1 /* 2 * (C) Copyright 2008 - 2009 3 * Windriver, <www.windriver.com> 4 * Tom Rix <Tom.Rix@windriver.com> 5 * 6 * Copyright 2011 Sebastian Andrzej Siewior <bigeasy@linutronix.de> 7 * 8 * Copyright 2014 Linaro, Ltd. 9 * Rob Herring <robh@kernel.org> 10 * 11 * SPDX-License-Identifier: GPL-2.0+ 12 */ 13 #include <config.h> 14 #include <common.h> 15 #include <errno.h> 16 #include <fastboot.h> 17 #include <malloc.h> 18 #include <linux/usb/ch9.h> 19 #include <linux/usb/gadget.h> 20 #include <linux/usb/composite.h> 21 #include <linux/compiler.h> 22 #include <version.h> 23 #include <g_dnl.h> 24 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 25 #include <fb_mmc.h> 26 #endif 27 28 #define FASTBOOT_VERSION "0.4" 29 30 #define FASTBOOT_INTERFACE_CLASS 0xff 31 #define FASTBOOT_INTERFACE_SUB_CLASS 0x42 32 #define FASTBOOT_INTERFACE_PROTOCOL 0x03 33 34 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_2_0 (0x0200) 35 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_1_1 (0x0040) 36 #define TX_ENDPOINT_MAXIMUM_PACKET_SIZE (0x0040) 37 38 #define EP_BUFFER_SIZE 4096 39 40 struct f_fastboot { 41 struct usb_function usb_function; 42 43 /* IN/OUT EP's and corresponding requests */ 44 struct usb_ep *in_ep, *out_ep; 45 struct usb_request *in_req, *out_req; 46 }; 47 48 static inline struct f_fastboot *func_to_fastboot(struct usb_function *f) 49 { 50 return container_of(f, struct f_fastboot, usb_function); 51 } 52 53 static struct f_fastboot *fastboot_func; 54 static unsigned int download_size; 55 static unsigned int download_bytes; 56 static bool is_high_speed; 57 58 static struct usb_endpoint_descriptor fs_ep_in = { 59 .bLength = USB_DT_ENDPOINT_SIZE, 60 .bDescriptorType = USB_DT_ENDPOINT, 61 .bEndpointAddress = USB_DIR_IN, 62 .bmAttributes = USB_ENDPOINT_XFER_BULK, 63 .wMaxPacketSize = TX_ENDPOINT_MAXIMUM_PACKET_SIZE, 64 .bInterval = 0x00, 65 }; 66 67 static struct usb_endpoint_descriptor fs_ep_out = { 68 .bLength = USB_DT_ENDPOINT_SIZE, 69 .bDescriptorType = USB_DT_ENDPOINT, 70 .bEndpointAddress = USB_DIR_OUT, 71 .bmAttributes = USB_ENDPOINT_XFER_BULK, 72 .wMaxPacketSize = RX_ENDPOINT_MAXIMUM_PACKET_SIZE_1_1, 73 .bInterval = 0x00, 74 }; 75 76 static struct usb_endpoint_descriptor hs_ep_out = { 77 .bLength = USB_DT_ENDPOINT_SIZE, 78 .bDescriptorType = USB_DT_ENDPOINT, 79 .bEndpointAddress = USB_DIR_OUT, 80 .bmAttributes = USB_ENDPOINT_XFER_BULK, 81 .wMaxPacketSize = RX_ENDPOINT_MAXIMUM_PACKET_SIZE_2_0, 82 .bInterval = 0x00, 83 }; 84 85 static struct usb_interface_descriptor interface_desc = { 86 .bLength = USB_DT_INTERFACE_SIZE, 87 .bDescriptorType = USB_DT_INTERFACE, 88 .bInterfaceNumber = 0x00, 89 .bAlternateSetting = 0x00, 90 .bNumEndpoints = 0x02, 91 .bInterfaceClass = FASTBOOT_INTERFACE_CLASS, 92 .bInterfaceSubClass = FASTBOOT_INTERFACE_SUB_CLASS, 93 .bInterfaceProtocol = FASTBOOT_INTERFACE_PROTOCOL, 94 }; 95 96 static struct usb_descriptor_header *fb_runtime_descs[] = { 97 (struct usb_descriptor_header *)&interface_desc, 98 (struct usb_descriptor_header *)&fs_ep_in, 99 (struct usb_descriptor_header *)&hs_ep_out, 100 NULL, 101 }; 102 103 /* 104 * static strings, in UTF-8 105 */ 106 static const char fastboot_name[] = "Android Fastboot"; 107 108 static struct usb_string fastboot_string_defs[] = { 109 [0].s = fastboot_name, 110 { } /* end of list */ 111 }; 112 113 static struct usb_gadget_strings stringtab_fastboot = { 114 .language = 0x0409, /* en-us */ 115 .strings = fastboot_string_defs, 116 }; 117 118 static struct usb_gadget_strings *fastboot_strings[] = { 119 &stringtab_fastboot, 120 NULL, 121 }; 122 123 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req); 124 static int strcmp_l1(const char *s1, const char *s2); 125 126 127 void fastboot_fail(char *response, const char *reason) 128 { 129 strncpy(response, "FAIL\0", 5); 130 strncat(response, reason, FASTBOOT_RESPONSE_LEN - 4 - 1); 131 } 132 133 void fastboot_okay(char *response, const char *reason) 134 { 135 strncpy(response, "OKAY\0", 5); 136 strncat(response, reason, FASTBOOT_RESPONSE_LEN - 4 - 1); 137 } 138 139 static void fastboot_complete(struct usb_ep *ep, struct usb_request *req) 140 { 141 int status = req->status; 142 if (!status) 143 return; 144 printf("status: %d ep '%s' trans: %d\n", status, ep->name, req->actual); 145 } 146 147 static int fastboot_bind(struct usb_configuration *c, struct usb_function *f) 148 { 149 int id; 150 struct usb_gadget *gadget = c->cdev->gadget; 151 struct f_fastboot *f_fb = func_to_fastboot(f); 152 const char *s; 153 154 /* DYNAMIC interface numbers assignments */ 155 id = usb_interface_id(c, f); 156 if (id < 0) 157 return id; 158 interface_desc.bInterfaceNumber = id; 159 160 id = usb_string_id(c->cdev); 161 if (id < 0) 162 return id; 163 fastboot_string_defs[0].id = id; 164 interface_desc.iInterface = id; 165 166 f_fb->in_ep = usb_ep_autoconfig(gadget, &fs_ep_in); 167 if (!f_fb->in_ep) 168 return -ENODEV; 169 f_fb->in_ep->driver_data = c->cdev; 170 171 f_fb->out_ep = usb_ep_autoconfig(gadget, &fs_ep_out); 172 if (!f_fb->out_ep) 173 return -ENODEV; 174 f_fb->out_ep->driver_data = c->cdev; 175 176 hs_ep_out.bEndpointAddress = fs_ep_out.bEndpointAddress; 177 178 s = getenv("serial#"); 179 if (s) 180 g_dnl_set_serialnumber((char *)s); 181 182 return 0; 183 } 184 185 static void fastboot_unbind(struct usb_configuration *c, struct usb_function *f) 186 { 187 memset(fastboot_func, 0, sizeof(*fastboot_func)); 188 } 189 190 static void fastboot_disable(struct usb_function *f) 191 { 192 struct f_fastboot *f_fb = func_to_fastboot(f); 193 194 usb_ep_disable(f_fb->out_ep); 195 usb_ep_disable(f_fb->in_ep); 196 197 if (f_fb->out_req) { 198 free(f_fb->out_req->buf); 199 usb_ep_free_request(f_fb->out_ep, f_fb->out_req); 200 f_fb->out_req = NULL; 201 } 202 if (f_fb->in_req) { 203 free(f_fb->in_req->buf); 204 usb_ep_free_request(f_fb->in_ep, f_fb->in_req); 205 f_fb->in_req = NULL; 206 } 207 } 208 209 static struct usb_request *fastboot_start_ep(struct usb_ep *ep) 210 { 211 struct usb_request *req; 212 213 req = usb_ep_alloc_request(ep, 0); 214 if (!req) 215 return NULL; 216 217 req->length = EP_BUFFER_SIZE; 218 req->buf = memalign(CONFIG_SYS_CACHELINE_SIZE, EP_BUFFER_SIZE); 219 if (!req->buf) { 220 usb_ep_free_request(ep, req); 221 return NULL; 222 } 223 224 memset(req->buf, 0, req->length); 225 return req; 226 } 227 228 static int fastboot_set_alt(struct usb_function *f, 229 unsigned interface, unsigned alt) 230 { 231 int ret; 232 struct usb_composite_dev *cdev = f->config->cdev; 233 struct usb_gadget *gadget = cdev->gadget; 234 struct f_fastboot *f_fb = func_to_fastboot(f); 235 236 debug("%s: func: %s intf: %d alt: %d\n", 237 __func__, f->name, interface, alt); 238 239 /* make sure we don't enable the ep twice */ 240 if (gadget->speed == USB_SPEED_HIGH) { 241 ret = usb_ep_enable(f_fb->out_ep, &hs_ep_out); 242 is_high_speed = true; 243 } else { 244 ret = usb_ep_enable(f_fb->out_ep, &fs_ep_out); 245 is_high_speed = false; 246 } 247 if (ret) { 248 puts("failed to enable out ep\n"); 249 return ret; 250 } 251 252 f_fb->out_req = fastboot_start_ep(f_fb->out_ep); 253 if (!f_fb->out_req) { 254 puts("failed to alloc out req\n"); 255 ret = -EINVAL; 256 goto err; 257 } 258 f_fb->out_req->complete = rx_handler_command; 259 260 ret = usb_ep_enable(f_fb->in_ep, &fs_ep_in); 261 if (ret) { 262 puts("failed to enable in ep\n"); 263 goto err; 264 } 265 266 f_fb->in_req = fastboot_start_ep(f_fb->in_ep); 267 if (!f_fb->in_req) { 268 puts("failed alloc req in\n"); 269 ret = -EINVAL; 270 goto err; 271 } 272 f_fb->in_req->complete = fastboot_complete; 273 274 ret = usb_ep_queue(f_fb->out_ep, f_fb->out_req, 0); 275 if (ret) 276 goto err; 277 278 return 0; 279 err: 280 fastboot_disable(f); 281 return ret; 282 } 283 284 static int fastboot_add(struct usb_configuration *c) 285 { 286 struct f_fastboot *f_fb = fastboot_func; 287 int status; 288 289 debug("%s: cdev: 0x%p\n", __func__, c->cdev); 290 291 if (!f_fb) { 292 f_fb = memalign(CONFIG_SYS_CACHELINE_SIZE, sizeof(*f_fb)); 293 if (!f_fb) 294 return -ENOMEM; 295 296 fastboot_func = f_fb; 297 memset(f_fb, 0, sizeof(*f_fb)); 298 } 299 300 f_fb->usb_function.name = "f_fastboot"; 301 f_fb->usb_function.hs_descriptors = fb_runtime_descs; 302 f_fb->usb_function.bind = fastboot_bind; 303 f_fb->usb_function.unbind = fastboot_unbind; 304 f_fb->usb_function.set_alt = fastboot_set_alt; 305 f_fb->usb_function.disable = fastboot_disable; 306 f_fb->usb_function.strings = fastboot_strings; 307 308 status = usb_add_function(c, &f_fb->usb_function); 309 if (status) { 310 free(f_fb); 311 fastboot_func = f_fb; 312 } 313 314 return status; 315 } 316 DECLARE_GADGET_BIND_CALLBACK(usb_dnl_fastboot, fastboot_add); 317 318 static int fastboot_tx_write(const char *buffer, unsigned int buffer_size) 319 { 320 struct usb_request *in_req = fastboot_func->in_req; 321 int ret; 322 323 memcpy(in_req->buf, buffer, buffer_size); 324 in_req->length = buffer_size; 325 326 usb_ep_dequeue(fastboot_func->in_ep, in_req); 327 328 ret = usb_ep_queue(fastboot_func->in_ep, in_req, 0); 329 if (ret) 330 printf("Error %d on queue\n", ret); 331 return 0; 332 } 333 334 static int fastboot_tx_write_str(const char *buffer) 335 { 336 return fastboot_tx_write(buffer, strlen(buffer)); 337 } 338 339 static void compl_do_reset(struct usb_ep *ep, struct usb_request *req) 340 { 341 do_reset(NULL, 0, 0, NULL); 342 } 343 344 int __weak fb_set_reboot_flag(void) 345 { 346 return -ENOSYS; 347 } 348 349 static void cb_reboot(struct usb_ep *ep, struct usb_request *req) 350 { 351 char *cmd = req->buf; 352 if (!strcmp_l1("reboot-bootloader", cmd)) { 353 if (fb_set_reboot_flag()) { 354 fastboot_tx_write_str("FAILCannot set reboot flag"); 355 return; 356 } 357 } 358 fastboot_func->in_req->complete = compl_do_reset; 359 fastboot_tx_write_str("OKAY"); 360 } 361 362 static int strcmp_l1(const char *s1, const char *s2) 363 { 364 if (!s1 || !s2) 365 return -1; 366 return strncmp(s1, s2, strlen(s1)); 367 } 368 369 static void cb_getvar(struct usb_ep *ep, struct usb_request *req) 370 { 371 char *cmd = req->buf; 372 char response[FASTBOOT_RESPONSE_LEN]; 373 const char *s; 374 size_t chars_left; 375 376 strcpy(response, "OKAY"); 377 chars_left = sizeof(response) - strlen(response) - 1; 378 379 strsep(&cmd, ":"); 380 if (!cmd) { 381 error("missing variable\n"); 382 fastboot_tx_write_str("FAILmissing var"); 383 return; 384 } 385 386 if (!strcmp_l1("version", cmd)) { 387 strncat(response, FASTBOOT_VERSION, chars_left); 388 } else if (!strcmp_l1("bootloader-version", cmd)) { 389 strncat(response, U_BOOT_VERSION, chars_left); 390 } else if (!strcmp_l1("downloadsize", cmd) || 391 !strcmp_l1("max-download-size", cmd)) { 392 char str_num[12]; 393 394 sprintf(str_num, "0x%08x", CONFIG_FASTBOOT_BUF_SIZE); 395 strncat(response, str_num, chars_left); 396 } else if (!strcmp_l1("serialno", cmd)) { 397 s = getenv("serial#"); 398 if (s) 399 strncat(response, s, chars_left); 400 else 401 strcpy(response, "FAILValue not set"); 402 } else { 403 error("unknown variable: %s\n", cmd); 404 strcpy(response, "FAILVariable not implemented"); 405 } 406 fastboot_tx_write_str(response); 407 } 408 409 static unsigned int rx_bytes_expected(unsigned int maxpacket) 410 { 411 int rx_remain = download_size - download_bytes; 412 int rem = 0; 413 if (rx_remain < 0) 414 return 0; 415 if (rx_remain > EP_BUFFER_SIZE) 416 return EP_BUFFER_SIZE; 417 if (rx_remain < maxpacket) { 418 rx_remain = maxpacket; 419 } else if (rx_remain % maxpacket != 0) { 420 rem = rx_remain % maxpacket; 421 rx_remain = rx_remain + (maxpacket - rem); 422 } 423 return rx_remain; 424 } 425 426 #define BYTES_PER_DOT 0x20000 427 static void rx_handler_dl_image(struct usb_ep *ep, struct usb_request *req) 428 { 429 char response[FASTBOOT_RESPONSE_LEN]; 430 unsigned int transfer_size = download_size - download_bytes; 431 const unsigned char *buffer = req->buf; 432 unsigned int buffer_size = req->actual; 433 unsigned int pre_dot_num, now_dot_num; 434 unsigned int max; 435 436 if (req->status != 0) { 437 printf("Bad status: %d\n", req->status); 438 return; 439 } 440 441 if (buffer_size < transfer_size) 442 transfer_size = buffer_size; 443 444 memcpy((void *)CONFIG_FASTBOOT_BUF_ADDR + download_bytes, 445 buffer, transfer_size); 446 447 pre_dot_num = download_bytes / BYTES_PER_DOT; 448 download_bytes += transfer_size; 449 now_dot_num = download_bytes / BYTES_PER_DOT; 450 451 if (pre_dot_num != now_dot_num) { 452 putc('.'); 453 if (!(now_dot_num % 74)) 454 putc('\n'); 455 } 456 457 /* Check if transfer is done */ 458 if (download_bytes >= download_size) { 459 /* 460 * Reset global transfer variable, keep download_bytes because 461 * it will be used in the next possible flashing command 462 */ 463 download_size = 0; 464 req->complete = rx_handler_command; 465 req->length = EP_BUFFER_SIZE; 466 467 sprintf(response, "OKAY"); 468 fastboot_tx_write_str(response); 469 470 printf("\ndownloading of %d bytes finished\n", download_bytes); 471 } else { 472 max = is_high_speed ? hs_ep_out.wMaxPacketSize : 473 fs_ep_out.wMaxPacketSize; 474 req->length = rx_bytes_expected(max); 475 if (req->length < ep->maxpacket) 476 req->length = ep->maxpacket; 477 } 478 479 req->actual = 0; 480 usb_ep_queue(ep, req, 0); 481 } 482 483 static void cb_download(struct usb_ep *ep, struct usb_request *req) 484 { 485 char *cmd = req->buf; 486 char response[FASTBOOT_RESPONSE_LEN]; 487 unsigned int max; 488 489 strsep(&cmd, ":"); 490 download_size = simple_strtoul(cmd, NULL, 16); 491 download_bytes = 0; 492 493 printf("Starting download of %d bytes\n", download_size); 494 495 if (0 == download_size) { 496 sprintf(response, "FAILdata invalid size"); 497 } else if (download_size > CONFIG_FASTBOOT_BUF_SIZE) { 498 download_size = 0; 499 sprintf(response, "FAILdata too large"); 500 } else { 501 sprintf(response, "DATA%08x", download_size); 502 req->complete = rx_handler_dl_image; 503 max = is_high_speed ? hs_ep_out.wMaxPacketSize : 504 fs_ep_out.wMaxPacketSize; 505 req->length = rx_bytes_expected(max); 506 if (req->length < ep->maxpacket) 507 req->length = ep->maxpacket; 508 } 509 fastboot_tx_write_str(response); 510 } 511 512 static void do_bootm_on_complete(struct usb_ep *ep, struct usb_request *req) 513 { 514 char boot_addr_start[12]; 515 char *bootm_args[] = { "bootm", boot_addr_start, NULL }; 516 517 puts("Booting kernel..\n"); 518 519 sprintf(boot_addr_start, "0x%lx", load_addr); 520 do_bootm(NULL, 0, 2, bootm_args); 521 522 /* This only happens if image is somehow faulty so we start over */ 523 do_reset(NULL, 0, 0, NULL); 524 } 525 526 static void cb_boot(struct usb_ep *ep, struct usb_request *req) 527 { 528 fastboot_func->in_req->complete = do_bootm_on_complete; 529 fastboot_tx_write_str("OKAY"); 530 } 531 532 static void do_exit_on_complete(struct usb_ep *ep, struct usb_request *req) 533 { 534 g_dnl_trigger_detach(); 535 } 536 537 static void cb_continue(struct usb_ep *ep, struct usb_request *req) 538 { 539 fastboot_func->in_req->complete = do_exit_on_complete; 540 fastboot_tx_write_str("OKAY"); 541 } 542 543 #ifdef CONFIG_FASTBOOT_FLASH 544 static void cb_flash(struct usb_ep *ep, struct usb_request *req) 545 { 546 char *cmd = req->buf; 547 char response[FASTBOOT_RESPONSE_LEN]; 548 549 strsep(&cmd, ":"); 550 if (!cmd) { 551 error("missing partition name\n"); 552 fastboot_tx_write_str("FAILmissing partition name"); 553 return; 554 } 555 556 strcpy(response, "FAILno flash device defined"); 557 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 558 fb_mmc_flash_write(cmd, (void *)CONFIG_FASTBOOT_BUF_ADDR, 559 download_bytes, response); 560 #endif 561 fastboot_tx_write_str(response); 562 } 563 #endif 564 565 static void cb_oem(struct usb_ep *ep, struct usb_request *req) 566 { 567 char *cmd = req->buf; 568 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 569 if (strncmp("format", cmd + 4, 6) == 0) { 570 char cmdbuf[32]; 571 sprintf(cmdbuf, "gpt write mmc %x $partitions", 572 CONFIG_FASTBOOT_FLASH_MMC_DEV); 573 if (run_command(cmdbuf, 0)) 574 fastboot_tx_write_str("FAIL"); 575 else 576 fastboot_tx_write_str("OKAY"); 577 } else 578 #endif 579 if (strncmp("unlock", cmd + 4, 8) == 0) { 580 fastboot_tx_write_str("FAILnot implemented"); 581 } 582 else { 583 fastboot_tx_write_str("FAILunknown oem command"); 584 } 585 } 586 587 #ifdef CONFIG_FASTBOOT_FLASH 588 static void cb_erase(struct usb_ep *ep, struct usb_request *req) 589 { 590 char *cmd = req->buf; 591 char response[FASTBOOT_RESPONSE_LEN]; 592 593 strsep(&cmd, ":"); 594 if (!cmd) { 595 error("missing partition name"); 596 fastboot_tx_write_str("FAILmissing partition name"); 597 return; 598 } 599 600 strcpy(response, "FAILno flash device defined"); 601 602 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 603 fb_mmc_erase(cmd, response); 604 #endif 605 fastboot_tx_write_str(response); 606 } 607 #endif 608 609 struct cmd_dispatch_info { 610 char *cmd; 611 void (*cb)(struct usb_ep *ep, struct usb_request *req); 612 }; 613 614 static const struct cmd_dispatch_info cmd_dispatch_info[] = { 615 { 616 .cmd = "reboot", 617 .cb = cb_reboot, 618 }, { 619 .cmd = "getvar:", 620 .cb = cb_getvar, 621 }, { 622 .cmd = "download:", 623 .cb = cb_download, 624 }, { 625 .cmd = "boot", 626 .cb = cb_boot, 627 }, { 628 .cmd = "continue", 629 .cb = cb_continue, 630 }, 631 #ifdef CONFIG_FASTBOOT_FLASH 632 { 633 .cmd = "flash", 634 .cb = cb_flash, 635 }, { 636 .cmd = "erase", 637 .cb = cb_erase, 638 }, 639 #endif 640 { 641 .cmd = "oem", 642 .cb = cb_oem, 643 }, 644 }; 645 646 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req) 647 { 648 char *cmdbuf = req->buf; 649 void (*func_cb)(struct usb_ep *ep, struct usb_request *req) = NULL; 650 int i; 651 652 if (req->status != 0 || req->length == 0) 653 return; 654 655 for (i = 0; i < ARRAY_SIZE(cmd_dispatch_info); i++) { 656 if (!strcmp_l1(cmd_dispatch_info[i].cmd, cmdbuf)) { 657 func_cb = cmd_dispatch_info[i].cb; 658 break; 659 } 660 } 661 662 if (!func_cb) { 663 error("unknown command: %s\n", cmdbuf); 664 fastboot_tx_write_str("FAILunknown command"); 665 } else { 666 if (req->actual < req->length) { 667 u8 *buf = (u8 *)req->buf; 668 buf[req->actual] = 0; 669 func_cb(ep, req); 670 } else { 671 error("buffer overflow\n"); 672 fastboot_tx_write_str("FAILbuffer overflow"); 673 } 674 } 675 676 *cmdbuf = '\0'; 677 req->actual = 0; 678 usb_ep_queue(ep, req, 0); 679 } 680