routerbootpart: hard_config partition can be larger than a single block on MikroTik devices
Thibaut
hacks at slashdirt.org
Fri Apr 30 23:07:39 BST 2021
Hi Baptiste,
> Le 30 avr. 2021 à 23:05, Baptiste Jonglez <baptiste at bitsofnetworks.org> a écrit :
>
> Hi Thibault,
>
> I was debugging why OpenWrt could not find the radio calibration data on
> one of my hAP-ac2 devices: the /sys/firmware/mikrotik/hard_config/wlan_data/
> directory is created but stays empty.
>
> It turns out that the compressed data does not fit in a single block
> (i.e. 4 KB), and the hard_config partition spans two blocks. However, the
> routerbootpart parser assumes that this partition only spans a single block.
>
> As a result, the rb_hardconfig drivers tries to parse the compressed blob,
> see that it extends beyond the (wrongly assumed) boundary of the
> hard_config partition, and aborts here:
>
> /* Caller ensure tlen > 0. tofs is aligned */
> if ((tofs + tlen) > hc_buflen)
> return -EIO;
>
> Here, hc_buflen is 4096 (the wrongly assumed size of the hard_config
> partition), while the offset is 0x144 and the length of the blob is x0fbc.
> As a result, tofs + tlen = 4352 and the check fails.
>
> Here is the mtd mapping as computed by the kernel:
>
> [ 0.746135] spi-nor spi0.0: w25q128jv (16384 Kbytes)
> [ 0.746199] 3 fixed-partitions partitions found on MTD device spi0.0
> [ 0.751062] Creating 3 MTD partitions on "spi0.0":
> [ 0.757427] 0x000000000000-0x000000080000 : "Qualcomm"
> [ 0.763004] 0x000000080000-0x000000100000 : "RouterBoot"
> [ 0.772971] 3 routerbootpart partitions found on MTD device RouterBoot
> [ 0.773003] Creating 3 MTD partitions on "RouterBoot":
> [ 0.778977] 0x00000000e000-0x00000000f000 : "hard_config"
> [ 0.784993] 0x000000010000-0x000000017bbc : "dtb_config"
> [ 0.790390] 0x00000003d000-0x00000003e000 : "soft_config"
> [ 0.795860] 0x000000100000-0x000001000000 : "firmware"
>
> The hard_config partition should actually span 0x00000000e000-0x000000010000 in this case.
Thanks for the thorough forensics.
> Do you see a clean way to support this without breaking support for other
> boards? Do you think we can determine this size from somewhere else in
> the flash, or should I just set "size = <0x2000>" in the DTS and hope that
> it's valid for all hap-ac2 boards?
No, please don't. I can already tell you that this is not the case.
My hap-ac2 has a 4K hard_config, and from my understanding so do the ones that were tested in PR#3037, like every other mikrotik boards known at the time the driver was last updated. Of course it was only a matter of time before Mikrotik pulled that rug under our feet.
Can you provide me with a dump of the Routerboot partition?
I’ll take a look at what can be « sanely » done.
Thanks,
Thibaut
More information about the openwrt-devel
mailing list