safety: only run rx hooks on whitelisted msgs

opendbc/safety/safety.h

@@ -211,10 +211,16 @@ bool safety_rx_hook(const CANPacket_t *to_push) {
   bool controls_allowed_prev = controls_allowed;
 
   bool valid = rx_msg_safety_check(to_push, &current_safety_config, current_hooks);
-  if (valid) {
+  bool whitelisted = get_addr_check_index(to_push, current_safety_config.rx_checks, current_safety_config.rx_checks_len) != -1;
+  if (valid && whitelisted) {
     current_hooks->rx(to_push);
   }
 
+  // the relay malfunction hook runs on all incoming rx messages
+  if (current_hooks->rx_relay_malfunction != NULL) {
+    current_hooks->rx_relay_malfunction(to_push);
+  }
+
   // reset mismatches on rising edge of controls_allowed to avoid rare race condition
   if (controls_allowed && !controls_allowed_prev) {
     heartbeat_engaged_mismatches = 0;
@@ -228,28 +234,28 @@ static bool tx_msg_safety_check(const CANPacket_t *to_send, const CanMsg msg_lis
   int bus = GET_BUS(to_send);
   int length = GET_LEN(to_send);
 
-  bool allowed = false;
+  bool whitelisted = false;
   for (int i = 0; i < len; i++) {
     if ((addr == msg_list[i].addr) && (bus == msg_list[i].bus) && (length == msg_list[i].len)) {
-      allowed = true;
+      whitelisted = true;
       break;
     }
   }
-  return allowed;
+  return whitelisted;
 }
 
 bool safety_tx_hook(CANPacket_t *to_send) {
-  bool allowed = tx_msg_safety_check(to_send, current_safety_config.tx_msgs, current_safety_config.tx_msgs_len);
+  bool whitelisted = tx_msg_safety_check(to_send, current_safety_config.tx_msgs, current_safety_config.tx_msgs_len);
   if ((current_safety_mode == SAFETY_ALLOUTPUT) || (current_safety_mode == SAFETY_ELM327)) {
-    allowed = true;
+    whitelisted = true;
   }
 
   bool safety_allowed = false;
-  if (allowed) {
+  if (whitelisted) {
     safety_allowed = current_hooks->tx(to_send);
   }
 
-  return !relay_malfunction && allowed && safety_allowed;
+  return !relay_malfunction && safety_allowed;
 }
 
 int safety_fwd_hook(int bus_num, int addr) {

opendbc/safety/safety/safety_chrysler.h

@@ -100,6 +100,11 @@ static void chrysler_rx_hook(const CANPacket_t *to_push) {
   if ((bus == 0) && (addr == chrysler_addrs->ESP_1)) {
     brake_pressed = ((GET_BYTE(to_push, 0U) & 0xFU) >> 2U) == 1U;
   }
+}
+
+static void chrysler_rx_relay_malfunction_hook(const CANPacket_t *to_push) {
+  const int bus = GET_BUS(to_push);
+  const int addr = GET_ADDR(to_push);
 
   generic_rx_checks((bus == 0) && (addr == chrysler_addrs->LKAS_COMMAND));
 }
@@ -296,6 +301,7 @@ static safety_config chrysler_init(uint16_t param) {
 const safety_hooks chrysler_hooks = {
   .init = chrysler_init,
   .rx = chrysler_rx_hook,
+  .rx_relay_malfunction = chrysler_rx_relay_malfunction_hook,
   .tx = chrysler_tx_hook,
   .fwd = chrysler_fwd_hook,
   .get_counter = chrysler_get_counter,

opendbc/safety/safety/safety_ford.h

@@ -185,6 +185,12 @@ static void ford_rx_hook(const CANPacket_t *to_push) {
       bool cruise_engaged = (cruise_state == 4U) || (cruise_state == 5U);
       pcm_cruise_check(cruise_engaged);
     }
+  }
+}
+
+static void ford_rx_relay_malfunction_hook(const CANPacket_t *to_push) {
+  if (GET_BUS(to_push) == FORD_MAIN_BUS) {
+    int addr = GET_ADDR(to_push);
 
     // If steering controls messages are received on the destination bus, it's an indication
     // that the relay might be malfunctioning.
@@ -194,7 +200,6 @@ static void ford_rx_hook(const CANPacket_t *to_push) {
     }
     generic_rx_checks(stock_ecu_detected);
   }
-
 }
 
 static bool ford_tx_hook(const CANPacket_t *to_send) {
@@ -425,6 +430,7 @@ static safety_config ford_init(uint16_t param) {
 const safety_hooks ford_hooks = {
   .init = ford_init,
   .rx = ford_rx_hook,
+  .rx_relay_malfunction = ford_rx_relay_malfunction_hook,
   .tx = ford_tx_hook,
   .fwd = ford_fwd_hook,
   .get_counter = ford_get_counter,

opendbc/safety/safety/safety_gm.h

@@ -84,6 +84,12 @@ static void gm_rx_hook(const CANPacket_t *to_push) {
     if (addr == 0xBD) {
       regen_braking = (GET_BYTE(to_push, 0) >> 4) != 0U;
     }
+  }
+}
+
+static void gm_rx_relay_malfunction_hook(const CANPacket_t *to_push) {
+  if (GET_BUS(to_push) == 0U) {
+    int addr = GET_ADDR(to_push);
 
     bool stock_ecu_detected = (addr == 0x180);  // ASCMLKASteeringCmd
 
@@ -254,6 +260,7 @@ static safety_config gm_init(uint16_t param) {
 const safety_hooks gm_hooks = {
   .init = gm_init,
   .rx = gm_rx_hook,
+  .rx_relay_malfunction = gm_rx_relay_malfunction_hook,
   .tx = gm_tx_hook,
   .fwd = gm_fwd_hook,
 };

opendbc/safety/safety/safety_honda.h

@@ -169,8 +169,15 @@ static void honda_rx_hook(const CANPacket_t *to_push) {
       }
     }
   }
+}
 
+static void honda_rx_relay_malfunction_hook(const CANPacket_t *to_push) {
   int bus_rdr_car = (honda_hw == HONDA_BOSCH) ? 0 : 2;  // radar bus, car side
+  int pt_bus = honda_get_pt_bus();
+
+  int addr = GET_ADDR(to_push);
+  int bus = GET_BUS(to_push);
+
   bool stock_ecu_detected = false;
 
   // If steering controls messages are received on the destination bus, it's an indication
@@ -187,7 +194,6 @@ static void honda_rx_hook(const CANPacket_t *to_push) {
   }
 
   generic_rx_checks(stock_ecu_detected);
-
 }
 
 static bool honda_tx_hook(const CANPacket_t *to_send) {
@@ -443,6 +449,7 @@ static int honda_bosch_fwd_hook(int bus_num, int addr) {
 const safety_hooks honda_nidec_hooks = {
   .init = honda_nidec_init,
   .rx = honda_rx_hook,
+  .rx_relay_malfunction = honda_rx_relay_malfunction_hook,
   .tx = honda_tx_hook,
   .fwd = honda_nidec_fwd_hook,
   .get_counter = honda_get_counter,
@@ -453,6 +460,7 @@ const safety_hooks honda_nidec_hooks = {
 const safety_hooks honda_bosch_hooks = {
   .init = honda_bosch_init,
   .rx = honda_rx_hook,
+  .rx_relay_malfunction = honda_rx_relay_malfunction_hook,
   .tx = honda_tx_hook,
   .fwd = honda_bosch_fwd_hook,
   .get_counter = honda_get_counter,

opendbc/safety/safety/safety_hyundai.h

@@ -176,7 +176,14 @@ static void hyundai_rx_hook(const CANPacket_t *to_push) {
     if (addr == 0x394) {
       brake_pressed = ((GET_BYTE(to_push, 5) >> 5U) & 0x3U) == 0x2U;
     }
+  }
+}
+
+static void hyundai_rx_relay_malfunction_hook(const CANPacket_t *to_push) {
+  int bus = GET_BUS(to_push);
+  int addr = GET_ADDR(to_push);
 
+  if (bus == 0) {
     bool stock_ecu_detected = (addr == 0x340);
 
     // If openpilot is controlling longitudinal we need to ensure the radar is turned off
@@ -351,6 +358,7 @@ static safety_config hyundai_legacy_init(uint16_t param) {
 const safety_hooks hyundai_hooks = {
   .init = hyundai_init,
   .rx = hyundai_rx_hook,
+  .rx_relay_malfunction = hyundai_rx_relay_malfunction_hook,
   .tx = hyundai_tx_hook,
   .fwd = hyundai_fwd_hook,
   .get_counter = hyundai_get_counter,
@@ -361,6 +369,7 @@ const safety_hooks hyundai_hooks = {
 const safety_hooks hyundai_legacy_hooks = {
   .init = hyundai_legacy_init,
   .rx = hyundai_rx_hook,
+  .rx_relay_malfunction = hyundai_rx_relay_malfunction_hook,
   .tx = hyundai_tx_hook,
   .fwd = hyundai_fwd_hook,
   .get_counter = hyundai_get_counter,

opendbc/safety/safety/safety_hyundai_canfd.h

@@ -129,8 +129,15 @@ static void hyundai_canfd_rx_hook(const CANPacket_t *to_push) {
       hyundai_common_cruise_state_check(cruise_engaged);
     }
   }
+}
+
+static void hyundai_canfd_rx_relay_malfunction_hook(const CANPacket_t *to_push) {
+  int bus = GET_BUS(to_push);
+  int addr = GET_ADDR(to_push);
 
+  const int pt_bus = hyundai_canfd_lka_steering ? 1 : 0;
   const int steer_addr = hyundai_canfd_lka_steering ? hyundai_canfd_get_lka_addr() : 0x12a;
+
   bool stock_ecu_detected = (addr == steer_addr) && (bus == 0);
   if (hyundai_longitudinal) {
     // on LKA steering cars, ensure ADRV ECU is still knocked out
@@ -357,6 +364,7 @@ static safety_config hyundai_canfd_init(uint16_t param) {
 const safety_hooks hyundai_canfd_hooks = {
   .init = hyundai_canfd_init,
   .rx = hyundai_canfd_rx_hook,
+  .rx_relay_malfunction = hyundai_canfd_rx_relay_malfunction_hook,
   .tx = hyundai_canfd_tx_hook,
   .fwd = hyundai_canfd_fwd_hook,
   .get_counter = hyundai_canfd_get_counter,

opendbc/safety/safety/safety_mazda.h

@@ -45,7 +45,12 @@ static void mazda_rx_hook(const CANPacket_t *to_push) {
     if (addr == MAZDA_PEDALS) {
       brake_pressed = (GET_BYTE(to_push, 0) & 0x10U);
     }
+  }
+}
 
+static void mazda_rx_relay_malfunction_hook(const CANPacket_t *to_push) {
+  if ((int)GET_BUS(to_push) == MAZDA_MAIN) {
+    int addr = GET_ADDR(to_push);
     generic_rx_checks((addr == MAZDA_LKAS));
   }
 }
@@ -126,6 +131,7 @@ static safety_config mazda_init(uint16_t param) {
 const safety_hooks mazda_hooks = {
   .init = mazda_init,
   .rx = mazda_rx_hook,
+  .rx_relay_malfunction = mazda_rx_relay_malfunction_hook,
   .tx = mazda_tx_hook,
   .fwd = mazda_fwd_hook,
 };

opendbc/safety/safety/safety_nissan.h

@@ -56,6 +56,12 @@ static void nissan_rx_hook(const CANPacket_t *to_push) {
   generic_rx_checks((addr == 0x169) && (bus == 0));
 }
 
+static void nissan_rx_relay_malfunction_hook(const CANPacket_t *to_push) {
+  int bus = GET_BUS(to_push);
+  int addr = GET_ADDR(to_push);
+
+  generic_rx_checks((addr == 0x169) && (bus == 0));
+}
 
 static bool nissan_tx_hook(const CANPacket_t *to_send) {
   const AngleSteeringLimits NISSAN_STEERING_LIMITS = {
@@ -159,6 +165,7 @@ static safety_config nissan_init(uint16_t param) {
 const safety_hooks nissan_hooks = {
   .init = nissan_init,
   .rx = nissan_rx_hook,
+  .rx_relay_malfunction = nissan_rx_relay_malfunction_hook,
   .tx = nissan_tx_hook,
   .fwd = nissan_fwd_hook,
 };

opendbc/safety/safety/safety_rivian.h

@@ -29,11 +29,6 @@ static void rivian_rx_hook(const CANPacket_t *to_push) {
     if (addr == 0x38f) {
       brake_pressed = GET_BIT(to_push, 23U);
     }
-
-    generic_rx_checks(addr == 0x120);  // ACM_lkaHbaCmd
-    if (rivian_longitudinal) {
-      generic_rx_checks(addr == 0x160);  // ACM_longitudinalRequest
-    }
   }
 
   if (bus == 2) {
@@ -45,6 +40,19 @@ static void rivian_rx_hook(const CANPacket_t *to_push) {
   }
 }
 
+static void rivian_rx_relay_malfunction_hook(const CANPacket_t *to_push) {
+  int bus = GET_BUS(to_push);
+
+  if (bus == 0)  {
+    int addr = GET_ADDR(to_push);
+
+    generic_rx_checks(addr == 0x120);  // ACM_lkaHbaCmd
+    if (rivian_longitudinal) {
+      generic_rx_checks(addr == 0x160);  // ACM_longitudinalRequest
+    }
+  }
+}
+
 static bool rivian_tx_hook(const CANPacket_t *to_send) {
   const TorqueSteeringLimits RIVIAN_STEERING_LIMITS = {
     .max_steer = 250,
@@ -156,6 +164,7 @@ static safety_config rivian_init(uint16_t param) {
 const safety_hooks rivian_hooks = {
   .init = rivian_init,
   .rx = rivian_rx_hook,
+  .rx_relay_malfunction = rivian_rx_relay_malfunction_hook,
   .tx = rivian_tx_hook,
   .fwd = rivian_fwd_hook,
 };

opendbc/safety/safety/safety_subaru.h

@@ -131,6 +131,11 @@ static void subaru_rx_hook(const CANPacket_t *to_push) {
   if ((addr == MSG_SUBARU_Throttle) && (bus == SUBARU_MAIN_BUS)) {
     gas_pressed = GET_BYTE(to_push, 4) != 0U;
   }
+}
+
+static void subaru_rx_relay_malfunction_hook(const CANPacket_t *to_push) {
+  const int bus = GET_BUS(to_push);
+  int addr = GET_ADDR(to_push);
 
   generic_rx_checks((addr == MSG_SUBARU_ES_LKAS) && (bus == SUBARU_MAIN_BUS));
 }
@@ -285,6 +290,7 @@ static safety_config subaru_init(uint16_t param) {
 const safety_hooks subaru_hooks = {
   .init = subaru_init,
   .rx = subaru_rx_hook,
+  .rx_relay_malfunction = subaru_rx_relay_malfunction_hook,
   .tx = subaru_tx_hook,
   .fwd = subaru_fwd_hook,
   .get_counter = subaru_get_counter,

opendbc/safety/safety/safety_tesla.h

@@ -54,6 +54,11 @@ static void tesla_rx_hook(const CANPacket_t *to_push) {
       tesla_stock_aeb = (GET_BYTE(to_push, 2) & 0x03U) == 1U;
     }
   }
+}
+
+static void tesla_rx_relay_malfunction_hook(const CANPacket_t *to_push) {
+  int bus = GET_BUS(to_push);
+  int addr = GET_ADDR(to_push);
 
   generic_rx_checks((addr == 0x488) && (bus == 0));  // DAS_steeringControl
   generic_rx_checks((addr == 0x27d) && (bus == 0));  // APS_eacMonitor
@@ -63,7 +68,6 @@ static void tesla_rx_hook(const CANPacket_t *to_push) {
   }
 }
 
-
 static bool tesla_tx_hook(const CANPacket_t *to_send) {
   const AngleSteeringLimits TESLA_STEERING_LIMITS = {
     .max_angle = 3600,  // 360 deg, EPAS faults above this
@@ -209,6 +213,7 @@ static safety_config tesla_init(uint16_t param) {
 const safety_hooks tesla_hooks = {
   .init = tesla_init,
   .rx = tesla_rx_hook,
+  .rx_relay_malfunction = tesla_rx_relay_malfunction_hook,
   .tx = tesla_tx_hook,
   .fwd = tesla_fwd_hook,
 };

opendbc/safety/safety/safety_toyota.h

@@ -136,6 +136,12 @@ static void toyota_rx_hook(const CANPacket_t *to_push) {
 
       UPDATE_VEHICLE_SPEED(speed / 4.0 * 0.01 / 3.6);
     }
+  }
+}
+
+static void toyota_rx_relay_malfunction_hook(const CANPacket_t *to_push) {
+  if (GET_BUS(to_push) == 0U) {
+    int addr = GET_ADDR(to_push);
 
     bool stock_ecu_detected = addr == 0x2E4;  // STEERING_LKA
     if (!toyota_stock_longitudinal && (addr == 0x343)) {
@@ -406,6 +412,7 @@ static int toyota_fwd_hook(int bus_num, int addr) {
 const safety_hooks toyota_hooks = {
   .init = toyota_init,
   .rx = toyota_rx_hook,
+  .rx_relay_malfunction = toyota_rx_relay_malfunction_hook,
   .tx = toyota_tx_hook,
   .fwd = toyota_fwd_hook,
   .get_checksum = toyota_get_checksum,

opendbc/safety/safety/safety_volkswagen_mqb.h

@@ -121,7 +121,12 @@ static void volkswagen_mqb_rx_hook(const CANPacket_t *to_push) {
     }
 
     brake_pressed = volkswagen_mqb_brake_pedal_switch || volkswagen_mqb_brake_pressure_detected;
+  }
+}
 
+static void volkswagen_mqb_rx_relay_malfunction_hook(const CANPacket_t *to_push) {
+  if (GET_BUS(to_push) == 0U) {
+    int addr = GET_ADDR(to_push);
     generic_rx_checks((addr == MSG_HCA_01));
   }
 }
@@ -240,6 +245,7 @@ static int volkswagen_mqb_fwd_hook(int bus_num, int addr) {
 const safety_hooks volkswagen_mqb_hooks = {
   .init = volkswagen_mqb_init,
   .rx = volkswagen_mqb_rx_hook,
+  .rx_relay_malfunction = volkswagen_mqb_rx_relay_malfunction_hook,
   .tx = volkswagen_mqb_tx_hook,
   .fwd = volkswagen_mqb_fwd_hook,
   .get_counter = volkswagen_mqb_meb_get_counter,