[U-Boot] [PATCH v3 0/4] Implement "fastboot flash" for eMMC
This series implements the "fastboot flash" command for eMMC devices. It supports both raw and sparse images.
NOTES: - the support for the "fastboot flash" command is enabled with CONFIG_FASTBOOT_FLASH - the support for eMMC is enabled with CONFIG_FASTBOOT_FLASH_MMC_DEV - (future) the support for NAND would be enabled with CONFIG_FASTBOOT_FLASH_NAND(???)
This has been tested on ARMv7.
Changes in v3: - remove most references to 'mmc', which leaves only one mmc specific function: mmc_get_dev()
Changes in v2: - split large function into three - improved handling of response messages - additional partition size checking when writing sparse image - update README.android-fastboot file - new in v2
Steve Rae (4): usb/gadget: fastboot: add sparse image definitions usb/gadget: fastboot: add eMMC support for flash command usb/gadget: fastboot: add support for flash command usb/gadget: fastboot: minor cleanup
README | 10 +++ common/Makefile | 5 ++ common/fb_mmc.c | 190 ++++++++++++++++++++++++++++++++++++++++ doc/README.android-fastboot | 5 +- drivers/usb/gadget/f_fastboot.c | 41 ++++++++- include/fb_mmc.h | 8 ++ include/sparse_format.h | 58 ++++++++++++ 7 files changed, 312 insertions(+), 5 deletions(-) create mode 100644 common/fb_mmc.c create mode 100644 include/fb_mmc.h create mode 100644 include/sparse_format.h
- to prepare for the support of fastboot sparse images
Signed-off-by: Steve Rae srae@broadcom.com --- This file is ASIS from: https://raw.githubusercontent.com/AOSB/android_system_core/master/libsparse/... (commit 28fa5bc347390480fe190294c6c385b6a9f0d68b) except for the __UBOOT__ conditional include.
Changes in v3: None Changes in v2: None
include/sparse_format.h | 58 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 include/sparse_format.h
diff --git a/include/sparse_format.h b/include/sparse_format.h new file mode 100644 index 0000000..21fbd05 --- /dev/null +++ b/include/sparse_format.h @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2010 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _LIBSPARSE_SPARSE_FORMAT_H_ +#define _LIBSPARSE_SPARSE_FORMAT_H_ +#define __UBOOT__ +#ifndef __UBOOT__ +#include "sparse_defs.h" +#endif + +typedef struct sparse_header { + __le32 magic; /* 0xed26ff3a */ + __le16 major_version; /* (0x1) - reject images with higher major versions */ + __le16 minor_version; /* (0x0) - allow images with higer minor versions */ + __le16 file_hdr_sz; /* 28 bytes for first revision of the file format */ + __le16 chunk_hdr_sz; /* 12 bytes for first revision of the file format */ + __le32 blk_sz; /* block size in bytes, must be a multiple of 4 (4096) */ + __le32 total_blks; /* total blocks in the non-sparse output image */ + __le32 total_chunks; /* total chunks in the sparse input image */ + __le32 image_checksum; /* CRC32 checksum of the original data, counting "don't care" */ + /* as 0. Standard 802.3 polynomial, use a Public Domain */ + /* table implementation */ +} sparse_header_t; + +#define SPARSE_HEADER_MAGIC 0xed26ff3a + +#define CHUNK_TYPE_RAW 0xCAC1 +#define CHUNK_TYPE_FILL 0xCAC2 +#define CHUNK_TYPE_DONT_CARE 0xCAC3 +#define CHUNK_TYPE_CRC32 0xCAC4 + +typedef struct chunk_header { + __le16 chunk_type; /* 0xCAC1 -> raw; 0xCAC2 -> fill; 0xCAC3 -> don't care */ + __le16 reserved1; + __le32 chunk_sz; /* in blocks in output image */ + __le32 total_sz; /* in bytes of chunk input file including chunk header and data */ +} chunk_header_t; + +/* Following a Raw or Fill or CRC32 chunk is data. + * For a Raw chunk, it's the data in chunk_sz * blk_sz. + * For a Fill chunk, it's 4 bytes of the fill data. + * For a CRC32 chunk, it's 4 bytes of CRC32 + */ + +#endif
On Thursday, June 26, 2014 at 10:13:21 PM, Steve Rae wrote:
- to prepare for the support of fastboot sparse images
Signed-off-by: Steve Rae srae@broadcom.com
This file is ASIS from:
https://raw.githubusercontent.com/AOSB/android_system_core/master/libspars e/sparse_format.h (commit 28fa5bc347390480fe190294c6c385b6a9f0d68b) except for the __UBOOT__ conditional include.
Changes in v3: None Changes in v2: None
include/sparse_format.h | 58 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 include/sparse_format.h
diff --git a/include/sparse_format.h b/include/sparse_format.h new file mode 100644 index 0000000..21fbd05 --- /dev/null +++ b/include/sparse_format.h @@ -0,0 +1,58 @@ +/*
- Copyright (C) 2010 The Android Open Source Project
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. + * See the License for the specific language governing permissions and + * limitations under the License.
Please use the SPDX licence identifiers (pelase see Licenses/README)?
- */
+#ifndef _LIBSPARSE_SPARSE_FORMAT_H_ +#define _LIBSPARSE_SPARSE_FORMAT_H_ +#define __UBOOT__ +#ifndef __UBOOT__ +#include "sparse_defs.h" +#endif
+typedef struct sparse_header {
- __le32 magic; /* 0xed26ff3a */
- __le16 major_version; /* (0x1) - reject images with higher major
versions */ + __le16 minor_version; /* (0x0) - allow images with higer minor versions */ + __le16 file_hdr_sz; /* 28 bytes for first revision of the file format */ + __le16 chunk_hdr_sz; /* 12 bytes for first revision of the file format */ + __le32 blk_sz; /* block size in bytes,
must be a
multiple of 4 (4096) */ + __le32 total_blks; /* total blocks in the non-sparse output image */ + __le32 total_chunks; /* total chunks in the sparse input image */ + __le32 image_checksum; /* CRC32 checksum of the original data, counting "don't care" */ + /* as 0.
Standard 802.3
polynomial, use a Public Domain */
/* table implementation */+} sparse_header_t;
+#define SPARSE_HEADER_MAGIC 0xed26ff3a
+#define CHUNK_TYPE_RAW 0xCAC1 +#define CHUNK_TYPE_FILL 0xCAC2 +#define CHUNK_TYPE_DONT_CARE 0xCAC3 +#define CHUNK_TYPE_CRC32 0xCAC4
+typedef struct chunk_header {
- __le16 chunk_type; /* 0xCAC1 -> raw; 0xCAC2 -> fill; 0xCAC3 ->
don't
care */ + __le16 reserved1;
- __le32 chunk_sz; /* in blocks in output image */
- __le32 total_sz; /* in bytes of chunk input file including chunk
header
and data */ +} chunk_header_t;
+/* Following a Raw or Fill or CRC32 chunk is data.
The comment here is not aligned with coding style, I'll leave fixing it up to you, since the license header text needs revisiting.
- For a Raw chunk, it's the data in chunk_sz * blk_sz.
- For a Fill chunk, it's 4 bytes of the fill data.
- For a CRC32 chunk, it's 4 bytes of CRC32
- */
+#endif
On 14-07-30 06:25 PM, Marek Vasut wrote:
On Thursday, June 26, 2014 at 10:13:21 PM, Steve Rae wrote:
- to prepare for the support of fastboot sparse images
Signed-off-by: Steve Rae srae@broadcom.com
This file is ASIS from:
https://raw.githubusercontent.com/AOSB/android_system_core/master/libspars e/sparse_format.h (commit 28fa5bc347390480fe190294c6c385b6a9f0d68b) except for the __UBOOT__ conditional include.
Changes in v3: None Changes in v2: None
include/sparse_format.h | 58 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 include/sparse_format.h
diff --git a/include/sparse_format.h b/include/sparse_format.h new file mode 100644 index 0000000..21fbd05 --- /dev/null +++ b/include/sparse_format.h @@ -0,0 +1,58 @@ +/*
- Copyright (C) 2010 The Android Open Source Project
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. + * See the License for the specific language governing permissions and + * limitations under the License.
Please use the SPDX licence identifiers (pelase see Licenses/README)?
- */
+#ifndef _LIBSPARSE_SPARSE_FORMAT_H_ +#define _LIBSPARSE_SPARSE_FORMAT_H_ +#define __UBOOT__ +#ifndef __UBOOT__ +#include "sparse_defs.h" +#endif
+typedef struct sparse_header {
- __le32 magic; /* 0xed26ff3a */
- __le16 major_version; /* (0x1) - reject images with higher major
versions */ + __le16 minor_version; /* (0x0) - allow images with higer minor versions */ + __le16 file_hdr_sz; /* 28 bytes for first revision of the file format */ + __le16 chunk_hdr_sz; /* 12 bytes for first revision of the file format */ + __le32 blk_sz; /* block size in bytes,
must be a
multiple of 4 (4096) */ + __le32 total_blks; /* total blocks in the non-sparse output image */ + __le32 total_chunks; /* total chunks in the sparse input image */ + __le32 image_checksum; /* CRC32 checksum of the original data, counting "don't care" */ + /* as 0.
Standard 802.3
polynomial, use a Public Domain */
/* table implementation */+} sparse_header_t;
+#define SPARSE_HEADER_MAGIC 0xed26ff3a
+#define CHUNK_TYPE_RAW 0xCAC1 +#define CHUNK_TYPE_FILL 0xCAC2 +#define CHUNK_TYPE_DONT_CARE 0xCAC3 +#define CHUNK_TYPE_CRC32 0xCAC4
+typedef struct chunk_header {
- __le16 chunk_type; /* 0xCAC1 -> raw; 0xCAC2 -> fill; 0xCAC3 ->
don't
care */ + __le16 reserved1;
- __le32 chunk_sz; /* in blocks in output image */
- __le32 total_sz; /* in bytes of chunk input file including chunk
header
and data */ +} chunk_header_t;
+/* Following a Raw or Fill or CRC32 chunk is data.
The comment here is not aligned with coding style, I'll leave fixing it up to you, since the license header text needs revisiting.
- For a Raw chunk, it's the data in chunk_sz * blk_sz.
- For a Fill chunk, it's 4 bytes of the fill data.
- For a CRC32 chunk, it's 4 bytes of CRC32
- */
+#endif
To clarify: I am taking this file ASIS from the location stated in the commit message.... Do we _really_ want to modify _anything_ in this file (especially when the content is not changing); or do we want to leaving it pristine?
On Thursday, July 31, 2014 at 07:32:51 PM, Steve Rae wrote:
On 14-07-30 06:25 PM, Marek Vasut wrote:
On Thursday, June 26, 2014 at 10:13:21 PM, Steve Rae wrote:
- to prepare for the support of fastboot sparse images
Signed-off-by: Steve Rae srae@broadcom.com
This file is ASIS from:
https://raw.githubusercontent.com/AOSB/android_system_core/master/libspa rs e/sparse_format.h (commit 28fa5bc347390480fe190294c6c385b6a9f0d68b) except for the __UBOOT__ conditional include.
Changes in v3: None Changes in v2: None
include/sparse_format.h | 58
+++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+)
create mode 100644 include/sparse_format.h
diff --git a/include/sparse_format.h b/include/sparse_format.h new file mode 100644 index 0000000..21fbd05 --- /dev/null +++ b/include/sparse_format.h @@ -0,0 +1,58 @@ +/*
- Copyright (C) 2010 The Android Open Source Project
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. + * See the License for the specific language governing permissions and + * limitations under the License.
Please use the SPDX licence identifiers (pelase see Licenses/README)?
- */
+#ifndef _LIBSPARSE_SPARSE_FORMAT_H_ +#define _LIBSPARSE_SPARSE_FORMAT_H_ +#define __UBOOT__ +#ifndef __UBOOT__ +#include "sparse_defs.h" +#endif
+typedef struct sparse_header {
- __le32 magic; /* 0xed26ff3a */
- __le16 major_version; /* (0x1) - reject images with higher major
versions */ + __le16 minor_version; /* (0x0) - allow images with
higer
minor versions */ + __le16 file_hdr_sz; /* 28 bytes for first
revision
of the file format */ + __le16 chunk_hdr_sz; /* 12 bytes for first revision of the file format */ + __le32 blk_sz; /* block size in bytes,
must be a
multiple of 4 (4096) */ + __le32 total_blks; /* total blocks in the non-sparse output image */ + __le32 total_chunks; /* total chunks
in
the sparse input image */ + __le32 image_checksum; /* CRC32 checksum of the original data, counting "don't care" */ + /*
as 0.
Standard 802.3
polynomial, use a Public Domain */
/* table implementation */+} sparse_header_t;
+#define SPARSE_HEADER_MAGIC 0xed26ff3a
+#define CHUNK_TYPE_RAW 0xCAC1 +#define CHUNK_TYPE_FILL 0xCAC2 +#define CHUNK_TYPE_DONT_CARE 0xCAC3 +#define CHUNK_TYPE_CRC32 0xCAC4
+typedef struct chunk_header {
- __le16 chunk_type; /* 0xCAC1 -> raw; 0xCAC2 -> fill; 0xCAC3 ->
don't
care */ + __le16 reserved1;
- __le32 chunk_sz; /* in blocks in output image */
- __le32 total_sz; /* in bytes of chunk input file including chunk
header
and data */ +} chunk_header_t;
+/* Following a Raw or Fill or CRC32 chunk is data.
The comment here is not aligned with coding style, I'll leave fixing it up to you, since the license header text needs revisiting.
- For a Raw chunk, it's the data in chunk_sz * blk_sz.
- For a Fill chunk, it's 4 bytes of the fill data.
- For a CRC32 chunk, it's 4 bytes of CRC32
- */
+#endif
To clarify: I am taking this file ASIS from the location stated in the commit message.... Do we _really_ want to modify _anything_ in this file (especially when the content is not changing); or do we want to leaving it pristine?
I'd prefer consistency with the rest of the codebase. Let's wait what others think.
On Thu, Jul 31, 2014 at 10:32:51AM -0700, Steve Rae wrote:
On 14-07-30 06:25 PM, Marek Vasut wrote:
On Thursday, June 26, 2014 at 10:13:21 PM, Steve Rae wrote:
- to prepare for the support of fastboot sparse images
Signed-off-by: Steve Rae srae@broadcom.com
This file is ASIS from:
https://raw.githubusercontent.com/AOSB/android_system_core/master/libspars e/sparse_format.h (commit 28fa5bc347390480fe190294c6c385b6a9f0d68b) except for the __UBOOT__ conditional include.
Changes in v3: None Changes in v2: None
include/sparse_format.h | 58 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 include/sparse_format.h
diff --git a/include/sparse_format.h b/include/sparse_format.h new file mode 100644 index 0000000..21fbd05 --- /dev/null +++ b/include/sparse_format.h @@ -0,0 +1,58 @@ +/*
- Copyright (C) 2010 The Android Open Source Project
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. + * See the License for the specific language governing permissions and + * limitations under the License.
Please use the SPDX licence identifiers (pelase see Licenses/README)?
And again, the license itself _is_ a problem.
[snip]
To clarify: I am taking this file ASIS from the location stated in the commit message.... Do we _really_ want to modify _anything_ in this file (especially when the content is not changing); or do we want to leaving it pristine?
I'd be fine with it being pristine if it was a GPL-compatible license.
On 14-08-05 07:00 AM, Tom Rini wrote:
On Thu, Jul 31, 2014 at 10:32:51AM -0700, Steve Rae wrote:
On 14-07-30 06:25 PM, Marek Vasut wrote:
On Thursday, June 26, 2014 at 10:13:21 PM, Steve Rae wrote:
- to prepare for the support of fastboot sparse images
Signed-off-by: Steve Rae srae@broadcom.com
This file is ASIS from:
https://raw.githubusercontent.com/AOSB/android_system_core/master/libspars e/sparse_format.h (commit 28fa5bc347390480fe190294c6c385b6a9f0d68b) except for the __UBOOT__ conditional include.
Changes in v3: None Changes in v2: None
include/sparse_format.h | 58 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 include/sparse_format.h
diff --git a/include/sparse_format.h b/include/sparse_format.h new file mode 100644 index 0000000..21fbd05 --- /dev/null +++ b/include/sparse_format.h @@ -0,0 +1,58 @@ +/*
- Copyright (C) 2010 The Android Open Source Project
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. + * See the License for the specific language governing permissions and + * limitations under the License.
Please use the SPDX licence identifiers (pelase see Licenses/README)?
And again, the license itself _is_ a problem.
[snip]
To clarify: I am taking this file ASIS from the location stated in the commit message.... Do we _really_ want to modify _anything_ in this file (especially when the content is not changing); or do we want to leaving it pristine?
I'd be fine with it being pristine if it was a GPL-compatible license.
Any ideas on how can we proceed? How can we get past this license issue? IMO, the "fastboot flash" command is severely hampered if we cannot support the "sparse" format. Thanks in advance, Steve
- add support for 'fastboot flash' command for eMMC devices
Signed-off-by: Steve Rae srae@broadcom.com --- I suspect that the "sparse image" handling (ie. the "while (remaining_chunks)" loop) has been implemented elsewhere -- I need help finding the original code to determine any licensing issues.... Thanks, Steve
Changes in v3: - remove most references to 'mmc', which leaves only one mmc specific function: mmc_get_dev()
Changes in v2: - split large function into three - improved handling of response messages - additional partition size checking when writing sparse image
common/Makefile | 5 ++ common/fb_mmc.c | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ include/fb_mmc.h | 8 +++ 3 files changed, 203 insertions(+) create mode 100644 common/fb_mmc.c create mode 100644 include/fb_mmc.h
diff --git a/common/Makefile b/common/Makefile index de5cce8..daebe39 100644 --- a/common/Makefile +++ b/common/Makefile @@ -266,4 +266,9 @@ obj-$(CONFIG_IO_TRACE) += iotrace.o obj-y += memsize.o obj-y += stdio.o
+# This option is not just y/n - it can have a numeric value +ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV +obj-y += fb_mmc.o +endif + CFLAGS_env_embedded.o := -Wa,--no-warn -DENV_CRC=$(shell tools/envcrc 2>/dev/null) diff --git a/common/fb_mmc.c b/common/fb_mmc.c new file mode 100644 index 0000000..9163d8c --- /dev/null +++ b/common/fb_mmc.c @@ -0,0 +1,190 @@ +/* + * Copyright TODO + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <common.h> +#include <fb_mmc.h> +#include <part.h> +#include <sparse_format.h> + +/* The 64 defined bytes plus \0 */ +#define RESPONSE_LEN (64 + 1) + +static char *response_str; + +static void fastboot_resp(const char *s) +{ + strncpy(response_str, s, RESPONSE_LEN); + response_str[RESPONSE_LEN - 1] = '\0'; +} + +static int is_sparse_image(void *buf) +{ + sparse_header_t *s_header = (sparse_header_t *)buf; + + if ((le32_to_cpu(s_header->magic) == SPARSE_HEADER_MAGIC) && + (le16_to_cpu(s_header->major_version) == 1)) + return 1; + + return 0; +} + +static void write_sparse_image(block_dev_desc_t *dev_desc, + disk_partition_t *info, const char *part_name, + void *buffer, unsigned int download_bytes) +{ + lbaint_t blk; + lbaint_t blkcnt; + lbaint_t blks; + sparse_header_t *s_header = (sparse_header_t *)buffer; + chunk_header_t *c_header; + void *buf; + uint32_t blk_sz; + uint32_t remaining_chunks; + uint32_t bytes_written = 0; + + blk_sz = le32_to_cpu(s_header->blk_sz); + + /* verify s_header->blk_sz is exact multiple of info->blksz */ + if (blk_sz != (blk_sz & ~(info->blksz - 1))) { + printf("%s: Sparse image block size issue [%u]\n", + __func__, blk_sz); + fastboot_resp("FAILsparse image block size issue"); + return; + } + + if ((le32_to_cpu(s_header->total_blks) * blk_sz) > + (info->size * info->blksz)) { + printf("%s: Sparse image is too large for the partition\n", + __func__); + fastboot_resp("FAILsparse image is too large"); + return; + } + + printf("Flashing Sparse Image\n"); + + remaining_chunks = le32_to_cpu(s_header->total_chunks); + c_header = (chunk_header_t *)(buffer + + le16_to_cpu(s_header->file_hdr_sz)); + blk = info->start; + while (remaining_chunks) { + blkcnt = + (le32_to_cpu(c_header->chunk_sz) * blk_sz) / info->blksz; + + switch (le16_to_cpu(c_header->chunk_type)) { + case CHUNK_TYPE_RAW: + buf = (void *)c_header + + le16_to_cpu(s_header->chunk_hdr_sz); + + if (blk + blkcnt > info->start + info->size) { + printf( + "%s: Request would exceed partition size!\n", + __func__); + fastboot_resp( + "FAILRequest would exceed partition size!"); + return; + } + + blks = dev_desc->block_write(dev_desc->dev, blk, blkcnt, + buf); + if (blks != blkcnt) { + printf("%s: Write failed " LBAFU "\n", + __func__, blks); + fastboot_resp("FAILwrite failure"); + return; + } + + bytes_written += blkcnt * info->blksz; + break; + + case CHUNK_TYPE_FILL: + case CHUNK_TYPE_DONT_CARE: + case CHUNK_TYPE_CRC32: + /* do nothing */ + break; + + default: + /* error */ + printf("%s: Unknown chunk type\n", __func__); + fastboot_resp("FAILunknown chunk type in sparse image"); + return; + } + + blk += blkcnt; + c_header = (chunk_header_t *)((void *)c_header + + le32_to_cpu(c_header->total_sz)); + remaining_chunks--; + } + + printf("........ wrote %u bytes to '%s'\n", bytes_written, part_name); + fastboot_resp("OKAY"); +} + +static void write_raw_image(block_dev_desc_t *dev_desc, disk_partition_t *info, + const char *part_name, void *buffer, + unsigned int download_bytes) +{ + lbaint_t blkcnt; + lbaint_t blks; + + /* determine number of blocks to write */ + blkcnt = ((download_bytes + (info->blksz - 1)) & ~(info->blksz - 1)); + blkcnt = blkcnt / info->blksz; + + if (blkcnt > info->size) { + printf("%s: too large for partition: '%s'\n", __func__, + part_name); + fastboot_resp("FAILtoo large for partition"); + return; + } + + printf("Flashing Raw Image\n"); + + blks = dev_desc->block_write(dev_desc->dev, info->start, blkcnt, + buffer); + if (blks != blkcnt) { + printf("%s: failed writing to device %d\n", __func__, + dev_desc->dev); + fastboot_resp("FAILfailed writing to device"); + return; + } + + printf("........ wrote " LBAFU " bytes to '%s'\n", blkcnt * info->blksz, + part_name); + fastboot_resp("OKAY"); +} + +void fb_mmc_flash_write(const char *cmd, void *download_buffer, + unsigned int download_bytes, char *response) +{ + int ret; + block_dev_desc_t *dev_desc; + disk_partition_t info; + + /* initialize the response buffer */ + response_str = response; + + dev_desc = mmc_get_dev(CONFIG_FASTBOOT_FLASH_MMC_DEV); + if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) { + printf("%s: invalid mmc device\n", __func__); + fastboot_resp("FAILinvalid mmc device"); + return; + } + + ret = get_partition_info_efi_by_name(dev_desc, cmd, &info); + if (ret) { + printf("%s: cannot find partition: '%s'\n", __func__, cmd); + fastboot_resp("FAILcannot find partition"); + return; + } + + if (is_sparse_image(download_buffer)) { + write_sparse_image(dev_desc, &info, cmd, download_buffer, + download_bytes); + } else { + write_raw_image(dev_desc, &info, cmd, download_buffer, + download_bytes); + } +} diff --git a/include/fb_mmc.h b/include/fb_mmc.h new file mode 100644 index 0000000..1ad1d13 --- /dev/null +++ b/include/fb_mmc.h @@ -0,0 +1,8 @@ +/* + * Copyright 2014 Broadcom Corporation. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +void fb_mmc_flash_write(const char *cmd, void *download_buffer, + unsigned int download_bytes, char *response);
On Thursday, June 26, 2014 at 10:13:22 PM, Steve Rae wrote: [...]
+#include <common.h> +#include <fb_mmc.h> +#include <part.h> +#include <sparse_format.h>
+/* The 64 defined bytes plus \0 */ +#define RESPONSE_LEN (64 + 1)
+static char *response_str;
I'd suggest to pass this "response_str" around instead of making it global.
+static void fastboot_resp(const char *s) +{
- strncpy(response_str, s, RESPONSE_LEN);
- response_str[RESPONSE_LEN - 1] = '\0';
This could be shrunk to a single snprintf(response_str, RESPONSE_LENGTH, s); I think, but I'm not sure if the overhead won't grow.
+}
+static int is_sparse_image(void *buf) +{
- sparse_header_t *s_header = (sparse_header_t *)buf;
- if ((le32_to_cpu(s_header->magic) == SPARSE_HEADER_MAGIC) &&
(le16_to_cpu(s_header->major_version) == 1))return 1;- return 0;
+}
+static void write_sparse_image(block_dev_desc_t *dev_desc,
disk_partition_t *info, const char *part_name,void *buffer, unsigned int download_bytes)+{
- lbaint_t blk;
- lbaint_t blkcnt;
- lbaint_t blks;
- sparse_header_t *s_header = (sparse_header_t *)buffer;
- chunk_header_t *c_header;
- void *buf;
- uint32_t blk_sz;
- uint32_t remaining_chunks;
- uint32_t bytes_written = 0;
- blk_sz = le32_to_cpu(s_header->blk_sz);
- /* verify s_header->blk_sz is exact multiple of info->blksz */
- if (blk_sz != (blk_sz & ~(info->blksz - 1))) {
printf("%s: Sparse image block size issue [%u]\n",__func__, blk_sz);fastboot_resp("FAILsparse image block size issue");
Can't you just make the fastboot_resp() function a variadic one AND move the printf() into the fastboot_resp() function? You could then even get consistent output on both the device and in the response if you snprintf() into the response_str first and then printf() the response_str .
return;- }
[...]
+static void write_raw_image(block_dev_desc_t *dev_desc, disk_partition_t *info, + const char *part_name, void *buffer,
unsigned int download_bytes)+{
- lbaint_t blkcnt;
- lbaint_t blks;
- /* determine number of blocks to write */
- blkcnt = ((download_bytes + (info->blksz - 1)) & ~(info->blksz - 1));
- blkcnt = blkcnt / info->blksz;
- if (blkcnt > info->size) {
printf("%s: too large for partition: '%s'\n", __func__,part_name);fastboot_resp("FAILtoo large for partition");return;- }
- printf("Flashing Raw Image\n");
Use puts() here and everywhere where printf() is not taking any args please.
- blks = dev_desc->block_write(dev_desc->dev, info->start, blkcnt,
buffer);- if (blks != blkcnt) {
printf("%s: failed writing to device %d\n", __func__,dev_desc->dev);fastboot_resp("FAILfailed writing to device");return;- }
- printf("........ wrote " LBAFU " bytes to '%s'\n", blkcnt * info->blksz,
part_name);- fastboot_resp("OKAY");
+}
[...]
On 14-07-30 06:37 PM, Marek Vasut wrote:
On Thursday, June 26, 2014 at 10:13:22 PM, Steve Rae wrote: [...]
+#include <common.h> +#include <fb_mmc.h> +#include <part.h> +#include <sparse_format.h>
+/* The 64 defined bytes plus \0 */ +#define RESPONSE_LEN (64 + 1)
+static char *response_str;
I'd suggest to pass this "response_str" around instead of making it global.
That would involve adding it to fastboot_resp(), which is called 11 times in this code, from 3 different functions (so would need to add this to two of the functions...). And as these evolve, there will likely be more nested functions, which would all require "passing it around".... I think that this "static global pointer" is a cleaner implementation.
+static void fastboot_resp(const char *s) +{
- strncpy(response_str, s, RESPONSE_LEN);
- response_str[RESPONSE_LEN - 1] = '\0';
This could be shrunk to a single snprintf(response_str, RESPONSE_LENGTH, s); I think, but I'm not sure if the overhead won't grow.
snprintf() is used very sparingling in U-Boot, and with the cautionary statements in README (line 852) and the fact that CONFIG_SYS_VSNPRINTF is not defined for armv7 builds, I am not going to use it....
+}
+static int is_sparse_image(void *buf) +{
- sparse_header_t *s_header = (sparse_header_t *)buf;
- if ((le32_to_cpu(s_header->magic) == SPARSE_HEADER_MAGIC) &&
(le16_to_cpu(s_header->major_version) == 1))return 1;- return 0;
+}
+static void write_sparse_image(block_dev_desc_t *dev_desc,
disk_partition_t *info, const char *part_name,void *buffer, unsigned int download_bytes)+{
- lbaint_t blk;
- lbaint_t blkcnt;
- lbaint_t blks;
- sparse_header_t *s_header = (sparse_header_t *)buffer;
- chunk_header_t *c_header;
- void *buf;
- uint32_t blk_sz;
- uint32_t remaining_chunks;
- uint32_t bytes_written = 0;
- blk_sz = le32_to_cpu(s_header->blk_sz);
- /* verify s_header->blk_sz is exact multiple of info->blksz */
- if (blk_sz != (blk_sz & ~(info->blksz - 1))) {
printf("%s: Sparse image block size issue [%u]\n",__func__, blk_sz);fastboot_resp("FAILsparse image block size issue");Can't you just make the fastboot_resp() function a variadic one AND move the printf() into the fastboot_resp() function? You could then even get consistent output on both the device and in the response if you snprintf() into the response_str first and then printf() the response_str .
Generally, the printf() statements which are sent to the console, and the fastboot_resp() statements which are sent to the host running the "fastboot" application are not the same....
return;- }
[...]
+static void write_raw_image(block_dev_desc_t *dev_desc, disk_partition_t *info, + const char *part_name, void *buffer,
unsigned int download_bytes)+{
- lbaint_t blkcnt;
- lbaint_t blks;
- /* determine number of blocks to write */
- blkcnt = ((download_bytes + (info->blksz - 1)) & ~(info->blksz - 1));
- blkcnt = blkcnt / info->blksz;
- if (blkcnt > info->size) {
printf("%s: too large for partition: '%s'\n", __func__,part_name);fastboot_resp("FAILtoo large for partition");return;- }
- printf("Flashing Raw Image\n");
Use puts() here and everywhere where printf() is not taking any args please.
done in v4 - Thanks!
- blks = dev_desc->block_write(dev_desc->dev, info->start, blkcnt,
buffer);- if (blks != blkcnt) {
printf("%s: failed writing to device %d\n", __func__,dev_desc->dev);fastboot_resp("FAILfailed writing to device");return;- }
- printf("........ wrote " LBAFU " bytes to '%s'\n", blkcnt * info->blksz,
part_name);- fastboot_resp("OKAY");
+}
[...]
Thanks, Steve
On Thursday, August 07, 2014 at 01:48:06 AM, Steve Rae wrote:
On 14-07-30 06:37 PM, Marek Vasut wrote:
On Thursday, June 26, 2014 at 10:13:22 PM, Steve Rae wrote: [...]
+#include <common.h> +#include <fb_mmc.h> +#include <part.h> +#include <sparse_format.h>
+/* The 64 defined bytes plus \0 */ +#define RESPONSE_LEN (64 + 1)
+static char *response_str;
I'd suggest to pass this "response_str" around instead of making it global.
That would involve adding it to fastboot_resp(), which is called 11 times in this code, from 3 different functions (so would need to add this to two of the functions...). And as these evolve, there will likely be more nested functions, which would all require "passing it around".... I think that this "static global pointer" is a cleaner implementation.
Eventually, the amount of these static variables in the code will grow and it will become increasingly difficult to weed them out. I believe it would be even better to pass around some kind of a structure with "private data" of the fastboot, which would cater for all possible variables which might come in the future. What do you think ?
+static void fastboot_resp(const char *s) +{
- strncpy(response_str, s, RESPONSE_LEN);
- response_str[RESPONSE_LEN - 1] = '\0';
This could be shrunk to a single snprintf(response_str, RESPONSE_LENGTH, s); I think, but I'm not sure if the overhead won't grow.
snprintf() is used very sparingling in U-Boot
This is not a reason to avoid it.
, and with the cautionary statements in README (line 852)
Which statements? Can you please point them out? I fail to see them, sorry.
and the fact that CONFIG_SYS_VSNPRINTF is not defined for armv7 builds, I am
not going to use it....
Is it a problem to define it? Also, even without CONFIG_SYS_VSNPRINTF , the functions are still available, see the README: 857 If this option is not given then these functions will 858 silently discard their buffer size argument - this means 859 you are not getting any overflow checking in this case.
I have yet to see some hard-evidence against using safe printing functions here.
+}
+static int is_sparse_image(void *buf) +{
- sparse_header_t *s_header = (sparse_header_t *)buf;
- if ((le32_to_cpu(s_header->magic) == SPARSE_HEADER_MAGIC) &&
(le16_to_cpu(s_header->major_version) == 1))return 1;- return 0;
+}
+static void write_sparse_image(block_dev_desc_t *dev_desc,
disk_partition_t *info, const char *part_name,void *buffer, unsigned int download_bytes)+{
- lbaint_t blk;
- lbaint_t blkcnt;
- lbaint_t blks;
- sparse_header_t *s_header = (sparse_header_t *)buffer;
- chunk_header_t *c_header;
- void *buf;
- uint32_t blk_sz;
- uint32_t remaining_chunks;
- uint32_t bytes_written = 0;
- blk_sz = le32_to_cpu(s_header->blk_sz);
- /* verify s_header->blk_sz is exact multiple of info->blksz */
- if (blk_sz != (blk_sz & ~(info->blksz - 1))) {
printf("%s: Sparse image block size issue [%u]\n",__func__, blk_sz);fastboot_resp("FAILsparse image block size issue");Can't you just make the fastboot_resp() function a variadic one AND move the printf() into the fastboot_resp() function? You could then even get consistent output on both the device and in the response if you snprintf() into the response_str first and then printf() the response_str .
Generally, the printf() statements which are sent to the console, and the fastboot_resp() statements which are sent to the host running the "fastboot" application are not the same....
OK, thanks!
On 14-08-06 05:13 PM, Marek Vasut wrote:
On Thursday, August 07, 2014 at 01:48:06 AM, Steve Rae wrote:
On 14-07-30 06:37 PM, Marek Vasut wrote:
On Thursday, June 26, 2014 at 10:13:22 PM, Steve Rae wrote: [...]
+#include <common.h> +#include <fb_mmc.h> +#include <part.h> +#include <sparse_format.h>
+/* The 64 defined bytes plus \0 */ +#define RESPONSE_LEN (64 + 1)
+static char *response_str;
I'd suggest to pass this "response_str" around instead of making it global.
That would involve adding it to fastboot_resp(), which is called 11 times in this code, from 3 different functions (so would need to add this to two of the functions...). And as these evolve, there will likely be more nested functions, which would all require "passing it around".... I think that this "static global pointer" is a cleaner implementation.
Eventually, the amount of these static variables in the code will grow and it will become increasingly difficult to weed them out. I believe it would be even better to pass around some kind of a structure with "private data" of the fastboot, which would cater for all possible variables which might come in the future. What do you think ?
Yes -- if there is private data that the fastboot implementation requires, then a data structure is the way to go. However, I still think that this "fastboot response string" would even be an exception to that private data....
+static void fastboot_resp(const char *s) +{
- strncpy(response_str, s, RESPONSE_LEN);
- response_str[RESPONSE_LEN - 1] = '\0';
This could be shrunk to a single snprintf(response_str, RESPONSE_LENGTH, s); I think, but I'm not sure if the overhead won't grow.
snprintf() is used very sparingling in U-Boot
This is not a reason to avoid it.
true....
, and with the cautionary statements in README (line 852)
Which statements? Can you please point them out? I fail to see them, sorry.
I was referring to what you mention below... 852 - Safe printf() functions 853 Define CONFIG_SYS_VSNPRINTF to compile in safe versions of 854 the printf() functions. These are defined in 855 include/vsprintf.h and include snprintf(), vsnprintf() and 856 so on. Code size increase is approximately 300-500 bytes. 857 If this option is not given then these functions will 858 silently discard their buffer size argument - this means 859 you are not getting any overflow checking in this case.
and the fact that CONFIG_SYS_VSNPRINTF is not defined for armv7 builds, I am
not going to use it....
Is it a problem to define it? Also, even without CONFIG_SYS_VSNPRINTF , the functions are still available, see the README: 857 If this option is not given then these functions will 858 silently discard their buffer size argument - this means 859 you are not getting any overflow checking in this case.
I have yet to see some hard-evidence against using safe printing functions here.
I don't want to be the first to defined it for all of armv7.... And I really don't want to define it only only my boards running so that they can run 'fastboot' What do you suggest?
+}
+static int is_sparse_image(void *buf) +{
- sparse_header_t *s_header = (sparse_header_t *)buf;
- if ((le32_to_cpu(s_header->magic) == SPARSE_HEADER_MAGIC) &&
(le16_to_cpu(s_header->major_version) == 1))return 1;- return 0;
+}
+static void write_sparse_image(block_dev_desc_t *dev_desc,
disk_partition_t *info, const char *part_name,void *buffer, unsigned int download_bytes)+{
- lbaint_t blk;
- lbaint_t blkcnt;
- lbaint_t blks;
- sparse_header_t *s_header = (sparse_header_t *)buffer;
- chunk_header_t *c_header;
- void *buf;
- uint32_t blk_sz;
- uint32_t remaining_chunks;
- uint32_t bytes_written = 0;
- blk_sz = le32_to_cpu(s_header->blk_sz);
- /* verify s_header->blk_sz is exact multiple of info->blksz */
- if (blk_sz != (blk_sz & ~(info->blksz - 1))) {
printf("%s: Sparse image block size issue [%u]\n",__func__, blk_sz);fastboot_resp("FAILsparse image block size issue");Can't you just make the fastboot_resp() function a variadic one AND move the printf() into the fastboot_resp() function? You could then even get consistent output on both the device and in the response if you snprintf() into the response_str first and then printf() the response_str .
Generally, the printf() statements which are sent to the console, and the fastboot_resp() statements which are sent to the host running the "fastboot" application are not the same....
OK, thanks!
Thanks, Steve
On Thursday, August 07, 2014 at 02:28:13 AM, Steve Rae wrote:
On 14-08-06 05:13 PM, Marek Vasut wrote:
On Thursday, August 07, 2014 at 01:48:06 AM, Steve Rae wrote:
On 14-07-30 06:37 PM, Marek Vasut wrote:
On Thursday, June 26, 2014 at 10:13:22 PM, Steve Rae wrote: [...]
+#include <common.h> +#include <fb_mmc.h> +#include <part.h> +#include <sparse_format.h>
+/* The 64 defined bytes plus \0 */ +#define RESPONSE_LEN (64 + 1)
+static char *response_str;
I'd suggest to pass this "response_str" around instead of making it global.
That would involve adding it to fastboot_resp(), which is called 11 times in this code, from 3 different functions (so would need to add this to two of the functions...). And as these evolve, there will likely be more nested functions, which would all require "passing it around".... I think that this "static global pointer" is a cleaner implementation.
Eventually, the amount of these static variables in the code will grow and it will become increasingly difficult to weed them out. I believe it would be even better to pass around some kind of a structure with "private data" of the fastboot, which would cater for all possible variables which might come in the future. What do you think ?
Yes -- if there is private data that the fastboot implementation requires, then a data structure is the way to go. However, I still think that this "fastboot response string" would even be an exception to that private data....
OK, let's leave it this way for now.
+static void fastboot_resp(const char *s) +{
- strncpy(response_str, s, RESPONSE_LEN);
- response_str[RESPONSE_LEN - 1] = '\0';
This could be shrunk to a single snprintf(response_str, RESPONSE_LENGTH, s); I think, but I'm not sure if the overhead won't grow.
snprintf() is used very sparingling in U-Boot
This is not a reason to avoid it.
true....
, and with the cautionary statements in README (line 852)
Which statements? Can you please point them out? I fail to see them, sorry.
I was referring to what you mention below... 852 - Safe printf() functions 853 Define CONFIG_SYS_VSNPRINTF to compile in safe versions of 854 the printf() functions. These are defined in 855 include/vsprintf.h and include snprintf(), vsnprintf() and 856 so on. Code size increase is approximately 300-500 bytes. 857 If this option is not given then these functions will 858 silently discard their buffer size argument - this means 859 you are not getting any overflow checking in this case.
I really don't see the "cautionary statements" here , no . I see that it discards the size checking if this CONFIG_SYS_VSNPRINTF is not enabled, but that does not obstruct the operation of those functions.
and the fact that CONFIG_SYS_VSNPRINTF is not defined for armv7 builds, I am
not going to use it....
Is it a problem to define it? Also, even without CONFIG_SYS_VSNPRINTF , the
functions are still available, see the README: 857 If this option is not given then these functions will 858 silently discard their buffer size argument - this means 859 you are not getting any overflow checking in this case.
I have yet to see some hard-evidence against using safe printing functions here.
I don't want to be the first to defined it for all of armv7....
Honestly, we should just enable this CONFIG_SYS_VSNPRINTF by default for the good of humanity and all the things, since this unbounded string handling is just evil (see how OpenSSL ended up, partly because of that ... and I am just starting to see the pattern in all the security code). I don't want to go down that road with U-Boot.
So, would you please cook a separate patch to enable this by default, so it would spur the right kind of discussion on this matter ?
And I really don't want to define it only only my boards running so that they can run 'fastboot' What do you suggest?
See above, thanks !
Hi Marek,
[snip]
I don't want to be the first to defined it for all of armv7....
Honestly, we should just enable this CONFIG_SYS_VSNPRINTF by default for the good of humanity and all the things, since this unbounded string handling is just evil (see how OpenSSL ended up, partly because of that ... and I am just starting to see the pattern in all the security code). I don't want to go down that road with U-Boot.
So, would you please cook a separate patch to enable this by default, so it would spur the right kind of discussion on this matter ?
We should enable this by default. Unbounded string handling scares me.
If we have problems with blowing over SPL size restrictions, perhaps have it disabled only on those cases (that are known to have a problem).
And I really don't want to define it only only my boards running so that they can run 'fastboot' What do you suggest?
See above, thanks !
Regards
-- Pantelis
On Thursday, August 07, 2014 at 03:28:14 PM, Pantelis Antoniou wrote:
Hi Marek,
[snip]
I don't want to be the first to defined it for all of armv7....
Honestly, we should just enable this CONFIG_SYS_VSNPRINTF by default for the good of humanity and all the things, since this unbounded string handling is just evil (see how OpenSSL ended up, partly because of that ... and I am just starting to see the pattern in all the security code). I don't want to go down that road with U-Boot.
So, would you please cook a separate patch to enable this by default, so it would spur the right kind of discussion on this matter ?
We should enable this by default. Unbounded string handling scares me.
If we have problems with blowing over SPL size restrictions, perhaps have it disabled only on those cases (that are known to have a problem).
Right, I fully agree with what you said. The SPL and TPL might have issues with this being enabled, but then this can be enabled for full-blown U-Boot only.
But this discussion should happen in a thread associated with patch enabling this. ;-)
Best regards, Marek Vasut
On 14-08-07 06:23 AM, Marek Vasut wrote:
On Thursday, August 07, 2014 at 02:28:13 AM, Steve Rae wrote:
On 14-08-06 05:13 PM, Marek Vasut wrote:
On Thursday, August 07, 2014 at 01:48:06 AM, Steve Rae wrote:
On 14-07-30 06:37 PM, Marek Vasut wrote:
On Thursday, June 26, 2014 at 10:13:22 PM, Steve Rae wrote: [...]
+#include <common.h> +#include <fb_mmc.h> +#include <part.h> +#include <sparse_format.h>
+/* The 64 defined bytes plus \0 */ +#define RESPONSE_LEN (64 + 1)
+static char *response_str;
I'd suggest to pass this "response_str" around instead of making it global.
That would involve adding it to fastboot_resp(), which is called 11 times in this code, from 3 different functions (so would need to add this to two of the functions...). And as these evolve, there will likely be more nested functions, which would all require "passing it around".... I think that this "static global pointer" is a cleaner implementation.
Eventually, the amount of these static variables in the code will grow and it will become increasingly difficult to weed them out. I believe it would be even better to pass around some kind of a structure with "private data" of the fastboot, which would cater for all possible variables which might come in the future. What do you think ?
Yes -- if there is private data that the fastboot implementation requires, then a data structure is the way to go. However, I still think that this "fastboot response string" would even be an exception to that private data....
OK, let's leave it this way for now.
+static void fastboot_resp(const char *s) +{
- strncpy(response_str, s, RESPONSE_LEN);
- response_str[RESPONSE_LEN - 1] = '\0';
This could be shrunk to a single snprintf(response_str, RESPONSE_LENGTH, s); I think, but I'm not sure if the overhead won't grow.
snprintf() is used very sparingling in U-Boot
This is not a reason to avoid it.
true....
, and with the cautionary statements in README (line 852)
Which statements? Can you please point them out? I fail to see them, sorry.
I was referring to what you mention below... 852 - Safe printf() functions 853 Define CONFIG_SYS_VSNPRINTF to compile in safe versions of 854 the printf() functions. These are defined in 855 include/vsprintf.h and include snprintf(), vsnprintf() and 856 so on. Code size increase is approximately 300-500 bytes. 857 If this option is not given then these functions will 858 silently discard their buffer size argument - this means 859 you are not getting any overflow checking in this case.
I really don't see the "cautionary statements" here , no . I see that it discards the size checking if this CONFIG_SYS_VSNPRINTF is not enabled, but that does not obstruct the operation of those functions.
I'm really confused: my code ensures that the buffer is not overflowed and that it is terminated properly. If snprintf() (without CONFIG_SYS_VSNPRINTF defined) doesn't provide "any overflow checking", then why would I use it?
and the fact that CONFIG_SYS_VSNPRINTF is not defined for armv7 builds, I am
not going to use it....
Is it a problem to define it? Also, even without CONFIG_SYS_VSNPRINTF , the
functions are still available, see the README: 857 If this option is not given then these functions will 858 silently discard their buffer size argument - this means 859 you are not getting any overflow checking in this case.
I have yet to see some hard-evidence against using safe printing functions here.
I don't want to be the first to defined it for all of armv7....
Honestly, we should just enable this CONFIG_SYS_VSNPRINTF by default for the good of humanity and all the things, since this unbounded string handling is just evil (see how OpenSSL ended up, partly because of that ... and I am just starting to see the pattern in all the security code). I don't want to go down that road with U-Boot.
So, would you please cook a separate patch to enable this by default, so it would spur the right kind of discussion on this matter ?
I will apologize in advance, but I just don't know anything about SPL or TPL or any other boards (outside of my very limited armv7 and armv8 scope).... I would be happy to review and test this suggested patch (on our boards), but would be uncomfortable with proposing this patch. Please go ahead and submit a patch, and I'll check it! Thanks, Steve
And I really don't want to define it only only my boards running so that they can run 'fastboot' What do you suggest?
See above, thanks !
On Thursday, August 07, 2014 at 06:52:44 PM, Steve Rae wrote:
[...]
I was referring to what you mention below...
852 - Safe printf() functions 853 Define CONFIG_SYS_VSNPRINTF to compile in safe versions of 854 the printf() functions. These are defined in 855 include/vsprintf.h and include snprintf(), vsnprintf() and 856 so on. Code size increase is approximately 300-500 bytes. 857 If this option is not given then these functions will 858 silently discard their buffer size argument - this means 859 you are not getting any overflow checking in this case.
I really don't see the "cautionary statements" here , no . I see that it discards the size checking if this CONFIG_SYS_VSNPRINTF is not enabled, but that does not obstruct the operation of those functions.
I'm really confused: my code ensures that the buffer is not overflowed and that it is terminated properly. If snprintf() (without CONFIG_SYS_VSNPRINTF defined) doesn't provide "any overflow checking", then why would I use it?
That's why I suggested to enable CONFIG_SYS_VSNPRINTF unconditionally. Then your code would not need to duplicate all the overflow checks, would it ?
and the fact that CONFIG_SYS_VSNPRINTF is not defined for armv7 builds, I am
not going to use it....
Is it a problem to define it? Also, even without CONFIG_SYS_VSNPRINTF , the
functions are still available, see the README: 857 If this option is not given then these functions will 858 silently discard their buffer size argument
- this means 859 you are not getting any overflow
checking in this case.
I have yet to see some hard-evidence against using safe printing functions here.
I don't want to be the first to defined it for all of armv7....
Honestly, we should just enable this CONFIG_SYS_VSNPRINTF by default for the good of humanity and all the things, since this unbounded string handling is just evil (see how OpenSSL ended up, partly because of that ... and I am just starting to see the pattern in all the security code). I don't want to go down that road with U-Boot.
So, would you please cook a separate patch to enable this by default, so it would spur the right kind of discussion on this matter ?
I will apologize in advance, but I just don't know anything about SPL or TPL or any other boards (outside of my very limited armv7 and armv8 scope)....
That's OK.
I would be happy to review and test this suggested patch (on our boards), but would be uncomfortable with proposing this patch. Please go ahead and submit a patch, and I'll check it!
The patch would go something like:
#if !defined(CONFIG_SPL_BUILD) && !defined(CONFIG_TPL_BUILD) #define CONFIG_SYS_VSNPRINTF #endif
and this would go into include/config_cmd_default.h . Unless I'm wrong.
- implement 'fastboot flash' for eMMC devices
Signed-off-by: Steve Rae srae@broadcom.com ---
Changes in v3: None Changes in v2: - update README.android-fastboot file
README | 10 ++++++++++ doc/README.android-fastboot | 5 +++-- drivers/usb/gadget/f_fastboot.c | 31 +++++++++++++++++++++++++++++++ 3 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/README b/README index fe5cacb..984db6d 100644 --- a/README +++ b/README @@ -1623,6 +1623,16 @@ The following options need to be configured: downloads. This buffer should be as large as possible for a platform. Define this to the size available RAM for fastboot.
+ CONFIG_FASTBOOT_FLASH + The fastboot protocol includes a "flash" command for writing + the downloaded image to a non-volatile storage device. Define + this to enable the "fastboot flash" command. + + CONFIG_FASTBOOT_FLASH_MMC_DEV + The fastboot "flash" command requires addition information + regarding the non-volatile storage device. Define this to + the eMMC device that fastboot should use to store the image. + - Journaling Flash filesystem support: CONFIG_JFFS2_NAND, CONFIG_JFFS2_NAND_OFF, CONFIG_JFFS2_NAND_SIZE, CONFIG_JFFS2_NAND_DEV diff --git a/doc/README.android-fastboot b/doc/README.android-fastboot index f1d128c..430e29c 100644 --- a/doc/README.android-fastboot +++ b/doc/README.android-fastboot @@ -6,8 +6,9 @@ Overview The protocol that is used over USB is described in README.android-fastboot-protocol in same directory.
-The current implementation does not yet support the flash and erase -commands. +The current implementation does not yet support the erase command or the +"oem format" command, and there is minimal support for the flash command; +it only supports eMMC devices.
Client installation =================== diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c index 9dd85b6..89c2d3e 100644 --- a/drivers/usb/gadget/f_fastboot.c +++ b/drivers/usb/gadget/f_fastboot.c @@ -19,6 +19,9 @@ #include <linux/compiler.h> #include <version.h> #include <g_dnl.h> +#ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV +#include <fb_mmc.h> +#endif
#define FASTBOOT_VERSION "0.4"
@@ -466,6 +469,28 @@ static void cb_boot(struct usb_ep *ep, struct usb_request *req) fastboot_tx_write_str("OKAY"); }
+#ifdef CONFIG_FASTBOOT_FLASH +static void cb_flash(struct usb_ep *ep, struct usb_request *req) +{ + char *cmd = req->buf; + char response[RESPONSE_LEN]; + + strsep(&cmd, ":"); + if (!cmd) { + printf("%s: missing partition name\n", __func__); + fastboot_tx_write_str("FAILmissing partition name"); + return; + } + + strcpy(response, "FAILno flash device defined"); +#ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV + fb_mmc_flash_write(cmd, (void *)CONFIG_USB_FASTBOOT_BUF_ADDR, + download_bytes, response); +#endif + fastboot_tx_write_str(response); +} +#endif + struct cmd_dispatch_info { char *cmd; void (*cb)(struct usb_ep *ep, struct usb_request *req); @@ -485,6 +510,12 @@ static const struct cmd_dispatch_info cmd_dispatch_info[] = { .cmd = "boot", .cb = cb_boot, }, +#ifdef CONFIG_FASTBOOT_FLASH + { + .cmd = "flash", + .cb = cb_flash, + }, +#endif };
static void rx_handler_command(struct usb_ep *ep, struct usb_request *req)
On Thursday, June 26, 2014 at 10:13:23 PM, Steve Rae wrote:
- implement 'fastboot flash' for eMMC devices
Signed-off-by: Steve Rae srae@broadcom.com
Reviewed-by: Marek Vasut marex@denx.de
Best regards, Marek Vasut
On 14-07-30 06:39 PM, Marek Vasut wrote:
On Thursday, June 26, 2014 at 10:13:23 PM, Steve Rae wrote:
- implement 'fastboot flash' for eMMC devices
Signed-off-by: Steve Rae srae@broadcom.com
Reviewed-by: Marek Vasut marex@denx.de
Thanks, Steve
Best regards, Marek Vasut
- update static function - additional debugging statements
Signed-off-by: Steve Rae srae@broadcom.com ---
Changes in v3: None Changes in v2: - new in v2
drivers/usb/gadget/f_fastboot.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c index 89c2d3e..3e6e47f 100644 --- a/drivers/usb/gadget/f_fastboot.c +++ b/drivers/usb/gadget/f_fastboot.c @@ -293,7 +293,7 @@ static int fastboot_add(struct usb_configuration *c) } DECLARE_GADGET_BIND_CALLBACK(usb_dnl_fastboot, fastboot_add);
-int fastboot_tx_write(const char *buffer, unsigned int buffer_size) +static int fastboot_tx_write(const char *buffer, unsigned int buffer_size) { struct usb_request *in_req = fastboot_func->in_req; int ret; @@ -338,6 +338,7 @@ static void cb_getvar(struct usb_ep *ep, struct usb_request *req) strcpy(response, "OKAY"); strsep(&cmd, ":"); if (!cmd) { + printf("%s: missing var\n", __func__); fastboot_tx_write_str("FAILmissing var"); return; } @@ -358,6 +359,7 @@ static void cb_getvar(struct usb_ep *ep, struct usb_request *req) else strcpy(response, "FAILValue not set"); } else { + printf("%s: unknown variable: %s\n", __func__, cmd); strcpy(response, "FAILVariable not implemented"); } fastboot_tx_write_str(response); @@ -531,10 +533,12 @@ static void rx_handler_command(struct usb_ep *ep, struct usb_request *req) } }
- if (!func_cb) + if (!func_cb) { + printf("%s: unknown command: %s\n", __func__, cmdbuf); fastboot_tx_write_str("FAILunknown command"); - else + } else { func_cb(ep, req); + }
if (req->status == 0) { *cmdbuf = '\0';
On Thursday, June 26, 2014 at 10:13:24 PM, Steve Rae wrote:
- update static function
- additional debugging statements
Signed-off-by: Steve Rae srae@broadcom.com
Changes in v3: None Changes in v2:
- new in v2
drivers/usb/gadget/f_fastboot.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c index 89c2d3e..3e6e47f 100644 --- a/drivers/usb/gadget/f_fastboot.c +++ b/drivers/usb/gadget/f_fastboot.c @@ -293,7 +293,7 @@ static int fastboot_add(struct usb_configuration *c) } DECLARE_GADGET_BIND_CALLBACK(usb_dnl_fastboot, fastboot_add);
-int fastboot_tx_write(const char *buffer, unsigned int buffer_size) +static int fastboot_tx_write(const char *buffer, unsigned int buffer_size) { struct usb_request *in_req = fastboot_func->in_req; int ret; @@ -338,6 +338,7 @@ static void cb_getvar(struct usb_ep *ep, struct usb_request *req) strcpy(response, "OKAY"); strsep(&cmd, ":"); if (!cmd) {
printf("%s: missing var\n", __func__);
I'd spell it out completely -- variable -- but I'm not sure if you might need to maintain some kind of compatibility with the fastboot responses here or not. [...]
Best regards, Marek Vasut
On 14-07-30 06:40 PM, Marek Vasut wrote:
On Thursday, June 26, 2014 at 10:13:24 PM, Steve Rae wrote:
- update static function
- additional debugging statements
Signed-off-by: Steve Rae srae@broadcom.com
Changes in v3: None Changes in v2:
new in v2
drivers/usb/gadget/f_fastboot.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c index 89c2d3e..3e6e47f 100644 --- a/drivers/usb/gadget/f_fastboot.c +++ b/drivers/usb/gadget/f_fastboot.c @@ -293,7 +293,7 @@ static int fastboot_add(struct usb_configuration *c) } DECLARE_GADGET_BIND_CALLBACK(usb_dnl_fastboot, fastboot_add);
-int fastboot_tx_write(const char *buffer, unsigned int buffer_size) +static int fastboot_tx_write(const char *buffer, unsigned int buffer_size) { struct usb_request *in_req = fastboot_func->in_req; int ret; @@ -338,6 +338,7 @@ static void cb_getvar(struct usb_ep *ep, struct usb_request *req) strcpy(response, "OKAY"); strsep(&cmd, ":"); if (!cmd) {
printf("%s: missing var\n", __func__);I'd spell it out completely -- variable -- but I'm not sure if you might need to maintain some kind of compatibility with the fastboot responses here or not.
nope -- done in v4 Thanks, Steve
[...]
Best regards, Marek Vasut
On 14-06-26 01:13 PM, Steve Rae wrote:
This series implements the "fastboot flash" command for eMMC devices. It supports both raw and sparse images.
NOTES:
- the support for the "fastboot flash" command is enabled with CONFIG_FASTBOOT_FLASH
- the support for eMMC is enabled with CONFIG_FASTBOOT_FLASH_MMC_DEV
- (future) the support for NAND would be enabled with CONFIG_FASTBOOT_FLASH_NAND(???)
This has been tested on ARMv7.
Changes in v3:
- remove most references to 'mmc', which leaves only one mmc specific function: mmc_get_dev()
Changes in v2:
- split large function into three
- improved handling of response messages
- additional partition size checking when writing sparse image
- update README.android-fastboot file
- new in v2
Steve Rae (4): usb/gadget: fastboot: add sparse image definitions usb/gadget: fastboot: add eMMC support for flash command usb/gadget: fastboot: add support for flash command usb/gadget: fastboot: minor cleanup
README | 10 +++ common/Makefile | 5 ++ common/fb_mmc.c | 190 ++++++++++++++++++++++++++++++++++++++++ doc/README.android-fastboot | 5 +- drivers/usb/gadget/f_fastboot.c | 41 ++++++++- include/fb_mmc.h | 8 ++ include/sparse_format.h | 58 ++++++++++++ 7 files changed, 312 insertions(+), 5 deletions(-) create mode 100644 common/fb_mmc.c create mode 100644 include/fb_mmc.h create mode 100644 include/sparse_format.h
Marek, I notice that this patchset is assigned to you: http://patchwork.ozlabs.org/patch/364705/ Has there been any progress? Thanks, Steve
On Thursday, July 31, 2014 at 03:02:37 AM, Steve Rae wrote:
On 14-06-26 01:13 PM, Steve Rae wrote:
This series implements the "fastboot flash" command for eMMC devices. It supports both raw and sparse images.
NOTES:
- the support for the "fastboot flash" command is enabled with
CONFIG_FASTBOOT_FLASH - the support for eMMC is enabled with CONFIG_FASTBOOT_FLASH_MMC_DEV - (future) the support for NAND would be enabled with CONFIG_FASTBOOT_FLASH_NAND(???)
This has been tested on ARMv7.
Changes in v3:
remove most references to 'mmc',
which leaves only one mmc specific function: mmc_get_dev()
Changes in v2:
- split large function into three
- improved handling of response messages
- additional partition size checking when writing sparse image
- update README.android-fastboot file
- new in v2
Steve Rae (4): usb/gadget: fastboot: add sparse image definitions usb/gadget: fastboot: add eMMC support for flash command usb/gadget: fastboot: add support for flash command usb/gadget: fastboot: minor cleanup
README | 10 +++ common/Makefile | 5 ++ common/fb_mmc.c | 190 ++++++++++++++++++++++++++++++++++++++++ doc/README.android-fastboot | 5 +- drivers/usb/gadget/f_fastboot.c | 41 ++++++++- include/fb_mmc.h | 8 ++ include/sparse_format.h | 58 ++++++++++++ 7 files changed, 312 insertions(+), 5 deletions(-) create mode 100644 common/fb_mmc.c create mode 100644 include/fb_mmc.h create mode 100644 include/sparse_format.h
Marek, I notice that this patchset is assigned to you: http://patchwork.ozlabs.org/patch/364705/ Has there been any progress?
Hm, dang. I merrily ignored this patchset in the hope Lukasz will pick it up, but he was not in the loop. Sorry about delaying this so much. Given Lukasz is now on a vacation, I'll take a look later today.
Thanks, Steve
Best regards, Marek Vasut
On 14-07-30 06:23 PM, Marek Vasut wrote:
On Thursday, July 31, 2014 at 03:02:37 AM, Steve Rae wrote:
On 14-06-26 01:13 PM, Steve Rae wrote:
This series implements the "fastboot flash" command for eMMC devices. It supports both raw and sparse images.
NOTES:
- the support for the "fastboot flash" command is enabled with
CONFIG_FASTBOOT_FLASH - the support for eMMC is enabled with CONFIG_FASTBOOT_FLASH_MMC_DEV - (future) the support for NAND would be enabled with CONFIG_FASTBOOT_FLASH_NAND(???)
This has been tested on ARMv7.
Changes in v3:
remove most references to 'mmc',
which leaves only one mmc specific function: mmc_get_dev()
Changes in v2:
- split large function into three
- improved handling of response messages
- additional partition size checking when writing sparse image
- update README.android-fastboot file
- new in v2
Steve Rae (4): usb/gadget: fastboot: add sparse image definitions usb/gadget: fastboot: add eMMC support for flash command usb/gadget: fastboot: add support for flash command usb/gadget: fastboot: minor cleanup
README | 10 +++ common/Makefile | 5 ++ common/fb_mmc.c | 190 ++++++++++++++++++++++++++++++++++++++++ doc/README.android-fastboot | 5 +- drivers/usb/gadget/f_fastboot.c | 41 ++++++++- include/fb_mmc.h | 8 ++ include/sparse_format.h | 58 ++++++++++++ 7 files changed, 312 insertions(+), 5 deletions(-) create mode 100644 common/fb_mmc.c create mode 100644 include/fb_mmc.h create mode 100644 include/sparse_format.h
Marek, I notice that this patchset is assigned to you: http://patchwork.ozlabs.org/patch/364705/ Has there been any progress?
Hm, dang. I merrily ignored this patchset in the hope Lukasz will pick it up, but he was not in the loop. Sorry about delaying this so much. Given Lukasz is now on a vacation, I'll take a look later today.
Thanks, Steve
Best regards, Marek Vasut
Thanks -- appreciate that.... And I'll work through your reviews; but I'll comment on one right now.....
participants (4)
-
Marek Vasut -
Pantelis Antoniou -
Steve Rae -
Tom Rini