1 /* 2 * (C) Copyright 2008 - 2009 3 * Windriver, <www.windriver.com> 4 * Tom Rix <Tom.Rix@windriver.com> 5 * 6 * Copyright 2011 Sebastian Andrzej Siewior <bigeasy@linutronix.de> 7 * 8 * Copyright 2014 Linaro, Ltd. 9 * Rob Herring <robh@kernel.org> 10 * 11 * SPDX-License-Identifier: GPL-2.0+ 12 */ 13 #include <config.h> 14 #include <common.h> 15 #include <errno.h> 16 #include <malloc.h> 17 #include <linux/usb/ch9.h> 18 #include <linux/usb/gadget.h> 19 #include <linux/usb/composite.h> 20 #include <linux/compiler.h> 21 #include <version.h> 22 #include <g_dnl.h> 23 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 24 #include <fb_mmc.h> 25 #endif 26 27 #define FASTBOOT_VERSION "0.4" 28 29 #define FASTBOOT_INTERFACE_CLASS 0xff 30 #define FASTBOOT_INTERFACE_SUB_CLASS 0x42 31 #define FASTBOOT_INTERFACE_PROTOCOL 0x03 32 33 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_2_0 (0x0200) 34 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_1_1 (0x0040) 35 #define TX_ENDPOINT_MAXIMUM_PACKET_SIZE (0x0040) 36 37 /* The 64 defined bytes plus \0 */ 38 #define RESPONSE_LEN (64 + 1) 39 40 #define EP_BUFFER_SIZE 4096 41 42 struct f_fastboot { 43 struct usb_function usb_function; 44 45 /* IN/OUT EP's and corresponding requests */ 46 struct usb_ep *in_ep, *out_ep; 47 struct usb_request *in_req, *out_req; 48 }; 49 50 static inline struct f_fastboot *func_to_fastboot(struct usb_function *f) 51 { 52 return container_of(f, struct f_fastboot, usb_function); 53 } 54 55 static struct f_fastboot *fastboot_func; 56 static unsigned int download_size; 57 static unsigned int download_bytes; 58 static bool is_high_speed; 59 60 static struct usb_endpoint_descriptor fs_ep_in = { 61 .bLength = USB_DT_ENDPOINT_SIZE, 62 .bDescriptorType = USB_DT_ENDPOINT, 63 .bEndpointAddress = USB_DIR_IN, 64 .bmAttributes = USB_ENDPOINT_XFER_BULK, 65 .wMaxPacketSize = TX_ENDPOINT_MAXIMUM_PACKET_SIZE, 66 .bInterval = 0x00, 67 }; 68 69 static struct usb_endpoint_descriptor fs_ep_out = { 70 .bLength = USB_DT_ENDPOINT_SIZE, 71 .bDescriptorType = USB_DT_ENDPOINT, 72 .bEndpointAddress = USB_DIR_OUT, 73 .bmAttributes = USB_ENDPOINT_XFER_BULK, 74 .wMaxPacketSize = RX_ENDPOINT_MAXIMUM_PACKET_SIZE_1_1, 75 .bInterval = 0x00, 76 }; 77 78 static struct usb_endpoint_descriptor hs_ep_out = { 79 .bLength = USB_DT_ENDPOINT_SIZE, 80 .bDescriptorType = USB_DT_ENDPOINT, 81 .bEndpointAddress = USB_DIR_OUT, 82 .bmAttributes = USB_ENDPOINT_XFER_BULK, 83 .wMaxPacketSize = RX_ENDPOINT_MAXIMUM_PACKET_SIZE_2_0, 84 .bInterval = 0x00, 85 }; 86 87 static struct usb_interface_descriptor interface_desc = { 88 .bLength = USB_DT_INTERFACE_SIZE, 89 .bDescriptorType = USB_DT_INTERFACE, 90 .bInterfaceNumber = 0x00, 91 .bAlternateSetting = 0x00, 92 .bNumEndpoints = 0x02, 93 .bInterfaceClass = FASTBOOT_INTERFACE_CLASS, 94 .bInterfaceSubClass = FASTBOOT_INTERFACE_SUB_CLASS, 95 .bInterfaceProtocol = FASTBOOT_INTERFACE_PROTOCOL, 96 }; 97 98 static struct usb_descriptor_header *fb_runtime_descs[] = { 99 (struct usb_descriptor_header *)&interface_desc, 100 (struct usb_descriptor_header *)&fs_ep_in, 101 (struct usb_descriptor_header *)&hs_ep_out, 102 NULL, 103 }; 104 105 /* 106 * static strings, in UTF-8 107 */ 108 static const char fastboot_name[] = "Android Fastboot"; 109 110 static struct usb_string fastboot_string_defs[] = { 111 [0].s = fastboot_name, 112 { } /* end of list */ 113 }; 114 115 static struct usb_gadget_strings stringtab_fastboot = { 116 .language = 0x0409, /* en-us */ 117 .strings = fastboot_string_defs, 118 }; 119 120 static struct usb_gadget_strings *fastboot_strings[] = { 121 &stringtab_fastboot, 122 NULL, 123 }; 124 125 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req); 126 static int strcmp_l1(const char *s1, const char *s2); 127 128 static void fastboot_complete(struct usb_ep *ep, struct usb_request *req) 129 { 130 int status = req->status; 131 if (!status) 132 return; 133 printf("status: %d ep '%s' trans: %d\n", status, ep->name, req->actual); 134 } 135 136 static int fastboot_bind(struct usb_configuration *c, struct usb_function *f) 137 { 138 int id; 139 struct usb_gadget *gadget = c->cdev->gadget; 140 struct f_fastboot *f_fb = func_to_fastboot(f); 141 const char *s; 142 143 /* DYNAMIC interface numbers assignments */ 144 id = usb_interface_id(c, f); 145 if (id < 0) 146 return id; 147 interface_desc.bInterfaceNumber = id; 148 149 id = usb_string_id(c->cdev); 150 if (id < 0) 151 return id; 152 fastboot_string_defs[0].id = id; 153 interface_desc.iInterface = id; 154 155 f_fb->in_ep = usb_ep_autoconfig(gadget, &fs_ep_in); 156 if (!f_fb->in_ep) 157 return -ENODEV; 158 f_fb->in_ep->driver_data = c->cdev; 159 160 f_fb->out_ep = usb_ep_autoconfig(gadget, &fs_ep_out); 161 if (!f_fb->out_ep) 162 return -ENODEV; 163 f_fb->out_ep->driver_data = c->cdev; 164 165 hs_ep_out.bEndpointAddress = fs_ep_out.bEndpointAddress; 166 167 s = getenv("serial#"); 168 if (s) 169 g_dnl_set_serialnumber((char *)s); 170 171 return 0; 172 } 173 174 static void fastboot_unbind(struct usb_configuration *c, struct usb_function *f) 175 { 176 memset(fastboot_func, 0, sizeof(*fastboot_func)); 177 } 178 179 static void fastboot_disable(struct usb_function *f) 180 { 181 struct f_fastboot *f_fb = func_to_fastboot(f); 182 183 usb_ep_disable(f_fb->out_ep); 184 usb_ep_disable(f_fb->in_ep); 185 186 if (f_fb->out_req) { 187 free(f_fb->out_req->buf); 188 usb_ep_free_request(f_fb->out_ep, f_fb->out_req); 189 f_fb->out_req = NULL; 190 } 191 if (f_fb->in_req) { 192 free(f_fb->in_req->buf); 193 usb_ep_free_request(f_fb->in_ep, f_fb->in_req); 194 f_fb->in_req = NULL; 195 } 196 } 197 198 static struct usb_request *fastboot_start_ep(struct usb_ep *ep) 199 { 200 struct usb_request *req; 201 202 req = usb_ep_alloc_request(ep, 0); 203 if (!req) 204 return NULL; 205 206 req->length = EP_BUFFER_SIZE; 207 req->buf = memalign(CONFIG_SYS_CACHELINE_SIZE, EP_BUFFER_SIZE); 208 if (!req->buf) { 209 usb_ep_free_request(ep, req); 210 return NULL; 211 } 212 213 memset(req->buf, 0, req->length); 214 return req; 215 } 216 217 static int fastboot_set_alt(struct usb_function *f, 218 unsigned interface, unsigned alt) 219 { 220 int ret; 221 struct usb_composite_dev *cdev = f->config->cdev; 222 struct usb_gadget *gadget = cdev->gadget; 223 struct f_fastboot *f_fb = func_to_fastboot(f); 224 225 debug("%s: func: %s intf: %d alt: %d\n", 226 __func__, f->name, interface, alt); 227 228 /* make sure we don't enable the ep twice */ 229 if (gadget->speed == USB_SPEED_HIGH) { 230 ret = usb_ep_enable(f_fb->out_ep, &hs_ep_out); 231 is_high_speed = true; 232 } else { 233 ret = usb_ep_enable(f_fb->out_ep, &fs_ep_out); 234 is_high_speed = false; 235 } 236 if (ret) { 237 puts("failed to enable out ep\n"); 238 return ret; 239 } 240 241 f_fb->out_req = fastboot_start_ep(f_fb->out_ep); 242 if (!f_fb->out_req) { 243 puts("failed to alloc out req\n"); 244 ret = -EINVAL; 245 goto err; 246 } 247 f_fb->out_req->complete = rx_handler_command; 248 249 ret = usb_ep_enable(f_fb->in_ep, &fs_ep_in); 250 if (ret) { 251 puts("failed to enable in ep\n"); 252 goto err; 253 } 254 255 f_fb->in_req = fastboot_start_ep(f_fb->in_ep); 256 if (!f_fb->in_req) { 257 puts("failed alloc req in\n"); 258 ret = -EINVAL; 259 goto err; 260 } 261 f_fb->in_req->complete = fastboot_complete; 262 263 ret = usb_ep_queue(f_fb->out_ep, f_fb->out_req, 0); 264 if (ret) 265 goto err; 266 267 return 0; 268 err: 269 fastboot_disable(f); 270 return ret; 271 } 272 273 static int fastboot_add(struct usb_configuration *c) 274 { 275 struct f_fastboot *f_fb = fastboot_func; 276 int status; 277 278 debug("%s: cdev: 0x%p\n", __func__, c->cdev); 279 280 if (!f_fb) { 281 f_fb = memalign(CONFIG_SYS_CACHELINE_SIZE, sizeof(*f_fb)); 282 if (!f_fb) 283 return -ENOMEM; 284 285 fastboot_func = f_fb; 286 memset(f_fb, 0, sizeof(*f_fb)); 287 } 288 289 f_fb->usb_function.name = "f_fastboot"; 290 f_fb->usb_function.hs_descriptors = fb_runtime_descs; 291 f_fb->usb_function.bind = fastboot_bind; 292 f_fb->usb_function.unbind = fastboot_unbind; 293 f_fb->usb_function.set_alt = fastboot_set_alt; 294 f_fb->usb_function.disable = fastboot_disable; 295 f_fb->usb_function.strings = fastboot_strings; 296 297 status = usb_add_function(c, &f_fb->usb_function); 298 if (status) { 299 free(f_fb); 300 fastboot_func = f_fb; 301 } 302 303 return status; 304 } 305 DECLARE_GADGET_BIND_CALLBACK(usb_dnl_fastboot, fastboot_add); 306 307 static int fastboot_tx_write(const char *buffer, unsigned int buffer_size) 308 { 309 struct usb_request *in_req = fastboot_func->in_req; 310 int ret; 311 312 memcpy(in_req->buf, buffer, buffer_size); 313 in_req->length = buffer_size; 314 315 usb_ep_dequeue(fastboot_func->in_ep, in_req); 316 317 ret = usb_ep_queue(fastboot_func->in_ep, in_req, 0); 318 if (ret) 319 printf("Error %d on queue\n", ret); 320 return 0; 321 } 322 323 static int fastboot_tx_write_str(const char *buffer) 324 { 325 return fastboot_tx_write(buffer, strlen(buffer)); 326 } 327 328 static void compl_do_reset(struct usb_ep *ep, struct usb_request *req) 329 { 330 do_reset(NULL, 0, 0, NULL); 331 } 332 333 int __weak fb_set_reboot_flag(void) 334 { 335 return -ENOSYS; 336 } 337 338 static void cb_reboot(struct usb_ep *ep, struct usb_request *req) 339 { 340 char *cmd = req->buf; 341 if (!strcmp_l1("reboot-bootloader", cmd)) { 342 if (fb_set_reboot_flag()) { 343 fastboot_tx_write_str("FAILCannot set reboot flag"); 344 return; 345 } 346 } 347 fastboot_func->in_req->complete = compl_do_reset; 348 fastboot_tx_write_str("OKAY"); 349 } 350 351 static int strcmp_l1(const char *s1, const char *s2) 352 { 353 if (!s1 || !s2) 354 return -1; 355 return strncmp(s1, s2, strlen(s1)); 356 } 357 358 static void cb_getvar(struct usb_ep *ep, struct usb_request *req) 359 { 360 char *cmd = req->buf; 361 char response[RESPONSE_LEN]; 362 const char *s; 363 size_t chars_left; 364 365 strcpy(response, "OKAY"); 366 chars_left = sizeof(response) - strlen(response) - 1; 367 368 strsep(&cmd, ":"); 369 if (!cmd) { 370 error("missing variable\n"); 371 fastboot_tx_write_str("FAILmissing var"); 372 return; 373 } 374 375 if (!strcmp_l1("version", cmd)) { 376 strncat(response, FASTBOOT_VERSION, chars_left); 377 } else if (!strcmp_l1("bootloader-version", cmd)) { 378 strncat(response, U_BOOT_VERSION, chars_left); 379 } else if (!strcmp_l1("downloadsize", cmd) || 380 !strcmp_l1("max-download-size", cmd)) { 381 char str_num[12]; 382 383 sprintf(str_num, "0x%08x", CONFIG_FASTBOOT_BUF_SIZE); 384 strncat(response, str_num, chars_left); 385 } else if (!strcmp_l1("serialno", cmd)) { 386 s = getenv("serial#"); 387 if (s) 388 strncat(response, s, chars_left); 389 else 390 strcpy(response, "FAILValue not set"); 391 } else { 392 error("unknown variable: %s\n", cmd); 393 strcpy(response, "FAILVariable not implemented"); 394 } 395 fastboot_tx_write_str(response); 396 } 397 398 static unsigned int rx_bytes_expected(unsigned int maxpacket) 399 { 400 int rx_remain = download_size - download_bytes; 401 int rem = 0; 402 if (rx_remain < 0) 403 return 0; 404 if (rx_remain > EP_BUFFER_SIZE) 405 return EP_BUFFER_SIZE; 406 if (rx_remain < maxpacket) { 407 rx_remain = maxpacket; 408 } else if (rx_remain % maxpacket != 0) { 409 rem = rx_remain % maxpacket; 410 rx_remain = rx_remain + (maxpacket - rem); 411 } 412 return rx_remain; 413 } 414 415 #define BYTES_PER_DOT 0x20000 416 static void rx_handler_dl_image(struct usb_ep *ep, struct usb_request *req) 417 { 418 char response[RESPONSE_LEN]; 419 unsigned int transfer_size = download_size - download_bytes; 420 const unsigned char *buffer = req->buf; 421 unsigned int buffer_size = req->actual; 422 unsigned int pre_dot_num, now_dot_num; 423 unsigned int max; 424 425 if (req->status != 0) { 426 printf("Bad status: %d\n", req->status); 427 return; 428 } 429 430 if (buffer_size < transfer_size) 431 transfer_size = buffer_size; 432 433 memcpy((void *)CONFIG_FASTBOOT_BUF_ADDR + download_bytes, 434 buffer, transfer_size); 435 436 pre_dot_num = download_bytes / BYTES_PER_DOT; 437 download_bytes += transfer_size; 438 now_dot_num = download_bytes / BYTES_PER_DOT; 439 440 if (pre_dot_num != now_dot_num) { 441 putc('.'); 442 if (!(now_dot_num % 74)) 443 putc('\n'); 444 } 445 446 /* Check if transfer is done */ 447 if (download_bytes >= download_size) { 448 /* 449 * Reset global transfer variable, keep download_bytes because 450 * it will be used in the next possible flashing command 451 */ 452 download_size = 0; 453 req->complete = rx_handler_command; 454 req->length = EP_BUFFER_SIZE; 455 456 sprintf(response, "OKAY"); 457 fastboot_tx_write_str(response); 458 459 printf("\ndownloading of %d bytes finished\n", download_bytes); 460 } else { 461 max = is_high_speed ? hs_ep_out.wMaxPacketSize : 462 fs_ep_out.wMaxPacketSize; 463 req->length = rx_bytes_expected(max); 464 if (req->length < ep->maxpacket) 465 req->length = ep->maxpacket; 466 } 467 468 req->actual = 0; 469 usb_ep_queue(ep, req, 0); 470 } 471 472 static void cb_download(struct usb_ep *ep, struct usb_request *req) 473 { 474 char *cmd = req->buf; 475 char response[RESPONSE_LEN]; 476 unsigned int max; 477 478 strsep(&cmd, ":"); 479 download_size = simple_strtoul(cmd, NULL, 16); 480 download_bytes = 0; 481 482 printf("Starting download of %d bytes\n", download_size); 483 484 if (0 == download_size) { 485 sprintf(response, "FAILdata invalid size"); 486 } else if (download_size > CONFIG_FASTBOOT_BUF_SIZE) { 487 download_size = 0; 488 sprintf(response, "FAILdata too large"); 489 } else { 490 sprintf(response, "DATA%08x", download_size); 491 req->complete = rx_handler_dl_image; 492 max = is_high_speed ? hs_ep_out.wMaxPacketSize : 493 fs_ep_out.wMaxPacketSize; 494 req->length = rx_bytes_expected(max); 495 if (req->length < ep->maxpacket) 496 req->length = ep->maxpacket; 497 } 498 fastboot_tx_write_str(response); 499 } 500 501 static void do_bootm_on_complete(struct usb_ep *ep, struct usb_request *req) 502 { 503 char boot_addr_start[12]; 504 char *bootm_args[] = { "bootm", boot_addr_start, NULL }; 505 506 puts("Booting kernel..\n"); 507 508 sprintf(boot_addr_start, "0x%lx", load_addr); 509 do_bootm(NULL, 0, 2, bootm_args); 510 511 /* This only happens if image is somehow faulty so we start over */ 512 do_reset(NULL, 0, 0, NULL); 513 } 514 515 static void cb_boot(struct usb_ep *ep, struct usb_request *req) 516 { 517 fastboot_func->in_req->complete = do_bootm_on_complete; 518 fastboot_tx_write_str("OKAY"); 519 } 520 521 static void do_exit_on_complete(struct usb_ep *ep, struct usb_request *req) 522 { 523 g_dnl_trigger_detach(); 524 } 525 526 static void cb_continue(struct usb_ep *ep, struct usb_request *req) 527 { 528 fastboot_func->in_req->complete = do_exit_on_complete; 529 fastboot_tx_write_str("OKAY"); 530 } 531 532 #ifdef CONFIG_FASTBOOT_FLASH 533 static void cb_flash(struct usb_ep *ep, struct usb_request *req) 534 { 535 char *cmd = req->buf; 536 char response[RESPONSE_LEN]; 537 538 strsep(&cmd, ":"); 539 if (!cmd) { 540 error("missing partition name\n"); 541 fastboot_tx_write_str("FAILmissing partition name"); 542 return; 543 } 544 545 strcpy(response, "FAILno flash device defined"); 546 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 547 fb_mmc_flash_write(cmd, (void *)CONFIG_FASTBOOT_BUF_ADDR, 548 download_bytes, response); 549 #endif 550 fastboot_tx_write_str(response); 551 } 552 #endif 553 554 static void cb_oem(struct usb_ep *ep, struct usb_request *req) 555 { 556 char *cmd = req->buf; 557 #ifdef CONFIG_FASTBOOT_FLASH 558 if (strncmp("format", cmd + 4, 6) == 0) { 559 char cmdbuf[32]; 560 sprintf(cmdbuf, "gpt write mmc %x $partitions", 561 CONFIG_FASTBOOT_FLASH_MMC_DEV); 562 if (run_command(cmdbuf, 0)) 563 fastboot_tx_write_str("FAIL"); 564 else 565 fastboot_tx_write_str("OKAY"); 566 } else 567 #endif 568 if (strncmp("unlock", cmd + 4, 8) == 0) { 569 fastboot_tx_write_str("FAILnot implemented"); 570 } 571 else { 572 fastboot_tx_write_str("FAILunknown oem command"); 573 } 574 } 575 576 #ifdef CONFIG_FASTBOOT_FLASH 577 static void cb_erase(struct usb_ep *ep, struct usb_request *req) 578 { 579 char *cmd = req->buf; 580 char response[RESPONSE_LEN]; 581 582 strsep(&cmd, ":"); 583 if (!cmd) { 584 error("missing partition name"); 585 fastboot_tx_write_str("FAILmissing partition name"); 586 return; 587 } 588 589 strcpy(response, "FAILno flash device defined"); 590 591 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 592 fb_mmc_erase(cmd, response); 593 #endif 594 fastboot_tx_write_str(response); 595 } 596 #endif 597 598 struct cmd_dispatch_info { 599 char *cmd; 600 void (*cb)(struct usb_ep *ep, struct usb_request *req); 601 }; 602 603 static const struct cmd_dispatch_info cmd_dispatch_info[] = { 604 { 605 .cmd = "reboot", 606 .cb = cb_reboot, 607 }, { 608 .cmd = "getvar:", 609 .cb = cb_getvar, 610 }, { 611 .cmd = "download:", 612 .cb = cb_download, 613 }, { 614 .cmd = "boot", 615 .cb = cb_boot, 616 }, { 617 .cmd = "continue", 618 .cb = cb_continue, 619 }, 620 #ifdef CONFIG_FASTBOOT_FLASH 621 { 622 .cmd = "flash", 623 .cb = cb_flash, 624 }, { 625 .cmd = "erase", 626 .cb = cb_erase, 627 }, 628 #endif 629 { 630 .cmd = "oem", 631 .cb = cb_oem, 632 }, 633 }; 634 635 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req) 636 { 637 char *cmdbuf = req->buf; 638 void (*func_cb)(struct usb_ep *ep, struct usb_request *req) = NULL; 639 int i; 640 641 if (req->status != 0 || req->length == 0) 642 return; 643 644 for (i = 0; i < ARRAY_SIZE(cmd_dispatch_info); i++) { 645 if (!strcmp_l1(cmd_dispatch_info[i].cmd, cmdbuf)) { 646 func_cb = cmd_dispatch_info[i].cb; 647 break; 648 } 649 } 650 651 if (!func_cb) { 652 error("unknown command: %s\n", cmdbuf); 653 fastboot_tx_write_str("FAILunknown command"); 654 } else { 655 if (req->actual < req->length) { 656 u8 *buf = (u8 *)req->buf; 657 buf[req->actual] = 0; 658 func_cb(ep, req); 659 } else { 660 error("buffer overflow\n"); 661 fastboot_tx_write_str("FAILbuffer overflow"); 662 } 663 } 664 665 *cmdbuf = '\0'; 666 req->actual = 0; 667 usb_ep_queue(ep, req, 0); 668 } 669