Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp941693imm; Tue, 15 May 2018 11:23:25 -0700 (PDT) X-Google-Smtp-Source: AB8JxZphJxW3qE7sHx+y3xnXp/6BUv9wRIWDcrkfPcw2t8IBPokONAGoL1b6zox1OHX0SWwC/eUX X-Received: by 2002:a17:902:24b:: with SMTP id 69-v6mr1409658plc.54.1526408605680; Tue, 15 May 2018 11:23:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526408605; cv=none; d=google.com; s=arc-20160816; b=VskpYBtTRIchr1mFmBcper3aVV7ks40IlStXG3Au3ctAQ3JBeCuKAbbM44m7YmqyuM DevfXPEUpgVu/hkGVuuodG/jWPQt0POSJ3fAV87mSl1U3KaYp6dLV37D8Qz186IpE8XE wdxr7Mn4peQthak7q7muQ7bbxZp09s6QZMwgUfMW3JSkWxYd+f6jJQAzDHxNjhKblULa yv3coXKbv8Q3wcGdaLVMlKyUPCvly8DX7eeGqdTQxPKKNxxH/Hln5rY9C2pgA/6KT9bK xxoxQz/ybF4YiEoU+2PnEjkmMwlDanQJcxDpSmVHi9556T2LnbU4ia/snzYZLq/3sa0w G2QA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=jZpYjGuiaSCAkPZ/R0LsY8j5NuqIde5Wkb69ygZag1o=; b=BTBtduPRShcsEvBh7LYyH92Ko6peHB3c4UsGNPTZOyVMb2R4rHWj0wrDqGsfvvvtpB lPeMDZ7wa+4ealcfmgWgYprGm0bZjMQ9wOuImUYO8rmcHKSYcTYStcCNgp4089qJ0jKg Glc75wneCc/U6ls4T/9RPNdbFCvBxKDb+8lHdu+Zu7sXI3kp9ZtfNlLHu8JKKJDKzCy9 Xv9kbH7r3b8qt/UWw02y7GPx/TKokEm4DB/U2gNJF0oV8krZUN8FO+Zniq+6IOH/TWTi I2zkBiNPOv6B6W5b8+aAMAZW4TPEndB1rpBwxhFU6tt0u72VTR/WIpCldR4S1GfLvR5/ bXmg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=sLRmLwgQ; dkim=fail header.i=@chromium.org header.s=google header.b=DCdBtRt8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g3-v6si478113pgc.251.2018.05.15.11.23.11; Tue, 15 May 2018 11:23:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=sLRmLwgQ; dkim=fail header.i=@chromium.org header.s=google header.b=DCdBtRt8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753995AbeEOSW3 (ORCPT + 99 others); Tue, 15 May 2018 14:22:29 -0400 Received: from mail-ua0-f195.google.com ([209.85.217.195]:37011 "EHLO mail-ua0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753913AbeEOSW0 (ORCPT ); Tue, 15 May 2018 14:22:26 -0400 Received: by mail-ua0-f195.google.com with SMTP id i3-v6so794597uad.4 for ; Tue, 15 May 2018 11:22:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=jZpYjGuiaSCAkPZ/R0LsY8j5NuqIde5Wkb69ygZag1o=; b=sLRmLwgQVMOtTOCCbPg98QxLMbXxJ8wOj/9dxboDZOS8JyiHEJkmuAv1L7EAwym53V MsOVVCE4KJMCJiUWpUDCf+PgqvarJ/2bFWhJiVJQ6ogcqf90NckY5rroRaxWATw2MUhi jW+Nnm6HPmRvOOd09M8AId5iytgXyoW5rNARBiGT+v7RHHAzZOrjdgduN1BDYB0T59cd habqaShVXl0/o+hYvO1FwGwyjo/m9gJKzK9qballVyDib1QFbLEPFt3BAVrYfSI1CF47 wUs745V5MsrmJv4VqnFcdUk91D4x7bT65N/x808ele9qDjpNCnIfnI0j3afAdwWKHNSy YJNg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=jZpYjGuiaSCAkPZ/R0LsY8j5NuqIde5Wkb69ygZag1o=; b=DCdBtRt85oppUW6QC1wvha5yBbORuu7esh2MJtPQb2k/6T8p5z1awGAeWKQ5bY9J9Y aPnbeEg8OnxdIXJkNmRh2jBd+pAzJ8qkfA9Nar0oe5Fems4gy8M7fZGg9y/HxdRlqU4m 2oBIDriYqb8vqvTTbPfwk1J5/1UkpON456N3E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=jZpYjGuiaSCAkPZ/R0LsY8j5NuqIde5Wkb69ygZag1o=; b=QxomhhGOshq6W6I21g3cdl5qW+brtUD+5SUwBNL+ckeTHfshtgPsVBpvaM5ytVC4xE 9Bmmrhf07avoEu7s2LELOrKy+eMzmf2EZ3NrmEWXInbsgU3vl0jxKOX58xX3iS6MN5ng 3dfyf/xOTllxwtkfFv5aO31AB1/f1LR6HQjWdN0UQthpvKWCAG6dbUwi1doQ6wBidAhI 4I/SpVVRQtWJ7XhhxEMH6JcmlRrqGN/ht9b0zSJmPxlBOer8elXgIb6ML5ShYHrEpUDj /toEAFqBbpc0ymorwsAAyMPq4stVK8Hl35MtglhL8yrc3UxCnaE3Bw8Jzo3htc5lRzUz 9rVg== X-Gm-Message-State: ALKqPwfbrj5Q7rpauuN3Pu0Ijq9PLYSouChQQG1YyWRxJLkXgJXiA9fA LqizXQP++SevFHcl2OrhMGmloxOCM/9TC2ZvasWTjw== X-Received: by 2002:ab0:5a72:: with SMTP id m47-v6mr16311487uad.37.1526408544875; Tue, 15 May 2018 11:22:24 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.48.82 with HTTP; Tue, 15 May 2018 11:22:23 -0700 (PDT) In-Reply-To: <20180515174736.GB28489@codeaurora.org> References: <20180509170159.29682-1-ilina@codeaurora.org> <20180509170159.29682-5-ilina@codeaurora.org> <20180515174736.GB28489@codeaurora.org> From: Doug Anderson Date: Tue, 15 May 2018 11:22:23 -0700 X-Google-Sender-Auth: zJ2vnEygaWazUiMLlFQzyLjFgIw Message-ID: Subject: Re: [PATCH v8 04/10] drivers: qcom: rpmh: add RPMH helper functions To: Lina Iyer Cc: Andy Gross , David Brown , linux-arm-msm@vger.kernel.org, "open list:ARM/QUALCOMM SUPPORT" , Rajendra Nayak , Bjorn Andersson , LKML , Stephen Boyd , Evan Green , Matthias Kaehlcke , rplsssn@codeaurora.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On Tue, May 15, 2018 at 10:47 AM, Lina Iyer wrote: > On Fri, May 11 2018 at 14:17 -0600, Doug Anderson wrote: >> >> Hi, >> >> On Wed, May 9, 2018 at 10:01 AM, Lina Iyer wrote: >>> >>> +int rpmh_write(const struct device *dev, enum rpmh_state state, >>> + const struct tcs_cmd *cmd, u32 n) >>> +{ >>> + DECLARE_COMPLETION_ONSTACK(compl); >>> + DEFINE_RPMH_MSG_ONSTACK(dev, state, &compl, rpm_msg); >>> + int ret; >>> + >>> + if (!cmd || !n || n > MAX_RPMH_PAYLOAD) >>> + return -EINVAL; >>> + >>> + memcpy(rpm_msg.cmd, cmd, n * sizeof(*cmd)); >>> + rpm_msg.msg.num_cmds = n; >>> + >>> + ret = __rpmh_write(dev, state, &rpm_msg); >>> + if (ret) >>> + return ret; >>> + >>> + ret = wait_for_completion_timeout(&compl, RPMH_TIMEOUT_MS); >> >> >> IMO it's almost never a good idea to use wait_for_completion_timeout() >> together with a completion that's declared on the stack. If you >> somehow insist that this is a good idea then I need to see incredibly >> clear and obvious code/comments that say why it's impossible that the >> process might somehow try to signal the completion _after_ >> RPMH_TIMEOUT_MS has expired. >> >> Specifically if the timeout happens but the process could still signal >> a completion later then they will access random data on the stack of a >> function that has already returned. This causes ridiculously >> difficult-to-debug crashes. >> >> >> NOTE: You've got timeout set to 10 seconds here. Is that really even >> useful? IMO just call wait_for_completion() without a timeout. It's >> much better to have a nice clean hang than a random stack corruption. >> >> > The 10 sec timeout will guarantee that we will not get a response at all > anymore for the request. Usually requests can be considered failed if > there is no response in a few tens of microseconds. 10 sec is just an > arbitarily large number. > > The reason we use timeout is that once the timeout happens, we know we > have failed, we could trigger a watchdog or crash the system. This is > very important for our productization in debugging RPMH failures. A > hang would not always trigger a watchdog and the failure would be silent > and possibly fatal but hard to debug. If you intend the system to crash when this timeout happens then IMHO add a BUG_ON. Then I won't worry about something coming around later and clobbering the stack. -Doug