Re: [PATCH v2] arm64: move efi_reboot to restart handler

From: Krzysztof Adamski
Date: Wed Feb 02 2022 - 07:40:45 EST

Next message: Paul Cercueil: "Re: [PATCH v12 2/9] drm/ingenic: Add support for JZ4780 and HDMI output"
Previous message: Jonathan Neuschäfer: "Re: [PATCH v5 0/9] Nuvoton WPCM450 pinctrl and GPIO driver"
In reply to: Mark Rutland: "Re: [PATCH v2] arm64: move efi_reboot to restart handler"
Next in thread: Ard Biesheuvel: "Re: [PATCH v2] arm64: move efi_reboot to restart handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dnia Tue, Feb 01, 2022 at 01:58:29PM +0000, Mark Rutland napisał(a):

If we use the restart handlers only to reset the system, this is indeed
true. But technically, restart handlers support the scenario where the
handler does some action that does not do reset of the whole system and
passes the control further down the chain, eventually reaching a handler
that will reset the whole system.
This can be done on non-uefi systems without problems but it doesn't
work on UEFI bases arm64 systems and this is a problem for us.

In other words, I would like to be able to run a restart handler on EFI
based ARM64 systems, just like I can on other systems, just for its
"side effects", not to do the actual reboot. Current code disables this
possibility on an ARM64 EFI system.

It sounds like two things are being conflated here:

1) A *notification* that a restart will subsequently occur.
2) A *request* to initiate a restart.

IIUC (1) is supposed to be handled by the existing reboot notifier mechanism
(see the reboot_notifier_list) which *is* invoked prior to the EFI reboot
today.

IMO, using restart handlers as notifiers is an abuse of the interface, and
that's the fundamental problem.

What am I missing?

You are completly right. It is possible that I would like to be able to
*abuse* the restart handlers as notifier. You are right that we have a
reboot_notifier but it is not good enough for my usecase - it is only
called, well, on reboot. It is not called in case of emergency_restart()
so in case of a panic, this won't happen. It also is called much earlier
than restart handlers which also makes a difference in some cases. So I
see no other choice than to abuse the restart_handler mechanism for that.

So, ideally, for that usecase, we would need a restart notifier that is
called immidietely before restart handlers, is basically done in the
same way as reset_handlers mechanism, but would simply be called
differently and would use separate chain. But does it make sense to have
that?

Apart from this simple usecase that I have focused so far, I also have
another one that I didn't mention before. As you know, even efi_reboot()
has several types of resets it can trigger (warm, cold), depending on
how "deep" the reset should be. In some cases, however, we have a need to
escalate the reset/reboot even deeper, into full board reset which is
performed by an external component - this cannot be done from EFI
firmware so we have to do this from Linux, before efi_reboot is called.
This has to be done also in case of a emergency_restart(). And obviosly
we do not call efi_reboot() in this case, as the whole board goes into
reset, including the CPU. This reset is, however, conditional -
it does not replace the efi_reboot() which is still used in most cases.
We use restart_handlers also for that, but this doesn't work on ARM64 with
EFI.

> Otherwise this patch is making this logic more complicated *and* making it
> possible to have problems which we avoid by construction today, without any
> actual benefit.

The benefit for me is this added flexibility and unification between
architectures. On other systems, like ARM32 or non-EFI ARM64 I can
insert a custom reset handler to do some actions just before restart and
on EFI based ARM64, I can't.

You could argue that restart handlers were not created for that but they
suit this purpose ideally and it wouldn't make much sense (in my
opinion) to add yet another notifier chain that would run before reset
notifiers, for code that is not supposed to reset the whole system and
this is exacly what I would have to do if efi_reboot() is forced to be
called before all handlers.

As above, I think that's just using the wrong interface, and the reboot
notifier mechanism *already* exists, so I'm really confused here.

Have I misunderstood what you're trying to achieve?

Is there some problem with the reboot notifier mechanism that I am unaware of?
e.g. do we bypass them in some case where you think they're needed?

Are you simply unaware of reboot notifiers?

As explained above, I am aware of them but they have their limitation.
They were designed for slightly different usecase. The are designed
around blocking_notfier and are supposed to be called only in still safe
environment during graceful reboot, quite early in the reboot process.
If you need to do something just before reset and/or in case of a panic,
you are out of luck.
Of course reset_handlers have their limitations too. For one, they are
called in the context of atomic_notifier and we can't assume the system
is in good condition when it is called but trying to flip a GPIO line or
do a write to MMIO register is a sane thing to do here.

Krzysztof

Next message: Paul Cercueil: "Re: [PATCH v12 2/9] drm/ingenic: Add support for JZ4780 and HDMI output"
Previous message: Jonathan Neuschäfer: "Re: [PATCH v5 0/9] Nuvoton WPCM450 pinctrl and GPIO driver"
In reply to: Mark Rutland: "Re: [PATCH v2] arm64: move efi_reboot to restart handler"
Next in thread: Ard Biesheuvel: "Re: [PATCH v2] arm64: move efi_reboot to restart handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]