Discuss SCMI firmware, SCMI drivers in Linux, U-boot, OP-TEE
 help / color / mirror / Atom feed
From: Sudeep Holla <sudeep.holla@kernel.org>
To: arm-scmi@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Cc: Cristian Marussi <cristian.marussi@arm.com>
Subject: [PATCH v3 00/17] firmware: arm_scmi: Fix SCMI core cleanup paths
Date: Fri, 03 Jul 2026 21:22:36 +0100	[thread overview]
Message-ID: <20260703-scmi_core_fixes-v3-0-5bae9766abfc@kernel.org> (raw)

This series fixes a set of SCMI core and transport lifetime issues found
around device creation, channel setup failure, notification teardown,
driver binding and malformed firmware descriptions.

Most of these issues were found by Sashiko[1][2] while reviewing the ACPI
SCMI PCC work[3]. They are posted separately because the problems are
independent SCMI core, mailbox and virtio transport cleanup bugs, and do
not depend on the ACPI PCC series.

Since I started fixing the initial set of issues pointed by sashiko, more
issues have been identified and hopefully with v3, it really calms down.
I can only wish 😄.

Fixes tags need to be checked again or even dropped if it is not a stable
material. Just some placeholders that I thought are appropriated are in place.

The fixes tighten ownership and teardown rules for generated SCMI devices,
transport devices and transport channels. They make internal transport
devices reachable by explicit teardown without exposing them to normal SCMI
driver binding, ensure partially initialized channels are unwound on setup
failures, and avoid IDR/device lifetime races during probe failure and
device unbind.

The series also fixes notifier and notification teardown ordering.
Requested device notifiers are unregistered before protocol IDRs are
destroyed, RCU is used around requested-device protocol lookups, transport
callbacks are stopped before notification state is released, and protocol
bind failures now drop any SCMI handle acquired before probe.

The mailbox transport fixes cover both setup failure unwinding and an early
interrupt window: mailbox callbacks can run as soon as mbox_request_channel()
binds the client and starts the controller, so the SCMI mailbox transport
now publishes the channel state before requesting channels.

The virtio transport fix clears virtio-owned channel state when SCMI
channels are freed, so devres-managed SCMI message pointers do not survive
across SCMI driver unbind and rebind.

Summary:

- Fix OF node reference ownership for generated SCMI devices.
- Allow explicit teardown lookup of internal transport devices.
- Clean up TX/RX channels when SCMI channel setup fails midway.
- Fix SCMI device lifetime handling around child lookup and bus ID reuse.
- Free transport resources when IDR insertion fails after channel setup.
- Unregister requested-device notifier before active protocol IDR teardown.
- Unwind mailbox channels on TX receiver and P2A receiver setup failures.
- Protect requested-device protocol lookup with RCU.
- Avoid modifying an IDR while iterating it during channel cleanup.
- Clear the SystemPower singleton flag on SCMI device creation failure.
- Reject out-of-range DT protocol IDs instead of allowing u8 truncation.
- Stop transport callbacks before releasing notification state.
- Publish mailbox channel state before requesting mailbox channels.
- Use the owning channel ID when tearing down shared transport devices.
- Drop SCMI handles on protocol bind and device-link failures.
- Clear virtio channel lists when freeing SCMI virtio channels.

Signed-off-by: Sudeep Holla <sudeep.holla@kernel.org>

--
Changes in v3:
- Added SCMI bus resource release helper so bus IDs are released from
  destroy, register-failure and final-release paths, and cleared after
  release to avoid later double-free.
- Moved SystemPower singleton cleanup into the same resource helper so
  direct driver-core child release also clears the flag.
- Removed the unused mailbox P2A unwind label.
- Published cinfo->handle before transport chan_setup() so early mailbox
  callbacks have a valid SCMI handle.
- Added fix to destroy shared transport devices using cinfo->id instead of
  the IDR iterator key.
- Added SCMI handle cleanup on device_link_add() failure and
  BUS_NOTIFY_DRIVER_NOT_BOUND.
- Added virtio channel cleanup to detach unused virtqueue buffers and clear
  local channel lists across SCMI unbind/rebind.
- Link to v2: https://patch.msgid.link/20260701-scmi_core_fixes-v2-0-1f5e85553f73@kernel.org

Changes in v2:
(Mostly addressing the additional issues found by Sashiko)
- Added fixes for IDR mutation during channel cleanup.
- Added SystemPower singleton flag unwind on device creation failure.
- Added validation to skip out-of-range DT protocol IDs.
- Moved notification teardown after transport channel cleanup.
- Published mailbox cinfo before mbox_request_channel() can enable callbacks.
- Link to v1: https://patch.msgid.link/20260630-scmi_core_fixes-v1-0-f932c1e51992@kernel.org

[1] https://sashiko.dev/#/patchset/20260525-acpi_scmi_pcc-v2-0-4f38938d08d8@arm.com
[2] https://sashiko.dev/#/patchset/20260630-scmi_core_fixes-v1-0-f932c1e51992@kernel.org
[3] https://patch.msgid.link/20260525-acpi_scmi_pcc-v2-0-4f38938d08d8@arm.com

---
Sudeep Holla (17):
      firmware: arm_scmi: Fix OF node reference handling
      firmware: arm_scmi: Fix transport device teardown lookup
      firmware: arm_scmi: Clean up channels on setup failure
      firmware: arm_scmi: Fix SCMI device destroy lifetimes
      firmware: arm_scmi: Free transport channel on IDR failure
      firmware: arm_scmi: Unregister device notifier before IDR teardown
      firmware: arm_scmi: Unwind TX receiver mailbox setup failure
      firmware: arm_scmi: Unwind P2A receiver mailbox setup failure
      firmware: arm_scmi: Protect device request lookup with RCU
      firmware: arm_scmi: Avoid IDR updates while cleaning channels
      firmware: arm_scmi: Clear SystemPower flag on create failure
      firmware: arm_scmi: Reject out of range DT protocol IDs
      firmware: arm_scmi: Stop channels before notification teardown
      firmware: arm_scmi: Publish channel state before mailbox request
      firmware: arm_scmi: Use channel ID for transport teardown
      firmware: arm_scmi: Drop handle on protocol bind failures
      firmware: arm_scmi: Clear virtio channel lists on free

 drivers/firmware/arm_scmi/bus.c                | 89 +++++++++++++++++---------
 drivers/firmware/arm_scmi/common.h             |  2 +
 drivers/firmware/arm_scmi/driver.c             | 79 ++++++++++++++---------
 drivers/firmware/arm_scmi/transports/mailbox.c | 24 +++++--
 drivers/firmware/arm_scmi/transports/virtio.c  | 17 +++++
 5 files changed, 143 insertions(+), 68 deletions(-)
---
base-commit: dc59e4fea9d83f03bad6bddf3fa2e52491777482
change-id: 20260629-scmi_core_fixes-da3cd753b4ea


-- 
Regards,
Sudeep


             reply	other threads:[~2026-07-03 20:25 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-03 20:22 Sudeep Holla [this message]
2026-07-03 20:22 ` [PATCH v3 01/17] firmware: arm_scmi: Fix OF node reference handling Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 02/17] firmware: arm_scmi: Fix transport device teardown lookup Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 03/17] firmware: arm_scmi: Clean up channels on setup failure Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 04/17] firmware: arm_scmi: Fix SCMI device destroy lifetimes Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 05/17] firmware: arm_scmi: Free transport channel on IDR failure Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 06/17] firmware: arm_scmi: Unregister device notifier before IDR teardown Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 07/17] firmware: arm_scmi: Unwind TX receiver mailbox setup failure Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 08/17] firmware: arm_scmi: Unwind P2A " Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 09/17] firmware: arm_scmi: Protect device request lookup with RCU Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 10/17] firmware: arm_scmi: Avoid IDR updates while cleaning channels Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 11/17] firmware: arm_scmi: Clear SystemPower flag on create failure Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 12/17] firmware: arm_scmi: Reject out of range DT protocol IDs Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 13/17] firmware: arm_scmi: Stop channels before notification teardown Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 14/17] firmware: arm_scmi: Publish channel state before mailbox request Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 15/17] firmware: arm_scmi: Use channel ID for transport teardown Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 16/17] firmware: arm_scmi: Drop handle on protocol bind failures Sudeep Holla
2026-07-03 20:22 ` [PATCH v3 17/17] firmware: arm_scmi: Clear virtio channel lists on free Sudeep Holla

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260703-scmi_core_fixes-v3-0-5bae9766abfc@kernel.org \
    --to=sudeep.holla@kernel.org \
    --cc=arm-scmi@vger.kernel.org \
    --cc=cristian.marussi@arm.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox