2 Copyright (c) 2010 "Capt'ns Missing Link" Authors. All rights reserved.
3 Use of this source code is governed by a BSD-style
4 license that can be found in the LICENSE file.
6 A linux stlink access demo. The purpose of this file is to mitigate the usual
7 "reinventing the wheel" force by incompatible licenses and give you an idea,
8 how to access the stlink device. That doesn't mean you should be a free-loader
9 and not contribute your improvements to this code.
11 Author: Martin Capitanio <m@capitanio.org>
12 The stlink related constants kindly provided by Oliver Spencer (OpenOCD)
13 for use in a GPL compatible license.
15 Tested compatibility: linux, gcc >= 4.3.3
17 The communication is based on standard USB mass storage device
18 BOT (Bulk Only Transfer)
19 - Endpoint 1: BULK_IN, 64 bytes max
20 - Endpoint 2: BULK_OUT, 64 bytes max
22 All CBW transfers are ordered with the LSB (byte 0) first (little endian).
23 Any command must be answered before sending the next command.
24 Each USB transfer must complete in less than 1s.
26 SB Device Class Definition for Mass Storage Devices:
27 www.usb.org/developers/devclass_docs/usbmassbulk_10.pdf
29 dt - Data Transfer (IN/OUT)
30 CBW - Command Block Wrapper
31 CSW - Command Status Wrapper
32 RFU - Reserved for Future Use
34 Originally, this driver used scsi pass through commands, which required the
35 usb-storage module to be loaded, providing the /dev/sgX links. The USB mass
36 storage implementation on the STLinkv1 is however terribly broken, and it can
37 take many minutes for the kernel to give up.
39 However, in Nov 2011, the scsi pass through was replaced by raw libusb, so
40 instead of having to let usb-storage struggle with the device, and also greatly
41 limiting the portability of the driver, you can now tell usb-storage to simply
42 ignore this device completely.
45 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob_plain;f=Documentation/kernel-parameters.txt
46 Each entry has the form VID:PID:Flags where VID and PID are Vendor and Product
47 ID values (4-digit hex numbers) and Flags is a set of characters, each corresponding
48 to a common usb-storage quirk flag as follows:
50 a = SANE_SENSE (collect more than 18 bytes of sense data);
51 b = BAD_SENSE (don't collect more than 18 bytes of sense data);
52 c = FIX_CAPACITY (decrease the reported device capacity by one sector);
53 h = CAPACITY_HEURISTICS (decrease the reported device capacity by one sector if the number is odd);
54 i = IGNORE_DEVICE (don't bind to this device);
55 l = NOT_LOCKABLE (don't try to lock and unlock ejectable media);
56 m = MAX_SECTORS_64 (don't transfer more than 64 sectors = 32 KB at a time);
57 o = CAPACITY_OK (accept the capacity reported by the device);
58 r = IGNORE_RESIDUE (the device reports bogus residue values);
59 s = SINGLE_LUN (the device has only one Logical Unit);
60 w = NO_WP_DETECT (don't test whether the medium is write-protected).
62 Example: quirks=0419:aaf5:rl,0421:0433:rc
63 http://permalink.gmane.org/gmane.linux.usb.general/35053
65 For the stlinkv1, you just want the following
67 modprobe -r usb-storage && modprobe usb-storage quirks=483:3744:i
69 Equivalently, you can add a line saying
71 options usb-storage quirks=483:3744:i
73 to your /etc/modprobe.conf or /etc/modprobe.d/local.conf (or add the "quirks=..."
74 part to an existing options line for usb-storage).
86 #include <sys/types.h>
90 #include "stlink-common.h"
91 #include "stlink-sg.h"
92 #include "uglylogging.h"
94 #define LOG_TAG __FILE__
95 #define DLOG(format, args...) ugly_log(UDEBUG, LOG_TAG, format, ## args)
96 #define ILOG(format, args...) ugly_log(UINFO, LOG_TAG, format, ## args)
97 #define WLOG(format, args...) ugly_log(UWARN, LOG_TAG, format, ## args)
98 #define fatal(format, args...) ugly_log(UFATAL, LOG_TAG, format, ## args)
100 // Suspends execution of the calling process for
101 // (at least) ms milliseconds.
103 static void delay(int ms) {
104 //fprintf(stderr, "*** wait %d ms\n", ms);
108 static void clear_cdb(struct stlink_libsg *sl) {
109 for (size_t i = 0; i < sizeof (sl->cdb_cmd_blk); i++)
110 sl->cdb_cmd_blk[i] = 0;
112 sl->cdb_cmd_blk[0] = STLINK_DEBUG_COMMAND;
113 sl->q_data_dir = Q_DATA_IN;
116 // close the device, free the allocated memory
118 void _stlink_sg_close(stlink_t *sl) {
121 struct stlink_libsg *slsg = sl->backend_data;
122 scsi_pt_close_device(slsg->sg_fd);
128 static int get_usb_mass_storage_status(libusb_device_handle *handle, uint8_t endpoint, uint32_t *tag)
130 unsigned char csw[13];
131 memset(csw, 0, sizeof(csw));
136 ret = libusb_bulk_transfer(handle, endpoint, (unsigned char *)&csw, sizeof(csw),
137 &transferred, SG_TIMEOUT_MSEC);
138 if (ret == LIBUSB_ERROR_PIPE) {
139 libusb_clear_halt(handle, endpoint);
142 } while ((ret == LIBUSB_ERROR_PIPE) && (try < 3));
143 if (ret != LIBUSB_SUCCESS) {
144 fprintf(stderr, "%s: receiving failed: %d\n", __func__, ret);
147 if (transferred != sizeof(csw)) {
148 fprintf(stderr, "%s: received unexpected amount: %d\n", __func__, transferred);
152 uint32_t rsig = read_uint32(csw, 0);
153 uint32_t rtag = read_uint32(csw, 4);
154 uint32_t residue = read_uint32(csw, 8);
155 #define USB_CSW_SIGNATURE 0x53425355 // 'U' 'S' 'B' 'S' (reversed)
156 if (rsig != USB_CSW_SIGNATURE) {
157 WLOG("status signature was invalid: %#x\n", rsig);
160 DLOG("residue was= %#x\n", residue);
162 uint8_t rstatus = csw[12];
163 DLOG("rstatus = %x\n", rstatus);
167 static int dump_CDB_command(uint8_t *cdb, uint8_t cdb_len) {
169 char *dbugp = dbugblah;
170 dbugp += sprintf(dbugp, "Sending CDB [");
171 for (uint8_t i = 0; i < cdb_len; i++) {
172 dbugp += sprintf(dbugp, " %#02x", (unsigned int) cdb[i]);
174 sprintf(dbugp, "]\n");
180 * Wraps a CDB mass storage command in the appropriate gunk to get it down
187 * @param expected_rx_size
190 int send_usb_mass_storage_command(libusb_device_handle *handle, uint8_t endpoint_out,
191 uint8_t *cdb, uint8_t cdb_length,
192 uint8_t lun, uint8_t flags, uint32_t expected_rx_size) {
193 DLOG("Sending usb m-s cmd: cdblen:%d, rxsize=%d\n", cdb_length, expected_rx_size);
194 dump_CDB_command(cdb, cdb_length);
203 int real_transferred;
206 uint8_t c_buf[STLINK_SG_SIZE];
207 // tag is allegedly ignored... TODO - verify
212 write_uint32(&c_buf[i], tag);
213 uint32_t this_tag = tag++;
214 write_uint32(&c_buf[i+4], expected_rx_size);
219 c_buf[i++] = cdb_length;
221 // Now the actual CDB request
222 assert(cdb_length <= CDB_SL);
223 memcpy(&(c_buf[i]), cdb, cdb_length);
225 int sending_length = STLINK_SG_SIZE;
226 DLOG("sending length set to: %d\n", sending_length);
230 DLOG("attempting tx...\n");
231 ret = libusb_bulk_transfer(handle, endpoint_out, c_buf, sending_length,
232 &real_transferred, SG_TIMEOUT_MSEC);
233 if (ret == LIBUSB_ERROR_PIPE) {
234 libusb_clear_halt(handle, endpoint_out);
237 } while ((ret == LIBUSB_ERROR_PIPE) && (try < 3));
238 if (ret != LIBUSB_SUCCESS) {
239 WLOG("sending failed: %d\n", ret);
242 DLOG("Actually sent: %d, returning tag: %d\n", real_transferred, tag);
248 * Straight from stm8 stlink code...
251 * @param endpoint_out
254 get_sense(libusb_device_handle *handle, uint8_t endpoint_in, uint8_t endpoint_out)
256 DLOG("Fetching sense...\n");
258 memset(cdb, 0, sizeof(cdb));
259 #define REQUEST_SENSE 0x03
260 #define REQUEST_SENSE_LENGTH 18
261 cdb[0] = REQUEST_SENSE;
262 cdb[4] = REQUEST_SENSE_LENGTH;
263 uint32_t tag = send_usb_mass_storage_command(handle, endpoint_out, cdb, sizeof(cdb), 0,
264 LIBUSB_ENDPOINT_IN, REQUEST_SENSE_LENGTH);
266 WLOG("refusing to send request sense with tag 0\n");
269 unsigned char sense[REQUEST_SENSE_LENGTH];
274 ret = libusb_bulk_transfer(handle, endpoint_in, sense, sizeof(sense),
275 &transferred, SG_TIMEOUT_MSEC);
276 if (ret == LIBUSB_ERROR_PIPE) {
277 libusb_clear_halt(handle, endpoint_in);
280 } while ((ret == LIBUSB_ERROR_PIPE) && (try < 3));
281 if (ret != LIBUSB_SUCCESS) {
282 WLOG("receiving sense failed: %d\n", ret);
285 if (transferred != sizeof(sense)) {
286 WLOG("received unexpected amount of sense: %d != %d\n", transferred, sizeof(sense));
288 uint32_t received_tag;
289 int status = get_usb_mass_storage_status(handle, endpoint_in, &received_tag);
291 WLOG("receiving sense failed with status: %02x\n", status);
294 if (sense[0] != 0x70 && sense[0] != 0x71) {
295 WLOG("No sense data\n");
297 WLOG("Sense KCQ: %02X %02X %02X\n", sense[2] & 0x0f, sense[12], sense[13]);
302 //TODO rewrite/cleanup, save the error in sl
305 static void stlink_confirm_inq(stlink_t *stl, struct sg_pt_base *ptvp) {
306 struct stlink_libsg *sl = stl->backend_data;
307 const int e = sl->do_scsi_pt_err;
309 fprintf(stderr, "scsi_pt error: pass through os error: %s\n",
312 } else if (e == SCSI_PT_DO_BAD_PARAMS) {
313 fprintf(stderr, "scsi_pt error: bad pass through setup\n");
315 } else if (e == SCSI_PT_DO_TIMEOUT) {
316 fprintf(stderr, " pass through timeout\n");
319 const int duration = get_scsi_pt_duration_ms(ptvp);
320 if ((stl->verbose > 1) && (duration >= 0))
321 DLOG(" duration=%d ms\n", duration);
323 // XXX stlink fw sends broken residue, so ignore it and use the known q_len
324 // "usb-storage quirks=483:3744:r"
325 // forces residue to be ignored and calculated, but this causes aboard if
326 // data_len = 0 and by some other data_len values.
328 const int resid = get_scsi_pt_resid(ptvp);
329 const int dsize = stl->q_len - resid;
331 const int cat = get_scsi_pt_result_category(ptvp);
336 case SCSI_PT_RESULT_GOOD:
337 if (stl->verbose && (resid > 0))
338 DLOG(" notice: requested %d bytes but "
339 "got %d bytes, ignore [broken] residue = %d\n",
340 stl->q_len, dsize, resid);
342 case SCSI_PT_RESULT_STATUS:
344 sg_get_scsi_status_str(
345 get_scsi_pt_status_response(ptvp), sizeof (buf),
347 DLOG(" scsi status: %s\n", buf);
350 case SCSI_PT_RESULT_SENSE:
351 slen = get_scsi_pt_sense_len(ptvp);
353 sg_get_sense_str("", sl->sense_buf, slen, (stl->verbose
354 > 1), sizeof (buf), buf);
357 if (stl->verbose && (resid > 0)) {
358 if ((stl->verbose) || (stl->q_len > 0))
359 DLOG(" requested %d bytes but "
360 "got %d bytes\n", stl->q_len, dsize);
363 case SCSI_PT_RESULT_TRANSPORT_ERR:
365 get_scsi_pt_transport_err_str(ptvp, sizeof (buf), buf);
366 // http://tldp.org/HOWTO/SCSI-Generic-HOWTO/x291.html
367 // These codes potentially come from the firmware on a host adapter
368 // or from one of several hosts that an adapter driver controls.
369 // The 'host_status' field has the following values:
370 // [0x07] Internal error detected in the host adapter.
371 // This may not be fatal (and the command may have succeeded).
372 DLOG(" transport: %s", buf);
375 case SCSI_PT_RESULT_OS_ERR:
377 get_scsi_pt_os_err_str(ptvp, sizeof (buf), buf);
378 DLOG(" os: %s", buf);
382 fprintf(stderr, " unknown pass through result "
383 "category (%d)\n", cat);
389 * Just send a buffer on an endpoint, no questions asked.
390 * Handles repeats, and time outs. Also handles reading status reports and sense
391 * @param handle libusb device *
392 * @param endpoint_out sends
393 * @param endpoint_in used to read status reports back in
394 * @param cbuf what to send
395 * @param length how much to send
396 * @return number of bytes actually sent, or -1 for failures.
398 int send_usb_data_only(libusb_device_handle *handle, unsigned char endpoint_out,
399 unsigned char endpoint_in, unsigned char *cbuf, unsigned int length) {
401 int real_transferred;
404 DLOG("attempting tx...\n");
405 ret = libusb_bulk_transfer(handle, endpoint_out, cbuf, length,
406 &real_transferred, SG_TIMEOUT_MSEC);
407 if (ret == LIBUSB_ERROR_PIPE) {
408 libusb_clear_halt(handle, endpoint_out);
411 } while ((ret == LIBUSB_ERROR_PIPE) && (try < 3));
412 if (ret != LIBUSB_SUCCESS) {
413 WLOG("sending failed: %d\n", ret);
416 DLOG("Actually sent: %d\n", real_transferred);
418 // now, swallow up the status, so that things behave nicely...
419 uint32_t received_tag;
420 // -ve is for my errors, 0 is good, +ve is libusb sense status bytes
421 int status = get_usb_mass_storage_status(handle, endpoint_in, &received_tag);
423 WLOG("receiving status failed: %d\n", status);
427 WLOG("receiving status not passed :(: %02x\n", status);
430 get_sense(handle, endpoint_in, endpoint_out);
434 return real_transferred;
438 int stlink_q(stlink_t *sl) {
439 struct stlink_libsg* sg = sl->backend_data;
440 //uint8_t cdb_len = 6; // FIXME varies!!!
441 uint8_t cdb_len = 10; // FIXME varies!!!
442 uint8_t lun = 0; // always zero...
443 uint32_t tag = send_usb_mass_storage_command(sg->usb_handle, sg->ep_req,
444 sg->cdb_cmd_blk, cdb_len, lun, LIBUSB_ENDPOINT_IN, sl->q_len);
447 // now wait for our response...
448 // length copied from stlink-usb...
449 int rx_length = sl->q_len;
451 int real_transferred;
455 DLOG("attempting rx\n");
456 ret = libusb_bulk_transfer(sg->usb_handle, sg->ep_rep, sl->q_buf, rx_length,
457 &real_transferred, SG_TIMEOUT_MSEC);
458 if (ret == LIBUSB_ERROR_PIPE) {
459 libusb_clear_halt(sg->usb_handle, sg->ep_req);
462 } while ((ret == LIBUSB_ERROR_PIPE) && (try < 3));
464 if (ret != LIBUSB_SUCCESS) {
465 WLOG("Receiving failed: %d\n", ret);
469 if (real_transferred != rx_length) {
470 WLOG("received unexpected amount: %d != %d\n", real_transferred, rx_length);
474 uint32_t received_tag;
475 // -ve is for my errors, 0 is good, +ve is libusb sense status bytes
476 int status = get_usb_mass_storage_status(sg->usb_handle, sg->ep_rep, &received_tag);
478 WLOG("receiving status failed: %d\n", status);
482 WLOG("receiving status not passed :(: %02x\n", status);
485 get_sense(sg->usb_handle, sg->ep_rep, sg->ep_req);
488 if (received_tag != tag) {
489 WLOG("received tag %d but expected %d\n", received_tag, tag);
492 if (rx_length > 0 && real_transferred != rx_length) {
498 DLOG("Actually received: %d\n", real_transferred);
501 // Get control command descriptor of scsi structure,
502 // (one object per command!!)
503 struct sg_pt_base *ptvp = construct_scsi_pt_obj();
505 fprintf(stderr, "construct_scsi_pt_obj: out of memory\n");
509 set_scsi_pt_cdb(ptvp, sg->cdb_cmd_blk, sizeof (sg->cdb_cmd_blk));
511 // set buffer for sense (error information) data
512 set_scsi_pt_sense(ptvp, sg->sense_buf, sizeof (sg->sense_buf));
514 // Set a buffer to be used for data transferred from device
515 if (sg->q_data_dir == Q_DATA_IN) {
517 set_scsi_pt_data_in(ptvp, sl->q_buf, sl->q_len);
519 set_scsi_pt_data_out(ptvp, sl->q_buf, sl->q_len);
521 // Executes SCSI command (or at least forwards it to lower layers).
522 sg->do_scsi_pt_err = do_scsi_pt(ptvp, sg->sg_fd, SG_TIMEOUT_SEC,
525 // check for scsi errors
526 stlink_confirm_inq(sl, ptvp);
527 // TODO recycle: clear_scsi_pt_obj(struct sg_pt_base * objp);
528 destruct_scsi_pt_obj(ptvp);
532 // TODO thinking, cleanup
534 void stlink_stat(stlink_t *stl, char *txt) {
538 stlink_print_data(stl);
540 switch (stl->q_buf[0]) {
542 DLOG(" %s: ok\n", txt);
545 DLOG(" %s: false\n", txt);
548 DLOG(" %s: unknown\n", txt);
553 void _stlink_sg_version(stlink_t *stl) {
554 struct stlink_libsg *sl = stl->backend_data;
555 DLOG("\n*** stlink_version ***\n");
557 sl->cdb_cmd_blk[0] = STLINK_GET_VERSION;
561 // HACK use my own private version right now...
566 // STLINK_DEV_DFU_MODE || STLINK_DEV_MASS_MODE || STLINK_DEV_DEBUG_MODE
567 // usb dfu || usb mass || jtag or swd
569 int _stlink_sg_current_mode(stlink_t *stl) {
570 struct stlink_libsg *sl = stl->backend_data;
572 sl->cdb_cmd_blk[0] = STLINK_GET_CURRENT_MODE;
576 return stl->q_buf[0];
579 // Exit the mass mode and enter the swd debug mode.
581 void _stlink_sg_enter_swd_mode(stlink_t *sl) {
582 struct stlink_libsg *sg = sl->backend_data;
584 sg->cdb_cmd_blk[1] = STLINK_DEBUG_ENTER;
585 sg->cdb_cmd_blk[2] = STLINK_DEBUG_ENTER_SWD;
586 sl->q_len = 0; // >0 -> aboard
590 // Exit the mass mode and enter the jtag debug mode.
591 // (jtag is disabled in the discovery's stlink firmware)
593 void _stlink_sg_enter_jtag_mode(stlink_t *sl) {
594 struct stlink_libsg *sg = sl->backend_data;
595 DLOG("\n*** stlink_enter_jtag_mode ***\n");
597 sg->cdb_cmd_blk[1] = STLINK_DEBUG_ENTER;
598 sg->cdb_cmd_blk[2] = STLINK_DEBUG_ENTER_JTAG;
603 // XXX kernel driver performs reset, the device temporally disappears
605 void _stlink_sg_exit_dfu_mode(stlink_t *sl) {
606 struct stlink_libsg *sg = sl->backend_data;
607 DLOG("\n*** stlink_exit_dfu_mode ***\n");
609 sg->cdb_cmd_blk[0] = STLINK_DFU_COMMAND;
610 sg->cdb_cmd_blk[1] = STLINK_DFU_EXIT;
614 [135121.844564] sd 19:0:0:0: [sdb] Unhandled error code
615 [135121.844569] sd 19:0:0:0: [sdb] Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK
616 [135121.844574] sd 19:0:0:0: [sdb] CDB: Read(10): 28 00 00 00 10 00 00 00 08 00
617 [135121.844584] end_request: I/O error, dev sdb, sector 4096
618 [135121.844590] Buffer I/O error on device sdb, logical block 512
619 [135130.122567] usb 6-1: reset full speed USB device using uhci_hcd and address 7
620 [135130.274551] usb 6-1: device firmware changed
621 [135130.274618] usb 6-1: USB disconnect, address 7
622 [135130.275186] VFS: busy inodes on changed media or resized disk sdb
623 [135130.275424] VFS: busy inodes on changed media or resized disk sdb
624 [135130.286758] VFS: busy inodes on changed media or resized disk sdb
625 [135130.292796] VFS: busy inodes on changed media or resized disk sdb
626 [135130.301481] VFS: busy inodes on changed media or resized disk sdb
627 [135130.304316] VFS: busy inodes on changed media or resized disk sdb
628 [135130.431113] usb 6-1: new full speed USB device using uhci_hcd and address 8
629 [135130.629444] usb-storage 6-1:1.0: Quirks match for vid 0483 pid 3744: 102a1
630 [135130.629492] scsi20 : usb-storage 6-1:1.0
631 [135131.625600] scsi 20:0:0:0: Direct-Access STM32 PQ: 0 ANSI: 0
632 [135131.627010] sd 20:0:0:0: Attached scsi generic sg2 type 0
633 [135131.633603] sd 20:0:0:0: [sdb] 64000 512-byte logical blocks: (32.7 MB/31.2 MiB)
634 [135131.633613] sd 20:0:0:0: [sdb] Assuming Write Enabled
635 [135131.633620] sd 20:0:0:0: [sdb] Assuming drive cache: write through
636 [135131.640584] sd 20:0:0:0: [sdb] Assuming Write Enabled
637 [135131.640592] sd 20:0:0:0: [sdb] Assuming drive cache: write through
639 [135131.652634] sd 20:0:0:0: [sdb] Assuming Write Enabled
640 [135131.652639] sd 20:0:0:0: [sdb] Assuming drive cache: write through
641 [135131.652645] sd 20:0:0:0: [sdb] Attached SCSI removable disk
642 [135131.671536] sd 20:0:0:0: [sdb] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
643 [135131.671548] sd 20:0:0:0: [sdb] Sense Key : Illegal Request [current]
644 [135131.671553] sd 20:0:0:0: [sdb] Add. Sense: Logical block address out of range
645 [135131.671560] sd 20:0:0:0: [sdb] CDB: Read(10): 28 00 00 00 f9 80 00 00 08 00
646 [135131.671570] end_request: I/O error, dev sdb, sector 63872
647 [135131.671575] Buffer I/O error on device sdb, logical block 7984
648 [135131.678527] sd 20:0:0:0: [sdb] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
649 [135131.678532] sd 20:0:0:0: [sdb] Sense Key : Illegal Request [current]
650 [135131.678537] sd 20:0:0:0: [sdb] Add. Sense: Logical block address out of range
651 [135131.678542] sd 20:0:0:0: [sdb] CDB: Read(10): 28 00 00 00 f9 80 00 00 08 00
652 [135131.678551] end_request: I/O error, dev sdb, sector 63872
654 [135131.853565] end_request: I/O error, dev sdb, sector 4096
658 void _stlink_sg_core_id(stlink_t *sl) {
659 struct stlink_libsg *sg = sl->backend_data;
661 sg->cdb_cmd_blk[1] = STLINK_DEBUG_READCOREID;
665 sl->core_id = read_uint32(sl->q_buf, 0);
668 // Arm-core reset -> halted state.
670 void _stlink_sg_reset(stlink_t *sl) {
671 struct stlink_libsg *sg = sl->backend_data;
673 sg->cdb_cmd_blk[1] = STLINK_DEBUG_RESETSYS;
677 stlink_stat(sl, "core reset");
680 // Arm-core status: halted or running.
682 void _stlink_sg_status(stlink_t *sl) {
683 struct stlink_libsg *sg = sl->backend_data;
684 DLOG("\n*** stlink_status ***\n");
686 sg->cdb_cmd_blk[1] = STLINK_DEBUG_GETSTATUS;
692 // Force the core into the debug mode -> halted state.
694 void _stlink_sg_force_debug(stlink_t *sl) {
695 struct stlink_libsg *sg = sl->backend_data;
696 DLOG("\n*** stlink_force_debug ***\n");
698 sg->cdb_cmd_blk[1] = STLINK_DEBUG_FORCEDEBUG;
702 stlink_stat(sl, "force debug");
705 // Read all arm-core registers.
707 void _stlink_sg_read_all_regs(stlink_t *sl, reg *regp) {
708 struct stlink_libsg *sg = sl->backend_data;
714 sg->cdb_cmd_blk[1] = STLINK_DEBUG_READALLREGS;
718 stlink_print_data(sl);
720 // TODO - most of this should be re-extracted up....
722 // 0-3 | 4-7 | ... | 60-63 | 64-67 | 68-71 | 72-75 | 76-79 | 80-83
723 // r0 | r1 | ... | r15 | xpsr | main_sp | process_sp | rw | rw2
724 for (int i = 0; i < 16; i++) {
725 sg->reg.r[i] = read_uint32(sl->q_buf, 4 * i);
727 DLOG("r%2d = 0x%08x\n", i, sg->reg.r[i]);
729 sg->reg.xpsr = read_uint32(sl->q_buf, 64);
730 sg->reg.main_sp = read_uint32(sl->q_buf, 68);
731 sg->reg.process_sp = read_uint32(sl->q_buf, 72);
732 sg->reg.rw = read_uint32(sl->q_buf, 76);
733 sg->reg.rw2 = read_uint32(sl->q_buf, 80);
737 DLOG("xpsr = 0x%08x\n", sg->reg.xpsr);
738 DLOG("main_sp = 0x%08x\n", sg->reg.main_sp);
739 DLOG("process_sp = 0x%08x\n", sg->reg.process_sp);
740 DLOG("rw = 0x%08x\n", sg->reg.rw);
741 DLOG("rw2 = 0x%08x\n", sg->reg.rw2);
744 // Read an arm-core register, the index must be in the range 0..20.
745 // 0 | 1 | ... | 15 | 16 | 17 | 18 | 19 | 20
746 // r0 | r1 | ... | r15 | xpsr | main_sp | process_sp | rw | rw2
748 void _stlink_sg_read_reg(stlink_t *sl, int r_idx, reg *regp) {
749 struct stlink_libsg *sg = sl->backend_data;
751 sg->cdb_cmd_blk[1] = STLINK_DEBUG_READREG;
752 sg->cdb_cmd_blk[2] = r_idx;
756 // 0 | 1 | ... | 15 | 16 | 17 | 18 | 19 | 20
757 // 0-3 | 4-7 | ... | 60-63 | 64-67 | 68-71 | 72-75 | 76-79 | 80-83
758 // r0 | r1 | ... | r15 | xpsr | main_sp | process_sp | rw | rw2
759 stlink_print_data(sl);
761 uint32_t r = read_uint32(sl->q_buf, 0);
762 DLOG("r_idx (%2d) = 0x%08x\n", r_idx, r);
772 regp->process_sp = r;
775 regp->rw = r; //XXX ?(primask, basemask etc.)
778 regp->rw2 = r; //XXX ?(primask, basemask etc.)
785 // Write an arm-core register. Index:
786 // 0 | 1 | ... | 15 | 16 | 17 | 18 | 19 | 20
787 // r0 | r1 | ... | r15 | xpsr | main_sp | process_sp | rw | rw2
789 void _stlink_sg_write_reg(stlink_t *sl, uint32_t reg, int idx) {
790 struct stlink_libsg *sg = sl->backend_data;
792 sg->cdb_cmd_blk[1] = STLINK_DEBUG_WRITEREG;
795 sg->cdb_cmd_blk[2] = idx;
796 write_uint32(sg->cdb_cmd_blk + 3, reg);
800 stlink_stat(sl, "write reg");
803 // Write a register of the debug module of the core.
804 // XXX ?(atomic writes)
807 void stlink_write_dreg(stlink_t *sl, uint32_t reg, uint32_t addr) {
808 struct stlink_libsg *sg = sl->backend_data;
809 DLOG("\n*** stlink_write_dreg ***\n");
811 sg->cdb_cmd_blk[1] = STLINK_DEBUG_WRITEDEBUGREG;
812 // 2-5: address of reg of the debug module
814 write_uint32(sg->cdb_cmd_blk + 2, addr);
815 write_uint32(sg->cdb_cmd_blk + 6, reg);
819 stlink_stat(sl, "write debug reg");
822 // Force the core exit the debug mode.
824 void _stlink_sg_run(stlink_t *sl) {
825 struct stlink_libsg *sg = sl->backend_data;
826 DLOG("\n*** stlink_run ***\n");
828 sg->cdb_cmd_blk[1] = STLINK_DEBUG_RUNCORE;
832 stlink_stat(sl, "run core");
835 // Step the arm-core.
837 void _stlink_sg_step(stlink_t *sl) {
838 struct stlink_libsg *sg = sl->backend_data;
840 sg->cdb_cmd_blk[1] = STLINK_DEBUG_STEPCORE;
844 stlink_stat(sl, "step core");
848 // see Cortex-M3 Technical Reference Manual
849 // TODO make delegate!
850 void stlink_set_hw_bp(stlink_t *sl, int fp_nr, uint32_t addr, int fp) {
851 DLOG("\n*** stlink_set_hw_bp ***\n");
852 struct stlink_libsg *sg = sl->backend_data;
854 sg->cdb_cmd_blk[1] = STLINK_DEBUG_SETFP;
855 // 2:The number of the flash patch used to set the breakpoint
856 // 3-6: Address of the breakpoint (LSB)
857 // 7: FP_ALL (0x02) / FP_UPPER (0x01) / FP_LOWER (0x00)
858 sl->q_buf[2] = fp_nr;
859 write_uint32(sl->q_buf, addr);
864 stlink_stat(sl, "set flash breakpoint");
869 // TODO make delegate!
870 void stlink_clr_hw_bp(stlink_t *sl, int fp_nr) {
871 struct stlink_libsg *sg = sl->backend_data;
872 DLOG("\n*** stlink_clr_hw_bp ***\n");
874 sg->cdb_cmd_blk[1] = STLINK_DEBUG_CLEARFP;
875 sg->cdb_cmd_blk[2] = fp_nr;
879 stlink_stat(sl, "clear flash breakpoint");
882 // Read a "len" bytes to the sl->q_buf from the memory, max 6kB (6144 bytes)
884 void _stlink_sg_read_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
885 struct stlink_libsg *sg = sl->backend_data;
887 sg->cdb_cmd_blk[1] = STLINK_DEBUG_READMEM_32BIT;
890 write_uint32(sg->cdb_cmd_blk + 2, addr);
891 write_uint16(sg->cdb_cmd_blk + 6, len);
893 // data_in 0-0x40-len
894 // !!! len _and_ q_len must be max 6k,
895 // i.e. >1024 * 6 = 6144 -> aboard)
896 // !!! if len < q_len: 64*k, 1024*n, n=1..5 -> aboard
897 // (broken residue issue)
901 stlink_print_data(sl);
904 // Write a "len" bytes from the sl->q_buf to the memory, max 64 Bytes.
906 void _stlink_sg_write_mem8(stlink_t *sl, uint32_t addr, uint16_t len) {
907 struct stlink_libsg *sg = sl->backend_data;
909 sg->cdb_cmd_blk[1] = STLINK_DEBUG_WRITEMEM_8BIT;
911 // 6-7: len (>0x40 (64) -> aboard)
912 write_uint32(sg->cdb_cmd_blk + 2, addr);
913 write_uint16(sg->cdb_cmd_blk + 6, len);
915 // this sends the command...
916 send_usb_mass_storage_command(sg->usb_handle, sg->ep_req, sg->cdb_cmd_blk, CDB_SL, 0, 0, 0);
917 // This sends the data...
918 send_usb_data_only(sg->usb_handle, sg->ep_req, sg->ep_rep, sl->q_buf, len);
919 stlink_print_data(sl);
922 // Write a "len" bytes from the sl->q_buf to the memory, max Q_BUF_LEN bytes.
924 void _stlink_sg_write_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
925 struct stlink_libsg *sg = sl->backend_data;
927 sg->cdb_cmd_blk[1] = STLINK_DEBUG_WRITEMEM_32BIT;
929 // 6-7: len "unlimited"
930 write_uint32(sg->cdb_cmd_blk + 2, addr);
931 write_uint16(sg->cdb_cmd_blk + 6, len);
933 // this sends the command...
934 send_usb_mass_storage_command(sg->usb_handle, sg->ep_req, sg->cdb_cmd_blk, CDB_SL, 0, 0, 0);
935 // This sends the data...
936 send_usb_data_only(sg->usb_handle, sg->ep_req, sg->ep_rep, sl->q_buf, len);
938 stlink_print_data(sl);
941 #if 0 /* not working */
943 static int write_flash_mem16
944 (struct stlink* sl, uint32_t addr, uint16_t val) {
945 /* half word writes */
946 if (addr % 2) return -1;
948 /* unlock if locked */
951 /* set flash programming chosen bit */
954 write_uint16(sl->q_buf, val);
955 stlink_write_mem16(sl, addr, 2);
957 /* wait for non business */
962 /* check the programmed value back */
963 stlink_read_mem16(sl, addr, 2);
964 if (*(const uint16_t*) sl->q_buf != val) {
965 /* values differ at i * sizeof(uint16_t) */
972 #endif /* not working */
974 // Exit the jtag or swd mode and enter the mass mode.
976 void _stlink_sg_exit_debug_mode(stlink_t *stl) {
979 struct stlink_libsg* sl = stl->backend_data;
981 sl->cdb_cmd_blk[1] = STLINK_DEBUG_EXIT;
982 stl->q_len = 0; // >0 -> aboard
988 // 1) open a sg device, switch the stlink from dfu to mass mode
989 // 2) wait 5s until the kernel driver stops reseting the broken device
990 // 3) reopen the device
991 // 4) the device driver is now ready for a switch to jtag/swd mode
992 // TODO thinking, better error handling, wait until the kernel driver stops reseting the plugged-in device
994 stlink_backend_t _stlink_sg_backend = {
996 _stlink_sg_exit_debug_mode,
997 _stlink_sg_enter_swd_mode,
998 _stlink_sg_enter_jtag_mode,
999 _stlink_sg_exit_dfu_mode,
1005 _stlink_sg_read_mem32,
1006 _stlink_sg_write_mem32,
1007 _stlink_sg_write_mem8,
1008 _stlink_sg_read_all_regs,
1009 _stlink_sg_read_reg,
1010 _stlink_sg_write_reg,
1012 _stlink_sg_current_mode,
1013 _stlink_sg_force_debug
1016 static stlink_t* stlink_open(const int verbose) {
1018 stlink_t *sl = malloc(sizeof (stlink_t));
1019 memset(sl, 0, sizeof(stlink_t));
1020 struct stlink_libsg *slsg = malloc(sizeof (struct stlink_libsg));
1021 if (sl == NULL || slsg == NULL) {
1022 WLOG("Couldn't malloc stlink and stlink_sg structures out of memory!\n");
1026 if (libusb_init(&(slsg->libusb_ctx))) {
1027 WLOG("failed to init libusb context, wrong version of libraries?\n");
1033 libusb_set_debug(slsg->libusb_ctx, 3);
1035 slsg->usb_handle = libusb_open_device_with_vid_pid(slsg->libusb_ctx, USB_ST_VID, USB_STLINK_PID);
1036 if (slsg->usb_handle == NULL) {
1037 WLOG("Failed to find an stlink v1 by VID:PID\n");
1038 libusb_close(slsg->usb_handle);
1045 // Could read the interface config descriptor, and assert lots of the assumptions
1047 // assumption: numInterfaces is always 1...
1048 if (libusb_kernel_driver_active(slsg->usb_handle, 0) == 1) {
1049 int r = libusb_detach_kernel_driver(slsg->usb_handle, 0);
1051 WLOG("libusb_detach_kernel_driver(() error %s\n", strerror(-r));
1052 libusb_close(slsg->usb_handle);
1057 DLOG("Kernel driver was successfully detached\n");
1061 if (libusb_get_configuration(slsg->usb_handle, &config)) {
1062 /* this may fail for a previous configured device */
1063 WLOG("libusb_get_configuration()\n");
1064 libusb_close(slsg->usb_handle);
1071 // assumption: bConfigurationValue is always 1
1073 WLOG("Your stlink got into a real weird configuration, trying to fix it!\n");
1074 DLOG("setting new configuration (%d -> 1)\n", config);
1075 if (libusb_set_configuration(slsg->usb_handle, 1)) {
1076 /* this may fail for a previous configured device */
1077 WLOG("libusb_set_configuration() failed\n");
1078 libusb_close(slsg->usb_handle);
1085 if (libusb_claim_interface(slsg->usb_handle, 0)) {
1086 WLOG("libusb_claim_interface() failed\n");
1087 libusb_close(slsg->usb_handle);
1093 // assumption: endpoint config is fixed mang. really.
1094 slsg->ep_rep = 1 /* ep rep */ | LIBUSB_ENDPOINT_IN;
1095 slsg->ep_req = 2 /* ep req */ | LIBUSB_ENDPOINT_OUT;
1097 DLOG("Successfully opened stlinkv1 by libusb :)\n");
1099 sl->verbose = verbose;
1100 sl->backend_data = slsg;
1101 sl->backend = &_stlink_sg_backend;
1103 sl->core_stat = STLINK_CORE_STAT_UNKNOWN;
1106 /* flash memory settings */
1107 sl->flash_base = STM32_FLASH_BASE;
1108 sl->flash_size = STM32_FLASH_SIZE;
1109 sl->flash_pgsz = STM32_FLASH_PGSZ;
1112 sl->sys_base = STM32_SYSTEM_BASE;
1113 sl->sys_size = STM32_SYSTEM_SIZE;
1115 /* sram memory settings */
1116 sl->sram_base = STM32_SRAM_BASE;
1117 sl->sram_size = STM32_SRAM_SIZE;
1124 stlink_t* stlink_v1_open(const int verbose) {
1126 stlink_t *sl = stlink_open(verbose);
1128 fputs("Error: could not open stlink device\n", stderr);
1134 if ((sl->version.st_vid != USB_ST_VID) || (sl->version.stlink_pid != USB_STLINK_PID)) {
1135 ugly_log(UERROR, LOG_TAG,
1136 "WTF? successfully opened, but unable to read version details. BROKEN!\n");
1140 DLOG("Reading current mode...\n");
1141 switch (stlink_current_mode(sl)) {
1142 case STLINK_DEV_MASS_MODE:
1144 case STLINK_DEV_DEBUG_MODE:
1149 DLOG("Attempting to exit DFU mode\n");
1150 _stlink_sg_exit_dfu_mode(sl);
1152 // exit the dfu mode -> the device is gone
1153 DLOG("\n*** reopen the stlink device ***\n");
1158 DLOG("Attempting to reopen the stlink...\n");
1159 sl = stlink_open(verbose);
1161 fputs("Error: could not open stlink device\n", stderr);
1164 // re-query device info
projects / fw / stlink / blob