diff options
author | Alec Berg <alecaberg@chromium.org> | 2014-12-12 17:35:14 -0800 |
---|---|---|
committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-12-17 02:12:57 +0000 |
commit | 3c0d9166cf1b1aa35152d3757fbd0566a9cbe6d5 (patch) | |
tree | e20b67fe4a616cab913e1e5a10169fcff1750aef | |
parent | e19f0927be9fc339456e1c589fd41c4f033d135b (diff) | |
download | chrome-ec-3c0d9166cf1b1aa35152d3757fbd0566a9cbe6d5.tar.gz |
host_command: add rate limiter to HCs to prevent EC watchdog
Add a rate limiter to host commands so that a host that is continuously
sending host commands doesn't watchdog the EC.
BUG=chrome-os-partner:33905
BRANCH=samus
TEST=loaded onto samus and tested remote update of zinger 10 times.
also tested EC + PD software sync.
Change-Id: Ia024179c46b2180ee97ea1902de343306142311c
Signed-off-by: Alec Berg <alecaberg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/235530
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
-rw-r--r-- | common/host_command.c | 18 | ||||
-rw-r--r-- | include/config.h | 24 |
2 files changed, 36 insertions, 6 deletions
diff --git a/common/host_command.c b/common/host_command.c index 6a1ab2d6ff..a036c184e6 100644 --- a/common/host_command.c +++ b/common/host_command.c @@ -387,11 +387,16 @@ static void host_command_init(void) void host_command_task(void) { + timestamp_t t0, t1, t_recess; + t_recess.val = 0; + t1.val = 0; + host_command_init(); while (1) { /* Wait for the next command event */ int evt = task_wait_event(-1); + t0 = get_time(); /* Process it */ if ((evt & TASK_EVENT_CMD_PENDING) && pending_args) { @@ -399,6 +404,19 @@ void host_command_task(void) host_command_process(pending_args); host_send_response(pending_args); } + + /* reset rate limiting if we have slept enough */ + if (t0.val - t1.val > CONFIG_HOSTCMD_RATE_LIMITING_MIN_REST) + t_recess = t0; + + t1 = get_time(); + /* + * rate limiting : check how long we have gone without a + * significant interruption to avoid DoS from host + */ + if (t1.val - t_recess.val > CONFIG_HOSTCMD_RATE_LIMITING_PERIOD) + /* Short recess */ + usleep(CONFIG_HOSTCMD_RATE_LIMITING_RECESS); } } diff --git a/include/config.h b/include/config.h index ac936f61ba..463d1b2d1c 100644 --- a/include/config.h +++ b/include/config.h @@ -627,12 +627,6 @@ */ #undef CONFIG_HOST_COMMAND_STATUS -/* - * For ECs where the host command interface is I2C, slave - * address which the EC will respond to. - */ -#undef CONFIG_HOSTCMD_I2C_SLAVE_ADDR - /* If we have host command task, assume we also are using host events. */ #ifdef HAS_TASK_HOSTCMD #define CONFIG_HOSTCMD_EVENTS @@ -640,6 +634,24 @@ #undef CONFIG_HOSTCMD_EVENTS #endif +/* + * For ECs where the host command interface is I2C, slave + * address which the EC will respond to. + */ +#undef CONFIG_HOSTCMD_I2C_SLAVE_ADDR + +/* + * Host command rate limiting assures EC will have time to process lower + * priority tasks even if the AP is hammering the EC with host commands. + * If there is less than CONFIG_HOSTCMD_RATE_LIMITING_MIN_REST between + * host commands for CONFIG_HOSTCMD_RATE_LIMITING_PERIOD, then a + * recess period of CONFIG_HOSTCMD_RATE_LIMITING_RECESS will be + * enforced. + */ +#define CONFIG_HOSTCMD_RATE_LIMITING_PERIOD (500 * MSEC) +#define CONFIG_HOSTCMD_RATE_LIMITING_MIN_REST (3 * MSEC) +#define CONFIG_HOSTCMD_RATE_LIMITING_RECESS (20 * MSEC) + /*****************************************************************************/ /* Enable debugging and profiling statistics for hook functions */ |