mvebu: check image size on sysupgrade for FortiGate/FortiWiFi devices

Add functions for checking kernel/rootfs sizes to fortinet.sh to prevent incomplete sysupgrade by combination data of kernel and rootfs larger than each firwmare partition. Signed-off-by: INAGAKI Hiroshi <[email protected]>
musashino205 · Sep 23, 2024 · 985c92d · 985c92d
1 parent a9ada42
commit 985c92d
Showing 2 changed files with 79 additions and 0 deletions.
diff --git a/target/linux/mvebu/cortexa9/base-files/lib/upgrade/fortinet.sh b/target/linux/mvebu/cortexa9/base-files/lib/upgrade/fortinet.sh
@@ -37,6 +37,77 @@ fortinet_parse_metadata() {
 	echo "$output"
 }
 
+fortinet_align_length() {
+	local orig="$1"
+	local blksz="$2"
+	local align
+
+	align=$((orig / blksz))
+	[ $((orig % blksz)) -gt 0 ] && \
+		align=$((align + 1))
+	align=$((align * blksz))
+
+	echo $align
+}
+
+fortinet_check_image() {
+	local board_dir="$(tar tf "$1" | grep -m 1 '^sysupgrade-.*/$')"
+	local fw_mtd
+	local kern_len root_len fwpart_len fwpart_erase
+	local tmp ver="1.0" msg
+	local active
+
+	board_dir="${board_dir%/}"
+	active=$(fortinet_get_active)
+	case "$active" in
+	0) PART_NAME="firmware" ;;
+	1) PART_NAME="firmware2" ;;
+	*) echo "ERROR: invalid active partition is set in \"firmware-info\""
+	   umount -a
+	   reboot -f ;;
+	esac
+
+	fw_mtd="$(find_mtd_part $PART_NAME)"
+	if [ -z "$fw_mtd" ]; then
+		echo "ERROR: MTD device \"$PART_NAME\" not found"
+		return 1
+	fi
+
+	kern_len=$( (tar xOf "$1" "$board_dir/kernel" | wc -c) 2> /dev/null)
+	root_len=$( (tar xOf "$1" "$board_dir/root" | wc -c) 2> /dev/null)
+	if [ -z "$kern_len" ] || [ -z "$root_len" ]; then
+		echo "ERROR: failed to get kernel/rootfs length of new firmware"
+		return 1
+	fi
+
+	fwpart_len=$(cat /sys/class/mtd/${fw_mtd//\/dev\/mtdblock/mtd}/size)
+	fwpart_erase=$(cat /sys/class/mtd/${fw_mtd//\/dev\/mtdblock/mtd}/erasesize)
+	if [ -z "$fwpart_len" ] || [ -z "$fwpart_erase" ]; then
+		echo "ERROR: failed to get partition size or erasesize of \"$PART_NAME\" partition"
+		return 1
+	fi
+
+	ver="$(fortinet_parse_metadata compat_version)"
+	msg="$(fortinet_parse_metadata compat_message)"
+
+	# calculate kernel length if the image has "mtdsplit" in
+	# compat_version or something of compat_version other than "1.0"
+	if [ "$msg" = "mtdsplit" ] || [ "$ver" != "1.0" ]; then
+		kern_len="$(fortinet_align_length $kern_len $fwpart_erase)"
+	else
+		# for downgrading to older firmware that
+		# has fixed kernel/rootfs partitions
+		kern_len=0x600000
+	fi
+	root_len="$(fortinet_align_length $root_len $fwpart_erase)"
+	if [ $((kern_len + root_len)) -gt $fwpart_len ]; then
+		echo "ERROR: new kernel+rootfs is larger than the current $PART_NAME partition"
+		return 1
+	fi
+
+	return 0
+}
+
 fortinet_bswap32() {
 	local val="$(printf %08x $(($1)))"
 

diff --git a/target/linux/mvebu/cortexa9/base-files/lib/upgrade/platform.sh b/target/linux/mvebu/cortexa9/base-files/lib/upgrade/platform.sh
@@ -17,6 +17,14 @@ platform_check_image() {
 	solidrun,clearfog-pro-a1)
 		legacy_sdcard_check_image "$1"
 		;;
+	fortinet,fg-30e|\
+	fortinet,fg-50e|\
+	fortinet,fg-51e|\
+	fortinet,fg-52e|\
+	fortinet,fwf-50e-2r|\
+	fortinet,fwf-51e)
+		fortinet_check_image "$1"
+		;;
 	*)
 		return 0
 		;;