Received: by 2002:a05:6358:f14:b0:e5:3b68:ec04 with SMTP id b20csp1772963rwj; Sun, 18 Dec 2022 15:24:22 -0800 (PST) X-Google-Smtp-Source: AA0mqf6jpHnlVMhmQ4ar5wP2mzSYiW2LfHUxV7E8PYyK35g4rSUeduK9Lsm198DniT6F5m1tAofh X-Received: by 2002:a05:6a20:429a:b0:af:89c2:ad01 with SMTP id o26-20020a056a20429a00b000af89c2ad01mr21981341pzj.40.1671405862174; Sun, 18 Dec 2022 15:24:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671405862; cv=none; d=google.com; s=arc-20160816; b=RSRhn6Ak+ai502h3eAX80SkYwOrWVzEx1eZxmQypKegOIPWj/SDjDaPwZd3fLW3p1o DZ3ETlLyWgXKHl1IwRkA6tAFnuZQoU/O9QYML9+Nq3DUYNAjXLxLU+kcLeNofuXCyR/O zibilMv9GCt8l48l+CUxcp4rO8yF2k4Nzt5UGuiI4sDmzkZ3lAwUWzjmc4PLf1u9jvtT 4ZojK8/1T8j1/7seVZPo2ZaPmbAf+19HeLxravL04JtAxkkEMNFrVU7OxlN0cCr3WnNf IsVbFOAkLSszV6cnSlMZEqaZlTu16fGKKYzmHLub3QT/Xy1boNAMBxJyKJp6sUHYF+7o VqEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:dkim-signature:dkim-signature; bh=zBrDkYqFp6p27/TglK5V7Cygf9kzupTGxvWxDhgrlxk=; b=nZxHOuRQUf8iwBpdUZaa3A58vQUphWnRPnxx99alJrih/1zgVm3Q+OjlE1c8hd2sTI gGpbAfAmG7Uso8zbJCVjt1XL63ctO6z2TDQljhbMOYNi56dovwI06mp4ruUoQ4t3ja7c fT6zz0pLrMoMGKAhuIPpQvojlr/1F3rU/UC71OwVqSFPY4DFssKA1Mn4g01klAh9LR0A 4SWVF1S2ESSyxM9Mbh0aDdvuQwYfgR59/UPnSaOGDb5ldidfHnPBbOSPoyDYN1XzB9x+ WbR5QOknxt1wM1DGWtnVBjxN7qBkG8QAQCkr9w5L2Bf8iLXTFjnjWeqpKXGe8cuh684h RpbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=xKYCOfNC; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=fOCHHfEU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q126-20020a634384000000b004792abd9a5bsi9194580pga.181.2022.12.18.15.24.03; Sun, 18 Dec 2022 15:24:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=xKYCOfNC; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=fOCHHfEU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230283AbiLRXCS (ORCPT + 70 others); Sun, 18 Dec 2022 18:02:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48270 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229537AbiLRXCQ (ORCPT ); Sun, 18 Dec 2022 18:02:16 -0500 Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A907B7FC; Sun, 18 Dec 2022 15:02:13 -0800 (PST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 6E12122A65; Sun, 18 Dec 2022 23:02:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1671404531; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zBrDkYqFp6p27/TglK5V7Cygf9kzupTGxvWxDhgrlxk=; b=xKYCOfNCgoqg4fduOoJAiTsBkEtryAUAl8tbuof5Q3hQLrOPvCZ6y3H6t433FsQalEZbc1 Du7Gp5Jr4oIsGuj9q/BUTnlen27xJ6uV8mb3N7XSm2U5RbNFyiO5dSsiKD3Xbq/3o6cDNu VLM7FHma0VvXKZHqxVIwmfiVetRdraY= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1671404531; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zBrDkYqFp6p27/TglK5V7Cygf9kzupTGxvWxDhgrlxk=; b=fOCHHfEUmsjznApZj/9WpKi2q8cpd+F+hswSHNEH8mTu8sbW1zFon/Y4MKuU7PhcadpyrF 5NfalOICgteanqAA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 294D1138FD; Sun, 18 Dec 2022 23:02:11 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id fxxNCPObn2MFPQAAMHmgww (envelope-from ); Sun, 18 Dec 2022 23:02:11 +0000 Date: Mon, 19 Dec 2022 00:02:09 +0100 From: Jean Delvare To: Hector Martin Cc: Alex Henrie , Heiner Kallweit , Wolfram Sang , linux-i2c@vger.kernel.org, linux-kernel@vger.kernel.org, David Oberhollenzer , Ettore Chimenti Subject: Re: [PATCH v3] i2c: i801: Safely share SMBus with BIOS/ACPI Message-ID: <20221219000209.1b8fb6f5@endymion.delvare> In-Reply-To: <10a724cf-fa2b-a0fb-6737-b456238d0385@marcan.st> References: <20210626054113.246309-1-marcan@marcan.st> <20221215152641.39164ca3@endymion.delvare> <10a724cf-fa2b-a0fb-6737-b456238d0385@marcan.st> Organization: SUSE Linux X-Mailer: Claws Mail 3.18.0 (GTK+ 2.24.32; x86_64-suse-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 17 Dec 2022 22:28:25 +0900, Hector Martin wrote: > On 15/12/2022 23.26, Jean Delvare wrote: > > Question: why do you check that the first action of ACPI AML is to > > acquire the hardware lock *only* if that action was attempted while the > > Linux side was performing a transfer? That event is quite unlikely to > > happen. Can't we perform that test unconditionally the very first time > > i801_acpi_io_handler() is called? Unless the i2c-i801 driver gets> initialized in the middle of an ACPI-side SMBus transfer [...] > > I wonder if there's some way to close this race? This doesn't sound all > that unlikely (consider: ACPI backlight is also a module, device init > happens in parallel, so we could well end up probing i2c-i801 in the > middle of an ACPI SMBus transfer more often than you'd expect at boot time). > > How about this: instead of checking for the lock access on the *first* > call to i801_acpi_io_handler, we add an acpi_must_lock flag. This is > initially false, but it is set on completion of every Linux-side i2c > transfer, and cleared once we see ACPI take the lock properly. The ACPI > handler then checks it and expects a lock access if it is true. > > So as soon as Linux does an i2c transfer, we expect ACPI to be taking > the lock next time it touches the hardware, and we know to bail on the > Linux side in the future if it does not. > > * If the i2c driver probes in the middle of a well-behaved ACPI SMBus > transfer, nothing bad happens, since if we try to do a Linux-side > transfer it will block on the lock until ACPI is done. Further ACPI > SMBus transfers after a Linux transfer will pass the locking check. > * If the driver probes in the middle of a misbehaved ACPI transfer but > is otherwise idle, nothing happens until the first Linux transfer, then > the next ACPI access after that will have us bail and disable driver access. > * If we probe *and* try to make a transfer all in the middle of a > misbehaved ACPI transfer, then we are going to step on its toes and > break it, but at least we will notice as soon as the Linux side is done > (or possibly failed due to the collision) and ACPI tries to touch the > controller again, so we will get out of its way in the future and > there's at least a chance it will recover for future accesses. I see what you want to do and I think it should work. > Further closing that last edge case to avoid ever conflicting with > broken ACPI implementations would require some sort of mechanism to know > whether ACPI AML started running an i2c transfer method before the > i2c-i801 driver loaded, which might be too intrusive a change to be wrth > it for such a corner case. Though maybe there's an easy way? If there's > something like a global AML lock we could just have the probe sequence be: > > 1. Register the ACPI IO handler > 2. Take the AML lock > 3. Set acpi_must_lock = true > 4. Release the AML lock > 5. Finally register the i2c controller > > That makes sure we serialize on any ongoing ACPI shenanigans at probe > time and allows us to truly check that the first access from ACPI after > that is a lock, before Linux has a chance to do anything itself. But I > don't know off the top of my head whether there is such a lock. I don't think there is, but that would be a question for the ACPI list. Anyway, for it to be useful, it would have a to be a high-level lock (taken before starting an ACPI-side SMBus transfer, released after the ACPI-side SMBus transfer has been fully processes). If it is taken for every I/O, or even if it isn't held while waiting for the transfer to complete, it won't solve the problem. And I suspect that if such a high-level lock existed, we would have been using it in the first place to guarantee exclusive access to the SMBus controller. The most important thing is to get exclusive access to work properly for well-behaved ACPI implementations. I know that the Linux driver hasn't been a good citizen with the hardware lock until you partially fixed that 1.5 year ago, but I hope that other operating systems did that earlier, which would have encouraged well-behaved ACPI implementations. So hopefully misbehaving ACPI implementations aren't many on recent systems. -- Jean Delvare SUSE L3 Support