This unbreaks dfu mmc_file_op which is currently broken since using the
load cmd on a buffer from heap is not allowed - added with
commit aa3c609e2b ("fs: prevent overwriting reserved memory")
Fixes: commit aa3c609e2b ("fs: prevent overwriting reserved memory")
Reported-by: Stephen Warren <swarren@wwwdotorg.org>
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
Acked-by: Lukasz Majewski <lukma@denx.de>
Do this by using $(SPL_) in Makefiles and CONFIG_IS_ENABLED in C code.
This ensures the files and features are only built into the right build
for which they are enabled. Using the macros to simplify this patch was
made possible by the config symbol rename done in the last patch.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Acked-by: Lukasz Majewski <lukma@denx.de>
dfu_fill_entity_nand() uses find_dev_and_part() and mtdparts_init()
which are provided by cmd/mtdparts.c.
Add the dependency to avoid build failures when CMD_MTDPARTS is not
selected.
Reported-by: Jagan Teki <jagan@amarulasolutions.com>
Fixes: 6828e602b7 ("dfu: Migrate to Kconfig")
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
Reviewed-by: Jagan Teki <jagan@openedev.com>
It might be useful for user to see some human-readable root cause
message in addition to "configuration failed" message, so that the issue
can be fixed quickly.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
In case of error in dfu_init_env_entities(), env_bkp will leak. Fix it
by providing single return path.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Commit 5d8fae7916 ("dfu: avoid memory leak") brings a regression which
described below. This patch is effectively reverting that commit, adding
corresponding comment to avoid such regressions in future.
In case of error in dfu_config_entities(), it frees "dfu" array, which
leads to "data abort" in dfu_free_entities(), which tries to free the
same array (and even tries to access it from linked list first). The
issue occurs e.g. when partition table on device does not match
$dfu_alt_info layout:
=> dfu 0 mmc 1
Couldn't find part #2 on mmc device #1
DFU entities configuration failed!
data abort
To fix this issue, do not free "dfu" array in dfu_config_entities(). It
will be freed later in dfu_free_entities().
Tested on BeagleBone Black (where this regression was originally found).
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
Fix two build warnings when building for arm64:
drivers/dfu/dfu_tftp.c: In function ‘dfu_tftp_write’:
drivers/dfu/dfu_tftp.c:59:37: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
ret = dfu_write_from_mem_addr(dfu, (void *)addr, len);
^
and
drivers/dfu/dfu_tftp.c: In function ‘dfu_tftp_write’:
drivers/dfu/dfu_tftp.c:41:8: warning: format ‘%u’ expects argument of type ‘unsigned int’, but argument 4 has type ‘__kernel_size_t {aka long unsigned int}’ [-Wformat=]
debug("%s: image name: %s strlen: %u\n", __func__, sb, strlen(sb));
^
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Lukasz Majewski <lukma@denx.de>
Do the following to make the symbol names less confusing.
sed -i "s/\([TU][^_]\+\)_FUNCTION_DFU/DFU_OVER_\1/g" \
`git grep _FUNCTION_DFU | cut -d ":" -f 1 | sort -u`
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Lukasz Majewski <lukma@denx.de>
Clean up the screaming mess of configuration options that DFU is.
It was impossible to configure DFU such that TFTP is enabled and
USB is not, this patch fixes that and assures that DFU TFTP and
DFU USB can be enabled separatelly and that the correct pieces
of code are compiled in.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Lukasz Majewski <lukma@denx.de>
The DFU code relies on the HASH config option. Make sure it is always there
by selecting it.
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Reviewed-by: Jagan Teki <jagan@openedev.com>
U-Boot widely uses error() as a bit noisier variant of printf().
This macro causes name conflict with the following line in
include/linux/compiler-gcc.h:
# define __compiletime_error(message) __attribute__((error(message)))
This prevents us from using __compiletime_error(), and makes it
difficult to fully sync BUILD_BUG macros with Linux. (Notice
Linux's BUILD_BUG_ON_MSG is implemented by using compiletime_assert().)
Let's convert error() into now treewide-available pr_err().
Done with the help of Coccinelle, excluing tools/ directory.
The semantic patch I used is as follows:
// <smpl>
@@@@
-error
+pr_err
(...)
// </smpl>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Re-run Coccinelle]
Signed-off-by: Tom Rini <trini@konsulko.com>
We are now using an env_ prefix for environment functions. Rename these
two functions for consistency. Also add function comments in common.h.
Quite a few places use getenv() in a condition context, provoking a
warning from checkpatch. These are fixed up in this patch also.
Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
- factorize code between read and write transaction
- always use dfu_transaction_cleanup() to initialize
the internal variable: easy maintenance
- replace direct access by dfu_get_buf() and dfu_get_buf_size()
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change long (32 bits on arm) to u64 (same type than offset)
for size and read offset r_left
So partition and device used for DFU can be greater than 4GB
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
solve issue on get_medium_size() function
the detection of error is a simple test < 0
but for ARM platform, long is 32bits and 2GB = 0x80000000
is seen as error.
I solve the issue by changing the prototype fo the function
to separate size and result.
This patch prepare the next patch with size change to u64.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
As part of preparation for nand DM conversion the new API has been
introduced to remove direct access to nand_info array. So, use it here
instead of accessing to nand_info array directly.
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
The SPL-DFU feature enable to load and
execute u-boot from RAM over usb from
PC using dfu-util.
Hence dfu-reset should not be issued
when dfu-util -R switch is issued.
Signed-off-by: Ravi Babu <ravibabu@ti.com>
Introduce a hidden USB_FUNCTION_DFU Kconfig option and select it for
CMD_DFU (as we must have the DFU command enabled to do anything DFU).
Make all of the entries in drivers/dfu/Kconfig depend on CMD_DFU and add
options for all of the back end choices that DFU can make use of.
Cc: Lukasz Majewski <l.majewski@samsung.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Now that nand_info[] is an array of pointers we need to test the
pointer itself rather than using name as a proxy for NULLness.
Fixes: b616d9b0a7 ("nand: Embed mtd_info in struct nand_chip")
Signed-off-by: Scott Wood <oss@buserror.net>
Cc: Lukasz Majewski <l.majewski@samsung.com>
Cc: Tony Lindgren <tony@atomide.com>
Acked-by: Tony Lindgren <tony@atomide.com>
writting to ubi nand partitions need after write ends an erase
of the remaining sectors. This fail, if dfu write size was not
a multiple of erasesize, example log:
Failure erase: -1
Fix this error.
Signed-off-by: Heiko Schocher <hs@denx.de>
nand_info[] is now an array of pointers, with the actual mtd_info
instance embedded in struct nand_chip.
This is in preparation for syncing the NAND code with Linux 4.6,
which makes the same change to struct nand_chip. It's in a separate
commit due to the large amount of changes required to accommodate the
change to nand_info[].
Signed-off-by: Scott Wood <oss@buserror.net>
When dfu_fill_entity fail, need to free dfu to avoid memory leak.
Reported by Coverity:
"
Resource leak (RESOURCE_LEAK)
leaked_storage: Variable dfu going out of scope leaks the storage
it points to.
"
Signed-off-by: Peng Fan <van.freenix@gmail.com>
Cc: "Łukasz Majewski" <l.majewski@samsung.com>
Cc: Marek Vasut <marex@denx.de>
U-Boot typically interprets unprefixed numbers as base 16, and DFU RAM
entity parsing has historically done so. Reverse the change to default
to base 10, so that values in previously working command-lines aren't
mis-parsed, causing RAM corruption, crashes, hangs, etc.
Fixes: 6aeb877afef0 ("drivers: dfu: ram: fix a crash with dfu ram with invalid dfu_alt_info env")
Cc: Mugunthan V N <mugunthanvnm@ti.com>
Cc: Tom Rini <trini@konsulko.com>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Mugunthan V N <mugunthanvnm@ti.com>
Tested-by: Mugunthan V N <mugunthanvnm@ti.com>
[Test HW: AM335x BBB]
U-Boot crashes when an invalid dfu_alt_info is set and tried
using dfu command. Fixing this as it is handled in dfu-mmc.
=> dfu 0 ram 0
data abort
pc : [<9ff893d6>] lr : [<9ff6edb9>]
reloc pc : [<808323d6>] lr : [<80817db9>]
sp : 9ef36cf0 ip : 00000158 fp : 9ffbc0b8
r10: 9ffbc0b8 r9 : 9ef36ed8 r8 : 00000000
r7 : 00000000 r6 : 9ffbc0c8 r5 : 9ef36cfc r4 : 9ef392c8
r3 : 00000004 r2 : 00000000 r1 : 9ff9a985 r0 : ffffffff
Flags: Nzcv IRQs off FIQs on Mode SVC_32
Resetting CPU ...
resetting ...
Signed-off-by: Mugunthan V N <mugunthanvnm@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Rename three partition functions so that they start with part_. This makes
it clear what they relate to.
Signed-off-by: Simon Glass <sjg@chromium.org>
Tested-by: Stephen Warren <swarren@nvidia.com>
Use 'struct' instead of a typdef. Also since 'struct block_dev_desc' is long
and causes 80-column violations, rename it to struct blk_desc.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
This will allow us to have multiple block device structs each referring
to the same eMMC device, yet different HW partitions.
For now, there is still a single block device per eMMC device. As before,
this block device always accesses whichever HW partition was most recently
selected. Clients wishing to make use of multiple block devices referring
to different HW partitions can simply take a copy of this block device
once it points at the correct HW partition, and use each one as they wish.
This feature will be used by the next patch.
In the future, perhaps get_device() could be enhanced to return a
dynamically allocated block device struct, to avoid the client needing to
copy it in order to maintain multiple block devices. However, this would
require all users to be updated to free those block device structs at some
point, which is rather a large change.
Most callers of mmc_switch_part() wish to permanently switch the default
MMC block device's HW partition. Enhance mmc_switch_part() so that it does
this. This removes the need for callers to do this. However,
common/env_mmc.c needs to save and restore the current HW partition. Make
it do this more explicitly.
Replace use of mmc_switch_part() with mmc_select_hwpart() in order to
remove duplicate code that skips the call if that HW partition is already
selected.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
This will allow the implementation to make use of data in the block_dev
structure beyond the base device number. This will be useful so that eMMC
block devices can encompass the HW partition ID rather than treating this
out-of-band. Equally, the existence of the priv field is crying out for
this patch to exist.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
parse_dev() alters the string pointed by devstr parameter. Due to this
subsequent parsing of sf entities will fail, as string pointed by devstr
is no longer valid sf dev arguments.
Fix this by passing pointer to the copy of the string to parse_dev
instead of pointer to the actual devstr.
Signed-off-by: Vignesh R <vigneshr@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
The dfu_alt_info_spl variable allows passing a starting point
for the binary to be flashed in the SPI NOR.
For example, if we have 'dfu_alt_info_spl=spl raw 0x400', this means
that we want to flash the binary starting at address 0x400.
In order to do so we need to erase the entire sector and write to
the the subsequent SPI NOR sectors taking such start address
into account for the address calculations.
Tested by succesfully writing SPL binary into 0x400 offset and
the u-boot.img at offset 64 kiB of a SPL NOR.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
[trini: Use lldiv for the math]
Signed-off-by: Tom Rini <trini@konsulko.com>
SPI NOR flashes need to erase the entire sector size and we cannot pass
any arbitrary length for the erase operation.
To illustrate the problem:
Copying data from PC to DFU device
Download [=========================] 100% 478208 bytes
Download done.
state(7) = dfuMANIFEST, status(0) = No error condition is present
state(10) = dfuERROR, status(14) = Something went wrong, but the
device does not know what it was
Done!
In this case, the binary has 478208 bytes and the M25P32 SPI NOR
has an erase sector of 64kB.
478208 = 7 entire sectors of 64kiB + 19456 bytes.
Erasing the first seven 64 kB sectors works fine, but when trying
to erase the remainding 19456 causes problem and the board hangs.
Fix the issue by always erasing with the erase sector size.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
When writing to files in a filesystem on MMC, dfu_mmc.c buffers up the
entire file content until the end of the transaction, at which point the
file is written in one go. This allows writing files larger than the USB
transfer size (CONFIG_SYS_DFU_DATA_BUF_SIZE); the maximum written file
size is CONFIG_SYS_DFU_MAX_FILE_SIZE (the size of the temporary buffer).
The current file reading code does not do any buffering, and so limits
the maximum read file size to the USB transfer size. Enhance the code to
do the same kind of buffering as the write path, so the same file size
limits apply.
Remove the size checking code from dfu_read() since all read paths now
support larger files than the USB transfer buffer.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
DFU currently allocates buffer memory at the start of each data transfer
operation and frees it at the end. Especially since memalign() is used to
allocate the buffer, and various other allocations happen during the
transfer, this can expose the code to heap fragmentation, which prevents
the allocation from succeeding on subsequent transfers.
Fix the code to allocate the buffer once when DFU mode is initialized,
and free the buffer once when DFU mode is exited, to reduce the exposure
to heap fragmentation.
The failure mode is:
// Internally to memalign(), this allocates a lot more than s to guarantee
// that alignment can occur, then returns chunks of memory at the start/
// end of the allocated buffer to the heap.
p = memalign(a, s);
// Various other malloc()s occur here, some of which allocate the RAM
// immediately before/after "p".
//
// DFU transfer is complete, so buffer is released.
free(p);
// By chance, no other malloc()/free() here, in DFU at least.
//
// A new DFU transfer starts, so the buffer is allocated again.
// In theory this should succeed since we just free()d a buffer of the
// same size. However, this fails because memalign() internally attempts
// to allocate much more than "s", yet free(p) above only free()d a
// little more than "s".
p = memalign(a, s);
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
The dfu tftp feature can be now enabled via Kconfig. This
commit provides necessary code for it.
Signed-off-by: Lukasz Majewski <l.majewski@majess.pl>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
This function allows writing via DFU data stored from fixed buffer address
(like e.g. loadaddr env variable).
Such predefined buffers are used in the update_tftp() code. In fact this
function is a wrapper on the dfu_write() and dfu_flush().
Signed-off-by: Lukasz Majewski <l.majewski@majess.pl>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
This commit adds initial support for using tftp for downloading and
upgrading firmware on the device.
Signed-off-by: Lukasz Majewski <l.majewski@majess.pl>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
After extension of the dfu_get_buf() to also setup (implicitly) the dfu_buf_size
variable it is not needed to set dfu_buf_size to CONFIG_SYS_DFU_DATA_BUF_SIZE.
This variable is set in the dfu_get_buf() by not only considering
CONFIG_SYS_DFU_DATA_BUF but more importantly the "dfu_bufsiz" env variable.
Therefore, dfu_get_buf() should be used for initialization.
Signed-off-by: Lukasz Majewski <l.majewski@majess.pl>
Reviewed-by: Przemyslaw Marczak <p.marczak@samsung.com>
Use %p to print pointers.
The max value of (i_buf - i_buf_start) should be dfu_buf_size, which is
an unsigned long, so cast the pointer difference to that type to print.
Change-Id: Iee242df9f8eb091aecfe0cea4c282b28b547acfe
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
This introduces a coherent scheme for naming USB download gadget and functions
config options. The download USB gadget config option is moved to
CONFIG_USB_GADGET_DOWNLOAD for better consistency with other gadgets and each
function's config option is moved to a CONFIG_USB_FUNCTION_ prefix.
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
Test HW: Odroid_XU3 (Exynos5422), trats (Exynos4210)
Previously NAND writes were not verified and could fail silently. Add
a verification step after all writes to NAND.
Signed-off-by: Peter Tyser <ptyser@xes-inc.com>
Reviewed-by: Lukasz Majewski <l.majewski@samsung.com>
Tested-by: Heiko Schocher <hs@denx.de>
Acked-by: Heiko Schocher <hs@denx.de>
For writing files, DFU implementation requires the file buffer
with the len at least of file size. For big files it requires
the same big buffer.
Previously the file buffer was allocated as a static variable,
so it was a part of U-Boot .bss section. For 32MiB len of buffer
we have 32MiB of additional space, required for this section.
The .bss needs to be cleared after the relocation.
This introduces an additional boot delay at every start, but usually
the dfu feature is not required at the standard boot, so the buffer
should be allocated only if required.
This patch removes the static allocation of this buffer,
and alloc it with memalign after first call of function:
- dfu_fill_entity_mmc()
and the buffer is freed on dfu_free_entity() call.
This was tested on Trats2.
A quick test with trace. Boot time from start to main_loop() entry:
- ~888ms - before this change (arch memset enabled for .bss clear)
- ~464ms - after this change
Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Cc: Lukasz Majewski <l.majewski@samsung.com>
Cc: Stephen Warren <swarren@nvidia.com>
Cc: Pantelis Antoniou <panto@antoniou-consulting.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Marek Vasut <marek.vasut@gmail.com>
