1 /* 2 * Copyright 2017 Rockchip Electronics Co., Ltd 3 * Frank Wang <frank.wang@rock-chips.com> 4 * 5 * SPDX-License-Identifier: GPL-2.0+ 6 */ 7 8 #include <asm/io.h> 9 #include <asm/arch/boot_mode.h> 10 #include <asm/arch/chip_info.h> 11 #include <write_keybox.h> 12 13 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 14 #include <asm/arch/vendor.h> 15 #endif 16 17 #include <rockusb.h> 18 19 #define ROCKUSB_INTERFACE_CLASS 0xff 20 #define ROCKUSB_INTERFACE_SUB_CLASS 0x06 21 #define ROCKUSB_INTERFACE_PROTOCOL 0x05 22 23 static struct usb_interface_descriptor rkusb_intf_desc = { 24 .bLength = USB_DT_INTERFACE_SIZE, 25 .bDescriptorType = USB_DT_INTERFACE, 26 .bInterfaceNumber = 0x00, 27 .bAlternateSetting = 0x00, 28 .bNumEndpoints = 0x02, 29 .bInterfaceClass = ROCKUSB_INTERFACE_CLASS, 30 .bInterfaceSubClass = ROCKUSB_INTERFACE_SUB_CLASS, 31 .bInterfaceProtocol = ROCKUSB_INTERFACE_PROTOCOL, 32 }; 33 34 static struct usb_descriptor_header *rkusb_fs_function[] = { 35 (struct usb_descriptor_header *)&rkusb_intf_desc, 36 (struct usb_descriptor_header *)&fsg_fs_bulk_in_desc, 37 (struct usb_descriptor_header *)&fsg_fs_bulk_out_desc, 38 NULL, 39 }; 40 41 static struct usb_descriptor_header *rkusb_hs_function[] = { 42 (struct usb_descriptor_header *)&rkusb_intf_desc, 43 (struct usb_descriptor_header *)&fsg_hs_bulk_in_desc, 44 (struct usb_descriptor_header *)&fsg_hs_bulk_out_desc, 45 NULL, 46 }; 47 48 static struct usb_descriptor_header *rkusb_ss_function[] = { 49 (struct usb_descriptor_header *)&rkusb_intf_desc, 50 (struct usb_descriptor_header *)&fsg_ss_bulk_in_desc, 51 (struct usb_descriptor_header *)&fsg_ss_bulk_in_comp_desc, 52 (struct usb_descriptor_header *)&fsg_ss_bulk_out_desc, 53 (struct usb_descriptor_header *)&fsg_ss_bulk_out_comp_desc, 54 NULL, 55 }; 56 57 struct rk_flash_info { 58 u32 flash_size; 59 u16 block_size; 60 u8 page_size; 61 u8 ecc_bits; 62 u8 access_time; 63 u8 manufacturer; 64 u8 flash_mask; 65 } __packed; 66 67 static int rkusb_rst_code; /* The subcode in reset command (0xFF) */ 68 69 int g_dnl_bind_fixup(struct usb_device_descriptor *dev, const char *name) 70 { 71 if (IS_RKUSB_UMS_DNL(name)) { 72 /* Fix to Rockchip's VID and PID */ 73 dev->idVendor = __constant_cpu_to_le16(0x2207); 74 dev->idProduct = __constant_cpu_to_le16(CONFIG_ROCKUSB_G_DNL_PID); 75 76 /* Enumerate as a loader device */ 77 dev->bcdUSB = cpu_to_le16(0x0201); 78 } else if (!strncmp(name, "usb_dnl_fastboot", 16)) { 79 /* Fix to Google's VID and PID */ 80 dev->idVendor = __constant_cpu_to_le16(0x18d1); 81 dev->idProduct = __constant_cpu_to_le16(0xd00d); 82 } 83 84 return 0; 85 } 86 87 __maybe_unused 88 static inline void dump_cbw(struct fsg_bulk_cb_wrap *cbw) 89 { 90 assert(!cbw); 91 92 debug("%s:\n", __func__); 93 debug("Signature %x\n", cbw->Signature); 94 debug("Tag %x\n", cbw->Tag); 95 debug("DataTransferLength %x\n", cbw->DataTransferLength); 96 debug("Flags %x\n", cbw->Flags); 97 debug("LUN %x\n", cbw->Lun); 98 debug("Length %x\n", cbw->Length); 99 debug("OptionCode %x\n", cbw->CDB[0]); 100 debug("SubCode %x\n", cbw->CDB[1]); 101 debug("SectorAddr %x\n", get_unaligned_be32(&cbw->CDB[2])); 102 debug("BlkSectors %x\n\n", get_unaligned_be16(&cbw->CDB[7])); 103 } 104 105 static int rkusb_check_lun(struct fsg_common *common) 106 { 107 struct fsg_lun *curlun; 108 109 /* Check the LUN */ 110 if (common->lun >= 0 && common->lun < common->nluns) { 111 curlun = &common->luns[common->lun]; 112 if (common->cmnd[0] != SC_REQUEST_SENSE) { 113 curlun->sense_data = SS_NO_SENSE; 114 curlun->info_valid = 0; 115 } 116 } else { 117 curlun = NULL; 118 common->bad_lun_okay = 0; 119 120 /* 121 * INQUIRY and REQUEST SENSE commands are explicitly allowed 122 * to use unsupported LUNs; all others may not. 123 */ 124 if (common->cmnd[0] != SC_INQUIRY && 125 common->cmnd[0] != SC_REQUEST_SENSE) { 126 debug("unsupported LUN %d\n", common->lun); 127 return -EINVAL; 128 } 129 } 130 131 return 0; 132 } 133 134 static void __do_reset(struct usb_ep *ep, struct usb_request *req) 135 { 136 u32 boot_flag = BOOT_NORMAL; 137 138 if (rkusb_rst_code == 0x03) 139 boot_flag = BOOT_BROM_DOWNLOAD; 140 141 rkusb_rst_code = 0; /* restore to default */ 142 writel(boot_flag, (void *)CONFIG_ROCKCHIP_BOOT_MODE_REG); 143 144 do_reset(NULL, 0, 0, NULL); 145 } 146 147 static int rkusb_do_reset(struct fsg_common *common, 148 struct fsg_buffhd *bh) 149 { 150 common->data_size_from_cmnd = common->cmnd[4]; 151 common->residue = 0; 152 bh->inreq->complete = __do_reset; 153 bh->state = BUF_STATE_EMPTY; 154 155 rkusb_rst_code = !common->cmnd[1] ? 0xff : common->cmnd[1]; 156 return 0; 157 } 158 159 static int rkusb_do_test_unit_ready(struct fsg_common *common, 160 struct fsg_buffhd *bh) 161 { 162 common->residue = 0x06 << 24; /* Max block xfer support from host */ 163 common->data_dir = DATA_DIR_NONE; 164 bh->state = BUF_STATE_EMPTY; 165 166 return 0; 167 } 168 169 static int rkusb_do_read_flash_id(struct fsg_common *common, 170 struct fsg_buffhd *bh) 171 { 172 u8 *buf = (u8 *)bh->buf; 173 u32 len = 5; 174 enum if_type type = ums[common->lun].block_dev.if_type; 175 176 if (type == IF_TYPE_MMC) 177 memcpy((void *)&buf[0], "EMMC ", 5); 178 else if (type == IF_TYPE_RKNAND) 179 memcpy((void *)&buf[0], "NAND ", 5); 180 else 181 memcpy((void *)&buf[0], "UNKN ", 5); /* unknown */ 182 183 /* Set data xfer size */ 184 common->residue = common->data_size_from_cmnd = len; 185 common->data_size = len; 186 187 return len; 188 } 189 190 static int rkusb_do_test_bad_block(struct fsg_common *common, 191 struct fsg_buffhd *bh) 192 { 193 u8 *buf = (u8 *)bh->buf; 194 u32 len = 64; 195 196 memset((void *)&buf[0], 0, len); 197 198 /* Set data xfer size */ 199 common->residue = common->data_size_from_cmnd = len; 200 common->data_size = len; 201 202 return len; 203 } 204 205 static int rkusb_do_read_flash_info(struct fsg_common *common, 206 struct fsg_buffhd *bh) 207 { 208 u8 *buf = (u8 *)bh->buf; 209 u32 len = sizeof(struct rk_flash_info); 210 struct rk_flash_info finfo = { 211 .block_size = 1024, 212 .ecc_bits = 0, 213 .page_size = 4, 214 .access_time = 40, 215 .manufacturer = 0, 216 .flash_mask = 0 217 }; 218 219 finfo.flash_size = (u32)ums[common->lun].block_dev.lba; 220 if (finfo.flash_size) 221 finfo.flash_mask = 1; 222 223 memset((void *)&buf[0], 0, len); 224 memcpy((void *)&buf[0], (void *)&finfo, len); 225 226 /* Set data xfer size */ 227 common->residue = common->data_size_from_cmnd = len; 228 /* legacy upgrade_tool does not set correct transfer size */ 229 common->data_size = len; 230 231 return len; 232 } 233 234 static int rkusb_do_get_chip_info(struct fsg_common *common, 235 struct fsg_buffhd *bh) 236 { 237 u8 *buf = (u8 *)bh->buf; 238 u32 len = common->data_size; 239 u32 chip_info[4]; 240 241 memset((void *)chip_info, 0, sizeof(chip_info)); 242 rockchip_rockusb_get_chip_info(chip_info); 243 244 memset((void *)&buf[0], 0, len); 245 memcpy((void *)&buf[0], (void *)chip_info, len); 246 247 /* Set data xfer size */ 248 common->residue = common->data_size_from_cmnd = len; 249 250 return len; 251 } 252 253 static int rkusb_do_lba_erase(struct fsg_common *common, 254 struct fsg_buffhd *bh) 255 { 256 struct fsg_lun *curlun = &common->luns[common->lun]; 257 u32 lba, amount; 258 loff_t file_offset; 259 int rc; 260 261 lba = get_unaligned_be32(&common->cmnd[2]); 262 if (lba >= curlun->num_sectors) { 263 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 264 rc = -EINVAL; 265 goto out; 266 } 267 268 file_offset = ((loff_t) lba) << 9; 269 amount = get_unaligned_be16(&common->cmnd[7]) << 9; 270 if (unlikely(amount == 0)) { 271 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 272 rc = -EIO; 273 goto out; 274 } 275 276 /* Perform the erase */ 277 rc = ums[common->lun].erase_sector(&ums[common->lun], 278 file_offset / SECTOR_SIZE, 279 amount / SECTOR_SIZE); 280 if (!rc) { 281 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 282 rc = -EIO; 283 } 284 285 out: 286 common->data_dir = DATA_DIR_NONE; 287 bh->state = BUF_STATE_EMPTY; 288 289 return rc; 290 } 291 292 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 293 static int rkusb_do_vs_write(struct fsg_common *common) 294 { 295 struct fsg_lun *curlun = &common->luns[common->lun]; 296 u16 type = get_unaligned_be16(&common->cmnd[4]); 297 struct vendor_item *vhead; 298 struct fsg_buffhd *bh; 299 void *data; 300 int rc; 301 302 if (common->data_size >= (u32)65536) { 303 /* _MUST_ small than 64K */ 304 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 305 return -EINVAL; 306 } 307 308 common->residue = common->data_size; 309 common->usb_amount_left = common->data_size; 310 311 /* Carry out the file writes */ 312 if (unlikely(common->data_size == 0)) 313 return -EIO; /* No data to write */ 314 315 for (;;) { 316 if (common->usb_amount_left > 0) { 317 /* Wait for the next buffer to become available */ 318 bh = common->next_buffhd_to_fill; 319 if (bh->state != BUF_STATE_EMPTY) 320 goto wait; 321 322 /* Request the next buffer */ 323 common->usb_amount_left -= common->data_size; 324 bh->outreq->length = common->data_size; 325 bh->bulk_out_intended_length = common->data_size; 326 bh->outreq->short_not_ok = 1; 327 328 START_TRANSFER_OR(common, bulk_out, bh->outreq, 329 &bh->outreq_busy, &bh->state) 330 /* 331 * Don't know what to do if 332 * common->fsg is NULL 333 */ 334 return -EIO; 335 common->next_buffhd_to_fill = bh->next; 336 } else { 337 /* Then, wait for the data to become available */ 338 bh = common->next_buffhd_to_drain; 339 if (bh->state != BUF_STATE_FULL) 340 goto wait; 341 342 common->next_buffhd_to_drain = bh->next; 343 bh->state = BUF_STATE_EMPTY; 344 345 /* Did something go wrong with the transfer? */ 346 if (bh->outreq->status != 0) { 347 curlun->sense_data = SS_COMMUNICATION_FAILURE; 348 curlun->info_valid = 1; 349 break; 350 } 351 352 /* Perform the write */ 353 vhead = (struct vendor_item *)bh->buf; 354 data = bh->buf + sizeof(struct vendor_item); 355 356 if (!type) { 357 /* Vendor storage */ 358 rc = vendor_storage_write(vhead->id, 359 (char __user *)data, 360 vhead->size); 361 if (rc < 0) 362 return -EIO; 363 } else { 364 /* RPMB */ 365 rc = 366 write_keybox_to_secure_storage((u8 *)data, 367 vhead->size); 368 if (rc < 0) 369 return -EIO; 370 } 371 372 common->residue -= common->data_size; 373 374 /* Did the host decide to stop early? */ 375 if (bh->outreq->actual != bh->outreq->length) 376 common->short_packet_received = 1; 377 break; /* Command done */ 378 } 379 wait: 380 /* Wait for something to happen */ 381 rc = sleep_thread(common); 382 if (rc) 383 return rc; 384 } 385 386 return -EIO; /* No default reply */ 387 } 388 389 static int rkusb_do_vs_read(struct fsg_common *common) 390 { 391 struct fsg_lun *curlun = &common->luns[common->lun]; 392 u16 type = get_unaligned_be16(&common->cmnd[4]); 393 struct vendor_item *vhead; 394 struct fsg_buffhd *bh; 395 void *data; 396 int rc; 397 398 if (common->data_size >= (u32)65536) { 399 /* _MUST_ small than 64K */ 400 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 401 return -EINVAL; 402 } 403 404 common->residue = common->data_size; 405 common->usb_amount_left = common->data_size; 406 407 /* Carry out the file reads */ 408 if (unlikely(common->data_size == 0)) 409 return -EIO; /* No default reply */ 410 411 for (;;) { 412 /* Wait for the next buffer to become available */ 413 bh = common->next_buffhd_to_fill; 414 while (bh->state != BUF_STATE_EMPTY) { 415 rc = sleep_thread(common); 416 if (rc) 417 return rc; 418 } 419 420 memset(bh->buf, 0, FSG_BUFLEN); 421 vhead = (struct vendor_item *)bh->buf; 422 data = bh->buf + sizeof(struct vendor_item); 423 vhead->id = get_unaligned_be16(&common->cmnd[2]); 424 425 if (!type) { 426 /* Vendor storage */ 427 rc = vendor_storage_read(vhead->id, 428 (char __user *)data, 429 common->data_size); 430 if (!rc) 431 return -EIO; 432 vhead->size = rc; 433 } else { 434 /* RPMB */ 435 rc = 436 read_raw_data_from_secure_storage((u8 *)data, 437 common->data_size); 438 if (!rc) 439 return -EIO; 440 vhead->size = rc; 441 } 442 443 common->residue -= common->data_size; 444 bh->inreq->length = common->data_size; 445 bh->state = BUF_STATE_FULL; 446 447 break; /* No more left to read */ 448 } 449 450 return -EIO; /* No default reply */ 451 } 452 #endif 453 454 static int rkusb_do_read_capacity(struct fsg_common *common, 455 struct fsg_buffhd *bh) 456 { 457 u8 *buf = (u8 *)bh->buf; 458 u32 len = common->data_size; 459 enum if_type type = ums[common->lun].block_dev.if_type; 460 461 /* 462 * bit[0]: Direct LBA, 0: Disabled; 463 * bit[1]: Vendor Storage API, 0: Disabed (default); 464 * bit[2]: First 4M Access, 0: Disabled; 465 * bit[3]: Read LBA On, 0: Disabed (default); 466 * bit[4]: New Vendor Storage API, 0: Disabed; 467 * bit[5:63}: Reserved. 468 */ 469 memset((void *)&buf[0], 0, len); 470 if (type == IF_TYPE_MMC || type == IF_TYPE_SD) 471 buf[0] = BIT(0) | BIT(2) | BIT(4); 472 else 473 buf[0] = BIT(0) | BIT(4); 474 475 /* Set data xfer size */ 476 common->residue = common->data_size_from_cmnd = len; 477 478 return len; 479 } 480 481 static void rkusb_fixup_cbwcb(struct fsg_common *common, 482 struct fsg_buffhd *bh) 483 { 484 struct usb_request *req = bh->outreq; 485 struct fsg_bulk_cb_wrap *cbw = req->buf; 486 487 /* FIXME cbw.DataTransferLength was not set by Upgrade Tool */ 488 common->data_size = le32_to_cpu(cbw->DataTransferLength); 489 if (common->data_size == 0) { 490 common->data_size = 491 get_unaligned_be16(&common->cmnd[7]) << 9; 492 printf("Trasfer Length NOT set, please use new version tool\n"); 493 debug("%s %d, cmnd1 %x\n", __func__, 494 get_unaligned_be16(&common->cmnd[7]), 495 get_unaligned_be16(&common->cmnd[1])); 496 } 497 if (cbw->Flags & USB_BULK_IN_FLAG) 498 common->data_dir = DATA_DIR_TO_HOST; 499 else 500 common->data_dir = DATA_DIR_FROM_HOST; 501 502 /* Not support */ 503 common->cmnd[1] = 0; 504 } 505 506 static int rkusb_cmd_process(struct fsg_common *common, 507 struct fsg_buffhd *bh, int *reply) 508 { 509 struct usb_request *req = bh->outreq; 510 struct fsg_bulk_cb_wrap *cbw = req->buf; 511 int rc; 512 513 dump_cbw(cbw); 514 515 if (rkusb_check_lun(common)) { 516 *reply = -EINVAL; 517 return RKUSB_RC_ERROR; 518 } 519 520 switch (common->cmnd[0]) { 521 case RKUSB_TEST_UNIT_READY: 522 *reply = rkusb_do_test_unit_ready(common, bh); 523 rc = RKUSB_RC_FINISHED; 524 break; 525 526 case RKUSB_READ_FLASH_ID: 527 *reply = rkusb_do_read_flash_id(common, bh); 528 rc = RKUSB_RC_FINISHED; 529 break; 530 531 case RKUSB_TEST_BAD_BLOCK: 532 *reply = rkusb_do_test_bad_block(common, bh); 533 rc = RKUSB_RC_FINISHED; 534 break; 535 536 case RKUSB_LBA_READ_10: 537 rkusb_fixup_cbwcb(common, bh); 538 common->cmnd[0] = SC_READ_10; 539 common->cmnd[1] = 0; /* Not support */ 540 rc = RKUSB_RC_CONTINUE; 541 break; 542 543 case RKUSB_LBA_WRITE_10: 544 rkusb_fixup_cbwcb(common, bh); 545 common->cmnd[0] = SC_WRITE_10; 546 common->cmnd[1] = 0; /* Not support */ 547 rc = RKUSB_RC_CONTINUE; 548 break; 549 550 case RKUSB_READ_FLASH_INFO: 551 *reply = rkusb_do_read_flash_info(common, bh); 552 rc = RKUSB_RC_FINISHED; 553 break; 554 555 case RKUSB_GET_CHIP_VER: 556 *reply = rkusb_do_get_chip_info(common, bh); 557 rc = RKUSB_RC_FINISHED; 558 break; 559 560 case RKUSB_LBA_ERASE: 561 *reply = rkusb_do_lba_erase(common, bh); 562 rc = RKUSB_RC_FINISHED; 563 break; 564 565 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 566 case RKUSB_VS_WRITE: 567 *reply = rkusb_do_vs_write(common); 568 rc = RKUSB_RC_FINISHED; 569 break; 570 571 case RKUSB_VS_READ: 572 *reply = rkusb_do_vs_read(common); 573 rc = RKUSB_RC_FINISHED; 574 break; 575 #endif 576 577 case RKUSB_READ_CAPACITY: 578 *reply = rkusb_do_read_capacity(common, bh); 579 rc = RKUSB_RC_FINISHED; 580 break; 581 582 case RKUSB_RESET: 583 *reply = rkusb_do_reset(common, bh); 584 rc = RKUSB_RC_FINISHED; 585 break; 586 587 case RKUSB_READ_10: 588 case RKUSB_WRITE_10: 589 printf("CMD Not support, pls use new version Tool\n"); 590 case RKUSB_SET_DEVICE_ID: 591 case RKUSB_ERASE_10: 592 case RKUSB_WRITE_SPARE: 593 case RKUSB_READ_SPARE: 594 case RKUSB_ERASE_10_FORCE: 595 case RKUSB_GET_VERSION: 596 case RKUSB_ERASE_SYS_DISK: 597 case RKUSB_SDRAM_READ_10: 598 case RKUSB_SDRAM_WRITE_10: 599 case RKUSB_SDRAM_EXECUTE: 600 case RKUSB_LOW_FORMAT: 601 case RKUSB_SET_RESET_FLAG: 602 case RKUSB_SPI_READ_10: 603 case RKUSB_SPI_WRITE_10: 604 case RKUSB_SESSION: 605 /* Fall through */ 606 default: 607 rc = RKUSB_RC_UNKNOWN_CMND; 608 break; 609 } 610 611 return rc; 612 } 613 614 DECLARE_GADGET_BIND_CALLBACK(rkusb_ums_dnl, fsg_add); 615