xref: /rk3399_rockchip-uboot/drivers/usb/gadget/f_rockusb.c (revision 87e4c6020eff05133e40ab8b7b0e37e6a2be37e4) 
1 /*
2  * Copyright 2017 Rockchip Electronics Co., Ltd
3  * Frank Wang <frank.wang@rock-chips.com>
4  *
5  * SPDX-License-Identifier:	GPL-2.0+
6  */
7 
8 #include <asm/io.h>
9 #include <asm/arch/boot_mode.h>
10 #include <asm/arch/chip_info.h>
11 #include <write_keybox.h>
12 
13 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION
14 #include <asm/arch/vendor.h>
15 #endif
16 
17 #include <rockusb.h>
18 
19 #define ROCKUSB_INTERFACE_CLASS	0xff
20 #define ROCKUSB_INTERFACE_SUB_CLASS	0x06
21 #define ROCKUSB_INTERFACE_PROTOCOL	0x05
22 
23 static struct usb_interface_descriptor rkusb_intf_desc = {
24 	.bLength		= USB_DT_INTERFACE_SIZE,
25 	.bDescriptorType	= USB_DT_INTERFACE,
26 	.bInterfaceNumber	= 0x00,
27 	.bAlternateSetting	= 0x00,
28 	.bNumEndpoints		= 0x02,
29 	.bInterfaceClass	= ROCKUSB_INTERFACE_CLASS,
30 	.bInterfaceSubClass	= ROCKUSB_INTERFACE_SUB_CLASS,
31 	.bInterfaceProtocol	= ROCKUSB_INTERFACE_PROTOCOL,
32 };
33 
34 static struct usb_descriptor_header *rkusb_fs_function[] = {
35 	(struct usb_descriptor_header *)&rkusb_intf_desc,
36 	(struct usb_descriptor_header *)&fsg_fs_bulk_in_desc,
37 	(struct usb_descriptor_header *)&fsg_fs_bulk_out_desc,
38 	NULL,
39 };
40 
41 static struct usb_descriptor_header *rkusb_hs_function[] = {
42 	(struct usb_descriptor_header *)&rkusb_intf_desc,
43 	(struct usb_descriptor_header *)&fsg_hs_bulk_in_desc,
44 	(struct usb_descriptor_header *)&fsg_hs_bulk_out_desc,
45 	NULL,
46 };
47 
48 static struct usb_descriptor_header *rkusb_ss_function[] = {
49 	(struct usb_descriptor_header *)&rkusb_intf_desc,
50 	(struct usb_descriptor_header *)&fsg_ss_bulk_in_desc,
51 	(struct usb_descriptor_header *)&fsg_ss_bulk_in_comp_desc,
52 	(struct usb_descriptor_header *)&fsg_ss_bulk_out_desc,
53 	(struct usb_descriptor_header *)&fsg_ss_bulk_out_comp_desc,
54 	NULL,
55 };
56 
57 struct rk_flash_info {
58 	u32	flash_size;
59 	u16	block_size;
60 	u8	page_size;
61 	u8	ecc_bits;
62 	u8	access_time;
63 	u8	manufacturer;
64 	u8	flash_mask;
65 } __packed;
66 
67 static int rkusb_rst_code; /* The subcode in reset command (0xFF) */
68 
69 int g_dnl_bind_fixup(struct usb_device_descriptor *dev, const char *name)
70 {
71 	if (IS_RKUSB_UMS_DNL(name)) {
72 		/* Fix to Rockchip's VID and PID */
73 		dev->idVendor  = __constant_cpu_to_le16(0x2207);
74 		dev->idProduct = __constant_cpu_to_le16(CONFIG_ROCKUSB_G_DNL_PID);
75 
76 		/* Enumerate as a loader device */
77 		dev->bcdUSB = cpu_to_le16(0x0201);
78 	} else if (!strncmp(name, "usb_dnl_fastboot", 16)) {
79 		/* Fix to Google's VID and PID */
80 		dev->idVendor  = __constant_cpu_to_le16(0x18d1);
81 		dev->idProduct = __constant_cpu_to_le16(0xd00d);
82 	}
83 
84 	return 0;
85 }
86 
87 __maybe_unused
88 static inline void dump_cbw(struct fsg_bulk_cb_wrap *cbw)
89 {
90 	assert(!cbw);
91 
92 	debug("%s:\n", __func__);
93 	debug("Signature %x\n", cbw->Signature);
94 	debug("Tag %x\n", cbw->Tag);
95 	debug("DataTransferLength %x\n", cbw->DataTransferLength);
96 	debug("Flags %x\n", cbw->Flags);
97 	debug("LUN %x\n", cbw->Lun);
98 	debug("Length %x\n", cbw->Length);
99 	debug("OptionCode %x\n", cbw->CDB[0]);
100 	debug("SubCode %x\n", cbw->CDB[1]);
101 	debug("SectorAddr %x\n", get_unaligned_be32(&cbw->CDB[2]));
102 	debug("BlkSectors %x\n\n", get_unaligned_be16(&cbw->CDB[7]));
103 }
104 
105 static int rkusb_check_lun(struct fsg_common *common)
106 {
107 	struct fsg_lun *curlun;
108 
109 	/* Check the LUN */
110 	if (common->lun >= 0 && common->lun < common->nluns) {
111 		curlun = &common->luns[common->lun];
112 		if (common->cmnd[0] != SC_REQUEST_SENSE) {
113 			curlun->sense_data = SS_NO_SENSE;
114 			curlun->info_valid = 0;
115 		}
116 	} else {
117 		curlun = NULL;
118 		common->bad_lun_okay = 0;
119 
120 		/*
121 		 * INQUIRY and REQUEST SENSE commands are explicitly allowed
122 		 * to use unsupported LUNs; all others may not.
123 		 */
124 		if (common->cmnd[0] != SC_INQUIRY &&
125 		    common->cmnd[0] != SC_REQUEST_SENSE) {
126 			debug("unsupported LUN %d\n", common->lun);
127 			return -EINVAL;
128 		}
129 	}
130 
131 	return 0;
132 }
133 
134 static void __do_reset(struct usb_ep *ep, struct usb_request *req)
135 {
136 	u32 boot_flag = BOOT_NORMAL;
137 
138 	if (rkusb_rst_code == 0x03)
139 		boot_flag = BOOT_BROM_DOWNLOAD;
140 
141 	rkusb_rst_code = 0; /* restore to default */
142 	writel(boot_flag, (void *)CONFIG_ROCKCHIP_BOOT_MODE_REG);
143 
144 	do_reset(NULL, 0, 0, NULL);
145 }
146 
147 static int rkusb_do_reset(struct fsg_common *common,
148 			  struct fsg_buffhd *bh)
149 {
150 	common->data_size_from_cmnd = common->cmnd[4];
151 	common->residue = 0;
152 	bh->inreq->complete = __do_reset;
153 	bh->state = BUF_STATE_EMPTY;
154 
155 	rkusb_rst_code = !common->cmnd[1] ? 0xff : common->cmnd[1];
156 	return 0;
157 }
158 
159 static int rkusb_do_test_unit_ready(struct fsg_common *common,
160 				    struct fsg_buffhd *bh)
161 {
162 	common->residue = 0x06 << 24; /* Max block xfer support from host */
163 	common->data_dir = DATA_DIR_NONE;
164 	bh->state = BUF_STATE_EMPTY;
165 
166 	return 0;
167 }
168 
169 static int rkusb_do_read_flash_id(struct fsg_common *common,
170 				  struct fsg_buffhd *bh)
171 {
172 	u8 *buf = (u8 *)bh->buf;
173 	u32 len = 5;
174 	enum if_type type = ums[common->lun].block_dev.if_type;
175 
176 	if (type == IF_TYPE_MMC)
177 		memcpy((void *)&buf[0], "EMMC ", 5);
178 	else if (type == IF_TYPE_RKNAND)
179 		memcpy((void *)&buf[0], "NAND ", 5);
180 	else
181 		memcpy((void *)&buf[0], "UNKN ", 5); /* unknown */
182 
183 	/* Set data xfer size */
184 	common->residue = common->data_size_from_cmnd = len;
185 	common->data_size = len;
186 
187 	return len;
188 }
189 
190 static int rkusb_do_test_bad_block(struct fsg_common *common,
191 				   struct fsg_buffhd *bh)
192 {
193 	u8 *buf = (u8 *)bh->buf;
194 	u32 len = 64;
195 
196 	memset((void *)&buf[0], 0, len);
197 
198 	/* Set data xfer size */
199 	common->residue = common->data_size_from_cmnd = len;
200 	common->data_size = len;
201 
202 	return len;
203 }
204 
205 static int rkusb_do_read_flash_info(struct fsg_common *common,
206 				    struct fsg_buffhd *bh)
207 {
208 	u8 *buf = (u8 *)bh->buf;
209 	u32 len = sizeof(struct rk_flash_info);
210 	struct rk_flash_info finfo = {
211 		.block_size = 1024,
212 		.ecc_bits = 0,
213 		.page_size = 4,
214 		.access_time = 40,
215 		.manufacturer = 0,
216 		.flash_mask = 0
217 	};
218 
219 	finfo.flash_size = (u32)ums[common->lun].block_dev.lba;
220 	if (finfo.flash_size)
221 		finfo.flash_mask = 1;
222 
223 	memset((void *)&buf[0], 0, len);
224 	memcpy((void *)&buf[0], (void *)&finfo, len);
225 
226 	/* Set data xfer size */
227 	common->residue = common->data_size_from_cmnd = len;
228         /* legacy upgrade_tool does not set correct transfer size */
229 	common->data_size = len;
230 
231 	return len;
232 }
233 
234 static int rkusb_do_get_chip_info(struct fsg_common *common,
235 				  struct fsg_buffhd *bh)
236 {
237 	u8 *buf = (u8 *)bh->buf;
238 	u32 len = common->data_size;
239 	u32 chip_info[4];
240 
241 	memset((void *)chip_info, 0, sizeof(chip_info));
242 	rockchip_rockusb_get_chip_info(chip_info);
243 
244 	memset((void *)&buf[0], 0, len);
245 	memcpy((void *)&buf[0], (void *)chip_info, len);
246 
247 	/* Set data xfer size */
248 	common->residue = common->data_size_from_cmnd = len;
249 
250 	return len;
251 }
252 
253 static int rkusb_do_lba_erase(struct fsg_common *common,
254 			      struct fsg_buffhd *bh)
255 {
256 	struct fsg_lun *curlun = &common->luns[common->lun];
257 	u32 lba, amount;
258 	loff_t file_offset;
259 	int rc;
260 
261 	lba = get_unaligned_be32(&common->cmnd[2]);
262 	if (lba >= curlun->num_sectors) {
263 		curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
264 		rc = -EINVAL;
265 		goto out;
266 	}
267 
268 	file_offset = ((loff_t) lba) << 9;
269 	amount = get_unaligned_be16(&common->cmnd[7]) << 9;
270 	if (unlikely(amount == 0)) {
271 		curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
272 		rc = -EIO;
273 		goto out;
274 	}
275 
276 	/* Perform the erase */
277 	rc = ums[common->lun].erase_sector(&ums[common->lun],
278 			       file_offset / SECTOR_SIZE,
279 			       amount / SECTOR_SIZE);
280 	if (!rc) {
281 		curlun->sense_data = SS_MEDIUM_NOT_PRESENT;
282 		rc = -EIO;
283 	}
284 
285 out:
286 	common->data_dir = DATA_DIR_NONE;
287 	bh->state = BUF_STATE_EMPTY;
288 
289 	return rc;
290 }
291 
292 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION
293 static int rkusb_do_vs_write(struct fsg_common *common)
294 {
295 	struct fsg_lun		*curlun = &common->luns[common->lun];
296 	u16			type = get_unaligned_be16(&common->cmnd[4]);
297 	struct vendor_item	*vhead;
298 	struct fsg_buffhd	*bh;
299 	void			*data;
300 	int			rc;
301 
302 	if (common->data_size >= (u32)65536) {
303 		/* _MUST_ small than 64K */
304 		curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
305 		return -EINVAL;
306 	}
307 
308 	common->residue         = common->data_size;
309 	common->usb_amount_left = common->data_size;
310 
311 	/* Carry out the file writes */
312 	if (unlikely(common->data_size == 0))
313 		return -EIO; /* No data to write */
314 
315 	for (;;) {
316 		if (common->usb_amount_left > 0) {
317 			/* Wait for the next buffer to become available */
318 			bh = common->next_buffhd_to_fill;
319 			if (bh->state != BUF_STATE_EMPTY)
320 				goto wait;
321 
322 			/* Request the next buffer */
323 			common->usb_amount_left      -= common->data_size;
324 			bh->outreq->length	     = common->data_size;
325 			bh->bulk_out_intended_length = common->data_size;
326 			bh->outreq->short_not_ok     = 1;
327 
328 			START_TRANSFER_OR(common, bulk_out, bh->outreq,
329 					  &bh->outreq_busy, &bh->state)
330 				/*
331 				 * Don't know what to do if
332 				 * common->fsg is NULL
333 				 */
334 				return -EIO;
335 			common->next_buffhd_to_fill = bh->next;
336 		} else {
337 			/* Then, wait for the data to become available */
338 			bh = common->next_buffhd_to_drain;
339 			if (bh->state != BUF_STATE_FULL)
340 				goto wait;
341 
342 			common->next_buffhd_to_drain = bh->next;
343 			bh->state = BUF_STATE_EMPTY;
344 
345 			/* Did something go wrong with the transfer? */
346 			if (bh->outreq->status != 0) {
347 				curlun->sense_data = SS_COMMUNICATION_FAILURE;
348 				curlun->info_valid = 1;
349 				break;
350 			}
351 
352 			/* Perform the write */
353 			vhead = (struct vendor_item *)bh->buf;
354 			data  = bh->buf + sizeof(struct vendor_item);
355 
356 			if (!type) {
357 				/* Vendor storage */
358 				rc = vendor_storage_write(vhead->id,
359 							  (char __user *)data,
360 							  vhead->size);
361 				if (rc < 0) {
362 					curlun->sense_data = SS_WRITE_ERROR;
363 					return -EIO;
364 				}
365 			} else {
366 				/* RPMB */
367 				rc =
368 				write_keybox_to_secure_storage((u8 *)data,
369 							       vhead->size);
370 				if (rc < 0) {
371 					curlun->sense_data = SS_WRITE_ERROR;
372 					return -EIO;
373 				}
374 			}
375 
376 			common->residue -= common->data_size;
377 
378 			/* Did the host decide to stop early? */
379 			if (bh->outreq->actual != bh->outreq->length)
380 				common->short_packet_received = 1;
381 			break; /* Command done */
382 		}
383 wait:
384 		/* Wait for something to happen */
385 		rc = sleep_thread(common);
386 		if (rc)
387 			return rc;
388 	}
389 
390 	return -EIO; /* No default reply */
391 }
392 
393 static int rkusb_do_vs_read(struct fsg_common *common)
394 {
395 	struct fsg_lun		*curlun = &common->luns[common->lun];
396 	u16			type = get_unaligned_be16(&common->cmnd[4]);
397 	struct vendor_item	*vhead;
398 	struct fsg_buffhd	*bh;
399 	void			*data;
400 	int			rc;
401 
402 	if (common->data_size >= (u32)65536) {
403 		/* _MUST_ small than 64K */
404 		curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
405 		return -EINVAL;
406 	}
407 
408 	common->residue         = common->data_size;
409 	common->usb_amount_left = common->data_size;
410 
411 	/* Carry out the file reads */
412 	if (unlikely(common->data_size == 0))
413 		return -EIO; /* No default reply */
414 
415 	for (;;) {
416 		/* Wait for the next buffer to become available */
417 		bh = common->next_buffhd_to_fill;
418 		while (bh->state != BUF_STATE_EMPTY) {
419 			rc = sleep_thread(common);
420 			if (rc)
421 				return rc;
422 		}
423 
424 		memset(bh->buf, 0, FSG_BUFLEN);
425 		vhead = (struct vendor_item *)bh->buf;
426 		data  = bh->buf + sizeof(struct vendor_item);
427 		vhead->id = get_unaligned_be16(&common->cmnd[2]);
428 
429 		if (!type) {
430 			/* Vendor storage */
431 			rc = vendor_storage_read(vhead->id,
432 						 (char __user *)data,
433 						 common->data_size);
434 			if (!rc) {
435 				curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
436 				return -EIO;
437 			}
438 			vhead->size = rc;
439 		} else {
440 			/* RPMB */
441 			rc =
442 			read_raw_data_from_secure_storage((u8 *)data,
443 							  common->data_size);
444 			if (!rc) {
445 				curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
446 				return -EIO;
447 			}
448 			vhead->size = rc;
449 		}
450 
451 		common->residue   -= common->data_size;
452 		bh->inreq->length = common->data_size;
453 		bh->state         = BUF_STATE_FULL;
454 
455 		break; /* No more left to read */
456 	}
457 
458 	return -EIO; /* No default reply */
459 }
460 #endif
461 
462 static int rkusb_do_read_capacity(struct fsg_common *common,
463 				    struct fsg_buffhd *bh)
464 {
465 	u8 *buf = (u8 *)bh->buf;
466 	u32 len = common->data_size;
467 	enum if_type type = ums[common->lun].block_dev.if_type;
468 
469 	/*
470 	 * bit[0]: Direct LBA, 0: Disabled;
471 	 * bit[1]: Vendor Storage API, 0: Disabed (default);
472 	 * bit[2]: First 4M Access, 0: Disabled;
473 	 * bit[3]: Read LBA On, 0: Disabed (default);
474 	 * bit[4]: New Vendor Storage API, 0: Disabed;
475 	 * bit[5:63}: Reserved.
476 	 */
477 	memset((void *)&buf[0], 0, len);
478 	if (type == IF_TYPE_MMC || type == IF_TYPE_SD)
479 		buf[0] = BIT(0) | BIT(2) | BIT(4);
480 	else
481 		buf[0] = BIT(0) | BIT(4);
482 
483 	/* Set data xfer size */
484 	common->residue = common->data_size_from_cmnd = len;
485 
486 	return len;
487 }
488 
489 static void rkusb_fixup_cbwcb(struct fsg_common *common,
490 			      struct fsg_buffhd *bh)
491 {
492 	struct usb_request      *req = bh->outreq;
493 	struct fsg_bulk_cb_wrap *cbw = req->buf;
494 
495 	/* FIXME cbw.DataTransferLength was not set by Upgrade Tool */
496 	common->data_size = le32_to_cpu(cbw->DataTransferLength);
497 	if (common->data_size == 0) {
498 		common->data_size =
499 		get_unaligned_be16(&common->cmnd[7]) << 9;
500 		printf("Trasfer Length NOT set, please use new version tool\n");
501 		debug("%s %d, cmnd1 %x\n", __func__,
502 		      get_unaligned_be16(&common->cmnd[7]),
503 		      get_unaligned_be16(&common->cmnd[1]));
504 	}
505 	if (cbw->Flags & USB_BULK_IN_FLAG)
506 		common->data_dir = DATA_DIR_TO_HOST;
507 	else
508 		common->data_dir = DATA_DIR_FROM_HOST;
509 
510 	/* Not support */
511 	common->cmnd[1] = 0;
512 }
513 
514 static int rkusb_cmd_process(struct fsg_common *common,
515 			     struct fsg_buffhd *bh, int *reply)
516 {
517 	struct usb_request	*req = bh->outreq;
518 	struct fsg_bulk_cb_wrap	*cbw = req->buf;
519 	int rc;
520 
521 	dump_cbw(cbw);
522 
523 	if (rkusb_check_lun(common)) {
524 		*reply = -EINVAL;
525 		return RKUSB_RC_ERROR;
526 	}
527 
528 	switch (common->cmnd[0]) {
529 	case RKUSB_TEST_UNIT_READY:
530 		*reply = rkusb_do_test_unit_ready(common, bh);
531 		rc = RKUSB_RC_FINISHED;
532 		break;
533 
534 	case RKUSB_READ_FLASH_ID:
535 		*reply = rkusb_do_read_flash_id(common, bh);
536 		rc = RKUSB_RC_FINISHED;
537 		break;
538 
539 	case RKUSB_TEST_BAD_BLOCK:
540 		*reply = rkusb_do_test_bad_block(common, bh);
541 		rc = RKUSB_RC_FINISHED;
542 		break;
543 
544 	case RKUSB_LBA_READ_10:
545 		rkusb_fixup_cbwcb(common, bh);
546 		common->cmnd[0] = SC_READ_10;
547 		common->cmnd[1] = 0; /* Not support */
548 		rc = RKUSB_RC_CONTINUE;
549 		break;
550 
551 	case RKUSB_LBA_WRITE_10:
552 		rkusb_fixup_cbwcb(common, bh);
553 		common->cmnd[0] = SC_WRITE_10;
554 		common->cmnd[1] = 0; /* Not support */
555 		rc = RKUSB_RC_CONTINUE;
556 		break;
557 
558 	case RKUSB_READ_FLASH_INFO:
559 		*reply = rkusb_do_read_flash_info(common, bh);
560 		rc = RKUSB_RC_FINISHED;
561 		break;
562 
563 	case RKUSB_GET_CHIP_VER:
564 		*reply = rkusb_do_get_chip_info(common, bh);
565 		rc = RKUSB_RC_FINISHED;
566 		break;
567 
568 	case RKUSB_LBA_ERASE:
569 		*reply = rkusb_do_lba_erase(common, bh);
570 		rc = RKUSB_RC_FINISHED;
571 		break;
572 
573 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION
574 	case RKUSB_VS_WRITE:
575 		*reply = rkusb_do_vs_write(common);
576 		rc = RKUSB_RC_FINISHED;
577 		break;
578 
579 	case RKUSB_VS_READ:
580 		*reply = rkusb_do_vs_read(common);
581 		rc = RKUSB_RC_FINISHED;
582 		break;
583 #endif
584 
585 	case RKUSB_READ_CAPACITY:
586 		*reply = rkusb_do_read_capacity(common, bh);
587 		rc = RKUSB_RC_FINISHED;
588 		break;
589 
590 	case RKUSB_RESET:
591 		*reply = rkusb_do_reset(common, bh);
592 		rc = RKUSB_RC_FINISHED;
593 		break;
594 
595 	case RKUSB_READ_10:
596 	case RKUSB_WRITE_10:
597 		printf("CMD Not support, pls use new version Tool\n");
598 	case RKUSB_SET_DEVICE_ID:
599 	case RKUSB_ERASE_10:
600 	case RKUSB_WRITE_SPARE:
601 	case RKUSB_READ_SPARE:
602 	case RKUSB_ERASE_10_FORCE:
603 	case RKUSB_GET_VERSION:
604 	case RKUSB_ERASE_SYS_DISK:
605 	case RKUSB_SDRAM_READ_10:
606 	case RKUSB_SDRAM_WRITE_10:
607 	case RKUSB_SDRAM_EXECUTE:
608 	case RKUSB_LOW_FORMAT:
609 	case RKUSB_SET_RESET_FLAG:
610 	case RKUSB_SPI_READ_10:
611 	case RKUSB_SPI_WRITE_10:
612 	case RKUSB_SESSION:
613 		/* Fall through */
614 	default:
615 		rc = RKUSB_RC_UNKNOWN_CMND;
616 		break;
617 	}
618 
619 	return rc;
620 }
621 
622 DECLARE_GADGET_BIND_CALLBACK(rkusb_ums_dnl, fsg_add);
623