1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Parse RedBoot-style Flash Image System (FIS) tables and
4 * produce a Linux partition array to match.
5 *
6 * Copyright © 2001      Red Hat UK Limited
7 * Copyright © 2001-2010 David Woodhouse <dwmw2@infradead.org>
8 */
9
10#include <linux/kernel.h>
11#include <linux/slab.h>
12#include <linux/init.h>
13#include <linux/vmalloc.h>
14#include <linux/of.h>
15#include <linux/mtd/mtd.h>
16#include <linux/mtd/partitions.h>
17#include <linux/module.h>
18
19struct fis_image_desc {
20    unsigned char name[16];      // Null terminated name
21    uint32_t	  flash_base;    // Address within FLASH of image
22    uint32_t	  mem_base;      // Address in memory where it executes
23    uint32_t	  size;          // Length of image
24    uint32_t	  entry_point;   // Execution entry point
25    uint32_t	  data_length;   // Length of actual data
26    unsigned char _pad[256-(16+7*sizeof(uint32_t))];
27    uint32_t	  desc_cksum;    // Checksum over image descriptor
28    uint32_t	  file_cksum;    // Checksum over image data
29};
30
31struct fis_list {
32	struct fis_image_desc *img;
33	struct fis_list *next;
34};
35
36static int directory = CONFIG_MTD_REDBOOT_DIRECTORY_BLOCK;
37module_param(directory, int, 0);
38
39static inline int redboot_checksum(struct fis_image_desc *img)
40{
41	/* RedBoot doesn't actually write the desc_cksum field yet AFAICT */
42	return 1;
43}
44
45static void parse_redboot_of(struct mtd_info *master)
46{
47	struct device_node *np;
48	struct device_node *npart;
49	u32 dirblock;
50	int ret;
51
52	np = mtd_get_of_node(master);
53	if (!np)
54		return;
55
56	npart = of_get_child_by_name(np, "partitions");
57	if (!npart)
58		return;
59
60	ret = of_property_read_u32(npart, "fis-index-block", &dirblock);
61	of_node_put(npart);
62	if (ret)
63		return;
64
65	/*
66	 * Assign the block found in the device tree to the local
67	 * directory block pointer.
68	 */
69	directory = dirblock;
70}
71
72static int parse_redboot_partitions(struct mtd_info *master,
73				    const struct mtd_partition **pparts,
74				    struct mtd_part_parser_data *data)
75{
76	int nrparts = 0;
77	struct fis_image_desc *buf;
78	struct mtd_partition *parts;
79	struct fis_list *fl = NULL, *tmp_fl;
80	int ret, i;
81	size_t retlen;
82	char *names;
83	char *nullname;
84	int namelen = 0;
85	int nulllen = 0;
86	int numslots;
87	unsigned long offset;
88#ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED
89	static char nullstring[] = "unallocated";
90#endif
91
92	parse_redboot_of(master);
93
94	if ( directory < 0 ) {
95		offset = master->size + directory * master->erasesize;
96		while (mtd_block_isbad(master, offset)) {
97			if (!offset) {
98			nogood:
99				printk(KERN_NOTICE "Failed to find a non-bad block to check for RedBoot partition table\n");
100				return -EIO;
101			}
102			offset -= master->erasesize;
103		}
104	} else {
105		offset = directory * master->erasesize;
106		while (mtd_block_isbad(master, offset)) {
107			offset += master->erasesize;
108			if (offset == master->size)
109				goto nogood;
110		}
111	}
112	buf = vmalloc(master->erasesize);
113
114	if (!buf)
115		return -ENOMEM;
116
117	printk(KERN_NOTICE "Searching for RedBoot partition table in %s at offset 0x%lx\n",
118	       master->name, offset);
119
120	ret = mtd_read(master, offset, master->erasesize, &retlen,
121		       (void *)buf);
122
123	if (ret)
124		goto out;
125
126	if (retlen != master->erasesize) {
127		ret = -EIO;
128		goto out;
129	}
130
131	numslots = (master->erasesize / sizeof(struct fis_image_desc));
132	for (i = 0; i < numslots; i++) {
133		if (!memcmp(buf[i].name, "FIS directory", 14)) {
134			/* This is apparently the FIS directory entry for the
135			 * FIS directory itself.  The FIS directory size is
136			 * one erase block; if the buf[i].size field is
137			 * swab32(erasesize) then we know we are looking at
138			 * a byte swapped FIS directory - swap all the entries!
139			 * (NOTE: this is 'size' not 'data_length'; size is
140			 * the full size of the entry.)
141			 */
142
143			/* RedBoot can combine the FIS directory and
144			   config partitions into a single eraseblock;
145			   we assume wrong-endian if either the swapped
146			   'size' matches the eraseblock size precisely,
147			   or if the swapped size actually fits in an
148			   eraseblock while the unswapped size doesn't. */
149			if (swab32(buf[i].size) == master->erasesize ||
150			    (buf[i].size > master->erasesize
151			     && swab32(buf[i].size) < master->erasesize)) {
152				int j;
153				/* Update numslots based on actual FIS directory size */
154				numslots = swab32(buf[i].size) / sizeof (struct fis_image_desc);
155				for (j = 0; j < numslots; ++j) {
156
157					/* A single 0xff denotes a deleted entry.
158					 * Two of them in a row is the end of the table.
159					 */
160					if (buf[j].name[0] == 0xff) {
161				  		if (buf[j].name[1] == 0xff) {
162							break;
163						} else {
164							continue;
165						}
166					}
167
168					/* The unsigned long fields were written with the
169					 * wrong byte sex, name and pad have no byte sex.
170					 */
171					swab32s(&buf[j].flash_base);
172					swab32s(&buf[j].mem_base);
173					swab32s(&buf[j].size);
174					swab32s(&buf[j].entry_point);
175					swab32s(&buf[j].data_length);
176					swab32s(&buf[j].desc_cksum);
177					swab32s(&buf[j].file_cksum);
178				}
179			} else if (buf[i].size < master->erasesize) {
180				/* Update numslots based on actual FIS directory size */
181				numslots = buf[i].size / sizeof(struct fis_image_desc);
182			}
183			break;
184		}
185	}
186	if (i == numslots) {
187		/* Didn't find it */
188		printk(KERN_NOTICE "No RedBoot partition table detected in %s\n",
189		       master->name);
190		ret = 0;
191		goto out;
192	}
193
194	for (i = 0; i < numslots; i++) {
195		struct fis_list *new_fl, **prev;
196
197		if (buf[i].name[0] == 0xff) {
198			if (buf[i].name[1] == 0xff) {
199				break;
200			} else {
201				continue;
202			}
203		}
204		if (!redboot_checksum(&buf[i]))
205			break;
206
207		new_fl = kmalloc(sizeof(struct fis_list), GFP_KERNEL);
208		namelen += strlen(buf[i].name)+1;
209		if (!new_fl) {
210			ret = -ENOMEM;
211			goto out;
212		}
213		new_fl->img = &buf[i];
214		if (data && data->origin)
215			buf[i].flash_base -= data->origin;
216		else
217			buf[i].flash_base &= master->size-1;
218
219		/* I'm sure the JFFS2 code has done me permanent damage.
220		 * I now think the following is _normal_
221		 */
222		prev = &fl;
223		while(*prev && (*prev)->img->flash_base < new_fl->img->flash_base)
224			prev = &(*prev)->next;
225		new_fl->next = *prev;
226		*prev = new_fl;
227
228		nrparts++;
229	}
230#ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED
231	if (fl->img->flash_base) {
232		nrparts++;
233		nulllen = sizeof(nullstring);
234	}
235
236	for (tmp_fl = fl; tmp_fl->next; tmp_fl = tmp_fl->next) {
237		if (tmp_fl->img->flash_base + tmp_fl->img->size + master->erasesize <= tmp_fl->next->img->flash_base) {
238			nrparts++;
239			nulllen = sizeof(nullstring);
240		}
241	}
242#endif
243	parts = kzalloc(sizeof(*parts)*nrparts + nulllen + namelen, GFP_KERNEL);
244
245	if (!parts) {
246		ret = -ENOMEM;
247		goto out;
248	}
249
250	nullname = (char *)&parts[nrparts];
251#ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED
252	if (nulllen > 0) {
253		strcpy(nullname, nullstring);
254	}
255#endif
256	names = nullname + nulllen;
257
258	i=0;
259
260#ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED
261	if (fl->img->flash_base) {
262	       parts[0].name = nullname;
263	       parts[0].size = fl->img->flash_base;
264	       parts[0].offset = 0;
265		i++;
266	}
267#endif
268	for ( ; i<nrparts; i++) {
269		parts[i].size = fl->img->size;
270		parts[i].offset = fl->img->flash_base;
271		parts[i].name = names;
272
273		strcpy(names, fl->img->name);
274#ifdef CONFIG_MTD_REDBOOT_PARTS_READONLY
275		if (!memcmp(names, "RedBoot", 8) ||
276				!memcmp(names, "RedBoot config", 15) ||
277				!memcmp(names, "FIS directory", 14)) {
278			parts[i].mask_flags = MTD_WRITEABLE;
279		}
280#endif
281		names += strlen(names)+1;
282
283#ifdef CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED
284		if(fl->next && fl->img->flash_base + fl->img->size + master->erasesize <= fl->next->img->flash_base) {
285			i++;
286			parts[i].offset = parts[i-1].size + parts[i-1].offset;
287			parts[i].size = fl->next->img->flash_base - parts[i].offset;
288			parts[i].name = nullname;
289		}
290#endif
291		tmp_fl = fl;
292		fl = fl->next;
293		kfree(tmp_fl);
294	}
295	ret = nrparts;
296	*pparts = parts;
297 out:
298	while (fl) {
299		struct fis_list *old = fl;
300		fl = fl->next;
301		kfree(old);
302	}
303	vfree(buf);
304	return ret;
305}
306
307static const struct of_device_id mtd_parser_redboot_of_match_table[] = {
308	{ .compatible = "redboot-fis" },
309	{},
310};
311MODULE_DEVICE_TABLE(of, mtd_parser_redboot_of_match_table);
312
313static struct mtd_part_parser redboot_parser = {
314	.parse_fn = parse_redboot_partitions,
315	.name = "RedBoot",
316	.of_match_table = mtd_parser_redboot_of_match_table,
317};
318module_mtd_part_parser(redboot_parser);
319
320/* mtd parsers will request the module by parser name */
321MODULE_ALIAS("RedBoot");
322MODULE_LICENSE("GPL");
323MODULE_AUTHOR("David Woodhouse <dwmw2@infradead.org>");
324MODULE_DESCRIPTION("Parsing code for RedBoot Flash Image System (FIS) tables");
325