[PATCH v14 03/15] FWU: Add FWU metadata access driver for GPT partitioned block devices
Sughosh Ganu
sughosh.ganu at linaro.org
Wed Oct 19 07:02:58 CEST 2022
hi Ilias,
On Tue, 18 Oct 2022 at 20:38, Ilias Apalodimas
<ilias.apalodimas at linaro.org> wrote:
>
> Hi Sughosh,
>
> [...]
>
> > +};
> > +
> > +static int gpt_get_mdata_partitions(struct blk_desc *desc,
> > + uint mdata_parts[2])
> > +{
> > + int i, ret;
> > + u32 nparts;
> > + efi_guid_t part_type_guid;
> > + struct disk_partition info;
> > + const efi_guid_t fwu_mdata_guid = FWU_MDATA_GUID;
> > +
> > + nparts = 0;
> > + for (i = 1; i < MAX_SEARCH_PARTITIONS && nparts < 2; i++) {
>
> The 'nparts < 2' might hide an actual problem. Can we get rid of it and
> only rely on the test at the end?
What problem do you see with this policy? Basically what the logic
does is that it finds the first two metadata partitions, and returns.
As long as the same partitions are used on every boot (which they will
be), this should not be a problem. With the above logic the check ends
as soon as the two metadata partitions are detected.
>
> > + if (part_get_info(desc, i, &info))
> > + continue;
> > + uuid_str_to_bin(info.type_guid, part_type_guid.b,
> > + UUID_STR_FORMAT_GUID);
> > +
> > + if (!guidcmp(&fwu_mdata_guid, &part_type_guid)) {
> > + mdata_parts[nparts] = i;
> > + ++nparts;
> > + }
> > + }
> > +
> > + if (nparts != 2) {
> > + log_debug("Expect two copies of the FWU metadata instead of %d\n",
> > + nparts);
> > + ret = -EINVAL;
> > + } else {
> > + ret = 0;
> > + }
> > +
> > + return ret;
> > +}
> > +
> > +static int gpt_get_mdata_disk_part(struct blk_desc *desc,
> > + struct disk_partition *info,
> > + u32 part_num)
> > +{
> > + int ret;
> > + char *mdata_guid_str = "8a7a84a0-8387-40f6-ab41-a8b9a5a60d23";
> > +
> > + ret = part_get_info(desc, part_num, info);
> > + if (ret < 0) {
> > + log_debug("Unable to get the partition info for the FWU metadata part %d\n",
> > + part_num);
> > + return -ENOENT;
> > + }
> > +
> > + /* Check that it is indeed the FWU metadata partition */
> > + if (!strncmp(info->type_guid, mdata_guid_str, UUID_STR_LEN)) {
> > + /* Found the FWU metadata partition */
> > + return 0;
> > + }
>
> Drop the comment and {}
Okay
>
> > +
> > + return -ENOENT;
> > +}
> > +
> > +static int gpt_read_write_mdata(struct blk_desc *desc,
> > + struct fwu_mdata *mdata,
> > + u8 access, u32 part_num)
> > +{
> > + int ret;
> > + u32 len, blk_start, blkcnt;
> > + struct disk_partition info;
> > +
> > + ALLOC_CACHE_ALIGN_BUFFER_PAD(struct fwu_mdata, mdata_aligned, 1,
> > + desc->blksz);
> > +
> > + ret = gpt_get_mdata_disk_part(desc, &info, part_num);
> > + if (ret < 0) {
> > + printf("Unable to get the FWU metadata partition\n");
> > + return -ENOENT;
> > + }
> > +
> > + len = sizeof(*mdata);
> > + blkcnt = BLOCK_CNT(len, desc);
> > + if (blkcnt > info.size) {
> > + log_debug("Block count exceeds FWU metadata partition size\n");
> > + return -ERANGE;
> > + }
> > +
> > + blk_start = info.start;
> > + if (access == MDATA_READ) {
> > + if (blk_dread(desc, blk_start, blkcnt, mdata_aligned) != blkcnt) {
> > + log_debug("Error reading FWU metadata from the device\n");
> > + return -EIO;
> > + }
> > + memcpy(mdata, mdata_aligned, sizeof(struct fwu_mdata));
>
> I know we are using mdata in a 'controlled' way but I think it's better if
> we have a check against NULL in the top of the function
Yes, since the metadata is declared on the stack, this should not be
an issue. But it is better to check for it nonetheless. Will add the
check.
>
> > + } else {
> > + if (blk_dwrite(desc, blk_start, blkcnt, mdata) != blkcnt) {
> > + log_debug("Error writing FWU metadata to the device\n");
> > + return -EIO;
> > + }
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +static int fwu_gpt_update_mdata(struct udevice *dev, struct fwu_mdata *mdata)
> > +{
> > + int ret;
> > + struct blk_desc *desc;
> > + uint mdata_parts[2];
> > + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> > +
> > + desc = dev_get_uclass_plat(priv->blk_dev);
> > +
> > + ret = gpt_get_mdata_partitions(desc, mdata_parts);
> > + if (ret < 0) {
> > + log_debug("Error getting the FWU metadata partitions\n");
> > + return -ENOENT;
> > + }
> > +
> > + /* First write the primary partition */
> > + ret = gpt_read_write_mdata(desc, mdata, MDATA_WRITE, mdata_parts[0]);
> > + if (ret < 0) {
> > + log_debug("Updating primary FWU metadata partition failed\n");
> > + return ret;
> > + }
> > +
> > + /* And now the replica */
> > + ret = gpt_read_write_mdata(desc, mdata, MDATA_WRITE, mdata_parts[1]);
> > + if (ret < 0) {
> > + log_debug("Updating secondary FWU metadata partition failed\n");
> > + return ret;
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +static int gpt_get_mdata(struct blk_desc *desc, struct fwu_mdata *mdata)
> > +{
> > + int ret;
> > + uint mdata_parts[2];
> > +
> > + ret = gpt_get_mdata_partitions(desc, mdata_parts);
> > +
> > + if (ret < 0) {
> > + log_debug("Error getting the FWU metadata partitions\n");
> > + return -ENOENT;
> > + }
> > +
> > + ret = gpt_read_write_mdata(desc, mdata, MDATA_READ, mdata_parts[0]);
> > + if (ret < 0) {
> > + log_debug("Failed to read the FWU metadata from the device\n");
> > + return -EIO;
> > + }
> > +
> > + ret = fwu_verify_mdata(mdata, 1);
> > + if (!ret)
> > + return 0;
> > +
> > + /*
> > + * Verification of the primary FWU metadata copy failed.
> > + * Try to read the replica.
> > + */
> > + memset(mdata, '\0', sizeof(struct fwu_mdata));
> > + ret = gpt_read_write_mdata(desc, mdata, MDATA_READ, mdata_parts[1]);
> > + if (ret < 0) {
> > + log_debug("Failed to read the FWU metadata from the device\n");
> > + return -EIO;
> > + }
> > +
> > + ret = fwu_verify_mdata(mdata, 0);
> > + if (!ret)
> > + return 0;
>
> Can we move this before writing potentially bogus data to part 1 and just
> fail early?
No data is being written here. This is just reading a valid metadata
copy. If the first copy is not valid, the function tries reading the
second copy.
Thanks.
-sughosh
>
> > +
> > + /* Both the FWU metadata copies are corrupted. */
> > + return -EIO;
> > +}
> > +
> > +static int fwu_gpt_get_mdata(struct udevice *dev, struct fwu_mdata *mdata)
> > +{
> > + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> > +
> > + return gpt_get_mdata(dev_get_uclass_plat(priv->blk_dev), mdata);
> > +}
> > +
> > +static int fwu_gpt_get_mdata_partitions(struct udevice *dev, uint *mdata_parts)
> > +{
> > + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> > +
> > + return gpt_get_mdata_partitions(dev_get_uclass_plat(priv->blk_dev),
> > + mdata_parts);
> > +}
> > +
> > +static int fwu_gpt_read_mdata_partition(struct udevice *dev,
> > + struct fwu_mdata *mdata, uint part_num)
> > +{
> > + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> > +
> > + return gpt_read_write_mdata(dev_get_uclass_plat(priv->blk_dev),
> > + mdata, MDATA_READ, part_num);
> > +}
> > +
> > +static int fwu_gpt_write_mdata_partition(struct udevice *dev,
> > + struct fwu_mdata *mdata, uint part_num)
> > +{
> > + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> > +
> > + return gpt_read_write_mdata(dev_get_uclass_plat(priv->blk_dev),
> > + mdata, MDATA_WRITE, part_num);
> > +}
> > +
> > +static int fwu_get_mdata_device(struct udevice *dev, struct udevice **mdata_dev)
> > +{
> > + u32 phandle;
> > + int ret, size;
> > + struct udevice *parent;
> > + const fdt32_t *phandle_p = NULL;
> > +
> > + phandle_p = dev_read_prop(dev, "fwu-mdata-store", &size);
> > + if (!phandle_p) {
> > + log_debug("fwu-mdata-store property not found\n");
> > + return -ENOENT;
> > + }
> > +
> > + phandle = fdt32_to_cpu(*phandle_p);
> > +
> > + ret = device_get_global_by_ofnode(ofnode_get_by_phandle(phandle),
> > + &parent);
> > + if (ret)
> > + return ret;
> > +
> > + return blk_get_from_parent(parent, mdata_dev);
> > +}
> > +
> > +static int fwu_mdata_gpt_blk_probe(struct udevice *dev)
> > +{
> > + int ret;
> > + struct udevice *mdata_dev = NULL;
> > + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> > +
> > + ret = fwu_get_mdata_device(dev, &mdata_dev);
> > + if (ret)
> > + return ret;
> > +
> > + priv->blk_dev = mdata_dev;
> > +
> > + return 0;
> > +}
> > +
> > +static const struct fwu_mdata_ops fwu_gpt_blk_ops = {
> > + .get_mdata = fwu_gpt_get_mdata,
> > + .update_mdata = fwu_gpt_update_mdata,
> > + .get_mdata_part_num = fwu_gpt_get_mdata_partitions,
> > + .read_mdata_partition = fwu_gpt_read_mdata_partition,
> > + .write_mdata_partition = fwu_gpt_write_mdata_partition,
> > +};
> > +
> > +static const struct udevice_id fwu_mdata_ids[] = {
> > + { .compatible = "u-boot,fwu-mdata-gpt" },
> > + { }
> > +};
> > +
> > +U_BOOT_DRIVER(fwu_mdata_gpt_blk) = {
> > + .name = "fwu-mdata-gpt-blk",
> > + .id = UCLASS_FWU_MDATA,
> > + .of_match = fwu_mdata_ids,
> > + .ops = &fwu_gpt_blk_ops,
> > + .probe = fwu_mdata_gpt_blk_probe,
> > + .priv_auto = sizeof(struct fwu_mdata_gpt_blk_priv),
> > +};
> > diff --git a/include/fwu.h b/include/fwu.h
> > index 84c4ffacee..eb4ce19262 100644
> > --- a/include/fwu.h
> > +++ b/include/fwu.h
> > @@ -14,6 +14,10 @@
> > struct fwu_mdata;
> > struct udevice;
> >
> > +struct fwu_mdata_gpt_blk_priv {
> > + struct udevice *blk_dev;
> > +};
> > +
> > /**
> > * @mdata_check: check the validity of the FWU metadata partitions
> > * @get_mdata() - Get a FWU metadata copy
> > --
> > 2.34.1
> >
>
>
> Thanks
> /Ilias
More information about the U-Boot
mailing list