| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test is intended to read and verify the content of the flash, and
verify that the read completes without error in the face of unusual
flash size with respect to the window configuration.
Specifically, the test is arranged such that the reserved memory exceeds
the flash size, and the flash layout conspires such that the final
request is for a window whose flash offset and window size exceed the
flash size. This currently triggers an error condition in the mbox
window handling, and causes the host to receive an error response to its
CREATE_READ_WINDOW request. On the host side this results in the reading
process receiving an EIO.
Due to what is probably an oversight in the mbox window handling, some
care needs to be taken in the test configuration: The current behaviour
is that copy_flash() will return a length that may be less than the size
of the reserved memory window. The returned value is aligned up to the
next block and assigned as the current window's size. However, when
evicting a window, we do not reset the size to the default size. As a
consequence, windows can shrink and remain at a size below the default
window size. Without careful control of the test parameters this can
lead to the appearance that there is no bug in the window handling as,
serendipitously, a window of the correct size can be evicted for the
final CREATE_READ_WINDOW request.
Change-Id: I436595f428bf4e93392315ec1110b6b6f4a11821
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partitions with patch files whose size was less than the partition size
in the ToC could not be completely read by the host. For example when
scanning over the entire PNOR on the host with `cat /dev/mtd0 >
/dev/null` the host would lock up. A trace from mboxd under these
circumstances shows:
[ 1519832857.966501396] Received MBOX command: 4
[ 1519832857.966695620] Host requested flash @ 0x02a44000
[ 1519832857.968642020] Window @ 0x730ce000 for size 0x00024000 maps flash offset 0x02a44000
[ 1519832857.968808728] Writing MBOX response: 1
[ 1519832858.222090630] Received MBOX command: 4
[ 1519832858.222284692] Host requested flash @ 0x02a68000
[ 1519832858.223964544] Window @ 0x73cce000 for size 0x00009000 maps flash offset 0x02a68000
[ 1519832858.224136142] Writing MBOX response: 1
[ 1519832858.435944292] Received MBOX command: 4
[ 1519832858.436138394] Host requested flash @ 0x02a71000
[ 1519832858.437026725] Window @ 0x734ce000 for size 0x00007000 maps flash offset 0x02a71000
[ 1519832858.437195251] Writing MBOX response: 1
[ 1519832858.646768070] Received MBOX command: 4
[ 1519832858.646968637] Host requested flash @ 0x02a78000
[ 1519832858.647567228] Window @ 0x768ce000 for size 0x00001000 maps flash offset 0x02a78000
[ 1519832858.647731755] Writing MBOX response: 1
[ 1519832858.848288015] Received MBOX command: 4
[ 1519832858.848489188] Host requested flash @ 0x02a79000
[ 1519832858.849006404] Window @ 0x758ce000 for size 0x00000000 maps flash offset 0x02a79000
[ 1519832858.849168870] Writing MBOX response: 1
[ 1519832859.048631708] Received MBOX command: 4
[ 1519832859.048827305] Host requested flash @ 0x02a79000
[ 1519832859.049343956] Window @ 0x756ce000 for size 0x00000000 maps flash offset 0x02a79000
[ 1519832859.049503553] Writing MBOX response: 1
[ 1519832859.248950916] Received MBOX command: 4
[ 1519832859.249142069] Host requested flash @ 0x02a79000
[ 1519832859.249649871] Window @ 0x741ce000 for size 0x00000000 maps flash offset 0x02a79000
Of significance are the last three CREATE_READ_WINDOW requests, where
the request succeeds but mboxd reports back a zero-sized window to the
host. The host immediately considers itself done with the window, and
requests a new window offset from the previous by size, which is zero.
Thus it re-requests the same offset, and receives the same zero-sized
window in return.
As a result, firmware gets stuck in an unterminated loop, stealing the
core from Linux, which promptly starts reporting a constant stream of
RCU stall warnings among the rest of the failures. Everyone is
miserable.
The offset in question maps to a partition but not to a valid offset in
the file backing that partition. Resize the backing file to meet the
maximum access address within the limits of the partition size defined
in the ToC. By doing so, we are able to map as much of the partition as
necessary.
However, we're not done. Whilst we no longer crash the host, we still
don't successfully complete the operation the host requested. From
Petitboot:
/ # cat /dev/mtd0 > /dev/null
[ 501.061616288,3] MBOX-FLASH: Bad response code from BMC 2
[ 501.150405995,3] MBOX-FLASH: Error waiting for BMC
cat: read error: Input/output error
/ # echo $?
1
/ #
And the corresponding mboxd trace on the BMC:
[ 1519966031.652036815] Received MBOX command: 4
[ 1519966031.652272613] Host requested flash @ 0x03f1a000
[ 1519966031.652411603] Tried to open read window past flash limit
[ 1519966031.652500088] Couldn't create window mapping for offset 0x03f1a000
[ 1519966031.652607966] Error handling mbox cmd: 4
[ 1519966031.652661421] Writing MBOX response: 2
[ 1519966031.652762229] Error handling MBOX event
The read failure will be fixed in a follow-up patch.
Change-Id: Iffdfb8af6f739df5e6d9c171b584a7244bdb7099
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Table class was unhelpful for testing in a couple of ways:
1. It attempted to access files on the filesystem whilst parsing ToC
entries
2. It incorrectly assumed the location of the files it was accessing
Both of these issues come down to handling of patch files and the
configuration of the 'actual' member of the partition struct.
Hoist the handling of the partition entry's data size out of the ToC
parser, and rework the Table constructor to only require a struct
mbox_context pointer. We can then use the paths member of mbox_context
to find the patch location rather than hard-code the value generated by
the configure script.
This prompts a rework and rename of the wrapper functions in
mboxd_pnor_partition_table.{cpp,h} to better align with the new
behaviour of the Table constructor. Reworking the wrappers has knock-on
effects in the tests, but the changes are straight-forward.
Change-Id: I87e63daf0d28b93566f7e5cb565cbf0790428479
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
|
|
|
| |
Ensures writes can resize the backing files up to the limit of the
partition size.
Change-Id: Ie399d556dd485a235b7f6731d35536b2a6c703be
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
|
|
|
|
|
|
| |
The patch file in question is smaller than the partition defined for it.
This configuration exposes a bug where mboxd responds to a
CREATE_READ_WINDOW for the blocks after the length of the patch file
with a 0-sized window. Outside of the test environment this behaviour
causes the host to enter an unterminated loop in firmware.
Change-Id: I13aafb58a7876dc1589f695a9f5c80d082b4e15f
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
|
|
|
| |
The CREATE_READ_WINDOW request asks for an offset below the one defined
partition, between it and the ToC.
Change-Id: Iafaa530a3d6b02626106508b81c7aa7eaef9c876
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow reads and writes of offsets that don't map onto partitions defined
in the ToC. Do so by ignoring the mapping failure and filling a window
with 0xff in the hole from the requested offset to the following
partition.
This change also removes the reliance on InternalFailure as the
exception of choice for communicating failures. We can do better without
the teeth-pulling required by phosphor-logging by translating custom
exceptions into phosphor-logging exceptions at the edges.
Change-Id: Ibfa961a66b0b979354c6dc226ccbe7e9fbafc16d
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: Icde607847812bcba3c7e2a131d7f46e223d44440
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
|
|
|
| |
As the handling of the ToC is separate to the mapping of other
partitions, ensure we have appropriate coverage of copy_flash.
Change-Id: If362c667df65b2648849cab2e0c11ebe0416d254
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
|
|
|
| |
Attempts to access an offset beyond the end of what's defined in the
partition table.
Change-Id: I43c55423625261947965155cb1d53ef276a4ed05
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: I6fb96c921bead334ff178d0d78e9c7e7c7234f0a
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: I3dbb4a14c5052c1689f930744a59b465b482fb68
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: I5243ee9d093445437cc6d75400d1d51ff5885719
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: I25c6a6c4cee69ce9ba28c238851c7b7c622bb9b3
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: Iafddb01ad174b27e3f12272e107cc0323d824c81
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a collection of small fixes:
* Always initialise the field for PARTITION_ECC_PROTECTED so it doesn't
contain garbage
* Provide a warning when we encounter a flag we don't understand
* Ignore empty flags so we don't trigger the unknown flag warning
* Unset the READONLY bit if we encounter READWRITE, implementing
last-configuration-wins rather than sticky-readonly
Change-Id: I3dd45139716fe241f9d3e7997e1269d13de638ca
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
|
|
| |
Exercises the flags associated with FFS properties.
Change-Id: Id710784cbbf3115712f7ce55e1fd38c8889b2c1f
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: I17e876fcb18b69d29bcc439e0f270760e015f246
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: I0122a2239df3ec7c83e2bf778d4d8df5a348d495
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: If712eac2e0f7b2c46e8bd473a5dc1c5b62c534b4
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: If0861efb0f6bccf82a2df94204821f22198e17b0
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: Iaac0e7783f1ceba0d009fcd4865861b0109639e4
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: I30325d8dbee300fc93911a7e9e2650fc592a7055
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
|
|
|
| |
For separate tests of access to offsets that do and don't contain a
partition.
Change-Id: I2466821b81eb721eeffe7db02d177c6f78e06101
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: I36f3946487d0b613fa0ada9bfa777e4d12444fac
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: Idec2747e2233eea5631740ed702623b5e4409a1c
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: I10b82d84cd40d52b0a489dc834269eec1a0d5240
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
| |
Change-Id: I71641b2c67eebf0b2babd677a46dbc45e0848795
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
|
|
|
| |
Define a new variable to capture the library requirements of the vpnor
tests.
Change-Id: I966f699a9a96ee943602476d1d1015347cfe9c0b
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
| |
|
|
|
|
|
|
|
| |
The VpnorRoot class prepares a temporary directory for use as a VPNOR
backing store. Implementing it as a class allows us to use RAII to get
it to clean up after itself.
Change-Id: Ia5a839e751f8dc2126a4c0b474e9a7b8593cfd57
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
Change-Id: I5fe7f625ad642cef17fe53bd244dcde8fd99f3ad
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
