Logger abi check #3195
Logger abi check #3195
Conversation
ktrzcinx
requested review from
akloniex,
bkokoszx,
dbaluta,
jajanusz,
lbetlej,
lgirdwood,
mmaka1,
plbossart,
RanderWang,
tlauda,
xiulipan and
a team
as code owners
ktrzcinx
force-pushed
the
logger-abi-check
branch
from
6f1940f to
c26188e
Compare
src/include/ipc/info.h
Outdated
| @@ -54,9 +54,10 @@ struct sof_ipc_fw_version { | |||
| uint8_t time[10]; | |||
| uint8_t tag[6]; | |||
| uint32_t abi_version; | |||
| uint32_t fw_hash; /* used to check FW and ldc file compatibility */ | |||
There was a problem hiding this comment.
how is this different from git version hash ?
There was a problem hiding this comment.
SOF_TAG refer git commit hash, changed after each commit, so I can edit file without commit, what wouldn't change SOF_TAG but will break ldc file compatibility. fw_hash will change value after each edit of any file tracked in git (answer for following question).
There was a problem hiding this comment.
ok, so this need to be made clear in the comments alongside it's reproducability.
src/init/ext_manifest.c
Outdated
| @@ -32,6 +32,7 @@ const struct ext_man_fw_version ext_man_fw_ver | |||
| #endif | |||
| .tag = SOF_TAG, | |||
| .abi_version = SOF_ABI_VERSION, | |||
| .fw_hash = SOF_FW_HASH, | |||
There was a problem hiding this comment.
Is this reproducible - i.e are you hashing any generated files that could differ for different users.
ktrzcinx
force-pushed
the
logger-abi-check
branch
3 times, most recently
from
3fc12c6 to
01a61d0
Compare
There was a problem hiding this comment.
'SOF_TAG' refer git commit hash, changed after each commit, so I can edit file without commit, what wouldn't change 'SOF_TAG' but will break ldc file compatibility. 'fw_hash' will change value after each edit of any file tracked in git (answer for following question).
@ktrzcinx if you want to track uncommitted changes, then this isn't sufficient either. You can add (without committing) a new `#include' to a .c or .h file and then change that new header and since it isn't known to git, it won't be hashed. Maybe you need to get a file list from the compiler? This will then include any system headers used, but that shouldn't be harmful either.
scripts/cmake/version.cmake
Outdated
| @@ -59,6 +59,27 @@ if(NOT SOF_TAG) | |||
| set(SOF_TAG 0) | |||
| endif() | |||
|
|
|||
| # list tracked files from src directory | |||
| execute_process(COMMAND git ls-files src/* | |||
There was a problem hiding this comment.
is this any different from just git ls-files stc?
There was a problem hiding this comment.
I didn't notice any difference in results, I used src/* to indicate that I want files from some directory. Updated to version with src.
ktrzcinx
force-pushed
the
logger-abi-check
branch
2 times, most recently
from
43a7391 to
1e210cf
Compare
I'm little afraid that hashing system headers may impact hash reproducability - user with different toolchain version perhaps calculate different hash version, what's not an issue with my approach (because only hashing sof-git-tracked files). Described scenario with `#include' to a .c or .h file actually can be made, but it's quite rare scenario. Please remember, it's not security check, it's rather to warn about outdated / incapatible ldc file usage. |
ktrzcinx
force-pushed
the
logger-abi-check
branch
from
1e210cf to
dcc2db0
Compare
tools/logger/convert.c
Outdated
| SOF_ABI_VERSION_MINOR(SOF_ABI_DBG_VERSION), | ||
| SOF_ABI_VERSION_PATCH(SOF_ABI_DBG_VERSION)); | ||
| /* compare firmware hash value from version file and ldc file */ | ||
| if (ver.fw_hash != snd->version.fw_hash) { |
There was a problem hiding this comment.
Should the verification be mandatory now, as it is more reliable (-e assumed when reading live trace and -v assumed when reading from a file)?
There was a problem hiding this comment.
It sounds good for me, maybe then some flag, e.g. -E should be added to force running without compatibility check. It sound like something for separate PR
|
@ktrzcinx posted an interesting example but github seems to have lost it. Here it is again: - tr_info(dev, "Some value %d", a);
+ tr_info(dev, "Some value %d", b);
tr_info(dev, "Some _different_ value B %d", b);
Nice fallback on the git hash, smart.
Very good point, I didn't know this.
Great, I think this would make a big difference.
You're really making this look much more complicated than it would be.
SMEX is already the tool that creates the dictionary in the first place!?!
None of that. CMake can hash the dictionary with one-line. |
|
SOFCI TEST |
|
SOFCI TEST |
|
@slawblauciak CI seems to have stalled - I'll rerun it again. |
|
SOFCI TEST |
1 similar comment
|
SOFCI TEST |
|
@lgirdwood looks like we passed all the required checks, good to merge now? |
|
@slawblauciak I'm seeing SCHEDULER CI failure. Can you confirm with @zrombel we are good. |
|
@lgirdwood already have, it's not relevant |
|
A number of comments at #3195 (comment) had no answer. This broke the build, fixed in PR #3322 Now running "make" prints this obscure warning every time: Looking at the source code points a possible reason which... doesn't seem to apply to me. |
| ) | ||
| string(SUBSTRING ${SOF_FW_HASH_LONG} 0 8 SOF_FW_HASH) | ||
| message(STATUS "Firmware content hash: ${SOF_FW_HASH}") | ||
|
|
There was a problem hiding this comment.
Easy to change later but you could move all the temp files to some new build_dir/source_hash/ subdirectory instead.
I don't think CMake builds should ever delete any temporary file because:
- Temporary files are useful to understand and debug the build. I very often browse or
grep -rthe build directory for that purpose. Then I can git grep the filenames and find the corresponding CMakeLists.txt source very quickly. - With out-of-source builds there's no "pollution" concern anymore.
| message(STATUS "Source content hash: ${SOF_SRC_HASH}") | ||
| else() | ||
| set(SOF_SRC_HASH ${GIT_LOG_HASH}) | ||
| message(WARNING "Source content hash can't be calculated, use GIT_LOG_HASH") |
There was a problem hiding this comment.
message(WARNING "Source content hash not computed without git, _using_ GIT_LOG_HASH" instead)
"Use" is imperative mood.
|
I just filed #3890
|
|
With (even more) hindsight, the most obvious failure of this design is CONFIG_TRACEV. See #3890 |
Fixes commit 6c14e76 ("trace: Log FW ABI and hash numbers"). In June 2020, PR thesofproject#3195 added a tr_info() "banner" immediately after to make sure tracing works. That commit included a likely misunderstood trace_flush() call immediately after the tr_info(). The very poorly named trace_flush() function sounds like earlier scheduling of something that would the same later anyway but that's absolutely not what it does. Instead it copies pending DMA traces to the shared mailbox. This was most likely why the FW ABI banner is randomly duplicated in the etrace from time to time, see for instance: https://sof-ci.01.org/linuxpr/PR2954/build5823/devicetest/?model=BYT_MB_NOCODEC&testcase=test-speaker https://sof-ci.01.org/softestpr/PR666/build721/devicetest/?model=TGLH_RVP_HDA&testcase=check-sof-logger Note this test failure is unrelated. For now this CI does not read etrace unless there's a failure. In August 2020, commit 67a0a69 ("trace: Trace initial message as error logs") upgraded this banner from tr_info() to tr_err(). That made sure it gets to both the mailbox and the DMA trace but it didn't remove the trace_flush(). Remove it now. Signed-off-by: Marc Herbert <[email protected]>
Pure rename, zero functional change. The very poorly named trace_flush() function sounds like earlier scheduling of something that would the same later anyway but that's absolutely not what it does. Instead it copies pending DMA traces to the shared mailbox. As an example, in June 2020, PR thesofproject#3195 commit 6c14e76 ("trace: Log FW ABI and hash numbers") added a tr_info() "banner" immediately after to make sure tracing works. That included a likely misunderstood trace_flush() call immediately after the tr_info(). Signed-off-by: Marc Herbert <[email protected]>
Fixes commit 6c14e76 ("trace: Log FW ABI and hash numbers"). In June 2020, PR #3195 added a tr_info() "banner" immediately after to make sure tracing works. That commit included a likely misunderstood trace_flush() call immediately after the tr_info(). The very poorly named trace_flush() function sounds like earlier scheduling of something that would the same later anyway but that's absolutely not what it does. Instead it copies pending DMA traces to the shared mailbox. This was most likely why the FW ABI banner is randomly duplicated in the etrace from time to time, see for instance: https://sof-ci.01.org/linuxpr/PR2954/build5823/devicetest/?model=BYT_MB_NOCODEC&testcase=test-speaker https://sof-ci.01.org/softestpr/PR666/build721/devicetest/?model=TGLH_RVP_HDA&testcase=check-sof-logger Note this test failure is unrelated. For now this CI does not read etrace unless there's a failure. In August 2020, commit 67a0a69 ("trace: Trace initial message as error logs") upgraded this banner from tr_info() to tr_err(). That made sure it gets to both the mailbox and the DMA trace but it didn't remove the trace_flush(). Remove it now. Signed-off-by: Marc Herbert <[email protected]>
Pure rename, zero functional change. The very poorly named trace_flush() function sounds like earlier scheduling of something that would the same later anyway but that's absolutely not what it does. Instead it copies pending DMA traces to the shared mailbox. As an example, in June 2020, PR #3195 commit 6c14e76 ("trace: Log FW ABI and hash numbers") added a tr_info() "banner" immediately after to make sure tracing works. That included a likely misunderstood trace_flush() call immediately after the tr_info(). Signed-off-by: Marc Herbert <[email protected]>
| @@ -335,6 +338,11 @@ int dma_trace_enable(struct dma_trace_data *d) | |||
| d->enabled = 1; | |||
| schedule_task(&d->dmat_work, DMA_TRACE_PERIOD, DMA_TRACE_PERIOD); | |||
|
|
|||
| /* it should be the very first sent log for easily identification */ | |||
| tr_info(&dt_tr, "FW ABI 0x%x DBG ABI 0x%x tag " SOF_GIT_TAG " src hash 0x%x (ldc hash " META_QUOTE(SOF_SRC_HASH) ")", | |||
| SOF_ABI_VERSION, SOF_ABI_DBG_VERSION, SOF_SRC_HASH); | |||
There was a problem hiding this comment.
@ktrzcinx do you remember why you put both META_QUOTE(SOF_SRC_HASH) and %x SOF_SRC_HASH here? Do they ever look different from each other?
There was a problem hiding this comment.
They differ in case of using incompatible .ldc file, it's because META_QUOTE(SOF_SRC_HASH) comes from used .ldc file and SOF_SRC_HASH is .ri buildin variable.
There was a problem hiding this comment.
Thanks @ktrzcinx !
Do they ever look different from each other?
Answering that part of my own question: they do but only when forcing sof-logger to use an incompatible .ldc file with the -n option. META_QUOTE(SOF_SRC_HASH) is in the format string which is in the .ldc file and not in the firmware binary
|
This |
Compatibility between fw and ldc file is checked in logger tool before logs convertion.
This mechanism was comparing
sof_ipc_fw_version->abi_versionsaved in ldc file andin
fw_readymessage, but in ldc this field is filled with DBG_ABI and infw_readywithABI,so it wasn't working at all. Moreover FW and LDC file must mach exactly, so comparing
ABIversion is too generous approach, it's much better to calculate fw hash for comparison.
The best would be to calculate executable binary hash and save it back to binary file and to ldc file,
then for example changing unlinked code, or comment in source code won't break ldc and firmware compatibility.
But this approach needs quite complex edition of output executable file or double compilation.
Much simpler approach is to hash source code before compilation and save this value in separate file,
then each whitespace has impact on FW hash, but it's shouldn't be real problem. In this approach
git tools can be used to calculate this value, so there no need for any new external tool.
See: #3243
Extracted from discussion: