| Message ID | 20221129231149.697154-1-hdegoede@redhat.com |
|---|---|
| Headers | show |
| Series | ov5693/int3472: Privacy LED handling changes + IPU6 compatibility | expand |
On Wed, Nov 30, 2022 at 1:12 AM Hans de Goede <hdegoede@redhat.com> wrote: > > On some systems, e.g. the Lenovo ThinkPad X1 Yoga gen 7 and the ThinkPad > X1 Nano gen 2 there is no clock-enable pin, triggering the: > "No clk GPIO. The privacy LED won't work" warning and causing the privacy > LED to not work. > > Fix this by treating the privacy LED as a regular GPIO rather then > integrating it with the registered clock. > > Note this relies on the ov5693 driver change to support an (optional) > privacy-led GPIO to avoid the front cam privacy LED regressing on some > models. ... > - case INT3472_GPIO_TYPE_PRIVACY_LED: > - gpio = acpi_get_and_request_gpiod(path, pin, "int3472,privacy-led"); > - if (IS_ERR(gpio)) > - return (PTR_ERR(gpio)); > > - int3472->clock.led_gpio = gpio; > - break; I'm not sure how the previous patch makes this one work without regressions. We have a "privacy-led" GPIO name there and here it used to be with a prefix. Maybe I'm missing something...
On Wed, Nov 30, 2022 at 1:12 AM Hans de Goede <hdegoede@redhat.com> wrote: > > Hi All, > > The out of tree IPU6 driver has moved to using the in kernel INT3472 > code for doing power-ctrl rather then doing their own thing (good!). than > Some of the IPU6 devices with a discrete INT3472 ACPI device have a > privacy-led GPIO. but no clk-enable GPIO. To make this work this series > moves the privacy LED control from being integrated with the clk-provider > to modelling the privacy LED as a separate GPIO. This also brings the > discrete INT3472 ACPI device privacy LED handling inline with the privacy > LED handling for INT3472 TPS68470 PMIC devices which I posted here: > > https://lore.kernel.org/platform-driver-x86/20221128214408.165726-1-hdegoede@redhat.com/ > > This obsoletes my previous "[PATCH 0/3] platform/x86: int3472/discrete: > Make it work with IPU6" series: > > https://lore.kernel.org/platform-driver-x86/20221124200007.390901-1-hdegoede@redhat.com/ > > Mauro since laptops with IPU6 cameras are becoming more and more > popular I would like to get this merged for 6.2 so that with 6.2 > users will be able to build the out of tree IPU6 driver without > requiring patching their main kernel. I realize we are a bit > late in the cycle, but can you please still take the ov5693 patch > for 6.2 ? It is quite small / straight-forward and since it used > gpiod_get_optional() it is a no-op without the rest of this series. > > This series has been tested on: > > - Lenovo ThinkPad X1 Yoga gen 7, IPU6, front: ov2740 with privacy LED > - Dell Latitude 9420, IPU 6 with privacy LED on front > - Mirosoft Surface Go, IPU3, front: ov5693 with privacy LED, Microsoft? > back: ov8865 with privacy LED I like this series! Minimum invasion and code.
Hi, On 11/30/22 10:54, Andy Shevchenko wrote: > On Wed, Nov 30, 2022 at 1:12 AM Hans de Goede <hdegoede@redhat.com> wrote: >> >> On some systems, e.g. the Lenovo ThinkPad X1 Yoga gen 7 and the ThinkPad >> X1 Nano gen 2 there is no clock-enable pin, triggering the: >> "No clk GPIO. The privacy LED won't work" warning and causing the privacy >> LED to not work. >> >> Fix this by treating the privacy LED as a regular GPIO rather then >> integrating it with the registered clock. >> >> Note this relies on the ov5693 driver change to support an (optional) >> privacy-led GPIO to avoid the front cam privacy LED regressing on some >> models. > > ... > >> - case INT3472_GPIO_TYPE_PRIVACY_LED: >> - gpio = acpi_get_and_request_gpiod(path, pin, "int3472,privacy-led"); >> - if (IS_ERR(gpio)) >> - return (PTR_ERR(gpio)); >> >> - int3472->clock.led_gpio = gpio; >> - break; > > I'm not sure how the previous patch makes this one work without > regressions. We have a "privacy-led" GPIO name there and here it used > to be with a prefix. Maybe I'm missing something... The GPIO used to be controlled as part of the clk-provider, and the "int3472,privacy-led" name was the name of the consumer of the GPIO shown in /sys/kernel/debug/gpio. The "int3472,privacy-led" name has no lookup meaning since the pin is directly looked up by GPIO chip ACPI path + pin offset here. Since not all devices with a privacy LED also have a clk-enable GPIO and thus a clk provider this did not work anywhere. So this patch removes the code which controls the privacy LED through the clk-provider (which used the "int3472,privacy-led" and instead now adds an entry to the GPIO lookup table attached to the sensor. That new GPIO lookup table entry uses the name "privacy-led" since the LED no now longer is controlled by the INT3472 code (*). The matching sensor driver patch (patch 1/6) to make the sensor driver directly control the privacy-led also uses "privacy-led" when calling gpiod_get() for it. I hope this helps explain. Regards, Hans *) all the INT3472 code now does is add the lookup table entry gpio lookup table
Hi, On 11/30/22 11:03, Andy Shevchenko wrote: > On Wed, Nov 30, 2022 at 1:12 AM Hans de Goede <hdegoede@redhat.com> wrote: >> >> Hi All, >> >> The out of tree IPU6 driver has moved to using the in kernel INT3472 >> code for doing power-ctrl rather then doing their own thing (good!). > > than > >> Some of the IPU6 devices with a discrete INT3472 ACPI device have a >> privacy-led GPIO. but no clk-enable GPIO. To make this work this series >> moves the privacy LED control from being integrated with the clk-provider >> to modelling the privacy LED as a separate GPIO. This also brings the >> discrete INT3472 ACPI device privacy LED handling inline with the privacy >> LED handling for INT3472 TPS68470 PMIC devices which I posted here: >> >> https://lore.kernel.org/platform-driver-x86/20221128214408.165726-1-hdegoede@redhat.com/ >> >> This obsoletes my previous "[PATCH 0/3] platform/x86: int3472/discrete: >> Make it work with IPU6" series: >> >> https://lore.kernel.org/platform-driver-x86/20221124200007.390901-1-hdegoede@redhat.com/ >> >> Mauro since laptops with IPU6 cameras are becoming more and more >> popular I would like to get this merged for 6.2 so that with 6.2 >> users will be able to build the out of tree IPU6 driver without >> requiring patching their main kernel. I realize we are a bit >> late in the cycle, but can you please still take the ov5693 patch >> for 6.2 ? It is quite small / straight-forward and since it used >> gpiod_get_optional() it is a no-op without the rest of this series. >> >> This series has been tested on: >> >> - Lenovo ThinkPad X1 Yoga gen 7, IPU6, front: ov2740 with privacy LED >> - Dell Latitude 9420, IPU 6 with privacy LED on front >> - Mirosoft Surface Go, IPU3, front: ov5693 with privacy LED, > > Microsoft? Ack. >> back: ov8865 with privacy LED > > I like this series! Minimum invasion and code. I'm glad you like it and thank you for the review. Regards, Hans
On Wed, Nov 30, 2022 at 11:34:57AM +0100, Hans de Goede wrote: > On 11/30/22 10:54, Andy Shevchenko wrote: > > On Wed, Nov 30, 2022 at 1:12 AM Hans de Goede <hdegoede@redhat.com> wrote: > >> > >> On some systems, e.g. the Lenovo ThinkPad X1 Yoga gen 7 and the ThinkPad > >> X1 Nano gen 2 there is no clock-enable pin, triggering the: > >> "No clk GPIO. The privacy LED won't work" warning and causing the privacy > >> LED to not work. > >> > >> Fix this by treating the privacy LED as a regular GPIO rather then > >> integrating it with the registered clock. > >> > >> Note this relies on the ov5693 driver change to support an (optional) > >> privacy-led GPIO to avoid the front cam privacy LED regressing on some > >> models. > > > > ... > > > >> - case INT3472_GPIO_TYPE_PRIVACY_LED: > >> - gpio = acpi_get_and_request_gpiod(path, pin, "int3472,privacy-led"); > >> - if (IS_ERR(gpio)) > >> - return (PTR_ERR(gpio)); > >> > >> - int3472->clock.led_gpio = gpio; > >> - break; > > > > I'm not sure how the previous patch makes this one work without > > regressions. We have a "privacy-led" GPIO name there and here it used > > to be with a prefix. Maybe I'm missing something... > > The GPIO used to be controlled as part of the clk-provider, > and the "int3472,privacy-led" name was the name of the consumer > of the GPIO shown in /sys/kernel/debug/gpio. The "int3472,privacy-led" > name has no lookup meaning since the pin is directly looked up by > GPIO chip ACPI path + pin offset here. > > Since not all devices with a privacy LED also have a clk-enable GPIO > and thus a clk provider this did not work anywhere. > > So this patch removes the code which controls the privacy LED > through the clk-provider (which used the "int3472,privacy-led" > and instead now adds an entry to the GPIO lookup table attached > to the sensor. That new GPIO lookup table entry uses the name > "privacy-led" since the LED no now longer is controlled by > the INT3472 code (*). The matching sensor driver patch > (patch 1/6) to make the sensor driver directly control the > privacy-led also uses "privacy-led" when calling gpiod_get() > for it. > > I hope this helps explain. Definitely, thanks! > *) all the INT3472 code now does is add the lookup table entry > gpio lookup table
On Wed, Nov 30, 2022 at 12:11:43AM +0100, Hans de Goede wrote: > Hi All, > > The out of tree IPU6 driver has moved to using the in kernel INT3472 > code for doing power-ctrl rather then doing their own thing (good!). > > Some of the IPU6 devices with a discrete INT3472 ACPI device have a > privacy-led GPIO. but no clk-enable GPIO. To make this work this series > moves the privacy LED control from being integrated with the clk-provider > to modelling the privacy LED as a separate GPIO. This also brings the > discrete INT3472 ACPI device privacy LED handling inline with the privacy > LED handling for INT3472 TPS68470 PMIC devices which I posted here: > > https://lore.kernel.org/platform-driver-x86/20221128214408.165726-1-hdegoede@redhat.com/ > > This obsoletes my previous "[PATCH 0/3] platform/x86: int3472/discrete: > Make it work with IPU6" series: > > https://lore.kernel.org/platform-driver-x86/20221124200007.390901-1-hdegoede@redhat.com/ > > Mauro since laptops with IPU6 cameras are becoming more and more > popular I would like to get this merged for 6.2 so that with 6.2 > users will be able to build the out of tree IPU6 driver without > requiring patching their main kernel. I realize we are a bit > late in the cycle, but can you please still take the ov5693 patch > for 6.2 ? It is quite small / straight-forward and since it used > gpiod_get_optional() it is a no-op without the rest of this series. > > This series has been tested on: > > - Lenovo ThinkPad X1 Yoga gen 7, IPU6, front: ov2740 with privacy LED > - Dell Latitude 9420, IPU 6 with privacy LED on front > - Mirosoft Surface Go, IPU3, front: ov5693 with privacy LED, > back: ov8865 with privacy LED FWIW, Reviewed-by: Andy Shevchenko <andy@kernel.org> assuming nit-picks will be addressed as agreed.
Hi Hans, On Wed, Nov 30, 2022 at 12:11:44AM +0100, Hans de Goede wrote: > Add support for a privacy-led GPIO. > > Making the privacy LED to controlable from userspace, as using the LED > class subsystem would do, would make it too easy for spy-ware to disable > the LED. > > To avoid this have the sensor driver directly control the LED. > > Signed-off-by: Hans de Goede <hdegoede@redhat.com> > --- > Note an additional advantage of directly controlling the GPIO is that > GPIOs are tied directly to consumer devices. Where as with a LED class > device, there would need to be some mechanism to tie the right LED > (e.g front or back) to the right sensor. Thanks for the patch. This approach has the drawback that support needs to be added for each sensor separately. Any idea how many sensor drivers might need this? Most implementations have privacy LED hard-wired to the sensor's power rails so it'll be lit whenever the sensor is powered on. If there would be more than just a couple of these I'd instead create a LED class device and hook it up to the sensor in V4L2.
Hi Sakari, On 11/30/22 14:41, Sakari Ailus wrote: > Hi Hans, > > On Wed, Nov 30, 2022 at 12:11:44AM +0100, Hans de Goede wrote: >> Add support for a privacy-led GPIO. >> >> Making the privacy LED to controlable from userspace, as using the LED >> class subsystem would do, would make it too easy for spy-ware to disable >> the LED. >> >> To avoid this have the sensor driver directly control the LED. >> >> Signed-off-by: Hans de Goede <hdegoede@redhat.com> >> --- >> Note an additional advantage of directly controlling the GPIO is that >> GPIOs are tied directly to consumer devices. Where as with a LED class >> device, there would need to be some mechanism to tie the right LED >> (e.g front or back) to the right sensor. > > Thanks for the patch. > > This approach has the drawback that support needs to be added for each > sensor separately. Any idea how many sensor drivers might need this? Quite a few probably. But as discussed here I plan to write a generic sensor_power helper library since many sensor drivers have a lot of boilerplate code to get clks + regulators + enable/reset gpios. The plan is to add support for a "privacy-led" to this library so that all sensors which use this get support for free. Laurent pointed out that some sensors may have more complex power-up sequence demands, which is true. But looking at existing drivers then many follow a std simple pattern which can be supported in a helper-library. > Most implementations have privacy LED hard-wired to the sensor's power > rails so it'll be lit whenever the sensor is powered on. > > If there would be more than just a couple of these I'd instead create a LED > class device and hook it up to the sensor in V4L2. A LED cladd device will allow userspace to override the privacy-led value which is considered bad from a privacy point of view. This was actually already discussed here: https://lore.kernel.org/platform-driver-x86/e5d8913c-13ba-3b11-94bc-5d1ee1d736b0@ideasonboard.com/ See the part of the thread on the cover-letter with Dan, Laurent and me participating. And a LED class device also will be a challenge to bind to the right sensor on devices with more then one sensor, where as mentioned above using GPIO-mappings give us the binding to the right sensor for free. Regards, Hans
Hi Hans, On Wed, Nov 30, 2022 at 02:56:46PM +0100, Hans de Goede wrote: > Hi Sakari, > > On 11/30/22 14:41, Sakari Ailus wrote: > > Hi Hans, > > > > On Wed, Nov 30, 2022 at 12:11:44AM +0100, Hans de Goede wrote: > >> Add support for a privacy-led GPIO. > >> > >> Making the privacy LED to controlable from userspace, as using the LED > >> class subsystem would do, would make it too easy for spy-ware to disable > >> the LED. > >> > >> To avoid this have the sensor driver directly control the LED. > >> > >> Signed-off-by: Hans de Goede <hdegoede@redhat.com> > >> --- > >> Note an additional advantage of directly controlling the GPIO is that > >> GPIOs are tied directly to consumer devices. Where as with a LED class > >> device, there would need to be some mechanism to tie the right LED > >> (e.g front or back) to the right sensor. > > > > Thanks for the patch. > > > > This approach has the drawback that support needs to be added for each > > sensor separately. Any idea how many sensor drivers might need this? > > Quite a few probably. But as discussed here I plan to write a generic > sensor_power helper library since many sensor drivers have a lot of > boilerplate code to get clks + regulators + enable/reset gpios. The plan > is to add support for a "privacy-led" to this library so that all sensors > which use this get support for free. I'm not sure how well this could be generalised. While most sensors do something similar there are subtle differences. If those can be taken into account I guess it should be doable. But would it simplify things or reduce the number of lines of code as a whole? The privacy LED is separate from sensor, including its power on/off sequences which suggests it could be at least as well be handled separately. > > Laurent pointed out that some sensors may have more complex power-up > sequence demands, which is true. But looking at existing drivers > then many follow a std simple pattern which can be supported in > a helper-library. > > > Most implementations have privacy LED hard-wired to the sensor's power > > rails so it'll be lit whenever the sensor is powered on. > > > > If there would be more than just a couple of these I'd instead create a LED > > class device and hook it up to the sensor in V4L2. > > > A LED cladd device will allow userspace to override the privacy-led > value which is considered bad from a privacy point of view. This > was actually already discussed here: > > https://lore.kernel.org/platform-driver-x86/e5d8913c-13ba-3b11-94bc-5d1ee1d736b0@ideasonboard.com/ > > See the part of the thread on the cover-letter with Dan, Laurent > and me participating. > > And a LED class device also will be a challenge to bind to the right > sensor on devices with more then one sensor, where as mentioned > above using GPIO-mappings give us the binding to the right sensor > for free. Whether the privacy LED is controlled via the LED framework or GPIO doesn't really matter from this PoV, it could be controlled via the V4L2 framework in both cases. It might not be very pretty but I think I'd prefer that than putting this in either drivers or some sensor power sequence helper library.
On Wed, Nov 30, 2022 at 02:52:50PM +0000, Sakari Ailus wrote: > On Wed, Nov 30, 2022 at 02:56:46PM +0100, Hans de Goede wrote: > > On 11/30/22 14:41, Sakari Ailus wrote: > > > On Wed, Nov 30, 2022 at 12:11:44AM +0100, Hans de Goede wrote: > > >> Add support for a privacy-led GPIO. > > >> > > >> Making the privacy LED to controlable from userspace, as using the LED > > >> class subsystem would do, would make it too easy for spy-ware to disable > > >> the LED. > > >> > > >> To avoid this have the sensor driver directly control the LED. > > >> > > >> Signed-off-by: Hans de Goede <hdegoede@redhat.com> > > >> --- > > >> Note an additional advantage of directly controlling the GPIO is that > > >> GPIOs are tied directly to consumer devices. Where as with a LED class > > >> device, there would need to be some mechanism to tie the right LED > > >> (e.g front or back) to the right sensor. > > > > > > Thanks for the patch. > > > > > > This approach has the drawback that support needs to be added for each > > > sensor separately. Any idea how many sensor drivers might need this? > > > > Quite a few probably. But as discussed here I plan to write a generic > > sensor_power helper library since many sensor drivers have a lot of > > boilerplate code to get clks + regulators + enable/reset gpios. The plan > > is to add support for a "privacy-led" to this library so that all sensors > > which use this get support for free. > > I'm not sure how well this could be generalised. While most sensors do > something similar there are subtle differences. If those can be taken into > account I guess it should be doable. But would it simplify things or reduce > the number of lines of code as a whole? While I think we need a camera sensor helper, I also doubt managing the power sequence in the helper would help much. The privacy LED, however, could be handled there. > The privacy LED is separate from sensor, including its power on/off > sequences which suggests it could be at least as well be handled > separately. And if the privacy LED is controllable through a GPIO, I think it should be turned on at stream on time, not at power on time. That would allow things like reading the OTP data from the sensor without flashing the privacy LED. > > Laurent pointed out that some sensors may have more complex power-up > > sequence demands, which is true. But looking at existing drivers > > then many follow a std simple pattern which can be supported in > > a helper-library. > > > > > Most implementations have privacy LED hard-wired to the sensor's power > > > rails so it'll be lit whenever the sensor is powered on. > > > > > > If there would be more than just a couple of these I'd instead create a LED > > > class device and hook it up to the sensor in V4L2. > > > > A LED cladd device will allow userspace to override the privacy-led > > value which is considered bad from a privacy point of view. This > > was actually already discussed here: > > > > https://lore.kernel.org/platform-driver-x86/e5d8913c-13ba-3b11-94bc-5d1ee1d736b0@ideasonboard.com/ > > > > See the part of the thread on the cover-letter with Dan, Laurent > > and me participating. > > > > And a LED class device also will be a challenge to bind to the right > > sensor on devices with more then one sensor, where as mentioned > > above using GPIO-mappings give us the binding to the right sensor > > for free. > > Whether the privacy LED is controlled via the LED framework or GPIO doesn't > really matter from this PoV, it could be controlled via the V4L2 framework > in both cases. It might not be very pretty but I think I'd prefer that than > putting this in either drivers or some sensor power sequence helper > library.
On Wed, Nov 30, 2022 at 05:20:11PM +0200, Laurent Pinchart wrote: > On Wed, Nov 30, 2022 at 02:52:50PM +0000, Sakari Ailus wrote: > > On Wed, Nov 30, 2022 at 02:56:46PM +0100, Hans de Goede wrote: ... > > The privacy LED is separate from sensor, including its power on/off > > sequences which suggests it could be at least as well be handled > > separately. > > And if the privacy LED is controllable through a GPIO, I think it should > be turned on at stream on time, not at power on time. That would allow > things like reading the OTP data from the sensor without flashing the > privacy LED. The malicious software may power up camera and drive it via user space / separate code flow in the kernel, no? I would stick with power on as it's the most secure side. Even if we 100% know we are _not_ streaming this LED should indicate that it may be turned on at any time, no?
On Wed, Nov 30, 2022 at 06:07:51PM +0200, Andy Shevchenko wrote: > On Wed, Nov 30, 2022 at 05:20:11PM +0200, Laurent Pinchart wrote: > > On Wed, Nov 30, 2022 at 02:52:50PM +0000, Sakari Ailus wrote: > > > On Wed, Nov 30, 2022 at 02:56:46PM +0100, Hans de Goede wrote: > > ... > > > > The privacy LED is separate from sensor, including its power on/off > > > sequences which suggests it could be at least as well be handled > > > separately. > > > > And if the privacy LED is controllable through a GPIO, I think it should > > be turned on at stream on time, not at power on time. That would allow > > things like reading the OTP data from the sensor without flashing the > > privacy LED. > > The malicious software may power up camera and drive it via user space / > separate code flow in the kernel, no? With correctly written drivers, there should be no way to power up the camera from userspace through the V4L2 API without starting streaming. Also, programming the camera sensor won't be enough to capture images, you need to deal with all the other camera-related IP cores which are controlled through V4L2, and doing so will start streaming in the camera sensor driver through the normal API anyway. > I would stick with power on as it's the most secure side. Even if we 100% know > we are _not_ streaming this LED should indicate that it may be turned on at any > time, no? Ideally, the privacy LED should be controlled automatically by the hardware without software intervention, and should be wired to a camera streaming signal. In many cases it's wired to the power rails instead, which is extremely annoying. I'd rather avoid this annoyance when the LED is GPIO-controlled.
Hi, On 11/30/22 16:20, Laurent Pinchart wrote: > On Wed, Nov 30, 2022 at 02:52:50PM +0000, Sakari Ailus wrote: >> On Wed, Nov 30, 2022 at 02:56:46PM +0100, Hans de Goede wrote: >>> On 11/30/22 14:41, Sakari Ailus wrote: >>>> On Wed, Nov 30, 2022 at 12:11:44AM +0100, Hans de Goede wrote: >>>>> Add support for a privacy-led GPIO. >>>>> >>>>> Making the privacy LED to controlable from userspace, as using the LED >>>>> class subsystem would do, would make it too easy for spy-ware to disable >>>>> the LED. >>>>> >>>>> To avoid this have the sensor driver directly control the LED. >>>>> >>>>> Signed-off-by: Hans de Goede <hdegoede@redhat.com> >>>>> --- >>>>> Note an additional advantage of directly controlling the GPIO is that >>>>> GPIOs are tied directly to consumer devices. Where as with a LED class >>>>> device, there would need to be some mechanism to tie the right LED >>>>> (e.g front or back) to the right sensor. >>>> >>>> Thanks for the patch. >>>> >>>> This approach has the drawback that support needs to be added for each >>>> sensor separately. Any idea how many sensor drivers might need this? >>> >>> Quite a few probably. But as discussed here I plan to write a generic >>> sensor_power helper library since many sensor drivers have a lot of >>> boilerplate code to get clks + regulators + enable/reset gpios. The plan >>> is to add support for a "privacy-led" to this library so that all sensors >>> which use this get support for free. >> >> I'm not sure how well this could be generalised. While most sensors do >> something similar there are subtle differences. If those can be taken into >> account I guess it should be doable. But would it simplify things or reduce >> the number of lines of code as a whole? > > While I think we need a camera sensor helper, I also doubt managing the > power sequence in the helper would help much. The privacy LED, however, > could be handled there.
Hi, On 11/30/22 15:52, Sakari Ailus wrote: > Hi Hans, > > On Wed, Nov 30, 2022 at 02:56:46PM +0100, Hans de Goede wrote: >> Hi Sakari, >> >> On 11/30/22 14:41, Sakari Ailus wrote: >>> Hi Hans, >>> >>> On Wed, Nov 30, 2022 at 12:11:44AM +0100, Hans de Goede wrote: >>>> Add support for a privacy-led GPIO. >>>> >>>> Making the privacy LED to controlable from userspace, as using the LED >>>> class subsystem would do, would make it too easy for spy-ware to disable >>>> the LED. >>>> >>>> To avoid this have the sensor driver directly control the LED. >>>> >>>> Signed-off-by: Hans de Goede <hdegoede@redhat.com> >>>> --- >>>> Note an additional advantage of directly controlling the GPIO is that >>>> GPIOs are tied directly to consumer devices. Where as with a LED class >>>> device, there would need to be some mechanism to tie the right LED >>>> (e.g front or back) to the right sensor. >>> >>> Thanks for the patch. >>> >>> This approach has the drawback that support needs to be added for each >>> sensor separately. Any idea how many sensor drivers might need this? >> >> Quite a few probably. But as discussed here I plan to write a generic >> sensor_power helper library since many sensor drivers have a lot of >> boilerplate code to get clks + regulators + enable/reset gpios. The plan >> is to add support for a "privacy-led" to this library so that all sensors >> which use this get support for free. > > I'm not sure how well this could be generalised. While most sensors do > something similar there are subtle differences. If those can be taken into > account I guess it should be doable. But would it simplify things or reduce > the number of lines of code as a whole? > > The privacy LED is separate from sensor, including its power on/off > sequences which suggests it could be at least as well be handled > separately. > >> >> Laurent pointed out that some sensors may have more complex power-up >> sequence demands, which is true. But looking at existing drivers >> then many follow a std simple pattern which can be supported in >> a helper-library. >> >>> Most implementations have privacy LED hard-wired to the sensor's power >>> rails so it'll be lit whenever the sensor is powered on. >>> >>> If there would be more than just a couple of these I'd instead create a LED >>> class device and hook it up to the sensor in V4L2. >> >> >> A LED cladd device will allow userspace to override the privacy-led >> value which is considered bad from a privacy point of view. This >> was actually already discussed here: >> >> https://lore.kernel.org/platform-driver-x86/e5d8913c-13ba-3b11-94bc-5d1ee1d736b0@ideasonboard.com/ >> >> See the part of the thread on the cover-letter with Dan, Laurent >> and me participating. >> >> And a LED class device also will be a challenge to bind to the right >> sensor on devices with more then one sensor, where as mentioned >> above using GPIO-mappings give us the binding to the right sensor >> for free. > > Whether the privacy LED is controlled via the LED framework or GPIO doesn't > really matter from this PoV, it could be controlled via the V4L2 framework > in both cases. It might not be very pretty but I think I'd prefer that than > putting this in either drivers or some sensor power sequence helper > library. In sensors described in ACPI, esp. the straight forward described sensors on atomisp2 devices, the GPIO resources inluding the LED one are listed as resources of the i2c_client for the sensor. And in a sense the same applies to later IPU3 / IPU6 devices where there is a separate INT3472 device describing all the GPIOS which is also tied to a specific sensor and we currently map all the GPIOs from the INT3472 device to the sensor. So it looks like that at least for x86/ACPI windows devices if the LED has its own GPIO the hardware description clearly counts that as part of the sensor's GPIOs. So the sensor driver has direct access to this, where as any v4l2 framework driver would needed to start poking inside the fwnode of the sensor which really isn't pretty. Where as if you look at this patch set adding the privacy-LED GPIO from the INT3472 (IPU3 / IPU6) to the sensor fwnode is a 1 line change. This really by far is the most KISS solution and we have so much other things which need work that I believe that over-engineering this is not doing ourselves any favours. Regards, Hans
On Fri, Dec 2, 2022 at 1:50 PM Laurent Pinchart <laurent.pinchart@ideasonboard.com> wrote: > On Fri, Dec 02, 2022 at 12:21:12PM +0100, Hans de Goede wrote: > > On 12/2/22 11:54, Laurent Pinchart wrote: ... > > Note the need for an index -> name map is standard for all GPIOs > > on ACPI platforms. > > It's funny how ARM platforms were criticized for their need of board > files, with x86/ACPI being revered as a saint. Now we have DT on ARM and > x86 needs board files :-) I believe it's a misunderstanding here due to missing words at Hans' statement, i..e. "..., which do not provide the descriptions in _DSD() method." So, no, x86 does not need board files generally speaking. The problem here is some departments of some big companies that didn't get ACPI properly or at all.
On Fri, Dec 02, 2022 at 01:53:55PM +0200, Andy Shevchenko wrote: > On Fri, Dec 2, 2022 at 1:50 PM Laurent Pinchart wrote: > > On Fri, Dec 02, 2022 at 12:21:12PM +0100, Hans de Goede wrote: > > > On 12/2/22 11:54, Laurent Pinchart wrote: > > ... > > > > Note the need for an index -> name map is standard for all GPIOs > > > on ACPI platforms. > > > > It's funny how ARM platforms were criticized for their need of board > > files, with x86/ACPI being revered as a saint. Now we have DT on ARM and > > x86 needs board files :-) > > I believe it's a misunderstanding here due to missing words at Hans' > statement, i..e. > "..., which do not provide the descriptions in _DSD() method." > > So, no, x86 does not need board files generally speaking. The problem > here is some departments of some big companies that didn't get ACPI > properly or at all. When it comes to camera support, that seems to cover an overwhelming majority of systems, if not all of them.
Hi Hans, On Wed, Nov 30, 2022 at 05:34:55PM +0100, Hans de Goede wrote: > So it looks like that at least for x86/ACPI windows devices if the > LED has its own GPIO the hardware description clearly counts that > as part of the sensor's GPIOs. So the sensor driver has direct > access to this, where as any v4l2 framework driver would needed > to start poking inside the fwnode of the sensor which really > isn't pretty. Most of the common (e.g. camera sensor related) properties are parsed by the V4L2 framework, not by drivers. I'm not saying no to having privacy-led parsing in a single driver but instead of adding more of this in drivers we should have a common solution for this.
Hi, On 12/2/22 12:49, Laurent Pinchart wrote: > Hi Hans, > > On Fri, Dec 02, 2022 at 12:21:12PM +0100, Hans de Goede wrote: >> On 12/2/22 11:54, Laurent Pinchart wrote: >>> On Wed, Nov 30, 2022 at 05:34:55PM +0100, Hans de Goede wrote: >>>> On 11/30/22 15:52, Sakari Ailus wrote: >>>>> On Wed, Nov 30, 2022 at 02:56:46PM +0100, Hans de Goede wrote: >>>>>> On 11/30/22 14:41, Sakari Ailus wrote: >>>>>>> On Wed, Nov 30, 2022 at 12:11:44AM +0100, Hans de Goede wrote: >>>>>>>> Add support for a privacy-led GPIO. >>>>>>>> >>>>>>>> Making the privacy LED to controlable from userspace, as using the LED >>>>>>>> class subsystem would do, would make it too easy for spy-ware to disable >>>>>>>> the LED. >>>>>>>> >>>>>>>> To avoid this have the sensor driver directly control the LED. >>>>>>>> >>>>>>>> Signed-off-by: Hans de Goede <hdegoede@redhat.com> >>>>>>>> --- >>>>>>>> Note an additional advantage of directly controlling the GPIO is that >>>>>>>> GPIOs are tied directly to consumer devices. Where as with a LED class >>>>>>>> device, there would need to be some mechanism to tie the right LED >>>>>>>> (e.g front or back) to the right sensor. >>>>>>> >>>>>>> Thanks for the patch. >>>>>>> >>>>>>> This approach has the drawback that support needs to be added for each >>>>>>> sensor separately. Any idea how many sensor drivers might need this? >>>>>> >>>>>> Quite a few probably. But as discussed here I plan to write a generic >>>>>> sensor_power helper library since many sensor drivers have a lot of >>>>>> boilerplate code to get clks + regulators + enable/reset gpios. The plan >>>>>> is to add support for a "privacy-led" to this library so that all sensors >>>>>> which use this get support for free. >>>>> >>>>> I'm not sure how well this could be generalised. While most sensors do >>>>> something similar there are subtle differences. If those can be taken into >>>>> account I guess it should be doable. But would it simplify things or reduce >>>>> the number of lines of code as a whole? >>>>> >>>>> The privacy LED is separate from sensor, including its power on/off >>>>> sequences which suggests it could be at least as well be handled >>>>> separately. >>>>> >>>>>> Laurent pointed out that some sensors may have more complex power-up >>>>>> sequence demands, which is true. But looking at existing drivers >>>>>> then many follow a std simple pattern which can be supported in >>>>>> a helper-library. >>>>>> >>>>>>> Most implementations have privacy LED hard-wired to the sensor's power >>>>>>> rails so it'll be lit whenever the sensor is powered on. >>>>>>> >>>>>>> If there would be more than just a couple of these I'd instead create a LED >>>>>>> class device and hook it up to the sensor in V4L2. >>>>>> >>>>>> A LED cladd device will allow userspace to override the privacy-led >>>>>> value which is considered bad from a privacy point of view. This >>>>>> was actually already discussed here: >>>>>> >>>>>> https://lore.kernel.org/platform-driver-x86/e5d8913c-13ba-3b11-94bc-5d1ee1d736b0@ideasonboard.com/ >>>>>> >>>>>> See the part of the thread on the cover-letter with Dan, Laurent >>>>>> and me participating. >>>>>> >>>>>> And a LED class device also will be a challenge to bind to the right >>>>>> sensor on devices with more then one sensor, where as mentioned >>>>>> above using GPIO-mappings give us the binding to the right sensor >>>>>> for free. >>>>> >>>>> Whether the privacy LED is controlled via the LED framework or GPIO doesn't >>>>> really matter from this PoV, it could be controlled via the V4L2 framework >>>>> in both cases. It might not be very pretty but I think I'd prefer that than >>>>> putting this in either drivers or some sensor power sequence helper >>>>> library. >>>> >>>> In sensors described in ACPI, esp. the straight forward described sensors >>>> on atomisp2 devices, the GPIO resources inluding the LED one are listed >>>> as resources of the i2c_client for the sensor. >>>> >>>> And in a sense the same applies to later IPU3 / IPU6 devices where there >>>> is a separate INT3472 device describing all the GPIOS which is also >>>> tied to a specific sensor and we currently map all the GPIOs from >>>> the INT3472 device to the sensor. >>>> >>>> So it looks like that at least for x86/ACPI windows devices if the >>>> LED has its own GPIO the hardware description clearly counts that >>>> as part of the sensor's GPIOs. So the sensor driver has direct >>>> access to this, where as any v4l2 framework driver would needed >>>> to start poking inside the fwnode of the sensor which really >>>> isn't pretty. >>> >>> Let me try to understand it better. Looking at the platforms you mention >>> above, it seems that the way to retrieve the GPIO is platform-specific, >>> isn't it ? Can the atomisp2 (is that IPU2 ?) >> >> Yes, sorta, Intel back then called it an ISP not an IPU, but the >> Android x86 code which we have for it also refers to work enabling >> IPU3 support, so definitely the same lineage of ISPs/IPUs. >> >>> , IPU3 and IPU6 expose the >>> GPIO in the same way, or would we need code that, for instance, acquires >>> the GPIO through different names (or even different APIs) for the same >>> sensor on different platforms ? >> >> Long answer: >> >> On the atomisp2 platforms the GPIO is directly listed as a GPIO resource >> of the i2c_client. Now ACPI resources use GPIO-indexes where as >> the standard Linux GPIO APIs use GPIO names, so we need an index -> name >> map in drivers/platform/x86 glue code. >> >> Note the need for an index -> name map is standard for all GPIOs >> on ACPI platforms. > > It's funny how ARM platforms were criticized for their need of board > files, with x86/ACPI being revered as a saint. Now we have DT on ARM and > x86 needs board files :-) Yes this is a bit painful. Although most of the INT3472 code is not board specific, it calls _DSM (device-specific-methods) which the windows drivers use and then translates that to GPIO mappings. For the non separate PMIC case the _DSM gives us a u8 containing a type for each GPIO listed, which can be one of: /reset, clk-enable, regulator-enable, /powerdown or privacy-led and then we "inject" those into the fwnode for the i2c_client (with the clk / regulator using the clk/regulator framework). >> On IPU3 / IPU6 most (all?) of the power-seq (and privacy-led) related >> resources like GPIOs are all described in an INT3472 ACPI device, >> and the drivers/platform/x86/intel/int3472/*.c code then adds >> GPIO-lookup table entries to the sensor's i2c_client pointing >> to these GPIOS. >> >> So in the end for both the ISP2 and the IPU3/IPU6 which have >> some code (outside of the media subsystem) abstracting away >> all this platform specific shenanigans and mapping >> the GPIOs to the sensor's i2c_client device so that a standard: >> >> sensor->pled_gpiod = gpiod_get(&i2c_client->dev, "privacy-led"); >> >> Call should work on all of ISP2/IPU3/IPU6 (and presumably also >> IPU4 if we ever get around to that). >> >> ### >> >> Short answer to your question: >> >> "would we need code that, for instance, acquires the GPIO through >> different names (or even different APIs) for the same >> sensor on different platforms ?" >> >> No the media subsystem sensor drivers should not need code to >> deal with any platform differences, this should all be abstracted >> away by the platform glue code under drivers/platform/x86, which >> is glue which we need regardless of how we solve this. >> >> With that glue in place, a simple / standard: >> >> sensor->pled_gpiod = gpiod_get(&i2c_client->dev, "privacy-led"); >> >> should work for all of ISP2 + IPU3 + IPU6 and this does already work >> in my current testing done on IPU3 + IPU6. > > Can I assume that "privacy-led" will be the right GPIO name not only > across different platforms but also across different sensors ? Yes. After this series we always map GPIO for which the _DSM returns the privacy-led value in the returned type field to a "privacy-led" GPIO, the mapping code for this is sensor independent. Regards, Hans
Hi All, On 11/30/22 00:11, Hans de Goede wrote: > Hi All, > > The out of tree IPU6 driver has moved to using the in kernel INT3472 > code for doing power-ctrl rather then doing their own thing (good!). > > Some of the IPU6 devices with a discrete INT3472 ACPI device have a > privacy-led GPIO. but no clk-enable GPIO. To make this work this series > moves the privacy LED control from being integrated with the clk-provider > to modelling the privacy LED as a separate GPIO. This also brings the > discrete INT3472 ACPI device privacy LED handling inline with the privacy > LED handling for INT3472 TPS68470 PMIC devices which I posted here: > > https://lore.kernel.org/platform-driver-x86/20221128214408.165726-1-hdegoede@redhat.com/ > > This obsoletes my previous "[PATCH 0/3] platform/x86: int3472/discrete: > Make it work with IPU6" series: > > https://lore.kernel.org/platform-driver-x86/20221124200007.390901-1-hdegoede@redhat.com/ > > Mauro since laptops with IPU6 cameras are becoming more and more > popular I would like to get this merged for 6.2 so that with 6.2 > users will be able to build the out of tree IPU6 driver without > requiring patching their main kernel. I realize we are a bit > late in the cycle, but can you please still take the ov5693 patch > for 6.2 ? It is quite small / straight-forward and since it used > gpiod_get_optional() it is a no-op without the rest of this series. > > This series has been tested on: > > - Lenovo ThinkPad X1 Yoga gen 7, IPU6, front: ov2740 with privacy LED > - Dell Latitude 9420, IPU 6 with privacy LED on front > - Mirosoft Surface Go, IPU3, front: ov5693 with privacy LED, > back: ov8865 with privacy LED There has once again been push-back against the concept using plain GPIOs for the privacy LED controls rather then wrapping this in a LED class device. This time in the related series adding support for the privacy LED on the back of Surface Go devices: https://lore.kernel.org/platform-driver-x86/20221128214408.165726-1-hdegoede@redhat.com/ Given all the comments / requests to use the LED class for this I'm going to attempt to do that, see the above thread for some challenges which I already encountered while exploring LED class usage for this + proposed solution for those (adding a lookup table mechanism to the LED class code similar to the existing GPIO lookup table support). This will result in a partial rewrite of this series, so self NACK for this version of the series. Andy this also means that I will not be using your new str_high_low() helper function. The code which could use this will likely stay around, but given that I need to do a rewrite and then get ne reviews, it would IMHO be better to just get your series starting with: [PATCH v1 1/3] lib/string_helpers: Add missing header files to MAINTAINERS database upstream independently and then later my code can be moved over to the helper (or if the helper lands first maybe use it from day one), either way it seems best to decouple the merging of these 2 series from each other. Regards, Hans > Hans de Goede (6): > media: ov5693: Add support for a privacy-led GPIO > platform/x86: int3472/discrete: Refactor GPIO to sensor mapping > platform/x86: int3472/discrete: Treat privacy LED as regular GPIO > platform/x86: int3472/discrete: Move GPIO request to > skl_int3472_register_clock() > platform/x86: int3472/discrete: Ensure the clk/power enable pins are > in output mode > platform/x86: int3472/discrete: Get the polarity from the _DSM entry > > drivers/media/i2c/ov5693.c | 10 ++ > .../x86/intel/int3472/clk_and_regulator.c | 35 +++++-- > drivers/platform/x86/intel/int3472/common.h | 4 +- > drivers/platform/x86/intel/int3472/discrete.c | 95 ++++++++----------- > 4 files changed, 80 insertions(+), 64 deletions(-) >
On Wed, Dec 7, 2022 at 7:34 PM Hans de Goede <hdegoede@redhat.com> wrote: > On 11/30/22 00:11, Hans de Goede wrote: ... > Andy this also means that I will not be using your new str_high_low() > helper function. The code which could use this will likely stay > around, but given that I need to do a rewrite and then get ne > reviews, it would IMHO be better to just get your series starting with: > > [PATCH v1 1/3] lib/string_helpers: Add missing header files to MAINTAINERS database > > upstream independently and then later my code can be moved over > to the helper (or if the helper lands first maybe use it from > day one), either way it seems best to decouple the merging > of these 2 series from each other. Sure, no problem and thank you for the information!
Hi All, The out of tree IPU6 driver has moved to using the in kernel INT3472 code for doing power-ctrl rather then doing their own thing (good!). Some of the IPU6 devices with a discrete INT3472 ACPI device have a privacy-led GPIO. but no clk-enable GPIO. To make this work this series moves the privacy LED control from being integrated with the clk-provider to modelling the privacy LED as a separate GPIO. This also brings the discrete INT3472 ACPI device privacy LED handling inline with the privacy LED handling for INT3472 TPS68470 PMIC devices which I posted here: https://lore.kernel.org/platform-driver-x86/20221128214408.165726-1-hdegoede@redhat.com/ This obsoletes my previous "[PATCH 0/3] platform/x86: int3472/discrete: Make it work with IPU6" series: https://lore.kernel.org/platform-driver-x86/20221124200007.390901-1-hdegoede@redhat.com/ Mauro since laptops with IPU6 cameras are becoming more and more popular I would like to get this merged for 6.2 so that with 6.2 users will be able to build the out of tree IPU6 driver without requiring patching their main kernel. I realize we are a bit late in the cycle, but can you please still take the ov5693 patch for 6.2 ? It is quite small / straight-forward and since it used gpiod_get_optional() it is a no-op without the rest of this series. This series has been tested on: - Lenovo ThinkPad X1 Yoga gen 7, IPU6, front: ov2740 with privacy LED - Dell Latitude 9420, IPU 6 with privacy LED on front - Mirosoft Surface Go, IPU3, front: ov5693 with privacy LED, back: ov8865 with privacy LED Regards, Hans Hans de Goede (6): media: ov5693: Add support for a privacy-led GPIO platform/x86: int3472/discrete: Refactor GPIO to sensor mapping platform/x86: int3472/discrete: Treat privacy LED as regular GPIO platform/x86: int3472/discrete: Move GPIO request to skl_int3472_register_clock() platform/x86: int3472/discrete: Ensure the clk/power enable pins are in output mode platform/x86: int3472/discrete: Get the polarity from the _DSM entry drivers/media/i2c/ov5693.c | 10 ++ .../x86/intel/int3472/clk_and_regulator.c | 35 +++++-- drivers/platform/x86/intel/int3472/common.h | 4 +- drivers/platform/x86/intel/int3472/discrete.c | 95 ++++++++----------- 4 files changed, 80 insertions(+), 64 deletions(-)