Re: [PATCH 2/4] reset: add GPIO-based reset controller

From: Sean Anderson
Date: Thu Jan 04 2024 - 11:31:45 EST

On 1/4/24 11:08, Krzysztof Kozlowski wrote:
> On 04/01/2024 17:04, Sean Anderson wrote:
>> On 1/4/24 03:57, Krzysztof Kozlowski wrote:
>>> On 28/12/2023 17:05, Sean Anderson wrote:
>>>> On 12/22/23 10:01, Krzysztof Kozlowski wrote:
>>>>> Add simple driver to control GPIO-based resets using the reset
>>>>> controller API for the cases when the GPIOs are shared and reset should
>>>>> be coordinated. The driver is expected to be used by reset core
>>>>> framework for ad-hoc reset controllers.
>>>>
>>>> How do we handle power sequencing? Often GPIOs need some pre/post delay in
>>>> order to ensure proper power sequencing. For regular reset drivers, this is
>>>> internal to the driver.
>>>
>>> It's not part of this patchset. Power sequencing is an old topic and
>>> generic solutions were failing, rejected, did not solve the problems,
>>> etc (choose your reason).
>>>
>>> Delays are device specific, so they go to drivers (depending on the
>>> compatible). Complex power sequencing is way too much for simplified
>>> reset-framework handling, so anyway it is expected you do it in your driver.
>>
>> Well, the reason to bring it up is twofold:
>>
>> - Traditionally, drivers expect the reset controller to handle all
>> necessary delays. For example, reset-k210 includes a 10us delay
>> between asserting and deasserting the reset. There's a similar thing
>> in reset-imx7, and several other reset drivers.
>> - We would need to add custom assert/deassert delays to every driver
>> using this interface. These are not always added, since any given
>> device may require delays which can be inferred from its compatible.
>> However, an integrated system may require delays to be different from
>> what any individual device requires.
>>
>>>>
>>>> Maybe something like
>>>>
>>>> my-device {
>>>> reset-gpios = <&gpio 555 GPIO_ACTIVE_LOW>;
>>>> reset-gpios-post-deassert-us = <100>;
>>>
>>> Feel free to add it later. This patchset, and actually all patches
>>> should, solves one problem while allowing you to extend it later.
>>
>> Yes, but we should try to avoid creating problems for ourselves in the
>> future.
>>
>>> If there is a architectural problem in my approach not allowing you to
>>> extend it later, then we should discuss it.
>>
>> Well, I brought up just such an architectural issue below...
>
> Sorry, but where the issue? You did not present any arguments stating
> that it is not possible to add your feature.
>
> What is the problem to parse that property?
>
>>
>>>> };
>>>>
>>>> Of course, this is a bit ambiguous if you have multiple devices using the same
>>>> GPIO with different delays.
>>
>> This is the most concerning one to me.
>>
>>>> Maybe we take the max? But the driver below seems
>>>> to only have access to one device. Which I suppose begs the question: how do
>>>> we know when it's safe to deassert the reset (e.g. we've gotten to the point
>>>> where all devices using this reset gpio have gotten far enough to detect that
>>>> they use it)?
>>>
>>> The driver (reset consumer) knows when it is safe or not. You must
>>> implement proper reset handling in your driver.
>>
>> The driver has no idea whether it is safe or not. It just calls
>> reset_assert/deassert at the appropriate time, and the reset
>> framework/controller is supposed to coordinate things so e.g. the device
>> doesn't get reset multiple times as multiple drivers all probe.
>
>
> Sorry, then I don't get what you refer to. The driver calls deassert
> when it is safe for it to do it, so the driver *knows*. Now, you claim
> that driver does not know that... core also does not know, so no one knows.

Yes! That is the problem with this design. Someone has to coordinate the
reset, and it can't be the driver. But the core also doesn't have enough
information. So no one can do it.

For example, say we want to share a reset GPIO between two devices. Each
device has the following constraints:

device post-assert delay post-deassert delay
====== ================= ===================
A 500us 1ms
B 1ms 300us

If we leave things up to the drivers, then whoever probes first will get
to decide the reset sequence.

So if we choose the post-assert delay to be 1ms and the post-deassert
delay to be 1ms then everyone is happy. How can we make sure the reset
controller enforces this? Well, we can do the above thing and specify
something like

A {
reset-gpios = <&gpio 555 GPIO_ACTIVE_LOW>;
reset-gpios-post-assert-us = <1000>;
reset-gpios-post-deassert-us = <1000>;
};

B {
reset-gpios = <&gpio 555 GPIO_ACTIVE_LOW>;
};

But what if B gets probed first? Then we will have to also specify the
delays on B as well. I'm not a big fan of this because

- We have to specify (identical) delays in every consumer (instead of
having a central place to put the delays)
- Having the delays depend on the probe order (if one of the consumers'
delays don't match) will result in bugs for board maintainers. Maybe
we should just warn in that case and that is enough?
- Actually, the same problem exists for reset-gpios (e.g. if one driver
specifies ACTIVE_HIGH and another specifies ACTIVE_LOW).

Maybe the delays should go instead on the gpio controller? So something
like (taking inspiration from gpio-hog):

gpio {
gpio-controller;
#gpio-cells = <2>;

my-reset {
gpio-reset;
gpio = <555 GPIO_ACTIVE_LOW>;
post-assert-us = <1000>;
post-deassert-us = <1000>;
};
};

> Hm, wait, now maybe I understand your concern. Did you read the
> patchset? This is for the coordinated, shared, non-exclusive reset by
> design. And as stated during previous discussions: that's the driver's
> job to be sure it is called like that.

Well, one of the major advantages of moving GPIO resets to a reset
controller is that the reset framework can coordinate things if we want.
This is a rather natural extension of this patchset IMO. Even if you are
not adding this functionality now, it is good not to make it difficult
for future work.

--Sean