xref: /OK3568_Linux_fs/kernel/drivers/mtd/parsers/bcm47xxpart.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-only
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun  * BCM47XX MTD partitioning
4*4882a593Smuzhiyun  *
5*4882a593Smuzhiyun  * Copyright © 2012 Rafał Miłecki <zajec5@gmail.com>
6*4882a593Smuzhiyun  */
7*4882a593Smuzhiyun 
8*4882a593Smuzhiyun #include <linux/bcm47xx_nvram.h>
9*4882a593Smuzhiyun #include <linux/module.h>
10*4882a593Smuzhiyun #include <linux/kernel.h>
11*4882a593Smuzhiyun #include <linux/slab.h>
12*4882a593Smuzhiyun #include <linux/mtd/mtd.h>
13*4882a593Smuzhiyun #include <linux/mtd/partitions.h>
14*4882a593Smuzhiyun 
15*4882a593Smuzhiyun #include <uapi/linux/magic.h>
16*4882a593Smuzhiyun 
17*4882a593Smuzhiyun /*
18*4882a593Smuzhiyun  * NAND flash on Netgear R6250 was verified to contain 15 partitions.
19*4882a593Smuzhiyun  * This will result in allocating too big array for some old devices, but the
20*4882a593Smuzhiyun  * memory will be freed soon anyway (see mtd_device_parse_register).
21*4882a593Smuzhiyun  */
22*4882a593Smuzhiyun #define BCM47XXPART_MAX_PARTS		20
23*4882a593Smuzhiyun 
24*4882a593Smuzhiyun /*
25*4882a593Smuzhiyun  * Amount of bytes we read when analyzing each block of flash memory.
26*4882a593Smuzhiyun  * Set it big enough to allow detecting partition and reading important data.
27*4882a593Smuzhiyun  */
28*4882a593Smuzhiyun #define BCM47XXPART_BYTES_TO_READ	0x4e8
29*4882a593Smuzhiyun 
30*4882a593Smuzhiyun /* Magics */
31*4882a593Smuzhiyun #define BOARD_DATA_MAGIC		0x5246504D	/* MPFR */
32*4882a593Smuzhiyun #define BOARD_DATA_MAGIC2		0xBD0D0BBD
33*4882a593Smuzhiyun #define CFE_MAGIC			0x43464531	/* 1EFC */
34*4882a593Smuzhiyun #define FACTORY_MAGIC			0x59544346	/* FCTY */
35*4882a593Smuzhiyun #define NVRAM_HEADER			0x48534C46	/* FLSH */
36*4882a593Smuzhiyun #define POT_MAGIC1			0x54544f50	/* POTT */
37*4882a593Smuzhiyun #define POT_MAGIC2			0x504f		/* OP */
38*4882a593Smuzhiyun #define ML_MAGIC1			0x39685a42
39*4882a593Smuzhiyun #define ML_MAGIC2			0x26594131
40*4882a593Smuzhiyun #define TRX_MAGIC			0x30524448
41*4882a593Smuzhiyun #define SHSQ_MAGIC			0x71736873	/* shsq (weird ZTE H218N endianness) */
42*4882a593Smuzhiyun 
43*4882a593Smuzhiyun static const char * const trx_types[] = { "trx", NULL };
44*4882a593Smuzhiyun 
45*4882a593Smuzhiyun struct trx_header {
46*4882a593Smuzhiyun 	uint32_t magic;
47*4882a593Smuzhiyun 	uint32_t length;
48*4882a593Smuzhiyun 	uint32_t crc32;
49*4882a593Smuzhiyun 	uint16_t flags;
50*4882a593Smuzhiyun 	uint16_t version;
51*4882a593Smuzhiyun 	uint32_t offset[3];
52*4882a593Smuzhiyun } __packed;
53*4882a593Smuzhiyun 
bcm47xxpart_add_part(struct mtd_partition * part,const char * name,u64 offset,uint32_t mask_flags)54*4882a593Smuzhiyun static void bcm47xxpart_add_part(struct mtd_partition *part, const char *name,
55*4882a593Smuzhiyun 				 u64 offset, uint32_t mask_flags)
56*4882a593Smuzhiyun {
57*4882a593Smuzhiyun 	part->name = name;
58*4882a593Smuzhiyun 	part->offset = offset;
59*4882a593Smuzhiyun 	part->mask_flags = mask_flags;
60*4882a593Smuzhiyun }
61*4882a593Smuzhiyun 
62*4882a593Smuzhiyun /**
63*4882a593Smuzhiyun  * bcm47xxpart_bootpartition - gets index of TRX partition used by bootloader
64*4882a593Smuzhiyun  *
65*4882a593Smuzhiyun  * Some devices may have more than one TRX partition. In such case one of them
66*4882a593Smuzhiyun  * is the main one and another a failsafe one. Bootloader may fallback to the
67*4882a593Smuzhiyun  * failsafe firmware if it detects corruption of the main image.
68*4882a593Smuzhiyun  *
69*4882a593Smuzhiyun  * This function provides info about currently used TRX partition. It's the one
70*4882a593Smuzhiyun  * containing kernel started by the bootloader.
71*4882a593Smuzhiyun  */
bcm47xxpart_bootpartition(void)72*4882a593Smuzhiyun static int bcm47xxpart_bootpartition(void)
73*4882a593Smuzhiyun {
74*4882a593Smuzhiyun 	char buf[4];
75*4882a593Smuzhiyun 	int bootpartition;
76*4882a593Smuzhiyun 
77*4882a593Smuzhiyun 	/* Check CFE environment variable */
78*4882a593Smuzhiyun 	if (bcm47xx_nvram_getenv("bootpartition", buf, sizeof(buf)) > 0) {
79*4882a593Smuzhiyun 		if (!kstrtoint(buf, 0, &bootpartition))
80*4882a593Smuzhiyun 			return bootpartition;
81*4882a593Smuzhiyun 	}
82*4882a593Smuzhiyun 
83*4882a593Smuzhiyun 	return 0;
84*4882a593Smuzhiyun }
85*4882a593Smuzhiyun 
bcm47xxpart_parse(struct mtd_info * master,const struct mtd_partition ** pparts,struct mtd_part_parser_data * data)86*4882a593Smuzhiyun static int bcm47xxpart_parse(struct mtd_info *master,
87*4882a593Smuzhiyun 			     const struct mtd_partition **pparts,
88*4882a593Smuzhiyun 			     struct mtd_part_parser_data *data)
89*4882a593Smuzhiyun {
90*4882a593Smuzhiyun 	struct mtd_partition *parts;
91*4882a593Smuzhiyun 	uint8_t i, curr_part = 0;
92*4882a593Smuzhiyun 	uint32_t *buf;
93*4882a593Smuzhiyun 	size_t bytes_read;
94*4882a593Smuzhiyun 	uint32_t offset;
95*4882a593Smuzhiyun 	uint32_t blocksize = master->erasesize;
96*4882a593Smuzhiyun 	int trx_parts[2]; /* Array with indexes of TRX partitions */
97*4882a593Smuzhiyun 	int trx_num = 0; /* Number of found TRX partitions */
98*4882a593Smuzhiyun 	int possible_nvram_sizes[] = { 0x8000, 0xF000, 0x10000, };
99*4882a593Smuzhiyun 	int err;
100*4882a593Smuzhiyun 
101*4882a593Smuzhiyun 	/*
102*4882a593Smuzhiyun 	 * Some really old flashes (like AT45DB*) had smaller erasesize-s, but
103*4882a593Smuzhiyun 	 * partitions were aligned to at least 0x1000 anyway.
104*4882a593Smuzhiyun 	 */
105*4882a593Smuzhiyun 	if (blocksize < 0x1000)
106*4882a593Smuzhiyun 		blocksize = 0x1000;
107*4882a593Smuzhiyun 
108*4882a593Smuzhiyun 	/* Alloc */
109*4882a593Smuzhiyun 	parts = kcalloc(BCM47XXPART_MAX_PARTS, sizeof(struct mtd_partition),
110*4882a593Smuzhiyun 			GFP_KERNEL);
111*4882a593Smuzhiyun 	if (!parts)
112*4882a593Smuzhiyun 		return -ENOMEM;
113*4882a593Smuzhiyun 
114*4882a593Smuzhiyun 	buf = kzalloc(BCM47XXPART_BYTES_TO_READ, GFP_KERNEL);
115*4882a593Smuzhiyun 	if (!buf) {
116*4882a593Smuzhiyun 		kfree(parts);
117*4882a593Smuzhiyun 		return -ENOMEM;
118*4882a593Smuzhiyun 	}
119*4882a593Smuzhiyun 
120*4882a593Smuzhiyun 	/* Parse block by block looking for magics */
121*4882a593Smuzhiyun 	for (offset = 0; offset <= master->size - blocksize;
122*4882a593Smuzhiyun 	     offset += blocksize) {
123*4882a593Smuzhiyun 		/* Nothing more in higher memory on BCM47XX (MIPS) */
124*4882a593Smuzhiyun 		if (IS_ENABLED(CONFIG_BCM47XX) && offset >= 0x2000000)
125*4882a593Smuzhiyun 			break;
126*4882a593Smuzhiyun 
127*4882a593Smuzhiyun 		if (curr_part >= BCM47XXPART_MAX_PARTS) {
128*4882a593Smuzhiyun 			pr_warn("Reached maximum number of partitions, scanning stopped!\n");
129*4882a593Smuzhiyun 			break;
130*4882a593Smuzhiyun 		}
131*4882a593Smuzhiyun 
132*4882a593Smuzhiyun 		/* Read beginning of the block */
133*4882a593Smuzhiyun 		err = mtd_read(master, offset, BCM47XXPART_BYTES_TO_READ,
134*4882a593Smuzhiyun 			       &bytes_read, (uint8_t *)buf);
135*4882a593Smuzhiyun 		if (err && !mtd_is_bitflip(err)) {
136*4882a593Smuzhiyun 			pr_err("mtd_read error while parsing (offset: 0x%X): %d\n",
137*4882a593Smuzhiyun 			       offset, err);
138*4882a593Smuzhiyun 			continue;
139*4882a593Smuzhiyun 		}
140*4882a593Smuzhiyun 
141*4882a593Smuzhiyun 		/* Magic or small NVRAM at 0x400 */
142*4882a593Smuzhiyun 		if ((buf[0x4e0 / 4] == CFE_MAGIC && buf[0x4e4 / 4] == CFE_MAGIC) ||
143*4882a593Smuzhiyun 		    (buf[0x400 / 4] == NVRAM_HEADER)) {
144*4882a593Smuzhiyun 			bcm47xxpart_add_part(&parts[curr_part++], "boot",
145*4882a593Smuzhiyun 					     offset, MTD_WRITEABLE);
146*4882a593Smuzhiyun 			continue;
147*4882a593Smuzhiyun 		}
148*4882a593Smuzhiyun 
149*4882a593Smuzhiyun 		/*
150*4882a593Smuzhiyun 		 * board_data starts with board_id which differs across boards,
151*4882a593Smuzhiyun 		 * but we can use 'MPFR' (hopefully) magic at 0x100
152*4882a593Smuzhiyun 		 */
153*4882a593Smuzhiyun 		if (buf[0x100 / 4] == BOARD_DATA_MAGIC) {
154*4882a593Smuzhiyun 			bcm47xxpart_add_part(&parts[curr_part++], "board_data",
155*4882a593Smuzhiyun 					     offset, MTD_WRITEABLE);
156*4882a593Smuzhiyun 			continue;
157*4882a593Smuzhiyun 		}
158*4882a593Smuzhiyun 
159*4882a593Smuzhiyun 		/* Found on Huawei E970 */
160*4882a593Smuzhiyun 		if (buf[0x000 / 4] == FACTORY_MAGIC) {
161*4882a593Smuzhiyun 			bcm47xxpart_add_part(&parts[curr_part++], "factory",
162*4882a593Smuzhiyun 					     offset, MTD_WRITEABLE);
163*4882a593Smuzhiyun 			continue;
164*4882a593Smuzhiyun 		}
165*4882a593Smuzhiyun 
166*4882a593Smuzhiyun 		/* POT(TOP) */
167*4882a593Smuzhiyun 		if (buf[0x000 / 4] == POT_MAGIC1 &&
168*4882a593Smuzhiyun 		    (buf[0x004 / 4] & 0xFFFF) == POT_MAGIC2) {
169*4882a593Smuzhiyun 			bcm47xxpart_add_part(&parts[curr_part++], "POT", offset,
170*4882a593Smuzhiyun 					     MTD_WRITEABLE);
171*4882a593Smuzhiyun 			continue;
172*4882a593Smuzhiyun 		}
173*4882a593Smuzhiyun 
174*4882a593Smuzhiyun 		/* ML */
175*4882a593Smuzhiyun 		if (buf[0x010 / 4] == ML_MAGIC1 &&
176*4882a593Smuzhiyun 		    buf[0x014 / 4] == ML_MAGIC2) {
177*4882a593Smuzhiyun 			bcm47xxpart_add_part(&parts[curr_part++], "ML", offset,
178*4882a593Smuzhiyun 					     MTD_WRITEABLE);
179*4882a593Smuzhiyun 			continue;
180*4882a593Smuzhiyun 		}
181*4882a593Smuzhiyun 
182*4882a593Smuzhiyun 		/* TRX */
183*4882a593Smuzhiyun 		if (buf[0x000 / 4] == TRX_MAGIC) {
184*4882a593Smuzhiyun 			struct trx_header *trx;
185*4882a593Smuzhiyun 			uint32_t last_subpart;
186*4882a593Smuzhiyun 			uint32_t trx_size;
187*4882a593Smuzhiyun 
188*4882a593Smuzhiyun 			if (trx_num >= ARRAY_SIZE(trx_parts))
189*4882a593Smuzhiyun 				pr_warn("No enough space to store another TRX found at 0x%X\n",
190*4882a593Smuzhiyun 					offset);
191*4882a593Smuzhiyun 			else
192*4882a593Smuzhiyun 				trx_parts[trx_num++] = curr_part;
193*4882a593Smuzhiyun 			bcm47xxpart_add_part(&parts[curr_part++], "firmware",
194*4882a593Smuzhiyun 					     offset, 0);
195*4882a593Smuzhiyun 
196*4882a593Smuzhiyun 			/*
197*4882a593Smuzhiyun 			 * Try to find TRX size. The "length" field isn't fully
198*4882a593Smuzhiyun 			 * reliable as it could be decreased to make CRC32 cover
199*4882a593Smuzhiyun 			 * only part of TRX data. It's commonly used as checksum
200*4882a593Smuzhiyun 			 * can't cover e.g. ever-changing rootfs partition.
201*4882a593Smuzhiyun 			 * Use offsets as helpers for assuming min TRX size.
202*4882a593Smuzhiyun 			 */
203*4882a593Smuzhiyun 			trx = (struct trx_header *)buf;
204*4882a593Smuzhiyun 			last_subpart = max3(trx->offset[0], trx->offset[1],
205*4882a593Smuzhiyun 					    trx->offset[2]);
206*4882a593Smuzhiyun 			trx_size = max(trx->length, last_subpart + blocksize);
207*4882a593Smuzhiyun 
208*4882a593Smuzhiyun 			/*
209*4882a593Smuzhiyun 			 * Skip the TRX data. Decrease offset by block size as
210*4882a593Smuzhiyun 			 * the next loop iteration will increase it.
211*4882a593Smuzhiyun 			 */
212*4882a593Smuzhiyun 			offset += roundup(trx_size, blocksize) - blocksize;
213*4882a593Smuzhiyun 			continue;
214*4882a593Smuzhiyun 		}
215*4882a593Smuzhiyun 
216*4882a593Smuzhiyun 		/* Squashfs on devices not using TRX */
217*4882a593Smuzhiyun 		if (le32_to_cpu(buf[0x000 / 4]) == SQUASHFS_MAGIC ||
218*4882a593Smuzhiyun 		    buf[0x000 / 4] == SHSQ_MAGIC) {
219*4882a593Smuzhiyun 			bcm47xxpart_add_part(&parts[curr_part++], "rootfs",
220*4882a593Smuzhiyun 					     offset, 0);
221*4882a593Smuzhiyun 			continue;
222*4882a593Smuzhiyun 		}
223*4882a593Smuzhiyun 
224*4882a593Smuzhiyun 		/*
225*4882a593Smuzhiyun 		 * New (ARM?) devices may have NVRAM in some middle block. Last
226*4882a593Smuzhiyun 		 * block will be checked later, so skip it.
227*4882a593Smuzhiyun 		 */
228*4882a593Smuzhiyun 		if (offset != master->size - blocksize &&
229*4882a593Smuzhiyun 		    buf[0x000 / 4] == NVRAM_HEADER) {
230*4882a593Smuzhiyun 			bcm47xxpart_add_part(&parts[curr_part++], "nvram",
231*4882a593Smuzhiyun 					     offset, 0);
232*4882a593Smuzhiyun 			continue;
233*4882a593Smuzhiyun 		}
234*4882a593Smuzhiyun 
235*4882a593Smuzhiyun 		/* Read middle of the block */
236*4882a593Smuzhiyun 		err = mtd_read(master, offset + (blocksize / 2), 0x4, &bytes_read,
237*4882a593Smuzhiyun 			       (uint8_t *)buf);
238*4882a593Smuzhiyun 		if (err && !mtd_is_bitflip(err)) {
239*4882a593Smuzhiyun 			pr_err("mtd_read error while parsing (offset: 0x%X): %d\n",
240*4882a593Smuzhiyun 			       offset + (blocksize / 2), err);
241*4882a593Smuzhiyun 			continue;
242*4882a593Smuzhiyun 		}
243*4882a593Smuzhiyun 
244*4882a593Smuzhiyun 		/* Some devices (ex. WNDR3700v3) don't have a standard 'MPFR' */
245*4882a593Smuzhiyun 		if (buf[0x000 / 4] == BOARD_DATA_MAGIC2) {
246*4882a593Smuzhiyun 			bcm47xxpart_add_part(&parts[curr_part++], "board_data",
247*4882a593Smuzhiyun 					     offset, MTD_WRITEABLE);
248*4882a593Smuzhiyun 			continue;
249*4882a593Smuzhiyun 		}
250*4882a593Smuzhiyun 	}
251*4882a593Smuzhiyun 
252*4882a593Smuzhiyun 	/* Look for NVRAM at the end of the last block. */
253*4882a593Smuzhiyun 	for (i = 0; i < ARRAY_SIZE(possible_nvram_sizes); i++) {
254*4882a593Smuzhiyun 		if (curr_part >= BCM47XXPART_MAX_PARTS) {
255*4882a593Smuzhiyun 			pr_warn("Reached maximum number of partitions, scanning stopped!\n");
256*4882a593Smuzhiyun 			break;
257*4882a593Smuzhiyun 		}
258*4882a593Smuzhiyun 
259*4882a593Smuzhiyun 		offset = master->size - possible_nvram_sizes[i];
260*4882a593Smuzhiyun 		err = mtd_read(master, offset, 0x4, &bytes_read,
261*4882a593Smuzhiyun 			       (uint8_t *)buf);
262*4882a593Smuzhiyun 		if (err && !mtd_is_bitflip(err)) {
263*4882a593Smuzhiyun 			pr_err("mtd_read error while reading (offset 0x%X): %d\n",
264*4882a593Smuzhiyun 			       offset, err);
265*4882a593Smuzhiyun 			continue;
266*4882a593Smuzhiyun 		}
267*4882a593Smuzhiyun 
268*4882a593Smuzhiyun 		/* Standard NVRAM */
269*4882a593Smuzhiyun 		if (buf[0] == NVRAM_HEADER) {
270*4882a593Smuzhiyun 			bcm47xxpart_add_part(&parts[curr_part++], "nvram",
271*4882a593Smuzhiyun 					     master->size - blocksize, 0);
272*4882a593Smuzhiyun 			break;
273*4882a593Smuzhiyun 		}
274*4882a593Smuzhiyun 	}
275*4882a593Smuzhiyun 
276*4882a593Smuzhiyun 	kfree(buf);
277*4882a593Smuzhiyun 
278*4882a593Smuzhiyun 	/*
279*4882a593Smuzhiyun 	 * Assume that partitions end at the beginning of the one they are
280*4882a593Smuzhiyun 	 * followed by.
281*4882a593Smuzhiyun 	 */
282*4882a593Smuzhiyun 	for (i = 0; i < curr_part; i++) {
283*4882a593Smuzhiyun 		u64 next_part_offset = (i < curr_part - 1) ?
284*4882a593Smuzhiyun 				       parts[i + 1].offset : master->size;
285*4882a593Smuzhiyun 
286*4882a593Smuzhiyun 		parts[i].size = next_part_offset - parts[i].offset;
287*4882a593Smuzhiyun 	}
288*4882a593Smuzhiyun 
289*4882a593Smuzhiyun 	/* If there was TRX parse it now */
290*4882a593Smuzhiyun 	for (i = 0; i < trx_num; i++) {
291*4882a593Smuzhiyun 		struct mtd_partition *trx = &parts[trx_parts[i]];
292*4882a593Smuzhiyun 
293*4882a593Smuzhiyun 		if (i == bcm47xxpart_bootpartition())
294*4882a593Smuzhiyun 			trx->types = trx_types;
295*4882a593Smuzhiyun 		else
296*4882a593Smuzhiyun 			trx->name = "failsafe";
297*4882a593Smuzhiyun 	}
298*4882a593Smuzhiyun 
299*4882a593Smuzhiyun 	*pparts = parts;
300*4882a593Smuzhiyun 	return curr_part;
301*4882a593Smuzhiyun };
302*4882a593Smuzhiyun 
303*4882a593Smuzhiyun static const struct of_device_id bcm47xxpart_of_match_table[] = {
304*4882a593Smuzhiyun 	{ .compatible = "brcm,bcm947xx-cfe-partitions" },
305*4882a593Smuzhiyun 	{},
306*4882a593Smuzhiyun };
307*4882a593Smuzhiyun MODULE_DEVICE_TABLE(of, bcm47xxpart_of_match_table);
308*4882a593Smuzhiyun 
309*4882a593Smuzhiyun static struct mtd_part_parser bcm47xxpart_mtd_parser = {
310*4882a593Smuzhiyun 	.parse_fn = bcm47xxpart_parse,
311*4882a593Smuzhiyun 	.name = "bcm47xxpart",
312*4882a593Smuzhiyun 	.of_match_table = bcm47xxpart_of_match_table,
313*4882a593Smuzhiyun };
314*4882a593Smuzhiyun module_mtd_part_parser(bcm47xxpart_mtd_parser);
315*4882a593Smuzhiyun 
316*4882a593Smuzhiyun MODULE_LICENSE("GPL");
317*4882a593Smuzhiyun MODULE_DESCRIPTION("MTD partitioning for BCM47XX flash memories");
318