Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
mvebu: check image size on sysupgrade for FortiGate/FortiWiFi devices
Browse files Browse the repository at this point in the history
Add functions for checking kernel/rootfs sizes to fortinet.sh to prevent
incomplete sysupgrade by combination data of kernel and rootfs larger
than each firwmare partition.

Signed-off-by: INAGAKI Hiroshi <[email protected]>
musashino205 committed Sep 23, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent a9ada42 commit 985c92d
Showing 2 changed files with 79 additions and 0 deletions.
71 changes: 71 additions & 0 deletions target/linux/mvebu/cortexa9/base-files/lib/upgrade/fortinet.sh
Original file line number Diff line number Diff line change
@@ -37,6 +37,77 @@ fortinet_parse_metadata() {
echo "$output"
}

fortinet_align_length() {
local orig="$1"
local blksz="$2"
local align

align=$((orig / blksz))
[ $((orig % blksz)) -gt 0 ] && \
align=$((align + 1))
align=$((align * blksz))

echo $align
}

fortinet_check_image() {
local board_dir="$(tar tf "$1" | grep -m 1 '^sysupgrade-.*/$')"
local fw_mtd
local kern_len root_len fwpart_len fwpart_erase
local tmp ver="1.0" msg
local active

board_dir="${board_dir%/}"
active=$(fortinet_get_active)
case "$active" in
0) PART_NAME="firmware" ;;
1) PART_NAME="firmware2" ;;
*) echo "ERROR: invalid active partition is set in \"firmware-info\""
umount -a
reboot -f ;;
esac

fw_mtd="$(find_mtd_part $PART_NAME)"
if [ -z "$fw_mtd" ]; then
echo "ERROR: MTD device \"$PART_NAME\" not found"
return 1
fi

kern_len=$( (tar xOf "$1" "$board_dir/kernel" | wc -c) 2> /dev/null)
root_len=$( (tar xOf "$1" "$board_dir/root" | wc -c) 2> /dev/null)
if [ -z "$kern_len" ] || [ -z "$root_len" ]; then
echo "ERROR: failed to get kernel/rootfs length of new firmware"
return 1
fi

fwpart_len=$(cat /sys/class/mtd/${fw_mtd//\/dev\/mtdblock/mtd}/size)
fwpart_erase=$(cat /sys/class/mtd/${fw_mtd//\/dev\/mtdblock/mtd}/erasesize)
if [ -z "$fwpart_len" ] || [ -z "$fwpart_erase" ]; then
echo "ERROR: failed to get partition size or erasesize of \"$PART_NAME\" partition"
return 1
fi

ver="$(fortinet_parse_metadata compat_version)"
msg="$(fortinet_parse_metadata compat_message)"

# calculate kernel length if the image has "mtdsplit" in
# compat_version or something of compat_version other than "1.0"
if [ "$msg" = "mtdsplit" ] || [ "$ver" != "1.0" ]; then
kern_len="$(fortinet_align_length $kern_len $fwpart_erase)"
else
# for downgrading to older firmware that
# has fixed kernel/rootfs partitions
kern_len=0x600000
fi
root_len="$(fortinet_align_length $root_len $fwpart_erase)"
if [ $((kern_len + root_len)) -gt $fwpart_len ]; then
echo "ERROR: new kernel+rootfs is larger than the current $PART_NAME partition"
return 1
fi

return 0
}

fortinet_bswap32() {
local val="$(printf %08x $(($1)))"

Original file line number Diff line number Diff line change
@@ -17,6 +17,14 @@ platform_check_image() {
solidrun,clearfog-pro-a1)
legacy_sdcard_check_image "$1"
;;
fortinet,fg-30e|\
fortinet,fg-50e|\
fortinet,fg-51e|\
fortinet,fg-52e|\
fortinet,fwf-50e-2r|\
fortinet,fwf-51e)
fortinet_check_image "$1"
;;
*)
return 0
;;

0 comments on commit 985c92d

Please sign in to comment.