lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAD=FV=U8vchyRXOjozYYroq3Mit_gt=XXADLfn0W4N4TyQzyjQ@mail.gmail.com>
Date:   Thu, 3 Sep 2020 16:19:08 -0700
From:   Doug Anderson <dianders@...omium.org>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     Maulik Shah <mkshah@...eaurora.org>,
        Stephen Boyd <swboyd@...omium.org>,
        Bjorn Andersson <bjorn.andersson@...aro.org>,
        Evan Green <evgreen@...omium.org>,
        LinusW <linus.walleij@...aro.org>, Marc Zyngier <maz@...nel.org>,
        Matthias Kaehlcke <mka@...omium.org>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-arm-msm <linux-arm-msm@...r.kernel.org>,
        "open list:GPIO SUBSYSTEM" <linux-gpio@...r.kernel.org>,
        Andy Gross <agross@...nel.org>,
        Jason Cooper <jason@...edaemon.net>,
        Rajendra Nayak <rnayak@...eaurora.org>,
        Lina Iyer <ilina@...eaurora.org>,
        Srinivas Rao L <lsrao@...eaurora.org>,
        "Rafael J. Wysocki" <rafael@...nel.org>
Subject: Re: [PATCH v5 3/6] genirq/PM: Introduce IRQCHIP_ENABLE_WAKEUP_ON_SUSPEND
 flag

Hi,

On Thu, Sep 3, 2020 at 5:57 AM Thomas Gleixner <tglx@...utronix.de> wrote:
>
> On Wed, Sep 02 2020 at 13:26, Doug Anderson wrote:
> > Specifically I think it gets back to the idea that, from a device
> > driver's point of view, there isn't a separate concept of disabling an
> > IRQ (turn it off and stop tracking it) and masking an IRQ (keep track
> > of it but don't call my handler until I unmask).  As I understand it
> > drivers expect that the disable_irq() call is actually a mask and that
> > an IRQ is never fully disabled unless released by the driver.  It is a
> > little unfortunate (IMO) that the function is called disable_irq() but
> > as far as I understand that's historical.
>
> Yes, the naming is historical but it always meant:
>
> Don't invoke an interrupt handler. Whether that's achieved by actually
> masking it at the interrupt chip level in hardware or by software state
> in the core does not matter from the driver perspective.
>
> >> The point is that the core suspend code disables all interrupts which
> >> are not marked as wakeup enabled automatically and reenables them after
> >> resume. So why would any driver invoke disable_irq() in the suspend
> >> function at all? Historical raisins?
> >
> > One case I can imagine: pretend that there are two power rails
> > controlling a device.  One power rail controls the communication
> > channel between the CPU and the peripheral and the other power rail
> > controls whether the peripheral is on.  At suspend time we want to
> > keep the peripheral on but we can shut down the power to the
> > communication channel.
> >
> > One way you could do this is at suspend time:
> >   disable_irq()
> >   turn_off_comm_power()
> >   enable_irq_wake()
> >
> > You'd do the disable_irq() (AKA mask your interrupt) because you'd
> > really want to make sure that your handler isn't called after you
> > turned off the communication power.  You want to leave the interrupt
> > pending/masked until you are able to turn the communications channel
> > back on and then you can query why the wakeup happened.
>
> Ok.
>
> > Now, admittedly, you could redesign the above driver to work any
> > number of different ways.  Maybe you could use the "noirq" suspend to
> > turn off your comm power or maybe you could come up with another
> > solution.  However, since the above has always worked and is quite
> > simple I guess that's what drivers use?
>
> That comm power case is a reasonable argument for having that
> sequence. So we need to make sure that the underlying interrupt chips do
> the right thing.
>
> We have the following two cases:
>
> 1) irq chip does not have a irq_disable() callback and does not
>    have IRQ_DISABLE_UNLAZY set
>
>    In that case the interrupt is not masked at the hardware level. It's
>    just software state. If the interrupt fires while disabled it is
>    marked pending and actually masked at the hardware level.
>
>    Actually there is a race condition which is not handled:
>
>    disable_irq()
>    ...
>
>    interrupt fires
>       mask and mark pending
>
>    ....
>    suspend_device_irq()
>       if (wakeup source) {
>          set_state(WAKEUP ARMED);
>          return;
>       }
>
>    That pending interrupt will not prevent the machine from going into
>    suspend and if it's an edge interrupt then an unmask in
>    suspend_device_irq() won't help. Edge interrupts are not resent in
>    hardware. They are fire and forget from the POV of the device
>    hardware.

Ah, interesting.  I didn't think about this case exactly.  I might
have a fix for it anyway.  At some point in time I was thinking that
the world could be solved by relying on lazily-disabled interrupts and
I wrote up a patch to make sure that they woke things up.  If you're
willing to check out our gerrit you can look at:

https://crrev.com/c/2314693

...if not I can post it as a RFC for you.  I'm sure I've solved the
problem in a completely incorrect and broken way, but hopefully the
idea makes sense.  In discussion we decided not to go this way because
it looked like IRQ clients could request an IRQ with
IRQ_DISABLE_UNLAZY and then that'd break us.  :(  ...but even so I
think the patch is roughly right and would address your point #1.


> 2) irq chip has a irq_disable() callback or has IRQ_DISABLE_UNLAZY set
>
>    In that case disable_irq() will mask it at the hardware level and it
>    stays that way until enable_irq() is invoked.
>
> #1 kinda works and the gap is reasonably trivial to fix in
>    suspend_device_irq() by checking the pending state and telling the PM
>    core that there is a wakeup pending.
>
> #2 Needs an indication from the chip flags that an interrupt which is
>    masked has to be unmasked when it is a enabled wakeup source.
>
> I assume your problem is #2, right? If it's #1 then UNMASK_IF_WAKEUP is
> the wrong answer.

Right, the problem is #2.  We're not in the lazy mode.

-Doug

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ