v0.2.0 mergeback: 01-05-2026#667
Merged
jerrysxie merged 22 commits intoOpenDevicePartnership:v0.2.0from Jan 6, 2026
Merged
Conversation
…ship#595) Consumer device is not cleared on detach when there is connected provider Co-authored-by: zhuyi <zhuyi@microsoft.com>
# Breaking Breaking due to `Storage::create_referenced` now returning an `Option<_>`. Migration is to handle the returned option appropriately.
…mer_capability (OpenDevicePartnership#636) In current ODP code [cmp_consumer_capability()](https://github.com/OpenDevicePartnership/embedded-services/blob/2eaac0fdddf76e52fab5f24cffc635c69037de94/power-policy-service/src/consumer.rs#L25), when two power sources have the same power capability, it will compare their `unconstrained_power` next. Currently, the unconstrained power of USBC power is always false, so if the unconstrained power of another lower-power source is always true, it will always select this lower-power source regardless of whether it's inserted first or last. It is enough to use power capability and current power flag to choose best consumer.
…ip#640) OpenDevicePartnership#594 moved the responsibility for declaring async tasks from embedded-services to the application layer. To support this, some tasks that needed to be generic over a type (which is not directly supported by embassy) made into macros that emit a function that uses a concrete type. The application layer is required to call that macro and then implement a task that invokes the generated function. However, in the case of the keyboard service, there appears to be a typo causing the name of the type identifier being passed into the macro to not match the name of the type identifier that is actually used in the macro, resulting in a compilation error whenever a user tries to actually invoke the macro. This change fixes the typo.
…ip#627) Also update events to use full power capability structs. ### Breaking Breaking due to replacing usages of `PowerCapability` with `ConsumerPowerCapability`. The former is still accessible as a public member within the latter; migration is to use that public member.
This pull request focuses on improving CRC calculation logic and platform reset handling in the `platform-service` crate. The main changes clarify the initialization of CRC calculations for both `u32` and `u16` types and refine platform-specific reset behavior to ensure correct operation depending on the compilation target. CRC calculation improvements: * Refactored the initialization logic in both `EmbeddedCrc<u32>` and `EmbeddedCrc<u16>` to handle split calculations more clearly by directly checking for an existing CRC and unfinalizing it if present, otherwise using the algorithm's initial value. [[1]](diffhunk://#diff-3d5bb073641c8f7d552570e41eb3e83cb2e9027dcce4456204567a57599a8b5fL29-L34) [[2]](diffhunk://#diff-3d5bb073641c8f7d552570e41eb3e83cb2e9027dcce4456204567a57599a8b5fL79-L84) Platform reset handling: * Added a `#[cfg(feature = "cortex-m")]` attribute to the `system_reset` function to ensure it is only compiled for Cortex-M targets, preventing usage on unsupported platforms. * Removed unreachable or platform-inappropriate reset code for non-Cortex-M environments, ensuring that `system_reset` only attempts a reset when the feature is enabled and avoiding panics in unsupported environments.
### Breaking Introduces a struct to with named fields for indexing range errors. Interrupt passthrough processing function now returns a result. Migration is to move over to the named indexing error struct and properly handle the interrupt error if using passthrough.
This pull request refactors error handling and buffer copying logic in the battery service code to make it more robust and explicit. The main improvements are in the way slices are copied into fixed-size buffers and how errors are handled and propagated in the state machine. Buffer copying improvements: * Refactored the buffer copying logic in `compute_bix` (`acpi.rs`) to use safer and more explicit slice operations with `get_mut` and `ok_or`, replacing the previous use of `try_into` and direct indexing. This reduces the chance of panics and makes error handling clearer. Error handling and state machine robustness: * Updated the state machine timeout handling in `Context` (`context.rs`) to properly propagate errors: now, if the state machine returns an error, it sends a `StateError` instead of assuming infallibility. * Changed the handling of `BatteryEventInner::Oem` events to return a specific `InvalidActionInState` error instead of an unimplemented panic (`todo!()`), making the state machine more robust and explicit about unsupported actions.
Depends on OpenDevicePartnership/embedded-usb-pd#58 This pull request introduces several enhancements and fixes to the power policy and Type-C service modules, primarily adding more granular control and reporting for power and battery charging status. The most significant changes include the introduction of configurable battery charging thresholds, improved event handling for consumer connections and disconnections, and more robust tracking and reporting of battery charging capabilities. **Power policy and battery charging improvements:** * Added `min_consumer_threshold_mw` to `Config` in `power-policy-service`, allowing configuration of a minimum power threshold for considering consumers. Consumers below this threshold are ignored, improving power selection logic. [[1]](diffhunk://#diff-5886b8554c87d667a8e7a8f1beb642f5e6c003bb8f72ffc3dfce3916f50137abR13-R14) [[2]](diffhunk://#diff-5886b8554c87d667a8e7a8f1beb642f5e6c003bb8f72ffc3dfce3916f50137abR32-R33) [[3]](diffhunk://#diff-95891387089117beeff31622711de753c4218e1ec0977ada3fac6d803be762d5R43-R58) * Introduced `UcsiBatteryChargingThresholdConfig` in `type-c-service`, enabling configuration of thresholds for "no", "very slow", and "slow" battery charging reporting. This allows more accurate UCSI battery charging status based on negotiated power. [[1]](diffhunk://#diff-2a3e2c429ff00a445d04f46ade67be685848fdd12db7f0ef63bfd8df6b77fa87R3-R27) [[2]](diffhunk://#diff-b76bcb4a25801dcbe12fd2e9c3fb9eec2367a3053f9f214c8f00c4f6aab0ebc1R69-R150) **Event handling and state management:** * Added new `PowerPolicyEvent` variants (`ConsumerConnected`, `ConsumerDisconnected`) and updated event processing to track PSU connection state and trigger UCSI notifications when consumer connection status changes. [[1]](diffhunk://#diff-f5156d0763a6adbab48458c103cda1866ef9b1af930b06b04a9435e347339902R75-R78) [[2]](diffhunk://#diff-b8fff5391b402d71aaebd392afaf99902576b22b78d50011f93f00eab9545874R19-R24) [[3]](diffhunk://#diff-b8fff5391b402d71aaebd392afaf99902576b22b78d50011f93f00eab9545874R100-R113) * Improved UCSI event handling by adding `handle_ucsi_port_event`, which updates battery charging capability status when power negotiation completes or ports are disconnected, and ensures correct notification behavior. [[1]](diffhunk://#diff-f5156d0763a6adbab48458c103cda1866ef9b1af930b06b04a9435e347339902L152-R156) [[2]](diffhunk://#diff-b76bcb4a25801dcbe12fd2e9c3fb9eec2367a3053f9f214c8f00c4f6aab0ebc1L212-R301) [[3]](diffhunk://#diff-b76bcb4a25801dcbe12fd2e9c3fb9eec2367a3053f9f214c8f00c4f6aab0ebc1L232-R354) **Battery charging status tracking:** * Added tracking for ports with valid battery charging capability and logic to determine and report charging status only after power negotiation is complete, avoiding premature or incorrect status reports. [[1]](diffhunk://#diff-b76bcb4a25801dcbe12fd2e9c3fb9eec2367a3053f9f214c8f00c4f6aab0ebc1R22-R28) [[2]](diffhunk://#diff-b76bcb4a25801dcbe12fd2e9c3fb9eec2367a3053f9f214c8f00c4f6aab0ebc1R37) [[3]](diffhunk://#diff-b76bcb4a25801dcbe12fd2e9c3fb9eec2367a3053f9f214c8f00c4f6aab0ebc1R69-R150) [[4]](diffhunk://#diff-b76bcb4a25801dcbe12fd2e9c3fb9eec2367a3053f9f214c8f00c4f6aab0ebc1L232-R354) **Logging improvements:** * Increased log level from `trace!` to `debug!` for port status reporting in the Type-C driver for better visibility during development and troubleshooting. **Internal refactoring:** * Refactored UCSI command processing to operate on the correct state structure, improving code clarity and correctness. [[1]](diffhunk://#diff-b76bcb4a25801dcbe12fd2e9c3fb9eec2367a3053f9f214c8f00c4f6aab0ebc1L114-R190) [[2]](diffhunk://#diff-b76bcb4a25801dcbe12fd2e9c3fb9eec2367a3053f9f214c8f00c4f6aab0ebc1L127-R203) [[3]](diffhunk://#diff-b76bcb4a25801dcbe12fd2e9c3fb9eec2367a3053f9f214c8f00c4f6aab0ebc1L157-R238) [[4]](diffhunk://#diff-b76bcb4a25801dcbe12fd2e9c3fb9eec2367a3053f9f214c8f00c4f6aab0ebc1L171-R279) These changes together provide more accurate and configurable power and charging management, enhance system observability, and improve the robustness of the Type-C service.
This pull request introduces improvements to error handling and code safety in the CFU component and device request logic. The main changes ensure that protocol errors are properly surfaced when sub-component information is missing, and refactor device lookup logic to use more idiomatic Rust patterns, reducing the risk of panics and improving code clarity. **Error Handling and Protocol Safety** * When retrieving firmware version information from sub-components in `CfuComponentDefault`, the code now checks for missing data and returns a protocol error (`CfuProtocolError::BadResponse`) instead of using a default value. This prevents silent failures and makes error cases explicit. **Code Refactoring and Idiomatic Rust** * Refactored device lookup in `route_request`, `send_device_request`, and `wait_device_response` functions to use `if let Some(device)` instead of manually unwrapping `Option`. This eliminates potential panics and makes the code more idiomatic and readable. **Safety and Documentation** * Added a compile-time assertion to guarantee that `MAX_CMPT_COUNT` is always one greater than `MAX_SUBCMPT_COUNT`, ensuring safe indexing and preventing out-of-bounds errors. * Improved comments and annotations to clarify panic safety and suppress unnecessary Clippy warnings where indexing is guaranteed to be safe.
This pull request improves error handling and code safety in the HID command and descriptor encoding/decoding logic. The main changes include replacing unsafe `unwrap()` calls with proper error handling, and documenting/pacifying potential panics when using slice indexing. These updates make the code more robust and easier to maintain. **Error handling improvements:** - Replaced all `unwrap()` calls on `Option` values with `ok_or` and appropriate error variants in the `Command::from_opcode` logic, preventing panics when required fields are missing. **Code safety and documentation:** - Added comments explaining panic safety and allowed Clippy's `indexing_slicing` lint in all encoding/decoding functions that use slice indexing, ensuring that buffer length checks are always performed before accessing slices. [[1]](diffhunk://#diff-ca181c8393f56639bc6eb40e19acb218ab7c8d0a3897127a068b6b3eb82d7b8eR345-R346) [[2]](diffhunk://#diff-ca181c8393f56639bc6eb40e19acb218ab7c8d0a3897127a068b6b3eb82d7b8eR390-R391) [[3]](diffhunk://#diff-ca181c8393f56639bc6eb40e19acb218ab7c8d0a3897127a068b6b3eb82d7b8eR406-R407) [[4]](diffhunk://#diff-ca181c8393f56639bc6eb40e19acb218ab7c8d0a3897127a068b6b3eb82d7b8eR425-R426) [[5]](diffhunk://#diff-ca181c8393f56639bc6eb40e19acb218ab7c8d0a3897127a068b6b3eb82d7b8eR442-R443) [[6]](diffhunk://#diff-f1ae502de2cb2efb28e0315b9e02e27b3ac7edb4e6b4fd9e7dfd0f937821c63dR79-R80) [[7]](diffhunk://#diff-f1ae502de2cb2efb28e0315b9e02e27b3ac7edb4e6b4fd9e7dfd0f937821c63dR109-R110) **Buffer access validation:** - Updated the `Command::SetPower` encoding to use `get_mut` with error handling instead of direct slice indexing, ensuring the buffer is large enough before writing.
This pull request improves error handling and robustness in port event management by introducing explicit error types and propagating errors when invalid port indices are used. The changes ensure that port operations such as marking ports as pending or clearing them now return results, making it easier to handle invalid operations gracefully. The updates also modify existing code and tests to handle these results appropriately. **Port Event Error Handling Improvements:** * Added a new `Error` enum to `embedded-service/src/type_c/event.rs` to represent event-related errors, such as `InvalidPort`. * Updated `PortPending` methods (`pend_port`, `pend_ports`, `clear_port`, `is_pending`) to return `Result` types and check for invalid port indices, returning `Error::InvalidPort` when appropriate. * Modified the `PortPendingIter` iterator and `FromIterator` implementation to handle and propagate errors from the updated methods [[1]](diffhunk://#diff-cb5748d734af8ecc6e11c1466c6b24a8489643e71ecf43949c95a26d220875aaL456-R479) [[2]](diffhunk://#diff-cb5748d734af8ecc6e11c1466c6b24a8489643e71ecf43949c95a26d220875aaL477-R504). **Controller and Service Integration:** * Updated calls to `pend_port` in `type-c-service/src/wrapper/mod.rs` and `type-c-service/src/wrapper/vdm.rs` to handle errors, mapping them to existing error types where necessary [[1]](diffhunk://#diff-290846bfcbff1eca2c387df1630bf532f6af6495473e4d8bde8434463fe2c4c9L302-R304) [[2]](diffhunk://#diff-290846bfcbff1eca2c387df1630bf532f6af6495473e4d8bde8434463fe2c4c9L336-R340) [[3]](diffhunk://#diff-3beccbb93f85b7e377e1906503faf49365da122f62795bcf5e384ac30eaa9bb4L58-R60). * Improved the `Device::lookup_global_port` method in `embedded-service/src/type_c/controller.rs` to use safe access and error propagation when looking up ports. **Test Adjustments:** * Updated all test usages of `pend_port` to handle the new `Result` return type by unwrapping the result, ensuring tests fail on error [[1]](diffhunk://#diff-cb5748d734af8ecc6e11c1466c6b24a8489643e71ecf43949c95a26d220875aaL503-R533) [[2]](diffhunk://#diff-b3eeb4ba5f74cc6068678b62f18b7a449b8740fb4db37e9f81ba509641b15bb0L151-R153) [[3]](diffhunk://#diff-b3eeb4ba5f74cc6068678b62f18b7a449b8740fb4db37e9f81ba509641b15bb0L200-R200) [[4]](diffhunk://#diff-b3eeb4ba5f74cc6068678b62f18b7a449b8740fb4db37e9f81ba509641b15bb0L232-R232) [[5]](diffhunk://#diff-b3eeb4ba5f74cc6068678b62f18b7a449b8740fb4db37e9f81ba509641b15bb0L255-R256) [[6]](diffhunk://#diff-b3eeb4ba5f74cc6068678b62f18b7a449b8740fb4db37e9f81ba509641b15bb0L324-R324) [[7]](diffhunk://#diff-b3eeb4ba5f74cc6068678b62f18b7a449b8740fb4db37e9f81ba509641b15bb0L335-R336).
This pull request focuses on improving error handling and robustness in the `cfu-service` module, particularly in the `Splitter` logic for firmware and content responses. The changes ensure that slice accesses are safe and that invalid or incomplete responses are handled gracefully. Additionally, there are minor code quality improvements and clarifications around panic safety. **Error handling and robustness improvements:** * Updated the logic in `Splitter` methods to only process slices if they are of the expected length, returning an invalid response otherwise. This prevents panics due to out-of-bounds slice accesses and ensures more robust error handling for firmware version, offer, and content responses. [[1]](diffhunk://#diff-caa31abb8af70b4577e107f91c0c5f7809b664de4035d525e6122f5c895f9f97L92-R99) [[2]](diffhunk://#diff-caa31abb8af70b4577e107f91c0c5f7809b664de4035d525e6122f5c895f9f97L122-R126) [[3]](diffhunk://#diff-caa31abb8af70b4577e107f91c0c5f7809b664de4035d525e6122f5c895f9f97L148-R149) **Code quality and safety clarifications:** * Added explicit comments and attributes to clarify unreachable code and panic safety in `map_slice_join` and singleton initialization, including a `#[allow(clippy::expect_used)]` for the singleton and `#[allow(clippy::unreachable)]` for unreachable arms. [[1]](diffhunk://#diff-caa31abb8af70b4577e107f91c0c5f7809b664de4035d525e6122f5c895f9f97R228-R229) [[2]](diffhunk://#diff-caa31abb8af70b4577e107f91c0c5f7809b664de4035d525e6122f5c895f9f97L276) [[3]](diffhunk://#diff-89fffd87fefee180e49da66cd96fc5570e1ae2cde4b0304f3412bfcfc8208df0R9) * Simplified the control flow in `Buffer::wait_buffered_content` by removing unnecessary unreachable code and ensuring the buffer receiver is always awaited after pending.
This pull request adds Clippy lint suppressions and explanatory comments to improve code clarity and maintainability in non-deployed code paths. The changes focus on documenting and justifying the use of potentially unsafe operations in test or procedural macro code. Error handling and lint suppression improvements: * Added `#[allow(clippy::unwrap_used)]` and comments explaining the safety of `unwrap()` usage in `partition-manager/macros/src/lib.rs`, since `CARGO_MANIFEST_DIR` is guaranteed to be set in this context and the code is not deployed. * Added `#[allow(clippy::indexing_slicing)]` and comments in `partition-manager/generation/src/lib.rs` to justify safe slicing and indexing in non-deployed code, preventing false-positive linter warnings.* Panics in not deployed code, can be ignored.
* It is experimental and has not external dependencies.
Updates repo to the latest de-panicked `embedded-usb-pd`: OpenDevicePartnership/embedded-usb-pd#60
Removed panic paths from the `buffer` module. Instead made methods fallible and introduced an `Error` type. Because certain traits are used with methods that assume infallibility (such as the drop and borrow traits), I couldn't just make these return a result. Instead, I added a `Poisoned` status so in the off chance that a `drop` or `borrow` call would have panicked originally, the buffer is marked poisoned and will return a `Poisoned` error on future accesses. This also breaks the interfaces of a few services. For these I added a `Buffer` error and made methods fallible if necessary. I'm not a fan of this since any buffer errors represent an internal programming bug to the service and not something the user should expect/handle, and this breaks encapsulation. I do not want to silently just ignore buffer errors, so I'm not sure what other alternative there is here (open to suggestions). *Edit*: Thinking about maybe renaming the `Buffer` error variant of these services to `Internal` or something. I'd prefer to make it more clear when an error represents an internal invariant being broken that is not something meant to be handled by the caller in any practical manner. It would act as a catchall since the specifics of what caused the error are implementation details that could change any time and not something the caller should be concerned with. Also introduced a `Never` type alias which is useful now that some functions represent never-ending tasks which should never return unless there is an error (see related discussion: OpenDevicePartnership#634 (comment)). Resolves OpenDevicePartnership#659
This pull request makes a minor change to the `Policy` implementation, updating the `power_capability` method to return an `Option<ProviderPowerCapability>` instead of unwrapping the result. This improves error handling by allowing callers to handle cases where the capability is unavailable.
* Add exceptions for test code and modules with limited dependencies
tullom
requested review from
gjpmsft,
madeleyneVaca,
philgweber,
seanbrns,
thdesil,
williampMSFT and
wmmc88
RobertZ2011
approved these changes
Jan 5, 2026
jerrysxie
approved these changes
Jan 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.