tests: Ensure we don't disable asserts

Change-Id: Ieede7bc3c7b9d7dadc48a41b54dbe6c2b474c555
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

mbox_msg: Move handler table to struct mbox_context

This allows us to provide alternative implementations for the handlers
as necessary. The vpnor feature, which enforces the read-only property
of F

mbox_msg: Move handler table to struct mbox_context

This allows us to provide alternative implementations for the handlers
as necessary. The vpnor feature, which enforces the read-only property
of FFS partitions, requires this for handling CREATE_WRITE_WINDOW.

Change-Id: Ia969a6f085244b194c500e66b62adca5e10bacba
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test: Move vpnor tests to vpnor directory

In the spirit of things that are together should be kept together. The
repository layout now better corresponds to upstream with the exception
of the vpnor

test: Move vpnor tests to vpnor directory

In the spirit of things that are together should be kept together. The
repository layout now better corresponds to upstream with the exception
of the vpnor directory and some modifications to Makefile.am

Change-Id: I16d59a3c9ee846065f6a8c83eb4459715d525f3f
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

vpnor: Isolate relevant code in vpnor directory

This is prepatory work for introducing more vpnor-specific behaviours to
window handling. We will be introducing more objects to link, in order
to hoo

vpnor: Isolate relevant code in vpnor directory

This is prepatory work for introducing more vpnor-specific behaviours to
window handling. We will be introducing more objects to link, in order
to hook some of the window command handlers.

This change takes the opportunity to revert back to the upstream names
for some of the original C files.

Change-Id: I6b67ae466a2695054035e65ba752881be9c32d1a
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test: vpnor: Add create_write_window_unmapped

Deny attempts to open write windows to flash space that is unmapped in
the ToC. This gives explicit feedback that any data written would not be
persiste

test: vpnor: Add create_write_window_unmapped

Deny attempts to open write windows to flash space that is unmapped in
the ToC. This gives explicit feedback that any data written would not be
persisted if it were possible create the write window in the first
place.

Change-Id: I0e7967247b122aa8d0c1de38af43162ba0ccc8fa
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test: vpnor: Add create_write_window_rw_partition

This test case should always pass. Ensure it does in the face of
modifications to how the request is processed.

Change-Id: I090aa6518750615c6b93140

test: vpnor: Add create_write_window_rw_partition

This test case should always pass. Ensure it does in the face of
modifications to how the request is processed.

Change-Id: I090aa6518750615c6b931404f5ad54b13cf95e28
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test: vpnor: Add create_write_window_ro_partition

The virtual PNOR implementation enforces the read-only attribute of
partitions out of the box. This causes trouble when the host requests a
write wi

test: vpnor: Add create_write_window_ro_partition

The virtual PNOR implementation enforces the read-only attribute of
partitions out of the box. This causes trouble when the host requests a
write window over a read-only partition, as the flush command will fail.
Further, by design, we have open-implies-close-implies-flush semantics,
which means once a flush fails, any subsequent request to open a window
also fails.

We want the daemon to deny attempts to open write windows over a
read-only partition during the CREATE_WRITE_WINDOW request, to avoid
the cascading failures later on.

Change-Id: Ib6bec3d34a8a47e517088dd504f7a74641882f5d
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

mboxd_windows: Shrink windows accessing the end of flash

The host may request a window over the end of the flash where the window
size combined with the requested offset exceeds the limit of the fla

mboxd_windows: Shrink windows accessing the end of flash

The host may request a window over the end of the flash where the window
size combined with the requested offset exceeds the limit of the flash.
This issue was introduced with the virtual PNOR, as copy_flash() now may
return a size less than requested. This leads to offset requests that
are still block aligned, but the windows may no longer be aligned with
respect to the flash size.

This issue triggers the read error reported from the Petitboot
environment in an earlier commit message:

/ # cat /dev/mtd0 > /dev/null
[ 501.061616288,3] MBOX-FLASH: Bad response code from BMC 2
[ 501.150405995,3] MBOX-FLASH: Error waiting for BMC
cat: read error: Input/output error
/ # echo $?
1
/ #

With the corresponding mboxd trace on the BMC:

[ 1519966031.652036815] Received MBOX command: 4
[ 1519966031.652272613] Host requested flash @ 0x03f1a000
[ 1519966031.652411603] Tried to open read window past flash limit
[ 1519966031.652500088] Couldn't create window mapping for offset 0x03f1a000
[ 1519966031.652607966] Error handling mbox cmd: 4
[ 1519966031.652661421] Writing MBOX response: 2
[ 1519966031.652762229] Error handling MBOX event

Instead, shrink the request such that the resulting window exactly maps
the flash limit, and no further.

Change-Id: Id33ae3b14252eb40240ef1925311f22aceb103b4
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

mboxd_windows: Reset evicted windows

After copying a portion of the backing store to a window,
create_map_window() "resizes" the window to the aligned-up size reported
by copy_flash(). This allows u

mboxd_windows: Reset evicted windows

After copying a portion of the backing store to a window,
create_map_window() "resizes" the window to the aligned-up size reported
by copy_flash(). This allows use of the window size as the content size
elsewhere in the codebase.

However, if we needed to evict a window to satisfy a request, the window
properties were not reset. This lead to inefficient use of the reserved
memory by limiting the effective window size to the minimum size of all
requests that were previously allocated the window in question.

Inefficient use of reserved memory isn't the only side effect; the host
takes an eye-watering hit to throughput that gets exponentionally
worse over time:

From the petitboot shell without the patch applied:

/ # time cat /dev/mtd0 > /dev/null
real 0m 49.77s
user 0m 0.00s
sys 0m 49.76s
/ # time cat /dev/mtd0 > /dev/null
real 1m 33.57s
user 0m 0.00s
sys 1m 33.55s
/ # time cat /dev/mtd0 > /dev/null
real 4m 45.37s
user 0m 0.00s
sys 4m 45.35s
/ # time cat /dev/mtd0 > /dev/null
real 9m 17.77s
user 0m 0.00s
sys 9m 17.76s
/ #

And with the patch applied:

/ # time cat /dev/mtd0 > /dev/null
real 0m 43.00s
user 0m 0.00s
sys 0m 42.99s
/ # time cat /dev/mtd0 > /dev/null
real 0m 42.40s
user 0m 0.00s
sys 0m 42.39s
/ # time cat /dev/mtd0 > /dev/null
real 0m 42.41s
user 0m 0.00s
sys 0m 42.39s
/ #

Reset the properties to allow use of the entire reserved memory region
allocated to the window, improving memory efficiency, throughput, and
minimising throughput variance.

Change-Id: I7be78ec5e0a9ee0caf31133b0861e333844b8975
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test: vpnor: Add create_read_window_remap

Sanity check that requesting arbitrary offsets inside a partition will
map to an existing window containing that partitions data. This ensures
we don't have

test: vpnor: Add create_read_window_remap

Sanity check that requesting arbitrary offsets inside a partition will
map to an existing window containing that partitions data. This ensures
we don't have multiple windows mapping the same content and shooting
ourselves in the foot with coherency issues.

Change-Id: Ie13cc36a9f092381660d5c45ed6d2477c3a4d6ce
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test: vpnor: Add create_read_window_size

Tests to make sure that the window size returned has not been shrunk
inappropriately by previous requests.

Change-Id: Ib86d0744c774b5cf57235833a402bc79ef997

test: vpnor: Add create_read_window_size

Tests to make sure that the window size returned has not been shrunk
inappropriately by previous requests.

Change-Id: Ib86d0744c774b5cf57235833a402bc79ef9979b9
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test: mbox: LPC reserve memory size is not MTD size

The backing file for the LPC reserved memory region was being allocated
as the size of the MTD device. These sizes are completely unrelated.
The c

test: mbox: LPC reserve memory size is not MTD size

The backing file for the LPC reserved memory region was being allocated
as the size of the MTD device. These sizes are completely unrelated.
The current configuration causes segfaults when the reserved memory
region exceeds the size of the flash.

Instead, resize the backing file once we know how big it needs to be.
Thankfully __init_lpc_dev() doesn't need the file to be sized to the
reported reserved memory size.

Change-Id: I89fd85ffe991ce0503055117684ac7d4d7b8abb1
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test: vpnor: Add dump_flash test

The test is intended to read and verify the content of the flash, and
verify that the read completes without error in the face of unusual
flash size with respect to

test: vpnor: Add dump_flash test

The test is intended to read and verify the content of the flash, and
verify that the read completes without error in the face of unusual
flash size with respect to the window configuration.

Specifically, the test is arranged such that the reserved memory exceeds
the flash size, and the flash layout conspires such that the final
request is for a window whose flash offset and window size exceed the
flash size. This currently triggers an error condition in the mbox
window handling, and causes the host to receive an error response to its
CREATE_READ_WINDOW request. On the host side this results in the reading
process receiving an EIO.

Due to what is probably an oversight in the mbox window handling, some
care needs to be taken in the test configuration: The current behaviour
is that copy_flash() will return a length that may be less than the size
of the reserved memory window. The returned value is aligned up to the
next block and assigned as the current window's size. However, when
evicting a window, we do not reset the size to the default size. As a
consequence, windows can shrink and remain at a size below the default
window size. Without careful control of the test parameters this can
lead to the appearance that there is no bug in the window handling as,
serendipitously, a window of the correct size can be evicted for the
final CREATE_READ_WINDOW request.

Change-Id: I436595f428bf4e93392315ec1110b6b6f4a11821
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test: mbox: Add mbox_rspcpy()

mbox_rspcpy() copies the mboxd response into a struct mbox_msg for use
by the caller. This is useful in test cases that want to read contiguous
chunks of the flash. mbo

test: mbox: Add mbox_rspcpy()

mbox_rspcpy() copies the mboxd response into a struct mbox_msg for use
by the caller. This is useful in test cases that want to read contiguous
chunks of the flash. mbox_rspcpy() allows them to extract the current
window's offset and length to dynamically construct the
CREATE_READ_WINDOW request for the subsequent blocks.

Change-Id: I4d35889a0785b2d9ab737eba6755892caed53270
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

pnor_partition: Handle requests exceeding partition's actual size

Partitions with patch files whose size was less than the partition size
in the ToC could not be completely read by the host. For exa

pnor_partition: Handle requests exceeding partition's actual size

Partitions with patch files whose size was less than the partition size
in the ToC could not be completely read by the host. For example when
scanning over the entire PNOR on the host with `cat /dev/mtd0 >
/dev/null` the host would lock up. A trace from mboxd under these
circumstances shows:

[ 1519832857.966501396] Received MBOX command: 4
[ 1519832857.966695620] Host requested flash @ 0x02a44000
[ 1519832857.968642020] Window @ 0x730ce000 for size 0x00024000 maps flash offset 0x02a44000
[ 1519832857.968808728] Writing MBOX response: 1
[ 1519832858.222090630] Received MBOX command: 4
[ 1519832858.222284692] Host requested flash @ 0x02a68000
[ 1519832858.223964544] Window @ 0x73cce000 for size 0x00009000 maps flash offset 0x02a68000
[ 1519832858.224136142] Writing MBOX response: 1
[ 1519832858.435944292] Received MBOX command: 4
[ 1519832858.436138394] Host requested flash @ 0x02a71000
[ 1519832858.437026725] Window @ 0x734ce000 for size 0x00007000 maps flash offset 0x02a71000
[ 1519832858.437195251] Writing MBOX response: 1
[ 1519832858.646768070] Received MBOX command: 4
[ 1519832858.646968637] Host requested flash @ 0x02a78000
[ 1519832858.647567228] Window @ 0x768ce000 for size 0x00001000 maps flash offset 0x02a78000
[ 1519832858.647731755] Writing MBOX response: 1
[ 1519832858.848288015] Received MBOX command: 4
[ 1519832858.848489188] Host requested flash @ 0x02a79000
[ 1519832858.849006404] Window @ 0x758ce000 for size 0x00000000 maps flash offset 0x02a79000
[ 1519832858.849168870] Writing MBOX response: 1
[ 1519832859.048631708] Received MBOX command: 4
[ 1519832859.048827305] Host requested flash @ 0x02a79000
[ 1519832859.049343956] Window @ 0x756ce000 for size 0x00000000 maps flash offset 0x02a79000
[ 1519832859.049503553] Writing MBOX response: 1
[ 1519832859.248950916] Received MBOX command: 4
[ 1519832859.249142069] Host requested flash @ 0x02a79000
[ 1519832859.249649871] Window @ 0x741ce000 for size 0x00000000 maps flash offset 0x02a79000

Of significance are the last three CREATE_READ_WINDOW requests, where
the request succeeds but mboxd reports back a zero-sized window to the
host. The host immediately considers itself done with the window, and
requests a new window offset from the previous by size, which is zero.
Thus it re-requests the same offset, and receives the same zero-sized
window in return.

As a result, firmware gets stuck in an unterminated loop, stealing the
core from Linux, which promptly starts reporting a constant stream of
RCU stall warnings among the rest of the failures. Everyone is
miserable.

The offset in question maps to a partition but not to a valid offset in
the file backing that partition. Resize the backing file to meet the
maximum access address within the limits of the partition size defined
in the ToC. By doing so, we are able to map as much of the partition as
necessary.

However, we're not done. Whilst we no longer crash the host, we still
don't successfully complete the operation the host requested. From
Petitboot:

/ # cat /dev/mtd0 > /dev/null
[ 501.061616288,3] MBOX-FLASH: Bad response code from BMC 2
[ 501.150405995,3] MBOX-FLASH: Error waiting for BMC
cat: read error: Input/output error
/ # echo $?
1
/ #

And the corresponding mboxd trace on the BMC:

[ 1519966031.652036815] Received MBOX command: 4
[ 1519966031.652272613] Host requested flash @ 0x03f1a000
[ 1519966031.652411603] Tried to open read window past flash limit
[ 1519966031.652500088] Couldn't create window mapping for offset 0x03f1a000
[ 1519966031.652607966] Error handling mbox cmd: 4
[ 1519966031.652661421] Writing MBOX response: 2
[ 1519966031.652762229] Error handling MBOX event

The read failure will be fixed in a follow-up patch.

Change-Id: Iffdfb8af6f739df5e6d9c171b584a7244bdb7099
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

pnor_partition_table: Refactor to allow tests to specify patch location

The Table class was unhelpful for testing in a couple of ways:

1. It attempted to access files on the filesystem whilst parsi

pnor_partition_table: Refactor to allow tests to specify patch location

The Table class was unhelpful for testing in a couple of ways:

1. It attempted to access files on the filesystem whilst parsing ToC
entries
2. It incorrectly assumed the location of the files it was accessing

Both of these issues come down to handling of patch files and the
configuration of the 'actual' member of the partition struct.

Hoist the handling of the partition entry's data size out of the ToC
parser, and rework the Table constructor to only require a struct
mbox_context pointer. We can then use the paths member of mbox_context
to find the patch location rather than hard-code the value generated by
the configure script.

This prompts a rework and rename of the wrapper functions in
mboxd_pnor_partition_table.{cpp,h} to better align with the new
behaviour of the Table constructor. Reworking the wrappers has knock-on
effects in the tests, but the changes are straight-forward.

Change-Id: I87e63daf0d28b93566f7e5cb565cbf0790428479
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test: vpnor: Add write_patch_resize

Ensures writes can resize the backing files up to the limit of the
partition size.

Change-Id: Ie399d556dd485a235b7f6731d35536b2a6c703be
Signed-off-by: Andrew Jef

test: vpnor: Add write_patch_resize

Ensures writes can resize the backing files up to the limit of the
partition size.

Change-Id: Ie399d556dd485a235b7f6731d35536b2a6c703be
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test: vpnor: Add read_patch

The patch file in question is smaller than the partition defined for it.
This configuration exposes a bug where mboxd responds to a
CREATE_READ_WINDOW for the blocks afte

test: vpnor: Add read_patch

The patch file in question is smaller than the partition defined for it.
This configuration exposes a bug where mboxd responds to a
CREATE_READ_WINDOW for the blocks after the length of the patch file
with a 0-sized window. Outside of the test environment this behaviour
causes the host to enter an unterminated loop in firmware.

Change-Id: I13aafb58a7876dc1589f695a9f5c80d082b4e15f
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test: vpnor: Add ability to deploy patches in VpnorRoot

Change-Id: If557811530f9a886355d023ea73c3412ba5797f8
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

test: vpnor: Add create_read_window_partition_invalid

The CREATE_READ_WINDOW request asks for an offset below the one defined
partition, between it and the ToC.

Change-Id: Iafaa530a3d6b02626106508b

test: vpnor: Add create_read_window_partition_invalid

The CREATE_READ_WINDOW request asks for an offset below the one defined
partition, between it and the ToC.

Change-Id: Iafaa530a3d6b02626106508b81c7aa7eaef9c876
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

pnor_partition_table: Raise exception for unmapped offsets

Allow reads and writes of offsets that don't map onto partitions defined
in the ToC. Do so by ignoring the mapping failure and filling a wi

pnor_partition_table: Raise exception for unmapped offsets

Allow reads and writes of offsets that don't map onto partitions defined
in the ToC. Do so by ignoring the mapping failure and filling a window
with 0xff in the hole from the requested offset to the following
partition.

This change also removes the reliance on InternalFailure as the
exception of choice for communicating failures. We can do better without
the teeth-pulling required by phosphor-logging by translating custom
exceptions into phosphor-logging exceptions at the edges.

Change-Id: Ibfa961a66b0b979354c6dc226ccbe7e9fbafc16d
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test: vpnor: Add create_read_window_straddle_partitions

Change-Id: Icde607847812bcba3c7e2a131d7f46e223d44440
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

test: vpnor: Add create_read_window_toc

As the handling of the ToC is separate to the mapping of other
partitions, ensure we have appropriate coverage of copy_flash.

Change-Id: If362c667df65b264884

test: vpnor: Add create_read_window_toc

As the handling of the ToC is separate to the mapping of other
partitions, ensure we have appropriate coverage of copy_flash.

Change-Id: If362c667df65b2648849cab2e0c11ebe0416d254
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test: vpnor: Add create_read_window_oob

Attempts to access an offset beyond the end of what's defined in the
partition table.

Change-Id: I43c55423625261947965155cb1d53ef276a4ed05
Signed-off-by: And

test: vpnor: Add create_read_window_oob

Attempts to access an offset beyond the end of what's defined in the
partition table.

Change-Id: I43c55423625261947965155cb1d53ef276a4ed05
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>

show more ...

test: vpnor: Add toc_missing_file

Change-Id: I6fb96c921bead334ff178d0d78e9c7e7c7234f0a
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>