From f2292e420bd856b8cef6633af46e2641f401e84c Mon Sep 17 00:00:00 2001 From: Riccardo Date: Fri, 31 Aug 2018 22:47:20 -0700 Subject: [PATCH] Hyundai: added safety check for button spam --- board/safety/safety_hyundai.h | 21 ++++++++++----------- tests/safety/test_honda.py | 2 +- tests/safety/test_hyundai.py | 20 ++++++++++++++++++++ 3 files changed, 31 insertions(+), 12 deletions(-) diff --git a/board/safety/safety_hyundai.h b/board/safety/safety_hyundai.h index c082095e6f8830..d474eaeaf864f2 100644 --- a/board/safety/safety_hyundai.h +++ b/board/safety/safety_hyundai.h @@ -6,9 +6,6 @@ const int HYUNDAI_MAX_RATE_DOWN = 7; const int HYUNDAI_DRIVER_TORQUE_ALLOWANCE = 50; const int HYUNDAI_DRIVER_TORQUE_FACTOR = 2; -int hyundai_brake_prev = 0; -int hyundai_gas_prev = 0; -int hyundai_speed = 0; int hyundai_camera_detected = 0; int hyundai_giraffe_switch_2 = 0; // is giraffe switch 2 high? int hyundai_rt_torque_last = 0; @@ -67,11 +64,6 @@ static int hyundai_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { return 0; } - // disallow actuator commands if gas or brake (with vehicle moving) are pressed - // and the the latching controls_allowed flag is True - int pedal_pressed = hyundai_gas_prev || (hyundai_brake_prev && hyundai_speed); - int current_controls_allowed = controls_allowed && !pedal_pressed; - uint32_t addr; if (to_send->RIR & 4) { // Extended @@ -87,7 +79,7 @@ static int hyundai_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { uint32_t ts = TIM2->CNT; int violation = 0; - if (current_controls_allowed) { + if (controls_allowed) { // *** global torque limit check *** violation |= max_limit_check(desired_torque, HYUNDAI_MAX_STEER, -HYUNDAI_MAX_STEER); @@ -112,12 +104,12 @@ static int hyundai_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { } // no torque if controls is not allowed - if (!current_controls_allowed && (desired_torque != 0)) { + if (!controls_allowed && (desired_torque != 0)) { violation = 1; } // reset to 0 if either controls is not allowed or there's a violation - if (violation || !current_controls_allowed) { + if (violation || !controls_allowed) { hyundai_desired_torque_last = 0; hyundai_rt_torque_last = 0; hyundai_ts_last = ts; @@ -128,6 +120,13 @@ static int hyundai_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { } } + // FORCE CANCEL: safety check only relevant when spamming the cancel button. + // ensuring that only the cancel button press is sent (VAL 4) when controls are off. + // This avoids unintended engagements while still allowing resume spam + if (((to_send->RIR>>21) == 1265) && !controls_allowed && ((to_send->RDTR >> 4) & 0xFF) == 0) { + if ((to_send->RDLR & 0x7) != 4) return 0; + } + // 1 allows the message through return true; } diff --git a/tests/safety/test_honda.py b/tests/safety/test_honda.py index 143916d609ec05..48b678eaaec43e 100755 --- a/tests/safety/test_honda.py +++ b/tests/safety/test_honda.py @@ -108,7 +108,7 @@ def test_alt_disengage_on_brake(self): self.safety.set_controls_allowed(1) self.safety.honda_rx_hook(self._alt_brake_msg(1)) self.assertFalse(self.safety.get_controls_allowed()) - + self.safety.set_honda_alt_brake_msg(0) self.safety.set_controls_allowed(1) self.safety.honda_rx_hook(self._alt_brake_msg(1)) diff --git a/tests/safety/test_hyundai.py b/tests/safety/test_hyundai.py index c3ecc38855d118..c53a85c0536984 100644 --- a/tests/safety/test_hyundai.py +++ b/tests/safety/test_hyundai.py @@ -32,6 +32,12 @@ def setUp(cls): cls.safety.nooutput_init(0) cls.safety.init_tests_hyundai() + def _button_msg(self, buttons): + to_send = libpandasafety_py.ffi.new('CAN_FIFOMailBox_TypeDef *') + to_send[0].RIR = 1265 << 21 + to_send[0].RDLR = buttons + return to_send + def _set_prev_torque(self, t): self.safety.set_hyundai_desired_torque_last(t) self.safety.set_hyundai_rt_torque_last(t) @@ -162,5 +168,19 @@ def test_realtime_limits(self): self.assertTrue(self.safety.hyundai_tx_hook(self._torque_msg(sign * (MAX_RT_DELTA + 1)))) + def test_spam_cancel_safety_check(self): + RESUME_BTN = 1 + SET_BTN = 2 + CANCEL_BTN = 4 + BUTTON_MSG = 1265 + self.safety.set_controls_allowed(0) + self.assertTrue(self.safety.hyundai_tx_hook(self._button_msg(CANCEL_BTN))) + self.assertFalse(self.safety.hyundai_tx_hook(self._button_msg(RESUME_BTN))) + self.assertFalse(self.safety.hyundai_tx_hook(self._button_msg(SET_BTN))) + # do not block resume if we are engaged already + self.safety.set_controls_allowed(1) + self.assertTrue(self.safety.hyundai_tx_hook(self._button_msg(RESUME_BTN))) + + if __name__ == "__main__": unittest.main()