[LEDE-DEV] Fix for uqmi crash when using qmi-via-mbim (--mbim / -m)
Bjørn Mork
bjorn at mork.no
Tue Nov 22 06:07:48 PST 2016
Felix Fietkau <nbd at nbd.name> writes:
> On 2016-11-22 14:10, Mogens Lauridsen wrote:
>> Seems like a better fix, but it doesn't work. uqmi hangs, so I suspect
>> that EM7455 has misunderstood the command. I have removed/replaced the
>> ustream_write(..,..,.., true) and after the changes below it works.
>> I guess it has something to do with the write being split in two.
>> I don't know what the maximum size of buffer should be, so I used:
>> 2048+sizeof(struct mbim_command_message)
> Here's another one that avoid the memcpy that you introduced and merges
> the two packet buffers:
>
> diff --git a/commands.c b/commands.c
> index 869ca7c..04ca238 100644
> --- a/commands.c
> +++ b/commands.c
> @@ -205,8 +205,8 @@ static void uqmi_print_result(struct blob_attr *data)
>
> static bool __uqmi_run_commands(struct qmi_dev *qmi, bool option)
> {
> - static char buf[2048];
> static struct qmi_request req;
> + char *buf = qmi->buf;
> int i;
>
> for (i = 0; i < n_cmds; i++) {
> @@ -227,7 +227,7 @@ static bool __uqmi_run_commands(struct qmi_dev *qmi, bool option)
> }
>
> if (res == QMI_CMD_REQUEST) {
> - qmi_request_start(qmi, &req, (void *) buf, cmds[i].handler->cb);
> + qmi_request_start(qmi, &req, cmds[i].handler->cb);
> req.no_error_cb = true;
> if (qmi_request_wait(qmi, &req)) {
> uqmi_add_error(qmi_get_error_str(req.ret));
> diff --git a/dev.c b/dev.c
> index 9bf7ab2..4bca429 100644
> --- a/dev.c
> +++ b/dev.c
> @@ -37,14 +37,6 @@ static const uint8_t qmi_services[__QMI_SERVICE_LAST] = {
> };
> #undef __qmi_service
>
> -static struct {
> - struct mbim_command_message mbim;
> - union {
> - char buf[512];
> - struct qmi_msg msg;
> - } u;
> -} __packed msgbuf;
> -
> #ifdef DEBUG_PACKET
> void dump_packet(const char *prefix, void *ptr, int len)
> {
> @@ -162,11 +154,12 @@ static void qmi_notify_read(struct ustream *us, int bytes)
> }
> }
>
> -int qmi_request_start(struct qmi_dev *qmi, struct qmi_request *req, struct qmi_msg *msg, request_cb cb)
> +int qmi_request_start(struct qmi_dev *qmi, struct qmi_request *req, request_cb cb)
> {
> + struct qmi_msg *msg = qmi->buf;
> int len = qmi_complete_request_message(msg);
> uint16_t tid;
> - char *buf = (void *) msg;
> + void *buf = (void *) qmi->buf;
>
> memset(req, 0, sizeof(*req));
> req->ret = -1;
> @@ -260,7 +253,7 @@ int qmi_service_connect(struct qmi_dev *qmi, QmiService svc, int client_id)
> };
> struct qmi_connect_request req;
> int idx = qmi_get_service_idx(svc);
> - struct qmi_msg *msg = &msgbuf.u.msg;
> + struct qmi_msg *msg = qmi->buf;
>
> if (idx < 0)
> return -1;
> @@ -270,7 +263,7 @@ int qmi_service_connect(struct qmi_dev *qmi, QmiService svc, int client_id)
>
> if (client_id < 0) {
> qmi_set_ctl_allocate_cid_request(msg, &creq);
> - qmi_request_start(qmi, &req.req, msg, qmi_connect_service_cb);
> + qmi_request_start(qmi, &req.req, qmi_connect_service_cb);
> qmi_request_wait(qmi, &req.req);
>
> if (req.req.ret)
> @@ -299,14 +292,14 @@ static void __qmi_service_disconnect(struct qmi_dev *qmi, int idx)
> )
> };
> struct qmi_request req;
> - struct qmi_msg *msg = &msgbuf.u.msg;
> + struct qmi_msg *msg = qmi->buf;
>
> qmi->service_connected &= ~(1 << idx);
> qmi->service_data[idx].client_id = -1;
> qmi->service_data[idx].tid = 0;
>
> qmi_set_ctl_release_cid_request(msg, &creq);
> - qmi_request_start(qmi, &req, msg, NULL);
> + qmi_request_start(qmi, &req, NULL);
> qmi_request_wait(qmi, &req);
> }
>
> @@ -347,6 +340,13 @@ int qmi_service_get_client_id(struct qmi_dev *qmi, QmiService svc)
>
> int qmi_device_open(struct qmi_dev *qmi, const char *path)
> {
> + static struct {
> + struct mbim_command_message mbim;
> + union {
> + char buf[2048];
> + struct qmi_msg msg;
> + } u;
> + } __packed msgbuf;
> struct ustream *us = &qmi->sf.stream;
> int fd;
>
> @@ -360,6 +360,7 @@ int qmi_device_open(struct qmi_dev *qmi, const char *path)
> ustream_fd_init(&qmi->sf, fd);
> INIT_LIST_HEAD(&qmi->req);
> qmi->ctl_tid = 1;
> + qmi->buf = msgbuf.u.buf;
>
> return 0;
> }
> diff --git a/uqmi.h b/uqmi.h
> index 2999977..dd88151 100644
> --- a/uqmi.h
> +++ b/uqmi.h
> @@ -87,6 +87,7 @@ struct qmi_dev {
> uint32_t service_release_cid;
>
> uint8_t ctl_tid;
> + void *buf;
>
> bool is_mbim;
> };
> @@ -108,7 +109,7 @@ extern bool cancel_all_requests;
> int qmi_device_open(struct qmi_dev *qmi, const char *path);
> void qmi_device_close(struct qmi_dev *qmi);
>
> -int qmi_request_start(struct qmi_dev *qmi, struct qmi_request *req, struct qmi_msg *msg, request_cb cb);
> +int qmi_request_start(struct qmi_dev *qmi, struct qmi_request *req, request_cb cb);
> void qmi_request_cancel(struct qmi_dev *qmi, struct qmi_request *req);
> int qmi_request_wait(struct qmi_dev *qmi, struct qmi_request *req);
>
This version appears to work fine in my quick test:
root at miraculix:/home/bjorn# umbim -d /dev/cdc-wdm0 -n caps
devicetype: 0003 - remote
cellularclass: 0001
voiceclass: 0001 - no-voice
simclass: 0002
dataclass: 003C
smscaps: 0003
controlcaps: 0001
maxsessions: 0008
deviceid: 014582000xxxxxx
firmwareinfo: SWI9X30C_02.20.03.00
hardwareinfo: EM7455
root at miraculix:/home/bjorn# /usr/local/src/git/uqmi/uqmi -m -d /dev/cdc-wdm0 --get-versions
Send packet: 03 00 00 00 3c 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 01 00 00 00 0c 00 00 00 01 0b 00 00 00 00 00 01 21 00 00 00
Received packet: 03 00 00 80 ec 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 00 00 00 00 bc 00 00 00 01 bb 00 80 00 00 01 01 21 00 b0 00 02 04 00 00 00 00 00 01 a6 00 21 00 01 00 05 00 01 01 00 43 00 02 01 00 0e 00 03 01 00 19 00 04 01 00 06 00 05 01 00 0a 00 07 01 00 03 00 08 01 00 02 00 09 02 00 01 00 0a 02 00 18 00 0b 01 00 2d 00 0c 01 00 04 00 0f 01 00 00 00 10 02 00 00 00 11 01 00 00 00 17 01 00 00 00 18 01 00 00 00 1a 01 00 10 00 1d 01 00 01 00 22 01 00 00 00 24 01 00 00 00 29 01 00 00 00 2a 01 00 00 00 2b 01 00 00 00 2e 01 00 00 00 30 01 00 00 00 31 01 00 00 00 36 01 00 00 00 e1 01 00 00 00 f0 01 00 00 00 f3 01 00 00 00 f5 01 00 00 00 f6 01 00 00 00
{
"service_0": "1,5",
"service_1": "1,67",
"service_2": "1,14",
"service_3": "1,25",
"service_4": "1,6",
"service_5": "1,10",
"service_7": "1,3",
"service_8": "1,2",
"service_9": "2,1",
"service_10": "2,24",
"service_11": "1,45",
"service_12": "1,4",
"service_15": "1,0",
"service_16": "2,0",
"service_17": "1,0",
"service_23": "1,0",
"service_24": "1,0",
"service_26": "1,16",
"service_29": "1,1",
"service_34": "1,0",
"service_36": "1,0",
"service_41": "1,0",
"service_42": "1,0",
"service_43": "1,0",
"service_46": "1,0",
"service_48": "1,0",
"service_49": "1,0",
"service_54": "1,0",
"service_225": "1,0",
"service_240": "1,0",
"service_243": "1,0",
"service_245": "1,0",
"service_246": "1,0"
}
root at miraculix:/home/bjorn# /usr/local/src/git/uqmi/uqmi -m -d /dev/cdc-wdm0 --get-signal-info
Send packet: 03 00 00 00 40 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 01 00 00 00 10 00 00 00 01 0f 00 00 00 00 00 01 22 00 04 00 01 01 00 03
Received packet: 03 00 00 80 48 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 00 00 00 00 18 00 00 00 01 17 00 80 00 00 01 01 22 00 0c 00 02 04 00 00 00 00 00 01 02 00 03 04
Send packet: 03 00 00 00 3d 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 01 00 00 00 0d 00 00 00 01 0c 00 00 03 04 00 01 00 4f 00 00 00
Received packet: 03 00 00 80 4d 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 00 00 00 00 1d 00 00 00 01 1c 00 80 03 04 02 01 00 4f 00 10 00 02 04 00 00 00 00 00 14 06 00 de f8 c2 ff ec 00
{
"type": "lte",
"rssi": -34,
"rsrq": -8,
"rsrp": -62,
"snr": 236
}
Send packet: 03 00 00 00 41 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 01 00 00 00 11 00 00 00 01 10 00 00 00 00 00 02 23 00 05 00 01 02 00 03 04
Received packet: 03 00 00 80 48 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 00 00 00 00 18 00 00 00 01 17 00 80 00 00 01 02 23 00 0c 00 02 04 00 00 00 00 00 01 02 00 03 04
Thanks.
Bjørn
More information about the Lede-dev
mailing list