[LEDE-DEV] Fix for uqmi crash when using qmi-via-mbim (--mbim / -m)

Mogens Lauridsen mlauridsen at gmail.com
Tue Nov 22 06:15:54 PST 2016 

Yes, it also works on my target!

Thanks.

On Tue, Nov 22, 2016 at 3:07 PM, Bjørn Mork <bjorn at mork.no> wrote:
> Felix Fietkau <nbd at nbd.name> writes:
>
>> On 2016-11-22 14:10, Mogens Lauridsen wrote:
>>> Seems like a better fix, but it doesn't work. uqmi hangs, so I suspect
>>> that EM7455 has misunderstood the command. I have removed/replaced the
>>> ustream_write(..,..,.., true) and after the changes below it works.
>>> I guess it has something to do with the write being split in two.
>>> I don't know what the maximum size of buffer should be, so I used:
>>> 2048+sizeof(struct mbim_command_message)
>> Here's another one that avoid the memcpy that you introduced and merges
>> the two packet buffers:
>>
>> diff --git a/commands.c b/commands.c
>> index 869ca7c..04ca238 100644
>> --- a/commands.c
>> +++ b/commands.c
>> @@ -205,8 +205,8 @@ static void uqmi_print_result(struct blob_attr *data)
>>
>>  static bool __uqmi_run_commands(struct qmi_dev *qmi, bool option)
>>  {
>> -     static char buf[2048];
>>       static struct qmi_request req;
>> +     char *buf = qmi->buf;
>>       int i;
>>
>>       for (i = 0; i < n_cmds; i++) {
>> @@ -227,7 +227,7 @@ static bool __uqmi_run_commands(struct qmi_dev *qmi, bool option)
>>               }
>>
>>               if (res == QMI_CMD_REQUEST) {
>> -                     qmi_request_start(qmi, &req, (void *) buf, cmds[i].handler->cb);
>> +                     qmi_request_start(qmi, &req, cmds[i].handler->cb);
>>                       req.no_error_cb = true;
>>                       if (qmi_request_wait(qmi, &req)) {
>>                               uqmi_add_error(qmi_get_error_str(req.ret));
>> diff --git a/dev.c b/dev.c
>> index 9bf7ab2..4bca429 100644
>> --- a/dev.c
>> +++ b/dev.c
>> @@ -37,14 +37,6 @@ static const uint8_t qmi_services[__QMI_SERVICE_LAST] = {
>>  };
>>  #undef __qmi_service
>>
>> -static struct {
>> -     struct mbim_command_message mbim;
>> -     union {
>> -             char buf[512];
>> -             struct qmi_msg msg;
>> -     } u;
>> -} __packed msgbuf;
>> -
>>  #ifdef DEBUG_PACKET
>>  void dump_packet(const char *prefix, void *ptr, int len)
>>  {
>> @@ -162,11 +154,12 @@ static void qmi_notify_read(struct ustream *us, int bytes)
>>       }
>>  }
>>
>> -int qmi_request_start(struct qmi_dev *qmi, struct qmi_request *req, struct qmi_msg *msg, request_cb cb)
>> +int qmi_request_start(struct qmi_dev *qmi, struct qmi_request *req, request_cb cb)
>>  {
>> +     struct qmi_msg *msg = qmi->buf;
>>       int len = qmi_complete_request_message(msg);
>>       uint16_t tid;
>> -     char *buf = (void *) msg;
>> +     void *buf = (void *) qmi->buf;
>>
>>       memset(req, 0, sizeof(*req));
>>       req->ret = -1;
>> @@ -260,7 +253,7 @@ int qmi_service_connect(struct qmi_dev *qmi, QmiService svc, int client_id)
>>       };
>>       struct qmi_connect_request req;
>>       int idx = qmi_get_service_idx(svc);
>> -     struct qmi_msg *msg = &msgbuf.u.msg;
>> +     struct qmi_msg *msg = qmi->buf;
>>
>>       if (idx < 0)
>>               return -1;
>> @@ -270,7 +263,7 @@ int qmi_service_connect(struct qmi_dev *qmi, QmiService svc, int client_id)
>>
>>       if (client_id < 0) {
>>               qmi_set_ctl_allocate_cid_request(msg, &creq);
>> -             qmi_request_start(qmi, &req.req, msg, qmi_connect_service_cb);
>> +             qmi_request_start(qmi, &req.req, qmi_connect_service_cb);
>>               qmi_request_wait(qmi, &req.req);
>>
>>               if (req.req.ret)
>> @@ -299,14 +292,14 @@ static void __qmi_service_disconnect(struct qmi_dev *qmi, int idx)
>>               )
>>       };
>>       struct qmi_request req;
>> -     struct qmi_msg *msg = &msgbuf.u.msg;
>> +     struct qmi_msg *msg = qmi->buf;
>>
>>       qmi->service_connected &= ~(1 << idx);
>>       qmi->service_data[idx].client_id = -1;
>>       qmi->service_data[idx].tid = 0;
>>
>>       qmi_set_ctl_release_cid_request(msg, &creq);
>> -     qmi_request_start(qmi, &req, msg, NULL);
>> +     qmi_request_start(qmi, &req, NULL);
>>       qmi_request_wait(qmi, &req);
>>  }
>>
>> @@ -347,6 +340,13 @@ int qmi_service_get_client_id(struct qmi_dev *qmi, QmiService svc)
>>
>>  int qmi_device_open(struct qmi_dev *qmi, const char *path)
>>  {
>> +     static struct {
>> +             struct mbim_command_message mbim;
>> +             union {
>> +                     char buf[2048];
>> +                     struct qmi_msg msg;
>> +             } u;
>> +     } __packed msgbuf;
>>       struct ustream *us = &qmi->sf.stream;
>>       int fd;
>>
>> @@ -360,6 +360,7 @@ int qmi_device_open(struct qmi_dev *qmi, const char *path)
>>       ustream_fd_init(&qmi->sf, fd);
>>       INIT_LIST_HEAD(&qmi->req);
>>       qmi->ctl_tid = 1;
>> +     qmi->buf = msgbuf.u.buf;
>>
>>       return 0;
>>  }
>> diff --git a/uqmi.h b/uqmi.h
>> index 2999977..dd88151 100644
>> --- a/uqmi.h
>> +++ b/uqmi.h
>> @@ -87,6 +87,7 @@ struct qmi_dev {
>>       uint32_t service_release_cid;
>>
>>       uint8_t ctl_tid;
>> +     void *buf;
>>
>>       bool is_mbim;
>>  };
>> @@ -108,7 +109,7 @@ extern bool cancel_all_requests;
>>  int qmi_device_open(struct qmi_dev *qmi, const char *path);
>>  void qmi_device_close(struct qmi_dev *qmi);
>>
>> -int qmi_request_start(struct qmi_dev *qmi, struct qmi_request *req, struct qmi_msg *msg, request_cb cb);
>> +int qmi_request_start(struct qmi_dev *qmi, struct qmi_request *req, request_cb cb);
>>  void qmi_request_cancel(struct qmi_dev *qmi, struct qmi_request *req);
>>  int qmi_request_wait(struct qmi_dev *qmi, struct qmi_request *req);
>>
>
>
> This version appears to work fine in my quick test:
>
>
>
> root at miraculix:/home/bjorn# umbim -d /dev/cdc-wdm0 -n caps
>   devicetype: 0003 - remote
>   cellularclass: 0001
>   voiceclass: 0001 - no-voice
>   simclass: 0002
>   dataclass: 003C
>   smscaps: 0003
>   controlcaps: 0001
>   maxsessions: 0008
>   deviceid: 014582000xxxxxx
>   firmwareinfo: SWI9X30C_02.20.03.00
>   hardwareinfo: EM7455
> root at miraculix:/home/bjorn# /usr/local/src/git/uqmi/uqmi -m -d /dev/cdc-wdm0   --get-versions
> Send packet: 03 00 00 00 3c 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 01 00 00 00 0c 00 00 00 01 0b 00 00 00 00 00 01 21 00 00 00
> Received packet: 03 00 00 80 ec 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 00 00 00 00 bc 00 00 00 01 bb 00 80 00 00 01 01 21 00 b0 00 02 04 00 00 00 00 00 01 a6 00 21 00 01 00 05 00 01 01 00 43 00 02 01 00 0e 00 03 01 00 19 00 04 01 00 06 00 05 01 00 0a 00 07 01 00 03 00 08 01 00 02 00 09 02 00 01 00 0a 02 00 18 00 0b 01 00 2d 00 0c 01 00 04 00 0f 01 00 00 00 10 02 00 00 00 11 01 00 00 00 17 01 00 00 00 18 01 00 00 00 1a 01 00 10 00 1d 01 00 01 00 22 01 00 00 00 24 01 00 00 00 29 01 00 00 00 2a 01 00 00 00 2b 01 00 00 00 2e 01 00 00 00 30 01 00 00 00 31 01 00 00 00 36 01 00 00 00 e1 01 00 00 00 f0 01 00 00 00 f3 01 00 00 00 f5 01 00 00 00 f6 01 00 00 00
> {
>         "service_0": "1,5",
>         "service_1": "1,67",
>         "service_2": "1,14",
>         "service_3": "1,25",
>         "service_4": "1,6",
>         "service_5": "1,10",
>         "service_7": "1,3",
>         "service_8": "1,2",
>         "service_9": "2,1",
>         "service_10": "2,24",
>         "service_11": "1,45",
>         "service_12": "1,4",
>         "service_15": "1,0",
>         "service_16": "2,0",
>         "service_17": "1,0",
>         "service_23": "1,0",
>         "service_24": "1,0",
>         "service_26": "1,16",
>         "service_29": "1,1",
>         "service_34": "1,0",
>         "service_36": "1,0",
>         "service_41": "1,0",
>         "service_42": "1,0",
>         "service_43": "1,0",
>         "service_46": "1,0",
>         "service_48": "1,0",
>         "service_49": "1,0",
>         "service_54": "1,0",
>         "service_225": "1,0",
>         "service_240": "1,0",
>         "service_243": "1,0",
>         "service_245": "1,0",
>         "service_246": "1,0"
> }
> root at miraculix:/home/bjorn# /usr/local/src/git/uqmi/uqmi -m -d /dev/cdc-wdm0   --get-signal-info
> Send packet: 03 00 00 00 40 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 01 00 00 00 10 00 00 00 01 0f 00 00 00 00 00 01 22 00 04 00 01 01 00 03
> Received packet: 03 00 00 80 48 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 00 00 00 00 18 00 00 00 01 17 00 80 00 00 01 01 22 00 0c 00 02 04 00 00 00 00 00 01 02 00 03 04
> Send packet: 03 00 00 00 3d 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 01 00 00 00 0d 00 00 00 01 0c 00 00 03 04 00 01 00 4f 00 00 00
> Received packet: 03 00 00 80 4d 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 00 00 00 00 1d 00 00 00 01 1c 00 80 03 04 02 01 00 4f 00 10 00 02 04 00 00 00 00 00 14 06 00 de f8 c2 ff ec 00
> {
>         "type": "lte",
>         "rssi": -34,
>         "rsrq": -8,
>         "rsrp": -62,
>         "snr": 236
> }
> Send packet: 03 00 00 00 41 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 01 00 00 00 11 00 00 00 01 10 00 00 00 00 00 02 23 00 05 00 01 02 00 03 04
> Received packet: 03 00 00 80 48 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 00 00 00 00 18 00 00 00 01 17 00 80 00 00 01 02 23 00 0c 00 02 04 00 00 00 00 00 01 02 00 03 04
>
>
> Thanks.
>
>
>
> Bjørn

More information about the Lede-dev mailing list