Re: [PATCH] clk: Fix race condition between clk_set_parent and clk_enable()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tomasz Figa <tomasz.figa@gmail.com>
To: Saravana Kannan <skannan@codeaurora.org>
Cc: linux-arm-kernel@lists.infradead.org,
	Mike Turquette <mturquette@linaro.org>,
	Paul Walmsley <paul@pwsan.com>,
	Shawn Guo <shawn.guo@freescale.com>,
	Sascha Hauer <s.hauer@pengutronix.de>,
	Rob Herring <rob.herring@calxeda.com>,
	Mark Brown <broonie@opensource.wolfsonmicro.com>,
	Russell King <linux@arm.linux.org.uk>,
	Ulf Hansson <ulf.hansson@linaro.org>,
	Andrew Lunn <andrew@lunn.ch>, Stephen Boyd <sboyd@codeaurora.org>,
	Linus Walleij <linus.walleij@stericsson.com>,
	linux-arm-msm@vger.kernel.org,
	Magnus Damm <magnus.damm@gmail.com>,
	linux-kernel@vger.kernel.org,
	Amit Kucheria <amit.kucheria@linaro.org>,
	Richard Zhao <richard.zhao@linaro.org>,
	Grant Likely <grant.likely@secretlab.ca>,
	Deepak Saxena <dsaxena@linaro.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Jamie Iles <jamie@jamieiles.com>,
	Arnd Bergman <arnd.bergmann@linaro.org>,
	Jeremy Kerr <jeremy.kerr@canonical.com>
Subject: Re: [PATCH] clk: Fix race condition between clk_set_parent and clk_enable()
Date: Wed, 15 May 2013 02:10:10 +0200	[thread overview]
Message-ID: <8297704.vcdTNl69IU@flatron> (raw)
In-Reply-To: <5192BEC9.1040104@codeaurora.org>

On Tuesday 14 of May 2013 15:46:33 Saravana Kannan wrote:
> On 05/14/2013 03:10 PM, Tomasz Figa wrote:
> > Hi,
> > 
> > On Tuesday 14 of May 2013 11:54:17 Mike Turquette wrote:
> >> Quoting Saravana Kannan (2013-04-30 21:42:08)
> >> 
> >>> Without this patch, the following race conditions are possible.
> >>> 
> >>> Race condition 1:
> >>> * clk-A has two parents - clk-X and clk-Y.
> >>> * All three are disabled and clk-X is current parent.
> >>> * Thread A: clk_set_parent(clk-A, clk-Y).
> >>> * Thread A: <snip execution flow>
> >>> * Thread A: Grabs enable lock.
> >>> * Thread A: Sees enable count of clk-A is 0, so doesn't enable
> >>> clk-Y.
> >>> * Thread A: Updates clk-A SW parent to clk-Y
> >>> * Thread A: Releases enable lock.
> >>> * Thread B: clk_enable(clk-A).
> >>> * Thread B: clk_enable() enables clk-Y, then enabled clk-A and
> >>> returns.
> >>> 
> >>> clk-A is now enabled in software, but not clocking in hardware since
> >>> the hardware parent is still clk-X.
> >>> 
> >>> The only way to avoid race conditions between clk_set_parent() and
> >>> clk_enable/disable() is to ensure that clk_enable/disable() calls
> >>> don't
> >>> require changes to hardware enable state between changes to software
> >>> clock topology and hardware clock topology.
> >>> 
> >>> There are options to achieve the above:
> >>> 1. Grab the enable lock before changing software/hardware topology
> >>> and
> >>> 
> >>>     release it afterwards.
> >>> 
> >>> 2. Keep the clock enabled for the duration of software/hardware
> >>> topology>
> >>> 
> >>>     change so that any additional enable/disable calls don't try to
> >>>     change
> >>>     the hardware state. Once the topology change is complete, the
> >>>     clock
> >>>     can
> >>>     be put back in its original enable state.
> >>> 
> >>> Option (1) is not an acceptable solution since the set_parent() ops
> >>> might need to sleep.
> >>> 
> >>> Therefore, this patch implements option (2).
> >>> 
> >>> This patch doesn't violate any API semantics. clk_disable() doesn't
> >>> guarantee that the clock is actually disabled. So, no clients of a
> >>> clock can assume that a clock is disabled after their last call to
> >>> clk_disable(). So, enabling the clock during a parent change is not
> >>> a
> >>> violation of any API semantics.
> >>> 
> >>> This also has the nice side effect of simplifying the error handling
> >>> code.
> >>> 
> >>> Signed-off-by: Saravana Kannan <skannan@codeaurora.org>
> >> 
> >> I've taken this patch into clk-next for testing.  The code itself
> >> looks
> >> fine.  The only thing that remains to be seen is if any platforms
> >> have a problem with disabled clocks getting turned on during a
> >> reparent operation.
> > 
> > IMHO this behavior should be documented somewhere, with a note that
> > the
> > clock must not be prepared to keep it disabled during reparent
> > operation and possibly also pointing to the CLK_SET_PARENT_GATE flag.
> 
> Reasonable request. I can update the documentation of clk_set_parent()
> to indicate that the clock might get turned on for the duration of the
> call and if they need a guarantee the GATE flag should be used.
> 
> >> On platforms that I have worked on this is OK, but I suppose there
> >> could be some platform out there where a clock is prepared and
> >> disabled, and briefly enabling the clock during the reparent
> >> operation somehow puts the hardware in a bad state.
> > 
> > Well, on any platform where default clock settings are not completely
> > correct this is likely to cause problems, because some device might
> > get
> > too high frequency for some period of time, which might crash it alone
> > as well as the whole system.
> 
> I don't think this is really a problem with this patch. It's present
> even without this patch.
> 
> The patch doesn't switch to some other unspecified parent. It only
> switches between the new/old parent. Even without this patch, if a clock
> is prepared while you reparent it, clk_enable() could be called at
> anytime between the parent switch and the future clock API calls to set
> up the new parent correctly. I think that's just crappy driver code to
> switch to a new parent before setting it up correctly. There's
> absolutely no good reason to do it that way.

This is not exactly what I meant. I was just giving an example problem of 
turning a clock on, if it's not set up correctly yet.

AFAIK most (if not all) of current code either does necessary reparenting 
and initial rate setting early, before clk_prepare(), so it is not a 
problem or already after clk_enable() (in case of reparenting dynamically 
at runtime), so there shouldn't be any problem.

Best regards,
Tomasz

WARNING: multiple messages have this Message-ID (diff)

From: tomasz.figa@gmail.com (Tomasz Figa)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] clk: Fix race condition between clk_set_parent and clk_enable()
Date: Wed, 15 May 2013 02:10:10 +0200	[thread overview]
Message-ID: <8297704.vcdTNl69IU@flatron> (raw)
In-Reply-To: <5192BEC9.1040104@codeaurora.org>

On Tuesday 14 of May 2013 15:46:33 Saravana Kannan wrote:
> On 05/14/2013 03:10 PM, Tomasz Figa wrote:
> > Hi,
> > 
> > On Tuesday 14 of May 2013 11:54:17 Mike Turquette wrote:
> >> Quoting Saravana Kannan (2013-04-30 21:42:08)
> >> 
> >>> Without this patch, the following race conditions are possible.
> >>> 
> >>> Race condition 1:
> >>> * clk-A has two parents - clk-X and clk-Y.
> >>> * All three are disabled and clk-X is current parent.
> >>> * Thread A: clk_set_parent(clk-A, clk-Y).
> >>> * Thread A: <snip execution flow>
> >>> * Thread A: Grabs enable lock.
> >>> * Thread A: Sees enable count of clk-A is 0, so doesn't enable
> >>> clk-Y.
> >>> * Thread A: Updates clk-A SW parent to clk-Y
> >>> * Thread A: Releases enable lock.
> >>> * Thread B: clk_enable(clk-A).
> >>> * Thread B: clk_enable() enables clk-Y, then enabled clk-A and
> >>> returns.
> >>> 
> >>> clk-A is now enabled in software, but not clocking in hardware since
> >>> the hardware parent is still clk-X.
> >>> 
> >>> The only way to avoid race conditions between clk_set_parent() and
> >>> clk_enable/disable() is to ensure that clk_enable/disable() calls
> >>> don't
> >>> require changes to hardware enable state between changes to software
> >>> clock topology and hardware clock topology.
> >>> 
> >>> There are options to achieve the above:
> >>> 1. Grab the enable lock before changing software/hardware topology
> >>> and
> >>> 
> >>>     release it afterwards.
> >>> 
> >>> 2. Keep the clock enabled for the duration of software/hardware
> >>> topology>
> >>> 
> >>>     change so that any additional enable/disable calls don't try to
> >>>     change
> >>>     the hardware state. Once the topology change is complete, the
> >>>     clock
> >>>     can
> >>>     be put back in its original enable state.
> >>> 
> >>> Option (1) is not an acceptable solution since the set_parent() ops
> >>> might need to sleep.
> >>> 
> >>> Therefore, this patch implements option (2).
> >>> 
> >>> This patch doesn't violate any API semantics. clk_disable() doesn't
> >>> guarantee that the clock is actually disabled. So, no clients of a
> >>> clock can assume that a clock is disabled after their last call to
> >>> clk_disable(). So, enabling the clock during a parent change is not
> >>> a
> >>> violation of any API semantics.
> >>> 
> >>> This also has the nice side effect of simplifying the error handling
> >>> code.
> >>> 
> >>> Signed-off-by: Saravana Kannan <skannan@codeaurora.org>
> >> 
> >> I've taken this patch into clk-next for testing.  The code itself
> >> looks
> >> fine.  The only thing that remains to be seen is if any platforms
> >> have a problem with disabled clocks getting turned on during a
> >> reparent operation.
> > 
> > IMHO this behavior should be documented somewhere, with a note that
> > the
> > clock must not be prepared to keep it disabled during reparent
> > operation and possibly also pointing to the CLK_SET_PARENT_GATE flag.
> 
> Reasonable request. I can update the documentation of clk_set_parent()
> to indicate that the clock might get turned on for the duration of the
> call and if they need a guarantee the GATE flag should be used.
> 
> >> On platforms that I have worked on this is OK, but I suppose there
> >> could be some platform out there where a clock is prepared and
> >> disabled, and briefly enabling the clock during the reparent
> >> operation somehow puts the hardware in a bad state.
> > 
> > Well, on any platform where default clock settings are not completely
> > correct this is likely to cause problems, because some device might
> > get
> > too high frequency for some period of time, which might crash it alone
> > as well as the whole system.
> 
> I don't think this is really a problem with this patch. It's present
> even without this patch.
> 
> The patch doesn't switch to some other unspecified parent. It only
> switches between the new/old parent. Even without this patch, if a clock
> is prepared while you reparent it, clk_enable() could be called at
> anytime between the parent switch and the future clock API calls to set
> up the new parent correctly. I think that's just crappy driver code to
> switch to a new parent before setting it up correctly. There's
> absolutely no good reason to do it that way.

This is not exactly what I meant. I was just giving an example problem of 
turning a clock on, if it's not set up correctly yet.

AFAIK most (if not all) of current code either does necessary reparenting 
and initial rate setting early, before clk_prepare(), so it is not a 
problem or already after clk_enable() (in case of reparenting dynamically 
at runtime), so there shouldn't be any problem.

Best regards,
Tomasz

next prev parent reply	other threads:[~2013-05-15  0:10 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-05-01  4:42 [PATCH] clk: Fix race condition between clk_set_parent and clk_enable() Saravana Kannan
2013-05-01  4:42 ` Saravana Kannan
2013-05-14 18:54 ` Mike Turquette
2013-05-14 18:54   ` Mike Turquette
2013-05-14 21:03   ` Saravana Kannan
2013-05-14 21:03     ` Saravana Kannan
2013-05-14 22:10   ` Tomasz Figa
2013-05-14 22:10     ` Tomasz Figa
2013-05-14 22:10     ` Tomasz Figa
2013-05-14 22:46     ` Saravana Kannan
2013-05-14 22:46       ` Saravana Kannan
2013-05-15  0:10       ` Tomasz Figa [this message]
2013-05-15  0:10         ` Tomasz Figa
2013-05-15 19:24 ` Ulf Hansson
2013-05-15 19:24   ` Ulf Hansson
2013-05-16  4:17   ` Saravana Kannan
2013-05-16  4:17     ` Saravana Kannan
2013-05-16  4:07 ` [PATCH v2] " Saravana Kannan
2013-05-16  4:07   ` Saravana Kannan
2013-05-16 20:44   ` Mike Turquette
2013-05-16 20:44     ` Mike Turquette
2013-05-16 21:31     ` Saravana Kannan
2013-05-16 21:31       ` Saravana Kannan
2013-05-16 22:29       ` Mike Turquette
2013-05-16 22:29         ` Mike Turquette

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8297704.vcdTNl69IU@flatron \
    --to=tomasz.figa@gmail.com \
    --cc=amit.kucheria@linaro.org \
    --cc=andrew@lunn.ch \
    --cc=arnd.bergmann@linaro.org \
    --cc=broonie@opensource.wolfsonmicro.com \
    --cc=dsaxena@linaro.org \
    --cc=grant.likely@secretlab.ca \
    --cc=jamie@jamieiles.com \
    --cc=jeremy.kerr@canonical.com \
    --cc=linus.walleij@stericsson.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-arm-msm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@arm.linux.org.uk \
    --cc=magnus.damm@gmail.com \
    --cc=mturquette@linaro.org \
    --cc=paul@pwsan.com \
    --cc=richard.zhao@linaro.org \
    --cc=rob.herring@calxeda.com \
    --cc=s.hauer@pengutronix.de \
    --cc=sboyd@codeaurora.org \
    --cc=shawn.guo@freescale.com \
    --cc=skannan@codeaurora.org \
    --cc=tglx@linutronix.de \
    --cc=ulf.hansson@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.