• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * Copyright 2014 Broadcom Corporation.
4  */
5 
6 #include <config.h>
7 #include <common.h>
8 #include <blk.h>
9 #include <env.h>
10 #include <fastboot.h>
11 #include <fastboot-internal.h>
12 #include <fb_mmc.h>
13 #include <image-sparse.h>
14 #include <part.h>
15 #include <mmc.h>
16 #include <div64.h>
17 #include <linux/compat.h>
18 #include <android_image.h>
19 
20 #define FASTBOOT_MAX_BLK_WRITE 16384
21 
22 #define BOOT_PARTITION_NAME "boot"
23 
24 struct fb_mmc_sparse {
25 	struct blk_desc	*dev_desc;
26 };
27 
part_get_info_by_name_or_alias(struct blk_desc * dev_desc,const char * name,disk_partition_t * info)28 static int part_get_info_by_name_or_alias(struct blk_desc *dev_desc,
29 		const char *name, disk_partition_t *info)
30 {
31 	int ret;
32 
33 	ret = part_get_info_by_name(dev_desc, name, info);
34 	if (ret < 0) {
35 		/* strlen("fastboot_partition_alias_") + PART_NAME_LEN + 1 */
36 		char env_alias_name[25 + PART_NAME_LEN + 1];
37 		char *aliased_part_name;
38 
39 		/* check for alias */
40 		strcpy(env_alias_name, "fastboot_partition_alias_");
41 		strncat(env_alias_name, name, PART_NAME_LEN);
42 		aliased_part_name = env_get(env_alias_name);
43 		if (aliased_part_name != NULL)
44 			ret = part_get_info_by_name(dev_desc,
45 					aliased_part_name, info);
46 	}
47 	return ret;
48 }
49 
50 /**
51  * fb_mmc_blk_write() - Write/erase MMC in chunks of FASTBOOT_MAX_BLK_WRITE
52  *
53  * @block_dev: Pointer to block device
54  * @start: First block to write/erase
55  * @blkcnt: Count of blocks
56  * @buffer: Pointer to data buffer for write or NULL for erase
57  */
fb_mmc_blk_write(struct blk_desc * block_dev,lbaint_t start,lbaint_t blkcnt,const void * buffer)58 static lbaint_t fb_mmc_blk_write(struct blk_desc *block_dev, lbaint_t start,
59 				 lbaint_t blkcnt, const void *buffer)
60 {
61 	lbaint_t blk = start;
62 	lbaint_t blks_written;
63 	lbaint_t cur_blkcnt;
64 	lbaint_t blks = 0;
65 	int i;
66 
67 	for (i = 0; i < blkcnt; i += FASTBOOT_MAX_BLK_WRITE) {
68 		cur_blkcnt = min((int)blkcnt - i, FASTBOOT_MAX_BLK_WRITE);
69 		if (buffer) {
70 			if (fastboot_progress_callback)
71 				fastboot_progress_callback("writing");
72 			blks_written = blk_dwrite(block_dev, blk, cur_blkcnt,
73 						  buffer + (i * block_dev->blksz));
74 		} else {
75 			if (fastboot_progress_callback)
76 				fastboot_progress_callback("erasing");
77 			blks_written = blk_derase(block_dev, blk, cur_blkcnt);
78 		}
79 		blk += blks_written;
80 		blks += blks_written;
81 	}
82 	return blks;
83 }
84 
fb_mmc_sparse_write(struct sparse_storage * info,lbaint_t blk,lbaint_t blkcnt,const void * buffer)85 static lbaint_t fb_mmc_sparse_write(struct sparse_storage *info,
86 		lbaint_t blk, lbaint_t blkcnt, const void *buffer)
87 {
88 	struct fb_mmc_sparse *sparse = info->priv;
89 	struct blk_desc *dev_desc = sparse->dev_desc;
90 
91 	return fb_mmc_blk_write(dev_desc, blk, blkcnt, buffer);
92 }
93 
fb_mmc_sparse_reserve(struct sparse_storage * info,lbaint_t blk,lbaint_t blkcnt)94 static lbaint_t fb_mmc_sparse_reserve(struct sparse_storage *info,
95 		lbaint_t blk, lbaint_t blkcnt)
96 {
97 	return blkcnt;
98 }
99 
write_raw_image(struct blk_desc * dev_desc,disk_partition_t * info,const char * part_name,void * buffer,u32 download_bytes,char * response)100 static void write_raw_image(struct blk_desc *dev_desc, disk_partition_t *info,
101 		const char *part_name, void *buffer,
102 		u32 download_bytes, char *response)
103 {
104 	lbaint_t blkcnt;
105 	lbaint_t blks;
106 
107 	/* determine number of blocks to write */
108 	blkcnt = ((download_bytes + (info->blksz - 1)) & ~(info->blksz - 1));
109 	blkcnt = lldiv(blkcnt, info->blksz);
110 
111 	if (blkcnt > info->size) {
112 		pr_err("too large for partition: '%s'\n", part_name);
113 		fastboot_fail("too large for partition", response);
114 		return;
115 	}
116 
117 	puts("Flashing Raw Image\n");
118 
119 	blks = fb_mmc_blk_write(dev_desc, info->start, blkcnt, buffer);
120 
121 	if (blks != blkcnt) {
122 		pr_err("failed writing to device %d\n", dev_desc->devnum);
123 		fastboot_fail("failed writing to device", response);
124 		return;
125 	}
126 
127 	printf("........ wrote " LBAFU " bytes to '%s'\n", blkcnt * info->blksz,
128 	       part_name);
129 	fastboot_okay(NULL, response);
130 }
131 
132 #ifdef CONFIG_ANDROID_BOOT_IMAGE
133 /**
134  * Read Android boot image header from boot partition.
135  *
136  * @param[in] dev_desc MMC device descriptor
137  * @param[in] info Boot partition info
138  * @param[out] hdr Where to store read boot image header
139  *
140  * @return Boot image header sectors count or 0 on error
141  */
fb_mmc_get_boot_header(struct blk_desc * dev_desc,disk_partition_t * info,struct andr_img_hdr * hdr,char * response)142 static lbaint_t fb_mmc_get_boot_header(struct blk_desc *dev_desc,
143 				       disk_partition_t *info,
144 				       struct andr_img_hdr *hdr,
145 				       char *response)
146 {
147 	ulong sector_size;		/* boot partition sector size */
148 	lbaint_t hdr_sectors;		/* boot image header sectors count */
149 	int res;
150 
151 	/* Calculate boot image sectors count */
152 	sector_size = info->blksz;
153 	hdr_sectors = DIV_ROUND_UP(sizeof(struct andr_img_hdr), sector_size);
154 	if (hdr_sectors == 0) {
155 		pr_err("invalid number of boot sectors: 0\n");
156 		fastboot_fail("invalid number of boot sectors: 0", response);
157 		return 0;
158 	}
159 
160 	/* Read the boot image header */
161 	res = blk_dread(dev_desc, info->start, hdr_sectors, (void *)hdr);
162 	if (res != hdr_sectors) {
163 		pr_err("cannot read header from boot partition\n");
164 		fastboot_fail("cannot read header from boot partition",
165 			      response);
166 		return 0;
167 	}
168 
169 	/* Check boot header magic string */
170 	res = android_image_check_header(hdr);
171 	if (res != 0) {
172 		pr_err("bad boot image magic\n");
173 		fastboot_fail("boot partition not initialized", response);
174 		return 0;
175 	}
176 
177 	return hdr_sectors;
178 }
179 
180 /**
181  * Write downloaded zImage to boot partition and repack it properly.
182  *
183  * @param dev_desc MMC device descriptor
184  * @param download_buffer Address to fastboot buffer with zImage in it
185  * @param download_bytes Size of fastboot buffer, in bytes
186  *
187  * @return 0 on success or -1 on error
188  */
fb_mmc_update_zimage(struct blk_desc * dev_desc,void * download_buffer,u32 download_bytes,char * response)189 static int fb_mmc_update_zimage(struct blk_desc *dev_desc,
190 				void *download_buffer,
191 				u32 download_bytes,
192 				char *response)
193 {
194 	uintptr_t hdr_addr;			/* boot image header address */
195 	struct andr_img_hdr *hdr;		/* boot image header */
196 	lbaint_t hdr_sectors;			/* boot image header sectors */
197 	u8 *ramdisk_buffer;
198 	u32 ramdisk_sector_start;
199 	u32 ramdisk_sectors;
200 	u32 kernel_sector_start;
201 	u32 kernel_sectors;
202 	u32 sectors_per_page;
203 	disk_partition_t info;
204 	int res;
205 
206 	puts("Flashing zImage\n");
207 
208 	/* Get boot partition info */
209 	res = part_get_info_by_name(dev_desc, BOOT_PARTITION_NAME, &info);
210 	if (res < 0) {
211 		pr_err("cannot find boot partition\n");
212 		fastboot_fail("cannot find boot partition", response);
213 		return -1;
214 	}
215 
216 	/* Put boot image header in fastboot buffer after downloaded zImage */
217 	hdr_addr = (uintptr_t)download_buffer + ALIGN(download_bytes, PAGE_SIZE);
218 	hdr = (struct andr_img_hdr *)hdr_addr;
219 
220 	/* Read boot image header */
221 	hdr_sectors = fb_mmc_get_boot_header(dev_desc, &info, hdr, response);
222 	if (hdr_sectors == 0) {
223 		pr_err("unable to read boot image header\n");
224 		fastboot_fail("unable to read boot image header", response);
225 		return -1;
226 	}
227 
228 	/* Check if boot image has second stage in it (we don't support it) */
229 	if (hdr->second_size > 0) {
230 		pr_err("moving second stage is not supported yet\n");
231 		fastboot_fail("moving second stage is not supported yet",
232 			      response);
233 		return -1;
234 	}
235 
236 	/* Extract ramdisk location */
237 	sectors_per_page = hdr->page_size / info.blksz;
238 	ramdisk_sector_start = info.start + sectors_per_page;
239 	ramdisk_sector_start += DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) *
240 					     sectors_per_page;
241 	ramdisk_sectors = DIV_ROUND_UP(hdr->ramdisk_size, hdr->page_size) *
242 				       sectors_per_page;
243 
244 	/* Read ramdisk and put it in fastboot buffer after boot image header */
245 	ramdisk_buffer = (u8 *)hdr + (hdr_sectors * info.blksz);
246 	res = blk_dread(dev_desc, ramdisk_sector_start, ramdisk_sectors,
247 			ramdisk_buffer);
248 	if (res != ramdisk_sectors) {
249 		pr_err("cannot read ramdisk from boot partition\n");
250 		fastboot_fail("cannot read ramdisk from boot partition",
251 			      response);
252 		return -1;
253 	}
254 
255 	/* Write new kernel size to boot image header */
256 	hdr->kernel_size = download_bytes;
257 	res = blk_dwrite(dev_desc, info.start, hdr_sectors, (void *)hdr);
258 	if (res == 0) {
259 		pr_err("cannot writeback boot image header\n");
260 		fastboot_fail("cannot write back boot image header", response);
261 		return -1;
262 	}
263 
264 	/* Write the new downloaded kernel */
265 	kernel_sector_start = info.start + sectors_per_page;
266 	kernel_sectors = DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) *
267 				      sectors_per_page;
268 	res = blk_dwrite(dev_desc, kernel_sector_start, kernel_sectors,
269 			 download_buffer);
270 	if (res == 0) {
271 		pr_err("cannot write new kernel\n");
272 		fastboot_fail("cannot write new kernel", response);
273 		return -1;
274 	}
275 
276 	/* Write the saved ramdisk back */
277 	ramdisk_sector_start = info.start + sectors_per_page;
278 	ramdisk_sector_start += DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) *
279 					     sectors_per_page;
280 	res = blk_dwrite(dev_desc, ramdisk_sector_start, ramdisk_sectors,
281 			 ramdisk_buffer);
282 	if (res == 0) {
283 		pr_err("cannot write back original ramdisk\n");
284 		fastboot_fail("cannot write back original ramdisk", response);
285 		return -1;
286 	}
287 
288 	puts("........ zImage was updated in boot partition\n");
289 	fastboot_okay(NULL, response);
290 	return 0;
291 }
292 #endif
293 
294 /**
295  * fastboot_mmc_get_part_info() - Lookup eMMC partion by name
296  *
297  * @part_name: Named partition to lookup
298  * @dev_desc: Pointer to returned blk_desc pointer
299  * @part_info: Pointer to returned disk_partition_t
300  * @response: Pointer to fastboot response buffer
301  */
fastboot_mmc_get_part_info(const char * part_name,struct blk_desc ** dev_desc,disk_partition_t * part_info,char * response)302 int fastboot_mmc_get_part_info(const char *part_name,
303 			       struct blk_desc **dev_desc,
304 			       disk_partition_t *part_info, char *response)
305 {
306 	int r;
307 
308 	*dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
309 	if (!*dev_desc) {
310 		fastboot_fail("block device not found", response);
311 		return -ENOENT;
312 	}
313 	if (!part_name || !strcmp(part_name, "")) {
314 		fastboot_fail("partition not given", response);
315 		return -ENOENT;
316 	}
317 
318 	r = part_get_info_by_name_or_alias(*dev_desc, part_name, part_info);
319 	if (r < 0) {
320 		fastboot_fail("partition not found", response);
321 		return r;
322 	}
323 
324 	return r;
325 }
326 
327 /**
328  * fastboot_mmc_flash_write() - Write image to eMMC for fastboot
329  *
330  * @cmd: Named partition to write image to
331  * @download_buffer: Pointer to image data
332  * @download_bytes: Size of image data
333  * @response: Pointer to fastboot response buffer
334  */
fastboot_mmc_flash_write(const char * cmd,void * download_buffer,u32 download_bytes,char * response)335 void fastboot_mmc_flash_write(const char *cmd, void *download_buffer,
336 			      u32 download_bytes, char *response)
337 {
338 	struct blk_desc *dev_desc;
339 	disk_partition_t info;
340 
341 	dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
342 	if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) {
343 		pr_err("invalid mmc device\n");
344 		fastboot_fail("invalid mmc device", response);
345 		return;
346 	}
347 
348 #if CONFIG_IS_ENABLED(EFI_PARTITION)
349 	if (strcmp(cmd, CONFIG_FASTBOOT_GPT_NAME) == 0) {
350 		printf("%s: updating MBR, Primary and Backup GPT(s)\n",
351 		       __func__);
352 		if (is_valid_gpt_buf(dev_desc, download_buffer)) {
353 			printf("%s: invalid GPT - refusing to write to flash\n",
354 			       __func__);
355 			fastboot_fail("invalid GPT partition", response);
356 			return;
357 		}
358 		if (write_mbr_and_gpt_partitions(dev_desc, download_buffer)) {
359 			printf("%s: writing GPT partitions failed\n", __func__);
360 			fastboot_fail("writing GPT partitions failed",
361 				      response);
362 			return;
363 		}
364 		printf("........ success\n");
365 		fastboot_okay(NULL, response);
366 		return;
367 	}
368 #endif
369 
370 #if CONFIG_IS_ENABLED(DOS_PARTITION)
371 	if (strcmp(cmd, CONFIG_FASTBOOT_MBR_NAME) == 0) {
372 		printf("%s: updating MBR\n", __func__);
373 		if (is_valid_dos_buf(download_buffer)) {
374 			printf("%s: invalid MBR - refusing to write to flash\n",
375 			       __func__);
376 			fastboot_fail("invalid MBR partition", response);
377 			return;
378 		}
379 		if (write_mbr_partition(dev_desc, download_buffer)) {
380 			printf("%s: writing MBR partition failed\n", __func__);
381 			fastboot_fail("writing MBR partition failed",
382 				      response);
383 			return;
384 		}
385 		printf("........ success\n");
386 		fastboot_okay(NULL, response);
387 		return;
388 	}
389 #endif
390 
391 #ifdef CONFIG_ANDROID_BOOT_IMAGE
392 	if (strncasecmp(cmd, "zimage", 6) == 0) {
393 		fb_mmc_update_zimage(dev_desc, download_buffer,
394 				     download_bytes, response);
395 		return;
396 	}
397 #endif
398 
399 	if (part_get_info_by_name_or_alias(dev_desc, cmd, &info) < 0) {
400 		pr_err("cannot find partition: '%s'\n", cmd);
401 		fastboot_fail("cannot find partition", response);
402 		return;
403 	}
404 
405 	if (is_sparse_image(download_buffer)) {
406 		struct fb_mmc_sparse sparse_priv;
407 		struct sparse_storage sparse;
408 		int err;
409 
410 		sparse_priv.dev_desc = dev_desc;
411 
412 		sparse.blksz = info.blksz;
413 		sparse.start = info.start;
414 		sparse.size = info.size;
415 		sparse.write = fb_mmc_sparse_write;
416 		sparse.reserve = fb_mmc_sparse_reserve;
417 		sparse.mssg = fastboot_fail;
418 
419 		printf("Flashing sparse image at offset " LBAFU "\n",
420 		       sparse.start);
421 
422 		sparse.priv = &sparse_priv;
423 		err = write_sparse_image(&sparse, cmd, download_buffer,
424 					 response);
425 		if (!err)
426 			fastboot_okay(NULL, response);
427 	} else {
428 		write_raw_image(dev_desc, &info, cmd, download_buffer,
429 				download_bytes, response);
430 	}
431 }
432 
433 /**
434  * fastboot_mmc_flash_erase() - Erase eMMC for fastboot
435  *
436  * @cmd: Named partition to erase
437  * @response: Pointer to fastboot response buffer
438  */
fastboot_mmc_erase(const char * cmd,char * response)439 void fastboot_mmc_erase(const char *cmd, char *response)
440 {
441 	int ret;
442 	struct blk_desc *dev_desc;
443 	disk_partition_t info;
444 	lbaint_t blks, blks_start, blks_size, grp_size;
445 	struct mmc *mmc = find_mmc_device(CONFIG_FASTBOOT_FLASH_MMC_DEV);
446 
447 	if (mmc == NULL) {
448 		pr_err("invalid mmc device\n");
449 		fastboot_fail("invalid mmc device", response);
450 		return;
451 	}
452 
453 	dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
454 	if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) {
455 		pr_err("invalid mmc device\n");
456 		fastboot_fail("invalid mmc device", response);
457 		return;
458 	}
459 
460 	ret = part_get_info_by_name_or_alias(dev_desc, cmd, &info);
461 	if (ret < 0) {
462 		pr_err("cannot find partition: '%s'\n", cmd);
463 		fastboot_fail("cannot find partition", response);
464 		return;
465 	}
466 
467 	/* Align blocks to erase group size to avoid erasing other partitions */
468 	grp_size = mmc->erase_grp_size;
469 	blks_start = (info.start + grp_size - 1) & ~(grp_size - 1);
470 	if (info.size >= grp_size)
471 		blks_size = (info.size - (blks_start - info.start)) &
472 				(~(grp_size - 1));
473 	else
474 		blks_size = 0;
475 
476 	printf("Erasing blocks " LBAFU " to " LBAFU " due to alignment\n",
477 	       blks_start, blks_start + blks_size);
478 
479 	blks = fb_mmc_blk_write(dev_desc, blks_start, blks_size, NULL);
480 
481 	if (blks != blks_size) {
482 		pr_err("failed erasing from device %d\n", dev_desc->devnum);
483 		fastboot_fail("failed erasing from device", response);
484 		return;
485 	}
486 
487 	printf("........ erased " LBAFU " bytes from '%s'\n",
488 	       blks_size * info.blksz, cmd);
489 	fastboot_okay(NULL, response);
490 }
491