| Message ID | 20181105194011.43770-2-swboyd@chromium.org (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Headers | show |
| Series | Introduce a 'protected-clocks' property | expand |
On Mon 05 Nov 11:40 PST 2018, Stephen Boyd wrote: > Add a generic clk property for clks which are not intended to be used by > the OS due to security restrictions put in place by firmware. For > example, on some Qualcomm firmwares reading or writing certain clk > registers causes the entire system to reboot, but on other firmwares > reading and writing those same registers is required to make devices > like QSPI work. Rather than adding one-off properties each time a new > set of clks appears to be protected, let's add a generic clk property to > describe any set of clks that shouldn't be touched by the OS. This way > we never need to register the clks or use them in certain firmware > configurations. > > Cc: Rob Herring <robh+dt@kernel.org> > Cc: Bjorn Andersson <bjorn.andersson@linaro.org> Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> Regards, Bjorn > Cc: Taniya Das <tdas@codeaurora.org> > Signed-off-by: Stephen Boyd <swboyd@chromium.org> > --- > .../devicetree/bindings/clock/clock-bindings.txt | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/Documentation/devicetree/bindings/clock/clock-bindings.txt b/Documentation/devicetree/bindings/clock/clock-bindings.txt > index 2ec489eebe72..b646bbcf7f92 100644 > --- a/Documentation/devicetree/bindings/clock/clock-bindings.txt > +++ b/Documentation/devicetree/bindings/clock/clock-bindings.txt > @@ -168,3 +168,19 @@ a shared clock is forbidden. > > Configuration of common clocks, which affect multiple consumer devices can > be similarly specified in the clock provider node. > + > +==Protected clocks== > + > +Some platforms or firmwares may not fully expose all the clocks to the OS, such > +as in situations where those clks are used by drivers running in ARM secure > +execution levels. Such a configuration can be specified in device tree with the > +protected-clocks property in the form of a clock specifier list. This property should > +only be specified in the node that is providing the clocks being protected: > + > + clock-controller@a000f000 { > + compatible = "vendor,clk95; > + reg = <0xa000f000 0x1000> > + #clocks-cells = <1>; > + ... > + protected-clocks = <UART3_CLK>, <SPI5_CLK>; > + }; > -- > Sent by a computer through tubes >
On Mon 05 Nov 17:04 PST 2018, Bjorn Andersson wrote: > On Mon 05 Nov 11:40 PST 2018, Stephen Boyd wrote: > > > Add a generic clk property for clks which are not intended to be used by > > the OS due to security restrictions put in place by firmware. For > > example, on some Qualcomm firmwares reading or writing certain clk > > registers causes the entire system to reboot, but on other firmwares > > reading and writing those same registers is required to make devices > > like QSPI work. Rather than adding one-off properties each time a new > > set of clks appears to be protected, let's add a generic clk property to > > describe any set of clks that shouldn't be touched by the OS. This way > > we never need to register the clks or use them in certain firmware > > configurations. > > > > Cc: Rob Herring <robh+dt@kernel.org> > > Cc: Bjorn Andersson <bjorn.andersson@linaro.org> > > Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> > Gave this some additional thought. The way this is blacklisting protected clocks makes it impossible to be backwards compatible with an older DT while adding new protected clocks to an existing driver. I don't have better suggestion for handling this and the problem should primarily be isolated to the beginning of the upstream life of a platform, so perhaps we can just ignore this issue? Regards, Bjorn > Regards, > Bjorn > > > Cc: Taniya Das <tdas@codeaurora.org> > > Signed-off-by: Stephen Boyd <swboyd@chromium.org> > > --- > > .../devicetree/bindings/clock/clock-bindings.txt | 16 ++++++++++++++++ > > 1 file changed, 16 insertions(+) > > > > diff --git a/Documentation/devicetree/bindings/clock/clock-bindings.txt b/Documentation/devicetree/bindings/clock/clock-bindings.txt > > index 2ec489eebe72..b646bbcf7f92 100644 > > --- a/Documentation/devicetree/bindings/clock/clock-bindings.txt > > +++ b/Documentation/devicetree/bindings/clock/clock-bindings.txt > > @@ -168,3 +168,19 @@ a shared clock is forbidden. > > > > Configuration of common clocks, which affect multiple consumer devices can > > be similarly specified in the clock provider node. > > + > > +==Protected clocks== > > + > > +Some platforms or firmwares may not fully expose all the clocks to the OS, such > > +as in situations where those clks are used by drivers running in ARM secure > > +execution levels. Such a configuration can be specified in device tree with the > > +protected-clocks property in the form of a clock specifier list. This property should > > +only be specified in the node that is providing the clocks being protected: > > + > > + clock-controller@a000f000 { > > + compatible = "vendor,clk95; > > + reg = <0xa000f000 0x1000> > > + #clocks-cells = <1>; > > + ... > > + protected-clocks = <UART3_CLK>, <SPI5_CLK>; > > + }; > > -- > > Sent by a computer through tubes > >
Quoting Bjorn Andersson (2018-11-07 21:44:52) > On Mon 05 Nov 17:04 PST 2018, Bjorn Andersson wrote: > > > On Mon 05 Nov 11:40 PST 2018, Stephen Boyd wrote: > > > > > Add a generic clk property for clks which are not intended to be used by > > > the OS due to security restrictions put in place by firmware. For > > > example, on some Qualcomm firmwares reading or writing certain clk > > > registers causes the entire system to reboot, but on other firmwares > > > reading and writing those same registers is required to make devices > > > like QSPI work. Rather than adding one-off properties each time a new > > > set of clks appears to be protected, let's add a generic clk property to > > > describe any set of clks that shouldn't be touched by the OS. This way > > > we never need to register the clks or use them in certain firmware > > > configurations. > > > > > > Cc: Rob Herring <robh+dt@kernel.org> > > > Cc: Bjorn Andersson <bjorn.andersson@linaro.org> > > > > Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org> > > > > Gave this some additional thought. The way this is blacklisting > protected clocks makes it impossible to be backwards compatible with an > older DT while adding new protected clocks to an existing driver. > > I don't have better suggestion for handling this and the problem should > primarily be isolated to the beginning of the upstream life of a > platform, so perhaps we can just ignore this issue? > I don't have a better suggestion either besides listing all possible clks in the binding and header file to start and then specifying any clks that are known to not work when merging the dts bits. In the future I think we can move dts and drivers in lockstep if certain drivers add new clks and those cause problems on locked down systems. The alternative seems worse, i.e. listing clks that should be added on the unaffected platforms, so ignoring this issue sounds good for now.
Quoting Stephen Boyd (2018-11-05 11:40:10) > Add a generic clk property for clks which are not intended to be used by > the OS due to security restrictions put in place by firmware. For > example, on some Qualcomm firmwares reading or writing certain clk > registers causes the entire system to reboot, but on other firmwares > reading and writing those same registers is required to make devices > like QSPI work. Rather than adding one-off properties each time a new > set of clks appears to be protected, let's add a generic clk property to > describe any set of clks that shouldn't be touched by the OS. This way > we never need to register the clks or use them in certain firmware > configurations. > > Cc: Rob Herring <robh+dt@kernel.org> > Cc: Bjorn Andersson <bjorn.andersson@linaro.org> > Cc: Taniya Das <tdas@codeaurora.org> > Signed-off-by: Stephen Boyd <swboyd@chromium.org> > --- Applied to clk-next
diff --git a/Documentation/devicetree/bindings/clock/clock-bindings.txt b/Documentation/devicetree/bindings/clock/clock-bindings.txt index 2ec489eebe72..b646bbcf7f92 100644 --- a/Documentation/devicetree/bindings/clock/clock-bindings.txt +++ b/Documentation/devicetree/bindings/clock/clock-bindings.txt @@ -168,3 +168,19 @@ a shared clock is forbidden. Configuration of common clocks, which affect multiple consumer devices can be similarly specified in the clock provider node. + +==Protected clocks== + +Some platforms or firmwares may not fully expose all the clocks to the OS, such +as in situations where those clks are used by drivers running in ARM secure +execution levels. Such a configuration can be specified in device tree with the +protected-clocks property in the form of a clock specifier list. This property should +only be specified in the node that is providing the clocks being protected: + + clock-controller@a000f000 { + compatible = "vendor,clk95; + reg = <0xa000f000 0x1000> + #clocks-cells = <1>; + ... + protected-clocks = <UART3_CLK>, <SPI5_CLK>; + };
Add a generic clk property for clks which are not intended to be used by the OS due to security restrictions put in place by firmware. For example, on some Qualcomm firmwares reading or writing certain clk registers causes the entire system to reboot, but on other firmwares reading and writing those same registers is required to make devices like QSPI work. Rather than adding one-off properties each time a new set of clks appears to be protected, let's add a generic clk property to describe any set of clks that shouldn't be touched by the OS. This way we never need to register the clks or use them in certain firmware configurations. Cc: Rob Herring <robh+dt@kernel.org> Cc: Bjorn Andersson <bjorn.andersson@linaro.org> Cc: Taniya Das <tdas@codeaurora.org> Signed-off-by: Stephen Boyd <swboyd@chromium.org> --- .../devicetree/bindings/clock/clock-bindings.txt | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)