blob: 7793be7125b2fadc9f3e44eb3a7099cbe8cc6cac [file] [log] [blame]
Arthur Heymansc82900b2018-01-10 12:48:16 +01001/*
2 * Copyright 2015, Google Inc.
3 * Copyright 2018-present, Facebook Inc.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are
8 * met:
9 *
10 * * Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * * Redistributions in binary form must reproduce the above
13 * copyright notice, this list of conditions and the following disclaimer
14 * in the documentation and/or other materials provided with the
15 * distribution.
16 * * Neither the name of Google Inc. nor the names of its
17 * contributors may be used to endorse or promote products derived from
18 * this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 *
32 * Alternatively, this software may be distributed under the terms of the
33 * GNU General Public License ("GPL") version 2 as published by the Free
34 * Software Foundation.
35 */
36
37#include <ctype.h>
38#include <stdlib.h>
39#include <string.h>
40#include <sys/types.h>
41#include "flash.h"
42#include "fmap.h"
43
44static size_t fmap_size(const struct fmap *fmap)
45{
46 return sizeof(*fmap) + (fmap->nareas * sizeof(struct fmap_area));
47}
48
49static int is_valid_fmap(const struct fmap *fmap)
50{
51 if (memcmp(fmap, FMAP_SIGNATURE, strlen(FMAP_SIGNATURE)) != 0)
52 return 0;
53 /* strings containing the magic tend to fail here */
54 if (fmap->ver_major > FMAP_VER_MAJOR)
55 return 0;
56 if (fmap->ver_minor > FMAP_VER_MINOR)
57 return 0;
58 /* a basic consistency check: flash address space size should be larger
59 * than the size of the fmap data structure */
60 if (fmap->size < fmap_size(fmap))
61 return 0;
62
63 /* fmap-alikes along binary data tend to fail on having a valid,
64 * null-terminated string in the name field.*/
65 int i;
66 for (i = 0; i < FMAP_STRLEN; i++) {
67 if (fmap->name[i] == 0)
68 break;
69 if (!isgraph(fmap->name[i]))
70 return 0;
71 if (i == FMAP_STRLEN - 1) {
72 /* name is specified to be null terminated single-word string
73 * without spaces. We did not break in the 0 test, we know it
74 * is a printable spaceless string but we're seeing FMAP_STRLEN
75 * symbols, which is one too many.
76 */
77 return 0;
78 }
79 }
80 return 1;
81
82}
83
84/**
85 * @brief Do a brute-force linear search for fmap in provided buffer
86 *
87 * @param[in] buffer The buffer to search
88 * @param[in] len Length (in bytes) to search
89 *
90 * @return offset in buffer where fmap is found if successful
91 * -1 to indicate that fmap was not found
92 * -2 to indicate fmap is truncated or exceeds buffer + len
93 */
94static off_t fmap_lsearch(const uint8_t *buf, size_t len)
95{
96 off_t offset;
97 bool fmap_found = 0;
98
Edward O'Callaghan672bdcf2022-02-02 17:15:05 +110099 if (len < sizeof(struct fmap))
100 return -1;
101
Nico Huber519be662018-12-23 20:03:35 +0100102 for (offset = 0; offset <= (off_t)(len - sizeof(struct fmap)); offset++) {
Arthur Heymansc82900b2018-01-10 12:48:16 +0100103 if (is_valid_fmap((struct fmap *)&buf[offset])) {
104 fmap_found = 1;
105 break;
106 }
107 }
108
109 if (!fmap_found)
110 return -1;
111
112 if (offset + fmap_size((struct fmap *)&buf[offset]) > len) {
113 msg_gerr("fmap size exceeds buffer boundary.\n");
114 return -2;
115 }
116
117 return offset;
118}
119
120/**
121 * @brief Read fmap from provided buffer and copy it to fmap_out
122 *
123 * @param[out] fmap_out Double-pointer to location to store fmap contents.
124 * Caller must free allocated fmap contents.
125 * @param[in] buf Buffer to search
126 * @param[in] len Length (in bytes) to search
127 *
128 * @return 0 if successful
129 * 1 to indicate error
130 * 2 to indicate fmap is not found
131 */
132int fmap_read_from_buffer(struct fmap **fmap_out, const uint8_t *const buf, size_t len)
133{
134 off_t offset = fmap_lsearch(buf, len);
135 if (offset < 0) {
136 msg_gdbg("Unable to find fmap in provided buffer.\n");
137 return 2;
Arthur Heymansc82900b2018-01-10 12:48:16 +0100138 }
Elyes HAOUASe2764112019-06-09 17:09:25 +0200139 msg_gdbg("Found fmap at offset 0x%06zx\n", (size_t)offset);
Arthur Heymansc82900b2018-01-10 12:48:16 +0100140
141 const struct fmap *fmap = (const struct fmap *)(buf + offset);
142 *fmap_out = malloc(fmap_size(fmap));
143 if (*fmap_out == NULL) {
144 msg_gerr("Out of memory.\n");
145 return 1;
146 }
147
148 memcpy(*fmap_out, fmap, fmap_size(fmap));
149 return 0;
150}
151
152static int fmap_lsearch_rom(struct fmap **fmap_out,
153 struct flashctx *const flashctx, size_t rom_offset, size_t len)
154{
155 int ret = -1;
156 uint8_t *buf;
157
158 if (prepare_flash_access(flashctx, true, false, false, false))
159 goto _finalize_ret;
160
161 /* likely more memory than we need, but it simplifies handling and
162 * printing offsets to keep them uniform with what's on the ROM */
163 buf = malloc(rom_offset + len);
164 if (!buf) {
165 msg_gerr("Out of memory.\n");
166 goto _finalize_ret;
167 }
168
169 ret = flashctx->chip->read(flashctx, buf + rom_offset, rom_offset, len);
170 if (ret) {
171 msg_pdbg("Cannot read ROM contents.\n");
172 goto _free_ret;
173 }
174
175 ret = fmap_read_from_buffer(fmap_out, buf + rom_offset, len);
176_free_ret:
177 free(buf);
178_finalize_ret:
179 finalize_flash_access(flashctx);
180 return ret;
181}
182
183static int fmap_bsearch_rom(struct fmap **fmap_out, struct flashctx *const flashctx,
Nico Huber519be662018-12-23 20:03:35 +0100184 size_t rom_offset, size_t len, size_t min_stride)
Arthur Heymansc82900b2018-01-10 12:48:16 +0100185{
186 size_t stride, fmap_len = 0;
187 int ret = 1, fmap_found = 0, check_offset_0 = 1;
188 struct fmap *fmap;
189 const unsigned int chip_size = flashctx->chip->total_size * 1024;
190 const int sig_len = strlen(FMAP_SIGNATURE);
191
192 if (rom_offset + len > flashctx->chip->total_size * 1024)
193 return 1;
194
195 if (len < sizeof(*fmap))
196 return 1;
197
198 if (prepare_flash_access(flashctx, true, false, false, false))
199 return 1;
200
Angel Pons690a9442021-06-07 12:33:53 +0200201 fmap = malloc(sizeof(*fmap));
Arthur Heymansc82900b2018-01-10 12:48:16 +0100202 if (!fmap) {
203 msg_gerr("Out of memory.\n");
204 goto _free_ret;
205 }
206
207 /*
208 * For efficient operation, we start with the largest stride possible
209 * and then decrease the stride on each iteration. Also, check for a
210 * remainder when modding the offset with the previous stride. This
211 * makes it so that each offset is only checked once.
212 *
213 * Zero (rom_offset == 0) is a special case and is handled using a
214 * variable to track whether or not we've checked it.
215 */
216 size_t offset;
217 for (stride = chip_size / 2; stride >= min_stride; stride /= 2) {
218 if (stride > len)
219 continue;
220
221 for (offset = rom_offset;
222 offset <= rom_offset + len - sizeof(struct fmap);
223 offset += stride) {
224 if ((offset % (stride * 2) == 0) && (offset != 0))
225 continue;
226 if (offset == 0 && !check_offset_0)
227 continue;
228 check_offset_0 = 0;
229
230 /* Read errors are considered non-fatal since we may
231 * encounter locked regions and want to continue. */
232 if (flashctx->chip->read(flashctx, (uint8_t *)fmap, offset, sig_len)) {
233 /*
234 * Print in verbose mode only to avoid excessive
235 * messages for benign errors. Subsequent error
236 * prints should be done as usual.
237 */
238 msg_cdbg("Cannot read %d bytes at offset %zu\n", sig_len, offset);
239 continue;
240 }
241
242 if (memcmp(fmap, FMAP_SIGNATURE, sig_len) != 0)
243 continue;
244
245 if (flashctx->chip->read(flashctx, (uint8_t *)fmap + sig_len,
246 offset + sig_len, sizeof(*fmap) - sig_len)) {
247 msg_cerr("Cannot read %zu bytes at offset %06zx\n",
Nico Huberba72e912018-12-11 12:10:04 +0100248 sizeof(*fmap) - sig_len, offset + sig_len);
Arthur Heymansc82900b2018-01-10 12:48:16 +0100249 continue;
250 }
251
252 if (is_valid_fmap(fmap)) {
253 msg_gdbg("fmap found at offset 0x%06zx\n", offset);
254 fmap_found = 1;
255 break;
Arthur Heymansc82900b2018-01-10 12:48:16 +0100256 }
Elyes HAOUASe2764112019-06-09 17:09:25 +0200257 msg_gerr("fmap signature found at %zu but header is invalid.\n", offset);
258 ret = 2;
Arthur Heymansc82900b2018-01-10 12:48:16 +0100259 }
260
261 if (fmap_found)
262 break;
263 }
264
265 if (!fmap_found)
266 goto _free_ret;
267
268 fmap_len = fmap_size(fmap);
269 struct fmap *tmp = fmap;
270 fmap = realloc(fmap, fmap_len);
271 if (!fmap) {
272 msg_gerr("Failed to realloc.\n");
273 free(tmp);
274 goto _free_ret;
275 }
276
277 if (flashctx->chip->read(flashctx, (uint8_t *)fmap + sizeof(*fmap),
278 offset + sizeof(*fmap), fmap_len - sizeof(*fmap))) {
279 msg_cerr("Cannot read %zu bytes at offset %06zx\n",
280 fmap_len - sizeof(*fmap), offset + sizeof(*fmap));
281 /* Treat read failure to be fatal since this
282 * should be a valid, usable fmap. */
283 ret = 2;
284 goto _free_ret;
285 }
286
287 *fmap_out = fmap;
288 ret = 0;
289_free_ret:
290 if (ret)
291 free(fmap);
292 finalize_flash_access(flashctx);
293 return ret;
294}
295
296/**
297 * @brief Read fmap from ROM
298 *
299 * @param[out] fmap_out Double-pointer to location to store fmap contents.
300 * Caller must free allocated fmap contents.
301 * @param[in] flashctx Flash context
302 * @param[in] rom_offset Offset in ROM to begin search
303 * @param[in] len Length to search relative to rom_offset
304 *
305 * @return 0 on success,
306 * 2 if the fmap couldn't be read,
307 * 1 on any other error.
308 */
309int fmap_read_from_rom(struct fmap **fmap_out,
310 struct flashctx *const flashctx, size_t rom_offset, size_t len)
311{
312 int ret;
313
314 if (!flashctx || !flashctx->chip)
315 return 1;
316
317 /*
318 * Binary search is used at first to see if we can find an fmap quickly
319 * in a usual location (often at a power-of-2 offset). However, once we
320 * reach a small enough stride the transaction overhead will reverse the
321 * speed benefit of using bsearch at which point we need to use brute-
322 * force instead.
323 *
324 * TODO: Since flashrom is often used with high-latency external
325 * programmers we should not be overly aggressive with bsearch.
326 */
327 ret = fmap_bsearch_rom(fmap_out, flashctx, rom_offset, len, 256);
328 if (ret) {
329 msg_gdbg("Binary search failed, trying linear search...\n");
330 ret = fmap_lsearch_rom(fmap_out, flashctx, rom_offset, len);
331 }
332
333 return ret;
334}