| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e5cdcce2-98b6-ac4e-7e21-0bd73c7e9dfe@gmail.com>
Date: Fri, 8 Sep 2023 09:24:27 +0300
From: Matti Vaittinen <mazziesaccount@...il.com>
To: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc: Matti Vaittinen <matti.vaittinen@...rohmeurope.com>,
Jonathan Cameron <jic23@...nel.org>,
Lars-Peter Clausen <lars@...afoo.de>,
Rob Herring <robh+dt@...nel.org>,
Krzysztof Kozlowski <krzysztof.kozlowski+dt@...aro.org>,
Conor Dooley <conor+dt@...nel.org>,
Angel Iglesias <ang.iglesiasg@...il.com>,
Andreas Klinger <ak@...klinger.de>, linux-iio@...r.kernel.org,
devicetree@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/3] iio: pressure: Support ROHM BU1390
On 9/7/23 16:57, Andy Shevchenko wrote:
> On Thu, Sep 07, 2023 at 08:57:17AM +0300, Matti Vaittinen wrote:
>> On 9/6/23 18:48, Andy Shevchenko wrote:
>>> On Wed, Sep 06, 2023 at 03:37:48PM +0300, Matti Vaittinen wrote:
>
> ...
>
>>>> +struct bm1390_data {
>>>> + int64_t timestamp, old_timestamp;
>>>
>>> Out of a sudden int64_t instead of u64?
>>
>> Judging the iio_push_to_buffers_with_timestamp() and iio_get_time_ns(), IIO
>> operates with signed timestamps. One being s64, the other int64_t.
>>
>>>> + struct iio_trigger *trig;
>>>> + struct regmap *regmap;
>>>> + struct device *dev;
>>>> + struct bm1390_data_buf buf;
>>>> + int irq;
>>>> + unsigned int state;
>>>> + bool trigger_enabled;
>>>
>>>> + u8 watermark;
>>>
>>> Or u8 instead of uint8_t?
>>
>> So, uint8_t is preferred? I don't really care all that much which of these
>> to use - which may even show up as a lack of consistency... I think I did
>> use uint8_t when I learned about it - but at some point someone somewhere
>> asked me to use u8 instead.. This somewhere might have been u-boot though...
>>
>> So, are you Suggesting I should replace u8 with uint8_t? Can do if it
>> matters.
>
> Consistency matters, since I do not know the intention behind, I suggest use
> either, but be consistent in the entire code. However, uXX are specific Linux
> kernel internal types and some maintainers prefer them. Also you may grep for
> the frequency of intXX_t vs. sXX or their unsigned counterparts.
>
>>>> + /* Prevent accessing sensor during FIFO read sequence */
>>>> + struct mutex mutex;
>>>> +};
>
> ...
>
>>>> +static int bm1390_read_temp(struct bm1390_data *data, int *temp)
>>>> +{
>>>> + u8 temp_reg[2] __aligned(2);
>>>
>>> Why?! Just use proper bitwise type.
>>
>> What is the proper bitwise type in this case?
>>
>> I'll explain my reasoning:
>> What we really have in hardware (BM1390) and read from it is 8bit registers.
>> This is u8 to me. And as we read two consecutive registers, we use u8
>> arr[2]. In my eyes it describes the data perfectly well, right?
>
> Two different registers?! Why bulk is used in that case?
> To me looks like you are reading 16-bit (or one that fits in 16-bit) register
> in BE notation.
As I wrote, it is two 8 bit registers at consecutive addresses. And this
is what u8 arr[2]; also says.
Bulk read is mandatory as HW has a special feature of preventing the
update of these registers when a read is ongoing. If we do two reads we
risk of getting one of the registers updated between the accesses -
resulting incorrect value.
>
>>>> + __be16 *temp_raw;
>>>> + int ret;
>>>> + s16 val;
>>>> + bool negative;
>>>> +
>>>> + ret = regmap_bulk_read(data->regmap, BM1390_REG_TEMP_HI, &temp_reg,
>>>> + sizeof(temp_reg));
>>>> + if (ret)
>>>> + return ret;
>>>> +
>>>> + if (temp_reg[0] & 0x80)
>>>> + negative = true;
>>>> + else
>>>> + negative = false;
>>>
>>>> + temp_raw = (__be16 *)&temp_reg[0];
>>>
>>> Heck no. Make temp_reg be properly typed.
>>
>> As I explained above, to me it seems ur arr[2} is _the_ proper type to
>> represent data we read from the device.
>>
>> What we need to do is to convert the 16bits of data to an integer we can
>> give to the rest of the system. And, we happen to know how to 'manipulate'
>> the data to get it in format of understandable integer. As we have these 16
>> bits in memory, aligned to 2 byte boundary - why shouldn't we just
>> 'manipulate' the data and say - here we have your integer, please be my
>> guest and use it?
>
> Because it smell like a hack and is a hack here.
> Either it's a single BE16 register, or it's two different registers that by
> very unknown reason you are reading in a bulk.
It is two registers. The bulk read might warrant a comment - although I
believe this is nothing unusual. If it is a hack or not is an opinion.
To me it looks like a code that explicitly shows what data is and how it
is being handled. It does what it is supposed to do and shows it in all
dirty details.
Still, I am open to suggestions but I'd prefer seeing a real improvement
instead of claiming that the hardware is something it is not (eg, having
16bit registers or should be read by individual accesses).
The code in this form is no
> go.
>
>> Well, I am keen to learn the 'correct bitwise type' you talk about - can you
>> please explain me what this correct type for two 8bit integers is? Maybe I
>> can improve.
>
> If the registers are not of the same nature the bulk access is wrong.
> Use one by one reads.
Of same nature? As I said, there is 2 8bit registers at consecutive
addresses. They have no other 'nature' as far as I can tell.
Data in these registers in not in standard format - it needs to be
manipulated to make it an ordinary integer. The code shows this very
clearly by not reading it in any standard integer.
> ...
>
>>>> +static int bm1390_pressure_read(struct bm1390_data *data, u32 *pressure)
>>>> +{
>>>> + int ret;
>>>> + u8 raw[3];
>>>> +
>>>> + ret = regmap_bulk_read(data->regmap, BM1390_REG_PRESSURE_BASE,
>>>> + &raw[0], sizeof(raw));
>
> &raw[0] --> raw
>
>>>> + if (ret < 0)
>>>> + return ret;
>>>> +
>>>> + *pressure = (u32)(raw[2] >> 2 | raw[1] << 6 | raw[0] << 14);
>
> This, btw, looks like le24, but I'm puzzled with right shift.
> I need to read datasheet carefully to understand this.
It's not just le24. We, again, have data placed in registers so that it
needs some suffling. The data-sheet does decent job explaining it
though. AFAIR, there was a 'gap' in bits so it needed some more suffling
to sift the bits so that they're consecutive. I think this indeed is
something that needs to be looked up from data-sheet to understand why
this play with bits is done.
> ...
>
>>>> + mutex_lock(&data->mutex);
>>>
>>> Wouldn't you like to start using cleanup.h?
>>
>> The new macro "thingee" for C++ destructor like constructs?
>
> I was talking about these: guard() / scoped_guard().
Right, this was a bit more precise than "The new macro thingee", thanks
:) This, however is what I was referring to so what I wrote below still
applies :)
>
>> TBH, I am not really in a rush with it for two reasons.
>> 1) The syntax looks very alien to me. I would like to get some time to get
>> used to it before voluntarily ending up maintaining a code using it. (I
>> don't like practicing things upstream as practicing tends to include making
>> more errors).
>>
>> 2. Related to 1). I am not (yet) convinced incorporating changes in stuff
>> using these cleanups is easy. I'm a bit reserved and would like to see how
>> things play out.
>>
>> 3. I expect I will get a few requests to backport the code to some older
>> kernels used by some big customers. (I've been doing plenty of extra work
>> when backporting my kernel improvements like regmap_irq stuff, linear
>> ranges, regulator pickable ranges, gts-helpers to customer kernels to get my
>> drivers working - or working around the lack of thiose features. I have been
>> willing to pay this prize to get those helpers upstream for everyone to use.
>> The cleanup.h however is there so it does not _need_ new users. I don't
>> think _all_ existing drivers will be converted to use it so one more should
>> probably not hurt. I think that in a year at least some customers will be
>> using kernel containing the cleanup.h - so by latest then it is time for me
>> to jump on that train. I hope I am used to reading those macros by then).
>
> OK.
>
> ...
>
>>>> + case IIO_CHAN_INFO_SCALE:
>>>> + if (chan->type == IIO_TEMP) {
>>>> + *val = 31;
>>>> + *val2 = 250000;
>>>> +
>>>> + return IIO_VAL_INT_PLUS_MICRO;
>>>> + } else if (chan->type == IIO_PRESSURE) {
>>>> + *val = 0;
>>>> + /*
>>>> + * pressure in hPa is register value divided by 2048.
>>>> + * This means kPa is 1/20480 times the register value,
>>>> + * which equals to 48828.125 * 10 ^ -9
>>>> + * This is 48828.125 nano kPa.
>>>> + *
>>>> + * When we scale this using IIO_VAL_INT_PLUS_NANO we
>>>> + * get 48828 - which means we lose some accuracy. Well,
>>>> + * let's try to live with that.
>>>> + */
>>>> + *val2 = 48828;
>>>> +
>>>> + return IIO_VAL_INT_PLUS_NANO;
>>>> + }
>>>> +
>>>> + return -EINVAL;
>>>
>>> Why not switch-case like other drivers do?
>>
>> In my eyes avoiding the very simple if - else if does not warrant nested
>> switches which look ugly to me.
>
> Okay, yet another disagreement.
>
Yes, we have a few :) Luckily most are more on a styling side of things.
I do still appreciate you reviewing the patches as I think I do agree
with most of your suggestions - and having an extra pair of eyes looking
at the code never hurts :)
> ...
>
>>>> + smp_lvl = FIELD_GET(BM1390_MASK_FIFO_LVL, smp_lvl);
>>>
>>>> +
>>>
>>> Unneeded blank line.
>>>
>>>> + if (smp_lvl > 4) {
>>>> + /*
>>>> + * Valid values should be 0, 1, 2, 3, 4 - rest are probably
>>>> + * bit errors in I2C line. Don't overflow if this happens.
>>>> + */
>>>> + dev_err(data->dev, "bad FIFO level %d\n", smp_lvl);
>>>> + smp_lvl = 4;
>>>> + }
>>>
>>>> + if (!smp_lvl)
>>>> + return ret;
>>>
>>> This can be checked first as it's and error condition
>>
>> I wouldn't say it is an error condition.
>
> Returning ret suggests otherwise.
Yes. I agree.
>
>> It just means there was no samples
>> collected in buffer.
>
> But as you explained below, the code is actually 0 there.
> In any case bailing out conditionals are better to be first.
Kind of agree. Or by very least it should be else if. But as you said,
early return is probably better here, thanks.
>
>> and previous branch has
>>> no side effects on this. Also, wouldn't be better to use error code explicitly?
>>
>> Yes. For the clarity we definitely should explicitly do "return 0" here.
>> Thanks.
>
--
Matti Vaittinen
Linux kernel developer at ROHM Semiconductors
Oulu Finland
~~ When things go utterly wrong vim users can always type :help! ~~
Powered by blists - more mailing lists