2014-07-15 08:27:21

by Hyogi Gim

[permalink] [raw]
Subject: [PATCH] driver/rtc/class.c: check the error after rtc_read_time()

In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not
checked. If rtc device fail to read time, we cannot guarantee the following
process.

Add the verification code for returned rtc_read_time() error.

Signed-off-by: Hyogi Gim <[email protected]>
---
drivers/rtc/class.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/drivers/rtc/class.c b/drivers/rtc/class.c
index 589351e..38e26be 100644
--- a/drivers/rtc/class.c
+++ b/drivers/rtc/class.c
@@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev)
struct rtc_device *rtc = to_rtc_device(dev);
struct rtc_time tm;
struct timespec delta, delta_delta;
+ int err;

if (has_persistent_clock())
return 0;
@@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev)
return 0;

/* snapshot the current RTC and system time at suspend*/
- rtc_read_time(rtc, &tm);
+ err = rtc_read_time(rtc, &tm);
+ if (err < 0) {
+ pr_debug("%s: fail to read rtc time\n", dev_name(&rtc->dev));
+ return 0;
+ }
+
getnstimeofday(&old_system);
rtc_tm_to_time(&tm, &old_rtc.tv_sec);

@@ -94,6 +100,7 @@ static int rtc_resume(struct device *dev)
struct rtc_time tm;
struct timespec new_system, new_rtc;
struct timespec sleep_time;
+ int err;

if (has_persistent_clock())
return 0;
@@ -104,7 +111,12 @@ static int rtc_resume(struct device *dev)

/* snapshot the current rtc and system time at resume */
getnstimeofday(&new_system);
- rtc_read_time(rtc, &tm);
+ err = rtc_read_time(rtc, &tm);
+ if (err < 0) {
+ pr_debug("%s: fail to read rtc time\n", dev_name(&rtc->dev));
+ return 0;
+ }
+
if (rtc_valid_tm(&tm) != 0) {
pr_debug("%s: bogus resume time\n", dev_name(&rtc->dev));
return 0;
--
1.8.3.2


2014-07-23 21:56:36

by Andrew Morton

[permalink] [raw]
Subject: Re: [PATCH] driver/rtc/class.c: check the error after rtc_read_time()

On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <[email protected]> wrote:

> In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not
> checked. If rtc device fail to read time, we cannot guarantee the following
> process.
>
> Add the verification code for returned rtc_read_time() error.
>
> ...
>
> --- a/drivers/rtc/class.c
> +++ b/drivers/rtc/class.c
> @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev)
> struct rtc_device *rtc = to_rtc_device(dev);
> struct rtc_time tm;
> struct timespec delta, delta_delta;
> + int err;
>
> if (has_persistent_clock())
> return 0;
> @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev)
> return 0;
>
> /* snapshot the current RTC and system time at suspend*/
> - rtc_read_time(rtc, &tm);
> + err = rtc_read_time(rtc, &tm);
> + if (err < 0) {
> + pr_debug("%s: fail to read rtc time\n", dev_name(&rtc->dev));
> + return 0;
> + }

OK, it makes no sense to go ahead and set the system time from a
garbage rtc_time.

But I'm wondering if we should propagate the error back to the
rtc_suspend() caller. What does the PM core do if a particular
device's ->suspend or ->resume fails?

> getnstimeofday(&old_system);
> rtc_tm_to_time(&tm, &old_rtc.tv_sec);
>
> @@ -94,6 +100,7 @@ static int rtc_resume(struct device *dev)
> struct rtc_time tm;
> struct timespec new_system, new_rtc;
> struct timespec sleep_time;
> + int err;
>
> if (has_persistent_clock())
> return 0;
> @@ -104,7 +111,12 @@ static int rtc_resume(struct device *dev)
>
> /* snapshot the current rtc and system time at resume */
> getnstimeofday(&new_system);
> - rtc_read_time(rtc, &tm);
> + err = rtc_read_time(rtc, &tm);
> + if (err < 0) {
> + pr_debug("%s: fail to read rtc time\n", dev_name(&rtc->dev));
> + return 0;
> + }
> +
> if (rtc_valid_tm(&tm) != 0) {
> pr_debug("%s: bogus resume time\n", dev_name(&rtc->dev));
> return 0;

2014-07-23 23:29:33

by Rafael J. Wysocki

[permalink] [raw]
Subject: Re: [PATCH] driver/rtc/class.c: check the error after rtc_read_time()

On Wednesday, July 23, 2014 02:56:34 PM Andrew Morton wrote:
> On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <[email protected]> wrote:
>
> > In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not
> > checked. If rtc device fail to read time, we cannot guarantee the following
> > process.
> >
> > Add the verification code for returned rtc_read_time() error.
> >
> > ...
> >
> > --- a/drivers/rtc/class.c
> > +++ b/drivers/rtc/class.c
> > @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev)
> > struct rtc_device *rtc = to_rtc_device(dev);
> > struct rtc_time tm;
> > struct timespec delta, delta_delta;
> > + int err;
> >
> > if (has_persistent_clock())
> > return 0;
> > @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev)
> > return 0;
> >
> > /* snapshot the current RTC and system time at suspend*/
> > - rtc_read_time(rtc, &tm);
> > + err = rtc_read_time(rtc, &tm);
> > + if (err < 0) {
> > + pr_debug("%s: fail to read rtc time\n", dev_name(&rtc->dev));
> > + return 0;
> > + }
>
> OK, it makes no sense to go ahead and set the system time from a
> garbage rtc_time.
>
> But I'm wondering if we should propagate the error back to the
> rtc_suspend() caller. What does the PM core do if a particular
> device's ->suspend or ->resume fails?

It aborts the suspend.

Rafael

2014-07-23 23:31:19

by Rafael J. Wysocki

[permalink] [raw]
Subject: Re: [PATCH] driver/rtc/class.c: check the error after rtc_read_time()

On Thursday, July 24, 2014 01:47:57 AM Rafael J. Wysocki wrote:
> On Wednesday, July 23, 2014 02:56:34 PM Andrew Morton wrote:
> > On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <[email protected]> wrote:
> >
> > > In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not
> > > checked. If rtc device fail to read time, we cannot guarantee the following
> > > process.
> > >
> > > Add the verification code for returned rtc_read_time() error.
> > >
> > > ...
> > >
> > > --- a/drivers/rtc/class.c
> > > +++ b/drivers/rtc/class.c
> > > @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev)
> > > struct rtc_device *rtc = to_rtc_device(dev);
> > > struct rtc_time tm;
> > > struct timespec delta, delta_delta;
> > > + int err;
> > >
> > > if (has_persistent_clock())
> > > return 0;
> > > @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev)
> > > return 0;
> > >
> > > /* snapshot the current RTC and system time at suspend*/
> > > - rtc_read_time(rtc, &tm);
> > > + err = rtc_read_time(rtc, &tm);
> > > + if (err < 0) {
> > > + pr_debug("%s: fail to read rtc time\n", dev_name(&rtc->dev));
> > > + return 0;
> > > + }
> >
> > OK, it makes no sense to go ahead and set the system time from a
> > garbage rtc_time.
> >
> > But I'm wondering if we should propagate the error back to the
> > rtc_suspend() caller. What does the PM core do if a particular
> > device's ->suspend or ->resume fails?
>
> It aborts the suspend.

I mean, if ->suspend fails, the suspend is aborted.

If ->resume fails, on the other hand, we cannot do much more than logging
an error message.

Rafael

2014-07-24 00:17:14

by Andrew Morton

[permalink] [raw]
Subject: Re: [PATCH] driver/rtc/class.c: check the error after rtc_read_time()

On Thu, 24 Jul 2014 01:49:44 +0200 "Rafael J. Wysocki" <[email protected]> wrote:

> On Thursday, July 24, 2014 01:47:57 AM Rafael J. Wysocki wrote:
> > On Wednesday, July 23, 2014 02:56:34 PM Andrew Morton wrote:
> > > On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <[email protected]> wrote:
> > >
> > > > In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not
> > > > checked. If rtc device fail to read time, we cannot guarantee the following
> > > > process.
> > > >
> > > > Add the verification code for returned rtc_read_time() error.
> > > >
> > > > ...
> > > >
> > > > --- a/drivers/rtc/class.c
> > > > +++ b/drivers/rtc/class.c
> > > > @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev)
> > > > struct rtc_device *rtc = to_rtc_device(dev);
> > > > struct rtc_time tm;
> > > > struct timespec delta, delta_delta;
> > > > + int err;
> > > >
> > > > if (has_persistent_clock())
> > > > return 0;
> > > > @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev)
> > > > return 0;
> > > >
> > > > /* snapshot the current RTC and system time at suspend*/
> > > > - rtc_read_time(rtc, &tm);
> > > > + err = rtc_read_time(rtc, &tm);
> > > > + if (err < 0) {
> > > > + pr_debug("%s: fail to read rtc time\n", dev_name(&rtc->dev));
> > > > + return 0;
> > > > + }
> > >
> > > OK, it makes no sense to go ahead and set the system time from a
> > > garbage rtc_time.
> > >
> > > But I'm wondering if we should propagate the error back to the
> > > rtc_suspend() caller. What does the PM core do if a particular
> > > device's ->suspend or ->resume fails?
> >
> > It aborts the suspend.
>
> I mean, if ->suspend fails, the suspend is aborted.

So what should rtc do in this case? At present it pretends the read
succeeded. Either way, this doesn't seem to be the place to be making
such policy decisions..