core: Add TX/RX API that exposes message tag and tag owner

MCTP received packets can carry a message tag and tag owner bit
which is set by a remote MCTP endpoint. This can be used by the
remote MCTP

core: Add TX/RX API that exposes message tag and tag owner

MCTP received packets can carry a message tag and tag owner bit
which is set by a remote MCTP endpoint. This can be used by the
remote MCTP endpoint to track the responses. Thus, libmctp should
provide a mechanism for the upper layer MCTP applications to
respond with the same message tag.

This patchset extends TX and RX API with message tag and
tag owner bits.

Signed-off-by: Sumanth Bhat <sumanth.bhat@linux.intel.com>
Change-Id: I6d07eafa86c653abdd4313ab7cc77e5a93124477

show more ...

libmctp: Introduce compiler.h

Define __unused here and include compiler.h in all the places we can
make use of it. Clean up some header ordering and include styles while
we're at it.

Signed-off-by:

libmctp: Introduce compiler.h

Define __unused here and include compiler.h in all the places we can
make use of it. Clean up some header ordering and include styles while
we're at it.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I33ddbdacbddbbf557dc02e42d8dde71a16e1cabe

show more ...

core: Handle exhaution of message contexts

If message contexts are exhausted, there is a possibility of
NULL pointer dereference. Close this attack surface with a
check on the message context creati

core: Handle exhaution of message contexts

If message contexts are exhausted, there is a possibility of
NULL pointer dereference. Close this attack surface with a
check on the message context creation status.

Signed-off-by: Sumanth Bhat <sumanth.bhat@linux.intel.com>
Change-Id: I208349b74a27a14b180c976bd78ec81a7991e43f

show more ...

core: Handle arithmetic overflow in adding new fragments

Large fragment sizes can cause arithmetic overflows and can
cause memory corruptions. However, this condition will not be hit
with a fragment

core: Handle arithmetic overflow in adding new fragments

Large fragment sizes can cause arithmetic overflows and can
cause memory corruptions. However, this condition will not be hit
with a fragment size check in place and with a sane memory allocator
in place.

Adding this check to ensure that we have defense in depth.

Signed-off-by: Sumanth Bhat <sumanth.bhat@linux.intel.com>
Change-Id: Iaa976ce636c1eb617afa75e852b39c50699ebeb2

show more ...

core: Handle MCTP fragment sizes

Message assembly can be terminated if case we receive a
middle/end packet of unexpected size. This provision is
provided in DSP0236 v1.3.1 section 8.8 incorrect tran

core: Handle MCTP fragment sizes

Message assembly can be terminated if case we receive a
middle/end packet of unexpected size. This provision is
provided in DSP0236 v1.3.1 section 8.8 incorrect transmission
unit.

Reception of middle packets whose size is not equal to
start packet and end packets whose size is not less than
or equal to the start packet causes message assembly
termination.

Signed-off-by: Sumanth Bhat <sumanth.bhat@linux.intel.com>
Change-Id: I6371ab9e22e2c8ece70a9480f224de3f1f2f184e

show more ...

astlpc: Introduce protocol v3 with integrity checks

v3 of the binding adds a CRC-32 value as a medium-specific trailer to
each packet passing over the binding interface.

The patch includes a naive

astlpc: Introduce protocol v3 with integrity checks

v3 of the binding adds a CRC-32 value as a medium-specific trailer to
each packet passing over the binding interface.

The patch includes a naive bit-shift implementation of CRC-32, we can
improve it later as necessary.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I93a95bccef30010d56e10e29b6d84554268ab7af

show more ...

libmctp: Split padding in pktbuf into header and trailer

The astlpc binding will shortly make use of a medium-specific trailer to
implement a CRC-32 integrity check over packet data. Allow for
mediu

libmctp: Split padding in pktbuf into header and trailer

The astlpc binding will shortly make use of a medium-specific trailer to
implement a CRC-32 integrity check over packet data. Allow for
medium-specific trailer data in the pktbuf in order to remove the need
for a bounce-buffer. The binding will trim the pktbuf to the payload
length before passing the instance up the stack.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Ib215a552ff218b007f7f119c5235fbc75d9ca6cb

show more ...

astlpc: Make packet properties depend on protocol version

The astlpc binding will shortly have an implementation of the v3
protocol specification. v3 adjusts the medium-specific packet size to
inclu

astlpc: Make packet properties depend on protocol version

The astlpc binding will shortly have an implementation of the v3
protocol specification. v3 adjusts the medium-specific packet size to
include a CRC-32 in a packet trailer. Implementing v3 must not impact
the behaviour of earlier protocol versions, so provide an ops struct to
handle version-specific details.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Iab04defa76b57a592442189e6ade58f25ed1d9ae

show more ...

tests: astlpc: Exercise mctp_message_tx() before channel init

Attempting to send messages before channel init should intentionally
fail, not fail by OOMing the machine.

Signed-off-by: Andrew Jeffer

tests: astlpc: Exercise mctp_message_tx() before channel init

Attempting to send messages before channel init should intentionally
fail, not fail by OOMing the machine.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: If912f488d89f14e66e7bb18dbf3c929648117827

show more ...

core: Fix large packet buffer overrun

The astlpc binding allows negotiation of Tx/Rx region sizes, but the
packet accumulator assumed packet sizes were at most 4096 bytes. Avoid
buffer overflow by

core: Fix large packet buffer overrun

The astlpc binding allows negotiation of Tx/Rx region sizes, but the
packet accumulator assumed packet sizes were at most 4096 bytes. Avoid
buffer overflow by allocating at least the length of the inbound packet
if we have not yet initialised the packet buffer.

Fixes:

=================================================================
==42296==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000002500 at pc 0x7ff8a22235ce bp 0x7ffd47469750 sp 0x7ffd47468ef8
WRITE of size 8192 at 0x621000002500 thread T0
#0 0x7ff8a22235cd in __interceptor_memcpy (/usr/lib/x86_64-linux-gnu/libasan.so.6+0x3a5cd)
#1 0x7ff8a21ac78b in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
#2 0x7ff8a21ac78b in mctp_msg_ctx_add_pkt /home/andrew/src/openbmc/libmctp/core.c:237
#3 0x7ff8a21af245 in mctp_bus_rx /home/andrew/src/openbmc/libmctp/core.c:495
#4 0x56458d3f9648 in mctp_astlpc_rx_start astlpc.c:813
#5 0x56458d3f9648 in mctp_astlpc_poll astlpc.c:931
#6 0x56458d3fc1f4 in astlpc_test_send_large_packet tests/test_astlpc.c:1111
#7 0x56458d3efc86 in main tests/test_astlpc.c:1185
#8 0x7ff8a165dcb1 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x28cb1)
#9 0x56458d3efe7d in _start (/home/andrew/src/openbmc/libmctp/tests/.libs/test_astlpc+0x17e7d)

0x621000002500 is located 0 bytes to the right of 4096-byte region [0x621000001500,0x621000002500)
allocated by thread T0 here:
#0 0x7ff8a22998d0 in __interceptor_realloc (/usr/lib/x86_64-linux-gnu/libasan.so.6+0xb08d0)
#1 0x7ff8a21b0533 in __mctp_realloc /home/andrew/src/openbmc/libmctp/alloc.c:48

SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.6+0x3a5cd) in __interceptor_memcpy
Shadow bytes around the buggy address:
0x0c427fff8450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fff8460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fff8470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fff8480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c427fff8490: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c427fff84a0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fff84b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fff84c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fff84d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fff84e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c427fff84f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==42296==ABORTING

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I9d39090cb9246ec2f6c06942d4f2a91fe0df0202

show more ...

tests: astlpc: Re-order astlpc ops struct definitions

Make it easier to isolate test cases with `#if 0` hackery.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Ibc3daef821768407b01f7599

tests: astlpc: Re-order astlpc ops struct definitions

Make it easier to isolate test cases with `#if 0` hackery.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Ibc3daef821768407b01f75996d3ab614bb6b6593

show more ...

astlpc: Make MTU configurable at binding instantiation

Make the MTU value provided to mctp_astlpc_init() stick. Previously we
just printed a warning and forced the MTU to the baseline transmission
u

astlpc: Make MTU configurable at binding instantiation

Make the MTU value provided to mctp_astlpc_init() stick. Previously we
just printed a warning and forced the MTU to the baseline transmission
unit. Now that MTU negotiation is in place, accept the provided value.

Change-Id: I0c026ba0a94a26a6d99755d3debf048b6e0b4aca
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

astlpc: Introduce MTU negotiation

MTU negotiation is implemented in a backwards-compatible manner with
version 1 of the astlpc binding. Functionally, MTU negotation involves
proposing arrangements o

astlpc: Introduce MTU negotiation

MTU negotiation is implemented in a backwards-compatible manner with
version 1 of the astlpc binding. Functionally, MTU negotation involves
proposing arrangements of the Rx and Tx buffer layouts. It is assumed
that the MTU is a packet sized to fill the Tx buffer as described in the
control space.

For v1 of the binding the MTU is defined in terms of the MCTP_BTU
constant provided by libmctp.h. MCTP_BTU is used regardless of the
buffer sizes specified in the control space (which MUST describe buffers
supporting at least MCTP_BTU-sized packets).

For v2 of the binding the MTU is defined in terms of the appropriate
buffer's size field in the control space.

The sequence of events for negotiating the MTU under v2 is as follows:

1. The BMC initialises its binding, filling out the Rx and Tx buffer
properties with the largest configuration it supports.

2. The host initialises its binding, writing its maximum Rx buffer size
before sending `channel-init` to the BMC.

3. The BMC receives `channel-init`, negotiates protocol version 2 and
then validates the host's proposed buffer configuration. If the proposed
configuration is invalid (e.g. out-of-bounds values) the BMC terminates
channel initialisation leaving the channel-active bit clear and writing
the zero to the negotiated version field. If the proposal is valid, the
BMC calculates the buffer sizes according to the available constraints
and writes the chosen buffer configuration to the control region.

4. Assuming the version negotiation and buffer configuration are
successful, the BMC sets `channel-active` and notifies the host

5. The host reads `channel-active`, accepts the negotiation of v2 and
validates the buffer configuration. If the validation passes, then the
buffer configuration is the configuration used for the remainder of the
session. If validation fails then the host MUST NOT send MCTP packets
via the LPC binding until a valid buffer configuration can be
negotiated.

Change-Id: I89107593f220418d746c2d73771348ed8f7f3e87
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

astlpc: Implement version negotiation

Binding version negotiation was previously left as a todo. With the
upcoming efforts to introduce MTU negotiation we need to repurpose some
of the fields in the

astlpc: Implement version negotiation

Binding version negotiation was previously left as a todo. With the
upcoming efforts to introduce MTU negotiation we need to repurpose some
of the fields in the control structure (in a backwards-compatible way),
so make sure we can first negotiate the protocol version before
proceeding to change the semantics of the fields.

Change-Id: Ibd2283987b8b60b3ab7ada667e2b507b4ac09034
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test_astlpc: Add astlpc_test_undefined_command()

Any undefined commands recieved should be discarded without affecting
channel state.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I631

test_astlpc: Add astlpc_test_undefined_command()

Any undefined commands recieved should be discarded without affecting
channel state.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I63122307a18d02683084951abe6127944de756e0

show more ...

test_astlpc: Add astlpc_test_poll_not_ready()

Ensure we don't fail or block the poll operation if there's no data.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Iadb63155bf94bf837b215c

test_astlpc: Add astlpc_test_poll_not_ready()

Ensure we don't fail or block the poll operation if there's no data.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Iadb63155bf94bf837b215c957fa75a866dcff9f0

show more ...

astlpc: Remove redundant KCS register name enumeration

Seems we grew two separate enums for the registers at some point.

Change-Id: I87eca646a93ca65c783ea6276cbc33b577dcd721
Signed-off-by: Andrew J

astlpc: Remove redundant KCS register name enumeration

Seems we grew two separate enums for the registers at some point.

Change-Id: I87eca646a93ca65c783ea6276cbc33b577dcd721
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

astlpc: Handle loss of bmc-ready state

Up until now the host implementation assumed the BMC was always present.
This may not be the case, so implement the facility to manage the Tx
queue state acros

astlpc: Handle loss of bmc-ready state

Up until now the host implementation assumed the BMC was always present.
This may not be the case, so implement the facility to manage the Tx
queue state across BMC reboots.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I6e4c5270bc2e2bca10fed102e93cec13f763667e

show more ...

astlpc: Consolidate direct vs indirect LPC access

Use helpers to wrap up LPC accessors so we're not littering the code
with conditional checks for direct or indirect access. As a result, drop
the pr

astlpc: Consolidate direct vs indirect LPC access

Use helpers to wrap up LPC accessors so we're not littering the code
with conditional checks for direct or indirect access. As a result, drop
the priv_hdr pointer from struct mctp_binding_astlpc as we're utilising
the buffers provided by the caller, which in turn removes a heap
allocation.

Change-Id: Iab9ca4295879a3f3a0209fb23163c0383476c223
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test_astlpc: Add test initialising the device before the bus owner

This is an invalid initialisation sequence, so ensure the device
start-up routine bails out if it detects that data in the control

test_astlpc: Add test initialising the device before the bus owner

This is an invalid initialisation sequence, so ensure the device
start-up routine bails out if it detects that data in the control area
is invalid.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I9575bf6d34439212fe27cd56271c16f38d7b2faa

show more ...

test_astlpc: Add test for a simple message from host to BMC

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Ia763f4704fe0d406ca873b6a58cfd85d2408f5ee

test_astlpc: Improve readability of test output

Add descriptions of which test is running and break up the output
between tests.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Ibdc43d7e

test_astlpc: Improve readability of test output

Add descriptions of which test is running and break up the output
between tests.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Ibdc43d7e4162a4cf58659adc428ee093f73ce3e1

show more ...

test_astlpc: Test simple message from BMC to host

Remove the corresponding assertions from the packetized message test.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Ifd0d857e4e955e57b

test_astlpc: Test simple message from BMC to host

Remove the corresponding assertions from the packetized message test.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Ifd0d857e4e955e57b0fb4a4cd2dc0a655b3c9508

show more ...

test_astlpc: Clean up debugging in KCS callbacks

This makes the file clang-format clean.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: Ie13c2c131ed1e00a8b527f27481cda22a824e8e6

test_astlpc: Assert message expectations in rx_message()

Confirm that we receive the packet that was sent.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I485fda9646af63ceba69e3da78c2d2

test_astlpc: Assert message expectations in rx_message()

Confirm that we receive the packet that was sent.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Change-Id: I485fda9646af63ceba69e3da78c2d214d5c09ff8

show more ...