1 Linux I2C fault injection
2 =========================
4 The GPIO based I2C bus master driver can be configured to provide fault
5 injection capabilities. It is then meant to be connected to another I2C bus
6 which is driven by the I2C bus master driver under test. The GPIO fault
7 injection driver can create special states on the bus which the other I2C bus
8 master driver should handle gracefully.
10 Once the Kconfig option I2C_GPIO_FAULT_INJECTOR is enabled, there will be an
11 'i2c-fault-injector' subdirectory in the Kernel debugfs filesystem, usually
12 mounted at /sys/kernel/debug. There will be a separate subdirectory per GPIO
13 driven I2C bus. Each subdirectory will contain files to trigger the fault
14 injection. They will be described now along with their intended use-cases.
19 By reading this file, you get the current state of SCL. By writing, you can
20 change its state to either force it low or to release it again. So, by using
21 "echo 0 > scl" you force SCL low and thus, no communication will be possible
22 because the bus master under test will not be able to clock. It should detect
23 the condition of SCL being unresponsive and report an error to the upper
29 By reading this file, you get the current state of SDA. By writing, you can
30 change its state to either force it low or to release it again. So, by using
31 "echo 0 > sda" you force SDA low and thus, data cannot be transmitted. The bus
32 master under test should detect this condition and trigger a bus recovery (see
33 I2C specification version 4, section 3.1.16) using the helpers of the Linux I2C
34 core (see 'struct bus_recovery_info'). However, the bus recovery will not
35 succeed because SDA is still pinned low until you manually release it again
36 with "echo 1 > sda". A test with an automatic release can be done with the
37 following class of fault injectors.
39 Introduction to incomplete transfers
40 ------------------------------------
42 The following fault injectors create situations where SDA will be held low by a
43 device. Bus recovery should be able to fix these situations. But please note:
44 there are I2C client devices which detect a stuck SDA on their side and release
45 it on their own after a few milliseconds. Also, there might be an external
46 device deglitching and monitoring the I2C bus. It could also detect a stuck SDA
47 and will init a bus recovery on its own. If you want to implement bus recovery
48 in a bus master driver, make sure you checked your hardware setup for such
49 devices before. And always verify with a scope or logic analyzer!
51 "incomplete_address_phase"
52 --------------------------
54 This file is write only and you need to write the address of an existing I2C
55 client device to it. Then, a read transfer to this device will be started, but
56 it will stop at the ACK phase after the address of the client has been
57 transmitted. Because the device will ACK its presence, this results in SDA
58 being pulled low by the device while SCL is high. So, similar to the "sda" file
59 above, the bus master under test should detect this condition and try a bus
60 recovery. This time, however, it should succeed and the device should release
61 SDA after toggling SCL.
63 "incomplete_write_byte"
64 -----------------------
66 Similar to above, this file is write only and you need to write the address of
67 an existing I2C client device to it.
69 The injector will again stop at one ACK phase, so the device will keep SDA low
70 because it acknowledges data. However, there are two differences compared to
71 'incomplete_address_phase':
73 a) the message sent out will be a write message
74 b) after the address byte, a 0x00 byte will be transferred. Then, stop at ACK.
76 This is a highly delicate state, the device is set up to write any data to
77 register 0x00 (if it has registers) when further clock pulses happen on SCL.
78 This is why bus recovery (up to 9 clock pulses) must either check SDA or send
79 additional STOP conditions to ensure the bus has been released. Otherwise
80 random data will be written to a device!