blob: 7c78765dd81d01e354bc719578df1f39f42501ce [file] [log] [blame]
/*
* Copyright 2018 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "updater.hpp"
#include "firmware_handler.hpp"
#include "tool_errors.hpp"
#include <algorithm>
#include <blobs-ipmid/blobs.hpp>
#include <cstring>
#include <ipmiblob/blob_errors.hpp>
#include <memory>
#include <string>
#include <thread>
namespace host_tool
{
/* Poll an open verification session. Handling closing the session is not yet
* owned by this method. */
bool pollVerificationStatus(std::uint16_t session,
ipmiblob::BlobInterface* blob)
{
using namespace std::chrono_literals;
static constexpr auto verificationSleep = 5s;
static constexpr int commandAttempts = 20;
int attempts = 0;
bool exitLoop = false;
blobs::FirmwareBlobHandler::VerifyCheckResponses result =
blobs::FirmwareBlobHandler::VerifyCheckResponses::other;
try
{
/* Reach back the current status from the verification service output.
*/
while (attempts++ < commandAttempts)
{
ipmiblob::StatResponse resp = blob->getStat(session);
if (resp.metadata.size() != sizeof(std::uint8_t))
{
/* TODO: How do we want to handle the verification failures,
* because closing the session to the verify blob has a special
* as-of-yet not fully defined behavior.
*/
std::fprintf(stderr, "Received invalid metadata response!!!\n");
}
result =
static_cast<blobs::FirmwareBlobHandler::VerifyCheckResponses>(
resp.metadata[0]);
switch (result)
{
case blobs::FirmwareBlobHandler::VerifyCheckResponses::failed:
std::fprintf(stderr, "failed\n");
exitLoop = true;
break;
case blobs::FirmwareBlobHandler::VerifyCheckResponses::other:
std::fprintf(stderr, "other\n");
break;
case blobs::FirmwareBlobHandler::VerifyCheckResponses::running:
std::fprintf(stderr, "running\n");
break;
case blobs::FirmwareBlobHandler::VerifyCheckResponses::success:
std::fprintf(stderr, "success\n");
exitLoop = true;
break;
default:
std::fprintf(stderr, "wat\n");
}
if (exitLoop)
{
break;
}
std::this_thread::sleep_for(verificationSleep);
}
}
catch (const ipmiblob::BlobException& b)
{
throw ToolException("blob exception received: " +
std::string(b.what()));
}
/* TODO: If this is reached and it's not success, it may be worth just
* throwing a ToolException with a timeout message specifying the final
* read's value.
*
* TODO: Given that excepting from certain points leaves the BMC update
* state machine in an inconsistent state, we need to carefully evaluate
* which exceptions from the lower layers allow one to try and delete the
* blobs to rollback the state and progress.
*/
return (result ==
blobs::FirmwareBlobHandler::VerifyCheckResponses::success);
}
void updaterMain(ipmiblob::BlobInterface* blob, DataInterface* handler,
const std::string& imagePath, const std::string& signaturePath)
{
/* TODO(venture): Add optional parameter to specify the flash type, default
* to legacy for now.
*
* TODO(venture): Move the strings from the FirmwareHandler object to a
* boring utils object so it will be more happly linked cleanly to both the
* BMC and host-side.
*/
std::string goalFirmware = "/flash/image";
std::string hashFilename = "/flash/hash";
std::string verifyFilename = "/flash/verify";
/* Get list of blob_ids, check for /flash/image, or /flash/tarball.
* TODO(venture) the mechanism doesn't care, but the caller of burn_my_bmc
* will have in mind which they're sending and we need to verify it's
* available and use it.
*/
std::vector<std::string> blobs = blob->getBlobList();
auto blobInst = std::find_if(
blobs.begin(), blobs.end(), [&goalFirmware](const std::string& iter) {
/* Running into weird scenarios where the string comparison doesn't
* work. TODO: revisit.
*/
return (0 == std::memcmp(goalFirmware.c_str(), iter.c_str(),
goalFirmware.length()));
// return (goalFirmware.compare(iter));
});
if (blobInst == blobs.end())
{
throw ToolException(goalFirmware + " not found");
}
/* Call stat on /flash/image (or /flash/tarball) and check if data interface
* is supported.
*/
ipmiblob::StatResponse stat;
try
{
stat = blob->getStat(goalFirmware);
}
catch (const ipmiblob::BlobException& b)
{
throw ToolException("blob exception received: " +
std::string(b.what()));
}
auto supported = handler->supportedType();
if ((stat.blob_state & supported) == 0)
{
throw ToolException("data interface selected not supported.");
}
/* Yay, our data handler is supported. */
/* Send over the firmware image. */
std::fprintf(stderr, "Sending over the firmware image.\n");
std::uint16_t session;
try
{
session = blob->openBlob(
goalFirmware,
static_cast<std::uint16_t>(supported) |
static_cast<std::uint16_t>(blobs::OpenFlags::write));
}
catch (const ipmiblob::BlobException& b)
{
throw ToolException("blob exception received: " +
std::string(b.what()));
}
if (!handler->sendContents(imagePath, session))
{
/* Need to close the session on failure, or it's stuck open (until the
* blob handler timeout is implemented, and even then, why make it wait.
*/
blob->closeBlob(session);
throw ToolException("Failed to send contents of " + imagePath);
}
blob->closeBlob(session);
/* Send over the hash contents. */
std::fprintf(stderr, "Sending over the hash file.\n");
try
{
session = blob->openBlob(
hashFilename,
static_cast<std::uint16_t>(supported) |
static_cast<std::uint16_t>(blobs::OpenFlags::write));
}
catch (const ipmiblob::BlobException& b)
{
throw ToolException("blob exception received: " +
std::string(b.what()));
}
if (!handler->sendContents(signaturePath, session))
{
blob->closeBlob(session);
throw ToolException("Failed to send contents of " + signaturePath);
}
blob->closeBlob(session);
/* Trigger the verification by opening the verify file. */
std::fprintf(stderr, "Opening the verification file\n");
try
{
session = blob->openBlob(
verifyFilename,
static_cast<std::uint16_t>(supported) |
static_cast<std::uint16_t>(blobs::OpenFlags::write));
}
catch (const ipmiblob::BlobException& b)
{
throw ToolException("blob exception received: " +
std::string(b.what()));
}
std::fprintf(
stderr,
"Committing to verification file to trigger verification service\n");
try
{
blob->commit(session, {});
}
catch (const ipmiblob::BlobException& b)
{
throw ToolException("blob exception received: " +
std::string(b.what()));
}
std::fprintf(stderr,
"Calling stat on verification session to check status\n");
if (pollVerificationStatus(session, blob))
{
std::fprintf(stderr, "Verification returned success\n");
}
else
{
std::fprintf(stderr, "Verification returned non-success (could still "
"be running (unlikely))\n");
}
/* DO NOT CLOSE the verification session until it's done.
* TODO: Evaluate what closing verification should do? If the process is
* complete, nothing bad, maybe reset the entire state machine? This will
* benefit from a diagram.
*/
blob->closeBlob(session);
return;
}
} // namespace host_tool