From patchwork Wed Aug 19 11:36:08 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sander Vanheule <sander@svanheule.net>
X-Patchwork-Id: 1347726
X-Patchwork-Delegate: stijn@linux-ipv6.be
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org
 (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=svanheule.net
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=merlin.20170209 header.b=M+//Ehfp;
	dkim=fail reason="signature verification failed" (2048-bit key;
 secure) header.d=svanheule.net header.i=@svanheule.net header.a=rsa-sha256
 header.s=mail1707 header.b=1dQ9zma8;
	dkim-atps=neutral
Received: from merlin.infradead.org (merlin.infradead.org
 [IPv6:2001:8b0:10b:1231::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4BWm5G6R0Qz9sPB
	for <incoming@patchwork.ozlabs.org>; Wed, 19 Aug 2020 21:38:58 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding:
	Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From:
	Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender
	:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner;
	bh=/0E360/OP2aN2qrPX0W3HGqjuw4YrAIhXnJfFnXgXpg=; b=M+//EhfpKyWBO8YOwU7KHT8KVQ
	iwYBZ8kFo8mhOnBQrxaA9WPLveH4IikoojALycBtYvZHvFZSy39MZUTNUA03tISrXSmqm7aRkoacp
	NH8tWTEBZhMfusHy9Lfqjpe3fzVuLprftcvaPE+44FNsGBJkCRBRhPxE7gWYxyEy+PKxDMBY5lIsD
	xxWg65Ts/2qKAmywVpzTUvQCRpyXvC3CJU5oC8e8cM/Jfx8ZQLBWHTTDr9D2p8pgDE9eeEt/fTc86
	gP45BYRCDKQEElPfnVN6xBxHtwrcPJ8iocTmKGGWVmnwsoWbjnOxhBxmhFk0Cytp8tfc1DsFu0m4Y
	C1JTYMlQ==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1k8MPJ-0002ay-U1; Wed, 19 Aug 2020 11:37:29 +0000
Received: from polaris.svanheule.net ([2a00:c98:2060:a004:1::200])
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1k8MPG-0002ZR-0e
 for openwrt-devel@lists.openwrt.org; Wed, 19 Aug 2020 11:37:27 +0000
Received: from terra.local.svanheule.net (unknown
 [IPv6:2a02:a03f:eafe:ac01:b0e2:8cc0:74ab:f9d8])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 (Authenticated sender: sander@svanheule.net)
 by polaris.svanheule.net (Postfix) with ESMTPSA id DEB7A173806;
 Wed, 19 Aug 2020 13:37:21 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=svanheule.net;
 s=mail1707; t=1597837042;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=1Cxw1UFFFv0UwKy+wdLtWcB22RkYuNaXkUSSIO9hCc4=;
 b=1dQ9zma8wvG3/4xFWg1NVPNadPVRvcg8oI7r0tKLS6/oOitwH8XS7Pfv3gJ1YhDMurphjW
 rZDE90H9pV4MdwAbc6GxASQ1Rb+FsXPWQQ/DWqWlaAk8OS+ZYWxYP3v0RV+am+q+c8AUsd
 BW7teAUKSmX/gF1fsgXRhy4INM8lZlTb5sQjaEVuXLZNgA8X9jn52V/3hJC20JRl6mxSbM
 Xr375flQ5Hq2Rzb8v+XO/S/z2zC9V0pW1PU2OicS1CTz9XiwnTolgBtoT3NSA9RvEV0bg8
 bxU4IQEg7gpqKJV5ixeDW3ITUEO2U51bVZou/sCndK0a7IQCXs/XwoWwnu449A==
From: Sander Vanheule <sander@svanheule.net>
To: openwrt-devel@lists.openwrt.org
Subject: [PATCH] kernel: mtdsplit: support ELF loader splitting
Date: Wed, 19 Aug 2020 13:36:08 +0200
Message-Id: <20200819113607.34273-1-sander@svanheule.net>
X-Mailer: git-send-email 2.26.2
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20200819_073726_395739_5697730A 
X-CRM114-Status: GOOD (  32.28  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary:
 Content analysis details:   (-0.2 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2a00:c98:2060:a004:1:0:0:200 listed in]
 [list.dnswl.org]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Cc: Sander Vanheule <sander@svanheule.net>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

To parse the ELF kernel loader, a small ELF parser is used that can
handle both ELF32 or ELF64 class loaders. The splitter assumes that the
kernel is always located before the rootfs, whether it is embedded in
the loader or not. If the kernel is located after the rootfs on the
firmware partition, then the rootfs splitter will include it in the
dynamically created rootfs_data partition and the kernel will be
corrupted.

The kernel image is preferably embedded inside the ELF loader, so the
end of the loader equals the end of the kernel partition. This is due to
the way mtd_find_rootfs_from searches for the the rootfs:
- if the kernel image is embedded in the loader, the appended rootfs may
  follow the loader immediately, within the same erase block.
- if the kernel image is not embedded in the loader, but placed at some
  offset behind the loader (OKLI-style loader), the rootfs must be
  aligned to an erase-block after the loader and kernel image.

In case section header table is empty, determine the elf loader size by
finding the end of the last segment, as defined by the program header
table.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
---
This patch was tested on a number of ath79 devices.

A new splitter was required to enable dynamic firmware partition
splitting on TP-Link's QCA-based EAP 802.11ac access points, due to
limited u-boot functionality. Currently supported TP-Link CPE devices
implemented with a static split might also benefit from this patch.

Changes since RFC:
 * Also support ELF binaries with an empty section header table
 * Added SPDX identifier
 * Renamed header_len to len in mtdsplit_elf_read_mtd()

 .../files/drivers/mtd/mtdsplit/Kconfig        |   5 +
 .../files/drivers/mtd/mtdsplit/Makefile       |   1 +
 .../files/drivers/mtd/mtdsplit/mtdsplit_elf.c | 287 ++++++++++++++++++
 3 files changed, 293 insertions(+)
 create mode 100644 target/linux/generic/files/drivers/mtd/mtdsplit/mtdsplit_elf.c

diff --git a/target/linux/generic/files/drivers/mtd/mtdsplit/Kconfig b/target/linux/generic/files/drivers/mtd/mtdsplit/Kconfig
index 0447df585c..3b7e23af33 100644
--- a/target/linux/generic/files/drivers/mtd/mtdsplit/Kconfig
+++ b/target/linux/generic/files/drivers/mtd/mtdsplit/Kconfig
@@ -79,3 +79,8 @@ config MTD_SPLIT_JIMAGE_FW
 	bool "JBOOT Image based firmware partition parser"
 	depends on MTD_SPLIT_SUPPORT
 	select MTD_SPLIT
+
+config MTD_SPLIT_ELF_FW
+	bool "ELF loader firmware partition parser"
+	depends on MTD_SPLIT_SUPPORT
+	select MTD_SPLIT
diff --git a/target/linux/generic/files/drivers/mtd/mtdsplit/Makefile b/target/linux/generic/files/drivers/mtd/mtdsplit/Makefile
index d3634e78db..8671628e7c 100644
--- a/target/linux/generic/files/drivers/mtd/mtdsplit/Makefile
+++ b/target/linux/generic/files/drivers/mtd/mtdsplit/Makefile
@@ -12,3 +12,4 @@ obj-$(CONFIG_MTD_SPLIT_EVA_FW) += mtdsplit_eva.o
 obj-$(CONFIG_MTD_SPLIT_WRGG_FW) += mtdsplit_wrgg.o
 obj-$(CONFIG_MTD_SPLIT_MINOR_FW) += mtdsplit_minor.o
 obj-$(CONFIG_MTD_SPLIT_JIMAGE_FW) += mtdsplit_jimage.o
+obj-$(CONFIG_MTD_SPLIT_ELF_FW) += mtdsplit_elf.o
diff --git a/target/linux/generic/files/drivers/mtd/mtdsplit/mtdsplit_elf.c b/target/linux/generic/files/drivers/mtd/mtdsplit/mtdsplit_elf.c
new file mode 100644
index 0000000000..47818416f6
--- /dev/null
+++ b/target/linux/generic/files/drivers/mtd/mtdsplit/mtdsplit_elf.c
@@ -0,0 +1,287 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ *  MTD splitter for ELF loader firmware partitions
+ *
+ *  Copyright (C) 2020 Sander Vanheule <sander@svanheule.net>
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the Free
+ *  Software Foundation; version 2.
+ *
+ *  To parse the ELF kernel loader, a small ELF parser is used that can
+ *  handle both ELF32 or ELF64 class loaders. The splitter assumes that the
+ *  kernel is always located before the rootfs, whether it is embedded in the
+ *  loader or not.
+ *
+ *  The kernel image is preferably embedded inside the ELF loader, so the end
+ *  of the loader equals the end of the kernel partition. This is due to the
+ *  way mtd_find_rootfs_from searches for the the rootfs:
+ *  - if the kernel image is embedded in the loader, the appended rootfs may
+ *    follow the loader immediately, within the same erase block.
+ *  - if the kernel image is not embedded in the loader, but placed at some
+ *    offset behind the loader (OKLI-style loader), the rootfs must be
+ *    aligned to an erase-block after the loader and kernel image.
+ */
+
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/mtd/mtd.h>
+#include <linux/mtd/partitions.h>
+#include <linux/of.h>
+#include <linux/byteorder/generic.h>
+
+#include "mtdsplit.h"
+
+#define ELF_NR_PARTS	2
+
+#define ELF_MAGIC	0x7f454c46 /* 0x7f E L F */
+#define ELF_CLASS_32	1
+#define ELF_CLASS_64	2
+
+struct elf_header_ident {
+	uint32_t magic;
+	uint8_t class;
+	uint8_t data;
+	uint8_t version;
+	uint8_t osabi;
+	uint8_t abiversion;
+	uint8_t pad[7];
+};
+
+struct elf_header_32 {
+	uint16_t type;
+	uint16_t machine;
+	uint32_t version;
+	uint32_t entry;
+	uint32_t phoff;
+	uint32_t shoff;
+	uint32_t flags;
+	uint16_t ehsize;
+	uint16_t phentsize;
+	uint16_t phnum;
+	uint16_t shentsize;
+	uint16_t shnum;
+	uint16_t shstrndx;
+};
+
+struct elf_header_64 {
+	uint16_t type;
+	uint16_t machine;
+	uint32_t version;
+	uint64_t entry;
+	uint64_t phoff;
+	uint64_t shoff;
+	uint32_t flags;
+	uint16_t ehsize;
+	uint16_t phentsize;
+	uint16_t phnum;
+	uint16_t shentsize;
+	uint16_t shnum;
+	uint16_t shstrndx;
+};
+
+struct elf_header {
+	struct elf_header_ident ident;
+	union {
+		struct elf_header_32 elf32;
+		struct elf_header_64 elf64;
+	};
+};
+
+struct elf_program_header_32 {
+	uint32_t type;
+	uint32_t offset;
+	uint32_t vaddr;
+	uint32_t paddr;
+	uint32_t filesize;
+	uint32_t memsize;
+	uint32_t flags;
+};
+
+struct elf_program_header_64 {
+	uint32_t type;
+	uint32_t flags;
+	uint64_t offset;
+	uint64_t vaddr;
+	uint64_t paddr;
+	uint64_t filesize;
+	uint64_t memsize;
+};
+
+
+static int mtdsplit_elf_read_mtd(struct mtd_info *mtd, size_t offset,
+				 uint8_t *dst, size_t len)
+{
+	size_t retlen;
+	int ret;
+
+	ret = mtd_read(mtd, offset, len, &retlen, dst);
+	if (ret) {
+		pr_debug("read error in \"%s\"\n", mtd->name);
+		return ret;
+	}
+
+	if (retlen != len) {
+		pr_debug("short read in \"%s\"\n", mtd->name);
+		return -EIO;
+	}
+
+	return 0;
+}
+
+static int elf32_determine_size(struct mtd_info *mtd, struct elf_header *hdr,
+				size_t *size)
+{
+	struct elf_header_32 *hdr32 = &(hdr->elf32);
+	int err;
+	size_t section_end, ph_table_end, ph_entry;
+	struct elf_program_header_32 ph;
+
+	*size = 0;
+
+	if (hdr32->shoff > 0) {
+		*size = hdr32->shoff + hdr32->shentsize * hdr32->shnum;
+		return 0;
+	}
+
+	ph_entry = hdr32->phoff;
+	ph_table_end = hdr32->phoff + hdr32->phentsize * hdr32->phnum;
+
+	while (ph_entry < ph_table_end) {
+		err = mtdsplit_elf_read_mtd(mtd, ph_entry, (uint8_t *)(&ph),
+					    sizeof(ph));
+		if (err)
+			return err;
+
+		section_end = ph.offset + ph.filesize;
+		if (section_end > *size)
+			*size = section_end;
+
+		ph_entry += hdr32->phentsize;
+	}
+
+	return 0;
+}
+
+static int elf64_determine_size(struct mtd_info *mtd, struct elf_header *hdr,
+				size_t *size)
+{
+	struct elf_header_64 *hdr64 = &(hdr->elf64);
+	int err;
+	size_t section_end, ph_table_end, ph_entry;
+	struct elf_program_header_64 ph;
+
+	*size = 0;
+
+	if (hdr64->shoff > 0) {
+		*size = hdr64->shoff + hdr64->shentsize * hdr64->shnum;
+		return 0;
+	}
+
+	ph_entry = hdr64->phoff;
+	ph_table_end = hdr64->phoff + hdr64->phentsize * hdr64->phnum;
+
+	while (ph_entry < ph_table_end) {
+		err = mtdsplit_elf_read_mtd(mtd, ph_entry, (uint8_t *)(&ph),
+					    sizeof(ph));
+		if (err)
+			return err;
+
+		section_end = ph.offset + ph.filesize;
+		if (section_end > *size)
+			*size = section_end;
+
+		ph_entry += hdr64->phentsize;
+	}
+
+	return 0;
+}
+
+static int mtdsplit_parse_elf(struct mtd_info *mtd,
+			      const struct mtd_partition **pparts,
+			      struct mtd_part_parser_data *data)
+{
+	struct elf_header hdr;
+	size_t loader_size, rootfs_offset;
+	enum mtdsplit_part_type type;
+	struct mtd_partition *parts;
+	int err;
+
+	err = mtdsplit_elf_read_mtd(mtd, 0, (uint8_t *)&hdr, sizeof(hdr));
+	if (err)
+		return err;
+
+	if (be32_to_cpu(hdr.ident.magic) != ELF_MAGIC) {
+		pr_debug("invalid ELF magic %08x\n",
+			 be32_to_cpu(hdr.ident.magic));
+		return -EINVAL;
+	}
+
+	switch (hdr.ident.class) {
+	case ELF_CLASS_32:
+		err = elf32_determine_size(mtd, &hdr, &loader_size);
+		break;
+	case ELF_CLASS_64:
+		err = elf64_determine_size(mtd, &hdr, &loader_size);
+		break;
+	default:
+		pr_debug("invalid ELF class %i\n", hdr.ident.class);
+		err = -EINVAL;
+	}
+
+	if (err)
+		return err;
+
+	err = mtd_find_rootfs_from(mtd, loader_size, mtd->size,
+				   &rootfs_offset, &type);
+	if (err)
+		return err;
+
+	if (rootfs_offset == mtd->size) {
+		pr_debug("no rootfs found in \"%s\"\n", mtd->name);
+		return -ENODEV;
+	}
+
+	parts = kzalloc(ELF_NR_PARTS * sizeof(*parts), GFP_KERNEL);
+	if (!parts)
+		return -ENOMEM;
+
+	parts[0].name = KERNEL_PART_NAME;
+	parts[0].offset = 0;
+	parts[0].size = rootfs_offset;
+
+	if (type == MTDSPLIT_PART_TYPE_UBI)
+		parts[1].name = UBI_PART_NAME;
+	else
+		parts[1].name = ROOTFS_PART_NAME;
+	parts[1].offset = rootfs_offset;
+	parts[1].size = mtd->size - rootfs_offset;
+
+	*pparts = parts;
+	return ELF_NR_PARTS;
+}
+
+static const struct of_device_id mtdsplit_elf_of_match_table[] = {
+	{ .compatible = "openwrt,elf" },
+	{},
+};
+MODULE_DEVICE_TABLE(of, mtdsplit_elf_of_match_table);
+
+static struct mtd_part_parser mtdsplit_elf_parser = {
+	.owner = THIS_MODULE,
+	.name = "elf-loader-fw",
+	.of_match_table = mtdsplit_elf_of_match_table,
+	.parse_fn = mtdsplit_parse_elf,
+	.type = MTD_PARSER_TYPE_FIRMWARE,
+};
+
+static int __init mtdsplit_elf_init(void)
+{
+	register_mtd_parser(&mtdsplit_elf_parser);
+
+	return 0;
+}
+
+subsys_initcall(mtdsplit_elf_init);