Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1218830pxb; Tue, 1 Feb 2022 22:53:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJyaaZSzuFXR6/yW205UzVFjMQXVBvBnHpvqLw7Ebh926CFCpZ8zTEVhlLwjqxxWkkkCy1Ee X-Received: by 2002:a63:80c8:: with SMTP id j191mr15928892pgd.8.1643784833564; Tue, 01 Feb 2022 22:53:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643784833; cv=none; d=google.com; s=arc-20160816; b=ED3/+ssp/CsMxeRhXnYyovWwwcAFvdyuyxAqZDwZogQYsX0obKDfbUXX57iGnkA6K/ 9Z2ll9ZFT28YBlMJJdSt8N5UoS2ZARHsUL70s+XVv48DlJQbqrNGkGqbpm7fuIfA7sdF 8awJ5tkQdpGfPl3Th6ZXwqp5ihjKezKIIt8HJzE0KuZKHZrfyWrOO79hmQNlTkcoWMRG wIgfB4ak9n7uhj55uwa15Ru98c80OoVfo0bKKTyAekc5/2Tk8GEs98/BmGXoQWKdCoaL gF+hhwjTEJOipv11atzvjAUqgD6qssAmuKpq3atplsbjC46jK9ni492V9NT/cxyi41f4 VA5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=1Gj++A7LVVAfVGUwd9C4FOW/5EytcOzPjnZ4r36q0YA=; b=z7Mw2nzskDKbDtpoIwEF3gHQ7n82BbP7lynP4Yyv0WPA/m3ngsEG/cb3Z4hmw3bUJK fdbKfy5vF5lYKl/zqQf506RWRikvou8tXXXKMT2CY0yyQJg+4nLzayW0mKKUI5xarjIz wQZ1D6xk8LxamV9tfnqRSbAUAq9qQgpsmP2IJedRdg7SSqe2MqkTRk8gwGQSlRCR9FCr nU5axLVgnxMMav63jVImxsdKvEV4gEF5bNXCn+atIksZeu5BCHtp/tTCSrfQ1zdyr3Ac zOpFUOJEre7Cu1ykSKLC7AV1zXxNTxGU5mQ++BXu7c7z8eThjeMG9Cpy2Q4y32fchzS0 oGjQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q73si3935151pjq.184.2022.02.01.22.53.42; Tue, 01 Feb 2022 22:53:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238984AbiBAN6f (ORCPT + 99 others); Tue, 1 Feb 2022 08:58:35 -0500 Received: from foss.arm.com ([217.140.110.172]:42024 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238944AbiBAN6f (ORCPT ); Tue, 1 Feb 2022 08:58:35 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id AD367113E; Tue, 1 Feb 2022 05:58:34 -0800 (PST) Received: from FVFF77S0Q05N (unknown [10.57.8.51]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 074A53F73B; Tue, 1 Feb 2022 05:58:32 -0800 (PST) Date: Tue, 1 Feb 2022 13:58:29 +0000 From: Mark Rutland To: Krzysztof Adamski Cc: Catalin Marinas , Will Deacon , Peter Collingbourne , Guenter Roeck , Wolfram Sang , Alexander Sverdlin , Matija Glavinic-Pecotic , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] arm64: move efi_reboot to restart handler Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 28, 2022 at 11:05:32PM +0100, Krzysztof Adamski wrote: > Hi Mark, > > Thank you for your feedback. I don't know UEFI specification that much, > it is quite complicated so maybe I am misunderstnading something. Let's > clarify. > > Dnia Fri, Jan 28, 2022 at 04:01:41PM +0000, Mark Rutland napisaƂ(a): > > On Fri, Jan 28, 2022 at 02:50:26PM +0100, Krzysztof Adamski wrote: > > > On EFI enabled arm64 systems, efi_reboot was called before > > > do_kernel_restart, completely omitting the reset_handlers functionality. > > > > As I pointed out before, per the EFI spec we *need* to do this before any other > > restart mechanism so that anything which EFI ties to the restart actually > > occurs as expected -- e.g. UpdateCapsule(), as the comment says. > > AFAICT, either: > > > > * The other restart handlers have lower priority, in which case they'll be > > called after this anyway, and in such cases this patch is not necessary. > > But efi_reboot calls ResetSystem(), which according to the spec: > "Resets all processors and devices and reboots the system." > > So nothing should be able to run *after* this call. Thus, none of the > reset handlers will ever run on a system where efi_reboot() is used > (with current, unmodified kernel code) so this case is invalid. Yes; that was the point I was making: *in this case* it doesn't matter at all, and therefore *in this case* the existing code is fine. > > * At least one other restart handler has higher priority, and the EFI restart > > isn't actually used, and so any functionaltiy tied to the EFI restart will > > not work on that machine. > > If we use the restart handlers only to reset the system, this is indeed > true. But technically, restart handlers support the scenario where the > handler does some action that does not do reset of the whole system and > passes the control further down the chain, eventually reaching a handler > that will reset the whole system. > This can be done on non-uefi systems without problems but it doesn't > work on UEFI bases arm64 systems and this is a problem for us. > > In other words, I would like to be able to run a restart handler on EFI > based ARM64 systems, just like I can on other systems, just for its > "side effects", not to do the actual reboot. Current code disables this > possibility on an ARM64 EFI system. It sounds like two things are being conflated here: 1) A *notification* that a restart will subsequently occur. 2) A *request* to initiate a restart. IIUC (1) is supposed to be handled by the existing reboot notifier mechanism (see the reboot_notifier_list) which *is* invoked prior to the EFI reboot today. IMO, using restart handlers as notifiers is an abuse of the interface, and that's the fundamental problem. What am I missing? > > > By registering efi_reboot as part of the chain with slightly elevated > > > priority, we make it run before the default handler but still allow > > > plugging in other handlers. > > > Thanks to that, things like gpio_restart, restart handlers in > > > watchdog_core, mmc or mtds are working on those platforms. > > > > On which platforms is it necessary that these are used in preference to the EFI > > restart? Can you please give a specific example? > > > If there's a specific platform that needs this, then we should call that out > > and explain why the EFI restart isn't actually required on that (or if it is, > > and functionality is broken, why that's acceptable). > > Again, I'm not saying EFI restart is not required. I would just like to > have the flexibility I have on other architectures, and run some code > just before restart. My understanding is that pwrseq_emmc.c driver does > exactly that, for example, but there are also other possibilities: > - using gpio-restart to notify external components about reset of the > CPU > - starting an external watchdog that makes sure we are not stuck in the > reset procedure, etc. As above, IIUC those notification cases are supposed to be handled with reboot notifiers, which are already supported in generic code across all architectures, and should run before the EFI restart. If there's a case where they're not, that's either an oversight or an edge case that needs more consideration. > > Otherwise this patch is making this logic more complicated *and* making it > > possible to have problems which we avoid by construction today, without any > > actual benefit. > > The benefit for me is this added flexibility and unification between > architectures. On other systems, like ARM32 or non-EFI ARM64 I can > insert a custom reset handler to do some actions just before restart and > on EFI based ARM64, I can't. > > You could argue that restart handlers were not created for that but they > suit this purpose ideally and it wouldn't make much sense (in my > opinion) to add yet another notifier chain that would run before reset > notifiers, for code that is not supposed to reset the whole system and > this is exacly what I would have to do if efi_reboot() is forced to be > called before all handlers. As above, I think that's just using the wrong interface, and the reboot notifier mechanism *already* exists, so I'm really confused here. Have I misunderstood what you're trying to achieve? Is there some problem with the reboot notifier mechanism that I am unaware of? e.g. do we bypass them in some case where you think they're needed? Are you simply unaware of reboot notifiers? Thanks, Mark.