From: skannan@codeaurora.org (Saravana Kannan)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] clk: Fix race condition between clk_set_parent and clk_enable()
Date: Tue, 14 May 2013 15:46:33 -0700 [thread overview]
Message-ID: <5192BEC9.1040104@codeaurora.org> (raw)
In-Reply-To: <9066674.E2RzuEn3ap@flatron>
On 05/14/2013 03:10 PM, Tomasz Figa wrote:
> Hi,
>
> On Tuesday 14 of May 2013 11:54:17 Mike Turquette wrote:
>> Quoting Saravana Kannan (2013-04-30 21:42:08)
>>
>>> Without this patch, the following race conditions are possible.
>>>
>>> Race condition 1:
>>> * clk-A has two parents - clk-X and clk-Y.
>>> * All three are disabled and clk-X is current parent.
>>> * Thread A: clk_set_parent(clk-A, clk-Y).
>>> * Thread A: <snip execution flow>
>>> * Thread A: Grabs enable lock.
>>> * Thread A: Sees enable count of clk-A is 0, so doesn't enable clk-Y.
>>> * Thread A: Updates clk-A SW parent to clk-Y
>>> * Thread A: Releases enable lock.
>>> * Thread B: clk_enable(clk-A).
>>> * Thread B: clk_enable() enables clk-Y, then enabled clk-A and
>>> returns.
>>>
>>> clk-A is now enabled in software, but not clocking in hardware since
>>> the hardware parent is still clk-X.
>>>
>>> The only way to avoid race conditions between clk_set_parent() and
>>> clk_enable/disable() is to ensure that clk_enable/disable() calls
>>> don't
>>> require changes to hardware enable state between changes to software
>>> clock topology and hardware clock topology.
>>>
>>> There are options to achieve the above:
>>> 1. Grab the enable lock before changing software/hardware topology and
>>>
>>> release it afterwards.
>>>
>>> 2. Keep the clock enabled for the duration of software/hardware
>>> topology>
>>> change so that any additional enable/disable calls don't try to
>>> change
>>> the hardware state. Once the topology change is complete, the clock
>>> can
>>> be put back in its original enable state.
>>>
>>> Option (1) is not an acceptable solution since the set_parent() ops
>>> might need to sleep.
>>>
>>> Therefore, this patch implements option (2).
>>>
>>> This patch doesn't violate any API semantics. clk_disable() doesn't
>>> guarantee that the clock is actually disabled. So, no clients of a
>>> clock can assume that a clock is disabled after their last call to
>>> clk_disable(). So, enabling the clock during a parent change is not a
>>> violation of any API semantics.
>>>
>>> This also has the nice side effect of simplifying the error handling
>>> code.
>>>
>>> Signed-off-by: Saravana Kannan <skannan@codeaurora.org>
>>
>> I've taken this patch into clk-next for testing. The code itself looks
>> fine. The only thing that remains to be seen is if any platforms have a
>> problem with disabled clocks getting turned on during a reparent
>> operation.
>
> IMHO this behavior should be documented somewhere, with a note that the
> clock must not be prepared to keep it disabled during reparent operation
> and possibly also pointing to the CLK_SET_PARENT_GATE flag.
Reasonable request. I can update the documentation of clk_set_parent()
to indicate that the clock might get turned on for the duration of the
call and if they need a guarantee the GATE flag should be used.
>
>> On platforms that I have worked on this is OK, but I suppose there could
>> be some platform out there where a clock is prepared and disabled, and
>> briefly enabling the clock during the reparent operation somehow puts
>> the hardware in a bad state.
>
> Well, on any platform where default clock settings are not completely
> correct this is likely to cause problems, because some device might get
> too high frequency for some period of time, which might crash it alone as
> well as the whole system.
>
I don't think this is really a problem with this patch. It's present
even without this patch.
The patch doesn't switch to some other unspecified parent. It only
switches between the new/old parent. Even without this patch, if a clock
is prepared while you reparent it, clk_enable() could be called at
anytime between the parent switch and the future clock API calls to set
up the new parent correctly. I think that's just crappy driver code to
switch to a new parent before setting it up correctly. There's
absolutely no good reason to do it that way.
-Saravana
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
hosted by The Linux Foundation
next prev parent reply other threads:[~2013-05-14 22:46 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-01 4:42 [PATCH] clk: Fix race condition between clk_set_parent and clk_enable() Saravana Kannan
2013-05-14 18:54 ` Mike Turquette
2013-05-14 21:03 ` Saravana Kannan
2013-05-14 22:10 ` Tomasz Figa
2013-05-14 22:46 ` Saravana Kannan [this message]
2013-05-15 0:10 ` Tomasz Figa
2013-05-15 19:24 ` Ulf Hansson
2013-05-16 4:17 ` Saravana Kannan
2013-05-16 4:07 ` [PATCH v2] " Saravana Kannan
2013-05-16 20:44 ` Mike Turquette
2013-05-16 21:31 ` Saravana Kannan
2013-05-16 22:29 ` Mike Turquette
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5192BEC9.1040104@codeaurora.org \
--to=skannan@codeaurora.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).