/* * Copyright (C) 2020 Benson Leung * * SPDX-License-Identifier: LGPL-2.1+ */ #include "config.h" #include #include "fu-common.h" #include "fu-fmap-firmware.h" /** * FuFmapFirmware: * * A FMAP firmware image. * * See also: [class@FuFirmware] */ #define FMAP_SIGNATURE "__FMAP__" #define FMAP_AREANAME "FMAP" G_DEFINE_TYPE (FuFmapFirmware, fu_fmap_firmware, FU_TYPE_FIRMWARE) static gboolean fu_fmap_firmware_find_offset (FuFmapFirmware *self, const guint8 *buf, gsize bufsz, GError **error) { #ifdef HAVE_MEMMEM const guint8 *tmp; g_return_val_if_fail (buf != NULL, FALSE); /* trust glibc to do a binary or linear search as appropriate */ tmp = memmem (buf, bufsz, FMAP_SIGNATURE, 8); if (tmp == NULL) { g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA, "fmap header not found"); return FALSE; } fu_firmware_set_offset (FU_FIRMWARE (self), tmp - buf); return TRUE; #else g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA, "memmem() not available"); return FALSE; #endif } static gboolean fu_fmap_firmware_parse (FuFirmware *firmware, GBytes *fw, guint64 addr_start, guint64 addr_end, FwupdInstallFlags flags, GError **error) { FuFmapFirmware *self = FU_FMAP_FIRMWARE (firmware); FuFmapFirmwareClass *klass_firmware = FU_FMAP_FIRMWARE_GET_CLASS (firmware); gsize bufsz; const guint8 *buf = g_bytes_get_data (fw, &bufsz); gsize offset = 0; FuFmap fmap; /* corrupt */ if (g_bytes_get_size (fw) < sizeof (FuFmap)) { g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA, "firmware too small for fmap"); return FALSE; } /* only search for the fmap signature if not fuzzing */ if ((flags & FWUPD_INSTALL_FLAG_NO_SEARCH) == 0) { if (!fu_fmap_firmware_find_offset (self, buf, bufsz, error)) return FALSE; } /* load header */ if (!fu_memcpy_safe ((guint8 *) &fmap, sizeof(fmap), 0x0, /* dst */ buf, bufsz, fu_firmware_get_offset (firmware), /* src */ sizeof(fmap), error)) return FALSE; fu_firmware_set_addr (firmware, GUINT64_FROM_LE (fmap.base)); if (GUINT32_FROM_LE (fmap.size) != bufsz) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA, "file size incorrect, expected 0x%04x got 0x%04x", (guint) fmap.size, (guint) bufsz); return FALSE; } if (GUINT16_FROM_LE (fmap.nareas) < 1) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA, "number of areas too small, got %" G_GUINT16_FORMAT, GUINT16_FROM_LE (fmap.nareas)); return FALSE; } offset = fu_firmware_get_offset (firmware) + sizeof(fmap); for (gsize i = 0; i < GUINT16_FROM_LE (fmap.nareas); i++) { FuFmapArea area; g_autoptr(FuFirmware) img = NULL; g_autoptr(GBytes) bytes = NULL; g_autofree gchar *area_name = NULL; /* load area */ if (!fu_memcpy_safe ((guint8 *) &area, sizeof(area), 0x0, /* dst */ buf, bufsz, offset, /* src */ sizeof(area), error)) return FALSE; /* skip */ if (area.size == 0) continue; bytes = fu_common_bytes_new_offset (fw, (gsize) GUINT32_FROM_LE (area.offset), (gsize) GUINT32_FROM_LE (area.size), error); if (bytes == NULL) return FALSE; area_name = g_strndup ((const gchar *) area.name, FU_FMAP_FIRMWARE_STRLEN); img = fu_firmware_new_from_bytes (bytes); fu_firmware_set_id (img, area_name); fu_firmware_set_idx (img, i + 1); fu_firmware_set_addr (img, GUINT32_FROM_LE (area.offset)); fu_firmware_add_image (firmware, img); if (g_strcmp0 (area_name, FMAP_AREANAME) == 0) { g_autofree gchar *version = NULL; version = g_strdup_printf ("%d.%d", fmap.ver_major, fmap.ver_minor); fu_firmware_set_version (img, version); } offset += sizeof(area); } /* subclassed */ if (klass_firmware->parse != NULL) { if (!klass_firmware->parse (firmware, fw, addr_start, addr_end, flags, error)) return FALSE; } /* success */ return TRUE; } static GBytes * fu_fmap_firmware_write (FuFirmware *firmware, GError **error) { gsize total_sz; gsize offset; g_autoptr(GPtrArray) images = fu_firmware_get_images (firmware); g_autoptr(GByteArray) buf = g_byte_array_new (); FuFmap hdr = { .signature = { FMAP_SIGNATURE }, .ver_major = 0x1, .ver_minor = 0x1, .base = GUINT64_TO_LE (fu_firmware_get_addr (firmware)), .size = 0x0, .name = "", .nareas = GUINT16_TO_LE (images->len), }; /* pad to offset */ if (fu_firmware_get_offset (firmware) > 0) fu_byte_array_set_size (buf, fu_firmware_get_offset (firmware)); /* add header */ total_sz = offset = sizeof(hdr) + (sizeof(FuFmapArea) * images->len); for (guint i = 0; i < images->len; i++) { FuFirmware *img = g_ptr_array_index (images, i); g_autoptr(GBytes) fw = fu_firmware_get_bytes (img, error); if (fw == NULL) return NULL; total_sz += g_bytes_get_size (fw); } hdr.size = GUINT32_TO_LE (fu_firmware_get_offset (firmware) + total_sz); g_byte_array_append (buf, (const guint8 *) &hdr, sizeof(hdr)); /* add each area */ for (guint i = 0; i < images->len; i++) { FuFirmware *img = g_ptr_array_index (images, i); const gchar *id = fu_firmware_get_id (img); g_autoptr(GBytes) fw = fu_firmware_get_bytes (img, NULL); FuFmapArea area = { .offset = GUINT32_TO_LE (fu_firmware_get_offset (firmware) + offset), .size = GUINT32_TO_LE (g_bytes_get_size (fw)), .name = { "" }, .flags = 0x0, }; if (id != NULL) strncpy ((gchar *) area.name, id, sizeof(area.name) - 1); g_byte_array_append (buf, (const guint8 *) &area, sizeof(area)); offset += g_bytes_get_size (fw); } /* add the images */ for (guint i = 0; i < images->len; i++) { FuFirmware *img = g_ptr_array_index (images, i); g_autoptr(GBytes) fw = fu_firmware_get_bytes (img, NULL); fu_byte_array_append_bytes (buf, fw); } /* success */ return g_byte_array_free_to_bytes (g_steal_pointer (&buf)); } static void fu_fmap_firmware_init (FuFmapFirmware *self) { } static void fu_fmap_firmware_class_init (FuFmapFirmwareClass *klass) { FuFirmwareClass *klass_firmware = FU_FIRMWARE_CLASS (klass); klass_firmware->parse = fu_fmap_firmware_parse; klass_firmware->write = fu_fmap_firmware_write; } /** * fu_fmap_firmware_new * * Creates a new #FuFirmware of sub type fmap * * Since: 1.5.0 **/ FuFirmware * fu_fmap_firmware_new (void) { return FU_FIRMWARE (g_object_new (FU_TYPE_FMAP_FIRMWARE, NULL)); }