1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * dfu.c -- DFU back-end routines
4 *
5 * Copyright (C) 2012 Samsung Electronics
6 * author: Lukasz Majewski <l.majewski@samsung.com>
7 */
8
9 #include <common.h>
10 #include <env.h>
11 #include <errno.h>
12 #include <log.h>
13 #include <malloc.h>
14 #include <mmc.h>
15 #include <fat.h>
16 #include <dfu.h>
17 #include <hash.h>
18 #include <linux/list.h>
19 #include <linux/compiler.h>
20
21 LIST_HEAD(dfu_list);
22 static int dfu_alt_num;
23 static int alt_num_cnt;
24 static struct hash_algo *dfu_hash_algo;
25 #ifdef CONFIG_DFU_TIMEOUT
26 static unsigned long dfu_timeout = 0;
27 #endif
28
29 bool dfu_reinit_needed = false;
30
31 /*
32 * The purpose of the dfu_flush_callback() function is to
33 * provide callback for dfu user
34 */
dfu_flush_callback(struct dfu_entity * dfu)35 __weak void dfu_flush_callback(struct dfu_entity *dfu)
36 {
37 }
38
39 /*
40 * The purpose of the dfu_initiated_callback() function is to
41 * provide callback for dfu user
42 */
dfu_initiated_callback(struct dfu_entity * dfu)43 __weak void dfu_initiated_callback(struct dfu_entity *dfu)
44 {
45 }
46
47 /*
48 * The purpose of the dfu_error_callback() function is to
49 * provide callback for dfu user
50 */
dfu_error_callback(struct dfu_entity * dfu,const char * msg)51 __weak void dfu_error_callback(struct dfu_entity *dfu, const char *msg)
52 {
53 }
54
55 /*
56 * The purpose of the dfu_usb_get_reset() function is to
57 * provide information if after USB_DETACH request
58 * being sent the dfu-util performed reset of USB
59 * bus.
60 *
61 * Described behaviour is the only way to distinct if
62 * user has typed -e (detach) or -R (reset) when invoking
63 * dfu-util command.
64 *
65 */
dfu_usb_get_reset(void)66 __weak bool dfu_usb_get_reset(void)
67 {
68 #ifdef CONFIG_SPL_DFU_NO_RESET
69 return false;
70 #else
71 return true;
72 #endif
73 }
74
75 #ifdef CONFIG_DFU_TIMEOUT
dfu_set_timeout(unsigned long timeout)76 void dfu_set_timeout(unsigned long timeout)
77 {
78 dfu_timeout = timeout;
79 }
80
dfu_get_timeout(void)81 unsigned long dfu_get_timeout(void)
82 {
83 return dfu_timeout;
84 }
85 #endif
86
dfu_find_alt_num(const char * s)87 static int dfu_find_alt_num(const char *s)
88 {
89 int i = 0;
90
91 for (; *s; s++)
92 if (*s == ';')
93 i++;
94
95 return ++i;
96 }
97
98 /*
99 * treat dfu_alt_info with several interface information
100 * to allow DFU on several device with one command,
101 * the string format is
102 * interface devstring'='alternate list (';' separated)
103 * and each interface separated by '&'
104 */
dfu_config_interfaces(char * env)105 int dfu_config_interfaces(char *env)
106 {
107 struct dfu_entity *dfu;
108 char *s, *i, *d, *a, *part;
109 int ret = -EINVAL;
110 int n = 1;
111
112 s = env;
113 for (; *s; s++) {
114 if (*s == ';')
115 n++;
116 if (*s == '&')
117 n++;
118 }
119 ret = dfu_alt_init(n, &dfu);
120 if (ret)
121 return ret;
122
123 s = env;
124 while (s) {
125 ret = -EINVAL;
126 i = strsep(&s, " ");
127 if (!i)
128 break;
129 d = strsep(&s, "=");
130 if (!d)
131 break;
132 a = strsep(&s, "&");
133 if (!a)
134 a = s;
135 do {
136 part = strsep(&a, ";");
137 ret = dfu_alt_add(dfu, i, d, part);
138 if (ret)
139 return ret;
140 } while (a);
141 }
142
143 return ret;
144 }
145
dfu_init_env_entities(char * interface,char * devstr)146 int dfu_init_env_entities(char *interface, char *devstr)
147 {
148 const char *str_env;
149 char *env_bkp;
150 int ret = 0;
151
152 dfu_reinit_needed = false;
153
154 #ifdef CONFIG_SET_DFU_ALT_INFO
155 set_dfu_alt_info(interface, devstr);
156 #endif
157 str_env = env_get("dfu_alt_info");
158 if (!str_env) {
159 pr_err("\"dfu_alt_info\" env variable not defined!\n");
160 return -EINVAL;
161 }
162
163 env_bkp = strdup(str_env);
164 if (!interface && !devstr)
165 ret = dfu_config_interfaces(env_bkp);
166 else
167 ret = dfu_config_entities(env_bkp, interface, devstr);
168
169 if (ret) {
170 pr_err("DFU entities configuration failed!\n");
171 pr_err("(partition table does not match dfu_alt_info?)\n");
172 goto done;
173 }
174
175 done:
176 free(env_bkp);
177 return ret;
178 }
179
180 static unsigned char *dfu_buf;
181 static unsigned long dfu_buf_size;
182 static enum dfu_device_type dfu_buf_device_type;
183
dfu_free_buf(void)184 unsigned char *dfu_free_buf(void)
185 {
186 free(dfu_buf);
187 dfu_buf = NULL;
188 return dfu_buf;
189 }
190
dfu_get_buf_size(void)191 unsigned long dfu_get_buf_size(void)
192 {
193 return dfu_buf_size;
194 }
195
dfu_get_buf(struct dfu_entity * dfu)196 unsigned char *dfu_get_buf(struct dfu_entity *dfu)
197 {
198 char *s;
199
200 /* manage several entity with several contraint */
201 if (dfu_buf && dfu->dev_type != dfu_buf_device_type)
202 dfu_free_buf();
203
204 if (dfu_buf != NULL)
205 return dfu_buf;
206
207 s = env_get("dfu_bufsiz");
208 if (s)
209 dfu_buf_size = (unsigned long)simple_strtol(s, NULL, 0);
210
211 if (!s || !dfu_buf_size)
212 dfu_buf_size = CONFIG_SYS_DFU_DATA_BUF_SIZE;
213
214 if (dfu->max_buf_size && dfu_buf_size > dfu->max_buf_size)
215 dfu_buf_size = dfu->max_buf_size;
216
217 dfu_buf = memalign(CONFIG_SYS_CACHELINE_SIZE, dfu_buf_size);
218 if (dfu_buf == NULL)
219 printf("%s: Could not memalign 0x%lx bytes\n",
220 __func__, dfu_buf_size);
221
222 dfu_buf_device_type = dfu->dev_type;
223 return dfu_buf;
224 }
225
dfu_get_hash_algo(void)226 static char *dfu_get_hash_algo(void)
227 {
228 char *s;
229
230 s = env_get("dfu_hash_algo");
231 if (!s)
232 return NULL;
233
234 if (!strcmp(s, "crc32")) {
235 debug("%s: DFU hash method: %s\n", __func__, s);
236 return s;
237 }
238
239 pr_err("DFU hash method: %s not supported!\n", s);
240 return NULL;
241 }
242
dfu_write_buffer_drain(struct dfu_entity * dfu)243 static int dfu_write_buffer_drain(struct dfu_entity *dfu)
244 {
245 long w_size;
246 int ret;
247
248 /* flush size? */
249 w_size = dfu->i_buf - dfu->i_buf_start;
250 if (w_size == 0)
251 return 0;
252
253 if (dfu_hash_algo)
254 dfu_hash_algo->hash_update(dfu_hash_algo, &dfu->crc,
255 dfu->i_buf_start, w_size, 0);
256
257 ret = dfu->write_medium(dfu, dfu->offset, dfu->i_buf_start, &w_size);
258 if (ret)
259 debug("%s: Write error!\n", __func__);
260
261 /* point back */
262 dfu->i_buf = dfu->i_buf_start;
263
264 /* update offset */
265 dfu->offset += w_size;
266
267 puts("#");
268
269 return ret;
270 }
271
dfu_transaction_cleanup(struct dfu_entity * dfu)272 void dfu_transaction_cleanup(struct dfu_entity *dfu)
273 {
274 /* clear everything */
275 dfu->crc = 0;
276 dfu->offset = 0;
277 dfu->i_blk_seq_num = 0;
278 dfu->i_buf_start = dfu_get_buf(dfu);
279 dfu->i_buf_end = dfu->i_buf_start;
280 dfu->i_buf = dfu->i_buf_start;
281 dfu->r_left = 0;
282 dfu->b_left = 0;
283 dfu->bad_skip = 0;
284
285 dfu->inited = 0;
286 }
287
dfu_transaction_initiate(struct dfu_entity * dfu,bool read)288 int dfu_transaction_initiate(struct dfu_entity *dfu, bool read)
289 {
290 int ret = 0;
291
292 if (dfu->inited)
293 return 0;
294
295 dfu_transaction_cleanup(dfu);
296
297 if (dfu->i_buf_start == NULL)
298 return -ENOMEM;
299
300 dfu->i_buf_end = dfu->i_buf_start + dfu_get_buf_size();
301
302 if (read) {
303 ret = dfu->get_medium_size(dfu, &dfu->r_left);
304 if (ret < 0)
305 return ret;
306 debug("%s: %s %lld [B]\n", __func__, dfu->name, dfu->r_left);
307 }
308
309 dfu->inited = 1;
310 dfu_initiated_callback(dfu);
311
312 return 0;
313 }
314
dfu_flush(struct dfu_entity * dfu,void * buf,int size,int blk_seq_num)315 int dfu_flush(struct dfu_entity *dfu, void *buf, int size, int blk_seq_num)
316 {
317 int ret = 0;
318
319 ret = dfu_write_buffer_drain(dfu);
320 if (ret)
321 return ret;
322
323 if (dfu->flush_medium)
324 ret = dfu->flush_medium(dfu);
325
326 if (dfu_hash_algo)
327 printf("\nDFU complete %s: 0x%08x\n", dfu_hash_algo->name,
328 dfu->crc);
329
330 dfu_flush_callback(dfu);
331
332 dfu_transaction_cleanup(dfu);
333
334 return ret;
335 }
336
dfu_write(struct dfu_entity * dfu,void * buf,int size,int blk_seq_num)337 int dfu_write(struct dfu_entity *dfu, void *buf, int size, int blk_seq_num)
338 {
339 int ret;
340
341 debug("%s: name: %s buf: 0x%p size: 0x%x p_num: 0x%x offset: 0x%llx bufoffset: 0x%lx\n",
342 __func__, dfu->name, buf, size, blk_seq_num, dfu->offset,
343 (unsigned long)(dfu->i_buf - dfu->i_buf_start));
344
345 ret = dfu_transaction_initiate(dfu, false);
346 if (ret < 0)
347 return ret;
348
349 if (dfu->i_blk_seq_num != blk_seq_num) {
350 printf("%s: Wrong sequence number! [%d] [%d]\n",
351 __func__, dfu->i_blk_seq_num, blk_seq_num);
352 dfu_transaction_cleanup(dfu);
353 dfu_error_callback(dfu, "Wrong sequence number");
354 return -1;
355 }
356
357 /* DFU 1.1 standard says:
358 * The wBlockNum field is a block sequence number. It increments each
359 * time a block is transferred, wrapping to zero from 65,535. It is used
360 * to provide useful context to the DFU loader in the device."
361 *
362 * This means that it's a 16 bit counter that roll-overs at
363 * 0xffff -> 0x0000. By having a typical 4K transfer block
364 * we roll-over at exactly 256MB. Not very fun to debug.
365 *
366 * Handling rollover, and having an inited variable,
367 * makes things work.
368 */
369
370 /* handle rollover */
371 dfu->i_blk_seq_num = (dfu->i_blk_seq_num + 1) & 0xffff;
372
373 /* flush buffer if overflow */
374 if ((dfu->i_buf + size) > dfu->i_buf_end) {
375 ret = dfu_write_buffer_drain(dfu);
376 if (ret) {
377 dfu_transaction_cleanup(dfu);
378 dfu_error_callback(dfu, "DFU write error");
379 return ret;
380 }
381 }
382
383 /* we should be in buffer now (if not then size too large) */
384 if ((dfu->i_buf + size) > dfu->i_buf_end) {
385 pr_err("Buffer overflow! (0x%p + 0x%x > 0x%p)\n", dfu->i_buf,
386 size, dfu->i_buf_end);
387 dfu_transaction_cleanup(dfu);
388 dfu_error_callback(dfu, "Buffer overflow");
389 return -1;
390 }
391
392 memcpy(dfu->i_buf, buf, size);
393 dfu->i_buf += size;
394
395 /* if end or if buffer full flush */
396 if (size == 0 || (dfu->i_buf + size) > dfu->i_buf_end) {
397 ret = dfu_write_buffer_drain(dfu);
398 if (ret) {
399 dfu_transaction_cleanup(dfu);
400 dfu_error_callback(dfu, "DFU write error");
401 return ret;
402 }
403 }
404
405 return 0;
406 }
407
dfu_read_buffer_fill(struct dfu_entity * dfu,void * buf,int size)408 static int dfu_read_buffer_fill(struct dfu_entity *dfu, void *buf, int size)
409 {
410 long chunk;
411 int ret, readn;
412
413 readn = 0;
414 while (size > 0) {
415 /* get chunk that can be read */
416 chunk = min((long)size, dfu->b_left);
417 /* consume */
418 if (chunk > 0) {
419 memcpy(buf, dfu->i_buf, chunk);
420 if (dfu_hash_algo)
421 dfu_hash_algo->hash_update(dfu_hash_algo,
422 &dfu->crc, buf,
423 chunk, 0);
424
425 dfu->i_buf += chunk;
426 dfu->b_left -= chunk;
427 size -= chunk;
428 buf += chunk;
429 readn += chunk;
430 }
431
432 /* all done */
433 if (size > 0) {
434 /* no more to read */
435 if (dfu->r_left == 0)
436 break;
437
438 dfu->i_buf = dfu->i_buf_start;
439 dfu->b_left = dfu->i_buf_end - dfu->i_buf_start;
440
441 /* got to read, but buffer is empty */
442 if (dfu->b_left > dfu->r_left)
443 dfu->b_left = dfu->r_left;
444 ret = dfu->read_medium(dfu, dfu->offset, dfu->i_buf,
445 &dfu->b_left);
446 if (ret != 0) {
447 debug("%s: Read error!\n", __func__);
448 return ret;
449 }
450 if (dfu->b_left == 0)
451 break;
452 dfu->offset += dfu->b_left;
453 dfu->r_left -= dfu->b_left;
454
455 puts("#");
456 }
457 }
458
459 return readn;
460 }
461
dfu_read(struct dfu_entity * dfu,void * buf,int size,int blk_seq_num)462 int dfu_read(struct dfu_entity *dfu, void *buf, int size, int blk_seq_num)
463 {
464 int ret = 0;
465
466 debug("%s: name: %s buf: 0x%p size: 0x%x p_num: 0x%x i_buf: 0x%p\n",
467 __func__, dfu->name, buf, size, blk_seq_num, dfu->i_buf);
468
469 ret = dfu_transaction_initiate(dfu, true);
470 if (ret < 0)
471 return ret;
472
473 if (dfu->i_blk_seq_num != blk_seq_num) {
474 printf("%s: Wrong sequence number! [%d] [%d]\n",
475 __func__, dfu->i_blk_seq_num, blk_seq_num);
476 return -1;
477 }
478 /* handle rollover */
479 dfu->i_blk_seq_num = (dfu->i_blk_seq_num + 1) & 0xffff;
480
481 ret = dfu_read_buffer_fill(dfu, buf, size);
482 if (ret < 0) {
483 printf("%s: Failed to fill buffer\n", __func__);
484 return -1;
485 }
486
487 if (ret < size) {
488 if (dfu_hash_algo)
489 debug("%s: %s %s: 0x%x\n", __func__, dfu->name,
490 dfu_hash_algo->name, dfu->crc);
491 puts("\nUPLOAD ... done\nCtrl+C to exit ...\n");
492
493 dfu_transaction_cleanup(dfu);
494 }
495
496 return ret;
497 }
498
dfu_fill_entity(struct dfu_entity * dfu,char * s,int alt,char * interface,char * devstr)499 static int dfu_fill_entity(struct dfu_entity *dfu, char *s, int alt,
500 char *interface, char *devstr)
501 {
502 char *st;
503
504 debug("%s: %s interface: %s dev: %s\n", __func__, s, interface, devstr);
505 st = strsep(&s, " ");
506 strcpy(dfu->name, st);
507
508 dfu->alt = alt;
509 dfu->max_buf_size = 0;
510 dfu->free_entity = NULL;
511
512 /* Specific for mmc device */
513 if (strcmp(interface, "mmc") == 0) {
514 if (dfu_fill_entity_mmc(dfu, devstr, s))
515 return -1;
516 } else if (strcmp(interface, "mtd") == 0) {
517 if (dfu_fill_entity_mtd(dfu, devstr, s))
518 return -1;
519 } else if (strcmp(interface, "nand") == 0) {
520 if (dfu_fill_entity_nand(dfu, devstr, s))
521 return -1;
522 } else if (strcmp(interface, "ram") == 0) {
523 if (dfu_fill_entity_ram(dfu, devstr, s))
524 return -1;
525 } else if (strcmp(interface, "sf") == 0) {
526 if (dfu_fill_entity_sf(dfu, devstr, s))
527 return -1;
528 } else if (strcmp(interface, "virt") == 0) {
529 if (dfu_fill_entity_virt(dfu, devstr, s))
530 return -1;
531 } else {
532 printf("%s: Device %s not (yet) supported!\n",
533 __func__, interface);
534 return -1;
535 }
536 dfu_get_buf(dfu);
537
538 return 0;
539 }
540
dfu_free_entities(void)541 void dfu_free_entities(void)
542 {
543 struct dfu_entity *dfu, *p, *t = NULL;
544
545 dfu_free_buf();
546 list_for_each_entry_safe_reverse(dfu, p, &dfu_list, list) {
547 list_del(&dfu->list);
548 if (dfu->free_entity)
549 dfu->free_entity(dfu);
550 t = dfu;
551 }
552 if (t)
553 free(t);
554 INIT_LIST_HEAD(&dfu_list);
555
556 alt_num_cnt = 0;
557 }
558
dfu_alt_init(int num,struct dfu_entity ** dfu)559 int dfu_alt_init(int num, struct dfu_entity **dfu)
560 {
561 char *s;
562 int ret;
563
564 dfu_alt_num = num;
565 debug("%s: dfu_alt_num=%d\n", __func__, dfu_alt_num);
566
567 dfu_hash_algo = NULL;
568 s = dfu_get_hash_algo();
569 if (s) {
570 ret = hash_lookup_algo(s, &dfu_hash_algo);
571 if (ret)
572 pr_err("Hash algorithm %s not supported\n", s);
573 }
574
575 *dfu = calloc(sizeof(struct dfu_entity), dfu_alt_num);
576 if (!*dfu)
577 return -1;
578
579 return 0;
580 }
581
dfu_alt_add(struct dfu_entity * dfu,char * interface,char * devstr,char * s)582 int dfu_alt_add(struct dfu_entity *dfu, char *interface, char *devstr, char *s)
583 {
584 struct dfu_entity *p_dfu;
585 int ret;
586
587 if (alt_num_cnt >= dfu_alt_num)
588 return -1;
589
590 p_dfu = &dfu[alt_num_cnt];
591 ret = dfu_fill_entity(p_dfu, s, alt_num_cnt, interface, devstr);
592 if (ret)
593 return -1;
594
595 list_add_tail(&p_dfu->list, &dfu_list);
596 alt_num_cnt++;
597
598 return 0;
599 }
600
dfu_config_entities(char * env,char * interface,char * devstr)601 int dfu_config_entities(char *env, char *interface, char *devstr)
602 {
603 struct dfu_entity *dfu;
604 int i, ret;
605 char *s;
606
607 ret = dfu_alt_init(dfu_find_alt_num(env), &dfu);
608 if (ret)
609 return -1;
610
611 for (i = 0; i < dfu_alt_num; i++) {
612 s = strsep(&env, ";");
613 ret = dfu_alt_add(dfu, interface, devstr, s);
614 if (ret) {
615 /* We will free "dfu" in dfu_free_entities() */
616 return -1;
617 }
618 }
619
620 return 0;
621 }
622
dfu_get_dev_type(enum dfu_device_type t)623 const char *dfu_get_dev_type(enum dfu_device_type t)
624 {
625 const char *const dev_t[] = {NULL, "eMMC", "OneNAND", "NAND", "RAM",
626 "SF", "MTD", "VIRT"};
627 return dev_t[t];
628 }
629
dfu_get_layout(enum dfu_layout l)630 const char *dfu_get_layout(enum dfu_layout l)
631 {
632 const char *const dfu_layout[] = {NULL, "RAW_ADDR", "FAT", "EXT2",
633 "EXT3", "EXT4", "RAM_ADDR", "SKIP",
634 "SCRIPT" };
635 return dfu_layout[l];
636 }
637
dfu_show_entities(void)638 void dfu_show_entities(void)
639 {
640 struct dfu_entity *dfu;
641
642 puts("DFU alt settings list:\n");
643
644 list_for_each_entry(dfu, &dfu_list, list) {
645 printf("dev: %s alt: %d name: %s layout: %s\n",
646 dfu_get_dev_type(dfu->dev_type), dfu->alt,
647 dfu->name, dfu_get_layout(dfu->layout));
648 }
649 }
650
dfu_get_alt_number(void)651 int dfu_get_alt_number(void)
652 {
653 return dfu_alt_num;
654 }
655
dfu_get_entity(int alt)656 struct dfu_entity *dfu_get_entity(int alt)
657 {
658 struct dfu_entity *dfu;
659
660 list_for_each_entry(dfu, &dfu_list, list) {
661 if (dfu->alt == alt)
662 return dfu;
663 }
664
665 return NULL;
666 }
667
dfu_get_alt(char * name)668 int dfu_get_alt(char *name)
669 {
670 struct dfu_entity *dfu;
671 char *str;
672
673 list_for_each_entry(dfu, &dfu_list, list) {
674 if (dfu->name[0] != '/') {
675 if (!strncmp(dfu->name, name, strlen(dfu->name)))
676 return dfu->alt;
677 } else {
678 /*
679 * One must also consider absolute path
680 * (/boot/bin/uImage) available at dfu->name when
681 * compared "plain" file name (uImage)
682 *
683 * It is the case for e.g. thor gadget where lthor SW
684 * sends only the file name, so only the very last part
685 * of path must be checked for equality
686 */
687
688 str = strstr(dfu->name, name);
689 if (!str)
690 continue;
691
692 /*
693 * Check if matching substring is the last element of
694 * dfu->name (uImage)
695 */
696 if (strlen(dfu->name) ==
697 ((str - dfu->name) + strlen(name)))
698 return dfu->alt;
699 }
700 }
701
702 return -ENODEV;
703 }
704
dfu_write_from_mem_addr(struct dfu_entity * dfu,void * buf,int size)705 int dfu_write_from_mem_addr(struct dfu_entity *dfu, void *buf, int size)
706 {
707 unsigned long dfu_buf_size, write, left = size;
708 int i, ret = 0;
709 void *dp = buf;
710
711 /*
712 * Here we must call dfu_get_buf(dfu) first to be sure that dfu_buf_size
713 * has been properly initialized - e.g. if "dfu_bufsiz" has been taken
714 * into account.
715 */
716 dfu_get_buf(dfu);
717 dfu_buf_size = dfu_get_buf_size();
718 debug("%s: dfu buf size: %lu\n", __func__, dfu_buf_size);
719
720 for (i = 0; left > 0; i++) {
721 write = min(dfu_buf_size, left);
722
723 debug("%s: dp: 0x%p left: %lu write: %lu\n", __func__,
724 dp, left, write);
725 ret = dfu_write(dfu, dp, write, i);
726 if (ret) {
727 pr_err("DFU write failed\n");
728 return ret;
729 }
730
731 dp += write;
732 left -= write;
733 }
734
735 ret = dfu_flush(dfu, NULL, 0, i);
736 if (ret)
737 pr_err("DFU flush failed!");
738
739 return ret;
740 }
741