Arthur Heymans | c82900b | 2018-01-10 12:48:16 +0100 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2015, Google Inc. |
| 3 | * Copyright 2018-present, Facebook Inc. |
| 4 | * All rights reserved. |
| 5 | * |
| 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | * modification, are permitted provided that the following conditions are |
| 8 | * met: |
| 9 | * |
| 10 | * * Redistributions of source code must retain the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer. |
| 12 | * * Redistributions in binary form must reproduce the above |
| 13 | * copyright notice, this list of conditions and the following disclaimer |
| 14 | * in the documentation and/or other materials provided with the |
| 15 | * distribution. |
| 16 | * * Neither the name of Google Inc. nor the names of its |
| 17 | * contributors may be used to endorse or promote products derived from |
| 18 | * this software without specific prior written permission. |
| 19 | * |
| 20 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 21 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 22 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 23 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| 24 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 25 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| 26 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 27 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 28 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 29 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 30 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 31 | * |
| 32 | * Alternatively, this software may be distributed under the terms of the |
| 33 | * GNU General Public License ("GPL") version 2 as published by the Free |
| 34 | * Software Foundation. |
| 35 | */ |
| 36 | |
| 37 | #include <ctype.h> |
| 38 | #include <stdlib.h> |
| 39 | #include <string.h> |
| 40 | #include <sys/types.h> |
| 41 | #include "flash.h" |
| 42 | #include "fmap.h" |
| 43 | |
| 44 | static size_t fmap_size(const struct fmap *fmap) |
| 45 | { |
| 46 | return sizeof(*fmap) + (fmap->nareas * sizeof(struct fmap_area)); |
| 47 | } |
| 48 | |
| 49 | static int is_valid_fmap(const struct fmap *fmap) |
| 50 | { |
| 51 | if (memcmp(fmap, FMAP_SIGNATURE, strlen(FMAP_SIGNATURE)) != 0) |
| 52 | return 0; |
| 53 | /* strings containing the magic tend to fail here */ |
| 54 | if (fmap->ver_major > FMAP_VER_MAJOR) |
| 55 | return 0; |
| 56 | if (fmap->ver_minor > FMAP_VER_MINOR) |
| 57 | return 0; |
| 58 | /* a basic consistency check: flash address space size should be larger |
| 59 | * than the size of the fmap data structure */ |
| 60 | if (fmap->size < fmap_size(fmap)) |
| 61 | return 0; |
| 62 | |
| 63 | /* fmap-alikes along binary data tend to fail on having a valid, |
| 64 | * null-terminated string in the name field.*/ |
| 65 | int i; |
| 66 | for (i = 0; i < FMAP_STRLEN; i++) { |
| 67 | if (fmap->name[i] == 0) |
| 68 | break; |
| 69 | if (!isgraph(fmap->name[i])) |
| 70 | return 0; |
| 71 | if (i == FMAP_STRLEN - 1) { |
| 72 | /* name is specified to be null terminated single-word string |
| 73 | * without spaces. We did not break in the 0 test, we know it |
| 74 | * is a printable spaceless string but we're seeing FMAP_STRLEN |
| 75 | * symbols, which is one too many. |
| 76 | */ |
| 77 | return 0; |
| 78 | } |
| 79 | } |
| 80 | return 1; |
| 81 | |
| 82 | } |
| 83 | |
| 84 | /** |
| 85 | * @brief Do a brute-force linear search for fmap in provided buffer |
| 86 | * |
| 87 | * @param[in] buffer The buffer to search |
| 88 | * @param[in] len Length (in bytes) to search |
| 89 | * |
| 90 | * @return offset in buffer where fmap is found if successful |
| 91 | * -1 to indicate that fmap was not found |
| 92 | * -2 to indicate fmap is truncated or exceeds buffer + len |
| 93 | */ |
Julius Werner | 8f0db7d | 2022-02-14 17:07:39 -0800 | [diff] [blame^] | 94 | static ssize_t fmap_lsearch(const uint8_t *buf, size_t len) |
Arthur Heymans | c82900b | 2018-01-10 12:48:16 +0100 | [diff] [blame] | 95 | { |
Julius Werner | 8f0db7d | 2022-02-14 17:07:39 -0800 | [diff] [blame^] | 96 | ssize_t offset; |
Arthur Heymans | c82900b | 2018-01-10 12:48:16 +0100 | [diff] [blame] | 97 | bool fmap_found = 0; |
| 98 | |
Edward O'Callaghan | 672bdcf | 2022-02-02 17:15:05 +1100 | [diff] [blame] | 99 | if (len < sizeof(struct fmap)) |
| 100 | return -1; |
| 101 | |
Julius Werner | 8f0db7d | 2022-02-14 17:07:39 -0800 | [diff] [blame^] | 102 | for (offset = 0; offset <= (ssize_t)(len - sizeof(struct fmap)); offset++) { |
Arthur Heymans | c82900b | 2018-01-10 12:48:16 +0100 | [diff] [blame] | 103 | if (is_valid_fmap((struct fmap *)&buf[offset])) { |
| 104 | fmap_found = 1; |
| 105 | break; |
| 106 | } |
| 107 | } |
| 108 | |
| 109 | if (!fmap_found) |
| 110 | return -1; |
| 111 | |
| 112 | if (offset + fmap_size((struct fmap *)&buf[offset]) > len) { |
| 113 | msg_gerr("fmap size exceeds buffer boundary.\n"); |
| 114 | return -2; |
| 115 | } |
| 116 | |
| 117 | return offset; |
| 118 | } |
| 119 | |
| 120 | /** |
| 121 | * @brief Read fmap from provided buffer and copy it to fmap_out |
| 122 | * |
| 123 | * @param[out] fmap_out Double-pointer to location to store fmap contents. |
| 124 | * Caller must free allocated fmap contents. |
| 125 | * @param[in] buf Buffer to search |
| 126 | * @param[in] len Length (in bytes) to search |
| 127 | * |
| 128 | * @return 0 if successful |
| 129 | * 1 to indicate error |
| 130 | * 2 to indicate fmap is not found |
| 131 | */ |
| 132 | int fmap_read_from_buffer(struct fmap **fmap_out, const uint8_t *const buf, size_t len) |
| 133 | { |
Julius Werner | 8f0db7d | 2022-02-14 17:07:39 -0800 | [diff] [blame^] | 134 | ssize_t offset = fmap_lsearch(buf, len); |
Arthur Heymans | c82900b | 2018-01-10 12:48:16 +0100 | [diff] [blame] | 135 | if (offset < 0) { |
| 136 | msg_gdbg("Unable to find fmap in provided buffer.\n"); |
| 137 | return 2; |
Arthur Heymans | c82900b | 2018-01-10 12:48:16 +0100 | [diff] [blame] | 138 | } |
Elyes HAOUAS | e276411 | 2019-06-09 17:09:25 +0200 | [diff] [blame] | 139 | msg_gdbg("Found fmap at offset 0x%06zx\n", (size_t)offset); |
Arthur Heymans | c82900b | 2018-01-10 12:48:16 +0100 | [diff] [blame] | 140 | |
| 141 | const struct fmap *fmap = (const struct fmap *)(buf + offset); |
| 142 | *fmap_out = malloc(fmap_size(fmap)); |
| 143 | if (*fmap_out == NULL) { |
| 144 | msg_gerr("Out of memory.\n"); |
| 145 | return 1; |
| 146 | } |
| 147 | |
| 148 | memcpy(*fmap_out, fmap, fmap_size(fmap)); |
| 149 | return 0; |
| 150 | } |
| 151 | |
| 152 | static int fmap_lsearch_rom(struct fmap **fmap_out, |
| 153 | struct flashctx *const flashctx, size_t rom_offset, size_t len) |
| 154 | { |
| 155 | int ret = -1; |
| 156 | uint8_t *buf; |
| 157 | |
| 158 | if (prepare_flash_access(flashctx, true, false, false, false)) |
| 159 | goto _finalize_ret; |
| 160 | |
| 161 | /* likely more memory than we need, but it simplifies handling and |
| 162 | * printing offsets to keep them uniform with what's on the ROM */ |
| 163 | buf = malloc(rom_offset + len); |
| 164 | if (!buf) { |
| 165 | msg_gerr("Out of memory.\n"); |
| 166 | goto _finalize_ret; |
| 167 | } |
| 168 | |
| 169 | ret = flashctx->chip->read(flashctx, buf + rom_offset, rom_offset, len); |
| 170 | if (ret) { |
| 171 | msg_pdbg("Cannot read ROM contents.\n"); |
| 172 | goto _free_ret; |
| 173 | } |
| 174 | |
| 175 | ret = fmap_read_from_buffer(fmap_out, buf + rom_offset, len); |
| 176 | _free_ret: |
| 177 | free(buf); |
| 178 | _finalize_ret: |
| 179 | finalize_flash_access(flashctx); |
| 180 | return ret; |
| 181 | } |
| 182 | |
| 183 | static int fmap_bsearch_rom(struct fmap **fmap_out, struct flashctx *const flashctx, |
Nico Huber | 519be66 | 2018-12-23 20:03:35 +0100 | [diff] [blame] | 184 | size_t rom_offset, size_t len, size_t min_stride) |
Arthur Heymans | c82900b | 2018-01-10 12:48:16 +0100 | [diff] [blame] | 185 | { |
| 186 | size_t stride, fmap_len = 0; |
| 187 | int ret = 1, fmap_found = 0, check_offset_0 = 1; |
| 188 | struct fmap *fmap; |
| 189 | const unsigned int chip_size = flashctx->chip->total_size * 1024; |
| 190 | const int sig_len = strlen(FMAP_SIGNATURE); |
| 191 | |
| 192 | if (rom_offset + len > flashctx->chip->total_size * 1024) |
| 193 | return 1; |
| 194 | |
| 195 | if (len < sizeof(*fmap)) |
| 196 | return 1; |
| 197 | |
| 198 | if (prepare_flash_access(flashctx, true, false, false, false)) |
| 199 | return 1; |
| 200 | |
Angel Pons | 690a944 | 2021-06-07 12:33:53 +0200 | [diff] [blame] | 201 | fmap = malloc(sizeof(*fmap)); |
Arthur Heymans | c82900b | 2018-01-10 12:48:16 +0100 | [diff] [blame] | 202 | if (!fmap) { |
| 203 | msg_gerr("Out of memory.\n"); |
| 204 | goto _free_ret; |
| 205 | } |
| 206 | |
| 207 | /* |
| 208 | * For efficient operation, we start with the largest stride possible |
| 209 | * and then decrease the stride on each iteration. Also, check for a |
| 210 | * remainder when modding the offset with the previous stride. This |
| 211 | * makes it so that each offset is only checked once. |
| 212 | * |
| 213 | * Zero (rom_offset == 0) is a special case and is handled using a |
| 214 | * variable to track whether or not we've checked it. |
| 215 | */ |
| 216 | size_t offset; |
| 217 | for (stride = chip_size / 2; stride >= min_stride; stride /= 2) { |
| 218 | if (stride > len) |
| 219 | continue; |
| 220 | |
| 221 | for (offset = rom_offset; |
| 222 | offset <= rom_offset + len - sizeof(struct fmap); |
| 223 | offset += stride) { |
| 224 | if ((offset % (stride * 2) == 0) && (offset != 0)) |
| 225 | continue; |
| 226 | if (offset == 0 && !check_offset_0) |
| 227 | continue; |
| 228 | check_offset_0 = 0; |
| 229 | |
| 230 | /* Read errors are considered non-fatal since we may |
| 231 | * encounter locked regions and want to continue. */ |
| 232 | if (flashctx->chip->read(flashctx, (uint8_t *)fmap, offset, sig_len)) { |
| 233 | /* |
| 234 | * Print in verbose mode only to avoid excessive |
| 235 | * messages for benign errors. Subsequent error |
| 236 | * prints should be done as usual. |
| 237 | */ |
| 238 | msg_cdbg("Cannot read %d bytes at offset %zu\n", sig_len, offset); |
| 239 | continue; |
| 240 | } |
| 241 | |
| 242 | if (memcmp(fmap, FMAP_SIGNATURE, sig_len) != 0) |
| 243 | continue; |
| 244 | |
| 245 | if (flashctx->chip->read(flashctx, (uint8_t *)fmap + sig_len, |
| 246 | offset + sig_len, sizeof(*fmap) - sig_len)) { |
| 247 | msg_cerr("Cannot read %zu bytes at offset %06zx\n", |
Nico Huber | ba72e91 | 2018-12-11 12:10:04 +0100 | [diff] [blame] | 248 | sizeof(*fmap) - sig_len, offset + sig_len); |
Arthur Heymans | c82900b | 2018-01-10 12:48:16 +0100 | [diff] [blame] | 249 | continue; |
| 250 | } |
| 251 | |
| 252 | if (is_valid_fmap(fmap)) { |
| 253 | msg_gdbg("fmap found at offset 0x%06zx\n", offset); |
| 254 | fmap_found = 1; |
| 255 | break; |
Arthur Heymans | c82900b | 2018-01-10 12:48:16 +0100 | [diff] [blame] | 256 | } |
Elyes HAOUAS | e276411 | 2019-06-09 17:09:25 +0200 | [diff] [blame] | 257 | msg_gerr("fmap signature found at %zu but header is invalid.\n", offset); |
| 258 | ret = 2; |
Arthur Heymans | c82900b | 2018-01-10 12:48:16 +0100 | [diff] [blame] | 259 | } |
| 260 | |
| 261 | if (fmap_found) |
| 262 | break; |
| 263 | } |
| 264 | |
| 265 | if (!fmap_found) |
| 266 | goto _free_ret; |
| 267 | |
| 268 | fmap_len = fmap_size(fmap); |
| 269 | struct fmap *tmp = fmap; |
| 270 | fmap = realloc(fmap, fmap_len); |
| 271 | if (!fmap) { |
| 272 | msg_gerr("Failed to realloc.\n"); |
| 273 | free(tmp); |
| 274 | goto _free_ret; |
| 275 | } |
| 276 | |
| 277 | if (flashctx->chip->read(flashctx, (uint8_t *)fmap + sizeof(*fmap), |
| 278 | offset + sizeof(*fmap), fmap_len - sizeof(*fmap))) { |
| 279 | msg_cerr("Cannot read %zu bytes at offset %06zx\n", |
| 280 | fmap_len - sizeof(*fmap), offset + sizeof(*fmap)); |
| 281 | /* Treat read failure to be fatal since this |
| 282 | * should be a valid, usable fmap. */ |
| 283 | ret = 2; |
| 284 | goto _free_ret; |
| 285 | } |
| 286 | |
| 287 | *fmap_out = fmap; |
| 288 | ret = 0; |
| 289 | _free_ret: |
| 290 | if (ret) |
| 291 | free(fmap); |
| 292 | finalize_flash_access(flashctx); |
| 293 | return ret; |
| 294 | } |
| 295 | |
| 296 | /** |
| 297 | * @brief Read fmap from ROM |
| 298 | * |
| 299 | * @param[out] fmap_out Double-pointer to location to store fmap contents. |
| 300 | * Caller must free allocated fmap contents. |
| 301 | * @param[in] flashctx Flash context |
| 302 | * @param[in] rom_offset Offset in ROM to begin search |
| 303 | * @param[in] len Length to search relative to rom_offset |
| 304 | * |
| 305 | * @return 0 on success, |
| 306 | * 2 if the fmap couldn't be read, |
| 307 | * 1 on any other error. |
| 308 | */ |
| 309 | int fmap_read_from_rom(struct fmap **fmap_out, |
| 310 | struct flashctx *const flashctx, size_t rom_offset, size_t len) |
| 311 | { |
| 312 | int ret; |
| 313 | |
| 314 | if (!flashctx || !flashctx->chip) |
| 315 | return 1; |
| 316 | |
| 317 | /* |
| 318 | * Binary search is used at first to see if we can find an fmap quickly |
| 319 | * in a usual location (often at a power-of-2 offset). However, once we |
| 320 | * reach a small enough stride the transaction overhead will reverse the |
| 321 | * speed benefit of using bsearch at which point we need to use brute- |
| 322 | * force instead. |
| 323 | * |
| 324 | * TODO: Since flashrom is often used with high-latency external |
| 325 | * programmers we should not be overly aggressive with bsearch. |
| 326 | */ |
| 327 | ret = fmap_bsearch_rom(fmap_out, flashctx, rom_offset, len, 256); |
| 328 | if (ret) { |
| 329 | msg_gdbg("Binary search failed, trying linear search...\n"); |
| 330 | ret = fmap_lsearch_rom(fmap_out, flashctx, rom_offset, len); |
| 331 | } |
| 332 | |
| 333 | return ret; |
| 334 | } |