lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200727154104.GE239143@piout.net>
Date:   Mon, 27 Jul 2020 17:41:04 +0200
From:   Alexandre Belloni <alexandre.belloni@...tlin.com>
To:     Russell King - ARM Linux admin <linux@...linux.org.uk>
Cc:     Rob Herring <robh@...nel.org>, miguelborgesdefreitas@...il.com,
        a.zummo@...ertech.it, baruch@...s.co.il, shawnguo@...nel.org,
        s.hauer@...gutronix.de, kernel@...gutronix.de, festevam@...il.com,
        linux-imx@....com, devicetree@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/3] dt-bindings: rtc: pcf8523: add DSM pm option for
 battery switch-over

On 27/07/2020 16:24:39+0100, Russell King - ARM Linux admin wrote:
> On Mon, Jul 27, 2020 at 04:49:38PM +0200, Alexandre Belloni wrote:
> > On 27/07/2020 10:45:53+0100, Russell King - ARM Linux admin wrote:
> > > > This is but this shouldn't be a DT property as it has to be changed
> > > > dynamically. I'm working on an ioctl interface to change this
> > > > configuration.
> > > 
> > > Why does it need to be changed dynamically?  If the hardware components
> > > are not fitted to allow the RTC to be safely used without DSM, then
> > > why should userspace be able to disable DSM?
> > 
> > For RTCs with a standby mode, you want to be able to return to standby
> > mode.
> > 
> > That would happen for example after factory flashing in that common use
> > case:
> >  - the board is manufactured
> >  - Vbackup is installed, the RTC switches to standby mode
> >  - the board is then booted to flash a system, Vprimary is now present,
> >    the RTC switches to DSM.
> > 
> > At this point, if the board is simply shut down, the RTC will start
> > draining Vbackup before leaving the factory. Instead, we want to be able
> > to return to standby mode until the final user switches the product on
> > for the first time.
> 
> I don't think you're understanding what's going on with this proposed
> patch.  The cubox-i does work today, and the RTC does survive most
> power-downs. There are situations where it doesn't.
> 
> So, let's take your process above.
> 
> - the board is manufactured
> - Vbackup is installed, the RTC switches to standby mode
> - the board is then booted to flash a system, Vprimary is now present
> - the board is powered down.  the RTC _might_ switch over to battery
>   if it notices the power failure in time, or it might not.  A random
>   sample of units leaving the factory have the RTC in standby mode.
>   Others are draining the battery.
> 
> I'm not saying what you propose isn't a good idea.  I'm questioning
> why we should expose this in the generic kernel on platforms where
> it's likely to end up with the RTC being corrupted.
> 

Note that I didn't say we should expose settings that are not working
but it is a different discussion. I was explaining why we need to be
able to change it dynamically.

> Now, I question your idea that units should leave the factory without
> the RTC being programmed.  We know that lovely systemd goes utterly
> bonkers if the system time is beyond INT_MAX.  If the RTC leaves
> standby mode containing a date which we translate beyond INT_MAX,
> systemd will refuse to boot the system, and the user will have no
> way to set the correct time.  The user returns the device to the
> supplier as faulty...

This is doesn't happen since v4.17.

-- 
Alexandre Belloni, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ