Re: [PATCH 2/4] reset: add GPIO-based reset controller

[Krzysztof Kozlowski]

On 04/01/2024 17:30, Sean Anderson wrote:
> On 1/4/24 11:08, Krzysztof Kozlowski wrote:
>> On 04/01/2024 17:04, Sean Anderson wrote:
>>> On 1/4/24 03:57, Krzysztof Kozlowski wrote:
>>>> On 28/12/2023 17:05, Sean Anderson wrote:
>>>>> On 12/22/23 10:01, Krzysztof Kozlowski wrote:
>>>>>> Add simple driver to control GPIO-based resets using the reset
>>>>>> controller API for the cases when the GPIOs are shared and reset should
>>>>>> be coordinated.  The driver is expected to be used by reset core
>>>>>> framework for ad-hoc reset controllers.
>>>>>
>>>>> How do we handle power sequencing? Often GPIOs need some pre/post delay in
>>>>> order to ensure proper power sequencing. For regular reset drivers, this is
>>>>> internal to the driver.
>>>>
>>>> It's not part of this patchset. Power sequencing is an old topic and
>>>> generic solutions were failing, rejected, did not solve the problems,
>>>> etc (choose your reason).
>>>>
>>>> Delays are device specific, so they go to drivers (depending on the
>>>> compatible). Complex power sequencing is way too much for simplified
>>>> reset-framework handling, so anyway it is expected you do it in your driver.
>>>
>>> Well, the reason to bring it up is twofold:
>>>
>>> - Traditionally, drivers expect the reset controller to handle all
>>>   necessary delays. For example, reset-k210 includes a 10us delay
>>>   between asserting and deasserting the reset. There's a similar thing
>>>   in reset-imx7, and several other reset drivers.
>>> - We would need to add custom assert/deassert delays to every driver
>>>   using this interface. These are not always added, since any given
>>>   device may require delays which can be inferred from its compatible.
>>>   However, an integrated system may require delays to be different from
>>>   what any individual device requires.
>>>
>>>>>
>>>>> Maybe something like
>>>>>
>>>>> my-device {
>>>>> 	reset-gpios = <&gpio 555 GPIO_ACTIVE_LOW>;
>>>>>         reset-gpios-post-deassert-us = <100>;
>>>>
>>>> Feel free to add it later. This patchset, and actually all patches
>>>> should, solves one problem while allowing you to extend it later.
>>>
>>> Yes, but we should try to avoid creating problems for ourselves in the
>>> future.
>>>
>>>> If there is a architectural problem in my approach not allowing you to
>>>> extend it later, then we should discuss it.
>>>
>>> Well, I brought up just such an architectural issue below...
>>
>> Sorry, but where the issue? You did not present any arguments stating
>> that it is not possible to add your feature.
>>
>> What is the problem to parse that property?
>>
>>>
>>>>> };
>>>>>
>>>>> Of course, this is a bit ambiguous if you have multiple devices using the same
>>>>> GPIO with different delays.
>>>
>>> This is the most concerning one to me.
>>>
>>>>> Maybe we take the max? But the driver below seems
>>>>> to only have access to one device. Which I suppose begs the question: how do
>>>>> we know when it's safe to deassert the reset (e.g. we've gotten to the point
>>>>> where all devices using this reset gpio have gotten far enough to detect that
>>>>> they use it)?
>>>>
>>>> The driver (reset consumer) knows when it is safe or not. You must
>>>> implement proper reset handling in your driver.
>>>
>>> The driver has no idea whether it is safe or not. It just calls
>>> reset_assert/deassert at the appropriate time, and the reset
>>> framework/controller is supposed to coordinate things so e.g. the device
>>> doesn't get reset multiple times as multiple drivers all probe.
>>
>>
>> Sorry, then I don't get what you refer to. The driver calls deassert
>> when it is safe for it to do it, so the driver *knows*. Now, you claim
>> that driver does not know that... core also does not know, so no one knows.
> 
> Yes! That is the problem with this design. Someone has to coordinate the
> reset, and it can't be the driver. But the core also doesn't have enough
> information. So no one can do it.

The point is that the driver coordinates.

> 
> For example, say we want to share a reset GPIO between two devices. Each
> device has the following constraints:
> 
> device post-assert delay post-deassert delay
> ====== ================= ===================
> A                  500us                 1ms
> B                    1ms               300us

And now imagine that these values are incompatible between them, so
using 1ms on device A is wrong - too long.

This is just not doable. You invented some imaginary case to prove that
hardware is broken.

Now, if we are back to realistic cases - use just the longest reset time.



> 
> If we leave things up to the drivers, then whoever probes first will get
> to decide the reset sequence.

In current design yes, but it's not a problem to change it. Where is the
limitation? Just read other values and update the reset time.

> 
> So if we choose the post-assert delay to be 1ms and the post-deassert
> delay to be 1ms then everyone is happy. How can we make sure the reset

No, not everyone is happy, if these values are incompatible. OTOH, if
they are compatible, just put same values to your DTS, because that's
the requirement of the reset line.

> controller enforces this? Well, we can do the above thing and specify
> something like
> 
> A {
>     reset-gpios = <&gpio 555 GPIO_ACTIVE_LOW>;
>     reset-gpios-post-assert-us = <1000>;
>     reset-gpios-post-deassert-us = <1000>;
> };
> 
> B {
>     reset-gpios = <&gpio 555 GPIO_ACTIVE_LOW>;
> };
> 
> But what if B gets probed first? Then we will have to also specify the
> delays on B as well. I'm not a big fan of this because

It's a shared reset line, thus the shared or global delays can be
described in every place. That's for DT correctness. Now from the driver
point of view, there is no problem to update the reset values after
probing A.

> 
> - We have to specify (identical) delays in every consumer (instead of
>   having a central place to put the delays)
> - Having the delays depend on the probe order (if one of the consumers'
>   delays don't match) will result in bugs for board maintainers. Maybe
>   we should just warn in that case and that is enough?

No, it does not depend. Just update the values.

> - Actually, the same problem exists for reset-gpios (e.g. if one driver
>   specifies ACTIVE_HIGH and another specifies ACTIVE_LOW).

No, actually this is handled. This is not a shared reset line and it
will not be handled. Second device probe should fail.

> 
> Maybe the delays should go instead on the gpio controller? So something
> like (taking inspiration from gpio-hog):

We talked about this for other patchsets and answer was no, that's not
the property of GPIO.

> 
> gpio {
> 	gpio-controller;
> 	#gpio-cells = <2>;
> 
> 	my-reset {
> 		gpio-reset;
> 		gpio = <555 GPIO_ACTIVE_LOW>;
> 		post-assert-us = <1000>;
> 		post-deassert-us = <1000>;
> 	};
> };
> 
>> Hm, wait, now maybe I understand your concern. Did you read the
>> patchset? This is for the coordinated, shared, non-exclusive reset by
>> design.  And as stated during previous discussions: that's the driver's
>> job to be sure it is called like that.
> 
> Well, one of the major advantages of moving GPIO resets to a reset
> controller is that the reset framework can coordinate things if we want.
> This is a rather natural extension of this patchset IMO. Even if you are
> not adding this functionality now, it is good not to make it difficult
> for future work.

And nothing is made here difficult. You want same delays on each
consumer? No problem in adding them, just few lines. You want
contradictory or inconsistent delays? A bit more code, but still nothing
here is blocked. You want totally random stuff because hardware is
broken? You might need to write dedicated reset controller for your case
because generic binding stops being generic for such cases.

Best regards,
Krzysztof