lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 23 Sep 2020 14:08:56 +0300
From:   Sakari Ailus <sakari.ailus@...ux.intel.com>
To:     Luca Ceresoli <luca@...aceresoli.net>
Cc:     linux-i2c@...r.kernel.org, Wolfram Sang <wsa@...-dreams.de>,
        "Rafael J. Wysocki" <rafael@...nel.org>,
        linux-acpi@...r.kernel.org, linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        rajmohan.mani@...el.com, Tomasz Figa <tfiga@...omium.org>,
        Bartosz Golaszewski <bgolaszewski@...libre.com>,
        Bingbu Cao <bingbu.cao@...el.com>,
        Chiranjeevi Rapolu <chiranjeevi.rapolu@...el.com>,
        Hyungwoo Yang <hyungwoo.yang@...el.com>,
        linux-media@...r.kernel.org
Subject: Re: [PATCH v8 0/6] Support running driver's probe for a device
 powered off

Hi Luca,

On Mon, Sep 14, 2020 at 06:49:29PM +0200, Luca Ceresoli wrote:
> Hi Sakari,
> 
> On 14/09/20 11:47, Sakari Ailus wrote:
> > Hi Luca,
> > 
> > On Mon, Sep 14, 2020 at 09:58:24AM +0200, Luca Ceresoli wrote:
> >> Hi Sakari,
> >>
> >> On 11/09/20 15:01, Sakari Ailus wrote:
> >>> Hi Luca,
> >>>
> >>> On Fri, Sep 11, 2020 at 02:49:26PM +0200, Luca Ceresoli wrote:
> >>>> Hi Sakari,
> >>>>
> >>>> On 03/09/20 10:15, Sakari Ailus wrote:
> >>>>>
> >>>>> Hi all,
> >>>>>
> >>>>> These patches enable calling (and finishing) a driver's probe function
> >>>>> without powering on the respective device on busses where the practice is
> >>>>> to power on the device for probe. While it generally is a driver's job to
> >>>>> check the that the device is there, there are cases where it might be
> >>>>> undesirable. (In this case it stems from a combination of hardware design
> >>>>> and user expectations; see below.) The downside with this change is that
> >>>>> if there is something wrong with the device, it will only be found at the
> >>>>> time the device is used. In this case (the camera sensors + EEPROM in a
> >>>>> sensor) I don't see any tangible harm from that though.
> >>>>>
> >>>>> An indication both from the driver and the firmware is required to allow
> >>>>> the device's power state to remain off during probe (see the first patch).
> >>>>>
> >>>>>
> >>>>> The use case is such that there is a privacy LED next to an integrated
> >>>>> user-facing laptop camera, and this LED is there to signal the user that
> >>>>> the camera is recording a video or capturing images. That LED also happens
> >>>>> to be wired to one of the power supplies of the camera, so whenever you
> >>>>> power on the camera, the LED will be lit, whether images are captured from
> >>>>> the camera --- or not. There's no way to implement this differently
> >>>>> without additional software control (allowing of which is itself a
> >>>>> hardware design decision) on most CSI-2-connected camera sensors as they
> >>>>> simply have no pin to signal the camera streaming state.
> >>>>>
> >>>>> This is also what happens during driver probe: the camera will be powered
> >>>>> on by the I²C subsystem calling dev_pm_domain_attach() and the device is
> >>>>> already powered on when the driver's own probe function is called. To the
> >>>>> user this visible during the boot process as a blink of the privacy LED,
> >>>>> suggesting that the camera is recording without the user having used an
> >>>>> application to do that. From the end user's point of view the behaviour is
> >>>>> not expected and for someone unfamiliar with internal workings of a
> >>>>> computer surely seems quite suspicious --- even if images are not being
> >>>>> actually captured.
> >>>>>
> >>>>> I've tested these on linux-next master. They also apply to Wolfram's
> >>>>> i2c/for-next branch, there's a patch that affects the I²C core changes
> >>>>> here (see below). The patches apart from that apply to Bartosz's
> >>>>> at24/for-next as well as Mauro's linux-media master branch.
> >>>>
> >>>> Apologies for having joined this discussion this late.
> >>>
> >>> No worries. But thanks for the comments.
> >>>
> >>>>
> >>>> This patchset seems a good base to cover a different use case, where I
> >>>> also cannot access the physical device at probe time.
> >>>>
> >>>> I'm going to try these patches, but in my case there are a few
> >>>> differences that need a better understanding.
> >>>>
> >>>> First, I'm using device tree, not ACPI. In addition to adding OF support
> >>>> similar to the work you've done for ACPI, I think instead of
> >>>> acpi_dev_state_low_power() we should have a function that works for both
> >>>> ACPI and DT.
> >>>
> >>> acpi_dev_state_low_power() is really ACPI specific: it does tell the ACPI
> >>> power state of the device during probe or remove. It is not needed on DT
> >>> since the power state of the device is controlled directly by the driver.
> >>> On I²C ACPI devices, it's the framework that powers them on for probe.
> >>
> >> I see, thanks for clarifying. I'm not used to ACPI so I didn't get that.
> >>
> >>> You could have a helper function on DT to tell a driver what to do in
> >>> probe, but the functionality in that case is unrelated.
> >>
> >> So in case of DT we might think of a function that just tells whether
> >> the device is marked to allow low-power probe, but it's just an info
> >> from DT:
> >>
> >> int mydriver_probe(struct i2c_client *client)
> >> {
> >> 	...
> >> 	low_power = of_dev_state_low_power(&client->dev);
> >> 	if (!low_power) {
> >> 		mydriver_initialize(); /* power+clocks, write regs */
> >>  	}
> >> 	...
> >> }
> >>
> >> ...and, if (low_power), call mydriver_initialize() at first usage.
> >>
> >> I'm wondering whether this might make sense in mainline.
> > 
> > Quite possibly, if there are drivers that would need it.
> > 
> > The function should probably be called differently though as what it does
> > is quite different after all.
> > 
> > Unless... we did the following:
> > 
> > - Redefine the I²C driver flag added by this patchset into what tells the
> >   I²C framework whether the driver does its own power management
> >   independently of the I²C framework. It could be called e.g.
> >   I2C_DRV_FL_FULL_PM, to indicate the driver is responsible for all power
> >   management of the device, and the I²C framework would not power on the
> >   device for probe or remove.
> > 
> > - Add a firmware function to tell whether the device identification should
> >   take place during probe or not. For this is what we're really doing here
> >   from driver's point of view: lazy device probing.
> 
> Indeed my needs have nothing to do with power management. What I need is
> lazy device probing as the I2C bus may need time before it can be used.
> From the driver code point of view it looks similar (there's an if()
> around initializations in probe() and init is done later if needed), but
> the usage is different.
> 
> Another approach would be to add a new I2C driver operation [say
> init_hw()], then move code for lazy init out of probe() into init_hw().
> probe() would still allocate resources. init_hw() would be called by the
> framework (or the controller driver?) when it knows eveything is ready.
> Just wild thoughts while I'm trying to focus the problem...

What makes the controller driver not ready to operate the controller when
the client devices are probed?

-- 
Sakari Ailus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ