[openwrt/openwrt] kernel: mtd: bcm47xxpart: improve handling TRX partition size
LEDE Commits
lede-commits at lists.infradead.org
Thu Apr 12 00:51:42 PDT 2018
rmilecki pushed a commit to openwrt/openwrt.git, branch lede-17.01:
https://git.lede-project.org/4673a0bffc890b5137d6c20664efad5d01791782
commit 4673a0bffc890b5137d6c20664efad5d01791782
Author: Rafał Miłecki <rafal at milecki.pl>
AuthorDate: Thu Apr 12 08:25:17 2018 +0200
kernel: mtd: bcm47xxpart: improve handling TRX partition size
This is important fix for flash parsing in some corner cases. In case
of TRX subpartition with rootfs being aligned to the flash block size it
was incorrectly registered twice. Detecting & registering it as a
standalone partition was resulting in an incorrect "firmware" partition
size and possibly broken sysupgrade.
It wasn't noticed before because "rootfs" alignment depends on a kernel
size. It can happen though - depending on the configuration and the
kernel size.
Signed-off-by: Rafał Miłecki <rafal at milecki.pl>
(cherry picked from commit f5195e72c0fcf2949f7d6296a5db081eb58f8e32)
---
...xpart-improve-handling-TRX-partition-size.patch | 65 ++++++++++++++++++++++
1 file changed, 65 insertions(+)
diff --git a/target/linux/generic/patches-4.4/141-mtd-bcm47xxpart-improve-handling-TRX-partition-size.patch b/target/linux/generic/patches-4.4/141-mtd-bcm47xxpart-improve-handling-TRX-partition-size.patch
new file mode 100644
index 0000000..31acebf
--- /dev/null
+++ b/target/linux/generic/patches-4.4/141-mtd-bcm47xxpart-improve-handling-TRX-partition-size.patch
@@ -0,0 +1,65 @@
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal at milecki.pl>
+Subject: [PATCH] mtd: bcm47xxpart: improve handling TRX partition size
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When bcm47xxpart finds a TRX partition (container) it's supposed to jump
+to the end of it and keep looking for more partitions. TRX and its
+subpartitions are handled be a separated parser.
+
+The problem with old code was relying on the length specified in a TRX
+header. That isn't reliable as TRX is commonly modified to have checksum
+cover only non-changing subpartitions. Otherwise modifying e.g. a rootfs
+would result in CRC32 mismatch and bootloader refusing to boot a
+firmware.
+
+Fix it by trying better to figure out a real TRX size. We can securely
+assume that TRX has to cover all subpartitions and the last one is at
+least of a block size in size. Then compare it with a length field.
+
+This makes code more optimal & reliable thanks to skipping data that
+shouldn't be parsed.
+
+Signed-off-by: Rafał Miłecki <rafal at milecki.pl>
+---
+
+--- a/drivers/mtd/bcm47xxpart.c
++++ b/drivers/mtd/bcm47xxpart.c
+@@ -268,6 +268,8 @@ static int bcm47xxpart_parse(struct mtd_
+ /* TRX */
+ if (buf[0x000 / 4] == TRX_MAGIC) {
+ struct trx_header *trx;
++ uint32_t last_subpart;
++ uint32_t trx_size;
+
+ if (trx_num >= ARRAY_SIZE(trx_parts))
+ pr_warn("No enough space to store another TRX found at 0x%X\n",
+@@ -277,11 +279,23 @@ static int bcm47xxpart_parse(struct mtd_
+ bcm47xxpart_add_part(&parts[curr_part++], "firmware",
+ offset, 0);
+
+- /* Jump to the end of TRX */
++ /*
++ * Try to find TRX size. The "length" field isn't fully
++ * reliable as it could be decreased to make CRC32 cover
++ * only part of TRX data. It's commonly used as checksum
++ * can't cover e.g. ever-changing rootfs partition.
++ * Use offsets as helpers for assuming min TRX size.
++ */
+ trx = (struct trx_header *)buf;
+- offset = roundup(offset + trx->length, blocksize);
+- /* Next loop iteration will increase the offset */
+- offset -= blocksize;
++ last_subpart = max3(trx->offset[0], trx->offset[1],
++ trx->offset[2]);
++ trx_size = max(trx->length, last_subpart + blocksize);
++
++ /*
++ * Skip the TRX data. Decrease offset by block size as
++ * the next loop iteration will increase it.
++ */
++ offset += roundup(trx_size, blocksize) - blocksize;
+ continue;
+ }
+
More information about the lede-commits
mailing list