diff options
-rw-r--r-- | board/samus/board.h | 1 | ||||
-rw-r--r-- | board/samus_pd/board.c | 6 | ||||
-rw-r--r-- | common/host_command_pd.c | 20 | ||||
-rw-r--r-- | include/config.h | 3 | ||||
-rw-r--r-- | include/ec_commands.h | 4 | ||||
-rw-r--r-- | include/software_panic.h | 1 |
6 files changed, 34 insertions, 1 deletions
diff --git a/board/samus/board.h b/board/samus/board.h index 05bb3c6961..dc70ca9b34 100644 --- a/board/samus/board.h +++ b/board/samus/board.h @@ -60,6 +60,7 @@ #define CONFIG_HIBERNATE_DELAY_SEC (3600 * 24 * 7) #define CONFIG_HIBERNATE_BATT_PCT 10 #define CONFIG_HIBERNATE_BATT_SEC (3600 * 24) +#define CONFIG_HOSTCMD_PD_PANIC #define CONFIG_PECI_TJMAX 105 #define CONFIG_PWM #define CONFIG_PWM_KBLIGHT diff --git a/board/samus_pd/board.c b/board/samus_pd/board.c index 942a0092cd..e25693599c 100644 --- a/board/samus_pd/board.c +++ b/board/samus_pd/board.c @@ -471,6 +471,12 @@ static void board_init(void) /* Initialize active charge port to none */ pd_status.active_charge_port = CHARGE_PORT_NONE; + /* Set PD MCU system status bits */ + if (system_jumped_to_this_image()) + pd_status.status |= PD_STATUS_JUMPED_TO_IMAGE; + if (system_get_image_copy() == SYSTEM_IMAGE_RW) + pd_status.status |= PD_STATUS_IN_RW; + /* * Do not enable PD communication in RO as a security measure. * We don't want to allow communication to outside world until diff --git a/common/host_command_pd.c b/common/host_command_pd.c index ca315c574f..140c71ea4e 100644 --- a/common/host_command_pd.c +++ b/common/host_command_pd.c @@ -10,6 +10,8 @@ #include "console.h" #include "host_command.h" #include "lightbar.h" +#include "panic.h" +#include "system.h" #include "task.h" #include "timer.h" #include "util.h" @@ -43,6 +45,9 @@ static void pd_exchange_status(void) struct ec_params_pd_status ec_status; struct ec_response_pd_status pd_status; int rv = 0; +#ifdef CONFIG_HOSTCMD_PD_PANIC + static int pd_in_rw; +#endif /* Send PD charge state and battery state of charge */ ec_status.charge_state = charge_state; @@ -66,6 +71,21 @@ static void pd_exchange_status(void) return; } +#ifdef CONFIG_HOSTCMD_PD_PANIC + /* + * Check if PD MCU is in RW. If PD MCU was in RW and is now in RO + * AND it did not sysjump to RO, then it must have crashed, and + * therefore we should panic as well. + */ + if (pd_status.status & PD_STATUS_IN_RW) { + pd_in_rw = 1; + } else if (pd_in_rw && + !(pd_status.status & PD_STATUS_JUMPED_TO_IMAGE)) { + panic_printf("PD crash"); + software_panic(PANIC_SW_PD_CRASH, 0); + } +#endif + #ifdef HAS_TASK_LIGHTBAR /* * If charge port has changed, and it was initialized, then show diff --git a/include/config.h b/include/config.h index 5f30ba31f3..5ea6e7e4f7 100644 --- a/include/config.h +++ b/include/config.h @@ -708,6 +708,9 @@ #define CONFIG_HOSTCMD_RATE_LIMITING_MIN_REST (3 * MSEC) #define CONFIG_HOSTCMD_RATE_LIMITING_RECESS (20 * MSEC) +/* Panic when status of PD MCU reflects that it has crashed */ +#undef CONFIG_HOSTCMD_PD_PANIC + /*****************************************************************************/ /* Enable debugging and profiling statistics for hook functions */ diff --git a/include/ec_commands.h b/include/ec_commands.h index edf9f4fa6b..df16a557e9 100644 --- a/include/ec_commands.h +++ b/include/ec_commands.h @@ -2694,7 +2694,9 @@ struct ec_params_pd_status { } __packed; /* Status of PD being sent back to EC */ -#define PD_STATUS_HOST_EVENT (1 << 0) +#define PD_STATUS_HOST_EVENT (1 << 0) /* Forward host event to AP */ +#define PD_STATUS_IN_RW (1 << 1) /* Running RW image */ +#define PD_STATUS_JUMPED_TO_IMAGE (1 << 2) /* Current image was jumped to */ struct ec_response_pd_status { uint32_t status; /* PD MCU status */ uint32_t curr_lim_ma; /* input current limit */ diff --git a/include/software_panic.h b/include/software_panic.h index 9dc6d5a394..15070f95ed 100644 --- a/include/software_panic.h +++ b/include/software_panic.h @@ -17,6 +17,7 @@ /* Software panic reasons */ #define PANIC_SW_DIV_ZERO (PANIC_SW_BASE + 0) #define PANIC_SW_STACK_OVERFLOW (PANIC_SW_BASE + 1) +#define PANIC_SW_PD_CRASH (PANIC_SW_BASE + 2) #define PANIC_SW_ASSERT (PANIC_SW_BASE + 3) #define PANIC_SW_WATCHDOG (PANIC_SW_BASE + 4) |