lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 29 Apr 2021 17:17:13 +0200
From:   Johan Hovold <johan@...nel.org>
To:     Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
Cc:     Shawn Tu <shawnx.tu@...el.com>,
        Ricardo Ribalda <ribalda@...nel.org>,
        Dafna Hirschfeld <dafna.hirschfeld@...labora.com>,
        Heiko Stuebner <heiko@...ech.de>, linuxarm@...wei.com,
        Todor Tomov <todor.too@...il.com>,
        Bjorn Andersson <bjorn.andersson@...aro.org>,
        Andrzej Hajda <a.hajda@...sung.com>,
        "Lad, Prabhakar" <prabhakar.csengg@...il.com>,
        Thierry Reding <thierry.reding@...il.com>,
        Pengutronix Kernel Team <kernel@...gutronix.de>,
        Dmitry Osipenko <digetx@...il.com>,
        linux-stm32@...md-mailman.stormreply.com,
        Andrzej Pietrasiewicz <andrzejtp2010@...il.com>,
        Leon Luo <leonl@...pardimaging.com>,
        Paul Kocialkowski <paul.kocialkowski@...tlin.com>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        Dave Stevenson <dave.stevenson@...pberrypi.com>,
        Matt Ranostay <matt.ranostay@...sulko.com>,
        Krzysztof Kozlowski <krzk@...nel.org>,
        Jonathan Hunter <jonathanh@...dia.com>,
        linux-rockchip@...ts.infradead.org, Chen-Yu Tsai <wens@...e.org>,
        Andy Gross <agross@...nel.org>,
        Matthias Brugger <matthias.bgg@...il.com>,
        Dongchun Zhu <dongchun.zhu@...iatek.com>,
        Sakari Ailus <sakari.ailus@...ux.intel.com>,
        Bingbu Cao <bingbu.cao@...el.com>,
        Marek Szyprowski <m.szyprowski@...sung.com>,
        Shunqian Zheng <zhengsq@...k-chips.com>,
        Tianshu Qiu <tian.shu.qiu@...el.com>,
        NXP Linux Team <linux-imx@....com>,
        Philipp Zabel <p.zabel@...gutronix.de>,
        devel@...verdev.osuosl.org, Jacopo Mondi <jacopo@...ndi.org>,
        Sylwester Nawrocki <s.nawrocki@...sung.com>,
        linux-tegra@...r.kernel.org,
        Alexandre Torgue <alexandre.torgue@...com>,
        Wenyou Yang <wenyou.yang@...rochip.com>,
        Manivannan Sadhasivam <mani@...nel.org>,
        linux-arm-msm@...r.kernel.org,
        Sascha Hauer <s.hauer@...gutronix.de>,
        Steve Longerbeam <slongerbeam@...il.com>,
        linux-media@...r.kernel.org, Maxime Ripard <mripard@...nel.org>,
        Stanimir Varbanov <stanimir.varbanov@...aro.org>,
        Benoit Parrot <bparrot@...com>,
        Helen Koike <helen.koike@...labora.com>,
        linux-samsung-soc@...r.kernel.org,
        linux-mediatek@...ts.infradead.org,
        Jacek Anaszewski <jacek.anaszewski@...il.com>,
        mauro.chehab@...wei.com,
        Sylwester Nawrocki <sylvester.nawrocki@...il.com>,
        "Paul J. Murphy" <paul.j.murphy@...el.com>,
        Ezequiel Garcia <ezequiel@...labora.com>,
        Daniele Alessandrelli <daniele.alessandrelli@...el.com>,
        Chiranjeevi Rapolu <chiranjeevi.rapolu@...el.com>,
        linux-arm-kernel@...ts.infradead.org,
        Jacob Chen <jacob-chen@...wrt.com>,
        Jernej Skrabec <jernej.skrabec@...l.net>,
        Hyungwoo Yang <hyungwoo.yang@...el.com>,
        linux-kernel@...r.kernel.org, Robert Foss <robert.foss@...aro.org>,
        Dan Scally <djrscally@...il.com>,
        Sowjanya Komatineni <skomatineni@...dia.com>,
        Maxime Coquelin <mcoquelin.stm32@...il.com>,
        linux-renesas-soc@...r.kernel.org, Yong Zhi <yong.zhi@...el.com>,
        Shawn Guo <shawnguo@...nel.org>
Subject: Re: [PATCH v4 00/79] Address some issues with PM runtime at media
 subsystem

On Thu, Apr 29, 2021 at 12:18:16PM +0200, Mauro Carvalho Chehab wrote:
> Em Wed, 28 Apr 2021 17:50:08 +0200
> Johan Hovold <johan@...nel.org> escreveu:
> 
> > On Wed, Apr 28, 2021 at 04:51:21PM +0200, Mauro Carvalho Chehab wrote:
> 
> > > 1. despite its name, this is actually a PM runtime resume call,
> > >    but some developers didn't seem to realize that, as I got this
> > >    pattern on some drivers:
> > > 
> > >         pm_runtime_get_sync(&client->dev);
> > >         pm_runtime_disable(&client->dev);
> > >         pm_runtime_set_suspended(&client->dev);
> > >         pm_runtime_put_noidle(&client->dev);
> > > 
> > >    It makes no sense to resume PM just to suspend it again ;-)  
> > 
> > This is perfectly alright. Take a look at ov7740_remove() for example:
> > 
> > 	pm_runtime_get_sync(&client->dev);
> > 	pm_runtime_disable(&client->dev);
> > 	pm_runtime_set_suspended(&client->dev);
> > 	pm_runtime_put_noidle(&client->dev);
> > 	
> > 	ov7740_set_power(ov7740, 0);
> > 
> > There's an explicit power-off after balancing the PM count and this will
> > work regardless of the power state when entering this function.
> 
> Ok, but this should equally work:
> 
>  	pm_runtime_disable(&client->dev);
>  	pm_runtime_set_suspended(&client->dev);
>  	
>  	ov7740_set_power(ov7740, 0);
> 
> as there's no additional cleanup made on this particular driver
> between pm_runtime_get_sync() and pm_runtime_put_noidle().

No, that would break the driver as I pointed out to you yesterday:

	https://lore.kernel.org/r/YImG1klSPkFSaS3a@hovoldconsulting.com

If the device is already suspended when remove is called then you'll
end up with an unbalanced call to ov7740_set_power() that will try to
disable an already disabled clock.

> > So this has nothing to do with pm_runtime_get_sync() per se.
> 
> Yes, but some patches on this series are cleaning up the driver release
> logic.

You mentioned this example as an argument against using
pm_runtime_get_sync(), which I don't think makes sense.

> > > 2. Usual *_get() methods only increment their use count on success,
> > >    but pm_runtime_get_sync() increments it unconditionally. Due to
> > >    that, several drivers were mistakenly not calling
> > >    pm_runtime_put_noidle() when it fails;  
> > 
> > Sure, but pm_runtime_get_async() also works this way. You just won't be
> > notified if the async resume fails.
> 
> Granted, it makes sense along the pm_runtime kAPI.
> 
> It is inconsistent with the behavior of kobject_get*() and other
> *_get*() methods that are based or inspired on it, as, on those, the
> operations are atomic: either everything succeeds and it doesn't return
> an error, or the usage counter is not incremented and the object
> state doesn't change after the call.

Right, and I'm aware that some people have overlooked this. But its not
the end of the world since hardly any driver can handle resume failures
properly anyway. 

This is mostly just an exercise to shut up static checkers.

> > > 3. The name of the new variant is a lot clearer:
> > > 	pm_runtime_resume_and_get()
> > >     As its same clearly says that this is a PM runtime resume function,
> > >     that also increments the usage counter on success;  
> > 
> > It also introduced an inconsistency in the API and does not pair as well
> > with the pm_runtime_put variants.
> 
> Agreed. A name that would be more consistent with PM runtime would
> probably be:
> 
> 	pm_runtime_resume_if_get()

Naw, since the get part always succeeds.

It should start with pm_runtime_get, but pm_runtime_get_sync() is
unfortunately taken.

> as there are already:
> 
> 	pm_runtime_get_if_in_use()
> 	pm_runtime_get_if_active()
> 
> But any such discussions are out of the scope of this patchset ;-)

Right.

> > > 4. Consistency: we did similar changes subsystem wide with
> > >    for instance strlcpy() and strcpy() that got replaced by
> > >    strscpy(). Having all drivers using the same known-to-be-safe
> > >    methods is a good thing;  
> > 
> > It's not known to be safe; there are ways to get also this interface
> > wrong as for example this series has shown.
> 
> Very true. Yet, it is a lot simpler to use functions that won't change
> the state of the objects when returning an error, as this is by far
> the most common pattern within the Kernel.

A resume failure does change the state (and needs to be recovered from),
but I get what you're saying.

> Human brains are trained to identify certain patterns. When there's
> something using a similar pattern, but with a different behavior, 
> our brains are more subject to fail identifying problems.

Sure. But I'm not sure that having two interfaces with different
semantics to do the job is doing us any favours here. But again, that
discussion has already been had.

And I realise that this is partly also your motive here (even if the old
interface isn't going to go away).

> > > compile-tested only.
> > > Patches 1 to 7 fix some issues that already exists at the current
> > > PM runtime code;
> > > 
> > > patches 8 to 20 fix some usage_count problems that still exists
> > > at the media subsystem;
> > > 
> > > patches 21 to 78 repaces pm_runtime_get_sync() by 
> > > pm_runtime_resume_and_get();
> > > 
> > > Patch 79 (and a hunk on patch 78) documents the two exceptions
> > > where pm_runtime_get_sync() will still be used for now.

80 patches in one series (posted to lkml) is a bit excessive. Perhaps
you can break it up in a fixes part and one or more cleanups parts?

Johan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ