[PATCH 4/6] platform/apple: Add new Apple Mac SMC driver

Hector Martin marcan at marcan.st
Mon Sep 5 09:53:04 PDT 2022 

On 05/09/2022 19.55, Russell King (Oracle) wrote:
> Delving into this, it seems this code is buggy.
> 
> If apple_smc_rtkit_write_key_atomic() is used from atomic contexts,
> what prevents apple_smc_rtkit_write_key_atomic() being called while
> apple_smc_rtkit_write_key() is executing?

This does:

> +int apple_smc_write_atomic(struct apple_smc *smc, smc_key key, void *buf, size_t size)
> +{
> +	int ret;
> +
> +	/*
> +	 * Will fail if SMC is busy. This is only used by SMC reboot/poweroff
> +	 * final calls, so it doesn't really matter at that point.
> +	 */
> +	if (!mutex_trylock(&smc->mutex))
> +		return -EBUSY;
> +
> +	ret = smc->be->write_key_atomic(smc->be_cookie, key, buf, size);
> +	mutex_unlock(&smc->mutex);
> +
> +	return ret;
> +}
> +EXPORT_SYMBOL(apple_smc_write_atomic);

I tried making this actually work properly while I was considering using
the atomic call in non-shutdown contexts, but gave up - it gets very
hairy, and is probably impossible under the premise that the atomic side
can always block on the non-atomic side and end up deadlocking due to
the nature of things. But right now, since this is only ever used for
final shutdown, there is no contention possible. The mutex_trylock there
is a safety, in case someone tries using this in some other context,
that will just bail if there is contention with non-atomic acesses.
Maybe there should be a warning there, something like "SMC: contention
between atomic accesses and non-atomic accesses is not supported".

> Lastly:
> 
> #define SMC_SHMEM_SIZE                  0x1000
> 
> #define SMC_WSIZE                       GENMASK(31, 24)
> #define SMC_SIZE                        GENMASK(23, 16)
> 
> The size fields are one byte, but we error out if the size is larger
> than the shmem size:
> 
>         if (size > SMC_SHMEM_SIZE || size == 0)
>                 return -EINVAL;
> 
> but we still try to squeeze the size into this byte-wide field:
> 
>                FIELD_PREP(SMC_SIZE, size) |
> 
> which isn't goint to work. If the size is limited by the protocol to
> 255 bytes (or is it 256, where 0 means 256?) then surely we should be
> erroring out if size is above that maximum rather than the shmem size.

Good point, this should be 255 bytes max.

*checks*

Yeah, the longest SMC key we have in practice is 120 bytes, so let's
just #define SMC_MAX_SIZE 255 or something like that.

- Hector

More information about the linux-arm-kernel mailing list