1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <stdio.h>
18 #include <stdlib.h>
19 #include <string.h>
20 #include <unistd.h>
21 #include <fcntl.h>
22 #include <errno.h>
23 #include <sys/mount.h> // for _IOW, _IOR, mount()
24 #include <sys/stat.h>
25 #include <mtd/mtd-user.h>
26 #undef NDEBUG
27 #include <assert.h>
28
29 #include "mtdutils.h"
30
31 struct MtdPartition {
32 int device_index;
33 unsigned int size;
34 unsigned int erase_size;
35 char *name;
36 };
37
38 struct MtdReadContext {
39 const MtdPartition *partition;
40 char *buffer;
41 size_t consumed;
42 int fd;
43 };
44
45 struct MtdWriteContext {
46 const MtdPartition *partition;
47 char *buffer;
48 size_t stored;
49 int fd;
50
51 off_t* bad_block_offsets;
52 int bad_block_alloc;
53 int bad_block_count;
54 };
55
56 typedef struct {
57 MtdPartition *partitions;
58 int partitions_allocd;
59 int partition_count;
60 } MtdState;
61
62 static MtdState g_mtd_state = {
63 NULL, // partitions
64 0, // partitions_allocd
65 -1 // partition_count
66 };
67
68 #define MTD_PROC_FILENAME "/proc/mtd"
69
70 int
mtd_scan_partitions()71 mtd_scan_partitions()
72 {
73 char buf[2048];
74 const char *bufp;
75 int fd;
76 int i;
77 ssize_t nbytes;
78
79 if (g_mtd_state.partitions == NULL) {
80 const int nump = 32;
81 MtdPartition *partitions = malloc(nump * sizeof(*partitions));
82 if (partitions == NULL) {
83 errno = ENOMEM;
84 return -1;
85 }
86 g_mtd_state.partitions = partitions;
87 g_mtd_state.partitions_allocd = nump;
88 memset(partitions, 0, nump * sizeof(*partitions));
89 }
90 g_mtd_state.partition_count = 0;
91
92 /* Initialize all of the entries to make things easier later.
93 * (Lets us handle sparsely-numbered partitions, which
94 * may not even be possible.)
95 */
96 for (i = 0; i < g_mtd_state.partitions_allocd; i++) {
97 MtdPartition *p = &g_mtd_state.partitions[i];
98 if (p->name != NULL) {
99 free(p->name);
100 p->name = NULL;
101 }
102 p->device_index = -1;
103 }
104
105 /* Open and read the file contents.
106 */
107 fd = open(MTD_PROC_FILENAME, O_RDONLY);
108 if (fd < 0) {
109 goto bail;
110 }
111 nbytes = TEMP_FAILURE_RETRY(read(fd, buf, sizeof(buf) - 1));
112 close(fd);
113 if (nbytes < 0) {
114 goto bail;
115 }
116 buf[nbytes] = '\0';
117
118 /* Parse the contents of the file, which looks like:
119 *
120 * # cat /proc/mtd
121 * dev: size erasesize name
122 * mtd0: 00080000 00020000 "bootloader"
123 * mtd1: 00400000 00020000 "mfg_and_gsm"
124 * mtd2: 00400000 00020000 "0000000c"
125 * mtd3: 00200000 00020000 "0000000d"
126 * mtd4: 04000000 00020000 "system"
127 * mtd5: 03280000 00020000 "userdata"
128 */
129 bufp = buf;
130 while (nbytes > 0) {
131 int mtdnum, mtdsize, mtderasesize;
132 int matches;
133 char mtdname[64];
134 mtdname[0] = '\0';
135 mtdnum = -1;
136
137 matches = sscanf(bufp, "mtd%d: %x %x \"%63[^\"]",
138 &mtdnum, &mtdsize, &mtderasesize, mtdname);
139 /* This will fail on the first line, which just contains
140 * column headers.
141 */
142 if (matches == 4) {
143 MtdPartition *p = &g_mtd_state.partitions[mtdnum];
144 p->device_index = mtdnum;
145 p->size = mtdsize;
146 p->erase_size = mtderasesize;
147 p->name = strdup(mtdname);
148 if (p->name == NULL) {
149 errno = ENOMEM;
150 goto bail;
151 }
152 g_mtd_state.partition_count++;
153 }
154
155 /* Eat the line.
156 */
157 while (nbytes > 0 && *bufp != '\n') {
158 bufp++;
159 nbytes--;
160 }
161 if (nbytes > 0) {
162 bufp++;
163 nbytes--;
164 }
165 }
166
167 return g_mtd_state.partition_count;
168
169 bail:
170 // keep "partitions" around so we can free the names on a rescan.
171 g_mtd_state.partition_count = -1;
172 return -1;
173 }
174
175 const MtdPartition *
mtd_find_partition_by_name(const char * name)176 mtd_find_partition_by_name(const char *name)
177 {
178 if (g_mtd_state.partitions != NULL) {
179 int i;
180 for (i = 0; i < g_mtd_state.partitions_allocd; i++) {
181 MtdPartition *p = &g_mtd_state.partitions[i];
182 if (p->device_index >= 0 && p->name != NULL) {
183 if (strcmp(p->name, name) == 0) {
184 return p;
185 }
186 }
187 }
188 }
189 return NULL;
190 }
191
192 int
mtd_mount_partition(const MtdPartition * partition,const char * mount_point,const char * filesystem,int read_only)193 mtd_mount_partition(const MtdPartition *partition, const char *mount_point,
194 const char *filesystem, int read_only)
195 {
196 const unsigned long flags = MS_NOATIME | MS_NODEV | MS_NODIRATIME;
197 char devname[64];
198 int rv = -1;
199
200 sprintf(devname, "/dev/block/mtdblock%d", partition->device_index);
201 if (!read_only) {
202 rv = mount(devname, mount_point, filesystem, flags, NULL);
203 }
204 if (read_only || rv < 0) {
205 rv = mount(devname, mount_point, filesystem, flags | MS_RDONLY, 0);
206 if (rv < 0) {
207 printf("Failed to mount %s on %s: %s\n",
208 devname, mount_point, strerror(errno));
209 } else {
210 printf("Mount %s on %s read-only\n", devname, mount_point);
211 }
212 }
213 #if 1 //TODO: figure out why this is happening; remove include of stat.h
214 if (rv >= 0) {
215 /* For some reason, the x bits sometimes aren't set on the root
216 * of mounted volumes.
217 */
218 struct stat st;
219 rv = stat(mount_point, &st);
220 if (rv < 0) {
221 return rv;
222 }
223 mode_t new_mode = st.st_mode | S_IXUSR | S_IXGRP | S_IXOTH;
224 if (new_mode != st.st_mode) {
225 printf("Fixing execute permissions for %s\n", mount_point);
226 rv = chmod(mount_point, new_mode);
227 if (rv < 0) {
228 printf("Couldn't fix permissions for %s: %s\n",
229 mount_point, strerror(errno));
230 }
231 }
232 }
233 #endif
234 return rv;
235 }
236
237 int
mtd_partition_info(const MtdPartition * partition,size_t * total_size,size_t * erase_size,size_t * write_size)238 mtd_partition_info(const MtdPartition *partition,
239 size_t *total_size, size_t *erase_size, size_t *write_size)
240 {
241 char mtddevname[32];
242 sprintf(mtddevname, "/dev/mtd/mtd%d", partition->device_index);
243 int fd = open(mtddevname, O_RDONLY);
244 if (fd < 0) return -1;
245
246 struct mtd_info_user mtd_info;
247 int ret = ioctl(fd, MEMGETINFO, &mtd_info);
248 close(fd);
249 if (ret < 0) return -1;
250
251 if (total_size != NULL) *total_size = mtd_info.size;
252 if (erase_size != NULL) *erase_size = mtd_info.erasesize;
253 if (write_size != NULL) *write_size = mtd_info.writesize;
254 return 0;
255 }
256
mtd_read_partition(const MtdPartition * partition)257 MtdReadContext *mtd_read_partition(const MtdPartition *partition)
258 {
259 MtdReadContext *ctx = (MtdReadContext*) malloc(sizeof(MtdReadContext));
260 if (ctx == NULL) return NULL;
261
262 ctx->buffer = malloc(partition->erase_size);
263 if (ctx->buffer == NULL) {
264 free(ctx);
265 return NULL;
266 }
267
268 char mtddevname[32];
269 sprintf(mtddevname, "/dev/mtd/mtd%d", partition->device_index);
270 ctx->fd = open(mtddevname, O_RDONLY);
271 if (ctx->fd < 0) {
272 free(ctx->buffer);
273 free(ctx);
274 return NULL;
275 }
276
277 ctx->partition = partition;
278 ctx->consumed = partition->erase_size;
279 return ctx;
280 }
281
read_block(const MtdPartition * partition,int fd,char * data)282 static int read_block(const MtdPartition *partition, int fd, char *data)
283 {
284 struct mtd_ecc_stats before, after;
285 if (ioctl(fd, ECCGETSTATS, &before)) {
286 printf("mtd: ECCGETSTATS error (%s)\n", strerror(errno));
287 return -1;
288 }
289
290 loff_t pos = TEMP_FAILURE_RETRY(lseek64(fd, 0, SEEK_CUR));
291 if (pos == -1) {
292 printf("mtd: read_block: couldn't SEEK_CUR: %s\n", strerror(errno));
293 return -1;
294 }
295
296 ssize_t size = partition->erase_size;
297 int mgbb;
298
299 while (pos + size <= (int) partition->size) {
300 if (TEMP_FAILURE_RETRY(lseek64(fd, pos, SEEK_SET)) != pos ||
301 TEMP_FAILURE_RETRY(read(fd, data, size)) != size) {
302 printf("mtd: read error at 0x%08llx (%s)\n",
303 pos, strerror(errno));
304 } else if (ioctl(fd, ECCGETSTATS, &after)) {
305 printf("mtd: ECCGETSTATS error (%s)\n", strerror(errno));
306 return -1;
307 } else if (after.failed != before.failed) {
308 printf("mtd: ECC errors (%d soft, %d hard) at 0x%08llx\n",
309 after.corrected - before.corrected,
310 after.failed - before.failed, pos);
311 // copy the comparison baseline for the next read.
312 memcpy(&before, &after, sizeof(struct mtd_ecc_stats));
313 } else if ((mgbb = ioctl(fd, MEMGETBADBLOCK, &pos))) {
314 fprintf(stderr,
315 "mtd: MEMGETBADBLOCK returned %d at 0x%08llx: %s\n",
316 mgbb, pos, strerror(errno));
317 } else {
318 return 0; // Success!
319 }
320
321 pos += partition->erase_size;
322 }
323
324 errno = ENOSPC;
325 return -1;
326 }
327
mtd_read_data(MtdReadContext * ctx,char * data,size_t len)328 ssize_t mtd_read_data(MtdReadContext *ctx, char *data, size_t len)
329 {
330 size_t read = 0;
331 while (read < len) {
332 if (ctx->consumed < ctx->partition->erase_size) {
333 size_t avail = ctx->partition->erase_size - ctx->consumed;
334 size_t copy = len - read < avail ? len - read : avail;
335 memcpy(data + read, ctx->buffer + ctx->consumed, copy);
336 ctx->consumed += copy;
337 read += copy;
338 }
339
340 // Read complete blocks directly into the user's buffer
341 while (ctx->consumed == ctx->partition->erase_size &&
342 len - read >= ctx->partition->erase_size) {
343 if (read_block(ctx->partition, ctx->fd, data + read)) return -1;
344 read += ctx->partition->erase_size;
345 }
346
347 if (read >= len) {
348 return read;
349 }
350
351 // Read the next block into the buffer
352 if (ctx->consumed == ctx->partition->erase_size && read < len) {
353 if (read_block(ctx->partition, ctx->fd, ctx->buffer)) return -1;
354 ctx->consumed = 0;
355 }
356 }
357
358 return read;
359 }
360
mtd_read_close(MtdReadContext * ctx)361 void mtd_read_close(MtdReadContext *ctx)
362 {
363 close(ctx->fd);
364 free(ctx->buffer);
365 free(ctx);
366 }
367
mtd_write_partition(const MtdPartition * partition)368 MtdWriteContext *mtd_write_partition(const MtdPartition *partition)
369 {
370 MtdWriteContext *ctx = (MtdWriteContext*) malloc(sizeof(MtdWriteContext));
371 if (ctx == NULL) return NULL;
372
373 ctx->bad_block_offsets = NULL;
374 ctx->bad_block_alloc = 0;
375 ctx->bad_block_count = 0;
376
377 ctx->buffer = malloc(partition->erase_size);
378 if (ctx->buffer == NULL) {
379 free(ctx);
380 return NULL;
381 }
382
383 char mtddevname[32];
384 sprintf(mtddevname, "/dev/mtd/mtd%d", partition->device_index);
385 ctx->fd = open(mtddevname, O_RDWR);
386 if (ctx->fd < 0) {
387 free(ctx->buffer);
388 free(ctx);
389 return NULL;
390 }
391
392 ctx->partition = partition;
393 ctx->stored = 0;
394 return ctx;
395 }
396
add_bad_block_offset(MtdWriteContext * ctx,off_t pos)397 static void add_bad_block_offset(MtdWriteContext *ctx, off_t pos) {
398 if (ctx->bad_block_count + 1 > ctx->bad_block_alloc) {
399 ctx->bad_block_alloc = (ctx->bad_block_alloc*2) + 1;
400 ctx->bad_block_offsets = realloc(ctx->bad_block_offsets,
401 ctx->bad_block_alloc * sizeof(off_t));
402 }
403 ctx->bad_block_offsets[ctx->bad_block_count++] = pos;
404 }
405
write_block(MtdWriteContext * ctx,const char * data)406 static int write_block(MtdWriteContext *ctx, const char *data)
407 {
408 const MtdPartition *partition = ctx->partition;
409 int fd = ctx->fd;
410
411 off_t pos = TEMP_FAILURE_RETRY(lseek(fd, 0, SEEK_CUR));
412 if (pos == (off_t) -1) {
413 printf("mtd: write_block: couldn't SEEK_CUR: %s\n", strerror(errno));
414 return -1;
415 }
416
417 ssize_t size = partition->erase_size;
418 while (pos + size <= (int) partition->size) {
419 loff_t bpos = pos;
420 int ret = ioctl(fd, MEMGETBADBLOCK, &bpos);
421 if (ret != 0 && !(ret == -1 && errno == EOPNOTSUPP)) {
422 add_bad_block_offset(ctx, pos);
423 fprintf(stderr,
424 "mtd: not writing bad block at 0x%08lx (ret %d): %s\n",
425 pos, ret, strerror(errno));
426 pos += partition->erase_size;
427 continue; // Don't try to erase known factory-bad blocks.
428 }
429
430 struct erase_info_user erase_info;
431 erase_info.start = pos;
432 erase_info.length = size;
433 int retry;
434 for (retry = 0; retry < 2; ++retry) {
435 if (ioctl(fd, MEMERASE, &erase_info) < 0) {
436 printf("mtd: erase failure at 0x%08lx (%s)\n",
437 pos, strerror(errno));
438 continue;
439 }
440 if (TEMP_FAILURE_RETRY(lseek(fd, pos, SEEK_SET)) != pos ||
441 TEMP_FAILURE_RETRY(write(fd, data, size)) != size) {
442 printf("mtd: write error at 0x%08lx (%s)\n",
443 pos, strerror(errno));
444 }
445
446 char verify[size];
447 if (TEMP_FAILURE_RETRY(lseek(fd, pos, SEEK_SET)) != pos ||
448 TEMP_FAILURE_RETRY(read(fd, verify, size)) != size) {
449 printf("mtd: re-read error at 0x%08lx (%s)\n",
450 pos, strerror(errno));
451 continue;
452 }
453 if (memcmp(data, verify, size) != 0) {
454 printf("mtd: verification error at 0x%08lx (%s)\n",
455 pos, strerror(errno));
456 continue;
457 }
458
459 if (retry > 0) {
460 printf("mtd: wrote block after %d retries\n", retry);
461 }
462 printf("mtd: successfully wrote block at %lx\n", pos);
463 return 0; // Success!
464 }
465
466 // Try to erase it once more as we give up on this block
467 add_bad_block_offset(ctx, pos);
468 printf("mtd: skipping write block at 0x%08lx\n", pos);
469 ioctl(fd, MEMERASE, &erase_info);
470 pos += partition->erase_size;
471 }
472
473 // Ran out of space on the device
474 errno = ENOSPC;
475 return -1;
476 }
477
mtd_write_data(MtdWriteContext * ctx,const char * data,size_t len)478 ssize_t mtd_write_data(MtdWriteContext *ctx, const char *data, size_t len)
479 {
480 size_t wrote = 0;
481 while (wrote < len) {
482 // Coalesce partial writes into complete blocks
483 if (ctx->stored > 0 || len - wrote < ctx->partition->erase_size) {
484 size_t avail = ctx->partition->erase_size - ctx->stored;
485 size_t copy = len - wrote < avail ? len - wrote : avail;
486 memcpy(ctx->buffer + ctx->stored, data + wrote, copy);
487 ctx->stored += copy;
488 wrote += copy;
489 }
490
491 // If a complete block was accumulated, write it
492 if (ctx->stored == ctx->partition->erase_size) {
493 if (write_block(ctx, ctx->buffer)) return -1;
494 ctx->stored = 0;
495 }
496
497 // Write complete blocks directly from the user's buffer
498 while (ctx->stored == 0 && len - wrote >= ctx->partition->erase_size) {
499 if (write_block(ctx, data + wrote)) return -1;
500 wrote += ctx->partition->erase_size;
501 }
502 }
503
504 return wrote;
505 }
506
mtd_erase_blocks(MtdWriteContext * ctx,int blocks)507 off_t mtd_erase_blocks(MtdWriteContext *ctx, int blocks)
508 {
509 // Zero-pad and write any pending data to get us to a block boundary
510 if (ctx->stored > 0) {
511 size_t zero = ctx->partition->erase_size - ctx->stored;
512 memset(ctx->buffer + ctx->stored, 0, zero);
513 if (write_block(ctx, ctx->buffer)) return -1;
514 ctx->stored = 0;
515 }
516
517 off_t pos = TEMP_FAILURE_RETRY(lseek(ctx->fd, 0, SEEK_CUR));
518 if ((off_t) pos == (off_t) -1) {
519 printf("mtd_erase_blocks: couldn't SEEK_CUR: %s\n", strerror(errno));
520 return -1;
521 }
522
523 const int total = (ctx->partition->size - pos) / ctx->partition->erase_size;
524 if (blocks < 0) blocks = total;
525 if (blocks > total) {
526 errno = ENOSPC;
527 return -1;
528 }
529
530 // Erase the specified number of blocks
531 while (blocks-- > 0) {
532 loff_t bpos = pos;
533 if (ioctl(ctx->fd, MEMGETBADBLOCK, &bpos) > 0) {
534 printf("mtd: not erasing bad block at 0x%08lx\n", pos);
535 pos += ctx->partition->erase_size;
536 continue; // Don't try to erase known factory-bad blocks.
537 }
538
539 struct erase_info_user erase_info;
540 erase_info.start = pos;
541 erase_info.length = ctx->partition->erase_size;
542 if (ioctl(ctx->fd, MEMERASE, &erase_info) < 0) {
543 printf("mtd: erase failure at 0x%08lx\n", pos);
544 }
545 pos += ctx->partition->erase_size;
546 }
547
548 return pos;
549 }
550
mtd_write_close(MtdWriteContext * ctx)551 int mtd_write_close(MtdWriteContext *ctx)
552 {
553 int r = 0;
554 // Make sure any pending data gets written
555 if (mtd_erase_blocks(ctx, 0) == (off_t) -1) r = -1;
556 if (close(ctx->fd)) r = -1;
557 free(ctx->bad_block_offsets);
558 free(ctx->buffer);
559 free(ctx);
560 return r;
561 }
562