[v2,2/2] firmware: exynos-acpm: allow use during system shutdown

Commit Message

André Draszik March 24, 2025, 3:34 p.m. UTC

We need to access the PMIC during late system shutdown and at that time
we are not allowed to sleep anymore.

To make this case work, detect this condition and use busy waiting via
udelay() instead of usleep_range() in that situation.

The code isn't switched over to udelay() unconditionally so as to not
waste resources during normal operation. acpm_may_sleep() was heavily
inspired by the I2C subsystem's i2c_in_atomic_xfer_mode().

Reviewed-by: Tudor Ambarus <tudor.ambarus@linaro.org>
Signed-off-by: André Draszik <andre.draszik@linaro.org>
---
udelay(10) causes a checkpatch warning (it suggests to use
usleep_range() instead for usec >= 10), but that's exactly what we can
not do.
Reducing the udelay to be smaller will generally cause the loop to be
iterated more than once, which I wanted to avoid.
I could reflow the code to hide the actual value from checkpatch, e.g.
with the help of a local variable if that is preferred to ignoring the
checkpatch warning.
---
 drivers/firmware/samsung/exynos-acpm.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

Comments

Krzysztof Kozlowski March 25, 2025, 7:57 a.m. UTC | #1

On 24/03/2025 16:34, André Draszik wrote:
> +static bool acpm_may_sleep(void)
> +{
> +	return system_state <= SYSTEM_RUNNING ||
> +		(IS_ENABLED(CONFIG_PREEMPT_COUNT) ? preemptible() : !irqs_disabled());
> +}
> +
>  /**
>   * acpm_dequeue_by_polling() - RX dequeue by polling.
>   * @achan:	ACPM channel info.
> @@ -300,7 +314,10 @@ static int acpm_dequeue_by_polling(struct acpm_chan *achan,
>  			return 0;
>  
>  		/* Determined experimentally. */
> -		usleep_range(20, 30);
> +		if (!acpm_may_sleep())
> +			udelay(10);
> +		else

... and what do you do if IRQs get disabled exactly in this moment? This
is just racy. You cannot check for a condition and assume it will be
valid for whatever time you want it to be valid.

What happens if system_state is changed to shutdown in this particular
moment? How did you prevent this from happening?

> +			usleep_range(20, 30);
>  	} while (ktime_before(ktime_get(), timeout));
>  
>  	dev_err(dev, "Timeout! ch:%u s:%u bitmap:%lx.\n",
> 


Best regards,
Krzysztof

André Draszik March 25, 2025, 8:01 a.m. UTC | #2

Hi Krzysztof,

On Tue, 2025-03-25 at 08:57 +0100, Krzysztof Kozlowski wrote:
> On 24/03/2025 16:34, André Draszik wrote:
> > +static bool acpm_may_sleep(void)
> > +{
> > +	return system_state <= SYSTEM_RUNNING ||
> > +		(IS_ENABLED(CONFIG_PREEMPT_COUNT) ? preemptible() : !irqs_disabled());
> > +}
> > +
> >  /**
> >   * acpm_dequeue_by_polling() - RX dequeue by polling.
> >   * @achan:	ACPM channel info.
> > @@ -300,7 +314,10 @@ static int acpm_dequeue_by_polling(struct acpm_chan *achan,
> >  			return 0;
> >  
> >  		/* Determined experimentally. */
> > -		usleep_range(20, 30);
> > +		if (!acpm_may_sleep())
> > +			udelay(10);
> > +		else
> 
> ... and what do you do if IRQs get disabled exactly in this moment? This
> is just racy. You cannot check for a condition and assume it will be
> valid for whatever time you want it to be valid.
> 
> What happens if system_state is changed to shutdown in this particular
> moment? How did you prevent this from happening?

Yes, and that's also what the I2C subsystem is doing, AFAICS, see
i2c_in_atomic_xfer_mode() and its use. This is to make a very
specific corner case work, similar to I2C which has to deal with
the same issue during shutdown.

Would you have a better suggestion?


Cheers,
Andre'

Krzysztof Kozlowski March 25, 2025, 8:07 a.m. UTC | #3

On 25/03/2025 09:01, André Draszik wrote:
> Hi Krzysztof,
> 
> On Tue, 2025-03-25 at 08:57 +0100, Krzysztof Kozlowski wrote:
>> On 24/03/2025 16:34, André Draszik wrote:
>>> +static bool acpm_may_sleep(void)
>>> +{
>>> +	return system_state <= SYSTEM_RUNNING ||
>>> +		(IS_ENABLED(CONFIG_PREEMPT_COUNT) ? preemptible() : !irqs_disabled());
>>> +}
>>> +
>>>  /**
>>>   * acpm_dequeue_by_polling() - RX dequeue by polling.
>>>   * @achan:	ACPM channel info.
>>> @@ -300,7 +314,10 @@ static int acpm_dequeue_by_polling(struct acpm_chan *achan,
>>>  			return 0;
>>>  
>>>  		/* Determined experimentally. */
>>> -		usleep_range(20, 30);
>>> +		if (!acpm_may_sleep())
>>> +			udelay(10);
>>> +		else
>>
>> ... and what do you do if IRQs get disabled exactly in this moment? This
>> is just racy. You cannot check for a condition and assume it will be
>> valid for whatever time you want it to be valid.
>>
>> What happens if system_state is changed to shutdown in this particular
>> moment? How did you prevent this from happening?
> 
> Yes, and that's also what the I2C subsystem is doing, AFAICS, see
> i2c_in_atomic_xfer_mode() and its use. This is to make a very
> specific corner case work, similar to I2C which has to deal with
> the same issue during shutdown.

But they don't have a choice so they try to do the best to avoid
sleeping. And it is a subsystem, not a driver, which means their
patterns are sometimes special. Drivers should not replicate subsystem
workarounds.

> 
> Would you have a better suggestion?

Yes, you have a choice, you can always use udelay. Driver code is
supposed to be always correct.

Best regards,
Krzysztof

Tudor Ambarus March 26, 2025, 7:24 a.m. UTC | #4

On 3/25/25 8:07 AM, Krzysztof Kozlowski wrote:
> On 25/03/2025 09:01, André Draszik wrote:
>> Hi Krzysztof,
>>
>> On Tue, 2025-03-25 at 08:57 +0100, Krzysztof Kozlowski wrote:
>>> On 24/03/2025 16:34, André Draszik wrote:
>>>> +static bool acpm_may_sleep(void)
>>>> +{
>>>> +	return system_state <= SYSTEM_RUNNING ||
>>>> +		(IS_ENABLED(CONFIG_PREEMPT_COUNT) ? preemptible() : !irqs_disabled());
>>>> +}
>>>> +
>>>>  /**
>>>>   * acpm_dequeue_by_polling() - RX dequeue by polling.
>>>>   * @achan:	ACPM channel info.
>>>> @@ -300,7 +314,10 @@ static int acpm_dequeue_by_polling(struct acpm_chan *achan,
>>>>  			return 0;
>>>>  
>>>>  		/* Determined experimentally. */
>>>> -		usleep_range(20, 30);
>>>> +		if (!acpm_may_sleep())
>>>> +			udelay(10);
>>>> +		else
>>>
>>> ... and what do you do if IRQs get disabled exactly in this moment? This
>>> is just racy. You cannot check for a condition and assume it will be
>>> valid for whatever time you want it to be valid.
>>>
>>> What happens if system_state is changed to shutdown in this particular
>>> moment? How did you prevent this from happening?
>>
>> Yes, and that's also what the I2C subsystem is doing, AFAICS, see
>> i2c_in_atomic_xfer_mode() and its use. This is to make a very
>> specific corner case work, similar to I2C which has to deal with
>> the same issue during shutdown.
> 
> But they don't have a choice so they try to do the best to avoid
> sleeping. And it is a subsystem, not a driver, which means their
> patterns are sometimes special. Drivers should not replicate subsystem
> workarounds.
> 
>>
>> Would you have a better suggestion?
> 
> Yes, you have a choice, you can always use udelay. Driver code is
> supposed to be always correct.

Using udelay() is good enough for now. I see that downstream uses a
usleep_range(50, 100) and I'm concerned that we're going to waste lots
of cpu cyles once more and more clients get added.

If there's no concurrency on the ACPM queue mutexes at late system
shutdown, would it work to pass the don't sleep requirement from the
client to ACPM and use udelay only then?

Cheers,
ta

Krzysztof Kozlowski March 26, 2025, 7:36 a.m. UTC | #5

On 26/03/2025 08:24, Tudor Ambarus wrote:
>>>>
>>>> What happens if system_state is changed to shutdown in this particular
>>>> moment? How did you prevent this from happening?
>>>
>>> Yes, and that's also what the I2C subsystem is doing, AFAICS, see
>>> i2c_in_atomic_xfer_mode() and its use. This is to make a very
>>> specific corner case work, similar to I2C which has to deal with
>>> the same issue during shutdown.
>>
>> But they don't have a choice so they try to do the best to avoid
>> sleeping. And it is a subsystem, not a driver, which means their
>> patterns are sometimes special. Drivers should not replicate subsystem
>> workarounds.
>>
>>>
>>> Would you have a better suggestion?
>>
>> Yes, you have a choice, you can always use udelay. Driver code is
>> supposed to be always correct.
> 
> Using udelay() is good enough for now. I see that downstream uses a
> usleep_range(50, 100) and I'm concerned that we're going to waste lots
> of cpu cyles once more and more clients get added.


If this is going to be the case, then we can revisit it with some
numbers. Especially if this ACPM turns out to be a bus driver.

> 
> If there's no concurrency on the ACPM queue mutexes at late system
> shutdown, would it work to pass the don't sleep requirement from the
> client to ACPM and use udelay only then?


You mean the client will choose what sort of delay it expects (sleeping
or not)? That would work, but can you actually control it from the
client side?


Best regards,
Krzysztof

André Draszik March 26, 2025, 9:15 a.m. UTC | #6

On Wed, 2025-03-26 at 08:36 +0100, Krzysztof Kozlowski wrote:
> On 26/03/2025 08:24, Tudor Ambarus wrote:
> > > > > 
> > > > > What happens if system_state is changed to shutdown in this particular
> > > > > moment? How did you prevent this from happening?
> > > > 
> > > > Yes, and that's also what the I2C subsystem is doing, AFAICS, see
> > > > i2c_in_atomic_xfer_mode() and its use. This is to make a very
> > > > specific corner case work, similar to I2C which has to deal with
> > > > the same issue during shutdown.
> > > 
> > > But they don't have a choice so they try to do the best to avoid
> > > sleeping. And it is a subsystem, not a driver, which means their
> > > patterns are sometimes special. Drivers should not replicate subsystem
> > > workarounds.
> > > 
> > > > 
> > > > Would you have a better suggestion?
> > > 
> > > Yes, you have a choice, you can always use udelay. Driver code is
> > > supposed to be always correct.
> > 
> > Using udelay() is good enough for now. I see that downstream uses a
> > usleep_range(50, 100) and I'm concerned that we're going to waste lots
> > of cpu cyles once more and more clients get added.
> 
> 
> If this is going to be the case, then we can revisit it with some
> numbers. Especially if this ACPM turns out to be a bus driver.
> 
> > 
> > If there's no concurrency on the ACPM queue mutexes at late system
> > shutdown, would it work to pass the don't sleep requirement from the
> > client to ACPM and use udelay only then?
> 
> 
> You mean the client will choose what sort of delay it expects (sleeping
> or not)? That would work, but can you actually control it from the
> client side?

I can know this requirement from the RTC driver indeed
https://lore.kernel.org/all/20250323-s2mpg10-v1-29-d08943702707@linaro.org/
but a) I'm not sure how to do that with regmap, I'll have to have a look and
b) if the concern is that system_state is changed to shutdown while one
of the (other) drivers is using the ACPM (as per your earlier email), then
having a different API wouldn't help I believe.

Cheers,
Andre'

Patch

diff --git a/drivers/firmware/samsung/exynos-acpm.c b/drivers/firmware/samsung/exynos-acpm.c
index 542eaff03f9e39422a8c5345ca75e05c1710a9ee..4f65f7ef39b5fdbf5bb10f6ee9ffb78c5e34d8b2 100644
--- a/drivers/firmware/samsung/exynos-acpm.c
+++ b/drivers/firmware/samsung/exynos-acpm.c
@@ -15,6 +15,8 @@ 
 #include <linux/firmware/samsung/exynos-acpm-protocol.h>
 #include <linux/io.h>
 #include <linux/iopoll.h>
+#include <linux/irqflags.h>
+#include <linux/kernel.h>
 #include <linux/ktime.h>
 #include <linux/mailbox/exynos-message.h>
 #include <linux/mailbox_client.h>
@@ -25,6 +27,7 @@ 
 #include <linux/of_address.h>
 #include <linux/of_platform.h>
 #include <linux/platform_device.h>
+#include <linux/preempt.h>
 #include <linux/slab.h>
 #include <linux/types.h>
 
@@ -273,6 +276,17 @@  static int acpm_get_rx(struct acpm_chan *achan, const struct acpm_xfer *xfer)
 	return 0;
 }
 
+/*
+ * When ACPM transfers happen very late, e.g. to access a PMIC when powering
+ * down, we can not sleep. We do want to sleep in the normal case, though, to
+ * avoid wasting CPU cycles!
+ */
+static bool acpm_may_sleep(void)
+{
+	return system_state <= SYSTEM_RUNNING ||
+		(IS_ENABLED(CONFIG_PREEMPT_COUNT) ? preemptible() : !irqs_disabled());
+}
+
 /**
  * acpm_dequeue_by_polling() - RX dequeue by polling.
  * @achan:	ACPM channel info.
@@ -300,7 +314,10 @@  static int acpm_dequeue_by_polling(struct acpm_chan *achan,
 			return 0;
 
 		/* Determined experimentally. */
-		usleep_range(20, 30);
+		if (!acpm_may_sleep())
+			udelay(10);
+		else
+			usleep_range(20, 30);
 	} while (ktime_before(ktime_get(), timeout));
 
 	dev_err(dev, "Timeout! ch:%u s:%u bitmap:%lx.\n",