| Message ID | 1405412723-10062-1-git-send-email-hyogi.gim@lge.com |
|---|---|
| State | Accepted |
| Headers | show |
On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <hyogi.gim@lge.com> wrote: > In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not > checked. If rtc device fail to read time, we cannot guarantee the following > process. > > Add the verification code for returned rtc_read_time() error. I thought I acked this or something similar days ago... can you please check?
> > In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not > > checked. If rtc device fail to read time, we cannot guarantee the following > > process. > > > > Add the verification code for returned rtc_read_time() error. > > I thought I acked this or something similar days ago... can you please check? Yes, I sent a similar one. But, a previous patch is related to "interface.c" and this is included in "class.c". Maybe you are confused by my same description. Sorry about that. Thanks Best regards, Hyogi Gim
On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <hyogi.gim@lge.com> wrote: > In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not > checked. If rtc device fail to read time, we cannot guarantee the following > process. > > Add the verification code for returned rtc_read_time() error. > > ... > > --- a/drivers/rtc/class.c > +++ b/drivers/rtc/class.c > @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev) > struct rtc_device *rtc = to_rtc_device(dev); > struct rtc_time tm; > struct timespec delta, delta_delta; > + int err; > > if (has_persistent_clock()) > return 0; > @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev) > return 0; > > /* snapshot the current RTC and system time at suspend*/ > - rtc_read_time(rtc, &tm); > + err = rtc_read_time(rtc, &tm); > + if (err < 0) { > + pr_debug("%s: fail to read rtc time\n", dev_name(&rtc->dev)); > + return 0; > + } OK, it makes no sense to go ahead and set the system time from a garbage rtc_time. But I'm wondering if we should propagate the error back to the rtc_suspend() caller. What does the PM core do if a particular device's ->suspend or ->resume fails? > getnstimeofday(&old_system); > rtc_tm_to_time(&tm, &old_rtc.tv_sec); > > @@ -94,6 +100,7 @@ static int rtc_resume(struct device *dev) > struct rtc_time tm; > struct timespec new_system, new_rtc; > struct timespec sleep_time; > + int err; > > if (has_persistent_clock()) > return 0; > @@ -104,7 +111,12 @@ static int rtc_resume(struct device *dev) > > /* snapshot the current rtc and system time at resume */ > getnstimeofday(&new_system); > - rtc_read_time(rtc, &tm); > + err = rtc_read_time(rtc, &tm); > + if (err < 0) { > + pr_debug("%s: fail to read rtc time\n", dev_name(&rtc->dev)); > + return 0; > + } > + > if (rtc_valid_tm(&tm) != 0) { > pr_debug("%s: bogus resume time\n", dev_name(&rtc->dev)); > return 0;
On Wednesday, July 23, 2014 02:56:34 PM Andrew Morton wrote: > On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <hyogi.gim@lge.com> wrote: > > > In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not > > checked. If rtc device fail to read time, we cannot guarantee the following > > process. > > > > Add the verification code for returned rtc_read_time() error. > > > > ... > > > > --- a/drivers/rtc/class.c > > +++ b/drivers/rtc/class.c > > @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev) > > struct rtc_device *rtc = to_rtc_device(dev); > > struct rtc_time tm; > > struct timespec delta, delta_delta; > > + int err; > > > > if (has_persistent_clock()) > > return 0; > > @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev) > > return 0; > > > > /* snapshot the current RTC and system time at suspend*/ > > - rtc_read_time(rtc, &tm); > > + err = rtc_read_time(rtc, &tm); > > + if (err < 0) { > > + pr_debug("%s: fail to read rtc time\n", dev_name(&rtc->dev)); > > + return 0; > > + } > > OK, it makes no sense to go ahead and set the system time from a > garbage rtc_time. > > But I'm wondering if we should propagate the error back to the > rtc_suspend() caller. What does the PM core do if a particular > device's ->suspend or ->resume fails? It aborts the suspend. Rafael
On Thursday, July 24, 2014 01:47:57 AM Rafael J. Wysocki wrote: > On Wednesday, July 23, 2014 02:56:34 PM Andrew Morton wrote: > > On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <hyogi.gim@lge.com> wrote: > > > > > In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not > > > checked. If rtc device fail to read time, we cannot guarantee the following > > > process. > > > > > > Add the verification code for returned rtc_read_time() error. > > > > > > ... > > > > > > --- a/drivers/rtc/class.c > > > +++ b/drivers/rtc/class.c > > > @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev) > > > struct rtc_device *rtc = to_rtc_device(dev); > > > struct rtc_time tm; > > > struct timespec delta, delta_delta; > > > + int err; > > > > > > if (has_persistent_clock()) > > > return 0; > > > @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev) > > > return 0; > > > > > > /* snapshot the current RTC and system time at suspend*/ > > > - rtc_read_time(rtc, &tm); > > > + err = rtc_read_time(rtc, &tm); > > > + if (err < 0) { > > > + pr_debug("%s: fail to read rtc time\n", dev_name(&rtc->dev)); > > > + return 0; > > > + } > > > > OK, it makes no sense to go ahead and set the system time from a > > garbage rtc_time. > > > > But I'm wondering if we should propagate the error back to the > > rtc_suspend() caller. What does the PM core do if a particular > > device's ->suspend or ->resume fails? > > It aborts the suspend. I mean, if ->suspend fails, the suspend is aborted. If ->resume fails, on the other hand, we cannot do much more than logging an error message. Rafael
On Thu, 24 Jul 2014 01:49:44 +0200 "Rafael J. Wysocki" <rjw@rjwysocki.net> wrote: > On Thursday, July 24, 2014 01:47:57 AM Rafael J. Wysocki wrote: > > On Wednesday, July 23, 2014 02:56:34 PM Andrew Morton wrote: > > > On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <hyogi.gim@lge.com> wrote: > > > > > > > In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not > > > > checked. If rtc device fail to read time, we cannot guarantee the following > > > > process. > > > > > > > > Add the verification code for returned rtc_read_time() error. > > > > > > > > ... > > > > > > > > --- a/drivers/rtc/class.c > > > > +++ b/drivers/rtc/class.c > > > > @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev) > > > > struct rtc_device *rtc = to_rtc_device(dev); > > > > struct rtc_time tm; > > > > struct timespec delta, delta_delta; > > > > + int err; > > > > > > > > if (has_persistent_clock()) > > > > return 0; > > > > @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev) > > > > return 0; > > > > > > > > /* snapshot the current RTC and system time at suspend*/ > > > > - rtc_read_time(rtc, &tm); > > > > + err = rtc_read_time(rtc, &tm); > > > > + if (err < 0) { > > > > + pr_debug("%s: fail to read rtc time\n", dev_name(&rtc->dev)); > > > > + return 0; > > > > + } > > > > > > OK, it makes no sense to go ahead and set the system time from a > > > garbage rtc_time. > > > > > > But I'm wondering if we should propagate the error back to the > > > rtc_suspend() caller. What does the PM core do if a particular > > > device's ->suspend or ->resume fails? > > > > It aborts the suspend. > > I mean, if ->suspend fails, the suspend is aborted. So what should rtc do in this case? At present it pretends the read succeeded. Either way, this doesn't seem to be the place to be making such policy decisions..
On 07/24/2014 09:19 AM, Andrew Morton wrote: > > So what should rtc do in this case? At present it pretends the read > succeeded. Either way, this doesn't seem to be the place to be making > such policy decisions.. > > > I agree. But, in this case, RTC device driver can not do anything. And if rtc_suspend() returns a minus value, then suspend will be aborted. So, in the worst case, suspend will be failed continually. I think this is not good. Most RTC device drivers don't verify the read time value. Even some drivers just return '0' value(omap, tegra, ...). So, I think the higher level framework like /drivers/rtc/interface.c should check and handle the rtc read time.
diff --git a/drivers/rtc/class.c b/drivers/rtc/class.c index 589351e..38e26be 100644 --- a/drivers/rtc/class.c +++ b/drivers/rtc/class.c @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev) struct rtc_device *rtc = to_rtc_device(dev); struct rtc_time tm; struct timespec delta, delta_delta; + int err; if (has_persistent_clock()) return 0; @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev) return 0; /* snapshot the current RTC and system time at suspend*/ - rtc_read_time(rtc, &tm); + err = rtc_read_time(rtc, &tm); + if (err < 0) { + pr_debug("%s: fail to read rtc time\n", dev_name(&rtc->dev)); + return 0; + } + getnstimeofday(&old_system); rtc_tm_to_time(&tm, &old_rtc.tv_sec); @@ -94,6 +100,7 @@ static int rtc_resume(struct device *dev) struct rtc_time tm; struct timespec new_system, new_rtc; struct timespec sleep_time; + int err; if (has_persistent_clock()) return 0; @@ -104,7 +111,12 @@ static int rtc_resume(struct device *dev) /* snapshot the current rtc and system time at resume */ getnstimeofday(&new_system); - rtc_read_time(rtc, &tm); + err = rtc_read_time(rtc, &tm); + if (err < 0) { + pr_debug("%s: fail to read rtc time\n", dev_name(&rtc->dev)); + return 0; + } + if (rtc_valid_tm(&tm) != 0) { pr_debug("%s: bogus resume time\n", dev_name(&rtc->dev)); return 0;
In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not checked. If rtc device fail to read time, we cannot guarantee the following process. Add the verification code for returned rtc_read_time() error. Signed-off-by: Hyogi Gim <hyogi.gim@lge.com> --- drivers/rtc/class.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-)