Gitiles
Code Review Sign In
review.sourcearcade.org / flashprog / e2c90c45f7d1dbdd02269f0a8f3c95cb8ee5fa91 / . / ch341a_spi.c
blob: 9ebda0d3a6c1057be6c5b7f50d8296cb716f6b77 [file] [log] [blame]
Urja Rannikko0870b022016-01-31 22:10:29 +0000[diff] [blame]1/*
2 * This file is part of the flashrom project.
3 *
4 * Copyright (C) 2011 asbokid <ballymunboy@gmail.com>
5 * Copyright (C) 2014 Pluto Yang <yangyj.ee@gmail.com>
6 * Copyright (C) 2015-2016 Stefan Tauner
7 * Copyright (C) 2015 Urja Rannikko <urjaman@gmail.com>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
Urja Rannikko0870b022016-01-31 22:10:29 +0000[diff] [blame]18 */
19
20#include <string.h>
21#include <libusb.h>
22#include "flash.h"
23#include "programmer.h"
24
25/* LIBUSB_CALL ensures the right calling conventions on libusb callbacks.
26 * However, the macro is not defined everywhere. m(
27 */
28#ifndef LIBUSB_CALL
29#define LIBUSB_CALL
30#endif
31
32#define USB_TIMEOUT 1000 /* 1000 ms is plenty and we have no backup strategy anyway. */
33#define WRITE_EP 0x02
34#define READ_EP 0x82
35
36#define CH341_PACKET_LENGTH 0x20
37#define CH341_MAX_PACKETS 256
38#define CH341_MAX_PACKET_LEN (CH341_PACKET_LENGTH * CH341_MAX_PACKETS)
39
40#define CH341A_CMD_SET_OUTPUT 0xA1
41#define CH341A_CMD_IO_ADDR 0xA2
42#define CH341A_CMD_PRINT_OUT 0xA3
43#define CH341A_CMD_SPI_STREAM 0xA8
44#define CH341A_CMD_SIO_STREAM 0xA9
45#define CH341A_CMD_I2C_STREAM 0xAA
46#define CH341A_CMD_UIO_STREAM 0xAB
47
48#define CH341A_CMD_I2C_STM_START 0x74
49#define CH341A_CMD_I2C_STM_STOP 0x75
50#define CH341A_CMD_I2C_STM_OUT 0x80
51#define CH341A_CMD_I2C_STM_IN 0xC0
52#define CH341A_CMD_I2C_STM_MAX ( min( 0x3F, CH341_PACKET_LENGTH ) )
53#define CH341A_CMD_I2C_STM_SET 0x60 // bit 2: SPI with two data pairs D5,D4=out, D7,D6=in
54#define CH341A_CMD_I2C_STM_US 0x40
55#define CH341A_CMD_I2C_STM_MS 0x50
56#define CH341A_CMD_I2C_STM_DLY 0x0F
57#define CH341A_CMD_I2C_STM_END 0x00
58
59#define CH341A_CMD_UIO_STM_IN 0x00
60#define CH341A_CMD_UIO_STM_DIR 0x40
61#define CH341A_CMD_UIO_STM_OUT 0x80
62#define CH341A_CMD_UIO_STM_US 0xC0
63#define CH341A_CMD_UIO_STM_END 0x20
64
65#define CH341A_STM_I2C_20K 0x00
66#define CH341A_STM_I2C_100K 0x01
67#define CH341A_STM_I2C_400K 0x02
68#define CH341A_STM_I2C_750K 0x03
69#define CH341A_STM_SPI_DBL 0x04
70
71
72/* Number of parallel IN transfers. 32 seems to produce the most stable throughput on Windows. */
73#define USB_IN_TRANSFERS 32
74
75/* We need to use many queued IN transfers for any resemblance of performance (especially on Windows)
76 * because USB spec says that transfers end on non-full packets and the device sends the 31 reply
77 * data bytes to each 32-byte packet with command + 31 bytes of data... */
78static struct libusb_transfer *transfer_out = NULL;
79static struct libusb_transfer *transfer_ins[USB_IN_TRANSFERS] = {0};
80
81/* Accumulate delays to be plucked between CS deassertion and CS assertions. */
82static unsigned int stored_delay_us = 0;
83
84static struct libusb_device_handle *handle = NULL;
85
86const struct dev_entry devs_ch341a_spi[] = {
87 {0x1A86, 0x5512, OK, "Winchiphead (WCH)", "CH341A"},
88
89 {0},
90};
91
92enum trans_state {TRANS_ACTIVE = -2, TRANS_ERR = -1, TRANS_IDLE = 0};
93
94static void print_hex(const void *buf, size_t len)
95{
96 size_t i;
97 for (i = 0; i < len; i++) {
98 msg_pspew(" %02x", ((uint8_t *)buf)[i]);
99 if (i % CH341_PACKET_LENGTH == CH341_PACKET_LENGTH - 1)
100 msg_pspew("\n");
101 }
102}
103
104static void cb_common(const char *func, struct libusb_transfer *transfer)
105{
106 int *transfer_cnt = (int*)transfer->user_data;
107
108 if (transfer->status == LIBUSB_TRANSFER_CANCELLED) {
109 /* Silently ACK and exit. */
110 *transfer_cnt = TRANS_IDLE;
111 return;
112 }
113
114 if (transfer->status != LIBUSB_TRANSFER_COMPLETED) {
115 msg_perr("\n%s: error: %s\n", func, libusb_error_name(transfer->status));
116 *transfer_cnt = TRANS_ERR;
117 } else {
118 *transfer_cnt = transfer->actual_length;
119 }
120}
121
122/* callback for bulk out async transfer */
123static void LIBUSB_CALL cb_out(struct libusb_transfer *transfer)
124{
125 cb_common(__func__, transfer);
126}
127
128/* callback for bulk in async transfer */
129static void LIBUSB_CALL cb_in(struct libusb_transfer *transfer)
130{
131 cb_common(__func__, transfer);
132}
133
134static int32_t usb_transfer(const char *func, unsigned int writecnt, unsigned int readcnt, const uint8_t *writearr, uint8_t *readarr)
135{
136 if (handle == NULL)
137 return -1;
138
139 int state_out = TRANS_IDLE;
140 transfer_out->buffer = (uint8_t*)writearr;
141 transfer_out->length = writecnt;
142 transfer_out->user_data = &state_out;
143
144 /* Schedule write first */
145 if (writecnt > 0) {
146 state_out = TRANS_ACTIVE;
147 int ret = libusb_submit_transfer(transfer_out);
148 if (ret) {
149 msg_perr("%s: failed to submit OUT transfer: %s\n", func, libusb_error_name(ret));
150 state_out = TRANS_ERR;
151 goto err;
152 }
153 }
154
155 /* Handle all asynchronous packets as long as we have stuff to write or read. The write(s) simply need
156 * to complete but we need to scheduling reads as long as we are not done. */
157 unsigned int free_idx = 0; /* The IN transfer we expect to be free next. */
158 unsigned int in_idx = 0; /* The IN transfer we expect to be completed next. */
159 unsigned int in_done = 0;
160 unsigned int in_active = 0;
161 unsigned int out_done = 0;
162 uint8_t *in_buf = readarr;
163 int state_in[USB_IN_TRANSFERS] = {0};
164 do {
165 /* Schedule new reads as long as there are free transfers and unscheduled bytes to read. */
166 while ((in_done + in_active) < readcnt && state_in[free_idx] == TRANS_IDLE) {
167 unsigned int cur_todo = min(CH341_PACKET_LENGTH - 1, readcnt - in_done - in_active);
168 transfer_ins[free_idx]->length = cur_todo;
169 transfer_ins[free_idx]->buffer = in_buf;
170 transfer_ins[free_idx]->user_data = &state_in[free_idx];
171 int ret = libusb_submit_transfer(transfer_ins[free_idx]);
172 if (ret) {
173 state_in[free_idx] = TRANS_ERR;
174 msg_perr("%s: failed to submit IN transfer: %s\n",
175 func, libusb_error_name(ret));
176 goto err;
177 }
178 in_buf += cur_todo;
179 in_active += cur_todo;
180 state_in[free_idx] = TRANS_ACTIVE;
181 free_idx = (free_idx + 1) % USB_IN_TRANSFERS; /* Increment (and wrap around). */
182 }
183
184 /* Actually get some work done. */
185 libusb_handle_events_timeout(NULL, &(struct timeval){1, 0});
186
187 /* Check for the write */
188 if (out_done < writecnt) {
189 if (state_out == TRANS_ERR) {
190 goto err;
191 } else if (state_out > 0) {
192 out_done += state_out;
193 state_out = TRANS_IDLE;
194 }
195 }
196 /* Check for completed transfers. */
197 while (state_in[in_idx] != TRANS_IDLE && state_in[in_idx] != TRANS_ACTIVE) {
198 if (state_in[in_idx] == TRANS_ERR) {
199 goto err;
200 }
201 /* If a transfer is done, record the number of bytes read and reuse it later. */
202 in_done += state_in[in_idx];
203 in_active -= state_in[in_idx];
204 state_in[in_idx] = TRANS_IDLE;
205 in_idx = (in_idx + 1) % USB_IN_TRANSFERS; /* Increment (and wrap around). */
206 }
207 } while ((out_done < writecnt) || (in_done < readcnt));
208
209 if (out_done > 0) {
210 msg_pspew("Wrote %d bytes:\n", out_done);
211 print_hex(writearr, out_done);
212 msg_pspew("\n\n");
213 }
214 if (in_done > 0) {
215 msg_pspew("Read %d bytes:\n", in_done);
216 print_hex(readarr, in_done);
217 msg_pspew("\n\n");
218 }
219 return 0;
220err:
221 /* Clean up on errors. */
222 msg_perr("%s: Failed to %s %d bytes\n", func, (state_out == TRANS_ERR) ? "write" : "read",
223 (state_out == TRANS_ERR) ? writecnt : readcnt);
224 /* First, we must cancel any ongoing requests and wait for them to be canceled. */
225 if ((writecnt > 0) && (state_out == TRANS_ACTIVE)) {
226 if (libusb_cancel_transfer(transfer_out) != 0)
227 state_out = TRANS_ERR;
228 }
229 if (readcnt > 0) {
230 unsigned int i;
231 for (i = 0; i < USB_IN_TRANSFERS; i++) {
232 if (state_in[i] == TRANS_ACTIVE)
233 if (libusb_cancel_transfer(transfer_ins[i]) != 0)
234 state_in[i] = TRANS_ERR;
235 }
236 }
237
238 /* Wait for cancellations to complete. */
239 while (1) {
240 bool finished = true;
241 if ((writecnt > 0) && (state_out == TRANS_ACTIVE))
242 finished = false;
243 if (readcnt > 0) {
244 unsigned int i;
245 for (i = 0; i < USB_IN_TRANSFERS; i++) {
246 if (state_in[i] == TRANS_ACTIVE)
247 finished = false;
248 }
249 }
250 if (finished)
251 break;
252 libusb_handle_events_timeout(NULL, &(struct timeval){1, 0});
253 }
254 return -1;
255}
256
257/* Set the I2C bus speed (speed(b1b0): 0 = 20kHz; 1 = 100kHz, 2 = 400kHz, 3 = 750kHz).
258 * Set the SPI bus data width (speed(b2): 0 = Single, 1 = Double). */
259static int32_t config_stream(uint32_t speed)
260{
261 if (handle == NULL)
262 return -1;
263
264 uint8_t buf[] = {
265 CH341A_CMD_I2C_STREAM,
266 CH341A_CMD_I2C_STM_SET | (speed & 0x7),
267 CH341A_CMD_I2C_STM_END
268 };
269
270 int32_t ret = usb_transfer(__func__, sizeof(buf), 0, buf, NULL);
271 if (ret < 0) {
272 msg_perr("Could not configure stream interface.\n");
273 }
274 return ret;
275}
276
277/* ch341 requires LSB first, swap the bit order before send and after receive */
278static uint8_t swap_byte(uint8_t x)
279{
280 x = ((x >> 1) & 0x55) | ((x << 1) & 0xaa);
281 x = ((x >> 2) & 0x33) | ((x << 2) & 0xcc);
282 x = ((x >> 4) & 0x0f) | ((x << 4) & 0xf0);
283 return x;
284}
285
286/* The assumed map between UIO command bits, pins on CH341A chip and pins on SPI chip:
287 * UIO CH341A SPI CH341A SPI name
Elyes HAOUASac01baa2018-05-28 16:52:21 +0200[diff] [blame]288 * 0 D0/15 CS/1 (CS0)
Urja Rannikko0870b022016-01-31 22:10:29 +0000[diff] [blame]289 * 1 D1/16 unused (CS1)
290 * 2 D2/17 unused (CS2)
291 * 3 D3/18 SCK/6 (DCK)
292 * 4 D4/19 unused (DOUT2)
293 * 5 D5/20 SI/5 (DOUT)
294 * - The UIO stream commands seem to only have 6 bits of output, and D6/D7 are the SPI inputs,
295 * mapped as follows:
296 * D6/21 unused (DIN2)
297 * D7/22 SO/2 (DIN)
298 */
299static int32_t enable_pins(bool enable)
300{
301 uint8_t buf[] = {
302 CH341A_CMD_UIO_STREAM,
303 CH341A_CMD_UIO_STM_OUT | 0x37, // CS high (all of them), SCK=0, DOUT*=1
304 CH341A_CMD_UIO_STM_DIR | (enable ? 0x3F : 0x00), // Interface output enable / disable
305 CH341A_CMD_UIO_STM_END,
306 };
307
308 int32_t ret = usb_transfer(__func__, sizeof(buf), 0, buf, NULL);
309 if (ret < 0) {
310 msg_perr("Could not %sable output pins.\n", enable ? "en" : "dis");
311 }
312 return ret;
313}
314
315/* De-assert and assert CS in one operation. */
316static void pluck_cs(uint8_t *ptr)
317{
Elyes HAOUASe2c90c42018-08-18 09:04:41 +0200[diff] [blame^]318 /* This was measured to give a minimum deassertion time of 2.25 us,
Urja Rannikko0870b022016-01-31 22:10:29 +0000[diff] [blame]319 * >20x more than needed for most SPI chips (100ns). */
320 int delay_cnt = 2;
321 if (stored_delay_us) {
322 delay_cnt = (stored_delay_us * 4) / 3;
323 stored_delay_us = 0;
324 }
325 *ptr++ = CH341A_CMD_UIO_STREAM;
326 *ptr++ = CH341A_CMD_UIO_STM_OUT | 0x37; /* deasserted */
327 int i;
328 for (i = 0; i < delay_cnt; i++)
329 *ptr++ = CH341A_CMD_UIO_STM_OUT | 0x37; /* "delay" */
330 *ptr++ = CH341A_CMD_UIO_STM_OUT | 0x36; /* asserted */
331 *ptr++ = CH341A_CMD_UIO_STM_END;
332}
333
334void ch341a_spi_delay(unsigned int usecs)
335{
336 /* There is space for 28 bytes instructions of 750 ns each in the CS packet (32 - 4 for the actual CS
337 * instructions), thus max 21 us, but we avoid getting too near to this boundary and use
338 * internal_delay() for durations over 20 us. */
339 if ((usecs + stored_delay_us) > 20) {
340 unsigned int inc = 20 - stored_delay_us;
341 internal_delay(usecs - inc);
342 usecs = inc;
343 }
344 stored_delay_us += usecs;
345}
346
347static int ch341a_spi_spi_send_command(struct flashctx *flash, unsigned int writecnt, unsigned int readcnt, const unsigned char *writearr, unsigned char *readarr)
348{
349 if (handle == NULL)
350 return -1;
351
352 /* How many packets ... */
353 const size_t packets = (writecnt + readcnt + CH341_PACKET_LENGTH - 2) / (CH341_PACKET_LENGTH - 1);
354
355 /* We pluck CS/timeout handling into the first packet thus we need to allocate one extra package. */
356 uint8_t wbuf[packets+1][CH341_PACKET_LENGTH];
357 uint8_t rbuf[writecnt + readcnt];
358 /* Initialize the write buffer to zero to prevent writing random stack contents to device. */
359 memset(wbuf[0], 0, CH341_PACKET_LENGTH);
360
361 uint8_t *ptr = wbuf[0];
362 /* CS usage is optimized by doing both transitions in one packet.
363 * Final transition to deselected state is in the pin disable. */
364 pluck_cs(ptr);
365 unsigned int write_left = writecnt;
366 unsigned int read_left = readcnt;
367 unsigned int p;
368 for (p = 0; p < packets; p++) {
369 unsigned int write_now = min(CH341_PACKET_LENGTH - 1, write_left);
370 unsigned int read_now = min ((CH341_PACKET_LENGTH - 1) - write_now, read_left);
371 ptr = wbuf[p+1];
372 *ptr++ = CH341A_CMD_SPI_STREAM;
373 unsigned int i;
374 for (i = 0; i < write_now; ++i)
375 *ptr++ = swap_byte(*writearr++);
376 if (read_now) {
377 memset(ptr, 0xFF, read_now);
378 read_left -= read_now;
379 }
380 write_left -= write_now;
381 }
382
383 int32_t ret = usb_transfer(__func__, CH341_PACKET_LENGTH + packets + writecnt + readcnt,
384 writecnt + readcnt, wbuf[0], rbuf);
385 if (ret < 0)
386 return -1;
387
388 unsigned int i;
389 for (i = 0; i < readcnt; i++) {
390 *readarr++ = swap_byte(rbuf[writecnt + i]);
391 }
392
393 return 0;
394}
395
396static const struct spi_master spi_master_ch341a_spi = {
397 .type = SPI_CONTROLLER_CH341A_SPI,
Nico Huber1cf407b2017-11-10 20:18:23 +0100[diff] [blame]398 .features = SPI_MASTER_4BA,
Urja Rannikko0870b022016-01-31 22:10:29 +0000[diff] [blame]399 /* flashrom's current maximum is 256 B. CH341A was tested on Linux and Windows to accept atleast
400 * 128 kB. Basically there should be no hard limit because transfers are broken up into USB packets
401 * sent to the device and most of their payload streamed via SPI. */
402 .max_data_read = 4 * 1024,
403 .max_data_write = 4 * 1024,
404 .command = ch341a_spi_spi_send_command,
405 .multicommand = default_spi_send_multicommand,
406 .read = default_spi_read,
407 .write_256 = default_spi_write_256,
408 .write_aai = default_spi_write_aai,
409};
410
411static int ch341a_spi_shutdown(void *data)
412{
413 if (handle == NULL)
414 return -1;
415
416 enable_pins(false);
417 libusb_free_transfer(transfer_out);
418 transfer_out = NULL;
419 int i;
420 for (i = 0; i < USB_IN_TRANSFERS; i++) {
421 libusb_free_transfer(transfer_ins[i]);
422 transfer_ins[i] = NULL;
423 }
424 libusb_release_interface(handle, 0);
425 libusb_close(handle);
426 libusb_exit(NULL);
427 handle = NULL;
428 return 0;
429}
430
431int ch341a_spi_init(void)
432{
433 if (handle != NULL) {
434 msg_cerr("%s: handle already set! Please report a bug at flashrom@flashrom.org\n", __func__);
435 return -1;
436 }
437
438 int32_t ret = libusb_init(NULL);
439 if (ret < 0) {
440 msg_perr("Couldnt initialize libusb!\n");
441 return -1;
442 }
443
Alex James291764a2018-04-14 22:59:57 -0500[diff] [blame]444 /* Enable information, warning, and error messages (only). */
445#if LIBUSB_API_VERSION < 0x01000106
446 libusb_set_debug(NULL, 3);
447#else
448 libusb_set_option(NULL, LIBUSB_OPTION_LOG_LEVEL, LIBUSB_LOG_LEVEL_INFO);
449#endif
Urja Rannikko0870b022016-01-31 22:10:29 +0000[diff] [blame]450
451 uint16_t vid = devs_ch341a_spi[0].vendor_id;
452 uint16_t pid = devs_ch341a_spi[0].device_id;
453 handle = libusb_open_device_with_vid_pid(NULL, vid, pid);
454 if (handle == NULL) {
455 msg_perr("Couldn't open device %04x:%04x.\n", vid, pid);
456 return -1;
457 }
458
459/* libusb_detach_kernel_driver() and friends basically only work on Linux. We simply try to detach on Linux
460 * without a lot of passion here. If that works fine else we will fail on claiming the interface anyway. */
461#if IS_LINUX
462 ret = libusb_detach_kernel_driver(handle, 0);
463 if (ret == LIBUSB_ERROR_NOT_SUPPORTED) {
464 msg_pwarn("Detaching kernel drivers is not supported. Further accesses may fail.\n");
465 } else if (ret != 0 && ret != LIBUSB_ERROR_NOT_FOUND) {
466 msg_pwarn("Failed to detach kernel driver: '%s'. Further accesses will probably fail.\n",
467 libusb_error_name(ret));
468 }
469#endif
470
471 ret = libusb_claim_interface(handle, 0);
472 if (ret != 0) {
473 msg_perr("Failed to claim interface 0: '%s'\n", libusb_error_name(ret));
474 goto close_handle;
475 }
476
477 struct libusb_device *dev;
478 if (!(dev = libusb_get_device(handle))) {
479 msg_perr("Failed to get device from device handle.\n");
480 goto close_handle;
481 }
482
483 struct libusb_device_descriptor desc;
484 ret = libusb_get_device_descriptor(dev, &desc);
485 if (ret < 0) {
486 msg_perr("Failed to get device descriptor: '%s'\n", libusb_error_name(ret));
487 goto release_interface;
488 }
489
490 msg_pdbg("Device revision is %d.%01d.%01d\n",
491 (desc.bcdDevice >> 8) & 0x00FF,
492 (desc.bcdDevice >> 4) & 0x000F,
493 (desc.bcdDevice >> 0) & 0x000F);
494
495 /* Allocate and pre-fill transfer structures. */
496 transfer_out = libusb_alloc_transfer(0);
497 if (!transfer_out) {
498 msg_perr("Failed to alloc libusb OUT transfer\n");
499 goto release_interface;
500 }
501 int i;
502 for (i = 0; i < USB_IN_TRANSFERS; i++) {
503 transfer_ins[i] = libusb_alloc_transfer(0);
504 if (transfer_ins[i] == NULL) {
505 msg_perr("Failed to alloc libusb IN transfer %d\n", i);
506 goto dealloc_transfers;
507 }
508 }
509 /* We use these helpers but dont fill the actual buffer yet. */
510 libusb_fill_bulk_transfer(transfer_out, handle, WRITE_EP, NULL, 0, cb_out, NULL, USB_TIMEOUT);
511 for (i = 0; i < USB_IN_TRANSFERS; i++)
512 libusb_fill_bulk_transfer(transfer_ins[i], handle, READ_EP, NULL, 0, cb_in, NULL, USB_TIMEOUT);
513
514 if ((config_stream(CH341A_STM_I2C_100K) < 0) || (enable_pins(true) < 0))
515 goto dealloc_transfers;
516
517 register_shutdown(ch341a_spi_shutdown, NULL);
518 register_spi_master(&spi_master_ch341a_spi);
519
520 return 0;
521
522dealloc_transfers:
523 for (i = 0; i < USB_IN_TRANSFERS; i++) {
524 if (transfer_ins[i] == NULL)
525 break;
526 libusb_free_transfer(transfer_ins[i]);
527 transfer_ins[i] = NULL;
528 }
529 libusb_free_transfer(transfer_out);
530 transfer_out = NULL;
531release_interface:
532 libusb_release_interface(handle, 0);
533close_handle:
534 libusb_close(handle);
535 handle = NULL;
536 return -1;
537}