lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 17 Oct 2011 12:08:49 -0700
From:	John Stultz <john.stultz@...aro.org>
To:	Alan Stern <stern@...land.harvard.edu>
Cc:	"Rafael J. Wysocki" <rjw@...k.pl>,
	Linux PM list <linux-pm@...r.kernel.org>,
	mark gross <markgross@...gnar.org>,
	LKML <linux-kernel@...r.kernel.org>, NeilBrown <neilb@...e.de>
Subject: Re: [RFC][PATCH 2/2] PM / Sleep: Introduce cooperative
 suspend/hibernate mode

On Mon, 2011-10-17 at 14:19 -0400, Alan Stern wrote:
> On Mon, 17 Oct 2011, John Stultz wrote:
> 
> > So, the alarmtimer code is a bit more simple then what you describe
> > above (alarmtimers are just like regular posix timers, only enable an
> > RTC wakeup for the soonest event when the system goes into suspend).
> > 
> > However, such a dual-timer style behavior seems like it could work for
> > timer driven wakeups (and have been suggested to me by others as well).
> > Just to reiterate my understanding so that we're sure we're on the same
> > wavelength:
> > 
> > For any timer-style wakeup event, you set another non-wakeup timer for
> > some small period of time before the wakeup timer. Then when the
> > non-wakeup timer fires, the application inhibits suspend and waits for
> > the wakeup timer.  
> > 
> > Thus if the system is supended, the system will stay asleep until the
> > wakeup event, where we'll hold off suspend for a timeout length so the
> > task can run. If the system is not suspended, the early timer inhibits
> > suspend to block the possible race.
> > 
> > So yes, while not a very elegant solution in my mind (as its still racy
> > like any timeout based solution), it would seem to be workable in
> > practice, assuming wide error margins are used as the kernel does not
> > guarantee that timers will fire at a specific time (only after the
> > requested time). 
> > 
> > And this again assumes we'll see no timing issues as a result of system
> > load or realtime task processing.

> It shouldn't have to be this complicated.  If a program wants the
> system to be awake at a certain target time, it sets a wakeup timer for
> that time.  Then it vetoes any suspend requests that occur too close to 
> the target time, and continues to veto them until it has finished its 
> job.

I agree that the dual-timer approach is not really a good solution, and
doesn't help with similar races on non-timer based wakeups.

Though I also think proposed userland implementations that require
communication with all wakeup consumers before suspending (which really,
once you get aggressive about suspending when you can, means
communicating with all wakeup consumers on every wakeup event) isn't
really a good solution either.


Though as I've been thinking about it, there may be a way to do a
userland solution that uses the wakeup_count that isn't so inefficient.
Basically, its a varient of Mark's wakeup-device idea, but moved out to
userland.

There is a userland PM daemon. Its responsible for both suspending the
system, *and* handing all wakeup events.

Normal wakeup consumers open wakeup devices with a special library which
passes the open request through the PM daemon. The PM daemon opens the
device and provides a pipe fd back to the application, and basically
acts as a middle-man.

The PM daemon then cycles, doing the following:

while(1) {
	wakeup_count = read_int(wakeup_count_fd) /*possibly blocking*/
	if (wakeup_count != last_wakeup) {
		have_data = check_open_fds(fds);
		if (have_data)
			process_fds(fds);
		last_wakeup = wakeup_count;
	}
	write_int(wakeup_count_fd, wakeup_count);
	attempt_suspend();
}


Where check_open_fds() does a non-blocking select on all the fds that
the PM deamon has opened on behalf of applications, and process_fds()
basically writes any available data from the opened fds over to the
application through the earlier setup pipe. The daemon's write to the
pipe could be blocking, to ensure the application has read all of the
necessary data before the deamon continues trying to suspend.

Provided there is some suspend_inhibit/allow command that userspace can
make to the PM damon, this approach then provides a similar
select/wakelock/read pattern as what Android uses. The only other
features we might want is suggestion from Peter that
the /sys/power/state be only able to be opened by one application, so
that on systems which don't have the PM deamon running, applications
like the firmware update tool can try opening /sys/power/state and
blocking anyone from suspending under it.

Thoughts?

thanks
-john





--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ