Fix the wrong address usage #204
Conversation
xiaoxiang781216
force-pushed
the
fix-addr
branch
5 times, most recently
from
8398029 to
41f4f4a
Compare
|
@arnopo @edmooring this patch series don't allocate the address between 0-1023 like kernel side. Also fix a potential bug that NS adress(0x35) will be allocated accidentally if user has more than 53 active channels. |
xiaoxiang781216
force-pushed
the
fix-addr
branch
2 times, most recently
from
3eba159 to
d93e093
Compare
There was a problem hiding this comment.
Following commits fix some issue:
c310169
fbcf487
=> could you send them in a separate PR?
The other patches break the legacy and to be accepted we need justifications that the library can not work properly without them. In this case an approach that consists in extending the exiting API should be privileged.
lib/include/openamp/rpmsg.h
Outdated
| const char *name, | ||
| uint32_t src, uint32_t dest, | ||
| rpmsg_ept_cb cb, | ||
| rpmsg_ns_unbind_cb ns_unbind_cb); |
There was a problem hiding this comment.
Here you also break the API.
Please keep in mind that it is a library so this is used my several third party applications.
That's means that we have to preserve the existing API as much as possible, even if it is not always perfect...
There was a problem hiding this comment.
But I can't understand how the user can call the old API without problem: the user can't receive any callback without calling rpmsg_register_endpoint. It isn't only perfect but is wrong! rpmsg_init_ept is designed for the well known server, right? I suppose that all well known server can send/receive message immediately after calling this API, but it is impossible without this patch. even worse the user can't call rpmsg_register_endpoint by self because it is declared in a private header file.
There was a problem hiding this comment.
But I can't understand how the user can call the old API without problem: the user can't receive any callback without calling rpmsg_register_endpoint.
Yes it is the normal behavior. you have to register callback for communication.
It isn't only perfect but is wrong! rpmsg_init_ept is designed for the well known server, right? I suppose that all well known server can send/receive message immediately after calling this API, but it is impossible without this patch. even worse the user can't call rpmsg_register_endpoint by self because it is declared in a private header file.
No, rpmsg_init_ept is designed to initialize the ept structure before registering it. But i agree that something is
not good here.
The normal API for end point management is rpmsg_create_ept. I can not see a reason why rpmsg_init_ept is exposed. For me this function should be declared in rpmsg_internal.h.
Any reason that you need to use it, instead of rpmsg_create_ept?
There was a problem hiding this comment.
But I can't understand how the user can call the old API without problem: the user can't receive any callback without calling rpmsg_register_endpoint.
Yes it is the normal behavior. you have to register callback for communication.
But could you tell me how we can register callback if rpmsg_register_endpoint is declared in lib/rpmsg/rpmsg_internal.h?
It isn't only perfect but is wrong! rpmsg_init_ept is designed for the well known server, right? I suppose that all well known server can send/receive message immediately after calling this API, but it is impossible without this patch. even worse the user can't call rpmsg_register_endpoint by self because it is declared in a private header file.
No, rpmsg_init_ept is designed to initialize the ept structure before registering it. But i agree that something is
rpmsg_create_ept initilize all rpmsg_endpoint's fields, why need we call rpmsg_init_ept before that? Does it make sense to initialize the same fields twice?
not good here.
The normal API for end point management is rpmsg_create_ept. I can not see a reason why rpmsg_init_ept is exposed. For me this function should be declared in rpmsg_internal.h.
Any reason that you need to use it, instead of rpmsg_create_ept?
From my interception it's better to:
1.call rpmsg_init_ept for the well known service(both src/dest is fixed) and skip all NS interaction
2.call rpmsg_create_ept for the dynamic serice(either src/dest is any) and utilize NS to find the peer
There was a problem hiding this comment.
From my interception it's better to:
1.call rpmsg_init_ept for the well known service(both src/dest is fixed) and skip all NS interaction
2.call rpmsg_create_ept for the dynamic serice(either src/dest is any) and utilize NS to find the peer
In both case rpmsg_create_ept have to be called, this is what has been implemented since the 2018.10 release. This function handles fixed and non fixed addresses, NS is sent only if destination address is set to RPMSG_ADDR_ANY.
That's why rpmsg_register_endpoint is not exposed as API and why rpmsg_init_ept should probably not be exposed.
There was a problem hiding this comment.
Anyway I just want to make OpenAMP API design become better. If you refuse my change for rpmsg_init_ept I am fine, I will drop in the next update, but for other bug fix
There was a problem hiding this comment.
I don't think that this point is close. I'm agree with you there is something wrong with rpmsg_init_ept. This is for me a case where we have probably to fix the API.
Firsdt of all i would understand why you propose to duplicate the endpoint API by updating rpmsg_init_ept instead of using rpmsg_create_ept? Any usecase that you can not support using rpmsg_create_ept?
There was a problem hiding this comment.
"NS" channel is created by rpmsg_init_ept, so it's natural to use it for all well known service. Anyway, rpmsg_init_ept in the current form is broken at least as a public API.
lib/include/openamp/rpmsg.h
Outdated
| data, len, true); | ||
| metal_sleep_usec(RPMSG_TICKS_PER_INTERVAL); | ||
| } | ||
|
|
There was a problem hiding this comment.
This patch add an additional check on each send.
Then what's happen if case of timeout in your application? you have another loop to try?
Could you explain the rational of this?
i don't see here a real need except for NS_ACK, and only to try to simplify the application code.
And you mention in previous commit: rpmsg_send_offchannel_raw already checks the destination address
There was a problem hiding this comment.
This patch add an additional check on each send.
Then what's happen if case of timeout in your application? you have another loop to try?
No, this loop will wait for 15 seconds, I don't think that more wait can help here.
Could you explain the rational of this?
The patch is designed work with: #160
the caller can do:
rpmsg_create_ept
rpmsg_send
just like the socket API.
i don't see here a real need except for NS_ACK, and only to try to simplify the application code.
It also work with your favor solution(the dummy server message). Sometime, it's very natual that the client need send the initial message to server just after the channel get created. Without this patch, you have to wait the sever send the first dummy back which make the code more complex than needed. And become impossible if the two phase handshake done inside the rpmsg except we provide the new callback to user.
And you mention in previous commit: rpmsg_send_offchannel_raw already checks the destination address
Yes, but rpmsg_send_offchannel_raw return failure without the retry logic.
There was a problem hiding this comment.
This add useless extra code for each message sent using rpmsg_send for one use case related to #160. Without the NS ack, the end point call back can be use tfor the synchro.
i see here more const than advantage to handle a timeout in the rpmsg_send than in application.
There was a problem hiding this comment.
The desgin is following the same principle inside rpmsg_virtio_send_offchannel_raw loop:
static int rpmsg_virtio_send_offchannel_raw(struct rpmsg_device *rdev,
uint32_t src, uint32_t dst,
const void *data,
int size, int wait)
{
...
if (wait)
tick_count = RPMSG_TICK_COUNT / RPMSG_TICKS_PER_INTERVAL;
else
tick_count = 0;
while (1) {
...
buffer = rpmsg_virtio_get_tx_buffer(rvdev, &buff_len, &idx);
metal_mutex_release(&rdev->lock);
if (buffer || !tick_count)
break;
if (avail_size != 0)
return RPMSG_ERR_BUFF_SIZE;
metal_sleep_usec(RPMSG_TICKS_PER_INTERVAL);
tick_count--;
}
Does this mean that we shold drop the above loop too? From the design, rpmsg_send should block and wait the resource available, only rpmsg_try_send can return fail directly wihtout wait.
There was a problem hiding this comment.
The desgin is following the same principle inside rpmsg_virtio_send_offchannel_raw loop:
static int rpmsg_virtio_send_offchannel_raw(struct rpmsg_device *rdev, uint32_t src, uint32_t dst, const void *data, int size, int wait) { ... if (wait) tick_count = RPMSG_TICK_COUNT / RPMSG_TICKS_PER_INTERVAL; else tick_count = 0; while (1) { ... buffer = rpmsg_virtio_get_tx_buffer(rvdev, &buff_len, &idx); metal_mutex_release(&rdev->lock); if (buffer || !tick_count) break; if (avail_size != 0) return RPMSG_ERR_BUFF_SIZE; metal_sleep_usec(RPMSG_TICKS_PER_INTERVAL); tick_count--; }Does this mean that we shold drop the above loop too? From the design, rpmsg_send should block and wait the resource available, only rpmsg_try_send can return fail directly wihtout wait.
No, the loop has to be kept here, blocking fro rpmsg_send, not blocking for rpmsg_try_send ( same behavior than Linux API).
There was a problem hiding this comment.
If so, why you consider my patch useless? It also handle the case where the resouce unavailable temporarily.
There was a problem hiding this comment.
Simply because you have the API to do this in application, so i don't see a strong reason to integrate it in rpmsg_send.
There was a problem hiding this comment.
If so, we just need provide rpmsg_try_send I don't see any reason to add rpmsg_send which is very easy to implement on top of rpmsg_try_send. As I said before, it's a common issue all people will hit immediately after he/she create a rpmsg endpoint proactively. The library need provide a solution to help people mitigate the problem, instead let user find the touch bug and repeat the code again and again.
There was a problem hiding this comment.
If so, we just need provide rpmsg_try_send I don't see any reason to add rpmsg_send which is very easy to implement on top of rpmsg_try_send.
rpmsg_try_send returns an error if no TX buffer available, rpmsg_send is blocked waiting a TX_buffer. No relation chip with your usecase
As I said before, it's a common issue all people will hit immediately after he/she create a rpmsg endpoint proactively. The library need provide a solution to help people mitigate the problem, instead let user find the touch bug and repeat the code again and again.
As rpmsg_send returns an error if remote address is not defined it is more a bug in application that does not treat error and /or does not use is_rpmsg_ept_ready as show in examples.
So the issue here seems more the use of the API than the API itself.
If user code is inspirated from the examples they should use is_rpmsg_ept_ready.
But If you have implemented the NS ack for your customer you probably also increases this bad usage, by masking the rpmsg current protocol.
the solution to help user seems more the documentation or example.
There was a problem hiding this comment.
If you search examples folder, all client side has this code:
/* Create RPMsg endpoint */
ret = rpmsg_create_ept(&lept, rdev, RPMSG_SERVICE_NAME,
RPMSG_ADDR_ANY, RPMSG_ADDR_ANY,
rpmsg_endpoint_cb, rpmsg_service_unbind);
if (ret) {
LPERROR("Failed to create RPMsg endpoint.\r\n");
return ret;
}
while (!is_rpmsg_ept_ready(&lept))
platform_poll(priv);
As OpenAMP maintainer, do you have any responsbility to improve this situation in the next release? I don't think the code like this can survive in Linux kernel. Actually from my point, this patch is just the first step, the next is:
1.Ensure all system under libmetal/lib/lib implement conditon
2.Replace all poll loop(this and rpmsg_virtio_send_offchannel_raw) with the event trigger just like Linux kernel.
apps/examples/echo/rpmsg-echo.c
Outdated
| @@ -58,7 +58,7 @@ int app(struct rpmsg_device *rdev, void *priv) | |||
| LPRINTF("Try to create rpmsg endpoint.\r\n"); | |||
|
|
|||
| ret = rpmsg_create_ept(&lept, rdev, RPMSG_SERVICE_NAME, | |||
| 0, RPMSG_ADDR_ANY, rpmsg_endpoint_cb, | |||
| 1024, RPMSG_ADDR_ANY, rpmsg_endpoint_cb, | |||
There was a problem hiding this comment.
if you have to update the example you break the legacy.
Could you explain the rational? reserve memory from 0 to 1023 is a design choice for Linux. Today i don't see any reason to prohibit these addresses for OpenAMP, only 0x35 is reserved.
So to have a stable API i would prefer not integrate this commit if it is not an absolute necessity.
There was a problem hiding this comment.
if you have to update the example you break the legacy.
Yes, because the example use the reserved address which encourage people use these special address without any thought.
Could you explain the rational? reserve memory from 0 to 1023 is a design choice for Linux. Today i don't see any reason to prohibit these addresses for OpenAMP, only 0x35 is reserved.
From the original design, this region is reserved for the well known service. Both side(Linux and RTOS) need follow the convention: any private protocol shouldn't use the port inside this region to keep the compatibility. The reserved port may allocate to the well know service in the furture. How can you handle this case in the compability way once it happen?
So to have a stable API i would prefer not integrate this commit if it is not an absolute necessity.
But API implementation is wrong, we should fix the wrong behaviour as early as we can. The compability isn't a good reason to keep the bad behaviour and encourage the people do the wrong thing.
There was a problem hiding this comment.
From the original design, this region is reserved for the well known service. Both side(Linux and RTOS) need follow the convention: any private protocol shouldn't use the port inside this region to keep the compatibility. The reserved port may allocate to the well know service in the furture. How can you handle this case in the compability way once it happen?
Could you point me in OpenAMP original design that implement this convention, i had a look in 2018.04 release, addresses 0 to 1024 seems not forbidden?
And on Linux side seems more a design choice, that something inposed by the protocol :
/*
- Local addresses are dynamically allocated on-demand.
- We do not dynamically assign addresses from the low 1024 range,
- in order to reserve that address range for predefined services.
*/
I never saw anything that impose to not use these addresses in documentation...
And because predefined address can be set calling endpoint creation, OpenAMP design choice is to not forbid these address.
There was a problem hiding this comment.
From the original design, this region is reserved for the well known service. Both side(Linux and RTOS) need follow the convention: any private protocol shouldn't use the port inside this region to keep the compatibility. The reserved port may allocate to the well know service in the furture. How can you handle this case in the compability way once it happen?
What I mean the original desgin is the Linux Kernel implemenation. It's the golden reference implemntation and other implmenation should follow it's convention except you have a reasonable justification.
There was a problem hiding this comment.
This is you opinion...
Another paradigm could be that we respect the Linux convention as Linux does not complain about the remote OpenAMP address...
Anyway I think the good place to continue this discussion is the OpenAMP-RP meeting.
It is an interesting topic to discuss to have more opinions on this topic.
@edmooring, any opinion on this?
There was a problem hiding this comment.
One day, if Linux kernel decide to assgin the additional number in this region to some new well known service, your program will stop working suddenly. the code can work today, doesn't mean that it's implmentation is right.
Actually, the bug is already in the code base now, if you create the channel more than 0x35, you wil hit the brick. In the furture, you will hit more brick:)
lib/include/openamp/rpmsg.h
Outdated
| return (ept->dest_addr != RPMSG_ADDR_ANY) && | ||
| (ept->addr != RPMSG_ADDR_ANY); | ||
| return ept && ept->rdev && ept->dest_addr && | ||
| ept->dest_addr != RPMSG_ADDR_ANY; |
There was a problem hiding this comment.
Same remark here, this break the legacy
There was a problem hiding this comment.
If the demo code want to use 1-1023, the code should call rpmsg_init_ept instead. Here is a summary what I understand:
1.Well known service call rpmsg_init_ept with address inside 1-1023
2.The secondary endpoint call rpmsg_init_ept with address >= 1024( exchange the port through some method)
3.Other service call rpmsg_create_ept with address >= 1024
4.It's prefer to call rpmsg_create_ept with RPMSG_ADDR_ANY(~0)
From my point, the quality of example code is very pool because it demo the bad practice:
1.Use the reserved address
2.Use the fixed address
It's better to correct the demo code to remove the bad usage.
There was a problem hiding this comment.
Right use RPMSG_ADDR_ANY for the source address in demo is a best usage than fixing the endpoint. But we have to support both. So a good compromize would be to update only a part of the demos. For instance the echo demo.
There was a problem hiding this comment.
I will provide a patch change ALL 0 to RPMSG_ADDR_ANY.
There was a problem hiding this comment.
Here is the PR:
#207
Here is the PR:
|
lib/include/openamp/rpmsg.h
Outdated
| data, len, true); | ||
| metal_sleep_usec(RPMSG_TICKS_PER_INTERVAL); | ||
| } | ||
|
|
There was a problem hiding this comment.
This add useless extra code for each message sent using rpmsg_send for one use case related to #160. Without the NS ack, the end point call back can be use tfor the synchro.
i see here more const than advantage to handle a timeout in the rpmsg_send than in application.
apps/examples/echo/rpmsg-echo.c
Outdated
| @@ -58,7 +58,7 @@ int app(struct rpmsg_device *rdev, void *priv) | |||
| LPRINTF("Try to create rpmsg endpoint.\r\n"); | |||
|
|
|||
| ret = rpmsg_create_ept(&lept, rdev, RPMSG_SERVICE_NAME, | |||
| 0, RPMSG_ADDR_ANY, rpmsg_endpoint_cb, | |||
| 1024, RPMSG_ADDR_ANY, rpmsg_endpoint_cb, | |||
There was a problem hiding this comment.
From the original design, this region is reserved for the well known service. Both side(Linux and RTOS) need follow the convention: any private protocol shouldn't use the port inside this region to keep the compatibility. The reserved port may allocate to the well know service in the furture. How can you handle this case in the compability way once it happen?
Could you point me in OpenAMP original design that implement this convention, i had a look in 2018.04 release, addresses 0 to 1024 seems not forbidden?
And on Linux side seems more a design choice, that something inposed by the protocol :
/*
- Local addresses are dynamically allocated on-demand.
- We do not dynamically assign addresses from the low 1024 range,
- in order to reserve that address range for predefined services.
*/
I never saw anything that impose to not use these addresses in documentation...
And because predefined address can be set calling endpoint creation, OpenAMP design choice is to not forbid these address.
lib/include/openamp/rpmsg.h
Outdated
| const char *name, | ||
| uint32_t src, uint32_t dest, | ||
| rpmsg_ept_cb cb, | ||
| rpmsg_ns_unbind_cb ns_unbind_cb); |
There was a problem hiding this comment.
But I can't understand how the user can call the old API without problem: the user can't receive any callback without calling rpmsg_register_endpoint.
Yes it is the normal behavior. you have to register callback for communication.
It isn't only perfect but is wrong! rpmsg_init_ept is designed for the well known server, right? I suppose that all well known server can send/receive message immediately after calling this API, but it is impossible without this patch. even worse the user can't call rpmsg_register_endpoint by self because it is declared in a private header file.
No, rpmsg_init_ept is designed to initialize the ept structure before registering it. But i agree that something is
not good here.
The normal API for end point management is rpmsg_create_ept. I can not see a reason why rpmsg_init_ept is exposed. For me this function should be declared in rpmsg_internal.h.
Any reason that you need to use it, instead of rpmsg_create_ept?
lib/include/openamp/rpmsg.h
Outdated
| return (ept->dest_addr != RPMSG_ADDR_ANY) && | ||
| (ept->addr != RPMSG_ADDR_ANY); | ||
| return ept && ept->rdev && ept->dest_addr && | ||
| ept->dest_addr != RPMSG_ADDR_ANY; |
There was a problem hiding this comment.
Right use RPMSG_ADDR_ANY for the source address in demo is a best usage than fixing the endpoint. But we have to support both. So a good compromize would be to update only a part of the demos. For instance the echo demo.
This patch will be merged when both myself and @edmooring have approved them Then this PR is coming unreadable as there are several feature in one PR, so many parallel discussion.. Would be nice to have one PR per feature. Here is a sum-up of my current vision on the 3 mains points discussed:
|
Ok, once #207, #206 and #205 merge, I will split the PR into serveral one.
Since rpmsg is the protocol between the different OS, it is no reason to break the protocol without any justification. Do you think htat it's good decision OpenAMP will stop working just because the rpmsg community define new standard service or some vendor want to define the private well known service?
Ok, it's better to vote on the meeting.
The loop already exist in all example now, but NS ack feature isn't mereged yet, so why you think that this patch link to that feature? This patch can move the loop to common place and allow the furture optimation more easlier.
Yes, this is a solution. But could you think about why all examples select the busy loop method? If you try to convert an example which require the client to send the message immediately after the endpoint get created, you can understand
Hi, this patch is a step to address this issue. If you let's caller add the loop by them self, how you can resolve the problem in the furture? Sleeping inside the loop contribute the latency, the best method is to use the condition(wait/signal).
|
xiaoxiang781216
force-pushed
the
fix-addr
branch
5 times, most recently
from
2a42a87 to
5e9a288
Compare
|
@arnopo and @edmooring I create the new PR for the controversial patch: |
lib/include/openamp/rpmsg.h
Outdated
| { | ||
| return ept && ept->rdev && ept->dest_addr != RPMSG_ADDR_ANY; | ||
| } | ||
|
|
There was a problem hiding this comment.
Please could you not move the position of the declaration in file, that a diff show that you only update the return test here.
There was a problem hiding this comment.
Ok, I will split the movement to another patch
There was a problem hiding this comment.
For this series , it is sufficient to put the function back to its original place that the diff shows that only the condition as been reworked.
Then LGTM for the rest of the series
There was a problem hiding this comment.
You can view the individual patches in commits tab or git log, there isn't real difference. But, I want to keep the patchset as small as possible:
https://github.com/apache/incubator-nuttx/tree/master/openamp
There was a problem hiding this comment.
Sorry, forget my previous comment. I didn't realize you just moved the function here now.
Today, there is a real interest in doing it, I would drop it here and add it a series with a real need.
There was a problem hiding this comment.
Since you are arguing to add poll inside rpmsg_send, I prefer to merge this simple patch first, so the downstream project can redue the patch need to apply even the poll patch can't upstream.
There was a problem hiding this comment.
Doing this we will simplify your downstream but perhaps impact another one... Not a good practice, if we accept this one, then we would have to accept future patches from another platform that could not match with your expectation.
And regarding https://github.com/apache/incubator-nuttx/blob/master/openamp/0004-rpmsg-wait-ept-ready-in-rpmsg_send.patch seems to me that it is minor in term of impact in your downstream.
There was a problem hiding this comment.
But, can you please tell me what will impact by this patch? And it is also good thing to put the simple inline function at the begining like other header files:
https://github.com/OpenAMP/open-amp/blob/master/lib/include/openamp/remoteproc.h#L432-L448
https://github.com/OpenAMP/open-amp/blob/master/lib/include/openamp/rpmsg_virtio.h#L65-L110
There was a problem hiding this comment.
As explained in my previous comment, this commit seems appears to be for your convenience only. Do I accept it to simplify your patches on top of OpenAMP and potentially impact some other platforms which would have to rework their own patch on top of OpenAMP because this one introduce a conflict? I can not find here a good reason to do this as it does not answer to a real need.
lib/include/openamp/rpmsg.h
Outdated
| { | ||
| return ept && ept->rdev && ept->dest_addr != RPMSG_ADDR_ANY; | ||
| } | ||
|
|
There was a problem hiding this comment.
Sorry, forget my previous comment. I didn't realize you just moved the function here now.
Today, there is a real interest in doing it, I would drop it here and add it a series with a real need.
to simplify the work in the furture Signed-off-by: Xiang Xiao <[email protected]>
like what is done inside rpmsg_destroy_ept Signed-off-by: Xiang Xiao <[email protected]>
so is_rpmsg_ept_ready can check the validity more easier Signed-off-by: Xiang Xiao <[email protected]>
xiaoxiang781216
force-pushed
the
fix-addr
branch
2 times, most recently
from
cef1a02 to
f5aa98f
Compare
No description provided.