On Fri, Jul 23, 2021 at 3:52 PM Clément Léger <clement.leger@xxxxxxxxxxx> wrote:
>
> System controllers can be placed under secure monitor control when running
> under them. In order to keep existing code which accesses such system
> controllers using a syscon, add support for "syscon-smc" compatible.
>
> When enable, the syscon will handle this new compatible and look for an
> "arm,smc-id" property to execute the appropriate SMC. A SMC regmap is then
> created to forward register access to the secure monitor.
>
> Signed-off-by: Clément Léger <clement.leger@xxxxxxxxxxx>
I don't see anything wrong with the implementation, but this worries
me conceptually, because of the ways this might get abused:
- this creates one more way to keep device drivers hidden away
behind firmware when they should be in the kernel. You can already
do that with separate SMC calls, but adding an indirection makes it
sneakier. If the 'registers' in here are purely
- This may be seen as an easy way out for firmware writers that just
expose a bare register-level interface when the correct solution would
be to create a high-level interface.
There is also a problem with locking: In the case that both firmware and
kernel have to access registers within a syscon area, you may need to
have a semaphore to protect an atomic sequence of accesses, but since
the interface only provides a single register load/store, there is no way for
a kernel driver to serialize against a firmware-internal driver.
Arnd
