From 1e06482f7db284567b240ce6f59c644439ec813f Mon Sep 17 00:00:00 2001
From: David Bauer <mail@david-bauer.net>
Date: Mon, 31 Dec 2018 16:24:25 +0100
Subject: [PATCH] mtd: add logic for TP-Link ramips recovery magic

This adds an option to set the recovery flag of newer TP-Link MediaTek
boards and remove it after a successful write.

To make use of this feature, add the '-t' option to mtd-write.

The '-t' option takes the mtd partition containing the recovery flag
(usually 'romfile') as an argument. Make sure this partition is not
flagged as read-only!

Example:
 > mtd -t romfile write owrt.bin firmware

This command writes the recovery-flag before it begins writing the image
to the firmware partition. After the image-write has been successful,
the recovery flag is removed.

This way, the TP-Link web-recovery is automatically enabled on an
unsucessful flash (e.g. power loss).

This option is only available if the mtd package is compiled for the
ramips target.

Signed-off-by: David Bauer <mail@david-bauer.net>
---
 package/system/mtd/Makefile                   |  2 +-
 package/system/mtd/src/Makefile               |  3 +-
 package/system/mtd/src/mtd.c                  | 33 ++++++-
 package/system/mtd/src/mtd.h                  |  1 +
 .../system/mtd/src/tpl_ramips_recoveryflag.c  | 94 +++++++++++++++++++
 5 files changed, 130 insertions(+), 3 deletions(-)
 create mode 100644 package/system/mtd/src/tpl_ramips_recoveryflag.c

diff --git a/package/system/mtd/Makefile b/package/system/mtd/Makefile
index 65de47f23f..c307555436 100644
--- a/package/system/mtd/Makefile
+++ b/package/system/mtd/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=mtd
-PKG_RELEASE:=23
+PKG_RELEASE:=24
 
 PKG_BUILD_DIR := $(KERNEL_BUILD_DIR)/$(PKG_NAME)
 STAMP_PREPARED := $(STAMP_PREPARED)_$(call confvar,CONFIG_MTD_REDBOOT_PARTS)
diff --git a/package/system/mtd/src/Makefile b/package/system/mtd/src/Makefile
index 27044672cd..08a9fb295d 100644
--- a/package/system/mtd/src/Makefile
+++ b/package/system/mtd/src/Makefile
@@ -6,12 +6,13 @@ obj = mtd.o jffs2.o crc32.o md5.o
 obj.seama = seama.o md5.o
 obj.wrg = wrg.o md5.o
 obj.wrgg = wrgg.o md5.o
+obj.tpl = tpl_ramips_recoveryflag.o
 obj.ar71xx = trx.o $(obj.seama) $(obj.wrgg)
 obj.brcm = trx.o
 obj.brcm47xx = $(obj.brcm)
 obj.bcm53xx = $(obj.brcm) $(obj.seama)
 obj.brcm63xx = imagetag.o
-obj.ramips = $(obj.seama) $(obj.wrg)
+obj.ramips = $(obj.seama) $(obj.tpl) $(obj.wrg)
 obj.mvebu = linksys_bootcount.o
 obj.kirkwood = linksys_bootcount.o
 obj.ipq806x = linksys_bootcount.o
diff --git a/package/system/mtd/src/mtd.c b/package/system/mtd/src/mtd.c
index fa04c0f95b..eccb4f6a1a 100644
--- a/package/system/mtd/src/mtd.c
+++ b/package/system/mtd/src/mtd.c
@@ -85,6 +85,7 @@ static char *buf = NULL;
 static char *imagefile = NULL;
 static enum mtd_image_format imageformat = MTD_IMAGE_FORMAT_UNKNOWN;
 static char *jffs2file = NULL, *jffs2dir = JFFS2_DEFAULT_DIR;
+static char *tpl_uboot_args_part;
 static int buflen = 0;
 int quiet;
 int no_erase;
@@ -554,6 +555,17 @@ resume:
 		lseek(fd, part_offset, SEEK_SET);
 	}
 
+	/* Write TP-Link recovery flag */
+	if (tpl_uboot_args_part && mtd_tpl_recoverflag_write) {
+		if (quiet < 2)
+			fprintf(stderr, "Writing recovery flag to %s\n", tpl_uboot_args_part);
+		result = mtd_tpl_recoverflag_write(tpl_uboot_args_part, true);
+		if (result < 0) {
+			fprintf(stderr, "Could not write TP-Link recovery flag to %s: %i", mtd, result);
+			exit(1);
+		}
+	}
+
 	indicate_writing(mtd);
 
 	w = e = 0;
@@ -716,6 +728,18 @@ resume:
 #endif
 
 	close(fd);
+
+	/* Clear TP-Link recovery flag */
+	if (tpl_uboot_args_part && mtd_tpl_recoverflag_write) {
+		if (quiet < 2)
+			fprintf(stderr, "Removing recovery flag from %s\n", tpl_uboot_args_part);
+		result = mtd_tpl_recoverflag_write(tpl_uboot_args_part, false);
+		if (result < 0) {
+			fprintf(stderr, "Could not clear TP-Link recovery flag to %s: %i", mtd, result);
+			exit(1);
+		}
+	}
+
 	return 0;
 }
 
@@ -771,6 +795,10 @@ static void usage(void)
 		fprintf(stderr,
 	"        -c datasize             amount of data to be used for checksum calculation (for fixtrx / fixseama / fixwrg / fixwrgg)\n");
 	}
+	if (mtd_tpl_recoverflag_write) {
+		fprintf(stderr,
+	"        -t <partition>          write TP-Link recovery-flag to <partition> (for write)\n");
+	}
 	fprintf(stderr,
 #ifdef FIS_SUPPORT
 	"        -F <part>[:<size>[:<entrypoint>]][,<part>...]\n"
@@ -828,7 +856,7 @@ int main (int argc, char **argv)
 #ifdef FIS_SUPPORT
 			"F:"
 #endif
-			"frnqe:d:s:j:p:o:c:l:")) != -1)
+			"frnqe:d:s:j:p:o:c:t:l:")) != -1)
 		switch (ch) {
 			case 'f':
 				force = 1;
@@ -896,6 +924,9 @@ int main (int argc, char **argv)
 					usage();
 				}
 				break;
+			case 't':
+				tpl_uboot_args_part = optarg;
+				break;
 #ifdef FIS_SUPPORT
 			case 'F':
 				fis_layout = optarg;
diff --git a/package/system/mtd/src/mtd.h b/package/system/mtd/src/mtd.h
index 0250a90e0b..3eda6159c6 100644
--- a/package/system/mtd/src/mtd.h
+++ b/package/system/mtd/src/mtd.h
@@ -30,4 +30,5 @@ extern int mtd_fixseama(const char *mtd, size_t offset, size_t data_size) __attr
 extern int mtd_fixwrg(const char *mtd, size_t offset, size_t data_size) __attribute__ ((weak));
 extern int mtd_fixwrgg(const char *mtd, size_t offset, size_t data_size) __attribute__ ((weak));
 extern int mtd_resetbc(const char *mtd) __attribute__ ((weak));
+extern int mtd_tpl_recoverflag_write(const char *mtd, const bool recovery_active) __attribute__ ((weak));
 #endif /* __mtd_h */
diff --git a/package/system/mtd/src/tpl_ramips_recoveryflag.c b/package/system/mtd/src/tpl_ramips_recoveryflag.c
new file mode 100644
index 0000000000..3711e01317
--- /dev/null
+++ b/package/system/mtd/src/tpl_ramips_recoveryflag.c
@@ -0,0 +1,94 @@
+/*
+ * TP-Link recovery flag set and unset code for ramips target
+ *
+ * Copyright (C) 2018 David Bauer <mail@david-bauer.net>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License v2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <unistd.h>
+#include <sys/mman.h>
+#include <errno.h>
+#include <stdint.h>
+
+#include <mtd/mtd-user.h>
+#include <sys/ioctl.h>
+
+#include "mtd.h"
+
+
+#define TPL_RECOVER_MAGIC	0x89abcdef
+#define TPL_NO_RECOVER_MAGIC	0x00000000
+
+
+struct uboot_args {
+	uint32_t magic;
+};
+
+int mtd_tpl_recoverflag_write(const char *mtd, const bool recovery_active)
+{
+	struct erase_info_user erase_info;
+	struct uboot_args *args;
+	uint32_t magic;
+	int ret = 0;
+	int fd;
+
+	args = malloc(erasesize);
+	if (!args) {
+		fprintf(stderr, "Could not allocate memory!\n");
+		return -1;
+	}
+
+	fd = mtd_check_open(mtd);
+	if (fd < 0) {
+		fprintf(stderr, "Could not open mtd device: %s\n", mtd);
+		ret = -1;
+		goto out;
+	}
+
+	/* read first block (containing the magic) */
+	pread(fd, args, erasesize, 0);
+
+	/* set magic to desired value */
+	magic = TPL_RECOVER_MAGIC;
+	if (!recovery_active)
+		magic = TPL_NO_RECOVER_MAGIC;
+
+	/* no need to write when magic is already set correctly */
+	if (magic == args->magic)
+		goto out;
+
+	/* erase first block (containing the magic) */
+	erase_info.start = 0;
+	erase_info.length = erasesize;
+
+	ret = ioctl(fd, MEMERASE, &erase_info);
+	if (ret < 0) {
+		fprintf(stderr, "failed to erase block: %i\n", ret);
+		goto out;
+	}
+
+	/* write magic to flash */
+	args->magic = magic;
+
+	ret = pwrite(fd, args, erasesize, 0);
+	if (ret < 0)
+		fprintf(stderr, "failed to write: %i\n", ret);
+
+	sync();
+out:
+	free(args);
+	close(fd);
+
+	return ret;
+}
-- 
2.30.2