_RST; 372 to_runtime_mode(f_dfu); 373 f_dfu->dfu_state = DFU_STATE_appIDLE; 374 375 dfu_trigger_reset(); 376 break; 377 default: 378 f_dfu->dfu_state = DFU_STATE_dfuERROR; 379 value = RET_STALL; 380 break; 381 } 382 383 return value; 384 } 385 386 static int state_dfu_dnload_sync(struct f_dfu *f_dfu, 387 const struct usb_ctrlrequest *ctrl, 388 struct usb_gadget *gadget, 389 struct usb_request *req) 390 { 391 int value = 0; 392 393 switch (ctrl->bRequest) { 394 case USB_REQ_DFU_GETSTATUS: 395 handle_getstatus(req); 396 value = RET_STAT_LEN; 397 break; 398 case USB_REQ_DFU_GETSTATE: 399 handle_getstate(req); 400 break; 401 default: 402 f_dfu->dfu_state = DFU_STATE_dfuERROR; 403 value = RET_STALL; 404 break; 405 } 406 407 return value; 408 } 409 410 static int state_dfu_dnbusy(struct f_dfu *f_dfu, 411 const struct usb_ctrlrequest *ctrl, 412 struct usb_gadget *gadget, 413 struct usb_request *req) 414 { 415 int value = 0; 416 417 switch (ctrl->bRequest) { 418 case USB_REQ_DFU_GETSTATUS: 419 handle_getstatus(req); 420 value = RET_STAT_LEN; 421 break; 422 default: 423 f_dfu->dfu_state = DFU_STATE_dfuERROR; 424 value = RET_STALL; 425 break; 426 } 427 428 return value; 429 } 430 431 static int state_dfu_dnload_idle(struct f_dfu *f_dfu, 432 const struct usb_ctrlrequest *ctrl, 433 struct usb_gadget *gadget, 434 struct usb_request *req) 435 { 436 u16 w_value = le16_to_cpu(ctrl->wValue); 437 u16 len = le16_to_cpu(ctrl->wLength); 438 int value = 0; 439 440 switch (ctrl->bRequest) { 441 case USB_REQ_DFU_DNLOAD: 442 f_dfu->dfu_state = DFU_STATE_dfuDNLOAD_SYNC; 443 f_dfu->blk_seq_num = w_value; 444 value = handle_dnload(gadget, len); 445 break; 446 case USB_REQ_DFU_ABORT: 447 f_dfu->dfu_state = DFU_STATE_dfuIDLE; 448 value = RET_ZLP; 449 break; 450 case USB_REQ_DFU_GETSTATUS: 451 handle_getstatus(req); 452 value = RET_STAT_LEN; 453 break; 454 case USB_REQ_DFU_GETSTATE: 455 handle_getstate(req); 456 break; 457 default: 458 f_dfu->dfu_state = DFU_STATE_dfuERROR; 459 value = RET_STALL; 460 break; 461 } 462 463 return value; 464 } 465 466 static int state_dfu_manifest_sync(struct f_dfu *f_dfu, 467 const struct usb_ctrlrequest *ctrl, 468 struct usb_gadget *gadget, 469 struct usb_request *req) 470 { 471 int value = 0; 472 473 switch (ctrl->bRequest) { 474 case USB_REQ_DFU_GETSTATUS: 475 /* We're MainfestationTolerant */ 476 f_dfu->dfu_state = DFU_STATE_dfuMANIFEST; 477 handle_getstatus(req); 478 f_dfu->blk_seq_num = 0; 479 value = RET_STAT_LEN; 480 req->complete = dnload_request_flush; 481 break; 482 case USB_REQ_DFU_GETSTATE: 483 handle_getstate(req); 484 break; 485 default: 486 f_dfu->dfu_state = DFU_STATE_dfuERROR; 487 value = RET_STALL; 488 break; 489 } 490 491 return value; 492 } 493 494 static int state_dfu_manifest(struct f_dfu *f_dfu, 495 const struct usb_ctrlrequest *ctrl, 496 struct usb_gadget *gadget, 497 struct usb_request *req) 498 { 499 int value = 0; 500 501 switch (ctrl->bRequest) { 502 case USB_REQ_DFU_GETSTATUS: 503 /* We're MainfestationTolerant */ 504 f_dfu->dfu_state = DFU_STATE_dfuIDLE; 505 handle_getstatus(req); 506 f_dfu->blk_seq_num = 0; 507 value = RET_STAT_LEN; 508 puts("DOWNLOAD ... OK\nCtrl+C to exit ...\n"); 509 break; 510 case USB_REQ_DFU_GETSTATE: 511 handle_getstate(req); 512 break; 513 default: 514 f_dfu->dfu_state = DFU_STATE_dfuERROR; 515 value = RET_STALL; 516 break; 517 } 518 return value; 519 } 520 521 static int state_dfu_upload_idle(struct f_dfu *f_dfu, 522 const struct usb_ctrlrequest *ctrl, 523 struct usb_gadget *gadget, 524 struct usb_request *req) 525 { 526 u16 w_value = le16_to_cpu(ctrl->wValue); 527 u16 len = le16_to_cpu(ctrl->wLength); 528 int value = 0; 529 530 switch (ctrl->bRequest) { 531 case USB_REQ_DFU_UPLOAD: 532 /* state transition if less data then requested */ 533 f_dfu->blk_seq_num = w_value; 534 value = handle_upload(req, len); 535 if (value >= 0 && value < len) 536 f_dfu->dfu_state = DFU_STATE_dfuIDLE; 537 break; 538 case USB_REQ_DFU_ABORT: 539 f_dfu->dfu_state = DFU_STATE_dfuIDLE; 540 /* no zlp? */ 541 value = RET_ZLP; 542 break; 543 case USB_REQ_DFU_GETSTATUS: 544 handle_getstatus(req); 545 value = RET_STAT_LEN; 546 break; 547 case USB_REQ_DFU_GETSTATE: 548 handle_getstate(req); 549 break; 550 default: 551 f_dfu->dfu_state = DFU_STATE_dfuERROR; 552 value = RET_STALL; 553 break; 554 } 555 556 return value; 557 } 558 559 static int state_dfu_error(struct f_dfu *f_dfu, 560 const struct usb_ctrlrequest *ctrl, 561 struct usb_gadget *gadget, 562 struct usb_request *req) 563 { 564 int value = 0; 565 566 switch (ctrl->bRequest) { 567 case USB_REQ_DFU_GETSTATUS: 568 handle_getstatus(req); 569 value = RET_STAT_LEN; 570 break; 571 case USB_REQ_DFU_GETSTATE: 572 handle_getstate(req); 573 break; 574 case USB_REQ_DFU_CLRSTATUS: 575 f_dfu->dfu_state = DFU_STATE_dfuIDLE; 576 f_dfu->dfu_status = DFU_STATUS_OK; 577 /* no zlp? */ 578 value = RET_ZLP; 579 break; 580 default: 581 f_dfu->dfu_state = DFU_STATE_dfuERROR; 582 value = RET_STALL; 583 break; 584 } 585 586 return value; 587 } 588 589 static dfu_state_fn dfu_state[] = { 590 state_app_idle, /* DFU_STATE_appIDLE */ 591 state_app_detach, /* DFU_STATE_appDETACH */ 592 state_dfu_idle, /* DFU_STATE_dfuIDLE */ 593 state_dfu_dnload_sync, /* DFU_STATE_dfuDNLOAD_SYNC */ 594 state_dfu_dnbusy, /* DFU_STATE_dfuDNBUSY */ 595 state_dfu_dnload_idle, /* DFU_STATE_dfuDNLOAD_IDLE */ 596 state_dfu_manifest_sync, /* DFU_STATE_dfuMANIFEST_SYNC */ 597 state_dfu_manifest, /* DFU_STATE_dfuMANIFEST */ 598 NULL, /* DFU_STATE_dfuMANIFEST_WAIT_RST */ 599 state_dfu_upload_idle, /* DFU_STATE_dfuUPLOAD_IDLE */ 600 state_dfu_error /* DFU_STATE_dfuERROR */ 601 }; 602 603 static int 604 dfu_handle(struct usb_function *f, const struct usb_ctrlrequest *ctrl) 605 { 606 struct usb_gadget *gadget = f->config->cdev->gadget; 607 struct usb_request *req = f->config->cdev->req; 608 struct f_dfu *f_dfu = f->config->cdev->req->context; 609 u16 len = le16_to_cpu(ctrl->wLength); 610 u16 w_value = le16_to_cpu(ctrl->wValue); 611 int value = 0; 612 u8 req_type = ctrl->bRequestType & USB_TYPE_MASK; 613 614 debug("w_value: 0x%x len: 0x%x\n", w_value, len); 615 debug("req_type: 0x%x ctrl->bRequest: 0x%x f_dfu->dfu_state: 0x%x\n", 616 req_type, ctrl->bRequest, f_dfu->dfu_state); 617 618 if (req_type == USB_TYPE_STANDARD) { 619 if (ctrl->bRequest == USB_REQ_GET_DESCRIPTOR && 620 (w_value >> 8) == DFU_DT_FUNC) { 621 value = min(len, (u16) sizeof(dfu_func)); 622 memcpy(req->buf, &dfu_func, value); 623 } 624 } else /* DFU specific request */ 625 value = dfu_state[f_dfu->dfu_state] (f_dfu, ctrl, gadget, req); 626 627 if (value >= 0) { 628 req->length = value; 629 req->zero = value < len; 630 value = usb_ep_queue(gadget->ep0, req, 0); 631 if (value < 0) { 632 debug("ep_queue --> %d\n", value); 633 req->status = 0; 634 } 635 } 636 637 return value; 638 } 639 640 /*-------------------------------------------------------------------------*/ 641 642 static int 643 dfu_prepare_strings(struct f_dfu *f_dfu, int n) 644 { 645 struct dfu_entity *de = NULL; 646 int i = 0; 647 648 f_dfu->strings = calloc(sizeof(struct usb_string), n + 1); 649 if (!f_dfu->strings) 650 goto enomem; 651 652 for (i = 0; i < n; ++i) { 653 de = dfu_get_entity(i); 654 f_dfu->strings[i].s = de->name; 655 } 656 657 f_dfu->strings[i].id = 0; 658 f_dfu->strings[i].s = NULL; 659 660 return 0; 661 662 enomem: 663 while (i) 664 f_dfu->strings[--i].s = NULL; 665 666 free(f_dfu->strings); 667 668 return -ENOMEM; 669 } 670 671 static int dfu_prepare_function(struct f_dfu *f_dfu, int n) 672 { 673 struct usb_interface_descriptor *d; 674 int i = 0; 675 676 f_dfu->function = calloc(sizeof(struct usb_descriptor_header *), n + 1); 677 if (!f_dfu->function) 678 goto enomem; 679 680 for (i = 0; i < n; ++i) { 681 d = calloc(sizeof(*d), 1); 682 if (!d) 683 goto enomem; 684 685 d->bLength = sizeof(*d); 686 d->bDescriptorType = USB_DT_INTERFACE; 687 d->bAlternateSetting = i; 688 d->bNumEndpoints = 0; 689 d->bInterfaceClass = USB_CLASS_APP_SPEC; 690 d->bInterfaceSubClass = 1; 691 d->bInterfaceProtocol = 2; 692 693 f_dfu->function[i] = (struct usb_descriptor_header *)d; 694 } 695 f_dfu->function[i] = NULL; 696 697 return 0; 698 699 enomem: 700 while (i) { 701 free(f_dfu->function[--i]); 702 f_dfu->function[i] = NULL; 703 } 704 free(f_dfu->function); 705 706 return -ENOMEM; 707 } 708 709 static int dfu_bind(struct usb_configuration *c, struct usb_function *f) 710 { 711 struct usb_composite_dev *cdev = c->cdev; 712 struct f_dfu *f_dfu = func_to_dfu(f); 713 int alt_num = dfu_get_alt_number(); 714 int rv, id, i; 715 716 id = usb_interface_id(c, f); 717 if (id < 0) 718 return id; 719 dfu_intf_runtime.bInterfaceNumber = id; 720 721 f_dfu->dfu_state = DFU_STATE_appIDLE; 722 f_dfu->dfu_status = DFU_STATUS_OK; 723 724 rv = dfu_prepare_function(f_dfu, alt_num); 725 if (rv) 726 goto error; 727 728 rv = dfu_prepare_strings(f_dfu, alt_num); 729 if (rv) 730 goto error; 731 for (i = 0; i < alt_num; i++) { 732 id = usb_string_id(cdev); 733 if (id < 0) 734 return id; 735 f_dfu->strings[i].id = id; 736 ((struct usb_interface_descriptor *)f_dfu->function[i]) 737 ->iInterface = id; 738 } 739 740 to_dfu_mode(f_dfu); 741 742 stringtab_dfu.strings = f_dfu->strings; 743 744 cdev->req->context = f_dfu; 745 746 error: 747 return rv; 748 } 749 750 static void dfu_unbind(struct usb_configuration *c, struct usb_function *f) 751 { 752 struct f_dfu *f_dfu = func_to_dfu(f); 753 int alt_num = dfu_get_alt_number(); 754 int i; 755 756 if (f_dfu->strings) { 757 i = alt_num; 758 while (i) 759 f_dfu->strings[--i].s = NULL; 760 761 free(f_dfu->strings); 762 } 763 764 if (f_dfu->function) { 765 i = alt_num; 766 while (i) { 767 free(f_dfu->function[--i]); 768 f_dfu->function[i] = NULL; 769 } 770 free(f_dfu->function); 771 } 772 773 free(f_dfu); 774 } 775 776 static int dfu_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 777 { 778 struct f_dfu *f_dfu = func_to_dfu(f); 779 780 debug("%s: intf:%d alt:%d\n", __func__, intf, alt); 781 782 f_dfu->altsetting = alt; 783 f_dfu->dfu_state = DFU_STATE_dfuIDLE; 784 f_dfu->dfu_status = DFU_STATUS_OK; 785 786 return 0; 787 } 788 789 /* TODO: is this really what we need here? */ 790 static void dfu_disable(struct usb_function *f) 791 { 792 struct f_dfu *f_dfu = func_to_dfu(f); 793 if (f_dfu->config == 0) 794 return; 795 796 debug("%s: reset config\n", __func__); 797 798 f_dfu->config = 0; 799 } 800 801 static int dfu_bind_config(struct usb_configuration *c) 802 { 803 struct f_dfu *f_dfu; 804 int status; 805 806 f_dfu = calloc(sizeof(*f_dfu), 1); 807 if (!f_dfu) 808 return -ENOMEM; 809 f_dfu->usb_function.name = "dfu"; 810 f_dfu->usb_function.hs_descriptors = dfu_runtime_descs; 811 f_dfu->usb_function.bind = dfu_bind; 812 f_dfu->usb_function.unbind = dfu_unbind; 813 f_dfu->usb_function.set_alt = dfu_set_alt; 814 f_dfu->usb_function.disable = dfu_disable; 815 f_dfu->usb_function.strings = dfu_generic_strings; 816 f_dfu->usb_function.setup = dfu_handle; 817 f_dfu->poll_timeout = DFU_DEFAULT_POLL_TIMEOUT; 818 819 status = usb_add_function(c, &f_dfu->usb_function); 820 if (status) 821 free(f_dfu); 822 823 return status; 824 } 825 826 int dfu_add(struct usb_configuration *c) 827 { 828 int id; 829 830 id = usb_string_id(c->cdev); 831 if (id < 0) 832 return id; 833 strings_dfu_generic[0].id = id; 834 dfu_intf_runtime.iInterface = id; 835 836 debug("%s: cdev: 0x%p gadget:0x%p gadget->ep0: 0x%p\n", __func__, 837 c->cdev, c->cdev->gadget, c->cdev->gadget->ep0); 838 839 return dfu_bind_config(c); 840 } 841 842 DECLARE_GADGET_BIND_CALLBACK(usb_dnl_dfu, dfu_add); 843