1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Parse RedBoot-style Flash Image System (FIS) tables and
4 * produce a Linux partition array to match.
5 *
6 * Copyright © 2001 Red Hat UK Limited
7 * Copyright © 2001-2010 David Woodhouse <dwmw2@infradead.org>
8 */
9
10 #include <linux/kernel.h>
11 #include <linux/slab.h>
12 #include <linux/init.h>
13 #include <linux/vmalloc.h>
14 #include <linux/of.h>
15 #include <linux/mtd/mtd.h>
16 #include <linux/mtd/partitions.h>
17 #include <linux/module.h>
18
19 struct fis_image_desc {
20 unsigned char name[16]; // Null terminated name
21 u32 flash_base; // Address within FLASH of image
22 u32 mem_base; // Address in memory where it executes
23 u32 size; // Length of image
24 u32 entry_point; // Execution entry point
25 u32 data_length; // Length of actual data
26 unsigned char _pad[256 - (16 + 7 * sizeof(u32))];
27 u32 desc_cksum; // Checksum over image descriptor
28 u32 file_cksum; // Checksum over image data
29 };
30
31 struct fis_list {
32 struct fis_image_desc *img;
33 struct fis_list *next;
34 };
35
36 static int directory = CONFIG_MTD_REDBOOT_DIRECTORY_BLOCK;
37 module_param(directory, int, 0);
38
redboot_checksum(struct fis_image_desc * img)39 static inline int redboot_checksum(struct fis_image_desc *img)
40 {
41 /* RedBoot doesn't actually write the desc_cksum field yet AFAICT */
42 return 1;
43 }
44
parse_redboot_of(struct mtd_info * master)45 static void parse_redboot_of(struct mtd_info *master)
46 {
47 struct device_node *np;
48 struct device_node *npart;
49 u32 dirblock;
50 int ret;
51
52 np = mtd_get_of_node(master);
53 if (!np)
54 return;
55
56 npart = of_get_child_by_name(np, "partitions");
57 if (!npart)
58 return;
59
60 ret = of_property_read_u32(npart, "fis-index-block", &dirblock);
61 if (ret)
62 return;
63
64 /*
65 * Assign the block found in the device tree to the local
66 * directory block pointer.
67 */
68 directory = dirblock;
69 }
70
parse_redboot_partitions(struct mtd_info * master,const struct mtd_partition ** pparts,struct mtd_part_parser_data * data)71 static int parse_redboot_partitions(struct mtd_info *master,
72 const struct mtd_partition **pparts,
73 struct mtd_part_parser_data *data)
74 {
75 int nrparts = 0;
76 struct fis_image_desc *buf;
77 struct mtd_partition *parts;
78 struct fis_list *fl = NULL, *tmp_fl;
79 int ret, i;
80 size_t retlen;
81 char *names;
82 char *nullname;
83 int namelen = 0;
84 int nulllen = 0;
85 int numslots;
86 unsigned long offset;
87 #ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED
88 static char nullstring[] = "unallocated";
89 #endif
90
91 parse_redboot_of(master);
92
93 if (directory < 0) {
94 offset = master->size + directory * master->erasesize;
95 while (mtd_block_isbad(master, offset)) {
96 if (!offset) {
97 nogood:
98 pr_notice("Failed to find a non-bad block to check for RedBoot partition table\n");
99 return -EIO;
100 }
101 offset -= master->erasesize;
102 }
103 } else {
104 offset = directory * master->erasesize;
105 while (mtd_block_isbad(master, offset)) {
106 offset += master->erasesize;
107 if (offset == master->size)
108 goto nogood;
109 }
110 }
111 buf = vmalloc(master->erasesize);
112
113 if (!buf)
114 return -ENOMEM;
115
116 pr_notice("Searching for RedBoot partition table in %s at offset 0x%lx\n",
117 master->name, offset);
118
119 ret = mtd_read(master, offset, master->erasesize, &retlen,
120 (void *)buf);
121
122 if (ret)
123 goto out;
124
125 if (retlen != master->erasesize) {
126 ret = -EIO;
127 goto out;
128 }
129
130 numslots = (master->erasesize / sizeof(struct fis_image_desc));
131 for (i = 0; i < numslots; i++) {
132 if (!memcmp(buf[i].name, "FIS directory", 14)) {
133 /* This is apparently the FIS directory entry for the
134 * FIS directory itself. The FIS directory size is
135 * one erase block; if the buf[i].size field is
136 * swab32(erasesize) then we know we are looking at
137 * a byte swapped FIS directory - swap all the entries!
138 * (NOTE: this is 'size' not 'data_length'; size is
139 * the full size of the entry.)
140 */
141
142 /* RedBoot can combine the FIS directory and
143 config partitions into a single eraseblock;
144 we assume wrong-endian if either the swapped
145 'size' matches the eraseblock size precisely,
146 or if the swapped size actually fits in an
147 eraseblock while the unswapped size doesn't. */
148 if (swab32(buf[i].size) == master->erasesize ||
149 (buf[i].size > master->erasesize
150 && swab32(buf[i].size) < master->erasesize)) {
151 int j;
152 /* Update numslots based on actual FIS directory size */
153 numslots = swab32(buf[i].size) / sizeof(struct fis_image_desc);
154 for (j = 0; j < numslots; ++j) {
155 /* A single 0xff denotes a deleted entry.
156 * Two of them in a row is the end of the table.
157 */
158 if (buf[j].name[0] == 0xff) {
159 if (buf[j].name[1] == 0xff) {
160 break;
161 } else {
162 continue;
163 }
164 }
165
166 /* The unsigned long fields were written with the
167 * wrong byte sex, name and pad have no byte sex.
168 */
169 swab32s(&buf[j].flash_base);
170 swab32s(&buf[j].mem_base);
171 swab32s(&buf[j].size);
172 swab32s(&buf[j].entry_point);
173 swab32s(&buf[j].data_length);
174 swab32s(&buf[j].desc_cksum);
175 swab32s(&buf[j].file_cksum);
176 }
177 } else if (buf[i].size < master->erasesize) {
178 /* Update numslots based on actual FIS directory size */
179 numslots = buf[i].size / sizeof(struct fis_image_desc);
180 }
181 break;
182 }
183 }
184 if (i == numslots) {
185 /* Didn't find it */
186 pr_notice("No RedBoot partition table detected in %s\n",
187 master->name);
188 ret = 0;
189 goto out;
190 }
191
192 for (i = 0; i < numslots; i++) {
193 struct fis_list *new_fl, **prev;
194
195 if (buf[i].name[0] == 0xff) {
196 if (buf[i].name[1] == 0xff) {
197 break;
198 } else {
199 continue;
200 }
201 }
202 if (!redboot_checksum(&buf[i]))
203 break;
204
205 new_fl = kmalloc(sizeof(struct fis_list), GFP_KERNEL);
206 namelen += strlen(buf[i].name) + 1;
207 if (!new_fl) {
208 ret = -ENOMEM;
209 goto out;
210 }
211 new_fl->img = &buf[i];
212 if (data && data->origin)
213 buf[i].flash_base -= data->origin;
214 else
215 buf[i].flash_base &= master->size - 1;
216
217 /* I'm sure the JFFS2 code has done me permanent damage.
218 * I now think the following is _normal_
219 */
220 prev = &fl;
221 while (*prev && (*prev)->img->flash_base < new_fl->img->flash_base)
222 prev = &(*prev)->next;
223 new_fl->next = *prev;
224 *prev = new_fl;
225
226 nrparts++;
227 }
228 #ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED
229 if (fl->img->flash_base) {
230 nrparts++;
231 nulllen = sizeof(nullstring);
232 }
233
234 for (tmp_fl = fl; tmp_fl->next; tmp_fl = tmp_fl->next) {
235 if (tmp_fl->img->flash_base + tmp_fl->img->size + master->erasesize <= tmp_fl->next->img->flash_base) {
236 nrparts++;
237 nulllen = sizeof(nullstring);
238 }
239 }
240 #endif
241 parts = kzalloc(sizeof(*parts) * nrparts + nulllen + namelen, GFP_KERNEL);
242
243 if (!parts) {
244 ret = -ENOMEM;
245 goto out;
246 }
247
248 nullname = (char *)&parts[nrparts];
249 #ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED
250 if (nulllen > 0)
251 strcpy(nullname, nullstring);
252 #endif
253 names = nullname + nulllen;
254
255 i = 0;
256
257 #ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED
258 if (fl->img->flash_base) {
259 parts[0].name = nullname;
260 parts[0].size = fl->img->flash_base;
261 parts[0].offset = 0;
262 i++;
263 }
264 #endif
265 for ( ; i < nrparts; i++) {
266 parts[i].size = fl->img->size;
267 parts[i].offset = fl->img->flash_base;
268 parts[i].name = names;
269
270 strcpy(names, fl->img->name);
271 #ifdef CONFIG_MTD_REDBOOT_PARTS_READONLY
272 if (!memcmp(names, "RedBoot", 8) ||
273 !memcmp(names, "RedBoot config", 15) ||
274 !memcmp(names, "FIS directory", 14)) {
275 parts[i].mask_flags = MTD_WRITEABLE;
276 }
277 #endif
278 names += strlen(names) + 1;
279
280 #ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED
281 if (fl->next && fl->img->flash_base + fl->img->size + master->erasesize <= fl->next->img->flash_base) {
282 i++;
283 parts[i].offset = parts[i - 1].size + parts[i - 1].offset;
284 parts[i].size = fl->next->img->flash_base - parts[i].offset;
285 parts[i].name = nullname;
286 }
287 #endif
288 tmp_fl = fl;
289 fl = fl->next;
290 kfree(tmp_fl);
291 }
292 ret = nrparts;
293 *pparts = parts;
294 out:
295 while (fl) {
296 struct fis_list *old = fl;
297
298 fl = fl->next;
299 kfree(old);
300 }
301 vfree(buf);
302 return ret;
303 }
304
305 static const struct of_device_id mtd_parser_redboot_of_match_table[] = {
306 { .compatible = "redboot-fis" },
307 {},
308 };
309 MODULE_DEVICE_TABLE(of, mtd_parser_redboot_of_match_table);
310
311 static struct mtd_part_parser redboot_parser = {
312 .parse_fn = parse_redboot_partitions,
313 .name = "RedBoot",
314 .of_match_table = mtd_parser_redboot_of_match_table,
315 };
316 module_mtd_part_parser(redboot_parser);
317
318 /* mtd parsers will request the module by parser name */
319 MODULE_ALIAS("RedBoot");
320 MODULE_LICENSE("GPL");
321 MODULE_AUTHOR("David Woodhouse <dwmw2@infradead.org>");
322 MODULE_DESCRIPTION("Parsing code for RedBoot Flash Image System (FIS) tables");
323
