xref: /linux/drivers/mtd/parsers/afs.c (revision 312b62b6610cabea4cb535fd4889c41e9a84afca)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*======================================================================
3 
4     drivers/mtd/afs.c: ARM Flash Layout/Partitioning
5 
6     Copyright © 2000 ARM Limited
7     Copyright (C) 2019 Linus Walleij
8 
9 
10    This is access code for flashes using ARM's flash partitioning
11    standards.
12 
13 ======================================================================*/
14 
15 #include <linux/module.h>
16 #include <linux/types.h>
17 #include <linux/kernel.h>
18 #include <linux/slab.h>
19 #include <linux/string.h>
20 #include <linux/init.h>
21 
22 #include <linux/mtd/mtd.h>
23 #include <linux/mtd/map.h>
24 #include <linux/mtd/partitions.h>
25 
26 #define AFSV1_FOOTER_MAGIC 0xA0FFFF9F
27 #define AFSV2_FOOTER_MAGIC1 0x464C5348 /* "FLSH" */
28 #define AFSV2_FOOTER_MAGIC2 0x464F4F54 /* "FOOT" */
29 
30 struct footer_v1 {
31 	u32 image_info_base;	/* Address of first word of ImageFooter  */
32 	u32 image_start;	/* Start of area reserved by this footer */
33 	u32 signature;		/* 'Magic' number proves it's a footer   */
34 	u32 type;		/* Area type: ARM Image, SIB, customer   */
35 	u32 checksum;		/* Just this structure                   */
36 };
37 
38 struct image_info_v1 {
39 	u32 bootFlags;		/* Boot flags, compression etc.          */
40 	u32 imageNumber;	/* Unique number, selects for boot etc.  */
41 	u32 loadAddress;	/* Address program should be loaded to   */
42 	u32 length;		/* Actual size of image                  */
43 	u32 address;		/* Image is executed from here           */
44 	char name[16];		/* Null terminated                       */
45 	u32 headerBase;		/* Flash Address of any stripped header  */
46 	u32 header_length;	/* Length of header in memory            */
47 	u32 headerType;		/* AIF, RLF, s-record etc.               */
48 	u32 checksum;		/* Image checksum (inc. this struct)     */
49 };
50 
51 static u32 word_sum(void *words, int num)
52 {
53 	u32 *p = words;
54 	u32 sum = 0;
55 
56 	while (num--)
57 		sum += *p++;
58 
59 	return sum;
60 }
61 
62 static u32 word_sum_v2(u32 *p, u32 num)
63 {
64 	u32 sum = 0;
65 	int i;
66 
67 	for (i = 0; i < num; i++) {
68 		u32 val;
69 
70 		val = p[i];
71 		if (val > ~sum)
72 			sum++;
73 		sum += val;
74 	}
75 	return ~sum;
76 }
77 
78 static bool afs_is_v1(struct mtd_info *mtd, u_int off)
79 {
80 	/* The magic is 12 bytes from the end of the erase block */
81 	u_int ptr = off + mtd->erasesize - 12;
82 	u32 magic;
83 	size_t sz;
84 	int ret;
85 
86 	ret = mtd_read(mtd, ptr, 4, &sz, (u_char *)&magic);
87 	if (ret < 0) {
88 		printk(KERN_ERR "AFS: mtd read failed at 0x%x: %d\n",
89 		       ptr, ret);
90 		return false;
91 	}
92 	if (ret >= 0 && sz != 4)
93 		return false;
94 
95 	return (magic == AFSV1_FOOTER_MAGIC);
96 }
97 
98 static bool afs_is_v2(struct mtd_info *mtd, u_int off)
99 {
100 	/* The magic is the 8 last bytes of the erase block */
101 	u_int ptr = off + mtd->erasesize - 8;
102 	u32 foot[2];
103 	size_t sz;
104 	int ret;
105 
106 	ret = mtd_read(mtd, ptr, 8, &sz, (u_char *)foot);
107 	if (ret < 0) {
108 		printk(KERN_ERR "AFS: mtd read failed at 0x%x: %d\n",
109 		       ptr, ret);
110 		return false;
111 	}
112 	if (ret >= 0 && sz != 8)
113 		return false;
114 
115 	return (foot[0] == AFSV2_FOOTER_MAGIC1 &&
116 		foot[1] == AFSV2_FOOTER_MAGIC2);
117 }
118 
119 static int afs_parse_v1_partition(struct mtd_info *mtd,
120 				  u_int off, struct mtd_partition *part)
121 {
122 	struct footer_v1 fs;
123 	struct image_info_v1 iis;
124 	u_int mask;
125 	/*
126 	 * Static checks cannot see that we bail out if we have an error
127 	 * reading the footer.
128 	 */
129 	u_int uninitialized_var(iis_ptr);
130 	u_int uninitialized_var(img_ptr);
131 	u_int ptr;
132 	size_t sz;
133 	int ret;
134 	int i;
135 
136 	/*
137 	 * This is the address mask; we use this to mask off out of
138 	 * range address bits.
139 	 */
140 	mask = mtd->size - 1;
141 
142 	ptr = off + mtd->erasesize - sizeof(fs);
143 	ret = mtd_read(mtd, ptr, sizeof(fs), &sz, (u_char *)&fs);
144 	if (ret >= 0 && sz != sizeof(fs))
145 		ret = -EINVAL;
146 	if (ret < 0) {
147 		printk(KERN_ERR "AFS: mtd read failed at 0x%x: %d\n",
148 		       ptr, ret);
149 		return ret;
150 	}
151 	/*
152 	 * Check the checksum.
153 	 */
154 	if (word_sum(&fs, sizeof(fs) / sizeof(u32)) != 0xffffffff)
155 		return -EINVAL;
156 
157 	/*
158 	 * Hide the SIB (System Information Block)
159 	 */
160 	if (fs.type == 2)
161 		return 0;
162 
163 	iis_ptr = fs.image_info_base & mask;
164 	img_ptr = fs.image_start & mask;
165 
166 	/*
167 	 * Check the image info base.  This can not
168 	 * be located after the footer structure.
169 	 */
170 	if (iis_ptr >= ptr)
171 		return 0;
172 
173 	/*
174 	 * Check the start of this image.  The image
175 	 * data can not be located after this block.
176 	 */
177 	if (img_ptr > off)
178 		return 0;
179 
180 	/* Read the image info block */
181 	memset(&iis, 0, sizeof(iis));
182 	ret = mtd_read(mtd, iis_ptr, sizeof(iis), &sz, (u_char *)&iis);
183 	if (ret < 0) {
184 		printk(KERN_ERR "AFS: mtd read failed at 0x%x: %d\n",
185 		       iis_ptr, ret);
186 		return -EINVAL;
187 	}
188 
189 	if (sz != sizeof(iis))
190 		return -EINVAL;
191 
192 	/*
193 	 * Validate the name - it must be NUL terminated.
194 	 */
195 	for (i = 0; i < sizeof(iis.name); i++)
196 		if (iis.name[i] == '\0')
197 			break;
198 	if (i > sizeof(iis.name))
199 		return -EINVAL;
200 
201 	part->name = kstrdup(iis.name, GFP_KERNEL);
202 	if (!part->name)
203 		return -ENOMEM;
204 
205 	part->size = (iis.length + mtd->erasesize - 1) & ~(mtd->erasesize - 1);
206 	part->offset = img_ptr;
207 	part->mask_flags = 0;
208 
209 	printk("  mtd: at 0x%08x, %5lluKiB, %8u, %s\n",
210 	       img_ptr, part->size / 1024,
211 	       iis.imageNumber, part->name);
212 
213 	return 0;
214 }
215 
216 static int afs_parse_v2_partition(struct mtd_info *mtd,
217 				  u_int off, struct mtd_partition *part)
218 {
219 	u_int ptr;
220 	u32 footer[12];
221 	u32 imginfo[36];
222 	char *name;
223 	u32 version;
224 	u32 entrypoint;
225 	u32 attributes;
226 	u32 region_count;
227 	u32 block_start;
228 	u32 block_end;
229 	u32 crc;
230 	size_t sz;
231 	int ret;
232 	int i;
233 	int pad = 0;
234 
235 	pr_debug("Parsing v2 partition @%08x-%08x\n",
236 		 off, off + mtd->erasesize);
237 
238 	/* First read the footer */
239 	ptr = off + mtd->erasesize - sizeof(footer);
240 	ret = mtd_read(mtd, ptr, sizeof(footer), &sz, (u_char *)footer);
241 	if ((ret < 0) || (ret >= 0 && sz != sizeof(footer))) {
242 		pr_err("AFS: mtd read failed at 0x%x: %d\n",
243 		       ptr, ret);
244 		return -EIO;
245 	}
246 	name = (char *) &footer[0];
247 	version = footer[9];
248 	ptr = off + mtd->erasesize - sizeof(footer) - footer[8];
249 
250 	pr_debug("found image \"%s\", version %08x, info @%08x\n",
251 		 name, version, ptr);
252 
253 	/* Then read the image information */
254 	ret = mtd_read(mtd, ptr, sizeof(imginfo), &sz, (u_char *)imginfo);
255 	if ((ret < 0) || (ret >= 0 && sz != sizeof(imginfo))) {
256 		pr_err("AFS: mtd read failed at 0x%x: %d\n",
257 		       ptr, ret);
258 		return -EIO;
259 	}
260 
261 	/* 32bit platforms have 4 bytes padding */
262 	crc = word_sum_v2(&imginfo[1], 34);
263 	if (!crc) {
264 		pr_debug("Padding 1 word (4 bytes)\n");
265 		pad = 1;
266 	} else {
267 		/* 64bit platforms have 8 bytes padding */
268 		crc = word_sum_v2(&imginfo[2], 34);
269 		if (!crc) {
270 			pr_debug("Padding 2 words (8 bytes)\n");
271 			pad = 2;
272 		}
273 	}
274 	if (crc) {
275 		pr_err("AFS: bad checksum on v2 image info: %08x\n", crc);
276 		return -EINVAL;
277 	}
278 	entrypoint = imginfo[pad];
279 	attributes = imginfo[pad+1];
280 	region_count = imginfo[pad+2];
281 	block_start = imginfo[20];
282 	block_end = imginfo[21];
283 
284 	pr_debug("image entry=%08x, attr=%08x, regions=%08x, "
285 		 "bs=%08x, be=%08x\n",
286 		 entrypoint, attributes, region_count,
287 		 block_start, block_end);
288 
289 	for (i = 0; i < region_count; i++) {
290 		u32 region_load_addr = imginfo[pad + 3 + i*4];
291 		u32 region_size = imginfo[pad + 4 + i*4];
292 		u32 region_offset = imginfo[pad + 5 + i*4];
293 		u32 region_start;
294 		u32 region_end;
295 
296 		pr_debug("  region %d: address: %08x, size: %08x, "
297 			 "offset: %08x\n",
298 			 i,
299 			 region_load_addr,
300 			 region_size,
301 			 region_offset);
302 
303 		region_start = off + region_offset;
304 		region_end = region_start + region_size;
305 		/* Align partition to end of erase block */
306 		region_end += (mtd->erasesize - 1);
307 		region_end &= ~(mtd->erasesize -1);
308 		pr_debug("   partition start = %08x, partition end = %08x\n",
309 			 region_start, region_end);
310 
311 		/* Create one partition per region */
312 		part->name = kstrdup(name, GFP_KERNEL);
313 		if (!part->name)
314 			return -ENOMEM;
315 		part->offset = region_start;
316 		part->size = region_end - region_start;
317 		part->mask_flags = 0;
318 	}
319 
320 	return 0;
321 }
322 
323 static int parse_afs_partitions(struct mtd_info *mtd,
324 				const struct mtd_partition **pparts,
325 				struct mtd_part_parser_data *data)
326 {
327 	struct mtd_partition *parts;
328 	u_int off, sz;
329 	int ret = 0;
330 	int i;
331 
332 	/* Count the partitions by looping over all erase blocks */
333 	for (i = off = sz = 0; off < mtd->size; off += mtd->erasesize) {
334 		if (afs_is_v1(mtd, off)) {
335 			sz += sizeof(struct mtd_partition);
336 			i += 1;
337 		}
338 		if (afs_is_v2(mtd, off)) {
339 			sz += sizeof(struct mtd_partition);
340 			i += 1;
341 		}
342 	}
343 
344 	if (!i)
345 		return 0;
346 
347 	parts = kzalloc(sz, GFP_KERNEL);
348 	if (!parts)
349 		return -ENOMEM;
350 
351 	/*
352 	 * Identify the partitions
353 	 */
354 	for (i = off = 0; off < mtd->size; off += mtd->erasesize) {
355 		if (afs_is_v1(mtd, off)) {
356 			ret = afs_parse_v1_partition(mtd, off, &parts[i]);
357 			if (ret)
358 				goto out_free_parts;
359 			i++;
360 		}
361 		if (afs_is_v2(mtd, off)) {
362 			ret = afs_parse_v2_partition(mtd, off, &parts[i]);
363 			if (ret)
364 				goto out_free_parts;
365 			i++;
366 		}
367 	}
368 
369 	*pparts = parts;
370 	return i;
371 
372 out_free_parts:
373 	while (i >= 0) {
374 		kfree(parts[i].name);
375 		i--;
376 	}
377 	kfree(parts);
378 	*pparts = NULL;
379 	return ret;
380 }
381 
382 static const struct of_device_id mtd_parser_afs_of_match_table[] = {
383 	{ .compatible = "arm,arm-firmware-suite" },
384 	{},
385 };
386 MODULE_DEVICE_TABLE(of, mtd_parser_afs_of_match_table);
387 
388 static struct mtd_part_parser afs_parser = {
389 	.parse_fn = parse_afs_partitions,
390 	.name = "afs",
391 	.of_match_table = mtd_parser_afs_of_match_table,
392 };
393 module_mtd_part_parser(afs_parser);
394 
395 MODULE_AUTHOR("ARM Ltd");
396 MODULE_DESCRIPTION("ARM Firmware Suite partition parser");
397 MODULE_LICENSE("GPL");
398