1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * dfu.c -- DFU back-end routines
4 *
5 * Copyright (C) 2012 Samsung Electronics
6 * author: Lukasz Majewski <l.majewski@samsung.com>
7 */
8
9 #include <common.h>
10 #include <errno.h>
11 #include <malloc.h>
12 #include <mmc.h>
13 #include <fat.h>
14 #include <dfu.h>
15 #include <hash.h>
16 #include <linux/list.h>
17 #include <linux/compiler.h>
18
19 static LIST_HEAD(dfu_list);
20 static int dfu_alt_num;
21 static int alt_num_cnt;
22 static struct hash_algo *dfu_hash_algo;
23
24 /*
25 * The purpose of the dfu_usb_get_reset() function is to
26 * provide information if after USB_DETACH request
27 * being sent the dfu-util performed reset of USB
28 * bus.
29 *
30 * Described behaviour is the only way to distinct if
31 * user has typed -e (detach) or -R (reset) when invoking
32 * dfu-util command.
33 *
34 */
dfu_usb_get_reset(void)35 __weak bool dfu_usb_get_reset(void)
36 {
37 #ifdef CONFIG_SPL_DFU_NO_RESET
38 return false;
39 #else
40 return true;
41 #endif
42 }
43
dfu_find_alt_num(const char * s)44 static int dfu_find_alt_num(const char *s)
45 {
46 int i = 0;
47
48 for (; *s; s++)
49 if (*s == ';')
50 i++;
51
52 return ++i;
53 }
54
dfu_init_env_entities(char * interface,char * devstr)55 int dfu_init_env_entities(char *interface, char *devstr)
56 {
57 const char *str_env;
58 char *env_bkp;
59 int ret = 0;
60
61 #ifdef CONFIG_SET_DFU_ALT_INFO
62 set_dfu_alt_info(interface, devstr);
63 #endif
64 str_env = env_get("dfu_alt_info");
65 if (!str_env) {
66 pr_err("\"dfu_alt_info\" env variable not defined!\n");
67 return -EINVAL;
68 }
69
70 env_bkp = strdup(str_env);
71 ret = dfu_config_entities(env_bkp, interface, devstr);
72 if (ret) {
73 pr_err("DFU entities configuration failed!\n");
74 pr_err("(partition table does not match dfu_alt_info?)\n");
75 goto done;
76 }
77
78 done:
79 free(env_bkp);
80 return ret;
81 }
82
83 static unsigned char *dfu_buf;
84 static unsigned long dfu_buf_size;
85
dfu_free_buf(void)86 unsigned char *dfu_free_buf(void)
87 {
88 free(dfu_buf);
89 dfu_buf = NULL;
90 return dfu_buf;
91 }
92
dfu_get_buf_size(void)93 unsigned long dfu_get_buf_size(void)
94 {
95 return dfu_buf_size;
96 }
97
dfu_get_buf(struct dfu_entity * dfu)98 unsigned char *dfu_get_buf(struct dfu_entity *dfu)
99 {
100 char *s;
101
102 if (dfu_buf != NULL)
103 return dfu_buf;
104
105 s = env_get("dfu_bufsiz");
106 if (s)
107 dfu_buf_size = (unsigned long)simple_strtol(s, NULL, 0);
108
109 if (!s || !dfu_buf_size)
110 dfu_buf_size = CONFIG_SYS_DFU_DATA_BUF_SIZE;
111
112 if (dfu->max_buf_size && dfu_buf_size > dfu->max_buf_size)
113 dfu_buf_size = dfu->max_buf_size;
114
115 dfu_buf = memalign(CONFIG_SYS_CACHELINE_SIZE, dfu_buf_size);
116 if (dfu_buf == NULL)
117 printf("%s: Could not memalign 0x%lx bytes\n",
118 __func__, dfu_buf_size);
119
120 return dfu_buf;
121 }
122
dfu_get_hash_algo(void)123 static char *dfu_get_hash_algo(void)
124 {
125 char *s;
126
127 s = env_get("dfu_hash_algo");
128 if (!s)
129 return NULL;
130
131 if (!strcmp(s, "crc32")) {
132 debug("%s: DFU hash method: %s\n", __func__, s);
133 return s;
134 }
135
136 pr_err("DFU hash method: %s not supported!\n", s);
137 return NULL;
138 }
139
dfu_write_buffer_drain(struct dfu_entity * dfu)140 static int dfu_write_buffer_drain(struct dfu_entity *dfu)
141 {
142 long w_size;
143 int ret;
144
145 /* flush size? */
146 w_size = dfu->i_buf - dfu->i_buf_start;
147 if (w_size == 0)
148 return 0;
149
150 if (dfu_hash_algo)
151 dfu_hash_algo->hash_update(dfu_hash_algo, &dfu->crc,
152 dfu->i_buf_start, w_size, 0);
153
154 ret = dfu->write_medium(dfu, dfu->offset, dfu->i_buf_start, &w_size);
155 if (ret)
156 debug("%s: Write error!\n", __func__);
157
158 /* point back */
159 dfu->i_buf = dfu->i_buf_start;
160
161 /* update offset */
162 dfu->offset += w_size;
163
164 puts("#");
165
166 return ret;
167 }
168
dfu_transaction_cleanup(struct dfu_entity * dfu)169 void dfu_transaction_cleanup(struct dfu_entity *dfu)
170 {
171 /* clear everything */
172 dfu->crc = 0;
173 dfu->offset = 0;
174 dfu->i_blk_seq_num = 0;
175 dfu->i_buf_start = dfu_get_buf(dfu);
176 dfu->i_buf_end = dfu->i_buf_start;
177 dfu->i_buf = dfu->i_buf_start;
178 dfu->r_left = 0;
179 dfu->b_left = 0;
180 dfu->bad_skip = 0;
181
182 dfu->inited = 0;
183 }
184
dfu_transaction_initiate(struct dfu_entity * dfu,bool read)185 int dfu_transaction_initiate(struct dfu_entity *dfu, bool read)
186 {
187 int ret = 0;
188
189 if (dfu->inited)
190 return 0;
191
192 dfu_transaction_cleanup(dfu);
193
194 if (dfu->i_buf_start == NULL)
195 return -ENOMEM;
196
197 dfu->i_buf_end = dfu->i_buf_start + dfu_get_buf_size();
198
199 if (read) {
200 ret = dfu->get_medium_size(dfu, &dfu->r_left);
201 if (ret < 0)
202 return ret;
203 debug("%s: %s %lld [B]\n", __func__, dfu->name, dfu->r_left);
204 }
205
206 dfu->inited = 1;
207
208 return 0;
209 }
210
dfu_flush(struct dfu_entity * dfu,void * buf,int size,int blk_seq_num)211 int dfu_flush(struct dfu_entity *dfu, void *buf, int size, int blk_seq_num)
212 {
213 int ret = 0;
214
215 ret = dfu_write_buffer_drain(dfu);
216 if (ret)
217 return ret;
218
219 if (dfu->flush_medium)
220 ret = dfu->flush_medium(dfu);
221
222 if (dfu_hash_algo)
223 printf("\nDFU complete %s: 0x%08x\n", dfu_hash_algo->name,
224 dfu->crc);
225
226 dfu_transaction_cleanup(dfu);
227
228 return ret;
229 }
230
dfu_write(struct dfu_entity * dfu,void * buf,int size,int blk_seq_num)231 int dfu_write(struct dfu_entity *dfu, void *buf, int size, int blk_seq_num)
232 {
233 int ret;
234
235 debug("%s: name: %s buf: 0x%p size: 0x%x p_num: 0x%x offset: 0x%llx bufoffset: 0x%lx\n",
236 __func__, dfu->name, buf, size, blk_seq_num, dfu->offset,
237 (unsigned long)(dfu->i_buf - dfu->i_buf_start));
238
239 ret = dfu_transaction_initiate(dfu, false);
240 if (ret < 0)
241 return ret;
242
243 if (dfu->i_blk_seq_num != blk_seq_num) {
244 printf("%s: Wrong sequence number! [%d] [%d]\n",
245 __func__, dfu->i_blk_seq_num, blk_seq_num);
246 dfu_transaction_cleanup(dfu);
247 return -1;
248 }
249
250 /* DFU 1.1 standard says:
251 * The wBlockNum field is a block sequence number. It increments each
252 * time a block is transferred, wrapping to zero from 65,535. It is used
253 * to provide useful context to the DFU loader in the device."
254 *
255 * This means that it's a 16 bit counter that roll-overs at
256 * 0xffff -> 0x0000. By having a typical 4K transfer block
257 * we roll-over at exactly 256MB. Not very fun to debug.
258 *
259 * Handling rollover, and having an inited variable,
260 * makes things work.
261 */
262
263 /* handle rollover */
264 dfu->i_blk_seq_num = (dfu->i_blk_seq_num + 1) & 0xffff;
265
266 /* flush buffer if overflow */
267 if ((dfu->i_buf + size) > dfu->i_buf_end) {
268 ret = dfu_write_buffer_drain(dfu);
269 if (ret) {
270 dfu_transaction_cleanup(dfu);
271 return ret;
272 }
273 }
274
275 /* we should be in buffer now (if not then size too large) */
276 if ((dfu->i_buf + size) > dfu->i_buf_end) {
277 pr_err("Buffer overflow! (0x%p + 0x%x > 0x%p)\n", dfu->i_buf,
278 size, dfu->i_buf_end);
279 dfu_transaction_cleanup(dfu);
280 return -1;
281 }
282
283 memcpy(dfu->i_buf, buf, size);
284 dfu->i_buf += size;
285
286 /* if end or if buffer full flush */
287 if (size == 0 || (dfu->i_buf + size) > dfu->i_buf_end) {
288 ret = dfu_write_buffer_drain(dfu);
289 if (ret) {
290 dfu_transaction_cleanup(dfu);
291 return ret;
292 }
293 }
294
295 return 0;
296 }
297
dfu_read_buffer_fill(struct dfu_entity * dfu,void * buf,int size)298 static int dfu_read_buffer_fill(struct dfu_entity *dfu, void *buf, int size)
299 {
300 long chunk;
301 int ret, readn;
302
303 readn = 0;
304 while (size > 0) {
305 /* get chunk that can be read */
306 chunk = min((long)size, dfu->b_left);
307 /* consume */
308 if (chunk > 0) {
309 memcpy(buf, dfu->i_buf, chunk);
310 if (dfu_hash_algo)
311 dfu_hash_algo->hash_update(dfu_hash_algo,
312 &dfu->crc, buf,
313 chunk, 0);
314
315 dfu->i_buf += chunk;
316 dfu->b_left -= chunk;
317 size -= chunk;
318 buf += chunk;
319 readn += chunk;
320 }
321
322 /* all done */
323 if (size > 0) {
324 /* no more to read */
325 if (dfu->r_left == 0)
326 break;
327
328 dfu->i_buf = dfu->i_buf_start;
329 dfu->b_left = dfu->i_buf_end - dfu->i_buf_start;
330
331 /* got to read, but buffer is empty */
332 if (dfu->b_left > dfu->r_left)
333 dfu->b_left = dfu->r_left;
334 ret = dfu->read_medium(dfu, dfu->offset, dfu->i_buf,
335 &dfu->b_left);
336 if (ret != 0) {
337 debug("%s: Read error!\n", __func__);
338 return ret;
339 }
340 dfu->offset += dfu->b_left;
341 dfu->r_left -= dfu->b_left;
342
343 puts("#");
344 }
345 }
346
347 return readn;
348 }
349
dfu_read(struct dfu_entity * dfu,void * buf,int size,int blk_seq_num)350 int dfu_read(struct dfu_entity *dfu, void *buf, int size, int blk_seq_num)
351 {
352 int ret = 0;
353
354 debug("%s: name: %s buf: 0x%p size: 0x%x p_num: 0x%x i_buf: 0x%p\n",
355 __func__, dfu->name, buf, size, blk_seq_num, dfu->i_buf);
356
357 ret = dfu_transaction_initiate(dfu, true);
358 if (ret < 0)
359 return ret;
360
361 if (dfu->i_blk_seq_num != blk_seq_num) {
362 printf("%s: Wrong sequence number! [%d] [%d]\n",
363 __func__, dfu->i_blk_seq_num, blk_seq_num);
364 return -1;
365 }
366 /* handle rollover */
367 dfu->i_blk_seq_num = (dfu->i_blk_seq_num + 1) & 0xffff;
368
369 ret = dfu_read_buffer_fill(dfu, buf, size);
370 if (ret < 0) {
371 printf("%s: Failed to fill buffer\n", __func__);
372 return -1;
373 }
374
375 if (ret < size) {
376 if (dfu_hash_algo)
377 debug("%s: %s %s: 0x%x\n", __func__, dfu->name,
378 dfu_hash_algo->name, dfu->crc);
379 puts("\nUPLOAD ... done\nCtrl+C to exit ...\n");
380
381 dfu_transaction_cleanup(dfu);
382 }
383
384 return ret;
385 }
386
dfu_fill_entity(struct dfu_entity * dfu,char * s,int alt,char * interface,char * devstr)387 static int dfu_fill_entity(struct dfu_entity *dfu, char *s, int alt,
388 char *interface, char *devstr)
389 {
390 char *st;
391
392 debug("%s: %s interface: %s dev: %s\n", __func__, s, interface, devstr);
393 st = strsep(&s, " ");
394 strcpy(dfu->name, st);
395
396 dfu->alt = alt;
397 dfu->max_buf_size = 0;
398 dfu->free_entity = NULL;
399
400 /* Specific for mmc device */
401 if (strcmp(interface, "mmc") == 0) {
402 if (dfu_fill_entity_mmc(dfu, devstr, s))
403 return -1;
404 } else if (strcmp(interface, "nand") == 0) {
405 if (dfu_fill_entity_nand(dfu, devstr, s))
406 return -1;
407 } else if (strcmp(interface, "ram") == 0) {
408 if (dfu_fill_entity_ram(dfu, devstr, s))
409 return -1;
410 } else if (strcmp(interface, "sf") == 0) {
411 if (dfu_fill_entity_sf(dfu, devstr, s))
412 return -1;
413 } else {
414 printf("%s: Device %s not (yet) supported!\n",
415 __func__, interface);
416 return -1;
417 }
418 dfu_get_buf(dfu);
419
420 return 0;
421 }
422
dfu_free_entities(void)423 void dfu_free_entities(void)
424 {
425 struct dfu_entity *dfu, *p, *t = NULL;
426
427 dfu_free_buf();
428 list_for_each_entry_safe_reverse(dfu, p, &dfu_list, list) {
429 list_del(&dfu->list);
430 if (dfu->free_entity)
431 dfu->free_entity(dfu);
432 t = dfu;
433 }
434 if (t)
435 free(t);
436 INIT_LIST_HEAD(&dfu_list);
437
438 alt_num_cnt = 0;
439 }
440
dfu_config_entities(char * env,char * interface,char * devstr)441 int dfu_config_entities(char *env, char *interface, char *devstr)
442 {
443 struct dfu_entity *dfu;
444 int i, ret;
445 char *s;
446
447 dfu_alt_num = dfu_find_alt_num(env);
448 debug("%s: dfu_alt_num=%d\n", __func__, dfu_alt_num);
449
450 dfu_hash_algo = NULL;
451 s = dfu_get_hash_algo();
452 if (s) {
453 ret = hash_lookup_algo(s, &dfu_hash_algo);
454 if (ret)
455 pr_err("Hash algorithm %s not supported\n", s);
456 }
457
458 dfu = calloc(sizeof(*dfu), dfu_alt_num);
459 if (!dfu)
460 return -1;
461 for (i = 0; i < dfu_alt_num; i++) {
462
463 s = strsep(&env, ";");
464 ret = dfu_fill_entity(&dfu[i], s, alt_num_cnt, interface,
465 devstr);
466 if (ret) {
467 /* We will free "dfu" in dfu_free_entities() */
468 return -1;
469 }
470
471 list_add_tail(&dfu[i].list, &dfu_list);
472 alt_num_cnt++;
473 }
474
475 return 0;
476 }
477
dfu_get_dev_type(enum dfu_device_type t)478 const char *dfu_get_dev_type(enum dfu_device_type t)
479 {
480 const char *dev_t[] = {NULL, "eMMC", "OneNAND", "NAND", "RAM", "SF" };
481 return dev_t[t];
482 }
483
dfu_get_layout(enum dfu_layout l)484 const char *dfu_get_layout(enum dfu_layout l)
485 {
486 const char *dfu_layout[] = {NULL, "RAW_ADDR", "FAT", "EXT2",
487 "EXT3", "EXT4", "RAM_ADDR" };
488 return dfu_layout[l];
489 }
490
dfu_show_entities(void)491 void dfu_show_entities(void)
492 {
493 struct dfu_entity *dfu;
494
495 puts("DFU alt settings list:\n");
496
497 list_for_each_entry(dfu, &dfu_list, list) {
498 printf("dev: %s alt: %d name: %s layout: %s\n",
499 dfu_get_dev_type(dfu->dev_type), dfu->alt,
500 dfu->name, dfu_get_layout(dfu->layout));
501 }
502 }
503
dfu_get_alt_number(void)504 int dfu_get_alt_number(void)
505 {
506 return dfu_alt_num;
507 }
508
dfu_get_entity(int alt)509 struct dfu_entity *dfu_get_entity(int alt)
510 {
511 struct dfu_entity *dfu;
512
513 list_for_each_entry(dfu, &dfu_list, list) {
514 if (dfu->alt == alt)
515 return dfu;
516 }
517
518 return NULL;
519 }
520
dfu_get_alt(char * name)521 int dfu_get_alt(char *name)
522 {
523 struct dfu_entity *dfu;
524 char *str;
525
526 list_for_each_entry(dfu, &dfu_list, list) {
527 if (dfu->name[0] != '/') {
528 if (!strncmp(dfu->name, name, strlen(dfu->name)))
529 return dfu->alt;
530 } else {
531 /*
532 * One must also consider absolute path
533 * (/boot/bin/uImage) available at dfu->name when
534 * compared "plain" file name (uImage)
535 *
536 * It is the case for e.g. thor gadget where lthor SW
537 * sends only the file name, so only the very last part
538 * of path must be checked for equality
539 */
540
541 str = strstr(dfu->name, name);
542 if (!str)
543 continue;
544
545 /*
546 * Check if matching substring is the last element of
547 * dfu->name (uImage)
548 */
549 if (strlen(dfu->name) ==
550 ((str - dfu->name) + strlen(name)))
551 return dfu->alt;
552 }
553 }
554
555 return -ENODEV;
556 }
557
dfu_write_from_mem_addr(struct dfu_entity * dfu,void * buf,int size)558 int dfu_write_from_mem_addr(struct dfu_entity *dfu, void *buf, int size)
559 {
560 unsigned long dfu_buf_size, write, left = size;
561 int i, ret = 0;
562 void *dp = buf;
563
564 /*
565 * Here we must call dfu_get_buf(dfu) first to be sure that dfu_buf_size
566 * has been properly initialized - e.g. if "dfu_bufsiz" has been taken
567 * into account.
568 */
569 dfu_get_buf(dfu);
570 dfu_buf_size = dfu_get_buf_size();
571 debug("%s: dfu buf size: %lu\n", __func__, dfu_buf_size);
572
573 for (i = 0; left > 0; i++) {
574 write = min(dfu_buf_size, left);
575
576 debug("%s: dp: 0x%p left: %lu write: %lu\n", __func__,
577 dp, left, write);
578 ret = dfu_write(dfu, dp, write, i);
579 if (ret) {
580 pr_err("DFU write failed\n");
581 return ret;
582 }
583
584 dp += write;
585 left -= write;
586 }
587
588 ret = dfu_flush(dfu, NULL, 0, i);
589 if (ret)
590 pr_err("DFU flush failed!");
591
592 return ret;
593 }
594