From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Sughosh Ganu <sughosh.ganu@linaro.org>
Cc: u-boot@lists.denx.de, Heinrich Schuchardt <xypron.glpk@gmx.de>,
Takahiro Akashi <takahiro.akashi@linaro.org>,
Patrick Delaunay <patrick.delaunay@foss.st.com>,
Patrice Chotard <patrice.chotard@foss.st.com>,
Simon Glass <sjg@chromium.org>, Bin Meng <bmeng.cn@gmail.com>,
Tom Rini <trini@konsulko.com>,
Etienne Carriere <etienne.carriere@linaro.org>,
Michal Simek <monstr@monstr.eu>,
Jassi Brar <jaswinder.singh@linaro.org>
Subject: Re: [PATCH v14 03/15] FWU: Add FWU metadata access driver for GPT partitioned block devices
Date: Tue, 18 Oct 2022 18:08:12 +0300 [thread overview]
Message-ID: <Y07BXFhGIyvx5Qu8@hera> (raw)
In-Reply-To: <20221018114337.439816-4-sughosh.ganu@linaro.org>
Hi Sughosh,
[...]
> +};
> +
> +static int gpt_get_mdata_partitions(struct blk_desc *desc,
> + uint mdata_parts[2])
> +{
> + int i, ret;
> + u32 nparts;
> + efi_guid_t part_type_guid;
> + struct disk_partition info;
> + const efi_guid_t fwu_mdata_guid = FWU_MDATA_GUID;
> +
> + nparts = 0;
> + for (i = 1; i < MAX_SEARCH_PARTITIONS && nparts < 2; i++) {
The 'nparts < 2' might hide an actual problem. Can we get rid of it and
only rely on the test at the end?
> + if (part_get_info(desc, i, &info))
> + continue;
> + uuid_str_to_bin(info.type_guid, part_type_guid.b,
> + UUID_STR_FORMAT_GUID);
> +
> + if (!guidcmp(&fwu_mdata_guid, &part_type_guid)) {
> + mdata_parts[nparts] = i;
> + ++nparts;
> + }
> + }
> +
> + if (nparts != 2) {
> + log_debug("Expect two copies of the FWU metadata instead of %d\n",
> + nparts);
> + ret = -EINVAL;
> + } else {
> + ret = 0;
> + }
> +
> + return ret;
> +}
> +
> +static int gpt_get_mdata_disk_part(struct blk_desc *desc,
> + struct disk_partition *info,
> + u32 part_num)
> +{
> + int ret;
> + char *mdata_guid_str = "8a7a84a0-8387-40f6-ab41-a8b9a5a60d23";
> +
> + ret = part_get_info(desc, part_num, info);
> + if (ret < 0) {
> + log_debug("Unable to get the partition info for the FWU metadata part %d\n",
> + part_num);
> + return -ENOENT;
> + }
> +
> + /* Check that it is indeed the FWU metadata partition */
> + if (!strncmp(info->type_guid, mdata_guid_str, UUID_STR_LEN)) {
> + /* Found the FWU metadata partition */
> + return 0;
> + }
Drop the comment and {}
> +
> + return -ENOENT;
> +}
> +
> +static int gpt_read_write_mdata(struct blk_desc *desc,
> + struct fwu_mdata *mdata,
> + u8 access, u32 part_num)
> +{
> + int ret;
> + u32 len, blk_start, blkcnt;
> + struct disk_partition info;
> +
> + ALLOC_CACHE_ALIGN_BUFFER_PAD(struct fwu_mdata, mdata_aligned, 1,
> + desc->blksz);
> +
> + ret = gpt_get_mdata_disk_part(desc, &info, part_num);
> + if (ret < 0) {
> + printf("Unable to get the FWU metadata partition\n");
> + return -ENOENT;
> + }
> +
> + len = sizeof(*mdata);
> + blkcnt = BLOCK_CNT(len, desc);
> + if (blkcnt > info.size) {
> + log_debug("Block count exceeds FWU metadata partition size\n");
> + return -ERANGE;
> + }
> +
> + blk_start = info.start;
> + if (access == MDATA_READ) {
> + if (blk_dread(desc, blk_start, blkcnt, mdata_aligned) != blkcnt) {
> + log_debug("Error reading FWU metadata from the device\n");
> + return -EIO;
> + }
> + memcpy(mdata, mdata_aligned, sizeof(struct fwu_mdata));
I know we are using mdata in a 'controlled' way but I think it's better if
we have a check against NULL in the top of the function
> + } else {
> + if (blk_dwrite(desc, blk_start, blkcnt, mdata) != blkcnt) {
> + log_debug("Error writing FWU metadata to the device\n");
> + return -EIO;
> + }
> + }
> +
> + return 0;
> +}
> +
> +static int fwu_gpt_update_mdata(struct udevice *dev, struct fwu_mdata *mdata)
> +{
> + int ret;
> + struct blk_desc *desc;
> + uint mdata_parts[2];
> + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> +
> + desc = dev_get_uclass_plat(priv->blk_dev);
> +
> + ret = gpt_get_mdata_partitions(desc, mdata_parts);
> + if (ret < 0) {
> + log_debug("Error getting the FWU metadata partitions\n");
> + return -ENOENT;
> + }
> +
> + /* First write the primary partition */
> + ret = gpt_read_write_mdata(desc, mdata, MDATA_WRITE, mdata_parts[0]);
> + if (ret < 0) {
> + log_debug("Updating primary FWU metadata partition failed\n");
> + return ret;
> + }
> +
> + /* And now the replica */
> + ret = gpt_read_write_mdata(desc, mdata, MDATA_WRITE, mdata_parts[1]);
> + if (ret < 0) {
> + log_debug("Updating secondary FWU metadata partition failed\n");
> + return ret;
> + }
> +
> + return 0;
> +}
> +
> +static int gpt_get_mdata(struct blk_desc *desc, struct fwu_mdata *mdata)
> +{
> + int ret;
> + uint mdata_parts[2];
> +
> + ret = gpt_get_mdata_partitions(desc, mdata_parts);
> +
> + if (ret < 0) {
> + log_debug("Error getting the FWU metadata partitions\n");
> + return -ENOENT;
> + }
> +
> + ret = gpt_read_write_mdata(desc, mdata, MDATA_READ, mdata_parts[0]);
> + if (ret < 0) {
> + log_debug("Failed to read the FWU metadata from the device\n");
> + return -EIO;
> + }
> +
> + ret = fwu_verify_mdata(mdata, 1);
> + if (!ret)
> + return 0;
> +
> + /*
> + * Verification of the primary FWU metadata copy failed.
> + * Try to read the replica.
> + */
> + memset(mdata, '\0', sizeof(struct fwu_mdata));
> + ret = gpt_read_write_mdata(desc, mdata, MDATA_READ, mdata_parts[1]);
> + if (ret < 0) {
> + log_debug("Failed to read the FWU metadata from the device\n");
> + return -EIO;
> + }
> +
> + ret = fwu_verify_mdata(mdata, 0);
> + if (!ret)
> + return 0;
Can we move this before writing potentially bogus data to part 1 and just
fail early?
> +
> + /* Both the FWU metadata copies are corrupted. */
> + return -EIO;
> +}
> +
> +static int fwu_gpt_get_mdata(struct udevice *dev, struct fwu_mdata *mdata)
> +{
> + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> +
> + return gpt_get_mdata(dev_get_uclass_plat(priv->blk_dev), mdata);
> +}
> +
> +static int fwu_gpt_get_mdata_partitions(struct udevice *dev, uint *mdata_parts)
> +{
> + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> +
> + return gpt_get_mdata_partitions(dev_get_uclass_plat(priv->blk_dev),
> + mdata_parts);
> +}
> +
> +static int fwu_gpt_read_mdata_partition(struct udevice *dev,
> + struct fwu_mdata *mdata, uint part_num)
> +{
> + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> +
> + return gpt_read_write_mdata(dev_get_uclass_plat(priv->blk_dev),
> + mdata, MDATA_READ, part_num);
> +}
> +
> +static int fwu_gpt_write_mdata_partition(struct udevice *dev,
> + struct fwu_mdata *mdata, uint part_num)
> +{
> + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> +
> + return gpt_read_write_mdata(dev_get_uclass_plat(priv->blk_dev),
> + mdata, MDATA_WRITE, part_num);
> +}
> +
> +static int fwu_get_mdata_device(struct udevice *dev, struct udevice **mdata_dev)
> +{
> + u32 phandle;
> + int ret, size;
> + struct udevice *parent;
> + const fdt32_t *phandle_p = NULL;
> +
> + phandle_p = dev_read_prop(dev, "fwu-mdata-store", &size);
> + if (!phandle_p) {
> + log_debug("fwu-mdata-store property not found\n");
> + return -ENOENT;
> + }
> +
> + phandle = fdt32_to_cpu(*phandle_p);
> +
> + ret = device_get_global_by_ofnode(ofnode_get_by_phandle(phandle),
> + &parent);
> + if (ret)
> + return ret;
> +
> + return blk_get_from_parent(parent, mdata_dev);
> +}
> +
> +static int fwu_mdata_gpt_blk_probe(struct udevice *dev)
> +{
> + int ret;
> + struct udevice *mdata_dev = NULL;
> + struct fwu_mdata_gpt_blk_priv *priv = dev_get_priv(dev);
> +
> + ret = fwu_get_mdata_device(dev, &mdata_dev);
> + if (ret)
> + return ret;
> +
> + priv->blk_dev = mdata_dev;
> +
> + return 0;
> +}
> +
> +static const struct fwu_mdata_ops fwu_gpt_blk_ops = {
> + .get_mdata = fwu_gpt_get_mdata,
> + .update_mdata = fwu_gpt_update_mdata,
> + .get_mdata_part_num = fwu_gpt_get_mdata_partitions,
> + .read_mdata_partition = fwu_gpt_read_mdata_partition,
> + .write_mdata_partition = fwu_gpt_write_mdata_partition,
> +};
> +
> +static const struct udevice_id fwu_mdata_ids[] = {
> + { .compatible = "u-boot,fwu-mdata-gpt" },
> + { }
> +};
> +
> +U_BOOT_DRIVER(fwu_mdata_gpt_blk) = {
> + .name = "fwu-mdata-gpt-blk",
> + .id = UCLASS_FWU_MDATA,
> + .of_match = fwu_mdata_ids,
> + .ops = &fwu_gpt_blk_ops,
> + .probe = fwu_mdata_gpt_blk_probe,
> + .priv_auto = sizeof(struct fwu_mdata_gpt_blk_priv),
> +};
> diff --git a/include/fwu.h b/include/fwu.h
> index 84c4ffacee..eb4ce19262 100644
> --- a/include/fwu.h
> +++ b/include/fwu.h
> @@ -14,6 +14,10 @@
> struct fwu_mdata;
> struct udevice;
>
> +struct fwu_mdata_gpt_blk_priv {
> + struct udevice *blk_dev;
> +};
> +
> /**
> * @mdata_check: check the validity of the FWU metadata partitions
> * @get_mdata() - Get a FWU metadata copy
> --
> 2.34.1
>
Thanks
/Ilias
next prev parent reply other threads:[~2022-10-18 15:08 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-18 11:43 [PATCH v14 00/15] FWU: Add FWU Multi Bank Update feature support Sughosh Ganu
2022-10-18 11:43 ` [PATCH v14 01/15] dt/bindings: Add bindings for GPT based FWU Metadata storage device Sughosh Ganu
2022-10-18 11:43 ` [PATCH v14 02/15] FWU: Add FWU metadata structure and driver for accessing metadata Sughosh Ganu
2022-10-19 19:56 ` Ilias Apalodimas
2022-10-19 21:13 ` Etienne Carriere
2022-10-20 4:45 ` Sughosh Ganu
2022-10-20 6:39 ` Ilias Apalodimas
2022-10-18 11:43 ` [PATCH v14 03/15] FWU: Add FWU metadata access driver for GPT partitioned block devices Sughosh Ganu
2022-10-18 15:08 ` Ilias Apalodimas [this message]
2022-10-19 5:02 ` Sughosh Ganu
2022-10-18 11:43 ` [PATCH v14 04/15] stm32mp1: Add a node for the FWU metadata device Sughosh Ganu
2022-10-18 11:43 ` [PATCH v14 05/15] stm32mp1: Add image information for capsule updates Sughosh Ganu
2022-10-18 11:43 ` [PATCH v14 06/15] FWU: Add helper functions for accessing FWU metadata Sughosh Ganu
2022-10-18 11:43 ` [PATCH v14 07/15] FWU: STM32MP1: Add support to read boot index from backup register Sughosh Ganu
2022-10-20 14:17 ` Etienne Carriere
2022-10-18 11:43 ` [PATCH v14 08/15] event: Add an event for main_loop Sughosh Ganu
2022-10-20 14:18 ` Etienne Carriere
2022-10-18 11:43 ` [PATCH v14 09/15] FWU: Add boot time checks as highlighted by the FWU specification Sughosh Ganu
2022-10-19 20:01 ` Ilias Apalodimas
2022-10-20 4:35 ` Sughosh Ganu
2022-10-20 6:30 ` Ilias Apalodimas
2022-10-20 12:29 ` Ilias Apalodimas
2022-10-18 11:43 ` [PATCH v14 10/15] FWU: Add support for the FWU Multi Bank Update feature Sughosh Ganu
2022-10-19 7:36 ` Ilias Apalodimas
2022-10-18 11:43 ` [PATCH v14 11/15] FWU: cmd: Add a command to read FWU metadata Sughosh Ganu
2022-10-18 11:43 ` [PATCH v14 12/15] test: dm: Add test cases for FWU Metadata uclass Sughosh Ganu
2022-10-18 13:41 ` Ilias Apalodimas
2022-10-18 16:59 ` Simon Glass
2022-10-19 4:51 ` Sughosh Ganu
2022-10-18 11:43 ` [PATCH v14 13/15] mkeficapsule: Add support for generating empty capsules Sughosh Ganu
2022-10-20 14:11 ` Etienne Carriere
2022-10-18 11:43 ` [PATCH v14 14/15] mkeficapsule: Add support for setting OEM flags in capsule header Sughosh Ganu
2022-10-20 13:55 ` Etienne Carriere
2022-10-20 14:10 ` Sughosh Ganu
2022-10-20 14:23 ` Etienne Carriere
2022-10-18 11:43 ` [PATCH v14 15/15] FWU: doc: Add documentation for the FWU feature Sughosh Ganu
2022-10-18 14:26 ` Ilias Apalodimas
2022-10-20 14:04 ` Etienne Carriere
2022-10-20 14:28 ` Etienne Carriere
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y07BXFhGIyvx5Qu8@hera \
--to=ilias.apalodimas@linaro.org \
--cc=bmeng.cn@gmail.com \
--cc=etienne.carriere@linaro.org \
--cc=jaswinder.singh@linaro.org \
--cc=monstr@monstr.eu \
--cc=patrice.chotard@foss.st.com \
--cc=patrick.delaunay@foss.st.com \
--cc=sjg@chromium.org \
--cc=sughosh.ganu@linaro.org \
--cc=takahiro.akashi@linaro.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox