Google Git
Sign in
chromium / chromiumos / third_party / flashrom / 4ec4bb789ba14862aa52740c37c19327daf90fd8 / . / fmap.c
blob: 5fd89f39adbd3511f7eb9a4ca19750d9c1239ab9 [file] [log] [blame]
/*
* Copyright 2015, Google Inc.
* Copyright 2018-present, Facebook Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Google Inc. nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* Alternatively, this software may be distributed under the terms of the
* GNU General Public License ("GPL") version 2 as published by the Free
* Software Foundation.
*/
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include "flash.h"
#include "fmap.h"
#include "layout.h"
#include "platform.h"
#include "search.h"
#define ACPI_FMAP_PATH "/sys/devices/platform/chromeos_acpi/FMAP"
#define FDT_FMAP_PATH "/proc/device-tree/firmware/chromeos/fmap-offset"
static size_t fmap_size(const struct fmap *fmap)
{
return sizeof(*fmap) + (fmap->nareas * sizeof(struct fmap_area));
}
static int is_valid_fmap(const struct fmap *fmap)
{
if (memcmp(fmap, FMAP_SIGNATURE, strlen(FMAP_SIGNATURE)) != 0)
return 0;
/* strings containing the magic tend to fail here */
if (fmap->ver_major > FMAP_VER_MAJOR)
return 0;
if (fmap->ver_minor > FMAP_VER_MINOR)
return 0;
/* a basic consistency check: flash address space size should be larger
* than the size of the fmap data structure */
if (fmap->size < fmap_size(fmap))
return 0;
/* fmap-alikes along binary data tend to fail on having a valid,
* null-terminated string in the name field.*/
int i;
for (i = 0; i < FMAP_STRLEN; i++) {
if (fmap->name[i] == 0)
break;
if (!isgraph(fmap->name[i]))
return 0;
if (i == FMAP_STRLEN - 1) {
/* name is specified to be null terminated single-word string
* without spaces. We did not break in the 0 test, we know it
* is a printable spaceless string but we're seeing FMAP_STRLEN
* symbols, which is one too many.
*/
return 0;
}
}
return 1;
}
/**
* @brief Do a brute-force linear search for fmap in provided buffer
*
* @param[in] buffer The buffer to search
* @param[in] len Length (in bytes) to search
*
* @return offset in buffer where fmap is found if successful
* -1 to indicate that fmap was not found
* -2 to indicate fmap is truncated or exceeds buffer + len
*/
static off_t fmap_lsearch(const uint8_t *buf, size_t len)
{
off_t offset;
bool fmap_found = 0;
for (offset = 0; offset <= (off_t)(len - sizeof(struct fmap)); offset++) {
if (is_valid_fmap((struct fmap *)&buf[offset])) {
fmap_found = 1;
break;
}
}
if (!fmap_found)
return -1;
if (offset + fmap_size((struct fmap *)&buf[offset]) > len) {
msg_gerr("fmap size exceeds buffer boundary.\n");
return -2;
}
return offset;
}
/**
* @brief Read fmap from provided buffer and copy it to fmap_out
*
* @param[out] fmap_out Double-pointer to location to store fmap contents.
* Caller must free allocated fmap contents.
* @param[in] buf Buffer to search
* @param[in] len Length (in bytes) to search
*
* @return 0 if successful
* 1 to indicate error
* 2 to indicate fmap is not found
*/
int fmap_read_from_buffer(struct fmap **fmap_out, const uint8_t *const buf, size_t len)
{
off_t offset = fmap_lsearch(buf, len);
if (offset < 0) {
msg_gdbg("Unable to find fmap in provided buffer.\n");
return 2;
}
msg_gdbg("Found fmap at offset 0x%06zx\n", (size_t)offset);
const struct fmap *fmap = (const struct fmap *)(buf + offset);
*fmap_out = malloc(fmap_size(fmap));
if (*fmap_out == NULL) {
msg_gerr("Out of memory.\n");
return 1;
}
memcpy(*fmap_out, fmap, fmap_size(fmap));
return 0;
}
static int fmap_lsearch_rom(struct fmap **fmap_out,
struct flashctx *const flashctx, size_t rom_offset, size_t len)
{
int ret = -1;
uint8_t *buf;
if (prepare_flash_access(flashctx, true, false, false, false))
goto _finalize_ret;
/* likely more memory than we need, but it simplifies handling and
* printing offsets to keep them uniform with what's on the ROM */
buf = malloc(rom_offset + len);
if (!buf) {
msg_gerr("Out of memory.\n");
goto _finalize_ret;
}
ret = flashctx->chip->read(flashctx, buf + rom_offset, rom_offset, len);
if (ret) {
msg_pdbg("Cannot read ROM contents.\n");
goto _free_ret;
}
ret = fmap_read_from_buffer(fmap_out, buf + rom_offset, len);
_free_ret:
free(buf);
_finalize_ret:
finalize_flash_access(flashctx);
return ret;
}
static int fmap_bsearch_rom(struct fmap **fmap_out, struct flashctx *const flashctx,
size_t rom_offset, size_t len, size_t min_stride)
{
size_t stride, fmap_len = 0;
int ret = 1, fmap_found = 0, check_offset_0 = 1;
struct fmap *fmap;
const unsigned int chip_size = flashctx->chip->total_size * 1024;
const int sig_len = strlen(FMAP_SIGNATURE);
if (rom_offset + len > flashctx->chip->total_size * 1024)
return 1;
if (len < sizeof(*fmap))
return 1;
if (prepare_flash_access(flashctx, true, false, false, false))
return 1;
fmap = malloc(sizeof(struct fmap));
if (!fmap) {
msg_gerr("Out of memory.\n");
goto _free_ret;
}
/*
* For efficient operation, we start with the largest stride possible
* and then decrease the stride on each iteration. Also, check for a
* remainder when modding the offset with the previous stride. This
* makes it so that each offset is only checked once.
*
* Zero (rom_offset == 0) is a special case and is handled using a
* variable to track whether or not we've checked it.
*/
size_t offset;
for (stride = chip_size / 2; stride >= min_stride; stride /= 2) {
if (stride > len)
continue;
for (offset = rom_offset;
offset <= rom_offset + len - sizeof(struct fmap);
offset += stride) {
if ((offset % (stride * 2) == 0) && (offset != 0))
continue;
if (offset == 0 && !check_offset_0)
continue;
check_offset_0 = 0;
/* Read errors are considered non-fatal since we may
* encounter locked regions and want to continue. */
if (flashctx->chip->read(flashctx, (uint8_t *)fmap, offset, sig_len)) {
/*
* Print in verbose mode only to avoid excessive
* messages for benign errors. Subsequent error
* prints should be done as usual.
*/
msg_cdbg("Cannot read %d bytes at offset %zu\n", sig_len, offset);
continue;
}
if (memcmp(fmap, FMAP_SIGNATURE, sig_len) != 0)
continue;
if (flashctx->chip->read(flashctx, (uint8_t *)fmap + sig_len,
offset + sig_len, sizeof(*fmap) - sig_len)) {
msg_cerr("Cannot read %zu bytes at offset %06zx\n",
sizeof(*fmap) - sig_len, offset + sig_len);
continue;
}
if (is_valid_fmap(fmap)) {
msg_gdbg("fmap found at offset 0x%06zx\n", offset);
fmap_found = 1;
break;
}
msg_gerr("fmap signature found at %zu but header is invalid.\n", offset);
ret = 2;
}
if (fmap_found)
break;
}
if (!fmap_found)
goto _free_ret;
fmap_len = fmap_size(fmap);
struct fmap *tmp = fmap;
fmap = realloc(fmap, fmap_len);
if (!fmap) {
msg_gerr("Failed to realloc.\n");
free(tmp);
goto _free_ret;
}
if (flashctx->chip->read(flashctx, (uint8_t *)fmap + sizeof(*fmap),
offset + sizeof(*fmap), fmap_len - sizeof(*fmap))) {
msg_cerr("Cannot read %zu bytes at offset %06zx\n",
fmap_len - sizeof(*fmap), offset + sizeof(*fmap));
/* Treat read failure to be fatal since this
* should be a valid, usable fmap. */
ret = 2;
goto _free_ret;
}
*fmap_out = fmap;
ret = 0;
_free_ret:
if (ret)
free(fmap);
finalize_flash_access(flashctx);
return ret;
}
/**
* @brief Read fmap from ROM
*
* @param[out] fmap_out Double-pointer to location to store fmap contents.
* Caller must free allocated fmap contents.
* @param[in] flashctx Flash context
* @param[in] rom_offset Offset in ROM to begin search
* @param[in] len Length to search relative to rom_offset
*
* @return 0 on success,
* 2 if the fmap couldn't be read,
* 1 on any other error.
*/
int fmap_read_from_rom(struct fmap **fmap_out,
struct flashctx *const flashctx, size_t rom_offset, size_t len)
{
int ret;
if (!flashctx || !flashctx->chip)
return 1;
/*
* Binary search is used at first to see if we can find an fmap quickly
* in a usual location (often at a power-of-2 offset). However, once we
* reach a small enough stride the transaction overhead will reverse the
* speed benefit of using bsearch at which point we need to use brute-
* force instead.
*
* TODO: Since flashrom is often used with high-latency external
* programmers we should not be overly aggressive with bsearch.
*/
ret = fmap_bsearch_rom(fmap_out, flashctx, rom_offset, len, 256);
if (ret) {
msg_gdbg("Binary search failed, trying linear search...\n");
ret = fmap_lsearch_rom(fmap_out, flashctx, rom_offset, len);
}
return ret;
}
/* Read value from ACPI in sysfs, if it exists. */
__attribute__((unused)) static int read_fmap_base_acpi(uint32_t *out)
{
int rv = 0;
FILE *f;
if (!(f = fopen(ACPI_FMAP_PATH, "r")))
return -1;
/* FMAP base is an ASCII signed integer. */
if (fscanf(f, "%d", (int *)out) != 1)
rv = -1;
fclose(f);
if (rv)
msg_gdbg("%s: failed to read fmap_base from ACPI\n", __func__);
else
msg_gdbg("%s: read fmap_base from ACPI\n", __func__);
return rv;
}
/* Read value from FDT, if it exists. */
__attribute__((unused)) static int read_fmap_base_fdt(uint32_t *out)
{
int rv = 0;
uint32_t data;
FILE *f;
if (!(f = fopen(FDT_FMAP_PATH, "r")))
return -1;
/* Value is stored as network-byte order dword. */
if (fread(&data, sizeof(data), 1, f) != 1)
rv = -1;
else
*out = ntohl(data);
fclose(f);
if (rv)
msg_gdbg("%s: failed to read fmap_base from FDT\n", __func__);
else
msg_gdbg("%s: read fmap_base from FDT\n", __func__);
return rv;
}
/*
* Find the FMAP base from ACPI or FDT.
* @search: Search information
* @offset: Place to put offset
* @return 0 if offset found, -1 if not
*/
static int get_fmap_base(struct search_info *search, off_t *offset)
{
uint32_t fmap_base;
uint32_t from_top;
#if IS_X86
if (read_fmap_base_acpi(&fmap_base) < 0)
return -1;
#elif IS_ARM
if (read_fmap_base_fdt(&fmap_base) < 0)
return -1;
#else
return -1;
#endif
/*
* TODO(b/158017386): see if we can remove this hack. It may
* only apply to older platforms which are now AUE.
*
* There are 2 kinds of fmap_base.
*
* 1. Shadow ROM/BIOS area (x86), such as 0xFFxxxxxx.
* 2. Offset to start of flash, such as 0x00xxxxxx.
*
* The shadow ROM is a cached copy of the BIOS ROM which resides below
* 4GB host/CPU memory address space on x86. The top of BIOS address
* aligns to the last byte of address space, 0xFFFFFFFF. So to obtain
* the ROM offset when shadow ROM is used, we subtract the fmap_base
* from 4G minus 1.
*
* CPU address flash address
* space p space
* 0xFFFFFFFF +-------+ --- +-------+ 0x400000
* | | ^ | | ^
* | 4MB | | | | | from_top
* | | v | | v
* fmap_base--> | -fmap | ------|--fmap-|-- the offset we need.
* ^ | | | |
* | +-------+-------+-------+ 0x000000
* | | |
* | | |
* | | |
* | | |
* 0x00000000 +-------+
*
* We'll use bit 31 to determine if the shadow BIOS area is being used.
* This is sort of a hack, but allows us to perform sanity checking for
* older x86-based Chrome OS platforms.
*/
msg_gdbg("%s: fmap_base: %#x, ROM size: 0x%zx\n",
__func__, fmap_base, search->total_size);
if (fmap_base & (1 << 31)) {
from_top = 0xFFFFFFFF - fmap_base + 1;
msg_gdbg("%s: fmap is located in shadow ROM, from_top: %#x\n",
__func__, from_top);
if (from_top > search->total_size)
return -1;
*offset = search->total_size - from_top;
} else {
msg_gdbg("%s: fmap is located in physical ROM\n", __func__);
if (fmap_base > search->total_size)
return -1;
*offset = fmap_base;
}
msg_gdbg("%s: ROM offset: %#jx\n", __func__, (intmax_t)*offset);
return 0;
}
static int add_fmap_entries_from_buf(const uint8_t *buf)
{
struct fmap *fmap;
int i;
struct flashrom_layout *const layout = get_global_layout();
fmap = (struct fmap *)(buf);
for (i = 0; i < fmap->nareas; i++) {
if (layout->num_entries >= MAX_ROMLAYOUT) {
msg_gerr("ROM image contains too many regions\n");
return -1;
}
layout->entries[layout->num_entries].start = fmap->areas[i].offset;
/*
* Flashrom rom entries use absolute addresses. So for non-zero
* length entries, we need to subtract 1 from offset + size to
* determine the end address.
*/
layout->entries[layout->num_entries].end = fmap->areas[i].offset +
fmap->areas[i].size;
if (fmap->areas[i].size)
layout->entries[layout->num_entries].end--;
size_t name_len = sizeof(fmap->areas[i].name);
layout->entries[layout->num_entries].name = calloc(1, name_len);
memcpy(layout->entries[layout->num_entries].name, fmap->areas[i].name, name_len);
layout->entries[layout->num_entries].included = 0;
layout->entries[layout->num_entries].file = NULL;
msg_gdbg("added fmap region \"%s\", start: 0x%08x, end: 0x%08x\n",
layout->entries[layout->num_entries].name,
layout->entries[layout->num_entries].start,
layout->entries[layout->num_entries].end);
layout->num_entries++;
}
return layout->num_entries;
}
enum found_t {
FOUND_NONE,
FOUND_FMAP,
};
/* returns the number of entries added, or <0 to indicate error */
static int add_fmap_entries(void *source_handle,
size_t image_size,
int (*read_chunk)(void *handle,
void *dest,
size_t offset,
size_t size))
{
static enum found_t found = FOUND_NONE;
struct search_info search;
struct fmap fmap_header;
uint8_t *buf = NULL;
off_t offset;
struct flashrom_layout *const layout = get_global_layout();
if (found != FOUND_NONE) {
msg_gdbg("Already found fmap entries, not searching again.\n");
return 0;
}
search_init(&search, source_handle,
image_size, sizeof(fmap_header), read_chunk);
search.handler = get_fmap_base;
while (found == FOUND_NONE && !search_find_next(&search, &offset)) {
if (search.image) {
memcpy(&fmap_header, search.image + offset,
sizeof(fmap_header));
} else if (read_chunk(source_handle, (uint8_t *)&fmap_header,
offset, sizeof(fmap_header))) {
msg_gdbg("[L%d] failed to read flash at offset %#jx\n",
__LINE__, (intmax_t)offset);
return -1;
}
if (!is_valid_fmap(&fmap_header))
continue;
int buf_size = fmap_size(&fmap_header);
buf = calloc(1, buf_size);
if (read_chunk(source_handle, buf, offset, buf_size)) {
msg_gdbg("[L%d] failed to read %d bytes at offset 0x%lx\n",
__LINE__, buf_size, (unsigned long)offset);
return -1;
} else {
found = FOUND_FMAP;
}
}
switch (found) {
case FOUND_FMAP:
layout->num_entries = add_fmap_entries_from_buf(buf);
break;
default:
msg_gdbg("%s: no fmap present\n", __func__);
}
if (buf)
free(buf);
search_free(&search);
return layout->num_entries;
}
/*
* read_chunk() callback used when reading contents from a file.
*/
static int read_from_file(void *fhandle,
void *dest,
size_t offset,
size_t size)
{
FILE *handle = fhandle;
if (fseek(handle, offset, SEEK_SET)) {
msg_cerr("%s failed to seek to position %zd\n",
__func__, offset);
return 1;
}
if (fread(dest, 1, size, handle) != size) {
msg_cerr("%s failed to read %zd bytes\n",
__func__, offset);
return 1;
}
return 0;
}
/*
* read_chunk() callback used when reading contents from the flash device.
*/
static int read_from_flash(void *handle,
void *dest,
size_t offset,
size_t size)
{
struct flashctx *flash = handle;
return read_flash(flash, dest, offset, size);
}
int get_fmap_entries(const char *filename, struct flashctx *flash)
{
int rv;
size_t image_size = flash->chip->total_size * 1024;
/* Let's try retrieving entries from file. */
if (filename) {
FILE *handle;
handle = fopen(filename, "r");
if (handle) {
rv = add_fmap_entries(handle,
image_size, read_from_file);
fclose(handle);
if (rv > 0)
return rv;
msg_cerr("No fmap entries found in %s\n", filename);
}
}
return add_fmap_entries(flash, image_size, read_from_flash);
}