| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
This allows us to provide alternative implementations for the handlers
as necessary. The vpnor feature, which enforces the read-only property
of FFS partitions, requires this for handling CREATE_WRITE_WINDOW.
Change-Id: Ia969a6f085244b194c500e66b62adca5e10bacba
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
| |
In the spirit of things that are together should be kept together. The
repository layout now better corresponds to upstream with the exception
of the vpnor directory and some modifications to Makefile.am
Change-Id: I16d59a3c9ee846065f6a8c83eb4459715d525f3f
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is prepatory work for introducing more vpnor-specific behaviours to
window handling. We will be introducing more objects to link, in order
to hook some of the window command handlers.
This change takes the opportunity to revert back to the upstream names
for some of the original C files.
Change-Id: I6b67ae466a2695054035e65ba752881be9c32d1a
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
| |
Deny attempts to open write windows to flash space that is unmapped in
the ToC. This gives explicit feedback that any data written would not be
persisted if it were possible create the write window in the first
place.
Change-Id: I0e7967247b122aa8d0c1de38af43162ba0ccc8fa
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
This test case should always pass. Ensure it does in the face of
modifications to how the request is processed.
Change-Id: I090aa6518750615c6b931404f5ad54b13cf95e28
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The virtual PNOR implementation enforces the read-only attribute of
partitions out of the box. This causes trouble when the host requests a
write window over a read-only partition, as the flush command will fail.
Further, by design, we have open-implies-close-implies-flush semantics,
which means once a flush fails, any subsequent request to open a window
also fails.
We want the daemon to deny attempts to open write windows over a
read-only partition during the CREATE_WRITE_WINDOW request, to avoid
the cascading failures later on.
Change-Id: Ib6bec3d34a8a47e517088dd504f7a74641882f5d
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The host may request a window over the end of the flash where the window
size combined with the requested offset exceeds the limit of the flash.
This issue was introduced with the virtual PNOR, as copy_flash() now may
return a size less than requested. This leads to offset requests that
are still block aligned, but the windows may no longer be aligned with
respect to the flash size.
This issue triggers the read error reported from the Petitboot
environment in an earlier commit message:
/ # cat /dev/mtd0 > /dev/null
[ 501.061616288,3] MBOX-FLASH: Bad response code from BMC 2
[ 501.150405995,3] MBOX-FLASH: Error waiting for BMC
cat: read error: Input/output error
/ # echo $?
1
/ #
With the corresponding mboxd trace on the BMC:
[ 1519966031.652036815] Received MBOX command: 4
[ 1519966031.652272613] Host requested flash @ 0x03f1a000
[ 1519966031.652411603] Tried to open read window past flash limit
[ 1519966031.652500088] Couldn't create window mapping for offset 0x03f1a000
[ 1519966031.652607966] Error handling mbox cmd: 4
[ 1519966031.652661421] Writing MBOX response: 2
[ 1519966031.652762229] Error handling MBOX event
Instead, shrink the request such that the resulting window exactly maps
the flash limit, and no further.
Change-Id: Id33ae3b14252eb40240ef1925311f22aceb103b4
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After copying a portion of the backing store to a window,
create_map_window() "resizes" the window to the aligned-up size reported
by copy_flash(). This allows use of the window size as the content size
elsewhere in the codebase.
However, if we needed to evict a window to satisfy a request, the window
properties were not reset. This lead to inefficient use of the reserved
memory by limiting the effective window size to the minimum size of all
requests that were previously allocated the window in question.
Inefficient use of reserved memory isn't the only side effect; the host
takes an eye-watering hit to throughput that gets exponentionally
worse over time:
From the petitboot shell without the patch applied:
/ # time cat /dev/mtd0 > /dev/null
real 0m 49.77s
user 0m 0.00s
sys 0m 49.76s
/ # time cat /dev/mtd0 > /dev/null
real 1m 33.57s
user 0m 0.00s
sys 1m 33.55s
/ # time cat /dev/mtd0 > /dev/null
real 4m 45.37s
user 0m 0.00s
sys 4m 45.35s
/ # time cat /dev/mtd0 > /dev/null
real 9m 17.77s
user 0m 0.00s
sys 9m 17.76s
/ #
And with the patch applied:
/ # time cat /dev/mtd0 > /dev/null
real 0m 43.00s
user 0m 0.00s
sys 0m 42.99s
/ # time cat /dev/mtd0 > /dev/null
real 0m 42.40s
user 0m 0.00s
sys 0m 42.39s
/ # time cat /dev/mtd0 > /dev/null
real 0m 42.41s
user 0m 0.00s
sys 0m 42.39s
/ #
Reset the properties to allow use of the entire reserved memory region
allocated to the window, improving memory efficiency, throughput, and
minimising throughput variance.
Change-Id: I7be78ec5e0a9ee0caf31133b0861e333844b8975
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
| |
Sanity check that requesting arbitrary offsets inside a partition will
map to an existing window containing that partitions data. This ensures
we don't have multiple windows mapping the same content and shooting
ourselves in the foot with coherency issues.
Change-Id: Ie13cc36a9f092381660d5c45ed6d2477c3a4d6ce
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
Tests to make sure that the window size returned has not been shrunk
inappropriately by previous requests.
Change-Id: Ib86d0744c774b5cf57235833a402bc79ef9979b9
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The backing file for the LPC reserved memory region was being allocated
as the size of the MTD device. These sizes are completely unrelated.
The current configuration causes segfaults when the reserved memory
region exceeds the size of the flash.
Instead, resize the backing file once we know how big it needs to be.
Thankfully __init_lpc_dev() doesn't need the file to be sized to the
reported reserved memory size.
Change-Id: I89fd85ffe991ce0503055117684ac7d4d7b8abb1
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test is intended to read and verify the content of the flash, and
verify that the read completes without error in the face of unusual
flash size with respect to the window configuration.
Specifically, the test is arranged such that the reserved memory exceeds
the flash size, and the flash layout conspires such that the final
request is for a window whose flash offset and window size exceed the
flash size. This currently triggers an error condition in the mbox
window handling, and causes the host to receive an error response to its
CREATE_READ_WINDOW request. On the host side this results in the reading
process receiving an EIO.
Due to what is probably an oversight in the mbox window handling, some
care needs to be taken in the test configuration: The current behaviour
is that copy_flash() will return a length that may be less than the size
of the reserved memory window. The returned value is aligned up to the
next block and assigned as the current window's size. However, when
evicting a window, we do not reset the size to the default size. As a
consequence, windows can shrink and remain at a size below the default
window size. Without careful control of the test parameters this can
lead to the appearance that there is no bug in the window handling as,
serendipitously, a window of the correct size can be evicted for the
final CREATE_READ_WINDOW request.
Change-Id: I436595f428bf4e93392315ec1110b6b6f4a11821
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
| |
mbox_rspcpy() copies the mboxd response into a struct mbox_msg for use
by the caller. This is useful in test cases that want to read contiguous
chunks of the flash. mbox_rspcpy() allows them to extract the current
window's offset and length to dynamically construct the
CREATE_READ_WINDOW request for the subsequent blocks.
Change-Id: I4d35889a0785b2d9ab737eba6755892caed53270
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Partitions with patch files whose size was less than the partition size
in the ToC could not be completely read by the host. For example when
scanning over the entire PNOR on the host with `cat /dev/mtd0 >
/dev/null` the host would lock up. A trace from mboxd under these
circumstances shows:
[ 1519832857.966501396] Received MBOX command: 4
[ 1519832857.966695620] Host requested flash @ 0x02a44000
[ 1519832857.968642020] Window @ 0x730ce000 for size 0x00024000 maps flash offset 0x02a44000
[ 1519832857.968808728] Writing MBOX response: 1
[ 1519832858.222090630] Received MBOX command: 4
[ 1519832858.222284692] Host requested flash @ 0x02a68000
[ 1519832858.223964544] Window @ 0x73cce000 for size 0x00009000 maps flash offset 0x02a68000
[ 1519832858.224136142] Writing MBOX response: 1
[ 1519832858.435944292] Received MBOX command: 4
[ 1519832858.436138394] Host requested flash @ 0x02a71000
[ 1519832858.437026725] Window @ 0x734ce000 for size 0x00007000 maps flash offset 0x02a71000
[ 1519832858.437195251] Writing MBOX response: 1
[ 1519832858.646768070] Received MBOX command: 4
[ 1519832858.646968637] Host requested flash @ 0x02a78000
[ 1519832858.647567228] Window @ 0x768ce000 for size 0x00001000 maps flash offset 0x02a78000
[ 1519832858.647731755] Writing MBOX response: 1
[ 1519832858.848288015] Received MBOX command: 4
[ 1519832858.848489188] Host requested flash @ 0x02a79000
[ 1519832858.849006404] Window @ 0x758ce000 for size 0x00000000 maps flash offset 0x02a79000
[ 1519832858.849168870] Writing MBOX response: 1
[ 1519832859.048631708] Received MBOX command: 4
[ 1519832859.048827305] Host requested flash @ 0x02a79000
[ 1519832859.049343956] Window @ 0x756ce000 for size 0x00000000 maps flash offset 0x02a79000
[ 1519832859.049503553] Writing MBOX response: 1
[ 1519832859.248950916] Received MBOX command: 4
[ 1519832859.249142069] Host requested flash @ 0x02a79000
[ 1519832859.249649871] Window @ 0x741ce000 for size 0x00000000 maps flash offset 0x02a79000
Of significance are the last three CREATE_READ_WINDOW requests, where
the request succeeds but mboxd reports back a zero-sized window to the
host. The host immediately considers itself done with the window, and
requests a new window offset from the previous by size, which is zero.
Thus it re-requests the same offset, and receives the same zero-sized
window in return.
As a result, firmware gets stuck in an unterminated loop, stealing the
core from Linux, which promptly starts reporting a constant stream of
RCU stall warnings among the rest of the failures. Everyone is
miserable.
The offset in question maps to a partition but not to a valid offset in
the file backing that partition. Resize the backing file to meet the
maximum access address within the limits of the partition size defined
in the ToC. By doing so, we are able to map as much of the partition as
necessary.
However, we're not done. Whilst we no longer crash the host, we still
don't successfully complete the operation the host requested. From
Petitboot:
/ # cat /dev/mtd0 > /dev/null
[ 501.061616288,3] MBOX-FLASH: Bad response code from BMC 2
[ 501.150405995,3] MBOX-FLASH: Error waiting for BMC
cat: read error: Input/output error
/ # echo $?
1
/ #
And the corresponding mboxd trace on the BMC:
[ 1519966031.652036815] Received MBOX command: 4
[ 1519966031.652272613] Host requested flash @ 0x03f1a000
[ 1519966031.652411603] Tried to open read window past flash limit
[ 1519966031.652500088] Couldn't create window mapping for offset 0x03f1a000
[ 1519966031.652607966] Error handling mbox cmd: 4
[ 1519966031.652661421] Writing MBOX response: 2
[ 1519966031.652762229] Error handling MBOX event
The read failure will be fixed in a follow-up patch.
Change-Id: Iffdfb8af6f739df5e6d9c171b584a7244bdb7099
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Table class was unhelpful for testing in a couple of ways:
1. It attempted to access files on the filesystem whilst parsing ToC
entries
2. It incorrectly assumed the location of the files it was accessing
Both of these issues come down to handling of patch files and the
configuration of the 'actual' member of the partition struct.
Hoist the handling of the partition entry's data size out of the ToC
parser, and rework the Table constructor to only require a struct
mbox_context pointer. We can then use the paths member of mbox_context
to find the patch location rather than hard-code the value generated by
the configure script.
This prompts a rework and rename of the wrapper functions in
mboxd_pnor_partition_table.{cpp,h} to better align with the new
behaviour of the Table constructor. Reworking the wrappers has knock-on
effects in the tests, but the changes are straight-forward.
Change-Id: I87e63daf0d28b93566f7e5cb565cbf0790428479
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
Ensures writes can resize the backing files up to the limit of the
partition size.
Change-Id: Ie399d556dd485a235b7f6731d35536b2a6c703be
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
| |
The patch file in question is smaller than the partition defined for it.
This configuration exposes a bug where mboxd responds to a
CREATE_READ_WINDOW for the blocks after the length of the patch file
with a 0-sized window. Outside of the test environment this behaviour
causes the host to enter an unterminated loop in firmware.
Change-Id: I13aafb58a7876dc1589f695a9f5c80d082b4e15f
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: If557811530f9a886355d023ea73c3412ba5797f8
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
The CREATE_READ_WINDOW request asks for an offset below the one defined
partition, between it and the ToC.
Change-Id: Iafaa530a3d6b02626106508b81c7aa7eaef9c876
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow reads and writes of offsets that don't map onto partitions defined
in the ToC. Do so by ignoring the mapping failure and filling a window
with 0xff in the hole from the requested offset to the following
partition.
This change also removes the reliance on InternalFailure as the
exception of choice for communicating failures. We can do better without
the teeth-pulling required by phosphor-logging by translating custom
exceptions into phosphor-logging exceptions at the edges.
Change-Id: Ibfa961a66b0b979354c6dc226ccbe7e9fbafc16d
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: Icde607847812bcba3c7e2a131d7f46e223d44440
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
As the handling of the ToC is separate to the mapping of other
partitions, ensure we have appropriate coverage of copy_flash.
Change-Id: If362c667df65b2648849cab2e0c11ebe0416d254
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
Attempts to access an offset beyond the end of what's defined in the
partition table.
Change-Id: I43c55423625261947965155cb1d53ef276a4ed05
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I6fb96c921bead334ff178d0d78e9c7e7c7234f0a
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I3dbb4a14c5052c1689f930744a59b465b482fb68
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I5243ee9d093445437cc6d75400d1d51ff5885719
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I25c6a6c4cee69ce9ba28c238851c7b7c622bb9b3
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: Iafddb01ad174b27e3f12272e107cc0323d824c81
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a collection of small fixes:
* Always initialise the field for PARTITION_ECC_PROTECTED so it doesn't
contain garbage
* Provide a warning when we encounter a flag we don't understand
* Ignore empty flags so we don't trigger the unknown flag warning
* Unset the READONLY bit if we encounter READWRITE, implementing
last-configuration-wins rather than sticky-readonly
Change-Id: I3dd45139716fe241f9d3e7997e1269d13de638ca
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
| |
Exercises the flags associated with FFS properties.
Change-Id: Id710784cbbf3115712f7ce55e1fd38c8889b2c1f
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I17e876fcb18b69d29bcc439e0f270760e015f246
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I0122a2239df3ec7c83e2bf778d4d8df5a348d495
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: If712eac2e0f7b2c46e8bd473a5dc1c5b62c534b4
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: If0861efb0f6bccf82a2df94204821f22198e17b0
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: Iaac0e7783f1ceba0d009fcd4865861b0109639e4
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I30325d8dbee300fc93911a7e9e2650fc592a7055
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
| |
The CREATE_READ_WINDOW command supplied by the test case worked by
accident more than design with respect to the specified PNOR layout.
Make the partition size one block for sanity.
Change-Id: I2f3e55c8be309b3940447148289b0c5aced0b094
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
For separate tests of access to offsets that do and don't contain a
partition.
Change-Id: I2466821b81eb721eeffe7db02d177c6f78e06101
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I36f3946487d0b613fa0ada9bfa777e4d12444fac
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: Idec2747e2233eea5631740ed702623b5e4409a1c
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I10b82d84cd40d52b0a489dc834269eec1a0d5240
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I71641b2c67eebf0b2babd677a46dbc45e0848795
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
| |
Define a new variable to capture the library requirements of the vpnor
tests.
Change-Id: I966f699a9a96ee943602476d1d1015347cfe9c0b
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I635a085283d86a1f672f736a26981901d38ea599
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I9d18bd108d1c0972a5fefa384152757a2483c103
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: I5d49a090482d280317e75c7a7e2dc68d7fa265e2
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously it represented any one of the ro/rw/prsv/patch directories.
It's better if we can deal with all of them at once, so rework the
abstraction.
In the process, the patch exploits other features of
std::experimental::filesystem to increase readability of the code.
Change-Id: I06000709622dd66945cc88cb5333847c69215dc7
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
| |
Change-Id: Ibb2ea631d3bb903a6607edac085d3025479e5ff7
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
| |
The VpnorRoot class prepares a temporary directory for use as a VPNOR
backing store. Implementing it as a class allows us to use RAII to get
it to clean up after itself.
Change-Id: Ia5a839e751f8dc2126a4c0b474e9a7b8593cfd57
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|
|
|
|
|
|
|
|
|
| |
Move the createVpnorTree() helper function out from the
create_pnor_partition_table test case into its own header. This way
multiple tests can make use of its function.
Change-Id: Ieb4149e736c7ff87ecdbf7aa586b58baf936cd97
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
|