1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * dfu.c -- DFU back-end routines
4 *
5 * Copyright (C) 2012 Samsung Electronics
6 * author: Lukasz Majewski <l.majewski@samsung.com>
7 */
8
9 #include <common.h>
10 #include <env.h>
11 #include <errno.h>
12 #include <malloc.h>
13 #include <mmc.h>
14 #include <fat.h>
15 #include <dfu.h>
16 #include <hash.h>
17 #include <linux/list.h>
18 #include <linux/compiler.h>
19
20 static LIST_HEAD(dfu_list);
21 static int dfu_alt_num;
22 static int alt_num_cnt;
23 static struct hash_algo *dfu_hash_algo;
24
25 /*
26 * The purpose of the dfu_flush_callback() function is to
27 * provide callback for dfu user
28 */
dfu_flush_callback(struct dfu_entity * dfu)29 __weak void dfu_flush_callback(struct dfu_entity *dfu)
30 {
31 }
32
33 /*
34 * The purpose of the dfu_initiated_callback() function is to
35 * provide callback for dfu user
36 */
dfu_initiated_callback(struct dfu_entity * dfu)37 __weak void dfu_initiated_callback(struct dfu_entity *dfu)
38 {
39 }
40
41 /*
42 * The purpose of the dfu_usb_get_reset() function is to
43 * provide information if after USB_DETACH request
44 * being sent the dfu-util performed reset of USB
45 * bus.
46 *
47 * Described behaviour is the only way to distinct if
48 * user has typed -e (detach) or -R (reset) when invoking
49 * dfu-util command.
50 *
51 */
dfu_usb_get_reset(void)52 __weak bool dfu_usb_get_reset(void)
53 {
54 #ifdef CONFIG_SPL_DFU_NO_RESET
55 return false;
56 #else
57 return true;
58 #endif
59 }
60
dfu_find_alt_num(const char * s)61 static int dfu_find_alt_num(const char *s)
62 {
63 int i = 0;
64
65 for (; *s; s++)
66 if (*s == ';')
67 i++;
68
69 return ++i;
70 }
71
72 /*
73 * treat dfu_alt_info with several interface information
74 * to allow DFU on several device with one command,
75 * the string format is
76 * interface devstring'='alternate list (';' separated)
77 * and each interface separated by '&'
78 */
dfu_config_interfaces(char * env)79 int dfu_config_interfaces(char *env)
80 {
81 struct dfu_entity *dfu;
82 char *s, *i, *d, *a, *part;
83 int ret = -EINVAL;
84 int n = 1;
85
86 s = env;
87 for (; *s; s++) {
88 if (*s == ';')
89 n++;
90 if (*s == '&')
91 n++;
92 }
93 ret = dfu_alt_init(n, &dfu);
94 if (ret)
95 return ret;
96
97 s = env;
98 while (s) {
99 ret = -EINVAL;
100 i = strsep(&s, " ");
101 if (!i)
102 break;
103 d = strsep(&s, "=");
104 if (!d)
105 break;
106 a = strsep(&s, "&");
107 if (!a)
108 a = s;
109 do {
110 part = strsep(&a, ";");
111 ret = dfu_alt_add(dfu, i, d, part);
112 if (ret)
113 return ret;
114 } while (a);
115 }
116
117 return ret;
118 }
119
dfu_init_env_entities(char * interface,char * devstr)120 int dfu_init_env_entities(char *interface, char *devstr)
121 {
122 const char *str_env;
123 char *env_bkp;
124 int ret = 0;
125
126 #ifdef CONFIG_SET_DFU_ALT_INFO
127 set_dfu_alt_info(interface, devstr);
128 #endif
129 str_env = env_get("dfu_alt_info");
130 if (!str_env) {
131 pr_err("\"dfu_alt_info\" env variable not defined!\n");
132 return -EINVAL;
133 }
134
135 env_bkp = strdup(str_env);
136 if (!interface && !devstr)
137 ret = dfu_config_interfaces(env_bkp);
138 else
139 ret = dfu_config_entities(env_bkp, interface, devstr);
140
141 if (ret) {
142 pr_err("DFU entities configuration failed!\n");
143 pr_err("(partition table does not match dfu_alt_info?)\n");
144 goto done;
145 }
146
147 done:
148 free(env_bkp);
149 return ret;
150 }
151
152 static unsigned char *dfu_buf;
153 static unsigned long dfu_buf_size;
154 static enum dfu_device_type dfu_buf_device_type;
155
dfu_free_buf(void)156 unsigned char *dfu_free_buf(void)
157 {
158 free(dfu_buf);
159 dfu_buf = NULL;
160 return dfu_buf;
161 }
162
dfu_get_buf_size(void)163 unsigned long dfu_get_buf_size(void)
164 {
165 return dfu_buf_size;
166 }
167
dfu_get_buf(struct dfu_entity * dfu)168 unsigned char *dfu_get_buf(struct dfu_entity *dfu)
169 {
170 char *s;
171
172 /* manage several entity with several contraint */
173 if (dfu_buf && dfu->dev_type != dfu_buf_device_type)
174 dfu_free_buf();
175
176 if (dfu_buf != NULL)
177 return dfu_buf;
178
179 s = env_get("dfu_bufsiz");
180 if (s)
181 dfu_buf_size = (unsigned long)simple_strtol(s, NULL, 0);
182
183 if (!s || !dfu_buf_size)
184 dfu_buf_size = CONFIG_SYS_DFU_DATA_BUF_SIZE;
185
186 if (dfu->max_buf_size && dfu_buf_size > dfu->max_buf_size)
187 dfu_buf_size = dfu->max_buf_size;
188
189 dfu_buf = memalign(CONFIG_SYS_CACHELINE_SIZE, dfu_buf_size);
190 if (dfu_buf == NULL)
191 printf("%s: Could not memalign 0x%lx bytes\n",
192 __func__, dfu_buf_size);
193
194 dfu_buf_device_type = dfu->dev_type;
195 return dfu_buf;
196 }
197
dfu_get_hash_algo(void)198 static char *dfu_get_hash_algo(void)
199 {
200 char *s;
201
202 s = env_get("dfu_hash_algo");
203 if (!s)
204 return NULL;
205
206 if (!strcmp(s, "crc32")) {
207 debug("%s: DFU hash method: %s\n", __func__, s);
208 return s;
209 }
210
211 pr_err("DFU hash method: %s not supported!\n", s);
212 return NULL;
213 }
214
dfu_write_buffer_drain(struct dfu_entity * dfu)215 static int dfu_write_buffer_drain(struct dfu_entity *dfu)
216 {
217 long w_size;
218 int ret;
219
220 /* flush size? */
221 w_size = dfu->i_buf - dfu->i_buf_start;
222 if (w_size == 0)
223 return 0;
224
225 if (dfu_hash_algo)
226 dfu_hash_algo->hash_update(dfu_hash_algo, &dfu->crc,
227 dfu->i_buf_start, w_size, 0);
228
229 ret = dfu->write_medium(dfu, dfu->offset, dfu->i_buf_start, &w_size);
230 if (ret)
231 debug("%s: Write error!\n", __func__);
232
233 /* point back */
234 dfu->i_buf = dfu->i_buf_start;
235
236 /* update offset */
237 dfu->offset += w_size;
238
239 puts("#");
240
241 return ret;
242 }
243
dfu_transaction_cleanup(struct dfu_entity * dfu)244 void dfu_transaction_cleanup(struct dfu_entity *dfu)
245 {
246 /* clear everything */
247 dfu->crc = 0;
248 dfu->offset = 0;
249 dfu->i_blk_seq_num = 0;
250 dfu->i_buf_start = dfu_get_buf(dfu);
251 dfu->i_buf_end = dfu->i_buf_start;
252 dfu->i_buf = dfu->i_buf_start;
253 dfu->r_left = 0;
254 dfu->b_left = 0;
255 dfu->bad_skip = 0;
256
257 dfu->inited = 0;
258 }
259
dfu_transaction_initiate(struct dfu_entity * dfu,bool read)260 int dfu_transaction_initiate(struct dfu_entity *dfu, bool read)
261 {
262 int ret = 0;
263
264 if (dfu->inited)
265 return 0;
266
267 dfu_transaction_cleanup(dfu);
268
269 if (dfu->i_buf_start == NULL)
270 return -ENOMEM;
271
272 dfu->i_buf_end = dfu->i_buf_start + dfu_get_buf_size();
273
274 if (read) {
275 ret = dfu->get_medium_size(dfu, &dfu->r_left);
276 if (ret < 0)
277 return ret;
278 debug("%s: %s %lld [B]\n", __func__, dfu->name, dfu->r_left);
279 }
280
281 dfu->inited = 1;
282 dfu_initiated_callback(dfu);
283
284 return 0;
285 }
286
dfu_flush(struct dfu_entity * dfu,void * buf,int size,int blk_seq_num)287 int dfu_flush(struct dfu_entity *dfu, void *buf, int size, int blk_seq_num)
288 {
289 int ret = 0;
290
291 ret = dfu_write_buffer_drain(dfu);
292 if (ret)
293 return ret;
294
295 if (dfu->flush_medium)
296 ret = dfu->flush_medium(dfu);
297
298 if (dfu_hash_algo)
299 printf("\nDFU complete %s: 0x%08x\n", dfu_hash_algo->name,
300 dfu->crc);
301
302 dfu_flush_callback(dfu);
303
304 dfu_transaction_cleanup(dfu);
305
306 return ret;
307 }
308
dfu_write(struct dfu_entity * dfu,void * buf,int size,int blk_seq_num)309 int dfu_write(struct dfu_entity *dfu, void *buf, int size, int blk_seq_num)
310 {
311 int ret;
312
313 debug("%s: name: %s buf: 0x%p size: 0x%x p_num: 0x%x offset: 0x%llx bufoffset: 0x%lx\n",
314 __func__, dfu->name, buf, size, blk_seq_num, dfu->offset,
315 (unsigned long)(dfu->i_buf - dfu->i_buf_start));
316
317 ret = dfu_transaction_initiate(dfu, false);
318 if (ret < 0)
319 return ret;
320
321 if (dfu->i_blk_seq_num != blk_seq_num) {
322 printf("%s: Wrong sequence number! [%d] [%d]\n",
323 __func__, dfu->i_blk_seq_num, blk_seq_num);
324 dfu_transaction_cleanup(dfu);
325 return -1;
326 }
327
328 /* DFU 1.1 standard says:
329 * The wBlockNum field is a block sequence number. It increments each
330 * time a block is transferred, wrapping to zero from 65,535. It is used
331 * to provide useful context to the DFU loader in the device."
332 *
333 * This means that it's a 16 bit counter that roll-overs at
334 * 0xffff -> 0x0000. By having a typical 4K transfer block
335 * we roll-over at exactly 256MB. Not very fun to debug.
336 *
337 * Handling rollover, and having an inited variable,
338 * makes things work.
339 */
340
341 /* handle rollover */
342 dfu->i_blk_seq_num = (dfu->i_blk_seq_num + 1) & 0xffff;
343
344 /* flush buffer if overflow */
345 if ((dfu->i_buf + size) > dfu->i_buf_end) {
346 ret = dfu_write_buffer_drain(dfu);
347 if (ret) {
348 dfu_transaction_cleanup(dfu);
349 return ret;
350 }
351 }
352
353 /* we should be in buffer now (if not then size too large) */
354 if ((dfu->i_buf + size) > dfu->i_buf_end) {
355 pr_err("Buffer overflow! (0x%p + 0x%x > 0x%p)\n", dfu->i_buf,
356 size, dfu->i_buf_end);
357 dfu_transaction_cleanup(dfu);
358 return -1;
359 }
360
361 memcpy(dfu->i_buf, buf, size);
362 dfu->i_buf += size;
363
364 /* if end or if buffer full flush */
365 if (size == 0 || (dfu->i_buf + size) > dfu->i_buf_end) {
366 ret = dfu_write_buffer_drain(dfu);
367 if (ret) {
368 dfu_transaction_cleanup(dfu);
369 return ret;
370 }
371 }
372
373 return 0;
374 }
375
dfu_read_buffer_fill(struct dfu_entity * dfu,void * buf,int size)376 static int dfu_read_buffer_fill(struct dfu_entity *dfu, void *buf, int size)
377 {
378 long chunk;
379 int ret, readn;
380
381 readn = 0;
382 while (size > 0) {
383 /* get chunk that can be read */
384 chunk = min((long)size, dfu->b_left);
385 /* consume */
386 if (chunk > 0) {
387 memcpy(buf, dfu->i_buf, chunk);
388 if (dfu_hash_algo)
389 dfu_hash_algo->hash_update(dfu_hash_algo,
390 &dfu->crc, buf,
391 chunk, 0);
392
393 dfu->i_buf += chunk;
394 dfu->b_left -= chunk;
395 size -= chunk;
396 buf += chunk;
397 readn += chunk;
398 }
399
400 /* all done */
401 if (size > 0) {
402 /* no more to read */
403 if (dfu->r_left == 0)
404 break;
405
406 dfu->i_buf = dfu->i_buf_start;
407 dfu->b_left = dfu->i_buf_end - dfu->i_buf_start;
408
409 /* got to read, but buffer is empty */
410 if (dfu->b_left > dfu->r_left)
411 dfu->b_left = dfu->r_left;
412 ret = dfu->read_medium(dfu, dfu->offset, dfu->i_buf,
413 &dfu->b_left);
414 if (ret != 0) {
415 debug("%s: Read error!\n", __func__);
416 return ret;
417 }
418 if (dfu->b_left == 0)
419 break;
420 dfu->offset += dfu->b_left;
421 dfu->r_left -= dfu->b_left;
422
423 puts("#");
424 }
425 }
426
427 return readn;
428 }
429
dfu_read(struct dfu_entity * dfu,void * buf,int size,int blk_seq_num)430 int dfu_read(struct dfu_entity *dfu, void *buf, int size, int blk_seq_num)
431 {
432 int ret = 0;
433
434 debug("%s: name: %s buf: 0x%p size: 0x%x p_num: 0x%x i_buf: 0x%p\n",
435 __func__, dfu->name, buf, size, blk_seq_num, dfu->i_buf);
436
437 ret = dfu_transaction_initiate(dfu, true);
438 if (ret < 0)
439 return ret;
440
441 if (dfu->i_blk_seq_num != blk_seq_num) {
442 printf("%s: Wrong sequence number! [%d] [%d]\n",
443 __func__, dfu->i_blk_seq_num, blk_seq_num);
444 return -1;
445 }
446 /* handle rollover */
447 dfu->i_blk_seq_num = (dfu->i_blk_seq_num + 1) & 0xffff;
448
449 ret = dfu_read_buffer_fill(dfu, buf, size);
450 if (ret < 0) {
451 printf("%s: Failed to fill buffer\n", __func__);
452 return -1;
453 }
454
455 if (ret < size) {
456 if (dfu_hash_algo)
457 debug("%s: %s %s: 0x%x\n", __func__, dfu->name,
458 dfu_hash_algo->name, dfu->crc);
459 puts("\nUPLOAD ... done\nCtrl+C to exit ...\n");
460
461 dfu_transaction_cleanup(dfu);
462 }
463
464 return ret;
465 }
466
dfu_fill_entity(struct dfu_entity * dfu,char * s,int alt,char * interface,char * devstr)467 static int dfu_fill_entity(struct dfu_entity *dfu, char *s, int alt,
468 char *interface, char *devstr)
469 {
470 char *st;
471
472 debug("%s: %s interface: %s dev: %s\n", __func__, s, interface, devstr);
473 st = strsep(&s, " ");
474 strcpy(dfu->name, st);
475
476 dfu->alt = alt;
477 dfu->max_buf_size = 0;
478 dfu->free_entity = NULL;
479
480 /* Specific for mmc device */
481 if (strcmp(interface, "mmc") == 0) {
482 if (dfu_fill_entity_mmc(dfu, devstr, s))
483 return -1;
484 } else if (strcmp(interface, "mtd") == 0) {
485 if (dfu_fill_entity_mtd(dfu, devstr, s))
486 return -1;
487 } else if (strcmp(interface, "nand") == 0) {
488 if (dfu_fill_entity_nand(dfu, devstr, s))
489 return -1;
490 } else if (strcmp(interface, "ram") == 0) {
491 if (dfu_fill_entity_ram(dfu, devstr, s))
492 return -1;
493 } else if (strcmp(interface, "sf") == 0) {
494 if (dfu_fill_entity_sf(dfu, devstr, s))
495 return -1;
496 } else if (strcmp(interface, "virt") == 0) {
497 if (dfu_fill_entity_virt(dfu, devstr, s))
498 return -1;
499 } else {
500 printf("%s: Device %s not (yet) supported!\n",
501 __func__, interface);
502 return -1;
503 }
504 dfu_get_buf(dfu);
505
506 return 0;
507 }
508
dfu_free_entities(void)509 void dfu_free_entities(void)
510 {
511 struct dfu_entity *dfu, *p, *t = NULL;
512
513 dfu_free_buf();
514 list_for_each_entry_safe_reverse(dfu, p, &dfu_list, list) {
515 list_del(&dfu->list);
516 if (dfu->free_entity)
517 dfu->free_entity(dfu);
518 t = dfu;
519 }
520 if (t)
521 free(t);
522 INIT_LIST_HEAD(&dfu_list);
523
524 alt_num_cnt = 0;
525 }
526
dfu_alt_init(int num,struct dfu_entity ** dfu)527 int dfu_alt_init(int num, struct dfu_entity **dfu)
528 {
529 char *s;
530 int ret;
531
532 dfu_alt_num = num;
533 debug("%s: dfu_alt_num=%d\n", __func__, dfu_alt_num);
534
535 dfu_hash_algo = NULL;
536 s = dfu_get_hash_algo();
537 if (s) {
538 ret = hash_lookup_algo(s, &dfu_hash_algo);
539 if (ret)
540 pr_err("Hash algorithm %s not supported\n", s);
541 }
542
543 *dfu = calloc(sizeof(struct dfu_entity), dfu_alt_num);
544 if (!*dfu)
545 return -1;
546
547 return 0;
548 }
549
dfu_alt_add(struct dfu_entity * dfu,char * interface,char * devstr,char * s)550 int dfu_alt_add(struct dfu_entity *dfu, char *interface, char *devstr, char *s)
551 {
552 struct dfu_entity *p_dfu;
553 int ret;
554
555 if (alt_num_cnt >= dfu_alt_num)
556 return -1;
557
558 p_dfu = &dfu[alt_num_cnt];
559 ret = dfu_fill_entity(p_dfu, s, alt_num_cnt, interface, devstr);
560 if (ret)
561 return -1;
562
563 list_add_tail(&p_dfu->list, &dfu_list);
564 alt_num_cnt++;
565
566 return 0;
567 }
568
dfu_config_entities(char * env,char * interface,char * devstr)569 int dfu_config_entities(char *env, char *interface, char *devstr)
570 {
571 struct dfu_entity *dfu;
572 int i, ret;
573 char *s;
574
575 ret = dfu_alt_init(dfu_find_alt_num(env), &dfu);
576 if (ret)
577 return -1;
578
579 for (i = 0; i < dfu_alt_num; i++) {
580 s = strsep(&env, ";");
581 ret = dfu_alt_add(dfu, interface, devstr, s);
582 if (ret) {
583 /* We will free "dfu" in dfu_free_entities() */
584 return -1;
585 }
586 }
587
588 return 0;
589 }
590
dfu_get_dev_type(enum dfu_device_type t)591 const char *dfu_get_dev_type(enum dfu_device_type t)
592 {
593 const char *const dev_t[] = {NULL, "eMMC", "OneNAND", "NAND", "RAM",
594 "SF", "MTD", "VIRT"};
595 return dev_t[t];
596 }
597
dfu_get_layout(enum dfu_layout l)598 const char *dfu_get_layout(enum dfu_layout l)
599 {
600 const char *const dfu_layout[] = {NULL, "RAW_ADDR", "FAT", "EXT2",
601 "EXT3", "EXT4", "RAM_ADDR" };
602 return dfu_layout[l];
603 }
604
dfu_show_entities(void)605 void dfu_show_entities(void)
606 {
607 struct dfu_entity *dfu;
608
609 puts("DFU alt settings list:\n");
610
611 list_for_each_entry(dfu, &dfu_list, list) {
612 printf("dev: %s alt: %d name: %s layout: %s\n",
613 dfu_get_dev_type(dfu->dev_type), dfu->alt,
614 dfu->name, dfu_get_layout(dfu->layout));
615 }
616 }
617
dfu_get_alt_number(void)618 int dfu_get_alt_number(void)
619 {
620 return dfu_alt_num;
621 }
622
dfu_get_entity(int alt)623 struct dfu_entity *dfu_get_entity(int alt)
624 {
625 struct dfu_entity *dfu;
626
627 list_for_each_entry(dfu, &dfu_list, list) {
628 if (dfu->alt == alt)
629 return dfu;
630 }
631
632 return NULL;
633 }
634
dfu_get_alt(char * name)635 int dfu_get_alt(char *name)
636 {
637 struct dfu_entity *dfu;
638 char *str;
639
640 list_for_each_entry(dfu, &dfu_list, list) {
641 if (dfu->name[0] != '/') {
642 if (!strncmp(dfu->name, name, strlen(dfu->name)))
643 return dfu->alt;
644 } else {
645 /*
646 * One must also consider absolute path
647 * (/boot/bin/uImage) available at dfu->name when
648 * compared "plain" file name (uImage)
649 *
650 * It is the case for e.g. thor gadget where lthor SW
651 * sends only the file name, so only the very last part
652 * of path must be checked for equality
653 */
654
655 str = strstr(dfu->name, name);
656 if (!str)
657 continue;
658
659 /*
660 * Check if matching substring is the last element of
661 * dfu->name (uImage)
662 */
663 if (strlen(dfu->name) ==
664 ((str - dfu->name) + strlen(name)))
665 return dfu->alt;
666 }
667 }
668
669 return -ENODEV;
670 }
671
dfu_write_from_mem_addr(struct dfu_entity * dfu,void * buf,int size)672 int dfu_write_from_mem_addr(struct dfu_entity *dfu, void *buf, int size)
673 {
674 unsigned long dfu_buf_size, write, left = size;
675 int i, ret = 0;
676 void *dp = buf;
677
678 /*
679 * Here we must call dfu_get_buf(dfu) first to be sure that dfu_buf_size
680 * has been properly initialized - e.g. if "dfu_bufsiz" has been taken
681 * into account.
682 */
683 dfu_get_buf(dfu);
684 dfu_buf_size = dfu_get_buf_size();
685 debug("%s: dfu buf size: %lu\n", __func__, dfu_buf_size);
686
687 for (i = 0; left > 0; i++) {
688 write = min(dfu_buf_size, left);
689
690 debug("%s: dp: 0x%p left: %lu write: %lu\n", __func__,
691 dp, left, write);
692 ret = dfu_write(dfu, dp, write, i);
693 if (ret) {
694 pr_err("DFU write failed\n");
695 return ret;
696 }
697
698 dp += write;
699 left -= write;
700 }
701
702 ret = dfu_flush(dfu, NULL, 0, i);
703 if (ret)
704 pr_err("DFU flush failed!");
705
706 return ret;
707 }
708