Commit Graph

1085 Commits

Author SHA1 Message Date
Harald Welte 575acd9b03 simtrace2_api: Fix transmission of SIMTRACE_CMD_BD_BOARD_INFO
Prior to this commit we didn't pass the pointer to the slot when
requesting board_info.

Change-Id: Ib99e7c0a96f7738480ca68ed2c144c1756a5f11b
2023-10-20 10:09:34 +02:00
Harald Welte f22a615158 WIP: hack simtrace2-tool for USB testing of rp2040 firmware
Command used for continuous cycles of board_info messages:

./simtrace2-tool -V 1d50 -P aaaa -C 1 -I 0 -S 0 generic board-info

Change-Id: I577a0266b68c8161b9eaec653c3c7d17d320faaf
2023-10-20 10:07:24 +02:00
Harald Welte 4a8ec296fa WIP: generic board-info
Change-Id: I0642269c924a0abe464a64c004681f507f14bc92
2023-09-14 18:36:32 +02:00
Harald Welte 73a8ef31f1 firmware/sniffer: Handle USART BREAK condition
Let's count + report BREAK conditions (all-zero bits + parity + stop

Change-Id: Idefb552fc9878ca6c88a9bf8bf1c0ced668c5c04
2023-09-14 18:36:32 +02:00
Harald Welte 95c85b6f0c firmware/sniffer: Add performance/error counters
Let's add some counters for number of bytes/tpdu/pps/atr/reset
as well as for all the various error conditions from USART through
ring buffer and TPDU buffer overflows, timeouts, ...

Change-Id: Ic679664191259d321ad1f1829d5568fe0b297f39
2023-09-14 18:36:32 +02:00
Harald Welte a8d13dea9b HACK: Solve weird problem wih lost OUT transfer on ping-pong endpoint
This adds an unconditional endpoint reset procedure to every SET_FEATURE(UnHalt).

It doesn't really make sense that this is required, *particularly* as
we *MUST NOT* set bEndpoint->bank to 0 here.

Without this patch, I'm observing the following problem:

Every first OUT transfer after a SET_INTERFACE + UNHALT on a bulk endpoint
is lost. "lost" means that it completes successfully on the host, can
be seen completing successfully with an ACK on a USB bus analyzer,
but still doesn't show up in the firmware.  No Endpoint Interrupt
is generated.

This can be reproduced by calling libusb_set_interface_alt_setting()
from the host and then submitting a single OUT transfer.

Related: OS#5770
Change-Id: I18ed530e617baddf76e8f9829512443ce2a76e0d
2023-09-14 18:36:32 +02:00
Oliver Smith e6e77399d6 firmware/Makefile: don't use distribution's CFLAGS
Set CFLAGS on top of the Makefile, to avoid using the distribution's
default CFLAGS. In debian testing and unstable, -fcf-protection was
recently added to the default CFLAGS, but it cannot be used with the
cross compiler:

  [COMPILING libosmocore/source/backtrace.c]
  cc1: error: '-fcf-protection=full' is not supported for this target
  make[2]: *** [Makefile:270: obj/simtrace/flash_backtrace.o] Error 1

Change-Id: I5f7cd0402f9bb85dd600204fdf8855773ddbeb70
2023-09-13 15:33:48 +00:00
Philipp Maier 1f77d673e2 simtrace2-cardem-pcsc: mark reset events in GSMTAP trace
At the moment only APDUs are logged to GSMTAP. It is not uncommon that a
card is resetted by the UE multiple times during normal operation. When
the trace lacks the reset events (ATR) it becomes difficult to follow in
which state the card actually is. Let't mark reset events by sending the
ATR via GSMTAP (like simtrace2_sniff already does it)

Related: OS#6094
Change-Id: I6b4d82b6ee369c95eeca8f7d59478452395fbe54
2023-07-21 13:03:38 +02:00
Harald Welte da078c090b Fix unchecked return value of osmo_libusb_init()
Fixes: CID#307501: Unchecked return value (CHECKED_RETURN)
Change-Id: Ic1f600dfd44d15da165a17d84f0faab6f6fd69c3
2023-07-18 15:04:24 +02:00
Oliver Smith 968d0b94f6 contrib/jenkins: tweak shell logic
Move the logic down to where make gets called, so we don't need the
variable. Print whether we use CLANG or GCC.

Don't put /opt/llvm-arm/bin infront of PATH unless building with CLANG.
Right now it doesn't seem to have e.g. an override for gcc, but the
files in that path may change when we update

Related: OS#6026
Change-Id: Id768e0dbed9265f042b942e6699683723ca40a7c
2023-05-16 10:13:30 +02:00
Eric Wild 749dcdc277 fw: only build the bl with clang
-Oz breaks cardem, so just build the bootloader with clang.

Closes: OS#6026
Change-Id: Idb9e9a024fb8bfec28ff479c254ea73be0c8ef82
2023-05-15 16:37:35 +02:00
Oliver Smith f52b8b1a2e debian: set compat level to 10
Set --no-parallel, as in v10 debhelper defaults to parallel building.
This is apparently not supported by simtrace2's Makefile, it leads to
multiple non-trivial build errors. In contrib/ we also don't
build multiple firmwares in parallel.

Related: OS#5958
Change-Id: I49fcc4fe9d3e795f8c3514d35ff3e2beca2917d1
2023-04-26 11:33:51 +02:00
Oliver Smith 68b072bcc8 debian/rules: remove override_dh_autoreconf
The Makefile already runs autoreconf -fi in the "utils" target:

  	(cd host && \
  	 autoreconf -fi && \
  	 ./configure --prefix=/usr --disable-werror && \

The override is not useful, as it leads to debhelper running autoreconf
as well, but without running ./configure and make in the host directory
afterwards. So autoreconf just runs twice.

I've also considered to change debian/rules to only run the "fw"
target, and not the "utils" target of the Makefile. But that only makes
it more complex, as debhelper would then need to run make twice, once in
the root directory (as "make fw"), and once in the host directory. We
would need to add several lines to debian/rules to do effectively the
same thing.

Make this change now, as "cd host && dh_autoreconf" doesn't work with
debhelper compat level v10 anymore (--sourcedir could be used instead,
but as mentioned above, it's not useful).

Related: OS#5958
Change-Id: I12f379b4ec2de6adc86557d89319ab1d04ed5e73
2023-04-26 11:33:43 +02:00
Oliver Smith 6778c3f46e Cosmetic: fix CI errors
* Fix UTF-8 encoding. This caused the endianness check to fail, which
  reads all .c and .h files.

* Add .checkpatch.conf to skip linting for:

Change-Id: Ibb2e42e9b4307275a33e4000c201847a6bd60137
2023-04-25 17:53:11 +02:00
Eric Wild 773d314142 contrib/ : build and publish combined targets
This makes production a bit easier.

Related: OS#5722
Change-Id: I32f9a0213aaefa50232a3d8dc2e7a4f2f44dbae1
2022-11-22 21:54:26 +00:00
Harald Welte 0c8cb51849 firmware/sniffer: Enable interrupts for overrun/parity/frame errors
We so far didn't have interrupts enabled for those, and just caught
them "by accident" if a byte was received or if a timeout happened.

Let's explicitly enable those interrupts so we also catch those
conditions by themselves.

Change-Id: Ia27f537706b9a6252dd18175545c6f27a7d17d0e
2022-11-19 09:02:23 +00:00
Harald Welte 89da837c23 firmware/sniffer: introduce #define for interrupt enable flags
Change-Id: Id4bc720a1db31b4433ff7b10d7a57d0ddb7d7180
2022-11-19 09:02:23 +00:00
Harald Welte 67a6d5724c firmware/sniffer: Handle WT timeouts via ring-buffer
Before this patch, all UART characters went through a fifo/ringbuffer
of depth 512, while events like timeout were delivered directly via
a global flags variable from ISR to main code.  This means that one or
more correct/complete TPDUs could theoretically still be in the FIFO,
but the "Fast path" of the timeout handling is pre-empting that and
messing with the state machines.

All events from the UART should be delivered via the ring-buffer to make
sure they arrive in order at the main function.

The old "report timeout via change flags in separate USB message" code
is left in place.  On the USB protocol we should keep it for
compatibility.  Internally we should probably also migrate that over
to the new ring-buffer method in a second step.

Change-Id: I4434c6fcd59d1a425e9ded734bbc8b0411a0a0d8
2022-11-19 09:02:23 +00:00
Harald Welte 61394cde29 firmware/sniffer: Pass PARITY/OVERRUN/FRAMING error via ringbuffer
those kind of errors should be passed to the main loop for further
processing, in-order together with the byte stream received from the

Change-Id: Iebd9bbc97c2a5a0c402e7a2711520299a1ade568
2022-11-19 09:02:23 +00:00
Harald Welte 92c44c572e firmware/sniffer: Add + use 16bit ringbuffer
So far, we use a uint8_t ring buffer as "FIFO" between USART Rx
interrupt and main context.  That's fine for expressing the bytes we
receive.  However, if we also want to report USART errors synchronously
in that stream, we actually need more bits to express those.

Reporting USART errors via the ring buffer is the only way how the
sniffer code can know in which TPDU the error occurred.  Reporting them
any other way (global variable, ...) would loose the timing relationship
where in the received stream the error occurred.

This change just changes the ringbuffer from 1024-entry 8bit to
512-entry 16bit and doesn't add any error reporting.

Change-Id: Ifde054fbfe7f753b61e7d3409c56eca6e0faeb4b
2022-11-19 09:02:23 +00:00
Harald Welte 4237c99fa2 firmware/sniffer: Disable TIMEOUT interrupts in USART IER on exit
Not critical (we disable the USART interrupts in NVIC anyway), but
if Sniffer_init() enables this flag, it's good style for Sniffer_exit()
to disable it.

Change-Id: I92e16a160d60fcab33c81e0cf074088b9f20b9ae
2022-11-19 09:02:23 +00:00
Harald Welte 3812317fba firmware/sniffer: Rename global variable 'wt' to 'g_wt'
It's a bad idea to have a two-character global variable which might
easily clash with local variable names.

Change-Id: Ic2fac64129d2772a1923f35e48582be3b130a0f2
2022-11-19 09:02:23 +00:00
Harald Welte c472e33320 firmware/sniffer: Log cause of WT change
Change-Id: I14245c0ca96a258146e48bb9909efd9f8150f5ac
2022-11-19 09:02:23 +00:00
Harald Welte 716fe6cefa firmware/sniffer: Group global variables in structs
This is a purely cosmetic change that groups PPS, TPDU and ATR related
global variables into structs.  The structs get g_ prefixes to indicate
a global variable.  This avoids confusion between very short/generic
variable names that might clash with local variables.

Change-Id: I3e02f6c6b063ebc860b7a2a54dfc6051f1ea584f
2022-11-19 09:02:23 +00:00
Harald Welte 432c7b5058 firmware/sniffer: Make all global variables 'static'
None of those variables are used outside sniffer.c, so they can all be

Change-Id: I8946acb6189d5ade57214295f0ba87f0608bad92
2022-11-19 09:02:23 +00:00
Harald Welte db1e37b93b firmware/sniffer: Fix programming error in PPS
process_byte_pps() would never enter the error path in which the
first byte would be != 0xff.  However, the caller already verified
this before calling process_byte_pps() so the error path should
never be hit anyway.

Change-Id: Ia74b6338219a6965e6bd35a6efcf369890e02d81
2022-11-19 09:02:23 +00:00
Harald Welte cc295f6945 firmware/sniffer: Avoid extra call for rbuf_is_full
rbuf_write() will tell us in the return value if the buffer was full
(error) or not (success).  Let's use that return value rather than a
theoretically race-y call to rbuf_is_full() before.

It's theoretical as the write happens from IRQ context and the read from
normal process context, so the fill-level cannot really change while
we're in the USART interrupt.  So it doesn't fix a bug, just improves
coding style and also avoids an extra function call + irq-disable/re-enable.

Change-Id: Icf570d0aa48d67a19e63c6e2b6caa14438fe88e3
2022-11-19 09:02:23 +00:00
Harald Welte 4836f23fa3 firmware/sniffer: Log old and new state in ISO7816-3 state changes
Change-Id: Iddb460cc2ad02c11a74de10dab127bb14cee9605
2022-11-19 09:02:23 +00:00
Harald Welte c343995b2d firmware/sniffer: refactor setting TPDU state
In low-level debugging it might be useful to trace the TPDU state
changes, so let's factor-out the state-setting as a function that
can be amended with printf() or GPIO toggles or the like.

No logical change is introduced here, just assignments replaced with
calling a function that does the assignment. compiler should inline

Change-Id: Ie61321404f3686234c61c68a07d6cb9f5830ddc1
2022-11-19 09:02:23 +00:00
Harald Welte 0190e45305 firmware/sniffer: Log parity errors, just like overruns and framing errors
Reading of code + datasheet showed that we did enable parity checking
but never actually checked if the USART has the PARE bit in CSR set.

Let's change that.  Plus also avoid possible race conditions due to
multiple status resets via US_CR_RSTSTA.  Let's only reset that once
per interrupt handler.

TODO: actually do something useful at that point.  We currently don't
report those to the host, nor do we attempt to recover in any way.  The
data sheet also doesn't tell us what it actually does in such
situations; it appears the character is *not* returned from the USART,
so we're missing one byte in the stream at that point.

Change-Id: I5f012d86c61a2377d355396e7b95d078952bee7c
Related: OS#5464
2022-11-19 09:02:23 +00:00
Eric Wild cfab7c00ce conrtrib/upload : upload elf files
Due to popular demand people want elf files that can be loaded to get
debug symbols, so publish the elf file, but not the stub-less bin file.

This elf file can ONLY be used to look up symbols, it should NOT be
"load"ed into flash, because the preceding crc stub has to match. Mixing
older crc stubs that are still in flash and newer elf files means the
device will end up in DFU mode upon reset.

Change-Id: Ifceb16d385388356ac1bf8b13f5df62c643bebf8
2022-11-16 10:48:29 +00:00
Harald Welte 5523faf61f firmware/sniffer: Fix copy+paste when logging invalid INS bytes
Change-Id: I2679415f1853d4b4a33fca33791fb0bfc6908a1b
2022-11-15 21:19:26 +01:00
James Tavares 5f651e510f Fix missing generation of waiting-time-extension in some situations
In the function set_tpdu_state(), there is a missing transition to
WAIT_TX state. This is fine if you are coming from the WAIT_PB state,
which has already restarted the waiting timer via
card_emu_uart_update_wt(), but if you are coming from the WAIT_RX
state, then card_emu_uart_update_wt() is never called and the USART
timer is never restarted.  (Because the transmitter is left enabled in
WAIT_RX, the response is still sent to the modem; it is just the
half-wait timeouts that are missing).

Change-Id: Ib4eb964c073192e8f067004625af818ba2caf003
2022-11-14 19:57:41 +00:00
James Tavares 6eb5e8b602 main: rotor: erase immediately after send
- improves trace diagnostic output by moving cursor back over the
the rotor before a diagnostic message has a chance to be printed.
there is still a race condition, but it is much better.

Change-Id: Iad7767f2a5dbbd67b0f33b9bfc2c3864ce308990
2022-11-13 22:07:48 -05:00
Harald Welte 2b175c9545 cosmetic: Fix compile-time #error message string typo
Change-Id: Ibf304751f8debe8567bed1614e62b60cf33ec092
2022-11-11 22:32:13 +01:00
Oliver Smith 139d517bc1 contrib/ set USE_CLANG=1
As the bootloader goes beyond partition size in modern gcc, use clang

Depends: docker-playground Ib82a53fa7edc62d21e772efbb9b2c049d1b50c4d
Related: OS#5260
Change-Id: I2aa2e20e75e334560dbe1f6db9fd1491873ff91f
2022-10-13 13:03:20 +02:00
Harald Welte a5d537973d cardem: reset the uC in case of USB disconnect
This fixes the firmware USB interface somehow getting stuck
after a USB disconnect/reconnect without power cycle.

Right now there are a number of things we only execute the first time we
reach USBD_STATE_CONFIGURED, but not at any subsequent such event.

It's also rather clear that this doesn't really show in simtrace2 as it
is bus-powered. And it doesn't show on OWHW as we don't have any USB
unplug situations of the USB between the on-board traces of USB host and
SAM3S.  So this really only is relevant to QMOD.

A cheap and dirty work-around is to simply reset the entire uC every
time a USB unplug happens.

Change-Id: I6678bb2192c1419ed388b46c4ae7aa1ce18dc7ee
Related: OS#5578
2022-07-25 20:00:54 +02:00
Vadim Yanitskiy fdfb02418f host/cardem: fix integer overflow in process_do_rx_da()
osmo_apdu_segment_in() may return a negative number on receipt of
"unknown APDU case", and that would crash simtrace2-cardem-pcsc:

  msgb(0x55d2cf7aa8a0): Not enough tailroom msgb_put
    (allocated 920, head at 0, len 7, tailroom 1017 < want tailroom 65534)
  backtrace() returned 19 addresses

Whenever osmo_apdu_segment_in() fails to recognize an APDU, the
communication is broken, because we don't know if we should continue
transmitting or receiving.  Only a successful return value by would
allow us to know this.  Do not crash, exit() gracefully.

Change-Id: I9e97b955a28ec886a429d744f9316e7e71be4481
Related: OS#5600
2022-07-11 16:30:47 +07:00
Harald Welte e4503232eb update git URLs (git -> https; gitea)
Change-Id: Ifcc942c265edc983214e4efc0bc93ee8bd1b55f4
2022-06-17 21:06:45 +00:00
Harald Welte 9088ca86ff simtrace2-cardem-pcsc.c: Send APDUs via GSMTAP
Previously, only simtrace2-sniff generated GSMTAP protocol traces.

Let's add the same functionality to simtrace2-cardem-pcsc.

Change-Id: Iba6adf41b480d127bf11ee361c66d80fe8296313
Closes: OS#5494
2022-04-05 17:29:20 +00:00
James Tavares ff434e4f12 firmware: bugfix: disable cardemu comms in local SIM mode
This change prevents contention on the ISO7816 bus by disabling the card emulation state machine when the SIM switch is in the local mode. Without this change, the card emulation firmware can clobber ISO7816 communications and cause contention with certain (but not all) SIM cards.

- Add 'enabled' flag to cardemu instance that is set/cleared by usb_command_sim_select() (the only place where sim switch occurs).
- Flag is initialized as false (disabled) by default, to match local SIM mode default.
- When card emulation is disabled, force SIM VCC to be "OFF",  SIM RESET as "not in RESET", and drop bytes bytes received on the ISO7816 interface (but do service buffers).

Change-Id: I4010f988712eac4a6af8568ccd60062f9de62449
2022-03-11 18:36:06 +00:00
Alexander Couzens 2ceba0fdc4 firmware: usb: call USBD_HAL_DISCONNECT while usb init to recover from resets
The firmware doesn't recover from a OSMO_ASSERT() which direct reset the board.
After the reset the firmware will waits forever for the USBD state USBD_STATE_CONFIGURED.
By adding the explicit USBD_HAL_DISCONNECT the board always recovers.

Fixes: OS#5478
Related: SYS#5752
Change-Id: I600a26025166d20b6b27c191f24e4023efdaadf6
2022-03-09 07:21:01 +00:00
Harald Welte 755387ee31 Reduce bInterval of interrupt endpoints to avoid interrupt misses
Particularly the VCC/RST/CLK changes can happen quite frequent, and
we were seeing quite a number of overflows of the usb_buf queue for EP06
(interrupt endpoint) in cardem.

I first tried increasing the maximum queue size to up to 10, but that
still didn't resolve those EP06 overflow error log messages.

Reducing the bInterval from 16 to 1 made them go away in all my

Change-Id: I5c272c31983de7201cfbd445c4484f6832d878ab
2022-03-03 19:06:09 +01:00
Harald Welte c3f366b55e contrib/simtrace.lua: Add Flag bits + Data to COL_INFO
this provides an esy way to understand more without looking at the
detailed decode for each packet.

Change-Id: I0aa3d68172022907fbe8371aaca6538df0649dfe
2022-03-03 18:04:45 +00:00
Harald Welte b01dc91c0b simtrace2-cardem-pcsc: continue in case of LIBUSB_TRANSFER_ERROR
Sometimes I get LIBUSB_TRANSFER_ERROR particularly when the USB bus
is very busy.  We shouldn't terminate the program, but simply resubmit
it.  That's what we have multiple transfers for...

Change-Id: I77d7bc636c21171fcff7e70e87c0109cbaee9b51
2022-03-03 17:48:14 +01:00
Harald Welte 5cc3add0b0 simtrace2-cardem-pcsc: Fix copy+paste error in log message
Change-Id: I98e4356900a22f69d0ff262cb112194b1e11d4af
2022-03-03 17:48:14 +01:00
Harald Welte ca62121c19 host: Don't pass -1 (converted to 255) as address
We initialize a local variable to -1, and if the user specifies
no address from the command line, we use this in the interface match
struct, which uses a uint8_t.  This means 255 ends up in there, and
as a result no usb interface ever matches unless the user explicitly
specifies the -A command line argument.

With this patch any absent -A argument will result in ifm.addr == 0,
which means "don't match on address", and which is what we want here.

Change-Id: Iffb5fa406ddef00c7c15570ffca2c109b98d7a2d
2022-03-03 17:48:14 +01:00
Harald Welte 8b52b44f1b simtrace2-cardem-pcsc: Detect card power-up without RESET
In some readers (at least CardMan 3121), the simtrace2-cardem firmware
claims there are power-up sequences where RESET is released before VCC
becomes active.  Let's detect such spec-incompliant power-up sequences
and use them to trigger a cold reset of the card.

Change-Id: I682ac3d0c2b98749a6ed44f9a73e4b39354a4284
Closes: OS#5421
2022-03-03 15:27:35 +01:00
Harald Welte 71ac54d7bf simtrace2-cardem-pcsc: Move all logging into libosmocore
* drop log statements that are already in libosmo-simtrace2
* don't printf directly, but go via LOGCI
* make LOGCI use libosmocore logging
* configure libosmocore logging in a 'convenient' way

Change-Id: I6fa0da966e6d8e723c187404c17e90cfb3f3dd9f
2022-03-03 15:27:34 +01:00
Harald Welte ab5b2ffe1d simtrace2-cardem-pcsc: rename 'flags' to 'status_flags'
there are other flags in the simtrace/cardem protocol...

Change-Id: I6362936c642e7abf4c501b4526a1654a25afedfe
2022-03-03 15:27:15 +01:00