1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright 2014 Broadcom Corporation. 4 */ 5 6 #include <config.h> 7 #include <common.h> 8 #include <blk.h> 9 #include <fastboot.h> 10 #include <fb_mmc.h> 11 #include <image-sparse.h> 12 #include <part.h> 13 #include <mmc.h> 14 #include <div64.h> 15 #include <linux/compat.h> 16 #include <android_image.h> 17 18 #define BOOT_PARTITION_NAME "boot" 19 20 struct fb_mmc_sparse { 21 struct blk_desc *dev_desc; 22 }; 23 24 static int part_get_info_by_name_or_alias(struct blk_desc *dev_desc, 25 const char *name, disk_partition_t *info) 26 { 27 int ret; 28 29 ret = part_get_info_by_name(dev_desc, name, info); 30 if (ret < 0) { 31 /* strlen("fastboot_partition_alias_") + 32(part_name) + 1 */ 32 char env_alias_name[25 + 32 + 1]; 33 char *aliased_part_name; 34 35 /* check for alias */ 36 strcpy(env_alias_name, "fastboot_partition_alias_"); 37 strncat(env_alias_name, name, 32); 38 aliased_part_name = env_get(env_alias_name); 39 if (aliased_part_name != NULL) 40 ret = part_get_info_by_name(dev_desc, 41 aliased_part_name, info); 42 } 43 return ret; 44 } 45 46 static lbaint_t fb_mmc_sparse_write(struct sparse_storage *info, 47 lbaint_t blk, lbaint_t blkcnt, const void *buffer) 48 { 49 struct fb_mmc_sparse *sparse = info->priv; 50 struct blk_desc *dev_desc = sparse->dev_desc; 51 52 return blk_dwrite(dev_desc, blk, blkcnt, buffer); 53 } 54 55 static lbaint_t fb_mmc_sparse_reserve(struct sparse_storage *info, 56 lbaint_t blk, lbaint_t blkcnt) 57 { 58 return blkcnt; 59 } 60 61 static void write_raw_image(struct blk_desc *dev_desc, disk_partition_t *info, 62 const char *part_name, void *buffer, 63 unsigned int download_bytes, char *response) 64 { 65 lbaint_t blkcnt; 66 lbaint_t blks; 67 68 /* determine number of blocks to write */ 69 blkcnt = ((download_bytes + (info->blksz - 1)) & ~(info->blksz - 1)); 70 blkcnt = lldiv(blkcnt, info->blksz); 71 72 if (blkcnt > info->size) { 73 pr_err("too large for partition: '%s'\n", part_name); 74 fastboot_fail("too large for partition", response); 75 return; 76 } 77 78 puts("Flashing Raw Image\n"); 79 80 blks = blk_dwrite(dev_desc, info->start, blkcnt, buffer); 81 if (blks != blkcnt) { 82 pr_err("failed writing to device %d\n", dev_desc->devnum); 83 fastboot_fail("failed writing to device", response); 84 return; 85 } 86 87 printf("........ wrote " LBAFU " bytes to '%s'\n", blkcnt * info->blksz, 88 part_name); 89 fastboot_okay(NULL, response); 90 } 91 92 #ifdef CONFIG_ANDROID_BOOT_IMAGE 93 /** 94 * Read Android boot image header from boot partition. 95 * 96 * @param[in] dev_desc MMC device descriptor 97 * @param[in] info Boot partition info 98 * @param[out] hdr Where to store read boot image header 99 * 100 * @return Boot image header sectors count or 0 on error 101 */ 102 static lbaint_t fb_mmc_get_boot_header(struct blk_desc *dev_desc, 103 disk_partition_t *info, 104 struct andr_img_hdr *hdr, 105 char *response) 106 { 107 ulong sector_size; /* boot partition sector size */ 108 lbaint_t hdr_sectors; /* boot image header sectors count */ 109 int res; 110 111 /* Calculate boot image sectors count */ 112 sector_size = info->blksz; 113 hdr_sectors = DIV_ROUND_UP(sizeof(struct andr_img_hdr), sector_size); 114 if (hdr_sectors == 0) { 115 pr_err("invalid number of boot sectors: 0\n"); 116 fastboot_fail("invalid number of boot sectors: 0", response); 117 return 0; 118 } 119 120 /* Read the boot image header */ 121 res = blk_dread(dev_desc, info->start, hdr_sectors, (void *)hdr); 122 if (res != hdr_sectors) { 123 pr_err("cannot read header from boot partition\n"); 124 fastboot_fail("cannot read header from boot partition", 125 response); 126 return 0; 127 } 128 129 /* Check boot header magic string */ 130 res = android_image_check_header(hdr); 131 if (res != 0) { 132 pr_err("bad boot image magic\n"); 133 fastboot_fail("boot partition not initialized", response); 134 return 0; 135 } 136 137 return hdr_sectors; 138 } 139 140 /** 141 * Write downloaded zImage to boot partition and repack it properly. 142 * 143 * @param dev_desc MMC device descriptor 144 * @param download_buffer Address to fastboot buffer with zImage in it 145 * @param download_bytes Size of fastboot buffer, in bytes 146 * 147 * @return 0 on success or -1 on error 148 */ 149 static int fb_mmc_update_zimage(struct blk_desc *dev_desc, 150 void *download_buffer, 151 unsigned int download_bytes, 152 char *response) 153 { 154 uintptr_t hdr_addr; /* boot image header address */ 155 struct andr_img_hdr *hdr; /* boot image header */ 156 lbaint_t hdr_sectors; /* boot image header sectors */ 157 u8 *ramdisk_buffer; 158 u32 ramdisk_sector_start; 159 u32 ramdisk_sectors; 160 u32 kernel_sector_start; 161 u32 kernel_sectors; 162 u32 sectors_per_page; 163 disk_partition_t info; 164 int res; 165 166 puts("Flashing zImage\n"); 167 168 /* Get boot partition info */ 169 res = part_get_info_by_name(dev_desc, BOOT_PARTITION_NAME, &info); 170 if (res < 0) { 171 pr_err("cannot find boot partition\n"); 172 fastboot_fail("cannot find boot partition", response); 173 return -1; 174 } 175 176 /* Put boot image header in fastboot buffer after downloaded zImage */ 177 hdr_addr = (uintptr_t)download_buffer + ALIGN(download_bytes, PAGE_SIZE); 178 hdr = (struct andr_img_hdr *)hdr_addr; 179 180 /* Read boot image header */ 181 hdr_sectors = fb_mmc_get_boot_header(dev_desc, &info, hdr, response); 182 if (hdr_sectors == 0) { 183 pr_err("unable to read boot image header\n"); 184 fastboot_fail("unable to read boot image header", response); 185 return -1; 186 } 187 188 /* Check if boot image has second stage in it (we don't support it) */ 189 if (hdr->second_size > 0) { 190 pr_err("moving second stage is not supported yet\n"); 191 fastboot_fail("moving second stage is not supported yet", 192 response); 193 return -1; 194 } 195 196 /* Extract ramdisk location */ 197 sectors_per_page = hdr->page_size / info.blksz; 198 ramdisk_sector_start = info.start + sectors_per_page; 199 ramdisk_sector_start += DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) * 200 sectors_per_page; 201 ramdisk_sectors = DIV_ROUND_UP(hdr->ramdisk_size, hdr->page_size) * 202 sectors_per_page; 203 204 /* Read ramdisk and put it in fastboot buffer after boot image header */ 205 ramdisk_buffer = (u8 *)hdr + (hdr_sectors * info.blksz); 206 res = blk_dread(dev_desc, ramdisk_sector_start, ramdisk_sectors, 207 ramdisk_buffer); 208 if (res != ramdisk_sectors) { 209 pr_err("cannot read ramdisk from boot partition\n"); 210 fastboot_fail("cannot read ramdisk from boot partition", 211 response); 212 return -1; 213 } 214 215 /* Write new kernel size to boot image header */ 216 hdr->kernel_size = download_bytes; 217 res = blk_dwrite(dev_desc, info.start, hdr_sectors, (void *)hdr); 218 if (res == 0) { 219 pr_err("cannot writeback boot image header\n"); 220 fastboot_fail("cannot write back boot image header", response); 221 return -1; 222 } 223 224 /* Write the new downloaded kernel */ 225 kernel_sector_start = info.start + sectors_per_page; 226 kernel_sectors = DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) * 227 sectors_per_page; 228 res = blk_dwrite(dev_desc, kernel_sector_start, kernel_sectors, 229 download_buffer); 230 if (res == 0) { 231 pr_err("cannot write new kernel\n"); 232 fastboot_fail("cannot write new kernel", response); 233 return -1; 234 } 235 236 /* Write the saved ramdisk back */ 237 ramdisk_sector_start = info.start + sectors_per_page; 238 ramdisk_sector_start += DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) * 239 sectors_per_page; 240 res = blk_dwrite(dev_desc, ramdisk_sector_start, ramdisk_sectors, 241 ramdisk_buffer); 242 if (res == 0) { 243 pr_err("cannot write back original ramdisk\n"); 244 fastboot_fail("cannot write back original ramdisk", response); 245 return -1; 246 } 247 248 puts("........ zImage was updated in boot partition\n"); 249 fastboot_okay(NULL, response); 250 return 0; 251 } 252 #endif 253 254 void fb_mmc_flash_write(const char *cmd, void *download_buffer, 255 unsigned int download_bytes, char *response) 256 { 257 struct blk_desc *dev_desc; 258 disk_partition_t info; 259 260 dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV); 261 if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) { 262 pr_err("invalid mmc device\n"); 263 fastboot_fail("invalid mmc device", response); 264 return; 265 } 266 267 #if CONFIG_IS_ENABLED(EFI_PARTITION) 268 if (strcmp(cmd, CONFIG_FASTBOOT_GPT_NAME) == 0) { 269 printf("%s: updating MBR, Primary and Backup GPT(s)\n", 270 __func__); 271 if (is_valid_gpt_buf(dev_desc, download_buffer)) { 272 printf("%s: invalid GPT - refusing to write to flash\n", 273 __func__); 274 fastboot_fail("invalid GPT partition", response); 275 return; 276 } 277 if (write_mbr_and_gpt_partitions(dev_desc, download_buffer)) { 278 printf("%s: writing GPT partitions failed\n", __func__); 279 fastboot_fail("writing GPT partitions failed", 280 response); 281 return; 282 } 283 printf("........ success\n"); 284 fastboot_okay(NULL, response); 285 return; 286 } 287 #endif 288 289 #if CONFIG_IS_ENABLED(DOS_PARTITION) 290 if (strcmp(cmd, CONFIG_FASTBOOT_MBR_NAME) == 0) { 291 printf("%s: updating MBR\n", __func__); 292 if (is_valid_dos_buf(download_buffer)) { 293 printf("%s: invalid MBR - refusing to write to flash\n", 294 __func__); 295 fastboot_fail("invalid MBR partition", response); 296 return; 297 } 298 if (write_mbr_partition(dev_desc, download_buffer)) { 299 printf("%s: writing MBR partition failed\n", __func__); 300 fastboot_fail("writing MBR partition failed", 301 response); 302 return; 303 } 304 printf("........ success\n"); 305 fastboot_okay(NULL, response); 306 return; 307 } 308 #endif 309 310 #ifdef CONFIG_ANDROID_BOOT_IMAGE 311 if (strncasecmp(cmd, "zimage", 6) == 0) { 312 fb_mmc_update_zimage(dev_desc, download_buffer, 313 download_bytes, response); 314 return; 315 } 316 #endif 317 318 if (part_get_info_by_name_or_alias(dev_desc, cmd, &info) < 0) { 319 pr_err("cannot find partition: '%s'\n", cmd); 320 fastboot_fail("cannot find partition", response); 321 return; 322 } 323 324 if (is_sparse_image(download_buffer)) { 325 struct fb_mmc_sparse sparse_priv; 326 struct sparse_storage sparse; 327 int err; 328 329 sparse_priv.dev_desc = dev_desc; 330 331 sparse.blksz = info.blksz; 332 sparse.start = info.start; 333 sparse.size = info.size; 334 sparse.write = fb_mmc_sparse_write; 335 sparse.reserve = fb_mmc_sparse_reserve; 336 sparse.mssg = fastboot_fail; 337 338 printf("Flashing sparse image at offset " LBAFU "\n", 339 sparse.start); 340 341 sparse.priv = &sparse_priv; 342 err = write_sparse_image(&sparse, cmd, download_buffer, 343 response); 344 if (!err) 345 fastboot_okay(NULL, response); 346 } else { 347 write_raw_image(dev_desc, &info, cmd, download_buffer, 348 download_bytes, response); 349 } 350 } 351 352 void fb_mmc_erase(const char *cmd, char *response) 353 { 354 int ret; 355 struct blk_desc *dev_desc; 356 disk_partition_t info; 357 lbaint_t blks, blks_start, blks_size, grp_size; 358 struct mmc *mmc = find_mmc_device(CONFIG_FASTBOOT_FLASH_MMC_DEV); 359 360 if (mmc == NULL) { 361 pr_err("invalid mmc device\n"); 362 fastboot_fail("invalid mmc device", response); 363 return; 364 } 365 366 dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV); 367 if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) { 368 pr_err("invalid mmc device\n"); 369 fastboot_fail("invalid mmc device", response); 370 return; 371 } 372 373 ret = part_get_info_by_name_or_alias(dev_desc, cmd, &info); 374 if (ret < 0) { 375 pr_err("cannot find partition: '%s'\n", cmd); 376 fastboot_fail("cannot find partition", response); 377 return; 378 } 379 380 /* Align blocks to erase group size to avoid erasing other partitions */ 381 grp_size = mmc->erase_grp_size; 382 blks_start = (info.start + grp_size - 1) & ~(grp_size - 1); 383 if (info.size >= grp_size) 384 blks_size = (info.size - (blks_start - info.start)) & 385 (~(grp_size - 1)); 386 else 387 blks_size = 0; 388 389 printf("Erasing blocks " LBAFU " to " LBAFU " due to alignment\n", 390 blks_start, blks_start + blks_size); 391 392 blks = blk_derase(dev_desc, blks_start, blks_size); 393 if (blks != blks_size) { 394 pr_err("failed erasing from device %d\n", dev_desc->devnum); 395 fastboot_fail("failed erasing from device", response); 396 return; 397 } 398 399 printf("........ erased " LBAFU " bytes from '%s'\n", 400 blks_size * info.blksz, cmd); 401 fastboot_okay(NULL, response); 402 } 403