Re: [PATCH 0/6] ACPI/PCC: Preserve platform-populated PCC signatures

From: Sudeep Holla

Date: Thu Jul 02 2026 - 07:00:03 EST


On Wed, Jul 01, 2026 at 03:38:21PM +0800, lihuisong (C) wrote:
>
> On 6/30/2026 6:49 PM, Sudeep Holla wrote:
> > On Tue, Jun 30, 2026 at 05:25:20PM +0800, lihuisong (C) wrote:
> > > Hi Sudeep,
> > >
> > > On 6/28/2026 12:37 AM, Sudeep Holla wrote:
> > > > ACPI PCC shared memory layouts reserve the first dword for the PCC
> > > > signature. ACPI specification defines the signature as 0x50434300 ORed
> > > > with the PCC subspace ID, and ACPI 6.6 clarify that the signature is
> > > > populated by the platform and verified by OSPM.
> > > >
> > > > This series centralizes PCC shared memory signature validation in the PCC
> > > > mailbox controller and stops PCC users from rewriting the signature before
> > > > each command. Clients that previously copied complete local PCC headers
> > > > now update only the mutable command/status/flags/length/payload fields.
> > > I am concerned that this may affect the functionality of drivers on some
> > > existed platforms.
> > One other option I was thinking is to not issue error but just log the error
> > message and let the client driver add that additional check if required.
> The patch 1/6 is not good to our platform.
> Yeah, suggest to use gentle approach to do this if we have to clarify this
> signature.

Fair enough, we can just log the warning for now.

> After all, all client drivers work well before.

Sure, but not doing anything will just make the bug carry on for ever in
the firmware. SO logging warning is minimum we should do IMO.

> > > This largely depends on the implementation of the platform firmware.
> > >
> > Sure. However I always expected it to be taken care by the platform, v6.6
> > just adds that clarification explicitly. It was never clear that the sender
> > or the OSPM needs to write that signature, so I disagree that it is platform
> > firmware dependent entirely. The clarification wouldn't have got added if
> > there was any disagreement on that fact.
> The reasons I say this largely depends on the firmware are as follows:
> 1> The previous ACPI spec did not clearly require that the platform firmware
> needs to fill in this signature first.
>      The client driver working on these platform doesn't work anymore if use
> the way in patch 1/6.

Fair enough.

> 2> We are not sure if some firmware verify this signature or clear this
> signature field in shared memory.

Anyways, better to check that for current and future platforms if not the
legacy ones.

> >
> > > I think it's good for the signature to be filled in by the command initiator
> > > and then verified by the recipient, as this is how this field can serve its
> > > purpose.
> > > Otherwise, I really don't see what use it has.
> > Please get the spec updated accordingly, we can just change in the kernel
> > based on what we think is the best way to use it. It needs to be clearly
> > specified, otherwise it may cause issue for non-Linux OSVs.
> Agree.
>
> Yeah, I found spec v6.5 just said how to compute it and didn't specify how
> to use it for platform and OSPM.
> I saw the update of v6.6 for the signature field in "Generic Communications
> Channel Shared Memory Region" and "Extended PCC Subspace Shared Memory
> Region".
> like: "The signature is populated by the platform and is verified by OSPM."
> But please note v6.6 didn't say above words in "Reduced PCC Subspace Shared
> Memory Region".
>

Ah, that's just inconsistency I believe. I will raise a defect.

> I don't know why v6.6 specify like that.
> After all. all PCC application parties (client drivers) in Linux have
> already filled this field.
>

I don't think what Linux drivers should be the reference as there are other
OSVs.

> According to my understanding of normal signature in communication,
> it is generally filled by the initiator (sender) and verified by the
> responder (receiver).
> In this way, the data is valid, and the signature is meaningful.
>
> If it is only initialized by firmware, and OSPM verifies it, its lifecycle
> ends there.
> I don't think this signature has much significance.
>
> The signature field is just in shared memory and may be cleared due to some
> other exception.
> Some similar case also need to be considered.
> How to make it work better and more resilient may also be something we need
> to consider.

Not sure if I follow that. The way I expect is platform won't populate the
signature if everything is not initialised and running at it's end which
implies it is not ready to accept the request.

--
Regards,
Sudeep