routerbootpart: hard_config partition can be larger than a single block on MikroTik devices
Baptiste Jonglez
baptiste at bitsofnetworks.org
Fri Apr 30 22:05:35 BST 2021
Hi Thibault,
I was debugging why OpenWrt could not find the radio calibration data on
one of my hAP-ac2 devices: the /sys/firmware/mikrotik/hard_config/wlan_data/
directory is created but stays empty.
It turns out that the compressed data does not fit in a single block
(i.e. 4 KB), and the hard_config partition spans two blocks. However, the
routerbootpart parser assumes that this partition only spans a single block.
As a result, the rb_hardconfig drivers tries to parse the compressed blob,
see that it extends beyond the (wrongly assumed) boundary of the
hard_config partition, and aborts here:
/* Caller ensure tlen > 0. tofs is aligned */
if ((tofs + tlen) > hc_buflen)
return -EIO;
Here, hc_buflen is 4096 (the wrongly assumed size of the hard_config
partition), while the offset is 0x144 and the length of the blob is x0fbc.
As a result, tofs + tlen = 4352 and the check fails.
Here is the mtd mapping as computed by the kernel:
[ 0.746135] spi-nor spi0.0: w25q128jv (16384 Kbytes)
[ 0.746199] 3 fixed-partitions partitions found on MTD device spi0.0
[ 0.751062] Creating 3 MTD partitions on "spi0.0":
[ 0.757427] 0x000000000000-0x000000080000 : "Qualcomm"
[ 0.763004] 0x000000080000-0x000000100000 : "RouterBoot"
[ 0.772971] 3 routerbootpart partitions found on MTD device RouterBoot
[ 0.773003] Creating 3 MTD partitions on "RouterBoot":
[ 0.778977] 0x00000000e000-0x00000000f000 : "hard_config"
[ 0.784993] 0x000000010000-0x000000017bbc : "dtb_config"
[ 0.790390] 0x00000003d000-0x00000003e000 : "soft_config"
[ 0.795860] 0x000000100000-0x000001000000 : "firmware"
The hard_config partition should actually span 0x00000000e000-0x000000010000 in this case.
Do you see a clean way to support this without breaking support for other
boards? Do you think we can determine this size from somewhere else in
the flash, or should I just set "size = <0x2000>" in the DTS and hope that
it's valid for all hap-ac2 boards?
Thanks,
Baptiste
PS: for reference, this hap-ac2 board was bought on 2019-10-29, is labeled
<SN>/939/r2, and has a MAC starting with 74:4D:28.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20210430/3e0ff199/attachment-0001.sig>
More information about the openwrt-devel
mailing list