1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* |
3 | * Qualcomm Peripheral Image Loader |
4 | * |
5 | * Copyright (C) 2016 Linaro Ltd |
6 | * Copyright (C) 2015 Sony Mobile Communications Inc |
7 | * Copyright (c) 2012-2013, The Linux Foundation. All rights reserved. |
8 | */ |
9 | |
10 | #include <linux/device.h> |
11 | #include <linux/elf.h> |
12 | #include <linux/firmware.h> |
13 | #include <linux/kernel.h> |
14 | #include <linux/module.h> |
15 | #include <linux/firmware/qcom/qcom_scm.h> |
16 | #include <linux/sizes.h> |
17 | #include <linux/slab.h> |
18 | #include <linux/soc/qcom/mdt_loader.h> |
19 | |
20 | static bool mdt_phdr_valid(const struct elf32_phdr *phdr) |
21 | { |
22 | if (phdr->p_type != PT_LOAD) |
23 | return false; |
24 | |
25 | if ((phdr->p_flags & QCOM_MDT_TYPE_MASK) == QCOM_MDT_TYPE_HASH) |
26 | return false; |
27 | |
28 | if (!phdr->p_memsz) |
29 | return false; |
30 | |
31 | return true; |
32 | } |
33 | |
34 | static ssize_t mdt_load_split_segment(void *ptr, const struct elf32_phdr *phdrs, |
35 | unsigned int segment, const char *fw_name, |
36 | struct device *dev) |
37 | { |
38 | const struct elf32_phdr *phdr = &phdrs[segment]; |
39 | const struct firmware *seg_fw; |
40 | char *seg_name; |
41 | ssize_t ret; |
42 | |
43 | if (strlen(fw_name) < 4) |
44 | return -EINVAL; |
45 | |
46 | seg_name = kstrdup(s: fw_name, GFP_KERNEL); |
47 | if (!seg_name) |
48 | return -ENOMEM; |
49 | |
50 | sprintf(buf: seg_name + strlen(fw_name) - 3, fmt: "b%02d" , segment); |
51 | ret = request_firmware_into_buf(firmware_p: &seg_fw, name: seg_name, device: dev, |
52 | buf: ptr, size: phdr->p_filesz); |
53 | if (ret) { |
54 | dev_err(dev, "error %zd loading %s\n" , ret, seg_name); |
55 | kfree(objp: seg_name); |
56 | return ret; |
57 | } |
58 | |
59 | if (seg_fw->size != phdr->p_filesz) { |
60 | dev_err(dev, |
61 | "failed to load segment %d from truncated file %s\n" , |
62 | segment, seg_name); |
63 | ret = -EINVAL; |
64 | } |
65 | |
66 | release_firmware(fw: seg_fw); |
67 | kfree(objp: seg_name); |
68 | |
69 | return ret; |
70 | } |
71 | |
72 | /** |
73 | * qcom_mdt_get_size() - acquire size of the memory region needed to load mdt |
74 | * @fw: firmware object for the mdt file |
75 | * |
76 | * Returns size of the loaded firmware blob, or -EINVAL on failure. |
77 | */ |
78 | ssize_t qcom_mdt_get_size(const struct firmware *fw) |
79 | { |
80 | const struct elf32_phdr *phdrs; |
81 | const struct elf32_phdr *phdr; |
82 | const struct elf32_hdr *ehdr; |
83 | phys_addr_t min_addr = PHYS_ADDR_MAX; |
84 | phys_addr_t max_addr = 0; |
85 | int i; |
86 | |
87 | ehdr = (struct elf32_hdr *)fw->data; |
88 | phdrs = (struct elf32_phdr *)(ehdr + 1); |
89 | |
90 | for (i = 0; i < ehdr->e_phnum; i++) { |
91 | phdr = &phdrs[i]; |
92 | |
93 | if (!mdt_phdr_valid(phdr)) |
94 | continue; |
95 | |
96 | if (phdr->p_paddr < min_addr) |
97 | min_addr = phdr->p_paddr; |
98 | |
99 | if (phdr->p_paddr + phdr->p_memsz > max_addr) |
100 | max_addr = ALIGN(phdr->p_paddr + phdr->p_memsz, SZ_4K); |
101 | } |
102 | |
103 | return min_addr < max_addr ? max_addr - min_addr : -EINVAL; |
104 | } |
105 | EXPORT_SYMBOL_GPL(qcom_mdt_get_size); |
106 | |
107 | /** |
108 | * qcom_mdt_read_metadata() - read header and metadata from mdt or mbn |
109 | * @fw: firmware of mdt header or mbn |
110 | * @data_len: length of the read metadata blob |
111 | * @fw_name: name of the firmware, for construction of segment file names |
112 | * @dev: device handle to associate resources with |
113 | * |
114 | * The mechanism that performs the authentication of the loading firmware |
115 | * expects an ELF header directly followed by the segment of hashes, with no |
116 | * padding inbetween. This function allocates a chunk of memory for this pair |
117 | * and copy the two pieces into the buffer. |
118 | * |
119 | * In the case of split firmware the hash is found directly following the ELF |
120 | * header, rather than at p_offset described by the second program header. |
121 | * |
122 | * The caller is responsible to free (kfree()) the returned pointer. |
123 | * |
124 | * Return: pointer to data, or ERR_PTR() |
125 | */ |
126 | void *qcom_mdt_read_metadata(const struct firmware *fw, size_t *data_len, |
127 | const char *fw_name, struct device *dev) |
128 | { |
129 | const struct elf32_phdr *phdrs; |
130 | const struct elf32_hdr *ehdr; |
131 | unsigned int hash_segment = 0; |
132 | size_t hash_offset; |
133 | size_t hash_size; |
134 | size_t ehdr_size; |
135 | unsigned int i; |
136 | ssize_t ret; |
137 | void *data; |
138 | |
139 | ehdr = (struct elf32_hdr *)fw->data; |
140 | phdrs = (struct elf32_phdr *)(ehdr + 1); |
141 | |
142 | if (ehdr->e_phnum < 2) |
143 | return ERR_PTR(error: -EINVAL); |
144 | |
145 | if (phdrs[0].p_type == PT_LOAD) |
146 | return ERR_PTR(error: -EINVAL); |
147 | |
148 | for (i = 1; i < ehdr->e_phnum; i++) { |
149 | if ((phdrs[i].p_flags & QCOM_MDT_TYPE_MASK) == QCOM_MDT_TYPE_HASH) { |
150 | hash_segment = i; |
151 | break; |
152 | } |
153 | } |
154 | |
155 | if (!hash_segment) { |
156 | dev_err(dev, "no hash segment found in %s\n" , fw_name); |
157 | return ERR_PTR(error: -EINVAL); |
158 | } |
159 | |
160 | ehdr_size = phdrs[0].p_filesz; |
161 | hash_size = phdrs[hash_segment].p_filesz; |
162 | |
163 | data = kmalloc(size: ehdr_size + hash_size, GFP_KERNEL); |
164 | if (!data) |
165 | return ERR_PTR(error: -ENOMEM); |
166 | |
167 | /* Copy ELF header */ |
168 | memcpy(data, fw->data, ehdr_size); |
169 | |
170 | if (ehdr_size + hash_size == fw->size) { |
171 | /* Firmware is split and hash is packed following the ELF header */ |
172 | hash_offset = phdrs[0].p_filesz; |
173 | memcpy(data + ehdr_size, fw->data + hash_offset, hash_size); |
174 | } else if (phdrs[hash_segment].p_offset + hash_size <= fw->size) { |
175 | /* Hash is in its own segment, but within the loaded file */ |
176 | hash_offset = phdrs[hash_segment].p_offset; |
177 | memcpy(data + ehdr_size, fw->data + hash_offset, hash_size); |
178 | } else { |
179 | /* Hash is in its own segment, beyond the loaded file */ |
180 | ret = mdt_load_split_segment(ptr: data + ehdr_size, phdrs, segment: hash_segment, fw_name, dev); |
181 | if (ret) { |
182 | kfree(objp: data); |
183 | return ERR_PTR(error: ret); |
184 | } |
185 | } |
186 | |
187 | *data_len = ehdr_size + hash_size; |
188 | |
189 | return data; |
190 | } |
191 | EXPORT_SYMBOL_GPL(qcom_mdt_read_metadata); |
192 | |
193 | /** |
194 | * qcom_mdt_pas_init() - initialize PAS region for firmware loading |
195 | * @dev: device handle to associate resources with |
196 | * @fw: firmware object for the mdt file |
197 | * @fw_name: name of the firmware, for construction of segment file names |
198 | * @pas_id: PAS identifier |
199 | * @mem_phys: physical address of allocated memory region |
200 | * @ctx: PAS metadata context, to be released by caller |
201 | * |
202 | * Returns 0 on success, negative errno otherwise. |
203 | */ |
204 | int qcom_mdt_pas_init(struct device *dev, const struct firmware *fw, |
205 | const char *fw_name, int pas_id, phys_addr_t mem_phys, |
206 | struct qcom_scm_pas_metadata *ctx) |
207 | { |
208 | const struct elf32_phdr *phdrs; |
209 | const struct elf32_phdr *phdr; |
210 | const struct elf32_hdr *ehdr; |
211 | phys_addr_t min_addr = PHYS_ADDR_MAX; |
212 | phys_addr_t max_addr = 0; |
213 | bool relocate = false; |
214 | size_t metadata_len; |
215 | void *metadata; |
216 | int ret; |
217 | int i; |
218 | |
219 | ehdr = (struct elf32_hdr *)fw->data; |
220 | phdrs = (struct elf32_phdr *)(ehdr + 1); |
221 | |
222 | for (i = 0; i < ehdr->e_phnum; i++) { |
223 | phdr = &phdrs[i]; |
224 | |
225 | if (!mdt_phdr_valid(phdr)) |
226 | continue; |
227 | |
228 | if (phdr->p_flags & QCOM_MDT_RELOCATABLE) |
229 | relocate = true; |
230 | |
231 | if (phdr->p_paddr < min_addr) |
232 | min_addr = phdr->p_paddr; |
233 | |
234 | if (phdr->p_paddr + phdr->p_memsz > max_addr) |
235 | max_addr = ALIGN(phdr->p_paddr + phdr->p_memsz, SZ_4K); |
236 | } |
237 | |
238 | metadata = qcom_mdt_read_metadata(fw, &metadata_len, fw_name, dev); |
239 | if (IS_ERR(ptr: metadata)) { |
240 | ret = PTR_ERR(ptr: metadata); |
241 | dev_err(dev, "error %d reading firmware %s metadata\n" , ret, fw_name); |
242 | goto out; |
243 | } |
244 | |
245 | ret = qcom_scm_pas_init_image(peripheral: pas_id, metadata, size: metadata_len, ctx); |
246 | kfree(objp: metadata); |
247 | if (ret) { |
248 | /* Invalid firmware metadata */ |
249 | dev_err(dev, "error %d initializing firmware %s\n" , ret, fw_name); |
250 | goto out; |
251 | } |
252 | |
253 | if (relocate) { |
254 | ret = qcom_scm_pas_mem_setup(peripheral: pas_id, addr: mem_phys, size: max_addr - min_addr); |
255 | if (ret) { |
256 | /* Unable to set up relocation */ |
257 | dev_err(dev, "error %d setting up firmware %s\n" , ret, fw_name); |
258 | goto out; |
259 | } |
260 | } |
261 | |
262 | out: |
263 | return ret; |
264 | } |
265 | EXPORT_SYMBOL_GPL(qcom_mdt_pas_init); |
266 | |
267 | static bool qcom_mdt_bins_are_split(const struct firmware *fw, const char *fw_name) |
268 | { |
269 | const struct elf32_phdr *phdrs; |
270 | const struct elf32_hdr *ehdr; |
271 | uint64_t seg_start, seg_end; |
272 | int i; |
273 | |
274 | ehdr = (struct elf32_hdr *)fw->data; |
275 | phdrs = (struct elf32_phdr *)(ehdr + 1); |
276 | |
277 | for (i = 0; i < ehdr->e_phnum; i++) { |
278 | /* |
279 | * The size of the MDT file is not padded to include any |
280 | * zero-sized segments at the end. Ignore these, as they should |
281 | * not affect the decision about image being split or not. |
282 | */ |
283 | if (!phdrs[i].p_filesz) |
284 | continue; |
285 | |
286 | seg_start = phdrs[i].p_offset; |
287 | seg_end = phdrs[i].p_offset + phdrs[i].p_filesz; |
288 | if (seg_start > fw->size || seg_end > fw->size) |
289 | return true; |
290 | } |
291 | |
292 | return false; |
293 | } |
294 | |
295 | static int __qcom_mdt_load(struct device *dev, const struct firmware *fw, |
296 | const char *fw_name, int pas_id, void *mem_region, |
297 | phys_addr_t mem_phys, size_t mem_size, |
298 | phys_addr_t *reloc_base, bool pas_init) |
299 | { |
300 | const struct elf32_phdr *phdrs; |
301 | const struct elf32_phdr *phdr; |
302 | const struct elf32_hdr *ehdr; |
303 | phys_addr_t mem_reloc; |
304 | phys_addr_t min_addr = PHYS_ADDR_MAX; |
305 | ssize_t offset; |
306 | bool relocate = false; |
307 | bool is_split; |
308 | void *ptr; |
309 | int ret = 0; |
310 | int i; |
311 | |
312 | if (!fw || !mem_region || !mem_phys || !mem_size) |
313 | return -EINVAL; |
314 | |
315 | is_split = qcom_mdt_bins_are_split(fw, fw_name); |
316 | ehdr = (struct elf32_hdr *)fw->data; |
317 | phdrs = (struct elf32_phdr *)(ehdr + 1); |
318 | |
319 | for (i = 0; i < ehdr->e_phnum; i++) { |
320 | phdr = &phdrs[i]; |
321 | |
322 | if (!mdt_phdr_valid(phdr)) |
323 | continue; |
324 | |
325 | if (phdr->p_flags & QCOM_MDT_RELOCATABLE) |
326 | relocate = true; |
327 | |
328 | if (phdr->p_paddr < min_addr) |
329 | min_addr = phdr->p_paddr; |
330 | } |
331 | |
332 | if (relocate) { |
333 | /* |
334 | * The image is relocatable, so offset each segment based on |
335 | * the lowest segment address. |
336 | */ |
337 | mem_reloc = min_addr; |
338 | } else { |
339 | /* |
340 | * Image is not relocatable, so offset each segment based on |
341 | * the allocated physical chunk of memory. |
342 | */ |
343 | mem_reloc = mem_phys; |
344 | } |
345 | |
346 | for (i = 0; i < ehdr->e_phnum; i++) { |
347 | phdr = &phdrs[i]; |
348 | |
349 | if (!mdt_phdr_valid(phdr)) |
350 | continue; |
351 | |
352 | offset = phdr->p_paddr - mem_reloc; |
353 | if (offset < 0 || offset + phdr->p_memsz > mem_size) { |
354 | dev_err(dev, "segment outside memory range\n" ); |
355 | ret = -EINVAL; |
356 | break; |
357 | } |
358 | |
359 | if (phdr->p_filesz > phdr->p_memsz) { |
360 | dev_err(dev, |
361 | "refusing to load segment %d with p_filesz > p_memsz\n" , |
362 | i); |
363 | ret = -EINVAL; |
364 | break; |
365 | } |
366 | |
367 | ptr = mem_region + offset; |
368 | |
369 | if (phdr->p_filesz && !is_split) { |
370 | /* Firmware is large enough to be non-split */ |
371 | if (phdr->p_offset + phdr->p_filesz > fw->size) { |
372 | dev_err(dev, "file %s segment %d would be truncated\n" , |
373 | fw_name, i); |
374 | ret = -EINVAL; |
375 | break; |
376 | } |
377 | |
378 | memcpy(ptr, fw->data + phdr->p_offset, phdr->p_filesz); |
379 | } else if (phdr->p_filesz) { |
380 | /* Firmware not large enough, load split-out segments */ |
381 | ret = mdt_load_split_segment(ptr, phdrs, segment: i, fw_name, dev); |
382 | if (ret) |
383 | break; |
384 | } |
385 | |
386 | if (phdr->p_memsz > phdr->p_filesz) |
387 | memset(ptr + phdr->p_filesz, 0, phdr->p_memsz - phdr->p_filesz); |
388 | } |
389 | |
390 | if (reloc_base) |
391 | *reloc_base = mem_reloc; |
392 | |
393 | return ret; |
394 | } |
395 | |
396 | /** |
397 | * qcom_mdt_load() - load the firmware which header is loaded as fw |
398 | * @dev: device handle to associate resources with |
399 | * @fw: firmware object for the mdt file |
400 | * @firmware: name of the firmware, for construction of segment file names |
401 | * @pas_id: PAS identifier |
402 | * @mem_region: allocated memory region to load firmware into |
403 | * @mem_phys: physical address of allocated memory region |
404 | * @mem_size: size of the allocated memory region |
405 | * @reloc_base: adjusted physical address after relocation |
406 | * |
407 | * Returns 0 on success, negative errno otherwise. |
408 | */ |
409 | int qcom_mdt_load(struct device *dev, const struct firmware *fw, |
410 | const char *firmware, int pas_id, void *mem_region, |
411 | phys_addr_t mem_phys, size_t mem_size, |
412 | phys_addr_t *reloc_base) |
413 | { |
414 | int ret; |
415 | |
416 | ret = qcom_mdt_pas_init(dev, fw, firmware, pas_id, mem_phys, NULL); |
417 | if (ret) |
418 | return ret; |
419 | |
420 | return __qcom_mdt_load(dev, fw, fw_name: firmware, pas_id, mem_region, mem_phys, |
421 | mem_size, reloc_base, pas_init: true); |
422 | } |
423 | EXPORT_SYMBOL_GPL(qcom_mdt_load); |
424 | |
425 | /** |
426 | * qcom_mdt_load_no_init() - load the firmware which header is loaded as fw |
427 | * @dev: device handle to associate resources with |
428 | * @fw: firmware object for the mdt file |
429 | * @firmware: name of the firmware, for construction of segment file names |
430 | * @pas_id: PAS identifier |
431 | * @mem_region: allocated memory region to load firmware into |
432 | * @mem_phys: physical address of allocated memory region |
433 | * @mem_size: size of the allocated memory region |
434 | * @reloc_base: adjusted physical address after relocation |
435 | * |
436 | * Returns 0 on success, negative errno otherwise. |
437 | */ |
438 | int qcom_mdt_load_no_init(struct device *dev, const struct firmware *fw, |
439 | const char *firmware, int pas_id, |
440 | void *mem_region, phys_addr_t mem_phys, |
441 | size_t mem_size, phys_addr_t *reloc_base) |
442 | { |
443 | return __qcom_mdt_load(dev, fw, fw_name: firmware, pas_id, mem_region, mem_phys, |
444 | mem_size, reloc_base, pas_init: false); |
445 | } |
446 | EXPORT_SYMBOL_GPL(qcom_mdt_load_no_init); |
447 | |
448 | MODULE_DESCRIPTION("Firmware parser for Qualcomm MDT format" ); |
449 | MODULE_LICENSE("GPL v2" ); |
450 | |