Details

Reviewers

adrian
ngie

Commits

rGe37e49bfaa27: asmc: fix asmc_key_dump() page fault on T2 MMIO backend
rG3abc07947c14: asmc: fix asmc_key_dump() page fault on T2 MMIO backend

Summary

asmc_key_dump() used I/O port macros (ASMC_DATAPORT_WRITE/READ,
asmc_command()) unconditionally. On T2 Macs, sc_ioport is NULL
(MMIO backend is used instead), causing a page fault when
ASMC_DEBUG triggers asmc_dumpall() during attach.

Add an MMIO guard at the top of asmc_key_dump(): delegate to
asmc_key_dump_by_index() + asmc_key_read() for MMIO devices,
consistent with the rest of the T2 code paths.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

guest-seuros created this revision.Apr 30 2026, 2:41 PM

Herald added a subscriber: imp. · View Herald TranscriptApr 30 2026, 2:41 PM

guest-seuros requested review of this revision.Apr 30 2026, 2:41 PM

Harbormaster completed remote builds in B72675: Diff 176910.Apr 30 2026, 2:41 PM

This hints at needing the patches/driver available in https://github.com/t2linux/linux-t2-patches/tree/main (please note that the driver isn't technically GPLv2; I can add more details later if needed).

sys/dev/asmc/asmc.c
1156–1157	Same thing; just a bit more explicit.
1161–1165	Doesn't have to be done here or now, but if this is a point of contention around data flushing, I/O interleaving, etc, it would probably be a good idea to consider using the sbuf family of functions instead of the stdio ones (like *printf).
1206	Was this breaking the type representation somehow, or was it doing implicit formatting with the type names?

Add an MMIO guard at the top of asmc_key_dump(): delegate to
asmc_key_dump_by_index() + asmc_key_read() for MMIO devices,
consistent with the rest of the T2 code paths.

Having a more explicit statement for T2 Macs vs non-T2 Macs would be a good idea.

Address review: add CMDGETINFO response layout comment explaining type[0] is data length, type[1..4] is ASCII type string

Harbormaster completed remote builds in B72688: Diff 176965.Apr 30 2026, 10:36 PM

guest-seuros updated this revision to Diff 176966.Apr 30 2026, 10:36 PM

This comment was removed by guest-seuros.

Harbormaster completed remote builds in B72689: Diff 176966.Apr 30 2026, 10:36 PM

@ngie , the separation of the T2 code will be done in a future diff.

this LOOKS right to me. @ngie any other comments?

This revision is now accepted and ready to land.May 7 2026, 1:59 PM

@guest-seuros : could you please reply to my comments?

adrian added projects: drivers, apple (x86).May 10 2026, 3:12 PM

@ngie, I got fooled by the reply mechanism again. my response was sitting unsubmitted.

For the first two (MIN + sbuf): updating now. I wasnt aware of sbuf, makes sense for kernel printf.

For the type representation (L1151): that's just the CMDGETINFO response layout, byte 0 is data length, bytes 1-4 are the ASCII type string. The I/O port path extracts the length then overwrites type[0] with a space to reuse the buffer for display. The MMIO path doesn't need this hack because asmc_key_dump_by_index() returns the type string separately. I noticed this when debugging Apple with the T2 chip.

use helpers (MIN + sbuf)

This revision now requires review to proceed.May 10 2026, 3:51 PM

Harbormaster completed remote builds in B72971: Diff 177544.May 10 2026, 3:52 PM

ok, this looks better. ngie@, anything else?

ngie added inline comments.May 13 2026, 3:06 AM

sys/dev/asmc/asmc.c
1155	Ah yeah, MIN not MAX :D.
1156	Is there a reason why you removed the error check?
1224	The old way conforms to style(9).
1234	Same as before.

guest-seuros marked 3 inline comments as done.May 13 2026, 4:57 PM

guest-seuros added inline comments.

sys/dev/asmc/asmc.c
1156	The key was just enumerated successfully, so a read failure right after would be a hardware fault. I originally added the check while validating and understanding the SMC behavior itself. Unless the Apple Trashcan or Cheese Grater models have some especially exotic SMC quirk, I tested this across basically the entire Intel Mac lineup from 2006 to 2019.

ngie added inline comments.May 15 2026, 6:53 PM

sys/dev/asmc/asmc.c
1156	While I agree with you, a bit of extra care is required (IMHO) because there's a fair bit of FUD around whether or not some operations could brick SMCs. Your proposed change is no doubt harmless, but it doesn't hurt to err on the side of caution to make sure the data is sane/correct (especially since logic errors result in kernel panics, which results in extended reboot times).