TDA4VM: About Firewall

Hi Huahui,

Not able to reproduce, some thoughts:

• Is the response structure tisci_msg_fwl_get_firewall_region_resp, being 0'd out before the request is sent?
• Is print being outputed, following the format of definition for tisci_msg_fwl_get_firewall_region_resp structure?
• Is issue being seen for all regions / queries, or just that one?

Regards,

kb

Hi kb

When we read the firewall configuration properties in uboot, the information obtained is correct, but when the information is obtained after Linux is fully started, the start address of the related firewall configuration properties will be incorrect. And the start addresses of other firewalls have the same prefix value: 0xd01bd.... or other.

Best regards!

huahui

Is the return code on the call to Sciclient_firewallGetRegion() to ensure it was successful, similar to below code?

Thanks,

kb

    struct tisci_msg_fwl_get_firewall_region_req get_req;
    struct tisci_msg_fwl_get_firewall_region_resp get_resp;


    memset(&get_req, 0, sizeof(struct tisci_msg_fwl_get_firewall_region_req));
    memset(&get_resp, 0, sizeof(struct tisci_msg_fwl_get_firewall_region_resp));

    get_req.fwl_id = fwl_id;
    get_req.n_permission_regs = 1;
    get_req.region = region;

    r =  Sciclient_firewallGetRegion(
       &get_req,
       &get_resp,
       timeout);

    if (r != CSL_PASS)
    {
        printf( "\nGet Region Failed!!");
    }

HI, Kb

We found different results under Linux and RTOS

The starting address of RTOS has no prefix

The starting address of Linux has a prefix

What is the reason for this? Thank you for your reply！

Best regards

Huai hui

Hi Huahui,

The start_address and end_address fields in the  tisci_msg_fwl_get_firewall_region_resp, structure are both defined as 64 bit fields.

The upper 32 bits need to be accounted for when reading/writing/printing the structure.  

The "0x1c", if unexpected may be present, if the full 64bit address was not cleared on the setting of the firewall, and/or it was not cleared before reading the SCI message response. 

Regards,

kb

Hi, KB

Under Linux, the data of sec proxy is read as follows:

static irqreturn_t ti_msgmgr_queue_rx_interrupt(int irq, void *p)
{
	.....
	for (data_reg = qinst->queue_buff_start, word_data = qinst->rx_buff,
	     num_words = (desc->max_message_size / sizeof(u32));
	     num_words; num_words--, data_reg += sizeof(u32), word_data++)
		*word_data = readl(data_reg);

	mbox_chan_received_data(chan, (void *)&message);
	.....
}

The @word_data buffer is overwritten every time, but the data read at this time is wrong.

static void ti_sci_rx_callback(struct mbox_client *cl, void *m)
{
	.....
	/* Take a copy to the rx buffer.. */
	memcpy(xfer->xfer_buf, mbox_msg->buf, xfer->rx_len);
	complete(&xfer->done);
}

Best regards

Huai hui

Hi,KB

In the RTOS test, we found that if the value of one region is modified, the high address value of other regions will also change. What is the problem？

The test code is:

	INT32 ret;
	
	struct tisci_msg_fwl_set_firewall_region_req cfg_set;
	struct tisci_msg_fwl_set_firewall_region_resp fwResp;
	memset(&cfg_set,0x0,sizeof(cfg_set));
	memset(&fwResp,0x0,sizeof(fwResp));
	cfg_set.fwl_id = 11;
	cfg_set.end_address = 0x1234567833300000;
	cfg_set.start_address = 0x1234567833300000;
	cfg_set.control = 0x1a;
	cfg_set.region = 0;
	cfg_set.n_permission_regs = 3;
	cfg_set.permissions[0] = 0xcaff88;
	cfg_set.permissions[1] = 0xcaff88;
	cfg_set.permissions[2] = 0xcaff88;		

	ret = Sciclient_firewallSetRegion(&cfg_set, &fwResp, SCICLIENT_SERVICE_WAIT_FOREVER);


	struct tisci_msg_fwl_get_firewall_region_req cfg_get;
	struct tisci_msg_fwl_get_firewall_region_resp firewallresp;
	memset(&cfg_get,0x0,sizeof(cfg_get));
	memset(&firewallresp,0x0,sizeof(firewallresp));
	cfg_get.fwl_id = 11;
	cfg_get.region = 0;
	cfg_get.n_permission_regs = 3;
	ret = Sciclient_firewallGetRegion(&cfg_get,&firewallresp,SCICLIENT_SERVICE_WAIT_FOREVER);
	if (ret) {
		printf("get region 11 error\n");
	}
	printf("start addr is %llx, end addr is %llx\n",firewallresp.start_address, firewallresp.end_address);


	cfg_get.fwl_id = 4760;
	cfg_get.region = 0;
	cfg_get.n_permission_regs = 3;
	ret = Sciclient_firewallGetRegion(&cfg_get,&firewallresp,SCICLIENT_SERVICE_WAIT_FOREVER);
	if (ret) {
		printf("get region 4760 error\n");
	}
	printf("start addr is %llx, end addr is %llx\n",firewallresp.start_address, firewallresp.end_address);

The result is:

Best regards

Hua hui

During the two reads, we cleared firewallresp through memset, although it was not reflected in the code

Thanks, 

Let's pick one environment, RTOS or Linux, and debug that setup.  Suggest we focus on RTOS.  Can you please provide the code that reflects the test being run for RTOS, including the memset which was not present:

In looking at the definition for the response structure on the get, there is packing involved, which may be effecting your printf:

struct tisci_msg_fwl_get_firewall_region_resp {
    struct tisci_header    hdr;
    uint16_t            fwl_id;
    uint16_t            region;
    uint32_t            n_permission_regs;
    uint32_t            control;
    uint32_t            permissions[FWL_MAX_PRIVID_SLOTS];
    uint64_t        start_address;
    uint64_t        end_address;
} __attribute__((__packed__));

It would be worth looking at the memory that is underlying the structure from the CCS debugger to get a view of the data byte by byte .  Or alternatively by adding a print, that loops over the full response message, and prints off byte values, similar to the below

        uint8_t *bytePtr = &get_resp;

        printf("\n");
        for(int i = 0; i < sizeof(get_resp); i++)
        {
          printf("[%d] = 0x%x\n",i, bytePtr[i]);
        }

Regards,

kb

Hi KB,

Our test code under RTOS is as follows. You should be able to compile it directly for testing (our SDK version is 8.1)

void firewall_test(void)
{
	INT32 ret;
	
	struct tisci_msg_fwl_set_firewall_region_req cfg_set;
	struct tisci_msg_fwl_set_firewall_region_resp fwResp;
	memset(&cfg_set,0x0,sizeof(cfg_set));
	memset(&fwResp,0x0,sizeof(fwResp));
	cfg_set.fwl_id = 11;
	cfg_set.end_address = 0x1234567833300000;
	cfg_set.start_address = 0x1234567833300000;
	cfg_set.control = 0x1a;
	cfg_set.region = 0;
	cfg_set.n_permission_regs = 3;
	cfg_set.permissions[0] = 0xcaff88;
	cfg_set.permissions[1] = 0xcaff88;
	cfg_set.permissions[2] = 0xcaff88;		

	ret = Sciclient_firewallSetRegion(&cfg_set, &fwResp, SCICLIENT_SERVICE_WAIT_FOREVER);
	if (ret) {
		printf("set region %d error\n",cfg_set.fwl_id);
	}

	struct tisci_msg_fwl_get_firewall_region_req cfg_get;
	struct tisci_msg_fwl_get_firewall_region_resp firewallresp;
	memset(&cfg_get,0x0,sizeof(cfg_get));
	memset(&firewallresp,0x0,sizeof(firewallresp));
	cfg_get.fwl_id = 11;
	cfg_get.region = 0;
	cfg_get.n_permission_regs = 3;
	ret = Sciclient_firewallGetRegion(&cfg_get,&firewallresp,SCICLIENT_SERVICE_WAIT_FOREVER);
	if (ret) {
		printf("get region %d error\n",cfg_get.fwl_id);
	}
	printf("region %d start addr is %llx, end addr is %llx\n",cfg_get.fwl_id, firewallresp.start_address, firewallresp.end_address);

	memset(&cfg_get,0x0,sizeof(cfg_get));
	memset(&firewallresp,0x0,sizeof(firewallresp));
	cfg_get.fwl_id = 4760;
	cfg_get.region = 0;
	cfg_get.n_permission_regs = 3;
	ret = Sciclient_firewallGetRegion(&cfg_get,&firewallresp,SCICLIENT_SERVICE_WAIT_FOREVER);
	if (ret) {
		printf("get region %d error\n",cfg_get.fwl_id);
	}
	printf("region %d start addr is %llx, end addr is %llx\n",cfg_get.fwl_id, firewallresp.start_address, firewallresp.end_address);

	return;
}

The running results are as follows. You should also get the following results through your own test

According to the manual, there is no register address exceeding 44 bits, so we guess that only the lower 44 bits are valid. Is this valid for all firewalls?

Best regards

Hua hui