1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright 2014 Broadcom Corporation.
4 */
5
6 #include <config.h>
7 #include <common.h>
8 #include <blk.h>
9 #include <fastboot.h>
10 #include <fastboot-internal.h>
11 #include <fb_mmc.h>
12 #include <image-sparse.h>
13 #include <part.h>
14 #include <mmc.h>
15 #include <div64.h>
16 #include <linux/compat.h>
17 #include <android_image.h>
18
19 #define FASTBOOT_MAX_BLK_WRITE 16384
20
21 #define BOOT_PARTITION_NAME "boot"
22
23 struct fb_mmc_sparse {
24 struct blk_desc *dev_desc;
25 };
26
part_get_info_by_name_or_alias(struct blk_desc * dev_desc,const char * name,disk_partition_t * info)27 static int part_get_info_by_name_or_alias(struct blk_desc *dev_desc,
28 const char *name, disk_partition_t *info)
29 {
30 int ret;
31
32 ret = part_get_info_by_name(dev_desc, name, info);
33 if (ret < 0) {
34 /* strlen("fastboot_partition_alias_") + 32(part_name) + 1 */
35 char env_alias_name[25 + 32 + 1];
36 char *aliased_part_name;
37
38 /* check for alias */
39 strcpy(env_alias_name, "fastboot_partition_alias_");
40 strncat(env_alias_name, name, 32);
41 aliased_part_name = env_get(env_alias_name);
42 if (aliased_part_name != NULL)
43 ret = part_get_info_by_name(dev_desc,
44 aliased_part_name, info);
45 }
46 return ret;
47 }
48
49 /**
50 * fb_mmc_blk_write() - Write/erase MMC in chunks of FASTBOOT_MAX_BLK_WRITE
51 *
52 * @block_dev: Pointer to block device
53 * @start: First block to write/erase
54 * @blkcnt: Count of blocks
55 * @buffer: Pointer to data buffer for write or NULL for erase
56 */
fb_mmc_blk_write(struct blk_desc * block_dev,lbaint_t start,lbaint_t blkcnt,const void * buffer)57 static lbaint_t fb_mmc_blk_write(struct blk_desc *block_dev, lbaint_t start,
58 lbaint_t blkcnt, const void *buffer)
59 {
60 lbaint_t blk = start;
61 lbaint_t blks_written;
62 lbaint_t cur_blkcnt;
63 lbaint_t blks = 0;
64 int i;
65
66 for (i = 0; i < blkcnt; i += FASTBOOT_MAX_BLK_WRITE) {
67 cur_blkcnt = min((int)blkcnt - i, FASTBOOT_MAX_BLK_WRITE);
68 if (buffer) {
69 if (fastboot_progress_callback)
70 fastboot_progress_callback("writing");
71 blks_written = blk_dwrite(block_dev, blk, cur_blkcnt,
72 buffer + (i * block_dev->blksz));
73 } else {
74 if (fastboot_progress_callback)
75 fastboot_progress_callback("erasing");
76 blks_written = blk_derase(block_dev, blk, cur_blkcnt);
77 }
78 blk += blks_written;
79 blks += blks_written;
80 }
81 return blks;
82 }
83
fb_mmc_sparse_write(struct sparse_storage * info,lbaint_t blk,lbaint_t blkcnt,const void * buffer)84 static lbaint_t fb_mmc_sparse_write(struct sparse_storage *info,
85 lbaint_t blk, lbaint_t blkcnt, const void *buffer)
86 {
87 struct fb_mmc_sparse *sparse = info->priv;
88 struct blk_desc *dev_desc = sparse->dev_desc;
89
90 return fb_mmc_blk_write(dev_desc, blk, blkcnt, buffer);
91 }
92
fb_mmc_sparse_reserve(struct sparse_storage * info,lbaint_t blk,lbaint_t blkcnt)93 static lbaint_t fb_mmc_sparse_reserve(struct sparse_storage *info,
94 lbaint_t blk, lbaint_t blkcnt)
95 {
96 return blkcnt;
97 }
98
write_raw_image(struct blk_desc * dev_desc,disk_partition_t * info,const char * part_name,void * buffer,u32 download_bytes,char * response)99 static void write_raw_image(struct blk_desc *dev_desc, disk_partition_t *info,
100 const char *part_name, void *buffer,
101 u32 download_bytes, char *response)
102 {
103 lbaint_t blkcnt;
104 lbaint_t blks;
105
106 /* determine number of blocks to write */
107 blkcnt = ((download_bytes + (info->blksz - 1)) & ~(info->blksz - 1));
108 blkcnt = lldiv(blkcnt, info->blksz);
109
110 if (blkcnt > info->size) {
111 pr_err("too large for partition: '%s'\n", part_name);
112 fastboot_fail("too large for partition", response);
113 return;
114 }
115
116 puts("Flashing Raw Image\n");
117
118 blks = fb_mmc_blk_write(dev_desc, info->start, blkcnt, buffer);
119
120 if (blks != blkcnt) {
121 pr_err("failed writing to device %d\n", dev_desc->devnum);
122 fastboot_fail("failed writing to device", response);
123 return;
124 }
125
126 printf("........ wrote " LBAFU " bytes to '%s'\n", blkcnt * info->blksz,
127 part_name);
128 fastboot_okay(NULL, response);
129 }
130
131 #ifdef CONFIG_ANDROID_BOOT_IMAGE
132 /**
133 * Read Android boot image header from boot partition.
134 *
135 * @param[in] dev_desc MMC device descriptor
136 * @param[in] info Boot partition info
137 * @param[out] hdr Where to store read boot image header
138 *
139 * @return Boot image header sectors count or 0 on error
140 */
fb_mmc_get_boot_header(struct blk_desc * dev_desc,disk_partition_t * info,struct andr_img_hdr * hdr,char * response)141 static lbaint_t fb_mmc_get_boot_header(struct blk_desc *dev_desc,
142 disk_partition_t *info,
143 struct andr_img_hdr *hdr,
144 char *response)
145 {
146 ulong sector_size; /* boot partition sector size */
147 lbaint_t hdr_sectors; /* boot image header sectors count */
148 int res;
149
150 /* Calculate boot image sectors count */
151 sector_size = info->blksz;
152 hdr_sectors = DIV_ROUND_UP(sizeof(struct andr_img_hdr), sector_size);
153 if (hdr_sectors == 0) {
154 pr_err("invalid number of boot sectors: 0\n");
155 fastboot_fail("invalid number of boot sectors: 0", response);
156 return 0;
157 }
158
159 /* Read the boot image header */
160 res = blk_dread(dev_desc, info->start, hdr_sectors, (void *)hdr);
161 if (res != hdr_sectors) {
162 pr_err("cannot read header from boot partition\n");
163 fastboot_fail("cannot read header from boot partition",
164 response);
165 return 0;
166 }
167
168 /* Check boot header magic string */
169 res = android_image_check_header(hdr);
170 if (res != 0) {
171 pr_err("bad boot image magic\n");
172 fastboot_fail("boot partition not initialized", response);
173 return 0;
174 }
175
176 return hdr_sectors;
177 }
178
179 /**
180 * Write downloaded zImage to boot partition and repack it properly.
181 *
182 * @param dev_desc MMC device descriptor
183 * @param download_buffer Address to fastboot buffer with zImage in it
184 * @param download_bytes Size of fastboot buffer, in bytes
185 *
186 * @return 0 on success or -1 on error
187 */
fb_mmc_update_zimage(struct blk_desc * dev_desc,void * download_buffer,u32 download_bytes,char * response)188 static int fb_mmc_update_zimage(struct blk_desc *dev_desc,
189 void *download_buffer,
190 u32 download_bytes,
191 char *response)
192 {
193 uintptr_t hdr_addr; /* boot image header address */
194 struct andr_img_hdr *hdr; /* boot image header */
195 lbaint_t hdr_sectors; /* boot image header sectors */
196 u8 *ramdisk_buffer;
197 u32 ramdisk_sector_start;
198 u32 ramdisk_sectors;
199 u32 kernel_sector_start;
200 u32 kernel_sectors;
201 u32 sectors_per_page;
202 disk_partition_t info;
203 int res;
204
205 puts("Flashing zImage\n");
206
207 /* Get boot partition info */
208 res = part_get_info_by_name(dev_desc, BOOT_PARTITION_NAME, &info);
209 if (res < 0) {
210 pr_err("cannot find boot partition\n");
211 fastboot_fail("cannot find boot partition", response);
212 return -1;
213 }
214
215 /* Put boot image header in fastboot buffer after downloaded zImage */
216 hdr_addr = (uintptr_t)download_buffer + ALIGN(download_bytes, PAGE_SIZE);
217 hdr = (struct andr_img_hdr *)hdr_addr;
218
219 /* Read boot image header */
220 hdr_sectors = fb_mmc_get_boot_header(dev_desc, &info, hdr, response);
221 if (hdr_sectors == 0) {
222 pr_err("unable to read boot image header\n");
223 fastboot_fail("unable to read boot image header", response);
224 return -1;
225 }
226
227 /* Check if boot image has second stage in it (we don't support it) */
228 if (hdr->second_size > 0) {
229 pr_err("moving second stage is not supported yet\n");
230 fastboot_fail("moving second stage is not supported yet",
231 response);
232 return -1;
233 }
234
235 /* Extract ramdisk location */
236 sectors_per_page = hdr->page_size / info.blksz;
237 ramdisk_sector_start = info.start + sectors_per_page;
238 ramdisk_sector_start += DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) *
239 sectors_per_page;
240 ramdisk_sectors = DIV_ROUND_UP(hdr->ramdisk_size, hdr->page_size) *
241 sectors_per_page;
242
243 /* Read ramdisk and put it in fastboot buffer after boot image header */
244 ramdisk_buffer = (u8 *)hdr + (hdr_sectors * info.blksz);
245 res = blk_dread(dev_desc, ramdisk_sector_start, ramdisk_sectors,
246 ramdisk_buffer);
247 if (res != ramdisk_sectors) {
248 pr_err("cannot read ramdisk from boot partition\n");
249 fastboot_fail("cannot read ramdisk from boot partition",
250 response);
251 return -1;
252 }
253
254 /* Write new kernel size to boot image header */
255 hdr->kernel_size = download_bytes;
256 res = blk_dwrite(dev_desc, info.start, hdr_sectors, (void *)hdr);
257 if (res == 0) {
258 pr_err("cannot writeback boot image header\n");
259 fastboot_fail("cannot write back boot image header", response);
260 return -1;
261 }
262
263 /* Write the new downloaded kernel */
264 kernel_sector_start = info.start + sectors_per_page;
265 kernel_sectors = DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) *
266 sectors_per_page;
267 res = blk_dwrite(dev_desc, kernel_sector_start, kernel_sectors,
268 download_buffer);
269 if (res == 0) {
270 pr_err("cannot write new kernel\n");
271 fastboot_fail("cannot write new kernel", response);
272 return -1;
273 }
274
275 /* Write the saved ramdisk back */
276 ramdisk_sector_start = info.start + sectors_per_page;
277 ramdisk_sector_start += DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) *
278 sectors_per_page;
279 res = blk_dwrite(dev_desc, ramdisk_sector_start, ramdisk_sectors,
280 ramdisk_buffer);
281 if (res == 0) {
282 pr_err("cannot write back original ramdisk\n");
283 fastboot_fail("cannot write back original ramdisk", response);
284 return -1;
285 }
286
287 puts("........ zImage was updated in boot partition\n");
288 fastboot_okay(NULL, response);
289 return 0;
290 }
291 #endif
292
293 /**
294 * fastboot_mmc_get_part_info() - Lookup eMMC partion by name
295 *
296 * @part_name: Named partition to lookup
297 * @dev_desc: Pointer to returned blk_desc pointer
298 * @part_info: Pointer to returned disk_partition_t
299 * @response: Pointer to fastboot response buffer
300 */
fastboot_mmc_get_part_info(char * part_name,struct blk_desc ** dev_desc,disk_partition_t * part_info,char * response)301 int fastboot_mmc_get_part_info(char *part_name, struct blk_desc **dev_desc,
302 disk_partition_t *part_info, char *response)
303 {
304 int r;
305
306 *dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
307 if (!*dev_desc) {
308 fastboot_fail("block device not found", response);
309 return -ENOENT;
310 }
311 if (!part_name) {
312 fastboot_fail("partition not found", response);
313 return -ENOENT;
314 }
315
316 r = part_get_info_by_name_or_alias(*dev_desc, part_name, part_info);
317 if (r < 0) {
318 fastboot_fail("partition not found", response);
319 return r;
320 }
321
322 return r;
323 }
324
325 /**
326 * fastboot_mmc_flash_write() - Write image to eMMC for fastboot
327 *
328 * @cmd: Named partition to write image to
329 * @download_buffer: Pointer to image data
330 * @download_bytes: Size of image data
331 * @response: Pointer to fastboot response buffer
332 */
fastboot_mmc_flash_write(const char * cmd,void * download_buffer,u32 download_bytes,char * response)333 void fastboot_mmc_flash_write(const char *cmd, void *download_buffer,
334 u32 download_bytes, char *response)
335 {
336 struct blk_desc *dev_desc;
337 disk_partition_t info;
338
339 dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
340 if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) {
341 pr_err("invalid mmc device\n");
342 fastboot_fail("invalid mmc device", response);
343 return;
344 }
345
346 #if CONFIG_IS_ENABLED(EFI_PARTITION)
347 if (strcmp(cmd, CONFIG_FASTBOOT_GPT_NAME) == 0) {
348 printf("%s: updating MBR, Primary and Backup GPT(s)\n",
349 __func__);
350 if (is_valid_gpt_buf(dev_desc, download_buffer)) {
351 printf("%s: invalid GPT - refusing to write to flash\n",
352 __func__);
353 fastboot_fail("invalid GPT partition", response);
354 return;
355 }
356 if (write_mbr_and_gpt_partitions(dev_desc, download_buffer)) {
357 printf("%s: writing GPT partitions failed\n", __func__);
358 fastboot_fail("writing GPT partitions failed",
359 response);
360 return;
361 }
362 printf("........ success\n");
363 fastboot_okay(NULL, response);
364 return;
365 }
366 #endif
367
368 #if CONFIG_IS_ENABLED(DOS_PARTITION)
369 if (strcmp(cmd, CONFIG_FASTBOOT_MBR_NAME) == 0) {
370 printf("%s: updating MBR\n", __func__);
371 if (is_valid_dos_buf(download_buffer)) {
372 printf("%s: invalid MBR - refusing to write to flash\n",
373 __func__);
374 fastboot_fail("invalid MBR partition", response);
375 return;
376 }
377 if (write_mbr_partition(dev_desc, download_buffer)) {
378 printf("%s: writing MBR partition failed\n", __func__);
379 fastboot_fail("writing MBR partition failed",
380 response);
381 return;
382 }
383 printf("........ success\n");
384 fastboot_okay(NULL, response);
385 return;
386 }
387 #endif
388
389 #ifdef CONFIG_ANDROID_BOOT_IMAGE
390 if (strncasecmp(cmd, "zimage", 6) == 0) {
391 fb_mmc_update_zimage(dev_desc, download_buffer,
392 download_bytes, response);
393 return;
394 }
395 #endif
396
397 if (part_get_info_by_name_or_alias(dev_desc, cmd, &info) < 0) {
398 pr_err("cannot find partition: '%s'\n", cmd);
399 fastboot_fail("cannot find partition", response);
400 return;
401 }
402
403 if (is_sparse_image(download_buffer)) {
404 struct fb_mmc_sparse sparse_priv;
405 struct sparse_storage sparse;
406 int err;
407
408 sparse_priv.dev_desc = dev_desc;
409
410 sparse.blksz = info.blksz;
411 sparse.start = info.start;
412 sparse.size = info.size;
413 sparse.write = fb_mmc_sparse_write;
414 sparse.reserve = fb_mmc_sparse_reserve;
415 sparse.mssg = fastboot_fail;
416
417 printf("Flashing sparse image at offset " LBAFU "\n",
418 sparse.start);
419
420 sparse.priv = &sparse_priv;
421 err = write_sparse_image(&sparse, cmd, download_buffer,
422 response);
423 if (!err)
424 fastboot_okay(NULL, response);
425 } else {
426 write_raw_image(dev_desc, &info, cmd, download_buffer,
427 download_bytes, response);
428 }
429 }
430
431 /**
432 * fastboot_mmc_flash_erase() - Erase eMMC for fastboot
433 *
434 * @cmd: Named partition to erase
435 * @response: Pointer to fastboot response buffer
436 */
fastboot_mmc_erase(const char * cmd,char * response)437 void fastboot_mmc_erase(const char *cmd, char *response)
438 {
439 int ret;
440 struct blk_desc *dev_desc;
441 disk_partition_t info;
442 lbaint_t blks, blks_start, blks_size, grp_size;
443 struct mmc *mmc = find_mmc_device(CONFIG_FASTBOOT_FLASH_MMC_DEV);
444
445 if (mmc == NULL) {
446 pr_err("invalid mmc device\n");
447 fastboot_fail("invalid mmc device", response);
448 return;
449 }
450
451 dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
452 if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) {
453 pr_err("invalid mmc device\n");
454 fastboot_fail("invalid mmc device", response);
455 return;
456 }
457
458 ret = part_get_info_by_name_or_alias(dev_desc, cmd, &info);
459 if (ret < 0) {
460 pr_err("cannot find partition: '%s'\n", cmd);
461 fastboot_fail("cannot find partition", response);
462 return;
463 }
464
465 /* Align blocks to erase group size to avoid erasing other partitions */
466 grp_size = mmc->erase_grp_size;
467 blks_start = (info.start + grp_size - 1) & ~(grp_size - 1);
468 if (info.size >= grp_size)
469 blks_size = (info.size - (blks_start - info.start)) &
470 (~(grp_size - 1));
471 else
472 blks_size = 0;
473
474 printf("Erasing blocks " LBAFU " to " LBAFU " due to alignment\n",
475 blks_start, blks_start + blks_size);
476
477 blks = fb_mmc_blk_write(dev_desc, blks_start, blks_size, NULL);
478
479 if (blks != blks_size) {
480 pr_err("failed erasing from device %d\n", dev_desc->devnum);
481 fastboot_fail("failed erasing from device", response);
482 return;
483 }
484
485 printf("........ erased " LBAFU " bytes from '%s'\n",
486 blks_size * info.blksz, cmd);
487 fastboot_okay(NULL, response);
488 }
489