diff mbox series

[1/2] dt-bindings: clk: Introduce 'protected-clocks' property

Message ID 20181105194011.43770-2-swboyd@chromium.org (mailing list archive)
State Not Applicable, archived
Headers show
Series Introduce a 'protected-clocks' property | expand

Commit Message

Stephen Boyd Nov. 5, 2018, 7:40 p.m. UTC
Add a generic clk property for clks which are not intended to be used by
the OS due to security restrictions put in place by firmware. For
example, on some Qualcomm firmwares reading or writing certain clk
registers causes the entire system to reboot, but on other firmwares
reading and writing those same registers is required to make devices
like QSPI work. Rather than adding one-off properties each time a new
set of clks appears to be protected, let's add a generic clk property to
describe any set of clks that shouldn't be touched by the OS. This way
we never need to register the clks or use them in certain firmware
configurations.

Cc: Rob Herring <robh+dt@kernel.org>
Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
Cc: Taniya Das <tdas@codeaurora.org>
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
---
 .../devicetree/bindings/clock/clock-bindings.txt | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

Comments

Bjorn Andersson Nov. 6, 2018, 1:04 a.m. UTC | #1
On Mon 05 Nov 11:40 PST 2018, Stephen Boyd wrote:

> Add a generic clk property for clks which are not intended to be used by
> the OS due to security restrictions put in place by firmware. For
> example, on some Qualcomm firmwares reading or writing certain clk
> registers causes the entire system to reboot, but on other firmwares
> reading and writing those same registers is required to make devices
> like QSPI work. Rather than adding one-off properties each time a new
> set of clks appears to be protected, let's add a generic clk property to
> describe any set of clks that shouldn't be touched by the OS. This way
> we never need to register the clks or use them in certain firmware
> configurations.
> 
> Cc: Rob Herring <robh+dt@kernel.org>
> Cc: Bjorn Andersson <bjorn.andersson@linaro.org>

Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>

Regards,
Bjorn

> Cc: Taniya Das <tdas@codeaurora.org>
> Signed-off-by: Stephen Boyd <swboyd@chromium.org>
> ---
>  .../devicetree/bindings/clock/clock-bindings.txt | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
> 
> diff --git a/Documentation/devicetree/bindings/clock/clock-bindings.txt b/Documentation/devicetree/bindings/clock/clock-bindings.txt
> index 2ec489eebe72..b646bbcf7f92 100644
> --- a/Documentation/devicetree/bindings/clock/clock-bindings.txt
> +++ b/Documentation/devicetree/bindings/clock/clock-bindings.txt
> @@ -168,3 +168,19 @@ a shared clock is forbidden.
>  
>  Configuration of common clocks, which affect multiple consumer devices can
>  be similarly specified in the clock provider node.
> +
> +==Protected clocks==
> +
> +Some platforms or firmwares may not fully expose all the clocks to the OS, such
> +as in situations where those clks are used by drivers running in ARM secure
> +execution levels. Such a configuration can be specified in device tree with the
> +protected-clocks property in the form of a clock specifier list. This property should
> +only be specified in the node that is providing the clocks being protected:
> +
> +   clock-controller@a000f000 {
> +        compatible = "vendor,clk95;
> +        reg = <0xa000f000 0x1000>
> +        #clocks-cells = <1>;
> +        ...
> +        protected-clocks = <UART3_CLK>, <SPI5_CLK>;
> +   };
> -- 
> Sent by a computer through tubes
>
Bjorn Andersson Nov. 8, 2018, 5:44 a.m. UTC | #2
On Mon 05 Nov 17:04 PST 2018, Bjorn Andersson wrote:

> On Mon 05 Nov 11:40 PST 2018, Stephen Boyd wrote:
> 
> > Add a generic clk property for clks which are not intended to be used by
> > the OS due to security restrictions put in place by firmware. For
> > example, on some Qualcomm firmwares reading or writing certain clk
> > registers causes the entire system to reboot, but on other firmwares
> > reading and writing those same registers is required to make devices
> > like QSPI work. Rather than adding one-off properties each time a new
> > set of clks appears to be protected, let's add a generic clk property to
> > describe any set of clks that shouldn't be touched by the OS. This way
> > we never need to register the clks or use them in certain firmware
> > configurations.
> > 
> > Cc: Rob Herring <robh+dt@kernel.org>
> > Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
> 
> Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
> 

Gave this some additional thought. The way this is blacklisting
protected clocks makes it impossible to be backwards compatible with an
older DT while adding new protected clocks to an existing driver.

I don't have better suggestion for handling this and the problem should
primarily be isolated to the beginning of the upstream life of a
platform, so perhaps we can just ignore this issue?

Regards,
Bjorn

> Regards,
> Bjorn
> 
> > Cc: Taniya Das <tdas@codeaurora.org>
> > Signed-off-by: Stephen Boyd <swboyd@chromium.org>
> > ---
> >  .../devicetree/bindings/clock/clock-bindings.txt | 16 ++++++++++++++++
> >  1 file changed, 16 insertions(+)
> > 
> > diff --git a/Documentation/devicetree/bindings/clock/clock-bindings.txt b/Documentation/devicetree/bindings/clock/clock-bindings.txt
> > index 2ec489eebe72..b646bbcf7f92 100644
> > --- a/Documentation/devicetree/bindings/clock/clock-bindings.txt
> > +++ b/Documentation/devicetree/bindings/clock/clock-bindings.txt
> > @@ -168,3 +168,19 @@ a shared clock is forbidden.
> >  
> >  Configuration of common clocks, which affect multiple consumer devices can
> >  be similarly specified in the clock provider node.
> > +
> > +==Protected clocks==
> > +
> > +Some platforms or firmwares may not fully expose all the clocks to the OS, such
> > +as in situations where those clks are used by drivers running in ARM secure
> > +execution levels. Such a configuration can be specified in device tree with the
> > +protected-clocks property in the form of a clock specifier list. This property should
> > +only be specified in the node that is providing the clocks being protected:
> > +
> > +   clock-controller@a000f000 {
> > +        compatible = "vendor,clk95;
> > +        reg = <0xa000f000 0x1000>
> > +        #clocks-cells = <1>;
> > +        ...
> > +        protected-clocks = <UART3_CLK>, <SPI5_CLK>;
> > +   };
> > -- 
> > Sent by a computer through tubes
> >
Stephen Boyd Nov. 8, 2018, 6:11 p.m. UTC | #3
Quoting Bjorn Andersson (2018-11-07 21:44:52)
> On Mon 05 Nov 17:04 PST 2018, Bjorn Andersson wrote:
> 
> > On Mon 05 Nov 11:40 PST 2018, Stephen Boyd wrote:
> > 
> > > Add a generic clk property for clks which are not intended to be used by
> > > the OS due to security restrictions put in place by firmware. For
> > > example, on some Qualcomm firmwares reading or writing certain clk
> > > registers causes the entire system to reboot, but on other firmwares
> > > reading and writing those same registers is required to make devices
> > > like QSPI work. Rather than adding one-off properties each time a new
> > > set of clks appears to be protected, let's add a generic clk property to
> > > describe any set of clks that shouldn't be touched by the OS. This way
> > > we never need to register the clks or use them in certain firmware
> > > configurations.
> > > 
> > > Cc: Rob Herring <robh+dt@kernel.org>
> > > Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
> > 
> > Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
> > 
> 
> Gave this some additional thought. The way this is blacklisting
> protected clocks makes it impossible to be backwards compatible with an
> older DT while adding new protected clocks to an existing driver.
> 
> I don't have better suggestion for handling this and the problem should
> primarily be isolated to the beginning of the upstream life of a
> platform, so perhaps we can just ignore this issue?
> 

I don't have a better suggestion either besides listing all possible
clks in the binding and header file to start and then specifying any
clks that are known to not work when merging the dts bits. In the future
I think we can move dts and drivers in lockstep if certain drivers add
new clks and those cause problems on locked down systems. The
alternative seems worse, i.e. listing clks that should be added on the
unaffected platforms, so ignoring this issue sounds good for now.
Stephen Boyd Nov. 21, 2018, 9 a.m. UTC | #4
Quoting Stephen Boyd (2018-11-05 11:40:10)
> Add a generic clk property for clks which are not intended to be used by
> the OS due to security restrictions put in place by firmware. For
> example, on some Qualcomm firmwares reading or writing certain clk
> registers causes the entire system to reboot, but on other firmwares
> reading and writing those same registers is required to make devices
> like QSPI work. Rather than adding one-off properties each time a new
> set of clks appears to be protected, let's add a generic clk property to
> describe any set of clks that shouldn't be touched by the OS. This way
> we never need to register the clks or use them in certain firmware
> configurations.
> 
> Cc: Rob Herring <robh+dt@kernel.org>
> Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
> Cc: Taniya Das <tdas@codeaurora.org>
> Signed-off-by: Stephen Boyd <swboyd@chromium.org>
> ---

Applied to clk-next
diff mbox series

Patch

diff --git a/Documentation/devicetree/bindings/clock/clock-bindings.txt b/Documentation/devicetree/bindings/clock/clock-bindings.txt
index 2ec489eebe72..b646bbcf7f92 100644
--- a/Documentation/devicetree/bindings/clock/clock-bindings.txt
+++ b/Documentation/devicetree/bindings/clock/clock-bindings.txt
@@ -168,3 +168,19 @@  a shared clock is forbidden.
 
 Configuration of common clocks, which affect multiple consumer devices can
 be similarly specified in the clock provider node.
+
+==Protected clocks==
+
+Some platforms or firmwares may not fully expose all the clocks to the OS, such
+as in situations where those clks are used by drivers running in ARM secure
+execution levels. Such a configuration can be specified in device tree with the
+protected-clocks property in the form of a clock specifier list. This property should
+only be specified in the node that is providing the clocks being protected:
+
+   clock-controller@a000f000 {
+        compatible = "vendor,clk95;
+        reg = <0xa000f000 0x1000>
+        #clocks-cells = <1>;
+        ...
+        protected-clocks = <UART3_CLK>, <SPI5_CLK>;
+   };