[U-Boot] [PATCH v5 2/2] common: Generic firmware loader for file system

Lothar Waßmann LW at KARO-electronics.de
Thu Dec 21 15:08:45 UTC 2017


Hi,

On Thu, 21 Dec 2017 12:48:53 +0000 Chee, Tien Fong wrote:
> On Kha, 2017-12-21 at 12:53 +0100, Lothar Waßmann wrote:
> > Hi,
> > 
> > On Thu, 21 Dec 2017 09:36:41 +0000 Chee, Tien Fong wrote:
> > > 
> > > On Kha, 2017-12-21 at 09:48 +0100, Lothar Waßmann wrote:
> > > > 
> > > > Hi,
> > > > 
> > > > On Thu, 21 Dec 2017 15:25:29 +0800 tien.fong.chee at intel.com
> > > > wrote:
> > > > > 
> > > > > 
> > > > > From: Tien Fong Chee <tien.fong.chee at intel.com>
> > > > > 
> > > > > This is file system generic loader which can be used to load
> > > > > the file image from the storage into target such as memory.
> > > > > The consumer driver would then use this loader to program
> > > > > whatever,
> > > > > ie. the FPGA device.
> > > > > 
> > > > > Signed-off-by: Tien Fong Chee <tien.fong.chee at intel.com>
> > > > > ---
> > > > >  common/Makefile            |   1 +
> > > > >  common/fs_loader.c         | 311
> > > > > +++++++++++++++++++++++++++++++++++++++++++++
> > > > >  doc/README.firmware_loader |  76 +++++++++++
> > > > >  include/fs_loader.h        |  28 ++++
> > > > >  4 files changed, 416 insertions(+)
> > > > >  create mode 100644 common/fs_loader.c
> > > > >  create mode 100644 doc/README.firmware_loader
> > > > >  create mode 100644 include/fs_loader.h
> > > > > 
> > > > > diff --git a/common/Makefile b/common/Makefile
> > > > > index cec506f..2934221 100644
> > > > > --- a/common/Makefile
> > > > > +++ b/common/Makefile
> > > > > @@ -130,3 +130,4 @@ obj-$(CONFIG_CMD_DFU) += dfu.o
> > > > >  obj-y += command.o
> > > > >  obj-y += s_record.o
> > > > >  obj-y += xyzModem.o
> > > > > +obj-y += fs_loader.o
> > > > > diff --git a/common/fs_loader.c b/common/fs_loader.c
> > > > > new file mode 100644
> > > > > index 0000000..ddfce58
> > > > > --- /dev/null
> > > > > +++ b/common/fs_loader.c
> > > > > @@ -0,0 +1,311 @@
> > > > > +/*
> > > > > + * Copyright (C) 2017 Intel Corporation <www.intel.com>
> > > > > + *
> > > > > + * SPDX-License-Identifier:    GPL-2.0
> > > > > + */
> > > > > +
> > > > > +#include <common.h>
> > > > > +#include <errno.h>
> > > > > +#include <fs.h>
> > > > > +#include <fs_loader.h>
> > > > > +#include <nand.h>
> > > > > +#include <sata.h>
> > > > > +#include <spi.h>
> > > > > +#include <spi_flash.h>
> > > > > +#include <spl.h>
> > > > > +#include <linux/string.h>
> > > > > +#include <usb.h>
> > > > > +
> > > > > +struct firmware_priv {
> > > > > +	const char *name;	/* Filename */
> > > > > +	u32 offset;		/* Offset of reading a file
> > > > > */
> > > > > +};
> > > > > +
> > > > > +static struct device_location default_locations[] = {
> > > > > +	{
> > > > > +		.name = "mmc",
> > > > > +		.devpart = "0:1",
> > > > > +	},
> > > > > +	{
> > > > > +		.name = "usb",
> > > > > +		.devpart = "0:1",
> > > > > +	},
> > > > > +	{
> > > > > +		.name = "sata",
> > > > > +		.devpart = "0:1",
> > > > > +	},
> > > > > +};
> > > > > +
> > > > > +/* USB build is not supported yet in SPL */
> > > > > +#ifndef CONFIG_SPL_BUILD
> > > > > +#ifdef CONFIG_USB_STORAGE
> > > > > +static int init_usb(void)
> > > > > +{
> > > > > +	int err;
> > > > > +
> > > > > +	err = usb_init();
> > > > > +	if (err)
> > > > > +		return err;
> > > > > +
> > > > > +#ifndef CONFIG_DM_USB
> > > > > +	err = usb_stor_scan(1) < 0 ? -ENODEV : 0;
> > > > > +#endif
> > > > > +
> > > > > +	return err;
> > > > > +}
> > > > > +#else
> > > > > +static int init_usb(void)
> > > > > +{
> > > > > +	printf("Error: Cannot load flash image: no USB
> > > > > support\n");
> > > > > +	return -ENOSYS;
> > > > > +}
> > > > > +#endif
> > > > > +#endif
> > > > > +
> > > > > +#ifdef CONFIG_SATA
> > > > > +static int init_storage_sata(void)
> > > > > +{
> > > > > +	return sata_probe(0);
> > > > > +}
> > > > > +#else
> > > > > +static int init_storage_sata(void)
> > > > > +{
> > > > > +	printf("Error: Cannot load image: no SATA support\n");
> > > > > +	return -ENOSYS;
> > > > > +}
> > > > > +#endif
> > > > > +
> > > > > +#ifdef CONFIG_CMD_UBIFS
> > > > > +static int mount_ubifs(struct device_location *location)
> > > > > +{
> > > > > +	int ret;
> > > > > +	char cmd[32];
> > > > > +
> > > > > +	sprintf(cmd, "ubi part %s", location->mtdpart);
> > > > > +
> > > > > +	ret = run_command(cmd, 0);
> > > > > +	if (ret)
> > > > > +		return ret;
> > > > > +
> > > > > +	sprintf(cmd, "ubifsmount %s", location->ubivol);
> > > > > +
> > > > > +	ret = run_command(cmd, 0);
> > > > > +
> > > > > +	return ret;
> > > > > +}
> > > > > +
> > > > > +static int umount_ubifs(void)
> > > > > +{
> > > > > +	return run_command("ubifsumount", 0);
> > > > > +}
> > > > > +#else
> > > > > +static int mount_ubifs(struct device_location *location)
> > > > > +{
> > > > > +	printf("Error: Cannot load image: no UBIFS
> > > > > support\n");
> > > > > +	return -ENOSYS;
> > > > > +}
> > > > > +#endif
> > > > > +
> > > > > +#if defined(CONFIG_SPL_MMC_SUPPORT) &&
> > > > > defined(CONFIG_SPL_BUILD)
> > > > > +static int init_mmc(void)
> > > > > +{
> > > > > +	/* Just for the case MMC is not yet initialized */
> > > > > +	struct mmc *mmc = NULL;
> > > > > +	int err;
> > > > > +
> > > > > +	spl_mmc_find_device(&mmc, spl_boot_device());
> > > > > +
> > > > > +	err = mmc_init(mmc);
> > > > > +	if (err) {
> > > > > +		printf("spl: mmc init failed with error:
> > > > > %d\n",
> > > > > err);
> > > > > +		return err;
> > > > > +	}
> > > > > +
> > > > > +	return err;
> > > > > +}
> > > > > +#else
> > > > > +static int init_mmc(void)
> > > > > +{
> > > > > +	/* Expect somewhere already initialize MMC */
> > > > > +	return 0;
> > > > > +}
> > > > > +#endif
> > > > > +
> > > > > +static int select_fs_dev(struct device_location *location)
> > > > > +{
> > > > > +	int ret;
> > > > > +
> > > > > +	if (!strcmp("mmc", location->name)) {
> > > > > +		ret = fs_set_blk_dev("mmc", location->devpart,
> > > > > FS_TYPE_ANY);
> > > > > +	} else if (!strcmp("usb", location->name)) {
> > > > > +		ret = fs_set_blk_dev("usb", location->devpart,
> > > > > FS_TYPE_ANY);
> > > > > +	} else if (!strcmp("sata", location->name)) {
> > > > > +		ret = fs_set_blk_dev("sata", location-
> > > > > >devpart,
> > > > > FS_TYPE_ANY);
> > > > > +	} else if (!strcmp("ubi", location->name)) {
> > > > > +		if (location->ubivol != NULL)
> > > > > +			ret = fs_set_blk_dev("ubi", NULL,
> > > > > FS_TYPE_UBIFS);
> > > > > +		else
> > > > > +			ret = -ENODEV;
> > > > > +	} else {
> > > > > +		printf("Error: unsupported location
> > > > > storage.\n");
> > > > > +		return -ENODEV;
> > > > > +	}
> > > > > +
> > > > > +	if (ret)
> > > > > +		printf("Error: could not access storage.\n");
> > > > > +
> > > > > +	return ret;
> > > > > +}
> > > > > +
> > > > > +static int init_storage_device(struct device_location
> > > > > *location)
> > > > > +{
> > > > > +	int ret;
> > > > > +
> > > > > +	if (!strcmp("mmc", location->name)) {
> > > > > +		ret = init_mmc();
> > > > > +	} else if (!strcmp("sata", location->name)) {
> > > > > +		ret = init_storage_sata();
> > > > > +	} else if (location->ubivol != NULL) {
> > > > > +		ret = mount_ubifs(location);
> > > > > +#ifndef CONFIG_SPL_BUILD
> > > > > +	/* USB build is not supported yet in SPL */
> > > > > +	} else if (!strcmp("usb", location->name)) {
> > > > > +		ret = init_usb();
> > > > > +#endif
> > > > > +	} else {
> > > > > +		printf("Error: no supported storage device is
> > > > > available.\n");
> > > > > +		ret = -ENODEV;
> > > > > +	}
> > > > > +
> > > > > +	return ret;
> > > > > +}
> > > > > +
> > > > > +static void set_storage_devpart(char *name, char *devpart)
> > > > > +{
> > > > > +	size_t i;
> > > > > +
> > > > > +	for (i = 0; i < ARRAY_SIZE(default_locations); i++) {
> > > > > +		if (!strcmp(default_locations[i].name, name))
> > > > > +			default_locations[i].devpart =
> > > > > devpart;
> > > > > +	}
> > > > > +}
> > > > > +
> > > > > +/*
> > > > > + * Prepare firmware struct;
> > > > > + * return -ve if fail.
> > > > > + */
> > > > > +static int _request_firmware_prepare(struct firmware
> > > > > **firmware_p,
> > > > > +				     const char *name, void
> > > > > *dbuf,
> > > > > +				     size_t size, u32 offset)
> > > > > +{
> > > > > +	struct firmware *firmware;
> > > > > +	struct firmware_priv *fw_priv;
> > > > > +
> > > > > +	*firmware_p = NULL;
> > > > > +
> > > > > +	if (!name || name[0] == '\0')
> > > > > +		return -EINVAL;
> > > > > +
> > > > > +	firmware = calloc(1, sizeof(*firmware));
> > > > > +	if (!firmware) {
> > > > > +		printf("%s: calloc(struct firmware) failed\n",
> > > > > __func__);
> > > > > +		return -ENOMEM;
> > > > > +	}
> > > > > +
> > > > > +	fw_priv = calloc(1, sizeof(*fw_priv));
> > > > > +	if (!fw_priv) {
> > > > > +		printf("%s: calloc(struct fw_priv) failed\n",
> > > > > __func__);
> > > > > +		free(firmware);
> > > > > +		return -ENOMEM;
> > > > > +	}
> > > > > +
> > > > > +	fw_priv->name = name;
> > > > > +	fw_priv->offset = offset;
> > > > > +	firmware->data = dbuf;
> > > > > +	firmware->size = size;
> > > > > +	firmware->priv = fw_priv;
> > > > > +	*firmware_p = firmware;
> > > > > +
> > > > > +	return 0;
> > > > > +}
> > > > > +
> > > > > +/*
> > > > > + * fw_get_filesystem_firmware - load firmware into an
> > > > > allocated
> > > > > buffer
> > > > > + * @location: An array of supported firmware location
> > > > > + * @firmware_p: pointer to firmware image
> > > > > + *
> > > > > + * @return: size of total read
> > > > > + *	    -ve when error
> > > > > + */
> > > > > +static int fw_get_filesystem_firmware(struct device_location
> > > > > *location,
> > > > > +				      struct firmware
> > > > > *firmware_p)
> > > > > +{
> > > > > +	struct firmware_priv *fw_priv = NULL;
> > > > > +	loff_t actread;
> > > > > +	char *dev_part;
> > > > > +	int ret;
> > > > > +
> > > > > +	dev_part = env_get("fw_dev_part");
> > > > > +	if (dev_part)
> > > > > +		set_storage_devpart(location->name, dev_part);
> > > > > +
> > > > > +	ret = init_storage_device(location);
> > > > > +	if (ret)
> > > > > +		goto out;
> > > > > +
> > > > > +	select_fs_dev(location);
> > > > > 
> > > > 'ret = ' is missing.
> > > > 
> > > Okay.
> > > > 
> > > > > 
> > > > > 
> > > > > +	if (ret)
> > > > > +		goto out;
> > > > > +
> > > > > +	fw_priv = firmware_p->priv;
> > > > > +
> > > > > +	ret = fs_read(fw_priv->name, (ulong)firmware_p->data,
> > > > > fw_priv->offset,
> > > > > +		     firmware_p->size, &actread);
> > > > > +
> > > > > +	if (ret) {
> > > > > +		printf("Error: %d Failed to read %s from flash
> > > > > %lld != %d.\n",
> > > > > +		      ret, fw_priv->name, actread, firmware_p-
> > > > > > 
> > > > > > size);
> > > > > +		return ret;
> > > > Y
> > > > Shouldn't this be 'goto out', do do the umount_ubifs() as in all
> > > > other
> > > > error cases?
> > > > 
> > > okay.
> > > > 
> > > > > 
> > > > > 
> > > > > +	} else {
> > > > > +		ret = actread;
> > > > > +	}
> > > > > 
> > > > What if actread != firmware_p->size?
> > > > You handled it as an error before, now you happily return the
> > > > number
> > > > of
> > > > bytes read in case of a short read.
> > > > Operation not permitted
> > > May be i misunderstand on ur previosly comment. There is not much
> > > 
> > My comment was about returning -EPERM in this case.
> > First of all you discarded the possible error code returned from
> > fs_read() and secondly -EIO would be more appropriate than EPERM in
> > case of reading less data than expected. 
> > 
> One of the reason I prefer to use -EIO instead of return from fs_read,
> because i'm not sure when "actread != firmware_p->size", the return
> from the fs_read is still -ve or not.
> 
The return code of fs_read() could be for example -ENOENT, if the file
you try to load does not exist. Replacing it with -EIO will mislead
users about the cause of the error.
Thus, if fs_read()'s return code is < 0, you should return that!
If it is zero and you decide to treat actread =! firmware_p->size as an
error, you should return -EIO only in that case!

> > > 
> > > description on fd_read, i just knowing that -ve is error from
> > > function
> > > based on other example codes in U-Boot as they check the error with
> > > "ret < 0" or "ret != 0". "actread != firmware_p->size" is the
> > > additonal
> > > checking i added myself because when i digging to the code, i found
> > > that such condition only with error printf inside the function
> > > without
> > > any error code return. So, i am not sure when "actread !=
> > > firmware_p-
> > > > 
> > > > size", the ret would be -ve too.
> > If 'size' is the actual size of the caller provided buffer and not
> > the
> > exact size of the firmware to be loaded, the condition actread !=
> > size
> > would not be an error at all.
> > If 'size' designates the exact size of the firmware, that the caller
> > may know by other means, it is obviously an error if actread != size.
> > Since you treated actread != size as an error in your original patch
> > I
> > assumed the latter case.
> > 
> The size here refer to the size of firmware or chunk of firmware to
> read when the buffer is smaller than firmware.
> 
OK. In that case, you should not print a message when actread !=
firmware_p->size, since fs_read will have already printed a message due
to this.

> > AFAICT Linux uses the first semantics ('size' specifies the size of
> > the
> > caller provided buffer as an upper limit for the read() call and not
> > the exact amount of data to be read).
> > Unfortunately the fs_read() semantics is fundamentally broken as it
> > interprets 'size == 0' as 'read as much data as you can get' which
> > may
> > easily lead to buffer overflows and prints a very unhelpful error
> > message "<filename> shorter than offset + len" in case 'size' does
> > not
> > match the actual amount of data read. 
> > 
> > You should also consider what happens, if the firmware file you read
> > is
> > larger than the buffer you provided, as in that case fs_read() will
> > stop reading at the provided buffer size and you won't be able to
> > notice, that the file was not completely loaded!
> > 
> I prefer to let the caller handles this, because this function can be
> used to read the firmware chunk by chunk when the allocated buffer is
> smaller than firmware.
>
So, the caller should also check, whether the return value of the
function matches the requested size and you should omit the special
handling of actread != firmware_p->size in fw_get_filesystem_firmware()
(as you did in the current version of your patch).



Lothar Waßmann


More information about the U-Boot mailing list