summaryrefslogtreecommitdiffstats
path: root/firmware/target/mips/ingenic_x1000/installer-x1000.c
diff options
context:
space:
mode:
Diffstat (limited to 'firmware/target/mips/ingenic_x1000/installer-x1000.c')
-rw-r--r--firmware/target/mips/ingenic_x1000/installer-x1000.c25
1 files changed, 20 insertions, 5 deletions
diff --git a/firmware/target/mips/ingenic_x1000/installer-x1000.c b/firmware/target/mips/ingenic_x1000/installer-x1000.c
index 0a09ad0e91..d2f9e4e5e0 100644
--- a/firmware/target/mips/ingenic_x1000/installer-x1000.c
+++ b/firmware/target/mips/ingenic_x1000/installer-x1000.c
@@ -62,10 +62,13 @@ static const struct update_part updates[] = {
static const int num_updates = sizeof(updates) / sizeof(struct update_part);
+static const uint8_t flash_sig_magic[8] =
+ {0x06, 0x05, 0x04, 0x03, 0x02, 0x55, 0xaa, 0x55};
+
/* calculate the offset and length of the update image; this is constant
* for a given target, based on the update parts and the NAND chip geometry.
*/
-static void get_image_loc(nand_drv* ndrv, size_t* offptr, size_t* lenptr)
+static void get_image_loc(struct nand_drv* ndrv, size_t* offptr, size_t* lenptr)
{
size_t blk_size = ndrv->chip->page_size << ndrv->chip->log2_ppb;
size_t img_off = 0;
@@ -119,7 +122,7 @@ struct updater {
size_t img_len; /* image length in flash = size of the buffer */
mtar_t* tar;
- nand_drv* ndrv;
+ struct nand_drv* ndrv;
};
static int updater_init(struct updater* u)
@@ -148,7 +151,7 @@ static int updater_init(struct updater* u)
/* buf_len is a bit oversized here, but it's not really important */
u->buf_len = u->img_len + sizeof(mtar_t) + 2*CACHEALIGN_SIZE;
- u->buf_hnd = core_alloc("boot_image", u->buf_len);
+ u->buf_hnd = core_alloc_ex(u->buf_len, &buflib_ops_locked);
if(u->buf_hnd < 0) {
rc = IERR_OUT_OF_MEMORY;
goto error;
@@ -178,8 +181,7 @@ static void updater_cleanup(struct updater* u)
if(u->tar && mtar_is_open(u->tar))
mtar_close(u->tar);
- if(u->buf_hnd >= 0)
- core_free(u->buf_hnd);
+ core_free(u->buf_hnd);
if(u->ndrv) {
nand_close(u->ndrv);
@@ -250,6 +252,12 @@ int backup_bootloader(const char* filename)
goto error;
}
+ /* bail if we're backing up something that looks like garbage */
+ if (memcmp(u.img_buf, flash_sig_magic, 8)) {
+ rc = IERR_CORRUPTED_BACKUP;
+ goto error;
+ }
+
/* write to file */
fd = open(filename, O_CREAT|O_TRUNC|O_WRONLY);
if(fd < 0) {
@@ -294,6 +302,12 @@ int restore_bootloader(const char* filename)
goto error;
}
+ /* safety check to reduce risk of flashing complete garbage */
+ if (memcmp(u.img_buf, flash_sig_magic, 8)) {
+ rc = IERR_CORRUPTED_BACKUP;
+ goto error;
+ }
+
/* write image */
rc = nand_write_bytes(u.ndrv, u.img_off, u.img_len, u.img_buf);
if(rc != NAND_SUCCESS) {
@@ -321,6 +335,7 @@ const char* installer_strerror(int rc)
case IERR_NAND_OPEN: return "NAND open error";
case IERR_NAND_READ: return "NAND read error";
case IERR_NAND_WRITE: return "NAND write error";
+ case IERR_CORRUPTED_BACKUP: return "Backup is corrupt";
default: return "Unknown error!?";
}
}