firmware update

Bjørn Mork bjorn at mork.no
Mon Dec 21 02:16:55 PST 2015 

Aleksander Morgado <aleksander at aleksander.es> writes:

> Hey,
>
>
> On Mon, Dec 21, 2015 at 4:10 AM, dailijin <dailijin126 at 126.com> wrote:
>>
>> Sorry, I miss to add attachments.
>>
>>
>
> FYI; the mail with the attachments was blocked by the mailing list
> server due to its size. Everyone who was in CC of that email (Bjørn,
> David, me) should have gotten the attachments already. If you want to
> re-send them, please store them somewhere online and send a link
> instead.

It might also be useful to try to reduce the amount of irrelevant data
in the dumps :)

I don't know how to properly filter usbsnoops, but I usually try to
dedicate a bus for the device I want to monitor and then dump *only*
that bus.  This limits the noise in the dump to a few root hub events.
In your case there were a large number of unrelated USB devices, and
AFAICS very few (less than 100?) packets exchanged with the MC7304.

I could not find any QDL activity at all, but that is consistent with
your logs.  The firmware upload never really starts.

But around here, there was an interesting QMI part (although likely
unrelated to your problems):

bjorn at nemi:~$ tshark -Y 'frame.number >= 2700 and frame.number < 2713' -X lua_script:/usr/local/src/git/wireshark-qmi/qmi_dissector.lua -r /tmp/emm.4360z2O/usbmon.log.pcap 
2700  21.067661                      host              10.0         USB URB_CONTROL in
2701  21.067998                      10.0              host         USB/QMI URB_CONTROL in, DMS Response: 0x48
2702  21.068003                      host              10.7         USB URB_INTERRUPT in
2703  21.068308                      host              10.0         USB/QMI URB_CONTROL out, DMS Request: 0x2e
2704  21.068625                      10.0              host         USB URB_CONTROL out
2705  21.075655                      10.7              host         USB URB_INTERRUPT in
2706  21.075662                      host              10.0         USB URB_CONTROL in
2707  21.075938                      10.0              host         USB/QMI URB_CONTROL in, DMS Response: 0x2e
2708  21.075950                      host              10.7         USB URB_INTERRUPT in
2709  21.076177                      host              10.0         USB/QMI URB_CONTROL out, DMS Request: 0x2e
2710  21.076501                      10.0              host         USB URB_CONTROL out
2711  21.091030                       8.1              host         USB URB_BULK in
2712  21.091078                      host              8.1          USB URB_BULK in


The DMS 0x003e messagesshows something interesting: Your firmware update
application use the TLV Dan was missing:



$ tshark -Y frame.number==2703 -X lua_script:/usr/local/src/git/wireshark-qmi/qmi_dissector.lua -nxVr /tmp/emm.4360z2O/usbmon.log.pcap
...

URB setup
    bmRequestType: 0x21
        0... .... = Direction: Host-to-device
        .01. .... = Type: Class (0x01)
        ...0 0001 = Recipient: Interface (0x01)
    bRequest: 0
    wValue: 0x0000
    wIndex: 8
    wLength: 17
    Data Fragment: 011000000203000f002e00040001010005
Leftover Capture Data: 011000000203000f002e00040001010005
QMI
    QMUX Header
        T/F: 1
        Length: 16
        Flag: 0x00
        Service ID: DMS (0x02)
        Client ID: 0x03
    Transaction Header
        .... ...0 = Transaction Compound Bit: 0
        .... ..0. = Transaction Response Bit: 0
        .... .0.. = Transaction Indication Bit: 0
        Transaction ID: 0x000f
    Message Header
        Message ID: Unknown (0x002e)
        Message Length: 4
    TLV 0x01
        TLV Type: 0x01
        TLV Length: 1
        TLV Value: 05

Frame (81 bytes):
0000  00 4c 25 19 01 88 ff ff 53 02 00 0a 01 00 00 00   .L%.....S.......
0010  ce 62 77 56 00 00 00 00 00 9a 02 00 8d ff ff ff   .bwV............
0020  11 00 00 00 11 00 00 00 21 00 00 00 08 00 11 00   ........!.......
0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0040  01 10 00 00 02 03 00 0f 00 2e 00 04 00 01 01 00   ................
0050  05                                                .
Linux USB Control (24 bytes):
0000  00 00 00 08 00 11 00 01 10 00 00 02 03 00 0f 00   ................
0010  2e 00 04 00 01 01 00 05                           ........



$ tshark -Y frame.number==2709 -X lua_script:/usr/local/src/git/wireshark-qmi/qmi_dissector.lua -nxVr /tmp/emm.4360z2O/usbmon.log.pcap 
..

URB setup
    bmRequestType: 0x21
        0... .... = Direction: Host-to-device
        .01. .... = Type: Class (0x01)
        ...0 0001 = Recipient: Interface (0x01)
    bRequest: 0
    wValue: 0x0000
    wIndex: 8
    wLength: 17
    Data Fragment: 0110000002030010002e00040001010004
Leftover Capture Data: 0110000002030010002e00040001010004
QMI
    QMUX Header
        T/F: 1
        Length: 16
        Flag: 0x00
        Service ID: DMS (0x02)
        Client ID: 0x03
    Transaction Header
        .... ...0 = Transaction Compound Bit: 0
        .... ..0. = Transaction Response Bit: 0
        .... .0.. = Transaction Indication Bit: 0
        Transaction ID: 0x0010
    Message Header
        Message ID: Unknown (0x002e)
        Message Length: 4
    TLV 0x01
        TLV Type: 0x01
        TLV Length: 1
        TLV Value: 04

Frame (81 bytes):
0000  40 48 c9 17 01 88 ff ff 53 02 00 0a 01 00 00 00   @H......S.......
0010  ce 62 77 56 00 00 00 00 bd b8 02 00 8d ff ff ff   .bwV............
0020  11 00 00 00 11 00 00 00 21 00 00 00 08 00 11 00   ........!.......
0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0040  01 10 00 00 02 03 00 10 00 2e 00 04 00 01 01 00   ................
0050  04                                                .
Linux USB Control (24 bytes):
0000  00 00 00 08 00 11 00 01 10 00 00 02 03 00 10 00   ................
0010  2e 00 04 00 01 01 00 04                           ........


So it sends a "shutting down" and then a "reset". 

(You can get Ilya's qmi_dissector.lua from https://gist.github.com/ivoronin/2641557 )




Bjørn

More information about the libqmi-devel mailing list