When dfu_fill_entity fail, need to free dfu to avoid memory leak.
Reported by Coverity:
"
Resource leak (RESOURCE_LEAK)
leaked_storage: Variable dfu going out of scope leaks the storage
it points to.
"
Signed-off-by: Peng Fan <van.freenix@gmail.com>
Cc: "Łukasz Majewski" <l.majewski@samsung.com>
Cc: Marek Vasut <marex@denx.de>
U-Boot typically interprets unprefixed numbers as base 16, and DFU RAM
entity parsing has historically done so. Reverse the change to default
to base 10, so that values in previously working command-lines aren't
mis-parsed, causing RAM corruption, crashes, hangs, etc.
Fixes: 6aeb877afef0 ("drivers: dfu: ram: fix a crash with dfu ram with invalid dfu_alt_info env")
Cc: Mugunthan V N <mugunthanvnm@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Mugunthan V N <mugunthanvnm@ti.com>
Tested-by: Mugunthan V N <mugunthanvnm@ti.com>
[Test HW: AM335x BBB]
U-Boot crashes when an invalid dfu_alt_info is set and tried
using dfu command. Fixing this as it is handled in dfu-mmc.
=> dfu 0 ram 0
data abort
pc : [<9ff893d6>] lr : [<9ff6edb9>]
reloc pc : [<808323d6>] lr : [<80817db9>]
sp : 9ef36cf0 ip : 00000158 fp : 9ffbc0b8
r10: 9ffbc0b8 r9 : 9ef36ed8 r8 : 00000000
r7 : 00000000 r6 : 9ffbc0c8 r5 : 9ef36cfc r4 : 9ef392c8
r3 : 00000004 r2 : 00000000 r1 : 9ff9a985 r0 : ffffffff
Flags: Nzcv IRQs off FIQs on Mode SVC_32
Resetting CPU ...
resetting ...
Signed-off-by: Mugunthan V N <mugunthanvnm@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Rename three partition functions so that they start with part_. This makes
it clear what they relate to.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Stephen Warren <swarren@nvidia.com>
Use 'struct' instead of a typdef. Also since 'struct block_dev_desc' is long
and causes 80-column violations, rename it to struct blk_desc.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
This will allow us to have multiple block device structs each referring
to the same eMMC device, yet different HW partitions.
For now, there is still a single block device per eMMC device. As before,
this block device always accesses whichever HW partition was most recently
selected. Clients wishing to make use of multiple block devices referring
to different HW partitions can simply take a copy of this block device
once it points at the correct HW partition, and use each one as they wish.
This feature will be used by the next patch.
In the future, perhaps get_device() could be enhanced to return a
dynamically allocated block device struct, to avoid the client needing to
copy it in order to maintain multiple block devices. However, this would
require all users to be updated to free those block device structs at some
point, which is rather a large change.
Most callers of mmc_switch_part() wish to permanently switch the default
MMC block device's HW partition. Enhance mmc_switch_part() so that it does
this. This removes the need for callers to do this. However,
common/env_mmc.c needs to save and restore the current HW partition. Make
it do this more explicitly.
Replace use of mmc_switch_part() with mmc_select_hwpart() in order to
remove duplicate code that skips the call if that HW partition is already
selected.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
This will allow the implementation to make use of data in the block_dev
structure beyond the base device number. This will be useful so that eMMC
block devices can encompass the HW partition ID rather than treating this
out-of-band. Equally, the existence of the priv field is crying out for
this patch to exist.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
parse_dev() alters the string pointed by devstr parameter. Due to this
subsequent parsing of sf entities will fail, as string pointed by devstr
is no longer valid sf dev arguments.
Fix this by passing pointer to the copy of the string to parse_dev
instead of pointer to the actual devstr.
Signed-off-by: Vignesh R <vigneshr@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
The dfu_alt_info_spl variable allows passing a starting point
for the binary to be flashed in the SPI NOR.
For example, if we have 'dfu_alt_info_spl=spl raw 0x400', this means
that we want to flash the binary starting at address 0x400.
In order to do so we need to erase the entire sector and write to
the the subsequent SPI NOR sectors taking such start address
into account for the address calculations.
Tested by succesfully writing SPL binary into 0x400 offset and
the u-boot.img at offset 64 kiB of a SPL NOR.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
[trini: Use lldiv for the math]
Signed-off-by: Tom Rini <trini@konsulko.com>
SPI NOR flashes need to erase the entire sector size and we cannot pass
any arbitrary length for the erase operation.
To illustrate the problem:
Copying data from PC to DFU device
Download [=========================] 100% 478208 bytes
Download done.
state(7) = dfuMANIFEST, status(0) = No error condition is present
state(10) = dfuERROR, status(14) = Something went wrong, but the
device does not know what it was
Done!
In this case, the binary has 478208 bytes and the M25P32 SPI NOR
has an erase sector of 64kB.
478208 = 7 entire sectors of 64kiB + 19456 bytes.
Erasing the first seven 64 kB sectors works fine, but when trying
to erase the remainding 19456 causes problem and the board hangs.
Fix the issue by always erasing with the erase sector size.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
When writing to files in a filesystem on MMC, dfu_mmc.c buffers up the
entire file content until the end of the transaction, at which point the
file is written in one go. This allows writing files larger than the USB
transfer size (CONFIG_SYS_DFU_DATA_BUF_SIZE); the maximum written file
size is CONFIG_SYS_DFU_MAX_FILE_SIZE (the size of the temporary buffer).
The current file reading code does not do any buffering, and so limits
the maximum read file size to the USB transfer size. Enhance the code to
do the same kind of buffering as the write path, so the same file size
limits apply.
Remove the size checking code from dfu_read() since all read paths now
support larger files than the USB transfer buffer.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
DFU currently allocates buffer memory at the start of each data transfer
operation and frees it at the end. Especially since memalign() is used to
allocate the buffer, and various other allocations happen during the
transfer, this can expose the code to heap fragmentation, which prevents
the allocation from succeeding on subsequent transfers.
Fix the code to allocate the buffer once when DFU mode is initialized,
and free the buffer once when DFU mode is exited, to reduce the exposure
to heap fragmentation.
The failure mode is:
// Internally to memalign(), this allocates a lot more than s to guarantee
// that alignment can occur, then returns chunks of memory at the start/
// end of the allocated buffer to the heap.
p = memalign(a, s);
// Various other malloc()s occur here, some of which allocate the RAM
// immediately before/after "p".
//
// DFU transfer is complete, so buffer is released.
free(p);
// By chance, no other malloc()/free() here, in DFU at least.
//
// A new DFU transfer starts, so the buffer is allocated again.
// In theory this should succeed since we just free()d a buffer of the
// same size. However, this fails because memalign() internally attempts
// to allocate much more than "s", yet free(p) above only free()d a
// little more than "s".
p = memalign(a, s);
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
The dfu tftp feature can be now enabled via Kconfig. This
commit provides necessary code for it.
Signed-off-by: Lukasz Majewski <l.majewski@majess.pl>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
This function allows writing via DFU data stored from fixed buffer address
(like e.g. loadaddr env variable).
Such predefined buffers are used in the update_tftp() code. In fact this
function is a wrapper on the dfu_write() and dfu_flush().
Signed-off-by: Lukasz Majewski <l.majewski@majess.pl>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
This commit adds initial support for using tftp for downloading and
upgrading firmware on the device.
Signed-off-by: Lukasz Majewski <l.majewski@majess.pl>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
After extension of the dfu_get_buf() to also setup (implicitly) the dfu_buf_size
variable it is not needed to set dfu_buf_size to CONFIG_SYS_DFU_DATA_BUF_SIZE.
This variable is set in the dfu_get_buf() by not only considering
CONFIG_SYS_DFU_DATA_BUF but more importantly the "dfu_bufsiz" env variable.
Therefore, dfu_get_buf() should be used for initialization.
Signed-off-by: Lukasz Majewski <l.majewski@majess.pl>
Reviewed-by: Przemyslaw Marczak <p.marczak@samsung.com>
Use %p to print pointers.
The max value of (i_buf - i_buf_start) should be dfu_buf_size, which is
an unsigned long, so cast the pointer difference to that type to print.
Change-Id: Iee242df9f8eb091aecfe0cea4c282b28b547acfe
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
This introduces a coherent scheme for naming USB download gadget and functions
config options. The download USB gadget config option is moved to
CONFIG_USB_GADGET_DOWNLOAD for better consistency with other gadgets and each
function's config option is moved to a CONFIG_USB_FUNCTION_ prefix.
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
Test HW: Odroid_XU3 (Exynos5422), trats (Exynos4210)
Previously NAND writes were not verified and could fail silently. Add
a verification step after all writes to NAND.
Signed-off-by: Peter Tyser <ptyser@xes-inc.com>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
Tested-by: Heiko Schocher <hs@denx.de>
Acked-by: Heiko Schocher <hs@denx.de>
For writing files, DFU implementation requires the file buffer
with the len at least of file size. For big files it requires
the same big buffer.
Previously the file buffer was allocated as a static variable,
so it was a part of U-Boot .bss section. For 32MiB len of buffer
we have 32MiB of additional space, required for this section.
The .bss needs to be cleared after the relocation.
This introduces an additional boot delay at every start, but usually
the dfu feature is not required at the standard boot, so the buffer
should be allocated only if required.
This patch removes the static allocation of this buffer,
and alloc it with memalign after first call of function:
- dfu_fill_entity_mmc()
and the buffer is freed on dfu_free_entity() call.
This was tested on Trats2.
A quick test with trace. Boot time from start to main_loop() entry:
- ~888ms - before this change (arch memset enabled for .bss clear)
- ~464ms - after this change
Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Lukasz Majewski <l.majewski@samsung.com>
Cc: Stephen Warren <swarren@nvidia.com>
Cc: Pantelis Antoniou <panto@antoniou-consulting.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Marek Vasut <marek.vasut@gmail.com>
This common call can be used for setting proper entities based
on dfu command arguments.
The config: CONFIG_SET_DFU_ALT_INFO, was used only for few configs,
and now it is common.
The board file should implement:
- set_dfu_alt_info() function
Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
[Test HW: Odroid U3 (Exynos 4412)]
In function dfu_get_buf(), the size of allocated buffer could
be defined by the env variable. The size from this variable
was passed for memalign() without checking its value.
And the the memalign will return non null pointer for size 0.
This could possibly cause data abort, so now the value of var
is checked before use. And if this variable is set to 0 then
the default size will be used.
This commit also changes the base passed to simple_strtoul()
to 0. Now decimal and hex values can be used for the variable
dfu_bufsiz.
Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
[TestHW: Exynos4412-Trats2]
The function mmc_block_op() is the last function before
the physicall data write, but the mmc device pointer is not
checked. If mmc device not exists, then data abort will occur.
To avoid this, first the mmc device pointer is checked.
Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
[TestHW: Exynos4412-Trats2]
In order to add detach functions for fastboot, make the DFU detach related
functions common so they can be shared.
Signed-off-by: Rob Herring <robh@kernel.org>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
[TestHW: Exynos4412-Trats2]
U-Boot has never cared about the type when we get max/min of two
values, but Linux Kernel does. This commit gets min, max, min3, max3
macros synced with the kernel introducing type checks.
Many of references of those macros must be fixed to suppress warnings.
We have two options:
- Use min, max, min3, max3 only when the arguments have the same type
(or add casts to the arguments)
- Use min_t/max_t instead with the appropriate type for the first
argument
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Pavel Machek <pavel@denx.de>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
[trini: Fixup arch/blackfin/lib/string.c]
Signed-off-by: Tom Rini <trini@ti.com>
Recently the ext4 file system imposed passing absolute path with its file
name parameter.
As a result dfu_alt_info env variable has been modified to provide absolute
path when ext4 file system is accessed (e.g. /uImage ext4 0 2;).
Unfortunately, lthor flashing program provides plain file name (like uImage)
and hence those two file names do not match anymore.
Presented commit also allows lthor to write files to sub directories (like
/boot/bin/uImage).
Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Reviewed-by: Marek Vasut <marex@denx.de>
Some files are using SPI functions but not explitly including the SPI
header file. Fix this, since driver model needs it.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Jagannadha Sutradharudu Teki <jagannadh.teki@gmail.com>
This would be useful to start moving various config options.
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
This commit provides distinction between DFU device detach and reset.
The -R behavior is preserved with proper handling of the dfu-util's -e
switch, which detach the DFU device.
By running dfu-util -e; one can force device to finish the execution of
dfu command on target and execute some other scripted commands.
Moreover, some naming has been changed - the dfu_reset() method now is known
as dfu_detach(). New name better reflects the purpose of the code.
It was also necessary to increase the number of usb_gadget_handle_interrupts()
calls since we also must wait for detection of the USB reset event.
Example usage:
1. -e (detach) switch
dfu-util -a0 -D file1.bin;dfu-util -a3 -D uImage;dfu-util -e
access to u-boot prompt.
2. -R (reset) switch
dfu-util -a0 -D file1.bin;dfu-util -R -a3 -D uImage
target board reset
Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
The buffer is too small if it's < size to read, not if it's <= the size.
This fixes the 1MB test case on Tegra, which has a 1MB buffer.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This allows the backend to free any resources allocated during the
relevant dfu_fill_entity_*() call. This will soon be used by the
SF backend.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
CONFIG_SYS_DFU_DATA_BUF_SIZE may be large to allow for FAT/ext layouts
to transfer large files. However, this means that individual write
operations will take a long time. Allow backends to specify a maximum
buffer size, so that each write operation is limited to a smaller data
block. This prevents the DFU protocol from timing out when e.g. writing
to SPI flash. I would guess that NAND might benefit from setting this
value too, but I can't test that.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Devices are not all identified by a single integer. To support
this, defer the parsing of the device string to the IO backed, so that
it can apply the appropriate rules.
SPI devices are specified as controller:chip_select. SPI/SF support will
be added soon.
MMC devices can also be specified as controller[.hwpart][:partition] in
many commands, although we don't support that syntax in DFU.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Fix calls to dfu_write() and dfu_flush() to detect errors in the I/O
itself. This could happen due to problems with the storage medium, or
simply when trying to write a FAT/ext file that is larger than the buffer
dfu_mmc.c maintains for this purpose.
Signal the error by switching the DFU state/status. This will be picked
up by the DFU client when it sends the next DFU request. Note that errors
can't simply be returned from e.g. dnload_request_complete(), since that
function has no way to pass errors back to the DFU client; a call to
dnload_request_complete() simply means that a USB OUT completed.
This error state/status needs to be cleared when the next DFU client
connects. While there is a DFU_CLRSTATUS request, no DFU client seems to
send this. Hence, clear this when selecting the USB alternate setting on
the USB interface.
Finally, dfu.c relies on a call to dfu_flush() to clear up the internal
state of the write transaction. Now that errors in dfu_write() are
detected, dfu_flush() may no longer be called for every transaction.
Separate out the cleanup code into a new function, and call it whenever
dfu_write() fails, as well as from any call to dfu_flush().
Signed-off-by: Stephen Warren <swarren@nvidia.com>
DFU read support appears to rely upon dfu->read_medium() updating the
passed-by-reference len parameter to indicate the remaining size
available for reading.
dfu_read_medium_mmc() never does this, and the implementation of
dfu_read_medium_nand() will only work if called just once; it hard-codes
the value to the total size of the NAND device irrespective of read
offset.
I believe that overloading dfu->read_medium() is confusing. As such,
this patch introduces a new function dfu->get_medium_size() which can
be used to explicitly find out the medium size, and nothing else.
dfu_read() is modified to use this function to set the initial value for
dfu->r_left, rather than attempting to use the side-effects of
dfu->read_medium() for this purpose.
Due to this change, dfu_read() must initially set dfu->b_left to 0, since
no data has been read.
dfu_read_buffer_fill() must also be modified not to adjust dfu->r_left
when simply copying data from dfu->i_buf_start to the upload request
buffer. r_left represents the amount of data left to be read from HW.
That value is not affected by the memcpy(), but only by calls to
dfu->read_medium().
After this change, I can read from either a 4MB or 1.5MB chunk of a 4MB
eMMC boot partion with CONFIG_SYS_DFU_DATA_BUF_SIZE==1MB. Without this
change, attempting to do that would result in DFU read returning no data
at all due to r_left never being set.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Patch (SHA1: bd694244db)
dfu: Introduction of the "dfu_hash_algo" env variable for checksum method
setting
already introduced more generic handling of the crc32 calculation.
Up till now the CRC32 of received data was calculated unconditionally.
This patch changes this and from now - by default the crc32 is NOT
calculated anymore.
Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Cc: Marek Vasut <marex@denx.de>
Up till now the CRC32 of received data was calculated unconditionally.
The standard crc32 implementation causes long delay when large images
were uploaded.
The "dfu_hash_algo" environment variable gives the opportunity to
disable on demand the hash (crc32) calculation.
It can be done without the need to recompile the u-boot binary.
By default the crc32 is calculated, which means that legacy behavior
has been preserved.
Tests results:
400 MiB ums.img file
With crc32 calculation: 65 sec [avg 6.29 MB/s]
Without crc32 calculation: 25 sec [avg 16.17 MB/s]
Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Cc: Marek Vasut <marex@denx.de>
Before this patch it was only possible to access the default eMMC HW
partition. By partition selection I mean the access to eMMC via the
ext_csd[179] register programming.
It sometimes happens that it is necessary to write to other partitions.
This patch adds extra attribute to "raw" sub type of the dfu_alt_info
environment variable (e.g. boot-mmc.bin raw 0x0 0x200 mmcpart 1;)
It saves the original boot value and restores it after storing the file.
Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Before dfu write and flush operations separation,
dfu write data was flushed by host download request
with len of zero size.
Since above change manually calling dfu write with zero
size has non sense (e.g. in THOR). This should be done by
flush operation.
So now dfu_write_buffer_drain() is called in dfu_flush().
If there is any raw data to flush (like it can be in thor)
then it will be physically written to medium.
Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
Cc: Lukasz Majewski <l.majewski@samsung.com>
Cc: Heiko Schocher <hs@denx.de>
Cc: Marek Vasut <marex@denx.de>
add a possibility to add a medium specific polltimeout
function. So it is possible to define different
poll timeouts.
Used on nand medium, for setting the DFU_MANIFEST_POLL_TIMEOUT
only on nand ubi partitions, which is currently the only
usecase.
Change-Id: If1db5f49b32d93fefa7481e8dfe5b7ccc0e65af4
Signed-off-by: Heiko Schocher <hs@denx.de>
Cc: Kyungmin Park <kyungmin.park@samsung.com>
Cc: Marek Vasut <marex@denx.de>
Cc: Pantelis Antoniou <panto@antoniou-consulting.com>
Reviewed-by: Marek Vasut <marex@denx.de>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Previously offsets handled by dfu_fill_entity_mmc(), defined in boards'
CONFIG_DFU_ALT were treated as hexadecimal regardless of their prefix,
which sometimes led to confusion. This patch forces usage of explicit
numerical base prefixes.
Signed-off-by: Mateusz Zalega <m.zalega@samsung.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Cc: Tom Rini <trini@ti.com>
Cc: Minkyu Kang <mk7.kang@samsung.com>
When user attempted to perform a raw write using DFU (vide
dfu_fill_entity_mmc) with MMC interface not initialized before,
get_mmc_blk_size() reported invalid (zero) block size - it wasn't
possible to write ie. a new u-boot image.
This commit fixes that by initializing MMC device before use in
dfu_fill_entity_mmc().
While fixing initialization sequence, I had to change about half of
dfu_fill_entity_mmc's body, so I refactored it on the way to make it,
IMHO, considerably more comprehensible.
Being left as dead code, get_mmc_blk_size() was removed.
Tested on Samsung Goni.
Signed-off-by: Mateusz Zalega <m.zalega@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Acked-by: Tom Rini <trini@ti.com>
Cc: Minkyu Kang <mk7.kang@samsung.com>
This patch remove always false (since we tested ret = 0) ternary operator
with ret value returned.
Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
For some time we have been using the run_command() with properly crafted
string. Such approach turned to be unreliable and error prone.
Switch to "native" mmc subsystem API would allow better type checking and
shall improve speed.
Also, it seems that this API is changing less often than u-boot commands.
The approach similar to env operations on the eMMC has been reused.
Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>