When parsing the dfu_alt_info, check the number of arguments
and argument string strictly. If there is any garbage data
(which is not able to be parsed correctly) in dfu_alt_info,
that means something wrong and user may make a typo or mis-
understanding about the syntax. Since the dfu_alt_info is
used for updating the firmware, this mistake may lead to
brick the hardware.
Thus it should be checked strictly for making sure there
is no mistake.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
If dfu_alt_info has repeated spaces or tab (for indentation or
readability), the dfu fails to parse it. For example, if
dfu_alt_info="mtd nor1=image raw 100000 200000" (double spaces
after "raw"), the image entity start address is '0' and the size
'0x100000'. This is because the repeated space is not skipped.
Use space and tab as a separater and apply skip_spaces() to
skip redundant spaces and tabs.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Use strlcpy() instead of strcpy() to prevent copying the
entity name over the name buffer size.
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Currently output of dfu commands ends on a line with leading hash signs
('#'). The succeeding output should be placed on a new line.
After writing updates via dfu print a new line.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Add error callback in dfu stack to manage some board specific
behavior on DFU targets.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Define a new 'SCRIPT' type for DFU entities. The downloaded data are
treated as simple u-boot's scripts and executed with run_command_list()
function.
Flashing the 'SCRIPT' entity might result in changing the 'dfu_alt_info'
environment variable from the flashed script, so add a global variable
for tracking the potential need to reinitialize the dfu_alt_info related
structures.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Define a new 'SKIP' type for the DFU entities. The flashed data for that
entity is simply ignored without returning any error values.
This allows to have one flashing procedure and images for the different
board types or variants, where each board uses only the images relevant
to it and skips the rest. This is especially usefull for the THOR
protocol, which usually transfers more than one file in a single session.
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Reviewed-by: Minkyu Kang <mk7.kang@samsung.com>
[mszyprow: rephrased commit message and docs for easier reading, changed
subject to "dfu: add 'SKIP' entity"]
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
This variable will be utilized to enumerate all dfu entities
for UEFI capsule firmware update in a later commit.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Tom Rini <trini@konsulko.com>
When the `dfu` command is called from the U-Boot environment,
it now accepts an optional parameter that specifies a timeout (in seconds).
If a DFU connection is not made within that time the `dfu` command exits
(as it would if Ctrl+C was pressed). If the timeout is left empty or being
zero the `dfu` command behaves as it does now.
This is useful for allowing U-Boot to check to see if anything wants to
upload new firmware before continuing to boot.
The patch is based on the commit
5e966ccc3c
by Sebastien Colleur, which has been heavily reworked due to U-Boot changes
in the past.
Signed-off-by: Brad Campbell <bradjc5@gmail.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Add weak callback to allow board specific behavior
- flush
- initiated
This patch prepare usage of DFU back end for communication with
STM32CubeProgrammer on stm32mp1 platform with stm32prog command.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Add a virtual DFU backend to allow board specific read and write
(for OTP update for example).
Acked-by: Lukasz Majewski <lukma@denx.de>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Add DFU backend for MTD device: allow to read
and write on all MTD device (NAND, SPI-NOR,
SPI-NAND,...)
For example :
> set dfu_alt_info "nand_raw raw 0x0 0x100000"
> dfu 0 mtd nand0
This MTD backend provides the same level than dfu nand
backend for NAND and dfu sf backend for SPI-NOR;
So it can replace booth of them but it also
add support of spi-nand.
> set dfu_alt_info "nand_raw raw 0x0 0x100000"
> dfu 0 mtd spi-nand0
The backend code is based on the "mtd" command
introduced by commit 5db66b3aee ("cmd: mtd:
add 'mtd' command")
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
This patch allows the DFU backend to indicate that that it can't
provide no more data to fill the DFU buffer, by setting b_left =0
without error, even if the size of received data is lower of the
expected total size indicated by get_medium_size.
For USB DFU stack point of view, it is acceptable:
the read length < requested size in DFU_UPLOAD and the
transaction is stopped.
That avoid infinite loop issue in dfu_read_buffer_fill because the
size for the DFU read is limited by get_medium_size = r_left
and the DFU stack expects that read is allowed up to this size.
This issue never occurs for current flash device (where chunk are
always completely read, and b_left will be never 0) but it is useful for
virtual partition when the backend only know the max size of this
alternate, the real size of the data are only known in the read
treatment.
PS: for file access on mmc, EOF is never reached as
dfu_get_medium_size_mmc returns the exact size of the file.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Add support of DFU for several interface/device
with one command.
The format for "dfu_alt_info" in this case is :
- <interface> <dev>'='alternate list (';' separated)
- each interface is separated by '&'
The previous behavior is always supported.
One example for NOR (bootloaders) + NAND (rootfs in UBI):
U-Boot> env set dfu_alt_info \
"sf 0:0:10000000:0=spl part 0 1;u-boot part 0 2; \
u-boot-env part 0 3&nand 0=UBI partubi 0,3"
U-Boot> dfu 0 list
DFU alt settings list:
dev: SF alt: 0 name: spl layout: RAW_ADDR
dev: SF alt: 1 name: ssbl layout: RAW_ADDR
dev: SF alt: 2 name: u-boot-env layout: RAW_ADDR
dev: NAND alt: 3 name: UBI layout: RAW_ADDR
U-Boot> dfu 0
$> dfu-util -l
Found DFU: [0483:5720] ver=9999, devnum=96, cfg=1,\
intf=0, alt=3, name="UBI", serial="002700333338511934383330"
Found DFU: [0483:5720] ver=9999, devnum=96, cfg=1,\
intf=0, alt=2, name="u-boot-env", serial="002700333338511934383330"
Found DFU: [0483:5720] ver=9999, devnum=96, cfg=1,\
intf=0, alt=1, name="u-boot", serial="002700333338511934383330"
Found DFU: [0483:5720] ver=9999, devnum=96, cfg=1,\
intf=0, alt=0, name="spl", serial="002700333338511934383330"
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
It might be useful for user to see some human-readable root cause
message in addition to "configuration failed" message, so that the issue
can be fixed quickly.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
In case of error in dfu_init_env_entities(), env_bkp will leak. Fix it
by providing single return path.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Commit 5d8fae7916 ("dfu: avoid memory leak") brings a regression which
described below. This patch is effectively reverting that commit, adding
corresponding comment to avoid such regressions in future.
In case of error in dfu_config_entities(), it frees "dfu" array, which
leads to "data abort" in dfu_free_entities(), which tries to free the
same array (and even tries to access it from linked list first). The
issue occurs e.g. when partition table on device does not match
$dfu_alt_info layout:
=> dfu 0 mmc 1
Couldn't find part #2 on mmc device #1
DFU entities configuration failed!
data abort
To fix this issue, do not free "dfu" array in dfu_config_entities(). It
will be freed later in dfu_free_entities().
Tested on BeagleBone Black (where this regression was originally found).
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
U-Boot widely uses error() as a bit noisier variant of printf().
This macro causes name conflict with the following line in
include/linux/compiler-gcc.h:
# define __compiletime_error(message) __attribute__((error(message)))
This prevents us from using __compiletime_error(), and makes it
difficult to fully sync BUILD_BUG macros with Linux. (Notice
Linux's BUILD_BUG_ON_MSG is implemented by using compiletime_assert().)
Let's convert error() into now treewide-available pr_err().
Done with the help of Coccinelle, excluing tools/ directory.
The semantic patch I used is as follows:
// <smpl>
@@@@
-error
+pr_err
(...)
// </smpl>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
[trini: Re-run Coccinelle]
Signed-off-by: Tom Rini <trini@konsulko.com>
We are now using an env_ prefix for environment functions. Rename these
two functions for consistency. Also add function comments in common.h.
Quite a few places use getenv() in a condition context, provoking a
warning from checkpatch. These are fixed up in this patch also.
Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>
- factorize code between read and write transaction
- always use dfu_transaction_cleanup() to initialize
the internal variable: easy maintenance
- replace direct access by dfu_get_buf() and dfu_get_buf_size()
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change long (32 bits on arm) to u64 (same type than offset)
for size and read offset r_left
So partition and device used for DFU can be greater than 4GB
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
solve issue on get_medium_size() function
the detection of error is a simple test < 0
but for ARM platform, long is 32bits and 2GB = 0x80000000
is seen as error.
I solve the issue by changing the prototype fo the function
to separate size and result.
This patch prepare the next patch with size change to u64.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
The SPL-DFU feature enable to load and
execute u-boot from RAM over usb from
PC using dfu-util.
Hence dfu-reset should not be issued
when dfu-util -R switch is issued.
Signed-off-by: Ravi Babu <ravibabu@ti.com>
When dfu_fill_entity fail, need to free dfu to avoid memory leak.
Reported by Coverity:
"
Resource leak (RESOURCE_LEAK)
leaked_storage: Variable dfu going out of scope leaks the storage
it points to.
"
Signed-off-by: Peng Fan <van.freenix@gmail.com>
Cc: "Łukasz Majewski" <l.majewski@samsung.com>
Cc: Marek Vasut <marex@denx.de>
When writing to files in a filesystem on MMC, dfu_mmc.c buffers up the
entire file content until the end of the transaction, at which point the
file is written in one go. This allows writing files larger than the USB
transfer size (CONFIG_SYS_DFU_DATA_BUF_SIZE); the maximum written file
size is CONFIG_SYS_DFU_MAX_FILE_SIZE (the size of the temporary buffer).
The current file reading code does not do any buffering, and so limits
the maximum read file size to the USB transfer size. Enhance the code to
do the same kind of buffering as the write path, so the same file size
limits apply.
Remove the size checking code from dfu_read() since all read paths now
support larger files than the USB transfer buffer.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
DFU currently allocates buffer memory at the start of each data transfer
operation and frees it at the end. Especially since memalign() is used to
allocate the buffer, and various other allocations happen during the
transfer, this can expose the code to heap fragmentation, which prevents
the allocation from succeeding on subsequent transfers.
Fix the code to allocate the buffer once when DFU mode is initialized,
and free the buffer once when DFU mode is exited, to reduce the exposure
to heap fragmentation.
The failure mode is:
// Internally to memalign(), this allocates a lot more than s to guarantee
// that alignment can occur, then returns chunks of memory at the start/
// end of the allocated buffer to the heap.
p = memalign(a, s);
// Various other malloc()s occur here, some of which allocate the RAM
// immediately before/after "p".
//
// DFU transfer is complete, so buffer is released.
free(p);
// By chance, no other malloc()/free() here, in DFU at least.
//
// A new DFU transfer starts, so the buffer is allocated again.
// In theory this should succeed since we just free()d a buffer of the
// same size. However, this fails because memalign() internally attempts
// to allocate much more than "s", yet free(p) above only free()d a
// little more than "s".
p = memalign(a, s);
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
This function allows writing via DFU data stored from fixed buffer address
(like e.g. loadaddr env variable).
Such predefined buffers are used in the update_tftp() code. In fact this
function is a wrapper on the dfu_write() and dfu_flush().
Signed-off-by: Lukasz Majewski <l.majewski@majess.pl>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
After extension of the dfu_get_buf() to also setup (implicitly) the dfu_buf_size
variable it is not needed to set dfu_buf_size to CONFIG_SYS_DFU_DATA_BUF_SIZE.
This variable is set in the dfu_get_buf() by not only considering
CONFIG_SYS_DFU_DATA_BUF but more importantly the "dfu_bufsiz" env variable.
Therefore, dfu_get_buf() should be used for initialization.
Signed-off-by: Lukasz Majewski <l.majewski@majess.pl>
Reviewed-by: Przemyslaw Marczak <p.marczak@samsung.com>
Use %p to print pointers.
The max value of (i_buf - i_buf_start) should be dfu_buf_size, which is
an unsigned long, so cast the pointer difference to that type to print.
Change-Id: Iee242df9f8eb091aecfe0cea4c282b28b547acfe
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
This common call can be used for setting proper entities based
on dfu command arguments.
The config: CONFIG_SET_DFU_ALT_INFO, was used only for few configs,
and now it is common.
The board file should implement:
- set_dfu_alt_info() function
Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
[Test HW: Odroid U3 (Exynos 4412)]
In function dfu_get_buf(), the size of allocated buffer could
be defined by the env variable. The size from this variable
was passed for memalign() without checking its value.
And the the memalign will return non null pointer for size 0.
This could possibly cause data abort, so now the value of var
is checked before use. And if this variable is set to 0 then
the default size will be used.
This commit also changes the base passed to simple_strtoul()
to 0. Now decimal and hex values can be used for the variable
dfu_bufsiz.
Signed-off-by: Przemyslaw Marczak <p.marczak@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
[TestHW: Exynos4412-Trats2]
In order to add detach functions for fastboot, make the DFU detach related
functions common so they can be shared.
Signed-off-by: Rob Herring <robh@kernel.org>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
[TestHW: Exynos4412-Trats2]
U-Boot has never cared about the type when we get max/min of two
values, but Linux Kernel does. This commit gets min, max, min3, max3
macros synced with the kernel introducing type checks.
Many of references of those macros must be fixed to suppress warnings.
We have two options:
- Use min, max, min3, max3 only when the arguments have the same type
(or add casts to the arguments)
- Use min_t/max_t instead with the appropriate type for the first
argument
Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Pavel Machek <pavel@denx.de>
Acked-by: Lukasz Majewski <l.majewski@samsung.com>
Tested-by: Lukasz Majewski <l.majewski@samsung.com>
[trini: Fixup arch/blackfin/lib/string.c]
Signed-off-by: Tom Rini <trini@ti.com>
Recently the ext4 file system imposed passing absolute path with its file
name parameter.
As a result dfu_alt_info env variable has been modified to provide absolute
path when ext4 file system is accessed (e.g. /uImage ext4 0 2;).
Unfortunately, lthor flashing program provides plain file name (like uImage)
and hence those two file names do not match anymore.
Presented commit also allows lthor to write files to sub directories (like
/boot/bin/uImage).
Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Reviewed-by: Marek Vasut <marex@denx.de>
This commit provides distinction between DFU device detach and reset.
The -R behavior is preserved with proper handling of the dfu-util's -e
switch, which detach the DFU device.
By running dfu-util -e; one can force device to finish the execution of
dfu command on target and execute some other scripted commands.
Moreover, some naming has been changed - the dfu_reset() method now is known
as dfu_detach(). New name better reflects the purpose of the code.
It was also necessary to increase the number of usb_gadget_handle_interrupts()
calls since we also must wait for detection of the USB reset event.
Example usage:
1. -e (detach) switch
dfu-util -a0 -D file1.bin;dfu-util -a3 -D uImage;dfu-util -e
access to u-boot prompt.
2. -R (reset) switch
dfu-util -a0 -D file1.bin;dfu-util -R -a3 -D uImage
target board reset
Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Reviewed-by: Stephen Warren <swarren@nvidia.com>
Tested-by: Stephen Warren <swarren@nvidia.com>
The buffer is too small if it's < size to read, not if it's <= the size.
This fixes the 1MB test case on Tegra, which has a 1MB buffer.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This allows the backend to free any resources allocated during the
relevant dfu_fill_entity_*() call. This will soon be used by the
SF backend.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
CONFIG_SYS_DFU_DATA_BUF_SIZE may be large to allow for FAT/ext layouts
to transfer large files. However, this means that individual write
operations will take a long time. Allow backends to specify a maximum
buffer size, so that each write operation is limited to a smaller data
block. This prevents the DFU protocol from timing out when e.g. writing
to SPI flash. I would guess that NAND might benefit from setting this
value too, but I can't test that.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Devices are not all identified by a single integer. To support
this, defer the parsing of the device string to the IO backed, so that
it can apply the appropriate rules.
SPI devices are specified as controller:chip_select. SPI/SF support will
be added soon.
MMC devices can also be specified as controller[.hwpart][:partition] in
many commands, although we don't support that syntax in DFU.
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Fix calls to dfu_write() and dfu_flush() to detect errors in the I/O
itself. This could happen due to problems with the storage medium, or
simply when trying to write a FAT/ext file that is larger than the buffer
dfu_mmc.c maintains for this purpose.
Signal the error by switching the DFU state/status. This will be picked
up by the DFU client when it sends the next DFU request. Note that errors
can't simply be returned from e.g. dnload_request_complete(), since that
function has no way to pass errors back to the DFU client; a call to
dnload_request_complete() simply means that a USB OUT completed.
This error state/status needs to be cleared when the next DFU client
connects. While there is a DFU_CLRSTATUS request, no DFU client seems to
send this. Hence, clear this when selecting the USB alternate setting on
the USB interface.
Finally, dfu.c relies on a call to dfu_flush() to clear up the internal
state of the write transaction. Now that errors in dfu_write() are
detected, dfu_flush() may no longer be called for every transaction.
Separate out the cleanup code into a new function, and call it whenever
dfu_write() fails, as well as from any call to dfu_flush().
Signed-off-by: Stephen Warren <swarren@nvidia.com>
DFU read support appears to rely upon dfu->read_medium() updating the
passed-by-reference len parameter to indicate the remaining size
available for reading.
dfu_read_medium_mmc() never does this, and the implementation of
dfu_read_medium_nand() will only work if called just once; it hard-codes
the value to the total size of the NAND device irrespective of read
offset.
I believe that overloading dfu->read_medium() is confusing. As such,
this patch introduces a new function dfu->get_medium_size() which can
be used to explicitly find out the medium size, and nothing else.
dfu_read() is modified to use this function to set the initial value for
dfu->r_left, rather than attempting to use the side-effects of
dfu->read_medium() for this purpose.
Due to this change, dfu_read() must initially set dfu->b_left to 0, since
no data has been read.
dfu_read_buffer_fill() must also be modified not to adjust dfu->r_left
when simply copying data from dfu->i_buf_start to the upload request
buffer. r_left represents the amount of data left to be read from HW.
That value is not affected by the memcpy(), but only by calls to
dfu->read_medium().
After this change, I can read from either a 4MB or 1.5MB chunk of a 4MB
eMMC boot partion with CONFIG_SYS_DFU_DATA_BUF_SIZE==1MB. Without this
change, attempting to do that would result in DFU read returning no data
at all due to r_left never being set.
Signed-off-by: Stephen Warren <swarren@nvidia.com>