1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * dfu.c -- DFU back-end routines
4  *
5  * Copyright (C) 2012 Samsung Electronics
6  * author: Lukasz Majewski <l.majewski@samsung.com>
7  */
8 
9 #include <common.h>
10 #include <errno.h>
11 #include <malloc.h>
12 #include <mmc.h>
13 #include <fat.h>
14 #include <dfu.h>
15 #include <hash.h>
16 #include <linux/list.h>
17 #include <linux/compiler.h>
18 
19 static LIST_HEAD(dfu_list);
20 static int dfu_alt_num;
21 static int alt_num_cnt;
22 static struct hash_algo *dfu_hash_algo;
23 
24 /*
25  * The purpose of the dfu_usb_get_reset() function is to
26  * provide information if after USB_DETACH request
27  * being sent the dfu-util performed reset of USB
28  * bus.
29  *
30  * Described behaviour is the only way to distinct if
31  * user has typed -e (detach) or -R (reset) when invoking
32  * dfu-util command.
33  *
34  */
dfu_usb_get_reset(void)35 __weak bool dfu_usb_get_reset(void)
36 {
37 #ifdef CONFIG_SPL_DFU_NO_RESET
38 	return false;
39 #else
40 	return true;
41 #endif
42 }
43 
dfu_find_alt_num(const char * s)44 static int dfu_find_alt_num(const char *s)
45 {
46 	int i = 0;
47 
48 	for (; *s; s++)
49 		if (*s == ';')
50 			i++;
51 
52 	return ++i;
53 }
54 
dfu_init_env_entities(char * interface,char * devstr)55 int dfu_init_env_entities(char *interface, char *devstr)
56 {
57 	const char *str_env;
58 	char *env_bkp;
59 	int ret;
60 
61 #ifdef CONFIG_SET_DFU_ALT_INFO
62 	set_dfu_alt_info(interface, devstr);
63 #endif
64 	str_env = env_get("dfu_alt_info");
65 	if (!str_env) {
66 		pr_err("\"dfu_alt_info\" env variable not defined!\n");
67 		return -EINVAL;
68 	}
69 
70 	env_bkp = strdup(str_env);
71 	ret = dfu_config_entities(env_bkp, interface, devstr);
72 	if (ret) {
73 		pr_err("DFU entities configuration failed!\n");
74 		return ret;
75 	}
76 
77 	free(env_bkp);
78 	return 0;
79 }
80 
81 static unsigned char *dfu_buf;
82 static unsigned long dfu_buf_size;
83 
dfu_free_buf(void)84 unsigned char *dfu_free_buf(void)
85 {
86 	free(dfu_buf);
87 	dfu_buf = NULL;
88 	return dfu_buf;
89 }
90 
dfu_get_buf_size(void)91 unsigned long dfu_get_buf_size(void)
92 {
93 	return dfu_buf_size;
94 }
95 
dfu_get_buf(struct dfu_entity * dfu)96 unsigned char *dfu_get_buf(struct dfu_entity *dfu)
97 {
98 	char *s;
99 
100 	if (dfu_buf != NULL)
101 		return dfu_buf;
102 
103 	s = env_get("dfu_bufsiz");
104 	if (s)
105 		dfu_buf_size = (unsigned long)simple_strtol(s, NULL, 0);
106 
107 	if (!s || !dfu_buf_size)
108 		dfu_buf_size = CONFIG_SYS_DFU_DATA_BUF_SIZE;
109 
110 	if (dfu->max_buf_size && dfu_buf_size > dfu->max_buf_size)
111 		dfu_buf_size = dfu->max_buf_size;
112 
113 	dfu_buf = memalign(CONFIG_SYS_CACHELINE_SIZE, dfu_buf_size);
114 	if (dfu_buf == NULL)
115 		printf("%s: Could not memalign 0x%lx bytes\n",
116 		       __func__, dfu_buf_size);
117 
118 	return dfu_buf;
119 }
120 
dfu_get_hash_algo(void)121 static char *dfu_get_hash_algo(void)
122 {
123 	char *s;
124 
125 	s = env_get("dfu_hash_algo");
126 	if (!s)
127 		return NULL;
128 
129 	if (!strcmp(s, "crc32")) {
130 		debug("%s: DFU hash method: %s\n", __func__, s);
131 		return s;
132 	}
133 
134 	pr_err("DFU hash method: %s not supported!\n", s);
135 	return NULL;
136 }
137 
dfu_write_buffer_drain(struct dfu_entity * dfu)138 static int dfu_write_buffer_drain(struct dfu_entity *dfu)
139 {
140 	long w_size;
141 	int ret;
142 
143 	/* flush size? */
144 	w_size = dfu->i_buf - dfu->i_buf_start;
145 	if (w_size == 0)
146 		return 0;
147 
148 	if (dfu_hash_algo)
149 		dfu_hash_algo->hash_update(dfu_hash_algo, &dfu->crc,
150 					   dfu->i_buf_start, w_size, 0);
151 
152 	ret = dfu->write_medium(dfu, dfu->offset, dfu->i_buf_start, &w_size);
153 	if (ret)
154 		debug("%s: Write error!\n", __func__);
155 
156 	/* point back */
157 	dfu->i_buf = dfu->i_buf_start;
158 
159 	/* update offset */
160 	dfu->offset += w_size;
161 
162 	puts("#");
163 
164 	return ret;
165 }
166 
dfu_transaction_cleanup(struct dfu_entity * dfu)167 void dfu_transaction_cleanup(struct dfu_entity *dfu)
168 {
169 	/* clear everything */
170 	dfu->crc = 0;
171 	dfu->offset = 0;
172 	dfu->i_blk_seq_num = 0;
173 	dfu->i_buf_start = dfu_get_buf(dfu);
174 	dfu->i_buf_end = dfu->i_buf_start;
175 	dfu->i_buf = dfu->i_buf_start;
176 	dfu->r_left = 0;
177 	dfu->b_left = 0;
178 	dfu->bad_skip = 0;
179 
180 	dfu->inited = 0;
181 }
182 
dfu_transaction_initiate(struct dfu_entity * dfu,bool read)183 int dfu_transaction_initiate(struct dfu_entity *dfu, bool read)
184 {
185 	int ret = 0;
186 
187 	if (dfu->inited)
188 		return 0;
189 
190 	dfu_transaction_cleanup(dfu);
191 
192 	if (dfu->i_buf_start == NULL)
193 		return -ENOMEM;
194 
195 	dfu->i_buf_end = dfu->i_buf_start + dfu_get_buf_size();
196 
197 	if (read) {
198 		ret = dfu->get_medium_size(dfu, &dfu->r_left);
199 		if (ret < 0)
200 			return ret;
201 		debug("%s: %s %lld [B]\n", __func__, dfu->name, dfu->r_left);
202 	}
203 
204 	dfu->inited = 1;
205 
206 	return 0;
207 }
208 
dfu_flush(struct dfu_entity * dfu,void * buf,int size,int blk_seq_num)209 int dfu_flush(struct dfu_entity *dfu, void *buf, int size, int blk_seq_num)
210 {
211 	int ret = 0;
212 
213 	ret = dfu_write_buffer_drain(dfu);
214 	if (ret)
215 		return ret;
216 
217 	if (dfu->flush_medium)
218 		ret = dfu->flush_medium(dfu);
219 
220 	if (dfu_hash_algo)
221 		printf("\nDFU complete %s: 0x%08x\n", dfu_hash_algo->name,
222 		       dfu->crc);
223 
224 	dfu_transaction_cleanup(dfu);
225 
226 	return ret;
227 }
228 
dfu_write(struct dfu_entity * dfu,void * buf,int size,int blk_seq_num)229 int dfu_write(struct dfu_entity *dfu, void *buf, int size, int blk_seq_num)
230 {
231 	int ret;
232 
233 	debug("%s: name: %s buf: 0x%p size: 0x%x p_num: 0x%x offset: 0x%llx bufoffset: 0x%lx\n",
234 	      __func__, dfu->name, buf, size, blk_seq_num, dfu->offset,
235 	      (unsigned long)(dfu->i_buf - dfu->i_buf_start));
236 
237 	ret = dfu_transaction_initiate(dfu, false);
238 	if (ret < 0)
239 		return ret;
240 
241 	if (dfu->i_blk_seq_num != blk_seq_num) {
242 		printf("%s: Wrong sequence number! [%d] [%d]\n",
243 		       __func__, dfu->i_blk_seq_num, blk_seq_num);
244 		dfu_transaction_cleanup(dfu);
245 		return -1;
246 	}
247 
248 	/* DFU 1.1 standard says:
249 	 * The wBlockNum field is a block sequence number. It increments each
250 	 * time a block is transferred, wrapping to zero from 65,535. It is used
251 	 * to provide useful context to the DFU loader in the device."
252 	 *
253 	 * This means that it's a 16 bit counter that roll-overs at
254 	 * 0xffff -> 0x0000. By having a typical 4K transfer block
255 	 * we roll-over at exactly 256MB. Not very fun to debug.
256 	 *
257 	 * Handling rollover, and having an inited variable,
258 	 * makes things work.
259 	 */
260 
261 	/* handle rollover */
262 	dfu->i_blk_seq_num = (dfu->i_blk_seq_num + 1) & 0xffff;
263 
264 	/* flush buffer if overflow */
265 	if ((dfu->i_buf + size) > dfu->i_buf_end) {
266 		ret = dfu_write_buffer_drain(dfu);
267 		if (ret) {
268 			dfu_transaction_cleanup(dfu);
269 			return ret;
270 		}
271 	}
272 
273 	/* we should be in buffer now (if not then size too large) */
274 	if ((dfu->i_buf + size) > dfu->i_buf_end) {
275 		pr_err("Buffer overflow! (0x%p + 0x%x > 0x%p)\n", dfu->i_buf,
276 		      size, dfu->i_buf_end);
277 		dfu_transaction_cleanup(dfu);
278 		return -1;
279 	}
280 
281 	memcpy(dfu->i_buf, buf, size);
282 	dfu->i_buf += size;
283 
284 	/* if end or if buffer full flush */
285 	if (size == 0 || (dfu->i_buf + size) > dfu->i_buf_end) {
286 		ret = dfu_write_buffer_drain(dfu);
287 		if (ret) {
288 			dfu_transaction_cleanup(dfu);
289 			return ret;
290 		}
291 	}
292 
293 	return 0;
294 }
295 
dfu_read_buffer_fill(struct dfu_entity * dfu,void * buf,int size)296 static int dfu_read_buffer_fill(struct dfu_entity *dfu, void *buf, int size)
297 {
298 	long chunk;
299 	int ret, readn;
300 
301 	readn = 0;
302 	while (size > 0) {
303 		/* get chunk that can be read */
304 		chunk = min((long)size, dfu->b_left);
305 		/* consume */
306 		if (chunk > 0) {
307 			memcpy(buf, dfu->i_buf, chunk);
308 			if (dfu_hash_algo)
309 				dfu_hash_algo->hash_update(dfu_hash_algo,
310 							   &dfu->crc, buf,
311 							   chunk, 0);
312 
313 			dfu->i_buf += chunk;
314 			dfu->b_left -= chunk;
315 			size -= chunk;
316 			buf += chunk;
317 			readn += chunk;
318 		}
319 
320 		/* all done */
321 		if (size > 0) {
322 			/* no more to read */
323 			if (dfu->r_left == 0)
324 				break;
325 
326 			dfu->i_buf = dfu->i_buf_start;
327 			dfu->b_left = dfu->i_buf_end - dfu->i_buf_start;
328 
329 			/* got to read, but buffer is empty */
330 			if (dfu->b_left > dfu->r_left)
331 				dfu->b_left = dfu->r_left;
332 			ret = dfu->read_medium(dfu, dfu->offset, dfu->i_buf,
333 					&dfu->b_left);
334 			if (ret != 0) {
335 				debug("%s: Read error!\n", __func__);
336 				return ret;
337 			}
338 			dfu->offset += dfu->b_left;
339 			dfu->r_left -= dfu->b_left;
340 
341 			puts("#");
342 		}
343 	}
344 
345 	return readn;
346 }
347 
dfu_read(struct dfu_entity * dfu,void * buf,int size,int blk_seq_num)348 int dfu_read(struct dfu_entity *dfu, void *buf, int size, int blk_seq_num)
349 {
350 	int ret = 0;
351 
352 	debug("%s: name: %s buf: 0x%p size: 0x%x p_num: 0x%x i_buf: 0x%p\n",
353 	       __func__, dfu->name, buf, size, blk_seq_num, dfu->i_buf);
354 
355 	ret = dfu_transaction_initiate(dfu, true);
356 	if (ret < 0)
357 		return ret;
358 
359 	if (dfu->i_blk_seq_num != blk_seq_num) {
360 		printf("%s: Wrong sequence number! [%d] [%d]\n",
361 		       __func__, dfu->i_blk_seq_num, blk_seq_num);
362 		return -1;
363 	}
364 	/* handle rollover */
365 	dfu->i_blk_seq_num = (dfu->i_blk_seq_num + 1) & 0xffff;
366 
367 	ret = dfu_read_buffer_fill(dfu, buf, size);
368 	if (ret < 0) {
369 		printf("%s: Failed to fill buffer\n", __func__);
370 		return -1;
371 	}
372 
373 	if (ret < size) {
374 		if (dfu_hash_algo)
375 			debug("%s: %s %s: 0x%x\n", __func__, dfu->name,
376 			      dfu_hash_algo->name, dfu->crc);
377 		puts("\nUPLOAD ... done\nCtrl+C to exit ...\n");
378 
379 		dfu_transaction_cleanup(dfu);
380 	}
381 
382 	return ret;
383 }
384 
dfu_fill_entity(struct dfu_entity * dfu,char * s,int alt,char * interface,char * devstr)385 static int dfu_fill_entity(struct dfu_entity *dfu, char *s, int alt,
386 			   char *interface, char *devstr)
387 {
388 	char *st;
389 
390 	debug("%s: %s interface: %s dev: %s\n", __func__, s, interface, devstr);
391 	st = strsep(&s, " ");
392 	strcpy(dfu->name, st);
393 
394 	dfu->alt = alt;
395 	dfu->max_buf_size = 0;
396 	dfu->free_entity = NULL;
397 
398 	/* Specific for mmc device */
399 	if (strcmp(interface, "mmc") == 0) {
400 		if (dfu_fill_entity_mmc(dfu, devstr, s))
401 			return -1;
402 	} else if (strcmp(interface, "nand") == 0) {
403 		if (dfu_fill_entity_nand(dfu, devstr, s))
404 			return -1;
405 	} else if (strcmp(interface, "ram") == 0) {
406 		if (dfu_fill_entity_ram(dfu, devstr, s))
407 			return -1;
408 	} else if (strcmp(interface, "sf") == 0) {
409 		if (dfu_fill_entity_sf(dfu, devstr, s))
410 			return -1;
411 	} else {
412 		printf("%s: Device %s not (yet) supported!\n",
413 		       __func__,  interface);
414 		return -1;
415 	}
416 	dfu_get_buf(dfu);
417 
418 	return 0;
419 }
420 
dfu_free_entities(void)421 void dfu_free_entities(void)
422 {
423 	struct dfu_entity *dfu, *p, *t = NULL;
424 
425 	dfu_free_buf();
426 	list_for_each_entry_safe_reverse(dfu, p, &dfu_list, list) {
427 		list_del(&dfu->list);
428 		if (dfu->free_entity)
429 			dfu->free_entity(dfu);
430 		t = dfu;
431 	}
432 	if (t)
433 		free(t);
434 	INIT_LIST_HEAD(&dfu_list);
435 
436 	alt_num_cnt = 0;
437 }
438 
dfu_config_entities(char * env,char * interface,char * devstr)439 int dfu_config_entities(char *env, char *interface, char *devstr)
440 {
441 	struct dfu_entity *dfu;
442 	int i, ret;
443 	char *s;
444 
445 	dfu_alt_num = dfu_find_alt_num(env);
446 	debug("%s: dfu_alt_num=%d\n", __func__, dfu_alt_num);
447 
448 	dfu_hash_algo = NULL;
449 	s = dfu_get_hash_algo();
450 	if (s) {
451 		ret = hash_lookup_algo(s, &dfu_hash_algo);
452 		if (ret)
453 			pr_err("Hash algorithm %s not supported\n", s);
454 	}
455 
456 	dfu = calloc(sizeof(*dfu), dfu_alt_num);
457 	if (!dfu)
458 		return -1;
459 	for (i = 0; i < dfu_alt_num; i++) {
460 
461 		s = strsep(&env, ";");
462 		ret = dfu_fill_entity(&dfu[i], s, alt_num_cnt, interface,
463 				      devstr);
464 		if (ret) {
465 			free(dfu);
466 			return -1;
467 		}
468 
469 		list_add_tail(&dfu[i].list, &dfu_list);
470 		alt_num_cnt++;
471 	}
472 
473 	return 0;
474 }
475 
dfu_get_dev_type(enum dfu_device_type t)476 const char *dfu_get_dev_type(enum dfu_device_type t)
477 {
478 	const char *dev_t[] = {NULL, "eMMC", "OneNAND", "NAND", "RAM", "SF" };
479 	return dev_t[t];
480 }
481 
dfu_get_layout(enum dfu_layout l)482 const char *dfu_get_layout(enum dfu_layout l)
483 {
484 	const char *dfu_layout[] = {NULL, "RAW_ADDR", "FAT", "EXT2",
485 					   "EXT3", "EXT4", "RAM_ADDR" };
486 	return dfu_layout[l];
487 }
488 
dfu_show_entities(void)489 void dfu_show_entities(void)
490 {
491 	struct dfu_entity *dfu;
492 
493 	puts("DFU alt settings list:\n");
494 
495 	list_for_each_entry(dfu, &dfu_list, list) {
496 		printf("dev: %s alt: %d name: %s layout: %s\n",
497 		       dfu_get_dev_type(dfu->dev_type), dfu->alt,
498 		       dfu->name, dfu_get_layout(dfu->layout));
499 	}
500 }
501 
dfu_get_alt_number(void)502 int dfu_get_alt_number(void)
503 {
504 	return dfu_alt_num;
505 }
506 
dfu_get_entity(int alt)507 struct dfu_entity *dfu_get_entity(int alt)
508 {
509 	struct dfu_entity *dfu;
510 
511 	list_for_each_entry(dfu, &dfu_list, list) {
512 		if (dfu->alt == alt)
513 			return dfu;
514 	}
515 
516 	return NULL;
517 }
518 
dfu_get_alt(char * name)519 int dfu_get_alt(char *name)
520 {
521 	struct dfu_entity *dfu;
522 	char *str;
523 
524 	list_for_each_entry(dfu, &dfu_list, list) {
525 		if (dfu->name[0] != '/') {
526 			if (!strncmp(dfu->name, name, strlen(dfu->name)))
527 				return dfu->alt;
528 		} else {
529 			/*
530 			 * One must also consider absolute path
531 			 * (/boot/bin/uImage) available at dfu->name when
532 			 * compared "plain" file name (uImage)
533 			 *
534 			 * It is the case for e.g. thor gadget where lthor SW
535 			 * sends only the file name, so only the very last part
536 			 * of path must be checked for equality
537 			 */
538 
539 			str = strstr(dfu->name, name);
540 			if (!str)
541 				continue;
542 
543 			/*
544 			 * Check if matching substring is the last element of
545 			 * dfu->name (uImage)
546 			 */
547 			if (strlen(dfu->name) ==
548 			    ((str - dfu->name) + strlen(name)))
549 				return dfu->alt;
550 		}
551 	}
552 
553 	return -ENODEV;
554 }
555 
dfu_write_from_mem_addr(struct dfu_entity * dfu,void * buf,int size)556 int dfu_write_from_mem_addr(struct dfu_entity *dfu, void *buf, int size)
557 {
558 	unsigned long dfu_buf_size, write, left = size;
559 	int i, ret = 0;
560 	void *dp = buf;
561 
562 	/*
563 	 * Here we must call dfu_get_buf(dfu) first to be sure that dfu_buf_size
564 	 * has been properly initialized - e.g. if "dfu_bufsiz" has been taken
565 	 * into account.
566 	 */
567 	dfu_get_buf(dfu);
568 	dfu_buf_size = dfu_get_buf_size();
569 	debug("%s: dfu buf size: %lu\n", __func__, dfu_buf_size);
570 
571 	for (i = 0; left > 0; i++) {
572 		write = min(dfu_buf_size, left);
573 
574 		debug("%s: dp: 0x%p left: %lu write: %lu\n", __func__,
575 		      dp, left, write);
576 		ret = dfu_write(dfu, dp, write, i);
577 		if (ret) {
578 			pr_err("DFU write failed\n");
579 			return ret;
580 		}
581 
582 		dp += write;
583 		left -= write;
584 	}
585 
586 	ret = dfu_flush(dfu, NULL, 0, i);
587 	if (ret)
588 		pr_err("DFU flush failed!");
589 
590 	return ret;
591 }
592