| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200727154104.GE239143@piout.net>
Date: Mon, 27 Jul 2020 17:41:04 +0200
From: Alexandre Belloni <alexandre.belloni@...tlin.com>
To: Russell King - ARM Linux admin <linux@...linux.org.uk>
Cc: Rob Herring <robh@...nel.org>, miguelborgesdefreitas@...il.com,
a.zummo@...ertech.it, baruch@...s.co.il, shawnguo@...nel.org,
s.hauer@...gutronix.de, kernel@...gutronix.de, festevam@...il.com,
linux-imx@....com, devicetree@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/3] dt-bindings: rtc: pcf8523: add DSM pm option for
battery switch-over
On 27/07/2020 16:24:39+0100, Russell King - ARM Linux admin wrote:
> On Mon, Jul 27, 2020 at 04:49:38PM +0200, Alexandre Belloni wrote:
> > On 27/07/2020 10:45:53+0100, Russell King - ARM Linux admin wrote:
> > > > This is but this shouldn't be a DT property as it has to be changed
> > > > dynamically. I'm working on an ioctl interface to change this
> > > > configuration.
> > >
> > > Why does it need to be changed dynamically? If the hardware components
> > > are not fitted to allow the RTC to be safely used without DSM, then
> > > why should userspace be able to disable DSM?
> >
> > For RTCs with a standby mode, you want to be able to return to standby
> > mode.
> >
> > That would happen for example after factory flashing in that common use
> > case:
> > - the board is manufactured
> > - Vbackup is installed, the RTC switches to standby mode
> > - the board is then booted to flash a system, Vprimary is now present,
> > the RTC switches to DSM.
> >
> > At this point, if the board is simply shut down, the RTC will start
> > draining Vbackup before leaving the factory. Instead, we want to be able
> > to return to standby mode until the final user switches the product on
> > for the first time.
>
> I don't think you're understanding what's going on with this proposed
> patch. The cubox-i does work today, and the RTC does survive most
> power-downs. There are situations where it doesn't.
>
> So, let's take your process above.
>
> - the board is manufactured
> - Vbackup is installed, the RTC switches to standby mode
> - the board is then booted to flash a system, Vprimary is now present
> - the board is powered down. the RTC _might_ switch over to battery
> if it notices the power failure in time, or it might not. A random
> sample of units leaving the factory have the RTC in standby mode.
> Others are draining the battery.
>
> I'm not saying what you propose isn't a good idea. I'm questioning
> why we should expose this in the generic kernel on platforms where
> it's likely to end up with the RTC being corrupted.
>
Note that I didn't say we should expose settings that are not working
but it is a different discussion. I was explaining why we need to be
able to change it dynamically.
> Now, I question your idea that units should leave the factory without
> the RTC being programmed. We know that lovely systemd goes utterly
> bonkers if the system time is beyond INT_MAX. If the RTC leaves
> standby mode containing a date which we translate beyond INT_MAX,
> systemd will refuse to boot the system, and the user will have no
> way to set the correct time. The user returns the device to the
> supplier as faulty...
This is doesn't happen since v4.17.
--
Alexandre Belloni, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
Powered by blists - more mailing lists