| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test is intended to read and verify the content of the flash, and
verify that the read completes without error in the face of unusual
flash size with respect to the window configuration.
Specifically, the test is arranged such that the reserved memory exceeds
the flash size, and the flash layout conspires such that the final
request is for a window whose flash offset and window size exceed the
flash size. This currently triggers an error condition in the mbox
window handling, and causes the host to receive an error response to its
CREATE_READ_WINDOW request. On the host side this results in the reading
process receiving an EIO.
Due to what is probably an oversight in the mbox window handling, some
care needs to be taken in the test configuration: The current behaviour
is that copy_flash() will return a length that may be less than the size
of the reserved memory window. The returned value is aligned up to the
next block and assigned as the current window's size. However, when
evicting a window, we do not reset the size to the default size. As a
consequence, windows can shrink and remain at a size below the default
window size. Without careful control of the test parameters this can
lead to the appearance that there is no bug in the window handling as,
serendipitously, a window of the correct size can be evicted for the
final CREATE_READ_WINDOW request.
Change-Id: I436595f428bf4e93392315ec1110b6b6f4a11821
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
| |
mbox_rspcpy() copies the mboxd response into a struct mbox_msg for use
by the caller. This is useful in test cases that want to read contiguous
chunks of the flash. mbox_rspcpy() allows them to extract the current
window's offset and length to dynamically construct the
CREATE_READ_WINDOW request for the subsequent blocks.
Change-Id: I4d35889a0785b2d9ab737eba6755892caed53270
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
mboxd_msg.h uses the MBOX_REG_BYTES symbol, but forces its users to
first include mbox.h. Include what we use to restore some sanity.
Change-Id: Ia72de84e6ba8abc86044170a355a4d43f96a239e
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
| |
Remove the ambiguity of signed/unsigned char.
Change-Id: I979d1907f7be08a9413770839909a30f4640701a
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partitions with patch files whose size was less than the partition size
in the ToC could not be completely read by the host. For example when
scanning over the entire PNOR on the host with `cat /dev/mtd0 >
/dev/null` the host would lock up. A trace from mboxd under these
circumstances shows:
[ 1519832857.966501396] Received MBOX command: 4
[ 1519832857.966695620] Host requested flash @ 0x02a44000
[ 1519832857.968642020] Window @ 0x730ce000 for size 0x00024000 maps flash offset 0x02a44000
[ 1519832857.968808728] Writing MBOX response: 1
[ 1519832858.222090630] Received MBOX command: 4
[ 1519832858.222284692] Host requested flash @ 0x02a68000
[ 1519832858.223964544] Window @ 0x73cce000 for size 0x00009000 maps flash offset 0x02a68000
[ 1519832858.224136142] Writing MBOX response: 1
[ 1519832858.435944292] Received MBOX command: 4
[ 1519832858.436138394] Host requested flash @ 0x02a71000
[ 1519832858.437026725] Window @ 0x734ce000 for size 0x00007000 maps flash offset 0x02a71000
[ 1519832858.437195251] Writing MBOX response: 1
[ 1519832858.646768070] Received MBOX command: 4
[ 1519832858.646968637] Host requested flash @ 0x02a78000
[ 1519832858.647567228] Window @ 0x768ce000 for size 0x00001000 maps flash offset 0x02a78000
[ 1519832858.647731755] Writing MBOX response: 1
[ 1519832858.848288015] Received MBOX command: 4
[ 1519832858.848489188] Host requested flash @ 0x02a79000
[ 1519832858.849006404] Window @ 0x758ce000 for size 0x00000000 maps flash offset 0x02a79000
[ 1519832858.849168870] Writing MBOX response: 1
[ 1519832859.048631708] Received MBOX command: 4
[ 1519832859.048827305] Host requested flash @ 0x02a79000
[ 1519832859.049343956] Window @ 0x756ce000 for size 0x00000000 maps flash offset 0x02a79000
[ 1519832859.049503553] Writing MBOX response: 1
[ 1519832859.248950916] Received MBOX command: 4
[ 1519832859.249142069] Host requested flash @ 0x02a79000
[ 1519832859.249649871] Window @ 0x741ce000 for size 0x00000000 maps flash offset 0x02a79000
Of significance are the last three CREATE_READ_WINDOW requests, where
the request succeeds but mboxd reports back a zero-sized window to the
host. The host immediately considers itself done with the window, and
requests a new window offset from the previous by size, which is zero.
Thus it re-requests the same offset, and receives the same zero-sized
window in return.
As a result, firmware gets stuck in an unterminated loop, stealing the
core from Linux, which promptly starts reporting a constant stream of
RCU stall warnings among the rest of the failures. Everyone is
miserable.
The offset in question maps to a partition but not to a valid offset in
the file backing that partition. Resize the backing file to meet the
maximum access address within the limits of the partition size defined
in the ToC. By doing so, we are able to map as much of the partition as
necessary.
However, we're not done. Whilst we no longer crash the host, we still
don't successfully complete the operation the host requested. From
Petitboot:
/ # cat /dev/mtd0 > /dev/null
[ 501.061616288,3] MBOX-FLASH: Bad response code from BMC 2
[ 501.150405995,3] MBOX-FLASH: Error waiting for BMC
cat: read error: Input/output error
/ # echo $?
1
/ #
And the corresponding mboxd trace on the BMC:
[ 1519966031.652036815] Received MBOX command: 4
[ 1519966031.652272613] Host requested flash @ 0x03f1a000
[ 1519966031.652411603] Tried to open read window past flash limit
[ 1519966031.652500088] Couldn't create window mapping for offset 0x03f1a000
[ 1519966031.652607966] Error handling mbox cmd: 4
[ 1519966031.652661421] Writing MBOX response: 2
[ 1519966031.652762229] Error handling MBOX event
The read failure will be fixed in a follow-up patch.
Change-Id: Iffdfb8af6f739df5e6d9c171b584a7244bdb7099
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Table class was unhelpful for testing in a couple of ways:
1. It attempted to access files on the filesystem whilst parsing ToC
entries
2. It incorrectly assumed the location of the files it was accessing
Both of these issues come down to handling of patch files and the
configuration of the 'actual' member of the partition struct.
Hoist the handling of the partition entry's data size out of the ToC
parser, and rework the Table constructor to only require a struct
mbox_context pointer. We can then use the paths member of mbox_context
to find the patch location rather than hard-code the value generated by
the configure script.
This prompts a rework and rename of the wrapper functions in
mboxd_pnor_partition_table.{cpp,h} to better align with the new
behaviour of the Table constructor. Reworking the wrappers has knock-on
effects in the tests, but the changes are straight-forward.
Change-Id: I87e63daf0d28b93566f7e5cb565cbf0790428479
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
Ensures writes can resize the backing files up to the limit of the
partition size.
Change-Id: Ie399d556dd485a235b7f6731d35536b2a6c703be
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
| |
The patch file in question is smaller than the partition defined for it.
This configuration exposes a bug where mboxd responds to a
CREATE_READ_WINDOW for the blocks after the length of the patch file
with a 0-sized window. Outside of the test environment this behaviour
causes the host to enter an unterminated loop in firmware.
Change-Id: I13aafb58a7876dc1589f695a9f5c80d082b4e15f
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: If557811530f9a886355d023ea73c3412ba5797f8
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I5a4d6bb7b019767c19d45e68d4ac01c92c024abe
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I25726e9fe97b37d9be0bab10a84f20d0bab9f5c9
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: Ic15daa8198df660d7c2e7c26921ce43e671d5c38
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The RORequest and RWRequest classes did not provide a clear abstraction
over the operation of populating a window or partition associated with a
CREATE_{READ,WRITE}_WINDOW request. The role of the classes was to find
the partition for the provided offset, locate and then open its backing
file.
However, the file-descriptor for the backing file was exposed outside of
the class, as was the FFS partition struct, both of which were managed
_internal_ to the class. Thus the classes provided no encapsulation of
state and awkwardly split the tasks of managing and utilising the
resources between the callee and caller.
This commit inverts the behaviour in a fulfil() method handles the
mechanics of locating, opening, manipulating and closing the backing
file, requiring nothing of the caller. The pnor_partition reference is
managed entirely inside the Request class, derived from the offset
passed to the constructor.
Unifying the mechanics into fulfil() results in a decent reduction in
lines of code at the expense of some cyclomatic complexity. fulfil() is
publicly exposed via read() and write() wrappers on the class, and the
RORequest and RWRequest classes are removed as a result.
Change-Id: Ie587ed31f1a6db97bcb490dbcc2e27ece0b1f82c
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: Ide8012846732649780a8989c8040bece8ffdf272
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
The CREATE_READ_WINDOW request asks for an offset below the one defined
partition, between it and the ToC.
Change-Id: Iafaa530a3d6b02626106508b81c7aa7eaef9c876
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow reads and writes of offsets that don't map onto partitions defined
in the ToC. Do so by ignoring the mapping failure and filling a window
with 0xff in the hole from the requested offset to the following
partition.
This change also removes the reliance on InternalFailure as the
exception of choice for communicating failures. We can do better without
the teeth-pulling required by phosphor-logging by translating custom
exceptions into phosphor-logging exceptions at the edges.
Change-Id: Ibfa961a66b0b979354c6dc226ccbe7e9fbafc16d
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
| |
Create a local variable for the partition of interest.
Change-Id: I7c0ec008f8b616cec15f10664afca73736324029
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
| |
Allow use of the definition in other parts of the codebase.
Change-Id: I5f4f23c909a09f12fd16728183aadbf36b565dba
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I0523a451c03c05f2851f06f99326c792149849b6
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: Icde607847812bcba3c7e2a131d7f46e223d44440
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
As the handling of the ToC is separate to the mapping of other
partitions, ensure we have appropriate coverage of copy_flash.
Change-Id: If362c667df65b2648849cab2e0c11ebe0416d254
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
Attempts to access an offset beyond the end of what's defined in the
partition table.
Change-Id: I43c55423625261947965155cb1d53ef276a4ed05
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I6fb96c921bead334ff178d0d78e9c7e7c7234f0a
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I3dbb4a14c5052c1689f930744a59b465b482fb68
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I5243ee9d093445437cc6d75400d1d51ff5885719
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I25c6a6c4cee69ce9ba28c238851c7b7c622bb9b3
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: Iafddb01ad174b27e3f12272e107cc0323d824c81
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a collection of small fixes:
* Always initialise the field for PARTITION_ECC_PROTECTED so it doesn't
contain garbage
* Provide a warning when we encounter a flag we don't understand
* Ignore empty flags so we don't trigger the unknown flag warning
* Unset the READONLY bit if we encounter READWRITE, implementing
last-configuration-wins rather than sticky-readonly
Change-Id: I3dd45139716fe241f9d3e7997e1269d13de638ca
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
| |
Exercises the flags associated with FFS properties.
Change-Id: Id710784cbbf3115712f7ce55e1fd38c8889b2c1f
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I17e876fcb18b69d29bcc439e0f270760e015f246
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I0122a2239df3ec7c83e2bf778d4d8df5a348d495
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: If712eac2e0f7b2c46e8bd473a5dc1c5b62c534b4
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: If0861efb0f6bccf82a2df94204821f22198e17b0
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: Iaac0e7783f1ceba0d009fcd4865861b0109639e4
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I30325d8dbee300fc93911a7e9e2650fc592a7055
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
| |
The CREATE_READ_WINDOW command supplied by the test case worked by
accident more than design with respect to the specified PNOR layout.
Make the partition size one block for sanity.
Change-Id: I2f3e55c8be309b3940447148289b0c5aced0b094
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
For separate tests of access to offsets that do and don't contain a
partition.
Change-Id: I2466821b81eb721eeffe7db02d177c6f78e06101
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I36f3946487d0b613fa0ada9bfa777e4d12444fac
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: Idec2747e2233eea5631740ed702623b5e4409a1c
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I10b82d84cd40d52b0a489dc834269eec1a0d5240
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I71641b2c67eebf0b2babd677a46dbc45e0848795
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
Define a new variable to capture the library requirements of the vpnor
tests.
Change-Id: I966f699a9a96ee943602476d1d1015347cfe9c0b
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I635a085283d86a1f672f736a26981901d38ea599
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I9d18bd108d1c0972a5fefa384152757a2483c103
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
Instead use strncpy() and specify the size of the destination buf, then
null-terminate the result.
Change-Id: I02b50010d4ba11feed5a96f27b3ec2bb50b2eabf
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I5d49a090482d280317e75c7a7e2dc68d7fa265e2
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously it represented any one of the ro/rw/prsv/patch directories.
It's better if we can deal with all of them at once, so rework the
abstraction.
In the process, the patch exploits other features of
std::experimental::filesystem to increase readability of the code.
Change-Id: I06000709622dd66945cc88cb5333847c69215dc7
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: Ibb2ea631d3bb903a6607edac085d3025479e5ff7
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
| |
The VpnorRoot class prepares a temporary directory for use as a VPNOR
backing store. Implementing it as a class allows us to use RAII to get
it to clean up after itself.
Change-Id: Ia5a839e751f8dc2126a4c0b474e9a7b8593cfd57
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
| |
Move the createVpnorTree() helper function out from the
create_pnor_partition_table test case into its own header. This way
multiple tests can make use of its function.
Change-Id: Ieb4149e736c7ff87ecdbf7aa586b58baf936cd97
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|