2 * Copyright (C) 2013 Gabor Juhos <juhosg@openwrt.org>
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License version 2 as published
6 * by the Free Software Foundation.
10 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/kernel.h>
15 #include <linux/slab.h>
16 #include <linux/vmalloc.h>
17 #include <linux/mtd/mtd.h>
18 #include <linux/mtd/partitions.h>
19 #include <linux/byteorder/generic.h>
24 * uimage_header itself is only 64B, but it may be prepended with another data.
25 * Currently the biggest size is for Edimax devices: 20B + 64B
27 #define MAX_HEADER_LEN 84
29 #define IH_MAGIC 0x27051956 /* Image Magic Number */
30 #define IH_NMLEN 32 /* Image Name Length */
32 #define IH_OS_LINUX 5 /* Linux */
34 #define IH_TYPE_KERNEL 2 /* OS Kernel Image */
35 #define IH_TYPE_FILESYSTEM 7 /* Filesystem Image */
38 * Legacy format image header,
39 * all data in network byte order (aka natural aka bigendian).
41 struct uimage_header {
42 uint32_t ih_magic; /* Image Header Magic Number */
43 uint32_t ih_hcrc; /* Image Header CRC Checksum */
44 uint32_t ih_time; /* Image Creation Timestamp */
45 uint32_t ih_size; /* Image Data Size */
46 uint32_t ih_load; /* Data Load Address */
47 uint32_t ih_ep; /* Entry Point Address */
48 uint32_t ih_dcrc; /* Image Data CRC Checksum */
49 uint8_t ih_os; /* Operating System */
50 uint8_t ih_arch; /* CPU architecture */
51 uint8_t ih_type; /* Image Type */
52 uint8_t ih_comp; /* Compression Type */
53 uint8_t ih_name[IH_NMLEN]; /* Image Name */
57 read_uimage_header(struct mtd_info *mtd, size_t offset, u_char *buf,
63 ret = mtd_read(mtd, offset, header_len, &retlen, buf);
65 pr_debug("read error in \"%s\"\n", mtd->name);
69 if (retlen != header_len) {
70 pr_debug("short read in \"%s\"\n", mtd->name);
78 * __mtdsplit_parse_uimage - scan partition and create kernel + rootfs parts
80 * @find_header: function to call for a block of data that will return offset
81 * of a valid uImage header if found
83 static int __mtdsplit_parse_uimage(struct mtd_info *master,
84 struct mtd_partition **pparts,
85 struct mtd_part_parser_data *data,
86 ssize_t (*find_header)(u_char *buf, size_t len))
88 struct mtd_partition *parts;
93 size_t uimage_size = 0;
95 size_t rootfs_size = 0;
96 int uimage_part, rf_part;
100 parts = kzalloc(nr_parts * sizeof(*parts), GFP_KERNEL);
104 buf = vmalloc(MAX_HEADER_LEN);
110 /* find uImage on erase block boundaries */
111 for (offset = 0; offset < master->size; offset += master->erasesize) {
112 struct uimage_header *header;
116 ret = read_uimage_header(master, offset, buf, MAX_HEADER_LEN);
120 ret = find_header(buf, MAX_HEADER_LEN);
122 pr_debug("no valid uImage found in \"%s\" at offset %llx\n",
123 master->name, (unsigned long long) offset);
126 header = (struct uimage_header *)(buf + ret);
128 uimage_size = sizeof(*header) + be32_to_cpu(header->ih_size);
129 if ((offset + uimage_size) > master->size) {
130 pr_debug("uImage exceeds MTD device \"%s\"\n",
137 if (uimage_size == 0) {
138 pr_debug("no uImage found in \"%s\"\n", master->name);
143 uimage_offset = offset;
145 if (uimage_offset == 0) {
149 /* find the roots after the uImage */
150 ret = mtd_find_rootfs_from(master,
151 uimage_offset + uimage_size,
155 pr_debug("no rootfs after uImage in \"%s\"\n",
160 rootfs_size = master->size - rootfs_offset;
161 uimage_size = rootfs_offset - uimage_offset;
166 /* check rootfs presence at offset 0 */
167 ret = mtd_check_rootfs_magic(master, 0);
169 pr_debug("no rootfs before uImage in \"%s\"\n",
175 rootfs_size = uimage_offset;
178 if (rootfs_size == 0) {
179 pr_debug("no rootfs found in \"%s\"\n", master->name);
184 parts[uimage_part].name = KERNEL_PART_NAME;
185 parts[uimage_part].offset = uimage_offset;
186 parts[uimage_part].size = uimage_size;
188 parts[rf_part].name = ROOTFS_PART_NAME;
189 parts[rf_part].offset = rootfs_offset;
190 parts[rf_part].size = rootfs_size;
205 static ssize_t uimage_verify_default(u_char *buf, size_t len)
207 struct uimage_header *header = (struct uimage_header *)buf;
209 /* default sanity checks */
210 if (be32_to_cpu(header->ih_magic) != IH_MAGIC) {
211 pr_debug("invalid uImage magic: %08x\n",
212 be32_to_cpu(header->ih_magic));
216 if (header->ih_os != IH_OS_LINUX) {
217 pr_debug("invalid uImage OS: %08x\n",
218 be32_to_cpu(header->ih_os));
222 if (header->ih_type != IH_TYPE_KERNEL) {
223 pr_debug("invalid uImage type: %08x\n",
224 be32_to_cpu(header->ih_type));
232 mtdsplit_uimage_parse_generic(struct mtd_info *master,
233 struct mtd_partition **pparts,
234 struct mtd_part_parser_data *data)
236 return __mtdsplit_parse_uimage(master, pparts, data,
237 uimage_verify_default);
240 static struct mtd_part_parser uimage_generic_parser = {
241 .owner = THIS_MODULE,
243 .parse_fn = mtdsplit_uimage_parse_generic,
244 .type = MTD_PARSER_TYPE_FIRMWARE,
247 #define FW_MAGIC_WNR2000V3 0x32303033
248 #define FW_MAGIC_WNR2000V4 0x32303034
249 #define FW_MAGIC_WNR2200 0x32323030
250 #define FW_MAGIC_WNR612V2 0x32303631
251 #define FW_MAGIC_WNR1000V2 0x31303031
252 #define FW_MAGIC_WNR1000V2_VC 0x31303030
253 #define FW_MAGIC_WNDR3700 0x33373030
254 #define FW_MAGIC_WNDR3700V2 0x33373031
256 static ssize_t uimage_verify_wndr3700(u_char *buf, size_t len)
258 struct uimage_header *header = (struct uimage_header *)buf;
259 uint8_t expected_type = IH_TYPE_FILESYSTEM;
261 switch be32_to_cpu(header->ih_magic) {
262 case FW_MAGIC_WNR612V2:
263 case FW_MAGIC_WNR1000V2:
264 case FW_MAGIC_WNR1000V2_VC:
265 case FW_MAGIC_WNR2000V3:
266 case FW_MAGIC_WNR2200:
267 case FW_MAGIC_WNDR3700:
268 case FW_MAGIC_WNDR3700V2:
270 case FW_MAGIC_WNR2000V4:
271 expected_type = IH_TYPE_KERNEL;
277 if (header->ih_os != IH_OS_LINUX ||
278 header->ih_type != expected_type)
285 mtdsplit_uimage_parse_netgear(struct mtd_info *master,
286 struct mtd_partition **pparts,
287 struct mtd_part_parser_data *data)
289 return __mtdsplit_parse_uimage(master, pparts, data,
290 uimage_verify_wndr3700);
293 static struct mtd_part_parser uimage_netgear_parser = {
294 .owner = THIS_MODULE,
295 .name = "netgear-fw",
296 .parse_fn = mtdsplit_uimage_parse_netgear,
297 .type = MTD_PARSER_TYPE_FIRMWARE,
300 /**************************************************
302 **************************************************/
304 #define FW_EDIMAX_OFFSET 20
305 #define FW_MAGIC_EDIMAX 0x43535953
307 static ssize_t uimage_find_edimax(u_char *buf, size_t len)
309 struct uimage_header *header;
311 if (len < FW_EDIMAX_OFFSET + sizeof(*header)) {
312 pr_err("Buffer too small for checking Edimax header\n");
316 header = (struct uimage_header *)(buf + FW_EDIMAX_OFFSET);
318 switch be32_to_cpu(header->ih_magic) {
319 case FW_MAGIC_EDIMAX:
325 if (header->ih_os != IH_OS_LINUX ||
326 header->ih_type != IH_TYPE_FILESYSTEM)
329 return FW_EDIMAX_OFFSET;
333 mtdsplit_uimage_parse_edimax(struct mtd_info *master,
334 struct mtd_partition **pparts,
335 struct mtd_part_parser_data *data)
337 return __mtdsplit_parse_uimage(master, pparts, data,
341 static struct mtd_part_parser uimage_edimax_parser = {
342 .owner = THIS_MODULE,
344 .parse_fn = mtdsplit_uimage_parse_edimax,
345 .type = MTD_PARSER_TYPE_FIRMWARE,
348 /**************************************************
350 **************************************************/
352 static int __init mtdsplit_uimage_init(void)
354 register_mtd_parser(&uimage_generic_parser);
355 register_mtd_parser(&uimage_netgear_parser);
356 register_mtd_parser(&uimage_edimax_parser);
361 module_init(mtdsplit_uimage_init);