2 Copyright (c) 2010 "Capt'ns Missing Link" Authors. All rights reserved.
3 Use of this source code is governed by a BSD-style
4 license that can be found in the LICENSE file.
6 A linux stlink access demo. The purpose of this file is to mitigate the usual
7 "reinventing the wheel" force by incompatible licenses and give you an idea,
8 how to access the stlink device. That doesn't mean you should be a free-loader
9 and not contribute your improvements to this code.
11 Author: Martin Capitanio <m@capitanio.org>
12 The stlink related constants kindly provided by Oliver Spencer (OpenOCD)
13 for use in a GPL compatible license.
15 Code format ~ TAB = 8, K&R, linux kernel source, golang oriented
16 Tested compatibility: linux, gcc >= 4.3.3
18 The communication is based on standard USB mass storage device
19 BOT (Bulk Only Transfer)
20 - Endpoint 1: BULK_IN, 64 bytes max
21 - Endpoint 2: BULK_OUT, 64 bytes max
23 All CBW transfers are ordered with the LSB (byte 0) first (little endian).
24 Any command must be answered before sending the next command.
25 Each USB transfer must complete in less than 1s.
27 SB Device Class Definition for Mass Storage Devices:
28 www.usb.org/developers/devclass_docs/usbmassbulk_10.pdf
30 dt - Data Transfer (IN/OUT)
31 CBW - Command Block Wrapper
32 CSW - Command Status Wrapper
33 RFU - Reserved for Future Use
34 scsi_pt - SCSI pass-through
38 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob_plain;f=Documentation/kernel-parameters.txt
39 Each entry has the form VID:PID:Flags where VID and PID are Vendor and Product
40 ID values (4-digit hex numbers) and Flags is a set of characters, each corresponding
41 to a common usb-storage quirk flag as follows:
43 a = SANE_SENSE (collect more than 18 bytes of sense data);
44 b = BAD_SENSE (don't collect more than 18 bytes of sense data);
45 c = FIX_CAPACITY (decrease the reported device capacity by one sector);
46 h = CAPACITY_HEURISTICS (decrease the reported device capacity by one sector if the number is odd);
47 i = IGNORE_DEVICE (don't bind to this device);
48 l = NOT_LOCKABLE (don't try to lock and unlock ejectable media);
49 m = MAX_SECTORS_64 (don't transfer more than 64 sectors = 32 KB at a time);
50 o = CAPACITY_OK (accept the capacity reported by the device);
51 r = IGNORE_RESIDUE (the device reports bogus residue values);
52 s = SINGLE_LUN (the device has only one Logical Unit);
53 w = NO_WP_DETECT (don't test whether the medium is write-protected).
55 Example: quirks=0419:aaf5:rl,0421:0433:rc
56 http://permalink.gmane.org/gmane.linux.usb.general/35053
58 modprobe -r usb-storage && modprobe usb-storage quirks=483:3744:l
60 Equivalently, you can add a line saying
62 options usb-storage quirks=483:3744:l
64 to your /etc/modprobe.conf or /etc/modprobe.d/local.conf (or add the "quirks=..."
65 part to an existing options line for usb-storage).
67 https://wiki.kubuntu.org/Kernel/Debugging/USB explains the protocoll and
68 would allow to replace the sg access to pure libusb access
80 #include <sys/types.h>
84 #include "stlink-common.h"
85 #include "stlink-sg.h"
86 #include "uglylogging.h"
88 #define LOG_TAG __FILE__
89 #define DLOG(format, args...) ugly_log(UDEBUG, LOG_TAG, format, ## args)
90 #define ILOG(format, args...) ugly_log(UINFO, LOG_TAG, format, ## args)
91 #define WLOG(format, args...) ugly_log(UWARN, LOG_TAG, format, ## args)
92 #define fatal(format, args...) ugly_log(UFATAL, LOG_TAG, format, ## args)
94 // Suspends execution of the calling process for
95 // (at least) ms milliseconds.
97 static void delay(int ms) {
98 //fprintf(stderr, "*** wait %d ms\n", ms);
102 static void clear_cdb(struct stlink_libsg *sl) {
103 for (size_t i = 0; i < sizeof (sl->cdb_cmd_blk); i++)
104 sl->cdb_cmd_blk[i] = 0;
106 sl->cdb_cmd_blk[0] = STLINK_DEBUG_COMMAND;
107 sl->q_data_dir = Q_DATA_IN;
110 // E.g. make the valgrind happy.
112 static void clear_buf(stlink_t *sl) {
113 DLOG("*** clear_buf ***\n");
114 for (size_t i = 0; i < sizeof (sl->q_buf); i++)
119 // close the device, free the allocated memory
121 void _stlink_sg_close(stlink_t *sl) {
124 struct stlink_libsg *slsg = sl->backend_data;
125 scsi_pt_close_device(slsg->sg_fd);
132 //TODO rewrite/cleanup, save the error in sl
135 static void stlink_confirm_inq(stlink_t *stl, struct sg_pt_base *ptvp) {
136 struct stlink_libsg *sl = stl->backend_data;
137 const int e = sl->do_scsi_pt_err;
139 fprintf(stderr, "scsi_pt error: pass through os error: %s\n",
142 } else if (e == SCSI_PT_DO_BAD_PARAMS) {
143 fprintf(stderr, "scsi_pt error: bad pass through setup\n");
145 } else if (e == SCSI_PT_DO_TIMEOUT) {
146 fprintf(stderr, " pass through timeout\n");
149 const int duration = get_scsi_pt_duration_ms(ptvp);
150 if ((stl->verbose > 1) && (duration >= 0))
151 DLOG(" duration=%d ms\n", duration);
153 // XXX stlink fw sends broken residue, so ignore it and use the known q_len
154 // "usb-storage quirks=483:3744:r"
155 // forces residue to be ignored and calculated, but this causes aboard if
156 // data_len = 0 and by some other data_len values.
158 const int resid = get_scsi_pt_resid(ptvp);
159 const int dsize = stl->q_len - resid;
161 const int cat = get_scsi_pt_result_category(ptvp);
166 case SCSI_PT_RESULT_GOOD:
167 if (stl->verbose && (resid > 0))
168 DLOG(" notice: requested %d bytes but "
169 "got %d bytes, ignore [broken] residue = %d\n",
170 stl->q_len, dsize, resid);
172 case SCSI_PT_RESULT_STATUS:
174 sg_get_scsi_status_str(
175 get_scsi_pt_status_response(ptvp), sizeof (buf),
177 DLOG(" scsi status: %s\n", buf);
180 case SCSI_PT_RESULT_SENSE:
181 slen = get_scsi_pt_sense_len(ptvp);
183 sg_get_sense_str("", sl->sense_buf, slen, (stl->verbose
184 > 1), sizeof (buf), buf);
187 if (stl->verbose && (resid > 0)) {
188 if ((stl->verbose) || (stl->q_len > 0))
189 DLOG(" requested %d bytes but "
190 "got %d bytes\n", stl->q_len, dsize);
193 case SCSI_PT_RESULT_TRANSPORT_ERR:
195 get_scsi_pt_transport_err_str(ptvp, sizeof (buf), buf);
196 // http://tldp.org/HOWTO/SCSI-Generic-HOWTO/x291.html
197 // These codes potentially come from the firmware on a host adapter
198 // or from one of several hosts that an adapter driver controls.
199 // The 'host_status' field has the following values:
200 // [0x07] Internal error detected in the host adapter.
201 // This may not be fatal (and the command may have succeeded).
202 DLOG(" transport: %s", buf);
205 case SCSI_PT_RESULT_OS_ERR:
207 get_scsi_pt_os_err_str(ptvp, sizeof (buf), buf);
208 DLOG(" os: %s", buf);
212 fprintf(stderr, " unknown pass through result "
213 "category (%d)\n", cat);
218 static int dump_CDB_command(uint8_t *cdb, uint8_t cdb_len) {
220 char *dbugp = dbugblah;
221 dbugp += sprintf(dbugp, "Sending CDB [");
222 for (uint8_t i = 0; i < cdb_len; i++) {
223 dbugp += sprintf(dbugp, " %#02x", (unsigned int) cdb[i]);
225 sprintf(dbugp, "]\n");
231 * Wraps a CDB mass storage command in the appropriate gunk to get it down
238 * @param expected_rx_size
241 int send_usb_mass_storage_command(libusb_device_handle *handle, uint8_t endpoint_out,
242 uint8_t *cdb, uint8_t cdb_length,
243 uint8_t lun, uint8_t flags, uint32_t expected_rx_size) {
244 DLOG("Sending usb m-s cmd: cdblen:%d, rxsize=%d\n", cdb_length, expected_rx_size);
245 dump_CDB_command(cdb, cdb_length);
254 int real_transferred;
257 uint8_t c_buf[STLINK_SG_SIZE];
258 // tag is allegedly ignored... TODO - verify
263 write_uint32(&c_buf[i], tag);
264 uint32_t this_tag = tag++;
265 write_uint32(&c_buf[i+4], expected_rx_size);
270 c_buf[i++] = cdb_length;
272 // Now the actual CDB request
273 assert(cdb_length <= CDB_SL);
274 memcpy(&(c_buf[i]), cdb, cdb_length);
276 int sending_length = STLINK_SG_SIZE;
277 DLOG("sending length set to: %d\n", sending_length);
281 DLOG("attempting tx...\n");
282 ret = libusb_bulk_transfer(handle, endpoint_out, c_buf, sending_length,
283 &real_transferred, SG_TIMEOUT_MSEC);
284 if (ret == LIBUSB_ERROR_PIPE) {
285 libusb_clear_halt(handle, endpoint_out);
288 } while ((ret == LIBUSB_ERROR_PIPE) && (try < 3));
289 if (ret != LIBUSB_SUCCESS) {
290 WLOG("sending failed: %d\n", ret);
293 DLOG("Actually sent: %d, returning tag: %d\n", real_transferred, tag);
298 static int get_usb_mass_storage_status(libusb_device_handle *handle, uint8_t endpoint, uint32_t *tag)
300 unsigned char csw[13];
301 memset(csw, 0, sizeof(csw));
306 ret = libusb_bulk_transfer(handle, endpoint, (unsigned char *)&csw, sizeof(csw),
307 &transferred, SG_TIMEOUT_MSEC);
308 if (ret == LIBUSB_ERROR_PIPE) {
309 libusb_clear_halt(handle, endpoint);
312 } while ((ret == LIBUSB_ERROR_PIPE) && (try < 3));
313 if (ret != LIBUSB_SUCCESS) {
314 fprintf(stderr, "%s: receiving failed: %d\n", __func__, ret);
317 if (transferred != sizeof(csw)) {
318 fprintf(stderr, "%s: received unexpected amount: %d\n", __func__, transferred);
322 uint32_t rsig = read_uint32(csw, 0);
323 uint32_t rtag = read_uint32(csw, 4);
324 uint32_t residue = read_uint32(csw, 8);
325 #define USB_CSW_SIGNATURE 0x53425355 // 'U' 'S' 'B' 'S' (reversed)
326 if (rsig != USB_CSW_SIGNATURE) {
327 WLOG("status signature was invalid: %#x\n", rsig);
330 DLOG("residue was= %#x\n", residue);
332 uint8_t rstatus = csw[12];
333 DLOG("rstatus = %x\n", rstatus);
338 * Straight from stm8 stlink code...
341 * @param endpoint_out
344 get_sense(libusb_device_handle *handle, uint8_t endpoint_in, uint8_t endpoint_out)
346 DLOG("Fetching sense...\n");
348 memset(cdb, 0, sizeof(cdb));
349 #define REQUEST_SENSE 0x03
350 #define REQUEST_SENSE_LENGTH 18
351 cdb[0] = REQUEST_SENSE;
352 cdb[4] = REQUEST_SENSE_LENGTH;
353 uint32_t tag = send_usb_mass_storage_command(handle, endpoint_out, cdb, sizeof(cdb), 0,
354 LIBUSB_ENDPOINT_IN, REQUEST_SENSE_LENGTH);
356 WLOG("refusing to send request sense with tag 0\n");
359 unsigned char sense[REQUEST_SENSE_LENGTH];
364 ret = libusb_bulk_transfer(handle, endpoint_in, sense, sizeof(sense),
365 &transferred, SG_TIMEOUT_MSEC);
366 if (ret == LIBUSB_ERROR_PIPE) {
367 libusb_clear_halt(handle, endpoint_in);
370 } while ((ret == LIBUSB_ERROR_PIPE) && (try < 3));
371 if (ret != LIBUSB_SUCCESS) {
372 WLOG("receiving sense failed: %d\n", ret);
375 if (transferred != sizeof(sense)) {
376 WLOG("received unexpected amount of sense: %d != %d\n", transferred, sizeof(sense));
378 uint32_t received_tag;
379 int status = get_usb_mass_storage_status(handle, endpoint_in, &received_tag);
381 WLOG("receiving sense failed with status: %02x\n", status);
384 if (sense[0] != 0x70 && sense[0] != 0x71) {
385 WLOG("No sense data\n");
387 WLOG("Sense KCQ: %02X %02X %02X\n", sense[2] & 0x0f, sense[12], sense[13]);
391 int stlink_q(stlink_t *sl) {
392 struct stlink_libsg* sg = sl->backend_data;
393 //uint8_t cdb_len = 6; // FIXME varies!!!
394 uint8_t cdb_len = 10; // FIXME varies!!!
395 uint8_t lun = 0; // always zero...
396 uint32_t tag = send_usb_mass_storage_command(sg->usb_handle, sg->ep_req,
397 sg->cdb_cmd_blk, cdb_len, lun, LIBUSB_ENDPOINT_IN, sl->q_len);
400 // now wait for our response...
401 // length copied from stlink-usb...
402 int rx_length = sl->q_len;
404 int real_transferred;
408 DLOG("attempting rx\n");
409 ret = libusb_bulk_transfer(sg->usb_handle, sg->ep_rep, sl->q_buf, rx_length,
410 &real_transferred, SG_TIMEOUT_MSEC);
411 if (ret == LIBUSB_ERROR_PIPE) {
412 libusb_clear_halt(sg->usb_handle, sg->ep_req);
415 } while ((ret == LIBUSB_ERROR_PIPE) && (try < 3));
417 if (ret != LIBUSB_SUCCESS) {
418 WLOG("Receiving failed: %d\n", ret);
422 if (real_transferred != rx_length) {
423 WLOG("received unexpected amount: %d != %d\n", real_transferred, rx_length);
427 uint32_t received_tag;
428 // -ve is for my errors, 0 is good, +ve is libusb sense status bytes
429 int status = get_usb_mass_storage_status(sg->usb_handle, sg->ep_rep, &received_tag);
431 WLOG("receiving status failed: %d\n", status);
435 WLOG("receiving status not passed :(: %02x\n", status);
438 get_sense(sg->usb_handle, sg->ep_rep, sg->ep_req);
441 if (received_tag != tag) {
442 WLOG("received tag %d but expected %d\n", received_tag, tag);
445 if (rx_length > 0 && real_transferred != rx_length) {
451 DLOG("Actually received: %d\n", real_transferred);
454 // Get control command descriptor of scsi structure,
455 // (one object per command!!)
456 struct sg_pt_base *ptvp = construct_scsi_pt_obj();
458 fprintf(stderr, "construct_scsi_pt_obj: out of memory\n");
462 set_scsi_pt_cdb(ptvp, sg->cdb_cmd_blk, sizeof (sg->cdb_cmd_blk));
464 // set buffer for sense (error information) data
465 set_scsi_pt_sense(ptvp, sg->sense_buf, sizeof (sg->sense_buf));
467 // Set a buffer to be used for data transferred from device
468 if (sg->q_data_dir == Q_DATA_IN) {
470 set_scsi_pt_data_in(ptvp, sl->q_buf, sl->q_len);
472 set_scsi_pt_data_out(ptvp, sl->q_buf, sl->q_len);
474 // Executes SCSI command (or at least forwards it to lower layers).
475 sg->do_scsi_pt_err = do_scsi_pt(ptvp, sg->sg_fd, SG_TIMEOUT_SEC,
478 // check for scsi errors
479 stlink_confirm_inq(sl, ptvp);
480 // TODO recycle: clear_scsi_pt_obj(struct sg_pt_base * objp);
481 destruct_scsi_pt_obj(ptvp);
485 // TODO thinking, cleanup
487 void stlink_stat(stlink_t *stl, char *txt) {
491 stlink_print_data(stl);
493 switch (stl->q_buf[0]) {
495 DLOG(" %s: ok\n", txt);
498 DLOG(" %s: false\n", txt);
501 DLOG(" %s: unknown\n", txt);
506 void _stlink_sg_version(stlink_t *stl) {
507 struct stlink_libsg *sl = stl->backend_data;
508 DLOG("\n*** stlink_version ***\n");
510 sl->cdb_cmd_blk[0] = STLINK_GET_VERSION;
514 // HACK use my own private version right now...
519 // STLINK_DEV_DFU_MODE || STLINK_DEV_MASS_MODE || STLINK_DEV_DEBUG_MODE
520 // usb dfu || usb mass || jtag or swd
522 int _stlink_sg_current_mode(stlink_t *stl) {
523 struct stlink_libsg *sl = stl->backend_data;
525 sl->cdb_cmd_blk[0] = STLINK_GET_CURRENT_MODE;
529 return stl->q_buf[0];
532 // Exit the mass mode and enter the swd debug mode.
534 void _stlink_sg_enter_swd_mode(stlink_t *sl) {
535 struct stlink_libsg *sg = sl->backend_data;
537 sg->cdb_cmd_blk[1] = STLINK_DEBUG_ENTER;
538 sg->cdb_cmd_blk[2] = STLINK_DEBUG_ENTER_SWD;
539 sl->q_len = 0; // >0 -> aboard
543 // Exit the mass mode and enter the jtag debug mode.
544 // (jtag is disabled in the discovery's stlink firmware)
546 void _stlink_sg_enter_jtag_mode(stlink_t *sl) {
547 struct stlink_libsg *sg = sl->backend_data;
548 DLOG("\n*** stlink_enter_jtag_mode ***\n");
550 sg->cdb_cmd_blk[1] = STLINK_DEBUG_ENTER;
551 sg->cdb_cmd_blk[2] = STLINK_DEBUG_ENTER_JTAG;
556 // XXX kernel driver performs reset, the device temporally disappears
558 void _stlink_sg_exit_dfu_mode(stlink_t *sl) {
559 struct stlink_libsg *sg = sl->backend_data;
560 DLOG("\n*** stlink_exit_dfu_mode ***\n");
562 sg->cdb_cmd_blk[0] = STLINK_DFU_COMMAND;
563 sg->cdb_cmd_blk[1] = STLINK_DFU_EXIT;
567 [135121.844564] sd 19:0:0:0: [sdb] Unhandled error code
568 [135121.844569] sd 19:0:0:0: [sdb] Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK
569 [135121.844574] sd 19:0:0:0: [sdb] CDB: Read(10): 28 00 00 00 10 00 00 00 08 00
570 [135121.844584] end_request: I/O error, dev sdb, sector 4096
571 [135121.844590] Buffer I/O error on device sdb, logical block 512
572 [135130.122567] usb 6-1: reset full speed USB device using uhci_hcd and address 7
573 [135130.274551] usb 6-1: device firmware changed
574 [135130.274618] usb 6-1: USB disconnect, address 7
575 [135130.275186] VFS: busy inodes on changed media or resized disk sdb
576 [135130.275424] VFS: busy inodes on changed media or resized disk sdb
577 [135130.286758] VFS: busy inodes on changed media or resized disk sdb
578 [135130.292796] VFS: busy inodes on changed media or resized disk sdb
579 [135130.301481] VFS: busy inodes on changed media or resized disk sdb
580 [135130.304316] VFS: busy inodes on changed media or resized disk sdb
581 [135130.431113] usb 6-1: new full speed USB device using uhci_hcd and address 8
582 [135130.629444] usb-storage 6-1:1.0: Quirks match for vid 0483 pid 3744: 102a1
583 [135130.629492] scsi20 : usb-storage 6-1:1.0
584 [135131.625600] scsi 20:0:0:0: Direct-Access STM32 PQ: 0 ANSI: 0
585 [135131.627010] sd 20:0:0:0: Attached scsi generic sg2 type 0
586 [135131.633603] sd 20:0:0:0: [sdb] 64000 512-byte logical blocks: (32.7 MB/31.2 MiB)
587 [135131.633613] sd 20:0:0:0: [sdb] Assuming Write Enabled
588 [135131.633620] sd 20:0:0:0: [sdb] Assuming drive cache: write through
589 [135131.640584] sd 20:0:0:0: [sdb] Assuming Write Enabled
590 [135131.640592] sd 20:0:0:0: [sdb] Assuming drive cache: write through
592 [135131.652634] sd 20:0:0:0: [sdb] Assuming Write Enabled
593 [135131.652639] sd 20:0:0:0: [sdb] Assuming drive cache: write through
594 [135131.652645] sd 20:0:0:0: [sdb] Attached SCSI removable disk
595 [135131.671536] sd 20:0:0:0: [sdb] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
596 [135131.671548] sd 20:0:0:0: [sdb] Sense Key : Illegal Request [current]
597 [135131.671553] sd 20:0:0:0: [sdb] Add. Sense: Logical block address out of range
598 [135131.671560] sd 20:0:0:0: [sdb] CDB: Read(10): 28 00 00 00 f9 80 00 00 08 00
599 [135131.671570] end_request: I/O error, dev sdb, sector 63872
600 [135131.671575] Buffer I/O error on device sdb, logical block 7984
601 [135131.678527] sd 20:0:0:0: [sdb] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
602 [135131.678532] sd 20:0:0:0: [sdb] Sense Key : Illegal Request [current]
603 [135131.678537] sd 20:0:0:0: [sdb] Add. Sense: Logical block address out of range
604 [135131.678542] sd 20:0:0:0: [sdb] CDB: Read(10): 28 00 00 00 f9 80 00 00 08 00
605 [135131.678551] end_request: I/O error, dev sdb, sector 63872
607 [135131.853565] end_request: I/O error, dev sdb, sector 4096
611 void _stlink_sg_core_id(stlink_t *sl) {
612 struct stlink_libsg *sg = sl->backend_data;
614 sg->cdb_cmd_blk[1] = STLINK_DEBUG_READCOREID;
618 sl->core_id = read_uint32(sl->q_buf, 0);
621 // Arm-core reset -> halted state.
623 void _stlink_sg_reset(stlink_t *sl) {
624 struct stlink_libsg *sg = sl->backend_data;
626 sg->cdb_cmd_blk[1] = STLINK_DEBUG_RESETSYS;
630 stlink_stat(sl, "core reset");
633 // Arm-core status: halted or running.
635 void _stlink_sg_status(stlink_t *sl) {
636 struct stlink_libsg *sg = sl->backend_data;
637 DLOG("\n*** stlink_status ***\n");
639 sg->cdb_cmd_blk[1] = STLINK_DEBUG_GETSTATUS;
645 // Force the core into the debug mode -> halted state.
647 void _stlink_sg_force_debug(stlink_t *sl) {
648 struct stlink_libsg *sg = sl->backend_data;
649 DLOG("\n*** stlink_force_debug ***\n");
651 sg->cdb_cmd_blk[1] = STLINK_DEBUG_FORCEDEBUG;
655 stlink_stat(sl, "force debug");
658 // Read all arm-core registers.
660 void _stlink_sg_read_all_regs(stlink_t *sl, reg *regp) {
661 struct stlink_libsg *sg = sl->backend_data;
667 sg->cdb_cmd_blk[1] = STLINK_DEBUG_READALLREGS;
671 stlink_print_data(sl);
673 // TODO - most of this should be re-extracted up....
675 // 0-3 | 4-7 | ... | 60-63 | 64-67 | 68-71 | 72-75 | 76-79 | 80-83
676 // r0 | r1 | ... | r15 | xpsr | main_sp | process_sp | rw | rw2
677 for (int i = 0; i < 16; i++) {
678 sg->reg.r[i] = read_uint32(sl->q_buf, 4 * i);
680 DLOG("r%2d = 0x%08x\n", i, sg->reg.r[i]);
682 sg->reg.xpsr = read_uint32(sl->q_buf, 64);
683 sg->reg.main_sp = read_uint32(sl->q_buf, 68);
684 sg->reg.process_sp = read_uint32(sl->q_buf, 72);
685 sg->reg.rw = read_uint32(sl->q_buf, 76);
686 sg->reg.rw2 = read_uint32(sl->q_buf, 80);
690 DLOG("xpsr = 0x%08x\n", sg->reg.xpsr);
691 DLOG("main_sp = 0x%08x\n", sg->reg.main_sp);
692 DLOG("process_sp = 0x%08x\n", sg->reg.process_sp);
693 DLOG("rw = 0x%08x\n", sg->reg.rw);
694 DLOG("rw2 = 0x%08x\n", sg->reg.rw2);
697 // Read an arm-core register, the index must be in the range 0..20.
698 // 0 | 1 | ... | 15 | 16 | 17 | 18 | 19 | 20
699 // r0 | r1 | ... | r15 | xpsr | main_sp | process_sp | rw | rw2
701 void _stlink_sg_read_reg(stlink_t *sl, int r_idx, reg *regp) {
702 struct stlink_libsg *sg = sl->backend_data;
704 sg->cdb_cmd_blk[1] = STLINK_DEBUG_READREG;
705 sg->cdb_cmd_blk[2] = r_idx;
709 // 0 | 1 | ... | 15 | 16 | 17 | 18 | 19 | 20
710 // 0-3 | 4-7 | ... | 60-63 | 64-67 | 68-71 | 72-75 | 76-79 | 80-83
711 // r0 | r1 | ... | r15 | xpsr | main_sp | process_sp | rw | rw2
712 stlink_print_data(sl);
714 uint32_t r = read_uint32(sl->q_buf, 0);
715 DLOG("r_idx (%2d) = 0x%08x\n", r_idx, r);
725 regp->process_sp = r;
728 regp->rw = r; //XXX ?(primask, basemask etc.)
731 regp->rw2 = r; //XXX ?(primask, basemask etc.)
738 // Write an arm-core register. Index:
739 // 0 | 1 | ... | 15 | 16 | 17 | 18 | 19 | 20
740 // r0 | r1 | ... | r15 | xpsr | main_sp | process_sp | rw | rw2
742 void _stlink_sg_write_reg(stlink_t *sl, uint32_t reg, int idx) {
743 struct stlink_libsg *sg = sl->backend_data;
745 sg->cdb_cmd_blk[1] = STLINK_DEBUG_WRITEREG;
748 sg->cdb_cmd_blk[2] = idx;
749 write_uint32(sg->cdb_cmd_blk + 3, reg);
753 stlink_stat(sl, "write reg");
756 // Write a register of the debug module of the core.
757 // XXX ?(atomic writes)
760 void stlink_write_dreg(stlink_t *sl, uint32_t reg, uint32_t addr) {
761 struct stlink_libsg *sg = sl->backend_data;
762 DLOG("\n*** stlink_write_dreg ***\n");
764 sg->cdb_cmd_blk[1] = STLINK_DEBUG_WRITEDEBUGREG;
765 // 2-5: address of reg of the debug module
767 write_uint32(sg->cdb_cmd_blk + 2, addr);
768 write_uint32(sg->cdb_cmd_blk + 6, reg);
772 stlink_stat(sl, "write debug reg");
775 // Force the core exit the debug mode.
777 void _stlink_sg_run(stlink_t *sl) {
778 struct stlink_libsg *sg = sl->backend_data;
779 DLOG("\n*** stlink_run ***\n");
781 sg->cdb_cmd_blk[1] = STLINK_DEBUG_RUNCORE;
785 stlink_stat(sl, "run core");
788 // Step the arm-core.
790 void _stlink_sg_step(stlink_t *sl) {
791 struct stlink_libsg *sg = sl->backend_data;
793 sg->cdb_cmd_blk[1] = STLINK_DEBUG_STEPCORE;
797 stlink_stat(sl, "step core");
801 // see Cortex-M3 Technical Reference Manual
802 // TODO make delegate!
803 void stlink_set_hw_bp(stlink_t *sl, int fp_nr, uint32_t addr, int fp) {
804 DLOG("\n*** stlink_set_hw_bp ***\n");
805 struct stlink_libsg *sg = sl->backend_data;
807 sg->cdb_cmd_blk[1] = STLINK_DEBUG_SETFP;
808 // 2:The number of the flash patch used to set the breakpoint
809 // 3-6: Address of the breakpoint (LSB)
810 // 7: FP_ALL (0x02) / FP_UPPER (0x01) / FP_LOWER (0x00)
811 sl->q_buf[2] = fp_nr;
812 write_uint32(sl->q_buf, addr);
817 stlink_stat(sl, "set flash breakpoint");
822 // TODO make delegate!
823 void stlink_clr_hw_bp(stlink_t *sl, int fp_nr) {
824 struct stlink_libsg *sg = sl->backend_data;
825 DLOG("\n*** stlink_clr_hw_bp ***\n");
827 sg->cdb_cmd_blk[1] = STLINK_DEBUG_CLEARFP;
828 sg->cdb_cmd_blk[2] = fp_nr;
832 stlink_stat(sl, "clear flash breakpoint");
835 // Read a "len" bytes to the sl->q_buf from the memory, max 6kB (6144 bytes)
837 void _stlink_sg_read_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
838 struct stlink_libsg *sg = sl->backend_data;
840 sg->cdb_cmd_blk[1] = STLINK_DEBUG_READMEM_32BIT;
843 write_uint32(sg->cdb_cmd_blk + 2, addr);
844 write_uint16(sg->cdb_cmd_blk + 6, len);
846 // data_in 0-0x40-len
847 // !!! len _and_ q_len must be max 6k,
848 // i.e. >1024 * 6 = 6144 -> aboard)
849 // !!! if len < q_len: 64*k, 1024*n, n=1..5 -> aboard
850 // (broken residue issue)
854 stlink_print_data(sl);
857 // Write a "len" bytes from the sl->q_buf to the memory, max 64 Bytes.
859 void _stlink_sg_write_mem8(stlink_t *sl, uint32_t addr, uint16_t len) {
860 struct stlink_libsg *sg = sl->backend_data;
862 sg->cdb_cmd_blk[1] = STLINK_DEBUG_WRITEMEM_8BIT;
864 // 6-7: len (>0x40 (64) -> aboard)
865 write_uint32(sg->cdb_cmd_blk + 2, addr);
866 write_uint16(sg->cdb_cmd_blk + 6, len);
871 sg->q_data_dir = Q_DATA_OUT;
873 stlink_print_data(sl);
876 // Write a "len" bytes from the sl->q_buf to the memory, max Q_BUF_LEN bytes.
878 void _stlink_sg_write_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
879 struct stlink_libsg *sg = sl->backend_data;
881 sg->cdb_cmd_blk[1] = STLINK_DEBUG_WRITEMEM_32BIT;
883 // 6-7: len "unlimited"
884 write_uint32(sg->cdb_cmd_blk + 2, addr);
885 write_uint16(sg->cdb_cmd_blk + 6, len);
887 // data_out 0-0x40-...-len
890 sg->q_data_dir = Q_DATA_OUT;
892 stlink_print_data(sl);
895 #if 0 /* not working */
897 static int write_flash_mem16
898 (struct stlink* sl, uint32_t addr, uint16_t val) {
899 /* half word writes */
900 if (addr % 2) return -1;
902 /* unlock if locked */
905 /* set flash programming chosen bit */
908 write_uint16(sl->q_buf, val);
909 stlink_write_mem16(sl, addr, 2);
911 /* wait for non business */
916 /* check the programmed value back */
917 stlink_read_mem16(sl, addr, 2);
918 if (*(const uint16_t*) sl->q_buf != val) {
919 /* values differ at i * sizeof(uint16_t) */
926 #endif /* not working */
928 // Exit the jtag or swd mode and enter the mass mode.
930 void _stlink_sg_exit_debug_mode(stlink_t *stl) {
933 struct stlink_libsg* sl = stl->backend_data;
935 sl->cdb_cmd_blk[1] = STLINK_DEBUG_EXIT;
936 stl->q_len = 0; // >0 -> aboard
942 // 1) open a sg device, switch the stlink from dfu to mass mode
943 // 2) wait 5s until the kernel driver stops reseting the broken device
944 // 3) reopen the device
945 // 4) the device driver is now ready for a switch to jtag/swd mode
946 // TODO thinking, better error handling, wait until the kernel driver stops reseting the plugged-in device
948 stlink_backend_t _stlink_sg_backend = {
950 _stlink_sg_exit_debug_mode,
951 _stlink_sg_enter_swd_mode,
952 _stlink_sg_enter_jtag_mode,
953 _stlink_sg_exit_dfu_mode,
959 _stlink_sg_read_mem32,
960 _stlink_sg_write_mem32,
961 _stlink_sg_write_mem8,
962 _stlink_sg_read_all_regs,
964 _stlink_sg_write_reg,
966 _stlink_sg_current_mode,
967 _stlink_sg_force_debug
970 static stlink_t* stlink_open(const int verbose) {
972 stlink_t *sl = malloc(sizeof (stlink_t));
973 struct stlink_libsg *slsg = malloc(sizeof (struct stlink_libsg));
974 if (sl == NULL || slsg == NULL) {
975 WLOG("Couldn't malloc stlink and stlink_sg structures out of memory!\n");
979 if (libusb_init(&(slsg->libusb_ctx))) {
980 WLOG("failed to init libusb context, wrong version of libraries?\n");
986 libusb_set_debug(slsg->libusb_ctx, 3);
988 slsg->usb_handle = libusb_open_device_with_vid_pid(slsg->libusb_ctx, USB_ST_VID, USB_STLINK_PID);
989 if (slsg->usb_handle == NULL) {
990 WLOG("Failed to find an stlink v1 by VID:PID\n");
991 libusb_close(slsg->usb_handle);
998 // Could read the interface config descriptor, and assert lots of the assumptions
1000 // assumption: numInterfaces is always 1...
1001 if (libusb_kernel_driver_active(slsg->usb_handle, 0) == 1) {
1002 int r = libusb_detach_kernel_driver(slsg->usb_handle, 0);
1004 WLOG("libusb_detach_kernel_driver(() error %s\n", strerror(-r));
1005 libusb_close(slsg->usb_handle);
1010 DLOG("Kernel driver was successfully detached\n");
1014 if (libusb_get_configuration(slsg->usb_handle, &config)) {
1015 /* this may fail for a previous configured device */
1016 WLOG("libusb_get_configuration()\n");
1017 libusb_close(slsg->usb_handle);
1024 // assumption: bConfigurationValue is always 1
1026 WLOG("Your stlink got into a real weird configuration, trying to fix it!\n");
1027 DLOG("setting new configuration (%d -> 1)\n", config);
1028 if (libusb_set_configuration(slsg->usb_handle, 1)) {
1029 /* this may fail for a previous configured device */
1030 WLOG("libusb_set_configuration() failed\n");
1031 libusb_close(slsg->usb_handle);
1038 if (libusb_claim_interface(slsg->usb_handle, 0)) {
1039 WLOG("libusb_claim_interface() failed\n");
1040 libusb_close(slsg->usb_handle);
1046 // assumption: endpoint config is fixed mang. really.
1047 slsg->ep_rep = 1 /* ep rep */ | LIBUSB_ENDPOINT_IN;
1048 slsg->ep_req = 2 /* ep req */ | LIBUSB_ENDPOINT_OUT;
1050 DLOG("Successfully opened stlinkv1 by libusb :)\n");
1052 sl->verbose = verbose;
1053 sl->backend_data = slsg;
1054 sl->backend = &_stlink_sg_backend;
1056 sl->core_stat = STLINK_CORE_STAT_UNKNOWN;
1060 /* flash memory settings */
1061 sl->flash_base = STM32_FLASH_BASE;
1062 sl->flash_size = STM32_FLASH_SIZE;
1063 sl->flash_pgsz = STM32_FLASH_PGSZ;
1066 sl->sys_base = STM32_SYSTEM_BASE;
1067 sl->sys_size = STM32_SYSTEM_SIZE;
1069 /* sram memory settings */
1070 sl->sram_base = STM32_SRAM_BASE;
1071 sl->sram_size = STM32_SRAM_SIZE;
1078 stlink_t* stlink_v1_open(const int verbose) {
1080 stlink_t *sl = stlink_open(verbose);
1082 fputs("Error: could not open stlink device\n", stderr);
1088 if ((sl->version.st_vid != USB_ST_VID) || (sl->version.stlink_pid != USB_STLINK_PID)) {
1089 ugly_log(UERROR, LOG_TAG,
1090 "WTF? successfully opened, but unable to read version details. BROKEN!\n");
1094 DLOG("Reading current mode...\n");
1095 switch (stlink_current_mode(sl)) {
1096 case STLINK_DEV_MASS_MODE:
1098 case STLINK_DEV_DEBUG_MODE:
1103 DLOG("Attempting to exit DFU mode\n");
1104 _stlink_sg_exit_dfu_mode(sl);
1106 // exit the dfu mode -> the device is gone
1107 DLOG("\n*** reopen the stlink device ***\n");
1112 DLOG("Attempting to reopen the stlink...\n");
1113 sl = stlink_open(verbose);
1115 fputs("Error: could not open stlink device\n", stderr);
1118 // re-query device info
1123 static void __attribute__((unused)) mark_buf(stlink_t *sl) {
1125 sl->q_buf[0] = 0x12;
1126 sl->q_buf[1] = 0x34;
1127 sl->q_buf[2] = 0x56;
1128 sl->q_buf[3] = 0x78;
1129 sl->q_buf[4] = 0x90;
1130 sl->q_buf[15] = 0x42;
1131 sl->q_buf[16] = 0x43;
1132 sl->q_buf[63] = 0x42;
1133 sl->q_buf[64] = 0x43;
1134 sl->q_buf[1024 * 6 - 1] = 0x42; //6kB
1135 sl->q_buf[1024 * 8 - 1] = 0x42; //8kB