safety: relay malfunction config (commaai#1959)

* Do Toyota relay malfunction config

* clean up

* not needed

* rm this

* rm

* fix

* great name (rename after commaai#1954)

* do gm

* need this since we will dynamically block it

* subie

* some more brands

* Ford

* Chrysler

* Hyundai

* huge oof hyundai

* toyota & vw

* fix

* tesla

* 0x194 isn't on Honda Bosch

* Honda: we can check bus 1 for 0xe4

* misra

* static

* ugh need this

* correct

* nl

* like

* space

Author: sshane

opendbc/safety/safety.h

@@ -213,6 +213,18 @@ bool safety_rx_hook(const CANPacket_t *to_push) {
   bool valid = rx_msg_safety_check(to_push, &current_safety_config, current_hooks);
   if (valid) {
     current_hooks->rx(to_push);
+
+    const int bus = GET_BUS(to_push);
+    const int addr = GET_ADDR(to_push);
+
+    // check all tx msgs for liveness on sending bus if specified.
+    // used to detect a relay malfunction or control messages from disabled ECUs like the radar
+    for (int i = 0; i < current_safety_config.tx_msgs_len; i++) {
+      const CanMsg *m = &current_safety_config.tx_msgs[i];
+      if (m->check_relay) {
+        generic_rx_checks((m->addr == addr) && (m->bus == bus));
+      }
+    }
   }
 
   // reset mismatches on rising edge of controls_allowed to avoid rare race condition
@@ -337,7 +349,7 @@ static void relay_malfunction_set(void) {
   fault_occurred(FAULT_RELAY_MALFUNCTION);
 }
 
-void generic_rx_checks(bool stock_ecu_detected) {
+static void generic_rx_checks(bool stock_ecu_detected) {
   // allow 1s of transition timeout after relay changes state before assessing malfunctioning
   const uint32_t RELAY_TRNS_TIMEOUT = 1U;
 

opendbc/safety/safety/safety_body.h

@@ -34,9 +34,9 @@ static safety_config body_init(uint16_t param) {
     {.msg = {{0x201, 0, 8, .ignore_checksum = true, .ignore_counter = true, .frequency = 100U}, { 0 }, { 0 }}},
   };
 
-  static const CanMsg BODY_TX_MSGS[] = {{0x250, 0, 8}, {0x250, 0, 6}, {0x251, 0, 5},  // body
-                                        {0x350, 0, 8}, {0x350, 0, 6}, {0x351, 0, 5},  // knee
-                                        {0x1, 0, 8}}; // CAN flasher
+  static const CanMsg BODY_TX_MSGS[] = {{0x250, 0, 8, false}, {0x250, 0, 6, false}, {0x251, 0, 5, false},  // body
+                                        {0x350, 0, 8, false}, {0x350, 0, 6, false}, {0x351, 0, 5, false},  // knee
+                                        {0x1, 0, 8, false}}; // CAN flasher
 
   UNUSED(param);
   return BUILD_SAFETY_CFG(body_rx_checks, BODY_TX_MSGS);

opendbc/safety/safety/safety_chrysler.h

@@ -100,8 +100,6 @@ static void chrysler_rx_hook(const CANPacket_t *to_push) {
   if ((bus == 0) && (addr == chrysler_addrs->ESP_1)) {
     brake_pressed = ((GET_BYTE(to_push, 0U) & 0xFU) >> 2U) == 1U;
   }
-
-  generic_rx_checks((bus == 0) && (addr == chrysler_addrs->LKAS_COMMAND));
 }
 
 static bool chrysler_tx_hook(const CANPacket_t *to_send) {
@@ -224,15 +222,15 @@ static safety_config chrysler_init(uint16_t param) {
   };
 
   static const CanMsg CHRYSLER_TX_MSGS[] = {
-    {CHRYSLER_ADDRS.CRUISE_BUTTONS, 0, 3},
-    {CHRYSLER_ADDRS.LKAS_COMMAND, 0, 6},
-    {CHRYSLER_ADDRS.DAS_6, 0, 8},
+    {CHRYSLER_ADDRS.CRUISE_BUTTONS, 0, 3, false},
+    {CHRYSLER_ADDRS.LKAS_COMMAND, 0, 6, true},
+    {CHRYSLER_ADDRS.DAS_6, 0, 8, false},
   };
 
   static const CanMsg CHRYSLER_RAM_DT_TX_MSGS[] = {
-    {CHRYSLER_RAM_DT_ADDRS.CRUISE_BUTTONS, 2, 3},
-    {CHRYSLER_RAM_DT_ADDRS.LKAS_COMMAND, 0, 8},
-    {CHRYSLER_RAM_DT_ADDRS.DAS_6, 0, 8},
+    {CHRYSLER_RAM_DT_ADDRS.CRUISE_BUTTONS, 2, 3, false},
+    {CHRYSLER_RAM_DT_ADDRS.LKAS_COMMAND, 0, 8, true},
+    {CHRYSLER_RAM_DT_ADDRS.DAS_6, 0, 8, false},
   };
 
 #ifdef ALLOW_DEBUG
@@ -257,9 +255,9 @@ static safety_config chrysler_init(uint16_t param) {
   };
 
   static const CanMsg CHRYSLER_RAM_HD_TX_MSGS[] = {
-    {CHRYSLER_RAM_HD_ADDRS.CRUISE_BUTTONS, 2, 3},
-    {CHRYSLER_RAM_HD_ADDRS.LKAS_COMMAND, 0, 8},
-    {CHRYSLER_RAM_HD_ADDRS.DAS_6, 0, 8},
+    {CHRYSLER_RAM_HD_ADDRS.CRUISE_BUTTONS, 2, 3, false},
+    {CHRYSLER_RAM_HD_ADDRS.LKAS_COMMAND, 0, 8, true},
+    {CHRYSLER_RAM_HD_ADDRS.DAS_6, 0, 8, false},
   };
 
   const uint32_t CHRYSLER_PARAM_RAM_HD = 2U;  // set for Ram HD platform

opendbc/safety/safety/safety_ford.h

@@ -186,16 +186,7 @@ static void ford_rx_hook(const CANPacket_t *to_push) {
       bool cruise_engaged = (cruise_state == 4U) || (cruise_state == 5U);
       pcm_cruise_check(cruise_engaged);
     }
-
-    // If steering controls messages are received on the destination bus, it's an indication
-    // that the relay might be malfunctioning.
-    bool stock_ecu_detected = ford_lkas_msg_check(addr);
-    if (ford_longitudinal) {
-      stock_ecu_detected = stock_ecu_detected || (addr == FORD_ACCDATA);
-    }
-    generic_rx_checks(stock_ecu_detected);
   }
-
 }
 
 static bool ford_tx_hook(const CANPacket_t *to_send) {
@@ -359,33 +350,33 @@ static safety_config ford_init(uint16_t param) {
     {.msg = {{FORD_DesiredTorqBrk, 0, 8, .ignore_checksum = true, .ignore_counter = true, .frequency = 50U}, { 0 }, { 0 }}},
   };
 
-  #define FORD_COMMON_TX_MSGS       \
-    {FORD_Steering_Data_FD1, 0, 8}, \
-    {FORD_Steering_Data_FD1, 2, 8}, \
-    {FORD_ACCDATA_3, 0, 8},         \
-    {FORD_Lane_Assist_Data1, 0, 8}, \
-    {FORD_IPMA_Data, 0, 8},         \
+  #define FORD_COMMON_TX_MSGS              \
+    {FORD_Steering_Data_FD1, 0, 8, false}, \
+    {FORD_Steering_Data_FD1, 2, 8, false}, \
+    {FORD_ACCDATA_3, 0, 8, true},          \
+    {FORD_Lane_Assist_Data1, 0, 8, true},  \
+    {FORD_IPMA_Data, 0, 8, true},          \
 
   static const CanMsg FORD_CANFD_LONG_TX_MSGS[] = {
     FORD_COMMON_TX_MSGS
-    {FORD_ACCDATA, 0, 8},
-    {FORD_LateralMotionControl2, 0, 8},
+    {FORD_ACCDATA, 0, 8, true},
+    {FORD_LateralMotionControl2, 0, 8, true},
   };
 
   static const CanMsg FORD_CANFD_STOCK_TX_MSGS[] = {
     FORD_COMMON_TX_MSGS
-    {FORD_LateralMotionControl2, 0, 8},
+    {FORD_LateralMotionControl2, 0, 8, true},
   };
 
   static const CanMsg FORD_STOCK_TX_MSGS[] = {
     FORD_COMMON_TX_MSGS
-    {FORD_LateralMotionControl, 0, 8},
+    {FORD_LateralMotionControl, 0, 8, true},
   };
 
   static const CanMsg FORD_LONG_TX_MSGS[] = {
     FORD_COMMON_TX_MSGS
-    {FORD_ACCDATA, 0, 8},
-    {FORD_LateralMotionControl, 0, 8},
+    {FORD_ACCDATA, 0, 8, true},
+    {FORD_LateralMotionControl, 0, 8, true},
   };
 
   const uint16_t FORD_PARAM_CANFD = 2;

opendbc/safety/safety/safety_gm.h

@@ -84,14 +84,6 @@ static void gm_rx_hook(const CANPacket_t *to_push) {
     if (addr == 0xBD) {
       regen_braking = (GET_BYTE(to_push, 0) >> 4) != 0U;
     }
-
-    bool stock_ecu_detected = (addr == 0x180);  // ASCMLKASteeringCmd
-
-    // Check ASCMGasRegenCmd only if we're blocking it
-    if (!gm_pcm_cruise && (addr == 0x2CB)) {
-      stock_ecu_detected = true;
-    }
-    generic_rx_checks(stock_ecu_detected);
   }
 }
 
@@ -194,9 +186,9 @@ static safety_config gm_init(uint16_t param) {
     .max_brake = 400,
   };
 
-  static const CanMsg GM_ASCM_TX_MSGS[] = {{0x180, 0, 4}, {0x409, 0, 7}, {0x40A, 0, 7}, {0x2CB, 0, 8}, {0x370, 0, 6},  // pt bus
-                                           {0xA1, 1, 7}, {0x306, 1, 8}, {0x308, 1, 7}, {0x310, 1, 2},   // obs bus
-                                           {0x315, 2, 5}};  // ch bus
+  static const CanMsg GM_ASCM_TX_MSGS[] = {{0x180, 0, 4, true}, {0x409, 0, 7, false}, {0x40A, 0, 7, false}, {0x2CB, 0, 8, true}, {0x370, 0, 6, false},  // pt bus
+                                           {0xA1, 1, 7, false}, {0x306, 1, 8, false}, {0x308, 1, 7, false}, {0x310, 1, 2, false},   // obs bus
+                                           {0x315, 2, 5, false}};  // ch bus
 
 
   static const LongitudinalLimits GM_CAM_LONG_LIMITS = {
@@ -206,8 +198,8 @@ static safety_config gm_init(uint16_t param) {
     .max_brake = 400,
   };
 
-  static const CanMsg GM_CAM_LONG_TX_MSGS[] = {{0x180, 0, 4}, {0x315, 0, 5}, {0x2CB, 0, 8}, {0x370, 0, 6},  // pt bus
-                                               {0x184, 2, 8}};  // camera bus
+  static const CanMsg GM_CAM_LONG_TX_MSGS[] = {{0x180, 0, 4, true}, {0x315, 0, 5, false}, {0x2CB, 0, 8, true}, {0x370, 0, 6, false},  // pt bus
+                                               {0x184, 2, 8, false}};  // camera bus
 
 
   // TODO: do checksum and counter checks. Add correct timestep, 0.1s for now.
@@ -222,8 +214,8 @@ static safety_config gm_init(uint16_t param) {
     {.msg = {{0xC9, 0, 8, .ignore_checksum = true, .ignore_counter = true, .frequency = 10U}, { 0 }, { 0 }}},
   };
 
-  static const CanMsg GM_CAM_TX_MSGS[] = {{0x180, 0, 4},  // pt bus
-                                          {0x1E1, 2, 7}, {0x184, 2, 8}};  // camera bus
+  static const CanMsg GM_CAM_TX_MSGS[] = {{0x180, 0, 4, true},  // pt bus
+                                          {0x1E1, 2, 7, false}, {0x184, 2, 8, false}};  // camera bus
 
   gm_hw = GET_FLAG(param, GM_PARAM_HW_CAM) ? GM_CAM : GM_ASCM;
 

opendbc/safety/safety/safety_honda.h

@@ -169,25 +169,6 @@ static void honda_rx_hook(const CANPacket_t *to_push) {
       }
     }
   }
-
-  int bus_rdr_car = (honda_hw == HONDA_BOSCH) ? 0 : 2;  // radar bus, car side
-  bool stock_ecu_detected = false;
-
-  // If steering controls messages are received on the destination bus, it's an indication
-  // that the relay might be malfunctioning
-  if ((addr == 0xE4) || (addr == 0x194)) {
-    if (((honda_hw != HONDA_NIDEC) && (bus == bus_rdr_car)) || ((honda_hw == HONDA_NIDEC) && (bus == 0))) {
-      stock_ecu_detected = true;
-    }
-  }
-  // If Honda Bosch longitudinal mode is selected we need to ensure the radar is turned off
-  // Verify this by ensuring ACC_CONTROL (0x1DF) is not received on the PT bus
-  if (honda_bosch_long && !honda_bosch_radarless && (bus == pt_bus) && (addr == 0x1DF)) {
-    stock_ecu_detected = true;
-  }
-
-  generic_rx_checks(stock_ecu_detected);
-
 }
 
 static bool honda_tx_hook(const CANPacket_t *to_send) {
@@ -303,7 +284,7 @@ static bool honda_tx_hook(const CANPacket_t *to_send) {
 }
 
 static safety_config honda_nidec_init(uint16_t param) {
-  static CanMsg HONDA_N_TX_MSGS[] = {{0xE4, 0, 5}, {0x194, 0, 4}, {0x1FA, 0, 8}, {0x30C, 0, 8}, {0x33D, 0, 5}};
+  static CanMsg HONDA_N_TX_MSGS[] = {{0xE4, 0, 5, true}, {0x194, 0, 4, true}, {0x1FA, 0, 8, false}, {0x30C, 0, 8, false}, {0x33D, 0, 5, false}};
 
   const uint16_t HONDA_PARAM_NIDEC_ALT = 4;
 
@@ -336,10 +317,10 @@ static safety_config honda_nidec_init(uint16_t param) {
 }
 
 static safety_config honda_bosch_init(uint16_t param) {
-  static CanMsg HONDA_BOSCH_TX_MSGS[] = {{0xE4, 0, 5}, {0xE5, 0, 8}, {0x296, 1, 4}, {0x33D, 0, 5}, {0x33DA, 0, 5}, {0x33DB, 0, 8}};  // Bosch
-  static CanMsg HONDA_BOSCH_LONG_TX_MSGS[] = {{0xE4, 1, 5}, {0x1DF, 1, 8}, {0x1EF, 1, 8}, {0x1FA, 1, 8}, {0x30C, 1, 8}, {0x33D, 1, 5}, {0x33DA, 1, 5}, {0x33DB, 1, 8}, {0x39F, 1, 8}, {0x18DAB0F1, 1, 8}};  // Bosch w/ gas and brakes
-  static CanMsg HONDA_RADARLESS_TX_MSGS[] = {{0xE4, 0, 5}, {0x296, 2, 4}, {0x33D, 0, 8}};  // Bosch radarless
-  static CanMsg HONDA_RADARLESS_LONG_TX_MSGS[] = {{0xE4, 0, 5}, {0x33D, 0, 8}, {0x1C8, 0, 8}, {0x30C, 0, 8}};  // Bosch radarless w/ gas and brakes
+  static CanMsg HONDA_BOSCH_TX_MSGS[] = {{0xE4, 0, 5, true}, {0xE5, 0, 8, false}, {0x296, 1, 4, false}, {0x33D, 0, 5, false}, {0x33DA, 0, 5, false}, {0x33DB, 0, 8, false}};  // Bosch
+  static CanMsg HONDA_BOSCH_LONG_TX_MSGS[] = {{0xE4, 1, 5, true}, {0x1DF, 1, 8, true}, {0x1EF, 1, 8, false}, {0x1FA, 1, 8, false}, {0x30C, 1, 8, false}, {0x33D, 1, 5, false}, {0x33DA, 1, 5, false}, {0x33DB, 1, 8, false}, {0x39F, 1, 8, false}, {0x18DAB0F1, 1, 8, false}};  // Bosch w/ gas and brakes
+  static CanMsg HONDA_RADARLESS_TX_MSGS[] = {{0xE4, 0, 5, true}, {0x296, 2, 4, false}, {0x33D, 0, 8, false}};  // Bosch radarless
+  static CanMsg HONDA_RADARLESS_LONG_TX_MSGS[] = {{0xE4, 0, 5, true}, {0x33D, 0, 8, false}, {0x1C8, 0, 8, false}, {0x30C, 0, 8, false}};  // Bosch radarless w/ gas and brakes
 
   const uint16_t HONDA_PARAM_ALT_BRAKE = 1;
   const uint16_t HONDA_PARAM_RADARLESS = 8;

opendbc/safety/safety/safety_hyundai.h

@@ -27,17 +27,17 @@ const LongitudinalLimits HYUNDAI_LONG_LIMITS = {
 };
 
 #define HYUNDAI_COMMON_TX_MSGS(scc_bus) \
-  {0x340, 0,       8},  /* LKAS11 Bus 0                              */ \
-  {0x4F1, scc_bus, 4},  /* CLU11 Bus 0 (radar-SCC) or 2 (camera-SCC) */ \
-  {0x485, 0,       4},  /* LFAHDA_MFC Bus 0                          */ \
+  {0x340, 0,       8, true},   /* LKAS11 Bus 0                              */ \
+  {0x4F1, scc_bus, 4, false},  /* CLU11 Bus 0 (radar-SCC) or 2 (camera-SCC) */ \
+  {0x485, 0,       4, false},  /* LFAHDA_MFC Bus 0                          */ \
 
 #define HYUNDAI_LONG_COMMON_TX_MSGS(scc_bus) \
-  HYUNDAI_COMMON_TX_MSGS(scc_bus)                                       \
-  {0x420, 0,       8},  /* SCC11 Bus 0                               */ \
-  {0x421, 0,       8},  /* SCC12 Bus 0                               */ \
-  {0x50A, 0,       8},  /* SCC13 Bus 0                               */ \
-  {0x389, 0,       8},  /* SCC14 Bus 0                               */ \
-  {0x4A2, 0,       2},  /* FRT_RADAR11 Bus 0                         */ \
+  HYUNDAI_COMMON_TX_MSGS(scc_bus)                                             \
+  {0x420, 0,       8, false},           /* SCC11 Bus 0                     */ \
+  {0x421, 0,       8, (scc_bus) == 0},  /* SCC12 Bus 0                     */ \
+  {0x50A, 0,       8, false},           /* SCC13 Bus 0                     */ \
+  {0x389, 0,       8, false},           /* SCC14 Bus 0                     */ \
+  {0x4A2, 0,       2, false},           /* FRT_RADAR11 Bus 0               */ \
 
 #define HYUNDAI_COMMON_RX_CHECKS(legacy)                                                                                                                  \
   {.msg = {{0x260, 0, 8, .max_counter = 3U, .frequency = 100U},                                                                                           \
@@ -176,15 +176,6 @@ static void hyundai_rx_hook(const CANPacket_t *to_push) {
     if (addr == 0x394) {
       brake_pressed = ((GET_BYTE(to_push, 5) >> 5U) & 0x3U) == 0x2U;
     }
-
-    bool stock_ecu_detected = (addr == 0x340);
-
-    // If openpilot is controlling longitudinal we need to ensure the radar is turned off
-    // Enforce by checking we don't see SCC12
-    if (hyundai_longitudinal && !hyundai_camera_scc && (addr == 0x421)) {
-      stock_ecu_detected = true;
-    }
-    generic_rx_checks(stock_ecu_detected);
   }
 }
 
@@ -281,9 +272,9 @@ static bool hyundai_fwd_hook(int bus_num, int addr) {
 static safety_config hyundai_init(uint16_t param) {
   static const CanMsg HYUNDAI_LONG_TX_MSGS[] = {
     HYUNDAI_LONG_COMMON_TX_MSGS(0)
-    {0x38D, 0, 8}, // FCA11 Bus 0
-    {0x483, 0, 8}, // FCA12 Bus 0
-    {0x7D0, 0, 8}, // radar UDS TX addr Bus 0 (for radar disable)
+    {0x38D, 0, 8, false}, // FCA11 Bus 0
+    {0x483, 0, 8, false}, // FCA12 Bus 0
+    {0x7D0, 0, 8, false}, // radar UDS TX addr Bus 0 (for radar disable)
   };
 
   static const CanMsg HYUNDAI_CAMERA_SCC_TX_MSGS[] = {