1 /* 2 * (C) Copyright 2008 - 2009 3 * Windriver, <www.windriver.com> 4 * Tom Rix <Tom.Rix@windriver.com> 5 * 6 * Copyright 2011 Sebastian Andrzej Siewior <bigeasy@linutronix.de> 7 * 8 * Copyright 2014 Linaro, Ltd. 9 * Rob Herring <robh@kernel.org> 10 * 11 * SPDX-License-Identifier: GPL-2.0+ 12 */ 13 #include <config.h> 14 #include <common.h> 15 #include <errno.h> 16 #include <malloc.h> 17 #include <linux/usb/ch9.h> 18 #include <linux/usb/gadget.h> 19 #include <linux/usb/composite.h> 20 #include <linux/compiler.h> 21 #include <version.h> 22 #include <g_dnl.h> 23 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 24 #include <fb_mmc.h> 25 #endif 26 27 #define FASTBOOT_VERSION "0.4" 28 29 #define FASTBOOT_INTERFACE_CLASS 0xff 30 #define FASTBOOT_INTERFACE_SUB_CLASS 0x42 31 #define FASTBOOT_INTERFACE_PROTOCOL 0x03 32 33 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_2_0 (0x0200) 34 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_1_1 (0x0040) 35 #define TX_ENDPOINT_MAXIMUM_PACKET_SIZE (0x0040) 36 37 /* The 64 defined bytes plus \0 */ 38 #define RESPONSE_LEN (64 + 1) 39 40 #define EP_BUFFER_SIZE 4096 41 42 struct f_fastboot { 43 struct usb_function usb_function; 44 45 /* IN/OUT EP's and corresponding requests */ 46 struct usb_ep *in_ep, *out_ep; 47 struct usb_request *in_req, *out_req; 48 }; 49 50 static inline struct f_fastboot *func_to_fastboot(struct usb_function *f) 51 { 52 return container_of(f, struct f_fastboot, usb_function); 53 } 54 55 static struct f_fastboot *fastboot_func; 56 static unsigned int download_size; 57 static unsigned int download_bytes; 58 static bool is_high_speed; 59 60 static struct usb_endpoint_descriptor fs_ep_in = { 61 .bLength = USB_DT_ENDPOINT_SIZE, 62 .bDescriptorType = USB_DT_ENDPOINT, 63 .bEndpointAddress = USB_DIR_IN, 64 .bmAttributes = USB_ENDPOINT_XFER_BULK, 65 .wMaxPacketSize = TX_ENDPOINT_MAXIMUM_PACKET_SIZE, 66 .bInterval = 0x00, 67 }; 68 69 static struct usb_endpoint_descriptor fs_ep_out = { 70 .bLength = USB_DT_ENDPOINT_SIZE, 71 .bDescriptorType = USB_DT_ENDPOINT, 72 .bEndpointAddress = USB_DIR_OUT, 73 .bmAttributes = USB_ENDPOINT_XFER_BULK, 74 .wMaxPacketSize = RX_ENDPOINT_MAXIMUM_PACKET_SIZE_1_1, 75 .bInterval = 0x00, 76 }; 77 78 static struct usb_endpoint_descriptor hs_ep_out = { 79 .bLength = USB_DT_ENDPOINT_SIZE, 80 .bDescriptorType = USB_DT_ENDPOINT, 81 .bEndpointAddress = USB_DIR_OUT, 82 .bmAttributes = USB_ENDPOINT_XFER_BULK, 83 .wMaxPacketSize = RX_ENDPOINT_MAXIMUM_PACKET_SIZE_2_0, 84 .bInterval = 0x00, 85 }; 86 87 static struct usb_interface_descriptor interface_desc = { 88 .bLength = USB_DT_INTERFACE_SIZE, 89 .bDescriptorType = USB_DT_INTERFACE, 90 .bInterfaceNumber = 0x00, 91 .bAlternateSetting = 0x00, 92 .bNumEndpoints = 0x02, 93 .bInterfaceClass = FASTBOOT_INTERFACE_CLASS, 94 .bInterfaceSubClass = FASTBOOT_INTERFACE_SUB_CLASS, 95 .bInterfaceProtocol = FASTBOOT_INTERFACE_PROTOCOL, 96 }; 97 98 static struct usb_descriptor_header *fb_runtime_descs[] = { 99 (struct usb_descriptor_header *)&interface_desc, 100 (struct usb_descriptor_header *)&fs_ep_in, 101 (struct usb_descriptor_header *)&hs_ep_out, 102 NULL, 103 }; 104 105 /* 106 * static strings, in UTF-8 107 */ 108 static const char fastboot_name[] = "Android Fastboot"; 109 110 static struct usb_string fastboot_string_defs[] = { 111 [0].s = fastboot_name, 112 { } /* end of list */ 113 }; 114 115 static struct usb_gadget_strings stringtab_fastboot = { 116 .language = 0x0409, /* en-us */ 117 .strings = fastboot_string_defs, 118 }; 119 120 static struct usb_gadget_strings *fastboot_strings[] = { 121 &stringtab_fastboot, 122 NULL, 123 }; 124 125 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req); 126 static int strcmp_l1(const char *s1, const char *s2); 127 128 static void fastboot_complete(struct usb_ep *ep, struct usb_request *req) 129 { 130 int status = req->status; 131 if (!status) 132 return; 133 printf("status: %d ep '%s' trans: %d\n", status, ep->name, req->actual); 134 } 135 136 static int fastboot_bind(struct usb_configuration *c, struct usb_function *f) 137 { 138 int id; 139 struct usb_gadget *gadget = c->cdev->gadget; 140 struct f_fastboot *f_fb = func_to_fastboot(f); 141 const char *s; 142 143 /* DYNAMIC interface numbers assignments */ 144 id = usb_interface_id(c, f); 145 if (id < 0) 146 return id; 147 interface_desc.bInterfaceNumber = id; 148 149 id = usb_string_id(c->cdev); 150 if (id < 0) 151 return id; 152 fastboot_string_defs[0].id = id; 153 interface_desc.iInterface = id; 154 155 f_fb->in_ep = usb_ep_autoconfig(gadget, &fs_ep_in); 156 if (!f_fb->in_ep) 157 return -ENODEV; 158 f_fb->in_ep->driver_data = c->cdev; 159 160 f_fb->out_ep = usb_ep_autoconfig(gadget, &fs_ep_out); 161 if (!f_fb->out_ep) 162 return -ENODEV; 163 f_fb->out_ep->driver_data = c->cdev; 164 165 hs_ep_out.bEndpointAddress = fs_ep_out.bEndpointAddress; 166 167 s = getenv("serial#"); 168 if (s) 169 g_dnl_set_serialnumber((char *)s); 170 171 return 0; 172 } 173 174 static void fastboot_unbind(struct usb_configuration *c, struct usb_function *f) 175 { 176 memset(fastboot_func, 0, sizeof(*fastboot_func)); 177 } 178 179 static void fastboot_disable(struct usb_function *f) 180 { 181 struct f_fastboot *f_fb = func_to_fastboot(f); 182 183 usb_ep_disable(f_fb->out_ep); 184 usb_ep_disable(f_fb->in_ep); 185 186 if (f_fb->out_req) { 187 free(f_fb->out_req->buf); 188 usb_ep_free_request(f_fb->out_ep, f_fb->out_req); 189 f_fb->out_req = NULL; 190 } 191 if (f_fb->in_req) { 192 free(f_fb->in_req->buf); 193 usb_ep_free_request(f_fb->in_ep, f_fb->in_req); 194 f_fb->in_req = NULL; 195 } 196 } 197 198 static struct usb_request *fastboot_start_ep(struct usb_ep *ep) 199 { 200 struct usb_request *req; 201 202 req = usb_ep_alloc_request(ep, 0); 203 if (!req) 204 return NULL; 205 206 req->length = EP_BUFFER_SIZE; 207 req->buf = memalign(CONFIG_SYS_CACHELINE_SIZE, EP_BUFFER_SIZE); 208 if (!req->buf) { 209 usb_ep_free_request(ep, req); 210 return NULL; 211 } 212 213 memset(req->buf, 0, req->length); 214 return req; 215 } 216 217 static int fastboot_set_alt(struct usb_function *f, 218 unsigned interface, unsigned alt) 219 { 220 int ret; 221 struct usb_composite_dev *cdev = f->config->cdev; 222 struct usb_gadget *gadget = cdev->gadget; 223 struct f_fastboot *f_fb = func_to_fastboot(f); 224 225 debug("%s: func: %s intf: %d alt: %d\n", 226 __func__, f->name, interface, alt); 227 228 /* make sure we don't enable the ep twice */ 229 if (gadget->speed == USB_SPEED_HIGH) { 230 ret = usb_ep_enable(f_fb->out_ep, &hs_ep_out); 231 is_high_speed = true; 232 } else { 233 ret = usb_ep_enable(f_fb->out_ep, &fs_ep_out); 234 is_high_speed = false; 235 } 236 if (ret) { 237 puts("failed to enable out ep\n"); 238 return ret; 239 } 240 241 f_fb->out_req = fastboot_start_ep(f_fb->out_ep); 242 if (!f_fb->out_req) { 243 puts("failed to alloc out req\n"); 244 ret = -EINVAL; 245 goto err; 246 } 247 f_fb->out_req->complete = rx_handler_command; 248 249 ret = usb_ep_enable(f_fb->in_ep, &fs_ep_in); 250 if (ret) { 251 puts("failed to enable in ep\n"); 252 goto err; 253 } 254 255 f_fb->in_req = fastboot_start_ep(f_fb->in_ep); 256 if (!f_fb->in_req) { 257 puts("failed alloc req in\n"); 258 ret = -EINVAL; 259 goto err; 260 } 261 f_fb->in_req->complete = fastboot_complete; 262 263 ret = usb_ep_queue(f_fb->out_ep, f_fb->out_req, 0); 264 if (ret) 265 goto err; 266 267 return 0; 268 err: 269 fastboot_disable(f); 270 return ret; 271 } 272 273 static int fastboot_add(struct usb_configuration *c) 274 { 275 struct f_fastboot *f_fb = fastboot_func; 276 int status; 277 278 debug("%s: cdev: 0x%p\n", __func__, c->cdev); 279 280 if (!f_fb) { 281 f_fb = memalign(CONFIG_SYS_CACHELINE_SIZE, sizeof(*f_fb)); 282 if (!f_fb) 283 return -ENOMEM; 284 285 fastboot_func = f_fb; 286 memset(f_fb, 0, sizeof(*f_fb)); 287 } 288 289 f_fb->usb_function.name = "f_fastboot"; 290 f_fb->usb_function.hs_descriptors = fb_runtime_descs; 291 f_fb->usb_function.bind = fastboot_bind; 292 f_fb->usb_function.unbind = fastboot_unbind; 293 f_fb->usb_function.set_alt = fastboot_set_alt; 294 f_fb->usb_function.disable = fastboot_disable; 295 f_fb->usb_function.strings = fastboot_strings; 296 297 status = usb_add_function(c, &f_fb->usb_function); 298 if (status) { 299 free(f_fb); 300 fastboot_func = f_fb; 301 } 302 303 return status; 304 } 305 DECLARE_GADGET_BIND_CALLBACK(usb_dnl_fastboot, fastboot_add); 306 307 static int fastboot_tx_write(const char *buffer, unsigned int buffer_size) 308 { 309 struct usb_request *in_req = fastboot_func->in_req; 310 int ret; 311 312 memcpy(in_req->buf, buffer, buffer_size); 313 in_req->length = buffer_size; 314 ret = usb_ep_queue(fastboot_func->in_ep, in_req, 0); 315 if (ret) 316 printf("Error %d on queue\n", ret); 317 return 0; 318 } 319 320 static int fastboot_tx_write_str(const char *buffer) 321 { 322 return fastboot_tx_write(buffer, strlen(buffer)); 323 } 324 325 static void compl_do_reset(struct usb_ep *ep, struct usb_request *req) 326 { 327 do_reset(NULL, 0, 0, NULL); 328 } 329 330 int __weak fb_set_reboot_flag(void) 331 { 332 return -ENOSYS; 333 } 334 335 static void cb_reboot(struct usb_ep *ep, struct usb_request *req) 336 { 337 char *cmd = req->buf; 338 if (!strcmp_l1("reboot-bootloader", cmd)) { 339 if (fb_set_reboot_flag()) { 340 fastboot_tx_write_str("FAILCannot set reboot flag"); 341 return; 342 } 343 } 344 fastboot_func->in_req->complete = compl_do_reset; 345 fastboot_tx_write_str("OKAY"); 346 } 347 348 static int strcmp_l1(const char *s1, const char *s2) 349 { 350 if (!s1 || !s2) 351 return -1; 352 return strncmp(s1, s2, strlen(s1)); 353 } 354 355 static void cb_getvar(struct usb_ep *ep, struct usb_request *req) 356 { 357 char *cmd = req->buf; 358 char response[RESPONSE_LEN]; 359 const char *s; 360 size_t chars_left; 361 362 strcpy(response, "OKAY"); 363 chars_left = sizeof(response) - strlen(response) - 1; 364 365 strsep(&cmd, ":"); 366 if (!cmd) { 367 error("missing variable\n"); 368 fastboot_tx_write_str("FAILmissing var"); 369 return; 370 } 371 372 if (!strcmp_l1("version", cmd)) { 373 strncat(response, FASTBOOT_VERSION, chars_left); 374 } else if (!strcmp_l1("bootloader-version", cmd)) { 375 strncat(response, U_BOOT_VERSION, chars_left); 376 } else if (!strcmp_l1("downloadsize", cmd) || 377 !strcmp_l1("max-download-size", cmd)) { 378 char str_num[12]; 379 380 sprintf(str_num, "0x%08x", CONFIG_USB_FASTBOOT_BUF_SIZE); 381 strncat(response, str_num, chars_left); 382 } else if (!strcmp_l1("serialno", cmd)) { 383 s = getenv("serial#"); 384 if (s) 385 strncat(response, s, chars_left); 386 else 387 strcpy(response, "FAILValue not set"); 388 } else { 389 error("unknown variable: %s\n", cmd); 390 strcpy(response, "FAILVariable not implemented"); 391 } 392 fastboot_tx_write_str(response); 393 } 394 395 static unsigned int rx_bytes_expected(unsigned int maxpacket) 396 { 397 int rx_remain = download_size - download_bytes; 398 int rem = 0; 399 if (rx_remain < 0) 400 return 0; 401 if (rx_remain > EP_BUFFER_SIZE) 402 return EP_BUFFER_SIZE; 403 if (rx_remain < maxpacket) { 404 rx_remain = maxpacket; 405 } else if (rx_remain % maxpacket != 0) { 406 rem = rx_remain % maxpacket; 407 rx_remain = rx_remain + (maxpacket - rem); 408 } 409 return rx_remain; 410 } 411 412 #define BYTES_PER_DOT 0x20000 413 static void rx_handler_dl_image(struct usb_ep *ep, struct usb_request *req) 414 { 415 char response[RESPONSE_LEN]; 416 unsigned int transfer_size = download_size - download_bytes; 417 const unsigned char *buffer = req->buf; 418 unsigned int buffer_size = req->actual; 419 unsigned int pre_dot_num, now_dot_num; 420 unsigned int max; 421 422 if (req->status != 0) { 423 printf("Bad status: %d\n", req->status); 424 return; 425 } 426 427 if (buffer_size < transfer_size) 428 transfer_size = buffer_size; 429 430 memcpy((void *)CONFIG_USB_FASTBOOT_BUF_ADDR + download_bytes, 431 buffer, transfer_size); 432 433 pre_dot_num = download_bytes / BYTES_PER_DOT; 434 download_bytes += transfer_size; 435 now_dot_num = download_bytes / BYTES_PER_DOT; 436 437 if (pre_dot_num != now_dot_num) { 438 putc('.'); 439 if (!(now_dot_num % 74)) 440 putc('\n'); 441 } 442 443 /* Check if transfer is done */ 444 if (download_bytes >= download_size) { 445 /* 446 * Reset global transfer variable, keep download_bytes because 447 * it will be used in the next possible flashing command 448 */ 449 download_size = 0; 450 req->complete = rx_handler_command; 451 req->length = EP_BUFFER_SIZE; 452 453 sprintf(response, "OKAY"); 454 fastboot_tx_write_str(response); 455 456 printf("\ndownloading of %d bytes finished\n", download_bytes); 457 } else { 458 max = is_high_speed ? hs_ep_out.wMaxPacketSize : 459 fs_ep_out.wMaxPacketSize; 460 req->length = rx_bytes_expected(max); 461 if (req->length < ep->maxpacket) 462 req->length = ep->maxpacket; 463 } 464 465 req->actual = 0; 466 usb_ep_queue(ep, req, 0); 467 } 468 469 static void cb_download(struct usb_ep *ep, struct usb_request *req) 470 { 471 char *cmd = req->buf; 472 char response[RESPONSE_LEN]; 473 unsigned int max; 474 475 strsep(&cmd, ":"); 476 download_size = simple_strtoul(cmd, NULL, 16); 477 download_bytes = 0; 478 479 printf("Starting download of %d bytes\n", download_size); 480 481 if (0 == download_size) { 482 sprintf(response, "FAILdata invalid size"); 483 } else if (download_size > CONFIG_USB_FASTBOOT_BUF_SIZE) { 484 download_size = 0; 485 sprintf(response, "FAILdata too large"); 486 } else { 487 sprintf(response, "DATA%08x", download_size); 488 req->complete = rx_handler_dl_image; 489 max = is_high_speed ? hs_ep_out.wMaxPacketSize : 490 fs_ep_out.wMaxPacketSize; 491 req->length = rx_bytes_expected(max); 492 if (req->length < ep->maxpacket) 493 req->length = ep->maxpacket; 494 } 495 fastboot_tx_write_str(response); 496 } 497 498 static void do_bootm_on_complete(struct usb_ep *ep, struct usb_request *req) 499 { 500 char boot_addr_start[12]; 501 char *bootm_args[] = { "bootm", boot_addr_start, NULL }; 502 503 puts("Booting kernel..\n"); 504 505 sprintf(boot_addr_start, "0x%lx", load_addr); 506 do_bootm(NULL, 0, 2, bootm_args); 507 508 /* This only happens if image is somehow faulty so we start over */ 509 do_reset(NULL, 0, 0, NULL); 510 } 511 512 static void cb_boot(struct usb_ep *ep, struct usb_request *req) 513 { 514 fastboot_func->in_req->complete = do_bootm_on_complete; 515 fastboot_tx_write_str("OKAY"); 516 } 517 518 static void do_exit_on_complete(struct usb_ep *ep, struct usb_request *req) 519 { 520 g_dnl_trigger_detach(); 521 } 522 523 static void cb_continue(struct usb_ep *ep, struct usb_request *req) 524 { 525 fastboot_func->in_req->complete = do_exit_on_complete; 526 fastboot_tx_write_str("OKAY"); 527 } 528 529 #ifdef CONFIG_FASTBOOT_FLASH 530 static void cb_flash(struct usb_ep *ep, struct usb_request *req) 531 { 532 char *cmd = req->buf; 533 char response[RESPONSE_LEN]; 534 535 strsep(&cmd, ":"); 536 if (!cmd) { 537 error("missing partition name\n"); 538 fastboot_tx_write_str("FAILmissing partition name"); 539 return; 540 } 541 542 strcpy(response, "FAILno flash device defined"); 543 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 544 fb_mmc_flash_write(cmd, (void *)CONFIG_USB_FASTBOOT_BUF_ADDR, 545 download_bytes, response); 546 #endif 547 fastboot_tx_write_str(response); 548 } 549 #endif 550 551 static void cb_oem(struct usb_ep *ep, struct usb_request *req) 552 { 553 char *cmd = req->buf; 554 #ifdef CONFIG_FASTBOOT_FLASH 555 if (strncmp("format", cmd + 4, 6) == 0) { 556 char cmdbuf[32]; 557 sprintf(cmdbuf, "gpt write mmc %x $partitions", 558 CONFIG_FASTBOOT_FLASH_MMC_DEV); 559 if (run_command(cmdbuf, 0)) 560 fastboot_tx_write_str("FAIL"); 561 else 562 fastboot_tx_write_str("OKAY"); 563 } else 564 #endif 565 if (strncmp("unlock", cmd + 4, 8) == 0) { 566 fastboot_tx_write_str("FAILnot implemented"); 567 } 568 else { 569 fastboot_tx_write_str("FAILunknown oem command"); 570 } 571 } 572 573 #ifdef CONFIG_FASTBOOT_FLASH 574 static void cb_erase(struct usb_ep *ep, struct usb_request *req) 575 { 576 char *cmd = req->buf; 577 char response[RESPONSE_LEN]; 578 579 strsep(&cmd, ":"); 580 if (!cmd) { 581 error("missing partition name"); 582 fastboot_tx_write_str("FAILmissing partition name"); 583 return; 584 } 585 586 strcpy(response, "FAILno flash device defined"); 587 588 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 589 fb_mmc_erase(cmd, response); 590 #endif 591 fastboot_tx_write_str(response); 592 } 593 #endif 594 595 struct cmd_dispatch_info { 596 char *cmd; 597 void (*cb)(struct usb_ep *ep, struct usb_request *req); 598 }; 599 600 static const struct cmd_dispatch_info cmd_dispatch_info[] = { 601 { 602 .cmd = "reboot", 603 .cb = cb_reboot, 604 }, { 605 .cmd = "getvar:", 606 .cb = cb_getvar, 607 }, { 608 .cmd = "download:", 609 .cb = cb_download, 610 }, { 611 .cmd = "boot", 612 .cb = cb_boot, 613 }, { 614 .cmd = "continue", 615 .cb = cb_continue, 616 }, 617 #ifdef CONFIG_FASTBOOT_FLASH 618 { 619 .cmd = "flash", 620 .cb = cb_flash, 621 }, { 622 .cmd = "erase", 623 .cb = cb_erase, 624 }, 625 #endif 626 { 627 .cmd = "oem", 628 .cb = cb_oem, 629 }, 630 }; 631 632 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req) 633 { 634 char *cmdbuf = req->buf; 635 void (*func_cb)(struct usb_ep *ep, struct usb_request *req) = NULL; 636 int i; 637 638 for (i = 0; i < ARRAY_SIZE(cmd_dispatch_info); i++) { 639 if (!strcmp_l1(cmd_dispatch_info[i].cmd, cmdbuf)) { 640 func_cb = cmd_dispatch_info[i].cb; 641 break; 642 } 643 } 644 645 if (!func_cb) { 646 error("unknown command: %s\n", cmdbuf); 647 fastboot_tx_write_str("FAILunknown command"); 648 } else { 649 if (req->actual < req->length) { 650 u8 *buf = (u8 *)req->buf; 651 buf[req->actual] = 0; 652 func_cb(ep, req); 653 } else { 654 error("buffer overflow\n"); 655 fastboot_tx_write_str("FAILbuffer overflow"); 656 } 657 } 658 659 if (req->status == 0) { 660 *cmdbuf = '\0'; 661 req->actual = 0; 662 usb_ep_queue(ep, req, 0); 663 } 664 } 665