linux-msm / qdl Goto Github PK

Running on Fedora 37 I always get timeouts from the first attempted bulk transfer (qdl_read).

It enumerates the descriptor fine. Just times out on the first bulk transfer.

.

It would be nice to have a --version on this tool, specially if it is one that uses uses the git hash when it is a development version, so we can easilly pinpoint exactly what is on the qdl binary being used. Bonus points if --debug by default starts by outputing the version, so qdl logs will have that info.

Hi,

Apologies for asking such question as issue but I am not able to find any reference so I left with only this option.

I am using qdl binary on my auxiliary board (i.MX6 running Linux) to flash firmware on my main board(Qcom APQ8009).
Currently it needs the main board to have in EDL/QDL mode to flash the QFILL firmware package using firehorse programmer.
When I got to know about this(nbdkit) qdl update, I updated qdl to generate nbdkit plugin from it so that I can use it with nbdkit to define a new method of flashing the firmwares. But I am stuck now, because I don't know how to use this plugin with nbdkit.
Can anyone please help me to understand it & setup these things.

Thanks in advance.

Hi，andersson

When I use the tool to download for 9607 and 9655 device it occurs：[PROGRAM] errors while parsing program.
So I think some unnecessary field parsing can make selective judgment.For example,
program->sector_size = attr_as_unsigned(node, "SECTOR_SIZE_IN_BYTES", &errors);
could replace with :
if (!strcmp((char *)node->properties->name, "SECTOR_SIZE_IN_BYTES")) {
program->sector_size = attr_as_unsigned(node, "SECTOR_SIZE_IN_BYTES", &errors);
}
If the device xml file doesn't have SECTOR_SIZE_IN_BYTES，it will not prase the field SECTOR_SIZE_IN_BYTES；if the xml have，it will prase then.About this change,I have test and it can be compatible with different devices to parse xml.

what's wrong ?

qdl: failed to read: Connection timed out
LOG: Host's payload to target size is too large

mydevice xiaomi mi 3
which using msm8974

The current v1.0 release is rather old, from 2017. Consider creating a new stable release with all the great changes since then. This should make it easier to package for Linux distributions as well.

need libusb support

First of all, thank you for this wonderful utility. I first came across it on the 96boards site for flashing Dragonboards. I now use it for all of my MSM based devices.

On some devices I've noticed a timeout in qdl_write() when finishing the usb bulktransfer. Bumping the bulk.timeout to 4000 fixes the issue for me. I'm happy to submit a pull request to that effect or I can add an optional argument for a different timeout.

Merged #36 breaks usage with some QCOM devices, like it was before:

qdl prod_firehose_ddr.elf ...

After reverting #36 everything works fine again.

`$ ./qdl --storage ufs prog_emmc_ufs_firehose_Sdm660_ddr.elf rawprogram0.xml patch0.xml --include=./ --debug
HELLO version: 0x2 compatible: 0x1 max_len: 1024 mode: 0
READ64 image: 13 offset: 0x0 length: 0x40
READ64 image: 13 offset: 0x40 length: 0x2d8
READ64 image: 13 offset: 0x1000 length: 0x1000
READ64 image: 13 offset: 0x2000 length: 0xac8
READ64 image: 13 offset: 0x3000 length: 0x1000
READ64 image: 13 offset: 0x4000 length: 0x1000
READ64 image: 13 offset: 0x5000 length: 0x1000
READ64 image: 13 offset: 0x6000 length: 0x1000
READ64 image: 13 offset: 0x7000 length: 0x1000
READ64 image: 13 offset: 0x8000 length: 0x1000
READ64 image: 13 offset: 0x9000 length: 0x1000
READ64 image: 13 offset: 0xa000 length: 0x1000
READ64 image: 13 offset: 0xb000 length: 0x1000
READ64 image: 13 offset: 0xc000 length: 0x1000
READ64 image: 13 offset: 0xd000 length: 0x1000
READ64 image: 13 offset: 0xe000 length: 0x1000
READ64 image: 13 offset: 0xf000 length: 0x1000
READ64 image: 13 offset: 0x10000 length: 0x1000
READ64 image: 13 offset: 0x11000 length: 0x1000
READ64 image: 13 offset: 0x12000 length: 0x1000
READ64 image: 13 offset: 0x13000 length: 0x1000
READ64 image: 13 offset: 0x14000 length: 0x1000
READ64 image: 13 offset: 0x15000 length: 0x1000
READ64 image: 13 offset: 0x16000 length: 0x1000
READ64 image: 13 offset: 0x17000 length: 0x1000
READ64 image: 13 offset: 0x18000 length: 0x1000
READ64 image: 13 offset: 0x19000 length: 0x1000
READ64 image: 13 offset: 0x1a000 length: 0x1000
READ64 image: 13 offset: 0x1b000 length: 0x1000
READ64 image: 13 offset: 0x1c000 length: 0x1000
READ64 image: 13 offset: 0x1d000 length: 0x1000
READ64 image: 13 offset: 0x1e000 length: 0x1000
READ64 image: 13 offset: 0x1f000 length: 0x1000
READ64 image: 13 offset: 0x20000 length: 0x1000
READ64 image: 13 offset: 0x21000 length: 0x1000
READ64 image: 13 offset: 0x22000 length: 0x1000
READ64 image: 13 offset: 0x23000 length: 0x1000
READ64 image: 13 offset: 0x24000 length: 0x1000
READ64 image: 13 offset: 0x25000 length: 0x1000
READ64 image: 13 offset: 0x26000 length: 0x1000
READ64 image: 13 offset: 0x27000 length: 0x1000
READ64 image: 13 offset: 0x28000 length: 0x1000
READ64 image: 13 offset: 0x29000 length: 0x1000
READ64 image: 13 offset: 0x2a000 length: 0x1000
READ64 image: 13 offset: 0x2b000 length: 0x1000
READ64 image: 13 offset: 0x2c000 length: 0x1000
READ64 image: 13 offset: 0x2d000 length: 0x1000
READ64 image: 13 offset: 0x2e000 length: 0x1000
READ64 image: 13 offset: 0x2f000 length: 0x1000
READ64 image: 13 offset: 0x30000 length: 0x1000
READ64 image: 13 offset: 0x31000 length: 0x1000
READ64 image: 13 offset: 0x32000 length: 0x1000
READ64 image: 13 offset: 0x33000 length: 0x1000
READ64 image: 13 offset: 0x34000 length: 0x1000
READ64 image: 13 offset: 0x35000 length: 0x1000
READ64 image: 13 offset: 0x36000 length: 0x1000
READ64 image: 13 offset: 0x37000 length: 0x1000
READ64 image: 13 offset: 0x38000 length: 0x1000
READ64 image: 13 offset: 0x39000 length: 0x1000
READ64 image: 13 offset: 0x3a000 length: 0x1000
READ64 image: 13 offset: 0x3b000 length: 0x1000
READ64 image: 13 offset: 0x3c000 length: 0x1000
READ64 image: 13 offset: 0x3d000 length: 0x1000
READ64 image: 13 offset: 0x3e000 length: 0x1000
READ64 image: 13 offset: 0x3f000 length: 0x1000
READ64 image: 13 offset: 0x40000 length: 0x1000
READ64 image: 13 offset: 0x41000 length: 0x1000
READ64 image: 13 offset: 0x42000 length: 0x1000
READ64 image: 13 offset: 0x43000 length: 0x1000
READ64 image: 13 offset: 0x44000 length: 0x1000
READ64 image: 13 offset: 0x45000 length: 0x1000
READ64 image: 13 offset: 0x46000 length: 0x1000
READ64 image: 13 offset: 0x47000 length: 0x1000
READ64 image: 13 offset: 0x48000 length: 0x1000
READ64 image: 13 offset: 0x49000 length: 0x1000
READ64 image: 13 offset: 0x4a000 length: 0x1000
READ64 image: 13 offset: 0x4b000 length: 0x1000
READ64 image: 13 offset: 0x4c000 length: 0x1000
READ64 image: 13 offset: 0x4d000 length: 0x1000
READ64 image: 13 offset: 0x4e000 length: 0x1000
READ64 image: 13 offset: 0x4f000 length: 0x1000
READ64 image: 13 offset: 0x50000 length: 0x1000
READ64 image: 13 offset: 0x51000 length: 0x1000
READ64 image: 13 offset: 0x52000 length: 0x1000
READ64 image: 13 offset: 0x53000 length: 0x794
READ64 image: 13 offset: 0x537a0 length: 0x1000
READ64 image: 13 offset: 0x547a0 length: 0x1000
READ64 image: 13 offset: 0x557a0 length: 0x1000
READ64 image: 13 offset: 0x567a0 length: 0x1000
READ64 image: 13 offset: 0x577a0 length: 0x1000
READ64 image: 13 offset: 0x587a0 length: 0x1000
READ64 image: 13 offset: 0x597a0 length: 0x1000
READ64 image: 13 offset: 0x5a7a0 length: 0x1000
READ64 image: 13 offset: 0x5b7a0 length: 0xe10
READ64 image: 13 offset: 0x5c5b0 length: 0x1000
READ64 image: 13 offset: 0x5d5b0 length: 0x1000
READ64 image: 13 offset: 0x5e5b0 length: 0x1000
READ64 image: 13 offset: 0x5f5b0 length: 0x1000
READ64 image: 13 offset: 0x605b0 length: 0x1000
READ64 image: 13 offset: 0x615b0 length: 0x1000
READ64 image: 13 offset: 0x625b0 length: 0x1000
READ64 image: 13 offset: 0x635b0 length: 0x1000
READ64 image: 13 offset: 0x645b0 length: 0x1000
READ64 image: 13 offset: 0x655b0 length: 0x108
READ64 image: 13 offset: 0x656c0 length: 0x1000
READ64 image: 13 offset: 0x666c0 length: 0xe7c
READ64 image: 13 offset: 0x67540 length: 0x1000
READ64 image: 13 offset: 0x68540 length: 0x1000
READ64 image: 13 offset: 0x69540 length: 0x1000
READ64 image: 13 offset: 0x6a540 length: 0x1000
READ64 image: 13 offset: 0x6b540 length: 0x1000
READ64 image: 13 offset: 0x6c540 length: 0x1000
READ64 image: 13 offset: 0x6d540 length: 0x1000
READ64 image: 13 offset: 0x6e540 length: 0x1000
READ64 image: 13 offset: 0x6f540 length: 0x1000
READ64 image: 13 offset: 0x70540 length: 0x1000
READ64 image: 13 offset: 0x71540 length: 0x1000
READ64 image: 13 offset: 0x72540 length: 0x1000
READ64 image: 13 offset: 0x73540 length: 0x1000
READ64 image: 13 offset: 0x74540 length: 0x1000
READ64 image: 13 offset: 0x75540 length: 0x1000
READ64 image: 13 offset: 0x76540 length: 0x1000
READ64 image: 13 offset: 0x77540 length: 0x1000
READ64 image: 13 offset: 0x78540 length: 0x1000
READ64 image: 13 offset: 0x79540 length: 0x1000
READ64 image: 13 offset: 0x7a540 length: 0x1000
READ64 image: 13 offset: 0x7b540 length: 0x1000
READ64 image: 13 offset: 0x7c540 length: 0x1000
READ64 image: 13 offset: 0x7d540 length: 0x1000
READ64 image: 13 offset: 0x7e540 length: 0x1000
READ64 image: 13 offset: 0x7f540 length: 0x1000
READ64 image: 13 offset: 0x80540 length: 0x1000
READ64 image: 13 offset: 0x81540 length: 0x878
READ64 image: 13 offset: 0x81dc0 length: 0x1000
READ64 image: 13 offset: 0x82dc0 length: 0x1000
READ64 image: 13 offset: 0x83dc0 length: 0x1000
READ64 image: 13 offset: 0x84dc0 length: 0x1000
READ64 image: 13 offset: 0x85dc0 length: 0x1000
READ64 image: 13 offset: 0x86dc0 length: 0x1000
READ64 image: 13 offset: 0x87dc0 length: 0x1000
READ64 image: 13 offset: 0x88dc0 length: 0x1000
READ64 image: 13 offset: 0x89dc0 length: 0x1000
READ64 image: 13 offset: 0x8adc0 length: 0x1000
READ64 image: 13 offset: 0x8bdc0 length: 0x1000
READ64 image: 13 offset: 0x8cdc0 length: 0x1000
READ64 image: 13 offset: 0x8ddc0 length: 0x1000
READ64 image: 13 offset: 0x8edc0 length: 0x1000
READ64 image: 13 offset: 0x8fdc0 length: 0x1000
READ64 image: 13 offset: 0x90dc0 length: 0x1000
READ64 image: 13 offset: 0x91dc0 length: 0x4c9
END OF IMAGE image: 13 status: 0
DONE status: 1
FIREHOSE READ:



LOG: Binary build date: May 9 2017 @ 09:31:00
FIREHOSE READ:



LOG: Chip serial num: 4294967295 (0xffffffff)
FIREHOSE READ:



LOG: Supported Functions: program configure nop firmwarewrite patch setbootablestoragedrive ufs emmc power benchmark read getstorageinfo getsha256digest erase erasecust sha256init sha256final eraseuserdata erasebackupgpt programcust move peek poke
FIREHOSE READ:



LOG: VIP - Validated Image Programming is enabled - Validation is enabled.
qdl: failed to read: Connection timed out
FIREHOSE WRITE:

FIREHOSE READ:



LOG: Image Total Size = 0x9A (154)
FIREHOSE READ:



LOG: HeaderIs80Bytes = 0x0
FIREHOSE READ:



LOG: image_info.sw_type = 0x3 (DeviceProgrammer insists on this)
FIREHOSE READ:



LOG: image_info.sw_version = 0x0
FIREHOSE READ:



LOG: image_info.header_len_1 = 0x28
FIREHOSE READ:



LOG: image_info.code_ptr_1 = 0xF54BEA32
FIREHOSE READ:



LOG: image_info.code_len_1 = 0x643C0A3E
FIREHOSE READ:



LOG: image_info.x509_chain_ptr = 0x6AB35398
FIREHOSE READ:



LOG: image_info.x509_chain_len = 0x4D206572
FIREHOSE READ:



LOG: image_info.signature_ptr = 0x33AD5E93
FIREHOSE READ:



LOG: image_info.signature_len = 0x6E6F633C
FIREHOSE READ:



LOG: image_info.header_ptr_1 = 0x85E276C0
FIREHOSE READ:



LOG: Back from AuthenticateImage, retval=0x0
FIREHOSE READ:



LOG: Failed to authenticate Digital Signature, resetting validation state
FIREHOSE READ:



LOG: ERROR 11: Line 813: DIGITAL_SIGNATURE_DID_NOT_PASS
FIREHOSE READ:



FIREHOSE READ:



LOG: Reset validation state. Expecting Digital signature
FIREHOSE READ:



FIREHOSE READ:



LOG: VIP - Validated Image Programming is enabled - Validation is enabled.
`

Currently if detect_type detects that it is of type QDL_FILE_CONTENTS, will prompt directly "qdl: contents.xml type not yet supported".

When flash a partition with 'sparse="true"' flag, no error returned.
But device can't boot up successfully and it reports corresponding partition mount failed.
According to the Windows tool, it has split image up into 4 partitions and then write 1 by 1.
It seems we don't obtain such mechanism.

Test log as below from windows QFIL:
xml:

QFIL log:
INFO: File system.img is a sparse file, being split up into 4 separate XML tags
......
INFO: system.img is a sparse image
INFO: Looking for file 'system.img'
INFO: system.img is a sparse image
INFO: Looking for file 'system.img'
INFO: system.img is a sparse image
INFO: Looking for file 'system.img'
INFO: system.img is a sparse image
INFO: Looking for file 'system.img'
......
system.img is a sparse image
{ (68.80 MB) 140912 sectors needed at location 3031040 on LUN 0}
{ (8.00 KB) 16 sectors needed at location 3293184 on LUN 0}
{ (8.00 KB) 16 sectors needed at location 3293320 on LUN 0}
{ (119.97 MB) 245696 sectors needed at location 3297336 on LUN 0

Let me know if you're interested in a PR for this. I have it working here:
jwinarske@219740c

just build from source doesn't work and the AUR version doesn't work either

https://aur.archlinux.org/packages/qdl-git

/var/tmp/pamac-build/qdl-git/PKGBUILD: line 29: pkg-config: command not found
cc -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -c -o firehose.o firehose.c
cc -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -c -o qdl.o qdl.c
qdl.c:52:10: fatal error: libxml/parser.h: There is no such file or directory
52 | #include <libxml/parser.h>
| ^
compilation aborted.
firehose.c:51:10: fatal error: libxml/parser.h: There is no such file or directory
51 | #include <libxml/parser.h>
| ^
compilation aborted.
make: *** [: qdl.o] Error 1
make: *** Waiting for jobs to complete...
make: *** [: firehose.o] Error 1
==> ERROR: There was a failure in build().
Interrupt...

I compiled the project and used it. But I don't know how to use it to download the MDM9607 device image. I tried to read the code, and since I didn't understand the qualcomm download protocol, I couldn't read the code.
I use the following command:
./qdl prog_nand_firehose_9x07.mbn rawprogram_nand_p2K_b128K.xml patch_p2K_b128K.xml --include=./ --debug
Terminal output:[PROGRAM] errors while parsing program
I didn't find it in the XML file:"file_sector_offset","label"......

Can you give me detailed instructions on how to use it?

Hello, I am having some difficulties with flashing a qualcomm device with this utility. After running sudo qdl --debug prog_emmc_firehose_8953_ddr.mbn rawprogram0.xml patch0.xml and connecting device in EDL mode produces following output. Any ideas on what could be the cause?

USB: using out-chunk-size of 1048576
HELLO version: 0x2 compatible: 0x1 max_len: 1024 mode: 0
READ image: 13 offset: 0x0 length: 0x34
READ image: 13 offset: 0x34 length: 0x120
READ image: 13 offset: 0x1000 length: 0x1000
READ image: 13 offset: 0x2000 length: 0xa48
READ image: 13 offset: 0x59be0 length: 0x1000
READ image: 13 offset: 0x5abe0 length: 0xf10
READ image: 13 offset: 0x5baf0 length: 0x1000
READ image: 13 offset: 0x5caf0 length: 0x7f0
READ image: 13 offset: 0x3000 length: 0x1000
READ image: 13 offset: 0x4000 length: 0x1000
READ image: 13 offset: 0x5000 length: 0x1000
READ image: 13 offset: 0x6000 length: 0x1000
READ image: 13 offset: 0x7000 length: 0x1000
READ image: 13 offset: 0x8000 length: 0x1000
READ image: 13 offset: 0x9000 length: 0x1000
READ image: 13 offset: 0xa000 length: 0x1000
READ image: 13 offset: 0xb000 length: 0x1000
READ image: 13 offset: 0xc000 length: 0x1000
READ image: 13 offset: 0xd000 length: 0x1000
READ image: 13 offset: 0xe000 length: 0x1000
READ image: 13 offset: 0xf000 length: 0x1000
READ image: 13 offset: 0x10000 length: 0x1000
READ image: 13 offset: 0x11000 length: 0x1000
READ image: 13 offset: 0x12000 length: 0x1000
READ image: 13 offset: 0x13000 length: 0x1000
READ image: 13 offset: 0x14000 length: 0x1000
READ image: 13 offset: 0x15000 length: 0x1000
READ image: 13 offset: 0x16000 length: 0x1000
READ image: 13 offset: 0x17000 length: 0x1000
READ image: 13 offset: 0x18000 length: 0x1000
READ image: 13 offset: 0x19000 length: 0x1000
READ image: 13 offset: 0x1a000 length: 0x1000
READ image: 13 offset: 0x1b000 length: 0x1000
READ image: 13 offset: 0x1c000 length: 0x1000
READ image: 13 offset: 0x1d000 length: 0x1000
READ image: 13 offset: 0x1e000 length: 0x1000
READ image: 13 offset: 0x1f000 length: 0x1000
READ image: 13 offset: 0x20000 length: 0x1000
READ image: 13 offset: 0x21000 length: 0x1000
READ image: 13 offset: 0x22000 length: 0x1000
READ image: 13 offset: 0x23000 length: 0x1000
READ image: 13 offset: 0x24000 length: 0x1000
READ image: 13 offset: 0x25000 length: 0x1000
READ image: 13 offset: 0x26000 length: 0x1000
READ image: 13 offset: 0x27000 length: 0x1000
READ image: 13 offset: 0x28000 length: 0x1000
READ image: 13 offset: 0x29000 length: 0x1000
READ image: 13 offset: 0x2a000 length: 0x1000
READ image: 13 offset: 0x2b000 length: 0x1000
READ image: 13 offset: 0x2c000 length: 0x1000
READ image: 13 offset: 0x2d000 length: 0x1000
READ image: 13 offset: 0x2e000 length: 0x1000
READ image: 13 offset: 0x2f000 length: 0x1000
READ image: 13 offset: 0x30000 length: 0x1000
READ image: 13 offset: 0x31000 length: 0x1000
READ image: 13 offset: 0x32000 length: 0x1000
READ image: 13 offset: 0x33000 length: 0x1000
READ image: 13 offset: 0x34000 length: 0x1000
READ image: 13 offset: 0x35000 length: 0x1000
READ image: 13 offset: 0x36000 length: 0x1000
READ image: 13 offset: 0x37000 length: 0x1000
READ image: 13 offset: 0x38000 length: 0x1000
READ image: 13 offset: 0x39000 length: 0x1000
READ image: 13 offset: 0x3a000 length: 0x1000
READ image: 13 offset: 0x3b000 length: 0x1000
READ image: 13 offset: 0x3c000 length: 0x1000
READ image: 13 offset: 0x3d000 length: 0x1000
READ image: 13 offset: 0x3e000 length: 0x1000
READ image: 13 offset: 0x3f000 length: 0x1000
READ image: 13 offset: 0x40000 length: 0x1000
READ image: 13 offset: 0x41000 length: 0x1000
READ image: 13 offset: 0x42000 length: 0x1000
READ image: 13 offset: 0x43000 length: 0x1000
READ image: 13 offset: 0x44000 length: 0x1000
READ image: 13 offset: 0x45000 length: 0x1000
READ image: 13 offset: 0x46000 length: 0x1000
READ image: 13 offset: 0x47000 length: 0x1000
READ image: 13 offset: 0x48000 length: 0x1000
READ image: 13 offset: 0x49000 length: 0x1000
READ image: 13 offset: 0x4a000 length: 0x1000
READ image: 13 offset: 0x4b000 length: 0x1000
READ image: 13 offset: 0x4c000 length: 0x1000
READ image: 13 offset: 0x4d000 length: 0x1000
READ image: 13 offset: 0x4e000 length: 0x388
READ image: 13 offset: 0x4e388 length: 0x1000
READ image: 13 offset: 0x4f388 length: 0x1000
READ image: 13 offset: 0x50388 length: 0x1000
READ image: 13 offset: 0x51388 length: 0x1000
READ image: 13 offset: 0x52388 length: 0x1000
READ image: 13 offset: 0x53388 length: 0x1000
READ image: 13 offset: 0x54388 length: 0x1000
READ image: 13 offset: 0x55388 length: 0x1000
READ image: 13 offset: 0x56388 length: 0x1000
READ image: 13 offset: 0x57388 length: 0x1000
READ image: 13 offset: 0x58388 length: 0x1000
READ image: 13 offset: 0x59388 length: 0x858
END OF IMAGE image: 13 status: 0
DONE status: 0
FIREHOSE WRITE: <?xml version="1.0"?>
<data><configure MemoryName="ufs" MaxPayloadSizeToTargetInBytes="1048576" verbose="0" ZLPAwareHost="1" SkipStorageInit="0"/></data>

FIREHOSE READ: <?xml version="1.0" encoding="UTF-8" ?><data><log value="logbuf@0x08070078 fh@0x0806CEE0" /></data>
LOG: logbuf@0x08070078 fh@0x0806CEE0
FIREHOSE READ: <?xml version="1.0" encoding="UTF-8" ?><data><response value="ACK" MinVersionSupported="1" MemoryName="eMMC" MaxPayloadSizeFromTargetInBytes="4096" MaxPayloadSizeToTargetInBytes="1048576" MaxPayloadSizeToTargetInBytesSupported="1048576" MaxXMLSizeInBytes="4096" Version="1" TargetName="8953" /></data>
[CONFIGURE] max payload size: 1048576
FIREHOSE WRITE: <?xml version="1.0"?>
<data><program SECTOR_SIZE_IN_BYTES="512" num_partition_sectors="172032" physical_partition_number="0" start_sector="131072" filename="NON-HLOS.bin"/></data>

qdl: bulk write failed: Operation timed out
[PROGRAM] failed to write program command

currently about url sends user to https://git.linaro.org/landing-teams/working/qualcomm/qdl.gi

it should be https://git.linaro.org/landing-teams/working/qualcomm/qdl.git

Hi there,
I am attempting to flash a Jiophone 2 F300B Device however the QDL tool doesn't seem to be recognising it

./qdl --debug --storage emmc --include '~/Downloads/LYF-F300B-001-01-21-230818' '/home/luke/Downloads/LYF-F300B-001-01-21-230818/boot_images/build/ms/bin/8909/emmc/unsigned/prog_emmc_firehose_8909_ddr.mbn' '/home/luke/Downloads/LYF-F300B-001-01-21-230818/common/build/bin/asic/sparse_images/rawprogram_unsparse.xml' '/home/luke/Downloads/LYF-F300B-001-01-21-230818/common/build/patch0.xml' Waiting for EDL device /dev/bus/usb/001/009 /dev/bus/usb/001/009

Despite the device reading the correct ID Vender and ID Product

Bus 001 Device 009: ID 05c6:9008 Qualcomm, Inc. Gobi Wireless Modem (QDL mode)

ModemManager has been stopped

wouldu pls add reboot to normal/power on funtion?

In cases with multiple devices attached to a single host, one should be able to select which device to flash.

e.g.

qdl --id d8582a9f --storage ufs prog_firehose_ddr.elf rawprogram*.xml patch*.xml

I'm finding some odd interactions with timing. I suspect it's related to the programmer (target flash stub) used. Meaning it will vary depending on SoC target.

Once the flash stub is pushed via sahara it jumps into it's entry point. Depending on the flash stub used it may need to train the DDR, etc. So completion time varies on flash stub implementation (target implementation).

The current timeout/delay: https://github.com/andersson/qdl/blob/master/firehose.c#L617
I find dropping this timeout to 500 ms works reliably. This delay corresponds to the first entry of the listed log.

Then a default configuration is sent with a big default value. In the case of the apq8016 emmc flash stub it causes a timeout after re-config. Seems it might be better to read then modify, which would eliminate this additional timeout/delay.

Delay is ~10 seconds

Putting on my factory hat - that's really expensive :)

I'll look at this a bit more later.

qdl: firehose operation timed out
FIREHOSE WRITE: <?xml version="1.0"?>
<data><configure MemoryName="emmc" MaxPayloadSizeToTargetInBytes="1048576" verbose="0" ZLPAwareHost="1" SkipStorageInit="0"/></data>

FIREHOSE READ: <?xml version="1.0" encoding="UTF-8" ?><data><log value="Host's payload to target size is too large" /></data>
LOG: Host's payload to target size is too large
FIREHOSE READ: <?xml version="1.0" encoding="UTF-8" ?><data><log value="logbuf@0x0801CDC0 fh@0x08019C28" /></data>
LOG: logbuf@0x0801CDC0 fh@0x08019C28
FIREHOSE READ: <?xml version="1.0" encoding="UTF-8" ?><data><response value="NAK" MinVersionSupported="1" MemoryName="eMMC" MaxPayloadSizeFromTargetInBytes="4096" MaxPayloadSizeToTargetInBytes="16384" MaxPayloadSizeToTargetInBytesSupported="16384" MaxXMLSizeInBytes="4096" Version="1" TargetName="8916" /></data>
FIREHOSE WRITE: <?xml version="1.0"?>
<data><configure MemoryName="emmc" MaxPayloadSizeToTargetInBytes="16384" verbose="0" ZLPAwareHost="1" SkipStorageInit="0"/></data>

ERROR: n = -1, errno = 110 (Connection timed out)
FIREHOSE READ: <?xml version="1.0" encoding="UTF-8" ?><data><log value="logbuf@0x0801CDC0 fh@0x08019C28" /></data>
LOG: logbuf@0x0801CDC0 fh@0x08019C28
qdl: firehose operation timed out
FIREHOSE WRITE: <?xml version="1.0"?>
<data><configure MemoryName="emmc" MaxPayloadSizeToTargetInBytes="16384" verbose="0" ZLPAwareHost="1" SkipStorageInit="0"/></data>

FIREHOSE READ: <?xml version="1.0" encoding="UTF-8" ?><data><log value="logbuf@0x0801CDC0 fh@0x08019C28" /></data>
LOG: logbuf@0x0801CDC0 fh@0x08019C28
FIREHOSE READ: <?xml version="1.0" encoding="UTF-8" ?><data><response value="ACK" MinVersionSupported="1" MemoryName="eMMC" MaxPayloadSizeFromTargetInBytes="4096" MaxPayloadSizeToTargetInBytes="16384" MaxPayloadSizeToTargetInBytesSupported="16384" MaxXMLSizeInBytes="4096" Version="1" TargetName="8916" /></data>
[CONFIGURE] max payload size: 16384
FIREHOSE WRITE: <?xml version="1.0"?>
<data><program SECTOR_SIZE_IN_BYTES="512" num_partition_sectors="1" physical_partition_number="0" start_sector="131072" filename="sbc_1.0_8016.bin"/></data>

FIREHOSE READ: <?xml version="1.0" encoding="UTF-8" ?><data><log value="start 131072, num 1" /></data>
LOG: start 131072, num 1
FIREHOSE READ: <?xml version="1.0" encoding="UTF-8" ?><data><response value="ACK" rawmode="true" /></data>

Attempting to use qdl 3c0405c with APQ8016 - DB410c.

Device enumeration:
Bus 007 Device 027: ID 05c6:9008 Qualcomm, Inc. Gobi Wireless Modem (QDL mode)

Using dragonboard-410c-bootloader-emmc-linux-159.zip I issue:
sudo /b/qdl/qdl prog_emmc_firehose_8916.mbn rawprogram0.xml patch0.xml

It just returns fairly quick, and says nothing.

strace log

log tail

ioctl(4, USBDEVFS_IOCTL, 0x7ffc02ac36f0) = -1 ENODATA (No data available)
ioctl(4, USBDEVFS_CLAIMINTERFACE, 0x7ffc02ac36cc) = 0
openat(AT_FDCWD, "prog_emmc_firehose_8916.mbn", O_RDONLY) = 3
ioctl(4, USBDEVFS_BULK, 0x7ffc02ac25d0) = -1 ETIMEDOUT (Connection timed out)

Does prog_emmc_firehose_8916.mbn require an update to work with master?

I'm running this on Fedora 33. I'll try it on Ubuntu 18 as well.

I am proposing a port that uses libusb and it's async API.

This has a number of benefits:

1. Enables multiple bulk transfers in flight to best leverage the available USB bandwidth
2. Platform agnostic. Mac/Windows/Linux

Are you open to a PR for this?

Hi,andersson

For 9655 device,after masking the fields that are not in the xml,it could download successfully for 9655 device.
However, for 9607 device,after masking the fields that are not in the xml，I try to download for 05c6：9008，and found that the process of prasing，reading and erasing is smoothly，but when to the process of write，it failed.The output log is as the attachment.

I tried to add follow part:
if(len == 0) {
bulk.ep = qdl->out_ep;
bulk.len = 0;
bulk.data = data;
bulk.timeout = 1000;

                    n = ioctl(qdl->fd, USBDEVFS_BULK, &bulk);
                    if(n != 0) {
                            fprintf(stderr,"ERROR: n = %d, errno = %d (%s)\n",
                                    n, errno, strerror(errno));
                            return -1;
                    }

                    return 0;
            }

And masking this part:

if (len_orig % qdl->out_maxpktsize == 0) {
bulk.ep = qdl->out_ep;
bulk.len = 0;
bulk.data = NULL;
bulk.timeout = 1000;

                    n = ioctl(qdl->fd, USBDEVFS_BULK, &bulk);
                    if (n < 0)
                            return n;
            }

After doing this ,it could download successfully for 9607 device.But it couldn't download for 9655 device，is there a way to handle these two changes so that it can be compatible with different Qualcomm devices?

"I/O warning : failed to load external entity "ufs"
[PATCH] failed to parse ufs
qdl: failed to detect file type of ufs"

Lenovo Xiaoxin Pad 2022

https://aur.archlinux.org/packages/qdl

I want to start the process with qdl, but it gives this error, I don't understand why.

I/O warning : failed to load external entity "rawprogram_unsparse.xml" [PATCH] failed to parse rawprogram_unsparse.xml qdl: failed to detect file type of rawprogram_unsparse.xml

Hey,
I'm trying to get this worked in a Proxmox-VM setup.
I'm running a turnkeycore image, but the same happened on the latest ubuntu server.

Linux core 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64 GNU/Linux

It seems it is unable to communicate with the device -> Connection timed out

• I tried to increase the timeout in sahara.c - qdl_read but it just hangs.
• I tried to blacklist qcserial kernel module on both Proxmox host and the VM.
• It works flashing from host directly (and other regular conditions)
• I have hotplug enabled on the VM, tried to directly assign the port and the Vendor/Device IDs.
• I tried giving full access by adding a udev rule
• SUBSYSTEM=="usb", ATTRS{idVendor}=="XXXX", ATTRS{idProduct}=="XXXX", MODE="0666"

Strace gave me this:

write(2, "Waiting for EDL device\n", 23Waiting for EDL device
) = 23
pselect6(4, [3], NULL, NULL, NULL, NULL) = 1 (in [3])
recvfrom(3, NULL, 0, MSG_PEEK|MSG_TRUNC, NULL, NULL) = 1224
recvmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=280, nl_groups=0x000002}, msg_namelen=128 => 12, msg_iov=[{iov_base=[{prefix="libudev", magic=htonl(0xfeedcafe), header_size=40, properties_off=40, properties_len=1184, filter_subsystem_hash=htonl(0x577c5e5), filter_devtype_hash=htonl(0x27f8f50c), filter_tag_bloom_hi=htonl(0x2080000), filter_tag_bloom_lo=htonl(0x400001)}, "UDEV_DATABASE_VERSION=1\0ACTION=a"...], iov_len=1224}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=2521, uid=0, gid=0}}], msg_controllen=32, msg_flags=0}, 0) = 1224
getrandom("\x28\x5d\xa9\xdb\x16\x26\x4c\x56\x4a\xd4\x66\x5e\x19\x0d\xe9\x60", 16, GRND_INSECURE) = 16
getrandom("\x55\xd4\x33\x5b\x53\x69\x1d\x70\xee\xe5\x9f\x47\xcf\xc7\x57\x69", 16, GRND_INSECURE) = 16
getrandom("\x66\x14\x81\x2f\x6a\xad\x79\x61\x40\xa6\x0c\xff\x87\x93\xf8\x20", 16, GRND_INSECURE) = 16
getrandom("\x4a\x8f\x0e\xdb\x5b\x42\xd0\xcf\x0c\x18\xbb\xab\xb7\x17\x90\x06", 16, GRND_INSECURE) = 16
openat(AT_FDCWD, "/dev/bus/usb/002/005", O_RDWR) = 4
read(4, "\22\1\0\2\0\0\0@\306\5\10\220\0\0\1\2\0\1\t\2 \0\1\1\0\200\1\t\4\0\0\2"..., 1024) = 50
close(3)                                = 0
ioctl(4, USBDEVFS_IOCTL, 0x7ffd7df19830) = -1 ENODATA (No data available)
ioctl(4, USBDEVFS_CLAIMINTERFACE, 0x7ffd7df1980c) = 0
openat(AT_FDCWD, "prog_firehose_ddr.elf", O_RDONLY) = 3
ioctl(4, USBDEVFS_BULK, 0x7ffd7df18710) = -1 ETIMEDOUT (Connection timed out)
close(3)                                = 0
exit_group(1)                           = ?
+++ exited with 1 +++

Do you have any suggestions on how to investigate further? 😄
Thanks!

it looks like some of the recent changes broke UFS provisioning, see https://discuss.96boards.org/t/how-to-provision-snapdragon-820-using-the-qdl-tool/8184/7

opening it here, so that we don't forget about it.