blob: e6f0fee397ff1046b2208566a0c04277b2f7f019 [file] [log] [blame]
/*
* Copyright 2018 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "firmware_handler.hpp"
#include "image_handler.hpp"
#include "status.hpp"
#include "util.hpp"
#include <algorithm>
#include <cstdint>
#include <cstring>
#include <fstream>
#include <memory>
#include <phosphor-logging/log.hpp>
#include <string>
#include <vector>
using namespace phosphor::logging;
namespace ipmi_flash
{
std::unique_ptr<blobs::GenericBlobInterface>
FirmwareBlobHandler::CreateFirmwareBlobHandler(
const std::vector<HandlerPack>& firmwares,
const std::vector<DataHandlerPack>& transports,
std::unique_ptr<TriggerableActionInterface> verification,
std::unique_ptr<TriggerableActionInterface> update)
{
/* There must be at least one. */
if (!firmwares.size())
{
log<level::ERR>("Must provide at least one firmware handler.");
return nullptr;
}
if (!transports.size())
{
return nullptr;
}
std::vector<std::string> blobs;
for (const auto& item : firmwares)
{
blobs.push_back(item.blobName);
}
if (0 == std::count(blobs.begin(), blobs.end(), hashBlobId))
{
return nullptr;
}
std::uint16_t bitmask = 0;
for (const auto& item : transports)
{
/* TODO: can use std::accumulate() unless I'm mistaken. :D */
bitmask |= item.bitmask;
}
return std::make_unique<FirmwareBlobHandler>(
firmwares, blobs, transports, bitmask, std::move(verification),
std::move(update));
}
/* Check if the path is in our supported list (or active list). */
bool FirmwareBlobHandler::canHandleBlob(const std::string& path)
{
return (std::count(blobIDs.begin(), blobIDs.end(), path) > 0);
}
/*
* Grab the list of supported firmware.
*
* If there's an open firmware session, it'll already be present in the
* list as "/flash/active/image", and if the hash has started,
* "/flash/active/hash" regardless of mechanism. This is done in the open
* comamnd, no extra work is required here.
*/
std::vector<std::string> FirmwareBlobHandler::getBlobIds()
{
return blobIDs;
}
/*
* Per the design, this mean abort, and this will trigger whatever
* appropriate actions are required to abort the process.
*/
bool FirmwareBlobHandler::deleteBlob(const std::string& path)
{
/* This cannot be called if you have an open session to the path.
* You can have an open session to verify/update/hash/image, but not active*
*
* Therefore, if this is called, it's either on a blob that isn't presently
* open. However, there could be open blobs, so we need to close all open
* sessions. This closing on our is an invalid handler behavior. Therefore,
* we cannot close an active session. To enforce this, we only allow
* deleting if there isn't a file open.
*/
if (fileOpen)
{
return false;
}
/* only includes states where fileOpen == false */
switch (state)
{
case UpdateState::notYetStarted:
/* Trying to delete anything at this point has no effect and returns
* false.
*/
return false;
case UpdateState::verificationPending:
abortProcess();
return true;
case UpdateState::updatePending:
abortProcess();
return true;
default:
break;
}
return false;
}
/*
* Stat on the files will return information such as what supported
* transport mechanisms are available.
*
* Stat on an active file or hash will return information such as the size
* of the data cached, and any additional pertinent information. The
* blob_state on the active files will return the state of the update.
*/
bool FirmwareBlobHandler::stat(const std::string& path, blobs::BlobMeta* meta)
{
/* We know we support this path because canHandle is called ahead */
if (path == verifyBlobId || path == activeImageBlobId ||
path == activeHashBlobId || path == updateBlobId)
{
/* These blobs are placeholders that indicate things, or allow actions,
* but are not stat-able as-is.
*/
return false;
}
/* They are requesting information about the generic blob_id. */
meta->blobState = bitmask;
meta->size = 0;
/* The generic blob_ids state is only the bits related to the transport
* mechanisms.
*/
return true;
}
ActionStatus FirmwareBlobHandler::getActionStatus()
{
ActionStatus value = ActionStatus::unknown;
switch (state)
{
case UpdateState::verificationPending:
value = ActionStatus::unknown;
break;
case UpdateState::verificationStarted:
value = verification->status();
lastVerificationStatus = value;
break;
case UpdateState::verificationCompleted:
value = lastVerificationStatus;
break;
case UpdateState::updatePending:
value = ActionStatus::unknown;
break;
case UpdateState::updateStarted:
value = update->status();
lastUpdateStatus = value;
break;
case UpdateState::updateCompleted:
value = lastUpdateStatus;
break;
default:
break;
}
return value;
}
/*
* Return stat information on an open session. It therefore must be an active
* handle to either the active image or active hash.
*/
bool FirmwareBlobHandler::stat(uint16_t session, blobs::BlobMeta* meta)
{
auto item = lookup.find(session);
if (item == lookup.end())
{
return false;
}
/* The size here refers to the size of the file -- of something analagous.
*/
meta->size = (item->second->imageHandler)
? item->second->imageHandler->getSize()
: 0;
meta->metadata.clear();
if (item->second->activePath == verifyBlobId ||
item->second->activePath == updateBlobId)
{
ActionStatus value = getActionStatus();
meta->metadata.push_back(static_cast<std::uint8_t>(value));
/* Change the firmware handler's state and the blob's stat value
* depending.
*/
if (value == ActionStatus::success || value == ActionStatus::failed)
{
if (item->second->activePath == verifyBlobId)
{
state = UpdateState::verificationCompleted;
}
else
{
/* item->second->activePath == updateBlobId */
state = UpdateState::updateCompleted;
}
item->second->flags &= ~blobs::StateFlags::committing;
if (value == ActionStatus::success)
{
item->second->flags |= blobs::StateFlags::committed;
}
else
{
item->second->flags |= blobs::StateFlags::commit_error;
}
}
}
/* The blobState here relates to an active sesion, so we should return the
* flags used to open this session.
*/
meta->blobState = item->second->flags;
/* The metadata blob returned comes from the data handler... it's used for
* instance, in P2A bridging to get required information about the mapping,
* and is the "opposite" of the lpc writemeta requirement.
*/
if (item->second->dataHandler)
{
auto bytes = item->second->dataHandler->readMeta();
meta->metadata.insert(meta->metadata.begin(), bytes.begin(),
bytes.end());
}
return true;
}
/*
* If you open /flash/image or /flash/tarball, or /flash/hash it will
* interpret the open flags and perform whatever actions are required for
* that update process. The session returned can be used immediately for
* sending data down, without requiring one to open the new active file.
*
* If you open the active flash image or active hash it will let you
* overwrite pieces, depending on the state.
*
* Once the verification process has started the active files cannot be
* opened.
*
* You can only have one open session at a time. Which means, you can only
* have one file open at a time. Trying to open the hash blob_id while you
* still have the flash image blob_id open will fail. Opening the flash
* blob_id when it is already open will fail.
*/
bool FirmwareBlobHandler::open(uint16_t session, uint16_t flags,
const std::string& path)
{
/* Is there an open session already? We only allow one at a time.
*
* Further on this, if there's an active session to the hash we don't allow
* re-opening the image, and if we have the image open, we don't allow
* opening the hash. This design decision may be re-evaluated, and changed
* to only allow one session per object type (of the two types). But,
* consider if the hash is open, do we want to allow writing to the image?
* And why would we? But, really, the point of no-return is once the
* verification process has begun -- which is done via commit() on the hash
* blob_id, we no longer want to allow updating the contents.
*/
if (fileOpen)
{
return false;
}
/* The active blobs are only meant to indicate status that something has
* opened the image file or the hash file.
*/
if (path == activeImageBlobId || path == activeHashBlobId)
{
/* 2a) are they opening the active image? this can only happen if they
* already started one (due to canHandleBlob's behavior).
*/
/* 2b) are they opening the active hash? this can only happen if they
* already started one (due to canHandleBlob's behavior).
*/
return false;
}
/* Check that they've opened for writing - read back not currently
* supported.
*/
if ((flags & blobs::OpenFlags::write) == 0)
{
return false;
}
/* Because canHandleBlob is called before open, we know that if they try to
* open the verifyBlobId, they're in a state where it's present.
*/
switch (state)
{
case UpdateState::uploadInProgress:
/* Unreachable code because if it's started a file is open. */
break;
case UpdateState::verificationPending:
/* Handle opening the verifyBlobId --> we know the image and hash
* aren't open because of the fileOpen check. They can still open
* other files from this state to transition back into
* uploadInProgress.
*
* The file must be opened for writing, but no transport mechanism
* specified since it's irrelevant.
*/
if (path == verifyBlobId)
{
verifyImage.flags = flags;
lookup[session] = &verifyImage;
fileOpen = true;
return true;
}
break;
case UpdateState::verificationStarted:
case UpdateState::verificationCompleted:
/* Unreachable code because if it's started a file is open. */
return false;
case UpdateState::updatePending:
{
/* When in this state, they can only open the updateBlobId */
if (path == updateBlobId)
{
updateImage.flags = flags;
lookup[session] = &updateImage;
fileOpen = true;
return true;
}
else
{
return false;
}
}
case UpdateState::updateStarted:
case UpdateState::updateCompleted:
/* Unreachable code because if it's started a file is open. */
break;
default:
break;
}
/* There are two abstractions at play, how you get the data and how you
* handle that data. such that, whether the data comes from the PCI bridge
* or LPC bridge is not connected to whether the data goes into a static
* layout flash update or a UBI tarball.
*/
/* Check the flags for the transport mechanism: if none match we don't
* support what they request.
*/
if ((flags & bitmask) == 0)
{
return false;
}
/* How are they expecting to copy this data? */
auto d = std::find_if(
transports.begin(), transports.end(),
[&flags](const auto& iter) { return (iter.bitmask & flags); });
if (d == transports.end())
{
return false;
}
/* We found the transport handler they requested, no surprise since
* above we verify they selected at least one we wanted.
*/
/* Elsewhere I do this check by checking "if ::ipmi" because that's the
* only non-external data pathway -- but this is just a more generic
* approach to that.
*/
if (d->handler)
{
/* If the data handler open call fails, open fails. */
if (!d->handler->open())
{
return false;
}
}
/* Do we have a file handler for the type of file they're opening.
* Note: This should only fail if something is somehow crazy wrong.
* Since the canHandle() said yes, and that's tied into the list of explicit
* firmware handers (and file handlers, like this'll know where to write the
* tarball, etc).
*/
auto h = std::find_if(
handlers.begin(), handlers.end(),
[&path](const auto& iter) { return (iter.blobName == path); });
if (h == handlers.end())
{
return false;
}
/* Ok, so we found a handler that matched, so call open() */
if (!h->handler->open(path))
{
return false;
}
Session* curr;
const std::string* active;
if (path == hashBlobId)
{
/* 2c) are they opening the /flash/hash ? (to start the process) */
curr = &activeHash;
active = &activeHashBlobId;
}
else
{
curr = &activeImage;
active = &activeImageBlobId;
}
curr->flags = flags;
curr->dataHandler = d->handler;
curr->imageHandler = h->handler;
lookup[session] = curr;
addBlobId(*active);
removeBlobId(verifyBlobId);
state = UpdateState::uploadInProgress;
fileOpen = true;
return true;
}
/**
* The write command really just grabs the data from wherever it is and sends it
* to the image handler. It's the image handler's responsibility to deal with
* the data provided.
*
* This receives a session from the blob manager, therefore it is always called
* between open() and close().
*/
bool FirmwareBlobHandler::write(uint16_t session, uint32_t offset,
const std::vector<uint8_t>& data)
{
auto item = lookup.find(session);
if (item == lookup.end())
{
return false;
}
/* Prevent writing during verification. */
if (state == UpdateState::verificationStarted)
{
return false;
}
/* Prevent writing to the verification or update blobs. */
if (item->second->activePath == verifyBlobId ||
item->second->activePath == updateBlobId)
{
return false;
}
std::vector<std::uint8_t> bytes;
if (item->second->flags & UpdateFlags::ipmi)
{
bytes = data;
}
else
{
/* little endian required per design, and so on, but TODO: do endianness
* with boost.
*/
struct ExtChunkHdr header;
if (data.size() != sizeof(header))
{
return false;
}
std::memcpy(&header, data.data(), data.size());
bytes = item->second->dataHandler->copyFrom(header.length);
}
return item->second->imageHandler->write(offset, bytes);
}
/*
* If the active session (image or hash) is over LPC, this allows
* configuring it. This option is only available before you start
* writing data for the given item (image or hash). This will return
* false at any other part. -- the lpc handler portion will know to return
* false.
*/
bool FirmwareBlobHandler::writeMeta(uint16_t session, uint32_t offset,
const std::vector<uint8_t>& data)
{
auto item = lookup.find(session);
if (item == lookup.end())
{
return false;
}
if (item->second->flags & UpdateFlags::ipmi)
{
return false;
}
/* Prevent writing meta to the verification blob (it has no data handler).
*/
if (item->second->dataHandler)
{
return item->second->dataHandler->writeMeta(data);
}
return false;
}
/*
* If this command is called on the session for the verifyBlobId, it'll
* trigger a systemd service `verify_image.service` to attempt to verify
* the image.
*
* For this file to have opened, the other two must be closed, which means any
* out-of-band transport mechanism involved is closed.
*/
bool FirmwareBlobHandler::commit(uint16_t session,
const std::vector<uint8_t>& data)
{
auto item = lookup.find(session);
if (item == lookup.end())
{
return false;
}
/* You can only commit on the verifyBlodId or updateBlobId */
if (item->second->activePath != verifyBlobId &&
item->second->activePath != updateBlobId)
{
std::fprintf(stderr, "path: '%s' not expected for commit\n",
item->second->activePath.c_str());
return false;
}
switch (state)
{
case UpdateState::verificationPending:
/* Set state to committing. */
item->second->flags |= blobs::StateFlags::committing;
return triggerVerification();
case UpdateState::verificationStarted:
/* Calling repeatedly has no effect within an update process. */
return true;
case UpdateState::verificationCompleted:
/* Calling after the verification process has completed returns
* failure. */
return false;
case UpdateState::updatePending:
item->second->flags |= blobs::StateFlags::committing;
return triggerUpdate();
case UpdateState::updateStarted:
/* Calling repeatedly has no effect within an update process. */
return true;
default:
return false;
}
}
/*
* Close must be called on the firmware image before triggering
* verification via commit. Once the verification is complete, you can
* then close the hash file.
*
* If the `verify_image.service` returned success, closing the hash file
* will have a specific behavior depending on the update. If it's UBI,
* it'll perform the install. If it's static layout, it'll do nothing. The
* verify_image service in the static layout case is responsible for placing
* the file in the correct staging position.
*/
bool FirmwareBlobHandler::close(uint16_t session)
{
auto item = lookup.find(session);
if (item == lookup.end())
{
return false;
}
switch (state)
{
case UpdateState::uploadInProgress:
/* They are closing a data pathway (image, tarball, hash). */
state = UpdateState::verificationPending;
/* Add verify blob ID now that we can expect it. */
addBlobId(verifyBlobId);
break;
case UpdateState::verificationPending:
/* They haven't triggered, therefore closing is uninteresting.
*/
break;
case UpdateState::verificationStarted:
/* Abort without checking to see if it happened to finish. Require
* the caller to stat() deliberately.
*/
abortVerification();
abortProcess();
break;
case UpdateState::verificationCompleted:
if (lastVerificationStatus == ActionStatus::success)
{
state = UpdateState::updatePending;
addBlobId(updateBlobId);
removeBlobId(verifyBlobId);
}
else
{
/* TODO: Verification failed, what now? */
}
break;
case UpdateState::updatePending:
/* They haven't triggered the update, therefore this is
* uninteresting. */
break;
case UpdateState::updateStarted:
/* Abort without checking to see if it happened to finish. Require
* the caller to stat() deliberately.
*/
abortUpdate();
abortProcess();
break;
case UpdateState::updateCompleted:
if (lastUpdateStatus == ActionStatus::failed)
{
/* TODO: lOG something? */
}
state = UpdateState::notYetStarted;
removeBlobId(updateBlobId);
removeBlobId(activeImageBlobId);
removeBlobId(activeHashBlobId);
break;
default:
break;
}
if (item->second->dataHandler)
{
item->second->dataHandler->close();
}
if (item->second->imageHandler)
{
item->second->imageHandler->close();
}
lookup.erase(item);
fileOpen = false;
return true;
}
bool FirmwareBlobHandler::expire(uint16_t session)
{
return false;
}
/*
* Currently, the design does not provide this with a function, however,
* it will likely change to support reading data back.
*/
std::vector<uint8_t> FirmwareBlobHandler::read(uint16_t session,
uint32_t offset,
uint32_t requestedSize)
{
return {};
}
void FirmwareBlobHandler::abortProcess()
{
/* Closing of open files is handled from close() -- Reaching here from
* delete may never be supported.
*/
removeBlobId(verifyBlobId);
removeBlobId(updateBlobId);
removeBlobId(activeImageBlobId);
removeBlobId(activeHashBlobId);
state = UpdateState::notYetStarted;
}
void FirmwareBlobHandler::abortVerification()
{
verification->abort();
}
bool FirmwareBlobHandler::triggerVerification()
{
bool result = verification->trigger();
if (result)
{
state = UpdateState::verificationStarted;
}
return result;
}
void FirmwareBlobHandler::abortUpdate()
{
update->abort();
}
bool FirmwareBlobHandler::triggerUpdate()
{
bool result = update->trigger();
if (result)
{
state = UpdateState::updateStarted;
}
return result;
}
} // namespace ipmi_flash