[v3,0/9] Bug fixes and improved logging in MHI

Message ID	1588193551-31439-1-git-send-email-bbhatt@codeaurora.org
Headers	show Return-Path: <SRS0=r303=6N=vger.kernel.org=linux-arm-msm-owner@kernel.org> Date: Subject: Cc: To: From: Sender; bh=p1T77UuTyTPUkQiCdjRiexComvsqP6jWBbVEBaDSv+4=; b=VLfqAXOHF1m6JbZm93aez7aDlZI/C1fRLCb+RbDErVAL9txVZ+Ypz5RawFcRNqUnYZJTRFO7 b4viPfTxeCe7kJTBXzGH1iL2Ktr+imy9swbVnOOH3xFbTQVRg2/S+fYkWiUEeVdmt0iemf1q 7CtjNVTKJH8aZ0mTsUjyyqBUU/U= sender: bbhatt) by smtp.codeaurora.org (Postfix) with ESMTPSA id 45213C433D2; Wed, 29 Apr 2020 20:52:37 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 45213C433D2 From: Bhaumik Bhatt <bbhatt@codeaurora.org> To: mani@kernel.org Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, hemantk@codeaurora.org, jhugo@codeaurora.org, Bhaumik Bhatt <bbhatt@codeaurora.org> Subject: [PATCH v3 0/9] Bug fixes and improved logging in MHI Date: Wed, 29 Apr 2020 13:52:22 -0700 Message-Id: <1588193551-31439-1-git-send-email-bbhatt@codeaurora.org> Sender: linux-arm-msm-owner@vger.kernel.org Precedence: bulk
Series	Bug fixes and improved logging in MHI \| expand [v3,0/9] Bug fixes and improved logging in MHI [v3,1/9] bus: mhi: core: Refactor mhi queue APIs [v3,3/9] bus: mhi: core: Add range check for channel id received in event ring [v3,4/9] bus: mhi: core: Read transfer length from an event properly [v3,5/9] bus: mhi: core: Handle firmware load using state worker

Message ID

1588193551-31439-1-git-send-email-bbhatt@codeaurora.org

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 45213C433D2
From: Bhaumik Bhatt <bbhatt@codeaurora.org>
To: mani@kernel.org
Cc: linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org,
	hemantk@codeaurora.org, jhugo@codeaurora.org,
	Bhaumik Bhatt <bbhatt@codeaurora.org>
Subject: [PATCH v3 0/9] Bug fixes and improved logging in MHI
Date: Wed, 29 Apr 2020 13:52:22 -0700
Message-Id: <1588193551-31439-1-git-send-email-bbhatt@codeaurora.org>
Sender: linux-arm-msm-owner@vger.kernel.org
Precedence: bulk

Series

Bug fixes and improved logging in MHI | expand

Message

Bhaumik Bhatt April 29, 2020, 8:52 p.m. UTC

A set of patches for bug fixes and improved logging in mhi/core/boot.c.
Verified on x86 and arm64 platforms.

v3:
-Fixed signed-off-by tags
-Add a refactor patch for MHI queue APIs
-Commit text fix in bus: mhi: core: Read transfer length from an event properly
-Fix channel ID range check for ctrl and data event rings processing

v2:
-Fix channel ID range check potential infinite loop
-Add appropriate signed-off-by tags

Bhaumik Bhatt (5):
  bus: mhi: core: Handle firmware load using state worker
  bus: mhi: core: WARN_ON for malformed vector table
  bus: mhi: core: Return appropriate error codes for AMSS load failure
  bus: mhi: core: Improve debug logs for loading firmware
  bus: mhi: core: Ensure non-zero session or sequence ID values

Hemant Kumar (4):
  bus: mhi: core: Refactor mhi queue APIs
  bus: mhi: core: Cache intmod from mhi event to mhi channel
  bus: mhi: core: Add range check for channel id received in event ring
  bus: mhi: core: Read transfer length from an event properly

 drivers/bus/mhi/core/boot.c     |  74 +++++++++++++++----------
 drivers/bus/mhi/core/init.c     |   5 +-
 drivers/bus/mhi/core/internal.h |   4 +-
 drivers/bus/mhi/core/main.c     | 120 +++++++++++++++++++---------------------
 drivers/bus/mhi/core/pm.c       |   6 +-
 include/linux/mhi.h             |   2 -
 6 files changed, 110 insertions(+), 101 deletions(-)

Comments

Jeffrey Hugo April 30, 2020, 3:02 p.m. UTC | #1

On 4/29/2020 2:52 PM, Bhaumik Bhatt wrote:
> Add a bounds check in the firmware copy routine to exit if a malformed
> vector table is found while attempting to load the firmware in to the
> BHIe vector table.
> 
> Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
> ---
>   drivers/bus/mhi/core/boot.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 
> diff --git a/drivers/bus/mhi/core/boot.c b/drivers/bus/mhi/core/boot.c
> index 17c636b..bc70edc 100644
> --- a/drivers/bus/mhi/core/boot.c
> +++ b/drivers/bus/mhi/core/boot.c
> @@ -362,8 +362,14 @@ static void mhi_firmware_copy(struct mhi_controller *mhi_cntrl,
>   	int i = 0;
>   	struct mhi_buf *mhi_buf = img_info->mhi_buf;
>   	struct bhi_vec_entry *bhi_vec = img_info->bhi_vec;
> +	struct device *dev = &mhi_cntrl->mhi_dev->dev;
>   
>   	while (remainder) {
> +		if (WARN_ON(i >= img_info->entries)) {
> +			dev_err(dev, "Malformed vector table\n");

I feel like this message needs more detail.  At a minimum, I think it 
should indicate what vector table (BHIe).  I think if you can identify 
what file, etc the the glitch is in, that would be better.  Maybe some 
detail about i and img_info->entries.

If I see this error message, I should have enough information to 
immediately debug the issue.  If it tells enough to go directly into the 
firmware file and have a look at entry X to see what might be corrupt 
about it, that makes my debugging very efficient.  If I have to go back 
to the code to figure out what "Malformed vector table" means, and then 
maybe apply a patch to get more data about the error - the error message 
is not as useful as it should be.

> +			return;
> +		}
> +
>   		to_cpy = min(remainder, mhi_buf->len);
>   		memcpy(mhi_buf->buf, buf, to_cpy);
>   		bhi_vec->dma_addr = mhi_buf->dma_addr;
>

Jeffrey Hugo April 30, 2020, 3:06 p.m. UTC | #2

On 4/29/2020 2:52 PM, Bhaumik Bhatt wrote:
> Add log messages to track boot flow errors and timeouts in SBL or AMSS
> firmware loading to aid in debug.
> 
> Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
> 

Reviewed-by: Jeffrey Hugo <jhugo@codeaurora.org>

Bhaumik Bhatt May 2, 2020, 2:38 a.m. UTC | #3

On 2020-04-30 08:02, Jeffrey Hugo wrote:
> On 4/29/2020 2:52 PM, Bhaumik Bhatt wrote:
>> Add a bounds check in the firmware copy routine to exit if a malformed
>> vector table is found while attempting to load the firmware in to the
>> BHIe vector table.
>> 
>> Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
>> ---
>>   drivers/bus/mhi/core/boot.c | 6 ++++++
>>   1 file changed, 6 insertions(+)
>> 
>> diff --git a/drivers/bus/mhi/core/boot.c b/drivers/bus/mhi/core/boot.c
>> index 17c636b..bc70edc 100644
>> --- a/drivers/bus/mhi/core/boot.c
>> +++ b/drivers/bus/mhi/core/boot.c
>> @@ -362,8 +362,14 @@ static void mhi_firmware_copy(struct 
>> mhi_controller *mhi_cntrl,
>>   	int i = 0;
>>   	struct mhi_buf *mhi_buf = img_info->mhi_buf;
>>   	struct bhi_vec_entry *bhi_vec = img_info->bhi_vec;
>> +	struct device *dev = &mhi_cntrl->mhi_dev->dev;
>>     	while (remainder) {
>> +		if (WARN_ON(i >= img_info->entries)) {
>> +			dev_err(dev, "Malformed vector table\n");
> 
> I feel like this message needs more detail.  At a minimum, I think it
> should indicate what vector table (BHIe).  I think if you can identify
> what file, etc the the glitch is in, that would be better.  Maybe some
> detail about i and img_info->entries.
> 
> If I see this error message, I should have enough information to
> immediately debug the issue.  If it tells enough to go directly into
> the firmware file and have a look at entry X to see what might be
> corrupt about it, that makes my debugging very efficient.  If I have
> to go back to the code to figure out what "Malformed vector table"
> means, and then maybe apply a patch to get more data about the error -
> the error message is not as useful as it should be.
> 

I plan on dropping this patch as it looks like an unnecessary check 
since we
will always rely on the firmware->size from the request_firmware() API 
in order
to calculate the img_info->entries (or we can call it the number of 
segments, in
our case). And we will never fail in the if loop as values will already 
be
bounded.

>> +			return;
>> +		}
>> +
>>   		to_cpy = min(remainder, mhi_buf->len);
>>   		memcpy(mhi_buf->buf, buf, to_cpy);
>>   		bhi_vec->dma_addr = mhi_buf->dma_addr;
>>