usb: kbd: Prevent out of bound access
[platform/kernel/u-boot.git] / common / fb_mmc.c
1 /*
2  * Copyright 2014 Broadcom Corporation.
3  *
4  * SPDX-License-Identifier:     GPL-2.0+
5  */
6
7 #include <config.h>
8 #include <common.h>
9 #include <errno.h>
10 #include <fastboot.h>
11 #include <fb_mmc.h>
12 #include <image-sparse.h>
13 #include <part.h>
14 #include <sparse_format.h>
15 #include <mmc.h>
16 #include <div64.h>
17
18 #ifndef CONFIG_FASTBOOT_GPT_NAME
19 #define CONFIG_FASTBOOT_GPT_NAME GPT_ENTRY_NAME
20 #endif
21
22 static char *response_str;
23
24 struct fb_mmc_sparse {
25         block_dev_desc_t        *dev_desc;
26 };
27
28 static int get_partition_info_efi_by_name_or_alias(block_dev_desc_t *dev_desc,
29                 const char *name, disk_partition_t *info)
30 {
31         int ret;
32
33         ret = get_partition_info_efi_by_name(dev_desc, name, info);
34         if (ret) {
35                 /* strlen("fastboot_partition_alias_") + 32(part_name) + 1 */
36                 char env_alias_name[25 + 32 + 1];
37                 char *aliased_part_name;
38
39                 /* check for alias */
40                 strcpy(env_alias_name, "fastboot_partition_alias_");
41                 strncat(env_alias_name, name, 32);
42                 aliased_part_name = getenv(env_alias_name);
43                 if (aliased_part_name != NULL)
44                         ret = get_partition_info_efi_by_name(dev_desc,
45                                         aliased_part_name, info);
46         }
47         return ret;
48 }
49
50
51 static int fb_mmc_sparse_write(struct sparse_storage *storage,
52                                void *priv,
53                                unsigned int offset,
54                                unsigned int size,
55                                char *data)
56 {
57         struct fb_mmc_sparse *sparse = priv;
58         block_dev_desc_t *dev_desc = sparse->dev_desc;
59         int ret;
60
61         ret = dev_desc->block_write(dev_desc, offset, size, data);
62         if (!ret)
63                 return -EIO;
64
65         return ret;
66 }
67
68 static void write_raw_image(block_dev_desc_t *dev_desc, disk_partition_t *info,
69                 const char *part_name, void *buffer,
70                 unsigned int download_bytes)
71 {
72         lbaint_t blkcnt;
73         lbaint_t blks;
74
75         /* determine number of blocks to write */
76         blkcnt = ((download_bytes + (info->blksz - 1)) & ~(info->blksz - 1));
77         blkcnt = lldiv(blkcnt, info->blksz);
78
79         if (blkcnt > info->size) {
80                 error("too large for partition: '%s'\n", part_name);
81                 fastboot_fail(response_str, "too large for partition");
82                 return;
83         }
84
85         puts("Flashing Raw Image\n");
86
87         blks = dev_desc->block_write(dev_desc, info->start, blkcnt, buffer);
88         if (blks != blkcnt) {
89                 error("failed writing to device %d\n", dev_desc->dev);
90                 fastboot_fail(response_str, "failed writing to device");
91                 return;
92         }
93
94         printf("........ wrote " LBAFU " bytes to '%s'\n", blkcnt * info->blksz,
95                part_name);
96         fastboot_okay(response_str, "");
97 }
98
99 void fb_mmc_flash_write(const char *cmd, unsigned int session_id,
100                         void *download_buffer, unsigned int download_bytes,
101                         char *response)
102 {
103         block_dev_desc_t *dev_desc;
104         disk_partition_t info;
105
106         /* initialize the response buffer */
107         response_str = response;
108
109         dev_desc = get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
110         if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) {
111                 error("invalid mmc device\n");
112                 fastboot_fail(response_str, "invalid mmc device");
113                 return;
114         }
115
116         if (strcmp(cmd, CONFIG_FASTBOOT_GPT_NAME) == 0) {
117                 printf("%s: updating MBR, Primary and Backup GPT(s)\n",
118                        __func__);
119                 if (is_valid_gpt_buf(dev_desc, download_buffer)) {
120                         printf("%s: invalid GPT - refusing to write to flash\n",
121                                __func__);
122                         fastboot_fail(response_str, "invalid GPT partition");
123                         return;
124                 }
125                 if (write_mbr_and_gpt_partitions(dev_desc, download_buffer)) {
126                         printf("%s: writing GPT partitions failed\n", __func__);
127                         fastboot_fail(response_str,
128                                       "writing GPT partitions failed");
129                         return;
130                 }
131                 printf("........ success\n");
132                 fastboot_okay(response_str, "");
133                 return;
134         } else if (get_partition_info_efi_by_name_or_alias(dev_desc, cmd, &info)) {
135                 error("cannot find partition: '%s'\n", cmd);
136                 fastboot_fail(response_str, "cannot find partition");
137                 return;
138         }
139
140         if (is_sparse_image(download_buffer)) {
141                 struct fb_mmc_sparse sparse_priv;
142                 sparse_storage_t sparse;
143
144                 sparse_priv.dev_desc = dev_desc;
145
146                 sparse.block_sz = info.blksz;
147                 sparse.start = info.start;
148                 sparse.size = info.size;
149                 sparse.name = cmd;
150                 sparse.write = fb_mmc_sparse_write;
151
152                 printf("Flashing sparse image at offset " LBAFU "\n",
153                        info.start);
154
155                 store_sparse_image(&sparse, &sparse_priv, session_id,
156                                    download_buffer);
157         } else {
158                 write_raw_image(dev_desc, &info, cmd, download_buffer,
159                                 download_bytes);
160         }
161
162         fastboot_okay(response_str, "");
163 }
164
165 void fb_mmc_erase(const char *cmd, char *response)
166 {
167         int ret;
168         block_dev_desc_t *dev_desc;
169         disk_partition_t info;
170         lbaint_t blks, blks_start, blks_size, grp_size;
171         struct mmc *mmc = find_mmc_device(CONFIG_FASTBOOT_FLASH_MMC_DEV);
172
173         if (mmc == NULL) {
174                 error("invalid mmc device");
175                 fastboot_fail(response_str, "invalid mmc device");
176                 return;
177         }
178
179         /* initialize the response buffer */
180         response_str = response;
181
182         dev_desc = get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
183         if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) {
184                 error("invalid mmc device");
185                 fastboot_fail(response_str, "invalid mmc device");
186                 return;
187         }
188
189         ret = get_partition_info_efi_by_name_or_alias(dev_desc, cmd, &info);
190         if (ret) {
191                 error("cannot find partition: '%s'", cmd);
192                 fastboot_fail(response_str, "cannot find partition");
193                 return;
194         }
195
196         /* Align blocks to erase group size to avoid erasing other partitions */
197         grp_size = mmc->erase_grp_size;
198         blks_start = (info.start + grp_size - 1) & ~(grp_size - 1);
199         if (info.size >= grp_size)
200                 blks_size = (info.size - (blks_start - info.start)) &
201                                 (~(grp_size - 1));
202         else
203                 blks_size = 0;
204
205         printf("Erasing blocks " LBAFU " to " LBAFU " due to alignment\n",
206                blks_start, blks_start + blks_size);
207
208         blks = dev_desc->block_erase(dev_desc, blks_start, blks_size);
209         if (blks != blks_size) {
210                 error("failed erasing from device %d", dev_desc->dev);
211                 fastboot_fail(response_str, "failed erasing from device");
212                 return;
213         }
214
215         printf("........ erased " LBAFU " bytes from '%s'\n",
216                blks_size * info.blksz, cmd);
217         fastboot_okay(response_str, "");
218 }