1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * Copyright 2014 Broadcom Corporation.
4  */
5 
6 #include <config.h>
7 #include <common.h>
8 #include <blk.h>
9 #include <fastboot.h>
10 #include <fastboot-internal.h>
11 #include <fb_mmc.h>
12 #include <image-sparse.h>
13 #include <part.h>
14 #include <mmc.h>
15 #include <div64.h>
16 #include <linux/compat.h>
17 #include <android_image.h>
18 
19 #define FASTBOOT_MAX_BLK_WRITE 16384
20 
21 #define BOOT_PARTITION_NAME "boot"
22 
23 struct fb_mmc_sparse {
24 	struct blk_desc	*dev_desc;
25 };
26 
part_get_info_by_name_or_alias(struct blk_desc * dev_desc,const char * name,disk_partition_t * info)27 static int part_get_info_by_name_or_alias(struct blk_desc *dev_desc,
28 		const char *name, disk_partition_t *info)
29 {
30 	int ret;
31 
32 	ret = part_get_info_by_name(dev_desc, name, info);
33 	if (ret < 0) {
34 		/* strlen("fastboot_partition_alias_") + 32(part_name) + 1 */
35 		char env_alias_name[25 + 32 + 1];
36 		char *aliased_part_name;
37 
38 		/* check for alias */
39 		strcpy(env_alias_name, "fastboot_partition_alias_");
40 		strncat(env_alias_name, name, 32);
41 		aliased_part_name = env_get(env_alias_name);
42 		if (aliased_part_name != NULL)
43 			ret = part_get_info_by_name(dev_desc,
44 					aliased_part_name, info);
45 	}
46 	return ret;
47 }
48 
49 /**
50  * fb_mmc_blk_write() - Write/erase MMC in chunks of FASTBOOT_MAX_BLK_WRITE
51  *
52  * @block_dev: Pointer to block device
53  * @start: First block to write/erase
54  * @blkcnt: Count of blocks
55  * @buffer: Pointer to data buffer for write or NULL for erase
56  */
fb_mmc_blk_write(struct blk_desc * block_dev,lbaint_t start,lbaint_t blkcnt,const void * buffer)57 static lbaint_t fb_mmc_blk_write(struct blk_desc *block_dev, lbaint_t start,
58 				 lbaint_t blkcnt, const void *buffer)
59 {
60 	lbaint_t blk = start;
61 	lbaint_t blks_written;
62 	lbaint_t cur_blkcnt;
63 	lbaint_t blks = 0;
64 	int i;
65 
66 	for (i = 0; i < blkcnt; i += FASTBOOT_MAX_BLK_WRITE) {
67 		cur_blkcnt = min((int)blkcnt - i, FASTBOOT_MAX_BLK_WRITE);
68 		if (buffer) {
69 			if (fastboot_progress_callback)
70 				fastboot_progress_callback("writing");
71 			blks_written = blk_dwrite(block_dev, blk, cur_blkcnt,
72 						  buffer + (i * block_dev->blksz));
73 		} else {
74 			if (fastboot_progress_callback)
75 				fastboot_progress_callback("erasing");
76 			blks_written = blk_derase(block_dev, blk, cur_blkcnt);
77 		}
78 		blk += blks_written;
79 		blks += blks_written;
80 	}
81 	return blks;
82 }
83 
fb_mmc_sparse_write(struct sparse_storage * info,lbaint_t blk,lbaint_t blkcnt,const void * buffer)84 static lbaint_t fb_mmc_sparse_write(struct sparse_storage *info,
85 		lbaint_t blk, lbaint_t blkcnt, const void *buffer)
86 {
87 	struct fb_mmc_sparse *sparse = info->priv;
88 	struct blk_desc *dev_desc = sparse->dev_desc;
89 
90 	return fb_mmc_blk_write(dev_desc, blk, blkcnt, buffer);
91 }
92 
fb_mmc_sparse_reserve(struct sparse_storage * info,lbaint_t blk,lbaint_t blkcnt)93 static lbaint_t fb_mmc_sparse_reserve(struct sparse_storage *info,
94 		lbaint_t blk, lbaint_t blkcnt)
95 {
96 	return blkcnt;
97 }
98 
write_raw_image(struct blk_desc * dev_desc,disk_partition_t * info,const char * part_name,void * buffer,u32 download_bytes,char * response)99 static void write_raw_image(struct blk_desc *dev_desc, disk_partition_t *info,
100 		const char *part_name, void *buffer,
101 		u32 download_bytes, char *response)
102 {
103 	lbaint_t blkcnt;
104 	lbaint_t blks;
105 
106 	/* determine number of blocks to write */
107 	blkcnt = ((download_bytes + (info->blksz - 1)) & ~(info->blksz - 1));
108 	blkcnt = lldiv(blkcnt, info->blksz);
109 
110 	if (blkcnt > info->size) {
111 		pr_err("too large for partition: '%s'\n", part_name);
112 		fastboot_fail("too large for partition", response);
113 		return;
114 	}
115 
116 	puts("Flashing Raw Image\n");
117 
118 	blks = fb_mmc_blk_write(dev_desc, info->start, blkcnt, buffer);
119 
120 	if (blks != blkcnt) {
121 		pr_err("failed writing to device %d\n", dev_desc->devnum);
122 		fastboot_fail("failed writing to device", response);
123 		return;
124 	}
125 
126 	printf("........ wrote " LBAFU " bytes to '%s'\n", blkcnt * info->blksz,
127 	       part_name);
128 	fastboot_okay(NULL, response);
129 }
130 
131 #ifdef CONFIG_ANDROID_BOOT_IMAGE
132 /**
133  * Read Android boot image header from boot partition.
134  *
135  * @param[in] dev_desc MMC device descriptor
136  * @param[in] info Boot partition info
137  * @param[out] hdr Where to store read boot image header
138  *
139  * @return Boot image header sectors count or 0 on error
140  */
fb_mmc_get_boot_header(struct blk_desc * dev_desc,disk_partition_t * info,struct andr_img_hdr * hdr,char * response)141 static lbaint_t fb_mmc_get_boot_header(struct blk_desc *dev_desc,
142 				       disk_partition_t *info,
143 				       struct andr_img_hdr *hdr,
144 				       char *response)
145 {
146 	ulong sector_size;		/* boot partition sector size */
147 	lbaint_t hdr_sectors;		/* boot image header sectors count */
148 	int res;
149 
150 	/* Calculate boot image sectors count */
151 	sector_size = info->blksz;
152 	hdr_sectors = DIV_ROUND_UP(sizeof(struct andr_img_hdr), sector_size);
153 	if (hdr_sectors == 0) {
154 		pr_err("invalid number of boot sectors: 0\n");
155 		fastboot_fail("invalid number of boot sectors: 0", response);
156 		return 0;
157 	}
158 
159 	/* Read the boot image header */
160 	res = blk_dread(dev_desc, info->start, hdr_sectors, (void *)hdr);
161 	if (res != hdr_sectors) {
162 		pr_err("cannot read header from boot partition\n");
163 		fastboot_fail("cannot read header from boot partition",
164 			      response);
165 		return 0;
166 	}
167 
168 	/* Check boot header magic string */
169 	res = android_image_check_header(hdr);
170 	if (res != 0) {
171 		pr_err("bad boot image magic\n");
172 		fastboot_fail("boot partition not initialized", response);
173 		return 0;
174 	}
175 
176 	return hdr_sectors;
177 }
178 
179 /**
180  * Write downloaded zImage to boot partition and repack it properly.
181  *
182  * @param dev_desc MMC device descriptor
183  * @param download_buffer Address to fastboot buffer with zImage in it
184  * @param download_bytes Size of fastboot buffer, in bytes
185  *
186  * @return 0 on success or -1 on error
187  */
fb_mmc_update_zimage(struct blk_desc * dev_desc,void * download_buffer,u32 download_bytes,char * response)188 static int fb_mmc_update_zimage(struct blk_desc *dev_desc,
189 				void *download_buffer,
190 				u32 download_bytes,
191 				char *response)
192 {
193 	uintptr_t hdr_addr;			/* boot image header address */
194 	struct andr_img_hdr *hdr;		/* boot image header */
195 	lbaint_t hdr_sectors;			/* boot image header sectors */
196 	u8 *ramdisk_buffer;
197 	u32 ramdisk_sector_start;
198 	u32 ramdisk_sectors;
199 	u32 kernel_sector_start;
200 	u32 kernel_sectors;
201 	u32 sectors_per_page;
202 	disk_partition_t info;
203 	int res;
204 
205 	puts("Flashing zImage\n");
206 
207 	/* Get boot partition info */
208 	res = part_get_info_by_name(dev_desc, BOOT_PARTITION_NAME, &info);
209 	if (res < 0) {
210 		pr_err("cannot find boot partition\n");
211 		fastboot_fail("cannot find boot partition", response);
212 		return -1;
213 	}
214 
215 	/* Put boot image header in fastboot buffer after downloaded zImage */
216 	hdr_addr = (uintptr_t)download_buffer + ALIGN(download_bytes, PAGE_SIZE);
217 	hdr = (struct andr_img_hdr *)hdr_addr;
218 
219 	/* Read boot image header */
220 	hdr_sectors = fb_mmc_get_boot_header(dev_desc, &info, hdr, response);
221 	if (hdr_sectors == 0) {
222 		pr_err("unable to read boot image header\n");
223 		fastboot_fail("unable to read boot image header", response);
224 		return -1;
225 	}
226 
227 	/* Check if boot image has second stage in it (we don't support it) */
228 	if (hdr->second_size > 0) {
229 		pr_err("moving second stage is not supported yet\n");
230 		fastboot_fail("moving second stage is not supported yet",
231 			      response);
232 		return -1;
233 	}
234 
235 	/* Extract ramdisk location */
236 	sectors_per_page = hdr->page_size / info.blksz;
237 	ramdisk_sector_start = info.start + sectors_per_page;
238 	ramdisk_sector_start += DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) *
239 					     sectors_per_page;
240 	ramdisk_sectors = DIV_ROUND_UP(hdr->ramdisk_size, hdr->page_size) *
241 				       sectors_per_page;
242 
243 	/* Read ramdisk and put it in fastboot buffer after boot image header */
244 	ramdisk_buffer = (u8 *)hdr + (hdr_sectors * info.blksz);
245 	res = blk_dread(dev_desc, ramdisk_sector_start, ramdisk_sectors,
246 			ramdisk_buffer);
247 	if (res != ramdisk_sectors) {
248 		pr_err("cannot read ramdisk from boot partition\n");
249 		fastboot_fail("cannot read ramdisk from boot partition",
250 			      response);
251 		return -1;
252 	}
253 
254 	/* Write new kernel size to boot image header */
255 	hdr->kernel_size = download_bytes;
256 	res = blk_dwrite(dev_desc, info.start, hdr_sectors, (void *)hdr);
257 	if (res == 0) {
258 		pr_err("cannot writeback boot image header\n");
259 		fastboot_fail("cannot write back boot image header", response);
260 		return -1;
261 	}
262 
263 	/* Write the new downloaded kernel */
264 	kernel_sector_start = info.start + sectors_per_page;
265 	kernel_sectors = DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) *
266 				      sectors_per_page;
267 	res = blk_dwrite(dev_desc, kernel_sector_start, kernel_sectors,
268 			 download_buffer);
269 	if (res == 0) {
270 		pr_err("cannot write new kernel\n");
271 		fastboot_fail("cannot write new kernel", response);
272 		return -1;
273 	}
274 
275 	/* Write the saved ramdisk back */
276 	ramdisk_sector_start = info.start + sectors_per_page;
277 	ramdisk_sector_start += DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) *
278 					     sectors_per_page;
279 	res = blk_dwrite(dev_desc, ramdisk_sector_start, ramdisk_sectors,
280 			 ramdisk_buffer);
281 	if (res == 0) {
282 		pr_err("cannot write back original ramdisk\n");
283 		fastboot_fail("cannot write back original ramdisk", response);
284 		return -1;
285 	}
286 
287 	puts("........ zImage was updated in boot partition\n");
288 	fastboot_okay(NULL, response);
289 	return 0;
290 }
291 #endif
292 
293 /**
294  * fastboot_mmc_get_part_info() - Lookup eMMC partion by name
295  *
296  * @part_name: Named partition to lookup
297  * @dev_desc: Pointer to returned blk_desc pointer
298  * @part_info: Pointer to returned disk_partition_t
299  * @response: Pointer to fastboot response buffer
300  */
fastboot_mmc_get_part_info(char * part_name,struct blk_desc ** dev_desc,disk_partition_t * part_info,char * response)301 int fastboot_mmc_get_part_info(char *part_name, struct blk_desc **dev_desc,
302 			       disk_partition_t *part_info, char *response)
303 {
304 	int r;
305 
306 	*dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
307 	if (!*dev_desc) {
308 		fastboot_fail("block device not found", response);
309 		return -ENOENT;
310 	}
311 	if (!part_name) {
312 		fastboot_fail("partition not found", response);
313 		return -ENOENT;
314 	}
315 
316 	r = part_get_info_by_name_or_alias(*dev_desc, part_name, part_info);
317 	if (r < 0) {
318 		fastboot_fail("partition not found", response);
319 		return r;
320 	}
321 
322 	return r;
323 }
324 
325 /**
326  * fastboot_mmc_flash_write() - Write image to eMMC for fastboot
327  *
328  * @cmd: Named partition to write image to
329  * @download_buffer: Pointer to image data
330  * @download_bytes: Size of image data
331  * @response: Pointer to fastboot response buffer
332  */
fastboot_mmc_flash_write(const char * cmd,void * download_buffer,u32 download_bytes,char * response)333 void fastboot_mmc_flash_write(const char *cmd, void *download_buffer,
334 			      u32 download_bytes, char *response)
335 {
336 	struct blk_desc *dev_desc;
337 	disk_partition_t info;
338 
339 	dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
340 	if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) {
341 		pr_err("invalid mmc device\n");
342 		fastboot_fail("invalid mmc device", response);
343 		return;
344 	}
345 
346 #if CONFIG_IS_ENABLED(EFI_PARTITION)
347 	if (strcmp(cmd, CONFIG_FASTBOOT_GPT_NAME) == 0) {
348 		printf("%s: updating MBR, Primary and Backup GPT(s)\n",
349 		       __func__);
350 		if (is_valid_gpt_buf(dev_desc, download_buffer)) {
351 			printf("%s: invalid GPT - refusing to write to flash\n",
352 			       __func__);
353 			fastboot_fail("invalid GPT partition", response);
354 			return;
355 		}
356 		if (write_mbr_and_gpt_partitions(dev_desc, download_buffer)) {
357 			printf("%s: writing GPT partitions failed\n", __func__);
358 			fastboot_fail("writing GPT partitions failed",
359 				      response);
360 			return;
361 		}
362 		printf("........ success\n");
363 		fastboot_okay(NULL, response);
364 		return;
365 	}
366 #endif
367 
368 #if CONFIG_IS_ENABLED(DOS_PARTITION)
369 	if (strcmp(cmd, CONFIG_FASTBOOT_MBR_NAME) == 0) {
370 		printf("%s: updating MBR\n", __func__);
371 		if (is_valid_dos_buf(download_buffer)) {
372 			printf("%s: invalid MBR - refusing to write to flash\n",
373 			       __func__);
374 			fastboot_fail("invalid MBR partition", response);
375 			return;
376 		}
377 		if (write_mbr_partition(dev_desc, download_buffer)) {
378 			printf("%s: writing MBR partition failed\n", __func__);
379 			fastboot_fail("writing MBR partition failed",
380 				      response);
381 			return;
382 		}
383 		printf("........ success\n");
384 		fastboot_okay(NULL, response);
385 		return;
386 	}
387 #endif
388 
389 #ifdef CONFIG_ANDROID_BOOT_IMAGE
390 	if (strncasecmp(cmd, "zimage", 6) == 0) {
391 		fb_mmc_update_zimage(dev_desc, download_buffer,
392 				     download_bytes, response);
393 		return;
394 	}
395 #endif
396 
397 	if (part_get_info_by_name_or_alias(dev_desc, cmd, &info) < 0) {
398 		pr_err("cannot find partition: '%s'\n", cmd);
399 		fastboot_fail("cannot find partition", response);
400 		return;
401 	}
402 
403 	if (is_sparse_image(download_buffer)) {
404 		struct fb_mmc_sparse sparse_priv;
405 		struct sparse_storage sparse;
406 		int err;
407 
408 		sparse_priv.dev_desc = dev_desc;
409 
410 		sparse.blksz = info.blksz;
411 		sparse.start = info.start;
412 		sparse.size = info.size;
413 		sparse.write = fb_mmc_sparse_write;
414 		sparse.reserve = fb_mmc_sparse_reserve;
415 		sparse.mssg = fastboot_fail;
416 
417 		printf("Flashing sparse image at offset " LBAFU "\n",
418 		       sparse.start);
419 
420 		sparse.priv = &sparse_priv;
421 		err = write_sparse_image(&sparse, cmd, download_buffer,
422 					 response);
423 		if (!err)
424 			fastboot_okay(NULL, response);
425 	} else {
426 		write_raw_image(dev_desc, &info, cmd, download_buffer,
427 				download_bytes, response);
428 	}
429 }
430 
431 /**
432  * fastboot_mmc_flash_erase() - Erase eMMC for fastboot
433  *
434  * @cmd: Named partition to erase
435  * @response: Pointer to fastboot response buffer
436  */
fastboot_mmc_erase(const char * cmd,char * response)437 void fastboot_mmc_erase(const char *cmd, char *response)
438 {
439 	int ret;
440 	struct blk_desc *dev_desc;
441 	disk_partition_t info;
442 	lbaint_t blks, blks_start, blks_size, grp_size;
443 	struct mmc *mmc = find_mmc_device(CONFIG_FASTBOOT_FLASH_MMC_DEV);
444 
445 	if (mmc == NULL) {
446 		pr_err("invalid mmc device\n");
447 		fastboot_fail("invalid mmc device", response);
448 		return;
449 	}
450 
451 	dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
452 	if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) {
453 		pr_err("invalid mmc device\n");
454 		fastboot_fail("invalid mmc device", response);
455 		return;
456 	}
457 
458 	ret = part_get_info_by_name_or_alias(dev_desc, cmd, &info);
459 	if (ret < 0) {
460 		pr_err("cannot find partition: '%s'\n", cmd);
461 		fastboot_fail("cannot find partition", response);
462 		return;
463 	}
464 
465 	/* Align blocks to erase group size to avoid erasing other partitions */
466 	grp_size = mmc->erase_grp_size;
467 	blks_start = (info.start + grp_size - 1) & ~(grp_size - 1);
468 	if (info.size >= grp_size)
469 		blks_size = (info.size - (blks_start - info.start)) &
470 				(~(grp_size - 1));
471 	else
472 		blks_size = 0;
473 
474 	printf("Erasing blocks " LBAFU " to " LBAFU " due to alignment\n",
475 	       blks_start, blks_start + blks_size);
476 
477 	blks = fb_mmc_blk_write(dev_desc, blks_start, blks_size, NULL);
478 
479 	if (blks != blks_size) {
480 		pr_err("failed erasing from device %d\n", dev_desc->devnum);
481 		fastboot_fail("failed erasing from device", response);
482 		return;
483 	}
484 
485 	printf("........ erased " LBAFU " bytes from '%s'\n",
486 	       blks_size * info.blksz, cmd);
487 	fastboot_okay(NULL, response);
488 }
489