lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100805180946.GI2447@linux.vnet.ibm.com>
Date:	Thu, 5 Aug 2010 11:09:46 -0700
From:	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
To:	david@...g.hm
Cc:	Arve Hjønnevåg <arve@...roid.com>,
	Matthew Garrett <mjg59@...f.ucam.org>,
	"Rafael J. Wysocki" <rjw@...k.pl>,
	Arjan van de Ven <arjan@...radead.org>,
	linux-pm@...ts.linux-foundation.org, linux-kernel@...r.kernel.org,
	pavel@....cz, florian@...kler.org, stern@...land.harvard.edu,
	swetland@...gle.com, peterz@...radead.org, tglx@...utronix.de,
	alan@...rguk.ukuu.org.uk
Subject: Re: Attempted summary of suspend-blockers LKML thread

On Thu, Aug 05, 2010 at 08:46:54AM -0700, david@...g.hm wrote:
> On Thu, 5 Aug 2010, Paul E. McKenney wrote:
> 
> >On Wed, Aug 04, 2010 at 10:18:40PM -0700, david@...g.hm wrote:
> >>On Wed, 4 Aug 2010, Paul E. McKenney wrote:
> >>>On Wed, Aug 04, 2010 at 05:25:53PM -0700, david@...g.hm wrote:
> >>>>On Wed, 4 Aug 2010, Paul E. McKenney wrote:
> >
> >[ . . . ]
> >
> >>>>>The music player is an interesting example.  It would be idle most
> >>>>>of the time, given that audio output doesn't consume very much CPU.
> >>>>>So you would not want to suspend the system just because there were
> >>>>>no runnable processes.  In contrast, allowing the music player to
> >>>>>hold a wake lock lets the system know that it would not be appropriate
> >>>>>to suspend.
> >>>>>
> >>>>>Or am I misunderstanding what you are proposing?
> >>>>
> >>>>the system would need to be idle for 'long enough' (configurable)
> >>>>before deciding to suspend, so as long as 'long enough' is longer
> >>>>than the music player is idle this would not be a problem.
> >>>
> >>>From a user standpoint, having the music player tell the system when
> >>>it is OK to suspend (e.g., when the user has paused playback) seems
> >>>a lot nicer than having configurable timeouts that need tweaking.
> >>
> >>every system that I have seen has a configurable "sleep if it's idle
> >>for this long" knob. On the iphone (work issue, I didn't want it)
> >>that I am currently using it can be configured from 1 min to 5 min.
> >>
> >>this is the sort of timeout I am talking about.
> >>
> >>with something in the multi-minute range for the 'do a full suspend'
> >>doing a wakeup every few 10s of seconds is perfectly safe.
> >
> >Ah, I was assuming -much- shorter "do full suspend" timeouts.
> >
> >My (possibly incorrect) assumption is based on the complaint that led
> >to my implementing RCU_FAST_NO_HZ.  A (non-Android) embedded person was
> >quite annoyed (to put it mildly) at the earlier version of RCU because
> >it prevented the system from entering the power-saving dyntick-idle mode,
> >not for minutes, or even for seconds, but for a handful of -milliseconds-.
> >This was my first hint that "energy efficiency" means something completely
> >different in embedded systems than it does in the servers that I am
> >used to.
> >
> >But I must defer to the Android guys on this -- who knows, perhaps
> >multi-minute delays to enter full-suspend mode are OK for them.
> 
> if the system was looking at all applications I would agree that the
> timeout should be much shorter.
> 
> I have a couple devices that are able to have the display usable,
> even if the CPU is asleep (the OLPC and the Kindle, two different
> display technologies). With these devices I would like to see the
> suspend happen so fast that it can suspend between keystrokes.
> 
> however, in the case of Android I think the timeouts have to end up
> being _much_ longer. Otherwise you have the problem of loading an
> untrusted book reader app on the device and the device suspends
> while you are reading the page.
> 
> currently Android works around this by having a wakelock held
> whenever the display is on. This seems backwards to me, the display
> should be on because the system is not suspended, not the system is
> prevented from suspending because the display is on.
> 
> Rather than having the display be on causing a wavelock to be held
> (with the code that is controls the display having a timeout for how
> long it leaves the display on), I would invert this and have the
> timeout be based on system activity, and when it decides the system
> is not active, turn off the display (along with other things as it
> suspends)

>From what I can see, the decision between these two approaches comes down
to their energy efficiencies, and thus their battery lifetimes.  Are you
in a position to benchmark these two approaches against each other?

> >>>>>>if the backlight being on holds the wakelock, it would seem that
> >>>>>>almost every other use of the wakelock could (and probably should)
> >>>>>>be replaced by something that tickles the display to stay on longer.
> >>>>>
> >>>>>The problem with this approach is that the display consumes quite a
> >>>>>bit of power, so you don't want to leave it on unnecessarily.  So if
> >>>>>the system is doing something (for example, playing music) that does
> >>>>>not require the display, you really want the display to be off.
> >>>>
> >>>>what percentage (and types) of apps are really useful with the
> >>>>display off. I think that there are relativly few apps that you
> >>>>really want to keep running if the display is off.
> >>>
> >>>The length of time those apps are running is the governing factor
> >>>for battery life, and not the number of such apps, right?
> >>
> >>correct, but the number of such apps indicates the scope of the problem.
> >
> >The number of such apps certainly indicates the amount of effort required
> >to modify them, if required.  Is that what you are getting at?
> 
> yes.
> 
> >>>From another e-mail tonight it sounds like almost everything
> >>>already talks
> >>
> >>to a userspace daemon, so if "(the power management service in the
> >>system_server, possibly the media_server and the radio interface
> >>glue)" (plus possibly some kernel activity) are the only things
> >>looked at when considering if it's safe to sleep or not, all of
> >>these can (or already do) do 'something' every few seconds, making
> >>this problem sound significantly smaller than it sounded like
> >>before.
> >>
> >>Android could even keep it's user-space API between the system power
> >>daemon and the rest of userspace the same if they want to.
> >>
> >>over time, additional apps could be considered 'trusted' (or flagged
> >>that way by the user) and not have to interact with the power daemon
> >>to keep things alive.
> >
> >Hmmm...  Isn't it the "trusted" (AKA PM-driving) apps that interact with
> >the power daemon via suspend blockers, rather than the other way around?
> 
> I was looking at it from a kernel point of view, "trusted" (AKA
> PM-driving) apps are ones that have permission to grab the wakelock.
> Any app/daemon that is so trusted can communicate with anything else
> in userspace as part of making it's decision on whento take the
> wakelock, but those other applications would not qualify as
> "trusted" in my eyes.

So you are saying that PM-driving apps can check up on power-oblivious
apps as part of their decision process.  Sounds reasonable to me,
though such checking increases the dependencies among apps, which might
increase complexity.

> >>as for intramentation, the key tool to use to see why a system isn't
> >>going to sleep would be powertop, just like on other linux systems.
> >
> >Powertop is indeed an extremely valuable tool, but I am not certain
> >that it really provides the information that the Android guys need.
> >If I understand Arve's and Brian's posts, here is the scenario that they
> >are trying to detect:
> >
> >o	Some PM-driving application has a bug in which it fails to
> >	release a wakelock, thus blocking suspend indefinitely.
> >
> >o	This PM-driving application, otherwise being a good citizen,
> >	blocks.
> >
> >o	There are numerous power-oblivious apps running, consuming
> >	significant CPU.
> >
> >What the Android developers need to know is that the trusted application
> >is wrongly holding a wakelock.  Won't powertop instead tell them about
> >all the power-oblivious apps?
> 
> in my proposal (without a wakelock), powertop would tell you what
> applications are running and setting timers. If we can modify the
> kernel/suspend decision code to only look at processes in one cgroup
> when deciding if the system should go to sleep, a similar
> modification to poewrtop should let you only show stats on the
> "trusted" applications.

Mark Brown suggests adding suspend-blocker information to powertop, which
might well be a very good way to handle this.  This sounds plausible to
me, but then again, I have never chased down wakelock bugs on Android
systems.

A key point is that it is not enough to focus on PM-driving apps, you
instead need to focus on only those PM-driving apps that currently hold
a suspend blocker.

> If you have a userspace power management daemon that accepts
> requests from untrusted programs and does something to keep the
> system from sleeping (either taking a wakelock or setting a 'short'
> timer), it needs to keep the records of this itself because
> otherwise all the kernel will see (with either powertop or wakelock
> reporting) is that the power management daemon is what kept the
> system from sleeping.

According to Brian Swetland, Android does in fact have such a
power-management daemon.  I would guess that this daemon tracks which
apps it is holding suspend blockers on behalf of.  This approach might
well make it harder to bring powertop to bear, as powertop would need
to communicate with Android's power-management daemon.  But perhaps
something could be arranged.

							Thanx, Paul
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ