Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp902483imm; Tue, 15 May 2018 10:48:35 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqBWQ+Dft0R7fH0Gh1135mSmYT2iaNZXlVbRItnrDdVel3jAfWwwGjuGARtWMK7fGFOdUZD X-Received: by 2002:a65:61a8:: with SMTP id i8-v6mr12716378pgv.381.1526406515622; Tue, 15 May 2018 10:48:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526406515; cv=none; d=google.com; s=arc-20160816; b=JPJHLrmFTn0Nbix0k1C6Xye94/nU+UM9TeAmufb5lWXASTzio80ZtmObYHNklQCSKI oZkqkNBhrWUC36HxhdMsLh8FgpmENAluC8MlAcJfoLhmQOY9o/qELUY5ErbjPp9fIwJv TayglDT9tdmBSpvNV4F/UORn2wbURWlgxIki/Z5V7+nfm6ujSAYs68+WY8lZhtuuCtvA okzfBXPJyHFl9c4r1nr5MGYDULKAF9oXwM5L443KKdYpoidch85hUKrjTWCErLf59vvB rZhoTmn2cZDV7YqcckEtmsgUIOgKv5icoxkxCBCgTAy95VWxrJQZN5q8qScOkZXSj9SE kGfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dmarc-filter:dkim-signature:dkim-signature :arc-authentication-results; bh=g2hPiRDg7pj/XgFFswH4jwRzYGU/8UU9/FJf4BZ3ePE=; b=04BM/VC6Ym2mEQXw3e1jOHXnwSdZpk51ZwC+lY0lbKq2ntZfDlxXUgxA94iWL5iT44 Ab+5lhJSdIeuvNqUazUvaE4Zcpb/5EBlsILvlBeML2XhsG7GTuO5B5YV2LhyJbL8+yMO j66UcqOJVnSkyFost36J8EE7yV7y3KF44+hp7NJue6tIoyKotS7zlk50Y5lZ2SRv0W6f RVD1EB5X3AxwZBLmOjdc+gGgJWF7f26FTWr5jY7AJv3UAat7Byrt/oAVMjF/5TSYdlON 17q58ybNpb3sJWDFe/+0U2JpJRA3/l0dKXovX3CD/J4IN1FaocPtJjsz1bfBtXLUYVzO r95g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=o59143al; dkim=pass header.i=@codeaurora.org header.s=default header.b=o59143al; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q137-v6si573788pfc.68.2018.05.15.10.48.20; Tue, 15 May 2018 10:48:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=o59143al; dkim=pass header.i=@codeaurora.org header.s=default header.b=o59143al; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753142AbeEORrk (ORCPT + 99 others); Tue, 15 May 2018 13:47:40 -0400 Received: from smtp.codeaurora.org ([198.145.29.96]:47008 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752749AbeEORri (ORCPT ); Tue, 15 May 2018 13:47:38 -0400 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id D32F860790; Tue, 15 May 2018 17:47:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1526406457; bh=IhtMYBmitqtX3pbx29mS0xcAtP8wFmt7OVpexO87poA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=o59143alAEjHrvc6CWDHX7wp56X78X8ZImkWWR7ch6bLlaq4ouO58Rauq05fhF5M9 jbhxLpfVce1y9caSzp/rR2K8ADNQZeqjQ7BTxrltU6KvJ8nMZHemkvhus9WM2dvIfy dz2DpJsiWWvMpjIuOMwuZkwW1C18cN+NytY3uvAs= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on pdx-caf-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=2.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.0 Received: from localhost (i-global254.qualcomm.com [199.106.103.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: ilina@smtp.codeaurora.org) by smtp.codeaurora.org (Postfix) with ESMTPSA id 03A60603D2; Tue, 15 May 2018 17:47:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1526406457; bh=IhtMYBmitqtX3pbx29mS0xcAtP8wFmt7OVpexO87poA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=o59143alAEjHrvc6CWDHX7wp56X78X8ZImkWWR7ch6bLlaq4ouO58Rauq05fhF5M9 jbhxLpfVce1y9caSzp/rR2K8ADNQZeqjQ7BTxrltU6KvJ8nMZHemkvhus9WM2dvIfy dz2DpJsiWWvMpjIuOMwuZkwW1C18cN+NytY3uvAs= DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 03A60603D2 Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=ilina@codeaurora.org Date: Tue, 15 May 2018 11:47:36 -0600 From: Lina Iyer To: Doug Anderson Cc: Andy Gross , David Brown , linux-arm-msm@vger.kernel.org, "open list:ARM/QUALCOMM SUPPORT" , Rajendra Nayak , Bjorn Andersson , LKML , Stephen Boyd , Evan Green , Matthias Kaehlcke , rplsssn@codeaurora.org Subject: Re: [PATCH v8 04/10] drivers: qcom: rpmh: add RPMH helper functions Message-ID: <20180515174736.GB28489@codeaurora.org> References: <20180509170159.29682-1-ilina@codeaurora.org> <20180509170159.29682-5-ilina@codeaurora.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.5 (2018-04-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 11 2018 at 14:17 -0600, Doug Anderson wrote: >Hi, > >On Wed, May 9, 2018 at 10:01 AM, Lina Iyer wrote: >> +int rpmh_write(const struct device *dev, enum rpmh_state state, >> + const struct tcs_cmd *cmd, u32 n) >> +{ >> + DECLARE_COMPLETION_ONSTACK(compl); >> + DEFINE_RPMH_MSG_ONSTACK(dev, state, &compl, rpm_msg); >> + int ret; >> + >> + if (!cmd || !n || n > MAX_RPMH_PAYLOAD) >> + return -EINVAL; >> + >> + memcpy(rpm_msg.cmd, cmd, n * sizeof(*cmd)); >> + rpm_msg.msg.num_cmds = n; >> + >> + ret = __rpmh_write(dev, state, &rpm_msg); >> + if (ret) >> + return ret; >> + >> + ret = wait_for_completion_timeout(&compl, RPMH_TIMEOUT_MS); > >IMO it's almost never a good idea to use wait_for_completion_timeout() >together with a completion that's declared on the stack. If you >somehow insist that this is a good idea then I need to see incredibly >clear and obvious code/comments that say why it's impossible that the >process might somehow try to signal the completion _after_ >RPMH_TIMEOUT_MS has expired. > >Specifically if the timeout happens but the process could still signal >a completion later then they will access random data on the stack of a >function that has already returned. This causes ridiculously >difficult-to-debug crashes. > > >NOTE: You've got timeout set to 10 seconds here. Is that really even >useful? IMO just call wait_for_completion() without a timeout. It's >much better to have a nice clean hang than a random stack corruption. > > The 10 sec timeout will guarantee that we will not get a response at all anymore for the request. Usually requests can be considered failed if there is no response in a few tens of microseconds. 10 sec is just an arbitarily large number. The reason we use timeout is that once the timeout happens, we know we have failed, we could trigger a watchdog or crash the system. This is very important for our productization in debugging RPMH failures. A hang would not always trigger a watchdog and the failure would be silent and possibly fatal but hard to debug. -- Lina