2 Copyright (c) 2010 "Capt'ns Missing Link" Authors. All rights reserved.
3 Use of this source code is governed by a BSD-style
4 license that can be found in the LICENSE file.
6 A linux stlink access demo. The purpose of this file is to mitigate the usual
7 "reinventing the wheel" force by incompatible licenses and give you an idea,
8 how to access the stlink device. That doesn't mean you should be a free-loader
9 and not contribute your improvements to this code.
11 Author: Martin Capitanio <m@capitanio.org>
12 The stlink related constants kindly provided by Oliver Spencer (OpenOCD)
13 for use in a GPL compatible license.
15 Tested compatibility: linux, gcc >= 4.3.3
17 The communication is based on standard USB mass storage device
18 BOT (Bulk Only Transfer)
19 - Endpoint 1: BULK_IN, 64 bytes max
20 - Endpoint 2: BULK_OUT, 64 bytes max
22 All CBW transfers are ordered with the LSB (byte 0) first (little endian).
23 Any command must be answered before sending the next command.
24 Each USB transfer must complete in less than 1s.
26 SB Device Class Definition for Mass Storage Devices:
27 www.usb.org/developers/devclass_docs/usbmassbulk_10.pdf
29 dt - Data Transfer (IN/OUT)
30 CBW - Command Block Wrapper
31 CSW - Command Status Wrapper
32 RFU - Reserved for Future Use
34 Originally, this driver used scsi pass through commands, which required the
35 usb-storage module to be loaded, providing the /dev/sgX links. The USB mass
36 storage implementation on the STLinkv1 is however terribly broken, and it can
37 take many minutes for the kernel to give up.
39 However, in Nov 2011, the scsi pass through was replaced by raw libusb, so
40 instead of having to let usb-storage struggle with the device, and also greatly
41 limiting the portability of the driver, you can now tell usb-storage to simply
42 ignore this device completely.
45 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob_plain;f=Documentation/kernel-parameters.txt
46 Each entry has the form VID:PID:Flags where VID and PID are Vendor and Product
47 ID values (4-digit hex numbers) and Flags is a set of characters, each corresponding
48 to a common usb-storage quirk flag as follows:
50 a = SANE_SENSE (collect more than 18 bytes of sense data);
51 b = BAD_SENSE (don't collect more than 18 bytes of sense data);
52 c = FIX_CAPACITY (decrease the reported device capacity by one sector);
53 h = CAPACITY_HEURISTICS (decrease the reported device capacity by one sector if the number is odd);
54 i = IGNORE_DEVICE (don't bind to this device);
55 l = NOT_LOCKABLE (don't try to lock and unlock ejectable media);
56 m = MAX_SECTORS_64 (don't transfer more than 64 sectors = 32 KB at a time);
57 o = CAPACITY_OK (accept the capacity reported by the device);
58 r = IGNORE_RESIDUE (the device reports bogus residue values);
59 s = SINGLE_LUN (the device has only one Logical Unit);
60 w = NO_WP_DETECT (don't test whether the medium is write-protected).
62 Example: quirks=0419:aaf5:rl,0421:0433:rc
63 http://permalink.gmane.org/gmane.linux.usb.general/35053
65 For the stlinkv1, you just want the following
67 modprobe -r usb-storage && modprobe usb-storage quirks=483:3744:i
69 Equivalently, you can add a line saying
71 options usb-storage quirks=483:3744:i
73 to your /etc/modprobe.conf or /etc/modprobe.d/local.conf (or add the "quirks=..."
74 part to an existing options line for usb-storage).
86 #include <sys/types.h>
90 #include "stlink-common.h"
91 #include "stlink-sg.h"
92 #include "uglylogging.h"
94 #define LOG_TAG __FILE__
95 #define DLOG(format, args...) ugly_log(UDEBUG, LOG_TAG, format, ## args)
96 #define ILOG(format, args...) ugly_log(UINFO, LOG_TAG, format, ## args)
97 #define WLOG(format, args...) ugly_log(UWARN, LOG_TAG, format, ## args)
98 #define fatal(format, args...) ugly_log(UFATAL, LOG_TAG, format, ## args)
100 // Suspends execution of the calling process for
101 // (at least) ms milliseconds.
103 static void delay(int ms) {
104 //fprintf(stderr, "*** wait %d ms\n", ms);
108 static void clear_cdb(struct stlink_libsg *sl) {
109 for (size_t i = 0; i < sizeof (sl->cdb_cmd_blk); i++)
110 sl->cdb_cmd_blk[i] = 0;
112 sl->cdb_cmd_blk[0] = STLINK_DEBUG_COMMAND;
113 sl->q_data_dir = Q_DATA_IN;
116 // close the device, free the allocated memory
118 void _stlink_sg_close(stlink_t *sl) {
121 struct stlink_libsg *slsg = sl->backend_data;
122 scsi_pt_close_device(slsg->sg_fd);
128 static int get_usb_mass_storage_status(libusb_device_handle *handle, uint8_t endpoint, uint32_t *tag)
130 unsigned char csw[13];
131 memset(csw, 0, sizeof(csw));
136 ret = libusb_bulk_transfer(handle, endpoint, (unsigned char *)&csw, sizeof(csw),
137 &transferred, SG_TIMEOUT_MSEC);
138 if (ret == LIBUSB_ERROR_PIPE) {
139 libusb_clear_halt(handle, endpoint);
142 } while ((ret == LIBUSB_ERROR_PIPE) && (try < 3));
143 if (ret != LIBUSB_SUCCESS) {
144 fprintf(stderr, "%s: receiving failed: %d\n", __func__, ret);
147 if (transferred != sizeof(csw)) {
148 fprintf(stderr, "%s: received unexpected amount: %d\n", __func__, transferred);
152 uint32_t rsig = read_uint32(csw, 0);
153 uint32_t rtag = read_uint32(csw, 4);
154 uint32_t residue = read_uint32(csw, 8);
155 #define USB_CSW_SIGNATURE 0x53425355 // 'U' 'S' 'B' 'S' (reversed)
156 if (rsig != USB_CSW_SIGNATURE) {
157 WLOG("status signature was invalid: %#x\n", rsig);
160 DLOG("residue was= %#x\n", residue);
162 uint8_t rstatus = csw[12];
163 DLOG("rstatus = %x\n", rstatus);
167 static int dump_CDB_command(uint8_t *cdb, uint8_t cdb_len) {
169 char *dbugp = dbugblah;
170 dbugp += sprintf(dbugp, "Sending CDB [");
171 for (uint8_t i = 0; i < cdb_len; i++) {
172 dbugp += sprintf(dbugp, " %#02x", (unsigned int) cdb[i]);
174 sprintf(dbugp, "]\n");
180 * Wraps a CDB mass storage command in the appropriate gunk to get it down
187 * @param expected_rx_size
190 int send_usb_mass_storage_command(libusb_device_handle *handle, uint8_t endpoint_out,
191 uint8_t *cdb, uint8_t cdb_length,
192 uint8_t lun, uint8_t flags, uint32_t expected_rx_size) {
193 DLOG("Sending usb m-s cmd: cdblen:%d, rxsize=%d\n", cdb_length, expected_rx_size);
194 dump_CDB_command(cdb, cdb_length);
203 int real_transferred;
206 uint8_t c_buf[STLINK_SG_SIZE];
207 // tag is allegedly ignored... TODO - verify
212 write_uint32(&c_buf[i], tag);
213 uint32_t this_tag = tag++;
214 write_uint32(&c_buf[i+4], expected_rx_size);
219 c_buf[i++] = cdb_length;
221 // Now the actual CDB request
222 assert(cdb_length <= CDB_SL);
223 memcpy(&(c_buf[i]), cdb, cdb_length);
225 int sending_length = STLINK_SG_SIZE;
226 DLOG("sending length set to: %d\n", sending_length);
230 DLOG("attempting tx...\n");
231 ret = libusb_bulk_transfer(handle, endpoint_out, c_buf, sending_length,
232 &real_transferred, SG_TIMEOUT_MSEC);
233 if (ret == LIBUSB_ERROR_PIPE) {
234 libusb_clear_halt(handle, endpoint_out);
237 } while ((ret == LIBUSB_ERROR_PIPE) && (try < 3));
238 if (ret != LIBUSB_SUCCESS) {
239 WLOG("sending failed: %d\n", ret);
242 DLOG("Actually sent: %d, returning tag: %d\n", real_transferred, tag);
248 * Straight from stm8 stlink code...
251 * @param endpoint_out
254 get_sense(libusb_device_handle *handle, uint8_t endpoint_in, uint8_t endpoint_out)
256 DLOG("Fetching sense...\n");
258 memset(cdb, 0, sizeof(cdb));
259 #define REQUEST_SENSE 0x03
260 #define REQUEST_SENSE_LENGTH 18
261 cdb[0] = REQUEST_SENSE;
262 cdb[4] = REQUEST_SENSE_LENGTH;
263 uint32_t tag = send_usb_mass_storage_command(handle, endpoint_out, cdb, sizeof(cdb), 0,
264 LIBUSB_ENDPOINT_IN, REQUEST_SENSE_LENGTH);
266 WLOG("refusing to send request sense with tag 0\n");
269 unsigned char sense[REQUEST_SENSE_LENGTH];
274 ret = libusb_bulk_transfer(handle, endpoint_in, sense, sizeof(sense),
275 &transferred, SG_TIMEOUT_MSEC);
276 if (ret == LIBUSB_ERROR_PIPE) {
277 libusb_clear_halt(handle, endpoint_in);
280 } while ((ret == LIBUSB_ERROR_PIPE) && (try < 3));
281 if (ret != LIBUSB_SUCCESS) {
282 WLOG("receiving sense failed: %d\n", ret);
285 if (transferred != sizeof(sense)) {
286 WLOG("received unexpected amount of sense: %d != %d\n", transferred, sizeof(sense));
288 uint32_t received_tag;
289 int status = get_usb_mass_storage_status(handle, endpoint_in, &received_tag);
291 WLOG("receiving sense failed with status: %02x\n", status);
294 if (sense[0] != 0x70 && sense[0] != 0x71) {
295 WLOG("No sense data\n");
297 WLOG("Sense KCQ: %02X %02X %02X\n", sense[2] & 0x0f, sense[12], sense[13]);
302 //TODO rewrite/cleanup, save the error in sl
305 static void stlink_confirm_inq(stlink_t *stl, struct sg_pt_base *ptvp) {
306 struct stlink_libsg *sl = stl->backend_data;
307 const int e = sl->do_scsi_pt_err;
309 fprintf(stderr, "scsi_pt error: pass through os error: %s\n",
312 } else if (e == SCSI_PT_DO_BAD_PARAMS) {
313 fprintf(stderr, "scsi_pt error: bad pass through setup\n");
315 } else if (e == SCSI_PT_DO_TIMEOUT) {
316 fprintf(stderr, " pass through timeout\n");
319 const int duration = get_scsi_pt_duration_ms(ptvp);
320 if ((stl->verbose > 1) && (duration >= 0))
321 DLOG(" duration=%d ms\n", duration);
323 // XXX stlink fw sends broken residue, so ignore it and use the known q_len
324 // "usb-storage quirks=483:3744:r"
325 // forces residue to be ignored and calculated, but this causes aboard if
326 // data_len = 0 and by some other data_len values.
328 const int resid = get_scsi_pt_resid(ptvp);
329 const int dsize = stl->q_len - resid;
331 const int cat = get_scsi_pt_result_category(ptvp);
336 case SCSI_PT_RESULT_GOOD:
337 if (stl->verbose && (resid > 0))
338 DLOG(" notice: requested %d bytes but "
339 "got %d bytes, ignore [broken] residue = %d\n",
340 stl->q_len, dsize, resid);
342 case SCSI_PT_RESULT_STATUS:
344 sg_get_scsi_status_str(
345 get_scsi_pt_status_response(ptvp), sizeof (buf),
347 DLOG(" scsi status: %s\n", buf);
350 case SCSI_PT_RESULT_SENSE:
351 slen = get_scsi_pt_sense_len(ptvp);
353 sg_get_sense_str("", sl->sense_buf, slen, (stl->verbose
354 > 1), sizeof (buf), buf);
357 if (stl->verbose && (resid > 0)) {
358 if ((stl->verbose) || (stl->q_len > 0))
359 DLOG(" requested %d bytes but "
360 "got %d bytes\n", stl->q_len, dsize);
363 case SCSI_PT_RESULT_TRANSPORT_ERR:
365 get_scsi_pt_transport_err_str(ptvp, sizeof (buf), buf);
366 // http://tldp.org/HOWTO/SCSI-Generic-HOWTO/x291.html
367 // These codes potentially come from the firmware on a host adapter
368 // or from one of several hosts that an adapter driver controls.
369 // The 'host_status' field has the following values:
370 // [0x07] Internal error detected in the host adapter.
371 // This may not be fatal (and the command may have succeeded).
372 DLOG(" transport: %s", buf);
375 case SCSI_PT_RESULT_OS_ERR:
377 get_scsi_pt_os_err_str(ptvp, sizeof (buf), buf);
378 DLOG(" os: %s", buf);
382 fprintf(stderr, " unknown pass through result "
383 "category (%d)\n", cat);
389 * Just send a buffer on an endpoint, no questions asked.
390 * Handles repeats, and time outs. Also handles reading status reports and sense
391 * @param handle libusb device *
392 * @param endpoint_out sends
393 * @param endpoint_in used to read status reports back in
394 * @param cbuf what to send
395 * @param length how much to send
396 * @return number of bytes actually sent, or -1 for failures.
398 int send_usb_data_only(libusb_device_handle *handle, unsigned char endpoint_out,
399 unsigned char endpoint_in, unsigned char *cbuf, unsigned int length) {
401 int real_transferred;
404 DLOG("attempting tx...\n");
405 ret = libusb_bulk_transfer(handle, endpoint_out, cbuf, length,
406 &real_transferred, SG_TIMEOUT_MSEC);
407 if (ret == LIBUSB_ERROR_PIPE) {
408 libusb_clear_halt(handle, endpoint_out);
411 } while ((ret == LIBUSB_ERROR_PIPE) && (try < 3));
412 if (ret != LIBUSB_SUCCESS) {
413 WLOG("sending failed: %d\n", ret);
416 DLOG("Actually sent: %d\n", real_transferred);
418 // now, swallow up the status, so that things behave nicely...
419 uint32_t received_tag;
420 // -ve is for my errors, 0 is good, +ve is libusb sense status bytes
421 int status = get_usb_mass_storage_status(handle, endpoint_in, &received_tag);
423 WLOG("receiving status failed: %d\n", status);
427 WLOG("receiving status not passed :(: %02x\n", status);
430 get_sense(handle, endpoint_in, endpoint_out);
434 return real_transferred;
438 int stlink_q(stlink_t *sl) {
439 struct stlink_libsg* sg = sl->backend_data;
440 //uint8_t cdb_len = 6; // FIXME varies!!!
441 uint8_t cdb_len = 10; // FIXME varies!!!
442 uint8_t lun = 0; // always zero...
443 uint32_t tag = send_usb_mass_storage_command(sg->usb_handle, sg->ep_req,
444 sg->cdb_cmd_blk, cdb_len, lun, LIBUSB_ENDPOINT_IN, sl->q_len);
447 // now wait for our response...
448 // length copied from stlink-usb...
449 int rx_length = sl->q_len;
451 int real_transferred;
455 DLOG("attempting rx\n");
456 ret = libusb_bulk_transfer(sg->usb_handle, sg->ep_rep, sl->q_buf, rx_length,
457 &real_transferred, SG_TIMEOUT_MSEC);
458 if (ret == LIBUSB_ERROR_PIPE) {
459 libusb_clear_halt(sg->usb_handle, sg->ep_req);
462 } while ((ret == LIBUSB_ERROR_PIPE) && (try < 3));
464 if (ret != LIBUSB_SUCCESS) {
465 WLOG("Receiving failed: %d\n", ret);
469 if (real_transferred != rx_length) {
470 WLOG("received unexpected amount: %d != %d\n", real_transferred, rx_length);
474 uint32_t received_tag;
475 // -ve is for my errors, 0 is good, +ve is libusb sense status bytes
476 int status = get_usb_mass_storage_status(sg->usb_handle, sg->ep_rep, &received_tag);
478 WLOG("receiving status failed: %d\n", status);
482 WLOG("receiving status not passed :(: %02x\n", status);
485 get_sense(sg->usb_handle, sg->ep_rep, sg->ep_req);
488 if (received_tag != tag) {
489 WLOG("received tag %d but expected %d\n", received_tag, tag);
492 if (rx_length > 0 && real_transferred != rx_length) {
498 DLOG("Actually received: %d\n", real_transferred);
501 // Get control command descriptor of scsi structure,
502 // (one object per command!!)
503 struct sg_pt_base *ptvp = construct_scsi_pt_obj();
505 fprintf(stderr, "construct_scsi_pt_obj: out of memory\n");
509 set_scsi_pt_cdb(ptvp, sg->cdb_cmd_blk, sizeof (sg->cdb_cmd_blk));
511 // set buffer for sense (error information) data
512 set_scsi_pt_sense(ptvp, sg->sense_buf, sizeof (sg->sense_buf));
514 // Set a buffer to be used for data transferred from device
515 if (sg->q_data_dir == Q_DATA_IN) {
517 set_scsi_pt_data_in(ptvp, sl->q_buf, sl->q_len);
519 set_scsi_pt_data_out(ptvp, sl->q_buf, sl->q_len);
521 // Executes SCSI command (or at least forwards it to lower layers).
522 sg->do_scsi_pt_err = do_scsi_pt(ptvp, sg->sg_fd, SG_TIMEOUT_SEC,
525 // check for scsi errors
526 stlink_confirm_inq(sl, ptvp);
527 // TODO recycle: clear_scsi_pt_obj(struct sg_pt_base * objp);
528 destruct_scsi_pt_obj(ptvp);
532 // TODO thinking, cleanup
534 void stlink_stat(stlink_t *stl, char *txt) {
538 stlink_print_data(stl);
540 switch (stl->q_buf[0]) {
542 DLOG(" %s: ok\n", txt);
545 DLOG(" %s: false\n", txt);
548 DLOG(" %s: unknown\n", txt);
553 void _stlink_sg_version(stlink_t *stl) {
554 struct stlink_libsg *sl = stl->backend_data;
555 DLOG("\n*** stlink_version ***\n");
557 sl->cdb_cmd_blk[0] = STLINK_GET_VERSION;
561 // HACK use my own private version right now...
566 // STLINK_DEV_DFU_MODE || STLINK_DEV_MASS_MODE || STLINK_DEV_DEBUG_MODE
567 // usb dfu || usb mass || jtag or swd
569 int _stlink_sg_current_mode(stlink_t *stl) {
570 struct stlink_libsg *sl = stl->backend_data;
572 sl->cdb_cmd_blk[0] = STLINK_GET_CURRENT_MODE;
576 return stl->q_buf[0];
579 // Exit the mass mode and enter the swd debug mode.
581 void _stlink_sg_enter_swd_mode(stlink_t *sl) {
582 struct stlink_libsg *sg = sl->backend_data;
584 sg->cdb_cmd_blk[1] = STLINK_DEBUG_ENTER;
585 sg->cdb_cmd_blk[2] = STLINK_DEBUG_ENTER_SWD;
586 sl->q_len = 0; // >0 -> aboard
590 // Exit the mass mode and enter the jtag debug mode.
591 // (jtag is disabled in the discovery's stlink firmware)
593 void _stlink_sg_enter_jtag_mode(stlink_t *sl) {
594 struct stlink_libsg *sg = sl->backend_data;
595 DLOG("\n*** stlink_enter_jtag_mode ***\n");
597 sg->cdb_cmd_blk[1] = STLINK_DEBUG_ENTER;
598 sg->cdb_cmd_blk[2] = STLINK_DEBUG_ENTER_JTAG;
603 // XXX kernel driver performs reset, the device temporally disappears
605 void _stlink_sg_exit_dfu_mode(stlink_t *sl) {
606 struct stlink_libsg *sg = sl->backend_data;
607 DLOG("\n*** stlink_exit_dfu_mode ***\n");
609 sg->cdb_cmd_blk[0] = STLINK_DFU_COMMAND;
610 sg->cdb_cmd_blk[1] = STLINK_DFU_EXIT;
614 [135121.844564] sd 19:0:0:0: [sdb] Unhandled error code
615 [135121.844569] sd 19:0:0:0: [sdb] Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK
616 [135121.844574] sd 19:0:0:0: [sdb] CDB: Read(10): 28 00 00 00 10 00 00 00 08 00
617 [135121.844584] end_request: I/O error, dev sdb, sector 4096
618 [135121.844590] Buffer I/O error on device sdb, logical block 512
619 [135130.122567] usb 6-1: reset full speed USB device using uhci_hcd and address 7
620 [135130.274551] usb 6-1: device firmware changed
621 [135130.274618] usb 6-1: USB disconnect, address 7
622 [135130.275186] VFS: busy inodes on changed media or resized disk sdb
623 [135130.275424] VFS: busy inodes on changed media or resized disk sdb
624 [135130.286758] VFS: busy inodes on changed media or resized disk sdb
625 [135130.292796] VFS: busy inodes on changed media or resized disk sdb
626 [135130.301481] VFS: busy inodes on changed media or resized disk sdb
627 [135130.304316] VFS: busy inodes on changed media or resized disk sdb
628 [135130.431113] usb 6-1: new full speed USB device using uhci_hcd and address 8
629 [135130.629444] usb-storage 6-1:1.0: Quirks match for vid 0483 pid 3744: 102a1
630 [135130.629492] scsi20 : usb-storage 6-1:1.0
631 [135131.625600] scsi 20:0:0:0: Direct-Access STM32 PQ: 0 ANSI: 0
632 [135131.627010] sd 20:0:0:0: Attached scsi generic sg2 type 0
633 [135131.633603] sd 20:0:0:0: [sdb] 64000 512-byte logical blocks: (32.7 MB/31.2 MiB)
634 [135131.633613] sd 20:0:0:0: [sdb] Assuming Write Enabled
635 [135131.633620] sd 20:0:0:0: [sdb] Assuming drive cache: write through
636 [135131.640584] sd 20:0:0:0: [sdb] Assuming Write Enabled
637 [135131.640592] sd 20:0:0:0: [sdb] Assuming drive cache: write through
639 [135131.652634] sd 20:0:0:0: [sdb] Assuming Write Enabled
640 [135131.652639] sd 20:0:0:0: [sdb] Assuming drive cache: write through
641 [135131.652645] sd 20:0:0:0: [sdb] Attached SCSI removable disk
642 [135131.671536] sd 20:0:0:0: [sdb] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
643 [135131.671548] sd 20:0:0:0: [sdb] Sense Key : Illegal Request [current]
644 [135131.671553] sd 20:0:0:0: [sdb] Add. Sense: Logical block address out of range
645 [135131.671560] sd 20:0:0:0: [sdb] CDB: Read(10): 28 00 00 00 f9 80 00 00 08 00
646 [135131.671570] end_request: I/O error, dev sdb, sector 63872
647 [135131.671575] Buffer I/O error on device sdb, logical block 7984
648 [135131.678527] sd 20:0:0:0: [sdb] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
649 [135131.678532] sd 20:0:0:0: [sdb] Sense Key : Illegal Request [current]
650 [135131.678537] sd 20:0:0:0: [sdb] Add. Sense: Logical block address out of range
651 [135131.678542] sd 20:0:0:0: [sdb] CDB: Read(10): 28 00 00 00 f9 80 00 00 08 00
652 [135131.678551] end_request: I/O error, dev sdb, sector 63872
654 [135131.853565] end_request: I/O error, dev sdb, sector 4096
658 void _stlink_sg_core_id(stlink_t *sl) {
659 struct stlink_libsg *sg = sl->backend_data;
661 sg->cdb_cmd_blk[1] = STLINK_DEBUG_READCOREID;
665 sl->core_id = read_uint32(sl->q_buf, 0);
668 // Arm-core reset -> halted state.
670 void _stlink_sg_reset(stlink_t *sl) {
671 struct stlink_libsg *sg = sl->backend_data;
673 sg->cdb_cmd_blk[1] = STLINK_DEBUG_RESETSYS;
677 stlink_stat(sl, "core reset");
680 // Arm-core status: halted or running.
682 void _stlink_sg_status(stlink_t *sl) {
683 struct stlink_libsg *sg = sl->backend_data;
684 DLOG("\n*** stlink_status ***\n");
686 sg->cdb_cmd_blk[1] = STLINK_DEBUG_GETSTATUS;
692 // Force the core into the debug mode -> halted state.
694 void _stlink_sg_force_debug(stlink_t *sl) {
695 struct stlink_libsg *sg = sl->backend_data;
696 DLOG("\n*** stlink_force_debug ***\n");
698 sg->cdb_cmd_blk[1] = STLINK_DEBUG_FORCEDEBUG;
702 stlink_stat(sl, "force debug");
705 // Read all arm-core registers.
707 void _stlink_sg_read_all_regs(stlink_t *sl, reg *regp) {
708 struct stlink_libsg *sg = sl->backend_data;
711 sg->cdb_cmd_blk[1] = STLINK_DEBUG_READALLREGS;
715 stlink_print_data(sl);
717 // TODO - most of this should be re-extracted up....
719 // 0-3 | 4-7 | ... | 60-63 | 64-67 | 68-71 | 72-75 | 76-79 | 80-83
720 // r0 | r1 | ... | r15 | xpsr | main_sp | process_sp | rw | rw2
721 for (int i = 0; i < 16; i++) {
722 regp->r[i] = read_uint32(sl->q_buf, 4 * i);
724 DLOG("r%2d = 0x%08x\n", i, regp->r[i]);
726 regp->xpsr = read_uint32(sl->q_buf, 64);
727 regp->main_sp = read_uint32(sl->q_buf, 68);
728 regp->process_sp = read_uint32(sl->q_buf, 72);
729 regp->rw = read_uint32(sl->q_buf, 76);
730 regp->rw2 = read_uint32(sl->q_buf, 80);
734 DLOG("xpsr = 0x%08x\n", regp->xpsr);
735 DLOG("main_sp = 0x%08x\n", regp->main_sp);
736 DLOG("process_sp = 0x%08x\n", regp->process_sp);
737 DLOG("rw = 0x%08x\n", regp->rw);
738 DLOG("rw2 = 0x%08x\n", regp->rw2);
741 // Read an arm-core register, the index must be in the range 0..20.
742 // 0 | 1 | ... | 15 | 16 | 17 | 18 | 19 | 20
743 // r0 | r1 | ... | r15 | xpsr | main_sp | process_sp | rw | rw2
745 void _stlink_sg_read_reg(stlink_t *sl, int r_idx, reg *regp) {
746 struct stlink_libsg *sg = sl->backend_data;
748 sg->cdb_cmd_blk[1] = STLINK_DEBUG_READREG;
749 sg->cdb_cmd_blk[2] = r_idx;
753 // 0 | 1 | ... | 15 | 16 | 17 | 18 | 19 | 20
754 // 0-3 | 4-7 | ... | 60-63 | 64-67 | 68-71 | 72-75 | 76-79 | 80-83
755 // r0 | r1 | ... | r15 | xpsr | main_sp | process_sp | rw | rw2
756 stlink_print_data(sl);
758 uint32_t r = read_uint32(sl->q_buf, 0);
759 DLOG("r_idx (%2d) = 0x%08x\n", r_idx, r);
769 regp->process_sp = r;
772 regp->rw = r; //XXX ?(primask, basemask etc.)
775 regp->rw2 = r; //XXX ?(primask, basemask etc.)
782 // Write an arm-core register. Index:
783 // 0 | 1 | ... | 15 | 16 | 17 | 18 | 19 | 20
784 // r0 | r1 | ... | r15 | xpsr | main_sp | process_sp | rw | rw2
786 void _stlink_sg_write_reg(stlink_t *sl, uint32_t reg, int idx) {
787 struct stlink_libsg *sg = sl->backend_data;
789 sg->cdb_cmd_blk[1] = STLINK_DEBUG_WRITEREG;
792 sg->cdb_cmd_blk[2] = idx;
793 write_uint32(sg->cdb_cmd_blk + 3, reg);
797 stlink_stat(sl, "write reg");
800 // Write a register of the debug module of the core.
801 // XXX ?(atomic writes)
804 void stlink_write_dreg(stlink_t *sl, uint32_t reg, uint32_t addr) {
805 struct stlink_libsg *sg = sl->backend_data;
806 DLOG("\n*** stlink_write_dreg ***\n");
808 sg->cdb_cmd_blk[1] = STLINK_DEBUG_WRITEDEBUGREG;
809 // 2-5: address of reg of the debug module
811 write_uint32(sg->cdb_cmd_blk + 2, addr);
812 write_uint32(sg->cdb_cmd_blk + 6, reg);
816 stlink_stat(sl, "write debug reg");
819 // Force the core exit the debug mode.
821 void _stlink_sg_run(stlink_t *sl) {
822 struct stlink_libsg *sg = sl->backend_data;
823 DLOG("\n*** stlink_run ***\n");
825 sg->cdb_cmd_blk[1] = STLINK_DEBUG_RUNCORE;
829 stlink_stat(sl, "run core");
832 // Step the arm-core.
834 void _stlink_sg_step(stlink_t *sl) {
835 struct stlink_libsg *sg = sl->backend_data;
837 sg->cdb_cmd_blk[1] = STLINK_DEBUG_STEPCORE;
841 stlink_stat(sl, "step core");
845 // see Cortex-M3 Technical Reference Manual
846 // TODO make delegate!
847 void stlink_set_hw_bp(stlink_t *sl, int fp_nr, uint32_t addr, int fp) {
848 DLOG("\n*** stlink_set_hw_bp ***\n");
849 struct stlink_libsg *sg = sl->backend_data;
851 sg->cdb_cmd_blk[1] = STLINK_DEBUG_SETFP;
852 // 2:The number of the flash patch used to set the breakpoint
853 // 3-6: Address of the breakpoint (LSB)
854 // 7: FP_ALL (0x02) / FP_UPPER (0x01) / FP_LOWER (0x00)
855 sl->q_buf[2] = fp_nr;
856 write_uint32(sl->q_buf, addr);
861 stlink_stat(sl, "set flash breakpoint");
866 // TODO make delegate!
867 void stlink_clr_hw_bp(stlink_t *sl, int fp_nr) {
868 struct stlink_libsg *sg = sl->backend_data;
869 DLOG("\n*** stlink_clr_hw_bp ***\n");
871 sg->cdb_cmd_blk[1] = STLINK_DEBUG_CLEARFP;
872 sg->cdb_cmd_blk[2] = fp_nr;
876 stlink_stat(sl, "clear flash breakpoint");
879 // Read a "len" bytes to the sl->q_buf from the memory, max 6kB (6144 bytes)
881 void _stlink_sg_read_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
882 struct stlink_libsg *sg = sl->backend_data;
884 sg->cdb_cmd_blk[1] = STLINK_DEBUG_READMEM_32BIT;
887 write_uint32(sg->cdb_cmd_blk + 2, addr);
888 write_uint16(sg->cdb_cmd_blk + 6, len);
890 // data_in 0-0x40-len
891 // !!! len _and_ q_len must be max 6k,
892 // i.e. >1024 * 6 = 6144 -> aboard)
893 // !!! if len < q_len: 64*k, 1024*n, n=1..5 -> aboard
894 // (broken residue issue)
898 stlink_print_data(sl);
901 // Write a "len" bytes from the sl->q_buf to the memory, max 64 Bytes.
903 void _stlink_sg_write_mem8(stlink_t *sl, uint32_t addr, uint16_t len) {
904 struct stlink_libsg *sg = sl->backend_data;
906 sg->cdb_cmd_blk[1] = STLINK_DEBUG_WRITEMEM_8BIT;
908 // 6-7: len (>0x40 (64) -> aboard)
909 write_uint32(sg->cdb_cmd_blk + 2, addr);
910 write_uint16(sg->cdb_cmd_blk + 6, len);
912 // this sends the command...
913 send_usb_mass_storage_command(sg->usb_handle, sg->ep_req, sg->cdb_cmd_blk, CDB_SL, 0, 0, 0);
914 // This sends the data...
915 send_usb_data_only(sg->usb_handle, sg->ep_req, sg->ep_rep, sl->q_buf, len);
916 stlink_print_data(sl);
919 // Write a "len" bytes from the sl->q_buf to the memory, max Q_BUF_LEN bytes.
921 void _stlink_sg_write_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
922 struct stlink_libsg *sg = sl->backend_data;
924 sg->cdb_cmd_blk[1] = STLINK_DEBUG_WRITEMEM_32BIT;
926 // 6-7: len "unlimited"
927 write_uint32(sg->cdb_cmd_blk + 2, addr);
928 write_uint16(sg->cdb_cmd_blk + 6, len);
930 // this sends the command...
931 send_usb_mass_storage_command(sg->usb_handle, sg->ep_req, sg->cdb_cmd_blk, CDB_SL, 0, 0, 0);
932 // This sends the data...
933 send_usb_data_only(sg->usb_handle, sg->ep_req, sg->ep_rep, sl->q_buf, len);
935 stlink_print_data(sl);
938 #if 0 /* not working */
940 static int write_flash_mem16
941 (struct stlink* sl, uint32_t addr, uint16_t val) {
942 /* half word writes */
943 if (addr % 2) return -1;
945 /* unlock if locked */
948 /* set flash programming chosen bit */
951 write_uint16(sl->q_buf, val);
952 stlink_write_mem16(sl, addr, 2);
954 /* wait for non business */
959 /* check the programmed value back */
960 stlink_read_mem16(sl, addr, 2);
961 if (*(const uint16_t*) sl->q_buf != val) {
962 /* values differ at i * sizeof(uint16_t) */
969 #endif /* not working */
971 // Exit the jtag or swd mode and enter the mass mode.
973 void _stlink_sg_exit_debug_mode(stlink_t *stl) {
976 struct stlink_libsg* sl = stl->backend_data;
978 sl->cdb_cmd_blk[1] = STLINK_DEBUG_EXIT;
979 stl->q_len = 0; // >0 -> aboard
985 // 1) open a sg device, switch the stlink from dfu to mass mode
986 // 2) wait 5s until the kernel driver stops reseting the broken device
987 // 3) reopen the device
988 // 4) the device driver is now ready for a switch to jtag/swd mode
989 // TODO thinking, better error handling, wait until the kernel driver stops reseting the plugged-in device
991 stlink_backend_t _stlink_sg_backend = {
993 _stlink_sg_exit_debug_mode,
994 _stlink_sg_enter_swd_mode,
995 _stlink_sg_enter_jtag_mode,
996 _stlink_sg_exit_dfu_mode,
1002 _stlink_sg_read_mem32,
1003 _stlink_sg_write_mem32,
1004 _stlink_sg_write_mem8,
1005 _stlink_sg_read_all_regs,
1006 _stlink_sg_read_reg,
1007 _stlink_sg_write_reg,
1009 _stlink_sg_current_mode,
1010 _stlink_sg_force_debug
1013 static stlink_t* stlink_open(const int verbose) {
1015 stlink_t *sl = malloc(sizeof (stlink_t));
1016 memset(sl, 0, sizeof(stlink_t));
1017 struct stlink_libsg *slsg = malloc(sizeof (struct stlink_libsg));
1018 if (sl == NULL || slsg == NULL) {
1019 WLOG("Couldn't malloc stlink and stlink_sg structures out of memory!\n");
1023 if (libusb_init(&(slsg->libusb_ctx))) {
1024 WLOG("failed to init libusb context, wrong version of libraries?\n");
1030 libusb_set_debug(slsg->libusb_ctx, 3);
1032 slsg->usb_handle = libusb_open_device_with_vid_pid(slsg->libusb_ctx, USB_ST_VID, USB_STLINK_PID);
1033 if (slsg->usb_handle == NULL) {
1034 WLOG("Failed to find an stlink v1 by VID:PID\n");
1035 libusb_close(slsg->usb_handle);
1042 // Could read the interface config descriptor, and assert lots of the assumptions
1044 // assumption: numInterfaces is always 1...
1045 if (libusb_kernel_driver_active(slsg->usb_handle, 0) == 1) {
1046 int r = libusb_detach_kernel_driver(slsg->usb_handle, 0);
1048 WLOG("libusb_detach_kernel_driver(() error %s\n", strerror(-r));
1049 libusb_close(slsg->usb_handle);
1054 DLOG("Kernel driver was successfully detached\n");
1058 if (libusb_get_configuration(slsg->usb_handle, &config)) {
1059 /* this may fail for a previous configured device */
1060 WLOG("libusb_get_configuration()\n");
1061 libusb_close(slsg->usb_handle);
1068 // assumption: bConfigurationValue is always 1
1070 WLOG("Your stlink got into a real weird configuration, trying to fix it!\n");
1071 DLOG("setting new configuration (%d -> 1)\n", config);
1072 if (libusb_set_configuration(slsg->usb_handle, 1)) {
1073 /* this may fail for a previous configured device */
1074 WLOG("libusb_set_configuration() failed\n");
1075 libusb_close(slsg->usb_handle);
1082 if (libusb_claim_interface(slsg->usb_handle, 0)) {
1083 WLOG("libusb_claim_interface() failed\n");
1084 libusb_close(slsg->usb_handle);
1090 // assumption: endpoint config is fixed mang. really.
1091 slsg->ep_rep = 1 /* ep rep */ | LIBUSB_ENDPOINT_IN;
1092 slsg->ep_req = 2 /* ep req */ | LIBUSB_ENDPOINT_OUT;
1094 DLOG("Successfully opened stlinkv1 by libusb :)\n");
1096 sl->verbose = verbose;
1097 sl->backend_data = slsg;
1098 sl->backend = &_stlink_sg_backend;
1100 sl->core_stat = STLINK_CORE_STAT_UNKNOWN;
1103 /* flash memory settings */
1104 sl->flash_base = STM32_FLASH_BASE;
1105 sl->flash_size = STM32_FLASH_SIZE;
1106 sl->flash_pgsz = STM32_FLASH_PGSZ;
1109 sl->sys_base = STM32_SYSTEM_BASE;
1110 sl->sys_size = STM32_SYSTEM_SIZE;
1112 /* sram memory settings */
1113 sl->sram_base = STM32_SRAM_BASE;
1114 sl->sram_size = STM32_SRAM_SIZE;
1121 stlink_t* stlink_v1_open(const int verbose) {
1123 stlink_t *sl = stlink_open(verbose);
1125 fputs("Error: could not open stlink device\n", stderr);
1131 if ((sl->version.st_vid != USB_ST_VID) || (sl->version.stlink_pid != USB_STLINK_PID)) {
1132 ugly_log(UERROR, LOG_TAG,
1133 "WTF? successfully opened, but unable to read version details. BROKEN!\n");
1137 DLOG("Reading current mode...\n");
1138 switch (stlink_current_mode(sl)) {
1139 case STLINK_DEV_MASS_MODE:
1141 case STLINK_DEV_DEBUG_MODE:
1146 DLOG("Attempting to exit DFU mode\n");
1147 _stlink_sg_exit_dfu_mode(sl);
1149 // exit the dfu mode -> the device is gone
1150 DLOG("\n*** reopen the stlink device ***\n");
1155 DLOG("Attempting to reopen the stlink...\n");
1156 sl = stlink_open(verbose);
1158 fputs("Error: could not open stlink device\n", stderr);
1161 // re-query device info